pax_global_header00006660000000000000000000000064141477404230014520gustar00rootroot0000000000000052 comment=899ee7259ae552da18ab41e5b605166963d0ff01 caml-crush-1.0.12/000077500000000000000000000000001414774042300136375ustar00rootroot00000000000000caml-crush-1.0.12/.env000066400000000000000000000000261414774042300144260ustar00rootroot00000000000000DIST=debian FLAVOR=sidcaml-crush-1.0.12/.github/000077500000000000000000000000001414774042300151775ustar00rootroot00000000000000caml-crush-1.0.12/.github/workflows/000077500000000000000000000000001414774042300172345ustar00rootroot00000000000000caml-crush-1.0.12/.github/workflows/main.yml000066400000000000000000000031061414774042300207030ustar00rootroot00000000000000name: CI on: push jobs: build: runs-on: ubuntu-latest strategy: matrix: include: - dist: "debian" flavor: "sid" - dist: "debian" flavor: "testing" - dist: "debian" flavor: "bullseye" - dist: "debian" flavor: "buster" # Ubuntu Focal does not have coccinelle package, skip for now # - dist: "ubuntu" # flavor: "focal" - dist: "ubuntu" flavor: "bionic" - dist: "ubuntu" flavor: "xenial" steps: - name: Checkout code uses: actions/checkout@v2 - name: docker-build env: DIST: ${{ matrix.dist }} FLAVOR: ${{ matrix.flavor }} run: | apt-get update && apt-get install -y --no-install-recommends docker docker-compose docker-compose build docker-compose -f docker-compose-unix.yml build - name: run integration tests env: DIST: ${{ matrix.dist }} FLAVOR: ${{ matrix.flavor }} run: | # important to use -p so that different compose-project name are used to avoid collision between CI-runs docker-compose -p cc-test-${FLAVOR} up --force-recreate --exit-code-from client client docker-compose -p cc-test-${FLAVOR} up --force-recreate --exit-code-from client-tls client-tls docker-compose -p cc-test-${FLAVOR} -f docker-compose-unix.yml up --exit-code-from client-unix client-unix docker-compose -p cc-test-${FLAVOR} -f docker-compose-unix.yml up --exit-code-from client-unix-tls client-unix-tls caml-crush-1.0.12/.travis.yml000066400000000000000000000020311414774042300157440ustar00rootroot00000000000000language: c compiler: gcc services: docker dist: bionic jobs: include: - stage: Debian builds name: Stretch script: docker build -t caml-crush-stretch --build-arg flavor=stretch -f Dockerfile.debian . - name: Jessie script: docker build -t caml-crush-jessie --build-arg flavor=jessie -f Dockerfile.debian . - name: Buster script: docker build -t caml-crush-buster --build-arg flavor=buster -f Dockerfile.debian . - name: Sid script: docker build -t caml-crush-sid --build-arg flavor=sid -f Dockerfile.debian . - stage: Ubuntu builds name: Trusty script: docker build -t caml-crush-trusty -f Dockerfile.ubuntu-trusty . - name: Xenial script: docker build -t caml-crush-xenial --build-arg dist=ubuntu --build-arg flavor=xenial -f Dockerfile.debian . - name: Bionic script: docker build -t caml-crush-bionic --build-arg dist=ubuntu --build-arg flavor=bionic -f Dockerfile.debian . caml-crush-1.0.12/CHANGELOG.md000066400000000000000000000057631414774042300154630ustar00rootroot00000000000000# ChangeLog ## [Unreleased][unreleased] ## [1.0.12] - 2021-11-25 * Build fixes ## [1.0.11] - 2021-11-19 * TIRPC support * Ocaml > 4.10 support * Better integration tests ## [1.0.10] - 2020-09-22 * Sequential compilation * GCC-10 fixes * Travis-CI fixes ## [1.0.9] - 2020-05-22 * Fix compilation for recent coccinelle versions * MinGW fixes * Travis-CI is now used * Docker can be used to compile recent/older targets ## [1.0.8] - 2016-07-05 * OpenSSL 1.1.0 support (#23) * Fix some Win32 compilation issues * Improved support for TLS mutual auth when using Ocamlnet 4.x ## [1.0.7] - 2015-11-23 * Merge support for OCamlnet 4.x (#13) * Fix uninstall target (#18), credits to louis@louisroche.net ## [1.0.6] - 2015-05-28 * Switch to MIT license for the project. ## [1.0.5] - 2015-04-17 ### Security * Ability to configure your own wrapping format key. ### Added * Add key escrow filter to the engine. * pkcs11proxyd can use PFS ciphersuites (#12). * OCaml PKCS#11 bindings can be compiled separately with `--without-caml-crush`. * Documentation of PKCS#11 patchsets. ### Changed * Modify erroneous LICENSE.txt file to CeCILL-B. * Switch back to GPLv2 pkcs11.h file. * Remove dependency on des.h file, use CeCILL-B feature instead. * TLS is now restricted to TLS1.2. * ocaml-ssl 0.4.7 is required for TLS support. ### Fixed * Various fixup to configure script. * More robust slot aliasing. * Do not exit when pkcs11proxyd cannot be reached (#4, contrib from Nikos Mavrogiannopoulos). ## [1.0.4] - 2014-12-02 ### Changed * Move debian directory to dedicated branch. ### Fixed * Support installing client library in dedicated directory. ## [1.0.3] - 2014-11-20 ### Added * Various documentation improvements. * Initial Debian package support. * Improved Win32 support. * Client library can fetch module alias from file. * Add support for PKCS#11 v2.20 amendment 3. * Add support for white listing of SSL clients on the server-side. * Add support for setting multiple SSL server certificates on the client-side. * Add support for using a custom RPC timeout value. ### Fixed * Fix potential overflow in C to OCaml functions. * correct conflicting attribute patch regarding. * GnuTLS ressource deallocation issue. [unreleased]: https://github.com/caml-pkcs11/caml-crush/compare/v1.0.12...HEAD [1.0.12]: https://github.com/caml-pkcs11/caml-crush/compare/v1.0.11...v1.0.12 [1.0.11]: https://github.com/caml-pkcs11/caml-crush/compare/v1.0.10...v1.0.11 [1.0.10]: https://github.com/caml-pkcs11/caml-crush/compare/v1.0.9...v1.0.10 [1.0.9]: https://github.com/caml-pkcs11/caml-crush/compare/v1.0.8...v1.0.9 [1.0.8]: https://github.com/caml-pkcs11/caml-crush/compare/v1.0.7...v1.0.8 [1.0.7]: https://github.com/caml-pkcs11/caml-crush/compare/v1.0.6...v1.0.7 [1.0.6]: https://github.com/caml-pkcs11/caml-crush/compare/v1.0.5...v1.0.6 [1.0.5]: https://github.com/caml-pkcs11/caml-crush/compare/v1.0.4...v1.0.5 [1.0.4]: https://github.com/caml-pkcs11/caml-crush/compare/v1.0.3...v1.0.4 [1.0.3]: https://github.com/caml-pkcs11/caml-crush/compare/v1.0.2...v1.0.3 caml-crush-1.0.12/Dockerfile.debian000066400000000000000000000013301414774042300170470ustar00rootroot00000000000000# Override with --build-arg dist=ubuntu --build-arg flavor=bionic ARG dist=debian ARG flavor=sid FROM ${dist}:${flavor} as builder RUN apt-get update RUN apt-get install -y --no-install-recommends autoconf make gcc \ automake autotools-dev \ ocaml-nox camlidl coccinelle \ libocamlnet-ocaml-dev libocamlnet-ocaml-bin \ libocamlnet-ssl-ocaml libocamlnet-ssl-ocaml-dev \ libssl-dev gnutls-dev \ libconfig-file-ocaml-dev camlp4 FROM builder COPY . /build WORKDIR /build RUN ./autogen.sh RUN ./configure --with-idlgen --with-rpcgen --with-libnames=foo --with-ssl --with-ssl-clientfiles='env' RUN makecaml-crush-1.0.12/Dockerfile.ubuntu-trusty000066400000000000000000000023671414774042300205320ustar00rootroot00000000000000FROM ubuntu:trusty as builder RUN apt-get update RUN apt-get install -y --no-install-recommends autoconf make gcc \ automake autotools-dev \ ocaml-nox camlidl coccinelle libocamlnet-ocaml-dev \ libocamlnet-ssl-ocaml libocamlnet-ssl-ocaml-dev \ libocamlnet-ocaml-bin libconfig-file-ocaml-dev camlp4 \ libssl-dev libgnutls-dev ca-certificates pkg-config \ ocaml-findlib wget FROM builder COPY . /build WORKDIR /build # install findlib RUN wget http://download.camlcity.org/download/findlib-1.5.6.tar.gz -O /tmp/findlib-1.5.6.tar.gz RUN cd /tmp && tar xzf findlib-1.5.6.tar.gz && cd findlib-1.5.6 && \ ./configure -config /etc/ocamlfind.conf -bindir /usr/bin/ \ -sitelib /usr/lib/ocaml -with-toolbox && \ make all && make opt && sudo make install # install ocaml-ssl RUN wget https://github.com/savonet/ocaml-ssl/releases/download/0.5.5/ocaml-ssl-0.5.5.tar.gz -O /tmp/ocaml-ssl-0.5.5.tar.gz RUN cd /tmp && tar xzf /tmp/ocaml-ssl-0.5.5.tar.gz && cd ocaml-ssl-0.5.5 && ./configure && make && sudo make install RUN cd /build RUN ./autogen.sh RUN ./configure --with-idlgen --with-rpcgen --with-libnames=foo RUN makecaml-crush-1.0.12/ISSUES.md000066400000000000000000000202571414774042300152020ustar00rootroot00000000000000# Caml Crush: an OCaml PKCS#11 filtering proxy ## Current ISSUES and LIMITATIONS The following document address the current issues and limitations of the project. Back to [README.md](README.md). ## Summary * Client library * [Handling CK\_MECHANISM structures](#Mech) * [Handling buffers](#Buffer) * [Handling synchronization](#Sync) * Server and filter limitations library * [PFS](#PFS) * [Client library redirection based on connection source](#Redir) * [Possible DoS](#DoS) * Misc * [Unsupported PKCS#11 features](#Unsupported) * [OpenBSD](#BSD) ### Client library #### Handling CK\_MECHANISM structures The following functions are designed to do their best to parse input mechanism structures: value custom_c2ml_pkcs11_struct_ck_mechanism(struct ck_mechanism *_c1, camlidl_ctx _ctx); void custom_sanitize_ck_mechanism(struct ck_mechanism *mech); PKCS#11 allows vendors to define their own custom mechanism. It can be used by passing **CKM\_VENDOR\_DEFINED** as mechanism type in the structure. Vendors are free to use whatever suits their needs as mechanism parameter. Our implementation only support vendor defined mechanism that are using an **unsigned char array** as parameter. #### Handling buffers When designing our OCaml PKCS#11 bindings we decided **not** to reproduce some of the concepts of the standard. For instance, one can call the C\_Digest() function with an insufficiently large receive buffer. When this happens, the standard states that the middleware is supposed to do the following: * update the pointer that holds the length of the buffer * return the CKR\_BUFFER\_TOO\_SMALL error code This way the client application can use the updated counter value to allocate some more memory and call C\_Digest(). The same check is performed and the result gets copied if the buffer is large enough. We can picture the C\_Digest() operation as a couple of transactions that will be made. We chose to relax this constraint on the OCaml side. Developers using those bindings do not have to care about memory allocation. Therefore when calling C\_Digest() from OCaml, the value is immediately returned to the caller. A subsequent call to C\_Digest() would logically result with the CKR\_OPERATION\_NOT\_INITIALIZED error code. This is fine until you assemble all the pieces together. Because PKCS#11 client applications that will use our PKCS#11 client library which communicate with the proxy will expect the "classic" behavior described earlier. Therefore, we had to manage a state within the client library to keep results in memory, checking that the application is giving us a large enough buffer or returning CKR\_BUFFER\_TOO\_SMALL when needed. The workaround uses a linked list to keep track of calls made to crypto operations and stores the result for the given slot/session\_id until the client has allocated its memory and calls the function again to fetch the result. The following functions are concerned: - C\_Digest/C\_Encrypt/C\_Decrypt/C\_Sign - C\_DigestUpdate/C\_EncryptUpdate/C\_DecryptUpdate/C\_SignUpdate - C\_DigestFinal/C\_EncryptFinal/C\_DecryptFinal/C\_SignFinal - C\_DigestEncryptUpdate/C\_DecryptDigestUpdate/C\_SignEncryptUpdate/C\_DecryptVerifyUpdate - C\_SignRecover/C\_VerifyRecover - C\_WrapKey - C\_GetOperationState This is transparent to the client applications. #### Handling synchronization (OCaml client library) On the synchronization side, a global lock is implemented around the calls in order for the client library to be thread safe. The main issue is that it is not possible for multiple threads to call the OCaml runtime in a safe way. At most one thread can call the runtime. Therefore, a global mutex is used to serialize PKCS#11 calls. This works well for most of the PKCS#11 calls except the C\_WaitForSlotEvent call which can block. To avoid deadlocks, when an application calls C\_WaitForSlotEvent with the block flag, the library will poll for events with the non-blocking function. This is transparent to the application. #### Handling synchronization (C client library) Although the C client library is not concerned by the synchronization issue described previously, we decided to keep the locking strategy. Therefore the C client library uses the same synchronization primitives. It make the code more readable and has no side effects. This potentially reduces performance and could be improved in future releases. ### Server and filter limitations library #### [PFS][] (Perfect Forward Secrecy) support Since Caml Crush 1.0.5, we support PFS and force TLS1.2. This requires ocaml-ssl 0.4.7. See [Server SSL/TLS configuration](doc/SERVER-CONF.md) section of the server documentation. #### Client library redirection based on connection source For now, the same PKCS#11 library (provided in the configuration file) is loaded for all the clients. One would want to load different libraries depending on the client: for instance depending on its certificate, on its IP address, and so on. This feature is planned in future releases. #### Possible Denial-of-Service (DoS) The server code has two potential issues regarding DoS. ##### Unhandled SSL exceptions Exceptions that arise when using [ocamlnet][] with SSL are not properly handled. When this happens, the container instance stays in a **zombie** state. This issue has been communicated to the [ocamlnet][] and fixed with a patch for the ocamlnet-3.6.6 version. Patch is available: * [here][1] * [or here][2] [1]: http://permalink.gmane.org/gmane.comp.lang.ocaml.lib.net.devel/360 [2]: http://sourceforge.net/mailarchive/message.php?msg_id=31717036 ##### RPC system shutdown The ocamlnet library used to implement the server process uses a master/slave approach. When the server receives a new connection, a child process is forked and work is assigned. In order to synchronize and send/receive orders, the server process and container communicate through a Unix socket. This socket can also be used for the administration of the server process. Therefore, if an attacker finds a vulnerability in the container process, it could use the socket to shutdown the server process. This issue is related to the design of the Netplex library, we plan to modify the current implementation in order to separate the communication channel and the administration of the Netplex process. ### Misc #### Unsupported PKCS#11 features The project lacks the following features: * Support for callbacks (C\_OpenSession, ...) Adding support for callback is not an impossible task, but as this is not a widely used functionnality we decided to focus on other features. We plan however to add it in a future release. #### Small "fixmes" In addition to all the things that have been detailed in the previous sections, other design choices with minor impact can be improved (and might be in future releases). Please note that these elements are **not considered as critical** since they do not break the PKCS#11 conformance: the proxy should work fine as is. Here is a - non exhaustive - list of small "fixmes" and other "todos" that you will find in the current code: * In the OCaml/C bindings, some PKCS#11 stubs use fixed length buffers allocated on the stack. This is the case for the Digest functions for instance, where a MAX\_BUFF\_LEN is used for the hash value buffer. Since digest values should not exceed a fixed known amount of bytes, this fixed size buffer should not break the PKCS#11 standard. However, the proper way to deal with this would be to use dynamic allocation as it is done in Encrypt or Decrypt functions for example. This is left for a future release. * In the RPC layer, when encoding/decoding functions fail they simply **exit**: we should put some sanity checks and/or repair routines there. * When our custom allocation functions fail, they simply **exit**: we should do something to avoid stopping the execution instead. #### OpenBSD - C client cannot be compiled because the RPC "hyper" symbol is missing - Check support for the OCaml client. caml-crush-1.0.12/LICENSE.txt000066400000000000000000000027071414774042300154700ustar00rootroot00000000000000The MIT License (MIT) Copyright ANSSI (2013-2016) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. caml-crush-1.0.12/Makefile.Unix.in000066400000000000000000000023051414774042300166260ustar00rootroot00000000000000bindings_dir = src/bindings-pkcs11 rpc_dir = src/rpc-pkcs11 server_dir = src/pkcs11proxyd client_dir = src/client-lib filter_dir = src/filter tests_dir = src/tests .PHONY: all bindings rpc server client filter install uninstall tests .NOTPARALLEL: all bindings rpc server client filter install uninstall tests all: @with_bindings@ @with_rpc@ @with_filter@ @with_server@ @with_client@ bindings: @MAKEPROG@ @debug_mode@ -C $(bindings_dir) rpc: @MAKEPROG@ -C $(rpc_dir) server: @MAKEPROG@ -C $(server_dir) client: @MAKEPROG@ @debug_mode@ -C $(client_dir) filter: @MAKEPROG@ -C $(filter_dir) tests: @MAKEPROG@ -C $(tests_dir) install: @MAKEPROG@ install -C $(server_dir) @MAKEPROG@ install -C $(client_dir) uninstall: @MAKEPROG@ uninstall -C $(server_dir) @MAKEPROG@ uninstall -C $(client_dir) clean: @with_bindings_clean@ @with_rpc_clean@ @with_server_clean@ @with_client_clean@ @with_filter_clean@ tests_clean bindings_clean: @MAKEPROG@ clean -C $(bindings_dir) rpc_clean: @MAKEPROG@ clean -C $(rpc_dir) server_clean: @MAKEPROG@ clean -C $(server_dir) client_clean: @MAKEPROG@ clean -C $(client_dir) filter_clean: @MAKEPROG@ clean -C $(filter_dir) tests_clean: @MAKEPROG@ clean -C $(tests_dir) caml-crush-1.0.12/Makefile.Win32.in000066400000000000000000000023071414774042300166070ustar00rootroot00000000000000bindings_dir = src/bindings-pkcs11 rpc_dir = src/rpc-pkcs11 server_dir = src/pkcs11proxyd client_dir = src/client-lib filter_dir = src/filter tests_dir = src/tests .PHONY: all bindings rpc server client filter install uninstall tests .NOTPARALLEL: all bindings rpc server client filter install uninstall tests #all: bindings rpc @with_filter@ server client all: bindings client bindings: @MAKEPROG@ @debug_mode@ -C $(bindings_dir) rpc: @MAKEPROG@ -C $(rpc_dir) server: @MAKEPROG@ -C $(server_dir) client: @MAKEPROG@ @debug_mode@ -C $(client_dir) filter: @MAKEPROG@ -C $(filter_dir) tests: @MAKEPROG@ -C $(tests_dir) install: @MAKEPROG@ install -C $(server_dir) @MAKEPROG@ install -C $(client_dir) uninstall: @MAKEPROG@ uninstall -C $(server_dir) @MAKEPROG@ uninstall -C $(client_dir) #clean: bindings_clean rpc_clean server_clean client_clean @with_filter_clean@ tests_clean clean: bindings_clean client_clean bindings_clean: @MAKEPROG@ clean -C $(bindings_dir) rpc_clean: @MAKEPROG@ clean -C $(rpc_dir) server_clean: @MAKEPROG@ clean -C $(server_dir) client_clean: @MAKEPROG@ clean -C $(client_dir) filter_clean: @MAKEPROG@ clean -C $(filter_dir) tests_clean: @MAKEPROG@ clean -C $(tests_dir) caml-crush-1.0.12/README.md000066400000000000000000000072721414774042300151260ustar00rootroot00000000000000# Caml Crush: an OCaml PKCS#11 filtering proxy [![Build Status](https://travis-ci.com/caml-pkcs11/caml-crush.svg?branch=master)](https://travis-ci.com/caml-pkcs11/caml-crush) This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. ## Introduction The following projects aim to offer a PKCS#11 proxy with filtering capabilities. The project is divided in submodules which are detailed below. >1] OCaml/C PKCS#11 bindings (using OCaml IDL). >2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). >3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. >4] A PKCS#11 filtering module used as a backend to the RPC server. >5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: >6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) ## Authors * Ryad Benadjila () * Thomas Calderon () * Marion Daubignard () ## Quickstart ### Dependencies - Debian/Ubuntu sudo apt-get install autoconf make gcc ocaml-nox camlidl coccinelle \ libocamlnet-ocaml-dev libocamlnet-ocaml-bin \ libconfig-file-ocaml-dev camlp4 ### Build ./autogen.sh ./configure --with-idlgen --with-rpcgen --with-libnames=foo make sudo make install ### Configure the middleware to use Edit **/usr/local/etc/pkcs11proxyd/filter.conf**, uncomment the **modules** parameter to have it point to the PKCS#11 middleware you want to use. Example using the OpenSC middleware: ```ocaml ... modules = [("foo", "/usr/lib/opensc-pkcs11.so")] ... ``` ### Run the proxy server /usr/local/bin/pkcs11proxyd -fg -conf /usr/local/etc/pkcs11proxyd/pkcs11proxyd.conf ### Test it You can test that everything is working with a PKCS#11 application, **pkcs11-tool** from the OpenSC suite for example. The following command will list the available slots. pkcs11-tool --module /usr/local/lib/libp11clientfoo.so -L [Dedicated tests](src/tests/ocaml/HOW_TO_PERFORM_TESTS.md) are also implemented. ## Documentation * More detailed documentation can be found [here](doc/INDEX.md). * Detailed documentation on the filter can be found [here](doc/FILTER.md). * Explanation on current issues and/or limitations can be found [here](ISSUES.md). * Explanations on how to run some tests to ensure that issues are addressed can be found [here](src/tests/ocaml/HOW_TO_PERFORM_TESTS.md). caml-crush-1.0.12/autoclean.sh000077500000000000000000000025041414774042300161520ustar00rootroot00000000000000#!/bin/bash main_dir="./" bindings_dir="src/bindings-pkcs11" rpc_dir="src/rpc-pkcs11" server_dir="src/pkcs11proxyd" client_dir="src/client-lib" filter_dir="src/filter" filter_filter_dir="src/filter/filter" filter_backend_dir="src/filter/backend" filter_frontend_dir="src/filter/frontend" tests_dir="src/tests" ocaml_tests_dir="src/tests/ocaml" c_tests_dir="src/tests/c-based" scripts_dir="scripts" clean_dirs=($main_dir $bindings_dir $rpc_dir $server_dir $client_dir $filter_dir $filter_filter_dir $filter_backend_dir $filter_frontend_dir $tests_dir $ocaml_tests_dir $c_tests_dir) echo "Cleaning the project ..." make clean &> /dev/null echo "Cleaning AUTOCONF files ..." rm -rf aclocal.m4 autom4te.cache config.log config.status configure summary echo "Cleaning Makefiles ..." for (( i = 0 ; i < ${#clean_dirs[*]} ; i++ )) do rm -f ${clean_dirs[i]}/Makefile done rm -f ${bindings_dir}/Makefile.standalone #Cleaning Makefile.in which will be cp depending on platform rm -f ${main_dir}/Makefile.in echo "Cleaning initrc file ..." rm -rf ${scripts_dir}/pkcs11proxyd echo "Cleaning the SSL related files ..." rm -f create_ssl_files.c create_ssl_files src/client-lib/cert_file.h src/client-lib/ca_file.h src/client-lib/private_key_file.h src/rpc-pkcs11/ca_file.inc src/rpc-pkcs11/cert_file.inc src/rpc-pkcs11/private_key_file.inc server_certs.crt caml-crush-1.0.12/autogen.sh000077500000000000000000000005721414774042300156440ustar00rootroot00000000000000#!/bin/sh echo "[Generating configure file ...]" aclocal if [ "${OS}" = "Windows_NT" ] then echo " |-> Using Cygwin environment" cp Makefile.Win32.in Makefile.in autoconf configure-win32.ac > configure else cp Makefile.Unix.in Makefile.in autoconf configure.ac > configure fi echo " |-> Run ./configure with the desired options, and then make" chmod +x ./configure caml-crush-1.0.12/config.guess000077500000000000000000001246371414774042300161740ustar00rootroot00000000000000#! /bin/sh # Attempt to guess a canonical system name. # Copyright 1992-2015 Free Software Foundation, Inc. timestamp='2015-03-04' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # # Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD # # Please send patches to . me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" >&2 exit 1 ;; * ) break ;; esac done if test $# != 0; then echo "$me: too many arguments$help" >&2 exit 1 fi trap 'exit 1' 1 2 15 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a # headache to deal with in a portable fashion. # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still # use `HOST_CC' if defined, but it is deprecated. # Portable tmp directory creation inspired by the Autoconf team. set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; dummy=$tmp/dummy ; tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in ,,) echo "int x;" > $dummy.c ; for c in cc gcc c89 c99 ; do if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; if test x"$CC_FOR_BUILD" = x ; then CC_FOR_BUILD=no_compiler_found ; fi ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; esac ; set_cc_for_build= ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown case "${UNAME_SYSTEM}" in Linux|GNU|GNU/*) # If the system lacks a compiler, then just pick glibc. # We could probably try harder. LIBC=gnu eval $set_cc_for_build cat <<-EOF > $dummy.c #include #if defined(__UCLIBC__) LIBC=uclibc #elif defined(__dietlibc__) LIBC=dietlibc #else LIBC=gnu #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` ;; esac # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward # compatibility and a consistent mechanism for selecting the # object file format. # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ /sbin/$sysctl 2>/dev/null || \ /usr/sbin/$sysctl 2>/dev/null || \ echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; earmv*) arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'` endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'` machine=${arch}${endian}-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? os=netbsd else os=netbsdelf fi ;; *) os=netbsd ;; esac # Determine ABI tags. case "${UNAME_MACHINE_ARCH}" in earm*) expr='s/^earmv[0-9]/-eabi/;s/eb$//' abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"` ;; esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. case "${UNAME_VERSION}" in Debian*) release='-gnu' ;; *) release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}${abi}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; *:SolidBSD:*:*) echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} exit ;; macppc:MirBSD:*:*) echo powerpc-unknown-mirbsd${UNAME_RELEASE} exit ;; *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ;; *5.*) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ;; esac # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") UNAME_MACHINE="alpha" ;; "EV4.5 (21064)") UNAME_MACHINE="alpha" ;; "LCA4 (21066/21068)") UNAME_MACHINE="alpha" ;; "EV5 (21164)") UNAME_MACHINE="alphaev5" ;; "EV5.6 (21164A)") UNAME_MACHINE="alphaev56" ;; "EV5.6 (21164PC)") UNAME_MACHINE="alphapca56" ;; "EV5.7 (21164PC)") UNAME_MACHINE="alphapca57" ;; "EV6 (21264)") UNAME_MACHINE="alphaev6" ;; "EV6.7 (21264A)") UNAME_MACHINE="alphaev67" ;; "EV6.8CB (21264C)") UNAME_MACHINE="alphaev68" ;; "EV6.8AL (21264B)") UNAME_MACHINE="alphaev68" ;; "EV6.8CX (21264D)") UNAME_MACHINE="alphaev68" ;; "EV6.9A (21264/EV69A)") UNAME_MACHINE="alphaev69" ;; "EV7 (21364)") UNAME_MACHINE="alphaev7" ;; "EV7.9 (21364A)") UNAME_MACHINE="alphaev79" ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 exit $exitcode ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix exit ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition exit ;; *:z/VM:*:*) echo s390-ibm-zvmoe exit ;; *:OS400:*:*) echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp exit ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 exit ;; DRS?6000:unix:4.0:6*) echo sparc-icl-nx6 exit ;; DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; s390x:SunOS:*:*) echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) echo i386-pc-auroraux${UNAME_RELEASE} exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build SUN_ARCH="i386" # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then SUN_ARCH="x86_64" fi fi echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} ;; sun4) echo sparc-sun-sunos${UNAME_RELEASE} ;; esac exit ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor # > m68000). The system name ranges from "MiNT" over "FreeMiNT" # to the lowercase version "mint" (or "freemint"). Finally # the system name "TOS" denotes a system which is actually not # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} exit ;; m68k:machten:*:*) echo m68k-apple-machten${UNAME_RELEASE} exit ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && SYSTEM_NAME=`$dummy $dummyarg` && { echo "$SYSTEM_NAME"; exit; } echo mips-mips-riscos${UNAME_RELEASE} exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax exit ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax exit ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax exit ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ [ ${TARGET_BINARY_INTERFACE}x = x ] then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix exit ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` then echo "$SYSTEM_NAME" else echo rs6000-ibm-aix3.2.5 fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit ;; *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/lslpp ] ; then IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit ;; *:AIX:*:*) echo rs6000-ibm-aix exit ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in 32) HP_ARCH="hppa2.0n" ;; 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 esac ;; esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #define _HPUX_SOURCE #include #include int main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); #endif long cpu = sysconf (_SC_CPU_VERSION); switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0"); break; case CPU_PA_RISC1_1: puts ("hppa1.1"); break; case CPU_PA_RISC2_0: #if defined(_SC_KERNEL_BITS) switch (bits) { case 64: puts ("hppa2.0w"); break; case 32: puts ("hppa2.0n"); break; default: puts ("hppa2.0"); break; } break; #else /* !defined(_SC_KERNEL_BITS) */ puts ("hppa2.0"); break; #endif default: puts ("hppa1.0"); break; } exit (0); } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac if [ ${HP_ARCH} = "hppa2.0w" ] then eval $set_cc_for_build # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler # generating 64-bit code. GNU and HP use different nomenclature: # # $ CC_FOR_BUILD=cc ./config.guess # => hppa2.0w-hp-hpux11.23 # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then HP_ARCH="hppa2.0w" else HP_ARCH="hppa64" fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} exit ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} exit ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit ;; *:FreeBSD:*:*) UNAME_PROCESSOR=`/usr/bin/uname -p` case ${UNAME_PROCESSOR} in amd64) echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; *:MINGW64*:*) echo ${UNAME_MACHINE}-pc-mingw64 exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; *:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; authenticamd | genuineintel | EM64T) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; IA64) echo ia64-unknown-interix${UNAME_RELEASE} exit ;; esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; 8664:Windows_NT:*) echo x86_64-pc-mks exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix exit ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) echo x86_64-unknown-cygwin exit ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin exit ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; *:GNU:*:*) # the GNU system echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; aarch64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; PCA57) UNAME_MACHINE=alphapca56 ;; EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC="gnulibc1" ; fi echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arc:Linux:*:* | arceb:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then echo ${UNAME_MACHINE}-unknown-linux-${LIBC} else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi else echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf fi fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; cris:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; crisv32:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; e2k:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; frv:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; hexagon:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:Linux:*:*) echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef ${UNAME_MACHINE} #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; openrisc*:Linux:*:*) echo or1k-unknown-linux-${LIBC} exit ;; or32:Linux:*:* | or1k*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) echo sparc-unknown-linux-${LIBC} exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-${LIBC} exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; *) echo hppa-unknown-linux-${LIBC} ;; esac exit ;; ppc64:Linux:*:*) echo powerpc64-unknown-linux-${LIBC} exit ;; ppc:Linux:*:*) echo powerpc-unknown-linux-${LIBC} exit ;; ppc64le:Linux:*:*) echo powerpc64le-unknown-linux-${LIBC} exit ;; ppcle:Linux:*:*) echo powerpcle-unknown-linux-${LIBC} exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux-${LIBC} exit ;; sh64*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; tile*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 exit ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop exit ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos exit ;; i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp exit ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit ;; i*86:*:5:[678]*) # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configury will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit ;; paragon:*:*:*) echo i860-intel-osf1 exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv exit ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix exit ;; M68*:*:R3V[5678]*:*) test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; NCR*:*:4.2:* | MPRAS*:*:4.2:*) OS_REL='.3' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 exit ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. echo ${UNAME_MACHINE}-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos exit ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; x86_64:Haiku:*:*) echo x86_64-unknown-haiku exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} exit ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; SX-7:SUPER-UX:*:*) echo sx7-nec-superux${UNAME_RELEASE} exit ;; SX-8:SUPER-UX:*:*) echo sx8-nec-superux${UNAME_RELEASE} exit ;; SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown eval $set_cc_for_build if test "$UNAME_PROCESSOR" = unknown ; then UNAME_PROCESSOR=powerpc fi if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then case $UNAME_PROCESSOR in i386) UNAME_PROCESSOR=x86_64 ;; powerpc) UNAME_PROCESSOR=powerpc64 ;; esac fi fi elif test "$UNAME_PROCESSOR" = i386 ; then # Avoid executing cc on OS X 10.9, as it ships with a stub # that puts up a graphical alert prompting to install # developer tools. Any system running Mac OS X 10.7 or # later (Darwin 11 and later) is required to have a 64-bit # processor. This is not true of the ARM version of Darwin # that Apple uses in portable devices. UNAME_PROCESSOR=x86_64 fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; NEO-?:NONSTOP_KERNEL:*:*) echo neo-tandem-nsk${UNAME_RELEASE} exit ;; NSE-*:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux exit ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. if test "$cputype" = "386"; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 exit ;; *:TENEX:*:*) echo pdp10-unknown-tenex exit ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 exit ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 exit ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 exit ;; *:ITS:*:*) echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) echo mips-sei-seiux${UNAME_RELEASE} exit ;; *:DragonFly:*:*) echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` case "${UNAME_MACHINE}" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; esac ;; *:XENIX:*:SysV) echo i386-pc-xenix exit ;; i*86:skyos:*:*) echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; i*86:AROS:*:*) echo ${UNAME_MACHINE}-pc-aros exit ;; x86_64:VMkernel:*:*) echo ${UNAME_MACHINE}-unknown-esx exit ;; esac cat >&2 < in order to provide the needed information to handle your system. config.guess timestamp = $timestamp uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` /bin/uname -X = `(/bin/uname -X) 2>/dev/null` hostinfo = `(hostinfo) 2>/dev/null` /bin/universe = `(/bin/universe) 2>/dev/null` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` /bin/arch = `(/bin/arch) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` UNAME_MACHINE = ${UNAME_MACHINE} UNAME_RELEASE = ${UNAME_RELEASE} UNAME_SYSTEM = ${UNAME_SYSTEM} UNAME_VERSION = ${UNAME_VERSION} EOF exit 1 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: caml-crush-1.0.12/configure-win32.ac000066400000000000000000001471271414774042300171010ustar00rootroot00000000000000define([PACKAGE_VERSION_MAJOR], [1]) define([PACKAGE_VERSION_MINOR], [0]) define([PACKAGE_VERSION_FIX], [12]) AC_INIT(cam-crush, [PACKAGE_VERSION_MAJOR.PACKAGE_VERSION_MINOR.PACKAGE_VERSION_FIX]) AC_CONFIG_SRCDIR([src/client-lib/modwrap.c]) bindings_dir="src/bindings-pkcs11" rpc_dir="src/rpc-pkcs11" server_dir="src/pkcs11proxyd" client_dir="src/client-lib" filter_dir="src/filter" filter_filter_dir="src/filter/filter" filter_backend_dir="src/filter/backend" filter_frontend_dir="src/filter/frontend" tests_dir="src/tests" ocaml_tests_dir="src/tests/ocaml" c_tests_dir="src/tests/c-based" scripts_dir="scripts" AC_CONFIG_FILES([$bindings_dir/Makefile $bindings_dir/Makefile.standalone $rpc_dir/Makefile $server_dir/Makefile $client_dir/Makefile $filter_filter_dir/Makefile $filter_backend_dir/Makefile $filter_frontend_dir/Makefile $filter_dir/Makefile $tests_dir/Makefile $ocaml_tests_dir/Makefile $c_tests_dir/Makefile $scripts_dir/pkcs11proxyd]) AC_ARG_WITH(caml-crush, [ --without-caml-crush compile only pkcs11 bindings, (this is NOT the default)], [], with_caml_crush=yes) AC_ARG_WITH(client-socket, [ --with-client-socket configure client socket type and path, default is tcp with 127.0.0.1 (format is --with-client-socket="unix,path" or --with-client-socket="tcp,address:port")]) AC_ARG_WITH(libname_file, [ --with-libname-file configure library to fetch libname from a disk file (default)]) AC_ARG_WITH(libnames, [ --with-libnames configure library names to be generated, comma deparated (default is the empty string). E.g: --with-libnames=foo,bar]) AC_ARG_WITH(ocamlclient, [ --with-ocamlclient use OCaml client library and RPC instead of default native C one]) AC_ARG_WITH(cclient, [ --with-cclient use C based client library and RPC (this is the default)]) AC_ARG_WITH(debuglibs, [ --with-debuglibs activate verbose debug output for the modules of the proxy that do not support it dynamically (the bindings and the client library)]) AC_ARG_WITH(rpcgen, [ --with-rpcgen force regeneration of the rpc header and code files again (this is NOT the default)]) AC_ARG_WITH(idlgen, [ --with-idlgen force regeneration of the idl header and code files again (this is NOT the default)]) AC_ARG_WITH(ssl, [ --with-ssl use SSL authentication and encryption over the transport layer (TCP or Unix socket). Use the OpenSSL library by default if --with-gnutls is not given.]) AC_ARG_WITH(gnutls, [ --with-gnutls use the gnutls library instead of the OpenSSL library for native C client RPC over ssl.)]) AC_ARG_WITH(ssl-clientfiles, [ --with-ssl-clientfiles CA and client certificate files as well as private key (in pem format) for SSL on the target. These are paths on the client if there is a prepending path, environment variables if there is a prepending env (PKCS11PROXY_SSL_CA/PKCS11PROXY_SSL_CERT/PKCS11_SSL_PRIVKEY: this is the default), or a path of files on the host to be embedded inside the client if there is a prepending embed. E.g: --with-ssl-clientfiles='path;ca=path_to_ca,cert=path_to_cert,privkey=path_to_key')], sslfiles="$withval") AC_ARG_WITH(ssl-servercerts, [ --with-ssl-servercerts enforce the client to strictly accept authentication with specific servers that use the certificates provided either in the folder or in a file (as a concatenation of certificates)], sslservercerts="$withval") AC_ARG_WITH(filter, [ --without-filter compile the server without the filter: all the PKCS#11 commands are passed through to the bindings.], [], with_filter=yes) AC_ARG_WITH(aliasing, [ --with-aliasing aliasing of the sessions and objects handles. There are two aliasing modes: incremental and random (non predictable aliases): --with-aliasing=rand or --with-aliasing=inc, default is random.], aliasing="$withval") AC_ARG_WITH(daemonize, [ --with-daemonize compile with daemonization primitives support (User can amend C_Daemonize function to provide its own privilege reduction primitives inside the server process instead of using the sandbox launcher).]) full_libdir=`eval eval eval eval eval echo "${libdir}" | sed "s#NONE#${prefix}#" | sed "s#NONE#${ac_default_prefix}#"` # Install the library in a sub-directory full_libdir="$full_libdir/caml-crush" libdir=$full_libdir # Summary helpers AC_DEFUN(WRITE_TO_FILE,[ printf "%-40s: %s\n" $2 $3 >> $1 ]) AC_DEFUN(SHOW_SUMMARY,[ cat $1 && rm -f $1 ]) #Try to detect host_type and set variable if host_type=`${srcdir}/config.guess`; then :; else echo "Cannot guess host type" exit 2 fi # Remove any existing summary file rm -f ./summary echo "###########################################" >> ./summary echo "### SUMMARY ###" >> ./summary echo "###########################################" >> ./summary ########## # CHECK Make case $host_type in *freebsd*) AC_CHECK_PROG(MAKEPROG,gmake,gmake,no) if test "$MAKEPROG" == "no" then AC_MSG_ERROR(Cannot find GNU gmake.) fi AC_SUBST(MAKEPROG,$MAKEPROG) ;; *) AC_CHECK_PROG(MAKEPROG,make,make,no) if test "$MAKEPROG" == "no" then AC_MSG_ERROR(Cannot find GNU make.) fi AC_SUBST(MAKEPROG,$MAKEPROG) ;; esac ########## # CHECK OCaml an needed binaries AC_DEFUN(AC_PROG_OCAML, [dnl # checking for ocamlc AC_CHECK_PROG(OCAMLC,ocamlc,yes,no) if test "$OCAMLC" == "no" then AC_MSG_ERROR(Cannot find ocamlc.) fi OCAMLVERSION=$(ocamlc -version | tr -d '\r') AC_MSG_RESULT(OCaml version is $OCAMLVERSION) OCAMLLIB=$(ocamlc -where | tr -d '\r') AC_MSG_RESULT(OCaml library path is $OCAMLLIB) # checking for ocamlopt AC_CHECK_PROG(OCAMLOPT,ocamlopt,ocamlopt) OCAMLBEST=byte if test -z "$OCAMLOPT"; then AC_MSG_WARN(Cannot find ocamlopt; bytecode compilation only.) else TMPVERSION=$($OCAMLOPT -version) if test "$TMPVERSION" != "$OCAMLVERSION" ; then AC_MSG_RESULT(versions differs from ocamlc; ocamlopt discarded.) unset OCAMLOPT else OCAMLBEST=opt fi fi # checking for ocamlc.opt AC_CHECK_PROG(OCAMLCDOTOPT,ocamlc.opt,ocamlc.opt) if test "$OCAMLCDOTOPT"; then TMPVERSION=$($OCAMLCDOTOPT -version) if test "$TMPVERSION" != "$OCAMLVERSION" ; then AC_MSG_RESULT(versions differs from ocamlc; ocamlc.opt discarded.) else OCAMLC=$OCAMLCDOTOPT fi fi # checking for ocamlopt.opt if test "$OCAMLOPT" ; then AC_CHECK_PROG(OCAMLOPTDOTOPT,ocamlopt.opt,ocamlopt.opt) if test "$OCAMLOPTDOTOPT"; then TMPVERSION=$($OCAMLOPTDOTOPT -version) if test "$TMPVERSION" != "$OCAMLVERSION" ; then AC_MSG_RESULT(version differs from ocamlc; ocamlopt.opt discarded.) else OCAMLOPT=$OCAMLOPTDOTOPT fi fi fi # checking for ocamldep AC_CHECK_PROG(OCAMLDEP,ocamldep,ocamldep,AC_MSG_WARN(Cannot find ocamldep.)) #checking for ocamlmklib AC_CHECK_PROG(OCAMLMKLIB,ocamlmklib,ocamlmklib, AC_MSG_WARN(Cannot find ocamlmklib.)) AC_SUBST(OCAMLC) AC_SUBST(OCAMLOPT) AC_SUBST(OCAMLDEP) AC_SUBST(OCAMLBEST) AC_SUBST(OCAMLVERSION) AC_SUBST(OCAMLLIB) AC_SUBST(OCAMLMKLIB) ]) # CHECK for ocamlp4 needed for # some conditional compilation AC_DEFUN(AC_PROG_CAMLP4, [dnl AC_REQUIRE([AC_PROG_OCAML]) # checking for camlp4 AC_CHECK_PROG(CAMLP4,camlp4,yes,no) if test "$CAMLP4" == "no"; then TMPVERSION=$($CAMLP4 -v 2>&1| sed -n -e 's|.*version *\(.*\)$|\1|p') if test "$TMPVERSION" != "$OCAMLVERSION" ; then AC_MSG_ERROR(versions differs from ocamlc) else AC_CHECK_PROG(CAMLP4O,camlp4o,camlp4o) fi fi AC_SUBST(CAMLP4) AC_SUBST(CAMLP4O) ]) # CHECK for OCaml findlib needed # for dependency solving AC_DEFUN(AC_PROG_FINDLIB, [dnl # checking for ocamlfind AC_CHECK_PROG(OCAMLFIND,ocamlfind,ocamlfind, AC_MSG_ERROR(ocamlfind not found)) AC_SUBST(OCAMLFIND) ]) AC_DEFUN(AC_CHECK_OCAML_PKG, [dnl AC_REQUIRE([AC_PROG_FINDLIB]) AC_MSG_CHECKING(OCaml package $1) if $OCAMLFIND query $1 >/dev/null 2>/dev/null; then AC_MSG_RESULT(found) pkg_$2="$1" else AC_MSG_ERROR(not found) unset pkg_$2 fi ]) dnl dnl dnl dnl AC_ARG_OCAML_INSTALLDIR adds a --with-installdir option AC_DEFUN(AC_ARG_OCAML_INSTALLDIR, [dnl AC_ARG_WITH(installdir,[ --with-installdir=DIR specify installation directory],INSTALLDIR="$withval") if ! test "$INSTALLDIR" -o "$use_findlib" ; then INSTALLDIR='$(OCAMLLIB)/$(NAME)' fi AC_SUBST(INSTALLDIR) ]) dnl dnl dnl dnl AC_CHECK_OCAML_MODULE looks for a module in a given path dnl 1 -> name (for printing) dnl 2 -> env var name dnl 3 -> module to check dnl 4 -> default dirs AC_DEFUN(AC_CHECK_OCAML_MODULE, [dnl AC_MSG_CHECKING($1 directory) cat > conftest.ml < /dev/null 2>&1 ; then found=yes break fi done if test "$found" ; then AC_MSG_RESULT($$2) else AC_MSG_RESULT(not found) unset $2 fi AC_SUBST($2)]) #***********************# AC_PROG_OCAML ########## # CHECK PLATFORM AC_CHECK_HEADERS([windows.h],,AC_MSG_ERROR(Could not find Windows headers.)) ########## # CHECK HEADERS # OCAML export CFLAGS="$CFLAGS -I$OCAMLLIB" export CPPFLAGS="$CPPFLAGS -I$OCAMLLIB" AC_CHECK_HEADERS([caml/mlvalues.h],,AC_MSG_ERROR(Could not find OCaml headers.)) # OCAML IDL AC_CHECK_HEADERS([caml/camlidlruntime.h],,AC_MSG_ERROR(Could not find OCaml IDL headers.)) # Dynamic linker case $host_type in *cygwin*) AC_CHECK_HEADERS([fcntl.h],,AC_MSG_ERROR(Could not find fcntl headers.)) ;; *) AC_CHECK_HEADERS([dlfcn.h],,AC_MSG_ERROR(Could not find dlfcn headers.)) ;; esac # pthread AC_CHECK_HEADERS([pthread.h],,AC_MSG_ERROR(Could not find pthread headers.)) AC_PROG_CAMLP4 AC_PROG_FINDLIB if test "$with_caml_crush" == "yes" #--without-caml-crush was not set then case $host_type in *cygwin*) ;; *) # CHECK for ocamlnet RPC AC_CHECK_OCAML_PKG([rpc], rpc) # CHECK for ocaml str regexp package AC_CHECK_OCAML_PKG([str], str) # CHECK for the config-file package AC_CHECK_OCAML_PKG([config-file], configfile) ;; esac # CHECK for the camlidl library fi AC_CHECK_OCAML_PKG([camlidl], camlidl) ########## # CHECK LIBS for basic linking # CHECK for dl case $host_type in *freebsd*) AC_MSG_NOTICE(System is FreeBSD skip libdl check) ;; *cygwin*) AC_MSG_NOTICE(System is Cygwin skip libdl check) ;; *) AC_CHECK_LIB(dl, dlopen, DL_LIB="-ldl", AC_MSG_ERROR(Cannot find dl library.)) ;; esac # CHECK pthread AC_CHECK_LIB(pthread, pthread_mutex_init, THREAD_LIB="-lpthread", AC_MSG_ERROR(Cannot find pthread library.)) # IDL generation handling #### # CHECK for the camlidl program, # only needed if we need to generate the idl files again if test "$with_idlgen" != "" then AC_CHECK_PROG(CAMLIDL,camlidl,yes,no) if test "$CAMLIDL" == "no" then AC_MSG_ERROR(Cannot find camlidl: needed for PKCS11 bindings generation.) fi AC_SUBST(idl_gen, "idl") WRITE_TO_FILE(summary, "IDL gen", "YES") else WRITE_TO_FILE(summary, "IDL gen", "NO") fi # DEBUG MODE HANDLING if test "$with_debuglibs" != "" then AC_MSG_NOTICE([Using debug mode libs]) AC_SUBST(debug_mode, "debug") WRITE_TO_FILE(summary, "debug libs", "YES") else AC_SUBST(debug_mode, "") WRITE_TO_FILE(summary, "debug libs", "NO") fi if test "$with_caml_crush" == "yes" #--without-caml-crush was not set then ############# OCAML RELATED CHECKS ######### # CHECK if OCaml runtime was build with # -fPIC: if yes, build the ocaml client # against the local lib. If no, fail # and advise user to either use the C client # or to rebuild the OCaml binaries. if test "$with_ocamlclient" != "" then AC_MSG_CHECKING(OCaml support for fPIC) # Try to compile a sample program ML_TEST_FILE="mltest" ML=".ml" CMI=".cmi" CMX=".cmx" OBJ=".o" cat <$ML_TEST_FILE$ML let _ = Printf.printf "Testing -fPIC\n" EOM $OCAMLOPT -output-obj -o a.so $ML_TEST_FILE$ML 2> ocamlopt.log OCAMLOPT_ERR=`cat ocamlopt.log | grep -i error` if test "$OCAMLOPT_ERR" != "" then rm -f $ML_TEST_FILE$CMI $ML_TEST_FILE$CMX $ML_TEST_FILE$OBJ $ML_TEST_FILE$ML a.so ocamlopt.log AC_MSG_RESULT(no) AC_MSG_WARN(OCaml is not compiled with fPIC support either use --with-cclient or recompile the OCaml suite) AC_MSG_ERROR(OCaml client cannot be compiled. Read the documentation for more details.) else AC_MSG_RESULT(yes) fi rm -f $ML_TEST_FILE$CMI $ML_TEST_FILE$CMX $ML_TEST_FILE$OBJ $ML_TEST_FILE$ML a.so ocamlopt.log fi ########## INTERNAL OPTIONS ########### ######### # RPC TYPE HANDLING summary="" if test "$with_ocamlclient" != "" then if test "$with_cclient" != "" then AC_MSG_ERROR([--with-ocamlclient and --with-cclient are NOT compatible!]) fi WRITE_TO_FILE(summary, "client type", "OCaml based client (OCamlnet RPC)") AC_MSG_NOTICE([Using OCaml based client and RPC instead of native C client]) AC_SUBST(client_to_compile, "camlrpc") AC_SUBST(client_to_compile_debug, "camlrpc_debug") else WRITE_TO_FILE(summary, "client type", "Native C client (RPC generated with native rpcgen)") AC_MSG_NOTICE([Using default C based client and RPC]) AC_MSG_NOTICE([Should fix configure to look for Win32 RPC headers]) #AC_CHECK_HEADERS([rpc/rpc.h],,AC_MSG_ERROR(Could not find C RPC headers.)) #AC_CHECK_HEADERS([rpc/clnt.h],,AC_MSG_ERROR(Could not find C RPC client headers.)) AC_SUBST(client_to_compile, "crpc") AC_SUBST(client_to_compile_debug, "crpc_debug") fi # LIBNAME HANDLING if test -n "${with_libnames+x}" && test -n "${with_libname_file+x}" then AC_MSG_ERROR([--with-libname-file incompatible --with-libnames!, choose one]) fi #default no choice if test -z "${with_libnames+x}" && test -z "${with_libname_file+x}" then AC_MSG_NOTICE([Client library configured to read libname from a file]) AC_SUBST(lib_names, "\"\"") AC_SUBST(libname_file, "-DLIBNAME_FILE") WRITE_TO_FILE(summary, "client lib", "Using .camlcrushlibname file") fi #using builtin if test -n "${with_libnames+x}" then libraries=$(echo $with_libnames | sed 's/\([[^,]]*\)/\"\1\"/g' | tr ',' ' ') AC_MSG_NOTICE([Client libraries configured for $libraries]) AC_SUBST(lib_names, $libraries) WRITE_TO_FILE(summary, "client libs", "$libraries") fi #using disk file if test -n "${with_libname_file+x}" then AC_MSG_NOTICE([Client library configured to read libname from a file]) AC_SUBST(lib_names, "\"\"") AC_SUBST(libname_file, "-DLIBNAME_FILE") WRITE_TO_FILE(summary, "client lib", "Using .camlcrushlibname file") fi # SOCKET HANDLING unix="UNIX_SOCKET" tcp="TCP_SOCKET" if test "$with_client_socket" != "" then socket_type=$(echo $with_client_socket | sed 's/\(.*\),.*/\1/g') case $socket_type in unix) AC_MSG_ERROR(UNIX socket unsupported on Win32 platforms) ;; tcp) tcp_host=$(echo $with_client_socket | sed 's/tcp,\(.*\)/\1/g') AC_MSG_NOTICE([Client library configured to use Tcp socket with host $tcp_path]) AC_SUBST(socket_path, $tcp_host) AC_SUBST(socket_type, $tcp) WRITE_TO_FILE(summary, "client socket", "tcp -> $tcp_host") ;; *) AC_MSG_ERROR(Unsupported socket type) ;; esac else tcp_path="127.0.0.1:4444" AC_MSG_NOTICE([Client library configured to use default: Tcp socket with host $tcp_path]) AC_SUBST(socket_path, $tcp_path) AC_SUBST(socket_type, $tcp) WRITE_TO_FILE(summary, "client socket", "tcp -> $tcp_path (DEFAULT)") fi ######### # RPC library support checks if test "$with_ocamlclient" == "" then #socket_type now contains UNIX_SOCKET/TCP_SOCKET case $socket_type in UNIX_SOCKET) AC_MSG_ERROR(UNIX socket unsupported on Win32 platforms) ;; TCP_SOCKET) AC_MSG_NOTICE([Should fix configure to look for Win32 RPC library]) # Check the library against RPC tcp client creation #AC_CHECK_LIB(c, clnttcp_create, , #AC_MSG_ERROR(Cannot find RPC clnttcp_create symbol in C library.)) ;; *) AC_MSG_ERROR(We should not end up in this test.) ;; esac fi # RPC generation handling #### # CHECK for the rpcgen programs if test "$with_rpcgen" != "" then AC_MSG_NOTICE([OCaml RPC generation forced for server side ...]) AC_CHECK_PROG(OCAMLRPCGEN,ocamlrpcgen,yes,no) if test "$OCAMLRPCGEN" == "no" then AC_MSG_ERROR(Cannot find ocamlrpcgen: needed for RPC server generation.) fi AC_SUBST(caml_rpc_gen, rpc) # rpcgen is only needed if we generate native C client RPC if test "$with_ocamlclient" == "" then AC_MSG_NOTICE([Native C RPC generation for client side ...]) AC_CHECK_PROG(RPCGEN,rpcgen,yes,no) if test "$RPCGEN" == "no" then AC_MSG_ERROR(Cannot find rpcgen: needed for native C client library RPC generation.) fi RPCGENVERSION=$(rpcgen --version) AC_MSG_RESULT(rpcgen found, version is $RPCGENVERSION) AC_SUBST(c_rpc_gen, "rpc") #Linux C_RPC can be patched to avoid unused buffer case $host_type in *linux*) AC_SUBST(linux_c_rpc_patch, "linux_c_rpc_patch") ;; *) AC_SUBST(linux_c_rpc_patch, "") ;; esac else AC_MSG_NOTICE([OCaml RPC generation forced for client side ...]) AC_SUBST(c_rpc_gen,"") fi WRITE_TO_FILE(summary, "RPC gen", "YES") else AC_SUBST(caml_rpc_gen,"") WRITE_TO_FILE(summary, "RPC gen", "NO") fi # FIXME: Need to check rpcgen support for MT AC_SUBST(rpc_mt_define, "-DRPCGEN_MT") AC_SUBST(caml_rpc_clean, pkcs11_rpc_*) AC_SUBST(c_rpc_clean, "pkcs11_rpc.h pkcs11_rpc_xdr.c pkcs11_rpc_svc.c pkcs11_rpc_clnt.c") # SSL/GnuTLS handling if test "$with_ssl" != "" then WRITE_TO_FILE(summary, "SSL", "YES (on the server and client side)") if test "$with_ssl_clientfiles" == "" then AC_MSG_ERROR([--with-ssl needs --with-ssl-clientfiles!]) fi AC_MSG_NOTICE([Using OCaml RPC over ssl for server side ...]) # We need the ssl and rpc-ssl package for RPC over ssl support AC_CHECK_OCAML_PKG([ssl], ssl) AC_CHECK_OCAML_PKG([rpc-ssl], rpcssl) # Position the ssl define and linking for the server AC_SUBST(caml_server_ssl_define, "-DWITH_SSL") AC_SUBST(caml_server_ssl_package, "-package \"ssl\" -package \"rpc-ssl\"") if test "$with_ocamlclient" == "" then if test "$with_gnutls" != "" then WRITE_TO_FILE(summary, " -SSL client lib", "GnuTLS") AC_MSG_NOTICE([Using native C RPC over ssl (gnu-tls) for client side ...]) # If we compile the native C client, and if the gnu-tls # library is configured, we check it # Check the headers AC_CHECK_HEADERS([gnutls/gnutls.h],,AC_MSG_ERROR(Could not find gnutls headers.)) # Check the library against all the symbols we use AC_CHECK_LIB(gnutls, gnutls_record_recv, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_record_send, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_global_init, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_init, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_perror, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_priority_set_direct, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_credentials_set, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_transport_set_ptr, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_handshake, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_certificate_get_peers, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_certificate_verify_peers2, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_strerror, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_bye, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_deinit, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_certificate_free_credentials, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_global_deinit, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_certificate_set_x509_trust_mem, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_certificate_set_x509_key_mem, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_SUBST(c_ssl_package, "-lgnutls") AC_SUBST(c_gnutls_define, "-DGNU_TLS") else WRITE_TO_FILE(summary, " -SSL client lib", "OpenSSL") AC_MSG_NOTICE([Using native C RPC over ssl (OpenSSL) for client side ...]) # If we compile the native C client, we need # the openssl library bu default # Check the headers AC_CHECK_HEADERS([openssl/ssl.h],,AC_MSG_ERROR(Could not find openssl headers.)) # Check the library AC_CHECK_LIB(ssl, SSL_read, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_write, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_load_error_strings, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_library_init, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_new, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) #AC_CHECK_LIB(ssl, SSL_CTX_set_options, OPENSSL_LIB="-lssl", # AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_load_verify_locations, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_use_certificate_file, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_use_PrivateKey_file, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_check_private_key, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_new, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_set_fd, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_connect, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_get_peer_certificate, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_get_verify_result, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_shutdown, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_free, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_free, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_get_cert_store, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_use_certificate, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_use_RSAPrivateKey, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) # Following symbols might use the libcrypto AC_SEARCH_LIBS([BIO_new_mem_buf], [ssl crypto], [], AC_MSG_ERROR(Cannot find SSL symbol in libraries.)) AC_CHECK_LIB(ssl, PEM_read_bio_X509, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, PEM_read_bio_RSAPrivateKey, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, X509_STORE_add_cert, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_SUBST(c_ssl_package, "-lssl") AC_SUBST(c_gnutls_define, "") fi AC_SUBST(c_ssl_define, "-DWITH_SSL") AC_SUBST(caml_client_ssl_define, "") else if test "$with_gnutls" != "" then AC_MSG_ERROR([--with-ocamlclient and --with-gnutls are NOT compatible!]) fi WRITE_TO_FILE(summary, " -SSL client lib", "OpenSSL (OCaml bindings)") AC_MSG_NOTICE([Using OCaml RPC over ssl for client side ...]) AC_SUBST(c_ssl_package, "") AC_SUBST(c_gnutls_define, "") AC_SUBST(c_ssl_define, "") AC_SUBST(caml_client_ssl_define, "-DWITH_SSL") AC_SUBST(caml_client_ssl_package, "-package \"ssl\" -package \"rpc-ssl\"") fi else if test "$with_gnutls" != "" then AC_MSG_ERROR([--with-gnutls needs --with-ssl!]) fi AC_SUBST(caml_client_ssl_package, "") AC_SUBST(c_ssl_package, "") AC_SUBST(c_gnutls_define, "") AC_SUBST(c_ssl_define, "") AC_SUBST(caml_client_ssl_define, "") AC_SUBST(caml_client_ssl_package, "") WRITE_TO_FILE(summary, "SSL", "NO (neither on the server nor on the client side)") fi ################################################################### ################################################################### ################################################################### ################################################################### # HANDLE SSL files # Macro to create the ssl headers, for C and ML clients, from the # given files $1 is the file path, $2 is the file type ("ca", "cert", # "priv" for private key, "server" for the allowed servers certificates) AC_DEFUN(CREATE_SSL_HEADERS,[ C_FILE="./create_ssl_files.c" FILE="./create_ssl_files" rm -f $C_FILE $FILE cat <$C_FILE #include #include #define OUT_C 0 #define OUT_ML 1 #define OUT_UNK 2 unsigned char output_type = OUT_UNK; size_t mygetline(char **lineptr, size_t *n, FILE *stream) { char *bufptr = NULL; char *p = bufptr; size_t size; int c; if (lineptr == NULL) { return -1; } if (stream == NULL) { return -1; } if (n == NULL) { return -1; } bufptr = *lineptr; size = *n; c = fgetc(stream); if (c == EOF) { return -1; } if (bufptr == NULL) { bufptr = malloc(128); if (bufptr == NULL) { return -1; } size = 128; } p = bufptr; while(c != EOF) { if ((p - bufptr) > (size - 1)) { size = size + 128; bufptr = realloc(bufptr, size); if (bufptr == NULL) { return -1; } } *p++ = c; if (c == '\n') { break; } c = fgetc(stream); } *p++ = '\0'; *lineptr = bufptr; *n = size; return p - bufptr - 1; } int write_line(FILE* fp, char* line, size_t lsize){ int i; size_t end; /* Check if we have a \n or \r\n at the end of the line */ if(lsize >= 2){ if(line[[lsize-2]] == '\r'){ end = lsize - 2; } else{ end = lsize-1; } } else{ end = lsize-1; } for(i=0; i 0x7E)){ printf("Error: non ASCII character in PEM file!\n"); return -1; } else{ fprintf(fp, "%c", line[[i]]); } } fprintf(fp, "\\\n"); return 1; } int main(int argc, char* argv[[]]){ if(argc != 4){ printf("Error: expected three arguments ...\n"); return -1; } if(strcmp("C", argv[[3]]) == 0){ output_type = OUT_C; } else if(strcmp("ML", argv[[3]]) == 0){ output_type = OUT_ML; } else{ printf("Error: argument %s is not known (should be \"C\" or \"ML\")\n", argv[[3]]); return -1; } /* Open the input file given as arg1 */ FILE *f = fopen(argv[[1]], "r"); if(f == NULL){ printf("Error: can't open file %s for reading\n", argv[[1]]); return -1; } /* Read the first line and check it depending on the type */ char *line = NULL; size_t len = 0; int lsize = mygetline(&line, &len, f); /* --------------- */ /* --------------- */ if(strcmp(argv[[2]], "cert") == 0){ FILE *certf; if(output_type == OUT_C){ certf = fopen("src/client-lib/cert_file.h", "w"); } else{ certf = fopen("src/client-lib/cert_file.inc", "w"); } if(certf == NULL){ printf("Error: can't open cert header for writing\n"); return -1; } if((strcmp(line, "-----BEGIN CERTIFICATE-----\n") != 0) && (strcmp(line, "-----BEGIN CERTIFICATE-----\r\n") != 0)){ printf("Error: file %s doesn't seem to be a PEM certificate!\n", argv[[1]]); return -1; } /* OK: we have a PEM certificate, copy everything until we reach the end */ int num_lines = 0; if(output_type == OUT_C){ fprintf(certf, "/* Override the ISO C89 max string length by locally removing warnings */\n"); fprintf(certf, "#ifdef __GNUC__\n#pragma GCC diagnostic push\n#pragma GCC diagnostic ignored \"-Woverlength-strings\"\n#endif\n"); fprintf(certf, "const char cert_file_buff[[]] = \""); } else{ fprintf(certf, "let cert_file_buff = \""); } while((strcmp(line, "-----END CERTIFICATE-----\n") != 0) && (strcmp(line, "-----END CERTIFICATE-----\r\n") != 0)){ if(write_line(certf, line, lsize) != 1){ return -1; } lsize = mygetline(&line, &len, f); num_lines++; } if(write_line(certf, line, lsize) != 1){ return -1; } if(output_type == OUT_C){ fprintf(certf, "\";\\n\\n"); fprintf(certf, "#ifdef __GNUC__\n#pragma GCC diagnostic pop\n#endif\n"); } else{ fprintf(certf, "\"\\n\\n"); } fclose(certf); fclose(f); } /* --------------- */ /* --------------- */ else if(strcmp(argv[[2]], "ca") == 0){ FILE *caf; if(output_type == OUT_C){ caf = fopen("src/client-lib/ca_file.h", "w"); } else{ caf = fopen("src/client-lib/ca_file.inc", "w"); } if(caf == NULL){ printf("Error: can't open ca header for writing\n"); return -1; } int num_certs = 0; int num_lines = 0; /* We might have to get more certificates*/ if((strcmp(line, "-----BEGIN CERTIFICATE-----\n") != 0) && (strcmp(line, "-----BEGIN CERTIFICATE-----\r\n") != 0)){ printf("Error: file %s doesn't seem to be a PEM certificate!\n", argv[[1]]); return -1; } GET_NEW_CA_CERT: num_certs++; /* OK: we have a PEM certificate, copy everything until we reach the end */ if(output_type == OUT_C){ fprintf(caf, "/* Override the ISO C89 max string length by locally removing warnings */\n"); fprintf(caf, "#ifdef __GNUC__\n#pragma GCC diagnostic push\n#pragma GCC diagnostic ignored \"-Woverlength-strings\"\n#endif\n"); fprintf(caf, "const char ca_file_buff%d[[]] = \"", num_certs-1); } else{ fprintf(caf, "let ca_file_buff%d = \"", num_certs-1); } while((strcmp(line, "-----END CERTIFICATE-----\n") != 0) && (strcmp(line, "-----END CERTIFICATE-----\r\n") != 0)){ if(write_line(caf, line, lsize) != 1){ return -1; } lsize = mygetline(&line, &len, f); num_lines++; } if(write_line(caf, line, lsize) != 1){ return -1; } if(output_type == OUT_C){ fprintf(caf, "\";\\n\\n"); fprintf(caf, "#ifdef __GNUC__\n#pragma GCC diagnostic pop\n#endif\n"); } else{ fprintf(caf, "\"\\n\\n"); } lsize = mygetline(&line, &len, f); if((strcmp(line, "-----BEGIN CERTIFICATE-----\n") == 0) || (strcmp(line, "-----BEGIN CERTIFICATE-----\r\n") == 0)){ goto GET_NEW_CA_CERT; } /* We ve got all the certificates */ if(output_type == OUT_C){ fprintf(caf, "const char* ca_file_buff[[]] = {"); unsigned int i; for(i=0; i < num_certs-1; i++){ fprintf(caf, "ca_file_buff%d, ", i); } fprintf(caf, "ca_file_buff%d};\n\n", num_certs-1); fprintf(caf, "#define CA_CERTS_NB %d\n", num_certs); } else{ fprintf(caf, "let ca_file_buff = [["); unsigned int i; for(i=0; i < num_certs-1; i++){ fprintf(caf, "ca_file_buff%d; ", i); } fprintf(caf, "ca_file_buff%d]]\n\n", num_certs-1); } fclose(caf); fclose(f); } /* --------------- */ /* --------------- */ else if(strcmp(argv[[2]], "privkey") == 0){ FILE *privkeyf; if(output_type == OUT_C){ privkeyf = fopen("src/client-lib/private_key_file.h", "w"); } else{ privkeyf = fopen("src/client-lib/private_key_file.inc", "w"); } if(privkeyf == NULL){ printf("Error: can't open private key header for writing\n"); return -1; } if((strcmp(line, "-----BEGIN RSA PRIVATE KEY-----\n") != 0) && (strcmp(line, "-----BEGIN RSA PRIVATE KEY-----\r\n") != 0)){ printf("Error: file %s doesn't seem to be a PEM certificate!\n", argv[[1]]); return -1; } /* OK: we have a PEM certificate, copy everything until we reach the end */ int num_lines = 0; if(output_type == OUT_C){ fprintf(privkeyf, "/* Override the ISO C89 max string length by locally removing warnings */\n"); fprintf(privkeyf, "#ifdef __GNUC__\n#pragma GCC diagnostic push\n#pragma GCC diagnostic ignored \"-Woverlength-strings\"\n#endif\n"); fprintf(privkeyf, "const char private_key_file_buff[[]] = \""); } else{ fprintf(privkeyf, "let private_key_file_buff = \""); } while((strcmp(line, "-----END RSA PRIVATE KEY-----\n") != 0) && (strcmp(line, "-----END RSA PRIVATE KEY-----\r\n") != 0)){ if(write_line(privkeyf, line, lsize) != 1){ return -1; } lsize = mygetline(&line, &len, f); num_lines++; } if(write_line(privkeyf, line, lsize) != 1){ return -1; } if(output_type == OUT_C){ fprintf(privkeyf, "\";\\n\\n"); fprintf(privkeyf, "#ifdef __GNUC__\n#pragma GCC diagnostic pop\n#endif\n"); } else{ fprintf(privkeyf, "\"\\n\\n"); } fclose(privkeyf); fclose(f); } /* --------------- */ /* --------------- */ else if(strcmp(argv[[2]], "server") == 0){ FILE *serverf; if(output_type == OUT_C){ serverf = fopen("src/client-lib/server_file.h", "w"); } else{ serverf = fopen("src/client-lib/server_file.inc", "w"); } if(serverf == NULL){ printf("Error: can't open server header for writing\n"); return -1; } int num_certs = 0; int num_lines = 0; /* We might have to get more certificates*/ if((strcmp(line, "-----BEGIN CERTIFICATE-----\n") != 0) && (strcmp(line, "-----BEGIN CERTIFICATE-----\r\n") != 0)){ printf("Error: file %s doesn't seem to be a PEM certificate!\n", argv[[1]]); return -1; } GET_NEW_SERVER_CERT: num_certs++; /* OK: we have a PEM certificate, copy everything until we reach the end */ if(output_type == OUT_C){ fprintf(serverf, "/* Override the ISO C89 max string length by locally removing warnings */\n"); fprintf(serverf, "#ifdef __GNUC__\n#pragma GCC diagnostic push\n#pragma GCC diagnostic ignored \"-Woverlength-strings\"\n#endif\n"); fprintf(serverf, "const char server_file_buff%d[[]] = \"", num_certs-1); } else{ fprintf(serverf, "let server_file_buff%d = \"", num_certs-1); } while((strcmp(line, "-----END CERTIFICATE-----\n") != 0) && (strcmp(line, "-----END CERTIFICATE-----\r\n") != 0)){ if(write_line(serverf, line, lsize) != 1){ return -1; } lsize = mygetline(&line, &len, f); num_lines++; } if(write_line(serverf, line, lsize) != 1){ return -1; } if(output_type == OUT_C){ fprintf(serverf, "\";\\n\\n"); fprintf(serverf, "#ifdef __GNUC__\n#pragma GCC diagnostic pop\n#endif\n"); } else{ fprintf(serverf, "\"\\n\\n"); } lsize = mygetline(&line, &len, f); if((strcmp(line, "-----BEGIN CERTIFICATE-----\n") == 0) || (strcmp(line, "-----BEGIN CERTIFICATE-----\r\n") == 0)){ goto GET_NEW_SERVER_CERT; } /* We ve got all the certificates */ if(output_type == OUT_C){ fprintf(serverf, "const char* server_file_buff[[]] = {"); unsigned int i; for(i=0; i < num_certs-1; i++){ fprintf(serverf, "server_file_buff%d, ", i); } fprintf(serverf, "server_file_buff%d};\n\n", num_certs-1); fprintf(serverf, "#define SERVER_CERTS_NB %d\n", num_certs); } else{ fprintf(serverf, "let server_file_buff = [["); unsigned int i; for(i=0; i < num_certs-1; i++){ fprintf(serverf, "server_file_buff%d; ", i); } fprintf(serverf, "server_file_buff%d]]\n\n", num_certs-1); } fclose(serverf); fclose(f); } /* --------------- */ /* --------------- */ else{ printf("Error: unknown ssl file type %s (expected \"ca\", \"cert\", \"privkey\" or \"server\")\n", argv[[2]]); return -1; } return 0; } EOM $CC $C_FILE -o $FILE &> /dev/null OUT=$? if [[ "$OUT" != "0" ]];then AC_MSG_ERROR([problem when compiling $C_FILE]) fi if test "$2" != "";then # Case where we take care of client ssl files $FILE "$1" "cert" $4 OUT=$? if [[ "$OUT" != "0" ]];then rm -f $C_FILE $FILE AC_MSG_ERROR([problem when importing the ssl file $1 of type cert]) fi $FILE "$2" "ca" $4 OUT=$? if [[ "$OUT" != "0" ]];then rm -f $C_FILE $FILE AC_MSG_ERROR([problem when importing the ssl file $2 of type ca]) fi $FILE "$3" "privkey" $4 OUT=$? if [[ "$OUT" != "0" ]];then rm -f $C_FILE $FILE AC_MSG_ERROR([problem when importing the ssl file $3 of type privkey]) fi else # Case where we take care of server certificate files $FILE "$1" "server" $4 OUT=$? if [[ "$OUT" != "0" ]];then rm -f $C_FILE $FILE AC_MSG_ERROR([problem when importing the ssl file $1 of type server certificates]) fi fi # Job done: remove unnecessary files rm -f $C_FILE $FILE ]) ################################################################### ################################################################### ################################################################### ################################################################### ################################################################### if test "$with_ssl_clientfiles" != "" then if test "$with_ssl" == "" then AC_MSG_ERROR([--with-ssl-clientfiles needs --with-ssl!]) fi # Parse the given arguments sslfilestype=$(echo $sslfiles | sed 's/\([[^;]]*\);.*/\1/g') if test $(echo $sslfiles | grep "ca=") != "" then sslfilesca=$(echo $sslfiles | sed 's/.*ca=\([[^,]]*\).*/\1/g') else sslfilesca="" fi if test $(echo $sslfiles | grep "cert=") != "" then sslfilescert=$(echo $sslfiles | sed 's/.*cert=\([[^,]]*\).*/\1/g') else sslfilescert="" fi if test $(echo $sslfiles | grep "privkey=") != "" then sslfilesprivkey=$(echo $sslfiles | sed 's/.*privkey=\([[^,]]*\).*/\1/g') else sslfilesprivkey="" fi AC_MSG_NOTICE([ssl type: $sslfilestype]) AC_MSG_NOTICE([ssl ca: $sslfilesca]) AC_MSG_NOTICE([ssl cert: $sslfilescert]) AC_MSG_NOTICE([ssl privkey: $sslfilesprivkey]) # If the files are a path, put them in the makefiles if test "$sslfilestype" == "path" then # Check if the files exist, trigger an error if this is not the case AC_CHECK_FILE($sslfilesca, [], [AC_MSG_ERROR([CA file $sslfilesca does not exist!])]) AC_CHECK_FILE($sslfilescert, [], [AC_MSG_ERROR([CA file $sslfilescert does not exist!])]) AC_CHECK_FILE($sslfilesprivkey, [], [AC_MSG_ERROR([CA file $sslfilesprivkey does not exist!])]) AC_SUBST(c_client_ssl_files, "-DSSL_FILES_PATH") AC_SUBST(c_client_ssl_ca_file, "-DPKCS11PROXY_CA_FILE=\\\"$sslfilesca\\\"") AC_SUBST(c_client_ssl_cert_file, "-DPKCS11PROXY_CERT_FILE=\\\"$sslfilescert\\\"") AC_SUBST(c_client_ssl_privkey_file, "-DPKCS11PROXY_PRIVKEY_FILE=\\\"$sslfilesprivkey\\\"") AC_SUBST(caml_client_ssl_files, "-DSSL_FILES_PATH") AC_SUBST(caml_client_ssl_ca_file, "-DPKCS11PROXY_CA_FILE=\\\\\\\"$sslfilesca\\\\\\\"") AC_SUBST(caml_client_ssl_cert_file, "-DPKCS11PROXY_CERT_FILE=\\\\\\\"$sslfilescert\\\\\\\"") AC_SUBST(caml_client_ssl_privkey_file, "-DPKCS11PROXY_PRIVKEY_FILE=\\\\\\\"$sslfilesprivkey\\\\\\\"") WRITE_TO_FILE(summary, " -SSL files", "Paths provided") WRITE_TO_FILE(summary, " |SSL CA certificates", "path->$sslfilesca") WRITE_TO_FILE(summary, " |SSL client certificate", "path->$sslfilescert") WRITE_TO_FILE(summary, " |SSL client private key", "path->$sslfilesprivkey") else if test "$sslfilestype" == "embed" then # Check if the files exist, trigger an error if this is not the case AC_CHECK_FILE($sslfilesca, [], [AC_MSG_ERROR([CA file $sslfilesca does not exist!])]) AC_CHECK_FILE($sslfilescert, [], [AC_MSG_ERROR([CA file $sslfilescert does not exist!])]) AC_CHECK_FILE($sslfilesprivkey, [], [AC_MSG_ERROR([CA file $sslfilesprivkey does not exist!])]) # Embed the files by creating necessary .h files for the C Client AC_SUBST(c_client_ssl_files, "-DSSL_FILES_EMBED") AC_SUBST(c_client_ssl_ca_file, "") AC_SUBST(c_client_ssl_cert_file, "") AC_SUBST(c_client_ssl_privkey_file, "") # Embed the files by creating necessary .mli files for the Client AC_SUBST(caml_client_ssl_files, "-DSSL_FILES_EMBED") AC_SUBST(caml_client_ssl_ca_file, "") AC_SUBST(caml_client_ssl_cert_file, "") AC_SUBST(caml_client_ssl_privkey_file, "") WRITE_TO_FILE(summary, " -SSL files", "Embedded") WRITE_TO_FILE(summary, " |SSL CA certificates", "embed->$sslfilesca") WRITE_TO_FILE(summary, " |SSL client certificate", "embed->$sslfilescert") WRITE_TO_FILE(summary, " |SSL client private key", "embed->$sslfilesprivkey") if test "$with_ocamlclient" == "" then CREATE_SSL_HEADERS($sslfilescert, $sslfilesca, $sslfilesprivkey, "C") else CREATE_SSL_HEADERS($sslfilescert, $sslfilesca, $sslfilesprivkey, "ML") fi else if test "$sslfilestype" == "env" then # Default path file AC_SUBST(c_client_ssl_files, "-DSSL_FILES_ENV") AC_SUBST(c_client_ssl_ca_file, "-DPKCS11PROXY_CA_FILE=\"PKCS11PROXY_CA_FILE\"") AC_SUBST(c_client_ssl_cert_file, "-DPKCS11PROXY_CERT_FILE=\"PKCS11PROXY_CERT_FILE\"") AC_SUBST(c_client_ssl_privkey_file, "-DPKCS11PROXY_PRIVKEY_FILE=\"PKCS11PROXY_PRIVKEY_FILE\"") AC_SUBST(caml_client_ssl_files, "-DSSL_FILES_ENV") AC_SUBST(caml_client_ssl_ca_file, "-DPKCS11PROXY_CA_FILE=\\\\\\\"PKCS11PROXY_CA_FILE\\\\\\\"") AC_SUBST(caml_client_ssl_cert_file, "-DPKCS11PROXY_CERT_FILE=\\\\\\\"PKCS11PROXY_CERT_FILE\\\\\\\"") AC_SUBST(caml_client_ssl_privkey_file, "-DPKCS11PROXY_PRIVKEY_FILE=\\\\\\\"PKCS11PROXY_PRIVKEY_FILE\\\\\\\"") WRITE_TO_FILE(summary, "-SSL files", "Environment variables (at client runtime)") WRITE_TO_FILE(summary, " |SSL CA certificates", "env->PKCS11PROXY_CA_FILE") WRITE_TO_FILE(summary, " |SSL client certificate", "env->PKCS11PROXY_CERT_FILE") WRITE_TO_FILE(summary, " |SSL client private key", "env->PKCS11PROXY_PRIVKEY_FILE") # If the user gave file parameter, tell him that we won't use it if test "$sslfilesca" != "" then WRITE_TO_FILE(summary, " /!\ WARNING!", "CA file provided but env selected => paths are NOT used") fi if test "$sslfilescert" != "" then WRITE_TO_FILE(summary, " /!\ WARNING!", "Client certificate file provided but env selected => paths are NOT used") fi if test "$sslfilesprivkey" != "" then WRITE_TO_FILE(summary, " /!\ WARNING!", "Client key file provided but env selected => paths are NOT used") fi else AC_MSG_ERROR([Error: --with-ssl-clientfiles $sslfilestype is not known: should be either 'path', 'embed' or 'env']) fi fi fi else # Default are environment variables for ssl client files if test "$with_ssl" != "" then # Default path file AC_SUBST(c_client_ssl_files, "-DSSL_FILES_ENV") AC_SUBST(c_client_ssl_ca_file, "-DPKCS11PROXY_CA_FILE=\"PKCS11PROXY_CA_FILE\"") AC_SUBST(c_client_ssl_cert_file, "PKCS11PROXY_CERT_FILE=\"PKCS11PROXY_CERT_FILE\"") AC_SUBST(c_client_ssl_privkey_file, "PKCS11PROXY_PRIVKEY_FILE=\"PKCS11PROXY_PRIVKEY_FILE\"") AC_SUBST(caml_client_ssl_files, "-DSSL_FILES_ENV") AC_SUBST(caml_client_ssl_ca_file, "-DPKCS11PROXY_CA_FILE=\\\\\\\"PKCS11PROXY_CA_FILE\\\\\\\"") AC_SUBST(caml_client_ssl_cert_file, "PKCS11PROXY_CERT_FILE=\\\\\\\"PKCS11PROXY_CERT_FILE\\\\\\\"") AC_SUBST(caml_client_ssl_privkey_file, "PKCS11PROXY_PRIVKEY_FILE=\\\\\\\"PKCS11PROXY_PRIVKEY_FILE\\\\\\\"") else # Undef AC_SUBST(c_client_ssl_files, "") AC_SUBST(c_client_ssl_ca_file, "") AC_SUBST(c_client_ssl_cert_file, "") AC_SUBST(c_client_ssl_privkey_file, "") AC_SUBST(caml_client_ssl_files, "") AC_SUBST(caml_client_ssl_ca_file, "") AC_SUBST(caml_client_ssl_cert_file, "") AC_SUBST(caml_client_ssl_privkey_file, "") fi fi # Handling the optional strict server certificates enforcing if test "$with_ssl_servercerts" != "" then if test "$with_ssl" == "" then AC_MSG_ERROR([--with-ssl-servercerts needs --with-ssl!]) fi # Check if the user provided embed, env or path sslserverfilestype=$(echo $sslservercerts | sed 's/\([[^;]]*\);.*/\1/g') getcerts=$(echo $sslservercerts | grep "certs=") if test "$getcerts" != "" then sslfilesserver=$(echo $sslservercerts | sed 's/.*certs=\([[^,]]*\).*/\1/g') else sslfilesserver="" fi if test "$sslfilesserver" == "" then AC_MSG_ERROR([Bad --with-ssl-servercerts option formatting, see help]) fi AC_MSG_NOTICE([ssl server certificates type: $sslserverfilestype]) AC_MSG_NOTICE([ssl server certificates path: $sslfilesserver]) if test "$sslserverfilestype" == "embed" then # Check if we have a path or a file if [[ -d $sslfilesserver ]]; then # We have a path, create the concatenated file cat $sslfilesserver/*.pem > ./server_certs.crt cat $sslfilesserver/*.crt >> ./server_certs.crt if [[ ! -s ./server_certs.crt ]]; then AC_MSG_ERROR([Server certificates path $sslfilesserver does not contain any certificate (please make sure they have a .crt extension)!]) fi WRITE_TO_FILE(summary, " -SSL server certificate files", "Embedded ($sslfilesserver/*.pem and $sslfilesserver/*.crt)") else # Check if the files exist, trigger an error if this is not the case AC_CHECK_FILE($sslfilesserver, [], [AC_MSG_ERROR([Server certificates file $sslfilesserver does not exist!])]) cp $sslfilesserver ./server_certs.crt WRITE_TO_FILE(summary, " -SSL server certificate files", "Embedded ($sslfilesserver)") fi # Embed the files by creating necessary .h files for the C Client AC_SUBST(c_client_ssl_server, "-DSSL_SERVER_FILES_EMBED") # Embed the files by creating necessary .mli files for the Client AC_SUBST(caml_client_ssl_server, "-DSSL_SERVER_FILES_EMBED") if test "$with_ocamlclient" == "" then CREATE_SSL_HEADERS("./server_certs.crt", "", "", "C") else CREATE_SSL_HEADERS("./server_certs.crt", "", "", "ML") fi # Purge the local crt file rm ./server_certs.crt else AC_MSG_ERROR([Error: --with-ssl-server $sslserverfilestype is not known: should be 'embed']) fi else AC_SUBST(c_client_ssl_server, "") AC_SUBST(caml_client_ssl_server, "") fi # Compiling with/without the filter if test "$with_filter" == "yes" then AC_SUBST(filter_include, "-I \$(filter_filter_dir) -I \$(filter_frontend_dir)") AC_SUBST(filter_files, "\$(filter_backend_dir)/backend.cmx \$(filter_filter_dir)/filter_common.cmx \$(filter_filter_dir)/filter_actions.cmx \$(filter_filter_dir)/filter_configuration.cmx \$(filter_filter_dir)/filter.cmx \$(filter_frontend_dir)/frontend.cmx") AC_SUBST(filter_define, "") AC_SUBST(with_filter, "filter") AC_SUBST(with_filter_clean, "filter_clean") WRITE_TO_FILE(summary, "Using PKCS11 filter on server side", "YES") else AC_SUBST(filter_include, "-package \"str\"") AC_SUBST(filter_files, "") AC_SUBST(filter_define, "-DWITHOUT_FILTER") AC_SUBST(with_filter, "") AC_SUBST(with_filter_clean, "") WRITE_TO_FILE(summary, "Using PKCS11 filter on server side", "NO") fi # With or without the sessions and objects handles aliasing if test "$with_aliasing" != "" then if test "$aliasing" == "yes" then aliasing="rand" fi if test "$aliasing" == "inc" then AC_SUBST(aliasing_def, "-DUSE_ALIASING") WRITE_TO_FILE(summary, "Aliasing (sessions and objects handles)", "inc (incremental)") else if test "$aliasing" == "rand" then AC_SUBST(aliasing_def, "-DUSE_ALIASING -DRANDOM_ALIASING") WRITE_TO_FILE(summary, "Aliasing (sessions and objects handles)", "rand (random)") else AC_SUBST(aliasing_def, "") AC_MSG_ERROR([Unknown aliasing method $aliasing]) fi fi else WRITE_TO_FILE(summary, "Aliasing (sessions and objects handles)", "none") fi # Compiling with the daemonization primitives if test "$with_daemonize" == "yes" then AC_SUBST(caml_server_daemonize_define, "-DDAEMONIZE") WRITE_TO_FILE(summary, "Compiling daemonization support", "YES") else AC_SUBST(caml_server_daemonize_define, "") WRITE_TO_FILE(summary, "Compiling daemonization support", "NO") fi #Enable compiling other components AC_SUBST(with_bindings, "bindings") AC_SUBST(with_bindings_clean, "bindings_clean") #AC_SUBST(with_rpc, "rpc") #AC_SUBST(with_rpc_clean, "rpc_clean") AC_SUBST(with_client, "client") AC_SUBST(with_client_clean, "client_clean") #AC_SUBST(with_server, "server") #AC_SUBST(with_server_clean, "server_clean") else # --without-caml-crush was set #Disable compiling other components AC_SUBST(with_bindings, "bindings") AC_SUBST(with_bindings_clean, "bindings_clean") AC_SUBST(with_rpc, "") AC_SUBST(with_rpc_clean, "") AC_SUBST(with_filter, "") AC_SUBST(with_filter_clean, "") AC_SUBST(with_client, "") AC_SUBST(with_client_clean, "") AC_SUBST(with_server, "") AC_SUBST(with_server_clean, "") WRITE_TO_FILE(summary, "bindings only", "OCaml PKCS11 bindings only") AC_MSG_NOTICE([Compiling OCaml bindings only]) fi #END COMPILE CAML CRUSH AC_OUTPUT(Makefile) SHOW_SUMMARY([summary]) caml-crush-1.0.12/configure.ac000066400000000000000000001553621414774042300161410ustar00rootroot00000000000000define([PACKAGE_VERSION_MAJOR], [1]) define([PACKAGE_VERSION_MINOR], [0]) define([PACKAGE_VERSION_FIX], [12]) AC_INIT(cam-crush, [PACKAGE_VERSION_MAJOR.PACKAGE_VERSION_MINOR.PACKAGE_VERSION_FIX]) #Include autoconf macros (ocaml and version comparisons) m4_include([m4/ax_compare_version.m4]) AC_CONFIG_SRCDIR([src/client-lib/modwrap.c]) bindings_dir="src/bindings-pkcs11" rpc_dir="src/rpc-pkcs11" server_dir="src/pkcs11proxyd" client_dir="src/client-lib" filter_dir="src/filter" filter_filter_dir="src/filter/filter" filter_backend_dir="src/filter/backend" filter_frontend_dir="src/filter/frontend" tests_dir="src/tests" ocaml_tests_dir="src/tests/ocaml" c_tests_dir="src/tests/c-based" scripts_dir="scripts" AC_CONFIG_FILES([$bindings_dir/Makefile $bindings_dir/Makefile.standalone $rpc_dir/Makefile $server_dir/Makefile $client_dir/Makefile $filter_filter_dir/Makefile $filter_backend_dir/Makefile $filter_frontend_dir/Makefile $filter_dir/Makefile $tests_dir/Makefile $ocaml_tests_dir/Makefile $c_tests_dir/Makefile $scripts_dir/pkcs11proxyd]) AC_ARG_WITH(caml-crush, [ --without-caml-crush compile only pkcs11 bindings, (this is NOT the default)], [], with_caml_crush=yes) AC_ARG_WITH(client-socket, [ --with-client-socket configure client socket type and path, default is tcp with 127.0.0.1 (format is --with-client-socket="unix,path" or --with-client-socket="tcp,address:port")]) AC_ARG_WITH(libname-file, [ --with-libname-file configure library to fetch libname from a disk file (default)]) AC_ARG_WITH(libnames, [ --with-libnames configure library names to be generated, comma deparated (default is the empty string). E.g: --with-libnames=foo,bar]) AC_ARG_WITH(ocamlclient, [ --with-ocamlclient use OCaml client library and RPC instead of default native C one]) AC_ARG_WITH(cclient, [ --with-cclient use C based client library and RPC (this is the default)]) AC_ARG_WITH(debuglibs, [ --with-debuglibs activate verbose debug output for the modules of the proxy that do not support it dynamically (the bindings and the client library)]) AC_ARG_WITH(rpcgen, [ --with-rpcgen force regeneration of the rpc header and code files again (this is NOT the default)]) AC_ARG_WITH(idlgen, [ --with-idlgen force regeneration of the idl header and code files again (this is NOT the default)]) AC_ARG_WITH(ssl, [ --with-ssl use SSL authentication and encryption over the transport layer (TCP or Unix socket). Use the OpenSSL library by default if --with-gnutls is not given.]) AC_ARG_WITH(gnutls, [ --with-gnutls use the gnutls library instead of the OpenSSL library for native C client RPC over ssl.)]) AC_ARG_WITH(ssl-clientfiles, [ --with-ssl-clientfiles CA and client certificate files as well as private key (in pem format) for SSL on the target. These are paths on the client if there is a prepending path, environment variables if there is a prepending env (PKCS11PROXY_SSL_CA/PKCS11PROXY_SSL_CERT/PKCS11_SSL_PRIVKEY: this is the default), or a path of files on the host to be embedded inside the client if there is a prepending embed. E.g: --with-ssl-clientfiles='path;ca=path_to_ca,cert=path_to_cert,privkey=path_to_key')], sslfiles="$withval") AC_ARG_WITH(ssl-servercerts, [ --with-ssl-servercerts enforce the client to strictly accept authentication with specific servers that use the certificates provided either in the folder or in a file (as a concatenation of certificates)], sslservercerts="$withval") AC_ARG_WITH(filter, [ --without-filter compile the server without the filter: all the PKCS#11 commands are passed through to the bindings.], [], with_filter=yes) AC_ARG_WITH(aliasing, [ --with-aliasing aliasing of the sessions and objects handles. There are two aliasing modes: incremental and random (non predictable aliases): --with-aliasing=rand or --with-aliasing=inc, default is random.], aliasing="$withval") AC_ARG_WITH(daemonize, [ --with-daemonize compile with daemonization primitives support (User can amend C_Daemonize function to provide its own privilege reduction primitives inside the server process instead of using the sandbox launcher).]) full_libdir=`eval eval eval eval eval echo "${libdir}" | sed "s#NONE#${prefix}#" | sed "s#NONE#${ac_default_prefix}#"` # Install the library in a sub-directory full_libdir="$full_libdir/caml-crush" libdir=$full_libdir # Summary helpers AC_DEFUN([WRITE_TO_FILE],[ printf "%-40s: %s\n" $2 $3 >> $1 ]) AC_DEFUN([SHOW_SUMMARY],[ cat $1 && rm -f $1 ]) #Try to detect host_type and set variable if host_type=`${srcdir}/config.guess`; then :; else echo "Cannot guess host type" exit 2 fi # Remove any existing summary file rm -f ./summary echo "###########################################" >> ./summary echo "### SUMMARY ###" >> ./summary echo "###########################################" >> ./summary ########## # CHECK Make case $host_type in *-gnu*) make_exe=make ;; *freebsd*) make_exe=gmake ;; *) make_exe=make ;; esac AC_CHECK_PROG(MAKEPROG,$make_exe,$make_exe,no) if test "$MAKEPROG" == "no" then AC_MSG_ERROR(Cannot find GNU make as $make_exe.) fi AC_SUBST(MAKEPROG,$MAKEPROG) ########## # CHECK OCaml an needed binaries AC_DEFUN([AC_PROG_OCAML], [dnl # checking for ocamlc AC_CHECK_PROG(OCAMLC,ocamlc,yes,no) if test "$OCAMLC" == "no" then AC_MSG_ERROR(Cannot find ocamlc.) fi OCAMLVERSION=$(ocamlc -version) AC_MSG_RESULT(OCaml version is $OCAMLVERSION) OCAMLLIB=$(ocamlc -where) AC_MSG_RESULT(OCaml library path is $OCAMLLIB) # checking for ocamlopt AC_CHECK_PROG(OCAMLOPT,ocamlopt,ocamlopt) OCAMLBEST=byte if test -z "$OCAMLOPT"; then AC_MSG_WARN(Cannot find ocamlopt; bytecode compilation only.) else TMPVERSION=$($OCAMLOPT -version) if test "$TMPVERSION" != "$OCAMLVERSION" ; then AC_MSG_RESULT(versions differs from ocamlc; ocamlopt discarded.) unset OCAMLOPT else OCAMLBEST=opt fi fi # checking for ocamlc.opt AC_CHECK_PROG(OCAMLCDOTOPT,ocamlc.opt,ocamlc.opt) if test "$OCAMLCDOTOPT"; then TMPVERSION=$($OCAMLCDOTOPT -version) if test "$TMPVERSION" != "$OCAMLVERSION" ; then AC_MSG_RESULT(versions differs from ocamlc; ocamlc.opt discarded.) else OCAMLC=$OCAMLCDOTOPT fi fi # checking for ocamlopt.opt if test "$OCAMLOPT" ; then AC_CHECK_PROG(OCAMLOPTDOTOPT,ocamlopt.opt,ocamlopt.opt) if test "$OCAMLOPTDOTOPT"; then TMPVERSION=$($OCAMLOPTDOTOPT -version) if test "$TMPVERSION" != "$OCAMLVERSION" ; then AC_MSG_RESULT(version differs from ocamlc; ocamlopt.opt discarded.) else OCAMLOPT=$OCAMLOPTDOTOPT fi fi fi # checking for ocamldep AC_CHECK_PROG(OCAMLDEP,ocamldep,ocamldep,AC_MSG_WARN(Cannot find ocamldep.)) #checking for ocamlmklib AC_CHECK_PROG(OCAMLMKLIB,ocamlmklib,ocamlmklib, AC_MSG_WARN(Cannot find ocamlmklib.)) AC_SUBST(OCAMLC) AC_SUBST(OCAMLOPT) AC_SUBST(OCAMLDEP) AC_SUBST(OCAMLBEST) AC_SUBST(OCAMLVERSION) AC_SUBST(OCAMLLIB) AC_SUBST(OCAMLMKLIB) ]) # CHECK for ocamlp4 needed for # some conditional compilation AC_DEFUN([AC_PROG_CAMLP4], [dnl AC_REQUIRE([AC_PROG_OCAML]) # checking for camlp4 AC_CHECK_PROG(CAMLP4,camlp4,yes,no) if test "$CAMLP4" == "no"; then TMPVERSION=$($CAMLP4 -v 2>&1| sed -n -e 's|.*version *\(.*\)$|\1|p') if test "$TMPVERSION" != "$OCAMLVERSION" ; then AC_MSG_ERROR(versions differs from ocamlc) else AC_CHECK_PROG(CAMLP4O,camlp4o,camlp4o) fi fi AC_SUBST(CAMLP4) AC_SUBST(CAMLP4O) ]) # CHECK for OCaml findlib needed # for dependency solving AC_DEFUN([AC_PROG_FINDLIB], [dnl # checking for ocamlfind AC_CHECK_PROG(OCAMLFIND,ocamlfind,ocamlfind, AC_MSG_ERROR(ocamlfind not found)) AC_SUBST(OCAMLFIND) ]) AC_DEFUN([AC_CHECK_OCAML_PKG], [dnl AC_REQUIRE([AC_PROG_FINDLIB]) AC_MSG_CHECKING(OCaml package $1) if $OCAMLFIND query $1 >/dev/null 2>/dev/null; then AC_MSG_RESULT(found) pkg_$2="$1" else AC_MSG_ERROR(not found) unset pkg_$2 fi ]) AC_DEFUN([AC_CHECK_OCAML_PKG_VERS], [dnl AC_REQUIRE([AC_PROG_FINDLIB]) AC_MSG_CHECKING(OCaml package $1) if $OCAMLFIND query $1 >/dev/null 2>/dev/null; then AC_MSG_RESULT(found) pkg_vers_$2=$($OCAMLFIND query -format "%v" $1) else AC_MSG_ERROR(not found) unset pkg_vers_$2 fi ]) dnl dnl dnl dnl AC_ARG_OCAML_INSTALLDIR adds a --with-installdir option AC_DEFUN([AC_ARG_OCAML_INSTALLDIR], [dnl AC_ARG_WITH(installdir,[ --with-installdir=DIR specify installation directory],INSTALLDIR="$withval") if ! test "$INSTALLDIR" -o "$use_findlib" ; then INSTALLDIR='$(OCAMLLIB)/$(NAME)' fi AC_SUBST(INSTALLDIR) ]) dnl dnl dnl dnl AC_CHECK_OCAML_MODULE looks for a module in a given path dnl 1 -> name (for printing) dnl 2 -> env var name dnl 3 -> module to check dnl 4 -> default dirs AC_DEFUN([AC_CHECK_OCAML_MODULE], [dnl AC_MSG_CHECKING($1 directory) cat > conftest.ml < /dev/null 2>&1 ; then found=yes break fi done if test "$found" ; then AC_MSG_RESULT($$2) else AC_MSG_RESULT(not found) unset $2 fi AC_SUBST($2)]) #***********************# AC_PROG_OCAML ########## # CHECK HEADERS # OCAML export CFLAGS="$CFLAGS -I$OCAMLLIB" export CPPFLAGS="$CPPFLAGS -I$OCAMLLIB" AC_CHECK_HEADERS([caml/mlvalues.h],,AC_MSG_ERROR(Could not find OCaml headers.)) # OCAML IDL AC_CHECK_HEADERS([caml/camlidlruntime.h],,AC_MSG_ERROR(Could not find OCaml IDL headers.)) # Dynamic linker AC_CHECK_HEADERS([dlfcn.h],,AC_MSG_ERROR(Could not find dlfcn headers.)) # pthread AC_CHECK_HEADERS([pthread.h],,AC_MSG_ERROR(Could not find pthread headers.)) AC_PROG_CAMLP4 AC_PROG_FINDLIB if test "$with_caml_crush" == "yes" #--without-caml-crush was not set then # CHECK for ocamlnet RPC AC_CHECK_OCAML_PKG([rpc], rpc) # CHECK for ocaml str regexp package AC_CHECK_OCAML_PKG([str], str) # CHECK for the config-file package AC_CHECK_OCAML_PKG([config-file], configfile) # CHECK for the camlidl library fi AC_CHECK_OCAML_PKG([camlidl], camlidl) ########## # CHECK LIBS for basic linking # CHECK for dl case $host_type in *freebsd*) AC_MSG_NOTICE(System is FreeBSD skip libdl check) ;; *) AC_CHECK_LIB(dl, dlopen, DL_LIB="-ldl", AC_MSG_ERROR(Cannot find dl library.)) ;; esac # CHECK pthread AC_CHECK_LIB(pthread, pthread_mutex_init, THREAD_LIB="-lpthread", AC_MSG_ERROR(Cannot find pthread library.)) # Handle the Byte package that is not present for OCaml < 4.02.0 AX_COMPARE_VERSION([$OCAMLVERSION], [lt], [4.02.0], [bytes_module_present=no], [bytes_module_present=yes]) if test "$bytes_module_present" == "no" then AC_SUBST(ocaml_bytes_module_define, "-DOCAML_NO_BYTES_MODULE") AC_SUBST(idl_ocaml_bytes_module_define, "-D OCAML_NO_BYTES_MODULE") AC_SUBST(ocaml_options, "") else AC_SUBST(ocaml_bytes_module_define, "") AC_SUBST(idl_ocaml_bytes_module_define, "") AC_SUBST(ocaml_options, "") fi # IDL generation handling #### # CHECK for the camlidl program, # only needed if we need to generate the idl files again if test "$with_idlgen" != "" then AC_CHECK_PROG(CAMLIDL,camlidl,yes,no) if test "$CAMLIDL" == "no" then AC_MSG_ERROR(Cannot find camlidl: needed for PKCS11 bindings generation.) fi AC_CHECK_PROG(COCCINELLE,spatch,yes,no) if test "$COCCINELLE" == "no" then AC_MSG_ERROR(Cannot find spatch binary: needed for PKCS11 bindings generation - install coccinelle.) fi # Adapt the compilation depending in the coccinelle version COCCIVERSION=$(spatch --version | grep -Po "(\d+\.)+\d+" | head -1) echo "Detected coccinelle version $COCCIVERSION" AX_COMPARE_VERSION([$COCCIVERSION], [lt], [1.0.7], [use_new_cocci=no], [use_new_cocci=yes]) if test "$use_new_cocci" == "yes" then AC_SUBST(pkcs11_cocci_patch, "pkcs11.cocci.new") else AC_SUBST(pkcs11_cocci_patch, "pkcs11.cocci.old") fi AC_SUBST(idl_gen, "idl") WRITE_TO_FILE(summary, "IDL gen", "YES") else WRITE_TO_FILE(summary, "IDL gen", "NO") fi # DEBUG MODE HANDLING if test "$with_debuglibs" != "" then AC_MSG_NOTICE([Using debug mode libs]) AC_SUBST(debug_mode, "debug") WRITE_TO_FILE(summary, "debug libs", "YES") else AC_SUBST(debug_mode, "") WRITE_TO_FILE(summary, "debug libs", "NO") fi if test "$with_caml_crush" == "yes" #--without-caml-crush was not set then ############# OCAML RELATED CHECKS ######### # CHECK if OCaml runtime was build with # -fPIC: if yes, build the ocaml client # against the local lib. If no, fail # and advise user to either use the C client # or to rebuild the OCaml binaries. if test "$with_ocamlclient" != "" then AC_MSG_CHECKING(OCaml support for fPIC) # Try to compile a sample program ML_TEST_FILE="mltest" ML=".ml" CMI=".cmi" CMX=".cmx" OBJ=".o" cat <$ML_TEST_FILE$ML let _ = Printf.printf "Testing -fPIC\n" EOM $OCAMLOPT -output-obj -o a.so $ML_TEST_FILE$ML 2> ocamlopt.log OCAMLOPT_ERR=`cat ocamlopt.log | grep -i error` if test "$OCAMLOPT_ERR" != "" then rm -f $ML_TEST_FILE$CMI $ML_TEST_FILE$CMX $ML_TEST_FILE$OBJ $ML_TEST_FILE$ML a.so ocamlopt.log AC_MSG_RESULT(no) AC_MSG_WARN(OCaml is not compiled with fPIC support either use --with-cclient or recompile the OCaml suite) AC_MSG_ERROR(OCaml client cannot be compiled. Read the documentation for more details.) else AC_MSG_RESULT(yes) fi rm -f $ML_TEST_FILE$CMI $ML_TEST_FILE$CMX $ML_TEST_FILE$OBJ $ML_TEST_FILE$ML a.so ocamlopt.log fi ########## INTERNAL OPTIONS ########### ######### # RPC TYPE HANDLING summary="" if test "$with_ocamlclient" != "" then if test "$with_cclient" != "" then AC_MSG_ERROR([--with-ocamlclient and --with-cclient are NOT compatible!]) fi WRITE_TO_FILE(summary, "client type", "OCaml based client (OCamlnet RPC)") AC_MSG_NOTICE([Using OCaml based client and RPC instead of native C client]) AC_SUBST(client_to_compile, "camlrpc") AC_SUBST(client_to_compile_debug, "camlrpc_debug") else WRITE_TO_FILE(summary, "client type", "Native C client (RPC generated with native rpcgen)") AC_MSG_NOTICE([Using default C based client and RPC]) AC_CHECK_LIB(tirpc, getnetname, RPC_LIB=tirpc, RPC_LIB=c) if test "$RPC_LIB" == "tirpc" then AC_MSG_NOTICE([Using the tirpc library]) CPPFLAGS="$CPPFLAGS -DWITH_TIRPC -I/usr/include/tirpc" RPC_CPPFLAGS="-DWITH_TIRPC -I/usr/include/tirpc" RPC_LDFLAGS="-ltirpc" else AC_MSG_NOTICE([Using the glibc RPC implementation]) RPC_CPPFLAGS="" RPC_LDFLAGS="" fi AC_CHECK_HEADERS([rpc/rpc.h],,AC_MSG_ERROR(Could not find C RPC headers.)) AC_CHECK_HEADERS([rpc/clnt.h],,AC_MSG_ERROR(Could not find C RPC client headers.)) AC_SUBST(client_to_compile, "crpc") AC_SUBST(client_to_compile_debug, "crpc_debug") AC_SUBST(RPC_CPPFLAGS) AC_SUBST(RPC_LDFLAGS) fi # LIBNAME HANDLING if test -n "${with_libnames+x}" && test -n "${with_libname_file+x}" then AC_MSG_ERROR([--with-libname-file incompatible --with-libnames!, choose one]) fi #default no choice if test -z "${with_libnames+x}" && test -z "${with_libname_file+x}" then AC_MSG_NOTICE([Client library configured to read libname from a file]) AC_SUBST(lib_names, "\"\"") AC_SUBST(libname_file, "-DLIBNAME_FILE") WRITE_TO_FILE(summary, "client lib", "Using .camlcrushlibname file") fi #using builtin if test -n "${with_libnames+x}" then libraries=$(echo $with_libnames | sed 's/\([[^,]]*\)/\"\1\"/g' | tr ',' ' ') AC_MSG_NOTICE([Client libraries configured for $libraries]) AC_SUBST(lib_names, $libraries) WRITE_TO_FILE(summary, "client libs", "$libraries") fi #using disk file if test -n "${with_libname_file+x}" then AC_MSG_NOTICE([Client library configured to read libname from a file]) AC_SUBST(lib_names, "\"\"") AC_SUBST(libname_file, "-DLIBNAME_FILE") WRITE_TO_FILE(summary, "client lib", "Using ${with_libname_file} file") fi # SOCKET HANDLING unix="UNIX_SOCKET" tcp="TCP_SOCKET" if test "$with_client_socket" != "" then socket_type=$(echo $with_client_socket | sed 's/\(.*\),.*/\1/g') case $socket_type in unix) unix_path=$(echo $with_client_socket | sed 's/unix,//g') AC_MSG_NOTICE([Client library configured to use Unix socket located at $unix_path]) AC_SUBST(socket_path, $unix_path) #Dummy port, not used for Unix socket AC_SUBST(socket_type, $unix) WRITE_TO_FILE(summary, "client socket", "unix -> $unix_path") ;; tcp) tcp_host=$(echo $with_client_socket | sed 's/tcp,\(.*\)/\1/g') AC_MSG_NOTICE([Client library configured to use Tcp socket with host $tcp_path]) AC_SUBST(socket_path, $tcp_host) AC_SUBST(socket_type, $tcp) WRITE_TO_FILE(summary, "client socket", "tcp -> $tcp_host") ;; *) AC_MSG_ERROR(Unsupported socket type) ;; esac else tcp_path="127.0.0.1:4444" AC_MSG_NOTICE([Client library configured to use default: Tcp socket with host $tcp_path]) AC_SUBST(socket_path, $tcp_path) AC_SUBST(socket_type, $tcp) WRITE_TO_FILE(summary, "client socket", "tcp -> $tcp_path (DEFAULT)") fi ######### # RPC library support checks if test "$with_ocamlclient" == "" then #socket_type now contains UNIX_SOCKET/TCP_SOCKET case $socket_type in UNIX_SOCKET) # Check the library against RPC unix client creation AC_CHECK_LIB("$RPC_LIB", clntunix_create, , AC_MSG_ERROR(Cannot find RPC clntunix_create symbol in C library.)) ;; TCP_SOCKET) # Check the library against RPC tcp client creation AC_CHECK_LIB("$RPC_LIB", clnttcp_create, , AC_MSG_ERROR(Cannot find RPC clnttcp_create symbol in C library.)) ;; *) AC_MSG_ERROR(We should not end up in this test.) ;; esac fi # RPC generation handling #### # CHECK for the rpcgen programs if test "$with_rpcgen" != "" then AC_MSG_NOTICE([OCaml RPC generation forced for server side ...]) AC_CHECK_PROG(OCAMLRPCGEN,ocamlrpcgen,yes,no) if test "$OCAMLRPCGEN" == "no" then AC_MSG_ERROR(Cannot find ocamlrpcgen: needed for RPC server generation.) fi AC_SUBST(caml_rpc_gen, rpc) # rpcgen is only needed if we generate native C client RPC if test "$with_ocamlclient" == "" then AC_MSG_NOTICE([Native C RPC generation for client side ...]) AC_CHECK_PROG(RPCGEN,rpcgen,yes,no) if test "$RPCGEN" == "no" then AC_MSG_ERROR(Cannot find rpcgen: needed for native C client library RPC generation.) fi RPCGENVERSION=$(rpcgen --version) AC_MSG_RESULT(rpcgen found, version is $RPCGENVERSION) AC_SUBST(c_rpc_gen, "rpc") #Linux C_RPC can be patched to avoid unused buffer case $host_type in *linux*) AC_SUBST(linux_c_rpc_patch, "linux_c_rpc_patch") ;; *) AC_SUBST(linux_c_rpc_patch, "") ;; esac else AC_MSG_NOTICE([OCaml RPC generation forced for client side ...]) AC_SUBST(c_rpc_gen,"") fi WRITE_TO_FILE(summary, "RPC gen", "YES") else AC_SUBST(caml_rpc_gen,"") WRITE_TO_FILE(summary, "RPC gen", "NO") fi # FIXME: Need to check rpcgen support for MT AC_SUBST(rpc_mt_define, "-DRPCGEN_MT") AC_SUBST(caml_rpc_clean, pkcs11_rpc_*) AC_SUBST(c_rpc_clean, "pkcs11_rpc.h pkcs11_rpc_xdr.c pkcs11_rpc_svc.c pkcs11_rpc_clnt.c") # SSL/GnuTLS handling if test "$with_ssl" != "" then WRITE_TO_FILE(summary, "SSL", "YES (on the server and client side)") if test "$with_ssl_clientfiles" == "" then AC_MSG_ERROR([--with-ssl needs --with-ssl-clientfiles!]) fi AC_MSG_NOTICE([Using OCaml RPC over ssl for server side ...]) #Compare version of OCamlnet for TLS support #get the version in pkg_vers_rpc var AC_CHECK_OCAML_PKG_VERS([rpc], rpc) AX_COMPARE_VERSION([$pkg_vers_rpc], [lt], [4.0.0], [use_ocamlnet_tls=no], [use_ocamlnet_tls=yes]) if test "$use_ocamlnet_tls" == "yes" then AC_MSG_NOTICE([Using newer Ocamlnet TLS]) # Since Ocamlnet TLS is based on gnutls, check # that the library dev package is installed AC_CHECK_LIB(gnutls, gnutls_record_recv, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) # Check that the Ocaml nettls-gnutls is installed AC_CHECK_OCAML_PKG([nettls-gnutls], nettlsgnutls) # Position the ssl define and linking for the server AC_SUBST(caml_server_ssl_define, "-DWITH_SSL") AC_SUBST(caml_server_ssl_package, "-package \"nettls-gnutls\"") else AC_MSG_NOTICE([Using standard OCaml-SSL TLS]) AC_CHECK_OCAML_PKG([ssl], ssl) # Check for the ocaml-ssl version: we only support # version >= 0.4.7 AC_CHECK_OCAML_PKG_VERS([ssl], ssl) AX_COMPARE_VERSION([$pkg_vers_ssl], [lt], [0.4.7], [ocaml_ssl_bad_version=yes], [ocaml_ssl_bad_version=no]) if test "$ocaml_ssl_bad_version" == "yes" then AC_MSG_ERROR(Version of ocaml-ssl must be >= 0.4.7.) fi AC_CHECK_OCAML_PKG([rpc-ssl], rpcssl) # Position the ssl define and linking for the server AC_SUBST(caml_server_ssl_define, "-DWITH_SSL -DWITH_SSL_LEGACY") AC_SUBST(caml_server_ssl_package, "-package \"ssl\" -package \"rpc-ssl\"") fi # We need the ssl and rpc-ssl package for RPC over ssl support if test "$with_ocamlclient" == "" then if test "$with_gnutls" != "" then WRITE_TO_FILE(summary, " -SSL client lib", "GnuTLS") AC_MSG_NOTICE([Using native C RPC over ssl (gnu-tls) for client side ...]) # If we compile the native C client, and if the gnu-tls # library is configured, we check it # Check the headers AC_CHECK_HEADERS([gnutls/gnutls.h],,AC_MSG_ERROR(Could not find gnutls headers.)) # Check the library against all the symbols we use AC_CHECK_LIB(gnutls, gnutls_record_recv, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_record_send, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_global_init, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_init, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_perror, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_priority_set_direct, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_credentials_set, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_transport_set_ptr, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_handshake, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_certificate_get_peers, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_certificate_verify_peers2, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_strerror, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_bye, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_deinit, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_certificate_free_credentials, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_global_deinit, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_certificate_set_x509_trust_mem, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_CHECK_LIB(gnutls, gnutls_certificate_set_x509_key_mem, GNUTLS_LIB="-lgnutls", AC_MSG_ERROR(Cannot find symbol in gnutls library.)) AC_SUBST(c_ssl_package, "-lgnutls") AC_SUBST(c_gnutls_define, "-DGNU_TLS") else WRITE_TO_FILE(summary, " -SSL client lib", "OpenSSL") AC_MSG_NOTICE([Using native C RPC over ssl (OpenSSL) for client side ...]) # If we compile the native C client, we need # the openssl library bu default # Check the headers AC_CHECK_HEADERS([openssl/ssl.h],,AC_MSG_ERROR(Could not find openssl headers.)) # Check the library AC_CHECK_LIB(ssl, SSL_read, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) # Check if we are in presence of openssl >= 1.1.0 or not AC_CHECK_LIB(ssl, OPENSSL_init_ssl, OPENSSL_LIB="-lssl", new_openssl=no) # Check for used symbols AC_CHECK_LIB(ssl, SSL_write, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) if test "$new_openssl" == "no"; then AC_MSG_NOTICE([Openssl < 1.1.0 detected]) # SSL_load_error_strings is deprecated in openssl >= 1.1.0 AC_CHECK_LIB(ssl, SSL_load_error_strings, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) # SSL_library_init is deprecated in openssl >= 1.1.0 AC_CHECK_LIB(ssl, SSL_library_init, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) else AC_MSG_NOTICE([Openssl >= 1.1.0 detected]) AC_CHECK_LIB(ssl, OPENSSL_init_ssl, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) fi AC_CHECK_LIB(ssl, SSL_CTX_new, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) #AC_CHECK_LIB(ssl, SSL_CTX_set_options, OPENSSL_LIB="-lssl", # AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_load_verify_locations, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_use_certificate_file, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_use_PrivateKey_file, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_check_private_key, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_new, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_set_fd, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_connect, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_get_peer_certificate, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_get_verify_result, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_shutdown, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_free, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_free, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_get_cert_store, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_use_certificate, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, SSL_CTX_use_RSAPrivateKey, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) # Following symbols might use the libcrypto AC_SEARCH_LIBS([BIO_new_mem_buf], [ssl crypto], [], AC_MSG_ERROR(Cannot find SSL symbol in libraries.)) AC_CHECK_LIB(ssl, PEM_read_bio_X509, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, PEM_read_bio_RSAPrivateKey, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_CHECK_LIB(ssl, X509_STORE_add_cert, OPENSSL_LIB="-lssl", AC_MSG_ERROR(Cannot find symbol in openssl library.)) AC_SUBST(c_ssl_package, "-lssl") AC_SUBST(c_gnutls_define, "") fi AC_SUBST(c_ssl_define, "-DWITH_SSL") AC_SUBST(caml_client_ssl_define, "") else if test "$with_gnutls" != "" then AC_MSG_ERROR([--with-ocamlclient and --with-gnutls are NOT compatible!]) fi WRITE_TO_FILE(summary, " -SSL client lib", "OpenSSL (OCaml bindings)") AC_MSG_NOTICE([Using OCaml RPC over ssl for client side ...]) AC_SUBST(c_ssl_package, "") AC_SUBST(c_gnutls_define, "") AC_SUBST(c_ssl_define, "") AC_SUBST(caml_client_ssl_define, "-DWITH_SSL") AC_SUBST(caml_client_ssl_package, "-package \"ssl\" -package \"rpc-ssl\"") fi else if test "$with_gnutls" != "" then AC_MSG_ERROR([--with-gnutls needs --with-ssl!]) fi AC_SUBST(caml_client_ssl_package, "") AC_SUBST(c_ssl_package, "") AC_SUBST(c_gnutls_define, "") AC_SUBST(c_ssl_define, "") AC_SUBST(caml_client_ssl_define, "") AC_SUBST(caml_client_ssl_package, "") WRITE_TO_FILE(summary, "SSL", "NO (neither on the server nor on the client side)") fi ################################################################### ################################################################### ################################################################### ################################################################### # HANDLE SSL files # Macro to create the ssl headers, for C and ML clients, from the # given files $1 is the file path, $2 is the file type ("ca", "cert", # "priv" for private key, "server" for the allowed servers certificates) AC_DEFUN([CREATE_SSL_HEADERS],[ C_FILE="./create_ssl_files.c" FILE="./create_ssl_files" rm -f $C_FILE $FILE cat <$C_FILE #include #include #define OUT_C 0 #define OUT_ML 1 #define OUT_UNK 2 unsigned char output_type = OUT_UNK; size_t mygetline(char **lineptr, size_t *n, FILE *stream) { char *bufptr = NULL; char *p = bufptr; size_t size; int c; if (lineptr == NULL) { return -1; } if (stream == NULL) { return -1; } if (n == NULL) { return -1; } bufptr = *lineptr; size = *n; c = fgetc(stream); if (c == EOF) { return -1; } if (bufptr == NULL) { bufptr = malloc(128); if (bufptr == NULL) { return -1; } size = 128; } p = bufptr; while(c != EOF) { if ((p - bufptr) > (size - 1)) { size = size + 128; bufptr = realloc(bufptr, size); if (bufptr == NULL) { return -1; } } *p++ = c; if (c == '\n') { break; } c = fgetc(stream); } *p++ = '\0'; *lineptr = bufptr; *n = size; return p - bufptr - 1; } int write_line(FILE* fp, char* line, size_t lsize){ int i; size_t end; /* Check if we have a \n or \r\n at the end of the line */ if(lsize >= 2){ if(line[[lsize-2]] == '\r'){ end = lsize - 2; } else{ end = lsize-1; } } else{ end = lsize-1; } for(i=0; i 0x7E)){ printf("Error: non ASCII character in PEM file!\n"); return -1; } else{ fprintf(fp, "%c", line[[i]]); } } fprintf(fp, "\\\n"); return 1; } int main(int argc, char* argv[[]]){ if(argc != 4){ printf("Error: expected three arguments ...\n"); return -1; } if(strcmp("C", argv[[3]]) == 0){ output_type = OUT_C; } else if(strcmp("ML", argv[[3]]) == 0){ output_type = OUT_ML; } else{ printf("Error: argument %s is not known (should be \"C\" or \"ML\")\n", argv[[3]]); return -1; } /* Open the input file given as arg1 */ FILE *f = fopen(argv[[1]], "r"); if(f == NULL){ printf("Error: can't open file %s for reading\n", argv[[1]]); return -1; } /* Read the first line and check it depending on the type */ char *line = NULL; size_t len = 0; int lsize = mygetline(&line, &len, f); /* --------------- */ /* --------------- */ if(strcmp(argv[[2]], "cert") == 0){ FILE *certf; if(output_type == OUT_C){ certf = fopen("src/client-lib/cert_file.h", "w"); } else{ certf = fopen("src/client-lib/cert_file.inc", "w"); } if(certf == NULL){ printf("Error: can't open cert header for writing\n"); return -1; } if((strcmp(line, "-----BEGIN CERTIFICATE-----\n") != 0) && (strcmp(line, "-----BEGIN CERTIFICATE-----\r\n") != 0)){ printf("Error: file %s doesn't seem to be a PEM certificate!\n", argv[[1]]); return -1; } /* OK: we have a PEM certificate, copy everything until we reach the end */ int num_lines = 0; if(output_type == OUT_C){ fprintf(certf, "/* Override the ISO C89 max string length by locally removing warnings */\n"); fprintf(certf, "#ifdef __GNUC__\n#pragma GCC diagnostic push\n#pragma GCC diagnostic ignored \"-Woverlength-strings\"\n#endif\n"); fprintf(certf, "const char cert_file_buff[[]] = \""); } else{ fprintf(certf, "let cert_file_buff = \""); } while((strcmp(line, "-----END CERTIFICATE-----\n") != 0) && (strcmp(line, "-----END CERTIFICATE-----\r\n") != 0)){ if(write_line(certf, line, lsize) != 1){ return -1; } lsize = mygetline(&line, &len, f); num_lines++; } if(write_line(certf, line, lsize) != 1){ return -1; } if(output_type == OUT_C){ fprintf(certf, "\";\\n\\n"); fprintf(certf, "#ifdef __GNUC__\n#pragma GCC diagnostic pop\n#endif\n"); } else{ fprintf(certf, "\"\\n\\n"); } fclose(certf); fclose(f); } /* --------------- */ /* --------------- */ else if(strcmp(argv[[2]], "ca") == 0){ FILE *caf; if(output_type == OUT_C){ caf = fopen("src/client-lib/ca_file.h", "w"); } else{ caf = fopen("src/client-lib/ca_file.inc", "w"); } if(caf == NULL){ printf("Error: can't open ca header for writing\n"); return -1; } int num_certs = 0; int num_lines = 0; /* We might have to get more certificates*/ if((strcmp(line, "-----BEGIN CERTIFICATE-----\n") != 0) && (strcmp(line, "-----BEGIN CERTIFICATE-----\r\n") != 0)){ printf("Error: file %s doesn't seem to be a PEM certificate!\n", argv[[1]]); return -1; } GET_NEW_CA_CERT: num_certs++; /* OK: we have a PEM certificate, copy everything until we reach the end */ if(output_type == OUT_C){ fprintf(caf, "/* Override the ISO C89 max string length by locally removing warnings */\n"); fprintf(caf, "#ifdef __GNUC__\n#pragma GCC diagnostic push\n#pragma GCC diagnostic ignored \"-Woverlength-strings\"\n#endif\n"); fprintf(caf, "const char ca_file_buff%d[[]] = \"", num_certs-1); } else{ fprintf(caf, "let ca_file_buff%d = \"", num_certs-1); } while((strcmp(line, "-----END CERTIFICATE-----\n") != 0) && (strcmp(line, "-----END CERTIFICATE-----\r\n") != 0)){ if(write_line(caf, line, lsize) != 1){ return -1; } lsize = mygetline(&line, &len, f); num_lines++; } if(write_line(caf, line, lsize) != 1){ return -1; } if(output_type == OUT_C){ fprintf(caf, "\";\\n\\n"); fprintf(caf, "#ifdef __GNUC__\n#pragma GCC diagnostic pop\n#endif\n"); } else{ fprintf(caf, "\"\\n\\n"); } lsize = mygetline(&line, &len, f); if((strcmp(line, "-----BEGIN CERTIFICATE-----\n") == 0) || (strcmp(line, "-----BEGIN CERTIFICATE-----\r\n") == 0)){ goto GET_NEW_CA_CERT; } /* We ve got all the certificates */ if(output_type == OUT_C){ fprintf(caf, "const char* ca_file_buff[[]] = {"); unsigned int i; for(i=0; i < num_certs-1; i++){ fprintf(caf, "ca_file_buff%d, ", i); } fprintf(caf, "ca_file_buff%d};\n\n", num_certs-1); fprintf(caf, "#define CA_CERTS_NB %d\n", num_certs); } else{ fprintf(caf, "let ca_file_buff = [["); unsigned int i; for(i=0; i < num_certs-1; i++){ fprintf(caf, "ca_file_buff%d; ", i); } fprintf(caf, "ca_file_buff%d]]\n\n", num_certs-1); } fclose(caf); fclose(f); } /* --------------- */ /* --------------- */ else if(strcmp(argv[[2]], "privkey") == 0){ FILE *privkeyf; if(output_type == OUT_C){ privkeyf = fopen("src/client-lib/private_key_file.h", "w"); } else{ privkeyf = fopen("src/client-lib/private_key_file.inc", "w"); } if(privkeyf == NULL){ printf("Error: can't open private key header for writing\n"); return -1; } if((strcmp(line, "-----BEGIN RSA PRIVATE KEY-----\n") != 0) && (strcmp(line, "-----BEGIN RSA PRIVATE KEY-----\r\n") != 0)){ printf("Error: file %s doesn't seem to be a PEM certificate!\n", argv[[1]]); return -1; } /* OK: we have a PEM certificate, copy everything until we reach the end */ int num_lines = 0; if(output_type == OUT_C){ fprintf(privkeyf, "/* Override the ISO C89 max string length by locally removing warnings */\n"); fprintf(privkeyf, "#ifdef __GNUC__\n#pragma GCC diagnostic push\n#pragma GCC diagnostic ignored \"-Woverlength-strings\"\n#endif\n"); fprintf(privkeyf, "const char private_key_file_buff[[]] = \""); } else{ fprintf(privkeyf, "let private_key_file_buff = \""); } while((strcmp(line, "-----END RSA PRIVATE KEY-----\n") != 0) && (strcmp(line, "-----END RSA PRIVATE KEY-----\r\n") != 0)){ if(write_line(privkeyf, line, lsize) != 1){ return -1; } lsize = mygetline(&line, &len, f); num_lines++; } if(write_line(privkeyf, line, lsize) != 1){ return -1; } if(output_type == OUT_C){ fprintf(privkeyf, "\";\\n\\n"); fprintf(privkeyf, "#ifdef __GNUC__\n#pragma GCC diagnostic pop\n#endif\n"); } else{ fprintf(privkeyf, "\"\\n\\n"); } fclose(privkeyf); fclose(f); } /* --------------- */ /* --------------- */ else if(strcmp(argv[[2]], "server") == 0){ FILE *serverf; if(output_type == OUT_C){ serverf = fopen("src/client-lib/server_file.h", "w"); } else{ serverf = fopen("src/client-lib/server_file.inc", "w"); } if(serverf == NULL){ printf("Error: can't open server header for writing\n"); return -1; } int num_certs = 0; int num_lines = 0; /* We might have to get more certificates*/ if((strcmp(line, "-----BEGIN CERTIFICATE-----\n") != 0) && (strcmp(line, "-----BEGIN CERTIFICATE-----\r\n") != 0)){ printf("Error: file %s doesn't seem to be a PEM certificate!\n", argv[[1]]); return -1; } GET_NEW_SERVER_CERT: num_certs++; /* OK: we have a PEM certificate, copy everything until we reach the end */ if(output_type == OUT_C){ fprintf(serverf, "/* Override the ISO C89 max string length by locally removing warnings */\n"); fprintf(serverf, "#ifdef __GNUC__\n#pragma GCC diagnostic push\n#pragma GCC diagnostic ignored \"-Woverlength-strings\"\n#endif\n"); fprintf(serverf, "const char server_file_buff%d[[]] = \"", num_certs-1); } else{ fprintf(serverf, "let server_file_buff%d = \"", num_certs-1); } while((strcmp(line, "-----END CERTIFICATE-----\n") != 0) && (strcmp(line, "-----END CERTIFICATE-----\r\n") != 0)){ if(write_line(serverf, line, lsize) != 1){ return -1; } lsize = mygetline(&line, &len, f); num_lines++; } if(write_line(serverf, line, lsize) != 1){ return -1; } if(output_type == OUT_C){ fprintf(serverf, "\";\\n\\n"); fprintf(serverf, "#ifdef __GNUC__\n#pragma GCC diagnostic pop\n#endif\n"); } else{ fprintf(serverf, "\"\\n\\n"); } lsize = mygetline(&line, &len, f); if((strcmp(line, "-----BEGIN CERTIFICATE-----\n") == 0) || (strcmp(line, "-----BEGIN CERTIFICATE-----\r\n") == 0)){ goto GET_NEW_SERVER_CERT; } /* We ve got all the certificates */ if(output_type == OUT_C){ fprintf(serverf, "const char* server_file_buff[[]] = {"); unsigned int i; for(i=0; i < num_certs-1; i++){ fprintf(serverf, "server_file_buff%d, ", i); } fprintf(serverf, "server_file_buff%d};\n\n", num_certs-1); fprintf(serverf, "#define SERVER_CERTS_NB %d\n", num_certs); } else{ fprintf(serverf, "let server_file_buff = [["); unsigned int i; for(i=0; i < num_certs-1; i++){ fprintf(serverf, "server_file_buff%d; ", i); } fprintf(serverf, "server_file_buff%d]]\n\n", num_certs-1); } fclose(serverf); fclose(f); } /* --------------- */ /* --------------- */ else{ printf("Error: unknown ssl file type %s (expected \"ca\", \"cert\", \"privkey\" or \"server\")\n", argv[[2]]); return -1; } return 0; } EOM $CC $C_FILE -o $FILE &> /dev/null OUT=$? if [[ "$OUT" != "0" ]];then AC_MSG_ERROR([problem when compiling $C_FILE]) fi if test "$2" != "";then # Case where we take care of client ssl files $FILE "$1" "cert" $4 OUT=$? if [[ "$OUT" != "0" ]];then rm -f $C_FILE $FILE AC_MSG_ERROR([problem when importing the ssl file $1 of type cert]) fi $FILE "$2" "ca" $4 OUT=$? if [[ "$OUT" != "0" ]];then rm -f $C_FILE $FILE AC_MSG_ERROR([problem when importing the ssl file $2 of type ca]) fi $FILE "$3" "privkey" $4 OUT=$? if [[ "$OUT" != "0" ]];then rm -f $C_FILE $FILE AC_MSG_ERROR([problem when importing the ssl file $3 of type privkey]) fi else # Case where we take care of server certificate files $FILE "$1" "server" $4 OUT=$? if [[ "$OUT" != "0" ]];then rm -f $C_FILE $FILE AC_MSG_ERROR([problem when importing the ssl file $1 of type server certificates]) fi fi # Job done: remove unnecessary files rm -f $C_FILE $FILE ]) ################################################################### ################################################################### ################################################################### ################################################################### ################################################################### if test "$with_ssl_clientfiles" != "" then if test "$with_ssl" == "" then AC_MSG_ERROR([--with-ssl-clientfiles needs --with-ssl!]) fi # Parse the given arguments sslfilestype=$(echo $sslfiles | sed 's/\([[^;]]*\);.*/\1/g') if test "$(echo $sslfiles | grep "ca=")" != "" then sslfilesca=$(echo $sslfiles | sed 's/.*ca=\([[^,]]*\).*/\1/g') else sslfilesca="" fi if test "$(echo $sslfiles | grep "cert=")" != "" then sslfilescert=$(echo $sslfiles | sed 's/.*cert=\([[^,]]*\).*/\1/g') else sslfilescert="" fi if test "$(echo $sslfiles | grep "privkey=")" != "" then sslfilesprivkey=$(echo $sslfiles | sed 's/.*privkey=\([[^,]]*\).*/\1/g') else sslfilesprivkey="" fi AC_MSG_NOTICE([ssl type: $sslfilestype]) AC_MSG_NOTICE([ssl ca: $sslfilesca]) AC_MSG_NOTICE([ssl cert: $sslfilescert]) AC_MSG_NOTICE([ssl privkey: $sslfilesprivkey]) # If the files are a path, put them in the makefiles if test "$sslfilestype" == "path" then AC_SUBST(c_client_ssl_files, "-DSSL_FILES_PATH") AC_SUBST(c_client_ssl_ca_file, "-DPKCS11PROXY_CA_FILE=\\\"$sslfilesca\\\"") AC_SUBST(c_client_ssl_cert_file, "-DPKCS11PROXY_CERT_FILE=\\\"$sslfilescert\\\"") AC_SUBST(c_client_ssl_privkey_file, "-DPKCS11PROXY_PRIVKEY_FILE=\\\"$sslfilesprivkey\\\"") AC_SUBST(caml_client_ssl_files, "-DSSL_FILES_PATH") AC_SUBST(caml_client_ssl_ca_file, "-DPKCS11PROXY_CA_FILE=\\\\\\\"$sslfilesca\\\\\\\"") AC_SUBST(caml_client_ssl_cert_file, "-DPKCS11PROXY_CERT_FILE=\\\\\\\"$sslfilescert\\\\\\\"") AC_SUBST(caml_client_ssl_privkey_file, "-DPKCS11PROXY_PRIVKEY_FILE=\\\\\\\"$sslfilesprivkey\\\\\\\"") WRITE_TO_FILE(summary, " -SSL files", "Paths provided") WRITE_TO_FILE(summary, " |SSL CA certificates", "path->$sslfilesca") WRITE_TO_FILE(summary, " |SSL client certificate", "path->$sslfilescert") WRITE_TO_FILE(summary, " |SSL client private key", "path->$sslfilesprivkey") else if test "$sslfilestype" == "embed" then # Check if the files exist, trigger an error if this is not the case AC_CHECK_FILE($sslfilesca, [], [AC_MSG_ERROR([CA file $sslfilesca does not exist!])]) AC_CHECK_FILE($sslfilescert, [], [AC_MSG_ERROR([CA file $sslfilescert does not exist!])]) AC_CHECK_FILE($sslfilesprivkey, [], [AC_MSG_ERROR([CA file $sslfilesprivkey does not exist!])]) # Embed the files by creating necessary .h files for the C Client AC_SUBST(c_client_ssl_files, "-DSSL_FILES_EMBED") AC_SUBST(c_client_ssl_ca_file, "") AC_SUBST(c_client_ssl_cert_file, "") AC_SUBST(c_client_ssl_privkey_file, "") # Embed the files by creating necessary .mli files for the Client AC_SUBST(caml_client_ssl_files, "-DSSL_FILES_EMBED") AC_SUBST(caml_client_ssl_ca_file, "") AC_SUBST(caml_client_ssl_cert_file, "") AC_SUBST(caml_client_ssl_privkey_file, "") WRITE_TO_FILE(summary, " -SSL files", "Embedded") WRITE_TO_FILE(summary, " |SSL CA certificates", "embed->$sslfilesca") WRITE_TO_FILE(summary, " |SSL client certificate", "embed->$sslfilescert") WRITE_TO_FILE(summary, " |SSL client private key", "embed->$sslfilesprivkey") if test "$with_ocamlclient" == "" then CREATE_SSL_HEADERS($sslfilescert, $sslfilesca, $sslfilesprivkey, "C") else CREATE_SSL_HEADERS($sslfilescert, $sslfilesca, $sslfilesprivkey, "ML") fi else if test "$sslfilestype" == "env" then # Default path file AC_SUBST(c_client_ssl_files, "-DSSL_FILES_ENV") AC_SUBST(c_client_ssl_ca_file, "-DPKCS11PROXY_CA_FILE=\"PKCS11PROXY_CA_FILE\"") AC_SUBST(c_client_ssl_cert_file, "-DPKCS11PROXY_CERT_FILE=\"PKCS11PROXY_CERT_FILE\"") AC_SUBST(c_client_ssl_privkey_file, "-DPKCS11PROXY_PRIVKEY_FILE=\"PKCS11PROXY_PRIVKEY_FILE\"") AC_SUBST(caml_client_ssl_files, "-DSSL_FILES_ENV") AC_SUBST(caml_client_ssl_ca_file, "-DPKCS11PROXY_CA_FILE=\\\\\\\"PKCS11PROXY_CA_FILE\\\\\\\"") AC_SUBST(caml_client_ssl_cert_file, "-DPKCS11PROXY_CERT_FILE=\\\\\\\"PKCS11PROXY_CERT_FILE\\\\\\\"") AC_SUBST(caml_client_ssl_privkey_file, "-DPKCS11PROXY_PRIVKEY_FILE=\\\\\\\"PKCS11PROXY_PRIVKEY_FILE\\\\\\\"") WRITE_TO_FILE(summary, "-SSL files", "Environment variables (at client runtime)") WRITE_TO_FILE(summary, " |SSL CA certificates", "env->PKCS11PROXY_CA_FILE") WRITE_TO_FILE(summary, " |SSL client certificate", "env->PKCS11PROXY_CERT_FILE") WRITE_TO_FILE(summary, " |SSL client private key", "env->PKCS11PROXY_PRIVKEY_FILE") # If the user gave file parameter, tell him that we won't use it if test "$sslfilesca" != "" then WRITE_TO_FILE(summary, " /!\ WARNING!", "CA file provided but env selected => paths are NOT used") fi if test "$sslfilescert" != "" then WRITE_TO_FILE(summary, " /!\ WARNING!", "Client certificate file provided but env selected => paths are NOT used") fi if test "$sslfilesprivkey" != "" then WRITE_TO_FILE(summary, " /!\ WARNING!", "Client key file provided but env selected => paths are NOT used") fi else AC_MSG_ERROR([Error: --with-ssl-clientfiles $sslfilestype is not known: should be either 'path', 'embed' or 'env']) fi fi fi else # Default are environment variables for ssl client files if test "$with_ssl" != "" then # Default path file AC_SUBST(c_client_ssl_files, "-DSSL_FILES_ENV") AC_SUBST(c_client_ssl_ca_file, "-DPKCS11PROXY_CA_FILE=\"PKCS11PROXY_CA_FILE\"") AC_SUBST(c_client_ssl_cert_file, "PKCS11PROXY_CERT_FILE=\"PKCS11PROXY_CERT_FILE\"") AC_SUBST(c_client_ssl_privkey_file, "PKCS11PROXY_PRIVKEY_FILE=\"PKCS11PROXY_PRIVKEY_FILE\"") AC_SUBST(caml_client_ssl_files, "-DSSL_FILES_ENV") AC_SUBST(caml_client_ssl_ca_file, "-DPKCS11PROXY_CA_FILE=\\\\\\\"PKCS11PROXY_CA_FILE\\\\\\\"") AC_SUBST(caml_client_ssl_cert_file, "PKCS11PROXY_CERT_FILE=\\\\\\\"PKCS11PROXY_CERT_FILE\\\\\\\"") AC_SUBST(caml_client_ssl_privkey_file, "PKCS11PROXY_PRIVKEY_FILE=\\\\\\\"PKCS11PROXY_PRIVKEY_FILE\\\\\\\"") else # Undef AC_SUBST(c_client_ssl_files, "") AC_SUBST(c_client_ssl_ca_file, "") AC_SUBST(c_client_ssl_cert_file, "") AC_SUBST(c_client_ssl_privkey_file, "") AC_SUBST(caml_client_ssl_files, "") AC_SUBST(caml_client_ssl_ca_file, "") AC_SUBST(caml_client_ssl_cert_file, "") AC_SUBST(caml_client_ssl_privkey_file, "") fi fi # Handling the optional strict server certificates enforcing if test "$with_ssl_servercerts" != "" then if test "$with_ssl" == "" then AC_MSG_ERROR([--with-ssl-servercerts needs --with-ssl!]) fi # Check if the user provided embed, env or path sslserverfilestype=$(echo $sslservercerts | sed 's/\([[^;]]*\);.*/\1/g') getcerts=$(echo $sslservercerts | grep "certs=") if test "$getcerts" != "" then sslfilesserver=$(echo $sslservercerts | sed 's/.*certs=\([[^,]]*\).*/\1/g') else sslfilesserver="" fi if test "$sslfilesserver" == "" then AC_MSG_ERROR([Bad --with-ssl-servercerts option formatting, see help]) fi AC_MSG_NOTICE([ssl server certificates type: $sslserverfilestype]) AC_MSG_NOTICE([ssl server certificates path: $sslfilesserver]) if test "$sslserverfilestype" == "embed" then # Check if we have a path or a file if [[ -d $sslfilesserver ]]; then # We have a path, create the concatenated file cat $sslfilesserver/*.pem > ./server_certs.crt cat $sslfilesserver/*.crt >> ./server_certs.crt if [[ ! -s ./server_certs.crt ]]; then AC_MSG_ERROR([Server certificates path $sslfilesserver does not contain any certificate (please make sure they have a .crt extension)!]) fi WRITE_TO_FILE(summary, " -SSL server certificate files", "Embedded ($sslfilesserver/*.pem and $sslfilesserver/*.crt)") else # Check if the files exist, trigger an error if this is not the case AC_CHECK_FILE($sslfilesserver, [], [AC_MSG_ERROR([Server certificates file $sslfilesserver does not exist!])]) cp $sslfilesserver ./server_certs.crt WRITE_TO_FILE(summary, " -SSL server certificate files", "Embedded ($sslfilesserver)") fi # Embed the files by creating necessary .h files for the C Client AC_SUBST(c_client_ssl_server, "-DSSL_SERVER_FILES_EMBED") # Embed the files by creating necessary .mli files for the Client AC_SUBST(caml_client_ssl_server, "-DSSL_SERVER_FILES_EMBED") if test "$with_ocamlclient" == "" then CREATE_SSL_HEADERS("./server_certs.crt", "", "", "C") else CREATE_SSL_HEADERS("./server_certs.crt", "", "", "ML") fi # Purge the local crt file rm ./server_certs.crt else AC_MSG_ERROR([Error: --with-ssl-server $sslserverfilestype is not known: should be 'embed']) fi else AC_SUBST(c_client_ssl_server, "") AC_SUBST(caml_client_ssl_server, "") fi # Compiling with/without the filter if test "$with_filter" == "yes" then AC_SUBST(filter_include, "-I \$(filter_filter_dir) -I \$(filter_frontend_dir)") AC_SUBST(filter_files, "\$(filter_backend_dir)/backend.cmx \$(filter_filter_dir)/filter_common.cmx \$(filter_filter_dir)/filter_actions.cmx \$(filter_filter_dir)/filter_configuration.cmx \$(filter_filter_dir)/filter.cmx \$(filter_frontend_dir)/frontend.cmx") AC_SUBST(filter_define, "") AC_SUBST(with_filter, "filter") AC_SUBST(with_filter_clean, "filter_clean") WRITE_TO_FILE(summary, "Using PKCS11 filter on server side", "YES") else AC_SUBST(filter_include, "-package \"str\"") AC_SUBST(filter_files, "") AC_SUBST(filter_define, "-DWITHOUT_FILTER") AC_SUBST(with_filter, "") AC_SUBST(with_filter_clean, "") WRITE_TO_FILE(summary, "Using PKCS11 filter on server side", "NO") fi # With or without the sessions and objects handles aliasing if test "$with_aliasing" != "" then if test "$aliasing" == "yes" then aliasing="rand" fi if test "$aliasing" == "inc" then AC_SUBST(aliasing_def, "-DUSE_ALIASING") WRITE_TO_FILE(summary, "Aliasing (sessions and objects handles)", "inc (incremental)") else if test "$aliasing" == "rand" then AC_SUBST(aliasing_def, "-DUSE_ALIASING -DRANDOM_ALIASING") WRITE_TO_FILE(summary, "Aliasing (sessions and objects handles)", "rand (random)") else AC_SUBST(aliasing_def, "") AC_MSG_ERROR([Unknown aliasing method $aliasing]) fi fi else WRITE_TO_FILE(summary, "Aliasing (sessions and objects handles)", "none") fi # Compiling with the daemonization primitives if test "$with_daemonize" == "yes" then AC_SUBST(caml_server_daemonize_define, "-DDAEMONIZE") WRITE_TO_FILE(summary, "Compiling daemonization support", "YES") else AC_SUBST(caml_server_daemonize_define, "") WRITE_TO_FILE(summary, "Compiling daemonization support", "NO") fi #Enable compiling other components AC_SUBST(with_bindings, "bindings") AC_SUBST(with_bindings_clean, "bindings_clean") AC_SUBST(with_rpc, "rpc") AC_SUBST(with_rpc_clean, "rpc_clean") AC_SUBST(with_client, "client") AC_SUBST(with_client_clean, "client_clean") AC_SUBST(with_server, "server") AC_SUBST(with_server_clean, "server_clean") else # --without-caml-crush was set #Disable compiling other components AC_SUBST(with_bindings, "bindings") AC_SUBST(with_bindings_clean, "bindings_clean") AC_SUBST(with_rpc, "") AC_SUBST(with_rpc_clean, "") AC_SUBST(with_filter, "") AC_SUBST(with_filter_clean, "") AC_SUBST(with_client, "") AC_SUBST(with_client_clean, "") AC_SUBST(with_server, "") AC_SUBST(with_server_clean, "") WRITE_TO_FILE(summary, "bindings only", "OCaml PKCS11 bindings only") AC_MSG_NOTICE([Compiling OCaml bindings only]) fi #END COMPILE CAML CRUSH AC_OUTPUT(Makefile) SHOW_SUMMARY([summary]) caml-crush-1.0.12/doc/000077500000000000000000000000001414774042300144045ustar00rootroot00000000000000caml-crush-1.0.12/doc/DEPS.md000066400000000000000000000034701414774042300154650ustar00rootroot00000000000000# Caml Crush: an OCaml PKCS#11 filtering proxy ## Detailed project dependencies 0] The projects has the following generic dependencies: * autoconf * make * sed * C compiler (tested with GCC and Clang) 1] The bindings have the following dependencies: * [ocaml][] (`>`= 3.12) * [camlidl][] (`>`= 1.05) * [coccinelle][] (`>`= 1.0rc10) [ocaml]: http://caml.inria.fr/ocaml/index.fr.html [coccinelle]: http://coccinelle.lip6.fr/ [camlidl]: http://caml.inria.fr/pub/old_caml_site/camlidl/ 2] The XDR RPC generators (to be used with ocamlrpcgen for the server and the OCaml client, and/or rpcgen for the C client). * ocamlrpcgen (libocamlnet-ocaml-bin) shipped with [ocamlnet][] * rpcgen (shipped with libc) 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. * [ocamlnet][] (`>`= 3.5.1, libocamlnet-ocaml-dev) * with ocamlnet-ssl if build with SSL (libocamlnet-ssl-ocaml libocamlnet-ssl-ocaml-dev) [ocamlnet]: http://projects.camlcity.org/projects/ocamlnet.html 4] A PKCS#11 filtering module used as a backend to the RPC server. * [config-file][], simple OCaml configuration parser (libconfig-file-ocaml-dev) [config-file]: http://config-file.forge.ocamlcore.org/ 5] The client library has the following dependencies: * RPC client code * C client (default and recommended) * built-in "rpcgen" binary (shipped with libc) * [OpenSSL][]/[GnuTLS][] if SSL/TLS support is enabled [OpenSSL]: http://www.openssl.org/ [GnuTLS]: http://www.gnutls.org/ * OCaml client (given as an alternative) * ocamlnet * ocamlnet-ssl if SSL/TLS support is enabled * OCaml static libasmrun.a compiled with -fPIC * We noticed that OCaml is not built with -fPIC by default, you will need to recompile OCaml and all the other libraries to get this working. caml-crush-1.0.12/doc/FILTER.md000066400000000000000000001063021414774042300157150ustar00rootroot00000000000000# Caml Crush: an OCaml PKCS#11 filtering proxy ## PKCS#11 proxy filter module details The following documentation is about the PKCS#11 filter logics and the filtering rules syntax. The PKCS#11 filter is written in OCaml, and the rules syntax also use OCaml style expressions (the configuration module uses the OCaml [config-file][] package). Back to [INDEX.md](INDEX.md). ## Disclaimer: on the filter possible side effects Though the filter has been designed to be as transparent as possible regarding the PKCS#11 standard as well as the underlying PKCS#11 middleware, some side effects might appear due to the filtering implementation choices. If you use PKCS#11 conforming tests with ot without the filter (for example with the --without-filter option in the configure script), you will most likely see some minor differences. This is mainly due to the fact that some PKCS#11 functions in the filter use **local caches** to check mechanisms and objects when they are listed. This can interfere with what the genuine underlying middleware would normally respond, especially when PKCS#11 **tricky cases** are tested (trying to use non existant mechanisms, ...). However, one should keep in mind that in "normal" cases (meaning with standard PKCS#11 applications), the filter should not introduce glitches. If it does, please report the issue. ## The filter architecture 
         ----------------------  
        |  PKCS#11 RPC server  |
         ----------------------                   The PKCS#11 filter  
                   |                                 source tree
              --------------          _
             | 1] FRONTEND  |          |--- 1] /src/filter/fontend/frontend.ml
     ------------------------------    |
    |      PKCS#11 filter          |   |--- /src/filter/filter 
    |------------------------------|   |             [2] |- filter_common.ml
    |  --------------------------  |   |             [3] |- filter_configuration.ml
    | | user defined extensions  | |   |             [4] |- filter.ml
    | |            [5]           | |   |             [5] |- filter_actions.ml
    |  --------------------------  |   |             
    | | common  | parse  | core  | |   | 
    | | helpers | config | engine| |   |
    | |  [2]    |  [3]   |  [4]  | |   |
     ------------------------------    |
             | 6] BACKEND  |          _|--- 6] /src/filter/backend/backend.ml
              -------------            
                   |             
         ----------------------  
        |    PKCS#11 OCaml     | 
        |       bindings       | 
         ----------------------  
                   |
         { PKCS#11 INTERFACE }
                   |
         REAL PKCS#11 MIDDLEWARE
            (shared library)
The filter has a modular design in the project, and is composed of four main parts: 1] **Frontend**: this module is an isolation layer between the filter and the proxy server. It mainly consists in passthrough PKCS#11 calls. 2] **Common helpers**: the helpers define common logging and exceptions. 3] **Configuration parser**: the parser is in charge of reading the filter configuration file using [config-file][] engine and rules. Some sanity checks are performed on the options. [config-file]: http://config-file.forge.ocamlcore.org/ 4] **Filter core engine**: this is the main filtering engine, where the rules are enforced. It mainly consists in passthrough PKCS#11 calls for all the functions, with "hook" calls to filtering routines positionned where necessary. 5] **User defined extensions**: this module contains user defined extensions that will be called on some triggers during the filtering phase. It can be seen as a "plugins" system allowing custom routines to be applied in the filtering chain (with some restrictions though, see below). 6] **Backend**: this module is an isolation layer between the filter and the OCaml/C PKCS#11 bindings that talk to the "real" PKCS#11 library. It mainly consists in passthrough PKCS#11 calls. > Please note that the Frontend and Backend modules main purpose is to make it very easy to change the filter > without touching to the other parts of the project. Changing the filter core is as easy as writing functions using > an API conforming to what the Fontend/Backend expose. ## The filter options syntax The filter configuration is parsed through the OCaml [config-file][] module. It uses OCaml style strings, integers, lists of tuples and regular expressions. The accepted options keywords, with their OCaml style syntax, are: * **debug** = integer between 0 and 3 * **wrapping\_format\_key** = a 32 char long string that must use hexadecimal values to setup the wrapping format key * **modules** = [(a1, b1), (a2, b2) ...] is a **list** of **couples** of strings (a, b) with 'a' being an alias, and 'b' being a PATH to the aliased PKCS#11 module * **log_subchannel** = **string** representing the filter log subchannel in the server * **forbidden\_mechanisms** = [(a1, b1), (a2, b2) ...] is a **list** of **couples** where 'a' is a regular expression string representing modules and 'b' is a list of PKCS#11 mechanisms with the PKCS#11 definition syntax (CKM\_RSA\_PKCS for instance) * **allowed\_labels** = [(a1, b1), (a2, b2) ...] is a **list** of **couples** where 'a1', 'a2', ... are regular expression strings representing module names, and 'b1', 'b2', ... are regular expressions representing labels * **allowed_ids** = [(a1, b1), (a2, b2) ...] is a **list** of **couples** where 'a1', 'a2', ... are regular expression strings representing module names, and 'b1', 'b2', ... are regular expressions representing ids * **forbidden\_functions** = [(a1, b1), (a2, b2) ...] is a **list** of **couples** where 'a1', 'a2', ... are regular expression strings representing module names, and 'b1', 'b2', ... are **lists** of PKCS#11 functions with the PKCS#11 naming convention (C\_Login, C\_Logout ...) * **enforce\_ro\_sessions** = [(a1, b1), (a2, b2) ...] is a **list** of **couples** where 'a' is a regular expression string representing module names, and 'b1', 'b2', ... are booleans that can take 'true', 'false', 'yes' and 'no' as possible values * **forbid\_admin\_operations** = [(a1, b1), (a2, b2) ...] is a **list** of **couples** where 'a' is a regular expression string representing module names, and 'b1', 'b2', ... are booleans that can take 'true', 'false', 'yes' and 'no' as possible values * **remove\_padding\_oracles** = [(a1, b1), (a2, b2) ...] is a **list** of **couples** where 'a' is a regular expression string representing module names, and 'b1', 'b2', ... are a **lists** of cryptographic operations type that can take as possible values 'wrap', 'unwrap', 'encrypt', 'sign' and 'all' (this last one represents the sum of all the values) * **filter\_actions_pre** = [(a1, b1), (a2, b2) ...] is a **list** of **couples** where 'a' is a regular expression string representing module names, and 'b1', 'b2', ... are **lists** of **couples** (c, d) where 'c' is a PKCS#11 function following the PKCS#11 naming convention (C\_Login, C\_Logout ...) and 'd' is an OCaml function name defined in /src/filter/filter/filter\_actions.ml (it is a user defined action to be triggered when the PKCS#11 function 'c' is called as a 'pre action', see below for more details) * **filter\_actions_post** = [(a1, b1), (a2, b2) ...] is a **list** of **couples** where 'a' is a regular expression string representing module names, and 'b1', 'b2', ... are **lists** of **couples** (c, d) where 'c' is a PKCS#11 function following the PKCS#11 naming convention (C\_Login, C\_Logout ...) and 'd' is an OCaml function name defined in /src/filter/filter/filter\_actions.ml (it is a user defined action to be triggered when the PKCS#11 function 'c' is called as a 'post action', see below for more details) The meaning of each key word is detailed in the following sections. ## Logging and debugging options * **debug** (*integer*) can be used to increase the verbosity level: * 0 = merely no log at all, except critical errors and printing the debug level itself * 1 = level 0 + positive filtering matches (i.e. when the filter detects something to block) * 2 = level 1 + negative filtering matches (i.e. when the filter detects that it must not block something) * 3 = level 2 + print all the fetched configuration variables in the filter configuration file (modules aliasing, filtered labels, filtered ids, ...) > default is debug = 0 Syntax example: ```ocaml debug = 3 ``` * **log\_subchanel** (*string*): * Netplex allows the use of **subchannels** to split the logging file. You can specify a subchannel (also defined in pkcs11proxyd.conf) to send the log stream from the filter to an alternative output. > default is log\_subchanel = the main pkcs11proxyd server channel Syntax example: log_subchanel = mylogsubchannel > Please note that the subchannel must indeed exist in the Netplex server context (meaning that it has > been declared in the server configuration file). If this is not the case, the filter logs will fallback to > the standard Netplex server output. ## Wrapping format key * **wrapping\_format\_key** (*32 char long string*) can be used to configure the AES-128 bit key use as wrapping format key. No default value is provided, you **MUST** uncomment and use a cryptographically sound random values when using the `wrapping_format_patch` function of the patchset 1 which is the default configuration. It must be converted to **hexadecimal** format. ## PKCS#11 modules options * **modules** (*list of couples of [string_regexp x string_path_to_lib]*): * As mentionned previously, the client asks for a specific module name. The "modules" parameter binds module "names" and the path to the corresponding PKCS#11 library. > This option is **mandatory**: if no module is defined, an error is triggered. Syntax example: ```ocaml modules = [ ("softhsm", "/usr/lib/libsofthsm.so"), ("opensc", "/usr/lib/opensc-pkcs11.so") ] ``` > This will alias "softhsm" to the library "/usr/lib/libsofthsm.so", and "opensc" to "/usr/lib/opensc-pkcs11.so". > Please note that you can also use an empty string "" as an alias. On the client side, the compiled client library > libp11clientsofthsm.so will send the string "softhsm", while libp11client.so will send the empty string (the alias > sent by the client library is hardcoded inside the binary at compilation time). ## Filtering PKCS#11 objects options The following two options are used to filter what objects the client application will be able to manipulate. It uses the PKCS#11 CKA\_LABEL and CKA\_ID attributes to filter objects. The purpose is to define a list of objects you want to match for each module regarding their label and/or id, objects not matching will **not** be visible to the application. * **allowed\_labels** (*list of couples of [string_regexp x list of string_regexp]*): * The allowed CKA\_LABEL labels for the defined modules > There is no default value for this option: if no allowed\_label option is defined, there is no filtering enforced on > labels. The modules aliases regular expressions **must** however match an existing alias defined in the **modules** > option: an error is triggered if this is not the case. Syntax example: ```ocaml allowed_labels = [ ("\\(sofths.*\\|opencryptoki\\)", ["MYLABEL.*", "LABEL_EXACT"]), ("softhsm", [".*THE_LABEL", "mytes.*"]) ] ``` > The first rule of the above example will allow any "MYLABEL.\*" regular expression, or a "LABEL\_EXACT" for any module > alias matching the "(sofths.\*|opencryptoki)" regular expression (please note the escaping characters for regexps). > For example, an object in a module related to the alias "softhsm" with a "MYLABEL1" label is allowed, but would not be allowed > with a "1MYLABEL" label. Following the same rule, an object in a module related to the alias "softhsm111" with a label > "MYLABEL" is allowed. If a module alias is not covered at all by any regexp rule in allowed\_labels, it is **not** filtered. > Finally, whenever a module alias is conerned by more than one rule, a logical **OR** is applied on the filtered labels: the "softhsm" > alias accepts objects with the regexps "MYLABEL.\*" **OR** "LABEL\_EXACT" **OR** ".\*THE\_LABEL" **OR** "mytes.\*" in the previous example. * **allowed\_ids** (*list of couples of [string_regexp x list of string_regexp]*): * The allowed CKA\_ID values for the defined modules (these are **hexadecimal** encoded values, since the ID is generally in a raw binary format) Syntax example: ```ocaml allowed_ids = [ ("softhsm.*", ["0123.*"]) ] ``` > The allowed\_ids filtering patterns follow the same rules as the one explained in the allowed\_labels section. ## Filtering PKCS#11 mechanisms options This section describe the filtering of PKCS#11 mechanisms. The two options can be used to restrict the mechanisms that will be available to client applications and block some known attacks that use the properties of bad encryption padding to perform [padding oracle attaks][wiki] (with PKCS#1 v1.5 or CBC paddings for instance) or [Wrap/Decrypt style attacks][wrap]. These attacks are inherent to the PKCS#11 standard, and preventing the usage of the dangerous associated mechanisms will inhibit them (though it might be a too coarse and limiting solution, since the Wrap/Unwrap mechanism might be necessary in some use cases). A fine grained approach to prevent these attacks would require a **"stateful"** filter (i.e. memorizing the past PKCS#11 calls and conditionnally decide whether to filter a call or not): this is not the case of the current filter, but there is some work in progress regarding this issue. [wiki]: http://en.wikipedia.org/wiki/Padding_oracle_attack [wrap]: http://www.lsv.ens-cachan.fr/~steel/slides/Tookan.pdf * **forbidden\_mechanisms** (*list of couples of [string_regexp x list of PKCS#11_mechanism]*): * This option sets up a black list of forbidden PKCS#11 mechanisms using the PKCS#11 syntax. Whenever a client lists the mechanisms of a token, these mechanisms are transparently removed from the "real" mechanisms list exposed by the "real" PKCS#11 module. In addition, if the client tries to use these mechanisms through any of the cryptographic "Init" functions (C\_Encrypt\_Init, C\_Decrypt\_Init, ...), the filter blocks the call with a CKR\_MECHANISM\_INVALID. Each couple of the list contains a module alias regexp as a first element, and a list of mechanisms as a second element. Syntax example: ```ocaml forbidden_mechanisms = [ ("sof.*", [CKM_RSA_PKCS, CKM_MD5_RSA_PKCS]), ("softhsm", [CKM_DES_ECB]) ] ``` > There is no default value for forbidden\_mechanisms. Please note that the mechanisms **are not** regexps, they > must correspond to **exact** PKCS#11 mechanism names as they are listed in the standard. If a module alias name > is covered by two rules, a logical **AND** is applied: the rule given in the previous example will inhibit > CKM\_RSA\_PKCS **AND** CKM\_MD5\_RSA\_PKCS **AND** CKM\_DES\_ECB. * **remove\_padding\_oracles** (*list of couples of [string_regexp x list of (wrap|unwrap|encrypt|sign|all)]*): * This option blocks all the mechanisms that are considered dangerous because they can introduce a padding oracle. For now, such mechanisms are hardcoded in the filter (see their list below). For these mechanisms, one can define if a **wrap**, **unwrap**, **encrypt**, **sign** is forbidden: the operations will be forbidden for all the mechanisms. The special value **all** is a short key word for "wrap and unwrap and encrypt and sign". These rules are implemented in the filter by blocking C\_Wrap, C\_Unwrap, C\_Encrypt\_Init, C\_Sign\_Init for the dangerous mechanisms, with a CKR\_MECHANISM\_INVALID as error value. One should notice that remove\_padding\_oracles overlaps the forbidden\_mechanisms option, as well as the forbidden\_functions option (see below for a detailed description of this option). However, we find it more straightforward to give the user the opportunity to easily block known PKCS#11 weaknesses. The potentially dangerous mechanisms (with PKCS#1 v1.5 or CBC paddings) that are harcoded inside the filter are: ```ocaml [CKM_RSA_PKCS; CKM_MD2_RSA_PKCS; CKM_MD5_RSA_PKCS; CKM_SHA1_RSA_PKCS; CKM_RIPEMD128_RSA_PKCS; CKM_RIPEMD160_RSA_PKCS; CKM_SHA256_RSA_PKCS; CKM_SHA384_RSA_PKCS; CKM_SHA512_RSA_PKCS; CKM_RC2_CBC_PAD; CKM_DES_CBC_PAD; CKM_DES3_CBC_PAD; CKM_CDMF_CBC_PAD; CKM_CAST_CBC_PAD; CKM_CAST3_CBC_PAD; CKM_CAST5_CBC_PAD; CKM_CAST128_CBC_PAD; CKM_RC5_CBC_PAD; CKM_IDEA_CBC_PAD; CKM_AES_CBC_PAD; CKM_RSA_X_509] ``` Syntax example: ```ocaml remove_padding_oracles = [ (".*", [wrap, unwrap, encrypt]), ("softhsm", [sign]) ] ``` > There is no default value for remove\_padding\_oracles. As for the forbidden\_mechanisms option, a logical > **AND** is applied when a module is covered by different rules: the "softhsm" module will have "wrap", "unwrap" > and "encrypt" forbidden because of the first rule, and "sign" forbidden with the second rule. ## Filtering PKCS#11 functions options * **forbidden\_functions** (*list of couples of [string_regexp x list of PKCS#11_function]*): * This option blocks any PKCS#11 function defined in the standard by returning CKR\_FUNCTION\_NOT\_SUPPORTED. The PKCS#11 function names must **exactly correspond** to the ones used in the standard API, such as C\_Login, C\_Wrap, ... Syntax example: ```ocaml forbidden_functions = [ ("soft.*", [C_Login, C_Logout]), ("softhsm", [C_Sign]) ] ``` > There is no default value for forbidden\_functions. As for the forbidden\_mechanisms option, a logical > **AND** is applied when a module is covered by different rules: the "softhsm" module will have C\_Login and > C\_Logout blocked by the first rule, and C\_Sign blocked by the second rule. ## Filtering sessions options * **enforce\_ro\_sessions** (*list of couples of [string_regexp x boolean]*): * This option will enforce all the sessions to be **Read Only**, even if the user positions the RW flag when opening them. This option will preserve the **token objects** against any modification, and can be useful when the user is only intented to use the token as a cryptographic ressource with *existing objects* that an "administrator" has provisionned in the token. As for many other options, the RO sessions can be enforced per module alias. The possible values to express the boolean decision of enforcing or not RO sessions are: **yes** and **no** or **true** and **false**. Syntax example: ```ocaml enforce_ro_sessions = [ ("soft.*", no), ("opencryptoki", yes) ] ``` > The default value for enforce\_ro\_sessions is "no" (meaning that if there is no rule associated to a module, > the RO sessions are **not** enforced). The previous rule will **not enforce** RO sessions for "softhsm", but > **will enforce** them for the opencryptoki module alias. * **forbid\_admin\_operations** (*list of couples of [string_regexp x boolean]*): * This option will block **administration operations** on the token associated to a module alias by refusing any SO (Security Officer) C\_Login. The purpose is to prevent "normal" users to perform administrative tasks on the tokens. Please note that the PKCS#11 way of segregating normal users and SO users is to use two different PINs. However, if the SO PIN can be bruteforced (for example if there is no bad PIN counter as this can be the case on some Hardware Security Modules), a normal user would be able to perform SO operations by guessing the SO PIN. This filter option can be seen as a "barrier" blocking such attacks whenever one is sure that a token has no reason to be administrated. The possible values to express the boolean decision of enforcing or not admin blocking are: **yes** and **no** or **true** and **false**. Syntax example: ```ocaml forbid_admin_operations = [ (".*", yes) ] ``` > The default value for forbid\_admin\_operations is "no" (meaning that if there is no rule associated to a module, > the SO operations are **allowed**). The previous rule enforces **blocking the SO operations** on all the modules > (thanks to the regexp ".\*" matching all the modules). ## Adding user defined actions ### The filter\_actions option syntax and usage * **filter\_actions** (*list of couples of [string_regexp x list of couples of [PKCS#11_function x custom_function]]*): * This option is a way to **extend** the filter features as the user can provide its own hooks on every PKCS#11 function. In order to apply an action "Action" triggered by a call to a PKCS#11 function, say C\_Login for example, a couple (C\_Login, Action) is defined in the filter\_actions option. For the sake of simplicity, these hooks have been gathered inside one file in the filter source tree [src/filter/filter/filter_actions.ml](../src/filter/filter/filter_actions.ml). Syntax example: ```ocaml filter_actions = [ (".*", [(C_Login, c_Login_hook), (C_Initialize, c_Initialize_hook)]), ("soft.*", [(C_CloseSession, identity), (C_Login, c_Login_hook2)]) ] ``` > There is no default value for filter\_actions: if **no rule** is defined for a given PKCS#11 function, **no hook** will be > executed for this function. If **many rules** concern the same PKCS#11 function, the hooks are executed **in the order they are declared**. > The previous rule will execute the user defined c\_Login\_hook and then c\_Login\_hook2 when > C\_Login is called for all the modules, the identity user defined function when C\_CloseSession is called for > "soft.\*" regexp module aliases ("softhsm" for instance), and so on ... Please beware that the user defined hooks are > executed **prior** to any other filtering rule. In addition, depending on the hooking function return value, the other > filtering rule might or might not be enforced: this is a way to **override** the original filtering rules and replace > them with custom ones (see below for details on how this works). ### Adding a new user defined action in the code In order to add a new defined action, the user must edit the [src/filter/filter/filter_actions.ml](../src/filter/filter/filter_actions.ml) file where there are already some very simple examples of hooking functions: * `identity` is designed to hook pretty much anything: it prints " ######### Identity hook called!" * `c_Initialize_hook` is designed to hook C\_Initialize, it prints the " ########## Hooking C_Initialize!" string at log level 1 * `c_Login_hook` is designed to hook C\_Login, it prints the " ######### Passthrough C_Login with pin %s!" string with the C\_Login given PIN. If PIN is "1234", the hooks returns and lets C\_Login continue its normal execution. If PIN is not "1234", C\_Login is interrupted and the PKCS#11 error CKR\_PIN\_LOCKED is returned. Though this action is kind of useless, it shows the main advantage of user defined routines: one can completely customize the filter since input and output values can be handled here. One can also make "real" PKCS#11 calls to the Backend and decide of the filtering action depending on the result. The PKCS#11 functions hooking system uses the OCaml [marshaling module](http://caml.inria.fr/pub/docs/manual-ocaml/libref/Marshal.html). The user defined functions **must take exactly one argument** that corresponds to the marshaled string of the original PKCS#11 function original arguments tuple (this argument is therefore of type string). Similarly, the output values of custom hooks are strings that are the **marshaled versions** of couples whose first element is a boolean value, and the second element is a PKCS#11 return value. If the first element is "false", then the hooked PKCS#11 function will **continue its execution** after the hook execution, ignoring the second element of the couple. This means that in this case, all the other filtering options are applied after the hook execution. On the contrary, if the first element of the couple is "true", the second element of the couple is considered to be the hooked function **return value**: this means that the hooked PKCS#11 function will return with this value just after the hook execution. If more than one hooking routine are defined for the same PKCS#11 function, the hooks are executed **in the order they are defined** inside the filter\_actions option. In this case, **the first hooking routine that returns something with (true, ...)** will stop the other hooks execution and makes the hooked function return with this value. This means that the other hooks and their return values are discarded. If a "state" is necessary to keep track of actions of different hooks on the same PKCS#11 function, one will have to implement it through global variables for instance. Two kind of user defined actions have been implemented: * **Early actions**: they are defined through the `filter_actions_pre` option. They are called **before** any filtering action at the very beginning of each hooked PKCS#11 function. This means that a user can, through early actions, **completely replace** the filter action on any given function with his defined actions, thus bypassing the genuine core engine process. * **Late actions**: they are defined through the `filter_actions_post` option. They are called **at the end** of filtering actions, generally just before the _real call_ to the backend. This means that other filtering actions (such as functions blocking, label and id filtering ...) have been processed when these user defined actions are executed. Hence, late actions are meant to define actions extending (i.e. complementing and 'living with') the actions that are already performed in the filter core engine. ### Code example In order to add a custom hook, say `c_Login_hook`, one must first add the name of the hook in the **two custom action wrappers** defined in [src/filter/filter/filter_actions.ml](../src/filter/filter/filter_actions.ml): ```ocaml (********* CUSTOM actions wrappers for the configuration file ******) let execute_action action argument = match action with "c_Initialize_hook" -> c_Initialize_hook argument | "c_Login_hook" -> c_Login_hook argument | "identity" -> identity argument | _ -> identity argument let string_check_action a = match a with "c_Initialize_hook" -> a | "c_Login_hook" -> a | "identity" -> a | _ -> let error_string = Printf.sprintf "Error: unknown action option '%s'!" a in netplex_log_critical error_string; raise Config_file_wrong_type ``` Then, the user must define the `c_Login_hook` **above** these custom wrappers so that it is define at this point of the source file. One could also add the custom hooks inside another OCaml module that would be included in [filter\_actions.ml](../src/filter/filter/filter_actions.ml). ```ocaml let c_Login_hook arg = let (cksessionhandlet_, ckusertypet_, pin) = (deserialize arg) in if compare (Pkcs11.byte_array_to_string pin) "1234" = 0 then (* Passtrhough if pin is 1234 *) let s = Printf.sprintf " ######### Passthrough C_Login with pin %s!" (Pkcs11.byte_array_to_string pin) in print_debug s 1; (serialize (false, ())) else begin (* Hook the call if pin != 1234 *) let s = Printf.sprintf " ######### Hooking C_Login with pin %s!" (Pkcs11.byte_array_to_string pin) in print_debug s 1; let return_value = serialize (true, Pkcs11.cKR_PIN_LOCKED) in (return_value) end ``` Here are the important parts to notice for `c_Login_hook`: * It has exactly **one argument** `arg` that is unmarshaled through the `deserialize` function * The unmarshaled `arg` is then affected to the tuple `(cksessionhandlet_, ckusertypet_, pin)` whose elements exactly correspond to what the hooked PKCS#11 function C\_Login expects as arguments. These are the raw (meaning untouched) arguments received from the filter Frontend * Then, depending on the value of the PIN, either the couple `(false, ())` or the couple `(true, Pkcs11.cKR_PIN_LOCKED)` are returned: * The couple `(false, ())` means that we do not want to override C\_Login return value: the PKCS#11 function will continue its execution and execute other elements of the filter * The couple `(true, Pkcs11.cKR_PIN_LOCKED)` means that we want C\_Login to stop its execution at the hook call while returning `Pkcs11.cKR_PIN_LOCKED` ### The user defined actions limitations Though the custom hooks system has been designed to be very flexible, its main issues come from this flexibility. The OCaml [marshaling module](http://caml.inria.fr/pub/docs/manual-ocaml/libref/Marshal.html) is indeed very powerful since it provides an easy way to define general purpose functions where the arguments and return values are evaluated at runtime. The two drawbacks are that: * The default OCaml marshaling module is **not type-safe** since no type is carried with the marshaled data, meaning that no type-checking is performed during the unmarshaling. This can lead to uncaught exceptions during the unmarshal. * The user defined functions input and output values **must be handled with care**: there is no safety net if the user fails to properly write his function. The program might compile, but the function will - eventually silently - fail at runtime since it overrides OCaml's type inference at compile time. This is usually not the expected behaviour for OCaml written programs! Improving the user defined hooks to be type-safe and avoid the use of marshaling is a **work in pogress**. ### Advanced examples of user defined actions In order to illustrate the flexibility of the user extension system implemented in the filter, we provide patches that **fix the PKCS#11 API**. The API has been deeply analyzed during the last few years, leading to a formal model, an automated attack tool [Tookan](http://secgroup.dais.unive.it/projects/security-apis/tookan/) as well as a patched token reference implementation with [CryptokiX](http://secgroup.dais.unive.it/projects/security-apis/cryptokix/). Bortolozzo *et al.*, in their [ACM CCS 2010 paper](http://www.sigsac.org/ccs/CCS2010/paper_list.shtml), give a good overview of why PKCS#11 is not safe as is and how to properly fix it regarding their attacker model: see [here](http://secgroup.dais.unive.it/wp-content/uploads/2010/10/Tookan-CCS10.pdf) for more details on this. We provide in [src/filter/filter/p11fix_patches](../src/filter/filter/p11fix_patches) patches that should enhance the security of the existing middlewares by using, among other patches, those implemented in [CryptokiX](http://secgroup.dais.unive.it/projects/security-apis/cryptokix/). These patches are defined as `filter_actions_post` functions since we want them to live with the other filter actions. See below for detailed description of their action. Please note that these patches are still in "beta test": they might evolve/be fixed in the future. They have only been tested with OpenCryptoki, but we plan to extend this soon. #### Detail of included patchset The default **filter.conf** ships with secure by default configuration. However, depending on some use case, relaxing the default rules might be necessary. Remember, patchset 1 and 2 are incompatible. The following will explain what is the effect of function applied in the patchsets. * `do_segregate_usage`, default **OFF**, patchset 1/2, applies to: * `C_Initialize` This patch ensures that key usage segregation is enforced (encrypt/decrypt versus sign/verify). This is valid for object creation but also for existing objects. * `non_local_objects_patch`, patchset 1, applies to: * `C_CreateObject` * `C_CopyObject` * `C_SetAttributeValue` When using the CryptokiX patches, we want to avoid keys created through `C_CreateObject` to circumvent the protections. Hence, we filter `C_CreateObject` and do not allow WRAP/UNWRAP attributes set with `C_SetAttributeValue`/`C_CopyObject` for non local objects - i.e. `CKA_LOCAL=FALSE`. * `prevent_sensitive_leak_patch`, patchset 1/2, applies to: * `C_GetAttributeValue` * `C_SetAttributeValue` This patch prevents directly reading or writhing to sensitive or extractable keys. This patch also prevents directly setting `CKA_ALWAYS_SENSITIVE` and `CKA_NEVER_EXTRACTABLE`. * `conflicting_attributes_patch`, patchset 1, applies to: * `C_CreateObject` * `C_CopyObject` * `C_UnwrapKey` * `C_GenerateKey` * `C_GenerateKeyPair` * `C_DeriveKey` * `C_SetAttributeValue` This patch prevents creating objects with conflicting attributes such as `CKA_WRAP` and `CKA_DECRYPT`. * `conflicting_attributes_patch_on_existing_objects`, patchset 1/2, applies to: * `C_EncryptInit` * `C_DecryptInit` * `C_SignInit` * `C_SignRecoverInit` * `C_VerifyInit` * `C_VerifyRecoverInit` * `C_DeriveKey` * `C_DigestKey` * `C_WrapKey` * `C_UnwrapKey` * `C_FindObjects` This patch prevents using objects with have conflicting attributes. This allows to use a device although insecure objects are stored on it. * `dangerous_sensitive_keys_paranoid`/`dangerous_sensitive_keys_escrow_encrypt`/`dangerous_sensitive_keys_escrow_all`, patchset 1/2, applies to: * `C_EncryptInit` * `C_DecryptInit` * `C_SignInit` * `C_SignRecoverInit` * `C_VerifyInit` * `C_VerifyRecoverInit` * `C_DeriveKey` * `C_DigestKey` * `C_WrapKey` * `C_UnwrapKey` * `C_FindObjects` The previous three functions deal with possible issues regarding keys that have been generated without Caml Crush. These keys can be dangerous because their values are known and they might be used to leak other keys. This patch works as follows: 1. Paranoid mode: if `CKA_SENSITIVE=TRUE` and `CKA_ALWAYS_SENSITIVE=FALSE`, we do not trust the key and do not allow it to be used 2. Relaxed mode for encryption keys (escrow usage): when used, this mode allows the usage of keys with `CKA_SENSITIVE=TRUE` and `CKA_ALWAYS_SENSITIVE=FALSE` ONLY if these are encryption/decryption keys and NON LOCAL keys 3. Relaxed mode for all keys (not recommended): when set, this mode is the inverse of paranoid. * `sticky_attributes_patch`, patchset 1, applies to: * `C_CopyObject` * `C_SetAttributeValue` The sticky attributes patch ensure that problematic attributes transition cannot achieved. * `wrapping_format_patch`, patchset 1, applies to: * `C_WrapKey` * `C_UnwrapKey` This function is used to replace the classic `C_WrapKey`/`C_UnwrapKey` operations to protect from injecting rogue keys. You must configure the AES key (see wrapping\_format\_key) that will be used for CMAC to ensure integrity when using this function. * `secure_templates_patch`, patchset 2, applies to: * `C_SetAttributeValue` * `C_GenerateKey` * `C_GenerateKeyPair` * `C_CreateObject` * `C_CopyObject` * `C_UnwrapKey` * `C_DeriveKey` This is the function that is applied for the second patchset, it is disabled by default. Only a controlled and safe set of critical attributes are allowed and are bound to a key when it is instantiated in a token (at key generation, key unwrapping,as well as key creation). Tying a key to its usage enforces key separation in the token, at the expense of imposing that the critical attributes become read-only. Though lacking flexibility, the main advantage of this patch lies in its full compatibility with the PKCS#11 standard. * `sanitize_creation_templates_patch`, patchset 1/2, applies to: * `C_CreateObject` * `C_CopyObject` * `C_GenerateKey` * `C_GenerateKeyPair` * `C_DeriveKey` * `C_UnwrapKey` This sets default attributes values to be applied when not defined by a creation template. caml-crush-1.0.12/doc/INDEX.md000066400000000000000000000257771414774042300156170ustar00rootroot00000000000000# Caml Crush: an OCaml PKCS#11 filtering proxy This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. ## Summary * [Introduction](#Introduction) * [Authors](#Authors) * [OS Support](#OSSupport) * [Dependencies](#Deps) * [Configure (compilation)](#Configuration) * [Building the project](#Build) * [Server configuration](#ServerConfiguration) * [Filter configuration](#Filter) * [Running the server](#Running) * [Running a client application](#RunningClient) * [Hardening of the server](#Harden) ## Introduction The following projects aim to offer a PKCS#11 proxy with filtering capabilities. The project is divided in submodules which are detailed below. 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) ## Authors * Ryad Benadjila () * Thomas Calderon () * Marion Daubignard () ## OS Support 
---------------------------------------------------------------------------
|                  |  C Client  | OCaml client | pkcs11proxyd |  SSL/TLS  |
| Operating system | Unix | TCP | Unix |  TCP  | Unix |  TCP  |           |
|:----------------:|:----:|:---:|:----:|:-----:|:----:|:-----:|:---------:|
| Linux i386       |   X  |  X  |   X  |   X   |   X  |   X   |     X     |
| Linux amd64      |   X  |  X  |   X  |   X   |   X  |   X   |     X     |
| Mac OS X         |  no  |  X  |   X  |   X   |   X  |   X   |     X     |
| FreeBSD amd64    |   X  |  X  |   X  |   X   |   X  |   X   |     X     |
| Windows (native) |  no  |  X  |  no  |  no   |  no  |  no   |    wip    |
| Windows (cygwin) |  wip |  X  |  wip |  wip  |  wip |  wip  |    wip    |
---------------------------------------------------------------------------
    no = not implemented due to some limitations
    wip = work in progress
* The RPC over Unix sockets are not currently supported by rpcgen under Mac OS. * The Windows native port only includes the client library, see [dedicated section](WIN32.md) ### Endianness On Linux, the project was tested on little endian and big endian architectures. This means that it can be used on exotic platforms (say SPARC or Power PC for example). The server and the client do not need to have the same endianness. ## Dependencies The project dependencies requirements are detailed [here](DEPS.md). Most users should be fine to compile Caml Crush using the pre-packaged tools. ### Package dependencies for Ubuntu/Debian Minimal package list: sudo apt-get install autoconf make gcc ocaml-nox camlidl coccinelle \ libocamlnet-ocaml-dev libocamlnet-ocaml-bin \ libconfig-file-ocaml-dev camlp4 Add support for TLS/SSL with OpenSSL: sudo apt-get install libocamlnet-ssl-ocaml libocamlnet-ssl-ocaml-dev \ libssl-dev ## Configuration Caml Crush is a versatile tool that can be thoroughly configured. Some features are embedded at compile-time and enabled through the use of *autoconf* and a *configure* script. Users compiling Caml Crush should read the [pre-build checklist](PRE-BUILD.md) in order to get a better grasp of the various parameters available. We use autoconf to configure some of the compile time options. * autogen.sh is used to create the configure script. ## Build and install ### Building the project From the top directory do: make ### Installing the project From the top directory do: make install It will perform the following action: * install the **pkcs11proxyd** daemon into *${PREFIX}/usr/bin* * install the client library to *${PREFIX}/usr/lib/* * copy default configuration files to *${SYSCONFDIR}/pkcs11proxyd/* ## Server configuration The server process is based on the Netplex library from ocamlnet. It uses a configuration file to setup the basic netplex features ([netplex documentation][]). Several items were added in order to feed the proxy with some parameters, they are detailed in the [dedicated section](SERVER-CONF.md) [netplex documentation]: http://projects.camlcity.org/projects/ocamlnet.html ## Filter configuration See the [filter dedicated section](FILTER.md) for details. ## Running the server By default the server will detach itself from the terminal and run as a proper daemon. It is possible to run it as a foreground process for debugging purposes. #### Command-line server startup For debugging purpose, you can start the server process with the following command line: pkcs11proxyd -fg -conf /etc/pkcs11proxy/server.conf -debug-pkcs11 This will start the daemon in foreground mode and turn on the tracing of PKCS#11 RPC calls. #### Init script startup A basic init script can be found in the *scripts* directory. You **must** adapt it to your needs. Once this is done, you can copy it to */etc/init.d/*. The server will not be launched at startup until a symlink is created for each runlevels the daemon should be started. This is done by calling this command (*defaults* might not suit your needs): update-rc.d -f pkcs11proxyd defaults ## Running a client application Once the server is running, you can use a PKCS#11 compliant application with the generated libraries. For instance, you could use "pkcs11-tool" from the [OpenSC][] suite to query slot information from the client library. pkcs11-tool --module ./libp11clientopensc.so -L [OpenSC]: https://www.opensc-project.org/opensc/ ### Client RPC timeout Each RPC operation has a timeout that is set up (25 seconds by default). If a **slow** cryptographic operation is performed, it is likely that the RPC layer will abort due to the timeout. Although on the server-side the operation will complete, the client application will catch the following example error: Error RPC with C_GenerateKeyPair error: PKCS11 function C_GenerateKeyPair failed: rv = unknown PKCS11 error (0xffffffff) To provide some more flexibility we introduced an environment variable that can be used to control the timeout value. Therefore, one can use `PKCS11PROXY_RPC_TIMEOUT` to configure a custom timeout setting. ## Hardening of the server It is a sane security practice to drop unnecessary privileges at an early stage when starting a process. We plan to provide a *sandboxing* launcher that can be used to bootstrap our server process in another project. This is needed because the necessary APIs to drop privileges and harden the process are not available from OCaml. In the meantime, you can still use already available launchers such as [capsh](http://man7.org/linux/man-pages/man1/capsh.1.html). If one wants to manually implement sandboxing features, here are some starting points: * changing the id of the process if it is launched as **root** * chrooting the process, or using BSD Jails when available * dropping capabilities, see [libcap-ng](http://people.redhat.com/sgrubb/libcap-ng) * limiting possible system calls, see [libseccomp](http://sourceforge.net/projects/libseccomp) * ... and so on ### Augmenting the sandbox with user defined actions Since there are no straightforward privilege reduction and sandboxing helpers in OCaml, we have implemented a specific `c_Daemonize` function in the Netplex RPC server ([src/pkcs11proxyd/server.ml](../src/pkcs11proxyd/server.ml), see below). This function is of course **not** exposed in the RPC layer to the clients, it can only be called inside the server code. This function is called inside the `post_add_hook` method of the Netplex server, meaning that the socket is already created and bound to its given port at this point of the program, which implies that all the privileges can be dropped here (especially allowing listening on the _well-known ports_ < 1024). ```ocaml let c_Daemonize (param) = debug_print_call "C_Daemonize"; (* To keep things consistent c_Daemonize can pass through filter as well *) let ret = Pkcs11.c_Daemonize param in debug_print_ret "C_Daemonize" ret; (Int64.of_nativeint ret) ... let custom_hooks = ... method post_add_hook _ ctrl = ... (* Call C_Daemonize *) if !ref_daemonize_args = "" then begin let param = (Pkcs11.string_to_byte_array "") in let _ = c_Daemonize param in () end else begin let param = (Pkcs11.string_to_byte_array !ref_daemonize_args) in let _ = c_Daemonize param in () end ... ``` The `c_Daemonize` OCaml function is in fact a wrapper to the `ML_CK_C_Daemonize` C function defined in [src/bindings-pkcs11/pkcs11\_functions.c](../src/bindings-pkcs11/pkcs11_functions.c). This allows to inject custom native C code here (see below) to overcome OCaml's existing libraries limitations. For now, `ML_CK_C_Daemonize` **does not do anything**, it is rather an "empty shell" that you will have to fill in. ```C CK_RV ML_CK_C_Daemonize(unsigned char *param, unsigned long param_len) { CK_RV rv = 0; DEBUG_CALL(ML_CK_C_Daemonize, " calling\n"); /* TODO: If you decide so, it is possible to implement some privilege * reduction primitives here. The advantage of doing it here is that you * would not need the "sandbox" launcher. * This is called after the OCaml netplex binds the socket. */ ... return rv; } ``` caml-crush-1.0.12/doc/PRE-BUILD.md000066400000000000000000000106451414774042300162170ustar00rootroot00000000000000# Caml Crush: an OCaml PKCS#11 filtering proxy ## Pre-build checklist ### IDL and RPC code generation Some portions of code are generated with tools. The code in the source tree was generated on a *64-bit* machine. If you want to compile on an 32-bit architecture, you have to trigger the generation of those files. This is done at configure time with the flags described below. To re-generate the OCaml/C stubbing code, use: * --with-idlgen To re-generate the RPC client/server code as well: * --with-rpcgen ### Client type selection We support two types of client libraries, an OCaml/C hybrid version and a full C version. The two implementations have the same feature set, the main difference being that the hybrid one relies on ocamlnet for the transport layer. The compiled library embeds the OCaml runtime which is rather big (~3MB). The C version has a lighter memory footprint, it is the default at compile-time. To compile the client library with native C RPC code (this is the DEFAULT): * --with-cclient To compile the hybrid OCaml/C client library: * --with-ocamlclient ### PKCS#11 multi-module support When the client connects to the proxy server it asks for a specific PKCS#11 module to be loaded. This allows the proxy server to support multiple PKCS#11 libraries (so called "middlewares"). The server looks up in its configuration file for a matching module name (ex: "opensc") with a library path to load (ex: /usr/lib/opensc-pkcs11.so). By default, the client library will read the module name from the **.camlcrushlibname** file located in the current user's directory. In this case, a single client library is compiled `libp11client.so` The --with-libname-file flag enables the behavior previously described (this is the DEFAULT). This behavior can be modified to compile as many client libraries as supported modules. The generated client libraries have the following syntax `libp11client.so` The --with-libnames can be used to compile multiple client libraries with different module names. * --with-libnames="opensc,mysuperhsm" * (libp11clientopensc.so and libp11clientmysuperhsm.so are generated) In the two cases described above, an environment variable can be used to change the module name that will be sent to the proxy server. This behavior is controlled using the `PKCS11PROXY_LIBNAME` variable. ### Client socket configuration The client library socket is defined at compile time. Use --with-client-socket to configure the client socket. * --with-client-socket=unix,/run/pkcs11-socket * (client will connect to UNIX domain socket located at /run/pkcs11-socket) * --with-client-socket=tcp,127.0.0.1:4444 * (client will establish a TCP socket with remote peer 127.0.0.1 and port 4444) However, an environment variable can be used to change the socket parameters. This behavior is controlled using the `PKCS11PROXY_SOCKET_PATH` variable. Please note that you cannot change the socket type, only UNIX path or TCP parameters. ### Enable SSL/TLS support The link between the client and the server can be secured using TLS mutual authentication via certificates. To enable SSL use one of the following flag: * --with-ssl * --with-gnutls OpenSSL or GnuTLS stacks can be used by the client library, the OCaml stack only uses bindings to OpenSSL. #### Client SSL/TLS support Use --with-ssl-clientfiles to provide CA chain and client certificate and private key. The client can be compiled to use three modes, file lookup, environment variables (default) or embedding the credentials inside the code. * --with-ssl-clientfiles='path;ca=path-to-ca,cert=path-to-cert,privkey=path-to-key' * (client will load files with given path at runtime) * --with-ssl-clientfiles='env' * (client will lookup the following environment variables `PKCS11PROXY_CA_FILE`, `PKCS11PROXY_CERT_FILE` and `PKCS11PROXY_PRIVKEY_FILE`) * --with-ssl-clientfiles='embed;ca=path-to-ca,cert=path-to-cert,privkey=path-to-key' * (the files will be parsed and embedded within the compiled code through C headers) #### Server SSL/TLS support The server uses its configuration file to enable SSL/TLS and to configure its private key and the path to certificates. ### Disable filtering capabilities You can compile the proxy server without filtering capabilities with the --without-filter switch. In this case, the server will directly send PKCS#11 requests to the PKCS#11 library. This is NOT recommended and should not be used in production. caml-crush-1.0.12/doc/SERVER-CONF.md000066400000000000000000000105371414774042300164650ustar00rootroot00000000000000# Caml Crush: an OCaml PKCS#11 filtering proxy ## Detailed Server configuration The server process is based on the Netplex library from ocamlnet. It uses a configuration file to setup the basic netplex features ([netplex documentation][]). Several items were added in order to feed the proxy with some parameters, they are detailed below. [netplex documentation]: http://projects.camlcity.org/projects/ocamlnet.html ### Server socket configuration Netplex has the following syntax for the socket configuration. To configure a UNIX domain: ```ocaml ... protocol{ ... type = "local"; path = "/run/pkcs11-socket"; ... } ... ``` To configure a TCP socket listening on 127.0.0.1 and port 4444: ```ocaml ... protocol{ ... type = "internet"; bind = "127.0.0.1:4444"; ... } ... ``` ### Server SSL/TLS configuration for versions > 1.0.6 The SSL/TLS support can be turned on with the following configuration directives: ```ocaml ... processor { ... tls { (* Ciphersuites, GnuTLS syntax *) (* TLS 1.2, PFS-only suites, no DSS, no CAMELLIA *) algorithms = "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"; (* Uncomment to enable DHE parameters, used for PFS *) (* dh_params { (* Pre-computed DH parameters *) pkcs3_file = "/etc/pkcs11proxyd/dhparams.pem"; (* Run-time DH parameters, warning: this takes a long time *) (*bits = 2048;*) }; *) x509 { key { crt_file = "server.pem"; key_file = "server.key"; }; trust { crt_file = "cacert.pem"; }; } }; ... }; ... ``` Please note that the current implementation expects PEM files and that the private key has to be un-encrypted. The algorithm parameter accepts GnuTLS cipher list, the default only allows TLS 1.2 and modern PFS-enabled suites. The dh\_params can be configured to enable DHE suites. Also, parameters can be generated at startup but note that it will slow down startup. ### Server SSL/TLS configuration for older releases The SSL/TLS support can be turned on with the following configuration directives: ```ocaml ... processor { ... use_ssl = true; (* Provide full certificate chain in cafile *) cafile = "/etc/pkcs11proxy/certs/ca.crt"; certfile = "/etc/pkcs11proxy/certs/server.crt"; certkey = "/etc/pkcs11proxy/certs/server.key"; (* OpenSSL cipher syntax, one or many suites can be configured, or alias such as HIGH *) cipher_suite = "AES256-SHA256"; (* Optional, allows to use DHE cipher suites, generate custom DH paramerters *) dh_params = "/usr/local/etc/tests/certs/dhparams.pem"; (* Optional, allows to use ECDHE cipher suites *) ec_curve_name = "prime256v1"; (* Optional, allows to use a custom certificate verification depth *) verify_depth = 4; ... }; ... ``` Please note that the current implementation expects PEM files and that the private key has to be un-encrypted. The cipher\_suite parameter accepts the classic OpenSSL "colon" separated cipher list. Please note that the following ciphers are explicitely turned off: !aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4 **WARNING**: Since Caml Crush 1.0.5, we require ocaml-ssl 0.4.7. This allows to enable PFS support and force TLS 1.2. Hence, if you want to link against older ocaml-ssl, you must manually modify the source code or use an older release. ### Server PKCS#11 module support configuration (when filtering is DISABLED) As mentionned previously, the client asks for a specific module name. If you disabled the filtering engine during compilation, you have to configure the module path of the different libraries in the server configuration. The "libnames" parameter binds module "names" and the path to the corresponding PKCS#11 library. ```ocaml ... processor { ... libnames="opensc:/usr/lib/opensc-pkcs11.so;mysuperhsm:/usr/local/lib/libmysuperhsm.so;"; ... }; ... ``` This parameter is ignored when the project is compiled with filtering capabilities. ### Server PKCS#11 filter configuration path When filtering is enabled, the PKCS#11 server fetches the filtering rules from a file whose path must be provided in the main server configuration file, in the `processor` section. ```ocaml ... processor { ... filter_config="PATH/filter.conf"; ... }; ... ``` caml-crush-1.0.12/doc/WIN32.md000066400000000000000000000054351414774042300155370ustar00rootroot00000000000000# Caml Crush: an OCaml PKCS#11 filtering proxy ## Windows support This page explains how to build on Microsoft Windows. Please note that this support is experimental and incomplete. ## Client library Because of the lack of proper tool on Windows, you will have to download and prepare the source on a "Linux" environment (it can be done in Cygwin). Download the source code and prepare it with the following commands: cd src/client-lib #Copy file in order to get correct include path in file generated cp ../rpc-pkcs11/pkcs11_rpc.x ./ #Generate header for Win32 compatibility (i.e. without MT support) rpcgen -h -N pkcs11_rpc.x > pkcs11_rpc.h #Generate xdr helpers rpcgen -c -N pkcs11_rpc.x > pkcs11_rpc_xdr.c #Generate client stubs rpcgen -l -N pkcs11_rpc.x > pkcs11_rpc_clnt.c #Remove local copy of XDR file rm pkcs11_rpc.x #Patch generated xdr implementation (optional: remove unused buffer) spatch --no-show-diff --sp-file ./pkcs11_rpc_xdr.cocci ./pkcs11_rpc_xdr.c --in-place ### Dependencies There is not native support of ONC RPC for Microsoft Windows. However some porting efforts have been made in the past. The open source oncrpc-win32 has been modified and is used in order to provide the RPC layer in the client library. There is no upstream, so you will have to use our modified version of [oncrpc-win32][]. You can use the projects file with Visual Studio to build the "librpc" target. [oncrpc-win32]: https://github.com/tc-anssi/oncrpc-win32 The build has been tested on Visual Studio 2012. Please note that you will have to select the "right" target depending on your need. We have tried both static and DLL approach. The Makefile.Win32 that we provide will expect a static library "oncrpc.lib" to link against. (Modify the solution properties to your need (arch, DLL/Static, C-Runtime). ### Configuring Windows build environment Please refer to Makefile.Win32 and adapt the include paths. Note that you will have to adapt the makefile to configure the client to reach the proxy server. ### Build Once the oncrpc library and the client source code is prepared, copy the code on the Windows build environment and compile with the following commands. cd src\client-lib nmake /f Makefile.Win32 nodebug=1 This should start the compilation, you will end up with a DLL matching the libname you provided in the Makefile (libclientp11.dll). To build the debug target, remove the "nodebug=1" parameter. However note that you have to link against a coherent (Debug/Release) version of oncrpc.lib ### Test it You can test that everything is working with a PKCS#11 application, **pkcs11-tool** from the OpenSC suite for example. The following command will list the available slots. pkcs11-tool --module \libp11client.dll caml-crush-1.0.12/docker-compose-unix.yml000066400000000000000000000045651414774042300202670ustar00rootroot00000000000000version: '3.6' services: pkcs11proxyd-unix: image: "pkcs11proxyd-unix:${FLAVOR}" build: context: . dockerfile: src/tests/integration/Dockerfile.debian-integration-unix args: dist: "${DIST}" flavor: "${FLAVOR}" volumes: - ./src/tests/integration/filter.conf:/build/src/tests/integration/filter.conf:ro - ./src/tests/integration/pkcs11proxyd-unix.conf:/build/src/tests/integration/pkcs11proxyd.conf:ro - vol-pkcs11proxyd-unix:/var/run/ entrypoint: '/usr/local/bin/pkcs11proxyd -fg -conf /build/src/tests/integration/pkcs11proxyd.conf' pkcs11proxydtls-unix: image: "pkcs11proxydtls-unix:${FLAVOR}" build: context: . dockerfile: src/tests/integration/Dockerfile.debian-integration-unix-tls args: dist: "${DIST}" flavor: "${FLAVOR}" volumes: - ./src/tests/integration/filter.conf:/build/src/tests/integration/filter.conf:ro - ./src/tests/integration/pkcs11proxyd-unix-tls.conf:/build/src/tests/integration/pkcs11proxyd.conf:ro - ./src/tests/integration/certs/ca.pem:/build/src/tests/integration/ca.pem:ro - ./src/tests/integration/certs/server.pem:/build/src/tests/integration/server.pem:ro - ./src/tests/integration/certs/server-key.pem:/build/src/tests/integration/server-key.pem:ro - vol-pkcs11proxydtls-unix:/var/run/ entrypoint: '/usr/local/bin/pkcs11proxyd -fg -conf /build/src/tests/integration/pkcs11proxyd.conf' client-unix: image: "pkcs11proxyd-unix:${FLAVOR}" depends_on: - "pkcs11proxyd-unix" volumes: - vol-pkcs11proxyd-unix:/var/run/ environment: - PKCS11PROXY_LIBNAME=softhsm entrypoint: /build/src/tests/integration/run-tests.sh client-unix-tls: image: "pkcs11proxydtls-unix:${FLAVOR}" depends_on: - "pkcs11proxydtls-unix" environment: - PKCS11PROXY_LIBNAME=softhsm - PKCS11PROXY_CA_FILE=/tmp/ca.pem - PKCS11PROXY_CERT_FILE=/tmp/client.pem - PKCS11PROXY_PRIVKEY_FILE=/tmp/client-key.pem volumes: - vol-pkcs11proxydtls-unix:/var/run/ - ./src/tests/integration/certs/ca.pem:/tmp/ca.pem:ro - ./src/tests/integration/certs/client.pem:/tmp/client.pem:ro - ./src/tests/integration/certs/client-key.pem:/tmp/client-key.pem:ro entrypoint: /build/src/tests/integration/run-tests.sh volumes: vol-pkcs11proxyd-unix: vol-pkcs11proxydtls-unix:caml-crush-1.0.12/docker-compose.yml000066400000000000000000000045321414774042300173000ustar00rootroot00000000000000version: '3.6' services: pkcs11proxyd: image: "pkcs11proxyd:${FLAVOR}" build: context: . dockerfile: src/tests/integration/Dockerfile.debian-integration args: dist: "${DIST}" flavor: "${FLAVOR}" # ports: # - '4444:4444' volumes: - ./src/tests/integration/filter.conf:/build/src/tests/integration/filter.conf:ro - ./src/tests/integration/pkcs11proxyd-tcp.conf:/build/src/tests/integration/pkcs11proxyd.conf:ro entrypoint: '/usr/local/bin/pkcs11proxyd -fg -conf /build/src/tests/integration/pkcs11proxyd.conf' pkcs11proxydtls: image: "pkcs11proxydtls:${FLAVOR}" build: context: . dockerfile: src/tests/integration/Dockerfile.debian-integration-tls args: dist: "${DIST}" flavor: "${FLAVOR}" volumes: - ./src/tests/integration/filter.conf:/build/src/tests/integration/filter.conf:ro - ./src/tests/integration/pkcs11proxyd-tcp-tls.conf:/build/src/tests/integration/pkcs11proxyd.conf:ro - ./src/tests/integration/certs/ca.pem:/build/src/tests/integration/ca.pem:ro - ./src/tests/integration/certs/server.pem:/build/src/tests/integration/server.pem:ro - ./src/tests/integration/certs/server-key.pem:/build/src/tests/integration/server-key.pem:ro entrypoint: '/usr/local/bin/pkcs11proxyd -fg -conf /build/src/tests/integration/pkcs11proxyd.conf' client: image: "pkcs11proxyd:${FLAVOR}" depends_on: - "pkcs11proxyd" environment: - PKCS11PROXY_LIBNAME=softhsm - PKCS11PROXY_SOCKET_PATH=pkcs11proxyd:4444 entrypoint: "/build/src/tests/integration/wait-for-it.sh pkcs11proxyd:4444 -- /build/src/tests/integration/run-tests.sh" client-tls: image: "pkcs11proxydtls:${FLAVOR}" depends_on: - "pkcs11proxydtls" environment: - PKCS11PROXY_LIBNAME=softhsm - PKCS11PROXY_SOCKET_PATH=pkcs11proxydtls:4444 - PKCS11PROXY_CA_FILE=/tmp/ca.pem - PKCS11PROXY_CERT_FILE=/tmp/client.pem - PKCS11PROXY_PRIVKEY_FILE=/tmp/client-key.pem volumes: - ./src/tests/integration/certs/ca.pem:/tmp/ca.pem:ro - ./src/tests/integration/certs/client.pem:/tmp/client.pem:ro - ./src/tests/integration/certs/client-key.pem:/tmp/client-key.pem:ro entrypoint: "/build/src/tests/integration/wait-for-it.sh pkcs11proxydtls:4444 -- /build/src/tests/integration/run-tests.sh" caml-crush-1.0.12/m4/000077500000000000000000000000001414774042300141575ustar00rootroot00000000000000caml-crush-1.0.12/m4/ax_compare_version.m4000066400000000000000000000146521414774042300203140ustar00rootroot00000000000000# =========================================================================== # http://www.gnu.org/software/autoconf-archive/ax_compare_version.html # =========================================================================== # # SYNOPSIS # # AX_COMPARE_VERSION(VERSION_A, OP, VERSION_B, [ACTION-IF-TRUE], [ACTION-IF-FALSE]) # # DESCRIPTION # # This macro compares two version strings. Due to the various number of # minor-version numbers that can exist, and the fact that string # comparisons are not compatible with numeric comparisons, this is not # necessarily trivial to do in a autoconf script. This macro makes doing # these comparisons easy. # # The six basic comparisons are available, as well as checking equality # limited to a certain number of minor-version levels. # # The operator OP determines what type of comparison to do, and can be one # of: # # eq - equal (test A == B) # ne - not equal (test A != B) # le - less than or equal (test A <= B) # ge - greater than or equal (test A >= B) # lt - less than (test A < B) # gt - greater than (test A > B) # # Additionally, the eq and ne operator can have a number after it to limit # the test to that number of minor versions. # # eq0 - equal up to the length of the shorter version # ne0 - not equal up to the length of the shorter version # eqN - equal up to N sub-version levels # neN - not equal up to N sub-version levels # # When the condition is true, shell commands ACTION-IF-TRUE are run, # otherwise shell commands ACTION-IF-FALSE are run. The environment # variable 'ax_compare_version' is always set to either 'true' or 'false' # as well. # # Examples: # # AX_COMPARE_VERSION([3.15.7],[lt],[3.15.8]) # AX_COMPARE_VERSION([3.15],[lt],[3.15.8]) # # would both be true. # # AX_COMPARE_VERSION([3.15.7],[eq],[3.15.8]) # AX_COMPARE_VERSION([3.15],[gt],[3.15.8]) # # would both be false. # # AX_COMPARE_VERSION([3.15.7],[eq2],[3.15.8]) # # would be true because it is only comparing two minor versions. # # AX_COMPARE_VERSION([3.15.7],[eq0],[3.15]) # # would be true because it is only comparing the lesser number of minor # versions of the two values. # # Note: The characters that separate the version numbers do not matter. An # empty string is the same as version 0. OP is evaluated by autoconf, not # configure, so must be a string, not a variable. # # The author would like to acknowledge Guido Draheim whose advice about # the m4_case and m4_ifvaln functions make this macro only include the # portions necessary to perform the specific comparison specified by the # OP argument in the final configure script. # # LICENSE # # Copyright (c) 2008 Tim Toolan # # Copying and distribution of this file, with or without modification, are # permitted in any medium without royalty provided the copyright notice # and this notice are preserved. This file is offered as-is, without any # warranty. #serial 11 dnl ######################################################################### AC_DEFUN([AX_COMPARE_VERSION], [ AC_REQUIRE([AC_PROG_AWK]) # Used to indicate true or false condition ax_compare_version=false # Convert the two version strings to be compared into a format that # allows a simple string comparison. The end result is that a version # string of the form 1.12.5-r617 will be converted to the form # 0001001200050617. In other words, each number is zero padded to four # digits, and non digits are removed. AS_VAR_PUSHDEF([A],[ax_compare_version_A]) A=`echo "$1" | sed -e 's/\([[0-9]]*\)/Z\1Z/g' \ -e 's/Z\([[0-9]]\)Z/Z0\1Z/g' \ -e 's/Z\([[0-9]][[0-9]]\)Z/Z0\1Z/g' \ -e 's/Z\([[0-9]][[0-9]][[0-9]]\)Z/Z0\1Z/g' \ -e 's/[[^0-9]]//g'` AS_VAR_PUSHDEF([B],[ax_compare_version_B]) B=`echo "$3" | sed -e 's/\([[0-9]]*\)/Z\1Z/g' \ -e 's/Z\([[0-9]]\)Z/Z0\1Z/g' \ -e 's/Z\([[0-9]][[0-9]]\)Z/Z0\1Z/g' \ -e 's/Z\([[0-9]][[0-9]][[0-9]]\)Z/Z0\1Z/g' \ -e 's/[[^0-9]]//g'` dnl # In the case of le, ge, lt, and gt, the strings are sorted as necessary dnl # then the first line is used to determine if the condition is true. dnl # The sed right after the echo is to remove any indented white space. m4_case(m4_tolower($2), [lt],[ ax_compare_version=`echo "x$A x$B" | sed 's/^ *//' | sort -r | sed "s/x${A}/false/;s/x${B}/true/;1q"` ], [gt],[ ax_compare_version=`echo "x$A x$B" | sed 's/^ *//' | sort | sed "s/x${A}/false/;s/x${B}/true/;1q"` ], [le],[ ax_compare_version=`echo "x$A x$B" | sed 's/^ *//' | sort | sed "s/x${A}/true/;s/x${B}/false/;1q"` ], [ge],[ ax_compare_version=`echo "x$A x$B" | sed 's/^ *//' | sort -r | sed "s/x${A}/true/;s/x${B}/false/;1q"` ],[ dnl Split the operator from the subversion count if present. m4_bmatch(m4_substr($2,2), [0],[ # A count of zero means use the length of the shorter version. # Determine the number of characters in A and B. ax_compare_version_len_A=`echo "$A" | $AWK '{print(length)}'` ax_compare_version_len_B=`echo "$B" | $AWK '{print(length)}'` # Set A to no more than B's length and B to no more than A's length. A=`echo "$A" | sed "s/\(.\{$ax_compare_version_len_B\}\).*/\1/"` B=`echo "$B" | sed "s/\(.\{$ax_compare_version_len_A\}\).*/\1/"` ], [[0-9]+],[ # A count greater than zero means use only that many subversions A=`echo "$A" | sed "s/\(\([[0-9]]\{4\}\)\{m4_substr($2,2)\}\).*/\1/"` B=`echo "$B" | sed "s/\(\([[0-9]]\{4\}\)\{m4_substr($2,2)\}\).*/\1/"` ], [.+],[ AC_WARNING( [illegal OP numeric parameter: $2]) ],[]) # Pad zeros at end of numbers to make same length. ax_compare_version_tmp_A="$A`echo $B | sed 's/./0/g'`" B="$B`echo $A | sed 's/./0/g'`" A="$ax_compare_version_tmp_A" # Check for equality or inequality as necessary. m4_case(m4_tolower(m4_substr($2,0,2)), [eq],[ test "x$A" = "x$B" && ax_compare_version=true ], [ne],[ test "x$A" != "x$B" && ax_compare_version=true ],[ AC_WARNING([illegal OP parameter: $2]) ]) ]) AS_VAR_POPDEF([A])dnl AS_VAR_POPDEF([B])dnl dnl # Execute ACTION-IF-TRUE / ACTION-IF-FALSE. if test "$ax_compare_version" = "true" ; then m4_ifvaln([$4],[$4],[:])dnl m4_ifvaln([$5],[else $5])dnl fi ]) dnl AX_COMPARE_VERSION caml-crush-1.0.12/scripts/000077500000000000000000000000001414774042300153265ustar00rootroot00000000000000caml-crush-1.0.12/scripts/pkcs11proxyd.in000066400000000000000000000101751414774042300202320ustar00rootroot00000000000000#! /bin/sh ### BEGIN INIT INFO # Provides: pkcs11proxyd # Required-Start: $syslog # Required-Stop: $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: OCaml filtering PKCS#11 proxy daemon # Description: This init script is used to launch the pkcs11proxyd # service. ### END INIT INFO # Author: Thomas Calderon # # Do NOT "set -e" # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/local/lib DESC="OCaml filtering PKCS#11 proxy daemon" NAME=pkcs11proxyd DAEMON=@prefix@/bin/$NAME DAEMON_ARGS="-conf @sysconfdir@/pkcs11proxyd/pkcs11proxyd.conf" PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. # Depend on lsb-base (>= 3.2-14) to ensure that this file is present # and status_of_proc is working. . /lib/lsb/init-functions # # Function that starts the daemon/service # do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --exec $DAEMON --test > /dev/null \ || return 1 start-stop-daemon --start --quiet $PIDFILE --exec $DAEMON -- \ $DAEMON_ARGS \ || return 2 # Add code here, if necessary, that waits for the process to be ready # to handle requests from services started subsequently which depend # on this one. As a last resort, sleep for some time. } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks # and if the daemon is only ever run from this initscript. # If the above conditions are not satisfied then add some other code # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE return "$RETVAL" } # # Function that sends a SIGHUP to the daemon/service # do_reload() { # # If the daemon can reload its configuration without # restarting (for example, when it is sent a SIGHUP), # then implement that here. # start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME return 0 } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; #reload|force-reload) # # If do_reload() is not implemented then leave this commented out # and leave 'force-reload' as an alias for 'restart'. # #log_daemon_msg "Reloading $DESC" "$NAME" #do_reload #log_end_msg $? #;; restart|force-reload) # # If the "reload" option is implemented then remove the # 'force-reload' alias # log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 exit 3 ;; esac : caml-crush-1.0.12/src/000077500000000000000000000000001414774042300144265ustar00rootroot00000000000000caml-crush-1.0.12/src/bindings-pkcs11/000077500000000000000000000000001414774042300173235ustar00rootroot00000000000000caml-crush-1.0.12/src/bindings-pkcs11/Makefile.in000066400000000000000000000101611414774042300213670ustar00rootroot00000000000000CC=@CC@ CFLAGS_OPT = -Wall -Wextra -pedantic -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wnested-externs -Winline -Wuninitialized -fcommon CFLAGS_OPT += ${CPPFLAGS} CFLAGS = -O2 -fPIC $(CFLAGS_OPT) -I@OCAMLLIB@ CFLAGS_DBG = -g -fPIC -I@OCAMLLIB@ $(CFLAGS_OPT) caml_link_dirs = @OCAMLLIB@ LDFLAGS = -cclib -L$(caml_link_dirs) -cclib -lcamlidl all: @idl_gen@ $(CC) @srcdir@/pkcs11_stubs.c -DSERVER_ROLE -c $(CFLAGS) $(CC) @srcdir@/pkcs11_functions.c @aliasing_def@ -DSERVER_ROLE -c $(CFLAGS) ocamlopt @ocaml_options@ -pp "camlp4o pa_macro.cmo @ocaml_bytes_module_define@" -o pkcs11 -c @srcdir@/pkcs11.mli ocamlopt @ocaml_options@ -pp "camlp4o pa_macro.cmo @ocaml_bytes_module_define@" -o pkcs11 -c @srcdir@/pkcs11.ml ocamlmklib -o pkcs11 pkcs11.cmx pkcs11_functions.o pkcs11_stubs.o $(LDFLAGS) debug: @idl_gen@ $(CC) @srcdir@/pkcs11_stubs.c -DSERVER_ROLE -DDEBUG -g -c $(CFLAGS_DBG) $(CC) @srcdir@/pkcs11_functions.c @aliasing_def@ -DSERVER_ROLE -g -DDEBUG -c $(CFLAGS_DBG) ocamlopt @ocaml_options@ -pp "camlp4o pa_macro.cmo @ocaml_bytes_module_define@" -g -o pkcs11 -c @srcdir@/pkcs11.mli ocamlopt @ocaml_options@ -pp "camlp4o pa_macro.cmo @ocaml_bytes_module_define@" -g -o pkcs11 -c @srcdir@/pkcs11.ml ocamlmklib -o pkcs11 pkcs11.cmx pkcs11_functions.o pkcs11_stubs.o $(LDFLAGS) idl: @rm -f @idl_clean@ camlidl @idl_ocaml_bytes_module_define@ -header @srcdir@/pkcs11.idl cat @srcdir@/pkcs11_stubs.c | sed -e 's/Begin_roots_block(\(.*\)).*/Begin_roots_block(\1);/g' | sed -e 's/Begin_root(\(.*\)).*/Begin_root(\1);/g' | sed -e 's/End_roots(\(.*\)).*/End_roots(\1);/g' > ./tmp mv ./tmp @srcdir@/pkcs11_stubs.c #Sed to patch (GetSlotList/GetMechList/FindObjects/GetObjectSize) sed -i "s/* int/\* nativeint/g" @srcdir@/pkcs11.mli sed -i "s/* int/\* nativeint/g" @srcdir@/pkcs11.ml #Handle recent IDL (as they rename some functions and cocci patches will not be applied otherwise) sed -i "s/caml_modify/modify/g" @srcdir@/pkcs11_stubs.c sed -i "s/caml_copy_nativeint/custom_copy_int/g" @srcdir@/pkcs11_stubs.c sed -i "s/caml_invalid_argument/invalid_argument/g" @srcdir@/pkcs11_stubs.c # Patch the stubs with cocci spatch --no-show-diff --in-place --sp-file @srcdir@/pkcs11_stubs.cocci @srcdir@/pkcs11_stubs.c #Sed because spatch is not able to preprocess sed -i 's/^_CAMLIDL_EXTERN_C/extern/g' @srcdir@/pkcs11.h #Sed to change the structure packing pragma in WIN32 mode: CamlIDL fixes it to 8 while #PKCS11 header fixes it to 1 => this can create binary interoperability issues sed -i 's/push,8/push,1\/* Replaced for PKCS11 compatibiliy *\//g' @srcdir@/pkcs11.h spatch --no-show-diff --in-place --sp-file @srcdir@/@pkcs11_cocci_patch@ @srcdir@/pkcs11.h #Sed to force the produced idl variable context and some values to be tagged 'unused' sed -i 's/\(.*\), camlidl_ctx _ctx)$$/#ifdef __GNUC__\n\1, __attribute__((unused)) camlidl_ctx _ctx)\n#else\n\1, camlidl_ctx _ctx)\n#endif/g' @srcdir@/pkcs11_stubs.c sed -i 's/\(.*\)value _unit)$$/#ifdef __GNUC__\n\1__attribute__((unused))value _unit)\n#else\n\1value _unit)\n#endif/g' @srcdir@/pkcs11_stubs.c #Sed to disable the warnings on shadowing caml__roots_block sed -i 's/\(.*\)Begin_root(\(.*\)/\/* We add this because of possible shadow warning *\/\n\/* (this is not our code: these are camlidl macros)*\/\n#if GCC_VERSION > 40600\n#pragma GCC diagnostic push\n#pragma GCC diagnostic ignored \"-Wshadow\"\n#endif\n\1Begin_root(\2\n#if GCC_VERSION > 40600\n#pragma GCC diagnostic pop\n#endif/g' @srcdir@/pkcs11_stubs.c sed -i 's/\(.*\)Begin_roots_block(\(.*\)/\/* We add this because of possible shadow warning *\/\n\/* (this is not our code: these are camlidl macros)*\/\n#if GCC_VERSION > 40600\n#pragma GCC diagnostic push\n#pragma GCC diagnostic ignored \"-Wshadow\"\n#endif\n\1Begin_roots_block(\2\n#if GCC_VERSION > 40600\n#pragma GCC diagnostic pop\n#endif/g' @srcdir@/pkcs11_stubs.c clean_idl: @rm -f @srcdir@/pkcs11.h @srcdir@/pkcs11_stubs.c @srcdir@/pkcs11.mli @srcdir@/pkcs11.ml clean: @rm -f @srcdir@/*.cmi @srcdir@/*.cmx @srcdir@/*.o @srcdir@/*.cmo @srcdir@/*~ @srcdir@/*.opt @srcdir@/*.cmxa @srcdir@/*.a @srcdir@/*.cma @srcdir@/*.so caml-crush-1.0.12/src/bindings-pkcs11/Makefile.standalone.in000066400000000000000000000101421414774042300235150ustar00rootroot00000000000000CC=@CC@ CFLAGS_OPT = -Wall -Wextra -pedantic -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wnested-externs -Winline -Wuninitialized CFLAGS_OPT += ${CPPFLAGS} CFLAGS = -O2 -fPIC $(CFLAGS_OPT) -I@OCAMLLIB@ CFLAGS_DBG = -g -fPIC -I@OCAMLLIB@ $(CFLAGS_OPT) caml_link_dirs = @OCAMLLIB@ LDFLAGS = -cclib -L$(caml_link_dirs) -cclib -lcamlidl all: @idl_gen@ $(CC) @srcdir@/pkcs11_stubs.c -c $(CFLAGS) $(CC) @srcdir@/pkcs11_functions.c @aliasing_def@ -c $(CFLAGS) ocamlopt @ocaml_options@ -pp "camlp4o pa_macro.cmo @ocaml_bytes_module_define@" -o pkcs11 -c @srcdir@/pkcs11.mli ocamlopt @ocaml_options@ -pp "camlp4o pa_macro.cmo @ocaml_bytes_module_define@" -o pkcs11 -c @srcdir@/pkcs11.ml ocamlmklib -o pkcs11_standalone pkcs11.cmx pkcs11_functions.o pkcs11_stubs.o $(LDFLAGS) debug: @idl_gen@ $(CC) @srcdir@/pkcs11_stubs.c -DSERVER_ROLE -DDEBUG -g -c $(CFLAGS_DBG) $(CC) @srcdir@/pkcs11_functions.c @aliasing_def@ -DSERVER_ROLE -g -DDEBUG -c $(CFLAGS_DBG) ocamlopt @ocaml_options@ -pp "camlp4o pa_macro.cmo @ocaml_bytes_module_define@" -g -o pkcs11 -c @srcdir@/pkcs11.mli ocamlopt @ocaml_options@ -pp "camlp4o pa_macro.cmo @ocaml_bytes_module_define@" -g -o pkcs11 -c @srcdir@/pkcs11.ml ocamlmklib -o pkcs11_standalone pkcs11.cmx pkcs11_functions.o pkcs11_stubs.o $(LDFLAGS) idl: @rm -f @idl_clean@ camlidl @idl_ocaml_bytes_module_define@ -header @srcdir@/pkcs11.idl cat @srcdir@/pkcs11_stubs.c | sed -e 's/Begin_roots_block(\(.*\)).*/Begin_roots_block(\1);/g' | sed -e 's/Begin_root(\(.*\)).*/Begin_root(\1);/g' | sed -e 's/End_roots(\(.*\)).*/End_roots(\1);/g' > ./tmp mv ./tmp @srcdir@/pkcs11_stubs.c #Sed to patch (GetSlotList/GetMechList/FindObjects/GetObjectSize) sed -i "s/* int/\* nativeint/g" @srcdir@/pkcs11.mli sed -i "s/* int/\* nativeint/g" @srcdir@/pkcs11.ml #Handle recent IDL (as they rename some functions and cocci patches will not be applied otherwise) sed -i "s/caml_modify/modify/g" @srcdir@/pkcs11_stubs.c sed -i "s/caml_copy_nativeint/custom_copy_int/g" @srcdir@/pkcs11_stubs.c sed -i "s/caml_invalid_argument/invalid_argument/g" @srcdir@/pkcs11_stubs.c # Patch the stubs with cocci spatch --no-show-diff --in-place --sp-file @srcdir@/pkcs11_stubs.cocci @srcdir@/pkcs11_stubs.c #Sed because spatch is not able to preprocess sed -i 's/^_CAMLIDL_EXTERN_C/extern/g' @srcdir@/pkcs11.h #Sed to change the structure packing pragma in WIN32 mode: CamlIDL fixes it to 8 while #PKCS11 header fixes it to 1 => this can create binary interoperability issues sed -i 's/push,8/push,1\/* Replaced for PKCS11 compatibiliy *\//g' @srcdir@/pkcs11.h spatch --no-show-diff --in-place --sp-file @srcdir@/@pkcs11_cocci_patch@ @srcdir@/pkcs11.h #Sed to force the produced idl variable context and some values to be tagged 'unused' sed -i 's/\(.*\), camlidl_ctx _ctx)$$/#ifdef __GNUC__\n\1, __attribute__((unused)) camlidl_ctx _ctx)\n#else\n\1, camlidl_ctx _ctx)\n#endif/g' @srcdir@/pkcs11_stubs.c sed -i 's/\(.*\)value _unit)$$/#ifdef __GNUC__\n\1__attribute__((unused))value _unit)\n#else\n\1value _unit)\n#endif/g' @srcdir@/pkcs11_stubs.c #Sed to disable the warnings on shadowing caml__roots_block sed -i 's/\(.*\)Begin_root(\(.*\)/\/* We add this because of possible shadow warning *\/\n\/* (this is not our code: these are camlidl macros)*\/\n#if GCC_VERSION > 40600\n#pragma GCC diagnostic push\n#pragma GCC diagnostic ignored \"-Wshadow\"\n#endif\n\1Begin_root(\2\n#if GCC_VERSION > 40600\n#pragma GCC diagnostic pop\n#endif/g' @srcdir@/pkcs11_stubs.c sed -i 's/\(.*\)Begin_roots_block(\(.*\)/\/* We add this because of possible shadow warning *\/\n\/* (this is not our code: these are camlidl macros)*\/\n#if GCC_VERSION > 40600\n#pragma GCC diagnostic push\n#pragma GCC diagnostic ignored \"-Wshadow\"\n#endif\n\1Begin_roots_block(\2\n#if GCC_VERSION > 40600\n#pragma GCC diagnostic pop\n#endif/g' @srcdir@/pkcs11_stubs.c clean_idl: @rm -f @srcdir@/pkcs11.h @srcdir@/pkcs11_stubs.c @srcdir@/pkcs11.mli @srcdir@/pkcs11.ml clean: @rm -f @srcdir@/*.cmi @srcdir@/*.cmx @srcdir@/*.o @srcdir@/*.cmo @srcdir@/*~ @srcdir@/*.opt @srcdir@/*.cmxa @srcdir@/*.a @srcdir@/*.cma @srcdir@/*.so caml-crush-1.0.12/src/bindings-pkcs11/PRESENT_tables.h000066400000000000000000001721211414774042300221520ustar00rootroot00000000000000/*------------------------ MIT License HEADER ------------------------------------ Copyright ANSSI and NTU (2015) Contributors: Ryad BENADJILA [ryadbenadjila@gmail.com] and Jian GUO [ntu.guo@gmail.com] and Victor LOMNE [victor.lomne@ssi.gouv.fr] and Thomas PEYRIN [thomas.peyrin@gmail.com] This software is a computer program whose purpose is to implement lightweight block ciphers with different optimizations for the x86 platform. Three algorithms have been implemented: PRESENT, LED and Piccolo. Three techniques have been explored: table based implementations, vperm (for vector permutation) and bitslice implementations. For more details, please refer to the SAC 2013 paper: http://eprint.iacr.org/2013/445 as well as the documentation of the project. Here is a big picture of how the code is divided: - src/common contains common headers, structures and functions. - src/table contains table based implementations, with the code that generates the tables in src/table/gen_tables. The code here is written in pure C so it should compile on any platform (x86 and other architectures), as well as any OS flavour (*nix, Windows ...). - src/vperm contains vperm based implementations. They are written in inline assembly for x86_64 and will only compile and work on this platform. The code only compiles with gcc, but porting it to other assembly flavours should not be too complicated. - src/bitslice contains bitslice based implementations. They are written in asm intrinsics. It should compile and run on i386 as well as x86_64 platforms, and it should be portable to other OS flavours since intrinsics are standard among many compilers. Note: vperm and bitslice implementations require a x86 CPU with at least SSSE3 extensions. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. -------------------------- MIT License HEADER ----------------------------------*/ unsigned long long T0_PRESENT[256] = {0x0003000300000000, 0x0002000300000001, 0x0002000300010000, 0x0003000200010001, 0x0003000200000001, 0x0002000200000000, 0x0003000200010000, 0x0003000300000001, 0x0002000200010001, 0x0003000300010000, 0x0003000300010001, 0x0003000200000000, 0x0002000300000000, 0x0002000300010001, 0x0002000200000001, 0x0002000200010000, 0x0001000300000002, 0x0000000300000003, 0x0000000300010002, 0x0001000200010003, 0x0001000200000003, 0x0000000200000002, 0x0001000200010002, 0x0001000300000003, 0x0000000200010003, 0x0001000300010002, 0x0001000300010003, 0x0001000200000002, 0x0000000300000002, 0x0000000300010003, 0x0000000200000003, 0x0000000200010002, 0x0001000300020000, 0x0000000300020001, 0x0000000300030000, 0x0001000200030001, 0x0001000200020001, 0x0000000200020000, 0x0001000200030000, 0x0001000300020001, 0x0000000200030001, 0x0001000300030000, 0x0001000300030001, 0x0001000200020000, 0x0000000300020000, 0x0000000300030001, 0x0000000200020001, 0x0000000200030000, 0x0003000100020002, 0x0002000100020003, 0x0002000100030002, 0x0003000000030003, 0x0003000000020003, 0x0002000000020002, 0x0003000000030002, 0x0003000100020003, 0x0002000000030003, 0x0003000100030002, 0x0003000100030003, 0x0003000000020002, 0x0002000100020002, 0x0002000100030003, 0x0002000000020003, 0x0002000000030002, 0x0003000100000002, 0x0002000100000003, 0x0002000100010002, 0x0003000000010003, 0x0003000000000003, 0x0002000000000002, 0x0003000000010002, 0x0003000100000003, 0x0002000000010003, 0x0003000100010002, 0x0003000100010003, 0x0003000000000002, 0x0002000100000002, 0x0002000100010003, 0x0002000000000003, 0x0002000000010002, 0x0001000100000000, 0x0000000100000001, 0x0000000100010000, 0x0001000000010001, 0x0001000000000001, 0x0000000000000000, 0x0001000000010000, 0x0001000100000001, 0x0000000000010001, 0x0001000100010000, 0x0001000100010001, 0x0001000000000000, 0x0000000100000000, 0x0000000100010001, 0x0000000000000001, 0x0000000000010000, 0x0003000100020000, 0x0002000100020001, 0x0002000100030000, 0x0003000000030001, 0x0003000000020001, 0x0002000000020000, 0x0003000000030000, 0x0003000100020001, 0x0002000000030001, 0x0003000100030000, 0x0003000100030001, 0x0003000000020000, 0x0002000100020000, 0x0002000100030001, 0x0002000000020001, 0x0002000000030000, 0x0003000300000002, 0x0002000300000003, 0x0002000300010002, 0x0003000200010003, 0x0003000200000003, 0x0002000200000002, 0x0003000200010002, 0x0003000300000003, 0x0002000200010003, 0x0003000300010002, 0x0003000300010003, 0x0003000200000002, 0x0002000300000002, 0x0002000300010003, 0x0002000200000003, 0x0002000200010002, 0x0001000100020002, 0x0000000100020003, 0x0000000100030002, 0x0001000000030003, 0x0001000000020003, 0x0000000000020002, 0x0001000000030002, 0x0001000100020003, 0x0000000000030003, 0x0001000100030002, 0x0001000100030003, 0x0001000000020002, 0x0000000100020002, 0x0000000100030003, 0x0000000000020003, 0x0000000000030002, 0x0003000300020000, 0x0002000300020001, 0x0002000300030000, 0x0003000200030001, 0x0003000200020001, 0x0002000200020000, 0x0003000200030000, 0x0003000300020001, 0x0002000200030001, 0x0003000300030000, 0x0003000300030001, 0x0003000200020000, 0x0002000300020000, 0x0002000300030001, 0x0002000200020001, 0x0002000200030000, 0x0003000300020002, 0x0002000300020003, 0x0002000300030002, 0x0003000200030003, 0x0003000200020003, 0x0002000200020002, 0x0003000200030002, 0x0003000300020003, 0x0002000200030003, 0x0003000300030002, 0x0003000300030003, 0x0003000200020002, 0x0002000300020002, 0x0002000300030003, 0x0002000200020003, 0x0002000200030002, 0x0003000100000000, 0x0002000100000001, 0x0002000100010000, 0x0003000000010001, 0x0003000000000001, 0x0002000000000000, 0x0003000000010000, 0x0003000100000001, 0x0002000000010001, 0x0003000100010000, 0x0003000100010001, 0x0003000000000000, 0x0002000100000000, 0x0002000100010001, 0x0002000000000001, 0x0002000000010000, 0x0001000300000000, 0x0000000300000001, 0x0000000300010000, 0x0001000200010001, 0x0001000200000001, 0x0000000200000000, 0x0001000200010000, 0x0001000300000001, 0x0000000200010001, 0x0001000300010000, 0x0001000300010001, 0x0001000200000000, 0x0000000300000000, 0x0000000300010001, 0x0000000200000001, 0x0000000200010000, 0x0001000300020002, 0x0000000300020003, 0x0000000300030002, 0x0001000200030003, 0x0001000200020003, 0x0000000200020002, 0x0001000200030002, 0x0001000300020003, 0x0000000200030003, 0x0001000300030002, 0x0001000300030003, 0x0001000200020002, 0x0000000300020002, 0x0000000300030003, 0x0000000200020003, 0x0000000200030002, 0x0001000100000002, 0x0000000100000003, 0x0000000100010002, 0x0001000000010003, 0x0001000000000003, 0x0000000000000002, 0x0001000000010002, 0x0001000100000003, 0x0000000000010003, 0x0001000100010002, 0x0001000100010003, 0x0001000000000002, 0x0000000100000002, 0x0000000100010003, 0x0000000000000003, 0x0000000000010002, 0x0001000100020000, 0x0000000100020001, 0x0000000100030000, 0x0001000000030001, 0x0001000000020001, 0x0000000000020000, 0x0001000000030000, 0x0001000100020001, 0x0000000000030001, 0x0001000100030000, 0x0001000100030001, 0x0001000000020000, 0x0000000100020000, 0x0000000100030001, 0x0000000000020001, 0x0000000000030000}; unsigned long long T1_PRESENT[256] = {0x000c000c00000000, 0x0008000c00000004, 0x0008000c00040000, 0x000c000800040004, 0x000c000800000004, 0x0008000800000000, 0x000c000800040000, 0x000c000c00000004, 0x0008000800040004, 0x000c000c00040000, 0x000c000c00040004, 0x000c000800000000, 0x0008000c00000000, 0x0008000c00040004, 0x0008000800000004, 0x0008000800040000, 0x0004000c00000008, 0x0000000c0000000c, 0x0000000c00040008, 0x000400080004000c, 0x000400080000000c, 0x0000000800000008, 0x0004000800040008, 0x0004000c0000000c, 0x000000080004000c, 0x0004000c00040008, 0x0004000c0004000c, 0x0004000800000008, 0x0000000c00000008, 0x0000000c0004000c, 0x000000080000000c, 0x0000000800040008, 0x0004000c00080000, 0x0000000c00080004, 0x0000000c000c0000, 0x00040008000c0004, 0x0004000800080004, 0x0000000800080000, 0x00040008000c0000, 0x0004000c00080004, 0x00000008000c0004, 0x0004000c000c0000, 0x0004000c000c0004, 0x0004000800080000, 0x0000000c00080000, 0x0000000c000c0004, 0x0000000800080004, 0x00000008000c0000, 0x000c000400080008, 0x000800040008000c, 0x00080004000c0008, 0x000c0000000c000c, 0x000c00000008000c, 0x0008000000080008, 0x000c0000000c0008, 0x000c00040008000c, 0x00080000000c000c, 0x000c0004000c0008, 0x000c0004000c000c, 0x000c000000080008, 0x0008000400080008, 0x00080004000c000c, 0x000800000008000c, 0x00080000000c0008, 0x000c000400000008, 0x000800040000000c, 0x0008000400040008, 0x000c00000004000c, 0x000c00000000000c, 0x0008000000000008, 0x000c000000040008, 0x000c00040000000c, 0x000800000004000c, 0x000c000400040008, 0x000c00040004000c, 0x000c000000000008, 0x0008000400000008, 0x000800040004000c, 0x000800000000000c, 0x0008000000040008, 0x0004000400000000, 0x0000000400000004, 0x0000000400040000, 0x0004000000040004, 0x0004000000000004, 0x0000000000000000, 0x0004000000040000, 0x0004000400000004, 0x0000000000040004, 0x0004000400040000, 0x0004000400040004, 0x0004000000000000, 0x0000000400000000, 0x0000000400040004, 0x0000000000000004, 0x0000000000040000, 0x000c000400080000, 0x0008000400080004, 0x00080004000c0000, 0x000c0000000c0004, 0x000c000000080004, 0x0008000000080000, 0x000c0000000c0000, 0x000c000400080004, 0x00080000000c0004, 0x000c0004000c0000, 0x000c0004000c0004, 0x000c000000080000, 0x0008000400080000, 0x00080004000c0004, 0x0008000000080004, 0x00080000000c0000, 0x000c000c00000008, 0x0008000c0000000c, 0x0008000c00040008, 0x000c00080004000c, 0x000c00080000000c, 0x0008000800000008, 0x000c000800040008, 0x000c000c0000000c, 0x000800080004000c, 0x000c000c00040008, 0x000c000c0004000c, 0x000c000800000008, 0x0008000c00000008, 0x0008000c0004000c, 0x000800080000000c, 0x0008000800040008, 0x0004000400080008, 0x000000040008000c, 0x00000004000c0008, 0x00040000000c000c, 0x000400000008000c, 0x0000000000080008, 0x00040000000c0008, 0x000400040008000c, 0x00000000000c000c, 0x00040004000c0008, 0x00040004000c000c, 0x0004000000080008, 0x0000000400080008, 0x00000004000c000c, 0x000000000008000c, 0x00000000000c0008, 0x000c000c00080000, 0x0008000c00080004, 0x0008000c000c0000, 0x000c0008000c0004, 0x000c000800080004, 0x0008000800080000, 0x000c0008000c0000, 0x000c000c00080004, 0x00080008000c0004, 0x000c000c000c0000, 0x000c000c000c0004, 0x000c000800080000, 0x0008000c00080000, 0x0008000c000c0004, 0x0008000800080004, 0x00080008000c0000, 0x000c000c00080008, 0x0008000c0008000c, 0x0008000c000c0008, 0x000c0008000c000c, 0x000c00080008000c, 0x0008000800080008, 0x000c0008000c0008, 0x000c000c0008000c, 0x00080008000c000c, 0x000c000c000c0008, 0x000c000c000c000c, 0x000c000800080008, 0x0008000c00080008, 0x0008000c000c000c, 0x000800080008000c, 0x00080008000c0008, 0x000c000400000000, 0x0008000400000004, 0x0008000400040000, 0x000c000000040004, 0x000c000000000004, 0x0008000000000000, 0x000c000000040000, 0x000c000400000004, 0x0008000000040004, 0x000c000400040000, 0x000c000400040004, 0x000c000000000000, 0x0008000400000000, 0x0008000400040004, 0x0008000000000004, 0x0008000000040000, 0x0004000c00000000, 0x0000000c00000004, 0x0000000c00040000, 0x0004000800040004, 0x0004000800000004, 0x0000000800000000, 0x0004000800040000, 0x0004000c00000004, 0x0000000800040004, 0x0004000c00040000, 0x0004000c00040004, 0x0004000800000000, 0x0000000c00000000, 0x0000000c00040004, 0x0000000800000004, 0x0000000800040000, 0x0004000c00080008, 0x0000000c0008000c, 0x0000000c000c0008, 0x00040008000c000c, 0x000400080008000c, 0x0000000800080008, 0x00040008000c0008, 0x0004000c0008000c, 0x00000008000c000c, 0x0004000c000c0008, 0x0004000c000c000c, 0x0004000800080008, 0x0000000c00080008, 0x0000000c000c000c, 0x000000080008000c, 0x00000008000c0008, 0x0004000400000008, 0x000000040000000c, 0x0000000400040008, 0x000400000004000c, 0x000400000000000c, 0x0000000000000008, 0x0004000000040008, 0x000400040000000c, 0x000000000004000c, 0x0004000400040008, 0x000400040004000c, 0x0004000000000008, 0x0000000400000008, 0x000000040004000c, 0x000000000000000c, 0x0000000000040008, 0x0004000400080000, 0x0000000400080004, 0x00000004000c0000, 0x00040000000c0004, 0x0004000000080004, 0x0000000000080000, 0x00040000000c0000, 0x0004000400080004, 0x00000000000c0004, 0x00040004000c0000, 0x00040004000c0004, 0x0004000000080000, 0x0000000400080000, 0x00000004000c0004, 0x0000000000080004, 0x00000000000c0000}; unsigned long long T2_PRESENT[256] = {0x0030003000000000, 0x0020003000000010, 0x0020003000100000, 0x0030002000100010, 0x0030002000000010, 0x0020002000000000, 0x0030002000100000, 0x0030003000000010, 0x0020002000100010, 0x0030003000100000, 0x0030003000100010, 0x0030002000000000, 0x0020003000000000, 0x0020003000100010, 0x0020002000000010, 0x0020002000100000, 0x0010003000000020, 0x0000003000000030, 0x0000003000100020, 0x0010002000100030, 0x0010002000000030, 0x0000002000000020, 0x0010002000100020, 0x0010003000000030, 0x0000002000100030, 0x0010003000100020, 0x0010003000100030, 0x0010002000000020, 0x0000003000000020, 0x0000003000100030, 0x0000002000000030, 0x0000002000100020, 0x0010003000200000, 0x0000003000200010, 0x0000003000300000, 0x0010002000300010, 0x0010002000200010, 0x0000002000200000, 0x0010002000300000, 0x0010003000200010, 0x0000002000300010, 0x0010003000300000, 0x0010003000300010, 0x0010002000200000, 0x0000003000200000, 0x0000003000300010, 0x0000002000200010, 0x0000002000300000, 0x0030001000200020, 0x0020001000200030, 0x0020001000300020, 0x0030000000300030, 0x0030000000200030, 0x0020000000200020, 0x0030000000300020, 0x0030001000200030, 0x0020000000300030, 0x0030001000300020, 0x0030001000300030, 0x0030000000200020, 0x0020001000200020, 0x0020001000300030, 0x0020000000200030, 0x0020000000300020, 0x0030001000000020, 0x0020001000000030, 0x0020001000100020, 0x0030000000100030, 0x0030000000000030, 0x0020000000000020, 0x0030000000100020, 0x0030001000000030, 0x0020000000100030, 0x0030001000100020, 0x0030001000100030, 0x0030000000000020, 0x0020001000000020, 0x0020001000100030, 0x0020000000000030, 0x0020000000100020, 0x0010001000000000, 0x0000001000000010, 0x0000001000100000, 0x0010000000100010, 0x0010000000000010, 0x0000000000000000, 0x0010000000100000, 0x0010001000000010, 0x0000000000100010, 0x0010001000100000, 0x0010001000100010, 0x0010000000000000, 0x0000001000000000, 0x0000001000100010, 0x0000000000000010, 0x0000000000100000, 0x0030001000200000, 0x0020001000200010, 0x0020001000300000, 0x0030000000300010, 0x0030000000200010, 0x0020000000200000, 0x0030000000300000, 0x0030001000200010, 0x0020000000300010, 0x0030001000300000, 0x0030001000300010, 0x0030000000200000, 0x0020001000200000, 0x0020001000300010, 0x0020000000200010, 0x0020000000300000, 0x0030003000000020, 0x0020003000000030, 0x0020003000100020, 0x0030002000100030, 0x0030002000000030, 0x0020002000000020, 0x0030002000100020, 0x0030003000000030, 0x0020002000100030, 0x0030003000100020, 0x0030003000100030, 0x0030002000000020, 0x0020003000000020, 0x0020003000100030, 0x0020002000000030, 0x0020002000100020, 0x0010001000200020, 0x0000001000200030, 0x0000001000300020, 0x0010000000300030, 0x0010000000200030, 0x0000000000200020, 0x0010000000300020, 0x0010001000200030, 0x0000000000300030, 0x0010001000300020, 0x0010001000300030, 0x0010000000200020, 0x0000001000200020, 0x0000001000300030, 0x0000000000200030, 0x0000000000300020, 0x0030003000200000, 0x0020003000200010, 0x0020003000300000, 0x0030002000300010, 0x0030002000200010, 0x0020002000200000, 0x0030002000300000, 0x0030003000200010, 0x0020002000300010, 0x0030003000300000, 0x0030003000300010, 0x0030002000200000, 0x0020003000200000, 0x0020003000300010, 0x0020002000200010, 0x0020002000300000, 0x0030003000200020, 0x0020003000200030, 0x0020003000300020, 0x0030002000300030, 0x0030002000200030, 0x0020002000200020, 0x0030002000300020, 0x0030003000200030, 0x0020002000300030, 0x0030003000300020, 0x0030003000300030, 0x0030002000200020, 0x0020003000200020, 0x0020003000300030, 0x0020002000200030, 0x0020002000300020, 0x0030001000000000, 0x0020001000000010, 0x0020001000100000, 0x0030000000100010, 0x0030000000000010, 0x0020000000000000, 0x0030000000100000, 0x0030001000000010, 0x0020000000100010, 0x0030001000100000, 0x0030001000100010, 0x0030000000000000, 0x0020001000000000, 0x0020001000100010, 0x0020000000000010, 0x0020000000100000, 0x0010003000000000, 0x0000003000000010, 0x0000003000100000, 0x0010002000100010, 0x0010002000000010, 0x0000002000000000, 0x0010002000100000, 0x0010003000000010, 0x0000002000100010, 0x0010003000100000, 0x0010003000100010, 0x0010002000000000, 0x0000003000000000, 0x0000003000100010, 0x0000002000000010, 0x0000002000100000, 0x0010003000200020, 0x0000003000200030, 0x0000003000300020, 0x0010002000300030, 0x0010002000200030, 0x0000002000200020, 0x0010002000300020, 0x0010003000200030, 0x0000002000300030, 0x0010003000300020, 0x0010003000300030, 0x0010002000200020, 0x0000003000200020, 0x0000003000300030, 0x0000002000200030, 0x0000002000300020, 0x0010001000000020, 0x0000001000000030, 0x0000001000100020, 0x0010000000100030, 0x0010000000000030, 0x0000000000000020, 0x0010000000100020, 0x0010001000000030, 0x0000000000100030, 0x0010001000100020, 0x0010001000100030, 0x0010000000000020, 0x0000001000000020, 0x0000001000100030, 0x0000000000000030, 0x0000000000100020, 0x0010001000200000, 0x0000001000200010, 0x0000001000300000, 0x0010000000300010, 0x0010000000200010, 0x0000000000200000, 0x0010000000300000, 0x0010001000200010, 0x0000000000300010, 0x0010001000300000, 0x0010001000300010, 0x0010000000200000, 0x0000001000200000, 0x0000001000300010, 0x0000000000200010, 0x0000000000300000}; unsigned long long T3_PRESENT[256] = {0x00c000c000000000, 0x008000c000000040, 0x008000c000400000, 0x00c0008000400040, 0x00c0008000000040, 0x0080008000000000, 0x00c0008000400000, 0x00c000c000000040, 0x0080008000400040, 0x00c000c000400000, 0x00c000c000400040, 0x00c0008000000000, 0x008000c000000000, 0x008000c000400040, 0x0080008000000040, 0x0080008000400000, 0x004000c000000080, 0x000000c0000000c0, 0x000000c000400080, 0x00400080004000c0, 0x00400080000000c0, 0x0000008000000080, 0x0040008000400080, 0x004000c0000000c0, 0x00000080004000c0, 0x004000c000400080, 0x004000c0004000c0, 0x0040008000000080, 0x000000c000000080, 0x000000c0004000c0, 0x00000080000000c0, 0x0000008000400080, 0x004000c000800000, 0x000000c000800040, 0x000000c000c00000, 0x0040008000c00040, 0x0040008000800040, 0x0000008000800000, 0x0040008000c00000, 0x004000c000800040, 0x0000008000c00040, 0x004000c000c00000, 0x004000c000c00040, 0x0040008000800000, 0x000000c000800000, 0x000000c000c00040, 0x0000008000800040, 0x0000008000c00000, 0x00c0004000800080, 0x00800040008000c0, 0x0080004000c00080, 0x00c0000000c000c0, 0x00c00000008000c0, 0x0080000000800080, 0x00c0000000c00080, 0x00c00040008000c0, 0x0080000000c000c0, 0x00c0004000c00080, 0x00c0004000c000c0, 0x00c0000000800080, 0x0080004000800080, 0x0080004000c000c0, 0x00800000008000c0, 0x0080000000c00080, 0x00c0004000000080, 0x00800040000000c0, 0x0080004000400080, 0x00c00000004000c0, 0x00c00000000000c0, 0x0080000000000080, 0x00c0000000400080, 0x00c00040000000c0, 0x00800000004000c0, 0x00c0004000400080, 0x00c00040004000c0, 0x00c0000000000080, 0x0080004000000080, 0x00800040004000c0, 0x00800000000000c0, 0x0080000000400080, 0x0040004000000000, 0x0000004000000040, 0x0000004000400000, 0x0040000000400040, 0x0040000000000040, 0x0000000000000000, 0x0040000000400000, 0x0040004000000040, 0x0000000000400040, 0x0040004000400000, 0x0040004000400040, 0x0040000000000000, 0x0000004000000000, 0x0000004000400040, 0x0000000000000040, 0x0000000000400000, 0x00c0004000800000, 0x0080004000800040, 0x0080004000c00000, 0x00c0000000c00040, 0x00c0000000800040, 0x0080000000800000, 0x00c0000000c00000, 0x00c0004000800040, 0x0080000000c00040, 0x00c0004000c00000, 0x00c0004000c00040, 0x00c0000000800000, 0x0080004000800000, 0x0080004000c00040, 0x0080000000800040, 0x0080000000c00000, 0x00c000c000000080, 0x008000c0000000c0, 0x008000c000400080, 0x00c00080004000c0, 0x00c00080000000c0, 0x0080008000000080, 0x00c0008000400080, 0x00c000c0000000c0, 0x00800080004000c0, 0x00c000c000400080, 0x00c000c0004000c0, 0x00c0008000000080, 0x008000c000000080, 0x008000c0004000c0, 0x00800080000000c0, 0x0080008000400080, 0x0040004000800080, 0x00000040008000c0, 0x0000004000c00080, 0x0040000000c000c0, 0x00400000008000c0, 0x0000000000800080, 0x0040000000c00080, 0x00400040008000c0, 0x0000000000c000c0, 0x0040004000c00080, 0x0040004000c000c0, 0x0040000000800080, 0x0000004000800080, 0x0000004000c000c0, 0x00000000008000c0, 0x0000000000c00080, 0x00c000c000800000, 0x008000c000800040, 0x008000c000c00000, 0x00c0008000c00040, 0x00c0008000800040, 0x0080008000800000, 0x00c0008000c00000, 0x00c000c000800040, 0x0080008000c00040, 0x00c000c000c00000, 0x00c000c000c00040, 0x00c0008000800000, 0x008000c000800000, 0x008000c000c00040, 0x0080008000800040, 0x0080008000c00000, 0x00c000c000800080, 0x008000c0008000c0, 0x008000c000c00080, 0x00c0008000c000c0, 0x00c00080008000c0, 0x0080008000800080, 0x00c0008000c00080, 0x00c000c0008000c0, 0x0080008000c000c0, 0x00c000c000c00080, 0x00c000c000c000c0, 0x00c0008000800080, 0x008000c000800080, 0x008000c000c000c0, 0x00800080008000c0, 0x0080008000c00080, 0x00c0004000000000, 0x0080004000000040, 0x0080004000400000, 0x00c0000000400040, 0x00c0000000000040, 0x0080000000000000, 0x00c0000000400000, 0x00c0004000000040, 0x0080000000400040, 0x00c0004000400000, 0x00c0004000400040, 0x00c0000000000000, 0x0080004000000000, 0x0080004000400040, 0x0080000000000040, 0x0080000000400000, 0x004000c000000000, 0x000000c000000040, 0x000000c000400000, 0x0040008000400040, 0x0040008000000040, 0x0000008000000000, 0x0040008000400000, 0x004000c000000040, 0x0000008000400040, 0x004000c000400000, 0x004000c000400040, 0x0040008000000000, 0x000000c000000000, 0x000000c000400040, 0x0000008000000040, 0x0000008000400000, 0x004000c000800080, 0x000000c0008000c0, 0x000000c000c00080, 0x0040008000c000c0, 0x00400080008000c0, 0x0000008000800080, 0x0040008000c00080, 0x004000c0008000c0, 0x0000008000c000c0, 0x004000c000c00080, 0x004000c000c000c0, 0x0040008000800080, 0x000000c000800080, 0x000000c000c000c0, 0x00000080008000c0, 0x0000008000c00080, 0x0040004000000080, 0x00000040000000c0, 0x0000004000400080, 0x00400000004000c0, 0x00400000000000c0, 0x0000000000000080, 0x0040000000400080, 0x00400040000000c0, 0x00000000004000c0, 0x0040004000400080, 0x00400040004000c0, 0x0040000000000080, 0x0000004000000080, 0x00000040004000c0, 0x00000000000000c0, 0x0000000000400080, 0x0040004000800000, 0x0000004000800040, 0x0000004000c00000, 0x0040000000c00040, 0x0040000000800040, 0x0000000000800000, 0x0040000000c00000, 0x0040004000800040, 0x0000000000c00040, 0x0040004000c00000, 0x0040004000c00040, 0x0040000000800000, 0x0000004000800000, 0x0000004000c00040, 0x0000000000800040, 0x0000000000c00000}; unsigned long long T4_PRESENT[256] = {0x0300030000000000, 0x0200030000000100, 0x0200030001000000, 0x0300020001000100, 0x0300020000000100, 0x0200020000000000, 0x0300020001000000, 0x0300030000000100, 0x0200020001000100, 0x0300030001000000, 0x0300030001000100, 0x0300020000000000, 0x0200030000000000, 0x0200030001000100, 0x0200020000000100, 0x0200020001000000, 0x0100030000000200, 0x0000030000000300, 0x0000030001000200, 0x0100020001000300, 0x0100020000000300, 0x0000020000000200, 0x0100020001000200, 0x0100030000000300, 0x0000020001000300, 0x0100030001000200, 0x0100030001000300, 0x0100020000000200, 0x0000030000000200, 0x0000030001000300, 0x0000020000000300, 0x0000020001000200, 0x0100030002000000, 0x0000030002000100, 0x0000030003000000, 0x0100020003000100, 0x0100020002000100, 0x0000020002000000, 0x0100020003000000, 0x0100030002000100, 0x0000020003000100, 0x0100030003000000, 0x0100030003000100, 0x0100020002000000, 0x0000030002000000, 0x0000030003000100, 0x0000020002000100, 0x0000020003000000, 0x0300010002000200, 0x0200010002000300, 0x0200010003000200, 0x0300000003000300, 0x0300000002000300, 0x0200000002000200, 0x0300000003000200, 0x0300010002000300, 0x0200000003000300, 0x0300010003000200, 0x0300010003000300, 0x0300000002000200, 0x0200010002000200, 0x0200010003000300, 0x0200000002000300, 0x0200000003000200, 0x0300010000000200, 0x0200010000000300, 0x0200010001000200, 0x0300000001000300, 0x0300000000000300, 0x0200000000000200, 0x0300000001000200, 0x0300010000000300, 0x0200000001000300, 0x0300010001000200, 0x0300010001000300, 0x0300000000000200, 0x0200010000000200, 0x0200010001000300, 0x0200000000000300, 0x0200000001000200, 0x0100010000000000, 0x0000010000000100, 0x0000010001000000, 0x0100000001000100, 0x0100000000000100, 0x0000000000000000, 0x0100000001000000, 0x0100010000000100, 0x0000000001000100, 0x0100010001000000, 0x0100010001000100, 0x0100000000000000, 0x0000010000000000, 0x0000010001000100, 0x0000000000000100, 0x0000000001000000, 0x0300010002000000, 0x0200010002000100, 0x0200010003000000, 0x0300000003000100, 0x0300000002000100, 0x0200000002000000, 0x0300000003000000, 0x0300010002000100, 0x0200000003000100, 0x0300010003000000, 0x0300010003000100, 0x0300000002000000, 0x0200010002000000, 0x0200010003000100, 0x0200000002000100, 0x0200000003000000, 0x0300030000000200, 0x0200030000000300, 0x0200030001000200, 0x0300020001000300, 0x0300020000000300, 0x0200020000000200, 0x0300020001000200, 0x0300030000000300, 0x0200020001000300, 0x0300030001000200, 0x0300030001000300, 0x0300020000000200, 0x0200030000000200, 0x0200030001000300, 0x0200020000000300, 0x0200020001000200, 0x0100010002000200, 0x0000010002000300, 0x0000010003000200, 0x0100000003000300, 0x0100000002000300, 0x0000000002000200, 0x0100000003000200, 0x0100010002000300, 0x0000000003000300, 0x0100010003000200, 0x0100010003000300, 0x0100000002000200, 0x0000010002000200, 0x0000010003000300, 0x0000000002000300, 0x0000000003000200, 0x0300030002000000, 0x0200030002000100, 0x0200030003000000, 0x0300020003000100, 0x0300020002000100, 0x0200020002000000, 0x0300020003000000, 0x0300030002000100, 0x0200020003000100, 0x0300030003000000, 0x0300030003000100, 0x0300020002000000, 0x0200030002000000, 0x0200030003000100, 0x0200020002000100, 0x0200020003000000, 0x0300030002000200, 0x0200030002000300, 0x0200030003000200, 0x0300020003000300, 0x0300020002000300, 0x0200020002000200, 0x0300020003000200, 0x0300030002000300, 0x0200020003000300, 0x0300030003000200, 0x0300030003000300, 0x0300020002000200, 0x0200030002000200, 0x0200030003000300, 0x0200020002000300, 0x0200020003000200, 0x0300010000000000, 0x0200010000000100, 0x0200010001000000, 0x0300000001000100, 0x0300000000000100, 0x0200000000000000, 0x0300000001000000, 0x0300010000000100, 0x0200000001000100, 0x0300010001000000, 0x0300010001000100, 0x0300000000000000, 0x0200010000000000, 0x0200010001000100, 0x0200000000000100, 0x0200000001000000, 0x0100030000000000, 0x0000030000000100, 0x0000030001000000, 0x0100020001000100, 0x0100020000000100, 0x0000020000000000, 0x0100020001000000, 0x0100030000000100, 0x0000020001000100, 0x0100030001000000, 0x0100030001000100, 0x0100020000000000, 0x0000030000000000, 0x0000030001000100, 0x0000020000000100, 0x0000020001000000, 0x0100030002000200, 0x0000030002000300, 0x0000030003000200, 0x0100020003000300, 0x0100020002000300, 0x0000020002000200, 0x0100020003000200, 0x0100030002000300, 0x0000020003000300, 0x0100030003000200, 0x0100030003000300, 0x0100020002000200, 0x0000030002000200, 0x0000030003000300, 0x0000020002000300, 0x0000020003000200, 0x0100010000000200, 0x0000010000000300, 0x0000010001000200, 0x0100000001000300, 0x0100000000000300, 0x0000000000000200, 0x0100000001000200, 0x0100010000000300, 0x0000000001000300, 0x0100010001000200, 0x0100010001000300, 0x0100000000000200, 0x0000010000000200, 0x0000010001000300, 0x0000000000000300, 0x0000000001000200, 0x0100010002000000, 0x0000010002000100, 0x0000010003000000, 0x0100000003000100, 0x0100000002000100, 0x0000000002000000, 0x0100000003000000, 0x0100010002000100, 0x0000000003000100, 0x0100010003000000, 0x0100010003000100, 0x0100000002000000, 0x0000010002000000, 0x0000010003000100, 0x0000000002000100, 0x0000000003000000}; unsigned long long T5_PRESENT[256] = {0x0c000c0000000000, 0x08000c0000000400, 0x08000c0004000000, 0x0c00080004000400, 0x0c00080000000400, 0x0800080000000000, 0x0c00080004000000, 0x0c000c0000000400, 0x0800080004000400, 0x0c000c0004000000, 0x0c000c0004000400, 0x0c00080000000000, 0x08000c0000000000, 0x08000c0004000400, 0x0800080000000400, 0x0800080004000000, 0x04000c0000000800, 0x00000c0000000c00, 0x00000c0004000800, 0x0400080004000c00, 0x0400080000000c00, 0x0000080000000800, 0x0400080004000800, 0x04000c0000000c00, 0x0000080004000c00, 0x04000c0004000800, 0x04000c0004000c00, 0x0400080000000800, 0x00000c0000000800, 0x00000c0004000c00, 0x0000080000000c00, 0x0000080004000800, 0x04000c0008000000, 0x00000c0008000400, 0x00000c000c000000, 0x040008000c000400, 0x0400080008000400, 0x0000080008000000, 0x040008000c000000, 0x04000c0008000400, 0x000008000c000400, 0x04000c000c000000, 0x04000c000c000400, 0x0400080008000000, 0x00000c0008000000, 0x00000c000c000400, 0x0000080008000400, 0x000008000c000000, 0x0c00040008000800, 0x0800040008000c00, 0x080004000c000800, 0x0c0000000c000c00, 0x0c00000008000c00, 0x0800000008000800, 0x0c0000000c000800, 0x0c00040008000c00, 0x080000000c000c00, 0x0c0004000c000800, 0x0c0004000c000c00, 0x0c00000008000800, 0x0800040008000800, 0x080004000c000c00, 0x0800000008000c00, 0x080000000c000800, 0x0c00040000000800, 0x0800040000000c00, 0x0800040004000800, 0x0c00000004000c00, 0x0c00000000000c00, 0x0800000000000800, 0x0c00000004000800, 0x0c00040000000c00, 0x0800000004000c00, 0x0c00040004000800, 0x0c00040004000c00, 0x0c00000000000800, 0x0800040000000800, 0x0800040004000c00, 0x0800000000000c00, 0x0800000004000800, 0x0400040000000000, 0x0000040000000400, 0x0000040004000000, 0x0400000004000400, 0x0400000000000400, 0x0000000000000000, 0x0400000004000000, 0x0400040000000400, 0x0000000004000400, 0x0400040004000000, 0x0400040004000400, 0x0400000000000000, 0x0000040000000000, 0x0000040004000400, 0x0000000000000400, 0x0000000004000000, 0x0c00040008000000, 0x0800040008000400, 0x080004000c000000, 0x0c0000000c000400, 0x0c00000008000400, 0x0800000008000000, 0x0c0000000c000000, 0x0c00040008000400, 0x080000000c000400, 0x0c0004000c000000, 0x0c0004000c000400, 0x0c00000008000000, 0x0800040008000000, 0x080004000c000400, 0x0800000008000400, 0x080000000c000000, 0x0c000c0000000800, 0x08000c0000000c00, 0x08000c0004000800, 0x0c00080004000c00, 0x0c00080000000c00, 0x0800080000000800, 0x0c00080004000800, 0x0c000c0000000c00, 0x0800080004000c00, 0x0c000c0004000800, 0x0c000c0004000c00, 0x0c00080000000800, 0x08000c0000000800, 0x08000c0004000c00, 0x0800080000000c00, 0x0800080004000800, 0x0400040008000800, 0x0000040008000c00, 0x000004000c000800, 0x040000000c000c00, 0x0400000008000c00, 0x0000000008000800, 0x040000000c000800, 0x0400040008000c00, 0x000000000c000c00, 0x040004000c000800, 0x040004000c000c00, 0x0400000008000800, 0x0000040008000800, 0x000004000c000c00, 0x0000000008000c00, 0x000000000c000800, 0x0c000c0008000000, 0x08000c0008000400, 0x08000c000c000000, 0x0c0008000c000400, 0x0c00080008000400, 0x0800080008000000, 0x0c0008000c000000, 0x0c000c0008000400, 0x080008000c000400, 0x0c000c000c000000, 0x0c000c000c000400, 0x0c00080008000000, 0x08000c0008000000, 0x08000c000c000400, 0x0800080008000400, 0x080008000c000000, 0x0c000c0008000800, 0x08000c0008000c00, 0x08000c000c000800, 0x0c0008000c000c00, 0x0c00080008000c00, 0x0800080008000800, 0x0c0008000c000800, 0x0c000c0008000c00, 0x080008000c000c00, 0x0c000c000c000800, 0x0c000c000c000c00, 0x0c00080008000800, 0x08000c0008000800, 0x08000c000c000c00, 0x0800080008000c00, 0x080008000c000800, 0x0c00040000000000, 0x0800040000000400, 0x0800040004000000, 0x0c00000004000400, 0x0c00000000000400, 0x0800000000000000, 0x0c00000004000000, 0x0c00040000000400, 0x0800000004000400, 0x0c00040004000000, 0x0c00040004000400, 0x0c00000000000000, 0x0800040000000000, 0x0800040004000400, 0x0800000000000400, 0x0800000004000000, 0x04000c0000000000, 0x00000c0000000400, 0x00000c0004000000, 0x0400080004000400, 0x0400080000000400, 0x0000080000000000, 0x0400080004000000, 0x04000c0000000400, 0x0000080004000400, 0x04000c0004000000, 0x04000c0004000400, 0x0400080000000000, 0x00000c0000000000, 0x00000c0004000400, 0x0000080000000400, 0x0000080004000000, 0x04000c0008000800, 0x00000c0008000c00, 0x00000c000c000800, 0x040008000c000c00, 0x0400080008000c00, 0x0000080008000800, 0x040008000c000800, 0x04000c0008000c00, 0x000008000c000c00, 0x04000c000c000800, 0x04000c000c000c00, 0x0400080008000800, 0x00000c0008000800, 0x00000c000c000c00, 0x0000080008000c00, 0x000008000c000800, 0x0400040000000800, 0x0000040000000c00, 0x0000040004000800, 0x0400000004000c00, 0x0400000000000c00, 0x0000000000000800, 0x0400000004000800, 0x0400040000000c00, 0x0000000004000c00, 0x0400040004000800, 0x0400040004000c00, 0x0400000000000800, 0x0000040000000800, 0x0000040004000c00, 0x0000000000000c00, 0x0000000004000800, 0x0400040008000000, 0x0000040008000400, 0x000004000c000000, 0x040000000c000400, 0x0400000008000400, 0x0000000008000000, 0x040000000c000000, 0x0400040008000400, 0x000000000c000400, 0x040004000c000000, 0x040004000c000400, 0x0400000008000000, 0x0000040008000000, 0x000004000c000400, 0x0000000008000400, 0x000000000c000000}; unsigned long long T6_PRESENT[256] = {0x3000300000000000, 0x2000300000001000, 0x2000300010000000, 0x3000200010001000, 0x3000200000001000, 0x2000200000000000, 0x3000200010000000, 0x3000300000001000, 0x2000200010001000, 0x3000300010000000, 0x3000300010001000, 0x3000200000000000, 0x2000300000000000, 0x2000300010001000, 0x2000200000001000, 0x2000200010000000, 0x1000300000002000, 0x0000300000003000, 0x0000300010002000, 0x1000200010003000, 0x1000200000003000, 0x0000200000002000, 0x1000200010002000, 0x1000300000003000, 0x0000200010003000, 0x1000300010002000, 0x1000300010003000, 0x1000200000002000, 0x0000300000002000, 0x0000300010003000, 0x0000200000003000, 0x0000200010002000, 0x1000300020000000, 0x0000300020001000, 0x0000300030000000, 0x1000200030001000, 0x1000200020001000, 0x0000200020000000, 0x1000200030000000, 0x1000300020001000, 0x0000200030001000, 0x1000300030000000, 0x1000300030001000, 0x1000200020000000, 0x0000300020000000, 0x0000300030001000, 0x0000200020001000, 0x0000200030000000, 0x3000100020002000, 0x2000100020003000, 0x2000100030002000, 0x3000000030003000, 0x3000000020003000, 0x2000000020002000, 0x3000000030002000, 0x3000100020003000, 0x2000000030003000, 0x3000100030002000, 0x3000100030003000, 0x3000000020002000, 0x2000100020002000, 0x2000100030003000, 0x2000000020003000, 0x2000000030002000, 0x3000100000002000, 0x2000100000003000, 0x2000100010002000, 0x3000000010003000, 0x3000000000003000, 0x2000000000002000, 0x3000000010002000, 0x3000100000003000, 0x2000000010003000, 0x3000100010002000, 0x3000100010003000, 0x3000000000002000, 0x2000100000002000, 0x2000100010003000, 0x2000000000003000, 0x2000000010002000, 0x1000100000000000, 0x0000100000001000, 0x0000100010000000, 0x1000000010001000, 0x1000000000001000, 0x0000000000000000, 0x1000000010000000, 0x1000100000001000, 0x0000000010001000, 0x1000100010000000, 0x1000100010001000, 0x1000000000000000, 0x0000100000000000, 0x0000100010001000, 0x0000000000001000, 0x0000000010000000, 0x3000100020000000, 0x2000100020001000, 0x2000100030000000, 0x3000000030001000, 0x3000000020001000, 0x2000000020000000, 0x3000000030000000, 0x3000100020001000, 0x2000000030001000, 0x3000100030000000, 0x3000100030001000, 0x3000000020000000, 0x2000100020000000, 0x2000100030001000, 0x2000000020001000, 0x2000000030000000, 0x3000300000002000, 0x2000300000003000, 0x2000300010002000, 0x3000200010003000, 0x3000200000003000, 0x2000200000002000, 0x3000200010002000, 0x3000300000003000, 0x2000200010003000, 0x3000300010002000, 0x3000300010003000, 0x3000200000002000, 0x2000300000002000, 0x2000300010003000, 0x2000200000003000, 0x2000200010002000, 0x1000100020002000, 0x0000100020003000, 0x0000100030002000, 0x1000000030003000, 0x1000000020003000, 0x0000000020002000, 0x1000000030002000, 0x1000100020003000, 0x0000000030003000, 0x1000100030002000, 0x1000100030003000, 0x1000000020002000, 0x0000100020002000, 0x0000100030003000, 0x0000000020003000, 0x0000000030002000, 0x3000300020000000, 0x2000300020001000, 0x2000300030000000, 0x3000200030001000, 0x3000200020001000, 0x2000200020000000, 0x3000200030000000, 0x3000300020001000, 0x2000200030001000, 0x3000300030000000, 0x3000300030001000, 0x3000200020000000, 0x2000300020000000, 0x2000300030001000, 0x2000200020001000, 0x2000200030000000, 0x3000300020002000, 0x2000300020003000, 0x2000300030002000, 0x3000200030003000, 0x3000200020003000, 0x2000200020002000, 0x3000200030002000, 0x3000300020003000, 0x2000200030003000, 0x3000300030002000, 0x3000300030003000, 0x3000200020002000, 0x2000300020002000, 0x2000300030003000, 0x2000200020003000, 0x2000200030002000, 0x3000100000000000, 0x2000100000001000, 0x2000100010000000, 0x3000000010001000, 0x3000000000001000, 0x2000000000000000, 0x3000000010000000, 0x3000100000001000, 0x2000000010001000, 0x3000100010000000, 0x3000100010001000, 0x3000000000000000, 0x2000100000000000, 0x2000100010001000, 0x2000000000001000, 0x2000000010000000, 0x1000300000000000, 0x0000300000001000, 0x0000300010000000, 0x1000200010001000, 0x1000200000001000, 0x0000200000000000, 0x1000200010000000, 0x1000300000001000, 0x0000200010001000, 0x1000300010000000, 0x1000300010001000, 0x1000200000000000, 0x0000300000000000, 0x0000300010001000, 0x0000200000001000, 0x0000200010000000, 0x1000300020002000, 0x0000300020003000, 0x0000300030002000, 0x1000200030003000, 0x1000200020003000, 0x0000200020002000, 0x1000200030002000, 0x1000300020003000, 0x0000200030003000, 0x1000300030002000, 0x1000300030003000, 0x1000200020002000, 0x0000300020002000, 0x0000300030003000, 0x0000200020003000, 0x0000200030002000, 0x1000100000002000, 0x0000100000003000, 0x0000100010002000, 0x1000000010003000, 0x1000000000003000, 0x0000000000002000, 0x1000000010002000, 0x1000100000003000, 0x0000000010003000, 0x1000100010002000, 0x1000100010003000, 0x1000000000002000, 0x0000100000002000, 0x0000100010003000, 0x0000000000003000, 0x0000000010002000, 0x1000100020000000, 0x0000100020001000, 0x0000100030000000, 0x1000000030001000, 0x1000000020001000, 0x0000000020000000, 0x1000000030000000, 0x1000100020001000, 0x0000000030001000, 0x1000100030000000, 0x1000100030001000, 0x1000000020000000, 0x0000100020000000, 0x0000100030001000, 0x0000000020001000, 0x0000000030000000}; unsigned long long T7_PRESENT[256] = {0xc000c00000000000, 0x8000c00000004000, 0x8000c00040000000, 0xc000800040004000, 0xc000800000004000, 0x8000800000000000, 0xc000800040000000, 0xc000c00000004000, 0x8000800040004000, 0xc000c00040000000, 0xc000c00040004000, 0xc000800000000000, 0x8000c00000000000, 0x8000c00040004000, 0x8000800000004000, 0x8000800040000000, 0x4000c00000008000, 0x0000c0000000c000, 0x0000c00040008000, 0x400080004000c000, 0x400080000000c000, 0x0000800000008000, 0x4000800040008000, 0x4000c0000000c000, 0x000080004000c000, 0x4000c00040008000, 0x4000c0004000c000, 0x4000800000008000, 0x0000c00000008000, 0x0000c0004000c000, 0x000080000000c000, 0x0000800040008000, 0x4000c00080000000, 0x0000c00080004000, 0x0000c000c0000000, 0x40008000c0004000, 0x4000800080004000, 0x0000800080000000, 0x40008000c0000000, 0x4000c00080004000, 0x00008000c0004000, 0x4000c000c0000000, 0x4000c000c0004000, 0x4000800080000000, 0x0000c00080000000, 0x0000c000c0004000, 0x0000800080004000, 0x00008000c0000000, 0xc000400080008000, 0x800040008000c000, 0x80004000c0008000, 0xc0000000c000c000, 0xc00000008000c000, 0x8000000080008000, 0xc0000000c0008000, 0xc00040008000c000, 0x80000000c000c000, 0xc0004000c0008000, 0xc0004000c000c000, 0xc000000080008000, 0x8000400080008000, 0x80004000c000c000, 0x800000008000c000, 0x80000000c0008000, 0xc000400000008000, 0x800040000000c000, 0x8000400040008000, 0xc00000004000c000, 0xc00000000000c000, 0x8000000000008000, 0xc000000040008000, 0xc00040000000c000, 0x800000004000c000, 0xc000400040008000, 0xc00040004000c000, 0xc000000000008000, 0x8000400000008000, 0x800040004000c000, 0x800000000000c000, 0x8000000040008000, 0x4000400000000000, 0x0000400000004000, 0x0000400040000000, 0x4000000040004000, 0x4000000000004000, 0x0000000000000000, 0x4000000040000000, 0x4000400000004000, 0x0000000040004000, 0x4000400040000000, 0x4000400040004000, 0x4000000000000000, 0x0000400000000000, 0x0000400040004000, 0x0000000000004000, 0x0000000040000000, 0xc000400080000000, 0x8000400080004000, 0x80004000c0000000, 0xc0000000c0004000, 0xc000000080004000, 0x8000000080000000, 0xc0000000c0000000, 0xc000400080004000, 0x80000000c0004000, 0xc0004000c0000000, 0xc0004000c0004000, 0xc000000080000000, 0x8000400080000000, 0x80004000c0004000, 0x8000000080004000, 0x80000000c0000000, 0xc000c00000008000, 0x8000c0000000c000, 0x8000c00040008000, 0xc00080004000c000, 0xc00080000000c000, 0x8000800000008000, 0xc000800040008000, 0xc000c0000000c000, 0x800080004000c000, 0xc000c00040008000, 0xc000c0004000c000, 0xc000800000008000, 0x8000c00000008000, 0x8000c0004000c000, 0x800080000000c000, 0x8000800040008000, 0x4000400080008000, 0x000040008000c000, 0x00004000c0008000, 0x40000000c000c000, 0x400000008000c000, 0x0000000080008000, 0x40000000c0008000, 0x400040008000c000, 0x00000000c000c000, 0x40004000c0008000, 0x40004000c000c000, 0x4000000080008000, 0x0000400080008000, 0x00004000c000c000, 0x000000008000c000, 0x00000000c0008000, 0xc000c00080000000, 0x8000c00080004000, 0x8000c000c0000000, 0xc0008000c0004000, 0xc000800080004000, 0x8000800080000000, 0xc0008000c0000000, 0xc000c00080004000, 0x80008000c0004000, 0xc000c000c0000000, 0xc000c000c0004000, 0xc000800080000000, 0x8000c00080000000, 0x8000c000c0004000, 0x8000800080004000, 0x80008000c0000000, 0xc000c00080008000, 0x8000c0008000c000, 0x8000c000c0008000, 0xc0008000c000c000, 0xc00080008000c000, 0x8000800080008000, 0xc0008000c0008000, 0xc000c0008000c000, 0x80008000c000c000, 0xc000c000c0008000, 0xc000c000c000c000, 0xc000800080008000, 0x8000c00080008000, 0x8000c000c000c000, 0x800080008000c000, 0x80008000c0008000, 0xc000400000000000, 0x8000400000004000, 0x8000400040000000, 0xc000000040004000, 0xc000000000004000, 0x8000000000000000, 0xc000000040000000, 0xc000400000004000, 0x8000000040004000, 0xc000400040000000, 0xc000400040004000, 0xc000000000000000, 0x8000400000000000, 0x8000400040004000, 0x8000000000004000, 0x8000000040000000, 0x4000c00000000000, 0x0000c00000004000, 0x0000c00040000000, 0x4000800040004000, 0x4000800000004000, 0x0000800000000000, 0x4000800040000000, 0x4000c00000004000, 0x0000800040004000, 0x4000c00040000000, 0x4000c00040004000, 0x4000800000000000, 0x0000c00000000000, 0x0000c00040004000, 0x0000800000004000, 0x0000800040000000, 0x4000c00080008000, 0x0000c0008000c000, 0x0000c000c0008000, 0x40008000c000c000, 0x400080008000c000, 0x0000800080008000, 0x40008000c0008000, 0x4000c0008000c000, 0x00008000c000c000, 0x4000c000c0008000, 0x4000c000c000c000, 0x4000800080008000, 0x0000c00080008000, 0x0000c000c000c000, 0x000080008000c000, 0x00008000c0008000, 0x4000400000008000, 0x000040000000c000, 0x0000400040008000, 0x400000004000c000, 0x400000000000c000, 0x0000000000008000, 0x4000000040008000, 0x400040000000c000, 0x000000004000c000, 0x4000400040008000, 0x400040004000c000, 0x4000000000008000, 0x0000400000008000, 0x000040004000c000, 0x000000000000c000, 0x0000000040008000, 0x4000400080000000, 0x0000400080004000, 0x00004000c0000000, 0x40000000c0004000, 0x4000000080004000, 0x0000000080000000, 0x40000000c0000000, 0x4000400080004000, 0x00000000c0004000, 0x40004000c0000000, 0x40004000c0004000, 0x4000000080000000, 0x0000400080000000, 0x00004000c0004000, 0x0000000080004000, 0x00000000c0000000}; unsigned long long TroundCounters80[31] = {0x0000000000040000, 0x0000000000080000, 0x00000000000c0000, 0x0000000000100000, 0x0000000000140000, 0x0000000000180000, 0x00000000001c0000, 0x0000000000200000, 0x0000000000240000, 0x0000000000280000, 0x00000000002c0000, 0x0000000000300000, 0x0000000000340000, 0x0000000000380000, 0x00000000003c0000, 0x0000000000400000, 0x0000000000440000, 0x0000000000480000, 0x00000000004c0000, 0x0000000000500000, 0x0000000000540000, 0x0000000000580000, 0x00000000005c0000, 0x0000000000600000, 0x0000000000640000, 0x0000000000680000, 0x00000000006c0000, 0x0000000000700000, 0x0000000000740000, 0x0000000000780000, 0x00000000007c0000}; unsigned long long TsboxKS80[16] = {0xc000000000000000, 0x5000000000000000, 0x6000000000000000, 0xb000000000000000, 0x9000000000000000, 0x0000000000000000, 0xa000000000000000, 0xd000000000000000, 0x3000000000000000, 0xe000000000000000, 0xf000000000000000, 0x8000000000000000, 0x4000000000000000, 0x7000000000000000, 0x1000000000000000, 0x2000000000000000}; unsigned long long TroundCounters128[31] = {0x0000000000000002, 0x0000000000000004, 0x0000000000000006, 0x0000000000000008, 0x000000000000000a, 0x000000000000000c, 0x000000000000000e, 0x0000000000000010, 0x0000000000000012, 0x0000000000000014, 0x0000000000000016, 0x0000000000000018, 0x000000000000001a, 0x000000000000001c, 0x000000000000001e, 0x0000000000000020, 0x0000000000000022, 0x0000000000000024, 0x0000000000000026, 0x0000000000000028, 0x000000000000002a, 0x000000000000002c, 0x000000000000002e, 0x0000000000000030, 0x0000000000000032, 0x0000000000000034, 0x0000000000000036, 0x0000000000000038, 0x000000000000003a, 0x000000000000003c, 0x000000000000003e}; unsigned long long TsboxKS128[256] = {0xcc00000000000000, 0xc500000000000000, 0xc600000000000000, 0xcb00000000000000, 0xc900000000000000, 0xc000000000000000, 0xca00000000000000, 0xcd00000000000000, 0xc300000000000000, 0xce00000000000000, 0xcf00000000000000, 0xc800000000000000, 0xc400000000000000, 0xc700000000000000, 0xc100000000000000, 0xc200000000000000, 0x5c00000000000000, 0x5500000000000000, 0x5600000000000000, 0x5b00000000000000, 0x5900000000000000, 0x5000000000000000, 0x5a00000000000000, 0x5d00000000000000, 0x5300000000000000, 0x5e00000000000000, 0x5f00000000000000, 0x5800000000000000, 0x5400000000000000, 0x5700000000000000, 0x5100000000000000, 0x5200000000000000, 0x6c00000000000000, 0x6500000000000000, 0x6600000000000000, 0x6b00000000000000, 0x6900000000000000, 0x6000000000000000, 0x6a00000000000000, 0x6d00000000000000, 0x6300000000000000, 0x6e00000000000000, 0x6f00000000000000, 0x6800000000000000, 0x6400000000000000, 0x6700000000000000, 0x6100000000000000, 0x6200000000000000, 0xbc00000000000000, 0xb500000000000000, 0xb600000000000000, 0xbb00000000000000, 0xb900000000000000, 0xb000000000000000, 0xba00000000000000, 0xbd00000000000000, 0xb300000000000000, 0xbe00000000000000, 0xbf00000000000000, 0xb800000000000000, 0xb400000000000000, 0xb700000000000000, 0xb100000000000000, 0xb200000000000000, 0x9c00000000000000, 0x9500000000000000, 0x9600000000000000, 0x9b00000000000000, 0x9900000000000000, 0x9000000000000000, 0x9a00000000000000, 0x9d00000000000000, 0x9300000000000000, 0x9e00000000000000, 0x9f00000000000000, 0x9800000000000000, 0x9400000000000000, 0x9700000000000000, 0x9100000000000000, 0x9200000000000000, 0x0c00000000000000, 0x0500000000000000, 0x0600000000000000, 0x0b00000000000000, 0x0900000000000000, 0x0000000000000000, 0x0a00000000000000, 0x0d00000000000000, 0x0300000000000000, 0x0e00000000000000, 0x0f00000000000000, 0x0800000000000000, 0x0400000000000000, 0x0700000000000000, 0x0100000000000000, 0x0200000000000000, 0xac00000000000000, 0xa500000000000000, 0xa600000000000000, 0xab00000000000000, 0xa900000000000000, 0xa000000000000000, 0xaa00000000000000, 0xad00000000000000, 0xa300000000000000, 0xae00000000000000, 0xaf00000000000000, 0xa800000000000000, 0xa400000000000000, 0xa700000000000000, 0xa100000000000000, 0xa200000000000000, 0xdc00000000000000, 0xd500000000000000, 0xd600000000000000, 0xdb00000000000000, 0xd900000000000000, 0xd000000000000000, 0xda00000000000000, 0xdd00000000000000, 0xd300000000000000, 0xde00000000000000, 0xdf00000000000000, 0xd800000000000000, 0xd400000000000000, 0xd700000000000000, 0xd100000000000000, 0xd200000000000000, 0x3c00000000000000, 0x3500000000000000, 0x3600000000000000, 0x3b00000000000000, 0x3900000000000000, 0x3000000000000000, 0x3a00000000000000, 0x3d00000000000000, 0x3300000000000000, 0x3e00000000000000, 0x3f00000000000000, 0x3800000000000000, 0x3400000000000000, 0x3700000000000000, 0x3100000000000000, 0x3200000000000000, 0xec00000000000000, 0xe500000000000000, 0xe600000000000000, 0xeb00000000000000, 0xe900000000000000, 0xe000000000000000, 0xea00000000000000, 0xed00000000000000, 0xe300000000000000, 0xee00000000000000, 0xef00000000000000, 0xe800000000000000, 0xe400000000000000, 0xe700000000000000, 0xe100000000000000, 0xe200000000000000, 0xfc00000000000000, 0xf500000000000000, 0xf600000000000000, 0xfb00000000000000, 0xf900000000000000, 0xf000000000000000, 0xfa00000000000000, 0xfd00000000000000, 0xf300000000000000, 0xfe00000000000000, 0xff00000000000000, 0xf800000000000000, 0xf400000000000000, 0xf700000000000000, 0xf100000000000000, 0xf200000000000000, 0x8c00000000000000, 0x8500000000000000, 0x8600000000000000, 0x8b00000000000000, 0x8900000000000000, 0x8000000000000000, 0x8a00000000000000, 0x8d00000000000000, 0x8300000000000000, 0x8e00000000000000, 0x8f00000000000000, 0x8800000000000000, 0x8400000000000000, 0x8700000000000000, 0x8100000000000000, 0x8200000000000000, 0x4c00000000000000, 0x4500000000000000, 0x4600000000000000, 0x4b00000000000000, 0x4900000000000000, 0x4000000000000000, 0x4a00000000000000, 0x4d00000000000000, 0x4300000000000000, 0x4e00000000000000, 0x4f00000000000000, 0x4800000000000000, 0x4400000000000000, 0x4700000000000000, 0x4100000000000000, 0x4200000000000000, 0x7c00000000000000, 0x7500000000000000, 0x7600000000000000, 0x7b00000000000000, 0x7900000000000000, 0x7000000000000000, 0x7a00000000000000, 0x7d00000000000000, 0x7300000000000000, 0x7e00000000000000, 0x7f00000000000000, 0x7800000000000000, 0x7400000000000000, 0x7700000000000000, 0x7100000000000000, 0x7200000000000000, 0x1c00000000000000, 0x1500000000000000, 0x1600000000000000, 0x1b00000000000000, 0x1900000000000000, 0x1000000000000000, 0x1a00000000000000, 0x1d00000000000000, 0x1300000000000000, 0x1e00000000000000, 0x1f00000000000000, 0x1800000000000000, 0x1400000000000000, 0x1700000000000000, 0x1100000000000000, 0x1200000000000000, 0x2c00000000000000, 0x2500000000000000, 0x2600000000000000, 0x2b00000000000000, 0x2900000000000000, 0x2000000000000000, 0x2a00000000000000, 0x2d00000000000000, 0x2300000000000000, 0x2e00000000000000, 0x2f00000000000000, 0x2800000000000000, 0x2400000000000000, 0x2700000000000000, 0x2100000000000000, 0x2200000000000000}; #include /* Types definitions */ typedef uint64_t u64; typedef uint32_t u32; typedef uint16_t u16; typedef uint8_t byte; typedef uint8_t u8; /* Parallelism definition */ #define TABLE_P 1 #define KEY128 8 #define PRESENT128_SUBKEYS_SIZE (32 * sizeof(u64)) /* Force compilation */ #define TABLE #define PRESENT128 #ifdef TABLE #ifdef TABLE #ifdef PRESENT128 void PRESENT128table_key_schedule(const u8* masterKey128, u8* roundKeys128); void PRESENT128table_core(const u8* plaintext, const u8* roundKeys128, u8* ciphertext); void PRESENT128table_cipher(const u64 plaintext_in[TABLE_P], const u16 keys_in[TABLE_P][KEY128], u64 ciphertext_out[TABLE_P]); #endif #endif /****************************************************************************************************/ /* some macros */ /* Should translate to a 'bswap' instruction in assembly */ #define BSWAP64(in) (u64)((u64)(((u64)(in) & (u64)0x00000000000000ffULL) << 56) |\ (u64)(((u64)(in) & (u64)0x000000000000ff00ULL) << 40) |\ (u64)(((u64)(in) & (u64)0x0000000000ff0000ULL) << 24) |\ (u64)(((u64)(in) & (u64)0x00000000ff000000ULL) << 8) |\ (u64)(((u64)(in) & (u64)0x000000ff00000000ULL) >> 8) |\ (u64)(((u64)(in) & (u64)0x0000ff0000000000ULL) >> 24) |\ (u64)(((u64)(in) & (u64)0x00ff000000000000ULL) >> 40) |\ (u64)(((u64)(in) & (u64)0xff00000000000000ULL) >> 56) ) /* Should translate to a 'rot' instruction in assembly */ #define ROTL64(in, l) ((in) << l) ^ ((in) >> (64-l)) #define ROTR64(in, l) ((in) >> l) ^ ((in) << (64-l)) #define MASK4 0x0f #define MASK8 0xff #define MASK16 0xffff #define PRESENTKS128(keyLow, keyHigh, round) do {\ u64 temp;\ keyLow ^= TroundCounters128[round];\ temp = keyHigh;\ keyHigh = (temp & 0x0000000000000007) << 61;\ keyHigh |= (keyLow & 0xfffffffffffffff8) >> 3;\ keyLow = (keyLow & 0x0000000000000007) << 61;\ keyLow |= (temp & 0xfffffffffffffff8) >> 3;\ temp = keyHigh >> 56;\ keyHigh &= 0x00ffffffffffffff;\ temp = TsboxKS128[temp];\ keyHigh |= temp;\ } while(0); #define PRESENTROUND(state) do {\ u64 stateIn;\ stateIn = state;\ state = T0_PRESENT[stateIn & MASK8];\ state ^= T1_PRESENT[(stateIn >> 8) & MASK8];\ state ^= T2_PRESENT[(stateIn >> 16) & MASK8];\ state ^= T3_PRESENT[(stateIn >> 24) & MASK8];\ state ^= T4_PRESENT[(stateIn >> 32) & MASK8];\ state ^= T5_PRESENT[(stateIn >> 40) & MASK8];\ state ^= T6_PRESENT[(stateIn >> 48) & MASK8];\ state ^= T7_PRESENT[(stateIn >> 56) & MASK8];\ } while(0); /****************************************************************************************************/ /* PRESENT128 key schedule */ #ifdef PRESENT128 void PRESENT128table_key_schedule(const u8* masterKey128, u8* roundKeys128) { u64 currentKeyLow, currentKeyHigh; /* get low and high parts of master key */ currentKeyHigh = BSWAP64(((u64 *)masterKey128)[0]); currentKeyLow = BSWAP64(((u64 *)masterKey128)[1]); /* get round key 0 and compute round key 1 */ ((u64 *)roundKeys128)[0] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 0); /* get round key 1 and compute round key 2 */ ((u64 *)roundKeys128)[1] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 1); /* get round key 2 and compute round key 3 */ ((u64 *)roundKeys128)[2] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 2); /* get round key 3 and compute round key 4 */ ((u64 *)roundKeys128)[3] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 3); /* get round key 4 and compute round key 5 */ ((u64 *)roundKeys128)[4] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 4); /* get round key 5 and compute round key 6 */ ((u64 *)roundKeys128)[5] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 5); /* get round key 6 and compute round key 7 */ ((u64 *)roundKeys128)[6] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 6); /* get round key 7 and compute round key 8 */ ((u64 *)roundKeys128)[7] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 7); /* get round key 8 and compute round key 9 */ ((u64 *)roundKeys128)[8] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 8); /* get round key 9 and compute round key 10 */ ((u64 *)roundKeys128)[9] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 9); /* get round key 10 and compute round key 11 */ ((u64 *)roundKeys128)[10] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 10); /* get round key 11 and compute round key 12 */ ((u64 *)roundKeys128)[11] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 11); /* get round key 12 and compute round key 13 */ ((u64 *)roundKeys128)[12] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 12); /* get round key 13 and compute round key 14 */ ((u64 *)roundKeys128)[13] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 13); /* get round key 14 and compute round key 15 */ ((u64 *)roundKeys128)[14] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 14); /* get round key 15 and compute round key 16 */ ((u64 *)roundKeys128)[15] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 15); /* get round key 16 and compute round key 17 */ ((u64 *)roundKeys128)[16] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 16); /* get round key 17 and compute round key 18 */ ((u64 *)roundKeys128)[17] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 17); /* get round key 18 and compute round key 19 */ ((u64 *)roundKeys128)[18] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 18); /* get round key 19 and compute round key 20 */ ((u64 *)roundKeys128)[19] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 19); /* get round key 20 and compute round key 21 */ ((u64 *)roundKeys128)[20] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 20); /* get round key 21 and compute round key 22 */ ((u64 *)roundKeys128)[21] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 21); /* get round key 22 and compute round key 23 */ ((u64 *)roundKeys128)[22] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 22); /* get round key 23 and compute round key 24 */ ((u64 *)roundKeys128)[23] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 23); /* get round key 24 and compute round key 25 */ ((u64 *)roundKeys128)[24] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 24); /* get round key 25 and compute round key 26 */ ((u64 *)roundKeys128)[25] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 25); /* get round key 26 and compute round key 27 */ ((u64 *)roundKeys128)[26] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 26); /* get round key 27 and compute round key 28 */ ((u64 *)roundKeys128)[27] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 27); /* get round key 28 and compute round key 29 */ ((u64 *)roundKeys128)[28] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 28); /* get round key 29 and compute round key 30 */ ((u64 *)roundKeys128)[29] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 29); /* get round key 30 and compute round key 31 */ ((u64 *)roundKeys128)[30] = currentKeyHigh; PRESENTKS128(currentKeyLow, currentKeyHigh, 30); /* get round key 31 */ ((u64 *)roundKeys128)[31] = currentKeyHigh; return; } #endif /****************************************************************************************************/ /* PRESENT128 encryption core */ #ifdef PRESENT128 void PRESENT128table_core(const u8* plaintext, const u8* roundKeys128, u8* ciphertext) { u64 * state, * roundKeys; /* cast variables */ *((u64*)ciphertext) = BSWAP64(*((u64*)plaintext)); state = (u64 *)ciphertext; roundKeys = (u64 *)roundKeys128; /* round 1 */ state[0] ^= roundKeys[0]; PRESENTROUND(state[0]); /* round 2 */ state[0] ^= roundKeys[1]; PRESENTROUND(state[0]); /* round 3 */ state[0] ^= roundKeys[2]; PRESENTROUND(state[0]); /* round 4 */ state[0] ^= roundKeys[3]; PRESENTROUND(state[0]); /* round 5 */ state[0] ^= roundKeys[4]; PRESENTROUND(state[0]); /* round 6 */ state[0] ^= roundKeys[5]; PRESENTROUND(state[0]); /* round 7 */ state[0] ^= roundKeys[6]; PRESENTROUND(state[0]); /* round 8 */ state[0] ^= roundKeys[7]; PRESENTROUND(state[0]); /* round 9 */ state[0] ^= roundKeys[8]; PRESENTROUND(state[0]); /* round 10 */ state[0] ^= roundKeys[9]; PRESENTROUND(state[0]); /* round 11 */ state[0] ^= roundKeys[10]; PRESENTROUND(state[0]); /* round 12 */ state[0] ^= roundKeys[11]; PRESENTROUND(state[0]); /* round 13 */ state[0] ^= roundKeys[12]; PRESENTROUND(state[0]); /* round 14 */ state[0] ^= roundKeys[13]; PRESENTROUND(state[0]); /* round 15 */ state[0] ^= roundKeys[14]; PRESENTROUND(state[0]); /* round 16 */ state[0] ^= roundKeys[15]; PRESENTROUND(state[0]); /* round 17 */ state[0] ^= roundKeys[16]; PRESENTROUND(state[0]); /* round 18 */ state[0] ^= roundKeys[17]; PRESENTROUND(state[0]); /* round 19 */ state[0] ^= roundKeys[18]; PRESENTROUND(state[0]); /* round 20 */ state[0] ^= roundKeys[19]; PRESENTROUND(state[0]); /* round 21 */ state[0] ^= roundKeys[20]; PRESENTROUND(state[0]); /* round 22 */ state[0] ^= roundKeys[21]; PRESENTROUND(state[0]); /* round 23 */ state[0] ^= roundKeys[22]; PRESENTROUND(state[0]); /* round 24 */ state[0] ^= roundKeys[23]; PRESENTROUND(state[0]); /* round 25 */ state[0] ^= roundKeys[24]; PRESENTROUND(state[0]); /* round 26 */ state[0] ^= roundKeys[25]; PRESENTROUND(state[0]); /* round 27 */ state[0] ^= roundKeys[26]; PRESENTROUND(state[0]); /* round 28 */ state[0] ^= roundKeys[27]; PRESENTROUND(state[0]); /* round 29 */ state[0] ^= roundKeys[28]; PRESENTROUND(state[0]); /* round 30 */ state[0] ^= roundKeys[29]; PRESENTROUND(state[0]); /* round 31 */ state[0] ^= roundKeys[30]; PRESENTROUND(state[0]); /* last addRoundKey */ state[0] ^= roundKeys[31]; /* endianness handling */ state[0] = BSWAP64(state[0]); return; } #endif /****************************************************************************************************/ /* PRESENT128 key schedule + encryption */ #ifdef PRESENT128 void PRESENT128table_cipher(const u64 plaintext_in[TABLE_P], const u16 keys_in[TABLE_P][KEY128], u64 ciphertext_out[TABLE_P]) { /* Key schedule: subkeys are of size 2*264 bytes */ u8 subkeys[TABLE_P * PRESENT128_SUBKEYS_SIZE]; /* Compute the subkeys */ PRESENT128table_key_schedule((const u8*)keys_in, subkeys); /* Call the core encryption */ PRESENT128table_core((const u8*)plaintext_in, subkeys, (u8*)ciphertext_out); return; } #endif #endif caml-crush-1.0.12/src/bindings-pkcs11/helpers_pkcs11.h000066400000000000000000000330311414774042300223200ustar00rootroot00000000000000/*------------------------ MIT License HEADER ------------------------------------ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the bindings 1] source tree: ---------------------- | 1] PKCS#11 OCaml | | bindings | ---------------------- | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Project: PKCS#11 Filtering Proxy File: src/bindings-pkcs11/helpers_pkcs11.h -------------------------- MIT License HEADER ----------------------------------*/ /* Only include original_pkcs11.h for bindings to allow re-use of debug functions * across all the project */ #define GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) #if !(defined(CRPC) || defined (CAMLRPC)) #include "original_pkcs11.h" unsigned long get_local_arch(void); void int_to_ulong_char_array(unsigned long, unsigned char *); void char_array_to_ulong(unsigned char*, size_t, unsigned long*); void hton_char_array(unsigned char*, unsigned long, unsigned char*, unsigned long*); void ntoh_char_array(unsigned char*, unsigned long, unsigned char*, unsigned long*); void print_pkcs11_error(CK_RV); void print_pkcs11_error(CK_RV rv) { switch (rv) { case CKR_OK: printf("CKR_OK "); break; case CKR_CANCEL: printf("CKR_CANCEL "); break; case CKR_HOST_MEMORY: printf("CKR_HOST_MEMORY "); break; case CKR_SLOT_ID_INVALID: printf("CKR_SLOT_ID_INVALID "); break; case CKR_GENERAL_ERROR: printf("CKR_GENERAL_ERROR "); break; case CKR_FUNCTION_FAILED: printf("CKR_FUNCTION_FAILED "); break; case CKR_ARGUMENTS_BAD: printf("CKR_ARGUMENTS_BAD "); break; case CKR_NO_EVENT: printf("CKR_NO_EVENT "); break; case CKR_NEED_TO_CREATE_THREADS: printf("CKR_NEED_TO_CREATE_THREADS "); break; case CKR_CANT_LOCK: printf("CKR_CANT_LOCK "); break; case CKR_ATTRIBUTE_READ_ONLY: printf("CKR_ATTRIBUTE_READ_ONLY "); break; case CKR_ATTRIBUTE_SENSITIVE: printf("CKR_ATTRIBUTE_SENSITIVE "); break; case CKR_ATTRIBUTE_TYPE_INVALID: printf("CKR_ATTRIBUTE_TYPE_INVALID "); break; case CKR_ATTRIBUTE_VALUE_INVALID: printf("CKR_ATTRIBUTE_VALUE_INVALID "); break; case CKR_DATA_INVALID: printf("CKR_DATA_INVALID "); break; case CKR_DATA_LEN_RANGE: printf("CKR_DATA_LEN_RANGE "); break; case CKR_DEVICE_ERROR: printf("CKR_DEVICE_ERROR "); break; case CKR_DEVICE_MEMORY: printf("CKR_DEVICE_MEMORY "); break; case CKR_DEVICE_REMOVED: printf("CKR_DEVICE_REMOVED "); break; case CKR_ENCRYPTED_DATA_INVALID: printf("CKR_ENCRYPTED_DATA_INVALID "); break; case CKR_ENCRYPTED_DATA_LEN_RANGE: printf("CKR_ENCRYPTED_DATA_LEN_RANGE "); break; case CKR_FUNCTION_CANCELED: printf("CKR_FUNCTION_CANCELED "); break; case CKR_FUNCTION_NOT_PARALLEL: printf("CKR_FUNCTION_NOT_PARALLEL "); break; case CKR_FUNCTION_NOT_SUPPORTED: printf("CKR_FUNCTION_NOT_SUPPORTED "); break; case CKR_KEY_HANDLE_INVALID: printf("CKR_KEY_HANDLE_INVALID "); break; case CKR_KEY_SIZE_RANGE: printf("CKR_KEY_SIZE_RANGE "); break; case CKR_KEY_TYPE_INCONSISTENT: printf("CKR_KEY_TYPE_INCONSISTENT "); break; case CKR_KEY_NOT_NEEDED: printf("CKR_KEY_NOT_NEEDED "); break; case CKR_KEY_CHANGED: printf("CKR_KEY_CHANGED "); break; case CKR_KEY_NEEDED: printf("CKR_KEY_NEEDED "); break; case CKR_KEY_INDIGESTIBLE: printf("CKR_KEY_INDIGESTIBLE "); break; case CKR_KEY_FUNCTION_NOT_PERMITTED: printf("CKR_KEY_FUNCTION_NOT_PERMITTED "); break; case CKR_KEY_NOT_WRAPPABLE: printf("CKR_KEY_NOT_WRAPPABLE "); break; case CKR_KEY_UNEXTRACTABLE: printf("CKR_KEY_UNEXTRACTABLE "); break; case CKR_MECHANISM_INVALID: printf("CKR_MECHANISM_INVALID "); break; case CKR_MECHANISM_PARAM_INVALID: printf("CKR_MECHANISM_PARAM_INVALID "); break; case CKR_OBJECT_HANDLE_INVALID: printf("CKR_OBJECT_HANDLE_INVALID "); break; case CKR_OPERATION_ACTIVE: printf("CKR_OPERATION_ACTIVE "); break; case CKR_OPERATION_NOT_INITIALIZED: printf("CKR_OPERATION_NOT_INITIALIZED "); break; case CKR_PIN_INCORRECT: printf("CKR_PIN_INCORRECT "); break; case CKR_PIN_INVALID: printf("CKR_PIN_INVALID "); break; case CKR_PIN_LEN_RANGE: printf("CKR_PIN_LEN_RANGE "); break; case CKR_PIN_EXPIRED: printf("CKR_PIN_EXPIRED "); break; case CKR_PIN_LOCKED: printf("CKR_PIN_LOCKED "); break; case CKR_SESSION_CLOSED: printf("CKR_SESSION_CLOSED "); break; case CKR_SESSION_COUNT: printf("CKR_SESSION_COUNT "); break; case CKR_SESSION_HANDLE_INVALID: printf("CKR_SESSION_HANDLE_INVALID "); break; case CKR_SESSION_PARALLEL_NOT_SUPPORTED: printf("CKR_SESSION_PARALLEL_NOT_SUPPORTED"); break; case CKR_SESSION_READ_ONLY: printf("CKR_SESSION_READ_ONLY "); break; case CKR_SESSION_EXISTS: printf("CKR_SESSION_EXISTS "); break; case CKR_SESSION_READ_ONLY_EXISTS: printf("CKR_SESSION_READ_ONLY_EXISTS "); break; case CKR_SESSION_READ_WRITE_SO_EXISTS: printf("CKR_SESSION_READ_WRITE_SO_EXISTS"); break; case CKR_SIGNATURE_INVALID: printf("CKR_SIGNATURE_INVALID "); break; case CKR_SIGNATURE_LEN_RANGE: printf("CKR_SIGNATURE_LEN_RANGE "); break; case CKR_TEMPLATE_INCOMPLETE: printf("CKR_TEMPLATE_INCOMPLETE "); break; case CKR_TEMPLATE_INCONSISTENT: printf("CKR_TEMPLATE_INCONSISTENT "); break; case CKR_TOKEN_NOT_PRESENT: printf("CKR_TOKEN_NOT_PRESENT "); break; case CKR_TOKEN_NOT_RECOGNIZED: printf("CKR_TOKEN_NOT_RECOGNIZED "); break; case CKR_TOKEN_WRITE_PROTECTED: printf("CKR_TOKEN_WRITE_PROTECTED "); break; case CKR_UNWRAPPING_KEY_HANDLE_INVALID: printf("CKR_UNWRAPPING_KEY_HANDLE_INVALID"); break; case CKR_UNWRAPPING_KEY_SIZE_RANGE: printf("CKR_UNWRAPPING_KEY_SIZE_RANGE "); break; case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: printf("CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT"); break; case CKR_USER_ALREADY_LOGGED_IN: printf("CKR_USER_ALREADY_LOGGED_IN "); break; case CKR_USER_NOT_LOGGED_IN: printf("CKR_USER_NOT_LOGGED_IN "); break; case CKR_USER_PIN_NOT_INITIALIZED: printf("CKR_USER_PIN_NOT_INITIALIZED "); break; case CKR_USER_TYPE_INVALID: printf("CKR_USER_TYPE_INVALID "); break; case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: printf("CKR_USER_ANOTHER_ALREADY_LOGGED_IN"); break; case CKR_USER_TOO_MANY_TYPES: printf("CKR_USER_TOO_MANY_TYPES "); break; case CKR_WRAPPED_KEY_INVALID: printf("CKR_WRAPPED_KEY_INVALID "); break; case CKR_WRAPPED_KEY_LEN_RANGE: printf("CKR_WRAPPED_KEY_LEN_RANGE "); break; case CKR_WRAPPING_KEY_HANDLE_INVALID: printf("CKR_WRAPPING_KEY_HANDLE_INVALID "); break; case CKR_WRAPPING_KEY_SIZE_RANGE: printf("CKR_WRAPPING_KEY_SIZE_RANGE "); break; case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: printf("CKR_WRAPPING_KEY_TYPE_INCONSISTENT"); break; case CKR_RANDOM_SEED_NOT_SUPPORTED: printf("CKR_RANDOM_SEED_NOT_SUPPORTED "); break; case CKR_RANDOM_NO_RNG: printf("CKR_RANDOM_NO_RNG "); break; case CKR_DOMAIN_PARAMS_INVALID: printf("CKR_DOMAIN_PARAMS_INVALID "); break; case CKR_BUFFER_TOO_SMALL: printf("CKR_BUFFER_TOO_SMALL "); break; case CKR_SAVED_STATE_INVALID: printf("CKR_SAVED_STATE_INVALID "); break; case CKR_INFORMATION_SENSITIVE: printf("CKR_INFORMATION_SENSITIVE "); break; case CKR_STATE_UNSAVEABLE: printf("CKR_STATE_UNSAVEABLE "); break; case CKR_CRYPTOKI_NOT_INITIALIZED: printf("CKR_CRYPTOKI_NOT_INITIALIZED "); break; case CKR_CRYPTOKI_ALREADY_INITIALIZED: printf("CKR_CRYPTOKI_ALREADY_INITIALIZED"); break; case CKR_MUTEX_BAD: printf("CKR_MUTEX_BAD "); break; case CKR_MUTEX_NOT_LOCKED: printf("CKR_MUTEX_NOT_LOCKED "); break; case CKR_FUNCTION_REJECTED: printf("CKR_FUNCTION_REJECTED "); break; case CKR_VENDOR_DEFINED: printf("CKR_VENDOR_DEFINED "); break; } } #define CHECK_MODULE_FUNCTION_INITIALIZE(pointer) do {\ if(pkcs11 == NULL){\ fprintf(stderr, "PKCS11 module not loaded!\n");\ return CKR_GENERAL_ERROR;\ }\ if(pkcs11->pointer == NULL){\ fprintf(stderr, "PKCS11 function "#pointer" not supported\n");\ return CKR_FUNCTION_NOT_SUPPORTED;\ }\ } while(0); #define CHECK_MODULE_FUNCTION(pointer) do {\ if(pkcs11 == NULL){\ fprintf(stderr, "PKCS11 module not loaded!\n");\ return CKR_CRYPTOKI_NOT_INITIALIZED;\ }\ if(pkcs11->pointer == NULL){\ fprintf(stderr, "PKCS11 function "#pointer" not supported\n");\ return CKR_FUNCTION_NOT_SUPPORTED;\ }\ } while(0); #endif /* end of !(CRPC || CAMLRPC) */ /* ISO C compliance: Ugly but necessary since variadic macros */ /* have been introduced in ISO C 99 */ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wvariadic-macros" #endif /* The ##__VA_ARGS__ has been introduced with C++, so we have to */ /* use tricks to avoid it and remain ISO C compiant */ #ifdef DEBUG #ifdef WIN32 /* WIN32 __VA_ARGS__ support is crap, this debug is disabled */ #define _DEBUG_CALL(name, string, ...) do {\ } while(0); #define DEBUG_CALL(...) _DEBUG_CALL(__VA_ARGS__, "") #else #define __DEBUG_CALL(name, string, ...) do {\ printf(#name string, __VA_ARGS__);\ } while(0); #define _DEBUG_CALL(name, string, ...) __DEBUG_CALL(name, string "%s", __VA_ARGS__) #define DEBUG_CALL(...) _DEBUG_CALL(__VA_ARGS__, "") #endif #else #define _DEBUG_CALL(name, string, ...) do {\ } while(0); #define DEBUG_CALL(...) _DEBUG_CALL(__VA_ARGS__, "") #endif #ifdef DEBUG #define __DEBUG_RET(name, rv, string, ...) do {\ if(rv == CKR_OK){\ printf(#name": Succeed ");\ printf(string, __VA_ARGS__);\ }\ else{\ printf(#name": Error ");\ print_pkcs11_error(rv);\ printf(string, __VA_ARGS__);\ }\ } while(0); #define _DEBUG_RET(name, rv, string, ...) __DEBUG_RET(name, rv, string "%s", __VA_ARGS__) #define DEBUG_RET(...) _DEBUG_RET(__VA_ARGS__, "") #else #define _DEBUG_RET(name, rv, string, ...) do {\ } while(0); #define DEBUG_RET(...) _DEBUG_RET(__VA_ARGS__, "") #endif #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif caml-crush-1.0.12/src/bindings-pkcs11/original_pkcs11.h000066400000000000000000001276521414774042300224770ustar00rootroot00000000000000/* pkcs11.h Copyright 2006, 2007 g10 Code GmbH Copyright 2006 Andreas Jellinghaus This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* Please submit changes back to the Scute project at http://www.scute.org/ (or send them to marcus@g10code.com), so that they can be picked up by other projects from there as well. */ /* This file is a modified implementation of the PKCS #11 standard by RSA Security Inc. It is mostly a drop-in replacement, with the following change: This header file does not require any macro definitions by the user (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros for you (if useful, some are missing, let me know if you need more). There is an additional API available that does comply better to the GNU coding standard. It can be switched on by defining CRYPTOKI_GNU before including this header file. For this, the following changes are made to the specification: All structure types are changed to a "struct ck_foo" where CK_FOO is the type name in PKCS #11. All non-structure types are changed to ck_foo_t where CK_FOO is the lowercase version of the type name in PKCS #11. The basic types (CK_ULONG et al.) are removed without substitute. All members of structures are modified in the following way: Type indication prefixes are removed, and underscore characters are inserted before words. Then the result is lowercased. Note that function names are still in the original case, as they need for ABI compatibility. CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use . If CRYPTOKI_COMPAT is defined before including this header file, then none of the API changes above take place, and the API is the one defined by the PKCS #11 standard. */ #ifndef PKCS11_H #define PKCS11_H 1 #if defined(__cplusplus) extern "C" { #endif /* The version of cryptoki we implement. The revision is changed with each modification of this file. If you do not use the "official" version of this file, please consider deleting the revision macro (you may use a macro with a different name to keep track of your versions). */ #define CRYPTOKI_VERSION_MAJOR 2 #define CRYPTOKI_VERSION_MINOR 20 #define CRYPTOKI_VERSION_REVISION 6 /* Compatibility interface is default, unless CRYPTOKI_GNU is given. */ #ifndef CRYPTOKI_GNU #ifndef CRYPTOKI_COMPAT #define CRYPTOKI_COMPAT 1 #endif #endif /* System dependencies. */ #if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) /* There is a matching pop below. */ #pragma pack(push, cryptoki, 1) #ifdef CRYPTOKI_EXPORTS #define CK_SPEC __declspec(dllexport) #else #define CK_SPEC __declspec(dllimport) #endif #else #define CK_SPEC #endif #ifdef CRYPTOKI_COMPAT /* If we are in compatibility mode, switch all exposed names to the PKCS #11 variant. There are corresponding #undefs below. */ #define ck_flags_t CK_FLAGS #define ck_version _CK_VERSION #define ck_info _CK_INFO #define cryptoki_version cryptokiVersion #define manufacturer_id manufacturerID #define library_description libraryDescription #define library_version libraryVersion #define ck_notification_t CK_NOTIFICATION #define ck_slot_id_t CK_SLOT_ID #define ck_slot_info _CK_SLOT_INFO #define slot_description slotDescription #define hardware_version hardwareVersion #define firmware_version firmwareVersion #define ck_token_info _CK_TOKEN_INFO #define serial_number serialNumber #define max_session_count ulMaxSessionCount #define session_count ulSessionCount #define max_rw_session_count ulMaxRwSessionCount #define rw_session_count ulRwSessionCount #define max_pin_len ulMaxPinLen #define min_pin_len ulMinPinLen #define total_public_memory ulTotalPublicMemory #define free_public_memory ulFreePublicMemory #define total_private_memory ulTotalPrivateMemory #define free_private_memory ulFreePrivateMemory #define utc_time utcTime #define ck_session_handle_t CK_SESSION_HANDLE #define ck_user_type_t CK_USER_TYPE #define ck_state_t CK_STATE #define ck_session_info _CK_SESSION_INFO #define slot_id slotID #define device_error ulDeviceError #define ck_object_handle_t CK_OBJECT_HANDLE #define ck_object_class_t CK_OBJECT_CLASS #define ck_hw_feature_type_t CK_HW_FEATURE_TYPE #define ck_key_type_t CK_KEY_TYPE #define ck_certificate_type_t CK_CERTIFICATE_TYPE #define ck_attribute_type_t CK_ATTRIBUTE_TYPE #define ck_attribute _CK_ATTRIBUTE #define value pValue #define value_len ulValueLen #define ck_date _CK_DATE #define ck_mechanism_type_t CK_MECHANISM_TYPE #define ck_mechanism _CK_MECHANISM #define parameter pParameter #define parameter_len ulParameterLen #define ck_mechanism_info _CK_MECHANISM_INFO #define min_key_size ulMinKeySize #define max_key_size ulMaxKeySize #define ck_rv_t CK_RV #define ck_notify_t CK_NOTIFY #define ck_function_list _CK_FUNCTION_LIST #define ck_createmutex_t CK_CREATEMUTEX #define ck_destroymutex_t CK_DESTROYMUTEX #define ck_lockmutex_t CK_LOCKMUTEX #define ck_unlockmutex_t CK_UNLOCKMUTEX #define ck_c_initialize_args _CK_C_INITIALIZE_ARGS #define create_mutex CreateMutex #define destroy_mutex DestroyMutex #define lock_mutex LockMutex #define unlock_mutex UnlockMutex #define reserved pReserved #endif /* CRYPTOKI_COMPAT */ typedef unsigned long ck_flags_t; struct ck_version { unsigned char major; unsigned char minor; }; struct ck_info { struct ck_version cryptoki_version; unsigned char manufacturer_id[32]; ck_flags_t flags; unsigned char library_description[32]; struct ck_version library_version; }; typedef unsigned long ck_notification_t; #define CKN_SURRENDER (0UL) typedef unsigned long ck_slot_id_t; struct ck_slot_info { unsigned char slot_description[64]; unsigned char manufacturer_id[32]; ck_flags_t flags; struct ck_version hardware_version; struct ck_version firmware_version; }; #define CKF_TOKEN_PRESENT (1UL << 0) #define CKF_REMOVABLE_DEVICE (1UL << 1) #define CKF_HW_SLOT (1UL << 2) #define CKF_ARRAY_ATTRIBUTE (1UL << 30) struct ck_token_info { unsigned char label[32]; unsigned char manufacturer_id[32]; unsigned char model[16]; unsigned char serial_number[16]; ck_flags_t flags; unsigned long max_session_count; unsigned long session_count; unsigned long max_rw_session_count; unsigned long rw_session_count; unsigned long max_pin_len; unsigned long min_pin_len; unsigned long total_public_memory; unsigned long free_public_memory; unsigned long total_private_memory; unsigned long free_private_memory; struct ck_version hardware_version; struct ck_version firmware_version; unsigned char utc_time[16]; }; #define CKF_RNG (1UL << 0) #define CKF_WRITE_PROTECTED (1UL << 1) #define CKF_LOGIN_REQUIRED (1UL << 2) #define CKF_USER_PIN_INITIALIZED (1UL << 3) #define CKF_RESTORE_KEY_NOT_NEEDED (1UL << 5) #define CKF_CLOCK_ON_TOKEN (1UL << 6) #define CKF_PROTECTED_AUTHENTICATION_PATH (1UL << 8) #define CKF_DUAL_CRYPTO_OPERATIONS (1UL << 9) #define CKF_TOKEN_INITIALIZED (1UL << 10) #define CKF_SECONDARY_AUTHENTICATION (1UL << 11) #define CKF_USER_PIN_COUNT_LOW (1UL << 16) #define CKF_USER_PIN_FINAL_TRY (1UL << 17) #define CKF_USER_PIN_LOCKED (1UL << 18) #define CKF_USER_PIN_TO_BE_CHANGED (1UL << 19) #define CKF_SO_PIN_COUNT_LOW (1UL << 20) #define CKF_SO_PIN_FINAL_TRY (1UL << 21) #define CKF_SO_PIN_LOCKED (1UL << 22) #define CKF_SO_PIN_TO_BE_CHANGED (1UL << 23) #define CK_UNAVAILABLE_INFORMATION ((unsigned long)-1L) #define CK_EFFECTIVELY_INFINITE (0UL) typedef unsigned long ck_session_handle_t; #define CK_INVALID_HANDLE (0UL) typedef unsigned long ck_user_type_t; #define CKU_SO (0UL) #define CKU_USER (1UL) #define CKU_CONTEXT_SPECIFIC (2UL) typedef unsigned long ck_state_t; #define CKS_RO_PUBLIC_SESSION (0UL) #define CKS_RO_USER_FUNCTIONS (1UL) #define CKS_RW_PUBLIC_SESSION (2UL) #define CKS_RW_USER_FUNCTIONS (3UL) #define CKS_RW_SO_FUNCTIONS (4UL) struct ck_session_info { ck_slot_id_t slot_id; ck_state_t state; ck_flags_t flags; unsigned long device_error; }; #define CKF_RW_SESSION (1UL << 1) #define CKF_SERIAL_SESSION (1UL << 2) typedef unsigned long ck_object_handle_t; typedef unsigned long ck_object_class_t; #define CKO_DATA (0UL) #define CKO_CERTIFICATE (1UL) #define CKO_PUBLIC_KEY (2UL) #define CKO_PRIVATE_KEY (3UL) #define CKO_SECRET_KEY (4UL) #define CKO_HW_FEATURE (5UL) #define CKO_DOMAIN_PARAMETERS (6UL) #define CKO_MECHANISM (7UL) #define CKO_VENDOR_DEFINED ((unsigned long) (1UL << 31)) typedef unsigned long ck_hw_feature_type_t; #define CKH_MONOTONIC_COUNTER (1UL) #define CKH_CLOCK (2UL) #define CKH_USER_INTERFACE (3UL) #define CKH_VENDOR_DEFINED ((unsigned long) (1UL << 31)) typedef unsigned long ck_key_type_t; #define CKK_RSA (0UL) #define CKK_DSA (1UL) #define CKK_DH (2UL) #define CKK_ECDSA (3UL) #define CKK_EC (3UL) #define CKK_X9_42_DH (4UL) #define CKK_KEA (5UL) #define CKK_GENERIC_SECRET (0x10UL) #define CKK_RC2 (0x11UL) #define CKK_RC4 (0x12UL) #define CKK_DES (0x13UL) #define CKK_DES2 (0x14UL) #define CKK_DES3 (0x15UL) #define CKK_CAST (0x16UL) #define CKK_CAST3 (0x17UL) #define CKK_CAST128 (0x18UL) #define CKK_RC5 (0x19UL) #define CKK_IDEA (0x1aUL) #define CKK_SKIPJACK (0x1bUL) #define CKK_BATON (0x1cUL) #define CKK_JUNIPER (0x1dUL) #define CKK_CDMF (0x1eUL) #define CKK_AES (0x1fUL) #define CKK_BLOWFISH (0x20UL) #define CKK_TWOFISH (0x21UL) #define CKK_VENDOR_DEFINED ((unsigned long) (1UL << 31)) typedef unsigned long ck_certificate_type_t; #define CKC_X_509 (0UL) #define CKC_X_509_ATTR_CERT (1UL) #define CKC_WTLS (2UL) #define CKC_VENDOR_DEFINED ((unsigned long) (1UL << 31)) typedef unsigned long ck_attribute_type_t; #define CKA_CLASS (0UL) #define CKA_TOKEN (1UL) #define CKA_PRIVATE (2UL) #define CKA_LABEL (3UL) #define CKA_APPLICATION (0x10UL) #define CKA_VALUE (0x11UL) #define CKA_OBJECT_ID (0x12UL) #define CKA_CERTIFICATE_TYPE (0x80UL) #define CKA_ISSUER (0x81UL) #define CKA_SERIAL_NUMBER (0x82UL) #define CKA_AC_ISSUER (0x83UL) #define CKA_OWNER (0x84UL) #define CKA_ATTR_TYPES (0x85UL) #define CKA_TRUSTED (0x86UL) #define CKA_CERTIFICATE_CATEGORY (0x87UL) #define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88UL) #define CKA_URL (0x89UL) #define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8aUL) #define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8bUL) #define CKA_CHECK_VALUE (0x90UL) #define CKA_KEY_TYPE (0x100UL) #define CKA_SUBJECT (0x101UL) #define CKA_ID (0x102UL) #define CKA_SENSITIVE (0x103UL) #define CKA_ENCRYPT (0x104UL) #define CKA_DECRYPT (0x105UL) #define CKA_WRAP (0x106UL) #define CKA_UNWRAP (0x107UL) #define CKA_SIGN (0x108UL) #define CKA_SIGN_RECOVER (0x109UL) #define CKA_VERIFY (0x10aUL) #define CKA_VERIFY_RECOVER (0x10bUL) #define CKA_DERIVE (0x10cUL) #define CKA_START_DATE (0x110UL) #define CKA_END_DATE (0x111UL) #define CKA_MODULUS (0x120UL) #define CKA_MODULUS_BITS (0x121UL) #define CKA_PUBLIC_EXPONENT (0x122UL) #define CKA_PRIVATE_EXPONENT (0x123UL) #define CKA_PRIME_1 (0x124UL) #define CKA_PRIME_2 (0x125UL) #define CKA_EXPONENT_1 (0x126UL) #define CKA_EXPONENT_2 (0x127UL) #define CKA_COEFFICIENT (0x128UL) #define CKA_PRIME (0x130UL) #define CKA_SUBPRIME (0x131UL) #define CKA_BASE (0x132UL) #define CKA_PRIME_BITS (0x133UL) #define CKA_SUB_PRIME_BITS (0x134UL) #define CKA_VALUE_BITS (0x160UL) #define CKA_VALUE_LEN (0x161UL) #define CKA_EXTRACTABLE (0x162UL) #define CKA_LOCAL (0x163UL) #define CKA_NEVER_EXTRACTABLE (0x164UL) #define CKA_ALWAYS_SENSITIVE (0x165UL) #define CKA_KEY_GEN_MECHANISM (0x166UL) #define CKA_MODIFIABLE (0x170UL) #define CKA_ECDSA_PARAMS (0x180UL) #define CKA_EC_PARAMS (0x180UL) #define CKA_EC_POINT (0x181UL) #define CKA_SECONDARY_AUTH (0x200UL) #define CKA_AUTH_PIN_FLAGS (0x201UL) #define CKA_ALWAYS_AUTHENTICATE (0x202UL) #define CKA_WRAP_WITH_TRUSTED (0x210UL) #define CKA_HW_FEATURE_TYPE (0x300UL) #define CKA_RESET_ON_INIT (0x301UL) #define CKA_HAS_RESET (0x302UL) #define CKA_PIXEL_X (0x400UL) #define CKA_PIXEL_Y (0x401UL) #define CKA_RESOLUTION (0x402UL) #define CKA_CHAR_ROWS (0x403UL) #define CKA_CHAR_COLUMNS (0x404UL) #define CKA_COLOR (0x405UL) #define CKA_BITS_PER_PIXEL (0x406UL) #define CKA_CHAR_SETS (0x480UL) #define CKA_ENCODING_METHODS (0x481UL) #define CKA_MIME_TYPES (0x482UL) #define CKA_MECHANISM_TYPE (0x500UL) #define CKA_REQUIRED_CMS_ATTRIBUTES (0x501UL) #define CKA_DEFAULT_CMS_ATTRIBUTES (0x502UL) #define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503UL) #define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211UL) #define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212UL) #define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600UL) #define CKA_VENDOR_DEFINED ((unsigned long) (1UL << 31)) struct ck_attribute { ck_attribute_type_t type; void *value; unsigned long value_len; }; struct ck_date { unsigned char year[4]; unsigned char month[2]; unsigned char day[2]; }; typedef unsigned long ck_mechanism_type_t; #define CKM_RSA_PKCS_KEY_PAIR_GEN (0UL) #define CKM_RSA_PKCS (1UL) #define CKM_RSA_9796 (2UL) #define CKM_RSA_X_509 (3UL) #define CKM_MD2_RSA_PKCS (4UL) #define CKM_MD5_RSA_PKCS (5UL) #define CKM_SHA1_RSA_PKCS (6UL) #define CKM_RIPEMD128_RSA_PKCS (7UL) #define CKM_RIPEMD160_RSA_PKCS (8UL) #define CKM_RSA_PKCS_OAEP (9UL) #define CKM_RSA_X9_31_KEY_PAIR_GEN (0xaUL) #define CKM_RSA_X9_31 (0xbUL) #define CKM_SHA1_RSA_X9_31 (0xcUL) #define CKM_RSA_PKCS_PSS (0xdUL) #define CKM_SHA1_RSA_PKCS_PSS (0xeUL) #define CKM_DSA_KEY_PAIR_GEN (0x10UL) #define CKM_DSA (0x11UL) #define CKM_DSA_SHA1 (0x12UL) #define CKM_DH_PKCS_KEY_PAIR_GEN (0x20UL) #define CKM_DH_PKCS_DERIVE (0x21UL) #define CKM_X9_42_DH_KEY_PAIR_GEN (0x30UL) #define CKM_X9_42_DH_DERIVE (0x31UL) #define CKM_X9_42_DH_HYBRID_DERIVE (0x32UL) #define CKM_X9_42_MQV_DERIVE (0x33UL) #define CKM_SHA256_RSA_PKCS (0x40UL) #define CKM_SHA384_RSA_PKCS (0x41UL) #define CKM_SHA512_RSA_PKCS (0x42UL) #define CKM_SHA256_RSA_PKCS_PSS (0x43UL) #define CKM_SHA384_RSA_PKCS_PSS (0x44UL) #define CKM_SHA512_RSA_PKCS_PSS (0x45UL) #define CKM_RC2_KEY_GEN (0x100UL) #define CKM_RC2_ECB (0x101UL) #define CKM_RC2_CBC (0x102UL) #define CKM_RC2_MAC (0x103UL) #define CKM_RC2_MAC_GENERAL (0x104UL) #define CKM_RC2_CBC_PAD (0x105UL) #define CKM_RC4_KEY_GEN (0x110UL) #define CKM_RC4 (0x111UL) #define CKM_DES_KEY_GEN (0x120UL) #define CKM_DES_ECB (0x121UL) #define CKM_DES_CBC (0x122UL) #define CKM_DES_MAC (0x123UL) #define CKM_DES_MAC_GENERAL (0x124UL) #define CKM_DES_CBC_PAD (0x125UL) #define CKM_DES2_KEY_GEN (0x130UL) #define CKM_DES3_KEY_GEN (0x131UL) #define CKM_DES3_ECB (0x132UL) #define CKM_DES3_CBC (0x133UL) #define CKM_DES3_MAC (0x134UL) #define CKM_DES3_MAC_GENERAL (0x135UL) #define CKM_DES3_CBC_PAD (0x136UL) #define CKM_CDMF_KEY_GEN (0x140UL) #define CKM_CDMF_ECB (0x141UL) #define CKM_CDMF_CBC (0x142UL) #define CKM_CDMF_MAC (0x143UL) #define CKM_CDMF_MAC_GENERAL (0x144UL) #define CKM_CDMF_CBC_PAD (0x145UL) #define CKM_DES_OFB64 (0x150UL) #define CKM_DES_OFB8 (0x151UL) #define CKM_DES_CFB64 (0x152UL) #define CKM_DES_CFB8 (0x153UL) #define CKM_MD2 (0x200UL) #define CKM_MD2_HMAC (0x201UL) #define CKM_MD2_HMAC_GENERAL (0x202UL) #define CKM_MD5 (0x210UL) #define CKM_MD5_HMAC (0x211UL) #define CKM_MD5_HMAC_GENERAL (0x212UL) #define CKM_SHA_1 (0x220UL) #define CKM_SHA_1_HMAC (0x221UL) #define CKM_SHA_1_HMAC_GENERAL (0x222UL) #define CKM_RIPEMD128 (0x230UL) #define CKM_RIPEMD128_HMAC (0x231UL) #define CKM_RIPEMD128_HMAC_GENERAL (0x232UL) #define CKM_RIPEMD160 (0x240UL) #define CKM_RIPEMD160_HMAC (0x241UL) #define CKM_RIPEMD160_HMAC_GENERAL (0x242UL) #define CKM_SHA256 (0x250UL) #define CKM_SHA256_HMAC (0x251UL) #define CKM_SHA256_HMAC_GENERAL (0x252UL) #define CKM_SHA384 (0x260UL) #define CKM_SHA384_HMAC (0x261UL) #define CKM_SHA384_HMAC_GENERAL (0x262UL) #define CKM_SHA512 (0x270UL) #define CKM_SHA512_HMAC (0x271UL) #define CKM_SHA512_HMAC_GENERAL (0x272UL) #define CKM_CAST_KEY_GEN (0x300UL) #define CKM_CAST_ECB (0x301UL) #define CKM_CAST_CBC (0x302UL) #define CKM_CAST_MAC (0x303UL) #define CKM_CAST_MAC_GENERAL (0x304UL) #define CKM_CAST_CBC_PAD (0x305UL) #define CKM_CAST3_KEY_GEN (0x310UL) #define CKM_CAST3_ECB (0x311UL) #define CKM_CAST3_CBC (0x312UL) #define CKM_CAST3_MAC (0x313UL) #define CKM_CAST3_MAC_GENERAL (0x314UL) #define CKM_CAST3_CBC_PAD (0x315UL) #define CKM_CAST5_KEY_GEN (0x320UL) #define CKM_CAST128_KEY_GEN (0x320UL) #define CKM_CAST5_ECB (0x321UL) #define CKM_CAST128_ECB (0x321UL) #define CKM_CAST5_CBC (0x322UL) #define CKM_CAST128_CBC (0x322UL) #define CKM_CAST5_MAC (0x323UL) #define CKM_CAST128_MAC (0x323UL) #define CKM_CAST5_MAC_GENERAL (0x324UL) #define CKM_CAST128_MAC_GENERAL (0x324UL) #define CKM_CAST5_CBC_PAD (0x325UL) #define CKM_CAST128_CBC_PAD (0x325UL) #define CKM_RC5_KEY_GEN (0x330UL) #define CKM_RC5_ECB (0x331UL) #define CKM_RC5_CBC (0x332UL) #define CKM_RC5_MAC (0x333UL) #define CKM_RC5_MAC_GENERAL (0x334UL) #define CKM_RC5_CBC_PAD (0x335UL) #define CKM_IDEA_KEY_GEN (0x340UL) #define CKM_IDEA_ECB (0x341UL) #define CKM_IDEA_CBC (0x342UL) #define CKM_IDEA_MAC (0x343UL) #define CKM_IDEA_MAC_GENERAL (0x344UL) #define CKM_IDEA_CBC_PAD (0x345UL) #define CKM_GENERIC_SECRET_KEY_GEN (0x350UL) #define CKM_CONCATENATE_BASE_AND_KEY (0x360UL) #define CKM_CONCATENATE_BASE_AND_DATA (0x362UL) #define CKM_CONCATENATE_DATA_AND_BASE (0x363UL) #define CKM_XOR_BASE_AND_DATA (0x364UL) #define CKM_EXTRACT_KEY_FROM_KEY (0x365UL) #define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370UL) #define CKM_SSL3_MASTER_KEY_DERIVE (0x371UL) #define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372UL) #define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373UL) #define CKM_TLS_PRE_MASTER_KEY_GEN (0x374UL) #define CKM_TLS_MASTER_KEY_DERIVE (0x375UL) #define CKM_TLS_KEY_AND_MAC_DERIVE (0x376UL) #define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377UL) #define CKM_TLS_PRF (0x378UL) #define CKM_SSL3_MD5_MAC (0x380UL) #define CKM_SSL3_SHA1_MAC (0x381UL) #define CKM_MD5_KEY_DERIVATION (0x390UL) #define CKM_MD2_KEY_DERIVATION (0x391UL) #define CKM_SHA1_KEY_DERIVATION (0x392UL) #define CKM_SHA256_KEY_DERIVATION (0x393UL) #define CKM_SHA384_KEY_DERIVATION (0x394UL) #define CKM_SHA512_KEY_DERIVATION (0x395UL) #define CKM_PBE_MD2_DES_CBC (0x3a0UL) #define CKM_PBE_MD5_DES_CBC (0x3a1UL) #define CKM_PBE_MD5_CAST_CBC (0x3a2UL) #define CKM_PBE_MD5_CAST3_CBC (0x3a3UL) #define CKM_PBE_MD5_CAST5_CBC (0x3a4UL) #define CKM_PBE_MD5_CAST128_CBC (0x3a4UL) #define CKM_PBE_SHA1_CAST5_CBC (0x3a5UL) #define CKM_PBE_SHA1_CAST128_CBC (0x3a5UL) #define CKM_PBE_SHA1_RC4_128 (0x3a6UL) #define CKM_PBE_SHA1_RC4_40 (0x3a7UL) #define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8UL) #define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9UL) #define CKM_PBE_SHA1_RC2_128_CBC (0x3aaUL) #define CKM_PBE_SHA1_RC2_40_CBC (0x3abUL) #define CKM_PKCS5_PBKD2 (0x3b0UL) #define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0UL) #define CKM_WTLS_PRE_MASTER_KEY_GEN (0x3d0UL) #define CKM_WTLS_MASTER_KEY_DERIVE (0x3d1UL) #define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC (0x3d2UL) #define CKM_WTLS_PRF (0x3d3UL) #define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE (0x3d4UL) #define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE (0x3d5UL) #define CKM_KEY_WRAP_LYNKS (0x400UL) #define CKM_KEY_WRAP_SET_OAEP (0x401UL) #define CKM_CMS_SIG (0x500UL) #define CKM_SKIPJACK_KEY_GEN (0x1000UL) #define CKM_SKIPJACK_ECB64 (0x1001UL) #define CKM_SKIPJACK_CBC64 (0x1002UL) #define CKM_SKIPJACK_OFB64 (0x1003UL) #define CKM_SKIPJACK_CFB64 (0x1004UL) #define CKM_SKIPJACK_CFB32 (0x1005UL) #define CKM_SKIPJACK_CFB16 (0x1006UL) #define CKM_SKIPJACK_CFB8 (0x1007UL) #define CKM_SKIPJACK_WRAP (0x1008UL) #define CKM_SKIPJACK_PRIVATE_WRAP (0x1009UL) #define CKM_SKIPJACK_RELAYX (0x100aUL) #define CKM_KEA_KEY_PAIR_GEN (0x1010UL) #define CKM_KEA_KEY_DERIVE (0x1011UL) #define CKM_FORTEZZA_TIMESTAMP (0x1020UL) #define CKM_BATON_KEY_GEN (0x1030UL) #define CKM_BATON_ECB128 (0x1031UL) #define CKM_BATON_ECB96 (0x1032UL) #define CKM_BATON_CBC128 (0x1033UL) #define CKM_BATON_COUNTER (0x1034UL) #define CKM_BATON_SHUFFLE (0x1035UL) #define CKM_BATON_WRAP (0x1036UL) #define CKM_ECDSA_KEY_PAIR_GEN (0x1040UL) #define CKM_EC_KEY_PAIR_GEN (0x1040UL) #define CKM_ECDSA (0x1041UL) #define CKM_ECDSA_SHA1 (0x1042UL) #define CKM_ECDH1_DERIVE (0x1050UL) #define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL) #define CKM_ECMQV_DERIVE (0x1052UL) #define CKM_JUNIPER_KEY_GEN (0x1060UL) #define CKM_JUNIPER_ECB128 (0x1061UL) #define CKM_JUNIPER_CBC128 (0x1062UL) #define CKM_JUNIPER_COUNTER (0x1063UL) #define CKM_JUNIPER_SHUFFLE (0x1064UL) #define CKM_JUNIPER_WRAP (0x1065UL) #define CKM_FASTHASH (0x1070UL) #define CKM_AES_KEY_GEN (0x1080UL) #define CKM_AES_ECB (0x1081UL) #define CKM_AES_CBC (0x1082UL) #define CKM_AES_MAC (0x1083UL) #define CKM_AES_MAC_GENERAL (0x1084UL) #define CKM_AES_CBC_PAD (0x1085UL) #define CKM_BLOWFISH_KEY_GEN (0x1090UL) #define CKM_BLOWFISH_CBC (0x1091UL) #define CKM_TWOFISH_KEY_GEN (0x1092UL) #define CKM_TWOFISH_CBC (0x1093UL) #define CKM_DES_ECB_ENCRYPT_DATA (0x1100UL) #define CKM_DES_CBC_ENCRYPT_DATA (0x1101UL) #define CKM_DES3_ECB_ENCRYPT_DATA (0x1102UL) #define CKM_DES3_CBC_ENCRYPT_DATA (0x1103UL) #define CKM_AES_ECB_ENCRYPT_DATA (0x1104UL) #define CKM_AES_CBC_ENCRYPT_DATA (0x1105UL) #define CKM_DSA_PARAMETER_GEN (0x2000UL) #define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL) #define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL) #define CKM_VENDOR_DEFINED ((unsigned long) (1UL << 31)) /* Ammendments */ #define CKM_SHA224 (0x255UL) #define CKM_SHA224_HMAC (0x256UL) #define CKM_SHA224_HMAC_GENERAL (0x257UL) #define CKM_SHA224_RSA_PKCS (0x46UL) #define CKM_SHA224_RSA_PKCS_PSS (0x47UL) #define CKM_SHA224_KEY_DERIVATION (0x396UL) #define CKM_CAMELLIA_KEY_GEN (0x550UL) #define CKM_CAMELLIA_ECB (0x551UL) #define CKM_CAMELLIA_CBC (0x552UL) #define CKM_CAMELLIA_MAC (0x553UL) #define CKM_CAMELLIA_MAC_GENERAL (0x554UL) #define CKM_CAMELLIA_CBC_PAD (0x555UL) #define CKM_CAMELLIA_ECB_ENCRYPT_DATA (0x556UL) #define CKM_CAMELLIA_CBC_ENCRYPT_DATA (0x557UL) struct ck_mechanism { ck_mechanism_type_t mechanism; void *parameter; unsigned long parameter_len; }; struct ck_mechanism_info { unsigned long min_key_size; unsigned long max_key_size; ck_flags_t flags; }; #define CKF_HW (1UL << 0) #define CKF_ENCRYPT (1UL << 8) #define CKF_DECRYPT (1UL << 9) #define CKF_DIGEST (1UL << 10) #define CKF_SIGN (1UL << 11) #define CKF_SIGN_RECOVER (1UL << 12) #define CKF_VERIFY (1UL << 13) #define CKF_VERIFY_RECOVER (1UL << 14) #define CKF_GENERATE (1UL << 15) #define CKF_GENERATE_KEY_PAIR (1UL << 16) #define CKF_WRAP (1UL << 17) #define CKF_UNWRAP (1UL << 18) #define CKF_DERIVE (1UL << 19) #define CKF_EXTENSION ((unsigned long) (1UL << 31)) /* Flags for C_WaitForSlotEvent. */ #define CKF_DONT_BLOCK (1UL) typedef unsigned long ck_rv_t; typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, ck_notification_t event, void *application); /* Forward reference. */ struct ck_function_list; #define _CK_DECLARE_FUNCTION(name, args) \ typedef ck_rv_t (*CK_ ## name) args; \ ck_rv_t CK_SPEC name args _CK_DECLARE_FUNCTION (C_Initialize, (void *init_args)); _CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); _CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info)); _CK_DECLARE_FUNCTION (C_GetFunctionList, (struct ck_function_list **function_list)); _CK_DECLARE_FUNCTION (C_GetSlotList, (unsigned char token_present, ck_slot_id_t *slot_list, unsigned long *count)); _CK_DECLARE_FUNCTION (C_GetSlotInfo, (ck_slot_id_t slot_id, struct ck_slot_info *info)); _CK_DECLARE_FUNCTION (C_GetTokenInfo, (ck_slot_id_t slot_id, struct ck_token_info *info)); _CK_DECLARE_FUNCTION (C_WaitForSlotEvent, (ck_flags_t flags, ck_slot_id_t *slot, void *reserved)); _CK_DECLARE_FUNCTION (C_GetMechanismList, (ck_slot_id_t slot_id, ck_mechanism_type_t *mechanism_list, unsigned long *count)); _CK_DECLARE_FUNCTION (C_GetMechanismInfo, (ck_slot_id_t slot_id, ck_mechanism_type_t type, struct ck_mechanism_info *info)); _CK_DECLARE_FUNCTION (C_InitToken, (ck_slot_id_t slot_id, unsigned char *pin, unsigned long pin_len, unsigned char *label)); _CK_DECLARE_FUNCTION (C_InitPIN, (ck_session_handle_t session, unsigned char *pin, unsigned long pin_len)); _CK_DECLARE_FUNCTION (C_SetPIN, (ck_session_handle_t session, unsigned char *old_pin, unsigned long old_len, unsigned char *new_pin, unsigned long new_len)); _CK_DECLARE_FUNCTION (C_OpenSession, (ck_slot_id_t slot_id, ck_flags_t flags, void *application, ck_notify_t notify, ck_session_handle_t *session)); _CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); _CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); _CK_DECLARE_FUNCTION (C_GetSessionInfo, (ck_session_handle_t session, struct ck_session_info *info)); _CK_DECLARE_FUNCTION (C_GetOperationState, (ck_session_handle_t session, unsigned char *operation_state, unsigned long *operation_state_len)); _CK_DECLARE_FUNCTION (C_SetOperationState, (ck_session_handle_t session, unsigned char *operation_state, unsigned long operation_state_len, ck_object_handle_t encryption_key, ck_object_handle_t authentiation_key)); _CK_DECLARE_FUNCTION (C_Login, (ck_session_handle_t session, ck_user_type_t user_type, unsigned char *pin, unsigned long pin_len)); _CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); _CK_DECLARE_FUNCTION (C_CreateObject, (ck_session_handle_t session, struct ck_attribute *templ, unsigned long count, ck_object_handle_t *object)); _CK_DECLARE_FUNCTION (C_CopyObject, (ck_session_handle_t session, ck_object_handle_t object, struct ck_attribute *templ, unsigned long count, ck_object_handle_t *new_object)); _CK_DECLARE_FUNCTION (C_DestroyObject, (ck_session_handle_t session, ck_object_handle_t object)); _CK_DECLARE_FUNCTION (C_GetObjectSize, (ck_session_handle_t session, ck_object_handle_t object, unsigned long *size)); _CK_DECLARE_FUNCTION (C_GetAttributeValue, (ck_session_handle_t session, ck_object_handle_t object, struct ck_attribute *templ, unsigned long count)); _CK_DECLARE_FUNCTION (C_SetAttributeValue, (ck_session_handle_t session, ck_object_handle_t object, struct ck_attribute *templ, unsigned long count)); _CK_DECLARE_FUNCTION (C_FindObjectsInit, (ck_session_handle_t session, struct ck_attribute *templ, unsigned long count)); _CK_DECLARE_FUNCTION (C_FindObjects, (ck_session_handle_t session, ck_object_handle_t *object, unsigned long max_object_count, unsigned long *object_count)); _CK_DECLARE_FUNCTION (C_FindObjectsFinal, (ck_session_handle_t session)); _CK_DECLARE_FUNCTION (C_EncryptInit, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_Encrypt, (ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *encrypted_data, unsigned long *encrypted_data_len)); _CK_DECLARE_FUNCTION (C_EncryptUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len, unsigned char *encrypted_part, unsigned long *encrypted_part_len)); _CK_DECLARE_FUNCTION (C_EncryptFinal, (ck_session_handle_t session, unsigned char *last_encrypted_part, unsigned long *last_encrypted_part_len)); _CK_DECLARE_FUNCTION (C_DecryptInit, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_Decrypt, (ck_session_handle_t session, unsigned char *encrypted_data, unsigned long encrypted_data_len, unsigned char *data, unsigned long *data_len)); _CK_DECLARE_FUNCTION (C_DecryptUpdate, (ck_session_handle_t session, unsigned char *encrypted_part, unsigned long encrypted_part_len, unsigned char *part, unsigned long *part_len)); _CK_DECLARE_FUNCTION (C_DecryptFinal, (ck_session_handle_t session, unsigned char *last_part, unsigned long *last_part_len)); _CK_DECLARE_FUNCTION (C_DigestInit, (ck_session_handle_t session, struct ck_mechanism *mechanism)); _CK_DECLARE_FUNCTION (C_Digest, (ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *digest, unsigned long *digest_len)); _CK_DECLARE_FUNCTION (C_DigestUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len)); _CK_DECLARE_FUNCTION (C_DigestKey, (ck_session_handle_t session, ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_DigestFinal, (ck_session_handle_t session, unsigned char *digest, unsigned long *digest_len)); _CK_DECLARE_FUNCTION (C_SignInit, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_Sign, (ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *signature, unsigned long *signature_len)); _CK_DECLARE_FUNCTION (C_SignUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len)); _CK_DECLARE_FUNCTION (C_SignFinal, (ck_session_handle_t session, unsigned char *signature, unsigned long *signature_len)); _CK_DECLARE_FUNCTION (C_SignRecoverInit, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_SignRecover, (ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *signature, unsigned long *signature_len)); _CK_DECLARE_FUNCTION (C_VerifyInit, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_Verify, (ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *signature, unsigned long signature_len)); _CK_DECLARE_FUNCTION (C_VerifyUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len)); _CK_DECLARE_FUNCTION (C_VerifyFinal, (ck_session_handle_t session, unsigned char *signature, unsigned long signature_len)); _CK_DECLARE_FUNCTION (C_VerifyRecoverInit, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_VerifyRecover, (ck_session_handle_t session, unsigned char *signature, unsigned long signature_len, unsigned char *data, unsigned long *data_len)); _CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len, unsigned char *encrypted_part, unsigned long *encrypted_part_len)); _CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, (ck_session_handle_t session, unsigned char *encrypted_part, unsigned long encrypted_part_len, unsigned char *part, unsigned long *part_len)); _CK_DECLARE_FUNCTION (C_SignEncryptUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len, unsigned char *encrypted_part, unsigned long *encrypted_part_len)); _CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, (ck_session_handle_t session, unsigned char *encrypted_part, unsigned long encrypted_part_len, unsigned char *part, unsigned long *part_len)); _CK_DECLARE_FUNCTION (C_GenerateKey, (ck_session_handle_t session, struct ck_mechanism *mechanism, struct ck_attribute *templ, unsigned long count, ck_object_handle_t *key)); _CK_DECLARE_FUNCTION (C_GenerateKeyPair, (ck_session_handle_t session, struct ck_mechanism *mechanism, struct ck_attribute *public_key_template, unsigned long public_key_attribute_count, struct ck_attribute *private_key_template, unsigned long private_key_attribute_count, ck_object_handle_t *public_key, ck_object_handle_t *private_key)); _CK_DECLARE_FUNCTION (C_WrapKey, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t wrapping_key, ck_object_handle_t key, unsigned char *wrapped_key, unsigned long *wrapped_key_len)); _CK_DECLARE_FUNCTION (C_UnwrapKey, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t unwrapping_key, unsigned char *wrapped_key, unsigned long wrapped_key_len, struct ck_attribute *templ, unsigned long attribute_count, ck_object_handle_t *key)); _CK_DECLARE_FUNCTION (C_DeriveKey, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t base_key, struct ck_attribute *templ, unsigned long attribute_count, ck_object_handle_t *key)); _CK_DECLARE_FUNCTION (C_SeedRandom, (ck_session_handle_t session, unsigned char *seed, unsigned long seed_len)); _CK_DECLARE_FUNCTION (C_GenerateRandom, (ck_session_handle_t session, unsigned char *random_data, unsigned long random_len)); _CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); _CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); struct ck_function_list { struct ck_version version; CK_C_Initialize C_Initialize; CK_C_Finalize C_Finalize; CK_C_GetInfo C_GetInfo; CK_C_GetFunctionList C_GetFunctionList; CK_C_GetSlotList C_GetSlotList; CK_C_GetSlotInfo C_GetSlotInfo; CK_C_GetTokenInfo C_GetTokenInfo; CK_C_GetMechanismList C_GetMechanismList; CK_C_GetMechanismInfo C_GetMechanismInfo; CK_C_InitToken C_InitToken; CK_C_InitPIN C_InitPIN; CK_C_SetPIN C_SetPIN; CK_C_OpenSession C_OpenSession; CK_C_CloseSession C_CloseSession; CK_C_CloseAllSessions C_CloseAllSessions; CK_C_GetSessionInfo C_GetSessionInfo; CK_C_GetOperationState C_GetOperationState; CK_C_SetOperationState C_SetOperationState; CK_C_Login C_Login; CK_C_Logout C_Logout; CK_C_CreateObject C_CreateObject; CK_C_CopyObject C_CopyObject; CK_C_DestroyObject C_DestroyObject; CK_C_GetObjectSize C_GetObjectSize; CK_C_GetAttributeValue C_GetAttributeValue; CK_C_SetAttributeValue C_SetAttributeValue; CK_C_FindObjectsInit C_FindObjectsInit; CK_C_FindObjects C_FindObjects; CK_C_FindObjectsFinal C_FindObjectsFinal; CK_C_EncryptInit C_EncryptInit; CK_C_Encrypt C_Encrypt; CK_C_EncryptUpdate C_EncryptUpdate; CK_C_EncryptFinal C_EncryptFinal; CK_C_DecryptInit C_DecryptInit; CK_C_Decrypt C_Decrypt; CK_C_DecryptUpdate C_DecryptUpdate; CK_C_DecryptFinal C_DecryptFinal; CK_C_DigestInit C_DigestInit; CK_C_Digest C_Digest; CK_C_DigestUpdate C_DigestUpdate; CK_C_DigestKey C_DigestKey; CK_C_DigestFinal C_DigestFinal; CK_C_SignInit C_SignInit; CK_C_Sign C_Sign; CK_C_SignUpdate C_SignUpdate; CK_C_SignFinal C_SignFinal; CK_C_SignRecoverInit C_SignRecoverInit; CK_C_SignRecover C_SignRecover; CK_C_VerifyInit C_VerifyInit; CK_C_Verify C_Verify; CK_C_VerifyUpdate C_VerifyUpdate; CK_C_VerifyFinal C_VerifyFinal; CK_C_VerifyRecoverInit C_VerifyRecoverInit; CK_C_VerifyRecover C_VerifyRecover; CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; CK_C_SignEncryptUpdate C_SignEncryptUpdate; CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; CK_C_GenerateKey C_GenerateKey; CK_C_GenerateKeyPair C_GenerateKeyPair; CK_C_WrapKey C_WrapKey; CK_C_UnwrapKey C_UnwrapKey; CK_C_DeriveKey C_DeriveKey; CK_C_SeedRandom C_SeedRandom; CK_C_GenerateRandom C_GenerateRandom; CK_C_GetFunctionStatus C_GetFunctionStatus; CK_C_CancelFunction C_CancelFunction; CK_C_WaitForSlotEvent C_WaitForSlotEvent; }; typedef ck_rv_t (*ck_createmutex_t) (void **mutex); typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex); struct ck_c_initialize_args { ck_createmutex_t create_mutex; ck_destroymutex_t destroy_mutex; ck_lockmutex_t lock_mutex; ck_unlockmutex_t unlock_mutex; ck_flags_t flags; void *reserved; }; #define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1UL << 0) #define CKF_OS_LOCKING_OK (1UL << 1) #define CKR_OK (0UL) #define CKR_CANCEL (1UL) #define CKR_HOST_MEMORY (2UL) #define CKR_SLOT_ID_INVALID (3UL) #define CKR_GENERAL_ERROR (5UL) #define CKR_FUNCTION_FAILED (6UL) #define CKR_ARGUMENTS_BAD (7UL) #define CKR_NO_EVENT (8UL) #define CKR_NEED_TO_CREATE_THREADS (9UL) #define CKR_CANT_LOCK (0xaUL) #define CKR_ATTRIBUTE_READ_ONLY (0x10UL) #define CKR_ATTRIBUTE_SENSITIVE (0x11UL) #define CKR_ATTRIBUTE_TYPE_INVALID (0x12UL) #define CKR_ATTRIBUTE_VALUE_INVALID (0x13UL) #define CKR_DATA_INVALID (0x20UL) #define CKR_DATA_LEN_RANGE (0x21UL) #define CKR_DEVICE_ERROR (0x30UL) #define CKR_DEVICE_MEMORY (0x31UL) #define CKR_DEVICE_REMOVED (0x32UL) #define CKR_ENCRYPTED_DATA_INVALID (0x40UL) #define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41UL) #define CKR_FUNCTION_CANCELED (0x50UL) #define CKR_FUNCTION_NOT_PARALLEL (0x51UL) #define CKR_FUNCTION_NOT_SUPPORTED (0x54UL) #define CKR_KEY_HANDLE_INVALID (0x60UL) #define CKR_KEY_SIZE_RANGE (0x62UL) #define CKR_KEY_TYPE_INCONSISTENT (0x63UL) #define CKR_KEY_NOT_NEEDED (0x64UL) #define CKR_KEY_CHANGED (0x65UL) #define CKR_KEY_NEEDED (0x66UL) #define CKR_KEY_INDIGESTIBLE (0x67UL) #define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68UL) #define CKR_KEY_NOT_WRAPPABLE (0x69UL) #define CKR_KEY_UNEXTRACTABLE (0x6aUL) #define CKR_MECHANISM_INVALID (0x70UL) #define CKR_MECHANISM_PARAM_INVALID (0x71UL) #define CKR_OBJECT_HANDLE_INVALID (0x82UL) #define CKR_OPERATION_ACTIVE (0x90UL) #define CKR_OPERATION_NOT_INITIALIZED (0x91UL) #define CKR_PIN_INCORRECT (0xa0UL) #define CKR_PIN_INVALID (0xa1UL) #define CKR_PIN_LEN_RANGE (0xa2UL) #define CKR_PIN_EXPIRED (0xa3UL) #define CKR_PIN_LOCKED (0xa4UL) #define CKR_SESSION_CLOSED (0xb0UL) #define CKR_SESSION_COUNT (0xb1UL) #define CKR_SESSION_HANDLE_INVALID (0xb3UL) #define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4UL) #define CKR_SESSION_READ_ONLY (0xb5UL) #define CKR_SESSION_EXISTS (0xb6UL) #define CKR_SESSION_READ_ONLY_EXISTS (0xb7UL) #define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8UL) #define CKR_SIGNATURE_INVALID (0xc0UL) #define CKR_SIGNATURE_LEN_RANGE (0xc1UL) #define CKR_TEMPLATE_INCOMPLETE (0xd0UL) #define CKR_TEMPLATE_INCONSISTENT (0xd1UL) #define CKR_TOKEN_NOT_PRESENT (0xe0UL) #define CKR_TOKEN_NOT_RECOGNIZED (0xe1UL) #define CKR_TOKEN_WRITE_PROTECTED (0xe2UL) #define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0UL) #define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1UL) #define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2UL) #define CKR_USER_ALREADY_LOGGED_IN (0x100UL) #define CKR_USER_NOT_LOGGED_IN (0x101UL) #define CKR_USER_PIN_NOT_INITIALIZED (0x102UL) #define CKR_USER_TYPE_INVALID (0x103UL) #define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104UL) #define CKR_USER_TOO_MANY_TYPES (0x105UL) #define CKR_WRAPPED_KEY_INVALID (0x110UL) #define CKR_WRAPPED_KEY_LEN_RANGE (0x112UL) #define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113UL) #define CKR_WRAPPING_KEY_SIZE_RANGE (0x114UL) #define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115UL) #define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120UL) #define CKR_RANDOM_NO_RNG (0x121UL) #define CKR_DOMAIN_PARAMS_INVALID (0x130UL) #define CKR_BUFFER_TOO_SMALL (0x150UL) #define CKR_SAVED_STATE_INVALID (0x160UL) #define CKR_INFORMATION_SENSITIVE (0x170UL) #define CKR_STATE_UNSAVEABLE (0x180UL) #define CKR_CRYPTOKI_NOT_INITIALIZED (0x190UL) #define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191UL) #define CKR_MUTEX_BAD (0x1a0UL) #define CKR_MUTEX_NOT_LOCKED (0x1a1UL) #define CKR_FUNCTION_REJECTED (0x200UL) #define CKR_VENDOR_DEFINED ((unsigned long) (1UL << 31)) /* Compatibility layer. */ #ifdef CRYPTOKI_COMPAT #undef CK_DEFINE_FUNCTION #define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name /* For NULL. */ #include typedef unsigned char CK_BYTE; typedef unsigned char CK_CHAR; typedef unsigned char CK_UTF8CHAR; typedef unsigned char CK_BBOOL; typedef unsigned long int CK_ULONG; typedef long int CK_LONG; typedef CK_BYTE *CK_BYTE_PTR; typedef CK_CHAR *CK_CHAR_PTR; typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; typedef CK_ULONG *CK_ULONG_PTR; typedef void *CK_VOID_PTR; typedef void **CK_VOID_PTR_PTR; #define CK_FALSE 0 #define CK_TRUE 1 #ifndef CK_DISABLE_TRUE_FALSE #ifndef FALSE #define FALSE 0 #endif #ifndef TRUE #define TRUE 1 #endif #endif typedef struct ck_version CK_VERSION; typedef struct ck_version *CK_VERSION_PTR; typedef struct ck_info CK_INFO; typedef struct ck_info *CK_INFO_PTR; typedef ck_slot_id_t *CK_SLOT_ID_PTR; typedef struct ck_slot_info CK_SLOT_INFO; typedef struct ck_slot_info *CK_SLOT_INFO_PTR; typedef struct ck_token_info CK_TOKEN_INFO; typedef struct ck_token_info *CK_TOKEN_INFO_PTR; typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; typedef struct ck_session_info CK_SESSION_INFO; typedef struct ck_session_info *CK_SESSION_INFO_PTR; typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; typedef struct ck_attribute CK_ATTRIBUTE; typedef struct ck_attribute *CK_ATTRIBUTE_PTR; typedef struct ck_date CK_DATE; typedef struct ck_date *CK_DATE_PTR; typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; typedef struct ck_mechanism CK_MECHANISM; typedef struct ck_mechanism *CK_MECHANISM_PTR; typedef struct ck_mechanism_info CK_MECHANISM_INFO; typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; typedef struct ck_function_list CK_FUNCTION_LIST; typedef struct ck_function_list *CK_FUNCTION_LIST_PTR; typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; #define NULL_PTR NULL /* Delete the helper macros defined at the top of the file. */ #undef ck_flags_t #undef ck_version #undef ck_info #undef cryptoki_version #undef manufacturer_id #undef library_description #undef library_version #undef ck_notification_t #undef ck_slot_id_t #undef ck_slot_info #undef slot_description #undef hardware_version #undef firmware_version #undef ck_token_info #undef serial_number #undef max_session_count #undef session_count #undef max_rw_session_count #undef rw_session_count #undef max_pin_len #undef min_pin_len #undef total_public_memory #undef free_public_memory #undef total_private_memory #undef free_private_memory #undef utc_time #undef ck_session_handle_t #undef ck_user_type_t #undef ck_state_t #undef ck_session_info #undef slot_id #undef device_error #undef ck_object_handle_t #undef ck_object_class_t #undef ck_hw_feature_type_t #undef ck_key_type_t #undef ck_certificate_type_t #undef ck_attribute_type_t #undef ck_attribute #undef value #undef value_len #undef ck_date #undef ck_mechanism_type_t #undef ck_mechanism #undef parameter #undef parameter_len #undef ck_mechanism_info #undef min_key_size #undef max_key_size #undef ck_rv_t #undef ck_notify_t #undef ck_function_list #undef ck_createmutex_t #undef ck_destroymutex_t #undef ck_lockmutex_t #undef ck_unlockmutex_t #undef ck_c_initialize_args #undef create_mutex #undef destroy_mutex #undef lock_mutex #undef unlock_mutex #undef reserved #endif /* CRYPTOKI_COMPAT */ /* System dependencies. */ #if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) #pragma pack(pop, cryptoki) #endif #if defined(__cplusplus) } #endif #endif /* PKCS11_H */ caml-crush-1.0.12/src/bindings-pkcs11/pkcs11.cocci.new000066400000000000000000000117551414774042300222300ustar00rootroot00000000000000@@ typedef ck_rv_t; typedef ck_session_handle_t; @@ - ck_rv_t ML_CK_C_Encrypt(/*in*/ ck_session_handle_t session, /*in*/ unsigned char *data, /*in*/ unsigned long data_len, /*out*/ unsigned char *encrypted, /*in*/ unsigned long *encrypted_len); + ck_rv_t ML_CK_C_Encrypt(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char **encrypted, unsigned long *encrypted_len); @@ typedef ck_rv_t; typedef ck_session_handle_t; @@ - ck_rv_t ML_CK_C_EncryptUpdate(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *encrypted, unsigned long *encrypted_len); + ck_rv_t ML_CK_C_EncryptUpdate(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char **encrypted, unsigned long *encrypted_len); @@ typedef ck_rv_t; typedef ck_session_handle_t; @@ - ck_rv_t ML_CK_C_DigestEncryptUpdate(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *encrypted, unsigned long *encrypted_len); + ck_rv_t ML_CK_C_DigestEncryptUpdate(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char **encrypted, unsigned long *encrypted_len); @@ typedef ck_rv_t; typedef ck_session_handle_t; @@ - ck_rv_t ML_CK_C_SignEncryptUpdate(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *encrypted, unsigned long *encrypted_len); + ck_rv_t ML_CK_C_SignEncryptUpdate(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char **encrypted, unsigned long *encrypted_len); @@ typedef ck_rv_t; typedef ck_session_handle_t; @@ - ck_rv_t ML_CK_C_EncryptFinal(ck_session_handle_t session, unsigned char *encrypted, unsigned long *encrypted_len); + ck_rv_t ML_CK_C_EncryptFinal(ck_session_handle_t session, unsigned char **encrypted, unsigned long *encrypted_len); @@ typedef ck_rv_t; typedef ck_session_handle_t; @@ - ck_rv_t ML_CK_C_Decrypt(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char *decrypted, unsigned long *decrypted_len); + ck_rv_t ML_CK_C_Decrypt(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char **decrypted, unsigned long *decrypted_len); @@ typedef ck_rv_t; typedef ck_session_handle_t; @@ - ck_rv_t ML_CK_C_VerifyRecover(ck_session_handle_t session, unsigned char *signature, unsigned long signature_len, unsigned char *data, unsigned long *data_len); + ck_rv_t ML_CK_C_VerifyRecover(ck_session_handle_t session, unsigned char *signature, unsigned long signature_len, unsigned char **data, unsigned long *data_len); @@ typedef ck_rv_t; typedef ck_session_handle_t; @@ - ck_rv_t ML_CK_C_DecryptUpdate(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char *data, unsigned long *data_len); + ck_rv_t ML_CK_C_DecryptUpdate(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char **data, unsigned long *data_len); @@ typedef ck_rv_t; typedef ck_session_handle_t; @@ - ck_rv_t ML_CK_C_DecryptDigestUpdate(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char *data, unsigned long *data_len); + ck_rv_t ML_CK_C_DecryptDigestUpdate(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char **data, unsigned long *data_len); @@ typedef ck_rv_t; typedef ck_session_handle_t; @@ - ck_rv_t ML_CK_C_DecryptVerifyUpdate(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char *data, unsigned long *data_len); + ck_rv_t ML_CK_C_DecryptVerifyUpdate(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char **data, unsigned long *data_len); @@ typedef ck_rv_t; typedef ck_session_handle_t; @@ - ck_rv_t ML_CK_C_DecryptFinal(ck_session_handle_t session, unsigned char *decrypted, unsigned long *decrypted_len); + ck_rv_t ML_CK_C_DecryptFinal(ck_session_handle_t session, unsigned char **decrypted, unsigned long *decrypted_len); @@ typedef ck_rv_t; typedef ck_session_handle_t; @@ - ck_rv_t ML_CK_C_GetOperationState(ck_session_handle_t session, unsigned char *data, unsigned long *data_len); + ck_rv_t ML_CK_C_GetOperationState(ck_session_handle_t session, unsigned char **data, unsigned long *data_len); @@ @@ - void char_array_to_ulong(/*in*/ unsigned char *data, /*out*/ unsigned long output); + void char_array_to_ulong(/*in*/ unsigned char *data, /*in*/ size_t data_size, /*out*/ unsigned long *output); @@ symbol in, out, out_len; @@ - void hton_char_array(/*in*/ unsigned char *in, /*out*/ unsigned char *out, /*in*/ unsigned long *out_len); + void hton_char_array(/*in*/ unsigned char *in, unsigned long in_len, /*out*/ unsigned char *out, /*in*/ unsigned long *out_len); @@ symbol in, out, out_len; @@ - void ntoh_char_array(/*in*/ unsigned char *in, /*out*/ unsigned char *out, /*in*/ unsigned long *out_len); + void ntoh_char_array(/*in*/ unsigned char *in, unsigned long in_len, /*out*/ unsigned char *out, /*in*/ unsigned long *out_len); caml-crush-1.0.12/src/bindings-pkcs11/pkcs11.cocci.old000066400000000000000000000123141414774042300222050ustar00rootroot00000000000000@@ typedef ck_rv_t; typedef ck_session_handle_t; identifier session, encrypted, encrypted_len, data, data_len; @@ - ck_rv_t ML_CK_C_Encrypt(/*in*/ ck_session_handle_t session, /*in*/ unsigned char *data, /*in*/ unsigned long data_len, /*out*/ unsigned char *encrypted, /*in*/ unsigned long *encrypted_len); + ck_rv_t ML_CK_C_Encrypt(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char **encrypted, unsigned long *encrypted_len); @@ identifier session, encrypted, encrypted_len, data, data_len; @@ - ck_rv_t ML_CK_C_EncryptUpdate(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *encrypted, unsigned long *encrypted_len); + ck_rv_t ML_CK_C_EncryptUpdate(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char **encrypted, unsigned long *encrypted_len); @@ identifier session, encrypted, encrypted_len, data, data_len; @@ - ck_rv_t ML_CK_C_DigestEncryptUpdate(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *encrypted, unsigned long *encrypted_len); + ck_rv_t ML_CK_C_DigestEncryptUpdate(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char **encrypted, unsigned long *encrypted_len); @@ identifier session, encrypted, encrypted_len, data, data_len; @@ - ck_rv_t ML_CK_C_SignEncryptUpdate(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *encrypted, unsigned long *encrypted_len); + ck_rv_t ML_CK_C_SignEncryptUpdate(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char **encrypted, unsigned long *encrypted_len); @@ identifier session, encrypted, encrypted_len; @@ - ck_rv_t ML_CK_C_EncryptFinal(ck_session_handle_t session, unsigned char *encrypted, unsigned long *encrypted_len); + ck_rv_t ML_CK_C_EncryptFinal(ck_session_handle_t session, unsigned char **encrypted, unsigned long *encrypted_len); @@ identifier session, encrypted, encrypted_len, decrypted, decrypted_len; @@ - ck_rv_t ML_CK_C_Decrypt(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char *decrypted, unsigned long *decrypted_len); + ck_rv_t ML_CK_C_Decrypt(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char **decrypted, unsigned long *decrypted_len); @@ identifier session, signature, signature_len, data, data_len; @@ - ck_rv_t ML_CK_C_VerifyRecover(ck_session_handle_t session, unsigned char *signature, unsigned long signature_len, unsigned char *data, unsigned long *data_len); + ck_rv_t ML_CK_C_VerifyRecover(ck_session_handle_t session, unsigned char *signature, unsigned long signature_len, unsigned char **data, unsigned long *data_len); @@ identifier session, encrypted, encrypted_len, data, data_len; @@ - ck_rv_t ML_CK_C_DecryptUpdate(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char *data, unsigned long *data_len); + ck_rv_t ML_CK_C_DecryptUpdate(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char **data, unsigned long *data_len); @@ identifier session, encrypted, encrypted_len, data, data_len; @@ - ck_rv_t ML_CK_C_DecryptDigestUpdate(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char *data, unsigned long *data_len); + ck_rv_t ML_CK_C_DecryptDigestUpdate(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char **data, unsigned long *data_len); @@ identifier session, encrypted, encrypted_len, data, data_len; @@ - ck_rv_t ML_CK_C_DecryptVerifyUpdate(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char *data, unsigned long *data_len); + ck_rv_t ML_CK_C_DecryptVerifyUpdate(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char **data, unsigned long *data_len); @@ identifier session, decrypted, decrypted_len; @@ - ck_rv_t ML_CK_C_DecryptFinal(ck_session_handle_t session, unsigned char *decrypted, unsigned long *decrypted_len); + ck_rv_t ML_CK_C_DecryptFinal(ck_session_handle_t session, unsigned char **decrypted, unsigned long *decrypted_len); @@ identifier session, data, data_len; @@ - ck_rv_t ML_CK_C_GetOperationState(ck_session_handle_t session, unsigned char *data, unsigned long *data_len); + ck_rv_t ML_CK_C_GetOperationState(ck_session_handle_t session, unsigned char **data, unsigned long *data_len); @@ identifier data, output; @@ - void char_array_to_ulong(/*in*/ unsigned char *data, /*out*/ unsigned long output); + void char_array_to_ulong(/*in*/ unsigned char *data, /*in*/ size_t data_size, /*out*/ unsigned long *output); @@ identifier in, out, out_len; @@ - void hton_char_array(/*in*/ unsigned char *in, /*out*/ unsigned char *out, /*in*/ unsigned long *out_len); + void hton_char_array(/*in*/ unsigned char *in, unsigned long in_len, /*out*/ unsigned char *out, /*in*/ unsigned long *out_len); @@ identifier in, out, out_len; @@ - void ntoh_char_array(/*in*/ unsigned char *in, /*out*/ unsigned char *out, /*in*/ unsigned long *out_len); + void ntoh_char_array(/*in*/ unsigned char *in, unsigned long in_len, /*out*/ unsigned char *out, /*in*/ unsigned long *out_len); caml-crush-1.0.12/src/bindings-pkcs11/pkcs11.h000066400000000000000000001041701414774042300206010ustar00rootroot00000000000000/* File generated from pkcs11.idl */ #ifndef _CAMLIDL_PKCS11_H #define _CAMLIDL_PKCS11_H #ifdef __cplusplus #define _CAMLIDL_EXTERN_C extern "C" #else #define _CAMLIDL_EXTERN_C extern #endif #ifdef _WIN32 #pragma pack(push,1/* Replaced for PKCS11 compatibiliy */) /* necessary for COM interfaces */ #endif #include #include #include typedef unsigned long ck_flags_t; struct ck_version { unsigned char major; unsigned char minor; }; #define GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) #ifdef __FreeBSD__ /* Needed on FreeBSD for endianess conversion functions */ #include #endif #ifdef __APPLE__ /* Needed on Mac OS X for endianess conversion functions */ #include #define htobe16(x) OSSwapHostToBigInt16(x) #define htole16(x) OSSwapHostToLittleInt16(x) #define be16toh(x) OSSwapBigToHostInt16(x) #define le16toh(x) OSSwapLittleToHostInt16(x) #define htobe32(x) OSSwapHostToBigInt32(x) #define htole32(x) OSSwapHostToLittleInt32(x) #define be32toh(x) OSSwapBigToHostInt32(x) #define le32toh(x) OSSwapLittleToHostInt32(x) #define htobe64(x) OSSwapHostToBigInt64(x) #define htole64(x) OSSwapHostToLittleInt64(x) #define be64toh(x) OSSwapBigToHostInt64(x) #define le64toh(x) OSSwapLittleToHostInt64(x) #endif #ifdef CUSTOM_ALLOC void* custom_malloc(size_t size); void custom_free(void** to_free); /* Custom malloc to fail on malloc error */ void* custom_malloc(size_t size){ void* returned_pointer = (void*)malloc(size); if(returned_pointer == NULL){ #ifdef DEBUG printf ("malloc error: NULL pointer returned! We exit\n"); #endif exit(-1); } return returned_pointer; } /* Custom free to force NULL on variables */ void custom_free(void** to_free){ if(*to_free == NULL){ #ifdef DEBUG printf ("warning: trying to free a NULL pointer! Ignoring ...\n"); #endif return; } free(*to_free); *to_free = NULL; return; } #else extern void* custom_malloc(size_t size); extern void custom_free(void** to_free); #endif /* To handle nativeint versus int64 for native bindings versus RPC ocaml client */ #ifdef CAMLRPC #define custom_copy_int(input) copy_int64((input)) #define custom_int_val(input) Int64_val((input)) #else #define custom_copy_int(input) copy_nativeint((input)) #define custom_int_val(input) Nativeint_val((input)) #endif #define LITTLE_ENDIAN_64 1 #define LITTLE_ENDIAN_32 2 #define BIG_ENDIAN_64 3 #define BIG_ENDIAN_32 4 #define UNSUPPORTED_ARCHITECTURE 5 #define NOT_INITIALIZED 6 #ifdef SERVER_ROLE /* variable used to avoid multiple calls to C_LoadModule */ unsigned long module_loaded = NOT_INITIALIZED; /* variable used to detect architecture */ unsigned long peer_arch = NOT_INITIALIZED; #else unsigned long peer_arch; #endif unsigned long my_arch; struct ck_info { struct ck_version cryptoki_version; unsigned char manufacturer_id[32]; ck_flags_t flags; unsigned char library_description[32]; struct ck_version library_version; }; typedef unsigned long ck_notification_t; typedef unsigned long ck_slot_id_t; struct ck_slot_info { unsigned char slot_description[64]; unsigned char manufacturer_id[32]; ck_flags_t flags; struct ck_version hardware_version; struct ck_version firmware_version; }; struct ck_token_info { unsigned char label[32]; unsigned char manufacturer_id[32]; unsigned char model[16]; unsigned char serial_number[16]; ck_flags_t flags; unsigned long max_session_count; unsigned long session_count; unsigned long max_rw_session_count; unsigned long rw_session_count; unsigned long max_pin_len; unsigned long min_pin_len; unsigned long total_public_memory; unsigned long free_public_memory; unsigned long total_private_memory; unsigned long free_private_memory; struct ck_version hardware_version; struct ck_version firmware_version; unsigned char utc_time[16]; }; typedef unsigned long ck_session_handle_t; typedef unsigned long ck_user_type_t; typedef unsigned long ck_state_t; struct ck_session_info { ck_slot_id_t slot_id; ck_state_t state; ck_flags_t flags; unsigned long device_error; }; typedef unsigned long ck_object_handle_t; typedef unsigned long ck_object_class_t; typedef unsigned long ck_hw_feature_type_t; typedef unsigned long ck_key_type_t; typedef unsigned long ck_certificate_type_t; typedef unsigned long ck_attribute_type_t; struct ck_attribute { ck_attribute_type_t type_; char *value; unsigned long value_len; }; struct ck_date { unsigned char year[4]; unsigned char month[2]; unsigned char day[2]; }; typedef unsigned long ck_mechanism_type_t; struct ck_mechanism { ck_mechanism_type_t mechanism; char *parameter; unsigned long parameter_len; }; struct ck_mechanism_info { unsigned long min_key_size; unsigned long max_key_size; ck_flags_t flags; }; typedef unsigned char CK_BYTE; typedef unsigned char CK_CHAR; typedef unsigned char CK_UTF8CHAR; typedef unsigned char CK_BBOOL; typedef unsigned long CK_ULONG; typedef long CK_LONG; typedef CK_BYTE *CK_BYTE_PTR; typedef CK_CHAR *CK_CHAR_PTR; typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; typedef CK_ULONG *CK_ULONG_PTR; typedef struct ck_version CK_VERSION; typedef struct ck_version *CK_VERSION_PTR; typedef struct ck_info CK_INFO; typedef struct ck_info *CK_INFO_PTR; typedef ck_slot_id_t *CK_SLOT_ID_PTR; typedef struct ck_slot_info CK_SLOT_INFO; typedef struct ck_slot_info *CK_SLOT_INFO_PTR; typedef struct ck_token_info CK_TOKEN_INFO; typedef struct ck_token_info *CK_TOKEN_INFO_PTR; typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; typedef struct ck_session_info CK_SESSION_INFO; typedef struct ck_session_info *CK_SESSION_INFO_PTR; typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; typedef struct ck_attribute CK_ATTRIBUTE; typedef struct ck_attribute *CK_ATTRIBUTE_PTR; typedef struct ck_date CK_DATE; typedef struct ck_date *CK_DATE_PTR; typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; typedef struct ck_mechanism CK_MECHANISM; typedef struct ck_mechanism *CK_MECHANISM_PTR; typedef struct ck_mechanism_info CK_MECHANISM_INFO; typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; struct ck_c_initialize_args; typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; typedef unsigned long ck_rv_t; typedef int *ck_createmutex_t; typedef int *ck_destroymutex_t; typedef int *ck_lockmutex_t; typedef int *ck_unlockmutex_t; struct ck_c_initialize_args { ck_createmutex_t create_mutex; ck_destroymutex_t destroy_mutex; ck_lockmutex_t lock_mutex; ck_unlockmutex_t unlock_mutex; ck_flags_t flags; void *reserved; }; extern ck_rv_t ML_CK_C_Daemonize(/*in*/ unsigned char *param, /*in*/ unsigned long param_len); extern ck_rv_t ML_CK_C_SetupArch(/*in*/ unsigned int arch); extern ck_rv_t ML_CK_C_LoadModule(/*in*/ unsigned char *libname); extern ck_rv_t ML_CK_C_Initialize(void); extern ck_rv_t ML_CK_C_Finalize(void); extern ck_rv_t ML_CK_C_GetSlotList(/*in*/ unsigned int token_present, /*out*/ ck_slot_id_t *slot_list, /*in*/ unsigned long count, /*out*/ unsigned long *real_count); extern ck_rv_t ML_CK_C_GetInfo(/*out*/ struct ck_info *info); extern ck_rv_t ML_CK_C_WaitForSlotEvent(/*in*/ ck_flags_t flags, /*out*/ ck_slot_id_t *slot_id); extern ck_rv_t ML_CK_C_GetSlotInfo(/*in*/ ck_slot_id_t slot_id, /*out*/ struct ck_slot_info *info); extern ck_rv_t ML_CK_C_GetTokenInfo(/*in*/ ck_slot_id_t slot_id, /*out*/ struct ck_token_info *info); extern ck_rv_t ML_CK_C_InitToken(/*in*/ ck_slot_id_t slot_id, /*in*/ unsigned char *pin, /*in*/ unsigned long pin_len, /*in*/ unsigned char *label); extern ck_rv_t ML_CK_C_OpenSession(/*in*/ ck_slot_id_t slot_id, /*in*/ ck_flags_t flags, /*out*/ ck_session_handle_t *session); extern ck_rv_t ML_CK_C_CloseSession(/*in*/ ck_session_handle_t session); extern ck_rv_t ML_CK_C_CloseAllSessions(/*in*/ ck_slot_id_t slot_id); extern ck_rv_t ML_CK_C_GetSessionInfo(/*in*/ ck_session_handle_t session, /*out*/ struct ck_session_info *info); extern ck_rv_t ML_CK_C_Login(/*in*/ ck_session_handle_t session, /*in*/ ck_user_type_t user_type, /*in*/ unsigned char *pin, /*in*/ unsigned long pin_len); extern ck_rv_t ML_CK_C_Logout(/*in*/ ck_session_handle_t session); extern ck_rv_t ML_CK_C_GetMechanismList(/*in*/ ck_slot_id_t slot_id, /*out*/ ck_mechanism_type_t *mechanism_list, /*in*/ unsigned long count, /*out*/ unsigned long *real_count); extern ck_rv_t ML_CK_C_GetMechanismInfo(/*in*/ ck_slot_id_t slot_id, /*in*/ ck_mechanism_type_t mechanism, /*out*/ struct ck_mechanism_info *info); extern ck_rv_t ML_CK_C_InitPIN(/*in*/ ck_session_handle_t session, /*in*/ unsigned char *pin, /*in*/ unsigned long pin_len); extern ck_rv_t ML_CK_C_SetPIN(/*in*/ ck_session_handle_t session, /*in*/ unsigned char *old_pin, /*in*/ unsigned long old_pin_len, /*in*/ unsigned char *new_pin, /*in*/ unsigned long new_pin_len); extern ck_rv_t ML_CK_C_SeedRandom(/*in*/ ck_session_handle_t session, /*in*/ unsigned char *seed, /*in*/ unsigned long seed_len); extern ck_rv_t ML_CK_C_GenerateRandom(/*in*/ ck_session_handle_t session, /*out*/ unsigned char *rand_value, /*in*/ unsigned long rand_len); extern ck_rv_t ML_CK_C_FindObjectsInit(/*in*/ ck_session_handle_t session, /*in*/ struct ck_attribute *templ, /*in*/ unsigned long count); extern ck_rv_t ML_CK_C_FindObjects(/*in*/ ck_session_handle_t session, /*out*/ ck_object_handle_t *object, /*in*/ unsigned long max_object_count, /*out*/ unsigned long *object_count); extern ck_rv_t ML_CK_C_FindObjectsFinal(/*in*/ ck_session_handle_t session); extern ck_rv_t ML_CK_C_GenerateKey(/*in*/ ck_session_handle_t session, /*in*/ struct ck_mechanism mechanism, /*in*/ struct ck_attribute *templ, /*in*/ unsigned long count, /*out*/ ck_object_handle_t *phkey); extern ck_rv_t ML_CK_C_GenerateKeyPair(/*in*/ ck_session_handle_t session, /*in*/ struct ck_mechanism mechanism, /*in*/ struct ck_attribute *pub_templ, /*in*/ unsigned long pub_count, /*in*/ struct ck_attribute *priv_templ, /*in*/ unsigned long priv_count, /*out*/ ck_object_handle_t *phpubkey, /*out*/ ck_object_handle_t *phprivkey); extern ck_rv_t ML_CK_C_CreateObject(/*in*/ ck_session_handle_t session, /*in*/ struct ck_attribute *templ, /*in*/ unsigned long count, /*out*/ ck_object_handle_t *phobject); extern ck_rv_t ML_CK_C_CopyObject(/*in*/ ck_session_handle_t session, /*in*/ ck_object_handle_t hobject, /*in*/ struct ck_attribute *templ, /*in*/ unsigned long count, /*out*/ ck_object_handle_t *phnewobject); extern ck_rv_t ML_CK_C_DestroyObject(/*in*/ ck_session_handle_t session, /*in*/ ck_object_handle_t hobject); extern ck_rv_t ML_CK_C_GetAttributeValue(/*in*/ ck_session_handle_t session, /*in*/ ck_object_handle_t hobject, /*in,out*/ struct ck_attribute *templ, /*in*/ unsigned long count); extern ck_rv_t ML_CK_C_SetAttributeValue(/*in*/ ck_session_handle_t session, /*in*/ ck_object_handle_t hobject, /*in*/ struct ck_attribute *templ, /*in*/ unsigned long count); extern ck_rv_t ML_CK_C_GetObjectSize(/*in*/ ck_session_handle_t session, /*in*/ ck_object_handle_t hobject, /*out*/ unsigned long *object_size); extern ck_rv_t ML_CK_C_WrapKey(/*in*/ ck_session_handle_t session, /*in*/ struct ck_mechanism mechanism, /*in*/ ck_object_handle_t hwrappingkey, /*in*/ ck_object_handle_t hkey, /*out*/ unsigned char *wrapped_key, /*in*/ unsigned long *wrapped_key_len); extern ck_rv_t ML_CK_C_UnwrapKey(/*in*/ ck_session_handle_t session, /*in*/ struct ck_mechanism mechanism, /*in*/ ck_object_handle_t hunwrappingkey, /*in*/ unsigned char *wrapped_key, /*in*/ unsigned long wrapped_key_len, /*in*/ struct ck_attribute *templ, /*in*/ unsigned long count, /*out*/ ck_object_handle_t *phobject); extern ck_rv_t ML_CK_C_DeriveKey(/*in*/ ck_session_handle_t session, /*in*/ struct ck_mechanism mechanism, /*in*/ ck_object_handle_t hbasekey, /*in*/ struct ck_attribute *templ, /*in*/ unsigned long count, /*out*/ ck_object_handle_t *phkey); extern ck_rv_t ML_CK_C_DigestInit(/*in*/ ck_session_handle_t session, /*in*/ struct ck_mechanism mechanism); extern ck_rv_t ML_CK_C_Digest(/*in*/ ck_session_handle_t session, /*in*/ unsigned char *data, /*in*/ unsigned long data_len, /*out*/ unsigned char *digest, /*in*/ unsigned long *digest_len); extern ck_rv_t ML_CK_C_DigestUpdate(/*in*/ ck_session_handle_t session, /*in*/ unsigned char *data, /*in*/ unsigned long data_len); extern ck_rv_t ML_CK_C_DigestKey(/*in*/ ck_session_handle_t session, /*in*/ ck_object_handle_t hkey); extern ck_rv_t ML_CK_C_DigestFinal(/*in*/ ck_session_handle_t session, /*out*/ unsigned char *digest, /*in*/ unsigned long *digest_len); extern ck_rv_t ML_CK_C_SignInit(/*in*/ ck_session_handle_t session, /*in*/ struct ck_mechanism mechanism, /*in*/ ck_object_handle_t hkey); extern ck_rv_t ML_CK_C_SignRecoverInit(/*in*/ ck_session_handle_t session, /*in*/ struct ck_mechanism mechanism, /*in*/ ck_object_handle_t hkey); extern ck_rv_t ML_CK_C_Sign(/*in*/ ck_session_handle_t session, /*in*/ unsigned char *data, /*in*/ unsigned long data_len, /*out*/ unsigned char *signature, /*in*/ unsigned long *signed_len); extern ck_rv_t ML_CK_C_SignRecover(/*in*/ ck_session_handle_t session, /*in*/ unsigned char *data, /*in*/ unsigned long data_len, /*out*/ unsigned char *signature, /*in*/ unsigned long *signed_len); extern ck_rv_t ML_CK_C_SignUpdate(/*in*/ ck_session_handle_t session, /*in*/ unsigned char *data, /*in*/ unsigned long data_len); extern ck_rv_t ML_CK_C_SignFinal(/*in*/ ck_session_handle_t session, /*out*/ unsigned char *signature, /*in*/ unsigned long *signed_len); extern ck_rv_t ML_CK_C_VerifyInit(/*in*/ ck_session_handle_t session, /*in*/ struct ck_mechanism mechanism, /*in*/ ck_object_handle_t hkey); extern ck_rv_t ML_CK_C_VerifyRecoverInit(/*in*/ ck_session_handle_t session, /*in*/ struct ck_mechanism mechanism, /*in*/ ck_object_handle_t hkey); extern ck_rv_t ML_CK_C_Verify(/*in*/ ck_session_handle_t session, /*in*/ unsigned char *data, /*in*/ unsigned long data_len, /*in*/ unsigned char *signature, /*in*/ unsigned long signed_len); extern ck_rv_t ML_CK_C_VerifyRecover(ck_session_handle_t session, unsigned char *signature, unsigned long signature_len, unsigned char **data, unsigned long *data_len); extern ck_rv_t ML_CK_C_VerifyUpdate(/*in*/ ck_session_handle_t session, /*in*/ unsigned char *data, /*in*/ unsigned long data_len); extern ck_rv_t ML_CK_C_VerifyFinal(/*in*/ ck_session_handle_t session, /*in*/ unsigned char *signature, /*in*/ unsigned long signed_len); extern ck_rv_t ML_CK_C_EncryptInit(/*in*/ ck_session_handle_t session, /*in*/ struct ck_mechanism mechanism, /*in*/ ck_object_handle_t hkey); extern ck_rv_t ML_CK_C_Encrypt(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char **encrypted, unsigned long *encrypted_len); extern ck_rv_t ML_CK_C_EncryptUpdate(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char **encrypted, unsigned long *encrypted_len); extern ck_rv_t ML_CK_C_EncryptFinal(ck_session_handle_t session, unsigned char **encrypted, unsigned long *encrypted_len); extern ck_rv_t ML_CK_C_DigestEncryptUpdate(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char **encrypted, unsigned long *encrypted_len); extern ck_rv_t ML_CK_C_SignEncryptUpdate(ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char **encrypted, unsigned long *encrypted_len); extern ck_rv_t ML_CK_C_DecryptInit(/*in*/ ck_session_handle_t session, /*in*/ struct ck_mechanism mechanism, /*in*/ ck_object_handle_t hkey); extern ck_rv_t ML_CK_C_Decrypt(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char **decrypted, unsigned long *decrypted_len); extern ck_rv_t ML_CK_C_DecryptUpdate(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char **data, unsigned long *data_len); extern ck_rv_t ML_CK_C_DecryptFinal(ck_session_handle_t session, unsigned char **decrypted, unsigned long *decrypted_len); extern ck_rv_t ML_CK_C_DecryptDigestUpdate(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char **data, unsigned long *data_len); extern ck_rv_t ML_CK_C_DecryptVerifyUpdate(ck_session_handle_t session, unsigned char *encrypted, unsigned long encrypted_len, unsigned char **data, unsigned long *data_len); extern ck_rv_t ML_CK_C_GetOperationState(ck_session_handle_t session, unsigned char **data, unsigned long *data_len); extern ck_rv_t ML_CK_C_SetOperationState(/*in*/ ck_session_handle_t session, /*in*/ unsigned char *data, /*in*/ unsigned long data_len, /*in*/ ck_object_handle_t hencryptionkey, /*in*/ ck_object_handle_t hauthenticationkey); extern ck_rv_t ML_CK_C_GetFunctionStatus(/*in*/ ck_session_handle_t session); extern ck_rv_t ML_CK_C_CancelFunction(/*in*/ ck_session_handle_t session); extern void int_to_ulong_char_array(/*in*/ unsigned long input, /*out*/ unsigned char *data); extern void char_array_to_ulong(/*in*/unsigned char *data, /*in*/size_t data_size, /*out*/unsigned long *output); extern void hton_char_array(/*in*/unsigned char *in, unsigned long in_len, /*out*/unsigned char *out, /*in*/unsigned long *out_len); extern void ntoh_char_array(/*in*/unsigned char *in, unsigned long in_len, /*out*/unsigned char *out, /*in*/unsigned long *out_len); /* Avoid declaring caml stuff when sharing this header with C rpc client code */ #if !defined(CRPC) void camlidl_ml2c_pkcs11_ck_flags_t(value _v1, ck_flags_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_flags_t(ck_flags_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_struct_ck_version(value _v1, struct ck_version *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_struct_ck_version(struct ck_version *_c1, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_struct_ck_info(value _v1, struct ck_info *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_struct_ck_info(struct ck_info *_c1, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_notification_t(value _v1, ck_notification_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_notification_t(ck_notification_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_slot_id_t(value _v1, ck_slot_id_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_slot_id_t(ck_slot_id_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_struct_ck_slot_info(value _v1, struct ck_slot_info *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_struct_ck_slot_info(struct ck_slot_info *_c1, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_struct_ck_token_info(value _v1, struct ck_token_info *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_struct_ck_token_info(struct ck_token_info *_c1, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_session_handle_t(value _v1, ck_session_handle_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_session_handle_t(ck_session_handle_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_user_type_t(value _v1, ck_user_type_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_user_type_t(ck_user_type_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_state_t(value _v1, ck_state_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_state_t(ck_state_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_struct_ck_session_info(value _v1, struct ck_session_info *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_struct_ck_session_info(struct ck_session_info *_c1, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_object_handle_t(value _v1, ck_object_handle_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_object_handle_t(ck_object_handle_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_object_class_t(value _v1, ck_object_class_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_object_class_t(ck_object_class_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_hw_feature_type_t(value _v1, ck_hw_feature_type_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_hw_feature_type_t(ck_hw_feature_type_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_key_type_t(value _v1, ck_key_type_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_key_type_t(ck_key_type_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_certificate_type_t(value _v1, ck_certificate_type_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_certificate_type_t(ck_certificate_type_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_attribute_type_t(value _v1, ck_attribute_type_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_attribute_type_t(ck_attribute_type_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_struct_ck_attribute(value _v1, struct ck_attribute *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_struct_ck_attribute(struct ck_attribute *_c1, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_struct_ck_date(value _v1, struct ck_date *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_struct_ck_date(struct ck_date *_c1, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_mechanism_type_t(value _v1, ck_mechanism_type_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_mechanism_type_t(ck_mechanism_type_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_struct_ck_mechanism(value _v1, struct ck_mechanism *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_struct_ck_mechanism(struct ck_mechanism *_c1, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_struct_ck_mechanism_info(value _v1, struct ck_mechanism_info *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_struct_ck_mechanism_info(struct ck_mechanism_info *_c1, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_BYTE(value _v1, CK_BYTE *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_BYTE(CK_BYTE *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_CHAR(value _v1, CK_CHAR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_CHAR(CK_CHAR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_UTF8CHAR(value _v1, CK_UTF8CHAR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_UTF8CHAR(CK_UTF8CHAR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_BBOOL(value _v1, CK_BBOOL *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_BBOOL(CK_BBOOL *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_ULONG(value _v1, CK_ULONG *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_ULONG(CK_ULONG *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_LONG(value _v1, CK_LONG *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_LONG(CK_LONG *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_BYTE_PTR(value _v1, CK_BYTE_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_BYTE_PTR(CK_BYTE_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_CHAR_PTR(value _v1, CK_CHAR_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_CHAR_PTR(CK_CHAR_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_UTF8CHAR_PTR(value _v1, CK_UTF8CHAR_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_UTF8CHAR_PTR(CK_UTF8CHAR_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_ULONG_PTR(value _v1, CK_ULONG_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_ULONG_PTR(CK_ULONG_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_VERSION(value _v1, CK_VERSION *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_VERSION(CK_VERSION *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_VERSION_PTR(value _v1, CK_VERSION_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_VERSION_PTR(CK_VERSION_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_INFO(value _v1, CK_INFO *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_INFO(CK_INFO *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_INFO_PTR(value _v1, CK_INFO_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_INFO_PTR(CK_INFO_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_SLOT_ID_PTR(value _v1, CK_SLOT_ID_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_SLOT_ID_PTR(CK_SLOT_ID_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_SLOT_INFO(value _v1, CK_SLOT_INFO *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_SLOT_INFO(CK_SLOT_INFO *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_SLOT_INFO_PTR(value _v1, CK_SLOT_INFO_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_SLOT_INFO_PTR(CK_SLOT_INFO_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_TOKEN_INFO(value _v1, CK_TOKEN_INFO *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_TOKEN_INFO(CK_TOKEN_INFO *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_TOKEN_INFO_PTR(value _v1, CK_TOKEN_INFO_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_TOKEN_INFO_PTR(CK_TOKEN_INFO_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_SESSION_HANDLE_PTR(value _v1, CK_SESSION_HANDLE_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_SESSION_HANDLE_PTR(CK_SESSION_HANDLE_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_SESSION_INFO(value _v1, CK_SESSION_INFO *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_SESSION_INFO(CK_SESSION_INFO *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_SESSION_INFO_PTR(value _v1, CK_SESSION_INFO_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_SESSION_INFO_PTR(CK_SESSION_INFO_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_OBJECT_HANDLE_PTR(value _v1, CK_OBJECT_HANDLE_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_OBJECT_HANDLE_PTR(CK_OBJECT_HANDLE_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_OBJECT_CLASS_PTR(value _v1, CK_OBJECT_CLASS_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_OBJECT_CLASS_PTR(CK_OBJECT_CLASS_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_ATTRIBUTE(value _v1, CK_ATTRIBUTE *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_ATTRIBUTE(CK_ATTRIBUTE *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_ATTRIBUTE_PTR(value _v1, CK_ATTRIBUTE_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_ATTRIBUTE_PTR(CK_ATTRIBUTE_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_DATE(value _v1, CK_DATE *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_DATE(CK_DATE *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_DATE_PTR(value _v1, CK_DATE_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_DATE_PTR(CK_DATE_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_MECHANISM_TYPE_PTR(value _v1, CK_MECHANISM_TYPE_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_MECHANISM_TYPE_PTR(CK_MECHANISM_TYPE_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_MECHANISM(value _v1, CK_MECHANISM *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_MECHANISM(CK_MECHANISM *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_MECHANISM_PTR(value _v1, CK_MECHANISM_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_MECHANISM_PTR(CK_MECHANISM_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_MECHANISM_INFO(value _v1, CK_MECHANISM_INFO *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_MECHANISM_INFO(CK_MECHANISM_INFO *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_MECHANISM_INFO_PTR(value _v1, CK_MECHANISM_INFO_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_MECHANISM_INFO_PTR(CK_MECHANISM_INFO_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_C_INITIALIZE_ARGS(value _v1, CK_C_INITIALIZE_ARGS *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_C_INITIALIZE_ARGS(CK_C_INITIALIZE_ARGS *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_CK_C_INITIALIZE_ARGS_PTR(value _v1, CK_C_INITIALIZE_ARGS_PTR *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_CK_C_INITIALIZE_ARGS_PTR(CK_C_INITIALIZE_ARGS_PTR *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_rv_t(value _v1, ck_rv_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_rv_t(ck_rv_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_createmutex_t(value _v1, ck_createmutex_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_createmutex_t(ck_createmutex_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_destroymutex_t(value _v1, ck_destroymutex_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_destroymutex_t(ck_destroymutex_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_lockmutex_t(value _v1, ck_lockmutex_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_lockmutex_t(ck_lockmutex_t *_c2, camlidl_ctx _ctx); void camlidl_ml2c_pkcs11_ck_unlockmutex_t(value _v1, ck_unlockmutex_t *_c2, camlidl_ctx _ctx); value camlidl_c2ml_pkcs11_ck_unlockmutex_t(ck_unlockmutex_t *_c2, camlidl_ctx _ctx); value camlidl_pkcs11_ML_CK_C_Daemonize(value _v_param); value camlidl_pkcs11_ML_CK_C_SetupArch(value _v_client_arch); value camlidl_pkcs11_ML_CK_C_LoadModule(value _v_libname); value camlidl_pkcs11_ML_CK_C_Initialize(value _unit); value camlidl_pkcs11_ML_CK_C_Finalize(value _unit); value camlidl_pkcs11_ML_CK_C_GetSlotList(value _v_token_present, value _v_count); value camlidl_pkcs11_ML_CK_C_GetInfo(value _unit); value camlidl_pkcs11_ML_CK_C_WaitForSlotEvent(value _v_flags); value camlidl_pkcs11_ML_CK_C_GetSlotInfo(value _v_slot_id); value camlidl_pkcs11_ML_CK_C_GetTokenInfo(value _v_slot_id); value camlidl_pkcs11_ML_CK_C_InitToken(value _v_slot_id, value _v_pin, value _v_label); value camlidl_pkcs11_ML_CK_C_OpenSession(value _v_slot_id, value _v_flags); value camlidl_pkcs11_ML_CK_C_CloseSession(value _v_session); value camlidl_pkcs11_ML_CK_C_CloseAllSessions(value _v_slot_id); value camlidl_pkcs11_ML_CK_C_GetSessionInfo(value _v_session); value camlidl_pkcs11_ML_CK_C_Login(value _v_session, value _v_user_type, value _v_pin); value camlidl_pkcs11_ML_CK_C_Logout(value _v_session); value camlidl_pkcs11_ML_CK_C_GetMechanismList(value _v_slot_id, value _v_count); value camlidl_pkcs11_ML_CK_C_GetMechanismInfo(value _v_slot_id, value _v_mechanism); value camlidl_pkcs11_ML_CK_C_InitPIN(value _v_session, value _v_pin); value camlidl_pkcs11_ML_CK_C_SetPIN(value _v_session, value _v_old_pin, value _v_new_pin); value camlidl_pkcs11_ML_CK_C_SeedRandom(value _v_session, value _v_seed); value camlidl_pkcs11_ML_CK_C_GenerateRandom(value _v_session, value _v_rand_len); value camlidl_pkcs11_ML_CK_C_FindObjectsInit(value _v_session, value _v_templ); value camlidl_pkcs11_ML_CK_C_FindObjects(value _v_session, value _v_max_object_count); value camlidl_pkcs11_ML_CK_C_FindObjectsFinal(value _v_session); value camlidl_pkcs11_ML_CK_C_GenerateKey(value _v_session, value _v_mechanism, value _v_templ); value camlidl_pkcs11_ML_CK_C_GenerateKeyPair(value _v_session, value _v_mechanism, value _v_pub_templ, value _v_priv_templ); value camlidl_pkcs11_ML_CK_C_CreateObject(value _v_session, value _v_templ); value camlidl_pkcs11_ML_CK_C_CopyObject(value _v_session, value _v_hobject, value _v_templ); value camlidl_pkcs11_ML_CK_C_DestroyObject(value _v_session, value _v_hobject); value camlidl_pkcs11_ML_CK_C_GetAttributeValue(value _v_session, value _v_hobject, value _v_templ); value camlidl_pkcs11_ML_CK_C_SetAttributeValue(value _v_session, value _v_hobject, value _v_templ); value camlidl_pkcs11_ML_CK_C_GetObjectSize(value _v_session, value _v_hobject); value camlidl_pkcs11_ML_CK_C_WrapKey(value _v_session, value _v_mechanism, value _v_hwrappingkey, value _v_hkey); value camlidl_pkcs11_ML_CK_C_UnwrapKey(value _v_session, value _v_mechanism, value _v_hunwrappingkey, value _v_wrapped_key, value _v_templ); value camlidl_pkcs11_ML_CK_C_DeriveKey(value _v_session, value _v_mechanism, value _v_hbasekey, value _v_templ); value camlidl_pkcs11_ML_CK_C_DigestInit(value _v_session, value _v_mechanism); value camlidl_pkcs11_ML_CK_C_Digest(value _v_session, value _v_data); value camlidl_pkcs11_ML_CK_C_DigestUpdate(value _v_session, value _v_data); value camlidl_pkcs11_ML_CK_C_DigestKey(value _v_session, value _v_hkey); value camlidl_pkcs11_ML_CK_C_DigestFinal(value _v_session); value camlidl_pkcs11_ML_CK_C_SignInit(value _v_session, value _v_mechanism, value _v_hkey); value camlidl_pkcs11_ML_CK_C_SignRecoverInit(value _v_session, value _v_mechanism, value _v_hkey); value camlidl_pkcs11_ML_CK_C_Sign(value _v_session, value _v_data); value camlidl_pkcs11_ML_CK_C_SignRecover(value _v_session, value _v_data); value camlidl_pkcs11_ML_CK_C_SignUpdate(value _v_session, value _v_data); value camlidl_pkcs11_ML_CK_C_SignFinal(value _v_session); value camlidl_pkcs11_ML_CK_C_VerifyInit(value _v_session, value _v_mechanism, value _v_hkey); value camlidl_pkcs11_ML_CK_C_VerifyRecoverInit(value _v_session, value _v_mechanism, value _v_hkey); value camlidl_pkcs11_ML_CK_C_Verify(value _v_session, value _v_data, value _v_signature); value camlidl_pkcs11_ML_CK_C_VerifyRecover(value _v_session, value _v_signature); value camlidl_pkcs11_ML_CK_C_VerifyUpdate(value _v_session, value _v_data); value camlidl_pkcs11_ML_CK_C_VerifyFinal(value _v_session, value _v_signature); value camlidl_pkcs11_ML_CK_C_EncryptInit(value _v_session, value _v_mechanism, value _v_hkey); value camlidl_pkcs11_ML_CK_C_Encrypt(value _v_session, value _v_data); value camlidl_pkcs11_ML_CK_C_EncryptUpdate(value _v_session, value _v_data); value camlidl_pkcs11_ML_CK_C_EncryptFinal(value _v_session); value camlidl_pkcs11_ML_CK_C_DigestEncryptUpdate(value _v_session, value _v_data); value camlidl_pkcs11_ML_CK_C_SignEncryptUpdate(value _v_session, value _v_data); value camlidl_pkcs11_ML_CK_C_DecryptInit(value _v_session, value _v_mechanism, value _v_hkey); value camlidl_pkcs11_ML_CK_C_Decrypt(value _v_session, value _v_encrypted); value camlidl_pkcs11_ML_CK_C_DecryptUpdate(value _v_session, value _v_encrypted); value camlidl_pkcs11_ML_CK_C_DecryptFinal(value _v_session); value camlidl_pkcs11_ML_CK_C_DecryptDigestUpdate(value _v_session, value _v_encrypted); value camlidl_pkcs11_ML_CK_C_DecryptVerifyUpdate(value _v_session, value _v_encrypted); value camlidl_pkcs11_ML_CK_C_GetOperationState(value _v_session); value camlidl_pkcs11_ML_CK_C_SetOperationState(value _v_session, value _v_data, value _v_hencryptionkey, value _v_hauthenticationkey); value camlidl_pkcs11_ML_CK_C_GetFunctionStatus(value _v_session); value camlidl_pkcs11_ML_CK_C_CancelFunction(value _v_session); value camlidl_pkcs11_int_to_ulong_char_array(value _v_input); value camlidl_pkcs11_char_array_to_ulong(value _v_data); value camlidl_pkcs11_hton_char_array(value _v_data); value camlidl_pkcs11_ntoh_char_array(value _v_data); #ifdef SERVER_ROLE int decode_ck_attribute_arch(value , struct ck_attribute *, camlidl_ctx); int encode_ck_attribute_arch(struct ck_attribute *, struct ck_attribute *); #endif #endif /* !CRPC */ #ifdef _WIN32 #pragma pack(pop) #endif #endif /* !_CAMLIDL_PKCS11_H */ caml-crush-1.0.12/src/bindings-pkcs11/pkcs11.idl000066400000000000000000006631161414774042300211340ustar00rootroot00000000000000/*------------------------ MIT License HEADER ------------------------------------ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the bindings 1] source tree: ---------------------- | 1] PKCS#11 OCaml | | bindings | ---------------------- | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Project: PKCS#11 Filtering Proxy File: src/bindings-pkcs11/pkcs11.idl -------------------------- MIT License HEADER ----------------------------------*/ #define CRYPTOKI_VERSION_MAJOR 2 #define CRYPTOKI_VERSION_MINOR 20 #define CRYPTOKI_VERSION_AMENDMENT 3 quote(H, "#include "); quote(H, "#include "); quote(H, "#include "); quote(H, ""); typedef[nativeint] unsigned long ck_flags_t; struct ck_version { unsigned char major; unsigned char minor; }; quote(H, "#define GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)\n"); quote(H, ""); quote(H, "#ifdef __FreeBSD__"); quote(H, "/* Needed on FreeBSD for endianess conversion functions */"); quote(H, "#include "); quote(H, "#endif"); quote(H, ""); quote(H, "#ifdef __APPLE__"); quote(H, "/* Needed on Mac OS X for endianess conversion functions */"); quote(H, "#include "); quote(H, ""); quote(H, "#define htobe16(x) OSSwapHostToBigInt16(x)"); quote(H, "#define htole16(x) OSSwapHostToLittleInt16(x)"); quote(H, "#define be16toh(x) OSSwapBigToHostInt16(x)"); quote(H, "#define le16toh(x) OSSwapLittleToHostInt16(x)"); quote(H, ""); quote(H, "#define htobe32(x) OSSwapHostToBigInt32(x)"); quote(H, "#define htole32(x) OSSwapHostToLittleInt32(x)"); quote(H, "#define be32toh(x) OSSwapBigToHostInt32(x)"); quote(H, "#define le32toh(x) OSSwapLittleToHostInt32(x)"); quote(H, ""); quote(H, "#define htobe64(x) OSSwapHostToBigInt64(x)"); quote(H, "#define htole64(x) OSSwapHostToLittleInt64(x)"); quote(H, "#define be64toh(x) OSSwapBigToHostInt64(x)"); quote(H, "#define le64toh(x) OSSwapLittleToHostInt64(x)"); quote(H, "#endif"); quote(H, ""); quote(H, "#ifdef CUSTOM_ALLOC"); quote(H, "void* custom_malloc(size_t size);"); quote(H, "void custom_free(void** to_free);"); quote(H, ""); quote(H, "/* Custom malloc to fail on malloc error */"); quote(H, "void* custom_malloc(size_t size){"); quote(H, " void* returned_pointer = (void*)malloc(size);"); quote(H, " if(returned_pointer == NULL){"); quote(H, "#ifdef DEBUG"); quote(H, " printf (\"malloc error: NULL pointer returned! We exit\\n\");"); quote(H, "#endif"); quote(H, " exit(-1);"); quote(H, " }"); quote(H, " return returned_pointer;"); quote(H, "}"); quote(H, "/* Custom free to force NULL on variables */"); quote(H, "void custom_free(void** to_free){"); quote(H, " if(*to_free == NULL){"); quote(H, "#ifdef DEBUG"); quote(H, " printf (\"warning: trying to free a NULL pointer! Ignoring ...\\n\");"); quote(H, "#endif"); quote(H, " return;"); quote(H, " }"); quote(H, " free(*to_free);"); quote(H, " *to_free = NULL;"); quote(H, " return;"); quote(H, "}"); quote(H, "#else"); quote(H, "extern void* custom_malloc(size_t size);"); quote(H, "extern void custom_free(void** to_free);"); quote(H, "#endif"); quote(H, "/* To handle nativeint versus int64 for native bindings versus RPC ocaml client */"); quote(H, "#ifdef CAMLRPC"); quote(H, "#define custom_copy_int(input) copy_int64((input))"); quote(H, "#define custom_int_val(input) Int64_val((input))"); quote(H, "#else"); quote(H, "#define custom_copy_int(input) copy_nativeint((input))"); quote(H, "#define custom_int_val(input) Nativeint_val((input))"); quote(H, "#endif"); quote(H, "#define LITTLE_ENDIAN_64 1"); quote(H, "#define LITTLE_ENDIAN_32 2"); quote(H, "#define BIG_ENDIAN_64 3"); quote(H, "#define BIG_ENDIAN_32 4"); quote(H, "#define UNSUPPORTED_ARCHITECTURE 5"); quote(H, "#define NOT_INITIALIZED 6"); quote(mli, "val lITTLE_ENDIAN_64 : nativeint"); quote(mli, "val lITTLE_ENDIAN_32 : nativeint"); quote(mli, "val bIG_ENDIAN_64 : nativeint"); quote(mli, "val bIG_ENDIAN_32 : nativeint"); quote(mli, "val uNSUPPORTED_ARCHITECTURE : nativeint"); quote(mli, "val nOT_INITIALIZED : nativeint"); quote(ml, "let lITTLE_ENDIAN_64 = 1n"); quote(ml, "let lITTLE_ENDIAN_32 = 2n"); quote(ml, "let bIG_ENDIAN_64 = 3n"); quote(ml, "let bIG_ENDIAN_32 = 4n"); quote(ml, "let uNSUPPORTED_ARCHITECTURE = 5n"); quote(ml, "let nOT_INITIALIZED = 6n"); quote(mli, "val match_arch_value : nativeint -> string\n"); quote(ml, "let match_arch_value a = match a with"); quote(ml, " 1n -> \"LITTLE_ENDIAN_64\""); quote(ml, " | 2n -> \"LITTLE_ENDIAN_32\""); quote(ml, " | 3n -> \"BIG_ENDIAN_64\""); quote(ml, " | 4n -> \"BIG_ENDIAN_32\""); quote(ml, " | 5n -> \"UNSUPPORTED_ARCHITECTURE\""); quote(ml, " | 6n -> \"NOT_INITIALIZED\""); quote(ml, " | _ -> \"UNKNOWN_ERROR\""); quote(H, ""); quote(H, "#ifdef SERVER_ROLE"); quote(H, "/* variable used to avoid multiple calls to C_LoadModule */"); quote(H, "unsigned long module_loaded = NOT_INITIALIZED;"); quote(H, "/* variable used to detect architecture */"); quote(H, "unsigned long peer_arch = NOT_INITIALIZED;"); quote(H, "#else"); quote(H, "unsigned long peer_arch;"); quote(H, "#endif"); quote(H, "unsigned long my_arch;"); quote(H, ""); struct ck_info { struct ck_version cryptoki_version; unsigned char manufacturer_id[32]; ck_flags_t flags; unsigned char library_description[32]; struct ck_version library_version; }; typedef[nativeint] unsigned long ck_notification_t; #define CKN_SURRENDER (0UL) /* The following notification is new for PKCS #11 v2.20 amendment 3 */ #define CKN_OTP_CHANGED (1UL) typedef[nativeint] unsigned long ck_slot_id_t; struct ck_slot_info { unsigned char slot_description[64]; unsigned char manufacturer_id[32]; ck_flags_t flags; struct ck_version hardware_version; struct ck_version firmware_version; }; #define CKF_TOKEN_PRESENT (1UL << 0) #define CKF_REMOVABLE_DEVICE (1UL << 1) #define CKF_HW_SLOT (1UL << 2) #define CKF_ARRAY_ATTRIBUTE (1UL << 30) struct ck_token_info { unsigned char label[32]; unsigned char manufacturer_id[32]; unsigned char model[16]; unsigned char serial_number[16]; ck_flags_t flags; [nativeint] unsigned long max_session_count; [nativeint] unsigned long session_count; [nativeint] unsigned long max_rw_session_count; [nativeint] unsigned long rw_session_count; [nativeint] unsigned long max_pin_len; [nativeint] unsigned long min_pin_len; [nativeint] unsigned long total_public_memory; [nativeint] unsigned long free_public_memory; [nativeint] unsigned long total_private_memory; [nativeint] unsigned long free_private_memory; struct ck_version hardware_version; struct ck_version firmware_version; unsigned char utc_time[16]; }; #define CKF_RNG (1UL << 0) #define CKF_WRITE_PROTECTED (1UL << 1) #define CKF_LOGIN_REQUIRED (1UL << 2) #define CKF_USER_PIN_INITIALIZED (1UL << 3) #define CKF_RESTORE_KEY_NOT_NEEDED (1UL << 5) #define CKF_CLOCK_ON_TOKEN (1UL << 6) #define CKF_PROTECTED_AUTHENTICATION_PATH (1UL << 8) #define CKF_DUAL_CRYPTO_OPERATIONS (1UL << 9) #define CKF_TOKEN_INITIALIZED (1UL << 10) #define CKF_SECONDARY_AUTHENTICATION (1UL << 11) #define CKF_USER_PIN_COUNT_LOW (1UL << 16) #define CKF_USER_PIN_FINAL_TRY (1UL << 17) #define CKF_USER_PIN_LOCKED (1UL << 18) #define CKF_USER_PIN_TO_BE_CHANGED (1UL << 19) #define CKF_SO_PIN_COUNT_LOW (1UL << 20) #define CKF_SO_PIN_FINAL_TRY (1UL << 21) #define CKF_SO_PIN_LOCKED (1UL << 22) #define CKF_SO_PIN_TO_BE_CHANGED (1UL << 23) #define CK_UNAVAILABLE_INFORMATION ((unsigned long)-1L) #define CK_EFFECTIVELY_INFINITE (0UL) typedef[nativeint] unsigned long ck_session_handle_t; #define CK_INVALID_HANDLE (0UL) typedef[nativeint] unsigned long ck_user_type_t; #define CKU_SO (0UL) #define CKU_USER (1UL) #define CKU_CONTEXT_SPECIFIC (2UL) typedef[nativeint] unsigned long ck_state_t; #define CKS_RO_PUBLIC_SESSION (0UL) #define CKS_RO_USER_FUNCTIONS (1UL) #define CKS_RW_PUBLIC_SESSION (2UL) #define CKS_RW_USER_FUNCTIONS (3UL) #define CKS_RW_SO_FUNCTIONS (4UL) struct ck_session_info { ck_slot_id_t slot_id; ck_state_t state; ck_flags_t flags; [nativeint] unsigned long device_error; }; #define CKF_RW_SESSION (1UL << 1) #define CKF_SERIAL_SESSION (1UL << 2) typedef[nativeint] unsigned long ck_object_handle_t; typedef[nativeint] unsigned long ck_object_class_t; #define CKO_DATA (0UL) #define CKO_CERTIFICATE (1UL) #define CKO_PUBLIC_KEY (2UL) #define CKO_PRIVATE_KEY (3UL) #define CKO_SECRET_KEY (4UL) #define CKO_HW_FEATURE (5UL) #define CKO_DOMAIN_PARAMETERS (6UL) #define CKO_MECHANISM (7UL) /* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */ #define CKO_OTP_KEY (8UL) #define CKO_VENDOR_DEFINED ((unsigned long) (1UL << 31)) typedef[nativeint] unsigned long ck_hw_feature_type_t; #define CKH_MONOTONIC_COUNTER (1UL) #define CKH_CLOCK (2UL) #define CKH_USER_INTERFACE (3UL) #define CKH_VENDOR_DEFINED ((unsigned long) (1UL << 31)) typedef[nativeint] unsigned long ck_key_type_t; #define CKK_RSA (0UL) #define CKK_DSA (1UL) #define CKK_DH (2UL) #define CKK_ECDSA (3UL) #define CKK_EC (3UL) #define CKK_X9_42_DH (4UL) #define CKK_KEA (5UL) #define CKK_GENERIC_SECRET (0x10UL) #define CKK_RC2 (0x11UL) #define CKK_RC4 (0x12UL) #define CKK_DES (0x13UL) #define CKK_DES2 (0x14UL) #define CKK_DES3 (0x15UL) #define CKK_CAST (0x16UL) #define CKK_CAST3 (0x17UL) #define CKK_CAST128 (0x18UL) #define CKK_RC5 (0x19UL) #define CKK_IDEA (0x1aUL) #define CKK_SKIPJACK (0x1bUL) #define CKK_BATON (0x1cUL) #define CKK_JUNIPER (0x1dUL) #define CKK_CDMF (0x1eUL) #define CKK_AES (0x1fUL) #define CKK_BLOWFISH (0x20UL) #define CKK_TWOFISH (0x21UL) /* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */ #define CKK_SECURID (0x22UL) #define CKK_HOTP (0x23UL) #define CKK_ACTI (0x24UL) /* Camellia is new for PKCS #11 v2.20 amendment 3 */ #define CKK_CAMELLIA (0x25UL) /* ARIA is new for PKCS #11 v2.20 amendment 3 */ #define CKK_ARIA (0x26UL) #define CKK_VENDOR_DEFINED ((unsigned long) (1UL << 31)) typedef[nativeint] unsigned long ck_certificate_type_t; #define CKC_X_509 (0UL) #define CKC_X_509_ATTR_CERT (1UL) #define CKC_WTLS (2UL) #define CKC_VENDOR_DEFINED ((unsigned long) (1UL << 31)) typedef[nativeint] unsigned long ck_attribute_type_t; /* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 and relates to the CKA_OTP_FORMAT attribute */ #define CK_OTP_FORMAT_DECIMAL (0UL) #define CK_OTP_FORMAT_HEXADECIMAL (1UL) #define CK_OTP_FORMAT_ALPHANUMERIC (2UL) #define CK_OTP_FORMAT_BINARY (3UL) /* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 and relates to the CKA_OTP_..._REQUIREMENT attributes */ #define CK_OTP_PARAM_IGNORED (0UL) #define CK_OTP_PARAM_OPTIONAL (1UL) #define CK_OTP_PARAM_MANDATORY (2UL) #define CKA_CLASS (0UL) #define CKA_TOKEN (1UL) #define CKA_PRIVATE (2UL) #define CKA_LABEL (3UL) #define CKA_APPLICATION (0x10UL) #define CKA_VALUE (0x11UL) #define CKA_OBJECT_ID (0x12UL) #define CKA_CERTIFICATE_TYPE (0x80UL) #define CKA_ISSUER (0x81UL) #define CKA_SERIAL_NUMBER (0x82UL) #define CKA_AC_ISSUER (0x83UL) #define CKA_OWNER (0x84UL) #define CKA_ATTR_TYPES (0x85UL) #define CKA_TRUSTED (0x86UL) #define CKA_CERTIFICATE_CATEGORY (0x87UL) #define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88UL) #define CKA_URL (0x89UL) #define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8aUL) #define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8bUL) #define CKA_CHECK_VALUE (0x90UL) #define CKA_KEY_TYPE (0x100UL) #define CKA_SUBJECT (0x101UL) #define CKA_ID (0x102UL) #define CKA_SENSITIVE (0x103UL) #define CKA_ENCRYPT (0x104UL) #define CKA_DECRYPT (0x105UL) #define CKA_WRAP (0x106UL) #define CKA_UNWRAP (0x107UL) #define CKA_SIGN (0x108UL) #define CKA_SIGN_RECOVER (0x109UL) #define CKA_VERIFY (0x10aUL) #define CKA_VERIFY_RECOVER (0x10bUL) #define CKA_DERIVE (0x10cUL) #define CKA_START_DATE (0x110UL) #define CKA_END_DATE (0x111UL) #define CKA_MODULUS (0x120UL) #define CKA_MODULUS_BITS (0x121UL) #define CKA_PUBLIC_EXPONENT (0x122UL) #define CKA_PRIVATE_EXPONENT (0x123UL) #define CKA_PRIME_1 (0x124UL) #define CKA_PRIME_2 (0x125UL) #define CKA_EXPONENT_1 (0x126UL) #define CKA_EXPONENT_2 (0x127UL) #define CKA_COEFFICIENT (0x128UL) #define CKA_PRIME (0x130UL) #define CKA_SUBPRIME (0x131UL) #define CKA_BASE (0x132UL) #define CKA_PRIME_BITS (0x133UL) #define CKA_SUB_PRIME_BITS (0x134UL) #define CKA_VALUE_BITS (0x160UL) #define CKA_VALUE_LEN (0x161UL) #define CKA_EXTRACTABLE (0x162UL) #define CKA_LOCAL (0x163UL) #define CKA_NEVER_EXTRACTABLE (0x164UL) #define CKA_ALWAYS_SENSITIVE (0x165UL) #define CKA_KEY_GEN_MECHANISM (0x166UL) #define CKA_MODIFIABLE (0x170UL) #define CKA_ECDSA_PARAMS (0x180UL) #define CKA_EC_PARAMS (0x180UL) #define CKA_EC_POINT (0x181UL) #define CKA_SECONDARY_AUTH (0x200UL) #define CKA_AUTH_PIN_FLAGS (0x201UL) #define CKA_ALWAYS_AUTHENTICATE (0x202UL) #define CKA_WRAP_WITH_TRUSTED (0x210UL) #define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211UL) #define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212UL) /* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */ #define CKA_OTP_FORMAT (0x220UL) #define CKA_OTP_LENGTH (0x221UL) #define CKA_OTP_TIME_INTERVAL (0x222UL) #define CKA_OTP_USER_FRIENDLY_MODE (0x223UL) #define CKA_OTP_CHALLENGE_REQUIREMENT (0x224UL) #define CKA_OTP_TIME_REQUIREMENT (0x225UL) #define CKA_OTP_COUNTER_REQUIREMENT (0x226UL) #define CKA_OTP_PIN_REQUIREMENT (0x227UL) #define CKA_OTP_COUNTER (0x22EUL) #define CKA_OTP_TIME (0x22FUL) #define CKA_OTP_USER_IDENTIFIER (0x22AUL) #define CKA_OTP_SERVICE_IDENTIFIER (0x22BUL) #define CKA_OTP_SERVICE_LOGO (0x22CUL) #define CKA_OTP_SERVICE_LOGO_TYPE (0x22DUL) #define CKA_HW_FEATURE_TYPE (0x300UL) #define CKA_RESET_ON_INIT (0x301UL) #define CKA_HAS_RESET (0x302UL) #define CKA_PIXEL_X (0x400UL) #define CKA_PIXEL_Y (0x401UL) #define CKA_RESOLUTION (0x402UL) #define CKA_CHAR_ROWS (0x403UL) #define CKA_CHAR_COLUMNS (0x404UL) #define CKA_COLOR (0x405UL) #define CKA_BITS_PER_PIXEL (0x406UL) #define CKA_CHAR_SETS (0x480UL) #define CKA_ENCODING_METHODS (0x481UL) #define CKA_MIME_TYPES (0x482UL) #define CKA_MECHANISM_TYPE (0x500UL) #define CKA_REQUIRED_CMS_ATTRIBUTES (0x501UL) #define CKA_DEFAULT_CMS_ATTRIBUTES (0x502UL) #define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503UL) #define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600UL) #define CKA_VENDOR_DEFINED ((unsigned long) (1UL << 31)) struct ck_attribute { ck_attribute_type_t type_; [size_is(value_len)] char value[]; [nativeint] unsigned long value_len; }; struct ck_date { unsigned char year[4]; unsigned char month[2]; unsigned char day[2]; }; typedef[nativeint] unsigned long ck_mechanism_type_t; #define CKM_RSA_PKCS_KEY_PAIR_GEN (0UL) #define CKM_RSA_PKCS (1UL) #define CKM_RSA_9796 (2UL) #define CKM_RSA_X_509 (3UL) #define CKM_MD2_RSA_PKCS (4UL) #define CKM_MD5_RSA_PKCS (5UL) #define CKM_SHA1_RSA_PKCS (6UL) #define CKM_RIPEMD128_RSA_PKCS (7UL) #define CKM_RIPEMD160_RSA_PKCS (8UL) #define CKM_RSA_PKCS_OAEP (9UL) #define CKM_RSA_X9_31_KEY_PAIR_GEN (0xaUL) #define CKM_RSA_X9_31 (0xbUL) #define CKM_SHA1_RSA_X9_31 (0xcUL) #define CKM_RSA_PKCS_PSS (0xdUL) #define CKM_SHA1_RSA_PKCS_PSS (0xeUL) #define CKM_DSA_KEY_PAIR_GEN (0x10UL) #define CKM_DSA (0x11UL) #define CKM_DSA_SHA1 (0x12UL) #define CKM_DH_PKCS_KEY_PAIR_GEN (0x20UL) #define CKM_DH_PKCS_DERIVE (0x21UL) #define CKM_X9_42_DH_KEY_PAIR_GEN (0x30UL) #define CKM_X9_42_DH_DERIVE (0x31UL) #define CKM_X9_42_DH_HYBRID_DERIVE (0x32UL) #define CKM_X9_42_MQV_DERIVE (0x33UL) #define CKM_SHA256_RSA_PKCS (0x40UL) #define CKM_SHA384_RSA_PKCS (0x41UL) #define CKM_SHA512_RSA_PKCS (0x42UL) #define CKM_SHA256_RSA_PKCS_PSS (0x43UL) #define CKM_SHA384_RSA_PKCS_PSS (0x44UL) #define CKM_SHA512_RSA_PKCS_PSS (0x45UL) /* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */ #define CKM_SHA224_RSA_PKCS (0x46UL) #define CKM_SHA224_RSA_PKCS_PSS (0x47UL) #define CKM_RC2_KEY_GEN (0x100UL) #define CKM_RC2_ECB (0x101UL) #define CKM_RC2_CBC (0x102UL) #define CKM_RC2_MAC (0x103UL) #define CKM_RC2_MAC_GENERAL (0x104UL) #define CKM_RC2_CBC_PAD (0x105UL) #define CKM_RC4_KEY_GEN (0x110UL) #define CKM_RC4 (0x111UL) #define CKM_DES_KEY_GEN (0x120UL) #define CKM_DES_ECB (0x121UL) #define CKM_DES_CBC (0x122UL) #define CKM_DES_MAC (0x123UL) #define CKM_DES_MAC_GENERAL (0x124UL) #define CKM_DES_CBC_PAD (0x125UL) #define CKM_DES2_KEY_GEN (0x130UL) #define CKM_DES3_KEY_GEN (0x131UL) #define CKM_DES3_ECB (0x132UL) #define CKM_DES3_CBC (0x133UL) #define CKM_DES3_MAC (0x134UL) #define CKM_DES3_MAC_GENERAL (0x135UL) #define CKM_DES3_CBC_PAD (0x136UL) #define CKM_CDMF_KEY_GEN (0x140UL) #define CKM_CDMF_ECB (0x141UL) #define CKM_CDMF_CBC (0x142UL) #define CKM_CDMF_MAC (0x143UL) #define CKM_CDMF_MAC_GENERAL (0x144UL) #define CKM_CDMF_CBC_PAD (0x145UL) #define CKM_DES_OFB64 (0x150UL) #define CKM_DES_OFB8 (0x151UL) #define CKM_DES_CFB64 (0x152UL) #define CKM_DES_CFB8 (0x153UL) #define CKM_MD2 (0x200UL) #define CKM_MD2_HMAC (0x201UL) #define CKM_MD2_HMAC_GENERAL (0x202UL) #define CKM_MD5 (0x210UL) #define CKM_MD5_HMAC (0x211UL) #define CKM_MD5_HMAC_GENERAL (0x212UL) #define CKM_SHA_1 (0x220UL) #define CKM_SHA_1_HMAC (0x221UL) #define CKM_SHA_1_HMAC_GENERAL (0x222UL) #define CKM_RIPEMD128 (0x230UL) #define CKM_RIPEMD128_HMAC (0x231UL) #define CKM_RIPEMD128_HMAC_GENERAL (0x232UL) #define CKM_RIPEMD160 (0x240UL) #define CKM_RIPEMD160_HMAC (0x241UL) #define CKM_RIPEMD160_HMAC_GENERAL (0x242UL) #define CKM_SHA256 (0x250UL) #define CKM_SHA256_HMAC (0x251UL) #define CKM_SHA256_HMAC_GENERAL (0x252UL) /* SHA-224 is new for PKCS #11 v2.20 amendment 3 */ #define CKM_SHA224 (0x255UL) #define CKM_SHA224_HMAC (0x256UL) #define CKM_SHA224_HMAC_GENERAL (0x257UL) #define CKM_SHA384 (0x260UL) #define CKM_SHA384_HMAC (0x261UL) #define CKM_SHA384_HMAC_GENERAL (0x262UL) #define CKM_SHA512 (0x270UL) #define CKM_SHA512_HMAC (0x271UL) #define CKM_SHA512_HMAC_GENERAL (0x272UL) /* SecurID is new for PKCS #11 v2.20 amendment 1 */ #define CKM_SECURID_KEY_GEN (0x280UL) #define CKM_SECURID (0x282UL) /* HOTP is new for PKCS #11 v2.20 amendment 1 */ #define CKM_HOTP_KEY_GEN (0x290UL) #define CKM_HOTP (0x291UL) /* ACTI is new for PKCS #11 v2.20 amendment 1 */ #define CKM_ACTI (0x2A0UL) #define CKM_ACTI_KEY_GEN (0x2A1UL) #define CKM_CAST_KEY_GEN (0x300UL) #define CKM_CAST_ECB (0x301UL) #define CKM_CAST_CBC (0x302UL) #define CKM_CAST_MAC (0x303UL) #define CKM_CAST_MAC_GENERAL (0x304UL) #define CKM_CAST_CBC_PAD (0x305UL) #define CKM_CAST3_KEY_GEN (0x310UL) #define CKM_CAST3_ECB (0x311UL) #define CKM_CAST3_CBC (0x312UL) #define CKM_CAST3_MAC (0x313UL) #define CKM_CAST3_MAC_GENERAL (0x314UL) #define CKM_CAST3_CBC_PAD (0x315UL) #define CKM_CAST5_KEY_GEN (0x320UL) #define CKM_CAST128_KEY_GEN (0x320UL) #define CKM_CAST5_ECB (0x321UL) #define CKM_CAST128_ECB (0x321UL) #define CKM_CAST5_CBC (0x322UL) #define CKM_CAST128_CBC (0x322UL) #define CKM_CAST5_MAC (0x323UL) #define CKM_CAST128_MAC (0x323UL) #define CKM_CAST5_MAC_GENERAL (0x324UL) #define CKM_CAST128_MAC_GENERAL (0x324UL) #define CKM_CAST5_CBC_PAD (0x325UL) #define CKM_CAST128_CBC_PAD (0x325UL) #define CKM_RC5_KEY_GEN (0x330UL) #define CKM_RC5_ECB (0x331UL) #define CKM_RC5_CBC (0x332UL) #define CKM_RC5_MAC (0x333UL) #define CKM_RC5_MAC_GENERAL (0x334UL) #define CKM_RC5_CBC_PAD (0x335UL) #define CKM_IDEA_KEY_GEN (0x340UL) #define CKM_IDEA_ECB (0x341UL) #define CKM_IDEA_CBC (0x342UL) #define CKM_IDEA_MAC (0x343UL) #define CKM_IDEA_MAC_GENERAL (0x344UL) #define CKM_IDEA_CBC_PAD (0x345UL) #define CKM_GENERIC_SECRET_KEY_GEN (0x350UL) #define CKM_CONCATENATE_BASE_AND_KEY (0x360UL) #define CKM_CONCATENATE_BASE_AND_DATA (0x362UL) #define CKM_CONCATENATE_DATA_AND_BASE (0x363UL) #define CKM_XOR_BASE_AND_DATA (0x364UL) #define CKM_EXTRACT_KEY_FROM_KEY (0x365UL) #define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370UL) #define CKM_SSL3_MASTER_KEY_DERIVE (0x371UL) #define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372UL) #define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373UL) #define CKM_TLS_PRE_MASTER_KEY_GEN (0x374UL) #define CKM_TLS_MASTER_KEY_DERIVE (0x375UL) #define CKM_TLS_KEY_AND_MAC_DERIVE (0x376UL) #define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377UL) /* CKM_TLS_PRF is new for v2.20 */ #define CKM_TLS_PRF (0x378UL) #define CKM_SSL3_MD5_MAC (0x380UL) #define CKM_SSL3_SHA1_MAC (0x381UL) #define CKM_MD5_KEY_DERIVATION (0x390UL) #define CKM_MD2_KEY_DERIVATION (0x391UL) #define CKM_SHA1_KEY_DERIVATION (0x392UL) /* CKM_SHA256/384/512 are new for v2.20 */ #define CKM_SHA256_KEY_DERIVATION (0x393UL) #define CKM_SHA384_KEY_DERIVATION (0x394UL) #define CKM_SHA512_KEY_DERIVATION (0x395UL) /* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */ #define CKM_SHA224_KEY_DERIVATION (0x396UL) #define CKM_PBE_MD2_DES_CBC (0x3a0UL) #define CKM_PBE_MD5_DES_CBC (0x3a1UL) #define CKM_PBE_MD5_CAST_CBC (0x3a2UL) #define CKM_PBE_MD5_CAST3_CBC (0x3a3UL) #define CKM_PBE_MD5_CAST5_CBC (0x3a4UL) #define CKM_PBE_MD5_CAST128_CBC (0x3a4UL) #define CKM_PBE_SHA1_CAST5_CBC (0x3a5UL) #define CKM_PBE_SHA1_CAST128_CBC (0x3a5UL) #define CKM_PBE_SHA1_RC4_128 (0x3a6UL) #define CKM_PBE_SHA1_RC4_40 (0x3a7UL) #define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8UL) #define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9UL) #define CKM_PBE_SHA1_RC2_128_CBC (0x3aaUL) #define CKM_PBE_SHA1_RC2_40_CBC (0x3abUL) #define CKM_PKCS5_PBKD2 (0x3b0UL) #define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0UL) /* WTLS mechanisms are new for v2.20 */ #define CKM_WTLS_PRE_MASTER_KEY_GEN (0x3D0UL) #define CKM_WTLS_MASTER_KEY_DERIVE (0x3D1UL) #define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC (0x3D2UL) #define CKM_WTLS_PRF (0x3D3UL) #define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE (0x3D4UL) #define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE (0x3D5UL) #define CKM_KEY_WRAP_LYNKS (0x400UL) #define CKM_KEY_WRAP_SET_OAEP (0x401UL) /* CKM_CMS_SIG is new for v2.20 */ #define CKM_CMS_SIG (0x500UL) /* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */ #define CKM_KIP_DERIVE (0x510UL) #define CKM_KIP_WRAP (0x511UL) #define CKM_KIP_MAC (0x512UL) /* Camellia is new for PKCS #11 v2.20 amendment 3 */ #define CKM_CAMELLIA_KEY_GEN (0x550UL) #define CKM_CAMELLIA_ECB (0x551UL) #define CKM_CAMELLIA_CBC (0x552UL) #define CKM_CAMELLIA_MAC (0x553UL) #define CKM_CAMELLIA_MAC_GENERAL (0x554UL) #define CKM_CAMELLIA_CBC_PAD (0x555UL) #define CKM_CAMELLIA_ECB_ENCRYPT_DATA (0x556UL) #define CKM_CAMELLIA_CBC_ENCRYPT_DATA (0x557UL) #define CKM_CAMELLIA_CTR (0x558UL) /* ARIA is new for PKCS #11 v2.20 amendment 3 */ #define CKM_ARIA_KEY_GEN (0x560UL) #define CKM_ARIA_ECB (0x561UL) #define CKM_ARIA_CBC (0x562UL) #define CKM_ARIA_MAC (0x563UL) #define CKM_ARIA_MAC_GENERAL (0x564UL) #define CKM_ARIA_CBC_PAD (0x565UL) #define CKM_ARIA_ECB_ENCRYPT_DATA (0x566UL) #define CKM_ARIA_CBC_ENCRYPT_DATA (0x567UL) #define CKM_SKIPJACK_KEY_GEN (0x1000UL) #define CKM_SKIPJACK_ECB64 (0x1001UL) #define CKM_SKIPJACK_CBC64 (0x1002UL) #define CKM_SKIPJACK_OFB64 (0x1003UL) #define CKM_SKIPJACK_CFB64 (0x1004UL) #define CKM_SKIPJACK_CFB32 (0x1005UL) #define CKM_SKIPJACK_CFB16 (0x1006UL) #define CKM_SKIPJACK_CFB8 (0x1007UL) #define CKM_SKIPJACK_WRAP (0x1008UL) #define CKM_SKIPJACK_PRIVATE_WRAP (0x1009UL) #define CKM_SKIPJACK_RELAYX (0x100aUL) #define CKM_KEA_KEY_PAIR_GEN (0x1010UL) #define CKM_KEA_KEY_DERIVE (0x1011UL) #define CKM_FORTEZZA_TIMESTAMP (0x1020UL) #define CKM_BATON_KEY_GEN (0x1030UL) #define CKM_BATON_ECB128 (0x1031UL) #define CKM_BATON_ECB96 (0x1032UL) #define CKM_BATON_CBC128 (0x1033UL) #define CKM_BATON_COUNTER (0x1034UL) #define CKM_BATON_SHUFFLE (0x1035UL) #define CKM_BATON_WRAP (0x1036UL) #define CKM_ECDSA_KEY_PAIR_GEN (0x1040UL) #define CKM_EC_KEY_PAIR_GEN (0x1040UL) #define CKM_ECDSA (0x1041UL) #define CKM_ECDSA_SHA1 (0x1042UL) #define CKM_ECDH1_DERIVE (0x1050UL) #define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL) #define CKM_ECMQV_DERIVE (0x1052UL) #define CKM_JUNIPER_KEY_GEN (0x1060UL) #define CKM_JUNIPER_ECB128 (0x1061UL) #define CKM_JUNIPER_CBC128 (0x1062UL) #define CKM_JUNIPER_COUNTER (0x1063UL) #define CKM_JUNIPER_SHUFFLE (0x1064UL) #define CKM_JUNIPER_WRAP (0x1065UL) #define CKM_FASTHASH (0x1070UL) #define CKM_AES_KEY_GEN (0x1080UL) #define CKM_AES_ECB (0x1081UL) #define CKM_AES_CBC (0x1082UL) #define CKM_AES_MAC (0x1083UL) #define CKM_AES_MAC_GENERAL (0x1084UL) #define CKM_AES_CBC_PAD (0x1085UL) /* AES counter mode is new for PKCS #11 v2.20 amendment 3 */ #define CKM_AES_CTR (0x1086UL) /* BlowFish and TwoFish are new for v2.20 */ #define CKM_BLOWFISH_KEY_GEN (0x1090UL) #define CKM_BLOWFISH_CBC (0x1091UL) #define CKM_TWOFISH_KEY_GEN (0x1092UL) #define CKM_TWOFISH_CBC (0x1093UL) /* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */ #define CKM_DES_ECB_ENCRYPT_DATA (0x1100UL) #define CKM_DES_CBC_ENCRYPT_DATA (0x1101UL) #define CKM_DES3_ECB_ENCRYPT_DATA (0x1102UL) #define CKM_DES3_CBC_ENCRYPT_DATA (0x1103UL) #define CKM_AES_ECB_ENCRYPT_DATA (0x1104UL) #define CKM_AES_CBC_ENCRYPT_DATA (0x1105UL) #define CKM_DSA_PARAMETER_GEN (0x2000UL) #define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL) #define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL) #define CKM_VENDOR_DEFINED ((unsigned long) (1UL << 31)) struct ck_mechanism { ck_mechanism_type_t mechanism; [size_is(parameter_len)] char parameter[]; [nativeint] unsigned long parameter_len; }; struct ck_mechanism_info { [nativeint] unsigned long min_key_size; [nativeint] unsigned long max_key_size; ck_flags_t flags; }; #define CKF_HW (1UL << 0) #define CKF_ENCRYPT (1UL << 8) #define CKF_DECRYPT (1UL << 9) #define CKF_DIGEST (1UL << 10) #define CKF_SIGN (1UL << 11) #define CKF_SIGN_RECOVER (1UL << 12) #define CKF_VERIFY (1UL << 13) #define CKF_VERIFY_RECOVER (1UL << 14) #define CKF_GENERATE (1UL << 15) #define CKF_GENERATE_KEY_PAIR (1UL << 16) #define CKF_WRAP (1UL << 17) #define CKF_UNWRAP (1UL << 18) #define CKF_DERIVE (1UL << 19) /* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE, * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They * describe a token's EC capabilities not available in mechanism * information. */ #define CKF_EC_F_P (1UL << 20) #define CKF_EC_F_2M (1UL << 21) #define CKF_EC_ECPARAMETERS (1UL << 22) #define CKF_EC_NAMEDCURVE (1UL << 23) #define CKF_EC_UNCOMPRESS (1UL << 24) #define CKF_EC_COMPRESS (1UL << 25) #define CKF_EXTENSION ((unsigned long) (1UL << 31)) /* Flags for C_WaitForSlotEvent. */ #define CKF_DONT_BLOCK (1UL) #define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1UL << 0) #define CKF_OS_LOCKING_OK (1UL << 1) #define CKR_OK (0UL) #define CKR_CANCEL (1UL) #define CKR_HOST_MEMORY (2UL) #define CKR_SLOT_ID_INVALID (3UL) #define CKR_GENERAL_ERROR (5UL) #define CKR_FUNCTION_FAILED (6UL) #define CKR_ARGUMENTS_BAD (7UL) #define CKR_NO_EVENT (8UL) #define CKR_NEED_TO_CREATE_THREADS (9UL) #define CKR_CANT_LOCK (0xaUL) #define CKR_ATTRIBUTE_READ_ONLY (0x10UL) #define CKR_ATTRIBUTE_SENSITIVE (0x11UL) #define CKR_ATTRIBUTE_TYPE_INVALID (0x12UL) #define CKR_ATTRIBUTE_VALUE_INVALID (0x13UL) #define CKR_DATA_INVALID (0x20UL) #define CKR_DATA_LEN_RANGE (0x21UL) #define CKR_DEVICE_ERROR (0x30UL) #define CKR_DEVICE_MEMORY (0x31UL) #define CKR_DEVICE_REMOVED (0x32UL) #define CKR_ENCRYPTED_DATA_INVALID (0x40UL) #define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41UL) #define CKR_FUNCTION_CANCELED (0x50UL) #define CKR_FUNCTION_NOT_PARALLEL (0x51UL) #define CKR_FUNCTION_NOT_SUPPORTED (0x54UL) #define CKR_KEY_HANDLE_INVALID (0x60UL) #define CKR_KEY_SIZE_RANGE (0x62UL) #define CKR_KEY_TYPE_INCONSISTENT (0x63UL) #define CKR_KEY_NOT_NEEDED (0x64UL) #define CKR_KEY_CHANGED (0x65UL) #define CKR_KEY_NEEDED (0x66UL) #define CKR_KEY_INDIGESTIBLE (0x67UL) #define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68UL) #define CKR_KEY_NOT_WRAPPABLE (0x69UL) #define CKR_KEY_UNEXTRACTABLE (0x6aUL) #define CKR_MECHANISM_INVALID (0x70UL) #define CKR_MECHANISM_PARAM_INVALID (0x71UL) #define CKR_OBJECT_HANDLE_INVALID (0x82UL) #define CKR_OPERATION_ACTIVE (0x90UL) #define CKR_OPERATION_NOT_INITIALIZED (0x91UL) #define CKR_PIN_INCORRECT (0xa0UL) #define CKR_PIN_INVALID (0xa1UL) #define CKR_PIN_LEN_RANGE (0xa2UL) #define CKR_PIN_EXPIRED (0xa3UL) #define CKR_PIN_LOCKED (0xa4UL) #define CKR_SESSION_CLOSED (0xb0UL) #define CKR_SESSION_COUNT (0xb1UL) #define CKR_SESSION_HANDLE_INVALID (0xb3UL) #define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4UL) #define CKR_SESSION_READ_ONLY (0xb5UL) #define CKR_SESSION_EXISTS (0xb6UL) #define CKR_SESSION_READ_ONLY_EXISTS (0xb7UL) #define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8UL) #define CKR_SIGNATURE_INVALID (0xc0UL) #define CKR_SIGNATURE_LEN_RANGE (0xc1UL) #define CKR_TEMPLATE_INCOMPLETE (0xd0UL) #define CKR_TEMPLATE_INCONSISTENT (0xd1UL) #define CKR_TOKEN_NOT_PRESENT (0xe0UL) #define CKR_TOKEN_NOT_RECOGNIZED (0xe1UL) #define CKR_TOKEN_WRITE_PROTECTED (0xe2UL) #define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0UL) #define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1UL) #define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2UL) #define CKR_USER_ALREADY_LOGGED_IN (0x100UL) #define CKR_USER_NOT_LOGGED_IN (0x101UL) #define CKR_USER_PIN_NOT_INITIALIZED (0x102UL) #define CKR_USER_TYPE_INVALID (0x103UL) #define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104UL) #define CKR_USER_TOO_MANY_TYPES (0x105UL) #define CKR_WRAPPED_KEY_INVALID (0x110UL) #define CKR_WRAPPED_KEY_LEN_RANGE (0x112UL) #define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113UL) #define CKR_WRAPPING_KEY_SIZE_RANGE (0x114UL) #define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115UL) #define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120UL) #define CKR_RANDOM_NO_RNG (0x121UL) #define CKR_DOMAIN_PARAMS_INVALID (0x130UL) #define CKR_BUFFER_TOO_SMALL (0x150UL) #define CKR_SAVED_STATE_INVALID (0x160UL) #define CKR_INFORMATION_SENSITIVE (0x170UL) #define CKR_STATE_UNSAVEABLE (0x180UL) #define CKR_CRYPTOKI_NOT_INITIALIZED (0x190UL) #define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191UL) #define CKR_MUTEX_BAD (0x1a0UL) #define CKR_MUTEX_NOT_LOCKED (0x1a1UL) /* The following return values are new for PKCS #11 v2.20 amendment 3 */ #define CKR_NEW_PIN_MODE (0x1b0UL) #define CKR_NEXT_OTP (0x1b1UL) #define CKR_FUNCTION_REJECTED (0x200UL) #define CKR_VENDOR_DEFINED ((unsigned long) (1UL << 31)) quote(mli, "val cRYPTOKI_VERSION_MAJOR : nativeint"); quote(mli, "val cRYPTOKI_VERSION_MINOR : nativeint"); quote(mli, "val cRYPTOKI_VERSION_REVISION : nativeint"); quote(mli, "val cKN_SURRENDER : nativeint"); quote(mli, "val cKN_OTP_CHANGED : nativeint"); quote(mli, "val cKF_TOKEN_PRESENT : nativeint"); quote(mli, "val cKF_REMOVABLE_DEVICE : nativeint"); quote(mli, "val cKF_HW_SLOT : nativeint"); quote(mli, "val cKF_ARRAY_ATTRIBUTE : nativeint"); quote(mli, "val cKF_RNG : nativeint"); quote(mli, "val cKF_WRITE_PROTECTED : nativeint"); quote(mli, "val cKF_LOGIN_REQUIRED : nativeint"); quote(mli, "val cKF_USER_PIN_INITIALIZED : nativeint"); quote(mli, "val cKF_RESTORE_KEY_NOT_NEEDED : nativeint"); quote(mli, "val cKF_CLOCK_ON_TOKEN : nativeint"); quote(mli, "val cKF_PROTECTED_AUTHENTICATION_PATH : nativeint"); quote(mli, "val cKF_DUAL_CRYPTO_OPERATIONS : nativeint"); quote(mli, "val cKF_TOKEN_INITIALIZED : nativeint"); quote(mli, "val cKF_SECONDARY_AUTHENTICATION : nativeint"); quote(mli, "val cKF_USER_PIN_COUNT_LOW : nativeint"); quote(mli, "val cKF_USER_PIN_FINAL_TRY : nativeint"); quote(mli, "val cKF_USER_PIN_LOCKED : nativeint"); quote(mli, "val cKF_USER_PIN_TO_BE_CHANGED : nativeint"); quote(mli, "val cKF_SO_PIN_COUNT_LOW : nativeint"); quote(mli, "val cKF_SO_PIN_FINAL_TRY : nativeint"); quote(mli, "val cKF_SO_PIN_LOCKED : nativeint"); quote(mli, "val cKF_SO_PIN_TO_BE_CHANGED : nativeint"); quote(mli, "val cK_UNAVAILABLE_INFORMATION : nativeint"); quote(mli, "val cK_EFFECTIVELY_INFINITE : nativeint"); quote(mli, "val cK_INVALID_HANDLE : nativeint"); quote(mli, "val cKU_SO : nativeint"); quote(mli, "val cKU_USER : nativeint"); quote(mli, "val cKU_CONTEXT_SPECIFIC : nativeint"); quote(mli, "val cKS_RO_PUBLIC_SESSION : nativeint"); quote(mli, "val cKS_RO_USER_FUNCTIONS : nativeint"); quote(mli, "val cKS_RW_PUBLIC_SESSION : nativeint"); quote(mli, "val cKS_RW_USER_FUNCTIONS : nativeint"); quote(mli, "val cKS_RW_SO_FUNCTIONS : nativeint"); quote(mli, "val cKF_RW_SESSION : nativeint"); quote(mli, "val cKF_SERIAL_SESSION : nativeint"); quote(mli, "val cKO_DATA : nativeint"); quote(mli, "val cKO_CERTIFICATE : nativeint"); quote(mli, "val cKO_PUBLIC_KEY : nativeint"); quote(mli, "val cKO_PRIVATE_KEY : nativeint"); quote(mli, "val cKO_SECRET_KEY : nativeint"); quote(mli, "val cKO_HW_FEATURE : nativeint"); quote(mli, "val cKO_DOMAIN_PARAMETERS : nativeint"); quote(mli, "val cKO_MECHANISM : nativeint"); quote(mli, "val cKO_OTP_KEY : nativeint"); quote(mli, "val cKO_VENDOR_DEFINED : nativeint"); quote(mli, "val cKH_MONOTONIC_COUNTER : nativeint"); quote(mli, "val cKH_CLOCK : nativeint"); quote(mli, "val cKH_USER_INTERFACE : nativeint"); quote(mli, "val cKH_VENDOR_DEFINED : nativeint"); quote(mli, "val cKK_RSA : nativeint"); quote(mli, "val cKK_DSA : nativeint"); quote(mli, "val cKK_DH : nativeint"); quote(mli, "val cKK_ECDSA : nativeint"); quote(mli, "val cKK_EC : nativeint"); quote(mli, "val cKK_X9_42_DH : nativeint"); quote(mli, "val cKK_KEA : nativeint"); quote(mli, "val cKK_GENERIC_SECRET : nativeint"); quote(mli, "val cKK_RC2 : nativeint"); quote(mli, "val cKK_RC4 : nativeint"); quote(mli, "val cKK_DES : nativeint"); quote(mli, "val cKK_DES2 : nativeint"); quote(mli, "val cKK_DES3 : nativeint"); quote(mli, "val cKK_CAST : nativeint"); quote(mli, "val cKK_CAST3 : nativeint"); quote(mli, "val cKK_CAST128 : nativeint"); quote(mli, "val cKK_RC5 : nativeint"); quote(mli, "val cKK_IDEA : nativeint"); quote(mli, "val cKK_SKIPJACK : nativeint"); quote(mli, "val cKK_BATON : nativeint"); quote(mli, "val cKK_JUNIPER : nativeint"); quote(mli, "val cKK_CDMF : nativeint"); quote(mli, "val cKK_AES : nativeint"); quote(mli, "val cKK_BLOWFISH : nativeint"); quote(mli, "val cKK_TWOFISH : nativeint"); quote(mli, "val cKK_SECURID : nativeint"); quote(mli, "val cKK_HOTP : nativeint"); quote(mli, "val cKK_ACTI : nativeint"); quote(mli, "val cKK_CAMELLIA : nativeint"); quote(mli, "val cKK_ARIA : nativeint"); quote(mli, "val cKK_VENDOR_DEFINED : nativeint"); quote(mli, "val cKC_X_509 : nativeint"); quote(mli, "val cKC_X_509_ATTR_CERT : nativeint"); quote(mli, "val cKC_WTLS : nativeint"); quote(mli, "val cKC_VENDOR_DEFINED : nativeint"); quote(mli, "val cK_OTP_FORMAT_DECIMAL : nativeint"); quote(mli, "val cK_OTP_FORMAT_HEXADECIMAL : nativeint"); quote(mli, "val cK_OTP_FORMAT_ALPHANUMERIC : nativeint"); quote(mli, "val cK_OTP_PARAM_IGNORED : nativeint"); quote(mli, "val cK_OTP_PARAM_OPTIONAL : nativeint"); quote(mli, "val cK_OTP_PARAM_MANDATORY : nativeint"); quote(mli, "val cKA_CLASS : nativeint"); quote(mli, "val cKA_TOKEN : nativeint"); quote(mli, "val cKA_PRIVATE : nativeint"); quote(mli, "val cKA_LABEL : nativeint"); quote(mli, "val cKA_APPLICATION : nativeint"); quote(mli, "val cKA_VALUE : nativeint"); quote(mli, "val cKA_OBJECT_ID : nativeint"); quote(mli, "val cKA_CERTIFICATE_TYPE : nativeint"); quote(mli, "val cKA_ISSUER : nativeint"); quote(mli, "val cKA_SERIAL_NUMBER : nativeint"); quote(mli, "val cKA_AC_ISSUER : nativeint"); quote(mli, "val cKA_OWNER : nativeint"); quote(mli, "val cKA_ATTR_TYPES : nativeint"); quote(mli, "val cKA_TRUSTED : nativeint"); quote(mli, "val cKA_CERTIFICATE_CATEGORY : nativeint"); quote(mli, "val cKA_JAVA_MIDP_SECURITY_DOMAIN : nativeint"); quote(mli, "val cKA_URL : nativeint"); quote(mli, "val cKA_HASH_OF_SUBJECT_PUBLIC_KEY : nativeint"); quote(mli, "val cKA_HASH_OF_ISSUER_PUBLIC_KEY : nativeint"); quote(mli, "val cKA_CHECK_VALUE : nativeint"); quote(mli, "val cKA_KEY_TYPE : nativeint"); quote(mli, "val cKA_SUBJECT : nativeint"); quote(mli, "val cKA_ID : nativeint"); quote(mli, "val cKA_SENSITIVE : nativeint"); quote(mli, "val cKA_ENCRYPT : nativeint"); quote(mli, "val cKA_DECRYPT : nativeint"); quote(mli, "val cKA_WRAP : nativeint"); quote(mli, "val cKA_UNWRAP : nativeint"); quote(mli, "val cKA_SIGN : nativeint"); quote(mli, "val cKA_SIGN_RECOVER : nativeint"); quote(mli, "val cKA_VERIFY : nativeint"); quote(mli, "val cKA_VERIFY_RECOVER : nativeint"); quote(mli, "val cKA_DERIVE : nativeint"); quote(mli, "val cKA_START_DATE : nativeint"); quote(mli, "val cKA_END_DATE : nativeint"); quote(mli, "val cKA_MODULUS : nativeint"); quote(mli, "val cKA_MODULUS_BITS : nativeint"); quote(mli, "val cKA_PUBLIC_EXPONENT : nativeint"); quote(mli, "val cKA_PRIVATE_EXPONENT : nativeint"); quote(mli, "val cKA_PRIME_1 : nativeint"); quote(mli, "val cKA_PRIME_2 : nativeint"); quote(mli, "val cKA_EXPONENT_1 : nativeint"); quote(mli, "val cKA_EXPONENT_2 : nativeint"); quote(mli, "val cKA_COEFFICIENT : nativeint"); quote(mli, "val cKA_PRIME : nativeint"); quote(mli, "val cKA_SUBPRIME : nativeint"); quote(mli, "val cKA_BASE : nativeint"); quote(mli, "val cKA_PRIME_BITS : nativeint"); quote(mli, "val cKA_SUB_PRIME_BITS : nativeint"); quote(mli, "val cKA_VALUE_BITS : nativeint"); quote(mli, "val cKA_VALUE_LEN : nativeint"); quote(mli, "val cKA_EXTRACTABLE : nativeint"); quote(mli, "val cKA_LOCAL : nativeint"); quote(mli, "val cKA_NEVER_EXTRACTABLE : nativeint"); quote(mli, "val cKA_ALWAYS_SENSITIVE : nativeint"); quote(mli, "val cKA_KEY_GEN_MECHANISM : nativeint"); quote(mli, "val cKA_MODIFIABLE : nativeint"); quote(mli, "val cKA_ECDSA_PARAMS : nativeint"); quote(mli, "val cKA_EC_PARAMS : nativeint"); quote(mli, "val cKA_EC_POINT : nativeint"); quote(mli, "val cKA_SECONDARY_AUTH : nativeint"); quote(mli, "val cKA_AUTH_PIN_FLAGS : nativeint"); quote(mli, "val cKA_ALWAYS_AUTHENTICATE : nativeint"); quote(mli, "val cKA_WRAP_WITH_TRUSTED : nativeint"); quote(mli, "val cKA_OTP_FORMAT : nativeint"); quote(mli, "val cKA_OTP_LENGTH : nativeint"); quote(mli, "val cKA_OTP_TIME_INTERVAL : nativeint"); quote(mli, "val cKA_OTP_USER_FRIENDLY_MODE : nativeint"); quote(mli, "val cKA_OTP_CHALLENGE_REQUIREMENT : nativeint"); quote(mli, "val cKA_OTP_TIME_REQUIREMENT : nativeint"); quote(mli, "val cKA_OTP_COUNTER_REQUIREMENT : nativeint"); quote(mli, "val cKA_OTP_PIN_REQUIREMENT : nativeint"); quote(mli, "val cKA_OTP_COUNTER : nativeint"); quote(mli, "val cKA_OTP_TIME : nativeint"); quote(mli, "val cKA_OTP_USER_IDENTIFIER : nativeint"); quote(mli, "val cKA_OTP_SERVICE_IDENTIFIER : nativeint"); quote(mli, "val cKA_OTP_SERVICE_LOGO : nativeint"); quote(mli, "val cKA_OTP_SERVICE_LOGO_TYPE : nativeint"); quote(mli, "val cKA_HW_FEATURE_TYPE : nativeint"); quote(mli, "val cKA_RESET_ON_INIT : nativeint"); quote(mli, "val cKA_HAS_RESET : nativeint"); quote(mli, "val cKA_PIXEL_X : nativeint"); quote(mli, "val cKA_PIXEL_Y : nativeint"); quote(mli, "val cKA_RESOLUTION : nativeint"); quote(mli, "val cKA_CHAR_ROWS : nativeint"); quote(mli, "val cKA_CHAR_COLUMNS : nativeint"); quote(mli, "val cKA_COLOR : nativeint"); quote(mli, "val cKA_BITS_PER_PIXEL : nativeint"); quote(mli, "val cKA_CHAR_SETS : nativeint"); quote(mli, "val cKA_ENCODING_METHODS : nativeint"); quote(mli, "val cKA_MIME_TYPES : nativeint"); quote(mli, "val cKA_MECHANISM_TYPE : nativeint"); quote(mli, "val cKA_REQUIRED_CMS_ATTRIBUTES : nativeint"); quote(mli, "val cKA_DEFAULT_CMS_ATTRIBUTES : nativeint"); quote(mli, "val cKA_SUPPORTED_CMS_ATTRIBUTES : nativeint"); quote(mli, "val cKA_WRAP_TEMPLATE : nativeint"); quote(mli, "val cKA_UNWRAP_TEMPLATE : nativeint"); quote(mli, "val cKA_ALLOWED_MECHANISMS : nativeint"); quote(mli, "val cKA_VENDOR_DEFINED : nativeint"); quote(mli, "val cKM_RSA_PKCS_KEY_PAIR_GEN : nativeint"); quote(mli, "val cKM_RSA_PKCS : nativeint"); quote(mli, "val cKM_RSA_9796 : nativeint"); quote(mli, "val cKM_RSA_X_509 : nativeint"); quote(mli, "val cKM_MD2_RSA_PKCS : nativeint"); quote(mli, "val cKM_MD5_RSA_PKCS : nativeint"); quote(mli, "val cKM_SHA1_RSA_PKCS : nativeint"); quote(mli, "val cKM_RIPEMD128_RSA_PKCS : nativeint"); quote(mli, "val cKM_RIPEMD160_RSA_PKCS : nativeint"); quote(mli, "val cKM_RSA_PKCS_OAEP : nativeint"); quote(mli, "val cKM_RSA_X9_31_KEY_PAIR_GEN : nativeint"); quote(mli, "val cKM_RSA_X9_31 : nativeint"); quote(mli, "val cKM_SHA1_RSA_X9_31 : nativeint"); quote(mli, "val cKM_RSA_PKCS_PSS : nativeint"); quote(mli, "val cKM_SHA1_RSA_PKCS_PSS : nativeint"); quote(mli, "val cKM_DSA_KEY_PAIR_GEN : nativeint"); quote(mli, "val cKM_DSA : nativeint"); quote(mli, "val cKM_DSA_SHA1 : nativeint"); quote(mli, "val cKM_DH_PKCS_KEY_PAIR_GEN : nativeint"); quote(mli, "val cKM_DH_PKCS_DERIVE : nativeint"); quote(mli, "val cKM_X9_42_DH_KEY_PAIR_GEN : nativeint"); quote(mli, "val cKM_X9_42_DH_DERIVE : nativeint"); quote(mli, "val cKM_X9_42_DH_HYBRID_DERIVE : nativeint"); quote(mli, "val cKM_X9_42_MQV_DERIVE : nativeint"); quote(mli, "val cKM_SHA256_RSA_PKCS : nativeint"); quote(mli, "val cKM_SHA384_RSA_PKCS : nativeint"); quote(mli, "val cKM_SHA512_RSA_PKCS : nativeint"); quote(mli, "val cKM_SHA224_RSA_PKCS : nativeint"); quote(mli, "val cKM_SHA256_RSA_PKCS_PSS : nativeint"); quote(mli, "val cKM_SHA384_RSA_PKCS_PSS : nativeint"); quote(mli, "val cKM_SHA512_RSA_PKCS_PSS : nativeint"); quote(mli, "val cKM_SHA224_RSA_PKCS_PSS : nativeint"); quote(mli, "val cKM_RC2_KEY_GEN : nativeint"); quote(mli, "val cKM_RC2_ECB : nativeint"); quote(mli, "val cKM_RC2_CBC : nativeint"); quote(mli, "val cKM_RC2_MAC : nativeint"); quote(mli, "val cKM_RC2_MAC_GENERAL : nativeint"); quote(mli, "val cKM_RC2_CBC_PAD : nativeint"); quote(mli, "val cKM_RC4_KEY_GEN : nativeint"); quote(mli, "val cKM_RC4 : nativeint"); quote(mli, "val cKM_DES_KEY_GEN : nativeint"); quote(mli, "val cKM_DES_ECB : nativeint"); quote(mli, "val cKM_DES_CBC : nativeint"); quote(mli, "val cKM_DES_MAC : nativeint"); quote(mli, "val cKM_DES_MAC_GENERAL : nativeint"); quote(mli, "val cKM_DES_CBC_PAD : nativeint"); quote(mli, "val cKM_DES2_KEY_GEN : nativeint"); quote(mli, "val cKM_DES3_KEY_GEN : nativeint"); quote(mli, "val cKM_DES3_ECB : nativeint"); quote(mli, "val cKM_DES3_CBC : nativeint"); quote(mli, "val cKM_DES3_MAC : nativeint"); quote(mli, "val cKM_DES3_MAC_GENERAL : nativeint"); quote(mli, "val cKM_DES3_CBC_PAD : nativeint"); quote(mli, "val cKM_CDMF_KEY_GEN : nativeint"); quote(mli, "val cKM_CDMF_ECB : nativeint"); quote(mli, "val cKM_CDMF_CBC : nativeint"); quote(mli, "val cKM_CDMF_MAC : nativeint"); quote(mli, "val cKM_CDMF_MAC_GENERAL : nativeint"); quote(mli, "val cKM_CDMF_CBC_PAD : nativeint"); quote(mli, "val cKM_MD2 : nativeint"); quote(mli, "val cKM_MD2_HMAC : nativeint"); quote(mli, "val cKM_MD2_HMAC_GENERAL : nativeint"); quote(mli, "val cKM_MD5 : nativeint"); quote(mli, "val cKM_MD5_HMAC : nativeint"); quote(mli, "val cKM_MD5_HMAC_GENERAL : nativeint"); quote(mli, "val cKM_SHA_1 : nativeint"); quote(mli, "val cKM_SHA_1_HMAC : nativeint"); quote(mli, "val cKM_SHA_1_HMAC_GENERAL : nativeint"); quote(mli, "val cKM_RIPEMD128 : nativeint"); quote(mli, "val cKM_RIPEMD128_HMAC : nativeint"); quote(mli, "val cKM_RIPEMD128_HMAC_GENERAL : nativeint"); quote(mli, "val cKM_RIPEMD160 : nativeint"); quote(mli, "val cKM_RIPEMD160_HMAC : nativeint"); quote(mli, "val cKM_RIPEMD160_HMAC_GENERAL : nativeint"); quote(mli, "val cKM_SHA256 : nativeint"); quote(mli, "val cKM_SHA256_HMAC : nativeint"); quote(mli, "val cKM_SHA256_HMAC_GENERAL : nativeint"); quote(mli, "val cKM_SHA384 : nativeint"); quote(mli, "val cKM_SHA384_HMAC : nativeint"); quote(mli, "val cKM_SHA384_HMAC_GENERAL : nativeint"); quote(mli, "val cKM_SHA512 : nativeint"); quote(mli, "val cKM_SHA512_HMAC : nativeint"); quote(mli, "val cKM_SHA512_HMAC_GENERAL : nativeint"); quote(mli, "val cKM_SHA224 : nativeint"); quote(mli, "val cKM_SHA224_HMAC : nativeint"); quote(mli, "val cKM_SHA224_HMAC_GENERAL : nativeint"); quote(mli, "val cKM_SECURID_KEY_GEN : nativeint"); quote(mli, "val cKM_SECURID : nativeint"); quote(mli, "val cKM_HOTP_KEY_GEN : nativeint"); quote(mli, "val cKM_HOTP : nativeint"); quote(mli, "val cKM_ACTI_KEY_GEN : nativeint"); quote(mli, "val cKM_ACTI : nativeint"); quote(mli, "val cKM_CAST_KEY_GEN : nativeint"); quote(mli, "val cKM_CAST_ECB : nativeint"); quote(mli, "val cKM_CAST_CBC : nativeint"); quote(mli, "val cKM_CAST_MAC : nativeint"); quote(mli, "val cKM_CAST_MAC_GENERAL : nativeint"); quote(mli, "val cKM_CAST_CBC_PAD : nativeint"); quote(mli, "val cKM_CAST3_KEY_GEN : nativeint"); quote(mli, "val cKM_CAST3_ECB : nativeint"); quote(mli, "val cKM_CAST3_CBC : nativeint"); quote(mli, "val cKM_CAST3_MAC : nativeint"); quote(mli, "val cKM_CAST3_MAC_GENERAL : nativeint"); quote(mli, "val cKM_CAST3_CBC_PAD : nativeint"); quote(mli, "val cKM_CAST5_KEY_GEN : nativeint"); quote(mli, "val cKM_CAST128_KEY_GEN : nativeint"); quote(mli, "val cKM_CAST5_ECB : nativeint"); quote(mli, "val cKM_CAST128_ECB : nativeint"); quote(mli, "val cKM_CAST5_CBC : nativeint"); quote(mli, "val cKM_CAST128_CBC : nativeint"); quote(mli, "val cKM_CAST5_MAC : nativeint"); quote(mli, "val cKM_CAST128_MAC : nativeint"); quote(mli, "val cKM_CAST5_MAC_GENERAL : nativeint"); quote(mli, "val cKM_CAST128_MAC_GENERAL : nativeint"); quote(mli, "val cKM_CAST5_CBC_PAD : nativeint"); quote(mli, "val cKM_CAST128_CBC_PAD : nativeint"); quote(mli, "val cKM_RC5_KEY_GEN : nativeint"); quote(mli, "val cKM_RC5_ECB : nativeint"); quote(mli, "val cKM_RC5_CBC : nativeint"); quote(mli, "val cKM_RC5_MAC : nativeint"); quote(mli, "val cKM_RC5_MAC_GENERAL : nativeint"); quote(mli, "val cKM_RC5_CBC_PAD : nativeint"); quote(mli, "val cKM_IDEA_KEY_GEN : nativeint"); quote(mli, "val cKM_IDEA_ECB : nativeint"); quote(mli, "val cKM_IDEA_CBC : nativeint"); quote(mli, "val cKM_IDEA_MAC : nativeint"); quote(mli, "val cKM_IDEA_MAC_GENERAL : nativeint"); quote(mli, "val cKM_IDEA_CBC_PAD : nativeint"); quote(mli, "val cKM_GENERIC_SECRET_KEY_GEN : nativeint"); quote(mli, "val cKM_CONCATENATE_BASE_AND_KEY : nativeint"); quote(mli, "val cKM_CONCATENATE_BASE_AND_DATA : nativeint"); quote(mli, "val cKM_CONCATENATE_DATA_AND_BASE : nativeint"); quote(mli, "val cKM_XOR_BASE_AND_DATA : nativeint"); quote(mli, "val cKM_EXTRACT_KEY_FROM_KEY : nativeint"); quote(mli, "val cKM_SSL3_PRE_MASTER_KEY_GEN : nativeint"); quote(mli, "val cKM_SSL3_MASTER_KEY_DERIVE : nativeint"); quote(mli, "val cKM_SSL3_KEY_AND_MAC_DERIVE : nativeint"); quote(mli, "val cKM_SSL3_MASTER_KEY_DERIVE_DH : nativeint"); quote(mli, "val cKM_TLS_PRE_MASTER_KEY_GEN : nativeint"); quote(mli, "val cKM_TLS_MASTER_KEY_DERIVE : nativeint"); quote(mli, "val cKM_TLS_KEY_AND_MAC_DERIVE : nativeint"); quote(mli, "val cKM_TLS_MASTER_KEY_DERIVE_DH : nativeint"); quote(mli, "val cKM_TLS_PRF : nativeint"); quote(mli, "val cKM_SSL3_MD5_MAC : nativeint"); quote(mli, "val cKM_SSL3_SHA1_MAC : nativeint"); quote(mli, "val cKM_MD5_KEY_DERIVATION : nativeint"); quote(mli, "val cKM_MD2_KEY_DERIVATION : nativeint"); quote(mli, "val cKM_SHA1_KEY_DERIVATION : nativeint"); quote(mli, "val cKM_SHA256_KEY_DERIVATION : nativeint"); quote(mli, "val cKM_SHA384_KEY_DERIVATION : nativeint"); quote(mli, "val cKM_SHA512_KEY_DERIVATION : nativeint"); quote(mli, "val cKM_SHA224_KEY_DERIVATION : nativeint"); quote(mli, "val cKM_PBE_MD2_DES_CBC : nativeint"); quote(mli, "val cKM_PBE_MD5_DES_CBC : nativeint"); quote(mli, "val cKM_PBE_MD5_CAST_CBC : nativeint"); quote(mli, "val cKM_PBE_MD5_CAST3_CBC : nativeint"); quote(mli, "val cKM_PBE_MD5_CAST5_CBC : nativeint"); quote(mli, "val cKM_PBE_MD5_CAST128_CBC : nativeint"); quote(mli, "val cKM_PBE_SHA1_CAST5_CBC : nativeint"); quote(mli, "val cKM_PBE_SHA1_CAST128_CBC : nativeint"); quote(mli, "val cKM_PBE_SHA1_RC4_128 : nativeint"); quote(mli, "val cKM_PBE_SHA1_RC4_40 : nativeint"); quote(mli, "val cKM_PBE_SHA1_DES3_EDE_CBC : nativeint"); quote(mli, "val cKM_PBE_SHA1_DES2_EDE_CBC : nativeint"); quote(mli, "val cKM_PBE_SHA1_RC2_128_CBC : nativeint"); quote(mli, "val cKM_PBE_SHA1_RC2_40_CBC : nativeint"); quote(mli, "val cKM_PKCS5_PBKD2 : nativeint"); quote(mli, "val cKM_PBA_SHA1_WITH_SHA1_HMAC : nativeint"); quote(mli, "val cKM_WTLS_PRE_MASTER_KEY_GEN : nativeint"); quote(mli, "val cKM_WTLS_MASTER_KEY_DERIVE : nativeint"); quote(mli, "val cKM_WTLS_MASTER_KEY_DERIVE_DH_ECC : nativeint"); quote(mli, "val cKM_WTLS_PRF : nativeint"); quote(mli, "val cKM_WTLS_SERVER_KEY_AND_MAC_DERIVE : nativeint"); quote(mli, "val cKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE : nativeint"); quote(mli, "val cKM_KEY_WRAP_LYNKS : nativeint"); quote(mli, "val cKM_KEY_WRAP_SET_OAEP : nativeint"); quote(mli, "val cKM_CMS_SIG : nativeint"); quote(mli, "val cKM_KIP_DERIVE : nativeint"); quote(mli, "val cKM_KIP_WRAP : nativeint"); quote(mli, "val cKM_KIP_MAC : nativeint"); quote(mli, "val cKM_CAMELLIA_KEY_GEN : nativeint"); quote(mli, "val cKM_CAMELLIA_ECB : nativeint"); quote(mli, "val cKM_CAMELLIA_CBC : nativeint"); quote(mli, "val cKM_CAMELLIA_MAC : nativeint"); quote(mli, "val cKM_CAMELLIA_MAC_GENERAL : nativeint"); quote(mli, "val cKM_CAMELLIA_CBC_PAD : nativeint"); quote(mli, "val cKM_CAMELLIA_ECB_ENCRYPT_DATA : nativeint"); quote(mli, "val cKM_CAMELLIA_CBC_ENCRYPT_DATA : nativeint"); quote(mli, "val cKM_CAMELLIA_CTR : nativeint"); quote(mli, "val cKM_ARIA_KEY_GEN : nativeint"); quote(mli, "val cKM_ARIA_ECB : nativeint"); quote(mli, "val cKM_ARIA_CBC : nativeint"); quote(mli, "val cKM_ARIA_MAC : nativeint"); quote(mli, "val cKM_ARIA_MAC_GENERAL : nativeint"); quote(mli, "val cKM_ARIA_CBC_PAD : nativeint"); quote(mli, "val cKM_ARIA_ECB_ENCRYPT_DATA : nativeint"); quote(mli, "val cKM_ARIA_CBC_ENCRYPT_DATA : nativeint"); quote(mli, "val cKM_SKIPJACK_KEY_GEN : nativeint"); quote(mli, "val cKM_SKIPJACK_ECB64 : nativeint"); quote(mli, "val cKM_SKIPJACK_CBC64 : nativeint"); quote(mli, "val cKM_SKIPJACK_OFB64 : nativeint"); quote(mli, "val cKM_SKIPJACK_CFB64 : nativeint"); quote(mli, "val cKM_SKIPJACK_CFB32 : nativeint"); quote(mli, "val cKM_SKIPJACK_CFB16 : nativeint"); quote(mli, "val cKM_SKIPJACK_CFB8 : nativeint"); quote(mli, "val cKM_SKIPJACK_WRAP : nativeint"); quote(mli, "val cKM_SKIPJACK_PRIVATE_WRAP : nativeint"); quote(mli, "val cKM_SKIPJACK_RELAYX : nativeint"); quote(mli, "val cKM_KEA_KEY_PAIR_GEN : nativeint"); quote(mli, "val cKM_KEA_KEY_DERIVE : nativeint"); quote(mli, "val cKM_FORTEZZA_TIMESTAMP : nativeint"); quote(mli, "val cKM_BATON_KEY_GEN : nativeint"); quote(mli, "val cKM_BATON_ECB128 : nativeint"); quote(mli, "val cKM_BATON_ECB96 : nativeint"); quote(mli, "val cKM_BATON_CBC128 : nativeint"); quote(mli, "val cKM_BATON_COUNTER : nativeint"); quote(mli, "val cKM_BATON_SHUFFLE : nativeint"); quote(mli, "val cKM_BATON_WRAP : nativeint"); quote(mli, "val cKM_EC_KEY_PAIR_GEN : nativeint"); quote(mli, "val cKM_ECDSA : nativeint"); quote(mli, "val cKM_ECDSA_SHA1 : nativeint"); quote(mli, "val cKM_ECDH1_DERIVE : nativeint"); quote(mli, "val cKM_ECDH1_COFACTOR_DERIVE : nativeint"); quote(mli, "val cKM_ECMQV_DERIVE : nativeint"); quote(mli, "val cKM_JUNIPER_KEY_GEN : nativeint"); quote(mli, "val cKM_JUNIPER_ECB128 : nativeint"); quote(mli, "val cKM_JUNIPER_CBC128 : nativeint"); quote(mli, "val cKM_JUNIPER_COUNTER : nativeint"); quote(mli, "val cKM_JUNIPER_SHUFFLE : nativeint"); quote(mli, "val cKM_JUNIPER_WRAP : nativeint"); quote(mli, "val cKM_FASTHASH : nativeint"); quote(mli, "val cKM_AES_KEY_GEN : nativeint"); quote(mli, "val cKM_AES_ECB : nativeint"); quote(mli, "val cKM_AES_CBC : nativeint"); quote(mli, "val cKM_AES_MAC : nativeint"); quote(mli, "val cKM_AES_MAC_GENERAL : nativeint"); quote(mli, "val cKM_AES_CBC_PAD : nativeint"); quote(mli, "val cKM_AES_CTR : nativeint"); quote(mli, "val cKM_BLOWFISH_KEY_GEN : nativeint"); quote(mli, "val cKM_BLOWFISH_CBC : nativeint"); quote(mli, "val cKM_TWOFISH_KEY_GEN : nativeint"); quote(mli, "val cKM_TWOFISH_CBC : nativeint"); quote(mli, "val cKM_DES_ECB_ENCRYPT_DATA : nativeint"); quote(mli, "val cKM_DES_CBC_ENCRYPT_DATA : nativeint"); quote(mli, "val cKM_DES3_ECB_ENCRYPT_DATA : nativeint"); quote(mli, "val cKM_DES3_CBC_ENCRYPT_DATA : nativeint"); quote(mli, "val cKM_AES_ECB_ENCRYPT_DATA : nativeint"); quote(mli, "val cKM_AES_CBC_ENCRYPT_DATA : nativeint"); quote(mli, "val cKM_DSA_PARAMETER_GEN : nativeint"); quote(mli, "val cKM_DH_PKCS_PARAMETER_GEN : nativeint"); quote(mli, "val cKM_X9_42_DH_PARAMETER_GEN : nativeint"); quote(mli, "val cKM_VENDOR_DEFINED : nativeint"); quote(mli, "val cKF_HW : nativeint"); quote(mli, "val cKF_ENCRYPT : nativeint"); quote(mli, "val cKF_DECRYPT : nativeint"); quote(mli, "val cKF_DIGEST : nativeint"); quote(mli, "val cKF_SIGN : nativeint"); quote(mli, "val cKF_SIGN_RECOVER : nativeint"); quote(mli, "val cKF_VERIFY : nativeint"); quote(mli, "val cKF_VERIFY_RECOVER : nativeint"); quote(mli, "val cKF_GENERATE : nativeint"); quote(mli, "val cKF_GENERATE_KEY_PAIR : nativeint"); quote(mli, "val cKF_WRAP : nativeint"); quote(mli, "val cKF_UNWRAP : nativeint"); quote(mli, "val cKF_DERIVE : nativeint"); quote(mli, "val cKF_EC_F_P : nativeint"); quote(mli, "val cKF_EC_F_2M : nativeint"); quote(mli, "val cKF_EC_ECPARAMETERS : nativeint"); quote(mli, "val cKF_EC_NAMEDCURVE : nativeint"); quote(mli, "val cKF_EC_UNCOMPRESS : nativeint"); quote(mli, "val cKF_EC_COMPRESS : nativeint"); quote(mli, "val cKF_EXTENSION : nativeint"); quote(mli, "val cKF_DONT_BLOCK : nativeint"); quote(mli, "val cKF_LIBRARY_CANT_CREATE_OS_THREADS : nativeint"); quote(mli, "val cKF_OS_LOCKING_OK : nativeint"); quote(mli, "val cKR_OK : nativeint"); quote(mli, "val cKR_CANCEL : nativeint"); quote(mli, "val cKR_HOST_MEMORY : nativeint"); quote(mli, "val cKR_SLOT_ID_INVALID : nativeint"); quote(mli, "val cKR_GENERAL_ERROR : nativeint"); quote(mli, "val cKR_FUNCTION_FAILED : nativeint"); quote(mli, "val cKR_ARGUMENTS_BAD : nativeint"); quote(mli, "val cKR_NO_EVENT : nativeint"); quote(mli, "val cKR_NEED_TO_CREATE_THREADS : nativeint"); quote(mli, "val cKR_CANT_LOCK : nativeint"); quote(mli, "val cKR_ATTRIBUTE_READ_ONLY : nativeint"); quote(mli, "val cKR_ATTRIBUTE_SENSITIVE : nativeint"); quote(mli, "val cKR_ATTRIBUTE_TYPE_INVALID : nativeint"); quote(mli, "val cKR_ATTRIBUTE_VALUE_INVALID : nativeint"); quote(mli, "val cKR_DATA_INVALID : nativeint"); quote(mli, "val cKR_DATA_LEN_RANGE : nativeint"); quote(mli, "val cKR_DEVICE_ERROR : nativeint"); quote(mli, "val cKR_DEVICE_MEMORY : nativeint"); quote(mli, "val cKR_DEVICE_REMOVED : nativeint"); quote(mli, "val cKR_ENCRYPTED_DATA_INVALID : nativeint"); quote(mli, "val cKR_ENCRYPTED_DATA_LEN_RANGE : nativeint"); quote(mli, "val cKR_FUNCTION_CANCELED : nativeint"); quote(mli, "val cKR_FUNCTION_NOT_PARALLEL : nativeint"); quote(mli, "val cKR_FUNCTION_NOT_SUPPORTED : nativeint"); quote(mli, "val cKR_KEY_HANDLE_INVALID : nativeint"); quote(mli, "val cKR_KEY_SIZE_RANGE : nativeint"); quote(mli, "val cKR_KEY_TYPE_INCONSISTENT : nativeint"); quote(mli, "val cKR_KEY_NOT_NEEDED : nativeint"); quote(mli, "val cKR_KEY_CHANGED : nativeint"); quote(mli, "val cKR_KEY_NEEDED : nativeint"); quote(mli, "val cKR_KEY_INDIGESTIBLE : nativeint"); quote(mli, "val cKR_KEY_FUNCTION_NOT_PERMITTED : nativeint"); quote(mli, "val cKR_KEY_NOT_WRAPPABLE : nativeint"); quote(mli, "val cKR_KEY_UNEXTRACTABLE : nativeint"); quote(mli, "val cKR_MECHANISM_INVALID : nativeint"); quote(mli, "val cKR_MECHANISM_PARAM_INVALID : nativeint"); quote(mli, "val cKR_OBJECT_HANDLE_INVALID : nativeint"); quote(mli, "val cKR_OPERATION_ACTIVE : nativeint"); quote(mli, "val cKR_OPERATION_NOT_INITIALIZED : nativeint"); quote(mli, "val cKR_PIN_INCORRECT : nativeint"); quote(mli, "val cKR_PIN_INVALID : nativeint"); quote(mli, "val cKR_PIN_LEN_RANGE : nativeint"); quote(mli, "val cKR_PIN_EXPIRED : nativeint"); quote(mli, "val cKR_PIN_LOCKED : nativeint"); quote(mli, "val cKR_SESSION_CLOSED : nativeint"); quote(mli, "val cKR_SESSION_COUNT : nativeint"); quote(mli, "val cKR_SESSION_HANDLE_INVALID : nativeint"); quote(mli, "val cKR_SESSION_PARALLEL_NOT_SUPPORTED : nativeint"); quote(mli, "val cKR_SESSION_READ_ONLY : nativeint"); quote(mli, "val cKR_SESSION_EXISTS : nativeint"); quote(mli, "val cKR_SESSION_READ_ONLY_EXISTS : nativeint"); quote(mli, "val cKR_SESSION_READ_WRITE_SO_EXISTS : nativeint"); quote(mli, "val cKR_SIGNATURE_INVALID : nativeint"); quote(mli, "val cKR_SIGNATURE_LEN_RANGE : nativeint"); quote(mli, "val cKR_TEMPLATE_INCOMPLETE : nativeint"); quote(mli, "val cKR_TEMPLATE_INCONSISTENT : nativeint"); quote(mli, "val cKR_TOKEN_NOT_PRESENT : nativeint"); quote(mli, "val cKR_TOKEN_NOT_RECOGNIZED : nativeint"); quote(mli, "val cKR_TOKEN_WRITE_PROTECTED : nativeint"); quote(mli, "val cKR_UNWRAPPING_KEY_HANDLE_INVALID : nativeint"); quote(mli, "val cKR_UNWRAPPING_KEY_SIZE_RANGE : nativeint"); quote(mli, "val cKR_UNWRAPPING_KEY_TYPE_INCONSISTENT : nativeint"); quote(mli, "val cKR_USER_ALREADY_LOGGED_IN : nativeint"); quote(mli, "val cKR_USER_NOT_LOGGED_IN : nativeint"); quote(mli, "val cKR_USER_PIN_NOT_INITIALIZED : nativeint"); quote(mli, "val cKR_USER_TYPE_INVALID : nativeint"); quote(mli, "val cKR_USER_ANOTHER_ALREADY_LOGGED_IN : nativeint"); quote(mli, "val cKR_USER_TOO_MANY_TYPES : nativeint"); quote(mli, "val cKR_WRAPPED_KEY_INVALID : nativeint"); quote(mli, "val cKR_WRAPPED_KEY_LEN_RANGE : nativeint"); quote(mli, "val cKR_WRAPPING_KEY_HANDLE_INVALID : nativeint"); quote(mli, "val cKR_WRAPPING_KEY_SIZE_RANGE : nativeint"); quote(mli, "val cKR_WRAPPING_KEY_TYPE_INCONSISTENT : nativeint"); quote(mli, "val cKR_RANDOM_SEED_NOT_SUPPORTED : nativeint"); quote(mli, "val cKR_RANDOM_NO_RNG : nativeint"); quote(mli, "val cKR_DOMAIN_PARAMS_INVALID : nativeint"); quote(mli, "val cKR_BUFFER_TOO_SMALL : nativeint"); quote(mli, "val cKR_SAVED_STATE_INVALID : nativeint"); quote(mli, "val cKR_INFORMATION_SENSITIVE : nativeint"); quote(mli, "val cKR_STATE_UNSAVEABLE : nativeint"); quote(mli, "val cKR_CRYPTOKI_NOT_INITIALIZED : nativeint"); quote(mli, "val cKR_CRYPTOKI_ALREADY_INITIALIZED : nativeint"); quote(mli, "val cKR_MUTEX_BAD : nativeint"); quote(mli, "val cKR_MUTEX_NOT_LOCKED : nativeint"); quote(mli, "val cKR_NEW_PIN_MODE : nativeint"); quote(mli, "val cKR_NEXT_OTP : nativeint"); quote(mli, "val cKR_FUNCTION_REJECTED : nativeint"); quote(mli, "val cKR_VENDOR_DEFINED : nativeint"); quote(mli, "val cK_FALSE : nativeint"); quote(mli, "val cK_TRUE : nativeint"); quote(mli, "val fALSE : nativeint"); quote(mli, "val tRUE : nativeint"); quote(mli, "val nULL_PTR : nativeint"); quote(ml, "let cRYPTOKI_VERSION_MAJOR = 2n"); quote(ml, "let cRYPTOKI_VERSION_MINOR = 20n"); quote(ml, "let cRYPTOKI_VERSION_REVISION = 6n"); quote(ml, "let cKN_SURRENDER = 0n"); quote(ml, "let cKN_OTP_CHANGED = 1n"); quote(ml, "let cKF_TOKEN_PRESENT = 1n"); quote(ml, "let cKF_REMOVABLE_DEVICE = 2n"); quote(ml, "let cKF_HW_SLOT = 4n"); quote(ml, "let cKF_ARRAY_ATTRIBUTE = 1073741824n"); quote(ml, "let cKF_RNG = 1n"); quote(ml, "let cKF_WRITE_PROTECTED = 2n"); quote(ml, "let cKF_LOGIN_REQUIRED = 4n"); quote(ml, "let cKF_USER_PIN_INITIALIZED = 8n"); quote(ml, "let cKF_RESTORE_KEY_NOT_NEEDED = 32n"); quote(ml, "let cKF_CLOCK_ON_TOKEN = 64n"); quote(ml, "let cKF_PROTECTED_AUTHENTICATION_PATH = 256n"); quote(ml, "let cKF_DUAL_CRYPTO_OPERATIONS = 512n"); quote(ml, "let cKF_TOKEN_INITIALIZED = 1024n"); quote(ml, "let cKF_SECONDARY_AUTHENTICATION = 2048n"); quote(ml, "let cKF_USER_PIN_COUNT_LOW = 65536n"); quote(ml, "let cKF_USER_PIN_FINAL_TRY = 131072n"); quote(ml, "let cKF_USER_PIN_LOCKED = 262144n"); quote(ml, "let cKF_USER_PIN_TO_BE_CHANGED = 524288n"); quote(ml, "let cKF_SO_PIN_COUNT_LOW = 1048576n"); quote(ml, "let cKF_SO_PIN_FINAL_TRY = 2097152n"); quote(ml, "let cKF_SO_PIN_LOCKED = 4194304n"); quote(ml, "let cKF_SO_PIN_TO_BE_CHANGED = 8388608n"); quote(ml, "let cK_UNAVAILABLE_INFORMATION = (Nativeint.minus_one)"); quote(ml, "let cK_EFFECTIVELY_INFINITE = 0n"); quote(ml, "let cK_INVALID_HANDLE = 0n"); quote(ml, "let cKU_SO = 0n"); quote(ml, "let cKU_USER = 1n"); quote(ml, "let cKU_CONTEXT_SPECIFIC = 2n"); quote(ml, "let cKS_RO_PUBLIC_SESSION = 0n"); quote(ml, "let cKS_RO_USER_FUNCTIONS = 1n"); quote(ml, "let cKS_RW_PUBLIC_SESSION = 2n"); quote(ml, "let cKS_RW_USER_FUNCTIONS = 3n"); quote(ml, "let cKS_RW_SO_FUNCTIONS = 4n"); quote(ml, "let cKF_RW_SESSION = 2n"); quote(ml, "let cKF_SERIAL_SESSION = 4n"); quote(ml, "let cKO_DATA = 0n"); quote(ml, "let cKO_CERTIFICATE = 1n"); quote(ml, "let cKO_PUBLIC_KEY = 2n"); quote(ml, "let cKO_PRIVATE_KEY = 3n"); quote(ml, "let cKO_SECRET_KEY = 4n"); quote(ml, "let cKO_HW_FEATURE = 5n"); quote(ml, "let cKO_DOMAIN_PARAMETERS = 6n"); quote(ml, "let cKO_MECHANISM = 7n"); quote(ml, "let cKO_OTP_KEY = 8n"); #if __LP64__ quote(ml, "let cKO_VENDOR_DEFINED = 2147483648n"); #else quote(ml, "let cKO_VENDOR_DEFINED = -2147483648n"); #endif quote(ml, "let cKH_MONOTONIC_COUNTER = 1n"); quote(ml, "let cKH_CLOCK = 2n"); quote(ml, "let cKH_USER_INTERFACE = 3n"); #if __LP64__ quote(ml, "let cKH_VENDOR_DEFINED = 2147483648n"); #else quote(ml, "let cKH_VENDOR_DEFINED = -2147483648n"); #endif quote(ml, "let cKK_RSA = 0n"); quote(ml, "let cKK_DSA = 1n"); quote(ml, "let cKK_DH = 2n"); quote(ml, "let cKK_ECDSA = 3n"); quote(ml, "let cKK_EC = 3n"); quote(ml, "let cKK_X9_42_DH = 4n"); quote(ml, "let cKK_KEA = 5n"); quote(ml, "let cKK_GENERIC_SECRET = 16n"); quote(ml, "let cKK_RC2 = 17n"); quote(ml, "let cKK_RC4 = 18n"); quote(ml, "let cKK_DES = 19n"); quote(ml, "let cKK_DES2 = 20n"); quote(ml, "let cKK_DES3 = 21n"); quote(ml, "let cKK_CAST = 22n"); quote(ml, "let cKK_CAST3 = 23n"); quote(ml, "let cKK_CAST128 = 24n"); quote(ml, "let cKK_RC5 = 25n"); quote(ml, "let cKK_IDEA = 26n"); quote(ml, "let cKK_SKIPJACK = 27n"); quote(ml, "let cKK_BATON = 28n"); quote(ml, "let cKK_JUNIPER = 29n"); quote(ml, "let cKK_CDMF = 30n"); quote(ml, "let cKK_AES = 31n"); quote(ml, "let cKK_BLOWFISH = 32n"); quote(ml, "let cKK_TWOFISH = 33n"); quote(ml, "let cKK_SECURID = 34n"); quote(ml, "let cKK_HOTP = 35n"); quote(ml, "let cKK_ACTI = 36n"); quote(ml, "let cKK_CAMELLIA = 37n"); quote(ml, "let cKK_ARIA = 38n"); #ifdef __LP64__ quote(ml, "let cKK_VENDOR_DEFINED = 2147483648n"); #else quote(ml, "let cKK_VENDOR_DEFINED = -2147483648n"); #endif quote(ml, "let cKC_X_509 = 0n"); quote(ml, "let cKC_X_509_ATTR_CERT = 1n"); quote(ml, "let cKC_WTLS = 2n"); #ifdef __LP64__ quote(ml, "let cKC_VENDOR_DEFINED = 2147483648n"); #else quote(ml, "let cKC_VENDOR_DEFINED = -2147483648n"); #endif quote(ml, "let cK_OTP_FORMAT_DECIMAL = 0n"); quote(ml, "let cK_OTP_FORMAT_HEXADECIMAL = 1n"); quote(ml, "let cK_OTP_FORMAT_ALPHANUMERIC = 2n"); quote(ml, "let cK_OTP_PARAM_IGNORED = 0n"); quote(ml, "let cK_OTP_PARAM_OPTIONAL = 1n"); quote(ml, "let cK_OTP_PARAM_MANDATORY = 2n"); quote(ml, "let cKA_CLASS = 0n"); quote(ml, "let cKA_TOKEN = 1n"); quote(ml, "let cKA_PRIVATE = 2n"); quote(ml, "let cKA_LABEL = 3n"); quote(ml, "let cKA_APPLICATION = 16n"); quote(ml, "let cKA_VALUE = 17n"); quote(ml, "let cKA_OBJECT_ID = 18n"); quote(ml, "let cKA_CERTIFICATE_TYPE = 128n"); quote(ml, "let cKA_ISSUER = 129n"); quote(ml, "let cKA_SERIAL_NUMBER = 130n"); quote(ml, "let cKA_AC_ISSUER = 131n"); quote(ml, "let cKA_OWNER = 132n"); quote(ml, "let cKA_ATTR_TYPES = 133n"); quote(ml, "let cKA_TRUSTED = 134n"); quote(ml, "let cKA_CERTIFICATE_CATEGORY = 135n"); quote(ml, "let cKA_JAVA_MIDP_SECURITY_DOMAIN = 136n"); quote(ml, "let cKA_URL = 137n"); quote(ml, "let cKA_HASH_OF_SUBJECT_PUBLIC_KEY = 138n"); quote(ml, "let cKA_HASH_OF_ISSUER_PUBLIC_KEY = 139n"); quote(ml, "let cKA_CHECK_VALUE = 144n"); quote(ml, "let cKA_KEY_TYPE = 256n"); quote(ml, "let cKA_SUBJECT = 257n"); quote(ml, "let cKA_ID = 258n"); quote(ml, "let cKA_SENSITIVE = 259n"); quote(ml, "let cKA_ENCRYPT = 260n"); quote(ml, "let cKA_DECRYPT = 261n"); quote(ml, "let cKA_WRAP = 262n"); quote(ml, "let cKA_UNWRAP = 263n"); quote(ml, "let cKA_SIGN = 264n"); quote(ml, "let cKA_SIGN_RECOVER = 265n"); quote(ml, "let cKA_VERIFY = 266n"); quote(ml, "let cKA_VERIFY_RECOVER = 267n"); quote(ml, "let cKA_DERIVE = 268n"); quote(ml, "let cKA_START_DATE = 272n"); quote(ml, "let cKA_END_DATE = 273n"); quote(ml, "let cKA_MODULUS = 288n"); quote(ml, "let cKA_MODULUS_BITS = 289n"); quote(ml, "let cKA_PUBLIC_EXPONENT = 290n"); quote(ml, "let cKA_PRIVATE_EXPONENT = 291n"); quote(ml, "let cKA_PRIME_1 = 292n"); quote(ml, "let cKA_PRIME_2 = 293n"); quote(ml, "let cKA_EXPONENT_1 = 294n"); quote(ml, "let cKA_EXPONENT_2 = 295n"); quote(ml, "let cKA_COEFFICIENT = 296n"); quote(ml, "let cKA_PRIME = 304n"); quote(ml, "let cKA_SUBPRIME = 305n"); quote(ml, "let cKA_BASE = 306n"); quote(ml, "let cKA_PRIME_BITS = 307n"); quote(ml, "let cKA_SUB_PRIME_BITS = 308n"); quote(ml, "let cKA_VALUE_BITS = 352n"); quote(ml, "let cKA_VALUE_LEN = 353n"); quote(ml, "let cKA_EXTRACTABLE = 354n"); quote(ml, "let cKA_LOCAL = 355n"); quote(ml, "let cKA_NEVER_EXTRACTABLE = 356n"); quote(ml, "let cKA_ALWAYS_SENSITIVE = 357n"); quote(ml, "let cKA_KEY_GEN_MECHANISM = 358n"); quote(ml, "let cKA_MODIFIABLE = 368n"); quote(ml, "let cKA_ECDSA_PARAMS = 384n"); quote(ml, "let cKA_EC_PARAMS = 384n"); quote(ml, "let cKA_EC_POINT = 385n"); quote(ml, "let cKA_SECONDARY_AUTH = 512n"); quote(ml, "let cKA_AUTH_PIN_FLAGS = 513n"); quote(ml, "let cKA_ALWAYS_AUTHENTICATE = 514n"); quote(ml, "let cKA_WRAP_WITH_TRUSTED = 528n"); quote(ml, "let cKA_OTP_FORMAT = 544n"); quote(ml, "let cKA_OTP_LENGTH = 545n"); quote(ml, "let cKA_OTP_TIME_INTERVAL = 546n"); quote(ml, "let cKA_OTP_USER_FRIENDLY_MODE = 547n"); quote(ml, "let cKA_OTP_CHALLENGE_REQUIREMENT = 548n"); quote(ml, "let cKA_OTP_TIME_REQUIREMENT = 549n"); quote(ml, "let cKA_OTP_COUNTER_REQUIREMENT = 550n"); quote(ml, "let cKA_OTP_PIN_REQUIREMENT = 551n"); quote(ml, "let cKA_OTP_COUNTER = 552n"); quote(ml, "let cKA_OTP_TIME = 553n"); quote(ml, "let cKA_OTP_USER_IDENTIFIER = 554n"); quote(ml, "let cKA_OTP_SERVICE_IDENTIFIER = 555n"); quote(ml, "let cKA_OTP_SERVICE_LOGO = 556n"); quote(ml, "let cKA_OTP_SERVICE_LOGO_TYPE = 557n"); quote(ml, "let cKA_HW_FEATURE_TYPE = 768n"); quote(ml, "let cKA_RESET_ON_INIT = 769n"); quote(ml, "let cKA_HAS_RESET = 770n"); quote(ml, "let cKA_PIXEL_X = 1024n"); quote(ml, "let cKA_PIXEL_Y = 1025n"); quote(ml, "let cKA_RESOLUTION = 1026n"); quote(ml, "let cKA_CHAR_ROWS = 1027n"); quote(ml, "let cKA_CHAR_COLUMNS = 1028n"); quote(ml, "let cKA_COLOR = 1029n"); quote(ml, "let cKA_BITS_PER_PIXEL = 1030n"); quote(ml, "let cKA_CHAR_SETS = 1152n"); quote(ml, "let cKA_ENCODING_METHODS = 1153n"); quote(ml, "let cKA_MIME_TYPES = 1154n"); quote(ml, "let cKA_MECHANISM_TYPE = 1280n"); quote(ml, "let cKA_REQUIRED_CMS_ATTRIBUTES = 1281n"); quote(ml, "let cKA_DEFAULT_CMS_ATTRIBUTES = 1282n"); quote(ml, "let cKA_SUPPORTED_CMS_ATTRIBUTES = 1283n"); quote(ml, "let cKA_WRAP_TEMPLATE = 1073742353n"); quote(ml, "let cKA_UNWRAP_TEMPLATE = 1073742354n"); quote(ml, "let cKA_ALLOWED_MECHANISMS = 1073743360n"); #if __LP64__ quote(ml, "let cKA_VENDOR_DEFINED = 2147483648n"); #else quote(ml, "let cKA_VENDOR_DEFINED = -2147483648n"); #endif quote(ml, "let cKM_RSA_PKCS_KEY_PAIR_GEN = 0n"); quote(ml, "let cKM_RSA_PKCS = 1n"); quote(ml, "let cKM_RSA_9796 = 2n"); quote(ml, "let cKM_RSA_X_509 = 3n"); quote(ml, "let cKM_MD2_RSA_PKCS = 4n"); quote(ml, "let cKM_MD5_RSA_PKCS = 5n"); quote(ml, "let cKM_SHA1_RSA_PKCS = 6n"); quote(ml, "let cKM_RIPEMD128_RSA_PKCS = 7n"); quote(ml, "let cKM_RIPEMD160_RSA_PKCS = 8n"); quote(ml, "let cKM_RSA_PKCS_OAEP = 9n"); quote(ml, "let cKM_RSA_X9_31_KEY_PAIR_GEN = 10n"); quote(ml, "let cKM_RSA_X9_31 = 11n"); quote(ml, "let cKM_SHA1_RSA_X9_31 = 12n"); quote(ml, "let cKM_RSA_PKCS_PSS = 13n"); quote(ml, "let cKM_SHA1_RSA_PKCS_PSS = 14n"); quote(ml, "let cKM_DSA_KEY_PAIR_GEN = 16n"); quote(ml, "let cKM_DSA = 17n"); quote(ml, "let cKM_DSA_SHA1 = 18n"); quote(ml, "let cKM_DH_PKCS_KEY_PAIR_GEN = 32n"); quote(ml, "let cKM_DH_PKCS_DERIVE = 33n"); quote(ml, "let cKM_X9_42_DH_KEY_PAIR_GEN = 48n"); quote(ml, "let cKM_X9_42_DH_DERIVE = 49n"); quote(ml, "let cKM_X9_42_DH_HYBRID_DERIVE = 50n"); quote(ml, "let cKM_X9_42_MQV_DERIVE = 51n"); quote(ml, "let cKM_SHA256_RSA_PKCS = 64n"); quote(ml, "let cKM_SHA384_RSA_PKCS = 65n"); quote(ml, "let cKM_SHA512_RSA_PKCS = 66n"); quote(ml, "let cKM_SHA256_RSA_PKCS_PSS = 67n"); quote(ml, "let cKM_SHA384_RSA_PKCS_PSS = 68n"); quote(ml, "let cKM_SHA512_RSA_PKCS_PSS = 69n"); quote(ml, "let cKM_SHA224_RSA_PKCS = 70n"); quote(ml, "let cKM_SHA224_RSA_PKCS_PSS = 71n"); quote(ml, "let cKM_RC2_KEY_GEN = 256n"); quote(ml, "let cKM_RC2_ECB = 257n"); quote(ml, "let cKM_RC2_CBC = 258n"); quote(ml, "let cKM_RC2_MAC = 259n"); quote(ml, "let cKM_RC2_MAC_GENERAL = 260n"); quote(ml, "let cKM_RC2_CBC_PAD = 261n"); quote(ml, "let cKM_RC4_KEY_GEN = 272n"); quote(ml, "let cKM_RC4 = 273n"); quote(ml, "let cKM_DES_KEY_GEN = 288n"); quote(ml, "let cKM_DES_ECB = 289n"); quote(ml, "let cKM_DES_CBC = 290n"); quote(ml, "let cKM_DES_MAC = 291n"); quote(ml, "let cKM_DES_MAC_GENERAL = 292n"); quote(ml, "let cKM_DES_CBC_PAD = 293n"); quote(ml, "let cKM_DES2_KEY_GEN = 304n"); quote(ml, "let cKM_DES3_KEY_GEN = 305n"); quote(ml, "let cKM_DES3_ECB = 306n"); quote(ml, "let cKM_DES3_CBC = 307n"); quote(ml, "let cKM_DES3_MAC = 308n"); quote(ml, "let cKM_DES3_MAC_GENERAL = 309n"); quote(ml, "let cKM_DES3_CBC_PAD = 310n"); quote(ml, "let cKM_CDMF_KEY_GEN = 320n"); quote(ml, "let cKM_CDMF_ECB = 321n"); quote(ml, "let cKM_CDMF_CBC = 322n"); quote(ml, "let cKM_CDMF_MAC = 323n"); quote(ml, "let cKM_CDMF_MAC_GENERAL = 324n"); quote(ml, "let cKM_CDMF_CBC_PAD = 325n"); quote(ml, "let cKM_MD2 = 512n"); quote(ml, "let cKM_MD2_HMAC = 513n"); quote(ml, "let cKM_MD2_HMAC_GENERAL = 514n"); quote(ml, "let cKM_MD5 = 528n"); quote(ml, "let cKM_MD5_HMAC = 529n"); quote(ml, "let cKM_MD5_HMAC_GENERAL = 530n"); quote(ml, "let cKM_SHA_1 = 544n"); quote(ml, "let cKM_SHA_1_HMAC = 545n"); quote(ml, "let cKM_SHA_1_HMAC_GENERAL = 546n"); quote(ml, "let cKM_RIPEMD128 = 560n"); quote(ml, "let cKM_RIPEMD128_HMAC = 561n"); quote(ml, "let cKM_RIPEMD128_HMAC_GENERAL = 562n"); quote(ml, "let cKM_RIPEMD160 = 576n"); quote(ml, "let cKM_RIPEMD160_HMAC = 577n"); quote(ml, "let cKM_RIPEMD160_HMAC_GENERAL = 578n"); quote(ml, "let cKM_SHA256 = 592n"); quote(ml, "let cKM_SHA256_HMAC = 593n"); quote(ml, "let cKM_SHA256_HMAC_GENERAL = 594n"); quote(ml, "let cKM_SHA384 = 608n"); quote(ml, "let cKM_SHA384_HMAC = 609n"); quote(ml, "let cKM_SHA384_HMAC_GENERAL = 610n"); quote(ml, "let cKM_SHA512 = 624n"); quote(ml, "let cKM_SHA512_HMAC = 625n"); quote(ml, "let cKM_SHA512_HMAC_GENERAL = 626n"); quote(ml, "let cKM_SHA224 = 597n"); quote(ml, "let cKM_SHA224_HMAC = 598n"); quote(ml, "let cKM_SHA224_HMAC_GENERAL = 599n"); quote(ml, "let cKM_SECURID_KEY_GEN = 640n"); quote(ml, "let cKM_SECURID = 642n"); quote(ml, "let cKM_HOTP_KEY_GEN = 656n"); quote(ml, "let cKM_HOTP = 657n"); quote(ml, "let cKM_ACTI_KEY_GEN = 672n"); quote(ml, "let cKM_ACTI = 673n"); quote(ml, "let cKM_CAST_KEY_GEN = 768n"); quote(ml, "let cKM_CAST_ECB = 769n"); quote(ml, "let cKM_CAST_CBC = 770n"); quote(ml, "let cKM_CAST_MAC = 771n"); quote(ml, "let cKM_CAST_MAC_GENERAL = 772n"); quote(ml, "let cKM_CAST_CBC_PAD = 773n"); quote(ml, "let cKM_CAST3_KEY_GEN = 784n"); quote(ml, "let cKM_CAST3_ECB = 785n"); quote(ml, "let cKM_CAST3_CBC = 786n"); quote(ml, "let cKM_CAST3_MAC = 787n"); quote(ml, "let cKM_CAST3_MAC_GENERAL = 788n"); quote(ml, "let cKM_CAST3_CBC_PAD = 789n"); quote(ml, "let cKM_CAST5_KEY_GEN = 800n"); quote(ml, "let cKM_CAST128_KEY_GEN = 800n"); quote(ml, "let cKM_CAST5_ECB = 801n"); quote(ml, "let cKM_CAST128_ECB = 801n"); quote(ml, "let cKM_CAST5_CBC = 802n"); quote(ml, "let cKM_CAST128_CBC = 802n"); quote(ml, "let cKM_CAST5_MAC = 803n"); quote(ml, "let cKM_CAST128_MAC = 803n"); quote(ml, "let cKM_CAST5_MAC_GENERAL = 804n"); quote(ml, "let cKM_CAST128_MAC_GENERAL = 804n"); quote(ml, "let cKM_CAST5_CBC_PAD = 805n"); quote(ml, "let cKM_CAST128_CBC_PAD = 805n"); quote(ml, "let cKM_RC5_KEY_GEN = 816n"); quote(ml, "let cKM_RC5_ECB = 817n"); quote(ml, "let cKM_RC5_CBC = 818n"); quote(ml, "let cKM_RC5_MAC = 819n"); quote(ml, "let cKM_RC5_MAC_GENERAL = 820n"); quote(ml, "let cKM_RC5_CBC_PAD = 821n"); quote(ml, "let cKM_IDEA_KEY_GEN = 832n"); quote(ml, "let cKM_IDEA_ECB = 833n"); quote(ml, "let cKM_IDEA_CBC = 834n"); quote(ml, "let cKM_IDEA_MAC = 835n"); quote(ml, "let cKM_IDEA_MAC_GENERAL = 836n"); quote(ml, "let cKM_IDEA_CBC_PAD = 837n"); quote(ml, "let cKM_GENERIC_SECRET_KEY_GEN = 848n"); quote(ml, "let cKM_CONCATENATE_BASE_AND_KEY = 864n"); quote(ml, "let cKM_CONCATENATE_BASE_AND_DATA = 866n"); quote(ml, "let cKM_CONCATENATE_DATA_AND_BASE = 867n"); quote(ml, "let cKM_XOR_BASE_AND_DATA = 868n"); quote(ml, "let cKM_EXTRACT_KEY_FROM_KEY = 869n"); quote(ml, "let cKM_SSL3_PRE_MASTER_KEY_GEN = 880n"); quote(ml, "let cKM_SSL3_MASTER_KEY_DERIVE = 881n"); quote(ml, "let cKM_SSL3_KEY_AND_MAC_DERIVE = 882n"); quote(ml, "let cKM_SSL3_MASTER_KEY_DERIVE_DH = 883n"); quote(ml, "let cKM_TLS_PRE_MASTER_KEY_GEN = 884n"); quote(ml, "let cKM_TLS_MASTER_KEY_DERIVE = 885n"); quote(ml, "let cKM_TLS_KEY_AND_MAC_DERIVE = 886n"); quote(ml, "let cKM_TLS_MASTER_KEY_DERIVE_DH = 887n"); quote(ml, "let cKM_TLS_PRF = 888n"); quote(ml, "let cKM_SSL3_MD5_MAC = 896n"); quote(ml, "let cKM_SSL3_SHA1_MAC = 897n"); quote(ml, "let cKM_MD5_KEY_DERIVATION = 912n"); quote(ml, "let cKM_MD2_KEY_DERIVATION = 913n"); quote(ml, "let cKM_SHA1_KEY_DERIVATION = 914n"); quote(ml, "let cKM_SHA256_KEY_DERIVATION = 915n"); quote(ml, "let cKM_SHA384_KEY_DERIVATION = 916n"); quote(ml, "let cKM_SHA512_KEY_DERIVATION = 917n"); quote(ml, "let cKM_SHA224_KEY_DERIVATION = 918n"); quote(ml, "let cKM_PBE_MD2_DES_CBC = 928n"); quote(ml, "let cKM_PBE_MD5_DES_CBC = 929n"); quote(ml, "let cKM_PBE_MD5_CAST_CBC = 930n"); quote(ml, "let cKM_PBE_MD5_CAST3_CBC = 931n"); quote(ml, "let cKM_PBE_MD5_CAST5_CBC = 932n"); quote(ml, "let cKM_PBE_MD5_CAST128_CBC = 932n"); quote(ml, "let cKM_PBE_SHA1_CAST5_CBC = 933n"); quote(ml, "let cKM_PBE_SHA1_CAST128_CBC = 933n"); quote(ml, "let cKM_PBE_SHA1_RC4_128 = 934n"); quote(ml, "let cKM_PBE_SHA1_RC4_40 = 935n"); quote(ml, "let cKM_PBE_SHA1_DES3_EDE_CBC = 936n"); quote(ml, "let cKM_PBE_SHA1_DES2_EDE_CBC = 937n"); quote(ml, "let cKM_PBE_SHA1_RC2_128_CBC = 938n"); quote(ml, "let cKM_PBE_SHA1_RC2_40_CBC = 939n"); quote(ml, "let cKM_PKCS5_PBKD2 = 944n"); quote(ml, "let cKM_PBA_SHA1_WITH_SHA1_HMAC = 960n"); quote(ml, "let cKM_WTLS_PRE_MASTER_KEY_GEN = 976n"); quote(ml, "let cKM_WTLS_MASTER_KEY_DERIVE = 977n"); quote(ml, "let cKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 978n"); quote(ml, "let cKM_WTLS_PRF = 979n"); quote(ml, "let cKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 980n"); quote(ml, "let cKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 981n"); quote(ml, "let cKM_KEY_WRAP_LYNKS = 1024n"); quote(ml, "let cKM_KEY_WRAP_SET_OAEP = 1025n"); quote(ml, "let cKM_CMS_SIG = 1280n"); quote(ml, "let cKM_KIP_DERIVE = 1296n"); quote(ml, "let cKM_KIP_WRAP = 1297n"); quote(ml, "let cKM_KIP_MAC = 1298n"); quote(ml, "let cKM_CAMELLIA_KEY_GEN = 1360n"); quote(ml, "let cKM_CAMELLIA_ECB = 1361n"); quote(ml, "let cKM_CAMELLIA_CBC = 1362n"); quote(ml, "let cKM_CAMELLIA_MAC = 1363n"); quote(ml, "let cKM_CAMELLIA_MAC_GENERAL = 1364n"); quote(ml, "let cKM_CAMELLIA_CBC_PAD = 1365n"); quote(ml, "let cKM_CAMELLIA_ECB_ENCRYPT_DATA = 1366n"); quote(ml, "let cKM_CAMELLIA_CBC_ENCRYPT_DATA = 1367n"); quote(ml, "let cKM_CAMELLIA_CTR = 1368n"); quote(ml, "let cKM_ARIA_KEY_GEN = 1376n"); quote(ml, "let cKM_ARIA_ECB = 1377n"); quote(ml, "let cKM_ARIA_CBC = 1378n"); quote(ml, "let cKM_ARIA_MAC = 1379n"); quote(ml, "let cKM_ARIA_MAC_GENERAL = 1380n"); quote(ml, "let cKM_ARIA_CBC_PAD = 1381n"); quote(ml, "let cKM_ARIA_ECB_ENCRYPT_DATA = 1382n"); quote(ml, "let cKM_ARIA_CBC_ENCRYPT_DATA = 1383n"); quote(ml, "let cKM_SKIPJACK_KEY_GEN = 4096n"); quote(ml, "let cKM_SKIPJACK_ECB64 = 4097n"); quote(ml, "let cKM_SKIPJACK_CBC64 = 4098n"); quote(ml, "let cKM_SKIPJACK_OFB64 = 4099n"); quote(ml, "let cKM_SKIPJACK_CFB64 = 4100n"); quote(ml, "let cKM_SKIPJACK_CFB32 = 4101n"); quote(ml, "let cKM_SKIPJACK_CFB16 = 4102n"); quote(ml, "let cKM_SKIPJACK_CFB8 = 4103n"); quote(ml, "let cKM_SKIPJACK_WRAP = 4104n"); quote(ml, "let cKM_SKIPJACK_PRIVATE_WRAP = 4105n"); quote(ml, "let cKM_SKIPJACK_RELAYX = 4106n"); quote(ml, "let cKM_KEA_KEY_PAIR_GEN = 4112n"); quote(ml, "let cKM_KEA_KEY_DERIVE = 4113n"); quote(ml, "let cKM_FORTEZZA_TIMESTAMP = 4128n"); quote(ml, "let cKM_BATON_KEY_GEN = 4144n"); quote(ml, "let cKM_BATON_ECB128 = 4145n"); quote(ml, "let cKM_BATON_ECB96 = 4146n"); quote(ml, "let cKM_BATON_CBC128 = 4147n"); quote(ml, "let cKM_BATON_COUNTER = 4148n"); quote(ml, "let cKM_BATON_SHUFFLE = 4149n"); quote(ml, "let cKM_BATON_WRAP = 4150n"); quote(ml, "let cKM_EC_KEY_PAIR_GEN = 4160n"); quote(ml, "let cKM_ECDSA = 4161n"); quote(ml, "let cKM_ECDSA_SHA1 = 4162n"); quote(ml, "let cKM_ECDH1_DERIVE = 4176n"); quote(ml, "let cKM_ECDH1_COFACTOR_DERIVE = 4177n"); quote(ml, "let cKM_ECMQV_DERIVE = 4178n"); quote(ml, "let cKM_JUNIPER_KEY_GEN = 4192n"); quote(ml, "let cKM_JUNIPER_ECB128 = 4193n"); quote(ml, "let cKM_JUNIPER_CBC128 = 4194n"); quote(ml, "let cKM_JUNIPER_COUNTER = 4195n"); quote(ml, "let cKM_JUNIPER_SHUFFLE = 4196n"); quote(ml, "let cKM_JUNIPER_WRAP = 4197n"); quote(ml, "let cKM_FASTHASH = 4208n"); quote(ml, "let cKM_AES_KEY_GEN = 4224n"); quote(ml, "let cKM_AES_ECB = 4225n"); quote(ml, "let cKM_AES_CBC = 4226n"); quote(ml, "let cKM_AES_MAC = 4227n"); quote(ml, "let cKM_AES_MAC_GENERAL = 4228n"); quote(ml, "let cKM_AES_CBC_PAD = 4229n"); quote(ml, "let cKM_AES_CTR = 4230n"); quote(ml, "let cKM_BLOWFISH_KEY_GEN = 4240n"); quote(ml, "let cKM_BLOWFISH_CBC = 4241n"); quote(ml, "let cKM_TWOFISH_KEY_GEN = 4242n"); quote(ml, "let cKM_TWOFISH_CBC = 4243n"); quote(ml, "let cKM_DES_ECB_ENCRYPT_DATA = 4352n"); quote(ml, "let cKM_DES_CBC_ENCRYPT_DATA = 4353n"); quote(ml, "let cKM_DES3_ECB_ENCRYPT_DATA = 4354n"); quote(ml, "let cKM_DES3_CBC_ENCRYPT_DATA = 4355n"); quote(ml, "let cKM_AES_ECB_ENCRYPT_DATA = 4356n"); quote(ml, "let cKM_AES_CBC_ENCRYPT_DATA = 4357n"); quote(ml, "let cKM_DSA_PARAMETER_GEN = 8192n"); quote(ml, "let cKM_DH_PKCS_PARAMETER_GEN = 8193n"); quote(ml, "let cKM_X9_42_DH_PARAMETER_GEN = 8194n"); #if __LP64__ quote(ml, "let cKM_VENDOR_DEFINED = 2147483648n"); #else quote(ml, "let cKM_VENDOR_DEFINED = -2147483648n"); #endif quote(ml, "let cKF_HW = 1n"); quote(ml, "let cKF_ENCRYPT = 256n"); quote(ml, "let cKF_DECRYPT = 512n"); quote(ml, "let cKF_DIGEST = 1024n"); quote(ml, "let cKF_SIGN = 2048n"); quote(ml, "let cKF_SIGN_RECOVER = 4096n"); quote(ml, "let cKF_VERIFY = 8192n"); quote(ml, "let cKF_VERIFY_RECOVER = 16384n"); quote(ml, "let cKF_GENERATE = 32768n"); quote(ml, "let cKF_GENERATE_KEY_PAIR = 65536n"); quote(ml, "let cKF_WRAP = 131072n"); quote(ml, "let cKF_UNWRAP = 262144n"); quote(ml, "let cKF_DERIVE = 524288n"); quote(ml, "let cKF_EC_F_P = 1048576n"); quote(ml, "let cKF_EC_F_2M = 2097152n"); quote(ml, "let cKF_EC_ECPARAMETERS = 4194304n"); quote(ml, "let cKF_EC_NAMEDCURVE = 8388608n"); quote(ml, "let cKF_EC_UNCOMPRESS = 16777216n"); quote(ml, "let cKF_EC_COMPRESS = 33554432n"); #if __LP64__ quote(ml, "let cKF_EXTENSION = 2147483648n"); #else quote(ml, "let cKF_EXTENSION = -2147483648n"); #endif quote(ml, "let cKF_DONT_BLOCK = 1n"); quote(ml, "let cKF_LIBRARY_CANT_CREATE_OS_THREADS = 1n"); quote(ml, "let cKF_OS_LOCKING_OK = 2n"); quote(ml, "let cKR_OK = 0n"); quote(ml, "let cKR_CANCEL = 1n"); quote(ml, "let cKR_HOST_MEMORY = 2n"); quote(ml, "let cKR_SLOT_ID_INVALID = 3n"); quote(ml, "let cKR_GENERAL_ERROR = 5n"); quote(ml, "let cKR_FUNCTION_FAILED = 6n"); quote(ml, "let cKR_ARGUMENTS_BAD = 7n"); quote(ml, "let cKR_NO_EVENT = 8n"); quote(ml, "let cKR_NEED_TO_CREATE_THREADS = 9n"); quote(ml, "let cKR_CANT_LOCK = 10n"); quote(ml, "let cKR_ATTRIBUTE_READ_ONLY = 16n"); quote(ml, "let cKR_ATTRIBUTE_SENSITIVE = 17n"); quote(ml, "let cKR_ATTRIBUTE_TYPE_INVALID = 18n"); quote(ml, "let cKR_ATTRIBUTE_VALUE_INVALID = 19n"); quote(ml, "let cKR_DATA_INVALID = 32n"); quote(ml, "let cKR_DATA_LEN_RANGE = 33n"); quote(ml, "let cKR_DEVICE_ERROR = 48n"); quote(ml, "let cKR_DEVICE_MEMORY = 49n"); quote(ml, "let cKR_DEVICE_REMOVED = 50n"); quote(ml, "let cKR_ENCRYPTED_DATA_INVALID = 64n"); quote(ml, "let cKR_ENCRYPTED_DATA_LEN_RANGE = 65n"); quote(ml, "let cKR_FUNCTION_CANCELED = 80n"); quote(ml, "let cKR_FUNCTION_NOT_PARALLEL = 81n"); quote(ml, "let cKR_FUNCTION_NOT_SUPPORTED = 84n"); quote(ml, "let cKR_KEY_HANDLE_INVALID = 96n"); quote(ml, "let cKR_KEY_SIZE_RANGE = 98n"); quote(ml, "let cKR_KEY_TYPE_INCONSISTENT = 99n"); quote(ml, "let cKR_KEY_NOT_NEEDED = 100n"); quote(ml, "let cKR_KEY_CHANGED = 101n"); quote(ml, "let cKR_KEY_NEEDED = 102n"); quote(ml, "let cKR_KEY_INDIGESTIBLE = 103n"); quote(ml, "let cKR_KEY_FUNCTION_NOT_PERMITTED = 104n"); quote(ml, "let cKR_KEY_NOT_WRAPPABLE = 105n"); quote(ml, "let cKR_KEY_UNEXTRACTABLE = 106n"); quote(ml, "let cKR_MECHANISM_INVALID = 112n"); quote(ml, "let cKR_MECHANISM_PARAM_INVALID = 113n"); quote(ml, "let cKR_OBJECT_HANDLE_INVALID = 130n"); quote(ml, "let cKR_OPERATION_ACTIVE = 144n"); quote(ml, "let cKR_OPERATION_NOT_INITIALIZED = 145n"); quote(ml, "let cKR_PIN_INCORRECT = 160n"); quote(ml, "let cKR_PIN_INVALID = 161n"); quote(ml, "let cKR_PIN_LEN_RANGE = 162n"); quote(ml, "let cKR_PIN_EXPIRED = 163n"); quote(ml, "let cKR_PIN_LOCKED = 164n"); quote(ml, "let cKR_SESSION_CLOSED = 176n"); quote(ml, "let cKR_SESSION_COUNT = 177n"); quote(ml, "let cKR_SESSION_HANDLE_INVALID = 179n"); quote(ml, "let cKR_SESSION_PARALLEL_NOT_SUPPORTED = 180n"); quote(ml, "let cKR_SESSION_READ_ONLY = 181n"); quote(ml, "let cKR_SESSION_EXISTS = 182n"); quote(ml, "let cKR_SESSION_READ_ONLY_EXISTS = 183n"); quote(ml, "let cKR_SESSION_READ_WRITE_SO_EXISTS = 184n"); quote(ml, "let cKR_SIGNATURE_INVALID = 192n"); quote(ml, "let cKR_SIGNATURE_LEN_RANGE = 193n"); quote(ml, "let cKR_TEMPLATE_INCOMPLETE = 208n"); quote(ml, "let cKR_TEMPLATE_INCONSISTENT = 209n"); quote(ml, "let cKR_TOKEN_NOT_PRESENT = 224n"); quote(ml, "let cKR_TOKEN_NOT_RECOGNIZED = 225n"); quote(ml, "let cKR_TOKEN_WRITE_PROTECTED = 226n"); quote(ml, "let cKR_UNWRAPPING_KEY_HANDLE_INVALID = 240n"); quote(ml, "let cKR_UNWRAPPING_KEY_SIZE_RANGE = 241n"); quote(ml, "let cKR_UNWRAPPING_KEY_TYPE_INCONSISTENT = 242n"); quote(ml, "let cKR_USER_ALREADY_LOGGED_IN = 256n"); quote(ml, "let cKR_USER_NOT_LOGGED_IN = 257n"); quote(ml, "let cKR_USER_PIN_NOT_INITIALIZED = 258n"); quote(ml, "let cKR_USER_TYPE_INVALID = 259n"); quote(ml, "let cKR_USER_ANOTHER_ALREADY_LOGGED_IN = 260n"); quote(ml, "let cKR_USER_TOO_MANY_TYPES = 261n"); quote(ml, "let cKR_WRAPPED_KEY_INVALID = 272n"); quote(ml, "let cKR_WRAPPED_KEY_LEN_RANGE = 274n"); quote(ml, "let cKR_WRAPPING_KEY_HANDLE_INVALID = 275n"); quote(ml, "let cKR_WRAPPING_KEY_SIZE_RANGE = 276n"); quote(ml, "let cKR_WRAPPING_KEY_TYPE_INCONSISTENT = 277n"); quote(ml, "let cKR_RANDOM_SEED_NOT_SUPPORTED = 288n"); quote(ml, "let cKR_RANDOM_NO_RNG = 289n"); quote(ml, "let cKR_DOMAIN_PARAMS_INVALID = 304n"); quote(ml, "let cKR_BUFFER_TOO_SMALL = 336n"); quote(ml, "let cKR_SAVED_STATE_INVALID = 352n"); quote(ml, "let cKR_INFORMATION_SENSITIVE = 368n"); quote(ml, "let cKR_STATE_UNSAVEABLE = 384n"); quote(ml, "let cKR_CRYPTOKI_NOT_INITIALIZED = 400n"); quote(ml, "let cKR_CRYPTOKI_ALREADY_INITIALIZED = 401n"); quote(ml, "let cKR_MUTEX_BAD = 416n"); quote(ml, "let cKR_MUTEX_NOT_LOCKED = 417n"); quote(ml, "let cKR_NEW_PIN_MODE = 432n"); quote(ml, "let cKR_NEXT_OTP = 433n"); quote(ml, "let cKR_FUNCTION_REJECTED = 512n"); #if __LP64__ quote(ml, "let cKR_VENDOR_DEFINED = 2147483648n"); #else quote(ml, "let cKR_VENDOR_DEFINED = -2147483648n"); #endif quote(ml, "let cK_FALSE = 0n"); quote(ml, "let cK_TRUE = 1n"); quote(ml, "let fALSE = 0n"); quote(ml, "let tRUE = 1n"); quote(ml, "let nULL_PTR = 0n"); quote(mli, "val false_ : char array"); quote(mli, "val true_ : char array"); quote(ml, "let false_ = Array.make 1 (Char.chr 0)"); quote(ml, "let true_ = Array.make 1 (Char.chr 1)"); quote(ml, "(* Helpers for information printing *)\n"); quote(ml, "let match_cKR_value a = match a with"); quote(ml, " 0n -> \"cKR_OK\""); quote(ml, "| 1n -> \"cKR_CANCEL\""); quote(ml, "| 2n -> \"cKR_HOST_MEMORY\""); quote(ml, "| 3n -> \"cKR_SLOT_ID_INVALID\""); quote(ml, "| 5n -> \"cKR_GENERAL_ERROR\""); quote(ml, "| 6n -> \"cKR_FUNCTION_FAILED\""); quote(ml, "| 7n -> \"cKR_ARGUMENTS_BAD\""); quote(ml, "| 8n -> \"cKR_NO_EVENT\""); quote(ml, "| 9n -> \"cKR_NEED_TO_CREATE_THREADS\""); quote(ml, "| 10n -> \"cKR_CANT_LOCK\""); quote(ml, "| 16n -> \"cKR_ATTRIBUTE_READ_ONLY\""); quote(ml, "| 17n -> \"cKR_ATTRIBUTE_SENSITIVE\""); quote(ml, "| 18n -> \"cKR_ATTRIBUTE_TYPE_INVALID\""); quote(ml, "| 19n -> \"cKR_ATTRIBUTE_VALUE_INVALID\""); quote(ml, "| 32n -> \"cKR_DATA_INVALID\""); quote(ml, "| 33n -> \"cKR_DATA_LEN_RANGE\""); quote(ml, "| 48n -> \"cKR_DEVICE_ERROR\""); quote(ml, "| 49n -> \"cKR_DEVICE_MEMORY\""); quote(ml, "| 50n -> \"cKR_DEVICE_REMOVED\""); quote(ml, "| 64n -> \"cKR_ENCRYPTED_DATA_INVALID\""); quote(ml, "| 65n -> \"cKR_ENCRYPTED_DATA_LEN_RANGE\""); quote(ml, "| 80n -> \"cKR_FUNCTION_CANCELED\""); quote(ml, "| 81n -> \"cKR_FUNCTION_NOT_PARALLEL\""); quote(ml, "| 84n -> \"cKR_FUNCTION_NOT_SUPPORTED\""); quote(ml, "| 96n -> \"cKR_KEY_HANDLE_INVALID\""); quote(ml, "| 98n -> \"cKR_KEY_SIZE_RANGE\""); quote(ml, "| 99n -> \"cKR_KEY_TYPE_INCONSISTENT\""); quote(ml, "| 100n -> \"cKR_KEY_NOT_NEEDED\""); quote(ml, "| 101n -> \"cKR_KEY_CHANGED\""); quote(ml, "| 102n -> \"cKR_KEY_NEEDED\""); quote(ml, "| 103n -> \"cKR_KEY_INDIGESTIBLE\""); quote(ml, "| 104n -> \"cKR_KEY_FUNCTION_NOT_PERMITTED\""); quote(ml, "| 105n -> \"cKR_KEY_NOT_WRAPPABLE\""); quote(ml, "| 106n -> \"cKR_KEY_UNEXTRACTABLE\""); quote(ml, "| 112n -> \"cKR_MECHANISM_INVALID\""); quote(ml, "| 113n -> \"cKR_MECHANISM_PARAM_INVALID\""); quote(ml, "| 130n -> \"cKR_OBJECT_HANDLE_INVALID\""); quote(ml, "| 144n -> \"cKR_OPERATION_ACTIVE\""); quote(ml, "| 145n -> \"cKR_OPERATION_NOT_INITIALIZED\""); quote(ml, "| 160n -> \"cKR_PIN_INCORRECT\""); quote(ml, "| 161n -> \"cKR_PIN_INVALID\""); quote(ml, "| 162n -> \"cKR_PIN_LEN_RANGE\""); quote(ml, "| 163n -> \"cKR_PIN_EXPIRED\""); quote(ml, "| 164n -> \"cKR_PIN_LOCKED\""); quote(ml, "| 176n -> \"cKR_SESSION_CLOSED\""); quote(ml, "| 177n -> \"cKR_SESSION_COUNT\""); quote(ml, "| 179n -> \"cKR_SESSION_HANDLE_INVALID\""); quote(ml, "| 180n -> \"cKR_SESSION_PARALLEL_NOT_SUPPORTED\""); quote(ml, "| 181n -> \"cKR_SESSION_READ_ONLY\""); quote(ml, "| 182n -> \"cKR_SESSION_EXISTS\""); quote(ml, "| 183n -> \"cKR_SESSION_READ_ONLY_EXISTS\""); quote(ml, "| 184n -> \"cKR_SESSION_READ_WRITE_SO_EXISTS\""); quote(ml, "| 192n -> \"cKR_SIGNATURE_INVALID\""); quote(ml, "| 193n -> \"cKR_SIGNATURE_LEN_RANGE\""); quote(ml, "| 208n -> \"cKR_TEMPLATE_INCOMPLETE\""); quote(ml, "| 209n -> \"cKR_TEMPLATE_INCONSISTENT\""); quote(ml, "| 224n -> \"cKR_TOKEN_NOT_PRESENT\""); quote(ml, "| 225n -> \"cKR_TOKEN_NOT_RECOGNIZED\""); quote(ml, "| 226n -> \"cKR_TOKEN_WRITE_PROTECTED\""); quote(ml, "| 240n -> \"cKR_UNWRAPPING_KEY_HANDLE_INVALID\""); quote(ml, "| 241n -> \"cKR_UNWRAPPING_KEY_SIZE_RANGE\""); quote(ml, "| 242n -> \"cKR_UNWRAPPING_KEY_TYPE_INCONSISTENT\""); quote(ml, "| 256n -> \"cKR_USER_ALREADY_LOGGED_IN\""); quote(ml, "| 257n -> \"cKR_USER_NOT_LOGGED_IN\""); quote(ml, "| 258n -> \"cKR_USER_PIN_NOT_INITIALIZED\""); quote(ml, "| 259n -> \"cKR_USER_TYPE_INVALID\""); quote(ml, "| 260n -> \"cKR_USER_ANOTHER_ALREADY_LOGGED_IN\""); quote(ml, "| 261n -> \"cKR_USER_TOO_MANY_TYPES\""); quote(ml, "| 272n -> \"cKR_WRAPPED_KEY_INVALID\""); quote(ml, "| 274n -> \"cKR_WRAPPED_KEY_LEN_RANGE\""); quote(ml, "| 275n -> \"cKR_WRAPPING_KEY_HANDLE_INVALID\""); quote(ml, "| 276n -> \"cKR_WRAPPING_KEY_SIZE_RANGE\""); quote(ml, "| 277n -> \"cKR_WRAPPING_KEY_TYPE_INCONSISTENT\""); quote(ml, "| 288n -> \"cKR_RANDOM_SEED_NOT_SUPPORTED\""); quote(ml, "| 289n -> \"cKR_RANDOM_NO_RNG\""); quote(ml, "| 304n -> \"cKR_DOMAIN_PARAMS_INVALID\""); quote(ml, "| 336n -> \"cKR_BUFFER_TOO_SMALL\""); quote(ml, "| 352n -> \"cKR_SAVED_STATE_INVALID\""); quote(ml, "| 368n -> \"cKR_INFORMATION_SENSITIVE\""); quote(ml, "| 384n -> \"cKR_STATE_UNSAVEABLE\""); quote(ml, "| 400n -> \"cKR_CRYPTOKI_NOT_INITIALIZED\""); quote(ml, "| 401n -> \"cKR_CRYPTOKI_ALREADY_INITIALIZED\""); quote(ml, "| 416n -> \"cKR_MUTEX_BAD\""); quote(ml, "| 417n -> \"cKR_MUTEX_NOT_LOCKED\""); quote(ml, "| 432n -> \"cKR_NEW_PIN_MODE\""); quote(ml, "| 433n -> \"cKR_NEXT_OTP\""); quote(ml, "| 512n -> \"cKR_FUNCTION_REJECTED\""); #if __LP64__ quote(ml, "| 2147483648n -> \"cKR_VENDOR_DEFINED\""); #else quote(ml, "| -2147483648n -> \"cKR_VENDOR_DEFINED\""); #endif quote(ml, "| _ -> \"cKR_UNKNOWN!\""); quote(ml, "let match_cKM_value a = match a with"); quote(ml, " 0n -> \"cKM_RSA_PKCS_KEY_PAIR_GEN\""); quote(ml, "| 1n -> \"cKM_RSA_PKCS\""); quote(ml, "| 2n -> \"cKM_RSA_9796\""); quote(ml, "| 3n -> \"cKM_RSA_X_509\""); quote(ml, "| 4n -> \"cKM_MD2_RSA_PKCS\""); quote(ml, "| 5n -> \"cKM_MD5_RSA_PKCS\""); quote(ml, "| 6n -> \"cKM_SHA1_RSA_PKCS\""); quote(ml, "| 7n -> \"cKM_RIPEMD128_RSA_PKCS\""); quote(ml, "| 8n -> \"cKM_RIPEMD160_RSA_PKCS\""); quote(ml, "| 9n -> \"cKM_RSA_PKCS_OAEP\""); quote(ml, "| 10n -> \"cKM_RSA_X9_31_KEY_PAIR_GEN\""); quote(ml, "| 11n -> \"cKM_RSA_X9_31\""); quote(ml, "| 12n -> \"cKM_SHA1_RSA_X9_31\""); quote(ml, "| 13n -> \"cKM_RSA_PKCS_PSS\""); quote(ml, "| 14n -> \"cKM_SHA1_RSA_PKCS_PSS\""); quote(ml, "| 16n -> \"cKM_DSA_KEY_PAIR_GEN\""); quote(ml, "| 17n -> \"cKM_DSA\""); quote(ml, "| 18n -> \"cKM_DSA_SHA1\""); quote(ml, "| 32n -> \"cKM_DH_PKCS_KEY_PAIR_GEN\""); quote(ml, "| 33n -> \"cKM_DH_PKCS_DERIVE\""); quote(ml, "| 48n -> \"cKM_X9_42_DH_KEY_PAIR_GEN\""); quote(ml, "| 49n -> \"cKM_X9_42_DH_DERIVE\""); quote(ml, "| 50n -> \"cKM_X9_42_DH_HYBRID_DERIVE\""); quote(ml, "| 51n -> \"cKM_X9_42_MQV_DERIVE\""); quote(ml, "| 64n -> \"cKM_SHA256_RSA_PKCS\""); quote(ml, "| 65n -> \"cKM_SHA384_RSA_PKCS\""); quote(ml, "| 66n -> \"cKM_SHA512_RSA_PKCS\""); quote(ml, "| 67n -> \"cKM_SHA256_RSA_PKCS_PSS\""); quote(ml, "| 68n -> \"cKM_SHA384_RSA_PKCS_PSS\""); quote(ml, "| 69n -> \"cKM_SHA512_RSA_PKCS_PSS\""); quote(ml, "| 70n -> \"cKM_SHA224_RSA_PKCS\""); quote(ml, "| 71n -> \"cKM_SHA224_RSA_PKCS_PSS\""); quote(ml, "| 256n -> \"cKM_RC2_KEY_GEN\""); quote(ml, "| 257n -> \"cKM_RC2_ECB\""); quote(ml, "| 258n -> \"cKM_RC2_CBC\""); quote(ml, "| 259n -> \"cKM_RC2_MAC\""); quote(ml, "| 260n -> \"cKM_RC2_MAC_GENERAL\""); quote(ml, "| 261n -> \"cKM_RC2_CBC_PAD\""); quote(ml, "| 272n -> \"cKM_RC4_KEY_GEN\""); quote(ml, "| 273n -> \"cKM_RC4\""); quote(ml, "| 288n -> \"cKM_DES_KEY_GEN\""); quote(ml, "| 289n -> \"cKM_DES_ECB\""); quote(ml, "| 290n -> \"cKM_DES_CBC\""); quote(ml, "| 291n -> \"cKM_DES_MAC\""); quote(ml, "| 292n -> \"cKM_DES_MAC_GENERAL\""); quote(ml, "| 293n -> \"cKM_DES_CBC_PAD\""); quote(ml, "| 304n -> \"cKM_DES2_KEY_GEN\""); quote(ml, "| 305n -> \"cKM_DES3_KEY_GEN\""); quote(ml, "| 306n -> \"cKM_DES3_ECB\""); quote(ml, "| 307n -> \"cKM_DES3_CBC\""); quote(ml, "| 308n -> \"cKM_DES3_MAC\""); quote(ml, "| 309n -> \"cKM_DES3_MAC_GENERAL\""); quote(ml, "| 310n -> \"cKM_DES3_CBC_PAD\""); quote(ml, "| 320n -> \"cKM_CDMF_KEY_GEN\""); quote(ml, "| 321n -> \"cKM_CDMF_ECB\""); quote(ml, "| 322n -> \"cKM_CDMF_CBC\""); quote(ml, "| 323n -> \"cKM_CDMF_MAC\""); quote(ml, "| 324n -> \"cKM_CDMF_MAC_GENERAL\""); quote(ml, "| 325n -> \"cKM_CDMF_CBC_PAD\""); quote(ml, "| 512n -> \"cKM_MD2\""); quote(ml, "| 513n -> \"cKM_MD2_HMAC\""); quote(ml, "| 514n -> \"cKM_MD2_HMAC_GENERAL\""); quote(ml, "| 528n -> \"cKM_MD5\""); quote(ml, "| 529n -> \"cKM_MD5_HMAC\""); quote(ml, "| 530n -> \"cKM_MD5_HMAC_GENERAL\""); quote(ml, "| 544n -> \"cKM_SHA_1\""); quote(ml, "| 545n -> \"cKM_SHA_1_HMAC\""); quote(ml, "| 546n -> \"cKM_SHA_1_HMAC_GENERAL\""); quote(ml, "| 560n -> \"cKM_RIPEMD128\""); quote(ml, "| 561n -> \"cKM_RIPEMD128_HMAC\""); quote(ml, "| 562n -> \"cKM_RIPEMD128_HMAC_GENERAL\""); quote(ml, "| 576n -> \"cKM_RIPEMD160\""); quote(ml, "| 577n -> \"cKM_RIPEMD160_HMAC\""); quote(ml, "| 578n -> \"cKM_RIPEMD160_HMAC_GENERAL\""); quote(ml, "| 592n -> \"cKM_SHA256\""); quote(ml, "| 593n -> \"cKM_SHA256_HMAC\""); quote(ml, "| 594n -> \"cKM_SHA256_HMAC_GENERAL\""); quote(ml, "| 597n -> \"cKM_SHA224\""); quote(ml, "| 598n -> \"cKM_SHA224_HMAC\""); quote(ml, "| 599n -> \"cKM_SHA224_HMAC_GENERAL\""); quote(ml, "| 608n -> \"cKM_SHA384\""); quote(ml, "| 609n -> \"cKM_SHA384_HMAC\""); quote(ml, "| 610n -> \"cKM_SHA384_HMAC_GENERAL\""); quote(ml, "| 624n -> \"cKM_SHA512\""); quote(ml, "| 625n -> \"cKM_SHA512_HMAC\""); quote(ml, "| 626n -> \"cKM_SHA512_HMAC_GENERAL\""); quote(ml, "| 640n -> \"cKM_SECURID_KEY_GEN\""); quote(ml, "| 642n -> \"cKM_SECURID\""); quote(ml, "| 656n -> \"cKM_HOTP_KEY_GEN\""); quote(ml, "| 657n -> \"cKM_HOTP\""); quote(ml, "| 672n -> \"cKM_ACTI_KEY_GEN\""); quote(ml, "| 673n -> \"cKM_ACTI\""); quote(ml, "| 768n -> \"cKM_CAST_KEY_GEN\""); quote(ml, "| 769n -> \"cKM_CAST_ECB\""); quote(ml, "| 770n -> \"cKM_CAST_CBC\""); quote(ml, "| 771n -> \"cKM_CAST_MAC\""); quote(ml, "| 772n -> \"cKM_CAST_MAC_GENERAL\""); quote(ml, "| 773n -> \"cKM_CAST_CBC_PAD\""); quote(ml, "| 784n -> \"cKM_CAST3_KEY_GEN\""); quote(ml, "| 785n -> \"cKM_CAST3_ECB\""); quote(ml, "| 786n -> \"cKM_CAST3_CBC\""); quote(ml, "| 787n -> \"cKM_CAST3_MAC\""); quote(ml, "| 788n -> \"cKM_CAST3_MAC_GENERAL\""); quote(ml, "| 789n -> \"cKM_CAST3_CBC_PAD\""); quote(ml, "| 800n -> \"cKM_CAST5_KEY_GEN\""); quote(ml, "| 801n -> \"cKM_CAST5_ECB\""); quote(ml, "| 802n -> \"cKM_CAST5_CBC\""); quote(ml, "| 803n -> \"cKM_CAST5_MAC\""); quote(ml, "| 804n -> \"cKM_CAST5_MAC_GENERAL\""); quote(ml, "| 805n -> \"cKM_CAST5_CBC_PAD\""); quote(ml, "| 816n -> \"cKM_RC5_KEY_GEN\""); quote(ml, "| 817n -> \"cKM_RC5_ECB\""); quote(ml, "| 818n -> \"cKM_RC5_CBC\""); quote(ml, "| 819n -> \"cKM_RC5_MAC\""); quote(ml, "| 820n -> \"cKM_RC5_MAC_GENERAL\""); quote(ml, "| 821n -> \"cKM_RC5_CBC_PAD\""); quote(ml, "| 832n -> \"cKM_IDEA_KEY_GEN\""); quote(ml, "| 833n -> \"cKM_IDEA_ECB\""); quote(ml, "| 834n -> \"cKM_IDEA_CBC\""); quote(ml, "| 835n -> \"cKM_IDEA_MAC\""); quote(ml, "| 836n -> \"cKM_IDEA_MAC_GENERAL\""); quote(ml, "| 837n -> \"cKM_IDEA_CBC_PAD\""); quote(ml, "| 848n -> \"cKM_GENERIC_SECRET_KEY_GEN\""); quote(ml, "| 864n -> \"cKM_CONCATENATE_BASE_AND_KEY\""); quote(ml, "| 866n -> \"cKM_CONCATENATE_BASE_AND_DATA\""); quote(ml, "| 867n -> \"cKM_CONCATENATE_DATA_AND_BASE\""); quote(ml, "| 868n -> \"cKM_XOR_BASE_AND_DATA\""); quote(ml, "| 869n -> \"cKM_EXTRACT_KEY_FROM_KEY\""); quote(ml, "| 880n -> \"cKM_SSL3_PRE_MASTER_KEY_GEN\""); quote(ml, "| 881n -> \"cKM_SSL3_MASTER_KEY_DERIVE\""); quote(ml, "| 882n -> \"cKM_SSL3_KEY_AND_MAC_DERIVE\""); quote(ml, "| 883n -> \"cKM_SSL3_MASTER_KEY_DERIVE_DH\""); quote(ml, "| 884n -> \"cKM_TLS_PRE_MASTER_KEY_GEN\""); quote(ml, "| 885n -> \"cKM_TLS_MASTER_KEY_DERIVE\""); quote(ml, "| 886n -> \"cKM_TLS_KEY_AND_MAC_DERIVE\""); quote(ml, "| 887n -> \"cKM_TLS_MASTER_KEY_DERIVE_DH\""); quote(ml, "| 888n -> \"cKM_TLS_PRF\""); quote(ml, "| 896n -> \"cKM_SSL3_MD5_MAC\""); quote(ml, "| 897n -> \"cKM_SSL3_SHA1_MAC\""); quote(ml, "| 912n -> \"cKM_MD5_KEY_DERIVATION\""); quote(ml, "| 913n -> \"cKM_MD2_KEY_DERIVATION\""); quote(ml, "| 914n -> \"cKM_SHA1_KEY_DERIVATION\""); quote(ml, "| 915n -> \"cKM_SHA256_KEY_DERIVATION\""); quote(ml, "| 916n -> \"cKM_SHA384_KEY_DERIVATION\""); quote(ml, "| 917n -> \"cKM_SHA512_KEY_DERIVATION\""); quote(ml, "| 918n -> \"cKM_SHA224_KEY_DERIVATION\""); quote(ml, "| 928n -> \"cKM_PBE_MD2_DES_CBC\""); quote(ml, "| 929n -> \"cKM_PBE_MD5_DES_CBC\""); quote(ml, "| 930n -> \"cKM_PBE_MD5_CAST_CBC\""); quote(ml, "| 931n -> \"cKM_PBE_MD5_CAST3_CBC\""); quote(ml, "| 932n -> \"cKM_PBE_MD5_CAST5_CBC\""); quote(ml, "| 933n -> \"cKM_PBE_SHA1_CAST5_CBC\""); quote(ml, "| 934n -> \"cKM_PBE_SHA1_RC4_128\""); quote(ml, "| 935n -> \"cKM_PBE_SHA1_RC4_40\""); quote(ml, "| 936n -> \"cKM_PBE_SHA1_DES3_EDE_CBC\""); quote(ml, "| 937n -> \"cKM_PBE_SHA1_DES2_EDE_CBC\""); quote(ml, "| 938n -> \"cKM_PBE_SHA1_RC2_128_CBC\""); quote(ml, "| 939n -> \"cKM_PBE_SHA1_RC2_40_CBC \""); quote(ml, "| 944n -> \"cKM_PKCS5_PBKD2\""); quote(ml, "| 960n -> \"cKM_PBA_SHA1_WITH_SHA1_HMAC\""); quote(ml, "| 976n -> \"cKM_WTLS_PRE_MASTER_KEY_GEN\""); quote(ml, "| 977n -> \"cKM_WTLS_MASTER_KEY_DERIVE\""); quote(ml, "| 978n -> \"cKM_WTLS_MASTER_KEY_DERIVE_DH_ECC\""); quote(ml, "| 979n -> \"cKM_WTLS_PRF\""); quote(ml, "| 980n -> \"cKM_WTLS_SERVER_KEY_AND_MAC_DERIVE\""); quote(ml, "| 981n -> \"cKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE\""); quote(ml, "| 1024n -> \"cKM_KEY_WRAP_LYNKS\""); quote(ml, "| 1025n -> \"cKM_KEY_WRAP_SET_OAEP\""); quote(ml, "| 1280n -> \"cKM_CMS_SIG\""); quote(ml, "| 1296n -> \"cKM_KIP_DERIVE\""); quote(ml, "| 1297n -> \"cKM_KIP_WRAP\""); quote(ml, "| 1298n -> \"cKM_KIP_MAC\""); quote(ml, "| 1360n -> \"cKM_CAMELLIA_KEY_GEN\""); quote(ml, "| 1361n -> \"cKM_CAMELLIA_ECB\""); quote(ml, "| 1362n -> \"cKM_CAMELLIA_CBC\""); quote(ml, "| 1363n -> \"cKM_CAMELLIA_MAC\""); quote(ml, "| 1364n -> \"cKM_CAMELLIA_MAC_GENERAL\""); quote(ml, "| 1365n -> \"cKM_CAMELLIA_CBC_PAD\""); quote(ml, "| 1366n -> \"cKM_CAMELLIA_ECB_ENCRYPT_DATA\""); quote(ml, "| 1367n -> \"cKM_CAMELLIA_CBC_ENCRYPT_DATA\""); quote(ml, "| 1368n -> \"cKM_CAMELLIA_CTR\""); quote(ml, "| 1376n -> \"cKM_ARIA_KEY_GEN\""); quote(ml, "| 1377n -> \"cKM_ARIA_ECB\""); quote(ml, "| 1378n -> \"cKM_ARIA_CBC\""); quote(ml, "| 1379n -> \"cKM_ARIA_MAC\""); quote(ml, "| 1380n -> \"cKM_ARIA_MAC_GENERAL\""); quote(ml, "| 1381n -> \"cKM_ARIA_CBC_PAD\""); quote(ml, "| 1382n -> \"cKM_ARIA_ECB_ENCRYPT_DATA\""); quote(ml, "| 1383n -> \"cKM_ARIA_CBC_ENCRYPT_DATA\""); quote(ml, "| 4096n -> \"cKM_SKIPJACK_KEY_GEN\""); quote(ml, "| 4097n -> \"cKM_SKIPJACK_ECB64\""); quote(ml, "| 4098n -> \"cKM_SKIPJACK_CBC64\""); quote(ml, "| 4099n -> \"cKM_SKIPJACK_OFB64\""); quote(ml, "| 4100n -> \"cKM_SKIPJACK_CFB64\""); quote(ml, "| 4101n -> \"cKM_SKIPJACK_CFB32\""); quote(ml, "| 4102n -> \"cKM_SKIPJACK_CFB16\""); quote(ml, "| 4103n -> \"cKM_SKIPJACK_CFB8\""); quote(ml, "| 4104n -> \"cKM_SKIPJACK_WRAP\""); quote(ml, "| 4105n -> \"cKM_SKIPJACK_PRIVATE_WRAP\""); quote(ml, "| 4106n -> \"cKM_SKIPJACK_RELAYX\""); quote(ml, "| 4112n -> \"cKM_KEA_KEY_PAIR_GEN\""); quote(ml, "| 4113n -> \"cKM_KEA_KEY_DERIVE\""); quote(ml, "| 4128n -> \"cKM_FORTEZZA_TIMESTAMP\""); quote(ml, "| 4144n -> \"cKM_BATON_KEY_GEN\""); quote(ml, "| 4145n -> \"cKM_BATON_ECB128\""); quote(ml, "| 4146n -> \"cKM_BATON_ECB96\""); quote(ml, "| 4147n -> \"cKM_BATON_CBC128\""); quote(ml, "| 4148n -> \"cKM_BATON_COUNTER\""); quote(ml, "| 4149n -> \"cKM_BATON_SHUFFLE\""); quote(ml, "| 4150n -> \"cKM_BATON_WRAP\""); quote(ml, "| 4160n -> \"cKM_EC_KEY_PAIR_GEN\""); quote(ml, "| 4161n -> \"cKM_ECDSA\""); quote(ml, "| 4162n -> \"cKM_ECDSA_SHA1\""); quote(ml, "| 4176n -> \"cKM_ECDH1_DERIVE\""); quote(ml, "| 4177n -> \"cKM_ECDH1_COFACTOR_DERIVE\""); quote(ml, "| 4178n -> \"cKM_ECMQV_DERIVE\""); quote(ml, "| 4192n -> \"cKM_JUNIPER_KEY_GEN\""); quote(ml, "| 4193n -> \"cKM_JUNIPER_ECB128\""); quote(ml, "| 4194n -> \"cKM_JUNIPER_CBC128\""); quote(ml, "| 4195n -> \"cKM_JUNIPER_COUNTER\""); quote(ml, "| 4196n -> \"cKM_JUNIPER_SHUFFLE\""); quote(ml, "| 4197n -> \"cKM_JUNIPER_WRAP\""); quote(ml, "| 4208n -> \"cKM_FASTHASH\""); quote(ml, "| 4224n -> \"cKM_AES_KEY_GEN\""); quote(ml, "| 4225n -> \"cKM_AES_ECB\""); quote(ml, "| 4226n -> \"cKM_AES_CBC\""); quote(ml, "| 4227n -> \"cKM_AES_MAC\""); quote(ml, "| 4228n -> \"cKM_AES_MAC_GENERAL\""); quote(ml, "| 4229n -> \"cKM_AES_CBC_PAD\""); quote(ml, "| 4230n -> \"cKM_AES_CTR\""); quote(ml, "| 4240n -> \"cKM_BLOWFISH_KEY_GEN\""); quote(ml, "| 4241n -> \"cKM_BLOWFISH_CBC\""); quote(ml, "| 4242n -> \"cKM_TWOFISH_KEY_GEN\""); quote(ml, "| 4243n -> \"cKM_TWOFISH_CBC\""); quote(ml, "| 4352n -> \"cKM_DES_ECB_ENCRYPT_DATA\""); quote(ml, "| 4353n -> \"cKM_DES_CBC_ENCRYPT_DATA\""); quote(ml, "| 4354n -> \"cKM_DES3_ECB_ENCRYPT_DATA\""); quote(ml, "| 4355n -> \"cKM_DES3_CBC_ENCRYPT_DATA\""); quote(ml, "| 4356n -> \"cKM_AES_ECB_ENCRYPT_DATA\""); quote(ml, "| 4357n -> \"cKM_AES_CBC_ENCRYPT_DATA\""); quote(ml, "| 8192n -> \"cKM_DSA_PARAMETER_GEN\""); quote(ml, "| 8193n -> \"cKM_DH_PKCS_PARAMETER_GEN\""); quote(ml, "| 8194n -> \"cKM_X9_42_DH_PARAMETER_GEN\""); #if __LP64__ quote(ml, "| 2147483648n -> \"cKM_VENDOR_DEFINED\""); #else quote(ml, "| -2147483648n -> \"cKM_VENDOR_DEFINED\""); #endif quote(ml, "| _ -> \"cKM_UNKNOWN!\""); quote(ml, "exception Mechanism_unknown of string"); quote(mli, "exception Mechanism_unknown of string"); quote(ml, "(* Our mechanisms for getting a mechanism from a string *)"); quote(ml, "let string_to_cKM_value a = match a with"); quote(ml, " \"CKM_RSA_PKCS_KEY_PAIR_GEN\" -> 0n"); quote(ml, "| \"CKM_RSA_PKCS\" -> 1n"); quote(ml, "| \"CKM_RSA_9796\" -> 2n"); quote(ml, "| \"CKM_RSA_X_509\" -> 3n"); quote(ml, "| \"CKM_MD2_RSA_PKCS\" -> 4n"); quote(ml, "| \"CKM_MD5_RSA_PKCS\" -> 5n"); quote(ml, "| \"CKM_SHA1_RSA_PKCS\" -> 6n"); quote(ml, "| \"CKM_RIPEMD128_RSA_PKCS\" -> 7n"); quote(ml, "| \"CKM_RIPEMD160_RSA_PKCS\" -> 8n"); quote(ml, "| \"CKM_RSA_PKCS_OAEP\" -> 9n"); quote(ml, "| \"CKM_RSA_X9_31_KEY_PAIR_GEN\" -> 10n"); quote(ml, "| \"CKM_RSA_X9_31\" -> 11n"); quote(ml, "| \"CKM_SHA1_RSA_X9_31\" -> 12n"); quote(ml, "| \"CKM_RSA_PKCS_PSS\" -> 13n"); quote(ml, "| \"CKM_SHA1_RSA_PKCS_PSS\" -> 14n"); quote(ml, "| \"CKM_DSA_KEY_PAIR_GEN\" -> 16n"); quote(ml, "| \"CKM_DSA\" -> 17n"); quote(ml, "| \"CKM_DSA_SHA1\" -> 18n"); quote(ml, "| \"CKM_DH_PKCS_KEY_PAIR_GEN\" -> 32n"); quote(ml, "| \"CKM_DH_PKCS_DERIVE\" -> 33n"); quote(ml, "| \"CKM_X9_42_DH_KEY_PAIR_GEN\" -> 48n"); quote(ml, "| \"CKM_X9_42_DH_DERIVE\" -> 49n"); quote(ml, "| \"CKM_X9_42_DH_HYBRID_DERIVE\" -> 50n"); quote(ml, "| \"CKM_X9_42_MQV_DERIVE\" -> 51n"); quote(ml, "| \"CKM_SHA256_RSA_PKCS\" -> 64n"); quote(ml, "| \"CKM_SHA384_RSA_PKCS\" -> 65n"); quote(ml, "| \"CKM_SHA512_RSA_PKCS\" -> 66n"); quote(ml, "| \"CKM_SHA256_RSA_PKCS_PSS\" -> 67n"); quote(ml, "| \"CKM_SHA384_RSA_PKCS_PSS\" -> 68n"); quote(ml, "| \"CKM_SHA512_RSA_PKCS_PSS\" -> 69n"); quote(ml, "| \"CKM_RC2_KEY_GEN\" -> 256n"); quote(ml, "| \"CKM_RC2_ECB\" -> 257n"); quote(ml, "| \"CKM_RC2_CBC\" -> 258n"); quote(ml, "| \"CKM_RC2_MAC\" -> 259n"); quote(ml, "| \"CKM_RC2_MAC_GENERAL\" -> 260n"); quote(ml, "| \"CKM_RC2_CBC_PAD\" -> 261n"); quote(ml, "| \"CKM_RC4_KEY_GEN\" -> 272n"); quote(ml, "| \"CKM_RC4\" -> 273n"); quote(ml, "| \"CKM_DES_KEY_GEN\" -> 288n"); quote(ml, "| \"CKM_DES_ECB\" -> 289n"); quote(ml, "| \"CKM_DES_CBC\" -> 290n"); quote(ml, "| \"CKM_DES_MAC\" -> 291n"); quote(ml, "| \"CKM_DES_MAC_GENERAL\" -> 292n"); quote(ml, "| \"CKM_DES_CBC_PAD\" -> 293n"); quote(ml, "| \"CKM_DES2_KEY_GEN\" -> 304n"); quote(ml, "| \"CKM_DES3_KEY_GEN\" -> 305n"); quote(ml, "| \"CKM_DES3_ECB\" -> 306n"); quote(ml, "| \"CKM_DES3_CBC\" -> 307n"); quote(ml, "| \"CKM_DES3_MAC\" -> 308n"); quote(ml, "| \"CKM_DES3_MAC_GENERAL\" -> 309n"); quote(ml, "| \"CKM_DES3_CBC_PAD\" -> 310n"); quote(ml, "| \"CKM_CDMF_KEY_GEN\" -> 320n"); quote(ml, "| \"CKM_CDMF_ECB\" -> 321n"); quote(ml, "| \"CKM_CDMF_CBC\" -> 322n"); quote(ml, "| \"CKM_CDMF_MAC\" -> 323n"); quote(ml, "| \"CKM_CDMF_MAC_GENERAL\" -> 324n"); quote(ml, "| \"CKM_CDMF_CBC_PAD\" -> 325n"); quote(ml, "| \"CKM_MD2\" -> 512n"); quote(ml, "| \"CKM_MD2_HMAC\" -> 513n"); quote(ml, "| \"CKM_MD2_HMAC_GENERAL\" -> 514n"); quote(ml, "| \"CKM_MD5\" -> 528n"); quote(ml, "| \"CKM_MD5_HMAC\" -> 529n"); quote(ml, "| \"CKM_MD5_HMAC_GENERAL\" -> 530n"); quote(ml, "| \"CKM_SHA_1\" -> 544n"); quote(ml, "| \"CKM_SHA_1_HMAC\" -> 545n"); quote(ml, "| \"CKM_SHA_1_HMAC_GENERAL\" -> 546n"); quote(ml, "| \"CKM_RIPEMD128\" -> 560n"); quote(ml, "| \"CKM_RIPEMD128_HMAC\" -> 561n"); quote(ml, "| \"CKM_RIPEMD128_HMAC_GENERAL\" -> 562n"); quote(ml, "| \"CKM_RIPEMD160\" -> 576n"); quote(ml, "| \"CKM_RIPEMD160_HMAC\" -> 577n"); quote(ml, "| \"CKM_RIPEMD160_HMAC_GENERAL\" -> 578n"); quote(ml, "| \"CKM_SHA256\" -> 592n"); quote(ml, "| \"CKM_SHA256_HMAC\" -> 593n"); quote(ml, "| \"CKM_SHA256_HMAC_GENERAL\" -> 594n"); quote(ml, "| \"CKM_SHA384\" -> 608n"); quote(ml, "| \"CKM_SHA384_HMAC\" -> 609n"); quote(ml, "| \"CKM_SHA384_HMAC_GENERAL\" -> 610n"); quote(ml, "| \"CKM_SHA512\" -> 624n"); quote(ml, "| \"CKM_SHA512_HMAC\" -> 625n"); quote(ml, "| \"CKM_SHA512_HMAC_GENERAL\" -> 626n"); quote(ml, "| \"CKM_CAST_KEY_GEN\" -> 768n"); quote(ml, "| \"CKM_CAST_ECB\" -> 769n"); quote(ml, "| \"CKM_CAST_CBC\" -> 770n"); quote(ml, "| \"CKM_CAST_MAC\" -> 771n"); quote(ml, "| \"CKM_CAST_MAC_GENERAL\" -> 772n"); quote(ml, "| \"CKM_CAST_CBC_PAD\" -> 773n"); quote(ml, "| \"CKM_CAST3_KEY_GEN\" -> 784n"); quote(ml, "| \"CKM_CAST3_ECB\" -> 785n"); quote(ml, "| \"CKM_CAST3_CBC\" -> 786n"); quote(ml, "| \"CKM_CAST3_MAC\" -> 787n"); quote(ml, "| \"CKM_CAST3_MAC_GENERAL\" -> 788n"); quote(ml, "| \"CKM_CAST3_CBC_PAD\" -> 789n"); quote(ml, "| \"CKM_CAST5_KEY_GEN\" -> 800n"); quote(ml, "| \"CKM_CAST5_ECB\" -> 801n"); quote(ml, "| \"CKM_CAST5_CBC\" -> 802n"); quote(ml, "| \"CKM_CAST5_MAC\" -> 803n"); quote(ml, "| \"CKM_CAST5_MAC_GENERAL\" -> 804n"); quote(ml, "| \"CKM_CAST5_CBC_PAD\" -> 805n"); quote(ml, "| \"CKM_RC5_KEY_GEN\" -> 816n"); quote(ml, "| \"CKM_RC5_ECB\" -> 817n"); quote(ml, "| \"CKM_RC5_CBC\" -> 818n"); quote(ml, "| \"CKM_RC5_MAC\" -> 819n"); quote(ml, "| \"CKM_RC5_MAC_GENERAL\" -> 820n"); quote(ml, "| \"CKM_RC5_CBC_PAD\" -> 821n"); quote(ml, "| \"CKM_IDEA_KEY_GEN\" -> 832n"); quote(ml, "| \"CKM_IDEA_ECB\" -> 833n"); quote(ml, "| \"CKM_IDEA_CBC\" -> 834n"); quote(ml, "| \"CKM_IDEA_MAC\" -> 835n"); quote(ml, "| \"CKM_IDEA_MAC_GENERAL\" -> 836n"); quote(ml, "| \"CKM_IDEA_CBC_PAD\" -> 837n"); quote(ml, "| \"CKM_GENERIC_SECRET_KEY_GEN\" -> 848n"); quote(ml, "| \"CKM_CONCATENATE_BASE_AND_KEY\" -> 864n"); quote(ml, "| \"CKM_CONCATENATE_BASE_AND_DATA\" -> 866n"); quote(ml, "| \"CKM_CONCATENATE_DATA_AND_BASE\" -> 867n"); quote(ml, "| \"CKM_XOR_BASE_AND_DATA\" -> 868n"); quote(ml, "| \"CKM_EXTRACT_KEY_FROM_KEY\" -> 869n"); quote(ml, "| \"CKM_SSL3_PRE_MASTER_KEY_GEN\" -> 880n"); quote(ml, "| \"CKM_SSL3_MASTER_KEY_DERIVE\" -> 881n"); quote(ml, "| \"CKM_SSL3_KEY_AND_MAC_DERIVE\" -> 882n"); quote(ml, "| \"CKM_SSL3_MASTER_KEY_DERIVE_DH\" -> 883n"); quote(ml, "| \"CKM_TLS_PRE_MASTER_KEY_GEN\" -> 884n"); quote(ml, "| \"CKM_TLS_MASTER_KEY_DERIVE\" -> 885n"); quote(ml, "| \"CKM_TLS_KEY_AND_MAC_DERIVE\" -> 886n"); quote(ml, "| \"CKM_TLS_MASTER_KEY_DERIVE_DH\" -> 887n"); quote(ml, "| \"CKM_SSL3_MD5_MAC\" -> 896n"); quote(ml, "| \"CKM_SSL3_SHA1_MAC\" -> 897n"); quote(ml, "| \"CKM_MD5_KEY_DERIVATION\" -> 912n"); quote(ml, "| \"CKM_MD2_KEY_DERIVATION\" -> 913n"); quote(ml, "| \"CKM_SHA1_KEY_DERIVATION\" -> 914n"); quote(ml, "| \"CKM_SHA256_KEY_DERIVATION\" -> 915n"); quote(ml, "| \"CKM_SHA384_KEY_DERIVATION\" -> 916n"); quote(ml, "| \"CKM_SHA512_KEY_DERIVATION\" -> 917n"); quote(ml, "| \"CKM_SHA224_KEY_DERIVATION\" -> 918n"); quote(ml, "| \"CKM_PBE_MD2_DES_CBC\" -> 928n"); quote(ml, "| \"CKM_PBE_MD5_DES_CBC\" -> 929n"); quote(ml, "| \"CKM_PBE_MD5_CAST_CBC\" -> 930n"); quote(ml, "| \"CKM_PBE_MD5_CAST3_CBC\" -> 931n"); quote(ml, "| \"CKM_PBE_MD5_CAST5_CBC\" -> 932n"); quote(ml, "| \"CKM_PBE_SHA1_CAST5_CBC\" -> 933n"); quote(ml, "| \"CKM_PBE_SHA1_RC4_128\" -> 934n"); quote(ml, "| \"CKM_PBE_SHA1_RC4_40\" -> 935n"); quote(ml, "| \"CKM_PBE_SHA1_DES3_EDE_CBC\" -> 936n"); quote(ml, "| \"CKM_PBE_SHA1_DES2_EDE_CBC\" -> 937n"); quote(ml, "| \"CKM_PBE_SHA1_RC2_128_CBC\" -> 938n"); quote(ml, "| \"CKM_PBE_SHA1_RC2_40_CBC\" -> 939n"); quote(ml, "| \"CKM_PKCS5_PBKD2\" -> 944n"); quote(ml, "| \"CKM_PBA_SHA1_WITH_SHA1_HMAC\" -> 960n"); quote(ml, "| \"CKM_WTLS_PRE_MASTER_KEY_GEN\" -> 976n"); quote(ml, "| \"CKM_WTLS_MASTER_KEY_DERIVE\" -> 977n"); quote(ml, "| \"CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC\" -> 978n"); quote(ml, "| \"CKM_WTLS_PRF\" -> 979n"); quote(ml, "| \"CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE\" -> 980n"); quote(ml, "| \"CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE\" -> 981n"); quote(ml, "| \"CKM_KEY_WRAP_LYNKS\" -> 1024n"); quote(ml, "| \"CKM_KEY_WRAP_SET_OAEP\" -> 1025n"); quote(ml, "| \"CKM_CMS_SIG\" -> 1280n"); quote(ml, "| \"CKM_KIP_DERIVE\" -> 1296n"); quote(ml, "| \"CKM_KIP_WRAP\" -> 1297n"); quote(ml, "| \"CKM_KIP_MAC\" -> 1298n"); quote(ml, "| \"CKM_CAMELLIA_KEY_GEN\" -> 1360n"); quote(ml, "| \"CKM_CAMELLIA_ECB\" -> 1361n"); quote(ml, "| \"CKM_CAMELLIA_CBC\" -> 1362n"); quote(ml, "| \"CKM_CAMELLIA_MAC\" -> 1363n"); quote(ml, "| \"CKM_CAMELLIA_MAC_GENERAL\" -> 1364n"); quote(ml, "| \"CKM_CAMELLIA_CBC_PAD\" -> 1365n"); quote(ml, "| \"CKM_CAMELLIA_ECB_ENCRYPT_DATA\" -> 1366n"); quote(ml, "| \"CKM_CAMELLIA_CBC_ENCRYPT_DATA\" -> 1367n"); quote(ml, "| \"CKM_CAMELLIA_CTR\" -> 1368n"); quote(ml, "| \"CKM_ARIA_KEY_GEN\" -> 1376n"); quote(ml, "| \"CKM_ARIA_ECB\" -> 1377n"); quote(ml, "| \"CKM_ARIA_CBC\" -> 1378n"); quote(ml, "| \"CKM_ARIA_MAC\" -> 1379n"); quote(ml, "| \"CKM_ARIA_MAC_GENERAL\" -> 1380n"); quote(ml, "| \"CKM_ARIA_CBC_PAD\" -> 1381n"); quote(ml, "| \"CKM_ARIA_ECB_ENCRYPT_DATA\" -> 1382n"); quote(ml, "| \"CKM_ARIA_CBC_ENCRYPT_DATA\" -> 1383n"); quote(ml, "| \"CKM_SKIPJACK_KEY_GEN\" -> 4096n"); quote(ml, "| \"CKM_SKIPJACK_ECB64\" -> 4097n"); quote(ml, "| \"CKM_SKIPJACK_CBC64\" -> 4098n"); quote(ml, "| \"CKM_SKIPJACK_OFB64\" -> 4099n"); quote(ml, "| \"CKM_SKIPJACK_CFB64\" -> 4100n"); quote(ml, "| \"CKM_SKIPJACK_CFB32\" -> 4101n"); quote(ml, "| \"CKM_SKIPJACK_CFB16\" -> 4102n"); quote(ml, "| \"CKM_SKIPJACK_CFB8\" -> 4103n"); quote(ml, "| \"CKM_SKIPJACK_WRAP\" -> 4104n"); quote(ml, "| \"CKM_SKIPJACK_PRIVATE_WRAP\" -> 4105n"); quote(ml, "| \"CKM_SKIPJACK_RELAYX\" -> 4106n"); quote(ml, "| \"CKM_KEA_KEY_PAIR_GEN\" -> 4112n"); quote(ml, "| \"CKM_KEA_KEY_DERIVE\" -> 4113n"); quote(ml, "| \"CKM_FORTEZZA_TIMESTAMP\" -> 4128n"); quote(ml, "| \"CKM_BATON_KEY_GEN\" -> 4144n"); quote(ml, "| \"CKM_BATON_ECB128\" -> 4145n"); quote(ml, "| \"CKM_BATON_ECB96\" -> 4146n"); quote(ml, "| \"CKM_BATON_CBC128\" -> 4147n"); quote(ml, "| \"CKM_BATON_COUNTER\" -> 4148n"); quote(ml, "| \"CKM_BATON_SHUFFLE\" -> 4149n"); quote(ml, "| \"CKM_BATON_WRAP\" -> 4150n"); quote(ml, "| \"CKM_EC_KEY_PAIR_GEN\" -> 4160n"); quote(ml, "| \"CKM_ECDSA\" -> 4161n"); quote(ml, "| \"CKM_ECDSA_SHA1\" -> 4162n"); quote(ml, "| \"CKM_ECDH1_DERIVE\" -> 4176n"); quote(ml, "| \"CKM_ECDH1_COFACTOR_DERIVE\" -> 4177n"); quote(ml, "| \"CKM_ECMQV_DERIVE\" -> 4178n"); quote(ml, "| \"CKM_JUNIPER_KEY_GEN\" -> 4192n"); quote(ml, "| \"CKM_JUNIPER_ECB128\" -> 4193n"); quote(ml, "| \"CKM_JUNIPER_CBC128\" -> 4194n"); quote(ml, "| \"CKM_JUNIPER_COUNTER\" -> 4195n"); quote(ml, "| \"CKM_JUNIPER_SHUFFLE\" -> 4196n"); quote(ml, "| \"CKM_JUNIPER_WRAP\" -> 4197n"); quote(ml, "| \"CKM_FASTHASH\" -> 4208n"); quote(ml, "| \"CKM_AES_KEY_GEN\" -> 4224n"); quote(ml, "| \"CKM_AES_ECB\" -> 4225n"); quote(ml, "| \"CKM_AES_CBC\" -> 4226n"); quote(ml, "| \"CKM_AES_MAC\" -> 4227n"); quote(ml, "| \"CKM_AES_MAC_GENERAL\" -> 4228n"); quote(ml, "| \"CKM_AES_CBC_PAD\" -> 4229n"); quote(ml, "| \"CKM_AES_CTR\" -> 4230n"); quote(ml, "| \"CKM_BLOWFISH_KEY_GEN\" -> 4240n"); quote(ml, "| \"CKM_BLOWFISH_CBC\" -> 4241n"); quote(ml, "| \"CKM_TWOFISH_KEY_GEN\" -> 4242n"); quote(ml, "| \"CKM_TWOFISH_CBC\" -> 4243n"); quote(ml, "| \"CKM_DES_ECB_ENCRYPT_DATA\" -> 4352n"); quote(ml, "| \"CKM_DES_CBC_ENCRYPT_DATA\" -> 4353n"); quote(ml, "| \"CKM_DES3_ECB_ENCRYPT_DATA\" -> 4354n"); quote(ml, "| \"CKM_DES3_CBC_ENCRYPT_DATA\" -> 4355n"); quote(ml, "| \"CKM_AES_ECB_ENCRYPT_DATA\" -> 4356n"); quote(ml, "| \"CKM_AES_CBC_ENCRYPT_DATA\" -> 4357n"); quote(ml, "| \"CKM_DSA_PARAMETER_GEN\" -> 8192n"); quote(ml, "| \"CKM_DH_PKCS_PARAMETER_GEN\" -> 8193n"); quote(ml, "| \"CKM_X9_42_DH_PARAMETER_GEN\" -> 8194n"); #if __LP64__ quote(ml, "| \"CKM_VENDOR_DEFINED\" -> 2147483648n"); #else quote(ml, "| \"CKM_VENDOR_DEFINED\" -> -2147483648n"); #endif quote(ml, "| \"cKM_RSA_PKCS_KEY_PAIR_GEN\" -> 0n"); quote(ml, "| \"cKM_RSA_PKCS\" -> 1n"); quote(ml, "| \"cKM_RSA_9796\" -> 2n"); quote(ml, "| \"cKM_RSA_X_509\" -> 3n"); quote(ml, "| \"cKM_MD2_RSA_PKCS\" -> 4n"); quote(ml, "| \"cKM_MD5_RSA_PKCS\" -> 5n"); quote(ml, "| \"cKM_SHA1_RSA_PKCS\" -> 6n"); quote(ml, "| \"cKM_RIPEMD128_RSA_PKCS\" -> 7n"); quote(ml, "| \"cKM_RIPEMD160_RSA_PKCS\" -> 8n"); quote(ml, "| \"cKM_RSA_PKCS_OAEP\" -> 9n"); quote(ml, "| \"cKM_RSA_X9_31_KEY_PAIR_GEN\" -> 10n"); quote(ml, "| \"cKM_RSA_X9_31\" -> 11n"); quote(ml, "| \"cKM_SHA1_RSA_X9_31\" -> 12n"); quote(ml, "| \"cKM_RSA_PKCS_PSS\" -> 13n"); quote(ml, "| \"cKM_SHA1_RSA_PKCS_PSS\" -> 14n"); quote(ml, "| \"cKM_DSA_KEY_PAIR_GEN\" -> 16n"); quote(ml, "| \"cKM_DSA\" -> 17n"); quote(ml, "| \"cKM_DSA_SHA1\" -> 18n"); quote(ml, "| \"cKM_DH_PKCS_KEY_PAIR_GEN\" -> 32n"); quote(ml, "| \"cKM_DH_PKCS_DERIVE\" -> 33n"); quote(ml, "| \"cKM_X9_42_DH_KEY_PAIR_GEN\" -> 48n"); quote(ml, "| \"cKM_X9_42_DH_DERIVE\" -> 49n"); quote(ml, "| \"cKM_X9_42_DH_HYBRID_DERIVE\" -> 50n"); quote(ml, "| \"cKM_X9_42_MQV_DERIVE\" -> 51n"); quote(ml, "| \"cKM_SHA256_RSA_PKCS\" -> 64n"); quote(ml, "| \"cKM_SHA384_RSA_PKCS\" -> 65n"); quote(ml, "| \"cKM_SHA512_RSA_PKCS\" -> 66n"); quote(ml, "| \"cKM_SHA256_RSA_PKCS_PSS\" -> 67n"); quote(ml, "| \"cKM_SHA384_RSA_PKCS_PSS\" -> 68n"); quote(ml, "| \"cKM_SHA512_RSA_PKCS_PSS\" -> 69n"); quote(ml, "| \"cKM_SHA224_RSA_PKCS\" -> 70n"); quote(ml, "| \"cKM_SHA224_RSA_PKCS_PSS\" -> 71n"); quote(ml, "| \"cKM_RC2_KEY_GEN\" -> 256n"); quote(ml, "| \"cKM_RC2_ECB\" -> 257n"); quote(ml, "| \"cKM_RC2_CBC\" -> 258n"); quote(ml, "| \"cKM_RC2_MAC\" -> 259n"); quote(ml, "| \"cKM_RC2_MAC_GENERAL\" -> 260n"); quote(ml, "| \"cKM_RC2_CBC_PAD\" -> 261n"); quote(ml, "| \"cKM_RC4_KEY_GEN\" -> 272n"); quote(ml, "| \"cKM_RC4\" -> 273n"); quote(ml, "| \"cKM_DES_KEY_GEN\" -> 288n"); quote(ml, "| \"cKM_DES_ECB\" -> 289n"); quote(ml, "| \"cKM_DES_CBC\" -> 290n"); quote(ml, "| \"cKM_DES_MAC\" -> 291n"); quote(ml, "| \"cKM_DES_MAC_GENERAL\" -> 292n"); quote(ml, "| \"cKM_DES_CBC_PAD\" -> 293n"); quote(ml, "| \"cKM_DES2_KEY_GEN\" -> 304n"); quote(ml, "| \"cKM_DES3_KEY_GEN\" -> 305n"); quote(ml, "| \"cKM_DES3_ECB\" -> 306n"); quote(ml, "| \"cKM_DES3_CBC\" -> 307n"); quote(ml, "| \"cKM_DES3_MAC\" -> 308n"); quote(ml, "| \"cKM_DES3_MAC_GENERAL\" -> 309n"); quote(ml, "| \"cKM_DES3_CBC_PAD\" -> 310n"); quote(ml, "| \"cKM_CDMF_KEY_GEN\" -> 320n"); quote(ml, "| \"cKM_CDMF_ECB\" -> 321n"); quote(ml, "| \"cKM_CDMF_CBC\" -> 322n"); quote(ml, "| \"cKM_CDMF_MAC\" -> 323n"); quote(ml, "| \"cKM_CDMF_MAC_GENERAL\" -> 324n"); quote(ml, "| \"cKM_CDMF_CBC_PAD\" -> 325n"); quote(ml, "| \"cKM_MD2\" -> 512n"); quote(ml, "| \"cKM_MD2_HMAC\" -> 513n"); quote(ml, "| \"cKM_MD2_HMAC_GENERAL\" -> 514n"); quote(ml, "| \"cKM_MD5\" -> 528n"); quote(ml, "| \"cKM_MD5_HMAC\" -> 529n"); quote(ml, "| \"cKM_MD5_HMAC_GENERAL\" -> 530n"); quote(ml, "| \"cKM_SHA_1\" -> 544n"); quote(ml, "| \"cKM_SHA_1_HMAC\" -> 545n"); quote(ml, "| \"cKM_SHA_1_HMAC_GENERAL\" -> 546n"); quote(ml, "| \"cKM_RIPEMD128\" -> 560n"); quote(ml, "| \"cKM_RIPEMD128_HMAC\" -> 561n"); quote(ml, "| \"cKM_RIPEMD128_HMAC_GENERAL\" -> 562n"); quote(ml, "| \"cKM_RIPEMD160\" -> 576n"); quote(ml, "| \"cKM_RIPEMD160_HMAC\" -> 577n"); quote(ml, "| \"cKM_RIPEMD160_HMAC_GENERAL\" -> 578n"); quote(ml, "| \"cKM_SHA256\" -> 592n"); quote(ml, "| \"cKM_SHA256_HMAC\" -> 593n"); quote(ml, "| \"cKM_SHA256_HMAC_GENERAL\" -> 594n"); quote(ml, "| \"cKM_SHA384\" -> 608n"); quote(ml, "| \"cKM_SHA384_HMAC\" -> 609n"); quote(ml, "| \"cKM_SHA384_HMAC_GENERAL\" -> 610n"); quote(ml, "| \"cKM_SHA512\" -> 624n"); quote(ml, "| \"cKM_SHA512_HMAC\" -> 625n"); quote(ml, "| \"cKM_SHA512_HMAC_GENERAL\" -> 626n"); quote(ml, "| \"cKM_CAST_KEY_GEN\" -> 768n"); quote(ml, "| \"cKM_CAST_ECB\" -> 769n"); quote(ml, "| \"cKM_CAST_CBC\" -> 770n"); quote(ml, "| \"cKM_CAST_MAC\" -> 771n"); quote(ml, "| \"cKM_CAST_MAC_GENERAL\" -> 772n"); quote(ml, "| \"cKM_CAST_CBC_PAD\" -> 773n"); quote(ml, "| \"cKM_CAST3_KEY_GEN\" -> 784n"); quote(ml, "| \"cKM_CAST3_ECB\" -> 785n"); quote(ml, "| \"cKM_CAST3_CBC\" -> 786n"); quote(ml, "| \"cKM_CAST3_MAC\" -> 787n"); quote(ml, "| \"cKM_CAST3_MAC_GENERAL\" -> 788n"); quote(ml, "| \"cKM_CAST3_CBC_PAD\" -> 789n"); quote(ml, "| \"cKM_CAST5_KEY_GEN\" -> 800n"); quote(ml, "| \"cKM_CAST5_ECB\" -> 801n"); quote(ml, "| \"cKM_CAST5_CBC\" -> 802n"); quote(ml, "| \"cKM_CAST5_MAC\" -> 803n"); quote(ml, "| \"cKM_CAST5_MAC_GENERAL\" -> 804n"); quote(ml, "| \"cKM_CAST5_CBC_PAD\" -> 805n"); quote(ml, "| \"cKM_RC5_KEY_GEN\" -> 816n"); quote(ml, "| \"cKM_RC5_ECB\" -> 817n"); quote(ml, "| \"cKM_RC5_CBC\" -> 818n"); quote(ml, "| \"cKM_RC5_MAC\" -> 819n"); quote(ml, "| \"cKM_RC5_MAC_GENERAL\" -> 820n"); quote(ml, "| \"cKM_RC5_CBC_PAD\" -> 821n"); quote(ml, "| \"cKM_IDEA_KEY_GEN\" -> 832n"); quote(ml, "| \"cKM_IDEA_ECB\" -> 833n"); quote(ml, "| \"cKM_IDEA_CBC\" -> 834n"); quote(ml, "| \"cKM_IDEA_MAC\" -> 835n"); quote(ml, "| \"cKM_IDEA_MAC_GENERAL\" -> 836n"); quote(ml, "| \"cKM_IDEA_CBC_PAD\" -> 837n"); quote(ml, "| \"cKM_GENERIC_SECRET_KEY_GEN\" -> 848n"); quote(ml, "| \"cKM_CONCATENATE_BASE_AND_KEY\" -> 864n"); quote(ml, "| \"cKM_CONCATENATE_BASE_AND_DATA\" -> 866n"); quote(ml, "| \"cKM_CONCATENATE_DATA_AND_BASE\" -> 867n"); quote(ml, "| \"cKM_XOR_BASE_AND_DATA\" -> 868n"); quote(ml, "| \"cKM_EXTRACT_KEY_FROM_KEY\" -> 869n"); quote(ml, "| \"cKM_SSL3_PRE_MASTER_KEY_GEN\" -> 880n"); quote(ml, "| \"cKM_SSL3_MASTER_KEY_DERIVE\" -> 881n"); quote(ml, "| \"cKM_SSL3_KEY_AND_MAC_DERIVE\" -> 882n"); quote(ml, "| \"cKM_SSL3_MASTER_KEY_DERIVE_DH\" -> 883n"); quote(ml, "| \"cKM_TLS_PRE_MASTER_KEY_GEN\" -> 884n"); quote(ml, "| \"cKM_TLS_MASTER_KEY_DERIVE\" -> 885n"); quote(ml, "| \"cKM_TLS_KEY_AND_MAC_DERIVE\" -> 886n"); quote(ml, "| \"cKM_TLS_MASTER_KEY_DERIVE_DH\" -> 887n"); quote(ml, "| \"cKM_TLS_PRF\" -> 888n"); quote(ml, "| \"cKM_SSL3_MD5_MAC\" -> 896n"); quote(ml, "| \"cKM_SSL3_SHA1_MAC\" -> 897n"); quote(ml, "| \"cKM_MD5_KEY_DERIVATION\" -> 912n"); quote(ml, "| \"cKM_MD2_KEY_DERIVATION\" -> 913n"); quote(ml, "| \"cKM_SHA1_KEY_DERIVATION\" -> 914n"); quote(ml, "| \"cKM_SHA256_KEY_DERIVATION\" -> 915n"); quote(ml, "| \"cKM_SHA384_KEY_DERIVATION\" -> 916n"); quote(ml, "| \"cKM_SHA512_KEY_DERIVATION\" -> 917n"); quote(ml, "| \"cKM_SHA224_KEY_DERIVATION\" -> 918n"); quote(ml, "| \"cKM_PBE_MD2_DES_CBC\" -> 928n"); quote(ml, "| \"cKM_PBE_MD5_DES_CBC\" -> 929n"); quote(ml, "| \"cKM_PBE_MD5_CAST_CBC\" -> 930n"); quote(ml, "| \"cKM_PBE_MD5_CAST3_CBC\" -> 931n"); quote(ml, "| \"cKM_PBE_MD5_CAST5_CBC\" -> 932n"); quote(ml, "| \"cKM_PBE_SHA1_CAST5_CBC\" -> 933n"); quote(ml, "| \"cKM_PBE_SHA1_RC4_128\" -> 934n"); quote(ml, "| \"cKM_PBE_SHA1_RC4_40\" -> 935n"); quote(ml, "| \"cKM_PBE_SHA1_DES3_EDE_CBC\" -> 936n"); quote(ml, "| \"cKM_PBE_SHA1_DES2_EDE_CBC\" -> 937n"); quote(ml, "| \"cKM_PBE_SHA1_RC2_128_CBC\" -> 938n"); quote(ml, "| \"cKM_PBE_SHA1_RC2_40_CBC\" -> 939n"); quote(ml, "| \"cKM_PKCS5_PBKD2\" -> 944n"); quote(ml, "| \"cKM_PBA_SHA1_WITH_SHA1_HMAC\" -> 960n"); quote(ml, "| \"cKM_WTLS_PRE_MASTER_KEY_GEN\" -> 976n"); quote(ml, "| \"cKM_WTLS_MASTER_KEY_DERIVE\" -> 977n"); quote(ml, "| \"cKM_WTLS_MASTER_KEY_DERIVE_DH_ECC\" -> 978n"); quote(ml, "| \"cKM_WTLS_PRF\" -> 979n"); quote(ml, "| \"cKM_WTLS_SERVER_KEY_AND_MAC_DERIVE\" -> 980n"); quote(ml, "| \"cKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE\" -> 981n"); quote(ml, "| \"cKM_KEY_WRAP_LYNKS\" -> 1024n"); quote(ml, "| \"cKM_KEY_WRAP_SET_OAEP\" -> 1025n"); quote(ml, "| \"cKM_CMS_SIG\" -> 1280n"); quote(ml, "| \"cKM_KIP_DERIVE\" -> 1296n"); quote(ml, "| \"cKM_KIP_WRAP\" -> 1297n"); quote(ml, "| \"cKM_KIP_MAC\" -> 1298n"); quote(ml, "| \"cKM_CAMELLIA_KEY_GEN\" -> 1360n"); quote(ml, "| \"cKM_CAMELLIA_ECB\" -> 1361n"); quote(ml, "| \"cKM_CAMELLIA_CBC\" -> 1362n"); quote(ml, "| \"cKM_CAMELLIA_MAC\" -> 1363n"); quote(ml, "| \"cKM_CAMELLIA_MAC_GENERAL\" -> 1364n"); quote(ml, "| \"cKM_CAMELLIA_CBC_PAD\" -> 1365n"); quote(ml, "| \"cKM_CAMELLIA_ECB_ENCRYPT_DATA\" -> 1366n"); quote(ml, "| \"cKM_CAMELLIA_CBC_ENCRYPT_DATA\" -> 1367n"); quote(ml, "| \"cKM_CAMELLIA_CTR\" -> 1368n"); quote(ml, "| \"cKM_ARIA_KEY_GEN\" -> 1376n"); quote(ml, "| \"cKM_ARIA_ECB\" -> 1377n"); quote(ml, "| \"cKM_ARIA_CBC\" -> 1378n"); quote(ml, "| \"cKM_ARIA_MAC\" -> 1379n"); quote(ml, "| \"cKM_ARIA_MAC_GENERAL\" -> 1380n"); quote(ml, "| \"cKM_ARIA_CBC_PAD\" -> 1381n"); quote(ml, "| \"cKM_ARIA_ECB_ENCRYPT_DATA\" -> 1382n"); quote(ml, "| \"cKM_ARIA_CBC_ENCRYPT_DATA\" -> 1383n"); quote(ml, "| \"cKM_SKIPJACK_KEY_GEN\" -> 4096n"); quote(ml, "| \"cKM_SKIPJACK_ECB64\" -> 4097n"); quote(ml, "| \"cKM_SKIPJACK_CBC64\" -> 4098n"); quote(ml, "| \"cKM_SKIPJACK_OFB64\" -> 4099n"); quote(ml, "| \"cKM_SKIPJACK_CFB64\" -> 4100n"); quote(ml, "| \"cKM_SKIPJACK_CFB32\" -> 4101n"); quote(ml, "| \"cKM_SKIPJACK_CFB16\" -> 4102n"); quote(ml, "| \"cKM_SKIPJACK_CFB8\" -> 4103n"); quote(ml, "| \"cKM_SKIPJACK_WRAP\" -> 4104n"); quote(ml, "| \"cKM_SKIPJACK_PRIVATE_WRAP\" -> 4105n"); quote(ml, "| \"cKM_SKIPJACK_RELAYX\" -> 4106n"); quote(ml, "| \"cKM_KEA_KEY_PAIR_GEN\" -> 4112n"); quote(ml, "| \"cKM_KEA_KEY_DERIVE\" -> 4113n"); quote(ml, "| \"cKM_FORTEZZA_TIMESTAMP\" -> 4128n"); quote(ml, "| \"cKM_BATON_KEY_GEN\" -> 4144n"); quote(ml, "| \"cKM_BATON_ECB128\" -> 4145n"); quote(ml, "| \"cKM_BATON_ECB96\" -> 4146n"); quote(ml, "| \"cKM_BATON_CBC128\" -> 4147n"); quote(ml, "| \"cKM_BATON_COUNTER\" -> 4148n"); quote(ml, "| \"cKM_BATON_SHUFFLE\" -> 4149n"); quote(ml, "| \"cKM_BATON_WRAP\" -> 4150n"); quote(ml, "| \"cKM_EC_KEY_PAIR_GEN\" -> 4160n"); quote(ml, "| \"cKM_ECDSA\" -> 4161n"); quote(ml, "| \"cKM_ECDSA_SHA1\" -> 4162n"); quote(ml, "| \"cKM_ECDH1_DERIVE\" -> 4176n"); quote(ml, "| \"cKM_ECDH1_COFACTOR_DERIVE\" -> 4177n"); quote(ml, "| \"cKM_ECMQV_DERIVE\" -> 4178n"); quote(ml, "| \"cKM_JUNIPER_KEY_GEN\" -> 4192n"); quote(ml, "| \"cKM_JUNIPER_ECB128\" -> 4193n"); quote(ml, "| \"cKM_JUNIPER_CBC128\" -> 4194n"); quote(ml, "| \"cKM_JUNIPER_COUNTER\" -> 4195n"); quote(ml, "| \"cKM_JUNIPER_SHUFFLE\" -> 4196n"); quote(ml, "| \"cKM_JUNIPER_WRAP\" -> 4197n"); quote(ml, "| \"cKM_FASTHASH\" -> 4208n"); quote(ml, "| \"cKM_AES_KEY_GEN\" -> 4224n"); quote(ml, "| \"cKM_AES_ECB\" -> 4225n"); quote(ml, "| \"cKM_AES_CBC\" -> 4226n"); quote(ml, "| \"cKM_AES_MAC\" -> 4227n"); quote(ml, "| \"cKM_AES_MAC_GENERAL\" -> 4228n"); quote(ml, "| \"cKM_AES_CBC_PAD\" -> 4229n"); quote(ml, "| \"cKM_AES_CTR\" -> 4230n"); quote(ml, "| \"cKM_BLOWFISH_KEY_GEN\" -> 4240n"); quote(ml, "| \"cKM_BLOWFISH_CBC\" -> 4241n"); quote(ml, "| \"cKM_TWOFISH_KEY_GEN\" -> 4242n"); quote(ml, "| \"cKM_TWOFISH_CBC\" -> 4243n"); quote(ml, "| \"cKM_DES_ECB_ENCRYPT_DATA\" -> 4352n"); quote(ml, "| \"cKM_DES_CBC_ENCRYPT_DATA\" -> 4353n"); quote(ml, "| \"cKM_DES3_ECB_ENCRYPT_DATA\" -> 4354n"); quote(ml, "| \"cKM_DES3_CBC_ENCRYPT_DATA\" -> 4355n"); quote(ml, "| \"cKM_AES_ECB_ENCRYPT_DATA\" -> 4356n"); quote(ml, "| \"cKM_AES_CBC_ENCRYPT_DATA\" -> 4357n"); quote(ml, "| \"cKM_DSA_PARAMETER_GEN\" -> 8192n"); quote(ml, "| \"cKM_DH_PKCS_PARAMETER_GEN\" -> 8193n"); quote(ml, "| \"cKM_X9_42_DH_PARAMETER_GEN\" -> 8194n"); #if __LP64__ quote(ml, "| \"cKM_VENDOR_DEFINED\" -> 2147483648n"); #else quote(ml, "| \"cKM_VENDOR_DEFINED\" -> -2147483648n"); #endif quote(ml, "| _ -> raise (Mechanism_unknown a)"); quote(ml, "let match_cKF_value a = match a with"); quote(ml, "| 1n -> \"cKF_TOKEN_PRESENT | ncKF_RNG | ncKF_HW | ncKF_DONT_BLOCK | ncKF_LIBRARY_CANT_CREATE_OS_THREADS\""); quote(ml, "| 2n -> \"cKF_REMOVABLE_DEVICE | ncKF_RW_SESSION | ncKF_WRITE_PROTECTED | ncKF_OS_LOCKING_OK\""); quote(ml, "| 4n -> \"cKF_HW_SLOT | ncKF_LOGIN_REQUIRED | ncKF_SERIAL_SESSION\""); quote(ml, "| 1073741824n -> \"cKF_ARRAY_ATTRIBUTE\""); quote(ml, "| 8n -> \"cKF_USER_PIN_INITIALIZED\""); quote(ml, "| 32n -> \"cKF_RESTORE_KEY_NOT_NEEDED\""); quote(ml, "| 64n -> \"cKF_CLOCK_ON_TOKEN\""); quote(ml, "| 256n -> \"cKF_PROTECTED_AUTHENTICATION_PATH | ncKF_ENCRYPT\""); quote(ml, "| 512n -> \"cKF_DUAL_CRYPTO_OPERATIONS | ncKF_DECRYPT\""); quote(ml, "| 1024n -> \"cKF_TOKEN_INITIALIZED | ncKF_DIGEST\""); quote(ml, "| 2048n -> \"cKF_SECONDARY_AUTHENTICATION | ncKF_SIGN\""); quote(ml, "| 65536n -> \"cKF_USER_PIN_COUNT_LOW | ncKF_GENERATE_KEY_PAIR\""); quote(ml, "| 131072n -> \"cKF_USER_PIN_FINAL_TRY | ncKF_WRAP\""); quote(ml, "| 262144n -> \"cKF_USER_PIN_LOCKED | ncKF_UNWRAP\""); quote(ml, "| 524288n -> \"cKF_USER_PIN_TO_BE_CHANGED | ncKF_DERIVE\""); quote(ml, "| 1048576n -> \"cKF_SO_PIN_COUNT_LOW\""); quote(ml, "| 2097152n -> \"cKF_SO_PIN_FINAL_TRY\""); quote(ml, "| 4194304n -> \"cKF_SO_PIN_LOCKED\""); quote(ml, "| 8388608n -> \"cKF_SO_PIN_TO_BE_CHANGED\""); quote(ml, "| 4096n -> \"cKF_SIGN_RECOVER\""); quote(ml, "| 8192n -> \"cKF_VERIFY\""); quote(ml, "| 16384n -> \"cKF_VERIFY_RECOVER\""); quote(ml, "| 32768n -> \"cKF_GENERATE\""); #if __LP64__ quote(ml, "| 2147483648n -> \"cKF_EXTENSION\""); #else quote(ml, "| -2147483648n -> \"cKF_EXTENSION\""); #endif quote(ml, "| _ -> \"cKF_UNKNOWN!\""); quote(ml, "let match_cKO_value a = match a with"); quote(ml, "| 0n -> \"cKO_DATA\""); quote(ml, "| 1n -> \"cKO_CERTIFICATE\""); quote(ml, "| 2n -> \"cKO_PUBLIC_KEY\""); quote(ml, "| 3n -> \"cKO_PRIVATE_KEY\""); quote(ml, "| 4n -> \"cKO_SECRET_KEY\""); quote(ml, "| 5n -> \"cKO_HW_FEATURE\""); quote(ml, "| 6n -> \"cKO_DOMAIN_PARAMETERS\""); quote(ml, "| 7n -> \"cKO_MECHANISM\""); #if __LP64__ quote(ml, "| 2147483648n -> \"cKO_VENDOR_DEFINED\""); #else quote(ml, "| -2147483648n -> \"cKO_VENDOR_DEFINED\""); #endif quote(ml, "| _ -> \"cKO_UNKNOWN!\""); quote(ml, "let match_cKU_value a = match a with"); quote(ml, "| 0n -> \"cKU_SO\""); quote(ml, "| 1n -> \"cKU_USER\""); quote(ml, "| 2n -> \"cKU_CONTEXT_SPECIFIC\""); quote(ml, "| _ -> \"cKU_UNKNOWN!\""); quote(ml, "let match_cKA_value a = match a with"); quote(ml, "| 0n -> \"cKA_CLASS\""); quote(ml, "| 1n -> \"cKA_TOKEN\""); quote(ml, "| 2n -> \"cKA_PRIVATE\""); quote(ml, "| 3n -> \"cKA_LABEL\""); quote(ml, "| 16n -> \"cKA_APPLICATION\""); quote(ml, "| 17n -> \"cKA_VALUE\""); quote(ml, "| 18n -> \"cKA_OBJECT_ID\""); quote(ml, "| 128n -> \"cKA_CERTIFICATE_TYPE\""); quote(ml, "| 129n -> \"cKA_ISSUER\""); quote(ml, "| 130n -> \"cKA_SERIAL_NUMBER\""); quote(ml, "| 131n -> \"cKA_AC_ISSUER\""); quote(ml, "| 132n -> \"cKA_OWNER\""); quote(ml, "| 133n -> \"cKA_ATTR_TYPES\""); quote(ml, "| 134n -> \"cKA_TRUSTED\""); quote(ml, "| 135n -> \"cKA_CERTIFICATE_CATEGORY\""); quote(ml, "| 136n -> \"cKA_JAVA_MIDP_SECURITY_DOMAIN\""); quote(ml, "| 137n -> \"cKA_URL\""); quote(ml, "| 138n -> \"cKA_HASH_OF_SUBJECT_PUBLIC_KEY\""); quote(ml, "| 139n -> \"cKA_HASH_OF_ISSUER_PUBLIC_KEY\""); quote(ml, "| 144n -> \"cKA_CHECK_VALUE\""); quote(ml, "| 256n -> \"cKA_KEY_TYPE\""); quote(ml, "| 257n -> \"cKA_SUBJECT\""); quote(ml, "| 258n -> \"cKA_ID\""); quote(ml, "| 259n -> \"cKA_SENSITIVE\""); quote(ml, "| 260n -> \"cKA_ENCRYPT\""); quote(ml, "| 261n -> \"cKA_DECRYPT\""); quote(ml, "| 262n -> \"cKA_WRAP\""); quote(ml, "| 263n -> \"cKA_UNWRAP\""); quote(ml, "| 264n -> \"cKA_SIGN\""); quote(ml, "| 265n -> \"cKA_SIGN_RECOVER\""); quote(ml, "| 266n -> \"cKA_VERIFY\""); quote(ml, "| 267n -> \"cKA_VERIFY_RECOVER\""); quote(ml, "| 268n -> \"cKA_DERIVE\""); quote(ml, "| 272n -> \"cKA_START_DATE\""); quote(ml, "| 273n -> \"cKA_END_DATE\""); quote(ml, "| 288n -> \"cKA_MODULUS\""); quote(ml, "| 289n -> \"cKA_MODULUS_BITS\""); quote(ml, "| 290n -> \"cKA_PUBLIC_EXPONENT\""); quote(ml, "| 291n -> \"cKA_PRIVATE_EXPONENT\""); quote(ml, "| 292n -> \"cKA_PRIME_1\""); quote(ml, "| 293n -> \"cKA_PRIME_2\""); quote(ml, "| 294n -> \"cKA_EXPONENT_1\""); quote(ml, "| 295n -> \"cKA_EXPONENT_2\""); quote(ml, "| 296n -> \"cKA_COEFFICIENT\""); quote(ml, "| 304n -> \"cKA_PRIME\""); quote(ml, "| 305n -> \"cKA_SUBPRIME\""); quote(ml, "| 306n -> \"cKA_BASE\""); quote(ml, "| 307n -> \"cKA_PRIME_BITS\""); quote(ml, "| 308n -> \"cKA_SUB_PRIME_BITS\""); quote(ml, "| 352n -> \"cKA_VALUE_BITS\""); quote(ml, "| 353n -> \"cKA_VALUE_LEN\""); quote(ml, "| 354n -> \"cKA_EXTRACTABLE\""); quote(ml, "| 355n -> \"cKA_LOCAL\""); quote(ml, "| 356n -> \"cKA_NEVER_EXTRACTABLE\""); quote(ml, "| 357n -> \"cKA_ALWAYS_SENSITIVE\""); quote(ml, "| 358n -> \"cKA_KEY_GEN_MECHANISM\""); quote(ml, "| 368n -> \"cKA_MODIFIABLE\""); quote(ml, "| 384n -> \"cKA_EC_PARAMS\""); quote(ml, "| 385n -> \"cKA_EC_POINT\""); quote(ml, "| 512n -> \"cKA_SECONDARY_AUTH\""); quote(ml, "| 513n -> \"cKA_AUTH_PIN_FLAGS\""); quote(ml, "| 514n -> \"cKA_ALWAYS_AUTHENTICATE\""); quote(ml, "| 528n -> \"cKA_WRAP_WITH_TRUSTED\""); quote(ml, "| 544n -> \"cKA_OTP_FORMAT\""); quote(ml, "| 545n -> \"cKA_OTP_LENGTH\""); quote(ml, "| 546n -> \"cKA_OTP_TIME_INTERVAL\""); quote(ml, "| 547n -> \"cKA_OTP_USER_FRIENDLY_MODE\""); quote(ml, "| 548n -> \"cKA_OTP_CHALLENGE_REQUIREMENT\""); quote(ml, "| 549n -> \"cKA_OTP_TIME_REQUIREMENT\""); quote(ml, "| 550n -> \"cKA_OTP_COUNTER_REQUIREMENT\""); quote(ml, "| 551n -> \"cKA_OTP_PIN_REQUIREMENT\""); quote(ml, "| 552n -> \"cKA_OTP_COUNTER\""); quote(ml, "| 553n -> \"cKA_OTP_TIME\""); quote(ml, "| 554n -> \"cKA_OTP_USER_IDENTIFIER\""); quote(ml, "| 555n -> \"cKA_OTP_SERVICE_IDENTIFIER\""); quote(ml, "| 556n -> \"cKA_OTP_SERVICE_LOGO\""); quote(ml, "| 557n -> \"cKA_OTP_SERVICE_LOGO_TYPE\""); quote(ml, "| 768n -> \"cKA_HW_FEATURE_TYPE\""); quote(ml, "| 769n -> \"cKA_RESET_ON_INIT\""); quote(ml, "| 770n -> \"cKA_HAS_RESET\""); quote(ml, "| 1024n -> \"cKA_PIXEL_X\""); quote(ml, "| 1025n -> \"cKA_PIXEL_Y\""); quote(ml, "| 1026n -> \"cKA_RESOLUTION\""); quote(ml, "| 1027n -> \"cKA_CHAR_ROWS\""); quote(ml, "| 1028n -> \"cKA_CHAR_COLUMNS\""); quote(ml, "| 1029n -> \"cKA_COLOR\""); quote(ml, "| 1030n -> \"cKA_BITS_PER_PIXEL\""); quote(ml, "| 1152n -> \"cKA_CHAR_SETS\""); quote(ml, "| 1153n -> \"cKA_ENCODING_METHODS\""); quote(ml, "| 1154n -> \"cKA_MIME_TYPES\""); quote(ml, "| 1280n -> \"cKA_MECHANISM_TYPE\""); quote(ml, "| 1281n -> \"cKA_REQUIRED_CMS_ATTRIBUTES\""); quote(ml, "| 1282n -> \"cKA_DEFAULT_CMS_ATTRIBUTES\""); quote(ml, "| 1283n -> \"cKA_SUPPORTED_CMS_ATTRIBUTES\""); quote(ml, "| 1073742353n -> \"cKA_WRAP_TEMPLATE\""); quote(ml, "| 1073742354n -> \"cKA_UNWRAP_TEMPLATE\""); quote(ml, "| 1073743360n -> \"cKA_ALLOWED_MECHANISMS\""); #if __LP64__ quote(ml, "| 2147483648n -> \"cKA_VENDOR_DEFINED\""); #else quote(ml, "| -2147483648n -> \"cKA_VENDOR_DEFINED\""); #endif quote(ml, "| _ -> \"cKA_UNKNOWN!\""); quote(ml, "let match_cKS_value a = match a with"); quote(ml, "| 0n -> \"cKS_RO_PUBLIC_SESSION\""); quote(ml, "| 1n -> \"cKS_RO_USER_FUNCTIONS\""); quote(ml, "| 2n -> \"cKS_RW_PUBLIC_SESSION\""); quote(ml, "| 3n -> \"cKS_RW_USER_FUNCTIONS\""); quote(ml, "| 4n -> \"cKS_RW_SO_FUNCTIONS\""); quote(ml, "| _ -> \"cKS_UNKNOWN!\""); quote(ml, "let match_cKH_value a = match a with"); quote(ml, "| 1n -> \"cKH_MONOTONIC_COUNTER\""); quote(ml, "| 2n -> \"cKH_CLOCK\""); quote(ml, "| 3n -> \"cKH_USER_INTERFACE\""); #if __LP64__ quote(ml, "| 2147483648n -> \"cKH_VENDOR_DEFINED\""); #else quote(ml, "| -2147483648n -> \"cKH_VENDOR_DEFINED\""); #endif quote(ml, "| _ -> \"cKH_UNKNOWN!\""); quote(ml, "let match_cKK_value a = match a with"); quote(ml, "| 0n -> \"cKK_RSA\""); quote(ml, "| 1n -> \"cKK_DSA\""); quote(ml, "| 2n -> \"cKK_DH\""); quote(ml, "| 3n -> \"cKK_EC\""); quote(ml, "| 4n -> \"cKK_X9_42_DH\""); quote(ml, "| 5n -> \"cKK_KEA\""); quote(ml, "| 16n -> \"cKK_GENERIC_SECRET\""); quote(ml, "| 17n -> \"cKK_RC2\""); quote(ml, "| 18n -> \"cKK_RC4\""); quote(ml, "| 19n -> \"cKK_DES\""); quote(ml, "| 20n -> \"cKK_DES2\""); quote(ml, "| 21n -> \"cKK_DES3\""); quote(ml, "| 22n -> \"cKK_CAST\""); quote(ml, "| 23n -> \"cKK_CAST3\""); quote(ml, "| 24n -> \"cKK_CAST128\""); quote(ml, "| 25n -> \"cKK_RC5\""); quote(ml, "| 26n -> \"cKK_IDEA\""); quote(ml, "| 27n -> \"cKK_SKIPJACK\""); quote(ml, "| 28n -> \"cKK_BATON\""); quote(ml, "| 29n -> \"cKK_JUNIPER\""); quote(ml, "| 30n -> \"cKK_CDMF\""); quote(ml, "| 31n -> \"cKK_AES\""); quote(ml, "| 32n -> \"cKK_BLOWFISH\""); quote(ml, "| 33n -> \"cKK_TWOFISH\""); #if __LP64__ quote(ml, "| 2147483648n -> \"cKK_VENDOR_DEFINED\""); #else quote(ml, "| -2147483648n -> \"cKK_VENDOR_DEFINED\""); #endif quote(ml, "| _ -> \"cKK_UNKNOWN!\""); quote(ml, "let match_cKC_value a = match a with"); quote(ml, "| 0n -> \"cKC_X_509\""); quote(ml, "| 1n -> \"cKC_X_509_ATTR_CERT\""); quote(ml, "| 2n -> \"cKC_WTLS\""); #if __LP64__ quote(ml, "| 2147483648n -> \"cKC_VENDOR_DEFINED\""); #else quote(ml, "| -2147483648n -> \"cKC_VENDOR_DEFINED\""); #endif quote(ml, "| _ -> \"cKC_UNKNOWN!\""); /* Helpers for OCaml programs */ quote(mli, "(* Helpers for information printing *)\n"); quote(mli, "val match_cKM_value : nativeint -> string\n"); quote(mli, "val match_cKR_value : nativeint -> string\n"); quote(mli, "val match_cKA_value : nativeint -> string\n"); quote(mli, "val match_cKF_value : nativeint -> string\n"); quote(mli, "val match_cKC_value : nativeint -> string\n"); quote(mli, "val match_cKK_value : nativeint -> string\n"); quote(mli, "val match_cKS_value : nativeint -> string\n"); quote(mli, "val match_cKU_value : nativeint -> string\n"); quote(mli, "val match_cKO_value : nativeint -> string\n"); quote(mli, "val string_to_cKM_value : string -> nativeint\n"); quote(mli, "(* Helpers for strings and char arrays *)\n"); quote(mli, "val string_to_char_array : string -> char array\n"); quote(mli, "val char_array_to_string : char array -> string\n"); quote(mli, "val print_int_array : nativeint array -> unit\n"); quote(mli, "val print_char_array : char array -> unit\n"); quote(mli, "val print_string_array : string array -> unit\n"); quote(mli, "val print_hex : char -> unit\n"); quote(mli, "val print_hex_array : char array -> unit\n"); quote(mli, "val int_to_hexchar : nativeint -> char\n"); quote(mli, "val hexchar_to_int : char -> nativeint\n"); quote(mli, "val merge_nibbles : char -> char -> char\n"); quote(mli, "val pack : string -> string\n"); quote(mli, "val sprint_hex_array : char array -> string\n"); quote(mli, "val bool_to_char_array : nativeint -> char array\n"); quote(mli, "val char_array_to_bool : char array -> nativeint\n"); quote(mli, "val sprint_bool_attribute_value : nativeint -> string\n"); quote(mli, "val sprint_template_array : ck_attribute array -> string\n"); /* Use aliases if this is an old version (< 4.02) of OCaml without a Bytes module */ #ifdef OCAML_NO_BYTES_MODULE quote(ml, "module Bytes = String"); quote(ml, "let char_array_to_string = fun a -> let s = Bytes.create (Array.length a) in\n"); quote(ml, " Array.iteri (fun i x -> Bytes.set s i x) a; s;;\n"); #else quote(ml, "let char_array_to_string = fun a -> let s = Bytes.create (Array.length a) in\n"); quote(ml, " Array.iteri (fun i x -> Bytes.set s i x) a; Bytes.to_string s;;\n"); #endif quote(ml, "let string_to_char_array = fun s -> Array.init (String.length s) (fun i -> s.[i]);;\n"); quote(ml, "let print_int_array = fun a -> Printf.printf \"'\"; Array.iter (fun str -> Printf.printf \"%s \" (Nativeint.to_string str)) a; Printf.printf \"'\\n\";;"); quote(ml, "let print_char_array = fun a -> Printf.printf \"'\"; Array.iter (Printf.printf \"%c\") a; Printf.printf \"'\\n\";;"); quote(ml, "let print_string_array = fun a -> Printf.printf \"'\"; Array.iter (Printf.printf \"%s | \") a; Printf.printf \"'\\n\";;"); quote(ml, "let print_hex = fun a -> Printf.printf \"%02x\" (int_of_char a);;"); quote(ml, "let print_hex_array = fun a -> Printf.printf \"'\"; Array.iter print_hex a; Printf.printf \"'\\n\";;"); quote(ml, "let int_to_hexchar (i : nativeint) : char ="); quote(ml, " match i with"); quote(ml, " 0n -> '0'"); quote(ml, " | 1n -> '1'"); quote(ml, " | 2n -> '2'"); quote(ml, " | 3n -> '3'"); quote(ml, " | 4n -> '4'"); quote(ml, " | 5n -> '5'"); quote(ml, " | 6n -> '6'"); quote(ml, " | 7n -> '7'"); quote(ml, " | 8n -> '8'"); quote(ml, " | 9n -> '9'"); quote(ml, " | 10n -> 'a'"); quote(ml, " | 11n -> 'b'"); quote(ml, " | 12n -> 'c'"); quote(ml, " | 13n -> 'd'"); quote(ml, " | 14n -> 'e'"); quote(ml, " | 15n -> 'f'"); quote(ml, " | _ -> failwith \"int_to_hexchar\";;\n"); quote(ml, "let hexchar_to_int (c : char) : nativeint ="); quote(ml, " match c with"); quote(ml, " '0' -> 0n"); quote(ml, " | '1' -> 1n"); quote(ml, " | '2' -> 2n"); quote(ml, " | '3' -> 3n"); quote(ml, " | '4' -> 4n"); quote(ml, " | '5' -> 5n"); quote(ml, " | '6' -> 6n"); quote(ml, " | '7' -> 7n"); quote(ml, " | '8' -> 8n"); quote(ml, " | '9' -> 9n"); quote(ml, " | 'a' -> 10n"); quote(ml, " | 'b' -> 11n"); quote(ml, " | 'c' -> 12n"); quote(ml, " | 'd' -> 13n"); quote(ml, " | 'e' -> 14n"); quote(ml, " | 'f' -> 15n"); quote(ml, " | 'A' -> 10n"); quote(ml, " | 'B' -> 11n"); quote(ml, " | 'C' -> 12n"); quote(ml, " | 'D' -> 13n"); quote(ml, " | 'E' -> 14n"); quote(ml, " | 'F' -> 15n"); quote(ml, " | _ -> failwith \"hexchar_to_int\";;\n"); quote(ml, "let merge_nibbles niba nibb ="); quote(ml, " let ciba = hexchar_to_int nibb in"); quote(ml, " let cibb = hexchar_to_int niba in"); quote(ml, " let res = (Nativeint.shift_left cibb 4) in"); quote(ml, " let res = (Nativeint.logxor res ciba) in"); quote(ml, " let res = Char.chr (Nativeint.to_int res) in"); quote(ml, " (res);;"); quote(ml, "let pack hexstr ="); quote(ml, " let len = String.length hexstr in"); quote(ml, " let half_len = len / 2 in"); quote(ml, " let res = Bytes.create half_len in"); quote(ml, " let j = ref 0 in"); quote(ml, " for i = 0 to len - 2 do"); quote(ml, " if (i mod 2 == 0) then"); quote(ml, " ("); quote(ml, " let tmp = merge_nibbles hexstr.[i] hexstr.[i+1] in"); quote(ml, " Bytes.set res !j tmp;"); quote(ml, " j := !j +1;"); quote(ml, " )"); quote(ml, " done;"); #ifdef OCAML_NO_BYTES_MODULE quote(ml, " (res);;"); #else quote(ml, " (Bytes.to_string res);;"); #endif quote(ml, "let sprint_hex_array myarray ="); quote(ml, " let s = Array.fold_left ("); quote(ml, " fun a elem -> Printf.sprintf \"%s%02x\" a (int_of_char elem);"); quote(ml, " ) \"'\" myarray in"); quote(ml, " (Printf.sprintf \"%s'\" s)"); quote(ml, ""); quote(ml, "let bool_to_char_array boolean_attribute ="); quote(ml, " if compare boolean_attribute cK_FALSE = 0 then"); quote(ml, " ([| (Char.chr 0) |])"); quote(ml, " else"); quote(ml, " ([| (Char.chr 1) |])"); quote(ml, ""); quote(ml, "let char_array_to_bool char_array ="); quote(ml, " let check = Array.fold_left ("); quote(ml, " fun curr_check elem ->"); quote(ml, " if compare elem (Char.chr 0) = 0 then"); quote(ml, " (curr_check || false)"); quote(ml, " else"); quote(ml, " (curr_check || true)"); quote(ml, " ) false char_array in"); quote(ml, " if compare check false = 0 then"); quote(ml, " (cK_FALSE)"); quote(ml, " else"); quote(ml, " (cK_TRUE)"); quote(ml, ""); quote(ml, "let sprint_bool_attribute_value attribute_value ="); quote(ml, " if compare attribute_value cK_TRUE = 0 then"); quote(ml, " (\"TRUE\")"); quote(ml, " else"); quote(ml, " if compare attribute_value cK_FALSE = 0 then"); quote(ml, " (\"FALSE\")"); quote(ml, " else"); quote(ml, " (\"UNKNOWN!\")"); quote(ml, ""); quote(ml, "let sprint_template_array template_array ="); quote(ml, " let string_ = Array.fold_left"); quote(ml, " (fun curr_string templ ->"); quote(ml, " let s1 = Printf.sprintf \"(%s, \" (match_cKA_value templ.type_) in"); quote(ml, " let s2 = Printf.sprintf \"%s) \" (sprint_hex_array templ.value) in"); quote(ml, " (String.concat \"\" [curr_string; s1; s2])"); quote(ml, " ) \"\" template_array in"); quote(ml, " (string_)"); typedef unsigned char CK_BYTE; typedef unsigned char CK_CHAR; typedef unsigned char CK_UTF8CHAR; typedef unsigned char CK_BBOOL; typedef[nativeint] unsigned long int CK_ULONG; typedef[nativeint] long int CK_LONG; typedef CK_BYTE *CK_BYTE_PTR; typedef CK_CHAR *CK_CHAR_PTR; typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; typedef CK_ULONG *CK_ULONG_PTR; #define CK_FALSE 0 #define CK_TRUE 1 #ifndef CK_DISABLE_TRUE_FALSE #ifndef FALSE #define FALSE 0 #endif #ifndef TRUE #define TRUE 1 #endif #endif typedef struct ck_version CK_VERSION; typedef struct ck_version *CK_VERSION_PTR; typedef struct ck_info CK_INFO; typedef struct ck_info *CK_INFO_PTR; typedef ck_slot_id_t *CK_SLOT_ID_PTR; typedef struct ck_slot_info CK_SLOT_INFO; typedef struct ck_slot_info *CK_SLOT_INFO_PTR; typedef struct ck_token_info CK_TOKEN_INFO; typedef struct ck_token_info *CK_TOKEN_INFO_PTR; typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; typedef struct ck_session_info CK_SESSION_INFO; typedef struct ck_session_info *CK_SESSION_INFO_PTR; typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; typedef struct ck_attribute CK_ATTRIBUTE; typedef struct ck_attribute *CK_ATTRIBUTE_PTR; typedef struct ck_date CK_DATE; typedef struct ck_date *CK_DATE_PTR; typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; typedef struct ck_mechanism CK_MECHANISM; typedef struct ck_mechanism *CK_MECHANISM_PTR; typedef struct ck_mechanism_info CK_MECHANISM_INFO; typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; #define NULL_PTR NULL /*********** Tricky structures **************************/ typedef[nativeint] unsigned long ck_rv_t; /*typedef ck_rv_t (*ck_createmutex_t) (void **mutex); typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex);*/ typedef[abstract, mltype("unit->nativeint")] int (*ck_createmutex_t); typedef[abstract, mltype("unit->nativeint")] int (*ck_destroymutex_t); typedef[abstract, mltype("unit->nativeint")] int (*ck_lockmutex_t); typedef[abstract, mltype("unit->nativeint")] int (*ck_unlockmutex_t); struct ck_c_initialize_args { ck_createmutex_t create_mutex; ck_destroymutex_t destroy_mutex; ck_lockmutex_t lock_mutex; ck_unlockmutex_t unlock_mutex; ck_flags_t flags; /* Don't take care of the reserved field, it will be at NULL when calling the PKCS11 API */ [ignore] void *reserved; }; /* The MAX_BUFF_LEN is used to avoid, when possible, allocating */ /* data on the heap. This is mainly used for PKCS#11 functions */ /* that are expected to return small amount of data, such as */ /* digest or signature data */ #define MAX_BUFF_LEN 16384 quote(C, "#define MAX_BUFF_LEN 16384\n"); quote(C, "#define CKR_OK (0UL)\n"); /*********** PKCS11 API **************************/ #define _ML_CK_DECLARE_FUNCTION(name, args) \ ck_rv_t ML_CK_ ## name args \ _ML_CK_DECLARE_FUNCTION(C_Daemonize, ([size_is(param_len), in] unsigned char param[], unsigned long param_len)); _ML_CK_DECLARE_FUNCTION(C_SetupArch, ([nativeint] unsigned int arch)); /* C_LoadModule is added and replaces C_GetFunctionList */ _ML_CK_DECLARE_FUNCTION(C_LoadModule, ([null_terminated, in] unsigned char libname[])); _ML_CK_DECLARE_FUNCTION(C_Initialize, (void)); _ML_CK_DECLARE_FUNCTION(C_Finalize, (void)); _ML_CK_DECLARE_FUNCTION(C_GetSlotList, ([nativeint] unsigned int token_present, [size_is(count), out] ck_slot_id_t slot_list[], [nativeint] unsigned long count, [out] unsigned long *real_count)); _ML_CK_DECLARE_FUNCTION(C_GetInfo, ([out] struct ck_info * info)); _ML_CK_DECLARE_FUNCTION(C_WaitForSlotEvent, (ck_flags_t flags,[out] ck_slot_id_t * slot_id)); _ML_CK_DECLARE_FUNCTION(C_GetSlotInfo, (ck_slot_id_t slot_id, [out] struct ck_slot_info * info)); _ML_CK_DECLARE_FUNCTION(C_GetTokenInfo, (ck_slot_id_t slot_id, [out] struct ck_token_info * info)); _ML_CK_DECLARE_FUNCTION(C_InitToken, (ck_slot_id_t slot_id, [size_is(pin_len), in] unsigned char pin[], unsigned long pin_len,[null_terminated, in] unsigned char label[])); _ML_CK_DECLARE_FUNCTION(C_OpenSession, (ck_slot_id_t slot_id, ck_flags_t flags, [out] ck_session_handle_t * session)); _ML_CK_DECLARE_FUNCTION(C_CloseSession, (ck_session_handle_t session)); _ML_CK_DECLARE_FUNCTION(C_CloseAllSessions, (ck_slot_id_t slot_id)); _ML_CK_DECLARE_FUNCTION(C_GetSessionInfo, (ck_session_handle_t session, [out] struct ck_session_info * info)); _ML_CK_DECLARE_FUNCTION(C_Login, (ck_session_handle_t session, ck_user_type_t user_type, [size_is(pin_len), in] unsigned char pin[], unsigned long pin_len)); _ML_CK_DECLARE_FUNCTION(C_Logout, (ck_session_handle_t session)); _ML_CK_DECLARE_FUNCTION(C_GetMechanismList, (ck_slot_id_t slot_id, [size_is(count), out] ck_mechanism_type_t mechanism_list[], [nativeint] unsigned long count, [out] unsigned long *real_count)); _ML_CK_DECLARE_FUNCTION(C_GetMechanismInfo, (ck_slot_id_t slot_id, ck_mechanism_type_t mechanism, [out] struct ck_mechanism_info * info)); _ML_CK_DECLARE_FUNCTION(C_InitPIN, (ck_session_handle_t session, [size_is(pin_len), in] unsigned char pin[], unsigned long pin_len)); _ML_CK_DECLARE_FUNCTION(C_SetPIN, (ck_session_handle_t session, [size_is(old_pin_len), in] unsigned char old_pin[], unsigned long old_pin_len,[size_is(new_pin_len), in] unsigned char new_pin[], unsigned long new_pin_len)); _ML_CK_DECLARE_FUNCTION(C_SeedRandom, (ck_session_handle_t session, [size_is(seed_len), in] unsigned char seed[], unsigned long seed_len)); _ML_CK_DECLARE_FUNCTION(C_GenerateRandom, (ck_session_handle_t session, [size_is(rand_len), out] unsigned char rand_value[], [nativeint] unsigned long rand_len)); _ML_CK_DECLARE_FUNCTION(C_FindObjectsInit, (ck_session_handle_t session, [size_is(count), in] struct ck_attribute templ[], [nativeint] unsigned long count)); _ML_CK_DECLARE_FUNCTION(C_FindObjects, (ck_session_handle_t session, [size_is(max_object_count), out] ck_object_handle_t object[], [nativeint] unsigned long max_object_count, [out] unsigned long *object_count)); _ML_CK_DECLARE_FUNCTION(C_FindObjectsFinal, (ck_session_handle_t session)); _ML_CK_DECLARE_FUNCTION(C_GenerateKey, (ck_session_handle_t session, struct ck_mechanism mechanism, [size_is(count), in] struct ck_attribute templ[], [nativeint] unsigned long count, [out] ck_object_handle_t * phkey)); _ML_CK_DECLARE_FUNCTION(C_GenerateKeyPair, (ck_session_handle_t session, struct ck_mechanism mechanism, [size_is(pub_count), in] struct ck_attribute pub_templ[], [nativeint] unsigned long pub_count, [size_is(priv_count), in] struct ck_attribute priv_templ[], [nativeint] unsigned long priv_count, [out] ck_object_handle_t * phpubkey, [out] ck_object_handle_t * phprivkey)); _ML_CK_DECLARE_FUNCTION(C_CreateObject, (ck_session_handle_t session, [size_is(count), in] struct ck_attribute templ[], [nativeint] unsigned long count, [out] ck_object_handle_t * phobject)); _ML_CK_DECLARE_FUNCTION(C_CopyObject, (ck_session_handle_t session, ck_object_handle_t hobject,[size_is(count), in] struct ck_attribute templ[],[nativeint] unsigned long count, [out] ck_object_handle_t * phnewobject)); _ML_CK_DECLARE_FUNCTION(C_DestroyObject, (ck_session_handle_t session, [in] ck_object_handle_t hobject)); _ML_CK_DECLARE_FUNCTION(C_GetAttributeValue, (ck_session_handle_t session, ck_object_handle_t hobject,[size_is(count), in, out] struct ck_attribute templ[],[nativeint] unsigned long count)); _ML_CK_DECLARE_FUNCTION(C_SetAttributeValue, (ck_session_handle_t session, ck_object_handle_t hobject,[size_is(count), in] struct ck_attribute templ[],[nativeint] unsigned long count)); _ML_CK_DECLARE_FUNCTION(C_GetObjectSize, (ck_session_handle_t session, ck_object_handle_t hobject, [out] unsigned long *object_size)); _ML_CK_DECLARE_FUNCTION(C_WrapKey, (ck_session_handle_t session, struct ck_mechanism mechanism, ck_object_handle_t hwrappingkey, ck_object_handle_t hkey,[size_is(*wrapped_key_len), out] unsigned char wrapped_key[], [ignore] unsigned long *wrapped_key_len)); _ML_CK_DECLARE_FUNCTION(C_UnwrapKey, (ck_session_handle_t session, struct ck_mechanism mechanism, ck_object_handle_t hunwrappingkey, [size_is(wrapped_key_len), in] unsigned char wrapped_key[], unsigned long wrapped_key_len,[size_is(count), in] struct ck_attribute templ[],[nativeint] unsigned long count, [out] ck_object_handle_t * phobject)); _ML_CK_DECLARE_FUNCTION(C_DeriveKey, (ck_session_handle_t session, struct ck_mechanism mechanism, ck_object_handle_t hbasekey,[size_is(count), in] struct ck_attribute templ[],[nativeint] unsigned long count, [out] ck_object_handle_t * phkey)); _ML_CK_DECLARE_FUNCTION(C_DigestInit, (ck_session_handle_t session, struct ck_mechanism mechanism)); _ML_CK_DECLARE_FUNCTION(C_Digest, (ck_session_handle_t session, [size_is(data_len), in] unsigned char data[], [nativeint] unsigned long data_len, [size_is(*digest_len), out] unsigned char digest[], [ignore] unsigned long *digest_len)); _ML_CK_DECLARE_FUNCTION(C_DigestUpdate, (ck_session_handle_t session, [size_is(data_len), in] unsigned char data[], [nativeint] unsigned long data_len)); _ML_CK_DECLARE_FUNCTION(C_DigestKey, (ck_session_handle_t session, ck_object_handle_t hkey)); _ML_CK_DECLARE_FUNCTION(C_DigestFinal, (ck_session_handle_t session, [size_is(*digest_len), out] unsigned char digest[], [ignore] unsigned long *digest_len)); _ML_CK_DECLARE_FUNCTION(C_SignInit, (ck_session_handle_t session, struct ck_mechanism mechanism, ck_object_handle_t hkey)); _ML_CK_DECLARE_FUNCTION(C_SignRecoverInit, (ck_session_handle_t session, struct ck_mechanism mechanism, ck_object_handle_t hkey)); _ML_CK_DECLARE_FUNCTION(C_Sign, (ck_session_handle_t session, [size_is(data_len), in] unsigned char data[], [nativeint] unsigned long data_len, [size_is(*signed_len), out] unsigned char signature[], [ignore] unsigned long *signed_len)); _ML_CK_DECLARE_FUNCTION(C_SignRecover, (ck_session_handle_t session, [size_is(data_len), in] unsigned char data[], [nativeint] unsigned long data_len, [size_is(*signed_len), out] unsigned char signature[], [ignore] unsigned long *signed_len)); _ML_CK_DECLARE_FUNCTION(C_SignUpdate, (ck_session_handle_t session, [size_is(data_len), in] unsigned char data[], [nativeint] unsigned long data_len)); _ML_CK_DECLARE_FUNCTION(C_SignFinal, (ck_session_handle_t session, [size_is(*signed_len), out] unsigned char signature[], [ignore] unsigned long *signed_len)); _ML_CK_DECLARE_FUNCTION(C_VerifyInit, (ck_session_handle_t session, struct ck_mechanism mechanism, ck_object_handle_t hkey)); _ML_CK_DECLARE_FUNCTION(C_VerifyRecoverInit, (ck_session_handle_t session, struct ck_mechanism mechanism, ck_object_handle_t hkey)); _ML_CK_DECLARE_FUNCTION(C_Verify, (ck_session_handle_t session, [size_is(data_len), in] unsigned char data[], [nativeint] unsigned long data_len, [size_is(signed_len), in] unsigned char signature[], unsigned long signed_len)); _ML_CK_DECLARE_FUNCTION(C_VerifyRecover, (ck_session_handle_t session, [size_is(signature_len), in] unsigned char signature[], unsigned long signature_len,[size_is(*data_len), out] unsigned char data[], [ignore] unsigned long *data_len)); _ML_CK_DECLARE_FUNCTION(C_VerifyUpdate, (ck_session_handle_t session, [size_is(data_len), in] unsigned char data[], [nativeint] unsigned long data_len)); _ML_CK_DECLARE_FUNCTION(C_VerifyFinal, (ck_session_handle_t session, [size_is(signed_len), in] unsigned char signature[], unsigned long signed_len)); _ML_CK_DECLARE_FUNCTION(C_EncryptInit, (ck_session_handle_t session, struct ck_mechanism mechanism, ck_object_handle_t hkey)); _ML_CK_DECLARE_FUNCTION(C_Encrypt, (ck_session_handle_t session, [size_is(data_len), in] unsigned char data[], [nativeint] unsigned long data_len, [size_is(*encrypted_len), out] unsigned char encrypted[], [ignore] unsigned long *encrypted_len)); _ML_CK_DECLARE_FUNCTION(C_EncryptUpdate, (ck_session_handle_t session, [size_is(data_len), in] unsigned char data[], [nativeint] unsigned long data_len, [size_is(*encrypted_len), out] unsigned char encrypted[], [ignore] unsigned long *encrypted_len)); _ML_CK_DECLARE_FUNCTION(C_EncryptFinal, (ck_session_handle_t session, [size_is(*encrypted_len), out] unsigned char encrypted[], [ignore] unsigned long *encrypted_len)); _ML_CK_DECLARE_FUNCTION(C_DigestEncryptUpdate, (ck_session_handle_t session, [size_is(data_len), in] unsigned char data[], [nativeint] unsigned long data_len, [size_is(*encrypted_len), out] unsigned char encrypted[], [ignore] unsigned long *encrypted_len)); _ML_CK_DECLARE_FUNCTION(C_SignEncryptUpdate, (ck_session_handle_t session, [size_is(data_len), in] unsigned char data[], [nativeint] unsigned long data_len, [size_is(*encrypted_len), out] unsigned char encrypted[], [ignore] unsigned long *encrypted_len)); _ML_CK_DECLARE_FUNCTION(C_DecryptInit, (ck_session_handle_t session, struct ck_mechanism mechanism, ck_object_handle_t hkey)); _ML_CK_DECLARE_FUNCTION(C_Decrypt, (ck_session_handle_t session, [size_is(encrypted_len), in] unsigned char encrypted[], [nativeint] unsigned long encrypted_len, [size_is(*decrypted_len), out] unsigned char decrypted[], [ignore] unsigned long *decrypted_len)); _ML_CK_DECLARE_FUNCTION(C_DecryptUpdate, (ck_session_handle_t session, [size_is(encrypted_len), in] unsigned char encrypted[], [nativeint] unsigned long encrypted_len, [size_is(*data_len), out] unsigned char data[], [ignore] unsigned long *data_len)); _ML_CK_DECLARE_FUNCTION(C_DecryptFinal, (ck_session_handle_t session, [size_is(*decrypted_len), out] unsigned char decrypted[], [ignore] unsigned long *decrypted_len)); _ML_CK_DECLARE_FUNCTION(C_DecryptDigestUpdate, (ck_session_handle_t session, [size_is(encrypted_len), in] unsigned char encrypted[], [nativeint] unsigned long encrypted_len, [size_is(*data_len), out] unsigned char data[], [ignore] unsigned long *data_len)); _ML_CK_DECLARE_FUNCTION(C_DecryptVerifyUpdate, (ck_session_handle_t session, [size_is(encrypted_len), in] unsigned char encrypted[], [nativeint] unsigned long encrypted_len, [size_is(*data_len), out] unsigned char data[], [ignore] unsigned long *data_len)); _ML_CK_DECLARE_FUNCTION(C_GetOperationState, (ck_session_handle_t session, [size_is(*data_len), out] unsigned char data[], [ignore] unsigned long *data_len)); _ML_CK_DECLARE_FUNCTION(C_SetOperationState, (ck_session_handle_t session, [size_is(data_len), in] unsigned char data[], [nativeint] unsigned long data_len, ck_object_handle_t hencryptionkey, ck_object_handle_t hauthenticationkey)); /* Deprecated functions */ _ML_CK_DECLARE_FUNCTION(C_GetFunctionStatus, (ck_session_handle_t session)); _ML_CK_DECLARE_FUNCTION(C_CancelFunction, (ck_session_handle_t session)); /* Specific functions to handle architecture issues (32 versus 64 bit ulong, endianness ...) */ void int_to_ulong_char_array([nativeint] unsigned long input, [size_is(sizeof(unsigned long)), out] unsigned char data[]); void char_array_to_ulong([in]unsigned char data[], [nativeint, out]unsigned long output); void hton_char_array([in]unsigned char in[], [size_is(*out_len), out]unsigned char out[], [ignore]unsigned long* out_len); void ntoh_char_array([in]unsigned char in[], [size_is(*out_len), out]unsigned char out[], [ignore]unsigned long* out_len); /* pkcs11_stubs.c */ quote(H,"/* Avoid declaring caml stuff when sharing this header with C rpc client code */"); quote(H,"#if !defined(CRPC)"); quote(H, "void camlidl_ml2c_pkcs11_ck_flags_t(value _v1, ck_flags_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_flags_t(ck_flags_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_struct_ck_version(value _v1, struct ck_version *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_struct_ck_version(struct ck_version *_c1, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_struct_ck_info(value _v1, struct ck_info *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_struct_ck_info(struct ck_info *_c1, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_notification_t(value _v1, ck_notification_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_notification_t(ck_notification_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_slot_id_t(value _v1, ck_slot_id_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_slot_id_t(ck_slot_id_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_struct_ck_slot_info(value _v1, struct ck_slot_info *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_struct_ck_slot_info(struct ck_slot_info *_c1, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_struct_ck_token_info(value _v1, struct ck_token_info *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_struct_ck_token_info(struct ck_token_info *_c1, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_session_handle_t(value _v1, ck_session_handle_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_session_handle_t(ck_session_handle_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_user_type_t(value _v1, ck_user_type_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_user_type_t(ck_user_type_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_state_t(value _v1, ck_state_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_state_t(ck_state_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_struct_ck_session_info(value _v1, struct ck_session_info *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_struct_ck_session_info(struct ck_session_info *_c1, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_object_handle_t(value _v1, ck_object_handle_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_object_handle_t(ck_object_handle_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_object_class_t(value _v1, ck_object_class_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_object_class_t(ck_object_class_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_hw_feature_type_t(value _v1, ck_hw_feature_type_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_hw_feature_type_t(ck_hw_feature_type_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_key_type_t(value _v1, ck_key_type_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_key_type_t(ck_key_type_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_certificate_type_t(value _v1, ck_certificate_type_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_certificate_type_t(ck_certificate_type_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_attribute_type_t(value _v1, ck_attribute_type_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_attribute_type_t(ck_attribute_type_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_struct_ck_attribute(value _v1, struct ck_attribute *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_struct_ck_attribute(struct ck_attribute *_c1, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_struct_ck_date(value _v1, struct ck_date *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_struct_ck_date(struct ck_date *_c1, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_mechanism_type_t(value _v1, ck_mechanism_type_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_mechanism_type_t(ck_mechanism_type_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_struct_ck_mechanism(value _v1, struct ck_mechanism *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_struct_ck_mechanism(struct ck_mechanism *_c1, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_struct_ck_mechanism_info(value _v1, struct ck_mechanism_info *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_struct_ck_mechanism_info(struct ck_mechanism_info *_c1, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_BYTE(value _v1, CK_BYTE *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_BYTE(CK_BYTE *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_CHAR(value _v1, CK_CHAR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_CHAR(CK_CHAR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_UTF8CHAR(value _v1, CK_UTF8CHAR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_UTF8CHAR(CK_UTF8CHAR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_BBOOL(value _v1, CK_BBOOL *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_BBOOL(CK_BBOOL *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_ULONG(value _v1, CK_ULONG *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_ULONG(CK_ULONG *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_LONG(value _v1, CK_LONG *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_LONG(CK_LONG *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_BYTE_PTR(value _v1, CK_BYTE_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_BYTE_PTR(CK_BYTE_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_CHAR_PTR(value _v1, CK_CHAR_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_CHAR_PTR(CK_CHAR_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_UTF8CHAR_PTR(value _v1, CK_UTF8CHAR_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_UTF8CHAR_PTR(CK_UTF8CHAR_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_ULONG_PTR(value _v1, CK_ULONG_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_ULONG_PTR(CK_ULONG_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_VERSION(value _v1, CK_VERSION *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_VERSION(CK_VERSION *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_VERSION_PTR(value _v1, CK_VERSION_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_VERSION_PTR(CK_VERSION_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_INFO(value _v1, CK_INFO *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_INFO(CK_INFO *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_INFO_PTR(value _v1, CK_INFO_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_INFO_PTR(CK_INFO_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_SLOT_ID_PTR(value _v1, CK_SLOT_ID_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_SLOT_ID_PTR(CK_SLOT_ID_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_SLOT_INFO(value _v1, CK_SLOT_INFO *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_SLOT_INFO(CK_SLOT_INFO *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_SLOT_INFO_PTR(value _v1, CK_SLOT_INFO_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_SLOT_INFO_PTR(CK_SLOT_INFO_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_TOKEN_INFO(value _v1, CK_TOKEN_INFO *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_TOKEN_INFO(CK_TOKEN_INFO *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_TOKEN_INFO_PTR(value _v1, CK_TOKEN_INFO_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_TOKEN_INFO_PTR(CK_TOKEN_INFO_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_SESSION_HANDLE_PTR(value _v1, CK_SESSION_HANDLE_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_SESSION_HANDLE_PTR(CK_SESSION_HANDLE_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_SESSION_INFO(value _v1, CK_SESSION_INFO *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_SESSION_INFO(CK_SESSION_INFO *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_SESSION_INFO_PTR(value _v1, CK_SESSION_INFO_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_SESSION_INFO_PTR(CK_SESSION_INFO_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_OBJECT_HANDLE_PTR(value _v1, CK_OBJECT_HANDLE_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_OBJECT_HANDLE_PTR(CK_OBJECT_HANDLE_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_OBJECT_CLASS_PTR(value _v1, CK_OBJECT_CLASS_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_OBJECT_CLASS_PTR(CK_OBJECT_CLASS_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_ATTRIBUTE(value _v1, CK_ATTRIBUTE *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_ATTRIBUTE(CK_ATTRIBUTE *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_ATTRIBUTE_PTR(value _v1, CK_ATTRIBUTE_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_ATTRIBUTE_PTR(CK_ATTRIBUTE_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_DATE(value _v1, CK_DATE *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_DATE(CK_DATE *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_DATE_PTR(value _v1, CK_DATE_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_DATE_PTR(CK_DATE_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_MECHANISM_TYPE_PTR(value _v1, CK_MECHANISM_TYPE_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_MECHANISM_TYPE_PTR(CK_MECHANISM_TYPE_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_MECHANISM(value _v1, CK_MECHANISM *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_MECHANISM(CK_MECHANISM *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_MECHANISM_PTR(value _v1, CK_MECHANISM_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_MECHANISM_PTR(CK_MECHANISM_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_MECHANISM_INFO(value _v1, CK_MECHANISM_INFO *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_MECHANISM_INFO(CK_MECHANISM_INFO *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_MECHANISM_INFO_PTR(value _v1, CK_MECHANISM_INFO_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_MECHANISM_INFO_PTR(CK_MECHANISM_INFO_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_C_INITIALIZE_ARGS(value _v1, CK_C_INITIALIZE_ARGS *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_C_INITIALIZE_ARGS(CK_C_INITIALIZE_ARGS *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_CK_C_INITIALIZE_ARGS_PTR(value _v1, CK_C_INITIALIZE_ARGS_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_CK_C_INITIALIZE_ARGS_PTR(CK_C_INITIALIZE_ARGS_PTR *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_rv_t(value _v1, ck_rv_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_rv_t(ck_rv_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_createmutex_t(value _v1, ck_createmutex_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_createmutex_t(ck_createmutex_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_destroymutex_t(value _v1, ck_destroymutex_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_destroymutex_t(ck_destroymutex_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_lockmutex_t(value _v1, ck_lockmutex_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_lockmutex_t(ck_lockmutex_t *_c2, camlidl_ctx _ctx);"); quote(H, "void camlidl_ml2c_pkcs11_ck_unlockmutex_t(value _v1, ck_unlockmutex_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_c2ml_pkcs11_ck_unlockmutex_t(ck_unlockmutex_t *_c2, camlidl_ctx _ctx);"); quote(H, "value camlidl_pkcs11_ML_CK_C_Daemonize(value _v_param);"); quote(H, "value camlidl_pkcs11_ML_CK_C_SetupArch(value _v_client_arch);"); quote(H, "value camlidl_pkcs11_ML_CK_C_LoadModule(value _v_libname);"); quote(H, "value camlidl_pkcs11_ML_CK_C_Initialize(value _unit);"); quote(H, "value camlidl_pkcs11_ML_CK_C_Finalize(value _unit);"); quote(H, "value camlidl_pkcs11_ML_CK_C_GetSlotList(value _v_token_present, value _v_count);"); quote(H, "value camlidl_pkcs11_ML_CK_C_GetInfo(value _unit);"); quote(H, "value camlidl_pkcs11_ML_CK_C_WaitForSlotEvent(value _v_flags);"); quote(H, "value camlidl_pkcs11_ML_CK_C_GetSlotInfo(value _v_slot_id);"); quote(H, "value camlidl_pkcs11_ML_CK_C_GetTokenInfo(value _v_slot_id);"); quote(H, "value camlidl_pkcs11_ML_CK_C_InitToken(value _v_slot_id, value _v_pin, value _v_label);"); quote(H, "value camlidl_pkcs11_ML_CK_C_OpenSession(value _v_slot_id, value _v_flags);"); quote(H, "value camlidl_pkcs11_ML_CK_C_CloseSession(value _v_session);"); quote(H, "value camlidl_pkcs11_ML_CK_C_CloseAllSessions(value _v_slot_id);"); quote(H, "value camlidl_pkcs11_ML_CK_C_GetSessionInfo(value _v_session);"); quote(H, "value camlidl_pkcs11_ML_CK_C_Login(value _v_session, value _v_user_type, value _v_pin);"); quote(H, "value camlidl_pkcs11_ML_CK_C_Logout(value _v_session);"); quote(H, "value camlidl_pkcs11_ML_CK_C_GetMechanismList(value _v_slot_id, value _v_count);"); quote(H, "value camlidl_pkcs11_ML_CK_C_GetMechanismInfo(value _v_slot_id, value _v_mechanism);"); quote(H, "value camlidl_pkcs11_ML_CK_C_InitPIN(value _v_session, value _v_pin);"); quote(H, "value camlidl_pkcs11_ML_CK_C_SetPIN(value _v_session, value _v_old_pin, value _v_new_pin);"); quote(H, "value camlidl_pkcs11_ML_CK_C_SeedRandom(value _v_session, value _v_seed);"); quote(H, "value camlidl_pkcs11_ML_CK_C_GenerateRandom(value _v_session, value _v_rand_len);"); quote(H, "value camlidl_pkcs11_ML_CK_C_FindObjectsInit(value _v_session, value _v_templ);"); quote(H, "value camlidl_pkcs11_ML_CK_C_FindObjects(value _v_session, value _v_max_object_count);"); quote(H, "value camlidl_pkcs11_ML_CK_C_FindObjectsFinal(value _v_session);"); quote(H, "value camlidl_pkcs11_ML_CK_C_GenerateKey(value _v_session, value _v_mechanism, value _v_templ);"); quote(H, "value camlidl_pkcs11_ML_CK_C_GenerateKeyPair(value _v_session, value _v_mechanism, value _v_pub_templ, value _v_priv_templ);"); quote(H, "value camlidl_pkcs11_ML_CK_C_CreateObject(value _v_session, value _v_templ);"); quote(H, "value camlidl_pkcs11_ML_CK_C_CopyObject(value _v_session, value _v_hobject, value _v_templ);"); quote(H, "value camlidl_pkcs11_ML_CK_C_DestroyObject(value _v_session, value _v_hobject);"); quote(H, "value camlidl_pkcs11_ML_CK_C_GetAttributeValue(value _v_session, value _v_hobject, value _v_templ);"); quote(H, "value camlidl_pkcs11_ML_CK_C_SetAttributeValue(value _v_session, value _v_hobject, value _v_templ);"); quote(H, "value camlidl_pkcs11_ML_CK_C_GetObjectSize(value _v_session, value _v_hobject);"); quote(H, "value camlidl_pkcs11_ML_CK_C_WrapKey(value _v_session, value _v_mechanism, value _v_hwrappingkey, value _v_hkey);"); quote(H, "value camlidl_pkcs11_ML_CK_C_UnwrapKey(value _v_session, value _v_mechanism, value _v_hunwrappingkey, value _v_wrapped_key, value _v_templ);"); quote(H, "value camlidl_pkcs11_ML_CK_C_DeriveKey(value _v_session, value _v_mechanism, value _v_hbasekey, value _v_templ);"); quote(H, "value camlidl_pkcs11_ML_CK_C_DigestInit(value _v_session, value _v_mechanism);"); quote(H, "value camlidl_pkcs11_ML_CK_C_Digest(value _v_session, value _v_data);"); quote(H, "value camlidl_pkcs11_ML_CK_C_DigestUpdate(value _v_session, value _v_data);"); quote(H, "value camlidl_pkcs11_ML_CK_C_DigestKey(value _v_session, value _v_hkey);"); quote(H, "value camlidl_pkcs11_ML_CK_C_DigestFinal(value _v_session);"); quote(H, "value camlidl_pkcs11_ML_CK_C_SignInit(value _v_session, value _v_mechanism, value _v_hkey);"); quote(H, "value camlidl_pkcs11_ML_CK_C_SignRecoverInit(value _v_session, value _v_mechanism, value _v_hkey);"); quote(H, "value camlidl_pkcs11_ML_CK_C_Sign(value _v_session, value _v_data);"); quote(H, "value camlidl_pkcs11_ML_CK_C_SignRecover(value _v_session, value _v_data);"); quote(H, "value camlidl_pkcs11_ML_CK_C_SignUpdate(value _v_session, value _v_data);"); quote(H, "value camlidl_pkcs11_ML_CK_C_SignFinal(value _v_session);"); quote(H, "value camlidl_pkcs11_ML_CK_C_VerifyInit(value _v_session, value _v_mechanism, value _v_hkey);"); quote(H, "value camlidl_pkcs11_ML_CK_C_VerifyRecoverInit(value _v_session, value _v_mechanism, value _v_hkey);"); quote(H, "value camlidl_pkcs11_ML_CK_C_Verify(value _v_session, value _v_data, value _v_signature);"); quote(H, "value camlidl_pkcs11_ML_CK_C_VerifyRecover(value _v_session, value _v_signature);"); quote(H, "value camlidl_pkcs11_ML_CK_C_VerifyUpdate(value _v_session, value _v_data);"); quote(H, "value camlidl_pkcs11_ML_CK_C_VerifyFinal(value _v_session, value _v_signature);"); quote(H, "value camlidl_pkcs11_ML_CK_C_EncryptInit(value _v_session, value _v_mechanism, value _v_hkey);"); quote(H, "value camlidl_pkcs11_ML_CK_C_Encrypt(value _v_session, value _v_data);"); quote(H, "value camlidl_pkcs11_ML_CK_C_EncryptUpdate(value _v_session, value _v_data);"); quote(H, "value camlidl_pkcs11_ML_CK_C_EncryptFinal(value _v_session);"); quote(H, "value camlidl_pkcs11_ML_CK_C_DigestEncryptUpdate(value _v_session, value _v_data);"); quote(H, "value camlidl_pkcs11_ML_CK_C_SignEncryptUpdate(value _v_session, value _v_data);"); quote(H, "value camlidl_pkcs11_ML_CK_C_DecryptInit(value _v_session, value _v_mechanism, value _v_hkey);"); quote(H, "value camlidl_pkcs11_ML_CK_C_Decrypt(value _v_session, value _v_encrypted);"); quote(H, "value camlidl_pkcs11_ML_CK_C_DecryptUpdate(value _v_session, value _v_encrypted);"); quote(H, "value camlidl_pkcs11_ML_CK_C_DecryptFinal(value _v_session);"); quote(H, "value camlidl_pkcs11_ML_CK_C_DecryptDigestUpdate(value _v_session, value _v_encrypted);"); quote(H, "value camlidl_pkcs11_ML_CK_C_DecryptVerifyUpdate(value _v_session, value _v_encrypted);"); quote(H, "value camlidl_pkcs11_ML_CK_C_GetOperationState(value _v_session);"); quote(H, "value camlidl_pkcs11_ML_CK_C_SetOperationState(value _v_session, value _v_data, value _v_hencryptionkey, value _v_hauthenticationkey);"); quote(H, "value camlidl_pkcs11_ML_CK_C_GetFunctionStatus(value _v_session);"); quote(H, "value camlidl_pkcs11_ML_CK_C_CancelFunction(value _v_session);"); quote(H, "value camlidl_pkcs11_int_to_ulong_char_array(value _v_input);"); quote(H, "value camlidl_pkcs11_char_array_to_ulong(value _v_data);"); quote(H, "value camlidl_pkcs11_hton_char_array(value _v_data);"); quote(H, "value camlidl_pkcs11_ntoh_char_array(value _v_data);"); quote(H, "#ifdef SERVER_ROLE"); quote(H, "int decode_ck_attribute_arch(value , struct ck_attribute *, camlidl_ctx);"); quote(H, "int encode_ck_attribute_arch(struct ck_attribute *, struct ck_attribute *);"); quote(H, "#endif"); quote(H, "#endif /* !CRPC */"); quote(C, "#ifdef SERVER_ROLE"); quote(C, "int encode_ck_attribute_arch(struct ck_attribute * in, struct ck_attribute * out){"); quote(C, " uint32_t to_send32;"); quote(C, " uint64_t to_send64;"); quote(C, " out->type_ = in->type_;"); quote(C, " if(my_arch == LITTLE_ENDIAN_32 && peer_arch == LITTLE_ENDIAN_32){"); quote(C, " if(in->value != NULL){"); quote(C, " if(in->value_len != sizeof(uint32_t)){"); quote(C, " return -1;"); quote(C, " }"); quote(C, " memcpy(out->value, in->value, sizeof(uint32_t));"); quote(C, " out->value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " else{"); quote(C, " out->value = NULL;"); quote(C, " out->value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " }"); quote(C, " if(my_arch == LITTLE_ENDIAN_64 && peer_arch == LITTLE_ENDIAN_32){"); quote(C, " if(in->value != NULL){"); quote(C, " if(in->value_len != sizeof(uint64_t)){"); quote(C, " return -1;"); quote(C, " }"); quote(C, " memcpy(out->value, in->value, sizeof(uint32_t));"); quote(C, " out->value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " else{"); quote(C, " out->value = NULL;"); quote(C, " out->value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " }"); quote(C, " if(my_arch == LITTLE_ENDIAN_32 && peer_arch == LITTLE_ENDIAN_64){"); quote(C, " if(in->value != NULL){"); quote(C, " if(in->value_len != sizeof(uint32_t)){"); quote(C, " return -1;"); quote(C, " }"); quote(C, " memcpy(out->value, in->value, sizeof(uint32_t));"); quote(C, " out->value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " else{"); quote(C, " out->value = NULL;"); quote(C, " out->value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " }"); quote(C, " if(my_arch == LITTLE_ENDIAN_64 && peer_arch == LITTLE_ENDIAN_64){"); quote(C, " if(in->value != NULL){"); quote(C, " if(in->value_len != sizeof(uint64_t)){"); quote(C, " return -1;"); quote(C, " }"); quote(C, " memcpy(out->value, in->value, sizeof(uint64_t));"); quote(C, " out->value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " else{"); quote(C, " out->value = NULL;"); quote(C, " out->value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " }"); quote(C, " if(my_arch == BIG_ENDIAN_32 && peer_arch == BIG_ENDIAN_32){"); quote(C, " if(in->value != NULL){"); quote(C, " if(in->value_len != sizeof(uint32_t)){"); quote(C, " return -1;"); quote(C, " }"); quote(C, " memcpy(out->value, in->value, sizeof(uint32_t));"); quote(C, " out->value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " else{"); quote(C, " out->value = NULL;"); quote(C, " out->value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " }"); quote(C, " if(my_arch == BIG_ENDIAN_64 && peer_arch == BIG_ENDIAN_64){"); quote(C, " if(in->value != NULL){"); quote(C, " if(in->value_len != sizeof(uint32_t)){"); quote(C, " return -1;"); quote(C, " }"); quote(C, " memcpy(out->value, in->value, sizeof(uint64_t));"); quote(C, " out->value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " else{"); quote(C, " out->value = NULL;"); quote(C, " out->value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " }"); quote(C, " if(my_arch == LITTLE_ENDIAN_32 && peer_arch == BIG_ENDIAN_32){"); quote(C, " if(in->value != NULL){"); quote(C, " if(in->value_len != sizeof(uint32_t)){"); quote(C, " return -1;"); quote(C, " }"); quote(C, " to_send32 = htobe32(*((uint32_t*)(in->value)));"); quote(C, " memcpy(out->value, &to_send32, sizeof(uint32_t));"); quote(C, " out->value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " else{"); quote(C, " out->value = NULL;"); quote(C, " out->value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " }"); quote(C, " if(my_arch == BIG_ENDIAN_32 && peer_arch == LITTLE_ENDIAN_32){"); quote(C, " if(in->value != NULL){"); quote(C, " if(in->value_len != sizeof(uint32_t)){"); quote(C, " return -1;"); quote(C, " }"); quote(C, " to_send32 = htole32(*((uint32_t*)(in->value)));"); quote(C, " memcpy(out->value, &to_send32, sizeof(uint32_t));"); quote(C, " out->value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " else{"); quote(C, " out->value = NULL;"); quote(C, " out->value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " }"); quote(C, " if(my_arch == LITTLE_ENDIAN_64 && peer_arch == BIG_ENDIAN_64){"); quote(C, " if(in->value != NULL){"); quote(C, " if(in->value_len != sizeof(uint64_t)){"); quote(C, " return -1;"); quote(C, " }"); quote(C, " to_send64 = htobe64(*((uint64_t*)(in->value)));"); quote(C, " memcpy(out->value, &to_send64, sizeof(uint64_t));"); quote(C, " out->value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " else{"); quote(C, " out->value = NULL;"); quote(C, " out->value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " }"); quote(C, " if(my_arch == BIG_ENDIAN_64 && peer_arch == LITTLE_ENDIAN_64){"); quote(C, " if(in->value != NULL){"); quote(C, " if(in->value_len != sizeof(uint64_t)){"); quote(C, " return -1;"); quote(C, " }"); quote(C, " to_send64 = htole64(*((uint64_t*)(in->value)));"); quote(C, " memcpy(out->value, &to_send64, sizeof(uint64_t));"); quote(C, " out->value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " else{"); quote(C, " out->value = NULL;"); quote(C, " out->value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " }"); quote(C, " if(my_arch == LITTLE_ENDIAN_64 && peer_arch == BIG_ENDIAN_32){"); quote(C, " if(in->value != NULL){"); quote(C, " if(in->value_len != sizeof(uint64_t)){"); quote(C, " return -1;"); quote(C, " }"); quote(C, " /* Endianness is different */"); quote(C, " to_send32 = htobe32(*((uint32_t*)(in->value)));"); quote(C, " memcpy(out->value, &to_send32, sizeof(uint32_t));"); quote(C, " out->value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " else{"); quote(C, " out->value = NULL;"); quote(C, " out->value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " }"); quote(C, " if(my_arch == BIG_ENDIAN_32 && peer_arch == LITTLE_ENDIAN_64){"); quote(C, " if(in->value != NULL){"); quote(C, " if(in->value_len != sizeof(uint32_t)){"); quote(C, " return -1;"); quote(C, " }"); quote(C, " /* Endianness is different */"); quote(C, " to_send64 = htole64(*((uint32_t*)(in->value)));"); quote(C, " memcpy(out->value, &to_send64, sizeof(uint64_t));"); quote(C, " out->value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " else{"); quote(C, " out->value = NULL;"); quote(C, " out->value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " }"); quote(C, " if(my_arch == LITTLE_ENDIAN_32 && peer_arch == BIG_ENDIAN_64){"); quote(C, " if(in->value != NULL){"); quote(C, " if(in->value_len != sizeof(uint32_t)){"); quote(C, " return -1;"); quote(C, " }"); quote(C, " /* Endianness is different */"); quote(C, " to_send64 = htobe64(*((uint32_t*)(in->value)));"); quote(C, " memcpy(out->value, &to_send64, sizeof(uint64_t));"); quote(C, " out->value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " else{"); quote(C, " out->value = NULL;"); quote(C, " out->value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " }"); quote(C, " if(my_arch == BIG_ENDIAN_64 && peer_arch == LITTLE_ENDIAN_32){"); quote(C, " if(in->value != NULL){"); quote(C, " if(in->value_len != sizeof(uint64_t)){"); quote(C, " return -1;"); quote(C, " }"); quote(C, " /* Endianness is different */"); quote(C, " to_send32 = htole32(*((uint32_t*)(in->value+4)));"); quote(C, " memcpy(out->value, &to_send32, sizeof(uint32_t));"); quote(C, " out->value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " else{"); quote(C, " out->value = NULL;"); quote(C, " out->value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " }"); quote(C, " if(my_arch == BIG_ENDIAN_32 && peer_arch == BIG_ENDIAN_64){"); quote(C, " if(in->value != NULL){"); quote(C, " if(in->value_len != sizeof(uint32_t)){"); quote(C, " return -1;"); quote(C, " }"); quote(C, " /* Endianness is different */"); quote(C, " to_send64 = htobe64(*((uint32_t*)(in->value)));"); quote(C, " memcpy(out->value, &to_send64, sizeof(uint64_t));"); quote(C, " out->value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " else{"); quote(C, " out->value = NULL;"); quote(C, " out->value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " }"); quote(C, " if(my_arch == BIG_ENDIAN_64 && peer_arch == BIG_ENDIAN_32){"); quote(C, " if(in->value != NULL){"); quote(C, " if(in->value_len != sizeof(uint64_t)){"); quote(C, " return -1;"); quote(C, " }"); quote(C, " /* Endianness is different */"); quote(C, " to_send32 = htobe32(*((uint32_t*)(in->value+4)));"); quote(C, " memcpy(out->value, &to_send32, sizeof(uint32_t));"); quote(C, " out->value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " else{"); quote(C, " out->value = NULL;"); quote(C, " out->value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " }"); quote(C, " return 0;"); quote(C, "}"); quote(C, "#endif"); quote(C, "#ifdef SERVER_ROLE"); quote(C, "int decode_ck_attribute_arch(value in, struct ck_attribute * out, camlidl_ctx _ctx){"); quote(C, " value vtmp;"); quote(C, " unsigned long counter;"); quote(C, ""); quote(C, " if(my_arch == LITTLE_ENDIAN_32 && peer_arch == LITTLE_ENDIAN_32){"); quote(C, " if(Wosize_val(in) != sizeof(uint32_t)){"); quote(C, "#ifdef DEBUG"); quote(C, " fprintf(stderr, \"Something went wrong with the endianness transformation : got %lu instead of %lu\\n\", Wosize_val(in), sizeof(uint32_t));"); quote(C, "#endif"); quote(C, " return -1;"); quote(C, " }"); quote(C, " (*out).value = camlidl_malloc(sizeof(uint32_t), _ctx);"); quote(C, " memset((*out).value, 0, sizeof(uint32_t));"); quote(C, " for(counter = 0; counter < sizeof(uint32_t); counter++) {"); quote(C, " vtmp = Field(in, counter);"); quote(C, " (*out).value[counter] = Int_val(vtmp);"); quote(C, " }"); quote(C, " (*out).value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, ""); quote(C, " if(my_arch == LITTLE_ENDIAN_32 && peer_arch == LITTLE_ENDIAN_64){"); quote(C, " if(Wosize_val(in) != sizeof(uint64_t)){"); quote(C, "#ifdef DEBUG"); quote(C, " fprintf(stderr, \"Something went wrong with the endianness transformation : got %lu instead of %lu\\n\", Wosize_val(in), sizeof(uint64_t));"); quote(C, "#endif"); quote(C, " return -1;"); quote(C, " }"); quote(C, " (*out).value = camlidl_malloc(sizeof(uint32_t), _ctx);"); quote(C, " memset((*out).value, 0, sizeof(uint32_t));"); quote(C, " for(counter = 0; counter < sizeof(uint32_t); counter++) {"); quote(C, " vtmp = Field(in, counter);"); quote(C, " (*out).value[counter] = Int_val(vtmp);"); quote(C, " }"); quote(C, " (*out).value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, ""); quote(C, " if(my_arch == BIG_ENDIAN_32 && peer_arch == BIG_ENDIAN_64){"); quote(C, " if(Wosize_val(in) != sizeof(uint64_t)){"); quote(C, "#ifdef DEBUG"); quote(C, " fprintf(stderr, \"Something went wrong with the endianness transformation : got %lu instead of %lu\\n\", Wosize_val(in), sizeof(uint64_t));"); quote(C, "#endif"); quote(C, " return -1;"); quote(C, " }"); quote(C, " (*out).value = camlidl_malloc(sizeof(uint32_t), _ctx);"); quote(C, " memset((*out).value, 0, sizeof(uint32_t));"); quote(C, " for(counter = 0; counter < sizeof(uint32_t); counter++) {"); quote(C, " vtmp = Field(in, counter + sizeof(uint32_t));"); quote(C, " (*out).value[counter] = Int_val(vtmp);"); quote(C, " }"); quote(C, " (*out).value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " if(my_arch == BIG_ENDIAN_64 && peer_arch == BIG_ENDIAN_32){"); quote(C, " if(Wosize_val(in) != sizeof(uint32_t)){"); quote(C, "#ifdef DEBUG"); quote(C, " fprintf(stderr, \"Something went wrong with the endianness transformation : got %lu instead of %lu\\n\", Wosize_val(in), sizeof(uint32_t));"); quote(C, "#endif"); quote(C, " return -1;"); quote(C, " }"); quote(C, " (*out).value = camlidl_malloc(sizeof(uint64_t), _ctx);"); quote(C, " memset((*out).value, 0, sizeof(uint64_t));"); quote(C, " for(counter = 0; counter < sizeof(uint32_t); counter++) {"); quote(C, " vtmp = Field(in, counter);"); quote(C, " (*out).value[counter + sizeof(uint32_t)] = Int_val(vtmp);"); quote(C, " }"); quote(C, " (*out).value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, ""); quote(C, " if(my_arch == LITTLE_ENDIAN_64 && peer_arch == LITTLE_ENDIAN_32){"); quote(C, " if(Wosize_val(in) != sizeof(uint32_t)){"); quote(C, "#ifdef DEBUG"); quote(C, " fprintf(stderr, \"Something went wrong with the endianness transformation : got %lu instead of %lu\\n\", Wosize_val(in), sizeof(uint32_t));"); quote(C, "#endif"); quote(C, " return -1;"); quote(C, " }"); quote(C, " (*out).value = camlidl_malloc(sizeof(uint64_t), _ctx);"); quote(C, " memset((*out).value, 0, sizeof(uint64_t));"); quote(C, " for(counter = 0; counter < sizeof(uint32_t); counter++) {"); quote(C, " vtmp = Field(in, counter);"); quote(C, " (*out).value[counter] = Int_val(vtmp);"); quote(C, " }"); quote(C, " (*out).value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, ""); quote(C, " if(my_arch == LITTLE_ENDIAN_64 && peer_arch == LITTLE_ENDIAN_64){"); quote(C, " if(Wosize_val(in) != sizeof(uint64_t)){"); quote(C, "#ifdef DEBUG"); quote(C, " fprintf(stderr, \"Something went wrong with the endianness transformation : got %lu instead of %lu\\n\", Wosize_val(in), sizeof(uint64_t));"); quote(C, "#endif"); quote(C, " return -1;"); quote(C, " }"); quote(C, " (*out).value = camlidl_malloc(sizeof(uint64_t), _ctx);"); quote(C, " memset((*out).value, 0, sizeof(uint64_t));"); quote(C, " for(counter = 0; counter < sizeof(uint64_t); counter++) {"); quote(C, " vtmp = Field(in, counter);"); quote(C, " (*out).value[counter] = Int_val(vtmp);"); quote(C, " }"); quote(C, " (*out).value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " if(my_arch == BIG_ENDIAN_32 && peer_arch == BIG_ENDIAN_32){"); quote(C, " if(Wosize_val(in) != sizeof(uint32_t)){"); quote(C, "#ifdef DEBUG"); quote(C, " fprintf(stderr, \"Something went wrong with the endianness transformation : got %lu instead of %lu\\n\", Wosize_val(in), sizeof(uint32_t));"); quote(C, "#endif"); quote(C, " return -1;"); quote(C, " }"); quote(C, " (*out).value = camlidl_malloc(sizeof(uint32_t), _ctx);"); quote(C, " memset((*out).value, 0, sizeof(uint32_t));"); quote(C, " for(counter = 0; counter < sizeof(uint32_t); counter++) {"); quote(C, " vtmp = Field(in, counter);"); quote(C, " (*out).value[counter] = Int_val(vtmp);"); quote(C, " }"); quote(C, " (*out).value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " if(my_arch == BIG_ENDIAN_64 && peer_arch == BIG_ENDIAN_64){"); quote(C, " if(Wosize_val(in) != sizeof(uint64_t)){"); quote(C, "#ifdef DEBUG"); quote(C, " fprintf(stderr, \"Something went wrong with the endianness transformation : got %lu instead of %lu\\n\", Wosize_val(in), sizeof(uint64_t));"); quote(C, "#endif"); quote(C, " return -1;"); quote(C, " }"); quote(C, " (*out).value = camlidl_malloc(sizeof(uint64_t), _ctx);"); quote(C, " memset((*out).value, 0, sizeof(uint64_t));"); quote(C, " for(counter = 0; counter < sizeof(uint64_t); counter++) {"); quote(C, " vtmp = Field(in, counter);"); quote(C, " (*out).value[counter] = Int_val(vtmp);"); quote(C, " }"); quote(C, " (*out).value_len = sizeof(uint64_t);"); quote(C, ""); quote(C, " }"); quote(C, " if(my_arch == LITTLE_ENDIAN_32 && peer_arch == BIG_ENDIAN_32){"); quote(C, " if(Wosize_val(in) != sizeof(uint32_t)){"); quote(C, "#ifdef DEBUG"); quote(C, " fprintf(stderr, \"Something went wrong with the endianness transformation : got %lu instead of %lu\\n\", Wosize_val(in), sizeof(uint32_t));"); quote(C, "#endif"); quote(C, " return -1;"); quote(C, " }"); quote(C, " (*out).value = camlidl_malloc(sizeof(uint32_t), _ctx);"); quote(C, " memset((*out).value, 0, sizeof(uint32_t));"); quote(C, " for(counter = 0; counter < sizeof(uint32_t); counter++) {"); quote(C, " vtmp = Field(in, counter);"); quote(C, " (*out).value[(sizeof(uint32_t) -1 ) - counter] = Int_val(vtmp);"); quote(C, " }"); quote(C, " (*out).value_len = sizeof(uint32_t);"); quote(C, ""); quote(C, " }"); quote(C, " if(my_arch == BIG_ENDIAN_32 && peer_arch == LITTLE_ENDIAN_32){"); quote(C, " if(Wosize_val(in) != sizeof(uint32_t)){"); quote(C, "#ifdef DEBUG"); quote(C, " fprintf(stderr, \"Something went wrong with the endianness transformation : got %lu instead of %lu\\n\", Wosize_val(in), sizeof(uint32_t));"); quote(C, "#endif"); quote(C, " return -1;"); quote(C, " }"); quote(C, " (*out).value = camlidl_malloc(sizeof(uint32_t), _ctx);"); quote(C, " memset((*out).value, 0, sizeof(uint32_t));"); quote(C, " for(counter = 0; counter < sizeof(uint32_t); counter++) {"); quote(C, " vtmp = Field(in, counter);"); quote(C, " (*out).value[(sizeof(uint32_t) -1 ) - counter] = Int_val(vtmp);"); quote(C, " }"); quote(C, " (*out).value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " if(my_arch == LITTLE_ENDIAN_64 && peer_arch == BIG_ENDIAN_64){"); quote(C, " if(Wosize_val(in) != sizeof(uint64_t)){"); quote(C, "#ifdef DEBUG"); quote(C, " fprintf(stderr, \"Something went wrong with the endianness transformation : got %lu instead of %lu\\n\", Wosize_val(in), sizeof(uint64_t));"); quote(C, "#endif"); quote(C, " return -1;"); quote(C, " }"); quote(C, " (*out).value = camlidl_malloc(sizeof(uint64_t), _ctx);"); quote(C, " memset((*out).value, 0, sizeof(uint64_t));"); quote(C, " for(counter = 0; counter < sizeof(uint64_t); counter++) {"); quote(C, " vtmp = Field(in, counter);"); quote(C, " (*out).value[(sizeof(uint64_t) -1 ) - counter] = Int_val(vtmp);"); quote(C, " }"); quote(C, " (*out).value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " if(my_arch == BIG_ENDIAN_64 && peer_arch == LITTLE_ENDIAN_64){"); quote(C, " if(Wosize_val(in) != sizeof(uint64_t)){"); quote(C, "#ifdef DEBUG"); quote(C, " fprintf(stderr, \"Something went wrong with the endianness transformation : got %lu instead of %lu\\n\", Wosize_val(in), sizeof(uint64_t));"); quote(C, "#endif"); quote(C, " return -1;"); quote(C, " }"); quote(C, " (*out).value = camlidl_malloc(sizeof(uint64_t), _ctx);"); quote(C, " memset((*out).value, 0, sizeof(uint64_t));"); quote(C, " for(counter = 0; counter < sizeof(uint64_t); counter++) {"); quote(C, " vtmp = Field(in, counter);"); quote(C, " (*out).value[(sizeof(uint64_t) -1 ) - counter] = Int_val(vtmp);"); quote(C, " }"); quote(C, " (*out).value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " if(my_arch == LITTLE_ENDIAN_64 && peer_arch == BIG_ENDIAN_32){"); quote(C, " if(Wosize_val(in) != sizeof(uint32_t)){"); quote(C, "#ifdef DEBUG"); quote(C, " fprintf(stderr, \"Something went wrong with the endianness transformation : got %lu instead of %lu\\n\", Wosize_val(in), sizeof(uint32_t));"); quote(C, "#endif"); quote(C, " return -1;"); quote(C, " }"); quote(C, " (*out).value = camlidl_malloc(sizeof(uint64_t), _ctx);"); quote(C, " memset((*out).value, 0, sizeof(uint64_t));"); quote(C, " for(counter = 0; counter < sizeof(uint32_t); counter++) {"); quote(C, " vtmp = Field(in, counter);"); quote(C, " (*out).value[(sizeof(uint32_t) -1 ) - counter] = Int_val(vtmp);"); quote(C, " }"); quote(C, " (*out).value_len = sizeof(uint64_t);"); quote(C, ""); quote(C, " }"); quote(C, " if(my_arch == BIG_ENDIAN_32 && peer_arch == LITTLE_ENDIAN_64){"); quote(C, " if(Wosize_val(in) != sizeof(uint64_t)){"); quote(C, "#ifdef DEBUG"); quote(C, " fprintf(stderr, \"Something went wrong with the endianness transformation : got %lu instead of %lu\\n\", Wosize_val(in), sizeof(uint64_t));"); quote(C, "#endif"); quote(C, " return -1;"); quote(C, " }"); quote(C, " (*out).value = camlidl_malloc(sizeof(uint32_t), _ctx);"); quote(C, " memset((*out).value, 0, sizeof(uint32_t));"); quote(C, " for(counter = 0; counter < sizeof(uint32_t); counter++) {"); quote(C, " vtmp = Field(in, counter);"); quote(C, " (*out).value[(sizeof(uint32_t) -1 ) - counter] = Int_val(vtmp);"); quote(C, " }"); quote(C, " (*out).value_len = sizeof(uint32_t);"); quote(C, " }"); quote(C, " if(my_arch == LITTLE_ENDIAN_32 && peer_arch == BIG_ENDIAN_64){"); quote(C, " if(Wosize_val(in) != sizeof(uint64_t)){"); quote(C, "#ifdef DEBUG"); quote(C, " fprintf(stderr, \"Something went wrong with the endianness transformation : got %lu instead of %lu\\n\", Wosize_val(in), sizeof(uint64_t));"); quote(C, "#endif"); quote(C, " return -1;"); quote(C, " }"); quote(C, " (*out).value = camlidl_malloc(sizeof(uint32_t), _ctx);"); quote(C, " memset((*out).value, 0, sizeof(uint32_t));"); quote(C, " for(counter = 0; counter < sizeof(uint32_t); counter++) {"); quote(C, " vtmp = Field(in, counter + sizeof(uint32_t));"); quote(C, " (*out).value[(sizeof(uint32_t) -1 ) - counter] = Int_val(vtmp);"); quote(C, " }"); quote(C, " (*out).value_len = sizeof(uint32_t);"); quote(C, ""); quote(C, " }"); quote(C, " if(my_arch == BIG_ENDIAN_64 && peer_arch == LITTLE_ENDIAN_32){"); quote(C, " if(Wosize_val(in) != sizeof(uint32_t)){"); quote(C, "#ifdef DEBUG"); quote(C, " fprintf(stderr, \"Something went wrong with the endianness transformation : got %lu instead of %lu\\n\", Wosize_val(in), sizeof(uint32_t));"); quote(C, "#endif"); quote(C, " return -1;"); quote(C, " }"); quote(C, " (*out).value = camlidl_malloc(sizeof(uint64_t), _ctx);"); quote(C, " memset((*out).value, 0, sizeof(uint64_t));"); quote(C, " for(counter = 0; counter < sizeof(uint32_t); counter++) {"); quote(C, " vtmp = Field(in, counter);"); quote(C, " (*out).value[(sizeof(uint64_t) -1 ) - counter] = Int_val(vtmp);"); quote(C, " }"); quote(C, " (*out).value_len = sizeof(uint64_t);"); quote(C, " }"); quote(C, " return 0;"); quote(C, "}"); quote(C, "#endif"); quote(ml, "let c_Daemonize = fun param -> mL_CK_C_Daemonize param"); quote(ml, "let c_SetupArch = fun arch -> mL_CK_C_SetupArch arch"); quote(ml, "let c_LoadModule = fun path -> mL_CK_C_LoadModule path"); quote(ml, "let c_Initialize () = mL_CK_C_Initialize ()"); quote(ml, "let c_GetInfo () = mL_CK_C_GetInfo ()"); quote(ml, "let c_GetSlotList = fun token_present count -> mL_CK_C_GetSlotList token_present count"); quote(ml, "let c_GetSlotInfo = fun ckslotidt_ -> mL_CK_C_GetSlotInfo ckslotidt_"); quote(ml, "let c_GetTokenInfo = fun ckslotidt_ -> mL_CK_C_GetTokenInfo ckslotidt_"); quote(ml, "let c_WaitForSlotEvent = fun ckflagst_ -> mL_CK_C_WaitForSlotEvent ckflagst_ "); quote(ml, "let c_GetMechanismList = fun ckslotidt_ count -> mL_CK_C_GetMechanismList ckslotidt_ count "); quote(ml, "let c_GetMechanismInfo = fun ckslotidt_ ckmechanismtypet_ -> mL_CK_C_GetMechanismInfo ckslotidt_ ckmechanismtypet_ "); quote(ml, "let c_InitToken = fun ckslotidt_ so_pin label -> mL_CK_C_InitToken ckslotidt_ so_pin label "); quote(ml, "let c_InitPIN = fun cksessionhandlet_ pin -> mL_CK_C_InitPIN cksessionhandlet_ pin "); quote(ml, "let c_SetPIN = fun cksessionhandlet_ old_pin new_pin -> mL_CK_C_SetPIN cksessionhandlet_ old_pin new_pin "); quote(ml, "let c_OpenSession = fun ckslotid_ ckflagst_ -> mL_CK_C_OpenSession ckslotid_ ckflagst_"); quote(ml, "let c_CloseSession = fun cksessionhandlet_ -> mL_CK_C_CloseSession cksessionhandlet_ "); quote(ml, "let c_CloseAllSessions = fun ckslotidt_ -> mL_CK_C_CloseAllSessions ckslotidt_ "); quote(ml, "let c_GetSessionInfo = fun cksessionhandlet_ -> mL_CK_C_GetSessionInfo cksessionhandlet_ "); quote(ml, "let c_GetOperationState = fun cksessionhandlet_ -> mL_CK_C_GetOperationState cksessionhandlet_ "); quote(ml, "let c_SetOperationState = fun cksessionhandlet_ state encryption_handle authentication_handle -> mL_CK_C_SetOperationState cksessionhandlet_ state encryption_handle authentication_handle"); quote(ml, "let c_Login = fun cksessionhandlet_ ckusertypet_ pin -> mL_CK_C_Login cksessionhandlet_ ckusertypet_ pin "); quote(ml, "let c_Logout = fun cksessionhandlet -> mL_CK_C_Logout cksessionhandlet "); quote(ml, "let c_Finalize () = mL_CK_C_Finalize ()"); quote(ml, "let c_CreateObject = fun cksessionhandlet_ ckattributearray_ -> mL_CK_C_CreateObject cksessionhandlet_ ckattributearray_ "); quote(ml, "let c_CopyObject = fun cksessionhandlet_ ckobjecthandlet_ ckattributearray_ -> mL_CK_C_CopyObject cksessionhandlet_ ckobjecthandlet_ ckattributearray_"); quote(ml, "let c_DestroyObject = fun cksessionhandlet_ ckobjecthandlet_ -> mL_CK_C_DestroyObject cksessionhandlet_ ckobjecthandlet_ "); quote(ml, "let c_GetObjectSize = fun cksessionhandlet_ ckobjecthandlet_ -> mL_CK_C_GetObjectSize cksessionhandlet_ ckobjecthandlet_ "); quote(ml, "let c_GetAttributeValue = fun cksessionhandlet_ ckobjecthandlet_ ckattributearray_ -> mL_CK_C_GetAttributeValue cksessionhandlet_ ckobjecthandlet_ ckattributearray_ "); quote(ml, "let c_SetAttributeValue = fun cksessionhandlet_ ckobjecthandlet_ ckattributearray_ -> mL_CK_C_SetAttributeValue cksessionhandlet_ ckobjecthandlet_ ckattributearray_ "); quote(ml, "let c_FindObjectsInit = fun cksessionhandlet_ ckattributearray_ -> mL_CK_C_FindObjectsInit cksessionhandlet_ ckattributearray_ "); quote(ml, "let c_FindObjects = fun cksessionhandlet_ count -> mL_CK_C_FindObjects cksessionhandlet_ count "); quote(ml, "let c_FindObjectsFinal = fun cksessionhandlet_ -> mL_CK_C_FindObjectsFinal cksessionhandlet_ "); quote(ml, "let c_EncryptInit = fun cksessionhandlet_ ckmechanism_ ckobjecthandlet_ -> mL_CK_C_EncryptInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ "); quote(ml, "let c_Encrypt = fun cksessionhandlet_ data -> mL_CK_C_Encrypt cksessionhandlet_ data "); quote(ml, "let c_EncryptUpdate = fun cksessionhandlet_ data -> mL_CK_C_EncryptUpdate cksessionhandlet_ data "); quote(ml, "let c_EncryptFinal = fun cksessionhandlet_ -> mL_CK_C_EncryptFinal cksessionhandlet_ "); quote(ml, "let c_DecryptInit = fun cksessionhandlet_ ckmechanism_ ckobjecthandlet_ -> mL_CK_C_DecryptInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_"); quote(ml, "let c_Decrypt = fun cksessionhandlet_ data -> mL_CK_C_Decrypt cksessionhandlet_ data "); quote(ml, "let c_DecryptUpdate = fun cksessionhandlet_ data -> mL_CK_C_DecryptUpdate cksessionhandlet_ data "); quote(ml, "let c_DecryptFinal = fun cksessionhandlet_ -> mL_CK_C_DecryptFinal cksessionhandlet_ "); quote(ml, "let c_DigestInit = fun cksessionhandlet_ ckmechanism_ -> mL_CK_C_DigestInit cksessionhandlet_ ckmechanism_ "); quote(ml, "let c_Digest = fun cksessionhandlet_ data -> mL_CK_C_Digest cksessionhandlet_ data "); quote(ml, "let c_DigestUpdate = fun cksessionhandlet_ data -> mL_CK_C_DigestUpdate cksessionhandlet_ data "); quote(ml, "let c_DigestKey = fun cksessionhandlet_ ckobjecthandlet_ -> mL_CK_C_DigestKey cksessionhandlet_ ckobjecthandlet_ "); quote(ml, "let c_DigestFinal = fun cksessionhandlet -> mL_CK_C_DigestFinal cksessionhandlet "); quote(ml, "let c_SignInit = fun cksessionhandlet_ ckmechanism_ ckobjecthandlet_ -> mL_CK_C_SignInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ "); quote(ml, "let c_SignRecoverInit = fun cksessionhandlet_ ckmechanism_ ckobjecthandlet_ -> mL_CK_C_SignRecoverInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ "); quote(ml, "let c_Sign = fun cksessionhandlet_ data -> mL_CK_C_Sign cksessionhandlet_ data "); quote(ml, "let c_SignRecover = fun cksessionhandlet_ data -> mL_CK_C_SignRecover cksessionhandlet_ data "); quote(ml, "let c_SignUpdate = fun cksessionhandlet_ data -> mL_CK_C_SignUpdate cksessionhandlet_ data "); quote(ml, "let c_SignFinal = fun cksessionhandlet_ -> mL_CK_C_SignFinal cksessionhandlet_ "); quote(ml, "let c_VerifyInit = fun cksessionhandlet_ ckmechanism_ ckobjecthandlet_ -> mL_CK_C_VerifyInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ "); quote(ml, "let c_VerifyRecoverInit = fun cksessionhandlet_ ckmechanism_ ckobjecthandlet_ -> mL_CK_C_VerifyRecoverInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ "); quote(ml, "let c_Verify = fun cksessionhandlet_ data signed_data -> mL_CK_C_Verify cksessionhandlet_ data signed_data "); quote(ml, "let c_VerifyRecover = fun cksessionhandlet_ data -> mL_CK_C_VerifyRecover cksessionhandlet_ data "); quote(ml, "let c_VerifyUpdate = fun cksessionhandlet_ data -> mL_CK_C_VerifyUpdate cksessionhandlet_ data "); quote(ml, "let c_VerifyFinal = fun cksessionhandlet_ data -> mL_CK_C_VerifyFinal cksessionhandlet_ data "); quote(ml, "let c_DigestEncryptUpdate = fun cksessionhandlet_ data -> mL_CK_C_DigestEncryptUpdate cksessionhandlet_ data"); quote(ml, "let c_DecryptDigestUpdate = fun cksessionhandlet_ data -> mL_CK_C_DecryptDigestUpdate cksessionhandlet_ data "); quote(ml, "let c_SignEncryptUpdate = fun cksessionhandlet_ data -> mL_CK_C_SignEncryptUpdate cksessionhandlet_ data"); quote(ml, "let c_DecryptVerifyUpdate = fun cksessionhandlet_ data -> mL_CK_C_DecryptVerifyUpdate cksessionhandlet_ data "); quote(ml, "let c_GenerateKey = fun cksessionhandlet_ ckmechanism_ ckattributearray_ -> mL_CK_C_GenerateKey cksessionhandlet_ ckmechanism_ ckattributearray_ "); quote(ml, "let c_GenerateKeyPair = fun cksessionhandlet_ ckmechanism_ pub_attributes priv_attributes -> mL_CK_C_GenerateKeyPair cksessionhandlet_ ckmechanism_ pub_attributes priv_attributes"); quote(ml, "let c_WrapKey = fun cksessionhandlet_ ckmechanism_ wrapping_handle wrapped_handle -> mL_CK_C_WrapKey cksessionhandlet_ ckmechanism_ wrapping_handle wrapped_handle "); quote(ml, "let c_UnwrapKey = fun cksessionhandlet_ ckmechanism_ unwrapping_handle wrapped_key ckattributearray_ -> mL_CK_C_UnwrapKey cksessionhandlet_ ckmechanism_ unwrapping_handle wrapped_key ckattributearray_ "); quote(ml, "let c_DeriveKey = fun cksessionhandlet_ ckmechanism_ initial_key_handle ckattributearray_ -> mL_CK_C_DeriveKey cksessionhandlet_ ckmechanism_ initial_key_handle ckattributearray_ "); quote(ml, "let c_SeedRandom = fun cksessionhandlet_ seed -> mL_CK_C_SeedRandom cksessionhandlet_ seed "); quote(ml, "let c_GenerateRandom = fun cksessionhandlet_ count -> mL_CK_C_GenerateRandom cksessionhandlet_ count"); quote(ml, "let c_GetFunctionStatus = fun cksessionhandlet_ -> mL_CK_C_GetFunctionStatus cksessionhandlet_ "); quote(ml, "let c_CancelFunction = fun cksessionhandlet_ -> mL_CK_C_CancelFunction cksessionhandlet_ "); quote(mli, "val c_Daemonize : char array -> ck_rv_t"); quote(mli, "val c_SetupArch : nativeint -> ck_rv_t"); quote(mli, "val c_LoadModule : char array -> ck_rv_t"); quote(mli, "val c_Initialize : unit -> ck_rv_t"); quote(mli, "val c_GetInfo : unit -> ck_rv_t * ck_info"); quote(mli, "val c_GetSlotList : nativeint -> nativeint -> ck_rv_t * ck_slot_id_t array * nativeint"); quote(mli, "val c_GetSlotInfo : ck_slot_id_t -> ck_rv_t * ck_slot_info"); quote(mli, "val c_GetTokenInfo : ck_slot_id_t -> ck_rv_t * ck_token_info"); quote(mli, "val c_WaitForSlotEvent : ck_flags_t -> ck_rv_t * ck_slot_id_t"); quote(mli, "val c_GetMechanismList : ck_slot_id_t -> nativeint -> ck_rv_t * ck_mechanism_type_t array * nativeint"); quote(mli, "val c_GetMechanismInfo : ck_slot_id_t -> ck_mechanism_type_t -> ck_rv_t * ck_mechanism_info"); quote(mli, "val c_InitToken : ck_slot_id_t -> char array -> char array -> ck_rv_t"); quote(mli, "val c_InitPIN : ck_session_handle_t -> char array -> ck_rv_t"); quote(mli, "val c_SetPIN : ck_session_handle_t -> char array -> char array -> ck_rv_t"); quote(mli, "val c_OpenSession : ck_slot_id_t -> ck_flags_t -> ck_rv_t * ck_session_handle_t"); quote(mli, "val c_CloseSession : ck_session_handle_t -> ck_rv_t"); quote(mli, "val c_CloseAllSessions : ck_slot_id_t -> ck_rv_t"); quote(mli, "val c_GetSessionInfo : ck_session_handle_t -> ck_rv_t * ck_session_info"); quote(mli, "val c_GetOperationState : ck_session_handle_t -> ck_rv_t * char array"); quote(mli, "val c_SetOperationState : ck_session_handle_t -> char array -> ck_object_handle_t -> ck_object_handle_t -> ck_rv_t"); quote(mli, "val c_Login : ck_session_handle_t -> ck_user_type_t -> char array -> ck_rv_t"); quote(mli, "val c_Logout : ck_session_handle_t -> ck_rv_t"); quote(mli, "val c_Finalize : unit -> ck_rv_t"); quote(mli, "val c_CreateObject : ck_session_handle_t -> ck_attribute array -> ck_rv_t * ck_object_handle_t"); quote(mli, "val c_CopyObject : ck_session_handle_t -> ck_object_handle_t -> ck_attribute array -> ck_rv_t * ck_object_handle_t"); quote(mli, "val c_DestroyObject : ck_session_handle_t -> ck_object_handle_t -> ck_rv_t"); quote(mli, "val c_GetObjectSize : ck_session_handle_t -> ck_object_handle_t -> ck_rv_t * nativeint"); quote(mli, "val c_GetAttributeValue : ck_session_handle_t -> ck_object_handle_t -> ck_attribute array -> ck_rv_t * ck_attribute array"); quote(mli, "val c_SetAttributeValue : ck_session_handle_t -> ck_object_handle_t -> ck_attribute array -> ck_rv_t"); quote(mli, "val c_FindObjectsInit : ck_session_handle_t -> ck_attribute array -> ck_rv_t"); quote(mli, "val c_FindObjects : ck_session_handle_t -> nativeint -> ck_rv_t * ck_object_handle_t array * nativeint"); quote(mli, "val c_FindObjectsFinal : ck_session_handle_t -> ck_rv_t"); quote(mli, "val c_EncryptInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t"); quote(mli, "val c_Encrypt : ck_session_handle_t -> char array -> ck_rv_t * char array"); quote(mli, "val c_EncryptUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array"); quote(mli, "val c_EncryptFinal : ck_session_handle_t -> ck_rv_t * char array"); quote(mli, "val c_DecryptInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t"); quote(mli, "val c_Decrypt : ck_session_handle_t -> char array -> ck_rv_t * char array"); quote(mli, "val c_DecryptUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array"); quote(mli, "val c_DecryptFinal : ck_session_handle_t -> ck_rv_t * char array"); quote(mli, "val c_DigestInit : ck_session_handle_t -> ck_mechanism -> ck_rv_t"); quote(mli, "val c_Digest : ck_session_handle_t -> char array -> ck_rv_t * char array"); quote(mli, "val c_DigestUpdate : ck_session_handle_t -> char array -> ck_rv_t"); quote(mli, "val c_DigestKey : ck_session_handle_t -> ck_object_handle_t -> ck_rv_t"); quote(mli, "val c_DigestFinal : ck_session_handle_t -> ck_rv_t * char array"); quote(mli, "val c_SignInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t"); quote(mli, "val c_SignRecoverInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t"); quote(mli, "val c_Sign : ck_session_handle_t -> char array -> ck_rv_t * char array"); quote(mli, "val c_SignRecover : ck_session_handle_t -> char array -> ck_rv_t * char array"); quote(mli, "val c_SignUpdate : ck_session_handle_t -> char array -> ck_rv_t"); quote(mli, "val c_SignFinal : ck_session_handle_t -> ck_rv_t * char array"); quote(mli, "val c_VerifyInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t"); quote(mli, "val c_VerifyRecoverInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t"); quote(mli, "val c_Verify : ck_session_handle_t -> char array -> char array -> ck_rv_t"); quote(mli, "val c_VerifyRecover : ck_session_handle_t -> char array -> ck_rv_t * char array"); quote(mli, "val c_VerifyUpdate : ck_session_handle_t -> char array -> ck_rv_t"); quote(mli, "val c_VerifyFinal : ck_session_handle_t -> char array -> ck_rv_t"); quote(mli, "val c_DigestEncryptUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array"); quote(mli, "val c_DecryptDigestUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array"); quote(mli, "val c_SignEncryptUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array"); quote(mli, "val c_DecryptVerifyUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array"); quote(mli, "val c_GenerateKey : ck_session_handle_t -> ck_mechanism -> ck_attribute array -> ck_rv_t * ck_object_handle_t"); quote(mli, "val c_GenerateKeyPair : ck_session_handle_t -> ck_mechanism -> ck_attribute array -> ck_attribute array -> ck_rv_t * ck_object_handle_t * ck_object_handle_t"); quote(mli, "val c_WrapKey : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_object_handle_t -> ck_rv_t * char array"); quote(mli, "val c_UnwrapKey : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> char array -> ck_attribute array -> ck_rv_t * ck_object_handle_t"); quote(mli, "val c_DeriveKey : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_attribute array -> ck_rv_t * ck_object_handle_t"); quote(mli, "val c_SeedRandom : ck_session_handle_t -> char array -> ck_rv_t"); quote(mli, "val c_GenerateRandom : ck_session_handle_t -> nativeint -> ck_rv_t * char array"); quote(mli, "val c_GetFunctionStatus : ck_session_handle_t -> ck_rv_t"); quote(mli, "val c_CancelFunction : ck_session_handle_t -> ck_rv_t"); caml-crush-1.0.12/src/bindings-pkcs11/pkcs11.ml000066400000000000000000002176511414774042300207730ustar00rootroot00000000000000(* File generated from pkcs11.idl *) type ck_flags_t = nativeint and ck_version = { major: char; minor: char; } and ck_info = { ck_info_cryptoki_version: ck_version; ck_info_manufacturer_id: char array; ck_info_flags: ck_flags_t; ck_info_library_description: char array; ck_info_library_version: ck_version; } and ck_notification_t = nativeint and ck_slot_id_t = nativeint and ck_slot_info = { ck_slot_info_slot_description: char array; ck_slot_info_manufacturer_id: char array; ck_slot_info_flags: ck_flags_t; ck_slot_info_hardware_version: ck_version; ck_slot_info_firmware_version: ck_version; } and ck_token_info = { ck_token_info_label: char array; ck_token_info_manufacturer_id: char array; ck_token_info_model: char array; ck_token_info_serial_number: char array; ck_token_info_flags: ck_flags_t; ck_token_info_max_session_count: nativeint; ck_token_info_session_count: nativeint; ck_token_info_max_rw_session_count: nativeint; ck_token_info_rw_session_count: nativeint; ck_token_info_max_pin_len: nativeint; ck_token_info_min_pin_len: nativeint; ck_token_info_total_public_memory: nativeint; ck_token_info_free_public_memory: nativeint; ck_token_info_total_private_memory: nativeint; ck_token_info_free_private_memory: nativeint; ck_token_info_hardware_version: ck_version; ck_token_info_firmware_version: ck_version; ck_token_info_utc_time: char array; } and ck_session_handle_t = nativeint and ck_user_type_t = nativeint and ck_state_t = nativeint and ck_session_info = { ck_session_info_slot_id: ck_slot_id_t; ck_session_info_state: ck_state_t; ck_session_info_flags: ck_flags_t; ck_session_info_device_error: nativeint; } and ck_object_handle_t = nativeint and ck_object_class_t = nativeint and ck_hw_feature_type_t = nativeint and ck_key_type_t = nativeint and ck_certificate_type_t = nativeint and ck_attribute_type_t = nativeint and ck_attribute = { type_: ck_attribute_type_t; value: char array; } and ck_date = { year: char array; month: char array; day: char array; } and ck_mechanism_type_t = nativeint and ck_mechanism = { mechanism: ck_mechanism_type_t; parameter: char array; } and ck_mechanism_info = { ck_mechanism_info_min_key_size: nativeint; ck_mechanism_info_max_key_size: nativeint; ck_mechanism_info_flags: ck_flags_t; } and cK_BYTE = char and cK_CHAR = char and cK_UTF8CHAR = char and cK_BBOOL = char and cK_ULONG = nativeint and cK_LONG = nativeint and cK_BYTE_PTR = cK_BYTE option and cK_CHAR_PTR = cK_CHAR option and cK_UTF8CHAR_PTR = cK_UTF8CHAR option and cK_ULONG_PTR = cK_ULONG option and cK_VERSION = ck_version and cK_VERSION_PTR = ck_version option and cK_INFO = ck_info and cK_INFO_PTR = ck_info option and cK_SLOT_ID_PTR = ck_slot_id_t option and cK_SLOT_INFO = ck_slot_info and cK_SLOT_INFO_PTR = ck_slot_info option and cK_TOKEN_INFO = ck_token_info and cK_TOKEN_INFO_PTR = ck_token_info option and cK_SESSION_HANDLE_PTR = ck_session_handle_t option and cK_SESSION_INFO = ck_session_info and cK_SESSION_INFO_PTR = ck_session_info option and cK_OBJECT_HANDLE_PTR = ck_object_handle_t option and cK_OBJECT_CLASS_PTR = ck_object_class_t option and cK_ATTRIBUTE = ck_attribute and cK_ATTRIBUTE_PTR = ck_attribute option and cK_DATE = ck_date and cK_DATE_PTR = ck_date option and cK_MECHANISM_TYPE_PTR = ck_mechanism_type_t option and cK_MECHANISM = ck_mechanism and cK_MECHANISM_PTR = ck_mechanism option and cK_MECHANISM_INFO = ck_mechanism_info and cK_MECHANISM_INFO_PTR = ck_mechanism_info option and cK_C_INITIALIZE_ARGS = ck_c_initialize_args and cK_C_INITIALIZE_ARGS_PTR = ck_c_initialize_args option and ck_rv_t = nativeint and ck_createmutex_t = unit->nativeint and ck_destroymutex_t = unit->nativeint and ck_lockmutex_t = unit->nativeint and ck_unlockmutex_t = unit->nativeint and ck_c_initialize_args = { ck_c_initialize_args_create_mutex: ck_createmutex_t; ck_c_initialize_args_destroy_mutex: ck_destroymutex_t; ck_c_initialize_args_lock_mutex: ck_lockmutex_t; ck_c_initialize_args_unlock_mutex: ck_unlockmutex_t; ck_c_initialize_args_flags: ck_flags_t; } let lITTLE_ENDIAN_64 = 1n let lITTLE_ENDIAN_32 = 2n let bIG_ENDIAN_64 = 3n let bIG_ENDIAN_32 = 4n let uNSUPPORTED_ARCHITECTURE = 5n let nOT_INITIALIZED = 6n let match_arch_value a = match a with 1n -> "LITTLE_ENDIAN_64" | 2n -> "LITTLE_ENDIAN_32" | 3n -> "BIG_ENDIAN_64" | 4n -> "BIG_ENDIAN_32" | 5n -> "UNSUPPORTED_ARCHITECTURE" | 6n -> "NOT_INITIALIZED" | _ -> "UNKNOWN_ERROR" let cRYPTOKI_VERSION_MAJOR = 2n let cRYPTOKI_VERSION_MINOR = 20n let cRYPTOKI_VERSION_REVISION = 6n let cKN_SURRENDER = 0n let cKN_OTP_CHANGED = 1n let cKF_TOKEN_PRESENT = 1n let cKF_REMOVABLE_DEVICE = 2n let cKF_HW_SLOT = 4n let cKF_ARRAY_ATTRIBUTE = 1073741824n let cKF_RNG = 1n let cKF_WRITE_PROTECTED = 2n let cKF_LOGIN_REQUIRED = 4n let cKF_USER_PIN_INITIALIZED = 8n let cKF_RESTORE_KEY_NOT_NEEDED = 32n let cKF_CLOCK_ON_TOKEN = 64n let cKF_PROTECTED_AUTHENTICATION_PATH = 256n let cKF_DUAL_CRYPTO_OPERATIONS = 512n let cKF_TOKEN_INITIALIZED = 1024n let cKF_SECONDARY_AUTHENTICATION = 2048n let cKF_USER_PIN_COUNT_LOW = 65536n let cKF_USER_PIN_FINAL_TRY = 131072n let cKF_USER_PIN_LOCKED = 262144n let cKF_USER_PIN_TO_BE_CHANGED = 524288n let cKF_SO_PIN_COUNT_LOW = 1048576n let cKF_SO_PIN_FINAL_TRY = 2097152n let cKF_SO_PIN_LOCKED = 4194304n let cKF_SO_PIN_TO_BE_CHANGED = 8388608n let cK_UNAVAILABLE_INFORMATION = (Nativeint.minus_one) let cK_EFFECTIVELY_INFINITE = 0n let cK_INVALID_HANDLE = 0n let cKU_SO = 0n let cKU_USER = 1n let cKU_CONTEXT_SPECIFIC = 2n let cKS_RO_PUBLIC_SESSION = 0n let cKS_RO_USER_FUNCTIONS = 1n let cKS_RW_PUBLIC_SESSION = 2n let cKS_RW_USER_FUNCTIONS = 3n let cKS_RW_SO_FUNCTIONS = 4n let cKF_RW_SESSION = 2n let cKF_SERIAL_SESSION = 4n let cKO_DATA = 0n let cKO_CERTIFICATE = 1n let cKO_PUBLIC_KEY = 2n let cKO_PRIVATE_KEY = 3n let cKO_SECRET_KEY = 4n let cKO_HW_FEATURE = 5n let cKO_DOMAIN_PARAMETERS = 6n let cKO_MECHANISM = 7n let cKO_OTP_KEY = 8n let cKO_VENDOR_DEFINED = 2147483648n let cKH_MONOTONIC_COUNTER = 1n let cKH_CLOCK = 2n let cKH_USER_INTERFACE = 3n let cKH_VENDOR_DEFINED = 2147483648n let cKK_RSA = 0n let cKK_DSA = 1n let cKK_DH = 2n let cKK_ECDSA = 3n let cKK_EC = 3n let cKK_X9_42_DH = 4n let cKK_KEA = 5n let cKK_GENERIC_SECRET = 16n let cKK_RC2 = 17n let cKK_RC4 = 18n let cKK_DES = 19n let cKK_DES2 = 20n let cKK_DES3 = 21n let cKK_CAST = 22n let cKK_CAST3 = 23n let cKK_CAST128 = 24n let cKK_RC5 = 25n let cKK_IDEA = 26n let cKK_SKIPJACK = 27n let cKK_BATON = 28n let cKK_JUNIPER = 29n let cKK_CDMF = 30n let cKK_AES = 31n let cKK_BLOWFISH = 32n let cKK_TWOFISH = 33n let cKK_SECURID = 34n let cKK_HOTP = 35n let cKK_ACTI = 36n let cKK_CAMELLIA = 37n let cKK_ARIA = 38n let cKK_VENDOR_DEFINED = 2147483648n let cKC_X_509 = 0n let cKC_X_509_ATTR_CERT = 1n let cKC_WTLS = 2n let cKC_VENDOR_DEFINED = 2147483648n let cK_OTP_FORMAT_DECIMAL = 0n let cK_OTP_FORMAT_HEXADECIMAL = 1n let cK_OTP_FORMAT_ALPHANUMERIC = 2n let cK_OTP_PARAM_IGNORED = 0n let cK_OTP_PARAM_OPTIONAL = 1n let cK_OTP_PARAM_MANDATORY = 2n let cKA_CLASS = 0n let cKA_TOKEN = 1n let cKA_PRIVATE = 2n let cKA_LABEL = 3n let cKA_APPLICATION = 16n let cKA_VALUE = 17n let cKA_OBJECT_ID = 18n let cKA_CERTIFICATE_TYPE = 128n let cKA_ISSUER = 129n let cKA_SERIAL_NUMBER = 130n let cKA_AC_ISSUER = 131n let cKA_OWNER = 132n let cKA_ATTR_TYPES = 133n let cKA_TRUSTED = 134n let cKA_CERTIFICATE_CATEGORY = 135n let cKA_JAVA_MIDP_SECURITY_DOMAIN = 136n let cKA_URL = 137n let cKA_HASH_OF_SUBJECT_PUBLIC_KEY = 138n let cKA_HASH_OF_ISSUER_PUBLIC_KEY = 139n let cKA_CHECK_VALUE = 144n let cKA_KEY_TYPE = 256n let cKA_SUBJECT = 257n let cKA_ID = 258n let cKA_SENSITIVE = 259n let cKA_ENCRYPT = 260n let cKA_DECRYPT = 261n let cKA_WRAP = 262n let cKA_UNWRAP = 263n let cKA_SIGN = 264n let cKA_SIGN_RECOVER = 265n let cKA_VERIFY = 266n let cKA_VERIFY_RECOVER = 267n let cKA_DERIVE = 268n let cKA_START_DATE = 272n let cKA_END_DATE = 273n let cKA_MODULUS = 288n let cKA_MODULUS_BITS = 289n let cKA_PUBLIC_EXPONENT = 290n let cKA_PRIVATE_EXPONENT = 291n let cKA_PRIME_1 = 292n let cKA_PRIME_2 = 293n let cKA_EXPONENT_1 = 294n let cKA_EXPONENT_2 = 295n let cKA_COEFFICIENT = 296n let cKA_PRIME = 304n let cKA_SUBPRIME = 305n let cKA_BASE = 306n let cKA_PRIME_BITS = 307n let cKA_SUB_PRIME_BITS = 308n let cKA_VALUE_BITS = 352n let cKA_VALUE_LEN = 353n let cKA_EXTRACTABLE = 354n let cKA_LOCAL = 355n let cKA_NEVER_EXTRACTABLE = 356n let cKA_ALWAYS_SENSITIVE = 357n let cKA_KEY_GEN_MECHANISM = 358n let cKA_MODIFIABLE = 368n let cKA_ECDSA_PARAMS = 384n let cKA_EC_PARAMS = 384n let cKA_EC_POINT = 385n let cKA_SECONDARY_AUTH = 512n let cKA_AUTH_PIN_FLAGS = 513n let cKA_ALWAYS_AUTHENTICATE = 514n let cKA_WRAP_WITH_TRUSTED = 528n let cKA_OTP_FORMAT = 544n let cKA_OTP_LENGTH = 545n let cKA_OTP_TIME_INTERVAL = 546n let cKA_OTP_USER_FRIENDLY_MODE = 547n let cKA_OTP_CHALLENGE_REQUIREMENT = 548n let cKA_OTP_TIME_REQUIREMENT = 549n let cKA_OTP_COUNTER_REQUIREMENT = 550n let cKA_OTP_PIN_REQUIREMENT = 551n let cKA_OTP_COUNTER = 552n let cKA_OTP_TIME = 553n let cKA_OTP_USER_IDENTIFIER = 554n let cKA_OTP_SERVICE_IDENTIFIER = 555n let cKA_OTP_SERVICE_LOGO = 556n let cKA_OTP_SERVICE_LOGO_TYPE = 557n let cKA_HW_FEATURE_TYPE = 768n let cKA_RESET_ON_INIT = 769n let cKA_HAS_RESET = 770n let cKA_PIXEL_X = 1024n let cKA_PIXEL_Y = 1025n let cKA_RESOLUTION = 1026n let cKA_CHAR_ROWS = 1027n let cKA_CHAR_COLUMNS = 1028n let cKA_COLOR = 1029n let cKA_BITS_PER_PIXEL = 1030n let cKA_CHAR_SETS = 1152n let cKA_ENCODING_METHODS = 1153n let cKA_MIME_TYPES = 1154n let cKA_MECHANISM_TYPE = 1280n let cKA_REQUIRED_CMS_ATTRIBUTES = 1281n let cKA_DEFAULT_CMS_ATTRIBUTES = 1282n let cKA_SUPPORTED_CMS_ATTRIBUTES = 1283n let cKA_WRAP_TEMPLATE = 1073742353n let cKA_UNWRAP_TEMPLATE = 1073742354n let cKA_ALLOWED_MECHANISMS = 1073743360n let cKA_VENDOR_DEFINED = 2147483648n let cKM_RSA_PKCS_KEY_PAIR_GEN = 0n let cKM_RSA_PKCS = 1n let cKM_RSA_9796 = 2n let cKM_RSA_X_509 = 3n let cKM_MD2_RSA_PKCS = 4n let cKM_MD5_RSA_PKCS = 5n let cKM_SHA1_RSA_PKCS = 6n let cKM_RIPEMD128_RSA_PKCS = 7n let cKM_RIPEMD160_RSA_PKCS = 8n let cKM_RSA_PKCS_OAEP = 9n let cKM_RSA_X9_31_KEY_PAIR_GEN = 10n let cKM_RSA_X9_31 = 11n let cKM_SHA1_RSA_X9_31 = 12n let cKM_RSA_PKCS_PSS = 13n let cKM_SHA1_RSA_PKCS_PSS = 14n let cKM_DSA_KEY_PAIR_GEN = 16n let cKM_DSA = 17n let cKM_DSA_SHA1 = 18n let cKM_DH_PKCS_KEY_PAIR_GEN = 32n let cKM_DH_PKCS_DERIVE = 33n let cKM_X9_42_DH_KEY_PAIR_GEN = 48n let cKM_X9_42_DH_DERIVE = 49n let cKM_X9_42_DH_HYBRID_DERIVE = 50n let cKM_X9_42_MQV_DERIVE = 51n let cKM_SHA256_RSA_PKCS = 64n let cKM_SHA384_RSA_PKCS = 65n let cKM_SHA512_RSA_PKCS = 66n let cKM_SHA256_RSA_PKCS_PSS = 67n let cKM_SHA384_RSA_PKCS_PSS = 68n let cKM_SHA512_RSA_PKCS_PSS = 69n let cKM_SHA224_RSA_PKCS = 70n let cKM_SHA224_RSA_PKCS_PSS = 71n let cKM_RC2_KEY_GEN = 256n let cKM_RC2_ECB = 257n let cKM_RC2_CBC = 258n let cKM_RC2_MAC = 259n let cKM_RC2_MAC_GENERAL = 260n let cKM_RC2_CBC_PAD = 261n let cKM_RC4_KEY_GEN = 272n let cKM_RC4 = 273n let cKM_DES_KEY_GEN = 288n let cKM_DES_ECB = 289n let cKM_DES_CBC = 290n let cKM_DES_MAC = 291n let cKM_DES_MAC_GENERAL = 292n let cKM_DES_CBC_PAD = 293n let cKM_DES2_KEY_GEN = 304n let cKM_DES3_KEY_GEN = 305n let cKM_DES3_ECB = 306n let cKM_DES3_CBC = 307n let cKM_DES3_MAC = 308n let cKM_DES3_MAC_GENERAL = 309n let cKM_DES3_CBC_PAD = 310n let cKM_CDMF_KEY_GEN = 320n let cKM_CDMF_ECB = 321n let cKM_CDMF_CBC = 322n let cKM_CDMF_MAC = 323n let cKM_CDMF_MAC_GENERAL = 324n let cKM_CDMF_CBC_PAD = 325n let cKM_MD2 = 512n let cKM_MD2_HMAC = 513n let cKM_MD2_HMAC_GENERAL = 514n let cKM_MD5 = 528n let cKM_MD5_HMAC = 529n let cKM_MD5_HMAC_GENERAL = 530n let cKM_SHA_1 = 544n let cKM_SHA_1_HMAC = 545n let cKM_SHA_1_HMAC_GENERAL = 546n let cKM_RIPEMD128 = 560n let cKM_RIPEMD128_HMAC = 561n let cKM_RIPEMD128_HMAC_GENERAL = 562n let cKM_RIPEMD160 = 576n let cKM_RIPEMD160_HMAC = 577n let cKM_RIPEMD160_HMAC_GENERAL = 578n let cKM_SHA256 = 592n let cKM_SHA256_HMAC = 593n let cKM_SHA256_HMAC_GENERAL = 594n let cKM_SHA384 = 608n let cKM_SHA384_HMAC = 609n let cKM_SHA384_HMAC_GENERAL = 610n let cKM_SHA512 = 624n let cKM_SHA512_HMAC = 625n let cKM_SHA512_HMAC_GENERAL = 626n let cKM_SHA224 = 597n let cKM_SHA224_HMAC = 598n let cKM_SHA224_HMAC_GENERAL = 599n let cKM_SECURID_KEY_GEN = 640n let cKM_SECURID = 642n let cKM_HOTP_KEY_GEN = 656n let cKM_HOTP = 657n let cKM_ACTI_KEY_GEN = 672n let cKM_ACTI = 673n let cKM_CAST_KEY_GEN = 768n let cKM_CAST_ECB = 769n let cKM_CAST_CBC = 770n let cKM_CAST_MAC = 771n let cKM_CAST_MAC_GENERAL = 772n let cKM_CAST_CBC_PAD = 773n let cKM_CAST3_KEY_GEN = 784n let cKM_CAST3_ECB = 785n let cKM_CAST3_CBC = 786n let cKM_CAST3_MAC = 787n let cKM_CAST3_MAC_GENERAL = 788n let cKM_CAST3_CBC_PAD = 789n let cKM_CAST5_KEY_GEN = 800n let cKM_CAST128_KEY_GEN = 800n let cKM_CAST5_ECB = 801n let cKM_CAST128_ECB = 801n let cKM_CAST5_CBC = 802n let cKM_CAST128_CBC = 802n let cKM_CAST5_MAC = 803n let cKM_CAST128_MAC = 803n let cKM_CAST5_MAC_GENERAL = 804n let cKM_CAST128_MAC_GENERAL = 804n let cKM_CAST5_CBC_PAD = 805n let cKM_CAST128_CBC_PAD = 805n let cKM_RC5_KEY_GEN = 816n let cKM_RC5_ECB = 817n let cKM_RC5_CBC = 818n let cKM_RC5_MAC = 819n let cKM_RC5_MAC_GENERAL = 820n let cKM_RC5_CBC_PAD = 821n let cKM_IDEA_KEY_GEN = 832n let cKM_IDEA_ECB = 833n let cKM_IDEA_CBC = 834n let cKM_IDEA_MAC = 835n let cKM_IDEA_MAC_GENERAL = 836n let cKM_IDEA_CBC_PAD = 837n let cKM_GENERIC_SECRET_KEY_GEN = 848n let cKM_CONCATENATE_BASE_AND_KEY = 864n let cKM_CONCATENATE_BASE_AND_DATA = 866n let cKM_CONCATENATE_DATA_AND_BASE = 867n let cKM_XOR_BASE_AND_DATA = 868n let cKM_EXTRACT_KEY_FROM_KEY = 869n let cKM_SSL3_PRE_MASTER_KEY_GEN = 880n let cKM_SSL3_MASTER_KEY_DERIVE = 881n let cKM_SSL3_KEY_AND_MAC_DERIVE = 882n let cKM_SSL3_MASTER_KEY_DERIVE_DH = 883n let cKM_TLS_PRE_MASTER_KEY_GEN = 884n let cKM_TLS_MASTER_KEY_DERIVE = 885n let cKM_TLS_KEY_AND_MAC_DERIVE = 886n let cKM_TLS_MASTER_KEY_DERIVE_DH = 887n let cKM_TLS_PRF = 888n let cKM_SSL3_MD5_MAC = 896n let cKM_SSL3_SHA1_MAC = 897n let cKM_MD5_KEY_DERIVATION = 912n let cKM_MD2_KEY_DERIVATION = 913n let cKM_SHA1_KEY_DERIVATION = 914n let cKM_SHA256_KEY_DERIVATION = 915n let cKM_SHA384_KEY_DERIVATION = 916n let cKM_SHA512_KEY_DERIVATION = 917n let cKM_SHA224_KEY_DERIVATION = 918n let cKM_PBE_MD2_DES_CBC = 928n let cKM_PBE_MD5_DES_CBC = 929n let cKM_PBE_MD5_CAST_CBC = 930n let cKM_PBE_MD5_CAST3_CBC = 931n let cKM_PBE_MD5_CAST5_CBC = 932n let cKM_PBE_MD5_CAST128_CBC = 932n let cKM_PBE_SHA1_CAST5_CBC = 933n let cKM_PBE_SHA1_CAST128_CBC = 933n let cKM_PBE_SHA1_RC4_128 = 934n let cKM_PBE_SHA1_RC4_40 = 935n let cKM_PBE_SHA1_DES3_EDE_CBC = 936n let cKM_PBE_SHA1_DES2_EDE_CBC = 937n let cKM_PBE_SHA1_RC2_128_CBC = 938n let cKM_PBE_SHA1_RC2_40_CBC = 939n let cKM_PKCS5_PBKD2 = 944n let cKM_PBA_SHA1_WITH_SHA1_HMAC = 960n let cKM_WTLS_PRE_MASTER_KEY_GEN = 976n let cKM_WTLS_MASTER_KEY_DERIVE = 977n let cKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 978n let cKM_WTLS_PRF = 979n let cKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 980n let cKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 981n let cKM_KEY_WRAP_LYNKS = 1024n let cKM_KEY_WRAP_SET_OAEP = 1025n let cKM_CMS_SIG = 1280n let cKM_KIP_DERIVE = 1296n let cKM_KIP_WRAP = 1297n let cKM_KIP_MAC = 1298n let cKM_CAMELLIA_KEY_GEN = 1360n let cKM_CAMELLIA_ECB = 1361n let cKM_CAMELLIA_CBC = 1362n let cKM_CAMELLIA_MAC = 1363n let cKM_CAMELLIA_MAC_GENERAL = 1364n let cKM_CAMELLIA_CBC_PAD = 1365n let cKM_CAMELLIA_ECB_ENCRYPT_DATA = 1366n let cKM_CAMELLIA_CBC_ENCRYPT_DATA = 1367n let cKM_CAMELLIA_CTR = 1368n let cKM_ARIA_KEY_GEN = 1376n let cKM_ARIA_ECB = 1377n let cKM_ARIA_CBC = 1378n let cKM_ARIA_MAC = 1379n let cKM_ARIA_MAC_GENERAL = 1380n let cKM_ARIA_CBC_PAD = 1381n let cKM_ARIA_ECB_ENCRYPT_DATA = 1382n let cKM_ARIA_CBC_ENCRYPT_DATA = 1383n let cKM_SKIPJACK_KEY_GEN = 4096n let cKM_SKIPJACK_ECB64 = 4097n let cKM_SKIPJACK_CBC64 = 4098n let cKM_SKIPJACK_OFB64 = 4099n let cKM_SKIPJACK_CFB64 = 4100n let cKM_SKIPJACK_CFB32 = 4101n let cKM_SKIPJACK_CFB16 = 4102n let cKM_SKIPJACK_CFB8 = 4103n let cKM_SKIPJACK_WRAP = 4104n let cKM_SKIPJACK_PRIVATE_WRAP = 4105n let cKM_SKIPJACK_RELAYX = 4106n let cKM_KEA_KEY_PAIR_GEN = 4112n let cKM_KEA_KEY_DERIVE = 4113n let cKM_FORTEZZA_TIMESTAMP = 4128n let cKM_BATON_KEY_GEN = 4144n let cKM_BATON_ECB128 = 4145n let cKM_BATON_ECB96 = 4146n let cKM_BATON_CBC128 = 4147n let cKM_BATON_COUNTER = 4148n let cKM_BATON_SHUFFLE = 4149n let cKM_BATON_WRAP = 4150n let cKM_EC_KEY_PAIR_GEN = 4160n let cKM_ECDSA = 4161n let cKM_ECDSA_SHA1 = 4162n let cKM_ECDH1_DERIVE = 4176n let cKM_ECDH1_COFACTOR_DERIVE = 4177n let cKM_ECMQV_DERIVE = 4178n let cKM_JUNIPER_KEY_GEN = 4192n let cKM_JUNIPER_ECB128 = 4193n let cKM_JUNIPER_CBC128 = 4194n let cKM_JUNIPER_COUNTER = 4195n let cKM_JUNIPER_SHUFFLE = 4196n let cKM_JUNIPER_WRAP = 4197n let cKM_FASTHASH = 4208n let cKM_AES_KEY_GEN = 4224n let cKM_AES_ECB = 4225n let cKM_AES_CBC = 4226n let cKM_AES_MAC = 4227n let cKM_AES_MAC_GENERAL = 4228n let cKM_AES_CBC_PAD = 4229n let cKM_AES_CTR = 4230n let cKM_BLOWFISH_KEY_GEN = 4240n let cKM_BLOWFISH_CBC = 4241n let cKM_TWOFISH_KEY_GEN = 4242n let cKM_TWOFISH_CBC = 4243n let cKM_DES_ECB_ENCRYPT_DATA = 4352n let cKM_DES_CBC_ENCRYPT_DATA = 4353n let cKM_DES3_ECB_ENCRYPT_DATA = 4354n let cKM_DES3_CBC_ENCRYPT_DATA = 4355n let cKM_AES_ECB_ENCRYPT_DATA = 4356n let cKM_AES_CBC_ENCRYPT_DATA = 4357n let cKM_DSA_PARAMETER_GEN = 8192n let cKM_DH_PKCS_PARAMETER_GEN = 8193n let cKM_X9_42_DH_PARAMETER_GEN = 8194n let cKM_VENDOR_DEFINED = 2147483648n let cKF_HW = 1n let cKF_ENCRYPT = 256n let cKF_DECRYPT = 512n let cKF_DIGEST = 1024n let cKF_SIGN = 2048n let cKF_SIGN_RECOVER = 4096n let cKF_VERIFY = 8192n let cKF_VERIFY_RECOVER = 16384n let cKF_GENERATE = 32768n let cKF_GENERATE_KEY_PAIR = 65536n let cKF_WRAP = 131072n let cKF_UNWRAP = 262144n let cKF_DERIVE = 524288n let cKF_EC_F_P = 1048576n let cKF_EC_F_2M = 2097152n let cKF_EC_ECPARAMETERS = 4194304n let cKF_EC_NAMEDCURVE = 8388608n let cKF_EC_UNCOMPRESS = 16777216n let cKF_EC_COMPRESS = 33554432n let cKF_EXTENSION = 2147483648n let cKF_DONT_BLOCK = 1n let cKF_LIBRARY_CANT_CREATE_OS_THREADS = 1n let cKF_OS_LOCKING_OK = 2n let cKR_OK = 0n let cKR_CANCEL = 1n let cKR_HOST_MEMORY = 2n let cKR_SLOT_ID_INVALID = 3n let cKR_GENERAL_ERROR = 5n let cKR_FUNCTION_FAILED = 6n let cKR_ARGUMENTS_BAD = 7n let cKR_NO_EVENT = 8n let cKR_NEED_TO_CREATE_THREADS = 9n let cKR_CANT_LOCK = 10n let cKR_ATTRIBUTE_READ_ONLY = 16n let cKR_ATTRIBUTE_SENSITIVE = 17n let cKR_ATTRIBUTE_TYPE_INVALID = 18n let cKR_ATTRIBUTE_VALUE_INVALID = 19n let cKR_DATA_INVALID = 32n let cKR_DATA_LEN_RANGE = 33n let cKR_DEVICE_ERROR = 48n let cKR_DEVICE_MEMORY = 49n let cKR_DEVICE_REMOVED = 50n let cKR_ENCRYPTED_DATA_INVALID = 64n let cKR_ENCRYPTED_DATA_LEN_RANGE = 65n let cKR_FUNCTION_CANCELED = 80n let cKR_FUNCTION_NOT_PARALLEL = 81n let cKR_FUNCTION_NOT_SUPPORTED = 84n let cKR_KEY_HANDLE_INVALID = 96n let cKR_KEY_SIZE_RANGE = 98n let cKR_KEY_TYPE_INCONSISTENT = 99n let cKR_KEY_NOT_NEEDED = 100n let cKR_KEY_CHANGED = 101n let cKR_KEY_NEEDED = 102n let cKR_KEY_INDIGESTIBLE = 103n let cKR_KEY_FUNCTION_NOT_PERMITTED = 104n let cKR_KEY_NOT_WRAPPABLE = 105n let cKR_KEY_UNEXTRACTABLE = 106n let cKR_MECHANISM_INVALID = 112n let cKR_MECHANISM_PARAM_INVALID = 113n let cKR_OBJECT_HANDLE_INVALID = 130n let cKR_OPERATION_ACTIVE = 144n let cKR_OPERATION_NOT_INITIALIZED = 145n let cKR_PIN_INCORRECT = 160n let cKR_PIN_INVALID = 161n let cKR_PIN_LEN_RANGE = 162n let cKR_PIN_EXPIRED = 163n let cKR_PIN_LOCKED = 164n let cKR_SESSION_CLOSED = 176n let cKR_SESSION_COUNT = 177n let cKR_SESSION_HANDLE_INVALID = 179n let cKR_SESSION_PARALLEL_NOT_SUPPORTED = 180n let cKR_SESSION_READ_ONLY = 181n let cKR_SESSION_EXISTS = 182n let cKR_SESSION_READ_ONLY_EXISTS = 183n let cKR_SESSION_READ_WRITE_SO_EXISTS = 184n let cKR_SIGNATURE_INVALID = 192n let cKR_SIGNATURE_LEN_RANGE = 193n let cKR_TEMPLATE_INCOMPLETE = 208n let cKR_TEMPLATE_INCONSISTENT = 209n let cKR_TOKEN_NOT_PRESENT = 224n let cKR_TOKEN_NOT_RECOGNIZED = 225n let cKR_TOKEN_WRITE_PROTECTED = 226n let cKR_UNWRAPPING_KEY_HANDLE_INVALID = 240n let cKR_UNWRAPPING_KEY_SIZE_RANGE = 241n let cKR_UNWRAPPING_KEY_TYPE_INCONSISTENT = 242n let cKR_USER_ALREADY_LOGGED_IN = 256n let cKR_USER_NOT_LOGGED_IN = 257n let cKR_USER_PIN_NOT_INITIALIZED = 258n let cKR_USER_TYPE_INVALID = 259n let cKR_USER_ANOTHER_ALREADY_LOGGED_IN = 260n let cKR_USER_TOO_MANY_TYPES = 261n let cKR_WRAPPED_KEY_INVALID = 272n let cKR_WRAPPED_KEY_LEN_RANGE = 274n let cKR_WRAPPING_KEY_HANDLE_INVALID = 275n let cKR_WRAPPING_KEY_SIZE_RANGE = 276n let cKR_WRAPPING_KEY_TYPE_INCONSISTENT = 277n let cKR_RANDOM_SEED_NOT_SUPPORTED = 288n let cKR_RANDOM_NO_RNG = 289n let cKR_DOMAIN_PARAMS_INVALID = 304n let cKR_BUFFER_TOO_SMALL = 336n let cKR_SAVED_STATE_INVALID = 352n let cKR_INFORMATION_SENSITIVE = 368n let cKR_STATE_UNSAVEABLE = 384n let cKR_CRYPTOKI_NOT_INITIALIZED = 400n let cKR_CRYPTOKI_ALREADY_INITIALIZED = 401n let cKR_MUTEX_BAD = 416n let cKR_MUTEX_NOT_LOCKED = 417n let cKR_NEW_PIN_MODE = 432n let cKR_NEXT_OTP = 433n let cKR_FUNCTION_REJECTED = 512n let cKR_VENDOR_DEFINED = 2147483648n let cK_FALSE = 0n let cK_TRUE = 1n let fALSE = 0n let tRUE = 1n let nULL_PTR = 0n let false_ = Array.make 1 (Char.chr 0) let true_ = Array.make 1 (Char.chr 1) (* Helpers for information printing *) let match_cKR_value a = match a with 0n -> "cKR_OK" | 1n -> "cKR_CANCEL" | 2n -> "cKR_HOST_MEMORY" | 3n -> "cKR_SLOT_ID_INVALID" | 5n -> "cKR_GENERAL_ERROR" | 6n -> "cKR_FUNCTION_FAILED" | 7n -> "cKR_ARGUMENTS_BAD" | 8n -> "cKR_NO_EVENT" | 9n -> "cKR_NEED_TO_CREATE_THREADS" | 10n -> "cKR_CANT_LOCK" | 16n -> "cKR_ATTRIBUTE_READ_ONLY" | 17n -> "cKR_ATTRIBUTE_SENSITIVE" | 18n -> "cKR_ATTRIBUTE_TYPE_INVALID" | 19n -> "cKR_ATTRIBUTE_VALUE_INVALID" | 32n -> "cKR_DATA_INVALID" | 33n -> "cKR_DATA_LEN_RANGE" | 48n -> "cKR_DEVICE_ERROR" | 49n -> "cKR_DEVICE_MEMORY" | 50n -> "cKR_DEVICE_REMOVED" | 64n -> "cKR_ENCRYPTED_DATA_INVALID" | 65n -> "cKR_ENCRYPTED_DATA_LEN_RANGE" | 80n -> "cKR_FUNCTION_CANCELED" | 81n -> "cKR_FUNCTION_NOT_PARALLEL" | 84n -> "cKR_FUNCTION_NOT_SUPPORTED" | 96n -> "cKR_KEY_HANDLE_INVALID" | 98n -> "cKR_KEY_SIZE_RANGE" | 99n -> "cKR_KEY_TYPE_INCONSISTENT" | 100n -> "cKR_KEY_NOT_NEEDED" | 101n -> "cKR_KEY_CHANGED" | 102n -> "cKR_KEY_NEEDED" | 103n -> "cKR_KEY_INDIGESTIBLE" | 104n -> "cKR_KEY_FUNCTION_NOT_PERMITTED" | 105n -> "cKR_KEY_NOT_WRAPPABLE" | 106n -> "cKR_KEY_UNEXTRACTABLE" | 112n -> "cKR_MECHANISM_INVALID" | 113n -> "cKR_MECHANISM_PARAM_INVALID" | 130n -> "cKR_OBJECT_HANDLE_INVALID" | 144n -> "cKR_OPERATION_ACTIVE" | 145n -> "cKR_OPERATION_NOT_INITIALIZED" | 160n -> "cKR_PIN_INCORRECT" | 161n -> "cKR_PIN_INVALID" | 162n -> "cKR_PIN_LEN_RANGE" | 163n -> "cKR_PIN_EXPIRED" | 164n -> "cKR_PIN_LOCKED" | 176n -> "cKR_SESSION_CLOSED" | 177n -> "cKR_SESSION_COUNT" | 179n -> "cKR_SESSION_HANDLE_INVALID" | 180n -> "cKR_SESSION_PARALLEL_NOT_SUPPORTED" | 181n -> "cKR_SESSION_READ_ONLY" | 182n -> "cKR_SESSION_EXISTS" | 183n -> "cKR_SESSION_READ_ONLY_EXISTS" | 184n -> "cKR_SESSION_READ_WRITE_SO_EXISTS" | 192n -> "cKR_SIGNATURE_INVALID" | 193n -> "cKR_SIGNATURE_LEN_RANGE" | 208n -> "cKR_TEMPLATE_INCOMPLETE" | 209n -> "cKR_TEMPLATE_INCONSISTENT" | 224n -> "cKR_TOKEN_NOT_PRESENT" | 225n -> "cKR_TOKEN_NOT_RECOGNIZED" | 226n -> "cKR_TOKEN_WRITE_PROTECTED" | 240n -> "cKR_UNWRAPPING_KEY_HANDLE_INVALID" | 241n -> "cKR_UNWRAPPING_KEY_SIZE_RANGE" | 242n -> "cKR_UNWRAPPING_KEY_TYPE_INCONSISTENT" | 256n -> "cKR_USER_ALREADY_LOGGED_IN" | 257n -> "cKR_USER_NOT_LOGGED_IN" | 258n -> "cKR_USER_PIN_NOT_INITIALIZED" | 259n -> "cKR_USER_TYPE_INVALID" | 260n -> "cKR_USER_ANOTHER_ALREADY_LOGGED_IN" | 261n -> "cKR_USER_TOO_MANY_TYPES" | 272n -> "cKR_WRAPPED_KEY_INVALID" | 274n -> "cKR_WRAPPED_KEY_LEN_RANGE" | 275n -> "cKR_WRAPPING_KEY_HANDLE_INVALID" | 276n -> "cKR_WRAPPING_KEY_SIZE_RANGE" | 277n -> "cKR_WRAPPING_KEY_TYPE_INCONSISTENT" | 288n -> "cKR_RANDOM_SEED_NOT_SUPPORTED" | 289n -> "cKR_RANDOM_NO_RNG" | 304n -> "cKR_DOMAIN_PARAMS_INVALID" | 336n -> "cKR_BUFFER_TOO_SMALL" | 352n -> "cKR_SAVED_STATE_INVALID" | 368n -> "cKR_INFORMATION_SENSITIVE" | 384n -> "cKR_STATE_UNSAVEABLE" | 400n -> "cKR_CRYPTOKI_NOT_INITIALIZED" | 401n -> "cKR_CRYPTOKI_ALREADY_INITIALIZED" | 416n -> "cKR_MUTEX_BAD" | 417n -> "cKR_MUTEX_NOT_LOCKED" | 432n -> "cKR_NEW_PIN_MODE" | 433n -> "cKR_NEXT_OTP" | 512n -> "cKR_FUNCTION_REJECTED" | 2147483648n -> "cKR_VENDOR_DEFINED" | _ -> "cKR_UNKNOWN!" let match_cKM_value a = match a with 0n -> "cKM_RSA_PKCS_KEY_PAIR_GEN" | 1n -> "cKM_RSA_PKCS" | 2n -> "cKM_RSA_9796" | 3n -> "cKM_RSA_X_509" | 4n -> "cKM_MD2_RSA_PKCS" | 5n -> "cKM_MD5_RSA_PKCS" | 6n -> "cKM_SHA1_RSA_PKCS" | 7n -> "cKM_RIPEMD128_RSA_PKCS" | 8n -> "cKM_RIPEMD160_RSA_PKCS" | 9n -> "cKM_RSA_PKCS_OAEP" | 10n -> "cKM_RSA_X9_31_KEY_PAIR_GEN" | 11n -> "cKM_RSA_X9_31" | 12n -> "cKM_SHA1_RSA_X9_31" | 13n -> "cKM_RSA_PKCS_PSS" | 14n -> "cKM_SHA1_RSA_PKCS_PSS" | 16n -> "cKM_DSA_KEY_PAIR_GEN" | 17n -> "cKM_DSA" | 18n -> "cKM_DSA_SHA1" | 32n -> "cKM_DH_PKCS_KEY_PAIR_GEN" | 33n -> "cKM_DH_PKCS_DERIVE" | 48n -> "cKM_X9_42_DH_KEY_PAIR_GEN" | 49n -> "cKM_X9_42_DH_DERIVE" | 50n -> "cKM_X9_42_DH_HYBRID_DERIVE" | 51n -> "cKM_X9_42_MQV_DERIVE" | 64n -> "cKM_SHA256_RSA_PKCS" | 65n -> "cKM_SHA384_RSA_PKCS" | 66n -> "cKM_SHA512_RSA_PKCS" | 67n -> "cKM_SHA256_RSA_PKCS_PSS" | 68n -> "cKM_SHA384_RSA_PKCS_PSS" | 69n -> "cKM_SHA512_RSA_PKCS_PSS" | 70n -> "cKM_SHA224_RSA_PKCS" | 71n -> "cKM_SHA224_RSA_PKCS_PSS" | 256n -> "cKM_RC2_KEY_GEN" | 257n -> "cKM_RC2_ECB" | 258n -> "cKM_RC2_CBC" | 259n -> "cKM_RC2_MAC" | 260n -> "cKM_RC2_MAC_GENERAL" | 261n -> "cKM_RC2_CBC_PAD" | 272n -> "cKM_RC4_KEY_GEN" | 273n -> "cKM_RC4" | 288n -> "cKM_DES_KEY_GEN" | 289n -> "cKM_DES_ECB" | 290n -> "cKM_DES_CBC" | 291n -> "cKM_DES_MAC" | 292n -> "cKM_DES_MAC_GENERAL" | 293n -> "cKM_DES_CBC_PAD" | 304n -> "cKM_DES2_KEY_GEN" | 305n -> "cKM_DES3_KEY_GEN" | 306n -> "cKM_DES3_ECB" | 307n -> "cKM_DES3_CBC" | 308n -> "cKM_DES3_MAC" | 309n -> "cKM_DES3_MAC_GENERAL" | 310n -> "cKM_DES3_CBC_PAD" | 320n -> "cKM_CDMF_KEY_GEN" | 321n -> "cKM_CDMF_ECB" | 322n -> "cKM_CDMF_CBC" | 323n -> "cKM_CDMF_MAC" | 324n -> "cKM_CDMF_MAC_GENERAL" | 325n -> "cKM_CDMF_CBC_PAD" | 512n -> "cKM_MD2" | 513n -> "cKM_MD2_HMAC" | 514n -> "cKM_MD2_HMAC_GENERAL" | 528n -> "cKM_MD5" | 529n -> "cKM_MD5_HMAC" | 530n -> "cKM_MD5_HMAC_GENERAL" | 544n -> "cKM_SHA_1" | 545n -> "cKM_SHA_1_HMAC" | 546n -> "cKM_SHA_1_HMAC_GENERAL" | 560n -> "cKM_RIPEMD128" | 561n -> "cKM_RIPEMD128_HMAC" | 562n -> "cKM_RIPEMD128_HMAC_GENERAL" | 576n -> "cKM_RIPEMD160" | 577n -> "cKM_RIPEMD160_HMAC" | 578n -> "cKM_RIPEMD160_HMAC_GENERAL" | 592n -> "cKM_SHA256" | 593n -> "cKM_SHA256_HMAC" | 594n -> "cKM_SHA256_HMAC_GENERAL" | 597n -> "cKM_SHA224" | 598n -> "cKM_SHA224_HMAC" | 599n -> "cKM_SHA224_HMAC_GENERAL" | 608n -> "cKM_SHA384" | 609n -> "cKM_SHA384_HMAC" | 610n -> "cKM_SHA384_HMAC_GENERAL" | 624n -> "cKM_SHA512" | 625n -> "cKM_SHA512_HMAC" | 626n -> "cKM_SHA512_HMAC_GENERAL" | 640n -> "cKM_SECURID_KEY_GEN" | 642n -> "cKM_SECURID" | 656n -> "cKM_HOTP_KEY_GEN" | 657n -> "cKM_HOTP" | 672n -> "cKM_ACTI_KEY_GEN" | 673n -> "cKM_ACTI" | 768n -> "cKM_CAST_KEY_GEN" | 769n -> "cKM_CAST_ECB" | 770n -> "cKM_CAST_CBC" | 771n -> "cKM_CAST_MAC" | 772n -> "cKM_CAST_MAC_GENERAL" | 773n -> "cKM_CAST_CBC_PAD" | 784n -> "cKM_CAST3_KEY_GEN" | 785n -> "cKM_CAST3_ECB" | 786n -> "cKM_CAST3_CBC" | 787n -> "cKM_CAST3_MAC" | 788n -> "cKM_CAST3_MAC_GENERAL" | 789n -> "cKM_CAST3_CBC_PAD" | 800n -> "cKM_CAST5_KEY_GEN" | 801n -> "cKM_CAST5_ECB" | 802n -> "cKM_CAST5_CBC" | 803n -> "cKM_CAST5_MAC" | 804n -> "cKM_CAST5_MAC_GENERAL" | 805n -> "cKM_CAST5_CBC_PAD" | 816n -> "cKM_RC5_KEY_GEN" | 817n -> "cKM_RC5_ECB" | 818n -> "cKM_RC5_CBC" | 819n -> "cKM_RC5_MAC" | 820n -> "cKM_RC5_MAC_GENERAL" | 821n -> "cKM_RC5_CBC_PAD" | 832n -> "cKM_IDEA_KEY_GEN" | 833n -> "cKM_IDEA_ECB" | 834n -> "cKM_IDEA_CBC" | 835n -> "cKM_IDEA_MAC" | 836n -> "cKM_IDEA_MAC_GENERAL" | 837n -> "cKM_IDEA_CBC_PAD" | 848n -> "cKM_GENERIC_SECRET_KEY_GEN" | 864n -> "cKM_CONCATENATE_BASE_AND_KEY" | 866n -> "cKM_CONCATENATE_BASE_AND_DATA" | 867n -> "cKM_CONCATENATE_DATA_AND_BASE" | 868n -> "cKM_XOR_BASE_AND_DATA" | 869n -> "cKM_EXTRACT_KEY_FROM_KEY" | 880n -> "cKM_SSL3_PRE_MASTER_KEY_GEN" | 881n -> "cKM_SSL3_MASTER_KEY_DERIVE" | 882n -> "cKM_SSL3_KEY_AND_MAC_DERIVE" | 883n -> "cKM_SSL3_MASTER_KEY_DERIVE_DH" | 884n -> "cKM_TLS_PRE_MASTER_KEY_GEN" | 885n -> "cKM_TLS_MASTER_KEY_DERIVE" | 886n -> "cKM_TLS_KEY_AND_MAC_DERIVE" | 887n -> "cKM_TLS_MASTER_KEY_DERIVE_DH" | 888n -> "cKM_TLS_PRF" | 896n -> "cKM_SSL3_MD5_MAC" | 897n -> "cKM_SSL3_SHA1_MAC" | 912n -> "cKM_MD5_KEY_DERIVATION" | 913n -> "cKM_MD2_KEY_DERIVATION" | 914n -> "cKM_SHA1_KEY_DERIVATION" | 915n -> "cKM_SHA256_KEY_DERIVATION" | 916n -> "cKM_SHA384_KEY_DERIVATION" | 917n -> "cKM_SHA512_KEY_DERIVATION" | 918n -> "cKM_SHA224_KEY_DERIVATION" | 928n -> "cKM_PBE_MD2_DES_CBC" | 929n -> "cKM_PBE_MD5_DES_CBC" | 930n -> "cKM_PBE_MD5_CAST_CBC" | 931n -> "cKM_PBE_MD5_CAST3_CBC" | 932n -> "cKM_PBE_MD5_CAST5_CBC" | 933n -> "cKM_PBE_SHA1_CAST5_CBC" | 934n -> "cKM_PBE_SHA1_RC4_128" | 935n -> "cKM_PBE_SHA1_RC4_40" | 936n -> "cKM_PBE_SHA1_DES3_EDE_CBC" | 937n -> "cKM_PBE_SHA1_DES2_EDE_CBC" | 938n -> "cKM_PBE_SHA1_RC2_128_CBC" | 939n -> "cKM_PBE_SHA1_RC2_40_CBC " | 944n -> "cKM_PKCS5_PBKD2" | 960n -> "cKM_PBA_SHA1_WITH_SHA1_HMAC" | 976n -> "cKM_WTLS_PRE_MASTER_KEY_GEN" | 977n -> "cKM_WTLS_MASTER_KEY_DERIVE" | 978n -> "cKM_WTLS_MASTER_KEY_DERIVE_DH_ECC" | 979n -> "cKM_WTLS_PRF" | 980n -> "cKM_WTLS_SERVER_KEY_AND_MAC_DERIVE" | 981n -> "cKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE" | 1024n -> "cKM_KEY_WRAP_LYNKS" | 1025n -> "cKM_KEY_WRAP_SET_OAEP" | 1280n -> "cKM_CMS_SIG" | 1296n -> "cKM_KIP_DERIVE" | 1297n -> "cKM_KIP_WRAP" | 1298n -> "cKM_KIP_MAC" | 1360n -> "cKM_CAMELLIA_KEY_GEN" | 1361n -> "cKM_CAMELLIA_ECB" | 1362n -> "cKM_CAMELLIA_CBC" | 1363n -> "cKM_CAMELLIA_MAC" | 1364n -> "cKM_CAMELLIA_MAC_GENERAL" | 1365n -> "cKM_CAMELLIA_CBC_PAD" | 1366n -> "cKM_CAMELLIA_ECB_ENCRYPT_DATA" | 1367n -> "cKM_CAMELLIA_CBC_ENCRYPT_DATA" | 1368n -> "cKM_CAMELLIA_CTR" | 1376n -> "cKM_ARIA_KEY_GEN" | 1377n -> "cKM_ARIA_ECB" | 1378n -> "cKM_ARIA_CBC" | 1379n -> "cKM_ARIA_MAC" | 1380n -> "cKM_ARIA_MAC_GENERAL" | 1381n -> "cKM_ARIA_CBC_PAD" | 1382n -> "cKM_ARIA_ECB_ENCRYPT_DATA" | 1383n -> "cKM_ARIA_CBC_ENCRYPT_DATA" | 4096n -> "cKM_SKIPJACK_KEY_GEN" | 4097n -> "cKM_SKIPJACK_ECB64" | 4098n -> "cKM_SKIPJACK_CBC64" | 4099n -> "cKM_SKIPJACK_OFB64" | 4100n -> "cKM_SKIPJACK_CFB64" | 4101n -> "cKM_SKIPJACK_CFB32" | 4102n -> "cKM_SKIPJACK_CFB16" | 4103n -> "cKM_SKIPJACK_CFB8" | 4104n -> "cKM_SKIPJACK_WRAP" | 4105n -> "cKM_SKIPJACK_PRIVATE_WRAP" | 4106n -> "cKM_SKIPJACK_RELAYX" | 4112n -> "cKM_KEA_KEY_PAIR_GEN" | 4113n -> "cKM_KEA_KEY_DERIVE" | 4128n -> "cKM_FORTEZZA_TIMESTAMP" | 4144n -> "cKM_BATON_KEY_GEN" | 4145n -> "cKM_BATON_ECB128" | 4146n -> "cKM_BATON_ECB96" | 4147n -> "cKM_BATON_CBC128" | 4148n -> "cKM_BATON_COUNTER" | 4149n -> "cKM_BATON_SHUFFLE" | 4150n -> "cKM_BATON_WRAP" | 4160n -> "cKM_EC_KEY_PAIR_GEN" | 4161n -> "cKM_ECDSA" | 4162n -> "cKM_ECDSA_SHA1" | 4176n -> "cKM_ECDH1_DERIVE" | 4177n -> "cKM_ECDH1_COFACTOR_DERIVE" | 4178n -> "cKM_ECMQV_DERIVE" | 4192n -> "cKM_JUNIPER_KEY_GEN" | 4193n -> "cKM_JUNIPER_ECB128" | 4194n -> "cKM_JUNIPER_CBC128" | 4195n -> "cKM_JUNIPER_COUNTER" | 4196n -> "cKM_JUNIPER_SHUFFLE" | 4197n -> "cKM_JUNIPER_WRAP" | 4208n -> "cKM_FASTHASH" | 4224n -> "cKM_AES_KEY_GEN" | 4225n -> "cKM_AES_ECB" | 4226n -> "cKM_AES_CBC" | 4227n -> "cKM_AES_MAC" | 4228n -> "cKM_AES_MAC_GENERAL" | 4229n -> "cKM_AES_CBC_PAD" | 4230n -> "cKM_AES_CTR" | 4240n -> "cKM_BLOWFISH_KEY_GEN" | 4241n -> "cKM_BLOWFISH_CBC" | 4242n -> "cKM_TWOFISH_KEY_GEN" | 4243n -> "cKM_TWOFISH_CBC" | 4352n -> "cKM_DES_ECB_ENCRYPT_DATA" | 4353n -> "cKM_DES_CBC_ENCRYPT_DATA" | 4354n -> "cKM_DES3_ECB_ENCRYPT_DATA" | 4355n -> "cKM_DES3_CBC_ENCRYPT_DATA" | 4356n -> "cKM_AES_ECB_ENCRYPT_DATA" | 4357n -> "cKM_AES_CBC_ENCRYPT_DATA" | 8192n -> "cKM_DSA_PARAMETER_GEN" | 8193n -> "cKM_DH_PKCS_PARAMETER_GEN" | 8194n -> "cKM_X9_42_DH_PARAMETER_GEN" | 2147483648n -> "cKM_VENDOR_DEFINED" | _ -> "cKM_UNKNOWN!" exception Mechanism_unknown of string (* Our mechanisms for getting a mechanism from a string *) let string_to_cKM_value a = match a with "CKM_RSA_PKCS_KEY_PAIR_GEN" -> 0n | "CKM_RSA_PKCS" -> 1n | "CKM_RSA_9796" -> 2n | "CKM_RSA_X_509" -> 3n | "CKM_MD2_RSA_PKCS" -> 4n | "CKM_MD5_RSA_PKCS" -> 5n | "CKM_SHA1_RSA_PKCS" -> 6n | "CKM_RIPEMD128_RSA_PKCS" -> 7n | "CKM_RIPEMD160_RSA_PKCS" -> 8n | "CKM_RSA_PKCS_OAEP" -> 9n | "CKM_RSA_X9_31_KEY_PAIR_GEN" -> 10n | "CKM_RSA_X9_31" -> 11n | "CKM_SHA1_RSA_X9_31" -> 12n | "CKM_RSA_PKCS_PSS" -> 13n | "CKM_SHA1_RSA_PKCS_PSS" -> 14n | "CKM_DSA_KEY_PAIR_GEN" -> 16n | "CKM_DSA" -> 17n | "CKM_DSA_SHA1" -> 18n | "CKM_DH_PKCS_KEY_PAIR_GEN" -> 32n | "CKM_DH_PKCS_DERIVE" -> 33n | "CKM_X9_42_DH_KEY_PAIR_GEN" -> 48n | "CKM_X9_42_DH_DERIVE" -> 49n | "CKM_X9_42_DH_HYBRID_DERIVE" -> 50n | "CKM_X9_42_MQV_DERIVE" -> 51n | "CKM_SHA256_RSA_PKCS" -> 64n | "CKM_SHA384_RSA_PKCS" -> 65n | "CKM_SHA512_RSA_PKCS" -> 66n | "CKM_SHA256_RSA_PKCS_PSS" -> 67n | "CKM_SHA384_RSA_PKCS_PSS" -> 68n | "CKM_SHA512_RSA_PKCS_PSS" -> 69n | "CKM_RC2_KEY_GEN" -> 256n | "CKM_RC2_ECB" -> 257n | "CKM_RC2_CBC" -> 258n | "CKM_RC2_MAC" -> 259n | "CKM_RC2_MAC_GENERAL" -> 260n | "CKM_RC2_CBC_PAD" -> 261n | "CKM_RC4_KEY_GEN" -> 272n | "CKM_RC4" -> 273n | "CKM_DES_KEY_GEN" -> 288n | "CKM_DES_ECB" -> 289n | "CKM_DES_CBC" -> 290n | "CKM_DES_MAC" -> 291n | "CKM_DES_MAC_GENERAL" -> 292n | "CKM_DES_CBC_PAD" -> 293n | "CKM_DES2_KEY_GEN" -> 304n | "CKM_DES3_KEY_GEN" -> 305n | "CKM_DES3_ECB" -> 306n | "CKM_DES3_CBC" -> 307n | "CKM_DES3_MAC" -> 308n | "CKM_DES3_MAC_GENERAL" -> 309n | "CKM_DES3_CBC_PAD" -> 310n | "CKM_CDMF_KEY_GEN" -> 320n | "CKM_CDMF_ECB" -> 321n | "CKM_CDMF_CBC" -> 322n | "CKM_CDMF_MAC" -> 323n | "CKM_CDMF_MAC_GENERAL" -> 324n | "CKM_CDMF_CBC_PAD" -> 325n | "CKM_MD2" -> 512n | "CKM_MD2_HMAC" -> 513n | "CKM_MD2_HMAC_GENERAL" -> 514n | "CKM_MD5" -> 528n | "CKM_MD5_HMAC" -> 529n | "CKM_MD5_HMAC_GENERAL" -> 530n | "CKM_SHA_1" -> 544n | "CKM_SHA_1_HMAC" -> 545n | "CKM_SHA_1_HMAC_GENERAL" -> 546n | "CKM_RIPEMD128" -> 560n | "CKM_RIPEMD128_HMAC" -> 561n | "CKM_RIPEMD128_HMAC_GENERAL" -> 562n | "CKM_RIPEMD160" -> 576n | "CKM_RIPEMD160_HMAC" -> 577n | "CKM_RIPEMD160_HMAC_GENERAL" -> 578n | "CKM_SHA256" -> 592n | "CKM_SHA256_HMAC" -> 593n | "CKM_SHA256_HMAC_GENERAL" -> 594n | "CKM_SHA384" -> 608n | "CKM_SHA384_HMAC" -> 609n | "CKM_SHA384_HMAC_GENERAL" -> 610n | "CKM_SHA512" -> 624n | "CKM_SHA512_HMAC" -> 625n | "CKM_SHA512_HMAC_GENERAL" -> 626n | "CKM_CAST_KEY_GEN" -> 768n | "CKM_CAST_ECB" -> 769n | "CKM_CAST_CBC" -> 770n | "CKM_CAST_MAC" -> 771n | "CKM_CAST_MAC_GENERAL" -> 772n | "CKM_CAST_CBC_PAD" -> 773n | "CKM_CAST3_KEY_GEN" -> 784n | "CKM_CAST3_ECB" -> 785n | "CKM_CAST3_CBC" -> 786n | "CKM_CAST3_MAC" -> 787n | "CKM_CAST3_MAC_GENERAL" -> 788n | "CKM_CAST3_CBC_PAD" -> 789n | "CKM_CAST5_KEY_GEN" -> 800n | "CKM_CAST5_ECB" -> 801n | "CKM_CAST5_CBC" -> 802n | "CKM_CAST5_MAC" -> 803n | "CKM_CAST5_MAC_GENERAL" -> 804n | "CKM_CAST5_CBC_PAD" -> 805n | "CKM_RC5_KEY_GEN" -> 816n | "CKM_RC5_ECB" -> 817n | "CKM_RC5_CBC" -> 818n | "CKM_RC5_MAC" -> 819n | "CKM_RC5_MAC_GENERAL" -> 820n | "CKM_RC5_CBC_PAD" -> 821n | "CKM_IDEA_KEY_GEN" -> 832n | "CKM_IDEA_ECB" -> 833n | "CKM_IDEA_CBC" -> 834n | "CKM_IDEA_MAC" -> 835n | "CKM_IDEA_MAC_GENERAL" -> 836n | "CKM_IDEA_CBC_PAD" -> 837n | "CKM_GENERIC_SECRET_KEY_GEN" -> 848n | "CKM_CONCATENATE_BASE_AND_KEY" -> 864n | "CKM_CONCATENATE_BASE_AND_DATA" -> 866n | "CKM_CONCATENATE_DATA_AND_BASE" -> 867n | "CKM_XOR_BASE_AND_DATA" -> 868n | "CKM_EXTRACT_KEY_FROM_KEY" -> 869n | "CKM_SSL3_PRE_MASTER_KEY_GEN" -> 880n | "CKM_SSL3_MASTER_KEY_DERIVE" -> 881n | "CKM_SSL3_KEY_AND_MAC_DERIVE" -> 882n | "CKM_SSL3_MASTER_KEY_DERIVE_DH" -> 883n | "CKM_TLS_PRE_MASTER_KEY_GEN" -> 884n | "CKM_TLS_MASTER_KEY_DERIVE" -> 885n | "CKM_TLS_KEY_AND_MAC_DERIVE" -> 886n | "CKM_TLS_MASTER_KEY_DERIVE_DH" -> 887n | "CKM_SSL3_MD5_MAC" -> 896n | "CKM_SSL3_SHA1_MAC" -> 897n | "CKM_MD5_KEY_DERIVATION" -> 912n | "CKM_MD2_KEY_DERIVATION" -> 913n | "CKM_SHA1_KEY_DERIVATION" -> 914n | "CKM_SHA256_KEY_DERIVATION" -> 915n | "CKM_SHA384_KEY_DERIVATION" -> 916n | "CKM_SHA512_KEY_DERIVATION" -> 917n | "CKM_SHA224_KEY_DERIVATION" -> 918n | "CKM_PBE_MD2_DES_CBC" -> 928n | "CKM_PBE_MD5_DES_CBC" -> 929n | "CKM_PBE_MD5_CAST_CBC" -> 930n | "CKM_PBE_MD5_CAST3_CBC" -> 931n | "CKM_PBE_MD5_CAST5_CBC" -> 932n | "CKM_PBE_SHA1_CAST5_CBC" -> 933n | "CKM_PBE_SHA1_RC4_128" -> 934n | "CKM_PBE_SHA1_RC4_40" -> 935n | "CKM_PBE_SHA1_DES3_EDE_CBC" -> 936n | "CKM_PBE_SHA1_DES2_EDE_CBC" -> 937n | "CKM_PBE_SHA1_RC2_128_CBC" -> 938n | "CKM_PBE_SHA1_RC2_40_CBC" -> 939n | "CKM_PKCS5_PBKD2" -> 944n | "CKM_PBA_SHA1_WITH_SHA1_HMAC" -> 960n | "CKM_WTLS_PRE_MASTER_KEY_GEN" -> 976n | "CKM_WTLS_MASTER_KEY_DERIVE" -> 977n | "CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC" -> 978n | "CKM_WTLS_PRF" -> 979n | "CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE" -> 980n | "CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE" -> 981n | "CKM_KEY_WRAP_LYNKS" -> 1024n | "CKM_KEY_WRAP_SET_OAEP" -> 1025n | "CKM_CMS_SIG" -> 1280n | "CKM_KIP_DERIVE" -> 1296n | "CKM_KIP_WRAP" -> 1297n | "CKM_KIP_MAC" -> 1298n | "CKM_CAMELLIA_KEY_GEN" -> 1360n | "CKM_CAMELLIA_ECB" -> 1361n | "CKM_CAMELLIA_CBC" -> 1362n | "CKM_CAMELLIA_MAC" -> 1363n | "CKM_CAMELLIA_MAC_GENERAL" -> 1364n | "CKM_CAMELLIA_CBC_PAD" -> 1365n | "CKM_CAMELLIA_ECB_ENCRYPT_DATA" -> 1366n | "CKM_CAMELLIA_CBC_ENCRYPT_DATA" -> 1367n | "CKM_CAMELLIA_CTR" -> 1368n | "CKM_ARIA_KEY_GEN" -> 1376n | "CKM_ARIA_ECB" -> 1377n | "CKM_ARIA_CBC" -> 1378n | "CKM_ARIA_MAC" -> 1379n | "CKM_ARIA_MAC_GENERAL" -> 1380n | "CKM_ARIA_CBC_PAD" -> 1381n | "CKM_ARIA_ECB_ENCRYPT_DATA" -> 1382n | "CKM_ARIA_CBC_ENCRYPT_DATA" -> 1383n | "CKM_SKIPJACK_KEY_GEN" -> 4096n | "CKM_SKIPJACK_ECB64" -> 4097n | "CKM_SKIPJACK_CBC64" -> 4098n | "CKM_SKIPJACK_OFB64" -> 4099n | "CKM_SKIPJACK_CFB64" -> 4100n | "CKM_SKIPJACK_CFB32" -> 4101n | "CKM_SKIPJACK_CFB16" -> 4102n | "CKM_SKIPJACK_CFB8" -> 4103n | "CKM_SKIPJACK_WRAP" -> 4104n | "CKM_SKIPJACK_PRIVATE_WRAP" -> 4105n | "CKM_SKIPJACK_RELAYX" -> 4106n | "CKM_KEA_KEY_PAIR_GEN" -> 4112n | "CKM_KEA_KEY_DERIVE" -> 4113n | "CKM_FORTEZZA_TIMESTAMP" -> 4128n | "CKM_BATON_KEY_GEN" -> 4144n | "CKM_BATON_ECB128" -> 4145n | "CKM_BATON_ECB96" -> 4146n | "CKM_BATON_CBC128" -> 4147n | "CKM_BATON_COUNTER" -> 4148n | "CKM_BATON_SHUFFLE" -> 4149n | "CKM_BATON_WRAP" -> 4150n | "CKM_EC_KEY_PAIR_GEN" -> 4160n | "CKM_ECDSA" -> 4161n | "CKM_ECDSA_SHA1" -> 4162n | "CKM_ECDH1_DERIVE" -> 4176n | "CKM_ECDH1_COFACTOR_DERIVE" -> 4177n | "CKM_ECMQV_DERIVE" -> 4178n | "CKM_JUNIPER_KEY_GEN" -> 4192n | "CKM_JUNIPER_ECB128" -> 4193n | "CKM_JUNIPER_CBC128" -> 4194n | "CKM_JUNIPER_COUNTER" -> 4195n | "CKM_JUNIPER_SHUFFLE" -> 4196n | "CKM_JUNIPER_WRAP" -> 4197n | "CKM_FASTHASH" -> 4208n | "CKM_AES_KEY_GEN" -> 4224n | "CKM_AES_ECB" -> 4225n | "CKM_AES_CBC" -> 4226n | "CKM_AES_MAC" -> 4227n | "CKM_AES_MAC_GENERAL" -> 4228n | "CKM_AES_CBC_PAD" -> 4229n | "CKM_AES_CTR" -> 4230n | "CKM_BLOWFISH_KEY_GEN" -> 4240n | "CKM_BLOWFISH_CBC" -> 4241n | "CKM_TWOFISH_KEY_GEN" -> 4242n | "CKM_TWOFISH_CBC" -> 4243n | "CKM_DES_ECB_ENCRYPT_DATA" -> 4352n | "CKM_DES_CBC_ENCRYPT_DATA" -> 4353n | "CKM_DES3_ECB_ENCRYPT_DATA" -> 4354n | "CKM_DES3_CBC_ENCRYPT_DATA" -> 4355n | "CKM_AES_ECB_ENCRYPT_DATA" -> 4356n | "CKM_AES_CBC_ENCRYPT_DATA" -> 4357n | "CKM_DSA_PARAMETER_GEN" -> 8192n | "CKM_DH_PKCS_PARAMETER_GEN" -> 8193n | "CKM_X9_42_DH_PARAMETER_GEN" -> 8194n | "CKM_VENDOR_DEFINED" -> 2147483648n | "cKM_RSA_PKCS_KEY_PAIR_GEN" -> 0n | "cKM_RSA_PKCS" -> 1n | "cKM_RSA_9796" -> 2n | "cKM_RSA_X_509" -> 3n | "cKM_MD2_RSA_PKCS" -> 4n | "cKM_MD5_RSA_PKCS" -> 5n | "cKM_SHA1_RSA_PKCS" -> 6n | "cKM_RIPEMD128_RSA_PKCS" -> 7n | "cKM_RIPEMD160_RSA_PKCS" -> 8n | "cKM_RSA_PKCS_OAEP" -> 9n | "cKM_RSA_X9_31_KEY_PAIR_GEN" -> 10n | "cKM_RSA_X9_31" -> 11n | "cKM_SHA1_RSA_X9_31" -> 12n | "cKM_RSA_PKCS_PSS" -> 13n | "cKM_SHA1_RSA_PKCS_PSS" -> 14n | "cKM_DSA_KEY_PAIR_GEN" -> 16n | "cKM_DSA" -> 17n | "cKM_DSA_SHA1" -> 18n | "cKM_DH_PKCS_KEY_PAIR_GEN" -> 32n | "cKM_DH_PKCS_DERIVE" -> 33n | "cKM_X9_42_DH_KEY_PAIR_GEN" -> 48n | "cKM_X9_42_DH_DERIVE" -> 49n | "cKM_X9_42_DH_HYBRID_DERIVE" -> 50n | "cKM_X9_42_MQV_DERIVE" -> 51n | "cKM_SHA256_RSA_PKCS" -> 64n | "cKM_SHA384_RSA_PKCS" -> 65n | "cKM_SHA512_RSA_PKCS" -> 66n | "cKM_SHA256_RSA_PKCS_PSS" -> 67n | "cKM_SHA384_RSA_PKCS_PSS" -> 68n | "cKM_SHA512_RSA_PKCS_PSS" -> 69n | "cKM_SHA224_RSA_PKCS" -> 70n | "cKM_SHA224_RSA_PKCS_PSS" -> 71n | "cKM_RC2_KEY_GEN" -> 256n | "cKM_RC2_ECB" -> 257n | "cKM_RC2_CBC" -> 258n | "cKM_RC2_MAC" -> 259n | "cKM_RC2_MAC_GENERAL" -> 260n | "cKM_RC2_CBC_PAD" -> 261n | "cKM_RC4_KEY_GEN" -> 272n | "cKM_RC4" -> 273n | "cKM_DES_KEY_GEN" -> 288n | "cKM_DES_ECB" -> 289n | "cKM_DES_CBC" -> 290n | "cKM_DES_MAC" -> 291n | "cKM_DES_MAC_GENERAL" -> 292n | "cKM_DES_CBC_PAD" -> 293n | "cKM_DES2_KEY_GEN" -> 304n | "cKM_DES3_KEY_GEN" -> 305n | "cKM_DES3_ECB" -> 306n | "cKM_DES3_CBC" -> 307n | "cKM_DES3_MAC" -> 308n | "cKM_DES3_MAC_GENERAL" -> 309n | "cKM_DES3_CBC_PAD" -> 310n | "cKM_CDMF_KEY_GEN" -> 320n | "cKM_CDMF_ECB" -> 321n | "cKM_CDMF_CBC" -> 322n | "cKM_CDMF_MAC" -> 323n | "cKM_CDMF_MAC_GENERAL" -> 324n | "cKM_CDMF_CBC_PAD" -> 325n | "cKM_MD2" -> 512n | "cKM_MD2_HMAC" -> 513n | "cKM_MD2_HMAC_GENERAL" -> 514n | "cKM_MD5" -> 528n | "cKM_MD5_HMAC" -> 529n | "cKM_MD5_HMAC_GENERAL" -> 530n | "cKM_SHA_1" -> 544n | "cKM_SHA_1_HMAC" -> 545n | "cKM_SHA_1_HMAC_GENERAL" -> 546n | "cKM_RIPEMD128" -> 560n | "cKM_RIPEMD128_HMAC" -> 561n | "cKM_RIPEMD128_HMAC_GENERAL" -> 562n | "cKM_RIPEMD160" -> 576n | "cKM_RIPEMD160_HMAC" -> 577n | "cKM_RIPEMD160_HMAC_GENERAL" -> 578n | "cKM_SHA256" -> 592n | "cKM_SHA256_HMAC" -> 593n | "cKM_SHA256_HMAC_GENERAL" -> 594n | "cKM_SHA384" -> 608n | "cKM_SHA384_HMAC" -> 609n | "cKM_SHA384_HMAC_GENERAL" -> 610n | "cKM_SHA512" -> 624n | "cKM_SHA512_HMAC" -> 625n | "cKM_SHA512_HMAC_GENERAL" -> 626n | "cKM_CAST_KEY_GEN" -> 768n | "cKM_CAST_ECB" -> 769n | "cKM_CAST_CBC" -> 770n | "cKM_CAST_MAC" -> 771n | "cKM_CAST_MAC_GENERAL" -> 772n | "cKM_CAST_CBC_PAD" -> 773n | "cKM_CAST3_KEY_GEN" -> 784n | "cKM_CAST3_ECB" -> 785n | "cKM_CAST3_CBC" -> 786n | "cKM_CAST3_MAC" -> 787n | "cKM_CAST3_MAC_GENERAL" -> 788n | "cKM_CAST3_CBC_PAD" -> 789n | "cKM_CAST5_KEY_GEN" -> 800n | "cKM_CAST5_ECB" -> 801n | "cKM_CAST5_CBC" -> 802n | "cKM_CAST5_MAC" -> 803n | "cKM_CAST5_MAC_GENERAL" -> 804n | "cKM_CAST5_CBC_PAD" -> 805n | "cKM_RC5_KEY_GEN" -> 816n | "cKM_RC5_ECB" -> 817n | "cKM_RC5_CBC" -> 818n | "cKM_RC5_MAC" -> 819n | "cKM_RC5_MAC_GENERAL" -> 820n | "cKM_RC5_CBC_PAD" -> 821n | "cKM_IDEA_KEY_GEN" -> 832n | "cKM_IDEA_ECB" -> 833n | "cKM_IDEA_CBC" -> 834n | "cKM_IDEA_MAC" -> 835n | "cKM_IDEA_MAC_GENERAL" -> 836n | "cKM_IDEA_CBC_PAD" -> 837n | "cKM_GENERIC_SECRET_KEY_GEN" -> 848n | "cKM_CONCATENATE_BASE_AND_KEY" -> 864n | "cKM_CONCATENATE_BASE_AND_DATA" -> 866n | "cKM_CONCATENATE_DATA_AND_BASE" -> 867n | "cKM_XOR_BASE_AND_DATA" -> 868n | "cKM_EXTRACT_KEY_FROM_KEY" -> 869n | "cKM_SSL3_PRE_MASTER_KEY_GEN" -> 880n | "cKM_SSL3_MASTER_KEY_DERIVE" -> 881n | "cKM_SSL3_KEY_AND_MAC_DERIVE" -> 882n | "cKM_SSL3_MASTER_KEY_DERIVE_DH" -> 883n | "cKM_TLS_PRE_MASTER_KEY_GEN" -> 884n | "cKM_TLS_MASTER_KEY_DERIVE" -> 885n | "cKM_TLS_KEY_AND_MAC_DERIVE" -> 886n | "cKM_TLS_MASTER_KEY_DERIVE_DH" -> 887n | "cKM_TLS_PRF" -> 888n | "cKM_SSL3_MD5_MAC" -> 896n | "cKM_SSL3_SHA1_MAC" -> 897n | "cKM_MD5_KEY_DERIVATION" -> 912n | "cKM_MD2_KEY_DERIVATION" -> 913n | "cKM_SHA1_KEY_DERIVATION" -> 914n | "cKM_SHA256_KEY_DERIVATION" -> 915n | "cKM_SHA384_KEY_DERIVATION" -> 916n | "cKM_SHA512_KEY_DERIVATION" -> 917n | "cKM_SHA224_KEY_DERIVATION" -> 918n | "cKM_PBE_MD2_DES_CBC" -> 928n | "cKM_PBE_MD5_DES_CBC" -> 929n | "cKM_PBE_MD5_CAST_CBC" -> 930n | "cKM_PBE_MD5_CAST3_CBC" -> 931n | "cKM_PBE_MD5_CAST5_CBC" -> 932n | "cKM_PBE_SHA1_CAST5_CBC" -> 933n | "cKM_PBE_SHA1_RC4_128" -> 934n | "cKM_PBE_SHA1_RC4_40" -> 935n | "cKM_PBE_SHA1_DES3_EDE_CBC" -> 936n | "cKM_PBE_SHA1_DES2_EDE_CBC" -> 937n | "cKM_PBE_SHA1_RC2_128_CBC" -> 938n | "cKM_PBE_SHA1_RC2_40_CBC" -> 939n | "cKM_PKCS5_PBKD2" -> 944n | "cKM_PBA_SHA1_WITH_SHA1_HMAC" -> 960n | "cKM_WTLS_PRE_MASTER_KEY_GEN" -> 976n | "cKM_WTLS_MASTER_KEY_DERIVE" -> 977n | "cKM_WTLS_MASTER_KEY_DERIVE_DH_ECC" -> 978n | "cKM_WTLS_PRF" -> 979n | "cKM_WTLS_SERVER_KEY_AND_MAC_DERIVE" -> 980n | "cKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE" -> 981n | "cKM_KEY_WRAP_LYNKS" -> 1024n | "cKM_KEY_WRAP_SET_OAEP" -> 1025n | "cKM_CMS_SIG" -> 1280n | "cKM_KIP_DERIVE" -> 1296n | "cKM_KIP_WRAP" -> 1297n | "cKM_KIP_MAC" -> 1298n | "cKM_CAMELLIA_KEY_GEN" -> 1360n | "cKM_CAMELLIA_ECB" -> 1361n | "cKM_CAMELLIA_CBC" -> 1362n | "cKM_CAMELLIA_MAC" -> 1363n | "cKM_CAMELLIA_MAC_GENERAL" -> 1364n | "cKM_CAMELLIA_CBC_PAD" -> 1365n | "cKM_CAMELLIA_ECB_ENCRYPT_DATA" -> 1366n | "cKM_CAMELLIA_CBC_ENCRYPT_DATA" -> 1367n | "cKM_CAMELLIA_CTR" -> 1368n | "cKM_ARIA_KEY_GEN" -> 1376n | "cKM_ARIA_ECB" -> 1377n | "cKM_ARIA_CBC" -> 1378n | "cKM_ARIA_MAC" -> 1379n | "cKM_ARIA_MAC_GENERAL" -> 1380n | "cKM_ARIA_CBC_PAD" -> 1381n | "cKM_ARIA_ECB_ENCRYPT_DATA" -> 1382n | "cKM_ARIA_CBC_ENCRYPT_DATA" -> 1383n | "cKM_SKIPJACK_KEY_GEN" -> 4096n | "cKM_SKIPJACK_ECB64" -> 4097n | "cKM_SKIPJACK_CBC64" -> 4098n | "cKM_SKIPJACK_OFB64" -> 4099n | "cKM_SKIPJACK_CFB64" -> 4100n | "cKM_SKIPJACK_CFB32" -> 4101n | "cKM_SKIPJACK_CFB16" -> 4102n | "cKM_SKIPJACK_CFB8" -> 4103n | "cKM_SKIPJACK_WRAP" -> 4104n | "cKM_SKIPJACK_PRIVATE_WRAP" -> 4105n | "cKM_SKIPJACK_RELAYX" -> 4106n | "cKM_KEA_KEY_PAIR_GEN" -> 4112n | "cKM_KEA_KEY_DERIVE" -> 4113n | "cKM_FORTEZZA_TIMESTAMP" -> 4128n | "cKM_BATON_KEY_GEN" -> 4144n | "cKM_BATON_ECB128" -> 4145n | "cKM_BATON_ECB96" -> 4146n | "cKM_BATON_CBC128" -> 4147n | "cKM_BATON_COUNTER" -> 4148n | "cKM_BATON_SHUFFLE" -> 4149n | "cKM_BATON_WRAP" -> 4150n | "cKM_EC_KEY_PAIR_GEN" -> 4160n | "cKM_ECDSA" -> 4161n | "cKM_ECDSA_SHA1" -> 4162n | "cKM_ECDH1_DERIVE" -> 4176n | "cKM_ECDH1_COFACTOR_DERIVE" -> 4177n | "cKM_ECMQV_DERIVE" -> 4178n | "cKM_JUNIPER_KEY_GEN" -> 4192n | "cKM_JUNIPER_ECB128" -> 4193n | "cKM_JUNIPER_CBC128" -> 4194n | "cKM_JUNIPER_COUNTER" -> 4195n | "cKM_JUNIPER_SHUFFLE" -> 4196n | "cKM_JUNIPER_WRAP" -> 4197n | "cKM_FASTHASH" -> 4208n | "cKM_AES_KEY_GEN" -> 4224n | "cKM_AES_ECB" -> 4225n | "cKM_AES_CBC" -> 4226n | "cKM_AES_MAC" -> 4227n | "cKM_AES_MAC_GENERAL" -> 4228n | "cKM_AES_CBC_PAD" -> 4229n | "cKM_AES_CTR" -> 4230n | "cKM_BLOWFISH_KEY_GEN" -> 4240n | "cKM_BLOWFISH_CBC" -> 4241n | "cKM_TWOFISH_KEY_GEN" -> 4242n | "cKM_TWOFISH_CBC" -> 4243n | "cKM_DES_ECB_ENCRYPT_DATA" -> 4352n | "cKM_DES_CBC_ENCRYPT_DATA" -> 4353n | "cKM_DES3_ECB_ENCRYPT_DATA" -> 4354n | "cKM_DES3_CBC_ENCRYPT_DATA" -> 4355n | "cKM_AES_ECB_ENCRYPT_DATA" -> 4356n | "cKM_AES_CBC_ENCRYPT_DATA" -> 4357n | "cKM_DSA_PARAMETER_GEN" -> 8192n | "cKM_DH_PKCS_PARAMETER_GEN" -> 8193n | "cKM_X9_42_DH_PARAMETER_GEN" -> 8194n | "cKM_VENDOR_DEFINED" -> 2147483648n | _ -> raise (Mechanism_unknown a) let match_cKF_value a = match a with | 1n -> "cKF_TOKEN_PRESENT | ncKF_RNG | ncKF_HW | ncKF_DONT_BLOCK | ncKF_LIBRARY_CANT_CREATE_OS_THREADS" | 2n -> "cKF_REMOVABLE_DEVICE | ncKF_RW_SESSION | ncKF_WRITE_PROTECTED | ncKF_OS_LOCKING_OK" | 4n -> "cKF_HW_SLOT | ncKF_LOGIN_REQUIRED | ncKF_SERIAL_SESSION" | 1073741824n -> "cKF_ARRAY_ATTRIBUTE" | 8n -> "cKF_USER_PIN_INITIALIZED" | 32n -> "cKF_RESTORE_KEY_NOT_NEEDED" | 64n -> "cKF_CLOCK_ON_TOKEN" | 256n -> "cKF_PROTECTED_AUTHENTICATION_PATH | ncKF_ENCRYPT" | 512n -> "cKF_DUAL_CRYPTO_OPERATIONS | ncKF_DECRYPT" | 1024n -> "cKF_TOKEN_INITIALIZED | ncKF_DIGEST" | 2048n -> "cKF_SECONDARY_AUTHENTICATION | ncKF_SIGN" | 65536n -> "cKF_USER_PIN_COUNT_LOW | ncKF_GENERATE_KEY_PAIR" | 131072n -> "cKF_USER_PIN_FINAL_TRY | ncKF_WRAP" | 262144n -> "cKF_USER_PIN_LOCKED | ncKF_UNWRAP" | 524288n -> "cKF_USER_PIN_TO_BE_CHANGED | ncKF_DERIVE" | 1048576n -> "cKF_SO_PIN_COUNT_LOW" | 2097152n -> "cKF_SO_PIN_FINAL_TRY" | 4194304n -> "cKF_SO_PIN_LOCKED" | 8388608n -> "cKF_SO_PIN_TO_BE_CHANGED" | 4096n -> "cKF_SIGN_RECOVER" | 8192n -> "cKF_VERIFY" | 16384n -> "cKF_VERIFY_RECOVER" | 32768n -> "cKF_GENERATE" | 2147483648n -> "cKF_EXTENSION" | _ -> "cKF_UNKNOWN!" let match_cKO_value a = match a with | 0n -> "cKO_DATA" | 1n -> "cKO_CERTIFICATE" | 2n -> "cKO_PUBLIC_KEY" | 3n -> "cKO_PRIVATE_KEY" | 4n -> "cKO_SECRET_KEY" | 5n -> "cKO_HW_FEATURE" | 6n -> "cKO_DOMAIN_PARAMETERS" | 7n -> "cKO_MECHANISM" | 2147483648n -> "cKO_VENDOR_DEFINED" | _ -> "cKO_UNKNOWN!" let match_cKU_value a = match a with | 0n -> "cKU_SO" | 1n -> "cKU_USER" | 2n -> "cKU_CONTEXT_SPECIFIC" | _ -> "cKU_UNKNOWN!" let match_cKA_value a = match a with | 0n -> "cKA_CLASS" | 1n -> "cKA_TOKEN" | 2n -> "cKA_PRIVATE" | 3n -> "cKA_LABEL" | 16n -> "cKA_APPLICATION" | 17n -> "cKA_VALUE" | 18n -> "cKA_OBJECT_ID" | 128n -> "cKA_CERTIFICATE_TYPE" | 129n -> "cKA_ISSUER" | 130n -> "cKA_SERIAL_NUMBER" | 131n -> "cKA_AC_ISSUER" | 132n -> "cKA_OWNER" | 133n -> "cKA_ATTR_TYPES" | 134n -> "cKA_TRUSTED" | 135n -> "cKA_CERTIFICATE_CATEGORY" | 136n -> "cKA_JAVA_MIDP_SECURITY_DOMAIN" | 137n -> "cKA_URL" | 138n -> "cKA_HASH_OF_SUBJECT_PUBLIC_KEY" | 139n -> "cKA_HASH_OF_ISSUER_PUBLIC_KEY" | 144n -> "cKA_CHECK_VALUE" | 256n -> "cKA_KEY_TYPE" | 257n -> "cKA_SUBJECT" | 258n -> "cKA_ID" | 259n -> "cKA_SENSITIVE" | 260n -> "cKA_ENCRYPT" | 261n -> "cKA_DECRYPT" | 262n -> "cKA_WRAP" | 263n -> "cKA_UNWRAP" | 264n -> "cKA_SIGN" | 265n -> "cKA_SIGN_RECOVER" | 266n -> "cKA_VERIFY" | 267n -> "cKA_VERIFY_RECOVER" | 268n -> "cKA_DERIVE" | 272n -> "cKA_START_DATE" | 273n -> "cKA_END_DATE" | 288n -> "cKA_MODULUS" | 289n -> "cKA_MODULUS_BITS" | 290n -> "cKA_PUBLIC_EXPONENT" | 291n -> "cKA_PRIVATE_EXPONENT" | 292n -> "cKA_PRIME_1" | 293n -> "cKA_PRIME_2" | 294n -> "cKA_EXPONENT_1" | 295n -> "cKA_EXPONENT_2" | 296n -> "cKA_COEFFICIENT" | 304n -> "cKA_PRIME" | 305n -> "cKA_SUBPRIME" | 306n -> "cKA_BASE" | 307n -> "cKA_PRIME_BITS" | 308n -> "cKA_SUB_PRIME_BITS" | 352n -> "cKA_VALUE_BITS" | 353n -> "cKA_VALUE_LEN" | 354n -> "cKA_EXTRACTABLE" | 355n -> "cKA_LOCAL" | 356n -> "cKA_NEVER_EXTRACTABLE" | 357n -> "cKA_ALWAYS_SENSITIVE" | 358n -> "cKA_KEY_GEN_MECHANISM" | 368n -> "cKA_MODIFIABLE" | 384n -> "cKA_EC_PARAMS" | 385n -> "cKA_EC_POINT" | 512n -> "cKA_SECONDARY_AUTH" | 513n -> "cKA_AUTH_PIN_FLAGS" | 514n -> "cKA_ALWAYS_AUTHENTICATE" | 528n -> "cKA_WRAP_WITH_TRUSTED" | 544n -> "cKA_OTP_FORMAT" | 545n -> "cKA_OTP_LENGTH" | 546n -> "cKA_OTP_TIME_INTERVAL" | 547n -> "cKA_OTP_USER_FRIENDLY_MODE" | 548n -> "cKA_OTP_CHALLENGE_REQUIREMENT" | 549n -> "cKA_OTP_TIME_REQUIREMENT" | 550n -> "cKA_OTP_COUNTER_REQUIREMENT" | 551n -> "cKA_OTP_PIN_REQUIREMENT" | 552n -> "cKA_OTP_COUNTER" | 553n -> "cKA_OTP_TIME" | 554n -> "cKA_OTP_USER_IDENTIFIER" | 555n -> "cKA_OTP_SERVICE_IDENTIFIER" | 556n -> "cKA_OTP_SERVICE_LOGO" | 557n -> "cKA_OTP_SERVICE_LOGO_TYPE" | 768n -> "cKA_HW_FEATURE_TYPE" | 769n -> "cKA_RESET_ON_INIT" | 770n -> "cKA_HAS_RESET" | 1024n -> "cKA_PIXEL_X" | 1025n -> "cKA_PIXEL_Y" | 1026n -> "cKA_RESOLUTION" | 1027n -> "cKA_CHAR_ROWS" | 1028n -> "cKA_CHAR_COLUMNS" | 1029n -> "cKA_COLOR" | 1030n -> "cKA_BITS_PER_PIXEL" | 1152n -> "cKA_CHAR_SETS" | 1153n -> "cKA_ENCODING_METHODS" | 1154n -> "cKA_MIME_TYPES" | 1280n -> "cKA_MECHANISM_TYPE" | 1281n -> "cKA_REQUIRED_CMS_ATTRIBUTES" | 1282n -> "cKA_DEFAULT_CMS_ATTRIBUTES" | 1283n -> "cKA_SUPPORTED_CMS_ATTRIBUTES" | 1073742353n -> "cKA_WRAP_TEMPLATE" | 1073742354n -> "cKA_UNWRAP_TEMPLATE" | 1073743360n -> "cKA_ALLOWED_MECHANISMS" | 2147483648n -> "cKA_VENDOR_DEFINED" | _ -> "cKA_UNKNOWN!" let match_cKS_value a = match a with | 0n -> "cKS_RO_PUBLIC_SESSION" | 1n -> "cKS_RO_USER_FUNCTIONS" | 2n -> "cKS_RW_PUBLIC_SESSION" | 3n -> "cKS_RW_USER_FUNCTIONS" | 4n -> "cKS_RW_SO_FUNCTIONS" | _ -> "cKS_UNKNOWN!" let match_cKH_value a = match a with | 1n -> "cKH_MONOTONIC_COUNTER" | 2n -> "cKH_CLOCK" | 3n -> "cKH_USER_INTERFACE" | 2147483648n -> "cKH_VENDOR_DEFINED" | _ -> "cKH_UNKNOWN!" let match_cKK_value a = match a with | 0n -> "cKK_RSA" | 1n -> "cKK_DSA" | 2n -> "cKK_DH" | 3n -> "cKK_EC" | 4n -> "cKK_X9_42_DH" | 5n -> "cKK_KEA" | 16n -> "cKK_GENERIC_SECRET" | 17n -> "cKK_RC2" | 18n -> "cKK_RC4" | 19n -> "cKK_DES" | 20n -> "cKK_DES2" | 21n -> "cKK_DES3" | 22n -> "cKK_CAST" | 23n -> "cKK_CAST3" | 24n -> "cKK_CAST128" | 25n -> "cKK_RC5" | 26n -> "cKK_IDEA" | 27n -> "cKK_SKIPJACK" | 28n -> "cKK_BATON" | 29n -> "cKK_JUNIPER" | 30n -> "cKK_CDMF" | 31n -> "cKK_AES" | 32n -> "cKK_BLOWFISH" | 33n -> "cKK_TWOFISH" | 2147483648n -> "cKK_VENDOR_DEFINED" | _ -> "cKK_UNKNOWN!" let match_cKC_value a = match a with | 0n -> "cKC_X_509" | 1n -> "cKC_X_509_ATTR_CERT" | 2n -> "cKC_WTLS" | 2147483648n -> "cKC_VENDOR_DEFINED" | _ -> "cKC_UNKNOWN!" let char_array_to_string = fun a -> let s = Bytes.create (Array.length a) in Array.iteri (fun i x -> Bytes.set s i x) a; Bytes.to_string s;; let string_to_char_array = fun s -> Array.init (String.length s) (fun i -> s.[i]);; let print_int_array = fun a -> Printf.printf "'"; Array.iter (fun str -> Printf.printf "%s " (Nativeint.to_string str)) a; Printf.printf "'\n";; let print_char_array = fun a -> Printf.printf "'"; Array.iter (Printf.printf "%c") a; Printf.printf "'\n";; let print_string_array = fun a -> Printf.printf "'"; Array.iter (Printf.printf "%s | ") a; Printf.printf "'\n";; let print_hex = fun a -> Printf.printf "%02x" (int_of_char a);; let print_hex_array = fun a -> Printf.printf "'"; Array.iter print_hex a; Printf.printf "'\n";; let int_to_hexchar (i : nativeint) : char = match i with 0n -> '0' | 1n -> '1' | 2n -> '2' | 3n -> '3' | 4n -> '4' | 5n -> '5' | 6n -> '6' | 7n -> '7' | 8n -> '8' | 9n -> '9' | 10n -> 'a' | 11n -> 'b' | 12n -> 'c' | 13n -> 'd' | 14n -> 'e' | 15n -> 'f' | _ -> failwith "int_to_hexchar";; let hexchar_to_int (c : char) : nativeint = match c with '0' -> 0n | '1' -> 1n | '2' -> 2n | '3' -> 3n | '4' -> 4n | '5' -> 5n | '6' -> 6n | '7' -> 7n | '8' -> 8n | '9' -> 9n | 'a' -> 10n | 'b' -> 11n | 'c' -> 12n | 'd' -> 13n | 'e' -> 14n | 'f' -> 15n | 'A' -> 10n | 'B' -> 11n | 'C' -> 12n | 'D' -> 13n | 'E' -> 14n | 'F' -> 15n | _ -> failwith "hexchar_to_int";; let merge_nibbles niba nibb = let ciba = hexchar_to_int nibb in let cibb = hexchar_to_int niba in let res = (Nativeint.shift_left cibb 4) in let res = (Nativeint.logxor res ciba) in let res = Char.chr (Nativeint.to_int res) in (res);; let pack hexstr = let len = String.length hexstr in let half_len = len / 2 in let res = Bytes.create half_len in let j = ref 0 in for i = 0 to len - 2 do if (i mod 2 == 0) then ( let tmp = merge_nibbles hexstr.[i] hexstr.[i+1] in Bytes.set res !j tmp; j := !j +1; ) done; (Bytes.to_string res);; let sprint_hex_array myarray = let s = Array.fold_left ( fun a elem -> Printf.sprintf "%s%02x" a (int_of_char elem); ) "'" myarray in (Printf.sprintf "%s'" s) let bool_to_char_array boolean_attribute = if compare boolean_attribute cK_FALSE = 0 then ([| (Char.chr 0) |]) else ([| (Char.chr 1) |]) let char_array_to_bool char_array = let check = Array.fold_left ( fun curr_check elem -> if compare elem (Char.chr 0) = 0 then (curr_check || false) else (curr_check || true) ) false char_array in if compare check false = 0 then (cK_FALSE) else (cK_TRUE) let sprint_bool_attribute_value attribute_value = if compare attribute_value cK_TRUE = 0 then ("TRUE") else if compare attribute_value cK_FALSE = 0 then ("FALSE") else ("UNKNOWN!") let sprint_template_array template_array = let string_ = Array.fold_left (fun curr_string templ -> let s1 = Printf.sprintf "(%s, " (match_cKA_value templ.type_) in let s2 = Printf.sprintf "%s) " (sprint_hex_array templ.value) in (String.concat "" [curr_string; s1; s2]) ) "" template_array in (string_) external mL_CK_C_Daemonize : char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_Daemonize" external mL_CK_C_SetupArch : nativeint -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_SetupArch" external mL_CK_C_LoadModule : char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_LoadModule" external mL_CK_C_Initialize : unit -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_Initialize" external mL_CK_C_Finalize : unit -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_Finalize" external mL_CK_C_GetSlotList : nativeint -> nativeint -> ck_rv_t * ck_slot_id_t array * nativeint = "camlidl_pkcs11_ML_CK_C_GetSlotList" external mL_CK_C_GetInfo : unit -> ck_rv_t * ck_info = "camlidl_pkcs11_ML_CK_C_GetInfo" external mL_CK_C_WaitForSlotEvent : ck_flags_t -> ck_rv_t * ck_slot_id_t = "camlidl_pkcs11_ML_CK_C_WaitForSlotEvent" external mL_CK_C_GetSlotInfo : ck_slot_id_t -> ck_rv_t * ck_slot_info = "camlidl_pkcs11_ML_CK_C_GetSlotInfo" external mL_CK_C_GetTokenInfo : ck_slot_id_t -> ck_rv_t * ck_token_info = "camlidl_pkcs11_ML_CK_C_GetTokenInfo" external mL_CK_C_InitToken : ck_slot_id_t -> char array -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_InitToken" external mL_CK_C_OpenSession : ck_slot_id_t -> ck_flags_t -> ck_rv_t * ck_session_handle_t = "camlidl_pkcs11_ML_CK_C_OpenSession" external mL_CK_C_CloseSession : ck_session_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_CloseSession" external mL_CK_C_CloseAllSessions : ck_slot_id_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_CloseAllSessions" external mL_CK_C_GetSessionInfo : ck_session_handle_t -> ck_rv_t * ck_session_info = "camlidl_pkcs11_ML_CK_C_GetSessionInfo" external mL_CK_C_Login : ck_session_handle_t -> ck_user_type_t -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_Login" external mL_CK_C_Logout : ck_session_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_Logout" external mL_CK_C_GetMechanismList : ck_slot_id_t -> nativeint -> ck_rv_t * ck_mechanism_type_t array * nativeint = "camlidl_pkcs11_ML_CK_C_GetMechanismList" external mL_CK_C_GetMechanismInfo : ck_slot_id_t -> ck_mechanism_type_t -> ck_rv_t * ck_mechanism_info = "camlidl_pkcs11_ML_CK_C_GetMechanismInfo" external mL_CK_C_InitPIN : ck_session_handle_t -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_InitPIN" external mL_CK_C_SetPIN : ck_session_handle_t -> char array -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_SetPIN" external mL_CK_C_SeedRandom : ck_session_handle_t -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_SeedRandom" external mL_CK_C_GenerateRandom : ck_session_handle_t -> nativeint -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_GenerateRandom" external mL_CK_C_FindObjectsInit : ck_session_handle_t -> ck_attribute array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_FindObjectsInit" external mL_CK_C_FindObjects : ck_session_handle_t -> nativeint -> ck_rv_t * ck_object_handle_t array * nativeint = "camlidl_pkcs11_ML_CK_C_FindObjects" external mL_CK_C_FindObjectsFinal : ck_session_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_FindObjectsFinal" external mL_CK_C_GenerateKey : ck_session_handle_t -> ck_mechanism -> ck_attribute array -> ck_rv_t * ck_object_handle_t = "camlidl_pkcs11_ML_CK_C_GenerateKey" external mL_CK_C_GenerateKeyPair : ck_session_handle_t -> ck_mechanism -> ck_attribute array -> ck_attribute array -> ck_rv_t * ck_object_handle_t * ck_object_handle_t = "camlidl_pkcs11_ML_CK_C_GenerateKeyPair" external mL_CK_C_CreateObject : ck_session_handle_t -> ck_attribute array -> ck_rv_t * ck_object_handle_t = "camlidl_pkcs11_ML_CK_C_CreateObject" external mL_CK_C_CopyObject : ck_session_handle_t -> ck_object_handle_t -> ck_attribute array -> ck_rv_t * ck_object_handle_t = "camlidl_pkcs11_ML_CK_C_CopyObject" external mL_CK_C_DestroyObject : ck_session_handle_t -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_DestroyObject" external mL_CK_C_GetAttributeValue : ck_session_handle_t -> ck_object_handle_t -> ck_attribute array -> ck_rv_t * ck_attribute array = "camlidl_pkcs11_ML_CK_C_GetAttributeValue" external mL_CK_C_SetAttributeValue : ck_session_handle_t -> ck_object_handle_t -> ck_attribute array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_SetAttributeValue" external mL_CK_C_GetObjectSize : ck_session_handle_t -> ck_object_handle_t -> ck_rv_t * nativeint = "camlidl_pkcs11_ML_CK_C_GetObjectSize" external mL_CK_C_WrapKey : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_object_handle_t -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_WrapKey" external mL_CK_C_UnwrapKey : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> char array -> ck_attribute array -> ck_rv_t * ck_object_handle_t = "camlidl_pkcs11_ML_CK_C_UnwrapKey" external mL_CK_C_DeriveKey : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_attribute array -> ck_rv_t * ck_object_handle_t = "camlidl_pkcs11_ML_CK_C_DeriveKey" external mL_CK_C_DigestInit : ck_session_handle_t -> ck_mechanism -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_DigestInit" external mL_CK_C_Digest : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_Digest" external mL_CK_C_DigestUpdate : ck_session_handle_t -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_DigestUpdate" external mL_CK_C_DigestKey : ck_session_handle_t -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_DigestKey" external mL_CK_C_DigestFinal : ck_session_handle_t -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_DigestFinal" external mL_CK_C_SignInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_SignInit" external mL_CK_C_SignRecoverInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_SignRecoverInit" external mL_CK_C_Sign : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_Sign" external mL_CK_C_SignRecover : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_SignRecover" external mL_CK_C_SignUpdate : ck_session_handle_t -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_SignUpdate" external mL_CK_C_SignFinal : ck_session_handle_t -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_SignFinal" external mL_CK_C_VerifyInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_VerifyInit" external mL_CK_C_VerifyRecoverInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_VerifyRecoverInit" external mL_CK_C_Verify : ck_session_handle_t -> char array -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_Verify" external mL_CK_C_VerifyRecover : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_VerifyRecover" external mL_CK_C_VerifyUpdate : ck_session_handle_t -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_VerifyUpdate" external mL_CK_C_VerifyFinal : ck_session_handle_t -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_VerifyFinal" external mL_CK_C_EncryptInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_EncryptInit" external mL_CK_C_Encrypt : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_Encrypt" external mL_CK_C_EncryptUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_EncryptUpdate" external mL_CK_C_EncryptFinal : ck_session_handle_t -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_EncryptFinal" external mL_CK_C_DigestEncryptUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_DigestEncryptUpdate" external mL_CK_C_SignEncryptUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_SignEncryptUpdate" external mL_CK_C_DecryptInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_DecryptInit" external mL_CK_C_Decrypt : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_Decrypt" external mL_CK_C_DecryptUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_DecryptUpdate" external mL_CK_C_DecryptFinal : ck_session_handle_t -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_DecryptFinal" external mL_CK_C_DecryptDigestUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_DecryptDigestUpdate" external mL_CK_C_DecryptVerifyUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_DecryptVerifyUpdate" external mL_CK_C_GetOperationState : ck_session_handle_t -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_GetOperationState" external mL_CK_C_SetOperationState : ck_session_handle_t -> char array -> ck_object_handle_t -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_SetOperationState" external mL_CK_C_GetFunctionStatus : ck_session_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_GetFunctionStatus" external mL_CK_C_CancelFunction : ck_session_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_CancelFunction" external int_to_ulong_char_array : nativeint -> char array = "camlidl_pkcs11_int_to_ulong_char_array" external char_array_to_ulong : char array -> nativeint = "camlidl_pkcs11_char_array_to_ulong" external hton_char_array : char array -> char array = "camlidl_pkcs11_hton_char_array" external ntoh_char_array : char array -> char array = "camlidl_pkcs11_ntoh_char_array" let c_Daemonize = fun param -> mL_CK_C_Daemonize param let c_SetupArch = fun arch -> mL_CK_C_SetupArch arch let c_LoadModule = fun path -> mL_CK_C_LoadModule path let c_Initialize () = mL_CK_C_Initialize () let c_GetInfo () = mL_CK_C_GetInfo () let c_GetSlotList = fun token_present count -> mL_CK_C_GetSlotList token_present count let c_GetSlotInfo = fun ckslotidt_ -> mL_CK_C_GetSlotInfo ckslotidt_ let c_GetTokenInfo = fun ckslotidt_ -> mL_CK_C_GetTokenInfo ckslotidt_ let c_WaitForSlotEvent = fun ckflagst_ -> mL_CK_C_WaitForSlotEvent ckflagst_ let c_GetMechanismList = fun ckslotidt_ count -> mL_CK_C_GetMechanismList ckslotidt_ count let c_GetMechanismInfo = fun ckslotidt_ ckmechanismtypet_ -> mL_CK_C_GetMechanismInfo ckslotidt_ ckmechanismtypet_ let c_InitToken = fun ckslotidt_ so_pin label -> mL_CK_C_InitToken ckslotidt_ so_pin label let c_InitPIN = fun cksessionhandlet_ pin -> mL_CK_C_InitPIN cksessionhandlet_ pin let c_SetPIN = fun cksessionhandlet_ old_pin new_pin -> mL_CK_C_SetPIN cksessionhandlet_ old_pin new_pin let c_OpenSession = fun ckslotid_ ckflagst_ -> mL_CK_C_OpenSession ckslotid_ ckflagst_ let c_CloseSession = fun cksessionhandlet_ -> mL_CK_C_CloseSession cksessionhandlet_ let c_CloseAllSessions = fun ckslotidt_ -> mL_CK_C_CloseAllSessions ckslotidt_ let c_GetSessionInfo = fun cksessionhandlet_ -> mL_CK_C_GetSessionInfo cksessionhandlet_ let c_GetOperationState = fun cksessionhandlet_ -> mL_CK_C_GetOperationState cksessionhandlet_ let c_SetOperationState = fun cksessionhandlet_ state encryption_handle authentication_handle -> mL_CK_C_SetOperationState cksessionhandlet_ state encryption_handle authentication_handle let c_Login = fun cksessionhandlet_ ckusertypet_ pin -> mL_CK_C_Login cksessionhandlet_ ckusertypet_ pin let c_Logout = fun cksessionhandlet -> mL_CK_C_Logout cksessionhandlet let c_Finalize () = mL_CK_C_Finalize () let c_CreateObject = fun cksessionhandlet_ ckattributearray_ -> mL_CK_C_CreateObject cksessionhandlet_ ckattributearray_ let c_CopyObject = fun cksessionhandlet_ ckobjecthandlet_ ckattributearray_ -> mL_CK_C_CopyObject cksessionhandlet_ ckobjecthandlet_ ckattributearray_ let c_DestroyObject = fun cksessionhandlet_ ckobjecthandlet_ -> mL_CK_C_DestroyObject cksessionhandlet_ ckobjecthandlet_ let c_GetObjectSize = fun cksessionhandlet_ ckobjecthandlet_ -> mL_CK_C_GetObjectSize cksessionhandlet_ ckobjecthandlet_ let c_GetAttributeValue = fun cksessionhandlet_ ckobjecthandlet_ ckattributearray_ -> mL_CK_C_GetAttributeValue cksessionhandlet_ ckobjecthandlet_ ckattributearray_ let c_SetAttributeValue = fun cksessionhandlet_ ckobjecthandlet_ ckattributearray_ -> mL_CK_C_SetAttributeValue cksessionhandlet_ ckobjecthandlet_ ckattributearray_ let c_FindObjectsInit = fun cksessionhandlet_ ckattributearray_ -> mL_CK_C_FindObjectsInit cksessionhandlet_ ckattributearray_ let c_FindObjects = fun cksessionhandlet_ count -> mL_CK_C_FindObjects cksessionhandlet_ count let c_FindObjectsFinal = fun cksessionhandlet_ -> mL_CK_C_FindObjectsFinal cksessionhandlet_ let c_EncryptInit = fun cksessionhandlet_ ckmechanism_ ckobjecthandlet_ -> mL_CK_C_EncryptInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ let c_Encrypt = fun cksessionhandlet_ data -> mL_CK_C_Encrypt cksessionhandlet_ data let c_EncryptUpdate = fun cksessionhandlet_ data -> mL_CK_C_EncryptUpdate cksessionhandlet_ data let c_EncryptFinal = fun cksessionhandlet_ -> mL_CK_C_EncryptFinal cksessionhandlet_ let c_DecryptInit = fun cksessionhandlet_ ckmechanism_ ckobjecthandlet_ -> mL_CK_C_DecryptInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ let c_Decrypt = fun cksessionhandlet_ data -> mL_CK_C_Decrypt cksessionhandlet_ data let c_DecryptUpdate = fun cksessionhandlet_ data -> mL_CK_C_DecryptUpdate cksessionhandlet_ data let c_DecryptFinal = fun cksessionhandlet_ -> mL_CK_C_DecryptFinal cksessionhandlet_ let c_DigestInit = fun cksessionhandlet_ ckmechanism_ -> mL_CK_C_DigestInit cksessionhandlet_ ckmechanism_ let c_Digest = fun cksessionhandlet_ data -> mL_CK_C_Digest cksessionhandlet_ data let c_DigestUpdate = fun cksessionhandlet_ data -> mL_CK_C_DigestUpdate cksessionhandlet_ data let c_DigestKey = fun cksessionhandlet_ ckobjecthandlet_ -> mL_CK_C_DigestKey cksessionhandlet_ ckobjecthandlet_ let c_DigestFinal = fun cksessionhandlet -> mL_CK_C_DigestFinal cksessionhandlet let c_SignInit = fun cksessionhandlet_ ckmechanism_ ckobjecthandlet_ -> mL_CK_C_SignInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ let c_SignRecoverInit = fun cksessionhandlet_ ckmechanism_ ckobjecthandlet_ -> mL_CK_C_SignRecoverInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ let c_Sign = fun cksessionhandlet_ data -> mL_CK_C_Sign cksessionhandlet_ data let c_SignRecover = fun cksessionhandlet_ data -> mL_CK_C_SignRecover cksessionhandlet_ data let c_SignUpdate = fun cksessionhandlet_ data -> mL_CK_C_SignUpdate cksessionhandlet_ data let c_SignFinal = fun cksessionhandlet_ -> mL_CK_C_SignFinal cksessionhandlet_ let c_VerifyInit = fun cksessionhandlet_ ckmechanism_ ckobjecthandlet_ -> mL_CK_C_VerifyInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ let c_VerifyRecoverInit = fun cksessionhandlet_ ckmechanism_ ckobjecthandlet_ -> mL_CK_C_VerifyRecoverInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ let c_Verify = fun cksessionhandlet_ data signed_data -> mL_CK_C_Verify cksessionhandlet_ data signed_data let c_VerifyRecover = fun cksessionhandlet_ data -> mL_CK_C_VerifyRecover cksessionhandlet_ data let c_VerifyUpdate = fun cksessionhandlet_ data -> mL_CK_C_VerifyUpdate cksessionhandlet_ data let c_VerifyFinal = fun cksessionhandlet_ data -> mL_CK_C_VerifyFinal cksessionhandlet_ data let c_DigestEncryptUpdate = fun cksessionhandlet_ data -> mL_CK_C_DigestEncryptUpdate cksessionhandlet_ data let c_DecryptDigestUpdate = fun cksessionhandlet_ data -> mL_CK_C_DecryptDigestUpdate cksessionhandlet_ data let c_SignEncryptUpdate = fun cksessionhandlet_ data -> mL_CK_C_SignEncryptUpdate cksessionhandlet_ data let c_DecryptVerifyUpdate = fun cksessionhandlet_ data -> mL_CK_C_DecryptVerifyUpdate cksessionhandlet_ data let c_GenerateKey = fun cksessionhandlet_ ckmechanism_ ckattributearray_ -> mL_CK_C_GenerateKey cksessionhandlet_ ckmechanism_ ckattributearray_ let c_GenerateKeyPair = fun cksessionhandlet_ ckmechanism_ pub_attributes priv_attributes -> mL_CK_C_GenerateKeyPair cksessionhandlet_ ckmechanism_ pub_attributes priv_attributes let c_WrapKey = fun cksessionhandlet_ ckmechanism_ wrapping_handle wrapped_handle -> mL_CK_C_WrapKey cksessionhandlet_ ckmechanism_ wrapping_handle wrapped_handle let c_UnwrapKey = fun cksessionhandlet_ ckmechanism_ unwrapping_handle wrapped_key ckattributearray_ -> mL_CK_C_UnwrapKey cksessionhandlet_ ckmechanism_ unwrapping_handle wrapped_key ckattributearray_ let c_DeriveKey = fun cksessionhandlet_ ckmechanism_ initial_key_handle ckattributearray_ -> mL_CK_C_DeriveKey cksessionhandlet_ ckmechanism_ initial_key_handle ckattributearray_ let c_SeedRandom = fun cksessionhandlet_ seed -> mL_CK_C_SeedRandom cksessionhandlet_ seed let c_GenerateRandom = fun cksessionhandlet_ count -> mL_CK_C_GenerateRandom cksessionhandlet_ count let c_GetFunctionStatus = fun cksessionhandlet_ -> mL_CK_C_GetFunctionStatus cksessionhandlet_ let c_CancelFunction = fun cksessionhandlet_ -> mL_CK_C_CancelFunction cksessionhandlet_ caml-crush-1.0.12/src/bindings-pkcs11/pkcs11.mli000066400000000000000000001174001414774042300211330ustar00rootroot00000000000000(* File generated from pkcs11.idl *) type ck_flags_t = nativeint and ck_version = { major: char; minor: char; } and ck_info = { ck_info_cryptoki_version: ck_version; ck_info_manufacturer_id: char array; ck_info_flags: ck_flags_t; ck_info_library_description: char array; ck_info_library_version: ck_version; } and ck_notification_t = nativeint and ck_slot_id_t = nativeint and ck_slot_info = { ck_slot_info_slot_description: char array; ck_slot_info_manufacturer_id: char array; ck_slot_info_flags: ck_flags_t; ck_slot_info_hardware_version: ck_version; ck_slot_info_firmware_version: ck_version; } and ck_token_info = { ck_token_info_label: char array; ck_token_info_manufacturer_id: char array; ck_token_info_model: char array; ck_token_info_serial_number: char array; ck_token_info_flags: ck_flags_t; ck_token_info_max_session_count: nativeint; ck_token_info_session_count: nativeint; ck_token_info_max_rw_session_count: nativeint; ck_token_info_rw_session_count: nativeint; ck_token_info_max_pin_len: nativeint; ck_token_info_min_pin_len: nativeint; ck_token_info_total_public_memory: nativeint; ck_token_info_free_public_memory: nativeint; ck_token_info_total_private_memory: nativeint; ck_token_info_free_private_memory: nativeint; ck_token_info_hardware_version: ck_version; ck_token_info_firmware_version: ck_version; ck_token_info_utc_time: char array; } and ck_session_handle_t = nativeint and ck_user_type_t = nativeint and ck_state_t = nativeint and ck_session_info = { ck_session_info_slot_id: ck_slot_id_t; ck_session_info_state: ck_state_t; ck_session_info_flags: ck_flags_t; ck_session_info_device_error: nativeint; } and ck_object_handle_t = nativeint and ck_object_class_t = nativeint and ck_hw_feature_type_t = nativeint and ck_key_type_t = nativeint and ck_certificate_type_t = nativeint and ck_attribute_type_t = nativeint and ck_attribute = { type_: ck_attribute_type_t; value: char array; } and ck_date = { year: char array; month: char array; day: char array; } and ck_mechanism_type_t = nativeint and ck_mechanism = { mechanism: ck_mechanism_type_t; parameter: char array; } and ck_mechanism_info = { ck_mechanism_info_min_key_size: nativeint; ck_mechanism_info_max_key_size: nativeint; ck_mechanism_info_flags: ck_flags_t; } and cK_BYTE = char and cK_CHAR = char and cK_UTF8CHAR = char and cK_BBOOL = char and cK_ULONG = nativeint and cK_LONG = nativeint and cK_BYTE_PTR = cK_BYTE option and cK_CHAR_PTR = cK_CHAR option and cK_UTF8CHAR_PTR = cK_UTF8CHAR option and cK_ULONG_PTR = cK_ULONG option and cK_VERSION = ck_version and cK_VERSION_PTR = ck_version option and cK_INFO = ck_info and cK_INFO_PTR = ck_info option and cK_SLOT_ID_PTR = ck_slot_id_t option and cK_SLOT_INFO = ck_slot_info and cK_SLOT_INFO_PTR = ck_slot_info option and cK_TOKEN_INFO = ck_token_info and cK_TOKEN_INFO_PTR = ck_token_info option and cK_SESSION_HANDLE_PTR = ck_session_handle_t option and cK_SESSION_INFO = ck_session_info and cK_SESSION_INFO_PTR = ck_session_info option and cK_OBJECT_HANDLE_PTR = ck_object_handle_t option and cK_OBJECT_CLASS_PTR = ck_object_class_t option and cK_ATTRIBUTE = ck_attribute and cK_ATTRIBUTE_PTR = ck_attribute option and cK_DATE = ck_date and cK_DATE_PTR = ck_date option and cK_MECHANISM_TYPE_PTR = ck_mechanism_type_t option and cK_MECHANISM = ck_mechanism and cK_MECHANISM_PTR = ck_mechanism option and cK_MECHANISM_INFO = ck_mechanism_info and cK_MECHANISM_INFO_PTR = ck_mechanism_info option and cK_C_INITIALIZE_ARGS = ck_c_initialize_args and cK_C_INITIALIZE_ARGS_PTR = ck_c_initialize_args option and ck_rv_t = nativeint and ck_createmutex_t = unit->nativeint and ck_destroymutex_t = unit->nativeint and ck_lockmutex_t = unit->nativeint and ck_unlockmutex_t = unit->nativeint and ck_c_initialize_args = { ck_c_initialize_args_create_mutex: ck_createmutex_t; ck_c_initialize_args_destroy_mutex: ck_destroymutex_t; ck_c_initialize_args_lock_mutex: ck_lockmutex_t; ck_c_initialize_args_unlock_mutex: ck_unlockmutex_t; ck_c_initialize_args_flags: ck_flags_t; } val lITTLE_ENDIAN_64 : nativeint val lITTLE_ENDIAN_32 : nativeint val bIG_ENDIAN_64 : nativeint val bIG_ENDIAN_32 : nativeint val uNSUPPORTED_ARCHITECTURE : nativeint val nOT_INITIALIZED : nativeint val match_arch_value : nativeint -> string val cRYPTOKI_VERSION_MAJOR : nativeint val cRYPTOKI_VERSION_MINOR : nativeint val cRYPTOKI_VERSION_REVISION : nativeint val cKN_SURRENDER : nativeint val cKN_OTP_CHANGED : nativeint val cKF_TOKEN_PRESENT : nativeint val cKF_REMOVABLE_DEVICE : nativeint val cKF_HW_SLOT : nativeint val cKF_ARRAY_ATTRIBUTE : nativeint val cKF_RNG : nativeint val cKF_WRITE_PROTECTED : nativeint val cKF_LOGIN_REQUIRED : nativeint val cKF_USER_PIN_INITIALIZED : nativeint val cKF_RESTORE_KEY_NOT_NEEDED : nativeint val cKF_CLOCK_ON_TOKEN : nativeint val cKF_PROTECTED_AUTHENTICATION_PATH : nativeint val cKF_DUAL_CRYPTO_OPERATIONS : nativeint val cKF_TOKEN_INITIALIZED : nativeint val cKF_SECONDARY_AUTHENTICATION : nativeint val cKF_USER_PIN_COUNT_LOW : nativeint val cKF_USER_PIN_FINAL_TRY : nativeint val cKF_USER_PIN_LOCKED : nativeint val cKF_USER_PIN_TO_BE_CHANGED : nativeint val cKF_SO_PIN_COUNT_LOW : nativeint val cKF_SO_PIN_FINAL_TRY : nativeint val cKF_SO_PIN_LOCKED : nativeint val cKF_SO_PIN_TO_BE_CHANGED : nativeint val cK_UNAVAILABLE_INFORMATION : nativeint val cK_EFFECTIVELY_INFINITE : nativeint val cK_INVALID_HANDLE : nativeint val cKU_SO : nativeint val cKU_USER : nativeint val cKU_CONTEXT_SPECIFIC : nativeint val cKS_RO_PUBLIC_SESSION : nativeint val cKS_RO_USER_FUNCTIONS : nativeint val cKS_RW_PUBLIC_SESSION : nativeint val cKS_RW_USER_FUNCTIONS : nativeint val cKS_RW_SO_FUNCTIONS : nativeint val cKF_RW_SESSION : nativeint val cKF_SERIAL_SESSION : nativeint val cKO_DATA : nativeint val cKO_CERTIFICATE : nativeint val cKO_PUBLIC_KEY : nativeint val cKO_PRIVATE_KEY : nativeint val cKO_SECRET_KEY : nativeint val cKO_HW_FEATURE : nativeint val cKO_DOMAIN_PARAMETERS : nativeint val cKO_MECHANISM : nativeint val cKO_OTP_KEY : nativeint val cKO_VENDOR_DEFINED : nativeint val cKH_MONOTONIC_COUNTER : nativeint val cKH_CLOCK : nativeint val cKH_USER_INTERFACE : nativeint val cKH_VENDOR_DEFINED : nativeint val cKK_RSA : nativeint val cKK_DSA : nativeint val cKK_DH : nativeint val cKK_ECDSA : nativeint val cKK_EC : nativeint val cKK_X9_42_DH : nativeint val cKK_KEA : nativeint val cKK_GENERIC_SECRET : nativeint val cKK_RC2 : nativeint val cKK_RC4 : nativeint val cKK_DES : nativeint val cKK_DES2 : nativeint val cKK_DES3 : nativeint val cKK_CAST : nativeint val cKK_CAST3 : nativeint val cKK_CAST128 : nativeint val cKK_RC5 : nativeint val cKK_IDEA : nativeint val cKK_SKIPJACK : nativeint val cKK_BATON : nativeint val cKK_JUNIPER : nativeint val cKK_CDMF : nativeint val cKK_AES : nativeint val cKK_BLOWFISH : nativeint val cKK_TWOFISH : nativeint val cKK_SECURID : nativeint val cKK_HOTP : nativeint val cKK_ACTI : nativeint val cKK_CAMELLIA : nativeint val cKK_ARIA : nativeint val cKK_VENDOR_DEFINED : nativeint val cKC_X_509 : nativeint val cKC_X_509_ATTR_CERT : nativeint val cKC_WTLS : nativeint val cKC_VENDOR_DEFINED : nativeint val cK_OTP_FORMAT_DECIMAL : nativeint val cK_OTP_FORMAT_HEXADECIMAL : nativeint val cK_OTP_FORMAT_ALPHANUMERIC : nativeint val cK_OTP_PARAM_IGNORED : nativeint val cK_OTP_PARAM_OPTIONAL : nativeint val cK_OTP_PARAM_MANDATORY : nativeint val cKA_CLASS : nativeint val cKA_TOKEN : nativeint val cKA_PRIVATE : nativeint val cKA_LABEL : nativeint val cKA_APPLICATION : nativeint val cKA_VALUE : nativeint val cKA_OBJECT_ID : nativeint val cKA_CERTIFICATE_TYPE : nativeint val cKA_ISSUER : nativeint val cKA_SERIAL_NUMBER : nativeint val cKA_AC_ISSUER : nativeint val cKA_OWNER : nativeint val cKA_ATTR_TYPES : nativeint val cKA_TRUSTED : nativeint val cKA_CERTIFICATE_CATEGORY : nativeint val cKA_JAVA_MIDP_SECURITY_DOMAIN : nativeint val cKA_URL : nativeint val cKA_HASH_OF_SUBJECT_PUBLIC_KEY : nativeint val cKA_HASH_OF_ISSUER_PUBLIC_KEY : nativeint val cKA_CHECK_VALUE : nativeint val cKA_KEY_TYPE : nativeint val cKA_SUBJECT : nativeint val cKA_ID : nativeint val cKA_SENSITIVE : nativeint val cKA_ENCRYPT : nativeint val cKA_DECRYPT : nativeint val cKA_WRAP : nativeint val cKA_UNWRAP : nativeint val cKA_SIGN : nativeint val cKA_SIGN_RECOVER : nativeint val cKA_VERIFY : nativeint val cKA_VERIFY_RECOVER : nativeint val cKA_DERIVE : nativeint val cKA_START_DATE : nativeint val cKA_END_DATE : nativeint val cKA_MODULUS : nativeint val cKA_MODULUS_BITS : nativeint val cKA_PUBLIC_EXPONENT : nativeint val cKA_PRIVATE_EXPONENT : nativeint val cKA_PRIME_1 : nativeint val cKA_PRIME_2 : nativeint val cKA_EXPONENT_1 : nativeint val cKA_EXPONENT_2 : nativeint val cKA_COEFFICIENT : nativeint val cKA_PRIME : nativeint val cKA_SUBPRIME : nativeint val cKA_BASE : nativeint val cKA_PRIME_BITS : nativeint val cKA_SUB_PRIME_BITS : nativeint val cKA_VALUE_BITS : nativeint val cKA_VALUE_LEN : nativeint val cKA_EXTRACTABLE : nativeint val cKA_LOCAL : nativeint val cKA_NEVER_EXTRACTABLE : nativeint val cKA_ALWAYS_SENSITIVE : nativeint val cKA_KEY_GEN_MECHANISM : nativeint val cKA_MODIFIABLE : nativeint val cKA_ECDSA_PARAMS : nativeint val cKA_EC_PARAMS : nativeint val cKA_EC_POINT : nativeint val cKA_SECONDARY_AUTH : nativeint val cKA_AUTH_PIN_FLAGS : nativeint val cKA_ALWAYS_AUTHENTICATE : nativeint val cKA_WRAP_WITH_TRUSTED : nativeint val cKA_OTP_FORMAT : nativeint val cKA_OTP_LENGTH : nativeint val cKA_OTP_TIME_INTERVAL : nativeint val cKA_OTP_USER_FRIENDLY_MODE : nativeint val cKA_OTP_CHALLENGE_REQUIREMENT : nativeint val cKA_OTP_TIME_REQUIREMENT : nativeint val cKA_OTP_COUNTER_REQUIREMENT : nativeint val cKA_OTP_PIN_REQUIREMENT : nativeint val cKA_OTP_COUNTER : nativeint val cKA_OTP_TIME : nativeint val cKA_OTP_USER_IDENTIFIER : nativeint val cKA_OTP_SERVICE_IDENTIFIER : nativeint val cKA_OTP_SERVICE_LOGO : nativeint val cKA_OTP_SERVICE_LOGO_TYPE : nativeint val cKA_HW_FEATURE_TYPE : nativeint val cKA_RESET_ON_INIT : nativeint val cKA_HAS_RESET : nativeint val cKA_PIXEL_X : nativeint val cKA_PIXEL_Y : nativeint val cKA_RESOLUTION : nativeint val cKA_CHAR_ROWS : nativeint val cKA_CHAR_COLUMNS : nativeint val cKA_COLOR : nativeint val cKA_BITS_PER_PIXEL : nativeint val cKA_CHAR_SETS : nativeint val cKA_ENCODING_METHODS : nativeint val cKA_MIME_TYPES : nativeint val cKA_MECHANISM_TYPE : nativeint val cKA_REQUIRED_CMS_ATTRIBUTES : nativeint val cKA_DEFAULT_CMS_ATTRIBUTES : nativeint val cKA_SUPPORTED_CMS_ATTRIBUTES : nativeint val cKA_WRAP_TEMPLATE : nativeint val cKA_UNWRAP_TEMPLATE : nativeint val cKA_ALLOWED_MECHANISMS : nativeint val cKA_VENDOR_DEFINED : nativeint val cKM_RSA_PKCS_KEY_PAIR_GEN : nativeint val cKM_RSA_PKCS : nativeint val cKM_RSA_9796 : nativeint val cKM_RSA_X_509 : nativeint val cKM_MD2_RSA_PKCS : nativeint val cKM_MD5_RSA_PKCS : nativeint val cKM_SHA1_RSA_PKCS : nativeint val cKM_RIPEMD128_RSA_PKCS : nativeint val cKM_RIPEMD160_RSA_PKCS : nativeint val cKM_RSA_PKCS_OAEP : nativeint val cKM_RSA_X9_31_KEY_PAIR_GEN : nativeint val cKM_RSA_X9_31 : nativeint val cKM_SHA1_RSA_X9_31 : nativeint val cKM_RSA_PKCS_PSS : nativeint val cKM_SHA1_RSA_PKCS_PSS : nativeint val cKM_DSA_KEY_PAIR_GEN : nativeint val cKM_DSA : nativeint val cKM_DSA_SHA1 : nativeint val cKM_DH_PKCS_KEY_PAIR_GEN : nativeint val cKM_DH_PKCS_DERIVE : nativeint val cKM_X9_42_DH_KEY_PAIR_GEN : nativeint val cKM_X9_42_DH_DERIVE : nativeint val cKM_X9_42_DH_HYBRID_DERIVE : nativeint val cKM_X9_42_MQV_DERIVE : nativeint val cKM_SHA256_RSA_PKCS : nativeint val cKM_SHA384_RSA_PKCS : nativeint val cKM_SHA512_RSA_PKCS : nativeint val cKM_SHA224_RSA_PKCS : nativeint val cKM_SHA256_RSA_PKCS_PSS : nativeint val cKM_SHA384_RSA_PKCS_PSS : nativeint val cKM_SHA512_RSA_PKCS_PSS : nativeint val cKM_SHA224_RSA_PKCS_PSS : nativeint val cKM_RC2_KEY_GEN : nativeint val cKM_RC2_ECB : nativeint val cKM_RC2_CBC : nativeint val cKM_RC2_MAC : nativeint val cKM_RC2_MAC_GENERAL : nativeint val cKM_RC2_CBC_PAD : nativeint val cKM_RC4_KEY_GEN : nativeint val cKM_RC4 : nativeint val cKM_DES_KEY_GEN : nativeint val cKM_DES_ECB : nativeint val cKM_DES_CBC : nativeint val cKM_DES_MAC : nativeint val cKM_DES_MAC_GENERAL : nativeint val cKM_DES_CBC_PAD : nativeint val cKM_DES2_KEY_GEN : nativeint val cKM_DES3_KEY_GEN : nativeint val cKM_DES3_ECB : nativeint val cKM_DES3_CBC : nativeint val cKM_DES3_MAC : nativeint val cKM_DES3_MAC_GENERAL : nativeint val cKM_DES3_CBC_PAD : nativeint val cKM_CDMF_KEY_GEN : nativeint val cKM_CDMF_ECB : nativeint val cKM_CDMF_CBC : nativeint val cKM_CDMF_MAC : nativeint val cKM_CDMF_MAC_GENERAL : nativeint val cKM_CDMF_CBC_PAD : nativeint val cKM_MD2 : nativeint val cKM_MD2_HMAC : nativeint val cKM_MD2_HMAC_GENERAL : nativeint val cKM_MD5 : nativeint val cKM_MD5_HMAC : nativeint val cKM_MD5_HMAC_GENERAL : nativeint val cKM_SHA_1 : nativeint val cKM_SHA_1_HMAC : nativeint val cKM_SHA_1_HMAC_GENERAL : nativeint val cKM_RIPEMD128 : nativeint val cKM_RIPEMD128_HMAC : nativeint val cKM_RIPEMD128_HMAC_GENERAL : nativeint val cKM_RIPEMD160 : nativeint val cKM_RIPEMD160_HMAC : nativeint val cKM_RIPEMD160_HMAC_GENERAL : nativeint val cKM_SHA256 : nativeint val cKM_SHA256_HMAC : nativeint val cKM_SHA256_HMAC_GENERAL : nativeint val cKM_SHA384 : nativeint val cKM_SHA384_HMAC : nativeint val cKM_SHA384_HMAC_GENERAL : nativeint val cKM_SHA512 : nativeint val cKM_SHA512_HMAC : nativeint val cKM_SHA512_HMAC_GENERAL : nativeint val cKM_SHA224 : nativeint val cKM_SHA224_HMAC : nativeint val cKM_SHA224_HMAC_GENERAL : nativeint val cKM_SECURID_KEY_GEN : nativeint val cKM_SECURID : nativeint val cKM_HOTP_KEY_GEN : nativeint val cKM_HOTP : nativeint val cKM_ACTI_KEY_GEN : nativeint val cKM_ACTI : nativeint val cKM_CAST_KEY_GEN : nativeint val cKM_CAST_ECB : nativeint val cKM_CAST_CBC : nativeint val cKM_CAST_MAC : nativeint val cKM_CAST_MAC_GENERAL : nativeint val cKM_CAST_CBC_PAD : nativeint val cKM_CAST3_KEY_GEN : nativeint val cKM_CAST3_ECB : nativeint val cKM_CAST3_CBC : nativeint val cKM_CAST3_MAC : nativeint val cKM_CAST3_MAC_GENERAL : nativeint val cKM_CAST3_CBC_PAD : nativeint val cKM_CAST5_KEY_GEN : nativeint val cKM_CAST128_KEY_GEN : nativeint val cKM_CAST5_ECB : nativeint val cKM_CAST128_ECB : nativeint val cKM_CAST5_CBC : nativeint val cKM_CAST128_CBC : nativeint val cKM_CAST5_MAC : nativeint val cKM_CAST128_MAC : nativeint val cKM_CAST5_MAC_GENERAL : nativeint val cKM_CAST128_MAC_GENERAL : nativeint val cKM_CAST5_CBC_PAD : nativeint val cKM_CAST128_CBC_PAD : nativeint val cKM_RC5_KEY_GEN : nativeint val cKM_RC5_ECB : nativeint val cKM_RC5_CBC : nativeint val cKM_RC5_MAC : nativeint val cKM_RC5_MAC_GENERAL : nativeint val cKM_RC5_CBC_PAD : nativeint val cKM_IDEA_KEY_GEN : nativeint val cKM_IDEA_ECB : nativeint val cKM_IDEA_CBC : nativeint val cKM_IDEA_MAC : nativeint val cKM_IDEA_MAC_GENERAL : nativeint val cKM_IDEA_CBC_PAD : nativeint val cKM_GENERIC_SECRET_KEY_GEN : nativeint val cKM_CONCATENATE_BASE_AND_KEY : nativeint val cKM_CONCATENATE_BASE_AND_DATA : nativeint val cKM_CONCATENATE_DATA_AND_BASE : nativeint val cKM_XOR_BASE_AND_DATA : nativeint val cKM_EXTRACT_KEY_FROM_KEY : nativeint val cKM_SSL3_PRE_MASTER_KEY_GEN : nativeint val cKM_SSL3_MASTER_KEY_DERIVE : nativeint val cKM_SSL3_KEY_AND_MAC_DERIVE : nativeint val cKM_SSL3_MASTER_KEY_DERIVE_DH : nativeint val cKM_TLS_PRE_MASTER_KEY_GEN : nativeint val cKM_TLS_MASTER_KEY_DERIVE : nativeint val cKM_TLS_KEY_AND_MAC_DERIVE : nativeint val cKM_TLS_MASTER_KEY_DERIVE_DH : nativeint val cKM_TLS_PRF : nativeint val cKM_SSL3_MD5_MAC : nativeint val cKM_SSL3_SHA1_MAC : nativeint val cKM_MD5_KEY_DERIVATION : nativeint val cKM_MD2_KEY_DERIVATION : nativeint val cKM_SHA1_KEY_DERIVATION : nativeint val cKM_SHA256_KEY_DERIVATION : nativeint val cKM_SHA384_KEY_DERIVATION : nativeint val cKM_SHA512_KEY_DERIVATION : nativeint val cKM_SHA224_KEY_DERIVATION : nativeint val cKM_PBE_MD2_DES_CBC : nativeint val cKM_PBE_MD5_DES_CBC : nativeint val cKM_PBE_MD5_CAST_CBC : nativeint val cKM_PBE_MD5_CAST3_CBC : nativeint val cKM_PBE_MD5_CAST5_CBC : nativeint val cKM_PBE_MD5_CAST128_CBC : nativeint val cKM_PBE_SHA1_CAST5_CBC : nativeint val cKM_PBE_SHA1_CAST128_CBC : nativeint val cKM_PBE_SHA1_RC4_128 : nativeint val cKM_PBE_SHA1_RC4_40 : nativeint val cKM_PBE_SHA1_DES3_EDE_CBC : nativeint val cKM_PBE_SHA1_DES2_EDE_CBC : nativeint val cKM_PBE_SHA1_RC2_128_CBC : nativeint val cKM_PBE_SHA1_RC2_40_CBC : nativeint val cKM_PKCS5_PBKD2 : nativeint val cKM_PBA_SHA1_WITH_SHA1_HMAC : nativeint val cKM_WTLS_PRE_MASTER_KEY_GEN : nativeint val cKM_WTLS_MASTER_KEY_DERIVE : nativeint val cKM_WTLS_MASTER_KEY_DERIVE_DH_ECC : nativeint val cKM_WTLS_PRF : nativeint val cKM_WTLS_SERVER_KEY_AND_MAC_DERIVE : nativeint val cKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE : nativeint val cKM_KEY_WRAP_LYNKS : nativeint val cKM_KEY_WRAP_SET_OAEP : nativeint val cKM_CMS_SIG : nativeint val cKM_KIP_DERIVE : nativeint val cKM_KIP_WRAP : nativeint val cKM_KIP_MAC : nativeint val cKM_CAMELLIA_KEY_GEN : nativeint val cKM_CAMELLIA_ECB : nativeint val cKM_CAMELLIA_CBC : nativeint val cKM_CAMELLIA_MAC : nativeint val cKM_CAMELLIA_MAC_GENERAL : nativeint val cKM_CAMELLIA_CBC_PAD : nativeint val cKM_CAMELLIA_ECB_ENCRYPT_DATA : nativeint val cKM_CAMELLIA_CBC_ENCRYPT_DATA : nativeint val cKM_CAMELLIA_CTR : nativeint val cKM_ARIA_KEY_GEN : nativeint val cKM_ARIA_ECB : nativeint val cKM_ARIA_CBC : nativeint val cKM_ARIA_MAC : nativeint val cKM_ARIA_MAC_GENERAL : nativeint val cKM_ARIA_CBC_PAD : nativeint val cKM_ARIA_ECB_ENCRYPT_DATA : nativeint val cKM_ARIA_CBC_ENCRYPT_DATA : nativeint val cKM_SKIPJACK_KEY_GEN : nativeint val cKM_SKIPJACK_ECB64 : nativeint val cKM_SKIPJACK_CBC64 : nativeint val cKM_SKIPJACK_OFB64 : nativeint val cKM_SKIPJACK_CFB64 : nativeint val cKM_SKIPJACK_CFB32 : nativeint val cKM_SKIPJACK_CFB16 : nativeint val cKM_SKIPJACK_CFB8 : nativeint val cKM_SKIPJACK_WRAP : nativeint val cKM_SKIPJACK_PRIVATE_WRAP : nativeint val cKM_SKIPJACK_RELAYX : nativeint val cKM_KEA_KEY_PAIR_GEN : nativeint val cKM_KEA_KEY_DERIVE : nativeint val cKM_FORTEZZA_TIMESTAMP : nativeint val cKM_BATON_KEY_GEN : nativeint val cKM_BATON_ECB128 : nativeint val cKM_BATON_ECB96 : nativeint val cKM_BATON_CBC128 : nativeint val cKM_BATON_COUNTER : nativeint val cKM_BATON_SHUFFLE : nativeint val cKM_BATON_WRAP : nativeint val cKM_EC_KEY_PAIR_GEN : nativeint val cKM_ECDSA : nativeint val cKM_ECDSA_SHA1 : nativeint val cKM_ECDH1_DERIVE : nativeint val cKM_ECDH1_COFACTOR_DERIVE : nativeint val cKM_ECMQV_DERIVE : nativeint val cKM_JUNIPER_KEY_GEN : nativeint val cKM_JUNIPER_ECB128 : nativeint val cKM_JUNIPER_CBC128 : nativeint val cKM_JUNIPER_COUNTER : nativeint val cKM_JUNIPER_SHUFFLE : nativeint val cKM_JUNIPER_WRAP : nativeint val cKM_FASTHASH : nativeint val cKM_AES_KEY_GEN : nativeint val cKM_AES_ECB : nativeint val cKM_AES_CBC : nativeint val cKM_AES_MAC : nativeint val cKM_AES_MAC_GENERAL : nativeint val cKM_AES_CBC_PAD : nativeint val cKM_AES_CTR : nativeint val cKM_BLOWFISH_KEY_GEN : nativeint val cKM_BLOWFISH_CBC : nativeint val cKM_TWOFISH_KEY_GEN : nativeint val cKM_TWOFISH_CBC : nativeint val cKM_DES_ECB_ENCRYPT_DATA : nativeint val cKM_DES_CBC_ENCRYPT_DATA : nativeint val cKM_DES3_ECB_ENCRYPT_DATA : nativeint val cKM_DES3_CBC_ENCRYPT_DATA : nativeint val cKM_AES_ECB_ENCRYPT_DATA : nativeint val cKM_AES_CBC_ENCRYPT_DATA : nativeint val cKM_DSA_PARAMETER_GEN : nativeint val cKM_DH_PKCS_PARAMETER_GEN : nativeint val cKM_X9_42_DH_PARAMETER_GEN : nativeint val cKM_VENDOR_DEFINED : nativeint val cKF_HW : nativeint val cKF_ENCRYPT : nativeint val cKF_DECRYPT : nativeint val cKF_DIGEST : nativeint val cKF_SIGN : nativeint val cKF_SIGN_RECOVER : nativeint val cKF_VERIFY : nativeint val cKF_VERIFY_RECOVER : nativeint val cKF_GENERATE : nativeint val cKF_GENERATE_KEY_PAIR : nativeint val cKF_WRAP : nativeint val cKF_UNWRAP : nativeint val cKF_DERIVE : nativeint val cKF_EC_F_P : nativeint val cKF_EC_F_2M : nativeint val cKF_EC_ECPARAMETERS : nativeint val cKF_EC_NAMEDCURVE : nativeint val cKF_EC_UNCOMPRESS : nativeint val cKF_EC_COMPRESS : nativeint val cKF_EXTENSION : nativeint val cKF_DONT_BLOCK : nativeint val cKF_LIBRARY_CANT_CREATE_OS_THREADS : nativeint val cKF_OS_LOCKING_OK : nativeint val cKR_OK : nativeint val cKR_CANCEL : nativeint val cKR_HOST_MEMORY : nativeint val cKR_SLOT_ID_INVALID : nativeint val cKR_GENERAL_ERROR : nativeint val cKR_FUNCTION_FAILED : nativeint val cKR_ARGUMENTS_BAD : nativeint val cKR_NO_EVENT : nativeint val cKR_NEED_TO_CREATE_THREADS : nativeint val cKR_CANT_LOCK : nativeint val cKR_ATTRIBUTE_READ_ONLY : nativeint val cKR_ATTRIBUTE_SENSITIVE : nativeint val cKR_ATTRIBUTE_TYPE_INVALID : nativeint val cKR_ATTRIBUTE_VALUE_INVALID : nativeint val cKR_DATA_INVALID : nativeint val cKR_DATA_LEN_RANGE : nativeint val cKR_DEVICE_ERROR : nativeint val cKR_DEVICE_MEMORY : nativeint val cKR_DEVICE_REMOVED : nativeint val cKR_ENCRYPTED_DATA_INVALID : nativeint val cKR_ENCRYPTED_DATA_LEN_RANGE : nativeint val cKR_FUNCTION_CANCELED : nativeint val cKR_FUNCTION_NOT_PARALLEL : nativeint val cKR_FUNCTION_NOT_SUPPORTED : nativeint val cKR_KEY_HANDLE_INVALID : nativeint val cKR_KEY_SIZE_RANGE : nativeint val cKR_KEY_TYPE_INCONSISTENT : nativeint val cKR_KEY_NOT_NEEDED : nativeint val cKR_KEY_CHANGED : nativeint val cKR_KEY_NEEDED : nativeint val cKR_KEY_INDIGESTIBLE : nativeint val cKR_KEY_FUNCTION_NOT_PERMITTED : nativeint val cKR_KEY_NOT_WRAPPABLE : nativeint val cKR_KEY_UNEXTRACTABLE : nativeint val cKR_MECHANISM_INVALID : nativeint val cKR_MECHANISM_PARAM_INVALID : nativeint val cKR_OBJECT_HANDLE_INVALID : nativeint val cKR_OPERATION_ACTIVE : nativeint val cKR_OPERATION_NOT_INITIALIZED : nativeint val cKR_PIN_INCORRECT : nativeint val cKR_PIN_INVALID : nativeint val cKR_PIN_LEN_RANGE : nativeint val cKR_PIN_EXPIRED : nativeint val cKR_PIN_LOCKED : nativeint val cKR_SESSION_CLOSED : nativeint val cKR_SESSION_COUNT : nativeint val cKR_SESSION_HANDLE_INVALID : nativeint val cKR_SESSION_PARALLEL_NOT_SUPPORTED : nativeint val cKR_SESSION_READ_ONLY : nativeint val cKR_SESSION_EXISTS : nativeint val cKR_SESSION_READ_ONLY_EXISTS : nativeint val cKR_SESSION_READ_WRITE_SO_EXISTS : nativeint val cKR_SIGNATURE_INVALID : nativeint val cKR_SIGNATURE_LEN_RANGE : nativeint val cKR_TEMPLATE_INCOMPLETE : nativeint val cKR_TEMPLATE_INCONSISTENT : nativeint val cKR_TOKEN_NOT_PRESENT : nativeint val cKR_TOKEN_NOT_RECOGNIZED : nativeint val cKR_TOKEN_WRITE_PROTECTED : nativeint val cKR_UNWRAPPING_KEY_HANDLE_INVALID : nativeint val cKR_UNWRAPPING_KEY_SIZE_RANGE : nativeint val cKR_UNWRAPPING_KEY_TYPE_INCONSISTENT : nativeint val cKR_USER_ALREADY_LOGGED_IN : nativeint val cKR_USER_NOT_LOGGED_IN : nativeint val cKR_USER_PIN_NOT_INITIALIZED : nativeint val cKR_USER_TYPE_INVALID : nativeint val cKR_USER_ANOTHER_ALREADY_LOGGED_IN : nativeint val cKR_USER_TOO_MANY_TYPES : nativeint val cKR_WRAPPED_KEY_INVALID : nativeint val cKR_WRAPPED_KEY_LEN_RANGE : nativeint val cKR_WRAPPING_KEY_HANDLE_INVALID : nativeint val cKR_WRAPPING_KEY_SIZE_RANGE : nativeint val cKR_WRAPPING_KEY_TYPE_INCONSISTENT : nativeint val cKR_RANDOM_SEED_NOT_SUPPORTED : nativeint val cKR_RANDOM_NO_RNG : nativeint val cKR_DOMAIN_PARAMS_INVALID : nativeint val cKR_BUFFER_TOO_SMALL : nativeint val cKR_SAVED_STATE_INVALID : nativeint val cKR_INFORMATION_SENSITIVE : nativeint val cKR_STATE_UNSAVEABLE : nativeint val cKR_CRYPTOKI_NOT_INITIALIZED : nativeint val cKR_CRYPTOKI_ALREADY_INITIALIZED : nativeint val cKR_MUTEX_BAD : nativeint val cKR_MUTEX_NOT_LOCKED : nativeint val cKR_NEW_PIN_MODE : nativeint val cKR_NEXT_OTP : nativeint val cKR_FUNCTION_REJECTED : nativeint val cKR_VENDOR_DEFINED : nativeint val cK_FALSE : nativeint val cK_TRUE : nativeint val fALSE : nativeint val tRUE : nativeint val nULL_PTR : nativeint val false_ : char array val true_ : char array exception Mechanism_unknown of string (* Helpers for information printing *) val match_cKM_value : nativeint -> string val match_cKR_value : nativeint -> string val match_cKA_value : nativeint -> string val match_cKF_value : nativeint -> string val match_cKC_value : nativeint -> string val match_cKK_value : nativeint -> string val match_cKS_value : nativeint -> string val match_cKU_value : nativeint -> string val match_cKO_value : nativeint -> string val string_to_cKM_value : string -> nativeint (* Helpers for strings and char arrays *) val string_to_char_array : string -> char array val char_array_to_string : char array -> string val print_int_array : nativeint array -> unit val print_char_array : char array -> unit val print_string_array : string array -> unit val print_hex : char -> unit val print_hex_array : char array -> unit val int_to_hexchar : nativeint -> char val hexchar_to_int : char -> nativeint val merge_nibbles : char -> char -> char val pack : string -> string val sprint_hex_array : char array -> string val bool_to_char_array : nativeint -> char array val char_array_to_bool : char array -> nativeint val sprint_bool_attribute_value : nativeint -> string val sprint_template_array : ck_attribute array -> string external mL_CK_C_Daemonize : char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_Daemonize" external mL_CK_C_SetupArch : nativeint -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_SetupArch" external mL_CK_C_LoadModule : char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_LoadModule" external mL_CK_C_Initialize : unit -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_Initialize" external mL_CK_C_Finalize : unit -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_Finalize" external mL_CK_C_GetSlotList : nativeint -> nativeint -> ck_rv_t * ck_slot_id_t array * nativeint = "camlidl_pkcs11_ML_CK_C_GetSlotList" external mL_CK_C_GetInfo : unit -> ck_rv_t * ck_info = "camlidl_pkcs11_ML_CK_C_GetInfo" external mL_CK_C_WaitForSlotEvent : ck_flags_t -> ck_rv_t * ck_slot_id_t = "camlidl_pkcs11_ML_CK_C_WaitForSlotEvent" external mL_CK_C_GetSlotInfo : ck_slot_id_t -> ck_rv_t * ck_slot_info = "camlidl_pkcs11_ML_CK_C_GetSlotInfo" external mL_CK_C_GetTokenInfo : ck_slot_id_t -> ck_rv_t * ck_token_info = "camlidl_pkcs11_ML_CK_C_GetTokenInfo" external mL_CK_C_InitToken : ck_slot_id_t -> char array -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_InitToken" external mL_CK_C_OpenSession : ck_slot_id_t -> ck_flags_t -> ck_rv_t * ck_session_handle_t = "camlidl_pkcs11_ML_CK_C_OpenSession" external mL_CK_C_CloseSession : ck_session_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_CloseSession" external mL_CK_C_CloseAllSessions : ck_slot_id_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_CloseAllSessions" external mL_CK_C_GetSessionInfo : ck_session_handle_t -> ck_rv_t * ck_session_info = "camlidl_pkcs11_ML_CK_C_GetSessionInfo" external mL_CK_C_Login : ck_session_handle_t -> ck_user_type_t -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_Login" external mL_CK_C_Logout : ck_session_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_Logout" external mL_CK_C_GetMechanismList : ck_slot_id_t -> nativeint -> ck_rv_t * ck_mechanism_type_t array * nativeint = "camlidl_pkcs11_ML_CK_C_GetMechanismList" external mL_CK_C_GetMechanismInfo : ck_slot_id_t -> ck_mechanism_type_t -> ck_rv_t * ck_mechanism_info = "camlidl_pkcs11_ML_CK_C_GetMechanismInfo" external mL_CK_C_InitPIN : ck_session_handle_t -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_InitPIN" external mL_CK_C_SetPIN : ck_session_handle_t -> char array -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_SetPIN" external mL_CK_C_SeedRandom : ck_session_handle_t -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_SeedRandom" external mL_CK_C_GenerateRandom : ck_session_handle_t -> nativeint -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_GenerateRandom" external mL_CK_C_FindObjectsInit : ck_session_handle_t -> ck_attribute array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_FindObjectsInit" external mL_CK_C_FindObjects : ck_session_handle_t -> nativeint -> ck_rv_t * ck_object_handle_t array * nativeint = "camlidl_pkcs11_ML_CK_C_FindObjects" external mL_CK_C_FindObjectsFinal : ck_session_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_FindObjectsFinal" external mL_CK_C_GenerateKey : ck_session_handle_t -> ck_mechanism -> ck_attribute array -> ck_rv_t * ck_object_handle_t = "camlidl_pkcs11_ML_CK_C_GenerateKey" external mL_CK_C_GenerateKeyPair : ck_session_handle_t -> ck_mechanism -> ck_attribute array -> ck_attribute array -> ck_rv_t * ck_object_handle_t * ck_object_handle_t = "camlidl_pkcs11_ML_CK_C_GenerateKeyPair" external mL_CK_C_CreateObject : ck_session_handle_t -> ck_attribute array -> ck_rv_t * ck_object_handle_t = "camlidl_pkcs11_ML_CK_C_CreateObject" external mL_CK_C_CopyObject : ck_session_handle_t -> ck_object_handle_t -> ck_attribute array -> ck_rv_t * ck_object_handle_t = "camlidl_pkcs11_ML_CK_C_CopyObject" external mL_CK_C_DestroyObject : ck_session_handle_t -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_DestroyObject" external mL_CK_C_GetAttributeValue : ck_session_handle_t -> ck_object_handle_t -> ck_attribute array -> ck_rv_t * ck_attribute array = "camlidl_pkcs11_ML_CK_C_GetAttributeValue" external mL_CK_C_SetAttributeValue : ck_session_handle_t -> ck_object_handle_t -> ck_attribute array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_SetAttributeValue" external mL_CK_C_GetObjectSize : ck_session_handle_t -> ck_object_handle_t -> ck_rv_t * nativeint = "camlidl_pkcs11_ML_CK_C_GetObjectSize" external mL_CK_C_WrapKey : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_object_handle_t -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_WrapKey" external mL_CK_C_UnwrapKey : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> char array -> ck_attribute array -> ck_rv_t * ck_object_handle_t = "camlidl_pkcs11_ML_CK_C_UnwrapKey" external mL_CK_C_DeriveKey : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_attribute array -> ck_rv_t * ck_object_handle_t = "camlidl_pkcs11_ML_CK_C_DeriveKey" external mL_CK_C_DigestInit : ck_session_handle_t -> ck_mechanism -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_DigestInit" external mL_CK_C_Digest : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_Digest" external mL_CK_C_DigestUpdate : ck_session_handle_t -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_DigestUpdate" external mL_CK_C_DigestKey : ck_session_handle_t -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_DigestKey" external mL_CK_C_DigestFinal : ck_session_handle_t -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_DigestFinal" external mL_CK_C_SignInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_SignInit" external mL_CK_C_SignRecoverInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_SignRecoverInit" external mL_CK_C_Sign : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_Sign" external mL_CK_C_SignRecover : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_SignRecover" external mL_CK_C_SignUpdate : ck_session_handle_t -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_SignUpdate" external mL_CK_C_SignFinal : ck_session_handle_t -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_SignFinal" external mL_CK_C_VerifyInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_VerifyInit" external mL_CK_C_VerifyRecoverInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_VerifyRecoverInit" external mL_CK_C_Verify : ck_session_handle_t -> char array -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_Verify" external mL_CK_C_VerifyRecover : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_VerifyRecover" external mL_CK_C_VerifyUpdate : ck_session_handle_t -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_VerifyUpdate" external mL_CK_C_VerifyFinal : ck_session_handle_t -> char array -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_VerifyFinal" external mL_CK_C_EncryptInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_EncryptInit" external mL_CK_C_Encrypt : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_Encrypt" external mL_CK_C_EncryptUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_EncryptUpdate" external mL_CK_C_EncryptFinal : ck_session_handle_t -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_EncryptFinal" external mL_CK_C_DigestEncryptUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_DigestEncryptUpdate" external mL_CK_C_SignEncryptUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_SignEncryptUpdate" external mL_CK_C_DecryptInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_DecryptInit" external mL_CK_C_Decrypt : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_Decrypt" external mL_CK_C_DecryptUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_DecryptUpdate" external mL_CK_C_DecryptFinal : ck_session_handle_t -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_DecryptFinal" external mL_CK_C_DecryptDigestUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_DecryptDigestUpdate" external mL_CK_C_DecryptVerifyUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_DecryptVerifyUpdate" external mL_CK_C_GetOperationState : ck_session_handle_t -> ck_rv_t * char array = "camlidl_pkcs11_ML_CK_C_GetOperationState" external mL_CK_C_SetOperationState : ck_session_handle_t -> char array -> ck_object_handle_t -> ck_object_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_SetOperationState" external mL_CK_C_GetFunctionStatus : ck_session_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_GetFunctionStatus" external mL_CK_C_CancelFunction : ck_session_handle_t -> ck_rv_t = "camlidl_pkcs11_ML_CK_C_CancelFunction" external int_to_ulong_char_array : nativeint -> char array = "camlidl_pkcs11_int_to_ulong_char_array" external char_array_to_ulong : char array -> nativeint = "camlidl_pkcs11_char_array_to_ulong" external hton_char_array : char array -> char array = "camlidl_pkcs11_hton_char_array" external ntoh_char_array : char array -> char array = "camlidl_pkcs11_ntoh_char_array" val c_Daemonize : char array -> ck_rv_t val c_SetupArch : nativeint -> ck_rv_t val c_LoadModule : char array -> ck_rv_t val c_Initialize : unit -> ck_rv_t val c_GetInfo : unit -> ck_rv_t * ck_info val c_GetSlotList : nativeint -> nativeint -> ck_rv_t * ck_slot_id_t array * nativeint val c_GetSlotInfo : ck_slot_id_t -> ck_rv_t * ck_slot_info val c_GetTokenInfo : ck_slot_id_t -> ck_rv_t * ck_token_info val c_WaitForSlotEvent : ck_flags_t -> ck_rv_t * ck_slot_id_t val c_GetMechanismList : ck_slot_id_t -> nativeint -> ck_rv_t * ck_mechanism_type_t array * nativeint val c_GetMechanismInfo : ck_slot_id_t -> ck_mechanism_type_t -> ck_rv_t * ck_mechanism_info val c_InitToken : ck_slot_id_t -> char array -> char array -> ck_rv_t val c_InitPIN : ck_session_handle_t -> char array -> ck_rv_t val c_SetPIN : ck_session_handle_t -> char array -> char array -> ck_rv_t val c_OpenSession : ck_slot_id_t -> ck_flags_t -> ck_rv_t * ck_session_handle_t val c_CloseSession : ck_session_handle_t -> ck_rv_t val c_CloseAllSessions : ck_slot_id_t -> ck_rv_t val c_GetSessionInfo : ck_session_handle_t -> ck_rv_t * ck_session_info val c_GetOperationState : ck_session_handle_t -> ck_rv_t * char array val c_SetOperationState : ck_session_handle_t -> char array -> ck_object_handle_t -> ck_object_handle_t -> ck_rv_t val c_Login : ck_session_handle_t -> ck_user_type_t -> char array -> ck_rv_t val c_Logout : ck_session_handle_t -> ck_rv_t val c_Finalize : unit -> ck_rv_t val c_CreateObject : ck_session_handle_t -> ck_attribute array -> ck_rv_t * ck_object_handle_t val c_CopyObject : ck_session_handle_t -> ck_object_handle_t -> ck_attribute array -> ck_rv_t * ck_object_handle_t val c_DestroyObject : ck_session_handle_t -> ck_object_handle_t -> ck_rv_t val c_GetObjectSize : ck_session_handle_t -> ck_object_handle_t -> ck_rv_t * nativeint val c_GetAttributeValue : ck_session_handle_t -> ck_object_handle_t -> ck_attribute array -> ck_rv_t * ck_attribute array val c_SetAttributeValue : ck_session_handle_t -> ck_object_handle_t -> ck_attribute array -> ck_rv_t val c_FindObjectsInit : ck_session_handle_t -> ck_attribute array -> ck_rv_t val c_FindObjects : ck_session_handle_t -> nativeint -> ck_rv_t * ck_object_handle_t array * nativeint val c_FindObjectsFinal : ck_session_handle_t -> ck_rv_t val c_EncryptInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t val c_Encrypt : ck_session_handle_t -> char array -> ck_rv_t * char array val c_EncryptUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array val c_EncryptFinal : ck_session_handle_t -> ck_rv_t * char array val c_DecryptInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t val c_Decrypt : ck_session_handle_t -> char array -> ck_rv_t * char array val c_DecryptUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array val c_DecryptFinal : ck_session_handle_t -> ck_rv_t * char array val c_DigestInit : ck_session_handle_t -> ck_mechanism -> ck_rv_t val c_Digest : ck_session_handle_t -> char array -> ck_rv_t * char array val c_DigestUpdate : ck_session_handle_t -> char array -> ck_rv_t val c_DigestKey : ck_session_handle_t -> ck_object_handle_t -> ck_rv_t val c_DigestFinal : ck_session_handle_t -> ck_rv_t * char array val c_SignInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t val c_SignRecoverInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t val c_Sign : ck_session_handle_t -> char array -> ck_rv_t * char array val c_SignRecover : ck_session_handle_t -> char array -> ck_rv_t * char array val c_SignUpdate : ck_session_handle_t -> char array -> ck_rv_t val c_SignFinal : ck_session_handle_t -> ck_rv_t * char array val c_VerifyInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t val c_VerifyRecoverInit : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_rv_t val c_Verify : ck_session_handle_t -> char array -> char array -> ck_rv_t val c_VerifyRecover : ck_session_handle_t -> char array -> ck_rv_t * char array val c_VerifyUpdate : ck_session_handle_t -> char array -> ck_rv_t val c_VerifyFinal : ck_session_handle_t -> char array -> ck_rv_t val c_DigestEncryptUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array val c_DecryptDigestUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array val c_SignEncryptUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array val c_DecryptVerifyUpdate : ck_session_handle_t -> char array -> ck_rv_t * char array val c_GenerateKey : ck_session_handle_t -> ck_mechanism -> ck_attribute array -> ck_rv_t * ck_object_handle_t val c_GenerateKeyPair : ck_session_handle_t -> ck_mechanism -> ck_attribute array -> ck_attribute array -> ck_rv_t * ck_object_handle_t * ck_object_handle_t val c_WrapKey : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_object_handle_t -> ck_rv_t * char array val c_UnwrapKey : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> char array -> ck_attribute array -> ck_rv_t * ck_object_handle_t val c_DeriveKey : ck_session_handle_t -> ck_mechanism -> ck_object_handle_t -> ck_attribute array -> ck_rv_t * ck_object_handle_t val c_SeedRandom : ck_session_handle_t -> char array -> ck_rv_t val c_GenerateRandom : ck_session_handle_t -> nativeint -> ck_rv_t * char array val c_GetFunctionStatus : ck_session_handle_t -> ck_rv_t val c_CancelFunction : ck_session_handle_t -> ck_rv_t caml-crush-1.0.12/src/bindings-pkcs11/pkcs11_aliasing.h000066400000000000000000000347001414774042300224510ustar00rootroot00000000000000/*------------------------ MIT License HEADER ------------------------------------ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the bindings 1] source tree: ---------------------- | 1] PKCS#11 OCaml | | bindings | ---------------------- | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Project: PKCS#11 Filtering Proxy File: src/bindings-pkcs11/pkcs11_aliasing.h -------------------------- MIT License HEADER ----------------------------------*/ /* ------- Flags ------------ */ #ifdef USE_ALIASING #include "PRESENT_tables.h" #warning "WARNING: using slots, sessions and objects aliasing!" #ifdef RANDOM_ALIASING #warning "WARNING: using RANDOM aliasing for sessions and objects handles" #else #warning "WARNING: using INCREMENTAL aliasing for sessions and objects handles" #endif /* ------- Code to handle random permutation for the handles ---------- */ /* We want to produce unique handles with high bit set to zero */ /* We use PRESENT128 as a random permutation */ unsigned char startup = 0; #define RANDSOURCE "/dev/urandom" unsigned long random_permute(unsigned long in); #define PRESENT128_KEY_SIZE (sizeof(u16) * KEY128) unsigned long random_permute(unsigned long in) { unsigned long out; unsigned char input[sizeof(u64)] = { 0 }; unsigned char output[sizeof(u64)] = { 0 }; u8 subkeys[TABLE_P * PRESENT128_SUBKEYS_SIZE] = {0}; /* Copy our input */ memcpy(input, &in, sizeof(in)); /* Initialize the PRESENT algo with a random key if it is not the */ /* first time we are here */ if (startup == 0) { unsigned char key[PRESENT128_KEY_SIZE] = { 0 }; int ret; /* Get the key from /dev/urandom */ FILE *f_rand = fopen(RANDSOURCE, "r"); if (f_rand == NULL) { goto NULLKEY; } ret = fread(key, PRESENT128_KEY_SIZE, 1, f_rand); if (ret != PRESENT128_KEY_SIZE) { goto NULLKEY; } NULLKEY: /* Compute the subkeys */ PRESENT128table_key_schedule((const u8*)key, subkeys); startup = 1; } /* Encrypt */ PRESENT128table_core((const u8*)input, subkeys, (u8*)output); /* Make the output as half of the PRESENT final state */ memcpy(&out, output, sizeof(out)); return out; } /* ------- Code to handle aliasing ----------- */ #define ALIAS_ERROR 0xbadf00d typedef unsigned char boolean; typedef enum { SESSION = 0, OBJECT = 1, SLOTID = 2 } alias_type; typedef enum { INCREMENTAL = 0, RANDOM = 1, TRANSPARENT = 2 } alias_mode; const char *alias_type_str[] = { "SESSION", "OBJECT", "SLOTID" }; const char *alias_mode_str[] = { "INCREMENTAL", "RANDOM", "TRANSPARENT" }; /* Aliasing structure */ typedef struct alias_struct_ { unsigned long original; unsigned long alias; struct alias_struct_ *next; } alias_struct; /* We globally keep track of the last used alias */ /* We only increment the aliases */ alias_struct *aliases_lists[3] = { NULL }; /* Warning: for sessions and objects, 0 is not allowed */ /* as a valid handle */ unsigned long last_alias[3] = { 1, 1, 0 }; /* Get a list size */ unsigned long list_size(alias_type type); unsigned long list_size(alias_type type) { alias_struct *node; unsigned long size = 0; node = aliases_lists[type]; while (node != NULL) { size++; node = node->next; } return size; } /* Purge a list */ void purge_list(alias_type type); void purge_list(alias_type type) { alias_struct *node, *next; node = aliases_lists[type]; while (node != NULL) { next = node->next; custom_free((void**)&node); node = next; } return; } /* Helpers for aliases */ unsigned long get_original(unsigned long alias, alias_type type, boolean * found); unsigned long get_original(unsigned long alias, alias_type type, boolean * found) { alias_struct *node; *found = FALSE; if (aliases_lists[type] == NULL) { /* We have an empty list, this should not happen! We return */ /* a failsafe */ return ALIAS_ERROR; } node = aliases_lists[type]; while (node != NULL) { if (node->alias == alias) { *found = TRUE; return node->original; } node = node->next; } /* If the research didn't succed, we failsafe on ALIAS_ERROR */ return ALIAS_ERROR; } unsigned long get_alias(unsigned long original, alias_type type, boolean * found); unsigned long get_alias(unsigned long original, alias_type type, boolean * found) { alias_struct *node; *found = FALSE; if (aliases_lists[type] == NULL) { /* We have an empty list, this should not happen! We return */ /* a failsafe */ return ALIAS_ERROR; } node = aliases_lists[type]; while (node != NULL) { if (node->original == original) { *found = TRUE; return node->alias; } node = node->next; } /* If the research didn't succed, we failsafe on ALIAS_ERROR */ return ALIAS_ERROR; } unsigned long add_alias(unsigned long original, alias_type type, alias_mode mode); unsigned long add_alias(unsigned long original, alias_type type, alias_mode mode) { alias_struct *node, *newnode; boolean found; /* If there is already an alias, we don't add it! */ unsigned long found_alias = get_alias(original, type, &found); if (found == TRUE) { return found_alias; } /* Else, we really add the alias */ newnode = (alias_struct *) custom_malloc(sizeof(alias_struct)); newnode->original = original; if (mode == INCREMENTAL) { newnode->alias = last_alias[type]; (last_alias[type])++; } else if (mode == RANDOM) { /* RANDOM mode */ /* Pick up a random number with 32th bit not positionned */ /* We probably *don't* want to randomize the slot ids */ if (type == SLOTID) { /* For the slot ids, we only use the incremental mode */ /* since we do not want to mess up with the absolute */ /* slot id numbers */ newnode->alias = last_alias[type]; (last_alias[type])++; } else { newnode->alias = random_permute(original); } } else { /* TRANSPARENT passthrough mode */ newnode->alias = original; } newnode->next = NULL; if (aliases_lists[type] == NULL) { aliases_lists[type] = newnode; } else { /* Reach the end */ node = aliases_lists[type]; while (node->next != NULL) { node = node->next; } node->next = newnode; } return newnode->alias; } boolean remove_original(unsigned long original, alias_type type); boolean remove_original(unsigned long original, alias_type type) { alias_struct *node, *prevnode; boolean found = FALSE; #ifdef __GNUC__ __attribute__ ((unused)) unsigned long alias = ALIAS_ERROR; #else unsigned long alias = ALIAS_ERROR; #endif node = aliases_lists[type]; prevnode = NULL; while (node != NULL) { if (node->original == original) { alias = node->alias; if (prevnode == NULL) { /* Head case */ aliases_lists[type] = node->next; custom_free((void **)&node); node = aliases_lists[type]; } else { /* Non head case */ prevnode->next = node->next; custom_free((void **)&node); node = prevnode->next; } found = TRUE; } else { prevnode = node; node = node->next; } } #ifdef DEBUG if (found == TRUE) { printf("Removing original %s: 0x%lx -> 0x%lx\n", alias_type_str[type], original, alias); } else { printf("Removing original %s: error when searching for 0x%lx\n", alias_type_str[type], original); } #endif return found; } boolean remove_alias(unsigned long alias, alias_type type); boolean remove_alias(unsigned long alias, alias_type type) { alias_struct *node, *prevnode; boolean found = FALSE; #ifdef __GNUC__ __attribute__ ((unused)) unsigned long original = ALIAS_ERROR; #else unsigned long original = ALIAS_ERROR; #endif node = aliases_lists[type]; prevnode = NULL; while (node != NULL) { if (node->alias == alias) { original = node->original; if (prevnode == NULL) { /* Head case */ aliases_lists[type] = node->next; custom_free((void **)&node); node = aliases_lists[type]; } else { /* Non head case */ prevnode->next = node->next; custom_free((void **)&node); node = prevnode->next; } found = TRUE; } else { prevnode = node; node = node->next; } } #ifdef DEBUG if (found == TRUE) { printf("Removing alias %s: 0x%lx -> 0x%lx\n", alias_type_str[type], original, alias); } else { printf("Removing alias %s: error when searching for alias 0x%lx\n", alias_type_str[type], alias); } #endif return found; } void destroy_list(alias_type type); void destroy_list(alias_type type) { /* Free all the nodes of the list */ alias_struct *node, *currnode; node = aliases_lists[type]; while (node != NULL) { currnode = node; node = node->next; custom_free((void **)&currnode); } aliases_lists[type] = NULL; last_alias[type] = 0; return; } /* Aliasing main functions layer to deal with 32-bit handles */ /* This is here to deal with OCaml 31-bit integer limitation */ /* as well as 32/64-bit cross architectures where a 32-bit */ /* client interacts with a 64-bit server */ unsigned long alias(unsigned long in, alias_type type); unsigned long alias(unsigned long in, alias_type type) { unsigned long out; alias_mode mode; #ifdef RANDOM_ALIASING mode = RANDOM; #else mode = INCREMENTAL; #endif out = add_alias(in, type, mode); #ifdef DEBUG printf("Aliasing %s: 0x%lx -> 0x%lx (%s)\n", alias_type_str[type], in, out, alias_mode_str[mode]); #endif return out; } unsigned long unalias(unsigned long in, alias_type type, boolean *found); unsigned long unalias(unsigned long in, alias_type type, boolean *found) { unsigned long out; out = get_original(in, type, found); if (*found == TRUE) { #ifdef DEBUG printf("Unaliasing %s: 0x%lx -> 0x%lx\n", alias_type_str[type], out, in); #endif } else { out = in; #ifdef DEBUG printf("Unaliasing %s: 0x%lx error! (falling back)\n", alias_type_str[type], in); #endif } return out; } /* Function to handle slot id list refresh */ /* in case of slot status update */ void refresh_slot_id_list(CK_FUNCTION_LIST *pkcs11); void refresh_slot_id_list(CK_FUNCTION_LIST *pkcs11){ /* Handle the SLOTID aliasing */ CK_SLOT_ID* slot_id_list; CK_RV rv_slot_list; unsigned long i; unsigned long count = 0; #ifdef DEBUG printf("Aliasing refresh SLOTID list (purge the list)\n"); #endif /* If we are not initialized, return */ if(pkcs11 == NULL){ return; } /* Purge the existing list */ purge_list(SLOTID); /* List all the slots and alias them in our */ /* local list */ rv_slot_list = pkcs11->C_GetSlotList(CK_FALSE, NULL, &count); slot_id_list = (CK_SLOT_ID*)custom_malloc(count * sizeof(CK_SLOT_ID)); rv_slot_list = pkcs11->C_GetSlotList(CK_FALSE, slot_id_list, &count); for(i=0; i < count; i++){ #ifdef DEBUG printf("Aliasing refresh SLOTID list, adding 0x%lx\n", slot_id_list[i]); #endif alias(slot_id_list[i], SLOTID); } custom_free((void**)&slot_id_list); return; } #endif caml-crush-1.0.12/src/bindings-pkcs11/pkcs11_functions.c000066400000000000000000002603021414774042300226640ustar00rootroot00000000000000/*------------------------ MIT License HEADER ------------------------------------ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the bindings 1] source tree: ---------------------- | 1] PKCS#11 OCaml | | bindings | ---------------------- | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Project: PKCS#11 Filtering Proxy File: src/bindings-pkcs11/pkcs11_functions.c -------------------------- MIT License HEADER ----------------------------------*/ #ifdef WIN32 #include #include #else #include #endif #include #include #include /* For custom allocation and free functions */ extern void *custom_malloc(size_t size); extern void custom_free(void **to_free); #include "helpers_pkcs11.h" #include "pkcs11_functions.h" #include "pkcs11_aliasing.h" /* Endianness handling */ unsigned long get_local_arch(void) { unsigned long rv; unsigned int test = 0xAABBCCDD; if (((unsigned char *)&test)[0] == 0xDD) { /* LittleEndian */ if (sizeof(long) == 8) { /* 64bit */ rv = LITTLE_ENDIAN_64; } else { rv = LITTLE_ENDIAN_32; } } else { /* BigEndian */ if (sizeof(long) == 8) { /* 64bit */ rv = BIG_ENDIAN_64; } else { rv = BIG_ENDIAN_32; } } return rv; } /* Global variable holding the current module handle */ void *module_handle = NULL; CK_C_GetFunctionList get_func_list; CK_FUNCTION_LIST *pkcs11 = NULL; CK_RV ML_CK_C_Daemonize(unsigned char *param, unsigned long param_len) { CK_RV rv = 0; DEBUG_CALL(ML_CK_C_Daemonize, " calling\n"); /* TODO: If you decide so, it is possible to implement some privilege * reduction primitives here. The advantage of doing it here is that you * would not need the "sandbox" launcher. * This is called after the OCaml netplex binds the socket. */ /* Dummy stuff below */ if (param != NULL) { param = NULL; } if (param_len != 0) { param_len = 0; } return rv; } CK_RV ML_CK_C_SetupArch(unsigned long client_arch) { CK_RV rv; rv = get_local_arch(); /* Let's detect the client_arch to activate the 32 bit code */ switch (client_arch) { case LITTLE_ENDIAN_64: case LITTLE_ENDIAN_32: case BIG_ENDIAN_64: case BIG_ENDIAN_32: break; default: DEBUG_CALL(ML_CK_C_SetupArch, " unsupported architecture %ld asked by client\n", client_arch); rv = UNSUPPORTED_ARCHITECTURE; } return rv; } /* We load the library */ CK_RV ML_CK_C_LoadModule( /*in */ const char *libname) { CK_RV rv; DEBUG_CALL(ML_CK_C_LoadModule, " calling on %s\n", libname); #ifdef WIN32 module_handle = LoadLibrary(libname); #else module_handle = dlopen(libname, RTLD_NOW); #endif if (module_handle == NULL) { #ifdef DEBUG printf("ML_CK_C_LoadModule: Failed to dlopen(RTLD_NOW) module %s, trying RTLD_LAZY\n", libname); #endif #ifndef WIN32 module_handle = dlopen(libname, RTLD_LAZY); if (module_handle == NULL) { #ifdef DEBUG printf("ML_CK_C_LoadModule: Failed to dlopen(RTLD_LAZY) module %s, giving up\n", libname); #endif return CKR_FUNCTION_FAILED; } #else return CKR_FUNCTION_FAILED; #endif } /* Weird allocation for ANSI C compliance */ #ifdef WIN32 *(void **)(&get_func_list) = (CK_C_GetFunctionList)GetProcAddress(module_handle, "C_GetFunctionList"); #else *(void **)(&get_func_list) = dlsym(module_handle, "C_GetFunctionList"); #endif if (get_func_list == NULL) { #ifdef DEBUG printf ("ML_CK_C_LoadModule: Failed to dlsym C_GetFunctionList in module %s\n", libname); #endif return CKR_FUNCTION_FAILED; } /* We've got the pointer, now get all the PKCS11 function pointers inside the module */ rv = get_func_list(&pkcs11); DEBUG_RET(ML_CK_C_LoadModule, rv, " C_GetFunctionList in module %s\n", libname); return rv; } CK_RV ML_CK_C_Initialize(void) { CK_RV rv; CHECK_MODULE_FUNCTION_INITIALIZE(C_Initialize); DEBUG_CALL(ML_CK_C_Initialize, " calling\n"); /* We launch C_Initialize with NULL arguments */ rv = pkcs11->C_Initialize(NULL); DEBUG_RET(ML_CK_C_Initialize, rv, "\n"); return rv; } CK_RV ML_CK_C_Finalize(void) { CK_RV rv; CHECK_MODULE_FUNCTION(C_Finalize); DEBUG_CALL(ML_CK_C_Finalize, " calling\n"); /* We launch C_Finalize with NULL arguments */ rv = pkcs11->C_Finalize(NULL); DEBUG_RET(ML_CK_C_Finalize, rv, "\n"); return rv; } CK_RV ML_CK_C_GetInfo( /*in */ CK_INFO_PTR info) { CK_RV rv; CHECK_MODULE_FUNCTION(C_GetInfo); DEBUG_CALL(ML_CK_C_GetInfo, " called\n"); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if (info != NULL) { info->cryptokiVersion.major = info->cryptokiVersion.minor = info->flags = 0; memset(info->manufacturerID, 0, sizeof(info->manufacturerID)); memset(info->libraryDescription, 0, sizeof(info->libraryDescription)); info->libraryVersion.major = info->libraryVersion.minor = 0; } rv = pkcs11->C_GetInfo(info); DEBUG_RET(ML_CK_C_GetInfo, rv, "\n"); return rv; } CK_RV ML_CK_C_WaitForSlotEvent( /*in */ CK_FLAGS flags, /* out */ CK_SLOT_ID * pSlot) { CK_RV rv; CHECK_MODULE_FUNCTION(C_WaitForSlotEvent); DEBUG_CALL(ML_CK_C_WaitForSlotEvent, " called with flags %lx\n", flags); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if (pSlot != NULL) { *pSlot = -1; } /* Call real C_WaitForSlotEvent with NULL as third argument since it is reserved for future versions */ rv = pkcs11->C_WaitForSlotEvent(flags, pSlot, NULL_PTR); DEBUG_RET(ML_CK_C_WaitForSlotEvent, rv, "\n"); #ifdef USE_ALIASING /* ALIASING */ if (rv == CKR_OK) { /* alias the slot ID */ if (pSlot != NULL) { *pSlot = alias(*pSlot, SLOTID); } } /*------------*/ #endif return rv; } CK_RV ML_CK_C_GetSlotList( /*in */ unsigned int token_present, /*out */ CK_SLOT_ID * slot_list, /*in */ unsigned long count, /*out */ unsigned long *real_count) { CK_RV rv; CHECK_MODULE_FUNCTION(C_GetSlotList); /****** Safeguard on input values *************/ /* By design, some input values can't be NULL */ /* (see functions in pkcs11_stubs.c where the */ /* functions here are called) */ /* We however check put a safeguard here */ if(real_count == NULL){ return CKR_GENERAL_ERROR; } /**********************************************/ /* Initialize the returned number to zero */ *real_count = 0UL; /* If the token number is > 255, we give up */ if (token_present > 255) { rv = CKR_TOKEN_NOT_RECOGNIZED; DEBUG_RET(ML_CK_C_GetSlotList, rv, " called with token_present = %u > 255\n", token_present); return rv; } /* Do we want to get the number of slots? */ if (count == 0) { rv = pkcs11->C_GetSlotList((unsigned char)token_present, NULL_PTR, real_count); DEBUG_CALL(ML_CK_C_GetSlotList, " called for token_present %u with count 0, got %ld slots\n", token_present, *real_count); return rv; } /* Else, we really want to populate a slot_list */ *real_count = count; rv = pkcs11->C_GetSlotList((unsigned char)token_present, slot_list, real_count); DEBUG_RET(ML_CK_C_GetSlotList, rv, " token %u with count %ld, got %ld slots\n", token_present, count, *real_count); #ifdef USE_ALIASING /* ALIASING */ if (rv == CKR_OK) { unsigned int i; if (slot_list != NULL) { for (i = 0; i < *real_count; i++) { /* alias the slot ID */ slot_list[i] = alias(slot_list[i], SLOTID); } } } /*------------*/ #endif return rv; } CK_RV ML_CK_C_GetSlotInfo( /*in */ CK_SLOT_ID slot_id, /*out */ CK_SLOT_INFO * info) { CK_RV rv; CHECK_MODULE_FUNCTION(C_GetSlotInfo); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; slot_id = unalias(slot_id, SLOTID, &found); if(found != TRUE){ /* Handle the SLOTID aliasing */ /* list refresh in order to catch possible */ /* new slots or deprecated ones */ refresh_slot_id_list(pkcs11); /* Second chance */ slot_id = unalias(slot_id, SLOTID, &found); if(found != TRUE){ rv = CKR_SLOT_ID_INVALID; return rv; } } /*------------*/} #endif DEBUG_CALL(ML_CK_C_GetSlotInfo, " called with slot_id = %ld\n", slot_id); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if (info != NULL) { info->flags = 0; memset(info->slotDescription, 0, sizeof(info->slotDescription)); memset(info->manufacturerID, 0, sizeof(info->manufacturerID)); info->hardwareVersion.major = info->hardwareVersion.minor = 0; info->firmwareVersion.major = info->firmwareVersion.minor = 0; } rv = pkcs11->C_GetSlotInfo(slot_id, info); DEBUG_RET(ML_CK_C_GetSlotInfo, rv, " slot_id %ld\n", slot_id); return rv; } CK_RV ML_CK_C_GetTokenInfo( /*in */ CK_SLOT_ID slot_id, /*out */ CK_TOKEN_INFO * info) { CK_RV rv; CHECK_MODULE_FUNCTION(C_GetTokenInfo); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; slot_id = unalias(slot_id, SLOTID, &found); if(found != TRUE){ /* Handle the SLOTID aliasing */ /* list refresh in order to catch possible */ /* new slots or deprecated ones */ refresh_slot_id_list(pkcs11); /* Second chance */ slot_id = unalias(slot_id, SLOTID, &found); if(found != TRUE){ rv = CKR_SLOT_ID_INVALID; return rv; } } /*------------*/} #endif /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if (info != NULL) { memset(info->label, 0, sizeof(info->label)); memset(info->manufacturerID, 0, sizeof(info->manufacturerID)); memset(info->model, 0, sizeof(info->model)); memset(info->serialNumber, 0, sizeof(info->serialNumber)); info->flags = 0; info->ulMaxSessionCount = info->ulSessionCount = info->ulMaxRwSessionCount = info->ulRwSessionCount = info->ulMaxPinLen = info->ulMinPinLen = info->ulTotalPublicMemory = info->ulFreePublicMemory = info->ulTotalPrivateMemory = info->ulFreePrivateMemory = 0; memset(info->utcTime, 0, sizeof(info->utcTime)); info->hardwareVersion.major = info->hardwareVersion.minor = 0; info->firmwareVersion.major = info->firmwareVersion.minor = 0; } DEBUG_CALL(ML_CK_C_GetTokenInfo, " called with slot_id = %ld\n", slot_id); rv = pkcs11->C_GetTokenInfo(slot_id, info); DEBUG_RET(ML_CK_C_GetTokenInfo, rv, " slot_id %ld\n", slot_id); return rv; } CK_RV ML_CK_C_OpenSession( /*in */ CK_SLOT_ID slot_id, /*in */ CK_FLAGS flags, /*out */ CK_SESSION_HANDLE * session) { CK_RV rv; CHECK_MODULE_FUNCTION(C_OpenSession); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; slot_id = unalias(slot_id, SLOTID, &found); if(found != TRUE){ /* Handle the SLOTID aliasing */ /* list refresh in order to catch possible */ /* new slots or deprecated ones */ refresh_slot_id_list(pkcs11); /* Second chance */ slot_id = unalias(slot_id, SLOTID, &found); if(found != TRUE){ rv = CKR_SLOT_ID_INVALID; return rv; } } /*------------*/} #endif DEBUG_CALL(ML_CK_C_OpenSession, " called with slot_id = %ld\n", slot_id); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if (session != NULL) { *session = CK_INVALID_HANDLE; } rv = pkcs11->C_OpenSession(slot_id, flags, NULL, NULL, session); DEBUG_RET(ML_CK_C_OpenSession, rv, " slot_id %ld, session handle %ld\n", slot_id, *session); #ifdef USE_ALIASING /* ALIASING */ if (rv == CKR_OK) { if (session != NULL) { *session = alias(*session, SESSION); } } /*------------*/ #endif return rv; } CK_RV ML_CK_C_CloseSession( /*in */ CK_SESSION_HANDLE session) { CK_RV rv; CHECK_MODULE_FUNCTION(C_CloseSession); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_CloseSession, " called with session = %ld\n", session); rv = pkcs11->C_CloseSession(session); DEBUG_RET(ML_CK_C_CloseSession, rv, " session = %ld\n", session); #ifdef USE_ALIASING /* If we were OK, we remove the session alias */ if (rv == CKR_OK) { remove_original(session, SESSION); } /*------------*/ #endif return rv; } CK_RV ML_CK_C_CloseAllSessions( /*in */ CK_SLOT_ID slot_id) { CK_RV rv; CHECK_MODULE_FUNCTION(C_CloseAllSessions); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; slot_id = unalias(slot_id, SLOTID, &found); if(found != TRUE){ /* Handle the SLOTID aliasing */ /* list refresh in order to catch possible */ /* new slots or deprecated ones */ refresh_slot_id_list(pkcs11); /* Second chance */ slot_id = unalias(slot_id, SLOTID, &found); if(found != TRUE){ rv = CKR_SLOT_ID_INVALID; return rv; } } /*------------*/} #endif DEBUG_CALL(ML_CK_C_CloseAllSessions, " called with slot_id = %ld\n", slot_id); rv = pkcs11->C_CloseAllSessions(slot_id); DEBUG_RET(ML_CK_C_CloseAllSessions, rv, " slot_id = %ld\n", slot_id); #ifdef USE_ALIASING /* If we were OK, we remove the session alias */ if (rv == CKR_OK) { /* We only do this if there is one slot */ if (list_size(SLOTID) == 1) { destroy_list(OBJECT); destroy_list(SESSION); } } /*------------*/ #endif return rv; } CK_RV ML_CK_C_GetSessionInfo( /*in */ CK_SESSION_HANDLE session, /*out */ CK_SESSION_INFO * session_info) { CK_RV rv; CHECK_MODULE_FUNCTION(C_GetSessionInfo); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_GetSessionInfo, " called with session = %ld\n", session); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if (session_info != NULL) { session_info->slotID = -1; session_info->state = session_info->flags = session_info->ulDeviceError = 0; } rv = pkcs11->C_GetSessionInfo(session, session_info); DEBUG_RET(ML_CK_C_GetSessionInfo, rv, " session %ld\n", session); #ifdef USE_ALIASING /* Alias the result inside tje session info structure */ /* ALIASING */ if (rv == CKR_OK) { if (session_info != NULL) { session_info->slotID = alias(session_info->slotID, SLOTID); } } /*------------*/ #endif return rv; } CK_RV ML_CK_C_Login( /*in */ CK_SESSION_HANDLE session, /*in */ CK_USER_TYPE user_type, /*in */ unsigned char *pin, /*in */ unsigned long pin_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_Login); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_Login, " called with session = %ld, user type %ld\n", session, user_type); rv = pkcs11->C_Login(session, user_type, pin, pin_len); DEBUG_RET(ML_CK_C_Login, rv, " session = %ld, user type %ld\n", session, user_type); return rv; } CK_RV ML_CK_C_Logout( /*in */ CK_SESSION_HANDLE session) { CK_RV rv; CHECK_MODULE_FUNCTION(C_Logout); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_Logout, " called with session = %ld\n", session); rv = pkcs11->C_Logout(session); DEBUG_RET(ML_CK_C_Logout, rv, " session = %ld\n", session); return rv; } CK_RV ML_CK_C_GetMechanismList( /*in */ CK_SLOT_ID slot_id, /*out */ CK_MECHANISM_TYPE * mechanism_list, /*in */ unsigned long count, /*out */ unsigned long *real_count) { CK_RV rv; unsigned long local_count; CHECK_MODULE_FUNCTION(C_GetMechanismList); /****** Safeguard on input values *************/ /* By design, some input values can't be NULL */ /* (see functions in pkcs11_stubs.c where the */ /* functions here are called) */ /* We however check put a safeguard here */ if(real_count == NULL){ return CKR_GENERAL_ERROR; } /**********************************************/ #ifdef USE_ALIASING {/* UNALIASING */ boolean found; slot_id = unalias(slot_id, SLOTID, &found); if(found != TRUE){ /* Handle the SLOTID aliasing */ /* list refresh in order to catch possible */ /* new slots or deprecated ones */ refresh_slot_id_list(pkcs11); /* Second chance */ slot_id = unalias(slot_id, SLOTID, &found); if(found != TRUE){ rv = CKR_SLOT_ID_INVALID; return rv; } } /*------------*/} #endif /* Initialize the returned number to zero */ *real_count = 0UL; /* Do we want to get the number of mechanisms? */ if (count == 0) { rv = pkcs11->C_GetMechanismList(slot_id, NULL, &local_count); *real_count = local_count; DEBUG_CALL(ML_CK_C_GetMechanismList, " called for slot_id %ld with count 0 got %ld mechanisms\n", slot_id, *real_count); return rv; } /* Else, we really wan to populate a mechanism_list */ *real_count = count; rv = pkcs11->C_GetMechanismList(slot_id, mechanism_list, real_count); DEBUG_RET(ML_CK_C_GetMechanismList, rv, " slot_id %ld with count %ld, got %ld mechanisms\n", slot_id, count, *real_count); return rv; } CK_RV ML_CK_C_GetMechanismInfo( /*in */ CK_SLOT_ID slot_id, /*in */ CK_MECHANISM_TYPE mechanism, /*out */ CK_MECHANISM_INFO * mechanism_info) { CK_RV rv; CHECK_MODULE_FUNCTION(C_GetMechanismInfo); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; slot_id = unalias(slot_id, SLOTID, &found); if(found != TRUE){ /* Handle the SLOTID aliasing */ /* list refresh in order to catch possible */ /* new slots or deprecated ones */ refresh_slot_id_list(pkcs11); /* Second chance */ slot_id = unalias(slot_id, SLOTID, &found); if(found != TRUE){ rv = CKR_SLOT_ID_INVALID; return rv; } } /*------------*/} #endif DEBUG_CALL(ML_CK_C_GetMechanismInfo, " called with slot_id = %ld and mech_type %ld\n", slot_id, mechanism); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if (mechanism_info != NULL) { mechanism_info->ulMinKeySize = mechanism_info->ulMaxKeySize = mechanism_info->flags = 0; } rv = pkcs11->C_GetMechanismInfo(slot_id, mechanism, mechanism_info); DEBUG_RET(ML_CK_C_GetMechanismInfo, rv, " slot_id %ld and mech_type:%ld\n", slot_id, mechanism); return rv; } CK_RV ML_CK_C_InitToken( /*in */ CK_SLOT_ID slot_id, /*in */ unsigned char *pin, /*in */ unsigned long pin_len, /*in */ unsigned char *label) { CK_RV rv; unsigned char tmp_label[33]; CHECK_MODULE_FUNCTION(C_InitToken); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; slot_id = unalias(slot_id, SLOTID, &found); if(found != TRUE){ /* Handle the SLOTID aliasing */ /* list refresh in order to catch possible */ /* new slots or deprecated ones */ refresh_slot_id_list(pkcs11); /* Second chance */ slot_id = unalias(slot_id, SLOTID, &found); if(found != TRUE){ rv = CKR_SLOT_ID_INVALID; return rv; } } /*------------*/} #endif /* The label must be exactly 32 bytes long max as stated by the PKCS#11 standard */ /* It must be padded with blank chars */ memset(tmp_label, ' ', sizeof(tmp_label)); tmp_label[sizeof(tmp_label) - 1] = 0; if (strnlen((char *)label, 33) > 32) { memcpy(tmp_label, label, 32); } else { memcpy(tmp_label, label, strnlen((char *)label, 32)); } DEBUG_CALL(ML_CK_C_InitToken, " called will with slot_id = %ld, label %s\n", slot_id, tmp_label); /* If pin_len == 0, spec says we try protected authentication path by passing a NULL_PTR to function */ if (pin_len == 0) { /* If CKF_PROTECTED_AUTHENTICATION_PATH is in the token features */ /* lauch it */ CK_TOKEN_INFO token_info; rv = pkcs11->C_GetTokenInfo(slot_id, &token_info); if (rv != CKR_OK) { /* If there was an issue with the C_GetTokenInfo, make a transparent call */ rv = pkcs11->C_InitToken(slot_id, pin, pin_len, tmp_label); DEBUG_RET(ML_CK_C_InitToken, rv, " slot_id = %ld\n", slot_id); return rv; } if ((token_info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) != 0) { rv = pkcs11->C_InitToken(slot_id, NULL_PTR, pin_len, tmp_label); DEBUG_RET(ML_CK_C_InitToken, rv, " slot_id = %ld\n", slot_id); return rv; } else { /* If there is no CKF_PROTECTED_AUTHENTICATION_PATH and the pin_len is null, return */ /* CKR_PIN_INCORRECT */ DEBUG_RET(ML_CK_C_InitToken, CKR_ARGUMENTS_BAD, " slot_id = %ld\n", slot_id); return CKR_ARGUMENTS_BAD; } } /* Else, we have a PIN */ rv = pkcs11->C_InitToken(slot_id, pin, pin_len, tmp_label); DEBUG_RET(ML_CK_C_InitToken, rv, " slot_id = %ld\n", slot_id); return rv; } CK_RV ML_CK_C_InitPIN( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *pin, /*in */ unsigned long pin_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_InitPIN); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_InitPIN, " called with session = %ld\n", session); /* If pin_len == 0, spec says we try protected authentication path by passing a NULL_PTR to function */ if (pin_len == 0) { /* If CKF_PROTECTED_AUTHENTICATION_PATH is in the token features */ /* lauch it */ /* First, get the slot ID of the current session */ CK_SESSION_INFO session_info; CK_TOKEN_INFO token_info; rv = pkcs11->C_GetSessionInfo(session, &session_info); if (rv != CKR_OK) { /* If there was an issue with the C_GetSessionInfo, make a transparent call */ rv = pkcs11->C_InitPIN(session, pin, pin_len); DEBUG_RET(ML_CK_C_InitPIN, rv, " session = %ld\n", session); return rv; } rv = pkcs11->C_GetTokenInfo(session_info.slotID, &token_info); if (rv != CKR_OK) { /* If there was an issue with the C_GetTokenInfo, make a transparent call */ rv = pkcs11->C_InitPIN(session, pin, pin_len); DEBUG_RET(ML_CK_C_InitPIN, rv, " session = %ld\n", session); return rv; } if ((token_info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) != 0) { rv = pkcs11->C_InitPIN(session, NULL_PTR, pin_len); DEBUG_RET(ML_CK_C_InitPIN, rv, " session = %ld\n", session); return rv; } else { /* If there is no CKF_PROTECTED_AUTHENTICATION_PATH and the pin_len is null, return */ /* CKR_PIN_INVALID */ DEBUG_RET(ML_CK_C_InitPIN, CKR_PIN_INVALID, " session = %ld\n", session); return CKR_PIN_INVALID; } } /* Else, we have a PIN */ rv = pkcs11->C_InitPIN(session, pin, pin_len); DEBUG_RET(ML_CK_C_InitPIN, rv, " session = %ld\n", session); return rv; } CK_RV ML_CK_C_SetPIN( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *old_pin, /*in */ unsigned long old_pin_len, /*in */ unsigned char *new_pin, /*in */ unsigned long new_pin_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_SetPIN); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_SetPIN, " called with session = %ld\n", session); /* If pin_len == 0, spec says we try protected authentication path by passing a NULL_PTR to function */ if (old_pin_len == 0 && new_pin_len == 0) { /* If CKF_PROTECTED_AUTHENTICATION_PATH is in the token features */ /* lauch it */ /* First, get the slot ID of the current session */ CK_SESSION_INFO session_info; CK_TOKEN_INFO token_info; rv = pkcs11->C_GetSessionInfo(session, &session_info); if (rv != CKR_OK) { /* If there was an issue with the C_GetSessionInfo, make a transparent call */ rv = pkcs11->C_SetPIN(session, old_pin, old_pin_len, new_pin, new_pin_len); DEBUG_RET(ML_CK_C_SetPIN, rv, " session = %ld\n", session); return rv; } rv = pkcs11->C_GetTokenInfo(session_info.slotID, &token_info); if (rv != CKR_OK) { /* If there was an issue with the C_GetTokenInfo, make a transparent call */ rv = pkcs11->C_SetPIN(session, old_pin, old_pin_len, new_pin, new_pin_len); DEBUG_RET(ML_CK_C_SetPIN, rv, " session = %ld\n", session); return rv; } if ((token_info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) != 0) { rv = pkcs11->C_SetPIN(session, NULL_PTR, old_pin_len, NULL_PTR, new_pin_len); DEBUG_RET(ML_CK_C_SetPIN, rv, " session = %ld\n", session); return rv; } else { /* If there is no CKF_PROTECTED_AUTHENTICATION_PATH and the pin_len is null, return */ /* CKR_PIN_INVALID */ DEBUG_RET(ML_CK_C_SetPIN, CKR_PIN_INVALID, " session = %ld\n", session); return CKR_PIN_INVALID; } } /* Else, we have a PIN */ rv = pkcs11->C_SetPIN(session, old_pin, old_pin_len, new_pin, new_pin_len); DEBUG_RET(ML_CK_C_SetPIN, rv, " session = %ld\n", session); return rv; } CK_RV ML_CK_C_SeedRandom( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *seed, /*in */ unsigned long seed_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_InitPIN); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_SeedRandom, " called with session = %ld\n", session); rv = pkcs11->C_SeedRandom(session, seed, seed_len); DEBUG_RET(ML_CK_C_SeedRandom, rv, " session = %ld\n", session); return rv; } CK_RV ML_CK_C_GenerateRandom( /*in */ CK_SESSION_HANDLE session, /*out */ unsigned char *random_data, /*in */ unsigned long rand_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_GenerateRandom); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_GenerateRandom, " called for session %ld and %ld random bytes should be generated\n", session, rand_len); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if (random_data != 0) { memset(random_data, 0, rand_len); } rv = pkcs11->C_GenerateRandom(session, random_data, rand_len); DEBUG_RET(ML_CK_C_GenerateRandom, rv, " session %ld and %ld random bytes should have been generated\n", session, rand_len); return rv; } CK_RV ML_CK_C_FindObjectsInit( /*in */ CK_SESSION_HANDLE session, /*in */ CK_ATTRIBUTE * templ, /*in */ unsigned long count) { CK_RV rv; CHECK_MODULE_FUNCTION(C_FindObjectsInit); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_FindObjectsInit, " called for session %ld and template of %ld size\n", session, count); rv = pkcs11->C_FindObjectsInit(session, templ, count); DEBUG_RET(ML_CK_C_FindObjectsInit, rv, " session %ld and template of %ld size\n", session, count); return rv; } CK_RV ML_CK_C_FindObjects( /*in */ CK_SESSION_HANDLE session, /*out */ CK_OBJECT_HANDLE * object, /*in */ unsigned long max_object_count, /*out */ unsigned long *object_count) { CK_RV rv; CHECK_MODULE_FUNCTION(C_FindObjects); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif /* Initialize the object_count to zero */ if (object_count != NULL) { *object_count = 0UL; } DEBUG_CALL(ML_CK_C_FindObjects, " called for session %ld and max objects %ld\n", session, max_object_count); rv = pkcs11->C_FindObjects(session, object, max_object_count, object_count); if (object_count != NULL) { DEBUG_RET(ML_CK_C_FindObjects, rv, " called for session %ld and max objects %ld, got %ld\n", session, max_object_count, *object_count); } #ifdef USE_ALIASING /* Alias all the returned objects */ /* ALIASING */ if (rv == CKR_OK) { unsigned int i; if ((object != NULL) && (object_count != NULL)) { for (i = 0; i < *object_count; i++) { object[i] = alias(object[i], OBJECT); } } } /*------------*/ #endif return rv; } CK_RV ML_CK_C_FindObjectsFinal( /*in */ CK_SESSION_HANDLE session) { CK_RV rv; CHECK_MODULE_FUNCTION(C_FindObjectsFinal); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_FindObjectsFinal, " called for session %ld\n", session); rv = pkcs11->C_FindObjectsFinal(session); DEBUG_RET(ML_CK_C_FindObjectsFinal, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_GenerateKey( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_ATTRIBUTE * templ, /*in */ unsigned long count, /*out */ CK_OBJECT_HANDLE * phkey) { CK_RV rv; CHECK_MODULE_FUNCTION(C_GenerateKey); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_GenerateKey, " called for session %ld and template of %ld size\n", session, count); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if (phkey != NULL) { *phkey = CK_INVALID_HANDLE; } /* We check if there is no param_len is 0, then we force mechanism.pParameter to NULL_PTR */ if (mechanism.ulParameterLen == 0) { mechanism.pParameter = NULL_PTR; } /* If the template has size 0, we force a NULL pointers */ if (count == 0) { templ = NULL_PTR; } rv = pkcs11->C_GenerateKey(session, &mechanism, templ, count, phkey); DEBUG_RET(ML_CK_C_GenerateKey, rv, " session %ld and template of %ld size\n", session, count); #ifdef USE_ALIASING /* Alias all the returned key object */ /* ALIASING */ if ((rv == CKR_OK) && (phkey != NULL)) { *phkey = alias(*phkey, OBJECT); } /*------------*/ #endif return rv; } CK_RV ML_CK_C_GenerateKeyPair( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_ATTRIBUTE * pub_templ, /*in */ unsigned long pub_count, /*in */ CK_ATTRIBUTE * priv_templ, /*in */ unsigned long priv_count, /*out */ CK_OBJECT_HANDLE * phpubkey, /*out */ CK_OBJECT_HANDLE * phprivkey) { CK_RV rv; CHECK_MODULE_FUNCTION(C_GenerateKeyPair); DEBUG_CALL(ML_CK_C_GenerateKeyPair, " called for session %ld and pub_template of %ld size and priv_template of %ld size\n", session, pub_count, priv_count); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if (phpubkey != NULL) { *phpubkey = CK_INVALID_HANDLE; } if (phprivkey != NULL) { *phprivkey = CK_INVALID_HANDLE; } #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif /* We check if there is no param_len is 0, then we force mechanism.pParameter to NULL_PTR */ if (mechanism.ulParameterLen == 0) { mechanism.pParameter = NULL_PTR; } /* If one of the two templates has size zero, we force NULL pointers */ if (pub_count == 0) { pub_templ = NULL_PTR; } if (priv_count == 0) { priv_templ = NULL_PTR; } rv = pkcs11->C_GenerateKeyPair(session, &mechanism, pub_templ, pub_count, priv_templ, priv_count, phpubkey, phprivkey); DEBUG_RET(ML_CK_C_GenerateKeyPair, rv, " session %ld and pub_template of %ld size and priv_template of %ld size\n", session, pub_count, priv_count); #ifdef USE_ALIASING /* Alias all the returned key objects */ /* ALIASING */ if (rv == CKR_OK) { if (phpubkey != NULL) { *phpubkey = alias(*phpubkey, OBJECT); } if (phprivkey != NULL) { *phprivkey = alias(*phprivkey, OBJECT); } } /*------------*/ #endif return rv; } CK_RV ML_CK_C_CreateObject( /*in */ CK_SESSION_HANDLE session, /*in */ CK_ATTRIBUTE * templ, /*in */ unsigned long count, /*out */ CK_OBJECT_HANDLE * phobject) { CK_RV rv; CHECK_MODULE_FUNCTION(C_CreateObject); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_CreateObject, " called for session %ld and template of %ld size\n", session, count); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if (phobject != NULL) { *phobject = CK_INVALID_HANDLE; } rv = pkcs11->C_CreateObject(session, templ, count, phobject); DEBUG_RET(ML_CK_C_CreateObject, rv, " session %ld and template of %ld size\n", session, count); #ifdef USE_ALIASING /* Alias all the returned object */ /* ALIASING */ if ((rv == CKR_OK) && (phobject != NULL)) { *phobject = alias(*phobject, OBJECT); } /*------------*/ #endif return rv; } CK_RV ML_CK_C_CopyObject( /*in */ CK_SESSION_HANDLE session, /*in */ CK_OBJECT_HANDLE hobject, /*in */ CK_ATTRIBUTE * templ, /*in */ unsigned long count, /*out */ CK_OBJECT_HANDLE * phnewobject) { CK_RV rv; CHECK_MODULE_FUNCTION(C_CopyObject); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } hobject = unalias(hobject, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_CopyObject, " called for session %ld and template of %ld size\n", session, count); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if (phnewobject != NULL) { *phnewobject = CK_INVALID_HANDLE; } rv = pkcs11->C_CopyObject(session, hobject, templ, count, phnewobject); DEBUG_RET(ML_CK_C_CopyObject, rv, " session %ld, new object handle %ld\n", session, *phnewobject); #ifdef USE_ALIASING /* Alias all the returned object */ /* ALIASING */ if ((rv == CKR_OK) && (phnewobject != NULL)) { *phnewobject = alias(*phnewobject, OBJECT); } /*------------*/ #endif return rv; } CK_RV ML_CK_C_DestroyObject( /*in */ CK_SESSION_HANDLE session, /*in */ CK_OBJECT_HANDLE hobject) { CK_RV rv; CHECK_MODULE_FUNCTION(C_DestroyObject); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } hobject = unalias(hobject, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_DestroyObject, " called for session %ld\n", session); rv = pkcs11->C_DestroyObject(session, hobject); DEBUG_RET(ML_CK_C_DestroyObject, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_GetAttributeValue( /*in */ CK_SESSION_HANDLE session, /*in */ CK_OBJECT_HANDLE hobject, /*in,out */ CK_ATTRIBUTE * templ, /*in */ unsigned long count) { CK_RV rv; CK_ULONG i = 0UL; CHECK_MODULE_FUNCTION(C_GetAttributeValue); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } hobject = unalias(hobject, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_GetAttributeValue, " called for session %ld and template of %ld size\n", session, count); /* Sanity check */ if ((templ == NULL) && (count > 0)) { /* We normally shouldn't end here */ return CKR_GENERAL_ERROR; } /* Setting NULL_PTR when needed */ for (i = 0UL; i < count; i++) { if (templ[i].ulValueLen == 0) { DEBUG_CALL(ML_CK_C_GetAttributeValue, " adding NULL_PTR to template\n"); templ[i].pValue = NULL_PTR; } } rv = pkcs11->C_GetAttributeValue(session, hobject, templ, count); DEBUG_RET(ML_CK_C_GetAttributeValue, rv, " session %ld and template of %ld size\n", session, count); return rv; } CK_RV ML_CK_C_SetAttributeValue( /*in */ CK_SESSION_HANDLE session, /*in */ CK_OBJECT_HANDLE hobject, /*in */ CK_ATTRIBUTE * templ, /*in */ unsigned long count) { CK_RV rv; CK_ULONG i = 0UL; CHECK_MODULE_FUNCTION(C_SetAttributeValue); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } hobject = unalias(hobject, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_SetAttributeValue, " called for session %ld and template of %ld size\n", session, count); /* Sanity check */ if ((templ == NULL) && (count > 0)) { /* We normally shouldn't end here */ return CKR_GENERAL_ERROR; } /* Setting NULL_PTR when needed */ for (i = 0UL; i < count; i++) { if (templ[i].ulValueLen == 0) { DEBUG_CALL(ML_CK_C_SetAttributeValue, " adding NULL_PTR to template\n"); templ[i].pValue = NULL_PTR; } } rv = pkcs11->C_SetAttributeValue(session, hobject, templ, count); DEBUG_RET(ML_CK_C_SetAttributeValue, rv, " session %ld and template of %ld size\n", session, count); return rv; } /* TODO When CKR_FUNCTION_NOT_SUPPORTED, the pointer gives invalid values */ CK_RV ML_CK_C_GetObjectSize( /*in */ CK_SESSION_HANDLE session, /*in */ CK_OBJECT_HANDLE hobject, /*out */ unsigned long *object_size) { CK_RV rv; CHECK_MODULE_FUNCTION(C_GetObjectSize); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } hobject = unalias(hobject, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_GetObjectSize, " called for session %ld\n", session); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if (object_size != NULL) { *object_size = 0; } rv = pkcs11->C_GetObjectSize(session, hobject, object_size); /* Sanity check */ if ((rv != CKR_OK) && (object_size != NULL)) { *object_size = 0UL; } if (object_size != NULL) { DEBUG_RET(ML_CK_C_GetObjectSize, rv, " session %ld and got object_size: %ld\n", session, *object_size); } return rv; } CK_RV ML_CK_C_WrapKey( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hwrappingkey, /*in */ CK_OBJECT_HANDLE hkey, /*out */ unsigned char *wrapped_key, /*in */ unsigned long *wrapped_key_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_WrapKey); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } hwrappingkey = unalias(hwrappingkey, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } hkey = unalias(hkey, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_WrapKey, " called for session %ld, wrapping key handle %ld and wrapped key handle %ld\n", session, hwrappingkey, hkey); rv = pkcs11->C_WrapKey(session, &mechanism, hwrappingkey, hkey, wrapped_key, wrapped_key_len); /* Sanity check */ if ((rv != CKR_OK) && (wrapped_key_len != NULL)) { *wrapped_key_len = 0UL; } DEBUG_RET(ML_CK_C_WrapKey, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_UnwrapKey( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hunwrappingkey, /*in */ unsigned char *wrapped_key, /*in */ unsigned long wrapped_key_len, /*in */ CK_ATTRIBUTE * templ, /*in */ unsigned long count, /*out */ CK_OBJECT_HANDLE * phunwrappedkey) { CK_RV rv; CHECK_MODULE_FUNCTION(C_UnwrapKey); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } hunwrappingkey = unalias(hunwrappingkey, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_UnwrapKey, " called for session %ld, unwrapping key %ld\n", session, hunwrappingkey); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if (phunwrappedkey != NULL) { *phunwrappedkey = CK_INVALID_HANDLE; } rv = pkcs11->C_UnwrapKey(session, &mechanism, hunwrappingkey, wrapped_key, wrapped_key_len, templ, count, phunwrappedkey); DEBUG_RET(ML_CK_C_UnwrapKey, rv, " session %ld\n", session); #ifdef USE_ALIASING /* Alias all the returned object */ /* ALIASING */ if ((rv == CKR_OK) && (phunwrappedkey != NULL)) { *phunwrappedkey = alias(*phunwrappedkey, OBJECT); } /*------------*/ #endif return rv; } CK_RV ML_CK_C_DeriveKey( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hbasekey, /*in */ CK_ATTRIBUTE * templ, /*in */ unsigned long count, /*out */ CK_OBJECT_HANDLE * phkey) { CK_RV rv; CHECK_MODULE_FUNCTION(C_DeriveKey); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } hbasekey = unalias(hbasekey, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_DeriveKey, " called for session %ld, key handle %ld\n", session, hbasekey); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if (phkey != NULL) { *phkey = CK_INVALID_HANDLE; } rv = pkcs11->C_DeriveKey(session, &mechanism, hbasekey, templ, count, phkey); DEBUG_RET(ML_CK_C_DeriveKey, rv, " session %ld\n", session); #ifdef USE_ALIASING /* Alias all the returned object */ /* ALIASING */ if ((rv == CKR_OK) && (phkey != NULL)) { *phkey = alias(*phkey, OBJECT); } /*------------*/ #endif return rv; } CK_RV ML_CK_C_DigestInit( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism) { CK_RV rv; CHECK_MODULE_FUNCTION(C_DigestInit); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_DigestInit, " called for session %ld\n", session); rv = pkcs11->C_DigestInit(session, &mechanism); DEBUG_RET(ML_CK_C_DigestInit, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_Digest( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*out */ unsigned char *digest, /*in */ unsigned long *digest_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_Digest); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_Digest, " called for session %ld\n", session); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((digest != NULL) && (digest_len != NULL)) { memset(digest, 0, *digest_len); } rv = pkcs11->C_Digest(session, data, data_len, digest, digest_len); /* Sanity check */ if ((rv != CKR_OK) && (digest_len != NULL)) { *digest_len = 0UL; } DEBUG_RET(ML_CK_C_Digest, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_DigestUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_DigestUpdate); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_DigestUpdate, " called for session %ld\n", session); rv = pkcs11->C_DigestUpdate(session, data, data_len); DEBUG_RET(ML_CK_C_DigestUpdate, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_DigestKey( /*in */ CK_SESSION_HANDLE session, /*in */ CK_OBJECT_HANDLE hkey) { CK_RV rv; CHECK_MODULE_FUNCTION(C_DigestKey); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } hkey = unalias(hkey, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_DigestKey, " called for session %ld\n", session); rv = pkcs11->C_DigestKey(session, hkey); DEBUG_RET(ML_CK_C_DigestKey, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_DigestFinal( /*in */ CK_SESSION_HANDLE session, /*out */ unsigned char *digest, /*in */ unsigned long *digest_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_DigestFinal); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_DigestFinal, " called for session %ld\n", session); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((digest != NULL) && (digest_len != NULL)) { memset(digest, 0, *digest_len); } rv = pkcs11->C_DigestFinal(session, digest, digest_len); if ((rv != CKR_OK) && (digest_len != NULL)) { *digest_len = 0UL; } DEBUG_RET(ML_CK_C_DigestFinal, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_SignInit( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hkey) { CK_RV rv; CHECK_MODULE_FUNCTION(C_SignInit); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } hkey = unalias(hkey, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_SignInit, " called for session %ld\n", session); rv = pkcs11->C_SignInit(session, &mechanism, hkey); DEBUG_RET(ML_CK_C_SignInit, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_SignRecoverInit( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hkey) { CK_RV rv; CHECK_MODULE_FUNCTION(C_SignRecoverInit); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } hkey = unalias(hkey, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_SignRecoverInit, " called for session %ld\n", session); rv = pkcs11->C_SignRecoverInit(session, &mechanism, hkey); DEBUG_RET(ML_CK_C_SignRecoverInit, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_Sign( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*out */ unsigned char *signature, /*in */ unsigned long *signed_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_Sign); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_Sign, " called for session %ld\n", session); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((signature != NULL) && (signed_len != NULL)) { memset(signature, 0, *signed_len); } rv = pkcs11->C_Sign(session, data, data_len, signature, signed_len); /* Sanity check */ if ((rv != CKR_OK) && (signed_len != NULL)) { *signed_len = 0UL; } DEBUG_RET(ML_CK_C_Sign, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_SignRecover( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*out */ unsigned char *signature, /*in */ unsigned long *signed_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_SignRecover); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_SignRecover, " called for session %ld\n", session); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((signature != NULL) && (signed_len != NULL)) { memset(signature, 0, *signed_len); } rv = pkcs11->C_SignRecover(session, data, data_len, signature, signed_len); /* Sanity check */ if ((rv != CKR_OK) && (signed_len != NULL)) { *signed_len = 0UL; } DEBUG_RET(ML_CK_C_SignRecover, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_SignUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_SignUpdate); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_SignUpdate, " called for session %ld\n", session); rv = pkcs11->C_SignUpdate(session, data, data_len); DEBUG_RET(ML_CK_C_SignUpdate, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_SignFinal( /*in */ CK_SESSION_HANDLE session, /*out */ unsigned char *signature, /*in */ unsigned long *signed_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_SignFinal); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_SignFinal, " called for session %ld\n", session); /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((signature != NULL) && (signed_len != NULL)) { memset(signature, 0, *signed_len); } rv = pkcs11->C_SignFinal(session, signature, signed_len); if ((rv != CKR_OK) && (signed_len != NULL)) { *signed_len = 0UL; } DEBUG_RET(ML_CK_C_SignFinal, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_VerifyInit( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hkey) { CK_RV rv; CHECK_MODULE_FUNCTION(C_VerifyInit); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } hkey = unalias(hkey, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_VerifyInit, " called for session %ld\n", session); rv = pkcs11->C_VerifyInit(session, &mechanism, hkey); DEBUG_RET(ML_CK_C_VerifyInit, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_VerifyRecoverInit( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hkey) { CK_RV rv; CHECK_MODULE_FUNCTION(C_VerifyRecoverInit); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } hkey = unalias(hkey, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_VerifyRecoverInit, " called for session %ld\n", session); rv = pkcs11->C_VerifyRecoverInit(session, &mechanism, hkey); DEBUG_RET(ML_CK_C_VerifyRecoverInit, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_Verify( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*in */ unsigned char *signature, /*in */ unsigned long signed_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_Verify); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_Verify, " called for session %ld\n", session); rv = pkcs11->C_Verify(session, data, data_len, signature, signed_len); DEBUG_RET(ML_CK_C_Verify, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_VerifyRecover( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *signature, /*in */ unsigned long signature_len, /*out */ unsigned char **data, /*in */ unsigned long *data_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_VerifyRecover); /****** Safeguard on input values *************/ /* By design, some input values can't be NULL */ /* (see functions in pkcs11_stubs.c where the */ /* functions here are called) */ /* We however check put a safeguard here */ if(data == NULL){ return CKR_GENERAL_ERROR; } /**********************************************/ #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_VerifyRecover, " called for session %ld size %ld\n", session, signature_len); rv = pkcs11->C_VerifyRecover(session, signature, signature_len, NULL_PTR, data_len); if (rv != CKR_OK) { if(data_len != NULL){ *data_len = 0UL; } return rv; } if (data_len != NULL) { DEBUG_CALL(ML_CK_C_VerifyRecover, " first call for session %ld returned needed size of %ld\n", session, *data_len); *data = (unsigned char *)custom_malloc(*data_len * sizeof(char)); } /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((*data != NULL) && (data_len != NULL)) { memset(*data, 0, *data_len); } rv = pkcs11->C_VerifyRecover(session, signature, signature_len, *data, data_len); if (rv != CKR_OK) { custom_free((void **)data); if(data_len != NULL){ *data_len = 0UL; } return rv; } DEBUG_RET(ML_CK_C_VerifyRecover, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_VerifyUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_VerifyUpdate); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_VerifyUpdate, " called for session %ld\n", session); rv = pkcs11->C_VerifyUpdate(session, data, data_len); DEBUG_RET(ML_CK_C_VerifyUpdate, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_VerifyFinal( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *signature, /*in */ unsigned long signed_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_VerifyFinal); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_VerifyFinal, " called for session %ld\n", session); rv = pkcs11->C_VerifyFinal(session, signature, signed_len); DEBUG_RET(ML_CK_C_VerifyFinal, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_EncryptInit( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hkey) { CK_RV rv; CHECK_MODULE_FUNCTION(C_EncryptInit); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } hkey = unalias(hkey, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_EncryptInit, " called for session %ld\n", session); rv = pkcs11->C_EncryptInit(session, &mechanism, hkey); DEBUG_RET(ML_CK_C_EncryptInit, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_Encrypt( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*out */ unsigned char **encrypted, /*in */ unsigned long *encrypted_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_Encrypt); /****** Safeguard on input values *************/ /* By design, some input values can't be NULL */ /* (see functions in pkcs11_stubs.c where the */ /* functions here are called) */ /* We however check put a safeguard here */ if(encrypted == NULL){ return CKR_GENERAL_ERROR; } /**********************************************/ #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_Encrypt, " called for session %ld size %ld\n", session, data_len); rv = pkcs11->C_Encrypt(session, data, data_len, NULL_PTR, encrypted_len); if (rv != CKR_OK) { if (encrypted_len != NULL) { *encrypted_len = 0UL; } return rv; } if (encrypted_len != NULL) { DEBUG_CALL(ML_CK_C_Encrypt, " first call for session %ld returned needed size of %ld\n", session, *encrypted_len); *encrypted = (unsigned char *)custom_malloc(*encrypted_len * sizeof(char)); } /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((*encrypted != NULL) && (encrypted_len != NULL)) { memset(*encrypted, 0, *encrypted_len); } rv = pkcs11->C_Encrypt(session, data, data_len, *encrypted, encrypted_len); if (rv != CKR_OK) { custom_free((void **)encrypted); if (encrypted_len != NULL) { *encrypted_len = 0UL; } return rv; } DEBUG_RET(ML_CK_C_Encrypt, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_EncryptUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*in */ unsigned char **encrypted, /*in */ unsigned long *encrypted_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_EncryptUpdate); /****** Safeguard on input values *************/ /* By design, some input values can't be NULL */ /* (see functions in pkcs11_stubs.c where the */ /* functions here are called) */ /* We however check put a safeguard here */ if(encrypted == NULL){ return CKR_GENERAL_ERROR; } /**********************************************/ #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_EncryptUpdate, " called for session %ld size %ld\n", session, data_len); rv = pkcs11->C_EncryptUpdate(session, data, data_len, NULL_PTR, encrypted_len); if (rv != CKR_OK) { if (encrypted_len != NULL) { *encrypted_len = 0UL; } return rv; } if (encrypted_len != NULL) { DEBUG_CALL(ML_CK_C_EncryptUpdate, " first call for session %ld returned needed size of %ld\n", session, *encrypted_len); *encrypted = (unsigned char *)custom_malloc(*encrypted_len * sizeof(char)); } /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((*encrypted != NULL) && (encrypted_len != NULL)) { memset(*encrypted, 0, *encrypted_len); } rv = pkcs11->C_EncryptUpdate(session, data, data_len, *encrypted, encrypted_len); if (rv != CKR_OK) { custom_free((void **)encrypted); if (encrypted_len != NULL) { *encrypted_len = 0UL; } return rv; } DEBUG_RET(ML_CK_C_EncryptUpdate, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_DigestEncryptUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*in */ unsigned char **encrypted, /*in */ unsigned long *encrypted_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_DigestEncryptUpdate); /****** Safeguard on input values *************/ /* By design, some input values can't be NULL */ /* (see functions in pkcs11_stubs.c where the */ /* functions here are called) */ /* We however check put a safeguard here */ if(encrypted == NULL){ return CKR_GENERAL_ERROR; } /**********************************************/ #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_DigestEncryptUpdate, " called for session %ld size %ld\n", session, data_len); rv = pkcs11->C_DigestEncryptUpdate(session, data, data_len, NULL_PTR, encrypted_len); if (rv != CKR_OK) { if (encrypted_len != NULL) { *encrypted_len = 0UL; } return rv; } if (encrypted_len != NULL) { DEBUG_CALL(ML_CK_C_DigestEncryptUpdate, " first call for session %ld returned needed size of %ld\n", session, *encrypted_len); *encrypted = (unsigned char *)custom_malloc(*encrypted_len * sizeof(char)); } /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((*encrypted != NULL) && (encrypted_len != NULL)) { memset(*encrypted, 0, *encrypted_len); } rv = pkcs11->C_DigestEncryptUpdate(session, data, data_len, *encrypted, encrypted_len); if (rv != CKR_OK) { custom_free((void **)encrypted); if (encrypted_len != NULL) { *encrypted_len = 0UL; } return rv; } DEBUG_RET(ML_CK_C_DigestEncryptUpdate, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_SignEncryptUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*in */ unsigned char **encrypted, /*in */ unsigned long *encrypted_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_SignEncryptUpdate); /****** Safeguard on input values *************/ /* By design, some input values can't be NULL */ /* (see functions in pkcs11_stubs.c where the */ /* functions here are called) */ /* We however check put a safeguard here */ if(encrypted == NULL){ return CKR_GENERAL_ERROR; } /**********************************************/ #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_SignEncryptUpdate, " called for session %ld size %ld\n", session, data_len); rv = pkcs11->C_SignEncryptUpdate(session, data, data_len, NULL_PTR, encrypted_len); if (rv != CKR_OK) { if (encrypted_len != NULL){ *encrypted_len = 0UL; } return rv; } if (encrypted_len != NULL) { DEBUG_CALL(ML_CK_C_SignEncryptUpdate, " first call for session %ld returned needed size of %ld\n", session, *encrypted_len); *encrypted = (unsigned char *)custom_malloc(*encrypted_len * sizeof(char)); } /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((*encrypted != NULL) && (encrypted_len != NULL)) { memset(*encrypted, 0, *encrypted_len); } rv = pkcs11->C_SignEncryptUpdate(session, data, data_len, *encrypted, encrypted_len); if (rv != CKR_OK) { custom_free((void **)encrypted); if (encrypted_len != NULL) { *encrypted_len = 0UL; } return rv; } DEBUG_RET(ML_CK_C_SignEncryptUpdate, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_EncryptFinal( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char **encrypted, /*in */ unsigned long *encrypted_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_EncryptFinal); /****** Safeguard on input values *************/ /* By design, some input values can't be NULL */ /* (see functions in pkcs11_stubs.c where the */ /* functions here are called) */ /* We however check put a safeguard here */ if(encrypted == NULL){ return CKR_GENERAL_ERROR; } /**********************************************/ #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_EncryptFinal, " called for session %ld\n", session); rv = pkcs11->C_EncryptFinal(session, NULL_PTR, encrypted_len); if (rv != CKR_OK) { if (encrypted_len != NULL) { *encrypted_len = 0UL; } return rv; } if (encrypted_len != NULL) { DEBUG_CALL(ML_CK_C_EncryptFinal, " first call for session %ld returned needed size of %ld\n", session, *encrypted_len); *encrypted = (unsigned char *)custom_malloc(*encrypted_len * sizeof(char)); } /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((*encrypted != NULL) && (encrypted_len != NULL)) { memset(*encrypted, 0, *encrypted_len); } rv = pkcs11->C_EncryptFinal(session, *encrypted, encrypted_len); if (rv != CKR_OK) { custom_free((void **)encrypted); if (encrypted_len != NULL) { *encrypted_len = 0UL; } return rv; } DEBUG_RET(ML_CK_C_EncryptFinal, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_DecryptInit( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hkey) { CK_RV rv; CHECK_MODULE_FUNCTION(C_DecryptInit); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } hkey = unalias(hkey, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_DecryptInit, " called for session %ld\n", session); rv = pkcs11->C_DecryptInit(session, &mechanism, hkey); DEBUG_RET(ML_CK_C_DecryptInit, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_Decrypt( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *encrypted, /*in */ unsigned long encrypted_len, /*out */ unsigned char **decrypted, /*in */ unsigned long *decrypted_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_Decrypt); /****** Safeguard on input values *************/ /* By design, some input values can't be NULL */ /* (see functions in pkcs11_stubs.c where the */ /* functions here are called) */ /* We however check put a safeguard here */ if(decrypted == NULL){ return CKR_GENERAL_ERROR; } /**********************************************/ #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_Decrypt, " called for session %ld size %ld\n", session, encrypted_len); rv = pkcs11->C_Decrypt(session, encrypted, encrypted_len, NULL_PTR, decrypted_len); if (rv != CKR_OK) { if (decrypted_len != NULL) { *decrypted_len = 0UL; } return rv; } if (decrypted_len != NULL) { DEBUG_CALL(ML_CK_C_Decrypt, " first call for session %ld returned needed size of %ld\n", session, *decrypted_len); *decrypted = (unsigned char *)custom_malloc(*decrypted_len * sizeof(char)); } /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((*decrypted != NULL) && (decrypted_len != NULL)) { memset(*decrypted, 0, *decrypted_len); } rv = pkcs11->C_Decrypt(session, encrypted, encrypted_len, *decrypted, decrypted_len); if (rv != CKR_OK) { custom_free((void **)decrypted); if (decrypted_len != NULL) { *decrypted_len = 0UL; } return rv; } DEBUG_RET(ML_CK_C_Decrypt, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_DecryptUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *encrypted, /*in */ unsigned long encrypted_len, /*out */ unsigned char **decrypted, /*in */ unsigned long *decrypted_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_DecryptUpdate); /****** Safeguard on input values *************/ /* By design, some input values can't be NULL */ /* (see functions in pkcs11_stubs.c where the */ /* functions here are called) */ /* We however check put a safeguard here */ if(decrypted == NULL){ return CKR_GENERAL_ERROR; } /**********************************************/ #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_DecryptUpdate, " called for session %ld size %ld\n", session, encrypted_len); rv = pkcs11->C_DecryptUpdate(session, encrypted, encrypted_len, NULL_PTR, decrypted_len); if (rv != CKR_OK) { if (decrypted_len != NULL){ *decrypted_len = 0UL; } return rv; } if (decrypted_len != NULL) { DEBUG_CALL(ML_CK_C_DecryptUpdate, " first call for session %ld returned needed size of %ld\n", session, *decrypted_len); *decrypted = (unsigned char *)custom_malloc(*decrypted_len * sizeof(char)); } /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((*decrypted != NULL) && (decrypted_len != NULL)) { memset(*decrypted, 0, *decrypted_len); } rv = pkcs11->C_DecryptUpdate(session, encrypted, encrypted_len, *decrypted, decrypted_len); if (rv != CKR_OK) { custom_free((void **)decrypted); if (decrypted_len != NULL) { *decrypted_len = 0UL; } return rv; } DEBUG_RET(ML_CK_C_DecryptUpdate, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_DecryptFinal( /*in */ CK_SESSION_HANDLE session, /*out */ unsigned char **decrypted, /*in */ unsigned long *decrypted_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_DecryptFinal); /****** Safeguard on input values *************/ /* By design, some input values can't be NULL */ /* (see functions in pkcs11_stubs.c where the */ /* functions here are called) */ /* We however check put a safeguard here */ if(decrypted == NULL){ return CKR_GENERAL_ERROR; } /**********************************************/ #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_DecryptFinal, " called for session %ld size %ld\n", session, *decrypted_len); rv = pkcs11->C_DecryptFinal(session, NULL_PTR, decrypted_len); if (rv != CKR_OK) { if (decrypted_len != NULL) { *decrypted_len = 0UL; } return rv; } if (decrypted_len != NULL) { DEBUG_CALL(ML_CK_C_DecryptFinal, " first call for session %ld returned needed size of %ld\n", session, *decrypted_len); *decrypted = (unsigned char *)custom_malloc(*decrypted_len * sizeof(char)); } /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((*decrypted != NULL) && (decrypted_len != NULL)) { memset(*decrypted, 0, *decrypted_len); } rv = pkcs11->C_DecryptFinal(session, *decrypted, decrypted_len); if (rv != CKR_OK) { custom_free((void **)decrypted); if (decrypted_len != NULL) { *decrypted_len = 0UL; } return rv; } DEBUG_RET(ML_CK_C_DecryptFinal, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_DecryptDigestUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *encrypted, /*in */ unsigned long encrypted_len, /*out */ unsigned char **decrypted, /*in */ unsigned long *decrypted_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_DecryptDigestUpdate); /****** Safeguard on input values *************/ /* By design, some input values can't be NULL */ /* (see functions in pkcs11_stubs.c where the */ /* functions here are called) */ /* We however check put a safeguard here */ if(decrypted == NULL){ return CKR_GENERAL_ERROR; } /**********************************************/ #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_DecryptDigestUpdate, " called for session %ld size %ld\n", session, encrypted_len); rv = pkcs11->C_DecryptDigestUpdate(session, encrypted, encrypted_len, NULL_PTR, decrypted_len); if (rv != CKR_OK) { if (decrypted_len != NULL) { *decrypted_len = 0UL; } return rv; } if (decrypted_len != NULL) { DEBUG_CALL(ML_CK_C_DecryptDigestUpdate, " first call for session %ld returned needed size of %ld\n", session, *decrypted_len); *decrypted = (unsigned char *)custom_malloc(*decrypted_len * sizeof(char)); } /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((*decrypted != NULL) && (decrypted_len != NULL)) { memset(*decrypted, 0, *decrypted_len); } rv = pkcs11->C_DecryptDigestUpdate(session, encrypted, encrypted_len, *decrypted, decrypted_len); if (rv != CKR_OK) { custom_free((void **)decrypted); if (decrypted_len != NULL) { *decrypted_len = 0UL; } return rv; } DEBUG_RET(ML_CK_C_DecryptDigestUpdate, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_DecryptVerifyUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *encrypted, /*in */ unsigned long encrypted_len, /*out */ unsigned char **decrypted, /*in */ unsigned long *decrypted_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_DecryptVerifyUpdate); /****** Safeguard on input values *************/ /* By design, some input values can't be NULL */ /* (see functions in pkcs11_stubs.c where the */ /* functions here are called) */ /* We however check put a safeguard here */ if(decrypted == NULL){ return CKR_GENERAL_ERROR; } /**********************************************/ #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_DecryptVerifyUpdate, " called for session %ld size %ld\n", session, encrypted_len); rv = pkcs11->C_DecryptVerifyUpdate(session, encrypted, encrypted_len, NULL_PTR, decrypted_len); if (rv != CKR_OK) { if (decrypted_len != NULL) { *decrypted_len = 0UL; } return rv; } if (decrypted_len != NULL) { DEBUG_CALL(ML_CK_C_DecryptVerifyUpdate, " first call for session %ld returned needed size of %ld\n", session, *decrypted_len); *decrypted = (unsigned char *)custom_malloc(*decrypted_len * sizeof(char)); } /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((*decrypted != NULL) && (decrypted_len != NULL)) { memset(*decrypted, 0, *decrypted_len); } rv = pkcs11->C_DecryptVerifyUpdate(session, encrypted, encrypted_len, *decrypted, decrypted_len); if (rv != CKR_OK) { custom_free((void **)decrypted); if (decrypted_len != NULL) { *decrypted_len = 0UL; } return rv; } DEBUG_RET(ML_CK_C_DecryptVerifyUpdate, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_GetFunctionStatus( /*in */ CK_SESSION_HANDLE session) { CK_RV rv; CHECK_MODULE_FUNCTION(C_GetFunctionStatus); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_GetFunctionStatus, " called for session %ld\n", session); rv = pkcs11->C_GetFunctionStatus(session); DEBUG_RET(ML_CK_C_GetFunctionStatus, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_CancelFunction( /*in */ CK_SESSION_HANDLE session) { CK_RV rv; CHECK_MODULE_FUNCTION(C_CancelFunction); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_CancelFunction, " called for session %ld\n", session); rv = pkcs11->C_CancelFunction(session); DEBUG_RET(ML_CK_C_CancelFunction, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_GetOperationState( /*in */ CK_SESSION_HANDLE session, /*out */ unsigned char **data, /*in */ unsigned long *data_len) { CK_RV rv; CHECK_MODULE_FUNCTION(C_GetOperationState); /****** Safeguard on input values *************/ /* By design, some input values can't be NULL */ /* (see functions in pkcs11_stubs.c where the */ /* functions here are called) */ /* We however check put a safeguard here */ if(data == NULL){ return CKR_GENERAL_ERROR; } /**********************************************/ #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_GetOperationState, " called for session %ld\n", session); rv = pkcs11->C_GetOperationState(session, NULL_PTR, data_len); if (rv != CKR_OK) { if (data_len != NULL) { *data_len = 0UL; } return rv; } if (data_len != NULL) { DEBUG_CALL(ML_CK_C_GetOperationState, " first call for session %ld returned needed size of %ld\n", session, *data_len); *data = (unsigned char *)custom_malloc(*data_len * sizeof(char)); } /* Fill the output with default invalid values in case */ /* the PKCS#11 call fails */ if ((*data != NULL) && (data_len != NULL)) { memset(*data, 0, *data_len); } rv = pkcs11->C_GetOperationState(session, *data, data_len); if (rv != CKR_OK) { custom_free((void **)data); if (data_len != NULL) { *data_len = 0UL; } return rv; } DEBUG_RET(ML_CK_C_GetOperationState, rv, " session %ld\n", session); return rv; } CK_RV ML_CK_C_SetOperationState( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*in */ CK_OBJECT_HANDLE hencryptionkey, /*in */ CK_OBJECT_HANDLE hauthenticationkey) { CK_RV rv; CHECK_MODULE_FUNCTION(C_SetOperationState); #ifdef USE_ALIASING {/* UNALIASING */ boolean found; session = unalias(session, SESSION, &found); if(found != TRUE){ rv = CKR_SESSION_HANDLE_INVALID; return rv; } hencryptionkey = unalias(hencryptionkey, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } hauthenticationkey = unalias(hauthenticationkey, OBJECT, &found); if(found != TRUE){ rv = CKR_OBJECT_HANDLE_INVALID; return rv; } /*------------*/} #endif DEBUG_CALL(ML_CK_C_SetOperationState, " called for session %ld, data size of %ld, encryption key handle %ld, authentication key handle %ld\n", session, data_len, hencryptionkey, hauthenticationkey); rv = pkcs11->C_SetOperationState(session, data, data_len, hencryptionkey, hauthenticationkey); DEBUG_RET(ML_CK_C_SetOperationState, rv, " session %ld\n", session); return rv; } void int_to_ulong_char_array( /*in */ unsigned long input, /*out */ unsigned char *data) { if (data != NULL) { *((unsigned long *)data) = input; } return; } void char_array_to_ulong( /*in */ unsigned char* data, /* in */ size_t data_size, /*out */ unsigned long* output) { if (data_size > sizeof(unsigned long)){ if (output != NULL) { memset(output, 0, sizeof(unsigned long)); } return; } if ((data != NULL) && (output != NULL)) { memset(output, 0, sizeof(unsigned long)); memcpy(output, data, data_size); return; } return; } #ifdef SERVER_ROLE extern unsigned long peer_arch; #endif /* Host char array to network char array */ /* We only deal with 32-bit values */ void hton_char_array( /*in */ unsigned char *input, unsigned long input_len, /*out*/ unsigned char *output, unsigned long *output_len) { unsigned int i; unsigned long arch; unsigned long data_size; /* We always output a 32-bit value */ #ifdef SERVER_ROLE arch = peer_arch; #else arch = get_local_arch(); #endif if(input_len > 8){ *output_len = 0; return; } if(input_len < 4){ data_size = input_len; } else{ data_size = 4; } *output_len = 4; if((input != NULL) && (output != NULL)){ memset(output, 0, *output_len); switch (arch) { case LITTLE_ENDIAN_32: case LITTLE_ENDIAN_64: for(i=0; i < data_size; i++){ output[3-i] = input[i]; } break; case BIG_ENDIAN_32: for(i=0; i < data_size; i++){ output[i] = input[i]; } break; case BIG_ENDIAN_64: for(i=0; i < data_size; i++){ output[3-i] = input[7-i]; } break; default: break; } } return; } /* Network char array to host char array */ /* We only deal with 32-bit values */ void ntoh_char_array( /*in */ unsigned char *input, unsigned long input_len, /*out*/ unsigned char *output, unsigned long *output_len) { unsigned int i; unsigned long arch; /* We always output a 32-bit value */ #ifdef SERVER_ROLE arch = peer_arch; #else arch = get_local_arch(); #endif if(input_len != 4){ *output_len = 0; return; } if((input != NULL) && (output != NULL)){ switch (arch) { case LITTLE_ENDIAN_32: *output_len = 4; memset(output, 0, *output_len); for(i=0; i < 4; i++){ output[i] = input[3-i]; } break; case LITTLE_ENDIAN_64: *output_len = 8; memset(output, 0, *output_len); for(i=0; i < 4; i++){ output[i] = input[3-i]; } break; case BIG_ENDIAN_32: *output_len = 4; memset(output, 0, *output_len); for(i=0; i < 4; i++){ output[i] = input[i]; } break; case BIG_ENDIAN_64: *output_len = 8; memset(output, 0, *output_len); for(i=0; i < 4; i++){ output[4+i] = input[i]; } break; default: break; } } return; } caml-crush-1.0.12/src/bindings-pkcs11/pkcs11_functions.h000066400000000000000000000351121414774042300226700ustar00rootroot00000000000000/*------------------------ MIT License HEADER ------------------------------------ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the bindings 1] source tree: ---------------------- | 1] PKCS#11 OCaml | | bindings | ---------------------- | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Project: PKCS#11 Filtering Proxy File: src/bindings-pkcs11/pkcs11_functions.h -------------------------- MIT License HEADER ----------------------------------*/ #define LITTLE_ENDIAN_64 1 #define LITTLE_ENDIAN_32 2 #define BIG_ENDIAN_64 3 #define BIG_ENDIAN_32 4 #define UNSUPPORTED_ARCHITECTURE 5 CK_RV ML_CK_C_Daemonize(unsigned char *param, unsigned long param_len); CK_RV ML_CK_C_SetupArch( /*in */ unsigned long client_arch); CK_RV ML_CK_C_LoadModule( /*in */ const char *libname); CK_RV ML_CK_C_Initialize(void); CK_RV ML_CK_C_Finalize(void); CK_RV ML_CK_C_GetInfo( /*in */ CK_INFO_PTR info); CK_RV ML_CK_C_WaitForSlotEvent( /*in */ CK_FLAGS flags, /* out */ CK_SLOT_ID * pSlot); CK_RV ML_CK_C_GetSlotList( /*in */ unsigned int token_present, /*out */ CK_SLOT_ID * slot_list, /*in */ unsigned long count, /*out */ unsigned long *real_count); CK_RV ML_CK_C_GetSlotInfo( /*in */ CK_SLOT_ID slot_id, /*out */ CK_SLOT_INFO * info); CK_RV ML_CK_C_GetTokenInfo( /*in */ CK_SLOT_ID slot_id, /*out */ CK_TOKEN_INFO * info); CK_RV ML_CK_C_OpenSession( /*in */ CK_SLOT_ID slot_id, /*in */ CK_FLAGS flags, /*out */ CK_SESSION_HANDLE * session); CK_RV ML_CK_C_CloseSession( /*in */ CK_SESSION_HANDLE session); CK_RV ML_CK_C_CloseAllSessions( /*in */ CK_SLOT_ID slot_id); CK_RV ML_CK_C_GetSessionInfo( /*in */ CK_SESSION_HANDLE session, /*out */ CK_SESSION_INFO * session_info); CK_RV ML_CK_C_Login( /*in */ CK_SESSION_HANDLE session, /*in */ CK_USER_TYPE user_type, /*in */ unsigned char *pin, /*in */ unsigned long pin_len); CK_RV ML_CK_C_Logout( /*in */ CK_SESSION_HANDLE session); CK_RV ML_CK_C_GetMechanismList( /*in */ CK_SLOT_ID slot_id, /*out */ CK_MECHANISM_TYPE * mechanism_list, /*in */ unsigned long count, /*out */ unsigned long *real_count); CK_RV ML_CK_C_GetMechanismInfo( /*in */ CK_SLOT_ID slot_id, /*in */ CK_MECHANISM_TYPE mechanism, /*out */ CK_MECHANISM_INFO * mechanism_info); CK_RV ML_CK_C_InitToken( /*in */ CK_SLOT_ID slot_id, /*in */ unsigned char *pin, /*in */ unsigned long pin_len, /*in */ unsigned char *label); CK_RV ML_CK_C_InitPIN( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *pin, /*in */ unsigned long pin_len); CK_RV ML_CK_C_SetPIN( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *old_pin, /*in */ unsigned long old_pin_len, /*in */ unsigned char *new_pin, /*in */ unsigned long new_pin_len); CK_RV ML_CK_C_SeedRandom( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *seed, /*in */ unsigned long seed_len); CK_RV ML_CK_C_GenerateRandom( /*in */ CK_SESSION_HANDLE session, /*out */ unsigned char *rand, /*in */ unsigned long rand_len); CK_RV ML_CK_C_FindObjectsInit( /*in */ CK_SESSION_HANDLE session, /*in */ CK_ATTRIBUTE * templ, /*in */ unsigned long count); CK_RV ML_CK_C_FindObjects( /*in */ CK_SESSION_HANDLE session, /*out */ CK_OBJECT_HANDLE * object, /*in */ unsigned long max_object_count, /*out */ unsigned long *object_count); CK_RV ML_CK_C_FindObjectsFinal( /*in */ CK_SESSION_HANDLE session); CK_RV ML_CK_C_GenerateKey( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_ATTRIBUTE * templ, /*in */ unsigned long count, /*out */ CK_OBJECT_HANDLE * phkey); CK_RV ML_CK_C_GenerateKeyPair( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_ATTRIBUTE * pub_templ, /*in */ unsigned long pub_count, /*in */ CK_ATTRIBUTE * priv_templ, /*in */ unsigned long priv_count, /*out */ CK_OBJECT_HANDLE * phpubkey, /*out */ CK_OBJECT_HANDLE * phprivkey); CK_RV ML_CK_C_CreateObject( /*in */ CK_SESSION_HANDLE session, /*in */ CK_ATTRIBUTE * templ, /*in */ unsigned long count, /*out */ CK_OBJECT_HANDLE * phobject); CK_RV ML_CK_C_CopyObject( /*in */ CK_SESSION_HANDLE session, /*in */ CK_OBJECT_HANDLE hobject, /*in */ CK_ATTRIBUTE * templ, /*in */ unsigned long count, /*out */ CK_OBJECT_HANDLE * phnewobject); CK_RV ML_CK_C_DestroyObject( /*in */ CK_SESSION_HANDLE session, /*in */ CK_OBJECT_HANDLE phobject); CK_RV ML_CK_C_GetAttributeValue( /*in */ CK_SESSION_HANDLE session, /*in */ CK_OBJECT_HANDLE phobject, /*in,out */ CK_ATTRIBUTE * templ, /*in */ unsigned long count); CK_RV ML_CK_C_SetAttributeValue( /*in */ CK_SESSION_HANDLE session, /*in */ CK_OBJECT_HANDLE phobject, /*in */ CK_ATTRIBUTE * templ, /*in */ unsigned long count); CK_RV ML_CK_C_GetObjectSize( /*in */ CK_SESSION_HANDLE session, /*in */ CK_OBJECT_HANDLE phobject, /*out */ unsigned long *object_size); CK_RV ML_CK_C_WrapKey( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hwrappingkey, /*in */ CK_OBJECT_HANDLE hkey, /*out */ unsigned char *wrapped_key, /*in */ unsigned long *wrapped_key_len); CK_RV ML_CK_C_UnwrapKey( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hunwrappingkey, /*in */ unsigned char *wrapped_key, /*in */ unsigned long wrapped_key_len, /*in */ CK_ATTRIBUTE * templ, /*in */ unsigned long count, /*out */ CK_OBJECT_HANDLE * phunwrappedkey); CK_RV ML_CK_C_DeriveKey( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hbasekey, /*in */ CK_ATTRIBUTE * templ, /*in */ unsigned long count, /*out */ CK_OBJECT_HANDLE * phkey); CK_RV ML_CK_C_DigestInit( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism); CK_RV ML_CK_C_Digest( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*out */ unsigned char *digest, /*in */ unsigned long *digest_len); CK_RV ML_CK_C_DigestUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len); CK_RV ML_CK_C_DigestKey( /*in */ CK_SESSION_HANDLE session, /*in */ CK_OBJECT_HANDLE hkey); CK_RV ML_CK_C_DigestFinal( /*in */ CK_SESSION_HANDLE session, /*out */ unsigned char *digest, /*in */ unsigned long *digest_len); CK_RV ML_CK_C_SignInit( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hkey); CK_RV ML_CK_C_SignRecoverInit( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hkey); CK_RV ML_CK_C_Sign( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*out */ unsigned char *signature, /*in */ unsigned long *signed_len); CK_RV ML_CK_C_SignRecover( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*out */ unsigned char *signature, /*in */ unsigned long *signed_len); CK_RV ML_CK_C_SignUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len); CK_RV ML_CK_C_SignFinal( /*in */ CK_SESSION_HANDLE session, /*out */ unsigned char *signature, /*in */ unsigned long *signed_len); CK_RV ML_CK_C_VerifyInit( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hkey); CK_RV ML_CK_C_VerifyRecoverInit( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hkey); CK_RV ML_CK_C_Verify( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*in */ unsigned char *signature, /*in */ unsigned long signed_len); CK_RV ML_CK_C_VerifyRecover( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *signature, /*in */ unsigned long signature_len, /*out */ unsigned char **data, /*in */ unsigned long *data_len); CK_RV ML_CK_C_VerifyUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len); CK_RV ML_CK_C_VerifyFinal( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *signature, /*in */ unsigned long signed_len); CK_RV ML_CK_C_EncryptInit( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hkey); CK_RV ML_CK_C_Encrypt( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*out */ unsigned char **encrypted, /*in */ unsigned long *encrypted_len); CK_RV ML_CK_C_EncryptUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*in */ unsigned char **encrypted, /*in */ unsigned long *encrypted_len); CK_RV ML_CK_C_DigestEncryptUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*in */ unsigned char **encrypted, /*in */ unsigned long *encrypted_len); CK_RV ML_CK_C_SignEncryptUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*in */ unsigned char **encrypted, /*in */ unsigned long *encrypted_len); CK_RV ML_CK_C_EncryptFinal( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char **encrypted, /*in */ unsigned long *encrypted_len); CK_RV ML_CK_C_DecryptInit( /*in */ CK_SESSION_HANDLE session, /*in */ CK_MECHANISM mechanism, /*in */ CK_OBJECT_HANDLE hkey); CK_RV ML_CK_C_Decrypt( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *encrypted, /*in */ unsigned long encrypted_len, /*out */ unsigned char **decrypted, /*in */ unsigned long *decrypted_len); CK_RV ML_CK_C_DecryptUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *encrypted, /*in */ unsigned long encrypted_len, /*out */ unsigned char **decrypted, /*in */ unsigned long *decrypted_len); CK_RV ML_CK_C_DecryptFinal( /*in */ CK_SESSION_HANDLE session, /*out */ unsigned char **decrypted, /*in */ unsigned long *decrypted_len); CK_RV ML_CK_C_DecryptDigestUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *encrypted, /*in */ unsigned long encrypted_len, /*out */ unsigned char **decrypted, /*in */ unsigned long *decrypted_len); CK_RV ML_CK_C_DecryptVerifyUpdate( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *encrypted, /*in */ unsigned long encrypted_len, /*out */ unsigned char **decrypted, /*in */ unsigned long *decrypted_len); CK_RV ML_CK_C_GetFunctionStatus( /*in */ CK_SESSION_HANDLE session); CK_RV ML_CK_C_CancelFunction( /*in */ CK_SESSION_HANDLE session); CK_RV ML_CK_C_GetOperationState( /*in */ CK_SESSION_HANDLE session, /*out */ unsigned char **data, /*in */ unsigned long *data_len); CK_RV ML_CK_C_SetOperationState( /*in */ CK_SESSION_HANDLE session, /*in */ unsigned char *data, /*in */ unsigned long data_len, /*in */ CK_OBJECT_HANDLE hencryptionkey, /*in */ CK_OBJECT_HANDLE hauthenticationkey); caml-crush-1.0.12/src/bindings-pkcs11/pkcs11_stubs.c000066400000000000000000005273741414774042300220330ustar00rootroot00000000000000/* File generated from pkcs11.idl */ #include #include #include #include #include #include #include #ifdef Custom_tag #include #include #endif #include #define CUSTOM_ALLOC #include "pkcs11.h" #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_flags_t(value _v1, ck_flags_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_flags_t(value _v1, ck_flags_t * _c2, camlidl_ctx _ctx) #endif { /* To handle OCaml client RPC layer int64 format */ (*_c2) = custom_int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_flags_t(ck_flags_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_flags_t(ck_flags_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = custom_copy_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_struct_ck_version(value _v1, struct ck_version * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_struct_ck_version(value _v1, struct ck_version * _c2, camlidl_ctx _ctx) #endif { value _v3; value _v4; _v3 = Field(_v1, 0); (*_c2).major = Int_val(_v3); _v4 = Field(_v1, 1); (*_c2).minor = Int_val(_v4); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_struct_ck_version(struct ck_version * _c1, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_struct_ck_version(struct ck_version * _c1, camlidl_ctx _ctx) #endif { value _v2; value _v3[2]; _v3[0] = _v3[1] = 0; /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_v3, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v3[0] = Val_int((*_c1).major); _v3[1] = Val_int((*_c1).minor); _v2 = camlidl_alloc_small(2, 0); Field(_v2, 0) = _v3[0]; Field(_v2, 1) = _v3[1]; End_roots(); return _v2; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_struct_ck_info(value _v1, struct ck_info * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_struct_ck_info(value _v1, struct ck_info * _c2, camlidl_ctx _ctx) #endif { value _v3; value _v4; mlsize_t _c5; mlsize_t _c6; value _v7; value _v8; value _v9; mlsize_t _c10; mlsize_t _c11; value _v12; value _v13; _v3 = Field(_v1, 0); camlidl_ml2c_pkcs11_struct_ck_version(_v3, &(*_c2).cryptoki_version, _ctx); _v4 = Field(_v1, 1); _c5 = Wosize_val(_v4); if (_c5 != 32) invalid_argument("struct ck_info"); for (_c6 = 0; _c6 < 32; _c6++) { _v7 = Field(_v4, _c6); (*_c2).manufacturer_id[_c6] = Int_val(_v7); } _v8 = Field(_v1, 2); camlidl_ml2c_pkcs11_ck_flags_t(_v8, &(*_c2).flags, _ctx); _v9 = Field(_v1, 3); _c10 = Wosize_val(_v9); if (_c10 != 32) invalid_argument("struct ck_info"); for (_c11 = 0; _c11 < 32; _c11++) { _v12 = Field(_v9, _c11); (*_c2).library_description[_c11] = Int_val(_v12); } _v13 = Field(_v1, 4); camlidl_ml2c_pkcs11_struct_ck_version(_v13, &(*_c2).library_version, _ctx); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_struct_ck_info(struct ck_info * _c1, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_struct_ck_info(struct ck_info * _c1, camlidl_ctx _ctx) #endif { value _v2; value _v3[5]; mlsize_t _c4; mlsize_t _c5; memset(_v3, 0, 5 * sizeof(value)); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_v3, 5); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v3[0] = camlidl_c2ml_pkcs11_struct_ck_version(&(*_c1).cryptoki_version, _ctx); _v3[1] = camlidl_alloc_small(32, 0); for (_c4 = 0; _c4 < 32; _c4++) { Field(_v3[1], _c4) = Val_int((*_c1).manufacturer_id[_c4]); } _v3[2] = camlidl_c2ml_pkcs11_ck_flags_t(&(*_c1).flags, _ctx); _v3[3] = camlidl_alloc_small(32, 0); for (_c5 = 0; _c5 < 32; _c5++) { Field(_v3[3], _c5) = Val_int((*_c1).library_description[_c5]); } _v3[4] = camlidl_c2ml_pkcs11_struct_ck_version(&(*_c1).library_version, _ctx); _v2 = camlidl_alloc_small(5, 0); { mlsize_t _c6; for (_c6 = 0; _c6 < 5; _c6++) Field(_v2, _c6) = _v3[_c6]; } End_roots(); return _v2; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_notification_t(value _v1, ck_notification_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_notification_t(value _v1, ck_notification_t * _c2, camlidl_ctx _ctx) #endif { /* To handle OCaml client RPC layer int64 format */ (*_c2) = custom_int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_notification_t(ck_notification_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_notification_t(ck_notification_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = custom_copy_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_slot_id_t(value _v1, ck_slot_id_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_slot_id_t(value _v1, ck_slot_id_t * _c2, camlidl_ctx _ctx) #endif { /* To handle OCaml client RPC layer int64 format */ (*_c2) = custom_int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_slot_id_t(ck_slot_id_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_slot_id_t(ck_slot_id_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = custom_copy_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_struct_ck_slot_info(value _v1, struct ck_slot_info * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_struct_ck_slot_info(value _v1, struct ck_slot_info * _c2, camlidl_ctx _ctx) #endif { value _v3; mlsize_t _c4; mlsize_t _c5; value _v6; value _v7; mlsize_t _c8; mlsize_t _c9; value _v10; value _v11; value _v12; value _v13; _v3 = Field(_v1, 0); _c4 = Wosize_val(_v3); if (_c4 != 64) invalid_argument("struct ck_slot_info"); for (_c5 = 0; _c5 < 64; _c5++) { _v6 = Field(_v3, _c5); (*_c2).slot_description[_c5] = Int_val(_v6); } _v7 = Field(_v1, 1); _c8 = Wosize_val(_v7); if (_c8 != 32) invalid_argument("struct ck_slot_info"); for (_c9 = 0; _c9 < 32; _c9++) { _v10 = Field(_v7, _c9); (*_c2).manufacturer_id[_c9] = Int_val(_v10); } _v11 = Field(_v1, 2); camlidl_ml2c_pkcs11_ck_flags_t(_v11, &(*_c2).flags, _ctx); _v12 = Field(_v1, 3); camlidl_ml2c_pkcs11_struct_ck_version(_v12, &(*_c2).hardware_version, _ctx); _v13 = Field(_v1, 4); camlidl_ml2c_pkcs11_struct_ck_version(_v13, &(*_c2).firmware_version, _ctx); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_struct_ck_slot_info(struct ck_slot_info * _c1, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_struct_ck_slot_info(struct ck_slot_info * _c1, camlidl_ctx _ctx) #endif { value _v2; value _v3[5]; mlsize_t _c4; value _v5; mlsize_t _c6; memset(_v3, 0, 5 * sizeof(value)); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_v3, 5); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v3[0] = camlidl_alloc(64, 0); for (_c4 = 0; _c4 < 64; _c4++) { _v5 = Val_int((*_c1).slot_description[_c4]); modify(&Field(_v3[0], _c4), _v5); } _v3[1] = camlidl_alloc_small(32, 0); for (_c6 = 0; _c6 < 32; _c6++) { Field(_v3[1], _c6) = Val_int((*_c1).manufacturer_id[_c6]); } _v3[2] = camlidl_c2ml_pkcs11_ck_flags_t(&(*_c1).flags, _ctx); _v3[3] = camlidl_c2ml_pkcs11_struct_ck_version(&(*_c1).hardware_version, _ctx); _v3[4] = camlidl_c2ml_pkcs11_struct_ck_version(&(*_c1).firmware_version, _ctx); _v2 = camlidl_alloc_small(5, 0); { mlsize_t _c7; for (_c7 = 0; _c7 < 5; _c7++) Field(_v2, _c7) = _v3[_c7]; } End_roots(); return _v2; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_struct_ck_token_info(value _v1, struct ck_token_info * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_struct_ck_token_info(value _v1, struct ck_token_info * _c2, camlidl_ctx _ctx) #endif { value _v3; mlsize_t _c4; mlsize_t _c5; value _v6; value _v7; mlsize_t _c8; mlsize_t _c9; value _v10; value _v11; mlsize_t _c12; mlsize_t _c13; value _v14; value _v15; mlsize_t _c16; mlsize_t _c17; value _v18; value _v19; value _v20; value _v21; value _v22; value _v23; value _v24; value _v25; value _v26; value _v27; value _v28; value _v29; value _v30; value _v31; value _v32; mlsize_t _c33; mlsize_t _c34; value _v35; _v3 = Field(_v1, 0); _c4 = Wosize_val(_v3); if (_c4 != 32) invalid_argument("struct ck_token_info"); for (_c5 = 0; _c5 < 32; _c5++) { _v6 = Field(_v3, _c5); (*_c2).label[_c5] = Int_val(_v6); } _v7 = Field(_v1, 1); _c8 = Wosize_val(_v7); if (_c8 != 32) invalid_argument("struct ck_token_info"); for (_c9 = 0; _c9 < 32; _c9++) { _v10 = Field(_v7, _c9); (*_c2).manufacturer_id[_c9] = Int_val(_v10); } _v11 = Field(_v1, 2); _c12 = Wosize_val(_v11); if (_c12 != 16) invalid_argument("struct ck_token_info"); for (_c13 = 0; _c13 < 16; _c13++) { _v14 = Field(_v11, _c13); (*_c2).model[_c13] = Int_val(_v14); } _v15 = Field(_v1, 3); _c16 = Wosize_val(_v15); if (_c16 != 16) invalid_argument("struct ck_token_info"); for (_c17 = 0; _c17 < 16; _c17++) { _v18 = Field(_v15, _c17); (*_c2).serial_number[_c17] = Int_val(_v18); } _v19 = Field(_v1, 4); camlidl_ml2c_pkcs11_ck_flags_t(_v19, &(*_c2).flags, _ctx); _v20 = Field(_v1, 5); /* To handle OCaml client RPC layer int64 format */ (*_c2).max_session_count = custom_int_val(_v20); _v21 = Field(_v1, 6); /* To handle OCaml client RPC layer int64 format */ (*_c2).session_count = custom_int_val(_v21); _v22 = Field(_v1, 7); /* To handle OCaml client RPC layer int64 format */ (*_c2).max_rw_session_count = custom_int_val(_v22); _v23 = Field(_v1, 8); /* To handle OCaml client RPC layer int64 format */ (*_c2).rw_session_count = custom_int_val(_v23); _v24 = Field(_v1, 9); /* To handle OCaml client RPC layer int64 format */ (*_c2).max_pin_len = custom_int_val(_v24); _v25 = Field(_v1, 10); /* To handle OCaml client RPC layer int64 format */ (*_c2).min_pin_len = custom_int_val(_v25); _v26 = Field(_v1, 11); /* To handle OCaml client RPC layer int64 format */ (*_c2).total_public_memory = custom_int_val(_v26); _v27 = Field(_v1, 12); /* To handle OCaml client RPC layer int64 format */ (*_c2).free_public_memory = custom_int_val(_v27); _v28 = Field(_v1, 13); /* To handle OCaml client RPC layer int64 format */ (*_c2).total_private_memory = custom_int_val(_v28); _v29 = Field(_v1, 14); /* To handle OCaml client RPC layer int64 format */ (*_c2).free_private_memory = custom_int_val(_v29); _v30 = Field(_v1, 15); camlidl_ml2c_pkcs11_struct_ck_version(_v30, &(*_c2).hardware_version, _ctx); _v31 = Field(_v1, 16); camlidl_ml2c_pkcs11_struct_ck_version(_v31, &(*_c2).firmware_version, _ctx); _v32 = Field(_v1, 17); _c33 = Wosize_val(_v32); if (_c33 != 16) invalid_argument("struct ck_token_info"); for (_c34 = 0; _c34 < 16; _c34++) { _v35 = Field(_v32, _c34); (*_c2).utc_time[_c34] = Int_val(_v35); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_struct_ck_token_info(struct ck_token_info * _c1, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_struct_ck_token_info(struct ck_token_info * _c1, camlidl_ctx _ctx) #endif { value _v2; value _v3[18]; mlsize_t _c4; mlsize_t _c5; mlsize_t _c6; mlsize_t _c7; mlsize_t _c8; memset(_v3, 0, 18 * sizeof(value)); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_v3, 18); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v3[0] = camlidl_alloc_small(32, 0); for (_c4 = 0; _c4 < 32; _c4++) { Field(_v3[0], _c4) = Val_int((*_c1).label[_c4]); } _v3[1] = camlidl_alloc_small(32, 0); for (_c5 = 0; _c5 < 32; _c5++) { Field(_v3[1], _c5) = Val_int((*_c1).manufacturer_id[_c5]); } _v3[2] = camlidl_alloc_small(16, 0); for (_c6 = 0; _c6 < 16; _c6++) { Field(_v3[2], _c6) = Val_int((*_c1).model[_c6]); } _v3[3] = camlidl_alloc_small(16, 0); for (_c7 = 0; _c7 < 16; _c7++) { Field(_v3[3], _c7) = Val_int((*_c1).serial_number[_c7]); } _v3[4] = camlidl_c2ml_pkcs11_ck_flags_t(&(*_c1).flags, _ctx); _v3[5] = custom_copy_int((*_c1).max_session_count); _v3[6] = custom_copy_int((*_c1).session_count); _v3[7] = custom_copy_int((*_c1).max_rw_session_count); _v3[8] = custom_copy_int((*_c1).rw_session_count); _v3[9] = custom_copy_int((*_c1).max_pin_len); _v3[10] = custom_copy_int((*_c1).min_pin_len); _v3[11] = custom_copy_int((*_c1).total_public_memory); _v3[12] = custom_copy_int((*_c1).free_public_memory); _v3[13] = custom_copy_int((*_c1).total_private_memory); _v3[14] = custom_copy_int((*_c1).free_private_memory); _v3[15] = camlidl_c2ml_pkcs11_struct_ck_version(&(*_c1).hardware_version, _ctx); _v3[16] = camlidl_c2ml_pkcs11_struct_ck_version(&(*_c1).firmware_version, _ctx); _v3[17] = camlidl_alloc_small(16, 0); for (_c8 = 0; _c8 < 16; _c8++) { Field(_v3[17], _c8) = Val_int((*_c1).utc_time[_c8]); } _v2 = camlidl_alloc_small(18, 0); { mlsize_t _c9; for (_c9 = 0; _c9 < 18; _c9++) Field(_v2, _c9) = _v3[_c9]; } End_roots(); return _v2; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_session_handle_t(value _v1, ck_session_handle_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_session_handle_t(value _v1, ck_session_handle_t * _c2, camlidl_ctx _ctx) #endif { /* To handle OCaml client RPC layer int64 format */ (*_c2) = custom_int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_session_handle_t(ck_session_handle_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_session_handle_t(ck_session_handle_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = custom_copy_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_user_type_t(value _v1, ck_user_type_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_user_type_t(value _v1, ck_user_type_t * _c2, camlidl_ctx _ctx) #endif { /* To handle OCaml client RPC layer int64 format */ (*_c2) = custom_int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_user_type_t(ck_user_type_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_user_type_t(ck_user_type_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = custom_copy_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_state_t(value _v1, ck_state_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_state_t(value _v1, ck_state_t * _c2, camlidl_ctx _ctx) #endif { /* To handle OCaml client RPC layer int64 format */ (*_c2) = custom_int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_state_t(ck_state_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_state_t(ck_state_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = custom_copy_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_struct_ck_session_info(value _v1, struct ck_session_info * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_struct_ck_session_info(value _v1, struct ck_session_info * _c2, camlidl_ctx _ctx) #endif { value _v3; value _v4; value _v5; value _v6; _v3 = Field(_v1, 0); camlidl_ml2c_pkcs11_ck_slot_id_t(_v3, &(*_c2).slot_id, _ctx); _v4 = Field(_v1, 1); camlidl_ml2c_pkcs11_ck_state_t(_v4, &(*_c2).state, _ctx); _v5 = Field(_v1, 2); camlidl_ml2c_pkcs11_ck_flags_t(_v5, &(*_c2).flags, _ctx); _v6 = Field(_v1, 3); /* To handle OCaml client RPC layer int64 format */ (*_c2).device_error = custom_int_val(_v6); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_struct_ck_session_info(struct ck_session_info * _c1, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_struct_ck_session_info(struct ck_session_info * _c1, camlidl_ctx _ctx) #endif { value _v2; value _v3[4]; _v3[0] = _v3[1] = _v3[2] = _v3[3] = 0; /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_v3, 4); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v3[0] = camlidl_c2ml_pkcs11_ck_slot_id_t(&(*_c1).slot_id, _ctx); _v3[1] = camlidl_c2ml_pkcs11_ck_state_t(&(*_c1).state, _ctx); _v3[2] = camlidl_c2ml_pkcs11_ck_flags_t(&(*_c1).flags, _ctx); _v3[3] = custom_copy_int((*_c1).device_error); _v2 = camlidl_alloc_small(4, 0); Field(_v2, 0) = _v3[0]; Field(_v2, 1) = _v3[1]; Field(_v2, 2) = _v3[2]; Field(_v2, 3) = _v3[3]; End_roots(); return _v2; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_object_handle_t(value _v1, ck_object_handle_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_object_handle_t(value _v1, ck_object_handle_t * _c2, camlidl_ctx _ctx) #endif { /* To handle OCaml client RPC layer int64 format */ (*_c2) = custom_int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_object_handle_t(ck_object_handle_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_object_handle_t(ck_object_handle_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = custom_copy_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_object_class_t(value _v1, ck_object_class_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_object_class_t(value _v1, ck_object_class_t * _c2, camlidl_ctx _ctx) #endif { /* To handle OCaml client RPC layer int64 format */ (*_c2) = custom_int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_object_class_t(ck_object_class_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_object_class_t(ck_object_class_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = custom_copy_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_hw_feature_type_t(value _v1, ck_hw_feature_type_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_hw_feature_type_t(value _v1, ck_hw_feature_type_t * _c2, camlidl_ctx _ctx) #endif { /* To handle OCaml client RPC layer int64 format */ (*_c2) = custom_int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_hw_feature_type_t(ck_hw_feature_type_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_hw_feature_type_t(ck_hw_feature_type_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = custom_copy_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_key_type_t(value _v1, ck_key_type_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_key_type_t(value _v1, ck_key_type_t * _c2, camlidl_ctx _ctx) #endif { /* To handle OCaml client RPC layer int64 format */ (*_c2) = custom_int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_key_type_t(ck_key_type_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_key_type_t(ck_key_type_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = custom_copy_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_certificate_type_t(value _v1, ck_certificate_type_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_certificate_type_t(value _v1, ck_certificate_type_t * _c2, camlidl_ctx _ctx) #endif { /* To handle OCaml client RPC layer int64 format */ (*_c2) = custom_int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_certificate_type_t(ck_certificate_type_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_certificate_type_t(ck_certificate_type_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = custom_copy_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_attribute_type_t(value _v1, ck_attribute_type_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_attribute_type_t(value _v1, ck_attribute_type_t * _c2, camlidl_ctx _ctx) #endif { /* To handle OCaml client RPC layer int64 format */ (*_c2) = custom_int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_attribute_type_t(ck_attribute_type_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_attribute_type_t(ck_attribute_type_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = custom_copy_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_struct_ck_attribute(value _v1, struct ck_attribute * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_struct_ck_attribute(value _v1, struct ck_attribute * _c2, camlidl_ctx _ctx) #endif { value _v3; value _v4; mlsize_t _c5; mlsize_t _c6; value _v7; _v3 = Field(_v1, 0); camlidl_ml2c_pkcs11_ck_attribute_type_t(_v3, &(*_c2).type_, _ctx); _v4 = Field(_v1, 1); _c5 = Wosize_val(_v4); /* Endianness transformations for CKA_CLASS, CKA_CERTIFICATE_TYPE, CKA_KEY_TYPE, CKA_KEY_GEN_MECHANISM, CKA_AUTH_PIN_FLAGS, CKA_VALUE_LEN, CKA_MECHANISM_TYPE */ switch ((*_c2).type_) { case 0x0: case 0x80: case 0x88: case 0x100: case 0x121: case 0x161: case 0x166: case 0x201: case 0x400: case 0x401: case 0x402: case 0x403: case 0x404: case 0x405: case 0x406: case 0x500: { #ifdef SERVER_ROLE int decode_ret = 1; if ((long)_c5 > 0) { decode_ret = decode_ck_attribute_arch(_v4, _c2, _ctx); } /* We come from OCaml cannot be negative, allocate a zero pointer */ else { (*_c2).value = camlidl_malloc(_c5 * sizeof(char), _ctx); (*_c2).value_len = _c5; } /* Break ONLY if decode_ck_attribute_arch succeeded * otherwise, we want to go to the default case */ if (decode_ret != -1) { break; } #endif } /* Fallthrough */ default: { if ((long)_c5 >= 0) { (*_c2).value = camlidl_malloc(_c5 * sizeof(char), _ctx); for(_c6 = 0;_c6 < _c5;_c6++) { _v7 = Field(_v4, _c6); (*_c2).value[_c6] = Int_val(_v7); } } (*_c2).value_len = _c5; break; } } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_struct_ck_attribute(struct ck_attribute * _c1, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_struct_ck_attribute(struct ck_attribute * _c1, camlidl_ctx _ctx) #endif { value _v2; value _v3[2]; mlsize_t _c4; value _v5; unsigned char buff[sizeof(uint64_t)]; struct ck_attribute temp_; struct ck_attribute *temp; _v3[0] = _v3[1] = 0; /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_v3, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v3[0] = camlidl_c2ml_pkcs11_ck_attribute_type_t(&(*_c1).type_, _ctx); memset(buff, 0, sizeof(uint64_t)); temp_.type_ = 0; temp_.value = (void *)buff; temp_.value_len = sizeof(uint64_t); temp = &temp_; *temp = *_c1; if ((long)(*temp).value_len >= 0) { /* Endianness transformations for CKA_CLASS, CKA_CERTIFICATE_TYPE, CKA_KEY_TYPE, CKA_KEY_GEN_MECHANISM, CKA_AUTH_PIN_FLAGS, CKA_VALUE_LEN, CKA_MECHANISM_TYPE */ #ifdef SERVER_ROLE switch ((*temp).type_) { case 0x0: case 0x80: case 0x88: case 0x100: case 0x121: case 0x161: case 0x166: case 0x201: case 0x400: case 0x401: case 0x402: case 0x403: case 0x404: case 0x405: case 0x406: case 0x500: { int encode_ret = 1; /* We override the pointer to temp->value */ temp->value = (void *)buff; encode_ret = encode_ck_attribute_arch(_c1, temp); if (encode_ret == -1) { /* FIXME: Something went wrong with encode_ck_attribute_arch * we exit (thus terminating the child process), is there a * better way to handle it. */ exit(-1); } } } #endif if ((*temp).value != NULL) { _v3[1] = camlidl_alloc((*temp).value_len, 0); for(_c4 = 0;_c4 < (*temp).value_len;_c4++) { _v5 = Val_int((unsigned char)((*temp).value[_c4])); modify(&Field(_v3[1], _c4), _v5); } } else { _v3[1] = camlidl_alloc((*temp).value_len, 0); for(_c4 = 0;_c4 < (*temp).value_len;_c4++) { _v5 = Val_int(0); modify(&Field(_v3[1], _c4), _v5); } /* int i = 0; char output_size[sizeof(unsigned long)]; *((unsigned long*)output_size) = (*temp).value_len; _v3[1] = camlidl_alloc(sizeof(unsigned long), 0); for (i = 0 ; i< sizeof(unsigned long); i++){ modify(&Field(_v3[1], i), output_size[i]); } */ } } else { (*temp).value_len = -1; _v3[1] = camlidl_alloc(0, 0); } _v2 = camlidl_alloc_small(2, 0); Field(_v2, 0) = _v3[0]; Field(_v2, 1) = _v3[1]; End_roots(); return _v2; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_struct_ck_date(value _v1, struct ck_date * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_struct_ck_date(value _v1, struct ck_date * _c2, camlidl_ctx _ctx) #endif { value _v3; mlsize_t _c4; mlsize_t _c5; value _v6; value _v7; mlsize_t _c8; mlsize_t _c9; value _v10; value _v11; mlsize_t _c12; mlsize_t _c13; value _v14; _v3 = Field(_v1, 0); _c4 = Wosize_val(_v3); if (_c4 != 4) invalid_argument("struct ck_date"); for (_c5 = 0; _c5 < 4; _c5++) { _v6 = Field(_v3, _c5); (*_c2).year[_c5] = Int_val(_v6); } _v7 = Field(_v1, 1); _c8 = Wosize_val(_v7); if (_c8 != 2) invalid_argument("struct ck_date"); for (_c9 = 0; _c9 < 2; _c9++) { _v10 = Field(_v7, _c9); (*_c2).month[_c9] = Int_val(_v10); } _v11 = Field(_v1, 2); _c12 = Wosize_val(_v11); if (_c12 != 2) invalid_argument("struct ck_date"); for (_c13 = 0; _c13 < 2; _c13++) { _v14 = Field(_v11, _c13); (*_c2).day[_c13] = Int_val(_v14); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_struct_ck_date(struct ck_date * _c1, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_struct_ck_date(struct ck_date * _c1, camlidl_ctx _ctx) #endif { value _v2; value _v3[3]; mlsize_t _c4; mlsize_t _c5; mlsize_t _c6; _v3[0] = _v3[1] = _v3[2] = 0; /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_v3, 3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v3[0] = camlidl_alloc_small(4, 0); for (_c4 = 0; _c4 < 4; _c4++) { Field(_v3[0], _c4) = Val_int((*_c1).year[_c4]); } _v3[1] = camlidl_alloc_small(2, 0); for (_c5 = 0; _c5 < 2; _c5++) { Field(_v3[1], _c5) = Val_int((*_c1).month[_c5]); } _v3[2] = camlidl_alloc_small(2, 0); for (_c6 = 0; _c6 < 2; _c6++) { Field(_v3[2], _c6) = Val_int((*_c1).day[_c6]); } _v2 = camlidl_alloc_small(3, 0); Field(_v2, 0) = _v3[0]; Field(_v2, 1) = _v3[1]; Field(_v2, 2) = _v3[2]; End_roots(); return _v2; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_mechanism_type_t(value _v1, ck_mechanism_type_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_mechanism_type_t(value _v1, ck_mechanism_type_t * _c2, camlidl_ctx _ctx) #endif { /* To handle OCaml client RPC layer int64 format */ (*_c2) = custom_int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_mechanism_type_t(ck_mechanism_type_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_mechanism_type_t(ck_mechanism_type_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = custom_copy_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_struct_ck_mechanism(value _v1, struct ck_mechanism * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_struct_ck_mechanism(value _v1, struct ck_mechanism * _c2, camlidl_ctx _ctx) #endif { value _v3; value _v4; mlsize_t _c5; mlsize_t _c6; value _v7; _v3 = Field(_v1, 0); camlidl_ml2c_pkcs11_ck_mechanism_type_t(_v3, &(*_c2).mechanism, _ctx); _v4 = Field(_v1, 1); _c5 = Wosize_val(_v4); (*_c2).parameter = camlidl_malloc(_c5 * sizeof(char ), _ctx); for (_c6 = 0; _c6 < _c5; _c6++) { _v7 = Field(_v4, _c6); (*_c2).parameter[_c6] = Int_val(_v7); } (*_c2).parameter_len = _c5; } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_struct_ck_mechanism(struct ck_mechanism * _c1, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_struct_ck_mechanism(struct ck_mechanism * _c1, camlidl_ctx _ctx) #endif { value _v2; value _v3[2]; mlsize_t _c4; value _v5; _v3[0] = _v3[1] = 0; /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_v3, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v3[0] = camlidl_c2ml_pkcs11_ck_mechanism_type_t(&(*_c1).mechanism, _ctx); _v3[1] = camlidl_alloc((*_c1).parameter_len, 0); for (_c4 = 0; _c4 < (*_c1).parameter_len; _c4++) { _v5 = Val_int((unsigned char)((*_c1).parameter[_c4])); modify(&Field(_v3[1], _c4), _v5); } _v2 = camlidl_alloc_small(2, 0); Field(_v2, 0) = _v3[0]; Field(_v2, 1) = _v3[1]; End_roots(); return _v2; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_struct_ck_mechanism_info(value _v1, struct ck_mechanism_info * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_struct_ck_mechanism_info(value _v1, struct ck_mechanism_info * _c2, camlidl_ctx _ctx) #endif { value _v3; value _v4; value _v5; _v3 = Field(_v1, 0); /* To handle OCaml client RPC layer int64 format */ (*_c2).min_key_size = custom_int_val(_v3); _v4 = Field(_v1, 1); /* To handle OCaml client RPC layer int64 format */ (*_c2).max_key_size = custom_int_val(_v4); _v5 = Field(_v1, 2); camlidl_ml2c_pkcs11_ck_flags_t(_v5, &(*_c2).flags, _ctx); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_struct_ck_mechanism_info(struct ck_mechanism_info * _c1, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_struct_ck_mechanism_info(struct ck_mechanism_info * _c1, camlidl_ctx _ctx) #endif { value _v2; value _v3[3]; _v3[0] = _v3[1] = _v3[2] = 0; /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_v3, 3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v3[0] = custom_copy_int((*_c1).min_key_size); _v3[1] = custom_copy_int((*_c1).max_key_size); _v3[2] = camlidl_c2ml_pkcs11_ck_flags_t(&(*_c1).flags, _ctx); _v2 = camlidl_alloc_small(3, 0); Field(_v2, 0) = _v3[0]; Field(_v2, 1) = _v3[1]; Field(_v2, 2) = _v3[2]; End_roots(); return _v2; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_BYTE(value _v1, CK_BYTE * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_BYTE(value _v1, CK_BYTE * _c2, camlidl_ctx _ctx) #endif { (*_c2) = Int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_BYTE(CK_BYTE * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_BYTE(CK_BYTE * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = Val_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_CHAR(value _v1, CK_CHAR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_CHAR(value _v1, CK_CHAR * _c2, camlidl_ctx _ctx) #endif { (*_c2) = Int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_CHAR(CK_CHAR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_CHAR(CK_CHAR * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = Val_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_UTF8CHAR(value _v1, CK_UTF8CHAR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_UTF8CHAR(value _v1, CK_UTF8CHAR * _c2, camlidl_ctx _ctx) #endif { (*_c2) = Int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_UTF8CHAR(CK_UTF8CHAR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_UTF8CHAR(CK_UTF8CHAR * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = Val_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_BBOOL(value _v1, CK_BBOOL * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_BBOOL(value _v1, CK_BBOOL * _c2, camlidl_ctx _ctx) #endif { (*_c2) = Int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_BBOOL(CK_BBOOL * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_BBOOL(CK_BBOOL * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = Val_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_ULONG(value _v1, CK_ULONG * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_ULONG(value _v1, CK_ULONG * _c2, camlidl_ctx _ctx) #endif { /* To handle OCaml client RPC layer int64 format */ (*_c2) = custom_int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_ULONG(CK_ULONG * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_ULONG(CK_ULONG * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = custom_copy_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_LONG(value _v1, CK_LONG * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_LONG(value _v1, CK_LONG * _c2, camlidl_ctx _ctx) #endif { /* To handle OCaml client RPC layer int64 format */ (*_c2) = custom_int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_LONG(CK_LONG * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_LONG(CK_LONG * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = custom_copy_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_BYTE_PTR(value _v1, CK_BYTE_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_BYTE_PTR(value _v1, CK_BYTE_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (CK_BYTE *) camlidl_malloc(sizeof(CK_BYTE ), _ctx); camlidl_ml2c_pkcs11_CK_BYTE(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_BYTE_PTR(CK_BYTE_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_BYTE_PTR(CK_BYTE_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_CK_BYTE(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_CHAR_PTR(value _v1, CK_CHAR_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_CHAR_PTR(value _v1, CK_CHAR_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (CK_CHAR *) camlidl_malloc(sizeof(CK_CHAR ), _ctx); camlidl_ml2c_pkcs11_CK_CHAR(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_CHAR_PTR(CK_CHAR_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_CHAR_PTR(CK_CHAR_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_CK_CHAR(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_UTF8CHAR_PTR(value _v1, CK_UTF8CHAR_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_UTF8CHAR_PTR(value _v1, CK_UTF8CHAR_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (CK_UTF8CHAR *) camlidl_malloc(sizeof(CK_UTF8CHAR ), _ctx); camlidl_ml2c_pkcs11_CK_UTF8CHAR(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_UTF8CHAR_PTR(CK_UTF8CHAR_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_UTF8CHAR_PTR(CK_UTF8CHAR_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_CK_UTF8CHAR(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_ULONG_PTR(value _v1, CK_ULONG_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_ULONG_PTR(value _v1, CK_ULONG_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (CK_ULONG *) camlidl_malloc(sizeof(CK_ULONG ), _ctx); camlidl_ml2c_pkcs11_CK_ULONG(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_ULONG_PTR(CK_ULONG_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_ULONG_PTR(CK_ULONG_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_CK_ULONG(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_VERSION(value _v1, CK_VERSION * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_VERSION(value _v1, CK_VERSION * _c2, camlidl_ctx _ctx) #endif { camlidl_ml2c_pkcs11_struct_ck_version(_v1, &(*_c2), _ctx); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_VERSION(CK_VERSION * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_VERSION(CK_VERSION * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = camlidl_c2ml_pkcs11_struct_ck_version(&(*_c2), _ctx); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_VERSION_PTR(value _v1, CK_VERSION_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_VERSION_PTR(value _v1, CK_VERSION_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (struct ck_version *) camlidl_malloc(sizeof(struct ck_version ), _ctx); camlidl_ml2c_pkcs11_struct_ck_version(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_VERSION_PTR(CK_VERSION_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_VERSION_PTR(CK_VERSION_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_struct_ck_version(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_INFO(value _v1, CK_INFO * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_INFO(value _v1, CK_INFO * _c2, camlidl_ctx _ctx) #endif { camlidl_ml2c_pkcs11_struct_ck_info(_v1, &(*_c2), _ctx); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_INFO(CK_INFO * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_INFO(CK_INFO * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = camlidl_c2ml_pkcs11_struct_ck_info(&(*_c2), _ctx); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_INFO_PTR(value _v1, CK_INFO_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_INFO_PTR(value _v1, CK_INFO_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (struct ck_info *) camlidl_malloc(sizeof(struct ck_info ), _ctx); camlidl_ml2c_pkcs11_struct_ck_info(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_INFO_PTR(CK_INFO_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_INFO_PTR(CK_INFO_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_struct_ck_info(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_SLOT_ID_PTR(value _v1, CK_SLOT_ID_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_SLOT_ID_PTR(value _v1, CK_SLOT_ID_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (ck_slot_id_t *) camlidl_malloc(sizeof(ck_slot_id_t ), _ctx); camlidl_ml2c_pkcs11_ck_slot_id_t(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_SLOT_ID_PTR(CK_SLOT_ID_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_SLOT_ID_PTR(CK_SLOT_ID_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_ck_slot_id_t(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_SLOT_INFO(value _v1, CK_SLOT_INFO * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_SLOT_INFO(value _v1, CK_SLOT_INFO * _c2, camlidl_ctx _ctx) #endif { camlidl_ml2c_pkcs11_struct_ck_slot_info(_v1, &(*_c2), _ctx); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_SLOT_INFO(CK_SLOT_INFO * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_SLOT_INFO(CK_SLOT_INFO * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = camlidl_c2ml_pkcs11_struct_ck_slot_info(&(*_c2), _ctx); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_SLOT_INFO_PTR(value _v1, CK_SLOT_INFO_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_SLOT_INFO_PTR(value _v1, CK_SLOT_INFO_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (struct ck_slot_info *) camlidl_malloc(sizeof(struct ck_slot_info ), _ctx); camlidl_ml2c_pkcs11_struct_ck_slot_info(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_SLOT_INFO_PTR(CK_SLOT_INFO_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_SLOT_INFO_PTR(CK_SLOT_INFO_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_struct_ck_slot_info(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_TOKEN_INFO(value _v1, CK_TOKEN_INFO * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_TOKEN_INFO(value _v1, CK_TOKEN_INFO * _c2, camlidl_ctx _ctx) #endif { camlidl_ml2c_pkcs11_struct_ck_token_info(_v1, &(*_c2), _ctx); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_TOKEN_INFO(CK_TOKEN_INFO * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_TOKEN_INFO(CK_TOKEN_INFO * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = camlidl_c2ml_pkcs11_struct_ck_token_info(&(*_c2), _ctx); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_TOKEN_INFO_PTR(value _v1, CK_TOKEN_INFO_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_TOKEN_INFO_PTR(value _v1, CK_TOKEN_INFO_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (struct ck_token_info *) camlidl_malloc(sizeof(struct ck_token_info ), _ctx); camlidl_ml2c_pkcs11_struct_ck_token_info(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_TOKEN_INFO_PTR(CK_TOKEN_INFO_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_TOKEN_INFO_PTR(CK_TOKEN_INFO_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_struct_ck_token_info(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_SESSION_HANDLE_PTR(value _v1, CK_SESSION_HANDLE_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_SESSION_HANDLE_PTR(value _v1, CK_SESSION_HANDLE_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (ck_session_handle_t *) camlidl_malloc(sizeof(ck_session_handle_t ), _ctx); camlidl_ml2c_pkcs11_ck_session_handle_t(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_SESSION_HANDLE_PTR(CK_SESSION_HANDLE_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_SESSION_HANDLE_PTR(CK_SESSION_HANDLE_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_ck_session_handle_t(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_SESSION_INFO(value _v1, CK_SESSION_INFO * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_SESSION_INFO(value _v1, CK_SESSION_INFO * _c2, camlidl_ctx _ctx) #endif { camlidl_ml2c_pkcs11_struct_ck_session_info(_v1, &(*_c2), _ctx); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_SESSION_INFO(CK_SESSION_INFO * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_SESSION_INFO(CK_SESSION_INFO * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = camlidl_c2ml_pkcs11_struct_ck_session_info(&(*_c2), _ctx); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_SESSION_INFO_PTR(value _v1, CK_SESSION_INFO_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_SESSION_INFO_PTR(value _v1, CK_SESSION_INFO_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (struct ck_session_info *) camlidl_malloc(sizeof(struct ck_session_info ), _ctx); camlidl_ml2c_pkcs11_struct_ck_session_info(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_SESSION_INFO_PTR(CK_SESSION_INFO_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_SESSION_INFO_PTR(CK_SESSION_INFO_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_struct_ck_session_info(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_OBJECT_HANDLE_PTR(value _v1, CK_OBJECT_HANDLE_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_OBJECT_HANDLE_PTR(value _v1, CK_OBJECT_HANDLE_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (ck_object_handle_t *) camlidl_malloc(sizeof(ck_object_handle_t ), _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_OBJECT_HANDLE_PTR(CK_OBJECT_HANDLE_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_OBJECT_HANDLE_PTR(CK_OBJECT_HANDLE_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_ck_object_handle_t(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_OBJECT_CLASS_PTR(value _v1, CK_OBJECT_CLASS_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_OBJECT_CLASS_PTR(value _v1, CK_OBJECT_CLASS_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (ck_object_class_t *) camlidl_malloc(sizeof(ck_object_class_t ), _ctx); camlidl_ml2c_pkcs11_ck_object_class_t(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_OBJECT_CLASS_PTR(CK_OBJECT_CLASS_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_OBJECT_CLASS_PTR(CK_OBJECT_CLASS_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_ck_object_class_t(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_ATTRIBUTE(value _v1, CK_ATTRIBUTE * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_ATTRIBUTE(value _v1, CK_ATTRIBUTE * _c2, camlidl_ctx _ctx) #endif { camlidl_ml2c_pkcs11_struct_ck_attribute(_v1, &(*_c2), _ctx); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_ATTRIBUTE(CK_ATTRIBUTE * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_ATTRIBUTE(CK_ATTRIBUTE * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = camlidl_c2ml_pkcs11_struct_ck_attribute(&(*_c2), _ctx); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_ATTRIBUTE_PTR(value _v1, CK_ATTRIBUTE_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_ATTRIBUTE_PTR(value _v1, CK_ATTRIBUTE_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (struct ck_attribute *) camlidl_malloc(sizeof(struct ck_attribute ), _ctx); camlidl_ml2c_pkcs11_struct_ck_attribute(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_ATTRIBUTE_PTR(CK_ATTRIBUTE_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_ATTRIBUTE_PTR(CK_ATTRIBUTE_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_struct_ck_attribute(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_DATE(value _v1, CK_DATE * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_DATE(value _v1, CK_DATE * _c2, camlidl_ctx _ctx) #endif { camlidl_ml2c_pkcs11_struct_ck_date(_v1, &(*_c2), _ctx); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_DATE(CK_DATE * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_DATE(CK_DATE * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = camlidl_c2ml_pkcs11_struct_ck_date(&(*_c2), _ctx); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_DATE_PTR(value _v1, CK_DATE_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_DATE_PTR(value _v1, CK_DATE_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (struct ck_date *) camlidl_malloc(sizeof(struct ck_date ), _ctx); camlidl_ml2c_pkcs11_struct_ck_date(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_DATE_PTR(CK_DATE_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_DATE_PTR(CK_DATE_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_struct_ck_date(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_MECHANISM_TYPE_PTR(value _v1, CK_MECHANISM_TYPE_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_MECHANISM_TYPE_PTR(value _v1, CK_MECHANISM_TYPE_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (ck_mechanism_type_t *) camlidl_malloc(sizeof(ck_mechanism_type_t ), _ctx); camlidl_ml2c_pkcs11_ck_mechanism_type_t(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_MECHANISM_TYPE_PTR(CK_MECHANISM_TYPE_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_MECHANISM_TYPE_PTR(CK_MECHANISM_TYPE_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_ck_mechanism_type_t(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_MECHANISM(value _v1, CK_MECHANISM * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_MECHANISM(value _v1, CK_MECHANISM * _c2, camlidl_ctx _ctx) #endif { camlidl_ml2c_pkcs11_struct_ck_mechanism(_v1, &(*_c2), _ctx); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_MECHANISM(CK_MECHANISM * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_MECHANISM(CK_MECHANISM * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = camlidl_c2ml_pkcs11_struct_ck_mechanism(&(*_c2), _ctx); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_MECHANISM_PTR(value _v1, CK_MECHANISM_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_MECHANISM_PTR(value _v1, CK_MECHANISM_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (struct ck_mechanism *) camlidl_malloc(sizeof(struct ck_mechanism ), _ctx); camlidl_ml2c_pkcs11_struct_ck_mechanism(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_MECHANISM_PTR(CK_MECHANISM_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_MECHANISM_PTR(CK_MECHANISM_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_struct_ck_mechanism(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_MECHANISM_INFO(value _v1, CK_MECHANISM_INFO * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_MECHANISM_INFO(value _v1, CK_MECHANISM_INFO * _c2, camlidl_ctx _ctx) #endif { camlidl_ml2c_pkcs11_struct_ck_mechanism_info(_v1, &(*_c2), _ctx); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_MECHANISM_INFO(CK_MECHANISM_INFO * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_MECHANISM_INFO(CK_MECHANISM_INFO * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = camlidl_c2ml_pkcs11_struct_ck_mechanism_info(&(*_c2), _ctx); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_MECHANISM_INFO_PTR(value _v1, CK_MECHANISM_INFO_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_MECHANISM_INFO_PTR(value _v1, CK_MECHANISM_INFO_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (struct ck_mechanism_info *) camlidl_malloc(sizeof(struct ck_mechanism_info ), _ctx); camlidl_ml2c_pkcs11_struct_ck_mechanism_info(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_MECHANISM_INFO_PTR(CK_MECHANISM_INFO_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_MECHANISM_INFO_PTR(CK_MECHANISM_INFO_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_struct_ck_mechanism_info(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } extern void camlidl_ml2c_pkcs11_struct_ck_c_initialize_args(value, struct ck_c_initialize_args *, camlidl_ctx _ctx); extern value camlidl_c2ml_pkcs11_struct_ck_c_initialize_args(struct ck_c_initialize_args *, camlidl_ctx _ctx); #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_C_INITIALIZE_ARGS(value _v1, CK_C_INITIALIZE_ARGS * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_C_INITIALIZE_ARGS(value _v1, CK_C_INITIALIZE_ARGS * _c2, camlidl_ctx _ctx) #endif { camlidl_ml2c_pkcs11_struct_ck_c_initialize_args(_v1, &(*_c2), _ctx); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_C_INITIALIZE_ARGS(CK_C_INITIALIZE_ARGS * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_C_INITIALIZE_ARGS(CK_C_INITIALIZE_ARGS * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = camlidl_c2ml_pkcs11_struct_ck_c_initialize_args(&(*_c2), _ctx); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_CK_C_INITIALIZE_ARGS_PTR(value _v1, CK_C_INITIALIZE_ARGS_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_CK_C_INITIALIZE_ARGS_PTR(value _v1, CK_C_INITIALIZE_ARGS_PTR * _c2, camlidl_ctx _ctx) #endif { value _v3; if (_v1 == Val_int(0)) { (*_c2) = NULL; } else { _v3 = Field(_v1, 0); (*_c2) = (struct ck_c_initialize_args *) camlidl_malloc(sizeof(struct ck_c_initialize_args ), _ctx); camlidl_ml2c_pkcs11_struct_ck_c_initialize_args(_v3, &*(*_c2), _ctx); } } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_CK_C_INITIALIZE_ARGS_PTR(CK_C_INITIALIZE_ARGS_PTR * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_CK_C_INITIALIZE_ARGS_PTR(CK_C_INITIALIZE_ARGS_PTR * _c2, camlidl_ctx _ctx) #endif { value _v1; value _v3; if ((*_c2) == NULL) { _v1 = Val_int(0); } else { _v3 = camlidl_c2ml_pkcs11_struct_ck_c_initialize_args(&*(*_c2), _ctx); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_v3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v1 = camlidl_alloc_small(1, 0); Field(_v1, 0) = _v3; End_roots(); } return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_rv_t(value _v1, ck_rv_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_rv_t(value _v1, ck_rv_t * _c2, camlidl_ctx _ctx) #endif { /* To handle OCaml client RPC layer int64 format */ (*_c2) = custom_int_val(_v1); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_rv_t(ck_rv_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_rv_t(ck_rv_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = custom_copy_int((*_c2)); return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_createmutex_t(value _v1, ck_createmutex_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_createmutex_t(value _v1, ck_createmutex_t * _c2, camlidl_ctx _ctx) #endif { *_c2 = *((ck_createmutex_t *) Bp_val(_v1)); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_createmutex_t(ck_createmutex_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_createmutex_t(ck_createmutex_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = camlidl_alloc((sizeof(ck_createmutex_t) + sizeof(value) - 1) / sizeof(value), Abstract_tag); *((ck_createmutex_t *) Bp_val(_v1)) = *_c2; return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_destroymutex_t(value _v1, ck_destroymutex_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_destroymutex_t(value _v1, ck_destroymutex_t * _c2, camlidl_ctx _ctx) #endif { *_c2 = *((ck_destroymutex_t *) Bp_val(_v1)); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_destroymutex_t(ck_destroymutex_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_destroymutex_t(ck_destroymutex_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = camlidl_alloc((sizeof(ck_destroymutex_t) + sizeof(value) - 1) / sizeof(value), Abstract_tag); *((ck_destroymutex_t *) Bp_val(_v1)) = *_c2; return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_lockmutex_t(value _v1, ck_lockmutex_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_lockmutex_t(value _v1, ck_lockmutex_t * _c2, camlidl_ctx _ctx) #endif { *_c2 = *((ck_lockmutex_t *) Bp_val(_v1)); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_lockmutex_t(ck_lockmutex_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_lockmutex_t(ck_lockmutex_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = camlidl_alloc((sizeof(ck_lockmutex_t) + sizeof(value) - 1) / sizeof(value), Abstract_tag); *((ck_lockmutex_t *) Bp_val(_v1)) = *_c2; return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_ck_unlockmutex_t(value _v1, ck_unlockmutex_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_ck_unlockmutex_t(value _v1, ck_unlockmutex_t * _c2, camlidl_ctx _ctx) #endif { *_c2 = *((ck_unlockmutex_t *) Bp_val(_v1)); } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_ck_unlockmutex_t(ck_unlockmutex_t * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_ck_unlockmutex_t(ck_unlockmutex_t * _c2, camlidl_ctx _ctx) #endif { value _v1; _v1 = camlidl_alloc((sizeof(ck_unlockmutex_t) + sizeof(value) - 1) / sizeof(value), Abstract_tag); *((ck_unlockmutex_t *) Bp_val(_v1)) = *_c2; return _v1; } #ifdef __GNUC__ void camlidl_ml2c_pkcs11_struct_ck_c_initialize_args(value _v1, struct ck_c_initialize_args * _c2, __attribute__((unused)) camlidl_ctx _ctx) #else void camlidl_ml2c_pkcs11_struct_ck_c_initialize_args(value _v1, struct ck_c_initialize_args * _c2, camlidl_ctx _ctx) #endif { value _v3; value _v4; value _v5; value _v6; value _v7; _v3 = Field(_v1, 0); camlidl_ml2c_pkcs11_ck_createmutex_t(_v3, &(*_c2).create_mutex, _ctx); _v4 = Field(_v1, 1); camlidl_ml2c_pkcs11_ck_destroymutex_t(_v4, &(*_c2).destroy_mutex, _ctx); _v5 = Field(_v1, 2); camlidl_ml2c_pkcs11_ck_lockmutex_t(_v5, &(*_c2).lock_mutex, _ctx); _v6 = Field(_v1, 3); camlidl_ml2c_pkcs11_ck_unlockmutex_t(_v6, &(*_c2).unlock_mutex, _ctx); _v7 = Field(_v1, 4); camlidl_ml2c_pkcs11_ck_flags_t(_v7, &(*_c2).flags, _ctx); (*_c2).reserved = NULL; } #ifdef __GNUC__ value camlidl_c2ml_pkcs11_struct_ck_c_initialize_args(struct ck_c_initialize_args * _c1, __attribute__((unused)) camlidl_ctx _ctx) #else value camlidl_c2ml_pkcs11_struct_ck_c_initialize_args(struct ck_c_initialize_args * _c1, camlidl_ctx _ctx) #endif { value _v2; value _v3[5]; memset(_v3, 0, 5 * sizeof(value)); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_v3, 5); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _v3[0] = camlidl_c2ml_pkcs11_ck_createmutex_t(&(*_c1).create_mutex, _ctx); _v3[1] = camlidl_c2ml_pkcs11_ck_destroymutex_t(&(*_c1).destroy_mutex, _ctx); _v3[2] = camlidl_c2ml_pkcs11_ck_lockmutex_t(&(*_c1).lock_mutex, _ctx); _v3[3] = camlidl_c2ml_pkcs11_ck_unlockmutex_t(&(*_c1).unlock_mutex, _ctx); _v3[4] = camlidl_c2ml_pkcs11_ck_flags_t(&(*_c1).flags, _ctx); _v2 = camlidl_alloc_small(5, 0); { mlsize_t _c4; for (_c4 = 0; _c4 < 5; _c4++) Field(_v2, _c4) = _v3[_c4]; } End_roots(); return _v2; } #define MAX_BUFF_LEN 16384 #define CKR_OK (0UL) value camlidl_pkcs11_ML_CK_C_Daemonize( value _v_param) { unsigned char *param; /*in*/ unsigned long param_len; /*in*/ ck_rv_t _res; mlsize_t _c1; mlsize_t _c2; value _v3; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; _c1 = Wosize_val(_v_param); param = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_param, _c2); param[_c2] = Int_val(_v3); } param_len = _c1; _res = ML_CK_C_Daemonize(param, param_len); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_SetupArch( value _v_arch) { unsigned int arch; /*in*/ ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; /* To handle OCaml client RPC layer int64 format */ arch = custom_int_val(_v_arch); /* Check if SetupArch was previously called, if so, return -1 */ if (peer_arch != NOT_INITIALIZED) { #ifdef DEBUG fprintf(stderr, "Multiple C_SetupArch calls is invalid, ignoring\n"); #endif _res = -1; _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } _res = ML_CK_C_SetupArch(arch);/* Initialize local architecture */ if (_res != UNSUPPORTED_ARCHITECTURE) { peer_arch = arch; my_arch = _res; } _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_LoadModule( value _v_libname) { unsigned char *libname; /*in*/ ck_rv_t _res; mlsize_t _c1; mlsize_t _c2; value _v3; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; _c1 = Wosize_val(_v_libname); libname = camlidl_malloc((_c1 + 1) * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_libname, _c2); libname[_c2] = Int_val(_v3); } libname[_c1] = 0; #ifdef SERVER_ROLE /* Check if LoadModule was previously called, if so, return -1 */ if (module_loaded != NOT_INITIALIZED) { #ifdef DEBUG fprintf(stderr, "Multiple C_LoadModule calls is invalid, ignoring\n"); #endif _res = -1; _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } #endif _res = ML_CK_C_LoadModule(libname); #ifdef SERVER_ROLE if (_res == CKR_OK) { module_loaded = CKR_OK; } #endif _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } #ifdef __GNUC__ value camlidl_pkcs11_ML_CK_C_Initialize(__attribute__((unused))value _unit) #else value camlidl_pkcs11_ML_CK_C_Initialize(value _unit) #endif { ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; _res = ML_CK_C_Initialize(); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } #ifdef __GNUC__ value camlidl_pkcs11_ML_CK_C_Finalize(__attribute__((unused))value _unit) #else value camlidl_pkcs11_ML_CK_C_Finalize(value _unit) #endif { ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; _res = ML_CK_C_Finalize(); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_GetSlotList( value _v_token_present, value _v_count) { unsigned long slots_to_cpy = 0; unsigned int token_present; /*in*/ ck_slot_id_t *slot_list; /*out*/ unsigned long count; /*in*/ unsigned long *real_count; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; unsigned long _c1; mlsize_t _c2; value _v3; value _vresult; value _vres[3] = { 0, 0, 0, }; /* To handle OCaml client RPC layer int64 format */ token_present = custom_int_val(_v_token_present); /* To handle OCaml client RPC layer int64 format */ count = custom_int_val(_v_count); slot_list = camlidl_malloc(count * sizeof(ck_slot_id_t ), _ctx); real_count = &_c1; _res = ML_CK_C_GetSlotList(token_present, slot_list, count, real_count); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); /* If we have got an error from PKCS#11 functions */ /* we return an empty array to the caml side */ if (_res != CKR_OK) { count = 0; } if (count > *real_count) { _vres[1] = camlidl_alloc(*real_count, 0); slots_to_cpy = *real_count; } else { _vres[1] = camlidl_alloc(count, 0); slots_to_cpy = count; } /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_vres[1]); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif for(_c2 = 0;_c2 < slots_to_cpy;_c2++) { _v3 = camlidl_c2ml_pkcs11_ck_slot_id_t(&slot_list[_c2], _ctx); modify(&Field(_vres[1], _c2), _v3); } End_roots(); /* To handle OCaml client RPC layer int64 format */ _vres[2] = custom_copy_int(*real_count); _vresult = camlidl_alloc_small(3, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; Field(_vresult, 2) = _vres[2]; End_roots(); camlidl_free(_ctx); return _vresult; } #ifdef __GNUC__ value camlidl_pkcs11_ML_CK_C_GetInfo(__attribute__((unused))value _unit) #else value camlidl_pkcs11_ML_CK_C_GetInfo(value _unit) #endif { struct ck_info *info; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; struct ck_info _c1; value _vresult; value _vres[2] = { 0, 0, }; info = &_c1; _res = ML_CK_C_GetInfo(info); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_c2ml_pkcs11_struct_ck_info(&*info, _ctx); _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_WaitForSlotEvent( value _v_flags) { ck_flags_t flags; /*in*/ ck_slot_id_t *slot_id; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; ck_slot_id_t _c1; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_flags_t(_v_flags, &flags, _ctx); slot_id = &_c1; _res = ML_CK_C_WaitForSlotEvent(flags, slot_id); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_c2ml_pkcs11_ck_slot_id_t(&*slot_id, _ctx); _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_GetSlotInfo( value _v_slot_id) { ck_slot_id_t slot_id; /*in*/ struct ck_slot_info *info; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; struct ck_slot_info _c1; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_slot_id_t(_v_slot_id, &slot_id, _ctx); info = &_c1; _res = ML_CK_C_GetSlotInfo(slot_id, info); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_c2ml_pkcs11_struct_ck_slot_info(&*info, _ctx); _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_GetTokenInfo( value _v_slot_id) { ck_slot_id_t slot_id; /*in*/ struct ck_token_info *info; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; struct ck_token_info _c1; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_slot_id_t(_v_slot_id, &slot_id, _ctx); info = &_c1; _res = ML_CK_C_GetTokenInfo(slot_id, info); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_c2ml_pkcs11_struct_ck_token_info(&*info, _ctx); _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_InitToken( value _v_slot_id, value _v_pin, value _v_label) { ck_slot_id_t slot_id; /*in*/ unsigned char *pin; /*in*/ unsigned long pin_len; /*in*/ unsigned char *label; /*in*/ ck_rv_t _res; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; mlsize_t _c5; value _v6; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_slot_id_t(_v_slot_id, &slot_id, _ctx); _c1 = Wosize_val(_v_pin); pin = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_pin, _c2); pin[_c2] = Int_val(_v3); } pin_len = _c1; _c4 = Wosize_val(_v_label); label = camlidl_malloc((_c4 + 1) * sizeof(unsigned char ), _ctx); for (_c5 = 0; _c5 < _c4; _c5++) { _v6 = Field(_v_label, _c5); label[_c5] = Int_val(_v6); } label[_c4] = 0; _res = ML_CK_C_InitToken(slot_id, pin, pin_len, label); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_OpenSession( value _v_slot_id, value _v_flags) { ck_slot_id_t slot_id; /*in*/ ck_flags_t flags; /*in*/ ck_session_handle_t *session; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; ck_session_handle_t _c1; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_slot_id_t(_v_slot_id, &slot_id, _ctx); camlidl_ml2c_pkcs11_ck_flags_t(_v_flags, &flags, _ctx); session = &_c1; _res = ML_CK_C_OpenSession(slot_id, flags, session); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_c2ml_pkcs11_ck_session_handle_t(&*session, _ctx); _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_CloseSession( value _v_session) { ck_session_handle_t session; /*in*/ ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _res = ML_CK_C_CloseSession(session); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_CloseAllSessions( value _v_slot_id) { ck_slot_id_t slot_id; /*in*/ ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_slot_id_t(_v_slot_id, &slot_id, _ctx); _res = ML_CK_C_CloseAllSessions(slot_id); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_GetSessionInfo( value _v_session) { ck_session_handle_t session; /*in*/ struct ck_session_info *info; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; struct ck_session_info _c1; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); info = &_c1; _res = ML_CK_C_GetSessionInfo(session, info); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_c2ml_pkcs11_struct_ck_session_info(&*info, _ctx); _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_Login( value _v_session, value _v_user_type, value _v_pin) { ck_session_handle_t session; /*in*/ ck_user_type_t user_type; /*in*/ unsigned char *pin; /*in*/ unsigned long pin_len; /*in*/ ck_rv_t _res; mlsize_t _c1; mlsize_t _c2; value _v3; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_ck_user_type_t(_v_user_type, &user_type, _ctx); _c1 = Wosize_val(_v_pin); pin = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_pin, _c2); pin[_c2] = Int_val(_v3); } pin_len = _c1; _res = ML_CK_C_Login(session, user_type, pin, pin_len); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_Logout( value _v_session) { ck_session_handle_t session; /*in*/ ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _res = ML_CK_C_Logout(session); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_GetMechanismList( value _v_slot_id, value _v_count) { unsigned long mech_to_cpy = 0; ck_slot_id_t slot_id; /*in*/ ck_mechanism_type_t *mechanism_list; /*out*/ unsigned long count; /*in*/ unsigned long *real_count; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; unsigned long _c1; mlsize_t _c2; value _v3; value _vresult; value _vres[3] = { 0, 0, 0, }; camlidl_ml2c_pkcs11_ck_slot_id_t(_v_slot_id, &slot_id, _ctx); /* To handle OCaml client RPC layer int64 format */ count = custom_int_val(_v_count); mechanism_list = camlidl_malloc(count * sizeof(ck_mechanism_type_t ), _ctx); real_count = &_c1; _res = ML_CK_C_GetMechanismList(slot_id, mechanism_list, count, real_count); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); /* If we have got an error from PKCS#11 functions */ /* we return an empty array to the caml side */ if (_res != CKR_OK) { count = 0; } if (count > *real_count) { _vres[1] = camlidl_alloc(*real_count, 0); mech_to_cpy = *real_count; } else { _vres[1] = camlidl_alloc(count, 0); mech_to_cpy = count; } /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_vres[1]); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif for(_c2 = 0;_c2 < mech_to_cpy;_c2++) { _v3 = camlidl_c2ml_pkcs11_ck_mechanism_type_t(&mechanism_list[_c2], _ctx); modify(&Field(_vres[1], _c2), _v3); } End_roots(); /* To handle OCaml client RPC layer int64 format */ _vres[2] = custom_copy_int(*real_count); _vresult = camlidl_alloc_small(3, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; Field(_vresult, 2) = _vres[2]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_GetMechanismInfo( value _v_slot_id, value _v_mechanism) { ck_slot_id_t slot_id; /*in*/ ck_mechanism_type_t mechanism; /*in*/ struct ck_mechanism_info *info; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; struct ck_mechanism_info _c1; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_slot_id_t(_v_slot_id, &slot_id, _ctx); camlidl_ml2c_pkcs11_ck_mechanism_type_t(_v_mechanism, &mechanism, _ctx); info = &_c1; _res = ML_CK_C_GetMechanismInfo(slot_id, mechanism, info); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_c2ml_pkcs11_struct_ck_mechanism_info(&*info, _ctx); _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_InitPIN( value _v_session, value _v_pin) { ck_session_handle_t session; /*in*/ unsigned char *pin; /*in*/ unsigned long pin_len; /*in*/ ck_rv_t _res; mlsize_t _c1; mlsize_t _c2; value _v3; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_pin); pin = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_pin, _c2); pin[_c2] = Int_val(_v3); } pin_len = _c1; _res = ML_CK_C_InitPIN(session, pin, pin_len); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_SetPIN( value _v_session, value _v_old_pin, value _v_new_pin) { ck_session_handle_t session; /*in*/ unsigned char *old_pin; /*in*/ unsigned long old_pin_len; /*in*/ unsigned char *new_pin; /*in*/ unsigned long new_pin_len; /*in*/ ck_rv_t _res; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; mlsize_t _c5; value _v6; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_old_pin); old_pin = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_old_pin, _c2); old_pin[_c2] = Int_val(_v3); } old_pin_len = _c1; _c4 = Wosize_val(_v_new_pin); new_pin = camlidl_malloc(_c4 * sizeof(unsigned char ), _ctx); for (_c5 = 0; _c5 < _c4; _c5++) { _v6 = Field(_v_new_pin, _c5); new_pin[_c5] = Int_val(_v6); } new_pin_len = _c4; _res = ML_CK_C_SetPIN(session, old_pin, old_pin_len, new_pin, new_pin_len); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_SeedRandom( value _v_session, value _v_seed) { ck_session_handle_t session; /*in*/ unsigned char *seed; /*in*/ unsigned long seed_len; /*in*/ ck_rv_t _res; mlsize_t _c1; mlsize_t _c2; value _v3; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_seed); seed = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_seed, _c2); seed[_c2] = Int_val(_v3); } seed_len = _c1; _res = ML_CK_C_SeedRandom(session, seed, seed_len); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_GenerateRandom( value _v_session, value _v_rand_len) { ck_session_handle_t session; /*in*/ unsigned char *rand_value; /*out*/ unsigned long rand_len; /*in*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; value _v2; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); /* To handle OCaml client RPC layer int64 format */ rand_len = custom_int_val(_v_rand_len); rand_value = camlidl_malloc(rand_len * sizeof(unsigned char ), _ctx); _res = ML_CK_C_GenerateRandom(session, rand_value, rand_len);/* If for some reason the function fails, return an empty array */ if (_res != CKR_OK) { rand_len = 0; } /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(rand_len, 0); for (_c1 = 0; _c1 < rand_len; _c1++) { _v2 = Val_int(rand_value[_c1]); modify(&Field(_vres[1], _c1), _v2); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_FindObjectsInit( value _v_session, value _v_templ) { ck_session_handle_t session; /*in*/ struct ck_attribute *templ; /*in*/ unsigned long count; /*in*/ ck_rv_t _res; mlsize_t _c1; mlsize_t _c2; value _v3; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_templ); templ = camlidl_malloc(_c1 * sizeof(struct ck_attribute ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_templ, _c2); camlidl_ml2c_pkcs11_struct_ck_attribute(_v3, &templ[_c2], _ctx); } count = _c1; _res = ML_CK_C_FindObjectsInit(session, templ, count); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_FindObjects( value _v_session, value _v_max_object_count) { ck_session_handle_t session; /*in*/ ck_object_handle_t *object; /*out*/ unsigned long max_object_count; /*in*/ unsigned long *object_count; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; unsigned long _c1; mlsize_t _c2; value _v3; value _vresult; value _vres[3] = { 0, 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); /* To handle OCaml client RPC layer int64 format */ max_object_count = custom_int_val(_v_max_object_count); object = camlidl_malloc(max_object_count * sizeof(ck_object_handle_t ), _ctx); object_count = &_c1; _res = ML_CK_C_FindObjects(session, object, max_object_count, object_count); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); if (max_object_count > *object_count) { _vres[1] = camlidl_alloc(*object_count, 0); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_vres[1]); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif for(_c2 = 0;_c2 < *object_count;_c2++) { _v3 = camlidl_c2ml_pkcs11_ck_object_handle_t(&object[_c2], _ctx); modify(&Field(_vres[1], _c2), _v3); } End_roots(); } else { _vres[1] = camlidl_alloc(max_object_count, 0); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_vres[1]); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif for(_c2 = 0;_c2 < max_object_count;_c2++) { _v3 = camlidl_c2ml_pkcs11_ck_object_handle_t(&object[_c2], _ctx); modify(&Field(_vres[1], _c2), _v3); } End_roots(); } /* To handle OCaml client RPC layer int64 format */ _vres[2] = custom_copy_int(*object_count); _vresult = camlidl_alloc_small(3, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; Field(_vresult, 2) = _vres[2]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_FindObjectsFinal( value _v_session) { ck_session_handle_t session; /*in*/ ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _res = ML_CK_C_FindObjectsFinal(session); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_GenerateKey( value _v_session, value _v_mechanism, value _v_templ) { ck_session_handle_t session; /*in*/ struct ck_mechanism mechanism; /*in*/ struct ck_attribute *templ; /*in*/ unsigned long count; /*in*/ ck_object_handle_t *phkey; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; ck_object_handle_t _c4; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_struct_ck_mechanism(_v_mechanism, &mechanism, _ctx); _c1 = Wosize_val(_v_templ); templ = camlidl_malloc(_c1 * sizeof(struct ck_attribute ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_templ, _c2); camlidl_ml2c_pkcs11_struct_ck_attribute(_v3, &templ[_c2], _ctx); } count = _c1; phkey = &_c4; _res = ML_CK_C_GenerateKey(session, mechanism, templ, count, phkey); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_c2ml_pkcs11_ck_object_handle_t(&*phkey, _ctx); _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_GenerateKeyPair( value _v_session, value _v_mechanism, value _v_pub_templ, value _v_priv_templ) { ck_session_handle_t session; /*in*/ struct ck_mechanism mechanism; /*in*/ struct ck_attribute *pub_templ; /*in*/ unsigned long pub_count; /*in*/ struct ck_attribute *priv_templ; /*in*/ unsigned long priv_count; /*in*/ ck_object_handle_t *phpubkey; /*out*/ ck_object_handle_t *phprivkey; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; mlsize_t _c5; value _v6; ck_object_handle_t _c7; ck_object_handle_t _c8; value _vresult; value _vres[3] = { 0, 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_struct_ck_mechanism(_v_mechanism, &mechanism, _ctx); _c1 = Wosize_val(_v_pub_templ); pub_templ = camlidl_malloc(_c1 * sizeof(struct ck_attribute ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_pub_templ, _c2); camlidl_ml2c_pkcs11_struct_ck_attribute(_v3, &pub_templ[_c2], _ctx); } pub_count = _c1; _c4 = Wosize_val(_v_priv_templ); priv_templ = camlidl_malloc(_c4 * sizeof(struct ck_attribute ), _ctx); for (_c5 = 0; _c5 < _c4; _c5++) { _v6 = Field(_v_priv_templ, _c5); camlidl_ml2c_pkcs11_struct_ck_attribute(_v6, &priv_templ[_c5], _ctx); } priv_count = _c4; phpubkey = &_c7; phprivkey = &_c8; _res = ML_CK_C_GenerateKeyPair(session, mechanism, pub_templ, pub_count, priv_templ, priv_count, phpubkey, phprivkey); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 3); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_c2ml_pkcs11_ck_object_handle_t(&*phpubkey, _ctx); _vres[2] = camlidl_c2ml_pkcs11_ck_object_handle_t(&*phprivkey, _ctx); _vresult = camlidl_alloc_small(3, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; Field(_vresult, 2) = _vres[2]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_CreateObject( value _v_session, value _v_templ) { ck_session_handle_t session; /*in*/ struct ck_attribute *templ; /*in*/ unsigned long count; /*in*/ ck_object_handle_t *phobject; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; ck_object_handle_t _c4; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_templ); templ = camlidl_malloc(_c1 * sizeof(struct ck_attribute ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_templ, _c2); camlidl_ml2c_pkcs11_struct_ck_attribute(_v3, &templ[_c2], _ctx); } count = _c1; phobject = &_c4; _res = ML_CK_C_CreateObject(session, templ, count, phobject); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_c2ml_pkcs11_ck_object_handle_t(&*phobject, _ctx); _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_CopyObject( value _v_session, value _v_hobject, value _v_templ) { ck_session_handle_t session; /*in*/ ck_object_handle_t hobject; /*in*/ struct ck_attribute *templ; /*in*/ unsigned long count; /*in*/ ck_object_handle_t *phnewobject; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; ck_object_handle_t _c4; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hobject, &hobject, _ctx); _c1 = Wosize_val(_v_templ); templ = camlidl_malloc(_c1 * sizeof(struct ck_attribute ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_templ, _c2); camlidl_ml2c_pkcs11_struct_ck_attribute(_v3, &templ[_c2], _ctx); } count = _c1; phnewobject = &_c4; _res = ML_CK_C_CopyObject(session, hobject, templ, count, phnewobject); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_c2ml_pkcs11_ck_object_handle_t(&*phnewobject, _ctx); _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_DestroyObject( value _v_session, value _v_hobject) { ck_session_handle_t session; /*in*/ ck_object_handle_t hobject; /*in*/ ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hobject, &hobject, _ctx); _res = ML_CK_C_DestroyObject(session, hobject); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_GetAttributeValue( value _v_session, value _v_hobject, value _v_templ) { ck_session_handle_t session; /*in*/ ck_object_handle_t hobject; /*in*/ struct ck_attribute *templ; /*in,out*/ unsigned long count; /*in*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hobject, &hobject, _ctx); _c1 = Wosize_val(_v_templ); templ = camlidl_malloc(_c1 * sizeof(struct ck_attribute ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_templ, _c2); camlidl_ml2c_pkcs11_struct_ck_attribute(_v3, &templ[_c2], _ctx); } count = _c1; _res = ML_CK_C_GetAttributeValue(session, hobject, templ, count); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(count, 0); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_root(_vres[1]); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif for (_c4 = 0; _c4 < count; _c4++) { _v5 = camlidl_c2ml_pkcs11_struct_ck_attribute(&templ[_c4], _ctx); modify(&Field(_vres[1], _c4), _v5); } End_roots(); _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_SetAttributeValue( value _v_session, value _v_hobject, value _v_templ) { ck_session_handle_t session; /*in*/ ck_object_handle_t hobject; /*in*/ struct ck_attribute *templ; /*in*/ unsigned long count; /*in*/ ck_rv_t _res; mlsize_t _c1; mlsize_t _c2; value _v3; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hobject, &hobject, _ctx); _c1 = Wosize_val(_v_templ); templ = camlidl_malloc(_c1 * sizeof(struct ck_attribute ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_templ, _c2); camlidl_ml2c_pkcs11_struct_ck_attribute(_v3, &templ[_c2], _ctx); } count = _c1; _res = ML_CK_C_SetAttributeValue(session, hobject, templ, count); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_GetObjectSize( value _v_session, value _v_hobject) { ck_session_handle_t session; /*in*/ ck_object_handle_t hobject; /*in*/ unsigned long *object_size; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; unsigned long _c1; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hobject, &hobject, _ctx); object_size = &_c1; _res = ML_CK_C_GetObjectSize(session, hobject, object_size); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); /* To handle OCaml client RPC layer int64 format */ _vres[1] = custom_copy_int(*object_size); _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_WrapKey( value _v_session, value _v_mechanism, value _v_hwrappingkey, value _v_hkey) { ck_session_handle_t session; /*in*/ struct ck_mechanism mechanism; /*in*/ ck_object_handle_t hwrappingkey; /*in*/ ck_object_handle_t hkey; /*in*/ unsigned char *wrapped_key; /*out*/ /*in*/ unsigned long tmp_wrapped_key_len = MAX_BUFF_LEN; unsigned long *wrapped_key_len = &tmp_wrapped_key_len;/*in*/ unsigned char tmp_buff[MAX_BUFF_LEN]; ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; value _v2; value _vresult; value _vres[2] = { 0, 0, }; wrapped_key = tmp_buff; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_struct_ck_mechanism(_v_mechanism, &mechanism, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hwrappingkey, &hwrappingkey, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hkey, &hkey, _ctx); _res = ML_CK_C_WrapKey(session, mechanism, hwrappingkey, hkey, wrapped_key, wrapped_key_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*wrapped_key_len, 0); for (_c1 = 0; _c1 < *wrapped_key_len; _c1++) { _v2 = Val_int(wrapped_key[_c1]); modify(&Field(_vres[1], _c1), _v2); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_UnwrapKey( value _v_session, value _v_mechanism, value _v_hunwrappingkey, value _v_wrapped_key, value _v_templ) { ck_session_handle_t session; /*in*/ struct ck_mechanism mechanism; /*in*/ ck_object_handle_t hunwrappingkey; /*in*/ unsigned char *wrapped_key; /*in*/ unsigned long wrapped_key_len; /*in*/ struct ck_attribute *templ; /*in*/ unsigned long count; /*in*/ ck_object_handle_t *phobject; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; mlsize_t _c5; value _v6; ck_object_handle_t _c7; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_struct_ck_mechanism(_v_mechanism, &mechanism, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hunwrappingkey, &hunwrappingkey, _ctx); _c1 = Wosize_val(_v_wrapped_key); wrapped_key = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_wrapped_key, _c2); wrapped_key[_c2] = Int_val(_v3); } wrapped_key_len = _c1; _c4 = Wosize_val(_v_templ); templ = camlidl_malloc(_c4 * sizeof(struct ck_attribute ), _ctx); for (_c5 = 0; _c5 < _c4; _c5++) { _v6 = Field(_v_templ, _c5); camlidl_ml2c_pkcs11_struct_ck_attribute(_v6, &templ[_c5], _ctx); } count = _c4; phobject = &_c7; _res = ML_CK_C_UnwrapKey(session, mechanism, hunwrappingkey, wrapped_key, wrapped_key_len, templ, count, phobject); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_c2ml_pkcs11_ck_object_handle_t(&*phobject, _ctx); _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_DeriveKey( value _v_session, value _v_mechanism, value _v_hbasekey, value _v_templ) { ck_session_handle_t session; /*in*/ struct ck_mechanism mechanism; /*in*/ ck_object_handle_t hbasekey; /*in*/ struct ck_attribute *templ; /*in*/ unsigned long count; /*in*/ ck_object_handle_t *phkey; /*out*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; ck_object_handle_t _c4; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_struct_ck_mechanism(_v_mechanism, &mechanism, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hbasekey, &hbasekey, _ctx); _c1 = Wosize_val(_v_templ); templ = camlidl_malloc(_c1 * sizeof(struct ck_attribute ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_templ, _c2); camlidl_ml2c_pkcs11_struct_ck_attribute(_v3, &templ[_c2], _ctx); } count = _c1; phkey = &_c4; _res = ML_CK_C_DeriveKey(session, mechanism, hbasekey, templ, count, phkey); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_c2ml_pkcs11_ck_object_handle_t(&*phkey, _ctx); _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_DigestInit( value _v_session, value _v_mechanism) { ck_session_handle_t session; /*in*/ struct ck_mechanism mechanism; /*in*/ ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_struct_ck_mechanism(_v_mechanism, &mechanism, _ctx); _res = ML_CK_C_DigestInit(session, mechanism); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_Digest( value _v_session, value _v_data) { ck_session_handle_t session; /*in*/ unsigned char *data; /*in*/ unsigned long data_len; /*in*/ unsigned char *digest; /*out*/ /*in*/ unsigned char tmp_buff[MAX_BUFF_LEN]; unsigned long tmp_digest_len = MAX_BUFF_LEN; unsigned long *digest_len = &tmp_digest_len;/*in*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vresult; value _vres[2] = { 0, 0, }; digest = tmp_buff; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_data); data = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_data, _c2); data[_c2] = Int_val(_v3); } data_len = _c1; _res = ML_CK_C_Digest(session, data, data_len, digest, digest_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*digest_len, 0); for (_c4 = 0; _c4 < *digest_len; _c4++) { _v5 = Val_int(digest[_c4]); modify(&Field(_vres[1], _c4), _v5); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_DigestUpdate( value _v_session, value _v_data) { ck_session_handle_t session; /*in*/ unsigned char *data; /*in*/ unsigned long data_len; /*in*/ ck_rv_t _res; mlsize_t _c1; mlsize_t _c2; value _v3; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_data); data = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_data, _c2); data[_c2] = Int_val(_v3); } data_len = _c1; _res = ML_CK_C_DigestUpdate(session, data, data_len); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_DigestKey( value _v_session, value _v_hkey) { ck_session_handle_t session; /*in*/ ck_object_handle_t hkey; /*in*/ ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hkey, &hkey, _ctx); _res = ML_CK_C_DigestKey(session, hkey); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_DigestFinal( value _v_session) { ck_session_handle_t session; /*in*/ unsigned char *digest; /*out*/ /*in*/ unsigned long tmp_digest_len = MAX_BUFF_LEN; unsigned long *digest_len = &tmp_digest_len;/*in*/ unsigned char tmp_buff[MAX_BUFF_LEN]; ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; value _v2; value _vresult; value _vres[2] = { 0, 0, }; digest = tmp_buff; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _res = ML_CK_C_DigestFinal(session, digest, digest_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*digest_len, 0); for (_c1 = 0; _c1 < *digest_len; _c1++) { _v2 = Val_int(digest[_c1]); modify(&Field(_vres[1], _c1), _v2); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_SignInit( value _v_session, value _v_mechanism, value _v_hkey) { ck_session_handle_t session; /*in*/ struct ck_mechanism mechanism; /*in*/ ck_object_handle_t hkey; /*in*/ ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_struct_ck_mechanism(_v_mechanism, &mechanism, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hkey, &hkey, _ctx); _res = ML_CK_C_SignInit(session, mechanism, hkey); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_SignRecoverInit( value _v_session, value _v_mechanism, value _v_hkey) { ck_session_handle_t session; /*in*/ struct ck_mechanism mechanism; /*in*/ ck_object_handle_t hkey; /*in*/ ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_struct_ck_mechanism(_v_mechanism, &mechanism, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hkey, &hkey, _ctx); _res = ML_CK_C_SignRecoverInit(session, mechanism, hkey); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_Sign( value _v_session, value _v_data) { ck_session_handle_t session; /*in*/ unsigned char *data; /*in*/ unsigned long data_len; /*in*/ unsigned char *signature; /*out*/ /*in*/ unsigned long tmp_signed_len = MAX_BUFF_LEN; unsigned long *signed_len = &tmp_signed_len;/*in*/ unsigned char tmp_buff[MAX_BUFF_LEN]; ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vresult; value _vres[2] = { 0, 0, }; signature = tmp_buff; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_data); data = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_data, _c2); data[_c2] = Int_val(_v3); } data_len = _c1; _res = ML_CK_C_Sign(session, data, data_len, signature, signed_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*signed_len, 0); for (_c4 = 0; _c4 < *signed_len; _c4++) { _v5 = Val_int(signature[_c4]); modify(&Field(_vres[1], _c4), _v5); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_SignRecover( value _v_session, value _v_data) { ck_session_handle_t session; /*in*/ unsigned char *data; /*in*/ unsigned long data_len; /*in*/ unsigned char *signature; /*out*/ /*in*/ unsigned long tmp_signed_len = MAX_BUFF_LEN; unsigned long *signed_len = &tmp_signed_len;/*in*/ unsigned char tmp_buff[MAX_BUFF_LEN]; ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vresult; value _vres[2] = { 0, 0, }; signature = tmp_buff; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_data); data = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_data, _c2); data[_c2] = Int_val(_v3); } data_len = _c1; _res = ML_CK_C_SignRecover(session, data, data_len, signature, signed_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*signed_len, 0); for (_c4 = 0; _c4 < *signed_len; _c4++) { _v5 = Val_int(signature[_c4]); modify(&Field(_vres[1], _c4), _v5); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_SignUpdate( value _v_session, value _v_data) { ck_session_handle_t session; /*in*/ unsigned char *data; /*in*/ unsigned long data_len; /*in*/ ck_rv_t _res; mlsize_t _c1; mlsize_t _c2; value _v3; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_data); data = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_data, _c2); data[_c2] = Int_val(_v3); } data_len = _c1; _res = ML_CK_C_SignUpdate(session, data, data_len); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_SignFinal( value _v_session) { ck_session_handle_t session; /*in*/ unsigned char *signature; /*out*/ /*in*/ unsigned long tmp_signed_len = MAX_BUFF_LEN; unsigned long *signed_len = &tmp_signed_len;/*in*/ unsigned char tmp_buff[MAX_BUFF_LEN]; ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; value _v2; value _vresult; value _vres[2] = { 0, 0, }; signature = tmp_buff; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _res = ML_CK_C_SignFinal(session, signature, signed_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*signed_len, 0); for (_c1 = 0; _c1 < *signed_len; _c1++) { _v2 = Val_int(signature[_c1]); modify(&Field(_vres[1], _c1), _v2); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); return _vresult; } value camlidl_pkcs11_ML_CK_C_VerifyInit( value _v_session, value _v_mechanism, value _v_hkey) { ck_session_handle_t session; /*in*/ struct ck_mechanism mechanism; /*in*/ ck_object_handle_t hkey; /*in*/ ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_struct_ck_mechanism(_v_mechanism, &mechanism, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hkey, &hkey, _ctx); _res = ML_CK_C_VerifyInit(session, mechanism, hkey); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_VerifyRecoverInit( value _v_session, value _v_mechanism, value _v_hkey) { ck_session_handle_t session; /*in*/ struct ck_mechanism mechanism; /*in*/ ck_object_handle_t hkey; /*in*/ ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_struct_ck_mechanism(_v_mechanism, &mechanism, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hkey, &hkey, _ctx); _res = ML_CK_C_VerifyRecoverInit(session, mechanism, hkey); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_Verify( value _v_session, value _v_data, value _v_signature) { ck_session_handle_t session; /*in*/ unsigned char *data; /*in*/ unsigned long data_len; /*in*/ unsigned char *signature; /*in*/ unsigned long signed_len; /*in*/ ck_rv_t _res; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; mlsize_t _c5; value _v6; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_data); data = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_data, _c2); data[_c2] = Int_val(_v3); } data_len = _c1; _c4 = Wosize_val(_v_signature); signature = camlidl_malloc(_c4 * sizeof(unsigned char ), _ctx); for (_c5 = 0; _c5 < _c4; _c5++) { _v6 = Field(_v_signature, _c5); signature[_c5] = Int_val(_v6); } signed_len = _c4; _res = ML_CK_C_Verify(session, data, data_len, signature, signed_len); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_VerifyRecover( value _v_session, value _v_signature) { ck_session_handle_t session; /*in*/ unsigned char *signature; /*in*/ unsigned long signature_len; /*in*/ unsigned char *data; /*out*/ unsigned long tmp_data_len; unsigned long *data_len = &tmp_data_len;/*in*/ /*in*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_signature); signature = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_signature, _c2); signature[_c2] = Int_val(_v3); } signature_len = _c1; _res = ML_CK_C_VerifyRecover(session, signature, signature_len, &data, data_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*data_len, 0); for (_c4 = 0; _c4 < *data_len; _c4++) { _v5 = Val_int(data[_c4]); modify(&Field(_vres[1], _c4), _v5); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); if (_res == CKR_OK) { custom_free((void **)&data); } return _vresult; } value camlidl_pkcs11_ML_CK_C_VerifyUpdate( value _v_session, value _v_data) { ck_session_handle_t session; /*in*/ unsigned char *data; /*in*/ unsigned long data_len; /*in*/ ck_rv_t _res; mlsize_t _c1; mlsize_t _c2; value _v3; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_data); data = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_data, _c2); data[_c2] = Int_val(_v3); } data_len = _c1; _res = ML_CK_C_VerifyUpdate(session, data, data_len); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_VerifyFinal( value _v_session, value _v_signature) { ck_session_handle_t session; /*in*/ unsigned char *signature; /*in*/ unsigned long signed_len; /*in*/ ck_rv_t _res; mlsize_t _c1; mlsize_t _c2; value _v3; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_signature); signature = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_signature, _c2); signature[_c2] = Int_val(_v3); } signed_len = _c1; _res = ML_CK_C_VerifyFinal(session, signature, signed_len); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_EncryptInit( value _v_session, value _v_mechanism, value _v_hkey) { ck_session_handle_t session; /*in*/ struct ck_mechanism mechanism; /*in*/ ck_object_handle_t hkey; /*in*/ ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_struct_ck_mechanism(_v_mechanism, &mechanism, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hkey, &hkey, _ctx); _res = ML_CK_C_EncryptInit(session, mechanism, hkey); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_Encrypt( value _v_session, value _v_data) { ck_session_handle_t session; /*in*/ unsigned char *data; /*in*/ unsigned long data_len; /*in*/ unsigned char *encrypted; /*out*/ unsigned long tmp_encrypted_len; unsigned long *encrypted_len = &tmp_encrypted_len;/*in*/ /*in*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_data); data = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_data, _c2); data[_c2] = Int_val(_v3); } data_len = _c1; _res = ML_CK_C_Encrypt(session, data, data_len, &encrypted, encrypted_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*encrypted_len, 0); for (_c4 = 0; _c4 < *encrypted_len; _c4++) { _v5 = Val_int(encrypted[_c4]); modify(&Field(_vres[1], _c4), _v5); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); if (_res == CKR_OK) { custom_free((void **)&encrypted); } return _vresult; } value camlidl_pkcs11_ML_CK_C_EncryptUpdate( value _v_session, value _v_data) { ck_session_handle_t session; /*in*/ unsigned char *data; /*in*/ unsigned long data_len; /*in*/ unsigned char *encrypted; /*out*/ unsigned long tmp_encrypted_len; unsigned long *encrypted_len = &tmp_encrypted_len;/*in*/ /*in*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_data); data = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_data, _c2); data[_c2] = Int_val(_v3); } data_len = _c1; _res = ML_CK_C_EncryptUpdate(session, data, data_len, &encrypted, encrypted_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*encrypted_len, 0); for (_c4 = 0; _c4 < *encrypted_len; _c4++) { _v5 = Val_int(encrypted[_c4]); modify(&Field(_vres[1], _c4), _v5); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); if (_res == CKR_OK) { custom_free((void **)&encrypted); } return _vresult; } value camlidl_pkcs11_ML_CK_C_EncryptFinal( value _v_session) { ck_session_handle_t session; /*in*/ unsigned char *encrypted; /*out*/ unsigned long tmp_encrypted_len; unsigned long *encrypted_len = &tmp_encrypted_len;/*in*/ /*in*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; value _v2; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _res = ML_CK_C_EncryptFinal(session, &encrypted, encrypted_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*encrypted_len, 0); for (_c1 = 0; _c1 < *encrypted_len; _c1++) { _v2 = Val_int(encrypted[_c1]); modify(&Field(_vres[1], _c1), _v2); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); if (_res == CKR_OK) { custom_free((void **)&encrypted); } return _vresult; } value camlidl_pkcs11_ML_CK_C_DigestEncryptUpdate( value _v_session, value _v_data) { ck_session_handle_t session; /*in*/ unsigned char *data; /*in*/ unsigned long data_len; /*in*/ unsigned char *encrypted; /*out*/ unsigned long tmp_encrypted_len; unsigned long *encrypted_len = &tmp_encrypted_len;/*in*/ /*in*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_data); data = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_data, _c2); data[_c2] = Int_val(_v3); } data_len = _c1; _res = ML_CK_C_DigestEncryptUpdate(session, data, data_len, &encrypted, encrypted_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*encrypted_len, 0); for (_c4 = 0; _c4 < *encrypted_len; _c4++) { _v5 = Val_int(encrypted[_c4]); modify(&Field(_vres[1], _c4), _v5); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); if (_res == CKR_OK) { custom_free((void **)&encrypted); } return _vresult; } value camlidl_pkcs11_ML_CK_C_SignEncryptUpdate( value _v_session, value _v_data) { ck_session_handle_t session; /*in*/ unsigned char *data; /*in*/ unsigned long data_len; /*in*/ unsigned char *encrypted; /*out*/ unsigned long tmp_encrypted_len; unsigned long *encrypted_len = &tmp_encrypted_len;/*in*/ /*in*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_data); data = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_data, _c2); data[_c2] = Int_val(_v3); } data_len = _c1; _res = ML_CK_C_SignEncryptUpdate(session, data, data_len, &encrypted, encrypted_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*encrypted_len, 0); for (_c4 = 0; _c4 < *encrypted_len; _c4++) { _v5 = Val_int(encrypted[_c4]); modify(&Field(_vres[1], _c4), _v5); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); if (_res == CKR_OK) { custom_free((void **)&encrypted); } return _vresult; } value camlidl_pkcs11_ML_CK_C_DecryptInit( value _v_session, value _v_mechanism, value _v_hkey) { ck_session_handle_t session; /*in*/ struct ck_mechanism mechanism; /*in*/ ck_object_handle_t hkey; /*in*/ ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); camlidl_ml2c_pkcs11_struct_ck_mechanism(_v_mechanism, &mechanism, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hkey, &hkey, _ctx); _res = ML_CK_C_DecryptInit(session, mechanism, hkey); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_Decrypt( value _v_session, value _v_encrypted) { ck_session_handle_t session; /*in*/ unsigned char *encrypted; /*in*/ unsigned long encrypted_len; /*in*/ unsigned char *decrypted; /*out*/ unsigned long tmp_decrypted_len; unsigned long *decrypted_len = &tmp_decrypted_len;/*in*/ /*in*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_encrypted); encrypted = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_encrypted, _c2); encrypted[_c2] = Int_val(_v3); } encrypted_len = _c1; _res = ML_CK_C_Decrypt(session, encrypted, encrypted_len, &decrypted, decrypted_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*decrypted_len, 0); for (_c4 = 0; _c4 < *decrypted_len; _c4++) { _v5 = Val_int(decrypted[_c4]); modify(&Field(_vres[1], _c4), _v5); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); if (_res == CKR_OK) { custom_free((void **)&decrypted); } return _vresult; } value camlidl_pkcs11_ML_CK_C_DecryptUpdate( value _v_session, value _v_encrypted) { ck_session_handle_t session; /*in*/ unsigned char *encrypted; /*in*/ unsigned long encrypted_len; /*in*/ unsigned char *data; /*out*/ unsigned long tmp_data_len; unsigned long *data_len = &tmp_data_len;/*in*/ /*in*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_encrypted); encrypted = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_encrypted, _c2); encrypted[_c2] = Int_val(_v3); } encrypted_len = _c1; _res = ML_CK_C_DecryptUpdate(session, encrypted, encrypted_len, &data, data_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*data_len, 0); for (_c4 = 0; _c4 < *data_len; _c4++) { _v5 = Val_int(data[_c4]); modify(&Field(_vres[1], _c4), _v5); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); if (_res == CKR_OK) { custom_free((void **)&data); } return _vresult; } value camlidl_pkcs11_ML_CK_C_DecryptFinal( value _v_session) { ck_session_handle_t session; /*in*/ unsigned char *decrypted; /*out*/ unsigned long tmp_decrypted_len; unsigned long *decrypted_len = &tmp_decrypted_len;/*in*/ /*in*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; value _v2; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _res = ML_CK_C_DecryptFinal(session, &decrypted, decrypted_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*decrypted_len, 0); for (_c1 = 0; _c1 < *decrypted_len; _c1++) { _v2 = Val_int(decrypted[_c1]); modify(&Field(_vres[1], _c1), _v2); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); if (_res == CKR_OK) { custom_free((void **)&decrypted); } return _vresult; } value camlidl_pkcs11_ML_CK_C_DecryptDigestUpdate( value _v_session, value _v_encrypted) { ck_session_handle_t session; /*in*/ unsigned char *encrypted; /*in*/ unsigned long encrypted_len; /*in*/ unsigned char *data; /*out*/ unsigned long tmp_data_len; unsigned long *data_len = &tmp_data_len;/*in*/ /*in*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_encrypted); encrypted = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_encrypted, _c2); encrypted[_c2] = Int_val(_v3); } encrypted_len = _c1; _res = ML_CK_C_DecryptDigestUpdate(session, encrypted, encrypted_len, &data, data_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*data_len, 0); for (_c4 = 0; _c4 < *data_len; _c4++) { _v5 = Val_int(data[_c4]); modify(&Field(_vres[1], _c4), _v5); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); if (_res == CKR_OK) { custom_free((void **)&data); } return _vresult; } value camlidl_pkcs11_ML_CK_C_DecryptVerifyUpdate( value _v_session, value _v_encrypted) { ck_session_handle_t session; /*in*/ unsigned char *encrypted; /*in*/ unsigned long encrypted_len; /*in*/ unsigned char *data; /*out*/ unsigned long tmp_data_len; unsigned long *data_len = &tmp_data_len;/*in*/ /*in*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_encrypted); encrypted = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_encrypted, _c2); encrypted[_c2] = Int_val(_v3); } encrypted_len = _c1; _res = ML_CK_C_DecryptVerifyUpdate(session, encrypted, encrypted_len, &data, data_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*data_len, 0); for (_c4 = 0; _c4 < *data_len; _c4++) { _v5 = Val_int(data[_c4]); modify(&Field(_vres[1], _c4), _v5); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); if (_res == CKR_OK) { custom_free((void **)&data); } return _vresult; } value camlidl_pkcs11_ML_CK_C_GetOperationState( value _v_session) { ck_session_handle_t session; /*in*/ unsigned char *data; /*out*/ unsigned long tmp_data_len; unsigned long *data_len = &tmp_data_len;/*in*/ /*in*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; value _v2; value _vresult; value _vres[2] = { 0, 0, }; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _res = ML_CK_C_GetOperationState(session, &data, data_len); /* We add this because of possible shadow warning */ /* (this is not our code: these are camlidl macros)*/ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #endif Begin_roots_block(_vres, 2); #if GCC_VERSION > 40600 #pragma GCC diagnostic pop #endif _vres[0] = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); _vres[1] = camlidl_alloc(*data_len, 0); for (_c1 = 0; _c1 < *data_len; _c1++) { _v2 = Val_int(data[_c1]); modify(&Field(_vres[1], _c1), _v2); } _vresult = camlidl_alloc_small(2, 0); Field(_vresult, 0) = _vres[0]; Field(_vresult, 1) = _vres[1]; End_roots(); camlidl_free(_ctx); if (_res == CKR_OK) { custom_free((void **)&data); } return _vresult; } value camlidl_pkcs11_ML_CK_C_SetOperationState( value _v_session, value _v_data, value _v_hencryptionkey, value _v_hauthenticationkey) { ck_session_handle_t session; /*in*/ unsigned char *data; /*in*/ unsigned long data_len; /*in*/ ck_object_handle_t hencryptionkey; /*in*/ ck_object_handle_t hauthenticationkey; /*in*/ ck_rv_t _res; mlsize_t _c1; mlsize_t _c2; value _v3; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _c1 = Wosize_val(_v_data); data = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_data, _c2); data[_c2] = Int_val(_v3); } data_len = _c1; camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hencryptionkey, &hencryptionkey, _ctx); camlidl_ml2c_pkcs11_ck_object_handle_t(_v_hauthenticationkey, &hauthenticationkey, _ctx); _res = ML_CK_C_SetOperationState(session, data, data_len, hencryptionkey, hauthenticationkey); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_GetFunctionStatus( value _v_session) { ck_session_handle_t session; /*in*/ ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _res = ML_CK_C_GetFunctionStatus(session); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ML_CK_C_CancelFunction( value _v_session) { ck_session_handle_t session; /*in*/ ck_rv_t _res; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); _res = ML_CK_C_CancelFunction(session); _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_int_to_ulong_char_array( value _v_input) { unsigned long input; /*in*/ unsigned char *data; /*out*/ mlsize_t _c1; value _v2; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; /* To handle OCaml client RPC layer int64 format */ input = custom_int_val(_v_input); data = camlidl_malloc(sizeof(unsigned long) * sizeof(unsigned char ), _ctx); int_to_ulong_char_array(input, data); _vres = camlidl_alloc(sizeof(unsigned long), 0); for (_c1 = 0; _c1 < sizeof(unsigned long); _c1++) { _v2 = Val_int(data[_c1]); modify(&Field(_vres, _c1), _v2); } camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_char_array_to_ulong( value _v_data) { unsigned char *data; /*in*/ unsigned long output; /*out*/ mlsize_t _c1; mlsize_t _c2; value _v3; value _vres; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; _c1 = Wosize_val(_v_data); data = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_data, _c2); data[_c2] = Int_val(_v3); } char_array_to_ulong(data, _c1, &output); _vres = custom_copy_int(output); camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_hton_char_array( value _v_in) { unsigned char *in; /*in*/ unsigned char *out; /*out*/ unsigned long *out_len; /*in*/ mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vres; unsigned char tmp[8]; unsigned long tmp_out_len; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; out = (unsigned char *)tmp; out_len = &tmp_out_len; _c1 = Wosize_val(_v_in); in = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_in, _c2); in[_c2] = Int_val(_v3); } hton_char_array(in, _c1, out, out_len); _vres = camlidl_alloc(*out_len, 0); for (_c4 = 0; _c4 < *out_len; _c4++) { _v5 = Val_int(out[_c4]); modify(&Field(_vres, _c4), _v5); } camlidl_free(_ctx); return _vres; } value camlidl_pkcs11_ntoh_char_array( value _v_in) { unsigned char *in; /*in*/ unsigned char *out; /*out*/ unsigned long *out_len; /*in*/ mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vres; unsigned char tmp[8]; unsigned long tmp_out_len; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; out = (unsigned char *)tmp; out_len = &tmp_out_len; _c1 = Wosize_val(_v_in); in = camlidl_malloc(_c1 * sizeof(unsigned char ), _ctx); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_in, _c2); in[_c2] = Int_val(_v3); } ntoh_char_array(in, _c1, out, out_len); _vres = camlidl_alloc(*out_len, 0); for (_c4 = 0; _c4 < *out_len; _c4++) { _v5 = Val_int(out[_c4]); modify(&Field(_vres, _c4), _v5); } camlidl_free(_ctx); return _vres; } #ifdef SERVER_ROLE int encode_ck_attribute_arch(struct ck_attribute * in, struct ck_attribute * out){ uint32_t to_send32; uint64_t to_send64; out->type_ = in->type_; if(my_arch == LITTLE_ENDIAN_32 && peer_arch == LITTLE_ENDIAN_32){ if(in->value != NULL){ if(in->value_len != sizeof(uint32_t)){ return -1; } memcpy(out->value, in->value, sizeof(uint32_t)); out->value_len = sizeof(uint32_t); } else{ out->value = NULL; out->value_len = sizeof(uint32_t); } } if(my_arch == LITTLE_ENDIAN_64 && peer_arch == LITTLE_ENDIAN_32){ if(in->value != NULL){ if(in->value_len != sizeof(uint64_t)){ return -1; } memcpy(out->value, in->value, sizeof(uint32_t)); out->value_len = sizeof(uint32_t); } else{ out->value = NULL; out->value_len = sizeof(uint32_t); } } if(my_arch == LITTLE_ENDIAN_32 && peer_arch == LITTLE_ENDIAN_64){ if(in->value != NULL){ if(in->value_len != sizeof(uint32_t)){ return -1; } memcpy(out->value, in->value, sizeof(uint32_t)); out->value_len = sizeof(uint64_t); } else{ out->value = NULL; out->value_len = sizeof(uint64_t); } } if(my_arch == LITTLE_ENDIAN_64 && peer_arch == LITTLE_ENDIAN_64){ if(in->value != NULL){ if(in->value_len != sizeof(uint64_t)){ return -1; } memcpy(out->value, in->value, sizeof(uint64_t)); out->value_len = sizeof(uint64_t); } else{ out->value = NULL; out->value_len = sizeof(uint64_t); } } if(my_arch == BIG_ENDIAN_32 && peer_arch == BIG_ENDIAN_32){ if(in->value != NULL){ if(in->value_len != sizeof(uint32_t)){ return -1; } memcpy(out->value, in->value, sizeof(uint32_t)); out->value_len = sizeof(uint32_t); } else{ out->value = NULL; out->value_len = sizeof(uint32_t); } } if(my_arch == BIG_ENDIAN_64 && peer_arch == BIG_ENDIAN_64){ if(in->value != NULL){ if(in->value_len != sizeof(uint32_t)){ return -1; } memcpy(out->value, in->value, sizeof(uint64_t)); out->value_len = sizeof(uint64_t); } else{ out->value = NULL; out->value_len = sizeof(uint64_t); } } if(my_arch == LITTLE_ENDIAN_32 && peer_arch == BIG_ENDIAN_32){ if(in->value != NULL){ if(in->value_len != sizeof(uint32_t)){ return -1; } to_send32 = htobe32(*((uint32_t*)(in->value))); memcpy(out->value, &to_send32, sizeof(uint32_t)); out->value_len = sizeof(uint32_t); } else{ out->value = NULL; out->value_len = sizeof(uint32_t); } } if(my_arch == BIG_ENDIAN_32 && peer_arch == LITTLE_ENDIAN_32){ if(in->value != NULL){ if(in->value_len != sizeof(uint32_t)){ return -1; } to_send32 = htole32(*((uint32_t*)(in->value))); memcpy(out->value, &to_send32, sizeof(uint32_t)); out->value_len = sizeof(uint32_t); } else{ out->value = NULL; out->value_len = sizeof(uint32_t); } } if(my_arch == LITTLE_ENDIAN_64 && peer_arch == BIG_ENDIAN_64){ if(in->value != NULL){ if(in->value_len != sizeof(uint64_t)){ return -1; } to_send64 = htobe64(*((uint64_t*)(in->value))); memcpy(out->value, &to_send64, sizeof(uint64_t)); out->value_len = sizeof(uint64_t); } else{ out->value = NULL; out->value_len = sizeof(uint64_t); } } if(my_arch == BIG_ENDIAN_64 && peer_arch == LITTLE_ENDIAN_64){ if(in->value != NULL){ if(in->value_len != sizeof(uint64_t)){ return -1; } to_send64 = htole64(*((uint64_t*)(in->value))); memcpy(out->value, &to_send64, sizeof(uint64_t)); out->value_len = sizeof(uint64_t); } else{ out->value = NULL; out->value_len = sizeof(uint64_t); } } if(my_arch == LITTLE_ENDIAN_64 && peer_arch == BIG_ENDIAN_32){ if(in->value != NULL){ if(in->value_len != sizeof(uint64_t)){ return -1; } /* Endianness is different */ to_send32 = htobe32(*((uint32_t*)(in->value))); memcpy(out->value, &to_send32, sizeof(uint32_t)); out->value_len = sizeof(uint32_t); } else{ out->value = NULL; out->value_len = sizeof(uint32_t); } } if(my_arch == BIG_ENDIAN_32 && peer_arch == LITTLE_ENDIAN_64){ if(in->value != NULL){ if(in->value_len != sizeof(uint32_t)){ return -1; } /* Endianness is different */ to_send64 = htole64(*((uint32_t*)(in->value))); memcpy(out->value, &to_send64, sizeof(uint64_t)); out->value_len = sizeof(uint64_t); } else{ out->value = NULL; out->value_len = sizeof(uint64_t); } } if(my_arch == LITTLE_ENDIAN_32 && peer_arch == BIG_ENDIAN_64){ if(in->value != NULL){ if(in->value_len != sizeof(uint32_t)){ return -1; } /* Endianness is different */ to_send64 = htobe64(*((uint32_t*)(in->value))); memcpy(out->value, &to_send64, sizeof(uint64_t)); out->value_len = sizeof(uint64_t); } else{ out->value = NULL; out->value_len = sizeof(uint64_t); } } if(my_arch == BIG_ENDIAN_64 && peer_arch == LITTLE_ENDIAN_32){ if(in->value != NULL){ if(in->value_len != sizeof(uint64_t)){ return -1; } /* Endianness is different */ to_send32 = htole32(*((uint32_t*)(in->value+4))); memcpy(out->value, &to_send32, sizeof(uint32_t)); out->value_len = sizeof(uint32_t); } else{ out->value = NULL; out->value_len = sizeof(uint32_t); } } if(my_arch == BIG_ENDIAN_32 && peer_arch == BIG_ENDIAN_64){ if(in->value != NULL){ if(in->value_len != sizeof(uint32_t)){ return -1; } /* Endianness is different */ to_send64 = htobe64(*((uint32_t*)(in->value))); memcpy(out->value, &to_send64, sizeof(uint64_t)); out->value_len = sizeof(uint64_t); } else{ out->value = NULL; out->value_len = sizeof(uint64_t); } } if(my_arch == BIG_ENDIAN_64 && peer_arch == BIG_ENDIAN_32){ if(in->value != NULL){ if(in->value_len != sizeof(uint64_t)){ return -1; } /* Endianness is different */ to_send32 = htobe32(*((uint32_t*)(in->value+4))); memcpy(out->value, &to_send32, sizeof(uint32_t)); out->value_len = sizeof(uint32_t); } else{ out->value = NULL; out->value_len = sizeof(uint32_t); } } return 0; } #endif #ifdef SERVER_ROLE int decode_ck_attribute_arch(value in, struct ck_attribute * out, camlidl_ctx _ctx){ value vtmp; unsigned long counter; if(my_arch == LITTLE_ENDIAN_32 && peer_arch == LITTLE_ENDIAN_32){ if(Wosize_val(in) != sizeof(uint32_t)){ #ifdef DEBUG fprintf(stderr, "Something went wrong with the endianness transformation : got %lu instead of %lu\n", Wosize_val(in), sizeof(uint32_t)); #endif return -1; } (*out).value = camlidl_malloc(sizeof(uint32_t), _ctx); memset((*out).value, 0, sizeof(uint32_t)); for(counter = 0; counter < sizeof(uint32_t); counter++) { vtmp = Field(in, counter); (*out).value[counter] = Int_val(vtmp); } (*out).value_len = sizeof(uint32_t); } if(my_arch == LITTLE_ENDIAN_32 && peer_arch == LITTLE_ENDIAN_64){ if(Wosize_val(in) != sizeof(uint64_t)){ #ifdef DEBUG fprintf(stderr, "Something went wrong with the endianness transformation : got %lu instead of %lu\n", Wosize_val(in), sizeof(uint64_t)); #endif return -1; } (*out).value = camlidl_malloc(sizeof(uint32_t), _ctx); memset((*out).value, 0, sizeof(uint32_t)); for(counter = 0; counter < sizeof(uint32_t); counter++) { vtmp = Field(in, counter); (*out).value[counter] = Int_val(vtmp); } (*out).value_len = sizeof(uint32_t); } if(my_arch == BIG_ENDIAN_32 && peer_arch == BIG_ENDIAN_64){ if(Wosize_val(in) != sizeof(uint64_t)){ #ifdef DEBUG fprintf(stderr, "Something went wrong with the endianness transformation : got %lu instead of %lu\n", Wosize_val(in), sizeof(uint64_t)); #endif return -1; } (*out).value = camlidl_malloc(sizeof(uint32_t), _ctx); memset((*out).value, 0, sizeof(uint32_t)); for(counter = 0; counter < sizeof(uint32_t); counter++) { vtmp = Field(in, counter + sizeof(uint32_t)); (*out).value[counter] = Int_val(vtmp); } (*out).value_len = sizeof(uint32_t); } if(my_arch == BIG_ENDIAN_64 && peer_arch == BIG_ENDIAN_32){ if(Wosize_val(in) != sizeof(uint32_t)){ #ifdef DEBUG fprintf(stderr, "Something went wrong with the endianness transformation : got %lu instead of %lu\n", Wosize_val(in), sizeof(uint32_t)); #endif return -1; } (*out).value = camlidl_malloc(sizeof(uint64_t), _ctx); memset((*out).value, 0, sizeof(uint64_t)); for(counter = 0; counter < sizeof(uint32_t); counter++) { vtmp = Field(in, counter); (*out).value[counter + sizeof(uint32_t)] = Int_val(vtmp); } (*out).value_len = sizeof(uint64_t); } if(my_arch == LITTLE_ENDIAN_64 && peer_arch == LITTLE_ENDIAN_32){ if(Wosize_val(in) != sizeof(uint32_t)){ #ifdef DEBUG fprintf(stderr, "Something went wrong with the endianness transformation : got %lu instead of %lu\n", Wosize_val(in), sizeof(uint32_t)); #endif return -1; } (*out).value = camlidl_malloc(sizeof(uint64_t), _ctx); memset((*out).value, 0, sizeof(uint64_t)); for(counter = 0; counter < sizeof(uint32_t); counter++) { vtmp = Field(in, counter); (*out).value[counter] = Int_val(vtmp); } (*out).value_len = sizeof(uint64_t); } if(my_arch == LITTLE_ENDIAN_64 && peer_arch == LITTLE_ENDIAN_64){ if(Wosize_val(in) != sizeof(uint64_t)){ #ifdef DEBUG fprintf(stderr, "Something went wrong with the endianness transformation : got %lu instead of %lu\n", Wosize_val(in), sizeof(uint64_t)); #endif return -1; } (*out).value = camlidl_malloc(sizeof(uint64_t), _ctx); memset((*out).value, 0, sizeof(uint64_t)); for(counter = 0; counter < sizeof(uint64_t); counter++) { vtmp = Field(in, counter); (*out).value[counter] = Int_val(vtmp); } (*out).value_len = sizeof(uint64_t); } if(my_arch == BIG_ENDIAN_32 && peer_arch == BIG_ENDIAN_32){ if(Wosize_val(in) != sizeof(uint32_t)){ #ifdef DEBUG fprintf(stderr, "Something went wrong with the endianness transformation : got %lu instead of %lu\n", Wosize_val(in), sizeof(uint32_t)); #endif return -1; } (*out).value = camlidl_malloc(sizeof(uint32_t), _ctx); memset((*out).value, 0, sizeof(uint32_t)); for(counter = 0; counter < sizeof(uint32_t); counter++) { vtmp = Field(in, counter); (*out).value[counter] = Int_val(vtmp); } (*out).value_len = sizeof(uint32_t); } if(my_arch == BIG_ENDIAN_64 && peer_arch == BIG_ENDIAN_64){ if(Wosize_val(in) != sizeof(uint64_t)){ #ifdef DEBUG fprintf(stderr, "Something went wrong with the endianness transformation : got %lu instead of %lu\n", Wosize_val(in), sizeof(uint64_t)); #endif return -1; } (*out).value = camlidl_malloc(sizeof(uint64_t), _ctx); memset((*out).value, 0, sizeof(uint64_t)); for(counter = 0; counter < sizeof(uint64_t); counter++) { vtmp = Field(in, counter); (*out).value[counter] = Int_val(vtmp); } (*out).value_len = sizeof(uint64_t); } if(my_arch == LITTLE_ENDIAN_32 && peer_arch == BIG_ENDIAN_32){ if(Wosize_val(in) != sizeof(uint32_t)){ #ifdef DEBUG fprintf(stderr, "Something went wrong with the endianness transformation : got %lu instead of %lu\n", Wosize_val(in), sizeof(uint32_t)); #endif return -1; } (*out).value = camlidl_malloc(sizeof(uint32_t), _ctx); memset((*out).value, 0, sizeof(uint32_t)); for(counter = 0; counter < sizeof(uint32_t); counter++) { vtmp = Field(in, counter); (*out).value[(sizeof(uint32_t) -1 ) - counter] = Int_val(vtmp); } (*out).value_len = sizeof(uint32_t); } if(my_arch == BIG_ENDIAN_32 && peer_arch == LITTLE_ENDIAN_32){ if(Wosize_val(in) != sizeof(uint32_t)){ #ifdef DEBUG fprintf(stderr, "Something went wrong with the endianness transformation : got %lu instead of %lu\n", Wosize_val(in), sizeof(uint32_t)); #endif return -1; } (*out).value = camlidl_malloc(sizeof(uint32_t), _ctx); memset((*out).value, 0, sizeof(uint32_t)); for(counter = 0; counter < sizeof(uint32_t); counter++) { vtmp = Field(in, counter); (*out).value[(sizeof(uint32_t) -1 ) - counter] = Int_val(vtmp); } (*out).value_len = sizeof(uint32_t); } if(my_arch == LITTLE_ENDIAN_64 && peer_arch == BIG_ENDIAN_64){ if(Wosize_val(in) != sizeof(uint64_t)){ #ifdef DEBUG fprintf(stderr, "Something went wrong with the endianness transformation : got %lu instead of %lu\n", Wosize_val(in), sizeof(uint64_t)); #endif return -1; } (*out).value = camlidl_malloc(sizeof(uint64_t), _ctx); memset((*out).value, 0, sizeof(uint64_t)); for(counter = 0; counter < sizeof(uint64_t); counter++) { vtmp = Field(in, counter); (*out).value[(sizeof(uint64_t) -1 ) - counter] = Int_val(vtmp); } (*out).value_len = sizeof(uint64_t); } if(my_arch == BIG_ENDIAN_64 && peer_arch == LITTLE_ENDIAN_64){ if(Wosize_val(in) != sizeof(uint64_t)){ #ifdef DEBUG fprintf(stderr, "Something went wrong with the endianness transformation : got %lu instead of %lu\n", Wosize_val(in), sizeof(uint64_t)); #endif return -1; } (*out).value = camlidl_malloc(sizeof(uint64_t), _ctx); memset((*out).value, 0, sizeof(uint64_t)); for(counter = 0; counter < sizeof(uint64_t); counter++) { vtmp = Field(in, counter); (*out).value[(sizeof(uint64_t) -1 ) - counter] = Int_val(vtmp); } (*out).value_len = sizeof(uint64_t); } if(my_arch == LITTLE_ENDIAN_64 && peer_arch == BIG_ENDIAN_32){ if(Wosize_val(in) != sizeof(uint32_t)){ #ifdef DEBUG fprintf(stderr, "Something went wrong with the endianness transformation : got %lu instead of %lu\n", Wosize_val(in), sizeof(uint32_t)); #endif return -1; } (*out).value = camlidl_malloc(sizeof(uint64_t), _ctx); memset((*out).value, 0, sizeof(uint64_t)); for(counter = 0; counter < sizeof(uint32_t); counter++) { vtmp = Field(in, counter); (*out).value[(sizeof(uint32_t) -1 ) - counter] = Int_val(vtmp); } (*out).value_len = sizeof(uint64_t); } if(my_arch == BIG_ENDIAN_32 && peer_arch == LITTLE_ENDIAN_64){ if(Wosize_val(in) != sizeof(uint64_t)){ #ifdef DEBUG fprintf(stderr, "Something went wrong with the endianness transformation : got %lu instead of %lu\n", Wosize_val(in), sizeof(uint64_t)); #endif return -1; } (*out).value = camlidl_malloc(sizeof(uint32_t), _ctx); memset((*out).value, 0, sizeof(uint32_t)); for(counter = 0; counter < sizeof(uint32_t); counter++) { vtmp = Field(in, counter); (*out).value[(sizeof(uint32_t) -1 ) - counter] = Int_val(vtmp); } (*out).value_len = sizeof(uint32_t); } if(my_arch == LITTLE_ENDIAN_32 && peer_arch == BIG_ENDIAN_64){ if(Wosize_val(in) != sizeof(uint64_t)){ #ifdef DEBUG fprintf(stderr, "Something went wrong with the endianness transformation : got %lu instead of %lu\n", Wosize_val(in), sizeof(uint64_t)); #endif return -1; } (*out).value = camlidl_malloc(sizeof(uint32_t), _ctx); memset((*out).value, 0, sizeof(uint32_t)); for(counter = 0; counter < sizeof(uint32_t); counter++) { vtmp = Field(in, counter + sizeof(uint32_t)); (*out).value[(sizeof(uint32_t) -1 ) - counter] = Int_val(vtmp); } (*out).value_len = sizeof(uint32_t); } if(my_arch == BIG_ENDIAN_64 && peer_arch == LITTLE_ENDIAN_32){ if(Wosize_val(in) != sizeof(uint32_t)){ #ifdef DEBUG fprintf(stderr, "Something went wrong with the endianness transformation : got %lu instead of %lu\n", Wosize_val(in), sizeof(uint32_t)); #endif return -1; } (*out).value = camlidl_malloc(sizeof(uint64_t), _ctx); memset((*out).value, 0, sizeof(uint64_t)); for(counter = 0; counter < sizeof(uint32_t); counter++) { vtmp = Field(in, counter); (*out).value[(sizeof(uint64_t) -1 ) - counter] = Int_val(vtmp); } (*out).value_len = sizeof(uint64_t); } return 0; } #endif caml-crush-1.0.12/src/bindings-pkcs11/pkcs11_stubs.cocci000066400000000000000000000567521414774042300226660ustar00rootroot00000000000000@rule_find_object@ expression session, object, max_object_count, object_count; expression _res, _vres, _c2, _v3, _ctx; @@ _res = ML_CK_C_FindObjects(session, object, max_object_count, object_count); <... - _vres[1] = camlidl_alloc(max_object_count, 0); - Begin_root(_vres[1]); - for (_c2 = 0; _c2 < max_object_count; _c2++) { - _v3 = camlidl_c2ml_pkcs11_ck_object_handle_t(&object[_c2], _ctx); - modify(&Field(_vres[1], _c2), _v3); - } - End_roots(); - _vres[2] = Val_long(*object_count); + if(max_object_count > *object_count){ + _vres[1] = camlidl_alloc(*object_count, 0); + Begin_root(_vres[1]); + for (_c2 = 0; _c2 < *object_count; _c2++) { + _v3 = camlidl_c2ml_pkcs11_ck_object_handle_t(&object[_c2], _ctx); + modify(&Field(_vres[1], _c2), _v3); + } + End_roots(); + } + else{ + _vres[1] = camlidl_alloc(max_object_count, 0); + Begin_root(_vres[1]); + for (_c2 = 0; _c2 < max_object_count; _c2++) { + _v3 = camlidl_c2ml_pkcs11_ck_object_handle_t(&object[_c2], _ctx); + modify(&Field(_vres[1], _c2), _v3); + } + End_roots(); + } + _vres[2] = copy_nativeint(*object_count); ...> @rule_get_slot_list@ identifier token_present, slot_list, count, real_count, _ctx, _ctxs, _res, _c1, _c2, _v3, _vres; @@ camlidl_pkcs11_ML_CK_C_GetSlotList(...){ <... + unsigned long slots_to_cpy = 0; unsigned int token_present; /*in */ ck_slot_id_t *slot_list; /*out */ unsigned long count; /*in */ unsigned long *real_count; /*out */ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; unsigned long _c1; mlsize_t _c2; ... - _vres[1] = camlidl_alloc(count, 0); - Begin_root(_vres[1]); - for (...; ...; ...){ - _v3 = camlidl_c2ml_pkcs11_ck_slot_id_t(&slot_list[_c2], _ctx); - modify(&Field(_vres[1], _c2), _v3); - } + /* If we have got an error from PKCS#11 functions */ + /* we return an empty array to the caml side */ + if(_res != CKR_OK){ + count = 0; + } + if(count > *real_count){ + _vres[1] = camlidl_alloc(*real_count, 0); + slots_to_cpy = *real_count; + } + else{ + _vres[1] = camlidl_alloc(count, 0); + slots_to_cpy = count; + } + Begin_root(_vres[1]); + for (_c2 = 0; _c2 < slots_to_cpy; _c2++) { + _v3 = camlidl_c2ml_pkcs11_ck_slot_id_t(&slot_list[_c2], _ctx); + modify(&Field(_vres[1], _c2), _v3); + } ... - _vres[2] = Val_long(*real_count); + _vres[2] = copy_nativeint(*real_count); ...> } @rule_get_mech_list@ identifier slot_id, mechanism_list, count, real_count, _res, _vres; @@ camlidl_pkcs11_ML_CK_C_GetMechanismList(...){ <... + unsigned long mech_to_cpy = 0; ck_slot_id_t slot_id; /*in */ ck_mechanism_type_t *mechanism_list; /*out */ unsigned long count; /*in */ unsigned long *real_count; /*out */ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; unsigned long _c1; mlsize_t _c2; ... - _vres[1] = camlidl_alloc(count, 0); - Begin_root(_vres[1]); - for (...; ...; ...){ - _v3 = camlidl_c2ml_pkcs11_ck_mechanism_type_t(&mechanism_list[_c2], _ctx); - modify(&Field(_vres[1], _c2), _v3); - } + /* If we have got an error from PKCS#11 functions */ + /* we return an empty array to the caml side */ + if(_res != CKR_OK){ + count = 0; + } + if(count > *real_count){ + _vres[1] = camlidl_alloc(*real_count, 0); + mech_to_cpy = *real_count; + } + else{ + _vres[1] = camlidl_alloc(count, 0); + mech_to_cpy = count; + } + Begin_root(_vres[1]); + for (_c2 = 0; _c2 < mech_to_cpy; _c2++) { + _v3 = camlidl_c2ml_pkcs11_ck_mechanism_type_t(&mechanism_list[_c2], _ctx); + modify(&Field(_vres[1], _c2), _v3); + } ... - _vres[2] = Val_long(*real_count); + _vres[2] = copy_nativeint(*real_count); ...> } @rule_get_object_size@ expression session, hobject, object_size; expression _res, _vres; @@ _res = ML_CK_C_GetObjectSize(session, hobject, object_size); <... - _vres[1] = Val_long(*object_size); + _vres[1] = copy_nativeint(*object_size); ...> @rule_camlidl_pkcs11_ML_CK_C_SetupArch@ identifier _res; @@ camlidl_pkcs11_ML_CK_C_SetupArch(...){ <... + /* Check if SetupArch was previously called, if so, return -1 */ + if(peer_arch != NOT_INITIALIZED){ +#ifdef DEBUG + fprintf(stderr, "Multiple C_SetupArch calls is invalid, ignoring\n"); +#endif + _res = -1; + _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); + camlidl_free(_ctx); + return _vres; + } _res = ML_CK_C_SetupArch(...); + /* Initialize local architecture */ + if(_res != UNSUPPORTED_ARCHITECTURE){ + peer_arch = arch; + my_arch = _res; + } ...> } @rule_camlidl_pkcs11_ML_CK_C_LoadModule@ identifier _res; @@ camlidl_pkcs11_ML_CK_C_LoadModule(...){ <... +#ifdef SERVER_ROLE + /* Check if LoadModule was previously called, if so, return -1 */ + if(module_loaded != NOT_INITIALIZED){ +#ifdef DEBUG + fprintf(stderr, "Multiple C_LoadModule calls is invalid, ignoring\n"); +#endif + _res = -1; + _vres = camlidl_c2ml_pkcs11_ck_rv_t(&_res, _ctx); + camlidl_free(_ctx); + return _vres; + } +#endif _res = ML_CK_C_LoadModule(...); +#ifdef SERVER_ROLE + if(_res == CKR_OK){ + module_loaded = CKR_OK; + } +#endif ...> } @rule_camlidl_c2ml_pkcs11_struct_ck_attribute@ identifier _v3, _v5, _c1, _c4; @@ camlidl_c2ml_pkcs11_struct_ck_attribute(...){ <... + unsigned char buff[sizeof(uint64_t)]; + struct ck_attribute temp_; + struct ck_attribute *temp; _v3[0] = _v3[1] = 0; ... - _v3[1] = camlidl_alloc((*_c1).value_len, 0); - for (...; ...; ...){ - _v5 = Val_int((unsigned char)((*_c1).value[_c4])); - modify(&Field(_v3[1], _c4), _v5); - } + memset(buff, 0, sizeof(uint64_t)); + temp_.type_ = 0; + temp_.value = (void*)buff; + temp_.value_len = sizeof(uint64_t); + temp = &temp_; + + *temp = *_c1; + + if ((long)(*temp).value_len >= 0) { + /* Endianness transformations for + CKA_CLASS, CKA_CERTIFICATE_TYPE, CKA_KEY_TYPE, + CKA_KEY_GEN_MECHANISM, CKA_AUTH_PIN_FLAGS, CKA_VALUE_LEN, + CKA_MECHANISM_TYPE */ + +#ifdef SERVER_ROLE + switch ((*temp).type_) { + case 0x0: + case 0x80: + case 0x88: + case 0x100: + case 0x121: + case 0x161: + case 0x166: + case 0x201: + case 0x400: + case 0x401: + case 0x402: + case 0x403: + case 0x404: + case 0x405: + case 0x406: + case 0x500: { + int encode_ret = 1; + /* We override the pointer to temp->value */ + temp->value = (void*)buff; + encode_ret = encode_ck_attribute_arch(_c1, temp); + if(encode_ret == -1){ + /* FIXME: Something went wrong with encode_ck_attribute_arch + * we exit (thus terminating the child process), is there a + * better way to handle it. + */ + exit(-1); + } + } + } +#endif + if ((*temp).value != NULL) { + + _v3[1] = camlidl_alloc((*temp).value_len, 0); + + for(_c4 = 0;_c4 < (*temp).value_len;_c4++) { + _v5 = Val_int((unsigned char)((*temp).value[_c4])); + modify(&Field(_v3[1], _c4), _v5); + } + } + else { + _v3[1] = camlidl_alloc((*temp).value_len, 0); + for(_c4 = 0;_c4 < (*temp).value_len;_c4++) { + _v5 = Val_int(0); + modify(&Field(_v3[1], _c4), _v5); + } + /* + int i = 0; + char output_size[sizeof(unsigned long)]; + *((unsigned long*)output_size) = (*temp).value_len; + _v3[1] = camlidl_alloc(sizeof(unsigned long), 0); + for (i = 0 ; i< sizeof(unsigned long); i++){ + modify(&Field(_v3[1], i), output_size[i]); + } + */ + } + } + else { + (*temp).value_len = -1; + _v3[1] = camlidl_alloc(0, 0); + } ...> } @rule_camlidl_ml2c_pkcs11_struct_ck_attribute@ identifier _ctx, _c2, _v4, _c5, _c6, _v7; @@ camlidl_ml2c_pkcs11_struct_ck_attribute(...){ <... _c5 = Wosize_val(_v4); - (*_c2).value = camlidl_malloc(_c5 * sizeof(char ), _ctx); - for (...; ...; ...){ - _v7 = Field(_v4, _c6); - (*_c2).value[_c6] = Int_val(_v7); - } - (*_c2).value_len = _c5; + /* Endianness transformations for + CKA_CLASS, CKA_CERTIFICATE_TYPE, CKA_KEY_TYPE, + CKA_KEY_GEN_MECHANISM, CKA_AUTH_PIN_FLAGS, CKA_VALUE_LEN, + CKA_MECHANISM_TYPE */ + switch ((*_c2).type_) { + case 0x0: + case 0x80: + case 0x88: + case 0x100: + case 0x121: + case 0x161: + case 0x166: + case 0x201: + case 0x400: + case 0x401: + case 0x402: + case 0x403: + case 0x404: + case 0x405: + case 0x406: + case 0x500: { +#ifdef SERVER_ROLE + int decode_ret = 1; + if ((long)_c5 > 0) { + decode_ret = decode_ck_attribute_arch(_v4, _c2, _ctx); + } + /* We come from OCaml cannot be negative, allocate a zero pointer */ + else { + (*_c2).value = camlidl_malloc(_c5 * sizeof(char), _ctx); + (*_c2).value_len = _c5; + } + /* Break ONLY if decode_ck_attribute_arch succeeded + * otherwise, we want to go to the default case */ + if(decode_ret != -1){ + break; + } +#endif + } + /* Fallthrough */ + default: { + if ((long)_c5 >= 0) { + (*_c2).value = camlidl_malloc(_c5 * sizeof(char), _ctx); + for(_c6 = 0;_c6 < _c5;_c6++) { + _v7 = Field(_v4, _c6); + (*_c2).value[_c6] = Int_val(_v7); + } + } + (*_c2).value_len = _c5; + break; + } + + } ...> } @rule_camlidl_pkcs11_ML_CK_C_WrapKey@ identifier _ctx, _ctxs, _res, _c1, _v2, _vresult, _vres, wrapped_key, wrapped_key_len; @@ camlidl_pkcs11_ML_CK_C_WrapKey(...){ <... - unsigned long *wrapped_key_len; /*in*/ + unsigned long tmp_wrapped_key_len = MAX_BUFF_LEN; + unsigned long *wrapped_key_len = &tmp_wrapped_key_len; /*in*/ + unsigned char tmp_buff[MAX_BUFF_LEN]; ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; value _v2; value _vresult; value _vres[2] = { 0, 0, }; + wrapped_key = tmp_buff; ... - wrapped_key = camlidl_malloc(*wrapped_key_len * sizeof(unsigned char ), _ctx); ...> } @rule_camlidl_pkcs11_ML_CK_C_Digest@ identifier _ctx, _ctxs, _res, _c1, _c2, _v3, _c4, _v5, _vresult, _vres, digest_len, digest, data_len ; @@ camlidl_pkcs11_ML_CK_C_Digest(...){ <... - unsigned long *digest_len; /*in*/ + unsigned char tmp_buff[MAX_BUFF_LEN]; + unsigned long tmp_digest_len = MAX_BUFF_LEN; + unsigned long *digest_len = &tmp_digest_len; /*in*/ ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vresult; value _vres[2] = { 0, 0, }; + digest = tmp_buff; ... data_len = _c1; - digest = camlidl_malloc(*digest_len * sizeof(unsigned char ), _ctx); ...> } @rule_camlidl_pkcs11_ML_CK_C_DigestFinal@ identifier _ctx, _ctxs, _res, _c1, _v2, _v_session, _vresult, _vres, session, digest_len, digest ; @@ camlidl_pkcs11_ML_CK_C_DigestFinal(...){ <... - unsigned long *digest_len; /*in*/ + unsigned long tmp_digest_len = MAX_BUFF_LEN; + unsigned long *digest_len = &tmp_digest_len; /*in*/ + unsigned char tmp_buff[MAX_BUFF_LEN]; ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; value _v2; value _vresult; value _vres[2] = { 0, 0, }; + digest = tmp_buff; ... camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); - digest = camlidl_malloc(*digest_len * sizeof(unsigned char ), _ctx); ...> } @rule_camlidl_pkcs11_ML_CK_C_Sign@ identifier _ctx, _ctxs, _res, _c1, _c2, _v3, _c4, _v5, _vresult, _vres, signed_len, signature, data_len ; @@ camlidl_pkcs11_ML_CK_C_Sign(...){ <... - unsigned long *signed_len; /*in*/ + unsigned long tmp_signed_len = MAX_BUFF_LEN; + unsigned long *signed_len = &tmp_signed_len; /*in*/ + unsigned char tmp_buff[MAX_BUFF_LEN]; ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vresult; value _vres[2] = { 0, 0, }; + signature = tmp_buff; ... data_len = _c1; - signature = camlidl_malloc(*signed_len * sizeof(unsigned char ), _ctx); ...> } @rule_camlidl_pkcs11_ML_CK_C_SignRecover@ identifier _ctx, _ctxs, _res, _c1, _c2, _v3, _c4, _v5, _vresult, _vres, signed_len, signature, data_len ; @@ camlidl_pkcs11_ML_CK_C_SignRecover(...){ <... - unsigned long *signed_len; /*in*/ + unsigned long tmp_signed_len = MAX_BUFF_LEN; + unsigned long *signed_len = &tmp_signed_len; /*in*/ + unsigned char tmp_buff[MAX_BUFF_LEN]; ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; mlsize_t _c2; value _v3; mlsize_t _c4; value _v5; value _vresult; value _vres[2] = { 0, 0, }; + signature = tmp_buff; ... data_len = _c1; - signature = camlidl_malloc(*signed_len * sizeof(unsigned char ), _ctx); ...> } @rule_camlidl_pkcs11_ML_CK_C_Encrypt@ identifier _ctx, _res, _c1, session, data, data_len, encrypted, encrypted_len; @@ camlidl_pkcs11_ML_CK_C_Encrypt(...){ <... - unsigned long *encrypted_len; /*in*/ + unsigned long tmp_encrypted_len; + unsigned long *encrypted_len = &tmp_encrypted_len; /*in*/ ... data_len = _c1; - encrypted = camlidl_malloc(*encrypted_len * sizeof(unsigned char ), _ctx); - _res = ML_CK_C_Encrypt(session, data, data_len, encrypted, encrypted_len); + _res = ML_CK_C_Encrypt(session, data, data_len, &encrypted, encrypted_len); ... camlidl_free(_ctx); + if (_res == CKR_OK) { + custom_free ((void**)&encrypted); + } ...> } @rule_camlidl_pkcs11_ML_CK_C_EncryptUpdate@ identifier _ctx, _res, _c1, session, data, data_len, encrypted, encrypted_len; @@ camlidl_pkcs11_ML_CK_C_EncryptUpdate(...){ <... - unsigned long *encrypted_len; /*in*/ + unsigned long tmp_encrypted_len; + unsigned long *encrypted_len = &tmp_encrypted_len; /*in*/ ... data_len = _c1; - encrypted = camlidl_malloc(*encrypted_len * sizeof(unsigned char ), _ctx); - _res = ML_CK_C_EncryptUpdate(session, data, data_len, encrypted, encrypted_len); + _res = ML_CK_C_EncryptUpdate(session, data, data_len, &encrypted, encrypted_len); ... camlidl_free(_ctx); + if (_res == CKR_OK) { + custom_free ((void**)&encrypted); + } ...> } @rule_camlidl_pkcs11_ML_CK_C_DigestEncryptUpdate@ identifier _ctx, _res, _c1, session, data, data_len, encrypted, encrypted_len; @@ camlidl_pkcs11_ML_CK_C_DigestEncryptUpdate(...){ <... - unsigned long *encrypted_len; /*in*/ + unsigned long tmp_encrypted_len; + unsigned long *encrypted_len = &tmp_encrypted_len; /*in*/ ... data_len = _c1; - encrypted = camlidl_malloc(*encrypted_len * sizeof(unsigned char ), _ctx); - _res = ML_CK_C_DigestEncryptUpdate(session, data, data_len, encrypted, encrypted_len); + _res = ML_CK_C_DigestEncryptUpdate(session, data, data_len, &encrypted, encrypted_len); ... camlidl_free(_ctx); + if (_res == CKR_OK) { + custom_free ((void**)&encrypted); + } ...> } @rule_camlidl_pkcs11_ML_CK_C_SignEncryptUpdate@ identifier _ctx, _res, _c1, session, data, data_len, encrypted, encrypted_len; @@ camlidl_pkcs11_ML_CK_C_SignEncryptUpdate(...){ <... - unsigned long *encrypted_len; /*in*/ + unsigned long tmp_encrypted_len; + unsigned long *encrypted_len = &tmp_encrypted_len; /*in*/ ... data_len = _c1; - encrypted = camlidl_malloc(*encrypted_len * sizeof(unsigned char ), _ctx); - _res = ML_CK_C_SignEncryptUpdate(session, data, data_len, encrypted, encrypted_len); + _res = ML_CK_C_SignEncryptUpdate(session, data, data_len, &encrypted, encrypted_len); ... camlidl_free(_ctx); + if (_res == CKR_OK) { + custom_free ((void**)&encrypted); + } ...> } @rule_camlidl_pkcs11_ML_CK_C_EncryptFinal@ identifier _ctx, _res, _v_session, session, encrypted, encrypted_len; @@ camlidl_pkcs11_ML_CK_C_EncryptFinal(...){ <... - unsigned long *encrypted_len; /*in*/ + unsigned long tmp_encrypted_len; + unsigned long *encrypted_len = &tmp_encrypted_len; /*in*/ ... camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); - encrypted = camlidl_malloc(*encrypted_len * sizeof(unsigned char ), _ctx); - _res = ML_CK_C_EncryptFinal(session, encrypted, encrypted_len); + _res = ML_CK_C_EncryptFinal(session, &encrypted, encrypted_len); ... camlidl_free(_ctx); + if (_res == CKR_OK) { + custom_free ((void**)&encrypted); + } ...> } @rule_camlidl_pkcs11_ML_CK_C_Decrypt@ identifier _ctx, _res, _c1, session, encrypted, encrypted_len, decrypted, decrypted_len; @@ camlidl_pkcs11_ML_CK_C_Decrypt(...){ <... - unsigned long *decrypted_len; /*in*/ + unsigned long tmp_decrypted_len; + unsigned long *decrypted_len = &tmp_decrypted_len; /*in*/ ... encrypted_len = _c1; - decrypted = camlidl_malloc(*decrypted_len * sizeof(unsigned char ), _ctx); - _res = ML_CK_C_Decrypt(session, encrypted, encrypted_len, decrypted, decrypted_len); + _res = ML_CK_C_Decrypt(session, encrypted, encrypted_len, &decrypted, decrypted_len); ... camlidl_free(_ctx); + if (_res == CKR_OK) { + custom_free ((void**)&decrypted); + } ...> } @rule_camlidl_pkcs11_ML_CK_C_VerifyRecover@ identifier _ctx, _res, _c1, session, signature, signature_len, data, data_len; @@ camlidl_pkcs11_ML_CK_C_VerifyRecover(...){ <... - unsigned long *data_len; /*in*/ + unsigned long tmp_data_len; + unsigned long *data_len = &tmp_data_len; /*in*/ ... signature_len = _c1; - data = camlidl_malloc(*data_len * sizeof(unsigned char ), _ctx); - _res = ML_CK_C_VerifyRecover(session, signature, signature_len, data, data_len); + _res = ML_CK_C_VerifyRecover(session, signature, signature_len, &data, data_len); ... camlidl_free(_ctx); + if (_res == CKR_OK) { + custom_free ((void**)&data); + } ...> } @rule_camlidl_pkcs11_ML_CK_C_DecryptUpdate@ identifier _ctx, _res, _c1, session, encrypted, encrypted_len, data, data_len; @@ camlidl_pkcs11_ML_CK_C_DecryptUpdate(...){ <... - unsigned long *data_len; /*in*/ + unsigned long tmp_data_len; + unsigned long *data_len = &tmp_data_len; /*in*/ ... encrypted_len = _c1; - data = camlidl_malloc(*data_len * sizeof(unsigned char ), _ctx); - _res = ML_CK_C_DecryptUpdate(session, encrypted, encrypted_len, data, data_len); + _res = ML_CK_C_DecryptUpdate(session, encrypted, encrypted_len, &data, data_len); ... camlidl_free(_ctx); + if (_res == CKR_OK) { + custom_free ((void**)&data); + } ...> } @rule_camlidl_pkcs11_ML_CK_C_DecryptDigestUpdate@ identifier _ctx, _res, _c1, session, encrypted, encrypted_len, data, data_len; @@ camlidl_pkcs11_ML_CK_C_DecryptDigestUpdate(...){ <... - unsigned long *data_len; /*in*/ + unsigned long tmp_data_len; + unsigned long *data_len = &tmp_data_len; /*in*/ ... encrypted_len = _c1; - data = camlidl_malloc(*data_len * sizeof(unsigned char ), _ctx); - _res = ML_CK_C_DecryptDigestUpdate(session, encrypted, encrypted_len, data, data_len); + _res = ML_CK_C_DecryptDigestUpdate(session, encrypted, encrypted_len, &data, data_len); ... camlidl_free(_ctx); + if (_res == CKR_OK) { + custom_free ((void**)&data); + } ...> } @rule_camlidl_pkcs11_ML_CK_C_DecryptVerifyUpdate@ identifier _ctx, _res, _c1, session, encrypted, encrypted_len, data, data_len; @@ camlidl_pkcs11_ML_CK_C_DecryptVerifyUpdate(...){ <... - unsigned long *data_len; /*in*/ + unsigned long tmp_data_len; + unsigned long *data_len = &tmp_data_len; /*in*/ ... encrypted_len = _c1; - data = camlidl_malloc(*data_len * sizeof(unsigned char ), _ctx); - _res = ML_CK_C_DecryptVerifyUpdate(session, encrypted, encrypted_len, data, data_len); + _res = ML_CK_C_DecryptVerifyUpdate(session, encrypted, encrypted_len, &data, data_len); ... camlidl_free(_ctx); + if (_res == CKR_OK) { + custom_free ((void**)&data); + } ...> } @rule_camlidl_pkcs11_ML_CK_C_DecryptFinal@ identifier _ctx, _v_session, _res, session, decrypted, decrypted_len; @@ camlidl_pkcs11_ML_CK_C_DecryptFinal(...){ <... - unsigned long *decrypted_len; /*in*/ + unsigned long tmp_decrypted_len; + unsigned long *decrypted_len = &tmp_decrypted_len; /*in*/ ... camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); - decrypted = camlidl_malloc(*decrypted_len * sizeof(unsigned char ), _ctx); - _res = ML_CK_C_DecryptFinal(session, decrypted, decrypted_len); + _res = ML_CK_C_DecryptFinal(session, &decrypted, decrypted_len); ... camlidl_free(_ctx); + if (_res == CKR_OK) { + custom_free ((void**)&decrypted); + } ...> } @rule_camlidl_pkcs11_ML_CK_C_SignFinal@ identifier _ctx, _ctxs, _vres, _vresult, _c1, _v2, _v_session, _res, session, signature, signed_len; @@ camlidl_pkcs11_ML_CK_C_SignFinal(...){ <... - unsigned long *signed_len; /*in*/ + unsigned long tmp_signed_len = MAX_BUFF_LEN; + unsigned long *signed_len = &tmp_signed_len; /*in*/ + unsigned char tmp_buff[MAX_BUFF_LEN]; ck_rv_t _res; struct camlidl_ctx_struct _ctxs = { CAMLIDL_TRANSIENT, NULL }; camlidl_ctx _ctx = &_ctxs; mlsize_t _c1; value _v2; value _vresult; value _vres[2] = { 0, 0, }; + signature = tmp_buff; ... camlidl_ml2c_pkcs11_ck_session_handle_t(_v_session, &session, _ctx); - signature = camlidl_malloc(*signed_len * sizeof(unsigned char ), _ctx); ...> } @rule_camlidl_pkcs11_ML_CK_C_GenerateRandom@ identifier _res, session, rand_value, rand_len; @@ camlidl_pkcs11_ML_CK_C_GenerateRandom(...){ <... _res = ML_CK_C_GenerateRandom(session, rand_value, rand_len); + /* If for some reason the function fails, return an empty array */ + if(_res != CKR_OK){ + rand_len = 0; + } ...> } @rule_camlidl_pkcs11_ML_CK_C_GetOperationState@ identifier session, data, data_len, _res, _ctx; @@ camlidl_pkcs11_ML_CK_C_GetOperationState(...){ <... - unsigned long *data_len; /*in*/ + unsigned long tmp_data_len; + unsigned long *data_len = &tmp_data_len; /*in*/ ... - data = camlidl_malloc(*data_len * sizeof(unsigned char ), _ctx); - _res = ML_CK_C_GetOperationState(session, data, data_len); + _res = ML_CK_C_GetOperationState(session, &data, data_len); ... camlidl_free(_ctx); + if (_res == CKR_OK) { + custom_free ((void**)&data); + } ...> } @rule_copy_nativeint@ expression out, in; @@ - out = copy_nativeint(in); + /* To handle OCaml client RPC layer int64 format */ + out = custom_copy_int(in); @rule_Nativeint_val@ expression out, in; @@ - out = Nativeint_val(in); + /* To handle OCaml client RPC layer int64 format */ + out = custom_int_val(in); @rule_custom_alloc@ @@ - #include "pkcs11.h" + #define CUSTOM_ALLOC + #include "pkcs11.h" @rule_camlidl_pkcs11_char_array_to_ulong@ identifier data, output; @@ camlidl_pkcs11_char_array_to_ulong(...){ <... - char_array_to_ulong(data, output); + char_array_to_ulong(data, _c1, &output); ...> } @rule_camlidl_pkcs11_ntoh_char_array@ identifier in, out, _vres, out_len, _ctx; @@ camlidl_pkcs11_ntoh_char_array(...){ <... value _vres; + unsigned char tmp[8]; + unsigned long tmp_out_len; ... camlidl_ctx _ctx = &_ctxs; + out = (unsigned char*)tmp; + out_len = &tmp_out_len; ... - out = camlidl_malloc(*out_len * sizeof(unsigned char ), _ctx); - ntoh_char_array(in, out, out_len); + ntoh_char_array(in, _c1, out, out_len); ...> } @rule_camlidl_pkcs11_hton_char_array@ identifier in, out, _vres, out_len, _ctx; @@ camlidl_pkcs11_hton_char_array(...){ <... value _vres; + unsigned char tmp[8]; + unsigned long tmp_out_len; ... camlidl_ctx _ctx = &_ctxs; + out = (unsigned char*)tmp; + out_len = &tmp_out_len; ... - out = camlidl_malloc(*out_len * sizeof(unsigned char ), _ctx); - hton_char_array(in, out, out_len); + hton_char_array(in, _c1, out, out_len); ...> } caml-crush-1.0.12/src/client-lib/000077500000000000000000000000001414774042300164505ustar00rootroot00000000000000caml-crush-1.0.12/src/client-lib/Makefile.Win32000066400000000000000000000042641414774042300210170ustar00rootroot00000000000000#Define target systems APPVER = 6.1 TARGETOS = WINNT #For now force AMD64, comment it if you need x86 CPU=AMD64 #You need to add the include directory to win32.mak # for instance (set include=%include%;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Include) #To compile the Debug version: nmake /f Makefile.Win32 #To compile the Release version: nmake /f Makefile.Win32 nodebug=1 #We have to include Windows specific helpers (cvarsmt, cdebug, etc) !include #Path to ONC-RPC library and generated STATIC lib file. #WARNING: your oncrpc.lib have to match your build configuration (Debug/Release), otherwise it will fail #Please download and compile your own () RPC_INC=C:\Users\dev\Desktop\oncrpc-win32\win32\include RPC_LIB=C:\Users\dev\Desktop\oncrpc-win32\win32\bin\oncrpc.lib #Local include directory BINDING_INC=..\bindings-pkcs11 # Libname to compile LIBNAME="softhsm" # Output LIB CLIENTLIB=libp11client #__STDC__ is needed to avoid issue with "lazy" prototypes #We need to define ONCRPC_STATIC to get the correct function declaration #Modify SOCKET_PATH LIBNAME to your convenience LCFLAGS=-I$(RPC_INC) -I$(BINDING_INC) -I. \ -D__STDC__ \ -DONCRPC_STATIC\ -DCRPC \ -DTCP_SOCKET -DSOCKET_PATH=192.168.39.30:4444\ -DLIBNAME=$(LIBNAME) LINK_FLAGS=$(RPC_LIB) CC=cl TARGETS=prepare $(CLIENTLIB).dll restore TRASH=*.pdb *.lib *.exp *.idb *.manifest CLIENT_OBJ = \ pkcs11_rpc_xdr.obj \ pkcs11_rpc_clnt.obj \ modwrap.obj \ modwrap_crpc.obj \ modwrap_crpc_ssl.obj \ $(NULL) .SUFFIXES: .c .obj .OBJ .rc .res .Obj .dll #The $(cvarsmt) indicates to link with the local C Runtime, we # do not use $(cvarsdll) to avoid linking to MSVCRT (shipping redistribuable DLL). .c.obj: $(CC) $(LCFLAGS) $(cdebug) $(cflags) $(cvarsmt) $< .rc.res: rc $(DEFINES) $< all: $(TARGETS) clean: del $(TARGETS) $(CLIENT_OBJ) $(TRASH) #Compile and link $(CLIENTLIB).dll: $(CLIENT_OBJ) $(LINK_FLAGS) link /OUT:$*.dll $(CLIENT_OBJ) $(ldebug) $(dlllflags) $(conlibsdll) $(LINK_FLAGS) if EXIST $*.dll.manifest mt -manifest $*.dll.manifest -outputresource:$*.dll;2 !IF "$(_NMAKE_VER)" >= "8.00" mt.exe -manifest $(CLIENTLIB).dll.manifest -outputresource:"$(CLIENTLIB).dll;2" !ENDIF caml-crush-1.0.12/src/client-lib/Makefile.Win32.mingw000066400000000000000000000067331414774042300221420ustar00rootroot00000000000000#Path to ONC-RPC library and generated STATIC lib file. #WARNING: your oncrpc.lib have to match your build configuration (Debug/Release), otherwise it will fail #Please download and compile your own () RPC_INC=../../../oncrpc-win32/win32/include RPC_LIB32=../../../oncrpc-win32/win32/bin32/oncrpc.lib RPC_LIB64=../../../oncrpc-win32/win32/bin64/oncrpc.lib SSL_INC=../../../openssl-1.1.0f/include SSL_LIB32=../../../openssl-1.1.0f/win32/libssl.a CRYPTO_LIB32=../../../openssl-1.1.0f/win32/libcrypto.a SSL_LIB64=../../../openssl-1.1.0f/win64/libssl.a CRYPTO_LIB64=../../../openssl-1.1.0f/win64/libcrypto.a #Local include directory BINDING_INC=../bindings-pkcs11 # Libname to compile LIBNAME="softhsm" # Output LIB CLIENTLIB=libp11client #Modify SOCKET_PATH LIBNAME to your convenience LCFLAGS=-g -I$(RPC_INC) -I$(BINDING_INC) -I.\ -DONCRPC_STATIC\ -DCRPC \ -fno-builtin-bcopy -fno-builtin-bcmp -fno-builtin-bzero \ -DTCP_SOCKET -DSOCKET_PATH=127.0.0.1:4444\ -DLIBNAME=$(LIBNAME)\ LINK_FLAGS32=$(RPC_LIB32) LINK_FLAGS64=$(RPC_LIB64) #Modify SOCKET_PATH LIBNAME to your convenience LCFLAGS_SSL=-g -I$(RPC_INC) -I$(BINDING_INC) -I. -I$(SSL_INC)\ -DONCRPC_STATIC\ -DCRPC \ -fno-builtin-bcopy -fno-builtin-bcmp -fno-builtin-bzero \ -DTCP_SOCKET -DSOCKET_PATH=127.0.0.1:4444\ -DLIBNAME=$(LIBNAME)\ -DWITH_SSL -DSSL_FILES_ENV LINK_FLAGS32_SSL=$(RPC_LIB32) $(SSL_LIB32) $(CRYPTO_LIB32) -static-libgcc LINK_FLAGS64_SSL=$(RPC_LIB64) $(SSL_LIB64) $(CRYPTO_LIB64) -static-libgcc # Change to 64-bit mingw if you want 64-bit binaries MINGW32=i686-w64-mingw32 MINGW64=x86_64-w64-mingw32 CC32=$(MINGW32)-gcc CC64=$(MINGW64)-gcc TARGETS32=$(CLIENTLIB)_32.dll TARGETS64=$(CLIENTLIB)_64.dll TARGETS32_SSL=$(CLIENTLIB)_32_ssl.dll TARGETS64_SSL=$(CLIENTLIB)_64_ssl.dll TRASH=*.pdb *.lib *.exp *.idb *.manifest CLIENT_SRC = \ pkcs11_rpc_xdr.c \ pkcs11_rpc_clnt.c \ modwrap.c \ modwrap_crpc.c \ modwrap_crpc_ssl.c \ CLIENT_OBJ = $(patsubst %.c, %.o, $(CLIENT_SRC)) all: winrpc objs32 clientlib32 objs64 clientlib64 objs32ssl clientlib32ssl objs64ssl clientlib64ssl clean: rm -f $(TARGETS32) $(TARGETS64) $(TARGETS32_SSL) $(TARGETS64_SSL) $(CLIENT_OBJ) $(TRASH) # Copy the xdr files and generate the headers properly for # the Win32 target winrpc: #Copy file in order to get correct include path in file generated cp ../rpc-pkcs11/pkcs11_rpc.x ./ #Generate header for Win32 compatibility (i.e. without MT support) rpcgen -h -N pkcs11_rpc.x > pkcs11_rpc.h #Generate xdr helpers rpcgen -c -N pkcs11_rpc.x > pkcs11_rpc_xdr.c #Generate client stubs rpcgen -l -N pkcs11_rpc.x > pkcs11_rpc_clnt.c #Remove local copy of XDR file rm pkcs11_rpc.x #Patch generated xdr implementation (optional: remove unused buffer) spatch --no-show-diff --sp-file ./pkcs11_rpc_xdr.cocci ./pkcs11_rpc_xdr.c --in-place #Compile and link 32-bit objs32: $(CC32) $(LCFLAGS) -c $(CLIENT_SRC) clientlib32: $(CLIENT_OBJ) $(CC32) -shared -o $(TARGETS32) $(CLIENT_OBJ) $(LINK_FLAGS32) -lwsock32 objs32ssl: $(CC32) $(LCFLAGS_SSL) -c $(CLIENT_SRC) clientlib32ssl: $(CLIENT_OBJ) $(CC32) -shared -o $(TARGETS32_SSL) $(CLIENT_OBJ) $(LINK_FLAGS32_SSL) -lwsock32 -lgdi32 -lws2_32 #Compile and link 64-bit objs64: $(CC64) $(LCFLAGS) -c $(CLIENT_SRC) clientlib64: $(CLIENT_OBJ) $(CC64) -shared -o $(TARGETS64) $(CLIENT_OBJ) $(LINK_FLAGS64) -lwsock32 objs64ssl: $(CC64) $(LCFLAGS_SSL) -c $(CLIENT_SRC) clientlib64ssl: $(CLIENT_OBJ) $(CC64) -shared -o $(TARGETS64_SSL) $(CLIENT_OBJ) $(LINK_FLAGS64_SSL) -lwsock32 -lgdi32 -lws2_32 caml-crush-1.0.12/src/client-lib/Makefile.in000066400000000000000000000106051414774042300205170ustar00rootroot00000000000000CC = @CC@ CFLAGS_OPT = -O2 -Wall -fPIC -Wextra -pedantic -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wnested-externs -Winline -Wuninitialized -fstack-protector-all -fcommon CFLAGS_OPT += ${CPPFLAGS} @RPC_CPPFLAGS@ LD_FLAGS = -lpthread @c_ssl_package@ @RPC_LDFLAGS@ @LDFLAGS@ mem_prot_opt_caml=-ccopt -Wl,-z,relro,-z,now -ccopt -fstack-protector mem_prot_opt=-Wl,-z,relro,-z,now c_include_dirs = -I@srcdir@ -I$(bindings_dir) -I@OCAMLLIB@ include_dirs = -I $(build_bindings_dir) -I $(build_rpc_dir) caml_link_flags = -cclib -lcamlidl -cclib -L@OCAMLLIB@ bindings_dir = @top_srcdir@/src/bindings-pkcs11 rpc_dir = @top_srcdir@/src/rpc-pkcs11 build_bindings_dir = ../bindings-pkcs11 build_rpc_dir = ../rpc-pkcs11 libdir = @libdir@ prefix = ${DESTDIR}@prefix@ CLIENTLIBS = @lib_names@ ifeq ($(CUSTOM_SONAME),"") CUSTOM_SONAME=libp11client.so.0 endif camlrpccompileclient = ocamlfind ocamlopt @ocaml_options@ -verbose -pp "camlp4o pa_macro.cmo @caml_client_ssl_define@ -D@socket_type@ -DSOCKET_PATH=\\\"@socket_path@\\\" @caml_client_ssl_files@ @caml_client_ssl_ca_file@ @caml_client_ssl_cert_file@ @caml_client_ssl_privkey_file@ @caml_client_ssl_server@" -package "str,rpc" @caml_client_ssl_package@ $(include_dirs) -o client -c @srcdir@/client.ml camlrpccompilestubs = cp @srcdir@/modwrap.c modwrap_$(1).c && $(CC) $(2) -D@socket_type@ -DCAMLRPC -DLIBNAME=$(1) @libname_file@ -c modwrap_$(1).c @srcdir@/modwrap_camlrpc.c $(bindings_dir)/pkcs11_stubs.c $(c_include_dirs) $(CFLAGS_OPT) && rm modwrap_$(1).c camlrpccompilelib = ocamlfind ocamlopt @ocaml_options@ -verbose $(2) $(mem_prot_opt_caml) -package "str,rpc" @caml_client_ssl_package@ -linkpkg -output-obj -o libp11client$(1).so pkcs11_stubs.o $(build_bindings_dir)/pkcs11_functions.o modwrap_$(1).o modwrap_camlrpc.o $(build_bindings_dir)/pkcs11.cmx $(build_rpc_dir)/pkcs11_rpclib.cmxa client.cmx $(caml_link_flags) crpccompilestubs = cp @srcdir@/modwrap.c modwrap_$(1).c && $(CC) $(2) @rpc_mt_define@ @c_ssl_define@ @c_gnutls_define@ -D@socket_type@ -DSOCKET_PATH=@socket_path@ -DLIBNAME=$(1) @libname_file@ @c_client_ssl_files@ @c_client_ssl_ca_file@ @c_client_ssl_cert_file@ @c_client_ssl_privkey_file@ @c_client_ssl_server@ -DCRPC -c @srcdir@/pkcs11_rpc_xdr.c @srcdir@/pkcs11_rpc_clnt.c modwrap_$(1).c @srcdir@/modwrap_crpc.c @srcdir@/modwrap_crpc_ssl.c $(c_include_dirs) $(CFLAGS_OPT) && rm modwrap_$(1).c crpccompilelib = $(CC) $(2) $(mem_prot_opt) -shared -Wl,-soname,$(CUSTOM_SONAME) -fPIC -o libp11client$(1).so pkcs11_rpc_xdr.o pkcs11_rpc_clnt.o modwrap_$(1).o modwrap_crpc.o modwrap_crpc_ssl.o $(LD_FLAGS) all : @c_rpc_gen@ @linux_c_rpc_patch@ @client_to_compile@ client: $(call camlrpccompileclient) crpc: $(foreach lib,$(CLIENTLIBS),$(call crpccompilestubs,$(lib));) $(foreach lib,$(CLIENTLIBS),$(call crpccompilelib,$(lib));) camlrpc: client @$(foreach lib,$(CLIENTLIBS),$(call camlrpccompilestubs,$(lib));) @$(foreach lib,$(CLIENTLIBS),$(call camlrpccompilelib,$(lib));) crpc_debug: @$(foreach lib,$(CLIENTLIBS),$(call crpccompilestubs,$(lib),-DDEBUG -g);) @$(foreach lib,$(CLIENTLIBS),$(call crpccompilelib,$(lib));) camlrpc_debug: client $(foreach lib,$(CLIENTLIBS),$(call camlrpccompilestubs,$(lib),-DDEBUG -g);) $(foreach lib,$(CLIENTLIBS),$(call camlrpccompilelib,$(lib),-ccopt -DDEBUG -ccopt -g);) rpc: cp $(rpc_dir)/pkcs11_rpc.x ./ #Generate header rpcgen -h -N -M pkcs11_rpc.x > @srcdir@/pkcs11_rpc.h #Generate xdr helpers rpcgen -c -N -M pkcs11_rpc.x > @srcdir@/pkcs11_rpc_xdr.c #Generate client stubs rpcgen -l -N -M pkcs11_rpc.x > @srcdir@/pkcs11_rpc_clnt.c @rm pkcs11_rpc.x linux_c_rpc_patch: #Patch generated pkcs_rpc_xrc.c to remove useless buf (Linux specific) spatch --no-show-diff --sp-file @srcdir@/pkcs11_rpc_xdr.cocci @srcdir@/pkcs11_rpc_xdr.c --in-place debug: @c_rpc_gen@ @linux_c_rpc_patch@ @client_to_compile_debug@ install_lib = echo "Installing libp11client$(1).so to $(DESTDIR)$(libdir)/libp11client$(1).so" && install -D libp11client$(1).so $(DESTDIR)$(libdir)/libp11client$(1).so uninstall_lib = echo "Uninstalling $(DESTDIR)$(libdir)/libp11client$(1).so" && rm $(DESTDIR)$(libdir)/libp11client$(1).so install: @$(foreach lib,$(CLIENTLIBS),$(call install_lib,$(lib));) uninstall: @$(foreach lib,$(CLIENTLIBS),$(call uninstall_lib,$(lib));) clean_rpc: # Remove rpc generated files @rm -f @c_rpc_clean@ clean: @rm -f *.cmi *.cmx *.o *.cmo *.cmxa *.cma *.so *.a *~ caml-crush-1.0.12/src/client-lib/client.ml000066400000000000000000000743141414774042300202710ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the client library 5] source tree: -------------------- | 5] Client library | | -------- | | | | PKCS#11 | | | |functions| | -------- | -------------------- | | { PKCS#11 INTERFACE } | APPLICATION Project: PKCS#11 Filtering Proxy File: src/client-lib/client.ml ************************** MIT License HEADER ***********************************) open Pkcs11_rpc_aux open Rpc_helpers (*IFDEF UNIX_SOCKET THEN IFDEF TCP_SOCKET THEN*) (* Send an error: these two can't be defined at the same time *) (*ENDIF ENDIF*) (* Getting the timeout if it is set in an environment variable *) let rpc_timeout = let check_env = (try Sys.getenv("PKCS11PROXY_RPC_TIMEOUT") (* An RPC timeout of 25 seconds is the default *) with _ -> "25") in let timeout = (try float_of_string check_env with (* An RPC timeout of 25 seconds is the default *) _ -> 25.0) in (timeout) (* Getting the socket path from the defined variable or from the environment *) (* Get the path *) IFDEF SOCKET_PATH THEN let path = SOCKET_PATH ELSE let path = (try Sys.getenv("PKCS11PROXY_SOCKET_PATH") with _ -> "") ENDIF IFDEF UNIX_SOCKET THEN let get_socket_path = (* UNIX socket *) if path = "" then begin raise (Failure "Error: unix socket path is empty!") end; path ELSE let get_socket_path = (* TCP socket *) let l = Str.split (Str.regexp ":") path in if List.length l != 2 then begin let error_string = Printf.sprintf "Error: tcp socket path %s is malformed" path in raise (Failure error_string) end else begin (List.nth l 0, int_of_string (List.nth l 1)) end ENDIF (* WITH SSL *) IFDEF WITH_SSL THEN (* Handle the path case *) IFDEF SSL_FILES_PATH THEN let ca_file_path = PKCS11PROXY_CA_FILE let cert_file_path = PKCS11PROXY_CERT_FILE let private_key_file_path = PKCS11PROXY_PRIVKEY_FILE ENDIF (* Handle the env case *) IFDEF SSL_FILES_ENV THEN let ca_file_path = (try Sys.getenv("PKCS11PROXY_CA_FILE") with _ -> failwith "Error: could not get PKCS11PROXY_CA_FILE from env") let cert_file_path = (try Sys.getenv("PKCS11PROXY_CERT_FILE") with _ -> failwith "Error: could not get PKCS11PROXY_CERT_FILE from env") let private_key_file_path = (try Sys.getenv("PKCS11PROXY_PRIVKEY_FILE") with _ -> failwith "Error: could not get PKCS11PROXY_PRIVKEY_FILE from env") ENDIF (* Handle the embed case *) IFDEF SSL_FILES_EMBED THEN (* We include the .inc files generated by autoconf *) INCLUDE "ca_file.inc" INCLUDE "cert_file.inc" INCLUDE "private_key_file.inc" (* Create temp files from these *) let ca_file_path = Filename.temp_file "pkcs11proxy_client" "ca_file" let cert_file_path = Filename.temp_file "pkcs11proxy_client" "cert_file" let private_key_file_path = Filename.temp_file "pkcs11proxy_client" "private_key_file" (* Open the temp files and write the certificates inside them *) let write_string_to_file path str = let oc = open_out_gen [Open_wronly; Open_append; Open_text] 0o600 path in Printf.fprintf oc "%s" str; close_out oc let ssl_socket_config cafile certfile certkey = List.iter (write_string_to_file ca_file_path) ca_file_buff; write_string_to_file certfile cert_file_buff; write_string_to_file certkey private_key_file_buff; Ssl.init(); let ctx = Ssl.create_context Ssl.TLSv1 Ssl.Client_context in Ssl.set_verify ctx [ Ssl.Verify_peer ] None; Ssl.set_verify_depth ctx 4; Ssl.load_verify_locations ctx cafile "" ; Ssl.use_certificate ctx certfile certkey; let rpc = Rpc_ssl.ssl_client_socket_config ctx in (* Now that the socket has been established, we can safely remove the temp files *) Sys.remove ca_file_path; Sys.remove cert_file_path; Sys.remove private_key_file_path; (rpc) ELSE let ssl_socket_config cafile certfile certkey = Ssl.init(); let ctx = Ssl.create_context Ssl.TLSv1 Ssl.Client_context in Ssl.set_verify ctx [ Ssl.Verify_peer ] None; Ssl.set_verify_depth ctx 4; Ssl.load_verify_locations ctx cafile "" ; Ssl.use_certificate ctx certfile certkey; Rpc_ssl.ssl_client_socket_config ctx ENDIF let socket_ctx = ssl_socket_config ca_file_path cert_file_path private_key_file_path (* WITHOUT SSL *) ELSE let socket_ctx = Rpc_client.default_socket_config ENDIF (* create_client2 *) let rpc_client = ref None let get_rpc_client ref_to_rpc_client = match !ref_to_rpc_client with | None -> raise (Failure "Client is not initialized") | Some x -> x IFDEF UNIX_SOCKET THEN let rpc_connect () = begin Netsys_signal.init(); (* UNIX SOCKET *) let path = get_socket_path in rpc_client := Some (Pkcs11_rpc_clnt.P.V.create_client2 (`Socket(Rpc.Tcp, Rpc_client.Unix(path), socket_ctx)) ); match !rpc_client with Some client -> Rpc_client.configure client 0 rpc_timeout | _ -> () end ELSE let rpc_connect () = begin Netsys_signal.init(); (* TCP SOCKET *) let (host, port) = get_socket_path in rpc_client := Some (Pkcs11_rpc_clnt.P.V.create_client2 (`Socket(Rpc.Tcp, Rpc_client.Inet(host, port), socket_ctx)) ); match !rpc_client with Some client -> Rpc_client.configure client 0 rpc_timeout | _ -> () end ENDIF let _ = Callback.register "RPC_connect" rpc_connect let shut_down_client () = Rpc_client.shut_down (get_rpc_client rpc_client); () let _ = Callback.register "Shut_Down_Client" shut_down_client let c_SetupArch client_arch = let ret = Pkcs11_rpc_clnt.P.V.c_setuparch (get_rpc_client rpc_client) client_arch in ret let _ = Callback.register "C_SetupArch" c_SetupArch (* Client side load module *) let c_LoadModule libname = (* Get the libname in the config file *) let ret = Pkcs11_rpc_clnt.P.V.c_loadmodule (get_rpc_client rpc_client) libname in ret let _ = Callback.register "C_LoadModule" c_LoadModule let c_Initialize () = let ret = Pkcs11_rpc_clnt.P.V.c_initialize (get_rpc_client rpc_client) () in ret let _ = Callback.register "C_Initialize" c_Initialize let c_GetSlotList token_present count = let ret = Pkcs11_rpc_clnt.P.V.c_getslotlist (get_rpc_client rpc_client) (token_present, count) in (ret.c_getslotlist_rv , ret.c_getslotlist_slot_list, ret.c_getslotlist_count) let _ = Callback.register "C_GetSlotList" c_GetSlotList let c_Finalize () = let ret = Pkcs11_rpc_clnt.P.V.c_finalize (get_rpc_client rpc_client) () in ret let _ = Callback.register "C_Finalize" c_Finalize let c_GetInfo () = let ret = Pkcs11_rpc_clnt.P.V.c_getinfo (get_rpc_client rpc_client) () in (ret.c_getinfo_rv , (ck_info_rpc_aux_to_pkcs11 ret.c_getinfo_info)) let _ = Callback.register "C_GetInfo" c_GetInfo let c_WaitForSlotEvent flags = let ret = Pkcs11_rpc_clnt.P.V.c_waitforslotevent (get_rpc_client rpc_client) (flags) in (ret.c_waitforslotevent_rv , ret.c_waitforslotevent_count ) let _ = Callback.register "C_WaitForSlotEvent" c_WaitForSlotEvent let c_GetSlotInfo slot_id = let ret = Pkcs11_rpc_clnt.P.V.c_getslotinfo (get_rpc_client rpc_client) (slot_id) in (ret.c_getslotinfo_rv , (ck_slot_info_rpc_aux_to_pkcs11 ret.c_getslotinfo_slot_info) ) let _ = Callback.register "C_GetSlotInfo" c_GetSlotInfo let c_GetTokenInfo slot_id = let ret = Pkcs11_rpc_clnt.P.V.c_gettokeninfo (get_rpc_client rpc_client) (slot_id) in (ret.c_gettokeninfo_rv , (ck_token_info_rpc_aux_to_pkcs11 ret.c_gettokeninfo_token_info)) let _ = Callback.register "C_GetTokenInfo" c_GetTokenInfo let c_Login handle user_type pin = let real_pin = (Pkcs11.char_array_to_string pin) in let ret = Pkcs11_rpc_clnt.P.V.c_login (get_rpc_client rpc_client) (handle, user_type, real_pin) in ret let _ = Callback.register "C_Login" c_Login let c_Logout handle = let ret = Pkcs11_rpc_clnt.P.V.c_logout (get_rpc_client rpc_client) (handle) in ret let _ = Callback.register "C_Logout" c_Logout let c_OpenSession slot_id flags = let ret = Pkcs11_rpc_clnt.P.V.c_opensession (get_rpc_client rpc_client) (slot_id, flags) in (ret.c_opensession_rv , ret.c_opensession_handle ) let _ = Callback.register "C_OpenSession" c_OpenSession let c_CloseSession session = let ret = Pkcs11_rpc_clnt.P.V.c_closesession (get_rpc_client rpc_client) (session) in ret let _ = Callback.register "C_CloseSession" c_CloseSession let c_GetMechanismList slot_id count = let ret = Pkcs11_rpc_clnt.P.V.c_getmechanismlist (get_rpc_client rpc_client) (slot_id, count) in (ret.c_getmechanismlist_rv , ret.c_getmechanismlist_list, ret.c_getmechanismlist_count ) let _ = Callback.register "C_GetMechanismList" c_GetMechanismList let c_CloseAllSessions slot_id = let ret = Pkcs11_rpc_clnt.P.V.c_closeallsessions (get_rpc_client rpc_client) (slot_id) in ret let _ = Callback.register "C_CloseAllSessions" c_CloseAllSessions let c_GetSessionInfo session = let ret = Pkcs11_rpc_clnt.P.V.c_getsessioninfo (get_rpc_client rpc_client) (session) in (ret.c_getsessioninfo_rv , (ck_session_info_rpc_aux_to_pkcs11 ret.c_getsessioninfo_info) ) let _ = Callback.register "C_GetSessionInfo" c_GetSessionInfo let c_GetMechanismInfo slot_id mechanism_type = let ret = Pkcs11_rpc_clnt.P.V.c_getmechanisminfo (get_rpc_client rpc_client) (slot_id, mechanism_type ) in (ret.c_getmechanisminfo_rv , (ck_mechanism_info_rpc_aux_to_pkcs11 ret.c_getmechanisminfo_info) ) let _ = Callback.register "C_GetMechanismInfo" c_GetMechanismInfo let c_InitPIN session_handle pin = let real_pin = (Pkcs11.char_array_to_string pin) in let ret = Pkcs11_rpc_clnt.P.V.c_initpin (get_rpc_client rpc_client) (session_handle, real_pin) in ret let _ = Callback.register "C_InitPINT" c_InitPIN let c_SetPIN session_handle old_pin new_pin = let real_old_pin = (Pkcs11.char_array_to_string old_pin) in let real_new_pin = (Pkcs11.char_array_to_string new_pin) in let ret = Pkcs11_rpc_clnt.P.V.c_setpin (get_rpc_client rpc_client) (session_handle, real_old_pin, real_new_pin) in ret let _ = Callback.register "C_SetPIN" c_SetPIN let c_SeedRandom session_handle seed = let real_seed = (Pkcs11.char_array_to_string seed) in let ret = Pkcs11_rpc_clnt.P.V.c_seedrandom (get_rpc_client rpc_client) (session_handle, real_seed) in ret let _ = Callback.register "C_SeedRandom" c_SeedRandom let c_InitToken slot_id so_pin label = let real_so_pin = (Pkcs11.char_array_to_string so_pin) in let real_label = (Pkcs11.char_array_to_string label) in let ret = Pkcs11_rpc_clnt.P.V.c_inittoken (get_rpc_client rpc_client) (slot_id, real_so_pin, real_label) in ret let _ = Callback.register "C_InitToken" c_InitToken let c_GenerateRandom session_handle count = let ret = Pkcs11_rpc_clnt.P.V.c_generaterandom (get_rpc_client rpc_client) (session_handle, count) in (ret.c_generaterandom_rv , (Pkcs11.string_to_char_array ret.c_generaterandom_data) ) let _ = Callback.register "C_GenerateRandom" c_GenerateRandom let c_FindObjectsInit session_handle attributes = let real_attributes = (Array.map ck_attribute_pkcs11_to_rpc_aux attributes) in let ret = Pkcs11_rpc_clnt.P.V.c_findobjectsinit (get_rpc_client rpc_client) (session_handle, real_attributes) in ret let _ = Callback.register "C_FindObjectsInit" c_FindObjectsInit let c_FindObjects session_handle count = let ret = Pkcs11_rpc_clnt.P.V.c_findobjects (get_rpc_client rpc_client) (session_handle, count) in (ret.c_findobjects_rv , ret.c_findobjects_objects, ret.c_findobjects_count ) let _ = Callback.register "C_FindObjects" c_FindObjects let c_FindObjectsFinal session_handle = let ret = Pkcs11_rpc_clnt.P.V.c_findobjectsfinal (get_rpc_client rpc_client) (session_handle) in ret let _ = Callback.register "C_FindObjectsFinal" c_FindObjectsFinal let c_GenerateKey session_handle mechanism attributes = let real_mechanism = (ck_mechanism_pkcs11_to_rpc_aux mechanism) in let real_attributes = (Array.map ck_attribute_pkcs11_to_rpc_aux attributes) in let ret = Pkcs11_rpc_clnt.P.V.c_generatekey (get_rpc_client rpc_client) (session_handle, real_mechanism, real_attributes) in (ret.c_generatekey_rv , ret.c_generatekey_handle ) let _ = Callback.register "C_GenerateKey" c_GenerateKey let c_GenerateKeyPair session_handle mechanism pub_attributes priv_attributes = let real_mechanism = (ck_mechanism_pkcs11_to_rpc_aux mechanism) in let real_pub_attributes = (Array.map ck_attribute_pkcs11_to_rpc_aux pub_attributes) in let real_priv_attributes = (Array.map ck_attribute_pkcs11_to_rpc_aux priv_attributes) in let ret = Pkcs11_rpc_clnt.P.V.c_generatekeypair (get_rpc_client rpc_client) (session_handle, real_mechanism, real_pub_attributes, real_priv_attributes) in (ret.c_generatekeypair_rv , ret.c_generatekeypair_pubhandle , ret.c_generatekeypair_privhandle ) let _ = Callback.register "C_GenerateKeyPair" c_GenerateKeyPair let c_CreateObject session_handle attributes = let real_attributes = (Array.map ck_attribute_pkcs11_to_rpc_aux attributes) in let ret = Pkcs11_rpc_clnt.P.V.c_createobject (get_rpc_client rpc_client) (session_handle, real_attributes) in (ret.c_createobject_rv , ret.c_createobject_handle ) let _ = Callback.register "C_CreateObject" c_CreateObject let c_CopyObject session_handle object_handle attributes = let real_attributes = (Array.map ck_attribute_pkcs11_to_rpc_aux attributes) in let ret = Pkcs11_rpc_clnt.P.V.c_copyobject (get_rpc_client rpc_client) (session_handle, object_handle, real_attributes) in (ret.c_copyobject_rv , ret.c_copyobject_handle ) let _ = Callback.register "C_CopyObject" c_CopyObject let c_DestroyObject session_handle object_handle = let ret = Pkcs11_rpc_clnt.P.V.c_destroyobject (get_rpc_client rpc_client) (session_handle, object_handle) in ret let _ = Callback.register "C_DestroyObject" c_DestroyObject let c_GetAttributeValue session_handle object_handle attributes = let real_attributes = (Array.map ck_attribute_pkcs11_to_rpc_aux attributes) in let ret = Pkcs11_rpc_clnt.P.V.c_getattributevalue (get_rpc_client rpc_client) (session_handle, object_handle, real_attributes) in (ret.c_getattributevalue_rv , (Array.map ck_attribute_rpc_aux_to_pkcs11 ret.c_getattributevalue_value)) let _ = Callback.register "C_GetAttributeValue" c_GetAttributeValue let c_SetAttributeValue session_handle object_handle attributes = let real_attributes = (Array.map ck_attribute_pkcs11_to_rpc_aux attributes) in let ret = Pkcs11_rpc_clnt.P.V.c_setattributevalue (get_rpc_client rpc_client) (session_handle, object_handle, real_attributes) in ret let _ = Callback.register "C_SetAttributeValue" c_SetAttributeValue let c_GetObjectSize session_handle object_handle = let ret = Pkcs11_rpc_clnt.P.V.c_getobjectsize (get_rpc_client rpc_client) (session_handle, object_handle) in (ret.c_getobjectsize_rv , ret.c_getobjectsize_size ) let _ = Callback.register "C_GetObjectSize" c_GetObjectSize let c_WrapKey session_handle mechanism wrapping_handle wrapped_handle = let real_mechanism = (ck_mechanism_pkcs11_to_rpc_aux mechanism) in let ret = Pkcs11_rpc_clnt.P.V.c_wrapkey (get_rpc_client rpc_client) (session_handle, real_mechanism, wrapping_handle, wrapped_handle) in (ret.c_wrapkey_rv , (Pkcs11.string_to_char_array ret.c_wrapkey_value) ) let _ = Callback.register "C_WrapKey" c_WrapKey let c_UnwrapKey session_handle mechanism unwrapping_handle wrapped_key attributes = let real_mechanism = (ck_mechanism_pkcs11_to_rpc_aux mechanism) in let real_attributes = (Array.map ck_attribute_pkcs11_to_rpc_aux attributes) in let real_wrapped_key = (Pkcs11.char_array_to_string wrapped_key) in let ret = Pkcs11_rpc_clnt.P.V.c_unwrapkey (get_rpc_client rpc_client) (session_handle, real_mechanism, unwrapping_handle, real_wrapped_key, real_attributes) in (ret.c_unwrapkey_rv , ret.c_unwrapkey_handle ) let _ = Callback.register "C_UnwrapKey" c_UnwrapKey let c_DeriveKey session_handle mechanism initial_key attributes = let real_mechanism = (ck_mechanism_pkcs11_to_rpc_aux mechanism) in let real_attributes = (Array.map ck_attribute_pkcs11_to_rpc_aux attributes) in let ret = Pkcs11_rpc_clnt.P.V.c_derivekey (get_rpc_client rpc_client) (session_handle, real_mechanism, initial_key, real_attributes) in (ret.c_derivekey_rv , ret.c_derivekey_handle ) let _ = Callback.register "C_DeriveKey" c_DeriveKey let c_DigestInit session_handle mechanism = let real_mechanism = (ck_mechanism_pkcs11_to_rpc_aux mechanism) in let ret = Pkcs11_rpc_clnt.P.V.c_digestinit (get_rpc_client rpc_client) (session_handle, real_mechanism ) in ret let _ = Callback.register "C_DigestInit" c_DigestInit let c_Digest session_handle data = let real_data = (Pkcs11.char_array_to_string data) in let ret = Pkcs11_rpc_clnt.P.V.c_digest (get_rpc_client rpc_client) (session_handle, real_data ) in (ret.c_digest_rv , (Pkcs11.string_to_char_array ret.c_digest_value) ) let _ = Callback.register "C_Digest" c_Digest let c_DigestUpdate session_handle data = let real_data = (Pkcs11.char_array_to_string data) in let ret = Pkcs11_rpc_clnt.P.V.c_digestupdate (get_rpc_client rpc_client) (session_handle, real_data ) in ret let _ = Callback.register "C_DigestUpdate" c_DigestUpdate let c_DigestFinal session_handle = let ret = Pkcs11_rpc_clnt.P.V.c_digestfinal (get_rpc_client rpc_client) (session_handle) in (ret.c_digestfinal_rv , (Pkcs11.string_to_char_array ret.c_digestfinal_value) ) let _ = Callback.register "C_DigestFinal" c_DigestFinal let c_DigestKey session_handle object_handle = let ret = Pkcs11_rpc_clnt.P.V.c_digestkey (get_rpc_client rpc_client) (session_handle, object_handle ) in ret let _ = Callback.register "C_DigestKey" c_DigestKey let c_SignInit session_handle mechanism object_handle = let real_mechanism = (ck_mechanism_pkcs11_to_rpc_aux mechanism) in let ret = Pkcs11_rpc_clnt.P.V.c_signinit (get_rpc_client rpc_client) (session_handle, real_mechanism, object_handle) in ret let _ = Callback.register "C_SignInit" c_SignInit let c_Sign session_handle data = let real_data = (Pkcs11.char_array_to_string data) in let ret = Pkcs11_rpc_clnt.P.V.c_sign (get_rpc_client rpc_client) (session_handle, real_data ) in (ret.c_sign_rv , (Pkcs11.string_to_char_array ret.c_sign_value) ) let _ = Callback.register "C_Sign" c_Sign let c_SignUpdate session_handle data = let real_data = (Pkcs11.char_array_to_string data) in let ret = Pkcs11_rpc_clnt.P.V.c_signupdate (get_rpc_client rpc_client) (session_handle, real_data ) in ret let _ = Callback.register "C_SignUpdate" c_SignUpdate let c_SignFinal session_handle = let ret = Pkcs11_rpc_clnt.P.V.c_signfinal (get_rpc_client rpc_client) (session_handle) in (ret.c_signfinal_rv , (Pkcs11.string_to_char_array ret.c_signfinal_value) ) let _ = Callback.register "C_SignFinal" c_SignFinal let c_VerifyInit session_handle mechanism object_handle = let real_mechanism = (ck_mechanism_pkcs11_to_rpc_aux mechanism) in let ret = Pkcs11_rpc_clnt.P.V.c_verifyinit (get_rpc_client rpc_client) (session_handle, real_mechanism, object_handle) in ret let _ = Callback.register "C_VerifyInit" c_VerifyInit let c_Verify session_handle data signed_data = let real_data = (Pkcs11.char_array_to_string data) in let real_signed_data = (Pkcs11.char_array_to_string signed_data) in let ret = Pkcs11_rpc_clnt.P.V.c_verify (get_rpc_client rpc_client) (session_handle, real_data, real_signed_data) in ret let _ = Callback.register "C_Verify" c_Verify let c_VerifyUpdate session_handle data = let real_data = (Pkcs11.char_array_to_string data) in let ret = Pkcs11_rpc_clnt.P.V.c_verifyupdate (get_rpc_client rpc_client) (session_handle, real_data) in ret let _ = Callback.register "C_VerifyUpdate" c_VerifyUpdate let c_VerifyFinal session_handle data = let real_data = (Pkcs11.char_array_to_string data) in let ret = Pkcs11_rpc_clnt.P.V.c_verifyfinal (get_rpc_client rpc_client) (session_handle, real_data) in ret let _ = Callback.register "C_VerifyFinal" c_VerifyFinal let c_EncryptInit session_handle mechanism object_handle = let real_mechanism = (ck_mechanism_pkcs11_to_rpc_aux mechanism) in let ret = Pkcs11_rpc_clnt.P.V.c_encryptinit (get_rpc_client rpc_client) (session_handle, real_mechanism, object_handle) in ret let _ = Callback.register "C_EncryptInit" c_EncryptInit let c_Encrypt session_handle data = let real_data = (Pkcs11.char_array_to_string data) in let ret = Pkcs11_rpc_clnt.P.V.c_encrypt (get_rpc_client rpc_client) (session_handle, real_data ) in (ret.c_encrypt_rv , (Pkcs11.string_to_char_array ret.c_encrypt_value) ) let _ = Callback.register "C_Encrypt" c_Encrypt let c_EncryptUpdate session_handle data = let real_data = (Pkcs11.char_array_to_string data) in let ret = Pkcs11_rpc_clnt.P.V.c_encryptupdate (get_rpc_client rpc_client) (session_handle, real_data ) in (ret.c_encryptupdate_rv , (Pkcs11.string_to_char_array ret.c_encryptupdate_value) ) let _ = Callback.register "C_EncryptUpdate" c_EncryptUpdate let c_EncryptFinal session_handle = let ret = Pkcs11_rpc_clnt.P.V.c_encryptfinal (get_rpc_client rpc_client) (session_handle) in (ret.c_encryptfinal_rv , (Pkcs11.string_to_char_array ret.c_encryptfinal_value) ) let _ = Callback.register "C_EncryptFinal" c_EncryptFinal let c_DecryptInit session_handle mechanism object_handle = let real_mechanism = (ck_mechanism_pkcs11_to_rpc_aux mechanism) in let ret = Pkcs11_rpc_clnt.P.V.c_decryptinit (get_rpc_client rpc_client) (session_handle, real_mechanism, object_handle) in ret let _ = Callback.register "C_DecryptInit" c_DecryptInit let c_Decrypt session_handle data = let real_data = (Pkcs11.char_array_to_string data) in let ret = Pkcs11_rpc_clnt.P.V.c_decrypt (get_rpc_client rpc_client) (session_handle, real_data ) in (ret.c_decrypt_rv , (Pkcs11.string_to_char_array ret.c_decrypt_value) ) let _ = Callback.register "C_Decrypt" c_Decrypt let c_DecryptUpdate session_handle data = let real_data = (Pkcs11.char_array_to_string data) in let ret = Pkcs11_rpc_clnt.P.V.c_decryptupdate (get_rpc_client rpc_client) (session_handle, real_data ) in (ret.c_decryptupdate_rv , (Pkcs11.string_to_char_array ret.c_decryptupdate_value) ) let _ = Callback.register "C_DecryptUpdate" c_DecryptUpdate let c_DecryptFinal session_handle = let ret = Pkcs11_rpc_clnt.P.V.c_decryptfinal (get_rpc_client rpc_client) (session_handle) in (ret.c_decryptfinal_rv , (Pkcs11.string_to_char_array ret.c_decryptfinal_value) ) let _ = Callback.register "C_DecryptFinal" c_DecryptFinal let c_SignRecoverInit session_handle mechanism object_handle = let real_mechanism = (ck_mechanism_pkcs11_to_rpc_aux mechanism) in let ret = Pkcs11_rpc_clnt.P.V.c_signrecoverinit (get_rpc_client rpc_client) (session_handle, real_mechanism, object_handle) in ret let _ = Callback.register "C_SignRecoverInit" c_SignRecoverInit let c_SignRecover session_handle data = let real_data = (Pkcs11.char_array_to_string data) in let ret = Pkcs11_rpc_clnt.P.V.c_signrecover (get_rpc_client rpc_client) (session_handle, real_data ) in (ret.c_signrecover_rv , (Pkcs11.string_to_char_array ret.c_signrecover_value) ) let _ = Callback.register "C_SignRecover" c_SignRecover let c_VerifyRecoverInit session_handle mechanism object_handle = let real_mechanism = (ck_mechanism_pkcs11_to_rpc_aux mechanism) in let ret = Pkcs11_rpc_clnt.P.V.c_verifyrecoverinit (get_rpc_client rpc_client) (session_handle, real_mechanism, object_handle) in ret let _ = Callback.register "C_VerifyRecoverInit" c_VerifyRecoverInit let c_VerifyRecover session_handle data = let real_data = (Pkcs11.char_array_to_string data) in let ret = Pkcs11_rpc_clnt.P.V.c_verifyrecover (get_rpc_client rpc_client) (session_handle, real_data ) in (ret.c_verifyrecover_rv , (Pkcs11.string_to_char_array ret.c_verifyrecover_value) ) let _ = Callback.register "C_VerifyRecover" c_VerifyRecover let c_DigestEncryptUpdate session_handle data = let real_data = (Pkcs11.char_array_to_string data) in let ret = Pkcs11_rpc_clnt.P.V.c_digestencryptupdate (get_rpc_client rpc_client) (session_handle, real_data ) in (ret.c_digestencryptupdate_rv , (Pkcs11.string_to_char_array ret.c_digestencryptupdate_value) ) let _ = Callback.register "C_DigestEncryptUpdate" c_DigestEncryptUpdate let c_DecryptDigestUpdate session_handle data = let real_data = (Pkcs11.char_array_to_string data) in let ret = Pkcs11_rpc_clnt.P.V.c_decryptdigestupdate (get_rpc_client rpc_client) (session_handle, real_data ) in (ret.c_decryptdigestupdate_rv , (Pkcs11.string_to_char_array ret.c_decryptdigestupdate_value) ) let _ = Callback.register "C_DecryptDigestUpdate" c_DecryptDigestUpdate let c_SignEncryptUpdate session_handle data = let real_data = (Pkcs11.char_array_to_string data) in let ret = Pkcs11_rpc_clnt.P.V.c_signencryptupdate (get_rpc_client rpc_client) (session_handle, real_data ) in (ret.c_signencryptupdate_rv , (Pkcs11.string_to_char_array ret.c_signencryptupdate_value) ) let _ = Callback.register "C_SignEncryptUpdate" c_SignEncryptUpdate let c_DecryptVerifyUpdate session_handle data = let real_data = (Pkcs11.char_array_to_string data) in let ret = Pkcs11_rpc_clnt.P.V.c_decryptverifyupdate (get_rpc_client rpc_client) (session_handle, real_data ) in (ret.c_decryptverifyupdate_rv , (Pkcs11.string_to_char_array ret.c_decryptverifyupdate_value) ) let _ = Callback.register "C_DecryptVerifyUpdate" c_DecryptVerifyUpdate let c_GetOperationState session_handle = let ret = Pkcs11_rpc_clnt.P.V.c_getoperationstate (get_rpc_client rpc_client) (session_handle) in (ret.c_getoperationstate_rv , (Pkcs11.string_to_char_array ret.c_getoperationstate_value) ) let _ = Callback.register "C_GetOperationState" c_GetOperationState let c_SetOperationState session_handle state encryption_handle authentication_handle = let real_state = (Pkcs11.char_array_to_string state) in let ret = Pkcs11_rpc_clnt.P.V.c_setoperationstate (get_rpc_client rpc_client) (session_handle, real_state, encryption_handle, authentication_handle) in ret let _ = Callback.register "C_SetOperationState" c_SetOperationState let c_GetFunctionStatus session_handle = let ret = Pkcs11_rpc_clnt.P.V.c_getfunctionstatus (get_rpc_client rpc_client) (session_handle) in ret let _ = Callback.register "C_GetFunctionStatus" c_GetFunctionStatus let c_CancelFunction session_handle = let ret = Pkcs11_rpc_clnt.P.V.c_cancelfunction (get_rpc_client rpc_client) (session_handle) in ret let _ = Callback.register "C_CancelFunction" c_CancelFunction caml-crush-1.0.12/src/client-lib/modwrap.c000066400000000000000000001271031414774042300202710ustar00rootroot00000000000000/*------------------------ MIT License HEADER ------------------------------------ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the client library 5] source tree: -------------------- | 5] Client library | | -------- | | | | PKCS#11 | | | |functions| | -------- | -------------------- | | { PKCS#11 INTERFACE } | APPLICATION Project: PKCS#11 Filtering Proxy File: src/client-lib/modwrap.c -------------------------- MIT License HEADER ----------------------------------*/ /* bindings include */ /* We only redefine the custom allocs if we are building */ /* the C client (in the case of the OCaml client, we use */ /* the bindings). */ #ifdef CRPC #define CUSTOM_ALLOC #endif #include "modwrap.h" #define MODNAME "caml-crush: " /* Wrap around pthread for Windows as we do not want * the pthread dependency on this platform */ #ifdef WIN32 void pthread_mutex_init(LPCRITICAL_SECTION mymutex, void *useless){ InitializeCriticalSection(mymutex); return; } void pthread_mutex_lock(LPCRITICAL_SECTION mymutex){ EnterCriticalSection(mymutex); return; } void pthread_mutex_unlock(LPCRITICAL_SECTION mymutex){ LeaveCriticalSection(mymutex); return; } void pthread_mutex_destroy(LPCRITICAL_SECTION mymutex){ DeleteCriticalSection(mymutex); return; } #endif /* -------------------------------- */ /* Linked list functions */ /* Add an element in the linked list */ p11_request_struct *add_element_to_list(ck_session_handle_t session, unsigned long operation_type, unsigned char *in, unsigned long in_len, unsigned char *out, unsigned long out_len) { p11_request_struct *node, *newnode; #ifndef CAMLRPC pthread_mutex_lock(&linkedlist_mutex); #endif newnode = (p11_request_struct *) custom_malloc(sizeof(p11_request_struct)); if (request_data == NULL) { request_data = newnode; } else { node = request_data; node->next = newnode; } newnode->session = session; newnode->operation_type = operation_type; newnode->in = in; newnode->in_len = in_len; newnode->out = out; newnode->out_len = out_len; newnode->next = NULL; #ifndef CAMLRPC pthread_mutex_unlock(&linkedlist_mutex); #endif return newnode; } /* Remove a node from the linked list */ int remove_elements_from_filtering_list(ck_session_handle_t session, unsigned long operation_type, unsigned char *in, unsigned long in_len) { p11_request_struct *node, *prevnode; unsigned int tremove = 0; node = request_data; prevnode = NULL; #ifndef CAMLRPC pthread_mutex_lock(&linkedlist_mutex); #endif while (node != NULL) { tremove = 0; if (node->session == session) { tremove++; } if (node->operation_type == operation_type) { tremove++; } if (node->in == in) { tremove++; } if (node->in_len == in_len) { tremove++; } if (tremove == 4) { /* Head case */ if (prevnode == NULL) { request_data = node->next; /* Let's free our local output buffer if allocated */ if (node->out != NULL) { custom_free((void **)(&node->out)); } custom_free((void **)(&node)); node = request_data; } /* Non-head case */ else { prevnode->next = node->next; /* Let's free our local output buffer if allocated */ if (node->out != NULL) { custom_free((void **)(&node->out)); } custom_free((void **)(&node)); node = prevnode->next; } } else { prevnode = node; node = node->next; } } #ifndef CAMLRPC pthread_mutex_unlock(&linkedlist_mutex); #endif return 0; } /* Remove a node from the linked list */ int remove_all_elements_from_filtering_list() { p11_request_struct *node, *currnode; node = request_data; #ifndef CAMLRPC pthread_mutex_lock(&linkedlist_mutex); #endif while (node != NULL) { /* Let's free our local output buffer if allocated */ currnode = node->next; if (node->out != NULL) { custom_free((void **)(&node->out)); } custom_free((void **)(&node)); node = currnode; } #ifndef CAMLRPC pthread_mutex_unlock(&linkedlist_mutex); #endif return 0; } /* Check if a node is inside the linked list according to matching criteria */ p11_request_struct *check_element_in_filtering_list(ck_session_handle_t session, unsigned long operation_type, unsigned char *in, unsigned long in_len) { p11_request_struct *node; unsigned long found = 0; node = request_data; #ifndef CAMLRPC pthread_mutex_lock(&linkedlist_mutex); #endif while (node != NULL) { found = 0; if (node->session == session) { found++; } if (node->operation_type == operation_type) { found++; } if (node->in == in) { found++; } if (node->in_len == in_len) { found++; } if (found == 4) { #ifndef CAMLRPC pthread_mutex_unlock(&linkedlist_mutex); #endif return node; } node = node->next; } #ifndef CAMLRPC pthread_mutex_unlock(&linkedlist_mutex); #endif return NULL; } /* Check if a node is inside the linked list according to session/op type, * this is needed to check if a result was given and the client has not * yet fetched it. */ p11_request_struct *check_operation_active_in_filtering_list(ck_session_handle_t session, unsigned long operation_type) { p11_request_struct *node; unsigned long found = 0; node = request_data; #ifndef CAMLRPC pthread_mutex_lock(&linkedlist_mutex); #endif while (node != NULL) { found = 0; if (node->session == session) { found++; } if (node->operation_type == operation_type) { found++; } if (found == 2) { #ifndef CAMLRPC pthread_mutex_unlock(&linkedlist_mutex); #endif return node; } node = node->next; } #ifndef CAMLRPC pthread_mutex_unlock(&linkedlist_mutex); #endif return NULL; } /* -------------------------------- */ /* Common sanitization function */ void custom_sanitize_ck_mechanism(struct ck_mechanism *mech) { /* FIXME: We only sanitize the most commonly used mechanisms. * This should also be done for other mechs that do not require params. */ switch ((*mech).mechanism) { case CKM_RSA_PKCS: case CKM_RSA_9796: case CKM_RSA_X_509: case CKM_MD2_RSA_PKCS: case CKM_MD5_RSA_PKCS: case CKM_SHA1_RSA_PKCS: case CKM_RIPEMD128_RSA_PKCS: case CKM_RIPEMD160_RSA_PKCS: case CKM_RSA_X9_31: case CKM_SHA1_RSA_X9_31: case CKM_DSA: case CKM_DSA_SHA1: case CKM_SHA256_RSA_PKCS: case CKM_SHA384_RSA_PKCS: case CKM_SHA512_RSA_PKCS: case CKM_SHA224_RSA_PKCS: { (*mech).parameter = NULL; (*mech).parameter_len = 0; } /* Fallthrough */ default: { if ((*mech).parameter_len > MAX_BUFF_LEN) { #ifdef DEBUG fprintf(stderr, MODNAME"Detected garbage mech_params passing NULL,0 instead\n"); #endif (*mech).parameter_len = 0; (*mech).parameter = NULL; } } } } /* Functions when LIBNAME is read from a file */ #ifdef LIBNAME_FILE /* Portable getline() function */ size_t mygetline(char *lineptr, FILE *stream) { char *p = lineptr; int c; if (lineptr == NULL) { fprintf(stderr, MODNAME"mygetline: lineptr is NULL\n"); return -1; } if (stream == NULL) { fprintf(stderr, MODNAME"mygetline: stream is NULL\n"); return -1; } c = fgetc(stream); if (c == EOF) { return -1; } while(c != EOF) { if ((p - lineptr) > (MAX_LIBNAME_LEN - 1)) { fprintf(stderr, MODNAME"mygetline: line is > to %d\n", MAX_LIBNAME_LEN); return -2; } *p++ = c; c = fgetc(stream); if (c == '\n') { break; } } *p++ = '\0'; return p - lineptr - 1; } /* Function that returns the parsed LIBNAME from a file * the file is located in $HOME/.camlcrushlibname, caller has * to free the passed libname parameter. */ int get_libname_from_file(char *libname){ int count; char *home; size_t home_len = 0; char *file_path; size_t file_path_len = 0; FILE *file; home = getenv("HOME"); if(!home){ fprintf(stderr, MODNAME"get_libname_from_file: HOME variable not found\n"); return -1; } home_len = strnlen(home, MAX_ENV_LEN); file_path_len = home_len + strlen(LIBNAME_FILE_NAME) + 2; file_path = custom_malloc(file_path_len); if(!file_path){ fprintf(stderr, MODNAME"get_libname_from_file: malloc failed\n"); return -1; } memset(file_path, 0, file_path_len); strncat(file_path, home, home_len); strncat(file_path+home_len, "/", 1); strncat(file_path+home_len+1, LIBNAME_FILE_NAME, strlen(LIBNAME_FILE_NAME)); file = fopen(file_path, "r"); if(!file){ fprintf(stderr, MODNAME"get_libname_from_file: open failed for file %s\n",file_path); return -1; } count = mygetline(libname, file); if(count < 0){ fprintf(stderr, MODNAME"get_libname_from_file: LIBNAME could not be read\n"); return -1; } fclose(file); custom_free((void**)&file_path); return 0; } #endif /* LIBNAME_FILE */ /* Keep the pid of current process */ #ifndef WIN32 static pid_t local_pid = 0; #endif static ck_rv_t init_rv; /* Init function is called when loading library */ #ifndef WIN32 __attribute__ ((constructor)) #endif void init() { ck_rv_t ret; /* libname override through environment variable */ char *libname; #ifdef LIBNAME_FILE char libname_file[32] = {0}; #endif init_rv = CKR_OK; /* Store the PID to match it in case of a fork */ #ifndef WIN32 local_pid = getpid(); #endif /* Initialize global variables */ pthread_mutex_init(&mutex, NULL); #ifndef CAMLRPC pthread_mutex_init(&linkedlist_mutex, NULL); #endif is_Blocking = 0; request_data = NULL; /* Initialize architecture detection */ peer_arch = 0; my_arch = 0; /* try to find user-defined libname alias */ libname = getenv(ENV_LIBNAME); if(libname != NULL){ /* Use environment variable for libname alias */ #ifdef CAMLRPC ret = init_ml(libname); #else ret = init_c(libname); #endif } else{ #ifdef LIBNAME_FILE /* Find the LIBNAME in a file */ if(get_libname_from_file(libname_file) != 0){ fprintf(stderr, MODNAME"Init failed, could not find a LIBNAME\n"); init_rv = CKR_DEVICE_ERROR; goto fail; } #ifdef CAMLRPC ret = init_ml(libname_file); #else ret = init_c(libname_file); #endif #else /* Use the default built-in libname */ #ifdef CAMLRPC ret = init_ml(xstr(LIBNAME)); #else ret = init_c(xstr(LIBNAME)); #endif #endif /* LIBNAME_FILE */ } /* Did we manage to detect arch ? */ if ((peer_arch == 0 || peer_arch == 5) || (my_arch == 0 || my_arch == 5)) { fprintf(stderr, MODNAME"C_SetupArch: failed detecting architecture\n"); init_rv = CKR_DEVICE_ERROR; goto fail; } if (ret != CKR_OK) { if(libname != NULL){ fprintf(stderr, MODNAME"C_LoadModule: failed loading PKCS#11 module %s (read from env)\n", libname); } else{ #ifdef LIBNAME_FILE fprintf(stderr, MODNAME"C_LoadModule: failed loading PKCS#11 module %s (read from file)\n", libname_file); #else fprintf(stderr, MODNAME"C_LoadModule: failed loading PKCS#11 module %s (builtin)\n", xstr(LIBNAME)); #endif } fprintf(stderr, MODNAME"Init failed\n"); init_rv = CKR_DEVICE_ERROR; goto fail; } return; fail: pthread_mutex_destroy(&mutex); #ifndef CAMLRPC pthread_mutex_destroy(&linkedlist_mutex); #endif } /* Disconnect all stuff */ #ifndef WIN32 __attribute__ ((destructor)) #endif void destroy() { #ifdef CAMLRPC destroy_ml(); #else destroy_c(); #endif /* destroy all remaining elements in linked list */ remove_all_elements_from_filtering_list(); return; } /* Windows initialization */ #ifdef WIN32 BOOLEAN WINAPI DllMain(IN HINSTANCE hDllHandle, IN DWORD nReason, IN LPVOID Reserved){ BOOLEAN bSuccess = TRUE; switch(nReason){ case DLL_PROCESS_ATTACH: init(); break; case DLL_PROCESS_DETACH: destroy(); break; } return bSuccess; } #endif /* -------------------------------- */ /* Trampoline PKCS#11 functions */ struct ck_function_list function_list = { {2, 20}, C_Initialize, C_Finalize, C_GetInfo, C_GetFunctionList, C_GetSlotList, C_GetSlotInfo, C_GetTokenInfo, C_GetMechanismList, C_GetMechanismInfo, C_InitToken, C_InitPIN, C_SetPIN, C_OpenSession, C_CloseSession, C_CloseAllSessions, C_GetSessionInfo, C_GetOperationState, C_SetOperationState, C_Login, C_Logout, C_CreateObject, C_CopyObject, C_DestroyObject, C_GetObjectSize, C_GetAttributeValue, C_SetAttributeValue, C_FindObjectsInit, C_FindObjects, C_FindObjectsFinal, C_EncryptInit, C_Encrypt, C_EncryptUpdate, C_EncryptFinal, C_DecryptInit, C_Decrypt, C_DecryptUpdate, C_DecryptFinal, C_DigestInit, C_Digest, C_DigestUpdate, C_DigestKey, C_DigestFinal, C_SignInit, C_Sign, C_SignUpdate, C_SignFinal, C_SignRecoverInit, C_SignRecover, C_VerifyInit, C_Verify, C_VerifyUpdate, C_VerifyFinal, C_VerifyRecoverInit, C_VerifyRecover, C_DigestEncryptUpdate, C_DecryptDigestUpdate, C_SignEncryptUpdate, C_DecryptVerifyUpdate, C_GenerateKey, C_GenerateKeyPair, C_WrapKey, C_UnwrapKey, C_DeriveKey, C_SeedRandom, C_GenerateRandom, C_GetFunctionStatus, C_CancelFunction, C_WaitForSlotEvent }; ck_rv_t C_Initialize(void *init_args) { ck_rv_t ret; check_pid; if (init_rv != CKR_OK) return init_rv; pthread_mutex_lock(&mutex); #ifdef CAMLRPC ret = myC_Initialize(init_args); #else ret = myC_Initialize_C(init_args); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_Finalize(void *init_args) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_Finalize(init_args); #else ret = myC_Finalize_C(init_args); #endif if (ret == CKR_OK) { /* If some thread are blocking, signal them that we've finalized */ if (is_Blocking == 1) { is_Blocking = 2; } } pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_GetSlotList(CK_BBOOL input0, ck_slot_id_t * output2, unsigned long *output3) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_GetSlotList(input0, output2, output3); #else ret = myC_GetSlotList_C(input0, output2, output3); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_GetInfo(struct ck_info * output0) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_GetInfo(output0); #else ret = myC_GetInfo_C(output0); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_WaitForSlotEvent(ck_flags_t input0, ck_slot_id_t * output1, void *reserved) { ck_rv_t ret; check_pid; if (input0 == CKF_DONT_BLOCK) { #ifdef DEBUG fprintf(stderr, MODNAME"\nC_WaitForSlotEvent called with non block\n"); #endif pthread_mutex_lock(&mutex); #ifdef CAMLRPC ret = myC_WaitForSlotEvent(input0, output1, reserved); #else ret = myC_WaitForSlotEvent_C(input0, output1, reserved); #endif pthread_mutex_unlock(&mutex); return ret; } else { #ifdef DEBUG fprintf(stderr, MODNAME"\nC_WaitForSlotEvent called with block, return\n"); #endif while (1) { /* FIXME: usleep migth be deprecated in favor of nanosleep */ #ifdef WIN32 Sleep(100); #else usleep(50000); #endif pthread_mutex_lock(&mutex); /* Did we C_Finalize? */ if (is_Blocking == 2) { pthread_mutex_unlock(&mutex); #ifdef DEBUG printf ("\nC_WaitForSlotEvent RETURN because someone called C_Finalize\n"); #endif return CKR_CRYPTOKI_NOT_INITIALIZED; } #ifdef CAMLRPC ret = myC_WaitForSlotEvent(CKF_DONT_BLOCK, output1, reserved); #else ret = myC_WaitForSlotEvent_C(CKF_DONT_BLOCK, output1, reserved); #endif /* No event, we'll block some more */ if (ret == CKR_NO_EVENT) { is_Blocking = 1; #ifdef DEBUG fprintf(stderr, MODNAME"\nC_WaitForSlotEvent NO EVENT, keep BLOCKING\n"); #endif } /* Got an event, we'll return */ else { is_Blocking = 0; #ifdef DEBUG fprintf(stderr, MODNAME"\nC_WaitForSlotEvent GOT EVENT\n"); #endif } pthread_mutex_unlock(&mutex); if (ret != CKR_NO_EVENT) { return ret; } } } } ck_rv_t C_GetSlotInfo(ck_slot_id_t input0, struct ck_slot_info * output1) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_GetSlotInfo(input0, output1); #else ret = myC_GetSlotInfo_C(input0, output1); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_GetTokenInfo(ck_slot_id_t input0, struct ck_token_info * output1) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_GetTokenInfo(input0, output1); #else ret = myC_GetTokenInfo_C(input0, output1); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_InitToken(ck_slot_id_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *input2) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_InitToken(input0, input1, input1_len, input2); #else ret = myC_InitToken_C(input0, input1, input1_len, input2); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_OpenSession(ck_slot_id_t input0, ck_flags_t input1, void *application, ck_notify_t notify, ck_session_handle_t * output2) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_OpenSession(input0, input1, application, notify, output2); #else ret = myC_OpenSession_C(input0, input1, application, notify, output2); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_CloseSession(ck_session_handle_t input0) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_CloseSession(input0); #else ret = myC_CloseSession_C(input0); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_CloseAllSessions(ck_slot_id_t input0) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_CloseAllSessions(input0); #else ret = myC_CloseAllSessions_C(input0); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_GetSessionInfo(ck_session_handle_t input0, struct ck_session_info * output1) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_GetSessionInfo(input0, output1); #else ret = myC_GetSessionInfo_C(input0, output1); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_Login(ck_session_handle_t input0, ck_user_type_t input1, unsigned char *input2, unsigned long input2_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_Login(input0, input1, input2, input2_len); #else ret = myC_Login_C(input0, input1, input2, input2_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_Logout(ck_session_handle_t input0) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_Logout(input0); #else ret = myC_Logout_C(input0); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_GetMechanismList(ck_slot_id_t input0, ck_mechanism_type_t * output2, unsigned long *output3) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_GetMechanismList(input0, output2, output3); #else ret = myC_GetMechanismList_C(input0, output2, output3); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_GetMechanismInfo(ck_slot_id_t input0, ck_mechanism_type_t input1, struct ck_mechanism_info * output2) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_GetMechanismInfo(input0, input1, output2); #else ret = myC_GetMechanismInfo_C(input0, input1, output2); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_InitPIN(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_InitPIN(input0, input1, input1_len); #else ret = myC_InitPIN_C(input0, input1, input1_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_SetPIN(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *input2, unsigned long input2_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_SetPIN(input0, input1, input1_len, input2, input2_len); #else ret = myC_SetPIN_C(input0, input1, input1_len, input2, input2_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_SeedRandom(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_SeedRandom(input0, input1, input1_len); #else ret = myC_SeedRandom_C(input0, input1, input1_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_GenerateRandom(ck_session_handle_t input0, unsigned char *output2, unsigned long output2_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_GenerateRandom(input0, output2, output2_len); #else ret = myC_GenerateRandom_C(input0, output2, output2_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_GetOperationState(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_GetOperationState(input0, output1, output1_len); #else ret = myC_GetOperationState_C(input0, output1, output1_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_SetOperationState(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, ck_object_handle_t input2, ck_object_handle_t input3) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_SetOperationState(input0, input1, input1_len, input2, input3); #else ret = myC_SetOperationState_C(input0, input1, input1_len, input2, input3); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_FindObjectsInit(ck_session_handle_t input0, CK_ATTRIBUTE * input1, unsigned long count) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_FindObjectsInit(input0, input1, count); #else ret = myC_FindObjectsInit_C(input0, input1, count); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_FindObjects(ck_session_handle_t input0, ck_object_handle_t * output2, unsigned long input1, unsigned long *output3) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_FindObjects(input0, output2, input1, output3); #else ret = myC_FindObjects_C(input0, output2, input1, output3); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_FindObjectsFinal(ck_session_handle_t input0) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_FindObjectsFinal(input0); #else ret = myC_FindObjectsFinal_C(input0); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_GenerateKey(ck_session_handle_t input0, struct ck_mechanism * input1, CK_ATTRIBUTE * input2, unsigned long count, ck_object_handle_t * output3) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_GenerateKey(input0, input1, input2, count, output3); #else ret = myC_GenerateKey_C(input0, input1, input2, count, output3); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_GenerateKeyPair(ck_session_handle_t input0, struct ck_mechanism * input1, CK_ATTRIBUTE * input2, unsigned long count, CK_ATTRIBUTE * input3, unsigned long count2, ck_object_handle_t * output4, ck_object_handle_t * output5) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_GenerateKeyPair(input0, input1, input2, count, input3, count2, output4, output5); #else ret = myC_GenerateKeyPair_C(input0, input1, input2, count, input3, count2, output4, output5); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_CreateObject(ck_session_handle_t input0, CK_ATTRIBUTE * input1, unsigned long count, ck_object_handle_t * output2) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_CreateObject(input0, input1, count, output2); #else ret = myC_CreateObject_C(input0, input1, count, output2); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_CopyObject(ck_session_handle_t input0, ck_object_handle_t input1, CK_ATTRIBUTE * input2, unsigned long count, ck_object_handle_t * output3) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_CopyObject(input0, input1, input2, count, output3); #else ret = myC_CopyObject_C(input0, input1, input2, count, output3); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_DestroyObject(ck_session_handle_t input0, ck_object_handle_t input1) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_DestroyObject(input0, input1); #else ret = myC_DestroyObject_C(input0, input1); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_GetAttributeValue(ck_session_handle_t input0, ck_object_handle_t input1, struct ck_attribute * input2, unsigned long input3) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_GetAttributeValue(input0, input1, input2, input3); #else ret = myC_GetAttributeValue_C(input0, input1, input2, input3); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_SetAttributeValue(ck_session_handle_t input0, ck_object_handle_t input1, CK_ATTRIBUTE * input2, unsigned long count) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_SetAttributeValue(input0, input1, input2, count); #else ret = myC_SetAttributeValue_C(input0, input1, input2, count); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_GetObjectSize(ck_session_handle_t input0, ck_object_handle_t input1, unsigned long *output2) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_GetObjectSize(input0, input1, output2); #else ret = myC_GetObjectSize_C(input0, input1, output2); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_WrapKey(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2, ck_object_handle_t input3, unsigned char *output4, unsigned long *output4_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_WrapKey(input0, input1, input2, input3, output4, output4_len); #else ret = myC_WrapKey_C(input0, input1, input2, input3, output4, output4_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_UnwrapKey(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2, unsigned char *input3, unsigned long input3_len, CK_ATTRIBUTE * input4, unsigned long count, ck_object_handle_t * output5) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_UnwrapKey(input0, input1, input2, input3, input3_len, input4, count, output5); #else ret = myC_UnwrapKey_C(input0, input1, input2, input3, input3_len, input4, count, output5); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_DeriveKey(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2, CK_ATTRIBUTE * input3, unsigned long count, ck_object_handle_t * output4) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_DeriveKey(input0, input1, input2, input3, count, output4); #else ret = myC_DeriveKey_C(input0, input1, input2, input3, count, output4); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_DigestInit(ck_session_handle_t input0, struct ck_mechanism * input1) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_DigestInit(input0, input1); #else ret = myC_DigestInit_C(input0, input1); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_Digest(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_Digest(input0, input1, input1_len, output2, output2_len); #else ret = myC_Digest_C(input0, input1, input1_len, output2, output2_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_DigestUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_DigestUpdate(input0, input1, input1_len); #else ret = myC_DigestUpdate_C(input0, input1, input1_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_DigestFinal(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_DigestFinal(input0, output1, output1_len); #else ret = myC_DigestFinal_C(input0, output1, output1_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_DigestKey(ck_session_handle_t input0, ck_object_handle_t input1) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_DigestKey(input0, input1); #else ret = myC_DigestKey_C(input0, input1); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_SignInit(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_SignInit(input0, input1, input2); #else ret = myC_SignInit_C(input0, input1, input2); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_Sign(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_Sign(input0, input1, input1_len, output2, output2_len); #else ret = myC_Sign_C(input0, input1, input1_len, output2, output2_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_SignUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_SignUpdate(input0, input1, input1_len); #else ret = myC_SignUpdate_C(input0, input1, input1_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_SignFinal(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_SignFinal(input0, output1, output1_len); #else ret = myC_SignFinal_C(input0, output1, output1_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_SignRecoverInit(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_SignRecoverInit(input0, input1, input2); #else ret = myC_SignRecoverInit_C(input0, input1, input2); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_SignRecover(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_SignRecover(input0, input1, input1_len, output2, output2_len); #else ret = myC_SignRecover_C(input0, input1, input1_len, output2, output2_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_VerifyRecoverInit(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_VerifyRecoverInit(input0, input1, input2); #else ret = myC_VerifyRecoverInit_C(input0, input1, input2); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_VerifyInit(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_VerifyInit(input0, input1, input2); #else ret = myC_VerifyInit_C(input0, input1, input2); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_Verify(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *input2, unsigned long input2_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_Verify(input0, input1, input1_len, input2, input2_len); #else ret = myC_Verify_C(input0, input1, input1_len, input2, input2_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_VerifyUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_VerifyUpdate(input0, input1, input1_len); #else ret = myC_VerifyUpdate_C(input0, input1, input1_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_VerifyFinal(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_VerifyFinal(input0, input1, input1_len); #else ret = myC_VerifyFinal_C(input0, input1, input1_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_VerifyRecover(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_VerifyRecover(input0, input1, input1_len, output2, output2_len); #else ret = myC_VerifyRecover_C(input0, input1, input1_len, output2, output2_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_EncryptInit(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_EncryptInit(input0, input1, input2); #else ret = myC_EncryptInit_C(input0, input1, input2); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_Encrypt(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_Encrypt(input0, input1, input1_len, output2, output2_len); #else ret = myC_Encrypt_C(input0, input1, input1_len, output2, output2_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_EncryptUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_EncryptUpdate(input0, input1, input1_len, output2, output2_len); #else ret = myC_EncryptUpdate_C(input0, input1, input1_len, output2, output2_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_EncryptFinal(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_EncryptFinal(input0, output1, output1_len); #else ret = myC_EncryptFinal_C(input0, output1, output1_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_DigestEncryptUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_DigestEncryptUpdate(input0, input1, input1_len, output2, output2_len); #else ret = myC_DigestEncryptUpdate_C(input0, input1, input1_len, output2, output2_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_SignEncryptUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_SignEncryptUpdate(input0, input1, input1_len, output2, output2_len); #else ret = myC_SignEncryptUpdate_C(input0, input1, input1_len, output2, output2_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_DecryptInit(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_DecryptInit(input0, input1, input2); #else ret = myC_DecryptInit_C(input0, input1, input2); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_Decrypt(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_Decrypt(input0, input1, input1_len, output2, output2_len); #else ret = myC_Decrypt_C(input0, input1, input1_len, output2, output2_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_DecryptUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_DecryptUpdate(input0, input1, input1_len, output2, output2_len); #else ret = myC_DecryptUpdate_C(input0, input1, input1_len, output2, output2_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_DecryptFinal(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_DecryptFinal(input0, output1, output1_len); #else ret = myC_DecryptFinal_C(input0, output1, output1_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_DecryptDigestUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_DecryptDigestUpdate(input0, input1, input1_len, output2, output2_len); #else ret = myC_DecryptDigestUpdate_C(input0, input1, input1_len, output2, output2_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_DecryptVerifyUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_DecryptVerifyUpdate(input0, input1, input1_len, output2, output2_len); #else ret = myC_DecryptVerifyUpdate_C(input0, input1, input1_len, output2, output2_len); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_GetFunctionStatus(ck_session_handle_t input0) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_GetFunctionStatus(input0); #else ret = myC_GetFunctionStatus_C(input0); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_CancelFunction(ck_session_handle_t input0) { ck_rv_t ret; pthread_mutex_lock(&mutex); check_pid; #ifdef CAMLRPC ret = myC_CancelFunction(input0); #else ret = myC_CancelFunction_C(input0); #endif pthread_mutex_unlock(&mutex); return ret; } ck_rv_t C_GetFunctionList(struct ck_function_list ** ppFunctionList) { if (ppFunctionList == NULL) { #ifdef DEBUG fprintf(stderr, MODNAME"C_GetFunctionList: ppFunctionList must not be a NULL_PTR\n"); #endif return CKR_ARGUMENTS_BAD; } #ifdef DEBUG fprintf(stderr, MODNAME"Got ppFunctionList = 0x%p\n", (void *)(&function_list)); #endif *ppFunctionList = &function_list; return CKR_OK; } caml-crush-1.0.12/src/client-lib/modwrap.h000066400000000000000000001503201414774042300202730ustar00rootroot00000000000000/*------------------------ MIT License HEADER ------------------------------------ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the client library 5] source tree: -------------------- | 5] Client library | | -------- | | | | PKCS#11 | | | |functions| | -------- | -------------------- | | { PKCS#11 INTERFACE } | APPLICATION Project: PKCS#11 Filtering Proxy File: src/client-lib/modwrap.h -------------------------- MIT License HEADER ----------------------------------*/ #ifdef CAMLRPC #include #include #include #include #include #include #include #ifdef Custom_tag #include #include #endif #include #endif #include #ifndef WIN32 #include #include #endif /* Only meaningful for WIN32 */ #define CRYPTOKI_EXPORTS #include "helpers_pkcs11.h" /* Check for a socket type */ #if !defined(TCP_SOCKET) && !defined(UNIX_SOCKET) #error "No socket defined at compile time" #endif /* UNIX_SOCKET on Mac OS X is not supported */ #if defined(UNIX_SOCKET) && defined(__APPLE__) #error "Sorry, Apple implementation of XDR RPC does not support UNIX sockets, please use TCP" #endif /* This macro is used to check if the process was forked. * If that is the case, the library must be re-initialized. * However, we also have to free resources previously allocated * by the parent process, we therefore call destroy() and * instanciate another connection with the PKCS#11 proxy using * init(). * FIXME: this might not affect WIN32 clients, ignore it for now. */ #ifndef WIN32 #define check_pid do{\ pid_t current_pid = getpid();\ if (local_pid != current_pid){\ destroy();\ local_pid = current_pid;\ init();\ }\ } while(0); #else #define check_pid do{\ } while(0); #endif /* Wrap return code to adapt it to CRPC/CAMLRPC */ #ifdef CRPC #define Return(x) do { return x; } while(0); #else #define Return(x) do { CAMLreturn(x); } while(0); #endif /* Macro to check RPC status */ #define check_rpc_status(operation_type) do {\ if(cl == NULL){\ DEBUG_CALL(operation_type, " RPC context is not properly initialized, RPC server reachable ?\n");\ return CKR_GENERAL_ERROR;\ }\ } while(0); /* Macro to factorize check of results */ #define check_linked_list(operation_type, operation_cst, input0, input1, input1_len, output2, output2_len) do {\ /* Remember previous calls */\ elem = check_element_in_filtering_list(input0, operation_cst, input1, input1_len);\ if (elem != NULL) {\ if (output2 == NULL) {\ \ DEBUG_CALL(operation_type, "was called again with NULL output buffer\n");\ \ *output2_len = elem->out_len;\ Return(CKR_OK);\ }\ if (*output2_len < elem->out_len) {\ \ DEBUG_CALL(operation_type, "was called with an output buffer too small\n");\ \ *output2_len = elem->out_len;\ Return(CKR_BUFFER_TOO_SMALL);\ } else {\ /* buffer size is enough, copy back and remove item from list */\ DEBUG_CALL(operation_type, "Buffer given is big enough, let's copy data back\n");\ memcpy(output2, elem->out, elem->out_len);\ *output2_len = elem->out_len;\ remove_elements_from_filtering_list(input0, operation_cst, input1,\ input1_len);\ Return(CKR_OK);\ }\ }\ } while(0); #ifdef CRPC /* add_op_element_to_list for CAMLRPC */ #define add_op_element_to_list(operation_type, operation_cst, input0, input1, input1_len, output2, output2_len) do {\ elem = add_element_to_list(input0, operation_cst, input1, input1_len, output2,\ *output2_len);\ elem->out_len = ret.c_ ## operation_type ## _value.c_ ## operation_type ## _value_len;\ elem->out = custom_malloc(elem->out_len * sizeof(unsigned char));\ memcpy(elem->out, ret.c_ ## operation_type ## _value.c_ ## operation_type ## _value_val,\ ret.c_ ## operation_type ## _value.c_ ## operation_type ## _value_len);\ *output2_len = elem->out_len;\ custom_free((void**)&ret.c_ ## operation_type ## _value.c_ ## operation_type ## _value_val);\ } while(0); #else /* add_op_element_to_list for CAMLRPC */ #define add_op_element_to_list(operation_type, operation_cst, input0, input1, input1_len, output2, output2_len) do {\ elem = add_element_to_list(input0, operation_cst, input1, input1_len, output2,\ *output2_len);\ elem->out = custom_malloc(Wosize_val(Field(tuple, 1)) * sizeof(unsigned char));\ custom_pkcs11_ml2c_char_array_to_buffer(Field(tuple, 1), elem->out, &elem->out_len);\ camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL);\ *output2_len = elem->out_len;\ } while(0); #endif #ifdef CRPC /* handle_linked_list for CRPC */ #define handle_linked_list(operation_type, operation_cst, input0, input1, input1_len, output2, output2_len) do {\ if (ret.c_ ## operation_type ## _rv == CKR_OK) {\ if (output2 == NULL) {\ add_op_element_to_list(operation_type, operation_cst, input0, input1, input1_len, output2, output2_len);\ return ret.c_ ## operation_type ## _rv;\ }\ if (*output2_len < ret.c_ ## operation_type ## _value.c_ ## operation_type ## _value_len) {\ add_op_element_to_list(operation_type, operation_cst, input0, input1, input1_len, output2, output2_len);\ return CKR_BUFFER_TOO_SMALL;\ }\ }\ /* Normal case when called with already allocated stuff */\ *output2_len = ret.c_ ## operation_type ## _value.c_ ## operation_type ## _value_len;\ memcpy(output2, ret.c_ ## operation_type ## _value.c_ ## operation_type ## _value_val,\ ret.c_ ## operation_type ## _value.c_ ## operation_type ## _value_len);\ custom_free((void**)&ret.c_ ## operation_type ## _value.c_ ## operation_type ## _value_val);\ return ret.c_ ## operation_type ## _rv;\ } while(0); #else /* handle_linked_list for CAMLRPC */ #define handle_linked_list(operation_type, operation_cst, input0, input1, input1_len, output2, output2_len) do {\ if (ret == CKR_OK) {\ if (output2 == NULL) {\ add_op_element_to_list(operation_type, operation_cst, input0, input1, input1_len, output2, output2_len);\ CAMLreturn(ret);\ }\ if (*output2_len < Wosize_val(Field(tuple, 1))) {\ add_op_element_to_list(operation_type, operation_cst, input0, input1, input1_len, output2, output2_len);\ CAMLreturn(CKR_BUFFER_TOO_SMALL);\ }\ }\ /* Normal case when called with already allocated stuff */\ custom_pkcs11_ml2c_char_array_to_buffer(Field(tuple, 1), output2, output2_len);\ CAMLreturn(ret);\ } while(0); #endif /* Macro to adapt to different version or RPCGEN */ #ifdef CRPC /* MACRO to intialize the ret */ #ifdef RPCGEN_MT #define init_ret do {\ memset (&ret, 0, sizeof (ret));\ } while(0); #else #define init_ret do {\ } while(0); #endif /* MACRO to check the return status of the RPC */ #ifdef RPCGEN_MT #define assert_rpc\ if (retval != RPC_SUCCESS) #else #define assert_rpc \ if (pret == NULL) #endif #endif /* bindings include */ #include "pkcs11.h" /* rpc C include */ /* We only include the rpc headers if we compile the CRPC */ #ifdef CRPC #include "pkcs11_rpc.h" #endif /* Workaround to support RPC timeout with UNIX socket * eglibc does not set ct_waitset with clnt_control. * Until this is patched upstream we do it the ugly way * by redefining the opaque ct_data structure and setting * the boolean ourselves. */ #if defined(CRPC) && defined(UNIX_SOCKET) && defined(_CS_GNU_LIBC_VERSION) #define MCALL_MSG_SIZE 24 #if !defined(WITH_TIRPC) && !defined(WITH_SSL) struct ct_data { int ct_sock; bool_t ct_closeit; struct timeval ct_wait; bool_t ct_waitset; struct sockaddr_un ct_addr; struct rpc_err ct_error; char ct_mcall[MCALL_MSG_SIZE]; u_int ct_mpos; XDR ct_xdrs; }; #elif !defined(WITH_SSL) /* XXX FIXME: this ugly stuff is fragile as it does not take into consideration structure packing */ struct ct_data { int ct_sock; /* connection's fd */ void *ct_fd_lock; bool_t ct_closeit; /* close it on destroy */ struct timeval ct_wait; /* wait interval in milliseconds */ bool_t ct_waitset; /* wait set by clnt_control? */ struct netbuf ct_addr; struct rpc_err ct_error; union { char ct_mcallc[MCALL_MSG_SIZE]; /* marshalled callmsg */ u_int32_t ct_mcalli; } ct_u; u_int ct_mpos; /* pos after marshal */ XDR ct_xdrs; /* XDR stream */ }; #endif #endif /* gethostbyname include */ #ifdef TCP_SOCKET #ifdef WIN32 #include #else #include #endif #define MAX_HOSTNAME_LEN 1024 #endif #ifdef LIBNAME_FILE #define MAX_LIBNAME_LEN 32 /* LIBNAME e.g. "softhsm", "opensc", ... */ #define LIBNAME_FILE_NAME ".camlcrushlibname" #define MAX_ENV_LEN 128 size_t mygetline(char *, FILE *); int get_libname_from_file(char *); #endif #ifdef WITH_SSL #ifdef WIN32 #include #else #include #endif #include void override_net_functions(CLIENT *); int readnet(char *, char *, int); int writenet(char *, char *, int); #define MCALL_MSG_SIZE 24 #ifndef WITH_TIRPC /* XXX FIXME: this ugly stuff is fragile as it does not take into consideration structure packing */ struct ct_data { int ct_sock; bool_t ct_closeit; struct timeval ct_wait; bool_t ct_waitset; /* wait set by clnt_control? */ #ifdef UNIX_SOCKET struct sockaddr_un ct_addr; #else struct sockaddr_in ct_addr; #endif struct rpc_err ct_error; char ct_mcall[MCALL_MSG_SIZE]; /* marshalled callmsg */ u_int ct_mpos; /* pos after marshal */ XDR ct_xdrs; }; #else /* XXX FIXME: this ugly stuff is fragile as it does not take into consideration structure packing */ struct ct_data { int ct_sock; /* connection's fd */ void *ct_fd_lock; bool_t ct_closeit; /* close it on destroy */ struct timeval ct_wait; /* wait interval in milliseconds */ bool_t ct_waitset; /* wait set by clnt_control? */ struct netbuf ct_addr; struct rpc_err ct_error; union { char ct_mcallc[MCALL_MSG_SIZE]; /* marshalled callmsg */ u_int32_t ct_mcalli; } ct_u; u_int ct_mpos; /* pos after marshal */ XDR ct_xdrs; /* XDR stream */ }; #endif int provision_certificates(void); #endif /* GNUTLS SSL */ #ifdef GNU_TLS #include int start_gnutls(int sock); int purge_gnutls(void); void print_info(gnutls_session_t gsession); /* Global variables for GNU_TLS */ unsigned char gnutls_global_session_allocated; gnutls_session_t gnutls_global_session; unsigned char xcred_allocated; gnutls_certificate_credentials_t xcred; #endif /* OpenSSL */ #if defined(WITH_SSL) && !defined(GNU_TLS) #include int start_openssl(int sock); int purge_openssl(void); SSL_CTX *ctx; SSL *ssl; #endif /* Environment variable holding the socket path to override */ /* the default built-in one */ #define ENV_SOCKET_PATH_NAME "PKCS11PROXY_SOCKET_PATH" /* Environment variable holding the library alias name to override */ /* the default built-in one */ #define ENV_LIBNAME "PKCS11PROXY_LIBNAME" #define RPC_DEFAULT_TIMEOUT 25UL /* Environment variable to override default RPC_TIMEOUT */ #define ENV_RPC_TIMEOUT "PKCS11PROXY_RPC_TIMEOUT" /* --------- PKCS#11 useful defines - */ #define CKR_OK (0UL) #define CKR_GENERAL_ERROR (5UL) #define CKR_ARGUMENTS_BAD (7UL) #define CKR_BUFFER_TOO_SMALL (0x150UL) #define CKR_OPERATION_ACTIVE (0x90L) #define CKR_FUNCTION_NOT_SUPPORTED (0x54UL) #define CKR_DEVICE_ERROR (0x00000030UL) /* Defines imported to match mechanism in sanitize function */ #define CKM_RSA_PKCS (1UL) #define CKM_RSA_9796 (2UL) #define CKM_RSA_X_509 (3UL) #define CKM_MD2_RSA_PKCS (4UL) #define CKM_MD5_RSA_PKCS (5UL) #define CKM_SHA1_RSA_PKCS (6UL) #define CKM_RIPEMD128_RSA_PKCS (7UL) #define CKM_RIPEMD160_RSA_PKCS (8UL) #define CKM_RSA_X9_31 (0xbUL) #define CKM_SHA1_RSA_X9_31 (0xcUL) #define CKM_DSA (0x11UL) #define CKM_DSA_SHA1 (0x12UL) #define CKM_SHA256_RSA_PKCS (0x40UL) #define CKM_SHA384_RSA_PKCS (0x41UL) #define CKM_SHA512_RSA_PKCS (0x42UL) #define CKM_SHA224_RSA_PKCS (0x46UL) #define CKM_VENDOR_DEFINED ((unsigned long) (1UL << 31)) /* C_WaitForSlotEvent */ #define CKF_DONT_BLOCK (1UL) #define CKR_NO_EVENT (8UL) #define CKR_CRYPTOKI_NOT_INITIALIZED (0x190UL) /* PKCS11 function declaration (copyed from true pkcs11.h */ typedef ck_rv_t(*ck_notify_t) (ck_session_handle_t session, ck_notification_t event, void *application); #if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) /* There is a matching pop below. */ #pragma pack(push, cryptoki, 1) #ifdef CRYPTOKI_EXPORTS #define CK_SPEC __declspec(dllexport) #else #define CK_SPEC __declspec(dllimport) #endif #else #define CK_SPEC #endif struct ck_function_list; #define _CK_DECLARE_FUNCTION(name, args) \ typedef ck_rv_t (*CK_ ## name) args; \ ck_rv_t CK_SPEC name args _CK_DECLARE_FUNCTION(C_Initialize, (void *init_args)); _CK_DECLARE_FUNCTION(C_Finalize, (void *reserved)); _CK_DECLARE_FUNCTION(C_GetInfo, (struct ck_info * info)); _CK_DECLARE_FUNCTION(C_GetFunctionList, (struct ck_function_list ** function_list)); _CK_DECLARE_FUNCTION(C_GetSlotList, (unsigned char token_present, ck_slot_id_t * slot_list, unsigned long *count)); _CK_DECLARE_FUNCTION(C_GetSlotInfo, (ck_slot_id_t slot_id, struct ck_slot_info * info)); _CK_DECLARE_FUNCTION(C_GetTokenInfo, (ck_slot_id_t slot_id, struct ck_token_info * info)); _CK_DECLARE_FUNCTION(C_WaitForSlotEvent, (ck_flags_t flags, ck_slot_id_t * slot, void *reserved)); _CK_DECLARE_FUNCTION(C_GetMechanismList, (ck_slot_id_t slot_id, ck_mechanism_type_t * mechanism_list, unsigned long *count)); _CK_DECLARE_FUNCTION(C_GetMechanismInfo, (ck_slot_id_t slot_id, ck_mechanism_type_t type, struct ck_mechanism_info * info)); _CK_DECLARE_FUNCTION(C_InitToken, (ck_slot_id_t slot_id, unsigned char *pin, unsigned long pin_len, unsigned char *label)); _CK_DECLARE_FUNCTION(C_InitPIN, (ck_session_handle_t session, unsigned char *pin, unsigned long pin_len)); _CK_DECLARE_FUNCTION(C_SetPIN, (ck_session_handle_t session, unsigned char *old_pin, unsigned long old_len, unsigned char *new_pin, unsigned long new_len)); _CK_DECLARE_FUNCTION(C_OpenSession, (ck_slot_id_t slot_id, ck_flags_t flags, void *application, ck_notify_t notify, ck_session_handle_t * session)); _CK_DECLARE_FUNCTION(C_CloseSession, (ck_session_handle_t session)); _CK_DECLARE_FUNCTION(C_CloseAllSessions, (ck_slot_id_t slot_id)); _CK_DECLARE_FUNCTION(C_GetSessionInfo, (ck_session_handle_t session, struct ck_session_info * info)); _CK_DECLARE_FUNCTION(C_GetOperationState, (ck_session_handle_t session, unsigned char *operation_state, unsigned long *operation_state_len)); _CK_DECLARE_FUNCTION(C_SetOperationState, (ck_session_handle_t session, unsigned char *operation_state, unsigned long operation_state_len, ck_object_handle_t encryption_key, ck_object_handle_t authentiation_key)); _CK_DECLARE_FUNCTION(C_Login, (ck_session_handle_t session, ck_user_type_t user_type, unsigned char *pin, unsigned long pin_len)); _CK_DECLARE_FUNCTION(C_Logout, (ck_session_handle_t session)); _CK_DECLARE_FUNCTION(C_CreateObject, (ck_session_handle_t session, struct ck_attribute * templ, unsigned long count, ck_object_handle_t * object)); _CK_DECLARE_FUNCTION(C_CopyObject, (ck_session_handle_t session, ck_object_handle_t object, struct ck_attribute * templ, unsigned long count, ck_object_handle_t * new_object)); _CK_DECLARE_FUNCTION(C_DestroyObject, (ck_session_handle_t session, ck_object_handle_t object)); _CK_DECLARE_FUNCTION(C_GetObjectSize, (ck_session_handle_t session, ck_object_handle_t object, unsigned long *size)); _CK_DECLARE_FUNCTION(C_GetAttributeValue, (ck_session_handle_t session, ck_object_handle_t object, struct ck_attribute * templ, unsigned long count)); _CK_DECLARE_FUNCTION(C_SetAttributeValue, (ck_session_handle_t session, ck_object_handle_t object, struct ck_attribute * templ, unsigned long count)); _CK_DECLARE_FUNCTION(C_FindObjectsInit, (ck_session_handle_t session, struct ck_attribute * templ, unsigned long count)); _CK_DECLARE_FUNCTION(C_FindObjects, (ck_session_handle_t session, ck_object_handle_t * object, unsigned long max_object_count, unsigned long *object_count)); _CK_DECLARE_FUNCTION(C_FindObjectsFinal, (ck_session_handle_t session)); _CK_DECLARE_FUNCTION(C_EncryptInit, (ck_session_handle_t session, struct ck_mechanism * mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION(C_Encrypt, (ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *encrypted_data, unsigned long *encrypted_data_len)); _CK_DECLARE_FUNCTION(C_EncryptUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len, unsigned char *encrypted_part, unsigned long *encrypted_part_len)); _CK_DECLARE_FUNCTION(C_EncryptFinal, (ck_session_handle_t session, unsigned char *last_encrypted_part, unsigned long *last_encrypted_part_len)); _CK_DECLARE_FUNCTION(C_DecryptInit, (ck_session_handle_t session, struct ck_mechanism * mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION(C_Decrypt, (ck_session_handle_t session, unsigned char *encrypted_data, unsigned long encrypted_data_len, unsigned char *data, unsigned long *data_len)); _CK_DECLARE_FUNCTION(C_DecryptUpdate, (ck_session_handle_t session, unsigned char *encrypted_part, unsigned long encrypted_part_len, unsigned char *part, unsigned long *part_len)); _CK_DECLARE_FUNCTION(C_DecryptFinal, (ck_session_handle_t session, unsigned char *last_part, unsigned long *last_part_len)); _CK_DECLARE_FUNCTION(C_DigestInit, (ck_session_handle_t session, struct ck_mechanism * mechanism)); _CK_DECLARE_FUNCTION(C_Digest, (ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *digest, unsigned long *digest_len)); _CK_DECLARE_FUNCTION(C_DigestUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len)); _CK_DECLARE_FUNCTION(C_DigestKey, (ck_session_handle_t session, ck_object_handle_t key)); _CK_DECLARE_FUNCTION(C_DigestFinal, (ck_session_handle_t session, unsigned char *digest, unsigned long *digest_len)); _CK_DECLARE_FUNCTION(C_SignInit, (ck_session_handle_t session, struct ck_mechanism * mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION(C_Sign, (ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *signature, unsigned long *signature_len)); _CK_DECLARE_FUNCTION(C_SignUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len)); _CK_DECLARE_FUNCTION(C_SignFinal, (ck_session_handle_t session, unsigned char *signature, unsigned long *signature_len)); _CK_DECLARE_FUNCTION(C_SignRecoverInit, (ck_session_handle_t session, struct ck_mechanism * mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION(C_SignRecover, (ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *signature, unsigned long *signature_len)); _CK_DECLARE_FUNCTION(C_VerifyInit, (ck_session_handle_t session, struct ck_mechanism * mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION(C_Verify, (ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *signature, unsigned long signature_len)); _CK_DECLARE_FUNCTION(C_VerifyUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len)); _CK_DECLARE_FUNCTION(C_VerifyFinal, (ck_session_handle_t session, unsigned char *signature, unsigned long signature_len)); _CK_DECLARE_FUNCTION(C_VerifyRecoverInit, (ck_session_handle_t session, struct ck_mechanism * mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION(C_VerifyRecover, (ck_session_handle_t session, unsigned char *signature, unsigned long signature_len, unsigned char *data, unsigned long *data_len)); _CK_DECLARE_FUNCTION(C_DigestEncryptUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len, unsigned char *encrypted_part, unsigned long *encrypted_part_len)); _CK_DECLARE_FUNCTION(C_DecryptDigestUpdate, (ck_session_handle_t session, unsigned char *encrypted_part, unsigned long encrypted_part_len, unsigned char *part, unsigned long *part_len)); _CK_DECLARE_FUNCTION(C_SignEncryptUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len, unsigned char *encrypted_part, unsigned long *encrypted_part_len)); _CK_DECLARE_FUNCTION(C_DecryptVerifyUpdate, (ck_session_handle_t session, unsigned char *encrypted_part, unsigned long encrypted_part_len, unsigned char *part, unsigned long *part_len)); _CK_DECLARE_FUNCTION(C_GenerateKey, (ck_session_handle_t session, struct ck_mechanism * mechanism, struct ck_attribute * templ, unsigned long count, ck_object_handle_t * key)); _CK_DECLARE_FUNCTION(C_GenerateKeyPair, (ck_session_handle_t session, struct ck_mechanism * mechanism, struct ck_attribute * public_key_template, unsigned long public_key_attribute_count, struct ck_attribute * private_key_template, unsigned long private_key_attribute_count, ck_object_handle_t * public_key, ck_object_handle_t * private_key)); _CK_DECLARE_FUNCTION(C_WrapKey, (ck_session_handle_t session, struct ck_mechanism * mechanism, ck_object_handle_t wrapping_key, ck_object_handle_t key, unsigned char *wrapped_key, unsigned long *wrapped_key_len)); _CK_DECLARE_FUNCTION(C_UnwrapKey, (ck_session_handle_t session, struct ck_mechanism * mechanism, ck_object_handle_t unwrapping_key, unsigned char *wrapped_key, unsigned long wrapped_key_len, struct ck_attribute * templ, unsigned long attribute_count, ck_object_handle_t * key)); _CK_DECLARE_FUNCTION(C_DeriveKey, (ck_session_handle_t session, struct ck_mechanism * mechanism, ck_object_handle_t base_key, struct ck_attribute * templ, unsigned long attribute_count, ck_object_handle_t * key)); _CK_DECLARE_FUNCTION(C_SeedRandom, (ck_session_handle_t session, unsigned char *seed, unsigned long seed_len)); _CK_DECLARE_FUNCTION(C_GenerateRandom, (ck_session_handle_t session, unsigned char *random_data, unsigned long random_len)); _CK_DECLARE_FUNCTION(C_GetFunctionStatus, (ck_session_handle_t session)); _CK_DECLARE_FUNCTION(C_CancelFunction, (ck_session_handle_t session)); struct ck_function_list { struct ck_version version; CK_C_Initialize C_Initialize; CK_C_Finalize C_Finalize; CK_C_GetInfo C_GetInfo; CK_C_GetFunctionList C_GetFunctionList; CK_C_GetSlotList C_GetSlotList; CK_C_GetSlotInfo C_GetSlotInfo; CK_C_GetTokenInfo C_GetTokenInfo; CK_C_GetMechanismList C_GetMechanismList; CK_C_GetMechanismInfo C_GetMechanismInfo; CK_C_InitToken C_InitToken; CK_C_InitPIN C_InitPIN; CK_C_SetPIN C_SetPIN; CK_C_OpenSession C_OpenSession; CK_C_CloseSession C_CloseSession; CK_C_CloseAllSessions C_CloseAllSessions; CK_C_GetSessionInfo C_GetSessionInfo; CK_C_GetOperationState C_GetOperationState; CK_C_SetOperationState C_SetOperationState; CK_C_Login C_Login; CK_C_Logout C_Logout; CK_C_CreateObject C_CreateObject; CK_C_CopyObject C_CopyObject; CK_C_DestroyObject C_DestroyObject; CK_C_GetObjectSize C_GetObjectSize; CK_C_GetAttributeValue C_GetAttributeValue; CK_C_SetAttributeValue C_SetAttributeValue; CK_C_FindObjectsInit C_FindObjectsInit; CK_C_FindObjects C_FindObjects; CK_C_FindObjectsFinal C_FindObjectsFinal; CK_C_EncryptInit C_EncryptInit; CK_C_Encrypt C_Encrypt; CK_C_EncryptUpdate C_EncryptUpdate; CK_C_EncryptFinal C_EncryptFinal; CK_C_DecryptInit C_DecryptInit; CK_C_Decrypt C_Decrypt; CK_C_DecryptUpdate C_DecryptUpdate; CK_C_DecryptFinal C_DecryptFinal; CK_C_DigestInit C_DigestInit; CK_C_Digest C_Digest; CK_C_DigestUpdate C_DigestUpdate; CK_C_DigestKey C_DigestKey; CK_C_DigestFinal C_DigestFinal; CK_C_SignInit C_SignInit; CK_C_Sign C_Sign; CK_C_SignUpdate C_SignUpdate; CK_C_SignFinal C_SignFinal; CK_C_SignRecoverInit C_SignRecoverInit; CK_C_SignRecover C_SignRecover; CK_C_VerifyInit C_VerifyInit; CK_C_Verify C_Verify; CK_C_VerifyUpdate C_VerifyUpdate; CK_C_VerifyFinal C_VerifyFinal; CK_C_VerifyRecoverInit C_VerifyRecoverInit; CK_C_VerifyRecover C_VerifyRecover; CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; CK_C_SignEncryptUpdate C_SignEncryptUpdate; CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; CK_C_GenerateKey C_GenerateKey; CK_C_GenerateKeyPair C_GenerateKeyPair; CK_C_WrapKey C_WrapKey; CK_C_UnwrapKey C_UnwrapKey; CK_C_DeriveKey C_DeriveKey; CK_C_SeedRandom C_SeedRandom; CK_C_GenerateRandom C_GenerateRandom; CK_C_GetFunctionStatus C_GetFunctionStatus; CK_C_CancelFunction C_CancelFunction; CK_C_WaitForSlotEvent C_WaitForSlotEvent; }; #if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) #pragma pack(pop, cryptoki) #endif /* ----------- LINKED LIST ---------- */ /* Linked structure */ typedef struct p11_request_struct_ { /* Session handle */ ck_session_handle_t session; /* Operation type (Sign, Encrypt, ...) */ unsigned long operation_type; unsigned char *in; unsigned long in_len; unsigned char *out; unsigned long out_len; /* Pointer to the nex node */ struct p11_request_struct_ *next; } p11_request_struct; /* Linked list global variable */ p11_request_struct *request_data; /* Linked list operation discriminant */ enum op_types { SIGN_OP, ENCRYPT_OP, DECRYPT_OP, DIGEST_OP, ENCRYPT_UPDATE_OP, DECRYPT_UPDATE_OP, SIGN_FINAL_OP, ENCRYPT_FINAL_OP, DECRYPT_FINAL_OP, DIGEST_FINAL_OP, SIGN_RECOVER_OP, VERIFY_RECOVER_OP, DIGEST_ENCRYPT_UPDATE_OP, DECRYPT_DIGEST_UPDATE_OP, SIGN_ENCRYPT_UPDATE_OP, DECRYPT_VERIFY_UPDATE_OP, WRAPKEY_OP, GETOPERATION_STATE_OP } op_type; /* Size allocated to keep data in linked list */ /* TODO: try to do a better job than allocating a huge chunk */ #define MAX_BUFF_LEN 2048 /* Wrap around pthread for Windows as we do not want * the pthread dependency on this platform */ #ifdef WIN32 typedef CRITICAL_SECTION pthread_mutex_t; void pthread_mutex_init(LPCRITICAL_SECTION mutex, void *useless); void pthread_mutex_lock(LPCRITICAL_SECTION mutex); void pthread_mutex_unlock(LPCRITICAL_SECTION mutex); #endif /* ----------- GLOBAL MUTEX ---------- */ /* Global mutex to avoid concurrency issues */ #ifndef CAMLRPC pthread_mutex_t linkedlist_mutex; #endif pthread_mutex_t mutex; /* TODO: cheap way to synchronize, might not work in all cases C_WaitForSlotEvent case 0 -> No one is waiting 1 -> C_WaitForSlotEvent is waiting 2 -> C_Finalize was called while a waiting, used to signal */ volatile unsigned long is_Blocking; /* ----------- COMPILER HELPER for passing LIBRARY NAME to LoadModule ---------- */ #if !defined(LIBNAME) && !defined(LIBNAME_FILE) #error "NO LIBNAME PROVIDED: YOU MUST PROVIDE ONE!" #endif #define xstr(s) str(s) #define str(s) #s /* modwrap.c */ p11_request_struct *add_element_to_list(ck_session_handle_t session, unsigned long operation_type, unsigned char *in, unsigned long in_len, unsigned char *out, unsigned long out_len); int remove_elements_from_filtering_list(ck_session_handle_t session, unsigned long operation_type, unsigned char *in, unsigned long in_len); int remove_all_elements_from_filtering_list(void); p11_request_struct *check_element_in_filtering_list(ck_session_handle_t session, unsigned long operation_type, unsigned char *in, unsigned long in_len); p11_request_struct *check_operation_active_in_filtering_list(ck_session_handle_t session, unsigned long operation_type); void custom_sanitize_ck_mechanism(struct ck_mechanism *mech); #ifdef CAMLRPC value custom_c2ml_pkcs11_struct_ck_mechanism(struct ck_mechanism *_c1, camlidl_ctx _ctx); value custom_pkcs11_c2ml_buffer_to_ck_attribute_array(struct ck_attribute *array, unsigned long array_len, camlidl_ctx _ctx); void custom_ml2c_pkcs11_struct_ck_attribute(value _v1, struct ck_attribute *_c2, camlidl_ctx _ctx, unsigned long ret); int custom_pkcs11_ml2c_ck_attribute_array_to_buffer(value _v_data, struct ck_attribute *array, unsigned long *array_len, camlidl_ctx _ctx, unsigned long ret); value custom_pkcs11_c2ml_buffer_to_char_array(unsigned char *array, unsigned long array_len); int custom_pkcs11_ml2c_char_array_to_buffer(value _v_data, unsigned char *array, unsigned long *array_len); #endif void init(void); ck_rv_t init_ml(const char *); ck_rv_t init_c(const char *); void destroy(void); void destroy_c(void); void destroy_ml(void); /* P11 OCAML RPC functions */ ck_rv_t myRPC_connect(void); ck_rv_t myC_SetupArch(void); ck_rv_t myC_Initialize(void *init_args); ck_rv_t myC_Finalize(void *init_args); ck_rv_t myC_GetSlotList(CK_BBOOL input0, ck_slot_id_t * output2, unsigned long *output3); ck_rv_t myC_GetInfo(struct ck_info *output0); ck_rv_t myC_WaitForSlotEvent(ck_flags_t input0, ck_slot_id_t * output1, void *reserved); ck_rv_t myC_GetSlotInfo(ck_slot_id_t input0, struct ck_slot_info *output1); ck_rv_t myC_GetTokenInfo(ck_slot_id_t input0, struct ck_token_info *output1); ck_rv_t myC_InitToken(ck_slot_id_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *input2); ck_rv_t myC_OpenSession(ck_slot_id_t input0, ck_flags_t input1, void *application, ck_notify_t notify, ck_session_handle_t * output2); ck_rv_t myC_CloseSession(ck_session_handle_t input0); ck_rv_t myC_CloseAllSessions(ck_slot_id_t input0); ck_rv_t myC_GetSessionInfo(ck_session_handle_t input0, struct ck_session_info *output1); ck_rv_t myC_Login(ck_session_handle_t input0, ck_user_type_t input1, unsigned char *input2, unsigned long input2_len); ck_rv_t myC_Logout(ck_session_handle_t input0); ck_rv_t myC_GetMechanismList(ck_slot_id_t input0, ck_mechanism_type_t * output2, unsigned long *output3); ck_rv_t myC_GetMechanismInfo(ck_slot_id_t input0, ck_mechanism_type_t input1, struct ck_mechanism_info *output2); ck_rv_t myC_InitPIN(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len); ck_rv_t myC_SetPIN(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *input2, unsigned long input2_len); ck_rv_t myC_SeedRandom(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len); ck_rv_t myC_GenerateRandom(ck_session_handle_t input0, unsigned char *output2, unsigned long output2_len); ck_rv_t myC_GetOperationState(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len); ck_rv_t myC_SetOperationState(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, ck_object_handle_t input2, ck_object_handle_t input3); ck_rv_t myC_FindObjectsInit(ck_session_handle_t input0, CK_ATTRIBUTE * input1, unsigned long count); ck_rv_t myC_FindObjects(ck_session_handle_t input0, ck_object_handle_t * output2, unsigned long input1, unsigned long *output3); ck_rv_t myC_FindObjectsFinal(ck_session_handle_t input0); ck_rv_t myC_GenerateKey(ck_session_handle_t input0, struct ck_mechanism *input1, CK_ATTRIBUTE * input2, unsigned long count, ck_object_handle_t * output3); ck_rv_t myC_GenerateKeyPair(ck_session_handle_t input0, struct ck_mechanism *input1, CK_ATTRIBUTE * input2, unsigned long count, CK_ATTRIBUTE * input3, unsigned long count2, ck_object_handle_t * output4, ck_object_handle_t * output5); ck_rv_t myC_CreateObject(ck_session_handle_t input0, CK_ATTRIBUTE * input1, unsigned long count, ck_object_handle_t * output2); ck_rv_t myC_CopyObject(ck_session_handle_t input0, ck_object_handle_t input1, CK_ATTRIBUTE * input2, unsigned long count, ck_object_handle_t * output3); ck_rv_t myC_DestroyObject(ck_session_handle_t input0, ck_object_handle_t input1); ck_rv_t myC_GetAttributeValue(ck_session_handle_t input0, ck_object_handle_t input1, struct ck_attribute *input2, unsigned long input3); ck_rv_t myC_SetAttributeValue(ck_session_handle_t input0, ck_object_handle_t input1, CK_ATTRIBUTE * input2, unsigned long count); ck_rv_t myC_GetObjectSize(ck_session_handle_t input0, ck_object_handle_t input1, unsigned long *output2); ck_rv_t myC_WrapKey(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2, ck_object_handle_t input3, unsigned char *output4, unsigned long *output4_len); ck_rv_t myC_UnwrapKey(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2, unsigned char *input3, unsigned long input3_len, CK_ATTRIBUTE * input4, unsigned long count, ck_object_handle_t * output5); ck_rv_t myC_DeriveKey(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2, CK_ATTRIBUTE * input3, unsigned long count, ck_object_handle_t * output4); ck_rv_t myC_DigestInit(ck_session_handle_t input0, struct ck_mechanism *input1); ck_rv_t myC_Digest(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_DigestUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len); ck_rv_t myC_DigestFinal(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len); ck_rv_t myC_DigestKey(ck_session_handle_t input0, ck_object_handle_t input1); ck_rv_t myC_SignInit(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2); ck_rv_t myC_Sign(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_SignUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len); ck_rv_t myC_SignFinal(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len); ck_rv_t myC_SignRecoverInit(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2); ck_rv_t myC_SignRecover(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_VerifyRecoverInit(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2); ck_rv_t myC_VerifyInit(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2); ck_rv_t myC_Verify(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *input2, unsigned long input2_len); ck_rv_t myC_VerifyUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len); ck_rv_t myC_VerifyFinal(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len); ck_rv_t myC_VerifyRecover(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_EncryptInit(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2); ck_rv_t myC_Encrypt(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_EncryptUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_EncryptFinal(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len); ck_rv_t myC_DigestEncryptUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_SignEncryptUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_DecryptInit(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2); ck_rv_t myC_Decrypt(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_DecryptUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_DecryptFinal(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len); ck_rv_t myC_DecryptDigestUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_DecryptVerifyUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_GetFunctionStatus(ck_session_handle_t input0); ck_rv_t myC_CancelFunction(ck_session_handle_t input0); ck_rv_t myC_LoadModule(const char *libname); /* P11 C RPC functions */ #ifdef CRPC void deserialize_rpc_ck_version(struct ck_version *out, struct rpc_ck_version *in); void deserialize_rpc_ck_info(struct ck_info *out, struct rpc_ck_info *in); void deserialize_rpc_ck_slot_info(struct ck_slot_info *out, struct rpc_ck_slot_info *in); void deserialize_rpc_ck_token_info(struct ck_token_info *out, struct rpc_ck_token_info *in); void deserialize_rpc_ck_mechanism(struct ck_mechanism *out, struct rpc_ck_mechanism *in); void deserialize_rpc_ck_session_info(struct ck_session_info *out, struct rpc_ck_session_info *in); void deserialize_rpc_ck_mechanism_info(struct ck_mechanism_info *out, struct rpc_ck_mechanism_info *in); void deserialize_rpc_ck_attribute(struct ck_attribute *out, struct rpc_ck_attribute *in, ck_rv_t ret); void deserialize_rpc_ck_attribute_array(struct ck_attribute *out, rpc_ck_attribute_array * in, ck_rv_t ret); void deserialize_rpc_ck_date(struct ck_date *out, struct rpc_ck_date *in); void serialize_rpc_ck_attribute(struct ck_attribute *in, struct rpc_ck_attribute *out); void free_rpc_ck_attribute(rpc_ck_attribute * in); void serialize_rpc_ck_attribute_array(struct ck_attribute *in, unsigned long in_len, rpc_ck_attribute_array * out); void free_rpc_ck_attribute_array(rpc_ck_attribute_array * in); void serialize_rpc_ck_mechanism(struct ck_mechanism *in, struct rpc_ck_mechanism *out); void free_rpc_ck_mechanism(rpc_ck_mechanism * in); void parse_socket_path(const char *socket_path, struct sockaddr_in *serv_addr); #endif ck_rv_t myC_SetupArch_C(void); ck_rv_t myC_Initialize_C(void *init_args); ck_rv_t myC_Finalize_C(void *init_args); ck_rv_t myC_GetSlotList_C(CK_BBOOL input0, ck_slot_id_t * output2, unsigned long *output3); ck_rv_t myC_GetInfo_C(struct ck_info *output0); ck_rv_t myC_WaitForSlotEvent_C(ck_flags_t input0, ck_slot_id_t * output1, void *reserved); ck_rv_t myC_GetSlotInfo_C(ck_slot_id_t input0, struct ck_slot_info *output1); ck_rv_t myC_GetTokenInfo_C(ck_slot_id_t input0, struct ck_token_info *output1); ck_rv_t myC_InitToken_C(ck_slot_id_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *input2); ck_rv_t myC_OpenSession_C(ck_slot_id_t input0, ck_flags_t input1, void *application, ck_notify_t notify, ck_session_handle_t * output2); ck_rv_t myC_CloseSession_C(ck_session_handle_t input0); ck_rv_t myC_CloseAllSessions_C(ck_slot_id_t input0); ck_rv_t myC_GetSessionInfo_C(ck_session_handle_t input0, struct ck_session_info *output1); ck_rv_t myC_Login_C(ck_session_handle_t input0, ck_user_type_t input1, unsigned char *input2, unsigned long input2_len); ck_rv_t myC_Logout_C(ck_session_handle_t input0); ck_rv_t myC_GetMechanismList_C(ck_slot_id_t input0, ck_mechanism_type_t * output2, unsigned long *output3); ck_rv_t myC_GetMechanismInfo_C(ck_slot_id_t input0, ck_mechanism_type_t input1, struct ck_mechanism_info *output2); ck_rv_t myC_InitPIN_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len); ck_rv_t myC_SetPIN_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *input2, unsigned long input2_len); ck_rv_t myC_SeedRandom_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len); ck_rv_t myC_GenerateRandom_C(ck_session_handle_t input0, unsigned char *output2, unsigned long output2_len); ck_rv_t myC_GetOperationState_C(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len); ck_rv_t myC_SetOperationState_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, ck_object_handle_t input2, ck_object_handle_t input3); ck_rv_t myC_FindObjectsInit_C(ck_session_handle_t input0, CK_ATTRIBUTE * input1, unsigned long count); ck_rv_t myC_FindObjects_C(ck_session_handle_t input0, ck_object_handle_t * output2, unsigned long input1, unsigned long *output3); ck_rv_t myC_FindObjectsFinal_C(ck_session_handle_t input0); ck_rv_t myC_GenerateKey_C(ck_session_handle_t input0, struct ck_mechanism *input1, CK_ATTRIBUTE * input2, unsigned long count, ck_object_handle_t * output3); ck_rv_t myC_GenerateKeyPair_C(ck_session_handle_t input0, struct ck_mechanism *input1, CK_ATTRIBUTE * input2, unsigned long count, CK_ATTRIBUTE * input3, unsigned long count2, ck_object_handle_t * output4, ck_object_handle_t * output5); ck_rv_t myC_CreateObject_C(ck_session_handle_t input0, CK_ATTRIBUTE * input1, unsigned long count, ck_object_handle_t * output2); ck_rv_t myC_CopyObject_C(ck_session_handle_t input0, ck_object_handle_t input1, CK_ATTRIBUTE * input2, unsigned long count, ck_object_handle_t * output3); ck_rv_t myC_DestroyObject_C(ck_session_handle_t input0, ck_object_handle_t input1); ck_rv_t myC_GetAttributeValue_C(ck_session_handle_t input0, ck_object_handle_t input1, struct ck_attribute *input2, unsigned long input3); ck_rv_t myC_SetAttributeValue_C(ck_session_handle_t input0, ck_object_handle_t input1, CK_ATTRIBUTE * input2, unsigned long count); ck_rv_t myC_GetObjectSize_C(ck_session_handle_t input0, ck_object_handle_t input1, unsigned long *output2); ck_rv_t myC_WrapKey_C(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2, ck_object_handle_t input3, unsigned char *output4, unsigned long *output4_len); ck_rv_t myC_UnwrapKey_C(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2, unsigned char *input3, unsigned long input3_len, CK_ATTRIBUTE * input4, unsigned long count, ck_object_handle_t * output5); ck_rv_t myC_DeriveKey_C(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2, CK_ATTRIBUTE * input3, unsigned long count, ck_object_handle_t * output4); ck_rv_t myC_DigestInit_C(ck_session_handle_t input0, struct ck_mechanism *input1); ck_rv_t myC_Digest_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_DigestUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len); ck_rv_t myC_DigestFinal_C(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len); ck_rv_t myC_DigestKey_C(ck_session_handle_t input0, ck_object_handle_t input1); ck_rv_t myC_SignInit_C(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2); ck_rv_t myC_Sign_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_SignUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len); ck_rv_t myC_SignFinal_C(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len); ck_rv_t myC_SignRecoverInit_C(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2); ck_rv_t myC_SignRecover_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_VerifyRecoverInit_C(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2); ck_rv_t myC_VerifyInit_C(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2); ck_rv_t myC_Verify_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *input2, unsigned long input2_len); ck_rv_t myC_VerifyUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len); ck_rv_t myC_VerifyFinal_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len); ck_rv_t myC_VerifyRecover_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_EncryptInit_C(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2); ck_rv_t myC_Encrypt_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_EncryptUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_EncryptFinal_C(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len); ck_rv_t myC_DigestEncryptUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_SignEncryptUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_DecryptInit_C(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2); ck_rv_t myC_Decrypt_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_DecryptUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_DecryptFinal_C(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len); ck_rv_t myC_DecryptDigestUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_DecryptVerifyUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len); ck_rv_t myC_GetFunctionStatus_C(ck_session_handle_t input0); ck_rv_t myC_CancelFunction_C(ck_session_handle_t input0); ck_rv_t myC_LoadModule_C(const char *libname); caml-crush-1.0.12/src/client-lib/modwrap_camlrpc.c000066400000000000000000002356551414774042300220060ustar00rootroot00000000000000/*------------------------ MIT License HEADER ------------------------------------ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the client library 5] source tree: -------------------- | 5] Client library | | -------- | | | | PKCS#11 | | | |functions| | -------- | -------------------- | | { PKCS#11 INTERFACE } | APPLICATION Project: PKCS#11 Filtering Proxy File: src/client-lib/modwrap_camlrpc.c -------------------------- MIT License HEADER ----------------------------------*/ #include "modwrap.h" /* -------------------------------- */ /* RPC CAML serialization functions */ /* WARNING: This function is not mechanism type agnostic parameter and parameter_len can be uninitialized The implemented fix is the above custom_sanitize_ck_mechanism() that has to be called in C_Init() functions before parsing with custom_c2ml_pkcs11_struct_ck_mechanism(). */ value custom_c2ml_pkcs11_struct_ck_mechanism(struct ck_mechanism *_c1, camlidl_ctx _ctx) { value _v2; value _v3[2]; mlsize_t _c4; value _v5; _v3[0] = _v3[1] = 0; Begin_roots_block(_v3, 2);;; _v3[0] = camlidl_c2ml_pkcs11_ck_mechanism_type_t(&(*_c1).mechanism, _ctx); _v3[1] = camlidl_alloc((*_c1).parameter_len, 0); for (_c4 = 0; _c4 < (*_c1).parameter_len; _c4++) { /* FIXME: parameter is void and can be any type, we assume it is a unsigned char array and we have to call our sanitize function on input before trying to parse */ _v5 = Val_int((unsigned char)((*_c1).parameter[_c4])); modify(&Field(_v3[1], _c4), _v5); } _v2 = camlidl_alloc_small(2, 0); Field(_v2, 0) = _v3[0]; Field(_v2, 1) = _v3[1]; End_roots();; return _v2; } value custom_pkcs11_c2ml_buffer_to_ck_attribute_array(struct ck_attribute * array, unsigned long array_len, camlidl_ctx _ctx) { CAMLparam0(); CAMLlocal2(_v5, v); mlsize_t _c4; v = caml_alloc(array_len, 0); for (_c4 = 0; _c4 < array_len; _c4++) { _v5 = camlidl_c2ml_pkcs11_struct_ck_attribute(&array[_c4], _ctx); Store_field(v, _c4, _v5); } CAMLreturn(v); } void custom_ml2c_pkcs11_struct_ck_attribute(value _v1, struct ck_attribute *_c2, camlidl_ctx _ctx, unsigned long ret) { value _v3; value _v4; mlsize_t _c5; mlsize_t _c6; value _v7; _v3 = Field(_v1, 0); camlidl_ml2c_pkcs11_ck_attribute_type_t(_v3, &(*_c2).type_, _ctx); _v4 = Field(_v1, 1); _c5 = Wosize_val(_v4); (*_c2).value_len = _c5; #ifdef DEBUG fprintf(stderr, "custom_ml2c_pkcs11_struct_ck_attribute : type %x, len %d ARRAY\n", (*_c2).type_, (*_c2).value_len); #endif if ((*_c2).value_len != 0) { /* We must first check that the value is not NULL while the length is */ if ((*_c2).value == NULL) { /* Return an error if this is the case ... */ return; } for (_c6 = 0; _c6 < _c5; _c6++) { _v7 = Field(_v4, _c6); (*_c2).value[_c6] = Int_val(_v7); } } /* Carry the ret value to update UlValueLen to be passed -1 on errors */ else { if (ret != CKR_OK) { (*_c2).value_len = -1; } } return; } int custom_pkcs11_ml2c_ck_attribute_array_to_buffer(value _v_data, struct ck_attribute *array, unsigned long *array_len, camlidl_ctx _ctx, unsigned long ret) { CAMLparam0(); CAMLlocal1(_v3); mlsize_t _c1; mlsize_t _c2; _c1 = Wosize_val(_v_data); for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_data, _c2); /* Call our custom function */ custom_ml2c_pkcs11_struct_ck_attribute(_v3, &array[_c2], _ctx, ret); } *array_len = _c1; CAMLreturn(0); } value custom_pkcs11_c2ml_buffer_to_char_array(unsigned char *array, unsigned long array_len) { CAMLparam0(); CAMLlocal1(v); mlsize_t i; v = caml_alloc(array_len, 0); for (i = 0; i < (mlsize_t) array_len; i++) { Store_field(v, i, Val_int(array[i])); } CAMLreturn(v); } int custom_pkcs11_ml2c_char_array_to_buffer(value _v_data, unsigned char *array, unsigned long *array_len) { mlsize_t _c1; mlsize_t _c2; value _v3; _c1 = Wosize_val(_v_data); if (array != NULL) { for (_c2 = 0; _c2 < _c1; _c2++) { _v3 = Field(_v_data, _c2); array[_c2] = Int_val(_v3); } } *array_len = _c1; return 0; } /* ----------------------------- */ /* RPC OCAML PKCS#11 functions */ ck_rv_t init_ml(const char *module) { ck_rv_t ret; char *dummy_init_args[2] = { (char *)"client-pkcs11", (char *)0 }; /* Initialize OCaml runtime */ caml_startup(dummy_init_args); ret = myRPC_connect(); if (ret != 0) { fprintf(stderr, "Could not connect to RPC server\n"); fprintf(stderr, "Check you parameters\n"); return ret; } /* Initialize Architecture */ ret = myC_SetupArch(); switch (ret) { case LITTLE_ENDIAN_64: case LITTLE_ENDIAN_32: case BIG_ENDIAN_64: case BIG_ENDIAN_32: peer_arch = ret; break; default: fprintf(stderr, "Unsupported architecture error\n"); return UNSUPPORTED_ARCHITECTURE; } /* Call LoadModule */ ret = myC_LoadModule(module); return ret; } void destroy_ml() { CAMLparam0(); static value *shut_down_client_closure = NULL; #ifdef DEBUG fprintf(stderr, "Shut_Down_Client calling\n"); #endif if (shut_down_client_closure == NULL) { shut_down_client_closure = caml_named_value("Shut_Down_Client"); } if (shut_down_client_closure == NULL) { fprintf(stderr, "\nError binding with caml Shut_Down_Client\n"); CAMLreturn0; } caml_callback(*shut_down_client_closure, copy_int64(0)); CAMLreturn0; } ck_rv_t myRPC_connect(void) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); static value *RPC_connect_closure = NULL; #ifdef DEBUG fprintf(stderr, "RPC_connect calling\n"); #endif if (RPC_connect_closure == NULL) { RPC_connect_closure = caml_named_value("RPC_connect"); } if (RPC_connect_closure == NULL) { fprintf(stderr, "\nError binding with caml RPC_connect\n"); exit(-1); } tuple = caml_callback_exn(*RPC_connect_closure, copy_int64(0)); if (Is_exception_result(tuple)) { tuple = Extract_exception(tuple); CAMLreturn(-1); } CAMLreturn(0); } ck_rv_t myC_SetupArch(void) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_SetupArch_closure = NULL; unsigned int test = 0xAABBCCDD; #ifdef DEBUG fprintf(stderr, "C_SetupArch calling\n"); #endif if (((unsigned char *)&test)[0] == 0xDD) { /* LittleEndian */ if (sizeof(long) == 8) { /* 64bit */ args[0] = copy_int64(LITTLE_ENDIAN_64); my_arch = LITTLE_ENDIAN_64; } else { args[0] = copy_int64(LITTLE_ENDIAN_32); my_arch = LITTLE_ENDIAN_32; } } else { /* BigEndian */ if (sizeof(long) == 8) { /* 64bit */ args[0] = copy_int64(BIG_ENDIAN_64); my_arch = BIG_ENDIAN_64; } else { args[0] = copy_int64(BIG_ENDIAN_32); my_arch = BIG_ENDIAN_32; } } if (C_SetupArch_closure == NULL) { C_SetupArch_closure = caml_named_value("C_SetupArch"); } if (C_SetupArch_closure == NULL) { fprintf(stderr, "\nError binding with caml C_SetupArch\n"); exit(-1); } tuple = caml_callbackN(*C_SetupArch_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_Initialize(void *init_args) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_Initialize_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_Initialize calling\n"); #endif if (C_Initialize_closure == NULL) { C_Initialize_closure = caml_named_value("C_Initialize"); } if (C_Initialize_closure == NULL) { fprintf(stderr, "\nError binding with caml C_Initialize\n"); exit(-1); } /* Check for pInitArgs PTR presence */ if (init_args != NULL) { #ifdef DEBUG fprintf(stderr, "C_Initialize *pInitArgs not NULL, we won't use them\n"); #endif } tuple = caml_callback(*C_Initialize_closure, copy_int64(0)); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_Finalize(void *init_args) { CAMLparam0(); CAMLlocal1(tuple); ck_rv_t ret; static value *C_Finalize_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_Finalize calling\n"); #endif if (C_Finalize_closure == NULL) { C_Finalize_closure = caml_named_value("C_Finalize"); } if (C_Finalize_closure == NULL) { fprintf(stderr, "\nError binding with caml C_Finalize\n"); exit(-1); } /* P11 Compliance */ if (init_args != NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } tuple = caml_callback(*C_Finalize_closure, copy_int64(0)); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_GetSlotList(CK_BBOOL input0, ck_slot_id_t * output2, unsigned long *output3) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; unsigned long i; static value *C_GetSlotList_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_GetSlotList calling\n"); #endif if (C_GetSlotList_closure == NULL) { C_GetSlotList_closure = caml_named_value("C_GetSlotList"); } if (C_GetSlotList_closure == NULL) { fprintf(stderr, "\nError binding with caml C_GetSlotList\n"); exit(-1); } /* P11 compliant */ if (output3 == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } if (input0 == 1) { /* CK_TRUE */ args[0] = copy_int64(1); } else { args[0] = copy_int64(0); } if (output2 == NULL) { args[1] = copy_int64(0); } else { args[1] = copy_int64(*output3); } tuple = caml_callbackN(*C_GetSlotList_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); *output3 = Int64_val(Field(tuple, 2)); /* Copy back only if *output2 is not NULL */ if (output2 != NULL) { for (i = 0; i < *output3; i++) { camlidl_ml2c_pkcs11_ck_slot_id_t(Field(Field(tuple, 1), i), &output2[i], NULL); } } CAMLreturn(ret); } ck_rv_t myC_GetInfo(struct ck_info *output0) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_GetInfo_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_GetInfo calling\n"); #endif if (C_GetInfo_closure == NULL) { C_GetInfo_closure = caml_named_value("C_GetInfo"); } if (C_GetInfo_closure == NULL) { fprintf(stderr, "\nError binding with caml C_GetInfo\n"); exit(-1); } if (output0 == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } tuple = caml_callback(*C_GetInfo_closure, copy_int64(0)); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); camlidl_ml2c_pkcs11_struct_ck_info(Field(tuple, 1), output0, NULL); CAMLreturn(ret); } ck_rv_t myC_WaitForSlotEvent(ck_flags_t input0, ck_slot_id_t * output1, void *reserved) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_WaitForSlotEvent_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_WaitForSlotEvent calling\n"); #endif if (C_WaitForSlotEvent_closure == NULL) { C_WaitForSlotEvent_closure = caml_named_value("C_WaitForSlotEvent"); } if (C_WaitForSlotEvent_closure == NULL) { fprintf(stderr, "\nError binding with caml C_WaitForSlotEvent\n"); exit(-1); } /* P11 compliant */ if (reserved != NULL) { return CKR_ARGUMENTS_BAD; } args[0] = camlidl_c2ml_pkcs11_ck_flags_t(&input0, NULL); tuple = caml_callbackN(*C_WaitForSlotEvent_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); camlidl_ml2c_pkcs11_ck_slot_id_t(Field(tuple, 1), output1, NULL); CAMLreturn(ret); } ck_rv_t myC_GetSlotInfo(ck_slot_id_t input0, struct ck_slot_info * output1) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_GetSlotInfo_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_GetSlotInfo calling\n"); #endif if (C_GetSlotInfo_closure == NULL) { C_GetSlotInfo_closure = caml_named_value("C_GetSlotInfo"); } if (C_GetSlotInfo_closure == NULL) { fprintf(stderr, "\nError binding with caml C_GetSlotInfo\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_slot_id_t(&input0, NULL); tuple = caml_callbackN(*C_GetSlotInfo_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); camlidl_ml2c_pkcs11_struct_ck_slot_info(Field(tuple, 1), output1, NULL); CAMLreturn(ret); } ck_rv_t myC_GetTokenInfo(ck_slot_id_t input0, struct ck_token_info *output1) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_GetTokenInfo_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_GetTokenInfo calling\n"); #endif if (C_GetTokenInfo_closure == NULL) { C_GetTokenInfo_closure = caml_named_value("C_GetTokenInfo"); } if (C_GetTokenInfo_closure == NULL) { fprintf(stderr, "\nError binding with caml C_GetTokenInfo\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_slot_id_t(&input0, NULL); tuple = caml_callbackN(*C_GetTokenInfo_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); camlidl_ml2c_pkcs11_CK_TOKEN_INFO(Field(tuple, 1), output1, NULL); CAMLreturn(ret); } ck_rv_t myC_InitToken(ck_slot_id_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *input2) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 3); ck_rv_t ret; /* Label is 32 bytes long */ unsigned long input2_len = 32; static value *C_InitToken_closure = NULL; /* Sanitize: Check if input1 is NULL: if so, force the length to be zero */ if (input1 == NULL) { input1_len = 0; } #ifdef DEBUG fprintf(stderr, "C_InitToken calling\n"); #endif if (C_InitToken_closure == NULL) { C_InitToken_closure = caml_named_value("C_InitToken"); } if (C_InitToken_closure == NULL) { fprintf(stderr, "\nError binding with caml C_InitToken\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_slot_id_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); args[2] = custom_pkcs11_c2ml_buffer_to_char_array(input2, input2_len); tuple = caml_callbackN(*C_InitToken_closure, 3, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_OpenSession(ck_slot_id_t input0, ck_flags_t input1, void *application, ck_notify_t notify, ck_session_handle_t * output2) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_OpenSession_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_OpenSession calling\n"); #endif if (C_OpenSession_closure == NULL) { C_OpenSession_closure = caml_named_value("C_OpenSession"); } if (C_OpenSession_closure == NULL) { fprintf(stderr, "\nError binding with caml C_OpenSession\n"); exit(-1); } /* P11 compliant */ if (output2 == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } /* Check for application/notify PTR presence */ if ((application != NULL) || (notify != NULL)) { #ifdef DEBUG fprintf(stderr, "C_OpenSession *application/*notify not NULL, we won't pass them\n"); #endif } args[0] = camlidl_c2ml_pkcs11_ck_slot_id_t(&input0, NULL); args[1] = camlidl_c2ml_pkcs11_ck_flags_t(&input1, NULL); tuple = caml_callbackN(*C_OpenSession_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); camlidl_ml2c_pkcs11_ck_session_handle_t(Field(tuple, 1), output2, NULL); CAMLreturn(ret); } ck_rv_t myC_CloseSession(ck_session_handle_t input0) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_CloseSession_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_CloseSession calling\n"); #endif if (C_CloseSession_closure == NULL) { C_CloseSession_closure = caml_named_value("C_CloseSession"); } if (C_CloseSession_closure == NULL) { fprintf(stderr, "\nError binding with caml C_CloseSession\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); tuple = caml_callbackN(*C_CloseSession_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_CloseAllSessions(ck_slot_id_t input0) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_CloseAllSessions_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_CloseAllSessions calling\n"); #endif if (C_CloseAllSessions_closure == NULL) { C_CloseAllSessions_closure = caml_named_value("C_CloseAllSessions"); } if (C_CloseAllSessions_closure == NULL) { fprintf(stderr, "\nError binding with caml C_CloseAllSessions\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_slot_id_t(&input0, NULL); tuple = caml_callbackN(*C_CloseAllSessions_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_GetSessionInfo(ck_session_handle_t input0, struct ck_session_info *output1) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_GetSessionInfo_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_GetSessionInfo calling\n"); #endif if (C_GetSessionInfo_closure == NULL) { C_GetSessionInfo_closure = caml_named_value("C_GetSessionInfo"); } if (C_GetSessionInfo_closure == NULL) { fprintf(stderr, "\nError binding with caml C_GetSessionInfo\n"); exit(-1); } /* P11 compliant */ if (output1 == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); tuple = caml_callbackN(*C_GetSessionInfo_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); camlidl_ml2c_pkcs11_CK_SESSION_INFO(Field(tuple, 1), output1, NULL); CAMLreturn(ret); } ck_rv_t myC_Login(ck_session_handle_t input0, ck_user_type_t input1, unsigned char *input2, unsigned long input2_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 3); ck_rv_t ret; static value *C_Login_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_Login calling\n"); #endif if (C_Login_closure == NULL) { C_Login_closure = caml_named_value("C_Login"); } if (C_Login_closure == NULL) { fprintf(stderr, "\nError binding with caml C_Login\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = camlidl_c2ml_pkcs11_ck_user_type_t(&input1, NULL); args[2] = custom_pkcs11_c2ml_buffer_to_char_array(input2, input2_len); tuple = caml_callbackN(*C_Login_closure, 3, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_Logout(ck_session_handle_t input0) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_Logout_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_Logout calling\n"); #endif if (C_Logout_closure == NULL) { C_Logout_closure = caml_named_value("C_Logout"); } if (C_Logout_closure == NULL) { fprintf(stderr, "\nError binding with caml C_Logout\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); tuple = caml_callbackN(*C_Logout_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_GetMechanismList(ck_slot_id_t input0, ck_mechanism_type_t * output2, unsigned long *output3) { CAMLparam0(); CAMLlocal2(tuple, _v3); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_GetMechanismList_closure = NULL; int i, len; #ifdef DEBUG fprintf(stderr, "C_GetMechanismList calling\n"); #endif if (C_GetMechanismList_closure == NULL) { C_GetMechanismList_closure = caml_named_value("C_GetMechanismList"); } if (C_GetMechanismList_closure == NULL) { fprintf(stderr, "\nError binding with caml C_GetMechanismList\n"); exit(-1); } /* P11 compliant */ if (output3 == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } if (output2 == NULL) { args[1] = copy_int64(0); } else { args[1] = copy_int64(*output3); } args[0] = camlidl_c2ml_pkcs11_ck_slot_id_t(&input0, NULL); tuple = caml_callbackN(*C_GetMechanismList_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); /* TODO: explain P11 compliance algorithm */ if (ret == CKR_BUFFER_TOO_SMALL) { *output3 = Int64_val(Field(tuple, 2)); CAMLreturn(ret); } else if (ret != CKR_OK) { CAMLreturn(ret); } /* P11 compliant */ /* FIXME: For now cast to (unsigned long) because we should not recieve a huge mech_count */ if ((output2 != NULL && *output3 == 0) || (*output3 < (unsigned long)Int64_val(Field(tuple, 2)))) { *output3 = Int64_val(Field(tuple, 2)); if (output2 == NULL) { CAMLreturn(ret); } CAMLreturn(CKR_BUFFER_TOO_SMALL); } len = Int64_val(Field(tuple, 2)); i = 0; if (output2 != NULL) { for (i = 0; i < len; i++) { _v3 = Field(Field(tuple, 1), i); camlidl_ml2c_pkcs11_ck_mechanism_type_t(_v3, &output2[i], NULL); } } *output3 = Int64_val(Field(tuple, 2)); CAMLreturn(ret); } ck_rv_t myC_GetMechanismInfo(ck_slot_id_t input0, ck_mechanism_type_t input1, struct ck_mechanism_info *output2) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_GetMechanismInfo_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_GetMechanismInfo calling\n"); #endif if (C_GetMechanismInfo_closure == NULL) { C_GetMechanismInfo_closure = caml_named_value("C_GetMechanismInfo"); } if (C_GetMechanismInfo_closure == NULL) { fprintf(stderr, "\nError binding with caml C_GetMechanismInfo\n"); exit(-1); } /* P11 compliant */ if (output2 == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } args[0] = camlidl_c2ml_pkcs11_ck_slot_id_t(&input0, NULL); args[1] = camlidl_c2ml_pkcs11_ck_mechanism_type_t(&input1, NULL); tuple = caml_callbackN(*C_GetMechanismInfo_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); camlidl_ml2c_pkcs11_CK_MECHANISM_INFO(Field(tuple, 1), output2, NULL); CAMLreturn(ret); } ck_rv_t myC_InitPIN(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_InitPIN_closure = NULL; /* Sanitize: Check if input1 is NULL: if so, force the length to be zero */ if (input1 == NULL) { input1_len = 0; } #ifdef DEBUG fprintf(stderr, "C_InitPIN calling\n"); #endif if (C_InitPIN_closure == NULL) { C_InitPIN_closure = caml_named_value("C_InitPIN"); } if (C_InitPIN_closure == NULL) { fprintf(stderr, "\nError binding with caml C_InitPIN\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); tuple = caml_callbackN(*C_InitPIN_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_SetPIN(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *input2, unsigned long input2_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 3); ck_rv_t ret; static value *C_SetPIN_closure = NULL; /* Sanitize: Check if input1 is NULL: if so, force the length to be zero */ if (input1 == NULL) { input1_len = 0; } if (input2 == NULL) { input2_len = 0; } #ifdef DEBUG fprintf(stderr, "C_SetPIN calling\n"); #endif if (C_SetPIN_closure == NULL) { C_SetPIN_closure = caml_named_value("C_SetPIN"); } if (C_SetPIN_closure == NULL) { fprintf(stderr, "\nError binding with caml C_SetPIN\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); args[2] = custom_pkcs11_c2ml_buffer_to_char_array(input2, input2_len); tuple = caml_callbackN(*C_SetPIN_closure, 3, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_SeedRandom(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_SeedRandom_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_SeedRandom calling\n"); #endif if (C_SeedRandom_closure == NULL) { C_SeedRandom_closure = caml_named_value("C_SeedRandom"); } if (C_SeedRandom_closure == NULL) { fprintf(stderr, "\nError binding with caml C_SeedRandom\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); tuple = caml_callbackN(*C_SeedRandom_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_GenerateRandom(ck_session_handle_t input0, unsigned char *output2, unsigned long output2_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_GenerateRandom_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_GenerateRandom calling\n"); #endif if (C_GenerateRandom_closure == NULL) { C_GenerateRandom_closure = caml_named_value("C_GenerateRandom"); } if (C_GenerateRandom_closure == NULL) { fprintf(stderr, "\nError binding with caml C_GenerateRandom\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = copy_int64(output2_len); tuple = caml_callbackN(*C_GenerateRandom_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); custom_pkcs11_ml2c_char_array_to_buffer(Field(tuple, 1), output2, &output2_len); CAMLreturn(ret); } ck_rv_t myC_GetOperationState(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_GetOperationState_closure = NULL; p11_request_struct *elem; #ifdef DEBUG fprintf(stderr, "C_GetOperationState calling\n"); #endif if (C_GetOperationState_closure == NULL) { C_GetOperationState_closure = caml_named_value("C_GetOperationState"); } if (C_GetOperationState_closure == NULL) { fprintf(stderr, "\nError binding with caml C_GetOperationState\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output1_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } /* Remember previous calls */ check_linked_list("GetOperationState", GETOPERATION_STATE_OP, input0, NULL, 0, output1, output1_len); args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); tuple = caml_callbackN(*C_GetOperationState_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(GetOperationState, GETOPERATION_STATE_OP, input0, NULL, 0, output1, output1_len); } ck_rv_t myC_SetOperationState(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, ck_object_handle_t input2, ck_object_handle_t input3) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 4); ck_rv_t ret; static value *C_SetOperationState_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_SetOperationState calling\n"); #endif if (C_SetOperationState_closure == NULL) { C_SetOperationState_closure = caml_named_value("C_SetOperationState"); } if (C_SetOperationState_closure == NULL) { fprintf(stderr, "\nError binding with caml C_SetOperationState\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); args[2] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input2, NULL); args[3] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input3, NULL); tuple = caml_callbackN(*C_SetOperationState_closure, 4, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_FindObjectsInit(ck_session_handle_t input0, CK_ATTRIBUTE * input1, unsigned long count) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_FindObjectsInit_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_FindObjectsInit calling\n"); #endif if (C_FindObjectsInit_closure == NULL) { C_FindObjectsInit_closure = caml_named_value("C_FindObjectsInit"); } if (C_FindObjectsInit_closure == NULL) { fprintf(stderr, "\nError binding with caml C_FindObjectsInit\n"); exit(-1); } /* P11 compliant */ if (input1 == NULL && count > 0) { CAMLreturn(CKR_ARGUMENTS_BAD); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); /* If count is zero, we pass an empty list to CAML */ if (count == 0) { args[1] = Atom(0); } else { args[1] = custom_pkcs11_c2ml_buffer_to_ck_attribute_array(input1, count, NULL); } tuple = caml_callbackN(*C_FindObjectsInit_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_FindObjects(ck_session_handle_t input0, ck_object_handle_t * output2, unsigned long input1, unsigned long *output3) { CAMLparam0(); CAMLlocal2(tuple, _v3); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_FindObjects_closure = NULL; unsigned long i, len; #ifdef DEBUG fprintf(stderr, "C_FindObjects calling\n"); #endif if (C_FindObjects_closure == NULL) { C_FindObjects_closure = caml_named_value("C_FindObjects"); } if (C_FindObjects_closure == NULL) { fprintf(stderr, "\nError binding with caml C_FindObjects\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = copy_int64(input1); tuple = caml_callbackN(*C_FindObjects_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); /* P11 compliant, return RET if was called with invalid session */ if (ret != CKR_OK) { CAMLreturn(ret); } /* P11 compliant */ if (output2 == NULL || output3 == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } len = Int64_val(Field(tuple, 2)); i = 0; for (i = 0; i < len; i++) { _v3 = Field(Field(tuple, 1), i); camlidl_ml2c_pkcs11_ck_object_handle_t(_v3, &output2[i], NULL); } *output3 = len; CAMLreturn(ret); } ck_rv_t myC_FindObjectsFinal(ck_session_handle_t input0) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_FindObjectsFinal_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_FindObjectsFinal calling\n"); #endif if (C_FindObjectsFinal_closure == NULL) { C_FindObjectsFinal_closure = caml_named_value("C_FindObjectsFinal"); } if (C_FindObjectsFinal_closure == NULL) { fprintf(stderr, "\nError binding with caml C_FindObjectsFinal\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); tuple = caml_callbackN(*C_FindObjectsFinal_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_GenerateKey(ck_session_handle_t input0, struct ck_mechanism *input1, CK_ATTRIBUTE * input2, unsigned long count, ck_object_handle_t * output3) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 3); ck_rv_t ret; static value *C_GenerateKey_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_GenerateKey calling\n"); #endif if (C_GenerateKey_closure == NULL) { C_GenerateKey_closure = caml_named_value("C_GenerateKey"); } if (C_GenerateKey_closure == NULL) { fprintf(stderr, "\nError binding with caml C_GenerateKey\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_c2ml_pkcs11_struct_ck_mechanism(input1, NULL); args[2] = custom_pkcs11_c2ml_buffer_to_ck_attribute_array(input2, count, NULL); tuple = caml_callbackN(*C_GenerateKey_closure, 3, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); camlidl_ml2c_pkcs11_ck_object_handle_t(Field(tuple, 1), output3, NULL); CAMLreturn(ret); } ck_rv_t myC_GenerateKeyPair(ck_session_handle_t input0, struct ck_mechanism *input1, CK_ATTRIBUTE * input2, unsigned long count, CK_ATTRIBUTE * input3, unsigned long count2, ck_object_handle_t * output4, ck_object_handle_t * output5) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 4); ck_rv_t ret; static value *C_GenerateKeyPair_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_GenerateKeyPair calling\n"); #endif if (C_GenerateKeyPair_closure == NULL) { C_GenerateKeyPair_closure = caml_named_value("C_GenerateKeyPair"); } if (C_GenerateKeyPair_closure == NULL) { fprintf(stderr, "\nError binding with caml C_GenerateKeyPair\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_c2ml_pkcs11_struct_ck_mechanism(input1, NULL); args[2] = custom_pkcs11_c2ml_buffer_to_ck_attribute_array(input2, count, NULL); args[3] = custom_pkcs11_c2ml_buffer_to_ck_attribute_array(input3, count2, NULL); tuple = caml_callbackN(*C_GenerateKeyPair_closure, 4, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); camlidl_ml2c_pkcs11_ck_object_handle_t(Field(tuple, 1), output4, NULL); camlidl_ml2c_pkcs11_ck_object_handle_t(Field(tuple, 2), output5, NULL); CAMLreturn(ret); } ck_rv_t myC_CreateObject(ck_session_handle_t input0, CK_ATTRIBUTE * input1, unsigned long count, ck_object_handle_t * output2) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_CreateObject_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_CreateObject calling\n"); #endif if (C_CreateObject_closure == NULL) { C_CreateObject_closure = caml_named_value("C_CreateObject"); } if (C_CreateObject_closure == NULL) { fprintf(stderr, "\nError binding with caml C_CreateObject\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_ck_attribute_array(input1, count, NULL); tuple = caml_callbackN(*C_CreateObject_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); camlidl_ml2c_pkcs11_ck_object_handle_t(Field(tuple, 1), output2, NULL); CAMLreturn(ret); } ck_rv_t myC_CopyObject(ck_session_handle_t input0, ck_object_handle_t input1, CK_ATTRIBUTE * input2, unsigned long count, ck_object_handle_t * output3) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 3); ck_rv_t ret; static value *C_CopyObject_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_CopyObject calling\n"); #endif if (C_CopyObject_closure == NULL) { C_CopyObject_closure = caml_named_value("C_CopyObject"); } if (C_CopyObject_closure == NULL) { fprintf(stderr, "\nError binding with caml C_CopyObject\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input1, NULL); args[2] = custom_pkcs11_c2ml_buffer_to_ck_attribute_array(input2, count, NULL); tuple = caml_callbackN(*C_CopyObject_closure, 3, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); camlidl_ml2c_pkcs11_ck_object_handle_t(Field(tuple, 1), output3, NULL); CAMLreturn(ret); } ck_rv_t myC_DestroyObject(ck_session_handle_t input0, ck_object_handle_t input1) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_DestroyObject_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_DestroyObject calling\n"); #endif if (C_DestroyObject_closure == NULL) { C_DestroyObject_closure = caml_named_value("C_DestroyObject"); } if (C_DestroyObject_closure == NULL) { fprintf(stderr, "\nError binding with caml C_DestroyObject\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input1, NULL); tuple = caml_callbackN(*C_DestroyObject_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_GetAttributeValue(ck_session_handle_t input0, ck_object_handle_t input1, struct ck_attribute *input2, unsigned long input3) { CAMLparam0(); CAMLlocal2(tuple, _v3); CAMLlocalN(args, 3); ck_rv_t ret; static value *C_GetAttributeValue_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_GetAttributeValue calling, size templ: %lu\n", input3); #endif if (C_GetAttributeValue_closure == NULL) { C_GetAttributeValue_closure = caml_named_value("C_GetAttributeValue"); } if (C_GetAttributeValue_closure == NULL) { fprintf(stderr, "\nError binding with caml C_GetAttributeValue\n"); exit(-1); } if (input2 == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } else { args[2] = custom_pkcs11_c2ml_buffer_to_ck_attribute_array(input2, input3, NULL); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input1, NULL); tuple = caml_callbackN(*C_GetAttributeValue_closure, 3, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); custom_pkcs11_ml2c_ck_attribute_array_to_buffer(Field(tuple, 1), input2, &input3, NULL, ret); CAMLreturn(ret); } ck_rv_t myC_SetAttributeValue(ck_session_handle_t input0, ck_object_handle_t input1, CK_ATTRIBUTE * input2, unsigned long count) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 3); ck_rv_t ret; static value *C_SetAttributeValue_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_SetAttributeValue calling\n"); #endif if (C_SetAttributeValue_closure == NULL) { C_SetAttributeValue_closure = caml_named_value("C_SetAttributeValue"); } if (C_SetAttributeValue_closure == NULL) { fprintf(stderr, "\nError binding with caml C_SetAttributeValue\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input1, NULL); args[2] = custom_pkcs11_c2ml_buffer_to_ck_attribute_array(input2, count, NULL); tuple = caml_callbackN(*C_SetAttributeValue_closure, 3, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_GetObjectSize(ck_session_handle_t input0, ck_object_handle_t input1, unsigned long *output2) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_GetObjectSize_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_GetObjectSize calling\n"); #endif if (C_GetObjectSize_closure == NULL) { C_GetObjectSize_closure = caml_named_value("C_GetObjectSize"); } if (C_GetObjectSize_closure == NULL) { fprintf(stderr, "\nError binding with caml C_GetObjectSize\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input1, NULL); tuple = caml_callbackN(*C_GetObjectSize_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); *output2 = Int64_val(Field(tuple, 1)); CAMLreturn(ret); } ck_rv_t myC_WrapKey(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2, ck_object_handle_t input3, unsigned char *output4, unsigned long *output4_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 4); ck_rv_t ret; static value *C_WrapKey_closure = NULL; p11_request_struct *elem; #ifdef DEBUG fprintf(stderr, "C_WrapKey calling\n"); #endif if (C_WrapKey_closure == NULL) { C_WrapKey_closure = caml_named_value("C_WrapKey"); } if (C_WrapKey_closure == NULL) { fprintf(stderr, "\nError binding with caml C_WrapKey\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output4_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } /* Remember previous calls */ check_linked_list("WrapKey", WRAPKEY_OP, input0, NULL, 0, output4, output4_len); args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_c2ml_pkcs11_struct_ck_mechanism(input1, NULL); args[2] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input2, NULL); args[3] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input3, NULL); tuple = caml_callbackN(*C_WrapKey_closure, 4, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(WrapKey, WRAPKEY_OP, input0, NULL, 0, output4, output4_len); } ck_rv_t myC_UnwrapKey(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2, unsigned char *input3, unsigned long input3_len, CK_ATTRIBUTE * input4, unsigned long count, ck_object_handle_t * output5) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 5); ck_rv_t ret; static value *C_UnwrapKey_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_UnwrapKey calling\n"); #endif if (C_UnwrapKey_closure == NULL) { C_UnwrapKey_closure = caml_named_value("C_UnwrapKey"); } if (C_UnwrapKey_closure == NULL) { fprintf(stderr, "\nError binding with caml C_UnwrapKey\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_c2ml_pkcs11_struct_ck_mechanism(input1, NULL); args[2] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input2, NULL); args[3] = custom_pkcs11_c2ml_buffer_to_char_array(input3, input3_len); args[4] = custom_pkcs11_c2ml_buffer_to_ck_attribute_array(input4, count, NULL); tuple = caml_callbackN(*C_UnwrapKey_closure, 5, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); camlidl_ml2c_pkcs11_ck_object_handle_t(Field(tuple, 1), output5, NULL); CAMLreturn(ret); } ck_rv_t myC_DeriveKey(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2, CK_ATTRIBUTE * input3, unsigned long count, ck_object_handle_t * output4) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 4); ck_rv_t ret; static value *C_DeriveKey_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_DeriveKey calling\n"); #endif if (C_DeriveKey_closure == NULL) { C_DeriveKey_closure = caml_named_value("C_DeriveKey"); } if (C_DeriveKey_closure == NULL) { fprintf(stderr, "\nError binding with caml C_DeriveKey\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_c2ml_pkcs11_struct_ck_mechanism(input1, NULL); args[2] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input2, NULL); args[3] = custom_pkcs11_c2ml_buffer_to_ck_attribute_array(input3, count, NULL); tuple = caml_callbackN(*C_DeriveKey_closure, 4, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); camlidl_ml2c_pkcs11_ck_object_handle_t(Field(tuple, 1), output4, NULL); CAMLreturn(ret); } ck_rv_t myC_DigestInit(ck_session_handle_t input0, struct ck_mechanism *input1) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_DigestInit_closure = NULL; if (C_DigestInit_closure == NULL) { C_DigestInit_closure = caml_named_value("C_DigestInit"); } if (C_DigestInit_closure == NULL) { fprintf(stderr, "\nError binding with caml C_DigestInit\n"); exit(-1); } #ifdef DEBUG fprintf(stderr, "C_DigestInit calling\n"); #endif custom_sanitize_ck_mechanism(input1); /* Check to make sure we cannot initialize before fetching the result * of a previous crypto call */ if (check_operation_active_in_filtering_list(input0, DIGEST_OP) != NULL) { CAMLreturn(CKR_OPERATION_ACTIVE); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_c2ml_pkcs11_struct_ck_mechanism(input1, NULL); tuple = caml_callbackN(*C_DigestInit_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_Digest(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_Digest_closure = NULL; /* Remember previous calls */ p11_request_struct *elem; if (C_Digest_closure == NULL) { C_Digest_closure = caml_named_value("C_Digest"); } if (C_Digest_closure == NULL) { fprintf(stderr, "\nError binding with caml C_Digest\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } #ifdef DEBUG fprintf(stderr, "C_Digest calling\n"); #endif args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); /* Remember previous calls */ check_linked_list("Digest", DIGEST_OP, input0, input1, input1_len, output2, output2_len); tuple = caml_callbackN(*C_Digest_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(Digest, DIGEST_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_DigestUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_DigestUpdate_closure = NULL; if (C_DigestUpdate_closure == NULL) { C_DigestUpdate_closure = caml_named_value("C_DigestUpdate"); } if (C_DigestUpdate_closure == NULL) { fprintf(stderr, "\nError binding with caml C_DigestUpdate\n"); exit(-1); } #ifdef DEBUG fprintf(stderr, "C_DigestUpdate calling\n"); #endif args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); tuple = caml_callbackN(*C_DigestUpdate_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_DigestFinal(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_DigestFinal_closure = NULL; p11_request_struct *elem; #ifdef DEBUG fprintf(stderr, "C_DigestFinal calling\n"); #endif if (C_DigestFinal_closure == NULL) { C_DigestFinal_closure = caml_named_value("C_DigestFinal"); } if (C_DigestFinal_closure == NULL) { fprintf(stderr, "\nError binding with caml C_DigestFinal\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output1_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } /* Remember previous calls */ check_linked_list("DigestFinal", DIGEST_FINAL_OP, input0, NULL, 0, output1, output1_len); args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); tuple = caml_callbackN(*C_DigestFinal_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(DigestFinal, DIGEST_FINAL_OP, input0, NULL, 0, output1, output1_len); } ck_rv_t myC_DigestKey(ck_session_handle_t input0, ck_object_handle_t input1) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_DigestKey_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_DigestKey calling\n"); #endif if (C_DigestKey_closure == NULL) { C_DigestKey_closure = caml_named_value("C_DigestKey"); } if (C_DigestKey_closure == NULL) { fprintf(stderr, "\nError binding with caml C_DigestKey\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input1, NULL); tuple = caml_callbackN(*C_DigestKey_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_SignInit(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 3); ck_rv_t ret; static value *C_SignInit_closure = NULL; if (C_SignInit_closure == NULL) { C_SignInit_closure = caml_named_value("C_SignInit"); } if (C_SignInit_closure == NULL) { fprintf(stderr, "\nError binding with caml C_SignInit\n"); exit(-1); } #ifdef DEBUG fprintf(stderr, "C_SignInit calling\n"); #endif custom_sanitize_ck_mechanism(input1); /* Check to make sure we cannot initialize before fetching the result * of a previous crypto call */ if (check_operation_active_in_filtering_list(input0, SIGN_OP) != NULL) { CAMLreturn(CKR_OPERATION_ACTIVE); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_c2ml_pkcs11_struct_ck_mechanism(input1, NULL); args[2] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input2, NULL); tuple = caml_callbackN(*C_SignInit_closure, 3, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_Sign(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_Sign_closure = NULL; /* Remember previous calls */ p11_request_struct *elem; if (C_Sign_closure == NULL) { C_Sign_closure = caml_named_value("C_Sign"); } if (C_Sign_closure == NULL) { fprintf(stderr, "\nError binding with caml C_Sign\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } #ifdef DEBUG fprintf(stderr, "C_Sign calling\n"); #endif args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); /* Remember previous calls */ check_linked_list("Sign", SIGN_OP, input0, input1, input1_len, output2, output2_len); tuple = caml_callbackN(*C_Sign_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(Sign, SIGN_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_SignUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_SignUpdate_closure = NULL; if (C_SignUpdate_closure == NULL) { C_SignUpdate_closure = caml_named_value("C_SignUpdate"); } if (C_SignUpdate_closure == NULL) { fprintf(stderr, "\nError binding with caml C_SignUpdate\n"); exit(-1); } #ifdef DEBUG fprintf(stderr, "C_SignUpdate calling\n"); #endif args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); tuple = caml_callbackN(*C_SignUpdate_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_SignFinal(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_SignFinal_closure = NULL; p11_request_struct *elem; #ifdef DEBUG fprintf(stderr, "C_SignFinal calling\n"); #endif if (C_SignFinal_closure == NULL) { C_SignFinal_closure = caml_named_value("C_SignFinal"); } if (C_SignFinal_closure == NULL) { fprintf(stderr, "\nError binding with caml C_SignFinal\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output1_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } /* Remember previous calls */ check_linked_list("SignFinal", SIGN_FINAL_OP, input0, NULL, 0, output1, output1_len); args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); tuple = caml_callbackN(*C_SignFinal_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(SignFinal, SIGN_FINAL_OP, input0, NULL, 0, output1, output1_len); } ck_rv_t myC_SignRecoverInit(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 3); ck_rv_t ret; static value *C_SignRecoverInit_closure = NULL; if (C_SignRecoverInit_closure == NULL) { C_SignRecoverInit_closure = caml_named_value("C_SignRecoverInit"); } if (C_SignRecoverInit_closure == NULL) { fprintf(stderr, "\nError binding with caml C_SignRecoverInit\n"); exit(-1); } #ifdef DEBUG fprintf(stderr, "C_SignRecoverInit calling\n"); #endif custom_sanitize_ck_mechanism(input1); /* Check to make sure we cannot initialize before fetching the result * of a previous crypto call */ if (check_operation_active_in_filtering_list(input0, SIGN_RECOVER_OP) != NULL) { CAMLreturn(CKR_OPERATION_ACTIVE); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_c2ml_pkcs11_struct_ck_mechanism(input1, NULL); args[2] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input2, NULL); tuple = caml_callbackN(*C_SignRecoverInit_closure, 3, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_SignRecover(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_SignRecover_closure = NULL; p11_request_struct *elem; #ifdef DEBUG fprintf(stderr, "C_SignRecover calling\n"); #endif if (C_SignRecover_closure == NULL) { C_SignRecover_closure = caml_named_value("C_SignRecover"); } if (C_SignRecover_closure == NULL) { fprintf(stderr, "\nError binding with caml C_SignRecover\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } /* Remember previous calls */ check_linked_list("SignRecover", SIGN_RECOVER_OP, input0, input1, input1_len, output2, output2_len); args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); tuple = caml_callbackN(*C_SignRecover_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(SignRecover, SIGN_RECOVER_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_VerifyRecoverInit(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 3); ck_rv_t ret; static value *C_VerifyRecoverInit_closure = NULL; if (C_VerifyRecoverInit_closure == NULL) { C_VerifyRecoverInit_closure = caml_named_value("C_VerifyRecoverInit"); } if (C_VerifyRecoverInit_closure == NULL) { fprintf(stderr, "\nError binding with caml C_VerifyRecoverInit\n"); exit(-1); } #ifdef DEBUG fprintf(stderr, "C_VerifyRecoverInit calling\n"); #endif custom_sanitize_ck_mechanism(input1); /* Check to make sure we cannot initialize before fetching the result * of a previous crypto call */ if (check_operation_active_in_filtering_list(input0, VERIFY_RECOVER_OP) != NULL) { CAMLreturn(CKR_OPERATION_ACTIVE); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_c2ml_pkcs11_struct_ck_mechanism(input1, NULL); args[2] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input2, NULL); tuple = caml_callbackN(*C_VerifyRecoverInit_closure, 3, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_VerifyInit(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 3); ck_rv_t ret; static value *C_VerifyInit_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_VerifyInit calling\n"); #endif if (C_VerifyInit_closure == NULL) { C_VerifyInit_closure = caml_named_value("C_VerifyInit"); } if (C_VerifyInit_closure == NULL) { fprintf(stderr, "\nError binding with caml C_VerifyInit\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_c2ml_pkcs11_struct_ck_mechanism(input1, NULL); args[2] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input2, NULL); tuple = caml_callbackN(*C_VerifyInit_closure, 3, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_Verify(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *input2, unsigned long input2_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 3); ck_rv_t ret; static value *C_Verify_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_Verify calling\n"); #endif if (C_Verify_closure == NULL) { C_Verify_closure = caml_named_value("C_Verify"); } if (C_Verify_closure == NULL) { fprintf(stderr, "\nError binding with caml C_Verify\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); args[2] = custom_pkcs11_c2ml_buffer_to_char_array(input2, input2_len); tuple = caml_callbackN(*C_Verify_closure, 3, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_VerifyUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_VerifyUpdate_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_VerifyUpdate calling\n"); #endif if (C_VerifyUpdate_closure == NULL) { C_VerifyUpdate_closure = caml_named_value("C_VerifyUpdate"); } if (C_VerifyUpdate_closure == NULL) { fprintf(stderr, "\nError binding with caml C_VerifyUpdate\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); tuple = caml_callbackN(*C_VerifyUpdate_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_VerifyFinal(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_VerifyFinal_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_VerifyFinal calling\n"); #endif if (C_VerifyFinal_closure == NULL) { C_VerifyFinal_closure = caml_named_value("C_VerifyFinal"); } if (C_VerifyFinal_closure == NULL) { fprintf(stderr, "\nError binding with caml C_VerifyFinal\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); tuple = caml_callbackN(*C_VerifyFinal_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_VerifyRecover(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_VerifyRecover_closure = NULL; p11_request_struct *elem; #ifdef DEBUG fprintf(stderr, "C_VerifyRecover calling\n"); #endif if (C_VerifyRecover_closure == NULL) { C_VerifyRecover_closure = caml_named_value("C_VerifyRecover"); } if (C_VerifyRecover_closure == NULL) { fprintf(stderr, "\nError binding with caml C_VerifyRecover\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } /* Remember previous calls */ check_linked_list("VerifyRecover", VERIFY_RECOVER_OP, input0, input1, input1_len, output2, output2_len); args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); tuple = caml_callbackN(*C_VerifyRecover_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(VerifyRecover, VERIFY_RECOVER_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_EncryptInit(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 3); ck_rv_t ret; static value *C_EncryptInit_closure = NULL; if (C_EncryptInit_closure == NULL) { C_EncryptInit_closure = caml_named_value("C_EncryptInit"); } if (C_EncryptInit_closure == NULL) { fprintf(stderr, "\nError binding with caml C_EncryptInit\n"); exit(-1); } #ifdef DEBUG fprintf(stderr, "C_EncryptInit calling\n"); #endif custom_sanitize_ck_mechanism(input1); /* Check to make sure we cannot initialize before fetching the result * of a previous crypto call */ if (check_operation_active_in_filtering_list(input0, ENCRYPT_OP) != NULL) { CAMLreturn(CKR_OPERATION_ACTIVE); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_c2ml_pkcs11_struct_ck_mechanism(input1, NULL); args[2] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input2, NULL); tuple = caml_callbackN(*C_EncryptInit_closure, 3, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_Encrypt(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; p11_request_struct *elem; static value *C_Encrypt_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_Encrypt calling\n"); #endif /* Remember previous calls */ if (C_Encrypt_closure == NULL) { C_Encrypt_closure = caml_named_value("C_Encrypt"); } if (C_Encrypt_closure == NULL) { fprintf(stderr, "\nError binding with caml C_Encrypt\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); /* Remember previous calls */ check_linked_list("Encrypt", ENCRYPT_OP, input0, input1, input1_len, output2, output2_len); tuple = caml_callbackN(*C_Encrypt_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(Encrypt, ENCRYPT_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_EncryptUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_EncryptUpdate_closure = NULL; p11_request_struct *elem; #ifdef DEBUG fprintf(stderr, "C_EncryptUpdate calling\n"); #endif if (C_EncryptUpdate_closure == NULL) { C_EncryptUpdate_closure = caml_named_value("C_EncryptUpdate"); } if (C_EncryptUpdate_closure == NULL) { fprintf(stderr, "\nError binding with caml C_EncryptUpdate\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } /* Remember previous calls */ check_linked_list("EncryptUpdate", ENCRYPT_UPDATE_OP, input0, input1, input1_len, output2, output2_len); args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); tuple = caml_callbackN(*C_EncryptUpdate_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(EncryptUpdate, ENCRYPT_UPDATE_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_EncryptFinal(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_EncryptFinal_closure = NULL; p11_request_struct *elem; #ifdef DEBUG fprintf(stderr, "C_EncryptFinal calling\n"); #endif if (C_EncryptFinal_closure == NULL) { C_EncryptFinal_closure = caml_named_value("C_EncryptFinal"); } if (C_EncryptFinal_closure == NULL) { fprintf(stderr, "\nError binding with caml C_EncryptFinal\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output1_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } /* Remember previous calls */ check_linked_list("EncryptFinal", ENCRYPT_FINAL_OP, input0, NULL, 0, output1, output1_len); args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); tuple = caml_callbackN(*C_EncryptFinal_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(EncryptFinal, ENCRYPT_FINAL_OP, input0, NULL, 0, output1, output1_len); } ck_rv_t myC_DigestEncryptUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_DigestEncryptUpdate_closure = NULL; p11_request_struct *elem; #ifdef DEBUG fprintf(stderr, "C_DigestEncryptUpdate calling\n"); #endif if (C_DigestEncryptUpdate_closure == NULL) { C_DigestEncryptUpdate_closure = caml_named_value("C_DigestEncryptUpdate"); } if (C_DigestEncryptUpdate_closure == NULL) { fprintf(stderr, "\nError binding with caml C_DigestEncryptUpdate\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } /* Remember previous calls */ check_linked_list("DigestEncryptUpdate", DIGEST_ENCRYPT_UPDATE_OP, input0, input1, input1_len, output2, output2_len); args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); tuple = caml_callbackN(*C_DigestEncryptUpdate_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(DigestEncryptUpdate, DIGEST_ENCRYPT_UPDATE_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_SignEncryptUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_SignEncryptUpdate_closure = NULL; p11_request_struct *elem; #ifdef DEBUG fprintf(stderr, "C_SignEncryptUpdate calling\n"); #endif if (C_SignEncryptUpdate_closure == NULL) { C_SignEncryptUpdate_closure = caml_named_value("C_SignEncryptUpdate"); } if (C_SignEncryptUpdate_closure == NULL) { fprintf(stderr, "\nError binding with caml C_SignEncryptUpdate\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } /* Remember previous calls */ check_linked_list("SignEncryptUpdate", SIGN_ENCRYPT_UPDATE_OP, input0, input1, input1_len, output2, output2_len); args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); tuple = caml_callbackN(*C_SignEncryptUpdate_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(SignEncryptUpdate, SIGN_ENCRYPT_UPDATE_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_DecryptInit(ck_session_handle_t input0, struct ck_mechanism *input1, ck_object_handle_t input2) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 3); ck_rv_t ret; static value *C_DecryptInit_closure = NULL; if (C_DecryptInit_closure == NULL) { C_DecryptInit_closure = caml_named_value("C_DecryptInit"); } if (C_DecryptInit_closure == NULL) { fprintf(stderr, "\nError binding with caml C_DecryptInit\n"); exit(-1); } #ifdef DEBUG fprintf(stderr, "C_DecryptInit calling\n"); #endif custom_sanitize_ck_mechanism(input1); /* Check to make sure we cannot initialize before fetching the result * of a previous crypto call */ if (check_operation_active_in_filtering_list(input0, DECRYPT_OP) != NULL) { CAMLreturn(CKR_OPERATION_ACTIVE); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_c2ml_pkcs11_struct_ck_mechanism(input1, NULL); args[2] = camlidl_c2ml_pkcs11_ck_object_handle_t(&input2, NULL); tuple = caml_callbackN(*C_DecryptInit_closure, 3, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_Decrypt(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_Decrypt_closure = NULL; /* Remember previous calls */ p11_request_struct *elem; if (C_Decrypt_closure == NULL) { C_Decrypt_closure = caml_named_value("C_Decrypt"); } if (C_Decrypt_closure == NULL) { fprintf(stderr, "\nError binding with caml C_Decrypt\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } #ifdef DEBUG fprintf(stderr, "C_Decrypt calling\n"); #endif args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); /* Remember previous calls */ check_linked_list("Decrypt", DECRYPT_OP, input0, input1, input1_len, output2, output2_len); tuple = caml_callbackN(*C_Decrypt_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(Decrypt, DECRYPT_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_DecryptUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_DecryptUpdate_closure = NULL; p11_request_struct *elem; #ifdef DEBUG fprintf(stderr, "C_DecryptUpdate calling\n"); #endif if (C_DecryptUpdate_closure == NULL) { C_DecryptUpdate_closure = caml_named_value("C_DecryptUpdate"); } if (C_DecryptUpdate_closure == NULL) { fprintf(stderr, "\nError binding with caml C_DecryptUpdate\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } /* Remember previous calls */ check_linked_list("DecryptUpdate", DECRYPT_UPDATE_OP, input0, input1, input1_len, output2, output2_len); args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); tuple = caml_callbackN(*C_DecryptUpdate_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(DecryptUpdate, DECRYPT_UPDATE_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_DecryptFinal(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_DecryptFinal_closure = NULL; p11_request_struct *elem; #ifdef DEBUG fprintf(stderr, "C_DecryptFinal calling\n"); #endif if (C_DecryptFinal_closure == NULL) { C_DecryptFinal_closure = caml_named_value("C_DecryptFinal"); } if (C_DecryptFinal_closure == NULL) { fprintf(stderr, "\nError binding with caml C_DecryptFinal\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output1_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } /* Remember previous calls */ check_linked_list("DecryptFinal", DECRYPT_FINAL_OP, input0, NULL, 0, output1, output1_len); args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); tuple = caml_callbackN(*C_DecryptFinal_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(DecryptFinal, DECRYPT_FINAL_OP, input0, NULL, 0, output1, output1_len); } ck_rv_t myC_DecryptDigestUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_DecryptDigestUpdate_closure = NULL; p11_request_struct *elem; #ifdef DEBUG fprintf(stderr, "C_DecryptDigestUpdate calling\n"); #endif if (C_DecryptDigestUpdate_closure == NULL) { C_DecryptDigestUpdate_closure = caml_named_value("C_DecryptDigestUpdate"); } if (C_DecryptDigestUpdate_closure == NULL) { fprintf(stderr, "\nError binding with caml C_DecryptDigestUpdate\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } /* Remember previous calls */ check_linked_list("DecryptDigestUpdate", DECRYPT_DIGEST_UPDATE_OP, input0, input1, input1_len, output2, output2_len); args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); tuple = caml_callbackN(*C_DecryptDigestUpdate_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(DecryptDigestUpdate, DECRYPT_DIGEST_UPDATE_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_DecryptVerifyUpdate(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 2); ck_rv_t ret; static value *C_DecryptVerifyUpdate_closure = NULL; p11_request_struct *elem; #ifdef DEBUG fprintf(stderr, "C_DecryptVerifyUpdate calling\n"); #endif if (C_DecryptVerifyUpdate_closure == NULL) { C_DecryptVerifyUpdate_closure = caml_named_value("C_DecryptVerifyUpdate"); } if (C_DecryptVerifyUpdate_closure == NULL) { fprintf(stderr, "\nError binding with caml C_DecryptVerifyUpdate\n"); exit(-1); } /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { CAMLreturn(CKR_ARGUMENTS_BAD); } /* Remember previous calls */ check_linked_list("DecryptVerifyUpdate", DECRYPT_VERIFY_UPDATE_OP, input0, input1, input1_len, output2, output2_len); args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); args[1] = custom_pkcs11_c2ml_buffer_to_char_array(input1, input1_len); tuple = caml_callbackN(*C_DecryptVerifyUpdate_closure, 2, args); camlidl_ml2c_pkcs11_ck_rv_t(Field(tuple, 0), &ret, NULL); handle_linked_list(DecryptVerifyUpdate, DECRYPT_VERIFY_UPDATE_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_GetFunctionStatus(ck_session_handle_t input0) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_GetFunctionStatus_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_GetFunctionStatus calling\n"); #endif if (C_GetFunctionStatus_closure == NULL) { C_GetFunctionStatus_closure = caml_named_value("C_GetFunctionStatus"); } if (C_GetFunctionStatus_closure == NULL) { fprintf(stderr, "\nError binding with caml C_GetFunctionStatus\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); tuple = caml_callbackN(*C_GetFunctionStatus_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_CancelFunction(ck_session_handle_t input0) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_CancelFunction_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_CancelFunction calling\n"); #endif if (C_CancelFunction_closure == NULL) { C_CancelFunction_closure = caml_named_value("C_CancelFunction"); } if (C_CancelFunction_closure == NULL) { fprintf(stderr, "\nError binding with caml C_CancelFunction\n"); exit(-1); } args[0] = camlidl_c2ml_pkcs11_ck_session_handle_t(&input0, NULL); tuple = caml_callbackN(*C_CancelFunction_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } ck_rv_t myC_LoadModule(const char *libname) { CAMLparam0(); CAMLlocal1(tuple); CAMLlocalN(args, 1); ck_rv_t ret; static value *C_LoadModule_closure = NULL; #ifdef DEBUG fprintf(stderr, "C_LoadModule calling for module %s to be loaded\n", libname); #endif if (C_LoadModule_closure == NULL) { C_LoadModule_closure = caml_named_value("C_LoadModule"); } if (C_LoadModule_closure == NULL) { fprintf(stderr, "\nError binding with caml C_LoadModule\n"); exit(-1); } args[0] = caml_copy_string(libname); tuple = caml_callbackN(*C_LoadModule_closure, 1, args); camlidl_ml2c_pkcs11_ck_rv_t(tuple, &ret, NULL); CAMLreturn(ret); } caml-crush-1.0.12/src/client-lib/modwrap_crpc.c000066400000000000000000003042441414774042300213030ustar00rootroot00000000000000/*------------------------ MIT License HEADER ------------------------------------ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the client library 5] source tree: -------------------- | 5] Client library | | -------- | | | | PKCS#11 | | | |functions| | -------- | -------------------- | | { PKCS#11 INTERFACE } | APPLICATION Project: PKCS#11 Filtering Proxy File: src/client-lib/modwrap_crpc.c -------------------------- MIT License HEADER ----------------------------------*/ #include "modwrap.h" /* ------------------------------*/ /* RPC C serialization functions */ void deserialize_rpc_ck_version(struct ck_version *out, struct rpc_ck_version *in) { memcpy(&(out->major), (in->major.major_val), in->major.major_len); memcpy(&(out->minor), (in->minor.minor_val), in->minor.minor_len); custom_free((void **)&in->major.major_val); custom_free((void **)&in->minor.minor_val); return; } void deserialize_rpc_ck_info(struct ck_info *out, struct rpc_ck_info *in) { deserialize_rpc_ck_version(&(out->cryptoki_version), &(in->rpc_ck_info_cryptoki_version)); memcpy(out->manufacturer_id, in->rpc_ck_info_manufacturer_id.rpc_ck_info_manufacturer_id_val, in->rpc_ck_info_manufacturer_id.rpc_ck_info_manufacturer_id_len); out->flags = in->rpc_ck_info_flags; memcpy(out->library_description, in->rpc_ck_info_library_description. rpc_ck_info_library_description_val, in->rpc_ck_info_library_description. rpc_ck_info_library_description_len); deserialize_rpc_ck_version(&(out->library_version), &(in->rpc_ck_info_library_version)); custom_free((void **)&in->rpc_ck_info_manufacturer_id. rpc_ck_info_manufacturer_id_val); custom_free((void **)&in->rpc_ck_info_library_description. rpc_ck_info_library_description_val); return; } void deserialize_rpc_ck_slot_info(struct ck_slot_info *out, struct rpc_ck_slot_info *in) { memcpy(out->slot_description, in->rpc_ck_slot_info_slot_description. rpc_ck_slot_info_slot_description_val, in->rpc_ck_slot_info_slot_description. rpc_ck_slot_info_slot_description_len); memcpy(out->manufacturer_id, in->rpc_ck_slot_info_manufacturer_id. rpc_ck_slot_info_manufacturer_id_val, in->rpc_ck_slot_info_manufacturer_id. rpc_ck_slot_info_manufacturer_id_len); out->flags = in->rpc_ck_slot_info_flags; deserialize_rpc_ck_version(&(out->hardware_version), &(in->rpc_ck_slot_info_hardware_version)); deserialize_rpc_ck_version(&(out->firmware_version), &(in->rpc_ck_slot_info_firmware_version)); custom_free((void **)&in->rpc_ck_slot_info_slot_description. rpc_ck_slot_info_slot_description_val); custom_free((void **)&in->rpc_ck_slot_info_manufacturer_id. rpc_ck_slot_info_manufacturer_id_val); return; } void deserialize_rpc_ck_token_info(struct ck_token_info *out, struct rpc_ck_token_info *in) { memcpy(out->label, in->rpc_ck_token_info_label.rpc_ck_token_info_label_val, in->rpc_ck_token_info_label.rpc_ck_token_info_label_len); memcpy(out->manufacturer_id, in->rpc_ck_token_info_manufacturer_id. rpc_ck_token_info_manufacturer_id_val, in->rpc_ck_token_info_manufacturer_id. rpc_ck_token_info_manufacturer_id_len); memcpy(out->model, in->rpc_ck_token_info_model.rpc_ck_token_info_model_val, in->rpc_ck_token_info_model.rpc_ck_token_info_model_len); memcpy(out->serial_number, in->rpc_ck_token_info_serial_number. rpc_ck_token_info_serial_number_val, in->rpc_ck_token_info_serial_number. rpc_ck_token_info_serial_number_len); out->flags = in->rpc_ck_token_info_flags; out->max_session_count = in->rpc_ck_token_info_max_session_count; out->session_count = in->rpc_ck_token_info_session_count; out->max_rw_session_count = in->rpc_ck_token_info_max_rw_session_count; out->rw_session_count = in->rpc_ck_token_info_rw_session_count; out->max_pin_len = in->rpc_ck_token_info_max_pin_len; out->min_pin_len = in->rpc_ck_token_info_min_pin_len; out->total_public_memory = in->rpc_ck_token_info_total_public_memory; out->free_public_memory = in->rpc_ck_token_info_free_public_memory; out->total_private_memory = in->rpc_ck_token_info_total_private_memory; out->free_private_memory = in->rpc_ck_token_info_free_private_memory; deserialize_rpc_ck_version(&(out->hardware_version), &(in->rpc_ck_token_info_hardware_version)); deserialize_rpc_ck_version(&(out->firmware_version), &(in->rpc_ck_token_info_firmware_version)); memcpy(out->utc_time, in->rpc_ck_token_info_utc_time.rpc_ck_token_info_utc_time_val, in->rpc_ck_token_info_utc_time.rpc_ck_token_info_utc_time_len); custom_free((void **)&in->rpc_ck_token_info_label. rpc_ck_token_info_label_val); custom_free((void **)&in->rpc_ck_token_info_manufacturer_id. rpc_ck_token_info_manufacturer_id_val); custom_free((void **)&in->rpc_ck_token_info_model. rpc_ck_token_info_model_val); custom_free((void **)&in->rpc_ck_token_info_serial_number. rpc_ck_token_info_serial_number_val); custom_free((void **)&in->rpc_ck_token_info_utc_time. rpc_ck_token_info_utc_time_val); return; } void deserialize_rpc_ck_mechanism(struct ck_mechanism *out, struct rpc_ck_mechanism *in) { out->mechanism = in->rpc_ck_mechanism_mechanism; memcpy(out->parameter, in->rpc_ck_mechanism_parameter.rpc_ck_mechanism_parameter_val, in->rpc_ck_mechanism_parameter.rpc_ck_mechanism_parameter_len); custom_free((void **)&in->rpc_ck_mechanism_parameter. rpc_ck_mechanism_parameter_val); return; } void deserialize_rpc_ck_session_info(struct ck_session_info *out, struct rpc_ck_session_info *in) { out->slot_id = in->rpc_ck_session_info_slot_id; out->state = in->rpc_ck_session_info_state; out->flags = in->rpc_ck_session_info_flags; out->device_error = in->rpc_ck_session_info_device_error; return; } void deserialize_rpc_ck_mechanism_info(struct ck_mechanism_info *out, struct rpc_ck_mechanism_info *in) { out->min_key_size = in->rpc_ck_mechanism_info_min_key_size; out->max_key_size = in->rpc_ck_mechanism_info_max_key_size; out->flags = in->rpc_ck_mechanism_info_flags; return; } void deserialize_rpc_ck_attribute(struct ck_attribute *out, struct rpc_ck_attribute *in, ck_rv_t ret) { out->type_ = in->rpc_ck_attribute_type; out->value_len = in->rpc_ck_attribute_value_len; if (out->value_len != 0) { /* We must first check that the value is not NULL while the length is */ if (out->value == NULL) { /* Return an error if this is the case ... */ custom_free((void **)&in->rpc_ck_attribute_value. rpc_ck_attribute_value_val); return; } memcpy(out->value, in->rpc_ck_attribute_value.rpc_ck_attribute_value_val, in->rpc_ck_attribute_value.rpc_ck_attribute_value_len); } /* Carry the ret value to update UlValueLen to be passed -1 on errors */ else { if (ret != CKR_OK) { out->value_len = -1; } } custom_free((void **)&in->rpc_ck_attribute_value.rpc_ck_attribute_value_val); return; } void deserialize_rpc_ck_attribute_array(struct ck_attribute *out, rpc_ck_attribute_array * in, ck_rv_t ret) { unsigned int i; for (i = 0; i < in->rpc_ck_attribute_array_len; i++) { deserialize_rpc_ck_attribute(&(out[i]), &(in->rpc_ck_attribute_array_val[i]), ret); } custom_free((void **)&in->rpc_ck_attribute_array_val); return; } void deserialize_rpc_ck_date(struct ck_date *out, struct rpc_ck_date *in) { memcpy(out->year, in->rpc_ck_date_year.rpc_ck_date_year_val, in->rpc_ck_date_year.rpc_ck_date_year_len); memcpy(out->month, in->rpc_ck_date_month.rpc_ck_date_month_val, in->rpc_ck_date_month.rpc_ck_date_month_len); memcpy(out->day, in->rpc_ck_date_day.rpc_ck_date_day_val, in->rpc_ck_date_day.rpc_ck_date_day_len); custom_free((void **)&in->rpc_ck_date_year.rpc_ck_date_year_val); custom_free((void **)&in->rpc_ck_date_month.rpc_ck_date_month_val); custom_free((void **)&in->rpc_ck_date_day.rpc_ck_date_day_val); return; } void serialize_rpc_ck_attribute(struct ck_attribute *in, struct rpc_ck_attribute *out) { out->rpc_ck_attribute_type = in->type_; out->rpc_ck_attribute_value_len = in->value_len; if ((in->value != NULL) && ((int)in->value_len >= 0)) { out->rpc_ck_attribute_value.rpc_ck_attribute_value_len = in->value_len; out->rpc_ck_attribute_value.rpc_ck_attribute_value_val = custom_malloc(sizeof(char) * in->value_len); memcpy(out->rpc_ck_attribute_value.rpc_ck_attribute_value_val, in->value, in->value_len); } else { out->rpc_ck_attribute_value.rpc_ck_attribute_value_len = 0; out->rpc_ck_attribute_value.rpc_ck_attribute_value_val = NULL; } return; } void free_rpc_ck_attribute(rpc_ck_attribute * in) { if (in->rpc_ck_attribute_value.rpc_ck_attribute_value_val != NULL) { custom_free((void **) &(in->rpc_ck_attribute_value.rpc_ck_attribute_value_val)); } return; } void serialize_rpc_ck_attribute_array(struct ck_attribute *in, unsigned long in_len, rpc_ck_attribute_array * out) { unsigned int i; out->rpc_ck_attribute_array_len = in_len; out->rpc_ck_attribute_array_val = custom_malloc(sizeof(rpc_ck_attribute) * in_len); for (i = 0; i < in_len; i++) { serialize_rpc_ck_attribute(&(in[i]), &(out->rpc_ck_attribute_array_val[i])); } return; } void free_rpc_ck_attribute_array(rpc_ck_attribute_array * in) { unsigned int i; for (i = 0; i < in->rpc_ck_attribute_array_len; i++) { free_rpc_ck_attribute(&(in->rpc_ck_attribute_array_val[i])); } if (in->rpc_ck_attribute_array_val != NULL) { custom_free((void **)&(in->rpc_ck_attribute_array_val)); } return; } void serialize_rpc_ck_mechanism(struct ck_mechanism *in, struct rpc_ck_mechanism *out) { out->rpc_ck_mechanism_mechanism = in->mechanism; out->rpc_ck_mechanism_parameter.rpc_ck_mechanism_parameter_len = in->parameter_len; out->rpc_ck_mechanism_parameter.rpc_ck_mechanism_parameter_val = custom_malloc(sizeof(char) * in->parameter_len); memcpy(out->rpc_ck_mechanism_parameter.rpc_ck_mechanism_parameter_val, in->parameter, in->parameter_len); return; } void free_rpc_ck_mechanism(rpc_ck_mechanism * in) { custom_free((void **) &(in->rpc_ck_mechanism_parameter.rpc_ck_mechanism_parameter_val)); return; } /* ------------------------------*/ /* RPC C PKCS#11 functions */ CLIENT *cl = NULL; /* TCP socket type */ #ifdef TCP_SOCKET void parse_socket_path(const char *socket_path, struct sockaddr_in *serv_addr) { struct hostent *hp; char *token = NULL; char *copy; int i = 0; int port = 0; #ifdef WIN32 WSADATA wsaData; /* Initialize Winsock, version 2.2 */ int iResult = WSAStartup(MAKEWORD(2, 2), &wsaData); if (iResult != 0) { fprintf(stderr, "WSAStartup failed: %d\n", iResult); WSACleanup(); exit(-1); } #endif /* copy input string */ copy = custom_malloc(strnlen(socket_path, MAX_HOSTNAME_LEN) + 1); memset(copy, 0, strnlen(socket_path, MAX_HOSTNAME_LEN) + 1); strncpy(copy, socket_path, strnlen(socket_path, MAX_HOSTNAME_LEN)); token = strtok(copy, ":"); while (token != NULL) { if (i == 0) { if ((hp = gethostbyname(token)) == NULL) { fprintf(stderr, "error: can't get addr for %s\n", token); if (copy != NULL) { custom_free((void **)&(copy)); } #ifdef WIN32 WSACleanup(); #endif exit(-1); } /* copy the resulting host entry in socket */ bcopy(hp->h_addr, (caddr_t) & serv_addr->sin_addr, hp->h_length); } if (i == 1) { /* copy the resulting host entry in socket */ /* We cast with an unsigned short to be bound 0-65535 */ port = (unsigned short)atoi(token); if (port == 0) { fprintf(stderr, "error: can't get port for %s\n", token); if (copy != NULL) { custom_free((void **)&(copy)); } #ifdef WIN32 WSACleanup(); #endif exit(-1); } serv_addr->sin_port = htons(port); } if (i > 1) { /* should not be here */ fprintf(stderr, "error: can't parse socket_addr given: %s\n", socket_path); if (copy != NULL) { custom_free((void **)&(copy)); } #ifdef WIN32 WSACleanup(); #endif exit(-1); } token = strtok(NULL, ":"); i++; } serv_addr->sin_family = AF_INET; if (copy != NULL) { custom_free((void **)&(copy)); } #ifdef WIN32 if(WSACleanup()){ fprintf(stderr, "error: WSACleanup failed %d\n", WSAGetLastError()); } #endif return; } #endif ck_rv_t init_c(const char *module) { ck_rv_t ret; /* Define RPC timeout */ struct timeval timeout; /* path to socket */ char *env_socket_path; /* environment variable to override default RPC timeout */ char *env_timeout_override; long int timeout_value; /* Call C LoadModule */ int rpc_sock = RPC_ANYSOCK; #ifdef UNIX_SOCKET struct sockaddr_un *serv_addr; serv_addr = custom_malloc(sizeof(struct sockaddr_un)); serv_addr->sun_family = AF_UNIX; #ifdef FreeBSD /* FreeBSD sockaddr_un structure needs a sun_len */ serv_addr->sun_len = SUN_LEN(serv_addr); #endif #elif TCP_SOCKET struct sockaddr_in serv_addr; #endif /* try to find user-defined path to socket */ env_socket_path = getenv(ENV_SOCKET_PATH_NAME); if (env_socket_path != NULL) { #ifdef UNIX_SOCKET strncpy(serv_addr->sun_path, env_socket_path, (sizeof(serv_addr->sun_path) - 1)); #elif TCP_SOCKET parse_socket_path(env_socket_path, &serv_addr); #endif } else { #ifdef UNIX_SOCKET strncpy(serv_addr->sun_path, xstr(SOCKET_PATH), (sizeof(serv_addr->sun_path) - 1)); #elif TCP_SOCKET parse_socket_path(xstr(SOCKET_PATH), &serv_addr); #endif } #ifdef UNIX_SOCKET cl = clntunix_create(serv_addr, P, V, &rpc_sock, 0, 0); #ifndef FreeBSD /* We have to free the pointer, FreeBSD does it in its libc ... */ custom_free((void **)&(serv_addr)); #endif #elif TCP_SOCKET #ifdef WIN32 /* This init call initialize Windows sockets */ if(rpc_nt_init() != 0){ fprintf(stderr, "error: could not initialize Windows sockets.\n"); } #endif cl = clnttcp_create(&serv_addr, P, V, &rpc_sock, 0, 0); #endif /* Check RPC status */ if (cl == NULL) { fprintf(stderr, "error: could not connect to server.\n"); return CKR_GENERAL_ERROR; } #ifdef WITH_SSL override_net_functions(cl); #ifdef GNU_TLS ret = start_gnutls(rpc_sock); #else ret = start_openssl(rpc_sock); #endif if (ret != 0) { #ifdef GNU_TLS fprintf(stderr, "GNUTLS Error\n"); #else fprintf(stderr, "OpenSSL Error\n"); #endif /* This is brutal but an SSL error seems worrying enough to exit()*/ exit(-1); } #endif /* END WITH_SSL */ /* Initialize Architecture */ ret = myC_SetupArch_C(); switch (ret) { case LITTLE_ENDIAN_64: case LITTLE_ENDIAN_32: case BIG_ENDIAN_64: case BIG_ENDIAN_32: peer_arch = ret; break; default: fprintf(stderr, "Unsupported architecture error EXITING\n"); return UNSUPPORTED_ARCHITECTURE; } /* Control timeout setting */ env_timeout_override = getenv(ENV_RPC_TIMEOUT); timeout.tv_sec = RPC_DEFAULT_TIMEOUT; timeout.tv_usec = 0; if (env_timeout_override != NULL) { timeout_value = atol(env_timeout_override); /* basic check, we do not want a zero timeout */ if(timeout_value != 0){ timeout.tv_sec = timeout_value; } } clnt_control(cl, CLSET_TIMEOUT, (char *)&timeout); #if defined(UNIX_SOCKET) && defined(_CS_GNU_LIBC_VERSION) /* Workaround to support RPC timeout with UNIX socket, see modwrap.h */ ((struct ct_data *)(cl->cl_private))->ct_waitset = TRUE; #endif ret = myC_LoadModule_C(module); return ret; } void destroy_c() { if (cl != NULL) { #if defined(WITH_SSL) && defined(GNU_TLS) #ifdef DEBUG fprintf(stderr, "GNUTLS purge\n"); #endif purge_gnutls(); #endif #if defined(WITH_SSL) && !defined(GNU_TLS) #ifdef DEBUG fprintf(stderr, "OpenSSL purge\n"); #endif purge_openssl(); #endif clnt_destroy(cl); } #ifdef WIN32 /* This allow the Windows socket to be properly closed */ if(rpc_nt_exit() != 0){ fprintf(stderr, "error: could not cleanup WSA context\n"); } #endif return; } ck_rv_t myC_SetupArch_C(void) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif ck_rv_t rv; unsigned int test = 0xAABBCCDD; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_SetupArch calling\n"); #endif /* Check status of RPC * redundant as when RPC failed, code should not be reached. * We keep it to stay coherent. */ check_rpc_status(C_SetupArch) if (((unsigned char *)&test)[0] == 0xDD) { /* LittleEndian */ if (sizeof(long) == 8) { /* 64bit */ my_arch = LITTLE_ENDIAN_64; } else { my_arch = LITTLE_ENDIAN_32; } } else { /* BigEndian */ if (sizeof(long) == 8) { /* 64bit */ my_arch = BIG_ENDIAN_64; } else { my_arch = BIG_ENDIAN_32; } } #ifdef RPCGEN_MT retval = c_setuparch_3(my_arch, &ret, cl); #else pret = c_setuparch_3(my_arch, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_SetupArch\n"); rv = -1; return rv; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif rv = ret; return rv; } ck_rv_t myC_LoadModule_C(const char *libname) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif ck_rv_t rv; opaque_data module; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret /* Check status of RPC */ check_rpc_status(C_Initialize) /* libnames are defined at compile time, so no need to check its length */ module.opaque_data_len = strlen(libname); module.opaque_data_val = (char *)libname; #ifdef DEBUG fprintf(stderr, "C_LoadModule calling for module %s to be loaded\n", libname); #endif #ifdef RPCGEN_MT retval = c_loadmodule_3(module, &ret, cl); #else pret = c_loadmodule_3(module, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_LoadModule\n"); rv = -1; return rv; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif rv = ret; return rv; } ck_rv_t myC_Initialize_C(void *init_args) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_Initialize calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_Initialize) /* Check for pInitArgs PTR presence */ if (init_args != NULL) { #ifdef DEBUG fprintf(stderr, "C_Initialize *pInitArgs not NULL, we won't use them\n"); #endif } #ifdef RPCGEN_MT retval = c_initialize_3(&ret, cl); #else pret = c_initialize_3(cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_Initialize\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_Finalize_C(void *init_args) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_Finalize calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_Finalize) /* P11 Compliance */ if (init_args != NULL) { return CKR_ARGUMENTS_BAD; } #ifdef RPCGEN_MT retval = c_finalize_3(&ret, cl); #else pret = c_finalize_3(cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_Finalize\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_GetInfo_C(struct ck_info * output0) { #ifdef RPCGEN_MT ck_rv_c_GetInfo ret; enum clnt_stat retval; #else ck_rv_c_GetInfo *pret = NULL; ck_rv_c_GetInfo ret; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_GetInfo calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_GetInfo) if (output0 == NULL) { return CKR_ARGUMENTS_BAD; } #ifdef RPCGEN_MT retval = c_getinfo_3(&ret, cl); #else pret = c_getinfo_3(cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_GetInfo\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif deserialize_rpc_ck_info(output0, &(ret.c_GetInfo_info)); return ret.c_GetInfo_rv; } ck_rv_t myC_GetSlotList_C(CK_BBOOL input0, ck_slot_id_t * output2, unsigned long *output3) { #ifdef RPCGEN_MT ck_rv_c_GetSlotList ret; enum clnt_stat retval; #else ck_rv_c_GetSlotList *pret = NULL; ck_rv_c_GetSlotList ret; #endif pkcs11_int token_present; pkcs11_int count; unsigned int i; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_GetSlotList calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_GetSlotList) /* P11 compliant */ if (output3 == NULL) { return CKR_ARGUMENTS_BAD; } if (input0 == 1) { /* CK_TRUE */ token_present = 1; } else { token_present = 0; } if (output2 == NULL) { count = 0; } else { count = *output3; } #ifdef RPCGEN_MT retval = c_getslotlist_3(token_present, count, &ret, cl); #else pret = c_getslotlist_3(token_present, count, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_GetSlotList\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif *output3 = ret.c_GetSlotList_count; /* Copy back only if *output2 is not NULL */ if (output2 != NULL) { for (i = 0; i < *output3; i++) { output2[i] = ret.c_GetSlotList_slot_list.c_GetSlotList_slot_list_val[i]; } } custom_free((void **)&ret.c_GetSlotList_slot_list. c_GetSlotList_slot_list_val); return ret.c_GetSlotList_rv; } ck_rv_t myC_GetSlotInfo_C(ck_slot_id_t input0, struct ck_slot_info * output1) { #ifdef RPCGEN_MT ck_rv_c_GetSlotInfo ret; enum clnt_stat retval; #else ck_rv_c_GetSlotInfo *pret = NULL; ck_rv_c_GetSlotInfo ret; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_GetSlotInfo calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_GetSlotInfo) /* P11 compliant */ if (output1 == NULL) { return CKR_ARGUMENTS_BAD; } #ifdef RPCGEN_MT retval = c_getslotinfo_3(input0, &ret, cl); #else pret = c_getslotinfo_3(input0, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_GetSlotInfo\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif deserialize_rpc_ck_slot_info(output1, &(ret.c_GetSlotInfo_slot_info)); return ret.c_GetSlotInfo_rv; } ck_rv_t myC_GetTokenInfo_C(ck_slot_id_t input0, struct ck_token_info * output1) { #ifdef RPCGEN_MT ck_rv_c_GetTokenInfo ret; enum clnt_stat retval; #else ck_rv_c_GetTokenInfo *pret = NULL; ck_rv_c_GetTokenInfo ret; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_GetTokenInfo calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_GetTokenInfo) /* P11 compliant */ if (output1 == NULL) { return CKR_ARGUMENTS_BAD; } #ifdef RPCGEN_MT retval = c_gettokeninfo_3(input0, &ret, cl); #else pret = c_gettokeninfo_3(input0, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_GetTokenInfo\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif deserialize_rpc_ck_token_info(output1, &(ret.c_GetTokenInfo_token_info)); return ret.c_GetTokenInfo_rv; } ck_rv_t myC_GetMechanismList_C(ck_slot_id_t input0, ck_mechanism_type_t * output2, unsigned long *output3) { #ifdef RPCGEN_MT ck_rv_c_GetMechanismList ret; enum clnt_stat retval; #else ck_rv_c_GetMechanismList *pret = NULL; ck_rv_c_GetMechanismList ret; #endif pkcs11_int count; unsigned int i; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_GetMechanismList calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_GetMechanismList) /* P11 compliant */ if (output3 == NULL) { return CKR_ARGUMENTS_BAD; } if (output2 == NULL) { count = 0; } else { count = *output3; } #ifdef RPCGEN_MT retval = c_getmechanismlist_3(input0, count, &ret, cl); #else pret = c_getmechanismlist_3(input0, count, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_GetMechanismList\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif /* TODO: explain P11 compliance algorithm */ if (ret.c_GetMechanismList_rv == CKR_BUFFER_TOO_SMALL) { *output3 = ret.c_GetMechanismList_count; custom_free((void **)&ret.c_GetMechanismList_list. c_GetMechanismList_list_val); return ret.c_GetMechanismList_rv; } else if (ret.c_GetMechanismList_rv != CKR_OK) { custom_free((void **)&ret.c_GetMechanismList_list. c_GetMechanismList_list_val); return ret.c_GetMechanismList_rv; } /* P11 compliant */ /* FIXME: For now cast to (unsigned long) because we should not recieve a huge mech_count */ if ((output2 != NULL && *output3 == 0) || (*output3 < (unsigned long)ret.c_GetMechanismList_count)) { *output3 = ret.c_GetMechanismList_count; if (output2 == NULL) { custom_free((void **)&ret.c_GetMechanismList_list. c_GetMechanismList_list_val); return ret.c_GetMechanismList_rv; } custom_free((void **)&ret.c_GetMechanismList_list. c_GetMechanismList_list_val); return CKR_BUFFER_TOO_SMALL; } *output3 = ret.c_GetMechanismList_count; if (output2 != NULL) { for (i = 0; i < *output3; i++) { output2[i] = ret.c_GetMechanismList_list.c_GetMechanismList_list_val[i]; } } custom_free((void **)&ret.c_GetMechanismList_list. c_GetMechanismList_list_val); return ret.c_GetMechanismList_rv; } ck_rv_t myC_GetMechanismInfo_C(ck_slot_id_t input0, ck_mechanism_type_t input1, struct ck_mechanism_info * output2) { #ifdef RPCGEN_MT ck_rv_c_GetMechanismInfo ret; enum clnt_stat retval; #else ck_rv_c_GetMechanismInfo *pret = NULL; ck_rv_c_GetMechanismInfo ret; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_GetMechanismInfo calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_GetMechanismInfo) /* P11 compliant */ if (output2 == NULL) { return CKR_ARGUMENTS_BAD; } #ifdef RPCGEN_MT retval = c_getmechanisminfo_3(input0, input1, &ret, cl); #else pret = c_getmechanisminfo_3(input0, input1, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_GetMechanismInfo\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif deserialize_rpc_ck_mechanism_info(output2, &(ret.c_GetMechanismInfo_info)); return ret.c_GetMechanismInfo_rv; } ck_rv_t myC_OpenSession_C(ck_slot_id_t input0, ck_flags_t input1, void *application, ck_notify_t notify, ck_session_handle_t * output2) { #ifdef RPCGEN_MT ck_rv_c_OpenSession ret; enum clnt_stat retval; #else ck_rv_c_OpenSession *pret = NULL; ck_rv_c_OpenSession ret; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_OpenSession calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_OpenSession) /* P11 compliant */ if (output2 == NULL) { return CKR_ARGUMENTS_BAD; } /* Check for application/notify PTR presence */ if ((application != NULL) || (notify != NULL)) { #ifdef DEBUG fprintf(stderr, "C_OpenSession *application/*notify not NULL, we won't pass them\n"); #endif } #ifdef RPCGEN_MT retval = c_opensession_3(input0, input1, &ret, cl); #else pret = c_opensession_3(input0, input1, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_OpenSession\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif *output2 = ret.c_OpenSession_handle; return ret.c_OpenSession_rv; } ck_rv_t myC_CloseSession_C(ck_session_handle_t input0) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_CloseSession calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_CloseSession) #ifdef RPCGEN_MT retval = c_closesession_3(input0, &ret, cl); #else pret = c_closesession_3(input0, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_CloseSession\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_CloseAllSessions_C(ck_slot_id_t input0) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_CloseAllSessions calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_CloseAllSessions) #ifdef RPCGEN_MT retval = c_closeallsessions_3(input0, &ret, cl); #else pret = c_closeallsessions_3(input0, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_CloseAllSessions\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_GetSessionInfo_C(ck_session_handle_t input0, struct ck_session_info * output1) { #ifdef RPCGEN_MT ck_rv_c_GetSessionInfo ret; enum clnt_stat retval; #else ck_rv_c_GetSessionInfo *pret = NULL; ck_rv_c_GetSessionInfo ret; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_GetSessionInfo calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_GetSessionInfo) /* P11 compliant */ if (output1 == NULL) { return CKR_ARGUMENTS_BAD; } #ifdef RPCGEN_MT retval = c_getsessioninfo_3(input0, &ret, cl); #else pret = c_getsessioninfo_3(input0, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_GetSessionInfo\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif deserialize_rpc_ck_session_info(output1, &(ret.c_GetSessionInfo_info)); return ret.c_GetSessionInfo_rv; } ck_rv_t myC_FindObjectsInit_C(ck_session_handle_t input0, CK_ATTRIBUTE * input1, unsigned long count) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif rpc_ck_attribute_array attributes; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_FindObjectsInit calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_FindObjectsInit) /* P11 compliant */ if (input1 == NULL && count > 0) { return CKR_ARGUMENTS_BAD; } /* If count is NULL, we pass an empty list to CAML */ if (count == 0) { attributes.rpc_ck_attribute_array_len = 0; attributes.rpc_ck_attribute_array_val = NULL; } else { serialize_rpc_ck_attribute_array(input1, count, &attributes); } #ifdef RPCGEN_MT retval = c_findobjectsinit_3(input0, attributes, &ret, cl); #else pret = c_findobjectsinit_3(input0, attributes, cl); #endif if (count != 0) { free_rpc_ck_attribute_array(&attributes); } assert_rpc { fprintf(stderr, "Error RPC with C_FindObjectsInit\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_FindObjects_C(ck_session_handle_t input0, ck_object_handle_t * output2, unsigned long input1, unsigned long *output3) { #ifdef RPCGEN_MT ck_rv_c_FindObjects ret; enum clnt_stat retval; #else ck_rv_c_FindObjects *pret = NULL; ck_rv_c_FindObjects ret; #endif unsigned int i; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_FindObjects calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_FindObjects) #ifdef RPCGEN_MT retval = c_findobjects_3(input0, input1, &ret, cl); #else pret = c_findobjects_3(input0, input1, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_FindObjects\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif /* P11 compliant, return RET if was called with invalid session */ if (ret.c_FindObjects_rv != CKR_OK) { custom_free((void **)&ret.c_FindObjects_objects.c_FindObjects_objects_val); return ret.c_FindObjects_rv; } /* P11 compliant */ /* TODO: We avoid all possible NULL_PTR dereference, but is it compliant? */ if (output2 == NULL || output3 == NULL) { custom_free((void **)&ret.c_FindObjects_objects.c_FindObjects_objects_val); return CKR_ARGUMENTS_BAD; } *output3 = ret.c_FindObjects_count; for (i = 0; i < *output3; i++) { output2[i] = ret.c_FindObjects_objects.c_FindObjects_objects_val[i]; } custom_free((void **)&ret.c_FindObjects_objects.c_FindObjects_objects_val); return ret.c_FindObjects_rv; } ck_rv_t myC_FindObjectsFinal_C(ck_session_handle_t input0) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_FindObjectsFinal calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_FindObjectsFinal) #ifdef RPCGEN_MT retval = c_findobjectsfinal_3(input0, &ret, cl); #else pret = c_findobjectsfinal_3(input0, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_FindObjectsFinal\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_InitToken_C(ck_slot_id_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *input2) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif opaque_data sopin; opaque_data label; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret /* Sanitize: Check if input1 is NULL: if so, force the length to be zero */ if ((char *)input1 == NULL) { sopin.opaque_data_len = 0; } else { sopin.opaque_data_len = input1_len; } sopin.opaque_data_val = (char *)input1; /* Fixing label_len to 32 as stated by the standard */ label.opaque_data_len = 32; label.opaque_data_val = (char *)input2; #ifdef DEBUG fprintf(stderr, "C_InitToken calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_InitToken) #ifdef RPCGEN_MT retval = c_inittoken_3(input0, sopin, label, &ret, cl); #else pret = c_inittoken_3(input0, sopin, label, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_InitToken\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_Login_C(ck_session_handle_t input0, ck_user_type_t input1, unsigned char *input2, unsigned long input2_len) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif opaque_data pin; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret pin.opaque_data_len = input2_len; pin.opaque_data_val = (char *)input2; #ifdef DEBUG fprintf(stderr, "C_Login calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_Login) #ifdef RPCGEN_MT retval = c_login_3(input0, input1, pin, &ret, cl); #else pret = c_login_3(input0, input1, pin, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_Login\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_Logout_C(ck_session_handle_t input0) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_Logout calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_Logout) #ifdef RPCGEN_MT retval = c_logout_3(input0, &ret, cl); #else pret = c_logout_3(input0, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_Logout\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_InitPIN_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif opaque_data pin; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret /* Sanitize: Check if input1 is NULL: if so, force the length to be zero */ if ((char *)input1 == NULL) { pin.opaque_data_len = 0; } else { pin.opaque_data_len = input1_len; } pin.opaque_data_val = (char *)input1; #ifdef DEBUG fprintf(stderr, "C_InitPIN calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_InitPIN) #ifdef RPCGEN_MT retval = c_initpin_3(input0, pin, &ret, cl); #else pret = c_initpin_3(input0, pin, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_InitPIN\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_SetPIN_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *input2, unsigned long input2_len) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif opaque_data oldpin; opaque_data newpin; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret /* Sanitize: Check if input1 is NULL: if so, force the length to be zero */ if ((char *)input1 == NULL) { oldpin.opaque_data_len = 0; } else { oldpin.opaque_data_len = input1_len; } oldpin.opaque_data_val = (char *)input1; /* Sanitize: Check if input1 is NULL: if so, force the length to be zero */ if ((char *)input2 == NULL) { newpin.opaque_data_len = 0; } else { newpin.opaque_data_len = input2_len; } newpin.opaque_data_val = (char *)input2; #ifdef DEBUG fprintf(stderr, "C_SetPIN calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_SetPIN) #ifdef RPCGEN_MT retval = c_setpin_3(input0, oldpin, newpin, &ret, cl); #else pret = c_setpin_3(input0, oldpin, newpin, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_SetPIN\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_GetAttributeValue_C(ck_session_handle_t input0, ck_object_handle_t input1, struct ck_attribute * input2, unsigned long input3) { #ifdef RPCGEN_MT ck_rv_c_GetAttributeValue ret; enum clnt_stat retval; #else ck_rv_c_GetAttributeValue *pret = NULL; ck_rv_c_GetAttributeValue ret; #endif rpc_ck_attribute_array attributes; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_GetAttributeValue calling, size templ: %lu\n", input3); #endif if (input2 == NULL) { return CKR_ARGUMENTS_BAD; } else { serialize_rpc_ck_attribute_array(input2, input3, &attributes); } #ifdef RPCGEN_MT retval = c_getattributevalue_3(input0, input1, attributes, &ret, cl); #else pret = c_getattributevalue_3(input0, input1, attributes, cl); #endif free_rpc_ck_attribute_array(&attributes); assert_rpc { fprintf(stderr, "Error RPC with C_GetAttributeValue\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif deserialize_rpc_ck_attribute_array(input2, &(ret.c_GetAttributeValue_value), ret.c_GetAttributeValue_rv); return ret.c_GetAttributeValue_rv; } ck_rv_t myC_DigestInit_C(ck_session_handle_t input0, struct ck_mechanism * input1) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif rpc_ck_mechanism mechanism; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_DigestInit calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_DigestInit) custom_sanitize_ck_mechanism(input1); /* Check to make sure we cannot initialize before fetching the result * of a previous crypto call */ if (check_operation_active_in_filtering_list(input0, DIGEST_OP) != NULL) { return CKR_OPERATION_ACTIVE; } serialize_rpc_ck_mechanism(input1, &mechanism); #ifdef RPCGEN_MT retval = c_digestinit_3(input0, mechanism, &ret, cl); #else pret = c_digestinit_3(input0, mechanism, cl); #endif free_rpc_ck_mechanism(&mechanism); assert_rpc { fprintf(stderr, "Error RPC with C_DigestInit\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_Digest_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { #ifdef RPCGEN_MT ck_rv_c_Digest ret; enum clnt_stat retval; #else ck_rv_c_Digest *pret = NULL; ck_rv_c_Digest ret; #endif opaque_data data; /* Remember previous calls */ p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { return CKR_ARGUMENTS_BAD; } #ifdef DEBUG fprintf(stderr, "C_Digest calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_Digest) data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; /* Remember previous calls */ check_linked_list("Digest", DIGEST_OP, input0, input1, input1_len, output2, output2_len); #ifdef RPCGEN_MT retval = c_digest_3(input0, data, &ret, cl); #else pret = c_digest_3(input0, data, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_Digest\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(Digest, DIGEST_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_DigestUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif opaque_data data; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_DigestUpdate calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_DigestUpdate) data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; #ifdef RPCGEN_MT retval = c_digestupdate_3(input0, data, &ret, cl); #else pret = c_digestupdate_3(input0, data, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_DigestUpdate\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_DigestFinal_C(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len) { #ifdef RPCGEN_MT ck_rv_c_DigestFinal ret; enum clnt_stat retval; #else ck_rv_c_DigestFinal *pret = NULL; ck_rv_c_DigestFinal ret; #endif p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_DigestFinal calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_DigestFinal) /* Avoid potential NULL_PTR dereference */ if (output1_len == NULL) { return CKR_ARGUMENTS_BAD; } /* Remember previous calls */ check_linked_list("DigestFinal", DIGEST_FINAL_OP, input0, NULL, 0, output1, output1_len); #ifdef RPCGEN_MT retval = c_digestfinal_3(input0, &ret, cl); #else pret = c_digestfinal_3(input0, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_DigestFinal\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(DigestFinal, DIGEST_FINAL_OP, input0, NULL, 0, output1, output1_len); } ck_rv_t myC_DigestKey_C(ck_session_handle_t input0, ck_object_handle_t input1) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_DigestKey calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_DigestKey) #ifdef RPCGEN_MT retval = c_digestkey_3(input0, input1, &ret, cl); #else pret = c_digestkey_3(input0, input1, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_DigestKey\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_SeedRandom_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif opaque_data data; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_SeedRandom calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_SeedRandom) data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; #ifdef RPCGEN_MT retval = c_seedrandom_3(input0, data, &ret, cl); #else pret = c_seedrandom_3(input0, data, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_SeedRandom\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_GenerateRandom_C(ck_session_handle_t input0, unsigned char *output2, unsigned long output2_len) { #ifdef RPCGEN_MT ck_rv_c_GenerateRandom ret; enum clnt_stat retval; #else ck_rv_c_GenerateRandom *pret = NULL; ck_rv_c_GenerateRandom ret; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_GenerateRandom calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_GenerateRandom) if (output2 == NULL) { return CKR_ARGUMENTS_BAD; } #ifdef RPCGEN_MT retval = c_generaterandom_3(input0, output2_len, &ret, cl); #else pret = c_generaterandom_3(input0, output2_len, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_GenerateRandom\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif memcpy(output2, ret.c_GenerateRandom_data.c_GenerateRandom_data_val, ret.c_GenerateRandom_data.c_GenerateRandom_data_len); custom_free((void **)&ret.c_GenerateRandom_data.c_GenerateRandom_data_val); return ret.c_GenerateRandom_rv; } ck_rv_t myC_SignRecoverInit_C(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif rpc_ck_mechanism mechanism; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_SignRecoverInit calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_SignRecoverInit) custom_sanitize_ck_mechanism(input1); /* Check to make sure we cannot initialize before fetching the result * of a previous crypto call */ if (check_operation_active_in_filtering_list(input0, SIGN_RECOVER_OP) != NULL) { return CKR_OPERATION_ACTIVE; } serialize_rpc_ck_mechanism(input1, &mechanism); #ifdef RPCGEN_MT retval = c_signrecoverinit_3(input0, mechanism, input2, &ret, cl); #else pret = c_signrecoverinit_3(input0, mechanism, input2, cl); #endif free_rpc_ck_mechanism(&mechanism); assert_rpc { fprintf(stderr, "Error RPC with C_SignRecoverInit\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_SignInit_C(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif rpc_ck_mechanism mechanism; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_SignInit calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_SignInit) custom_sanitize_ck_mechanism(input1); /* Check to make sure we cannot initialize before fetching the result * of a previous crypto call */ if (check_operation_active_in_filtering_list(input0, SIGN_OP) != NULL) { return CKR_OPERATION_ACTIVE; } serialize_rpc_ck_mechanism(input1, &mechanism); #ifdef RPCGEN_MT retval = c_signinit_3(input0, mechanism, input2, &ret, cl); #else pret = c_signinit_3(input0, mechanism, input2, cl); #endif free_rpc_ck_mechanism(&mechanism); assert_rpc { fprintf(stderr, "Error RPC with C_SignInit\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_Sign_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { #ifdef RPCGEN_MT ck_rv_c_Sign ret; enum clnt_stat retval; #else ck_rv_c_Sign *pret = NULL; ck_rv_c_Sign ret; #endif opaque_data data; /* Remember previous calls */ p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { return CKR_ARGUMENTS_BAD; } #ifdef DEBUG fprintf(stderr, "C_Sign calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_Sign) data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; /* Remember previous calls */ check_linked_list("Sign", SIGN_OP, input0, input1, input1_len, output2, output2_len); #ifdef RPCGEN_MT retval = c_sign_3(input0, data, &ret, cl); #else pret = c_sign_3(input0, data, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_Sign\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(Sign, SIGN_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_SignUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif opaque_data data; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_SignUpdate calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_SignUpdate) data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; #ifdef RPCGEN_MT retval = c_signupdate_3(input0, data, &ret, cl); #else pret = c_signupdate_3(input0, data, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_SignUpdate\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_SignFinal_C(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len) { #ifdef RPCGEN_MT ck_rv_c_SignFinal ret; enum clnt_stat retval; #else ck_rv_c_SignFinal *pret = NULL; ck_rv_c_SignFinal ret; #endif p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_SignFinal calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_SignFinal) /* Avoid potential NULL_PTR dereference */ if (output1_len == NULL) { return CKR_ARGUMENTS_BAD; } /* Remember previous calls */ check_linked_list("SignFinal", SIGN_FINAL_OP, input0, NULL, 0, output1, output1_len); #ifdef RPCGEN_MT retval = c_signfinal_3(input0, &ret, cl); #else pret = c_signfinal_3(input0, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_SignFinal\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(SignFinal, SIGN_FINAL_OP, input0, NULL, 0, output1, output1_len); } ck_rv_t myC_VerifyRecoverInit_C(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif rpc_ck_mechanism mechanism; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_VerifyRecoverInit calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_VerifyRecoverInit) custom_sanitize_ck_mechanism(input1); /* Check to make sure we cannot initialize before fetching the result * of a previous crypto call */ if (check_operation_active_in_filtering_list(input0, VERIFY_RECOVER_OP) != NULL) { return CKR_OPERATION_ACTIVE; } serialize_rpc_ck_mechanism(input1, &mechanism); #ifdef RPCGEN_MT retval = c_verifyrecoverinit_3(input0, mechanism, input2, &ret, cl); #else pret = c_verifyrecoverinit_3(input0, mechanism, input2, cl); #endif free_rpc_ck_mechanism(&mechanism); assert_rpc { fprintf(stderr, "Error RPC with C_VerifyRecoverInit\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_VerifyInit_C(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif rpc_ck_mechanism mechanism; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_VerifyInit calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_VerifyInit) custom_sanitize_ck_mechanism(input1); serialize_rpc_ck_mechanism(input1, &mechanism); #ifdef RPCGEN_MT retval = c_verifyinit_3(input0, mechanism, input2, &ret, cl); #else pret = c_verifyinit_3(input0, mechanism, input2, cl); #endif free_rpc_ck_mechanism(&mechanism); assert_rpc { fprintf(stderr, "Error RPC with C_VerifyInit\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_Verify_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *input2, unsigned long input2_len) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif opaque_data data; opaque_data signature; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_Verify calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_Verify) data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; signature.opaque_data_len = input2_len; signature.opaque_data_val = (char *)input2; #ifdef RPCGEN_MT retval = c_verify_3(input0, data, signature, &ret, cl); #else pret = c_verify_3(input0, data, signature, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_Verify\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_VerifyUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif opaque_data data; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_VerifyUpdate calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_VerifyUpdate) data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; #ifdef RPCGEN_MT retval = c_verifyupdate_3(input0, data, &ret, cl); #else pret = c_verifyupdate_3(input0, data, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_VerifyUpdate\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_VerifyFinal_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif opaque_data signature; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_VerifyFinal calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_VerifyFinal) signature.opaque_data_len = input1_len; signature.opaque_data_val = (char *)input1; #ifdef RPCGEN_MT retval = c_verifyfinal_3(input0, signature, &ret, cl); #else pret = c_verifyfinal_3(input0, signature, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_VerifyFinal\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_EncryptInit_C(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif rpc_ck_mechanism mechanism; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_EncryptInit calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_EncryptInit) custom_sanitize_ck_mechanism(input1); /* Check to make sure we cannot initialize before fetching the result * of a previous crypto call */ if (check_operation_active_in_filtering_list(input0, ENCRYPT_OP) != NULL) { return CKR_OPERATION_ACTIVE; } serialize_rpc_ck_mechanism(input1, &mechanism); #ifdef RPCGEN_MT retval = c_encryptinit_3(input0, mechanism, input2, &ret, cl); #else pret = c_encryptinit_3(input0, mechanism, input2, cl); #endif free_rpc_ck_mechanism(&mechanism); assert_rpc { fprintf(stderr, "Error RPC with C_EncryptInit\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_Encrypt_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { #ifdef RPCGEN_MT ck_rv_c_Encrypt ret; enum clnt_stat retval; #else ck_rv_c_Encrypt *pret = NULL; ck_rv_c_Encrypt ret; #endif opaque_data data; /* Remember previous calls */ p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { return CKR_ARGUMENTS_BAD; } #ifdef DEBUG fprintf(stderr, "C_Encrypt calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_Encrypt) data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; /* Remember previous calls */ check_linked_list("Encrypt", ENCRYPT_OP, input0, input1, input1_len, output2, output2_len); #ifdef RPCGEN_MT retval = c_encrypt_3(input0, data, &ret, cl); #else pret = c_encrypt_3(input0, data, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_Encrypt\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(Encrypt, ENCRYPT_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_EncryptUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { #ifdef RPCGEN_MT ck_rv_c_EncryptUpdate ret; enum clnt_stat retval; #else ck_rv_c_EncryptUpdate *pret = NULL; ck_rv_c_EncryptUpdate ret; #endif opaque_data data; /* Remember previous calls */ p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { return CKR_ARGUMENTS_BAD; } #ifdef DEBUG fprintf(stderr, "C_EncryptUpdate calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_EncryptUpdate) data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; /* Remember previous calls */ check_linked_list("EncryptUpdate", ENCRYPT_UPDATE_OP, input0, input1, input1_len, output2, output2_len); #ifdef RPCGEN_MT retval = c_encryptupdate_3(input0, data, &ret, cl); #else pret = c_encryptupdate_3(input0, data, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_EncryptUpdate\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(EncryptUpdate, ENCRYPT_UPDATE_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_EncryptFinal_C(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len) { #ifdef RPCGEN_MT ck_rv_c_EncryptFinal ret; enum clnt_stat retval; #else ck_rv_c_EncryptFinal *pret = NULL; ck_rv_c_EncryptFinal ret; #endif p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_EncryptFinal calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_EncryptFinal) /* Avoid potential NULL_PTR dereference */ if (output1_len == NULL) { return CKR_ARGUMENTS_BAD; } /* Remember previous calls */ check_linked_list("EncryptFinal", ENCRYPT_FINAL_OP, input0, NULL, 0, output1, output1_len); #ifdef RPCGEN_MT retval = c_encryptfinal_3(input0, &ret, cl); #else pret = c_encryptfinal_3(input0, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_EncryptFinal\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(EncryptFinal, ENCRYPT_FINAL_OP, input0, NULL, 0, output1, output1_len); } ck_rv_t myC_DecryptInit_C(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif rpc_ck_mechanism mechanism; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_DecryptInit calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_DecryptInit) custom_sanitize_ck_mechanism(input1); /* Check to make sure we cannot initialize before fetching the result * of a previous crypto call */ if (check_operation_active_in_filtering_list(input0, DECRYPT_OP) != NULL) { return CKR_OPERATION_ACTIVE; } serialize_rpc_ck_mechanism(input1, &mechanism); #ifdef RPCGEN_MT retval = c_decryptinit_3(input0, mechanism, input2, &ret, cl); #else pret = c_decryptinit_3(input0, mechanism, input2, cl); #endif free_rpc_ck_mechanism(&mechanism); assert_rpc { fprintf(stderr, "Error RPC with C_DecryptInit\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_Decrypt_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { #ifdef RPCGEN_MT ck_rv_c_Decrypt ret; enum clnt_stat retval; #else ck_rv_c_Decrypt *pret = NULL; ck_rv_c_Decrypt ret; #endif opaque_data data; /* Remember previous calls */ p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { return CKR_ARGUMENTS_BAD; } #ifdef DEBUG fprintf(stderr, "C_Decrypt calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_Decrypt) data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; /* Remember previous calls */ check_linked_list("Decrypt", DECRYPT_OP, input0, input1, input1_len, output2, output2_len); #ifdef RPCGEN_MT retval = c_decrypt_3(input0, data, &ret, cl); #else pret = c_decrypt_3(input0, data, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_Decrypt\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(Decrypt, DECRYPT_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_DecryptUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { #ifdef RPCGEN_MT ck_rv_c_DecryptUpdate ret; enum clnt_stat retval; #else ck_rv_c_DecryptUpdate *pret = NULL; ck_rv_c_DecryptUpdate ret; #endif opaque_data data; /* Remember previous calls */ p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { return CKR_ARGUMENTS_BAD; } #ifdef DEBUG fprintf(stderr, "C_DecryptUpdate calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_DecryptUpdate) data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; /* Remember previous calls */ check_linked_list("DecryptUpdate", DECRYPT_UPDATE_OP, input0, input1, input1_len, output2, output2_len); #ifdef RPCGEN_MT retval = c_decryptupdate_3(input0, data, &ret, cl); #else pret = c_decryptupdate_3(input0, data, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_DecryptUpdate\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(DecryptUpdate, DECRYPT_UPDATE_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_DecryptFinal_C(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len) { #ifdef RPCGEN_MT ck_rv_c_DecryptFinal ret; enum clnt_stat retval; #else ck_rv_c_DecryptFinal *pret = NULL; ck_rv_c_DecryptFinal ret; #endif p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_DecryptFinal calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_DecryptFinal) /* Avoid potential NULL_PTR dereference */ if (output1_len == NULL) { return CKR_ARGUMENTS_BAD; } /* Remember previous calls */ check_linked_list("DecryptFinal", DECRYPT_FINAL_OP, input0, NULL, 0, output1, output1_len); #ifdef RPCGEN_MT retval = c_decryptfinal_3(input0, &ret, cl); #else pret = c_decryptfinal_3(input0, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_DecryptFinal\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(DecryptFinal, DECRYPT_FINAL_OP, input0, NULL, 0, output1, output1_len); } ck_rv_t myC_SetAttributeValue_C(ck_session_handle_t input0, ck_object_handle_t input1, CK_ATTRIBUTE * input2, unsigned long count) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif rpc_ck_attribute_array attributes; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_SetAttributeValue calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_SetAttributeValue) if (input2 == NULL) { return CKR_ARGUMENTS_BAD; } else { serialize_rpc_ck_attribute_array(input2, count, &attributes); } #ifdef RPCGEN_MT retval = c_setattributevalue_3(input0, input1, attributes, &ret, cl); #else pret = c_setattributevalue_3(input0, input1, attributes, cl); #endif free_rpc_ck_attribute_array(&attributes); assert_rpc { fprintf(stderr, "Error RPC with C_SetAttributeValue\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_GetObjectSize_C(ck_session_handle_t input0, ck_object_handle_t input1, unsigned long *output2) { #ifdef RPCGEN_MT ck_rv_c_GetObjectSize ret; enum clnt_stat retval; #else ck_rv_c_GetObjectSize *pret = NULL; ck_rv_c_GetObjectSize ret; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_GetObjectSize calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_GetObjectSize) #ifdef RPCGEN_MT retval = c_getobjectsize_3(input0, input1, &ret, cl); #else pret = c_getobjectsize_3(input0, input1, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_GetObjectSize\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif *output2 = ret.c_GetObjectSize_size; return ret.c_GetObjectSize_rv; } ck_rv_t myC_GetOperationState_C(ck_session_handle_t input0, unsigned char *output1, unsigned long *output1_len) { #ifdef RPCGEN_MT ck_rv_c_GetOperationState ret; enum clnt_stat retval; #else ck_rv_c_GetOperationState *pret = NULL; ck_rv_c_GetOperationState ret; #endif p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_GetOperationState calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_GetOperationState) /* Avoid potential NULL_PTR dereference */ if (output1_len == NULL) { return CKR_ARGUMENTS_BAD; } /* Remember previous calls */ check_linked_list("GetOperationState", GETOPERATION_STATE_OP, input0, NULL, 0, output1, output1_len); #ifdef RPCGEN_MT retval = c_getoperationstate_3(input0, &ret, cl); #else pret = c_getoperationstate_3(input0, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_GetOperationState\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(GetOperationState, GETOPERATION_STATE_OP, input0, NULL, 0, output1, output1_len); } ck_rv_t myC_SetOperationState_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, ck_object_handle_t input2, ck_object_handle_t input3) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif opaque_data state; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_SetOperationState calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_SetOperationState) state.opaque_data_len = input1_len; state.opaque_data_val = (char *)input1; #ifdef RPCGEN_MT retval = c_setoperationstate_3(input0, state, input2, input3, &ret, cl); #else pret = c_setoperationstate_3(input0, state, input2, input3, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_SetOperationState\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_WrapKey_C(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2, ck_object_handle_t input3, unsigned char *output4, unsigned long *output4_len) { #ifdef RPCGEN_MT ck_rv_c_WrapKey ret; enum clnt_stat retval; #else ck_rv_c_WrapKey *pret = NULL; ck_rv_c_WrapKey ret; #endif rpc_ck_mechanism mechanism; p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_WrapKey calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_WrapKey) custom_sanitize_ck_mechanism(input1); serialize_rpc_ck_mechanism(input1, &mechanism); /* Avoid potential NULL_PTR dereference */ if (output4_len == NULL) { return CKR_ARGUMENTS_BAD; } /* Remember previous calls */ check_linked_list("WrapKey", WRAPKEY_OP, input0, NULL, 0, output4, output4_len); #ifdef RPCGEN_MT retval = c_wrapkey_3(input0, mechanism, input2, input3, &ret, cl); #else pret = c_wrapkey_3(input0, mechanism, input2, input3, cl); #endif free_rpc_ck_mechanism(&mechanism); assert_rpc { fprintf(stderr, "Error RPC with C_WrapKey\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(WrapKey, WRAPKEY_OP, input0, NULL, 0, output4, output4_len); } ck_rv_t myC_UnwrapKey_C(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2, unsigned char *input3, unsigned long input3_len, CK_ATTRIBUTE * input4, unsigned long count, ck_object_handle_t * output5) { #ifdef RPCGEN_MT ck_rv_c_UnwrapKey ret; enum clnt_stat retval; #else ck_rv_c_UnwrapKey *pret = NULL; ck_rv_c_UnwrapKey ret; #endif rpc_ck_mechanism mechanism; rpc_ck_attribute_array attributes; opaque_data wrapped_key; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_UnwrapKey calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_UnwrapKey) custom_sanitize_ck_mechanism(input1); serialize_rpc_ck_mechanism(input1, &mechanism); serialize_rpc_ck_attribute_array(input4, count, &attributes); wrapped_key.opaque_data_len = input3_len; wrapped_key.opaque_data_val = (char *)input3; #ifdef RPCGEN_MT retval = c_unwrapkey_3(input0, mechanism, input2, wrapped_key, attributes, &ret, cl); #else pret = c_unwrapkey_3(input0, mechanism, input2, wrapped_key, attributes, cl); #endif free_rpc_ck_mechanism(&mechanism); free_rpc_ck_attribute_array(&attributes); assert_rpc { fprintf(stderr, "Error RPC with C_WrapKey\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif *output5 = ret.c_UnwrapKey_handle; return ret.c_UnwrapKey_rv; } ck_rv_t myC_DeriveKey_C(ck_session_handle_t input0, struct ck_mechanism * input1, ck_object_handle_t input2, CK_ATTRIBUTE * input3, unsigned long count, ck_object_handle_t * output4) { #ifdef RPCGEN_MT ck_rv_c_DeriveKey ret; enum clnt_stat retval; #else ck_rv_c_DeriveKey *pret = NULL; ck_rv_c_DeriveKey ret; #endif rpc_ck_mechanism mechanism; rpc_ck_attribute_array attributes; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_DeriveKey calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_DeriveKey) custom_sanitize_ck_mechanism(input1); serialize_rpc_ck_mechanism(input1, &mechanism); serialize_rpc_ck_attribute_array(input3, count, &attributes); #ifdef RPCGEN_MT retval = c_derivekey_3(input0, mechanism, input2, attributes, &ret, cl); #else pret = c_derivekey_3(input0, mechanism, input2, attributes, cl); #endif free_rpc_ck_mechanism(&mechanism); free_rpc_ck_attribute_array(&attributes); assert_rpc { fprintf(stderr, "Error RPC with C_DeriveKey\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif *output4 = ret.c_DeriveKey_handle; return ret.c_DeriveKey_rv; } ck_rv_t myC_GenerateKey_C(ck_session_handle_t input0, struct ck_mechanism * input1, CK_ATTRIBUTE * input2, unsigned long count, ck_object_handle_t * output3) { #ifdef RPCGEN_MT ck_rv_c_GenerateKey ret; enum clnt_stat retval; #else ck_rv_c_GenerateKey *pret = NULL; ck_rv_c_GenerateKey ret; #endif rpc_ck_mechanism mechanism; rpc_ck_attribute_array attributes; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_GenerateKey calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_GenerateKey) custom_sanitize_ck_mechanism(input1); serialize_rpc_ck_mechanism(input1, &mechanism); serialize_rpc_ck_attribute_array(input2, count, &attributes); #ifdef RPCGEN_MT retval = c_generatekey_3(input0, mechanism, attributes, &ret, cl); #else pret = c_generatekey_3(input0, mechanism, attributes, cl); #endif free_rpc_ck_mechanism(&mechanism); free_rpc_ck_attribute_array(&attributes); assert_rpc { fprintf(stderr, "Error RPC with C_GenerateKey\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif *output3 = ret.c_GenerateKey_handle; return ret.c_GenerateKey_rv; } ck_rv_t myC_GenerateKeyPair_C(ck_session_handle_t input0, struct ck_mechanism * input1, CK_ATTRIBUTE * input2, unsigned long count, CK_ATTRIBUTE * input3, unsigned long count2, ck_object_handle_t * output4, ck_object_handle_t * output5) { #ifdef RPCGEN_MT ck_rv_c_GenerateKeyPair ret; enum clnt_stat retval; #else ck_rv_c_GenerateKeyPair *pret = NULL; ck_rv_c_GenerateKeyPair ret; #endif rpc_ck_mechanism mechanism; rpc_ck_attribute_array pub_attributes; rpc_ck_attribute_array priv_attributes; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_GenerateKeyPairPair calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_GenerateKeyPairPair) custom_sanitize_ck_mechanism(input1); serialize_rpc_ck_mechanism(input1, &mechanism); serialize_rpc_ck_attribute_array(input2, count, &pub_attributes); serialize_rpc_ck_attribute_array(input3, count2, &priv_attributes); #ifdef RPCGEN_MT retval = c_generatekeypair_3(input0, mechanism, pub_attributes, priv_attributes, &ret, cl); #else pret = c_generatekeypair_3(input0, mechanism, pub_attributes, priv_attributes, cl); #endif free_rpc_ck_mechanism(&mechanism); free_rpc_ck_attribute_array(&pub_attributes); free_rpc_ck_attribute_array(&priv_attributes); assert_rpc { fprintf(stderr, "Error RPC with C_GenerateKeyPair\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif *output4 = ret.c_GenerateKeyPair_pubhandle; *output5 = ret.c_GenerateKeyPair_privhandle; return ret.c_GenerateKeyPair_rv; } ck_rv_t myC_CreateObject_C(ck_session_handle_t input0, CK_ATTRIBUTE * input1, unsigned long count, ck_object_handle_t * output2) { #ifdef RPCGEN_MT ck_rv_c_CreateObject ret; enum clnt_stat retval; #else ck_rv_c_CreateObject *pret = NULL; ck_rv_c_CreateObject ret; #endif rpc_ck_attribute_array attributes; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_CreateObject calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_CreateObject) serialize_rpc_ck_attribute_array(input1, count, &attributes); #ifdef RPCGEN_MT retval = c_createobject_3(input0, attributes, &ret, cl); #else pret = c_createobject_3(input0, attributes, cl); #endif free_rpc_ck_attribute_array(&attributes); assert_rpc { fprintf(stderr, "Error RPC with C_CopyObject\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif *output2 = ret.c_CreateObject_handle; return ret.c_CreateObject_rv; } ck_rv_t myC_CopyObject_C(ck_session_handle_t input0, ck_object_handle_t input1, CK_ATTRIBUTE * input2, unsigned long count, ck_object_handle_t * output3) { #ifdef RPCGEN_MT ck_rv_c_CopyObject ret; enum clnt_stat retval; #else ck_rv_c_CopyObject *pret = NULL; ck_rv_c_CopyObject ret; #endif rpc_ck_attribute_array attributes; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_CopyObject calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_CopyObject) serialize_rpc_ck_attribute_array(input2, count, &attributes); #ifdef RPCGEN_MT retval = c_copyobject_3(input0, input1, attributes, &ret, cl); #else pret = c_copyobject_3(input0, input1, attributes, cl); #endif free_rpc_ck_attribute_array(&attributes); assert_rpc { fprintf(stderr, "Error RPC with C_CopyObject\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif *output3 = ret.c_CopyObject_handle; return ret.c_CopyObject_rv; } ck_rv_t myC_DestroyObject_C(ck_session_handle_t input0, ck_object_handle_t input1) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_DestroyObject calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_DestroyObject) #ifdef RPCGEN_MT retval = c_destroyobject_3(input0, input1, &ret, cl); #else pret = c_destroyobject_3(input0, input1, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_DestroyObject\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_GetFunctionStatus_C(ck_session_handle_t input0) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_GetFunctionStatus calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_GetFunctionStatus) #ifdef RPCGEN_MT retval = c_getfunctionstatus_3(input0, &ret, cl); #else pret = c_getfunctionstatus_3(input0, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_GetFunctionStatus\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_CancelFunction_C(ck_session_handle_t input0) { #ifdef RPCGEN_MT rpc_ck_rv_t ret; enum clnt_stat retval; #else rpc_ck_rv_t ret; rpc_ck_rv_t *pret = NULL; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_CancelFunction calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_CancelFunction) #ifdef RPCGEN_MT retval = c_cancelfunction_3(input0, &ret, cl); #else pret = c_cancelfunction_3(input0, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_CancelFunction\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif return ret; } ck_rv_t myC_WaitForSlotEvent_C(ck_flags_t input0, ck_slot_id_t * output1, void *reserved) { #ifdef RPCGEN_MT ck_rv_c_WaitForSlotEvent ret; enum clnt_stat retval; #else ck_rv_c_WaitForSlotEvent *pret = NULL; ck_rv_c_WaitForSlotEvent ret; #endif /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_WaitForSlotEvent calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_WaitForSlotEvent) /* P11 compliant */ if (reserved != NULL) { return CKR_ARGUMENTS_BAD; } #ifdef RPCGEN_MT retval = c_waitforslotevent_3(input0, &ret, cl); #else pret = c_waitforslotevent_3(input0, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_WaitForSlotEvent\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif *output1 = ret.c_WaitForSlotEvent_count; return ret.c_WaitForSlotEvent_rv; } ck_rv_t myC_VerifyRecover_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { #ifdef RPCGEN_MT ck_rv_c_VerifyRecover ret; enum clnt_stat retval; #else ck_rv_c_VerifyRecover *pret = NULL; ck_rv_c_VerifyRecover ret; #endif opaque_data data; p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_VerifyRecover calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_VerifyRecover) /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { return CKR_ARGUMENTS_BAD; } /* Remember previous calls */ check_linked_list("VerifyRecover", VERIFY_RECOVER_OP, input0, input1, input1_len, output2, output2_len); data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; #ifdef RPCGEN_MT retval = c_verifyrecover_3(input0, data, &ret, cl); #else pret = c_verifyrecover_3(input0, data, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_VerifyRecover\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(VerifyRecover, VERIFY_RECOVER_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_SignRecover_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { #ifdef RPCGEN_MT ck_rv_c_SignRecover ret; enum clnt_stat retval; #else ck_rv_c_SignRecover *pret = NULL; ck_rv_c_SignRecover ret; #endif opaque_data data; p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_SignRecover calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_SignRecover) /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { return CKR_ARGUMENTS_BAD; } /* Remember previous calls */ check_linked_list("SignRecover", SIGN_RECOVER_OP, input0, input1, input1_len, output2, output2_len); data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; #ifdef RPCGEN_MT retval = c_signrecover_3(input0, data, &ret, cl); #else pret = c_signrecover_3(input0, data, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_SignRecover\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(SignRecover, SIGN_RECOVER_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_DigestEncryptUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { #ifdef RPCGEN_MT ck_rv_c_DigestEncryptUpdate ret; enum clnt_stat retval; #else ck_rv_c_DigestEncryptUpdate *pret = NULL; ck_rv_c_DigestEncryptUpdate ret; #endif opaque_data data; p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_DigestEncryptUpdate calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_DigestEncryptUpdate) /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { return CKR_ARGUMENTS_BAD; } /* Remember previous calls */ check_linked_list("DigestEncryptUpdate", DIGEST_ENCRYPT_UPDATE_OP, input0, input1, input1_len, output2, output2_len); data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; #ifdef RPCGEN_MT retval = c_digestencryptupdate_3(input0, data, &ret, cl); #else pret = c_digestencryptupdate_3(input0, data, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_DigestEncryptUpdate\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(DigestEncryptUpdate, DIGEST_ENCRYPT_UPDATE_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_SignEncryptUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { #ifdef RPCGEN_MT ck_rv_c_SignEncryptUpdate ret; enum clnt_stat retval; #else ck_rv_c_SignEncryptUpdate *pret = NULL; ck_rv_c_SignEncryptUpdate ret; #endif opaque_data data; p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_SignEncryptUpdate calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_SignEncryptUpdate) /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { return CKR_ARGUMENTS_BAD; } /* Remember previous calls */ check_linked_list("SignEncryptUpdate", SIGN_ENCRYPT_UPDATE_OP, input0, input1, input1_len, output2, output2_len); data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; #ifdef RPCGEN_MT retval = c_signencryptupdate_3(input0, data, &ret, cl); #else pret = c_signencryptupdate_3(input0, data, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_SignEncryptUpdate\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(SignEncryptUpdate, SIGN_ENCRYPT_UPDATE_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_DecryptDigestUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { #ifdef RPCGEN_MT ck_rv_c_DecryptDigestUpdate ret; enum clnt_stat retval; #else ck_rv_c_DecryptDigestUpdate *pret = NULL; ck_rv_c_DecryptDigestUpdate ret; #endif opaque_data data; p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_DecryptDigestUpdate calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_DecryptDigestUpdate) /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { return CKR_ARGUMENTS_BAD; } /* Remember previous calls */ check_linked_list("DecryptDigestUpdate", DECRYPT_DIGEST_UPDATE_OP, input0, input1, input1_len, output2, output2_len); data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; #ifdef RPCGEN_MT retval = c_decryptdigestupdate_3(input0, data, &ret, cl); #else pret = c_decryptdigestupdate_3(input0, data, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_DecryptDigestUpdate\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(DecryptDigestUpdate, DECRYPT_DIGEST_UPDATE_OP, input0, input1, input1_len, output2, output2_len); } ck_rv_t myC_DecryptVerifyUpdate_C(ck_session_handle_t input0, unsigned char *input1, unsigned long input1_len, unsigned char *output2, unsigned long *output2_len) { #ifdef RPCGEN_MT ck_rv_c_DecryptVerifyUpdate ret; enum clnt_stat retval; #else ck_rv_c_DecryptVerifyUpdate *pret = NULL; ck_rv_c_DecryptVerifyUpdate ret; #endif opaque_data data; p11_request_struct *elem; /* init_ret macro memset() the ret structure only in MT RPC case */ init_ret #ifdef DEBUG fprintf(stderr, "C_DecryptVerifyUpdate calling\n"); #endif /* Check status of RPC */ check_rpc_status(C_DecryptVerifyUpdate) /* Avoid potential NULL_PTR dereference */ if (output2_len == NULL) { return CKR_ARGUMENTS_BAD; } /* Remember previous calls */ check_linked_list("DecryptVerifyUpdate", DECRYPT_VERIFY_UPDATE_OP, input0, input1, input1_len, output2, output2_len); data.opaque_data_len = input1_len; data.opaque_data_val = (char *)input1; #ifdef RPCGEN_MT retval = c_decryptverifyupdate_3(input0, data, &ret, cl); #else pret = c_decryptverifyupdate_3(input0, data, cl); #endif assert_rpc { fprintf(stderr, "Error RPC with C_DecryptVerifyUpdate\n"); return -1; } #ifndef RPCGEN_MT /* Not done in MT code because ret is already available (*pret is check by assert) */ ret = *pret; #endif handle_linked_list(DecryptVerifyUpdate, DECRYPT_VERIFY_UPDATE_OP, input0, input1, input1_len, output2, output2_len); return ret.c_DecryptVerifyUpdate_rv; } caml-crush-1.0.12/src/client-lib/modwrap_crpc_ssl.c000066400000000000000000000643231414774042300221650ustar00rootroot00000000000000/*------------------------ MIT License HEADER ------------------------------------ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the client library 5] source tree: -------------------- | 5] Client library | | -------- | | | | PKCS#11 | | | |functions| | -------- | -------------------- | | { PKCS#11 INTERFACE } | APPLICATION Project: PKCS#11 Filtering Proxy File: src/client-lib/modwrap_crpc_ssl.c -------------------------- MIT License HEADER ----------------------------------*/ #define GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) #ifdef WITH_SSL #include "modwrap.h" /* Init global paths to certificates depending on the configured strategy */ #ifdef SSL_FILES_PATH const char ca_file_path[] = PKCS11PROXY_CA_FILE; const char cert_file_path[] = PKCS11PROXY_CERT_FILE; const char private_key_path[] = PKCS11PROXY_PRIVKEY_FILE; #elif defined(SSL_FILES_ENV) const char *ca_file_path; const char *cert_file_path; const char *private_key_path; #elif defined(SSL_FILES_EMBED) /* These include files contain the certificates and the private key to use for ssl */ #include "ca_file.h" #include "cert_file.h" #include "private_key_file.h" #ifdef SSL_SERVER_FILES_EMBED #include "server_file.h" #endif #ifdef GNU_TLS /* Embedded GnuTLS data */ gnutls_datum_t ca_file_mem[CA_CERTS_NB]; gnutls_datum_t cert_file_mem; gnutls_datum_t private_key_file_mem; #else /* Embedded OpenSSL data */ /* CA_CERTS_NB is defined in the ca_file.h file */ BIO *ca_file_mem_bio[CA_CERTS_NB]; BIO *cert_file_mem_bio; BIO *private_key_file_mem_bio; X509 *ca_file_mem[CA_CERTS_NB]; X509 *cert_file_mem; RSA *private_key_file_mem; #endif #else #error WITH_SSL but no method were found to provide certificates #endif #if defined(SSL_SERVER_FILES_EMBED) /* Check if a given certificate is in a list of certificates */ #ifdef GNU_TLS /* GnuTLS case */ unsigned char is_certificate_in_list(gnutls_datum_t* cert, const char* cert_pem_list[], int cert_pem_list_num); unsigned char is_certificate_in_list(gnutls_datum_t* cert, const char* cert_pem_list[], int cert_pem_list_num){ /* In order to compare certificates, we compare their DER representation */ int i; for(i=0; isize){ if(memcmp(tmp_cert_der.data, cert->data, cert->size) == 0){ /* We have found a good certificate */ free(tmp_cert_der.data); return 1; } } gnutls_free(tmp_cert_der.data); } return 0; } #else /* OpenSSL case: we have a X59 internal structure to be compared with PEM files */ unsigned char is_certificate_in_list(X509* cert, const char* cert_pem_list[], int cert_pem_list_num); unsigned char is_certificate_in_list(X509* cert, const char* cert_pem_list[], int cert_pem_list_num){ /* In order to compare certificates, we compare their DER representation */ int i, len; unsigned char *buf, *cert_der; /* X509 to DER */ len = i2d_X509(cert, NULL); buf = OPENSSL_malloc(len); if(buf == NULL){ printf("Error when comparing allowed server certificate: client certificate X509 to DER failed \n"); return 0; } cert_der = buf; i2d_X509(cert, &buf); for(i=0; icl_private; xdrrec_create(&(ct->ct_xdrs), 0, 0, (caddr_t) ct, readnet, writenet); } #ifdef WIN32 /* In the Windows case, use native WIN32 API */ int readnet(char *ctptr, char *buf, int len) { fd_set mask; fd_set readfds; struct ct_data *ct = (struct ct_data *)ctptr; #ifdef DEBUG fprintf(stderr, "client: overriding readtcp, len = %d\n", len); #endif if (len == 0) return 0; FD_ZERO(&mask); FD_SET(ct->ct_sock, &mask); while (TRUE) { readfds = mask; switch (select(0 /* unused in winsock */, &readfds, NULL, NULL, &(ct->ct_wait))) { case 0: ct->ct_error.re_status = RPC_TIMEDOUT; return -1; case -1: if (WSAerrno == EINTR) continue; ct->ct_error.re_status = RPC_CANTRECV; ct->ct_error.re_errno = WSAerrno; return -1; } break; } #ifdef GNU_TLS /* Perform the actual read using GnuTLS, which will read * one TLS "record", which is hopefully a complete message. */ len = gnutls_record_recv(gnutls_global_session, buf, len); #else len = SSL_read(ssl, buf, len); #endif switch (len) { case 0: /* premature eof */ ct->ct_error.re_errno = WSAECONNRESET; ct->ct_error.re_status = RPC_CANTRECV; len = -1; /* it's really an error */ break; case -1: ct->ct_error.re_errno = WSAerrno; ct->ct_error.re_status = RPC_CANTRECV; break; } return len; } #else /* *NIX case */ int readnet(char *ctptr, char *buf, int len) { struct ct_data *ct = (struct ct_data *)ctptr; struct pollfd fd; int milliseconds = (ct->ct_wait.tv_sec * 1000) + (ct->ct_wait.tv_usec / 1000); #ifdef DEBUG fprintf(stderr, "client: overriding readtcp, len = %d\n", len); #endif if (len == 0) return 0; /* The poll here is copied from the original readtcp. It's * to allow the RPC layer to implement a timeout. */ fd.fd = ct->ct_sock; fd.events = POLLIN; while (TRUE) { switch (poll(&fd, 1, milliseconds)) { case 0: ct->ct_error.re_status = RPC_TIMEDOUT; return -1; case -1: if (errno == EINTR) continue; ct->ct_error.re_status = RPC_CANTRECV; ct->ct_error.re_errno = errno; return -1; } break; } #ifdef GNU_TLS /* Perform the actual read using GnuTLS, which will read * one TLS "record", which is hopefully a complete message. */ len = gnutls_record_recv(gnutls_global_session, buf, len); #else len = SSL_read(ssl, buf, len); #endif switch (len) { case 0: /* premature eof */ ct->ct_error.re_errno = ECONNRESET; ct->ct_error.re_status = RPC_CANTRECV; len = -1; /* it's really an error */ break; case -1: ct->ct_error.re_errno = errno; ct->ct_error.re_status = RPC_CANTRECV; break; } return len; } #endif /* end switch between WIN32 and non WIN32 */ /* The writing SSL override is the same for WIN32 and * *NIX cases */ int writenet(char *ctptr, char *buf, int len) { struct ct_data *ct = (struct ct_data *)ctptr; #ifdef DEBUG fprintf(stderr, "client: overriding writetcp, len = %d\n", len); #endif #ifdef GNU_TLS if (gnutls_record_send(gnutls_global_session, buf, len) < 0) { #else if (SSL_write(ssl, buf, len) <= 0) { #endif ct->ct_error.re_errno = errno; ct->ct_error.re_status = RPC_CANTSEND; return -1; } return len; } #endif /* end of SSL case where we override read and write functions */ /* A very basic TLS client, with X.509 authentication. */ #ifdef GNU_TLS int start_gnutls(int sock) { int ret; const char *err; unsigned certslen = 0; const gnutls_datum_t *certs; unsigned status = (unsigned)-1; #ifdef SSL_FILES_EMBED int i; #endif gnutls_global_session_allocated = xcred_allocated = 0; gnutls_global_init(); /* X509 stuff */ gnutls_certificate_allocate_credentials(&xcred); xcred_allocated = 1; /* Call our custom certificate lookup function */ ret = provision_certificates(); if (ret != 0) { return ret; } #ifdef SSL_FILES_EMBED for (i = 0; i < CA_CERTS_NB; i++) { ret = gnutls_certificate_set_x509_trust_mem(xcred, &ca_file_mem[i], GNUTLS_X509_FMT_PEM); if (ret < 0) { fprintf(stderr, "*** failed\n"); gnutls_perror(ret); return ret; } } #else /* sets the trusted cas file */ ret = gnutls_certificate_set_x509_trust_file(xcred, ca_file_path, GNUTLS_X509_FMT_PEM); if (ret < 0) { fprintf(stderr, "*** failed\n"); gnutls_perror(ret); return ret; } #endif #ifdef SSL_FILES_EMBED ret = gnutls_certificate_set_x509_key_mem(xcred, &cert_file_mem, &private_key_file_mem, GNUTLS_X509_FMT_PEM); #else /* sets the client cert/key cas file */ ret = gnutls_certificate_set_x509_key_file(xcred, cert_file_path, private_key_path, GNUTLS_X509_FMT_PEM); #endif if (ret < 0) { fprintf(stderr, "*** failed\n"); gnutls_perror(ret); return ret; } /* Initialize TLS session */ gnutls_init(&gnutls_global_session, GNUTLS_CLIENT); gnutls_global_session_allocated = 1; /* Use default priorities */ ret = gnutls_priority_set_direct(gnutls_global_session, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2", &err); if (ret < 0) { if (ret == GNUTLS_E_INVALID_REQUEST) { fprintf(stderr, "Syntax error at: %s\n", err); } return ret; } /* put the x509 credentials to the current session */ gnutls_credentials_set(gnutls_global_session, GNUTLS_CRD_CERTIFICATE, xcred); /* connect to the peer with previous socket */ gnutls_transport_set_ptr(gnutls_global_session, (gnutls_transport_ptr_t) (long)sock); /* Perform the TLS handshake */ ret = gnutls_handshake(gnutls_global_session); if (ret < 0) { fprintf(stderr, "*** Handshake failed\n"); gnutls_perror(ret); return ret; } #ifdef DEBUG fprintf(stderr, "- Handshake was completed\n"); /* XXX You need to verify the peer's certificate matches its name. */ fprintf(stderr, "XXX need to verify peer's certificate matches its name.\n"); #endif /* * Obtain the server certificate chain. The server certificate * itself is stored in the first element of the array. */ certs = gnutls_certificate_get_peers(gnutls_global_session, &certslen); if (certs == NULL || certslen == 0) { fprintf(stderr, "error: could not obtain peer certificate\n"); return -1; } /* Validate the certificate chain. */ ret = gnutls_certificate_verify_peers2(gnutls_global_session, &status); if (ret != GNUTLS_E_SUCCESS) { fprintf(stderr, "error: gnutls_certificate_verify_peers2: %s\n", gnutls_strerror(ret)); return -1; } #ifdef SSL_SERVER_FILES_EMBED /* We have to check the provided authorized server certificates */ if(is_certificate_in_list((gnutls_datum_t*)&certs[0], server_file_buff, SERVER_CERTS_NB) == 0){ fprintf(stderr, "SSL_connect error: peer server certificate is not in the allowed list!\n"); return -1; } #endif /* Print session info. */ #ifdef DEBUG print_info(gnutls_global_session); #endif return 0; } /* Destroy GNU_TLS SSL context */ int purge_gnutls(void) { if(gnutls_global_session_allocated == 1){ gnutls_bye(gnutls_global_session, GNUTLS_SHUT_RDWR); gnutls_deinit(gnutls_global_session); } if(xcred_allocated == 1){ gnutls_certificate_free_credentials(xcred); } gnutls_global_deinit(); return 0; } #ifdef DEBUG #ifdef __GNUC__ /* Locally remove the gcc warning about unused function */ /* (we leave the code for potential debug purpose) */ __attribute__ ((used)) static void tls_log_func(int level, const char *str) #else static void tls_log_func(int level, const char *str) #endif { fprintf(stderr, "|<%d>| %s", level, str); } #endif /* This is an informational function which prints details of the GnuTLS * session. */ void print_info(gnutls_session_t gsession) { const char *tmp; gnutls_credentials_type_t cred; gnutls_kx_algorithm_t kx; /* print the key exchange's algorithm name */ kx = gnutls_kx_get(gsession); tmp = gnutls_kx_get_name(kx); fprintf(stderr, "- Key Exchange: %s\n", tmp); /* Check the authentication type used and switch * to the appropriate. */ cred = gnutls_auth_get_type(gsession); switch (cred) { case GNUTLS_CRD_SRP: fprintf(stderr, "- SRP session with username \n"); /* The following function has gone walkies in my version of GnuTLS: * gnutls_srp_server_get_username (gsession); */ break; case GNUTLS_CRD_ANON: /* anonymous authentication */ fprintf(stderr, "- Anonymous DH using prime of %d bits\n", gnutls_dh_get_prime_bits(gsession)); break; case GNUTLS_CRD_CERTIFICATE: /* certificate authentication */ /* Check if we have been using ephemeral Diffie Hellman. */ if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) { fprintf(stderr, "\n- Ephemeral DH using prime of %d bits\n", gnutls_dh_get_prime_bits(gsession)); } /* if the certificate list is available, then * print some information about it. */ /* print_x509_certificate_info (gsession); */ case GNUTLS_CRD_PSK: fprintf(stderr, "- PSK\n"); break; case GNUTLS_CRD_IA: fprintf(stderr, "- IA\n"); break; } /* switch */ /* print the protocol's name (ie TLS 1.0) */ tmp = gnutls_protocol_get_name(gnutls_protocol_get_version(gsession)); fprintf(stderr, "- Protocol: %s\n", tmp); /* print the certificate type of the peer. * ie X.509 */ tmp = gnutls_certificate_type_get_name(gnutls_certificate_type_get(gsession)); fprintf(stderr, "- Certificate Type: %s\n", tmp); /* print the compression algorithm (if any) */ tmp = gnutls_compression_get_name(gnutls_compression_get(gsession)); fprintf(stderr, "- Compression: %s\n", tmp); /* print the name of the cipher used. * ie 3DES. */ tmp = gnutls_cipher_get_name(gnutls_cipher_get(gsession)); fprintf(stderr, "- Cipher: %s\n", tmp); /* Print the MAC algorithms name. * ie SHA1 */ tmp = gnutls_mac_get_name(gnutls_mac_get(gsession)); fprintf(stderr, "- MAC: %s\n", tmp); } #endif #if defined(WITH_SSL) && !defined(GNU_TLS) int start_openssl(int sock) { int ret; int verifystatus; X509 *peercert; #ifdef SSL_FILES_EMBED int i; X509_STORE *openssl_store; #endif #if OPENSSL_VERSION_NUMBER < 0x10100000L /* Deprecated in openssl >= 1.1.0 */ SSL_load_error_strings(); SSL_library_init(); #else OPENSSL_init_ssl(0, NULL); #endif ERR_load_BIO_strings(); OpenSSL_add_all_algorithms(); #if OPENSSL_VERSION_NUMBER < 0x10100000L ctx = SSL_CTX_new(TLSv1_2_method()); #else ctx = SSL_CTX_new(TLS_method()); #endif if (ctx == NULL) { fprintf(stderr, "OpenSSL error could not create SSL CTX\n"); return -1; } #if OPENSSL_VERSION_NUMBER >= 0x10100000L /* For openssl >= 1.1.0 set the minimum TLS version * with SSL_CTX_set_min_proto_version */ ret = SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION); if(ret == 0){ fprintf(stderr, "OpenSSL error when setting TLS1_2 with SSL_CTX_set_min_proto_version\n"); return -1; } #endif #ifdef SSL_OP_NO_COMPRESSION /* No compression and no SSL_v2 */ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION); #else /* OpenSSL might not support disabling compression */ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); #endif /* Call our custom certificate lookup function */ ret = provision_certificates(); if (ret != 0) { return ret; } #ifdef SSL_FILES_EMBED openssl_store = SSL_CTX_get_cert_store(ctx); if (openssl_store == NULL) { fprintf(stderr, "OpenSSL error while loading the X509 certificate store\n"); return -1; } for (i = 0; i < CA_CERTS_NB; i++) { ret = X509_STORE_add_cert(openssl_store, ca_file_mem[i]); if (ret != 1) { fprintf(stderr, "OpenSSL error while loading %d CA certificate\n", i); return -1; } } #else ret = SSL_CTX_load_verify_locations(ctx, ca_file_path, NULL); if (ret != 1) { fprintf(stderr, "OpenSSL error while loading CA\n"); return -1; } #endif #ifdef SSL_FILES_EMBED ret = SSL_CTX_use_certificate(ctx, cert_file_mem); #else ret = SSL_CTX_use_certificate_file(ctx, cert_file_path, SSL_FILETYPE_PEM); #endif if (ret != 1) { fprintf(stderr, "OpenSSL error while parsing cert\n"); return -1; } #ifdef SSL_FILES_EMBED ret = SSL_CTX_use_RSAPrivateKey(ctx, private_key_file_mem); #else ret = SSL_CTX_use_PrivateKey_file(ctx, private_key_path, SSL_FILETYPE_PEM); #endif if (ret != 1) { fprintf(stderr, "OpenSSL error while parsing pkey\n"); return -1; } if (!SSL_CTX_check_private_key(ctx)) { fprintf(stderr, "OpenSSL error no PKEY in CTX\n"); return -1; } ssl = SSL_new(ctx); if (ssl == NULL) { fprintf(stderr, "OpenSSL error could not create SSL structure\n"); return -1; } ret = SSL_set_fd(ssl, sock); if (ret != 1) { fprintf(stderr, "OpenSSL error attaching to socket\n"); return -1; } ret = SSL_connect(ssl); if (ret != 1) { fprintf(stderr, "OpenSSL *** Handshake error\n"); return -1; } /* Obtain the server certificate. */ peercert = SSL_get_peer_certificate(ssl); if (peercert == NULL) { fprintf(stderr, "OpenSSL peer certificate missing"); return -1; } /* Check the certificate verification result. * Could allow an explicit certificate validation override */ verifystatus = SSL_get_verify_result(ssl); if (verifystatus != X509_V_OK) { fprintf(stderr, "SSL_connect: verify result: %s\n", X509_verify_cert_error_string(verifystatus)); return -1; } #ifdef SSL_SERVER_FILES_EMBED /* We have to check the provided authorized server certificates */ if(is_certificate_in_list(&peercert[0], server_file_buff, SERVER_CERTS_NB) == 0){ fprintf(stderr, "SSL_connect error: peer server certificate is not in the allowed list!\n"); return -1; } #endif return 0; } int purge_openssl(void) { if (ssl != NULL) { switch (SSL_shutdown(ssl)) { case 1: break; case 0: SSL_shutdown(ssl); break; case -1: fprintf(stderr, "Error while shutting down\n"); } SSL_free(ssl); } if (ctx != NULL) { SSL_CTX_free(ctx); } return 0; } #else /* Disable -Wpedantic locally to avoid the empty translation unit */ /* warning (which is indeed not ISO C compliant) */ #if GCC_VERSION > 40600 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wpedantic" #pragma GCC diagnostic pop #endif #endif caml-crush-1.0.12/src/client-lib/pkcs11_rpc.h000066400000000000000000001655251414774042300206050ustar00rootroot00000000000000/* * Please do not edit this file. * It was generated using rpcgen. */ #ifndef _PKCS11_RPC_H_RPCGEN #define _PKCS11_RPC_H_RPCGEN #include #include #ifdef __cplusplus extern "C" { #endif #ifdef WIN32 #include #define quad_t int64_t #endif extern CLIENT *cl; typedef quad_t pkcs11_int; typedef pkcs11_int rpc_ck_rv_t; typedef pkcs11_int rpc_ck_slot_id_t; typedef pkcs11_int rpc_ck_mechanism_type_t; typedef pkcs11_int rpc_ck_session_handle_t; typedef pkcs11_int rpc_ck_user_type_t; typedef pkcs11_int rpc_ck_state_t; typedef pkcs11_int rpc_ck_object_handle_t; typedef pkcs11_int rpc_ck_object_class_t; typedef pkcs11_int rpc_ck_hw_feature_type_t; typedef pkcs11_int rpc_ck_key_type_t; typedef pkcs11_int rpc_ck_certificate_type_t; typedef pkcs11_int rpc_ck_attribute_type_t; typedef pkcs11_int rpc_ck_flags_t; typedef pkcs11_int rpc_ck_notification_t; typedef struct { u_int opaque_data_len; char *opaque_data_val; } opaque_data; struct rpc_ck_version { struct { u_int major_len; char *major_val; } major; struct { u_int minor_len; char *minor_val; } minor; }; typedef struct rpc_ck_version rpc_ck_version; struct rpc_ck_info { rpc_ck_version rpc_ck_info_cryptoki_version; struct { u_int rpc_ck_info_manufacturer_id_len; char *rpc_ck_info_manufacturer_id_val; } rpc_ck_info_manufacturer_id; rpc_ck_flags_t rpc_ck_info_flags; struct { u_int rpc_ck_info_library_description_len; char *rpc_ck_info_library_description_val; } rpc_ck_info_library_description; rpc_ck_version rpc_ck_info_library_version; }; typedef struct rpc_ck_info rpc_ck_info; struct rpc_ck_slot_info { struct { u_int rpc_ck_slot_info_slot_description_len; char *rpc_ck_slot_info_slot_description_val; } rpc_ck_slot_info_slot_description; struct { u_int rpc_ck_slot_info_manufacturer_id_len; char *rpc_ck_slot_info_manufacturer_id_val; } rpc_ck_slot_info_manufacturer_id; rpc_ck_flags_t rpc_ck_slot_info_flags; rpc_ck_version rpc_ck_slot_info_hardware_version; rpc_ck_version rpc_ck_slot_info_firmware_version; }; typedef struct rpc_ck_slot_info rpc_ck_slot_info; struct rpc_ck_token_info { struct { u_int rpc_ck_token_info_label_len; char *rpc_ck_token_info_label_val; } rpc_ck_token_info_label; struct { u_int rpc_ck_token_info_manufacturer_id_len; char *rpc_ck_token_info_manufacturer_id_val; } rpc_ck_token_info_manufacturer_id; struct { u_int rpc_ck_token_info_model_len; char *rpc_ck_token_info_model_val; } rpc_ck_token_info_model; struct { u_int rpc_ck_token_info_serial_number_len; char *rpc_ck_token_info_serial_number_val; } rpc_ck_token_info_serial_number; rpc_ck_flags_t rpc_ck_token_info_flags; pkcs11_int rpc_ck_token_info_max_session_count; pkcs11_int rpc_ck_token_info_session_count; pkcs11_int rpc_ck_token_info_max_rw_session_count; pkcs11_int rpc_ck_token_info_rw_session_count; pkcs11_int rpc_ck_token_info_max_pin_len; pkcs11_int rpc_ck_token_info_min_pin_len; pkcs11_int rpc_ck_token_info_total_public_memory; pkcs11_int rpc_ck_token_info_free_public_memory; pkcs11_int rpc_ck_token_info_total_private_memory; pkcs11_int rpc_ck_token_info_free_private_memory; rpc_ck_version rpc_ck_token_info_hardware_version; rpc_ck_version rpc_ck_token_info_firmware_version; struct { u_int rpc_ck_token_info_utc_time_len; char *rpc_ck_token_info_utc_time_val; } rpc_ck_token_info_utc_time; }; typedef struct rpc_ck_token_info rpc_ck_token_info; struct rpc_ck_mechanism { rpc_ck_mechanism_type_t rpc_ck_mechanism_mechanism; struct { u_int rpc_ck_mechanism_parameter_len; char *rpc_ck_mechanism_parameter_val; } rpc_ck_mechanism_parameter; }; typedef struct rpc_ck_mechanism rpc_ck_mechanism; struct rpc_ck_session_info { rpc_ck_slot_id_t rpc_ck_session_info_slot_id; rpc_ck_state_t rpc_ck_session_info_state; rpc_ck_flags_t rpc_ck_session_info_flags; pkcs11_int rpc_ck_session_info_device_error; }; typedef struct rpc_ck_session_info rpc_ck_session_info; struct rpc_ck_mechanism_info { pkcs11_int rpc_ck_mechanism_info_min_key_size; pkcs11_int rpc_ck_mechanism_info_max_key_size; rpc_ck_flags_t rpc_ck_mechanism_info_flags; }; typedef struct rpc_ck_mechanism_info rpc_ck_mechanism_info; struct rpc_ck_attribute { rpc_ck_attribute_type_t rpc_ck_attribute_type; struct { u_int rpc_ck_attribute_value_len; char *rpc_ck_attribute_value_val; } rpc_ck_attribute_value; pkcs11_int rpc_ck_attribute_value_len; }; typedef struct rpc_ck_attribute rpc_ck_attribute; typedef struct { u_int rpc_ck_attribute_array_len; rpc_ck_attribute *rpc_ck_attribute_array_val; } rpc_ck_attribute_array; struct rpc_ck_date { struct { u_int rpc_ck_date_year_len; char *rpc_ck_date_year_val; } rpc_ck_date_year; struct { u_int rpc_ck_date_month_len; char *rpc_ck_date_month_val; } rpc_ck_date_month; struct { u_int rpc_ck_date_day_len; char *rpc_ck_date_day_val; } rpc_ck_date_day; }; typedef struct rpc_ck_date rpc_ck_date; struct ck_rv_c_GetSlotList { rpc_ck_rv_t c_GetSlotList_rv; struct { u_int c_GetSlotList_slot_list_len; rpc_ck_slot_id_t *c_GetSlotList_slot_list_val; } c_GetSlotList_slot_list; pkcs11_int c_GetSlotList_count; }; typedef struct ck_rv_c_GetSlotList ck_rv_c_GetSlotList; struct ck_rv_c_GetSlotInfo { rpc_ck_rv_t c_GetSlotInfo_rv; rpc_ck_slot_info c_GetSlotInfo_slot_info; }; typedef struct ck_rv_c_GetSlotInfo ck_rv_c_GetSlotInfo; struct ck_rv_c_GetTokenInfo { rpc_ck_rv_t c_GetTokenInfo_rv; rpc_ck_token_info c_GetTokenInfo_token_info; }; typedef struct ck_rv_c_GetTokenInfo ck_rv_c_GetTokenInfo; struct ck_rv_c_GetInfo { rpc_ck_rv_t c_GetInfo_rv; rpc_ck_info c_GetInfo_info; }; typedef struct ck_rv_c_GetInfo ck_rv_c_GetInfo; struct ck_rv_c_WaitForSlotEvent { rpc_ck_rv_t c_WaitForSlotEvent_rv; rpc_ck_slot_id_t c_WaitForSlotEvent_count; }; typedef struct ck_rv_c_WaitForSlotEvent ck_rv_c_WaitForSlotEvent; struct ck_rv_c_OpenSession { rpc_ck_rv_t c_OpenSession_rv; rpc_ck_session_handle_t c_OpenSession_handle; }; typedef struct ck_rv_c_OpenSession ck_rv_c_OpenSession; struct ck_rv_c_GetMechanismList { rpc_ck_rv_t c_GetMechanismList_rv; struct { u_int c_GetMechanismList_list_len; rpc_ck_mechanism_type_t *c_GetMechanismList_list_val; } c_GetMechanismList_list; pkcs11_int c_GetMechanismList_count; }; typedef struct ck_rv_c_GetMechanismList ck_rv_c_GetMechanismList; struct ck_rv_c_GetSessionInfo { rpc_ck_rv_t c_GetSessionInfo_rv; rpc_ck_session_info c_GetSessionInfo_info; }; typedef struct ck_rv_c_GetSessionInfo ck_rv_c_GetSessionInfo; struct ck_rv_c_GetMechanismInfo { rpc_ck_rv_t c_GetMechanismInfo_rv; rpc_ck_mechanism_info c_GetMechanismInfo_info; }; typedef struct ck_rv_c_GetMechanismInfo ck_rv_c_GetMechanismInfo; struct ck_rv_c_GenerateRandom { rpc_ck_rv_t c_GenerateRandom_rv; struct { u_int c_GenerateRandom_data_len; char *c_GenerateRandom_data_val; } c_GenerateRandom_data; }; typedef struct ck_rv_c_GenerateRandom ck_rv_c_GenerateRandom; struct ck_rv_c_FindObjects { rpc_ck_rv_t c_FindObjects_rv; struct { u_int c_FindObjects_objects_len; rpc_ck_object_handle_t *c_FindObjects_objects_val; } c_FindObjects_objects; pkcs11_int c_FindObjects_count; }; typedef struct ck_rv_c_FindObjects ck_rv_c_FindObjects; struct ck_rv_c_GenerateKey { rpc_ck_rv_t c_GenerateKey_rv; rpc_ck_object_handle_t c_GenerateKey_handle; }; typedef struct ck_rv_c_GenerateKey ck_rv_c_GenerateKey; struct ck_rv_c_GenerateKeyPair { rpc_ck_rv_t c_GenerateKeyPair_rv; rpc_ck_object_handle_t c_GenerateKeyPair_pubhandle; rpc_ck_object_handle_t c_GenerateKeyPair_privhandle; }; typedef struct ck_rv_c_GenerateKeyPair ck_rv_c_GenerateKeyPair; struct ck_rv_c_CreateObject { rpc_ck_rv_t c_CreateObject_rv; rpc_ck_object_handle_t c_CreateObject_handle; }; typedef struct ck_rv_c_CreateObject ck_rv_c_CreateObject; struct ck_rv_c_CopyObject { rpc_ck_rv_t c_CopyObject_rv; rpc_ck_object_handle_t c_CopyObject_handle; }; typedef struct ck_rv_c_CopyObject ck_rv_c_CopyObject; struct ck_rv_c_GetAttributeValue { rpc_ck_rv_t c_GetAttributeValue_rv; rpc_ck_attribute_array c_GetAttributeValue_value; }; typedef struct ck_rv_c_GetAttributeValue ck_rv_c_GetAttributeValue; struct ck_rv_c_GetObjectSize { rpc_ck_rv_t c_GetObjectSize_rv; pkcs11_int c_GetObjectSize_size; }; typedef struct ck_rv_c_GetObjectSize ck_rv_c_GetObjectSize; struct ck_rv_c_WrapKey { rpc_ck_rv_t c_WrapKey_rv; struct { u_int c_WrapKey_value_len; char *c_WrapKey_value_val; } c_WrapKey_value; }; typedef struct ck_rv_c_WrapKey ck_rv_c_WrapKey; struct ck_rv_c_UnwrapKey { rpc_ck_rv_t c_UnwrapKey_rv; rpc_ck_object_handle_t c_UnwrapKey_handle; }; typedef struct ck_rv_c_UnwrapKey ck_rv_c_UnwrapKey; struct ck_rv_c_DeriveKey { rpc_ck_rv_t c_DeriveKey_rv; rpc_ck_object_handle_t c_DeriveKey_handle; }; typedef struct ck_rv_c_DeriveKey ck_rv_c_DeriveKey; struct ck_rv_c_Digest { rpc_ck_rv_t c_Digest_rv; struct { u_int c_Digest_value_len; char *c_Digest_value_val; } c_Digest_value; }; typedef struct ck_rv_c_Digest ck_rv_c_Digest; struct ck_rv_c_DigestFinal { rpc_ck_rv_t c_DigestFinal_rv; struct { u_int c_DigestFinal_value_len; char *c_DigestFinal_value_val; } c_DigestFinal_value; }; typedef struct ck_rv_c_DigestFinal ck_rv_c_DigestFinal; struct ck_rv_c_Sign { rpc_ck_rv_t c_Sign_rv; struct { u_int c_Sign_value_len; char *c_Sign_value_val; } c_Sign_value; }; typedef struct ck_rv_c_Sign ck_rv_c_Sign; struct ck_rv_c_SignFinal { rpc_ck_rv_t c_SignFinal_rv; struct { u_int c_SignFinal_value_len; char *c_SignFinal_value_val; } c_SignFinal_value; }; typedef struct ck_rv_c_SignFinal ck_rv_c_SignFinal; struct ck_rv_c_Encrypt { rpc_ck_rv_t c_Encrypt_rv; struct { u_int c_Encrypt_value_len; char *c_Encrypt_value_val; } c_Encrypt_value; }; typedef struct ck_rv_c_Encrypt ck_rv_c_Encrypt; struct ck_rv_c_EncryptUpdate { rpc_ck_rv_t c_EncryptUpdate_rv; struct { u_int c_EncryptUpdate_value_len; char *c_EncryptUpdate_value_val; } c_EncryptUpdate_value; }; typedef struct ck_rv_c_EncryptUpdate ck_rv_c_EncryptUpdate; struct ck_rv_c_EncryptFinal { rpc_ck_rv_t c_EncryptFinal_rv; struct { u_int c_EncryptFinal_value_len; char *c_EncryptFinal_value_val; } c_EncryptFinal_value; }; typedef struct ck_rv_c_EncryptFinal ck_rv_c_EncryptFinal; struct ck_rv_c_Decrypt { rpc_ck_rv_t c_Decrypt_rv; struct { u_int c_Decrypt_value_len; char *c_Decrypt_value_val; } c_Decrypt_value; }; typedef struct ck_rv_c_Decrypt ck_rv_c_Decrypt; struct ck_rv_c_DecryptUpdate { rpc_ck_rv_t c_DecryptUpdate_rv; struct { u_int c_DecryptUpdate_value_len; char *c_DecryptUpdate_value_val; } c_DecryptUpdate_value; }; typedef struct ck_rv_c_DecryptUpdate ck_rv_c_DecryptUpdate; struct ck_rv_c_DecryptFinal { rpc_ck_rv_t c_DecryptFinal_rv; struct { u_int c_DecryptFinal_value_len; char *c_DecryptFinal_value_val; } c_DecryptFinal_value; }; typedef struct ck_rv_c_DecryptFinal ck_rv_c_DecryptFinal; struct ck_rv_c_SignRecover { rpc_ck_rv_t c_SignRecover_rv; struct { u_int c_SignRecover_value_len; char *c_SignRecover_value_val; } c_SignRecover_value; }; typedef struct ck_rv_c_SignRecover ck_rv_c_SignRecover; struct ck_rv_c_VerifyRecover { rpc_ck_rv_t c_VerifyRecover_rv; struct { u_int c_VerifyRecover_value_len; char *c_VerifyRecover_value_val; } c_VerifyRecover_value; }; typedef struct ck_rv_c_VerifyRecover ck_rv_c_VerifyRecover; struct ck_rv_c_DigestEncryptUpdate { rpc_ck_rv_t c_DigestEncryptUpdate_rv; struct { u_int c_DigestEncryptUpdate_value_len; char *c_DigestEncryptUpdate_value_val; } c_DigestEncryptUpdate_value; }; typedef struct ck_rv_c_DigestEncryptUpdate ck_rv_c_DigestEncryptUpdate; struct ck_rv_c_DecryptDigestUpdate { rpc_ck_rv_t c_DecryptDigestUpdate_rv; struct { u_int c_DecryptDigestUpdate_value_len; char *c_DecryptDigestUpdate_value_val; } c_DecryptDigestUpdate_value; }; typedef struct ck_rv_c_DecryptDigestUpdate ck_rv_c_DecryptDigestUpdate; struct ck_rv_c_SignEncryptUpdate { rpc_ck_rv_t c_SignEncryptUpdate_rv; struct { u_int c_SignEncryptUpdate_value_len; char *c_SignEncryptUpdate_value_val; } c_SignEncryptUpdate_value; }; typedef struct ck_rv_c_SignEncryptUpdate ck_rv_c_SignEncryptUpdate; struct ck_rv_c_DecryptVerifyUpdate { rpc_ck_rv_t c_DecryptVerifyUpdate_rv; struct { u_int c_DecryptVerifyUpdate_value_len; char *c_DecryptVerifyUpdate_value_val; } c_DecryptVerifyUpdate_value; }; typedef struct ck_rv_c_DecryptVerifyUpdate ck_rv_c_DecryptVerifyUpdate; struct ck_rv_c_GetOperationState { rpc_ck_rv_t c_GetOperationState_rv; struct { u_int c_GetOperationState_value_len; char *c_GetOperationState_value_val; } c_GetOperationState_value; }; typedef struct ck_rv_c_GetOperationState ck_rv_c_GetOperationState; struct c_getslotlist_3_argument { pkcs11_int arg1; pkcs11_int arg2; }; typedef struct c_getslotlist_3_argument c_getslotlist_3_argument; struct c_login_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_user_type_t arg2; opaque_data arg3; }; typedef struct c_login_3_argument c_login_3_argument; struct c_opensession_3_argument { rpc_ck_slot_id_t arg1; rpc_ck_flags_t arg2; }; typedef struct c_opensession_3_argument c_opensession_3_argument; struct c_getmechanismlist_3_argument { rpc_ck_slot_id_t arg1; pkcs11_int arg2; }; typedef struct c_getmechanismlist_3_argument c_getmechanismlist_3_argument; struct c_getmechanisminfo_3_argument { rpc_ck_slot_id_t arg1; rpc_ck_mechanism_type_t arg2; }; typedef struct c_getmechanisminfo_3_argument c_getmechanisminfo_3_argument; struct c_initpin_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_initpin_3_argument c_initpin_3_argument; struct c_setpin_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; opaque_data arg3; }; typedef struct c_setpin_3_argument c_setpin_3_argument; struct c_seedrandom_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_seedrandom_3_argument c_seedrandom_3_argument; struct c_inittoken_3_argument { rpc_ck_slot_id_t arg1; opaque_data arg2; opaque_data arg3; }; typedef struct c_inittoken_3_argument c_inittoken_3_argument; struct c_generaterandom_3_argument { rpc_ck_session_handle_t arg1; pkcs11_int arg2; }; typedef struct c_generaterandom_3_argument c_generaterandom_3_argument; struct c_findobjectsinit_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_attribute_array arg2; }; typedef struct c_findobjectsinit_3_argument c_findobjectsinit_3_argument; struct c_findobjects_3_argument { rpc_ck_session_handle_t arg1; pkcs11_int arg2; }; typedef struct c_findobjects_3_argument c_findobjects_3_argument; struct c_generatekey_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_mechanism arg2; rpc_ck_attribute_array arg3; }; typedef struct c_generatekey_3_argument c_generatekey_3_argument; struct c_generatekeypair_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_mechanism arg2; rpc_ck_attribute_array arg3; rpc_ck_attribute_array arg4; }; typedef struct c_generatekeypair_3_argument c_generatekeypair_3_argument; struct c_createobject_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_attribute_array arg2; }; typedef struct c_createobject_3_argument c_createobject_3_argument; struct c_copyobject_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_object_handle_t arg2; rpc_ck_attribute_array arg3; }; typedef struct c_copyobject_3_argument c_copyobject_3_argument; struct c_destroyobject_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_object_handle_t arg2; }; typedef struct c_destroyobject_3_argument c_destroyobject_3_argument; struct c_getattributevalue_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_object_handle_t arg2; rpc_ck_attribute_array arg3; }; typedef struct c_getattributevalue_3_argument c_getattributevalue_3_argument; struct c_setattributevalue_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_object_handle_t arg2; rpc_ck_attribute_array arg3; }; typedef struct c_setattributevalue_3_argument c_setattributevalue_3_argument; struct c_getobjectsize_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_object_handle_t arg2; }; typedef struct c_getobjectsize_3_argument c_getobjectsize_3_argument; struct c_wrapkey_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_mechanism arg2; rpc_ck_object_handle_t arg3; rpc_ck_object_handle_t arg4; }; typedef struct c_wrapkey_3_argument c_wrapkey_3_argument; struct c_unwrapkey_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_mechanism arg2; rpc_ck_object_handle_t arg3; opaque_data arg4; rpc_ck_attribute_array arg5; }; typedef struct c_unwrapkey_3_argument c_unwrapkey_3_argument; struct c_derivekey_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_mechanism arg2; rpc_ck_object_handle_t arg3; rpc_ck_attribute_array arg4; }; typedef struct c_derivekey_3_argument c_derivekey_3_argument; struct c_digestinit_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_mechanism arg2; }; typedef struct c_digestinit_3_argument c_digestinit_3_argument; struct c_digest_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_digest_3_argument c_digest_3_argument; struct c_digestupdate_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_digestupdate_3_argument c_digestupdate_3_argument; struct c_digestkey_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_object_handle_t arg2; }; typedef struct c_digestkey_3_argument c_digestkey_3_argument; struct c_signinit_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_mechanism arg2; rpc_ck_object_handle_t arg3; }; typedef struct c_signinit_3_argument c_signinit_3_argument; struct c_sign_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_sign_3_argument c_sign_3_argument; struct c_signupdate_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_signupdate_3_argument c_signupdate_3_argument; struct c_verifyinit_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_mechanism arg2; rpc_ck_object_handle_t arg3; }; typedef struct c_verifyinit_3_argument c_verifyinit_3_argument; struct c_verify_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; opaque_data arg3; }; typedef struct c_verify_3_argument c_verify_3_argument; struct c_verifyupdate_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_verifyupdate_3_argument c_verifyupdate_3_argument; struct c_verifyfinal_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_verifyfinal_3_argument c_verifyfinal_3_argument; struct c_encryptinit_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_mechanism arg2; rpc_ck_object_handle_t arg3; }; typedef struct c_encryptinit_3_argument c_encryptinit_3_argument; struct c_encrypt_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_encrypt_3_argument c_encrypt_3_argument; struct c_encryptupdate_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_encryptupdate_3_argument c_encryptupdate_3_argument; struct c_decryptinit_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_mechanism arg2; rpc_ck_object_handle_t arg3; }; typedef struct c_decryptinit_3_argument c_decryptinit_3_argument; struct c_decrypt_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_decrypt_3_argument c_decrypt_3_argument; struct c_decryptupdate_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_decryptupdate_3_argument c_decryptupdate_3_argument; struct c_signrecoverinit_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_mechanism arg2; rpc_ck_object_handle_t arg3; }; typedef struct c_signrecoverinit_3_argument c_signrecoverinit_3_argument; struct c_signrecover_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_signrecover_3_argument c_signrecover_3_argument; struct c_verifyrecoverinit_3_argument { rpc_ck_session_handle_t arg1; rpc_ck_mechanism arg2; rpc_ck_object_handle_t arg3; }; typedef struct c_verifyrecoverinit_3_argument c_verifyrecoverinit_3_argument; struct c_verifyrecover_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_verifyrecover_3_argument c_verifyrecover_3_argument; struct c_digestencryptupdate_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_digestencryptupdate_3_argument c_digestencryptupdate_3_argument; struct c_signencryptupdate_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_signencryptupdate_3_argument c_signencryptupdate_3_argument; struct c_decryptdigestupdate_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_decryptdigestupdate_3_argument c_decryptdigestupdate_3_argument; struct c_decryptverifyupdate_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; }; typedef struct c_decryptverifyupdate_3_argument c_decryptverifyupdate_3_argument; struct c_setoperationstate_3_argument { rpc_ck_session_handle_t arg1; opaque_data arg2; rpc_ck_object_handle_t arg3; rpc_ck_object_handle_t arg4; }; typedef struct c_setoperationstate_3_argument c_setoperationstate_3_argument; #define P 4 #define V 3 #if defined(__STDC__) || defined(__cplusplus) #define c_SetupArch 2 extern enum clnt_stat c_setuparch_3(pkcs11_int , rpc_ck_rv_t *, CLIENT *); extern bool_t c_setuparch_3_svc(pkcs11_int , rpc_ck_rv_t *, struct svc_req *); #define c_Initialize 3 extern enum clnt_stat c_initialize_3(rpc_ck_rv_t *, CLIENT *); extern bool_t c_initialize_3_svc(rpc_ck_rv_t *, struct svc_req *); #define c_GetSlotList 4 extern enum clnt_stat c_getslotlist_3(pkcs11_int , pkcs11_int , ck_rv_c_GetSlotList *, CLIENT *); extern bool_t c_getslotlist_3_svc(pkcs11_int , pkcs11_int , ck_rv_c_GetSlotList *, struct svc_req *); #define c_GetInfo 5 extern enum clnt_stat c_getinfo_3(ck_rv_c_GetInfo *, CLIENT *); extern bool_t c_getinfo_3_svc(ck_rv_c_GetInfo *, struct svc_req *); #define c_WaitForSlotEvent 6 extern enum clnt_stat c_waitforslotevent_3(rpc_ck_flags_t , ck_rv_c_WaitForSlotEvent *, CLIENT *); extern bool_t c_waitforslotevent_3_svc(rpc_ck_flags_t , ck_rv_c_WaitForSlotEvent *, struct svc_req *); #define c_GetSlotInfo 7 extern enum clnt_stat c_getslotinfo_3(rpc_ck_slot_id_t , ck_rv_c_GetSlotInfo *, CLIENT *); extern bool_t c_getslotinfo_3_svc(rpc_ck_slot_id_t , ck_rv_c_GetSlotInfo *, struct svc_req *); #define c_GetTokenInfo 8 extern enum clnt_stat c_gettokeninfo_3(rpc_ck_slot_id_t , ck_rv_c_GetTokenInfo *, CLIENT *); extern bool_t c_gettokeninfo_3_svc(rpc_ck_slot_id_t , ck_rv_c_GetTokenInfo *, struct svc_req *); #define c_Login 9 extern enum clnt_stat c_login_3(rpc_ck_session_handle_t , rpc_ck_user_type_t , opaque_data , rpc_ck_rv_t *, CLIENT *); extern bool_t c_login_3_svc(rpc_ck_session_handle_t , rpc_ck_user_type_t , opaque_data , rpc_ck_rv_t *, struct svc_req *); #define c_Logout 10 extern enum clnt_stat c_logout_3(rpc_ck_session_handle_t , rpc_ck_rv_t *, CLIENT *); extern bool_t c_logout_3_svc(rpc_ck_session_handle_t , rpc_ck_rv_t *, struct svc_req *); #define c_OpenSession 11 extern enum clnt_stat c_opensession_3(rpc_ck_slot_id_t , rpc_ck_flags_t , ck_rv_c_OpenSession *, CLIENT *); extern bool_t c_opensession_3_svc(rpc_ck_slot_id_t , rpc_ck_flags_t , ck_rv_c_OpenSession *, struct svc_req *); #define c_CloseSession 12 extern enum clnt_stat c_closesession_3(rpc_ck_session_handle_t , rpc_ck_rv_t *, CLIENT *); extern bool_t c_closesession_3_svc(rpc_ck_session_handle_t , rpc_ck_rv_t *, struct svc_req *); #define c_Finalize 13 extern enum clnt_stat c_finalize_3(rpc_ck_rv_t *, CLIENT *); extern bool_t c_finalize_3_svc(rpc_ck_rv_t *, struct svc_req *); #define c_GetMechanismList 14 extern enum clnt_stat c_getmechanismlist_3(rpc_ck_slot_id_t , pkcs11_int , ck_rv_c_GetMechanismList *, CLIENT *); extern bool_t c_getmechanismlist_3_svc(rpc_ck_slot_id_t , pkcs11_int , ck_rv_c_GetMechanismList *, struct svc_req *); #define c_CloseAllSessions 15 extern enum clnt_stat c_closeallsessions_3(rpc_ck_slot_id_t , rpc_ck_rv_t *, CLIENT *); extern bool_t c_closeallsessions_3_svc(rpc_ck_slot_id_t , rpc_ck_rv_t *, struct svc_req *); #define c_GetSessionInfo 16 extern enum clnt_stat c_getsessioninfo_3(rpc_ck_session_handle_t , ck_rv_c_GetSessionInfo *, CLIENT *); extern bool_t c_getsessioninfo_3_svc(rpc_ck_session_handle_t , ck_rv_c_GetSessionInfo *, struct svc_req *); #define c_GetMechanismInfo 17 extern enum clnt_stat c_getmechanisminfo_3(rpc_ck_slot_id_t , rpc_ck_mechanism_type_t , ck_rv_c_GetMechanismInfo *, CLIENT *); extern bool_t c_getmechanisminfo_3_svc(rpc_ck_slot_id_t , rpc_ck_mechanism_type_t , ck_rv_c_GetMechanismInfo *, struct svc_req *); #define c_InitPIN 18 extern enum clnt_stat c_initpin_3(rpc_ck_session_handle_t , opaque_data , rpc_ck_rv_t *, CLIENT *); extern bool_t c_initpin_3_svc(rpc_ck_session_handle_t , opaque_data , rpc_ck_rv_t *, struct svc_req *); #define c_SetPIN 19 extern enum clnt_stat c_setpin_3(rpc_ck_session_handle_t , opaque_data , opaque_data , rpc_ck_rv_t *, CLIENT *); extern bool_t c_setpin_3_svc(rpc_ck_session_handle_t , opaque_data , opaque_data , rpc_ck_rv_t *, struct svc_req *); #define c_SeedRandom 20 extern enum clnt_stat c_seedrandom_3(rpc_ck_session_handle_t , opaque_data , rpc_ck_rv_t *, CLIENT *); extern bool_t c_seedrandom_3_svc(rpc_ck_session_handle_t , opaque_data , rpc_ck_rv_t *, struct svc_req *); #define c_InitToken 21 extern enum clnt_stat c_inittoken_3(rpc_ck_slot_id_t , opaque_data , opaque_data , rpc_ck_rv_t *, CLIENT *); extern bool_t c_inittoken_3_svc(rpc_ck_slot_id_t , opaque_data , opaque_data , rpc_ck_rv_t *, struct svc_req *); #define c_GenerateRandom 22 extern enum clnt_stat c_generaterandom_3(rpc_ck_session_handle_t , pkcs11_int , ck_rv_c_GenerateRandom *, CLIENT *); extern bool_t c_generaterandom_3_svc(rpc_ck_session_handle_t , pkcs11_int , ck_rv_c_GenerateRandom *, struct svc_req *); #define c_FindObjectsInit 23 extern enum clnt_stat c_findobjectsinit_3(rpc_ck_session_handle_t , rpc_ck_attribute_array , rpc_ck_rv_t *, CLIENT *); extern bool_t c_findobjectsinit_3_svc(rpc_ck_session_handle_t , rpc_ck_attribute_array , rpc_ck_rv_t *, struct svc_req *); #define c_FindObjects 24 extern enum clnt_stat c_findobjects_3(rpc_ck_session_handle_t , pkcs11_int , ck_rv_c_FindObjects *, CLIENT *); extern bool_t c_findobjects_3_svc(rpc_ck_session_handle_t , pkcs11_int , ck_rv_c_FindObjects *, struct svc_req *); #define c_FindObjectsFinal 25 extern enum clnt_stat c_findobjectsfinal_3(rpc_ck_session_handle_t , rpc_ck_rv_t *, CLIENT *); extern bool_t c_findobjectsfinal_3_svc(rpc_ck_session_handle_t , rpc_ck_rv_t *, struct svc_req *); #define c_GenerateKey 26 extern enum clnt_stat c_generatekey_3(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_attribute_array , ck_rv_c_GenerateKey *, CLIENT *); extern bool_t c_generatekey_3_svc(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_attribute_array , ck_rv_c_GenerateKey *, struct svc_req *); #define c_GenerateKeyPair 27 extern enum clnt_stat c_generatekeypair_3(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_attribute_array , rpc_ck_attribute_array , ck_rv_c_GenerateKeyPair *, CLIENT *); extern bool_t c_generatekeypair_3_svc(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_attribute_array , rpc_ck_attribute_array , ck_rv_c_GenerateKeyPair *, struct svc_req *); #define c_CreateObject 28 extern enum clnt_stat c_createobject_3(rpc_ck_session_handle_t , rpc_ck_attribute_array , ck_rv_c_CreateObject *, CLIENT *); extern bool_t c_createobject_3_svc(rpc_ck_session_handle_t , rpc_ck_attribute_array , ck_rv_c_CreateObject *, struct svc_req *); #define c_CopyObject 29 extern enum clnt_stat c_copyobject_3(rpc_ck_session_handle_t , rpc_ck_object_handle_t , rpc_ck_attribute_array , ck_rv_c_CopyObject *, CLIENT *); extern bool_t c_copyobject_3_svc(rpc_ck_session_handle_t , rpc_ck_object_handle_t , rpc_ck_attribute_array , ck_rv_c_CopyObject *, struct svc_req *); #define c_DestroyObject 30 extern enum clnt_stat c_destroyobject_3(rpc_ck_session_handle_t , rpc_ck_object_handle_t , rpc_ck_rv_t *, CLIENT *); extern bool_t c_destroyobject_3_svc(rpc_ck_session_handle_t , rpc_ck_object_handle_t , rpc_ck_rv_t *, struct svc_req *); #define c_GetAttributeValue 31 extern enum clnt_stat c_getattributevalue_3(rpc_ck_session_handle_t , rpc_ck_object_handle_t , rpc_ck_attribute_array , ck_rv_c_GetAttributeValue *, CLIENT *); extern bool_t c_getattributevalue_3_svc(rpc_ck_session_handle_t , rpc_ck_object_handle_t , rpc_ck_attribute_array , ck_rv_c_GetAttributeValue *, struct svc_req *); #define c_SetAttributeValue 32 extern enum clnt_stat c_setattributevalue_3(rpc_ck_session_handle_t , rpc_ck_object_handle_t , rpc_ck_attribute_array , rpc_ck_rv_t *, CLIENT *); extern bool_t c_setattributevalue_3_svc(rpc_ck_session_handle_t , rpc_ck_object_handle_t , rpc_ck_attribute_array , rpc_ck_rv_t *, struct svc_req *); #define c_GetObjectSize 33 extern enum clnt_stat c_getobjectsize_3(rpc_ck_session_handle_t , rpc_ck_object_handle_t , ck_rv_c_GetObjectSize *, CLIENT *); extern bool_t c_getobjectsize_3_svc(rpc_ck_session_handle_t , rpc_ck_object_handle_t , ck_rv_c_GetObjectSize *, struct svc_req *); #define c_WrapKey 34 extern enum clnt_stat c_wrapkey_3(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , rpc_ck_object_handle_t , ck_rv_c_WrapKey *, CLIENT *); extern bool_t c_wrapkey_3_svc(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , rpc_ck_object_handle_t , ck_rv_c_WrapKey *, struct svc_req *); #define c_UnwrapKey 35 extern enum clnt_stat c_unwrapkey_3(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , opaque_data , rpc_ck_attribute_array , ck_rv_c_UnwrapKey *, CLIENT *); extern bool_t c_unwrapkey_3_svc(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , opaque_data , rpc_ck_attribute_array , ck_rv_c_UnwrapKey *, struct svc_req *); #define c_DeriveKey 36 extern enum clnt_stat c_derivekey_3(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , rpc_ck_attribute_array , ck_rv_c_DeriveKey *, CLIENT *); extern bool_t c_derivekey_3_svc(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , rpc_ck_attribute_array , ck_rv_c_DeriveKey *, struct svc_req *); #define c_DigestInit 37 extern enum clnt_stat c_digestinit_3(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_rv_t *, CLIENT *); extern bool_t c_digestinit_3_svc(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_rv_t *, struct svc_req *); #define c_Digest 38 extern enum clnt_stat c_digest_3(rpc_ck_session_handle_t , opaque_data , ck_rv_c_Digest *, CLIENT *); extern bool_t c_digest_3_svc(rpc_ck_session_handle_t , opaque_data , ck_rv_c_Digest *, struct svc_req *); #define c_DigestUpdate 39 extern enum clnt_stat c_digestupdate_3(rpc_ck_session_handle_t , opaque_data , rpc_ck_rv_t *, CLIENT *); extern bool_t c_digestupdate_3_svc(rpc_ck_session_handle_t , opaque_data , rpc_ck_rv_t *, struct svc_req *); #define c_DigestFinal 40 extern enum clnt_stat c_digestfinal_3(rpc_ck_session_handle_t , ck_rv_c_DigestFinal *, CLIENT *); extern bool_t c_digestfinal_3_svc(rpc_ck_session_handle_t , ck_rv_c_DigestFinal *, struct svc_req *); #define c_DigestKey 41 extern enum clnt_stat c_digestkey_3(rpc_ck_session_handle_t , rpc_ck_object_handle_t , rpc_ck_rv_t *, CLIENT *); extern bool_t c_digestkey_3_svc(rpc_ck_session_handle_t , rpc_ck_object_handle_t , rpc_ck_rv_t *, struct svc_req *); #define c_SignInit 42 extern enum clnt_stat c_signinit_3(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , rpc_ck_rv_t *, CLIENT *); extern bool_t c_signinit_3_svc(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , rpc_ck_rv_t *, struct svc_req *); #define c_Sign 43 extern enum clnt_stat c_sign_3(rpc_ck_session_handle_t , opaque_data , ck_rv_c_Sign *, CLIENT *); extern bool_t c_sign_3_svc(rpc_ck_session_handle_t , opaque_data , ck_rv_c_Sign *, struct svc_req *); #define c_SignUpdate 44 extern enum clnt_stat c_signupdate_3(rpc_ck_session_handle_t , opaque_data , rpc_ck_rv_t *, CLIENT *); extern bool_t c_signupdate_3_svc(rpc_ck_session_handle_t , opaque_data , rpc_ck_rv_t *, struct svc_req *); #define c_SignFinal 45 extern enum clnt_stat c_signfinal_3(rpc_ck_session_handle_t , ck_rv_c_SignFinal *, CLIENT *); extern bool_t c_signfinal_3_svc(rpc_ck_session_handle_t , ck_rv_c_SignFinal *, struct svc_req *); #define c_VerifyInit 46 extern enum clnt_stat c_verifyinit_3(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , rpc_ck_rv_t *, CLIENT *); extern bool_t c_verifyinit_3_svc(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , rpc_ck_rv_t *, struct svc_req *); #define c_Verify 47 extern enum clnt_stat c_verify_3(rpc_ck_session_handle_t , opaque_data , opaque_data , rpc_ck_rv_t *, CLIENT *); extern bool_t c_verify_3_svc(rpc_ck_session_handle_t , opaque_data , opaque_data , rpc_ck_rv_t *, struct svc_req *); #define c_VerifyUpdate 48 extern enum clnt_stat c_verifyupdate_3(rpc_ck_session_handle_t , opaque_data , rpc_ck_rv_t *, CLIENT *); extern bool_t c_verifyupdate_3_svc(rpc_ck_session_handle_t , opaque_data , rpc_ck_rv_t *, struct svc_req *); #define c_VerifyFinal 49 extern enum clnt_stat c_verifyfinal_3(rpc_ck_session_handle_t , opaque_data , rpc_ck_rv_t *, CLIENT *); extern bool_t c_verifyfinal_3_svc(rpc_ck_session_handle_t , opaque_data , rpc_ck_rv_t *, struct svc_req *); #define c_EncryptInit 50 extern enum clnt_stat c_encryptinit_3(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , rpc_ck_rv_t *, CLIENT *); extern bool_t c_encryptinit_3_svc(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , rpc_ck_rv_t *, struct svc_req *); #define c_Encrypt 51 extern enum clnt_stat c_encrypt_3(rpc_ck_session_handle_t , opaque_data , ck_rv_c_Encrypt *, CLIENT *); extern bool_t c_encrypt_3_svc(rpc_ck_session_handle_t , opaque_data , ck_rv_c_Encrypt *, struct svc_req *); #define c_EncryptUpdate 52 extern enum clnt_stat c_encryptupdate_3(rpc_ck_session_handle_t , opaque_data , ck_rv_c_EncryptUpdate *, CLIENT *); extern bool_t c_encryptupdate_3_svc(rpc_ck_session_handle_t , opaque_data , ck_rv_c_EncryptUpdate *, struct svc_req *); #define c_EncryptFinal 53 extern enum clnt_stat c_encryptfinal_3(rpc_ck_session_handle_t , ck_rv_c_EncryptFinal *, CLIENT *); extern bool_t c_encryptfinal_3_svc(rpc_ck_session_handle_t , ck_rv_c_EncryptFinal *, struct svc_req *); #define c_DecryptInit 54 extern enum clnt_stat c_decryptinit_3(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , rpc_ck_rv_t *, CLIENT *); extern bool_t c_decryptinit_3_svc(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , rpc_ck_rv_t *, struct svc_req *); #define c_Decrypt 55 extern enum clnt_stat c_decrypt_3(rpc_ck_session_handle_t , opaque_data , ck_rv_c_Decrypt *, CLIENT *); extern bool_t c_decrypt_3_svc(rpc_ck_session_handle_t , opaque_data , ck_rv_c_Decrypt *, struct svc_req *); #define c_DecryptUpdate 56 extern enum clnt_stat c_decryptupdate_3(rpc_ck_session_handle_t , opaque_data , ck_rv_c_DecryptUpdate *, CLIENT *); extern bool_t c_decryptupdate_3_svc(rpc_ck_session_handle_t , opaque_data , ck_rv_c_DecryptUpdate *, struct svc_req *); #define c_DecryptFinal 57 extern enum clnt_stat c_decryptfinal_3(rpc_ck_session_handle_t , ck_rv_c_DecryptFinal *, CLIENT *); extern bool_t c_decryptfinal_3_svc(rpc_ck_session_handle_t , ck_rv_c_DecryptFinal *, struct svc_req *); #define c_SignRecoverInit 58 extern enum clnt_stat c_signrecoverinit_3(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , rpc_ck_rv_t *, CLIENT *); extern bool_t c_signrecoverinit_3_svc(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , rpc_ck_rv_t *, struct svc_req *); #define c_SignRecover 59 extern enum clnt_stat c_signrecover_3(rpc_ck_session_handle_t , opaque_data , ck_rv_c_SignRecover *, CLIENT *); extern bool_t c_signrecover_3_svc(rpc_ck_session_handle_t , opaque_data , ck_rv_c_SignRecover *, struct svc_req *); #define c_VerifyRecoverInit 60 extern enum clnt_stat c_verifyrecoverinit_3(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , rpc_ck_rv_t *, CLIENT *); extern bool_t c_verifyrecoverinit_3_svc(rpc_ck_session_handle_t , rpc_ck_mechanism , rpc_ck_object_handle_t , rpc_ck_rv_t *, struct svc_req *); #define c_VerifyRecover 61 extern enum clnt_stat c_verifyrecover_3(rpc_ck_session_handle_t , opaque_data , ck_rv_c_VerifyRecover *, CLIENT *); extern bool_t c_verifyrecover_3_svc(rpc_ck_session_handle_t , opaque_data , ck_rv_c_VerifyRecover *, struct svc_req *); #define c_DigestEncryptUpdate 62 extern enum clnt_stat c_digestencryptupdate_3(rpc_ck_session_handle_t , opaque_data , ck_rv_c_DigestEncryptUpdate *, CLIENT *); extern bool_t c_digestencryptupdate_3_svc(rpc_ck_session_handle_t , opaque_data , ck_rv_c_DigestEncryptUpdate *, struct svc_req *); #define c_SignEncryptUpdate 63 extern enum clnt_stat c_signencryptupdate_3(rpc_ck_session_handle_t , opaque_data , ck_rv_c_SignEncryptUpdate *, CLIENT *); extern bool_t c_signencryptupdate_3_svc(rpc_ck_session_handle_t , opaque_data , ck_rv_c_SignEncryptUpdate *, struct svc_req *); #define c_DecryptDigestUpdate 64 extern enum clnt_stat c_decryptdigestupdate_3(rpc_ck_session_handle_t , opaque_data , ck_rv_c_DecryptDigestUpdate *, CLIENT *); extern bool_t c_decryptdigestupdate_3_svc(rpc_ck_session_handle_t , opaque_data , ck_rv_c_DecryptDigestUpdate *, struct svc_req *); #define c_DecryptVerifyUpdate 65 extern enum clnt_stat c_decryptverifyupdate_3(rpc_ck_session_handle_t , opaque_data , ck_rv_c_DecryptVerifyUpdate *, CLIENT *); extern bool_t c_decryptverifyupdate_3_svc(rpc_ck_session_handle_t , opaque_data , ck_rv_c_DecryptVerifyUpdate *, struct svc_req *); #define c_GetOperationState 66 extern enum clnt_stat c_getoperationstate_3(rpc_ck_session_handle_t , ck_rv_c_GetOperationState *, CLIENT *); extern bool_t c_getoperationstate_3_svc(rpc_ck_session_handle_t , ck_rv_c_GetOperationState *, struct svc_req *); #define c_SetOperationState 67 extern enum clnt_stat c_setoperationstate_3(rpc_ck_session_handle_t , opaque_data , rpc_ck_object_handle_t , rpc_ck_object_handle_t , rpc_ck_rv_t *, CLIENT *); extern bool_t c_setoperationstate_3_svc(rpc_ck_session_handle_t , opaque_data , rpc_ck_object_handle_t , rpc_ck_object_handle_t , rpc_ck_rv_t *, struct svc_req *); #define c_GetFunctionStatus 68 extern enum clnt_stat c_getfunctionstatus_3(rpc_ck_session_handle_t , rpc_ck_rv_t *, CLIENT *); extern bool_t c_getfunctionstatus_3_svc(rpc_ck_session_handle_t , rpc_ck_rv_t *, struct svc_req *); #define c_CancelFunction 69 extern enum clnt_stat c_cancelfunction_3(rpc_ck_session_handle_t , rpc_ck_rv_t *, CLIENT *); extern bool_t c_cancelfunction_3_svc(rpc_ck_session_handle_t , rpc_ck_rv_t *, struct svc_req *); #define c_LoadModule 70 extern enum clnt_stat c_loadmodule_3(opaque_data , rpc_ck_rv_t *, CLIENT *); extern bool_t c_loadmodule_3_svc(opaque_data , rpc_ck_rv_t *, struct svc_req *); extern int p_3_freeresult (SVCXPRT *, xdrproc_t, caddr_t); #else /* K&R C */ #define c_SetupArch 2 extern enum clnt_stat c_setuparch_3(); extern bool_t c_setuparch_3_svc(); #define c_Initialize 3 extern enum clnt_stat c_initialize_3(); extern bool_t c_initialize_3_svc(); #define c_GetSlotList 4 extern enum clnt_stat c_getslotlist_3(); extern bool_t c_getslotlist_3_svc(); #define c_GetInfo 5 extern enum clnt_stat c_getinfo_3(); extern bool_t c_getinfo_3_svc(); #define c_WaitForSlotEvent 6 extern enum clnt_stat c_waitforslotevent_3(); extern bool_t c_waitforslotevent_3_svc(); #define c_GetSlotInfo 7 extern enum clnt_stat c_getslotinfo_3(); extern bool_t c_getslotinfo_3_svc(); #define c_GetTokenInfo 8 extern enum clnt_stat c_gettokeninfo_3(); extern bool_t c_gettokeninfo_3_svc(); #define c_Login 9 extern enum clnt_stat c_login_3(); extern bool_t c_login_3_svc(); #define c_Logout 10 extern enum clnt_stat c_logout_3(); extern bool_t c_logout_3_svc(); #define c_OpenSession 11 extern enum clnt_stat c_opensession_3(); extern bool_t c_opensession_3_svc(); #define c_CloseSession 12 extern enum clnt_stat c_closesession_3(); extern bool_t c_closesession_3_svc(); #define c_Finalize 13 extern enum clnt_stat c_finalize_3(); extern bool_t c_finalize_3_svc(); #define c_GetMechanismList 14 extern enum clnt_stat c_getmechanismlist_3(); extern bool_t c_getmechanismlist_3_svc(); #define c_CloseAllSessions 15 extern enum clnt_stat c_closeallsessions_3(); extern bool_t c_closeallsessions_3_svc(); #define c_GetSessionInfo 16 extern enum clnt_stat c_getsessioninfo_3(); extern bool_t c_getsessioninfo_3_svc(); #define c_GetMechanismInfo 17 extern enum clnt_stat c_getmechanisminfo_3(); extern bool_t c_getmechanisminfo_3_svc(); #define c_InitPIN 18 extern enum clnt_stat c_initpin_3(); extern bool_t c_initpin_3_svc(); #define c_SetPIN 19 extern enum clnt_stat c_setpin_3(); extern bool_t c_setpin_3_svc(); #define c_SeedRandom 20 extern enum clnt_stat c_seedrandom_3(); extern bool_t c_seedrandom_3_svc(); #define c_InitToken 21 extern enum clnt_stat c_inittoken_3(); extern bool_t c_inittoken_3_svc(); #define c_GenerateRandom 22 extern enum clnt_stat c_generaterandom_3(); extern bool_t c_generaterandom_3_svc(); #define c_FindObjectsInit 23 extern enum clnt_stat c_findobjectsinit_3(); extern bool_t c_findobjectsinit_3_svc(); #define c_FindObjects 24 extern enum clnt_stat c_findobjects_3(); extern bool_t c_findobjects_3_svc(); #define c_FindObjectsFinal 25 extern enum clnt_stat c_findobjectsfinal_3(); extern bool_t c_findobjectsfinal_3_svc(); #define c_GenerateKey 26 extern enum clnt_stat c_generatekey_3(); extern bool_t c_generatekey_3_svc(); #define c_GenerateKeyPair 27 extern enum clnt_stat c_generatekeypair_3(); extern bool_t c_generatekeypair_3_svc(); #define c_CreateObject 28 extern enum clnt_stat c_createobject_3(); extern bool_t c_createobject_3_svc(); #define c_CopyObject 29 extern enum clnt_stat c_copyobject_3(); extern bool_t c_copyobject_3_svc(); #define c_DestroyObject 30 extern enum clnt_stat c_destroyobject_3(); extern bool_t c_destroyobject_3_svc(); #define c_GetAttributeValue 31 extern enum clnt_stat c_getattributevalue_3(); extern bool_t c_getattributevalue_3_svc(); #define c_SetAttributeValue 32 extern enum clnt_stat c_setattributevalue_3(); extern bool_t c_setattributevalue_3_svc(); #define c_GetObjectSize 33 extern enum clnt_stat c_getobjectsize_3(); extern bool_t c_getobjectsize_3_svc(); #define c_WrapKey 34 extern enum clnt_stat c_wrapkey_3(); extern bool_t c_wrapkey_3_svc(); #define c_UnwrapKey 35 extern enum clnt_stat c_unwrapkey_3(); extern bool_t c_unwrapkey_3_svc(); #define c_DeriveKey 36 extern enum clnt_stat c_derivekey_3(); extern bool_t c_derivekey_3_svc(); #define c_DigestInit 37 extern enum clnt_stat c_digestinit_3(); extern bool_t c_digestinit_3_svc(); #define c_Digest 38 extern enum clnt_stat c_digest_3(); extern bool_t c_digest_3_svc(); #define c_DigestUpdate 39 extern enum clnt_stat c_digestupdate_3(); extern bool_t c_digestupdate_3_svc(); #define c_DigestFinal 40 extern enum clnt_stat c_digestfinal_3(); extern bool_t c_digestfinal_3_svc(); #define c_DigestKey 41 extern enum clnt_stat c_digestkey_3(); extern bool_t c_digestkey_3_svc(); #define c_SignInit 42 extern enum clnt_stat c_signinit_3(); extern bool_t c_signinit_3_svc(); #define c_Sign 43 extern enum clnt_stat c_sign_3(); extern bool_t c_sign_3_svc(); #define c_SignUpdate 44 extern enum clnt_stat c_signupdate_3(); extern bool_t c_signupdate_3_svc(); #define c_SignFinal 45 extern enum clnt_stat c_signfinal_3(); extern bool_t c_signfinal_3_svc(); #define c_VerifyInit 46 extern enum clnt_stat c_verifyinit_3(); extern bool_t c_verifyinit_3_svc(); #define c_Verify 47 extern enum clnt_stat c_verify_3(); extern bool_t c_verify_3_svc(); #define c_VerifyUpdate 48 extern enum clnt_stat c_verifyupdate_3(); extern bool_t c_verifyupdate_3_svc(); #define c_VerifyFinal 49 extern enum clnt_stat c_verifyfinal_3(); extern bool_t c_verifyfinal_3_svc(); #define c_EncryptInit 50 extern enum clnt_stat c_encryptinit_3(); extern bool_t c_encryptinit_3_svc(); #define c_Encrypt 51 extern enum clnt_stat c_encrypt_3(); extern bool_t c_encrypt_3_svc(); #define c_EncryptUpdate 52 extern enum clnt_stat c_encryptupdate_3(); extern bool_t c_encryptupdate_3_svc(); #define c_EncryptFinal 53 extern enum clnt_stat c_encryptfinal_3(); extern bool_t c_encryptfinal_3_svc(); #define c_DecryptInit 54 extern enum clnt_stat c_decryptinit_3(); extern bool_t c_decryptinit_3_svc(); #define c_Decrypt 55 extern enum clnt_stat c_decrypt_3(); extern bool_t c_decrypt_3_svc(); #define c_DecryptUpdate 56 extern enum clnt_stat c_decryptupdate_3(); extern bool_t c_decryptupdate_3_svc(); #define c_DecryptFinal 57 extern enum clnt_stat c_decryptfinal_3(); extern bool_t c_decryptfinal_3_svc(); #define c_SignRecoverInit 58 extern enum clnt_stat c_signrecoverinit_3(); extern bool_t c_signrecoverinit_3_svc(); #define c_SignRecover 59 extern enum clnt_stat c_signrecover_3(); extern bool_t c_signrecover_3_svc(); #define c_VerifyRecoverInit 60 extern enum clnt_stat c_verifyrecoverinit_3(); extern bool_t c_verifyrecoverinit_3_svc(); #define c_VerifyRecover 61 extern enum clnt_stat c_verifyrecover_3(); extern bool_t c_verifyrecover_3_svc(); #define c_DigestEncryptUpdate 62 extern enum clnt_stat c_digestencryptupdate_3(); extern bool_t c_digestencryptupdate_3_svc(); #define c_SignEncryptUpdate 63 extern enum clnt_stat c_signencryptupdate_3(); extern bool_t c_signencryptupdate_3_svc(); #define c_DecryptDigestUpdate 64 extern enum clnt_stat c_decryptdigestupdate_3(); extern bool_t c_decryptdigestupdate_3_svc(); #define c_DecryptVerifyUpdate 65 extern enum clnt_stat c_decryptverifyupdate_3(); extern bool_t c_decryptverifyupdate_3_svc(); #define c_GetOperationState 66 extern enum clnt_stat c_getoperationstate_3(); extern bool_t c_getoperationstate_3_svc(); #define c_SetOperationState 67 extern enum clnt_stat c_setoperationstate_3(); extern bool_t c_setoperationstate_3_svc(); #define c_GetFunctionStatus 68 extern enum clnt_stat c_getfunctionstatus_3(); extern bool_t c_getfunctionstatus_3_svc(); #define c_CancelFunction 69 extern enum clnt_stat c_cancelfunction_3(); extern bool_t c_cancelfunction_3_svc(); #define c_LoadModule 70 extern enum clnt_stat c_loadmodule_3(); extern bool_t c_loadmodule_3_svc(); extern int p_3_freeresult (); #endif /* K&R C */ /* the xdr functions */ #if defined(__STDC__) || defined(__cplusplus) extern bool_t xdr_pkcs11_int (XDR *, pkcs11_int*); extern bool_t xdr_rpc_ck_rv_t (XDR *, rpc_ck_rv_t*); extern bool_t xdr_rpc_ck_slot_id_t (XDR *, rpc_ck_slot_id_t*); extern bool_t xdr_rpc_ck_mechanism_type_t (XDR *, rpc_ck_mechanism_type_t*); extern bool_t xdr_rpc_ck_session_handle_t (XDR *, rpc_ck_session_handle_t*); extern bool_t xdr_rpc_ck_user_type_t (XDR *, rpc_ck_user_type_t*); extern bool_t xdr_rpc_ck_state_t (XDR *, rpc_ck_state_t*); extern bool_t xdr_rpc_ck_object_handle_t (XDR *, rpc_ck_object_handle_t*); extern bool_t xdr_rpc_ck_object_class_t (XDR *, rpc_ck_object_class_t*); extern bool_t xdr_rpc_ck_hw_feature_type_t (XDR *, rpc_ck_hw_feature_type_t*); extern bool_t xdr_rpc_ck_key_type_t (XDR *, rpc_ck_key_type_t*); extern bool_t xdr_rpc_ck_certificate_type_t (XDR *, rpc_ck_certificate_type_t*); extern bool_t xdr_rpc_ck_attribute_type_t (XDR *, rpc_ck_attribute_type_t*); extern bool_t xdr_rpc_ck_flags_t (XDR *, rpc_ck_flags_t*); extern bool_t xdr_rpc_ck_notification_t (XDR *, rpc_ck_notification_t*); extern bool_t xdr_opaque_data (XDR *, opaque_data*); extern bool_t xdr_rpc_ck_version (XDR *, rpc_ck_version*); extern bool_t xdr_rpc_ck_info (XDR *, rpc_ck_info*); extern bool_t xdr_rpc_ck_slot_info (XDR *, rpc_ck_slot_info*); extern bool_t xdr_rpc_ck_token_info (XDR *, rpc_ck_token_info*); extern bool_t xdr_rpc_ck_mechanism (XDR *, rpc_ck_mechanism*); extern bool_t xdr_rpc_ck_session_info (XDR *, rpc_ck_session_info*); extern bool_t xdr_rpc_ck_mechanism_info (XDR *, rpc_ck_mechanism_info*); extern bool_t xdr_rpc_ck_attribute (XDR *, rpc_ck_attribute*); extern bool_t xdr_rpc_ck_attribute_array (XDR *, rpc_ck_attribute_array*); extern bool_t xdr_rpc_ck_date (XDR *, rpc_ck_date*); extern bool_t xdr_ck_rv_c_GetSlotList (XDR *, ck_rv_c_GetSlotList*); extern bool_t xdr_ck_rv_c_GetSlotInfo (XDR *, ck_rv_c_GetSlotInfo*); extern bool_t xdr_ck_rv_c_GetTokenInfo (XDR *, ck_rv_c_GetTokenInfo*); extern bool_t xdr_ck_rv_c_GetInfo (XDR *, ck_rv_c_GetInfo*); extern bool_t xdr_ck_rv_c_WaitForSlotEvent (XDR *, ck_rv_c_WaitForSlotEvent*); extern bool_t xdr_ck_rv_c_OpenSession (XDR *, ck_rv_c_OpenSession*); extern bool_t xdr_ck_rv_c_GetMechanismList (XDR *, ck_rv_c_GetMechanismList*); extern bool_t xdr_ck_rv_c_GetSessionInfo (XDR *, ck_rv_c_GetSessionInfo*); extern bool_t xdr_ck_rv_c_GetMechanismInfo (XDR *, ck_rv_c_GetMechanismInfo*); extern bool_t xdr_ck_rv_c_GenerateRandom (XDR *, ck_rv_c_GenerateRandom*); extern bool_t xdr_ck_rv_c_FindObjects (XDR *, ck_rv_c_FindObjects*); extern bool_t xdr_ck_rv_c_GenerateKey (XDR *, ck_rv_c_GenerateKey*); extern bool_t xdr_ck_rv_c_GenerateKeyPair (XDR *, ck_rv_c_GenerateKeyPair*); extern bool_t xdr_ck_rv_c_CreateObject (XDR *, ck_rv_c_CreateObject*); extern bool_t xdr_ck_rv_c_CopyObject (XDR *, ck_rv_c_CopyObject*); extern bool_t xdr_ck_rv_c_GetAttributeValue (XDR *, ck_rv_c_GetAttributeValue*); extern bool_t xdr_ck_rv_c_GetObjectSize (XDR *, ck_rv_c_GetObjectSize*); extern bool_t xdr_ck_rv_c_WrapKey (XDR *, ck_rv_c_WrapKey*); extern bool_t xdr_ck_rv_c_UnwrapKey (XDR *, ck_rv_c_UnwrapKey*); extern bool_t xdr_ck_rv_c_DeriveKey (XDR *, ck_rv_c_DeriveKey*); extern bool_t xdr_ck_rv_c_Digest (XDR *, ck_rv_c_Digest*); extern bool_t xdr_ck_rv_c_DigestFinal (XDR *, ck_rv_c_DigestFinal*); extern bool_t xdr_ck_rv_c_Sign (XDR *, ck_rv_c_Sign*); extern bool_t xdr_ck_rv_c_SignFinal (XDR *, ck_rv_c_SignFinal*); extern bool_t xdr_ck_rv_c_Encrypt (XDR *, ck_rv_c_Encrypt*); extern bool_t xdr_ck_rv_c_EncryptUpdate (XDR *, ck_rv_c_EncryptUpdate*); extern bool_t xdr_ck_rv_c_EncryptFinal (XDR *, ck_rv_c_EncryptFinal*); extern bool_t xdr_ck_rv_c_Decrypt (XDR *, ck_rv_c_Decrypt*); extern bool_t xdr_ck_rv_c_DecryptUpdate (XDR *, ck_rv_c_DecryptUpdate*); extern bool_t xdr_ck_rv_c_DecryptFinal (XDR *, ck_rv_c_DecryptFinal*); extern bool_t xdr_ck_rv_c_SignRecover (XDR *, ck_rv_c_SignRecover*); extern bool_t xdr_ck_rv_c_VerifyRecover (XDR *, ck_rv_c_VerifyRecover*); extern bool_t xdr_ck_rv_c_DigestEncryptUpdate (XDR *, ck_rv_c_DigestEncryptUpdate*); extern bool_t xdr_ck_rv_c_DecryptDigestUpdate (XDR *, ck_rv_c_DecryptDigestUpdate*); extern bool_t xdr_ck_rv_c_SignEncryptUpdate (XDR *, ck_rv_c_SignEncryptUpdate*); extern bool_t xdr_ck_rv_c_DecryptVerifyUpdate (XDR *, ck_rv_c_DecryptVerifyUpdate*); extern bool_t xdr_ck_rv_c_GetOperationState (XDR *, ck_rv_c_GetOperationState*); extern bool_t xdr_c_getslotlist_3_argument (XDR *, c_getslotlist_3_argument*); extern bool_t xdr_c_login_3_argument (XDR *, c_login_3_argument*); extern bool_t xdr_c_opensession_3_argument (XDR *, c_opensession_3_argument*); extern bool_t xdr_c_getmechanismlist_3_argument (XDR *, c_getmechanismlist_3_argument*); extern bool_t xdr_c_getmechanisminfo_3_argument (XDR *, c_getmechanisminfo_3_argument*); extern bool_t xdr_c_initpin_3_argument (XDR *, c_initpin_3_argument*); extern bool_t xdr_c_setpin_3_argument (XDR *, c_setpin_3_argument*); extern bool_t xdr_c_seedrandom_3_argument (XDR *, c_seedrandom_3_argument*); extern bool_t xdr_c_inittoken_3_argument (XDR *, c_inittoken_3_argument*); extern bool_t xdr_c_generaterandom_3_argument (XDR *, c_generaterandom_3_argument*); extern bool_t xdr_c_findobjectsinit_3_argument (XDR *, c_findobjectsinit_3_argument*); extern bool_t xdr_c_findobjects_3_argument (XDR *, c_findobjects_3_argument*); extern bool_t xdr_c_generatekey_3_argument (XDR *, c_generatekey_3_argument*); extern bool_t xdr_c_generatekeypair_3_argument (XDR *, c_generatekeypair_3_argument*); extern bool_t xdr_c_createobject_3_argument (XDR *, c_createobject_3_argument*); extern bool_t xdr_c_copyobject_3_argument (XDR *, c_copyobject_3_argument*); extern bool_t xdr_c_destroyobject_3_argument (XDR *, c_destroyobject_3_argument*); extern bool_t xdr_c_getattributevalue_3_argument (XDR *, c_getattributevalue_3_argument*); extern bool_t xdr_c_setattributevalue_3_argument (XDR *, c_setattributevalue_3_argument*); extern bool_t xdr_c_getobjectsize_3_argument (XDR *, c_getobjectsize_3_argument*); extern bool_t xdr_c_wrapkey_3_argument (XDR *, c_wrapkey_3_argument*); extern bool_t xdr_c_unwrapkey_3_argument (XDR *, c_unwrapkey_3_argument*); extern bool_t xdr_c_derivekey_3_argument (XDR *, c_derivekey_3_argument*); extern bool_t xdr_c_digestinit_3_argument (XDR *, c_digestinit_3_argument*); extern bool_t xdr_c_digest_3_argument (XDR *, c_digest_3_argument*); extern bool_t xdr_c_digestupdate_3_argument (XDR *, c_digestupdate_3_argument*); extern bool_t xdr_c_digestkey_3_argument (XDR *, c_digestkey_3_argument*); extern bool_t xdr_c_signinit_3_argument (XDR *, c_signinit_3_argument*); extern bool_t xdr_c_sign_3_argument (XDR *, c_sign_3_argument*); extern bool_t xdr_c_signupdate_3_argument (XDR *, c_signupdate_3_argument*); extern bool_t xdr_c_verifyinit_3_argument (XDR *, c_verifyinit_3_argument*); extern bool_t xdr_c_verify_3_argument (XDR *, c_verify_3_argument*); extern bool_t xdr_c_verifyupdate_3_argument (XDR *, c_verifyupdate_3_argument*); extern bool_t xdr_c_verifyfinal_3_argument (XDR *, c_verifyfinal_3_argument*); extern bool_t xdr_c_encryptinit_3_argument (XDR *, c_encryptinit_3_argument*); extern bool_t xdr_c_encrypt_3_argument (XDR *, c_encrypt_3_argument*); extern bool_t xdr_c_encryptupdate_3_argument (XDR *, c_encryptupdate_3_argument*); extern bool_t xdr_c_decryptinit_3_argument (XDR *, c_decryptinit_3_argument*); extern bool_t xdr_c_decrypt_3_argument (XDR *, c_decrypt_3_argument*); extern bool_t xdr_c_decryptupdate_3_argument (XDR *, c_decryptupdate_3_argument*); extern bool_t xdr_c_signrecoverinit_3_argument (XDR *, c_signrecoverinit_3_argument*); extern bool_t xdr_c_signrecover_3_argument (XDR *, c_signrecover_3_argument*); extern bool_t xdr_c_verifyrecoverinit_3_argument (XDR *, c_verifyrecoverinit_3_argument*); extern bool_t xdr_c_verifyrecover_3_argument (XDR *, c_verifyrecover_3_argument*); extern bool_t xdr_c_digestencryptupdate_3_argument (XDR *, c_digestencryptupdate_3_argument*); extern bool_t xdr_c_signencryptupdate_3_argument (XDR *, c_signencryptupdate_3_argument*); extern bool_t xdr_c_decryptdigestupdate_3_argument (XDR *, c_decryptdigestupdate_3_argument*); extern bool_t xdr_c_decryptverifyupdate_3_argument (XDR *, c_decryptverifyupdate_3_argument*); extern bool_t xdr_c_setoperationstate_3_argument (XDR *, c_setoperationstate_3_argument*); #else /* K&R C */ extern bool_t xdr_pkcs11_int (); extern bool_t xdr_rpc_ck_rv_t (); extern bool_t xdr_rpc_ck_slot_id_t (); extern bool_t xdr_rpc_ck_mechanism_type_t (); extern bool_t xdr_rpc_ck_session_handle_t (); extern bool_t xdr_rpc_ck_user_type_t (); extern bool_t xdr_rpc_ck_state_t (); extern bool_t xdr_rpc_ck_object_handle_t (); extern bool_t xdr_rpc_ck_object_class_t (); extern bool_t xdr_rpc_ck_hw_feature_type_t (); extern bool_t xdr_rpc_ck_key_type_t (); extern bool_t xdr_rpc_ck_certificate_type_t (); extern bool_t xdr_rpc_ck_attribute_type_t (); extern bool_t xdr_rpc_ck_flags_t (); extern bool_t xdr_rpc_ck_notification_t (); extern bool_t xdr_opaque_data (); extern bool_t xdr_rpc_ck_version (); extern bool_t xdr_rpc_ck_info (); extern bool_t xdr_rpc_ck_slot_info (); extern bool_t xdr_rpc_ck_token_info (); extern bool_t xdr_rpc_ck_mechanism (); extern bool_t xdr_rpc_ck_session_info (); extern bool_t xdr_rpc_ck_mechanism_info (); extern bool_t xdr_rpc_ck_attribute (); extern bool_t xdr_rpc_ck_attribute_array (); extern bool_t xdr_rpc_ck_date (); extern bool_t xdr_ck_rv_c_GetSlotList (); extern bool_t xdr_ck_rv_c_GetSlotInfo (); extern bool_t xdr_ck_rv_c_GetTokenInfo (); extern bool_t xdr_ck_rv_c_GetInfo (); extern bool_t xdr_ck_rv_c_WaitForSlotEvent (); extern bool_t xdr_ck_rv_c_OpenSession (); extern bool_t xdr_ck_rv_c_GetMechanismList (); extern bool_t xdr_ck_rv_c_GetSessionInfo (); extern bool_t xdr_ck_rv_c_GetMechanismInfo (); extern bool_t xdr_ck_rv_c_GenerateRandom (); extern bool_t xdr_ck_rv_c_FindObjects (); extern bool_t xdr_ck_rv_c_GenerateKey (); extern bool_t xdr_ck_rv_c_GenerateKeyPair (); extern bool_t xdr_ck_rv_c_CreateObject (); extern bool_t xdr_ck_rv_c_CopyObject (); extern bool_t xdr_ck_rv_c_GetAttributeValue (); extern bool_t xdr_ck_rv_c_GetObjectSize (); extern bool_t xdr_ck_rv_c_WrapKey (); extern bool_t xdr_ck_rv_c_UnwrapKey (); extern bool_t xdr_ck_rv_c_DeriveKey (); extern bool_t xdr_ck_rv_c_Digest (); extern bool_t xdr_ck_rv_c_DigestFinal (); extern bool_t xdr_ck_rv_c_Sign (); extern bool_t xdr_ck_rv_c_SignFinal (); extern bool_t xdr_ck_rv_c_Encrypt (); extern bool_t xdr_ck_rv_c_EncryptUpdate (); extern bool_t xdr_ck_rv_c_EncryptFinal (); extern bool_t xdr_ck_rv_c_Decrypt (); extern bool_t xdr_ck_rv_c_DecryptUpdate (); extern bool_t xdr_ck_rv_c_DecryptFinal (); extern bool_t xdr_ck_rv_c_SignRecover (); extern bool_t xdr_ck_rv_c_VerifyRecover (); extern bool_t xdr_ck_rv_c_DigestEncryptUpdate (); extern bool_t xdr_ck_rv_c_DecryptDigestUpdate (); extern bool_t xdr_ck_rv_c_SignEncryptUpdate (); extern bool_t xdr_ck_rv_c_DecryptVerifyUpdate (); extern bool_t xdr_ck_rv_c_GetOperationState (); extern bool_t xdr_c_getslotlist_3_argument (); extern bool_t xdr_c_login_3_argument (); extern bool_t xdr_c_opensession_3_argument (); extern bool_t xdr_c_getmechanismlist_3_argument (); extern bool_t xdr_c_getmechanisminfo_3_argument (); extern bool_t xdr_c_initpin_3_argument (); extern bool_t xdr_c_setpin_3_argument (); extern bool_t xdr_c_seedrandom_3_argument (); extern bool_t xdr_c_inittoken_3_argument (); extern bool_t xdr_c_generaterandom_3_argument (); extern bool_t xdr_c_findobjectsinit_3_argument (); extern bool_t xdr_c_findobjects_3_argument (); extern bool_t xdr_c_generatekey_3_argument (); extern bool_t xdr_c_generatekeypair_3_argument (); extern bool_t xdr_c_createobject_3_argument (); extern bool_t xdr_c_copyobject_3_argument (); extern bool_t xdr_c_destroyobject_3_argument (); extern bool_t xdr_c_getattributevalue_3_argument (); extern bool_t xdr_c_setattributevalue_3_argument (); extern bool_t xdr_c_getobjectsize_3_argument (); extern bool_t xdr_c_wrapkey_3_argument (); extern bool_t xdr_c_unwrapkey_3_argument (); extern bool_t xdr_c_derivekey_3_argument (); extern bool_t xdr_c_digestinit_3_argument (); extern bool_t xdr_c_digest_3_argument (); extern bool_t xdr_c_digestupdate_3_argument (); extern bool_t xdr_c_digestkey_3_argument (); extern bool_t xdr_c_signinit_3_argument (); extern bool_t xdr_c_sign_3_argument (); extern bool_t xdr_c_signupdate_3_argument (); extern bool_t xdr_c_verifyinit_3_argument (); extern bool_t xdr_c_verify_3_argument (); extern bool_t xdr_c_verifyupdate_3_argument (); extern bool_t xdr_c_verifyfinal_3_argument (); extern bool_t xdr_c_encryptinit_3_argument (); extern bool_t xdr_c_encrypt_3_argument (); extern bool_t xdr_c_encryptupdate_3_argument (); extern bool_t xdr_c_decryptinit_3_argument (); extern bool_t xdr_c_decrypt_3_argument (); extern bool_t xdr_c_decryptupdate_3_argument (); extern bool_t xdr_c_signrecoverinit_3_argument (); extern bool_t xdr_c_signrecover_3_argument (); extern bool_t xdr_c_verifyrecoverinit_3_argument (); extern bool_t xdr_c_verifyrecover_3_argument (); extern bool_t xdr_c_digestencryptupdate_3_argument (); extern bool_t xdr_c_signencryptupdate_3_argument (); extern bool_t xdr_c_decryptdigestupdate_3_argument (); extern bool_t xdr_c_decryptverifyupdate_3_argument (); extern bool_t xdr_c_setoperationstate_3_argument (); #endif /* K&R C */ #ifdef __cplusplus } #endif #endif /* !_PKCS11_RPC_H_RPCGEN */ caml-crush-1.0.12/src/client-lib/pkcs11_rpc_xdr.cocci000066400000000000000000000002011414774042300222660ustar00rootroot00000000000000@remove_useless_buf@ identifier func; typedef int32_t; identifier buf; @@ func(...){ <... - register int32_t *buf; ...> } caml-crush-1.0.12/src/filter/000077500000000000000000000000001414774042300157135ustar00rootroot00000000000000caml-crush-1.0.12/src/filter/Makefile.in000066400000000000000000000005711414774042300177630ustar00rootroot00000000000000backend_dir = backend filter_dir = filter frontend_dir = frontend all: @MAKEPROG@ -C $(backend_dir) @MAKEPROG@ -C $(filter_dir) @MAKEPROG@ -C $(frontend_dir) clean: @MAKEPROG@ clean -C $(backend_dir) @MAKEPROG@ clean -C $(filter_dir) @MAKEPROG@ clean -C $(frontend_dir) @rm -f @srcdir@/*.cmi @srcdir@/*.cmx @srcdir@/*.o @srcdir@/*.cmo @srcdir@/*~ @srcdir@/*.opt caml-crush-1.0.12/src/filter/backend/000077500000000000000000000000001414774042300173025ustar00rootroot00000000000000caml-crush-1.0.12/src/filter/backend/Makefile.in000066400000000000000000000003371414774042300213520ustar00rootroot00000000000000bindings_dir = ../../bindings-pkcs11/ all: ocamlopt @ocaml_options@ -I $(bindings_dir) -o backend -c @srcdir@/backend.ml clean: @rm -f @srcdir@/*.cmi @srcdir@/*.cmx @srcdir@/*.o @srcdir@/*.cmo @srcdir@/*~ @srcdir@/*.opt caml-crush-1.0.12/src/filter/backend/backend.ml000066400000000000000000000241211414774042300212230ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 filter 4] source tree: | ---------------------- | 4] PKCS#11 filter | ---------------------- | Project: PKCS#11 Filtering Proxy File: src/filter/backend/backend.ml ************************** MIT License HEADER ***********************************) open Printf (********************************************************************************) (* CUSTOM PURPOSE FUNCTIONS *) (********************************************************************************) let c_SetupArch = Pkcs11.c_SetupArch (********************************************************************************) (* GENERAL PURPOSE FUNCTIONS *) (********************************************************************************) let c_LoadModule = Pkcs11.c_LoadModule let c_Initialize () = Pkcs11.c_Initialize () let c_GetInfo () = Pkcs11.c_GetInfo () (********************************************************************************) (* SLOT AND TOKEN MANAGEMENT FUNCTIONS *) (********************************************************************************) let c_GetSlotList = Pkcs11.c_GetSlotList let c_GetSlotInfo = Pkcs11.c_GetSlotInfo let c_GetTokenInfo = Pkcs11.c_GetTokenInfo let c_WaitForSlotEvent = Pkcs11.c_WaitForSlotEvent let c_GetMechanismList = Pkcs11.c_GetMechanismList let c_GetMechanismInfo = Pkcs11.c_GetMechanismInfo let c_InitToken = Pkcs11.c_InitToken let c_InitPIN = Pkcs11.c_InitPIN let c_SetPIN = Pkcs11.c_SetPIN (********************************************************************************) (* SESSION MANAGEMENT FUNCTIONS *) (********************************************************************************) let c_OpenSession = Pkcs11.c_OpenSession let c_CloseSession = Pkcs11.c_CloseSession let c_CloseAllSessions = Pkcs11.c_CloseAllSessions let c_GetSessionInfo = Pkcs11.c_GetSessionInfo let c_GetOperationState = Pkcs11.c_GetOperationState let c_SetOperationState = Pkcs11.c_SetOperationState let c_Login = Pkcs11.c_Login let c_Logout = Pkcs11.c_Logout (********************************************************************************) (* OBJECT MANAGEMENT FUNCTIONS *) (********************************************************************************) let c_Finalize () = Pkcs11.c_Finalize () let c_CreateObject = Pkcs11.c_CreateObject let c_CopyObject = Pkcs11.c_CopyObject let c_DestroyObject = Pkcs11.c_DestroyObject let c_GetObjectSize = Pkcs11.c_GetObjectSize let c_GetAttributeValue = Pkcs11.c_GetAttributeValue let c_SetAttributeValue = Pkcs11.c_SetAttributeValue let c_FindObjectsInit = Pkcs11.c_FindObjectsInit let c_FindObjects = Pkcs11.c_FindObjects let c_FindObjectsFinal = Pkcs11.c_FindObjectsFinal (********************************************************************************) (* ENCRYPTION FUNCTIONS *) (********************************************************************************) let c_EncryptInit = Pkcs11.c_EncryptInit let c_Encrypt = Pkcs11.c_Encrypt let c_EncryptUpdate = Pkcs11.c_EncryptUpdate let c_EncryptFinal = Pkcs11.c_EncryptFinal (********************************************************************************) (* DECRYPTION FUNCTIONS *) (********************************************************************************) let c_DecryptInit = Pkcs11.c_DecryptInit let c_Decrypt = Pkcs11.c_Decrypt let c_DecryptUpdate = Pkcs11.c_DecryptUpdate let c_DecryptFinal = Pkcs11.c_DecryptFinal (********************************************************************************) (* MESSAGE DIGESTING FUNCTIONS *) (********************************************************************************) let c_DigestInit = Pkcs11.c_DigestInit let c_Digest = Pkcs11.c_Digest let c_DigestUpdate = Pkcs11.c_DigestUpdate let c_DigestKey = Pkcs11.c_DigestKey let c_DigestFinal = Pkcs11.c_DigestFinal (********************************************************************************) (* SIGNING AND MAC SIGNING FUNCTIONS *) (********************************************************************************) let c_SignInit = Pkcs11.c_SignInit let c_SignRecoverInit = Pkcs11.c_SignRecoverInit let c_Sign = Pkcs11.c_Sign let c_SignRecover = Pkcs11.c_SignRecover let c_SignUpdate = Pkcs11.c_SignUpdate let c_SignFinal = Pkcs11.c_SignFinal (********************************************************************************) (* FUNCTIONS FOR VERYFING SIGNATURES AND MAC *) (********************************************************************************) let c_VerifyInit = Pkcs11.c_VerifyInit let c_VerifyRecoverInit = Pkcs11.c_VerifyRecoverInit let c_Verify = Pkcs11.c_Verify let c_VerifyRecover = Pkcs11.c_VerifyRecover let c_VerifyUpdate = Pkcs11.c_VerifyUpdate let c_VerifyFinal = Pkcs11.c_VerifyFinal (********************************************************************************) (* DUAL-PURPOSE CRYPTOGRAPHIC FUNCTIONS *) (********************************************************************************) let c_DigestEncryptUpdate = Pkcs11.c_DigestEncryptUpdate let c_DecryptDigestUpdate = Pkcs11.c_DecryptDigestUpdate let c_SignEncryptUpdate = Pkcs11.c_SignEncryptUpdate let c_DecryptVerifyUpdate = Pkcs11.c_DecryptVerifyUpdate (********************************************************************************) (* KEY MANAGEMENT FUNCTIONS *) (********************************************************************************) let c_GenerateKey = Pkcs11.c_GenerateKey let c_GenerateKeyPair = Pkcs11.c_GenerateKeyPair let c_WrapKey = Pkcs11.c_WrapKey let c_UnwrapKey = Pkcs11.c_UnwrapKey let c_DeriveKey = Pkcs11.c_DeriveKey (********************************************************************************) (* RANDOM NUMBER GENERATION FUNCTIONS *) (********************************************************************************) let c_SeedRandom = Pkcs11.c_SeedRandom let c_GenerateRandom = Pkcs11.c_GenerateRandom (********************************************************************************) (* PARALLEL FUNCTION MANAGEMENT FUNCTIONS *) (********************************************************************************) let c_GetFunctionStatus = Pkcs11.c_GetFunctionStatus let c_CancelFunction = Pkcs11.c_CancelFunction caml-crush-1.0.12/src/filter/filter/000077500000000000000000000000001414774042300172005ustar00rootroot00000000000000caml-crush-1.0.12/src/filter/filter/Makefile.in000066400000000000000000000016721414774042300212530ustar00rootroot00000000000000all: ocamlfind ocamlopt @ocaml_options@ -pp "camlp4o pa_macro.cmo @ocaml_bytes_module_define@ -I @srcdir@ " -package "str,config-file,netplex" -I ../../bindings-pkcs11 -I ../backend -o filter_common -c @srcdir@/filter_common.ml ocamlfind ocamlopt @ocaml_options@ -pp "camlp4o pa_macro.cmo @ocaml_bytes_module_define@ -I @srcdir@ " -package "str,config-file,netplex" -I ../../bindings-pkcs11 -I ../backend -o filter_actions -c @srcdir@/filter_actions.ml ocamlfind ocamlopt @ocaml_options@ -pp "camlp4o pa_macro.cmo @ocaml_bytes_module_define@ -I @srcdir@ " -package "str,config-file,netplex" -I ../../bindings-pkcs11 -I ../backend -o filter_configuration -c @srcdir@/filter_configuration.ml ocamlfind ocamlopt @ocaml_options@ -pp "camlp4o pa_macro.cmo @ocaml_bytes_module_define@ -I @srcdir@ " -package "str,config-file,netplex" -I ../../bindings-pkcs11 -I ../backend -o filter -c @srcdir@/filter.ml clean: @rm -f *.cmi *.cmx *.o *.cmo *~ *.opt caml-crush-1.0.12/src/filter/filter/filter.ml000066400000000000000000003515011414774042300210240ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 filter 4] source tree: | ---------------------- | 4] PKCS#11 filter | ---------------------- | Project: PKCS#11 Filtering Proxy File: src/filter/filter/filter.ml ************************** MIT License HEADER ***********************************) (******************* Filter main functions *******************) open Filter_common open Filter_actions open Filter_configuration (* Exceptions *) exception Pkcs11_inconsistency exception Loop_overflow let print_hex_array_to_string = fun a -> String.concat "" (Array.to_list (Array.map (fun b -> let s = Printf.sprintf "%02x" (int_of_char b) in (s)) a)) (*** High level helper functions *****) let apply_blacklist original_list forbidden_list = (* We have two lists: we want to return a list with the original *) (* list without the elements in the forbidden list *) (* For each element in the original list, check if it is in the forbidden one *) let filtered_list = List.filter (fun a -> check_element_in_list forbidden_list a = false) original_list in (filtered_list) let apply_blacklist_all_lists original_list forbidden_list = print_mechanisms original_list "Filtering mechanisms, got:" 1; let filtered_list = List.fold_left (fun curr_filtered_list (alias_regexp, curr_list) -> if check_regexp alias_regexp (get !current_module) = true then apply_blacklist curr_filtered_list curr_list else curr_filtered_list) original_list forbidden_list in let _ = print_mechanisms filtered_list "Filtered mechanisms:" 1 in (filtered_list) let check_forbidden_mechanism_in_list mechanism forbidden_list_alias = let associated_list = try Some (get_associated_list (get !current_module) forbidden_list_alias) with Find_list_except -> (* If no association was found, skip it by returning that there is no match *) None in if compare associated_list None = 0 then (false) else (check_element_in_list (get associated_list) mechanism) (* Go through all the sub lists and check if the element fits by applying logical and *) let check_forbidden_mechanism_in_all_lists mechanism forbidden_list_alias = let check = List.fold_left (fun curr_bool b -> let check = check_forbidden_mechanism_in_list mechanism [b] in (curr_bool || check)) false forbidden_list_alias in if compare check true = 0 then begin let info_string = Printf.sprintf "mechanism '%s' has been found in the forbidden list for alias '%s' (it is FILTERED)" (Pkcs11.match_cKM_value mechanism) (get !current_module) in let _ = print_debug info_string 1 in (check) end else begin let info_string = Printf.sprintf "mechanism '%s' has not been found in the forbidden list for alias '%s' (it is *not* filtered)" (Pkcs11.match_cKM_value mechanism) (get !current_module) in let _ = print_debug info_string 2 in (check) end (* Check in *all* lists if a regexp element is indeed satisfied *) let check_regexp_element_in_all_lists the_module allowed_list the_label search_type = let (cnt, bool_res) = List.fold_left (fun (found_count, curr_bool) (alias_regexp, curr_list) -> if check_regexp alias_regexp the_module = true then (found_count+1, curr_bool || (check_regexp_element_in_list curr_list the_label)) else (found_count, curr_bool)) (0, false) allowed_list in (* This is the case where no rule has matched our alias: we return true *) if compare cnt 0 = 0 then begin (* For a forbidden search, we fallback on 'false' when there is no match *) if compare search_type "forbidden" = 0 then (false) (* For an allowed seatch, we fallback on 'true' when there is no match *) else (true) end else (bool_res) (* Check for a given object if its label is in the allowed list *) let check_object_label session object_handle allowed_list_alias function_name = (* If we don't filter labels, no need to proceed *) if compare !allowed_labels [] = 0 then (true) else begin (* Get the label of the object *) let label_template = [| { Pkcs11.type_ = Pkcs11.cKA_LABEL; Pkcs11.value = [||] } |] in let (_, label_template) = Backend.c_GetAttributeValue session object_handle label_template in let (ret_value, label_template) = Backend.c_GetAttributeValue session object_handle label_template in if compare ret_value Pkcs11.cKR_OK = 0 then begin (* We got the label, check it against the regexp *) let check_bool = check_regexp_element_in_all_lists (get !current_module) allowed_list_alias (Pkcs11.char_array_to_string label_template.(0).Pkcs11.value) "allowed" in if check_bool = true then begin (* true = we don't filter the label *) let info_string = Printf.sprintf "%s: label '%s' is not filtered for alias '%s'" function_name (Pkcs11.char_array_to_string label_template.(0).Pkcs11.value) (get !current_module) in let _ = print_debug info_string 1 in (check_bool) end else begin (* false = we filter the label *) let info_string = Printf.sprintf "%s: label '%s' is FILTERED for alias '%s'" function_name (Pkcs11.char_array_to_string label_template.(0).Pkcs11.value) (get !current_module) in let _ = print_debug info_string 1 in (check_bool) end end else (* We couldn't extract the label of the object, we don't return it *) (false) end let apply_allowed_label_filter session object_handles_array allowed_list_alias = let filtered_list = List.filter (fun a -> check_object_label session a allowed_list_alias "C_FindObjects" = true) (Array.to_list object_handles_array) in (Array.of_list filtered_list) let check_label_on_object_creation ckattributearray_ allowed_list_alias function_name = (* If we don't filter labels, no need to proceed *) if compare !allowed_labels [] = 0 then (false) else (* For each template, check if it is a label *) let (check_it, counter) = Array.fold_left (fun (previous_bool, previous_counter) a -> if compare a.Pkcs11.type_ Pkcs11.cKA_LABEL = 0 then begin (* If we have a label, check if it is in the allowed list *) let check_bool = check_regexp_element_in_all_lists (get !current_module) allowed_list_alias (Pkcs11.char_array_to_string a.Pkcs11.value) "allowed" in if check_bool = true then begin let info_string = Printf.sprintf "%s: label '%s' is not filtered on creation for alias '%s'" function_name (Pkcs11.char_array_to_string a.Pkcs11.value) (get !current_module) in let _ = print_debug info_string 1 in (false || previous_bool, previous_counter+1) end else begin let info_string = Printf.sprintf "%s: label '%s' is FILTERED on creation for alias '%s'" function_name (Pkcs11.char_array_to_string a.Pkcs11.value) (get !current_module) in let _ = print_debug info_string 1 in (true || previous_bool, previous_counter+1) end end else (previous_bool, previous_counter) ) (false, 0) ckattributearray_ in if compare counter 0 = 0 then (* If no label has been provided, do not block the creation *) (false) else (check_it) (* Check for a given object if its id is in the allowed list *) let check_object_id session object_handle allowed_list_alias function_name = (* If we don't filter ids, no need to proceed *) if compare !allowed_ids [] = 0 then (true) else begin (* Get the id of the object *) let id_template = [| { Pkcs11.type_ = Pkcs11.cKA_ID; Pkcs11.value = [||]} |] in let (_, id_template) = Backend.c_GetAttributeValue session object_handle id_template in let (ret_value, id_template) = Backend.c_GetAttributeValue session object_handle id_template in if compare ret_value Pkcs11.cKR_OK = 0 then begin (* We got the id, check it against the regexp *) let check_bool = check_regexp_element_in_all_lists (get !current_module) allowed_list_alias (print_hex_array_to_string id_template.(0).Pkcs11.value) "allowed" in if check_bool = true then begin (* true = we don't filter the id *) let info_string = Printf.sprintf "%s: id '%s' is *not* filtered for alias '%s'" function_name (print_hex_array_to_string id_template.(0).Pkcs11.value) (get !current_module) in let _ = print_debug info_string 2 in (check_bool) end else begin (* false = we filter the id *) let info_string = Printf.sprintf "%s: id '%s' is FILTERED for alias '%s'" function_name (print_hex_array_to_string id_template.(0).Pkcs11.value) (get !current_module) in let _ = print_debug info_string 1 in (check_bool) end end else (* We couldn't extract the id of the object, we don't return it *) (false) end let apply_allowed_id_filter session object_handles_array allowed_list_alias = let filtered_list = List.filter (fun a -> check_object_id session a allowed_list_alias "C_FindObjects" = true) (Array.to_list object_handles_array) in (Array.of_list filtered_list) let check_id_on_object_creation ckattributearray_ allowed_list_alias function_name = (* If we don't filter ids, no need to proceed *) if compare !allowed_ids [] = 0 then (false) else (* For each template, check if it is an ID *) let (check_it, counter) = Array.fold_left (fun (previous_bool, previous_counter) a -> if compare a.Pkcs11.type_ Pkcs11.cKA_ID = 0 then begin (* If we have a label, check if it is in the allowed list *) let check_bool = check_regexp_element_in_all_lists (get !current_module) allowed_list_alias (print_hex_array_to_string a.Pkcs11.value) "allowed" in if check_bool = true then begin let info_string = Printf.sprintf "%s: id '%s' is *not* filtered on creation for alias '%s'" function_name (print_hex_array_to_string a.Pkcs11.value) (get !current_module) in let _ = print_debug info_string 2 in (false || previous_bool, previous_counter+1) end else begin let info_string = Printf.sprintf "%s: id '%s' is FILTERED on creation for alias '%s'" function_name (print_hex_array_to_string a.Pkcs11.value) (get !current_module) in let _ = print_debug info_string 1 in (true || previous_bool, previous_counter+1) end end else (previous_bool, previous_counter) ) (false, 0) ckattributearray_ in if compare counter 0 = 0 then (* Do not block the creation if no id has been provided *) (false) else (check_it) let remove_elements_from_array array_ref to_remove = let ref_list = Array.to_list !array_ref in let to_remove_list = Array.to_list to_remove in let filtered_list = List.filter (fun a -> check_element_in_list to_remove_list a = false) ref_list in array_ref := Array.of_list filtered_list; () let pickup_elements_in_array array_ref count = (* Exract count elements from the array *) let extracted = (try Array.sub !array_ref 0 (Nativeint.to_int count) (* If count is larger than the size, we return the whole *) with Invalid_argument _ -> (Array.copy !array_ref)) in let _ = remove_elements_from_array array_ref extracted in (extracted) (* Check if a PKCS#11 function is filtered *) (* return true if yes, false if no *) let check_function_in_forbidden_functions_list function_name forbidden_functions_list = if compare !current_module None = 0 then (* Out from here if there is no module already loaded *) (false) else (check_regexp_element_in_all_lists (get !current_module) forbidden_functions_list function_name "forbidden") (* Check if we are enforcing RO sessions *) let check_enforce_ro_sessions_for_alias the_list = (* We only check for ONE associated list since there is no reason to apply multiple rules here! *) (* (we have booleans) *) let check = try get_associated_list (get !current_module) the_list (* By default, if the alias has not been found, we don't enforce RO sessions *) with Find_list_except -> let info_string = Printf.sprintf "Alias '%s' not found in enforce RO list: not applying any enforcement!" (get !current_module) in print_debug info_string 2; (false) in if check = true then begin let info_string = Printf.sprintf "Enforcing RO session in OpenSession for alias '%s'" (get !current_module) in print_debug info_string 1; (check) end else let info_string = Printf.sprintf "*NOT* enforcing RO session in OpenSession for alias '%s'" (get !current_module) in print_debug info_string 2; (check) (* Check if we are forbiding admin operations *) let check_forbid_admin_for_alias the_list = (* We only check for ONE associated list since there is no reason to apply multiple rules here! *) (* (we have booleans) *) let check = try get_associated_list (get !current_module) the_list (* By default, if the alias has not been found, we don't enforce RO sessions *) with Find_list_except -> let info_string = Printf.sprintf "Alias '%s' not found in forbid admin list: not applying the rule!" (get !current_module) in print_debug info_string 2; (false) in if check = true then begin let info_string = Printf.sprintf "Forbidding SO login for alias '%s'" (get !current_module) in print_debug info_string 1; (check) end else let info_string = Printf.sprintf "*NOT* forbidding SO login for alias '%s'" (get !current_module) in print_debug info_string 2; (check) (* Check if we are removing padding oracles *) let check_remove_padding_oracles the_list the_type = let check = check_regexp_element_in_all_lists (get !current_module) the_list the_type "forbidden" in if check = true then begin let info_string = Printf.sprintf "Removing padding oracles for alias '%s' and operation '%s'" (get !current_module) the_type in print_debug info_string 1; (check) end else let info_string = Printf.sprintf "*NOT* removing padding oracles for alias '%s' and operation '%s'" (get !current_module) the_type in print_debug info_string 2; (check) (**** Checking the actions given a trigger ****) let check_trigger_and_action function_trigger the_actions_list argument = (* For all the aliases, get the actions for the given functio_trigger *) let current_actions = List.fold_left (fun constructing_list (a, b) -> (* check if the current module is concerned by the alias *) if check_regexp a (get !current_module) = true then (* Iterate through the list of couples (function, action) *) (List.fold_left (fun constructing_list (c, d) -> if check_regexp function_trigger c = true then (List.concat [constructing_list; [d]]) else (constructing_list)) constructing_list b) else (constructing_list) ) [] the_actions_list in if List.length current_actions = 0 then (* If we have no action, return a fake ret value *) (serialize (false, ())) else (* Now apply all the actions serially *) (* If an action returns a value along the way, we return *) (* it and stop the execution flow of other actions *) let final_ret = List.fold_left (fun last_action_ret action -> let (stop, _) = deserialize last_action_ret in if stop = true then (* The last action returned something: return its value without *) (* executing the other actions *) (last_action_ret) else let info_string = Printf.sprintf "Executing user defined action '%s' on trigger '%s' for alias '%s'" action function_trigger (get !current_module) in print_debug info_string 1; (execute_action function_trigger action (serialize argument)) ) (serialize (false, ())) current_actions in (final_ret) (** Apply pre actions **) let apply_pre_filter_actions function_name args = deserialize (check_trigger_and_action function_name !filter_actions_pre args) (** Apply post actions **) let apply_post_filter_actions function_name args = deserialize (check_trigger_and_action function_name !filter_actions_post args) (***** Our filterfing functions ******) (* Filter the mechanisms list returned by C_GetMechanismList *) (* with respect to our blacklist *) let filter_c_GetMechanismList ret mechanism_list count = flush stdout; if !current_module = None then begin (* The module has not been initialized yet: passthrough *) (ret, mechanism_list, count) end else begin let filtered_mechanism_list = Array.of_list (apply_blacklist_all_lists (Array.to_list mechanism_list) !forbidden_mechanisms) in (* If the resulting mechanism list is bigger thant the count, return the real count if count was 0 or CKR_BUFFER_TOO_SMALL *) if Array.length filtered_mechanism_list > (Nativeint.to_int count) then begin if compare count 0n = 0 then (Pkcs11.cKR_OK, [| |], Nativeint.of_int (Array.length filtered_mechanism_list)) else (Pkcs11.cKR_BUFFER_TOO_SMALL, [| |], Nativeint.of_int (Array.length filtered_mechanism_list)) end else (ret, filtered_mechanism_list, Nativeint.of_int (Array.length filtered_mechanism_list)) end (***** PKCS#11 functions *****) (*************************************************************************) (* We don't block SetupArch *) let c_LoadModule path = (* NB: the check function in forbidden list is superfluous since *) (* no module is already loaded at this point! *) (* Check the function *) (* Check the alias *) let found_alias = try Filter_configuration.get_module_alias (Pkcs11.char_array_to_string path) with Modules_except -> raise Modules_except in let ret = Backend.c_LoadModule (Pkcs11.string_to_char_array found_alias) in let _ = if compare ret Pkcs11.cKR_OK = 0 then current_module := Some (Pkcs11.char_array_to_string path) else () in (ret) (*************************************************************************) (* We don't block SetupArch *) let c_SetupArch arch = Backend.c_SetupArch arch (*************************************************************************) let c_Initialize () = (* If no module is defined, return CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_GENERAL_ERROR) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_Initialize" (()) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_Initialize" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_Initialize" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_Initialize" (()) in if take_ret = true then (ret) else Backend.c_Initialize () (*************************************************************************) let c_GetInfo () = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, {Pkcs11.ck_info_cryptoki_version = {Pkcs11.major = '0'; Pkcs11.minor = '0'}; Pkcs11.ck_info_manufacturer_id = [| |]; Pkcs11.ck_info_flags = 0n; Pkcs11.ck_info_library_description = [| |]; Pkcs11.ck_info_library_version = {Pkcs11.major = '0'; Pkcs11.minor = '0'}}) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_GetInfo" (()) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_GetInfo" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_GetInfo" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, {Pkcs11.ck_info_cryptoki_version = {Pkcs11.major = '0'; Pkcs11.minor = '0'}; Pkcs11.ck_info_manufacturer_id = [| |]; Pkcs11.ck_info_flags = 0n; Pkcs11.ck_info_library_description = [| |]; Pkcs11.ck_info_library_version = {Pkcs11.major = '0'; Pkcs11.minor = '0'}}) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_GetInfo" (()) in if take_ret = true then (ret) else Backend.c_GetInfo () (*************************************************************************) let c_GetSlotList token_present count = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |], 0n) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_GetSlotList" (token_present, count) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_GetSlotList" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_GetSlotList" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |], 0n) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_GetSlotList" (token_present, count) in if take_ret = true then (ret) else Backend.c_GetSlotList token_present count (*************************************************************************) let c_GetSlotInfo ckslotidt_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, {Pkcs11.ck_slot_info_slot_description = [| |]; Pkcs11.ck_slot_info_manufacturer_id = [| |]; Pkcs11.ck_slot_info_flags = 0n; Pkcs11.ck_slot_info_hardware_version = {Pkcs11.major = '0'; Pkcs11.minor = '0'}; Pkcs11.ck_slot_info_firmware_version = {Pkcs11.major = '0'; Pkcs11.minor = '0'}}) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_GetSlotInfo" (ckslotidt_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_GetSlotInfo" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_GetSlotInfo" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, {Pkcs11.ck_slot_info_slot_description = [| |]; Pkcs11.ck_slot_info_manufacturer_id = [| |]; Pkcs11.ck_slot_info_flags = 0n; Pkcs11.ck_slot_info_hardware_version = {Pkcs11.major = '0'; Pkcs11.minor = '0'}; Pkcs11.ck_slot_info_firmware_version = {Pkcs11.major = '0'; Pkcs11.minor = '0'}}) else Backend.c_GetSlotInfo ckslotidt_ (*************************************************************************) let c_GetTokenInfo ckslotidt_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, {Pkcs11.ck_token_info_label = [| |]; Pkcs11.ck_token_info_manufacturer_id = [| |]; Pkcs11.ck_token_info_model = [| |]; Pkcs11.ck_token_info_serial_number = [| |]; Pkcs11.ck_token_info_flags = 0n; Pkcs11.ck_token_info_max_session_count = 0n; Pkcs11.ck_token_info_session_count = 0n; Pkcs11.ck_token_info_max_rw_session_count = 0n; Pkcs11.ck_token_info_rw_session_count = 0n; Pkcs11.ck_token_info_max_pin_len = 0n; Pkcs11.ck_token_info_min_pin_len = 0n; Pkcs11.ck_token_info_total_public_memory = 0n; Pkcs11.ck_token_info_free_public_memory = 0n; Pkcs11.ck_token_info_total_private_memory = 0n; Pkcs11.ck_token_info_free_private_memory = 0n; Pkcs11.ck_token_info_hardware_version = {Pkcs11.major = '0'; Pkcs11.minor = '0'}; Pkcs11.ck_token_info_firmware_version = {Pkcs11.major = '0'; Pkcs11.minor = '0'}; Pkcs11.ck_token_info_utc_time = [| |]}) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_GetTokenInfo" (ckslotidt_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_GetTokenInfo" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_GetTokenInfo" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, {Pkcs11.ck_token_info_label = [| |]; Pkcs11.ck_token_info_manufacturer_id = [| |]; Pkcs11.ck_token_info_model = [| |]; Pkcs11.ck_token_info_serial_number = [| |]; Pkcs11.ck_token_info_flags = 0n; Pkcs11.ck_token_info_max_session_count = 0n; Pkcs11.ck_token_info_session_count = 0n; Pkcs11.ck_token_info_max_rw_session_count = 0n; Pkcs11.ck_token_info_rw_session_count = 0n; Pkcs11.ck_token_info_max_pin_len = 0n; Pkcs11.ck_token_info_min_pin_len = 0n; Pkcs11.ck_token_info_total_public_memory = 0n; Pkcs11.ck_token_info_free_public_memory = 0n; Pkcs11.ck_token_info_total_private_memory = 0n; Pkcs11.ck_token_info_free_private_memory = 0n; Pkcs11.ck_token_info_hardware_version = {Pkcs11.major = '0'; Pkcs11.minor = '0'}; Pkcs11.ck_token_info_firmware_version = {Pkcs11.major = '0'; Pkcs11.minor = '0'}; Pkcs11.ck_token_info_utc_time = [| |]}) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_GetTokenInfo" (ckslotidt_) in if take_ret = true then (ret) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_GetTokenInfo" (ckslotidt_) in if take_ret = true then (ret) else Backend.c_GetTokenInfo ckslotidt_ (*************************************************************************) let c_WaitForSlotEvent ckflagst_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, -1n) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_WaitForSlotEvent" (ckflagst_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_WaitForSlotEvent" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_WaitForSlotEvent" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, -1n) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_WaitForSlotEvent" (ckflagst_) in if take_ret = true then (ret) else Backend.c_WaitForSlotEvent ckflagst_ (*************************************************************************) let c_GetMechanismList ckslotidt_ count = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |], 0n) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_GetMechanismList" (ckslotidt_, count) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_GetMechanismList" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_GetMechanismList" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |], 0n) else (* Do we filter mechanisms? *) if List.length !forbidden_mechanisms > 0 then begin (* We always want to ask for the real number of mechanisms *) let mycount = let (ret, _, newcount) = Backend.c_GetMechanismList ckslotidt_ 0n in if compare ret Pkcs11.cKR_OK = 0 then newcount else count in let (ret, mechanism_list, _) = Backend.c_GetMechanismList ckslotidt_ mycount in (* We filter the list if everything went OK *) if compare ret Pkcs11.cKR_OK = 0 then (* Late actions after other checks *) let (take_ret, return) = apply_post_filter_actions "C_GetMechanismList" (ckslotidt_, count) in if take_ret = true then (return) else let (filtered_ret, filtered_list, filtered_count) = filter_c_GetMechanismList ret mechanism_list count in (filtered_ret, filtered_list, filtered_count) else (* Late actions after other checks *) let (take_ret, return) = apply_post_filter_actions "C_GetMechanismList" (ckslotidt_, count) in if take_ret = true then (return) else (ret, mechanism_list, count) end else (* If we don't filter mechanisms, passthrough to the backend *) (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_GetMechanismList" (ckslotidt_, count) in if take_ret = true then (ret) else Backend.c_GetMechanismList ckslotidt_ count (*************************************************************************) let c_GetMechanismInfo ckslotidt_ ckmechanismtypet_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, {Pkcs11.ck_mechanism_info_min_key_size = 0n; Pkcs11.ck_mechanism_info_max_key_size = 0n; Pkcs11.ck_mechanism_info_flags = 0n}) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_GetMechanismInfo" (ckslotidt_, ckmechanismtypet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_GetMechanismInfo" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_GetMechanismList" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, {Pkcs11.ck_mechanism_info_min_key_size = 0n; Pkcs11.ck_mechanism_info_max_key_size = 0n; Pkcs11.ck_mechanism_info_flags = 0n}) else (* Check if the asked mechanism is in the forbidden list *) if check_forbidden_mechanism_in_all_lists ckmechanismtypet_ !forbidden_mechanisms = true then begin let s = Printf.sprintf "Mechanism %s has been filtered in C_GetMechanismInfo" (Pkcs11.match_cKM_value ckmechanismtypet_) in print_debug s 1; (Pkcs11.cKR_MECHANISM_INVALID, {Pkcs11.ck_mechanism_info_min_key_size = 0n; Pkcs11.ck_mechanism_info_max_key_size = 0n; Pkcs11.ck_mechanism_info_flags = 0n}) end else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_GetMechanismInfo" (ckslotidt_, ckmechanismtypet_) in if take_ret = true then (ret) else Backend.c_GetMechanismInfo ckslotidt_ ckmechanismtypet_ (*************************************************************************) let c_InitToken ckslotidt_ so_pin label = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_InitToken" (ckslotidt_, so_pin, label) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_InitToken" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_InitToken" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_InitToken" (ckslotidt_, so_pin, label) in if take_ret = true then (ret) else Backend.c_InitToken ckslotidt_ so_pin label (*************************************************************************) let c_InitPIN cksessionhandlet_ pin = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_InitPIN" (cksessionhandlet_, pin) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_InitPIN" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_InitPIN" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_InitPIN" (cksessionhandlet_, pin) in if take_ret = true then (ret) else Backend.c_InitPIN cksessionhandlet_ pin (*************************************************************************) let c_SetPIN cksessionhandlet_ old_pin new_pin = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_SetPIN" (cksessionhandlet_, old_pin, new_pin) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_SetPIN" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_SetPIN" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_SetPIN" (cksessionhandlet_, old_pin, new_pin) in if take_ret = true then (ret) else Backend.c_SetPIN cksessionhandlet_ old_pin new_pin (*************************************************************************) let c_OpenSession ckslotid_ ckflagst_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, Pkcs11.cK_INVALID_HANDLE) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_OpenSession" (ckslotid_, ckflagst_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_OpenSession" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_OpenSession" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, Pkcs11.cK_INVALID_HANDLE) else (* Check if we are enforcing the RO session *) let new_flags = if check_enforce_ro_sessions_for_alias !enforce_ro_sessions = true then Nativeint.logand ckflagst_ (Nativeint.lognot Pkcs11.cKF_RW_SESSION) else ckflagst_ in (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_OpenSession" (ckslotid_, new_flags) in if take_ret = true then (ret) else Backend.c_OpenSession ckslotid_ new_flags (*************************************************************************) let c_CloseSession cksessionhandlet_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_CloseSession" (cksessionhandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_CloseSession" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_CloseSession" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_CloseSession" (cksessionhandlet_) in if take_ret = true then (ret) else Backend.c_CloseSession cksessionhandlet_ (*************************************************************************) let c_CloseAllSessions ckslotidt_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_CloseAllSessions" (ckslotidt_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_CloseAllSessions" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_CloseAllSessions" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_CloseAllSessions" (ckslotidt_) in if take_ret = true then (ret) else Backend.c_CloseAllSessions ckslotidt_ (*************************************************************************) let c_GetSessionInfo cksessionhandlet_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, {Pkcs11.ck_session_info_slot_id = -1n; Pkcs11.ck_session_info_state = 0n; ck_session_info_flags = 0n; ck_session_info_device_error = 0n}) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_GetSessionInfo" (cksessionhandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_GetSessionInfo" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_GetSessionInfo" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, {Pkcs11.ck_session_info_slot_id = -1n; Pkcs11.ck_session_info_state = 0n; ck_session_info_flags = 0n; ck_session_info_device_error = 0n}) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_GetSessionInfo" (cksessionhandlet_) in if take_ret = true then (ret) else Backend.c_GetSessionInfo cksessionhandlet_ (*************************************************************************) let c_GetOperationState cksessionhandlet_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_GetOperationState" (cksessionhandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_GetOperationState" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_GetOperationState" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_GetOperationState" (cksessionhandlet_) in if take_ret = true then (ret) else Backend.c_GetOperationState cksessionhandlet_ (*************************************************************************) let c_SetOperationState cksessionhandlet_ state encryption_handle authentication_handle = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_SetOperationState" (cksessionhandlet_, state, encryption_handle, authentication_handle) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_SetOperationState" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_SetOperationState" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_SetOperationState" (cksessionhandlet_, state, encryption_handle, authentication_handle) in if take_ret = true then (ret) else Backend.c_SetOperationState cksessionhandlet_ state encryption_handle authentication_handle (*************************************************************************) let c_Login cksessionhandlet_ ckusertypet_ pin = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_Login" (cksessionhandlet_, ckusertypet_, pin) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_Login" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_Login" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else begin (* If we forbid admin operations, we won't let any SO login *) if check_forbid_admin_for_alias !forbid_admin_operations = true then begin (* If we forbid admin operations, we can't allow logins other than regular user ... *) if (compare ckusertypet_ Pkcs11.cKU_SO = 0) || (compare ckusertypet_ Pkcs11.cKU_CONTEXT_SPECIFIC = 0) then (Pkcs11.cKR_USER_TYPE_INVALID) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_Login" (cksessionhandlet_, ckusertypet_, pin) in if take_ret = true then (ret) else Backend.c_Login cksessionhandlet_ ckusertypet_ pin end else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_Login" (cksessionhandlet_, ckusertypet_, pin) in if take_ret = true then (ret) else Backend.c_Login cksessionhandlet_ ckusertypet_ pin end (*************************************************************************) let c_Logout cksessionhandlet = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_Logout" (cksessionhandlet) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_Logout" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_Logout" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_Logout" (cksessionhandlet) in if take_ret = true then (ret) else Backend.c_Logout cksessionhandlet (*************************************************************************) let c_Finalize () = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_Finalize" (()) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_Finalize" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_Finalize" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_Finalize" (()) in if take_ret = true then (ret) else Backend.c_Finalize () (*************************************************************************) let c_CreateObject cksessionhandlet_ ckattributearray_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, Pkcs11.cK_INVALID_HANDLE) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_CreateObject" (cksessionhandlet_, ckattributearray_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_CreateObject" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_CreateObject" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, Pkcs11.cK_INVALID_HANDLE) else (* Check for the possible label or id blocking *) let check_label = check_label_on_object_creation ckattributearray_ !allowed_labels "C_CreateObject" in let check_label_id = check_label || (check_id_on_object_creation ckattributearray_ !allowed_ids "C_CreateObject") in if check_label_id = true then (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID, Pkcs11.cK_INVALID_HANDLE) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_CreateObject" (cksessionhandlet_, ckattributearray_) in if take_ret = true then (ret) else Backend.c_CreateObject cksessionhandlet_ ckattributearray_ (*************************************************************************) let c_CopyObject cksessionhandlet_ ckobjecthandlet_ ckattributearray_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, Pkcs11.cK_INVALID_HANDLE) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_CopyObject" (cksessionhandlet_, ckobjecthandlet_, ckattributearray_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_CopyObject" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_CopyObject" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, Pkcs11.cK_INVALID_HANDLE) else (* Check for label or id blocking on the input objects handles *) if (check_object_label cksessionhandlet_ ckobjecthandlet_ !allowed_labels "C_CopyObject" = false) || (check_object_id cksessionhandlet_ ckobjecthandlet_ !allowed_ids "C_CopyObject" = false) then (Pkcs11.cKR_OBJECT_HANDLE_INVALID, Pkcs11.cK_INVALID_HANDLE) else (* Check for the possible label or id blocking *) let check_label = check_label_on_object_creation ckattributearray_ !allowed_labels "C_CopyObject" in let check_label_id = check_label || (check_id_on_object_creation ckattributearray_ !allowed_ids "C_CopyObject") in if check_label_id = true then (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID, Pkcs11.cK_INVALID_HANDLE) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_CopyObject" (cksessionhandlet_, ckobjecthandlet_, ckattributearray_) in if take_ret = true then (ret) else Backend.c_CopyObject cksessionhandlet_ ckobjecthandlet_ ckattributearray_ (*************************************************************************) let c_DestroyObject cksessionhandlet_ ckobjecthandlet_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_DestroyObject" (cksessionhandlet_, ckobjecthandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_DestroyObject" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_DestroyObject" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Check for label or id blocking on the input objects handles *) if (check_object_label cksessionhandlet_ ckobjecthandlet_ !allowed_labels "C_DestroyObject" = false) || (check_object_id cksessionhandlet_ ckobjecthandlet_ !allowed_ids "C_DestroyObject" = false) then (Pkcs11.cKR_OBJECT_HANDLE_INVALID) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_DestroyObject" (cksessionhandlet_, ckobjecthandlet_) in if take_ret = true then (ret) else Backend.c_DestroyObject cksessionhandlet_ ckobjecthandlet_ (*************************************************************************) let c_GetObjectSize cksessionhandlet_ ckobjecthandlet_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, -1n) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_GetObjectSize" (cksessionhandlet_, ckobjecthandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_GetObjectSize" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_GetObjectSize" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, -1n) else (* Check for label or id blocking on the input objects handles *) if (check_object_label cksessionhandlet_ ckobjecthandlet_ !allowed_labels "C_GetObjectSize" = false) || (check_object_id cksessionhandlet_ ckobjecthandlet_ !allowed_ids "C_GetObjectSize" = false) then (Pkcs11.cKR_OBJECT_HANDLE_INVALID, -1n) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_GetObjectSize" (cksessionhandlet_, ckobjecthandlet_) in if take_ret = true then (ret) else Backend.c_GetObjectSize cksessionhandlet_ ckobjecthandlet_ (*************************************************************************) let c_GetAttributeValue cksessionhandlet_ ckobjecthandlet_ ckattributearray_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_GetAttributeValue" (cksessionhandlet_, ckobjecthandlet_, ckattributearray_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_GetAttributeValue" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_GetAttributeValue" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Check for label or id blocking on the input objects handles *) if (check_object_label cksessionhandlet_ ckobjecthandlet_ !allowed_labels "C_GetAttributeValue" = false) || (check_object_id cksessionhandlet_ ckobjecthandlet_ !allowed_ids "C_GetAttributeValue" = false) then (* Here, we call c_GetAttributeValue, we might want to return what the middleware has returned if there has been an error *) (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_GetAttributeValue" (cksessionhandlet_, ckobjecthandlet_, ckattributearray_) in let (return, template) = if take_ret = true then (ret) else Backend.c_GetAttributeValue cksessionhandlet_ ckobjecthandlet_ ckattributearray_ in if return <> Pkcs11.cKR_OK then (return, [| |]) else (Pkcs11.cKR_OBJECT_HANDLE_INVALID, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_GetAttributeValue" (cksessionhandlet_, ckobjecthandlet_, ckattributearray_) in if take_ret = true then (ret) else Backend.c_GetAttributeValue cksessionhandlet_ ckobjecthandlet_ ckattributearray_ (*************************************************************************) let c_SetAttributeValue cksessionhandlet_ ckobjecthandlet_ ckattributearray_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_SetAttributeValue" (cksessionhandlet_, ckobjecthandlet_, ckattributearray_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_SetAttributeValue" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_SetAttributeValue" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Check for label or id blocking on the input objects handles *) if (check_object_label cksessionhandlet_ ckobjecthandlet_ !allowed_labels "C_SetAttributeValue" = false) || (check_object_id cksessionhandlet_ ckobjecthandlet_ !allowed_ids "C_SetAttributeValue" = false) then (Pkcs11.cKR_OBJECT_HANDLE_INVALID) else (* Check for the possible label or id blocking *) let check_label = check_label_on_object_creation ckattributearray_ !allowed_labels "C_SetAttributeValue" in let check_label_id = check_label || (check_id_on_object_creation ckattributearray_ !allowed_ids "C_SetAttributeValue") in if check_label_id = true then (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_SetAttributeValue" (cksessionhandlet_, ckobjecthandlet_, ckattributearray_ ) in if take_ret = true then (ret) else Backend.c_SetAttributeValue cksessionhandlet_ ckobjecthandlet_ ckattributearray_ (*************************************************************************) (* Variable used for the filtered handles *) let last_ret_on_error : Pkcs11.ck_rv_t ref = ref Pkcs11.cKR_OK let find_objects_loop_num : int ref = ref 0 (* Maximum number of loop iterations allowed *) let max_objects_loop : int ref = ref 100000 let c_FindObjectsInit cksessionhandlet_ ckattributearray_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_FindObjectsInit" (cksessionhandlet_, ckattributearray_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_FindObjectsInit" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_FindObjectsInit" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else let ret = Backend.c_FindObjectsInit cksessionhandlet_ ckattributearray_ in if compare ret Pkcs11.cKR_OK = 0 then begin (* Reinitialize the found objects array *) current_find_objects_filtered_handles := [| |]; last_ret_on_error := Pkcs11.cKR_OK; (* Late actions after other checks *) let (take_ret, return) = apply_post_filter_actions "C_FindObjectsInit" (cksessionhandlet_, ckattributearray_) in if take_ret = true then (return) else (ret) end else (* Late actions after other checks *) let (take_ret, return) = apply_post_filter_actions "C_FindObjectsInit" (cksessionhandlet_, ckattributearray_) in if take_ret = true then (return) else (ret) (*************************************************************************) let c_FindObjects cksessionhandlet_ count = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |], 0n) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_FindObjects" (cksessionhandlet_, count) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_FindObjects" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_FindObjects" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |], 0n) else begin if Array.length !current_find_objects_filtered_handles = 0 then begin (* This is the first time FindObjetcs is called *) (* We find all the objects and store them in our local array *) let total_count = ref 1n in try while compare !total_count 0n <> 0 do let (ret, objects_handles_array, curr_total_count) = Backend.c_FindObjects cksessionhandlet_ 1n in total_count := curr_total_count; if compare ret Pkcs11.cKR_OK <> 0 then begin last_ret_on_error := ret; raise Exit; end else (* Check that we don't overflow and raise an exception if this is the case *) find_objects_loop_num := !find_objects_loop_num + 1; if !find_objects_loop_num > !max_objects_loop then begin print_error "loop overflow when filtering FindObjetcs!"; raise Loop_overflow; end else begin (* Apply the label and id filtering *) let label_filtered_array = apply_allowed_label_filter cksessionhandlet_ objects_handles_array !allowed_labels in let label_id_filtered_array = apply_allowed_id_filter cksessionhandlet_ label_filtered_array !allowed_ids in current_find_objects_filtered_handles := Array.append !current_find_objects_filtered_handles label_id_filtered_array; (); end done with Exit -> (); end; (* Late actions after other checks *) let (take_ret, return) = apply_post_filter_actions "C_FindObjects" (cksessionhandlet_, 1n) in if take_ret = true then (return) else if compare !last_ret_on_error Pkcs11.cKR_OK <> 0 then begin (* We got an error, reinitialize the global variable last_ret_on_error *) let ret = !last_ret_on_error in last_ret_on_error := Pkcs11.cKR_OK; (* We return the real error that we got from the Backend *) (ret, [| |], 0n) end else (* FindObjects has already been called *) (* Pick up objects from local cache array *) let returned_objects_handles = pickup_elements_in_array current_find_objects_filtered_handles count in (Pkcs11.cKR_OK, returned_objects_handles, Nativeint.of_int (Array.length returned_objects_handles)) end (*************************************************************************) let c_FindObjectsFinal cksessionhandlet_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_FindObjectsFinal" (cksessionhandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_FindObjectsFinal" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_FindObjectsFinal" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_FindObjectsFinal" (cksessionhandlet_) in if take_ret = true then (ret) else Backend.c_FindObjectsFinal cksessionhandlet_ (*************************************************************************) let c_EncryptInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_EncryptInit" (cksessionhandlet_, ckmechanism_, ckobjecthandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_EncryptInit" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_EncryptInit" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Check for label or id blocking on the input objects handles *) if (check_object_label cksessionhandlet_ ckobjecthandlet_ !allowed_labels "C_EncryptInit" = false) || (check_object_id cksessionhandlet_ ckobjecthandlet_ !allowed_ids "C_EncryptInit" = false) then (Pkcs11.cKR_OBJECT_HANDLE_INVALID) else begin (* Check for the asked mechanism against the forbidden list *) let ckmechanismtypet_ = ckmechanism_.Pkcs11.mechanism in if check_forbidden_mechanism_in_all_lists ckmechanismtypet_ !forbidden_mechanisms = true then begin let s = Printf.sprintf "Mechanism %s has been filtered in C_EncryptInit" (Pkcs11.match_cKM_value ckmechanismtypet_) in print_debug s 1; (Pkcs11.cKR_MECHANISM_INVALID) end else (* Check if we forbid padding oracles *) if (check_remove_padding_oracles !remove_padding_oracles "encrypt" = true || check_remove_padding_oracles !remove_padding_oracles "all" = true) then (* If we indeed want to remove the padding oracles *) (* we check the mechanism against the dangerous ones *) if check_element_in_list !padding_oracle_mechanisms ckmechanism_.Pkcs11.mechanism = true then (Pkcs11.cKR_MECHANISM_INVALID) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_EncryptInit" (cksessionhandlet_, ckmechanism_, ckobjecthandlet_) in if take_ret = true then (ret) else Backend.c_EncryptInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_EncryptInit" (cksessionhandlet_, ckmechanism_, ckobjecthandlet_) in if take_ret = true then (ret) else Backend.c_EncryptInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ end (*************************************************************************) let c_Encrypt cksessionhandlet_ data = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_Encrypt" (cksessionhandlet_, data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_Encrypt" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_Encrypt" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_Encrypt" (cksessionhandlet_, data) in if take_ret = true then (ret) else Backend.c_Encrypt cksessionhandlet_ data (*************************************************************************) let c_EncryptUpdate cksessionhandlet_ data = (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_EncryptUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_EncryptUpdate" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_EncryptUpdate" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_EncryptUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else Backend.c_EncryptUpdate cksessionhandlet_ data (*************************************************************************) let c_EncryptFinal cksessionhandlet_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_EncryptFinal" (cksessionhandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_EncryptFinal" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_EncryptFinal" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_EncryptFinal" (cksessionhandlet_) in if take_ret = true then (ret) else Backend.c_EncryptFinal cksessionhandlet_ (*************************************************************************) let c_DecryptInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_DecryptInit" (cksessionhandlet_, ckmechanism_, ckobjecthandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_DecryptInit" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_DecryptInit" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Check for label or id blocking on the input objects handles *) if (check_object_label cksessionhandlet_ ckobjecthandlet_ !allowed_labels "C_DecryptInit" = false) || (check_object_id cksessionhandlet_ ckobjecthandlet_ !allowed_ids "C_DecryptInit" = false) then (Pkcs11.cKR_OBJECT_HANDLE_INVALID) else (* Check for the asked mechanism against the forbidden list *) let ckmechanismtypet_ = ckmechanism_.Pkcs11.mechanism in if check_forbidden_mechanism_in_all_lists ckmechanismtypet_ !forbidden_mechanisms = true then begin let s = Printf.sprintf "Mechanism %s has been filtered in C_DecryptInit" (Pkcs11.match_cKM_value ckmechanismtypet_) in print_debug s 1; (Pkcs11.cKR_MECHANISM_INVALID) end else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_DecryptInit" (cksessionhandlet_, ckmechanism_, ckobjecthandlet_) in if take_ret = true then (ret) else Backend.c_DecryptInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ (*************************************************************************) let c_Decrypt cksessionhandlet_ data = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_Decrypt" (cksessionhandlet_, data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_Decrypt" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_Decrypt" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_Decrypt" (cksessionhandlet_, data) in if take_ret = true then (ret) else Backend.c_Decrypt cksessionhandlet_ data (*************************************************************************) let c_DecryptUpdate cksessionhandlet_ data = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_DecryptUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_DecryptUpdate" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_DecryptUpdate" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_DecryptUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else Backend.c_DecryptUpdate cksessionhandlet_ data (*************************************************************************) let c_DecryptFinal cksessionhandlet_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_DecryptFinal" (cksessionhandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_DecryptFinal" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_DecryptFinal" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_DecryptFinal" (cksessionhandlet_) in if take_ret = true then (ret) else Backend.c_DecryptFinal cksessionhandlet_ (*************************************************************************) let c_DigestInit cksessionhandlet_ ckmechanism_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_DigestInit" (cksessionhandlet_, ckmechanism_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_DigestInit" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_DigestInit" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Check for the asked mechanism against the forbidden list *) let ckmechanismtypet_ = ckmechanism_.Pkcs11.mechanism in if check_forbidden_mechanism_in_all_lists ckmechanismtypet_ !forbidden_mechanisms = true then begin let s = Printf.sprintf "Mechanism %s has been filtered in C_DigestInit" (Pkcs11.match_cKM_value ckmechanismtypet_) in print_debug s 1; (Pkcs11.cKR_MECHANISM_INVALID) end else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_DigestInit" (cksessionhandlet_, ckmechanism_) in if take_ret = true then (ret) else Backend.c_DigestInit cksessionhandlet_ ckmechanism_ (*************************************************************************) let c_Digest cksessionhandlet_ data = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_Digest" (cksessionhandlet_, data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_Digest" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_Digest" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_Digest" (cksessionhandlet_, data) in if take_ret = true then (ret) else Backend.c_Digest cksessionhandlet_ data (*************************************************************************) let c_DigestUpdate cksessionhandlet_ data = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_DigestUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_DigestUpdate" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_DigestUpdate" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_DigestUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else Backend.c_DigestUpdate cksessionhandlet_ data (*************************************************************************) let c_DigestKey cksessionhandlet_ ckobjecthandlet_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_DigestKey" (cksessionhandlet_, ckobjecthandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_DigestKey" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_DigestKey" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Check for label or id blocking on the input objects handles *) if (check_object_label cksessionhandlet_ ckobjecthandlet_ !allowed_labels "C_DigestKey" = false) || (check_object_id cksessionhandlet_ ckobjecthandlet_ !allowed_ids "C_DigestKey" = false) then (Pkcs11.cKR_OBJECT_HANDLE_INVALID) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_DigestKey" (cksessionhandlet_, ckobjecthandlet_) in if take_ret = true then (ret) else Backend.c_DigestKey cksessionhandlet_ ckobjecthandlet_ (*************************************************************************) let c_DigestFinal cksessionhandlet = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_DigestFinal" (cksessionhandlet) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_DigestFinal" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_DigestFinal" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_DigestFinal" (cksessionhandlet) in if take_ret = true then (ret) else Backend.c_DigestFinal cksessionhandlet (*************************************************************************) let c_SignInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_SignInit" (cksessionhandlet_, ckmechanism_, ckobjecthandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_SignInit" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_SignInit" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Check for label or id blocking on the input objects handles *) if (check_object_label cksessionhandlet_ ckobjecthandlet_ !allowed_labels "C_SignInit" = false) || (check_object_id cksessionhandlet_ ckobjecthandlet_ !allowed_ids "C_SignInit" = false) then (Pkcs11.cKR_OBJECT_HANDLE_INVALID) else (* Check for the asked mechanism against the forbidden list *) let ckmechanismtypet_ = ckmechanism_.Pkcs11.mechanism in if check_forbidden_mechanism_in_all_lists ckmechanismtypet_ !forbidden_mechanisms = true then begin let s = Printf.sprintf "Mechanism %s has been filtered in C_SignInit" (Pkcs11.match_cKM_value ckmechanismtypet_) in print_debug s 1; (Pkcs11.cKR_MECHANISM_INVALID) end else (* Check if we forbid padding oracles *) if (check_remove_padding_oracles !remove_padding_oracles "sign" = true || check_remove_padding_oracles !remove_padding_oracles "all" = true) then (* If we indeed want to remove the padding oracles *) (* we check the mechanism against the dangerous ones *) if check_element_in_list !padding_oracle_mechanisms ckmechanism_.Pkcs11.mechanism = true then (Pkcs11.cKR_MECHANISM_INVALID) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_SignInit" (cksessionhandlet_, ckmechanism_, ckobjecthandlet_) in if take_ret = true then (ret) else Backend.c_SignInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_SignInit" (cksessionhandlet_, ckmechanism_, ckobjecthandlet_) in if take_ret = true then (ret) else Backend.c_SignInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ (*************************************************************************) let c_SignRecoverInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_SignRecoverInit" (cksessionhandlet_, ckmechanism_, ckobjecthandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_SignRecoverInit" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_SignRecoverInit" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Check for label or id blocking on the input objects handles *) if (check_object_label cksessionhandlet_ ckobjecthandlet_ !allowed_labels "C_SignRecoverInit" = false) || (check_object_id cksessionhandlet_ ckobjecthandlet_ !allowed_ids "C_SignRecoverInit" = false) then (Pkcs11.cKR_OBJECT_HANDLE_INVALID) else (* Check for the asked mechanism against the forbidden list *) let ckmechanismtypet_ = ckmechanism_.Pkcs11.mechanism in if check_forbidden_mechanism_in_all_lists ckmechanismtypet_ !forbidden_mechanisms = true then begin let s = Printf.sprintf "Mechanism %s has been filtered in C_SignRecoverInit" (Pkcs11.match_cKM_value ckmechanismtypet_) in print_debug s 1; (Pkcs11.cKR_MECHANISM_INVALID) end else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_SignRecoverInit" (cksessionhandlet_, ckmechanism_, ckobjecthandlet_) in if take_ret = true then (ret) else Backend.c_SignRecoverInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ (*************************************************************************) let c_Sign cksessionhandlet_ data = (* If no module is defined, return CKR_CRYPTOKI_NOT_INITIALIZED *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_Sign" (cksessionhandlet_, data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_Sign" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_Sign" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_Sign" (cksessionhandlet_, data) in if take_ret = true then (ret) else Backend.c_Sign cksessionhandlet_ data (*************************************************************************) let c_SignRecover cksessionhandlet_ data = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_SignRecover" (cksessionhandlet_, data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_SignRecover" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_SignRecover" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_SignRecover" (cksessionhandlet_, data) in if take_ret = true then (ret) else Backend.c_SignRecover cksessionhandlet_ data (*************************************************************************) let c_SignUpdate cksessionhandlet_ data = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_SignUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_SignUpdate" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_SignUpdate" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_SignUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else Backend.c_SignUpdate cksessionhandlet_ data (*************************************************************************) let c_SignFinal cksessionhandlet_ = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_SignFinal" (cksessionhandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_SignFinal" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_SignFinal" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_SignFinal" (cksessionhandlet_) in if take_ret = true then (ret) else Backend.c_SignFinal cksessionhandlet_ (*************************************************************************) let c_VerifyInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_VerifyInit" (cksessionhandlet_, ckmechanism_, ckobjecthandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_VerifyInit" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_VerifyInit" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Check for label or id blocking on the input objects handles *) if (check_object_label cksessionhandlet_ ckobjecthandlet_ !allowed_labels "C_VerifyInit" = false) || (check_object_id cksessionhandlet_ ckobjecthandlet_ !allowed_ids "C_VerifyInit" = false) then (Pkcs11.cKR_OBJECT_HANDLE_INVALID) else (* Check for the asked mechanism against the forbidden list *) let ckmechanismtypet_ = ckmechanism_.Pkcs11.mechanism in if check_forbidden_mechanism_in_all_lists ckmechanismtypet_ !forbidden_mechanisms = true then begin let s = Printf.sprintf "Mechanism %s has been filtered in C_VerifyInit" (Pkcs11.match_cKM_value ckmechanismtypet_) in print_debug s 1; (Pkcs11.cKR_MECHANISM_INVALID) end else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_VerifyInit" (cksessionhandlet_, ckmechanism_, ckobjecthandlet_) in if take_ret = true then (ret) else Backend.c_VerifyInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ (*************************************************************************) let c_VerifyRecoverInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_VerifyRecoverInit " (cksessionhandlet_, ckmechanism_, ckobjecthandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_FindObjects" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_FindObjects" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Check for label or id blocking on the input objects handles *) if (check_object_label cksessionhandlet_ ckobjecthandlet_ !allowed_labels "C_VerifyRecoverInit" = false) || (check_object_id cksessionhandlet_ ckobjecthandlet_ !allowed_ids "C_VerifyRecoverInit" = false) then (Pkcs11.cKR_OBJECT_HANDLE_INVALID) else (* Check for the asked mechanism against the forbidden list *) let ckmechanismtypet_ = ckmechanism_.Pkcs11.mechanism in if check_forbidden_mechanism_in_all_lists ckmechanismtypet_ !forbidden_mechanisms = true then begin let s = Printf.sprintf "Mechanism %s has been filtered in C_VerifyRecoverInit" (Pkcs11.match_cKM_value ckmechanismtypet_) in print_debug s 1; (Pkcs11.cKR_MECHANISM_INVALID) end else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_VerifyRecoverInit" ( cksessionhandlet_, ckmechanism_, ckobjecthandlet_ ) in if take_ret = true then (ret) else Backend.c_VerifyRecoverInit cksessionhandlet_ ckmechanism_ ckobjecthandlet_ (*************************************************************************) let c_Verify cksessionhandlet_ data signed_data = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_Verify" (cksessionhandlet_, data, signed_data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_Verify" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_Verify" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_Verify" (cksessionhandlet_, data, signed_data) in if take_ret = true then (ret) else Backend.c_Verify cksessionhandlet_ data signed_data (*************************************************************************) let c_VerifyRecover cksessionhandlet_ data = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_VerifyRecover" (cksessionhandlet_, data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_VerifyRecover" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_VerifyRevover" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_VerifyRecover" (cksessionhandlet_, data) in if take_ret = true then (ret) else Backend.c_VerifyRecover cksessionhandlet_ data (*************************************************************************) let c_VerifyUpdate cksessionhandlet_ data = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_VerifyUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_VerifyUpdate" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_VerifyUpdate" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_VerifyUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else Backend.c_VerifyUpdate cksessionhandlet_ data (*************************************************************************) let c_VerifyFinal cksessionhandlet_ data = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_VerifyFinal" (cksessionhandlet_, data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_VerifyFinal" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_VerifyFinal" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_VerifyFinal" (cksessionhandlet_, data) in if take_ret = true then (ret) else Backend.c_VerifyFinal cksessionhandlet_ data (*************************************************************************) let c_DigestEncryptUpdate cksessionhandlet_ data = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_DigestEncryptUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_DigestEncryptUpdate" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_DigestEncryptUpdate" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_DigestEncryptUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else Backend.c_DigestEncryptUpdate cksessionhandlet_ data (*************************************************************************) let c_DecryptDigestUpdate cksessionhandlet_ data = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_DecryptDigestUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_DecryptDigestUpdate" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_DecryptDigestUpdate" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_DecryptDigestUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else Backend.c_DecryptDigestUpdate cksessionhandlet_ data (*************************************************************************) let c_SignEncryptUpdate cksessionhandlet_ data = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_SignEncryptUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_SignEncryptUpdate" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_SignEncryptUpdate" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_SignEncryptUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else Backend.c_SignEncryptUpdate cksessionhandlet_ data (*************************************************************************) let c_DecryptVerifyUpdate cksessionhandlet_ data = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_DecryptVerifyUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_DecryptVerifyUpdate" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_DecryptVerifyUpdate" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_DecryptVerifyUpdate" (cksessionhandlet_, data) in if take_ret = true then (ret) else Backend.c_DecryptVerifyUpdate cksessionhandlet_ data (*************************************************************************) let c_GenerateKey cksessionhandlet_ ckmechanism_ ckattributearray_ = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, Pkcs11.cK_INVALID_HANDLE) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_GenerateKey" (cksessionhandlet_, ckmechanism_, ckattributearray_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_GenerateKey" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_GenerateKey" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, Pkcs11.cK_INVALID_HANDLE) else (* Check for the asked mechanism against the forbidden list *) let ckmechanismtypet_ = ckmechanism_.Pkcs11.mechanism in if check_forbidden_mechanism_in_all_lists ckmechanismtypet_ !forbidden_mechanisms = true then begin let s = Printf.sprintf "Mechanism %s has been filtered in C_GenerateKey" (Pkcs11.match_cKM_value ckmechanismtypet_) in print_debug s 1; (Pkcs11.cKR_MECHANISM_INVALID, Pkcs11.cK_INVALID_HANDLE) end else (* Check for the possible label or id blocking *) let check_label = check_label_on_object_creation ckattributearray_ !allowed_labels "C_GenerateKey" in let check_label_id = check_label || (check_id_on_object_creation ckattributearray_ !allowed_ids "C_GenerateKey") in if check_label_id = true then (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID, Pkcs11.cK_INVALID_HANDLE) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_GenerateKey" (cksessionhandlet_, ckmechanism_, ckattributearray_) in if take_ret = true then (ret) else Backend.c_GenerateKey cksessionhandlet_ ckmechanism_ ckattributearray_ (*************************************************************************) let c_GenerateKeyPair cksessionhandlet_ ckmechanism_ pub_attributes priv_attributes = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, Pkcs11.cK_INVALID_HANDLE, Pkcs11.cK_INVALID_HANDLE) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_GenerateKeyPair" (cksessionhandlet_, ckmechanism_, pub_attributes, priv_attributes) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_GenerateKeyPair" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_GenerateKeyPair" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, Pkcs11.cK_INVALID_HANDLE, Pkcs11.cK_INVALID_HANDLE) else (* Check for the asked mechanism against the forbidden list *) let ckmechanismtypet_ = ckmechanism_.Pkcs11.mechanism in if check_forbidden_mechanism_in_all_lists ckmechanismtypet_ !forbidden_mechanisms = true then begin let s = Printf.sprintf "Mechanism %s has been filtered in C_GenerateKeyPair" (Pkcs11.match_cKM_value ckmechanismtypet_) in print_debug s 1; (Pkcs11.cKR_MECHANISM_INVALID, Pkcs11.cK_INVALID_HANDLE, Pkcs11.cK_INVALID_HANDLE) end else (* Check for the possible label or id blocking *) let check_label_pub = check_label_on_object_creation pub_attributes !allowed_labels "C_GenerateKeyPair" in let check_label_id_pub = check_label_pub || (check_id_on_object_creation pub_attributes !allowed_ids "C_GenerateKeyPair") in let check_all = check_label_id_pub || (check_label_on_object_creation priv_attributes !allowed_labels "C_GenerateKeyPair") in let check_all = check_all || (check_id_on_object_creation priv_attributes !allowed_ids "C_GenerateKeyPair") in if check_all = true then (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID, Pkcs11.cK_INVALID_HANDLE, Pkcs11.cK_INVALID_HANDLE) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_GenerateKeyPair" (cksessionhandlet_, ckmechanism_, pub_attributes, priv_attributes) in if take_ret = true then (ret) else Backend.c_GenerateKeyPair cksessionhandlet_ ckmechanism_ pub_attributes priv_attributes (*************************************************************************) let c_WrapKey cksessionhandlet_ ckmechanism_ wrapping_handle wrapped_handle = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_WrapKey" (cksessionhandlet_, ckmechanism_, wrapping_handle, wrapped_handle) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_WrapKey" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_WrapKey" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [||]) else (* Check for label or id blocking on the input wrapping key *) if (check_object_label cksessionhandlet_ wrapping_handle !allowed_labels "C_WrapKey" = false) || (check_object_id cksessionhandlet_ wrapping_handle !allowed_ids "C_WrapKey" = false) then (Pkcs11.cKR_WRAPPING_KEY_HANDLE_INVALID, [||]) else (* Check for label or id blocking on the input wrapped key *) if (check_object_label cksessionhandlet_ wrapped_handle !allowed_labels "C_WrapKey" = false) || (check_object_id cksessionhandlet_ wrapped_handle !allowed_ids "C_WrapKey" = false) then (Pkcs11.cKR_OBJECT_HANDLE_INVALID, [||]) else (* Check for the asked mechanism against the forbidden list *) let ckmechanismtypet_ = ckmechanism_.Pkcs11.mechanism in if check_forbidden_mechanism_in_all_lists ckmechanismtypet_ !forbidden_mechanisms = true then begin let s = Printf.sprintf "Mechanism %s has been filtered in C_WrapKey" (Pkcs11.match_cKM_value ckmechanismtypet_) in print_debug s 1; (Pkcs11.cKR_MECHANISM_INVALID, [||]) end else (* Check if we forbid padding oracles *) if (check_remove_padding_oracles !remove_padding_oracles "wrap" = true || check_remove_padding_oracles !remove_padding_oracles "all" = true) then begin (* If we indeed want to remove the padding oracles *) (* we check the mechanism against the dangerous ones *) if check_element_in_list !padding_oracle_mechanisms ckmechanism_.Pkcs11.mechanism = true then (Pkcs11.cKR_MECHANISM_INVALID, [||]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_WrapKey" (cksessionhandlet_, ckmechanism_, wrapping_handle, wrapped_handle) in if take_ret = true then (ret) else Backend.c_WrapKey cksessionhandlet_ ckmechanism_ wrapping_handle wrapped_handle end else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_WrapKey" (cksessionhandlet_, ckmechanism_, wrapping_handle, wrapped_handle) in if take_ret = true then (ret) else Backend.c_WrapKey cksessionhandlet_ ckmechanism_ wrapping_handle wrapped_handle (*************************************************************************) let c_UnwrapKey cksessionhandlet_ ckmechanism_ unwrapping_handle wrapped_key ckattributearray_ = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, Pkcs11.cK_INVALID_HANDLE) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_UnwrapKey" (cksessionhandlet_, ckmechanism_, unwrapping_handle, wrapped_key, ckattributearray_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_UnwrapKey" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_UnwrapKey" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, Pkcs11.cK_INVALID_HANDLE) else (* Check for label or id blocking on the input objects handles *) if (check_object_label cksessionhandlet_ unwrapping_handle !allowed_labels "C_UnwrapKey" = false) || (check_object_id cksessionhandlet_ unwrapping_handle !allowed_ids "C_UnwrapKey" = false) then (Pkcs11.cKR_UNWRAPPING_KEY_HANDLE_INVALID, Pkcs11.cK_INVALID_HANDLE) else (* Check for the asked mechanism against the forbidden list *) let ckmechanismtypet_ = ckmechanism_.Pkcs11.mechanism in if check_forbidden_mechanism_in_all_lists ckmechanismtypet_ !forbidden_mechanisms = true then begin let s = Printf.sprintf "Mechanism %s has been filtered in C_UnwrapKey" (Pkcs11.match_cKM_value ckmechanismtypet_) in print_debug s 1; (Pkcs11.cKR_MECHANISM_INVALID, Pkcs11.cK_INVALID_HANDLE) end else (* Check if we forbid padding oracles *) if (check_remove_padding_oracles !remove_padding_oracles "unwrap" = true || check_remove_padding_oracles !remove_padding_oracles "all" = true) then begin (* If we indeed want to remove the padding oracles *) (* we check the mechanism against the dangerous ones *) if check_element_in_list !padding_oracle_mechanisms ckmechanism_.Pkcs11.mechanism = true then (Pkcs11.cKR_MECHANISM_INVALID, Pkcs11.cK_INVALID_HANDLE) else Backend.c_UnwrapKey cksessionhandlet_ ckmechanism_ unwrapping_handle wrapped_key ckattributearray_ end else (* Check for the possible label or id blocking *) let check_label = check_label_on_object_creation ckattributearray_ !allowed_labels "C_UnwrapKey" in let check_label_id = check_label || (check_id_on_object_creation ckattributearray_ !allowed_ids "C_UnwrapKey") in if check_label_id = true then (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID, Pkcs11.cK_INVALID_HANDLE) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_UnwrapKey" (cksessionhandlet_, ckmechanism_, unwrapping_handle, wrapped_key, ckattributearray_ ) in if take_ret = true then (ret) else Backend.c_UnwrapKey cksessionhandlet_ ckmechanism_ unwrapping_handle wrapped_key ckattributearray_ (*************************************************************************) let c_DeriveKey cksessionhandlet_ ckmechanism_ initial_key_handle ckattributearray_ = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, Pkcs11.cK_INVALID_HANDLE) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_DeriveKey" (cksessionhandlet_, ckmechanism_, initial_key_handle, ckattributearray_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_DeriveKey" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_DeriveKey" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, Pkcs11.cK_INVALID_HANDLE) else (* Check for label or id blocking on the input objects handles *) if (check_object_label cksessionhandlet_ initial_key_handle !allowed_labels "C_DeriveKey" = false) || (check_object_id cksessionhandlet_ initial_key_handle !allowed_ids "C_DeriveKey" = false) then (Pkcs11.cKR_OBJECT_HANDLE_INVALID, Pkcs11.cK_INVALID_HANDLE) else (* Check for the asked mechanism against the forbidden list *) let ckmechanismtypet_ = ckmechanism_.Pkcs11.mechanism in if check_forbidden_mechanism_in_all_lists ckmechanismtypet_ !forbidden_mechanisms = true then begin let s = Printf.sprintf "Mechanism %s has been filtered in C_DeriveKey" (Pkcs11.match_cKM_value ckmechanismtypet_) in print_debug s 1; (Pkcs11.cKR_MECHANISM_INVALID, Pkcs11.cK_INVALID_HANDLE) end else (* Check for the possible label or id blocking *) let check_label = check_label_on_object_creation ckattributearray_ !allowed_labels "C_DeriveKey" in let check_label_id = check_label || (check_id_on_object_creation ckattributearray_ !allowed_ids "C_DeriveKey") in if check_label_id = true then (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID, Pkcs11.cK_INVALID_HANDLE) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_DeriveKey" (cksessionhandlet_, ckmechanism_, initial_key_handle, ckattributearray_ ) in if take_ret = true then (ret) else Backend.c_DeriveKey cksessionhandlet_ ckmechanism_ initial_key_handle ckattributearray_ (*************************************************************************) let c_SeedRandom cksessionhandlet_ seed = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_SeedRandom" (cksessionhandlet_, seed) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_SeedRandom" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_SeedRandom" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_SeedRandom" (cksessionhandlet_, seed) in if take_ret = true then (ret) else Backend.c_SeedRandom cksessionhandlet_ seed (*************************************************************************) let c_GenerateRandom cksessionhandlet_ count = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED, [| |]) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_GenerateRandom" (cksessionhandlet_, count) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_GenerateRandom" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_GenerateRandom" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED, [| |]) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_GenerateRandom" (cksessionhandlet_, count) in if take_ret = true then (ret) else Backend.c_GenerateRandom cksessionhandlet_ count (*************************************************************************) let c_GetFunctionStatus cksessionhandlet_ = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_GetFunctionStatus" (cksessionhandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_GetFunctionStatus" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_GetFunctionStatus" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_GetFunctionStatus" (cksessionhandlet_) in if take_ret = true then (ret) else Backend.c_GetFunctionStatus cksessionhandlet_ (*************************************************************************) let c_CancelFunction cksessionhandlet_ = (* If no module is defined, return a CKR_GENERAL_ERROR *) match !current_module with None -> (Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED) | _ -> (*************************************) (* Early actions before other checks *) let (take_ret, ret) = apply_pre_filter_actions "C_CancelFunction" (cksessionhandlet_) in if take_ret = true then (ret) else (* Check the function *) let check = check_function_in_forbidden_functions_list "C_CancelFunction" !forbidden_functions in if check = true then let _ = print_debug "Blocking function C_CancelFunction" 1 in (Pkcs11.cKR_FUNCTION_NOT_SUPPORTED) else (* Late actions after other checks *) let (take_ret, ret) = apply_post_filter_actions "C_CancelFunction" (cksessionhandlet_) in if take_ret = true then (ret) else Backend.c_CancelFunction cksessionhandlet_ caml-crush-1.0.12/src/filter/filter/filter_actions.ml000066400000000000000000000250031414774042300225370ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 filter 4] source tree: | ---------------------- | 4] PKCS#11 filter | ---------------------- | Project: PKCS#11 Filtering Proxy File: src/filter/filter/filter_actions.ml ************************** MIT License HEADER ***********************************) (* The following file can be seen as a "plugins" extension *) (* to the fiter rules. All the actions described here after *) (* can be called from within the filter engine BEFORE any *) (* filtering rule is applied: in that sense, actions can be *) (* seen as a full extension and/or replacement of the genuine *) (* rules that are already offered by the filter. See the *) (* documentation for more details on how to add new actions *) (* and how they interact with the filter engine. *) open Config_file open Filter_common (* WARNING: marshalling is type unsafe: care must be taken *) (* when defining custom actions! *) (* In any case, if the serialize or deserialize fail, we *) (* force a container exit! *) let serialize x = try Marshal.to_string x [] with _ -> print_error "MARSHALLING ERROR when serializing! Check your custom functions! KILLING the container ..."; exit 0 let deserialize x = try Marshal.from_string x 0 with _ -> print_error "MARSHALLING ERROR when deserializing! Check your custom functions! KILLING the container ..."; exit 0 (********* CUSTOM actions ******) let c_Initialize_hook fun_name _ = let s = Printf.sprintf " ########## Hooking %s!" fun_name in print_debug s 1; let return_value = serialize (false, ()) in (return_value) let c_Login_hook fun_name arg = let (cksessionhandlet_, ckusertypet_, pin) = (deserialize arg) in if compare (Pkcs11.char_array_to_string pin) "1234" = 0 then (* Passtrhough if pin is 1234 *) let s = Printf.sprintf " ######### Passthrough %s with pin %s!" fun_name (Pkcs11.char_array_to_string pin) in print_debug s 1; (serialize (false, ())) else begin (* Hook the call if pin != 1234 *) let s = Printf.sprintf " ######### Hooking %s with pin %s!" fun_name (Pkcs11.char_array_to_string pin) in print_debug s 1; let return_value = serialize (true, Pkcs11.cKR_PIN_LOCKED) in (return_value) end let identity fun_name _ = let s = Printf.sprintf " ######### Identity hook called for %s!" fun_name in print_debug s 1; let return_value = serialize (false, ()) in (return_value) (*** Common helpers for the patches *****) INCLUDE "filter_actions_helpers/helpers_patch.ml" (***********************************************************************) (***** CryptokiX patches as user defined actions ******) (***********************************************************************) (* The patch preventing directly reading sensitive or extractable keys *) (* see http://secgroup.dais.unive.it/projects/security-apis/cryptokix/ *) INCLUDE "p11fix_patches/sensitive_leak_patch.ml" (***********************************************************************) (* We sanitize the creation templates to avoid default values *) (* Default attributes we want to apply when not defined by a creation template *) INCLUDE "p11fix_patches/sanitize_creation_templates_patch.ml" (***********************************************************************) (* The conflicting attributes patch: *) (* see http://secgroup.dais.unive.it/projects/security-apis/cryptokix/ *) INCLUDE "p11fix_patches/conflicting_attributes_patch.ml" (***********************************************************************) (* The sticky attributes patch: *) (* see http://secgroup.dais.unive.it/projects/security-apis/cryptokix/ *) INCLUDE "p11fix_patches/sticky_attributes_patch.ml" (***********************************************************************) (* The wrapping format patch: *) (* see http://secgroup.dais.unive.it/projects/security-apis/cryptokix/ *) INCLUDE "p11fix_patches/wrapping_format_patch.ml" (***********************************************************************) (* The local and non local objects patch: *) INCLUDE "p11fix_patches/non_local_objects_patch.ml" (***********************************************************************) (* The secure templates patch: *) (* see http://secgroup.dais.unive.it/projects/security-apis/cryptokix/ *) INCLUDE "p11fix_patches/secure_templates_patch.ml" (***********************************************************************) (* The existing sensitive keys patch: *) INCLUDE "p11fix_patches/existing_sensitive_keys_patch.ml" (***********************************************************************) (********* CUSTOM actions wrappers for the configuration file ******) let execute_action fun_name action argument = match action with "c_Initialize_hook" -> c_Initialize_hook fun_name argument | "c_Login_hook" -> c_Login_hook fun_name argument | "identity" -> identity fun_name argument | "conflicting_attributes_patch" -> conflicting_attributes_patch fun_name argument | "conflicting_attributes_patch_on_existing_objects" -> conflicting_attributes_patch_on_existing_objects fun_name argument | "sticky_attributes_patch" -> sticky_attributes_patch fun_name argument | "sanitize_creation_templates_patch" -> sanitize_creation_templates_patch fun_name argument | "prevent_sensitive_leak_patch" -> prevent_sensitive_leak_patch fun_name argument | "wrapping_format_patch" -> wrapping_format_patch fun_name argument | "non_local_objects_patch" -> non_local_objects_patch fun_name argument | "do_segregate_usage" -> do_segregate_usage fun_name argument | "secure_templates_patch" -> secure_templates_patch fun_name argument | "dangerous_sensitive_keys_paranoid" -> dangerous_sensitive_keys_paranoid fun_name argument | "dangerous_sensitive_keys_escrow_encrypt" -> dangerous_sensitive_keys_escrow_encrypt fun_name argument | "dangerous_sensitive_keys_escrow_all" -> dangerous_sensitive_keys_escrow_all fun_name argument | _ -> identity fun_name argument let string_check_action a = match a with "c_Initialize_hook" -> a | "c_Login_hook" -> a | "identity" -> a | "conflicting_attributes_patch" -> a | "conflicting_attributes_patch_on_existing_objects" -> a | "sticky_attributes_patch" -> a | "sanitize_creation_templates_patch" -> a | "prevent_sensitive_leak_patch" -> a | "wrapping_format_patch" -> a | "non_local_objects_patch" -> a | "do_segregate_usage" -> a | "secure_templates_patch" -> a | "dangerous_sensitive_keys_paranoid" -> a | "dangerous_sensitive_keys_escrow_encrypt" -> a | "dangerous_sensitive_keys_escrow_all" -> a | _ -> let error_string = Printf.sprintf "Error: unknown action option '%s'!" a in netplex_log_critical error_string; raise Config_file_wrong_type (* Wrapper for actions defined in the plugin *) let actions_wrappers = { to_raw = (fun input -> Config_file.Raw.String input); of_raw = function | Config_file.Raw.String input -> string_check_action input | _ -> netplex_log_critical "Error: got wrong action type!"; raise Config_file_wrong_type } caml-crush-1.0.12/src/filter/filter/filter_actions_helpers/000077500000000000000000000000001414774042300237275ustar00rootroot00000000000000caml-crush-1.0.12/src/filter/filter/filter_actions_helpers/helpers_patch.ml000066400000000000000000000627431414774042300271160ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 filter 4] source tree: | ---------------------- | 4] PKCS#11 filter | ---------------------- | Project: PKCS#11 Filtering Proxy File: src/filter/filter/filter_actions_helpers/helpers_patch.ml ************************** MIT License HEADER ***********************************) (* Use aliases if this is an old version (< 4.02) of OCaml without a Bytes module *) IFDEF OCAML_NO_BYTES_MODULE THEN module Bytes = String ENDIF (* Global value to tell if we want to segregate usage *) let segregate_usage = ref false let do_segregate_usage _ _ = (let info_string = Printf.sprintf "[User defined extensions]: Activating KEY USAGE SEGREGATION (encrypt/decrypt versus sign/verify)" in print_debug info_string 1; segregate_usage := true; serialize (false, ())) (* The critical attributes we focus on in all the patches *) let critical_attributes key_segregation = if compare key_segregation true = 0 then (* If we segregate key usage, we add the sign-verify in the critical attributes *) [| {Pkcs11.type_ = Pkcs11.cKA_CLASS; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_EXTRACTABLE; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_ALWAYS_SENSITIVE; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_NEVER_EXTRACTABLE; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_PRIVATE; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_DERIVE; Pkcs11.value = [||]} ; (** Add the sign/verify attributes for key segregation patch **) {Pkcs11.type_ = Pkcs11.cKA_SIGN; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_VERIFY; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_SIGN_RECOVER; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_VERIFY_RECOVER; Pkcs11.value = [||]} ; |] else [| {Pkcs11.type_ = Pkcs11.cKA_CLASS; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_EXTRACTABLE; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_ALWAYS_SENSITIVE; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_NEVER_EXTRACTABLE; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_PRIVATE; Pkcs11.value = [||]} ; {Pkcs11.type_ = Pkcs11.cKA_DERIVE; Pkcs11.value = [||]} ; |] (* The following function removes values from a template array *) (* It is useful when we do not want sensitive values to go to *) (* the frontend *) let expurge_template_from_values templates_array = (Array.map (fun templ -> {Pkcs11.type_ = templ.Pkcs11.type_; Pkcs11.value = Array.make (Array.length templ.Pkcs11.value) (Char.chr 0)}) templates_array) let remove_asked_specific_type_from_template templates_array the_attribute = let (new_templates_array, positions, current_position) = Array.fold_left ( fun (curr_array, pos, curr_pos) templ -> if compare templ.Pkcs11.type_ the_attribute = 0 then (curr_array, Array.append pos [|curr_pos|], curr_pos+1) else (Array.append curr_array [|templ|], pos, curr_pos+1) ) ([||], [||], 0) templates_array in (new_templates_array, positions) let remove_asked_value_type_from_template templates_array = (remove_asked_specific_type_from_template templates_array Pkcs11.cKA_VALUE) let insert_in_array the_array element position = if compare position 0 = 0 then (Array.concat [[| element |]; the_array]) else let sub_array_one = Array.sub the_array 0 position in let sub_array_two = Array.sub the_array position (Array.length the_array - position) in (Array.concat [sub_array_one; [| element |]; sub_array_two]) let insert_purged_value_type_in_template templates_array positions = let new_array = ref templates_array in Array.iter ( fun pos -> new_array := insert_in_array !new_array {Pkcs11.type_ = Pkcs11.cKA_VALUE; Pkcs11.value = [||]} pos; ) positions; (!new_array) let expurge_template_from_irrelevant_attributes templates_array = let new_templates_array = Array.fold_left ( fun curr_array templ -> if compare templ.Pkcs11.value [||] = 0 then (curr_array) else (Array.append curr_array [|templ|]) ) [||] templates_array in (new_templates_array) let find_existing_attribute attributes attribute = let check = List.filter (fun a -> compare a.Pkcs11.type_ attribute.Pkcs11.type_ = 0) (Array.to_list attributes) in if compare (List.length check) 0 = 0 then (false) else (true) let find_existing_attribute_value attributes attribute = let check = List.filter (fun a -> (compare a.Pkcs11.type_ attribute.Pkcs11.type_ = 0) && (compare a.Pkcs11.value attribute.Pkcs11.value = 0)) (Array.to_list attributes) in if compare (List.length check) 0 = 0 then (false) else (true) let get_existing_attribute_value attributes attribute = let check = List.filter (fun a -> (compare a.Pkcs11.type_ attribute.Pkcs11.type_ = 0)) (Array.to_list attributes) in if compare (List.length check) 0 = 0 then ([||]) else ((List.hd check).Pkcs11.value) (* The following function appends to new_attributes the attributes in old_attributes that are not defined in new_attributes *) let merge_templates old_attributes new_attributes = (* Remove current object attributes from the new attributes *) let purged_attributes = Array.fold_left ( fun new_array a -> if find_existing_attribute new_attributes a = false then (Array.append new_array [|a|]) else (new_array) ) [||] old_attributes in (* Merge the two arrays *) let full_list_attributes = Array.append purged_attributes new_attributes in (full_list_attributes) (* All the critical attributes might no be extracted depending on the object type *) (* Hence, we remove all the empty attributes that have not been extracted *) (************************************************************************************) (* Get the critical attributes in one C_GetAttributeValue call *) let filter_getAttributeValue_raw sessionh objecth the_critical_attributes = let (ret, attributes) = Backend.c_GetAttributeValue sessionh objecth the_critical_attributes in if (compare ret Pkcs11.cKR_OK = 0) || (compare ret Pkcs11.cKR_ATTRIBUTE_TYPE_INVALID = 0) then (* Expurge template from the non extracted attributes *) (Pkcs11.cKR_OK, expurge_template_from_irrelevant_attributes attributes) else (* Return the error with purged values *) (ret, expurge_template_from_values attributes) (* Get the critical attributes in multiple C_GetAttributeValue calls *) let filter_getAttributeValue_multi_call sessionh objecth the_critical_attributes = let (ret, attributes) = Array.fold_left ( fun (curr_ret, curr_attributes) attr -> (* If the last GetAttributeValue returned an error, skip the rest with empty values *) if compare curr_ret Pkcs11.cKR_OK <> 0 then (curr_ret, Array.append curr_attributes [| attr |]) else let (the_ret, attr_array) = Backend.c_GetAttributeValue sessionh objecth [| attr |] in if compare the_ret Pkcs11.cKR_OK = 0 then (* It is ok, we have the value, push the result in the array *) (Pkcs11.cKR_OK, Array.append curr_attributes attr_array) else if compare the_ret Pkcs11.cKR_ATTRIBUTE_TYPE_INVALID = 0 then (* We cannot extract the attribute, just add it empty to the attribute list *) (Pkcs11.cKR_OK, Array.append curr_attributes [| attr |]) else (* We have another error, report it and add the attribute empty *) (the_ret, Array.append curr_attributes [| attr |]) ) (Pkcs11.cKR_OK, [||]) the_critical_attributes in if compare ret Pkcs11.cKR_OK = 0 then (Pkcs11.cKR_OK, attributes) else (* Return the error with purged values *) (ret, expurge_template_from_values attributes) let filter_getAttributeValue sessionh objecth the_critical_attributes = (filter_getAttributeValue_multi_call sessionh objecth the_critical_attributes) (* Errors for GetAttributeValue that we want to keep to remain P11 conforming *) let conforming_errors_ = [ Pkcs11.cKR_GENERAL_ERROR; Pkcs11.cKR_SLOT_ID_INVALID; Pkcs11.cKR_KEY_HANDLE_INVALID; Pkcs11.cKR_SESSION_CLOSED; Pkcs11.cKR_SESSION_HANDLE_INVALID; Pkcs11.cKR_TOKEN_NOT_PRESENT; Pkcs11.cKR_CRYPTOKI_NOT_INITIALIZED; Pkcs11.cKR_OBJECT_HANDLE_INVALID ] let conforming_errors = ref conforming_errors_ let getAttributeValueErrors ret = let check = List.filter (fun a -> compare a ret = 0) !conforming_errors in if compare (List.length check) 0 <> 0 then (ret) else (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID) (* Get the class of an object from an attributes array *) let get_object_class attributes = let object_class_ = [||] in let object_class = ref object_class_ in Array.iter ( fun templ -> if compare templ.Pkcs11.type_ Pkcs11.cKA_CLASS = 0 then object_class := templ.Pkcs11.value; ) attributes; if compare !object_class [||] = 0 then (None) else (Some (Pkcs11.char_array_to_ulong !object_class)) let is_object_class_key attributes = let object_class_ = get_object_class attributes in match object_class_ with None -> (false) |Some object_class -> begin match Pkcs11.match_cKO_value object_class with ("cKO_SECRET_KEY" | "cKO_PRIVATE_KEY" | "cKO_PUBLIC_KEY") -> (true) | _ -> (false) end let is_object_class_private_key attributes = let object_class_ = get_object_class attributes in match object_class_ with None -> (false) |Some object_class -> begin match Pkcs11.match_cKO_value object_class with "cKO_PRIVATE_KEY" -> (true) | _ -> (false) end let is_existing_object_class_key sessionh objecth = (* Get the CKA_CLASS attributes *) let cka_class_template = [| {Pkcs11.type_ = Pkcs11.cKA_CLASS; Pkcs11.value = [||]} |] in let (ret, attributes) = Backend.c_GetAttributeValue sessionh objecth cka_class_template in if compare ret Pkcs11.cKR_OK = 0 then let (ret, attributes) = Backend.c_GetAttributeValue sessionh objecth attributes in if compare ret Pkcs11.cKR_OK = 0 then (* We have got the class, now check it *) (is_object_class_key attributes) else (* GetAttributeValue returned an error, fail with an exception *) let s = "[User defined extensions] C_GettAttributeValue CRITICAL ERROR when getting CKA_CLASS (this should not happen ...)\n" in netplex_log_critical s; failwith s else (* GetAttributeValue returned an error, fail with an exception *) let s = "[User defined extensions] C_GettAttributeValue CRITICAL ERROR when getting CKA_CLASS (this should not happen ...)\n" in netplex_log_critical s; failwith s let is_existing_object_class_private_key sessionh objecth = (* Get the CKA_CLASS attributes *) let cka_class_template = [| {Pkcs11.type_ = Pkcs11.cKA_CLASS; Pkcs11.value = [||]} |] in let (ret, attributes) = Backend.c_GetAttributeValue sessionh objecth cka_class_template in if compare ret Pkcs11.cKR_OK = 0 then let (ret, attributes) = Backend.c_GetAttributeValue sessionh objecth attributes in if compare ret Pkcs11.cKR_OK = 0 then (* We have got the class, now check it *) (is_object_class_private_key attributes) else (* GetAttributeValue returned an error, fail with an exception *) let s = "[User defined extensions] C_GettAttributeValue CRITICAL ERROR when getting CKA_CLASS (this should not happen ...)\n" in netplex_log_critical s; failwith s else (* GetAttributeValue returned an error, fail with an exception *) let s = "[User defined extensions] C_GettAttributeValue CRITICAL ERROR when getting CKA_CLASS (this should not happen ...)\n" in netplex_log_critical s; failwith s (* Check if two templates are compatible regarding their defined attributes *) let check_are_templates_nonconforming fun_name attributes new_attributes = let check = Array.fold_left ( fun curr_check curr_attr -> let tmp_check = Array.fold_left ( fun tmp_check curr_new_attr -> if (compare curr_new_attr.Pkcs11.type_ curr_attr.Pkcs11.type_ = 0) && (compare curr_new_attr.Pkcs11.value curr_attr.Pkcs11.value <> 0) then let s = Printf.sprintf "%s" (Pkcs11.sprint_template_array [| curr_new_attr; curr_attr|]) in let _ = print_debug s 1 in (tmp_check || true) else (tmp_check || false) ) false new_attributes in (curr_check || tmp_check) ) false attributes in (check) (* Check if attribute is set to TRUE in an attributes array *) let check_is_attribute_set fun_name the_attr attributes = let check = Array.fold_left ( fun check_tmp attr -> if (compare attr.Pkcs11.type_ the_attr = 0) && (compare attr.Pkcs11.value (Pkcs11.bool_to_char_array Pkcs11.cK_TRUE) = 0) then (check_tmp || true) else (check_tmp || false) ) false attributes in (check) (* Check if a given attribute is asked in the given template *) let check_is_attribute_asked fun_name the_attr attributes = let check = Array.fold_left ( fun check_tmp attr -> if (compare attr.Pkcs11.type_ the_attr = 0) then (check_tmp || true) else (check_tmp || false) ) false attributes in (check) (* Stricky attributes checks *) let check_for_sticky_attribute fun_name old_attribute new_attribute the_sticky_attributes = let oatype = old_attribute.Pkcs11.type_ in let oavalue = old_attribute.Pkcs11.value in let natype = new_attribute.Pkcs11.type_ in let navalue = new_attribute.Pkcs11.value in if compare oatype natype = 0 then let check = Array.fold_left ( fun curr_check curr_attr -> (* Detect a sticky attribute if the type is the same but we try to (un)set it *) if (compare oatype curr_attr.Pkcs11.type_ = 0) && (compare natype curr_attr.Pkcs11.type_ = 0) && (compare oavalue curr_attr.Pkcs11.value = 0) && (compare navalue curr_attr.Pkcs11.value <> 0) then let info_string = Printf.sprintf "[User defined extensions]: STICKY_ATTRIBUTES asked during %s for %s=%s to %s" fun_name (Pkcs11.match_cKA_value oatype) (Pkcs11.sprint_bool_attribute_value (Pkcs11.char_array_to_bool (old_attribute.Pkcs11.value))) (Pkcs11.sprint_bool_attribute_value (Pkcs11.char_array_to_bool (new_attribute.Pkcs11.value))) in let _ = print_debug info_string 1 in (curr_check || true) else (curr_check || false) ) false the_sticky_attributes in (check) else (false) (*** Sticky attributes helper ***) let detect_sticky_attributes fun_name attributes new_attributes the_sticky_attributes = let check = Array.fold_left ( fun curr_check curr_attr -> let tmp_check = Array.fold_left ( fun tmp_check curr_new_attr -> (tmp_check || (check_for_sticky_attribute fun_name curr_attr curr_new_attr the_sticky_attributes)) ) false new_attributes in (curr_check || tmp_check) ) false attributes in (check) (*** Conflicting attributes helper ***) let check_for_attribute_value function_name atype avalue attributes_list = let check = Array.fold_left ( fun curr_check curr_attr -> let curr_type = curr_attr.Pkcs11.type_ in let curr_value = curr_attr.Pkcs11.value in if (compare curr_type atype = 0) && (compare curr_value avalue = 0) then (curr_check || true) else (curr_check || false) ) false attributes_list in (check) let detect_conflicting_attributes function_name attributes new_attributes the_conflicting_attribute = (* Merge the attributes to get a good overview *) let full_list_attributes = merge_templates attributes new_attributes in (* Now, check the given attributes list against conflicting attributes *) (* For each conflicting couple, check if it satisfied in the attributes list *) let check = Array.fold_left ( fun curr_check cr_attr -> (* Extract the current cnflicting attributes to check *) let first_a = fst cr_attr in let first_a_type = first_a.Pkcs11.type_ in let first_a_value = first_a.Pkcs11.value in let second_a = snd cr_attr in let second_a_type = second_a.Pkcs11.type_ in let second_a_value = second_a.Pkcs11.value in (* Parse the full list and check for our values if a proper type is found *) let block_it = (check_for_attribute_value function_name first_a_type first_a_value full_list_attributes) && (check_for_attribute_value function_name second_a_type second_a_value full_list_attributes) in if block_it = true then let info_string = Printf.sprintf "[User defined extensions]: CONFLICTING_ATTRIBUTES asked during %s for %s=%s and %s=%s" function_name (Pkcs11.match_cKA_value first_a_type) (Pkcs11.sprint_bool_attribute_value (Pkcs11.char_array_to_bool first_a_value)) (Pkcs11.match_cKA_value second_a_type) (Pkcs11.sprint_bool_attribute_value (Pkcs11.char_array_to_bool second_a_value)) in let _ = print_debug info_string 1 in (curr_check || block_it) else (curr_check || block_it) ) false the_conflicting_attribute in (check) (* Function to check for conflicting attributes on existing objects *) let detect_conflicting_attributes_on_existing_object function_name sessionh objecth the_conflicting_attribute = let (ret, templates) = filter_getAttributeValue sessionh objecth (critical_attributes !segregate_usage) in if (compare ret Pkcs11.cKR_OK <> 0) || (compare templates [||] = 0) then if (compare ret Pkcs11.cKR_OK <> 0) then (true) else let s = Printf.sprintf "[User defined extensions] %s CRITICAL ERROR when getting critical attributes (it is not possible to get these attributes from the backend ...): in CONFLICTING_ATTRIBUTES\n" function_name in netplex_log_critical s; failwith s; else let (ret, templates_values) = filter_getAttributeValue sessionh objecth templates in if compare ret Pkcs11.cKR_OK <> 0 then (true) else let check = detect_conflicting_attributes function_name templates_values [||] the_conflicting_attribute in (check) IFDEF OCAML_NO_BYTES_MODULE THEN let execute_external_command command data argvs env = let buffer_size = 2048 in let buffer_stdout = Buffer.create buffer_size in let buffer_stderr = Buffer.create buffer_size in (* Append the argvs to the command *) let command = String.concat " " (List.concat [ [command]; Array.to_list argvs ]) in let str_buffer = Bytes.create buffer_size in let (in_channel_stdout, out_channel, in_channel_stderr) = Unix.open_process_full command [||] in (* Write data to out_channel *) output out_channel data 0 (String.length data); (* Close out_channel to tell it's over *) flush out_channel; close_out out_channel; (* Read result data on the in_channel stdout *) let chars_read_stdout = ref 1 in while !chars_read_stdout <> 0 do chars_read_stdout := input in_channel_stdout str_buffer 0 buffer_size; Buffer.add_substring buffer_stdout str_buffer 0 !chars_read_stdout done; (* Command done, read stderr *) let chars_read_stderr = ref 1 in while !chars_read_stderr <> 0 do chars_read_stderr := input in_channel_stderr str_buffer 0 buffer_size; Buffer.add_substring buffer_stderr str_buffer 0 !chars_read_stderr done; let ret_status = Unix.close_process_full (in_channel_stdout, out_channel, in_channel_stderr) in match ret_status with Unix.WEXITED(0) -> (true, Buffer.contents buffer_stdout, Buffer.contents buffer_stderr) | _ -> (false, "", Buffer.contents buffer_stderr) ENDIF IFNDEF OCAML_NO_BYTES_MODULE THEN let execute_external_command command data argvs env = let buffer_size = 2048 in let buffer_stdout = Buffer.create buffer_size in let buffer_stderr = Buffer.create buffer_size in (* Append the argvs to the command *) let command = String.concat " " (List.concat [ [command]; Array.to_list argvs ]) in let str_buffer = Bytes.create buffer_size in let (in_channel_stdout, out_channel, in_channel_stderr) = Unix.open_process_full command [||] in (* Write data to out_channel *) output_string out_channel data; (* Close out_channel to tell it's over *) flush out_channel; close_out out_channel; (* Read result data on the in_channel stdout *) let chars_read_stdout = ref 1 in while !chars_read_stdout <> 0 do chars_read_stdout := input in_channel_stdout str_buffer 0 buffer_size; Buffer.add_subbytes buffer_stdout str_buffer 0 !chars_read_stdout done; (* Command done, read stderr *) let chars_read_stderr = ref 1 in while !chars_read_stderr <> 0 do chars_read_stderr := input in_channel_stderr str_buffer 0 buffer_size; Buffer.add_subbytes buffer_stderr str_buffer 0 !chars_read_stderr done; let ret_status = Unix.close_process_full (in_channel_stdout, out_channel, in_channel_stderr) in match ret_status with Unix.WEXITED(0) -> (true, Buffer.contents buffer_stdout, Buffer.contents buffer_stderr) | _ -> (false, "", Buffer.contents buffer_stderr) ENDIF caml-crush-1.0.12/src/filter/filter/filter_common.ml000066400000000000000000000206501414774042300223720ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 filter 4] source tree: | ---------------------- | 4] PKCS#11 filter | ---------------------- | Project: PKCS#11 Filtering Proxy File: src/filter/filter/filter_common.ml ************************** MIT License HEADER ***********************************) (** Defining the configure exceptions **) exception Config_file_none exception Config_file_wrong_type exception Config_file_double_entry exception Mechanisms_except exception Modules_except exception Mechanism_forbidden exception Find_list_except exception Labels_except exception Ids_except exception P11_functions_except exception Enforce_RO_except exception Forbid_admin exception Remove_padding_oracles exception Actions_except exception Wrapping_key_except (** Generic function to get the value of an option **) let get = function | Some x -> x | None -> raise (Invalid_argument "Option.get") (************************************) (* Global variables and structures *) (* of the filter core engine *) (************************************) let current_find_objects_filtered_handles : Pkcs11.ck_object_handle_t array ref = ref [| |] (* Current module if it is loaded *) let current_module : string option ref = ref None (* FIXME: putting the wrapping format key as a global variable here *) (* is not very clever, but this is the easiest way to share it among *) (* our configuration and user actions modules *) (* We should move it in the P11 patchset fix in a future release *) let wrapping_format_key : char array ref = ref [||] (****************************) (* Basic logging primitives *) (****************************) (* Channel variable needed for logging *) let log_subch = ref "" let debug = ref 0 let netplex_log_info s = if String.length !log_subch <> 0 then begin (Netplex_cenv.self_cont()) # log_subch !log_subch `Info s; () end else begin Netplex_cenv.log `Info s; () end let netplex_log_warning s = if String.length !log_subch <> 0 then begin (Netplex_cenv.self_cont()) # log_subch !log_subch `Warning s; () end else begin Netplex_cenv.log `Warning s; () end let netplex_log_error s = if String.length !log_subch <> 0 then begin (Netplex_cenv.self_cont()) # log_subch !log_subch `Err s; () end else begin Netplex_cenv.log `Err s; () end let netplex_log_critical s = if String.length !log_subch <> 0 then begin (Netplex_cenv.self_cont()) # log_subch !log_subch `Crit s; () end else begin Netplex_cenv.log `Crit s; () end let print_debug message level = (* We only print the message if the debug level is sufficient *) if level <= !debug then begin let s = Printf.sprintf "[PKCS#11 FILTER pid %d] [DEBUG_LEVEL %d/%d] %s" (Unix.getpid()) level !debug message in netplex_log_info s; end; () let print_error message = let s = Printf.sprintf "[PKCS#11 FILTER pid %d] ERROR: %s" (Unix.getpid()) message in netplex_log_error s; () (************************************) (**** Basic checking primitives *****) (* Check if an element is in a list *) let check_element_in_list the_list element = (* Find the element *) let found = try Some (List.find (fun a -> compare a element = 0) the_list) with (* If not found, return false *) Not_found -> (None) in if found = None then (false) else (true) (* The hash table that keeps track of regexp/string matching or unmatching *) let regexp_hash_tbl = ref (Hashtbl.create 0) (* Check if b fits the regexp in a *) let check_regexp a b = (* Check if we already have a positive match in our hash table *) let found = (try Hashtbl.find !regexp_hash_tbl (a,b) with (* If a match is found, return it *) Not_found -> (* We have not found a match in the hash table, add it *) (* Add an end of line character $ at the end of the string *) (* to match to avoid sub strings match *) let check = Str.string_match (Str.regexp (Printf.sprintf "%s$" a)) b 0 in let _ = Hashtbl.add !regexp_hash_tbl (a, b) check in (check)) in (found) (* Check if an element is in a regexp string list *) let check_regexp_element_in_list the_list element = (* Find the element *) let found = try Some (List.find (fun a -> check_regexp a element = true) the_list) with (* If not found, return false *) Not_found -> (None) in if found = None then (false) else (true) (* Check if an alias is indeed present in the couples list as a first element *) let check_alias the_list alias = (* Find the element *) let found = try Some (List.find (fun (a, _) -> check_regexp alias a = true) the_list) with (* If not found, return false *) Not_found -> (None) in if found = None then (false) else (true) let get_aliases_from_regexp the_list regexp = (* For each alias in the list, get *) let matched_aliases = List.fold_left (fun s (a, _) -> let ret_s = if check_regexp regexp a = true then Printf.sprintf "%s '%s'" s a else s in (ret_s)) "" the_list in (matched_aliases) caml-crush-1.0.12/src/filter/filter/filter_configuration.ml000066400000000000000000001076101414774042300237530ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 filter 4] source tree: | ---------------------- | 4] PKCS#11 filter | ---------------------- | Project: PKCS#11 Filtering Proxy File: src/filter/filter/filter_configuration.ml ************************** MIT License HEADER ***********************************) (* Filter configuration handling *) open Config_file open Filter_common open Filter_actions (* Use aliases if this is an old version (< 4.02) of OCaml without a Bytes module *) IFDEF OCAML_NO_BYTES_MODULE THEN module Bytes = String ENDIF let string_check_function a = match a with "C_LoadModule" -> a | "C_Initialize" -> a | "C_Finalize" -> a | "C_GetSlotList" -> a | "C_GetInfo" -> a | "C_WaitForSlotEvent" -> a | "C_GetSlotInfo" -> a | "C_GetTokenInfo" -> a | "C_InitToken" -> a | "C_OpenSession" -> a | "C_CloseSession" -> a | "C_CloseAllSessions" -> a | "C_GetSessionInfo" -> a | "C_Login" -> a | "C_Logout" -> a | "C_GetMechanismList" -> a | "C_GetMechanismInfo" -> a | "C_InitPIN" -> a | "C_SetPIN" -> a | "C_SeedRandom" -> a | "C_GenerateRandom" -> a | "C_FindObjectsInit" -> a | "C_FindObjects" -> a | "C_FindObjectsFinal" -> a | "C_GenerateKey" -> a | "C_GenerateKeyPair" -> a | "C_CreateObject" -> a | "C_CopyObject" -> a | "C_DestroyObject" -> a | "C_GetAttributeValue" -> a | "C_SetAttributeValue" -> a | "C_GetObjectSize" -> a | "C_WrapKey" -> a | "C_UnwrapKey" -> a | "C_DeriveKey" -> a | "C_DigestInit" -> a | "C_Digest" -> a | "C_DigestUpdate" -> a | "C_DigestKey" -> a | "C_DigestFinal" -> a | "C_SignInit" -> a | "C_SignRecoverInit" -> a | "C_Sign" -> a | "C_SignRecover" -> a | "C_SignUpdate" -> a | "C_SignFinal" -> a | "C_VerifyInit" -> a | "C_VerifyRecoverInit" -> a | "C_Verify" -> a | "C_VerifyRecover" -> a | "C_VerifyUpdate" -> a | "C_VerifyFinal" -> a | "C_EncryptInit" -> a | "C_Encrypt" -> a | "C_EncryptUpdate" -> a | "C_EncryptFinal" -> a | "C_DigestEncryptUpdate" -> a | "C_SignEncryptUpdate" -> a | "C_DecryptInit" -> a | "C_Decrypt" -> a | "C_DecryptUpdate" -> a | "C_DecryptFinal" -> a | "C_DecryptDigestUpdate" -> a | "C_DecryptVerifyUpdate" -> a | "C_GetOperationState" -> a | "C_SetOperationState" -> a | "C_GetFunctionStatus" -> a | "C_CancelFunction" -> a | _ -> let error_string = Printf.sprintf "Error: unknown PKCS#11 function '%s'!" a in netplex_log_critical error_string; raise Config_file_wrong_type let string_check_padding a = match a with "wrap" -> a | "unwrap" -> a | "encrypt" -> a | "sign" -> a | "all" -> a | _ -> let error_string = Printf.sprintf "Error: unknown padding option '%s'!" a in netplex_log_critical error_string; raise Config_file_wrong_type (*************************) (** Our custom wrappers **) (* Wrapper for mechanisms *) let ck_mechanism_type_t_wrappers = { to_raw = (fun input -> Config_file.Raw.String (Pkcs11.match_cKM_value input)); of_raw = function | Config_file.Raw.String input -> (try Pkcs11.string_to_cKM_value input with Pkcs11.Mechanism_unknown a -> let error_string = Printf.sprintf "Error: unknown mechanism '%s'!" a in netplex_log_critical error_string; raise Config_file_wrong_type;) | _ -> netplex_log_critical "Error: got wrong mechanism type!"; raise Config_file_wrong_type } (* Wrapper for forbidden functions *) let functions_wrappers = { to_raw = (fun input -> Config_file.Raw.String input); of_raw = function | Config_file.Raw.String input -> string_check_function input | _ -> netplex_log_critical "Error: got wrong function type!"; raise Config_file_wrong_type } (* Wrapper for dangerous PKCS#11 paddings *) let padding_wrappers = { to_raw = (fun input -> Config_file.Raw.String input); of_raw = function | Config_file.Raw.String input -> string_check_padding input | _ -> netplex_log_critical "Error: got wrong padding option type!"; raise Config_file_wrong_type } (*******************************) (**** Configuration entries ****) let group = new group let modules_ = new list_cp (tuple2_wrappers string_wrappers string_wrappers) ~group ["modules"] [] "Modules aliases." let modules = ref [] (* For debug and log subchannel, the references are in the filter_common file *) let debug_ = new int_cp ~group ["debug"] 0 "Debug verbosity" let log_subch_ = new string_cp ~group ["log_subchannel"] "" "Subchannel to log to" (* The following entries can be module dependent *) (* Forbidden mechanisms *) let forbidden_mechanisms_ = new list_cp (tuple2_wrappers string_wrappers (list_wrappers ck_mechanism_type_t_wrappers)) ~group ["forbidden_mechanisms"] [] "Forbidden mechanisms" let forbidden_mechanisms = ref [] (* Allowed labels for objects *) let allowed_labels_ = new list_cp (tuple2_wrappers string_wrappers (list_wrappers string_wrappers)) ~group ["allowed_labels"] [] "Allowed labels for objects" let allowed_labels = ref [] (* Allowed ids for objects *) let allowed_ids_ = new list_cp (tuple2_wrappers string_wrappers (list_wrappers string_wrappers)) ~group ["allowed_ids"] [] "Allowed IDs for objects" let allowed_ids = ref [] (* Forbidden PKCS#11 functions *) let forbidden_functions_ = new list_cp (tuple2_wrappers string_wrappers (list_wrappers functions_wrappers)) ~group ["forbidden_functions"] [] "Forbidden PKCS#11 functions" let forbidden_functions = ref [] (* Enforce RO sessions *) let enforce_ro_sessions_ = new list_cp (tuple2_wrappers string_wrappers bool_wrappers) ~group ["enforce_ro_sessions"] [] "Enforce RO sessions" let enforce_ro_sessions = ref [] (* Prevent admin operations *) let forbid_admin_operations_ = new list_cp (tuple2_wrappers string_wrappers bool_wrappers) ~group ["forbid_admin_operations"] [] "Forbid admin (SO) login" let forbid_admin_operations = ref [] (* Remove padding oracles in UnWrap *) (* List of dangerous paddings with regard to padding oracle attacks - PKCS#11 v1.5 and CBC_PAD - *) let padding_oracle_mechanisms_ = [Pkcs11.cKM_RSA_PKCS; Pkcs11.cKM_MD2_RSA_PKCS; Pkcs11.cKM_MD5_RSA_PKCS; Pkcs11.cKM_SHA1_RSA_PKCS; Pkcs11.cKM_RIPEMD128_RSA_PKCS; Pkcs11.cKM_RIPEMD160_RSA_PKCS; Pkcs11.cKM_SHA256_RSA_PKCS; Pkcs11.cKM_SHA384_RSA_PKCS; Pkcs11.cKM_SHA512_RSA_PKCS; Pkcs11.cKM_RC2_CBC_PAD; Pkcs11.cKM_DES_CBC_PAD; Pkcs11.cKM_DES3_CBC_PAD; Pkcs11.cKM_CDMF_CBC_PAD; Pkcs11.cKM_CAST_CBC_PAD; Pkcs11.cKM_CAST3_CBC_PAD; Pkcs11.cKM_CAST5_CBC_PAD; Pkcs11.cKM_CAST128_CBC_PAD; Pkcs11.cKM_RC5_CBC_PAD; Pkcs11.cKM_IDEA_CBC_PAD; Pkcs11.cKM_AES_CBC_PAD; Pkcs11.cKM_RSA_X_509] let padding_oracle_mechanisms = ref padding_oracle_mechanisms_ let remove_padding_oracles_ = new list_cp (tuple2_wrappers string_wrappers (list_wrappers padding_wrappers)) ~group ["remove_padding_oracles"] [] "Remove dangerous paddings at Wrap/UnWrap (that could result in padding oracle attacks)" let remove_padding_oracles = ref [] (* Filter actions *) let filter_actions_pre_ = new list_cp (tuple2_wrappers string_wrappers (list_wrappers (tuple2_wrappers functions_wrappers actions_wrappers))) ~group ["filter_actions_pre"] [] "Define actions to be taken on some PKCS#11 function call trigger (pre actions)" let filter_actions_pre = ref [] let filter_actions_post_ = new list_cp (tuple2_wrappers string_wrappers (list_wrappers (tuple2_wrappers functions_wrappers actions_wrappers))) ~group ["filter_actions_post"] [] "Define actions to be taken on some PKCS#11 function call trigger (post actions)" let filter_actions_post = ref [] (* Wrapping key format *) let wrapping_format_key_ = new string_cp ~group ["wrapping_format_key"] "" "Wrapping key format" (********************************************) (*********** Printer helpers ****************) (********************************************) let print_aliases message level = if level <= !debug then begin print_debug message level; List.iter (fun (a, b) -> let s = Printf.sprintf "'%s' -> '%s'" a b in print_debug s level) !modules; let s = Printf.sprintf "--------------------------" in print_debug s level; end; () let print_debug_level message level = if level <= !debug then begin print_debug message level; let s = Printf.sprintf "%d" !debug in print_debug s level; end; () let print_log_subchannel message level = if level <= !debug then begin print_debug message level; if String.length !log_subch = 0 then let s = Printf.sprintf "Netplex log output" in print_debug s level; else let s = Printf.sprintf "%s"!log_subch in print_debug s level; end; () let print_mechanisms mechanisms_list message level = if level <= !debug then begin if String.length message <> 0 then begin let print_string = Printf.sprintf "%s" message in print_debug print_string level end; List.iter (fun mech -> let s = Printf.sprintf " -> %s" (Pkcs11.match_cKM_value mech) in print_debug s level;) mechanisms_list; end; () let print_aliased_mechanisms alias_mechanisms_list message level = if level <= !debug then begin print_debug message level; List.iter (fun (a, b) -> let s = Printf.sprintf "Forbidden mechanisms for module '%s' (corresponding to aliases %s) are:" a (get_aliases_from_regexp !modules a) in print_debug s level; print_mechanisms b "" level;) alias_mechanisms_list; let s = Printf.sprintf "--------------------------" in print_debug s level; end; () let print_labels labels_list message level = if level <= !debug then begin if String.length message <> 0 then begin let print_string = Printf.sprintf "%s" message in print_debug print_string level end; List.iter (fun label -> let s = Printf.sprintf " -> %s" label in print_debug s level;) labels_list; end; () let print_aliased_labels alias_labels_list message level = if level <= !debug then begin print_debug message level; List.iter (fun (a, b) -> let s = Printf.sprintf "Allowed labels for module '%s' (corresponding to aliases %s) are:" a (get_aliases_from_regexp !modules a) in print_debug s level; print_labels b "" level;) alias_labels_list; let s = Printf.sprintf "--------------------------" in print_debug s level; end; () let print_ids ids_list message level = if level <= !debug then begin if String.length message <> 0 then begin let print_string = Printf.sprintf "%s" message in print_debug print_string level end; List.iter (fun id -> let s = Printf.sprintf " -> %s" id in print_debug s level;) ids_list; end; () let print_aliased_ids alias_ids_list message level = if level <= !debug then begin print_debug message level; List.iter (fun (a, b) -> let s = Printf.sprintf "Allowed ids for module '%s' (corresponding to aliases %s) are:" a (get_aliases_from_regexp !modules a) in print_debug s level; print_ids b "" level;) alias_ids_list; let s = Printf.sprintf "--------------------------" in print_debug s level; end; () let print_functions functions_list message level = if level <= !debug then begin if String.length message <> 0 then begin let print_string = Printf.sprintf "%s" message in print_debug print_string level end; List.iter (fun func -> let s = Printf.sprintf " -> %s" func in print_debug s level;) functions_list; end; () let print_aliased_functions alias_functions_list message level = if level <= !debug then begin print_debug message level; List.iter (fun (a, b) -> let s = Printf.sprintf "Forbidden PKCS#11 functions for module '%s' (corresponding to aliases %s) are:" a (get_aliases_from_regexp !modules a) in print_debug s level; print_labels b "" level;) alias_functions_list; let s = Printf.sprintf "--------------------------" in print_debug s level; end; () let print_aliased_ro_enforcement ro_enfoce_list message level = if level <= !debug then begin print_debug message level; List.iter (fun (a, b) -> let status = if compare b true = 0 then "true" else "false" in let s = Printf.sprintf "RO session enforcement for modules '%s' (corresponding to aliases %s) is: %s" a (get_aliases_from_regexp !modules a) status in print_debug s level;) ro_enfoce_list; let s = Printf.sprintf "--------------------------" in print_debug s level; end; () let print_aliased_forbid_admin_operations admin_forbid_list message level = if level <= !debug then begin print_debug message level; List.iter (fun (a, b) -> let status = if compare b true = 0 then "true" else "false" in let s = Printf.sprintf "Admin operations forbidden for modules '%s' (corresponding to aliases %s) is: %s" a (get_aliases_from_regexp !modules a) status in print_debug s level;) admin_forbid_list; let s = Printf.sprintf "--------------------------" in print_debug s level; end; () let print_remove_padding_oracles remove_padding_oracles_list message level = if level <= !debug then begin print_debug message level; List.iter (fun (a, b) -> let s = Printf.sprintf "Removing PKCS#11 dangerous paddings for modules '%s' (corresponding to aliases %s) are:" a (get_aliases_from_regexp !modules a) in print_debug s level; List.iter (fun c -> let s = Printf.sprintf " -> %s " c in print_debug s level;) b) remove_padding_oracles_list; let s = Printf.sprintf "--------------------------" in print_debug s level; end; () let print_filter_actions filter_actions_list message level = if level <= !debug then begin print_debug message level; List.iter (fun (a, b) -> let s = Printf.sprintf "Actions for modules '%s' (corresponding to aliases %s) are:" a (get_aliases_from_regexp !modules a) in print_debug s level; List.iter (fun (c, d) -> let s = Printf.sprintf " %s -> %s " c d in print_debug s level;) b) filter_actions_list; let s = Printf.sprintf "--------------------------" in print_debug s level; end; () (*****************************) (******** Sanity checks ******) (* Check for each mechanism list if the associated alias is legitimate *) let check_mechanisms modules mechanisms_config_list = (* We iterate through the mechanisms lists and check each alias *) List.iter (fun (a, _) -> let found = check_alias modules a in if found = false then let error_string = Printf.sprintf "alias '%s' provided in mechanisms list is not a valid alias!" a in print_error error_string; raise Mechanisms_except;) mechanisms_config_list; () (* Check for each label list if the associated alias is legitimate *) let check_labels modules labels_config_list = (* We iterate through the labels lists and check each alias *) List.iter (fun (a, _) -> let found = check_alias modules a in if found = false then let error_string = Printf.sprintf "alias '%s' provided in labels list is not a valid alias!" a in print_error error_string; raise Labels_except;) labels_config_list; () (* Check for each id list if the associated alias is legitimate *) let check_ids modules ids_config_list = (* We iterate through the ids lists and check each alias *) List.iter (fun (a, _) -> let found = check_alias modules a in if found = false then let error_string = Printf.sprintf "alias '%s' provided in ids list is not a valid alias!" a in print_error error_string; raise Ids_except;) ids_config_list; () (* Check for each PKCS#11 function list if the associated alias is legitimate *) let check_functions modules functions_config_list = (* We iterate through the labels lists and check each alias *) List.iter (fun (a, _) -> let found = check_alias modules a in if found = false then let error_string = Printf.sprintf "alias '%s' provided in forbidden functions list is not a valid alias!" a in print_error error_string; raise P11_functions_except;) functions_config_list; () (* Check for each associated alias the RO session enforcement *) let check_enforce_ro_sessions modules ro_session_list = (* We iterate through the labels lists and check each alias *) List.iter (fun (a, _) -> let found = check_alias modules a in if found = false then let error_string = Printf.sprintf "alias '%s' provided in RO session enforcement option is not a valid alias!" a in print_error error_string; raise Enforce_RO_except;) ro_session_list; () (* Check for each associated alias if the admin operations are allowed *) let check_forbid_admin_operations modules admin_forbid_list = (* We iterate through the lists and check each alias *) List.iter (fun (a, _) -> let found = check_alias modules a in if found = false then let error_string = Printf.sprintf "alias '%s' provided in the forbid admin operations option is not a valid alias!" a in print_error error_string; raise Forbid_admin;) admin_forbid_list; () (* Check for each associated alias if we block the dangerous PKCS#11 paddings *) let check_remove_padding_oracles modules remove_padding_oracles_list = (* We iterate through the lists and check each alias *) List.iter (fun (a, _) -> let found = check_alias modules a in if found = false then let error_string = Printf.sprintf "alias '%s' provided in the remove padding oracles option is not a valid alias!" a in print_error error_string; raise Forbid_admin;) remove_padding_oracles_list; () (* Check for each associated alias the actions *) let check_actions modules actions_list = (* We iterate through the list and check each alias *) List.iter (fun (a, _) -> let found = check_alias modules a in if found = false then let error_string = Printf.sprintf "alias '%s' provided in the actions list a valid alias!" a in print_error error_string; raise Actions_except;) actions_list; () (* Get the wrapping format key from an hexadecimal string *) (* and set it in the global variable *) let set_wrapping_key wrapping_format_key_string = if String.length wrapping_format_key_string <> 32 then let error_string = Printf.sprintf "Provided wrapping format key is of size %d instead of 32, or no wrapping key defined at all => please define a proper hexadecimal key for the wrapping format key (i.e. wrapping_format_key = \"00010203...\")" (String.length wrapping_format_key_string) in print_error error_string; raise Wrapping_key_except; else let wrapping_format_key_bin = try (Pkcs11.string_to_char_array (Pkcs11.pack wrapping_format_key_string)) with _ -> (let error_string = Printf.sprintf "Provided wrapping format key is not in proper hexadecimal" in print_error error_string; raise Wrapping_key_except;) in (wrapping_format_key_bin) (* Check if the wrapping or unwrapping action are called *) (* during pre or post actions *) (* FIXME: this is not a clean way to check for this since *) (* we are mixing the filter core with specific actions *) let check_for_wraping_post_pre actions = let found = ref false in List.iter (fun (_, embedded_list) -> List.iter (fun (_, the_action) -> if compare the_action "wrapping_format_patch" = 0 then found := !found || true else found := !found || false ) embedded_list; ) actions; (!found) (******** External interfaces ***************) (******** Modules aliases ***************) (* Generic function to get lists associated to an alias *) let get_associated_list alias config_list = let found = try Some (snd (List.find (fun (a, _) -> check_regexp a alias = true) config_list)) with (* If not found, retur None *) Not_found -> None in if found = None then let info_string = Printf.sprintf "Info: asked list for alias '%s' has not been found!" alias in print_debug info_string 2; raise Find_list_except else (get found) let get_module_alias alias = (* Find the element *) let found = try Some (snd (List.find (fun (a, _) -> check_regexp a alias = true) !modules)) with (* If not found, return the empty string *) Not_found -> None in if found = None then let error_string = Printf.sprintf "asked alias '%s' has not been found!" alias in print_error error_string; raise Modules_except; else let debug_string = Printf.sprintf "Aliasing requested '%s' -> '%s'" alias (get found) in begin print_debug debug_string 1; end; (get found) (************************************************************************) (***************** Main configuration function **************************) let print_some_help groupable_cp _ _ filename _ = let error_string = Printf.sprintf "Error when parsing configuration file '%s': erroneous field for '%s'" filename (String.concat "." groupable_cp#get_name) in print_error error_string; if compare (String.concat "." groupable_cp#get_name) "forbidden_functions" = 0 then begin let error_string = Printf.sprintf "Field '%s' should contain a list of couples (alias_regexp, [PKCS11_FUNCTION1, PKCS11_FUNCTION2 ...]) where alias_regexp is a module alias regular expression and PKCS11_FUNCTIONi are valid PKCS#11 function names to be blocked for this module alias" (String.concat "." groupable_cp#get_name) in print_error error_string; raise Config_file_wrong_type; end; if compare (String.concat "." groupable_cp#get_name) "forbidden_mechanisms" = 0 then begin let error_string = Printf.sprintf "Field '%s' should contain a list of couples (alias_regexp, [MECHANISM1, MECHANISM2 ...]) where alias_regexp is a module alias regular expression and MECHANISMi are valid PKCS#11 mechanisms names to be blocked for this module alias" (String.concat "." groupable_cp#get_name) in print_error error_string; raise Config_file_wrong_type; end; if compare (String.concat "." groupable_cp#get_name) "allowed_labels" = 0 then begin let error_string = Printf.sprintf "Field '%s' should contain a list of couples (alias_regexp, [LABEL1, LABEL2 ...]) where alias_regexp is a module alias regular expression and LABELi are regular expressions for the labels to be filtered for this module alias" (String.concat "." groupable_cp#get_name) in print_error error_string; raise Config_file_wrong_type; end; if compare (String.concat "." groupable_cp#get_name) "allowed_ids" = 0 then begin let error_string = Printf.sprintf "Field '%s' should contain a list of couples (alias_regexp, [ID1, ID2 ...]) where alias_regexp is a module alias regular expression and IDi are regular expressions for the IDs to be filtered for this module alias" (String.concat "." groupable_cp#get_name) in print_error error_string; raise Config_file_wrong_type; end; if compare (String.concat "." groupable_cp#get_name) "modules" = 0 then begin let error_string = Printf.sprintf "Field '%s' should contain a list of couples (alias, PATH) where alias is a module alias and PATH for the real module (aka .so file) to be loaded" (String.concat "." groupable_cp#get_name) in print_error error_string; raise Config_file_wrong_type; end; if compare (String.concat "." groupable_cp#get_name) "debug" = 0 then begin let error_string = Printf.sprintf "Field '%s' should contain an integer representing the debug level" (String.concat "." groupable_cp#get_name) in print_error error_string; raise Config_file_wrong_type; end; if compare (String.concat "." groupable_cp#get_name) "log_subchannel" = 0 then begin let error_string = Printf.sprintf "Field '%s' should contain an string representing the log channel where logging should be operated: this channel name is the one used inside the pkcs11proxyd configuration file" (String.concat "." groupable_cp#get_name) in print_error error_string; raise Config_file_wrong_type; end; if compare (String.concat "." groupable_cp#get_name) "enforce_ro_sessions" = 0 then begin let error_string = Printf.sprintf "Field '%s' should contain a list of couples (alias_regexp, BOOL) where alias_regexp is a module alias regular expression and BOOL is a boolean ('true', 'false', 'yes' or 'no') telling for each alias if the RO sessions are enforced or not" (String.concat "." groupable_cp#get_name) in print_error error_string; raise Config_file_wrong_type; end; if compare (String.concat "." groupable_cp#get_name) "forbid_admin_operations" = 0 then begin let error_string = Printf.sprintf "Field '%s' should contain a list of couples (alias_regexp, BOOL) where alias_regexp is a module alias regular expression and BOOL is a boolean ('true', 'false', 'yes' or 'no') telling for each alias if the admin operations are forbidden or not" (String.concat "." groupable_cp#get_name) in print_error error_string; raise Config_file_wrong_type; end; if compare (String.concat "." groupable_cp#get_name) "remove_padding_oracles" = 0 then begin let error_string = Printf.sprintf "Field '%s' should contain a list of couples (alias_regexp, [OPERATION_TYPE1, OPERATION_TYPE2 ...]) where alias_regexp is a module alias regular expression and OPERATION_TYPEi are operation types ('wrap', 'unwrap', 'encrypt', 'sign' or 'all') telling for each alias and each operation type if the possible padding oracles are to be removed or not" (String.concat "." groupable_cp#get_name) in print_error error_string; raise Config_file_wrong_type; end; if compare (String.concat "." groupable_cp#get_name) "filter_actions_pre" = 0 then begin let error_string = Printf.sprintf "Field '%s' should contain a list of couples (alias_regexp, [(PKCS11_FUNCTION1, ACTION1), (PKCS11_FUNCTION2, ACTION2) ...]) where alias_regexp is a module alias regular expression and PKCS11_FUNCTION are PKCS#11 function names, and ACTION are actions defined and implemented in the filter_actions plugin file" (String.concat "." groupable_cp#get_name) in print_error error_string; raise Config_file_wrong_type; end; if compare (String.concat "." groupable_cp#get_name) "filter_actions_post" = 0 then begin let error_string = Printf.sprintf "Field '%s' should contain a list of couples (alias_regexp, [(PKCS11_FUNCTION1, ACTION1), (PKCS11_FUNCTION2, ACTION2) ...]) where alias_regexp is a module alias regular expression and PKCS11_FUNCTION are PKCS#11 function names, and ACTION are actions defined and implemented in the filter_actions plugin file" (String.concat "." groupable_cp#get_name) in print_error error_string; raise Config_file_wrong_type; end; if compare (String.concat "." groupable_cp#get_name) "wrapping_format_key" = 0 then begin let error_string = Printf.sprintf "Field '%s' should contain an string representing wrapping key used for the PKCS#11 patchset 1" (String.concat "." groupable_cp#get_name) in print_error error_string; raise Config_file_wrong_type; end; () IFDEF OCAML_NO_BYTES_MODULE THEN let load_file f = let ic = open_in f in let n = in_channel_length ic in let s = Bytes.create n in really_input ic s 0 n; close_in ic; (s) ENDIF IFNDEF OCAML_NO_BYTES_MODULE THEN let load_file f = let ic = open_in f in let n = in_channel_length ic in let s = really_input_string ic n in close_in ic; (s) ENDIF let check_occurences big_string to_match conf_file message = let regexp = Str.regexp to_match in let matchings = Str.string_match regexp big_string 0 in if matchings = true then let warning_string = Printf.sprintf "Warning: found multiple occurrences of entry '%s' in the configuration file '%s', only using the first one!" message conf_file in netplex_log_warning warning_string; () let get_config configuration_file = (* Check if the config file exists *) let check_conf_file = Sys.file_exists configuration_file in if check_conf_file = true then begin (* First, we check for multiple entries for the same field *) let options_list = ["debug"; "modules"; "forbidden_mechanisms"; "allowed_labels"; "allowed_ids"; "forbidden_functions"; "log_subchannel"; "wrapping_format_key"] in let file_content = load_file configuration_file in let file_content = Str.global_replace (Str.regexp "\n") "\b" file_content in let file_content = Str.global_replace (Str.regexp "^") "\b" file_content in let regexp_list = List.map (fun a -> (Printf.sprintf ".*\b%s[ ]*=.*\b%s[ ]*=.*" a a, a)) options_list in List.iter (fun (a, b) -> check_occurences file_content a configuration_file b) regexp_list; (* Then, we try to get all the fields *) group#read ~no_default:false ~on_type_error:print_some_help configuration_file; (* Get the log subchannel *) log_subch := log_subch_#get; print_log_subchannel "Log subchannel is: " 0; (* get the debug verbosity *) debug := debug_#get; print_debug_level "Debug level is: " 0; (* Get modules aliases *) modules := modules_#get; if !modules = [] then begin let error_string = Printf.sprintf "no modules found in the configuration file '%s'" configuration_file in print_error error_string; raise Modules_except; end; print_aliases "Modules are:" 3; (* Get forbidden mechanims *) forbidden_mechanisms := forbidden_mechanisms_#get; (* Sanity check to see if mechanisms are indeed associated to existing aliases *) let _ = try check_mechanisms !modules !forbidden_mechanisms with Mechanisms_except -> raise Mechanisms_except in print_aliased_mechanisms !forbidden_mechanisms "Forbidden mechanisms are:" 3; (* Labelshandling *) allowed_labels := allowed_labels_#get; (* Sanity check to see if lablels are indeed associated to existing aliases *) let _ = try check_labels !modules !allowed_labels with Labels_except -> raise Labels_except in print_aliased_labels !allowed_labels "Allowed labels are:" 3; (* Labelshandling *) allowed_ids := allowed_ids_#get; (* Sanity check to see if lablels are indeed associated to existing aliases *) let _ = try check_ids !modules !allowed_ids with Ids_except -> raise Ids_except in print_aliased_ids !allowed_ids "Allowed ids are:" 3; (* Forbidden functions *) forbidden_functions := forbidden_functions_#get; let _ = try check_functions !modules !forbidden_functions with P11_functions_except -> raise P11_functions_except in print_aliased_functions !forbidden_functions "Forbidden PKCS#11 functions are:" 3; (* Enforce RO sessions? *) enforce_ro_sessions := enforce_ro_sessions_#get; let _ = try check_enforce_ro_sessions !modules !enforce_ro_sessions with Enforce_RO_except -> raise Enforce_RO_except in print_aliased_ro_enforcement !enforce_ro_sessions "RO session enforcement are:" 3; (* Enforce admin operations forbid? *) forbid_admin_operations := forbid_admin_operations_#get; let _ = try check_forbid_admin_operations !modules !forbid_admin_operations with Forbid_admin -> raise Forbid_admin in print_aliased_forbid_admin_operations !forbid_admin_operations "Admin operations forbid are:" 3; (* Enforce admin operations forbid? *) remove_padding_oracles := remove_padding_oracles_#get; let _ = try check_remove_padding_oracles !modules !remove_padding_oracles with Remove_padding_oracles -> raise Remove_padding_oracles in print_remove_padding_oracles !remove_padding_oracles "Remove padding oracles:" 3; (* Get the specific actions for each PKCS#11 trigger *) filter_actions_pre := filter_actions_pre_#get; let _ = try check_actions !modules !filter_actions_pre with Actions_except -> raise Actions_except in filter_actions_post := filter_actions_post_#get; let _ = try check_actions !modules !filter_actions_pre with Actions_except -> raise Actions_except in print_filter_actions !filter_actions_pre "Specific pre actions are:" 3; print_filter_actions !filter_actions_post "Specific post actions are:" 3; (* Check if we have a post or pre actions matching the wrapping key format patch *) if (check_for_wraping_post_pre !filter_actions_post = true) || (check_for_wraping_post_pre !filter_actions_pre = true) then (* Get the wrapping format key *) let wrapping_format_key_string = wrapping_format_key_#get in (* Parse the hexadecimal key and set the global variable *) let the_wrapping_format_key = try (set_wrapping_key wrapping_format_key_string) with _ -> raise Wrapping_key_except in wrapping_format_key := the_wrapping_format_key; else (* Try to get the wrapping format key *) let wrapping_format_key_check_existing = try Some wrapping_format_key_#get with _ -> None in if compare wrapping_format_key_check_existing None <> 0 then if compare (get wrapping_format_key_check_existing) "" <> 0 then let warning_string = Printf.sprintf "Warning: found a wrapping_format_key in the configuration file '%s' without any post or pre action using it!" configuration_file in netplex_log_warning warning_string; else () else (); () end else begin let error_string = Printf.sprintf "no filter config file '%s'" configuration_file in print_error error_string; raise Config_file_none; end; caml-crush-1.0.12/src/filter/filter/p11fix_patches/000077500000000000000000000000001414774042300220175ustar00rootroot00000000000000caml-crush-1.0.12/src/filter/filter/p11fix_patches/cmac.ml000066400000000000000000000433001414774042300232540ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 filter 4] source tree: | ---------------------- | 4] PKCS#11 filter | ---------------------- | Project: PKCS#11 Filtering Proxy File: src/filter/filter/p11fix_patches/cmac.ml ************************** MIT License HEADER ***********************************) (********** Pure OCaml CMAC *************************) (*** WARNING! This is slow as hell, do not use it *) (* for real applications! This AES is only here as *) (* part of a proof of concept so that no other lib *) (* dependency is added to the project. For a real *) (* crypto library, please use native libs such as *) (* Cryptokit: *) (* http://forge.ocamlcore.org/projects/cryptokit/ *) (* AES algorithm *) let rijndael_sbox_ = [| 0x63; 0x7C; 0x77; 0x7B; 0xF2; 0x6B; 0x6F; 0xC5; 0x30; 0x01; 0x67; 0x2B; 0xFE; 0xD7; 0xAB; 0x76; 0xCA; 0x82; 0xC9; 0x7D; 0xFA; 0x59; 0x47; 0xF0; 0xAD; 0xD4; 0xA2; 0xAF; 0x9C; 0xA4; 0x72; 0xC0; 0xB7; 0xFD; 0x93; 0x26; 0x36; 0x3F; 0xF7; 0xCC; 0x34; 0xA5; 0xE5; 0xF1; 0x71; 0xD8; 0x31; 0x15; 0x04; 0xC7; 0x23; 0xC3; 0x18; 0x96; 0x05; 0x9A; 0x07; 0x12; 0x80; 0xE2; 0xEB; 0x27; 0xB2; 0x75; 0x09; 0x83; 0x2C; 0x1A; 0x1B; 0x6E; 0x5A; 0xA0; 0x52; 0x3B; 0xD6; 0xB3; 0x29; 0xE3; 0x2F; 0x84; 0x53; 0xD1; 0x00; 0xED; 0x20; 0xFC; 0xB1; 0x5B; 0x6A; 0xCB; 0xBE; 0x39; 0x4A; 0x4C; 0x58; 0xCF; 0xD0; 0xEF; 0xAA; 0xFB; 0x43; 0x4D; 0x33; 0x85; 0x45; 0xF9; 0x02; 0x7F; 0x50; 0x3C; 0x9F; 0xA8; 0x51; 0xA3; 0x40; 0x8F; 0x92; 0x9D; 0x38; 0xF5; 0xBC; 0xB6; 0xDA; 0x21; 0x10; 0xFF; 0xF3; 0xD2; 0xCD; 0x0C; 0x13; 0xEC; 0x5F; 0x97; 0x44; 0x17; 0xC4; 0xA7; 0x7E; 0x3D; 0x64; 0x5D; 0x19; 0x73; 0x60; 0x81; 0x4F; 0xDC; 0x22; 0x2A; 0x90; 0x88; 0x46; 0xEE; 0xB8; 0x14; 0xDE; 0x5E; 0x0B; 0xDB; 0xE0; 0x32; 0x3A; 0x0A; 0x49; 0x06; 0x24; 0x5C; 0xC2; 0xD3; 0xAC; 0x62; 0x91; 0x95; 0xE4; 0x79; 0xE7; 0xC8; 0x37; 0x6D; 0x8D; 0xD5; 0x4E; 0xA9; 0x6C; 0x56; 0xF4; 0xEA; 0x65; 0x7A; 0xAE; 0x08; 0xBA; 0x78; 0x25; 0x2E; 0x1C; 0xA6; 0xB4; 0xC6; 0xE8; 0xDD; 0x74; 0x1F; 0x4B; 0xBD; 0x8B; 0x8A; 0x70; 0x3E; 0xB5; 0x66; 0x48; 0x03; 0xF6; 0x0E; 0x61; 0x35; 0x57; 0xB9; 0x86; 0xC1; 0x1D; 0x9E; 0xE1; 0xF8; 0x98; 0x11; 0x69; 0xD9; 0x8E; 0x94; 0x9B; 0x1E; 0x87; 0xE9; 0xCE; 0x55; 0x28; 0xDF; 0x8C; 0xA1; 0x89; 0x0D; 0xBF; 0xE6; 0x42; 0x68; 0x41; 0x99; 0x2D; 0x0F; 0xB0; 0x54; 0xBB; 0x16 |] let rijndael_sbox = ref rijndael_sbox_ let do_lookup_table table a = (Char.chr (table.(Char.code a))) let rijndael_add a b = (Char.chr ((Char.code a) lxor (Char.code b))) let rijndael_mul a b = let p_ = 0x0 in let p = ref p_ in let a_acc_ = (Char.code a) in let a_acc = ref a_acc_ in let b_acc_ = (Char.code b) in let b_acc = ref b_acc_ in for i = 0 to 7 do let a_ = (!a_acc lsl 1) in let b_ = (!b_acc lsr 1) in p := ( if compare (!b_acc land 0x1) 0 <> 0 then (!p lxor !a_acc) else (!p) ); a_acc := ( if compare (!a_acc land 0x80) 0 <> 0 then (a_ lxor 0x1b) else (a_) ); b_acc := b_; done; (Char.chr (!p land 0xff)) let mixcolumns column = (* a_ = 2*a0 + 3*a1 + a2 + a3 *) let a_ = rijndael_mul (Char.chr 0x2) column.(0) in let a_ = rijndael_add a_ (rijndael_mul (Char.chr 0x3) column.(1)) in let a_ = rijndael_add a_ column.(2) in let a_ = rijndael_add a_ column.(3) in (* b_ = a0 + 2*a1 + 3*a2 + a3 *) let b_ = column.(0) in let b_ = rijndael_add b_ (rijndael_mul (Char.chr 0x2) column.(1)) in let b_ = rijndael_add b_ (rijndael_mul (Char.chr 0x3) column.(2)) in let b_ = rijndael_add b_ column.(3) in (* c_ = a0 + 1*a1 + 2*a2 + 3*a3 *) let c_ = column.(0) in let c_ = rijndael_add c_ column.(1) in let c_ = rijndael_add c_ (rijndael_mul (Char.chr 0x2) column.(2)) in let c_ = rijndael_add c_ (rijndael_mul (Char.chr 0x3) column.(3)) in (* c_ = 3*a0 + 1*a1 + 1*a2 + 2*a3 *) let d_ = rijndael_mul (Char.chr 0x3) column.(0) in let d_ = rijndael_add d_ column.(1) in let d_ = rijndael_add d_ column.(2) in let d_ = rijndael_add d_ (rijndael_mul (Char.chr 0x2) column.(3)) in ([| a_; b_; c_; d_ |]) (* AES rounds *) let aes_round state roundkey last = let mixcolumns_op = ( if compare last true = 0 then (fun a -> a) else mixcolumns) in let cola = mixcolumns_op [| do_lookup_table !rijndael_sbox state.(0); do_lookup_table !rijndael_sbox state.(5); do_lookup_table !rijndael_sbox state.(10); do_lookup_table !rijndael_sbox state.(15) |] in let colb = mixcolumns_op [| do_lookup_table !rijndael_sbox state.(4); do_lookup_table !rijndael_sbox state.(9); do_lookup_table !rijndael_sbox state.(14); do_lookup_table !rijndael_sbox state.(3) |] in let colc = mixcolumns_op [| do_lookup_table !rijndael_sbox state.(8); do_lookup_table !rijndael_sbox state.(13); do_lookup_table !rijndael_sbox state.(2); do_lookup_table !rijndael_sbox state.(7) |] in let cold = mixcolumns_op [| do_lookup_table !rijndael_sbox state.(12); do_lookup_table !rijndael_sbox state.(1); do_lookup_table !rijndael_sbox state.(6); do_lookup_table !rijndael_sbox state.(11) |] in let new_state = Array.concat [cola; colb; colc; cold] in let new_state = Array.mapi (fun index elem -> rijndael_add elem roundkey.(index)) new_state in (new_state) (* AES core cipher *) let aes_core_encrypt input roundkeys = let new_state_ = input in let new_state = ref new_state_ in (* Key whitening *) new_state := Array.mapi (fun index elem -> rijndael_add elem roundkeys.(index)) !new_state; (* Get our AES type *) let rounds = (match (Array.length roundkeys) with 176 -> 10 | 208 -> 12 | 240 -> 14 | _ -> let error = Printf.sprintf "AES roundkeys length %d error\n" (Array.length roundkeys) in failwith error ) in for i = 1 to rounds-1 do new_state := aes_round !new_state (Array.sub roundkeys (16*i) (16)) false; done; new_state := aes_round !new_state (Array.sub roundkeys (16*rounds) (16)) true; (!new_state);; (**********************************************************) (* AES key schedule *) let rcon = [| 0x01; 0x02; 0x04; 0x08; 0x10; 0x20; 0x40; 0x80; 0x1b; 0x36; 0x6c; 0xd8; 0xab; 0x4d; 0x9a |] let subword word = (Array.map (fun w -> do_lookup_table !rijndael_sbox w) word) let rotword word = ([| word.(1); word.(2); word.(3); word.(0) |]) let rcon_xor word i nk = ([| Char.chr (rcon.(i/nk-1) lxor (Char.code word.(0))); word.(1); word.(2); word.(3) |]) let aes_key_schedule key = let roundkeys_ = key in let roundkeys = ref roundkeys_ in let keylen = Array.length key in let nr = (match keylen with 16 -> 10 | 24 -> 12 | 32 -> 14 | _ -> let error = Printf.sprintf "AES key length %d error\n" (Array.length key) in failwith error ) in let nk = (match keylen with 16 -> 4 | 24 -> 6 | 32 -> 8 | _ -> let error = Printf.sprintf "AES key length %d error\n" (Array.length key) in failwith error ) in let nb = 4 in for i = nk to (nb*(nr+1))-1 do let curr_word = Array.sub !roundkeys (nb*(i-1)) (nb) in let curr_word = ( if compare (i mod nk) 0 = 0 then (rcon_xor (subword (rotword curr_word)) i nk) else (curr_word) ) in let curr_word = ( if (compare (i mod nk) 4 = 0) && (compare nk 8 = 0) then (subword curr_word) else (curr_word) ) in let curr_word = Array.mapi (fun j byte -> rijndael_add byte !roundkeys.(nb*(i-nk)+j)) curr_word in roundkeys := Array.append !roundkeys curr_word; done; (!roundkeys) (**********************************************************) (* AES encrypt in ECB mode *) let aes_encrypt_ecb input key = (* Do the key schedule once and for all *) let roundkeys = aes_key_schedule key in (* Apply the encryption on each block until we reach the end *) let i_ = 0 in let i = ref i_ in let output_ = [||] in let output = ref output_ in while !i < (Array.length input) do let block = ( try Array.sub input !i 16 with (* Last block case *) Invalid_argument _ -> let padding = Array.make (16 - ((Array.length input) mod 16)) (Char.chr 0x0) in let original_block = Array.sub input !i ((Array.length input) mod 16) in Array.append original_block padding | _ -> let error = Printf.sprintf "Unknown exception during AES ECB\n" in failwith error ) in output := Array.append !output (aes_core_encrypt block roundkeys); i := !i + 16; done; (!output) (* AES encrypt in CBC mode *) let aes_encrypt_cbc input key iv = (* Do the key schedule once and for all *) let roundkeys = aes_key_schedule key in (* Apply the encryption on each block until we reach the end *) let i_ = 0 in let i = ref i_ in let output_ = [||] in let output = ref output_ in let prev_block_ = iv in let prev_block = ref prev_block_ in while !i < (Array.length input) do let block = ( try Array.sub input !i 16 with (* Last block case *) Invalid_argument _ -> let padding = Array.make (16 - ((Array.length input) mod 16)) (Char.chr 0x0) in let original_block = Array.sub input !i ((Array.length input) mod 16) in Array.append original_block padding | _ -> let error = Printf.sprintf "Unknown exception during AES ECB\n" in failwith error ) in (* CBC chaining *) let block = Array.mapi (fun j byte -> rijndael_add byte !prev_block.(j)) block in prev_block := aes_core_encrypt block roundkeys; output := Array.append !output !prev_block; i := !i + 16; done; (!output) (* CMAC padding *) let cmac_padding block = (* Put a 100... *) let input_len = Array.length block in if compare (input_len mod 16) 0 <> 0 then let padding_length = 16 - (input_len mod 16) in let padding_block = Array.append (Array.make 1 (Char.chr 0x80)) (Array.make (padding_length - 1) (Char.chr 0x0)) in (Array.append block padding_block) else if compare input_len 0 = 0 then (Array.append (Array.make 1 (Char.chr 0x80)) (Array.make 15 (Char.chr 0x0))) else (block) (* CMAC subkeys generation *) let array_msb input = ((Char.code input.(0)) land 0x80) let array_shift_left input = let reversed_input = List.rev (Array.to_list input) in let overflow_ = 0 in let overflow = ref overflow_ in let new_reversed_input = List.map ( fun byte -> let new_byte = ((Char.code byte) lsl 1) lxor !overflow in if compare ((Char.code byte) land 0x80) 0 = 0 then begin overflow := 0; (Char.chr (new_byte land 0xff)) end else begin overflow := 1; (Char.chr (new_byte land 0xff)) end ) reversed_input in let output = Array.of_list (List.rev new_reversed_input) in (output) let cmac_generate_subkeys aes_roundkeys = let rb = Array.append (Array.make 15 (Char.chr 0x0)) [|Char.chr 0x87|] in (* Encrypt zeros *) let l = aes_core_encrypt (Array.make 16 (Char.chr 0x0)) aes_roundkeys in let k1 = ( let lshifted = array_shift_left l in if compare (array_msb l) 0 = 0 then (lshifted) else (Array.mapi (fun j byte -> rijndael_add byte rb.(j)) lshifted) ) in let k2 = ( let k1shifted = array_shift_left k1 in if compare (array_msb k1) 0 = 0 then (k1shifted) else (Array.mapi (fun j byte -> rijndael_add byte rb.(j)) k1shifted) ) in (k1, k2) (* AES CMAC *) let cmac_compute input key = (* Keep track of the empty string special case *) let old_len = Array.length input in (* If we have an empty input, just send a full padded block to the algorithm *) let input = ( (* Special case of the empty string *) if compare (Array.length input) 0 = 0 then (cmac_padding [||]) else (input) ) in (* Do the key schedule once and for all *) let roundkeys = aes_key_schedule key in (* CMAC subkeys *) let (k1,k2) = cmac_generate_subkeys roundkeys in let len = Array.length input in (* CBC chaining *) let i_ = 0 in let i = ref i_ in let prev_block_ = Array.make 16 (Char.chr 0x0) in let prev_block = ref prev_block_ in while !i < len do let block = ( let the_block = (try Array.sub input !i 16 with (* Last block in padding case *) Invalid_argument _ -> let last_block = Array.sub input !i (len mod 16) in let padded_last_block = cmac_padding last_block in (Array.mapi (fun j byte -> rijndael_add byte padded_last_block.(j)) k2) | _ -> let error = Printf.sprintf "Unknown exception during AES CBC-MAC\n" in failwith error ) in if compare (!i+16) len = 0 then (* Empty string case *) if compare old_len 0 = 0 then (Array.mapi (fun j byte -> rijndael_add byte the_block.(j)) k2) else (* Last block in NON padding case *) (Array.mapi (fun j byte -> rijndael_add byte the_block.(j)) k1) else (* Regular blocks *) (the_block) ) in (* CBC chaining *) let block = Array.mapi (fun j byte -> rijndael_add byte !prev_block.(j)) block in prev_block := aes_core_encrypt block roundkeys; i := !i + 16; done; (!prev_block) (* Verify a CMAC given a string containing it at the end *) let cmac_verify input key = let too_small_ = false in let too_small = ref too_small_ in (* Extract the cmac value at the end of the input *) let cmac_to_check = ( try Array.sub input (Array.length input - 16) 16 with Invalid_argument _ -> too_small := true; ([||]) | _ -> let error = Printf.sprintf "Unknown exception during AES CBC-MAC verification\n" in failwith error ) in let input_to_check = ( try Array.sub input 0 (Array.length input - 16) with Invalid_argument _ -> too_small := true; ([||]) | _ -> let error = Printf.sprintf "Unknown exception during AES CBC-MAC verification\n" in failwith error ) in if compare !too_small true = 0 then (false) else (* Compute the CMAC on the input *) let cmac_value = cmac_compute input_to_check key in if compare cmac_value cmac_to_check = 0 then (true) else (false) caml-crush-1.0.12/src/filter/filter/p11fix_patches/conflicting_attributes_patch.ml000066400000000000000000000402301414774042300302740ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 filter 4] source tree: | ---------------------- | 4] PKCS#11 filter | ---------------------- | Project: PKCS#11 Filtering Proxy File: src/filter/filter/p11fix_patches/conflicting_attributes_patch.ml ************************** MIT License HEADER ***********************************) (***********************************************************************) (* The conflicting attributes patch: *) (* see http://secgroup.dais.unive.it/projects/security-apis/cryptokix/ *) let conflicting_attributes key_segregation = if compare key_segregation true = 0 then (* If we segregate key usage, we add the sign-verify/encrypt-decrypt conflicting attributes *) [| ({Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}, {Pkcs11.type_ = Pkcs11.cKA_EXTRACTABLE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}); ({Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}, {Pkcs11.type_ = Pkcs11.cKA_ALWAYS_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_EXTRACTABLE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_NEVER_EXTRACTABLE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}); ({Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_ALWAYS_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}); (** Addition for key segregation **) ({Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_SIGN; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_SIGN_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_VERIFY; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_VERIFY_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_VERIFY; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_VERIFY_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_SIGN; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_SIGN_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); |] else [| ({Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}, {Pkcs11.type_ = Pkcs11.cKA_EXTRACTABLE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}); ({Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}, {Pkcs11.type_ = Pkcs11.cKA_ALWAYS_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_EXTRACTABLE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_NEVER_EXTRACTABLE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}); ({Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}); ({Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_ALWAYS_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}); |] let conflicting_attributes_patch fun_name arg = match fun_name with (* Is it a creation function (i.e. PKCS#11 function that create new objects?) *) ("C_CreateObject" | "C_CopyObject" | "C_UnwrapKey" | "C_GenerateKey" | "C_DeriveKey") -> let attributes_array = (match fun_name with "C_CreateObject" -> let (_, extracted_attributes_array) = deserialize arg in (extracted_attributes_array) | ("C_CopyObject" | "C_GenerateKey") -> let (_, _, extracted_attributes_array) = deserialize arg in (extracted_attributes_array) | "C_UnwrapKey" -> let (_, _, _, _, extracted_attributes_array) = deserialize arg in (extracted_attributes_array) | "C_DeriveKey" -> let (_, _, _, extracted_attributes_array) = deserialize arg in (extracted_attributes_array) (* We should not end up here ... *) | _ -> [||] ) in let check = detect_conflicting_attributes fun_name [||] attributes_array (conflicting_attributes !segregate_usage) in if check = true then (serialize (true, (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID, Pkcs11.cK_INVALID_HANDLE))) else (serialize (false, ())) | "C_GenerateKeyPair" -> let (sessionh, mechanism, pub_attributes, priv_attributes) = deserialize arg in (* For asymmetric keys, we have to check conflicting attributes on the fused template *) let check = detect_conflicting_attributes fun_name [||] (Array.concat [pub_attributes; priv_attributes]) (conflicting_attributes !segregate_usage) in if check = true then (serialize (true, (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID, Pkcs11.cK_INVALID_HANDLE, Pkcs11.cK_INVALID_HANDLE))) else (serialize (false, ())) (* It is an attributes modification function *) | "C_SetAttributeValue" -> let (sessionh, objecth, attributes) = deserialize arg in let (ret, templates) = filter_getAttributeValue sessionh objecth (critical_attributes !segregate_usage) in if (compare ret Pkcs11.cKR_OK <> 0) || (compare templates [||] = 0) then if (compare ret Pkcs11.cKR_OK <> 0) then (serialize (true, (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID))) else let s = "[User defined extensions] C_SettAttributeValue CRITICAL ERROR when getting critical attributes (it is not possible to get these attributes from the backend ...): in CONFLICTING_ATTRIBUTES\n" in netplex_log_critical s; failwith s; else let (ret, templates_values) = filter_getAttributeValue sessionh objecth templates in if compare ret Pkcs11.cKR_OK <> 0 then (serialize (true, (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID))) else let check = detect_conflicting_attributes fun_name templates_values attributes (conflicting_attributes !segregate_usage) in if check = true then (serialize (true, (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID))) else (serialize (false, ())) (* Default if we are in a non concerned function is to passthrough *) | _ -> (serialize (false, ())) (*** This patch is an addendum to the original CryptokiX patch ***) (*** We need it to check EXISTING objects on the token when they are used ***) let conflicting_attributes_patch_on_existing_objects fun_name arg = match fun_name with (* Crypto operations *) ("C_EncryptInit" | "C_DecryptInit" | "C_SignInit" | "C_SignRecoverInit" | "C_VerifyInit" | "C_VerifyRecoverInit") -> let (sessionh, _, ckobjecthandlet_) = deserialize arg in let check = detect_conflicting_attributes_on_existing_object fun_name sessionh ckobjecthandlet_ (conflicting_attributes !segregate_usage) in if compare check true = 0 then (serialize (true, (Pkcs11.cKR_OBJECT_HANDLE_INVALID))) else (serialize (false, ())) | "C_DeriveKey" -> let (sessionh, _, initial_key_handle, _) = deserialize arg in let check = detect_conflicting_attributes_on_existing_object fun_name sessionh initial_key_handle (conflicting_attributes !segregate_usage) in if compare check true = 0 then (serialize (true, (Pkcs11.cKR_OBJECT_HANDLE_INVALID, Pkcs11.cK_INVALID_HANDLE))) else (serialize (false, ())) | "C_DigestKey" -> let (sessionh, ckobjecthandlet_) = deserialize arg in let check = detect_conflicting_attributes_on_existing_object fun_name sessionh ckobjecthandlet_ (conflicting_attributes !segregate_usage) in if compare check true = 0 then (serialize (true, (Pkcs11.cKR_OBJECT_HANDLE_INVALID))) else (serialize (false, ())) | "C_WrapKey" -> let (sessionh, _, wrapping_handle, wrapped_handle) = deserialize arg in let check_one = detect_conflicting_attributes_on_existing_object fun_name sessionh wrapping_handle (conflicting_attributes !segregate_usage) in let check_two = detect_conflicting_attributes_on_existing_object fun_name sessionh wrapped_handle (conflicting_attributes !segregate_usage) in if (compare check_one true = 0) || (compare check_two true = 0) then (serialize (true, (Pkcs11.cKR_OBJECT_HANDLE_INVALID, [||]))) else (serialize (false, ())) | "C_UnwrapKey" -> let (sessionh, _, unwrapping_handle, _, _) = deserialize arg in let check = detect_conflicting_attributes_on_existing_object fun_name sessionh unwrapping_handle (conflicting_attributes !segregate_usage) in if compare check true = 0 then (serialize (true, (Pkcs11.cKR_OBJECT_HANDLE_INVALID, Pkcs11.cK_INVALID_HANDLE))) else (serialize (false, ())) | "C_FindObjects" -> let (sessionh, _) = deserialize arg in (* We filter the global object list and remove objects that don't fit our policy *) let new_current_find_objects_filtered_handles = !current_find_objects_filtered_handles in Array.iter ( fun handle -> let check = detect_conflicting_attributes_on_existing_object fun_name sessionh handle (conflicting_attributes !segregate_usage) in if compare check true = 0 then current_find_objects_filtered_handles := Array.of_list ( (* Remove the handle from the array since it is a 'bad' object *) List.filter ( fun curr_handle -> if compare handle curr_handle = 0 then false else true ) (Array.to_list !current_find_objects_filtered_handles) ) else () ) new_current_find_objects_filtered_handles; (serialize (false, ())) (* Default if we are in a non concerned function is to passthrough *) | _ -> (serialize (false, ())) (***********************************************************************) caml-crush-1.0.12/src/filter/filter/p11fix_patches/existing_sensitive_keys_patch.ml000066400000000000000000000317371414774042300305210ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 filter 4] source tree: | ---------------------- | 4] PKCS#11 filter | ---------------------- | Project: PKCS#11 Filtering Proxy File: src/filter/filter/p11fix_patches/existing_sensitive_keys_patch.ml ************************** MIT License HEADER ***********************************) (************************************************************************) (* The following patch deals with possible issues regarding keys that *) (* have been generated without Caml Crush. *) (* These keys can be dangerous because their values are known and they *) (* might be used to leak other keys. *) (* This patch works as follows: *) (* - Paranoid mode: if CKA_SENSITIVE is TRUE and CKA_ALWAYS_SENSITIVE *) (* is FALSE, we do not trust the key and do not allow it to be used.*) (* - Relaxed mode for key escrow: when used, this mode allows the *) (* usage of keys with CKA_SENSITIVE=TRUE and CKA_ALWAYS_SENSITIVE= *) (* FALSE ONLY if these are encryption/decryption keys and NON LOCAL *) (* keys. *) type dangerous_sensitive_keys_filtering = | PARANOID | ESCROW_ENCRYPT_ONLY_KEYS | ESCROW_ALL_KEYS (* Conflicting attributes on sensitive keys *) let dangerous_sensitive_keys_conflicting_attributes = [| ({Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}, {Pkcs11.type_ = Pkcs11.cKA_ALWAYS_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}); |] let detect_dangerous_existing_sensitive_keys function_name sessionh objecth allow_key_escrow = (* Detect the conflicting attribute *) let check = detect_conflicting_attributes_on_existing_object function_name sessionh objecth dangerous_sensitive_keys_conflicting_attributes in if compare check true = 0 then (* We have detected a conflicting attribute regerding sensitive keys *) if compare allow_key_escrow 0 = 0 then (* We are in paranoid mode, return true *) let info_string = Printf.sprintf "[User defined extensions] CONFLICTING_ATTRIBUTES_SENSITIVE_KEYS: conflicting CKA_SENSITIVE=TRUE and CKA_ALWAYS_SENSITIVE=FALSE detected. We are in paranoid mode => %s is blocked!\n" function_name in let _ = print_debug info_string 1 in (true) else (* For relaxed modes, we only focus on local keys *) (* Check if CKA_LOCAL is set *) let (ret, templates) = filter_getAttributeValue sessionh objecth [|{Pkcs11.type_ = Pkcs11.cKA_LOCAL; Pkcs11.value = [||]}|] in let (ret, templates_values) = filter_getAttributeValue sessionh objecth templates in if compare ret Pkcs11.cKR_OK <> 0 then let s = "[User defined extensions] C_GettAttributeValue CRITICAL ERROR when getting CKA_LOCAL (this should not happen ...)\n" in netplex_log_critical s; failwith s else if compare (Pkcs11.char_array_to_bool templates_values.(0).Pkcs11.value) Pkcs11.cK_FALSE = 0 then if compare allow_key_escrow 1 = 0 then (* We are in the relaxed mode where we allow ONLY keys with CKA_LOCAL=FALSE and *) (* the keys are only for encryption/decryption *) let (ret, templates) = filter_getAttributeValue sessionh objecth [|{Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = [||]}; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = [||]}|] in let (ret, templates_values) = filter_getAttributeValue sessionh objecth templates in if compare ret Pkcs11.cKR_OK <> 0 then let s = "[User defined extensions] C_GettAttributeValue CRITICAL ERROR when getting CKA_ENCRYPT/CKA_DECRYPT (this should not happen ...)\n" in netplex_log_critical s; failwith s else if (compare (Pkcs11.char_array_to_bool templates_values.(0).Pkcs11.value) Pkcs11.cK_TRUE = 0) || (compare (Pkcs11.char_array_to_bool templates_values.(1).Pkcs11.value) Pkcs11.cK_TRUE = 0) then (* => CKA_ENCRYPT=TRUE or CKA_DECRYPT=TRUE *) let info_string = Printf.sprintf "[User defined extensions] CONFLICTING_ATTRIBUTES_SENSITIVE_KEYS: conflicting CKA_SENSITIVE=TRUE and CKA_ALWAYS_SENSITIVE=FALSE detected. We are in relaxed key escrow mode (for ENCRYPT/DECRYPT only non local keys) => %s is NOT blocked!\n" function_name in let _ = print_debug info_string 2 in (false) else let info_string = Printf.sprintf "[User defined extensions] CONFLICTING_ATTRIBUTES_SENSITIVE_KEYS: conflicting CKA_SENSITIVE=TRUE and CKA_ALWAYS_SENSITIVE=FALSE detected. We are in relaxed key escrow mode (for ENCRYPT/DECRYPT only non local keys) => %s is blocked!\n" function_name in let _ = print_debug info_string 1 in (true) else (* We are in the full relaxed mode where we allow all keys with CKA_LOCAL=FALSE *) (* to be escrowed *) let info_string = Printf.sprintf "[User defined extensions] CONFLICTING_ATTRIBUTES_SENSITIVE_KEYS: conflicting CKA_SENSITIVE=TRUE and CKA_ALWAYS_SENSITIVE=FALSE detected. We are in relaxed key escrow mode (for all non local keys) => %s is NOT blocked!\n" function_name in let _ = print_debug info_string 2 in (false) else (* This is not a non local key, we block its usage since there is no reason for such local keys *) (* to exist! (i.e. with CKA_SENSITIVE=TRUE and CKA_ALWAYS_SENSITIVE=FALSE). *) (true) else (* No conflicting attribute, all is OK *) (false) (*** This patch is an addendum to the original CryptokiX patch ***) let dangerous_sensitive_keys function_name arg allow_key_escrow = let allow_key_escrow_integer = ( match allow_key_escrow with | PARANOID -> 0 | ESCROW_ENCRYPT_ONLY_KEYS -> 1 | ESCROW_ALL_KEYS -> 2 ) in match function_name with (* Crypto operations *) ("C_EncryptInit" | "C_DecryptInit" | "C_SignInit" | "C_SignRecoverInit" | "C_VerifyInit" | "C_VerifyRecoverInit") -> let (sessionh, _, ckobjecthandlet_) = deserialize arg in let check = detect_dangerous_existing_sensitive_keys function_name sessionh ckobjecthandlet_ allow_key_escrow_integer in if compare check true = 0 then (serialize (true, (Pkcs11.cKR_OBJECT_HANDLE_INVALID))) else (serialize (false, ())) | "C_DeriveKey" -> let (sessionh, _, initial_key_handle, _) = deserialize arg in let check = detect_dangerous_existing_sensitive_keys function_name sessionh initial_key_handle allow_key_escrow_integer in if compare check true = 0 then (serialize (true, (Pkcs11.cKR_OBJECT_HANDLE_INVALID, Pkcs11.cK_INVALID_HANDLE))) else (serialize (false, ())) | "C_DigestKey" -> let (sessionh, ckobjecthandlet_) = deserialize arg in let check = detect_dangerous_existing_sensitive_keys function_name sessionh ckobjecthandlet_ allow_key_escrow_integer in if compare check true = 0 then (serialize (true, (Pkcs11.cKR_OBJECT_HANDLE_INVALID))) else (serialize (false, ())) | "C_WrapKey" -> let (sessionh, _, wrapping_handle, wrapped_handle) = deserialize arg in let check_one = detect_dangerous_existing_sensitive_keys function_name sessionh wrapping_handle allow_key_escrow_integer in let check_two = detect_dangerous_existing_sensitive_keys function_name sessionh wrapped_handle allow_key_escrow_integer in if (compare check_one true = 0) || (compare check_two true = 0) then (serialize (true, (Pkcs11.cKR_OBJECT_HANDLE_INVALID, [||]))) else (serialize (false, ())) | "C_UnwrapKey" -> let (sessionh, _, unwrapping_handle, _, _) = deserialize arg in let check = detect_dangerous_existing_sensitive_keys function_name sessionh unwrapping_handle allow_key_escrow_integer in if compare check true = 0 then (serialize (true, (Pkcs11.cKR_OBJECT_HANDLE_INVALID, Pkcs11.cK_INVALID_HANDLE))) else (serialize (false, ())) | "C_FindObjects" -> let (sessionh, _) = deserialize arg in (* We filter the global object list and remove objects that don't fit our policy *) let new_current_find_objects_filtered_handles = !current_find_objects_filtered_handles in Array.iter ( fun handle -> let check = detect_dangerous_existing_sensitive_keys function_name sessionh handle allow_key_escrow_integer in if compare check true = 0 then current_find_objects_filtered_handles := Array.of_list ( (* Remove the handle from the array since it is a 'bad' object *) List.filter ( fun curr_handle -> if compare handle curr_handle = 0 then false else true ) (Array.to_list !current_find_objects_filtered_handles) ) else () ) new_current_find_objects_filtered_handles; (serialize (false, ())) (* Default if we are in a non concerned function is to passthrough *) | _ -> (serialize (false, ())) (***********************************************************************) let dangerous_sensitive_keys_paranoid function_name arg = dangerous_sensitive_keys function_name arg PARANOID let dangerous_sensitive_keys_escrow_encrypt function_name arg = dangerous_sensitive_keys function_name arg ESCROW_ENCRYPT_ONLY_KEYS let dangerous_sensitive_keys_escrow_all function_name arg = dangerous_sensitive_keys function_name arg ESCROW_ALL_KEYS caml-crush-1.0.12/src/filter/filter/p11fix_patches/non_local_objects_patch.ml000066400000000000000000000207541414774042300272150ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 filter 4] source tree: | ---------------------- | 4] PKCS#11 filter | ---------------------- | Project: PKCS#11 Filtering Proxy File: src/filter/filter/p11fix_patches/non_local_objects_patch.ml ************************** MIT License HEADER ***********************************) (***************************************************************************) (* The non local objects patch: *****) (* see http://secgroup.dais.unive.it/projects/security-apis/cryptokix/ *****) (* When using the CryptokiX patches, we want to avoid keys created through *) (* C_CreateObject to circumvent the protections *) (* Hence, we filter C_CreateObject and do not allow WRAP/UNWRAP attributes *) (* set with C_SetAttributeValue/C_CopyObject for non local *) (* objects - i.e. CKA_LOCAL set to FALSE - *) let non_local_objects_dangerous_attributes = [| {Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; (* We should not be able to set CKA_LOCAL according to the standard, we enforce this however *) (* for C_CreateObject, C_CopyObject and C_SetAttribute *) {Pkcs11.type_ = Pkcs11.cKA_LOCAL; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; |] let non_local_objects_patch fun_name arg = match fun_name with ("C_CreateObject") -> let (_, extracted_attributes_array) = deserialize arg in (* First, we check if we are dealing with a key *) if compare (is_object_class_key extracted_attributes_array) true = 0 then let check = Array.fold_left ( fun curr_check attr -> (curr_check || find_existing_attribute_value extracted_attributes_array attr) ) false non_local_objects_dangerous_attributes in if compare check true = 0 then (* We have found one of our dangerous attributes, this is not good! *) let info_string = Printf.sprintf "[User defined extensions]: NON_LOCAL_OBJECTS modification blocked during %s" fun_name in let _ = print_debug info_string 1 in (serialize (true, (Pkcs11.cKR_TEMPLATE_INCONSISTENT, Pkcs11.cK_INVALID_HANDLE))) else (* If all is ok, passthrough *) (serialize (false, ())) else (serialize (false, ())) | ("C_CopyObject" | "C_SetAttributeValue") -> let (sessionh, objecth, extracted_attributes_array) = deserialize arg in (* First, we check if we are dealing with a key *) if compare (is_existing_object_class_key sessionh objecth) true = 0 then (* Check if one of the dangerous attributes is concerned *) let check = Array.fold_left ( fun curr_check attr -> (curr_check || find_existing_attribute_value extracted_attributes_array attr) ) false non_local_objects_dangerous_attributes in if compare check true = 0 then (* We have found one of our dangerous attributes, let's check if we must filter this call *) (* Extract the CKA_LOCAL attribute *) let (ret, templates) = Backend.c_GetAttributeValue sessionh objecth [|{Pkcs11.type_ = Pkcs11.cKA_LOCAL; Pkcs11.value = [||]}|] in if compare ret Pkcs11.cKR_OK <> 0 then (* We cannot extract the CKA_LOCAL, which means that it is not a key *) (serialize (false, ())) else (* Extract the CKA_LOCAL value *) let (ret, templates_values) = Backend.c_GetAttributeValue sessionh objecth templates in if compare ret Pkcs11.cKR_OK <> 0 then (* We should not end up here ... *) let s = "[User defined extensions] C_GettAttributeValue CRITICAL ERROR when getting CKA_LOCAL (it is not possible to get these attributes from the backend ...)\n" in netplex_log_critical s; failwith s; else (* Check for CKA_LOCAL, if FALSE we give an error *) if compare (Pkcs11.char_array_to_bool templates_values.(0).Pkcs11.value) Pkcs11.cK_FALSE = 0 then (* The object is not local, block the call *) let info_string = Printf.sprintf "[User defined extensions]: NON_LOCAL_OBJECTS modification blocked during %s" fun_name in let _ = print_debug info_string 1 in if compare fun_name "C_CopyObject" = 0 then (serialize (true, (Pkcs11.cKR_TEMPLATE_INCONSISTENT, Pkcs11.cK_INVALID_HANDLE))) else (serialize (true, (Pkcs11.cKR_TEMPLATE_INCONSISTENT))) else (* No dangerous attribute us concerned ... *) (serialize (false, ())) else (* No dangerous attribute us concerned ... *) (serialize (false, ())) else (* No dangerous attribute us concerned ... *) (serialize (false, ())) | _ -> (serialize (false, ())) caml-crush-1.0.12/src/filter/filter/p11fix_patches/sanitize_creation_templates_patch.ml000066400000000000000000000302421414774042300313210ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 filter 4] source tree: | ---------------------- | 4] PKCS#11 filter | ---------------------- | Project: PKCS#11 Filtering Proxy File: src/filter/filter/p11fix_patches/sanitize_creation_templates_patch.ml ************************** MIT License HEADER ***********************************) (***********************************************************************) (* We sanitize the creation templates to avoid default values *) (* Default attributes we want to apply when not defined by a creation template *) let default_sanitized_attributes_secret_key = [| {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SIGN; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_VERIFY; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_EXTRACTABLE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_DERIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_PRIVATE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; |] let default_sanitized_attributes_private_key = [| {Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SIGN; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SIGN_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_EXTRACTABLE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_DERIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_PRIVATE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; |] let default_sanitized_attributes_public_key = [| {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_VERIFY; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_VERIFY_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_DERIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; |] let sanitize_creation_templates fun_name attributes_array object_class_ = match object_class_ with None -> (* No object class have been extracted from the token, this should not happen *) (None) | Some object_class -> begin match Pkcs11.match_cKO_value object_class with ("cKO_SECRET_KEY" | "cKO_PRIVATE_KEY" | "cKO_PUBLIC_KEY") -> let default_sanitized_attributes = (match Pkcs11.match_cKO_value object_class with "cKO_SECRET_KEY" -> default_sanitized_attributes_secret_key | "cKO_PRIVATE_KEY" -> default_sanitized_attributes_private_key | "cKO_PUBLIC_KEY" -> default_sanitized_attributes_public_key | _ -> [||] ) in (* Append the default sanitized to the given template *) let new_attributes_array = Array.fold_left ( fun new_attributes_tmp curr_sanitized -> (* Check if the sanitized attribute is in the given template *) let check = Array.fold_left ( fun curr_check curr_attr -> if compare curr_attr.Pkcs11.type_ curr_sanitized.Pkcs11.type_ = 0 then (curr_check || true) else (curr_check || false) ) false attributes_array in if compare check true = 0 then (* If the attribute is found, we don't append the default value *) (new_attributes_tmp) else (* If the attribute is NOT found, we append it to the current list *) (Array.append new_attributes_tmp [| curr_sanitized |]) ) attributes_array default_sanitized_attributes in (Some new_attributes_array) (* The template does not concern a key ... We do not touch it *) | _ -> (Some attributes_array) end let sanitize_creation_templates_patch fun_name arg = match fun_name with "C_CreateObject" -> let (sessionh, extracted_attributes_array) = deserialize arg in (* Get the object type from the template *) let object_class = get_object_class extracted_attributes_array in let new_attributes_array_ = sanitize_creation_templates fun_name extracted_attributes_array object_class in begin match new_attributes_array_ with None -> (serialize (true, (Pkcs11.cKR_TEMPLATE_INCOMPLETE, Pkcs11.cK_INVALID_HANDLE))) | Some new_attributes_array -> (serialize (true, Backend.c_CreateObject sessionh new_attributes_array)) end (******) | "C_GenerateKey" -> let (sessionh, mechanism, extracted_attributes_array) = deserialize arg in let new_attributes_array_ = sanitize_creation_templates fun_name extracted_attributes_array (Some Pkcs11.cKO_SECRET_KEY) in (serialize (true, Backend.c_GenerateKey sessionh mechanism (get new_attributes_array_))) (******) | "C_UnwrapKey" -> let (sessionh, mechanism, unwrappingh, wrappedh, extracted_attributes_array) = deserialize arg in (* Get the object type from the template *) let object_class = get_object_class extracted_attributes_array in let new_attributes_array_ = sanitize_creation_templates fun_name extracted_attributes_array object_class in begin match new_attributes_array_ with None -> (serialize (true, (Pkcs11.cKR_TEMPLATE_INCOMPLETE, Pkcs11.cK_INVALID_HANDLE))) | Some new_attributes_array -> (serialize (true, Backend.c_UnwrapKey sessionh mechanism unwrappingh wrappedh new_attributes_array)) end (******) | "C_DeriveKey" -> let (sessionh, mechanism, keyh, extracted_attributes_array) = deserialize arg in (* Get the object type from the template *) let object_class = get_object_class extracted_attributes_array in let new_attributes_array_ = sanitize_creation_templates fun_name extracted_attributes_array object_class in begin match new_attributes_array_ with None -> (serialize (true, (Pkcs11.cKR_TEMPLATE_INCOMPLETE, Pkcs11.cK_INVALID_HANDLE))) | Some new_attributes_array -> (serialize (true, Backend.c_DeriveKey sessionh mechanism keyh new_attributes_array)) end (******) | "C_GenerateKeyPair" -> let (sessionh, mechanism, pub_attributes, priv_attributes) = deserialize arg in let new_pub_attributes_array_ = sanitize_creation_templates fun_name pub_attributes (Some Pkcs11.cKO_PUBLIC_KEY) in let new_priv_attributes_array_ = sanitize_creation_templates fun_name priv_attributes (Some Pkcs11.cKO_PRIVATE_KEY) in (serialize (true, Backend.c_GenerateKeyPair sessionh mechanism (get new_pub_attributes_array_) (get new_priv_attributes_array_))) (******) | _ -> (serialize (false, ())) caml-crush-1.0.12/src/filter/filter/p11fix_patches/secure_templates_patch.ml000066400000000000000000000550221414774042300271000ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 filter 4] source tree: | ---------------------- | 4] PKCS#11 filter | ---------------------- | Project: PKCS#11 Filtering Proxy File: src/filter/filter/p11fix_patches/secure_templates_patch.ml ************************** MIT License HEADER ***********************************) (***********************************************************************) (* The secure templates patch: *) (* see http://secgroup.dais.unive.it/projects/security-apis/cryptokix/ *) (* Key generation possible templates *) let key_generation_templates key_segregation = if compare key_segregation true = 0 then (* If we enforce encrypt-decrypt/sign-verify segregation *) [| (* Wrap and/or Unwrap *) [| {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SIGN; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SIGN_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_VERIFY; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_VERIFY_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; |]; (* Encrypt and/or decrypt *) [| {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SIGN; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SIGN_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_VERIFY; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_VERIFY_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; |]; (* Sign and/or verify *) [| {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; |]; |] (******************************************************************) else [| (* Wrap and/or Unwrap *) [| {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; |]; (* Encrypt and/or decrypt *) [| {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; |]; |] (******************************************************************) (* Key creation and import templates *) let key_creation_import_templates key_segregation = if compare key_segregation true = 0 then (* If we enforce encrypt-decrypt/sign-verify segregation *) [| (* Unwrap and/or encrypt but no sign/verify *) [| {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SIGN; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SIGN_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_VERIFY; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_VERIFY_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; |]; (* Unwrap and/or sign/verify but no encrypt *) [| {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; |]; |] (******************************************************************) else [| (* Unwrap and/or encrypt *) [| {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; |]; |] (******************************************************************) let secure_templates_sticky_attributes key_segregation = if compare key_segregation true = 0 then (* If we segregate key usage, we add the sign-verify in the sticky attributes *) [| {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; (** Addition for key segregation **) {Pkcs11.type_ = Pkcs11.cKA_SIGN; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_VERIFY; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_SIGN_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_VERIFY_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_SIGN; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_VERIFY; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SIGN_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_VERIFY_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; |] else [| {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; |] let check_is_template_secure fun_name template secure_templates = let check = Array.fold_left ( fun curr_check secure_temp -> (curr_check || not(check_are_templates_nonconforming fun_name template secure_temp)) ) false secure_templates in (check) let secure_templates_patch fun_name arg = match fun_name with (* We forbid C_SetAttributeValue calls on key type objects *) ("C_SetAttributeValue") -> let (sessionh, objecth, attributes) = deserialize arg in (* Are we dealing with a key? *) let (ret, templates) = Backend.c_GetAttributeValue sessionh objecth [|{Pkcs11.type_ = Pkcs11.cKA_CLASS; Pkcs11.value = [||]}|] in if compare ret Pkcs11.cKR_OK <> 0 then (* We should not end up here ... Send an error *) (serialize (true, (Pkcs11.cKR_GENERAL_ERROR))) else let (ret, templates) = Backend.c_GetAttributeValue sessionh objecth templates in if compare (is_object_class_key templates) true = 0 then (* We have a key type *) (* Are we trying to change a sticky attribute? Extract the critical attributes *) let (ret, templates) = filter_getAttributeValue sessionh objecth (critical_attributes !segregate_usage) in if (compare ret Pkcs11.cKR_OK <> 0) || (compare templates [||] = 0) then if (compare ret Pkcs11.cKR_OK <> 0) then if compare fun_name "C_CopyObject" = 0 then (serialize (true, (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID, Pkcs11.cK_INVALID_HANDLE))) else (serialize (true, (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID))) else let s = "[User defined extensions] C_SettAttributeValue CRITICAL ERROR when getting critical attributes (it is not possible to get these attributes from the backend ...\n)" in netplex_log_critical s; failwith s; else let (ret, templates_values) = filter_getAttributeValue sessionh objecth templates in if compare ret Pkcs11.cKR_OK <> 0 then (serialize (true, (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID))) else (* We got the critical attributes, now check if a sticky attributes is (un)set *) let check = detect_sticky_attributes fun_name templates_values attributes (secure_templates_sticky_attributes !segregate_usage) in if check = true then (* If yes: return an error *) let info_string = Printf.sprintf "[User defined extensions]: Bad SECURE_TEMPLATES (for STICKY attribute) asked during %s" fun_name in let _ = print_debug info_string 1 in (serialize (true, (Pkcs11.cKR_ATTRIBUTE_READ_ONLY))) else (* Passtrhough *) (serialize (false, ())) else (* Passtrhough *) (serialize (false, ())) (* Key generation *) | "C_GenerateKey" -> let (_, _, attributes_array) = deserialize arg in (* Check if the asked template is conforming with one of the generation templates *) if compare (check_is_template_secure fun_name attributes_array (key_generation_templates !segregate_usage)) true = 0 then (* Template is secure, passthrough *) (serialize (false, ())) else (* Templa is NOT secure, block the function *) let info_string = Printf.sprintf "[User defined extensions]: Bad SECURE_TEMPLATES asked during %s" fun_name in let _ = print_debug info_string 1 in (serialize (true, (Pkcs11.cKR_TEMPLATE_INCONSISTENT, Pkcs11.cK_INVALID_HANDLE))) | "C_GenerateKeyPair" -> let (_, _, pub_attributes_array, priv_attributes_array) = deserialize arg in (* Check if the asked template is conforming with one of the generation templates, work on the fused template *) let fused_attributes_array = Array.concat [pub_attributes_array; priv_attributes_array] in if compare (check_is_template_secure fun_name fused_attributes_array (key_generation_templates !segregate_usage)) true = 0 then (* Template is secure, passthrough *) (serialize (false, ())) else (* Templa is NOT secure, block the function *) let info_string = Printf.sprintf "[User defined extensions]: Bad SECURE_TEMPLATES asked during %s" fun_name in let _ = print_debug info_string 1 in (serialize (true, (Pkcs11.cKR_TEMPLATE_INCONSISTENT, Pkcs11.cK_INVALID_HANDLE, Pkcs11.cK_INVALID_HANDLE))) (* Key creation/import *) | ("C_UnwrapKey" | "C_CreateObject" | "C_CopyObject" | "C_DeriveKey") -> let (sessionh, objecth, attributes_array) = (match fun_name with "C_UnwrapKey" -> let (sessionh, _, _, _, extracted_attributes_array) = deserialize arg in (sessionh, Pkcs11.cK_INVALID_HANDLE, extracted_attributes_array) | "C_CreateObject" -> let (sessionh, extracted_attributes_array) = deserialize arg in (sessionh, Pkcs11.cK_INVALID_HANDLE, extracted_attributes_array) | "C_CopyObject" -> let (sessionh, objecth, extracted_attributes_array) = deserialize arg in (sessionh, objecth, extracted_attributes_array) | "C_DeriveKey" -> let (sessionh, _, objecth, extracted_attributes_array) = deserialize arg in (sessionh, objecth, extracted_attributes_array) (* We should not end up here ... *) | _ -> (Pkcs11.cK_INVALID_HANDLE, Pkcs11.cK_INVALID_HANDLE, [||]) ) in (* Check if the asked template is conforming with one of the creation templates *) if compare (check_is_template_secure fun_name attributes_array (key_creation_import_templates !segregate_usage)) true = 0 then (* Template is secure, passthrough *) (serialize (false, ())) else (* In the case of CreateObject or CopyObject on non key objects, passthrough *) if compare fun_name "C_CreateObject" = 0 then if compare (is_object_class_key attributes_array) false = 0 then (* Passthrough *) (serialize (false, ())) else (* Templa is NOT secure, block the function *) let info_string = Printf.sprintf "[User defined extensions]: Bad SECURE_TEMPLATES asked during %s" fun_name in let _ = print_debug info_string 1 in (serialize (true, (Pkcs11.cKR_TEMPLATE_INCONSISTENT, Pkcs11.cK_INVALID_HANDLE))) else if compare fun_name "C_CopyObject" = 0 then (* Extract the cKA_CLASS of the existing object *) let (ret, templates) = Backend.c_GetAttributeValue sessionh objecth [|{Pkcs11.type_ = Pkcs11.cKA_CLASS; Pkcs11.value = [||]}|] in if compare ret Pkcs11.cKR_OK <> 0 then (* We should not end up here ... Send an error *) (serialize (true, (Pkcs11.cKR_GENERAL_ERROR))) else let (ret, templates) = Backend.c_GetAttributeValue sessionh objecth templates in (* Are we dealing with a key? *) if compare (is_object_class_key templates) false = 0 then (* We do not have a key type, passthrough *) (serialize (false, ())) else (* We have a key type, forbid the function *) let info_string = Printf.sprintf "[User defined extensions]: Bad SECURE_TEMPLATES asked during %s" fun_name in let _ = print_debug info_string 1 in (serialize (true, (Pkcs11.cKR_TEMPLATE_INCONSISTENT, Pkcs11.cK_INVALID_HANDLE))) else (* Templa is NOT secure, block the function *) let info_string = Printf.sprintf "[User defined extensions]: Bad SECURE_TEMPLATES asked during %s" fun_name in let _ = print_debug info_string 1 in (serialize (true, (Pkcs11.cKR_TEMPLATE_INCONSISTENT, Pkcs11.cK_INVALID_HANDLE))) (* Passthrough in other cases *) | _ -> (serialize (false, ())) caml-crush-1.0.12/src/filter/filter/p11fix_patches/sensitive_leak_patch.ml000066400000000000000000000331271414774042300265430ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 filter 4] source tree: | ---------------------- | 4] PKCS#11 filter | ---------------------- | Project: PKCS#11 Filtering Proxy File: src/filter/filter/p11fix_patches/sensitive_leak_patch.ml ************************** MIT License HEADER ***********************************) (***********************************************************************) (* The patch preventing directly reading or writhing to sensitive or *) (* extractable keys. *) (* This patch also prevents directly setting CKA_ALWAYS_SENSITIVE and *) (* CKA_NEVER_EXTRACTABLE *) (* see http://secgroup.dais.unive.it/projects/security-apis/cryptokix/ *) (* Specific cases where the sensitive part of the key is not a CKA_VALUE *) (* FIXME: Check if there is no other algorithm than RSA falling in this category *) (* FIXME: This function is kind of ugly, it can be rewritten in a more elegant way *) let handle_object_sensitive_not_cka_value fun_name sessionh objecth attributes = (* Get the key type if it is relevant *) if is_existing_object_class_private_key sessionh objecth = true then let (ret, templates) = filter_getAttributeValue sessionh objecth [| { Pkcs11.type_ = Pkcs11.cKA_KEY_TYPE; Pkcs11.value = [||] } |] in let (ret, templates_values) = filter_getAttributeValue sessionh objecth templates in if compare ret Pkcs11.cKR_OK <> 0 then (* There was an error, fallback to the CKA_VALUE check *) (2, Pkcs11.cKR_OK, [||]) else if compare (Pkcs11.char_array_to_ulong templates_values.(0).Pkcs11.value) Pkcs11.cKK_RSA = 0 then (* We have RSA key *) if (compare (check_is_attribute_asked fun_name Pkcs11.cKA_PRIVATE_EXPONENT attributes) true = 0) || (compare (check_is_attribute_asked fun_name Pkcs11.cKA_PRIME_1 attributes) true = 0) || (compare (check_is_attribute_asked fun_name Pkcs11.cKA_PRIME_2 attributes) true = 0) || (compare (check_is_attribute_asked fun_name Pkcs11.cKA_EXPONENT_1 attributes) true = 0) || (compare (check_is_attribute_asked fun_name Pkcs11.cKA_EXPONENT_2 attributes) true = 0) || (compare (check_is_attribute_asked fun_name Pkcs11.cKA_COEFFICIENT attributes) true = 0) then (* We have a RSA key and some sensitive attributes are asked *) let filtered_attributes = attributes in let (filtered_attributes, positions_private_exp) = remove_asked_specific_type_from_template filtered_attributes Pkcs11.cKA_PRIVATE_EXPONENT in let (filtered_attributes, positions_prime_1) = remove_asked_specific_type_from_template filtered_attributes Pkcs11.cKA_PRIME_1 in let (filtered_attributes, positions_prime_2) = remove_asked_specific_type_from_template filtered_attributes Pkcs11.cKA_PRIME_2 in let (filtered_attributes, positions_exp_1) = remove_asked_specific_type_from_template filtered_attributes Pkcs11.cKA_EXPONENT_1 in let (filtered_attributes, positions_exp_2) = remove_asked_specific_type_from_template filtered_attributes Pkcs11.cKA_EXPONENT_2 in let (filtered_attributes, positions_coeff) = remove_asked_specific_type_from_template filtered_attributes Pkcs11.cKA_COEFFICIENT in let (ret, returned_attributes) = Backend.c_GetAttributeValue sessionh objecth filtered_attributes in (* Now, we reinsert the sensitive types in the template with zeroes *) let filtered_attributes = insert_purged_value_type_in_template filtered_attributes (Array.concat [ positions_private_exp; positions_prime_1; positions_prime_2; positions_exp_1; positions_exp_2; positions_coeff ]) in (1, ret, filtered_attributes) else (* We have a RSA key without asking for sensitive attributes, passthrough *) (0, Pkcs11.cKR_OK, [||]) else (* Not a RSA key, fallback to the CKA_VALUE check *) (2, Pkcs11.cKR_OK, [||]) else (* Not a private key, fallback to the CKA_VALUE check *) (2, Pkcs11.cKR_OK, [||]) let prevent_sensitive_leak_patch fun_name arg = match fun_name with "C_GetAttributeValue" -> let (sessionh, objecth, attributes) = deserialize arg in let (ret, templates) = filter_getAttributeValue sessionh objecth (critical_attributes !segregate_usage) in if (compare ret Pkcs11.cKR_OK <> 0) || (compare templates [||] = 0) then if (compare ret Pkcs11.cKR_OK <> 0) then (serialize (true, (getAttributeValueErrors ret, attributes))) else let s = "[User defined extensions] C_GettAttributeValue CRITICAL ERROR when getting critical attributes (it is not possible to get these attributes from the backend ...): inside SENSITIVE_LEAK\n" in netplex_log_critical s; failwith s; else let (ret, templates_values) = filter_getAttributeValue sessionh objecth templates in if compare ret Pkcs11.cKR_OK <> 0 then let s = "[User defined extensions] C_GettAttributeValue CRITICAL ERROR when getting critical attributes (it is not possible to get these attributes from the backend ...): inside SENSITIVE_LEAK\n" in let _ = netplex_log_critical s in netplex_log_critical s; failwith s; else (* If the object is sensitive or non-extractable, and we ask for a sensitive attribute, we return an error *) if ((compare (check_is_attribute_set fun_name Pkcs11.cKA_SENSITIVE templates_values) true = 0) || (compare (check_is_attribute_set fun_name Pkcs11.cKA_EXTRACTABLE templates_values) true = 0)) then (* Specific cases where CKA_VALUE is NOT (or not only ...) the sensitive part of the object *) let (check, ret, filtered_attributes) = handle_object_sensitive_not_cka_value fun_name sessionh objecth attributes in match check with |0 -> (* Case 0: we pass through without doing anything *) (serialize (false, ())) |1 -> (* Case 1: we return a specific error *) (serialize (true, (ret, filtered_attributes))) |2 -> (* Case 2: we fall in the case where we want to test the specific CKA_VALUE case *) (* Key type has sensitive value in CKA_VALUE attribute *) if (compare (check_is_attribute_asked fun_name Pkcs11.cKA_VALUE attributes) true = 0) then let error_type = if (compare (check_is_attribute_set fun_name Pkcs11.cKA_SENSITIVE templates_values) true = 0) then "SENSITIVE" else "NON EXTRACTABLE" in let info_string = Printf.sprintf "[User defined extensions]: SENSITIVE_LEAK asked during %s for a %s key" fun_name error_type in let _ = print_debug info_string 1 in (* We expurge the template from the value type and call the backend *) let (new_attributes, positions) = remove_asked_value_type_from_template attributes in let (ret, returned_attributes) = Backend.c_GetAttributeValue sessionh objecth new_attributes in (* Now, we reinsert the value type in the template with zeroes *) let filtered_attributes = insert_purged_value_type_in_template returned_attributes positions in (serialize (true, (Pkcs11.cKR_ATTRIBUTE_SENSITIVE, filtered_attributes))) else (* If we are here, we passthrough the call *) (serialize (false, ())) |_ -> (* This case should not happen by construction *) let s = "[User defined extensions] C_GettAttributeValue CRITICAL ERROR when checking for sensitive or extractible object attributes\n" in let _ = netplex_log_critical s in netplex_log_critical s; failwith s; else (* If we are here, we passthrough the call *) (serialize (false, ())) | "C_SetAttributeValue" -> let (sessionh, objecth, attributes) = deserialize arg in let (ret, templates) = filter_getAttributeValue sessionh objecth (critical_attributes !segregate_usage) in if (compare ret Pkcs11.cKR_OK <> 0) || (compare templates [||] = 0) then if (compare ret Pkcs11.cKR_OK <> 0) then (serialize (true, (Pkcs11.cKR_ATTRIBUTE_READ_ONLY))) else let s = "[User defined extensions] C_SettAttributeValue CRITICAL ERROR when getting critical attributes (it is not possible to get these attributes from the backend ...): inside SENSITIVE_LEAK\n" in netplex_log_critical s; failwith s; else let (ret, templates_values) = filter_getAttributeValue sessionh objecth templates in if compare ret Pkcs11.cKR_OK <> 0 then (serialize (true, (Pkcs11.cKR_ATTRIBUTE_READ_ONLY))) else (* If the object is sensitive or non-extractable, and we ask for a value to be set, we return an error *) if (compare (check_is_attribute_asked fun_name Pkcs11.cKA_VALUE attributes) true = 0) && ((compare (check_is_attribute_set fun_name Pkcs11.cKA_SENSITIVE templates_values) true = 0) || (compare (check_is_attribute_set fun_name Pkcs11.cKA_EXTRACTABLE templates_values) true = 0)) then let error_type = if (compare (check_is_attribute_set fun_name Pkcs11.cKA_SENSITIVE templates_values) true = 0) then "SENSITIVE" else "NON EXTRACTABLE" in let info_string = Printf.sprintf "[User defined extensions]: SENSITIVE_LEAK asked during %s for a %s key" fun_name error_type in let _ = print_debug info_string 1 in (serialize (true, (Pkcs11.cKR_ATTRIBUTE_READ_ONLY))) else (* If we ask for a modification of CKA_NEVER_EXTRACTABLE or CKA_ALWAYS_SENSITIVE, return an error *) if (compare (check_is_attribute_asked fun_name Pkcs11.cKA_ALWAYS_SENSITIVE attributes) true = 0) || (compare (check_is_attribute_asked fun_name Pkcs11.cKA_NEVER_EXTRACTABLE attributes) true = 0) then (serialize (true, (Pkcs11.cKR_ATTRIBUTE_READ_ONLY))) (* If we end up here, passthrough *) else (serialize (false, ())) (* Default if we are in a non concerned function is to passthrough *) | _ -> (serialize (false, ())) caml-crush-1.0.12/src/filter/filter/p11fix_patches/sticky_attributes_patch.ml000066400000000000000000000212621414774042300273070ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 filter 4] source tree: | ---------------------- | 4] PKCS#11 filter | ---------------------- | Project: PKCS#11 Filtering Proxy File: src/filter/filter/p11fix_patches/sticky_attributes_patch.ml ************************** MIT License HEADER ***********************************) (***********************************************************************) (* The sticky attributes patch: *) (* see http://secgroup.dais.unive.it/projects/security-apis/cryptokix/ *) (* If we segregate key usage, we add the sign-verify as sticky *) let sticky_attributes key_segregation = if compare key_segregation true = 0 then (* If we segregate key usage, we add the sign-verify in the sticky attributes *) [| {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_EXTRACTABLE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_ALWAYS_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_NEVER_EXTRACTABLE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; (** Addition for key segregation **) {Pkcs11.type_ = Pkcs11.cKA_SIGN; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_VERIFY; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_SIGN_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_VERIFY_RECOVER; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; |] else [| {Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_EXTRACTABLE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_FALSE}; {Pkcs11.type_ = Pkcs11.cKA_ALWAYS_SENSITIVE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; {Pkcs11.type_ = Pkcs11.cKA_NEVER_EXTRACTABLE; Pkcs11.value = Pkcs11.bool_to_char_array Pkcs11.cK_TRUE}; |] let sticky_attributes_patch fun_name arg = match fun_name with (* Copy object case *) ("C_CopyObject" | "C_SetAttributeValue") -> let (sessionh, objecth, attributes) = deserialize arg in let (ret, templates) = filter_getAttributeValue sessionh objecth (critical_attributes !segregate_usage) in if (compare ret Pkcs11.cKR_OK <> 0) || (compare templates [||] = 0) then if (compare ret Pkcs11.cKR_OK <> 0) then if compare fun_name "C_CopyObject" = 0 then (serialize (true, (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID, Pkcs11.cK_INVALID_HANDLE))) else (serialize (true, (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID))) else let s = "[User defined extensions] C_GettAttributeValue CRITICAL ERROR when getting critical attributes (it is not possible to get these attributes from the backend ...\n)" in netplex_log_critical s; failwith s; else let (ret, templates_values) = filter_getAttributeValue sessionh objecth templates in if compare ret Pkcs11.cKR_OK <> 0 then if compare fun_name "C_CopyObject" = 0 then (serialize (true, (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID, Pkcs11.cK_INVALID_HANDLE))) else (serialize (true, (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID))) else (* Check for sticky attributes transitions *) let check = detect_sticky_attributes fun_name templates_values attributes (sticky_attributes !segregate_usage) in if check = true then if compare fun_name "C_CopyObject" = 0 then (serialize (true, (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID, Pkcs11.cK_INVALID_HANDLE))) else (serialize (true, (Pkcs11.cKR_ATTRIBUTE_VALUE_INVALID))) else (serialize (false, ())) (* Default if we are in a non concerned function is to passthrough *) | _ -> (serialize (false, ())) caml-crush-1.0.12/src/filter/filter/p11fix_patches/wrapping_format_patch.ml000066400000000000000000000307501414774042300267340ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 filter 4] source tree: | ---------------------- | 4] PKCS#11 filter | ---------------------- | Project: PKCS#11 Filtering Proxy File: src/filter/filter/p11fix_patches/wrapping_format_patch.ml ************************** MIT License HEADER ***********************************) (***********************************************************************) (* The wrapping format patch: *) (* see http://secgroup.dais.unive.it/projects/security-apis/cryptokix/ *) (* Include the CMAC helpers here *) INCLUDE "p11fix_patches/cmac.ml" (* Create a buffer from critical attributes *) let template_array_to_char_array templates = let out_array = Array.map ( fun temp -> let check_value = get_existing_attribute_value templates temp in (* Attribute found, we add its true value *) (* Do we have a CKA_CLASS attribute? *) (* If yes, keep the 32-bit value *) if compare temp.Pkcs11.type_ Pkcs11.cKA_CLASS = 0 then if compare check_value [||] = 0 then (* Attribute not found, we put a "0xff..." so that we can import it *) ([|Char.chr 0xff; Char.chr 0xff; Char.chr 0xff; Char.chr 0xff|]) else (Pkcs11.hton_char_array check_value) else if compare check_value [||] = 0 then ([|Char.chr 0xff|]) else (* If it is not a CKA_CLASS attribute, it is a boolean *) if compare (Pkcs11.char_array_to_bool check_value) Pkcs11.cK_TRUE = 0 then ([|Char.chr 0x1|]) else ([|Char.chr 0x0|]) ) (critical_attributes !segregate_usage) in (Array.concat (Array.to_list out_array)) (* Extract critical attributes from a buffer *) let char_array_to_template_array buffer = let i = ref 0 in let out_template_array = ( if compare (Array.length buffer) (Array.length (critical_attributes !segregate_usage)+3) = 0 then Array.map ( fun the_attribute -> if compare the_attribute.Pkcs11.type_ Pkcs11.cKA_CLASS = 0 then (* We have an ulong value *) (* Take 4 bytes *) let extracted_chars = Array.sub buffer !i 4 in let the_value = ( if compare extracted_chars [|Char.chr 0xff; Char.chr 0xff; Char.chr 0xff; Char.chr 0xff|] = 0 then ([||]) else (Pkcs11.ntoh_char_array extracted_chars) ) in i := !i + 4; ({Pkcs11.type_ = the_attribute.Pkcs11.type_; Pkcs11.value = the_value}) else (* We have a boolean value *) let the_value = ( if compare buffer.(!i) (Char.chr 0x1) = 0 then (Pkcs11.bool_to_char_array Pkcs11.cK_TRUE) else if compare buffer.(!i) (Char.chr 0x0) = 0 then (Pkcs11.bool_to_char_array Pkcs11.cK_FALSE) else ([||]) ) in i := !i + 1; ({Pkcs11.type_ = the_attribute.Pkcs11.type_; Pkcs11.value = the_value}) ) (critical_attributes !segregate_usage) else ([||]) ) in (* Expurge the template from empty attributes *) (expurge_template_from_irrelevant_attributes out_template_array) (************** WARNING ************************************) (* We use the key configured in the filter configuration file *) (* You might preferably want to use a key secured in a token *) (************************************************************************************************************) let wrapping_format_patch fun_name arg = (* Raise an error if the key is empty *) if Array.length !wrapping_format_key = 0 then let s = Printf.sprintf "[User defined extensions] %s error for WRAPPING_FORMAT: no wrapping key format has been defined in the configuration file!\n" fun_name in netplex_log_critical s; failwith s; else match fun_name with (* WrapKey *) ("C_WrapKey") -> let (sessionh, mechanism, wrappingh, wrappedh) = deserialize arg in (* Call Wrap in the backend to get binary blob *) let (ret, wrapped_key_buffer) = Backend.c_WrapKey sessionh mechanism wrappingh wrappedh in (* If we have an error here, return it as is *) if compare ret Pkcs11.cKR_OK <> 0 then (serialize (true, (ret, [||]))) else (* Get the attributes of the object we want to wrap *) let (ret, templates) = filter_getAttributeValue sessionh wrappedh (critical_attributes !segregate_usage) in if (compare ret Pkcs11.cKR_OK <> 0) || (compare templates [||] = 0) then if (compare ret Pkcs11.cKR_OK <> 0) then (serialize (true, (Pkcs11.cKR_KEY_NOT_WRAPPABLE, [||]))) else let s = "[User defined extensions] C_GettAttributeValue CRITICAL ERROR when getting critical attributes (it is not possible to get these attributes from the backend ...): occured during C_WrapKey for WRAPPING_FORMAT\n" in netplex_log_critical s; failwith s; else let (ret, templates_values) = filter_getAttributeValue sessionh wrappedh templates in if compare ret Pkcs11.cKR_OK <> 0 then (serialize (true, (Pkcs11.cKR_KEY_NOT_WRAPPABLE, [||]))) else (* Compute the buffer *) let buffer = Array.append wrapped_key_buffer (template_array_to_char_array templates_values) in (* Compute the CMAC *) let buffer_cmac = cmac_compute buffer !wrapping_format_key in (* Append the CMAC to the buffer *) let wrapping_format_buffer = Array.append buffer buffer_cmac in (serialize (true, (Pkcs11.cKR_OK, wrapping_format_buffer))) (* UnwrapKey *) | ("C_UnwrapKey") -> let (sessionh, mechanism, unwrappingh, buffer, asked_attributes) = deserialize arg in let attributes_array_buffer_length = (Array.length (critical_attributes !segregate_usage))+3 in (****) let extraction_error_ = false in let extraction_error = ref extraction_error_ in let buffer_attributes = (try Array.sub buffer ((Array.length buffer) - attributes_array_buffer_length - 16) attributes_array_buffer_length with _ -> extraction_error := true; ([||]) ) in let real_wrapped_key_buffer = (try Array.sub buffer 0 ((Array.length buffer) - attributes_array_buffer_length - 16) with _ -> extraction_error := true; ([||]) ) in if compare !extraction_error true = 0 then (* In case of an extraction error ... *) let info_string = Printf.sprintf "[User defined extensions]: WRAPPING_FORMAT for %s detected bad CMAC" fun_name in let _ = print_debug info_string 1 in (serialize (true, (Pkcs11.cKR_FUNCTION_FAILED, Pkcs11.cK_INVALID_HANDLE))) else (* Compute the CMAC *) let check_cmac = cmac_verify buffer !wrapping_format_key in if compare check_cmac false = 0 then (* CMAC is not OK: return an error *) let info_string = Printf.sprintf "[User defined extensions]: WRAPPING_FORMAT for %s detected bad CMAC" fun_name in let _ = print_debug info_string 1 in (serialize (true, (Pkcs11.cKR_FUNCTION_FAILED, Pkcs11.cK_INVALID_HANDLE))) else (* CMAC is OK, check the templates consistency *) let saved_attributes = char_array_to_template_array buffer_attributes in let check_templates_nok = check_are_templates_nonconforming fun_name saved_attributes asked_attributes in if compare check_templates_nok true = 0 then let info_string = Printf.sprintf "[User defined extensions]: WRAPPING_FORMAT for %s detected templates inconsistency" fun_name in let _ = print_debug info_string 1 in (serialize (true, (Pkcs11.cKR_TEMPLATE_INCONSISTENT, Pkcs11.cK_INVALID_HANDLE))) else (* Sanitize the merged template *) let object_class = get_object_class asked_attributes in let sanitized_attributes_ = sanitize_creation_templates fun_name asked_attributes object_class in (* NB: we cannot use the generic patch because of our user extension system limitation *) (* since the wrapping_format must be an "end point" *) if compare sanitized_attributes_ None = 0 then let info_string = Printf.sprintf "[User defined extensions]: WRAPPING_FORMAT for %s error, NO CKA_CLASS in template" fun_name in let _ = print_debug info_string 1 in (serialize (true, (Pkcs11.cKR_FUNCTION_FAILED, Pkcs11.cK_INVALID_HANDLE))) else let info_string = Printf.sprintf "[User defined extensions]: WRAPPING_FORMAT for %s has CMAC and templates OK" fun_name in let _ = print_debug info_string 1 in (* All is OK, call the real Unwrap function from the backend *) (serialize (true, (Backend.c_UnwrapKey sessionh mechanism unwrappingh real_wrapped_key_buffer (get sanitized_attributes_)))) (* Default if we are in a non concerned function is to passthrough *) | _ -> (serialize (false, ())) caml-crush-1.0.12/src/filter/frontend/000077500000000000000000000000001414774042300175325ustar00rootroot00000000000000caml-crush-1.0.12/src/filter/frontend/Makefile.in000066400000000000000000000003201414774042300215720ustar00rootroot00000000000000filter_dir = ../filter all: ocamlopt @ocaml_options@ -I $(filter_dir) -o frontend -c @srcdir@/frontend.ml clean: @rm -f @srcdir@/*.cmi @srcdir@/*.cmx @srcdir@/*.o @srcdir@/*.cmo @srcdir@/*~ @srcdir@/*.opt caml-crush-1.0.12/src/filter/frontend/frontend.ml000066400000000000000000000241221414774042300217040ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 filter 4] source tree: | ---------------------- | 4] PKCS#11 filter | ---------------------- | Project: PKCS#11 Filtering Proxy File: src/filter/frontend/frontend.ml ************************** MIT License HEADER ***********************************) open Printf (********************************************************************************) (* CUSTOM PURPOSE FUNCTIONS *) (********************************************************************************) let c_SetupArch = Filter.c_SetupArch (********************************************************************************) (* GENERAL PURPOSE FUNCTIONS *) (********************************************************************************) let c_LoadModule = Filter.c_LoadModule let c_Initialize () = Filter.c_Initialize () let c_GetInfo () = Filter.c_GetInfo () (********************************************************************************) (* SLOT AND TOKEN MANAGEMENT FUNCTIONS *) (********************************************************************************) let c_GetSlotList = Filter.c_GetSlotList let c_GetSlotInfo = Filter.c_GetSlotInfo let c_GetTokenInfo = Filter.c_GetTokenInfo let c_WaitForSlotEvent = Filter.c_WaitForSlotEvent let c_GetMechanismList = Filter.c_GetMechanismList let c_GetMechanismInfo = Filter.c_GetMechanismInfo let c_InitToken = Filter.c_InitToken let c_InitPIN = Filter.c_InitPIN let c_SetPIN = Filter.c_SetPIN (********************************************************************************) (* SESSION MANAGEMENT FUNCTIONS *) (********************************************************************************) let c_OpenSession = Filter.c_OpenSession let c_CloseSession = Filter.c_CloseSession let c_CloseAllSessions = Filter.c_CloseAllSessions let c_GetSessionInfo = Filter.c_GetSessionInfo let c_GetOperationState = Filter.c_GetOperationState let c_SetOperationState = Filter.c_SetOperationState let c_Login = Filter.c_Login let c_Logout = Filter.c_Logout (********************************************************************************) (* OBJECT MANAGEMENT FUNCTIONS *) (********************************************************************************) let c_Finalize () = Filter.c_Finalize () let c_CreateObject = Filter.c_CreateObject let c_CopyObject = Filter.c_CopyObject let c_DestroyObject = Filter.c_DestroyObject let c_GetObjectSize = Filter.c_GetObjectSize let c_GetAttributeValue = Filter.c_GetAttributeValue let c_SetAttributeValue = Filter.c_SetAttributeValue let c_FindObjectsInit = Filter.c_FindObjectsInit let c_FindObjects = Filter.c_FindObjects let c_FindObjectsFinal = Filter.c_FindObjectsFinal (********************************************************************************) (* ENCRYPTION FUNCTIONS *) (********************************************************************************) let c_EncryptInit = Filter.c_EncryptInit let c_Encrypt = Filter.c_Encrypt let c_EncryptUpdate = Filter.c_EncryptUpdate let c_EncryptFinal = Filter.c_EncryptFinal (********************************************************************************) (* DECRYPTION FUNCTIONS *) (********************************************************************************) let c_DecryptInit = Filter.c_DecryptInit let c_Decrypt = Filter.c_Decrypt let c_DecryptUpdate = Filter.c_DecryptUpdate let c_DecryptFinal = Filter.c_DecryptFinal (********************************************************************************) (* MESSAGE DIGESTING FUNCTIONS *) (********************************************************************************) let c_DigestInit = Filter.c_DigestInit let c_Digest = Filter.c_Digest let c_DigestUpdate = Filter.c_DigestUpdate let c_DigestKey = Filter.c_DigestKey let c_DigestFinal = Filter.c_DigestFinal (********************************************************************************) (* SIGNING AND MAC SIGNING FUNCTIONS *) (********************************************************************************) let c_SignInit = Filter.c_SignInit let c_SignRecoverInit = Filter.c_SignRecoverInit let c_Sign = Filter.c_Sign let c_SignRecover = Filter.c_SignRecover let c_SignUpdate = Filter.c_SignUpdate let c_SignFinal = Filter.c_SignFinal (********************************************************************************) (* FUNCTIONS FOR VERYFING SIGNATURES AND MAC *) (********************************************************************************) let c_VerifyInit = Filter.c_VerifyInit let c_VerifyRecoverInit = Filter.c_VerifyRecoverInit let c_Verify = Filter.c_Verify let c_VerifyRecover = Filter.c_VerifyRecover let c_VerifyUpdate = Filter.c_VerifyUpdate let c_VerifyFinal = Filter.c_VerifyFinal (********************************************************************************) (* DUAL-PURPOSE CRYPTOGRAPHIC FUNCTIONS *) (********************************************************************************) let c_DigestEncryptUpdate = Filter.c_DigestEncryptUpdate let c_DecryptDigestUpdate = Filter.c_DecryptDigestUpdate let c_SignEncryptUpdate = Filter.c_SignEncryptUpdate let c_DecryptVerifyUpdate = Filter.c_DecryptVerifyUpdate (********************************************************************************) (* KEY MANAGEMENT FUNCTIONS *) (********************************************************************************) let c_GenerateKey = Filter.c_GenerateKey let c_GenerateKeyPair = Filter.c_GenerateKeyPair let c_WrapKey = Filter.c_WrapKey let c_UnwrapKey = Filter.c_UnwrapKey let c_DeriveKey = Filter.c_DeriveKey (********************************************************************************) (* RANDOM NUMBER GENERATION FUNCTIONS *) (********************************************************************************) let c_SeedRandom = Filter.c_SeedRandom let c_GenerateRandom = Filter.c_GenerateRandom (********************************************************************************) (* PARALLEL FUNCTION MANAGEMENT FUNCTIONS *) (********************************************************************************) let c_GetFunctionStatus = Filter.c_GetFunctionStatus let c_CancelFunction = Filter.c_CancelFunction caml-crush-1.0.12/src/pkcs11proxyd/000077500000000000000000000000001414774042300167765ustar00rootroot00000000000000caml-crush-1.0.12/src/pkcs11proxyd/Makefile.in000066400000000000000000000040101414774042300210360ustar00rootroot00000000000000filter_filter_dir = ../filter/filter filter_backend_dir = ../filter/backend filter_frontend_dir = ../filter/frontend caml_link_dirs = -cclib -lpthread -cclib -lcamlidl -cclib -L$(bindings_dir) bindings_dir = ../bindings-pkcs11 rpc-pkcs11_dir = ../rpc-pkcs11 mem_prot_opt_caml=-ccopt -O2 -ccopt -fPIC -ccopt -fPIE -ccopt -Wl,-z,relro,-z,now -ccopt -fstack-protector -ccopt -DFORTIFY_SOURCE=2 server_name = pkcs11proxyd prefix=${DESTDIR}@prefix@ sysconf=${DESTDIR}@sysconfdir@ all: #Compile Server ocamlfind ocamlopt @ocaml_options@ -pp "camlp4o pa_macro.cmo @ocaml_bytes_module_define@ -I @srcdir@ @caml_server_daemonize_define@ @caml_server_ssl_define@ @filter_define@" -package "netplex" @filter_include@ @caml_server_ssl_package@ -I $(bindings_dir) -I $(rpc-pkcs11_dir) -o server -c @srcdir@/server.ml ocamlfind ocamlopt @ocaml_options@ @filter_include@ -package "str,netplex,config-file" @caml_server_ssl_package@ -linkpkg $(bindings_dir)/pkcs11.cmxa @filter_files@ $(rpc-pkcs11_dir)/pkcs11_rpclib.cmxa server.cmx $(caml_link_dirs) $(mem_prot_opt_caml) -o $(server_name) install: echo "Installing $(server_name) to ${prefix}/bin/$(server_name)" install -D $(server_name) ${prefix}/bin/$(server_name) echo "Installing @srcdir@/$(server_name).conf to ${sysconf}/$(server_name)/$(server_name).conf" install -m 640 -D @srcdir@/$(server_name).conf ${sysconf}/$(server_name)/$(server_name).conf install -m 640 -D @srcdir@/filter.conf ${sysconf}/$(server_name)/filter.conf uninstall: echo "Removing $(server_name) from ${prefix}/bin/$(server_name)" rm ${prefix}/bin/$(server_name) echo "Removing $(server_name).conf from ${sysconf}/$(server_name)/$(server_name).conf" rm ${sysconf}/$(server_name)/$(server_name).conf rm ${sysconf}/$(server_name)/filter.conf clean: @rm -f @srcdir@/*.cmi @srcdir@/*.cmo @srcdir@/*.cma @srcdir@/*.cmx @srcdir@/*.o @srcdir@/*.a @srcdir@/*.cmxa @srcdir@/dll* @srcdir@/packlist-* @srcdir@/ocamldoc.dump @srcdir@/META @srcdir@/depend @srcdir@/$(server_name) @srcdir@/*.astamp @srcdir@/*.cstamp @srcdir@/*.s2stamp caml-crush-1.0.12/src/pkcs11proxyd/filter.conf000066400000000000000000000323371414774042300211420ustar00rootroot00000000000000(* debug = integer between 0 and 3 0 = merely no log at all, except critical errors and printing the debug level itself 1 = level 0 + positive filtering matches (i.e. when the filter detects something to block) 2 = level 1 + negative filtering matches (i.e. when the filter detects that it must not block something) 3 = level 2 + print all the fetched configuration variables in the filter configuration file (modules aliasing, filtered labels, filtered ids, ...) *) debug = 0 (* wrapping_format_key = configure the AES-128 key used for the wrapping format. The format is 32 char long string in hexadecimal format. You MUST uncomment and configure to a cryptographically sound random value when using the wrapping_format_patch function of the patchset 1 which is the default configuration. *) (* wrapping_format_key = "00112233445566778899aabbccddeeff" *) (* modules = [(a1, b1), (a2, b2) ...] is a list of couples of strings (a, b) with 'a' being an alias, and 'b' being a PATH to the aliased PKCS#11 module *) modules = [("softhsm", "/usr/lib/softhsm/libsofthsm.so"), ("opencryptoki", "/usr/local/lib/opencryptoki/libopencryptoki.so")] (* log_subchannel = string representing the filter log subchannel in the server *) log_subchannel = filter (* forbidden_mechanisms = [(a1, b1), (a2, b2) ...] is a list of couples where 'a' is a regular expression string representing modules and 'b' is a list of PKCS#11 mechanisms with the PKCS#11 definition syntax (CKM_RSA_X_509 for instance) *) forbidden_mechanisms = [("sof.*", [CKM_RSA_X_509]), ("opencrypto.*", [])] (* allowed_labels = [(a1, b1), (a2, b2) ...] is a list of couples where 'a1', 'a2', ... are regular expression strings representing module names, and 'b1', 'b2', ... are regular expressions representing labels example: allowed_labels = [("opencryptoki", ["not_filtered_.*", "test"])] Here, only objects with CKA_LABEL such as "not_filtered_.*" and "test" are usable for the "opencryptoki" alias. default: NO filtering, uncomment and configure below to filter objects *) (* allowed_labels = [("opencryptoki", ["not_filtered_.*", "test"])] *) (* allowed_ids = [(a1, b1), (a2, b2) ...] is a list of couples where 'a1', 'a2', ... are regular expression strings representing module names, and 'b1', 'b2', ... are regular expressions representing ids example: allowed_ids = [("softhsm", [".*"])] Here, this rule allows all CKA_ID to be used for the "softhsm" alias. default: NO filtering, uncomment and configure below to filter objects *) (* allowed_ids = [("softhsm", [".*"])] *) (* forbidden_functions = [(a1, b1), (a2, b2) ...] is a list of couples where 'a1', 'a2', ... are regular expression strings representing module names, and 'b1', 'b2', ... are lists of PKCS#11 functions with the PKCS#11 naming convention (C_Login, C_Logout ...) default OFF, uncomment and configure below to enable; *) (* forbidden_functions = [("soft.*", []), ("softhsm", [])] *) (* enforce_ro_sessions = [(a1, b1), (a2, b2) ...] is a list of couples where 'a' is a regular expression string representing module names, and 'b1', 'b2', ... are booleans that can take 'true', 'false', 'yes' and 'no' as possible values default OFF, uncomment and configure below to enable; *) (* enforce_ro_sessions = [(".*", no)] *) (* forbid_admin_operations = [(a1, b1), (a2, b2) ...] is a list of couples where 'a' is a regular expression string representing module names, and 'b1', 'b2', ... are booleans that can take 'true', 'false', 'yes' and 'no' as possible values default OFF, uncomment and configure below to enable; *) (* forbid_admin_operations = [(".*", yes)] *) (* remove_padding_oracles = [(a1, b1), (a2, b2) ...] is a list of couples where 'a' is a regular expression string representing module names, and 'b1', 'b2', ... are a lists of cryptographic operations type that can take as possible values 'wrap', 'unwrap', 'encrypt', 'sign' and 'all' (this last one represents the sum of all the values) default OFF, uncomment and configure below to enable; *) (* remove_padding_oracles = [(".*", [wrap, unwrap, encrypt])] *) (* filter_actions = list of couples of [string_regexp x list of couples of [PKCS#11_function x custom_function]]). This option is a way to extend the filter features as the user can provide its own hooks on every PKCS#11 function. See FILTER.md for more information. default OFF, uncomment and configure below to enable; *) (* filter_actions = [ (".*", [(C_Login, c_Login_hook), (C_Initialize, c_Initialize_hook)]), ("soft.*", [(C_CloseSession, identity)]) ] *) (**** Fixing PKCS#11 with patchset 1 * See FILTER.md for a detailed explanation of patchset 1 and 2. default ON; *) filter_actions_post = [ (".*", [ (******** This is optional: key usage segregation ******************************) (* (C_Initialize, do_segregate_usage), *) (******** Check for key creation and attribute manipulation on non local keys **) (C_CreateObject, non_local_objects_patch), (C_CopyObject, non_local_objects_patch), (C_SetAttributeValue, non_local_objects_patch), (******** Check for value extraction on sensitive/nonextractable keys **********) (C_GetAttributeValue, prevent_sensitive_leak_patch), (C_SetAttributeValue, prevent_sensitive_leak_patch), (******** CryptokiX conflicting attributes patch addendum for existing objects *) (C_EncryptInit, conflicting_attributes_patch_on_existing_objects), (C_DecryptInit, conflicting_attributes_patch_on_existing_objects), (C_SignInit, conflicting_attributes_patch_on_existing_objects), (C_SignRecoverInit, conflicting_attributes_patch_on_existing_objects), (C_VerifyInit, conflicting_attributes_patch_on_existing_objects), (C_VerifyRecoverInit, conflicting_attributes_patch_on_existing_objects), (C_DeriveKey, conflicting_attributes_patch_on_existing_objects), (C_DigestKey, conflicting_attributes_patch_on_existing_objects), (C_WrapKey, conflicting_attributes_patch_on_existing_objects), (C_UnwrapKey, conflicting_attributes_patch_on_existing_objects), (C_FindObjects, conflicting_attributes_patch_on_existing_objects), (******** Patch addendum to handle key escrow (or not) *) (C_EncryptInit, dangerous_sensitive_keys_escrow_encrypt), (C_DecryptInit, dangerous_sensitive_keys_escrow_encrypt), (C_SignInit, dangerous_sensitive_keys_escrow_encrypt), (C_SignRecoverInit, dangerous_sensitive_keys_escrow_encrypt), (C_VerifyInit, dangerous_sensitive_keys_escrow_encrypt), (C_VerifyRecoverInit, dangerous_sensitive_keys_escrow_encrypt), (C_DeriveKey, dangerous_sensitive_keys_escrow_encrypt), (C_DigestKey, dangerous_sensitive_keys_escrow_encrypt), (C_WrapKey, dangerous_sensitive_keys_escrow_encrypt), (C_UnwrapKey, dangerous_sensitive_keys_escrow_encrypt), (C_FindObjects, dangerous_sensitive_keys_escrow_encrypt), (******** CryptokiX conflicting attributes patch *******************************) (C_CreateObject, conflicting_attributes_patch), (C_CopyObject, conflicting_attributes_patch), (C_UnwrapKey, conflicting_attributes_patch), (C_GenerateKey, conflicting_attributes_patch), (C_GenerateKeyPair, conflicting_attributes_patch), (C_DeriveKey, conflicting_attributes_patch), (C_SetAttributeValue, conflicting_attributes_patch), (******** CryptokiX sticky attributes patch ************************************) (C_CopyObject, sticky_attributes_patch), (C_SetAttributeValue, sticky_attributes_patch), (******** CryptokiX Wrapping format patch **************************************) (C_WrapKey, wrapping_format_patch), (C_UnwrapKey, wrapping_format_patch), (******** Sanitizing the creation attributes patch *****************************) (C_CreateObject, sanitize_creation_templates_patch), (C_CopyObject, sanitize_creation_templates_patch), (C_GenerateKey, sanitize_creation_templates_patch), (C_GenerateKeyPair, sanitize_creation_templates_patch), (C_DeriveKey, sanitize_creation_templates_patch), (C_UnwrapKey, sanitize_creation_templates_patch) ] ) ] (**** Fixing PKCS#11 with patchset 2 * See FILTER.md for a detailed explanation of patchset 1 and 2. default OFF, WARNING patchset 1 and 2 are incompatible, make sure it is not enabled before enabling this one *) (* filter_actions_post = [ (".*", [ (******** This is optional: key usage segregation ******************************) (* (C_Initialize, do_segregate_usage), *) (******** CryptokiX conflicting attributes patch addendum for existing objects *) (C_EncryptInit, conflicting_attributes_patch_on_existing_objects), (C_DecryptInit, conflicting_attributes_patch_on_existing_objects), (C_SignInit, conflicting_attributes_patch_on_existing_objects), (C_SignRecoverInit, conflicting_attributes_patch_on_existing_objects), (C_VerifyInit, conflicting_attributes_patch_on_existing_objects), (C_VerifyRecoverInit, conflicting_attributes_patch_on_existing_objects), (C_DeriveKey, conflicting_attributes_patch_on_existing_objects), (C_DigestKey, conflicting_attributes_patch_on_existing_objects), (C_WrapKey, conflicting_attributes_patch_on_existing_objects), (C_UnwrapKey, conflicting_attributes_patch_on_existing_objects), (C_FindObjects, conflicting_attributes_patch_on_existing_objects), (******** Patch addendum to handle key escrow (or not) *) (C_EncryptInit, dangerous_sensitive_keys_escrow_encrypt), (C_DecryptInit, dangerous_sensitive_keys_escrow_encrypt), (C_SignInit, dangerous_sensitive_keys_escrow_encrypt), (C_SignRecoverInit, dangerous_sensitive_keys_escrow_encrypt), (C_VerifyInit, dangerous_sensitive_keys_escrow_encrypt), (C_VerifyRecoverInit, dangerous_sensitive_keys_escrow_encrypt), (C_DeriveKey, dangerous_sensitive_keys_escrow_encrypt), (C_DigestKey, dangerous_sensitive_keys_escrow_encrypt), (C_WrapKey, dangerous_sensitive_keys_escrow_encrypt), (C_UnwrapKey, dangerous_sensitive_keys_escrow_encrypt), (C_FindObjects, dangerous_sensitive_keys_escrow_encrypt), (******** CryptokiX secure templates patch on key creation and import **********) (C_SetAttributeValue, secure_templates_patch), (C_GenerateKey, secure_templates_patch), (C_GenerateKeyPair, secure_templates_patch), (C_CreateObject, secure_templates_patch), (C_CopyObject, secure_templates_patch), (C_UnwrapKey, secure_templates_patch), (C_DeriveKey, secure_templates_patch), (******** Check for value extraction on sensitive/nonextractable keys **********) (C_GetAttributeValue, prevent_sensitive_leak_patch), (C_SetAttributeValue, prevent_sensitive_leak_patch), (******** Sanitizing the creation attributes patch *****************************) (C_CreateObject, sanitize_creation_templates_patch), (C_CopyObject, sanitize_creation_templates_patch), (C_GenerateKey, sanitize_creation_templates_patch), (C_GenerateKeyPair, sanitize_creation_templates_patch), (C_DeriveKey, sanitize_creation_templates_patch), (C_UnwrapKey, sanitize_creation_templates_patch) ] ) ] *) caml-crush-1.0.12/src/pkcs11proxyd/pkcs11proxyd.conf000066400000000000000000000104531414774042300222200ustar00rootroot00000000000000netplex { controller { max_level = "debug"; (* Log level *) (* configure "admin" socket directory, default "/tmp/.netplex" *) (* socket_directory = "/home/pkcs11proxyd/.netplex"; *) logging { (* type can either be "stderr", "syslog", "file", "multi_file" * see http://projects.camlcity.org/projects/dl/ocamlnet-3.6/doc/html-main/Netplex_admin.html *) type = "stderr"; (* Log to stderr *) }; }; service { name = "PKCS#11 Filtering Proxy"; (* These parameters can be used to change UID/GID of worker processes *) (* user = "pkcs11proxyd"; group = "pkcs11proxyd"; *) (* Do NOT change conn_limit, this would be a serious SECURITY ISSUE *) conn_limit = 1; protocol { (* This section creates the socket *) name = "rpc_pkcs11"; (* OCamlnet 4 support the following to set Unix socket permissions:*) (* local_chmod = "0o777"; *) (* This section creates the socket *) (* Socket can either be TCP or UNIX *) address { (* Default here is TCP localhost on port 4444 *) type = "internet"; bind = "127.0.0.1:4444"; (* For Unix WARNING: For OCamlnet < 4 it is not possible to set the socket permission, you will have to manually fix it to allow multi-user access (e.g. chmod 777 , or umask prior launching). *) (* type = "local"; path = "/var/run/pkcs11proxyd.socket"; *) }; }; processor { (* This section specifies how to process data of the socket *) type = "rpc_pkcs11"; (* libnames param is used when the proxy is compiled WITHOUT filtering support *) (* syntax is: libnames=":;<...>:<...>;"; *) (* libnames="softhsm:/usr/local/lib/softhsm/libsofthsm.so;opencryptoki:/usr/lib/libopencryptoki.so;"; *) (* filter_config is used to supply the filtering configuration when compiled in *) filter_config="/usr/local/etc/pkcs11proxyd/filter.conf"; (*************** TLS support begin ***********************) (* use_ssl = false to disable SSL support on server side *) (* use_ssl = true to enable SSL support on server side *) use_ssl = false; (* TLS support for Caml Crush compiled with OCamlnet 4.x *) (* Uncomment to enable TLS when using OCamlnet 4.x *) (* tls { (* Ciphersuites, GnuTLS syntax *) (* TLS 1.2, PFS-only suites, no DSS, no CAMELLIA *) algorithms = "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"; (* Force peer client authentication *) peer_auth = "required"; (* Uncomment to enable DHE parameters, used for PFS *) (* dh_params { (* Pre-computed DH parameters *) pkcs3_file = "/etc/pkcs11proxyd/dhparams.pem"; (* Run-time created DH parameters, warning: this takes a long time *) (*bits = 2048;*) }; *) x509 { key { crt_file = "server.pem"; key_file = "server.key"; }; trust { crt_file = "cacert.pem"; }; } }; *) (* LEGACY SSL support for Caml Crush <= 1.0.6 or OCamlnet 3.x *) (* OpenSSL cipher syntax, one or many suites can be configured, or alias such as HIGH *) cipher_suite="DHE-RSA-AES128-SHA"; (* Provide full certificate chain in cafile *) cafile = "/usr/local/etc/tests/certs/ca.crt"; certfile = "/usr/local/etc/tests/certs/server.crt"; certkey = "/usr/local/etc/tests/certs/server.key"; (* Optional, allows to use DHE cipher suites, generate custom DH paramerters *) dh_params = "/usr/local/etc/tests/certs/dhparams.pem"; (* Optional, allows to use ECDHE cipher suites *) ec_curve_name = "prime256v1"; (* Optional, allows to use a custom certificate verification depth *) verify_depth = 4; (***************TLS support end *************************) }; workload_manager { type = "dynamic"; max_jobs_per_thread = 1; (* Everything else is senseless *) min_free_jobs_capacity = 1; max_free_jobs_capacity = 1; max_threads = 100; }; } } caml-crush-1.0.12/src/pkcs11proxyd/server.ml000066400000000000000000001406521414774042300206460ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 daemon 3] source tree: ---------------------- | 3] PKCS#11 RPC server| ---------------------- Project: PKCS#11 Filtering Proxy File: src/pkcs11proxyd/server.ml ************************** MIT License HEADER ***********************************) open Pkcs11_rpc_aux open Pkcs11 open Rpc_helpers (* Handling the filter passthrough *) IFDEF WITHOUT_FILTER THEN DEFINE CALLP11=Pkcs11 ELSE DEFINE CALLP11=Frontend ENDIF INCLUDE "server_ssl.ml" (* PKCS#11 functions debug variable *) let ref_pkcs_debug = ref 0 let ref_daemonize_args = ref "" IFNDEF WITH_SSL THEN let libnames_config_ref = ref "" let filter_config_file_ref = ref "" ENDIF (* Debug helper *) (* This function prints the name of the calling function *) let debug_print_call function_name = (* Debug *) if !ref_pkcs_debug = 1 then begin let s = Printf.sprintf "%s called in process %d" function_name (Unix.getpid()) in Netplex_cenv.log `Info s; end (*********) (* This function prints the pid and the return value of a PKCS#11 function *) let debug_print_ret function_name ret_value = (* Debug *) if !ref_pkcs_debug = 1 then begin let s = Printf.sprintf "%s returned in process %d with %s" function_name (Unix.getpid()) (match_cKR_value ret_value) in Netplex_cenv.log `Info s; end (*********) (* Basic debug *) let debug_print function_name in_string = (* Debug *) if !ref_pkcs_debug = 1 then begin let s = Printf.sprintf "%s in process %d: %s" function_name (Unix.getpid()) in_string in Netplex_cenv.log `Info s; end (*********) let c_Daemonize (param) = debug_print_call "C_Daemonize"; (* To keep things consistent c_Daemonize can pass through filter as well *) let ret = Pkcs11.c_Daemonize param in debug_print_ret "C_Daemonize" ret; (Int64.of_nativeint ret) let c_SetupArch (arch) = debug_print "C_SetupArch peer arch is" (Pkcs11.match_arch_value (Int64.to_nativeint arch)); let ret = CALLP11.c_SetupArch (Int64.to_nativeint arch) in debug_print "C_SetupArch server arch is" (Pkcs11.match_arch_value ret); (Int64.of_nativeint ret) let c_Initialize () = debug_print_call "C_Initialize"; let ret = CALLP11.c_Initialize () in debug_print_ret "C_Initialize" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_GetSlotList (token_present, count) = debug_print_call "C_GetSlotList"; let (ret, slot_list_, count_) = CALLP11.c_GetSlotList (Int64.to_nativeint token_present) (Int64.to_nativeint count) in debug_print_ret "C_GetSlotList" ret; {c_getslotlist_rv = (Int64.of_nativeint ret) ; c_getslotlist_slot_list = (Array.map Int64.of_nativeint slot_list_) ; c_getslotlist_count = (Int64.of_nativeint count_)} (*************************************************************************) let c_Finalize () = debug_print_call "C_Finalize"; let ret = CALLP11.c_Finalize () in debug_print_ret "C_Finalize" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_GetInfo () = debug_print_call "C_GetInfo"; let (ret, info_) = CALLP11.c_GetInfo () in debug_print_ret "C_GetInfo" ret; {c_getinfo_rv = (Int64.of_nativeint ret) ; c_getinfo_info = (ck_info_pkcs11_to_rpc_aux info_) } (*************************************************************************) let c_WaitForSlotEvent (flags) = debug_print_call "C_WaitForSlotEvent"; let (ret, count_) = CALLP11.c_WaitForSlotEvent (Int64.to_nativeint flags) in debug_print_ret "C_WaitForSlotEvent" ret; {c_waitforslotevent_rv = (Int64.of_nativeint ret) ; c_waitforslotevent_count = (Int64.of_nativeint count_) } (*************************************************************************) let c_GetSlotInfo (slot_id) = debug_print_call "C_GetSlotInfo"; let (ret, slot_info_) = CALLP11.c_GetSlotInfo (Int64.to_nativeint slot_id) in debug_print_ret "C_GetSlotInfo" ret; {c_getslotinfo_rv = (Int64.of_nativeint ret) ; c_getslotinfo_slot_info = (ck_slot_info_pkcs11_to_rpc_aux slot_info_) } (*************************************************************************) let c_GetTokenInfo (slot_id) = debug_print_call "C_GetTokenInfo"; let (ret, token_info_) = CALLP11.c_GetTokenInfo (Int64.to_nativeint slot_id) in debug_print_ret "C_GetTokenInfo" ret; {c_gettokeninfo_rv = (Int64.of_nativeint ret) ; c_gettokeninfo_token_info = (ck_token_info_pkcs11_to_rpc_aux token_info_)} (*************************************************************************) let c_Login (handle, user_type, pin) = debug_print_call "C_Login"; let real_pin = (Pkcs11.string_to_char_array pin) in let ret = CALLP11.c_Login (Int64.to_nativeint handle) (Int64.to_nativeint user_type) real_pin in debug_print_ret "C_Login" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_Logout (handle) = debug_print_call "C_Logout"; let ret = CALLP11.c_Logout (Int64.to_nativeint handle) in debug_print_ret "C_Logout" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_OpenSession (slot_id, flags) = debug_print_call "C_OpenSession"; let (ret, session_) = CALLP11.c_OpenSession (Int64.to_nativeint slot_id) (Int64.to_nativeint flags) in debug_print_ret "C_OpenSession" ret; {c_opensession_rv = (Int64.of_nativeint ret) ; c_opensession_handle = (Int64.of_nativeint session_) } (*************************************************************************) let c_CloseSession (session) = debug_print_call "C_CloseSession"; let ret = CALLP11.c_CloseSession (Int64.to_nativeint session) in debug_print_ret "C_CloseSession" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_GetMechanismList (slot_id, count) = debug_print_call "C_GetMechanismList"; let (ret, mech_list_, count_) = CALLP11.c_GetMechanismList (Int64.to_nativeint slot_id) (Int64.to_nativeint count) in debug_print_ret "C_GetMechanismList" ret; {c_getmechanismlist_rv = (Int64.of_nativeint ret) ; c_getmechanismlist_list = (Array.map Int64.of_nativeint mech_list_) ; c_getmechanismlist_count = (Int64.of_nativeint count_)} (*************************************************************************) let c_CloseAllSessions (slot_id) = debug_print_call "C_CloseAllSessions"; let ret = CALLP11.c_CloseAllSessions (Int64.to_nativeint slot_id) in debug_print_ret "C_CloseAllSessions" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_GetSessionInfo (session) = debug_print_call "C_GetSessionInfo"; let (ret, session_info_) = CALLP11.c_GetSessionInfo (Int64.to_nativeint session) in debug_print_ret "C_GetSessionInfo" ret; {c_getsessioninfo_rv = (Int64.of_nativeint ret) ; c_getsessioninfo_info = (ck_session_info_pkcs11_to_rpc_aux session_info_) } (*************************************************************************) let c_GetMechanismInfo (slot_id, mechanism_type) = debug_print_call "C_GetMechanismInfo"; let (ret, mech_info_) = CALLP11.c_GetMechanismInfo (Int64.to_nativeint slot_id) (Int64.to_nativeint mechanism_type) in debug_print_ret "C_GetMechanismInfo" ret; {c_getmechanisminfo_rv = (Int64.of_nativeint ret) ; c_getmechanisminfo_info = (ck_mechanism_info_pkcs11_to_rpc_aux mech_info_)} (*************************************************************************) let c_InitPIN (session_handle, pin) = debug_print_call "C_InitPIN"; let real_pin = (Pkcs11.string_to_char_array pin) in let ret = CALLP11.c_InitPIN (Int64.to_nativeint session_handle) real_pin in debug_print_ret "C_InitPIN" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_SetPIN (session_handle, old_pin, new_pin) = debug_print_call "C_SetPIN"; let real_old_pin = (Pkcs11.string_to_char_array old_pin) in let real_new_pin = (Pkcs11.string_to_char_array new_pin) in let ret = CALLP11.c_SetPIN (Int64.to_nativeint session_handle) real_old_pin real_new_pin in debug_print_ret "C_SetPIN" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_SeedRandom (session_handle, seed) = debug_print_call "C_SeedRandom"; let real_seed = (Pkcs11.string_to_char_array seed) in let ret = CALLP11.c_SeedRandom (Int64.to_nativeint session_handle) real_seed in debug_print_ret "C_SeedRandom" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_InitToken (slot_id, so_pin, label) = debug_print_call "C_InitToken"; let real_label = (Pkcs11.string_to_char_array label) in let real_so_pin = (Pkcs11.string_to_char_array so_pin) in let ret = CALLP11.c_InitToken (Int64.to_nativeint slot_id) real_so_pin real_label in debug_print_ret "C_InitToken" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_GenerateRandom (session_handle, count) = debug_print_call "C_GenerateRandom"; let (ret, rand_data_) = CALLP11.c_GenerateRandom (Int64.to_nativeint session_handle) (Int64.to_nativeint count) in debug_print_ret "C_GenerateRandom" ret; {c_generaterandom_rv = (Int64.of_nativeint ret) ; c_generaterandom_data = (Pkcs11.char_array_to_string rand_data_) } (*************************************************************************) let c_FindObjectsInit (session_handle, attributes) = debug_print_call "C_FindObjectsInit"; let real_attributes = (Array.map ck_attribute_rpc_aux_to_pkcs11 attributes) in let ret = CALLP11.c_FindObjectsInit (Int64.to_nativeint session_handle) real_attributes in debug_print_ret "C_FindObjectsInit" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_FindObjects (session_handle, count) = debug_print_call "C_FindObjects"; let (ret, objects_, count_) = CALLP11.c_FindObjects (Int64.to_nativeint session_handle) (Int64.to_nativeint count) in debug_print_ret "C_FindObjects" ret; {c_findobjects_rv = (Int64.of_nativeint ret) ; c_findobjects_objects = (Array.map Int64.of_nativeint objects_) ; c_findobjects_count = (Int64.of_nativeint count_) } (*************************************************************************) let c_FindObjectsFinal (session_handle) = debug_print_call "C_FindObjectsFinal"; let ret = CALLP11.c_FindObjectsFinal (Int64.to_nativeint session_handle) in debug_print_ret "C_FindObjectsFinal" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_GenerateKey (session_handle, mechanism, attributes) = debug_print_call "C_GenerateKey"; let real_mechanism = (ck_mechanism_rpc_aux_to_pkcs11 mechanism) in let real_attributes = (Array.map ck_attribute_rpc_aux_to_pkcs11 attributes) in let (ret, object_handle_) = CALLP11.c_GenerateKey (Int64.to_nativeint session_handle) real_mechanism real_attributes in debug_print_ret "C_GenerateKey" ret; {c_generatekey_rv = (Int64.of_nativeint ret) ; c_generatekey_handle = (Int64.of_nativeint object_handle_)} (*************************************************************************) let c_GenerateKeyPair (session_handle, mechanism, pub_attributes, priv_attributes) = debug_print_call "C_GenerateKeyPair"; let real_mechanism = (ck_mechanism_rpc_aux_to_pkcs11 mechanism) in let real_pub_attributes = (Array.map ck_attribute_rpc_aux_to_pkcs11 pub_attributes) in let real_priv_attributes = (Array.map ck_attribute_rpc_aux_to_pkcs11 priv_attributes) in let (ret, pub_handle_, priv_handle_) = CALLP11.c_GenerateKeyPair (Int64.to_nativeint session_handle) real_mechanism real_pub_attributes real_priv_attributes in debug_print_ret "C_GenerateKeyPair" ret; {c_generatekeypair_rv = (Int64.of_nativeint ret) ; c_generatekeypair_pubhandle = (Int64.of_nativeint pub_handle_); c_generatekeypair_privhandle = (Int64.of_nativeint priv_handle_)} (*************************************************************************) let c_CreateObject (session_handle, attributes) = debug_print_call "C_CreateObject"; let real_attributes = (Array.map ck_attribute_rpc_aux_to_pkcs11 attributes) in let (ret, handle_) = CALLP11.c_CreateObject (Int64.to_nativeint session_handle) real_attributes in debug_print_ret "C_CreateObject" ret; {c_createobject_rv = (Int64.of_nativeint ret) ; c_createobject_handle = (Int64.of_nativeint handle_)} (*************************************************************************) let c_CopyObject (session_handle, object_handle, attributes) = debug_print_call "C_CopyObject"; let real_attributes = (Array.map ck_attribute_rpc_aux_to_pkcs11 attributes) in let (ret, handle_) = CALLP11.c_CopyObject (Int64.to_nativeint session_handle) (Int64.to_nativeint object_handle) real_attributes in debug_print_ret "C_CopyObject" ret; {c_copyobject_rv = (Int64.of_nativeint ret) ; c_copyobject_handle = (Int64.of_nativeint handle_)} (*************************************************************************) let c_DestroyObject (session_handle, object_handle) = debug_print_call "C_DestroyObject"; let ret = CALLP11.c_DestroyObject (Int64.to_nativeint session_handle) (Int64.to_nativeint object_handle) in debug_print_ret "C_DestroyObject" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_GetAttributeValue (session_handle, object_handle, attributes) = debug_print_call "C_GetAttributeValue"; let real_attributes = (Array.map ck_attribute_rpc_aux_to_pkcs11 attributes) in let (ret, attributes_) = CALLP11.c_GetAttributeValue (Int64.to_nativeint session_handle) (Int64.to_nativeint object_handle) real_attributes in debug_print_ret "C_GetAttributeValue" ret; {c_getattributevalue_rv = (Int64.of_nativeint ret) ; c_getattributevalue_value = (Array.map ck_attribute_pkcs11_to_rpc_aux attributes_) } (*************************************************************************) let c_SetAttributeValue (session_handle, object_handle, attributes) = debug_print_call "C_SetAttributeValue"; let real_attributes = (Array.map ck_attribute_rpc_aux_to_pkcs11 attributes) in let ret = CALLP11.c_SetAttributeValue (Int64.to_nativeint session_handle) (Int64.to_nativeint object_handle) real_attributes in debug_print_ret "C_SetAttributeValue" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_GetObjectSize (session_handle, object_handle) = debug_print_call "C_GetObjectSize"; let (ret, size_) = CALLP11.c_GetObjectSize (Int64.to_nativeint session_handle) (Int64.to_nativeint object_handle) in debug_print_ret "C_GetObjectSize" ret; {c_getobjectsize_rv = (Int64.of_nativeint ret) ; c_getobjectsize_size = (Int64.of_nativeint size_)} (*************************************************************************) let c_WrapKey (session_handle, mechanism, wrapping_handle, wrapped_handle) = debug_print_call "C_WrapKey"; let real_mechanism = (ck_mechanism_rpc_aux_to_pkcs11 mechanism) in let (ret, wrapped_value_) = CALLP11.c_WrapKey (Int64.to_nativeint session_handle) real_mechanism (Int64.to_nativeint wrapping_handle) (Int64.to_nativeint wrapped_handle) in debug_print_ret "C_WrapKey" ret; {c_wrapkey_rv = (Int64.of_nativeint ret) ; c_wrapkey_value = (Pkcs11.char_array_to_string wrapped_value_) } (*************************************************************************) let c_UnwrapKey (session_handle, mechanism, unwrapping_handle, wrapped_key, attributes) = debug_print_call "C_UnwrapKey"; let real_mechanism = (ck_mechanism_rpc_aux_to_pkcs11 mechanism) in let real_attributes = (Array.map ck_attribute_rpc_aux_to_pkcs11 attributes) in let real_wrapped_key = (Pkcs11.string_to_char_array wrapped_key) in let (ret, unwrapped_value_) = CALLP11.c_UnwrapKey (Int64.to_nativeint session_handle) real_mechanism (Int64.to_nativeint unwrapping_handle) real_wrapped_key real_attributes in debug_print_ret "C_UnwrapKey" ret; {c_unwrapkey_rv = (Int64.of_nativeint ret) ; c_unwrapkey_handle = (Int64.of_nativeint unwrapped_value_) } (*************************************************************************) let c_DeriveKey (session_handle, mechanism, initial_key, attributes) = debug_print_call "C_DeriveKey"; let real_mechanism = (ck_mechanism_rpc_aux_to_pkcs11 mechanism) in let real_attributes = (Array.map ck_attribute_rpc_aux_to_pkcs11 attributes) in let (ret, derived_key_) = CALLP11.c_DeriveKey (Int64.to_nativeint session_handle) real_mechanism (Int64.to_nativeint initial_key) real_attributes in debug_print_ret "C_DeriveKey" ret; {c_derivekey_rv = (Int64.of_nativeint ret) ; c_derivekey_handle = (Int64.of_nativeint derived_key_) } (*************************************************************************) let c_DigestInit (session_handle, mechanism) = debug_print_call "C_DigestInit"; let real_mechanism = (ck_mechanism_rpc_aux_to_pkcs11 mechanism) in let ret = CALLP11.c_DigestInit (Int64.to_nativeint session_handle) real_mechanism in debug_print_ret "C_DigestInit" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_Digest (session_handle, data) = debug_print_call "C_Digest"; let real_data = (Pkcs11.string_to_char_array data) in let (ret, digested_) = CALLP11.c_Digest (Int64.to_nativeint session_handle) real_data in debug_print_ret "C_Digest" ret; {c_digest_rv = (Int64.of_nativeint ret) ; c_digest_value = (Pkcs11.char_array_to_string digested_) } (*************************************************************************) let c_DigestUpdate (session_handle, data) = debug_print_call "C_DigestUpdate"; let real_data = (Pkcs11.string_to_char_array data) in let ret = CALLP11.c_DigestUpdate (Int64.to_nativeint session_handle) real_data in debug_print_ret "C_DigestUpdate" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_DigestFinal (session_handle) = debug_print_call "C_DigestFinal"; let (ret, digested_) = CALLP11.c_DigestFinal (Int64.to_nativeint session_handle) in debug_print_ret "C_DigestFinal" ret; {c_digestfinal_rv = (Int64.of_nativeint ret) ; c_digestfinal_value = (Pkcs11.char_array_to_string digested_) } (*************************************************************************) let c_DigestKey (session_handle, object_handle) = debug_print_call "C_DigestKey"; let ret = CALLP11.c_DigestKey (Int64.to_nativeint session_handle) (Int64.to_nativeint object_handle) in debug_print_ret "C_DigestKey" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_SignInit (session_handle, mechanism, object_handle) = debug_print_call "C_SignInit"; let real_mechanism = (ck_mechanism_rpc_aux_to_pkcs11 mechanism) in let ret = CALLP11.c_SignInit (Int64.to_nativeint session_handle) real_mechanism (Int64.to_nativeint object_handle) in debug_print_ret "C_SignInit" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_Sign (session_handle, data) = debug_print_call "C_Sign"; let real_data = (Pkcs11.string_to_char_array data) in let (ret, signed_) = CALLP11.c_Sign (Int64.to_nativeint session_handle) real_data in debug_print_ret "C_Sign" ret; {c_sign_rv = (Int64.of_nativeint ret) ; c_sign_value = (Pkcs11.char_array_to_string signed_) } (*************************************************************************) let c_SignUpdate (session_handle, data) = debug_print_call "C_SignUpdate"; let real_data = (Pkcs11.string_to_char_array data) in let ret = CALLP11.c_SignUpdate (Int64.to_nativeint session_handle) real_data in debug_print_ret "C_SignUpdate" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_SignFinal (session_handle) = debug_print_call "C_SignFinal"; let (ret, signed_) = CALLP11.c_SignFinal (Int64.to_nativeint session_handle) in debug_print_ret "C_SignFinal" ret; {c_signfinal_rv = (Int64.of_nativeint ret) ; c_signfinal_value = (Pkcs11.char_array_to_string signed_) } (*************************************************************************) let c_VerifyInit (session_handle, mechanism, object_handle) = debug_print_call "C_VerifyInit"; let real_mechanism = (ck_mechanism_rpc_aux_to_pkcs11 mechanism) in let ret = CALLP11.c_VerifyInit (Int64.to_nativeint session_handle) real_mechanism (Int64.to_nativeint object_handle) in debug_print_ret "C_VerifyInit" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_Verify (session_handle, data, signed_data ) = debug_print_call "C_Verify"; let real_data = (Pkcs11.string_to_char_array data) in let real_signed_data = (Pkcs11.string_to_char_array signed_data) in let ret = CALLP11.c_Verify (Int64.to_nativeint session_handle) real_data real_signed_data in debug_print_ret "C_Verify" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_VerifyUpdate (session_handle, data) = debug_print_call "C_VerifyUpdate"; let real_data = (Pkcs11.string_to_char_array data) in let ret = CALLP11.c_VerifyUpdate (Int64.to_nativeint session_handle) real_data in debug_print_ret "C_VerifyUpdate" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_VerifyFinal (session_handle, data) = debug_print_call "C_VerifyFinal"; let real_data = (Pkcs11.string_to_char_array data) in let ret = CALLP11.c_VerifyFinal (Int64.to_nativeint session_handle) real_data in debug_print_ret "C_VerifyFinal" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_EncryptInit (session_handle, mechanism, object_handle) = debug_print_call "C_EncryptInit"; let real_mechanism = (ck_mechanism_rpc_aux_to_pkcs11 mechanism) in let ret = CALLP11.c_EncryptInit (Int64.to_nativeint session_handle) real_mechanism (Int64.to_nativeint object_handle) in debug_print_ret "C_EncryptInit" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_Encrypt (session_handle, data ) = debug_print_call "C_Encrypt"; let real_data = (Pkcs11.string_to_char_array data) in let (ret, encrypted_) = CALLP11.c_Encrypt (Int64.to_nativeint session_handle) real_data in debug_print_ret "C_Encrypt" ret; {c_encrypt_rv = (Int64.of_nativeint ret) ; c_encrypt_value = (Pkcs11.char_array_to_string encrypted_) } (*************************************************************************) let c_EncryptUpdate (session_handle, data) = debug_print_call "C_EncryptUpdate"; let real_data = (Pkcs11.string_to_char_array data) in let (ret, encrypted_) = CALLP11.c_EncryptUpdate (Int64.to_nativeint session_handle) real_data in debug_print_ret "C_EncryptUpdate" ret; {c_encryptupdate_rv = (Int64.of_nativeint ret) ; c_encryptupdate_value = (Pkcs11.char_array_to_string encrypted_) } (*************************************************************************) let c_EncryptFinal (session_handle) = debug_print_call "C_EncryptFinal"; let (ret, encrypted_) = CALLP11.c_EncryptFinal (Int64.to_nativeint session_handle) in debug_print_ret "C_EncryptFinal" ret; {c_encryptfinal_rv = (Int64.of_nativeint ret) ; c_encryptfinal_value = (Pkcs11.char_array_to_string encrypted_) } (*************************************************************************) let c_DecryptInit (session_handle, mechanism, object_handle) = debug_print_call "C_DecryptInit"; let real_mechanism = (ck_mechanism_rpc_aux_to_pkcs11 mechanism) in let ret = CALLP11.c_DecryptInit (Int64.to_nativeint session_handle) real_mechanism (Int64.to_nativeint object_handle) in debug_print_ret "C_DecryptInit" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_Decrypt (session_handle, data ) = debug_print_call "C_Decrypt"; let real_data = (Pkcs11.string_to_char_array data) in let (ret, decrypted_) = CALLP11.c_Decrypt (Int64.to_nativeint session_handle) real_data in debug_print_ret "C_Decrypt" ret; {c_decrypt_rv = (Int64.of_nativeint ret) ; c_decrypt_value = (Pkcs11.char_array_to_string decrypted_) } (*************************************************************************) let c_DecryptUpdate (session_handle, data) = debug_print_call "C_DecryptUpdate"; let real_data = (Pkcs11.string_to_char_array data) in let (ret, decrypted_) = CALLP11.c_DecryptUpdate (Int64.to_nativeint session_handle) real_data in debug_print_ret "C_DecryptUpdate" ret; {c_decryptupdate_rv = (Int64.of_nativeint ret) ; c_decryptupdate_value = (Pkcs11.char_array_to_string decrypted_) } (*************************************************************************) let c_DecryptFinal (session_handle) = debug_print_call "C_DecryptFinal"; let (ret, decrypted_) = CALLP11.c_DecryptFinal (Int64.to_nativeint session_handle) in debug_print_ret "C_DecryptFinal" ret; {c_decryptfinal_rv = (Int64.of_nativeint ret) ; c_decryptfinal_value = (Pkcs11.char_array_to_string decrypted_) } (*************************************************************************) let c_SignRecoverInit (session_handle, mechanism, object_handle) = debug_print_call "C_SignRecoverInit"; let real_mechanism = (ck_mechanism_rpc_aux_to_pkcs11 mechanism) in let ret = CALLP11.c_SignRecoverInit (Int64.to_nativeint session_handle) real_mechanism (Int64.to_nativeint object_handle) in debug_print_ret "C_SignRecoverInit" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_SignRecover (session_handle, data ) = debug_print_call "C_SignRecover"; let real_data = (Pkcs11.string_to_char_array data) in let (ret, recover_) = CALLP11.c_SignRecover (Int64.to_nativeint session_handle) real_data in debug_print_ret "C_SignRecover" ret; {c_signrecover_rv = (Int64.of_nativeint ret) ; c_signrecover_value = (Pkcs11.char_array_to_string recover_) } (*************************************************************************) let c_VerifyRecoverInit (session_handle, mechanism, object_handle) = debug_print_call "C_VerifyRecoverInit"; let real_mechanism = (ck_mechanism_rpc_aux_to_pkcs11 mechanism) in let ret = CALLP11.c_VerifyRecoverInit (Int64.to_nativeint session_handle) real_mechanism (Int64.to_nativeint object_handle) in debug_print_ret "C_VerifyRecoverInit" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_VerifyRecover (session_handle, data ) = debug_print_call "C_VerifyRecover"; let real_data = (Pkcs11.string_to_char_array data) in let (ret, recover_) = CALLP11.c_VerifyRecover (Int64.to_nativeint session_handle) real_data in debug_print_ret "C_VerifyRecover" ret; {c_verifyrecover_rv = (Int64.of_nativeint ret) ; c_verifyrecover_value = (Pkcs11.char_array_to_string recover_) } (*************************************************************************) let c_DigestEncryptUpdate (session_handle, data ) = debug_print_call "C_DigestEncryptUpdate"; let real_data = (Pkcs11.string_to_char_array data) in let (ret, recover_) = CALLP11.c_DigestEncryptUpdate (Int64.to_nativeint session_handle) real_data in debug_print_ret "C_DigestEncryptUpdate" ret; {c_digestencryptupdate_rv = (Int64.of_nativeint ret) ; c_digestencryptupdate_value = (Pkcs11.char_array_to_string recover_) } (*************************************************************************) let c_DecryptDigestUpdate (session_handle, data ) = debug_print_call "C_DecryptDigestUpdate"; let real_data = (Pkcs11.string_to_char_array data) in let (ret, recover_) = CALLP11.c_DecryptDigestUpdate (Int64.to_nativeint session_handle) real_data in debug_print_ret "C_DecryptDigestUpdate" ret; {c_decryptdigestupdate_rv = (Int64.of_nativeint ret) ; c_decryptdigestupdate_value = (Pkcs11.char_array_to_string recover_) } (*************************************************************************) let c_SignEncryptUpdate (session_handle, data ) = debug_print_call "C_SignEncryptUpdate"; let real_data = (Pkcs11.string_to_char_array data) in let (ret, recover_) = CALLP11.c_SignEncryptUpdate (Int64.to_nativeint session_handle) real_data in debug_print_ret "C_SignEncryptUpdate" ret; {c_signencryptupdate_rv = (Int64.of_nativeint ret) ; c_signencryptupdate_value = (Pkcs11.char_array_to_string recover_) } (*************************************************************************) let c_DecryptVerifyUpdate (session_handle, data ) = debug_print_call "C_DecryptVerifyUpdate"; let real_data = (Pkcs11.string_to_char_array data) in let (ret, recover_) = CALLP11.c_DecryptVerifyUpdate (Int64.to_nativeint session_handle) real_data in debug_print_ret "C_DecryptVerifyUpdate" ret; {c_decryptverifyupdate_rv = (Int64.of_nativeint ret) ; c_decryptverifyupdate_value = (Pkcs11.char_array_to_string recover_) } (*************************************************************************) let c_GetOperationState (session_handle) = debug_print_call "C_GetOperationState"; let (ret, state_) = CALLP11.c_GetOperationState (Int64.to_nativeint session_handle) in debug_print_ret "C_GetOperationState" ret; {c_getoperationstate_rv = (Int64.of_nativeint ret) ; c_getoperationstate_value = (Pkcs11.char_array_to_string state_) } (*************************************************************************) let c_SetOperationState (session_handle, state, encryption_handle, authentication_handle) = debug_print_call "C_SetOperationState"; let real_state = (Pkcs11.string_to_char_array state) in let ret = CALLP11.c_SetOperationState (Int64.to_nativeint session_handle) real_state (Int64.to_nativeint encryption_handle) (Int64.to_nativeint authentication_handle) in debug_print_ret "C_SetOperationState" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_GetFunctionStatus (session_handle) = debug_print_call "C_GetFunctionStatus"; let ret = CALLP11.c_GetFunctionStatus (Int64.to_nativeint session_handle) in debug_print_ret "C_GetFunctionStatus" ret; (Int64.of_nativeint ret) (*************************************************************************) let c_CancelFunction (session_handle) = debug_print_call "C_CancelFunction"; let ret = CALLP11.c_CancelFunction (Int64.to_nativeint session_handle) in debug_print_ret "C_CancelFunction" ret; (Int64.of_nativeint ret) (*************************************************************************) IFDEF WITHOUT_FILTER THEN let get_module_config_name (modulename) = let regexpression = if compare modulename "" = 0 then Printf.sprintf "\\(^\|.*;\\):\\([^;]*\\);" else Printf.sprintf ".*%s:\\([^;]*\\);" modulename in let matching_group = if compare modulename "" = 0 then 2 else 1 in let b = Str.string_match (Str.regexp regexpression) !libnames_config_ref 0 in if b = false then begin (* Return thet the module has not been found *) let s = Printf.sprintf "C_LoadModule in process %d did not match any libname for '%s'!" (Unix.getpid()) modulename in Netplex_cenv.log `Err s; raise (Failure "Reading configuration"); end else begin let matchedlib = Str.matched_group matching_group !libnames_config_ref in (* Debug *) if !ref_pkcs_debug = 1 then begin let s = Printf.sprintf "C_LoadModule aliased '%s' to '%s' in process %d" modulename matchedlib (Unix.getpid()) in Netplex_cenv.log `Info s; end; (matchedlib) end; ELSE let get_module_config_name (modulename) = (modulename) ENDIF let c_LoadModule (modulename) = debug_print_call "C_LoadModule"; let ret = (try CALLP11.c_LoadModule (Pkcs11.string_to_char_array (get_module_config_name modulename)) (* If we have an exception, there is a problem, return an error *) with _ -> (Pkcs11.cKR_GENERAL_ERROR)) in debug_print_ret "C_LoadModule" ret; (Int64.of_nativeint ret) let setup srv _ = Pkcs11_rpc_srv.P.V.bind ~proc_c_setuparch: c_SetupArch ~proc_c_initialize: c_Initialize ~proc_c_getslotlist: c_GetSlotList ~proc_c_getinfo: c_GetInfo ~proc_c_getslotinfo: c_GetSlotInfo ~proc_c_gettokeninfo: c_GetTokenInfo ~proc_c_finalize: c_Finalize ~proc_c_waitforslotevent: c_WaitForSlotEvent ~proc_c_login: c_Login ~proc_c_logout: c_Logout ~proc_c_opensession: c_OpenSession ~proc_c_closesession: c_CloseSession ~proc_c_getmechanismlist: c_GetMechanismList ~proc_c_closeallsessions: c_CloseAllSessions ~proc_c_getsessioninfo: c_GetSessionInfo ~proc_c_getmechanisminfo: c_GetMechanismInfo ~proc_c_initpin: c_InitPIN ~proc_c_setpin: c_SetPIN ~proc_c_seedrandom: c_SeedRandom ~proc_c_inittoken: c_InitToken ~proc_c_generaterandom: c_GenerateRandom ~proc_c_findobjectsinit: c_FindObjectsInit ~proc_c_findobjects: c_FindObjects ~proc_c_findobjectsfinal: c_FindObjectsFinal ~proc_c_generatekey: c_GenerateKey ~proc_c_generatekeypair: c_GenerateKeyPair ~proc_c_createobject: c_CreateObject ~proc_c_copyobject: c_CopyObject ~proc_c_destroyobject: c_DestroyObject ~proc_c_getattributevalue: c_GetAttributeValue ~proc_c_setattributevalue: c_SetAttributeValue ~proc_c_getobjectsize: c_GetObjectSize ~proc_c_wrapkey: c_WrapKey ~proc_c_unwrapkey: c_UnwrapKey ~proc_c_derivekey: c_DeriveKey ~proc_c_digestinit: c_DigestInit ~proc_c_digest: c_Digest ~proc_c_digestupdate: c_DigestUpdate ~proc_c_digestfinal: c_DigestFinal ~proc_c_digestkey: c_DigestKey ~proc_c_signinit: c_SignInit ~proc_c_sign: c_Sign ~proc_c_signupdate: c_SignUpdate ~proc_c_signfinal: c_SignFinal ~proc_c_verifyinit: c_VerifyInit ~proc_c_verify: c_Verify ~proc_c_verifyupdate: c_VerifyUpdate ~proc_c_verifyfinal: c_VerifyFinal ~proc_c_encryptinit: c_EncryptInit ~proc_c_encrypt: c_Encrypt ~proc_c_encryptupdate: c_EncryptUpdate ~proc_c_encryptfinal: c_EncryptFinal ~proc_c_decryptinit: c_DecryptInit ~proc_c_decrypt: c_Decrypt ~proc_c_decryptupdate: c_DecryptUpdate ~proc_c_decryptfinal: c_DecryptFinal ~proc_c_signrecoverinit: c_SignRecoverInit ~proc_c_signrecover: c_SignRecover ~proc_c_verifyrecoverinit: c_VerifyRecoverInit ~proc_c_verifyrecover: c_VerifyRecover ~proc_c_digestencryptupdate: c_DigestEncryptUpdate ~proc_c_signencryptupdate: c_SignEncryptUpdate ~proc_c_decryptdigestupdate: c_DecryptDigestUpdate ~proc_c_decryptverifyupdate: c_DecryptVerifyUpdate ~proc_c_getoperationstate: c_GetOperationState ~proc_c_setoperationstate: c_SetOperationState ~proc_c_getfunctionstatus: c_GetFunctionStatus ~proc_c_cancelfunction: c_CancelFunction ~proc_c_loadmodule: c_LoadModule srv (* WITHOUT SSL *) IFNDEF WITH_SSL THEN let socket_config _ = Rpc_server.default_socket_config IFDEF WITHOUT_FILTER THEN let configure cf addr = (* Handle filter passthrough for the specific C_LoadModule call *) let filter_config_file = try Some (cf # string_param (cf # resolve_parameter addr "filter_config")) with | Not_found -> (None); in if filter_config_file <> None then begin let s = Printf.sprintf "CONFIGURATION: unused option 'filter_config' found in the server configuration file while the server has been compiled with filter passthrough!" in Netplex_cenv.log `Info s; end; let libnames_config = try cf # string_param (cf # resolve_parameter addr "libnames") with | Not_found -> failwith "Required parameter libnames is missing! (server compiled with filter passthrough mode)!" in libnames_config_ref := libnames_config; ("") ELSE let configure cf addr = (* Warning if this parameter is present! *) let libnames_config = try Some (cf # string_param (cf # resolve_parameter addr "libnames")) with | Not_found -> (None); in if libnames_config <> None then begin let s = Printf.sprintf "CONFIGURATION: unused option 'libnames' found in the server configuration file while the server has been compiled for using the filter module!" in Netplex_cenv.log `Info s; end; (* Handle configuration file for the filter *) let filter_config_file = try cf # string_param (cf # resolve_parameter addr "filter_config") with | Not_found -> failwith "Required parameter filter_config is missing! (this is a path to the filter configuration rules)" in filter_config_file_ref := filter_config_file; ("") ENDIF ENDIF IFNDEF WITHOUT_FILTER THEN (* Loading modules for Netplex levers *) module T = struct type s = string (* argument type. Here, the message string *) type r = bool (* result type. Here, whether the lever was successful *) end module L = Netplex_cenv.Make_lever(T) module LV = Netplex_cenv.Make_var_type(L) IFDEF DAEMONIZE THEN (** Filter hooks that are defined when we use the filter *) let custom_hooks = ( object inherit Netplex_kit.empty_processor_hooks() val mutable server_shutdown_lever = (fun _ -> assert false) method post_add_hook _ ctrl = (* This is run in controller context, right after program startup. Register now the lever function, which starts a helper service. *) let lever = L.register ctrl (fun _ _ -> Netplex_cenv.system_shutdown (); (true)) in (* Remember the created lever until the child forks *) server_shutdown_lever <- lever; (* Call C_Daemonize *) if !ref_daemonize_args = "" then begin let param = (Pkcs11.string_to_char_array "") in let _ = c_Daemonize param in () end else begin let param = (Pkcs11.string_to_char_array !ref_daemonize_args) in let _ = c_Daemonize param in () end method post_start_hook _ = (* Make the lever generally available in the child *) LV.set "server_shutdown_lever" server_shutdown_lever; (* Get the shutdow helper *) let shutdown_lever = LV.get "server_shutdown_lever" in try Filter_configuration.get_config !filter_config_file_ref with Filter_common.Modules_except -> let _ = shutdown_lever "0" in failwith "Filter configuration: modules parsing error!"; | Filter_common.Mechanisms_except -> let _ = shutdown_lever "0" in failwith "Filter configuration: mechanisms parsing error!"; | Filter_common.Labels_except -> let _ = shutdown_lever "0" in failwith "Filter configuration: labels parsing error!"; | Filter_common.Ids_except -> let _ = shutdown_lever "0" in failwith "Filter configuration: ids parsing error!"; | Filter_common.P11_functions_except -> let _ = shutdown_lever "0" in failwith "Filter configuration: PKCS#11 functions parsing error!"; | Filter_common.Enforce_RO_except -> let _ = shutdown_lever "0" in failwith "Filter configuration: RO enforcing option parsing error!"; | Filter_common.Forbid_admin -> let _ = shutdown_lever "0" in failwith "Filter configuration: forbid admin option parsing error!"; | Filter_common.Remove_padding_oracles -> let _ = shutdown_lever "0" in failwith "Filter configuration: remove padding oracles option parsing error!"; | Filter_common.Actions_except -> let _ = shutdown_lever "0" in failwith "Filter configuration: filter actions parsing error!"; | Filter_common.Config_file_none -> let _ = shutdown_lever "0" in failwith "Filter configuration: no configuration file!"; | Filter_common.Config_file_wrong_type -> let _ = shutdown_lever "0" in failwith "Filter configuration: critical exception when parsing the configuration file!"; | _ -> let _ = shutdown_lever "0" in failwith "Filter configuration: unknown critical exception when parsing the configuration file!"; (*method post_finish_hook _ _ _ = Netlog.logf `Info "post_finish_hook in pid %d" (Unix.getpid());*) (* method shutdown () = Netlog.logf `Info "shutdow hook in pid %d" (Unix.getpid()); *) end ) ELSE (** Filter hooks that are defined when we use the filter *) let custom_hooks = ( object(_) inherit Netplex_kit.empty_processor_hooks() val mutable server_shutdown_lever = (fun _ -> assert false) method post_add_hook _ ctrl = (* This is run in controller context, right after program startup. Register now the lever function, which starts a helper service. *) let lever = L.register ctrl (fun _ _ -> Netplex_cenv.system_shutdown (); (true)) in (* Remember the created lever until the child forks *) server_shutdown_lever <- lever method post_start_hook _ = (* Make the lever generally available in the child *) LV.set "server_shutdown_lever" server_shutdown_lever; (* Get the shutdow helper *) let shutdown_lever = LV.get "server_shutdown_lever" in try Filter_configuration.get_config !filter_config_file_ref with Filter_common.Modules_except -> let _ = shutdown_lever "0" in failwith "Filter configuration: modules parsing error!"; | Filter_common.Mechanisms_except -> let _ = shutdown_lever "0" in failwith "Filter configuration: mechanisms parsing error!"; | Filter_common.Labels_except -> let _ = shutdown_lever "0" in failwith "Filter configuration: labels parsing error!"; | Filter_common.Ids_except -> let _ = shutdown_lever "0" in failwith "Filter configuration: ids parsing error!"; | Filter_common.P11_functions_except -> let _ = shutdown_lever "0" in failwith "Filter configuration: PKCS#11 functions parsing error!"; | Filter_common.Enforce_RO_except -> let _ = shutdown_lever "0" in failwith "Filter configuration: RO enforcing option parsing error!"; | Filter_common.Forbid_admin -> let _ = shutdown_lever "0" in failwith "Filter configuration: forbud admin option parsing error!"; | Filter_common.Remove_padding_oracles -> let _ = shutdown_lever "0" in failwith "Filter configuration: remove padding oracles option parsing error!"; | Filter_common.Actions_except -> let _ = shutdown_lever "0" in failwith "Filter configuration: filter actions parsing error!"; | Filter_common.Config_file_none -> let _ = shutdown_lever "0" in failwith "Filter configuration: no configuration file!"; | Filter_common.Config_file_wrong_type -> let _ = shutdown_lever "0" in failwith "Filter configuration: critical exception when parsing the configuration file!"; | _ -> let _ = shutdown_lever "0" in failwith "Filter configuration: unknown critical exception when parsing the configuration file!"; (* method post_finish_hook _ _ _ = Netlog.logf `Info "post_finish_hook in pid %d" (Unix.getpid()); *) (* method shutdown () = Netlog.logf `Info "shutdow hook in pid %d" (Unix.getpid()); *) (* method global_exception_handler _ = Netlog.logf `Info "exception handler hook in pid %d" (Unix.getpid()); (true) *) end ) ENDIF ELSE IFDEF DAEMONIZE THEN let custom_hooks = ( object(self) inherit Netplex_kit.empty_processor_hooks() method post_add_hook _ _ = if !ref_daemonize_args = "" then begin let param = (Pkcs11.string_to_char_array "") in let _ = c_Daemonize param in () end else begin let param = (Pkcs11.string_to_char_array !ref_daemonize_args) in let _ = c_Daemonize param in () end end ) ELSE let custom_hooks = ( object(self) inherit Netplex_kit.empty_processor_hooks() end ) ENDIF ENDIF let rpc_pkcs11_factory = Rpc_netplex.rpc_factory ~configure ~socket_config ~name:"rpc_pkcs11" ~setup ~hooks:(fun _ -> custom_hooks) (* No need for posthooks when there is no filte r*) () let enable_pkcs_debug () = ref_pkcs_debug := 1; () let set_daemonize_args s = ref_daemonize_args := s; () let start() = let (opt_list, cmdline_cfg) = Netplex_main.args() in let opt_list = [ "-debug", Arg.String (fun s -> Netlog.Debug.enable_module s), " Enable debug messages for "; "-debug-all", Arg.Unit (fun () -> Netlog.Debug.enable_all()), " Enable all debug messages"; "-debug-list", Arg.Unit (fun () -> List.iter print_endline (Netlog.Debug.names()); raise (Failure "Options")), " Show possible modules for -debug, then exit"; "-debug-pkcs11", Arg.Unit (fun () -> enable_pkcs_debug()), " Enable PKCS#11 functions debug prints"; "-daemonize-param", Arg.String (fun s -> set_daemonize_args s), " String passed to daemonize code (optional)"; ] @ opt_list in Arg.parse opt_list (fun s -> raise (Arg.Bad ("Don't know what to do with: " ^ s))) "usage: netplex [options]"; let parallelizer = Netplex_mp.mp() in (* multi-processing *) Netplex_main.startup parallelizer Netplex_log.logger_factories (* allow all built-in logging styles *) Netplex_workload.workload_manager_factories (* ... all ways of workload management *) [ rpc_pkcs11_factory ] cmdline_cfg let () = Netsys_signal.init(); start() caml-crush-1.0.12/src/pkcs11proxyd/server_ssl.ml000066400000000000000000000475001414774042300215250ustar00rootroot00000000000000(************************* MIT License HEADER ********************************** Copyright ANSSI (2013) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com] and Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the PKCS#11 daemon 3] source tree: ---------------------- | 3] PKCS#11 RPC server| ---------------------- Project: PKCS#11 Filtering Proxy File: src/pkcs11proxyd/server_ssl.ml ************************** MIT License HEADER *********************************) (* Use aliases if this is an old version (< 4.02) of OCaml without a Bytes module *) IFDEF OCAML_NO_BYTES_MODULE THEN module Bytes = String ENDIF IFDEF WITH_SSL THEN (* Reference those two variables here to avoid circulare dependencies *) let libnames_config_ref = ref "" let filter_config_file_ref = ref "" IFNDEF WITH_SSL_LEGACY THEN Nettls_gnutls.init(); ENDIF ENDIF (* Basic helpers *) IFDEF OCAML_NO_BYTES_MODULE THEN let read_file f = let ic = open_in f in let n = in_channel_length ic in let s = Bytes.create n in really_input ic s 0 n; close_in ic; (s) ENDIF IFNDEF OCAML_NO_BYTES_MODULE THEN let read_file f = let ic = open_in f in let n = in_channel_length ic in let s = really_input_string ic n in close_in ic; (s) ENDIF let write_file f s = let oc = open_out f in Printf.fprintf oc "%s" s; close_out oc; () (**** For OCamlnet >= 4, we do two things: *) (* - (Dirty) Workaround for an issue with default peer_auth verification *) (* - Implement a proper certificate white list verification *) (* Ocamlnet is 4.x *) IFDEF WITH_SSL_LEGACY THEN let write_certificate tmp_file client_cert = Ssl.write_certificate tmp_file client_cert ELSE let write_certificate tmp_file client_cert = write_file tmp_file client_cert ENDIF let check_is_client_certificate_allowed allowed_clients_cert_path client_cert = match allowed_clients_cert_path with None -> true | Some path -> (* Go through all the client certificates in the path *) let check_dir = (try Sys.is_directory path with _ -> false) in if check_dir = true then (* List all files in the directory *) let cert_files = Sys.readdir path in (* Get the client certificate string *) let tmp_file = Filename.temp_file "pkcs11proxy_server" "client_cert" in let _ = write_certificate tmp_file client_cert in (* Read the cert file as a string *) let client_cert_string = read_file tmp_file in let check = ref false in Array.iter ( fun file_name -> let to_compare = (try read_file (path ^ Filename.dir_sep ^ file_name) with _ -> "" ) in if compare to_compare "" = 0 then check := !check || false else if compare to_compare client_cert_string = 0 then check := !check || true else check := !check || false ) cert_files; (!check) else let s = Printf.sprintf "Error: forbidden client certificates folder %s does not exist!" path in Netplex_cenv.log `Err s; (false) IFDEF WITH_SSL THEN IFNDEF WITH_SSL_LEGACY THEN (* Stolen from OCamlnet Nettls *) let create_pem header_tag data = let b64 = Netencoding.Base64.encode ~linelength:64 data in "-----BEGIN " ^ header_tag ^ "-----\n" ^ b64 ^ "-----END " ^ header_tag ^ "-----\n" let allowed_clients_cert_path_ref = ref None let my_cert_check cert = (* Extract the DER string *) match cert with | `X509(der_cert) -> (* We have two cases here: either we have a white list of client certificates, or not *) let x509_cert = new Netx509.x509_certificate_from_DER der_cert in let user = x509_cert # subject # string in (* DER to PEM *) let pem_cert = create_pem "CERTIFICATE" der_cert in let is_client_allowed = check_is_client_certificate_allowed !allowed_clients_cert_path_ref pem_cert in if is_client_allowed = false then let s = Printf.sprintf "Unsupported client certificate for user=%s" user in Netplex_cenv.log `Err s; (false) else let s = Printf.sprintf "user=%s is authenticated and connected" user in Netplex_cenv.log `Info s; (true) | _ -> (false) let verify endpoint p_trust p_hostmatch = let module Endpoint = (val endpoint : Netsys_crypto_types.TLS_ENDPOINT) in let cert = Endpoint.TLS.get_peer_creds Endpoint.endpoint in (* We do not check for the host name since we deal with a client! (this is a dirty 'hack' of the way *) (* OCamlnet TLS module deals with name verification in the client case ... *) (* FIXME: add the '&& p_hostmatch' boolean in the return value when fixed in OCamlnet *) (p_trust && (my_cert_check cert)) ENDIF ENDIF IFDEF WITH_SSL THEN let fetch_ssl_params use_ssl cf addr = IFNDEF WITH_SSL_LEGACY THEN (* First, we extract our client certificate white list if there is one *) let _ = (allowed_clients_cert_path_ref := try Some (cf # string_param (cf # resolve_parameter addr "allowed_clients_cert_path")) with | Not_found -> (None);) in let _ = (if !allowed_clients_cert_path_ref = None then begin let s = Printf.sprintf "CONFIGURATION: you did not set any allowed_clients_cert_path, any client with a proper certificate will be accepted" in Netplex_cenv.log `Info s; end) in (* Note: we override the ~verify parameter here to properly implement a peer_auth "required" and *) (* also implement our certificate white list verification *) let tls_config = Netplex_config.read_tls_config ~verify cf addr (Netsys_crypto.current_tls_opt()) in (use_ssl, tls_config) ELSE match use_ssl with | true -> let cafile = try cf # string_param (cf # resolve_parameter addr "cafile") with | Not_found -> failwith "Required parameter cafile is missing!" in let certfile = try cf # string_param (cf # resolve_parameter addr "certfile") with | Not_found -> failwith "Required parameter certfile is missing!" in let certkey = try cf # string_param (cf # resolve_parameter addr "certkey") with | Not_found -> failwith "Required parameter certkey is missing!" in let cipher_suite = try Some (cf # string_param (cf # resolve_parameter addr "cipher_suite")) with | Not_found -> (None); in (* PFS handling *) let dh_params = try Some (cf # string_param (cf # resolve_parameter addr "dh_params")) with | Not_found -> (None); in let ec_curve_name = try Some (cf # string_param (cf # resolve_parameter addr "ec_curve_name")) with | Not_found -> (None); in if cipher_suite = None then begin let s = Printf.sprintf "CONFIGURATION: you did not set any cipher_suite list, it will use the OpenSSL HIGH suites!" in Netplex_cenv.log `Info s; end; (* Certificate verification depth *) let verify_depth = try Some (cf # int_param (cf # resolve_parameter addr "verify_depth")) with | Not_found -> (None); in (* DHE PFS handling *) if dh_params = None then begin let s = Printf.sprintf "CONFIGURATION: you did not set any dh_params list, PFS DHE suites disabled" in Netplex_cenv.log `Info s; end; (* ECDHE PFS handling *) if ec_curve_name = None then begin let s = Printf.sprintf "CONFIGURATION: you did not set any ec_curve_name list, PFS ECDHE suites disabled" in Netplex_cenv.log `Info s; end; let allowed_clients_cert_path = try Some (cf # string_param (cf # resolve_parameter addr "allowed_clients_cert_path")) with | Not_found -> (None); in if allowed_clients_cert_path = None then begin let s = Printf.sprintf "CONFIGURATION: you did not set any allowed_clients_cert_path, any client with a proper certificate will be accepted" in Netplex_cenv.log `Info s; end else begin let path = (match allowed_clients_cert_path with Some x -> x | _ -> "") in let check_dir = (try Sys.is_directory path with _ -> false) in if check_dir = false then let s = Printf.sprintf "Error: forbidden client certificates folder %s does not exist!" path in failwith s end; (use_ssl, cafile, certfile, certkey, cipher_suite, dh_params, ec_curve_name, verify_depth, allowed_clients_cert_path) | false -> (use_ssl, "", "", "", None, None, None, None, None) ENDIF ENDIF (* WITH SSL *) IFDEF WITH_SSL THEN let configure cf addr = (* Handle filter passthrough for the specific C_LoadModule call *) let filter_config_file = try Some (cf # string_param (cf # resolve_parameter addr "filter_config")) with | Not_found -> (None); in let libnames_config = try Some (cf # string_param (cf # resolve_parameter addr "libnames")) with | Not_found -> (None); in let use_ssl = try cf # bool_param (cf # resolve_parameter addr "use_ssl") with | Not_found -> false in IFDEF WITHOUT_FILTER THEN if filter_config_file <> None then begin let s = Printf.sprintf "CONFIGURATION: unused option 'filter_config' found in the server configuration file while the server has been compiled with filter passthrough!" in Netplex_cenv.log `Info s; end; if libnames_config = None then begin failwith "Required parameter libnames is missing! (server compiled with filter passthrough mode)!"; end; libnames_config_ref := (match libnames_config with None -> "" | Some x -> x); (fetch_ssl_params use_ssl cf addr) ELSE if libnames_config <> None then begin let s = Printf.sprintf "CONFIGURATION: unused option 'libnames' found in the server configuration file while the server has been compiled to use the filter module!" in Netplex_cenv.log `Info s; end; if filter_config_file = None then begin failwith "Required parameter filter_config is missing! (this is a path to the filter configuration rules)"; end; filter_config_file_ref := (match filter_config_file with Some value -> (value) | None -> ""); (fetch_ssl_params use_ssl cf addr) ENDIF ENDIF IFDEF WITH_SSL_LEGACY THEN (* Note: since we check for Ocaml-ssl > 0.4.7, we should *) (* not have issues with unsupported ciphers anymore *) let unsupported_suites = ref [""] (* We do not let OpenSSL fallback to ugly ciphers *) let exclude_bad_ciphers = ref "!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4" (* Check if an element is in a list *) let check_element_in_suites_list the_list element = (* Find the element *) let found = try Some (List.find (fun a -> compare a element = 0) the_list) with (* If not found, return false *) Not_found -> (None) in if found = None then (false) else begin (* Notify the user that the suite he specified is unsupported *) let s = Printf.sprintf "CONFIGURATION: the '%s' SSL cipher suite is currently *not* supported by OCaml OpenSSL bindings => it is *removed* from the cipher suites that will be used!" element in Netplex_cenv.log `Info s; (true) end (* Filter the unsupported suites *) let filter_PFS_ciphers ciphers = (* Split the string with : *) let the_list = Str.split (Str.regexp ":") ciphers in (* For each suite, check if it is unsupported, and don't keep it if this is the case *) let new_list = List.filter (fun a -> check_element_in_suites_list !unsupported_suites a = false) the_list in let new_ciphers = String.concat ":" new_list in (new_ciphers) (* Filter the empty ciphers suite or the one only containing *) (* negative expressions *) let check_negative_only_ciphers ciphers = (* Split the string with : *) let the_list = Str.split (Str.regexp ":") ciphers in let check = List.fold_left (fun boolean element -> if compare (Str.string_match (Str.regexp "!") element 0) false = 0 then false else boolean) true the_list in (check) let check_empty_negative_only_suites ciphers = if compare ciphers "" = 0 then begin (* Empty ciphers suite case *) let ciphers = String.concat ":" ["HIGH"; ciphers] in let s = Printf.sprintf "CONFIGURATION: the cipher_suite list is empty => we will use the OpenSSL HIGH suites!" in Netplex_cenv.log `Info s; (ciphers) end else begin (* Check for the presence of negative only expressions *) let check_neg = check_negative_only_ciphers ciphers in if compare check_neg true = 0 then begin let ciphers = String.concat ":" ["HIGH"; ciphers] in let s = Printf.sprintf "CONFIGURATION: the cipher_suite list only contains negative expressions => we will append the OpenSSL HIGH suites!" in Netplex_cenv.log `Info s; (ciphers) end else (* If there was no problem, just return the input ciphers *) (ciphers) end let my_socket_config use_ssl cafile certfile certkey cipher_suite dh_params ec_curve_name verify_depth allowed_clients_cert_path = match use_ssl with | true -> flush stdout; Ssl.init(); let ctx = Ssl.create_context Ssl.TLSv1_2 Ssl.Server_context in Ssl.set_verify ctx [ Ssl.Verify_peer; Ssl.Verify_fail_if_no_peer_cert ] None; (* Setup given cipher_suite *) begin match cipher_suite with None -> (let new_cipher = String.concat ":" ["HIGH"; !exclude_bad_ciphers] in try Ssl.set_cipher_list ctx new_cipher with _ -> let s = Printf.sprintf "Unsupported cipher suite when configuring OpenSSL" in failwith s) | Some ciphers -> ( let new_ciphers = filter_PFS_ciphers ciphers in let new_ciphers = check_empty_negative_only_suites new_ciphers in let new_cipher = String.concat ":" [new_ciphers; !exclude_bad_ciphers] in try Ssl.set_cipher_list ctx new_cipher with _ -> let s = Printf.sprintf "Unsupported cipher list %s" ciphers in failwith s) end; Ssl.set_client_CA_list_from_file ctx cafile; begin match verify_depth with None -> Ssl.set_verify_depth ctx 4; | Some params -> Ssl.set_verify_depth ctx params; end; Ssl.load_verify_locations ctx cafile "" ; Ssl.use_certificate ctx certfile certkey; begin match dh_params with None -> () | Some params -> try Ssl.init_dh_from_file ctx params with _ -> let s = Printf.sprintf "Could not set DH params from file %s" params in failwith s end; begin match ec_curve_name with None -> () | Some params -> try Ssl.init_ec_from_named_curve ctx params with _ -> let s = Printf.sprintf "Could not set EC curve name %s" params in failwith s end; Rpc_ssl.ssl_server_socket_config ~get_peer_user_name:(fun _ sslsock -> let cert = Ssl.get_certificate sslsock in let user = Ssl.get_subject cert in (* Check peer client certificate *) let is_client_allowed = check_is_client_certificate_allowed allowed_clients_cert_path cert in if is_client_allowed = false then let s = Printf.sprintf "Unsupported client certificate for user=%s" user in (* Close the socket and quit *) let _ = Ssl.shutdown sslsock in failwith s else let s = Printf.sprintf "user=%s is authenticated and connected" user in Netplex_cenv.log `Info s; Some user) ctx | false -> Rpc_server.default_socket_config ENDIF IFDEF WITH_SSL THEN IFDEF WITH_SSL_LEGACY THEN let socket_config (use_ssl, cafile, certfile, certkey, cipher_suite, dh_params, ec_curve_name, verify_depth, allowed_clients_cert_path) = my_socket_config use_ssl cafile certfile certkey cipher_suite dh_params ec_curve_name verify_depth allowed_clients_cert_path ELSE let socket_config (use_ssl, tls_config) = match use_ssl with | false -> Rpc_server.default_socket_config | true -> (match tls_config with None -> failwith "Failed to read tls configuration" |Some config -> Rpc_server.tls_socket_config config) ENDIF ENDIF caml-crush-1.0.12/src/rpc-pkcs11/000077500000000000000000000000001414774042300163125ustar00rootroot00000000000000caml-crush-1.0.12/src/rpc-pkcs11/Makefile.in000066400000000000000000000040061414774042300203570ustar00rootroot00000000000000filter_filter_dir = @top_srcdir@/src/filter/filter filter_backend_dir = @top_srcdir@/src/filter/backend filter_frontend_dir = @top_srcdir@/src/filter/frontend caml_link_dirs = -cclib -lcamlidl -cclib -L$(bindings_dir) bindings_dir = ../bindings-pkcs11 mem_prot_opt_caml=-ccopt -fPIC -ccopt -fPIE -ccopt -Wl,-z,relro,-z,now -ccopt -fstack-protector all: @caml_rpc_gen@ #Compile RPC files ocamlfind ocamlopt @ocaml_options@ -package "rpc" -o pkcs11_rpc_aux -c @srcdir@/pkcs11_rpc_aux.mli ocamlfind ocamlopt @ocaml_options@ -package "rpc" -o pkcs11_rpc_aux -c @srcdir@/pkcs11_rpc_aux.ml ocamlfind ocamlopt @ocaml_options@ -package "rpc" -o pkcs11_rpc_clnt -c @srcdir@/pkcs11_rpc_clnt.mli ocamlfind ocamlopt @ocaml_options@ -package "rpc" -o pkcs11_rpc_clnt -c @srcdir@/pkcs11_rpc_clnt.ml ocamlfind ocamlopt @ocaml_options@ -package "rpc" -o pkcs11_rpc_srv -c @srcdir@/pkcs11_rpc_srv.mli ocamlfind ocamlopt @ocaml_options@ -package "rpc" -o pkcs11_rpc_srv -c @srcdir@/pkcs11_rpc_srv.ml #Build RPC helpers ocamlopt @ocaml_options@ -I $(bindings_dir) -o rpc_helpers -c @srcdir@/rpc_helpers.ml #Build a library from RPC files ocamlopt @ocaml_options@ -o pkcs11_rpclib.cmxa -a pkcs11_rpc_aux.cmx pkcs11_rpc_clnt.cmx pkcs11_rpc_srv.cmx rpc_helpers.cmx rpc: #Ocaml RPC Generation ocamlrpcgen -aux -int unboxed -hyper int64 @srcdir@/pkcs11_rpc.x ocamlrpcgen -clnt -int unboxed -hyper int64 @srcdir@/pkcs11_rpc.x ocamlrpcgen -srv2 -int unboxed -hyper int64 @srcdir@/pkcs11_rpc.x #test: # #Compile Test file # ocamlopt $(include_dirs) -c test_pkcs11.ml # ocamlfind ocamlopt -package "rpc" -linkpkg $(bindings_dir)/pkcs11.cmxa pkcs11_rpclib.cmxa client.cmx test_pkcs11.cmx $(caml_link_dirs) -o test_pkcs11_rpc clean_rpc: # Rmove old RPC generated files @rm -f @caml_rpc_clean@ clean: @rm -f @srcdir@/*.cmi @srcdir@/*.cmo @srcdir@/*.cma @srcdir@/*.cmx @srcdir@/*.o @srcdir@/*.a @srcdir@/*.cmxa @srcdir@/dll* @srcdir@/packlist-* @srcdir@/ocamldoc.dump @srcdir@/META @srcdir@/*.astamp @srcdir@/*.cstamp @srcdir@/*.s2stamp @srcdir@/test_pkcs11_rpc caml-crush-1.0.12/src/rpc-pkcs11/pkcs11_rpc.x000066400000000000000000000422471414774042300204620ustar00rootroot00000000000000/*------------------------ MIT License HEADER ------------------------------------ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the RPC 2] source tree: -------- socket (TCP or Unix) -------------------- |2] RPC |<+++++++++++++++++++> | | | Layer | [SSL/TLS optional] | -------- | -------- | |2] RPC | | | | Layer | | | -------- | -------------------- Project: PKCS#11 Filtering Proxy File: src/rpc-pkcs11/pkcs11_rpc.x -------------------------- MIT License HEADER ----------------------------------*/ #ifdef RPC_HDR %#ifdef WIN32 %#include %#define quad_t int64_t %#endif %extern CLIENT *cl; #endif typedef hyper pkcs11_int; typedef pkcs11_int rpc_ck_rv_t; typedef pkcs11_int rpc_ck_slot_id_t; typedef pkcs11_int rpc_ck_mechanism_type_t; typedef pkcs11_int rpc_ck_session_handle_t; typedef pkcs11_int rpc_ck_user_type_t; typedef pkcs11_int rpc_ck_state_t; typedef pkcs11_int rpc_ck_object_handle_t; typedef pkcs11_int rpc_ck_object_class_t; typedef pkcs11_int rpc_ck_hw_feature_type_t; typedef pkcs11_int rpc_ck_key_type_t; typedef pkcs11_int rpc_ck_certificate_type_t; typedef pkcs11_int rpc_ck_attribute_type_t; typedef pkcs11_int rpc_ck_flags_t; typedef pkcs11_int rpc_ck_notification_t; typedef opaque opaque_data <>; struct rpc_ck_version { opaque major < 1 >; opaque minor < 1 >; }; struct rpc_ck_info { rpc_ck_version rpc_ck_info_cryptoki_version; opaque rpc_ck_info_manufacturer_id < 32 >; rpc_ck_flags_t rpc_ck_info_flags; opaque rpc_ck_info_library_description < 32 >; rpc_ck_version rpc_ck_info_library_version; }; struct rpc_ck_slot_info { opaque rpc_ck_slot_info_slot_description <>; opaque rpc_ck_slot_info_manufacturer_id <>; rpc_ck_flags_t rpc_ck_slot_info_flags; rpc_ck_version rpc_ck_slot_info_hardware_version; rpc_ck_version rpc_ck_slot_info_firmware_version; }; struct rpc_ck_token_info { opaque rpc_ck_token_info_label < 32 >; opaque rpc_ck_token_info_manufacturer_id < 32 >; opaque rpc_ck_token_info_model < 16 >; opaque rpc_ck_token_info_serial_number < 16 >; rpc_ck_flags_t rpc_ck_token_info_flags; pkcs11_int rpc_ck_token_info_max_session_count; pkcs11_int rpc_ck_token_info_session_count; pkcs11_int rpc_ck_token_info_max_rw_session_count; pkcs11_int rpc_ck_token_info_rw_session_count; pkcs11_int rpc_ck_token_info_max_pin_len; pkcs11_int rpc_ck_token_info_min_pin_len; pkcs11_int rpc_ck_token_info_total_public_memory; pkcs11_int rpc_ck_token_info_free_public_memory; pkcs11_int rpc_ck_token_info_total_private_memory; pkcs11_int rpc_ck_token_info_free_private_memory; rpc_ck_version rpc_ck_token_info_hardware_version; rpc_ck_version rpc_ck_token_info_firmware_version; opaque rpc_ck_token_info_utc_time < 16 >; }; struct rpc_ck_mechanism { rpc_ck_mechanism_type_t rpc_ck_mechanism_mechanism; opaque rpc_ck_mechanism_parameter <>; }; struct rpc_ck_session_info { rpc_ck_slot_id_t rpc_ck_session_info_slot_id; rpc_ck_state_t rpc_ck_session_info_state; rpc_ck_flags_t rpc_ck_session_info_flags; pkcs11_int rpc_ck_session_info_device_error; }; struct rpc_ck_mechanism_info { pkcs11_int rpc_ck_mechanism_info_min_key_size; pkcs11_int rpc_ck_mechanism_info_max_key_size; rpc_ck_flags_t rpc_ck_mechanism_info_flags; }; struct rpc_ck_attribute { rpc_ck_attribute_type_t rpc_ck_attribute_type; opaque rpc_ck_attribute_value <>; pkcs11_int rpc_ck_attribute_value_len; }; typedef rpc_ck_attribute rpc_ck_attribute_array <>; struct rpc_ck_date { opaque rpc_ck_date_year < 4 >; opaque rpc_ck_date_month < 2 >; opaque rpc_ck_date_day < 2 >; }; struct ck_rv_c_GetSlotList { rpc_ck_rv_t c_GetSlotList_rv; rpc_ck_slot_id_t c_GetSlotList_slot_list <>; pkcs11_int c_GetSlotList_count; }; struct ck_rv_c_GetSlotInfo { rpc_ck_rv_t c_GetSlotInfo_rv; rpc_ck_slot_info c_GetSlotInfo_slot_info; }; struct ck_rv_c_GetTokenInfo { rpc_ck_rv_t c_GetTokenInfo_rv; rpc_ck_token_info c_GetTokenInfo_token_info; }; struct ck_rv_c_GetInfo { rpc_ck_rv_t c_GetInfo_rv; rpc_ck_info c_GetInfo_info; }; struct ck_rv_c_WaitForSlotEvent { rpc_ck_rv_t c_WaitForSlotEvent_rv; rpc_ck_slot_id_t c_WaitForSlotEvent_count; }; struct ck_rv_c_OpenSession { rpc_ck_rv_t c_OpenSession_rv; rpc_ck_session_handle_t c_OpenSession_handle; }; struct ck_rv_c_GetMechanismList { rpc_ck_rv_t c_GetMechanismList_rv; rpc_ck_mechanism_type_t c_GetMechanismList_list <>; pkcs11_int c_GetMechanismList_count; }; struct ck_rv_c_GetSessionInfo { rpc_ck_rv_t c_GetSessionInfo_rv; rpc_ck_session_info c_GetSessionInfo_info; }; struct ck_rv_c_GetMechanismInfo { rpc_ck_rv_t c_GetMechanismInfo_rv; rpc_ck_mechanism_info c_GetMechanismInfo_info; }; struct ck_rv_c_GenerateRandom { rpc_ck_rv_t c_GenerateRandom_rv; opaque c_GenerateRandom_data <>; }; struct ck_rv_c_FindObjects { rpc_ck_rv_t c_FindObjects_rv; rpc_ck_object_handle_t c_FindObjects_objects <>; pkcs11_int c_FindObjects_count; }; struct ck_rv_c_GenerateKey { rpc_ck_rv_t c_GenerateKey_rv; rpc_ck_object_handle_t c_GenerateKey_handle; }; struct ck_rv_c_GenerateKeyPair { rpc_ck_rv_t c_GenerateKeyPair_rv; rpc_ck_object_handle_t c_GenerateKeyPair_pubhandle; rpc_ck_object_handle_t c_GenerateKeyPair_privhandle; }; struct ck_rv_c_CreateObject { rpc_ck_rv_t c_CreateObject_rv; rpc_ck_object_handle_t c_CreateObject_handle; }; struct ck_rv_c_CopyObject { rpc_ck_rv_t c_CopyObject_rv; rpc_ck_object_handle_t c_CopyObject_handle; }; struct ck_rv_c_GetAttributeValue { rpc_ck_rv_t c_GetAttributeValue_rv; rpc_ck_attribute_array c_GetAttributeValue_value; }; struct ck_rv_c_GetObjectSize { rpc_ck_rv_t c_GetObjectSize_rv; pkcs11_int c_GetObjectSize_size; }; struct ck_rv_c_WrapKey { rpc_ck_rv_t c_WrapKey_rv; opaque c_WrapKey_value <>; }; struct ck_rv_c_UnwrapKey { rpc_ck_rv_t c_UnwrapKey_rv; rpc_ck_object_handle_t c_UnwrapKey_handle; }; struct ck_rv_c_DeriveKey { rpc_ck_rv_t c_DeriveKey_rv; rpc_ck_object_handle_t c_DeriveKey_handle; }; struct ck_rv_c_Digest { rpc_ck_rv_t c_Digest_rv; opaque c_Digest_value <>; }; struct ck_rv_c_DigestFinal { rpc_ck_rv_t c_DigestFinal_rv; opaque c_DigestFinal_value <>; }; struct ck_rv_c_Sign { rpc_ck_rv_t c_Sign_rv; opaque c_Sign_value <>; }; struct ck_rv_c_SignFinal { rpc_ck_rv_t c_SignFinal_rv; opaque c_SignFinal_value <>; }; struct ck_rv_c_Encrypt { rpc_ck_rv_t c_Encrypt_rv; opaque c_Encrypt_value <>; }; struct ck_rv_c_EncryptUpdate { rpc_ck_rv_t c_EncryptUpdate_rv; opaque c_EncryptUpdate_value <>; }; struct ck_rv_c_EncryptFinal { rpc_ck_rv_t c_EncryptFinal_rv; opaque c_EncryptFinal_value <>; }; struct ck_rv_c_Decrypt { rpc_ck_rv_t c_Decrypt_rv; opaque c_Decrypt_value <>; }; struct ck_rv_c_DecryptUpdate { rpc_ck_rv_t c_DecryptUpdate_rv; opaque c_DecryptUpdate_value <>; }; struct ck_rv_c_DecryptFinal { rpc_ck_rv_t c_DecryptFinal_rv; opaque c_DecryptFinal_value <>; }; struct ck_rv_c_SignRecover { rpc_ck_rv_t c_SignRecover_rv; opaque c_SignRecover_value <>; }; struct ck_rv_c_VerifyRecover { rpc_ck_rv_t c_VerifyRecover_rv; opaque c_VerifyRecover_value <>; }; struct ck_rv_c_DigestEncryptUpdate { rpc_ck_rv_t c_DigestEncryptUpdate_rv; opaque c_DigestEncryptUpdate_value <>; }; struct ck_rv_c_DecryptDigestUpdate { rpc_ck_rv_t c_DecryptDigestUpdate_rv; opaque c_DecryptDigestUpdate_value <>; }; struct ck_rv_c_SignEncryptUpdate { rpc_ck_rv_t c_SignEncryptUpdate_rv; opaque c_SignEncryptUpdate_value <>; }; struct ck_rv_c_DecryptVerifyUpdate { rpc_ck_rv_t c_DecryptVerifyUpdate_rv; opaque c_DecryptVerifyUpdate_value <>; }; struct ck_rv_c_GetOperationState { rpc_ck_rv_t c_GetOperationState_rv; opaque c_GetOperationState_value <>; }; program P { version V { rpc_ck_rv_t c_SetupArch(pkcs11_int) = 2; rpc_ck_rv_t c_Initialize(void) = 3; ck_rv_c_GetSlotList c_GetSlotList(pkcs11_int, pkcs11_int) = 4; ck_rv_c_GetInfo c_GetInfo(void) = 5; ck_rv_c_WaitForSlotEvent c_WaitForSlotEvent(rpc_ck_flags_t) = 6; ck_rv_c_GetSlotInfo c_GetSlotInfo(rpc_ck_slot_id_t) = 7; ck_rv_c_GetTokenInfo c_GetTokenInfo(rpc_ck_slot_id_t) = 8; rpc_ck_rv_t c_Login(rpc_ck_session_handle_t, rpc_ck_user_type_t, opaque_data) = 9; rpc_ck_rv_t c_Logout(rpc_ck_session_handle_t) = 10; ck_rv_c_OpenSession c_OpenSession(rpc_ck_slot_id_t, rpc_ck_flags_t) = 11; rpc_ck_rv_t c_CloseSession(rpc_ck_session_handle_t) = 12; rpc_ck_rv_t c_Finalize(void) = 13; ck_rv_c_GetMechanismList c_GetMechanismList(rpc_ck_slot_id_t, pkcs11_int) = 14; rpc_ck_rv_t c_CloseAllSessions(rpc_ck_slot_id_t) = 15; ck_rv_c_GetSessionInfo c_GetSessionInfo(rpc_ck_session_handle_t) = 16; ck_rv_c_GetMechanismInfo c_GetMechanismInfo(rpc_ck_slot_id_t, rpc_ck_mechanism_type_t) = 17; rpc_ck_rv_t c_InitPIN(rpc_ck_session_handle_t, opaque_data) = 18; rpc_ck_rv_t c_SetPIN(rpc_ck_session_handle_t, opaque_data, opaque_data) = 19; rpc_ck_rv_t c_SeedRandom(rpc_ck_session_handle_t, opaque_data) = 20; rpc_ck_rv_t c_InitToken(rpc_ck_slot_id_t, opaque_data, opaque_data) = 21; ck_rv_c_GenerateRandom c_GenerateRandom(rpc_ck_session_handle_t, pkcs11_int) = 22; rpc_ck_rv_t c_FindObjectsInit(rpc_ck_session_handle_t, rpc_ck_attribute_array) = 23; ck_rv_c_FindObjects c_FindObjects(rpc_ck_session_handle_t, pkcs11_int) = 24; rpc_ck_rv_t c_FindObjectsFinal(rpc_ck_session_handle_t) = 25; ck_rv_c_GenerateKey c_GenerateKey(rpc_ck_session_handle_t, rpc_ck_mechanism, rpc_ck_attribute_array) = 26; ck_rv_c_GenerateKeyPair c_GenerateKeyPair(rpc_ck_session_handle_t, rpc_ck_mechanism, rpc_ck_attribute_array, rpc_ck_attribute_array) = 27; ck_rv_c_CreateObject c_CreateObject(rpc_ck_session_handle_t, rpc_ck_attribute_array) = 28; ck_rv_c_CopyObject c_CopyObject(rpc_ck_session_handle_t, rpc_ck_object_handle_t, rpc_ck_attribute_array) = 29; rpc_ck_rv_t c_DestroyObject(rpc_ck_session_handle_t, rpc_ck_object_handle_t) = 30; ck_rv_c_GetAttributeValue c_GetAttributeValue(rpc_ck_session_handle_t, rpc_ck_object_handle_t, rpc_ck_attribute_array) = 31; rpc_ck_rv_t c_SetAttributeValue(rpc_ck_session_handle_t, rpc_ck_object_handle_t, rpc_ck_attribute_array) = 32; ck_rv_c_GetObjectSize c_GetObjectSize(rpc_ck_session_handle_t, rpc_ck_object_handle_t) = 33; ck_rv_c_WrapKey c_WrapKey(rpc_ck_session_handle_t, rpc_ck_mechanism, rpc_ck_object_handle_t, rpc_ck_object_handle_t) = 34; ck_rv_c_UnwrapKey c_UnwrapKey(rpc_ck_session_handle_t, rpc_ck_mechanism, rpc_ck_object_handle_t, opaque_data, rpc_ck_attribute_array) = 35; ck_rv_c_DeriveKey c_DeriveKey(rpc_ck_session_handle_t, rpc_ck_mechanism, rpc_ck_object_handle_t, rpc_ck_attribute_array) = 36; rpc_ck_rv_t c_DigestInit(rpc_ck_session_handle_t, rpc_ck_mechanism) = 37; ck_rv_c_Digest c_Digest(rpc_ck_session_handle_t, opaque_data) = 38; rpc_ck_rv_t c_DigestUpdate(rpc_ck_session_handle_t, opaque_data) = 39; ck_rv_c_DigestFinal c_DigestFinal(rpc_ck_session_handle_t) = 40; rpc_ck_rv_t c_DigestKey(rpc_ck_session_handle_t, rpc_ck_object_handle_t) = 41; rpc_ck_rv_t c_SignInit(rpc_ck_session_handle_t, rpc_ck_mechanism, rpc_ck_object_handle_t) = 42; ck_rv_c_Sign c_Sign(rpc_ck_session_handle_t, opaque_data) = 43; rpc_ck_rv_t c_SignUpdate(rpc_ck_session_handle_t, opaque_data) = 44; ck_rv_c_SignFinal c_SignFinal(rpc_ck_session_handle_t) = 45; rpc_ck_rv_t c_VerifyInit(rpc_ck_session_handle_t, rpc_ck_mechanism, rpc_ck_object_handle_t) = 46; rpc_ck_rv_t c_Verify(rpc_ck_session_handle_t, opaque_data, opaque_data) = 47; rpc_ck_rv_t c_VerifyUpdate(rpc_ck_session_handle_t, opaque_data) = 48; rpc_ck_rv_t c_VerifyFinal(rpc_ck_session_handle_t, opaque_data) = 49; rpc_ck_rv_t c_EncryptInit(rpc_ck_session_handle_t, rpc_ck_mechanism, rpc_ck_object_handle_t) = 50; ck_rv_c_Encrypt c_Encrypt(rpc_ck_session_handle_t, opaque_data) = 51; ck_rv_c_EncryptUpdate c_EncryptUpdate(rpc_ck_session_handle_t, opaque_data) = 52; ck_rv_c_EncryptFinal c_EncryptFinal(rpc_ck_session_handle_t) = 53; rpc_ck_rv_t c_DecryptInit(rpc_ck_session_handle_t, rpc_ck_mechanism, rpc_ck_object_handle_t) = 54; ck_rv_c_Decrypt c_Decrypt(rpc_ck_session_handle_t, opaque_data) = 55; ck_rv_c_DecryptUpdate c_DecryptUpdate(rpc_ck_session_handle_t, opaque_data) = 56; ck_rv_c_DecryptFinal c_DecryptFinal(rpc_ck_session_handle_t) = 57; rpc_ck_rv_t c_SignRecoverInit(rpc_ck_session_handle_t, rpc_ck_mechanism, rpc_ck_object_handle_t) = 58; ck_rv_c_SignRecover c_SignRecover(rpc_ck_session_handle_t, opaque_data) = 59; rpc_ck_rv_t c_VerifyRecoverInit(rpc_ck_session_handle_t, rpc_ck_mechanism, rpc_ck_object_handle_t) = 60; ck_rv_c_VerifyRecover c_VerifyRecover(rpc_ck_session_handle_t, opaque_data) = 61; ck_rv_c_DigestEncryptUpdate c_DigestEncryptUpdate(rpc_ck_session_handle_t, opaque_data) = 62; ck_rv_c_SignEncryptUpdate c_SignEncryptUpdate(rpc_ck_session_handle_t, opaque_data) = 63; ck_rv_c_DecryptDigestUpdate c_DecryptDigestUpdate(rpc_ck_session_handle_t, opaque_data) = 64; ck_rv_c_DecryptVerifyUpdate c_DecryptVerifyUpdate(rpc_ck_session_handle_t, opaque_data) = 65; ck_rv_c_GetOperationState c_GetOperationState(rpc_ck_session_handle_t) = 66; rpc_ck_rv_t c_SetOperationState(rpc_ck_session_handle_t, opaque_data, rpc_ck_object_handle_t, rpc_ck_object_handle_t) = 67; rpc_ck_rv_t c_GetFunctionStatus(rpc_ck_session_handle_t) = 68; rpc_ck_rv_t c_CancelFunction(rpc_ck_session_handle_t) = 69; rpc_ck_rv_t c_LoadModule(opaque_data) = 70; } = 3; } = 4; caml-crush-1.0.12/src/rpc-pkcs11/rpc_helpers.ml000066400000000000000000000366711414774042300211670ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the RPC 2] source tree: -------- socket (TCP or Unix) -------------------- |2] RPC |<+++++++++++++++++++> | | | Layer | [SSL/TLS optional] | -------- | -------- | |2] RPC | | | | Layer | | | -------- | -------------------- Project: PKCS#11 Filtering Proxy File: src/rpc-pkcs11/rpc_helpers.ml ************************** MIT License HEADER ***********************************) open Pkcs11_rpc_aux open Pkcs11 (* Manual conversion functions *) let ck_version_pkcs11_to_rpc_aux input = let output = { Pkcs11_rpc_aux.major = Pkcs11.char_array_to_string (Array.make 1 input.major); Pkcs11_rpc_aux.minor = Pkcs11.char_array_to_string (Array.make 1 input.minor) } in (output) let ck_info_pkcs11_to_rpc_aux input = let output = { Pkcs11_rpc_aux.rpc_ck_info_cryptoki_version = (ck_version_pkcs11_to_rpc_aux input.ck_info_cryptoki_version); Pkcs11_rpc_aux.rpc_ck_info_manufacturer_id = (Pkcs11.char_array_to_string input.ck_info_manufacturer_id); Pkcs11_rpc_aux.rpc_ck_info_flags = Int64.of_nativeint input.ck_info_flags; Pkcs11_rpc_aux.rpc_ck_info_library_description = (Pkcs11.char_array_to_string input.ck_info_library_description); Pkcs11_rpc_aux.rpc_ck_info_library_version = (ck_version_pkcs11_to_rpc_aux input.ck_info_library_version) } in (output) let ck_slot_info_pkcs11_to_rpc_aux input = let output = { Pkcs11_rpc_aux.rpc_ck_slot_info_slot_description = (Pkcs11.char_array_to_string input.ck_slot_info_slot_description); Pkcs11_rpc_aux.rpc_ck_slot_info_manufacturer_id = (Pkcs11.char_array_to_string input.ck_slot_info_manufacturer_id); Pkcs11_rpc_aux.rpc_ck_slot_info_flags = Int64.of_nativeint input.ck_slot_info_flags; Pkcs11_rpc_aux.rpc_ck_slot_info_hardware_version = (ck_version_pkcs11_to_rpc_aux input.ck_slot_info_hardware_version); Pkcs11_rpc_aux.rpc_ck_slot_info_firmware_version = (ck_version_pkcs11_to_rpc_aux input.ck_slot_info_firmware_version); } in (output) let ck_token_info_pkcs11_to_rpc_aux input = let output = { Pkcs11_rpc_aux.rpc_ck_token_info_label = (Pkcs11.char_array_to_string input.ck_token_info_label); Pkcs11_rpc_aux.rpc_ck_token_info_manufacturer_id = (Pkcs11.char_array_to_string input.ck_token_info_manufacturer_id); Pkcs11_rpc_aux.rpc_ck_token_info_model = (Pkcs11.char_array_to_string input.ck_token_info_model); Pkcs11_rpc_aux.rpc_ck_token_info_serial_number = (Pkcs11.char_array_to_string input.ck_token_info_serial_number); Pkcs11_rpc_aux.rpc_ck_token_info_flags = Int64.of_nativeint input.ck_token_info_flags; Pkcs11_rpc_aux.rpc_ck_token_info_max_session_count = Int64.of_nativeint input.ck_token_info_max_session_count; Pkcs11_rpc_aux.rpc_ck_token_info_session_count = Int64.of_nativeint input.ck_token_info_session_count; Pkcs11_rpc_aux.rpc_ck_token_info_max_rw_session_count = Int64.of_nativeint input.ck_token_info_max_rw_session_count; Pkcs11_rpc_aux.rpc_ck_token_info_rw_session_count = Int64.of_nativeint input.ck_token_info_rw_session_count; Pkcs11_rpc_aux.rpc_ck_token_info_max_pin_len = Int64.of_nativeint input.ck_token_info_max_pin_len; Pkcs11_rpc_aux.rpc_ck_token_info_min_pin_len = Int64.of_nativeint input.ck_token_info_min_pin_len; Pkcs11_rpc_aux.rpc_ck_token_info_total_public_memory = Int64.of_nativeint input.ck_token_info_total_public_memory; Pkcs11_rpc_aux.rpc_ck_token_info_free_public_memory = Int64.of_nativeint input.ck_token_info_free_public_memory; Pkcs11_rpc_aux.rpc_ck_token_info_total_private_memory = Int64.of_nativeint input.ck_token_info_total_private_memory; Pkcs11_rpc_aux.rpc_ck_token_info_free_private_memory = Int64.of_nativeint input.ck_token_info_free_private_memory; Pkcs11_rpc_aux.rpc_ck_token_info_hardware_version = (ck_version_pkcs11_to_rpc_aux input.ck_token_info_hardware_version); Pkcs11_rpc_aux.rpc_ck_token_info_firmware_version = (ck_version_pkcs11_to_rpc_aux input.ck_token_info_firmware_version); Pkcs11_rpc_aux.rpc_ck_token_info_utc_time = (Pkcs11.char_array_to_string input.ck_token_info_utc_time) } in (output) let ck_attribute_pkcs11_to_rpc_aux input = let output = { Pkcs11_rpc_aux.rpc_ck_attribute_type = Int64.of_nativeint input.type_; Pkcs11_rpc_aux.rpc_ck_attribute_value = (Pkcs11.char_array_to_string input.value); Pkcs11_rpc_aux.rpc_ck_attribute_value_len = Int64.of_int (Array.length input.value) } in (output) let ck_date_pkcs11_to_rpc_aux input = let output = { Pkcs11_rpc_aux.rpc_ck_date_year = (Pkcs11.char_array_to_string input.year); Pkcs11_rpc_aux.rpc_ck_date_month = (Pkcs11.char_array_to_string input.month); Pkcs11_rpc_aux.rpc_ck_date_day = (Pkcs11.char_array_to_string input.day) } in (output) let ck_mechanism_pkcs11_to_rpc_aux input = let output = { Pkcs11_rpc_aux.rpc_ck_mechanism_mechanism = Int64.of_nativeint input.mechanism; Pkcs11_rpc_aux.rpc_ck_mechanism_parameter = (Pkcs11.char_array_to_string input.parameter); } in (output) let ck_session_info_pkcs11_to_rpc_aux input = let output = { Pkcs11_rpc_aux.rpc_ck_session_info_slot_id = Int64.of_nativeint input.ck_session_info_slot_id; Pkcs11_rpc_aux.rpc_ck_session_info_state = Int64.of_nativeint input.ck_session_info_state; Pkcs11_rpc_aux.rpc_ck_session_info_flags = Int64.of_nativeint input.ck_session_info_flags; Pkcs11_rpc_aux.rpc_ck_session_info_device_error = Int64.of_nativeint input.ck_session_info_device_error } in (output) let ck_mechanism_info_pkcs11_to_rpc_aux input = let output = { Pkcs11_rpc_aux.rpc_ck_mechanism_info_min_key_size = Int64.of_nativeint input.ck_mechanism_info_min_key_size; Pkcs11_rpc_aux.rpc_ck_mechanism_info_max_key_size = Int64.of_nativeint input.ck_mechanism_info_max_key_size; Pkcs11_rpc_aux.rpc_ck_mechanism_info_flags = Int64.of_nativeint input.ck_mechanism_info_flags } in (output) (* GO in CLIENT *) let ck_version_rpc_aux_to_pkcs11 input = let output = { Pkcs11.major = (Pkcs11.string_to_char_array (input.Pkcs11_rpc_aux.major)).(0); Pkcs11.minor = (Pkcs11.string_to_char_array (input.Pkcs11_rpc_aux.minor)).(0) } in (output) let ck_info_rpc_aux_to_pkcs11 input = let output = { Pkcs11.ck_info_cryptoki_version = (ck_version_rpc_aux_to_pkcs11 input.Pkcs11_rpc_aux.rpc_ck_info_cryptoki_version); Pkcs11.ck_info_manufacturer_id = (Pkcs11.string_to_char_array input.Pkcs11_rpc_aux.rpc_ck_info_manufacturer_id); Pkcs11.ck_info_flags = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_info_flags; Pkcs11.ck_info_library_description = (Pkcs11.string_to_char_array input.Pkcs11_rpc_aux.rpc_ck_info_library_description); Pkcs11.ck_info_library_version = (ck_version_rpc_aux_to_pkcs11 input.Pkcs11_rpc_aux.rpc_ck_info_library_version) } in (output) let ck_slot_info_rpc_aux_to_pkcs11 input = let output = { Pkcs11.ck_slot_info_slot_description = (Pkcs11.string_to_char_array input.Pkcs11_rpc_aux.rpc_ck_slot_info_slot_description); Pkcs11.ck_slot_info_manufacturer_id = (Pkcs11.string_to_char_array input.Pkcs11_rpc_aux.rpc_ck_slot_info_manufacturer_id); Pkcs11.ck_slot_info_flags = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_slot_info_flags; Pkcs11.ck_slot_info_hardware_version = (ck_version_rpc_aux_to_pkcs11 input.Pkcs11_rpc_aux.rpc_ck_slot_info_hardware_version); Pkcs11.ck_slot_info_firmware_version = (ck_version_rpc_aux_to_pkcs11 input.Pkcs11_rpc_aux.rpc_ck_slot_info_firmware_version); } in (output) let ck_token_info_rpc_aux_to_pkcs11 input = let output = { Pkcs11.ck_token_info_label = (Pkcs11.string_to_char_array input.Pkcs11_rpc_aux.rpc_ck_token_info_label); Pkcs11.ck_token_info_manufacturer_id = (Pkcs11.string_to_char_array input.Pkcs11_rpc_aux.rpc_ck_token_info_manufacturer_id); Pkcs11.ck_token_info_model = (Pkcs11.string_to_char_array input.Pkcs11_rpc_aux.rpc_ck_token_info_model); Pkcs11.ck_token_info_serial_number = (Pkcs11.string_to_char_array input.Pkcs11_rpc_aux.rpc_ck_token_info_serial_number); Pkcs11.ck_token_info_flags = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_token_info_flags; Pkcs11.ck_token_info_max_session_count = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_token_info_max_session_count; Pkcs11.ck_token_info_session_count = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_token_info_session_count; Pkcs11.ck_token_info_max_rw_session_count = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_token_info_max_rw_session_count; Pkcs11.ck_token_info_rw_session_count = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_token_info_rw_session_count; Pkcs11.ck_token_info_max_pin_len = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_token_info_max_pin_len; Pkcs11.ck_token_info_min_pin_len = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_token_info_min_pin_len; Pkcs11.ck_token_info_total_public_memory = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_token_info_total_public_memory; Pkcs11.ck_token_info_free_public_memory = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_token_info_free_public_memory; Pkcs11.ck_token_info_total_private_memory = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_token_info_total_private_memory; Pkcs11.ck_token_info_free_private_memory = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_token_info_free_private_memory; Pkcs11.ck_token_info_hardware_version = (ck_version_rpc_aux_to_pkcs11 input.Pkcs11_rpc_aux.rpc_ck_token_info_hardware_version); Pkcs11.ck_token_info_firmware_version = (ck_version_rpc_aux_to_pkcs11 input.Pkcs11_rpc_aux.rpc_ck_token_info_firmware_version); Pkcs11.ck_token_info_utc_time = (Pkcs11.string_to_char_array input.Pkcs11_rpc_aux.rpc_ck_token_info_utc_time) } in (output) let ck_attribute_rpc_aux_to_pkcs11 input = let output = { Pkcs11.type_ = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_attribute_type; Pkcs11.value = (Pkcs11.string_to_char_array input.Pkcs11_rpc_aux.rpc_ck_attribute_value); } in (output) let ck_date_rpc_aux_to_pkcs11 input = let output = { Pkcs11.year = (Pkcs11.string_to_char_array input.Pkcs11_rpc_aux.rpc_ck_date_year); Pkcs11.month = (Pkcs11.string_to_char_array input.Pkcs11_rpc_aux.rpc_ck_date_month); Pkcs11.day = (Pkcs11.string_to_char_array input.Pkcs11_rpc_aux.rpc_ck_date_day) } in (output) let ck_mechanism_rpc_aux_to_pkcs11 input = let output = { Pkcs11.mechanism = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_mechanism_mechanism; Pkcs11.parameter = (Pkcs11.string_to_char_array input.Pkcs11_rpc_aux.rpc_ck_mechanism_parameter); } in (output) let ck_session_info_rpc_aux_to_pkcs11 input = let output = { Pkcs11.ck_session_info_slot_id = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_session_info_slot_id; Pkcs11.ck_session_info_state = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_session_info_state; Pkcs11.ck_session_info_flags = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_session_info_flags; Pkcs11.ck_session_info_device_error = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_session_info_device_error } in (output) let ck_mechanism_info_rpc_aux_to_pkcs11 input = let output = { Pkcs11.ck_mechanism_info_min_key_size = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_mechanism_info_min_key_size; Pkcs11.ck_mechanism_info_max_key_size = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_mechanism_info_max_key_size; Pkcs11.ck_mechanism_info_flags = Int64.to_nativeint input.Pkcs11_rpc_aux.rpc_ck_mechanism_info_flags; } in (output) caml-crush-1.0.12/src/rpc-pkcs11/test_pkcs11.ml000066400000000000000000000540621414774042300210140ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the RPC 2] source tree: -------- socket (TCP or Unix) -------------------- |2] RPC |<+++++++++++++++++++> | | | Layer | [SSL/TLS optional] | -------- | -------- | |2] RPC | | | | Layer | | | -------- | -------------------- Project: PKCS#11 Filtering Proxy File: src/rpc-pkcs11/test_pkcs11.ml ************************** MIT License HEADER ***********************************) open Printf let blah = Client.c_Initialize ();; let (ret_value, slot_list_, count) = Client.c_GetSlotList 0 0;; printf "Ret value = %d, Count = %d, slot_list =" ret_value count;; Pkcs11.print_int_array slot_list_;; let (ret_value, slot_list_, count) = Client.c_GetSlotList 0 count;; printf "Ret value = %d, Count = %d, slot_list =" ret_value count;; Pkcs11.print_int_array slot_list_;; let print_slots = fun slot -> let (ret_valuea, slot_info_) = Client.c_GetSlotInfo slot in let (ret_valueb, token_info_) = Client.c_GetTokenInfo slot in (* Slot info *) let slot_desc = Pkcs11.byte_array_to_string slot_info_.Pkcs11.ck_slot_info_slot_description in (* Token info *) let token_label = Pkcs11.byte_array_to_string token_info_.Pkcs11.ck_token_info_label in let token_manufacturer_id = Pkcs11.byte_array_to_string token_info_.Pkcs11.ck_token_info_manufacturer_id in let token_model = Pkcs11.byte_array_to_string token_info_.Pkcs11.ck_token_info_model in let token_serial_number = Pkcs11.byte_array_to_string token_info_.Pkcs11.ck_token_info_serial_number in let token_utc_time = Pkcs11.byte_array_to_string token_info_.Pkcs11.ck_token_info_utc_time in if ret_valuea = Pkcs11.cKR_OK then printf "Slot description: %s\n" slot_desc; if ret_valueb = Pkcs11.cKR_OK then printf " Token label: %s\n" token_label; printf " Token id: %s\n" token_manufacturer_id; printf " Token model: %s\n" token_model; printf " Token serial: %s\n" token_serial_number; printf " Token UTC: %s\n" token_utc_time;; let x = Array.iter print_slots slot_list_;; let slot_id = 0;; (* InitToken *) let label = Pkcs11.string_to_byte_array "TestPkcs11" in let so_pin = Pkcs11.string_to_byte_array "87654321" in ret_value = Client.c_InitToken slot_id so_pin label;; (* InitPIN *) let (ret_value, session) = Client.c_OpenSession slot_id (Pkcs11.cKF_SERIAL_SESSION lor Pkcs11.cKF_RW_SESSION);; let so_pin = Pkcs11.string_to_byte_array "87654321" in ret_value = Client.c_Login session Pkcs11.cKU_SO so_pin;; let user_pin = Pkcs11.string_to_byte_array "0000" in ret_value = Client.c_InitPIN session user_pin;; ret_value = Client.c_Logout session;; let ret_value = Client.c_CloseSession session;; (* SetPIN *) let (ret_value, session) = Client.c_OpenSession slot_id (Pkcs11.cKF_SERIAL_SESSION lor Pkcs11.cKF_RW_SESSION);; let user_pin = Pkcs11.string_to_byte_array "0000";; ret_value = Client.c_Login session Pkcs11.cKU_USER user_pin;; let new_user_pin = Pkcs11.string_to_byte_array "1234";; ret_value = Client.c_SetPIN session user_pin new_user_pin;; ret_value = Client.c_Logout session;; let ret_value = Client.c_CloseSession session;; (* GetMechList *) let (ret_value, mechanism_list_, count) = Client.c_GetMechanismList slot_id 0;; let (ret_value, mechanism_list_, count) = Client.c_GetMechanismList slot_id count;; printf "cKM Array below\n";; let mechanisms = Array.map Pkcs11.match_cKM_value mechanism_list_ in Pkcs11.print_string_array mechanisms;; (* GetMechInfo *) let (ret_value, mechanism_info_) = Client.c_GetMechanismInfo slot_id Pkcs11.cKM_RSA_PKCS;; printf "GetMechanismInfo example below\n";; printf "CKM_RSA_PKCS MinKeySize: %d\n" mechanism_info_.Pkcs11.ck_mechanism_info_min_key_size;; printf "CKM_RSA_PKCS MaxKeySize: %d\n" mechanism_info_.Pkcs11.ck_mechanism_info_max_key_size;; (* GenerateKeyPair *) let (ret_value, session) = Client.c_OpenSession slot_id (Pkcs11.cKF_SERIAL_SESSION lor Pkcs11.cKF_RW_SESSION);; let user_pin = Pkcs11.string_to_byte_array "1234";; ret_value = Client.c_Login session Pkcs11.cKU_USER user_pin;; (* Template utils *) (* MechanismChoice *) let my_mech = { Pkcs11.mechanism = Pkcs11.cKM_RSA_PKCS_KEY_PAIR_GEN ; Pkcs11.parameter = [| |] };; (* PublicTemplate *) let modulus_bits = Pkcs11.int_to_ulong_byte_array 512;; let public_exponent = Pkcs11.int_to_ulong_byte_array 3;; let public_exponent = Pkcs11.string_to_byte_array (Pkcs11.pack "010001");; let label = Pkcs11.string_to_byte_array "mylabel";; let id = Pkcs11.string_to_byte_array "123";; let pubclass = Pkcs11.int_to_ulong_byte_array Pkcs11.cKO_PUBLIC_KEY;; let privclass = Pkcs11.int_to_ulong_byte_array Pkcs11.cKO_PRIVATE_KEY;; let keytype = Pkcs11.int_to_ulong_byte_array Pkcs11.cKK_RSA;; let x1 = { Pkcs11.type_ = Pkcs11.cKA_CLASS; Pkcs11.value = pubclass};; let x2 = { Pkcs11.type_ = Pkcs11.cKA_MODULUS_BITS; Pkcs11.value = modulus_bits};; let x3 = { Pkcs11.type_ = Pkcs11.cKA_TOKEN; Pkcs11.value = Pkcs11.true_};; let x4 = { Pkcs11.type_ = Pkcs11.cKA_ID; Pkcs11.value = id};; let x5 = { Pkcs11.type_ = Pkcs11.cKA_LABEL; Pkcs11.value = label};; let x6 = { Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.true_};; let x7 = { Pkcs11.type_ = Pkcs11.cKA_VERIFY; Pkcs11.value = Pkcs11.true_};; let x8 = { Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.true_};; let x9 = { Pkcs11.type_ = Pkcs11.cKA_PUBLIC_EXPONENT; Pkcs11.value = public_exponent};; let pub_template = [| x1; x2; x3; x4; x5; x6; x7; x8; x9 |];; (* PrivateTemplate *) let y1 = { Pkcs11.type_ = Pkcs11.cKA_CLASS; Pkcs11.value = privclass};; let y3 = { Pkcs11.type_ = Pkcs11.cKA_TOKEN; Pkcs11.value = Pkcs11.true_};; let y4 = { Pkcs11.type_ = Pkcs11.cKA_ID; Pkcs11.value = id};; let y5 = { Pkcs11.type_ = Pkcs11.cKA_LABEL; Pkcs11.value = label};; let y6 = { Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.true_};; let y7 = { Pkcs11.type_ = Pkcs11.cKA_SIGN; Pkcs11.value = Pkcs11.true_};; let y8 = { Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.true_};; let y9 = { Pkcs11.type_ = Pkcs11.cKA_PRIVATE; Pkcs11.value = Pkcs11.true_};; let priv_template = [| y1; y3; y4; y5; y6; y7; y8; y9 |];; (* GenerateKeyPair *) let (ret_value, pubkey_, privkey_) = Client.c_GenerateKeyPair session my_mech pub_template priv_template;; (* SetAttributeValue *) let newlabel = Pkcs11.string_to_byte_array "newlabel";; let z1 = { Pkcs11.type_ = Pkcs11.cKA_LABEL; Pkcs11.value = newlabel};; let mod_template = [| z1 |];; let ret_value = Client.c_SetAttributeValue session pubkey_ mod_template;; (* GetObjectSize *) let (ret_value, size_) = Client.c_GetObjectSize session pubkey_;; printf "PubKeySize: %d\n" size_;; (* Sign *) let tosign = Pkcs11.string_to_byte_array "mysecretdata";; let sign_mech = { Pkcs11.mechanism = Pkcs11.cKM_SHA1_RSA_PKCS ; Pkcs11.parameter = [| |] };; let ret_value = Client.c_SignInit session sign_mech privkey_;; let (ret_value, signed_data_) = Client.c_Sign session tosign ;; printf "--------------\n";; printf "SIGNED DATA\n";; Pkcs11.print_hex_array signed_data_;; printf "--------------\n";; let ret_value = Client.c_VerifyInit session sign_mech pubkey_;; let ret_value = Client.c_Verify session tosign signed_data_;; printf "--------------\n";; printf "C_Verify returned %s\n" (Pkcs11.match_cKR_value ret_value);; printf "--------------\n";; let tosign = Pkcs11.string_to_byte_array "mysecretdata2";; let ret_value = Client.c_VerifyInit session sign_mech pubkey_;; let ret_value = Client.c_Verify session tosign signed_data_;; printf "--------------\n";; printf "C_Verify MUST have FAILED, returned %s\n" (Pkcs11.match_cKR_value ret_value);; printf "--------------\n";; (* Encrypt *) let tocrypt = Pkcs11.string_to_byte_array "mysecretdata";; let crypt_mech = { Pkcs11.mechanism = Pkcs11.cKM_RSA_PKCS ; Pkcs11.parameter = [| |] };; let ret_value = Client.c_EncryptInit session crypt_mech pubkey_;; let (ret_value, crypted_data_) = Client.c_Encrypt session tocrypt ;; printf "--------------\n";; printf "ENCRYPTED DATA\n";; Pkcs11.print_hex_array crypted_data_;; printf "--------------\n";; (* Decrypt *) let ret_value = Client.c_DecryptInit session crypt_mech privkey_;; let (ret_value, decrypted_data_) = Client.c_Decrypt session crypted_data_ ;; printf "--------------\n";; printf "DECRYPTED DATA\n";; Pkcs11.print_char_array decrypted_data_;; printf "--------------\n";; (* GetAttributeValue *) let x1 = { Pkcs11.type_ = Pkcs11.cKA_MODULUS; Pkcs11.value = [||]};; let x2 = { Pkcs11.type_ = Pkcs11.cKA_PUBLIC_EXPONENT; Pkcs11.value = [||]};; let modbit_template = [| x1; x2 |];; let (ret_value, modbit_template) = Client.c_GetAttributeValue session pubkey_ modbit_template;; let (ret_value, modbit_template) = Client.c_GetAttributeValue session pubkey_ modbit_template;; printf "--------------\n";; printf "CKA_MODULUS and CKA_PUBLIC_EXPONENT templates\n";; Pkcs11.print_hex_array modbit_template.(0).Pkcs11.value;; Pkcs11.print_hex_array modbit_template.(1).Pkcs11.value;; (* PublicTemplate *) let x1 = { Pkcs11.type_ = Pkcs11.cKA_CLASS; Pkcs11.value = pubclass};; let x2 = { Pkcs11.type_ = Pkcs11.cKA_KEY_TYPE; Pkcs11.value = keytype};; let x3 = { Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.true_};; let x4 = { Pkcs11.type_ = Pkcs11.cKA_TOKEN; Pkcs11.value = Pkcs11.true_};; let pub_template = Array.append modbit_template [| x1; x2; x3; x4 |];; let (ret_value, pubkey_) = Client.c_CreateObject session pub_template;; printf "--------------\n";; (* PrivateTemplate *) let y2 = { Pkcs11.type_ = Pkcs11.cKA_PRIVATE_EXPONENT; Pkcs11.value = [||]};; let modbit_template = [| y2 |];; let (ret_value, modbit_template) = Client.c_GetAttributeValue session privkey_ modbit_template;; let (ret_value, modbit_template) = Client.c_GetAttributeValue session privkey_ modbit_template;; printf "CKA_PRIVATE_EXPONENT template *before* destruction\n";; Pkcs11.print_hex_array modbit_template.(0).Pkcs11.value;; (* DestroyObject *) (* let ret_value = Client.c_DestroyObject session privkey_;; *) let modbit_template = [| y2 |];; let (ret_value, modbit_template) = Client.c_GetAttributeValue session privkey_ modbit_template;; let (ret_value, modbit_template) = Client.c_GetAttributeValue session privkey_ modbit_template;; printf "CKA_PRIVATE_EXPONENT template *after* destruction\n";; Pkcs11.print_hex_array modbit_template.(0).Pkcs11.value;; printf "--------------\n";; let y1 = { Pkcs11.type_ = Pkcs11.cKA_CLASS; Pkcs11.value = privclass};; let y2 = { Pkcs11.type_ = Pkcs11.cKA_KEY_TYPE; Pkcs11.value = keytype};; let y3 = { Pkcs11.type_ = Pkcs11.cKA_TOKEN; Pkcs11.value = Pkcs11.true_};; let y4 = { Pkcs11.type_ = Pkcs11.cKA_PRIVATE; Pkcs11.value = Pkcs11.true_};; let y5 = { Pkcs11.type_ = Pkcs11.cKA_SENSITIVE; Pkcs11.value = Pkcs11.true_};; let y6 = { Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.true_};; let y7 = { Pkcs11.type_ = Pkcs11.cKA_SIGN; Pkcs11.value = Pkcs11.true_};; let y8 = { Pkcs11.type_ = Pkcs11.cKA_EXTRACTABLE; Pkcs11.value = Pkcs11.false_};; let y9 = { Pkcs11.type_ = Pkcs11.cKA_PRIVATE_EXPONENT; Pkcs11.value = [||]};; let newpriv_template = Array.append modbit_template [| y1; y2; y3; y4; y6; y7; y8; y9 |];; let (ret_value, newprivkey_) = Client.c_CreateObject session newpriv_template;; let ret_value = Client.c_FindObjectsInit session [| |];; let (ret_value, found_, number_) = Client.c_FindObjects session 10;; let ret_value = Client.c_FindObjectsFinal session;; printf "Found %d objects\n" number_;; (* ret_value = Client.c_Logout session;; let ret_value = Client.c_CloseSession session;;*) (* Let's open a session for the _Random ops *) let (ret_value, session) = Client.c_OpenSession slot_id Pkcs11.cKF_SERIAL_SESSION;; (* GetSessionInfo *) let (ret_value, session_info_) = Client.c_GetSessionInfo session;; printf "GetSessionInfo example below\n";; printf "CKS_R0_USER_FUNCTIONS: %d\n" Pkcs11.cKS_RO_USER_FUNCTIONS;; printf "Session state : %d\n" session_info_.Pkcs11.ck_session_info_state;; (* CloseAllSessions *) (** let ret_value = Client.c_CloseAllSessions 0;; *) (* SeedRandom *) let pin = Pkcs11.string_to_byte_array "1234" in ret_value = Client.c_Login session Pkcs11.cKU_USER pin;; let rand = Pkcs11.string_to_byte_array "ThisIsSuperMegaRandom" in ret_value = Client.c_SeedRandom session rand;; (* GenerateRandom *) let rand_len = 32;; let (ret_value, rand_array) = Client.c_GenerateRandom session rand_len;; printf "--------------\n";; printf "Random string of length %d got from C_GenerateRandom:\n" rand_len;; Pkcs11.print_hex_array rand_array;; (* Generate a symmetric Key *) (* Template *) let x1 = { Pkcs11.type_ = Pkcs11.cKA_CLASS; Pkcs11.value = privclass};; let priv_template = [| y1; y3; y4; y5; y6; y7; y8; y9 |];; (* GenerateKey *) let my_mech = { Pkcs11.mechanism = Pkcs11.cKM_DES_KEY_GEN ; Pkcs11.parameter = [| |] };; let (ret_value, deskey_) = Client.c_GenerateKey session my_mech [| |];; (* Dump the private key we have created *) let y2 = { Pkcs11.type_ = Pkcs11.cKA_VALUE; Pkcs11.value = [||]};; let deskey_template = [| y2 |];; let (ret_value, deskey_template) = Client.c_GetAttributeValue session deskey_ deskey_template;; let (ret_value, deskey_template) = Client.c_GetAttributeValue session deskey_ deskey_template;; printf "--------------\n";; printf "DES key value generated with C_GenerateKey:\n";; Pkcs11.print_hex_array deskey_template.(0).Pkcs11.value;; (* Wrap the DES key with the public RSA key *) let my_mech = { Pkcs11.mechanism = Pkcs11.cKM_DES_ECB ; Pkcs11.parameter = [| |] };; let (ret_value, wrapped_key_) = Client.c_WrapKey session my_mech deskey_ privkey_;; printf "--------------\n";; printf "Wrapped RSA DES: %d\n" ret_value;; printf "Wrapped RSA private key with DES_ECB:\n";; Pkcs11.print_hex_array wrapped_key_;; (* Try to Unwrap the key *) let y1 = { Pkcs11.type_ = Pkcs11.cKA_CLASS; Pkcs11.value = privclass};; let y4 = { Pkcs11.type_ = Pkcs11.cKA_ID; Pkcs11.value = id};; let y5 = { Pkcs11.type_ = Pkcs11.cKA_LABEL; Pkcs11.value = label};; let y6 = { Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.true_};; let y7 = { Pkcs11.type_ = Pkcs11.cKA_SIGN; Pkcs11.value = Pkcs11.true_};; let y8 = { Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.true_};; let y9 = { Pkcs11.type_ = Pkcs11.cKA_PRIVATE; Pkcs11.value = Pkcs11.true_};; let priv_template = [| y1; y3; y4; y5; y6; y7; y8; y9 |];; (* This call should fail because the session is RO *) let (ret_value, unwrapped_key_handle_) = Client.c_UnwrapKey session my_mech deskey_ wrapped_key_ priv_template;; (* Open a new RW session *) let (ret_value, session) = Client.c_OpenSession slot_id (Pkcs11.cKF_SERIAL_SESSION lor Pkcs11.cKF_RW_SESSION);; let user_pin = Pkcs11.string_to_byte_array "1234";; ret_value = Client.c_Login session Pkcs11.cKU_USER user_pin;; (* This call should succeed since the session is RW now *) let (ret_value, unwrapped_key_handle_) = Client.c_UnwrapKey session my_mech deskey_ wrapped_key_ priv_template;; (* Now extract the key *) let y2 = { Pkcs11.type_ = Pkcs11.cKA_PRIVATE_EXPONENT; Pkcs11.value = [||]};; let unwrappedkey_template = [| y2 |];; let (ret_value, unwrappedkey_template) = Client.c_GetAttributeValue session unwrapped_key_handle_ unwrappedkey_template;; let (ret_value, unwrappedkey_template) = Client.c_GetAttributeValue session unwrapped_key_handle_ unwrappedkey_template;; printf "--------------\n";; printf "CKA_PRIVATE_EXPONENT template after Unwrap with the DES key\n";; Pkcs11.print_hex_array unwrappedkey_template.(0).Pkcs11.value;; (* Derive a key (we first generate a DH key pair) *) (* MechanismChoice *) let my_mech = { Pkcs11.mechanism = Pkcs11.cKM_DH_PKCS_KEY_PAIR_GEN ; Pkcs11.parameter = [| |] };; (* PublicTemplate *) let prime = Pkcs11.string_to_byte_array (Pkcs11.pack "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF");; let base = Pkcs11.int_to_ulong_byte_array 2;; let x1 = { Pkcs11.type_ = Pkcs11.cKA_PRIME; Pkcs11.value = prime };; let x2 = { Pkcs11.type_ = Pkcs11.cKA_BASE; Pkcs11.value = base };; let pub_dh_template = [| x1; x2 |];; (* PrivateTemplate *) let priv_dh_template = [| { Pkcs11.type_ = Pkcs11.cKA_DERIVE; Pkcs11.value = Pkcs11.true_} |];; (* GenerateKeyPair *) let (ret_value, pubkeydh_, privkeydh_) = Client.c_GenerateKeyPair session my_mech pub_dh_template priv_dh_template;; (* Derivation *) let pub_attr_template = [| { Pkcs11.type_ = Pkcs11.cKA_VALUE; Pkcs11.value = [| |]} |];; let (ret_value, pub_attr_template) = Client.c_GetAttributeValue session pubkeydh_ pub_attr_template;; let my_derive_mech = { Pkcs11.mechanism = Pkcs11.cKM_DH_PKCS_DERIVE ; Pkcs11.parameter = Array.make 128 '0'};; let my_derive_templ = [| {Pkcs11.type_ = Pkcs11.cKA_CLASS; Pkcs11.value = Pkcs11.int_to_ulong_byte_array Pkcs11.cKO_SECRET_KEY} ; {Pkcs11.type_ = Pkcs11.cKA_KEY_TYPE; Pkcs11.value = Pkcs11.int_to_ulong_byte_array Pkcs11.cKK_DES}; {Pkcs11.type_ = Pkcs11.cKA_ENCRYPT; Pkcs11.value = Pkcs11.true_} ; {Pkcs11.type_ = Pkcs11.cKA_DECRYPT; Pkcs11.value = Pkcs11.true_} |];; let (ret_value, derived_key_handle_) = Client.c_DeriveKey session my_derive_mech privkeydh_ my_derive_templ;; let y2 = { Pkcs11.type_ = Pkcs11.cKA_VALUE; Pkcs11.value = [||]};; let derived_key_template = [| y2 |];; let (ret_value, derived_key_template) = Client.c_GetAttributeValue session derived_key_handle_ derived_key_template;; let (ret_value, derived_key_template) = Client.c_GetAttributeValue session derived_key_handle_ derived_key_template;; printf "--------------\n";; printf "DH derived key template after derivation with the DES key\n";; Pkcs11.print_hex_array derived_key_template.(0).Pkcs11.value;; (* Digest *) let my_mech = { Pkcs11.mechanism = Pkcs11.cKM_MD5 ; Pkcs11.parameter = [| |] };; let ret_value = Client.c_DigestInit session my_mech ;; let string_to_digest = "the brown fox jumps over the lazy dog";; let data = Pkcs11.string_to_byte_array string_to_digest;; let ret_value = Client.c_DigestUpdate session data;; let (ret_value, digest_) = Client.c_DigestFinal session;; printf "--------------\n";; printf "MD5 digest of '%s' through Update/Final is:\n" string_to_digest;; Pkcs11.print_hex_array digest_;; (** let ret_value = Client.c_DigestInit session my_mech;; let (ret_value, digest_) = Client.c_Digest session data;; printf "MD5 digest of '%s' through direct digest is:\n" string_to_digest;; Pkcs11.print_hex_array digest_;; **) (* Logout and finalize *) ret_value = Client.c_Logout session;; let ret_value = Client.c_CloseSession session;; let ret_value = Client.c_CloseAllSessions slot_id;; (* Logout on BAD Session ID *) ret_value = Client.c_Logout 20;; Client.c_Finalize ();; caml-crush-1.0.12/src/tests/000077500000000000000000000000001414774042300155705ustar00rootroot00000000000000caml-crush-1.0.12/src/tests/Makefile.in000066400000000000000000000002671414774042300176420ustar00rootroot00000000000000ocaml_tests = ./ocaml #c_tests = ./c-based all: @MAKEPROG@ -C $(ocaml_tests) #@MAKEPROG@ -C $(c_tests) clean: @MAKEPROG@ clean -C $(ocaml_tests) #@MAKEPROG@ clean -C $(c_tests) caml-crush-1.0.12/src/tests/c-based/000077500000000000000000000000001414774042300170665ustar00rootroot00000000000000caml-crush-1.0.12/src/tests/c-based/Makefile.in000066400000000000000000000007041414774042300211340ustar00rootroot00000000000000CC = gcc #CFLAGS_OPT = -Wall -Wextra -pedantic -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wnested-externs -Winline -Wuninitialized CFLAGS_OPT = -g -Wall c_include_dirs = -I$(bindings_dir) bindings_dir = ../../bindings-pkcs11 rpc_dir = ../rpc-pkcs11 all : mainshared mainshared: $(CC) -g -o main-shared.opt main-shared.c -ldl $(c_include_dirs) clean: @rm -f *.o *~ *.opt caml-crush-1.0.12/src/tests/c-based/main-shared.c000066400000000000000000000302371414774042300214270ustar00rootroot00000000000000/*------------------------ MIT License HEADER ------------------------------------ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/c-based/main-shared.c -------------------------- MIT License HEADER ----------------------------------*/ #include #include #include #include #include "original_pkcs11.h" /***** TODO : clean the code and make more tests ***/ /***** FIXME: the following code is ugly as is ****/ int main(int argc, char **argv) { int result; int i = 0; int j = 0; char *error; FILE *fp; void *handle; CK_RV ret = 1; CK_C_GetFunctionList pGetFunctionList = NULL; if (argc < 3) { printf("You must provide two args for dlopen mode ...\n"); printf("%s (lazy|now) libpath\n", argv[0]); exit(-1); } if ((fp = fopen(argv[2], "r")) == NULL) { printf("Sorry P11 library %s can't be opened!\n", argv[2]); exit(-1); } fclose(fp); if (strcmp(argv[1], "lazy") == 0) { printf("Loading %s with RTLD_LAZY\n", argv[2]); handle = dlopen(argv[2], RTLD_LAZY); } else { if (strcmp(argv[1], "now") == 0) { printf("Loading with RTLD_NOW\n"); handle = dlopen(argv[2], RTLD_NOW); } else { printf("Unknown dlopen parameter name %s\n", argv[1]); exit(0); } } if (!handle) { fprintf(stderr, "%s\n", dlerror()); exit(EXIT_FAILURE); } dlerror(); /* Clear any existing error */ /* Retrieve the entry point for C_GetFunctionList */ pGetFunctionList = (CK_C_GetFunctionList) dlsym(handle, "C_GetFunctionList"); if ((error = dlerror()) != NULL) { fprintf(stderr, "%s\n", error); exit(EXIT_FAILURE); } /* Get the PKCS#11 function list */ if (pGetFunctionList == NULL) { printf("Error while getting function list\n"); exit(EXIT_FAILURE); } CK_FUNCTION_LIST_PTR p11 = NULL; (*pGetFunctionList) (&p11); ret = p11->C_Initialize(NULL); printf("C_Init ret %d\n", ret); CK_ULONG p11t_slot_count = 0; ret = p11->C_GetSlotList(1, NULL, &p11t_slot_count); printf("C_GetSlotList token present: yes ret %d, slot count %d\n", ret, p11t_slot_count); ret = p11->C_GetSlotList(0, NULL, &p11t_slot_count); printf("C_GetSlotList token present: no ret %d, slot count %d\n", ret, p11t_slot_count); /* GetSlotInfo */ CK_SLOT_INFO info; ret = p11->C_GetSlotInfo(0, &info); printf("C_GetSlotInfo slot %d ret %d, flags %d\n", 0, ret, info.flags); if (info.flags & CKF_TOKEN_PRESENT) { printf("Slot 0 is not present\n"); } else { printf("Slot 0 is present\n"); } ret = p11->C_GetSlotInfo(1, &info); printf("C_GetSlotInfo slot %d ret %d, flags %d\n", 1, ret, info.flags); if (info.flags & CKF_TOKEN_PRESENT) { printf("Slot 1 is not present\n"); } else { printf("Slot 1 is present\n"); } CK_INFO pInfo; ret = p11->C_GetInfo(&pInfo); printf("C_GetInfo ret %d\n", ret); printf("Cryptoki version %u.%u\n", pInfo.cryptokiVersion.major, pInfo.cryptokiVersion.minor); printf("GetInfo flags %u\n", pInfo.flags); CK_MECHANISM_INFO mech_info; ret = p11->C_GetMechanismInfo(0, 1, &mech_info); printf("C_GetMechInfo ret %d\n", ret); printf("RSA_PKCS min: %lu %lu\n", mech_info.ulMinKeySize, mech_info.ulMaxKeySize); CK_SESSION_HANDLE session; CK_BYTE buf1[10]; ret = p11->C_OpenSession(0, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session); printf("C_OpenSession ret %d session %d\n", ret, session); ret = p11->C_GenerateRandom(session, buf1, 10); printf("C_GeneRand ret %d\n", ret); ret = p11->C_Login(session, CKU_USER, "1234", 4); printf("C_Login ret %d\n", ret); CK_MECHANISM_TYPE array_mech[100]; unsigned long len = 3; ret = p11->C_GetMechanismList(0, array_mech, &len); printf("C_GetMechList ret %d\n", ret); ret = p11->C_OpenSession(0, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session); printf("C_OpenSession ret %d session %d\n", ret, session); unsigned char buff[50] = { 0 }; unsigned long classz = CKO_PRIVATE_KEY; CK_ATTRIBUTE template[] = { {CKA_CLASS, &classz, 8}, }; ret = p11->C_Login(session, CKU_USER, "1234", 4); printf("C_Login ret %d\n", ret); //ret = p11->C_FindObjectsInit(session, template, 1); ret = p11->C_FindObjectsInit(session, NULL, 0); printf("C_FindObjectInit ret %d\n", ret); unsigned long objcount = 1024; int maxobjcount = 8; CK_OBJECT_HANDLE objlist[8]; ret = p11->C_FindObjects(session, objlist, maxobjcount, &objcount); printf("C_FindObject ret %d, %d elem returned\n", ret, objcount); ret = p11->C_FindObjectsFinal(session); printf("C_FindObjectFinal ret %d\n", ret); unsigned char *buff2; unsigned char *buff3; CK_BYTE *buff4; unsigned long class = 10; /* CK_ATTRIBUTE stemplate[] ={ {CKA_CLASS, NULL, 0}, {CKA_LABEL, NULL, 0}, {CKA_ID, NULL, 0}, {CKA_VALUE, NULL, 0}, } ; */ for (j = 0; j < objcount; j++) { CK_ATTRIBUTE stemplate[] = { {CKA_CLASS, NULL, 0} , {CKA_LABEL, NULL, 0} , {CKA_ID, NULL, 0} , {CKA_VALUE, NULL, 0} , } ; ret = p11->C_GetAttributeValue(session, objlist[j], stemplate, 3); printf("FIRST C_GetAttribute %d, %d, %d\n", stemplate[0].ulValueLen, stemplate[1].ulValueLen, stemplate[2].ulValueLen); printf("FIRST C_GetAttribute 0x%lx, 0x%lx, 0x%lx\n", stemplate[0].pValue, stemplate[1].pValue, stemplate[2].pValue); buff2 = malloc(stemplate[1].ulValueLen * sizeof(unsigned char)); buff3 = malloc(stemplate[2].ulValueLen * sizeof(unsigned char)); buff4 = malloc(stemplate[3].ulValueLen * sizeof(CK_BYTE)); CK_ATTRIBUTE sbtemplate[] = { {CKA_CLASS, &class, sizeof(class)} , {CKA_LABEL, buff2, (stemplate[1].ulValueLen - 2)} , {CKA_ID, buff3, stemplate[2].ulValueLen} , {CKA_VALUE, buff4, stemplate[3].ulValueLen} , }; ret = p11->C_GetAttributeValue(session, objlist[j], sbtemplate, 3); printf("C_GetAttribute ret %d, CLASS is %d\n", ret, class); printf("C_GetAttribute ret %d, LABEL len :%d \n", ret, stemplate[1].ulValueLen); for (i = 0; i < stemplate[1].ulValueLen; i++) { printf("%c", (unsigned char)buff2[i]); //printf(":"); } printf("\n"); /* printf("C_GetAttribute ret %d, size of VALUE: %d ID is : ", ret, (sbtemplate[3].ulValueLen)); for (i=0; i< stemplate[3].ulValueLen; i++){ printf("%x", buff4[i]); } */ printf("\n"); free(buff2); free(buff3); free(buff4); } CK_SESSION_INFO session_info; ret = p11->C_GetSessionInfo(session, &session_info); printf("C_GetSessionInfo ret %d, slot: %d\n", ret, session_info.slotID); printf("C_GetSessionInfo ret %d, state: %d\n", ret, session_info.state); //printf("C_GetAttribute ret %d, size of ID: %d ID is %x\n", ret, (sbtemplate[2].ulValueLen), sbtemplate[2].pValue); ret = p11->C_GenerateRandom(session, buff, 32); printf("C_GenerateRandom ret %d\n", ret); /* printf("C_GenerateRandom: ", ret); for (i=0; i< 32; i++){ printf("0x%x ", buff[i]); } */ /* int i = 0; unsigned long len = 5; printf("C_GenerateRandom END\n"); CK_SESSION_HANDLE session2[30]; for(i = 0; i< 30; i++){ ret = p11->C_OpenSession(0, CKF_SERIAL_SESSION, NULL, NULL, &session2[i]); printf("C_OpenSession ret %d %d\n", ret, session2[i]); ret = p11->C_Login(session2[i], CKU_USER, "1234", 4); printf("C_Login ret %d\n", ret); } */ CK_MECHANISM mech = { CKM_RSA_PKCS, NULL, 0 }; unsigned char tosign[] = "test"; unsigned long signed_len = 2; unsigned char *signed_data; unsigned char signed_data2[4] = { 0 }; ret = p11->C_DecryptInit(session, &mech, objlist[2]); printf("C_DecryptInit ret %x\n", ret); ret = p11->C_SignInit(session, &mech, objlist[2]); printf("C_SignInit ret %x\n", ret); /* WRONG BEHAVIOR BELOW, */ ret = p11->C_Sign(session, tosign, 4, NULL, &signed_len); printf ("C_Sign called with NULL, should return CKR_OK and len ret %x, needed len:%d\n", ret, signed_len); //signed_len = 2; signed_data = malloc(signed_len * sizeof(unsigned char)); // Calling C_SignInit before fecthing ret = p11->C_SignInit(session, &mech, objlist[2]); printf("C_SignInit (bad) ret %x\n", ret); ret = p11->C_Sign(session, tosign, 4, signed_data, &signed_len); printf("C_Sign ret %x, needed len:%d\n", ret, signed_len); signed_data = malloc(signed_len * sizeof(unsigned char)); ret = p11->C_Sign(session, tosign, 4, signed_data, &signed_len); printf("C_Sign ret %x, needed len:%d\n", ret, signed_len); ret = p11->C_SeedRandom(session, buff, 10); printf("C_SeedRandom ret %d\n", ret); ret = p11->C_CloseSession(session); printf("C_CloseSession ret %d\n", ret); ret = p11->C_CloseAllSessions(session_info.slotID); printf("C_CloseAllSessions ret %d\n", ret); ret = p11->C_Finalize(NULL); printf("C_Fini ret %d\n", ret); return 0; } caml-crush-1.0.12/src/tests/integration/000077500000000000000000000000001414774042300201135ustar00rootroot00000000000000caml-crush-1.0.12/src/tests/integration/Dockerfile.debian-integration000066400000000000000000000022001414774042300256410ustar00rootroot00000000000000# Override with --build-arg dist=ubuntu --build-arg flavor=bionic ARG dist=debian ARG flavor=sid FROM ${dist}:${flavor} as builder RUN apt-get update && apt-get install -y --no-install-recommends autoconf make gcc \ automake autotools-dev \ ocaml-nox camlidl coccinelle \ libocamlnet-ocaml-dev libocamlnet-ocaml-bin \ libocamlnet-ssl-ocaml libocamlnet-ssl-ocaml-dev \ libssl-dev gnutls-dev \ libconfig-file-ocaml-dev camlp4 \ opensc libtool pkg-config unzip g++ wget WORKDIR /softhsm RUN wget --no-check-certificate https://github.com/opendnssec/SoftHSMv2/archive/refs/tags/2.6.1.zip && unzip 2.6.1.zip WORKDIR /softhsm/SoftHSMv2-2.6.1 RUN ./autogen.sh && ./configure && make && make install FROM builder COPY . /build WORKDIR /build RUN ./autogen.sh RUN ./configure --with-idlgen --with-rpcgen --with-libnames=foo RUN make RUN make install RUN softhsm2-util --init-token --slot 0 --label caml-crush-int-tests --pin 1234 --so-pin 123456 ENTRYPOINT [ "/build/src/tests/integration/run-tests.sh" ]caml-crush-1.0.12/src/tests/integration/Dockerfile.debian-integration-tls000066400000000000000000000022501414774042300264460ustar00rootroot00000000000000# Override with --build-arg dist=ubuntu --build-arg flavor=bionic ARG dist=debian ARG flavor=sid FROM ${dist}:${flavor} as builder RUN apt-get update && apt-get install -y --no-install-recommends autoconf make gcc \ automake autotools-dev \ ocaml-nox camlidl coccinelle \ libocamlnet-ocaml-dev libocamlnet-ocaml-bin \ libocamlnet-ssl-ocaml libocamlnet-ssl-ocaml-dev \ libssl-dev gnutls-dev \ libconfig-file-ocaml-dev camlp4 \ opensc libtool pkg-config unzip g++ wget WORKDIR /softhsm RUN wget --no-check-certificate https://github.com/opendnssec/SoftHSMv2/archive/refs/tags/2.6.1.zip && unzip 2.6.1.zip WORKDIR /softhsm/SoftHSMv2-2.6.1 RUN ./autogen.sh && ./configure && make && make install FROM builder COPY . /build WORKDIR /build RUN ./autogen.sh RUN ./configure --with-idlgen --with-rpcgen --with-ssl --with-ssl-clientfiles='env' --with-libnames=foo RUN make RUN make install RUN softhsm2-util --init-token --slot 0 --label caml-crush-int-tests --pin 1234 --so-pin 123456 ENTRYPOINT [ "/build/src/tests/integration/run-tests.sh" ]caml-crush-1.0.12/src/tests/integration/Dockerfile.debian-integration-unix000066400000000000000000000022671414774042300266370ustar00rootroot00000000000000# Override with --build-arg dist=ubuntu --build-arg flavor=bionic ARG dist=debian ARG flavor=sid FROM ${dist}:${flavor} as builder RUN apt-get update && apt-get install -y --no-install-recommends autoconf make gcc \ automake autotools-dev \ ocaml-nox camlidl coccinelle \ libocamlnet-ocaml-dev libocamlnet-ocaml-bin \ libocamlnet-ssl-ocaml libocamlnet-ssl-ocaml-dev \ libssl-dev gnutls-dev \ libconfig-file-ocaml-dev camlp4 \ opensc libtool pkg-config unzip g++ wget WORKDIR /softhsm RUN wget --no-check-certificate https://github.com/opendnssec/SoftHSMv2/archive/refs/tags/2.6.1.zip && unzip 2.6.1.zip WORKDIR /softhsm/SoftHSMv2-2.6.1 RUN ./autogen.sh && ./configure && make && make install FROM builder COPY . /build WORKDIR /build RUN ./autogen.sh RUN ./configure --with-idlgen --with-rpcgen --with-libnames=foo --with-client-socket=unix,/var/run/pkcs11proxyd.socket RUN make RUN make install RUN softhsm2-util --init-token --slot 0 --label caml-crush-int-tests --pin 1234 --so-pin 123456 ENTRYPOINT [ "/build/src/tests/integration/run-tests.sh" ]caml-crush-1.0.12/src/tests/integration/Dockerfile.debian-integration-unix-tls000066400000000000000000000023371414774042300274350ustar00rootroot00000000000000# Override with --build-arg dist=ubuntu --build-arg flavor=bionic ARG dist=debian ARG flavor=sid FROM ${dist}:${flavor} as builder RUN apt-get update && apt-get install -y --no-install-recommends autoconf make gcc \ automake autotools-dev \ ocaml-nox camlidl coccinelle \ libocamlnet-ocaml-dev libocamlnet-ocaml-bin \ libocamlnet-ssl-ocaml libocamlnet-ssl-ocaml-dev \ libssl-dev gnutls-dev \ libconfig-file-ocaml-dev camlp4 \ opensc libtool pkg-config unzip g++ wget WORKDIR /softhsm RUN wget --no-check-certificate https://github.com/opendnssec/SoftHSMv2/archive/refs/tags/2.6.1.zip && unzip 2.6.1.zip WORKDIR /softhsm/SoftHSMv2-2.6.1 RUN ./autogen.sh && ./configure && make && make install FROM builder COPY . /build WORKDIR /build RUN ./autogen.sh RUN ./configure --with-idlgen --with-rpcgen --with-ssl --with-ssl-clientfiles='env' --with-libnames=foo --with-client-socket=unix,/var/run/pkcs11proxyd.socket RUN make RUN make install RUN softhsm2-util --init-token --slot 0 --label caml-crush-int-tests --pin 1234 --so-pin 123456 ENTRYPOINT [ "/build/src/tests/integration/run-tests.sh" ]caml-crush-1.0.12/src/tests/integration/certs/000077500000000000000000000000001414774042300212335ustar00rootroot00000000000000caml-crush-1.0.12/src/tests/integration/certs/ca-config.json000066400000000000000000000010721414774042300237540ustar00rootroot00000000000000{ "signing": { "default": { "expiry": "168h" }, "profiles": { "server": { "expiry": "8760h", "usages": [ "signing", "key encipherment", "server auth" ] }, "client": { "expiry": "8760h", "usages": [ "signing", "key encipherment", "client auth" ] } } } } caml-crush-1.0.12/src/tests/integration/certs/ca-key.pem000066400000000000000000000032171414774042300231120ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA1oxLTdpPOGLneo52GEDuTe0fz2sKNrXYaMQ3HfqgjKuZ4QK+ LbT+muULrm8MeYlhcXiUQBTMkk9GoLCkomtwMk/6j3EydZeCntOBVStab/zfZALE 8ekmMcT5m0LvYdO64fZXVpptF//0aLsGTAYyoPrlvS/+WcfMLUcdzrbypnLCIt3M UM5gFVrmK/KV/2G0tdX/yc3dSJBH3M9aOZ3gRLnRK+vCVpwESNIVUKUren4nKYra Q57W8LT0Ns/x28ilHh1JdV6iLspxgKbMosmNNTwtzY3Cac8A+/qrul+tnnXkrLNf KwdUx3R1Vgge4woAIS1fUYFGausvthHxgg8XZQIDAQABAoIBAQCPtWVzfnl18XnP s8ESudtlwyF9k9tBjkio1FV+9TO5RfBKscWlZAjuw+ExNB0NA6KLmRLkYYotroBG fkuop4J9kOjqUA5Wiefqbw3AeMuZG66elORKjbsRtzjicNFbm7EgThtuXP4aB041 IKE1JymefrCIKq+af6QZ5/rlTdH2/sknG3zaIpn24vp92OWZgWpX0bmOCa3/kjAJ H/4J3fZpYdi/GQZqPoBkAXiaXKs0+lfXrVSq+m8rvd1rKz17ar5bNAkgK0oymrxS 6gHlZR8L7jcu2ZcbPKtJeSLXw/W5HfcIijLO85VpVFtpY3D0K66zeZsicnx5imPo j1yo+O55AoGBAOETkT8PlxhgeYxj6miaA/QdgRs28PvgHUeOf72bMVOQLIDFdeKV 8rxvID4Zh74Vy7B6VIoJNSHPwJ9d+gwo6/qtG4VLASTvebKUIM7VHsvKrakTmNz1 0Xh33tj0L1gewOqJXQQ31A3CcXBe+QGnNb/Qhb7PIqH+rtURuqgfRijDAoGBAPQG a2DdtPzXmMLmF5OEsyoPWzHbVP1whOshEYhKVLVARy5oVu8SJel9kPg8QEezBP0y xLuxZYIBy6GNGeoXigUu2YyHpYspkcOLb3D7o2G2Pq0NXmdX8+5lINM5Sky4wSQi j3OQkoHJP/fPa/zksyU50+XQGMjn39rXLKBhmPy3AoGACrDsQEuUSMMkYufIFanj MDBKlqlYbw5pNaHuLWp2wFpj0sYOYHHw8sRwiqKZ0Qyl/T8CTwA69t0wcCF9pCA5 fVHFseIrLr71T+c7W7fB27pH33Uf2LcQeSFwg2ut6Ail7z4RHgcs2m53Bvhr6Ykw w2i7QaIDKiC320UZUa0SnxMCgYEA7iv5z/B0frd6/PcQmcXSDMIyMwYs/LQ+tzNu ZkSOSt2y2+OwveRLpooM3YwI/TIIM4zCoaLyPSK9ei861NUmvApPAS8/7wSipWXJ Xk/s1ijHIaZDtsAMcGi50g8/qoRE1pz4wEWiCRTA34DOmGUrSLEZVVt3ZVeTkIel od/ALx8CgYEAyCErlcx/CnxuW1j18W63aFhtNItJtPVMiT4IApJFTUhkSSeucYG6 yU+zyX+Z7LDIRj0GsIPcJ2/WOCm4M7KmVfvVHkpo9tXfC9zf+4N9BTntEUBxxuTz oxgW32dNf2VzKp98bR8D8ob9aKMWyWZQlB5y7DPKe68kJjwPU4nguG8= -----END RSA PRIVATE KEY----- caml-crush-1.0.12/src/tests/integration/certs/ca.csr000066400000000000000000000017201414774042300223270ustar00rootroot00000000000000-----BEGIN CERTIFICATE REQUEST----- MIICmTCCAYECAQAwVDELMAkGA1UEBhMCR0IxDzANBgNVBAgTBkxvbmRvbjEXMBUG A1UEChMOQ2FtbCBDcnVzaCBPcmcxGzAZBgNVBAMTEkNhbWwgQ3J1c2ggVGVzdCBD QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANaMS03aTzhi53qOdhhA 7k3tH89rCja12GjENx36oIyrmeECvi20/prlC65vDHmJYXF4lEAUzJJPRqCwpKJr cDJP+o9xMnWXgp7TgVUrWm/832QCxPHpJjHE+ZtC72HTuuH2V1aabRf/9Gi7BkwG MqD65b0v/lnHzC1HHc628qZywiLdzFDOYBVa5ivylf9htLXV/8nN3UiQR9zPWjmd 4ES50SvrwlacBEjSFVClK3p+JymK2kOe1vC09DbP8dvIpR4dSXVeoi7KcYCmzKLJ jTU8Lc2NwmnPAPv6q7pfrZ515KyzXysHVMd0dVYIHuMKACEtX1GBRmrrL7YR8YIP F2UCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCm7Va0OXlAs3bBqeuOdk2QPPRW Wk7EyGSgYizRDUK3fcnPqITeEUYoRJvbKpzTYFZxeXoqSbyVXNklY05uQgVQkgKK wERJpNTXRaCwifJoV3REElBU9Oj6Pmaj/dJB3fcWKT2sWb9UiBFdbu/Jyeiy8WzX BY4GUr3TzUekboyc0YDFUtArBHQnbthypov2M1K9k8+4eDOqqyFT21Ui7DJeUlVu IDNFjAHcnHIi/zkbdnHYcDV3nPZ+8QK1eVZ/C60tAf4JQZuATvIrbceVG7gK5h82 l+RWOO162M1mwj4KvOLSkDpi7Xfvli85wqVkRnWPaBZyQsYzL3QtWMbzWZFI -----END CERTIFICATE REQUEST----- caml-crush-1.0.12/src/tests/integration/certs/ca.json000066400000000000000000000003411414774042300225070ustar00rootroot00000000000000{ "CN": "Caml Crush Test CA", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "GB", "O": "Caml Crush Org", "ST": "London" } ] }caml-crush-1.0.12/src/tests/integration/certs/ca.pem000066400000000000000000000023611414774042300223230ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDeDCCAmCgAwIBAgIUYltQ6kD1bMXQ7wR0Zmqm8TLQtEkwDQYJKoZIhvcNAQEL BQAwVDELMAkGA1UEBhMCR0IxDzANBgNVBAgTBkxvbmRvbjEXMBUGA1UEChMOQ2Ft bCBDcnVzaCBPcmcxGzAZBgNVBAMTEkNhbWwgQ3J1c2ggVGVzdCBDQTAeFw0yMTA4 MjYxMDQ4MDBaFw0yNjA4MjUxMDQ4MDBaMFQxCzAJBgNVBAYTAkdCMQ8wDQYDVQQI EwZMb25kb24xFzAVBgNVBAoTDkNhbWwgQ3J1c2ggT3JnMRswGQYDVQQDExJDYW1s IENydXNoIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW jEtN2k84Yud6jnYYQO5N7R/Pawo2tdhoxDcd+qCMq5nhAr4ttP6a5Quubwx5iWFx eJRAFMyST0agsKSia3AyT/qPcTJ1l4Ke04FVK1pv/N9kAsTx6SYxxPmbQu9h07rh 9ldWmm0X//RouwZMBjKg+uW9L/5Zx8wtRx3OtvKmcsIi3cxQzmAVWuYr8pX/YbS1 1f/Jzd1IkEfcz1o5neBEudEr68JWnARI0hVQpSt6ficpitpDntbwtPQ2z/HbyKUe HUl1XqIuynGApsyiyY01PC3NjcJpzwD7+qu6X62edeSss18rB1THdHVWCB7jCgAh LV9RgUZq6y+2EfGCDxdlAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB Af8EBTADAQH/MB0GA1UdDgQWBBQK8Z4LQF692R6SsqqOnMUhR5JMwDANBgkqhkiG 9w0BAQsFAAOCAQEAedy4hBpBXq/Ka/ax4Iacb2aOamjBb00HV/CbkgAf8v7whh9C ABLrGXqI0xmXlKInAO6INlqik3hwH1qhcVwB+gN1IXFIqiOKa5uSCEeqqPuthCod yBOSPmRUxzAVG3djaeBTABOaUqUjzxH7qg2YlYmidY3KHsWMI6oLaArnpAlBcBrZ ZZaQwP+G/ymR4tYFzsgvuJdXE+FDM10e3NF7qxknTRIzTPzXlXzHsIQ92aAdnsBc liT9oo+HKQxZrFOP6i1L0ChX/brqfr3VtrAi94oMxf5T1uq6LmRrho9op3yEY20y CBg3C9Tdu5AxSbAPbS0ACLc00GytpDcSgp/P1A== -----END CERTIFICATE----- caml-crush-1.0.12/src/tests/integration/certs/client-key.pem000066400000000000000000000032171414774042300240050ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA1d8oGGMOX7YkK5pXXgWQ8BYKoipsue+3339jFQ81u986lefK K07sd5cnWzNraCN1bnbwSeMjXLeCcKzuiuzPsGJ9elrV5WNlzq7T5HGN9BIZfbke 9Q+EfUQer5pdqt39e+W2pJpFicpbbZXAsELHHOmU3B4NLMRUu9RTgxl7lwskfRS/ /xsjSkqjMmDaN9i/Xba/9aWrLmr1ThCQ+2DfnnjK4y8ZpaVF4mnZs9iIoBCM9Ww+ yGXADwOQapCPWoCSgTf1HIxH+KWY7EFhT7o0QFxwDq/xEF3TMwxuPctS+6u8ZIdT sh33eFJVU0n0FQ0xoodNENnD+HkvKDVWUVkA4QIDAQABAoIBAQCLne2P1gKJKt97 83q7b0jJ4qm4aZem3j4b0g49rjs21ShqufE5yoEGJQ/VMsEYL6W2okCFC5mHKmkl 406qNKP0kqc1W90srXHFtk2vYQ35WmN3toTmF+Y23GRn4I7rP5X97t0HoYppxEdh R5SNvFo9nqLF+3xAUD68i4SlHdqXo8XW2CA+7ArsKAJ7Cb34OgFIhFmtrjK628ub sw6l/d1r3U/bskfYSZDW+RNzXGHDEXwtg5SpNGrNrYnAcMMeaiIVm468boT/tCvp /xu2EF21NwFT6NYfCHIhpz1Wz5w561sfnUE8iUoNtgrlWgP2XGMRwe4hj0DAgsuv UXrhgk1BAoGBAOJXiUfnIRHwsALQS93HIrw/Tfevfc76Gr2DnLatLJ1MV3d1lKoq BMuF1nft+uCUMopoxR+WFMmwjGYq/1BflJwwjJ3n51zpPj8QBgrhiHVIlvjKhg75 XmjbyaGZ4MK8Edl9m6gEA+3U7mPxR2JoHnPg9MF/PSHUYqv99ET6ZW3pAoGBAPHl UO4gpsUTJYKPZqzhop864cJhQzWKWYB3OLOyzgT0KfremrUeHgt7ECa0kWldU+AH kK0PHSAro1WCruv3qkOpalyb5avLF8tSaNC8Zo8wzbbRylwDoZD4j5gSxTN8drO3 Acf/AoxT8cbLa047LLYxIFRLaLFvyk2QAXjQykg5AoGBALduKZtT/MEFRh+Bn3pE gCn/Q7iPSG4M0s7zcnW5Mobn75qod6rQEsK93GmlO8P1VmBFODu47W/m3GGQRwlj 7JQH5G20GxR5EjEZU0xOKsCh63gE6VAJWDGyrV2Bz10B/ZU87oDjgCumfOwSBcAC kWtny/Nkoq5f6PdqACRGqRzBAoGAen0maA68pBq36c73rR9sm7jTTPy3bcsq2zSD z+sBC90fzNsf+ArSJ/ofCZpx76rEqDLsfdWjaADw6oIMVYzJ+Q02wMJooH9tAxYt 4VUlkeiioqrFD6b/D0vuWpFWrmWeLg7DpiRpg+mWCpZDNhAc6f0iY8zzrLXw+Sms tSL063ECgYAQTbI+Zxo08B9gHpOga85iyFBH4S/nhR+5h9DSS3S31QwryMnW46qq a0581muYJaRxxOqDHlrY0KepLJIFbFGHk1m56ejBJvsR588h6coywqT74TfH0eaP tdefcYqdXRTLzZk5IzGFAgfP8Nsi7G45TVHmq+rAtkngUU4ZejsncQ== -----END RSA PRIVATE KEY----- caml-crush-1.0.12/src/tests/integration/certs/client.csr000066400000000000000000000016601414774042300232250ustar00rootroot00000000000000-----BEGIN CERTIFICATE REQUEST----- MIICfzCCAWcCAQAwOjELMAkGA1UEBhMCR0IxDzANBgNVBAcTBkxvbmRvbjEaMBgG A1UEAxMRY2FtbC1jcnVzaC1jbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDV3ygYYw5ftiQrmldeBZDwFgqiKmy577fff2MVDzW73zqV58orTux3 lydbM2toI3VudvBJ4yNct4JwrO6K7M+wYn16WtXlY2XOrtPkcY30Ehl9uR71D4R9 RB6vml2q3f175bakmkWJylttlcCwQscc6ZTcHg0sxFS71FODGXuXCyR9FL//GyNK SqMyYNo32L9dtr/1pasuavVOEJD7YN+eeMrjLxmlpUXiadmz2IigEIz1bD7IZcAP A5BqkI9agJKBN/UcjEf4pZjsQWFPujRAXHAOr/EQXdMzDG49y1L7q7xkh1OyHfd4 UlVTSfQVDTGih00Q2cP4eS8oNVZRWQDhAgMBAAGgADANBgkqhkiG9w0BAQsFAAOC AQEAM4IT+ayzj+npnkKNg5WUk2l0usLutPIMvtn3OelaB0oExS8dfWTfE/bJJKWr lqFTY/pl3qm/OTBOufYVuL6lkWZ+xVMGxVt7cyX/hy1c2dptirsnKQjSEcjUEP93 tKngeIVawhX8D1FdPQlOtEFqcsZbPl4sCedF44VLolKJpdwZjSD7NYN8p6Q2uRVB k4IxR3iGKoLUQCB9v2kkBmGFScft8WprenKgYJdQ4P5R3PLRnxNz8s6Jq0W6vlnn 5eanrfiJQX9FliSUbBKUC/Sd8hmQGJrUOoi/zt74L6VBGyp05LupJ8BfLhfcJ4MB 5SpmoaJ+bB8sd27z7nIfoCIWoQ== -----END CERTIFICATE REQUEST----- caml-crush-1.0.12/src/tests/integration/certs/client.json000066400000000000000000000002761414774042300234110ustar00rootroot00000000000000{ "CN": "caml-crush-client", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "GB", "L": "London" } ] } caml-crush-1.0.12/src/tests/integration/certs/client.pem000066400000000000000000000024221414774042300232140ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDkTCCAnmgAwIBAgIUMhl+AVO4/je3OZs1IV8UsSgJnjswDQYJKoZIhvcNAQEL BQAwVDELMAkGA1UEBhMCR0IxDzANBgNVBAgTBkxvbmRvbjEXMBUGA1UEChMOQ2Ft bCBDcnVzaCBPcmcxGzAZBgNVBAMTEkNhbWwgQ3J1c2ggVGVzdCBDQTAeFw0yMTA4 MjYxMDQ4MDBaFw0yMjA4MjYxMDQ4MDBaMDoxCzAJBgNVBAYTAkdCMQ8wDQYDVQQH EwZMb25kb24xGjAYBgNVBAMTEWNhbWwtY3J1c2gtY2xpZW50MIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1d8oGGMOX7YkK5pXXgWQ8BYKoipsue+3339j FQ81u986lefKK07sd5cnWzNraCN1bnbwSeMjXLeCcKzuiuzPsGJ9elrV5WNlzq7T 5HGN9BIZfbke9Q+EfUQer5pdqt39e+W2pJpFicpbbZXAsELHHOmU3B4NLMRUu9RT gxl7lwskfRS//xsjSkqjMmDaN9i/Xba/9aWrLmr1ThCQ+2DfnnjK4y8ZpaVF4mnZ s9iIoBCM9Ww+yGXADwOQapCPWoCSgTf1HIxH+KWY7EFhT7o0QFxwDq/xEF3TMwxu PctS+6u8ZIdTsh33eFJVU0n0FQ0xoodNENnD+HkvKDVWUVkA4QIDAQABo3UwczAO BgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw ADAdBgNVHQ4EFgQU5167zMemHtIkweQ4wKLtrIz4CYMwHwYDVR0jBBgwFoAUCvGe C0BevdkekrKqjpzFIUeSTMAwDQYJKoZIhvcNAQELBQADggEBAH2W/GhNtIlSZTw+ pS1t6c1TK2T8mBoeIxF3TyKmwznCO+ERjBiqF3UxVJyG87fea4betCVAHmm3RvZX cvr8adfLnUVGxSeDmcxStlMOSjbvbzu17yK6Bc8zB43i21fEwD7FCJ8yIfRaGSG4 s18CUSKwR9HTcc7NtW1LzJUds3Ahn5chtNHmdIHjRacKkWw72sJIVuice9O/mBXo AG+5bra/igSfYrVPcUCgzn4RpSMO8snOxRXTg1oAqPNgZbDcOJyOt4tdMPZqZwSa 4dp4YA5RSPJQMNMq9A4pWCTLavCbKDxtd9GMZopxeJReM29kntdKWlli7HC0r9Ze iM3e61s= -----END CERTIFICATE----- caml-crush-1.0.12/src/tests/integration/certs/server-key.pem000066400000000000000000000032131414774042300240310ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAxIyJ3squHS+FlQesJ58peuxtcE+/9YKDa/QSdoQLUdQSuvqI t0lAiZ1CHW0SHogyuBSx3VsRtcfDUfe/bOQVlfrOLNx3U1XS7rwvksPR0MVAuen4 WHmK2onMRcrvi7rblU53+DhwXkB9DQOWTAywS/4R6j0/Bt4PYUI65h0aSVxbK9g4 cgxMo7wwHbsNyBCRSEWpm9fnwzZG6kJOJzBHV+zwQmWn1yzxfaHuYVvx9QU4LYpC khicEkWuk/tPelinc8S4a9+Os9TA0UoqGR7UIZ+VQqBRZt1g8fig6zRJwRYwcwce hQqNdK4NPrxZ6/GIshvICb1fQtlDKA+mn7H0fQIDAQABAoIBAC7HfDDocFRF8Tct Ik4z1X2KM+ndMUTPkVPqPVKzzrXlEagq5Msqxg96vDegtAVMSTYCxup2OFrZdqVV n9vc1T5i+Rs4RbYx4QgtBe2aaZ+UsvkMtKzqEKA+171stWK+UHDSwj7zv9rO4nRs fCMRigwsJjtn5E5QH7z4NGh8WLtIsybeGt2gpjvpaRuU6X9wjBQz5Lhl4J6DdQUQ DO+iHUrmjOmkwo7icTbaup2WlItSmQ/r0gDgZEQpcfsqFKnDScA0FIY5JKDSalfk Siq2WEUSsAvbmKc/Za63/mf9VZUEOvH1985cetGmGP6RqNOKNgQxPiAIivpUvPVh ujJKywECgYEA5IrysHB3/W+KXo6euh37Vf+3+GmJWI762qa51qFSF14abICDgvhO 16skuzF9owZonjw4d0QMFM5vprdu1W2cIW+VPxWA6c/muPFCwUeGZPGP7DE8lqaQ SA85yOe0YdmoNnm+Omv5Eff8ZFzmCh9IMJxDztuPml3PN3DGeu1aTWECgYEA3CmX SBFop5/dktj3SGZU/C6W7wAseHuf6DOQDKacGJaHtc/W2VjDHgkLcCuMeWBD1kQW xsvkdqWG9B+1BKNnFrdQDpYe6tck1DQ2xkl+6dSYhWlMzzhOuSJVEGgk/QmSBMUc e6TuAyZIxi8HuQx0qu2lQQNEEsX94SPspQyggJ0CgYBngEXIgibVL96KVCyuPUXF /LlkVudMo/QXccpX2VdEHen5mXn1pl6ObYOFAzTSz+QxRTSNTtPp2FPYPNqE7c73 lYERwLtRKEZlG14QCkRjEsMLRIEb+PL+r2aMBeM7LUdw5FGyQ5PY/2XeTfQgQWqA GUTcObMfRbzCbuB0a2mqAQKBgQCBeEPqsbIlwTGABe+FuAgKNSu1aRi90ZV767au edwZ6YvtM0hZkIVNyGvdjv6Q8jdybaAnUAgObdErBupgy+b3yN1fdpC/8b1KvVno yZfE0qzO59mvkqFY5gO4HkaCN3qTK4dQfvEpEP6C7W1ROS3yxsYDsXP6xkxCdenY NdC9UQKBgHRl3kVRaGUFQpSeLkCaTRIoATbDzd49rcRcuTg1fzIlWNcUsHPJZzd8 XBzE9+iv8nWkXZjgxu8/Ewh4hJF8p5sUyt7zjox1N61G6wwKyOR9PxB6Pb1kxtKJ cuWrPOYqOd+89SSFrHGQJSHJehyyw1BJV7+n/S1ZJHkL8mtDYmaj -----END RSA PRIVATE KEY----- caml-crush-1.0.12/src/tests/integration/certs/server.csr000066400000000000000000000017451414774042300232610ustar00rootroot00000000000000-----BEGIN CERTIFICATE REQUEST----- MIICqDCCAZACAQAwNzELMAkGA1UEBhMCR0IxDzANBgNVBAcTBkxvbmRvbjEXMBUG A1UEAxMOcGtjMTFwcm94eWR0bHMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDEjIneyq4dL4WVB6wnnyl67G1wT7/1goNr9BJ2hAtR1BK6+oi3SUCJnUId bRIeiDK4FLHdWxG1x8NR979s5BWV+s4s3HdTVdLuvC+Sw9HQxUC56fhYeYraicxF yu+LutuVTnf4OHBeQH0NA5ZMDLBL/hHqPT8G3g9hQjrmHRpJXFsr2DhyDEyjvDAd uw3IEJFIRamb1+fDNkbqQk4nMEdX7PBCZafXLPF9oe5hW/H1BTgtikKSGJwSRa6T +096WKdzxLhr346z1MDRSioZHtQhn5VCoFFm3WDx+KDrNEnBFjBzBx6FCo10rg0+ vFnr8YiyG8gJvV9C2UMoD6afsfR9AgMBAAGgLDAqBgkqhkiG9w0BCQ4xHTAbMBkG A1UdEQQSMBCCDnBrYzExcHJveHlkdGxzMA0GCSqGSIb3DQEBCwUAA4IBAQABhU4T lTPiOc4Bvq7rMDu3I6aCL2Wo7GnKWxx8SxorUoBt5ugi414K2lNwA6czL3IP7iJ8 qqiTm2RkbO093ikdrkCVCD6Mxr/kWzaK7EY9PuavFkTQwtteHWjbTbjdQbOKzk9v +hPzFWj/mJ7icGWi/LuuwmT9/rufGYaJz8CjiM1syy3/sMNutELMXHvmMvlhLq69 m8LAajHCzRUyGaAet4G0tIHXMvemHlCt+Zmx/bpVkiN2xZeakx8jmX5wtLlQBUpd zTKG9Zf61QfnUcfPezXpY931zR9jIrb0L28FlHWcAuPCeBK+cpO/AY4Bj4nGm/Dk Cp68Ukydael0XkzK -----END CERTIFICATE REQUEST----- caml-crush-1.0.12/src/tests/integration/certs/server.json000066400000000000000000000003521414774042300234340ustar00rootroot00000000000000{ "CN": "pkc11proxydtls", "hosts": [ "pkc11proxydtls" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "GB", "L": "London" } ] } caml-crush-1.0.12/src/tests/integration/certs/server.pem000066400000000000000000000024661414774042300232540ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDqzCCApOgAwIBAgIUAnpmr19LEylmSLJmemnbngf22bcwDQYJKoZIhvcNAQEL BQAwVDELMAkGA1UEBhMCR0IxDzANBgNVBAgTBkxvbmRvbjEXMBUGA1UEChMOQ2Ft bCBDcnVzaCBPcmcxGzAZBgNVBAMTEkNhbWwgQ3J1c2ggVGVzdCBDQTAeFw0yMTA4 MjYxMDQ4MDBaFw0yMjA4MjYxMDQ4MDBaMDcxCzAJBgNVBAYTAkdCMQ8wDQYDVQQH EwZMb25kb24xFzAVBgNVBAMTDnBrYzExcHJveHlkdGxzMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAxIyJ3squHS+FlQesJ58peuxtcE+/9YKDa/QSdoQL UdQSuvqIt0lAiZ1CHW0SHogyuBSx3VsRtcfDUfe/bOQVlfrOLNx3U1XS7rwvksPR 0MVAuen4WHmK2onMRcrvi7rblU53+DhwXkB9DQOWTAywS/4R6j0/Bt4PYUI65h0a SVxbK9g4cgxMo7wwHbsNyBCRSEWpm9fnwzZG6kJOJzBHV+zwQmWn1yzxfaHuYVvx 9QU4LYpCkhicEkWuk/tPelinc8S4a9+Os9TA0UoqGR7UIZ+VQqBRZt1g8fig6zRJ wRYwcwcehQqNdK4NPrxZ6/GIshvICb1fQtlDKA+mn7H0fQIDAQABo4GRMIGOMA4G A1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAA MB0GA1UdDgQWBBQwlFpNmFxhYU5THk4dMtwxkD9JqzAfBgNVHSMEGDAWgBQK8Z4L QF692R6SsqqOnMUhR5JMwDAZBgNVHREEEjAQgg5wa2MxMXByb3h5ZHRsczANBgkq hkiG9w0BAQsFAAOCAQEAFv84RjZJ/WJ3yC10eK8MqaAb/5B9ncr9DUxVdjbHXfp/ SER4SXw7BX02GFlzkC14/c0Ffph7CHfab5vnOStmMKd/s4LvmjFxPPsimbl/Boro 5OEOxZml1VKu6Wt27A2ExD1lsDTI4R84DV/0tWeSt/h8buT5c3K5zEarPhFdvQpe yTxQgv7XXCsdkrz2XVDrMCwwrki6sS2IdSCnXddMiReTMhptYDQSuEmGuIbwAQgD GHGBjeEzTUXmu6xDfnj16SzHswZWJd3UrBhTWcM8k9LKvZsBdpCzA5TNT/X9do3o 5GBgzN2GP9pBUwMjOuqcLp9YojNrV1XTcZqE+k7dzw== -----END CERTIFICATE----- caml-crush-1.0.12/src/tests/integration/certs/ssl-init.sh000066400000000000000000000005431414774042300233330ustar00rootroot00000000000000#No need to run but those were the commends to setup certificates cfssl genkey -initca ca.json | cfssljson -bare ca cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server server.json | cfssljson -bare server cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client client.json | cfssljson -bare clientcaml-crush-1.0.12/src/tests/integration/filter.conf000066400000000000000000000323401414774042300222510ustar00rootroot00000000000000(* debug = integer between 0 and 3 0 = merely no log at all, except critical errors and printing the debug level itself 1 = level 0 + positive filtering matches (i.e. when the filter detects something to block) 2 = level 1 + negative filtering matches (i.e. when the filter detects that it must not block something) 3 = level 2 + print all the fetched configuration variables in the filter configuration file (modules aliasing, filtered labels, filtered ids, ...) *) debug = 0 (* wrapping_format_key = configure the AES-128 key used for the wrapping format. The format is 32 char long string in hexadecimal format. You MUST uncomment and configure to a cryptographically sound random value when using the wrapping_format_patch function of the patchset 1 which is the default configuration. *) wrapping_format_key = "00112233445566778899aabbccddeeff" (* modules = [(a1, b1), (a2, b2) ...] is a list of couples of strings (a, b) with 'a' being an alias, and 'b' being a PATH to the aliased PKCS#11 module *) modules = [("softhsm", "/usr/local/lib/softhsm/libsofthsm2.so"), ("opencryptoki", "/usr/local/lib/opencryptoki/libopencryptoki.so")] (* log_subchannel = string representing the filter log subchannel in the server *) log_subchannel = filter (* forbidden_mechanisms = [(a1, b1), (a2, b2) ...] is a list of couples where 'a' is a regular expression string representing modules and 'b' is a list of PKCS#11 mechanisms with the PKCS#11 definition syntax (CKM_RSA_X_509 for instance) *) forbidden_mechanisms = [("sof.*", [CKM_RSA_X_509]), ("opencrypto.*", [])] (* allowed_labels = [(a1, b1), (a2, b2) ...] is a list of couples where 'a1', 'a2', ... are regular expression strings representing module names, and 'b1', 'b2', ... are regular expressions representing labels example: allowed_labels = [("opencryptoki", ["not_filtered_.*", "test"])] Here, only objects with CKA_LABEL such as "not_filtered_.*" and "test" are usable for the "opencryptoki" alias. default: NO filtering, uncomment and configure below to filter objects *) (* allowed_labels = [("opencryptoki", ["not_filtered_.*", "test"])] *) (* allowed_ids = [(a1, b1), (a2, b2) ...] is a list of couples where 'a1', 'a2', ... are regular expression strings representing module names, and 'b1', 'b2', ... are regular expressions representing ids example: allowed_ids = [("softhsm", [".*"])] Here, this rule allows all CKA_ID to be used for the "softhsm" alias. default: NO filtering, uncomment and configure below to filter objects *) (* allowed_ids = [("softhsm", [".*"])] *) (* forbidden_functions = [(a1, b1), (a2, b2) ...] is a list of couples where 'a1', 'a2', ... are regular expression strings representing module names, and 'b1', 'b2', ... are lists of PKCS#11 functions with the PKCS#11 naming convention (C_Login, C_Logout ...) default OFF, uncomment and configure below to enable; *) (* forbidden_functions = [("soft.*", []), ("softhsm", [])] *) (* enforce_ro_sessions = [(a1, b1), (a2, b2) ...] is a list of couples where 'a' is a regular expression string representing module names, and 'b1', 'b2', ... are booleans that can take 'true', 'false', 'yes' and 'no' as possible values default OFF, uncomment and configure below to enable; *) (* enforce_ro_sessions = [(".*", no)] *) (* forbid_admin_operations = [(a1, b1), (a2, b2) ...] is a list of couples where 'a' is a regular expression string representing module names, and 'b1', 'b2', ... are booleans that can take 'true', 'false', 'yes' and 'no' as possible values default OFF, uncomment and configure below to enable; *) (* forbid_admin_operations = [(".*", yes)] *) (* remove_padding_oracles = [(a1, b1), (a2, b2) ...] is a list of couples where 'a' is a regular expression string representing module names, and 'b1', 'b2', ... are a lists of cryptographic operations type that can take as possible values 'wrap', 'unwrap', 'encrypt', 'sign' and 'all' (this last one represents the sum of all the values) default OFF, uncomment and configure below to enable; *) (* remove_padding_oracles = [(".*", [wrap, unwrap, encrypt])] *) (* filter_actions = list of couples of [string_regexp x list of couples of [PKCS#11_function x custom_function]]). This option is a way to extend the filter features as the user can provide its own hooks on every PKCS#11 function. See FILTER.md for more information. default OFF, uncomment and configure below to enable; *) (* filter_actions = [ (".*", [(C_Login, c_Login_hook), (C_Initialize, c_Initialize_hook)]), ("soft.*", [(C_CloseSession, identity)]) ] *) (**** Fixing PKCS#11 with patchset 1 * See FILTER.md for a detailed explanation of patchset 1 and 2. default ON; *) filter_actions_post = [ (".*", [ (******** This is optional: key usage segregation ******************************) (* (C_Initialize, do_segregate_usage), *) (******** Check for key creation and attribute manipulation on non local keys **) (C_CreateObject, non_local_objects_patch), (C_CopyObject, non_local_objects_patch), (C_SetAttributeValue, non_local_objects_patch), (******** Check for value extraction on sensitive/nonextractable keys **********) (C_GetAttributeValue, prevent_sensitive_leak_patch), (C_SetAttributeValue, prevent_sensitive_leak_patch), (******** CryptokiX conflicting attributes patch addendum for existing objects *) (C_EncryptInit, conflicting_attributes_patch_on_existing_objects), (C_DecryptInit, conflicting_attributes_patch_on_existing_objects), (C_SignInit, conflicting_attributes_patch_on_existing_objects), (C_SignRecoverInit, conflicting_attributes_patch_on_existing_objects), (C_VerifyInit, conflicting_attributes_patch_on_existing_objects), (C_VerifyRecoverInit, conflicting_attributes_patch_on_existing_objects), (C_DeriveKey, conflicting_attributes_patch_on_existing_objects), (C_DigestKey, conflicting_attributes_patch_on_existing_objects), (C_WrapKey, conflicting_attributes_patch_on_existing_objects), (C_UnwrapKey, conflicting_attributes_patch_on_existing_objects), (C_FindObjects, conflicting_attributes_patch_on_existing_objects), (******** Patch addendum to handle key escrow (or not) *) (C_EncryptInit, dangerous_sensitive_keys_escrow_encrypt), (C_DecryptInit, dangerous_sensitive_keys_escrow_encrypt), (C_SignInit, dangerous_sensitive_keys_escrow_encrypt), (C_SignRecoverInit, dangerous_sensitive_keys_escrow_encrypt), (C_VerifyInit, dangerous_sensitive_keys_escrow_encrypt), (C_VerifyRecoverInit, dangerous_sensitive_keys_escrow_encrypt), (C_DeriveKey, dangerous_sensitive_keys_escrow_encrypt), (C_DigestKey, dangerous_sensitive_keys_escrow_encrypt), (C_WrapKey, dangerous_sensitive_keys_escrow_encrypt), (C_UnwrapKey, dangerous_sensitive_keys_escrow_encrypt), (C_FindObjects, dangerous_sensitive_keys_escrow_encrypt), (******** CryptokiX conflicting attributes patch *******************************) (C_CreateObject, conflicting_attributes_patch), (C_CopyObject, conflicting_attributes_patch), (C_UnwrapKey, conflicting_attributes_patch), (C_GenerateKey, conflicting_attributes_patch), (C_GenerateKeyPair, conflicting_attributes_patch), (C_DeriveKey, conflicting_attributes_patch), (C_SetAttributeValue, conflicting_attributes_patch), (******** CryptokiX sticky attributes patch ************************************) (C_CopyObject, sticky_attributes_patch), (C_SetAttributeValue, sticky_attributes_patch), (******** CryptokiX Wrapping format patch **************************************) (C_WrapKey, wrapping_format_patch), (C_UnwrapKey, wrapping_format_patch), (******** Sanitizing the creation attributes patch *****************************) (C_CreateObject, sanitize_creation_templates_patch), (C_CopyObject, sanitize_creation_templates_patch), (C_GenerateKey, sanitize_creation_templates_patch), (C_GenerateKeyPair, sanitize_creation_templates_patch), (C_DeriveKey, sanitize_creation_templates_patch), (C_UnwrapKey, sanitize_creation_templates_patch) ] ) ] (**** Fixing PKCS#11 with patchset 2 * See FILTER.md for a detailed explanation of patchset 1 and 2. default OFF, WARNING patchset 1 and 2 are incompatible, make sure it is not enabled before enabling this one *) (* filter_actions_post = [ (".*", [ (******** This is optional: key usage segregation ******************************) (* (C_Initialize, do_segregate_usage), *) (******** CryptokiX conflicting attributes patch addendum for existing objects *) (C_EncryptInit, conflicting_attributes_patch_on_existing_objects), (C_DecryptInit, conflicting_attributes_patch_on_existing_objects), (C_SignInit, conflicting_attributes_patch_on_existing_objects), (C_SignRecoverInit, conflicting_attributes_patch_on_existing_objects), (C_VerifyInit, conflicting_attributes_patch_on_existing_objects), (C_VerifyRecoverInit, conflicting_attributes_patch_on_existing_objects), (C_DeriveKey, conflicting_attributes_patch_on_existing_objects), (C_DigestKey, conflicting_attributes_patch_on_existing_objects), (C_WrapKey, conflicting_attributes_patch_on_existing_objects), (C_UnwrapKey, conflicting_attributes_patch_on_existing_objects), (C_FindObjects, conflicting_attributes_patch_on_existing_objects), (******** Patch addendum to handle key escrow (or not) *) (C_EncryptInit, dangerous_sensitive_keys_escrow_encrypt), (C_DecryptInit, dangerous_sensitive_keys_escrow_encrypt), (C_SignInit, dangerous_sensitive_keys_escrow_encrypt), (C_SignRecoverInit, dangerous_sensitive_keys_escrow_encrypt), (C_VerifyInit, dangerous_sensitive_keys_escrow_encrypt), (C_VerifyRecoverInit, dangerous_sensitive_keys_escrow_encrypt), (C_DeriveKey, dangerous_sensitive_keys_escrow_encrypt), (C_DigestKey, dangerous_sensitive_keys_escrow_encrypt), (C_WrapKey, dangerous_sensitive_keys_escrow_encrypt), (C_UnwrapKey, dangerous_sensitive_keys_escrow_encrypt), (C_FindObjects, dangerous_sensitive_keys_escrow_encrypt), (******** CryptokiX secure templates patch on key creation and import **********) (C_SetAttributeValue, secure_templates_patch), (C_GenerateKey, secure_templates_patch), (C_GenerateKeyPair, secure_templates_patch), (C_CreateObject, secure_templates_patch), (C_CopyObject, secure_templates_patch), (C_UnwrapKey, secure_templates_patch), (C_DeriveKey, secure_templates_patch), (******** Check for value extraction on sensitive/nonextractable keys **********) (C_GetAttributeValue, prevent_sensitive_leak_patch), (C_SetAttributeValue, prevent_sensitive_leak_patch), (******** Sanitizing the creation attributes patch *****************************) (C_CreateObject, sanitize_creation_templates_patch), (C_CopyObject, sanitize_creation_templates_patch), (C_GenerateKey, sanitize_creation_templates_patch), (C_GenerateKeyPair, sanitize_creation_templates_patch), (C_DeriveKey, sanitize_creation_templates_patch), (C_UnwrapKey, sanitize_creation_templates_patch) ] ) ] *) caml-crush-1.0.12/src/tests/integration/pkcs11proxyd-tcp-tls.conf000066400000000000000000000067151414774042300247270ustar00rootroot00000000000000netplex { controller { max_level = "debug"; (* Log level *) (* configure "admin" socket directory, default "/tmp/.netplex" *) (* socket_directory = "/tmp/.netplex"; *) logging { (* type can either be "stderr", "syslog", "file", "multi_file" * see http://projects.camlcity.org/projects/dl/ocamlnet-3.6/doc/html-main/Netplex_admin.html *) type = "stderr"; (* Log to stderr *) }; }; service { name = "PKCS#11 Filtering Proxy"; (* These parameters can be used to change UID/GID of worker processes *) (* user = "root"; group = "root"; *) (* Do NOT change conn_limit, this would be a serious SECURITY ISSUE *) conn_limit = 1; protocol { (* This section creates the socket *) name = "rpc_pkcs11"; (* OCamlnet 4 support the following to set Unix socket permissions:*) (* local_chmod = "0o777"; *) (* This section creates the socket *) (* Socket can either be TCP or UNIX *) address { (* Default here is TCP localhost on port 4444 *) type = "internet"; bind = "0.0.0.0:4444"; (* For Unix WARNING: For OCamlnet < 4 it is not possible to set the socket permission, you will have to manually fix it to allow multi-user access (e.g. chmod 777 , or umask prior launching). *) (* type = "local"; path = "/var/run/pkcs11proxyd.socket"; *) }; }; processor { (* This section specifies how to process data of the socket *) type = "rpc_pkcs11"; (* libnames param is used when the proxy is compiled WITHOUT filtering support *) (* syntax is: libnames=":;<...>:<...>;"; *) (* libnames="softhsm:/usr/lib/softhsm/libsofthsm2.so;"; *) (* filter_config is used to supply the filtering configuration when compiled in *) filter_config="/build/src/tests/integration/filter.conf"; (*************** TLS support begin ***********************) (* use_ssl = false to disable SSL support on server side *) (* use_ssl = true to enable SSL support on server side *) use_ssl = true; (* TLS support for Caml Crush compiled with OCamlnet 4.x *) (* Uncomment to enable TLS when using OCamlnet 4.x *) tls { (* Ciphersuites, GnuTLS syntax *) (* TLS 1.2, PFS-only suites, no DSS, no CAMELLIA *) algorithms = "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"; (* Force peer client authentication *) peer_auth = "required"; (* Uncomment to enable DHE parameters, used for PFS *) (* dh_params { (* Pre-computed DH parameters *) pkcs3_file = "/etc/pkcs11proxyd/dhparams.pem"; (* Run-time created DH parameters, warning: this takes a long time *) (*bits = 2048;*) }; *) x509 { key { crt_file = "server.pem"; key_file = "server-key.pem"; }; trust { crt_file = "ca.pem"; }; } }; (***************TLS support end *************************) }; workload_manager { type = "dynamic"; max_jobs_per_thread = 1; (* Everything else is senseless *) min_free_jobs_capacity = 1; max_free_jobs_capacity = 1; max_threads = 100; }; } } caml-crush-1.0.12/src/tests/integration/pkcs11proxyd-tcp.conf000066400000000000000000000103361414774042300241210ustar00rootroot00000000000000netplex { controller { max_level = "debug"; (* Log level *) (* configure "admin" socket directory, default "/tmp/.netplex" *) (* socket_directory = "/tmp/.netplex"; *) logging { (* type can either be "stderr", "syslog", "file", "multi_file" * see http://projects.camlcity.org/projects/dl/ocamlnet-3.6/doc/html-main/Netplex_admin.html *) type = "stderr"; (* Log to stderr *) }; }; service { name = "PKCS#11 Filtering Proxy"; (* These parameters can be used to change UID/GID of worker processes *) (* user = "root"; group = "root"; *) (* Do NOT change conn_limit, this would be a serious SECURITY ISSUE *) conn_limit = 1; protocol { (* This section creates the socket *) name = "rpc_pkcs11"; (* OCamlnet 4 support the following to set Unix socket permissions:*) (* local_chmod = "0o777"; *) (* This section creates the socket *) (* Socket can either be TCP or UNIX *) address { (* Default here is TCP localhost on port 4444 *) type = "internet"; bind = "0.0.0.0:4444"; (* For Unix WARNING: For OCamlnet < 4 it is not possible to set the socket permission, you will have to manually fix it to allow multi-user access (e.g. chmod 777 , or umask prior launching). *) (* type = "local"; path = "/var/run/pkcs11proxyd.socket"; *) }; }; processor { (* This section specifies how to process data of the socket *) type = "rpc_pkcs11"; (* libnames param is used when the proxy is compiled WITHOUT filtering support *) (* syntax is: libnames=":;<...>:<...>;"; *) (* libnames="softhsm:/usr/lib/softhsm/libsofthsm2.so;"; *) (* filter_config is used to supply the filtering configuration when compiled in *) filter_config="/build/src/tests/integration/filter.conf"; (*************** TLS support begin ***********************) (* use_ssl = false to disable SSL support on server side *) (* use_ssl = true to enable SSL support on server side *) use_ssl = false; (* TLS support for Caml Crush compiled with OCamlnet 4.x *) (* Uncomment to enable TLS when using OCamlnet 4.x *) (* tls { (* Ciphersuites, GnuTLS syntax *) (* TLS 1.2, PFS-only suites, no DSS, no CAMELLIA *) algorithms = "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"; (* Force peer client authentication *) peer_auth = "required"; (* Uncomment to enable DHE parameters, used for PFS *) (* dh_params { (* Pre-computed DH parameters *) pkcs3_file = "/etc/pkcs11proxyd/dhparams.pem"; (* Run-time created DH parameters, warning: this takes a long time *) (*bits = 2048;*) }; *) x509 { key { crt_file = "server.pem"; key_file = "server.key"; }; trust { crt_file = "cacert.pem"; }; } }; *) (* LEGACY SSL support for Caml Crush <= 1.0.6 or OCamlnet 3.x *) (* OpenSSL cipher syntax, one or many suites can be configured, or alias such as HIGH *) cipher_suite="DHE-RSA-AES128-SHA"; (* Provide full certificate chain in cafile *) cafile = "/usr/local/etc/tests/certs/ca.crt"; certfile = "/usr/local/etc/tests/certs/server.crt"; certkey = "/usr/local/etc/tests/certs/server.key"; (* Optional, allows to use DHE cipher suites, generate custom DH paramerters *) dh_params = "/usr/local/etc/tests/certs/dhparams.pem"; (* Optional, allows to use ECDHE cipher suites *) ec_curve_name = "prime256v1"; (* Optional, allows to use a custom certificate verification depth *) verify_depth = 4; (***************TLS support end *************************) }; workload_manager { type = "dynamic"; max_jobs_per_thread = 1; (* Everything else is senseless *) min_free_jobs_capacity = 1; max_free_jobs_capacity = 1; max_threads = 100; }; } } caml-crush-1.0.12/src/tests/integration/pkcs11proxyd-unix-tls.conf000066400000000000000000000060661414774042300251230ustar00rootroot00000000000000netplex { controller { max_level = "debug"; (* Log level *) (* configure "admin" socket directory, default "/tmp/.netplex" *) (* socket_directory = "/tmp/.netplex"; *) logging { (* type can either be "stderr", "syslog", "file", "multi_file" * see http://projects.camlcity.org/projects/dl/ocamlnet-3.6/doc/html-main/Netplex_admin.html *) type = "stderr"; (* Log to stderr *) }; }; service { name = "PKCS#11 Filtering Proxy"; (* These parameters can be used to change UID/GID of worker processes *) (* user = "root"; group = "root"; *) (* Do NOT change conn_limit, this would be a serious SECURITY ISSUE *) conn_limit = 1; protocol { (* This section creates the socket *) name = "rpc_pkcs11"; (* OCamlnet 4 support the following to set Unix socket permissions:*) (* local_chmod = "0o777"; *) (* This section creates the socket *) (* Socket can either be TCP or UNIX *) address { type = "local"; path = "/var/run/pkcs11proxyd.socket"; }; }; processor { (* This section specifies how to process data of the socket *) type = "rpc_pkcs11"; (* libnames param is used when the proxy is compiled WITHOUT filtering support *) (* syntax is: libnames=":;<...>:<...>;"; *) (* libnames="softhsm:/usr/lib/softhsm/libsofthsm2.so;"; *) (* filter_config is used to supply the filtering configuration when compiled in *) filter_config="/build/src/tests/integration/filter.conf"; (*************** TLS support begin ***********************) (* use_ssl = false to disable SSL support on server side *) (* use_ssl = true to enable SSL support on server side *) use_ssl = true; (* TLS support for Caml Crush compiled with OCamlnet 4.x *) (* Uncomment to enable TLS when using OCamlnet 4.x *) tls { (* Ciphersuites, GnuTLS syntax *) (* TLS 1.2, PFS-only suites, no DSS, no CAMELLIA *) algorithms = "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"; (* Force peer client authentication *) peer_auth = "required"; (* Uncomment to enable DHE parameters, used for PFS *) (* dh_params { (* Pre-computed DH parameters *) pkcs3_file = "/etc/pkcs11proxyd/dhparams.pem"; (* Run-time created DH parameters, warning: this takes a long time *) (*bits = 2048;*) }; *) x509 { key { crt_file = "server.pem"; key_file = "server-key.pem"; }; trust { crt_file = "ca.pem"; }; } }; (***************TLS support end *************************) }; workload_manager { type = "dynamic"; max_jobs_per_thread = 1; (* Everything else is senseless *) min_free_jobs_capacity = 1; max_free_jobs_capacity = 1; max_threads = 100; }; } } caml-crush-1.0.12/src/tests/integration/pkcs11proxyd-unix.conf000066400000000000000000000075061414774042300243230ustar00rootroot00000000000000netplex { controller { max_level = "debug"; (* Log level *) (* configure "admin" socket directory, default "/tmp/.netplex" *) (* socket_directory = "/tmp/.netplex"; *) logging { (* type can either be "stderr", "syslog", "file", "multi_file" * see http://projects.camlcity.org/projects/dl/ocamlnet-3.6/doc/html-main/Netplex_admin.html *) type = "stderr"; (* Log to stderr *) }; }; service { name = "PKCS#11 Filtering Proxy"; (* These parameters can be used to change UID/GID of worker processes *) (* user = "root"; group = "root"; *) (* Do NOT change conn_limit, this would be a serious SECURITY ISSUE *) conn_limit = 1; protocol { (* This section creates the socket *) name = "rpc_pkcs11"; (* OCamlnet 4 support the following to set Unix socket permissions:*) (* local_chmod = "0o777"; *) (* This section creates the socket *) (* Socket can either be TCP or UNIX *) address { type = "local"; path = "/var/run/pkcs11proxyd.socket"; }; }; processor { (* This section specifies how to process data of the socket *) type = "rpc_pkcs11"; (* libnames param is used when the proxy is compiled WITHOUT filtering support *) (* syntax is: libnames=":;<...>:<...>;"; *) (* libnames="softhsm:/usr/lib/softhsm/libsofthsm2.so;"; *) (* filter_config is used to supply the filtering configuration when compiled in *) filter_config="/build/src/tests/integration/filter.conf"; (*************** TLS support begin ***********************) (* use_ssl = false to disable SSL support on server side *) (* use_ssl = true to enable SSL support on server side *) use_ssl = false; (* TLS support for Caml Crush compiled with OCamlnet 4.x *) (* Uncomment to enable TLS when using OCamlnet 4.x *) (* tls { (* Ciphersuites, GnuTLS syntax *) (* TLS 1.2, PFS-only suites, no DSS, no CAMELLIA *) algorithms = "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"; (* Force peer client authentication *) peer_auth = "required"; (* Uncomment to enable DHE parameters, used for PFS *) (* dh_params { (* Pre-computed DH parameters *) pkcs3_file = "/etc/pkcs11proxyd/dhparams.pem"; (* Run-time created DH parameters, warning: this takes a long time *) (*bits = 2048;*) }; *) x509 { key { crt_file = "server.pem"; key_file = "server.key"; }; trust { crt_file = "cacert.pem"; }; } }; *) (* LEGACY SSL support for Caml Crush <= 1.0.6 or OCamlnet 3.x *) (* OpenSSL cipher syntax, one or many suites can be configured, or alias such as HIGH *) cipher_suite="DHE-RSA-AES128-SHA"; (* Provide full certificate chain in cafile *) cafile = "/usr/local/etc/tests/certs/ca.crt"; certfile = "/usr/local/etc/tests/certs/server.crt"; certkey = "/usr/local/etc/tests/certs/server.key"; (* Optional, allows to use DHE cipher suites, generate custom DH paramerters *) dh_params = "/usr/local/etc/tests/certs/dhparams.pem"; (* Optional, allows to use ECDHE cipher suites *) ec_curve_name = "prime256v1"; (* Optional, allows to use a custom certificate verification depth *) verify_depth = 4; (***************TLS support end *************************) }; workload_manager { type = "dynamic"; max_jobs_per_thread = 1; (* Everything else is senseless *) min_free_jobs_capacity = 1; max_free_jobs_capacity = 1; max_threads = 100; }; } } caml-crush-1.0.12/src/tests/integration/run-tests.sh000077500000000000000000000001341414774042300224140ustar00rootroot00000000000000#!/bin/bash pkcs11-tool --module /usr/local/lib/caml-crush/libp11clientfoo.so -t --pin 1234caml-crush-1.0.12/src/tests/integration/wait-for-it.sh000077500000000000000000000121531414774042300226160ustar00rootroot00000000000000#!/usr/bin/env bash # Use this script to test if a given TCP host/port are available WAITFORIT_cmdname=${0##*/} echoerr() { if [[ $WAITFORIT_QUIET -ne 1 ]]; then echo "$@" 1>&2; fi } usage() { cat << USAGE >&2 Usage: $WAITFORIT_cmdname host:port [-s] [-t timeout] [-- command args] -h HOST | --host=HOST Host or IP under test -p PORT | --port=PORT TCP port under test Alternatively, you specify the host and port as host:port -s | --strict Only execute subcommand if the test succeeds -q | --quiet Don't output any status messages -t TIMEOUT | --timeout=TIMEOUT Timeout in seconds, zero for no timeout -- COMMAND ARGS Execute command with args after the test finishes USAGE exit 1 } wait_for() { if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then echoerr "$WAITFORIT_cmdname: waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT" else echoerr "$WAITFORIT_cmdname: waiting for $WAITFORIT_HOST:$WAITFORIT_PORT without a timeout" fi WAITFORIT_start_ts=$(date +%s) while : do if [[ $WAITFORIT_ISBUSY -eq 1 ]]; then nc -z $WAITFORIT_HOST $WAITFORIT_PORT WAITFORIT_result=$? else (echo -n > /dev/tcp/$WAITFORIT_HOST/$WAITFORIT_PORT) >/dev/null 2>&1 WAITFORIT_result=$? fi if [[ $WAITFORIT_result -eq 0 ]]; then WAITFORIT_end_ts=$(date +%s) echoerr "$WAITFORIT_cmdname: $WAITFORIT_HOST:$WAITFORIT_PORT is available after $((WAITFORIT_end_ts - WAITFORIT_start_ts)) seconds" break fi sleep 1 done return $WAITFORIT_result } wait_for_wrapper() { # In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692 if [[ $WAITFORIT_QUIET -eq 1 ]]; then timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --quiet --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT & else timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT & fi WAITFORIT_PID=$! trap "kill -INT -$WAITFORIT_PID" INT wait $WAITFORIT_PID WAITFORIT_RESULT=$? if [[ $WAITFORIT_RESULT -ne 0 ]]; then echoerr "$WAITFORIT_cmdname: timeout occurred after waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT" fi return $WAITFORIT_RESULT } # process arguments while [[ $# -gt 0 ]] do case "$1" in *:* ) WAITFORIT_hostport=(${1//:/ }) WAITFORIT_HOST=${WAITFORIT_hostport[0]} WAITFORIT_PORT=${WAITFORIT_hostport[1]} shift 1 ;; --child) WAITFORIT_CHILD=1 shift 1 ;; -q | --quiet) WAITFORIT_QUIET=1 shift 1 ;; -s | --strict) WAITFORIT_STRICT=1 shift 1 ;; -h) WAITFORIT_HOST="$2" if [[ $WAITFORIT_HOST == "" ]]; then break; fi shift 2 ;; --host=*) WAITFORIT_HOST="${1#*=}" shift 1 ;; -p) WAITFORIT_PORT="$2" if [[ $WAITFORIT_PORT == "" ]]; then break; fi shift 2 ;; --port=*) WAITFORIT_PORT="${1#*=}" shift 1 ;; -t) WAITFORIT_TIMEOUT="$2" if [[ $WAITFORIT_TIMEOUT == "" ]]; then break; fi shift 2 ;; --timeout=*) WAITFORIT_TIMEOUT="${1#*=}" shift 1 ;; --) shift WAITFORIT_CLI=("$@") break ;; --help) usage ;; *) echoerr "Unknown argument: $1" usage ;; esac done if [[ "$WAITFORIT_HOST" == "" || "$WAITFORIT_PORT" == "" ]]; then echoerr "Error: you need to provide a host and port to test." usage fi WAITFORIT_TIMEOUT=${WAITFORIT_TIMEOUT:-15} WAITFORIT_STRICT=${WAITFORIT_STRICT:-0} WAITFORIT_CHILD=${WAITFORIT_CHILD:-0} WAITFORIT_QUIET=${WAITFORIT_QUIET:-0} # Check to see if timeout is from busybox? WAITFORIT_TIMEOUT_PATH=$(type -p timeout) WAITFORIT_TIMEOUT_PATH=$(realpath $WAITFORIT_TIMEOUT_PATH 2>/dev/null || readlink -f $WAITFORIT_TIMEOUT_PATH) WAITFORIT_BUSYTIMEFLAG="" if [[ $WAITFORIT_TIMEOUT_PATH =~ "busybox" ]]; then WAITFORIT_ISBUSY=1 # Check if busybox timeout uses -t flag # (recent Alpine versions don't support -t anymore) if timeout &>/dev/stdout | grep -q -e '-t '; then WAITFORIT_BUSYTIMEFLAG="-t" fi else WAITFORIT_ISBUSY=0 fi if [[ $WAITFORIT_CHILD -gt 0 ]]; then wait_for WAITFORIT_RESULT=$? exit $WAITFORIT_RESULT else if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then wait_for_wrapper WAITFORIT_RESULT=$? else wait_for WAITFORIT_RESULT=$? fi fi if [[ $WAITFORIT_CLI != "" ]]; then if [[ $WAITFORIT_RESULT -ne 0 && $WAITFORIT_STRICT -eq 1 ]]; then echoerr "$WAITFORIT_cmdname: strict mode, refusing to execute subprocess" exit $WAITFORIT_RESULT fi exec "${WAITFORIT_CLI[@]}" else exit $WAITFORIT_RESULT fi caml-crush-1.0.12/src/tests/ocaml/000077500000000000000000000000001414774042300166635ustar00rootroot00000000000000caml-crush-1.0.12/src/tests/ocaml/HOW_TO_PERFORM_TESTS.md000066400000000000000000000224671414774042300224330ustar00rootroot00000000000000# Performing tests We provide a few ways to manually validate the behavior of a library implementing the PKCS#11 standard. In particular, it allows to check that the proxy actually performs the filtering actions that it is meant to implement. ## Contents of directory src/tests/ocaml In this directory one can find : > 1 ] a configuration file pkcs11.conf allowing to configure which library to use to carry out the tests; > 2 ] a few programs for testings general functionalities of the token : >- destroy.ml allows to destroy all objetcs on the token >- digest_test.ml, encdec_test.ml, test_pkcs11.ml and wrap_unwrap.ml allow to perform various cryptographic operations > 3 ] a quite generic way of testing a sequence of operations, and in particular to 'manually' carry out tests of the token resilience to well-known API-level vulnerabilities. Classic scenarios are already encoded, the details follow. ## Quickstart > 0 ] To test the proxy, get a daemon running in foreground mode : /usr/local/bin/pkcs11proxyd -fg -conf /usr/local/etc/pkcs11proxyd/pkcs11proxyd.conf Hence, you can observe which calls and tests are filtered and why. > 1 ] Open the file pkcs11.conf and set the variable Libname to > the library you want to test, and the PIN code as appropriate. > E.g. to test the client library for the proxy, and it is named /usr/local/lib/libp11clientfoo.so > then you should set : Libname = "../../client-lib/libp11clientfoo.so" > 2 ] Build the tests by typing: make > 3 ] Execute the generic scenario parser on one of the test scenarios listed below by typing : ./generic_scenario.opt < name_of_the_test_scenario > e.g. if your test scenario is encoded in the file get_sensitive_key.ml ./generic_scenario.opt get_sensitive_key Choices of scenarios are amongst : get_sensitive_key, wrap_and_decrypt_1 to wrap_and_decrypt_4, encrypt_and_unwrap, sensitive_is_sticky, extractable_is_sticky, create_object_1 and create_object_2, double_unwrap, misc_scenario. Each scenario file, which is named as the test scenario and suffixed by .ml, contains as a commentary an explanation of the test carried out. > 4 ] You can destroy the objects created on your token by the tests by using ./destroy.opt ## Understanding the generic test scenarios ### A ] Constituents - File p11_for_generic.ml contains all the material to carry out test scenarios written in other files. - File generic_scenario.ml contains the code related to the generation of a key_to_leak and the mechanisms to test. - Files containing test scenarios (and only that) are : * get_sensitive_key.ml * wrap_and_decrypt_1.ml to wrap_and_decrypt_4.ml * encrypt_and_unwrap.ml * sensitive_is_sticky.ml * extractable_is_sticky.ml * create_object_1.ml and create_object_2.ml * double_unwrap.ml * misc_scenario.ml - Usage : ./generic_scenario.opt < name_of_the_test_scenario > e.g. if your test scenario is encoded in the file get_sensitive_key.ml ./generic_scenario.opt get_sensitive_key ### B ] The pseudo-language used to describe test scenarios. A little "encoding language" for test scenarios can be used to put to test different strategies. It can be extended at will. A test scenario is executed given two global parameter : a key_to_leak and a mechanism mech. When beginning the execution of a test scenario, we suppose the token is initialized, supports mechanism mech, and that key_to_leak is a key usable with this mechanism mech. For the time being, only symmetric mechanisms are supported. **TO CHANGE MECHANISMS INVOLVED, UPDATE VARIABLE symmetric_mechs_tested IN p11_for_generic.ml. By default, it contains all the mechanisms that can be tested for the time being. HOWEVER, ONLY THE LAST MECHANISM FOR WHICH THE GENERATION SUCCEEDED WILL BE TESTED. The test scenario is processed using the last mechanism for which the key generation of key_to_leak succeeds.** In the mini-language, a test scenario is encoded as a sequence of pairs of a named template and an opcode, where : - a **named template** is a pair of a name and a template, which is an array of attributes (types and values). Namely, the name is of type string, and is just featured to be concatenated to labels for keys potentially created in the token with attributes matching the template. Examples of valid named templates : 1- ("token_wd", [|{ Pkcs11.type_ =Pkcs11.cKA_TOKEN ; Pkcs11.value = Pkcs11.true_ }|]) 2- ("empty", [||] ) - an **opcode** is a code of one of the following forms : type opcode = W | D | G | E | GKTL | U of (Pkcs11.ck_attribute array) | C of (Pkcs11.ck_attribute array) | DoubleU of (Pkcs11.ck_attribute array * Pkcs11.ck_attribute array) | S | F | WW An opcode is encoding a particular PKCS#11 operation, which is applied to a local state carrying along our scenario the elements that we might need. Before detailing the operations performed by each opcode, let us define these local "states", which are of the type scenario_state defined below. type previous_result_needed = Empty | Hdl of Pkcs11.ck_object_handle_t | Bitstring of char array type scenario_state = previous_result_needed * Pkcs11.ck_object_handle_t * (Pkcs11.ck_attribute list) (* ck_object_handle contains the key generated at the beginning of the scenario to perform crypto afterwards *) Hence, a scenario_state is a triple of : - the result of the previous operations (which can be nothing (Empty), a handle (encoded as Hdl()) or a bitstring (encoded as Bitstring()). - the handle of the 'operative' key, which is (generally) used in the operation encoded by the opcode - an attribute list possibly useful to carry through our computations. ### C ] Execution of the scenario Now that we know what info is carried along in a state, let us see how a scenario is processed. ####I - Initialisation : the init_action function is meant to create and initialize a scenario state to use in the test scenario. Indeed, it aims at creating a handle to a key with the attributes set to values as specified by attr_templates. In other words, the first named template in a scenario will result in the creation of a key conforming to this template, and a handle to this key is stored in the 'middle' component of the output scenario state. The key is meant for the mechanism 'mech' (globally used as a parameter of the scenario_parser function). To perform the key generation, two strategies are tried : generating the key with the right attributes in one step, or setting them progressively. ####II - Processing of one step : -1/ given as input a scenario state, we try to set one by one the attributes in attr_template on the key refered by the handle obj_hdl. 2/ the operation encoded by the opcode is carried out. - the W opcode : Input : (prev_res, obj_hdl, _) corresponds to a wrap operation of key_to_leak,carried out using the mechanism mech (with null parameter of the right size) passed a global argument to the scenario_parser. --> if prev_res is a handle, this latter is used to wrap; --> otherwise, the handle obj_hdl (middle component of scenario state) is used. Output : (wrapped value, obj_hdl, []) - the D opcode : Input : (prev_res, obj_hdl, ck_attr_list) --> if prev_res of the form Bitstring(bs), decrypts bs and prints it out. Output : None - the GKTL opcode : prints out the valueof key_to_leak (the global argument of scenario_parser); leaves myscenariostate unchanged - the G opcode : Input : Some(Hdl(other_hdl),obj_hdl,ck_attr_list) prints out the value of (the key refered to by) other_hdl, leaves the scenario state unchanged. - the E opcode : Input : Some(prev_res, obj_hdl, ck_attr_list)) encrypts (the right number of) zeroes with --> if prev_res is of the form Hdl(other_hdl), other_hdl --> obj_hdl otherwise Stores the resulting bitstring in the "previous result" filed of the state, and sets the second component of the state to obj_hdl. - the U(attr_template) opcode : Input : Some(Bitstring(bs), obj_hdl, ck_attr_list)) unwraps ciphertext with obj_hdl and attributes attr_template. In case of success, the resulting handle is stored in the first component of the scenario state, second component is the obj_hdl used to unwrap. - the C(attr_template) opcode : Creates a secret key worth (an adequate number of) zeroes, corresponding to the mechanism 'mech'. In case of success, the resulting handle is is stored in the first component of the scenario state output. Rest of the state remains unchanged. - the DoubleU(attr_template, attr_template2) opcode : Input : Some(Bitstring(bs), obj_hdl, ck_attr_list)) unwraps *twice* ciphertext with obj_hdl, firstly with attributes in attr_template, secondly with attributes in attr_template2. In case of success, the handle resulting from the first (resp.second) unwrap is stored in the first (resp. second) component of the resulting scenario state. - S opcode : skips (useful if the named template associated is non-empty) - F opcode : "forwards" a handle in the first component of the scenario state to the second component. Namely, turns Some(Hdl(hdl), obj_hdl, ck_attr_list) into Some(Empty, hdl, ck_attr_list). - WW opcode : input : Some(Hdl(other_hdl), obj_hdl, ck_attr_array) wraps the (key refered to by) handle other_hdl (first component of the state) using obj_hdl (second component of the state). caml-crush-1.0.12/src/tests/ocaml/Makefile.in000066400000000000000000000071731414774042300207400ustar00rootroot00000000000000bindings_dir = ../../bindings-pkcs11 CFLAGS = -I $(bindings_dir) LDFLAGS = -cclib -lcamlidl -cclib -L$(bindings_dir) all: build_bindings_standalone p11_common p11_for_generic complete_test digest_test encdec_test wrap_unwrap_test destroy_objects generic_scenario build_bindings_standalone: cd $(bindings_dir) && make -f Makefile.standalone && cd - p11_common: ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c p11_common.ml p11_for_generic: ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c p11_for_generic.ml complete_test: ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c test_pkcs11.ml ocamlfind ocamlopt -package "config-file" -linkpkg $(bindings_dir)/pkcs11_standalone.cmxa p11_common.cmx test_pkcs11.cmx $(LDFLAGS) -o pkcs11.opt destroy_objects: ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c destroy.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" -linkpkg $(bindings_dir)/pkcs11_standalone.cmxa p11_common.cmx destroy.cmx $(LDFLAGS) -o destroy_objects.opt digest_test: ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c digest_test.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" -linkpkg $(bindings_dir)/pkcs11_standalone.cmxa p11_common.cmx digest_test.cmx $(LDFLAGS) -o digest_test.opt encdec_test: ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c encdec_test.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" -linkpkg $(bindings_dir)/pkcs11_standalone.cmxa p11_common.cmx encdec_test.cmx $(LDFLAGS) -o encdec_test.opt wrap_unwrap_test: ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c wrap_unwrap.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" -linkpkg $(bindings_dir)/pkcs11_standalone.cmxa p11_common.cmx wrap_unwrap.cmx $(LDFLAGS) -o wrap_unwrap_test.opt generic_scenario: build_bindings_standalone p11_common p11_for_generic ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c get_sensitive_key.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c sensitive_is_sticky.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c extractable_is_sticky.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c encrypt_and_unwrap.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c misc_scenario.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c double_unwrap.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c wrap_and_decrypt_1.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c wrap_and_decrypt_2.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c wrap_and_decrypt_3.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c wrap_and_decrypt_4.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c create_object_1.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c create_object_2.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" $(CFLAGS) -c generic_scenario.ml ocamlfind ocamlopt @ocaml_options@ -package "config-file" -linkpkg $(bindings_dir)/pkcs11_standalone.cmxa p11_common.cmx p11_for_generic.cmx get_sensitive_key.cmx sensitive_is_sticky.cmx extractable_is_sticky.cmx encrypt_and_unwrap.cmx misc_scenario.cmx double_unwrap.cmx wrap_and_decrypt_1.cmx wrap_and_decrypt_2.cmx wrap_and_decrypt_3.cmx wrap_and_decrypt_4.cmx create_object_1.cmx create_object_2.cmx generic_scenario.cmx $(LDFLAGS) -o generic_scenario.opt clean: @rm -f *.cmi *.cmx *.o *.cmo *~ *.opt *.cmxa *.a *.cma *.so caml-crush-1.0.12/src/tests/ocaml/create_object_1.ml000066400000000000000000000101151414774042300222240ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/create_object_1.ml ************************** MIT License HEADER ***********************************) open P11_common open P11_for_generic let this_scenario = let template_wrap = [| attr_wrap |] in let empty = ( [||] : Pkcs11.ck_attribute array ) in [ ( ("empty", empty ), C( [| attr_wrap |] ) ) ; (("empty", empty), W) ] (* we try here the creation of an object (worth a string of zeroes of the adequate length), and then we try to use it to wrap the key to leak. This would be bad since the result of the unwrapping can be decrypted using zeroes as a key value. *) caml-crush-1.0.12/src/tests/ocaml/create_object_2.ml000066400000000000000000000102001414774042300222200ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/create_object_2.ml ************************** MIT License HEADER ***********************************) open P11_common open P11_for_generic let this_scenario = let template_w = [| attr_wrap |] in let empty = ( [||] : Pkcs11.ck_attribute array ) in [ (("empty", empty), C([||])) ; ( ("empty", empty), F ); (("template_w", template_w), W)] (* we try here the creation of an object (worth a string of zeroes of the adequate length), try to set the wrap attribute to true, and then we try to use it to wrap the key to leak. This would be bad since the result of the unwrapping can be decrypted using zeroes as a key value. *) caml-crush-1.0.12/src/tests/ocaml/destroy.ml000066400000000000000000000135631414774042300207160ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/destroy.ml ************************** MIT License HEADER ***********************************) open Printf open P11_common let destroy_all session obj = let ret_value = Pkcs11.mL_CK_C_DestroyObject session obj in printf "C_DestroyObject ret: %s for object %s\n" (Pkcs11.match_cKR_value ret_value) (Nativeint.to_string obj) let _ = let _ = init_module in let conf_user_pin = fetch_pin in let ret_value = Pkcs11.mL_CK_C_Initialize () in printf "C_Initialize ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* GetSlotList *) let (ret_value, slot_list_, count) = Pkcs11.mL_CK_C_GetSlotList 0n 0n in printf "C_GetSlotList ret: %s, Count = %s, slot_list =" (Nativeint.to_string ret_value) (Nativeint.to_string count); Pkcs11.print_int_array slot_list_; let (ret_value, slot_list_, count) = Pkcs11.mL_CK_C_GetSlotList 0n count in printf "C_GetSlotList ret: %s, Count = %s, slot_list =" (Nativeint.to_string ret_value) (Nativeint.to_string count); Pkcs11.print_int_array slot_list_; (* Print SlotInfo and TokenInfo *) Array.iter print_slots slot_list_; (* hardcoded take first available slot *) let slot_id = slot_list_.(0) in let (_, session) = Pkcs11.mL_CK_C_OpenSession slot_id (Nativeint.logor Pkcs11.cKF_SERIAL_SESSION Pkcs11.cKF_RW_SESSION) in let pin = Pkcs11.string_to_char_array conf_user_pin in let ret_value = Pkcs11.mL_CK_C_Login session Pkcs11.cKU_USER pin in printf "C_Login ret: %s\n" (Pkcs11.match_cKR_value ret_value); let ret_value = Pkcs11.mL_CK_C_FindObjectsInit session [||] in printf "C_FindObjectsInit ret: %s\n" (Pkcs11.match_cKR_value ret_value); let (ret_value, found_, number_) = Pkcs11.mL_CK_C_FindObjects session 100n in printf "C_FindObjects ret: %s\n" (Pkcs11.match_cKR_value ret_value); let ret_value = Pkcs11.mL_CK_C_FindObjectsFinal session in printf "C_FindObjectsFinal ret %s Found %s objects\n" (Pkcs11.match_cKR_value ret_value) (Nativeint.to_string number_); Array.iter (destroy_all session) found_; let ret_value = Pkcs11.mL_CK_C_Logout session in printf "C_Logout ret: %s\n" (Pkcs11.match_cKR_value ret_value); let ret_value = Pkcs11.mL_CK_C_CloseSession session in printf "C_CloseSession ret: %s\n" (Pkcs11.match_cKR_value ret_value); let ret_value = Pkcs11.mL_CK_C_Finalize () in printf "C_Finalize ret: %s\n" (Pkcs11.match_cKR_value ret_value) caml-crush-1.0.12/src/tests/ocaml/digest_test.ml000066400000000000000000000162171414774042300215420ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/digest_test.ml ************************** MIT License HEADER ***********************************) open Printf open P11_common let digest_some_data_with_mech_type session string_to_digest mech = let digest_mech = { Pkcs11.mechanism = mech ; Pkcs11.parameter = [| |] } in printf "--------------\n"; printf "%s digest\n" (Pkcs11.match_cKM_value mech); let digest_ = digest_some_data session digest_mech string_to_digest in printf "\tthrough Digest single call is:\n"; Pkcs11.print_hex_array digest_ let _ = let _ = init_module in (* Initialize module OUTSIDE LOOP *) let ret_value = Pkcs11.mL_CK_C_Initialize () in let _ = check_ret ret_value C_InitializeError false in printf "C_Initialize ret: %s\n" (Pkcs11.match_cKR_value ret_value); while true do begin (* Fetch slot count by passing 0n (present) 0n (count) *) let (ret_value, slot_list_, count) = Pkcs11.mL_CK_C_GetSlotList 0n 0n in let _ = check_ret ret_value C_GetSlotListError false in printf "C_GetSlotList ret: %s, Count = %s, slot_list =" (Nativeint.to_string ret_value) (Nativeint.to_string count); Pkcs11.print_int_array slot_list_; (* Fetch slot list by passing 0n count *) let (ret_value, slot_list_, count) = Pkcs11.mL_CK_C_GetSlotList 0n count in let _ = check_ret ret_value C_GetSlotListError false in printf "C_GetSlotList ret: %s, Count = %s, slot_list =" (Nativeint.to_string ret_value) (Nativeint.to_string count); Pkcs11.print_int_array slot_list_; Array.iter print_slots slot_list_; (* hardcoded take first available slot *) let slot_id = slot_list_.(0) in (* GetMechList *) let mechanism_list_ = get_mechanism_list_for_slot slot_id in let mechanisms = Array.map Pkcs11.match_cKM_value mechanism_list_ in Pkcs11.print_string_array mechanisms; let (ret_value, session) = Pkcs11.mL_CK_C_OpenSession slot_id (Nativeint.logor Pkcs11.cKF_SERIAL_SESSION Pkcs11.cKF_RW_SESSION) in let _ = check_ret ret_value C_OpenSessionError false in printf "C_OpenSession ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* Digest *) let digest_to_test = ["CKM_MD5"; "CKM_SHA_1"; "CKM_SHA256"; "CKM_SHA384"; "CKM_SHA512" ] in let digest_to_test = List.map Pkcs11.string_to_cKM_value digest_to_test in let token_supports = Array.to_list (mechanism_list_) in let mech_intersect = intersect digest_to_test token_supports in (* GenerateRandom to get a random string to digest *) (* let string_to_digest = "the brown fox jumps over the lazy dog" in *) let (ret_value, rand_) = Pkcs11.mL_CK_C_GenerateRandom session 32n in let _ = check_ret ret_value C_GenerateRandomError false in let string_to_digest = Pkcs11.char_array_to_string rand_ in List.iter (digest_some_data_with_mech_type session string_to_digest) mech_intersect; (* CloseAllSessions and finalize *) let ret_value = Pkcs11.mL_CK_C_CloseSession session in let _ = check_ret ret_value C_CloseSessionError false in printf "C_CloseSession ret: %s\n" (Pkcs11.match_cKR_value ret_value); let ret_value = Pkcs11.mL_CK_C_CloseAllSessions slot_id in let _ = check_ret ret_value C_CloseAllSessionsError false in printf "C_CloseAllSessions ret: %s\n" (Pkcs11.match_cKR_value ret_value); flush stdout; Gc.full_major() end done; let ret_value = Pkcs11.mL_CK_C_Finalize () in let _ = check_ret ret_value C_FinalizeError false in printf "C_Finalize ret: %s\n" (Pkcs11.match_cKR_value ret_value) caml-crush-1.0.12/src/tests/ocaml/double_unwrap.ml000066400000000000000000000104731414774042300220700ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/double_unwrap.ml ************************** MIT License HEADER ***********************************) open P11_common open P11_for_generic let this_scenario = let template_w = [| attr_wrap |] in let template_d = [| attr_decrypt |] in let template_e = [| attr_extractable|] in [(("token_wd", template_w), C(template_e)); (("empty", [||] ), WW); (("empty", [||] ), DoubleU(template_w, template_d))] (* in this test - we create a key that can wrap (which is done using the named template), and then create another key to be wrapped (with the create opcode), - then we wrap the - then we try to have this wrapped key unwrapped with twice with different attribute values, namely, so that one instance of the key can be used to decrypt and the other to wrap. We could then continue with the wrap and decrypt scenario. *) caml-crush-1.0.12/src/tests/ocaml/encdec_test.ml000066400000000000000000000167161414774042300215100ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/encdec_test.ml ************************** MIT License HEADER ***********************************) open Printf open P11_common let encrypt_decrypt_some_data_with_mech_type session pubkey_ privkey_ data mech_type = let enc_mech = { Pkcs11.mechanism = mech_type ; Pkcs11.parameter = [| |] } in printf "--------------\n"; printf "%s encrypt/decrypt\n" (Pkcs11.match_cKM_value mech_type); let enc_data_ = encrypt_some_data session enc_mech pubkey_ data in printf "\tthrough Encrypt single call is:\n"; Pkcs11.print_hex_array enc_data_; let dec_data_ = decrypt_some_data session enc_mech privkey_ enc_data_ in printf "\tthrough Decrypt single call is:\n"; Printf.printf "'%s'\n" (Pkcs11.char_array_to_string dec_data_) let _ = let _ = init_module in let conf_user_pin = fetch_pin in (* Initialize module *) let ret_value = Pkcs11.mL_CK_C_Initialize () in let _ = check_ret ret_value C_InitializeError false in printf "C_Initialize ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* Fetch slot count by passing 0n (present) 0n (count) *) let (ret_value, slot_list_, count) = Pkcs11.mL_CK_C_GetSlotList 0n 0n in let _ = check_ret ret_value C_GetSlotListError false in printf "C_GetSlotList ret: %s, Count = %s, slot_list =" (Nativeint.to_string ret_value) (Nativeint.to_string count); Pkcs11.print_int_array slot_list_; (* Fetch slot list by passing 0n count *) let (ret_value, slot_list_, count) = Pkcs11.mL_CK_C_GetSlotList 0n count in let _ = check_ret ret_value C_GetSlotListError false in printf "C_GetSlotList ret: %s, Count = %s, slot_list =" (Nativeint.to_string ret_value) (Nativeint.to_string count); Pkcs11.print_int_array slot_list_; Array.iter print_slots slot_list_; (* hardcoded take first available slot *) let slot_id = slot_list_.(0) in (* GetMechList *) let mechanism_list_ = get_mechanism_list_for_slot slot_id in let mechanisms = Array.map Pkcs11.match_cKM_value mechanism_list_ in Pkcs11.print_string_array mechanisms; (* OpenSession and Login *) let (ret_value, session) = Pkcs11.mL_CK_C_OpenSession slot_id (Nativeint.logor Pkcs11.cKF_SERIAL_SESSION Pkcs11.cKF_RW_SESSION) in let _ = check_ret ret_value C_OpenSessionError false in printf "C_OpenSession ret: %s\n" (Pkcs11.match_cKR_value ret_value); let user_pin = Pkcs11.string_to_char_array conf_user_pin in let ret_value = Pkcs11.mL_CK_C_Login session Pkcs11.cKU_USER user_pin in let _ = check_ret ret_value C_LoginError false in printf "C_Login ret: %s\n" (Pkcs11.match_cKR_value ret_value); while true do begin (* Use higher level function to generate RSA template and create keypair *) let (pub_template_, priv_template_) = generate_rsa_template 1024n (Some "mytest") (Some "1234") in let (pubkey_, privkey_) = generate_rsa_key_pair session 1024n pub_template_ priv_template_ in let enc_to_test = ["CKM_RSA_PKCS" ] in let enc_to_test = List.map Pkcs11.string_to_cKM_value enc_to_test in let mech_intersect = intersect enc_to_test (Array.to_list mechanism_list_) in let _ = List.map (encrypt_decrypt_some_data_with_mech_type session pubkey_ privkey_ "mysecretdata") mech_intersect in (* Destroy All objects *) let _ = List.map (destroy_some_object session) [privkey_; pubkey_] in flush stdout; Gc.full_major() end done; (* Logout and finalize *) let ret_value = Pkcs11.mL_CK_C_Logout session in printf "C_Logout ret: %s\n" (Pkcs11.match_cKR_value ret_value); let _ = check_ret ret_value C_LogoutError false in let ret_value = Pkcs11.mL_CK_C_CloseSession session in let _ = check_ret ret_value C_CloseSessionError false in printf "C_CloseSession ret: %s\n" (Pkcs11.match_cKR_value ret_value); let ret_value = Pkcs11.mL_CK_C_Finalize () in let _ = check_ret ret_value C_FinalizeError false in printf "C_Finalize ret: %s\n" (Pkcs11.match_cKR_value ret_value) caml-crush-1.0.12/src/tests/ocaml/encrypt_and_unwrap.ml000066400000000000000000000101751414774042300231230ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/encrypt_and_unwrap.ml ************************** MIT License HEADER ***********************************) open P11_common open P11_for_generic let this_scenario = let template_w = [| attr_wrap |] in [(("token_ue", template_token_ue), E); (("empty", [||] ), U(template_w)); (("empty", [||] ), W) ] (* in this test we try to create a key that can unwrap and encrypt, then we encrypt zeroes with it then try to unwrap this zero string to import a key that can wrap, and then we try to wrap the key_to_leak with it. If it works, this is bad because we can decrypt the wrapping result (it is encrypted with zeroes...). *) caml-crush-1.0.12/src/tests/ocaml/extractable_is_sticky.ml000066400000000000000000000076531414774042300236070ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/extractable_is_sticky.ml ************************** MIT License HEADER ***********************************) open P11_common open P11_for_generic let this_scenario = let template_e = [| attr_extractable |] in let template_ef = [| attr_extractablef |] in [(("extractable", template_e), S); (("extractable", template_ef), G)] (* creating an extractable key and then trying to set extractable to false and get the key value *) caml-crush-1.0.12/src/tests/ocaml/generic_scenario.ml000066400000000000000000000220461414774042300225200ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/generic_scenario.ml ************************** MIT License HEADER ***********************************) open Printf open P11_common open P11_for_generic open Sys (* the file P11_for_generic contains all the code of the functions parsing test scenarios. These are extensively commented and the ABOUT_TEST_SCENARIOS file provides a more global overview of what can be tested and how.*) let _ = if Array.length argv !=2 then failwith "usage : ./gen_scenario e.g. if your test scenario is encoded in the file get_sensitive_key.ml ./gen_scenario get_sensitive_key"; let my_scenario= Array.get argv 1 in let scenario_test = match my_scenario with | t when t="get_sensitive_key" -> Get_sensitive_key.this_scenario; | t when t="sensitive_is_sticky" -> Sensitive_is_sticky.this_scenario; | t when t="extractable_is_sticky" -> Extractable_is_sticky.this_scenario; | t when t="encrypt_and_unwrap" -> Encrypt_and_unwrap.this_scenario; | t when t="double_unwrap" -> Double_unwrap.this_scenario; | t when t="wrap_and_decrypt_1" -> Wrap_and_decrypt_1.this_scenario; | t when t="wrap_and_decrypt_2" -> Wrap_and_decrypt_2.this_scenario; | t when t="wrap_and_decrypt_3" -> Wrap_and_decrypt_3.this_scenario; | t when t="wrap_and_decrypt_4" -> Wrap_and_decrypt_4.this_scenario; | t when t="create_object_1" -> Create_object_1.this_scenario; | t when t="create_object_2" -> Create_object_2.this_scenario; | t when t="misc_scenario" -> Misc_scenario.this_scenario; | _ -> failwith "It seems that this test scenario is not implemented yet!!!!!" in let _ = init_module in let conf_user_pin = fetch_pin in (* Initialize module *) let ret_value = Pkcs11.mL_CK_C_Initialize () in let _ = check_ret ret_value C_InitializeError false in printf "C_Initialize ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* Fetch slot count by passing 0n (present) 0n (count) *) let (ret_value, slot_list_, count) = Pkcs11.mL_CK_C_GetSlotList 0n 0n in let _ = check_ret ret_value C_GetSlotListError false in printf "C_GetSlotList ret: %s, Count = %s, slot_list =" (Nativeint.to_string ret_value) (Nativeint.to_string count); Pkcs11.print_int_array slot_list_; (* Fetch slot list by passing 0n count *) let (ret_value, slot_list_, count) = Pkcs11.mL_CK_C_GetSlotList 0n count in let _ = check_ret ret_value C_GetSlotListError false in printf "C_GetSlotList ret: %s, Count = %s, slot_list =" (Nativeint.to_string ret_value) (Nativeint.to_string count); Pkcs11.print_int_array slot_list_; Array.iter print_slots slot_list_; (* hardcoded take first available slot *) let slot_id = slot_list_.(0) in (* GetMechList and find list of mechanisms we want to test*) let mechanism_array_ = get_mechanism_list_for_slot slot_id in let mechanism_list_ = Array.to_list mechanism_array_ in let mechanisms = Array.map Pkcs11.match_cKM_value mechanism_array_ in Pkcs11.print_string_array mechanisms; (* Try and find a symmetric mechanism available on the device*) let symm_mechs_available = intersect symmetric_mechs_tested mechanism_list_ in let symm_keygen_to_test = List.map sym_mech_to_sym_keygen symm_mechs_available in let (ret_value, session) = Pkcs11.mL_CK_C_OpenSession slot_id (Nativeint.logor Pkcs11.cKF_SERIAL_SESSION Pkcs11.cKF_RW_SESSION) in let _ = check_ret ret_value C_OpenSessionError false in printf "C_OpenSession ret: %s\n" (Pkcs11.match_cKR_value ret_value); let user_pin = Pkcs11.string_to_char_array conf_user_pin in let ret_value = Pkcs11.mL_CK_C_Login session Pkcs11.cKU_USER user_pin in let _ = check_ret ret_value C_LoginError false in printf "C_Login ret: %s\n" (Pkcs11.match_cKR_value ret_value); if (symm_keygen_to_test=[]) then failwith "No symmetric mechanism is available !\n"; let mech_tested = sym_keygen_to_sym_mech (List.hd symm_keygen_to_test) in printf "Let's generate a SECRET key that should not be revealed\n"; let the_attr_template = [| attr_extractable ; attr_decrypt ; attr_token ; attr_encrypt ; attr_sensitive |] in let key_list= keygen_trial session [("sensitive_key",the_attr_template)] symm_keygen_to_test in if (key_list=[]) then failwith "I couldn't generate a key to leak!\n"; let (_,key_to_leak,_) = List.hd key_list in let template_w = [| attr_wrap |] in let template_wf = [| attr_wrapf |] in let template_d = [| attr_decrypt |] in let template_wd = [| attr_wrap ; attr_decrypt |] in let template_wfd = [| attr_wrapf ; attr_decrypt |] in let template_token_w = [| attr_wrap; attr_token |] in let template_token_d = [| attr_decrypt; attr_token |] in let template_token_ue = [| attr_encrypt ; attr_unwrap |] in let _= scenario_parser scenario_test mech_tested session key_to_leak in (* Logout and finalize *) let ret_value = Pkcs11.mL_CK_C_Logout session in printf "C_Logout ret: %s\n" (Pkcs11.match_cKR_value ret_value); let _ = check_ret ret_value C_LogoutError false in let ret_value = Pkcs11.mL_CK_C_CloseSession session in let _ = check_ret ret_value C_CloseSessionError false in printf "C_CloseSession ret: %s\n" (Pkcs11.match_cKR_value ret_value); let ret_value = Pkcs11.mL_CK_C_CloseAllSessions slot_id in let _ = check_ret ret_value C_CloseAllSessionsError false in printf "C_CloseAllSessions ret: %s\n" (Pkcs11.match_cKR_value ret_value); let ret_value = Pkcs11.mL_CK_C_Finalize () in let _ = check_ret ret_value C_FinalizeError false in printf "C_Finalize ret: %s\n" (Pkcs11.match_cKR_value ret_value) caml-crush-1.0.12/src/tests/ocaml/get_sensitive_key.ml000066400000000000000000000073611414774042300227440ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/get_sensitive_key.ml ************************** MIT License HEADER ***********************************) open P11_for_generic let this_scenario = [(("empty", [||]), GKTL)] (* trying to get the value of a sensitive key (key_to_leak, directly) *) caml-crush-1.0.12/src/tests/ocaml/misc_scenario.ml000066400000000000000000000110511414774042300220310ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/misc_scenario.ml ************************** MIT License HEADER ***********************************) open P11_common open P11_for_generic let this_scenario = let template_wd = [| attr_wrap ; attr_decrypt |] in let template_w = [| attr_wrap |] in [(("token_ue", template_token_ue), E); (("empty", [||] ), U(template_w)); (("empty", [||]), G); (("empty", [||] ), W) ; (("empty", [||] ), D);(("empty", [||]), GKTL)] (* in this test we try to create a key that can unwrap and encrypt, then we encrypt zeroes with it then try to unwrap this zero string to import a key that can wrap and decrypt, then we try to get its value (it is not sensitive so it should work and there should be zeroes) and then we try to wrap the key_to_leak with it, If it works, this is bad because we can decrypt the wrapping result (it is encrypted with zeroes...). We then try to use the token to perform the decryption for us, and try to get the key_to_leak to compare values. This test combines many possible flaws in the underlying implementation ! *) caml-crush-1.0.12/src/tests/ocaml/p11_common.ml000066400000000000000000000544321414774042300211760ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/p11_common.ml ************************** MIT License HEADER ***********************************) open Printf open Config_file exception C_InitializeError exception C_FinalizeError exception C_GetInfoError exception C_WaitForSlotEventError exception C_GetSlotListError exception C_GetSlotInfoError exception C_GetTokenInfoError exception C_OpenSessionError exception C_CloseSessionError exception C_CloseAllSessionsError exception C_GetSessionInfoError exception C_LoginError exception C_LogoutError exception C_GetMechanismListError exception C_GetMechanismInfoError exception C_InitTokenError exception C_InitPINError exception C_SetPINError exception C_SeedRandomError exception C_GenerateRandomError exception C_FindObjectsInitError exception C_FindObjectsError exception C_FindObjectsFinalError exception C_GenerateKeyError exception C_GenerateKeyPairError exception C_CreateObjectError exception C_CopyObjectError exception C_DestroyObjectError exception C_GetAttributeValueError exception C_SetAttributeValueError exception C_GetObjectSizeError exception C_WrapKeyError exception C_UnwrapKeyError exception C_DeriveKeyError exception C_DigestInitError exception C_DigestError exception C_DigestUpdateError exception C_DigestKeyError exception C_DigestFinalError exception C_SignInitError exception C_SignRecoverInitError exception C_SignError exception C_SignRecoverError exception C_SignUpdateError exception C_SignFinalError exception C_VerifyInitError exception C_VerifyRecoverInitError exception C_VerifyError exception C_VerifyRecoverError exception C_DecryptError exception C_VerifyUpdateError exception C_VerifyFinalError exception C_EncryptInitError exception C_EncryptError exception C_EncryptUpdateError exception C_DigestEncryptUpdateError exception C_SignEncryptUpdateError exception C_EncryptFinalError exception C_DecryptInitError exception C_DecryptUpdateError exception C_DecryptFinalError exception C_DecryptDigestUpdateError exception C_DecryptVerifyUpdateError exception C_GetFunctionStatusError exception C_CancelFunctionError exception C_GetOperationStateError exception C_SetOperationStateError exception UnsupportedRSAKeySize (* A few macro for attributes *) let attr_decrypt = { Pkcs11.type_ =Pkcs11.cKA_DECRYPT ; Pkcs11.value = Pkcs11.true_ } let attr_encrypt = { Pkcs11.type_ =Pkcs11.cKA_ENCRYPT ; Pkcs11.value = Pkcs11.true_ } let attr_wrap = { Pkcs11.type_ =Pkcs11.cKA_WRAP ; Pkcs11.value = Pkcs11.true_ } let attr_unwrap = { Pkcs11.type_ =Pkcs11.cKA_UNWRAP ; Pkcs11.value = Pkcs11.true_ } let attr_decryptf = { Pkcs11.type_ =Pkcs11.cKA_DECRYPT ; Pkcs11.value = Pkcs11.false_ } let attr_encryptf = { Pkcs11.type_ =Pkcs11.cKA_ENCRYPT ; Pkcs11.value = Pkcs11.false_ } let attr_wrapf = { Pkcs11.type_ =Pkcs11.cKA_WRAP ; Pkcs11.value = Pkcs11.false_ } let attr_unwrapf = { Pkcs11.type_ =Pkcs11.cKA_UNWRAP ; Pkcs11.value = Pkcs11.false_ } let attr_sensitive = { Pkcs11.type_ =Pkcs11.cKA_SENSITIVE ; Pkcs11.value = Pkcs11.true_ } let attr_sensitivef = { Pkcs11.type_ =Pkcs11.cKA_SENSITIVE ; Pkcs11.value = Pkcs11.false_ } let attr_always_sensitive = { Pkcs11.type_ =Pkcs11.cKA_ALWAYS_SENSITIVE ; Pkcs11.value = Pkcs11.true_ } let attr_always_sensitivef = { Pkcs11.type_ =Pkcs11.cKA_ALWAYS_SENSITIVE ; Pkcs11.value = Pkcs11.false_ } let attr_extractable = { Pkcs11.type_ =Pkcs11.cKA_EXTRACTABLE ; Pkcs11.value = Pkcs11.true_ } let attr_extractablef = { Pkcs11.type_ =Pkcs11.cKA_EXTRACTABLE ; Pkcs11.value = Pkcs11.false_ } let attr_never_extractable = { Pkcs11.type_ =Pkcs11.cKA_NEVER_EXTRACTABLE ; Pkcs11.value = Pkcs11.true_ } let attr_never_extractablef = { Pkcs11.type_ =Pkcs11.cKA_NEVER_EXTRACTABLE ; Pkcs11.value = Pkcs11.false_ } let attr_token = { Pkcs11.type_ =Pkcs11.cKA_TOKEN ; Pkcs11.value = Pkcs11.true_ } let attr_tokenf = { Pkcs11.type_ =Pkcs11.cKA_TOKEN ; Pkcs11.value = Pkcs11.false_ } let template_token_wd = [| attr_wrap ; attr_decrypt ; attr_token |] let template_session_wd = [| attr_wrap ; attr_decrypt ; attr_tokenf |] let template_token_ue = [| attr_unwrap ; attr_encrypt ; attr_token |] let template_session_ue = [| attr_unwrap ; attr_encrypt ; attr_tokenf |] let template_sensitive_conflict = [| attr_sensitivef ; attr_always_sensitive |] let template_extractable_conflict = [| attr_extractable ; attr_never_extractable |] let template_wu = [| attr_wrap ; attr_unwrap |] let init_module = let group = new group in let p11_libname = new string_cp ~group ["Libname"] "" "PKCS#11 Library to use" in group#read "./pkcs11.conf"; let libname = p11_libname#get in if libname = "" then failwith "Libname cannot be empty" else (* We should check for LoadModule return values *) Pkcs11.mL_CK_C_LoadModule (Pkcs11.string_to_char_array libname) (* Append one element to template array *) let templ_append template type_ value_ = let template = Array.append template [| { Pkcs11.type_ = type_; Pkcs11.value = value_}|] in (template) (* Append one string element to template array tuple *) let append_rsa_template type_ value_ pub_template priv_template = let (pub_template, priv_template) = match value_ with None -> (pub_template, priv_template) | Some x -> (templ_append pub_template type_ (Pkcs11.string_to_char_array x), templ_append priv_template type_ (Pkcs11.string_to_char_array x)) in (pub_template, priv_template) (* Check return value and raise string on errors *) let check_ret ret_value except continue = let msg = Pkcs11.match_cKR_value ret_value in match msg with "cKR_OK" -> msg | _ -> if continue = true then msg else failwith msg (*| _ -> if continue = true then msg else raise (except)*) (* Returns true if the result is cKR_OK, returns false otherwise *) let check_ret_ok ret_value = Pkcs11.match_cKR_value ret_value = "cKR_OK" (* Function for checking if one element is in a list *) let check_element_in_list the_list element = (* Find the element *) let found = try Some (List.find (fun a -> compare a element = 0) the_list) with (* If not found, return false *) Not_found -> (None) in if found = None then (false) else (true) (* Function to get the intersection of two lists *) let intersect l1 l2 = let intersection = List.filter (fun a -> check_element_in_list l2 a = true) l1 in (intersection) let fetch_pin = let group = new group in let p11_user_pin = new string_cp ~group ["Pin"] "" "PKCS#11 Pin to use" in group#read "./pkcs11.conf"; let conf_user_pin = p11_user_pin#get in if conf_user_pin = "" then failwith "Pin cannot be empty" else conf_user_pin let print_slots = fun slot -> let (ret_valuea, slot_info_) = Pkcs11.mL_CK_C_GetSlotInfo slot in let (ret_valueb, token_info_) = Pkcs11.mL_CK_C_GetTokenInfo slot in (* Slot info *) let slot_desc = Pkcs11.char_array_to_string slot_info_.Pkcs11.ck_slot_info_slot_description in (* Token info *) let token_label = Pkcs11.char_array_to_string token_info_.Pkcs11.ck_token_info_label in let token_manufacturer_id = Pkcs11.char_array_to_string token_info_.Pkcs11.ck_token_info_manufacturer_id in let token_model = Pkcs11.char_array_to_string token_info_.Pkcs11.ck_token_info_model in let token_serial_number = Pkcs11.char_array_to_string token_info_.Pkcs11.ck_token_info_serial_number in let token_utc_time = Pkcs11.char_array_to_string token_info_.Pkcs11.ck_token_info_utc_time in let token_max_session_count = token_info_.Pkcs11.ck_token_info_max_session_count in if ret_valuea = Pkcs11.cKR_OK then printf "Slot description: %s\n" slot_desc; if ret_valueb = Pkcs11.cKR_OK then printf " Token label: %s\n" token_label; printf " Token id: %s\n" token_manufacturer_id; printf " Token model: %s\n" token_model; printf " Token serial: %s\n" token_serial_number; printf " Token UTC: %s\n" token_utc_time; printf " Token max_session: %s\n" (Nativeint.to_string token_max_session_count) (* High level GetMechanismList *) let get_mechanism_list_for_slot slot_id = let (ret_value, _, count) = Pkcs11.mL_CK_C_GetMechanismList slot_id 0n in let _ = check_ret ret_value C_GetMechanismListError false in printf "C_GetMechanismList ret: %s\n" (Pkcs11.match_cKR_value ret_value); let (ret_value, mechanism_list_, _) = Pkcs11.mL_CK_C_GetMechanismList slot_id count in let _ = check_ret ret_value C_GetMechanismListError false in printf "C_GetMechanismList ret: %s\n" (Pkcs11.match_cKR_value ret_value); printf "cKM Array below\n"; (mechanism_list_) let generate_rsa_template keysize keyslabel keysid = let pub_template = [||] in let priv_template = [||] in let pubclass = Pkcs11.int_to_ulong_char_array Pkcs11.cKO_PUBLIC_KEY in let pub_template = templ_append pub_template Pkcs11.cKA_CLASS pubclass in let privclass = Pkcs11.int_to_ulong_char_array Pkcs11.cKO_PRIVATE_KEY in let priv_template = templ_append priv_template Pkcs11.cKA_CLASS privclass in let public_exponent = Pkcs11.string_to_char_array (Pkcs11.pack "010001") in let pub_template = templ_append pub_template Pkcs11.cKA_PUBLIC_EXPONENT public_exponent in let modulus_bits = match keysize with 512n -> Pkcs11.int_to_ulong_char_array keysize |1024n -> Pkcs11.int_to_ulong_char_array keysize |2048n -> Pkcs11.int_to_ulong_char_array keysize |4096n -> Pkcs11.int_to_ulong_char_array keysize |8192n -> Pkcs11.int_to_ulong_char_array keysize |16384n -> Pkcs11.int_to_ulong_char_array keysize | _ -> raise UnsupportedRSAKeySize in let pub_template = templ_append pub_template Pkcs11.cKA_MODULUS_BITS modulus_bits in let (pub_template, priv_template) = append_rsa_template Pkcs11.cKA_LABEL keyslabel pub_template priv_template in let (pub_template, priv_template) = append_rsa_template Pkcs11.cKA_ID keysid pub_template priv_template in let pub_template = templ_append pub_template Pkcs11.cKA_TOKEN Pkcs11.true_ in let pub_template = templ_append pub_template Pkcs11.cKA_ENCRYPT Pkcs11.true_ in let pub_template = templ_append pub_template Pkcs11.cKA_VERIFY Pkcs11.true_ in let pub_template = templ_append pub_template Pkcs11.cKA_WRAP Pkcs11.true_ in let priv_template = templ_append priv_template Pkcs11.cKA_TOKEN Pkcs11.true_ in let priv_template = templ_append priv_template Pkcs11.cKA_DECRYPT Pkcs11.true_ in let priv_template = templ_append priv_template Pkcs11.cKA_SIGN Pkcs11.true_ in let priv_template = templ_append priv_template Pkcs11.cKA_UNWRAP Pkcs11.true_ in let priv_template = templ_append priv_template Pkcs11.cKA_PRIVATE Pkcs11.true_ in let priv_template = templ_append priv_template Pkcs11.cKA_EXTRACTABLE Pkcs11.true_ in (pub_template, priv_template) let generate_generic_rsa_template keysize keyslabel keysid = let pub_template = [||] in let priv_template = [||] in let pubclass = Pkcs11.int_to_ulong_char_array Pkcs11.cKO_PUBLIC_KEY in let pub_template = templ_append pub_template Pkcs11.cKA_CLASS pubclass in let privclass = Pkcs11.int_to_ulong_char_array Pkcs11.cKO_PRIVATE_KEY in let priv_template = templ_append priv_template Pkcs11.cKA_CLASS privclass in let public_exponent = Pkcs11.string_to_char_array (Pkcs11.pack "010001") in let pub_template = templ_append pub_template Pkcs11.cKA_PUBLIC_EXPONENT public_exponent in let modulus_bits = match keysize with 512n -> Pkcs11.int_to_ulong_char_array keysize |1024n -> Pkcs11.int_to_ulong_char_array keysize |2048n -> Pkcs11.int_to_ulong_char_array keysize |4096n -> Pkcs11.int_to_ulong_char_array keysize |8192n -> Pkcs11.int_to_ulong_char_array keysize |16384n -> Pkcs11.int_to_ulong_char_array keysize | _ -> raise UnsupportedRSAKeySize in let pub_template = templ_append pub_template Pkcs11.cKA_MODULUS_BITS modulus_bits in let (pub_template, priv_template) = append_rsa_template Pkcs11.cKA_LABEL keyslabel pub_template priv_template in let (pub_template, priv_template) = append_rsa_template Pkcs11.cKA_ID keysid pub_template priv_template in let priv_template = templ_append priv_template Pkcs11.cKA_PRIVATE Pkcs11.true_ in (pub_template, priv_template) let generate_weak_generic_rsa_template keyslabel = let pub_template = [||] in let priv_template = [||] in let pubclass = Pkcs11.int_to_ulong_char_array Pkcs11.cKO_PUBLIC_KEY in let pub_template = templ_append pub_template Pkcs11.cKA_CLASS pubclass in let privclass = Pkcs11.int_to_ulong_char_array Pkcs11.cKO_PRIVATE_KEY in let priv_template = templ_append priv_template Pkcs11.cKA_CLASS privclass in let (pub_template, priv_template) = append_rsa_template Pkcs11.cKA_LABEL keyslabel pub_template priv_template in let priv_template = templ_append priv_template Pkcs11.cKA_PRIVATE Pkcs11.true_ in (pub_template, priv_template) let update_generic_rsa_template attr_template template_to_upd= let aux_update temp elem = let (pub_template, priv_template) = temp in match elem with | m when m=attr_wrap -> (Array.append pub_template [|attr_wrap|], priv_template) | m when m=attr_wrapf -> (Array.append pub_template [|attr_wrapf|], priv_template) | m when m=attr_unwrap -> (pub_template,Array.append priv_template [|attr_unwrap|]) | m when m=attr_unwrapf -> (pub_template,Array.append priv_template [|attr_unwrapf|]) | m when m=attr_decrypt -> (pub_template,Array.append priv_template [|attr_decrypt|]) | m when m=attr_decryptf -> (pub_template,Array.append priv_template [|attr_decryptf|]) | m when m=attr_encrypt -> (Array.append pub_template [|attr_encrypt|], priv_template) | m when m=attr_encryptf -> (Array.append pub_template [|attr_encryptf|] , priv_template) | m when m=attr_sensitive -> (pub_template,Array.append priv_template [|attr_sensitive|] ) | m when m=attr_sensitivef -> (pub_template,Array.append priv_template [|attr_sensitivef|]) | m when m=attr_always_sensitive -> (pub_template,Array.append priv_template [|attr_always_sensitive|]) | m when m=attr_always_sensitivef -> (pub_template,Array.append priv_template [|attr_always_sensitivef|]) | m when m=attr_extractable -> (pub_template,Array.append priv_template [|attr_extractable|] ) | m when m=attr_extractablef -> (pub_template,Array.append priv_template [|attr_extractablef|]) | m when m=attr_never_extractable -> (pub_template,Array.append priv_template [|attr_never_extractable|] ) | m when m=attr_never_extractablef -> (pub_template,Array.append priv_template [|attr_never_extractablef|]) | m when m=attr_token -> (Array.append pub_template [|attr_token|], Array.append priv_template [|attr_token|]) | m when m=attr_tokenf -> (Array.append pub_template [|attr_tokenf|], Array.append priv_template [|attr_tokenf|]) | _ -> failwith "update_generic_rsa_template_error : attribute is not listed!\n" in Array.fold_left aux_update template_to_upd attr_template (* TODO: we force a 1024 bit key here, one might want to support other sizes *) let generate_rsa_key_pair session _ pub_template priv_template = (* MechanismChoice *) let my_mech = { Pkcs11.mechanism = Pkcs11.cKM_RSA_PKCS_KEY_PAIR_GEN ; Pkcs11.parameter = [| |] } in (* GenerateKeyPair *) let (ret_value, pubkey_, privkey_) = Pkcs11.mL_CK_C_GenerateKeyPair session my_mech pub_template priv_template in let _ = check_ret ret_value C_GenerateKeyPairError false in printf "C_GenerateKeyPair ret: %s\n" (Pkcs11.match_cKR_value ret_value); (pubkey_, privkey_) let destroy_some_object session handle = let ret_value = Pkcs11.mL_CK_C_DestroyObject session handle in let _ = check_ret ret_value C_DestroyObjectError false in (ret_value) let sign_some_data session mechanism privkey_ data = let ret_value = Pkcs11.mL_CK_C_SignInit session mechanism privkey_ in let _ = check_ret ret_value C_SignInitError false in let tosign = Pkcs11.string_to_char_array data in let (ret_value, signed_data_) = Pkcs11.mL_CK_C_Sign session tosign in let _ = check_ret ret_value C_SignInitError false in (signed_data_) let digest_some_data session mechanism data = let ret_value = Pkcs11.mL_CK_C_DigestInit session mechanism in let _ = check_ret ret_value C_DigestInitError false in let todigest = Pkcs11.string_to_char_array data in let (ret_value, digested_data_) = Pkcs11.mL_CK_C_Digest session todigest in let _ = check_ret ret_value C_DigestError false in (digested_data_) let digestupdate_some_data session mechanism data = let ret_value = Pkcs11.mL_CK_C_DigestInit session mechanism in let _ = check_ret ret_value C_DigestInitError false in let todigest = Pkcs11.string_to_char_array data in let ret_value = Pkcs11.mL_CK_C_DigestUpdate session todigest in let _ = check_ret ret_value C_DigestUpdateError false in let (ret_value, digested_data_) = Pkcs11.mL_CK_C_DigestFinal session in let _ = check_ret ret_value C_DigestFinalError false in (digested_data_) let verify_some_data session mechanism pubkey_ rawdata_ signed_data_ = let ret_value = Pkcs11.mL_CK_C_VerifyInit session mechanism pubkey_ in let _ = check_ret ret_value C_VerifyInitError false in let tocheck = Pkcs11.string_to_char_array rawdata_ in let ret_value = Pkcs11.mL_CK_C_Verify session tocheck signed_data_ in let _ = check_ret ret_value C_VerifyError false in (ret_value) let encrypt_some_data session mechanism key_ data = let toenc = Pkcs11.string_to_char_array data in let ret_value = Pkcs11.mL_CK_C_EncryptInit session mechanism key_ in let _ = check_ret ret_value C_EncryptInitError false in let (ret_value, enc_data_) = Pkcs11.mL_CK_C_Encrypt session toenc in let _ = check_ret ret_value C_EncryptError false in (enc_data_) let decrypt_some_data session mechanism key_ encrypted_data = let ret_value = Pkcs11.mL_CK_C_DecryptInit session mechanism key_ in let _ = check_ret ret_value C_DecryptInitError false in let (ret_value, dec_data_) = Pkcs11.mL_CK_C_Decrypt session encrypted_data in let _ = check_ret ret_value C_DecryptError false in (dec_data_) let find_objects session attrs maxobj = let ret_value = Pkcs11.mL_CK_C_FindObjectsInit session attrs in let _ = check_ret ret_value C_FindObjectsInitError false in printf "C_FindObjectsInit ret: %s\n" (Pkcs11.match_cKR_value ret_value); let (ret_value, found_, number_) = Pkcs11.mL_CK_C_FindObjects session maxobj in let _ = check_ret ret_value C_FindObjectsError false in printf "C_FindObjects ret: %s\n" (Pkcs11.match_cKR_value ret_value); let ret_value = Pkcs11.mL_CK_C_FindObjectsFinal session in let _ = check_ret ret_value C_FindObjectsFinalError false in printf "C_FindObjectsFinal ret: %s\n" (Pkcs11.match_cKR_value ret_value); (found_, number_) let sprintf_bool_value_of_attribute value = match value with | v when v=0n -> "cKA_FALSE" | v when v=1n -> "cKA_TRUE" | _-> "not a boolean value!" caml-crush-1.0.12/src/tests/ocaml/p11_for_generic.ml000066400000000000000000000664701414774042300221750ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/p11_for_generic.ml ************************** MIT License HEADER ***********************************) open Printf open P11_common let symmetric_mechs_tested = [Pkcs11.cKM_DES3_CBC; Pkcs11.cKM_AES_CBC ; Pkcs11.cKM_DES_CBC] let sym_mech_to_sym_keygen mech_type = match mech_type with | m when m=Pkcs11.cKM_AES_CBC -> Pkcs11.cKM_AES_KEY_GEN | m when m=Pkcs11.cKM_DES_CBC -> Pkcs11.cKM_DES_KEY_GEN | m when m=Pkcs11.cKM_DES3_CBC -> Pkcs11.cKM_DES3_KEY_GEN | _ -> failwith "sym_mech_to_sym_keygen : does not belong to symm_mechs_tested !" let sym_keygen_to_sym_mech mech_type = match mech_type with | m when m=Pkcs11.cKM_AES_KEY_GEN -> Pkcs11.cKM_AES_CBC | m when m=Pkcs11.cKM_DES_KEY_GEN -> Pkcs11.cKM_DES_CBC | m when m=Pkcs11.cKM_DES3_KEY_GEN -> Pkcs11.cKM_DES3_CBC | _ -> failwith "sym_keygen_to_sym_mech : does not belong to symm_mechs_tested !" let mech_type_to_key_type mech_type = match mech_type with | m when m=Pkcs11.cKM_AES_CBC -> Pkcs11.cKK_AES | m when m=Pkcs11.cKM_DES_CBC -> Pkcs11.cKK_DES | m when m=Pkcs11.cKM_DES3_CBC -> Pkcs11.cKK_DES3 | _ -> failwith "mech_type_to_key_type : unknown mechanism" let mech_type_to_mech mech_type = {Pkcs11.mechanism = mech_type ; Pkcs11.parameter = [||]} let mech_to_mech_type mech = mech.Pkcs11.mechanism let null_param mech_type = match mech_type with | m when m=Pkcs11.cKM_AES_CBC -> Pkcs11.string_to_char_array (Pkcs11.pack "00000000000000000000000000000000") | m when m=Pkcs11.cKM_DES_CBC -> Pkcs11.string_to_char_array (Pkcs11.pack "0000000000000000") | m when m=Pkcs11.cKM_DES3_CBC -> Pkcs11.string_to_char_array (Pkcs11.pack "0000000000000000") (* | m when m=Pkcs11.cKM_AES_KEY_GEN -> Pkcs11.string_to_char_array (Pkcs11.pack "00000000000000000000000000000000") *) (* | m when m=Pkcs11.cKM_DES_KEY_GEN -> Pkcs11.string_to_char_array (Pkcs11.pack "0000000000000000") *) (* | m when m=Pkcs11.cKM_DES3_KEY_GEN -> Pkcs11.string_to_char_array (Pkcs11.pack "0000000000000000") *) | _ -> failwith "null_param error : unknown mechanism" let null_vector mech_type = match mech_type with | m when m=Pkcs11.cKM_AES_CBC -> Pkcs11.string_to_char_array (Pkcs11.pack "00000000000000000000000000000000") | m when m=Pkcs11.cKM_DES_CBC -> Pkcs11.string_to_char_array (Pkcs11.pack "0000000000000000") | m when m=Pkcs11.cKM_DES3_CBC -> Pkcs11.string_to_char_array (Pkcs11.pack "000000000000000000000000000000000000000000000000") (*| m when m=Pkcs11.cKM_AES_KEY_GEN -> Pkcs11.string_to_char_array (Pkcs11.pack "00000000000000000000000000000000") | m when m=Pkcs11.cKM_DES_KEY_GEN -> Pkcs11.string_to_char_array (Pkcs11.pack "00000000000000000000000000000000") | m when m=Pkcs11.cKM_DES3_KEY_GEN -> Pkcs11.string_to_char_array (Pkcs11.pack "00000000000000000000000000000000")*) (*| m when m=Pkcs11.cKM_RSA_PKCS -> Pkcs11.string_to_char_array (Pkcs11.pack "457c13303730d4aec2c876e83a51905891da44f7cf100fe9b9922fb9f2b91628abb44b8277b42e0a0e557cbf3332a3f4a3c86911aab2e1f7ce182d2bf1aeaf8ed622fb1816241544a08a99d872507a482b26a7e14477360a5800a4df9a6450113392c67450441943292b978fa830ed82cad4fdc65d939665fa7acd963c874e3a")*) | _ -> failwith "null_vector error : unknown mechanism" let null_string mech_type = match mech_type with | m when m=Pkcs11.cKM_AES_CBC -> Pkcs11.pack "00000000000000000000000000000000" | m when m=Pkcs11.cKM_DES_CBC -> Pkcs11.pack "0000000000000000" | m when m=Pkcs11.cKM_DES3_CBC -> Pkcs11.pack "000000000000000000000000000000000000000000000000" | _ -> failwith "null_string : not needed yet" let mech_type_to_mech_and_iv mech_type = { Pkcs11.mechanism = mech_type ; Pkcs11.parameter = null_param mech_type } let mech_type_to_key_length mech_type = match mech_type with | m when m=Pkcs11.cKM_AES_CBC -> Pkcs11.int_to_ulong_char_array 16n | m when m=Pkcs11.cKM_DES_CBC -> Pkcs11.int_to_ulong_char_array 8n | m when m=Pkcs11.cKM_DES3_CBC -> Pkcs11.int_to_ulong_char_array 8n | m when m=Pkcs11.cKM_AES_KEY_GEN -> Pkcs11.int_to_ulong_char_array 16n | m when m=Pkcs11.cKM_DES_KEY_GEN -> Pkcs11.int_to_ulong_char_array 8n | m when m=Pkcs11.cKM_DES3_KEY_GEN -> Pkcs11.int_to_ulong_char_array 8n | _ -> failwith "mech_type_to_key_length : unknown mechanism" (* keygen_trial and asym_keygen_trial functions : uses an auxiliary function that goes through an attribute template list and mechanism_type list, trying for each bad template and each mechanism to generate a key. In case of success, the label and handle to the resulting key are stored in the accu list, which is returned by the function. *) let keygen_trial session template_list mech_list = let rec aux_keygen_trial temp_l mech_ll accu = match (temp_l, mech_ll) with | (_,[]) -> accu | ([], h::t ) -> aux_keygen_trial template_list t accu (* treat the next mechanism once the attribute template list is emptied *) | ((temp_name, attr_template)::t , mech :: tt ) -> let key_label = Printf.sprintf "mytest_keygen_sym_%s_%s" temp_name (Pkcs11.match_cKM_value mech) in let key_length = mech_type_to_key_length mech in let complete_template = templ_append attr_template Pkcs11.cKA_LABEL (Pkcs11.string_to_char_array key_label) in let complete_template = templ_append complete_template Pkcs11.cKA_VALUE_LEN key_length in let (ret_value, key_hdl) = Pkcs11.mL_CK_C_GenerateKey session (mech_type_to_mech mech) complete_template in let _= printf "For template %s and mechanism %s, C_GenerateKey ret: %s\n" temp_name (Pkcs11.match_cKM_value mech) (Pkcs11.match_cKR_value ret_value) in (* in any case, we go on with the attribute template list*) (* in case the keygen worked we keep the handle to use the key for a test scenario below *) if (check_ret_ok ret_value) then aux_keygen_trial t mech_ll ((mech,key_hdl, attr_template)::accu) else aux_keygen_trial t mech_ll accu in aux_keygen_trial template_list mech_list [] let asym_keygen_trial session template_list= let rec aux_asym_keygen_trial temp_l accu = match temp_l with | [] -> accu | (temp_name, attr_template)::t -> let key_label = Some (Printf.sprintf "mytest_keygen_asym_%s" temp_name) in let (pub_template,priv_template) = generate_generic_rsa_template 1024n key_label None in let (pub_template, priv_template) = update_generic_rsa_template attr_template (pub_template,priv_template) in let (ret_value, pubkey_, privkey_) = Pkcs11.mL_CK_C_GenerateKeyPair session (mech_type_to_mech Pkcs11.cKM_RSA_PKCS_KEY_PAIR_GEN) pub_template priv_template in let _= printf "For template %s and mechanism RSA_PKCS_KEYGEN, C_GenerateKey ret: %s\n" temp_name (Pkcs11.match_cKR_value ret_value) in (* in any case, we go on with the attribute template list*) (* in case the keygen worked we keep the handle to use the key for a test scenario below *) if (check_ret_ok ret_value) then aux_asym_keygen_trial t ((pubkey_, privkey_,attr_template)::accu) else aux_asym_keygen_trial t accu in aux_asym_keygen_trial template_list [] type opcode = W | D | G | E | GKTL | U of (Pkcs11.ck_attribute array) | C of (Pkcs11.ck_attribute array) | DoubleU of (Pkcs11.ck_attribute array * Pkcs11.ck_attribute array) | S | F | WW type previous_result_needed = Empty | Hdl of Pkcs11.ck_object_handle_t | Bitstring of char array type scenario_state = previous_result_needed * Pkcs11.ck_object_handle_t * (Pkcs11.ck_attribute list) (* ck_object_handle containts the key generated at the beginning of the scenario to perform crypto afterwards *) (* this function is meant to create and initialize a scenario state to use in the test scenario. Indeed, it aims at creating a handle to a key with the attributes set to values as specified by attr_templates. In other words, the first named template in a scenario will result in the creation of a key conforming to this template, and a handle to this key is stored in the 'middle' component of the output scenario state. The key is meant for the mechanism 'mech' (globally used as a parameter of the scenario_parser function). To perform the key generation, two strategies are tried : generating the key with the right attributes in one step, or setting them progressively. *) let init_action (temp_name, attr_template) mech session = (* first thing to try : direct generation with the attribute list = symmetric case for now*) let key_label = Printf.sprintf "mytest_keygen_sym_%s_%s" temp_name (Pkcs11.match_cKM_value mech) in let key_length = mech_type_to_key_length mech in let complete_template = templ_append attr_template Pkcs11.cKA_LABEL (Pkcs11.string_to_char_array key_label) in let complete_template = templ_append complete_template Pkcs11.cKA_VALUE_LEN key_length in let (ret_value, key_hdl) = Pkcs11.mL_CK_C_GenerateKey session (mech_type_to_mech mech) complete_template in let _= printf "For template %s and mechanism %s, C_GenerateKey ret: %s\n" temp_name (Pkcs11.match_cKM_value mech) (Pkcs11.match_cKR_value ret_value) in if check_ret_ok ret_value then Some(Empty, key_hdl, []) else begin (* we try generating a "raw" key and set attributes to the desired values one by one*) (* this is "raw" key generation*) let key_label = Printf.sprintf "mytest_keygen_sym_%s_%s" temp_name (Pkcs11.match_cKM_value mech) in let key_length = mech_type_to_key_length mech in let complete_template = templ_append [||] Pkcs11.cKA_LABEL (Pkcs11.string_to_char_array key_label) in let complete_template = templ_append complete_template Pkcs11.cKA_VALUE_LEN key_length in let (ret_value, key_hdl) = Pkcs11.mL_CK_C_GenerateKey session (mech_type_to_mech mech) complete_template in let _= printf "For template %s and mechanism %s \'raw\' key generation, C_GenerateKey ret: %s\n" temp_name (Pkcs11.match_cKM_value mech) (Pkcs11.match_cKR_value ret_value) in if not(check_ret_ok ret_value) then failwith "Could not generate the key.\n" else let attr_template_length= Array.length attr_template in let rec aux_init_action attr_template_index = if (attr_template_index Some(Hdl(key_hdl),0n,[]) (* the state is 'initialized' if it was 'empty'.*) | Some(prev_res,obj_hdl,attr_list) -> Some(Hdl(key_hdl),obj_hdl,attr_list) end else None (* global parameters : session handle session + secret sensitive key hdl key_to_leak input = tested_mechanism tested_mech -> (not a keygen) generated outside*) (* example of valid scenario [(("token_wd", template_token_wd), "W"), (("empty", [||]), "D") ] *) let scenario_parser scenario mech session key_to_leak= (* this function unfolds the scenario progressively. It starts by initializing a new scenario state using init_action, and then proceeds to apply the rest of the scenario. To do so, it uses to auxiliary functions : - action_ttt is an auxiliairy function that applies the appropriate action corresponding to the opcode to a scenario state my_scenatio_state. - continue *) let action_ttt my_opcode my_scenario_state = (*let (prev_res, obj_hdl, ck_attr_list) = my_scenario_state in*) match (my_opcode,my_scenario_state) with | (W,Some(prev_res, obj_hdl, ck_attr_list)) -> let wrap_mech = mech_type_to_mech_and_iv mech in begin match prev_res with | Hdl(other_hdl) -> apply_wrap other_hdl wrap_mech session key_to_leak | _ -> apply_wrap obj_hdl wrap_mech session key_to_leak end | (WW, Some(prev_res, obj_hdl, ck_attr_list)) -> let wrap_mech = mech_type_to_mech_and_iv mech in begin match prev_res with | Hdl(other_hdl) -> apply_wrap obj_hdl wrap_mech session other_hdl | _ -> failwith "scenario problem : tried to wrap but no wrapping key" end | (D,Some(prev_res, obj_hdl, ck_attr_list)) -> begin match prev_res with | Bitstring(bs) -> let decrypt_mech = mech_type_to_mech_and_iv mech in apply_decrypt bs obj_hdl decrypt_mech session | _ -> failwith "scenario problem : tried to decrypt but no ciphertext" end | (GKTL,my_scenario_state) -> apply_getattributevalue key_to_leak session my_scenario_state | (G,Some(Hdl(other_hdl),obj_hdl,ck_attr_list)) -> apply_getattributevalue other_hdl session (Some(Hdl(other_hdl),obj_hdl,ck_attr_list)) | (E,Some(prev_res, obj_hdl, ck_attr_list)) -> begin match prev_res with | Hdl(other_hdl) -> apply_encrypt session mech other_hdl | _ -> apply_encrypt session mech obj_hdl end | (U(attr_template), Some(prev_res, obj_hdl, ck_attr_list)) -> begin match prev_res with | Bitstring(bs) -> apply_unwrap obj_hdl session mech bs attr_template | _ -> failwith "scenario problem: tried to unwrap but no ciphertext" end | (C(attr_template),my_scenario_state) -> apply_create session mech attr_template my_scenario_state | (DoubleU(attr_template, attr_template2), Some(prev_res, obj_hdl, ck_attr_list)) -> begin match prev_res with | Bitstring(bs) -> apply_double_unwrap obj_hdl session mech bs attr_template attr_template2 | _ -> failwith "scenario problem: tried to unwrap but no ciphertext" end | (S,my_scenario_state) -> my_scenario_state | (F,Some(Hdl(hdl), obj_hdl, ck_attr_list)) -> Some(Empty, hdl, ck_attr_list) | _ -> failwith "Not implemented yet" in (* continue recusrsively applies the first 'action' of the scenario scnr to my_scenario_state, using action_ttt to obtain a new scenario_state resulting from the opcode and my_scenario_state *) let rec continue scnr my_scenario_state= match (scnr, my_scenario_state) with | ([],_) -> printf "Done here\n" | ((_,GKTL)::t,_)-> let my_sc_st = action_ttt GKTL my_scenario_state in continue t my_sc_st (* this is to be able to get the key_to_leak at whatever moment suits us (for verification purposes) in a scenario; without impacting anything in the scenario. *) | ((h1, h2) :: t, Some(prev_res, obj_hdl, ck_attr_list))-> (* in any other case, we try to set the attributes listed in the named template on the key refered to by the handle currently stored in the scenario state (middle component) before carrying out the action encoded by the opcode. *) let (_,my_attr_temp) = h1 in (* the set_template function tries to set one by one the attributes in attr_template on the key refered by the hdl obj_hdl *) let _= set_the_template my_attr_temp obj_hdl session in let my_sc_st = action_ttt h2 my_scenario_state in continue t my_sc_st | _ -> failwith "Abrupt end of scenario processing : either the scenario is badly encoded, or the test failed !" in match scenario with | [] -> printf "This is an empty scenario you gave me !\n"; | (the_named_template, the_opcode) :: t -> (* To initialize the state, either there is a non-empty template to be used to create a key and we apply the init_action function before carrying on, or we directly proceed to the opcode.*) let (_,attr_temp) = the_named_template in if Array.length attr_temp = 0 then continue t (action_ttt the_opcode None) else continue t (action_ttt the_opcode (init_action the_named_template (sym_mech_to_sym_keygen mech) session)) caml-crush-1.0.12/src/tests/ocaml/pkcs11.conf000066400000000000000000000003701414774042300206340ustar00rootroot00000000000000(* Path to PKCS#11 Library to use *) (* Libname should point to the library to be tested *) Libname = "/usr/local/lib/softhsm/libsofthsm.so" (* Libname = "../../client-lib/libp11clientfoo.so" *) (* PIN for the token under test *) Pin = "mytestPIN" caml-crush-1.0.12/src/tests/ocaml/sensitive_is_sticky.ml000066400000000000000000000076461414774042300233240ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/sensitive_is_sticky.ml ************************** MIT License HEADER ***********************************) open P11_common open P11_for_generic let this_scenario = let template_s = [| attr_sensitive |] in let template_sf = [| attr_sensitivef |] in [(("sensitive", template_s), S); (("non_sensitive", template_sf), G)] (* creating a sensitive key and then trying to set sensitive to false and get the key value *) caml-crush-1.0.12/src/tests/ocaml/test_pkcs11.ml000066400000000000000000000621521414774042300213640ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/test_pkcs11.ml ************************** MIT License HEADER ***********************************) open Printf open P11_common let _ = let _ = init_module in let conf_user_pin = fetch_pin in (* Initialize module *) let ret_value = Pkcs11.mL_CK_C_Initialize () in let _ = check_ret ret_value C_InitializeError false in printf "C_Initialize ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* Fetch slot count by passing 0n (present) 0n (count) *) let (ret_value, slot_list_, count) = Pkcs11.mL_CK_C_GetSlotList 0n 0n in let _ = check_ret ret_value C_GetSlotListError false in printf "C_GetSlotList ret: %s, Count = %s, slot_list =" (Nativeint.to_string ret_value) (Nativeint.to_string count); Pkcs11.print_int_array slot_list_; (* Fetch slot list by passing 0n count *) let (ret_value, slot_list_, count) = Pkcs11.mL_CK_C_GetSlotList 0n count in let _ = check_ret ret_value C_GetSlotListError false in printf "C_GetSlotList ret: %s, Count = %s, slot_list =" (Nativeint.to_string ret_value) (Nativeint.to_string count); Pkcs11.print_int_array slot_list_; Array.iter print_slots slot_list_; (* hardcoded take first available slot *) let slot_id = slot_list_.(0) in (* GetMechList *) let mechanism_list_ = get_mechanism_list_for_slot slot_id in let mechanisms = Array.map Pkcs11.match_cKM_value mechanism_list_ in Pkcs11.print_string_array mechanisms; (* GenerateKeyPair *) let (ret_value, session) = Pkcs11.mL_CK_C_OpenSession slot_id (Nativeint.logor Pkcs11.cKF_SERIAL_SESSION Pkcs11.cKF_RW_SESSION) in let _ = check_ret ret_value C_OpenSessionError false in printf "C_OpenSession ret: %s\n" (Pkcs11.match_cKR_value ret_value); let user_pin = Pkcs11.string_to_char_array conf_user_pin in let ret_value = Pkcs11.mL_CK_C_Login session Pkcs11.cKU_USER user_pin in let _ = check_ret ret_value C_LoginError false in printf "C_Login ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* Use higher level function to generate RSA template and create keypair *) let (pub_template_, priv_template_) = generate_rsa_template 1024n (Some "mytest") (Some "1234") in let (pubkey_, privkey_) = generate_rsa_key_pair session 1024n pub_template_ priv_template_ in (* Template utils *) (* Sign *) let sign_mech = { Pkcs11.mechanism = Pkcs11.cKM_RSA_PKCS ; Pkcs11.parameter = [| |] } in let signed_data_ = sign_some_data session sign_mech privkey_ "mysecretdata" in printf "--------------\n"; printf "SIGNED DATA\n"; Pkcs11.print_hex_array signed_data_; printf "--------------\n"; let ret_value = verify_some_data session sign_mech pubkey_ "mysecretdata" signed_data_ in printf "C_Verify should be OK ret: %s\n" (Pkcs11.match_cKR_value ret_value); let _ = try verify_some_data session sign_mech pubkey_ "mysecretdata2" signed_data_ with C_VerifyError -> printf "C_Verify failed as expected\n"; Pkcs11.cKR_OK | _ -> raise (Failure "C_Verify call did not fail as expected") in (* Encrypt *) (* RSA_PKCS Encrypt *) let crypt_mech = sign_mech in let crypted_data_ = encrypt_some_data session crypt_mech pubkey_ "mysecretdata" in printf "--------------\n"; printf "ENCRYPTED DATA\n"; Pkcs11.print_hex_array crypted_data_; printf "--------------\n"; (* Decrypt *) let decrypted_data_ = decrypt_some_data session crypt_mech privkey_ crypted_data_ in printf "--------------\n"; printf "DECRYPTED DATA\n"; Pkcs11.print_char_array decrypted_data_; printf "--------------\n"; (* CreateObject new publickey from previous values pubkey_*) (* Prepare empty templates *) let x1 = { Pkcs11.type_ = Pkcs11.cKA_MODULUS; Pkcs11.value = [||]} in let x2 = { Pkcs11.type_ = Pkcs11.cKA_PUBLIC_EXPONENT; Pkcs11.value = [||]} in let modbit_template = [| x1; x2 |] in (* First GetAttrValue call fills value fields with zeros, then seconds calls fills with real value *) let (ret_value, modbit_template) = Pkcs11.mL_CK_C_GetAttributeValue session pubkey_ modbit_template in let _ = check_ret ret_value C_GetAttributeValueError false in printf "C_GetAttributeValue ret: %s\n" (Pkcs11.match_cKR_value ret_value); let (ret_value, modbit_template) = Pkcs11.mL_CK_C_GetAttributeValue session pubkey_ modbit_template in let _ = check_ret ret_value C_GetAttributeValueError false in printf "C_GetAttributeValue ret: %s\n" (Pkcs11.match_cKR_value ret_value); printf "--------------\n"; printf "CKA_MODULUS and CKA_PUBLIC_EXPONENT templates\n"; Pkcs11.print_hex_array modbit_template.(0).Pkcs11.value; Pkcs11.print_hex_array modbit_template.(1).Pkcs11.value; (* Common *) let pub_template = [||] in (*Append fetched values from x1 and x2 *) let pub_template = Array.append modbit_template pub_template in let id = Pkcs11.string_to_char_array "789" in let pub_template = templ_append pub_template Pkcs11.cKA_ID id in let keytype = Pkcs11.int_to_ulong_char_array Pkcs11.cKK_RSA in let pub_template = templ_append pub_template Pkcs11.cKA_KEY_TYPE keytype in (* PublicTemplate *) let pubclass = Pkcs11.int_to_ulong_char_array Pkcs11.cKO_PUBLIC_KEY in let pub_template = templ_append pub_template Pkcs11.cKA_CLASS pubclass in let pub_template = templ_append pub_template Pkcs11.cKA_CLASS pubclass in let label = Pkcs11.string_to_char_array "testlabel" in let pub_template = templ_append pub_template Pkcs11.cKA_WRAP Pkcs11.true_ in let pub_template = templ_append pub_template Pkcs11.cKA_TOKEN Pkcs11.true_ in let (ret_value, _) = Pkcs11.mL_CK_C_CreateObject session pub_template in let _ = check_ret ret_value C_CreateObjectError false in printf "C_CreateObject ret: %s\n" (Pkcs11.match_cKR_value ret_value); printf "--------------\n"; (* PrivateTemplate *) let privclass = Pkcs11.int_to_ulong_char_array Pkcs11.cKO_PRIVATE_KEY in let priv_expo = { Pkcs11.type_ = Pkcs11.cKA_PRIVATE_EXPONENT; Pkcs11.value = [||]} in let modbit_template = [| priv_expo |] in let (ret_value, modbit_template) = Pkcs11.mL_CK_C_GetAttributeValue session privkey_ modbit_template in let _ = check_ret ret_value C_GetAttributeValueError true in printf "C_GetAttributeValue ret: %s\n" (Pkcs11.match_cKR_value ret_value); let (ret_value, modbit_template) = Pkcs11.mL_CK_C_GetAttributeValue session privkey_ modbit_template in let _ = check_ret ret_value C_GetAttributeValueError true in printf "C_GetAttributeValue ret: %s\n" (Pkcs11.match_cKR_value ret_value); printf "CKA_PRIVATE_EXPONENT template *before* destruction\n"; Pkcs11.print_hex_array modbit_template.(0).Pkcs11.value; (* DestroyObject *) (* let ret_value = Pkcs11.mL_CK_C_DestroyObject session privkey_ in let _ = check_ret ret_value C_DestroyObjectError false in printf "C_DestroyObject ret: %s\n" (Pkcs11.match_cKR_value ret_value); let modbit_template = [| priv_expo |] in let (ret_value, modbit_template) = Pkcs11.mL_CK_C_GetAttributeValue session privkey_ modbit_template in let _ = check_ret ret_value C_GetAttributeValueError true in printf "C_GetAttributeValue ret: %s\n" (Pkcs11.match_cKR_value ret_value); let (ret_value, modbit_template) = Pkcs11.mL_CK_C_GetAttributeValue session privkey_ modbit_template in let _ = check_ret ret_value C_GetAttributeValueError true in printf "C_GetAttributeValue ret: %s\n" (Pkcs11.match_cKR_value ret_value); printf "CKA_PRIVATE_EXPONENT template *after* destruction\n"; Pkcs11.print_hex_array modbit_template.(0).Pkcs11.value; printf "--------------\n"; (* Recreate Object from retrieved attribute *) let newpriv_template = [||] in let newpriv_template = templ_append newpriv_template Pkcs11.cKA_CLASS privclass in let newpriv_template = templ_append newpriv_template Pkcs11.cKA_KEY_TYPE keytype in let newpriv_template = templ_append newpriv_template Pkcs11.cKA_TOKEN Pkcs11.true_ in let newpriv_template = templ_append newpriv_template Pkcs11.cKA_PRIVATE Pkcs11.true_ in let newpriv_template = templ_append newpriv_template Pkcs11.cKA_SENSITIVE Pkcs11.true_ in let newpriv_template = templ_append newpriv_template Pkcs11.cKA_DECRYPT Pkcs11.true_ in let newpriv_template = templ_append newpriv_template Pkcs11.cKA_SIGN Pkcs11.true_ in let newpriv_template = templ_append newpriv_template Pkcs11.cKA_EXTRACTABLE Pkcs11.false_ in let newpriv_template = templ_append newpriv_template Pkcs11.cKA_PRIVATE_EXPONENT [||] in (* The call should fail because CKA_PRIVATE_EXPONENT is empty *) let (ret_value, newprivkey_) = Pkcs11.mL_CK_C_CreateObject session newpriv_template in let _ = check_ret ret_value C_CreateObjectError true in printf "C_CreateObject should fail ret: %s\n" (Pkcs11.match_cKR_value ret_value); let (found_, number_) = find_objects session [||] 10n in printf "Found %d objects\n" (Nativeint.to_int number_); (* let ret_value = Pkcs11.mL_CK_C_Logout session in printf "C_Logout ret: %s\n" (Pkcs11.match_cKR_value ret_value); let ret_value = Pkcs11.mL_CK_C_CloseSession session in printf "C_CloseSession ret: %s\n" (Pkcs11.match_cKR_value ret_value); *) (* Let's open a session for the _Random ops *) let (ret_value, session) = Pkcs11.mL_CK_C_OpenSession slot_id Pkcs11.cKF_SERIAL_SESSION in let _ = check_ret ret_value C_OpenSessionError false in printf "C_OpenSession ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* GetSessionInfo *) let (ret_value, session_info_) = Pkcs11.mL_CK_C_GetSessionInfo session in let _ = check_ret ret_value C_GetSessionInfoError false in printf "GetSessionInfo example below\n"; printf "CKS_R0_USER_FUNCTIONS: %d\n" (Nativeint.to_int Pkcs11.cKS_RO_USER_FUNCTIONS); printf "Session state : %d\n" (Nativeint.to_int session_info_.Pkcs11.ck_session_info_state); (* SeedRandom *) let ret_value = Pkcs11.mL_CK_C_Login session Pkcs11.cKU_USER user_pin in let _ = check_ret ret_value C_LoginError false in printf "C_Login ret: %s\n" (Pkcs11.match_cKR_value ret_value); let rand = Pkcs11.string_to_char_array "ThisIsSuperMegaRandom" in let ret_value = Pkcs11.mL_CK_C_SeedRandom session rand in let _ = check_ret ret_value C_SeedRandomError false in printf "C_SeedRandom ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* GenerateRandom *) let rand_len = 32n in let (ret_value, rand_array) = Pkcs11.mL_CK_C_GenerateRandom session rand_len in let _ = check_ret ret_value C_GenerateRandomError false in printf "C_GenerateRandom ret: %s\n" (Pkcs11.match_cKR_value ret_value); printf "--------------\n"; printf "Random string of length %d got from C_GenerateRandom:\n" (Nativeint.to_int rand_len); Pkcs11.print_hex_array rand_array; *) (* Generate a symmetric Key *) (* Template *) (* GenerateKey DES_KEY *) if check_element_in_list (Array.to_list mechanism_list_) Pkcs11.cKM_DES3_KEY_GEN = true then begin printf "DES key generation support, let's try Wrap/Unwrap\n"; let my_mech = { Pkcs11.mechanism = Pkcs11.cKM_DES3_KEY_GEN ; Pkcs11.parameter = [| |] } in let x1 = { Pkcs11.type_ = Pkcs11.cKA_WRAP; Pkcs11.value = Pkcs11.true_} in let x2 = { Pkcs11.type_ = Pkcs11.cKA_UNWRAP; Pkcs11.value = Pkcs11.true_} in let (ret_value, deskey_) = Pkcs11.mL_CK_C_GenerateKey session my_mech [| x1 ; x2 |] in let _ = check_ret ret_value C_GenerateKeyError true in printf "C_GenerateKey DES ret: %s\n" (Pkcs11.match_cKR_value ret_value); printf "C_GenerateKey DES handle: %s\n" (Nativeint.to_string deskey_); (* Dump the key value we have created *) let deskey_value = { Pkcs11.type_ = Pkcs11.cKA_VALUE; Pkcs11.value = [||]} in let deskey_template = [| deskey_value |] in let (ret_value, deskey_template) = Pkcs11.mL_CK_C_GetAttributeValue session deskey_ deskey_template in let _ = check_ret ret_value C_GetAttributeValueError true in printf "C_GetAttributeValue ret: %s\n" (Pkcs11.match_cKR_value ret_value); let (ret_value, deskey_template) = Pkcs11.mL_CK_C_GetAttributeValue session deskey_ deskey_template in let _ = check_ret ret_value C_GetAttributeValueError true in printf "C_GetAttributeValue ret: %s\n" (Pkcs11.match_cKR_value ret_value); printf "--------------\n"; printf "DES key value generated with C_GenerateKey:\n"; Pkcs11.print_hex_array deskey_template.(0).Pkcs11.value; (* Let's wrap the RSA privkey with the DES key *) let iv = Pkcs11.string_to_char_array (Pkcs11.pack "0000000000000000") in let wrapping_mech = { Pkcs11.mechanism = Pkcs11.cKM_DES3_CBC_PAD ; Pkcs11.parameter = iv } in let (ret_value, wrapped_key_) = Pkcs11.mL_CK_C_WrapKey session wrapping_mech deskey_ privkey_ in let _ = check_ret ret_value C_WrapKeyError true in printf "C_WrapKey ret: %s\n" (Pkcs11.match_cKR_value ret_value); printf "--------------\n"; printf "Wrapped RSA private key with DES_ECB:\n"; Pkcs11.print_hex_array wrapped_key_; (* Try to Unwrap the key *) let priv_template = [||] in let priv_template = templ_append priv_template Pkcs11.cKA_CLASS privclass in let priv_template = templ_append priv_template Pkcs11.cKA_TOKEN Pkcs11.true_ in let priv_template = templ_append priv_template Pkcs11.cKA_ID id in let priv_template = templ_append priv_template Pkcs11.cKA_LABEL label in let priv_template = templ_append priv_template Pkcs11.cKA_DECRYPT Pkcs11.true_ in let priv_template = templ_append priv_template Pkcs11.cKA_SIGN Pkcs11.true_ in let priv_template = templ_append priv_template Pkcs11.cKA_UNWRAP Pkcs11.true_ in let priv_template = templ_append priv_template Pkcs11.cKA_PRIVATE Pkcs11.true_ in (* This call should fail because the session is RO *) let (ret_value, _) = Pkcs11.mL_CK_C_UnwrapKey session wrapping_mech deskey_ wrapped_key_ priv_template in let _ = check_ret ret_value C_UnwrapKeyError true in printf "C_UnwrapKey ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* Open a new RW session *) let (ret_value, session) = Pkcs11.mL_CK_C_OpenSession slot_id (Nativeint.logor Pkcs11.cKF_SERIAL_SESSION Pkcs11.cKF_RW_SESSION) in let _ = check_ret ret_value C_OpenSessionError false in printf "C_OpenSession ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* Login again *) let ret_value = Pkcs11.mL_CK_C_Login session Pkcs11.cKU_USER user_pin in let _ = check_ret ret_value C_LoginError false in printf "C_Login ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* This call should succeed since the session is RW now *) let (ret_value, unwrapped_key_handle_) = Pkcs11.mL_CK_C_UnwrapKey session wrapping_mech deskey_ wrapped_key_ priv_template in let _ = check_ret ret_value C_UnwrapKeyError true in printf "C_UnwrapKey ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* Now extract the key *) let priv_expo = { Pkcs11.type_ = Pkcs11.cKA_PRIVATE_EXPONENT; Pkcs11.value = [||]} in let unwrappedkey_template = [| priv_expo |] in let (ret_value, unwrappedkey_template) = Pkcs11.mL_CK_C_GetAttributeValue session unwrapped_key_handle_ unwrappedkey_template in let _ = check_ret ret_value C_GetAttributeValueError true in printf "C_GetAttributeValue ret: %s\n" (Pkcs11.match_cKR_value ret_value); let (ret_value, unwrappedkey_template) = Pkcs11.mL_CK_C_GetAttributeValue session unwrapped_key_handle_ unwrappedkey_template in let _ = check_ret ret_value C_GetAttributeValueError true in printf "C_GetAttributeValue ret: %s\n" (Pkcs11.match_cKR_value ret_value); printf "--------------\n"; printf "CKA_PRIVATE_EXPONENT template after Unwrap with the DES key\n"; Pkcs11.print_hex_array unwrappedkey_template.(0).Pkcs11.value; end else begin printf "Cannot generate DES KEY skipping Wrap/Unwrap\n"; (* Open a new RW session *) let (ret_value, session) = Pkcs11.mL_CK_C_OpenSession slot_id (Nativeint.logor Pkcs11.cKF_SERIAL_SESSION Pkcs11.cKF_RW_SESSION) in let _ = check_ret ret_value C_OpenSessionError false in printf "C_OpenSession ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* Login again *) let ret_value = Pkcs11.mL_CK_C_Login session Pkcs11.cKU_USER user_pin in let _ = check_ret ret_value C_LoginError false in printf "C_Login ret: %s\n" (Pkcs11.match_cKR_value ret_value); end; if check_element_in_list (Array.to_list mechanism_list_) Pkcs11.cKM_DH_PKCS_KEY_PAIR_GEN = true then begin printf "DH key generation support, let's try DES KEY derivation\n"; (* Derive a key (we first generate a DH key pair) *) (* MechanismChoice *) let dh_mech = { Pkcs11.mechanism = Pkcs11.cKM_DH_PKCS_KEY_PAIR_GEN ; Pkcs11.parameter = [| |] } in (* PublicTemplate *) let pub_dh_template = [||] in let priv_dh_template = [||] in let derive_template = [||] in let prime = Pkcs11.string_to_char_array (Pkcs11.pack "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF") in let base = Pkcs11.int_to_ulong_char_array 2n in let pub_dh_template = templ_append pub_dh_template Pkcs11.cKA_PRIME prime in let pub_dh_template = templ_append pub_dh_template Pkcs11.cKA_BASE base in (* PrivateTemplate *) let priv_dh_template = templ_append priv_dh_template Pkcs11.cKA_DERIVE Pkcs11.true_ in (* GenerateKeyPair *) let (ret_value, _, privkeydh_) = Pkcs11.mL_CK_C_GenerateKeyPair session dh_mech pub_dh_template priv_dh_template in let _ = check_ret ret_value C_GenerateKeyPairError true in printf "C_GenerateKeyPair ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* Derivation *) (* Create derive_mech with parameter, array of size 128 filled with '0' *) let derive_mech = { Pkcs11.mechanism = Pkcs11.cKM_DH_PKCS_DERIVE ; Pkcs11.parameter = Array.make 128 '0'} in (* Create derive_template, derived key will encrypt/decrypt *) let derive_template = templ_append derive_template Pkcs11.cKA_CLASS (Pkcs11.int_to_ulong_char_array Pkcs11.cKO_SECRET_KEY) in let derive_template = templ_append derive_template Pkcs11.cKA_KEY_TYPE (Pkcs11.int_to_ulong_char_array Pkcs11.cKK_DES) in let derive_template = templ_append derive_template Pkcs11.cKA_ENCRYPT Pkcs11.true_ in let derive_template = templ_append derive_template Pkcs11.cKA_DECRYPT Pkcs11.true_ in let (ret_value, derived_key_handle_) = Pkcs11.mL_CK_C_DeriveKey session derive_mech privkeydh_ derive_template in let _ = check_ret ret_value C_DeriveKeyError true in printf "C_DeriveKey ret: %s\n" (Pkcs11.match_cKR_value ret_value); let derived_deskey_value = { Pkcs11.type_ = Pkcs11.cKA_VALUE; Pkcs11.value = [||]} in let derived_key_template = [| derived_deskey_value |] in let (ret_value, derived_key_template) = Pkcs11.mL_CK_C_GetAttributeValue session derived_key_handle_ derived_key_template in let _ = check_ret ret_value C_GetAttributeValueError true in printf "C_GetAttributeValue ret: %s\n" (Pkcs11.match_cKR_value ret_value); let (ret_value, derived_key_template) = Pkcs11.mL_CK_C_GetAttributeValue session derived_key_handle_ derived_key_template in let _ = check_ret ret_value C_GetAttributeValueError true in printf "C_GetAttributeValue ret: %s\n" (Pkcs11.match_cKR_value ret_value); printf "--------------\n"; printf "DES key value derived from DH key\n"; Pkcs11.print_hex_array derived_key_template.(0).Pkcs11.value; end else printf "No DH key generation support, skipping key derivation\n"; (* Digest *) let digest_mech = { Pkcs11.mechanism = Pkcs11.cKM_MD5 ; Pkcs11.parameter = [| |] } in let string_to_digest = "the brown fox jumps over the lazy dog" in let digest_ = digestupdate_some_data session digest_mech string_to_digest in printf "--------------\n"; printf "MD5 digest of '%s'\n" string_to_digest; printf "\tthrough Update/Final is:\n"; Pkcs11.print_hex_array digest_; let digest_ = digest_some_data session digest_mech string_to_digest in printf "\tthrough Digest single call is:\n"; Pkcs11.print_hex_array digest_; (* Logout and finalize *) let ret_value = Pkcs11.mL_CK_C_Logout session in printf "C_Logout ret: %s\n" (Pkcs11.match_cKR_value ret_value); let _ = check_ret ret_value C_LogoutError false in let ret_value = Pkcs11.mL_CK_C_CloseSession session in let _ = check_ret ret_value C_CloseSessionError false in printf "C_CloseSession ret: %s\n" (Pkcs11.match_cKR_value ret_value); let ret_value = Pkcs11.mL_CK_C_CloseAllSessions slot_id in let _ = check_ret ret_value C_CloseAllSessionsError false in printf "C_CloseAllSessions ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* Logout on BAD Session ID *) let ret_value = Pkcs11.mL_CK_C_Logout 20n in let _ = check_ret ret_value C_LogoutError true in printf "BAD C_Logout ret: %s\n" (Pkcs11.match_cKR_value ret_value); let ret_value = Pkcs11.mL_CK_C_Finalize () in let _ = check_ret ret_value C_FinalizeError false in printf "C_Finalize ret: %s\n" (Pkcs11.match_cKR_value ret_value) caml-crush-1.0.12/src/tests/ocaml/wrap_and_decrypt_1.ml000066400000000000000000000077461414774042300230000ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/wrap_and_decrypt_1.ml ************************** MIT License HEADER ***********************************) open P11_common open P11_for_generic let this_scenario = let template_wd = [| attr_wrap ; attr_decrypt |] in [ ( ("template_wd", template_wd), W) ; ( ("empty", [||]), D ) ] (* this test creates a key with attributes wrap and decrypt set to true and uses this key to wrap key_to_leak before decrypting the result of the wrap, which should yield the value of key_to_leak. *) caml-crush-1.0.12/src/tests/ocaml/wrap_and_decrypt_2.ml000066400000000000000000000100541414774042300227630ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/wrap_and_decrypt_2.ml ************************** MIT License HEADER ***********************************) open P11_common open P11_for_generic let this_scenario = let template_w = [| attr_wrap |] in let template_d = [| attr_decrypt |] in [ ( ("template_w", template_w), W) ; ( ("template_d", template_d), D ) ] (* this test creates a key with attribute wrap set to true and uses this key to wrap key_to_leak before setting the decrypt attribute to true and trying to decrypt the result of the wrap, which should yield the value of key_to_leak. *) caml-crush-1.0.12/src/tests/ocaml/wrap_and_decrypt_3.ml000066400000000000000000000101551414774042300227660ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/wrap_and_decrypt_3.ml ************************** MIT License HEADER ***********************************) open P11_common open P11_for_generic let this_scenario = let template_w = [| attr_wrap |] in let template_wfd = [| attr_wrapf; attr_decrypt |] in [ ( ("template_w", template_w), W) ; ( ("template_wfd", template_wfd), D ) ] (* this test creates a key with attribute wrap set to true and uses this key to wrap key_to_leak before setting the wrap attribute to false and decrypt attribute to true and trying to decrypt the result of the wrap, which should yield the value of key_to_leak. *) caml-crush-1.0.12/src/tests/ocaml/wrap_and_decrypt_4.ml000066400000000000000000000102731414774042300227700ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/wrap_and_decrypt_4.ml ************************** MIT License HEADER ***********************************) open P11_common open P11_for_generic let this_scenario = let template_w = [| attr_wrap |] in let template_d = [| attr_decrypt |] in let template_wf = [| attr_wrapf |] in [ ( ("template_w", template_w), W) ; ( ("template_wf", template_wf), S ) ; ( ("template_d", template_d), D ) ] (* this test creates a key with attribute wrap set to true and uses this key to wrap key_to_leak before setting the wrap attribute to false, and then setting the decrypt attribute to true and trying to decrypt the result of the wrap, which should yield the value of key_to_leak. *) caml-crush-1.0.12/src/tests/ocaml/wrap_unwrap.ml000066400000000000000000000233071414774042300215670ustar00rootroot00000000000000(************************* MIT License HEADER ************************************ Copyright ANSSI (2013-2015) Contributors : Ryad BENADJILA [ryadbenadjila@gmail.com], Thomas CALDERON [calderon.thomas@gmail.com] Marion DAUBIGNARD [marion.daubignard@ssi.gouv.fr] This software is a computer program whose purpose is to implement a PKCS#11 proxy as well as a PKCS#11 filter with security features in mind. The project source tree is subdivided in six parts. There are five main parts: 1] OCaml/C PKCS#11 bindings (using OCaml IDL). 2] XDR RPC generators (to be used with ocamlrpcgen and/or rpcgen). 3] A PKCS#11 RPC server (daemon) in OCaml using a Netplex RPC basis. 4] A PKCS#11 filtering module used as a backend to the RPC server. 5] A PKCS#11 client module that comes as a dynamic library offering the PKCS#11 API to the software. There is one "optional" part: 6] Tests in C and OCaml to be used with client module 5] or with the bindings 1] Here is a big picture of how the PKCS#11 proxy works: ---------------------- -------- socket (TCP or Unix) -------------------- | 3] PKCS#11 RPC server|-|2] RPC |<+++++++++++++++++++> | 5] Client library | ---------------------- | Layer | [SSL/TLS optional] | -------- | | -------- | |2] RPC | PKCS#11 | ---------------------- | | Layer |functions| | 4] PKCS#11 filter | | -------- | ---------------------- -------------------- | | ---------------------- | | 1] PKCS#11 OCaml | { PKCS#11 INTERFACE } | bindings | | ---------------------- APPLICATION | | { PKCS#11 INTERFACE } | REAL PKCS#11 MIDDLEWARE (shared library) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. The current source code is part of the tests 6] source tree. Project: PKCS#11 Filtering Proxy File: src/tests/ocaml/wrap_unwrap.ml ************************** MIT License HEADER ***********************************) open Printf open P11_common let encrypt_decrypt_some_data_with_mech_type session pubkey_ privkey_ data mech_type = let enc_mech = { Pkcs11.mechanism = mech_type ; Pkcs11.parameter = [| |] } in printf "--------------\n"; printf "%s encrypt/decrypt\n" (Pkcs11.match_cKM_value mech_type); let enc_data_ = encrypt_some_data session enc_mech pubkey_ data in printf "\tthrough Encrypt single call is:\n"; Pkcs11.print_hex_array enc_data_; let dec_data_ = decrypt_some_data session enc_mech privkey_ enc_data_ in printf "\tthrough Decrypt single call is:\n"; Printf.printf "'%s'\n" (Pkcs11.char_array_to_string dec_data_) let _ = let _ = init_module in let conf_user_pin = fetch_pin in (* Initialize module *) let ret_value = Pkcs11.mL_CK_C_Initialize () in let _ = check_ret ret_value C_InitializeError false in printf "C_Initialize ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* Fetch slot count by passing 0n (present) 0n (count) *) let (ret_value, slot_list_, count) = Pkcs11.mL_CK_C_GetSlotList 0n 0n in let _ = check_ret ret_value C_GetSlotListError false in printf "C_GetSlotList ret: %s, Count = %s, slot_list =" (Nativeint.to_string ret_value) (Nativeint.to_string count); Pkcs11.print_int_array slot_list_; (* Fetch slot list by passing 0n count *) let (ret_value, slot_list_, count) = Pkcs11.mL_CK_C_GetSlotList 0n count in let _ = check_ret ret_value C_GetSlotListError false in printf "C_GetSlotList ret: %s, Count = %s, slot_list =" (Nativeint.to_string ret_value) (Nativeint.to_string count); Pkcs11.print_int_array slot_list_; Array.iter print_slots slot_list_; (* hardcoded take first available slot *) let slot_id = slot_list_.(0) in (* GetMechList *) let mechanism_list_ = get_mechanism_list_for_slot slot_id in let mechanisms = Array.map Pkcs11.match_cKM_value mechanism_list_ in Pkcs11.print_string_array mechanisms; (* OpenSession and Login *) let (ret_value, session) = Pkcs11.mL_CK_C_OpenSession slot_id (Nativeint.logor Pkcs11.cKF_SERIAL_SESSION Pkcs11.cKF_RW_SESSION) in let _ = check_ret ret_value C_OpenSessionError false in printf "C_OpenSession ret: %s\n" (Pkcs11.match_cKR_value ret_value); let user_pin = Pkcs11.string_to_char_array conf_user_pin in let ret_value = Pkcs11.mL_CK_C_Login session Pkcs11.cKU_USER user_pin in let _ = check_ret ret_value C_LoginError false in printf "C_Login ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* Generate a token rsa key pair *) let (pub_template_, priv_template_) = generate_rsa_template 1024n (Some "mytest") (Some "1234") in let (pubkey_, privkey_) = generate_rsa_key_pair session 1024n pub_template_ priv_template_ in (* Let's create a symetric DES3 key that will wrap our RSA private key *) let symetric_mech = { Pkcs11.mechanism = Pkcs11.cKM_DES3_KEY_GEN ; Pkcs11.parameter = [| |] } in let symetric_template = [||] in let symetric_template = templ_append symetric_template Pkcs11.cKA_WRAP Pkcs11.true_ in let symetric_template = templ_append symetric_template Pkcs11.cKA_UNWRAP Pkcs11.true_ in let symetric_template = templ_append symetric_template Pkcs11.cKA_TOKEN Pkcs11.true_ in let keygen_to_test = ["cKM_DES3_KEY_GEN" ] in let keygen_to_test = List.map Pkcs11.string_to_cKM_value keygen_to_test in let mech_intersect = intersect keygen_to_test (Array.to_list mechanism_list_) in let (ret_value, symkey_) = Pkcs11.mL_CK_C_GenerateKey session symetric_mech symetric_template in let _ = check_ret ret_value C_GenerateKeyError false in printf "C_GenerateKey ret: %s\n" (Pkcs11.match_cKR_value ret_value); while true do begin (* Now let's wrap the RSA privkey with the 3DES key *) let iv = Pkcs11.string_to_char_array (Pkcs11.pack "0000000000000000") in let wrapping_mech = { Pkcs11.mechanism = Pkcs11.cKM_DES3_CBC_PAD ; Pkcs11.parameter = iv } in let (ret_value, wrapped_key_) = Pkcs11.mL_CK_C_WrapKey session wrapping_mech symkey_ privkey_ in let _ = check_ret ret_value C_WrapKeyError true in printf "C_WrapKey ret: %s\n" (Pkcs11.match_cKR_value ret_value); printf "--------------\n"; printf "Wrapped RSA private key with DES3_CBC_PAD:\n"; Pkcs11.print_hex_array wrapped_key_; (* Now we try to Unwrap the key *) let label = Pkcs11.string_to_char_array "unwrapped_rsa_pkey" in let privclass = Pkcs11.int_to_ulong_char_array Pkcs11.cKO_PRIVATE_KEY in let priv_template = [||] in let priv_template = templ_append priv_template Pkcs11.cKA_CLASS privclass in let priv_template = templ_append priv_template Pkcs11.cKA_TOKEN Pkcs11.true_ in let priv_template = templ_append priv_template Pkcs11.cKA_LABEL label in let priv_template = templ_append priv_template Pkcs11.cKA_DECRYPT Pkcs11.true_ in let priv_template = templ_append priv_template Pkcs11.cKA_SIGN Pkcs11.true_ in let priv_template = templ_append priv_template Pkcs11.cKA_UNWRAP Pkcs11.true_ in let priv_template = templ_append priv_template Pkcs11.cKA_PRIVATE Pkcs11.true_ in let (ret_value, unwrapped_key_handle_) = Pkcs11.mL_CK_C_UnwrapKey session wrapping_mech symkey_ wrapped_key_ priv_template in let _ = check_ret ret_value C_UnwrapKeyError true in printf "C_UnwrapKey ret: %s\n" (Pkcs11.match_cKR_value ret_value); (* Destroy objects *) let _ = List.map (destroy_some_object session) [unwrapped_key_handle_] in flush stdout; Gc.full_major() end done; (* Logout and finalize *) let ret_value = Pkcs11.mL_CK_C_Logout session in printf "C_Logout ret: %s\n" (Pkcs11.match_cKR_value ret_value); let _ = check_ret ret_value C_LogoutError false in let ret_value = Pkcs11.mL_CK_C_CloseSession session in let _ = check_ret ret_value C_CloseSessionError false in printf "C_CloseSession ret: %s\n" (Pkcs11.match_cKR_value ret_value); let ret_value = Pkcs11.mL_CK_C_Finalize () in let _ = check_ret ret_value C_FinalizeError false in printf "C_Finalize ret: %s\n" (Pkcs11.match_cKR_value ret_value)