ica_specific.c

IBM的Linux上的PKCS#11实现

	                                oc_sha_ctx->tail_len += in_data_len;
	
        	                        return CKR_OK;
                	        }

				/* We had to use some of the data from in_data to fill out the
				 * empty part of save data, so adjust in_data_len
				 */
				in_data_len -= fill_size;
			
				oc_sha_ctx->tail_len = in_data_len & 0x3f;
				if(oc_sha_ctx->tail_len) {
					memcpy(oc_sha_ctx->tail, in_data + fill_size, 
							oc_sha_ctx->tail_len);
					in_data_len &= ~0x3f;	
				}
			} else {
				/* This is the odd case, where we need to go ahead and
				 * send the first X * 64 byte chunks in to be processed
				 * and copy the last <64 byte area into the tail. -KEY
				 */
                                /* Just copying the last <64 bytes will not work in the case
                                 * of a user who SHA's a large chunk of data in 64 byte
                                 * pieces because we need to cache the last 64 bytes so that
                                 * we're not stuck with 0 bytes when the MSG_PART_FINAL
                                 * comes in. - KEY
                                 */
                                if (!(in_data_len % 64)) {
                                        oc_sha_ctx->tail_len = 64;
                                        memcpy(oc_sha_ctx->tail, in_data + in_data_len - 64, 64);
                                        in_data_len -= 64;
                                } else
                                        oc_sha_ctx->tail_len = in_data_len & 0x3f;

				if( oc_sha_ctx->tail_len < 64) {
					in_data_len &= ~0x3f;
					memcpy(oc_sha_ctx->tail, in_data + in_data_len,
							oc_sha_ctx->tail_len);
				}
			}
		}
	} else {
		/* ctx->multi == FALSE, but we've run previously. That's
		 * our signal that this is the last part -KEY
		 */
		if( ica_sha_ctx->runningLength > 0 )
			oc_sha_ctx->message_part = SHA_MSG_PART_FINAL;
		else
			oc_sha_ctx->message_part = SHA_MSG_PART_ONLY;
	}
	
	if( in_data_len || oc_sha_ctx->message_part == SHA_MSG_PART_FINAL ) {
		if( icaSha1(	adapter_handle, oc_sha_ctx->message_part,
				in_data_len, in_data + fill_size,
				LENGTH_SHA_CONTEXT, ica_sha_ctx,
				&oc_sha_ctx->hash_len, oc_sha_ctx->hash))
			return CKR_FUNCTION_FAILED;
	}
	
	return CKR_OK;
}

CK_RV
token_specific_sha_final(	DIGEST_CONTEXT	*ctx,
				CK_BYTE		*out_data,
				CK_ULONG	*out_data_len )
{
	CK_RV rv = CKR_OK;
	oc_sha1_ctx *oc_sha_ctx = (oc_sha1_ctx *)ctx->context;
	int copy_len = MIN(*out_data_len, LENGTH_SHA_HASH);
	
	if( !ctx )
		return CKR_OPERATION_NOT_INITIALIZED;
	
	if( !out_data || (*out_data_len < LENGTH_SHA_HASH) )
		return CKR_FUNCTION_FAILED;

	if( oc_sha_ctx->message_part != SHA_MSG_PART_FINAL &&
	    oc_sha_ctx->message_part != SHA_MSG_PART_ONLY) {
		/* Finalize the SHA operation; tell update that this multi-part
		 * operation is done. -KEY
		*/
		ctx->multi = FALSE;
		token_specific_sha_update(ctx, oc_sha_ctx->tail, oc_sha_ctx->tail_len);
	}
	
	memcpy(out_data, oc_sha_ctx->hash, copy_len);
	*out_data_len = copy_len;

	/* ctx->context is freed inside digest_mgr_cleanup - KEY */
	free(oc_sha_ctx->dev_ctx);
	return rv;
}



#ifndef LITE
#define LITE
#endif
// convert from the local PKCS11 template representation to
// the underlying requirement
// returns the pointer to the local key representation
void *
rsa_convert_public_key( OBJECT    * key_obj )
{
   CK_BBOOL           rc;
   CK_ATTRIBUTE      * modulus = NULL;
   CK_ATTRIBUTE      * pub_exp = NULL;
   ICA_KEY_RSA_MODEXPO *publKey;
   unsigned char       *pkey;
   unsigned int        offset;


   // So we need to generate the publKey in device specific format every time
   // we know the modulus is good, and that the pub_exp is good since

   rc  = template_attribute_find( key_obj->template, CKA_MODULUS,         &modulus );
   rc &= template_attribute_find( key_obj->template, CKA_PUBLIC_EXPONENT, &pub_exp );

   if (rc == FALSE) {
      return NULL;
   }

   publKey = (ICA_KEY_RSA_MODEXPO *) malloc(sizeof(ICA_KEY_RSA_MODEXPO));
   if (publKey == NULL) {
      return NULL;
   }
   bzero(publKey, sizeof(ICA_KEY_RSA_MODEXPO));

   // Currently using definition of ICA_KEY_RSA_MODEXPO in NT spec v1.12

   publKey->keyType = KEYTYPE_MODEXPO;
   publKey->keyLength = sizeof(ICA_KEY_RSA_MODEXPO);
   publKey->modulusBitLength = 8 * modulus->ulValueLen;
   publKey->nLength = modulus->ulValueLen;
   publKey->expLength = modulus->ulValueLen;
   offset = (CK_BYTE_PTR) publKey->keyRecord - (CK_BYTE_PTR) publKey;
   publKey->expOffset = offset;
   publKey->nOffset = offset + modulus->ulValueLen;

   pkey = (CK_BYTE_PTR) publKey->keyRecord;
   pkey += modulus->ulValueLen - pub_exp->ulValueLen;
   bcopy(pub_exp->pValue, pkey, pub_exp->ulValueLen);
   pkey += pub_exp->ulValueLen;
   bcopy(modulus->pValue, pkey, modulus->ulValueLen);
   return publKey;

}

void *
rsa_convert_private_key(OBJECT *key_obj)
{
   CK_ATTRIBUTE      * attr     = NULL;
   CK_ATTRIBUTE      * modulus  = NULL;
   CK_ATTRIBUTE      * priv_exp = NULL;
   CK_ATTRIBUTE      * prime1   = NULL;
   CK_ATTRIBUTE      * prime2   = NULL;
   CK_ATTRIBUTE      * exp1     = NULL;
   CK_ATTRIBUTE      * exp2     = NULL;
   CK_ATTRIBUTE      * coeff    = NULL;
   CK_BBOOL          rc;
   CK_BYTE_PTR         pkey;
   ICA_KEY_RSA_CRT     *privKey;
   ICA_KEY_RSA_MODEXPO *privModKey;
   unsigned int        offset, pSize, qSize;

      rc  = template_attribute_find( key_obj->template, CKA_MODULUS,          &modulus );
      rc &= template_attribute_find( key_obj->template, CKA_PRIVATE_EXPONENT, &priv_exp );
      rc &= template_attribute_find( key_obj->template, CKA_PRIME_1,          &prime1 );
      rc &= template_attribute_find( key_obj->template, CKA_PRIME_2,          &prime2 );
      rc &= template_attribute_find( key_obj->template, CKA_EXPONENT_1,       &exp1 );
      rc &= template_attribute_find( key_obj->template, CKA_EXPONENT_2,       &exp2 );
      rc &= template_attribute_find( key_obj->template, CKA_COEFFICIENT,      &coeff );
      if ( !prime2 && !modulus ){
         return NULL;
      }

      // CRT key?
      if ( prime1){
         if (!prime2 || !exp1 ||!exp2 || !coeff) {
            return NULL;
         }
         privKey = (ICA_KEY_RSA_CRT *) malloc(sizeof(ICA_KEY_RSA_CRT));
         if (privKey == NULL) {
            return NULL;
         }
         bzero(privKey, sizeof(ICA_KEY_RSA_CRT));

         // Currently using definition of ICA_KEY_RSA_CRT in NT spec v1.12
         // (with nLength and nOffset removed per BEF's e-mail)

         privKey->keyType = KEYTYPE_PKCSCRT;
         privKey->keyLength = sizeof(ICA_KEY_RSA_CRT);
         privKey->modulusBitLength = 8 * modulus->ulValueLen;
         privKey->pLength = prime1->ulValueLen;
         privKey->qLength = prime2->ulValueLen;
         privKey->dpLength = exp1->ulValueLen;
         privKey->dqLength = exp2->ulValueLen;
         privKey->qInvLength = coeff->ulValueLen;
         offset = (CK_BYTE_PTR) privKey->keyRecord
                  - (CK_BYTE_PTR) privKey;
         qSize = modulus->ulValueLen / 2;
         pSize = qSize + 8;   //  1 QWORD larger
         privKey->dpOffset = offset;
         privKey->dqOffset = offset += pSize;
         privKey->pOffset = offset += qSize;
         privKey->qOffset = offset += pSize;
         privKey->qInvOffset = offset + qSize;
         pkey = (CK_BYTE_PTR) privKey->keyRecord;
         pkey += pSize - exp1->ulValueLen;
         bcopy(exp1->pValue, pkey, exp1->ulValueLen);
//       pkey += exp1->ulValueLen + qSize - exp2->ulValueLen;
         pkey += exp1->ulValueLen;
         bcopy(exp2->pValue, pkey, exp2->ulValueLen);
//       pkey += exp2->ulValueLen + pSize - prime1->ulValueLen;
         pkey += qSize + pSize - prime1->ulValueLen;
         bcopy(prime1->pValue, pkey, prime1->ulValueLen);
//       pkey += prime1->ulValueLen + qSize - prime2->ulValueLen;
         pkey += prime1->ulValueLen;
         bcopy(prime2->pValue, pkey, prime2->ulValueLen);
//       pkey += prime2->ulValueLen + pSize - coeff->ulValueLen;
         pkey += qSize + pSize - coeff->ulValueLen;
         bcopy(coeff->pValue, pkey, coeff->ulValueLen);
         return privKey;
//         hex_dump_to_file("PRIVATEKEY",(char *)privKey,sizeof(ICA_KEY_RSA_CRT));
      } else {   // must be a non-CRT key
         if (!priv_exp) {
            return NULL;
         }
         privModKey = (ICA_KEY_RSA_MODEXPO *) malloc(sizeof(ICA_KEY_RSA_MODEXPO));
         if (privModKey == NULL) {
            return NULL;
         }
         bzero(privModKey, sizeof(ICA_KEY_RSA_MODEXPO));

         // Currently using definition of ICA_KEY_RSA_MODEXPO in NT spec v1.12

         privModKey->keyType = KEYTYPE_MODEXPO;
         privModKey->keyLength = sizeof(ICA_KEY_RSA_MODEXPO);
         privModKey->modulusBitLength = 8 * modulus->ulValueLen;
         privModKey->nLength = modulus->ulValueLen;
         privModKey->expLength = modulus->ulValueLen;
         offset = (CK_BYTE_PTR) privModKey->keyRecord
                  - (CK_BYTE_PTR) privModKey;
         privModKey->expOffset = offset;
         privModKey->nOffset = offset + modulus->ulValueLen;

         pkey = (CK_BYTE_PTR) privModKey->keyRecord;
         pkey += modulus->ulValueLen - priv_exp->ulValueLen;
         bcopy(priv_exp->pValue, pkey, priv_exp->ulValueLen);
         pkey += priv_exp->ulValueLen;
         bcopy(modulus->pValue, pkey, modulus->ulValueLen);

         return privModKey;
      }
}



//

#if (AIX)
// This function is only required if public key cryptography
// has been selected in your variant set up.
// Cryptolite  keygen requires this...
// Set a mutex in this function and get a cache;
// using the ICA device to get random numbers a byte at a
//  time is VERY slow..  Keygen is gated by this function.
pthread_mutex_t  nextmutex = PTHREAD_MUTEX_INITIALIZER;
#define RNG_BUF_SIZE 100
unsigned char
nextRandom (void) {

  static unsigned char  buffer[RNG_BUF_SIZE];
  unsigned char  byte;
  static int used = (RNG_BUF_SIZE); // protected access by the mutex

  pthread_mutex_lock(&nextmutex);
  if (used >= RNG_BUF_SIZE){
    rng_generate(buffer,sizeof(buffer));
    used = 0;
  }

  byte = buffer[used++];
  pthread_mutex_unlock(&nextmutex);
    return((unsigned char)byte);

}
//  Local function that we need to call..
//  since the default is to set a global error number
//  and this is not thread safe, if we call and
//  set the system error number then we will be
//  thread safe
void
CLiC_error(int  errornumber)
{
   errno = errornumber;
}




#endif

#if (AIX) 
CK_RV
os_specific_rsa_keygen(TEMPLATE *publ_tmpl,  TEMPLATE *priv_tmpl)
{
   CK_ATTRIBUTE       * publ_exp = NULL;
   CK_ATTRIBUTE       * attr     = NULL;
   CK_BYTE            * ptr      = NULL;
   CK_BYTE              repl_buf[5500];
   CK_ULONG             req_len, repl_len;
   CK_ULONG             mod_bits;
   CK_BBOOL             flag;
   CK_RV                rc;
   CK_BYTE_PTR         pubExp;
   CK_BYTE_PTR         privKey,prdat;  // IN format for cryptolite
   CK_BYTE_PTR         publKey,pudat;  // IN format for cryptolite
   CK_ULONG            keysize;

   flag = template_attribute_find( publ_tmpl, CKA_MODULUS_BITS, &attr );
   if (!flag)
      return CKR_TEMPLATE_INCOMPLETE;  // should never happen
   mod_bits = *(CK_ULONG *)attr->pValue;

   flag = template_attribute_find( publ_tmpl, CKA_PUBLIC_EXPONENT, &publ_exp );
   if (!flag)
      return CKR_TEMPLATE_INCOMPLETE;



   // we don't support less than 1024 bit keys in the sw
   if (mod_bits < 512 || mod_bits > 2048) {
      return CKR_KEY_SIZE_RANGE;
   }

   //  We have to massage the  public exponent to fit the format
   //  required for cryptlite...   pubExp[0] == exponent length  remainder of
   //  bytes follows

   pubExp = (CK_BYTE_PTR)alloca(publ_exp->ulValueLen + 1); // allocate 1 extra byte
   if ( !pubExp) {
         return CKR_HOST_MEMORY;
   }

   pubExp[0] = (CK_BYTE)publ_exp->ulValueLen;
   ptr = pubExp+1;
   bcopy(publ_exp->pValue,ptr,publ_exp->ulValueLen); // copy the exporntne

   //  SAB FIXME...  looke like there is a problem on Linux when
   //  freeing the public key...if MALLOC_CHECK=2 is set the free
   //  of publKey causes abort... of course this indicates a heap
   //  corruption corruption.
   //  Try and allocate the private key localy...
   //  So we will allocate 4K for good measure.... Since that could be more than enough
   privKey = malloc(4096);
   if (!privKey) return CKR_HOST_MEMORY;
   privKey = CLiC_rsaKeyGen(mod_bits,
               CLiC_RSA_CRT_KEY,  // we will generate CRT keys since they are fastest
               pubExp,
			   privKey,
                        //NULL,   // let the library allocate the space for us.
            nextRandom);

   if (!privKey) {
        return CKR_HOST_MEMORY;   // probably should be something else
   }