softAttributeUtil.c revision f9fbec18f5b458b560ecf45d3db8e8bd56bf6942
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <stdlib.h>
#include <string.h>
#include <security/cryptoki.h>
#include <arcfour.h>
#include <aes_impl.h>
#include <blowfish_impl.h>
#include <bignum.h>
#include <des_impl.h>
#include <rsa_impl.h>
#include "softGlobal.h"
#include "softObject.h"
#include "softSession.h"
#include "softKeystore.h"
#include "softKeystoreUtil.h"
#include "softCrypt.h"
/*
* This attribute table is used by the soft_lookup_attr()
* to validate the attributes.
*/
CK_ATTRIBUTE_TYPE attr_map[] = {
};
/*
* attributes that exists only in public key objects
* Note: some attributes may also exist in one or two
* other object classes, but they are also listed
* because not all object have them.
*/
{
};
/*
* attributes that exists only in private key objects
* Note: some attributes may also exist in one or two
* other object classes, but they are also listed
* because not all object have them.
*/
{
};
/*
* attributes that exists only in secret key objects
* Note: some attributes may also exist in one or two
* other object classes, but they are also listed
* because not all object have them.
*/
{
};
/*
* attributes that exists only in domain parameter objects
* Note: some attributes may also exist in one or two
* other object classes, but they are also listed
* because not all object have them.
*/
{
};
/*
* attributes that exists only in hardware feature objects
*
*/
{
};
/*
* attributes that exists only in certificate objects
*/
{
};
/*
* Validate the attribute by using binary search algorithm.
*/
{
lower = 0;
/* Always starts from middle. */
/* Adjust the lower bound to upper half. */
continue;
}
/* Found it. */
return (CKR_OK);
}
/* Adjust the upper bound to lower half. */
continue;
}
}
/* Failed to find the matching attribute from the attribute table. */
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
/*
* Validate the attribute by using the following search algorithm:
*
* 1) Search for the most frequently used attributes first.
* 2) If not found, search for the usage-purpose attributes - these
* attributes have dense set of values, therefore compiler will
* optimize it with a branch table and branch to the appropriate
* case.
* 3) If still not found, use binary search for the rest of the
* attributes in the attr_map[] table.
*/
{
CK_ULONG i;
for (i = 0; i < ulAttrNum; i++) {
/* First tier search */
case CKA_CLASS:
break;
case CKA_TOKEN:
break;
case CKA_KEY_TYPE:
break;
case CKA_VALUE:
break;
case CKA_VALUE_LEN:
break;
case CKA_VALUE_BITS:
break;
default:
/* Second tier search */
case CKA_ENCRYPT:
break;
case CKA_DECRYPT:
break;
case CKA_WRAP:
break;
case CKA_UNWRAP:
break;
case CKA_SIGN:
break;
case CKA_SIGN_RECOVER:
break;
case CKA_VERIFY:
break;
case CKA_VERIFY_RECOVER:
break;
case CKA_DERIVE:
break;
default:
/* Third tier search */
return (rv);
break;
}
break;
}
}
return (rv);
}
static void
{
if (attr) {
}
}
}
static CK_RV
{
return (CKR_HOST_MEMORY);
return (CKR_HOST_MEMORY);
/* free memory if its already allocated */
} else {
return (CKR_HOST_MEMORY);
}
return (CKR_HOST_MEMORY);
}
}
return (rv);
}
void
{
return;
}
}
} else if (certtype == CKC_X_509_ATTR_CERT) {
}
}
}
}
/*
* Clean up and release all the storage in the extra attribute list
* of an object.
*/
void
{
while (extra_attr) {
/*
* All extra attributes in the extra attribute
* list have pValue points to the value of the
* attribute (with simple byte array type).
* Free the storage for the value of the attribute.
*/
/* Free the storage for the attribute_info struct. */
extra_attr = tmp;
}
}
/*
* Create the attribute_info struct to hold the object's attribute,
* and add it to the extra attribute list of an object.
*/
{
/* Allocate the storage for the attribute_info struct. */
return (CKR_HOST_MEMORY);
}
/* Set up attribute_info struct. */
(template->ulValueLen > 0)) {
/* Allocate storage for the value of the attribute. */
return (CKR_HOST_MEMORY);
}
} else {
}
/* Insert the new attribute in front of extra attribute list. */
} else {
}
return (CKR_OK);
}
{
return (CKR_HOST_MEMORY);
}
return (rv);
return (rv);
} else if (type == CKC_X_509_ATTR_CERT) {
return (rv);
return (rv);
} else {
/* wrong certificate type */
}
return (rv);
}
/*
* Copy the attribute_info struct from the old object to a new attribute_info
* struct, and add that new struct to the extra attribute list of the new
* object.
*/
{
/* Allocate attribute_info struct. */
return (CKR_HOST_MEMORY);
}
return (CKR_HOST_MEMORY);
}
} else {
}
/* Insert the new attribute in front of extra attribute list */
} else {
}
return (CKR_OK);
}
/*
* Get the attribute triple from the extra attribute list in the object
* (if the specified attribute type is found), and copy it to a template.
* Note the type of the attribute to be copied is specified by the template,
* and the storage is pre-allocated for the atrribute value in the template
* for doing the copy.
*/
{
while (extra_attr) {
/* Found it. */
break;
} else {
/* Does not match, try next one. */
}
}
if (extra_attr == NULL) {
/* A valid but un-initialized attribute. */
template->ulValueLen = 0;
return (CKR_OK);
}
/*
* We found the attribute in the extra attribute list.
*/
return (CKR_OK);
}
/*
* The buffer provided by the application is large
* enough to hold the value of the attribute.
*/
return (CKR_OK);
} else {
/*
* The buffer provided by the application does
* not have enough space to hold the value.
*/
return (CKR_BUFFER_TOO_SMALL);
}
}
/*
* Modify the attribute triple in the extra attribute list of the object
* if the specified attribute type is found. Otherwise, just add it to
* list.
*/
{
while (extra_attr) {
/* Found it. */
break;
} else {
/* Does not match, try next one. */
}
}
if (extra_attr == NULL) {
/*
* This attribute is a new one, go ahead adding it to
* the extra attribute list.
*/
}
/* We found the attribute in the extra attribute list. */
(template->ulValueLen > 0)) {
/* The old buffer is too small to hold the new value. */
/* Free storage for the old attribute value. */
/* Allocate storage for the new attribute value. */
return (CKR_HOST_MEMORY);
}
}
/* Replace the attribute with new value. */
} else {
}
return (CKR_OK);
}
/*
* Copy the big integer attribute value from template to a biginteger_t struct.
*/
{
(template->ulValueLen > 0)) {
/* Allocate storage for the value of the attribute. */
return (CKR_HOST_MEMORY);
}
} else {
big->big_value_len = 0;
}
return (CKR_OK);
}
/*
* Copy the big integer attribute value from a biginteger_t struct in the
* object to a template.
*/
{
return (CKR_OK);
}
template->ulValueLen = 0;
return (CKR_OK);
}
/*
* The buffer provided by the application is large
* enough to hold the value of the attribute.
*/
big->big_value_len);
return (CKR_OK);
} else {
/*
* The buffer provided by the application does
* not have enough space to hold the value.
*/
return (CKR_BUFFER_TOO_SMALL);
}
}
/*
* Copy the boolean data type attribute value from an object for the
* specified attribute to the template.
*/
{
return (CKR_OK);
}
/*
* The buffer provided by the application is large
* enough to hold the value of the attribute.
*/
} else {
}
return (CKR_OK);
} else {
/*
* The buffer provided by the application does
* not have enough space to hold the value.
*/
return (CKR_BUFFER_TOO_SMALL);
}
}
/*
* Set the boolean data type attribute value in the object.
*/
{
else
return (CKR_OK);
}
/*
* Copy the CK_ULONG data type attribute value from an object to the
* template.
*/
{
return (CKR_OK);
}
/*
* The buffer provided by the application is large
* enough to hold the value of the attribute.
* It is also assumed to be correctly aligned.
*/
return (CKR_OK);
} else {
/*
* The buffer provided by the application does
* not have enough space to hold the value.
*/
return (CKR_BUFFER_TOO_SMALL);
}
}
/*
* Copy the CK_ULONG data type attribute value from a template to the
* object.
*/
void
{
} else {
*value = 0;
}
}
/*
* Copy the big integer attribute value from source's biginteger_t to
* destination's biginteger_t.
*/
void
{
(src->big_value_len > 0)) {
/*
* To do the copy, just have dst's big_value points
* to src's.
*/
/*
* After the copy, nullify the src's big_value pointer.
* It prevents any double freeing the value.
*/
src->big_value_len = 0;
} else {
dst->big_value_len = 0;
}
}
{
(src->ulValueLen > 0)) {
/* Allocate storage for the value of the attribute. */
return (CKR_HOST_MEMORY);
}
src->ulValueLen);
} else {
dest->ulValueLen = 0;
}
return (CKR_OK);
}
{
/*
* If the attribute was already set, clear out the
* existing value and release the memory.
*/
}
} else {
return (CKR_HOST_MEMORY);
}
}
return (CKR_HOST_MEMORY);
}
}
return (CKR_OK);
}
/*
* Copy the certificate attribute information to the template.
* If the template attribute is not big enough, set the ulValueLen=-1
* and return CKR_BUFFER_TOO_SMALL.
*/
static CK_RV
{
return (CKR_OK);
/*
* The buffer provided by the application is large
* enough to hold the value of the attribute.
*/
return (CKR_OK);
} else {
/*
* The buffer provided by the application does
* not have enough space to hold the value.
*/
return (CKR_BUFFER_TOO_SMALL);
}
}
void
{
template->ulValueLen = 0;
}
}
/*
* Release the storage allocated for object attribute with big integer
* value.
*/
void
{
return;
big->big_value_len = 0;
}
}
/*
* Clean up and release all the storage allocated to hold the big integer
* attributes associated with the type (i.e. class) of the object. Also,
* release the storage allocated to the type of the object.
*/
void
{
switch (class) {
case CKO_PUBLIC_KEY:
switch (keytype) {
case CKK_RSA:
object_p));
object_p));
break;
case CKK_DSA:
object_p));
object_p));
object_p));
object_p));
break;
case CKK_DH:
object_p));
object_p));
object_p));
break;
case CKK_X9_42_DH:
object_p));
object_p));
object_p));
object_p));
break;
case CKK_EC:
object_p));
break;
}
/* Release Public Key Object struct */
}
break;
case CKO_PRIVATE_KEY:
switch (keytype) {
case CKK_RSA:
object_p));
object_p));
object_p));
object_p));
object_p));
object_p));
object_p));
object_p));
break;
case CKK_DSA:
object_p));
object_p));
object_p));
object_p));
break;
case CKK_DH:
object_p));
object_p));
object_p));
break;
case CKK_X9_42_DH:
object_p));
object_p));
object_p));
object_p));
break;
case CKK_EC:
object_p));
break;
}
/* Release Private Key Object struct. */
}
break;
case CKO_SECRET_KEY:
/* cleanup key data area */
OBJ_SEC_VALUE_LEN(object_p) > 0) {
}
/* cleanup key schedule data area */
OBJ_KEY_SCHED_LEN(object_p) > 0) {
}
/* Release Secret Key Object struct. */
}
break;
case CKO_DOMAIN_PARAMETERS:
switch (keytype) {
case CKK_DSA:
object_p));
object_p));
object_p));
break;
case CKK_DH:
object_p));
object_p));
break;
case CKK_X9_42_DH:
object_p));
object_p));
object_p));
break;
}
/* Release Domain Parameters Object struct. */
}
break;
}
}
/*
* Parse the common attributes. Return to caller with appropriate return
* value to indicate if the supplied template specifies a valid attribute
* with a valid value.
*/
{
case CKA_CLASS:
break;
/* default boolean attributes */
case CKA_TOKEN:
return (CKR_DEVICE_REMOVED);
*object_type |= TOKEN_OBJECT;
}
break;
case CKA_PRIVATE:
(void) pthread_mutex_lock(&soft_giant_mutex);
if (!soft_slot.authenticated) {
/*
* Check if this is the special case when
* the PIN is never initialized in the keystore.
* If true, we will let it pass here and let
* it fail with CKR_PIN_EXPIRED later on.
*/
if (!soft_slot.userpin_change_needed) {
(void) pthread_mutex_unlock(
return (CKR_USER_NOT_LOGGED_IN);
}
}
(void) pthread_mutex_unlock(&soft_giant_mutex);
}
break;
case CKA_LABEL:
break;
default:
}
return (rv);
}
/*
* Build a Public Key Object.
*
* - Parse the object's template, and when an error is detected such as
* invalid attribute type, invalid attribute value, etc., return
* with appropriate return value.
* - Set up attribute mask field in the object for the supplied common
* attributes that have boolean type.
* - Build the attribute_info struct to hold the value of each supplied
* attribute that has byte array type. Link attribute_info structs
* together to form the extra attribute list of the object.
* - Allocate storage for the Public Key object.
* - Build the Public Key object according to the key type. Allocate
* storage to hold the big integer value for the supplied attributes
* that are required for a certain key type.
*
*/
{
ulong_t i;
int isLabel = 0;
/* Must set flags */
int isModulus = 0;
int isPubExpo = 0;
int isPrime = 0;
int isSubprime = 0;
int isBase = 0;
int isValue = 0;
int isECParam = 0;
int isECPoint = 0;
/* Must not set flags */
int isModulusBits = 0;
CK_ULONG modulus_bits = 0;
uchar_t object_type = 0;
/* prevent bigint_attr_cleanup from freeing invalid attr value */
for (i = 0; i < ulAttrNum; i++) {
/* Public Key Object Attributes */
/* common key attributes */
case CKA_KEY_TYPE:
break;
case CKA_ID:
case CKA_START_DATE:
case CKA_END_DATE:
/* common public key attribute */
case CKA_SUBJECT:
/*
* Allocate storage to hold the attribute
* value with byte array type, and add it to
* the extra attribute list of the object.
*/
goto fail_cleanup;
}
break;
/*
* The following key related attribute types must
* not be specified by C_CreateObject, C_GenerateKey(Pair).
*/
case CKA_LOCAL:
case CKA_KEY_GEN_MECHANISM:
goto fail_cleanup;
/* Key related boolean attributes */
case CKA_DERIVE:
break;
case CKA_ENCRYPT:
else
attr_mask &= ~ENCRYPT_BOOL_ON;
break;
case CKA_VERIFY:
else
attr_mask &= ~VERIFY_BOOL_ON;
break;
case CKA_VERIFY_RECOVER:
else
break;
case CKA_WRAP:
else
attr_mask &= ~WRAP_BOOL_ON;
break;
case CKA_TRUSTED:
break;
case CKA_MODIFIABLE:
break;
/*
* The following key related attribute types must
* be specified according to the key type by
* C_CreateObject.
*/
case CKA_MODULUS:
isModulus = 1;
/*
* Copyin big integer attribute from template
* to a local variable.
*/
&template[i]);
goto fail_cleanup;
/*
* Modulus length needs to be between min key length and
* max key length.
*/
if ((modulus.big_value_len <
goto fail_cleanup;
}
break;
case CKA_PUBLIC_EXPONENT:
isPubExpo = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_PRIME:
isPrime = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_SUBPRIME:
isSubprime = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_BASE:
isBase = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_VALUE:
isValue = 1;
if (mode == SOFT_CREATE_OBJ) {
if ((template[i].ulValueLen == 0) ||
goto fail_cleanup;
}
}
&template[i]);
goto fail_cleanup;
break;
case CKA_MODULUS_BITS:
isModulusBits = 1;
&template[i]);
break;
case CKA_LABEL:
isLabel = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_EC_PARAMS:
isECParam = 1;
goto fail_cleanup;
break;
case CKA_EC_POINT:
isECPoint = 1;
&template[i]);
goto fail_cleanup;
break;
default:
&object_type);
goto fail_cleanup;
break;
}
} /* For */
/* Allocate storage for Public Key Object. */
goto fail_cleanup;
}
goto fail_cleanup;
}
}
/*
* The key type specified in the template does not
* match the implied key type based on the mechanism.
*/
goto fail_cleanup;
}
/* Supported key types of the Public Key Object */
switch (keytype) {
case CKK_RSA:
if (mode == SOFT_CREATE_OBJ) {
goto fail_cleanup;
}
/*
* Copy big integer attribute value to the
* designated place in the public key object.
*/
} else {
goto fail_cleanup;
}
} else {
goto fail_cleanup;
}
if (isModulusBits && isPubExpo) {
/*
* Copy big integer attribute value to the
* designated place in the public key object.
*/
} else {
goto fail_cleanup;
}
}
break;
case CKK_DSA:
if (mode == SOFT_CREATE_OBJ) {
goto fail_cleanup;
}
} else {
goto fail_cleanup;
}
} else {
isValue) {
goto fail_cleanup;
}
goto fail_cleanup;
}
}
break;
case CKK_DH:
if (mode == SOFT_CREATE_OBJ) {
isSubprime) {
goto fail_cleanup;
}
} else {
goto fail_cleanup;
}
} else {
isSubprime || isValue) {
goto fail_cleanup;
}
goto fail_cleanup;
}
}
break;
case CKK_X9_42_DH:
if (mode == SOFT_CREATE_OBJ) {
goto fail_cleanup;
}
} else {
goto fail_cleanup;
}
} else {
isValue) {
goto fail_cleanup;
}
goto fail_cleanup;
}
}
break;
case CKK_EC:
if (mode == SOFT_CREATE_OBJ) {
goto fail_cleanup;
goto fail_cleanup;
}
} else {
goto fail_cleanup;
} else if (!isECParam) {
goto fail_cleanup;
}
}
if (isECPoint) {
}
goto fail_cleanup;
break;
default:
goto fail_cleanup;
}
/* Set up object. */
if (isLabel) {
goto fail_cleanup;
}
return (rv);
/*
* cleanup the storage allocated to the local variables.
*/
/*
* cleanup the storage allocated inside the object itself.
*/
return (rv);
}
/*
* Build a Private Key Object.
*
* - Parse the object's template, and when an error is detected such as
* invalid attribute type, invalid attribute value, etc., return
* with appropriate return value.
* - Set up attribute mask field in the object for the supplied common
* attributes that have boolean type.
* - Build the attribute_info struct to hold the value of each supplied
* attribute that has byte array type. Link attribute_info structs
* together to form the extra attribute list of the object.
* - Allocate storage for the Private Key object.
* - Build the Private Key object according to the key type. Allocate
* storage to hold the big integer value for the supplied attributes
* that are required for a certain key type.
*
*/
{
ulong_t i;
int isLabel = 0;
int isECParam = 0;
/* Must set flags unless mode == SOFT_UNWRAP_KEY */
int isModulus = 0;
int isPriExpo = 0;
int isPrime = 0;
int isSubprime = 0;
int isBase = 0;
/* Must set flags if mode == SOFT_GEN_KEY */
int isValue = 0;
/* Must not set flags */
int isValueBits = 0;
CK_ULONG value_bits = 0;
/* Private Key RSA optional */
int isPubExpo = 0;
int isPrime1 = 0;
int isPrime2 = 0;
int isExpo1 = 0;
int isExpo2 = 0;
int isCoef = 0;
BIGNUM x, q;
uchar_t object_type = 0;
/* prevent bigint_attr_cleanup from freeing invalid attr value */
x.malloced = 0;
q.malloced = 0;
for (i = 0; i < ulAttrNum; i++) {
/* Private Key Object Attributes */
/* common key attributes */
case CKA_KEY_TYPE:
break;
case CKA_ID:
case CKA_START_DATE:
case CKA_END_DATE:
/* common private key attribute */
case CKA_SUBJECT:
/*
* Allocate storage to hold the attribute
* value with byte array type, and add it to
* the extra attribute list of the object.
*/
goto fail_cleanup;
}
break;
/*
* The following key related attribute types must
* not be specified by C_CreateObject or C_GenerateKey(Pair).
*/
case CKA_LOCAL:
case CKA_KEY_GEN_MECHANISM:
case CKA_AUTH_PIN_FLAGS:
case CKA_ALWAYS_SENSITIVE:
case CKA_NEVER_EXTRACTABLE:
goto fail_cleanup;
/* Key related boolean attributes */
case CKA_DERIVE:
break;
case CKA_SENSITIVE:
break;
case CKA_SECONDARY_AUTH:
goto fail_cleanup;
}
break;
case CKA_DECRYPT:
else
attr_mask &= ~DECRYPT_BOOL_ON;
break;
case CKA_SIGN:
else
attr_mask &= ~SIGN_BOOL_ON;
break;
case CKA_SIGN_RECOVER:
else
break;
case CKA_UNWRAP:
else
attr_mask &= ~UNWRAP_BOOL_ON;
break;
case CKA_EXTRACTABLE:
else
break;
case CKA_MODIFIABLE:
break;
/*
* The following key related attribute types must
* be specified according to the key type by
* C_CreateObject.
*/
case CKA_MODULUS:
isModulus = 1;
/*
* Copyin big integer attribute from template
* to a local variable.
*/
&template[i]);
goto fail_cleanup;
/*
* Modulus length needs to be between min key length and
* max key length.
*/
if ((modulus.big_value_len <
goto fail_cleanup;
}
break;
case CKA_PUBLIC_EXPONENT:
isPubExpo = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_PRIVATE_EXPONENT:
isPriExpo = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_PRIME_1:
isPrime1 = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_PRIME_2:
isPrime2 = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_EXPONENT_1:
isExpo1 = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_EXPONENT_2:
isExpo2 = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_COEFFICIENT:
isCoef = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_PRIME:
isPrime = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_SUBPRIME:
isSubprime = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_BASE:
isBase = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_VALUE:
isValue = 1;
if (mode == SOFT_CREATE_OBJ) {
if ((template[i].ulValueLen == 0) ||
goto fail_cleanup;
}
}
&template[i]);
goto fail_cleanup;
break;
case CKA_VALUE_BITS:
isValueBits = 1;
&template[i]);
break;
case CKA_LABEL:
isLabel = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_EC_PARAMS:
isECParam = 1;
&template[i]);
goto fail_cleanup;
break;
default:
&object_type);
goto fail_cleanup;
break;
}
} /* For */
/* Allocate storage for Private Key Object. */
goto fail_cleanup;
}
goto fail_cleanup;
}
if (mode == SOFT_GEN_KEY) {
/*
* The key type is not specified in the application's
* template, so we use the implied key type based on
* the mechanism.
*/
}
/* If still unspecified, template is incomplete */
goto fail_cleanup;
}
/*
* The key type specified in the template does not
* match the implied key type based on the mechanism.
*/
goto fail_cleanup;
}
}
if (mode == SOFT_UNWRAP_KEY) {
/*
* Note that, for mode SOFT_UNWRAP_KEY, key type is not
* implied by the mechanism (key_type), so if it is not
* specified from the attribute template (keytype), it is
* incomplete.
*/
goto fail_cleanup;
}
}
/* Supported key types of the Private Key Object */
switch (keytype) {
case CKK_RSA:
isValueBits) {
goto fail_cleanup;
}
goto fail_cleanup;
} else
break;
}
/*
* Copy big integer attribute value to the
* designated place in the Private Key object.
*/
} else {
goto fail_cleanup;
}
/* The following attributes are optional. */
if (isPubExpo) {
}
if (isPrime1) {
}
if (isPrime2) {
}
if (isExpo1) {
}
if (isExpo2) {
}
if (isCoef) {
}
break;
case CKK_DSA:
isValueBits) {
goto fail_cleanup;
}
goto fail_cleanup;
} else
break;
}
/*
* The private value x must be less than subprime q.
* Size for big_init is in (32-bit) words.
*/
#ifdef __sparcv9
/* LINTED */
(int)sizeof (uint32_t) - 1) /
#else /* !__sparcv9 */
(int)sizeof (uint32_t) - 1) /
#endif /* __sparcv9 */
goto fail_cleanup;
}
#ifdef __sparcv9
/* LINTED */
(int)sizeof (uint32_t) - 1) /
#else /* !__sparcv9 */
(int)sizeof (uint32_t) - 1) /
#endif /* __sparcv9 */
goto fail_cleanup;
}
if (big_cmp_abs(&x, &q) > 0) {
goto fail_cleanup;
}
} else {
goto fail_cleanup;
}
break;
case CKK_DH:
isSubprime) {
goto fail_cleanup;
}
/* CKA_VALUE_BITS is for key gen but not unwrap */
if (mode == SOFT_GEN_KEY)
value_bits : 0;
else if (mode == SOFT_UNWRAP_KEY) {
if (isValueBits) {
goto fail_cleanup;
}
}
goto fail_cleanup;
} else
break;
}
if (isValueBits) {
goto fail_cleanup;
}
} else {
goto fail_cleanup;
}
break;
case CKK_X9_42_DH:
isValueBits) {
goto fail_cleanup;
}
goto fail_cleanup;
} else
break;
}
} else {
goto fail_cleanup;
}
break;
case CKK_EC:
isValueBits || isBase) {
goto fail_cleanup;
} else if (isECParam) {
goto fail_cleanup;
}
if (isValue) {
}
break;
default:
goto fail_cleanup;
}
/* Set up object. */
if (isLabel) {
goto fail_cleanup;
}
big_finish(&x);
big_finish(&q);
return (rv);
/*
* cleanup the storage allocated to the local variables.
*/
big_finish(&x);
big_finish(&q);
/*
* cleanup the storage allocated inside the object itself.
*/
return (rv);
}
/*
* Build a Secret Key Object.
*
* - Parse the object's template, and when an error is detected such as
* invalid attribute type, invalid attribute value, etc., return
* with appropriate return value.
* - Set up attribute mask field in the object for the supplied common
* attributes that have boolean type.
* - Build the attribute_info struct to hold the value of each supplied
* attribute that has byte array type. Link attribute_info structs
* together to form the extra attribute list of the object.
* - Allocate storage for the Secret Key object.
* - Build the Secret Key object. Allocate storage to hold the big integer
* value for the attribute CKA_VALUE that is required for all the key
* types supported by secret key object.
* This function is called internally with mode = SOFT_CREATE_OBJ_INT.
*
*/
{
ulong_t i;
int isLabel = 0;
/* Must set flags if mode != SOFT_UNWRAP_KEY, else must not set */
int isValue = 0;
/* Must not set flags if mode != SOFT_UNWRAP_KEY, else optional */
int isValueLen = 0;
uchar_t object_type = 0;
/* Allocate storage for Secret Key Object. */
goto fail_cleanup;
}
for (i = 0; i < ulAttrNum; i++) {
/* Secret Key Object Attributes */
/* common key attributes */
case CKA_KEY_TYPE:
break;
case CKA_ID:
case CKA_START_DATE:
case CKA_END_DATE:
/*
* Allocate storage to hold the attribute
* value with byte array type, and add it to
* the extra attribute list of the object.
*/
goto fail_cleanup;
}
break;
/*
* The following key related attribute types must
* not be specified by C_CreateObject and C_GenerateKey.
*/
case CKA_LOCAL:
case CKA_KEY_GEN_MECHANISM:
case CKA_ALWAYS_SENSITIVE:
case CKA_NEVER_EXTRACTABLE:
goto fail_cleanup;
/* Key related boolean attributes */
case CKA_DERIVE:
break;
case CKA_SENSITIVE:
break;
case CKA_ENCRYPT:
else
attr_mask &= ~ENCRYPT_BOOL_ON;
break;
case CKA_DECRYPT:
else
attr_mask &= ~DECRYPT_BOOL_ON;
break;
case CKA_SIGN:
else
attr_mask &= ~SIGN_BOOL_ON;
break;
case CKA_VERIFY:
else
attr_mask &= ~VERIFY_BOOL_ON;
break;
case CKA_WRAP:
else
attr_mask &= ~WRAP_BOOL_ON;
break;
case CKA_UNWRAP:
else
attr_mask &= ~UNWRAP_BOOL_ON;
break;
case CKA_EXTRACTABLE:
else
break;
case CKA_MODIFIABLE:
break;
case CKA_VALUE:
isValue = 1;
if (mode == SOFT_CREATE_OBJ) {
if ((template[i].ulValueLen == 0) ||
goto fail_cleanup;
}
}
/*
* Copyin attribute from template
* to a local variable.
*/
&template[i]);
goto fail_cleanup;
break;
case CKA_VALUE_LEN:
isValueLen = 1;
&template[i]);
break;
case CKA_LABEL:
isLabel = 1;
&template[i]);
goto fail_cleanup;
break;
default:
&object_type);
goto fail_cleanup;
break;
}
} /* For */
switch (mode) {
case SOFT_CREATE_OBJ:
case SOFT_CREATE_OBJ_INT:
case SOFT_DERIVE_KEY_DH:
/*
* The key type must be specified in the application's
* template. Otherwise, returns error.
*/
goto fail_cleanup;
}
break;
case SOFT_GEN_KEY:
/*
* The key type is not specified in the application's
* template, so we use the implied key type based on
* the mechanism.
*/
} else {
/*
* The key type specified in the template
* does not match the implied key type based
* on the mechanism.
*/
goto fail_cleanup;
}
}
/*
* If a key_len is passed as a parameter, it has to
* match the one found in the template.
*/
if (key_len > 0) {
goto fail_cleanup;
}
isValueLen = 1;
}
break;
case SOFT_UNWRAP_KEY:
/*
* Note that, for mode SOFT_UNWRAP_KEY, key type is not
* implied by the mechanism (key_type), so if it is not
* specified from the attribute template (keytype), it is
* incomplete.
*/
goto fail_cleanup;
}
break;
case SOFT_DERIVE_KEY_OTHER:
/*
* For CKM_MD5_KEY_DERIVATION & CKM_SHA1_KEY_DERIVATION, the
* key type is optional.
*/
}
break;
}
switch (mode) {
case SOFT_CREATE_OBJ:
case SOFT_CREATE_OBJ_INT:
switch (keytype) {
case CKK_RC4:
if (!isValue) {
goto fail_cleanup;
}
goto fail_cleanup;
}
break;
case CKK_GENERIC_SECRET:
if (!isValue) {
goto fail_cleanup;
}
break;
case CKK_AES:
if (!isValue) {
goto fail_cleanup;
}
#ifdef CRYPTO_UNLIMITED
goto fail_cleanup;
}
#else
goto fail_cleanup;
}
#endif /* CRYPTO_UNLIMITED */
break;
case CKK_BLOWFISH:
if (!isValue) {
goto fail_cleanup;
}
goto fail_cleanup;
}
break;
case CKK_DES:
if (!isValue) {
goto fail_cleanup;
}
goto fail_cleanup;
}
break;
case CKK_DES2:
if (!isValue) {
goto fail_cleanup;
}
goto fail_cleanup;
}
break;
case CKK_DES3:
if (!isValue) {
goto fail_cleanup;
}
goto fail_cleanup;
}
break;
default:
goto fail_cleanup;
}
if (isValueLen) {
/*
* Templates for internal object creation come from
* applications calls to C_DeriveKey(), for which it
* is OKey to pass a CKA_VALUE_LEN attribute, as
* long as it does not conflict with the length of the
* CKA_VALUE attribute.
*/
if ((mode != SOFT_CREATE_OBJ_INT) ||
goto fail_cleanup;
}
}
break;
case SOFT_GEN_KEY:
/* CKA_VALUE must not be specified */
if (isValue) {
goto fail_cleanup;
}
switch (keytype) {
/*
* CKA_VALUE_LEN must be specified by C_GenerateKey
* if mech is CKK_RC4, CKK_AES, CKK_GENERIC_SECRET.
*/
case CKK_RC4:
if (!isValueLen) {
goto fail_cleanup;
}
goto fail_cleanup;
}
break;
case CKK_GENERIC_SECRET:
/* arbitrary key length - no length checking */
if (!isValueLen) {
goto fail_cleanup;
}
break;
case CKK_AES:
if (!isValueLen) {
goto fail_cleanup;
}
#ifdef CRYPTO_UNLIMITED
goto fail_cleanup;
}
#else
goto fail_cleanup;
}
#endif /* CRYPTO_UNLIMITED */
break;
case CKK_BLOWFISH:
if (!isValueLen) {
goto fail_cleanup;
}
goto fail_cleanup;
}
break;
case CKK_DES:
case CKK_DES2:
case CKK_DES3:
/* CKA_VALUE_LEN attribute does not apply to DES<n> */
if (isValueLen) {
goto fail_cleanup;
}
break;
default:
goto fail_cleanup;
}
break;
case SOFT_UNWRAP_KEY:
/*
* According to v2.11 of PKCS#11 spec, neither CKA_VALUE nor
* CKA_VALUE_LEN can be be specified; however v2.20 has this
* restriction removed, perhaps because it makes it hard to
* determine variable-length key sizes. This case statement
* complied with v2.20.
*/
if (isValue) {
goto fail_cleanup;
}
switch (keytype) {
/*
* CKA_VALUE_LEN is optional
* if key is CKK_RC4, CKK_AES, CKK_GENERIC_SECRET
* and the unwrapping mech is *_CBC_PAD.
*
* CKA_VALUE_LEN is required
* if key is CKK_RC4, CKK_AES, CKK_GENERIC_SECRET
* and the unwrapping mech is *_ECB or *_CBC.
*
* since mech is not known at this point, CKA_VALUE_LEN is
* treated as optional and the caller needs to enforce it.
*/
case CKK_RC4:
if (isValueLen) {
if ((sck->sk_value_len <
(sck->sk_value_len >
goto fail_cleanup;
}
}
break;
case CKK_GENERIC_SECRET:
/* arbitrary key length - no length checking */
break;
case CKK_AES:
if (isValueLen) {
#ifdef CRYPTO_UNLIMITED
goto fail_cleanup;
}
#else
goto fail_cleanup;
}
#endif /* CRYPTO_UNLIMITED */
}
break;
case CKK_BLOWFISH:
if (isValueLen &&
goto fail_cleanup;
}
break;
case CKK_DES:
case CKK_DES2:
case CKK_DES3:
/* CKA_VALUE_LEN attribute does not apply to DES<n> */
if (isValueLen) {
goto fail_cleanup;
}
break;
default:
goto fail_cleanup;
}
break;
case SOFT_DERIVE_KEY_DH:
/* CKA_VALUE must not be specified */
if (isValue) {
goto fail_cleanup;
}
switch (keytype) {
/*
* CKA_VALUE_LEN is optional
* if mech is CKK_RC4, CKK_AES, CKK_GENERIC_SECRET.
*/
case CKK_RC4:
if (isValueLen) {
if ((sck->sk_value_len <
(sck->sk_value_len >
goto fail_cleanup;
}
}
break;
case CKK_GENERIC_SECRET:
/* arbitrary key length - no length checking */
break;
case CKK_AES:
if (isValueLen) {
#ifdef CRYPTO_UNLIMITED
goto fail_cleanup;
}
#else
goto fail_cleanup;
}
#endif /* CRYPTO_UNLIMITED */
}
break;
case CKK_BLOWFISH:
if (isValueLen &&
goto fail_cleanup;
}
break;
case CKK_DES:
case CKK_DES2:
case CKK_DES3:
/* CKA_VALUE_LEN attribute does not apply to DES<n> */
if (isValueLen) {
goto fail_cleanup;
}
break;
default:
goto fail_cleanup;
}
break;
case SOFT_DERIVE_KEY_OTHER:
/* CKA_VALUE must not be specified */
if (isValue) {
goto fail_cleanup;
}
switch (keytype) {
/*
* CKA_VALUE_LEN is an optional attribute for
* CKM_SHA1_KEY_DERIVATION and CKM_MD5_KEY_DERIVATION
* if mech is CKK_RC4, CKK_AES, CKK_GENERIC_SECRET.
*/
case CKK_RC4:
case CKK_GENERIC_SECRET:
case CKK_AES:
case CKK_BLOWFISH:
/*
* No need to check key length value here, it will be
* validated later in soft_key_derive_check_length().
*/
break;
case CKK_DES:
case CKK_DES2:
case CKK_DES3:
/* CKA_VALUE_LEN attribute does not apply to DES<n> */
if (isValueLen) {
goto fail_cleanup;
}
break;
default:
goto fail_cleanup;
}
break;
}
/* Set up object. */
if (isLabel) {
goto fail_cleanup;
}
return (rv);
/*
* cleanup the storage allocated to the local variables.
*/
/*
* cleanup the storage allocated inside the object itself.
*/
return (rv);
}
/*
* Build a Domain Parameter Object.
*
* - Parse the object's template, and when an error is detected such as
* invalid attribute type, invalid attribute value, etc., return
* with appropriate return value.
* - Allocate storage for the Domain Parameter object.
* - Build the Domain Parameter object according to the key type. Allocate
* storage to hold the big integer value for the supplied attributes
* that are required for a certain key type.
*
*/
{
ulong_t i;
int isLabel = 0;
/* Must set flags */
int isPrime = 0;
int isSubprime = 0;
int isBase = 0;
/* Must not set flags */
int isPrimeBits = 0;
int isSubPrimeBits = 0;
uchar_t object_type = 0;
/* prevent bigint_attr_cleanup from freeing invalid attr value */
for (i = 0; i < ulAttrNum; i++) {
/* Domain Parameters Object Attributes */
/* common domain parameter attribute */
case CKA_KEY_TYPE:
break;
/*
* The following common domain parameter attribute
* must not be specified by C_CreateObject.
*/
case CKA_LOCAL:
goto fail_cleanup;
/*
* The following domain parameter attributes must be
* specified according to the key type by
* C_CreateObject.
*/
case CKA_PRIME:
isPrime = 1;
/*
* Copyin big integer attribute from template
* to a local variable.
*/
&template[i]);
goto fail_cleanup;
break;
case CKA_SUBPRIME:
isSubprime = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_BASE:
isBase = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_PRIME_BITS:
isPrimeBits = 1;
break;
case CKA_SUB_PRIME_BITS:
isSubPrimeBits = 1;
break;
case CKA_LABEL:
isLabel = 1;
&template[i]);
goto fail_cleanup;
break;
default:
&object_type);
goto fail_cleanup;
break;
}
} /* For */
/* Allocate storage for Domain Parameters Object. */
goto fail_cleanup;
}
goto fail_cleanup;
}
/* Supported key types of the Domain Parameters Object */
switch (keytype) {
case CKK_DSA:
if (isPrimeBits || isSubPrimeBits) {
goto fail_cleanup;
}
/*
* Copy big integer attribute value to the
* designated place in the domain parameter
* object.
*/
} else {
goto fail_cleanup;
}
break;
case CKK_DH:
goto fail_cleanup;
}
} else {
goto fail_cleanup;
}
break;
case CKK_X9_42_DH:
if (isPrimeBits || isSubPrimeBits) {
goto fail_cleanup;
}
} else {
goto fail_cleanup;
}
break;
default:
goto fail_cleanup;
}
if (isLabel) {
goto fail_cleanup;
}
return (rv);
/*
* cleanup the storage allocated to the local variables.
*/
/*
* cleanup the storage allocated inside the object itself.
*/
return (rv);
}
/*
* Build a Certificate Object
*
* - Parse the object's template, and when an error is detected such as
* invalid attribute type, invalid attribute value, etc., return
* with appropriate return value.
* - Allocate storage for the Certificate object
*/
static CK_RV
{
CK_ULONG i;
int owner_set = 0;
int value_set = 0;
int subject_set = 0;
/* certificate type defaults to the value given as a parameter */
int isLabel = 0;
uchar_t object_type = 0;
/*
* Look for the certificate type attribute and do some
* sanity checking before creating the structures.
*/
for (i = 0; i < ulAttrNum; i++) {
/* Certificate Object Attributes */
case CKA_CERTIFICATE_TYPE:
certtype =
break;
case CKA_SUBJECT:
subject_set = 1;
break;
case CKA_OWNER:
owner_set = 1;
break;
case CKA_VALUE:
value_set = 1;
break;
}
}
/* The certificate type MUST be specified */
return (CKR_TEMPLATE_INCOMPLETE);
/*
* For X.509 certs, the CKA_SUBJECT and CKA_VALUE
* must be present at creation time.
*/
(!subject_set || !value_set))
return (CKR_TEMPLATE_INCOMPLETE);
/*
* For X.509 Attribute certs, the CKA_OWNER and CKA_VALUE
* must be present at creation time.
*/
if (certtype == CKC_X_509_ATTR_CERT &&
return (CKR_TEMPLATE_INCOMPLETE);
return (CKR_HOST_MEMORY);
}
for (i = 0; i < ulAttrNum; i++) {
/* Certificate Object Attributes */
switch (certtype) {
case CKC_X_509:
case CKA_SUBJECT:
&template[i]);
break;
case CKA_VALUE:
&template[i]);
break;
case CKA_LABEL:
isLabel = 1;
&template[i]);
goto fail_cleanup;
break;
case CKA_ID:
case CKA_ISSUER:
case CKA_SERIAL_NUMBER:
break;
case CKA_MODIFIABLE:
attr_mask |=
break;
case CKA_CERTIFICATE_TYPE:
break;
default:
&template[i], &object_type);
goto fail_cleanup;
}
break;
case CKC_X_509_ATTR_CERT:
case CKA_OWNER:
&template[i]);
break;
case CKA_VALUE:
&template[i]);
break;
case CKA_LABEL:
isLabel = 1;
&string_tmp, &template[i]);
goto fail_cleanup;
break;
case CKA_SERIAL_NUMBER:
case CKA_AC_ISSUER:
case CKA_ATTR_TYPES:
break;
case CKA_MODIFIABLE:
attr_mask |=
break;
case CKA_CERTIFICATE_TYPE:
break;
default:
&template[i], &object_type);
goto fail_cleanup;
break;
}
break;
default:
break;
}
}
if (isLabel) {
goto fail_cleanup;
}
}
}
return (rv);
}
/*
* Validate the attribute types in the object's template. Then,
* call the appropriate build function according to the class of
* the object specified in the template.
*
* Note: The following classes of objects are supported:
* - CKO_PUBLIC_KEY
* - CKO_PRIVATE_KEY
* - CKO_SECRET_KEY
* - CKO_DOMAIN_PARAMETERS
* - CKO_CERTIFICATE
*
*/
{
return (CKR_ARGUMENTS_BAD);
}
/* Validate the attribute type in the template. */
return (rv);
/*
* CKA_CLASS is a mandatory attribute for C_CreateObject
*/
return (CKR_TEMPLATE_INCOMPLETE);
/*
* Call the appropriate function based on the supported class
* of the object.
*/
switch (class) {
case CKO_PUBLIC_KEY:
break;
case CKO_PRIVATE_KEY:
break;
case CKO_SECRET_KEY:
break;
case CKO_DOMAIN_PARAMETERS:
break;
case CKO_CERTIFICATE:
break;
case CKO_DATA:
case CKO_HW_FEATURE:
case CKO_VENDOR_DEFINED:
default:
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
return (rv);
}
/*
* Validate the attribute types in the object's template. Then,
* call the appropriate build function according to the class of
* the object specified in the template.
*
*/
{
/* Validate the attribute type in the template. */
return (rv);
}
/*
* If either the class from the parameter list ("class") or
* the class from the template ("temp_class") is not specified,
* try to use the other one.
*/
temp_class = class;
class = temp_class;
}
/* If object class is still not specified, template is incomplete. */
return (CKR_TEMPLATE_INCOMPLETE);
/* Class should match if specified in both parameters and template. */
if (class != temp_class)
return (CKR_TEMPLATE_INCONSISTENT);
/*
* Call the appropriate function based on the supported class
* of the object.
*/
switch (class) {
case CKO_PUBLIC_KEY:
/* Unwrapping public keys is not supported. */
if (mode == SOFT_UNWRAP_KEY) {
break;
}
break;
case CKO_PRIVATE_KEY:
break;
case CKO_SECRET_KEY:
break;
case CKO_DOMAIN_PARAMETERS:
/* Unwrapping domain parameters is not supported. */
if (mode == SOFT_UNWRAP_KEY) {
break;
}
break;
case CKO_DATA:
case CKO_CERTIFICATE:
case CKO_HW_FEATURE:
case CKO_VENDOR_DEFINED:
default:
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
return (rv);
}
/*
* Get the value of a requested attribute that is common to all supported
* classes (i.e. public key, private key, secret key, domain parameters,
* and certificate classes).
*/
{
case CKA_CLASS:
template));
/* default boolean attributes */
case CKA_TOKEN:
return (CKR_OK);
}
if (object_type & TOKEN_OBJECT)
else
break;
case CKA_PRIVATE:
return (CKR_OK);
}
if (object_type & PRIVATE_OBJECT)
else
break;
case CKA_MODIFIABLE:
return (CKR_OK);
}
else
break;
case CKA_LABEL:
return (get_extra_attr_from_object(object_p,
template));
default:
/*
* The specified attribute for the object is invalid.
* (the object does not possess such an attribute.)
*/
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
return (rv);
}
/*
* Get the value of a requested attribute that is common to all key objects
* (i.e. public key, private key and secret key).
*/
{
case CKA_KEY_TYPE:
template));
case CKA_ID:
case CKA_START_DATE:
case CKA_END_DATE:
/*
* The above extra attributes have byte array type.
*/
return (get_extra_attr_from_object(object_p,
template));
/* Key related boolean attributes */
case CKA_LOCAL:
return (get_bool_attr_from_object(object_p,
case CKA_DERIVE:
return (get_bool_attr_from_object(object_p,
case CKA_KEY_GEN_MECHANISM:
template));
default:
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
}
/*
* Get the value of a requested attribute of a Public Key Object.
*
* Rule: All the attributes in the public key object can be revealed.
*/
{
case CKA_SUBJECT:
case CKA_EC_PARAMS:
/*
* The above extra attributes have byte array type.
*/
return (get_extra_attr_from_object(object_p,
template));
/* Key related boolean attributes */
case CKA_ENCRYPT:
return (get_bool_attr_from_object(object_p,
case CKA_VERIFY:
return (get_bool_attr_from_object(object_p,
case CKA_VERIFY_RECOVER:
return (get_bool_attr_from_object(object_p,
case CKA_WRAP:
return (get_bool_attr_from_object(object_p,
WRAP_BOOL_ON, template));
case CKA_TRUSTED:
return (get_bool_attr_from_object(object_p,
case CKA_MODULUS:
/*
* This attribute is valid only for RSA public key
* object.
*/
return (get_bigint_attr_from_object(
} else {
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
case CKA_PUBLIC_EXPONENT:
return (get_bigint_attr_from_object(
} else {
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
case CKA_MODULUS_BITS:
return (get_ulong_attr_from_object(
} else {
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
case CKA_PRIME:
switch (keytype) {
case CKK_DSA:
return (get_bigint_attr_from_object(
case CKK_DH:
return (get_bigint_attr_from_object(
case CKK_X9_42_DH:
return (get_bigint_attr_from_object(
default:
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
case CKA_SUBPRIME:
switch (keytype) {
case CKK_DSA:
return (get_bigint_attr_from_object(
case CKK_X9_42_DH:
return (get_bigint_attr_from_object(
default:
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
case CKA_BASE:
switch (keytype) {
case CKK_DSA:
return (get_bigint_attr_from_object(
case CKK_DH:
return (get_bigint_attr_from_object(
case CKK_X9_42_DH:
return (get_bigint_attr_from_object(
default:
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
case CKA_EC_POINT:
return (get_bigint_attr_from_object(
case CKA_VALUE:
switch (keytype) {
case CKK_DSA:
return (get_bigint_attr_from_object(
case CKK_DH:
return (get_bigint_attr_from_object(
case CKK_X9_42_DH:
return (get_bigint_attr_from_object(
default:
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
default:
/*
* First, get the value of the request attribute defined
* in the list of common key attributes. If the request
* attribute is not found in that list, then get the
* attribute from the list of common attributes.
*/
if (rv == CKR_ATTRIBUTE_TYPE_INVALID) {
}
break;
}
return (rv);
}
/*
* Get the value of a requested attribute of a Private Key Object.
*
* Rule: All the attributes in the private key object can be revealed
* except those marked with footnote number "7" when the object
* has its CKA_SENSITIVE attribute set to TRUE or its
* CKA_EXTRACTABLE attribute set to FALSE (p.88 in PKCS11 spec.).
*/
{
/*
* If the following specified attributes for the private key
* object cannot be revealed because the object is sensitive
* or unextractable, then the ulValueLen is set to -1.
*/
case CKA_PRIVATE_EXPONENT:
case CKA_PRIME_1:
case CKA_PRIME_2:
case CKA_EXPONENT_1:
case CKA_EXPONENT_2:
case CKA_COEFFICIENT:
case CKA_VALUE:
return (CKR_ATTRIBUTE_SENSITIVE);
}
}
case CKA_SUBJECT:
case CKA_EC_PARAMS:
/*
* The above extra attributes have byte array type.
*/
return (get_extra_attr_from_object(object_p,
template));
/* Key related boolean attributes */
case CKA_SENSITIVE:
return (get_bool_attr_from_object(object_p,
case CKA_SECONDARY_AUTH:
return (get_bool_attr_from_object(object_p,
case CKA_DECRYPT:
return (get_bool_attr_from_object(object_p,
case CKA_SIGN:
return (get_bool_attr_from_object(object_p,
SIGN_BOOL_ON, template));
case CKA_SIGN_RECOVER:
return (get_bool_attr_from_object(object_p,
case CKA_UNWRAP:
return (get_bool_attr_from_object(object_p,
case CKA_EXTRACTABLE:
return (get_bool_attr_from_object(object_p,
case CKA_ALWAYS_SENSITIVE:
return (get_bool_attr_from_object(object_p,
case CKA_NEVER_EXTRACTABLE:
return (get_bool_attr_from_object(object_p,
case CKA_MODULUS:
return (get_bigint_attr_from_object(
} else {
break;
}
case CKA_PUBLIC_EXPONENT:
return (get_bigint_attr_from_object(
} else {
break;
}
case CKA_PRIVATE_EXPONENT:
return (get_bigint_attr_from_object(
} else {
break;
}
case CKA_PRIME_1:
return (get_bigint_attr_from_object(
} else {
break;
}
case CKA_PRIME_2:
return (get_bigint_attr_from_object(
} else {
break;
}
case CKA_EXPONENT_1:
return (get_bigint_attr_from_object(
} else {
break;
}
case CKA_EXPONENT_2:
return (get_bigint_attr_from_object(
} else {
break;
}
case CKA_COEFFICIENT:
return (get_bigint_attr_from_object(
} else {
break;
}
case CKA_VALUE_BITS:
return (get_ulong_attr_from_object(
} else {
break;
}
case CKA_PRIME:
switch (keytype) {
case CKK_DSA:
return (get_bigint_attr_from_object(
case CKK_DH:
return (get_bigint_attr_from_object(
case CKK_X9_42_DH:
return (get_bigint_attr_from_object(
default:
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
case CKA_SUBPRIME:
switch (keytype) {
case CKK_DSA:
return (get_bigint_attr_from_object(
case CKK_X9_42_DH:
return (get_bigint_attr_from_object(
default:
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
case CKA_BASE:
switch (keytype) {
case CKK_DSA:
return (get_bigint_attr_from_object(
case CKK_DH:
return (get_bigint_attr_from_object(
case CKK_X9_42_DH:
return (get_bigint_attr_from_object(
default:
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
case CKA_VALUE:
switch (keytype) {
case CKK_DSA:
return (get_bigint_attr_from_object(
case CKK_DH:
return (get_bigint_attr_from_object(
case CKK_X9_42_DH:
return (get_bigint_attr_from_object(
case CKK_EC:
return (get_bigint_attr_from_object(
default:
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
default:
/*
* First, get the value of the request attribute defined
* in the list of common key attributes. If the request
* attribute is not found in that list, then get the
* attribute from the list of common attributes.
*/
if (rv == CKR_ATTRIBUTE_TYPE_INVALID) {
}
break;
}
return (rv);
}
/*
* Get the value of a requested attribute of a Secret Key Object.
*
* Rule: All the attributes in the secret key object can be revealed
* except those marked with footnote number "7" when the object
* has its CKA_SENSITIVE attribute set to TRUE or its
* CKA_EXTRACTABLE attribute set to FALSE (p.88 in PKCS11 spec.).
*/
{
/* Key related boolean attributes */
case CKA_SENSITIVE:
return (get_bool_attr_from_object(object_p,
case CKA_ENCRYPT:
return (get_bool_attr_from_object(object_p,
case CKA_DECRYPT:
return (get_bool_attr_from_object(object_p,
case CKA_SIGN:
return (get_bool_attr_from_object(object_p,
SIGN_BOOL_ON, template));
case CKA_VERIFY:
return (get_bool_attr_from_object(object_p,
case CKA_WRAP:
return (get_bool_attr_from_object(object_p,
WRAP_BOOL_ON, template));
case CKA_UNWRAP:
return (get_bool_attr_from_object(object_p,
case CKA_EXTRACTABLE:
return (get_bool_attr_from_object(object_p,
case CKA_ALWAYS_SENSITIVE:
return (get_bool_attr_from_object(object_p,
case CKA_NEVER_EXTRACTABLE:
return (get_bool_attr_from_object(object_p,
case CKA_VALUE:
case CKA_VALUE_LEN:
/*
* If the specified attribute for the secret key object
* cannot be revealed because the object is sensitive
* or unextractable, then the ulValueLen is set to -1.
*/
return (CKR_ATTRIBUTE_SENSITIVE);
}
switch (keytype) {
case CKK_RC4:
case CKK_GENERIC_SECRET:
case CKK_RC5:
case CKK_DES:
case CKK_DES2:
case CKK_DES3:
case CKK_CDMF:
case CKK_AES:
case CKK_BLOWFISH:
return (get_ulong_attr_from_object(
template));
} else {
return (get_bigint_attr_from_object(
template));
}
default:
break;
}
break;
default:
/*
* First, get the value of the request attribute defined
* in the list of common key attributes. If the request
* attribute is not found in that list, then get the
* attribute from the list of common attributes.
*/
if (rv == CKR_ATTRIBUTE_TYPE_INVALID) {
}
break;
}
return (rv);
}
/*
* Get the value of a requested attribute of a Domain Parameters Object.
*
* Rule: All the attributes in the domain parameters object can be revealed.
*/
{
case CKA_KEY_TYPE:
return (get_ulong_attr_from_object(keytype,
template));
case CKA_LOCAL:
return (get_bool_attr_from_object(object_p,
case CKA_PRIME:
switch (keytype) {
case CKK_DSA:
return (get_bigint_attr_from_object(
case CKK_DH:
return (get_bigint_attr_from_object(
case CKK_X9_42_DH:
return (get_bigint_attr_from_object(
default:
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
case CKA_SUBPRIME:
switch (keytype) {
case CKK_DSA:
return (get_bigint_attr_from_object(
case CKK_X9_42_DH:
return (get_bigint_attr_from_object(
default:
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
case CKA_BASE:
switch (keytype) {
case CKK_DSA:
return (get_bigint_attr_from_object(
case CKK_DH:
return (get_bigint_attr_from_object(
case CKK_X9_42_DH:
return (get_bigint_attr_from_object(
default:
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
case CKA_PRIME_BITS:
switch (keytype) {
case CKK_DSA:
return (get_ulong_attr_from_object(
case CKK_DH:
return (get_ulong_attr_from_object(
case CKK_X9_42_DH:
return (get_ulong_attr_from_object(
default:
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
case CKA_SUB_PRIME_BITS:
switch (keytype) {
case CKK_X9_42_DH:
return (get_ulong_attr_from_object(
default:
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
default:
/*
* Get the value of a common attribute.
*/
break;
}
return (rv);
}
/*
* Get certificate attributes from an object.
* return CKR_ATTRIBUTE_TYPE_INVALID if the requested type
* does not exist in the certificate.
*/
{
case CKA_SUBJECT:
return (get_cert_attr_from_object(
}
break;
case CKA_VALUE:
return (get_cert_attr_from_object(
} else if (certtype == CKC_X_509_ATTR_CERT) {
return (get_cert_attr_from_object(
}
break;
case CKA_OWNER:
if (certtype == CKC_X_509_ATTR_CERT) {
return (get_cert_attr_from_object(
}
break;
case CKA_CERTIFICATE_TYPE:
break;
case CKA_TRUSTED:
return (get_bool_attr_from_object(object_p,
case CKA_ID:
case CKA_ISSUER:
case CKA_SERIAL_NUMBER:
case CKA_AC_ISSUER:
case CKA_ATTR_TYPES:
return (get_extra_attr_from_object(object_p,
template));
break;
default:
object_p->object_type));
break;
}
/*
* If we got this far, then the combination of certificate type
* and requested attribute is invalid.
*/
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
{
case CKA_SUBJECT:
/* SUBJECT attr cannot be modified. */
return (CKR_ATTRIBUTE_READ_ONLY);
}
break;
case CKA_OWNER:
if (certtype == CKC_X_509_ATTR_CERT) {
/* OWNER attr cannot be modified. */
return (CKR_ATTRIBUTE_READ_ONLY);
}
break;
case CKA_VALUE:
/* VALUE attr cannot be modified. */
return (CKR_ATTRIBUTE_READ_ONLY);
break;
case CKA_ID:
case CKA_ISSUER:
return (set_extra_attr_to_object(object_p,
}
break;
case CKA_AC_ISSUER:
case CKA_ATTR_TYPES:
if (certtype == CKC_X_509_ATTR_CERT) {
return (set_extra_attr_to_object(object_p,
}
break;
case CKA_SERIAL_NUMBER:
case CKA_LABEL:
return (set_extra_attr_to_object(object_p,
break;
default:
return (soft_set_common_storage_attribute(
break;
}
/*
* If we got this far, then the combination of certificate type
* and requested attribute is invalid.
*/
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
/*
* Call the appropriate get attribute function according to the class
* of object.
*
* The caller of this function holds the lock on the object.
*/
{
switch (class) {
case CKO_PUBLIC_KEY:
break;
case CKO_PRIVATE_KEY:
break;
case CKO_SECRET_KEY:
break;
case CKO_DOMAIN_PARAMETERS:
break;
case CKO_CERTIFICATE:
break;
default:
/*
* If the specified attribute for the object is invalid
* (the object does not possess such as attribute), then
* the ulValueLen is modified to hold the value -1.
*/
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
return (rv);
}
{
case CKA_TOKEN:
if (copy) {
return (CKR_DEVICE_REMOVED);
}
} else {
}
break;
case CKA_PRIVATE:
if (copy) {
(void) pthread_mutex_lock(&soft_giant_mutex);
if (!soft_slot.authenticated) {
/*
* Check if this is the special case
* when the PIN is never initialized
* in the keystore. If true, we will
* let it pass here and let it fail
* with CKR_PIN_EXPIRED later on.
*/
if (!soft_slot.userpin_change_needed) {
(void) pthread_mutex_unlock(
return (CKR_USER_NOT_LOGGED_IN);
}
}
(void) pthread_mutex_unlock(&soft_giant_mutex);
}
} else {
}
break;
case CKA_MODIFIABLE:
if (copy) {
else
} else {
}
break;
case CKA_CLASS:
break;
default:
}
return (rv);
}
/*
* Set the value of an attribute that is common to all key objects
* (i.e. public key, private key and secret key).
*/
{
case CKA_LABEL:
/*
* Only the LABEL can be modified in the common storage
* object attributes after the object is created.
*/
return (set_extra_attr_to_object(object_p,
case CKA_ID:
return (set_extra_attr_to_object(object_p,
case CKA_START_DATE:
return (set_extra_attr_to_object(object_p,
case CKA_END_DATE:
return (set_extra_attr_to_object(object_p,
CKA_END_DATE, template));
case CKA_DERIVE:
return (set_bool_attr_to_object(object_p,
case CKA_KEY_TYPE:
case CKA_LOCAL:
case CKA_KEY_GEN_MECHANISM:
return (CKR_ATTRIBUTE_READ_ONLY);
default:
}
}
/*
* Set the value of an attribute of a Public Key Object.
*
* Rule: The attributes marked with footnote number "8" in the PKCS11
* spec may be modified (p.88 in PKCS11 spec.).
*/
{
case CKA_SUBJECT:
return (set_extra_attr_to_object(object_p,
CKA_SUBJECT, template));
case CKA_ENCRYPT:
return (set_bool_attr_to_object(object_p,
case CKA_VERIFY:
return (set_bool_attr_to_object(object_p,
case CKA_VERIFY_RECOVER:
return (set_bool_attr_to_object(object_p,
case CKA_WRAP:
return (set_bool_attr_to_object(object_p,
WRAP_BOOL_ON, template));
case CKA_MODULUS:
case CKA_MODULUS_BITS:
case CKA_PUBLIC_EXPONENT:
return (CKR_ATTRIBUTE_READ_ONLY);
break;
case CKA_SUBPRIME:
(keytype == CKK_X9_42_DH))
return (CKR_ATTRIBUTE_READ_ONLY);
break;
case CKA_PRIME:
case CKA_BASE:
case CKA_VALUE:
(keytype == CKK_X9_42_DH))
return (CKR_ATTRIBUTE_READ_ONLY);
break;
default:
/*
* Set the value of a common key attribute.
*/
return (soft_set_common_key_attribute(object_p,
}
/*
* If we got this far, then the combination of key type
* and requested attribute is invalid.
*/
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
/*
* Set the value of an attribute of a Private Key Object.
*
* Rule: The attributes marked with footnote number "8" in the PKCS11
* spec may be modified (p.88 in PKCS11 spec.).
*/
{
case CKA_SUBJECT:
return (set_extra_attr_to_object(object_p,
CKA_SUBJECT, template));
case CKA_SENSITIVE:
/*
* Cannot set SENSITIVE to FALSE if it is already ON.
*/
return (CKR_ATTRIBUTE_READ_ONLY);
}
return (CKR_OK);
case CKA_DECRYPT:
return (set_bool_attr_to_object(object_p,
case CKA_SIGN:
return (set_bool_attr_to_object(object_p,
SIGN_BOOL_ON, template));
case CKA_SIGN_RECOVER:
return (set_bool_attr_to_object(object_p,
case CKA_UNWRAP:
return (set_bool_attr_to_object(object_p,
case CKA_EXTRACTABLE:
/*
* Cannot set EXTRACTABLE to TRUE if it is already OFF.
*/
return (CKR_ATTRIBUTE_READ_ONLY);
}
return (CKR_OK);
case CKA_MODULUS:
case CKA_PUBLIC_EXPONENT:
case CKA_PRIVATE_EXPONENT:
case CKA_PRIME_1:
case CKA_PRIME_2:
case CKA_EXPONENT_1:
case CKA_EXPONENT_2:
case CKA_COEFFICIENT:
return (CKR_ATTRIBUTE_READ_ONLY);
}
break;
case CKA_SUBPRIME:
(keytype == CKK_X9_42_DH))
return (CKR_ATTRIBUTE_READ_ONLY);
break;
case CKA_PRIME:
case CKA_BASE:
case CKA_VALUE:
(keytype == CKK_X9_42_DH))
return (CKR_ATTRIBUTE_READ_ONLY);
break;
case CKA_VALUE_BITS:
return (CKR_ATTRIBUTE_READ_ONLY);
break;
default:
/*
* Set the value of a common key attribute.
*/
return (soft_set_common_key_attribute(object_p,
}
/*
* If we got this far, then the combination of key type
* and requested attribute is invalid.
*/
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
/*
* Set the value of an attribute of a Secret Key Object.
*
* Rule: The attributes marked with footnote number "8" in the PKCS11
* spec may be modified (p.88 in PKCS11 spec.).
*/
{
case CKA_SENSITIVE:
/*
* Cannot set SENSITIVE to FALSE if it is already ON.
*/
return (CKR_ATTRIBUTE_READ_ONLY);
}
return (CKR_OK);
case CKA_ENCRYPT:
return (set_bool_attr_to_object(object_p,
case CKA_DECRYPT:
return (set_bool_attr_to_object(object_p,
case CKA_SIGN:
return (set_bool_attr_to_object(object_p,
SIGN_BOOL_ON, template));
case CKA_VERIFY:
return (set_bool_attr_to_object(object_p,
case CKA_WRAP:
return (set_bool_attr_to_object(object_p,
WRAP_BOOL_ON, template));
case CKA_UNWRAP:
return (set_bool_attr_to_object(object_p,
case CKA_EXTRACTABLE:
/*
* Cannot set EXTRACTABLE to TRUE if it is already OFF.
*/
return (CKR_ATTRIBUTE_READ_ONLY);
}
return (CKR_OK);
case CKA_VALUE:
return (CKR_ATTRIBUTE_READ_ONLY);
case CKA_VALUE_LEN:
(keytype == CKK_GENERIC_SECRET) ||
(keytype == CKK_BLOWFISH))
return (CKR_ATTRIBUTE_READ_ONLY);
break;
default:
/*
* Set the value of a common key attribute.
*/
return (soft_set_common_key_attribute(object_p,
}
/*
* If we got this far, then the combination of key type
* and requested attribute is invalid.
*/
return (CKR_ATTRIBUTE_TYPE_INVALID);
}
/*
* Call the appropriate set attribute function according to the class
* of object.
*
* The caller of this function does not hold the lock on the original
* object, since this function is setting the attribute on the new object
* that is being modified.
*
* Argument copy: TRUE when called by C_CopyObject,
* FALSE when called by C_SetAttributeValue.
*/
{
switch (class) {
case CKO_PUBLIC_KEY:
break;
case CKO_PRIVATE_KEY:
break;
case CKO_SECRET_KEY:
break;
case CKO_DOMAIN_PARAMETERS:
case CKA_LABEL:
/*
* Only the LABEL can be modified in the common
* storage object attributes after the object is
* created.
*/
return (set_extra_attr_to_object(object_p,
default:
return (CKR_TEMPLATE_INCONSISTENT);
}
case CKO_CERTIFICATE:
break;
default:
/*
* If the template specifies a value of an attribute
* which is incompatible with other existing attributes
* of the object, then fails with return code
* CKR_TEMPLATE_INCONSISTENT.
*/
break;
}
return (rv);
}
{
switch (type) {
/* The following attributes belong to RSA */
case CKA_MODULUS:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
/* This attribute MUST BE set */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
*value_len);
break;
case CKA_PUBLIC_EXPONENT:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
/* This attribute MUST BE set */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
*value_len);
break;
/* The following attributes belong to DSA and DH */
case CKA_PRIME:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
else
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
/* This attribute MUST BE set */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
*value_len);
else
*value_len);
break;
case CKA_SUBPRIME:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
/* This attribute MUST BE set */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
*value_len);
break;
case CKA_BASE:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
else
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
/* This attribute MUST BE set */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
*value_len);
else
*value_len);
break;
case CKA_VALUE:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
else
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
/* This attribute MUST BE set */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
*value_len);
else
*value_len);
break;
}
return (CKR_OK);
}
{
switch (type) {
/* The following attributes belong to RSA */
case CKA_MODULUS:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
/* This attribute MUST BE set */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
*value_len);
break;
case CKA_PRIVATE_EXPONENT:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
/* This attribute MUST BE set */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
*value_len);
break;
case CKA_PRIME_1:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
if (*value_len == 0) {
return (CKR_OK);
}
*value_len);
break;
case CKA_PRIME_2:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
if (*value_len == 0) {
return (CKR_OK);
}
*value_len);
break;
case CKA_EXPONENT_1:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
if (*value_len == 0) {
return (CKR_OK);
}
*value_len);
break;
case CKA_EXPONENT_2:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
if (*value_len == 0) {
return (CKR_OK);
}
*value_len);
break;
case CKA_COEFFICIENT:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
if (*value_len == 0) {
return (CKR_OK);
}
*value_len);
break;
/* The following attributes belong to DSA and DH */
case CKA_PRIME:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
else
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
/* This attribute MUST BE set */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
*value_len);
else
*value_len);
break;
case CKA_SUBPRIME:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
/* This attribute MUST BE set */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
*value_len);
break;
case CKA_BASE:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
else
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
/* This attribute MUST BE set */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
*value_len);
else
*value_len);
break;
case CKA_VALUE:
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
else
#ifdef __sparcv9
len =
/* LINTED */
(uint32_t)
#else /* !__sparcv9 */
len =
#endif /* __sparcv9 */
/* This attribute MUST BE set */
return (CKR_ATTRIBUTE_VALUE_INVALID);
}
*value_len);
else
*value_len);
break;
}
return (CKR_OK);
}
static CK_RV
{
return (CKR_HOST_MEMORY);
}
return (CKR_OK);
}
static void
{
return;
}
switch (key_type) {
case CKK_RSA:
break;
case CKK_DSA:
break;
case CKK_DH:
break;
case CKK_EC:
break;
case CKK_X9_42_DH:
break;
default:
break;
}
}
{
return (CKR_HOST_MEMORY);
}
switch (key_type) {
case CKK_RSA:
sizeof (rsa_pub_key_t));
/* copy modulus */
return (rv);
}
/* copy public exponent */
return (rv);
}
break;
case CKK_DSA:
sizeof (dsa_pub_key_t));
/* copy prime */
return (rv);
}
/* copy subprime */
return (rv);
}
/* copy base */
return (rv);
}
/* copy value */
return (rv);
}
break;
case CKK_DH:
sizeof (dh_pub_key_t));
/* copy prime */
return (rv);
}
/* copy base */
return (rv);
}
/* copy value */
return (rv);
}
break;
case CKK_EC:
sizeof (ec_pub_key_t));
/* copy point */
return (rv);
}
break;
case CKK_X9_42_DH:
sizeof (dh942_pub_key_t));
/* copy prime */
return (rv);
}
/* copy subprime */
return (rv);
}
/* copy base */
return (rv);
}
/* copy value */
return (rv);
}
break;
default:
break;
}
*new_pub_key_obj_p = pbk;
return (rv);
}
static void
{
return;
}
switch (key_type) {
case CKK_RSA:
break;
case CKK_DSA:
break;
case CKK_DH:
break;
case CKK_EC:
break;
case CKK_X9_42_DH:
break;
default:
break;
}
}
{
return (CKR_HOST_MEMORY);
}
switch (key_type) {
case CKK_RSA:
sizeof (rsa_pri_key_t));
/* copy modulus */
return (rv);
}
/* copy public exponent */
return (rv);
}
/* copy private exponent */
return (rv);
}
/* copy prime_1 */
return (rv);
}
/* copy prime_2 */
return (rv);
}
/* copy exponent_1 */
return (rv);
}
/* copy exponent_2 */
return (rv);
}
/* copy coefficient */
return (rv);
}
break;
case CKK_DSA:
sizeof (dsa_pri_key_t));
/* copy prime */
return (rv);
}
/* copy subprime */
return (rv);
}
/* copy base */
return (rv);
}
/* copy value */
return (rv);
}
break;
case CKK_DH:
sizeof (dh_pri_key_t));
/* copy prime */
return (rv);
}
/* copy base */
return (rv);
}
/* copy value */
return (rv);
}
break;
case CKK_EC:
sizeof (ec_pri_key_t));
/* copy value */
return (rv);
}
break;
case CKK_X9_42_DH:
sizeof (dh942_pri_key_t));
/* copy prime */
return (rv);
}
/* copy subprime */
return (rv);
}
/* copy base */
return (rv);
}
/* copy value */
return (rv);
}
break;
default:
break;
}
*new_pri_key_obj_p = pbk;
return (rv);
}
static void
{
return;
}
switch (key_type) {
case CKK_DSA:
break;
case CKK_DH:
break;
case CKK_X9_42_DH:
break;
default:
break;
}
}
{
return (CKR_HOST_MEMORY);
}
switch (key_type) {
case CKK_DSA:
sizeof (dsa_dom_key_t));
/* copy prime */
return (rv);
}
/* copy subprime */
return (rv);
}
/* copy base */
return (rv);
}
break;
case CKK_DH:
sizeof (dh_dom_key_t));
/* copy prime */
return (rv);
}
/* copy base */
return (rv);
}
break;
case CKK_X9_42_DH:
sizeof (dh942_dom_key_t));
/* copy prime */
return (rv);
}
/* copy subprime */
return (rv);
}
/* copy base */
return (rv);
}
break;
default:
break;
}
return (rv);
}
{
return (CKR_HOST_MEMORY);
}
/* copy the secret key value */
return (CKR_HOST_MEMORY);
}
/*
* Copy the pre-expanded key schedule.
*/
old_secret_key_obj_p->keysched_len > 0) {
return (CKR_HOST_MEMORY);
}
sk->keysched_len);
}
return (CKR_OK);
}
/*
* If CKA_CLASS not given, guess CKA_CLASS using
* attributes on template .
*
* Some attributes are specific to an object class. If one or more
* of these attributes are in the template, make a list of classes
* that can have these attributes. This would speed up the search later,
* because we can immediately skip an object if the class of that
* object can not possiblely contain one of the attributes.
*
*/
void
{
ulong_t i;
int j;
int num_pclasses = 0;
for (i = 0; i < ulCount; i++) {
/*
* don't need to guess the class, it is specified.
* Just record the class, and return.
*/
pclasses[0] =
*num_result_pclasses = 1;
return;
}
}
sizeof (PUB_KEY_ATTRS) / sizeof (CK_ATTRIBUTE_TYPE);
sizeof (PRIV_KEY_ATTRS) / sizeof (CK_ATTRIBUTE_TYPE);
sizeof (SECRET_KEY_ATTRS) / sizeof (CK_ATTRIBUTE_TYPE);
sizeof (DOMAIN_ATTRS) / sizeof (CK_ATTRIBUTE_TYPE);
sizeof (HARDWARE_ATTRS) / sizeof (CK_ATTRIBUTE_TYPE);
sizeof (CERT_ATTRS) / sizeof (CK_ATTRIBUTE_TYPE);
/*
* Get the list of objects class that might contain
* some attributes.
*/
for (i = 0; i < ulCount; i++) {
/*
* only check if this attribute can belong to public key object
* class if public key object isn't already in the list
*/
if (!pub_found) {
for (j = 0; j < num_pub_key_attrs; j++) {
pclasses[num_pclasses++] =
break;
}
}
}
if (!priv_found) {
for (j = 0; j < num_priv_key_attrs; j++) {
priv_found = B_TRUE;
pclasses[num_pclasses++] =
break;
}
}
}
if (!secret_found) {
for (j = 0; j < num_secret_key_attrs; j++) {
pclasses[num_pclasses++] =
break;
}
}
}
if (!domain_found) {
for (j = 0; j < num_domain_attrs; j++) {
pclasses[num_pclasses++] =
break;
}
}
}
if (!hardware_found) {
for (j = 0; j < num_hardware_attrs; j++) {
pclasses[num_pclasses++] =
break;
}
}
}
if (!cert_found) {
for (j = 0; j < num_cert_attrs; j++) {
cert_found = B_TRUE;
pclasses[num_pclasses++] =
break;
}
}
}
}
}
{
ulong_t i;
/*
* Check if the class of this object match with any
* of object classes that can possiblely contain the
* requested attributes.
*/
if (num_pclasses > 0) {
for (i = 0; i < num_pclasses; i++) {
break;
}
}
if (i == num_pclasses) {
/*
* this object can't possiblely contain one or
* more attributes, don't need to check this object
*/
return (B_FALSE);
}
}
/* need to examine everything */
for (i = 0; i < num_attr; i++) {
/* First, check the most common attributes */
case CKA_CLASS:
return (B_FALSE);
}
break;
case CKA_KEY_TYPE:
return (B_FALSE);
}
break;
case CKA_ENCRYPT:
break;
case CKA_DECRYPT:
break;
case CKA_WRAP:
break;
case CKA_UNWRAP:
break;
case CKA_SIGN:
break;
case CKA_SIGN_RECOVER:
break;
case CKA_VERIFY:
break;
case CKA_VERIFY_RECOVER:
break;
case CKA_DERIVE:
break;
case CKA_LOCAL:
break;
case CKA_SENSITIVE:
break;
case CKA_SECONDARY_AUTH:
break;
case CKA_TRUSTED:
break;
case CKA_EXTRACTABLE:
break;
case CKA_ALWAYS_SENSITIVE:
break;
case CKA_NEVER_EXTRACTABLE:
break;
case CKA_TOKEN:
break;
case CKA_PRIVATE:
break;
case CKA_MODIFIABLE:
{
if (attr_mask) {
} else {
}
return (B_FALSE);
}
break;
}
case CKA_OWNER:
/*
* For X.509 attribute certificate object, get its
* CKA_OWNER attribute from the x509_attr_cert_t struct.
*/
}
break;
case CKA_SUBJECT:
/*
* For X.509 certificate object, get its CKA_SUBJECT
* attribute from the x509_cert_t struct (not from
* the extra_attrlistp).
*/
break;
}
/*FALLTHRU*/
case CKA_ID:
case CKA_START_DATE:
case CKA_END_DATE:
case CKA_KEY_GEN_MECHANISM:
case CKA_LABEL:
case CKA_ISSUER:
case CKA_SERIAL_NUMBER:
case CKA_AC_ISSUER:
case CKA_ATTR_TYPES:
/* find these attributes from extra_attrlistp */
break;
case CKA_CERTIFICATE_TYPE:
break;
case CKA_VALUE_LEN:
/* only secret key has this attribute */
OBJ_SEC_VALUE_LEN(obj)) {
return (B_FALSE);
}
} else {
return (B_FALSE);
}
break;
case CKA_VALUE:
case CKO_SECRET_KEY:
/*
* secret_key_obj_t is the same as
* biginteger_t
*/
break;
case CKO_PRIVATE_KEY:
} else {
return (B_FALSE);
}
break;
case CKO_PUBLIC_KEY:
} else {
return (B_FALSE);
}
break;
case CKO_CERTIFICATE:
}
break;
default:
return (B_FALSE);
}
break;
case CKA_MODULUS:
/* only RSA public and private key have this attr */
} else {
return (B_FALSE);
}
} else {
return (B_FALSE);
}
break;
case CKA_MODULUS_BITS:
/* only RSA public key has this attribute */
if (mod_bits !=
return (B_FALSE);
}
} else {
return (B_FALSE);
}
break;
case CKA_PUBLIC_EXPONENT:
/* only RSA public and private key have this attr */
} else {
return (B_FALSE);
}
} else {
return (B_FALSE);
}
break;
case CKA_PRIVATE_EXPONENT:
/* only RSA private key has this attribute */
} else {
return (B_FALSE);
}
break;
case CKA_PRIME_1:
/* only RSA private key has this attribute */
} else {
return (B_FALSE);
}
break;
case CKA_PRIME_2:
/* only RSA private key has this attribute */
} else {
return (B_FALSE);
}
break;
case CKA_EXPONENT_1:
/* only RSA private key has this attribute */
} else {
return (B_FALSE);
}
break;
case CKA_EXPONENT_2:
/* only RSA private key has this attribute */
} else {
return (B_FALSE);
}
break;
case CKA_COEFFICIENT:
/* only RSA private key has this attribute */
} else {
return (B_FALSE);
}
break;
case CKA_VALUE_BITS:
/* only Diffie-Hellman private key has this attr */
if (val_bits !=
return (B_FALSE);
}
} else {
return (B_FALSE);
}
break;
case CKA_PRIME:
case CKK_DSA:
break;
case CKK_DH:
break;
case CKK_X9_42_DH:
break;
default:
return (B_FALSE);
}
case CKK_DSA:
break;
case CKK_DH:
break;
case CKK_X9_42_DH:
break;
default:
return (B_FALSE);
}
case CKK_DSA:
break;
case CKK_DH:
break;
case CKK_X9_42_DH:
break;
default:
return (B_FALSE);
}
} else {
return (B_FALSE);
}
break;
case CKA_SUBPRIME:
case CKK_DSA:
break;
case CKK_X9_42_DH:
break;
default:
return (B_FALSE);
}
case CKK_DSA:
break;
case CKK_X9_42_DH:
break;
default:
return (B_FALSE);
}
case CKK_DSA:
break;
case CKK_X9_42_DH:
break;
default:
return (B_FALSE);
}
} else {
return (B_FALSE);
}
break;
case CKA_BASE:
case CKK_DSA:
break;
case CKK_DH:
break;
case CKK_X9_42_DH:
break;
default:
return (B_FALSE);
}
case CKK_DSA:
break;
case CKK_DH:
break;
case CKK_X9_42_DH:
break;
default:
return (B_FALSE);
}
case CKK_DSA:
break;
case CKK_DH:
break;
case CKK_X9_42_DH:
break;
default:
return (B_FALSE);
}
} else {
return (B_FALSE);
}
break;
case CKA_PRIME_BITS:
} else {
return (B_FALSE);
}
if (prime_bits !=
return (B_FALSE);
}
} else {
return (B_FALSE);
}
break;
case CKA_SUBPRIME_BITS:
if (subprime_bits !=
return (B_FALSE);
}
} else {
return (B_FALSE);
}
break;
default:
/*
* any other attributes are currently not supported.
* so, it's not possible for them to be in the
* object
*/
return (B_FALSE);
}
if (compare_boolean) {
if (attr_mask) {
} else {
}
return (B_FALSE);
}
} else if (compare_bigint) {
return (B_FALSE);
}
return (B_FALSE);
}
tmpl_attr->ulValueLen) != 0) {
return (B_FALSE);
}
} else if (compare_attr) {
/*
* The attribute type is valid, and its value
* has not been initialized in the object. In
* this case, it only matches the template's
* attribute if the template's value length
* is 0.
*/
if (tmpl_attr->ulValueLen != 0)
return (B_FALSE);
} else {
if (tmpl_attr->ulValueLen !=
obj_attr->ulValueLen) {
return (B_FALSE);
}
tmpl_attr->ulValueLen) != 0) {
return (B_FALSE);
}
}
} else if (compare_cert_val) {
/* specific attribute not found */
return (B_FALSE);
}
return (B_FALSE);
}
tmpl_attr->ulValueLen) != 0) {
return (B_FALSE);
}
} else if (compare_cert_type) {
tmpl_attr->ulValueLen) != 0) {
return (B_FALSE);
}
}
}
return (B_TRUE);
}
{
}
}
/* if get there, the specified attribute is not found */
return (NULL);
}