[Cryptech-Commits] [sw/pkcs11] 05/05: Clean up C_GetTokenInfo().

git at cryptech.is git at cryptech.is
Sat May 20 22:15:24 UTC 2017


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository sw/pkcs11.

commit 77b560e4129a5e499a7418a1c43083511b3b97ab
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Sat May 20 18:06:16 2017 -0400

    Clean up C_GetTokenInfo().
---
 pkcs11.c | 49 +++++++++----------------------------------------
 1 file changed, 9 insertions(+), 40 deletions(-)

diff --git a/pkcs11.c b/pkcs11.c
index f3ac77b..06205b6 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -91,7 +91,6 @@
  * Some of this really should be coming from RPC queries.
  */
 
-#warning Figure out IDs and version numbers
 #define P11_MANUFACTURER_ID     "Cryptech Project"
 #define P11_TOKEN_LABEL		"Cryptech Token"
 #define P11_BOARD_MODEL		"Alpha Board"
@@ -2638,6 +2637,15 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID,
 
   /*
    * No locking required here as long as we're just returning constants.
+   *
+   * Some of the values below are nonsensical, because they don't map
+   * particularly well to what the HSM is really doing.  In some cases
+   * (particularly for some of the flags) we hard-wire whatever client
+   * software insists that we say before it will talk to us.  Feh.
+   *
+   * Eventually we expect Cryptech devices to have their own hardware
+   * clocks, in which case we'd set CKF_CLOCK_ON_TOKEN and
+   * pInfo->utcTime.  Hardware not implemented yet, so not here either.
    */
 
   if (pInfo == NULL)
@@ -2651,15 +2659,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID,
 
   memset(pInfo, 0, sizeof(*pInfo));
 
-  /*
-   * No real idea (yet) how we get many of the following parameters.
-   *
-   * pInfo->label is supposed to be set when the token is initialized.
-   * Not yet sure what that means in our context, but need something
-   * here or the libhsm test programs will bomb trying to find the
-   * right token, so hard-wire something for now.
-   */
-
   psnprintf(pInfo->label,          sizeof(pInfo->label),          P11_TOKEN_LABEL);
   psnprintf(pInfo->manufacturerID, sizeof(pInfo->manufacturerID), P11_MANUFACTURER_ID);
   psnprintf(pInfo->model,          sizeof(pInfo->model),          P11_BOARD_MODEL);
@@ -2667,30 +2666,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID,
 
   pInfo->flags = CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED;
 
-#warning Have not yet sorted out token flags
-#if 0
-    CKF_RNG
-    CKF_WRITE_PROTECTED
-    CKF_LOGIN_REQUIRED
-    CKF_USER_PIN_INITIALIZED
-    CKF_RESTORE_KEY_NOT_NEEDED
-    CKF_CLOCK_ON_TOKEN
-    CKF_PROTECTED_AUTHENTICATION_PATH
-    CKF_DUAL_CRYPTO_OPERATIONS
-    CKF_TOKEN_INITIALIZED
-    CKF_SECONDARY_AUTHENTICATION
-    CKF_USER_PIN_COUNT_LOW
-    CKF_USER_PIN_FINAL_TRY
-    CKF_USER_PIN_LOCKED
-    CKF_USER_PIN_TO_BE_CHANGED
-    CKF_SO_PIN_COUNT_LOW
-    CKF_SO_PIN_FINAL_TRY
-    CKF_SO_PIN_LOCKED
-    CKF_SO_PIN_TO_BE_CHANGED
-    CKF_ERROR_STATE
-#endif
-
-#warning Much of the TOKEN_INFO we return is nonsense
   pInfo->ulMaxSessionCount      = CK_EFFECTIVELY_INFINITE;
   pInfo->ulSessionCount         = CK_UNAVAILABLE_INFORMATION;
   pInfo->ulMaxRwSessionCount    = CK_EFFECTIVELY_INFINITE;
@@ -2706,12 +2681,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID,
   pInfo->firmwareVersion.major  = P11_VERSION_FW_MAJOR;
   pInfo->firmwareVersion.minor  = P11_VERSION_FW_MINOR;
 
-  /*
-   * Eventually we expect Cryptech devices to have their own hardware
-   * clocks, in which case we'd set CKF_CLOCK_ON_TOKEN and
-   * pInfo->utcTime.  Hardware not implemented yet, so not here either.
-   */
-
   return CKR_OK;
 }
 



More information about the Commits mailing list