mech_ssl3.c

IBM的Linux上的PKCS#11实现

   if (rc != CKR_OK){
      st_err_log(123, __FILE__, __LINE__); 
      goto error;
   }
   rc = digest_mgr_digest_update( sess, &digest_ctx, hash, len );
   if (rc != CKR_OK){
      st_err_log(123, __FILE__, __LINE__); 
      goto error;
   }
   len = sizeof(hash);
   rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &len );

   if (rc == CKR_OK){
      memcpy( outBuff, hash, len );
   }
   else
      st_err_log(126, __FILE__, __LINE__); 
error:
   digest_mgr_cleanup( &digest_ctx );
   return rc;
}

//
//
static CK_RV
ssl3_md5_only( SESSION   * sess,
               CK_BYTE   * firstString,
               CK_ULONG    firstStringLen,
               CK_BYTE   * secondString,
               CK_ULONG    secondStringLen,
               CK_BYTE   * thirdString,
               CK_ULONG    thirdStringLen,
               CK_BYTE   * outBuff )
{
   DIGEST_CONTEXT digest_ctx;
   CK_MECHANISM   digest_mech;
   CK_BYTE        hash[MD5_HASH_SIZE];
   CK_ULONG       len;
   CK_RV          rc;

   // If firstString is not NULL,
   //
   // MD5(firstString + secondString + thirdString)
   //
   // If firstString is NULL
   //
   // MD5(secondString + thirdString)
   //
   memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
   digest_mech.mechanism      = CKM_MD5;
   digest_mech.ulParameterLen = 0;
   digest_mech.pParameter     = NULL;

   rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
   if (rc != CKR_OK){
      st_err_log(123, __FILE__, __LINE__); 
      goto error;
   }
   if (firstString != NULL) {
      rc = digest_mgr_digest_update( sess,
                                     &digest_ctx,
                                     firstString,
                                     firstStringLen );
      if (rc != CKR_OK){
         st_err_log(123, __FILE__, __LINE__); 
         goto error;
      }
   }

   rc = digest_mgr_digest_update( sess,
                                  &digest_ctx,
                                  secondString,
                                  secondStringLen );
   if (rc != CKR_OK){
      st_err_log(123, __FILE__, __LINE__); 
      goto error;
   } 
   rc = digest_mgr_digest_update( sess,
                                  &digest_ctx,
                                  thirdString,
                                  thirdStringLen );
   if (rc != CKR_OK){
      st_err_log(123, __FILE__, __LINE__); 
      goto error;
   }
   len = sizeof(hash);
   rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &len );

   if (rc == CKR_OK){
      st_err_log(126, __FILE__, __LINE__); 
      memcpy( outBuff, hash, len );
   }
error:
   digest_mgr_cleanup( &digest_ctx );
   return rc;
}

//
//
CK_RV
ssl3_master_key_derive( SESSION           * sess,
                        CK_MECHANISM      * mech,
                        CK_OBJECT_HANDLE    base_key,
                        CK_ATTRIBUTE      * pTemplate,
                        CK_ULONG            ulCount,
                        CK_OBJECT_HANDLE  * handle )
{
   OBJECT        * derived_key_obj  = NULL;
   OBJECT        * base_key_obj     = NULL;
   CK_ATTRIBUTE  * attr             = NULL;
   CK_ATTRIBUTE  * value_attr       = NULL;
   CK_ATTRIBUTE  * value_len_attr   = NULL;
   CK_ATTRIBUTE  * always_sens_attr = NULL;
   CK_ATTRIBUTE  * extract_attr     = NULL;
   CK_BYTE       * base_key_value   = NULL;
   CK_BYTE         key_data[48];
   CK_ULONG        i, base_key_len;
   CK_BBOOL        flag;
   CK_RV           rc;

   CK_SSL3_MASTER_KEY_DERIVE_PARAMS  * params      = NULL;
   CK_SSL3_RANDOM_DATA               * random_data = NULL;


   if (!sess || !mech){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   params = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *)mech->pParameter;

   rc = object_mgr_find_in_map1( base_key, &base_key_obj );
   if (rc != CKR_OK){
      st_err_log(18, __FILE__, __LINE__); 
      return CKR_KEY_HANDLE_INVALID;
   }
   rc = template_attribute_find( base_key_obj->template, CKA_VALUE, &attr );
   if (rc == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   else {
      base_key_len   = attr->ulValueLen;
      base_key_value = attr->pValue;

      if (base_key_len != 48){
         st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
         return CKR_FUNCTION_FAILED;
      }
   }


   // this mechanism implies the following attributes:
   //    CKA_CLASS     : CKO_SECRET_KEY
   //    CKA_KEY_TYPE  : CKK_GENERIC_SECRET
   //    CKA_VALUE_LEN : 48
   // but we need to make sure the caller didn't specify any
   // wacky values.  it would have been better if Cryptoki had forbidden
   // these attributes from appearing in the template
   //
   for (i=0, attr = pTemplate; i < ulCount; i++, attr++) {
      CK_OBJECT_CLASS  class;
      CK_KEY_TYPE      keytype;
      CK_ULONG         value_len;

      if (attr->type == CKA_CLASS) {
         class = *(CK_OBJECT_CLASS *)attr->pValue;
         if (class != CKO_SECRET_KEY){
            st_err_log(49, __FILE__, __LINE__); 
            return CKR_TEMPLATE_INCONSISTENT;
         }
      }
      else if (attr->type == CKA_KEY_TYPE) {
         keytype = *(CK_KEY_TYPE *)attr->pValue;
         if (keytype != CKK_GENERIC_SECRET){
            st_err_log(49, __FILE__, __LINE__); 
            return CKR_TEMPLATE_INCONSISTENT;
         }
      }
      else if (attr->type == CKA_VALUE_LEN) {
         value_len = *(CK_ULONG *)attr->pValue;
         if (value_len != 48){
            st_err_log(49, __FILE__, __LINE__); 
            return CKR_TEMPLATE_INCONSISTENT;
         }
      }
   }

   memset( key_data, 0x0, sizeof(key_data) );

   random_data = (CK_SSL3_RANDOM_DATA *)(&params->RandomInfo);

   // derive the master key data
   //
   rc = ssl3_sha_then_md5( sess,
                           base_key_value,
                           random_data->pClientRandom,
                           random_data->ulClientRandomLen,
                           random_data->pServerRandom,
                           random_data->ulServerRandomLen,
                           (unsigned char *)"A",
                           1,
                           key_data );

   if (rc != CKR_OK){
      st_err_log(136, __FILE__, __LINE__); 
      goto error;
   }
   rc = ssl3_sha_then_md5( sess,
                           base_key_value,
                           random_data->pClientRandom,
                           random_data->ulClientRandomLen,
                           random_data->pServerRandom,
                           random_data->ulServerRandomLen,
                           (unsigned char *)"BB",
                           2,
                           &key_data[16] );
   if (rc != CKR_OK){
      st_err_log(136, __FILE__, __LINE__); 
      goto error;
   }
   rc = ssl3_sha_then_md5( sess,
                           base_key_value,
                           random_data->pClientRandom,
                           random_data->ulClientRandomLen,
                           random_data->pServerRandom,
                           random_data->ulServerRandomLen,
                           (unsigned char *)"CCC",
                           3,
                           &key_data[32] );
   if (rc != CKR_OK){
      st_err_log(136, __FILE__, __LINE__); 
      goto error;
   }
   // build the key skeleton
   //
   rc = object_mgr_create_skel( sess,
                                pTemplate,       ulCount,
                                MODE_DERIVE,
                                CKO_SECRET_KEY,  CKK_GENERIC_SECRET,
                                &derived_key_obj );
   if (rc != CKR_OK){
      st_err_log(89, __FILE__, __LINE__); 
      goto error;
   }

   rc = build_attribute( CKA_VALUE, key_data, 48, &value_attr );
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__); 
      goto error;
   }
   rc = build_attribute( CKA_VALUE_LEN, (CK_BYTE *)&base_key_len, sizeof(CK_ULONG), &value_len_attr );
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__); 
      goto error;
   }

   //
   // now, adjust the CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE
   // attributes based on the corresponding values from the base key
   //

   // if base key has ALWAYS_SENSITIVE = FALSE, then new key does too
   // otherwise, the value of CKA_ALWAYS_SENSITIVE = CKA_SENSITIVE
   //
   rc = template_attribute_find( base_key_obj->template, CKA_ALWAYS_SENSITIVE, &attr );
   if (rc == FALSE) {
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      rc = CKR_FUNCTION_FAILED;
      goto error;
   }

   flag = *(CK_BBOOL *)attr->pValue;
   if (flag == TRUE) {
      rc = template_attribute_find( derived_key_obj->template, CKA_SENSITIVE, &attr );
      if (rc == FALSE) {
         st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
         rc = CKR_FUNCTION_FAILED;
         goto error;
      }
      flag = *(CK_BBOOL *)attr->pValue;
   }

   rc = build_attribute( CKA_ALWAYS_SENSITIVE, &flag, sizeof(CK_BBOOL), &always_sens_attr );
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__); 
      goto error;
   }

   // if base key has NEVER_EXTRACTABLE = FASE, the new key does too
   // otherwise, the value of CKA_NEVER_EXTRACTABLE = !CKA_EXTRACTABLE
   //
   rc = template_attribute_find( base_key_obj->template, CKA_NEVER_EXTRACTABLE, &attr );
   if (rc == FALSE) {
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      rc = CKR_FUNCTION_FAILED;
      goto error;
   }

   flag = *(CK_BBOOL *)attr->pValue;
   if (flag == TRUE) {
      rc = template_attribute_find( derived_key_obj->template, CKA_EXTRACTABLE, &attr );
      if (rc == FALSE) {
         st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
         rc = CKR_FUNCTION_FAILED;
         goto error;
      }

      flag = *(CK_BBOOL *)attr->pValue;

      flag = (~flag) & 0x1;
   }

   rc = build_attribute( CKA_NEVER_EXTRACTABLE, &flag, sizeof(CK_BBOOL), &extract_attr );
   if (rc != CKR_OK){
      st_err_log(84, __FILE__, __LINE__); 
      goto error;
   }
   template_update_attribute( derived_key_obj->template, value_attr );
   template_update_attribute( derived_key_obj->template, value_len_attr );
   template_update_attribute( derived_key_obj->template, always_sens_attr );
   template_update_attribute( derived_key_obj->template, extract_attr );

   // at this point, the derived key is fully constructed...assign an
   // object handle and store the key
   //
   rc = object_mgr_create_final( sess, derived_key_obj, handle );
   if (rc != CKR_OK) {
      st_err_log(90, __FILE__, __LINE__); 
      object_free( derived_key_obj );
      return rc;  // do NOT goto error
   }

   // should we destroy the base key?  SSL3 says yes but that might
   // occur in a separate call to C_DestroyObject
   //

   return CKR_OK;

error:
   if (value_attr)        free( value_attr );
   if (value_len_attr)    free( value_len_attr );
   if (always_sens_attr)  free( always_sens_attr );
   if (extract_attr)      free( extract_attr );

   return rc;
}


//
//
CK_RV
ssl3_key_and_mac_derive( SESSION           * sess,
                         CK_MECHANISM      * mech,
                         CK_OBJECT_HANDLE    base_key,
                         CK_ATTRIBUTE      * pTemplate,
                         CK_ULONG            ulCount )
{
   OBJECT       * base_key_obj           = NULL;
   CK_ATTRIBUTE * attr                   = NULL;

   CK_BYTE     * client_MAC_key_value   = NULL;
   CK_BYTE     * server_MAC_key_value   = NULL;
   CK_BYTE     * client_write_key_value = NULL;
   CK_BYTE     * server_write_key_value = NULL;
   CK_BYTE     * client_IV              = NULL;
   CK_BYTE     * server_IV              = NULL;
   CK_KEY_TYPE   keytype                = 0xFFFFFFFF;
   CK_BYTE       variable_data[26];
   CK_BYTE       key_block[(16*26) + (4*16)];
   CK_ULONG      i, key_material_loop_count;
   CK_ULONG      iv_len, MAC_len, write_len;
   CK_RV         rc;