template.c

IBM的Linux上的PKCS#11实现

            return rsa_priv_check_exportability( type );

         case CKK_DSA:
            return dsa_priv_check_exportability( type );

         case CKK_ECDSA:
            return ecdsa_priv_check_exportability( type );

         case CKK_DH:
            return dh_priv_check_exportability( type );

         case CKK_KEA:
            return kea_priv_check_exportability( type );

         default:
            st_err_log(9, __FILE__, __LINE__); 
            return CKR_ATTRIBUTE_VALUE_INVALID;  // unknown key type
      }
   }
   else if (class == CKO_SECRET_KEY) {
      return secret_key_check_exportability( type );
   }

   st_err_log(9, __FILE__, __LINE__); 
   return CKR_ATTRIBUTE_VALUE_INVALID;
}


// template_merge()
//
// Merge two templates together:  dest = dest U src
//
// src is destroyed in the process
//
CK_RV
template_merge( TEMPLATE *dest, TEMPLATE **src )
{
   DL_NODE  *node;
   CK_RV     rc;

   if (!dest || !src){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }
   node = (*src)->attribute_list;

   while (node) {
      CK_ATTRIBUTE *attr = (CK_ATTRIBUTE *)node->data;

      rc = template_update_attribute( dest, attr );
      if (rc != CKR_OK){
         st_err_log(178, __FILE__, __LINE__); 
         return rc;
      }
      // we've assigned the node's data to a node in 'dest'
      //
      node->data = NULL;
      node = node->next;
   }

   template_free( *src );
   *src = NULL;

   return CKR_OK;
}



// template_set_default_common_attributes()
//
// Set the default attributes common to all objects:
//
//    CKA_TOKEN      :  FALSE
//    CKA_PRIVATE    :  TRUE -- Cryptoki leaves this up to the token to decide
//    CKA_MODIFIABLE :  TRUE
//    CKA_LABEL      :  empty string
//
CK_RV
template_set_default_common_attributes( TEMPLATE *tmpl )
{
   CK_ATTRIBUTE * token_attr;
   CK_ATTRIBUTE * priv_attr;
   CK_ATTRIBUTE * mod_attr;
   CK_ATTRIBUTE * label_attr;

   // add the default common attributes
   //
   token_attr = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );
   priv_attr  = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );
   mod_attr   = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );
   label_attr = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + 0                );

   if (!token_attr || !priv_attr || !mod_attr || !label_attr) {
      if (token_attr) free( token_attr );
      if (priv_attr)  free( priv_attr );
      if (mod_attr)   free( mod_attr );
      if (label_attr) free( label_attr);

      st_err_log(0, __FILE__, __LINE__);
      return CKR_HOST_MEMORY;
   }

   token_attr->type         = CKA_TOKEN;
   token_attr->ulValueLen   = sizeof(CK_BBOOL);
   token_attr->pValue       = (CK_BYTE *)token_attr + sizeof(CK_ATTRIBUTE);
   *(CK_BBOOL *)token_attr->pValue = FALSE;

   priv_attr->type          = CKA_PRIVATE;
   priv_attr->ulValueLen    = sizeof(CK_BBOOL);
   priv_attr->pValue        = (CK_BYTE *)priv_attr + sizeof(CK_ATTRIBUTE);
   *(CK_BBOOL *)priv_attr->pValue = FALSE;

   mod_attr->type           = CKA_MODIFIABLE;
   mod_attr->ulValueLen     = sizeof(CK_BBOOL);
   mod_attr->pValue         = (CK_BYTE *)mod_attr + sizeof(CK_ATTRIBUTE);
   *(CK_BBOOL *)mod_attr->pValue = TRUE;

   label_attr->type         = CKA_LABEL;
   label_attr->ulValueLen   = 0;         // empty string
   label_attr->pValue       = NULL;

   template_update_attribute( tmpl, token_attr );
   template_update_attribute( tmpl, priv_attr  );
   template_update_attribute( tmpl, mod_attr   );
   template_update_attribute( tmpl, label_attr );

   // the TEMPLATE 'owns' the attributes now.  it is responsible for freeing them
   // upon deletion...
   //

   return CKR_OK;
}


// template_update_attribute()
//
// modifies an existing attribute or adds a new attribute to the template
//
// Returns:  TRUE on success, FALSE on failure
//
CK_RV
template_update_attribute( TEMPLATE *tmpl, CK_ATTRIBUTE *new_attr )
{
   DL_NODE      * node = NULL;
   CK_ATTRIBUTE * attr = NULL;


   if (!tmpl || !new_attr){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }
   node = tmpl->attribute_list;

   // if the attribute already exists in the list, remove it.  this algorithm will
   // limit an attribute to appearing at most once in the list
   //
   while (node != NULL) {
      attr = (CK_ATTRIBUTE *)node->data;

      if (new_attr->type == attr->type) {
         free( attr );
         tmpl->attribute_list = dlist_remove_node( tmpl->attribute_list, node );
         break;
      }

      node = node->next;
   }

   // add the new attribute
   //
   tmpl->attribute_list = dlist_add_as_first( tmpl->attribute_list, new_attr );

   return CKR_OK;
}


// template_validate_attribute()
//
// essentially a group of if-then-else-switch clauses.  separated from
// template_validate_attributes() to make that routine more readable
//
CK_RV
template_validate_attribute( TEMPLATE     * tmpl,
                             CK_ATTRIBUTE * attr,
                             CK_ULONG       class,
                             CK_ULONG       subclass,
                             CK_ULONG       mode )
{
   if (class == CKO_DATA)
      return data_object_validate_attribute( tmpl, attr, mode );

   else if (class == CKO_CERTIFICATE)
   {
      if (subclass == CKC_X_509)
         return cert_x509_validate_attribute( tmpl, attr, mode );
      else
         return cert_vendor_validate_attribute( tmpl, attr, mode );
   }
   else if (class == CKO_PUBLIC_KEY)
   {
      switch (subclass)
      {
         case CKK_RSA:
            return rsa_publ_validate_attribute( tmpl, attr, mode );

         case CKK_DSA:
            return dsa_publ_validate_attribute( tmpl, attr, mode );

         case CKK_ECDSA:
            return ecdsa_publ_validate_attribute( tmpl, attr, mode );

         case CKK_DH:
            return dh_publ_validate_attribute( tmpl, attr, mode );

         case CKK_KEA:
            return kea_publ_validate_attribute( tmpl, attr, mode );

         default:
            st_err_log(9, __FILE__, __LINE__); 
            return CKR_ATTRIBUTE_VALUE_INVALID;  // unknown key type
      }
   }
   else if (class == CKO_PRIVATE_KEY)
   {
      switch (subclass)
      {
         case CKK_RSA:
            return rsa_priv_validate_attribute( tmpl, attr, mode );

         case CKK_DSA:
            return dsa_priv_validate_attribute( tmpl, attr, mode );

         case CKK_ECDSA:
            return ecdsa_priv_validate_attribute( tmpl, attr, mode );

         case CKK_DH:
            return dh_priv_validate_attribute( tmpl, attr, mode );

         case CKK_KEA:
            return kea_priv_validate_attribute( tmpl, attr, mode );

         default:
            st_err_log(9, __FILE__, __LINE__); 
            return CKR_ATTRIBUTE_VALUE_INVALID;  // unknown key type
      }
   }
   else if (class == CKO_SECRET_KEY)
   {
      switch (subclass)
      {
         case CKK_GENERIC_SECRET:
            return generic_secret_validate_attribute( tmpl, attr, mode );

         case CKK_RC2:
            return rc2_validate_attribute( tmpl, attr, mode );

         case CKK_RC4:
            return rc4_validate_attribute( tmpl, attr, mode );

         case CKK_RC5:
            return rc5_validate_attribute( tmpl, attr, mode );

         case CKK_DES:
            return des_validate_attribute( tmpl, attr, mode );

         case CKK_DES2:
            return des2_validate_attribute( tmpl, attr, mode );

         case CKK_DES3:
            return des3_validate_attribute( tmpl, attr, mode );

         case CKK_CAST:
            return cast_validate_attribute( tmpl, attr, mode );

         case CKK_CAST3:
            return cast3_validate_attribute( tmpl, attr, mode );

         case CKK_CAST5:
            return cast5_validate_attribute( tmpl, attr, mode );

         case CKK_IDEA:
            return idea_validate_attribute( tmpl, attr, mode );

#if !(NOCDMF)
         case CKK_CDMF:
            return cdmf_validate_attribute( tmpl, attr, mode );
#endif

         case CKK_SKIPJACK:
            return skipjack_validate_attribute( tmpl, attr, mode );

         case CKK_BATON:
            return baton_validate_attribute( tmpl, attr, mode );

         case CKK_JUNIPER:
            return juniper_validate_attribute( tmpl, attr, mode );

	 case CKK_AES:
	    return aes_validate_attribute( tmpl, attr, mode );

         default:
            st_err_log(9, __FILE__, __LINE__); 
            return CKR_ATTRIBUTE_VALUE_INVALID;  // unknown key type
      }
   }
   else if (class == CKO_HW_FEATURE)
   {
      switch (subclass)
      {
         case CKH_CLOCK:
            return clock_validate_attribute( tmpl, attr, mode );

         case CKH_MONOTONIC_COUNTER:
            return counter_validate_attribute( tmpl, attr, mode );

         default:
            st_err_log(9, __FILE__, __LINE__);
            return CKR_ATTRIBUTE_VALUE_INVALID;
      }
   }
   else if (class == CKO_DOMAIN_PARAMETERS)
   {
      switch (subclass)
      {
         case CKK_DSA:
            return dp_dsa_validate_attribute( tmpl, attr, mode );

         case CKK_DH:
            return dp_dh_validate_attribute( tmpl, attr, mode );

         case CKK_X9_42_DH:
            return dp_x9dh_validate_attribute( tmpl, attr, mode );

         default:
            st_err_log(9, __FILE__, __LINE__);
            return CKR_ATTRIBUTE_VALUE_INVALID;
      }
   }

   st_err_log(9, __FILE__, __LINE__); 
   return CKR_ATTRIBUTE_VALUE_INVALID;   // default fallthru
}


// template_validate_attributes()
//
// walk through the list of attributes in the template validating each one
//
CK_RV
template_validate_attributes( TEMPLATE * tmpl,
                              CK_ULONG   class,
                              CK_ULONG   subclass,
                              CK_ULONG   mode )
{
   DL_NODE     *node;
   CK_RV        rc = CKR_OK;

   node = tmpl->attribute_list;

   while (node) {
      CK_ATTRIBUTE *attr = (CK_ATTRIBUTE *)node->data;

      rc = template_validate_attribute( tmpl, attr, class, subclass, mode );
      if (rc != CKR_OK){
         st_err_log(140, __FILE__, __LINE__); 
         return rc;
      }
      node = node->next;
   }

   return CKR_OK;
}



// template_validate_base_attribute()
//
CK_RV
template_validate_base_attribute( TEMPLATE      * tmpl,
                                  CK_ATTRIBUTE  * attr,
                                  CK_ULONG         mode )
{
   if (!tmpl || !attr){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }
   switch (attr->type) {
      case CKA_CLASS:
         if ((mode & (MODE_CREATE|MODE_DERIVE|MODE_KEYGEN|MODE_UNWRAP)) != 0)
            return CKR_OK;
         break;

      case CKA_TOKEN:
         if ((mode & (MODE_CREATE|MODE_COPY|MODE_DERIVE|MODE_KEYGEN|MODE_UNWRAP)) != 0)
            return CKR_OK;
         break;

      case CKA_PRIVATE:
         if ((mode & (MODE_CREATE|MODE_COPY|MODE_DERIVE|MODE_KEYGEN|MODE_UNWRAP)) != 0)
            return CKR_OK;
         break;

      case CKA_LABEL:
         return CKR_OK;

      case CKA_MODIFIABLE:
         if ((mode & (MODE_CREATE|MODE_COPY|MODE_DERIVE|MODE_KEYGEN|MODE_UNWRAP)) != 0)
            return CKR_OK;
         break;

      default:
         st_err_log(49, __FILE__, __LINE__); 
         return CKR_TEMPLATE_INCONSISTENT;
   }

   st_err_log(7, __FILE__, __LINE__); 
   return CKR_ATTRIBUTE_READ_ONLY;
}