pkcs11_tpm/common/key_mgr.c

/*
 * The Initial Developer of the Original Code is International
 * Business Machines Corporation. Portions created by IBM
 * Corporation are Copyright (C) 2005 International Business
 * Machines Corporation. All Rights Reserved.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the Common Public License as published by
 * IBM Corporation; either version 1 of the License, or (at your option)
 * any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * Common Public License for more details.
 *
 * You should have received a copy of the Common Public License
 * along with this program; if not, a copy can be viewed at
 * http://www.opensource.org/licenses/cpl1.0.php.
 */
/* (C) COPYRIGHT International Business Machines Corp. 2001, 2002, 2005 */
/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#include "tpmtok_int.h"

static CK_BBOOL true = TRUE, false = FALSE;

static CK_RV
key_mgr_get_private_key_type(
    CK_BYTE *keydata,
    CK_ULONG    keylen,
    CK_KEY_TYPE *keytype)
{
    CK_BYTE  *alg = NULL;
    CK_BYTE  *priv_key = NULL;
    CK_ULONG  alg_len;
    CK_RV    rc;

    rc = ber_decode_PrivateKeyInfo(keydata, keylen, &alg,
        &alg_len, &priv_key);
    if (rc != CKR_OK) {
        return (rc);
    }
    if (alg_len >= ber_rsaEncryptionLen) {
        if (memcmp(alg, ber_rsaEncryption,
            ber_rsaEncryptionLen) == 0) {
            *keytype = CKK_RSA;
            return (CKR_OK);
        }
    }

    return (CKR_TEMPLATE_INCOMPLETE);
}

CK_RV
key_mgr_generate_key_pair(SESSION      * sess,
    CK_MECHANISM    * mech,
    CK_ATTRIBUTE    * publ_tmpl,
    CK_ULONG        publ_count,
    CK_ATTRIBUTE    * priv_tmpl,
    CK_ULONG        priv_count,
    CK_OBJECT_HANDLE  * publ_key_handle,
    CK_OBJECT_HANDLE  * priv_key_handle)
{
    OBJECT  * publ_key_obj = NULL;
    OBJECT  * priv_key_obj = NULL;
    CK_ATTRIBUTE  * attr     = NULL;
    CK_ATTRIBUTE  * new_attr    = NULL;
    CK_ULONG    i, keyclass, subclass = 0;
    CK_BBOOL    flag;
    CK_RV      rc;

    if (! sess || ! mech || ! publ_key_handle || ! priv_key_handle) {
        return (CKR_FUNCTION_FAILED);
    }
    if (! publ_tmpl && (publ_count != 0)) {
        return (CKR_FUNCTION_FAILED);
    }
    if (! priv_tmpl && (priv_count != 0)) {
        return (CKR_FUNCTION_FAILED);
    }

    for (i = 0; i < publ_count; i++) {
        if (publ_tmpl[i].type == CKA_CLASS) {
            keyclass = *(CK_OBJECT_CLASS *)publ_tmpl[i].pValue;
            if (keyclass != CKO_PUBLIC_KEY) {
                return (CKR_TEMPLATE_INCONSISTENT);
            }
        }

        if (publ_tmpl[i].type == CKA_KEY_TYPE)
            subclass = *(CK_ULONG *)publ_tmpl[i].pValue;
    }


    for (i = 0; i < priv_count; i++) {
        if (priv_tmpl[i].type == CKA_CLASS) {
            keyclass = *(CK_OBJECT_CLASS *)priv_tmpl[i].pValue;
            if (keyclass != CKO_PRIVATE_KEY) {
                return (CKR_TEMPLATE_INCONSISTENT);
            }
        }

        if (priv_tmpl[i].type == CKA_KEY_TYPE) {
            CK_ULONG temp = *(CK_ULONG *)priv_tmpl[i].pValue;
            if (temp != subclass) {
                return (CKR_TEMPLATE_INCONSISTENT);
            }
        }
    }


    switch (mech->mechanism) {
        case CKM_RSA_PKCS_KEY_PAIR_GEN:
            if (subclass != 0 && subclass != CKK_RSA) {
                return (CKR_TEMPLATE_INCONSISTENT);
            }

            subclass = CKK_RSA;
        break;

        default:
            return (CKR_MECHANISM_INVALID);
    }


    rc = object_mgr_create_skel(sess,
        publ_tmpl,  publ_count, MODE_KEYGEN,
        CKO_PUBLIC_KEY,  subclass, &publ_key_obj);

    if (rc != CKR_OK) {
        goto error;
    }
    rc = object_mgr_create_skel(sess,
        priv_tmpl,  priv_count, MODE_KEYGEN,
        CKO_PRIVATE_KEY, subclass, &priv_key_obj);

    if (rc != CKR_OK) {
        goto error;
    }

    switch (mech->mechanism) {
        case CKM_RSA_PKCS_KEY_PAIR_GEN:
            rc = ckm_rsa_key_pair_gen(
                sess->hContext,
                publ_key_obj->template,
                priv_key_obj->template);
        break;

        default:
            rc = CKR_MECHANISM_INVALID;
        break;
    }

    if (rc != CKR_OK) {
        goto error;
    }

    /*
     * we can now set CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE
     * to their appropriate values.  this only applies to CKO_SECRET_KEY
     * and CKO_PRIVATE_KEY objects
     */
    flag = template_attribute_find(priv_key_obj->template,
        CKA_SENSITIVE, &attr);
    if (flag == TRUE) {
        flag = *(CK_BBOOL *)attr->pValue;

        rc = build_attribute(CKA_ALWAYS_SENSITIVE, &flag,
            sizeof (CK_BBOOL), &new_attr);
        if (rc != CKR_OK) {
            goto error;
        }
        (void) template_update_attribute(priv_key_obj->template,
            new_attr);

    } else {
        rc = CKR_FUNCTION_FAILED;
        goto error;
    }


    flag = template_attribute_find(priv_key_obj->template,
        CKA_EXTRACTABLE, &attr);
    if (flag == TRUE) {
        flag = *(CK_BBOOL *)attr->pValue;

        rc = build_attribute(CKA_NEVER_EXTRACTABLE, &true,
            sizeof (CK_BBOOL), &new_attr);
        if (rc != CKR_OK) {
            goto error;
        }
        if (flag == TRUE)
            *(CK_BBOOL *)new_attr->pValue = false;

        (void) template_update_attribute(priv_key_obj->template,
            new_attr);

    } else {
        rc = CKR_FUNCTION_FAILED;
        goto error;
    }

    rc = object_mgr_create_final(sess, publ_key_obj, publ_key_handle);
    if (rc != CKR_OK) {
        goto error;
    }
    rc = object_mgr_create_final(sess, priv_key_obj, priv_key_handle);
    if (rc != CKR_OK) {
        (void) object_mgr_destroy_object(sess, *publ_key_handle);
        publ_key_obj = NULL;
        goto error;
    }
    return (rc);

error:
    if (publ_key_obj)
        (void) object_free(publ_key_obj);
    if (priv_key_obj)
        (void) object_free(priv_key_obj);

    *publ_key_handle = 0;
    *priv_key_handle = 0;

    return (rc);
}

CK_RV
key_mgr_wrap_key(SESSION       * sess,
    CK_BBOOL    length_only,
    CK_MECHANISM    * mech,
    CK_OBJECT_HANDLE    h_wrapping_key,
    CK_OBJECT_HANDLE    h_key,
    CK_BYTE   * wrapped_key,
    CK_ULONG  * wrapped_key_len) {
    ENCR_DECR_CONTEXT * ctx = NULL;
    OBJECT    * key1_obj  = NULL;
    OBJECT    * key2_obj  = NULL;
    CK_ATTRIBUTE    * attr  = NULL;
    CK_BYTE   * data    = NULL;
    CK_ULONG    data_len;
    CK_OBJECT_CLASS class;
    CK_KEY_TYPE  keytype;
    CK_BBOOL    flag;
    CK_RV   rc;

    if (! sess || ! wrapped_key_len) {
        return (CKR_FUNCTION_FAILED);
    }

    rc = object_mgr_find_in_map1(sess->hContext, h_wrapping_key, &key1_obj);
    if (rc != CKR_OK) {
        return (CKR_WRAPPING_KEY_HANDLE_INVALID);
    }
    rc = object_mgr_find_in_map1(sess->hContext, h_key, &key2_obj);
    if (rc != CKR_OK) {
        return (CKR_KEY_HANDLE_INVALID);
    }

    rc = template_attribute_find(key2_obj->template,
        CKA_EXTRACTABLE, &attr);
    if (rc == FALSE) {
        return (CKR_KEY_NOT_WRAPPABLE);
    } else {
        flag = *(CK_BBOOL *)attr->pValue;
        if (flag == FALSE) {
            return (CKR_KEY_NOT_WRAPPABLE);
        }
    }

    rc = template_attribute_find(key2_obj->template, CKA_CLASS, &attr);
    if (rc == FALSE) {
        return (CKR_KEY_NOT_WRAPPABLE);
    } else
        class = *(CK_OBJECT_CLASS *)attr->pValue;

    switch (mech->mechanism) {
        case CKM_RSA_PKCS:
        if (class != CKO_SECRET_KEY) {
            return (CKR_KEY_NOT_WRAPPABLE);
        }
        break;

        default:
        return (CKR_KEY_NOT_WRAPPABLE);
    }

    rc = template_attribute_find(key2_obj->template,
        CKA_KEY_TYPE, &attr);
    if (rc == FALSE)
        return (CKR_KEY_NOT_WRAPPABLE);
    else
        keytype = *(CK_KEY_TYPE *)attr->pValue;

    switch (keytype) {
        case CKK_RSA:
        rc = rsa_priv_wrap_get_data(key2_obj->template, length_only,
            &data, &data_len);
        if (rc != CKR_OK) {
            return (rc);
        }
        break;

        case CKK_GENERIC_SECRET:
        rc = generic_secret_wrap_get_data(key2_obj->template,
            length_only, &data, &data_len);
        if (rc != CKR_OK) {
            return (rc);
        }
        break;
        default:
        return (CKR_KEY_NOT_WRAPPABLE);
    }

    switch (mech->mechanism) {
        case CKM_RSA_PKCS:
        break;

        default:
        return (CKR_KEY_NOT_WRAPPABLE);
    }

    ctx = (ENCR_DECR_CONTEXT *)malloc(sizeof (ENCR_DECR_CONTEXT));
    if (! ctx) {
        return (CKR_HOST_MEMORY);
    }
    (void) memset(ctx, 0x0, sizeof (ENCR_DECR_CONTEXT));

    rc = encr_mgr_init(sess, ctx, OP_WRAP, mech, h_wrapping_key);
    if (rc != CKR_OK) {
        return (rc);
    }
    rc = encr_mgr_encrypt(sess, length_only,
        ctx, data,  data_len, wrapped_key, wrapped_key_len);

    if (data != NULL) {
        free(data);
    }
    (void) encr_mgr_cleanup(ctx);
    free(ctx);

    return (rc);
}

CK_RV
key_mgr_unwrap_key(SESSION     * sess,
    CK_MECHANISM    * mech,
    CK_ATTRIBUTE    * attributes,
    CK_ULONG        attrib_count,
    CK_BYTE    * wrapped_key,
    CK_ULONG        wrapped_key_len,
    CK_OBJECT_HANDLE    h_unwrapping_key,
    CK_OBJECT_HANDLE  * h_unwrapped_key)
{
    ENCR_DECR_CONTEXT * ctx = NULL;
    OBJECT      * key_obj = NULL;
    CK_BYTE    * data = NULL;
    CK_ULONG        data_len;
    CK_ULONG        keyclass, keytype;
    CK_ULONG        i;
    CK_BBOOL        found_class, found_type, fromend;
    CK_RV       rc;


    if (! sess || ! wrapped_key || ! h_unwrapped_key) {
        return (CKR_FUNCTION_FAILED);
    }

    rc = object_mgr_find_in_map1(sess->hContext, h_unwrapping_key,
        &key_obj);
    if (rc != CKR_OK) {
        return (CKR_WRAPPING_KEY_HANDLE_INVALID);
    }

    found_class    = FALSE;
    found_type  = FALSE;

    switch (mech->mechanism) {
        case CKM_RSA_PKCS:
            keyclass = CKO_SECRET_KEY;
            found_class = TRUE;
        break;
    }

    for (i = 0; i < attrib_count; i++) {
        switch (attributes[i].type) {
            case CKA_CLASS:
            keyclass = *(CK_OBJECT_CLASS *)attributes[i].pValue;
            found_class = TRUE;
            break;

            case CKA_KEY_TYPE:
            keytype = *(CK_KEY_TYPE *)attributes[i].pValue;
            found_type = TRUE;
            break;
        }
    }

    if (found_class == FALSE || (found_type == FALSE && keyclass !=
        CKO_PRIVATE_KEY)) {
        return (CKR_TEMPLATE_INCOMPLETE);
    }

    switch (mech->mechanism) {
        case CKM_RSA_PKCS:
        if (keyclass != CKO_SECRET_KEY) {
            return (CKR_TEMPLATE_INCONSISTENT);
        }
        break;
        default:
            return (CKR_MECHANISM_INVALID);
    }


    ctx = (ENCR_DECR_CONTEXT *)malloc(sizeof (ENCR_DECR_CONTEXT));
    if (! ctx) {
        return (CKR_HOST_MEMORY);
    }
    (void) memset(ctx, 0x0, sizeof (ENCR_DECR_CONTEXT));

    rc = decr_mgr_init(sess, ctx, OP_UNWRAP, mech, h_unwrapping_key);
    if (rc != CKR_OK)
        return (rc);

    rc = decr_mgr_decrypt(sess,
        TRUE, ctx, wrapped_key, wrapped_key_len,
        data,   &data_len);
    if (rc != CKR_OK) {
        goto error;
    }
    data = (CK_BYTE *)malloc(data_len);
    if (! data) {
        rc = CKR_HOST_MEMORY;
        goto error;
    }

    rc = decr_mgr_decrypt(sess,
        FALSE, ctx, wrapped_key, wrapped_key_len,
        data,   &data_len);

    (void) decr_mgr_cleanup(ctx);
    free(ctx);

    if (rc != CKR_OK) {
        goto error;
    }
    /*
     * if we use X.509, the data will be padded from the front with zeros.
     * PKCS #11 specifies that for this mechanism, CK_VALUE is to be read
     * from the end of the data.
     *
     * Note: the PKCS #11 reference implementation gets this wrong.
     */
    if (mech->mechanism == CKM_RSA_X_509)
        fromend = TRUE;
    else
    fromend = FALSE;

    if (keyclass == CKO_PRIVATE_KEY) {
        rc = key_mgr_get_private_key_type(data, data_len, &keytype);
        if (rc != CKR_OK) {
            goto error;
        }
    }

    rc = object_mgr_create_skel(sess,
        attributes,    attrib_count,
        MODE_UNWRAP, keyclass,  keytype,
        &key_obj);
    if (rc != CKR_OK) {
        goto error;
    }
    switch (keyclass) {
        case CKO_SECRET_KEY:
        rc = secret_key_unwrap(key_obj->template, keytype, data,
            data_len, fromend);
        break;

        case CKO_PRIVATE_KEY:
        rc = priv_key_unwrap(key_obj->template, keytype,
            data, data_len);
        break;

        default:
        rc = CKR_WRAPPED_KEY_INVALID;
        break;
    }

    if (rc != CKR_OK) {
        goto error;
    }
    rc = object_mgr_create_final(sess, key_obj, h_unwrapped_key);
    if (rc != CKR_OK) {
        goto error;
    }
    if (data) free(data);
    return (rc);

error:
    if (key_obj) (void) object_free(key_obj);
    if (data)    free(data);

    return (rc);
}