search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge illumos-gate
[unleashed/lotheac.git] / usr / src / lib / pkcs11 / pkcs11_softtoken / common / softKeystore.c
blob512ac0d5bc4b8d8a8ee7d180224dd403544e0801
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2018, Joyent, Inc.
24 */
25
26 #include <crypt.h>
27 #include <cryptoutil.h>
28 #include <pwd.h>
29 #include <pthread.h>
30 #include <stdlib.h>
31 #include <string.h>
32 #include <strings.h>
33 #include <sys/types.h>
34 #include <sys/sysmacros.h>
35 #include <security/cryptoki.h>
36 #include "softGlobal.h"
37 #include "softCrypt.h"
38 #include "softSession.h"
39 #include "softObject.h"
40 #include "softKeys.h"
41 #include "softKeystore.h"
42 #include "softKeystoreUtil.h"
43 #include "softMAC.h"
44 #include "softOps.h"
45
46 soft_session_t token_session;
47
48 /*
49 * soft_gen_hashed_pin()
50 *
51 * Arguments:
52 *
53 * pPin: pointer to caller provided Pin
54 * result: output argument which contains the address of the
55 * pointer to the hashed pin
56 * salt: input argument (if non-NULL), or
57 * output argument (if NULL):
58 * address of pointer to the "salt" of the hashed pin
59 *
60 * Description:
61 *
62 * Generate a hashed pin using system provided crypt(3C) function.
63 *
64 * Returns:
65 *
66 * 0: no error
67 * -1: some error occurred while generating the hashed pin
68 *
69 */
70 int
71 soft_gen_hashed_pin(CK_UTF8CHAR_PTR pPin, char **result, char **salt)
72 {
73
74 uid_t uid;
75 struct passwd pwd, *pw;
76 char pwdbuf[PWD_BUFFER_SIZE];
77 boolean_t new_salt = B_FALSE;
78
79 /*
80 * We need to get the passwd entry of the application, which is required
81 * by the crypt_gensalt() below.
82 */
83 uid = geteuid();
84 if (getpwuid_r(uid, &pwd, pwdbuf, PWD_BUFFER_SIZE, &pw) != 0) {
85 return (-1);
86 }
87
88 if (*salt == NULL) {
89 new_salt = B_TRUE;
90 /*
91 * crypt_gensalt() will allocate memory to store the new salt.
92 * on return. Pass "$5" here to default to crypt_sha256 since
93 * SHA256 is a FIPS 140-2 certified algorithm and we shouldn't
94 * assume the system default is that strong.
95 */
96 if ((*salt = crypt_gensalt("$5", pw)) == NULL) {
97 return (-1);
98 }
99 }
100
101 if ((*result = crypt((char *)pPin, *salt)) == NULL) {
102 if (new_salt) {
103 size_t saltlen = strlen(*salt) + 1;
104
105 freezero(*salt, saltlen);
106 }
107 return (-1);
108 }
109
110 return (0);
111 }
112
113 /*
114 * Authenticate user's PIN for C_Login.
115 */
116 CK_RV
117 soft_verify_pin(CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
118 {
119
120 char *user_cryptpin = NULL;
121 char *ks_cryptpin = NULL;
122 char *salt = NULL;
123 uchar_t *tmp_pin = NULL;
124 boolean_t pin_initialized = B_FALSE;
125 CK_RV rv = CKR_OK;
126
127 /*
128 * Check to see if keystore is initialized.
129 */
130 rv = soft_keystore_pin_initialized(&pin_initialized, &ks_cryptpin,
131 B_FALSE);
132 if (rv != CKR_OK)
133 return (rv);
134
135 /*
136 * Authenticate user's PIN for C_Login.
137 */
138 if (pin_initialized) {
139
140 if (soft_keystore_get_pin_salt(&salt) < 0) {
141 rv = CKR_FUNCTION_FAILED;
142 goto cleanup;
143 }
144
145 /*
146 * Generate the hashed value based on the user's supplied pin.
147 */
148 tmp_pin = malloc(ulPinLen + 1);
149 if (tmp_pin == NULL) {
150 rv = CKR_HOST_MEMORY;
151 goto cleanup;
152 }
153
154 (void) memcpy(tmp_pin, pPin, ulPinLen);
155 tmp_pin[ulPinLen] = '\0';
156
157 if (soft_gen_hashed_pin(tmp_pin, &user_cryptpin, &salt) < 0) {
158 rv = CKR_FUNCTION_FAILED;
159 goto cleanup;
160 }
161
162 /*
163 * Compare hash value of the user supplied PIN with
164 * hash value of the keystore PIN.
165 */
166 if (strcmp(user_cryptpin, ks_cryptpin) != 0) {
167 rv = CKR_PIN_INCORRECT;
168 goto cleanup;
169 }
170
171 /*
172 * Provide the user's PIN to low-level keystore so that
173 * it can use it to generate encryption key as needed for
174 * encryption/decryption of the private objects in
175 * keystore.
176 */
177 if (soft_keystore_authpin(tmp_pin) != 0) {
178 rv = CKR_FUNCTION_FAILED;
179 } else {
180 rv = CKR_OK;
181 }
182 goto cleanup;
183 } else {
184 /*
185 * The PIN is not initialized in the keystore
186 * We will let it pass the authentication anyway but set the
187 * "userpin_change_needed" flag so that the application
188 * will get CKR_PIN_EXPIRED by other C_functions such as
189 * C_CreateObject, C_FindObjectInit, C_GenerateKey etc.
190 */
191 soft_slot.userpin_change_needed = 1;
192 rv = CKR_OK;
193 }
194
195 cleanup:
196 freezero(salt, salt ? (strlen(salt) + 1) : 0);
197 freezero(tmp_pin, tmp_pin ? (strlen((char *)tmp_pin) + 1) : 0);
198 freezero(ks_cryptpin, ks_cryptpin ? (strlen(ks_cryptpin) + 1) : 0);
199 return (rv);
200 }
201
202 /*
203 * The second level C_SetPIN function.
204 */
205 CK_RV
206 soft_setpin(CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldPinLen,
207 CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewPinLen)
208 {
209
210 char *user_cryptpin = NULL;
211 char *ks_cryptpin = NULL;
212 char *salt = NULL;
213 boolean_t pin_initialized = B_FALSE;
214 uchar_t *tmp_old_pin = NULL, *tmp_new_pin = NULL;
215 CK_RV rv = CKR_OK;
216 size_t len = 0;
217
218 /*
219 * Check to see if keystore is initialized.
220 */
221 rv = soft_keystore_pin_initialized(&pin_initialized, &ks_cryptpin,
222 B_FALSE);
223 if (rv != CKR_OK)
224 return (rv);
225
226 /*
227 * Authenticate user's PIN for C_SetPIN.
228 */
229 if (pin_initialized) {
230 /*
231 * Generate the hashed value based on the user supplied PIN.
232 */
233 if (soft_keystore_get_pin_salt(&salt) < 0) {
234 rv = CKR_FUNCTION_FAILED;
235 goto cleanup;
236 }
237
238 tmp_old_pin = malloc(ulOldPinLen + 1);
239 if (tmp_old_pin == NULL) {
240 rv = CKR_HOST_MEMORY;
241 goto cleanup;
242 }
243 (void) memcpy(tmp_old_pin, pOldPin, ulOldPinLen);
244 tmp_old_pin[ulOldPinLen] = '\0';
245
246 if (soft_gen_hashed_pin(tmp_old_pin, &user_cryptpin,
247 &salt) < 0) {
248 rv = CKR_FUNCTION_FAILED;
249 goto cleanup;
250 }
251
252 /*
253 * Compare hashed value of the user supplied PIN with the
254 * hashed value of the keystore PIN.
255 */
256 if (strcmp(user_cryptpin, ks_cryptpin) != 0) {
257 rv = CKR_PIN_INCORRECT;
258 goto cleanup;
259 }
260 } else {
261 /*
262 * This is the first time to setpin, the oldpin must be
263 * "changeme".
264 */
265 if (strncmp("changeme", (const char *)pOldPin,
266 ulOldPinLen) != 0) {
267 rv = CKR_PIN_INCORRECT;
268 goto cleanup;
269 }
270 }
271
272 tmp_new_pin = malloc(ulNewPinLen + 1);
273 if (tmp_new_pin == NULL) {
274 rv = CKR_HOST_MEMORY;
275 goto cleanup;
276 }
277 (void) memcpy(tmp_new_pin, pNewPin, ulNewPinLen);
278 tmp_new_pin[ulNewPinLen] = '\0';
279
280 /*
281 * Set the new pin after the old pin is authenticated.
282 */
283 if (soft_keystore_setpin(tmp_old_pin, tmp_new_pin, B_FALSE)) {
284 rv = CKR_FUNCTION_FAILED;
285 goto cleanup;
286 } else {
287 (void) pthread_mutex_lock(&soft_giant_mutex);
288 soft_slot.userpin_change_needed = 0;
289 (void) pthread_mutex_unlock(&soft_giant_mutex);
290 rv = CKR_OK;
291 }
292
293 cleanup:
294 freezero(salt, salt ? (strlen(salt) + 1) : 0);
295 freezero(ks_cryptpin, ks_cryptpin ? (strlen(ks_cryptpin) + 1) : 0);
296 freezero(tmp_old_pin, tmp_old_pin ? (strlen((char *)tmp_old_pin) + 1) : 0);
297 freezero(tmp_new_pin, tmp_new_pin ? (strlen((char *)tmp_new_pin) + 1) : 0);
298
299 return (rv);
300 }
301
302 /*
303 * soft_keystore_pack_obj()
304 *
305 * Arguments:
306 *
307 * obj: pointer to the soft_object_t of the token object to
308 * be packed
309 * ks_buf: output argument which contains the address of the
310 * pointer to the buf of the packed token object
311 * soft_keystore_pack_obj() will allocate memory for the buf,
312 * it is caller's responsibility to free it.
313 * len: output argument which contains the address of the
314 * buffer length of the packed token object
315 *
316 * Description:
317 *
318 * Pack the in-core token object into the keystore format.
319 *
320 * Returns:
321 *
322 * CKR_OK: no error
323 * Other: some error occurred while packing the object
324 *
325 */
326 CK_RV
327 soft_keystore_pack_obj(soft_object_t *obj, uchar_t **ks_buf, size_t *len)
328 {
329 ks_obj_hdr_t hdr;
330 ks_attr_hdr_t attr_hdr;
331 CK_ATTRIBUTE_INFO_PTR extra_attr;
332 int num_attrs = 0;
333 ulong_t len_attrs = 0;
334 size_t ks_len;
335 uchar_t *buf, *buf1;
336 CK_RV rv;
337 int i;
338
339 (void) memset(&hdr, 0, sizeof (ks_obj_hdr_t));
340
341 /*
342 * The first part of the packed format contains
343 * the ks_obj_hdr_t struct.
344 */
345 hdr.class = SWAP64((uint64_t)obj->class);
346 hdr.key_type = SWAP64((uint64_t)obj->key_type);
347 hdr.cert_type = SWAP64((uint64_t)obj->cert_type);
348 hdr.bool_attr_mask = SWAP64(obj->bool_attr_mask);
349 hdr.mechanism = SWAP64((uint64_t)obj->mechanism);
350 hdr.object_type = obj->object_type;
351
352 /*
353 * The second part of the packed format contains
354 * the attributes from the extra atrribute list.
355 */
356 extra_attr = obj->extra_attrlistp;
357
358 while (extra_attr) {
359 num_attrs++;
360 len_attrs += ROUNDUP(extra_attr->attr.ulValueLen, 8);
361 extra_attr = extra_attr->next;
362 }
363 hdr.num_attrs = SWAP32(num_attrs);
364 ks_len = soft_pack_object_size(obj);
365 ks_len += sizeof (ks_obj_hdr_t) + len_attrs +
366 2 * num_attrs * sizeof (uint64_t);
367 buf = calloc(1, ks_len);
368 if (buf == NULL) {
369 return (CKR_HOST_MEMORY);
370 }
371 (void) memcpy(buf, &hdr, sizeof (ks_obj_hdr_t));
372 buf1 = buf + sizeof (ks_obj_hdr_t);
373 extra_attr = obj->extra_attrlistp;
374 for (i = 0; i < num_attrs; i++) {
375 attr_hdr.type = SWAP64((uint64_t)extra_attr->attr.type);
376 attr_hdr.ulValueLen =
377 SWAP64((uint64_t)extra_attr->attr.ulValueLen);
378 (void) memcpy(buf1, &attr_hdr, sizeof (ks_attr_hdr_t));
379 buf1 = buf1 + sizeof (ks_attr_hdr_t);
380 (void) memcpy(buf1, extra_attr->attr.pValue,
381 extra_attr->attr.ulValueLen);
382 buf1 = buf1 + ROUNDUP(extra_attr->attr.ulValueLen, 8);
383 extra_attr = extra_attr->next;
384 }
385
386 /*
387 * The third part of the packed format contains
388 * the key itself.
389 */
390 rv = soft_pack_object(obj, buf1);
391 *len = ks_len;
392 *ks_buf = buf;
393
394 return (rv);
395
396 }
397
398 /*
399 * soft_keystore_unpack_obj()
400 *
401 * Arguments:
402 *
403 * obj: pointer to the soft_object_t to store the unpacked
404 * token object
405 * ks_obj: input argument which contains the pointer to the
406 * ks_obj_t struct of packed token object to be unpacked
407 *
408 * Description:
409 *
410 * Unpack the token object in keystore format to in-core soft_object_t.
411 *
412 * Returns:
413 *
414 * CKR_OK: no error
415 * Other: some error occurred while unpacking the object
416 *
417 */
418 CK_RV
419 soft_keystore_unpack_obj(soft_object_t *obj, ks_obj_t *ks_obj)
420 {
421
422 CK_RV rv;
423 ks_obj_hdr_t *hdr;
424 ks_attr_hdr_t *attr_hdr;
425 CK_ATTRIBUTE template;
426 int i;
427 uchar_t *buf;
428
429 /*
430 * Unpack the common area.
431 */
432 (void) strcpy((char *)obj->ks_handle.name,
433 (char *)ks_obj->ks_handle.name);
434 obj->ks_handle.public = ks_obj->ks_handle.public;
435 /* LINTED: pointer alignment */
436 hdr = (ks_obj_hdr_t *)ks_obj->buf;
437 obj->version = ks_obj->obj_version;
438 obj->class = (CK_OBJECT_CLASS)(SWAP64(hdr->class));
439 obj->key_type = (CK_KEY_TYPE)(SWAP64(hdr->key_type));
440 obj->cert_type = (CK_CERTIFICATE_TYPE)(SWAP64(hdr->cert_type));
441 obj->bool_attr_mask = SWAP64(hdr->bool_attr_mask);
442 obj->mechanism = (CK_MECHANISM_TYPE)(SWAP64(hdr->mechanism));
443 obj->object_type = hdr->object_type;
444
445 /*
446 * Initialize other stuffs which were not from keystore.
447 */
448 (void) pthread_mutex_init(&obj->object_mutex, NULL);
449 obj->magic_marker = SOFTTOKEN_OBJECT_MAGIC;
450 obj->session_handle = (CK_SESSION_HANDLE)NULL;
451
452 buf = ks_obj->buf + sizeof (ks_obj_hdr_t);
453
454 /*
455 * Unpack extra attribute list.
456 */
457 for (i = 0; i < SWAP32(hdr->num_attrs); i++) {
458 /* LINTED: pointer alignment */
459 attr_hdr = (ks_attr_hdr_t *)buf;
460 (void) memset(&template, 0, sizeof (CK_ATTRIBUTE));
461 template.type = (CK_ATTRIBUTE_TYPE)(SWAP64(attr_hdr->type));
462 template.ulValueLen = (CK_ULONG)(SWAP64(attr_hdr->ulValueLen));
463 buf = buf + sizeof (ks_attr_hdr_t);
464 /* Allocate storage for the value of the attribute. */
465 if (template.ulValueLen > 0) {
466 template.pValue = malloc(template.ulValueLen);
467 if (template.pValue == NULL) {
468 return (CKR_HOST_MEMORY);
469 }
470 (void) memcpy(template.pValue, buf,
471 template.ulValueLen);
472 }
473
474 rv = soft_add_extra_attr(&template, obj);
475 freezero(template.pValue, template.ulValueLen);
476
477 if (rv != CKR_OK) {
478 return (rv);
479 }
480
481 buf = buf + ROUNDUP(template.ulValueLen, 8);
482 }
483
484 /*
485 * Unpack the key itself.
486 */
487 rv = soft_unpack_object(obj, buf);
488 return (rv);
489
490 }
491
492
493 /*
494 * soft_unpack_obj_attribute()
495 *
496 * Arguments:
497 *
498 * buf: contains the packed data (attributes) from keystore
499 * key_dest: the key attribute will be unpacked and save in key_dest
500 * cert_dest: the certificate attribute will be unpacked an
501 * in cert_dest
502 * offset: length of the current attribute occupies.
503 * The caller should use this returned "offset" to
504 * advance the buffer pointer to next attribute.
505 * cert: TRUE for certificate (use cert_dest)
506 * FALSE for key (use key_dest)
507 *
508 * Description:
509 *
510 * Unpack the attribute from keystore format to the big integer format.
511 *
512 * Returns:
513 *
514 * CKR_OK: no error
515 * Other: some error occurred while unpacking the object attribute
516 *
517 */
518 CK_RV
519 soft_unpack_obj_attribute(uchar_t *buf, biginteger_t *key_dest,
520 cert_attr_t **cert_dest, ulong_t *offset, boolean_t cert)
521 {
522
523 CK_RV rv;
524 CK_ATTRIBUTE template;
525
526 /* LINTED: pointer alignment */
527 template.ulValueLen = SWAP64(*(uint64_t *)buf);
528 buf = buf + sizeof (uint64_t);
529 template.pValue = malloc(template.ulValueLen);
530 if (template.pValue == NULL) {
531 return (CKR_HOST_MEMORY);
532 }
533
534 (void) memcpy(template.pValue, buf, template.ulValueLen);
535 if (cert) {
536 rv = get_cert_attr_from_template(cert_dest, &template);
537 } else {
538 rv = get_bigint_attr_from_template(key_dest, &template);
539 }
540
541 freezero(template.pValue, template.ulValueLen);
542 if (rv != CKR_OK) {
543 return (rv);
544 }
545
546 *offset = sizeof (uint64_t) + template.ulValueLen;
547 return (CKR_OK);
548 }
549
550
551 /*
552 * Calculate the total buffer length required to store the
553 * object key (the third part) in a keystore format.
554 */
555 ulong_t
556 soft_pack_object_size(soft_object_t *objp)
557 {
558
559 CK_OBJECT_CLASS class = objp->class;
560 CK_KEY_TYPE keytype = objp->key_type;
561 CK_CERTIFICATE_TYPE certtype = objp->cert_type;
562
563 switch (class) {
564 case CKO_PUBLIC_KEY:
565 switch (keytype) {
566 case CKK_RSA:
567 /*
568 * modulus_bits + modulus_len + modulus +
569 * pubexpo_len + pubexpo
570 */
571 return (ROUNDUP(((biginteger_t *)
572 OBJ_PUB_RSA_MOD(objp))->big_value_len, 8) +
573 ROUNDUP(((biginteger_t *)
574 OBJ_PUB_RSA_PUBEXPO(objp))->big_value_len, 8) +
575 3 * sizeof (uint64_t));
576
577 case CKK_DSA:
578 /*
579 * prime_len + prime + subprime_len + subprime +
580 * base_len + base + value_len + value
581 */
582 return (ROUNDUP(((biginteger_t *)
583 OBJ_PUB_DSA_PRIME(objp))->big_value_len, 8) +
584 ROUNDUP(((biginteger_t *)
585 OBJ_PUB_DSA_SUBPRIME(objp))->big_value_len, 8) +
586 ROUNDUP(((biginteger_t *)
587 OBJ_PUB_DSA_BASE(objp))->big_value_len, 8) +
588 ROUNDUP(((biginteger_t *)
589 OBJ_PUB_DSA_VALUE(objp))->big_value_len, 8) +
590 4 * sizeof (uint64_t));
591 case CKK_EC:
592 /*
593 * ec_point_len + ec_point
594 */
595 return (ROUNDUP(((biginteger_t *)
596 OBJ_PUB_EC_POINT(objp))->big_value_len, 8) +
597 sizeof (uint64_t));
598 case CKK_DH:
599 /*
600 * prime_len + prime + base_len + base +
601 * value_len + value
602 */
603 return (ROUNDUP(((biginteger_t *)
604 OBJ_PUB_DH_PRIME(objp))->big_value_len, 8) +
605 ROUNDUP(((biginteger_t *)
606 OBJ_PUB_DH_BASE(objp))->big_value_len, 8) +
607 ROUNDUP(((biginteger_t *)
608 OBJ_PUB_DH_VALUE(objp))->big_value_len, 8) +
609 3 * sizeof (uint64_t));
610
611 case CKK_X9_42_DH:
612 /*
613 * prime_len + prime + base_len + base +
614 * subprime_len + subprime + value_len + value
615 */
616 return (ROUNDUP(((biginteger_t *)
617 OBJ_PUB_DH942_PRIME(objp))->big_value_len, 8) +
618 ROUNDUP(((biginteger_t *)
619 OBJ_PUB_DH942_BASE(objp))->big_value_len, 8) +
620 ROUNDUP(((biginteger_t *)
621 OBJ_PUB_DH942_SUBPRIME(objp))->big_value_len, 8) +
622 ROUNDUP(((biginteger_t *)
623 OBJ_PUB_DH942_VALUE(objp))->big_value_len, 8) +
624 4 * sizeof (uint64_t));
625 } /* keytype */
626
627 break;
628
629 case CKO_PRIVATE_KEY:
630 switch (keytype) {
631 case CKK_RSA:
632 /*
633 * modulus_len + modulus + pubexpo_len + pubexpo +
634 * priexpo_len + priexpo + prime1_len + prime1 +
635 * prime2_len + prime2 + expo1_len + expo1 +
636 * expo2_len + expo2 + coef_len + coef
637 */
638 return (ROUNDUP(((biginteger_t *)
639 OBJ_PRI_RSA_MOD(objp))->big_value_len, 8) +
640 ROUNDUP(((biginteger_t *)
641 OBJ_PRI_RSA_PUBEXPO(objp))->big_value_len, 8) +
642 ROUNDUP(((biginteger_t *)
643 OBJ_PRI_RSA_PRIEXPO(objp))->big_value_len, 8) +
644 ROUNDUP(((biginteger_t *)
645 OBJ_PRI_RSA_PRIME1(objp))->big_value_len, 8) +
646 ROUNDUP(((biginteger_t *)
647 OBJ_PRI_RSA_PRIME2(objp))->big_value_len, 8) +
648 ROUNDUP(((biginteger_t *)
649 OBJ_PRI_RSA_EXPO1(objp))->big_value_len, 8) +
650 ROUNDUP(((biginteger_t *)
651 OBJ_PRI_RSA_EXPO2(objp))->big_value_len, 8) +
652 ROUNDUP(((biginteger_t *)
653 OBJ_PRI_RSA_COEF(objp))->big_value_len, 8) +
654 8 * sizeof (uint64_t));
655
656 case CKK_DSA:
657 /*
658 * prime_len + prime + subprime_len + subprime +
659 * base_len + base + value_len + value
660 */
661 return (ROUNDUP(((biginteger_t *)
662 OBJ_PRI_DSA_PRIME(objp))->big_value_len, 8) +
663 ROUNDUP(((biginteger_t *)
664 OBJ_PRI_DSA_SUBPRIME(objp))->big_value_len, 8) +
665 ROUNDUP(((biginteger_t *)
666 OBJ_PRI_DSA_BASE(objp))->big_value_len, 8) +
667 ROUNDUP(((biginteger_t *)
668 OBJ_PRI_DSA_VALUE(objp))->big_value_len, 8) +
669 4 * sizeof (uint64_t));
670
671 case CKK_DH:
672 /*
673 * value_bits + prime_len + prime + base_len + base +
674 * value_len + value
675 */
676 return (ROUNDUP(((biginteger_t *)
677 OBJ_PRI_DH_PRIME(objp))->big_value_len, 8) +
678 ROUNDUP(((biginteger_t *)
679 OBJ_PRI_DH_BASE(objp))->big_value_len, 8) +
680 ROUNDUP(((biginteger_t *)
681 OBJ_PRI_DH_VALUE(objp))->big_value_len, 8) +
682 4 * sizeof (uint64_t));
683
684 case CKK_EC:
685 /*
686 * value_len + value
687 */
688 return (ROUNDUP(((biginteger_t *)
689 OBJ_PRI_EC_VALUE(objp))->big_value_len, 8) +
690 sizeof (uint64_t));
691
692 case CKK_X9_42_DH:
693 /*
694 * prime_len + prime + base_len + base +
695 * subprime_len + subprime + value_len + value
696 */
697 return (ROUNDUP(((biginteger_t *)
698 OBJ_PRI_DH942_PRIME(objp))->big_value_len, 8) +
699 ROUNDUP(((biginteger_t *)
700 OBJ_PRI_DH942_BASE(objp))->big_value_len, 8) +
701 ROUNDUP(((biginteger_t *)
702 OBJ_PRI_DH942_SUBPRIME(objp))->big_value_len, 8) +
703 ROUNDUP(((biginteger_t *)
704 OBJ_PRI_DH942_VALUE(objp))->big_value_len, 8) +
705 4 * sizeof (uint64_t));
706
707 } /* keytype */
708
709 break;
710
711 case CKO_SECRET_KEY:
712 /*
713 * value_len + value
714 */
715 return (ROUNDUP(OBJ_SEC_VALUE_LEN(objp), 8) +
716 sizeof (uint64_t));
717
718 case CKO_CERTIFICATE:
719 switch (certtype) {
720 case CKC_X_509:
721 /*
722 * subject_len + subject + value_len + value
723 */
724 return (ROUNDUP(((cert_attr_t *)
725 X509_CERT_SUBJECT(objp))->length, 8) +
726 ROUNDUP(((cert_attr_t *)
727 X509_CERT_VALUE(objp))->length, 8) +
728 2 * sizeof (uint64_t));
729
730 case CKC_X_509_ATTR_CERT:
731 /*
732 * owner_len + owner + value_len + value
733 */
734 return (ROUNDUP(((cert_attr_t *)
735 X509_ATTR_CERT_OWNER(objp))->length, 8) +
736 ROUNDUP(((cert_attr_t *)
737 X509_ATTR_CERT_VALUE(objp))->length, 8) +
738 2 * sizeof (uint64_t));
739 }
740 return (0);
741
742 case CKO_DOMAIN_PARAMETERS:
743
744 return (0);
745 }
746 return (0);
747 }
748
749 /*
750 * Pack the object key (the third part) from the soft_object_t
751 * into the keystore format.
752 */
753 CK_RV
754 soft_pack_object(soft_object_t *objp, uchar_t *buf)
755 {
756
757 CK_OBJECT_CLASS class = objp->class;
758 CK_KEY_TYPE keytype = objp->key_type;
759 CK_CERTIFICATE_TYPE certtype = objp->cert_type;
760 uint64_t tmp_val;
761
762 switch (class) {
763 case CKO_PUBLIC_KEY:
764 switch (keytype) {
765 case CKK_RSA:
766 /* modulus_bits */
767 tmp_val = SWAP64((uint64_t)OBJ_PUB_RSA_MOD_BITS(objp));
768 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
769 buf = buf + sizeof (uint64_t);
770
771 /* modulus_len + modulus */
772 tmp_val = SWAP64((uint64_t)(((biginteger_t *)
773 OBJ_PUB_RSA_MOD(objp))->big_value_len));
774 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
775 buf = buf + sizeof (uint64_t);
776
777 (void) memcpy(buf, (char *)(((biginteger_t *)
778 OBJ_PUB_RSA_MOD(objp))->big_value),
779 ((biginteger_t *)
780 OBJ_PUB_RSA_MOD(objp))->big_value_len);
781 buf = buf + ROUNDUP(((biginteger_t *)
782 OBJ_PUB_RSA_MOD(objp))->big_value_len, 8);
783
784 /* pubexpo_len + pubexpo */
785 tmp_val = SWAP64((uint64_t)((biginteger_t *)
786 OBJ_PUB_RSA_PUBEXPO(objp))->big_value_len);
787 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
788 buf = buf + sizeof (uint64_t);
789
790 (void) memcpy(buf, (char *)(((biginteger_t *)
791 OBJ_PUB_RSA_PUBEXPO(objp))->big_value),
792 ((biginteger_t *)
793 OBJ_PUB_RSA_PUBEXPO(objp))->big_value_len);
794 break;
795
796 case CKK_DSA:
797 /* prime_len + prime */
798 tmp_val = SWAP64((uint64_t)((biginteger_t *)
799 OBJ_PUB_DSA_PRIME(objp))->big_value_len);
800 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
801 buf = buf + sizeof (uint64_t);
802
803 (void) memcpy(buf, (char *)((biginteger_t *)
804 OBJ_PUB_DSA_PRIME(objp))->big_value,
805 ((biginteger_t *)
806 OBJ_PUB_DSA_PRIME(objp))->big_value_len);
807 buf = buf + ROUNDUP(((biginteger_t *)
808 OBJ_PUB_DSA_PRIME(objp))->big_value_len, 8);
809
810 /* subprime_len + subprime */
811 tmp_val = SWAP64((uint64_t)((biginteger_t *)
812 OBJ_PUB_DSA_SUBPRIME(objp))->big_value_len);
813 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
814 buf = buf + sizeof (uint64_t);
815
816 (void) memcpy(buf, (char *)((biginteger_t *)
817 OBJ_PUB_DSA_SUBPRIME(objp))->big_value,
818 ((biginteger_t *)
819 OBJ_PUB_DSA_SUBPRIME(objp))->big_value_len);
820 buf = buf + ROUNDUP(((biginteger_t *)
821 OBJ_PUB_DSA_SUBPRIME(objp))->big_value_len, 8);
822
823 /* base_len + base */
824 tmp_val = SWAP64((uint64_t)((biginteger_t *)
825 OBJ_PUB_DSA_BASE(objp))->big_value_len);
826 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
827 buf = buf + sizeof (uint64_t);
828
829 (void) memcpy(buf, (char *)((biginteger_t *)
830 OBJ_PUB_DSA_BASE(objp))->big_value,
831 ((biginteger_t *)
832 OBJ_PUB_DSA_BASE(objp))->big_value_len);
833 buf = buf + ROUNDUP(((biginteger_t *)
834 OBJ_PUB_DSA_BASE(objp))->big_value_len, 8);
835
836 /* value_len + value */
837 tmp_val = SWAP64((uint64_t)((biginteger_t *)
838 OBJ_PUB_DSA_VALUE(objp))->big_value_len);
839 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
840 buf = buf + sizeof (uint64_t);
841
842 (void) memcpy(buf, (char *)((biginteger_t *)
843 OBJ_PUB_DSA_VALUE(objp))->big_value,
844 ((biginteger_t *)
845 OBJ_PUB_DSA_VALUE(objp))->big_value_len);
846
847 break;
848 case CKK_EC:
849 /* point_len + point */
850 tmp_val = SWAP64((uint64_t)((biginteger_t *)
851 OBJ_PUB_EC_POINT(objp))->big_value_len);
852 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
853 buf = buf + sizeof (uint64_t);
854
855 (void) memcpy(buf, (char *)((biginteger_t *)
856 OBJ_PUB_EC_POINT(objp))->big_value,
857 ((biginteger_t *)
858 OBJ_PUB_EC_POINT(objp))->big_value_len);
859 break;
860
861 case CKK_DH:
862 /* prime_len + prime */
863 tmp_val = SWAP64((uint64_t)((biginteger_t *)
864 OBJ_PUB_DH_PRIME(objp))->big_value_len);
865 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
866 buf = buf + sizeof (uint64_t);
867
868 (void) memcpy(buf, (char *)((biginteger_t *)
869 OBJ_PUB_DH_PRIME(objp))->big_value,
870 ((biginteger_t *)
871 OBJ_PUB_DH_PRIME(objp))->big_value_len);
872 buf = buf + ROUNDUP(((biginteger_t *)
873 OBJ_PUB_DH_PRIME(objp))->big_value_len, 8);
874
875 /* base_len + base */
876 tmp_val = SWAP64((uint64_t)((biginteger_t *)
877 OBJ_PUB_DH_BASE(objp))->big_value_len);
878 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
879 buf = buf + sizeof (uint64_t);
880
881 (void) memcpy(buf, (char *)((biginteger_t *)
882 OBJ_PUB_DH_BASE(objp))->big_value,
883 ((biginteger_t *)
884 OBJ_PUB_DH_BASE(objp))->big_value_len);
885 buf = buf + ROUNDUP(((biginteger_t *)
886 OBJ_PUB_DH_BASE(objp))->big_value_len, 8);
887
888 /* value_len + value */
889 tmp_val = SWAP64((uint64_t)((biginteger_t *)
890 OBJ_PUB_DH_VALUE(objp))->big_value_len);
891 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
892 buf = buf + sizeof (uint64_t);
893
894 (void) memcpy(buf, (char *)((biginteger_t *)
895 OBJ_PUB_DH_VALUE(objp))->big_value,
896 ((biginteger_t *)
897 OBJ_PUB_DH_VALUE(objp))->big_value_len);
898
899 break;
900
901 case CKK_X9_42_DH:
902 /* prime_len + prime */
903 tmp_val = SWAP64((uint64_t)((biginteger_t *)
904 OBJ_PUB_DH942_PRIME(objp))->big_value_len);
905 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
906 buf = buf + sizeof (uint64_t);
907
908 (void) memcpy(buf, (char *)((biginteger_t *)
909 OBJ_PUB_DH942_PRIME(objp))->big_value,
910 ((biginteger_t *)
911 OBJ_PUB_DH942_PRIME(objp))->big_value_len);
912 buf = buf + ROUNDUP(((biginteger_t *)
913 OBJ_PUB_DH942_PRIME(objp))->big_value_len, 8);
914
915 /* base_len + base */
916 tmp_val = SWAP64((uint64_t)((biginteger_t *)
917 OBJ_PUB_DH942_BASE(objp))->big_value_len);
918 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
919 buf = buf + sizeof (uint64_t);
920
921 (void) memcpy(buf, (char *)((biginteger_t *)
922 OBJ_PUB_DH942_BASE(objp))->big_value,
923 ((biginteger_t *)
924 OBJ_PUB_DH942_BASE(objp))->big_value_len);
925 buf = buf + ROUNDUP(((biginteger_t *)
926 OBJ_PUB_DH942_BASE(objp))->big_value_len, 8);
927
928 /* subprime_len + subprime */
929 tmp_val = SWAP64((uint64_t)((biginteger_t *)
930 OBJ_PUB_DH942_SUBPRIME(objp))->big_value_len);
931 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
932 buf = buf + sizeof (uint64_t);
933
934 (void) memcpy(buf, (char *)((biginteger_t *)
935 OBJ_PUB_DH942_SUBPRIME(objp))->big_value,
936 ((biginteger_t *)
937 OBJ_PUB_DH942_SUBPRIME(objp))->big_value_len);
938 buf = buf + ROUNDUP(((biginteger_t *)
939 OBJ_PUB_DH942_SUBPRIME(objp))->big_value_len, 8);
940
941 /* value_len + value */
942 tmp_val = SWAP64((uint64_t)((biginteger_t *)
943 OBJ_PUB_DH942_VALUE(objp))->big_value_len);
944 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
945 buf = buf + sizeof (uint64_t);
946
947 (void) memcpy(buf, (char *)((biginteger_t *)
948 OBJ_PUB_DH942_VALUE(objp))->big_value,
949 ((biginteger_t *)
950 OBJ_PUB_DH942_VALUE(objp))->big_value_len);
951
952 break;
953 } /* keytype */
954
955 break;
956
957 case CKO_PRIVATE_KEY:
958 switch (keytype) {
959 case CKK_RSA:
960 /* modulus_len + modulus */
961 tmp_val = SWAP64((uint64_t)((biginteger_t *)
962 OBJ_PRI_RSA_MOD(objp))->big_value_len);
963 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
964 buf = buf + sizeof (uint64_t);
965
966 (void) memcpy(buf, (char *)((biginteger_t *)
967 OBJ_PRI_RSA_MOD(objp))->big_value,
968 ((biginteger_t *)
969 OBJ_PRI_RSA_MOD(objp))->big_value_len);
970 buf = buf + ROUNDUP(((biginteger_t *)
971 OBJ_PRI_RSA_MOD(objp))->big_value_len, 8);
972
973 /* pubexpo_len + pubexpo */
974 tmp_val = SWAP64((uint64_t)((biginteger_t *)
975 OBJ_PRI_RSA_PUBEXPO(objp))->big_value_len);
976 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
977 buf = buf + sizeof (uint64_t);
978
979 (void) memcpy(buf, (char *)((biginteger_t *)
980 OBJ_PRI_RSA_PUBEXPO(objp))->big_value,
981 ((biginteger_t *)
982 OBJ_PRI_RSA_PUBEXPO(objp))->big_value_len);
983 buf = buf + ROUNDUP(((biginteger_t *)
984 OBJ_PRI_RSA_PUBEXPO(objp))->big_value_len, 8);
985
986 /* priexpo_len + priexpo */
987 tmp_val = SWAP64((uint64_t)((biginteger_t *)
988 OBJ_PRI_RSA_PRIEXPO(objp))->big_value_len);
989 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
990 buf = buf + sizeof (uint64_t);
991
992 (void) memcpy(buf, (char *)((biginteger_t *)
993 OBJ_PRI_RSA_PRIEXPO(objp))->big_value,
994 ((biginteger_t *)
995 OBJ_PRI_RSA_PRIEXPO(objp))->big_value_len);
996 buf = buf + ROUNDUP(((biginteger_t *)
997 OBJ_PRI_RSA_PRIEXPO(objp))->big_value_len, 8);
998
999 /* prime1_len + prime1 */
1000 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1001 OBJ_PRI_RSA_PRIME1(objp))->big_value_len);
1002 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1003 buf = buf + sizeof (uint64_t);
1004
1005 (void) memcpy(buf, (char *)((biginteger_t *)
1006 OBJ_PRI_RSA_PRIME1(objp))->big_value,
1007 ((biginteger_t *)
1008 OBJ_PRI_RSA_PRIME1(objp))->big_value_len);
1009 buf = buf + ROUNDUP(((biginteger_t *)
1010 OBJ_PRI_RSA_PRIME1(objp))->big_value_len, 8);
1011
1012 /* prime2_len + prime2 */
1013 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1014 OBJ_PRI_RSA_PRIME2(objp))->big_value_len);
1015 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1016 buf = buf + sizeof (uint64_t);
1017
1018 (void) memcpy(buf, (char *)((biginteger_t *)
1019 OBJ_PRI_RSA_PRIME2(objp))->big_value,
1020 ((biginteger_t *)
1021 OBJ_PRI_RSA_PRIME2(objp))->big_value_len);
1022 buf = buf + ROUNDUP(((biginteger_t *)
1023 OBJ_PRI_RSA_PRIME2(objp))->big_value_len, 8);
1024
1025 /* expo1_len + expo1 */
1026 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1027 OBJ_PRI_RSA_EXPO1(objp))->big_value_len);
1028 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1029 buf = buf + sizeof (uint64_t);
1030
1031 (void) memcpy(buf, (char *)((biginteger_t *)
1032 OBJ_PRI_RSA_EXPO1(objp))->big_value,
1033 ((biginteger_t *)
1034 OBJ_PRI_RSA_EXPO1(objp))->big_value_len);
1035 buf = buf + ROUNDUP(((biginteger_t *)
1036 OBJ_PRI_RSA_EXPO1(objp))->big_value_len, 8);
1037
1038 /* expo2_len + expo2 */
1039 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1040 OBJ_PRI_RSA_EXPO2(objp))->big_value_len);
1041 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1042 buf = buf + sizeof (uint64_t);
1043
1044 (void) memcpy(buf, (char *)((biginteger_t *)
1045 OBJ_PRI_RSA_EXPO2(objp))->big_value,
1046 ((biginteger_t *)
1047 OBJ_PRI_RSA_EXPO2(objp))->big_value_len);
1048 buf = buf + ROUNDUP(((biginteger_t *)
1049 OBJ_PRI_RSA_EXPO2(objp))->big_value_len, 8);
1050
1051 /* coef_len + coef */
1052 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1053 OBJ_PRI_RSA_COEF(objp))->big_value_len);
1054 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1055 buf = buf + sizeof (uint64_t);
1056
1057 (void) memcpy(buf, (char *)((biginteger_t *)
1058 OBJ_PRI_RSA_COEF(objp))->big_value,
1059 ((biginteger_t *)
1060 OBJ_PRI_RSA_COEF(objp))->big_value_len);
1061 buf = buf + ROUNDUP(((biginteger_t *)
1062 OBJ_PRI_RSA_COEF(objp))->big_value_len, 8);
1063
1064 break;
1065
1066 case CKK_DSA:
1067 /* prime_len + prime */
1068 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1069 OBJ_PRI_DSA_PRIME(objp))->big_value_len);
1070 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1071 buf = buf + sizeof (uint64_t);
1072
1073 (void) memcpy(buf, (char *)((biginteger_t *)
1074 OBJ_PRI_DSA_PRIME(objp))->big_value,
1075 ((biginteger_t *)
1076 OBJ_PRI_DSA_PRIME(objp))->big_value_len);
1077 buf = buf + ROUNDUP(((biginteger_t *)
1078 OBJ_PRI_DSA_PRIME(objp))->big_value_len, 8);
1079
1080 /* subprime_len + subprime */
1081 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1082 OBJ_PRI_DSA_SUBPRIME(objp))->big_value_len);
1083 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1084 buf = buf + sizeof (uint64_t);
1085
1086 (void) memcpy(buf, (char *)((biginteger_t *)
1087 OBJ_PRI_DSA_SUBPRIME(objp))->big_value,
1088 ((biginteger_t *)
1089 OBJ_PRI_DSA_SUBPRIME(objp))->big_value_len);
1090 buf = buf + ROUNDUP(((biginteger_t *)
1091 OBJ_PRI_DSA_SUBPRIME(objp))->big_value_len, 8);
1092
1093 /* base_len + base */
1094 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1095 OBJ_PRI_DSA_BASE(objp))->big_value_len);
1096 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1097 buf = buf + sizeof (uint64_t);
1098
1099 (void) memcpy(buf, (char *)((biginteger_t *)
1100 OBJ_PRI_DSA_BASE(objp))->big_value,
1101 ((biginteger_t *)
1102 OBJ_PRI_DSA_BASE(objp))->big_value_len);
1103 buf = buf + ROUNDUP(((biginteger_t *)
1104 OBJ_PRI_DSA_BASE(objp))->big_value_len, 8);
1105
1106 /* value_len + value */
1107 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1108 OBJ_PRI_DSA_VALUE(objp))->big_value_len);
1109 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1110 buf = buf + sizeof (uint64_t);
1111
1112 (void) memcpy(buf, (char *)((biginteger_t *)
1113 OBJ_PRI_DSA_VALUE(objp))->big_value,
1114 ((biginteger_t *)
1115 OBJ_PRI_DSA_VALUE(objp))->big_value_len);
1116
1117 break;
1118 case CKK_EC:
1119 /* value_len + value */
1120 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1121 OBJ_PRI_EC_VALUE(objp))->big_value_len);
1122 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1123 buf = buf + sizeof (uint64_t);
1124
1125 (void) memcpy(buf, (char *)((biginteger_t *)
1126 OBJ_PRI_EC_VALUE(objp))->big_value,
1127 ((biginteger_t *)
1128 OBJ_PRI_EC_VALUE(objp))->big_value_len);
1129 break;
1130
1131 case CKK_DH:
1132 /* value_bits */
1133 tmp_val = SWAP64((uint64_t)OBJ_PRI_DH_VAL_BITS(objp));
1134 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1135 buf = buf + sizeof (uint64_t);
1136
1137 /* prime_len + prime */
1138 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1139 OBJ_PRI_DH_PRIME(objp))->big_value_len);
1140 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1141 buf = buf + sizeof (uint64_t);
1142
1143 (void) memcpy(buf, (char *)((biginteger_t *)
1144 OBJ_PRI_DH_PRIME(objp))->big_value,
1145 ((biginteger_t *)
1146 OBJ_PRI_DH_PRIME(objp))->big_value_len);
1147 buf = buf + ROUNDUP(((biginteger_t *)
1148 OBJ_PRI_DH_PRIME(objp))->big_value_len, 8);
1149
1150 /* base_len + base */
1151 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1152 OBJ_PRI_DH_BASE(objp))->big_value_len);
1153 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1154 buf = buf + sizeof (uint64_t);
1155
1156 (void) memcpy(buf, (char *)((biginteger_t *)
1157 OBJ_PRI_DH_BASE(objp))->big_value,
1158 ((biginteger_t *)
1159 OBJ_PRI_DH_BASE(objp))->big_value_len);
1160 buf = buf + ROUNDUP(((biginteger_t *)
1161 OBJ_PRI_DH_BASE(objp))->big_value_len, 8);
1162
1163 /* value_len + value */
1164 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1165 OBJ_PRI_DH_VALUE(objp))->big_value_len);
1166 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1167 buf = buf + sizeof (uint64_t);
1168
1169 (void) memcpy(buf, (char *)((biginteger_t *)
1170 OBJ_PRI_DH_VALUE(objp))->big_value,
1171 ((biginteger_t *)
1172 OBJ_PRI_DH_VALUE(objp))->big_value_len);
1173
1174 break;
1175
1176 case CKK_X9_42_DH:
1177 /* prime_len + prime */
1178 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1179 OBJ_PRI_DH942_PRIME(objp))->big_value_len);
1180 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1181 buf = buf + sizeof (uint64_t);
1182
1183 (void) memcpy(buf, (char *)((biginteger_t *)
1184 OBJ_PRI_DH942_PRIME(objp))->big_value,
1185 ((biginteger_t *)
1186 OBJ_PRI_DH942_PRIME(objp))->big_value_len);
1187 buf = buf + ROUNDUP(((biginteger_t *)
1188 OBJ_PRI_DH942_PRIME(objp))->big_value_len, 8);
1189
1190 /* base_len + base */
1191 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1192 OBJ_PRI_DH942_BASE(objp))->big_value_len);
1193 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1194 buf = buf + sizeof (uint64_t);
1195
1196 (void) memcpy(buf, (char *)((biginteger_t *)
1197 OBJ_PRI_DH942_BASE(objp))->big_value,
1198 ((biginteger_t *)
1199 OBJ_PRI_DH942_BASE(objp))->big_value_len);
1200 buf = buf + ROUNDUP(((biginteger_t *)
1201 OBJ_PRI_DH942_BASE(objp))->big_value_len, 8);
1202
1203 /* subprime_len + subprime */
1204 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1205 OBJ_PRI_DH942_SUBPRIME(objp))->big_value_len);
1206 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1207 buf = buf + sizeof (uint64_t);
1208
1209 (void) memcpy(buf, (char *)((biginteger_t *)
1210 OBJ_PRI_DH942_SUBPRIME(objp))->big_value,
1211 ((biginteger_t *)
1212 OBJ_PRI_DH942_SUBPRIME(objp))->big_value_len);
1213 buf = buf + ROUNDUP(((biginteger_t *)
1214 OBJ_PRI_DH942_SUBPRIME(objp))->big_value_len, 8);
1215
1216 /* value_len + value */
1217 tmp_val = SWAP64((uint64_t)((biginteger_t *)
1218 OBJ_PRI_DH942_VALUE(objp))->big_value_len);
1219 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1220 buf = buf + sizeof (uint64_t);
1221
1222 (void) memcpy(buf, (char *)((biginteger_t *)
1223 OBJ_PRI_DH942_VALUE(objp))->big_value,
1224 ((biginteger_t *)
1225 OBJ_PRI_DH942_VALUE(objp))->big_value_len);
1226
1227 break;
1228
1229 } /* keytype */
1230
1231 break;
1232
1233 case CKO_SECRET_KEY:
1234 /* value_len + value */
1235 tmp_val = SWAP64((uint64_t)OBJ_SEC_VALUE_LEN(objp));
1236 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1237 buf = buf + sizeof (uint64_t);
1238
1239 if (OBJ_SEC_VALUE_LEN(objp) > 0) {
1240 (void) memcpy(buf, (char *)OBJ_SEC_VALUE(objp),
1241 OBJ_SEC_VALUE_LEN(objp));
1242 buf = buf + ROUNDUP(OBJ_SEC_VALUE_LEN(objp), 8);
1243 }
1244
1245 break;
1246
1247 case CKO_CERTIFICATE:
1248
1249 switch (certtype) {
1250 case CKC_X_509:
1251 /* subject_len + subject */
1252 tmp_val = SWAP64((uint64_t)(((cert_attr_t *)
1253 X509_CERT_SUBJECT(objp))->length));
1254 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1255 buf = buf + sizeof (uint64_t);
1256
1257 (void) memcpy(buf, (char *)((cert_attr_t *)
1258 X509_CERT_SUBJECT(objp))->value,
1259 ((cert_attr_t *)
1260 X509_CERT_SUBJECT(objp))->length);
1261 buf = buf + ROUNDUP(((cert_attr_t *)
1262 X509_CERT_SUBJECT(objp))->length, 8);
1263
1264 /* value_len + value */
1265 tmp_val = SWAP64((uint64_t)(((cert_attr_t *)
1266 X509_CERT_VALUE(objp))->length));
1267 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1268 buf = buf + sizeof (uint64_t);
1269
1270 (void) memcpy(buf, (char *)((cert_attr_t *)
1271 X509_CERT_VALUE(objp))->value,
1272 ((cert_attr_t *)
1273 X509_CERT_VALUE(objp))->length);
1274 break;
1275
1276 case CKC_X_509_ATTR_CERT:
1277 /* owner_len + owner */
1278 tmp_val = SWAP64((uint64_t)(((cert_attr_t *)
1279 X509_ATTR_CERT_OWNER(objp))->length));
1280 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1281 buf = buf + sizeof (uint64_t);
1282
1283 (void) memcpy(buf, (char *)((cert_attr_t *)
1284 X509_ATTR_CERT_OWNER(objp))->value,
1285 ((cert_attr_t *)
1286 X509_ATTR_CERT_OWNER(objp))->length);
1287 buf = buf + ROUNDUP(((cert_attr_t *)
1288 X509_ATTR_CERT_OWNER(objp))->length, 8);
1289
1290 /* value_len + value */
1291 tmp_val = SWAP64((uint64_t)(((cert_attr_t *)
1292 X509_ATTR_CERT_VALUE(objp))->length));
1293 (void) memcpy(buf, (char *)&tmp_val, sizeof (uint64_t));
1294 buf = buf + sizeof (uint64_t);
1295
1296 (void) memcpy(buf, (char *)((cert_attr_t *)
1297 X509_ATTR_CERT_VALUE(objp))->value,
1298 ((cert_attr_t *)
1299 X509_ATTR_CERT_VALUE(objp))->length);
1300 break;
1301 }
1302 break;
1303
1304 case CKO_DOMAIN_PARAMETERS:
1305
1306 return (0);
1307 }
1308 return (CKR_OK);
1309 }
1310
1311 /*
1312 * Unpack the object key in keystore format (the third part)
1313 * into soft_object_t.
1314 */
1315 CK_RV
1316 soft_unpack_object(soft_object_t *objp, uchar_t *buf)
1317 {
1318
1319 public_key_obj_t *pbk;
1320 private_key_obj_t *pvk;
1321 secret_key_obj_t *sck;
1322 certificate_obj_t *cert;
1323 CK_OBJECT_CLASS class = objp->class;
1324 CK_KEY_TYPE keytype = objp->key_type;
1325 CK_CERTIFICATE_TYPE certtype = objp->cert_type;
1326
1327 biginteger_t modulus;
1328 biginteger_t pubexpo;
1329 biginteger_t prime;
1330 biginteger_t subprime;
1331 biginteger_t base;
1332 biginteger_t value;
1333
1334 biginteger_t priexpo;
1335 biginteger_t prime1;
1336 biginteger_t prime2;
1337 biginteger_t expo1;
1338 biginteger_t expo2;
1339 biginteger_t coef;
1340 CK_RV rv = CKR_OK;
1341 ulong_t offset = 0;
1342 uint64_t tmp_val;
1343
1344 /* prevent bigint_attr_cleanup from freeing invalid attr value */
1345 (void) memset(&modulus, 0x0, sizeof (biginteger_t));
1346 (void) memset(&pubexpo, 0x0, sizeof (biginteger_t));
1347 (void) memset(&prime, 0x0, sizeof (biginteger_t));
1348 (void) memset(&subprime, 0x0, sizeof (biginteger_t));
1349 (void) memset(&base, 0x0, sizeof (biginteger_t));
1350 (void) memset(&value, 0x0, sizeof (biginteger_t));
1351
1352 (void) memset(&priexpo, 0x0, sizeof (biginteger_t));
1353 (void) memset(&prime1, 0x0, sizeof (biginteger_t));
1354 (void) memset(&prime2, 0x0, sizeof (biginteger_t));
1355 (void) memset(&expo1, 0x0, sizeof (biginteger_t));
1356 (void) memset(&expo2, 0x0, sizeof (biginteger_t));
1357 (void) memset(&coef, 0x0, sizeof (biginteger_t));
1358
1359 switch (class) {
1360
1361 case CKO_PUBLIC_KEY:
1362 /* Allocate storage for Public Key Object. */
1363 pbk = calloc(1, sizeof (public_key_obj_t));
1364 if (pbk == NULL) {
1365 rv = CKR_HOST_MEMORY;
1366 return (rv);
1367 }
1368
1369 objp->object_class_u.public_key = pbk;
1370
1371 switch (keytype) {
1372 case CKK_RSA: /* modulus_bits */
1373 (void) memcpy(&tmp_val, buf, sizeof (uint64_t));
1374 KEY_PUB_RSA_MOD_BITS(pbk) = (CK_ULONG)(SWAP64(tmp_val));
1375 buf = buf + sizeof (uint64_t);
1376
1377 /* modulus */
1378 if ((rv = soft_unpack_obj_attribute(buf, &modulus,
1379 NULL, &offset, B_FALSE)) != CKR_OK)
1380 goto pub_cleanup;
1381
1382 copy_bigint_attr(&modulus, KEY_PUB_RSA_MOD(pbk));
1383
1384 buf += ROUNDUP(offset, 8);
1385
1386 /* pubexpo */
1387 if ((rv = soft_unpack_obj_attribute(buf, &pubexpo,
1388 NULL, &offset, B_FALSE)) != CKR_OK)
1389 goto pub_cleanup;
1390
1391 copy_bigint_attr(&pubexpo, KEY_PUB_RSA_PUBEXPO(pbk));
1392
1393 break;
1394
1395 case CKK_DSA:
1396 /* prime */
1397 if ((rv = soft_unpack_obj_attribute(buf, &prime,
1398 NULL, &offset, B_FALSE)) != CKR_OK)
1399 goto pub_cleanup;
1400
1401 copy_bigint_attr(&prime, KEY_PUB_DSA_PRIME(pbk));
1402
1403 buf += ROUNDUP(offset, 8);
1404
1405 /* subprime */
1406 if ((rv = soft_unpack_obj_attribute(buf, &subprime,
1407 NULL, &offset, B_FALSE)) != CKR_OK)
1408 goto pub_cleanup;
1409
1410 copy_bigint_attr(&subprime, KEY_PUB_DSA_SUBPRIME(pbk));
1411
1412 buf += ROUNDUP(offset, 8);
1413
1414 /* base */
1415 if ((rv = soft_unpack_obj_attribute(buf, &base,
1416 NULL, &offset, B_FALSE)) != CKR_OK)
1417 goto pub_cleanup;
1418
1419 copy_bigint_attr(&base, KEY_PUB_DSA_BASE(pbk));
1420
1421 buf += ROUNDUP(offset, 8);
1422
1423 /* value */
1424 if ((rv = soft_unpack_obj_attribute(buf, &value,
1425 NULL, &offset, B_FALSE)) != CKR_OK)
1426 goto pub_cleanup;
1427
1428 copy_bigint_attr(&value, KEY_PUB_DSA_VALUE(pbk));
1429
1430 break;
1431
1432 case CKK_DH:
1433 /* prime */
1434 if ((rv = soft_unpack_obj_attribute(buf, &prime,
1435 NULL, &offset, B_FALSE)) != CKR_OK)
1436 goto pub_cleanup;
1437
1438 copy_bigint_attr(&prime, KEY_PUB_DH_PRIME(pbk));
1439
1440 buf += ROUNDUP(offset, 8);
1441
1442 /* base */
1443 if ((rv = soft_unpack_obj_attribute(buf, &base,
1444 NULL, &offset, B_FALSE)) != CKR_OK)
1445 goto pub_cleanup;
1446
1447 copy_bigint_attr(&base, KEY_PUB_DH_BASE(pbk));
1448
1449 buf += ROUNDUP(offset, 8);
1450
1451 /* value */
1452 if ((rv = soft_unpack_obj_attribute(buf, &value,
1453 NULL, &offset, B_FALSE)) != CKR_OK)
1454 goto pub_cleanup;
1455
1456 copy_bigint_attr(&value, KEY_PUB_DH_VALUE(pbk));
1457
1458 break;
1459
1460 case CKK_EC:
1461 /* ec_point */
1462 if ((rv = soft_unpack_obj_attribute(buf, &value,
1463 NULL, &offset, B_FALSE)) != CKR_OK)
1464 goto pri_cleanup;
1465
1466 copy_bigint_attr(&value, KEY_PUB_EC_POINT(pbk));
1467 break;
1468
1469 case CKK_X9_42_DH:
1470 /* prime */
1471 if ((rv = soft_unpack_obj_attribute(buf, &prime,
1472 NULL, &offset, B_FALSE)) != CKR_OK)
1473 goto pub_cleanup;
1474
1475 copy_bigint_attr(&prime, KEY_PUB_DH942_PRIME(pbk));
1476
1477 buf += ROUNDUP(offset, 8);
1478
1479 /* base */
1480 if ((rv = soft_unpack_obj_attribute(buf, &base,
1481 NULL, &offset, B_FALSE)) != CKR_OK)
1482 goto pub_cleanup;
1483
1484 copy_bigint_attr(&base, KEY_PUB_DH942_BASE(pbk));
1485
1486 buf += ROUNDUP(offset, 8);
1487
1488 /* subprime */
1489 if ((rv = soft_unpack_obj_attribute(buf, &subprime,
1490 NULL, &offset, B_FALSE)) != CKR_OK)
1491 goto pub_cleanup;
1492
1493 copy_bigint_attr(&subprime,
1494 KEY_PUB_DH942_SUBPRIME(pbk));
1495
1496 buf += ROUNDUP(offset, 8);
1497
1498 /* value */
1499 if ((rv = soft_unpack_obj_attribute(buf, &value,
1500 NULL, &offset, B_FALSE)) != CKR_OK)
1501 goto pub_cleanup;
1502
1503 copy_bigint_attr(&value, KEY_PUB_DH942_VALUE(pbk));
1504
1505 break;
1506 } /* keytype */
1507
1508 break;
1509
1510 case CKO_PRIVATE_KEY:
1511 /* Allocate storage for Private Key Object. */
1512 pvk = calloc(1, sizeof (private_key_obj_t));
1513 if (pvk == NULL) {
1514 rv = CKR_HOST_MEMORY;
1515 return (rv);
1516 }
1517
1518 objp->object_class_u.private_key = pvk;
1519
1520 switch (keytype) {
1521 case CKK_RSA:
1522 /* modulus */
1523 if ((rv = soft_unpack_obj_attribute(buf, &modulus,
1524 NULL, &offset, B_FALSE)) != CKR_OK)
1525 goto pri_cleanup;
1526
1527 copy_bigint_attr(&modulus, KEY_PRI_RSA_MOD(pvk));
1528
1529 buf += ROUNDUP(offset, 8);
1530
1531 /* pubexpo */
1532 if ((rv = soft_unpack_obj_attribute(buf, &pubexpo,
1533 NULL, &offset, B_FALSE)) != CKR_OK)
1534 goto pri_cleanup;
1535
1536 copy_bigint_attr(&pubexpo, KEY_PRI_RSA_PUBEXPO(pvk));
1537
1538 buf += ROUNDUP(offset, 8);
1539
1540 /* priexpo */
1541 if ((rv = soft_unpack_obj_attribute(buf, &priexpo,
1542 NULL, &offset, B_FALSE)) != CKR_OK)
1543 goto pri_cleanup;
1544
1545 copy_bigint_attr(&priexpo, KEY_PRI_RSA_PRIEXPO(pvk));
1546
1547 buf += ROUNDUP(offset, 8);
1548
1549 /* prime1 */
1550 if ((rv = soft_unpack_obj_attribute(buf, &prime1,
1551 NULL, &offset, B_FALSE)) != CKR_OK)
1552 goto pri_cleanup;
1553
1554 copy_bigint_attr(&prime1, KEY_PRI_RSA_PRIME1(pvk));
1555
1556 buf += ROUNDUP(offset, 8);
1557
1558 /* prime2 */
1559 if ((rv = soft_unpack_obj_attribute(buf, &prime2,
1560 NULL, &offset, B_FALSE)) != CKR_OK)
1561 goto pri_cleanup;
1562
1563 copy_bigint_attr(&prime2, KEY_PRI_RSA_PRIME2(pvk));
1564
1565 buf += ROUNDUP(offset, 8);
1566
1567 /* expo1 */
1568 if ((rv = soft_unpack_obj_attribute(buf, &expo1,
1569 NULL, &offset, B_FALSE)) != CKR_OK)
1570 goto pri_cleanup;
1571
1572 copy_bigint_attr(&expo1, KEY_PRI_RSA_EXPO1(pvk));
1573
1574 buf += ROUNDUP(offset, 8);
1575
1576 /* expo2 */
1577 if ((rv = soft_unpack_obj_attribute(buf, &expo2,
1578 NULL, &offset, B_FALSE)) != CKR_OK)
1579 goto pri_cleanup;
1580
1581 copy_bigint_attr(&expo2, KEY_PRI_RSA_EXPO2(pvk));
1582
1583 buf += ROUNDUP(offset, 8);
1584
1585 /* coef */
1586 if ((rv = soft_unpack_obj_attribute(buf, &coef,
1587 NULL, &offset, B_FALSE)) != CKR_OK)
1588 goto pri_cleanup;
1589
1590 copy_bigint_attr(&coef, KEY_PRI_RSA_COEF(pvk));
1591
1592 break;
1593
1594 case CKK_DSA:
1595 /* prime */
1596 if ((rv = soft_unpack_obj_attribute(buf, &prime,
1597 NULL, &offset, B_FALSE)) != CKR_OK)
1598 goto pri_cleanup;
1599
1600 copy_bigint_attr(&prime, KEY_PRI_DSA_PRIME(pvk));
1601
1602 buf += ROUNDUP(offset, 8);
1603
1604 /* subprime */
1605 if ((rv = soft_unpack_obj_attribute(buf, &subprime,
1606 NULL, &offset, B_FALSE)) != CKR_OK)
1607 goto pri_cleanup;
1608
1609 copy_bigint_attr(&subprime, KEY_PRI_DSA_SUBPRIME(pvk));
1610
1611 buf += ROUNDUP(offset, 8);
1612
1613 /* base */
1614 if ((rv = soft_unpack_obj_attribute(buf, &base,
1615 NULL, &offset, B_FALSE)) != CKR_OK)
1616 goto pri_cleanup;
1617
1618 copy_bigint_attr(&base, KEY_PRI_DSA_BASE(pvk));
1619
1620 buf += ROUNDUP(offset, 8);
1621
1622 /* value */
1623 if ((rv = soft_unpack_obj_attribute(buf, &value,
1624 NULL, &offset, B_FALSE)) != CKR_OK)
1625 goto pri_cleanup;
1626
1627 copy_bigint_attr(&value, KEY_PRI_DSA_VALUE(pvk));
1628
1629 break;
1630
1631 case CKK_DH:
1632 /* value_bits */
1633 (void) memcpy(&tmp_val, buf, sizeof (uint64_t));
1634 KEY_PRI_DH_VAL_BITS(pvk) = (CK_ULONG)(SWAP64(tmp_val));
1635 buf = buf + sizeof (uint64_t);
1636
1637 /* prime */
1638 if ((rv = soft_unpack_obj_attribute(buf, &prime,
1639 NULL, &offset, B_FALSE)) != CKR_OK)
1640 goto pri_cleanup;
1641
1642 copy_bigint_attr(&prime, KEY_PRI_DH_PRIME(pvk));
1643
1644 buf += ROUNDUP(offset, 8);
1645
1646 /* base */
1647 if ((rv = soft_unpack_obj_attribute(buf, &base,
1648 NULL, &offset, B_FALSE)) != CKR_OK)
1649 goto pri_cleanup;
1650
1651 copy_bigint_attr(&base, KEY_PRI_DH_BASE(pvk));
1652
1653 buf += ROUNDUP(offset, 8);
1654
1655 /* value */
1656 if ((rv = soft_unpack_obj_attribute(buf, &value,
1657 NULL, &offset, B_FALSE)) != CKR_OK)
1658 goto pri_cleanup;
1659
1660 copy_bigint_attr(&value, KEY_PRI_DH_VALUE(pvk));
1661
1662 break;
1663
1664 case CKK_EC:
1665 /* value */
1666 if ((rv = soft_unpack_obj_attribute(buf, &value,
1667 NULL, &offset, B_FALSE)) != CKR_OK)
1668 goto pri_cleanup;
1669
1670 copy_bigint_attr(&value, KEY_PRI_EC_VALUE(pvk));
1671 break;
1672
1673 case CKK_X9_42_DH:
1674 /* prime */
1675 if ((rv = soft_unpack_obj_attribute(buf, &prime,
1676 NULL, &offset, B_FALSE)) != CKR_OK)
1677 goto pri_cleanup;
1678
1679 copy_bigint_attr(&prime, KEY_PRI_DH942_PRIME(pvk));
1680
1681 buf += ROUNDUP(offset, 8);
1682
1683 /* base */
1684 if ((rv = soft_unpack_obj_attribute(buf, &base,
1685 NULL, &offset, B_FALSE)) != CKR_OK)
1686 goto pri_cleanup;
1687
1688 copy_bigint_attr(&base, KEY_PRI_DH942_BASE(pvk));
1689
1690 buf += ROUNDUP(offset, 8);
1691
1692 /* subprime */
1693 if ((rv = soft_unpack_obj_attribute(buf, &subprime,
1694 NULL, &offset, B_FALSE)) != CKR_OK)
1695 goto pri_cleanup;
1696
1697 copy_bigint_attr(&subprime, KEY_PRI_DH942_BASE(pvk));
1698
1699 buf += ROUNDUP(offset, 8);
1700
1701 /* value */
1702 if ((rv = soft_unpack_obj_attribute(buf, &value,
1703 NULL, &offset, B_FALSE)) != CKR_OK)
1704 goto pri_cleanup;
1705
1706 copy_bigint_attr(&value, KEY_PRI_DH942_VALUE(pvk));
1707
1708 break;
1709 } /* keytype */
1710
1711 break;
1712
1713 case CKO_SECRET_KEY:
1714 /* Allocate storage for Secret Key Object. */
1715 sck = calloc(1, sizeof (secret_key_obj_t));
1716 if (sck == NULL) {
1717 return (CKR_HOST_MEMORY);
1718 }
1719
1720 objp->object_class_u.secret_key = sck;
1721
1722 /* value */
1723 (void) memcpy((void *)&tmp_val, buf, sizeof (uint64_t));
1724 OBJ_SEC_VALUE_LEN(objp) = (CK_ULONG)(SWAP64(tmp_val));
1725 buf = buf + sizeof (uint64_t);
1726
1727 if (OBJ_SEC_VALUE_LEN(objp) > 0) {
1728 OBJ_SEC_VALUE(objp) = malloc(OBJ_SEC_VALUE_LEN(objp));
1729 if (OBJ_SEC_VALUE(objp) == NULL) {
1730 free(sck);
1731 return (CKR_HOST_MEMORY);
1732 }
1733 (void) memcpy(OBJ_SEC_VALUE(objp), buf,
1734 OBJ_SEC_VALUE_LEN(objp));
1735
1736 buf = buf + ROUNDUP(OBJ_SEC_VALUE_LEN(objp), 8);
1737 }
1738
1739 return (rv);
1740
1741 case CKO_CERTIFICATE:
1742 /* Allocate storage for Certificate Object. */
1743 cert = calloc(1, sizeof (certificate_obj_t));
1744 if (cert == NULL) {
1745 return (CKR_HOST_MEMORY);
1746 }
1747 (void) memset(cert, 0, sizeof (certificate_obj_t));
1748
1749 cert->certificate_type = certtype;
1750 objp->object_class_u.certificate = cert;
1751
1752 switch (certtype) {
1753 case CKC_X_509:
1754 /* subject */
1755 if ((rv = soft_unpack_obj_attribute(buf, NULL,
1756 &cert->cert_type_u.x509.subject,
1757 &offset, B_TRUE)) != CKR_OK) {
1758 free(cert);
1759 return (rv);
1760 }
1761
1762 buf += ROUNDUP(offset, 8);
1763
1764 /* value */
1765 if ((rv = soft_unpack_obj_attribute(buf, NULL,
1766 &cert->cert_type_u.x509.value,
1767 &offset, B_TRUE)) != CKR_OK) {
1768 free(cert);
1769 return (rv);
1770 }
1771
1772 break;
1773
1774 case CKC_X_509_ATTR_CERT:
1775 /* owner */
1776 if ((rv = soft_unpack_obj_attribute(buf, NULL,
1777 &cert->cert_type_u.x509_attr.owner,
1778 &offset, B_TRUE)) != CKR_OK) {
1779 free(cert);
1780 return (rv);
1781 }
1782
1783 buf += ROUNDUP(offset, 8);
1784
1785 /* value */
1786 if ((rv = soft_unpack_obj_attribute(buf, NULL,
1787 &cert->cert_type_u.x509_attr.value,
1788 &offset, B_TRUE)) != CKR_OK) {
1789 free(cert);
1790 return (rv);
1791 }
1792
1793 break;
1794 }
1795
1796 return (rv);
1797
1798 case CKO_DOMAIN_PARAMETERS:
1799
1800 break;
1801 }
1802
1803 pub_cleanup:
1804 /*
1805 * cleanup the storage allocated to the local variables.
1806 */
1807 if (rv != CKR_OK)
1808 free(pbk);
1809 bigint_attr_cleanup(&modulus);
1810 bigint_attr_cleanup(&pubexpo);
1811 bigint_attr_cleanup(&prime);
1812 bigint_attr_cleanup(&subprime);
1813 bigint_attr_cleanup(&base);
1814 bigint_attr_cleanup(&value);
1815 return (rv);
1816
1817 pri_cleanup:
1818 /*
1819 * cleanup the storage allocated to the local variables.
1820 */
1821 if (rv != CKR_OK)
1822 free(pvk);
1823 bigint_attr_cleanup(&modulus);
1824 bigint_attr_cleanup(&priexpo);
1825 bigint_attr_cleanup(&prime);
1826 bigint_attr_cleanup(&subprime);
1827 bigint_attr_cleanup(&base);
1828 bigint_attr_cleanup(&value);
1829 bigint_attr_cleanup(&pubexpo);
1830 bigint_attr_cleanup(&prime1);
1831 bigint_attr_cleanup(&prime2);
1832 bigint_attr_cleanup(&expo1);
1833 bigint_attr_cleanup(&expo2);
1834 bigint_attr_cleanup(&coef);
1835 return (rv);
1836 }
1837
1838
1839 /*
1840 * Store the token object to a keystore file.
1841 */
1842 CK_RV
1843 soft_put_object_to_keystore(soft_object_t *objp)
1844 {
1845
1846 uchar_t *buf;
1847 size_t len;
1848 CK_RV rv;
1849
1850 rv = soft_keystore_pack_obj(objp, &buf, &len);
1851 if (rv != CKR_OK)
1852 return (rv);
1853
1854 (void) pthread_mutex_lock(&soft_slot.slot_mutex);
1855 if (soft_keystore_put_new_obj(buf, len,
1856 !!(objp->object_type == TOKEN_PUBLIC), B_FALSE,
1857 &objp->ks_handle) == -1) {
1858 rv = CKR_FUNCTION_FAILED;
1859 }
1860 (void) pthread_mutex_unlock(&soft_slot.slot_mutex);
1861
1862 freezero(buf, len);
1863 return (rv);
1864 }
1865
1866 /*
1867 * Modify the in-core token object and then write it to
1868 * a keystore file.
1869 */
1870 CK_RV
1871 soft_modify_object_to_keystore(soft_object_t *objp)
1872 {
1873
1874 uchar_t *buf;
1875 size_t len;
1876 CK_RV rv;
1877
1878 rv = soft_keystore_pack_obj(objp, &buf, &len);
1879 if (rv != CKR_OK)
1880 return (rv);
1881
1882 /* B_TRUE: caller has held a writelock on the keystore */
1883 if (soft_keystore_modify_obj(&objp->ks_handle, buf, len,
1884 B_TRUE) < 0) {
1885 rv = CKR_FUNCTION_FAILED;
1886 }
1887
1888 freezero(buf, len);
1889 return (rv);
1890
1891 }
1892
1893 /*
1894 * Read the token object from the keystore file.
1895 */
1896 CK_RV
1897 soft_get_token_objects_from_keystore(ks_search_type_t type)
1898 {
1899 CK_RV rv;
1900 ks_obj_t *ks_obj = NULL, *ks_obj_next;
1901 soft_object_t *new_objp = NULL;
1902
1903 /* Load the token object from keystore based on the object type */
1904 rv = soft_keystore_get_objs(type, &ks_obj, B_FALSE);
1905 if (rv != CKR_OK) {
1906 return (rv);
1907 }
1908
1909 while (ks_obj) {
1910
1911 new_objp = calloc(1, sizeof (soft_object_t));
1912 if (new_objp == NULL) {
1913 rv = CKR_HOST_MEMORY;
1914 goto cleanup;
1915 }
1916 /* Convert the keystore format to memory format */
1917 rv = soft_keystore_unpack_obj(new_objp, ks_obj);
1918 if (rv != CKR_OK) {
1919 if (new_objp->class == CKO_CERTIFICATE)
1920 soft_cleanup_cert_object(new_objp);
1921 else
1922 soft_cleanup_object(new_objp);
1923 goto cleanup;
1924 }
1925
1926 soft_add_token_object_to_slot(new_objp);
1927
1928 /* Free the ks_obj list */
1929 ks_obj_next = ks_obj->next;
1930 freezero(ks_obj->buf, ks_obj->size);
1931 free(ks_obj);
1932 ks_obj = ks_obj_next;
1933 }
1934
1935 return (CKR_OK);
1936
1937 cleanup:
1938 while (ks_obj) {
1939 ks_obj_next = ks_obj->next;
1940 freezero(ks_obj->buf, ks_obj->size);
1941 free(ks_obj);
1942 ks_obj = ks_obj_next;
1943 }
1944 return (rv);
1945 }
1946
1947 /*
1948 * soft_gen_crypt_key()
1949 *
1950 * Arguments:
1951 *
1952 * pPIN: pointer to caller provided Pin
1953 * key: output argument which contains the address of the
1954 * pointer to encryption key in the soft_object_t.
1955 * It is caller's responsibility to call soft_delete_object()
1956 * if this key is no longer in use.
1957 * saltdata: input argument (if non-NULL), or
1958 * output argument (if NULL):
1959 * address of pointer to the "salt" of the encryption key
1960 *
1961 * Description:
1962 *
1963 * Generate an encryption key of the input PIN.
1964 *
1965 * Returns:
1966 *
1967 * CKR_OK: no error
1968 * Other: some error occurred while generating the encryption key
1969 *
1970 */
1971 CK_RV
1972 soft_gen_crypt_key(uchar_t *pPIN, soft_object_t **key, CK_BYTE **saltdata)
1973 {
1974 CK_OBJECT_CLASS class = CKO_SECRET_KEY;
1975 CK_ATTRIBUTE tmpl[5];
1976 int attrs = 0;
1977 CK_RV rv;
1978 CK_MECHANISM Mechanism;
1979 CK_PKCS5_PBKD2_PARAMS params;
1980 CK_BYTE salt[PBKD2_SALT_SIZE];
1981 CK_ULONG keylen = AES_MIN_KEY_BYTES;
1982 CK_KEY_TYPE keytype = CKK_AES;
1983 static CK_BBOOL truevalue = TRUE;
1984 soft_object_t *secret_key;
1985 CK_OBJECT_HANDLE hKey;
1986 CK_ULONG passwd_size;
1987
1988 if (pPIN == NULL)
1989 return (CKR_FUNCTION_FAILED);
1990
1991 tmpl[attrs].type = CKA_CLASS;
1992 tmpl[attrs].pValue = &class;
1993 tmpl[attrs].ulValueLen = sizeof (class);
1994 attrs++;
1995
1996 tmpl[attrs].type = CKA_KEY_TYPE;
1997 tmpl[attrs].pValue = &keytype;
1998 tmpl[attrs].ulValueLen = sizeof (keytype);
1999 attrs++;
2000
2001 tmpl[attrs].type = CKA_ENCRYPT;
2002 tmpl[attrs].pValue = &truevalue;
2003 tmpl[attrs].ulValueLen = sizeof (CK_BBOOL);
2004 attrs++;
2005
2006 tmpl[attrs].type = CKA_DECRYPT;
2007 tmpl[attrs].pValue = &truevalue;
2008 tmpl[attrs].ulValueLen = sizeof (CK_BBOOL);
2009 attrs++;
2010
2011 tmpl[attrs].type = CKA_VALUE_LEN;
2012 tmpl[attrs].pValue = &keylen;
2013 tmpl[attrs].ulValueLen = sizeof (keylen);
2014 attrs++;
2015
2016 if (*saltdata == NULL) {
2017 bzero(salt, sizeof (salt));
2018 (void) pkcs11_get_nzero_urandom(salt, sizeof (salt));
2019 *saltdata = malloc(PBKD2_SALT_SIZE);
2020 if (*saltdata == NULL)
2021 return (CKR_HOST_MEMORY);
2022 (void) memcpy(*saltdata, salt, PBKD2_SALT_SIZE);
2023 } else {
2024 bzero(salt, sizeof (salt));
2025 (void) memcpy(salt, *saltdata, PBKD2_SALT_SIZE);
2026 }
2027
2028 Mechanism.mechanism = CKM_PKCS5_PBKD2;
2029 Mechanism.pParameter = &params;
2030 Mechanism.ulParameterLen = sizeof (params);
2031 passwd_size = (CK_ULONG)strlen((const char *)pPIN);
2032
2033 params.saltSource = CKZ_SALT_SPECIFIED;
2034 params.pSaltSourceData = (void *)salt;
2035 params.ulSaltSourceDataLen = sizeof (salt);
2036 params.iterations = PBKD2_ITERATIONS;
2037 params.prf = CKP_PKCS5_PBKD2_HMAC_SHA1;
2038 params.pPrfData = NULL;
2039 params.ulPrfDataLen = 0;
2040 params.pPassword = (CK_UTF8CHAR_PTR)pPIN;
2041 params.ulPasswordLen = &passwd_size;
2042
2043 rv = soft_gen_keyobject(tmpl, attrs, &hKey, &token_session,
2044 CKO_SECRET_KEY, CKK_AES, 0, SOFT_GEN_KEY, B_TRUE);
2045
2046 if (rv != CKR_OK) {
2047 return (rv);
2048 }
2049
2050 /* Obtain the secret object pointer. */
2051 secret_key = (soft_object_t *)hKey;
2052 keylen = OBJ_SEC_VALUE_LEN(secret_key);
2053 if ((OBJ_SEC_VALUE(secret_key) = malloc(keylen)) == NULL) {
2054 soft_delete_object(&token_session, secret_key,
2055 B_FALSE, B_FALSE);
2056 return (CKR_HOST_MEMORY);
2057 }
2058
2059 rv = soft_generate_pkcs5_pbkdf2_key(&token_session, &Mechanism,
2060 secret_key);
2061
2062 if (rv != CKR_OK)
2063 soft_delete_object(&token_session, secret_key,
2064 B_FALSE, B_FALSE);
2065 else
2066 *key = secret_key;
2067
2068 return (rv);
2069
2070 }
2071
2072 /*
2073 * soft_gen_hmac_key()
2074 *
2075 * Arguments:
2076 *
2077 * pPIN: pointer to caller provided Pin
2078 * key: output argument which contains the address of the
2079 * pointer to hmac key in the soft_object_t.
2080 * It is caller's responsibility to call soft_delete_object()
2081 * if this key is no longer in use.
2082 * saltdata: input argument (if non-NULL), or
2083 * output argument (if NULL):
2084 * address of pointer to the "salt" of the hmac key
2085 *
2086 * Description:
2087 *
2088 * Generate a hmac key of the input PIN.
2089 *
2090 * Returns:
2091 *
2092 * CKR_OK: no error
2093 * Other: some error occurred while generating the hmac key
2094 *
2095 */
2096 CK_RV
2097 soft_gen_hmac_key(uchar_t *pPIN, soft_object_t **key, CK_BYTE **saltdata)
2098 {
2099 CK_OBJECT_CLASS class = CKO_SECRET_KEY;
2100 CK_ATTRIBUTE tmpl[5];
2101 int attrs = 0;
2102 CK_RV rv;
2103 CK_MECHANISM Mechanism;
2104 CK_PKCS5_PBKD2_PARAMS params;
2105 CK_BYTE salt[PBKD2_SALT_SIZE];
2106 CK_ULONG keylen = 16;
2107 CK_KEY_TYPE keytype = CKK_GENERIC_SECRET;
2108 static CK_BBOOL truevalue = TRUE;
2109 soft_object_t *secret_key;
2110 CK_OBJECT_HANDLE hKey;
2111 CK_ULONG passwd_size;
2112
2113 if (pPIN == NULL)
2114 return (CKR_FUNCTION_FAILED);
2115
2116 tmpl[attrs].type = CKA_CLASS;
2117 tmpl[attrs].pValue = &class;
2118 tmpl[attrs].ulValueLen = sizeof (class);
2119 attrs++;
2120
2121 tmpl[attrs].type = CKA_KEY_TYPE;
2122 tmpl[attrs].pValue = &keytype;
2123 tmpl[attrs].ulValueLen = sizeof (keytype);
2124 attrs++;
2125
2126 tmpl[attrs].type = CKA_SIGN;
2127 tmpl[attrs].pValue = &truevalue;
2128 tmpl[attrs].ulValueLen = sizeof (CK_BBOOL);
2129 attrs++;
2130
2131 tmpl[attrs].type = CKA_VERIFY;
2132 tmpl[attrs].pValue = &truevalue;
2133 tmpl[attrs].ulValueLen = sizeof (CK_BBOOL);
2134 attrs++;
2135
2136 tmpl[attrs].type = CKA_VALUE_LEN;
2137 tmpl[attrs].pValue = &keylen;
2138 tmpl[attrs].ulValueLen = sizeof (keylen);
2139 attrs++;
2140
2141 if (*saltdata == NULL) {
2142 bzero(salt, sizeof (salt));
2143 (void) pkcs11_get_nzero_urandom(salt, sizeof (salt));
2144 *saltdata = malloc(PBKD2_SALT_SIZE);
2145 if (*saltdata == NULL)
2146 return (CKR_HOST_MEMORY);
2147 (void) memcpy(*saltdata, salt, PBKD2_SALT_SIZE);
2148 } else {
2149 bzero(salt, sizeof (salt));
2150 (void) memcpy(salt, *saltdata, PBKD2_SALT_SIZE);
2151 }
2152
2153 Mechanism.mechanism = CKM_PKCS5_PBKD2;
2154 Mechanism.pParameter = &params;
2155 Mechanism.ulParameterLen = sizeof (params);
2156 passwd_size = (CK_ULONG)strlen((const char *)pPIN);
2157
2158 params.saltSource = CKZ_SALT_SPECIFIED;
2159 params.pSaltSourceData = (void *)salt;
2160 params.ulSaltSourceDataLen = sizeof (salt);
2161 params.iterations = PBKD2_ITERATIONS;
2162 params.prf = CKP_PKCS5_PBKD2_HMAC_SHA1;
2163 params.pPrfData = NULL;
2164 params.ulPrfDataLen = 0;
2165 params.pPassword = (CK_UTF8CHAR_PTR)pPIN;
2166 params.ulPasswordLen = &passwd_size;
2167
2168 rv = soft_gen_keyobject(tmpl, attrs, &hKey, &token_session,
2169 CKO_SECRET_KEY, CKK_GENERIC_SECRET, 0, SOFT_GEN_KEY, B_TRUE);
2170
2171 if (rv != CKR_OK) {
2172 return (rv);
2173 }
2174
2175 /* Obtain the secret object pointer. */
2176 secret_key = (soft_object_t *)hKey;
2177 keylen = OBJ_SEC_VALUE_LEN(secret_key);
2178 if ((OBJ_SEC_VALUE(secret_key) = malloc(keylen)) == NULL) {
2179 soft_delete_object(&token_session, secret_key,
2180 B_FALSE, B_FALSE);
2181 return (CKR_HOST_MEMORY);
2182 }
2183
2184 rv = soft_generate_pkcs5_pbkdf2_key(&token_session, &Mechanism,
2185 secret_key);
2186
2187 if (rv != CKR_OK)
2188 soft_delete_object(&token_session, secret_key,
2189 B_FALSE, B_FALSE);
2190 else
2191 *key = secret_key;
2192
2193 return (rv);
2194
2195 }
2196
2197 /*
2198 * The token session is just a psuedo session (a place holder)
2199 * to hold some information during encryption/decryption and
2200 * sign/verify operations when writing/reading the keystore
2201 * token object.
2202 */
2203 CK_RV
2204 soft_init_token_session(void)
2205 {
2206
2207
2208 token_session.magic_marker = SOFTTOKEN_SESSION_MAGIC;
2209 token_session.pApplication = NULL_PTR;
2210 token_session.Notify = NULL;
2211 token_session.flags = CKF_SERIAL_SESSION;
2212 token_session.state = CKS_RO_PUBLIC_SESSION;
2213 token_session.object_list = NULL;
2214 token_session.ses_refcnt = 0;
2215 token_session.ses_close_sync = 0;
2216 token_session.next = NULL;
2217 token_session.prev = NULL;
2218
2219 /* Initialize the lock for the token session */
2220 if (pthread_mutex_init(&token_session.session_mutex, NULL) != 0) {
2221 return (CKR_CANT_LOCK);
2222 }
2223
2224 (void) pthread_cond_init(&token_session.ses_free_cond, NULL);
2225
2226 return (CKR_OK);
2227
2228 }
2229
2230 void
2231 soft_destroy_token_session(void)
2232 {
2233
2234 (void) pthread_cond_destroy(&token_session.ses_free_cond);
2235 (void) pthread_mutex_destroy(&token_session.session_mutex);
2236
2237 }
2238
2239 /*
2240 * Encrypt/Decrypt the private token object when dealing with the keystore.
2241 * This function only applies to the private token object.
2242 */
2243 CK_RV
2244 soft_keystore_crypt(soft_object_t *key_p, uchar_t *ivec, boolean_t encrypt,
2245 CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG_PTR out_len)
2246 {
2247 CK_MECHANISM mech;
2248 CK_RV rv;
2249 CK_ULONG tmplen, tmplen1;
2250
2251 /*
2252 * The caller will pass NULL for "out" (output buffer) to find out
2253 * the output buffer size that it need to allocate for the encrption
2254 * or decryption.
2255 */
2256 if (out == NULL) {
2257 mech.mechanism = CKM_AES_CBC_PAD;
2258 mech.pParameter = (void *)ivec;
2259 mech.ulParameterLen = AES_BLOCK_LEN;
2260
2261 if (encrypt)
2262 rv = soft_aes_crypt_init_common(&token_session, &mech,
2263 key_p, B_TRUE);
2264 else
2265 rv = soft_aes_crypt_init_common(&token_session, &mech,
2266 key_p, B_FALSE);
2267
2268 if (rv != CKR_OK)
2269 return (rv);
2270
2271 /*
2272 * Since out == NULL, the soft_aes_xxcrypt_common() will
2273 * simply return the output buffer length to the caller.
2274 */
2275 if (encrypt) {
2276 rv = soft_aes_encrypt(&token_session, in, in_len,
2277 out, out_len);
2278 } else {
2279 rv = soft_aes_decrypt(&token_session, in, in_len,
2280 out, out_len);
2281 }
2282
2283 } else {
2284 /*
2285 * The caller has allocated the output buffer, so that we
2286 * are doing the real encryption/decryption this time.
2287 */
2288 tmplen = *out_len;
2289 if (encrypt) {
2290 rv = soft_aes_encrypt_update(&token_session, in,
2291 in_len, out, &tmplen);
2292 if (rv == CKR_OK) {
2293 tmplen1 = *out_len - tmplen;
2294 rv = soft_encrypt_final(&token_session,
2295 out+tmplen, &tmplen1);
2296 *out_len = tmplen + tmplen1;
2297 }
2298 } else {
2299 rv = soft_aes_decrypt_update(&token_session, in,
2300 in_len, out, &tmplen);
2301 if (rv == CKR_OK) {
2302 tmplen1 = *out_len - tmplen;
2303 rv = soft_decrypt_final(&token_session,
2304 out+tmplen, &tmplen1);
2305 *out_len = tmplen + tmplen1;
2306 }
2307 }
2308 }
2309
2310 return (rv);
2311
2312 }
2313
2314 /*
2315 * Sign/Verify the private token object for checking its data integrity
2316 * when dealing with the keystore.
2317 * This function only applies to the private token object.
2318 */
2319 CK_RV
2320 soft_keystore_hmac(soft_object_t *key_p, boolean_t sign,
2321 CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG_PTR out_len)
2322 {
2323 CK_MECHANISM mech;
2324 CK_RV rv;
2325
2326 mech.mechanism = CKM_MD5_HMAC;
2327 mech.pParameter = NULL_PTR;
2328 mech.ulParameterLen = 0;
2329
2330 rv = soft_hmac_sign_verify_init_common(&token_session, &mech,
2331 key_p, sign);
2332
2333 if (rv != CKR_OK)
2334 return (rv);
2335
2336 if (sign) {
2337 rv = soft_sign(&token_session, in, in_len, out, out_len);
2338 } else {
2339 rv = soft_verify(&token_session, in, in_len, out, *out_len);
2340 }
2341
2342 return (rv);
2343 }