kernelKeys.c revision 60722cc87944966611a21fa3bebb86e9b77e8e9c
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <strings.h>
#include <errno.h>
#include <security/cryptoki.h>
#include "kernelGlobal.h"
#include "kernelSession.h"
#include "kernelObject.h"
static boolean_t
{
int i;
for (i = 0; i < ulAttributeCount; i++) {
return (B_TRUE);
}
return (B_FALSE);
}
{
int r;
if (!kernel_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
/* Obtain the session pointer */
return (rv);
goto failed_exit;
}
goto failed_exit;
}
/* Get the kernel's internal mechanism number. */
goto failed_exit;
}
/* Create an object wrapper in the library first */
goto failed_exit;
}
/* Process the attributes */
goto failed_exit;
}
/* Cannot create a token object with a READ-ONLY session. */
goto failed_exit;
}
/* Call the CRYPTO_GENERATE_KEY ioctl */
break;
}
if (r < 0) {
} else {
}
goto failed_exit;
}
/* Get the value of the CKA_PRIVATE attribute. */
goto failed_exit;
}
/*
* Store the kernel object handle in the object wrapper and
* initialize the library object.
*/
if (is_pri_obj)
else
if (is_token_obj)
else
/*
* Add the new object to the slot's token object list if it is a
* a token object. Otherwise, add it to the session's object list.
*/
if (is_token_obj) {
} else {
}
return (rv);
}
return (rv);
}
{
int r;
if (!kernel_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
/* Obtain the session pointer. */
return (rv);
(phPrivateKey == NULL)) {
goto failed_exit;
}
goto failed_exit;
}
if ((pPrivateKeyTemplate == NULL) &&
(ulPrivateKeyAttributeCount != 0)) {
goto failed_exit;
}
/* Get the kernel's internal mechanism number. */
goto failed_exit;
}
/* Create an object wrapper for the public key */
if (new_pub_objp == NULL) {
goto failed_exit;
}
/* Create an object wrapper for the private key. */
if (new_pri_objp == NULL) {
goto failed_exit;
}
/* Process the public key attributes. */
goto failed_exit;
}
/* Cannot create a token object with a READ-ONLY session. */
goto failed_exit;
}
/* Process the private key attributes. */
goto failed_exit;
}
/*
* The public key and the private key need to contain the same
* attribute values for CKA_TOKEN.
*/
if (is_token_obj1 != is_token_obj2) {
goto failed_exit;
}
/* Call the CRYPTO_GENERATE_KEY_PAIR ioctl. */
break;
}
if (r < 0) {
} else {
}
goto failed_exit;
}
/* Get the CKA_PRIVATE value for the key pair. */
&is_pri_obj1);
goto failed_exit;
}
&is_pri_obj2);
goto failed_exit;
}
/*
* Store the kernel public key handle into the public key object and
* finish the public key object initialization.
*/
if (is_pri_obj1)
else
if (is_token_obj1)
else
/*
* Store the kernel private key handle into the private key object
* and finish the private key object initialization.
*/
if (is_pri_obj2)
else
if (is_token_obj2)
else
/*
* token objects. Otherwise, add them to the session's object list.
*/
if (is_token_obj1) { /* is_token_obj1 == is_token_obj2 */
} else {
}
return (rv);
if (new_pub_objp != NULL) {
(void) free(new_pub_objp);
}
if (new_pri_objp != NULL) {
(void) free(new_pri_objp);
}
return (rv);
}
{
int r;
if (!kernel_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
return (CKR_ARGUMENTS_BAD);
}
/*
* Obtain the session pointer. Also, increment the session
* reference count.
*/
return (rv);
/* Get the kernel's internal mechanism number. */
return (rv);
}
/* Obtain the wrapping key object pointer. */
return (rv);
}
/* Obtain the to_be_wrapped key object pointer. */
return (rv);
}
/* Make the CRYPTO_OBJECT_WRAP_KEY ioctl call. */
break;
}
if (r < 0) {
} else {
}
/*
* Besides rv == CKR_OK, we will set the value of pulWrappedKeyLen
* when the applciation-supplied wrapped key buffer is too small.
* The situation that the application only asks for the length of
* the wrapped key is covered in rv == CKR_OK.
*/
}
return (rv);
}
{
int r;
if (!kernel_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
return (CKR_ARGUMENTS_BAD);
}
return (CKR_ARGUMENTS_BAD);
}
/* Obtain the session pointer. */
return (rv);
/* Obtain the wrapping key object pointer. */
return (rv);
}
/*
* If the HW provider doesn't support C_UnwrapKey, we will try
* to emulate it in the library.
*/
&k_mi_flags);
goto failed_exit;
}
/*
* If the mechanism flag doesn't have CKF_UNWRAP, and it's
* an unwrapping of a secret key object, then help this
* out with a decryption followed by an object creation.
*/
if (!(k_mi_flags & CRYPTO_FG_UNWRAP) &&
(k_mi_flags & CRYPTO_FG_DECRYPT) &&
/* First allocate space for the recovered key value */
if (clear_key_val == NULL) {
goto failed_exit;
}
goto failed_exit;
}
goto failed_exit;
}
/* Now add the CKA_VALUE attribute to template */
sizeof (CK_ATTRIBUTE));
if (newTemplate == NULL) {
goto failed_exit;
}
/* Finally create the key, based on the new template */
(void) free(clear_key_val);
(void) free(newTemplate);
return (rv);
} else {
goto failed_exit;
}
}
/*
* If we come here, the HW provider must have registered the unwrapkey
* entry. Therefore, the unwrap key will be performed in the HW
* provider.
*/
goto failed_exit;
}
/* Create an object wrapper for the new key in the library first */
goto failed_exit;
}
/* Process the attributes */
goto failed_exit;
}
/* Cannot create a token object with a READ-ONLY session. */
goto failed_exit;
}
/* Make the CRYPTO_UNWRAP_KEY ioctl call. */
break;
}
if (r < 0) {
} else {
}
goto failed_exit;
}
/* Get the CKA_PRIVATE value for the unwrapped key. */
&is_pri_obj);
goto failed_exit;
}
/*
* Store the kernel object handle in the new key object wrapper and
* initialize it.
*/
if (is_pri_obj)
else
if (is_token_obj)
else
/*
* Add the new object to the slot's token object list if it is a
* a token object. Otherwise, add it to the session's object list.
*/
if (is_token_obj) {
} else {
}
return (rv);
if (clear_key_val != NULL)
(void) free(clear_key_val);
if (newTemplate != NULL)
(void) free(newTemplate);
return (rv);
}
{
int r;
if (!kernel_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
/* Obtain the session pointer. */
return (rv);
if (pMechanism == NULL) {
return (CKR_ARGUMENTS_BAD);
}
return (CKR_ARGUMENTS_BAD);
}
/* Obtain the base key object pointer. */
return (rv);
}
/* Get the kernel's internal mechanism number. */
goto failed_exit;
}
/* Create an object wrapper in the library for the generated key. */
goto failed_exit;
}
/* Process the attributes */
goto failed_exit;
}
/* Cannot create a token object with a READ-ONLY session. */
goto failed_exit;
}
/* Call the CRYPTO_DERIVE_KEY ioctl */
break;
}
if (r < 0) {
} else {
}
goto failed_exit;
}
/* Get the CKA_PRIVATE value for the derived key. */
&is_pri_obj);
goto failed_exit;
}
/*
* Store the kernel object handle into the new derived key object
* and finish the object initialization.
*/
if (is_pri_obj)
else
if (is_token_obj)
else
/*
* Add the new derived object to the slot's token list if it is a
* token object. Otherwise, add it to the session's object list.
*/
if (is_token_obj) {
} else {
}
return (rv);
}
return (rv);
}