summaryrefslogtreecommitdiffstats
path: root/SoftHSMv2/src/lib/HwInfra
diff options
context:
space:
mode:
authorRitu Sood <ritu.sood@intel.com>2018-04-26 01:50:05 +0000
committerRitu Sood <ritu.sood@intel.com>2018-05-24 05:55:20 +0000
commit57c7ad1aa0e485b5594f27f1ab501ff0306fe2fc (patch)
treef47b764bda303958051dae4f3e4f0222c338ac3e /SoftHSMv2/src/lib/HwInfra
parentc1c9bfcabc4a5e4147d19c599de7d9bf925fa98b (diff)
Added a new Attribute to store TPM key handle
Includes changes to detect existing instances of key and also some bug fixes. Also added new functionality for RSA_SignUpdate, RSA_SignFinal and RSA_Cleanup Issue-ID: AAF-260 Change-Id: Ib064e86b8f112784ed6d352ab1557ab9a13c5978 Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Diffstat (limited to 'SoftHSMv2/src/lib/HwInfra')
-rw-r--r--SoftHSMv2/src/lib/HwInfra/HwInfra.cpp (renamed from SoftHSMv2/src/lib/HwInfra/HwInfra.c)181
-rw-r--r--SoftHSMv2/src/lib/HwInfra/HwInfra.h21
-rw-r--r--SoftHSMv2/src/lib/HwInfra/Makefile.am2
-rwxr-xr-xSoftHSMv2/src/lib/HwInfra/hwpluginif.h60
4 files changed, 205 insertions, 59 deletions
diff --git a/SoftHSMv2/src/lib/HwInfra/HwInfra.c b/SoftHSMv2/src/lib/HwInfra/HwInfra.cpp
index 528097d..557630b 100644
--- a/SoftHSMv2/src/lib/HwInfra/HwInfra.c
+++ b/SoftHSMv2/src/lib/HwInfra/HwInfra.cpp
@@ -24,7 +24,7 @@
#include <unistd.h>
#include "HwInfra.h"
#include "hwpluginif.h"
-
+#include "OSAttributes.h"
#include "cryptoki.h"
char hw_plugins_parent_dir[MAX_PARENT_PATH_NAME+1] = "";
@@ -32,7 +32,6 @@ char *default_hw_plugin_parent_dir = "/tmp/hwparent/";
void *g_dl_handle;
SSHSM_HW_FUNCTIONS_t g_pluginfuncs;
-
/**
Function name : prepareHWPlugin
Description: This function is expected to be called by C_Initialize
@@ -138,7 +137,7 @@ int loadHWPlugin(char *parent_dir, char *pluginsubdir)
dirhandle = opendir(fullpath);
- entries = malloc(sizeof(hwpluginentries_t));
+ entries = (hwpluginentries_t*)malloc(sizeof(hwpluginentries_t));
if (entries == NULL )
{
LOG("Could not allocate entries \n");
@@ -282,7 +281,7 @@ int load_hw_plugin_and_get_function_pointers(char *so_path,
}
functogetpluginfuncs = NULL;
- functogetpluginfuncs = dlsym(g_dl_handle,
+ functogetpluginfuncs = (int (*)(SSHSM_HW_FUNCTIONS_t *)) dlsym(g_dl_handle,
"sshsm_hw_plugin_get_plugin_functions");
if (functogetpluginfuncs == NULL)
@@ -342,7 +341,6 @@ int activate_hw_plugin(hwpluginentries_t *entries, SSHSM_HW_FUNCTIONS_t *funcs)
return(ret_val);
}
-
int load_keys_in_hw_plugin(hwpluginentries_t *entries,
SSHSM_HW_FUNCTIONS_t *funcs)
{
@@ -354,6 +352,7 @@ int load_keys_in_hw_plugin(hwpluginentries_t *entries,
//key_handle = (void *) &hwkeyhandle;
SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t comp_buffers;
+ SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t import_public_key;
/**
Travese through all key directories and load the key in plugin
@@ -370,19 +369,27 @@ int load_keys_in_hw_plugin(hwpluginentries_t *entries,
if(ret_val == 0)
{
- ret_val = (funcs->xxx_load_key)(&comp_buffers, &key_handle);
+ ret_val = (funcs->xxx_load_key)(&comp_buffers, &key_handle,
+ &import_public_key);
//free_buffers(&comp_buffers);
if(ret_val == 0)
{
/** Get PKCS11 information **/
/** Call SoftHSM functions to create private key object */
- ret_val = program_pkcs11_info(entries->key_dir_full_path[ii], &key_handle);
+ if (ret_val == 0) {
+ ret_val = program_pkcs11_info(entries->key_dir_full_path[ii],
+ &key_handle, &import_public_key);
+ if (import_public_key.modulus != NULL)
+ free(import_public_key.modulus);
+ if (import_public_key.exponent != NULL)
+ free(import_public_key.exponent);
+ }
}
}
}
- return(0);
+ return(ret_val);
}
int get_all_file_contents(char *dirpath, char starting_char,
@@ -410,7 +417,7 @@ int get_all_file_contents(char *dirpath, char starting_char,
if ((entry->d_type == DT_REG) &&
(entry->d_name[0] == starting_char))
{
- buffer = malloc(sizeof(buffer_info_t));
+ buffer = (buffer_info_t*) malloc(sizeof(buffer_info_t));
if (buffer == NULL )
{
LOG("Could not allocate entries \n");
@@ -431,7 +438,7 @@ int get_all_file_contents(char *dirpath, char starting_char,
strcpy(fullpath,dirpath);
strcat(fullpath, entry->d_name);
stat(fullpath, &st);
- buffer->buffer = malloc(st.st_size);
+ buffer->buffer = (unsigned char*) malloc(st.st_size);
if(buffer->buffer == NULL)
{
LOG("Could not allocate entries \n");
@@ -489,7 +496,8 @@ void free_buffers ( SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *c_buffers )
}
}
-int program_pkcs11_info (char *dirpath, void *key_handle)
+int program_pkcs11_info (char *dirpath, void *key_handle,
+ SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t *import_public_key)
{
DIR *dirhandle;
struct dirent *entry;
@@ -572,7 +580,7 @@ int program_pkcs11_info (char *dirpath, void *key_handle)
/** Program key in SoftHSM **/
ret_val = PrepareKeyInSoftHSM(slot_id, upin, upin_len, keyid,
- key_id_len, key_label, key_handle);
+ key_id_len, key_label, key_handle, import_public_key);
break;
}
@@ -584,6 +592,28 @@ int program_pkcs11_info (char *dirpath, void *key_handle)
}
+void long_to_byte_string(const unsigned long longValue, unsigned char *out, size_t *outlen)
+{
+ unsigned long setValue = longValue;
+ unsigned char byteStrIn[8];
+ size_t i;
+
+ for (i = 0; i < 8; i++)
+ {
+ byteStrIn[7-i] = (unsigned char) (setValue & 0xFF);
+ setValue >>= 8;
+ }
+ for (i = 0; i < 8; i++)
+ {
+ if (byteStrIn[i])
+ break;
+ }
+ memcpy(out, &byteStrIn[i], 8-i);
+ *outlen = 8-i;
+}
+
+
+
/*** PrepareKeyInSoftHSM
** Description: It creates the object in softhsm with given key id and
** key label and also stores the keyhandle that was returned by hardware plugin
@@ -601,7 +631,8 @@ int program_pkcs11_info (char *dirpath, void *key_handle)
int PrepareKeyInSoftHSM(unsigned int slot_id,
unsigned char *upin, int upin_len,
unsigned char *key_id, int key_id_len,
- unsigned char *key_label, void *key_handle)
+ unsigned char *key_label, void *key_handle,
+ SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t *import_public_key)
{
CK_SESSION_HANDLE hSession;
CK_RV ret_val;
@@ -611,16 +642,15 @@ int PrepareKeyInSoftHSM(unsigned int slot_id,
printf ("slot %ul upin %s key_id %s key_label %s \n", slot_id, upin, key_id,
key_label);
-
if(!key_handle)
{
- //ultoa((CK_ULONG)key_handle, key_handle_str, 16); // Linking error seen
- printf("Key_handle to be stored: %lx \n", *((CK_ULONG *)key_handle) );
- sprintf((char *) key_handle_str, "%lx", *((CK_ULONG *)key_handle));
+ printf("Input Key handle is NULL ! \n");
+ return (SSHSM_HW_PLUGIN_ERROR_BASE + INVALID_KEY_ERROR);
}
- else
+ if (import_public_key->modulus == NULL ||
+ import_public_key->exponent == NULL)
{
- printf("Input Key handle is NULL ! \n");
+ return (SSHSM_HW_PLUGIN_ERROR_BASE + INVALID_KEY_ERROR);
}
/** For creating the key object, first the session needs to be opened
@@ -651,39 +681,64 @@ int PrepareKeyInSoftHSM(unsigned int slot_id,
CK_KEY_TYPE keyType = CKK_RSA;
CK_BBOOL ckTrue = CK_TRUE, ckFalse = CK_FALSE ;
+ unsigned long int key_id_int = atol( (const char*) key_id );
+ unsigned char byte_str[8];
+ size_t outlen;
+ long_to_byte_string(key_id_int, byte_str, &outlen);
+
CK_ATTRIBUTE keyTemplate[] = {
{ CKA_CLASS, &privClass, sizeof(privClass) },
{ CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{ CKA_LABEL, key_label, strlen((char *) key_label) },
- { CKA_ID, key_id, (CK_ULONG)key_id_len },
+ { CKA_ID, byte_str, outlen },
{ CKA_SIGN, &ckTrue, sizeof(ckTrue) },
{ CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_UNWRAP, &ckFalse, sizeof(ckFalse) },
{ CKA_TOKEN, &ckTrue, sizeof(ckTrue) },
{ CKA_PRIVATE, &ckTrue, sizeof(ckTrue) },
- { CKA_EXTRACTABLE, &ckTrue, sizeof(ckTrue) },
- { CKA_PUBLIC_EXPONENT, 0, 0},
- { CKA_MODULUS, 0, 0},
- { CKA_PRIVATE_EXPONENT, 0, 0},
- { CKA_PRIME_2, 0, 0},
- { CKA_EXPONENT_1, 0, 0},
- { CKA_EXPONENT_2, 0, 0},
- { CKA_COEFFICIENT, 0, 0},
- { CKA_PRIME_1, key_handle_str, strlen((char *)key_handle_str) }
- /** For now keep the key handle returned by Plugin in CK_PRIME_1.
- ** TBD - Define new attribute to store this in future
- ***/
+ { CKA_EXTRACTABLE, &ckFalse, sizeof(ckFalse) },
+ { CKA_SENSITIVE, &ckFalse, sizeof(ckFalse) },
+ { CKA_PUBLIC_EXPONENT, import_public_key->exponent, import_public_key->exponent_size},
+ //{ CKA_MODULUS, pN, sizeof(pN) },
+ { CKA_MODULUS, import_public_key->modulus, import_public_key->modulus_size },
+ { CKA_PRIVATE_EXPONENT, 0, 0 },
+ { CKA_PRIME_2, 0, 0},
+ { CKA_EXPONENT_1, 0, 0},
+ { CKA_EXPONENT_2, 0, 0},
+ { CKA_COEFFICIENT, 0, 0},
+ { CKA_OS_PRIVATE_HANDLE, (CK_VOID_PTR ) *((CK_ULONG*)key_handle), sizeof(CK_ULONG) }
};
- ret_val = C_CreateObject(hSession, keyTemplate,
+
+ CK_OBJECT_HANDLE hObject;
+ CK_ULONG ulObjectCount;
+ CK_RV rv;
+
+ rv = C_FindObjectsInit(hSession, keyTemplate, 0);
+ if(rv != CKR_OK) {
+ LOG ("C_FindObjectsInit rv %ld\n", rv);
+ }
+ rv = C_FindObjects(hSession, &hObject, 16, &ulObjectCount);
+ printf("PrepareKeyInSoftHSM: ulObjectCount %ld\n", ulObjectCount);
+ if(rv != CKR_OK || ulObjectCount == 0) {
+ ret_val = C_CreateObject(hSession, keyTemplate,
sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE),&hKey);
- if (ret_val != CKR_OK)
- {
- printf("CreateObject failed: 0x%lx | for slot %x | keylabel %s | keyid below \n",
+ if (ret_val != CKR_OK)
+ {
+ printf("CreateObject failed: 0x%lx | for slot %x | keylabel %s | keyid below \n",
ret_val, slot_id, key_label);
- for (ii = 0; ii < key_id_len; ii++ )
- printf("%2x %c \n", key_id[ii], key_id[ii]);
+ for (ii = 0; ii < key_id_len; ii++ )
+ printf("%2x %c \n", key_id[ii], key_id[ii]);
//return(ret_val);
+ }
+ }
+ else {
+ printf("PrepareKeyInSoftHSM: Object already exists\n");
+ }
+
+ rv = C_FindObjectsFinal(hSession);
+ if(rv != CKR_OK) {
+ LOG ("C_FindObjectsFinal rv %ld\n", rv);
}
ret_val = C_Logout(hSession);
@@ -704,16 +759,56 @@ int PrepareKeyInSoftHSM(unsigned int slot_id,
}
int HwInfraSignInit(void *keyHandle, unsigned long mechanism,
- void* param, int paramLen)
+ void* param, int paramLen, void **hwCryptoOpaque)
{
- return ( g_pluginfuncs.xxx_rsa_sign_init(keyHandle, mechanism, param, paramLen) );
+ if (g_pluginfuncs.xxx_rsa_sign_init == NULL)
+ return(SSHSM_HW_PLUGIN_ERROR_BASE + PLUGIN_INIT_ERROR);
+
+ return (g_pluginfuncs.xxx_rsa_sign_init(keyHandle, mechanism, param,
+ paramLen, hwCryptoOpaque)) ;
+
}
-int HwInfraSign( void *keyHandle, unsigned long mechanism,
- unsigned char *msg, int msg_len,
+int HwInfraSign(void *keyHandle, unsigned long mechanism,
+ unsigned char *msg, int msg_len, void *hwCryptoOpaque,
unsigned char *outsig, int *outsiglen)
{
+ if (g_pluginfuncs.xxx_rsa_sign == NULL)
+ return(SSHSM_HW_PLUGIN_ERROR_BASE + PLUGIN_INIT_ERROR);
+
return ( g_pluginfuncs.xxx_rsa_sign(keyHandle, mechanism, msg, msg_len,
- outsig, outsiglen) );
+ hwCryptoOpaque, outsig, outsiglen) );
+}
+
+int HwInfraSignUpdate(void *keyHandle, unsigned long mechanism,
+ unsigned char *param, int paramLen, void *hwCryptoOpaque)
+{
+ if (g_pluginfuncs.xxx_rsa_sign_update == NULL)
+ return(SSHSM_HW_PLUGIN_ERROR_BASE + PLUGIN_INIT_ERROR);
+
+ int x = ( g_pluginfuncs.xxx_rsa_sign_update(keyHandle, mechanism, param,
+ paramLen, hwCryptoOpaque) );
+ return 0;
+}
+
+int HwInfraSignFinal(void *keyHandle, unsigned long mechanism,
+ void *hwCryptoOpaque,
+ unsigned char *outsig, int *outsiglen)
+{
+ if (g_pluginfuncs.xxx_rsa_sign_final == NULL)
+ return(SSHSM_HW_PLUGIN_ERROR_BASE + PLUGIN_INIT_ERROR);
+
+ return ( g_pluginfuncs.xxx_rsa_sign_final(keyHandle, mechanism,
+ hwCryptoOpaque, outsig, outsiglen) );
+}
+
+int HwInfraSignCleanup(void *keyHandle, unsigned long mechanism,
+ void *hwCryptoOpaque)
+{
+ if (g_pluginfuncs.xxx_rsa_sign_cleanup == NULL)
+ return(SSHSM_HW_PLUGIN_ERROR_BASE + PLUGIN_INIT_ERROR);
+
+ return ( g_pluginfuncs.xxx_rsa_sign_cleanup(keyHandle, mechanism,
+ hwCryptoOpaque) );
}
diff --git a/SoftHSMv2/src/lib/HwInfra/HwInfra.h b/SoftHSMv2/src/lib/HwInfra/HwInfra.h
index a62bd7d..8cbbada 100644
--- a/SoftHSMv2/src/lib/HwInfra/HwInfra.h
+++ b/SoftHSMv2/src/lib/HwInfra/HwInfra.h
@@ -50,18 +50,26 @@ int get_all_file_contents(char *dirpath, char starting_char,
SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *c_buffers );
void free_buffers ( SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *c_buffers );
-int program_pkcs11_info (char *dirpath, void *key_handle);
+int program_pkcs11_info (char *dirpath, void *key_handle, SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t* ik);
int PrepareKeyInSoftHSM(unsigned int slot_id,
unsigned char *upin, int upin_len,
unsigned char *key_id, int key_id_len,
- unsigned char *key_label, void *key_handle);
+ unsigned char *key_label, void *key_handle,
+ SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t* ik);
int HwInfraSignInit(void *keyHandle, unsigned long mechanism,
- void* param, int paramLen);
-
-int HwInfraSign( void *keyHandle, unsigned long mechanism,
- unsigned char *msg, int msg_len,
+ void* param, int paramLen, void **hwCryptoOpaque);
+int HwInfraSign(void *keyHandle, unsigned long mechanism,
+ unsigned char *msg, int msg_len, void *hwCryptoOpaque,
+ unsigned char *outsig, int *outsiglen);
+int HwInfraSignUpdate(void *keyHandle, unsigned long mechanism,
+ unsigned char *msg, int msg_len, void *hwCryptoOpaque);
+int HwInfraSignFinal(void *keyHandle, unsigned long mechanism,
+ void *hwCryptoOpaque,
unsigned char *outsig, int *outsiglen);
+int HwInfraSignCleanup(void *keyHandle, unsigned long mechanism,
+ void *hwCryptoOpaque);
+
#define MAX_PARENT_PATH_NAME 256
@@ -76,6 +84,7 @@ int HwInfraSign( void *keyHandle, unsigned long mechanism,
#define PLUGIN_DL_OPEN_ERROR (06)
#define PLUGIN_DL_SYM_ERROR (07)
#define PLUGIN_INIT_ERROR (10)
+#define INVALID_KEY_ERROR (11)
#if defined(__cplusplus)
}
diff --git a/SoftHSMv2/src/lib/HwInfra/Makefile.am b/SoftHSMv2/src/lib/HwInfra/Makefile.am
index b327b15..3ff3726 100644
--- a/SoftHSMv2/src/lib/HwInfra/Makefile.am
+++ b/SoftHSMv2/src/lib/HwInfra/Makefile.am
@@ -9,7 +9,7 @@ AM_CPPFLAGS = -I$(srcdir)/.. \
-I$(srcdir)/../session_mgr
noinst_LTLIBRARIES = libsofthsm_hwinfra.la
-libsofthsm_hwinfra_la_SOURCES = HwInfra.c
+libsofthsm_hwinfra_la_SOURCES = HwInfra.cpp
SUBDIRS =
diff --git a/SoftHSMv2/src/lib/HwInfra/hwpluginif.h b/SoftHSMv2/src/lib/HwInfra/hwpluginif.h
index b078be3..a8ade2a 100755
--- a/SoftHSMv2/src/lib/HwInfra/hwpluginif.h
+++ b/SoftHSMv2/src/lib/HwInfra/hwpluginif.h
@@ -94,6 +94,20 @@ typedef int (*sshsm_hw_plugin_activate)(
);
+/***
+ * Import Public Key
+ * Description: This is called by HWPluginInfra after load key to get the public
+ * key modulus and exponent. Plugin to allocate memory for modulus and exponent
+ * based on size. HwInfra will release the buffers after using them.
+ */
+
+typedef struct sshsm_hw_plugin_import_public_key_info_s {
+ unsigned long modulus_size;
+ unsigned char *modulus;
+ unsigned long exponent_size;
+ unsigned char *exponent;
+}SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t;
+
/***
* Load Key Callback
@@ -141,32 +155,30 @@ typedef struct sshsm_hw_plugin_load_key_in_info_s {
typedef int (*sshsm_hw_plugin_load_key)(
SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info,
- void **keyHandle
+ void **keyHandle,
+ SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t *import_public_key
);
typedef int (*sshsm_hw_plugin_unload_key)(
void **keyHandle
);
-
-
-
/***
* Callback: RSA Sign Init
* Description: This is called by HWPluginInfra as part of C_SignInit function
- * for RSA keys
+ * for RSA keys. Plugin can allocate memory for any state and can add its reference to
+ * pluginOutDataRef. This pointer is passed to sign, signupdate and signfinal.
*/
typedef int (*sshsm_hw_plugin_rsa_sign_init)(
void *keyHandle,
unsigned long mechanism,
void *param,
- int len
+ int len,
+ void **pluginOutDataRef
);
-
-
/***
- * Callback: RSA Sign Init
+ * Callback: RSA Sign
* Description: This is called by HWPluginInfra as part of C_Sign function
* for RSA keys. HWPluginInfra get the keyHandle from the key object.
*
@@ -181,10 +193,37 @@ typedef int (*sshsm_hw_plugin_rsa_sign)(
unsigned long mechanism,
unsigned char *msg,
int msg_len,
+ void *pluginDataRef,
unsigned char *outsig,
int *outsiglen
);
+typedef int (*sshsm_hw_plugin_rsa_sign_update)(
+ void *keyHandle,
+ unsigned long mechanism,
+ unsigned char *msg,
+ int msg_len,
+ void *pluginDataRef
+ );
+
+typedef int (*sshsm_hw_plugin_rsa_sign_final)(
+ void *keyHandle,
+ unsigned long mechanism,
+ void *pluginDataRef,
+ unsigned char *outsig,
+ int *outsiglen
+ );
+
+/** This function is called by SSHSM only if there sign_final function is not called.
+If sign_final function is called, it is assumed that plugin would have cleaned this up.
+***/
+
+typedef int (*sshsm_hw_plugin_rsa_sign_cleanup)(
+ void *keyHandle,
+ unsigned long mechanism,
+ void *pluginDataRef
+ );
+
/***
* Function Name: sshsm_hw_plugin_get_plugin_functions
* Descrpiton: Every HW plugin is expected to define this function.
@@ -208,6 +247,9 @@ typedef struct sshsm_hw_functions_s
sshsm_hw_plugin_unload_key xxx_unload_key;
sshsm_hw_plugin_rsa_sign_init xxx_rsa_sign_init;
sshsm_hw_plugin_rsa_sign xxx_rsa_sign;
+ sshsm_hw_plugin_rsa_sign_update xxx_rsa_sign_update;
+ sshsm_hw_plugin_rsa_sign_final xxx_rsa_sign_final;
+ sshsm_hw_plugin_rsa_sign_cleanup xxx_rsa_sign_cleanup;
}SSHSM_HW_FUNCTIONS_t;