| blob | 55e1c70a36432dc2e085b7f0d6005eaa02ca7818 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
26 /*
27 * Key Management Functions
28 * (as defined in PKCS#11 spec section 11.14)
29 */
34 /*
35 * meta_GenerateKey
36 *
37 */
38 CK_RV
41 {
42 CK_RV rv;
67 finish:
71 }
76 }
79 /*
80 * meta_GenerateKeyPair
81 *
82 */
83 CK_RV
88 {
89 CK_RV rv;
121 finish:
127 }
132 }
135 /*
136 * meta_WrapKey
137 *
138 */
139 CK_RV
143 {
144 CK_RV rv;
159 }
166 }
171 finish:
177 }
180 /*
181 * meta_UnwrapKey
182 *
183 */
184 CK_RV
189 {
190 CK_RV rv;
205 }
224 finish:
228 }
234 }
237 /*
238 * meta_DeriveKey
239 *
240 * This function is a bit gross because of PKCS#11 kludges that pass extra
241 * object handles in some mechanism parameters. It probably needs to be
242 * broken up into more managable pieces.
243 */
244 CK_RV
248 {
249 CK_RV rv;
258 CK_MECHANISM metaMech;
267 }
269 /*
270 * Special case: Normally, the caller must always provide storage
271 * for the derived key handle at phKey. Two (related) mechanisms
272 * are special, in that multiple keys are instead returned via
273 * pMech->pParameter. In these cases the spec says (see 12.38.4
274 * and 12.39.4) that phKey should be a NULL pointer, as it is not used.
275 */
299 };
310 /*
311 * A few oddball mechanisms pass a 2nd object handle in the parameters.
312 * Here we validate that handle, and create a duplicate copy of the
313 * mechanism and parameters. This is done because the application
314 * does not expect these values to be changing, and could be using the
315 * same data in multiple threads (eg concurrent calls to C_DeriveKey).
316 * We copy the data to make sure there are no MT-Safe problems.
317 */
321 /* uses CK_ECDH2_DERIVE_PARAMS struct as the parameter */
327 }
329 /* Duplicate the mechanism and paramaters */
336 /* Get the key the application is providing */
342 /* both use CK_X9_42_DH2_DERIVE_PARAMS as the parameter */
348 }
350 /* Duplicate the mechanism and paramaters */
357 /* Get the key the application is providing */
362 /* uses a CK_OBJECT_HANDLE as the parameter */
368 }
370 /* Duplicate the mechanism and paramaters */
374 /* Get the key the application is providing */
379 /* nothing special to do. */
381 }
387 }
389 /*
390 * Allocate meta objects to store the derived key(s). Normally just
391 * a single key is created, but the SSL/TLS mechanisms generate four.
392 */
407 }
410 /* Perform the actual key derive operation. */
419 /* phKey isn't used (is NULL) for mechanism CKM_TLS_PRF. */
422 /* Make derived key(s) active and visible to other threads. */
429 ssl_key_mat->hClientMacSecret
431 ssl_key_mat->hServerMacSecret
435 /* phKey isn't used (is NULL) for these SSL/TLS mechs */
439 }
440 }
442 finish:
452 }
461 }