4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2018, Joyent, Inc.
27 #include <cryptoutil.h>
33 #include <sys/types.h>
34 #include <sys/sysmacros.h>
35 #include <security/cryptoki.h>
36 #include "softGlobal.h"
37 #include "softCrypt.h"
38 #include "softSession.h"
39 #include "softObject.h"
41 #include "softKeystore.h"
42 #include "softKeystoreUtil.h"
46 soft_session_t token_session
;
49 * soft_gen_hashed_pin()
53 * pPin: pointer to caller provided Pin
54 * result: output argument which contains the address of the
55 * pointer to the hashed pin
56 * salt: input argument (if non-NULL), or
57 * output argument (if NULL):
58 * address of pointer to the "salt" of the hashed pin
62 * Generate a hashed pin using system provided crypt(3C) function.
67 * -1: some error occurred while generating the hashed pin
71 soft_gen_hashed_pin(CK_UTF8CHAR_PTR pPin
, char **result
, char **salt
)
75 struct passwd pwd
, *pw
;
76 char pwdbuf
[PWD_BUFFER_SIZE
];
77 boolean_t new_salt
= B_FALSE
;
80 * We need to get the passwd entry of the application, which is required
81 * by the crypt_gensalt() below.
84 if (getpwuid_r(uid
, &pwd
, pwdbuf
, PWD_BUFFER_SIZE
, &pw
) != 0) {
91 * crypt_gensalt() will allocate memory to store the new salt.
92 * on return. Pass "$5" here to default to crypt_sha256 since
93 * SHA256 is a FIPS 140-2 certified algorithm and we shouldn't
94 * assume the system default is that strong.
96 if ((*salt
= crypt_gensalt("$5", pw
)) == NULL
) {
101 if ((*result
= crypt((char *)pPin
, *salt
)) == NULL
) {
103 size_t saltlen
= strlen(*salt
) + 1;
105 freezero(*salt
, saltlen
);
114 * Authenticate user's PIN for C_Login.
117 soft_verify_pin(CK_UTF8CHAR_PTR pPin
, CK_ULONG ulPinLen
)
120 char *user_cryptpin
= NULL
;
121 char *ks_cryptpin
= NULL
;
123 uchar_t
*tmp_pin
= NULL
;
124 boolean_t pin_initialized
= B_FALSE
;
128 * Check to see if keystore is initialized.
130 rv
= soft_keystore_pin_initialized(&pin_initialized
, &ks_cryptpin
,
136 * Authenticate user's PIN for C_Login.
138 if (pin_initialized
) {
140 if (soft_keystore_get_pin_salt(&salt
) < 0) {
141 rv
= CKR_FUNCTION_FAILED
;
146 * Generate the hashed value based on the user's supplied pin.
148 tmp_pin
= malloc(ulPinLen
+ 1);
149 if (tmp_pin
== NULL
) {
150 rv
= CKR_HOST_MEMORY
;
154 (void) memcpy(tmp_pin
, pPin
, ulPinLen
);
155 tmp_pin
[ulPinLen
] = '\0';
157 if (soft_gen_hashed_pin(tmp_pin
, &user_cryptpin
, &salt
) < 0) {
158 rv
= CKR_FUNCTION_FAILED
;
163 * Compare hash value of the user supplied PIN with
164 * hash value of the keystore PIN.
166 if (strcmp(user_cryptpin
, ks_cryptpin
) != 0) {
167 rv
= CKR_PIN_INCORRECT
;
172 * Provide the user's PIN to low-level keystore so that
173 * it can use it to generate encryption key as needed for
174 * encryption/decryption of the private objects in
177 if (soft_keystore_authpin(tmp_pin
) != 0) {
178 rv
= CKR_FUNCTION_FAILED
;
185 * The PIN is not initialized in the keystore
186 * We will let it pass the authentication anyway but set the
187 * "userpin_change_needed" flag so that the application
188 * will get CKR_PIN_EXPIRED by other C_functions such as
189 * C_CreateObject, C_FindObjectInit, C_GenerateKey etc.
191 soft_slot
.userpin_change_needed
= 1;
196 freezero(salt
, salt
? (strlen(salt
) + 1) : 0);
197 freezero(tmp_pin
, tmp_pin
? (strlen((char *)tmp_pin
) + 1) : 0);
198 freezero(ks_cryptpin
, ks_cryptpin
? (strlen(ks_cryptpin
) + 1) : 0);
203 * The second level C_SetPIN function.
206 soft_setpin(CK_UTF8CHAR_PTR pOldPin
, CK_ULONG ulOldPinLen
,
207 CK_UTF8CHAR_PTR pNewPin
, CK_ULONG ulNewPinLen
)
210 char *user_cryptpin
= NULL
;
211 char *ks_cryptpin
= NULL
;
213 boolean_t pin_initialized
= B_FALSE
;
214 uchar_t
*tmp_old_pin
= NULL
, *tmp_new_pin
= NULL
;
219 * Check to see if keystore is initialized.
221 rv
= soft_keystore_pin_initialized(&pin_initialized
, &ks_cryptpin
,
227 * Authenticate user's PIN for C_SetPIN.
229 if (pin_initialized
) {
231 * Generate the hashed value based on the user supplied PIN.
233 if (soft_keystore_get_pin_salt(&salt
) < 0) {
234 rv
= CKR_FUNCTION_FAILED
;
238 tmp_old_pin
= malloc(ulOldPinLen
+ 1);
239 if (tmp_old_pin
== NULL
) {
240 rv
= CKR_HOST_MEMORY
;
243 (void) memcpy(tmp_old_pin
, pOldPin
, ulOldPinLen
);
244 tmp_old_pin
[ulOldPinLen
] = '\0';
246 if (soft_gen_hashed_pin(tmp_old_pin
, &user_cryptpin
,
248 rv
= CKR_FUNCTION_FAILED
;
253 * Compare hashed value of the user supplied PIN with the
254 * hashed value of the keystore PIN.
256 if (strcmp(user_cryptpin
, ks_cryptpin
) != 0) {
257 rv
= CKR_PIN_INCORRECT
;
262 * This is the first time to setpin, the oldpin must be
265 if (strncmp("changeme", (const char *)pOldPin
,
267 rv
= CKR_PIN_INCORRECT
;
272 tmp_new_pin
= malloc(ulNewPinLen
+ 1);
273 if (tmp_new_pin
== NULL
) {
274 rv
= CKR_HOST_MEMORY
;
277 (void) memcpy(tmp_new_pin
, pNewPin
, ulNewPinLen
);
278 tmp_new_pin
[ulNewPinLen
] = '\0';
281 * Set the new pin after the old pin is authenticated.
283 if (soft_keystore_setpin(tmp_old_pin
, tmp_new_pin
, B_FALSE
)) {
284 rv
= CKR_FUNCTION_FAILED
;
287 (void) pthread_mutex_lock(&soft_giant_mutex
);
288 soft_slot
.userpin_change_needed
= 0;
289 (void) pthread_mutex_unlock(&soft_giant_mutex
);
294 freezero(salt
, salt
? (strlen(salt
) + 1) : 0);
295 freezero(ks_cryptpin
, ks_cryptpin
? (strlen(ks_cryptpin
) + 1) : 0);
296 freezero(tmp_old_pin
, tmp_old_pin
? (strlen((char *)tmp_old_pin
) + 1) : 0);
297 freezero(tmp_new_pin
, tmp_new_pin
? (strlen((char *)tmp_new_pin
) + 1) : 0);
303 * soft_keystore_pack_obj()
307 * obj: pointer to the soft_object_t of the token object to
309 * ks_buf: output argument which contains the address of the
310 * pointer to the buf of the packed token object
311 * soft_keystore_pack_obj() will allocate memory for the buf,
312 * it is caller's responsibility to free it.
313 * len: output argument which contains the address of the
314 * buffer length of the packed token object
318 * Pack the in-core token object into the keystore format.
323 * Other: some error occurred while packing the object
327 soft_keystore_pack_obj(soft_object_t
*obj
, uchar_t
**ks_buf
, size_t *len
)
330 ks_attr_hdr_t attr_hdr
;
331 CK_ATTRIBUTE_INFO_PTR extra_attr
;
333 ulong_t len_attrs
= 0;
339 (void) memset(&hdr
, 0, sizeof (ks_obj_hdr_t
));
342 * The first part of the packed format contains
343 * the ks_obj_hdr_t struct.
345 hdr
.class = SWAP64((uint64_t)obj
->class);
346 hdr
.key_type
= SWAP64((uint64_t)obj
->key_type
);
347 hdr
.cert_type
= SWAP64((uint64_t)obj
->cert_type
);
348 hdr
.bool_attr_mask
= SWAP64(obj
->bool_attr_mask
);
349 hdr
.mechanism
= SWAP64((uint64_t)obj
->mechanism
);
350 hdr
.object_type
= obj
->object_type
;
353 * The second part of the packed format contains
354 * the attributes from the extra atrribute list.
356 extra_attr
= obj
->extra_attrlistp
;
360 len_attrs
+= ROUNDUP(extra_attr
->attr
.ulValueLen
, 8);
361 extra_attr
= extra_attr
->next
;
363 hdr
.num_attrs
= SWAP32(num_attrs
);
364 ks_len
= soft_pack_object_size(obj
);
365 ks_len
+= sizeof (ks_obj_hdr_t
) + len_attrs
+
366 2 * num_attrs
* sizeof (uint64_t);
367 buf
= calloc(1, ks_len
);
369 return (CKR_HOST_MEMORY
);
371 (void) memcpy(buf
, &hdr
, sizeof (ks_obj_hdr_t
));
372 buf1
= buf
+ sizeof (ks_obj_hdr_t
);
373 extra_attr
= obj
->extra_attrlistp
;
374 for (i
= 0; i
< num_attrs
; i
++) {
375 attr_hdr
.type
= SWAP64((uint64_t)extra_attr
->attr
.type
);
376 attr_hdr
.ulValueLen
=
377 SWAP64((uint64_t)extra_attr
->attr
.ulValueLen
);
378 (void) memcpy(buf1
, &attr_hdr
, sizeof (ks_attr_hdr_t
));
379 buf1
= buf1
+ sizeof (ks_attr_hdr_t
);
380 (void) memcpy(buf1
, extra_attr
->attr
.pValue
,
381 extra_attr
->attr
.ulValueLen
);
382 buf1
= buf1
+ ROUNDUP(extra_attr
->attr
.ulValueLen
, 8);
383 extra_attr
= extra_attr
->next
;
387 * The third part of the packed format contains
390 rv
= soft_pack_object(obj
, buf1
);
399 * soft_keystore_unpack_obj()
403 * obj: pointer to the soft_object_t to store the unpacked
405 * ks_obj: input argument which contains the pointer to the
406 * ks_obj_t struct of packed token object to be unpacked
410 * Unpack the token object in keystore format to in-core soft_object_t.
415 * Other: some error occurred while unpacking the object
419 soft_keystore_unpack_obj(soft_object_t
*obj
, ks_obj_t
*ks_obj
)
424 ks_attr_hdr_t
*attr_hdr
;
425 CK_ATTRIBUTE
template;
430 * Unpack the common area.
432 (void) strcpy((char *)obj
->ks_handle
.name
,
433 (char *)ks_obj
->ks_handle
.name
);
434 obj
->ks_handle
.public = ks_obj
->ks_handle
.public;
435 /* LINTED: pointer alignment */
436 hdr
= (ks_obj_hdr_t
*)ks_obj
->buf
;
437 obj
->version
= ks_obj
->obj_version
;
438 obj
->class = (CK_OBJECT_CLASS
)(SWAP64(hdr
->class));
439 obj
->key_type
= (CK_KEY_TYPE
)(SWAP64(hdr
->key_type
));
440 obj
->cert_type
= (CK_CERTIFICATE_TYPE
)(SWAP64(hdr
->cert_type
));
441 obj
->bool_attr_mask
= SWAP64(hdr
->bool_attr_mask
);
442 obj
->mechanism
= (CK_MECHANISM_TYPE
)(SWAP64(hdr
->mechanism
));
443 obj
->object_type
= hdr
->object_type
;
446 * Initialize other stuffs which were not from keystore.
448 (void) pthread_mutex_init(&obj
->object_mutex
, NULL
);
449 obj
->magic_marker
= SOFTTOKEN_OBJECT_MAGIC
;
450 obj
->session_handle
= (CK_SESSION_HANDLE
)NULL
;
452 buf
= ks_obj
->buf
+ sizeof (ks_obj_hdr_t
);
455 * Unpack extra attribute list.
457 for (i
= 0; i
< SWAP32(hdr
->num_attrs
); i
++) {
458 /* LINTED: pointer alignment */
459 attr_hdr
= (ks_attr_hdr_t
*)buf
;
460 (void) memset(&template, 0, sizeof (CK_ATTRIBUTE
));
461 template.type
= (CK_ATTRIBUTE_TYPE
)(SWAP64(attr_hdr
->type
));
462 template.ulValueLen
= (CK_ULONG
)(SWAP64(attr_hdr
->ulValueLen
));
463 buf
= buf
+ sizeof (ks_attr_hdr_t
);
464 /* Allocate storage for the value of the attribute. */
465 if (template.ulValueLen
> 0) {
466 template.pValue
= malloc(template.ulValueLen
);
467 if (template.pValue
== NULL
) {
468 return (CKR_HOST_MEMORY
);
470 (void) memcpy(template.pValue
, buf
,
471 template.ulValueLen
);
474 rv
= soft_add_extra_attr(&template, obj
);
475 freezero(template.pValue
, template.ulValueLen
);
481 buf
= buf
+ ROUNDUP(template.ulValueLen
, 8);
485 * Unpack the key itself.
487 rv
= soft_unpack_object(obj
, buf
);
494 * soft_unpack_obj_attribute()
498 * buf: contains the packed data (attributes) from keystore
499 * key_dest: the key attribute will be unpacked and save in key_dest
500 * cert_dest: the certificate attribute will be unpacked an
502 * offset: length of the current attribute occupies.
503 * The caller should use this returned "offset" to
504 * advance the buffer pointer to next attribute.
505 * cert: TRUE for certificate (use cert_dest)
506 * FALSE for key (use key_dest)
510 * Unpack the attribute from keystore format to the big integer format.
515 * Other: some error occurred while unpacking the object attribute
519 soft_unpack_obj_attribute(uchar_t
*buf
, biginteger_t
*key_dest
,
520 cert_attr_t
**cert_dest
, ulong_t
*offset
, boolean_t cert
)
524 CK_ATTRIBUTE
template;
526 /* LINTED: pointer alignment */
527 template.ulValueLen
= SWAP64(*(uint64_t *)buf
);
528 buf
= buf
+ sizeof (uint64_t);
529 template.pValue
= malloc(template.ulValueLen
);
530 if (template.pValue
== NULL
) {
531 return (CKR_HOST_MEMORY
);
534 (void) memcpy(template.pValue
, buf
, template.ulValueLen
);
536 rv
= get_cert_attr_from_template(cert_dest
, &template);
538 rv
= get_bigint_attr_from_template(key_dest
, &template);
541 freezero(template.pValue
, template.ulValueLen
);
546 *offset
= sizeof (uint64_t) + template.ulValueLen
;
552 * Calculate the total buffer length required to store the
553 * object key (the third part) in a keystore format.
556 soft_pack_object_size(soft_object_t
*objp
)
559 CK_OBJECT_CLASS
class = objp
->class;
560 CK_KEY_TYPE keytype
= objp
->key_type
;
561 CK_CERTIFICATE_TYPE certtype
= objp
->cert_type
;
568 * modulus_bits + modulus_len + modulus +
569 * pubexpo_len + pubexpo
571 return (ROUNDUP(((biginteger_t
*)
572 OBJ_PUB_RSA_MOD(objp
))->big_value_len
, 8) +
573 ROUNDUP(((biginteger_t
*)
574 OBJ_PUB_RSA_PUBEXPO(objp
))->big_value_len
, 8) +
575 3 * sizeof (uint64_t));
579 * prime_len + prime + subprime_len + subprime +
580 * base_len + base + value_len + value
582 return (ROUNDUP(((biginteger_t
*)
583 OBJ_PUB_DSA_PRIME(objp
))->big_value_len
, 8) +
584 ROUNDUP(((biginteger_t
*)
585 OBJ_PUB_DSA_SUBPRIME(objp
))->big_value_len
, 8) +
586 ROUNDUP(((biginteger_t
*)
587 OBJ_PUB_DSA_BASE(objp
))->big_value_len
, 8) +
588 ROUNDUP(((biginteger_t
*)
589 OBJ_PUB_DSA_VALUE(objp
))->big_value_len
, 8) +
590 4 * sizeof (uint64_t));
593 * ec_point_len + ec_point
595 return (ROUNDUP(((biginteger_t
*)
596 OBJ_PUB_EC_POINT(objp
))->big_value_len
, 8) +
600 * prime_len + prime + base_len + base +
603 return (ROUNDUP(((biginteger_t
*)
604 OBJ_PUB_DH_PRIME(objp
))->big_value_len
, 8) +
605 ROUNDUP(((biginteger_t
*)
606 OBJ_PUB_DH_BASE(objp
))->big_value_len
, 8) +
607 ROUNDUP(((biginteger_t
*)
608 OBJ_PUB_DH_VALUE(objp
))->big_value_len
, 8) +
609 3 * sizeof (uint64_t));
613 * prime_len + prime + base_len + base +
614 * subprime_len + subprime + value_len + value
616 return (ROUNDUP(((biginteger_t
*)
617 OBJ_PUB_DH942_PRIME(objp
))->big_value_len
, 8) +
618 ROUNDUP(((biginteger_t
*)
619 OBJ_PUB_DH942_BASE(objp
))->big_value_len
, 8) +
620 ROUNDUP(((biginteger_t
*)
621 OBJ_PUB_DH942_SUBPRIME(objp
))->big_value_len
, 8) +
622 ROUNDUP(((biginteger_t
*)
623 OBJ_PUB_DH942_VALUE(objp
))->big_value_len
, 8) +
624 4 * sizeof (uint64_t));
629 case CKO_PRIVATE_KEY
:
633 * modulus_len + modulus + pubexpo_len + pubexpo +
634 * priexpo_len + priexpo + prime1_len + prime1 +
635 * prime2_len + prime2 + expo1_len + expo1 +
636 * expo2_len + expo2 + coef_len + coef
638 return (ROUNDUP(((biginteger_t
*)
639 OBJ_PRI_RSA_MOD(objp
))->big_value_len
, 8) +
640 ROUNDUP(((biginteger_t
*)
641 OBJ_PRI_RSA_PUBEXPO(objp
))->big_value_len
, 8) +
642 ROUNDUP(((biginteger_t
*)
643 OBJ_PRI_RSA_PRIEXPO(objp
))->big_value_len
, 8) +
644 ROUNDUP(((biginteger_t
*)
645 OBJ_PRI_RSA_PRIME1(objp
))->big_value_len
, 8) +
646 ROUNDUP(((biginteger_t
*)
647 OBJ_PRI_RSA_PRIME2(objp
))->big_value_len
, 8) +
648 ROUNDUP(((biginteger_t
*)
649 OBJ_PRI_RSA_EXPO1(objp
))->big_value_len
, 8) +
650 ROUNDUP(((biginteger_t
*)
651 OBJ_PRI_RSA_EXPO2(objp
))->big_value_len
, 8) +
652 ROUNDUP(((biginteger_t
*)
653 OBJ_PRI_RSA_COEF(objp
))->big_value_len
, 8) +
654 8 * sizeof (uint64_t));
658 * prime_len + prime + subprime_len + subprime +
659 * base_len + base + value_len + value
661 return (ROUNDUP(((biginteger_t
*)
662 OBJ_PRI_DSA_PRIME(objp
))->big_value_len
, 8) +
663 ROUNDUP(((biginteger_t
*)
664 OBJ_PRI_DSA_SUBPRIME(objp
))->big_value_len
, 8) +
665 ROUNDUP(((biginteger_t
*)
666 OBJ_PRI_DSA_BASE(objp
))->big_value_len
, 8) +
667 ROUNDUP(((biginteger_t
*)
668 OBJ_PRI_DSA_VALUE(objp
))->big_value_len
, 8) +
669 4 * sizeof (uint64_t));
673 * value_bits + prime_len + prime + base_len + base +
676 return (ROUNDUP(((biginteger_t
*)
677 OBJ_PRI_DH_PRIME(objp
))->big_value_len
, 8) +
678 ROUNDUP(((biginteger_t
*)
679 OBJ_PRI_DH_BASE(objp
))->big_value_len
, 8) +
680 ROUNDUP(((biginteger_t
*)
681 OBJ_PRI_DH_VALUE(objp
))->big_value_len
, 8) +
682 4 * sizeof (uint64_t));
688 return (ROUNDUP(((biginteger_t
*)
689 OBJ_PRI_EC_VALUE(objp
))->big_value_len
, 8) +
694 * prime_len + prime + base_len + base +
695 * subprime_len + subprime + value_len + value
697 return (ROUNDUP(((biginteger_t
*)
698 OBJ_PRI_DH942_PRIME(objp
))->big_value_len
, 8) +
699 ROUNDUP(((biginteger_t
*)
700 OBJ_PRI_DH942_BASE(objp
))->big_value_len
, 8) +
701 ROUNDUP(((biginteger_t
*)
702 OBJ_PRI_DH942_SUBPRIME(objp
))->big_value_len
, 8) +
703 ROUNDUP(((biginteger_t
*)
704 OBJ_PRI_DH942_VALUE(objp
))->big_value_len
, 8) +
705 4 * sizeof (uint64_t));
715 return (ROUNDUP(OBJ_SEC_VALUE_LEN(objp
), 8) +
718 case CKO_CERTIFICATE
:
722 * subject_len + subject + value_len + value
724 return (ROUNDUP(((cert_attr_t
*)
725 X509_CERT_SUBJECT(objp
))->length
, 8) +
726 ROUNDUP(((cert_attr_t
*)
727 X509_CERT_VALUE(objp
))->length
, 8) +
728 2 * sizeof (uint64_t));
730 case CKC_X_509_ATTR_CERT
:
732 * owner_len + owner + value_len + value
734 return (ROUNDUP(((cert_attr_t
*)
735 X509_ATTR_CERT_OWNER(objp
))->length
, 8) +
736 ROUNDUP(((cert_attr_t
*)
737 X509_ATTR_CERT_VALUE(objp
))->length
, 8) +
738 2 * sizeof (uint64_t));
742 case CKO_DOMAIN_PARAMETERS
:
750 * Pack the object key (the third part) from the soft_object_t
751 * into the keystore format.
754 soft_pack_object(soft_object_t
*objp
, uchar_t
*buf
)
757 CK_OBJECT_CLASS
class = objp
->class;
758 CK_KEY_TYPE keytype
= objp
->key_type
;
759 CK_CERTIFICATE_TYPE certtype
= objp
->cert_type
;
767 tmp_val
= SWAP64((uint64_t)OBJ_PUB_RSA_MOD_BITS(objp
));
768 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
769 buf
= buf
+ sizeof (uint64_t);
771 /* modulus_len + modulus */
772 tmp_val
= SWAP64((uint64_t)(((biginteger_t
*)
773 OBJ_PUB_RSA_MOD(objp
))->big_value_len
));
774 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
775 buf
= buf
+ sizeof (uint64_t);
777 (void) memcpy(buf
, (char *)(((biginteger_t
*)
778 OBJ_PUB_RSA_MOD(objp
))->big_value
),
780 OBJ_PUB_RSA_MOD(objp
))->big_value_len
);
781 buf
= buf
+ ROUNDUP(((biginteger_t
*)
782 OBJ_PUB_RSA_MOD(objp
))->big_value_len
, 8);
784 /* pubexpo_len + pubexpo */
785 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
786 OBJ_PUB_RSA_PUBEXPO(objp
))->big_value_len
);
787 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
788 buf
= buf
+ sizeof (uint64_t);
790 (void) memcpy(buf
, (char *)(((biginteger_t
*)
791 OBJ_PUB_RSA_PUBEXPO(objp
))->big_value
),
793 OBJ_PUB_RSA_PUBEXPO(objp
))->big_value_len
);
797 /* prime_len + prime */
798 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
799 OBJ_PUB_DSA_PRIME(objp
))->big_value_len
);
800 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
801 buf
= buf
+ sizeof (uint64_t);
803 (void) memcpy(buf
, (char *)((biginteger_t
*)
804 OBJ_PUB_DSA_PRIME(objp
))->big_value
,
806 OBJ_PUB_DSA_PRIME(objp
))->big_value_len
);
807 buf
= buf
+ ROUNDUP(((biginteger_t
*)
808 OBJ_PUB_DSA_PRIME(objp
))->big_value_len
, 8);
810 /* subprime_len + subprime */
811 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
812 OBJ_PUB_DSA_SUBPRIME(objp
))->big_value_len
);
813 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
814 buf
= buf
+ sizeof (uint64_t);
816 (void) memcpy(buf
, (char *)((biginteger_t
*)
817 OBJ_PUB_DSA_SUBPRIME(objp
))->big_value
,
819 OBJ_PUB_DSA_SUBPRIME(objp
))->big_value_len
);
820 buf
= buf
+ ROUNDUP(((biginteger_t
*)
821 OBJ_PUB_DSA_SUBPRIME(objp
))->big_value_len
, 8);
823 /* base_len + base */
824 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
825 OBJ_PUB_DSA_BASE(objp
))->big_value_len
);
826 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
827 buf
= buf
+ sizeof (uint64_t);
829 (void) memcpy(buf
, (char *)((biginteger_t
*)
830 OBJ_PUB_DSA_BASE(objp
))->big_value
,
832 OBJ_PUB_DSA_BASE(objp
))->big_value_len
);
833 buf
= buf
+ ROUNDUP(((biginteger_t
*)
834 OBJ_PUB_DSA_BASE(objp
))->big_value_len
, 8);
836 /* value_len + value */
837 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
838 OBJ_PUB_DSA_VALUE(objp
))->big_value_len
);
839 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
840 buf
= buf
+ sizeof (uint64_t);
842 (void) memcpy(buf
, (char *)((biginteger_t
*)
843 OBJ_PUB_DSA_VALUE(objp
))->big_value
,
845 OBJ_PUB_DSA_VALUE(objp
))->big_value_len
);
849 /* point_len + point */
850 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
851 OBJ_PUB_EC_POINT(objp
))->big_value_len
);
852 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
853 buf
= buf
+ sizeof (uint64_t);
855 (void) memcpy(buf
, (char *)((biginteger_t
*)
856 OBJ_PUB_EC_POINT(objp
))->big_value
,
858 OBJ_PUB_EC_POINT(objp
))->big_value_len
);
862 /* prime_len + prime */
863 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
864 OBJ_PUB_DH_PRIME(objp
))->big_value_len
);
865 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
866 buf
= buf
+ sizeof (uint64_t);
868 (void) memcpy(buf
, (char *)((biginteger_t
*)
869 OBJ_PUB_DH_PRIME(objp
))->big_value
,
871 OBJ_PUB_DH_PRIME(objp
))->big_value_len
);
872 buf
= buf
+ ROUNDUP(((biginteger_t
*)
873 OBJ_PUB_DH_PRIME(objp
))->big_value_len
, 8);
875 /* base_len + base */
876 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
877 OBJ_PUB_DH_BASE(objp
))->big_value_len
);
878 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
879 buf
= buf
+ sizeof (uint64_t);
881 (void) memcpy(buf
, (char *)((biginteger_t
*)
882 OBJ_PUB_DH_BASE(objp
))->big_value
,
884 OBJ_PUB_DH_BASE(objp
))->big_value_len
);
885 buf
= buf
+ ROUNDUP(((biginteger_t
*)
886 OBJ_PUB_DH_BASE(objp
))->big_value_len
, 8);
888 /* value_len + value */
889 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
890 OBJ_PUB_DH_VALUE(objp
))->big_value_len
);
891 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
892 buf
= buf
+ sizeof (uint64_t);
894 (void) memcpy(buf
, (char *)((biginteger_t
*)
895 OBJ_PUB_DH_VALUE(objp
))->big_value
,
897 OBJ_PUB_DH_VALUE(objp
))->big_value_len
);
902 /* prime_len + prime */
903 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
904 OBJ_PUB_DH942_PRIME(objp
))->big_value_len
);
905 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
906 buf
= buf
+ sizeof (uint64_t);
908 (void) memcpy(buf
, (char *)((biginteger_t
*)
909 OBJ_PUB_DH942_PRIME(objp
))->big_value
,
911 OBJ_PUB_DH942_PRIME(objp
))->big_value_len
);
912 buf
= buf
+ ROUNDUP(((biginteger_t
*)
913 OBJ_PUB_DH942_PRIME(objp
))->big_value_len
, 8);
915 /* base_len + base */
916 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
917 OBJ_PUB_DH942_BASE(objp
))->big_value_len
);
918 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
919 buf
= buf
+ sizeof (uint64_t);
921 (void) memcpy(buf
, (char *)((biginteger_t
*)
922 OBJ_PUB_DH942_BASE(objp
))->big_value
,
924 OBJ_PUB_DH942_BASE(objp
))->big_value_len
);
925 buf
= buf
+ ROUNDUP(((biginteger_t
*)
926 OBJ_PUB_DH942_BASE(objp
))->big_value_len
, 8);
928 /* subprime_len + subprime */
929 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
930 OBJ_PUB_DH942_SUBPRIME(objp
))->big_value_len
);
931 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
932 buf
= buf
+ sizeof (uint64_t);
934 (void) memcpy(buf
, (char *)((biginteger_t
*)
935 OBJ_PUB_DH942_SUBPRIME(objp
))->big_value
,
937 OBJ_PUB_DH942_SUBPRIME(objp
))->big_value_len
);
938 buf
= buf
+ ROUNDUP(((biginteger_t
*)
939 OBJ_PUB_DH942_SUBPRIME(objp
))->big_value_len
, 8);
941 /* value_len + value */
942 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
943 OBJ_PUB_DH942_VALUE(objp
))->big_value_len
);
944 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
945 buf
= buf
+ sizeof (uint64_t);
947 (void) memcpy(buf
, (char *)((biginteger_t
*)
948 OBJ_PUB_DH942_VALUE(objp
))->big_value
,
950 OBJ_PUB_DH942_VALUE(objp
))->big_value_len
);
957 case CKO_PRIVATE_KEY
:
960 /* modulus_len + modulus */
961 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
962 OBJ_PRI_RSA_MOD(objp
))->big_value_len
);
963 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
964 buf
= buf
+ sizeof (uint64_t);
966 (void) memcpy(buf
, (char *)((biginteger_t
*)
967 OBJ_PRI_RSA_MOD(objp
))->big_value
,
969 OBJ_PRI_RSA_MOD(objp
))->big_value_len
);
970 buf
= buf
+ ROUNDUP(((biginteger_t
*)
971 OBJ_PRI_RSA_MOD(objp
))->big_value_len
, 8);
973 /* pubexpo_len + pubexpo */
974 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
975 OBJ_PRI_RSA_PUBEXPO(objp
))->big_value_len
);
976 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
977 buf
= buf
+ sizeof (uint64_t);
979 (void) memcpy(buf
, (char *)((biginteger_t
*)
980 OBJ_PRI_RSA_PUBEXPO(objp
))->big_value
,
982 OBJ_PRI_RSA_PUBEXPO(objp
))->big_value_len
);
983 buf
= buf
+ ROUNDUP(((biginteger_t
*)
984 OBJ_PRI_RSA_PUBEXPO(objp
))->big_value_len
, 8);
986 /* priexpo_len + priexpo */
987 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
988 OBJ_PRI_RSA_PRIEXPO(objp
))->big_value_len
);
989 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
990 buf
= buf
+ sizeof (uint64_t);
992 (void) memcpy(buf
, (char *)((biginteger_t
*)
993 OBJ_PRI_RSA_PRIEXPO(objp
))->big_value
,
995 OBJ_PRI_RSA_PRIEXPO(objp
))->big_value_len
);
996 buf
= buf
+ ROUNDUP(((biginteger_t
*)
997 OBJ_PRI_RSA_PRIEXPO(objp
))->big_value_len
, 8);
999 /* prime1_len + prime1 */
1000 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1001 OBJ_PRI_RSA_PRIME1(objp
))->big_value_len
);
1002 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1003 buf
= buf
+ sizeof (uint64_t);
1005 (void) memcpy(buf
, (char *)((biginteger_t
*)
1006 OBJ_PRI_RSA_PRIME1(objp
))->big_value
,
1008 OBJ_PRI_RSA_PRIME1(objp
))->big_value_len
);
1009 buf
= buf
+ ROUNDUP(((biginteger_t
*)
1010 OBJ_PRI_RSA_PRIME1(objp
))->big_value_len
, 8);
1012 /* prime2_len + prime2 */
1013 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1014 OBJ_PRI_RSA_PRIME2(objp
))->big_value_len
);
1015 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1016 buf
= buf
+ sizeof (uint64_t);
1018 (void) memcpy(buf
, (char *)((biginteger_t
*)
1019 OBJ_PRI_RSA_PRIME2(objp
))->big_value
,
1021 OBJ_PRI_RSA_PRIME2(objp
))->big_value_len
);
1022 buf
= buf
+ ROUNDUP(((biginteger_t
*)
1023 OBJ_PRI_RSA_PRIME2(objp
))->big_value_len
, 8);
1025 /* expo1_len + expo1 */
1026 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1027 OBJ_PRI_RSA_EXPO1(objp
))->big_value_len
);
1028 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1029 buf
= buf
+ sizeof (uint64_t);
1031 (void) memcpy(buf
, (char *)((biginteger_t
*)
1032 OBJ_PRI_RSA_EXPO1(objp
))->big_value
,
1034 OBJ_PRI_RSA_EXPO1(objp
))->big_value_len
);
1035 buf
= buf
+ ROUNDUP(((biginteger_t
*)
1036 OBJ_PRI_RSA_EXPO1(objp
))->big_value_len
, 8);
1038 /* expo2_len + expo2 */
1039 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1040 OBJ_PRI_RSA_EXPO2(objp
))->big_value_len
);
1041 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1042 buf
= buf
+ sizeof (uint64_t);
1044 (void) memcpy(buf
, (char *)((biginteger_t
*)
1045 OBJ_PRI_RSA_EXPO2(objp
))->big_value
,
1047 OBJ_PRI_RSA_EXPO2(objp
))->big_value_len
);
1048 buf
= buf
+ ROUNDUP(((biginteger_t
*)
1049 OBJ_PRI_RSA_EXPO2(objp
))->big_value_len
, 8);
1051 /* coef_len + coef */
1052 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1053 OBJ_PRI_RSA_COEF(objp
))->big_value_len
);
1054 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1055 buf
= buf
+ sizeof (uint64_t);
1057 (void) memcpy(buf
, (char *)((biginteger_t
*)
1058 OBJ_PRI_RSA_COEF(objp
))->big_value
,
1060 OBJ_PRI_RSA_COEF(objp
))->big_value_len
);
1061 buf
= buf
+ ROUNDUP(((biginteger_t
*)
1062 OBJ_PRI_RSA_COEF(objp
))->big_value_len
, 8);
1067 /* prime_len + prime */
1068 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1069 OBJ_PRI_DSA_PRIME(objp
))->big_value_len
);
1070 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1071 buf
= buf
+ sizeof (uint64_t);
1073 (void) memcpy(buf
, (char *)((biginteger_t
*)
1074 OBJ_PRI_DSA_PRIME(objp
))->big_value
,
1076 OBJ_PRI_DSA_PRIME(objp
))->big_value_len
);
1077 buf
= buf
+ ROUNDUP(((biginteger_t
*)
1078 OBJ_PRI_DSA_PRIME(objp
))->big_value_len
, 8);
1080 /* subprime_len + subprime */
1081 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1082 OBJ_PRI_DSA_SUBPRIME(objp
))->big_value_len
);
1083 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1084 buf
= buf
+ sizeof (uint64_t);
1086 (void) memcpy(buf
, (char *)((biginteger_t
*)
1087 OBJ_PRI_DSA_SUBPRIME(objp
))->big_value
,
1089 OBJ_PRI_DSA_SUBPRIME(objp
))->big_value_len
);
1090 buf
= buf
+ ROUNDUP(((biginteger_t
*)
1091 OBJ_PRI_DSA_SUBPRIME(objp
))->big_value_len
, 8);
1093 /* base_len + base */
1094 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1095 OBJ_PRI_DSA_BASE(objp
))->big_value_len
);
1096 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1097 buf
= buf
+ sizeof (uint64_t);
1099 (void) memcpy(buf
, (char *)((biginteger_t
*)
1100 OBJ_PRI_DSA_BASE(objp
))->big_value
,
1102 OBJ_PRI_DSA_BASE(objp
))->big_value_len
);
1103 buf
= buf
+ ROUNDUP(((biginteger_t
*)
1104 OBJ_PRI_DSA_BASE(objp
))->big_value_len
, 8);
1106 /* value_len + value */
1107 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1108 OBJ_PRI_DSA_VALUE(objp
))->big_value_len
);
1109 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1110 buf
= buf
+ sizeof (uint64_t);
1112 (void) memcpy(buf
, (char *)((biginteger_t
*)
1113 OBJ_PRI_DSA_VALUE(objp
))->big_value
,
1115 OBJ_PRI_DSA_VALUE(objp
))->big_value_len
);
1119 /* value_len + value */
1120 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1121 OBJ_PRI_EC_VALUE(objp
))->big_value_len
);
1122 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1123 buf
= buf
+ sizeof (uint64_t);
1125 (void) memcpy(buf
, (char *)((biginteger_t
*)
1126 OBJ_PRI_EC_VALUE(objp
))->big_value
,
1128 OBJ_PRI_EC_VALUE(objp
))->big_value_len
);
1133 tmp_val
= SWAP64((uint64_t)OBJ_PRI_DH_VAL_BITS(objp
));
1134 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1135 buf
= buf
+ sizeof (uint64_t);
1137 /* prime_len + prime */
1138 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1139 OBJ_PRI_DH_PRIME(objp
))->big_value_len
);
1140 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1141 buf
= buf
+ sizeof (uint64_t);
1143 (void) memcpy(buf
, (char *)((biginteger_t
*)
1144 OBJ_PRI_DH_PRIME(objp
))->big_value
,
1146 OBJ_PRI_DH_PRIME(objp
))->big_value_len
);
1147 buf
= buf
+ ROUNDUP(((biginteger_t
*)
1148 OBJ_PRI_DH_PRIME(objp
))->big_value_len
, 8);
1150 /* base_len + base */
1151 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1152 OBJ_PRI_DH_BASE(objp
))->big_value_len
);
1153 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1154 buf
= buf
+ sizeof (uint64_t);
1156 (void) memcpy(buf
, (char *)((biginteger_t
*)
1157 OBJ_PRI_DH_BASE(objp
))->big_value
,
1159 OBJ_PRI_DH_BASE(objp
))->big_value_len
);
1160 buf
= buf
+ ROUNDUP(((biginteger_t
*)
1161 OBJ_PRI_DH_BASE(objp
))->big_value_len
, 8);
1163 /* value_len + value */
1164 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1165 OBJ_PRI_DH_VALUE(objp
))->big_value_len
);
1166 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1167 buf
= buf
+ sizeof (uint64_t);
1169 (void) memcpy(buf
, (char *)((biginteger_t
*)
1170 OBJ_PRI_DH_VALUE(objp
))->big_value
,
1172 OBJ_PRI_DH_VALUE(objp
))->big_value_len
);
1177 /* prime_len + prime */
1178 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1179 OBJ_PRI_DH942_PRIME(objp
))->big_value_len
);
1180 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1181 buf
= buf
+ sizeof (uint64_t);
1183 (void) memcpy(buf
, (char *)((biginteger_t
*)
1184 OBJ_PRI_DH942_PRIME(objp
))->big_value
,
1186 OBJ_PRI_DH942_PRIME(objp
))->big_value_len
);
1187 buf
= buf
+ ROUNDUP(((biginteger_t
*)
1188 OBJ_PRI_DH942_PRIME(objp
))->big_value_len
, 8);
1190 /* base_len + base */
1191 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1192 OBJ_PRI_DH942_BASE(objp
))->big_value_len
);
1193 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1194 buf
= buf
+ sizeof (uint64_t);
1196 (void) memcpy(buf
, (char *)((biginteger_t
*)
1197 OBJ_PRI_DH942_BASE(objp
))->big_value
,
1199 OBJ_PRI_DH942_BASE(objp
))->big_value_len
);
1200 buf
= buf
+ ROUNDUP(((biginteger_t
*)
1201 OBJ_PRI_DH942_BASE(objp
))->big_value_len
, 8);
1203 /* subprime_len + subprime */
1204 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1205 OBJ_PRI_DH942_SUBPRIME(objp
))->big_value_len
);
1206 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1207 buf
= buf
+ sizeof (uint64_t);
1209 (void) memcpy(buf
, (char *)((biginteger_t
*)
1210 OBJ_PRI_DH942_SUBPRIME(objp
))->big_value
,
1212 OBJ_PRI_DH942_SUBPRIME(objp
))->big_value_len
);
1213 buf
= buf
+ ROUNDUP(((biginteger_t
*)
1214 OBJ_PRI_DH942_SUBPRIME(objp
))->big_value_len
, 8);
1216 /* value_len + value */
1217 tmp_val
= SWAP64((uint64_t)((biginteger_t
*)
1218 OBJ_PRI_DH942_VALUE(objp
))->big_value_len
);
1219 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1220 buf
= buf
+ sizeof (uint64_t);
1222 (void) memcpy(buf
, (char *)((biginteger_t
*)
1223 OBJ_PRI_DH942_VALUE(objp
))->big_value
,
1225 OBJ_PRI_DH942_VALUE(objp
))->big_value_len
);
1233 case CKO_SECRET_KEY
:
1234 /* value_len + value */
1235 tmp_val
= SWAP64((uint64_t)OBJ_SEC_VALUE_LEN(objp
));
1236 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1237 buf
= buf
+ sizeof (uint64_t);
1239 if (OBJ_SEC_VALUE_LEN(objp
) > 0) {
1240 (void) memcpy(buf
, (char *)OBJ_SEC_VALUE(objp
),
1241 OBJ_SEC_VALUE_LEN(objp
));
1242 buf
= buf
+ ROUNDUP(OBJ_SEC_VALUE_LEN(objp
), 8);
1247 case CKO_CERTIFICATE
:
1251 /* subject_len + subject */
1252 tmp_val
= SWAP64((uint64_t)(((cert_attr_t
*)
1253 X509_CERT_SUBJECT(objp
))->length
));
1254 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1255 buf
= buf
+ sizeof (uint64_t);
1257 (void) memcpy(buf
, (char *)((cert_attr_t
*)
1258 X509_CERT_SUBJECT(objp
))->value
,
1260 X509_CERT_SUBJECT(objp
))->length
);
1261 buf
= buf
+ ROUNDUP(((cert_attr_t
*)
1262 X509_CERT_SUBJECT(objp
))->length
, 8);
1264 /* value_len + value */
1265 tmp_val
= SWAP64((uint64_t)(((cert_attr_t
*)
1266 X509_CERT_VALUE(objp
))->length
));
1267 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1268 buf
= buf
+ sizeof (uint64_t);
1270 (void) memcpy(buf
, (char *)((cert_attr_t
*)
1271 X509_CERT_VALUE(objp
))->value
,
1273 X509_CERT_VALUE(objp
))->length
);
1276 case CKC_X_509_ATTR_CERT
:
1277 /* owner_len + owner */
1278 tmp_val
= SWAP64((uint64_t)(((cert_attr_t
*)
1279 X509_ATTR_CERT_OWNER(objp
))->length
));
1280 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1281 buf
= buf
+ sizeof (uint64_t);
1283 (void) memcpy(buf
, (char *)((cert_attr_t
*)
1284 X509_ATTR_CERT_OWNER(objp
))->value
,
1286 X509_ATTR_CERT_OWNER(objp
))->length
);
1287 buf
= buf
+ ROUNDUP(((cert_attr_t
*)
1288 X509_ATTR_CERT_OWNER(objp
))->length
, 8);
1290 /* value_len + value */
1291 tmp_val
= SWAP64((uint64_t)(((cert_attr_t
*)
1292 X509_ATTR_CERT_VALUE(objp
))->length
));
1293 (void) memcpy(buf
, (char *)&tmp_val
, sizeof (uint64_t));
1294 buf
= buf
+ sizeof (uint64_t);
1296 (void) memcpy(buf
, (char *)((cert_attr_t
*)
1297 X509_ATTR_CERT_VALUE(objp
))->value
,
1299 X509_ATTR_CERT_VALUE(objp
))->length
);
1304 case CKO_DOMAIN_PARAMETERS
:
1312 * Unpack the object key in keystore format (the third part)
1313 * into soft_object_t.
1316 soft_unpack_object(soft_object_t
*objp
, uchar_t
*buf
)
1319 public_key_obj_t
*pbk
;
1320 private_key_obj_t
*pvk
;
1321 secret_key_obj_t
*sck
;
1322 certificate_obj_t
*cert
;
1323 CK_OBJECT_CLASS
class = objp
->class;
1324 CK_KEY_TYPE keytype
= objp
->key_type
;
1325 CK_CERTIFICATE_TYPE certtype
= objp
->cert_type
;
1327 biginteger_t modulus
;
1328 biginteger_t pubexpo
;
1330 biginteger_t subprime
;
1334 biginteger_t priexpo
;
1335 biginteger_t prime1
;
1336 biginteger_t prime2
;
1344 /* prevent bigint_attr_cleanup from freeing invalid attr value */
1345 (void) memset(&modulus
, 0x0, sizeof (biginteger_t
));
1346 (void) memset(&pubexpo
, 0x0, sizeof (biginteger_t
));
1347 (void) memset(&prime
, 0x0, sizeof (biginteger_t
));
1348 (void) memset(&subprime
, 0x0, sizeof (biginteger_t
));
1349 (void) memset(&base
, 0x0, sizeof (biginteger_t
));
1350 (void) memset(&value
, 0x0, sizeof (biginteger_t
));
1352 (void) memset(&priexpo
, 0x0, sizeof (biginteger_t
));
1353 (void) memset(&prime1
, 0x0, sizeof (biginteger_t
));
1354 (void) memset(&prime2
, 0x0, sizeof (biginteger_t
));
1355 (void) memset(&expo1
, 0x0, sizeof (biginteger_t
));
1356 (void) memset(&expo2
, 0x0, sizeof (biginteger_t
));
1357 (void) memset(&coef
, 0x0, sizeof (biginteger_t
));
1361 case CKO_PUBLIC_KEY
:
1362 /* Allocate storage for Public Key Object. */
1363 pbk
= calloc(1, sizeof (public_key_obj_t
));
1365 rv
= CKR_HOST_MEMORY
;
1369 objp
->object_class_u
.public_key
= pbk
;
1372 case CKK_RSA
: /* modulus_bits */
1373 (void) memcpy(&tmp_val
, buf
, sizeof (uint64_t));
1374 KEY_PUB_RSA_MOD_BITS(pbk
) = (CK_ULONG
)(SWAP64(tmp_val
));
1375 buf
= buf
+ sizeof (uint64_t);
1378 if ((rv
= soft_unpack_obj_attribute(buf
, &modulus
,
1379 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1382 copy_bigint_attr(&modulus
, KEY_PUB_RSA_MOD(pbk
));
1384 buf
+= ROUNDUP(offset
, 8);
1387 if ((rv
= soft_unpack_obj_attribute(buf
, &pubexpo
,
1388 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1391 copy_bigint_attr(&pubexpo
, KEY_PUB_RSA_PUBEXPO(pbk
));
1397 if ((rv
= soft_unpack_obj_attribute(buf
, &prime
,
1398 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1401 copy_bigint_attr(&prime
, KEY_PUB_DSA_PRIME(pbk
));
1403 buf
+= ROUNDUP(offset
, 8);
1406 if ((rv
= soft_unpack_obj_attribute(buf
, &subprime
,
1407 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1410 copy_bigint_attr(&subprime
, KEY_PUB_DSA_SUBPRIME(pbk
));
1412 buf
+= ROUNDUP(offset
, 8);
1415 if ((rv
= soft_unpack_obj_attribute(buf
, &base
,
1416 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1419 copy_bigint_attr(&base
, KEY_PUB_DSA_BASE(pbk
));
1421 buf
+= ROUNDUP(offset
, 8);
1424 if ((rv
= soft_unpack_obj_attribute(buf
, &value
,
1425 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1428 copy_bigint_attr(&value
, KEY_PUB_DSA_VALUE(pbk
));
1434 if ((rv
= soft_unpack_obj_attribute(buf
, &prime
,
1435 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1438 copy_bigint_attr(&prime
, KEY_PUB_DH_PRIME(pbk
));
1440 buf
+= ROUNDUP(offset
, 8);
1443 if ((rv
= soft_unpack_obj_attribute(buf
, &base
,
1444 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1447 copy_bigint_attr(&base
, KEY_PUB_DH_BASE(pbk
));
1449 buf
+= ROUNDUP(offset
, 8);
1452 if ((rv
= soft_unpack_obj_attribute(buf
, &value
,
1453 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1456 copy_bigint_attr(&value
, KEY_PUB_DH_VALUE(pbk
));
1462 if ((rv
= soft_unpack_obj_attribute(buf
, &value
,
1463 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1466 copy_bigint_attr(&value
, KEY_PUB_EC_POINT(pbk
));
1471 if ((rv
= soft_unpack_obj_attribute(buf
, &prime
,
1472 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1475 copy_bigint_attr(&prime
, KEY_PUB_DH942_PRIME(pbk
));
1477 buf
+= ROUNDUP(offset
, 8);
1480 if ((rv
= soft_unpack_obj_attribute(buf
, &base
,
1481 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1484 copy_bigint_attr(&base
, KEY_PUB_DH942_BASE(pbk
));
1486 buf
+= ROUNDUP(offset
, 8);
1489 if ((rv
= soft_unpack_obj_attribute(buf
, &subprime
,
1490 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1493 copy_bigint_attr(&subprime
,
1494 KEY_PUB_DH942_SUBPRIME(pbk
));
1496 buf
+= ROUNDUP(offset
, 8);
1499 if ((rv
= soft_unpack_obj_attribute(buf
, &value
,
1500 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1503 copy_bigint_attr(&value
, KEY_PUB_DH942_VALUE(pbk
));
1510 case CKO_PRIVATE_KEY
:
1511 /* Allocate storage for Private Key Object. */
1512 pvk
= calloc(1, sizeof (private_key_obj_t
));
1514 rv
= CKR_HOST_MEMORY
;
1518 objp
->object_class_u
.private_key
= pvk
;
1523 if ((rv
= soft_unpack_obj_attribute(buf
, &modulus
,
1524 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1527 copy_bigint_attr(&modulus
, KEY_PRI_RSA_MOD(pvk
));
1529 buf
+= ROUNDUP(offset
, 8);
1532 if ((rv
= soft_unpack_obj_attribute(buf
, &pubexpo
,
1533 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1536 copy_bigint_attr(&pubexpo
, KEY_PRI_RSA_PUBEXPO(pvk
));
1538 buf
+= ROUNDUP(offset
, 8);
1541 if ((rv
= soft_unpack_obj_attribute(buf
, &priexpo
,
1542 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1545 copy_bigint_attr(&priexpo
, KEY_PRI_RSA_PRIEXPO(pvk
));
1547 buf
+= ROUNDUP(offset
, 8);
1550 if ((rv
= soft_unpack_obj_attribute(buf
, &prime1
,
1551 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1554 copy_bigint_attr(&prime1
, KEY_PRI_RSA_PRIME1(pvk
));
1556 buf
+= ROUNDUP(offset
, 8);
1559 if ((rv
= soft_unpack_obj_attribute(buf
, &prime2
,
1560 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1563 copy_bigint_attr(&prime2
, KEY_PRI_RSA_PRIME2(pvk
));
1565 buf
+= ROUNDUP(offset
, 8);
1568 if ((rv
= soft_unpack_obj_attribute(buf
, &expo1
,
1569 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1572 copy_bigint_attr(&expo1
, KEY_PRI_RSA_EXPO1(pvk
));
1574 buf
+= ROUNDUP(offset
, 8);
1577 if ((rv
= soft_unpack_obj_attribute(buf
, &expo2
,
1578 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1581 copy_bigint_attr(&expo2
, KEY_PRI_RSA_EXPO2(pvk
));
1583 buf
+= ROUNDUP(offset
, 8);
1586 if ((rv
= soft_unpack_obj_attribute(buf
, &coef
,
1587 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1590 copy_bigint_attr(&coef
, KEY_PRI_RSA_COEF(pvk
));
1596 if ((rv
= soft_unpack_obj_attribute(buf
, &prime
,
1597 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1600 copy_bigint_attr(&prime
, KEY_PRI_DSA_PRIME(pvk
));
1602 buf
+= ROUNDUP(offset
, 8);
1605 if ((rv
= soft_unpack_obj_attribute(buf
, &subprime
,
1606 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1609 copy_bigint_attr(&subprime
, KEY_PRI_DSA_SUBPRIME(pvk
));
1611 buf
+= ROUNDUP(offset
, 8);
1614 if ((rv
= soft_unpack_obj_attribute(buf
, &base
,
1615 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1618 copy_bigint_attr(&base
, KEY_PRI_DSA_BASE(pvk
));
1620 buf
+= ROUNDUP(offset
, 8);
1623 if ((rv
= soft_unpack_obj_attribute(buf
, &value
,
1624 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1627 copy_bigint_attr(&value
, KEY_PRI_DSA_VALUE(pvk
));
1633 (void) memcpy(&tmp_val
, buf
, sizeof (uint64_t));
1634 KEY_PRI_DH_VAL_BITS(pvk
) = (CK_ULONG
)(SWAP64(tmp_val
));
1635 buf
= buf
+ sizeof (uint64_t);
1638 if ((rv
= soft_unpack_obj_attribute(buf
, &prime
,
1639 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1642 copy_bigint_attr(&prime
, KEY_PRI_DH_PRIME(pvk
));
1644 buf
+= ROUNDUP(offset
, 8);
1647 if ((rv
= soft_unpack_obj_attribute(buf
, &base
,
1648 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1651 copy_bigint_attr(&base
, KEY_PRI_DH_BASE(pvk
));
1653 buf
+= ROUNDUP(offset
, 8);
1656 if ((rv
= soft_unpack_obj_attribute(buf
, &value
,
1657 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1660 copy_bigint_attr(&value
, KEY_PRI_DH_VALUE(pvk
));
1666 if ((rv
= soft_unpack_obj_attribute(buf
, &value
,
1667 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1670 copy_bigint_attr(&value
, KEY_PRI_EC_VALUE(pvk
));
1675 if ((rv
= soft_unpack_obj_attribute(buf
, &prime
,
1676 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1679 copy_bigint_attr(&prime
, KEY_PRI_DH942_PRIME(pvk
));
1681 buf
+= ROUNDUP(offset
, 8);
1684 if ((rv
= soft_unpack_obj_attribute(buf
, &base
,
1685 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1688 copy_bigint_attr(&base
, KEY_PRI_DH942_BASE(pvk
));
1690 buf
+= ROUNDUP(offset
, 8);
1693 if ((rv
= soft_unpack_obj_attribute(buf
, &subprime
,
1694 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1697 copy_bigint_attr(&subprime
, KEY_PRI_DH942_BASE(pvk
));
1699 buf
+= ROUNDUP(offset
, 8);
1702 if ((rv
= soft_unpack_obj_attribute(buf
, &value
,
1703 NULL
, &offset
, B_FALSE
)) != CKR_OK
)
1706 copy_bigint_attr(&value
, KEY_PRI_DH942_VALUE(pvk
));
1713 case CKO_SECRET_KEY
:
1714 /* Allocate storage for Secret Key Object. */
1715 sck
= calloc(1, sizeof (secret_key_obj_t
));
1717 return (CKR_HOST_MEMORY
);
1720 objp
->object_class_u
.secret_key
= sck
;
1723 (void) memcpy((void *)&tmp_val
, buf
, sizeof (uint64_t));
1724 OBJ_SEC_VALUE_LEN(objp
) = (CK_ULONG
)(SWAP64(tmp_val
));
1725 buf
= buf
+ sizeof (uint64_t);
1727 if (OBJ_SEC_VALUE_LEN(objp
) > 0) {
1728 OBJ_SEC_VALUE(objp
) = malloc(OBJ_SEC_VALUE_LEN(objp
));
1729 if (OBJ_SEC_VALUE(objp
) == NULL
) {
1731 return (CKR_HOST_MEMORY
);
1733 (void) memcpy(OBJ_SEC_VALUE(objp
), buf
,
1734 OBJ_SEC_VALUE_LEN(objp
));
1736 buf
= buf
+ ROUNDUP(OBJ_SEC_VALUE_LEN(objp
), 8);
1741 case CKO_CERTIFICATE
:
1742 /* Allocate storage for Certificate Object. */
1743 cert
= calloc(1, sizeof (certificate_obj_t
));
1745 return (CKR_HOST_MEMORY
);
1747 (void) memset(cert
, 0, sizeof (certificate_obj_t
));
1749 cert
->certificate_type
= certtype
;
1750 objp
->object_class_u
.certificate
= cert
;
1755 if ((rv
= soft_unpack_obj_attribute(buf
, NULL
,
1756 &cert
->cert_type_u
.x509
.subject
,
1757 &offset
, B_TRUE
)) != CKR_OK
) {
1762 buf
+= ROUNDUP(offset
, 8);
1765 if ((rv
= soft_unpack_obj_attribute(buf
, NULL
,
1766 &cert
->cert_type_u
.x509
.value
,
1767 &offset
, B_TRUE
)) != CKR_OK
) {
1774 case CKC_X_509_ATTR_CERT
:
1776 if ((rv
= soft_unpack_obj_attribute(buf
, NULL
,
1777 &cert
->cert_type_u
.x509_attr
.owner
,
1778 &offset
, B_TRUE
)) != CKR_OK
) {
1783 buf
+= ROUNDUP(offset
, 8);
1786 if ((rv
= soft_unpack_obj_attribute(buf
, NULL
,
1787 &cert
->cert_type_u
.x509_attr
.value
,
1788 &offset
, B_TRUE
)) != CKR_OK
) {
1798 case CKO_DOMAIN_PARAMETERS
:
1805 * cleanup the storage allocated to the local variables.
1809 bigint_attr_cleanup(&modulus
);
1810 bigint_attr_cleanup(&pubexpo
);
1811 bigint_attr_cleanup(&prime
);
1812 bigint_attr_cleanup(&subprime
);
1813 bigint_attr_cleanup(&base
);
1814 bigint_attr_cleanup(&value
);
1819 * cleanup the storage allocated to the local variables.
1823 bigint_attr_cleanup(&modulus
);
1824 bigint_attr_cleanup(&priexpo
);
1825 bigint_attr_cleanup(&prime
);
1826 bigint_attr_cleanup(&subprime
);
1827 bigint_attr_cleanup(&base
);
1828 bigint_attr_cleanup(&value
);
1829 bigint_attr_cleanup(&pubexpo
);
1830 bigint_attr_cleanup(&prime1
);
1831 bigint_attr_cleanup(&prime2
);
1832 bigint_attr_cleanup(&expo1
);
1833 bigint_attr_cleanup(&expo2
);
1834 bigint_attr_cleanup(&coef
);
1840 * Store the token object to a keystore file.
1843 soft_put_object_to_keystore(soft_object_t
*objp
)
1850 rv
= soft_keystore_pack_obj(objp
, &buf
, &len
);
1854 (void) pthread_mutex_lock(&soft_slot
.slot_mutex
);
1855 if (soft_keystore_put_new_obj(buf
, len
,
1856 !!(objp
->object_type
== TOKEN_PUBLIC
), B_FALSE
,
1857 &objp
->ks_handle
) == -1) {
1858 rv
= CKR_FUNCTION_FAILED
;
1860 (void) pthread_mutex_unlock(&soft_slot
.slot_mutex
);
1867 * Modify the in-core token object and then write it to
1871 soft_modify_object_to_keystore(soft_object_t
*objp
)
1878 rv
= soft_keystore_pack_obj(objp
, &buf
, &len
);
1882 /* B_TRUE: caller has held a writelock on the keystore */
1883 if (soft_keystore_modify_obj(&objp
->ks_handle
, buf
, len
,
1885 rv
= CKR_FUNCTION_FAILED
;
1894 * Read the token object from the keystore file.
1897 soft_get_token_objects_from_keystore(ks_search_type_t type
)
1900 ks_obj_t
*ks_obj
= NULL
, *ks_obj_next
;
1901 soft_object_t
*new_objp
= NULL
;
1903 /* Load the token object from keystore based on the object type */
1904 rv
= soft_keystore_get_objs(type
, &ks_obj
, B_FALSE
);
1911 new_objp
= calloc(1, sizeof (soft_object_t
));
1912 if (new_objp
== NULL
) {
1913 rv
= CKR_HOST_MEMORY
;
1916 /* Convert the keystore format to memory format */
1917 rv
= soft_keystore_unpack_obj(new_objp
, ks_obj
);
1919 if (new_objp
->class == CKO_CERTIFICATE
)
1920 soft_cleanup_cert_object(new_objp
);
1922 soft_cleanup_object(new_objp
);
1926 soft_add_token_object_to_slot(new_objp
);
1928 /* Free the ks_obj list */
1929 ks_obj_next
= ks_obj
->next
;
1930 freezero(ks_obj
->buf
, ks_obj
->size
);
1932 ks_obj
= ks_obj_next
;
1939 ks_obj_next
= ks_obj
->next
;
1940 freezero(ks_obj
->buf
, ks_obj
->size
);
1942 ks_obj
= ks_obj_next
;
1948 * soft_gen_crypt_key()
1952 * pPIN: pointer to caller provided Pin
1953 * key: output argument which contains the address of the
1954 * pointer to encryption key in the soft_object_t.
1955 * It is caller's responsibility to call soft_delete_object()
1956 * if this key is no longer in use.
1957 * saltdata: input argument (if non-NULL), or
1958 * output argument (if NULL):
1959 * address of pointer to the "salt" of the encryption key
1963 * Generate an encryption key of the input PIN.
1968 * Other: some error occurred while generating the encryption key
1972 soft_gen_crypt_key(uchar_t
*pPIN
, soft_object_t
**key
, CK_BYTE
**saltdata
)
1974 CK_OBJECT_CLASS
class = CKO_SECRET_KEY
;
1975 CK_ATTRIBUTE tmpl
[5];
1978 CK_MECHANISM Mechanism
;
1979 CK_PKCS5_PBKD2_PARAMS params
;
1980 CK_BYTE salt
[PBKD2_SALT_SIZE
];
1981 CK_ULONG keylen
= AES_MIN_KEY_BYTES
;
1982 CK_KEY_TYPE keytype
= CKK_AES
;
1983 static CK_BBOOL truevalue
= TRUE
;
1984 soft_object_t
*secret_key
;
1985 CK_OBJECT_HANDLE hKey
;
1986 CK_ULONG passwd_size
;
1989 return (CKR_FUNCTION_FAILED
);
1991 tmpl
[attrs
].type
= CKA_CLASS
;
1992 tmpl
[attrs
].pValue
= &class;
1993 tmpl
[attrs
].ulValueLen
= sizeof (class);
1996 tmpl
[attrs
].type
= CKA_KEY_TYPE
;
1997 tmpl
[attrs
].pValue
= &keytype
;
1998 tmpl
[attrs
].ulValueLen
= sizeof (keytype
);
2001 tmpl
[attrs
].type
= CKA_ENCRYPT
;
2002 tmpl
[attrs
].pValue
= &truevalue
;
2003 tmpl
[attrs
].ulValueLen
= sizeof (CK_BBOOL
);
2006 tmpl
[attrs
].type
= CKA_DECRYPT
;
2007 tmpl
[attrs
].pValue
= &truevalue
;
2008 tmpl
[attrs
].ulValueLen
= sizeof (CK_BBOOL
);
2011 tmpl
[attrs
].type
= CKA_VALUE_LEN
;
2012 tmpl
[attrs
].pValue
= &keylen
;
2013 tmpl
[attrs
].ulValueLen
= sizeof (keylen
);
2016 if (*saltdata
== NULL
) {
2017 bzero(salt
, sizeof (salt
));
2018 (void) pkcs11_get_nzero_urandom(salt
, sizeof (salt
));
2019 *saltdata
= malloc(PBKD2_SALT_SIZE
);
2020 if (*saltdata
== NULL
)
2021 return (CKR_HOST_MEMORY
);
2022 (void) memcpy(*saltdata
, salt
, PBKD2_SALT_SIZE
);
2024 bzero(salt
, sizeof (salt
));
2025 (void) memcpy(salt
, *saltdata
, PBKD2_SALT_SIZE
);
2028 Mechanism
.mechanism
= CKM_PKCS5_PBKD2
;
2029 Mechanism
.pParameter
= ¶ms
;
2030 Mechanism
.ulParameterLen
= sizeof (params
);
2031 passwd_size
= (CK_ULONG
)strlen((const char *)pPIN
);
2033 params
.saltSource
= CKZ_SALT_SPECIFIED
;
2034 params
.pSaltSourceData
= (void *)salt
;
2035 params
.ulSaltSourceDataLen
= sizeof (salt
);
2036 params
.iterations
= PBKD2_ITERATIONS
;
2037 params
.prf
= CKP_PKCS5_PBKD2_HMAC_SHA1
;
2038 params
.pPrfData
= NULL
;
2039 params
.ulPrfDataLen
= 0;
2040 params
.pPassword
= (CK_UTF8CHAR_PTR
)pPIN
;
2041 params
.ulPasswordLen
= &passwd_size
;
2043 rv
= soft_gen_keyobject(tmpl
, attrs
, &hKey
, &token_session
,
2044 CKO_SECRET_KEY
, CKK_AES
, 0, SOFT_GEN_KEY
, B_TRUE
);
2050 /* Obtain the secret object pointer. */
2051 secret_key
= (soft_object_t
*)hKey
;
2052 keylen
= OBJ_SEC_VALUE_LEN(secret_key
);
2053 if ((OBJ_SEC_VALUE(secret_key
) = malloc(keylen
)) == NULL
) {
2054 soft_delete_object(&token_session
, secret_key
,
2056 return (CKR_HOST_MEMORY
);
2059 rv
= soft_generate_pkcs5_pbkdf2_key(&token_session
, &Mechanism
,
2063 soft_delete_object(&token_session
, secret_key
,
2073 * soft_gen_hmac_key()
2077 * pPIN: pointer to caller provided Pin
2078 * key: output argument which contains the address of the
2079 * pointer to hmac key in the soft_object_t.
2080 * It is caller's responsibility to call soft_delete_object()
2081 * if this key is no longer in use.
2082 * saltdata: input argument (if non-NULL), or
2083 * output argument (if NULL):
2084 * address of pointer to the "salt" of the hmac key
2088 * Generate a hmac key of the input PIN.
2093 * Other: some error occurred while generating the hmac key
2097 soft_gen_hmac_key(uchar_t
*pPIN
, soft_object_t
**key
, CK_BYTE
**saltdata
)
2099 CK_OBJECT_CLASS
class = CKO_SECRET_KEY
;
2100 CK_ATTRIBUTE tmpl
[5];
2103 CK_MECHANISM Mechanism
;
2104 CK_PKCS5_PBKD2_PARAMS params
;
2105 CK_BYTE salt
[PBKD2_SALT_SIZE
];
2106 CK_ULONG keylen
= 16;
2107 CK_KEY_TYPE keytype
= CKK_GENERIC_SECRET
;
2108 static CK_BBOOL truevalue
= TRUE
;
2109 soft_object_t
*secret_key
;
2110 CK_OBJECT_HANDLE hKey
;
2111 CK_ULONG passwd_size
;
2114 return (CKR_FUNCTION_FAILED
);
2116 tmpl
[attrs
].type
= CKA_CLASS
;
2117 tmpl
[attrs
].pValue
= &class;
2118 tmpl
[attrs
].ulValueLen
= sizeof (class);
2121 tmpl
[attrs
].type
= CKA_KEY_TYPE
;
2122 tmpl
[attrs
].pValue
= &keytype
;
2123 tmpl
[attrs
].ulValueLen
= sizeof (keytype
);
2126 tmpl
[attrs
].type
= CKA_SIGN
;
2127 tmpl
[attrs
].pValue
= &truevalue
;
2128 tmpl
[attrs
].ulValueLen
= sizeof (CK_BBOOL
);
2131 tmpl
[attrs
].type
= CKA_VERIFY
;
2132 tmpl
[attrs
].pValue
= &truevalue
;
2133 tmpl
[attrs
].ulValueLen
= sizeof (CK_BBOOL
);
2136 tmpl
[attrs
].type
= CKA_VALUE_LEN
;
2137 tmpl
[attrs
].pValue
= &keylen
;
2138 tmpl
[attrs
].ulValueLen
= sizeof (keylen
);
2141 if (*saltdata
== NULL
) {
2142 bzero(salt
, sizeof (salt
));
2143 (void) pkcs11_get_nzero_urandom(salt
, sizeof (salt
));
2144 *saltdata
= malloc(PBKD2_SALT_SIZE
);
2145 if (*saltdata
== NULL
)
2146 return (CKR_HOST_MEMORY
);
2147 (void) memcpy(*saltdata
, salt
, PBKD2_SALT_SIZE
);
2149 bzero(salt
, sizeof (salt
));
2150 (void) memcpy(salt
, *saltdata
, PBKD2_SALT_SIZE
);
2153 Mechanism
.mechanism
= CKM_PKCS5_PBKD2
;
2154 Mechanism
.pParameter
= ¶ms
;
2155 Mechanism
.ulParameterLen
= sizeof (params
);
2156 passwd_size
= (CK_ULONG
)strlen((const char *)pPIN
);
2158 params
.saltSource
= CKZ_SALT_SPECIFIED
;
2159 params
.pSaltSourceData
= (void *)salt
;
2160 params
.ulSaltSourceDataLen
= sizeof (salt
);
2161 params
.iterations
= PBKD2_ITERATIONS
;
2162 params
.prf
= CKP_PKCS5_PBKD2_HMAC_SHA1
;
2163 params
.pPrfData
= NULL
;
2164 params
.ulPrfDataLen
= 0;
2165 params
.pPassword
= (CK_UTF8CHAR_PTR
)pPIN
;
2166 params
.ulPasswordLen
= &passwd_size
;
2168 rv
= soft_gen_keyobject(tmpl
, attrs
, &hKey
, &token_session
,
2169 CKO_SECRET_KEY
, CKK_GENERIC_SECRET
, 0, SOFT_GEN_KEY
, B_TRUE
);
2175 /* Obtain the secret object pointer. */
2176 secret_key
= (soft_object_t
*)hKey
;
2177 keylen
= OBJ_SEC_VALUE_LEN(secret_key
);
2178 if ((OBJ_SEC_VALUE(secret_key
) = malloc(keylen
)) == NULL
) {
2179 soft_delete_object(&token_session
, secret_key
,
2181 return (CKR_HOST_MEMORY
);
2184 rv
= soft_generate_pkcs5_pbkdf2_key(&token_session
, &Mechanism
,
2188 soft_delete_object(&token_session
, secret_key
,
2198 * The token session is just a psuedo session (a place holder)
2199 * to hold some information during encryption/decryption and
2200 * sign/verify operations when writing/reading the keystore
2204 soft_init_token_session(void)
2208 token_session
.magic_marker
= SOFTTOKEN_SESSION_MAGIC
;
2209 token_session
.pApplication
= NULL_PTR
;
2210 token_session
.Notify
= NULL
;
2211 token_session
.flags
= CKF_SERIAL_SESSION
;
2212 token_session
.state
= CKS_RO_PUBLIC_SESSION
;
2213 token_session
.object_list
= NULL
;
2214 token_session
.ses_refcnt
= 0;
2215 token_session
.ses_close_sync
= 0;
2216 token_session
.next
= NULL
;
2217 token_session
.prev
= NULL
;
2219 /* Initialize the lock for the token session */
2220 if (pthread_mutex_init(&token_session
.session_mutex
, NULL
) != 0) {
2221 return (CKR_CANT_LOCK
);
2224 (void) pthread_cond_init(&token_session
.ses_free_cond
, NULL
);
2231 soft_destroy_token_session(void)
2234 (void) pthread_cond_destroy(&token_session
.ses_free_cond
);
2235 (void) pthread_mutex_destroy(&token_session
.session_mutex
);
2240 * Encrypt/Decrypt the private token object when dealing with the keystore.
2241 * This function only applies to the private token object.
2244 soft_keystore_crypt(soft_object_t
*key_p
, uchar_t
*ivec
, boolean_t encrypt
,
2245 CK_BYTE_PTR in
, CK_ULONG in_len
, CK_BYTE_PTR out
, CK_ULONG_PTR out_len
)
2249 CK_ULONG tmplen
, tmplen1
;
2252 * The caller will pass NULL for "out" (output buffer) to find out
2253 * the output buffer size that it need to allocate for the encrption
2257 mech
.mechanism
= CKM_AES_CBC_PAD
;
2258 mech
.pParameter
= (void *)ivec
;
2259 mech
.ulParameterLen
= AES_BLOCK_LEN
;
2262 rv
= soft_aes_crypt_init_common(&token_session
, &mech
,
2265 rv
= soft_aes_crypt_init_common(&token_session
, &mech
,
2272 * Since out == NULL, the soft_aes_xxcrypt_common() will
2273 * simply return the output buffer length to the caller.
2276 rv
= soft_aes_encrypt(&token_session
, in
, in_len
,
2279 rv
= soft_aes_decrypt(&token_session
, in
, in_len
,
2285 * The caller has allocated the output buffer, so that we
2286 * are doing the real encryption/decryption this time.
2290 rv
= soft_aes_encrypt_update(&token_session
, in
,
2291 in_len
, out
, &tmplen
);
2293 tmplen1
= *out_len
- tmplen
;
2294 rv
= soft_encrypt_final(&token_session
,
2295 out
+tmplen
, &tmplen1
);
2296 *out_len
= tmplen
+ tmplen1
;
2299 rv
= soft_aes_decrypt_update(&token_session
, in
,
2300 in_len
, out
, &tmplen
);
2302 tmplen1
= *out_len
- tmplen
;
2303 rv
= soft_decrypt_final(&token_session
,
2304 out
+tmplen
, &tmplen1
);
2305 *out_len
= tmplen
+ tmplen1
;
2315 * Sign/Verify the private token object for checking its data integrity
2316 * when dealing with the keystore.
2317 * This function only applies to the private token object.
2320 soft_keystore_hmac(soft_object_t
*key_p
, boolean_t sign
,
2321 CK_BYTE_PTR in
, CK_ULONG in_len
, CK_BYTE_PTR out
, CK_ULONG_PTR out_len
)
2326 mech
.mechanism
= CKM_MD5_HMAC
;
2327 mech
.pParameter
= NULL_PTR
;
2328 mech
.ulParameterLen
= 0;
2330 rv
= soft_hmac_sign_verify_init_common(&token_session
, &mech
,
2337 rv
= soft_sign(&token_session
, in
, in_len
, out
, out_len
);
2339 rv
= soft_verify(&token_session
, in
, in_len
, out
, *out_len
);