810 lines
36 KiB
Diff
810 lines
36 KiB
Diff
From 27088567f4375578e39c5b75b4ceae9dff231962 Mon Sep 17 00:00:00 2001
|
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
Date: Tue, 11 Oct 2022 13:46:08 +0200
|
|
Subject: [PATCH 01/34] EP11: Unify key-pair generation functions
|
|
|
|
Unify the DSA and DH key-pair generation functions with those for
|
|
RSA, EC and Dilithium. Make sure that the attribute handling is done
|
|
in the same sequence for all those functions.
|
|
|
|
Also remove obsolete parameters for all the key-pair generation functions.
|
|
|
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
---
|
|
usr/lib/ep11_stdll/ep11_specific.c | 494 ++++++++++++++-----------------------
|
|
1 file changed, 187 insertions(+), 307 deletions(-)
|
|
|
|
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
|
|
index a6a33719..5d7c5607 100644
|
|
--- a/usr/lib/ep11_stdll/ep11_specific.c
|
|
+++ b/usr/lib/ep11_stdll/ep11_specific.c
|
|
@@ -5374,15 +5374,10 @@ error:
|
|
|
|
|
|
|
|
-static CK_RV dh_generate_keypair(STDLL_TokData_t * tokdata,
|
|
- SESSION * sess,
|
|
+static CK_RV dh_generate_keypair(STDLL_TokData_t *tokdata,
|
|
+ SESSION *sess,
|
|
CK_MECHANISM_PTR pMechanism,
|
|
- TEMPLATE * publ_tmpl, TEMPLATE * priv_tmpl,
|
|
- CK_ATTRIBUTE_PTR pPublicKeyTemplate,
|
|
- CK_ULONG ulPublicKeyAttributeCount,
|
|
- CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
|
|
- CK_ULONG ulPrivateKeyAttributeCount,
|
|
- CK_SESSION_HANDLE h)
|
|
+ TEMPLATE *publ_tmpl, TEMPLATE *priv_tmpl)
|
|
{
|
|
CK_RV rc;
|
|
CK_BYTE publblob[MAX_BLOBSIZE];
|
|
@@ -5399,9 +5394,6 @@ static CK_RV dh_generate_keypair(STDLL_TokData_t * tokdata,
|
|
CK_ULONG dh_ulPublicKeyAttributeCount = 0;
|
|
CK_ATTRIBUTE_PTR dh_pPrivateKeyTemplate = NULL;
|
|
CK_ULONG dh_ulPrivateKeyAttributeCount = 0;
|
|
- size_t p_len = 0, g_len = 0;
|
|
- int new_public_attr;
|
|
- CK_ULONG i;
|
|
CK_ULONG data_len;
|
|
CK_ULONG field_len;
|
|
CK_BYTE *data;
|
|
@@ -5421,149 +5413,122 @@ static CK_RV dh_generate_keypair(STDLL_TokData_t * tokdata,
|
|
unsigned char *pg;
|
|
} dh_pgs;
|
|
|
|
- UNUSED(h);
|
|
-
|
|
memset(&dh_pgs, 0, sizeof(dh_pgs));
|
|
memset(publblob, 0, sizeof(publblob));
|
|
memset(privblob, 0, sizeof(privblob));
|
|
|
|
- /* card does not want CKA_PRIME/CKA_BASE in template but in dh_pgs */
|
|
- pPublicKeyTemplate_new =
|
|
- (CK_ATTRIBUTE *) malloc(sizeof(CK_ATTRIBUTE) *
|
|
- ulPublicKeyAttributeCount);
|
|
- if (!pPublicKeyTemplate_new) {
|
|
- TRACE_ERROR("%s Memory allocation failed\n", __func__);
|
|
- return CKR_HOST_MEMORY;
|
|
- }
|
|
- memset(pPublicKeyTemplate_new, 0,
|
|
- sizeof(CK_ATTRIBUTE) * ulPublicKeyAttributeCount);
|
|
-
|
|
- for (i = 0, new_public_attr = 0; i < ulPublicKeyAttributeCount; i++) {
|
|
- /* filter out CKA_PRIME/CKA_BASE,
|
|
- * but remember where they can be found
|
|
- */
|
|
- switch (pPublicKeyTemplate[i].type) {
|
|
- case CKA_PRIME:
|
|
- prime_attr = &(pPublicKeyTemplate[i]);
|
|
- p_len = pPublicKeyTemplate[i].ulValueLen;
|
|
- break;
|
|
- case CKA_BASE:
|
|
- base_attr = &(pPublicKeyTemplate[i]);
|
|
- g_len = pPublicKeyTemplate[i].ulValueLen;
|
|
- break;
|
|
- default:
|
|
- /* copy all other attributes */
|
|
- memcpy(&pPublicKeyTemplate_new[new_public_attr],
|
|
- &(pPublicKeyTemplate[i]), sizeof(CK_ATTRIBUTE));
|
|
- new_public_attr++;
|
|
- }
|
|
+ rc = build_ep11_attrs(tokdata, publ_tmpl, &dh_pPublicKeyTemplate,
|
|
+ &dh_ulPublicKeyAttributeCount,
|
|
+ CKK_DH, CKO_PUBLIC_KEY, -1, pMechanism);
|
|
+ if (rc != CKR_OK) {
|
|
+ TRACE_ERROR("%s build_ep11_attrs failed with rc=0x%lx\n", __func__, rc);
|
|
+ goto dh_generate_keypair_end;
|
|
}
|
|
|
|
- if (prime_attr == NULL || base_attr == NULL) {
|
|
- TRACE_ERROR("%s Incomplete template prime_attr=%p base_attr=%p\n",
|
|
- __func__, (void *)prime_attr, (void *)base_attr);
|
|
- rc = CKR_TEMPLATE_INCOMPLETE;
|
|
+ rc = build_ep11_attrs(tokdata, priv_tmpl, &dh_pPrivateKeyTemplate,
|
|
+ &dh_ulPrivateKeyAttributeCount,
|
|
+ CKK_DH, CKO_PRIVATE_KEY, -1, pMechanism);
|
|
+ if (rc != CKR_OK) {
|
|
+ TRACE_ERROR("%s build_ep11_attrs failed with rc=0x%lx\n", __func__, rc);
|
|
goto dh_generate_keypair_end;
|
|
}
|
|
|
|
- /* copy CKA_PRIME/CKA_BASE to private template */
|
|
- rc = build_attribute(CKA_PRIME, prime_attr->pValue,
|
|
- prime_attr->ulValueLen, &attr);
|
|
+ rc = check_key_attributes(tokdata, CKK_DH, CKO_PUBLIC_KEY,
|
|
+ dh_pPublicKeyTemplate,
|
|
+ dh_ulPublicKeyAttributeCount,
|
|
+ &new_publ_attrs, &new_publ_attrs_len, -1);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s build_attribute failed with rc=0x%lx\n", __func__, rc);
|
|
+ TRACE_ERROR("%s DH check public key attributes failed with "
|
|
+ "rc=0x%lx\n", __func__, rc);
|
|
goto dh_generate_keypair_end;
|
|
}
|
|
- rc = template_update_attribute(priv_tmpl, attr);
|
|
+
|
|
+ rc = check_key_attributes(tokdata, CKK_DH, CKO_PRIVATE_KEY,
|
|
+ dh_pPrivateKeyTemplate,
|
|
+ dh_ulPrivateKeyAttributeCount,
|
|
+ &new_priv_attrs, &new_priv_attrs_len, -1);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s template_update_attribute failed with rc=0x%lx\n",
|
|
- __func__, rc);
|
|
- free(attr);
|
|
+ TRACE_ERROR("%s DH check private key attributes failed with "
|
|
+ "rc=0x%lx\n", __func__, rc);
|
|
goto dh_generate_keypair_end;
|
|
}
|
|
- rc = build_attribute(CKA_BASE, base_attr->pValue,
|
|
- base_attr->ulValueLen, &attr);
|
|
+
|
|
+ /* card does not want CKA_PRIME/CKA_BASE in template but in dh_pgs */
|
|
+ rc = template_attribute_get_non_empty(publ_tmpl, CKA_PRIME,
|
|
+ &prime_attr);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s build_attribute failed with rc=0x%lx\n", __func__, rc);
|
|
+ TRACE_ERROR("%s DH No CKA_PRIME attribute found\n", __func__);
|
|
goto dh_generate_keypair_end;
|
|
}
|
|
- rc = template_update_attribute(priv_tmpl, attr);
|
|
+
|
|
+ rc = template_attribute_get_non_empty(publ_tmpl, CKA_BASE,
|
|
+ &base_attr);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s template_update_attribute failed with rc=0x%lx\n",
|
|
- __func__, rc);
|
|
- free(attr);
|
|
+ TRACE_ERROR("%s DH No CKA_BASE attribute found\n", __func__);
|
|
goto dh_generate_keypair_end;
|
|
}
|
|
|
|
- /* copy CKA_PRIME/CKA_BASE values */
|
|
- dh_pgs.pg = malloc(p_len * 2);
|
|
+ dh_pgs.pg = malloc(prime_attr->ulValueLen * 2);
|
|
if (!dh_pgs.pg) {
|
|
TRACE_ERROR("%s Memory allocation failed\n", __func__);
|
|
rc = CKR_HOST_MEMORY;
|
|
goto dh_generate_keypair_end;
|
|
}
|
|
- memset(dh_pgs.pg, 0, p_len * 2);
|
|
- memcpy(dh_pgs.pg, prime_attr->pValue, p_len); /* copy CKA_PRIME value */
|
|
+
|
|
+ memset(dh_pgs.pg, 0, prime_attr->ulValueLen * 2);
|
|
+ /* copy CKA_PRIME value */
|
|
+ memcpy(dh_pgs.pg, prime_attr->pValue, prime_attr->ulValueLen);
|
|
/* copy CKA_BASE value, it must have leading zeros
|
|
* if it is shorter than CKA_PRIME
|
|
*/
|
|
- memcpy(dh_pgs.pg + p_len + (p_len - g_len), base_attr->pValue, g_len);
|
|
- dh_pgs.pg_bytes = p_len * 2;
|
|
+ memcpy(dh_pgs.pg + prime_attr->ulValueLen +
|
|
+ (prime_attr->ulValueLen - base_attr->ulValueLen),
|
|
+ base_attr->pValue, base_attr->ulValueLen);
|
|
+ dh_pgs.pg_bytes = prime_attr->ulValueLen * 2;
|
|
|
|
#ifdef DEBUG
|
|
TRACE_DEBUG("%s P:\n", __func__);
|
|
- TRACE_DEBUG_DUMP(" ", &dh_pgs.pg[0], p_len);
|
|
+ TRACE_DEBUG_DUMP(" ", &dh_pgs.pg[0], prime_attr->ulValueLen);
|
|
TRACE_DEBUG("%s G:\n", __func__);
|
|
- TRACE_DEBUG_DUMP(" ", &dh_pgs.pg[p_len], p_len);
|
|
+ TRACE_DEBUG_DUMP(" ", &dh_pgs.pg[prime_attr->ulValueLen],
|
|
+ prime_attr->ulValueLen);
|
|
#endif
|
|
|
|
- /* add special attribute, do not add it to ock's pPublicKeyTemplate */
|
|
- CK_ATTRIBUTE pgs[] = { {CKA_IBM_STRUCT_PARAMS, (CK_VOID_PTR) dh_pgs.pg,
|
|
- dh_pgs.pg_bytes}
|
|
- };
|
|
- memcpy(&(pPublicKeyTemplate_new[new_public_attr]),
|
|
- &(pgs[0]), sizeof(CK_ATTRIBUTE));
|
|
-
|
|
- rc = check_key_attributes(tokdata, CKK_DH, CKO_PUBLIC_KEY,
|
|
- pPublicKeyTemplate_new, new_public_attr + 1,
|
|
- &dh_pPublicKeyTemplate,
|
|
- &dh_ulPublicKeyAttributeCount, -1);
|
|
+ rc = add_to_attribute_array(&new_publ_attrs, &new_publ_attrs_len,
|
|
+ CKA_IBM_STRUCT_PARAMS, dh_pgs.pg,
|
|
+ dh_pgs.pg_bytes);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s DH check public key attributes failed with "
|
|
- "rc=0x%lx\n", __func__, rc);
|
|
+ TRACE_ERROR("%s add_to_attribute_array failed with rc=0x%lx\n",
|
|
+ __func__, rc);
|
|
goto dh_generate_keypair_end;
|
|
}
|
|
|
|
- rc = check_key_attributes(tokdata, CKK_DH, CKO_PRIVATE_KEY,
|
|
- pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
|
|
- &dh_pPrivateKeyTemplate,
|
|
- &dh_ulPrivateKeyAttributeCount, -1);
|
|
+ /* copy CKA_PRIME/CKA_BASE to private template */
|
|
+ rc = build_attribute(CKA_PRIME, prime_attr->pValue,
|
|
+ prime_attr->ulValueLen, &attr);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s DH check private key attributes failed with "
|
|
- "rc=0x%lx\n", __func__, rc);
|
|
+ TRACE_ERROR("%s build_attribute failed with rc=0x%lx\n", __func__, rc);
|
|
goto dh_generate_keypair_end;
|
|
}
|
|
-
|
|
- rc = build_ep11_attrs(tokdata, publ_tmpl,
|
|
- &new_publ_attrs, &new_publ_attrs_len,
|
|
- CKK_DH, CKO_PUBLIC_KEY, -1, pMechanism);
|
|
+ rc = template_update_attribute(priv_tmpl, attr);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s build_ep11_attrs failed with rc=0x%lx\n", __func__, rc);
|
|
+ TRACE_ERROR("%s template_update_attribute failed with rc=0x%lx\n",
|
|
+ __func__, rc);
|
|
+ free(attr);
|
|
goto dh_generate_keypair_end;
|
|
}
|
|
|
|
- rc = add_to_attribute_array(&new_publ_attrs, &new_publ_attrs_len,
|
|
- CKA_IBM_STRUCT_PARAMS, (CK_VOID_PTR) dh_pgs.pg,
|
|
- dh_pgs.pg_bytes);
|
|
+ rc = build_attribute(CKA_BASE, base_attr->pValue,
|
|
+ base_attr->ulValueLen, &attr);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s add_to_attribute_array failed with rc=0x%lx\n", __func__, rc);
|
|
+ TRACE_ERROR("%s build_attribute failed with rc=0x%lx\n", __func__, rc);
|
|
goto dh_generate_keypair_end;
|
|
}
|
|
-
|
|
- rc = build_ep11_attrs(tokdata, priv_tmpl,
|
|
- &new_priv_attrs, &new_priv_attrs_len,
|
|
- CKK_DH, CKO_PRIVATE_KEY, -1, pMechanism);
|
|
+ rc = template_update_attribute(priv_tmpl, attr);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s build_ep11_attrs failed with rc=0x%lx\n", __func__, rc);
|
|
+ TRACE_ERROR("%s template_update_attribute failed with rc=0x%lx\n",
|
|
+ __func__, rc);
|
|
+ free(attr);
|
|
goto dh_generate_keypair_end;
|
|
}
|
|
|
|
@@ -5573,10 +5538,10 @@ static CK_RV dh_generate_keypair(STDLL_TokData_t * tokdata,
|
|
new_priv_attrs, new_priv_attrs_len);
|
|
|
|
ep11_get_pin_blob(ep11_session,
|
|
- (ep11_is_session_object
|
|
- (pPublicKeyTemplate, ulPublicKeyAttributeCount)
|
|
- || ep11_is_session_object(pPrivateKeyTemplate,
|
|
- ulPrivateKeyAttributeCount)),
|
|
+ (ep11_is_session_object(new_publ_attrs,
|
|
+ new_publ_attrs_len) ||
|
|
+ ep11_is_session_object(new_priv_attrs,
|
|
+ new_priv_attrs_len)),
|
|
&ep11_pin_blob, &ep11_pin_blob_len);
|
|
|
|
RETRY_START(rc, tokdata)
|
|
@@ -5595,7 +5560,7 @@ static CK_RV dh_generate_keypair(STDLL_TokData_t * tokdata,
|
|
}
|
|
|
|
TRACE_INFO("%s rc=0x%lx plen=%zd publblobsize=0x%zx privblobsize=0x%zx\n",
|
|
- __func__, rc, p_len, publblobsize, privblobsize);
|
|
+ __func__, rc, prime_attr->ulValueLen, publblobsize, privblobsize);
|
|
|
|
if (check_expected_mkvp(tokdata, privblob, privblobsize) != CKR_OK) {
|
|
TRACE_ERROR("%s\n", ock_err(ERR_DEVICE_ERROR));
|
|
@@ -5700,15 +5665,10 @@ dh_generate_keypair_end:
|
|
return rc;
|
|
}
|
|
|
|
-static CK_RV dsa_generate_keypair(STDLL_TokData_t * tokdata,
|
|
- SESSION * sess,
|
|
+static CK_RV dsa_generate_keypair(STDLL_TokData_t *tokdata,
|
|
+ SESSION *sess,
|
|
CK_MECHANISM_PTR pMechanism,
|
|
- TEMPLATE * publ_tmpl, TEMPLATE * priv_tmpl,
|
|
- CK_ATTRIBUTE_PTR pPublicKeyTemplate,
|
|
- CK_ULONG ulPublicKeyAttributeCount,
|
|
- CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
|
|
- CK_ULONG ulPrivateKeyAttributeCount,
|
|
- CK_SESSION_HANDLE h)
|
|
+ TEMPLATE *publ_tmpl, TEMPLATE *priv_tmpl)
|
|
{
|
|
CK_RV rc;
|
|
CK_BYTE publblob[MAX_BLOBSIZE];
|
|
@@ -5721,9 +5681,6 @@ static CK_RV dsa_generate_keypair(STDLL_TokData_t * tokdata,
|
|
CK_ATTRIBUTE *opaque_attr = NULL;
|
|
CK_ATTRIBUTE *value_attr = NULL;
|
|
CK_ATTRIBUTE *attr = NULL;
|
|
- size_t p_len = 0, q_len = 0, g_len = 0;
|
|
- int new_public_attr;
|
|
- CK_ULONG i;
|
|
CK_ATTRIBUTE *pPublicKeyTemplate_new = NULL;
|
|
CK_BYTE *key;
|
|
CK_BYTE *data, *oid, *parm;
|
|
@@ -5737,8 +5694,6 @@ static CK_RV dsa_generate_keypair(STDLL_TokData_t * tokdata,
|
|
ep11_session_t *ep11_session = (ep11_session_t *) sess->private_data;
|
|
CK_ATTRIBUTE *new_publ_attrs = NULL, *new_priv_attrs = NULL;
|
|
CK_ULONG new_publ_attrs_len = 0, new_priv_attrs_len = 0;
|
|
- CK_ATTRIBUTE *new_publ_attrs2 = NULL, *new_priv_attrs2 = NULL;
|
|
- CK_ULONG new_publ_attrs2_len = 0, new_priv_attrs2_len = 0;
|
|
|
|
/* ep11 accepts CKA_PRIME,CKA_SUBPRIME,CKA_BASE only in this format */
|
|
struct {
|
|
@@ -5746,95 +5701,68 @@ static CK_RV dsa_generate_keypair(STDLL_TokData_t * tokdata,
|
|
unsigned char *pqg;
|
|
} dsa_pqgs;
|
|
|
|
- UNUSED(h);
|
|
-
|
|
memset(&dsa_pqgs, 0, sizeof(dsa_pqgs));
|
|
memset(publblob, 0, sizeof(publblob));
|
|
memset(privblob, 0, sizeof(privblob));
|
|
|
|
- /* card does not want CKA_PRIME/CKA_BASE/CKA_SUBPRIME
|
|
- * in template but in dsa_pqgs
|
|
- */
|
|
- pPublicKeyTemplate_new =
|
|
- (CK_ATTRIBUTE *) malloc(sizeof(CK_ATTRIBUTE) *
|
|
- ulPublicKeyAttributeCount);
|
|
- if (!pPublicKeyTemplate_new) {
|
|
- TRACE_ERROR("%s Memory allocation failed\n", __func__);
|
|
- return CKR_HOST_MEMORY;
|
|
- }
|
|
- memset(pPublicKeyTemplate_new, 0,
|
|
- sizeof(CK_ATTRIBUTE) * ulPublicKeyAttributeCount);
|
|
-
|
|
- for (i = 0, new_public_attr = 0; i < ulPublicKeyAttributeCount; i++) {
|
|
- switch (pPublicKeyTemplate[i].type) {
|
|
- case CKA_PRIME:
|
|
- prime_attr = &(pPublicKeyTemplate[i]);
|
|
- p_len = pPublicKeyTemplate[i].ulValueLen;
|
|
- break;
|
|
- case CKA_SUBPRIME:
|
|
- sub_prime_attr = &(pPublicKeyTemplate[i]);
|
|
- q_len = pPublicKeyTemplate[i].ulValueLen;
|
|
- break;
|
|
- case CKA_BASE:
|
|
- base_attr = &(pPublicKeyTemplate[i]);
|
|
- g_len = pPublicKeyTemplate[i].ulValueLen;
|
|
- break;
|
|
- default:
|
|
- /* copy all other attributes */
|
|
- memcpy(&pPublicKeyTemplate_new[new_public_attr],
|
|
- &(pPublicKeyTemplate[i]), sizeof(CK_ATTRIBUTE));
|
|
- new_public_attr++;
|
|
- }
|
|
- }
|
|
-
|
|
- if (prime_attr == NULL || sub_prime_attr == NULL || base_attr == NULL) {
|
|
- rc = CKR_TEMPLATE_INCOMPLETE;
|
|
+ rc = build_ep11_attrs(tokdata, publ_tmpl, &dsa_pPublicKeyTemplate,
|
|
+ &dsa_ulPublicKeyAttributeCount,
|
|
+ CKK_DSA, CKO_PUBLIC_KEY, -1, pMechanism);
|
|
+ if (rc != CKR_OK) {
|
|
+ TRACE_ERROR("%s build_ep11_attrs failed with rc=0x%lx\n", __func__, rc);
|
|
goto dsa_generate_keypair_end;
|
|
}
|
|
|
|
- /* copy CKA_PRIME/CKA_BASE/CKA_SUBPRIME to private template */
|
|
- rc = build_attribute(CKA_PRIME, prime_attr->pValue,
|
|
- prime_attr->ulValueLen, &attr);
|
|
+ rc = build_ep11_attrs(tokdata, priv_tmpl, &dsa_pPrivateKeyTemplate,
|
|
+ &dsa_ulPrivateKeyAttributeCount,
|
|
+ CKK_DSA, CKO_PRIVATE_KEY, -1, pMechanism);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s build_attribute failed with rc=0x%lx\n", __func__, rc);
|
|
+ TRACE_ERROR("%s build_ep11_attrs failed with rc=0x%lx\n", __func__, rc);
|
|
goto dsa_generate_keypair_end;
|
|
}
|
|
|
|
- rc = template_update_attribute(priv_tmpl, attr);
|
|
+ rc = check_key_attributes(tokdata, CKK_DSA, CKO_PUBLIC_KEY,
|
|
+ dsa_pPublicKeyTemplate,
|
|
+ dsa_ulPublicKeyAttributeCount,
|
|
+ &new_publ_attrs, &new_publ_attrs_len, -1);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s template_update_attribute failed with rc=0x%lx\n",
|
|
- __func__, rc);
|
|
- free(attr);
|
|
+ TRACE_ERROR("%s DSA check public key attributes failed with "
|
|
+ "rc=0x%lx\n", __func__, rc);
|
|
goto dsa_generate_keypair_end;
|
|
}
|
|
|
|
- rc = build_attribute(CKA_BASE, base_attr->pValue,
|
|
- base_attr->ulValueLen, &attr);
|
|
+ rc = check_key_attributes(tokdata, CKK_DSA, CKO_PRIVATE_KEY,
|
|
+ dsa_pPrivateKeyTemplate,
|
|
+ dsa_ulPrivateKeyAttributeCount,
|
|
+ &new_priv_attrs, &new_priv_attrs_len, -1);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s build_attribute failed with rc=0x%lx\n", __func__, rc);
|
|
+ TRACE_ERROR("%s DSA check private key attributes failed with "
|
|
+ "rc=0x%lx\n", __func__, rc);
|
|
goto dsa_generate_keypair_end;
|
|
}
|
|
|
|
- rc = template_update_attribute(priv_tmpl, attr);
|
|
+ /*
|
|
+ * card does not want CKA_PRIME/CKA_BASE/CKA_SUBPRIME in template but in
|
|
+ * dsa_pqgs
|
|
+ */
|
|
+ rc = template_attribute_get_non_empty(publ_tmpl, CKA_PRIME,
|
|
+ &prime_attr);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s template_update_attribute failed with rc=0x%lx\n",
|
|
- __func__, rc);
|
|
- free(attr);
|
|
+ TRACE_ERROR("%s DSA No CKA_PRIME attribute found\n", __func__);
|
|
goto dsa_generate_keypair_end;
|
|
}
|
|
|
|
- rc = build_attribute(CKA_SUBPRIME, sub_prime_attr->pValue,
|
|
- sub_prime_attr->ulValueLen, &attr);
|
|
+ rc = template_attribute_get_non_empty(publ_tmpl, CKA_SUBPRIME,
|
|
+ &sub_prime_attr);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s build_attribute failed with rc=0x%lx\n", __func__, rc);
|
|
+ TRACE_ERROR("%s DSA No CKA_SUBPRIME attribute found\n", __func__);
|
|
goto dsa_generate_keypair_end;
|
|
}
|
|
|
|
- rc = template_update_attribute(priv_tmpl, attr);
|
|
+ rc = template_attribute_get_non_empty(publ_tmpl, CKA_BASE,
|
|
+ &base_attr);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s template_update_attribute failed with rc=0x%lx\n",
|
|
- __func__, rc);
|
|
- free(attr);
|
|
+ TRACE_ERROR("%s DSA No CKA_BASE attribute found\n", __func__);
|
|
goto dsa_generate_keypair_end;
|
|
}
|
|
|
|
@@ -5842,95 +5770,102 @@ static CK_RV dsa_generate_keypair(STDLL_TokData_t * tokdata,
|
|
* then they are extented by leading zeros till they have
|
|
* the size of CKA_PRIME
|
|
*/
|
|
- dsa_pqgs.pqg = malloc(p_len * 3);
|
|
+ dsa_pqgs.pqg = malloc(prime_attr->ulValueLen * 3);
|
|
if (!dsa_pqgs.pqg) {
|
|
TRACE_ERROR("%s Memory allocation failed\n", __func__);
|
|
rc = CKR_HOST_MEMORY;
|
|
goto dsa_generate_keypair_end;
|
|
}
|
|
- memset(dsa_pqgs.pqg, 0, p_len * 3);
|
|
- memcpy(dsa_pqgs.pqg, prime_attr->pValue, p_len);
|
|
- memcpy(dsa_pqgs.pqg + p_len + (p_len - q_len),
|
|
- sub_prime_attr->pValue, q_len);
|
|
- memcpy(dsa_pqgs.pqg + 2 * p_len + (p_len - g_len),
|
|
- base_attr->pValue, g_len);
|
|
- dsa_pqgs.pqg_bytes = p_len * 3;
|
|
+
|
|
+ memset(dsa_pqgs.pqg, 0, prime_attr->ulValueLen * 3);
|
|
+ memcpy(dsa_pqgs.pqg, prime_attr->pValue, prime_attr->ulValueLen);
|
|
+ memcpy(dsa_pqgs.pqg + prime_attr->ulValueLen +
|
|
+ (prime_attr->ulValueLen - sub_prime_attr->ulValueLen),
|
|
+ sub_prime_attr->pValue, sub_prime_attr->ulValueLen);
|
|
+ memcpy(dsa_pqgs.pqg + 2 * prime_attr->ulValueLen +
|
|
+ (prime_attr->ulValueLen - base_attr->ulValueLen),
|
|
+ base_attr->pValue, base_attr->ulValueLen);
|
|
+ dsa_pqgs.pqg_bytes = prime_attr->ulValueLen * 3;
|
|
|
|
#ifdef DEBUG
|
|
TRACE_DEBUG("%s P:\n", __func__);
|
|
- TRACE_DEBUG_DUMP(" ", &dsa_pqgs.pqg[0], p_len);
|
|
+ TRACE_DEBUG_DUMP(" ", &dsa_pqgs.pqg[0], prime_attr->ulValueLen);
|
|
TRACE_DEBUG("%s Q:\n", __func__);
|
|
- TRACE_DEBUG_DUMP(" ", &dsa_pqgs.pqg[p_len], p_len);
|
|
+ TRACE_DEBUG_DUMP(" ", &dsa_pqgs.pqg[prime_attr->ulValueLen],
|
|
+ prime_attr->ulValueLen);
|
|
TRACE_DEBUG("%s G:\n", __func__);
|
|
- TRACE_DEBUG_DUMP(" ", &dsa_pqgs.pqg[2 * p_len], p_len);
|
|
+ TRACE_DEBUG_DUMP(" ", &dsa_pqgs.pqg[2 * prime_attr->ulValueLen],
|
|
+ prime_attr->ulValueLen);
|
|
#endif
|
|
|
|
- CK_ATTRIBUTE pqgs[] = { {CKA_IBM_STRUCT_PARAMS,
|
|
- (CK_VOID_PTR) dsa_pqgs.pqg, dsa_pqgs.pqg_bytes}
|
|
- };
|
|
-
|
|
- /* add special attribute, do not add it to ock's pPublicKeyTemplate */
|
|
- memcpy(&(pPublicKeyTemplate_new[new_public_attr]),
|
|
- &(pqgs[0]), sizeof(CK_ATTRIBUTE));
|
|
-
|
|
- rc = build_ep11_attrs(tokdata, publ_tmpl,
|
|
- &new_publ_attrs, &new_publ_attrs_len,
|
|
- CKK_DSA, CKO_PUBLIC_KEY, -1, pMechanism);
|
|
+ rc = add_to_attribute_array(&new_publ_attrs, &new_publ_attrs_len,
|
|
+ CKA_IBM_STRUCT_PARAMS, dsa_pqgs.pqg,
|
|
+ dsa_pqgs.pqg_bytes);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s build_ep11_attrs failed with rc=0x%lx\n", __func__, rc);
|
|
+ TRACE_ERROR("%s add_to_attribute_array failed with rc=0x%lx\n",
|
|
+ __func__, rc);
|
|
goto dsa_generate_keypair_end;
|
|
}
|
|
|
|
- rc = check_key_attributes(tokdata, CKK_DSA, CKO_PUBLIC_KEY,
|
|
- new_publ_attrs, new_publ_attrs_len,
|
|
- &new_publ_attrs2, &new_publ_attrs2_len, -1);
|
|
+ /* copy CKA_PRIME/CKA_BASE/CKA_SUBPRIME to private template */
|
|
+ rc = build_attribute(CKA_PRIME, prime_attr->pValue,
|
|
+ prime_attr->ulValueLen, &attr);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s DSA check public key attributes failed with "
|
|
- "rc=0x%lx\n", __func__, rc);
|
|
+ TRACE_ERROR("%s build_attribute failed with rc=0x%lx\n", __func__, rc);
|
|
goto dsa_generate_keypair_end;
|
|
}
|
|
-
|
|
- rc = add_to_attribute_array(&new_publ_attrs2, &new_publ_attrs2_len,
|
|
- CKA_IBM_STRUCT_PARAMS, (CK_VOID_PTR) dsa_pqgs.pqg,
|
|
- dsa_pqgs.pqg_bytes);
|
|
+ rc = template_update_attribute(priv_tmpl, attr);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s add_to_attribute_array failed with rc=0x%lx\n", __func__, rc);
|
|
+ TRACE_ERROR("%s template_update_attribute failed with rc=0x%lx\n",
|
|
+ __func__, rc);
|
|
+ free(attr);
|
|
goto dsa_generate_keypair_end;
|
|
}
|
|
|
|
- rc = build_ep11_attrs(tokdata, priv_tmpl,
|
|
- &new_priv_attrs, &new_priv_attrs_len,
|
|
- CKK_DSA, CKO_PRIVATE_KEY, -1, pMechanism);
|
|
+ rc = build_attribute(CKA_SUBPRIME, sub_prime_attr->pValue,
|
|
+ sub_prime_attr->ulValueLen, &attr);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s build_ep11_attrs failed with rc=0x%lx\n", __func__, rc);
|
|
+ TRACE_ERROR("%s build_attribute failed with rc=0x%lx\n", __func__, rc);
|
|
+ goto dsa_generate_keypair_end;
|
|
+ }
|
|
+ rc = template_update_attribute(priv_tmpl, attr);
|
|
+ if (rc != CKR_OK) {
|
|
+ TRACE_ERROR("%s template_update_attribute failed with rc=0x%lx\n",
|
|
+ __func__, rc);
|
|
+ free(attr);
|
|
goto dsa_generate_keypair_end;
|
|
}
|
|
|
|
- rc = check_key_attributes(tokdata, CKK_DSA, CKO_PRIVATE_KEY,
|
|
- new_priv_attrs, new_priv_attrs_len,
|
|
- &new_priv_attrs2, &new_priv_attrs2_len, -1);
|
|
+ rc = build_attribute(CKA_BASE, base_attr->pValue,
|
|
+ base_attr->ulValueLen, &attr);
|
|
if (rc != CKR_OK) {
|
|
- TRACE_ERROR("%s DSA check private key attributes failed with "
|
|
- "rc=0x%lx\n", __func__, rc);
|
|
+ TRACE_ERROR("%s build_attribute failed with rc=0x%lx\n", __func__, rc);
|
|
+ goto dsa_generate_keypair_end;
|
|
+ }
|
|
+ rc = template_update_attribute(priv_tmpl, attr);
|
|
+ if (rc != CKR_OK) {
|
|
+ TRACE_ERROR("%s template_update_attribute failed with rc=0x%lx\n",
|
|
+ __func__, rc);
|
|
+ free(attr);
|
|
goto dsa_generate_keypair_end;
|
|
}
|
|
|
|
trace_attributes(__func__, "DSA public key attributes:",
|
|
- new_publ_attrs2, new_publ_attrs2_len);
|
|
+ new_publ_attrs, new_publ_attrs_len);
|
|
trace_attributes(__func__, "DSA private key attributes:",
|
|
- new_priv_attrs2, new_priv_attrs2_len);
|
|
+ new_priv_attrs, new_priv_attrs_len);
|
|
|
|
ep11_get_pin_blob(ep11_session,
|
|
- (ep11_is_session_object
|
|
- (pPublicKeyTemplate, ulPublicKeyAttributeCount)
|
|
- || ep11_is_session_object(pPrivateKeyTemplate,
|
|
- ulPrivateKeyAttributeCount)),
|
|
+ (ep11_is_session_object(new_publ_attrs,
|
|
+ new_publ_attrs_len) ||
|
|
+ ep11_is_session_object(new_priv_attrs,
|
|
+ new_priv_attrs_len)),
|
|
&ep11_pin_blob, &ep11_pin_blob_len);
|
|
|
|
RETRY_START(rc, tokdata)
|
|
rc = dll_m_GenerateKeyPair(pMechanism,
|
|
- new_publ_attrs2, new_publ_attrs2_len,
|
|
- new_priv_attrs2, new_priv_attrs2_len,
|
|
+ new_publ_attrs, new_publ_attrs_len,
|
|
+ new_priv_attrs, new_priv_attrs_len,
|
|
ep11_pin_blob, ep11_pin_blob_len, privblob,
|
|
&privblobsize, publblob, &publblobsize,
|
|
target_info->target);
|
|
@@ -5943,10 +5878,8 @@ static CK_RV dsa_generate_keypair(STDLL_TokData_t * tokdata,
|
|
goto dsa_generate_keypair_end;
|
|
}
|
|
|
|
- TRACE_INFO("%s rc=0x%lx p_len=%zd publblobsize=0x%zx privblobsize=0x%zx "
|
|
- "npattr=0x%x\n",
|
|
- __func__, rc, p_len, publblobsize, privblobsize,
|
|
- new_public_attr + 1);
|
|
+ TRACE_INFO("%s rc=0x%lx plen=%zd publblobsize=0x%zx privblobsize=0x%zx\n",
|
|
+ __func__, rc, prime_attr->ulValueLen, publblobsize, privblobsize);
|
|
|
|
if (check_expected_mkvp(tokdata, privblob, privblobsize) != CKR_OK) {
|
|
TRACE_ERROR("%s\n", ock_err(ERR_DEVICE_ERROR));
|
|
@@ -6030,22 +5963,13 @@ dsa_generate_keypair_end:
|
|
free_attribute_array(new_publ_attrs, new_publ_attrs_len);
|
|
if (new_priv_attrs)
|
|
free_attribute_array(new_priv_attrs, new_priv_attrs_len);
|
|
- if (new_publ_attrs2)
|
|
- free_attribute_array(new_publ_attrs2, new_publ_attrs2_len);
|
|
- if (new_priv_attrs)
|
|
- free_attribute_array(new_priv_attrs2, new_priv_attrs2_len);
|
|
return rc;
|
|
}
|
|
|
|
-static CK_RV rsa_ec_generate_keypair(STDLL_TokData_t * tokdata,
|
|
- SESSION * sess,
|
|
+static CK_RV rsa_ec_generate_keypair(STDLL_TokData_t *tokdata,
|
|
+ SESSION *sess,
|
|
CK_MECHANISM_PTR pMechanism,
|
|
- TEMPLATE * publ_tmpl, TEMPLATE * priv_tmpl,
|
|
- CK_ATTRIBUTE_PTR pPublicKeyTemplate,
|
|
- CK_ULONG ulPublicKeyAttributeCount,
|
|
- CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
|
|
- CK_ULONG ulPrivateKeyAttributeCount,
|
|
- CK_SESSION_HANDLE h)
|
|
+ TEMPLATE *publ_tmpl, TEMPLATE *priv_tmpl)
|
|
{
|
|
CK_RV rc;
|
|
CK_ATTRIBUTE *attr = NULL;
|
|
@@ -6054,7 +5978,6 @@ static CK_RV rsa_ec_generate_keypair(STDLL_TokData_t * tokdata,
|
|
size_t privkey_blob_len = sizeof(privkey_blob);
|
|
unsigned char spki[MAX_BLOBSIZE];
|
|
size_t spki_len = sizeof(spki);
|
|
- CK_ULONG i;
|
|
CK_ULONG bit_str_len;
|
|
CK_BYTE *key;
|
|
CK_BYTE *data, *oid, *parm;
|
|
@@ -6074,8 +5997,6 @@ static CK_RV rsa_ec_generate_keypair(STDLL_TokData_t * tokdata,
|
|
CK_ULONG new_publ_attrs2_len = 0, new_priv_attrs2_len = 0;
|
|
const struct _ec *curve = NULL;
|
|
|
|
- UNUSED(h);
|
|
-
|
|
if (pMechanism->mechanism == CKM_EC_KEY_PAIR_GEN) {
|
|
ktype = CKK_EC;
|
|
} else if ((pMechanism->mechanism == CKM_RSA_PKCS_KEY_PAIR_GEN) ||
|
|
@@ -6132,24 +6053,16 @@ static CK_RV rsa_ec_generate_keypair(STDLL_TokData_t * tokdata,
|
|
goto error;
|
|
}
|
|
|
|
- /* debug */
|
|
- for (i = 0; i < new_ulPrivateKeyAttributeCount; i++) {
|
|
- TRACE_INFO("%s gen priv attr type=0x%lx valuelen=0x%lx attrcnt=0x%lx\n",
|
|
- __func__, new_pPrivateKeyTemplate[i].type,
|
|
- new_pPrivateKeyTemplate[i].ulValueLen,
|
|
- new_ulPrivateKeyAttributeCount);
|
|
- }
|
|
-
|
|
trace_attributes(__func__, "RSA/EC public key attributes:",
|
|
new_publ_attrs2, new_publ_attrs2_len);
|
|
trace_attributes(__func__, "RSA/EC private key attributes:",
|
|
new_priv_attrs2, new_priv_attrs2_len);
|
|
|
|
ep11_get_pin_blob(ep11_session,
|
|
- (ep11_is_session_object
|
|
- (pPublicKeyTemplate, ulPublicKeyAttributeCount)
|
|
- || ep11_is_session_object(pPrivateKeyTemplate,
|
|
- ulPrivateKeyAttributeCount)),
|
|
+ (ep11_is_session_object(new_publ_attrs2,
|
|
+ new_publ_attrs2_len) ||
|
|
+ ep11_is_session_object(new_priv_attrs2,
|
|
+ new_priv_attrs2_len)),
|
|
&ep11_pin_blob, &ep11_pin_blob_len);
|
|
|
|
RETRY_START(rc, tokdata)
|
|
@@ -6406,15 +6319,10 @@ error:
|
|
return rc;
|
|
}
|
|
|
|
-static CK_RV ibm_dilithium_generate_keypair(STDLL_TokData_t * tokdata,
|
|
- SESSION * sess,
|
|
+static CK_RV ibm_dilithium_generate_keypair(STDLL_TokData_t *tokdata,
|
|
+ SESSION *sess,
|
|
CK_MECHANISM_PTR pMechanism,
|
|
- TEMPLATE * publ_tmpl, TEMPLATE * priv_tmpl,
|
|
- CK_ATTRIBUTE_PTR pPublicKeyTemplate,
|
|
- CK_ULONG ulPublicKeyAttributeCount,
|
|
- CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
|
|
- CK_ULONG ulPrivateKeyAttributeCount,
|
|
- CK_SESSION_HANDLE h)
|
|
+ TEMPLATE *publ_tmpl, TEMPLATE *priv_tmpl)
|
|
{
|
|
CK_RV rc;
|
|
CK_ATTRIBUTE *attr = NULL;
|
|
@@ -6422,7 +6330,6 @@ static CK_RV ibm_dilithium_generate_keypair(STDLL_TokData_t * tokdata,
|
|
size_t privkey_blob_len = sizeof(privkey_blob);
|
|
unsigned char spki[MAX_BLOBSIZE];
|
|
size_t spki_len = sizeof(spki);
|
|
- CK_ULONG i;
|
|
CK_ULONG bit_str_len;
|
|
CK_BYTE *key;
|
|
CK_BYTE *data, *oid, *parm;
|
|
@@ -6444,8 +6351,6 @@ static CK_RV ibm_dilithium_generate_keypair(STDLL_TokData_t * tokdata,
|
|
const CK_BYTE dilithium_oid[] = { 0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04, 0x01,
|
|
0x02, 0x82, 0x0b, 0x01, 0x06, 0x05 };
|
|
|
|
- UNUSED(h);
|
|
-
|
|
if (pMechanism->mechanism != CKM_IBM_DILITHIUM) {
|
|
TRACE_ERROR("Invalid mechanism provided for %s\n ", __func__);
|
|
return CKR_MECHANISM_INVALID;
|
|
@@ -6503,24 +6408,16 @@ static CK_RV ibm_dilithium_generate_keypair(STDLL_TokData_t * tokdata,
|
|
goto error;
|
|
}
|
|
|
|
- /* debug */
|
|
- for (i = 0; i < new_ulPrivateKeyAttributeCount; i++) {
|
|
- TRACE_INFO("%s gen priv attr type=0x%lx valuelen=0x%lx attrcnt=0x%lx\n",
|
|
- __func__, new_pPrivateKeyTemplate[i].type,
|
|
- new_pPrivateKeyTemplate[i].ulValueLen,
|
|
- new_ulPrivateKeyAttributeCount);
|
|
- }
|
|
-
|
|
trace_attributes(__func__, "Dilithium public key attributes:",
|
|
new_publ_attrs2, new_publ_attrs2_len);
|
|
trace_attributes(__func__, "Dilithium private key attributes:",
|
|
new_priv_attrs2, new_priv_attrs2_len);
|
|
|
|
ep11_get_pin_blob(ep11_session,
|
|
- (ep11_is_session_object
|
|
- (pPublicKeyTemplate, ulPublicKeyAttributeCount)
|
|
- || ep11_is_session_object(pPrivateKeyTemplate,
|
|
- ulPrivateKeyAttributeCount)),
|
|
+ (ep11_is_session_object(new_publ_attrs2,
|
|
+ new_publ_attrs2_len) ||
|
|
+ ep11_is_session_object(new_priv_attrs2,
|
|
+ new_priv_attrs2_len)),
|
|
&ep11_pin_blob, &ep11_pin_blob_len);
|
|
|
|
RETRY_START(rc, tokdata)
|
|
@@ -6763,42 +6660,25 @@ CK_RV ep11tok_generate_key_pair(STDLL_TokData_t * tokdata, SESSION * sess,
|
|
case CKM_DH_PKCS_KEY_PAIR_GEN:
|
|
rc = dh_generate_keypair(tokdata, sess, pMechanism,
|
|
public_key_obj->template,
|
|
- private_key_obj->template,
|
|
- pPublicKeyTemplate,
|
|
- ulPublicKeyAttributeCount,
|
|
- pPrivateKeyTemplate,
|
|
- ulPrivateKeyAttributeCount, sess->handle);
|
|
+ private_key_obj->template);
|
|
break;
|
|
case CKM_EC_KEY_PAIR_GEN: /* takes same parameters as RSA */
|
|
case CKM_RSA_PKCS_KEY_PAIR_GEN:
|
|
case CKM_RSA_X9_31_KEY_PAIR_GEN:
|
|
rc = rsa_ec_generate_keypair(tokdata, sess, pMechanism,
|
|
public_key_obj->template,
|
|
- private_key_obj->template,
|
|
- pPublicKeyTemplate,
|
|
- ulPublicKeyAttributeCount,
|
|
- pPrivateKeyTemplate,
|
|
- ulPrivateKeyAttributeCount, sess->handle);
|
|
+ private_key_obj->template);
|
|
break;
|
|
case CKM_DSA_PARAMETER_GEN:
|
|
case CKM_DSA_KEY_PAIR_GEN:
|
|
rc = dsa_generate_keypair(tokdata, sess, pMechanism,
|
|
public_key_obj->template,
|
|
- private_key_obj->template,
|
|
- pPublicKeyTemplate,
|
|
- ulPublicKeyAttributeCount,
|
|
- pPrivateKeyTemplate,
|
|
- ulPrivateKeyAttributeCount, sess->handle);
|
|
+ private_key_obj->template);
|
|
break;
|
|
case CKM_IBM_DILITHIUM:
|
|
rc = ibm_dilithium_generate_keypair(tokdata, sess, pMechanism,
|
|
public_key_obj->template,
|
|
- private_key_obj->template,
|
|
- pPublicKeyTemplate,
|
|
- ulPublicKeyAttributeCount,
|
|
- pPrivateKeyTemplate,
|
|
- ulPrivateKeyAttributeCount,
|
|
- sess->handle);
|
|
+ private_key_obj->template);
|
|
break;
|
|
default:
|
|
TRACE_ERROR("%s invalid mech %s\n", __func__,
|
|
--
|
|
2.16.2.windows.1
|
|
|