key.c

IBM的Linux上的PKCS#11实现

//    cast3_check_required_attributes
//    cast3_validate_attribute
//    cast3_priv_check_exportability
//
//    cast5_check_required_attributes
//    cast5_validate_attribute
//    cast5_priv_check_exportability
//
//    idea_check_required_attributes
//    idea_validate_attribute
//    idea_priv_check_exportability
//
//    cdmf_check_required_attributes
//    cdmf_validate_attribute
//    cdmf_priv_check_exportability
//
//    skipjack_check_required_attributes
//    skipjack_validate_attribute
//    skipjack_priv_check_exportability
//
//    baton_check_required_attributes
//    baton_validate_attribute
//    baton_priv_check_exportability
//
//    juniper_check_required_attributes
//    juniper_validate_attribute
//    juniper_priv_check_exportability
//

//#include <windows.h>

#include <pthread.h>
#include <stdlib.h>

  #include <string.h>  // for memcmp() et al

#include "pkcs11types.h"
#include "defs.h"
#include "host_defs.h"
#include "h_extern.h"

#include "tok_spec_struct.h"
//#include "args.h"


// key_object_check_required_attributes()
//
// Check required common attributes for key objects
//
CK_RV
key_object_check_required_attributes( TEMPLATE *tmpl, CK_ULONG mode )
{
   CK_ATTRIBUTE * attr = NULL;
   CK_BBOOL    found;

   found = template_attribute_find( tmpl, CKA_KEY_TYPE, &attr );
   if (!found) {
      if (mode == MODE_CREATE){
         st_err_log(48, __FILE__, __LINE__);
         return CKR_TEMPLATE_INCOMPLETE;
      }
   }

   return template_check_required_base_attributes( tmpl, mode );
}


//  key_object_set_default_attributes()
//
CK_RV
key_object_set_default_attributes( TEMPLATE *tmpl, CK_ULONG mode )
{
   CK_ATTRIBUTE * id_attr     = NULL;
   CK_ATTRIBUTE * sdate_attr  = NULL;
   CK_ATTRIBUTE * edate_attr  = NULL;
   CK_ATTRIBUTE * derive_attr = NULL;
   CK_ATTRIBUTE * local_attr  = NULL;

   // satisfy the compiler
   //
   if (mode)
      id_attr = NULL;

   id_attr        = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE)                    );
   sdate_attr     = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE)                    );
   edate_attr     = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE)                    );
   derive_attr    = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );
   local_attr     = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );

   if (!id_attr || !sdate_attr || !edate_attr || !derive_attr || !local_attr) {
      if (id_attr)      free( id_attr     );
      if (sdate_attr)   free( sdate_attr  );
      if (edate_attr)   free( edate_attr  );
      if (derive_attr)  free( derive_attr );
      if (local_attr)   free( local_attr  );
      st_err_log(1, __FILE__, __LINE__);
      return CKR_HOST_MEMORY;
   }

   id_attr->type           = CKA_ID;
   id_attr->ulValueLen     = 0;
   id_attr->pValue         = NULL;

   sdate_attr->type        = CKA_START_DATE;
   sdate_attr->ulValueLen  = 0;
   sdate_attr->pValue      = NULL;

   edate_attr->type        = CKA_END_DATE;
   edate_attr->ulValueLen  = 0;
   edate_attr->pValue      = NULL;

   derive_attr->type       = CKA_DERIVE;
   derive_attr->ulValueLen = sizeof(CK_BBOOL);
   derive_attr->pValue     = (CK_BYTE *)derive_attr + sizeof(CK_ATTRIBUTE);
   *(CK_BBOOL *)derive_attr->pValue = FALSE;

   local_attr->type        = CKA_LOCAL;
   local_attr->ulValueLen  = sizeof(CK_BBOOL);
   local_attr->pValue      = (CK_BYTE *)local_attr + sizeof(CK_ATTRIBUTE);
   *(CK_BBOOL *)local_attr->pValue = FALSE;

   template_update_attribute( tmpl, id_attr     );
   template_update_attribute( tmpl, sdate_attr  );
   template_update_attribute( tmpl, edate_attr  );
   template_update_attribute( tmpl, derive_attr );
   template_update_attribute( tmpl, local_attr  );

   return CKR_OK;
}


// key_object_validate_attribute()
//
CK_RV
key_object_validate_attribute( TEMPLATE *tmpl, CK_ATTRIBUTE *attr, CK_ULONG mode)
{
   switch (attr->type) {
      case CKA_KEY_TYPE:
         if (mode == MODE_CREATE || mode == MODE_DERIVE ||
             mode == MODE_KEYGEN || mode == MODE_UNWRAP)
            return CKR_OK;
         else{
            st_err_log(7, __FILE__, __LINE__);
            return CKR_ATTRIBUTE_READ_ONLY;
         }
      case CKA_ID:
      case CKA_START_DATE:
      case CKA_END_DATE:
      case CKA_DERIVE:
         return CKR_OK;

      case CKA_LOCAL:
         // CKA_LOCAL is only set by the key-generate routine
         //
         st_err_log(7, __FILE__, __LINE__);
         return CKR_ATTRIBUTE_READ_ONLY;

      default:
         return template_validate_base_attribute( tmpl, attr, mode );
   }

   st_err_log(8, __FILE__, __LINE__);
   return CKR_ATTRIBUTE_TYPE_INVALID;
}


// publ_key_check_required_attributes()
//
CK_RV
publ_key_check_required_attributes( TEMPLATE *tmpl, CK_ULONG mode )
{
   // CKO_PUBLIC_KEY has no required attributes
   //
   return key_object_check_required_attributes( tmpl, mode );
}


// publ_key_set_default_attributes()
//
// some of the common public key attributes have defaults but none of the specific
// public keytypes have default attributes
//
CK_RV
publ_key_set_default_attributes( TEMPLATE *tmpl, CK_ULONG mode )
{
   CK_ATTRIBUTE    *class_attr          = NULL;
   CK_ATTRIBUTE    *subject_attr        = NULL;
   CK_ATTRIBUTE    *encrypt_attr        = NULL;
   CK_ATTRIBUTE    *verify_attr         = NULL;
   CK_ATTRIBUTE    *verify_recover_attr = NULL;
   CK_ATTRIBUTE    *wrap_attr           = NULL;

   CK_OBJECT_CLASS  class = CKO_PUBLIC_KEY;
   CK_RV            rc;


   rc = key_object_set_default_attributes( tmpl, mode );
   if (rc != CKR_OK){
      st_err_log(172, __FILE__, __LINE__);
      return rc;
   }
   // add the default CKO_PUBLIC_KEY attributes
   //
   class_attr          = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_OBJECT_CLASS) );
   subject_attr        = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) );
   encrypt_attr        = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );
   verify_attr         = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );
   verify_recover_attr = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );
   wrap_attr           = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );

   if (!class || !subject_attr || !encrypt_attr ||
       !verify_attr  || !verify_recover_attr || !wrap_attr)
   {
      if (class_attr)          free( class_attr );
      if (subject_attr)        free( subject_attr );
      if (encrypt_attr)        free( encrypt_attr );
      if (verify_attr)         free( verify_attr );
      if (verify_recover_attr) free( verify_recover_attr );
      if (wrap_attr)           free( wrap_attr );

      st_err_log(1, __FILE__, __LINE__);
      return CKR_HOST_MEMORY;
   }

   class_attr->type           = CKA_CLASS;
   class_attr->ulValueLen     = sizeof(CK_OBJECT_CLASS);
   class_attr->pValue         = (CK_BYTE *)class_attr + sizeof(CK_ATTRIBUTE);
   *(CK_OBJECT_CLASS *)class_attr->pValue = CKO_PUBLIC_KEY;

   subject_attr->type         = CKA_SUBJECT;
   subject_attr->ulValueLen   = 0;  // empty string
   subject_attr->pValue       = NULL;

   encrypt_attr->type          = CKA_ENCRYPT;
   encrypt_attr->ulValueLen    = sizeof(CK_BBOOL);
   encrypt_attr->pValue        = (CK_BYTE *)encrypt_attr + sizeof(CK_ATTRIBUTE);
   *(CK_BBOOL *)encrypt_attr->pValue = TRUE;

   verify_attr->type          = CKA_VERIFY;
   verify_attr->ulValueLen    = sizeof(CK_BBOOL);
   verify_attr->pValue        = (CK_BYTE *)verify_attr + sizeof(CK_ATTRIBUTE);
   *(CK_BBOOL *)verify_attr->pValue = TRUE;

   verify_recover_attr->type          = CKA_VERIFY_RECOVER;
   verify_recover_attr->ulValueLen    = sizeof(CK_BBOOL);
   verify_recover_attr->pValue        = (CK_BYTE *)verify_recover_attr + sizeof(CK_ATTRIBUTE);
   *(CK_BBOOL *)verify_recover_attr->pValue = TRUE;

   wrap_attr->type          = CKA_WRAP;
   wrap_attr->ulValueLen    = sizeof(CK_BBOOL);
   wrap_attr->pValue        = (CK_BYTE *)wrap_attr + sizeof(CK_ATTRIBUTE);
   *(CK_BBOOL *)wrap_attr->pValue = TRUE;

   template_update_attribute( tmpl, class_attr          );
   template_update_attribute( tmpl, subject_attr        );
   template_update_attribute( tmpl, encrypt_attr        );
   template_update_attribute( tmpl, verify_attr         );
   template_update_attribute( tmpl, verify_recover_attr );
   template_update_attribute( tmpl, wrap_attr           );

   return CKR_OK;
}


// publ_key_validate_attribute
//
CK_RV
publ_key_validate_attribute( TEMPLATE *tmpl, CK_ATTRIBUTE *attr, CK_ULONG mode )
{
   switch (attr->type) {
      case CKA_SUBJECT:
         return CKR_OK;

      case CKA_ENCRYPT:
      case CKA_VERIFY:
      case CKA_VERIFY_RECOVER:
      case CKA_WRAP:
         if (mode == MODE_MODIFY) {
            if (nv_token_data->tweak_vector.allow_key_mods == TRUE)
               return CKR_OK;
            st_err_log(7, __FILE__, __LINE__);
            return CKR_ATTRIBUTE_READ_ONLY;
         }
         return CKR_OK;

      default:
         return key_object_validate_attribute( tmpl, attr, mode );
   }

   st_err_log(8, __FILE__, __LINE__);
   return CKR_ATTRIBUTE_TYPE_INVALID;
}


// priv_key_check_required_attributes()
//
CK_RV
priv_key_check_required_attributes( TEMPLATE *tmpl, CK_ULONG mode )
{
   // CKO_PRIVATE_KEY has no required attributes
   //
   return key_object_check_required_attributes( tmpl, mode );
}


// priv_key_set_default_attributes()
//
// some of the common private key attributes have defaults but none of the specific
// private keytypes have default attributes
//
CK_RV
priv_key_set_default_attributes( TEMPLATE *tmpl, CK_ULONG mode )
{
   CK_ATTRIBUTE    *class_attr        = NULL;
   CK_ATTRIBUTE    *subject_attr      = NULL;
   CK_ATTRIBUTE    *sensitive_attr    = NULL;
   CK_ATTRIBUTE    *decrypt_attr      = NULL;
   CK_ATTRIBUTE    *sign_attr         = NULL;
   CK_ATTRIBUTE    *sign_recover_attr = NULL;
   CK_ATTRIBUTE    *unwrap_attr       = NULL;
   CK_ATTRIBUTE    *extractable_attr  = NULL;
   CK_ATTRIBUTE    *never_extr_attr   = NULL;
   CK_ATTRIBUTE    *always_sens_attr  = NULL;
   CK_RV            rc;


   rc = key_object_set_default_attributes( tmpl, mode );
   if (rc != CKR_OK){
      st_err_log(172, __FILE__, __LINE__);
      return rc;
   }
   // add the default CKO_PUBLIC_KEY attributes
   //
   class_attr        = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_OBJECT_CLASS) );
   subject_attr      = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) );
   sensitive_attr    = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );
   decrypt_attr      = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );
   sign_attr         = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );
   sign_recover_attr = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );
   unwrap_attr       = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );
   extractable_attr  = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );
   never_extr_attr   = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );
   always_sens_attr  = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );

   if (!class_attr || !subject_attr      || !sensitive_attr || !decrypt_attr ||
       !sign_attr  || !sign_recover_attr || !unwrap_attr    || !extractable_attr ||
       !never_extr_attr || !always_sens_attr )
   {
      if (class_attr)        free( class_attr );
      if (subject_attr)      free( subject_attr );
      if (sensitive_attr)    free( sensitive_attr );
      if (decrypt_attr)      free( decrypt_attr );
      if (sign_attr)         free( sign_attr );
      if (sign_recover_attr) free( sign_recover_attr );
      if (unwrap_attr)       free( unwrap_attr );
      if (extractable_attr)  free( extractable_attr );
      if (always_sens_attr)  free( always_sens_attr );
      if (never_extr_attr)   free( never_extr_attr );

      st_err_log(1, __FILE__, __LINE__);
      return CKR_HOST_MEMORY;
   }

   class_attr->type       = CKA_CLASS;
   class_attr->ulValueLen = sizeof(CK_OBJECT_CLASS);
   class_attr->pValue     = (CK_BYTE *)class_attr + sizeof(CK_ATTRIBUTE);
   *(CK_OBJECT_CLASS *)class_attr->pValue = CKO_PRIVATE_KEY;

   subject_attr->type       = CKA_SUBJECT;
   subject_attr->ulValueLen = 0;  // empty string
   subject_attr->pValue     = NULL;

   sensitive_attr->type       = CKA_SENSITIVE;
   sensitive_attr->ulValueLen = sizeof(CK_BBOOL);