pkcs11_softtoken/common/softKeys.c

2N/A/*
2N/A * CDDL HEADER START
2N/A *
2N/A * The contents of this file are subject to the terms of the
2N/A * Common Development and Distribution License (the "License").
2N/A * You may not use this file except in compliance with the License.
2N/A *
2N/A * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2N/A * or http://www.opensolaris.org/os/licensing.
2N/A * See the License for the specific language governing permissions
2N/A * and limitations under the License.
2N/A *
2N/A * When distributing Covered Code, include this CDDL HEADER in each
2N/A * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2N/A * If applicable, add the following below this CDDL HEADER, with the
2N/A * fields enclosed by brackets "[]" replaced with your own identifying
2N/A * information: Portions Copyright [yyyy] [name of copyright owner]
2N/A *
2N/A * CDDL HEADER END
2N/A */
2N/A/*
2N/A * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
2N/A * Use is subject to license terms.
2N/A */
2N/A
2N/A#include <security/cryptoki.h>
2N/A#include "softGlobal.h"
2N/A#include "softSession.h"
2N/A#include "softKeys.h"
2N/A#include "softOps.h"
2N/A
2N/A
2N/ACK_RV
2N/AC_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
2N/A    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey)
2N/A{
2N/A
2N/A    CK_RV       rv;
2N/A    soft_session_t  *session_p;
2N/A    boolean_t   lock_held = B_FALSE;
2N/A
2N/A    if (!softtoken_initialized)
2N/A        return (CKR_CRYPTOKI_NOT_INITIALIZED);
2N/A
2N/A    /* Obtain the session pointer. */
2N/A    rv = handle2session(hSession, &session_p);
2N/A    if (rv != CKR_OK)
2N/A        return (rv);
2N/A
2N/A    if ((pMechanism == NULL) || (phKey == NULL)) {
2N/A        rv = CKR_ARGUMENTS_BAD;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    if ((pTemplate == NULL) && (ulCount != 0)) {
2N/A        rv = CKR_ARGUMENTS_BAD;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    rv = soft_genkey(session_p, pMechanism, pTemplate,
2N/A        ulCount, phKey);
2N/A
2N/Aclean_exit:
2N/A    SES_REFRELE(session_p, lock_held);
2N/A    return (rv);
2N/A
2N/A}
2N/A
2N/A
2N/ACK_RV
2N/AC_GenerateKeyPair(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
2N/A    CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount,
2N/A    CK_ATTRIBUTE_PTR pPrivateKeyTemplate, CK_ULONG ulPrivateKeyAttributeCount,
2N/A    CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey)
2N/A{
2N/A
2N/A    CK_RV       rv;
2N/A    soft_session_t  *session_p;
2N/A    boolean_t   lock_held = B_FALSE;
2N/A
2N/A    if (!softtoken_initialized)
2N/A        return (CKR_CRYPTOKI_NOT_INITIALIZED);
2N/A
2N/A    /* Obtain the session pointer. */
2N/A    rv = handle2session(hSession, &session_p);
2N/A    if (rv != CKR_OK)
2N/A        return (rv);
2N/A
2N/A    if ((pMechanism == NULL) || (phPublicKey == NULL) ||
2N/A        (phPrivateKey == NULL)) {
2N/A        rv = CKR_ARGUMENTS_BAD;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    if ((pPublicKeyTemplate == NULL) ||
2N/A        (ulPublicKeyAttributeCount == 0)) {
2N/A        rv = CKR_ARGUMENTS_BAD;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    if ((pPrivateKeyTemplate == NULL) &&
2N/A        (ulPrivateKeyAttributeCount != 0)) {
2N/A        rv = CKR_ARGUMENTS_BAD;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    rv = soft_genkey_pair(session_p, pMechanism, pPublicKeyTemplate,
2N/A        ulPublicKeyAttributeCount, pPrivateKeyTemplate,
2N/A        ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey);
2N/A
2N/Aclean_exit:
2N/A    SES_REFRELE(session_p, lock_held);
2N/A    return (rv);
2N/A}
2N/A
2N/ACK_RV
2N/AC_WrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
2N/A    CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
2N/A    CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen)
2N/A{
2N/A    CK_RV       rv;
2N/A    soft_session_t  *session_p;
2N/A    soft_object_t   *wrappingkey_p;
2N/A    soft_object_t   *hkey_p;
2N/A    boolean_t   lock_held = B_FALSE;
2N/A
2N/A    if (!softtoken_initialized)
2N/A        return (CKR_CRYPTOKI_NOT_INITIALIZED);
2N/A
2N/A    /* Obtain the session pointer. */
2N/A    rv = handle2session(hSession, &session_p);
2N/A    if (rv != CKR_OK)
2N/A        return (rv);
2N/A
2N/A    if (pMechanism == NULL) {
2N/A        rv = CKR_ARGUMENTS_BAD;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    if (pulWrappedKeyLen == NULL) {
2N/A        rv = CKR_ARGUMENTS_BAD;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    /* Obtain the wrapping key object pointer. */
2N/A    HANDLE2OBJECT(hWrappingKey, wrappingkey_p, rv);
2N/A    if (rv != CKR_OK) {
2N/A        rv = CKR_WRAPPING_KEY_HANDLE_INVALID;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    /* Obtain the to-be-wrapped key object pointer. */
2N/A    HANDLE2OBJECT(hKey, hkey_p, rv);
2N/A    if (rv != CKR_OK)
2N/A        goto clean_exit1;
2N/A
2N/A    /* Check if given wrapping key may be used for wrapping. */
2N/A    if (!(wrappingkey_p->bool_attr_mask & WRAP_BOOL_ON)) {
2N/A        rv = CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
2N/A        goto clean_exit2;
2N/A    }
2N/A
2N/A    /* Check if given wrapping key may be used for encryption. */
2N/A    if (!(wrappingkey_p->bool_attr_mask & ENCRYPT_BOOL_ON)) {
2N/A        rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
2N/A        goto clean_exit2;
2N/A    }
2N/A
2N/A    /*
2N/A     * Check to see if key to be wrapped is extractable.
2N/A     * Note: this should always be true for softtoken keys.
2N/A     */
2N/A    if (!(hkey_p->bool_attr_mask & EXTRACTABLE_BOOL_ON)) {
2N/A        rv = CKR_KEY_UNEXTRACTABLE;
2N/A        goto clean_exit2;
2N/A    }
2N/A
2N/A    (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A    lock_held = B_TRUE;
2N/A
2N/A    /*
2N/A     * Wrapping key objects requires calling encrypt operations.
2N/A     * Check to see if encrypt operation is already active.
2N/A     */
2N/A    if (session_p->encrypt.flags & CRYPTO_OPERATION_ACTIVE) {
2N/A        /* free the memory to avoid memory leak */
2N/A        soft_crypt_cleanup(session_p, B_TRUE, lock_held);
2N/A    }
2N/A
2N/A    /* This active flag will remain ON while wrapping the key. */
2N/A    session_p->encrypt.flags = CRYPTO_OPERATION_ACTIVE;
2N/A
2N/A    (void) pthread_mutex_unlock(&session_p->session_mutex);
2N/A    lock_held = B_FALSE;
2N/A
2N/A    rv = soft_wrapkey(session_p, pMechanism, wrappingkey_p,
2N/A        hkey_p, pWrappedKey, pulWrappedKeyLen);
2N/A
2N/A    (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A
2N/A    lock_held = B_TRUE;
2N/A    session_p->encrypt.flags = 0;
2N/A
2N/A    if ((rv == CKR_OK && pWrappedKey == NULL) ||
2N/A        rv == CKR_BUFFER_TOO_SMALL)
2N/A        soft_crypt_cleanup(session_p, B_TRUE, lock_held);
2N/A
2N/Aclean_exit2:
2N/A    OBJ_REFRELE(hkey_p);
2N/Aclean_exit1:
2N/A    OBJ_REFRELE(wrappingkey_p);
2N/Aclean_exit:
2N/A    SES_REFRELE(session_p, lock_held);
2N/A    return (rv);
2N/A}
2N/A
2N/ACK_RV
2N/AC_UnwrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
2N/A    CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey,
2N/A    CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate,
2N/A    CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
2N/A{
2N/A    CK_RV       rv;
2N/A    soft_session_t  *session_p;
2N/A    soft_object_t   *unwrappingkey_p;
2N/A    boolean_t   lock_held = B_FALSE;
2N/A
2N/A    if (!softtoken_initialized)
2N/A        return (CKR_CRYPTOKI_NOT_INITIALIZED);
2N/A
2N/A    /* Obtain the session pointer. */
2N/A    rv = handle2session(hSession, &session_p);
2N/A    if (rv != CKR_OK)
2N/A        return (rv);
2N/A
2N/A    if (pMechanism == NULL) {
2N/A        rv = CKR_ARGUMENTS_BAD;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    if ((pTemplate == NULL) || (ulAttributeCount == 0)) {
2N/A        rv = CKR_ARGUMENTS_BAD;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    if ((pWrappedKey == NULL) || (ulWrappedKeyLen == 0)) {
2N/A        rv = CKR_ARGUMENTS_BAD;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    if (phKey == NULL) {
2N/A        rv = CKR_ARGUMENTS_BAD;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    /* Obtain the unwrapping key object pointer. */
2N/A    HANDLE2OBJECT(hUnwrappingKey, unwrappingkey_p, rv);
2N/A    if (rv != CKR_OK) {
2N/A        rv = CKR_UNWRAPPING_KEY_HANDLE_INVALID;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    /* Check if given unwrapping key may be used for unwrapping. */
2N/A    if (!(unwrappingkey_p->bool_attr_mask & UNWRAP_BOOL_ON)) {
2N/A        rv = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
2N/A        goto clean_exit1;
2N/A    }
2N/A
2N/A    /* Check if given unwrapping key may be used to decrypt. */
2N/A    if (!(unwrappingkey_p->bool_attr_mask & DECRYPT_BOOL_ON)) {
2N/A        rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
2N/A        goto clean_exit1;
2N/A    }
2N/A
2N/A    (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A    lock_held = B_TRUE;
2N/A
2N/A    /*
2N/A     * Unwrapping key objects requires calling decrypt operations.
2N/A     * Check to see if decrypt operation is already active.
2N/A     */
2N/A    if (session_p->decrypt.flags & CRYPTO_OPERATION_ACTIVE) {
2N/A        /* free the memory to avoid memory leak */
2N/A        soft_crypt_cleanup(session_p, B_FALSE, lock_held);
2N/A    }
2N/A
2N/A    /*
2N/A     * This active flag will remain ON until application
2N/A     * is done unwrapping the key.
2N/A     */
2N/A    session_p->decrypt.flags = CRYPTO_OPERATION_ACTIVE;
2N/A
2N/A    (void) pthread_mutex_unlock(&session_p->session_mutex);
2N/A    lock_held = B_FALSE;
2N/A
2N/A    rv = soft_unwrapkey(session_p, pMechanism, unwrappingkey_p,
2N/A        pWrappedKey, ulWrappedKeyLen, pTemplate, ulAttributeCount,
2N/A        phKey);
2N/A
2N/A    (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A
2N/A    if ((rv == CKR_OK && pWrappedKey == NULL) ||
2N/A        rv == CKR_BUFFER_TOO_SMALL)
2N/A        soft_crypt_cleanup(session_p, B_TRUE, lock_held);
2N/A
2N/A    session_p->decrypt.flags = 0;
2N/A    lock_held = B_TRUE;
2N/A
2N/Aclean_exit1:
2N/A    OBJ_REFRELE(unwrappingkey_p);
2N/Aclean_exit:
2N/A    SES_REFRELE(session_p, lock_held);
2N/A    return (rv);
2N/A}
2N/A
2N/A
2N/ACK_RV
2N/AC_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
2N/A    CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate,
2N/A    CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
2N/A{
2N/A
2N/A    CK_RV       rv;
2N/A    soft_session_t  *session_p;
2N/A    soft_object_t   *basekey_p;
2N/A    boolean_t   lock_held = B_FALSE;
2N/A
2N/A    if (!softtoken_initialized)
2N/A        return (CKR_CRYPTOKI_NOT_INITIALIZED);
2N/A
2N/A    /* Obtain the session pointer. */
2N/A    rv = handle2session(hSession, &session_p);
2N/A    if (rv != CKR_OK)
2N/A        return (rv);
2N/A
2N/A    if (pMechanism == NULL) {
2N/A        rv = CKR_ARGUMENTS_BAD;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    if (((pTemplate != NULL) && (ulAttributeCount == 0)) ||
2N/A        ((pTemplate == NULL) && (ulAttributeCount != 0))) {
2N/A        rv = CKR_ARGUMENTS_BAD;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    /* Obtain the private key object pointer. */
2N/A    HANDLE2OBJECT(hBaseKey, basekey_p, rv);
2N/A    if (rv != CKR_OK)
2N/A        goto clean_exit;
2N/A
2N/A    /* Check to see if key object allows for derivation. */
2N/A    if (!(basekey_p->bool_attr_mask & DERIVE_BOOL_ON)) {
2N/A        rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
2N/A        goto clean_exit1;
2N/A    }
2N/A
2N/A    rv = soft_derivekey(session_p, pMechanism, basekey_p,
2N/A        pTemplate, ulAttributeCount, phKey);
2N/A
2N/Aclean_exit1:
2N/A    OBJ_REFRELE(basekey_p);
2N/Aclean_exit:
2N/A    SES_REFRELE(session_p, lock_held);
2N/A    return (rv);
2N/A}