search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
documented fix
[gnutls.git] / lib / pkcs11_privkey.c
blob4e90657722af72841382a956ec1cf256e896363a
1 /*
2 * GnuTLS PKCS#11 support
3 * Copyright (C) 2010-2012 Free Software Foundation, Inc.
4 *
5 * Authors: Nikos Mavrogiannopoulos, Stef Walter
6 *
7 * The GnuTLS is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public License
9 * as published by the Free Software Foundation; either version 3 of
10 * the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>
19 */
20
21 #include <gnutls_int.h>
22 #include <gnutls/pkcs11.h>
23 #include <stdio.h>
24 #include <string.h>
25 #include <gnutls_errors.h>
26 #include <gnutls_datum.h>
27 #include <pkcs11_int.h>
28 #include <gnutls_sig.h>
29 #include <gnutls_pk.h>
30 #include <p11-kit/uri.h>
31
32 struct gnutls_pkcs11_privkey_st
33 {
34 gnutls_pk_algorithm_t pk_algorithm;
35 unsigned int flags;
36 struct p11_kit_uri *info;
37
38 struct pkcs11_session_info sinfo;
39 ck_object_handle_t obj; /* the key in the session */
40
41 struct pin_info_st pin;
42 };
43
44 /**
45 * gnutls_pkcs11_privkey_init:
46 * @key: The structure to be initialized
47 *
48 * This function will initialize an private key structure.
49 *
50 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
51 * negative error value.
52 **/
53 int
54 gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key)
55 {
56 *key = gnutls_calloc (1, sizeof (struct gnutls_pkcs11_privkey_st));
57 if (*key == NULL)
58 {
59 gnutls_assert ();
60 return GNUTLS_E_MEMORY_ERROR;
61 }
62
63 (*key)->info = p11_kit_uri_new ();
64 if ((*key)->info == NULL)
65 {
66 free (*key);
67 gnutls_assert ();
68 return GNUTLS_E_MEMORY_ERROR;
69 }
70
71 return 0;
72 }
73
74 /**
75 * gnutls_pkcs11_privkey_deinit:
76 * @key: The structure to be initialized
77 *
78 * This function will deinitialize a private key structure.
79 **/
80 void
81 gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key)
82 {
83 p11_kit_uri_free (key->info);
84 if (key->sinfo.init != 0)
85 pkcs11_close_session (&key->sinfo);
86 gnutls_free (key);
87 }
88
89 /**
90 * gnutls_pkcs11_privkey_get_pk_algorithm:
91 * @key: should contain a #gnutls_pkcs11_privkey_t structure
92 * @bits: if bits is non null it will hold the size of the parameters' in bits
93 *
94 * This function will return the public key algorithm of a private
95 * key.
96 *
97 * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
98 * success, or a negative error code on error.
99 **/
100 int
101 gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key,
102 unsigned int *bits)
103 {
104 if (bits)
105 *bits = 0; /* FIXME */
106 return key->pk_algorithm;
107 }
108
109 /**
110 * gnutls_pkcs11_privkey_get_info:
111 * @pkey: should contain a #gnutls_pkcs11_privkey_t structure
112 * @itype: Denotes the type of information requested
113 * @output: where output will be stored
114 * @output_size: contains the maximum size of the output and will be overwritten with actual
115 *
116 * This function will return information about the PKCS 11 private key such
117 * as the label, id as well as token information where the key is stored. When
118 * output is text it returns null terminated string although #output_size contains
119 * the size of the actual data only.
120 *
121 * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error.
122 **/
123 int
124 gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t pkey,
125 gnutls_pkcs11_obj_info_t itype,
126 void *output, size_t * output_size)
127 {
128 return pkcs11_get_info (pkey->info, itype, output, output_size);
129 }
130
131
132 #define FIND_OBJECT(sinfo, pin_info, obj, key) \
133 do { \
134 int retries = 0; \
135 int rret; \
136 ret = pkcs11_find_object (sinfo, pin_info, &obj, key->info, \
137 SESSION_LOGIN); \
138 if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { \
139 if (_gnutls_token_func) \
140 { \
141 rret = pkcs11_call_token_func (key->info, retries++); \
142 if (rret == 0) continue; \
143 } \
144 return gnutls_assert_val(ret); \
145 } else if (ret < 0) { \
146 return gnutls_assert_val(ret); \
147 } \
148 } while (0);
149
150
151 /*-
152 * _gnutls_pkcs11_privkey_sign_hash:
153 * @key: Holds the key
154 * @hash: holds the data to be signed (should be output of a hash)
155 * @signature: will contain the signature allocated with gnutls_malloc()
156 *
157 * This function will sign the given data using a signature algorithm
158 * supported by the private key. It is assumed that the given data
159 * are the output of a hash function.
160 *
161 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
162 * negative error value.
163 -*/
164 int
165 _gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
166 const gnutls_datum_t * hash,
167 gnutls_datum_t * signature)
168 {
169 ck_rv_t rv;
170 int ret;
171 struct ck_mechanism mech;
172 gnutls_datum_t tmp = {NULL, 0};
173 unsigned long siglen;
174 struct pkcs11_session_info _sinfo;
175 struct pkcs11_session_info *sinfo;
176 ck_object_handle_t obj;
177
178 if (key->sinfo.init != 0)
179 {
180 sinfo = &key->sinfo;
181 obj = key->obj;
182 }
183 else
184 {
185 sinfo = &_sinfo;
186 memset(sinfo, 0, sizeof(*sinfo));
187 FIND_OBJECT (sinfo, &key->pin, obj, key);
188 }
189
190 mech.mechanism = pk_to_mech(key->pk_algorithm);
191 mech.parameter = NULL;
192 mech.parameter_len = 0;
193
194 /* Initialize signing operation; using the private key discovered
195 * earlier. */
196 rv = pkcs11_sign_init (sinfo->module, sinfo->pks, &mech, obj);
197 if (rv != CKR_OK)
198 {
199 gnutls_assert ();
200 ret = pkcs11_rv_to_err (rv);
201 goto cleanup;
202 }
203
204 /* Work out how long the signature must be: */
205 rv = pkcs11_sign (sinfo->module, sinfo->pks, hash->data, hash->size, NULL, &siglen);
206 if (rv != CKR_OK)
207 {
208 gnutls_assert ();
209 ret = pkcs11_rv_to_err (rv);
210 goto cleanup;
211 }
212
213 tmp.data = gnutls_malloc (siglen);
214 tmp.size = siglen;
215
216 rv = pkcs11_sign (sinfo->module, sinfo->pks, hash->data, hash->size, tmp.data, &siglen);
217 if (rv != CKR_OK)
218 {
219 gnutls_assert ();
220 ret = pkcs11_rv_to_err (rv);
221 goto cleanup;
222 }
223
224
225 if (key->pk_algorithm == GNUTLS_PK_EC || key->pk_algorithm == GNUTLS_PK_DSA)
226 {
227 unsigned int hlen = siglen / 2;
228 gnutls_datum_t r, s;
229
230 if (siglen % 2 != 0)
231 {
232 gnutls_assert();
233 ret = GNUTLS_E_PK_SIGN_FAILED;
234 goto cleanup;
235 }
236
237 r.data = tmp.data;
238 r.size = hlen;
239
240 s.data = &tmp.data[hlen];
241 s.size = hlen;
242
243 ret = _gnutls_encode_ber_rs_raw (signature, &r, &s);
244 if (ret < 0)
245 {
246 gnutls_assert();
247 goto cleanup;
248 }
249
250 gnutls_free(tmp.data);
251 tmp.data = NULL;
252 }
253 else
254 {
255 signature->size = siglen;
256 signature->data = tmp.data;
257 }
258
259 ret = 0;
260
261 cleanup:
262 if (sinfo != &key->sinfo)
263 pkcs11_close_session (sinfo);
264 if (ret < 0)
265 gnutls_free(tmp.data);
266
267 return ret;
268 }
269
270 /**
271 * gnutls_pkcs11_privkey_import_url:
272 * @pkey: The structure to store the parsed key
273 * @url: a PKCS 11 url identifying the key
274 * @flags: sequence of GNUTLS_PKCS_PRIVKEY_*
275 *
276 * This function will "import" a PKCS 11 URL identifying a private
277 * key to the #gnutls_pkcs11_privkey_t structure. In reality since
278 * in most cases keys cannot be exported, the private key structure
279 * is being associated with the available operations on the token.
280 *
281 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
282 * negative error value.
283 **/
284 int
285 gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t pkey,
286 const char *url, unsigned int flags)
287 {
288 int ret;
289 struct ck_attribute *attr;
290 ck_object_handle_t obj;
291 struct ck_attribute a[4];
292 ck_key_type_t key_type;
293 struct pkcs11_session_info sinfo;
294
295 memset(&sinfo, 0, sizeof(sinfo));
296
297 ret = pkcs11_url_to_info (url, &pkey->info);
298 if (ret < 0)
299 {
300 gnutls_assert ();
301 return ret;
302 }
303
304 pkey->flags = flags;
305
306 attr = p11_kit_uri_get_attribute (pkey->info, CKA_CLASS);
307 if (!attr || attr->value_len != sizeof (ck_object_class_t) ||
308 *(ck_object_class_t*)attr->value != CKO_PRIVATE_KEY)
309 {
310 gnutls_assert ();
311 return GNUTLS_E_INVALID_REQUEST;
312 }
313
314 attr = p11_kit_uri_get_attribute (pkey->info, CKA_ID);
315 if (!attr || !attr->value_len)
316 {
317 attr = p11_kit_uri_get_attribute (pkey->info, CKA_LABEL);
318 if (!attr || !attr->value_len)
319 {
320 gnutls_assert ();
321 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
322 }
323 }
324
325 FIND_OBJECT (&sinfo, &pkey->pin, obj, pkey);
326
327 a[0].type = CKA_KEY_TYPE;
328 a[0].value = &key_type;
329 a[0].value_len = sizeof (key_type);
330
331 if (pkcs11_get_attribute_value (sinfo.module, sinfo.pks, obj, a, 1) == CKR_OK)
332 {
333 pkey->pk_algorithm = mech_to_pk(key_type);
334 if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN)
335 {
336 _gnutls_debug_log("Cannot determine PKCS #11 key algorithm\n");
337 ret = GNUTLS_E_UNKNOWN_ALGORITHM;
338 goto cleanup;
339 }
340 }
341
342 ret = 0;
343
344 if (pkey->sinfo.init)
345 pkcs11_close_session (&pkey->sinfo);
346
347 if (sinfo.tinfo.max_session_count != 1)
348 {
349 /* We do not keep the session open in tokens that can
350 * only support a single session.
351 */
352 memcpy(&pkey->sinfo, &sinfo, sizeof(pkey->sinfo));
353 pkey->obj = obj;
354 return ret;
355 }
356
357 cleanup:
358 pkcs11_close_session (&sinfo);
359
360 return ret;
361 }
362
363 /*-
364 * _gnutls_pkcs11_privkey_decrypt_data:
365 * @key: Holds the key
366 * @flags: should be 0 for now
367 * @ciphertext: holds the data to be signed
368 * @plaintext: will contain the plaintext, allocated with gnutls_malloc()
369 *
370 * This function will decrypt the given data using the public key algorithm
371 * supported by the private key.
372 *
373 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
374 * negative error value.
375 -*/
376 int
377 _gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key,
378 unsigned int flags,
379 const gnutls_datum_t * ciphertext,
380 gnutls_datum_t * plaintext)
381 {
382 ck_rv_t rv;
383 int ret;
384 struct ck_mechanism mech;
385 unsigned long siglen;
386 ck_object_handle_t obj;
387 struct pkcs11_session_info _sinfo;
388 struct pkcs11_session_info *sinfo;
389
390 if (key->sinfo.init != 0)
391 {
392 sinfo = &key->sinfo;
393 obj = key->obj;
394 }
395 else
396 {
397 sinfo = &_sinfo;
398 memset(sinfo, 0, sizeof(*sinfo));
399 FIND_OBJECT (sinfo, &key->pin, obj, key);
400 }
401
402 if (key->pk_algorithm != GNUTLS_PK_RSA)
403 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
404
405 mech.mechanism = CKM_RSA_PKCS;
406 mech.parameter = NULL;
407 mech.parameter_len = 0;
408
409 /* Initialize signing operation; using the private key discovered
410 * earlier. */
411 rv = pkcs11_decrypt_init (sinfo->module, sinfo->pks, &mech, obj);
412 if (rv != CKR_OK)
413 {
414 gnutls_assert ();
415 ret = pkcs11_rv_to_err (rv);
416 goto cleanup;
417 }
418
419 /* Work out how long the plaintext must be: */
420 rv = pkcs11_decrypt (sinfo->module, sinfo->pks, ciphertext->data, ciphertext->size,
421 NULL, &siglen);
422 if (rv != CKR_OK)
423 {
424 gnutls_assert ();
425 ret = pkcs11_rv_to_err (rv);
426 goto cleanup;
427 }
428
429 plaintext->data = gnutls_malloc (siglen);
430 plaintext->size = siglen;
431
432 rv = pkcs11_decrypt (sinfo->module, sinfo->pks, ciphertext->data, ciphertext->size,
433 plaintext->data, &siglen);
434 if (rv != CKR_OK)
435 {
436 gnutls_free (plaintext->data);
437 gnutls_assert ();
438 ret = pkcs11_rv_to_err (rv);
439 goto cleanup;
440 }
441
442 plaintext->size = siglen;
443
444 ret = 0;
445
446 cleanup:
447 if (key->sinfo.init == 0)
448 pkcs11_close_session (sinfo);
449
450 return ret;
451 }
452
453 /**
454 * gnutls_pkcs11_privkey_export_url:
455 * @key: Holds the PKCS 11 key
456 * @detailed: non zero if a detailed URL is required
457 * @url: will contain an allocated url
458 *
459 * This function will export a URL identifying the given key.
460 *
461 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
462 * negative error value.
463 **/
464 int
465 gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key,
466 gnutls_pkcs11_url_type_t detailed,
467 char **url)
468 {
469 int ret;
470
471 ret = pkcs11_info_to_url (key->info, detailed, url);
472 if (ret < 0)
473 {
474 gnutls_assert ();
475 return ret;
476 }
477
478 return 0;
479 }
480
481
482 /**
483 * gnutls_pkcs11_privkey_generate:
484 * @url: a token URL
485 * @pk: the public key algorithm
486 * @bits: the security bits
487 * @label: a label
488 * @flags: should be zero
489 *
490 * This function will generate a private key in the specified
491 * by the @url token. The private key will be generate within
492 * the token and will not be exportable.
493 *
494 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
495 * negative error value.
496 *
497 * Since: 3.0
498 **/
499 int
500 gnutls_pkcs11_privkey_generate (const char* url, gnutls_pk_algorithm_t pk,
501 unsigned int bits, const char* label,
502 unsigned int flags)
503 {
504 int ret;
505 const ck_bool_t tval = 1;
506 const ck_bool_t fval = 0;
507 struct pkcs11_session_info sinfo;
508 struct p11_kit_uri *info = NULL;
509 ck_rv_t rv;
510 struct ck_attribute a[10], p[10];
511 ck_object_handle_t pub, priv;
512 unsigned long _bits = bits;
513 int a_val, p_val;
514 struct ck_mechanism mech;
515
516 memset(&sinfo, 0, sizeof(sinfo));
517
518 ret = pkcs11_url_to_info (url, &info);
519 if (ret < 0)
520 {
521 gnutls_assert ();
522 return ret;
523 }
524
525 ret =
526 pkcs11_open_session (&sinfo, NULL, info,
527 SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
528 p11_kit_uri_free (info);
529
530 if (ret < 0)
531 {
532 gnutls_assert ();
533 goto cleanup;
534 }
535
536 /* a holds the public key template
537 * and p the private key */
538 a_val = p_val = 0;
539 mech.parameter = NULL;
540 mech.parameter_len = 0;
541 mech.mechanism = pk_to_genmech(pk);
542
543 switch(pk)
544 {
545 case GNUTLS_PK_RSA:
546 p[p_val].type = CKA_DECRYPT;
547 p[p_val].value = (void*)&tval;
548 p[p_val].value_len = sizeof (tval);
549 p_val++;
550
551 p[p_val].type = CKA_SIGN;
552 p[p_val].value = (void*)&tval;
553 p[p_val].value_len = sizeof (tval);
554 p_val++;
555
556 a[a_val].type = CKA_ENCRYPT;
557 a[a_val].value = (void*)&tval;
558 a[a_val].value_len = sizeof (tval);
559 a_val++;
560
561 a[a_val].type = CKA_VERIFY;
562 a[a_val].value = (void*)&tval;
563 a[a_val].value_len = sizeof (tval);
564 a_val++;
565
566 a[a_val].type = CKA_MODULUS_BITS;
567 a[a_val].value = &_bits;
568 a[a_val].value_len = sizeof (_bits);
569 a_val++;
570 break;
571 case GNUTLS_PK_DSA:
572 p[p_val].type = CKA_SIGN;
573 p[p_val].value = (void*)&tval;
574 p[p_val].value_len = sizeof (tval);
575 p_val++;
576
577 a[a_val].type = CKA_VERIFY;
578 a[a_val].value = (void*)&tval;
579 a[a_val].value_len = sizeof (tval);
580 a_val++;
581
582 a[a_val].type = CKA_MODULUS_BITS;
583 a[a_val].value = &_bits;
584 a[a_val].value_len = sizeof (_bits);
585 a_val++;
586 break;
587 case GNUTLS_PK_EC:
588 p[p_val].type = CKA_SIGN;
589 p[p_val].value = (void*)&tval;
590 p[p_val].value_len = sizeof (tval);
591 p_val++;
592
593 a[a_val].type = CKA_VERIFY;
594 a[a_val].value = (void*)&tval;
595 a[a_val].value_len = sizeof (tval);
596 a_val++;
597
598 a[a_val].type = CKA_MODULUS_BITS;
599 a[a_val].value = &_bits;
600 a[a_val].value_len = sizeof (_bits);
601 a_val++;
602 break;
603 default:
604 ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
605 goto cleanup;
606 }
607
608 /* a private key is set always as private unless
609 * requested otherwise
610 */
611 if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE)
612 {
613 p[p_val].type = CKA_PRIVATE;
614 p[p_val].value = (void*)&fval;
615 p[p_val].value_len = sizeof(fval);
616 p_val++;
617 }
618 else
619 {
620 p[p_val].type = CKA_PRIVATE;
621 p[p_val].value = (void*)&tval;
622 p[p_val].value_len = sizeof (tval);
623 p_val++;
624 }
625
626 p[p_val].type = CKA_TOKEN;
627 p[p_val].value = (void *)&tval;
628 p[p_val].value_len = sizeof (tval);
629 p_val++;
630
631 if (label)
632 {
633 p[p_val].type = CKA_LABEL;
634 p[p_val].value = (void*)label;
635 p[p_val].value_len = strlen (label);
636 p_val++;
637
638 a[a_val].type = CKA_LABEL;
639 a[a_val].value = (void*)label;
640 a[a_val].value_len = strlen (label);
641 a_val++;
642 }
643
644 if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
645 {
646 p[p_val].type = CKA_SENSITIVE;
647 p[p_val].value = (void*)&tval;
648 p[p_val].value_len = sizeof (tval);
649 p_val++;
650 }
651 else
652 {
653 p[p_val].type = CKA_SENSITIVE;
654 p[p_val].value = (void*)&fval;
655 p[p_val].value_len = sizeof (fval);
656 p_val++;
657 }
658
659 rv = pkcs11_generate_key_pair( sinfo.module, sinfo.pks, &mech, a, a_val, p, p_val, &pub, &priv);
660 if (rv != CKR_OK)
661 {
662 gnutls_assert ();
663 _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
664 ret = pkcs11_rv_to_err (rv);
665 goto cleanup;
666 }
667
668
669 cleanup:
670 if (sinfo.pks != 0)
671 pkcs11_close_session (&sinfo);
672
673 return ret;
674 }
675
676 /**
677 * gnutls_pkcs11_privkey_set_pin_function:
678 * @key: The private key
679 * @fn: the callback
680 * @userdata: data associated with the callback
681 *
682 * This function will set a callback function to be used when
683 * required to access the object. This function overrides the global
684 * set using gnutls_pkcs11_set_pin_function().
685 *
686 * Since: 3.1.0
687 *
688 **/
689 void
690 gnutls_pkcs11_privkey_set_pin_function (gnutls_pkcs11_privkey_t key,
691 gnutls_pin_callback_t fn,
692 void *userdata)
693 {
694 key->pin.cb = fn;
695 key->pin.data = userdata;
696 }
Implementation of the SSL/TLS protocol