[Cryptech-Commits] [sw/pkcs11] 05/05: Clean up C_GetTokenInfo().
git at cryptech.is
git at cryptech.is
Sat May 20 22:15:24 UTC 2017
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch master
in repository sw/pkcs11.
commit 77b560e4129a5e499a7418a1c43083511b3b97ab
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Sat May 20 18:06:16 2017 -0400
Clean up C_GetTokenInfo().
---
pkcs11.c | 49 +++++++++----------------------------------------
1 file changed, 9 insertions(+), 40 deletions(-)
diff --git a/pkcs11.c b/pkcs11.c
index f3ac77b..06205b6 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -91,7 +91,6 @@
* Some of this really should be coming from RPC queries.
*/
-#warning Figure out IDs and version numbers
#define P11_MANUFACTURER_ID "Cryptech Project"
#define P11_TOKEN_LABEL "Cryptech Token"
#define P11_BOARD_MODEL "Alpha Board"
@@ -2638,6 +2637,15 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID,
/*
* No locking required here as long as we're just returning constants.
+ *
+ * Some of the values below are nonsensical, because they don't map
+ * particularly well to what the HSM is really doing. In some cases
+ * (particularly for some of the flags) we hard-wire whatever client
+ * software insists that we say before it will talk to us. Feh.
+ *
+ * Eventually we expect Cryptech devices to have their own hardware
+ * clocks, in which case we'd set CKF_CLOCK_ON_TOKEN and
+ * pInfo->utcTime. Hardware not implemented yet, so not here either.
*/
if (pInfo == NULL)
@@ -2651,15 +2659,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID,
memset(pInfo, 0, sizeof(*pInfo));
- /*
- * No real idea (yet) how we get many of the following parameters.
- *
- * pInfo->label is supposed to be set when the token is initialized.
- * Not yet sure what that means in our context, but need something
- * here or the libhsm test programs will bomb trying to find the
- * right token, so hard-wire something for now.
- */
-
psnprintf(pInfo->label, sizeof(pInfo->label), P11_TOKEN_LABEL);
psnprintf(pInfo->manufacturerID, sizeof(pInfo->manufacturerID), P11_MANUFACTURER_ID);
psnprintf(pInfo->model, sizeof(pInfo->model), P11_BOARD_MODEL);
@@ -2667,30 +2666,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID,
pInfo->flags = CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED;
-#warning Have not yet sorted out token flags
-#if 0
- CKF_RNG
- CKF_WRITE_PROTECTED
- CKF_LOGIN_REQUIRED
- CKF_USER_PIN_INITIALIZED
- CKF_RESTORE_KEY_NOT_NEEDED
- CKF_CLOCK_ON_TOKEN
- CKF_PROTECTED_AUTHENTICATION_PATH
- CKF_DUAL_CRYPTO_OPERATIONS
- CKF_TOKEN_INITIALIZED
- CKF_SECONDARY_AUTHENTICATION
- CKF_USER_PIN_COUNT_LOW
- CKF_USER_PIN_FINAL_TRY
- CKF_USER_PIN_LOCKED
- CKF_USER_PIN_TO_BE_CHANGED
- CKF_SO_PIN_COUNT_LOW
- CKF_SO_PIN_FINAL_TRY
- CKF_SO_PIN_LOCKED
- CKF_SO_PIN_TO_BE_CHANGED
- CKF_ERROR_STATE
-#endif
-
-#warning Much of the TOKEN_INFO we return is nonsense
pInfo->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE;
pInfo->ulSessionCount = CK_UNAVAILABLE_INFORMATION;
pInfo->ulMaxRwSessionCount = CK_EFFECTIVELY_INFINITE;
@@ -2706,12 +2681,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID,
pInfo->firmwareVersion.major = P11_VERSION_FW_MAJOR;
pInfo->firmwareVersion.minor = P11_VERSION_FW_MINOR;
- /*
- * Eventually we expect Cryptech devices to have their own hardware
- * clocks, in which case we'd set CKF_CLOCK_ON_TOKEN and
- * pInfo->utcTime. Hardware not implemented yet, so not here either.
- */
-
return CKR_OK;
}
More information about the Commits
mailing list