bcom_specific.c

IBM的Linux上的PKCS#11实现

  rsa_pub->n_len = 0;
  rsa_pub->e = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES*sizeof(unsigned char));
  bzero(rsa_pub->e, MAX_PUBLIC_KEY_BYTES);
  rsa_pub->e_len = 0;

  if (! (rsa_pub->n && rsa_pub->e)) {
    goto error;
  }

  *out_rsa_pub = rsa_pub;
  return 0;

 error:
  if (rsa_pub) {
    if (rsa_pub->n) {
      free(rsa_pub->n);
    }
    if (rsa_pub->e) {
      free(rsa_pub->e);
    }
    free (rsa_pub);
  }
  return -1;
}

/* 
 * Convert from the local PKCS11 template representation to
 * the BCOM representation.
 * This function allocates memory for a BCOM_RSA_PUB_KEY_t
 * object, which must be freed by a call to bcom_rsa__pub_free
 */
int bcom_rsa_pub_from_object(OBJECT *key_obj, BCOM_RSA_PUB_KEY_t **pubKey)
{
   CK_BBOOL            rc;
   CK_ATTRIBUTE        *obj_modulus = NULL;
   CK_ATTRIBUTE        *obj_pub_exp = NULL;
   BCOM_RSA_PUB_KEY_t  *mexp;
   BCOM_RSA_PUB_KEY_t  *tPubKey;
   
   /* retreive the RSA modulus and public exponent from the PKCS11 template */
   rc  = template_attribute_find( key_obj->template, CKA_MODULUS,         &obj_modulus );
   rc &= template_attribute_find( key_obj->template, CKA_PUBLIC_EXPONENT, &obj_pub_exp );
   if (rc == FALSE) {
      return -1;
   }
   
   /* allocate memory for a Broadom representation */
   rc = bcom_rsa_pub_new(&tPubKey);
   if (rc != 0) {
     pubKey = 0;
     return -1;
   }
   
   tPubKey->n_len = obj_modulus->ulValueLen; 
   tPubKey->e_len = obj_pub_exp->ulValueLen;
   bignum_swapper(obj_modulus->pValue, (unsigned char *)tPubKey->n, tPubKey->n_len);
   bignum_swapper(obj_pub_exp->pValue, (unsigned char *)tPubKey->e, tPubKey->e_len);
   
   *pubKey = tPubKey;

   return 0;
}

/* XXX revisite this to make sure I got if right */
void bcom_rsa_pub_free(BCOM_RSA_PUB_KEY_t **pubKey)
{
  BCOM_RSA_PUB_KEY_t  *tPubKey;
  
  if (pubKey) {
    tPubKey = *pubKey;
    if (tPubKey) {
      if (tPubKey->e) {
	free(tPubKey->e);
      }
      if (tPubKey->n) {
	free(tPubKey->n);
      }
      free(tPubKey);
    }
    *pubKey = 0;
  }
}
    
int bcom_rsa_crt_new(BCOM_RSA_CRT_KEY_t **out_rsa_priv)
{
  int rc = -1;
  BCOM_RSA_CRT_KEY_t *rsa_priv;
  
  rsa_priv = (BCOM_RSA_CRT_KEY_t *)malloc(sizeof(BCOM_RSA_CRT_KEY_t));
  if (! rsa_priv) {
    goto error;
  }
  
  rsa_priv->n = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES);
  bzero(rsa_priv->n, MAX_PUBLIC_KEY_BYTES);
  rsa_priv->d = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES);
  bzero(rsa_priv->d, MAX_PUBLIC_KEY_BYTES);
  rsa_priv->d_len = 0;
  rsa_priv->p = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES);
  bzero(rsa_priv->p, MAX_PUBLIC_KEY_BYTES);
  rsa_priv->p_len = 0;
  rsa_priv->q = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES);
  bzero(rsa_priv->q, MAX_PUBLIC_KEY_BYTES);
  rsa_priv->q_len = 0;
  rsa_priv->dp = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES);
  bzero(rsa_priv->dp, MAX_PUBLIC_KEY_BYTES);
  rsa_priv->dp_len = 0;
  rsa_priv->dq = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES);
  bzero(rsa_priv->dq, MAX_PUBLIC_KEY_BYTES);
  rsa_priv->dq_len = 0;
  rsa_priv->pinv = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES);
  bzero(rsa_priv->pinv, MAX_PUBLIC_KEY_BYTES);
  rsa_priv->pinv_len = 0;

  if (! (rsa_priv->p && rsa_priv->q && rsa_priv->dp && rsa_priv->dq && rsa_priv->pinv)) {
    goto error;
  }
  
  *out_rsa_priv = rsa_priv;
  return 0;
  
 error:
  if (rsa_priv) {
    if (rsa_priv->p) {
      free(rsa_priv->p);
    }
    if (rsa_priv->q) {
      free(rsa_priv->q);
    }
    if (rsa_priv->dp) {
      free(rsa_priv->dp);
    }
    if (rsa_priv->dq) {
      free(rsa_priv->dq);
    }
    if (rsa_priv->pinv) {
      free(rsa_priv->pinv);
    }
    free (rsa_priv);
  }
  return -1;
}

int bcom_rsa_crt_key_from_object(OBJECT *key_obj, BCOM_RSA_CRT_KEY_t **privKey)
{
  CK_ATTRIBUTE       *obj_modulus   = NULL;
  CK_ATTRIBUTE       *obj_priv_exp  = NULL;
  CK_ATTRIBUTE       *obj_prime1    = NULL;
  CK_ATTRIBUTE       *obj_prime2    = NULL;
  CK_ATTRIBUTE       *obj_priv_exp1 = NULL;
  CK_ATTRIBUTE       *obj_priv_exp2 = NULL;
  CK_ATTRIBUTE       *obj_coeff     = NULL;
  CK_BBOOL           rc;
  BCOM_RSA_CRT_KEY_t *tPrivKey;
  
  rc  = template_attribute_find( key_obj->template, CKA_MODULUS,          &obj_modulus );
  rc &= template_attribute_find( key_obj->template, CKA_PRIVATE_EXPONENT, &obj_priv_exp );
  rc &= template_attribute_find( key_obj->template, CKA_PRIME_1,          &obj_prime1 );
  rc &= template_attribute_find( key_obj->template, CKA_PRIME_2,          &obj_prime2 );
  rc &= template_attribute_find( key_obj->template, CKA_EXPONENT_1,       &obj_priv_exp1 );
  rc &= template_attribute_find( key_obj->template, CKA_EXPONENT_2,       &obj_priv_exp2 );
  rc &= template_attribute_find( key_obj->template, CKA_COEFFICIENT,      &obj_coeff );
  
  if (!obj_prime1 || !obj_prime2 || !obj_priv_exp1 || !obj_priv_exp2 || !obj_coeff || !obj_modulus) {
    return -1;
  }
  
  rc = bcom_rsa_crt_new(&tPrivKey);
  if (rc != 0) {
    return -1;
  }
  
  tPrivKey->n_len = obj_modulus->ulValueLen;
  bignum_swapper(obj_modulus->pValue, (unsigned char *)tPrivKey->n, tPrivKey->n_len);
  
  tPrivKey->d_len = obj_priv_exp->ulValueLen;
  bignum_swapper(obj_priv_exp->pValue, (unsigned char *)tPrivKey->d, tPrivKey->d_len);

  tPrivKey->p_len = obj_prime1->ulValueLen;
  bignum_swapper(obj_prime1->pValue,(unsigned char *) tPrivKey->p, tPrivKey->p_len);
  
  tPrivKey->q_len = obj_prime2->ulValueLen;
  bignum_swapper(obj_prime2->pValue, (unsigned char *)tPrivKey->q, tPrivKey->q_len);
  
  tPrivKey->dp_len = obj_priv_exp1->ulValueLen;
  bignum_swapper(obj_priv_exp1->pValue, (unsigned char *)tPrivKey->dp, tPrivKey->dp_len);
  
  tPrivKey->dq_len = obj_priv_exp2->ulValueLen;
  bignum_swapper(obj_priv_exp2->pValue, (unsigned char *)tPrivKey->dq, tPrivKey->dq_len);
  
  tPrivKey->pinv_len = obj_coeff->ulValueLen;
  bignum_swapper(obj_coeff->pValue, (unsigned char *)tPrivKey->pinv, tPrivKey->pinv_len);
  
  *privKey = tPrivKey;
  
  return 0;
}

/* XXX revisite this to make sure I got it right */
void bcom_rsa_crt_free(BCOM_RSA_CRT_KEY_t **crtKey)
{
  BCOM_RSA_CRT_KEY_t  *tCrtKey;
  
  if (crtKey) {
    tCrtKey = *crtKey;
    if (tCrtKey) {
      if (tCrtKey->d) {
	free(tCrtKey->d);
      }
      if (tCrtKey->p) {
	free(tCrtKey->p);
      }
      if (tCrtKey->q) {
	free(tCrtKey->q);
      }
      if (tCrtKey->dp) {
	free(tCrtKey->dp);
      }
      if (tCrtKey->dq) {
	free(tCrtKey->dq);
      }
      if (tCrtKey->pinv) {
	free(tCrtKey->pinv);
      }
      free(tCrtKey);
    }
    *crtKey = 0;
  }
}


CK_RV
os_specific_rsa_keygen(TEMPLATE *publ_tmpl,  TEMPLATE *priv_tmpl)
{
	CK_ATTRIBUTE       * publ_exp = NULL;
	CK_ATTRIBUTE       * attr     = NULL;
	CK_ULONG             mod_bits;
	CK_BBOOL             flag;
	CK_RV                rc;
	CK_ULONG             BN_Length;
	BCOM_RSA_CRT_KEY_t     * rsa_priv;
	BCOM_RSA_PUB_KEY_t        * rsa_pub;
	BCOM_RSA_CRT_KEY_t     * swapped_rsa_priv;
	BCOM_RSA_PUB_KEY_t        * swapper_rsa_pub;
	int ret;
	CK_ATTRIBUTE      * my_pub_exp = NULL;

	flag = template_attribute_find( publ_tmpl, CKA_MODULUS_BITS, &attr );
	if (!flag){
		st_err_log(48, __FILE__, __LINE__);
		return CKR_TEMPLATE_INCOMPLETE;  // should never happen
        }

	mod_bits = *(CK_ULONG *)attr->pValue;

	// we don't support less than 512 bit keys or more than 2048 bit keys
	if (mod_bits < 512 || mod_bits > 2048) {
		st_err_log(19, __FILE__, __LINE__);
		return CKR_KEY_SIZE_RANGE;
	}

	ret = bcom_rsa_pub_new(&rsa_pub);
	if (ret != 0) {
	  st_err_log(40 /* XXX ??? */, __FILE__, __LINE__);
	  rc = CKR_GENERAL_ERROR;
	  goto done;
	}

	/* get the value of the public exponent e from the template.
	   if I don't err, Cryptoki states that e should always be given.
	   XXX if not check flag returned to see if attribute exists ?
	*/
	flag = template_attribute_find( publ_tmpl, CKA_PUBLIC_EXPONENT, &publ_exp );
	if (!flag){
		st_err_log(48, __FILE__, __LINE__);
		return CKR_TEMPLATE_INCOMPLETE;
	}

	/* PKCS11 defines big integers in big-endianess, Broadcom uses little-endianess */
	swapper(publ_exp->pValue, (unsigned char*)rsa_pub->e, publ_exp->ulValueLen);
	rsa_pub->e_len = ubsec_bytes_to_bits((unsigned char *)rsa_pub->e, publ_exp->ulValueLen);

	ret = bcom_rsa_crt_new(&rsa_priv);
	if (ret != 0) {
	  st_err_log(40 /* XXX ??? */, __FILE__, __LINE__);
	  rc = CKR_GENERAL_ERROR;
	  goto done;
	}

	//	rsa = foo_RSA_generate_key(mod_bits, three, NULL, NULL);
	ret = ubsec_rsakeygen(bcomfd, 
			     mod_bits,
			     (unsigned char*)rsa_pub->e, &(rsa_pub->e_len),
			     (unsigned char*)rsa_priv->p, &(rsa_priv->p_len),
			     (unsigned char*)rsa_priv->q, &(rsa_priv->q_len),
			     (unsigned char*)rsa_pub->n, &(rsa_pub->n_len),
			     (unsigned char*)rsa_priv->d, &(rsa_priv->d_len),
			     (unsigned char*)rsa_priv->dp, &(rsa_priv->dp_len),
			     (unsigned char*)rsa_priv->dq, &(rsa_priv->dq_len),
			     (unsigned char*)rsa_priv->pinv, &(rsa_priv->pinv_len));
	if (ret != 0) {
	  st_err_log(40 /* XXX ??? */, __FILE__, __LINE__);
	  rc = CKR_GENERAL_ERROR;
	  goto done;
	}
	
#if PRINT_BIGNUM
	fprintf(stderr, " ========= generated parameters ===========\n");
	fprintf(stderr, "e:\n");
	PrintNumber(stderr, rsa_pub->e, rsa_pub->e_len, 1);
	fprintf(stderr, "n:\n");
	PrintNumber(stderr, rsa_pub->n, rsa_pub->n_len, 1);
	fprintf(stderr, "p:\n");
	PrintNumber(stderr, rsa_priv->p, rsa_priv->p_len, 1);
	fprintf(stderr, "q:\n");
	PrintNumber(stderr, rsa_priv->q, rsa_priv->q_len, 1);
	fprintf(stderr, "d:\n");
	PrintNumber(stderr, rsa_priv->d, rsa_priv->d_len, 1);
	fprintf(stderr, "dp:\n");
	PrintNumber(stderr, rsa_priv->dp, rsa_priv->dp_len, 1);
	fprintf(stderr, "dq:\n");
	PrintNumber(stderr, rsa_priv->dq, rsa_priv->dq_len, 1);
	fprintf(stderr, "pinv:\n");
	PrintNumber(stderr, rsa_priv->pinv, rsa_priv->pinv_len, 1);
	fprintf(stderr, " ==========================================\n");
#endif


	// Now fill in the key objects objects..
	// Swapp the big integers from Broadcom's little-endian to PKCS11 big-endian

	// public key object
	// modulus n
	rc = build_swapped_attribute( CKA_MODULUS, (unsigned char *)rsa_pub->n, 
				      ubsec_bits_to_bytes(rsa_pub->n_len), &attr); // length in bytes
	if (rc != CKR_OK){
		st_err_log(84, __FILE__, __LINE__);
		goto done;
        }
	template_update_attribute( publ_tmpl, attr );

	// public exponent
        rc = build_swapped_attribute( CKA_PUBLIC_EXPONENT, (unsigned char*)rsa_pub->e, 
				      ubsec_bits_to_bytes(rsa_pub->e_len), &attr);
        if (rc != CKR_OK){
                st_err_log(84, __FILE__, __LINE__);
                goto done;
        }
        template_update_attribute( publ_tmpl, attr );

	// local = TRUE
	flag = TRUE;
	rc = build_attribute( CKA_LOCAL, &flag, sizeof(CK_BBOOL), &attr );
	if (rc != CKR_OK){
	  st_err_log(84, __FILE__, __LINE__);
	  goto done;
	}
	template_update_attribute( publ_tmpl, attr );

	/*
	 * now, do the private key
	 */

	// Add the modulus to the private key information
	rc = build_swapped_attribute( CKA_MODULUS, (unsigned char*)rsa_pub->n, ubsec_bits_to_bytes(rsa_pub->n_len) ,&attr ); 
	if (rc != CKR_OK){
		st_err_log(84, __FILE__, __LINE__);
		goto done;
	}
	template_update_attribute( priv_tmpl, attr );

	// private exponent
        rc = build_swapped_attribute( CKA_PRIVATE_EXPONENT, (unsigned char*)rsa_priv->d, 
				      ubsec_bits_to_bytes(rsa_priv->d_len), &attr );
        if (rc != CKR_OK){
                st_err_log(84, __FILE__, __LINE__);
                goto done;
        }
        template_update_attribute( priv_tmpl, attr );

	// prime #1: p
	rc = build_swapped_attribute( CKA_PRIME_1, (unsigned char*)rsa_priv->p, 
				      ubsec_bits_to_bytes(rsa_priv->p_len), &attr );
	if (rc != CKR_OK){
		st_err_log(84, __FILE__, __LINE__);
		goto done;
	}
	template_update_attribute( priv_tmpl, attr );

	// prime #2: q
	rc = build_swapped_attribute( CKA_PRIME_2, (unsigned char*)rsa_priv->q, 
				      ubsec_bits_to_bytes(rsa_priv->q_len), &attr );
	if (rc != CKR_OK){
		st_err_log(84, __FILE__, __LINE__);
		goto done;
	}
	template_update_attribute( priv_tmpl, attr );

	// exponent 1: d mod(p-1)
	rc = build_swapped_attribute( CKA_EXPONENT_1, (unsigned char*)rsa_priv->dp, 
				      ubsec_bits_to_bytes(rsa_priv->dp_len), &attr );
	if (rc != CKR_OK){
		st_err_log(84, __FILE__, __LINE__);
		goto done;
	}
	template_update_attribute( priv_tmpl, attr );

	// exponent 2: d mod(q-1)
	rc = build_swapped_attribute( CKA_EXPONENT_2, (unsigned char*)rsa_priv->dq, 
				      ubsec_bits_to_bytes(rsa_priv->dq_len), &attr );
	if (rc != CKR_OK){
		st_err_log(84, __FILE__, __LINE__);
		goto done;
	}
	template_update_attribute( priv_tmpl, attr );

	// CRT coefficient:  q_inverse mod(p)
	rc = build_swapped_attribute( CKA_COEFFICIENT, (unsigned char*)rsa_priv->pinv, 
				      ubsec_bits_to_bytes(rsa_priv->pinv_len), &attr );
	if (rc != CKR_OK){
		st_err_log(84, __FILE__, __LINE__);
		goto done;
	}
	template_update_attribute( priv_tmpl, attr );

	// flag TRUE
	flag = TRUE;
	rc = build_attribute( CKA_LOCAL, &flag, sizeof(CK_BBOOL), &attr );
	if (rc != CKR_OK){
		st_err_log(84, __FILE__, __LINE__);
		goto done;
	}
	template_update_attribute( priv_tmpl, attr );

done:
	if (rsa_pub) {
	  bcom_rsa_pub_free(&rsa_pub);
	}
	if (rsa_priv) {
	  bcom_rsa_crt_free(&rsa_priv);
	}

	return rc;
}

CK_RV
token_specific_rsa_generate_keypair( TEMPLATE  * publ_tmpl,
                      TEMPLATE  * priv_tmpl )
{
  CK_RV                rc;
  
  rc = os_specific_rsa_keygen(publ_tmpl,priv_tmpl);
  if (rc != CKR_OK)
    st_err_log(91, __FILE__, __LINE__);
  return rc;
}



CK_RV
token_specific_rsa_encrypt( CK_BYTE   *in_data,
			    CK_ULONG   in_data_len,
			    CK_BYTE   *out_data,
			    OBJECT    *key_obj )
{
  CK_RV               rc;
  BCOM_RSA_PUB_KEY_t  *pubKey;
  int                 out_len_bits;
  CK_BYTE             *tcipher, *tclear;
  
  rc = bcom_rsa_pub_from_object(key_obj, &pubKey);
  if ( rc != 0) {
    rc = CKR_FUNCTION_FAILED;
    goto done;
  }
  
  /* 
   * do some verification on size of in_data_len (make sure < size of n)
   */
  if (in_data_len > pubKey->n_len) {
    rc = CKR_FUNCTION_FAILED;
  }
  
  /* allocate enough memory (size of modulus)  
     for swapped cleartext and for ciphertext */
  tcipher = (CK_BYTE *)malloc(pubKey->n_len);