key.c

IBM的Linux上的PKCS#11实现

   found = template_attribute_find( tmpl, CKA_PUBLIC_EXPONENT, &attr );
   if (!found) {
      if (mode == MODE_CREATE){
         st_err_log(48, __FILE__, __LINE__);
         return CKR_TEMPLATE_INCOMPLETE;
      }
   }

   found = template_attribute_find( tmpl, CKA_PRIVATE_EXPONENT, &attr );
   if (!found) {
      if (mode == MODE_CREATE){
         st_err_log(48, __FILE__, __LINE__);
         return CKR_TEMPLATE_INCOMPLETE;
      }
   }

   found = template_attribute_find( tmpl, CKA_PRIME_1, &attr );
   if (!found) {
      if (mode == MODE_CREATE){
         st_err_log(48, __FILE__, __LINE__);
         return CKR_TEMPLATE_INCOMPLETE;
      }
   }

   found = template_attribute_find( tmpl, CKA_PRIME_2, &attr );
   if (!found) {
      if (mode == MODE_CREATE){
         st_err_log(48, __FILE__, __LINE__);
         return CKR_TEMPLATE_INCOMPLETE;
      }
   }

   found = template_attribute_find( tmpl, CKA_EXPONENT_1, &attr );
   if (!found) {
      if (mode == MODE_CREATE){
         st_err_log(48, __FILE__, __LINE__);
         return CKR_TEMPLATE_INCOMPLETE;
      }
   }

   found = template_attribute_find( tmpl, CKA_EXPONENT_2, &attr );
   if (!found) {
      if (mode == MODE_CREATE){
         st_err_log(48, __FILE__, __LINE__);
         return CKR_TEMPLATE_INCOMPLETE;
      }
   }

   found = template_attribute_find( tmpl, CKA_COEFFICIENT, &attr );
   if (!found) {
      if (mode == MODE_CREATE){
         st_err_log(48, __FILE__, __LINE__);
         return CKR_TEMPLATE_INCOMPLETE;
      }
   }

   // we should probably verify that the (e != p) and (e != q). ie. gcd(e,n) == 1
   //

   return priv_key_check_required_attributes( tmpl, mode );
}


//  rsa_priv_set_default_attributes()
//
CK_RV
rsa_priv_set_default_attributes( TEMPLATE *tmpl, CK_ULONG mode )
{
   CK_ATTRIBUTE   *modulus_attr      = NULL;
   CK_ATTRIBUTE   *public_exp_attr   = NULL;
   CK_ATTRIBUTE   *private_exp_attr  = NULL;
   CK_ATTRIBUTE   *type_attr         = NULL;

   // satisfy the compiler
   //
   if (mode)
      modulus_attr = NULL;

   priv_key_set_default_attributes( tmpl, mode );

   type_attr         = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_KEY_TYPE) );
   modulus_attr      = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) );
   public_exp_attr   = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) );
   private_exp_attr  = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) );

   if (!type_attr || !modulus_attr || !public_exp_attr || !private_exp_attr) {
      if (type_attr)        free( type_attr );
      if (modulus_attr)     free( modulus_attr );
      if (public_exp_attr)  free( public_exp_attr );
      if (private_exp_attr) free( private_exp_attr );

      st_err_log(1, __FILE__, __LINE__);
      return CKR_HOST_MEMORY;
   }

   modulus_attr->type       = CKA_MODULUS;
   modulus_attr->ulValueLen = 0;
   modulus_attr->pValue     = NULL;

   public_exp_attr->type       = CKA_PUBLIC_EXPONENT;
   public_exp_attr->ulValueLen = 0;
   public_exp_attr->pValue     = NULL;

   private_exp_attr->type       = CKA_PRIVATE_EXPONENT;
   private_exp_attr->ulValueLen = 0;
   private_exp_attr->pValue     = NULL;

   type_attr->type       = CKA_KEY_TYPE;
   type_attr->ulValueLen = sizeof(CK_KEY_TYPE);
   type_attr->pValue     = (CK_BYTE *)type_attr + sizeof(CK_ATTRIBUTE);
   *(CK_KEY_TYPE *)type_attr->pValue = CKK_RSA;

   template_update_attribute( tmpl, type_attr );
   template_update_attribute( tmpl, modulus_attr );
   template_update_attribute( tmpl, public_exp_attr );
   template_update_attribute( tmpl, private_exp_attr );

   return CKR_OK;
}


// rsa_priv_validate_attributes()
//
CK_RV
rsa_priv_validate_attribute( TEMPLATE *tmpl, CK_ATTRIBUTE *attr, CK_ULONG mode )
{
   switch (attr->type) {
      case CKA_MODULUS:
      case CKA_PRIVATE_EXPONENT:
         if (mode == MODE_CREATE)
            return remove_leading_zeros( attr );
         else{
            st_err_log(7, __FILE__, __LINE__);
            return CKR_ATTRIBUTE_READ_ONLY;
         }
      case CKA_PUBLIC_EXPONENT:
      case CKA_PRIME_1:
      case CKA_PRIME_2:
      case CKA_EXPONENT_1:
      case CKA_EXPONENT_2:
      case CKA_COEFFICIENT:
         if (mode == MODE_CREATE)
            return remove_leading_zeros( attr );
         else{
            st_err_log(7, __FILE__, __LINE__);
            return CKR_ATTRIBUTE_READ_ONLY;
         }
      default:
         return priv_key_validate_attribute( tmpl, attr, mode );
   }
}


// rsa_priv_check_exportability()
//
CK_BBOOL
rsa_priv_check_exportability( CK_ATTRIBUTE_TYPE type )
{
   switch (type) {
      case CKA_PRIVATE_EXPONENT:
      case CKA_PRIME_1:
      case CKA_PRIME_2:
      case CKA_EXPONENT_1:
      case CKA_EXPONENT_2:
      case CKA_COEFFICIENT:
         st_err_log(86, __FILE__, __LINE__);
         return FALSE;
   }

   return TRUE;
}


// create the ASN.1 encoding for the private key for wrapping as defined
// in PKCS #8
//
// ASN.1 type PrivateKeyInfo ::= SEQUENCE {
//    version Version
//    privateKeyAlgorithm  PrivateKeyAlgorithmIdentifier
//    privateKey PrivateKey
//    attributes OPTIONAL
// }
//
// Where PrivateKey is defined as follows for RSA:
//
// ASN.1 type RSAPrivateKey
//
// RSAPrivateKey ::= SEQUENCE {
//   version Version
//   modulus INTEGER
//   publicExponent INTEGER
//   privateExponent INTEGER
//   prime1 INTEGER
//   prime2 INTEGER
//   exponent1 INTEGER
//   exponent2 INTEGER
//   coefficient INTEGER
// }
//
CK_RV
rsa_priv_wrap_get_data( TEMPLATE  *tmpl,
                        CK_BBOOL   length_only,
                        CK_BYTE  **data,
                        CK_ULONG  *data_len )
{
   CK_ATTRIBUTE *modulus   = NULL;
   CK_ATTRIBUTE *publ_exp  = NULL, *priv_exp  = NULL;
   CK_ATTRIBUTE *prime1    = NULL, *prime2    = NULL;
   CK_ATTRIBUTE *exponent1 = NULL, *exponent2 = NULL;
   CK_ATTRIBUTE *coeff     = NULL;
   CK_RV      rc;


   // compute the total length of the BER-encoded data
   //
   if (template_attribute_find(tmpl, CKA_MODULUS, &modulus) == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED; 
   }
   if (template_attribute_find(tmpl, CKA_PUBLIC_EXPONENT, &publ_exp) == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (template_attribute_find(tmpl, CKA_PRIVATE_EXPONENT, &priv_exp) ==
FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (template_attribute_find(tmpl, CKA_PRIME_1, &prime1) == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (template_attribute_find(tmpl, CKA_PRIME_2, &prime2) == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (template_attribute_find(tmpl, CKA_EXPONENT_1, &exponent1) == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (template_attribute_find(tmpl, CKA_EXPONENT_2, &exponent2) == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (template_attribute_find(tmpl, CKA_COEFFICIENT, &coeff) == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   rc = ber_encode_RSAPrivateKey( length_only, data, data_len,
                                  modulus,
                                  publ_exp,  priv_exp,
                                  prime1,    prime2,
                                  exponent1, exponent2,
                                  coeff );
   if (rc != CKR_OK){
      st_err_log(87, __FILE__, __LINE__);
   }
   return rc;
}


//
//
CK_RV
rsa_priv_unwrap( TEMPLATE *tmpl,
                 CK_BYTE  *data,
                 CK_ULONG  total_length )
{
   CK_ATTRIBUTE *modulus   = NULL;
   CK_ATTRIBUTE *publ_exp  = NULL;
   CK_ATTRIBUTE *priv_exp  = NULL;
   CK_ATTRIBUTE *prime1    = NULL;
   CK_ATTRIBUTE *prime2    = NULL;
   CK_ATTRIBUTE *exponent1 = NULL;
   CK_ATTRIBUTE *exponent2 = NULL;
   CK_ATTRIBUTE *coeff     = NULL;
   CK_RV      rc;

   rc = ber_decode_RSAPrivateKey( data,
                                  total_length,
                                  &modulus,
                                  &publ_exp,
                                  &priv_exp,
                                  &prime1,
                                  &prime2,
                                  &exponent1,
                                  &exponent2,
                                  &coeff );

   if (rc != CKR_OK){
      st_err_log(88, __FILE__, __LINE__);
      return rc;
   }
   remove_leading_zeros( modulus );
   remove_leading_zeros( publ_exp );
   remove_leading_zeros( priv_exp );
   remove_leading_zeros( prime1 );
   remove_leading_zeros( prime2 );
   remove_leading_zeros( exponent1 );
   remove_leading_zeros( exponent2 );
   remove_leading_zeros( coeff );

   template_update_attribute( tmpl, modulus );
   template_update_attribute( tmpl, publ_exp );
   template_update_attribute( tmpl, priv_exp );
   template_update_attribute( tmpl, prime1 );
   template_update_attribute( tmpl, prime2 );
   template_update_attribute( tmpl, exponent1 );
   template_update_attribute( tmpl, exponent2 );
   template_update_attribute( tmpl, coeff );

   return CKR_OK;
}


// dsa_publ_check_required_attributes()
//
CK_RV
dsa_publ_check_required_attributes( TEMPLATE *tmpl, CK_ULONG mode )
{
   CK_ATTRIBUTE *attr = NULL;
   CK_BBOOL   found;


   found = template_attribute_find( tmpl, CKA_PRIME, &attr );
   if (!found) {
      if (mode == MODE_CREATE || mode == MODE_KEYGEN){
         st_err_log(48, __FILE__, __LINE__);
         return CKR_TEMPLATE_INCOMPLETE;
      }
   }
   found = template_attribute_find( tmpl, CKA_SUBPRIME, &attr );
   if (!found) {
      if (mode == MODE_CREATE || mode == MODE_KEYGEN){
         st_err_log(48, __FILE__, __LINE__);
         return CKR_TEMPLATE_INCOMPLETE;
      }
   }

   found = template_attribute_find( tmpl, CKA_BASE, &attr );
   if (!found) {
      if (mode == MODE_CREATE || mode == MODE_KEYGEN){
         st_err_log(48, __FILE__, __LINE__);
         return CKR_TEMPLATE_INCOMPLETE;
      }
   }

   found = template_attribute_find( tmpl, CKA_VALUE, &attr );
   if (!found) {
      if (mode == MODE_CREATE){
         st_err_log(48, __FILE__, __LINE__);
         return CKR_TEMPLATE_INCOMPLETE;
      }
   }

   return publ_key_check_required_attributes( tmpl, mode );
}


//  dsa_publ_set_default_attributes()
//
CK_RV
dsa_publ_set_default_attributes( TEMPLATE *tmpl, CK_ULONG mode )
{
   CK_ATTRIBUTE   *prime_attr    = NULL;
   CK_ATTRIBUTE   *subprime_attr = NULL;
   CK_ATTRIBUTE   *base_attr     = NULL;
   CK_ATTRIBUTE   *value_attr    = NULL;
   CK_ATTRIBUTE   *type_at