ica_specific.c

IBM的Linux上的PKCS#11实现

pthread_mutex_t  nextmutex = PTHREAD_MUTEX_INITIALIZER;
#define RNG_BUF_SIZE 100
unsigned char
nextRandom (void) {

  static unsigned char  buffer[RNG_BUF_SIZE];
  unsigned char  byte;
  static int used = (RNG_BUF_SIZE); // protected access by the mutex

  pthread_mutex_lock(&nextmutex);
  if (used >= RNG_BUF_SIZE){
    rng_generate(buffer,sizeof(buffer));
    used = 0;
  }

  byte = buffer[used++];
  pthread_mutex_unlock(&nextmutex);
    return((unsigned char)byte);

}
//  Local function that we need to call..
//  since the default is to set a global error number
//  and this is not thread safe, if we call and
//  set the system error number then we will be
//  thread safe
void
CLiC_error(int  errornumber)
{
   errno = errornumber;
}




#endif

#if (AIX) 
CK_RV
os_specific_rsa_keygen(TEMPLATE *publ_tmpl,  TEMPLATE *priv_tmpl)
{
   CK_ATTRIBUTE       * publ_exp = NULL;
   CK_ATTRIBUTE       * attr     = NULL;
   CK_BYTE            * ptr      = NULL;
   CK_BYTE              repl_buf[5500];
   CK_ULONG             req_len, repl_len;
   CK_ULONG             mod_bits;
   CK_BBOOL             flag;
   CK_RV                rc;
   CK_BYTE_PTR         pubExp;
   CK_BYTE_PTR         privKey,prdat;  // IN format for cryptolite
   CK_BYTE_PTR         publKey,pudat;  // IN format for cryptolite
   CK_ULONG            keysize;

   flag = template_attribute_find( publ_tmpl, CKA_MODULUS_BITS, &attr );
   if (!flag){
      st_err_log(48, __FILE__, __LINE__);
      return CKR_TEMPLATE_INCOMPLETE;  // should never happen
   }
   mod_bits = *(CK_ULONG *)attr->pValue;

   flag = template_attribute_find( publ_tmpl, CKA_PUBLIC_EXPONENT, &publ_exp );
   if (!flag){
       st_err_log(48, __FILE__, __LINE__);
      return CKR_TEMPLATE_INCOMPLETE;
   }


   // we don't support less than 1024 bit keys in the sw
   if (mod_bits < 512 || mod_bits > 2048) {
      st_err_log(19, __FILE__, __LINE__);
      return CKR_KEY_SIZE_RANGE;
   }

   //  We have to massage the  public exponent to fit the format
   //  required for cryptlite...   pubExp[0] == exponent length  remainder of
   //  bytes follows

   pubExp = (CK_BYTE_PTR)alloca(publ_exp->ulValueLen + 1); // allocate 1 extra byte
   if ( !pubExp) {
         st_err_log(1, __FILE__, __LINE__);
         return CKR_HOST_MEMORY;
   }

   pubExp[0] = (CK_BYTE)publ_exp->ulValueLen;
   ptr = pubExp+1;
   bcopy(publ_exp->pValue,ptr,publ_exp->ulValueLen); // copy the exporntne

   //  SAB FIXME...  looke like there is a problem on Linux when
   //  freeing the public key...if MALLOC_CHECK=2 is set the free
   //  of publKey causes abort... of course this indicates a heap
   //  corruption corruption.
   //  Try and allocate the private key localy...
   //  So we will allocate 4K for good measure.... Since that could be more than enough
   privKey = malloc(4096);
   if (!privKey){
         st_err_log(1, __FILE__, __LINE__);
         return CKR_HOST_MEMORY;
   }
   privKey = CLiC_rsaKeyGen(mod_bits,
               CLiC_RSA_CRT_KEY,  // we will generate CRT keys since they are fastest
               pubExp,
			   privKey,
                        //NULL,   // let the library allocate the space for us.
            nextRandom);

   if (!privKey) {
        st_err_log(91, __FILE__, __LINE__);
        return CKR_HOST_MEMORY;   // probably should be something else
   }

   publKey = malloc(4096);
   if ( !publKey) {
      free(privKey);
      st_err_log(1, __FILE__, __LINE__);
      return CKR_HOST_MEMORY;
   }
   publKey = CLiC_rsaMakePublicKey(privKey,pubExp,publKey) ;  // let library allocate memory

   ptr = publKey;

   // Now fill in the objects..
   //
   // modulus: n

   //
   ptr = ptr+3; // skip the first three bytes of the representation
   rc = build_attribute( CKA_MODULUS, ptr, CLiC_rsaModulusLength(publKey)/8, &attr ); // in bytes
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__);
      goto done;
   }
   template_update_attribute( publ_tmpl, attr );


   // local = TRUE
   //
   flag = TRUE;
   rc = build_attribute( CKA_LOCAL, &flag, sizeof(CK_BBOOL), &attr );
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__);
      goto done;
   }
   template_update_attribute( publ_tmpl, attr );

   //
   // now, do the private key
   //
   // Cheat here and put the whole original key into the CKA_VALUE... remember
   // to force the system to not return this for RSA keys..

   // Add the modulus to the private key information
   ptr = publKey +3;
   rc = build_attribute( CKA_MODULUS, ptr, CLiC_rsaModulusLength(publKey)/8, &attr ); // in bytes
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__);
      goto done;
   }
   template_update_attribute( priv_tmpl, attr );

   // Stash the local representation of the key for CLiC
   //
   rc = build_attribute( CKA_PUBLIC_EXPONENT, publ_exp->pValue, publ_exp->ulValueLen, &attr );
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__);
      goto done;
   }
   template_update_attribute( priv_tmpl, attr );

   // prime #1: p
   //

   ptr = privKey+3; // Skip the type and length information)

   keysize = (mod_bits/2 +7)/8; // need bytes...  CRT only... Non Crt would be a different key size

   rc = build_attribute( CKA_PRIME_1, ptr, keysize, &attr );
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__);
      goto done;
   }
   template_update_attribute( priv_tmpl, attr );

   // prime #2: q
   //
   ptr += keysize;
   rc = build_attribute( CKA_PRIME_2, ptr, keysize, &attr );
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__);
      goto done;
   }
   template_update_attribute( priv_tmpl, attr );

   // exponent 1: d mod(p-1)
   //
   ptr += keysize;
   rc = build_attribute( CKA_EXPONENT_1, ptr, keysize, &attr );
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__);
      goto done;
   }
   template_update_attribute( priv_tmpl, attr );
   // exponent 2: d mod(q-1)
   //
   ptr += keysize;
   rc = build_attribute( CKA_EXPONENT_2, ptr, keysize, &attr );
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__);
      goto done;
   }
   template_update_attribute( priv_tmpl, attr );

   // CRT coefficient:  q_inverse mod(p)
   //
   ptr += keysize;
   rc = build_attribute( CKA_COEFFICIENT, ptr, keysize, &attr );
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__);
      goto done;
   }
   template_update_attribute( priv_tmpl, attr );


   flag = TRUE;
   rc = build_attribute( CKA_LOCAL, &flag, sizeof(CK_BBOOL), &attr );
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__);
      goto done;
   }
   template_update_attribute( priv_tmpl, attr );

done:

   if (privKey)
      free(privKey); 
   if (publKey)
      free(publKey);

   return rc;

}

#endif

#if (LINUX)
CK_RV
os_specific_rsa_keygen(TEMPLATE *publ_tmpl,  TEMPLATE *priv_tmpl)
{
   CK_ATTRIBUTE       * publ_exp = NULL;
   CK_ATTRIBUTE       * attr     = NULL;
   CK_BYTE            * ptr      = NULL;
   CK_BYTE              repl_buf[5500];
   CK_ULONG             req_len, repl_len;
   CK_ULONG             mod_bits;
   CK_BBOOL             flag;
   CK_RV                rc;
   CK_BYTE_PTR         pubExp;
   CK_BYTE_PTR         prdat;  // IN format for cryptolite
   CK_BYTE_PTR         pudat;  // IN format for cryptolite
   CK_ULONG            keysize;
   ICA_KEY_RSA_MODEXPO *publKey;
   ICA_KEY_RSA_CRT *privKey;
   unsigned int        offset, len;
   unsigned int        publKeySize, privKeySize;


   flag = template_attribute_find( publ_tmpl, CKA_MODULUS_BITS, &attr );
   if (!flag){
       st_err_log(48, __FILE__, __LINE__);
       return CKR_TEMPLATE_INCOMPLETE;  // should never happen
   }
   mod_bits = *(CK_ULONG *)attr->pValue;

   flag = template_attribute_find( publ_tmpl, CKA_PUBLIC_EXPONENT, &publ_exp );
   if (!flag){
        st_err_log(48, __FILE__, __LINE__);
	return CKR_TEMPLATE_INCOMPLETE;
   }
   //jag
   // we don't support less than 1024 bit keys in the sw
   if (mod_bits < 256 || mod_bits > 2048) {
     st_err_log(19, __FILE__, __LINE__);
     return CKR_KEY_SIZE_RANGE;
   }
    
   if(publ_exp->ulValueLen > (mod_bits * 8)){
     st_err_log(109, __FILE__, __LINE__);
     return CKR_DATA_LEN_RANGE;
   }


   publKey = (ICA_KEY_RSA_MODEXPO *) malloc(sizeof(ICA_KEY_RSA_MODEXPO));
   if (publKey == NULL) {
      st_err_log(1, __FILE__, __LINE__);
      return CKR_HOST_MEMORY;
   }
 

   privKey = (ICA_KEY_RSA_CRT *) malloc(sizeof(ICA_KEY_RSA_CRT));
   if (privKey == NULL) {
     st_err_log(1, __FILE__, __LINE__);
     rc = CKR_HOST_MEMORY;
     goto pubkey_cleanup;
   }


   memset(publKey, 0x00, sizeof(ICA_KEY_RSA_MODEXPO));
   memset(privKey, 0x00, sizeof(ICA_KEY_RSA_CRT)); 

   // Currently using definition of ICA_KEY_RSA_MODEXPO in NT spec v1.12
   
   keysize = ((mod_bits + 7)/8);

   /* Linux driver is not using these */


   ptr = publKey->keyRecord + keysize - publ_exp->ulValueLen;
   memcpy(ptr,publ_exp->pValue, publ_exp->ulValueLen);    

   publKeySize = sizeof(ICA_KEY_RSA_MODEXPO);
   privKeySize = sizeof(ICA_KEY_RSA_CRT);
      
   rc = icaRsaKeyGenerateCrt((int)adapter_handle,
				 (unsigned int)mod_bits,
				 (unsigned int)RSA_PUBLIC_FIXED,
				 &publKeySize,
				 (ICA_KEY_RSA_MODEXPO *)publKey,
				 &privKeySize,
				 (ICA_KEY_RSA_CRT *)privKey);

   
   if(rc){
     st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
     rc = CKR_FUNCTION_FAILED;
     goto privkey_cleanup;
   }
   

   // modulus: n
   //
   ptr = (CK_BYTE *)(publKey->keyRecord + keysize);
   rc = build_attribute( CKA_MODULUS, ptr, keysize, &attr );
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__);
      goto privkey_cleanup;
   }
   template_update_attribute( publ_tmpl, attr );

  
   // local = TRUE
   //
   flag = TRUE;
   rc = build_attribute( CKA_LOCAL, &flag, sizeof(CK_BBOOL), &attr );
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__);
      goto privkey_cleanup;
   }
   template_update_attribute( publ_tmpl, attr );

   //
   // now, do the private key
   //

   // public exponent: e
   //
   rc = build_attribute( CKA_PUBLIC_EXPONENT, publ_exp->pValue, publ_exp->ulValueLen, &attr );
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__);
      goto privkey_cleanup;
   }
   template_update_attribute( priv_tmpl, attr );

   // modulus: n
   //
   ptr = (CK_BYTE *)(publKey->keyRecord + keysize);
   rc = build_attribute( CKA_MODULUS, ptr, keysize, &attr );
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__);
      return rc;
   }
   template_update_attribute( priv_tmpl, attr );

   /* CRT sizes are smaller */