pk11keys.c revision 99ebb4ca412cb0a19d77a3899a87c055b9c30fa8
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
* File: KEYS.C
*
* Copyright (c) 1995-2000 Intel Corporation. All rights reserved.
*
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <kmfapiP.h>
#include <security/cryptoki.h>
#include <algorithm.h>
#include <ber_der.h>
#define MAX_PUBLIC_KEY_TEMPLATES (20)
#define MAX_PRIVATE_KEY_TEMPLATES (24)
#define MAX_SECRET_KEY_TEMPLATES (24)
static KMF_RETURN
{
int i;
if (!is_pk11_ready()) {
(rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) {
goto out;
}
}
goto out;
}
goto out;
}
goto out;
}
for (i = 0; i < pulCount; i++) {
break;
}
if (i < pulCount) {
}
} else {
}
out:
return (kmf_rv);
}
/*
* Name: PKCS_AddTemplate
*
* Description:
* Adds a CK_ATTRIBUTE value to an existing array of CK_ATTRIBUTES. Will
* not expand the array beyond the maximum specified size.
*
* Returns:
* TRUE - Attribute value succesfully added.
* FALSE - Maximum array size would be exceded.
*/
static int
{
if (*ckNumTemplates >= ckMaxTemplates) {
return (FALSE);
}
(*ckNumTemplates)++;
return (TRUE);
}
/*
* Convert an SPKI data record to PKCS#11
* public key object.
*/
static KMF_RETURN
const KMF_X509_SPKI *pKey,
{
CK_ULONG ckNumTemplates = 0;
/* Common object attributes */
/* Common key attributes */
/* Common public key attributes */
/* Key part array */
/* Parse the keyblob */
return (mrReturn);
/* Fill in the common object attributes */
if (!PKCS_AddTemplate(ckTemplate,
(CK_BYTE *)&ckObjClass,
sizeof (ckObjClass)) ||
sizeof (ckToken)) ||
sizeof (ckPrivate))) {
goto cleanup;
}
/* Fill in the common key attributes */
&ckKeyType)) {
goto cleanup;
}
if (!PKCS_AddTemplate(ckTemplate,
sizeof (ckKeyType)) ||
sizeof (ckDerive))) {
goto cleanup;
}
/* Add common public key attributes */
if (!PKCS_AddTemplate(ckTemplate,
sizeof (ckEncrypt)) ||
sizeof (ckVerify)) ||
(CK_BYTE *)&ckVerifyRecover,
sizeof (ckVerifyRecover)) ||
sizeof (ckWrap))) {
goto cleanup;
}
/* Add algorithm specific attributes */
switch (ckKeyType) {
case CKK_RSA:
if (!PKCS_AddTemplate(ckTemplate,
goto cleanup;
}
break;
case CKK_DSA:
if (!PKCS_AddTemplate(ckTemplate,
goto cleanup;
}
break;
default:
}
/* Instantiate the object */
}
for (i = 0; i < uNumKeyParts; i++) {
KMF_FreeData(&KeyParts[i]);
}
return (mrReturn);
}
/*
* PKCS_AcquirePublicKeyHandle
*
* Given an assymetric key keyblob, attempts to find the appropriate
* public key.
*
* Methods of finding the public key:
* - Public Key with data present:
* Parses the key and creates a temporary session object.
* - Public Key with handle:
* The handle is type converted and returned. Validity of the handle is
* not checked.
* - Public Key with label:
* Attempts to find a public key with the corresponding label.
*/
static KMF_RETURN
const KMF_X509_SPKI *pKey,
{
/* Key searching variables */
sizeof (CK_ATTRIBUTE));
/* Extract the data from the SPKI into individual fields */
return (mrReturn);
*pbTemporary = KMF_TRUE;
/* Fetch the key class and algorithm from the object */
ckNumTemplates = 0;
if (!PKCS_AddTemplate(ckTemplate,
(CK_BYTE *)&ckObjClass,
sizeof (ckObjClass)) ||
sizeof (ckKeyType))) {
return (KMF_ERR_INTERNAL);
}
return (ckRv);
}
/* Make sure the results match the expected values */
if ((ckKeyType != ckRequestedKeyType) ||
(ckObjClass != CKO_PUBLIC_KEY)) {
if (*pbTemporary == KMF_TRUE) {
}
return (KMF_ERR_BAD_KEY_FORMAT);
}
/* Set the return values */
return (KMF_OK);
}
{
switch (AlgId) {
case KMF_ALGID_RSA:
case KMF_ALGID_MD5WithRSA:
case KMF_ALGID_MD2WithRSA:
case KMF_ALGID_SHA1WithRSA:
break;
default:
break;
}
return (AlgMode);
}
{
if (AlgorithmId == KMF_ALGID_NONE)
return (KMF_ERR_BAD_ALGORITHM);
if (!pAlgMap)
return (KMF_ERR_BAD_ALGORITHM);
return (rv);
/* Fetch the verifying key */
(void) C_CloseSession(ckSession);
return (rv);
}
if (bTempKey)
(void) C_CloseSession(ckSession);
return (KMF_ERR_INTERNAL);
}
}
if (bTempKey)
(void) C_CloseSession(ckSession);
return (rv);
}
{
int i, blocks, block_size;
sizeof (CK_ATTRIBUTE));
if (!pAlgMap)
return (KMF_ERR_BAD_ALGORITHM);
return (rv);
/* Get the public key used in encryption */
(void) C_CloseSession(ckSession);
return (rv);
}
/* Get the modulus length */
ckNumTemplates = 0;
if (!PKCS_AddTemplate(ckTemplate,
sizeof (CK_ULONG))) {
if (bTempKey)
(void) C_CloseSession(ckSession);
return (KMF_ERR_INTERNAL);
}
if (bTempKey)
(void) C_CloseSession(ckSession);
return (KMF_ERR_INTERNAL);
}
if (bTempKey)
(void) C_CloseSession(ckSession);
return (KMF_ERR_BUFFER_SIZE);
}
/* Compute the fixed input data length for single-part encryption */
for (i = 0; i < blocks; i++) {
if (bTempKey)
(void) C_CloseSession(ckSession);
return (KMF_ERR_INTERNAL);
}
if (bTempKey)
(void) C_CloseSession(ckSession);
return (KMF_ERR_INTERNAL);
}
in_data += block_size;
}
/* Encrypt the remaining data */
if (bTempKey)
(void) C_CloseSession(ckSession);
return (KMF_ERR_INTERNAL);
}
if (bTempKey)
(void) C_CloseSession(ckSession);
return (KMF_ERR_INTERNAL);
}
}
if (bTempKey)
(void) C_CloseSession(ckSession);
return (rv);
}
{
return (rv);
return (rv);
}
{
int i;
return (KMF_ERR_BAD_PARAMETER);
return (KMF_ERR_MEMORY);
return (rv);
return (rv);
/* Check the KEY algorithm */
if (algId == KMF_ALGID_RSA) {
ID);
} else if (algId == KMF_ALGID_DSA) {
ID);
} else {
/* We only support RSA and DSA keys for now */
}
for (i = 0; i < uNumKeyParts; i++) {
}
}
(void) C_CloseSession(hSession);
return (rv);
}