aboutsummaryrefslogtreecommitdiffstats
path: root/SoftHSMv2/src/lib/SoftHSM.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'SoftHSMv2/src/lib/SoftHSM.cpp')
-rw-r--r--SoftHSMv2/src/lib/SoftHSM.cpp11178
1 files changed, 11178 insertions, 0 deletions
diff --git a/SoftHSMv2/src/lib/SoftHSM.cpp b/SoftHSMv2/src/lib/SoftHSM.cpp
new file mode 100644
index 0000000..b06efc2
--- /dev/null
+++ b/SoftHSMv2/src/lib/SoftHSM.cpp
@@ -0,0 +1,11178 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ SoftHSM.cpp
+
+ The implementation of the SoftHSM's main class
+ *****************************************************************************/
+
+#include "config.h"
+#include "log.h"
+#include "access.h"
+#include "Configuration.h"
+#include "SimpleConfigLoader.h"
+#include "MutexFactory.h"
+#include "SecureMemoryRegistry.h"
+#include "CryptoFactory.h"
+#include "AsymmetricAlgorithm.h"
+#include "SymmetricAlgorithm.h"
+#include "AESKey.h"
+#include "DESKey.h"
+#include "RNG.h"
+#include "RSAParameters.h"
+#include "RSAPublicKey.h"
+#include "RSAPrivateKey.h"
+#include "DSAParameters.h"
+#include "DSAPublicKey.h"
+#include "DSAPrivateKey.h"
+#include "ECPublicKey.h"
+#include "ECPrivateKey.h"
+#include "ECParameters.h"
+#include "DHParameters.h"
+#include "DHPublicKey.h"
+#include "DHPrivateKey.h"
+#include "GOSTPublicKey.h"
+#include "GOSTPrivateKey.h"
+#include "cryptoki.h"
+#include "SoftHSM.h"
+#include "osmutex.h"
+#include "SessionManager.h"
+#include "SessionObjectStore.h"
+#include "HandleManager.h"
+#include "P11Objects.h"
+#include "odd.h"
+
+#if defined(WITH_OPENSSL)
+#include "OSSLCryptoFactory.h"
+#else
+#include "BotanCryptoFactory.h"
+#endif
+
+#include <stdlib.h>
+
+// Initialise the one-and-only instance
+
+#ifdef HAVE_CXX11
+
+std::unique_ptr<MutexFactory> MutexFactory::instance(nullptr);
+std::unique_ptr<SecureMemoryRegistry> SecureMemoryRegistry::instance(nullptr);
+#if defined(WITH_OPENSSL)
+std::unique_ptr<OSSLCryptoFactory> OSSLCryptoFactory::instance(nullptr);
+#else
+std::unique_ptr<BotanCryptoFactory> BotanCryptoFactory::instance(nullptr);
+#endif
+std::unique_ptr<SoftHSM> SoftHSM::instance(nullptr);
+
+#else
+
+std::auto_ptr<MutexFactory> MutexFactory::instance(NULL);
+std::auto_ptr<SecureMemoryRegistry> SecureMemoryRegistry::instance(NULL);
+#if defined(WITH_OPENSSL)
+std::auto_ptr<OSSLCryptoFactory> OSSLCryptoFactory::instance(NULL);
+#else
+std::auto_ptr<BotanCryptoFactory> BotanCryptoFactory::instance(NULL);
+#endif
+std::auto_ptr<SoftHSM> SoftHSM::instance(NULL);
+
+#endif
+
+static CK_RV newP11Object(CK_OBJECT_CLASS objClass, CK_KEY_TYPE keyType, CK_CERTIFICATE_TYPE certType, P11Object **p11object)
+{
+ switch(objClass) {
+ case CKO_DATA:
+ *p11object = new P11DataObj();
+ break;
+ case CKO_CERTIFICATE:
+ if (certType == CKC_X_509)
+ *p11object = new P11X509CertificateObj();
+ else if (certType == CKC_OPENPGP)
+ *p11object = new P11OpenPGPPublicKeyObj();
+ else
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ break;
+ case CKO_PUBLIC_KEY:
+ if (keyType == CKK_RSA)
+ *p11object = new P11RSAPublicKeyObj();
+ else if (keyType == CKK_DSA)
+ *p11object = new P11DSAPublicKeyObj();
+ else if (keyType == CKK_EC)
+ *p11object = new P11ECPublicKeyObj();
+ else if (keyType == CKK_DH)
+ *p11object = new P11DHPublicKeyObj();
+ else if (keyType == CKK_GOSTR3410)
+ *p11object = new P11GOSTPublicKeyObj();
+ else
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ break;
+ case CKO_PRIVATE_KEY:
+ // we need to know the type too
+ if (keyType == CKK_RSA)
+ *p11object = new P11RSAPrivateKeyObj();
+ else if (keyType == CKK_DSA)
+ *p11object = new P11DSAPrivateKeyObj();
+ else if (keyType == CKK_EC)
+ *p11object = new P11ECPrivateKeyObj();
+ else if (keyType == CKK_DH)
+ *p11object = new P11DHPrivateKeyObj();
+ else if (keyType == CKK_GOSTR3410)
+ *p11object = new P11GOSTPrivateKeyObj();
+ else
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ break;
+ case CKO_SECRET_KEY:
+ if ((keyType == CKK_GENERIC_SECRET) ||
+ (keyType == CKK_MD5_HMAC) ||
+ (keyType == CKK_SHA_1_HMAC) ||
+ (keyType == CKK_SHA224_HMAC) ||
+ (keyType == CKK_SHA256_HMAC) ||
+ (keyType == CKK_SHA384_HMAC) ||
+ (keyType == CKK_SHA512_HMAC))
+ {
+ P11GenericSecretKeyObj* key = new P11GenericSecretKeyObj();
+ *p11object = key;
+ key->setKeyType(keyType);
+ }
+ else if (keyType == CKK_AES)
+ {
+ *p11object = new P11AESSecretKeyObj();
+ }
+ else if ((keyType == CKK_DES) ||
+ (keyType == CKK_DES2) ||
+ (keyType == CKK_DES3))
+ {
+ P11DESSecretKeyObj* key = new P11DESSecretKeyObj();
+ *p11object = key;
+ key->setKeyType(keyType);
+ }
+ else if (keyType == CKK_GOST28147)
+ {
+ *p11object = new P11GOSTSecretKeyObj();
+ }
+ else
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ break;
+ case CKO_DOMAIN_PARAMETERS:
+ if (keyType == CKK_DSA)
+ *p11object = new P11DSADomainObj();
+ else if (keyType == CKK_DH)
+ *p11object = new P11DHDomainObj();
+ else
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ break;
+ default:
+ return CKR_ATTRIBUTE_VALUE_INVALID; // invalid value for a valid argument
+ }
+ return CKR_OK;
+}
+
+static CK_RV extractObjectInformation(CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_CLASS &objClass,
+ CK_KEY_TYPE &keyType,
+ CK_CERTIFICATE_TYPE &certType,
+ CK_BBOOL &isOnToken,
+ CK_BBOOL &isPrivate,
+ bool bImplicit)
+{
+ bool bHasClass = false;
+ bool bHasKeyType = false;
+ bool bHasCertType = false;
+ bool bHasPrivate = false;
+
+ // Extract object information
+ for (CK_ULONG i = 0; i < ulCount; ++i)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_CLASS:
+ if (pTemplate[i].ulValueLen == sizeof(CK_OBJECT_CLASS))
+ {
+ objClass = *(CK_OBJECT_CLASS_PTR)pTemplate[i].pValue;
+ bHasClass = true;
+ }
+ break;
+ case CKA_KEY_TYPE:
+ if (pTemplate[i].ulValueLen == sizeof(CK_KEY_TYPE))
+ {
+ keyType = *(CK_KEY_TYPE*)pTemplate[i].pValue;
+ bHasKeyType = true;
+ }
+ break;
+ case CKA_CERTIFICATE_TYPE:
+ if (pTemplate[i].ulValueLen == sizeof(CK_CERTIFICATE_TYPE))
+ {
+ certType = *(CK_CERTIFICATE_TYPE*)pTemplate[i].pValue;
+ bHasCertType = true;
+ }
+ break;
+ case CKA_TOKEN:
+ if (pTemplate[i].ulValueLen == sizeof(CK_BBOOL))
+ {
+ isOnToken = *(CK_BBOOL*)pTemplate[i].pValue;
+ }
+ break;
+ case CKA_PRIVATE:
+ if (pTemplate[i].ulValueLen == sizeof(CK_BBOOL))
+ {
+ isPrivate = *(CK_BBOOL*)pTemplate[i].pValue;
+ bHasPrivate = true;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (bImplicit)
+ {
+ return CKR_OK;
+ }
+
+ if (!bHasClass)
+ {
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+
+ bool bKeyTypeRequired = (objClass == CKO_PUBLIC_KEY || objClass == CKO_PRIVATE_KEY || objClass == CKO_SECRET_KEY);
+ if (bKeyTypeRequired && !bHasKeyType)
+ {
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+
+ if (objClass == CKO_CERTIFICATE)
+ {
+ if (!bHasCertType)
+ {
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+ if (!bHasPrivate)
+ {
+ // Change default value for certificates
+ isPrivate = CK_FALSE;
+ }
+ }
+
+ if (objClass == CKO_PUBLIC_KEY && !bHasPrivate)
+ {
+ // Change default value for public keys
+ isPrivate = CK_FALSE;
+ }
+
+ return CKR_OK;
+}
+
+static CK_RV newP11Object(OSObject *object, P11Object **p11object)
+{
+ CK_OBJECT_CLASS objClass = object->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED);
+ CK_KEY_TYPE keyType = CKK_RSA;
+ CK_CERTIFICATE_TYPE certType = CKC_X_509;
+ if (object->attributeExists(CKA_KEY_TYPE))
+ keyType = object->getUnsignedLongValue(CKA_KEY_TYPE, CKK_RSA);
+ if (object->attributeExists(CKA_CERTIFICATE_TYPE))
+ certType = object->getUnsignedLongValue(CKA_CERTIFICATE_TYPE, CKC_X_509);
+ CK_RV rv = newP11Object(objClass,keyType,certType,p11object);
+ if (rv != CKR_OK)
+ return rv;
+ if (!(*p11object)->init(object))
+ return CKR_GENERAL_ERROR; // something went wrong that shouldn't have.
+ return CKR_OK;
+}
+
+#ifdef notyet
+static CK_ATTRIBUTE bsAttribute(CK_ATTRIBUTE_TYPE type, const ByteString &value)
+{
+ CK_ATTRIBUTE attr = {type, (CK_VOID_PTR)value.const_byte_str(), value.size() };
+ return attr;
+}
+#endif
+
+/*****************************************************************************
+ Implementation of SoftHSM class specific functions
+ *****************************************************************************/
+
+// Return the one-and-only instance
+SoftHSM* SoftHSM::i()
+{
+ if (!instance.get())
+ {
+ instance.reset(new SoftHSM());
+ }
+
+ return instance.get();
+}
+
+void SoftHSM::reset()
+{
+ if (instance.get())
+ instance.reset();
+}
+
+// Constructor
+SoftHSM::SoftHSM()
+{
+ isInitialised = false;
+ isRemovable = false;
+ sessionObjectStore = NULL;
+ objectStore = NULL;
+ slotManager = NULL;
+ sessionManager = NULL;
+ handleManager = NULL;
+}
+
+// Destructor
+SoftHSM::~SoftHSM()
+{
+ if (handleManager != NULL) delete handleManager;
+ if (sessionManager != NULL) delete sessionManager;
+ if (slotManager != NULL) delete slotManager;
+ if (objectStore != NULL) delete objectStore;
+ if (sessionObjectStore != NULL) delete sessionObjectStore;
+}
+
+/*****************************************************************************
+ Implementation of PKCS #11 functions
+ *****************************************************************************/
+
+// PKCS #11 initialisation function
+CK_RV SoftHSM::C_Initialize(CK_VOID_PTR pInitArgs)
+{
+ CK_C_INITIALIZE_ARGS_PTR args;
+
+ // Check if PKCS#11 is already initialized
+ if (isInitialised)
+ {
+ ERROR_MSG("SoftHSM is already initialized");
+ return CKR_CRYPTOKI_ALREADY_INITIALIZED;
+ }
+
+ // Do we have any arguments?
+ if (pInitArgs != NULL_PTR)
+ {
+ args = (CK_C_INITIALIZE_ARGS_PTR)pInitArgs;
+
+ // Must be set to NULL_PTR in this version of PKCS#11
+ if (args->pReserved != NULL_PTR)
+ {
+ ERROR_MSG("pReserved must be set to NULL_PTR");
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ // Can we spawn our own threads?
+ // if (args->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS)
+ // {
+ // DEBUG_MSG("Cannot create threads if CKF_LIBRARY_CANT_CREATE_OS_THREADS is set");
+ // return CKR_NEED_TO_CREATE_THREADS;
+ // }
+
+ // Are we not supplied with mutex functions?
+ if
+ (
+ args->CreateMutex == NULL_PTR &&
+ args->DestroyMutex == NULL_PTR &&
+ args->LockMutex == NULL_PTR &&
+ args->UnlockMutex == NULL_PTR
+ )
+ {
+ // Can we use our own mutex functions?
+ if (args->flags & CKF_OS_LOCKING_OK)
+ {
+ // Use our own mutex functions.
+ MutexFactory::i()->setCreateMutex(OSCreateMutex);
+ MutexFactory::i()->setDestroyMutex(OSDestroyMutex);
+ MutexFactory::i()->setLockMutex(OSLockMutex);
+ MutexFactory::i()->setUnlockMutex(OSUnlockMutex);
+ MutexFactory::i()->enable();
+ }
+ else
+ {
+ // The external application is not using threading
+ MutexFactory::i()->disable();
+ }
+ }
+ else
+ {
+ // We must have all mutex functions
+ if
+ (
+ args->CreateMutex == NULL_PTR ||
+ args->DestroyMutex == NULL_PTR ||
+ args->LockMutex == NULL_PTR ||
+ args->UnlockMutex == NULL_PTR
+ )
+ {
+ ERROR_MSG("Not all mutex functions are supplied");
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ // We could use our own mutex functions if the flag is set,
+ // but we use the external functions in both cases.
+
+ // Load the external mutex functions
+ MutexFactory::i()->setCreateMutex(args->CreateMutex);
+ MutexFactory::i()->setDestroyMutex(args->DestroyMutex);
+ MutexFactory::i()->setLockMutex(args->LockMutex);
+ MutexFactory::i()->setUnlockMutex(args->UnlockMutex);
+ MutexFactory::i()->enable();
+ }
+ }
+ else
+ {
+ // No concurrent access by multiple threads
+ MutexFactory::i()->disable();
+ }
+
+ // Initiate SecureMemoryRegistry
+ if (SecureMemoryRegistry::i() == NULL)
+ {
+ ERROR_MSG("Could not load the SecureMemoryRegistry");
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Build the CryptoFactory
+ if (CryptoFactory::i() == NULL)
+ {
+ ERROR_MSG("Could not load the CryptoFactory");
+ return CKR_GENERAL_ERROR;
+ }
+
+#ifdef WITH_FIPS
+ // Check the FIPS status
+ if (!CryptoFactory::i()->getFipsSelfTestStatus())
+ {
+ ERROR_MSG("The FIPS self test failed");
+ return CKR_FIPS_SELF_TEST_FAILED;
+ }
+#endif
+
+ // (Re)load the configuration
+ if (!Configuration::i()->reload(SimpleConfigLoader::i()))
+ {
+ ERROR_MSG("Could not load the configuration");
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Configure the log level
+ if (!setLogLevel(Configuration::i()->getString("log.level", DEFAULT_LOG_LEVEL)))
+ {
+ ERROR_MSG("Could not set the log level");
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Configure object store storage backend used by all tokens.
+ if (!ObjectStoreToken::selectBackend(Configuration::i()->getString("objectstore.backend", DEFAULT_OBJECTSTORE_BACKEND)))
+ {
+ ERROR_MSG("Could not set the storage backend");
+ return CKR_GENERAL_ERROR;
+ }
+
+ sessionObjectStore = new SessionObjectStore();
+
+ // Load the object store
+ objectStore = new ObjectStore(Configuration::i()->getString("directories.tokendir", DEFAULT_TOKENDIR));
+ if (!objectStore->isValid())
+ {
+ WARNING_MSG("Could not load the object store");
+ delete objectStore;
+ objectStore = NULL;
+ delete sessionObjectStore;
+ sessionObjectStore = NULL;
+ return CKR_GENERAL_ERROR;
+ }
+
+ isRemovable = Configuration::i()->getBool("slots.removable", false);
+
+ // Load the slot manager
+ slotManager = new SlotManager(objectStore);
+
+ // Load the session manager
+ sessionManager = new SessionManager();
+
+ // Load the handle manager
+ handleManager = new HandleManager();
+
+ // Set the state to initialised
+ isInitialised = true;
+
+ return CKR_OK;
+}
+
+// PKCS #11 finalisation function
+CK_RV SoftHSM::C_Finalize(CK_VOID_PTR pReserved)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Must be set to NULL_PTR in this version of PKCS#11
+ if (pReserved != NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ if (handleManager != NULL) delete handleManager;
+ handleManager = NULL;
+ if (sessionManager != NULL) delete sessionManager;
+ sessionManager = NULL;
+ if (slotManager != NULL) delete slotManager;
+ slotManager = NULL;
+ if (objectStore != NULL) delete objectStore;
+ objectStore = NULL;
+ if (sessionObjectStore != NULL) delete sessionObjectStore;
+ sessionObjectStore = NULL;
+ CryptoFactory::reset();
+ SecureMemoryRegistry::reset();
+
+ isInitialised = false;
+
+ SoftHSM::reset();
+ return CKR_OK;
+}
+
+// Return information about the PKCS #11 module
+CK_RV SoftHSM::C_GetInfo(CK_INFO_PTR pInfo)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+ if (pInfo == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ pInfo->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR;
+ pInfo->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR;
+ memset(pInfo->manufacturerID, ' ', 32);
+ memcpy(pInfo->manufacturerID, "SoftHSM", 7);
+ pInfo->flags = 0;
+ memset(pInfo->libraryDescription, ' ', 32);
+#ifdef WITH_FIPS
+ memcpy(pInfo->libraryDescription, "Implementation of PKCS11+FIPS", 29);
+#else
+ memcpy(pInfo->libraryDescription, "Implementation of PKCS11", 24);
+#endif
+ pInfo->libraryVersion.major = VERSION_MAJOR;
+ pInfo->libraryVersion.minor = VERSION_MINOR;
+
+ return CKR_OK;
+}
+
+// Return a list of available slots
+CK_RV SoftHSM::C_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ return slotManager->getSlotList(objectStore, tokenPresent, pSlotList, pulCount);
+}
+
+// Return information about a slot
+CK_RV SoftHSM::C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
+{
+ CK_RV rv;
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ Slot* slot = slotManager->getSlot(slotID);
+ if (slot == NULL)
+ {
+ return CKR_SLOT_ID_INVALID;
+ }
+
+ rv = slot->getSlotInfo(pInfo);
+ if (rv != CKR_OK) {
+ return rv;
+ }
+
+ if (isRemovable) {
+ pInfo->flags |= CKF_REMOVABLE_DEVICE;
+ }
+
+ return CKR_OK;
+}
+
+// Return information about a token in a slot
+CK_RV SoftHSM::C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ Slot* slot = slotManager->getSlot(slotID);
+ if (slot == NULL)
+ {
+ return CKR_SLOT_ID_INVALID;
+ }
+
+ Token* token = slot->getToken();
+ if (token == NULL)
+ {
+ return CKR_TOKEN_NOT_PRESENT;
+ }
+
+ return token->getTokenInfo(pInfo);
+}
+
+// Return the list of supported mechanisms for a given slot
+CK_RV SoftHSM::C_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pulCount)
+{
+ // A list with the supported mechanisms
+ CK_ULONG nrSupportedMechanisms = 61;
+#ifdef WITH_ECC
+ nrSupportedMechanisms += 3;
+#endif
+#ifdef WITH_FIPS
+ nrSupportedMechanisms -= 9;
+#endif
+#ifdef WITH_GOST
+ nrSupportedMechanisms += 5;
+#endif
+#ifdef HAVE_AES_KEY_WRAP_PAD
+ nrSupportedMechanisms += 1;
+#endif
+#ifdef WITH_RAW_PSS
+ nrSupportedMechanisms += 1; // CKM_RSA_PKCS_PSS
+#endif
+#ifdef WITH_AES_GCM
+ nrSupportedMechanisms += 1;
+#endif
+
+ CK_MECHANISM_TYPE supportedMechanisms[] =
+ {
+#ifndef WITH_FIPS
+ CKM_MD5,
+#endif
+ CKM_SHA_1,
+ CKM_SHA224,
+ CKM_SHA256,
+ CKM_SHA384,
+ CKM_SHA512,
+#ifndef WITH_FIPS
+ CKM_MD5_HMAC,
+#endif
+ CKM_SHA_1_HMAC,
+ CKM_SHA224_HMAC,
+ CKM_SHA256_HMAC,
+ CKM_SHA384_HMAC,
+ CKM_SHA512_HMAC,
+ CKM_RSA_PKCS_KEY_PAIR_GEN,
+ CKM_RSA_PKCS,
+ CKM_RSA_X_509,
+#ifndef WITH_FIPS
+ CKM_MD5_RSA_PKCS,
+#endif
+ CKM_SHA1_RSA_PKCS,
+ CKM_RSA_PKCS_OAEP,
+ CKM_SHA224_RSA_PKCS,
+ CKM_SHA256_RSA_PKCS,
+ CKM_SHA384_RSA_PKCS,
+ CKM_SHA512_RSA_PKCS,
+#ifdef WITH_RAW_PSS
+ CKM_RSA_PKCS_PSS,
+#endif
+ CKM_SHA1_RSA_PKCS_PSS,
+ CKM_SHA224_RSA_PKCS_PSS,
+ CKM_SHA256_RSA_PKCS_PSS,
+ CKM_SHA384_RSA_PKCS_PSS,
+ CKM_SHA512_RSA_PKCS_PSS,
+#ifndef WITH_FIPS
+ CKM_DES_KEY_GEN,
+#endif
+ CKM_DES2_KEY_GEN,
+ CKM_DES3_KEY_GEN,
+#ifndef WITH_FIPS
+ CKM_DES_ECB,
+ CKM_DES_CBC,
+ CKM_DES_CBC_PAD,
+ CKM_DES_ECB_ENCRYPT_DATA,
+ CKM_DES_CBC_ENCRYPT_DATA,
+#endif
+ CKM_DES3_ECB,
+ CKM_DES3_CBC,
+ CKM_DES3_CBC_PAD,
+ CKM_DES3_ECB_ENCRYPT_DATA,
+ CKM_DES3_CBC_ENCRYPT_DATA,
+ CKM_DES3_CMAC,
+ CKM_AES_KEY_GEN,
+ CKM_AES_ECB,
+ CKM_AES_CBC,
+ CKM_AES_CBC_PAD,
+ CKM_AES_CTR,
+#ifdef WITH_AES_GCM
+ CKM_AES_GCM,
+#endif
+ CKM_AES_KEY_WRAP,
+#ifdef HAVE_AES_KEY_WRAP_PAD
+ CKM_AES_KEY_WRAP_PAD,
+#endif
+ CKM_AES_ECB_ENCRYPT_DATA,
+ CKM_AES_CBC_ENCRYPT_DATA,
+ CKM_AES_CMAC,
+ CKM_DSA_PARAMETER_GEN,
+ CKM_DSA_KEY_PAIR_GEN,
+ CKM_DSA,
+ CKM_DSA_SHA1,
+ CKM_DSA_SHA224,
+ CKM_DSA_SHA256,
+ CKM_DSA_SHA384,
+ CKM_DSA_SHA512,
+ CKM_DH_PKCS_KEY_PAIR_GEN,
+ CKM_DH_PKCS_PARAMETER_GEN,
+ CKM_DH_PKCS_DERIVE,
+#ifdef WITH_ECC
+ CKM_EC_KEY_PAIR_GEN,
+ CKM_ECDSA,
+ CKM_ECDH1_DERIVE,
+#endif
+#ifdef WITH_GOST
+ CKM_GOSTR3411,
+ CKM_GOSTR3411_HMAC,
+ CKM_GOSTR3410_KEY_PAIR_GEN,
+ CKM_GOSTR3410,
+ CKM_GOSTR3410_WITH_GOSTR3411
+#endif
+ };
+
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+ if (pulCount == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ Slot* slot = slotManager->getSlot(slotID);
+ if (slot == NULL)
+ {
+ return CKR_SLOT_ID_INVALID;
+ }
+
+ if (pMechanismList == NULL_PTR)
+ {
+ *pulCount = nrSupportedMechanisms;
+
+ return CKR_OK;
+ }
+
+ if (*pulCount < nrSupportedMechanisms)
+ {
+ *pulCount = nrSupportedMechanisms;
+
+ return CKR_BUFFER_TOO_SMALL;
+ }
+
+ *pulCount = nrSupportedMechanisms;
+
+ for (CK_ULONG i = 0; i < nrSupportedMechanisms; i ++)
+ {
+ pMechanismList[i] = supportedMechanisms[i];
+ }
+
+ return CKR_OK;
+}
+
+// Return more information about a mechanism for a given slot
+CK_RV SoftHSM::C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo)
+{
+ unsigned long rsaMinSize, rsaMaxSize;
+ unsigned long dsaMinSize, dsaMaxSize;
+ unsigned long dhMinSize, dhMaxSize;
+#ifdef WITH_ECC
+ unsigned long ecdsaMinSize, ecdsaMaxSize;
+ unsigned long ecdhMinSize, ecdhMaxSize;
+#endif
+
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+ if (pInfo == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ Slot* slot = slotManager->getSlot(slotID);
+ if (slot == NULL)
+ {
+ return CKR_SLOT_ID_INVALID;
+ }
+
+ AsymmetricAlgorithm* rsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::RSA);
+ if (rsa != NULL)
+ {
+ rsaMinSize = rsa->getMinKeySize();
+ rsaMaxSize = rsa->getMaxKeySize();
+ }
+ else
+ {
+ return CKR_GENERAL_ERROR;
+ }
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(rsa);
+
+ AsymmetricAlgorithm* dsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DSA);
+ if (dsa != NULL)
+ {
+ dsaMinSize = dsa->getMinKeySize();
+ // Limitation in PKCS#11
+ if (dsaMinSize < 512)
+ {
+ dsaMinSize = 512;
+ }
+
+ dsaMaxSize = dsa->getMaxKeySize();
+ // Limitation in PKCS#11
+ if (dsaMaxSize > 1024)
+ {
+ dsaMaxSize = 1024;
+ }
+ }
+ else
+ {
+ return CKR_GENERAL_ERROR;
+ }
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dsa);
+
+ AsymmetricAlgorithm* dh = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DH);
+ if (dh != NULL)
+ {
+ dhMinSize = dh->getMinKeySize();
+ dhMaxSize = dh->getMaxKeySize();
+ }
+ else
+ {
+ return CKR_GENERAL_ERROR;
+ }
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
+
+#ifdef WITH_ECC
+ AsymmetricAlgorithm* ecdsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::ECDSA);
+ if (ecdsa != NULL)
+ {
+ ecdsaMinSize = ecdsa->getMinKeySize();
+ ecdsaMaxSize = ecdsa->getMaxKeySize();
+ }
+ else
+ {
+ return CKR_GENERAL_ERROR;
+ }
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(ecdsa);
+
+ AsymmetricAlgorithm* ecdh = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::ECDH);
+ if (ecdh != NULL)
+ {
+ ecdhMinSize = ecdh->getMinKeySize();
+ ecdhMaxSize = ecdh->getMaxKeySize();
+ }
+ else
+ {
+ return CKR_GENERAL_ERROR;
+ }
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(ecdh);
+#endif
+
+ switch (type)
+ {
+#ifndef WITH_FIPS
+ case CKM_MD5:
+#endif
+ case CKM_SHA_1:
+ case CKM_SHA224:
+ case CKM_SHA256:
+ case CKM_SHA384:
+ case CKM_SHA512:
+ // Key size is not in use
+ pInfo->ulMinKeySize = 0;
+ pInfo->ulMaxKeySize = 0;
+ pInfo->flags = CKF_DIGEST;
+ break;
+#ifndef WITH_FIPS
+ case CKM_MD5_HMAC:
+ pInfo->ulMinKeySize = 16;
+ pInfo->ulMaxKeySize = 512;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY;
+ break;
+#endif
+ case CKM_SHA_1_HMAC:
+ pInfo->ulMinKeySize = 20;
+ pInfo->ulMaxKeySize = 512;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY;
+ break;
+ case CKM_SHA224_HMAC:
+ pInfo->ulMinKeySize = 28;
+ pInfo->ulMaxKeySize = 512;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY;
+ break;
+ case CKM_SHA256_HMAC:
+ pInfo->ulMinKeySize = 32;
+ pInfo->ulMaxKeySize = 512;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY;
+ break;
+ case CKM_SHA384_HMAC:
+ pInfo->ulMinKeySize = 48;
+ pInfo->ulMaxKeySize = 512;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY;
+ break;
+ case CKM_SHA512_HMAC:
+ pInfo->ulMinKeySize = 64;
+ pInfo->ulMaxKeySize = 512;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY;
+ break;
+ case CKM_RSA_PKCS_KEY_PAIR_GEN:
+ pInfo->ulMinKeySize = rsaMinSize;
+ pInfo->ulMaxKeySize = rsaMaxSize;
+ pInfo->flags = CKF_GENERATE_KEY_PAIR;
+ break;
+ case CKM_RSA_PKCS:
+ pInfo->ulMinKeySize = rsaMinSize;
+ pInfo->ulMaxKeySize = rsaMaxSize;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY | CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP;
+ break;
+ case CKM_RSA_X_509:
+ pInfo->ulMinKeySize = rsaMinSize;
+ pInfo->ulMaxKeySize = rsaMaxSize;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY | CKF_ENCRYPT | CKF_DECRYPT;
+ break;
+#ifndef WITH_FIPS
+ case CKM_MD5_RSA_PKCS:
+#endif
+ case CKM_SHA1_RSA_PKCS:
+ case CKM_SHA224_RSA_PKCS:
+ case CKM_SHA256_RSA_PKCS:
+ case CKM_SHA384_RSA_PKCS:
+ case CKM_SHA512_RSA_PKCS:
+#ifdef WITH_RAW_PSS
+ case CKM_RSA_PKCS_PSS:
+#endif
+ case CKM_SHA1_RSA_PKCS_PSS:
+ case CKM_SHA224_RSA_PKCS_PSS:
+ case CKM_SHA256_RSA_PKCS_PSS:
+ case CKM_SHA384_RSA_PKCS_PSS:
+ case CKM_SHA512_RSA_PKCS_PSS:
+ pInfo->ulMinKeySize = rsaMinSize;
+ pInfo->ulMaxKeySize = rsaMaxSize;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY;
+ break;
+ case CKM_RSA_PKCS_OAEP:
+ pInfo->ulMinKeySize = rsaMinSize;
+ pInfo->ulMaxKeySize = rsaMaxSize;
+ pInfo->flags = CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP;
+ break;
+#ifndef WITH_FIPS
+ case CKM_DES_KEY_GEN:
+#endif
+ case CKM_DES2_KEY_GEN:
+ case CKM_DES3_KEY_GEN:
+ // Key size is not in use
+ pInfo->ulMinKeySize = 0;
+ pInfo->ulMaxKeySize = 0;
+ pInfo->flags = CKF_GENERATE;
+ break;
+#ifndef WITH_FIPS
+ case CKM_DES_ECB:
+ case CKM_DES_CBC:
+ case CKM_DES_CBC_PAD:
+#endif
+ case CKM_DES3_ECB:
+ case CKM_DES3_CBC:
+ case CKM_DES3_CBC_PAD:
+ // Key size is not in use
+ pInfo->ulMinKeySize = 0;
+ pInfo->ulMaxKeySize = 0;
+ pInfo->flags = CKF_ENCRYPT | CKF_DECRYPT;
+ break;
+ case CKM_DES3_CMAC:
+ // Key size is not in use
+ pInfo->ulMinKeySize = 0;
+ pInfo->ulMaxKeySize = 0;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY;
+ break;
+ case CKM_AES_KEY_GEN:
+ pInfo->ulMinKeySize = 16;
+ pInfo->ulMaxKeySize = 32;
+ pInfo->flags = CKF_GENERATE;
+ break;
+ case CKM_AES_ECB:
+ case CKM_AES_CBC:
+ case CKM_AES_CBC_PAD:
+ case CKM_AES_CTR:
+#ifdef WITH_AES_GCM
+ case CKM_AES_GCM:
+#endif
+ pInfo->ulMinKeySize = 16;
+ pInfo->ulMaxKeySize = 32;
+ pInfo->flags = CKF_ENCRYPT | CKF_DECRYPT;
+ break;
+ case CKM_AES_KEY_WRAP:
+ pInfo->ulMinKeySize = 16;
+ pInfo->ulMaxKeySize = 0x80000000;
+ pInfo->flags = CKF_WRAP | CKF_UNWRAP;
+ break;
+#ifdef HAVE_AES_KEY_WRAP_PAD
+ case CKM_AES_KEY_WRAP_PAD:
+ pInfo->ulMinKeySize = 1;
+ pInfo->ulMaxKeySize = 0x80000000;
+ pInfo->flags = CKF_WRAP | CKF_UNWRAP;
+ break;
+#endif
+#ifndef WITH_FIPS
+ case CKM_DES_ECB_ENCRYPT_DATA:
+ case CKM_DES_CBC_ENCRYPT_DATA:
+#endif
+ case CKM_DES3_ECB_ENCRYPT_DATA:
+ case CKM_DES3_CBC_ENCRYPT_DATA:
+ case CKM_AES_ECB_ENCRYPT_DATA:
+ case CKM_AES_CBC_ENCRYPT_DATA:
+ // Key size is not in use
+ pInfo->ulMinKeySize = 0;
+ pInfo->ulMaxKeySize = 0;
+ pInfo->flags = CKF_DERIVE;
+ break;
+ case CKM_AES_CMAC:
+ pInfo->ulMinKeySize = 16;
+ pInfo->ulMaxKeySize = 32;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY;
+ break;
+ case CKM_DSA_PARAMETER_GEN:
+ pInfo->ulMinKeySize = dsaMinSize;
+ pInfo->ulMaxKeySize = dsaMaxSize;
+ pInfo->flags = CKF_GENERATE;
+ break;
+ case CKM_DSA_KEY_PAIR_GEN:
+ pInfo->ulMinKeySize = dsaMinSize;
+ pInfo->ulMaxKeySize = dsaMaxSize;
+ pInfo->flags = CKF_GENERATE_KEY_PAIR;
+ break;
+ case CKM_DSA:
+ case CKM_DSA_SHA1:
+ case CKM_DSA_SHA224:
+ case CKM_DSA_SHA256:
+ case CKM_DSA_SHA384:
+ case CKM_DSA_SHA512:
+ pInfo->ulMinKeySize = dsaMinSize;
+ pInfo->ulMaxKeySize = dsaMaxSize;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY;
+ break;
+ case CKM_DH_PKCS_KEY_PAIR_GEN:
+ pInfo->ulMinKeySize = dhMinSize;
+ pInfo->ulMaxKeySize = dhMaxSize;
+ pInfo->flags = CKF_GENERATE_KEY_PAIR;
+ break;
+ case CKM_DH_PKCS_PARAMETER_GEN:
+ pInfo->ulMinKeySize = dhMinSize;
+ pInfo->ulMaxKeySize = dhMaxSize;
+ pInfo->flags = CKF_GENERATE;
+ break;
+ case CKM_DH_PKCS_DERIVE:
+ pInfo->ulMinKeySize = dhMinSize;
+ pInfo->ulMaxKeySize = dhMaxSize;
+ pInfo->flags = CKF_DERIVE;
+ break;
+#ifdef WITH_ECC
+ case CKM_EC_KEY_PAIR_GEN:
+ pInfo->ulMinKeySize = ecdsaMinSize;
+ pInfo->ulMaxKeySize = ecdsaMaxSize;
+#define CKF_EC_COMMOM (CKF_EC_F_P | CKF_EC_NAMEDCURVE | CKF_EC_UNCOMPRESS)
+ pInfo->flags = CKF_GENERATE_KEY_PAIR | CKF_EC_COMMOM;
+ break;
+ case CKM_ECDSA:
+ pInfo->ulMinKeySize = ecdsaMinSize;
+ pInfo->ulMaxKeySize = ecdsaMaxSize;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY | CKF_EC_COMMOM;
+ break;
+ case CKM_ECDH1_DERIVE:
+ pInfo->ulMinKeySize = ecdhMinSize;
+ pInfo->ulMaxKeySize = ecdhMaxSize;
+ pInfo->flags = CKF_DERIVE;
+ break;
+#endif
+#ifdef WITH_GOST
+ case CKM_GOSTR3411:
+ // Key size is not in use
+ pInfo->ulMinKeySize = 0;
+ pInfo->ulMaxKeySize = 0;
+ pInfo->flags = CKF_DIGEST;
+ break;
+ case CKM_GOSTR3411_HMAC:
+ // Key size is not in use
+ pInfo->ulMinKeySize = 32;
+ pInfo->ulMaxKeySize = 512;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY;
+ break;
+ case CKM_GOSTR3410_KEY_PAIR_GEN:
+ // Key size is not in use
+ pInfo->ulMinKeySize = 0;
+ pInfo->ulMaxKeySize = 0;
+ pInfo->flags = CKF_GENERATE_KEY_PAIR;
+ break;
+ case CKM_GOSTR3410:
+ // Key size is not in use
+ pInfo->ulMinKeySize = 0;
+ pInfo->ulMaxKeySize = 0;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY;
+ break;
+ case CKM_GOSTR3410_WITH_GOSTR3411:
+ // Key size is not in use
+ pInfo->ulMinKeySize = 0;
+ pInfo->ulMaxKeySize = 0;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY;
+ break;
+#endif
+ default:
+ DEBUG_MSG("The selected mechanism is not supported");
+ return CKR_MECHANISM_INVALID;
+ break;
+ }
+
+ return CKR_OK;
+}
+
+// Initialise the token in the specified slot
+CK_RV SoftHSM::C_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ Slot* slot = slotManager->getSlot(slotID);
+ if (slot == NULL)
+ {
+ return CKR_SLOT_ID_INVALID;
+ }
+
+ // Check if any session is open with this token.
+ if (sessionManager->haveSession(slotID))
+ {
+ return CKR_SESSION_EXISTS;
+ }
+
+ // Check the PIN
+ if (pPin == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (ulPinLen < MIN_PIN_LEN || ulPinLen > MAX_PIN_LEN) return CKR_PIN_INCORRECT;
+
+ ByteString soPIN(pPin, ulPinLen);
+
+ return slot->initToken(soPIN, pLabel);
+}
+
+// Initialise the user PIN
+CK_RV SoftHSM::C_InitPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // The SO must be logged in
+ if (session->getState() != CKS_RW_SO_FUNCTIONS) return CKR_USER_NOT_LOGGED_IN;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ // Check the PIN
+ if (pPin == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (ulPinLen < MIN_PIN_LEN || ulPinLen > MAX_PIN_LEN) return CKR_PIN_LEN_RANGE;
+
+ ByteString userPIN(pPin, ulPinLen);
+
+ return token->initUserPIN(userPIN);
+}
+
+// Change the PIN
+CK_RV SoftHSM::C_SetPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewLen)
+{
+ CK_RV rv = CKR_OK;
+
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check the new PINs
+ if (pOldPin == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (pNewPin == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (ulNewLen < MIN_PIN_LEN || ulNewLen > MAX_PIN_LEN) return CKR_PIN_LEN_RANGE;
+
+ ByteString oldPIN(pOldPin, ulOldLen);
+ ByteString newPIN(pNewPin, ulNewLen);
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ switch (session->getState())
+ {
+ case CKS_RW_PUBLIC_SESSION:
+ case CKS_RW_USER_FUNCTIONS:
+ rv = token->setUserPIN(oldPIN, newPIN);
+ break;
+ case CKS_RW_SO_FUNCTIONS:
+ rv = token->setSOPIN(oldPIN, newPIN);
+ break;
+ default:
+ return CKR_SESSION_READ_ONLY;
+ }
+
+ return rv;
+}
+
+// Open a new session to the specified slot
+CK_RV SoftHSM::C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY notify, CK_SESSION_HANDLE_PTR phSession)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ Slot* slot = slotManager->getSlot(slotID);
+
+ CK_RV rv = sessionManager->openSession(slot, flags, pApplication, notify, phSession);
+ if (rv != CKR_OK)
+ return rv;
+
+ // Get a pointer to the session object and store it in the handle manager.
+ Session* session = sessionManager->getSession(*phSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+ *phSession = handleManager->addSession(slotID,session);
+
+ return CKR_OK;
+}
+
+// Close the given session
+CK_RV SoftHSM::C_CloseSession(CK_SESSION_HANDLE hSession)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Tell the handle manager the session has been closed.
+ handleManager->sessionClosed(hSession);
+
+
+ // Tell the session object store that the session has closed.
+ sessionObjectStore->sessionClosed(hSession);
+
+ // Tell the session manager the session has been closed.
+ return sessionManager->closeSession(session->getHandle());
+}
+
+// Close all open sessions
+CK_RV SoftHSM::C_CloseAllSessions(CK_SLOT_ID slotID)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the slot
+ Slot* slot = slotManager->getSlot(slotID);
+ if (slot == NULL) return CKR_SLOT_ID_INVALID;
+
+ // Get the token
+ Token* token = slot->getToken();
+ if (token == NULL) return CKR_TOKEN_NOT_PRESENT;
+
+ // Tell the handle manager all sessions were closed for the given slotID.
+ // The handle manager should then remove all session and object handles for this slot.
+ handleManager->allSessionsClosed(slotID);
+
+ // Tell the session object store that all sessions were closed for the given slotID.
+ // The session object store should then remove all session objects for this slot.
+ sessionObjectStore->allSessionsClosed(slotID);
+
+ // Finally tell the session manager tho close all sessions for the given slot.
+ // This will also trigger a logout on the associated token to occur.
+ return sessionManager->closeAllSessions(slot);
+}
+
+// Retrieve information about the specified session
+CK_RV SoftHSM::C_GetSessionInfo(CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ return session->getInfo(pInfo);
+}
+
+// Determine the state of a running operation in a session
+CK_RV SoftHSM::C_GetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR /*pOperationState*/, CK_ULONG_PTR /*pulOperationStateLen*/)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+// Set the operation sate in a session
+CK_RV SoftHSM::C_SetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR /*pOperationState*/, CK_ULONG /*ulOperationStateLen*/, CK_OBJECT_HANDLE /*hEncryptionKey*/, CK_OBJECT_HANDLE /*hAuthenticationKey*/)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+// Login on the token in the specified session
+CK_RV SoftHSM::C_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
+{
+ CK_RV rv = CKR_OK;
+
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the PIN
+ if (pPin == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ ByteString pin(pPin, ulPinLen);
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ switch (userType)
+ {
+ case CKU_SO:
+ // There cannot exist a R/O session on this slot
+ if (sessionManager->haveROSession(session->getSlot()->getSlotID())) return CKR_SESSION_READ_ONLY_EXISTS;
+
+ // Login
+ rv = token->loginSO(pin);
+ break;
+ case CKU_USER:
+ // Login
+ rv = token->loginUser(pin);
+ break;
+ case CKU_CONTEXT_SPECIFIC:
+ // Check if re-authentication is required
+ if (!session->getReAuthentication()) return CKR_OPERATION_NOT_INITIALIZED;
+
+ // Re-authenticate
+ rv = token->reAuthenticate(pin);
+ if (rv == CKR_OK) session->setReAuthentication(false);
+ break;
+ default:
+ return CKR_USER_TYPE_INVALID;
+ }
+
+ return rv;
+}
+
+// Log out of the token in the specified session
+CK_RV SoftHSM::C_Logout(CK_SESSION_HANDLE hSession)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ // Logout
+ token->logout();
+
+ // [PKCS#11 v2.40, C_Logout] When logout is successful...
+ // a. Any of the application's handles to private objects become invalid.
+ // b. Even if a user is later logged back into the token those handles remain invalid.
+ // c. All private session objects from sessions belonging to the application are destroyed.
+
+ // Have the handle manager remove all handles pointing to private objects for this slot.
+ CK_SLOT_ID slotID = session->getSlot()->getSlotID();
+ handleManager->tokenLoggedOut(slotID);
+ sessionObjectStore->tokenLoggedOut(slotID);
+
+ return CKR_OK;
+}
+
+// Create a new object on the token in the specified session using the given attribute template
+CK_RV SoftHSM::C_CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject)
+{
+ return this->CreateObject(hSession,pTemplate,ulCount,phObject,OBJECT_OP_CREATE);
+}
+
+// Create a copy of the object with the specified handle
+CK_RV SoftHSM::C_CopyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phNewObject)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pTemplate == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (phNewObject == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ *phNewObject = CK_INVALID_HANDLE;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the slot
+ Slot* slot = session->getSlot();
+ if (slot == NULL_PTR) return CKR_GENERAL_ERROR;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL_PTR) return CKR_GENERAL_ERROR;
+
+ // Check the object handle.
+ OSObject *object = (OSObject *)handleManager->getObject(hObject);
+ if (object == NULL_PTR || !object->isValid()) return CKR_OBJECT_HANDLE_INVALID;
+
+ CK_BBOOL wasOnToken = object->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL wasPrivate = object->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check read user credentials
+ CK_RV rv = haveRead(session->getState(), wasOnToken, wasPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+
+ return rv;
+ }
+
+ // Check if the object is copyable
+ CK_BBOOL isCopyable = object->getBooleanValue(CKA_COPYABLE, true);
+ if (!isCopyable) return CKR_ACTION_PROHIBITED;
+
+ // Extract critical information from the template
+ CK_BBOOL isOnToken = wasOnToken;
+ CK_BBOOL isPrivate = wasPrivate;
+
+ for (CK_ULONG i = 0; i < ulCount; i++)
+ {
+ if ((pTemplate[i].type == CKA_TOKEN) && (pTemplate[i].ulValueLen == sizeof(CK_BBOOL)))
+ {
+ isOnToken = *(CK_BBOOL*)pTemplate[i].pValue;
+ continue;
+ }
+ if ((pTemplate[i].type == CKA_PRIVATE) && (pTemplate[i].ulValueLen == sizeof(CK_BBOOL)))
+ {
+ isPrivate = *(CK_BBOOL*)pTemplate[i].pValue;
+ continue;
+ }
+ }
+
+ // Check privacy does not downgrade
+ if (wasPrivate && !isPrivate) return CKR_TEMPLATE_INCONSISTENT;
+
+ // Check write user credentials
+ rv = haveWrite(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+ if (rv == CKR_SESSION_READ_ONLY)
+ INFO_MSG("Session is read-only");
+
+ return rv;
+ }
+
+ // Create the object in session or on the token
+ OSObject *newobject = NULL_PTR;
+ if (isOnToken)
+ {
+ newobject = (OSObject*) token->createObject();
+ }
+ else
+ {
+ newobject = sessionObjectStore->createObject(slot->getSlotID(), hSession, isPrivate != CK_FALSE);
+ }
+ if (newobject == NULL) return CKR_GENERAL_ERROR;
+
+ // Copy attributes from object class (CKA_CLASS=0 so the first)
+ if (!newobject->startTransaction())
+ {
+ newobject->destroyObject();
+ return CKR_FUNCTION_FAILED;
+ }
+
+ CK_ATTRIBUTE_TYPE attrType = CKA_CLASS;
+ do
+ {
+ if (!object->attributeExists(attrType))
+ {
+ rv = CKR_FUNCTION_FAILED;
+ break;
+ }
+
+ OSAttribute attr = object->getAttribute(attrType);
+
+ // Upgrade privacy has to encrypt byte strings
+ if (!wasPrivate && isPrivate &&
+ attr.isByteStringAttribute() &&
+ attr.getByteStringValue().size() != 0)
+ {
+ ByteString value;
+ if (!token->encrypt(attr.getByteStringValue(), value) ||
+ !newobject->setAttribute(attrType, value))
+ {
+ rv = CKR_FUNCTION_FAILED;
+ break;
+ }
+ }
+ else
+ {
+ if (!newobject->setAttribute(attrType, attr))
+ {
+ rv = CKR_FUNCTION_FAILED;
+ break;
+ }
+ }
+ attrType = object->nextAttributeType(attrType);
+ }
+ while (attrType != CKA_CLASS);
+
+ if (rv != CKR_OK)
+ {
+ newobject->abortTransaction();
+ }
+ else if (!newobject->commitTransaction())
+ {
+ rv = CKR_FUNCTION_FAILED;
+ }
+
+ if (rv != CKR_OK)
+ {
+ newobject->destroyObject();
+ return rv;
+ }
+
+ // Get the new P11 object
+ P11Object* newp11object = NULL;
+ rv = newP11Object(newobject,&newp11object);
+ if (rv != CKR_OK)
+ {
+ newobject->destroyObject();
+ return rv;
+ }
+
+ // Apply the template
+ rv = newp11object->saveTemplate(token, isPrivate != CK_FALSE, pTemplate, ulCount, OBJECT_OP_COPY);
+ delete newp11object;
+
+ if (rv != CKR_OK)
+ {
+ newobject->destroyObject();
+ return rv;
+ }
+
+ // Set handle
+ if (isOnToken)
+ {
+ *phNewObject = handleManager->addTokenObject(slot->getSlotID(), isPrivate != CK_FALSE, newobject);
+ }
+ else
+ {
+ *phNewObject = handleManager->addSessionObject(slot->getSlotID(), hSession, isPrivate != CK_FALSE, newobject);
+ }
+
+ return CKR_OK;
+}
+
+// Destroy the specified object
+CK_RV SoftHSM::C_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL_PTR) return CKR_GENERAL_ERROR;
+
+ // Check the object handle.
+ OSObject *object = (OSObject *)handleManager->getObject(hObject);
+ if (object == NULL_PTR || !object->isValid()) return CKR_OBJECT_HANDLE_INVALID;
+
+ CK_BBOOL isOnToken = object->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL isPrivate = object->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check user credentials
+ CK_RV rv = haveWrite(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+ if (rv == CKR_SESSION_READ_ONLY)
+ INFO_MSG("Session is read-only");
+
+ return rv;
+ }
+
+ // Check if the object is destroyable
+ CK_BBOOL isDestroyable = object->getBooleanValue(CKA_DESTROYABLE, true);
+ if (!isDestroyable) return CKR_ACTION_PROHIBITED;
+
+ // Tell the handleManager to forget about the object.
+ handleManager->destroyObject(hObject);
+
+ // Destroy the object
+ if (!object->destroyObject())
+ return CKR_FUNCTION_FAILED;
+
+ return CKR_OK;
+}
+
+// Determine the size of the specified object
+CK_RV SoftHSM::C_GetObjectSize(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pulSize == NULL) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL_PTR) return CKR_GENERAL_ERROR;
+
+ // Check the object handle.
+ OSObject *object = (OSObject *)handleManager->getObject(hObject);
+ if (object == NULL_PTR || !object->isValid()) return CKR_OBJECT_HANDLE_INVALID;
+
+ *pulSize = CK_UNAVAILABLE_INFORMATION;
+
+ return CKR_OK;
+}
+
+// Retrieve the specified attributes for the given object
+CK_RV SoftHSM::C_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pTemplate == NULL) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ // Check the object handle.
+ OSObject *object = (OSObject *)handleManager->getObject(hObject);
+ if (object == NULL_PTR || !object->isValid()) return CKR_OBJECT_HANDLE_INVALID;
+
+ CK_BBOOL isOnToken = object->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL isPrivate = object->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check read user credentials
+ CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+
+ // CKR_USER_NOT_LOGGED_IN is not a valid return code for this function,
+ // so we use CKR_GENERAL_ERROR.
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Wrap a P11Object around the OSObject so we can access the attributes in the
+ // context of the object in which it is defined.
+ P11Object* p11object = NULL;
+ rv = newP11Object(object,&p11object);
+ if (rv != CKR_OK)
+ return rv;
+
+ // Ask the P11Object to fill the template with attribute values.
+ rv = p11object->loadTemplate(token, pTemplate,ulCount);
+ delete p11object;
+ return rv;
+}
+
+// Change or set the value of the specified attributes on the specified object
+CK_RV SoftHSM::C_SetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pTemplate == NULL) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ // Check the object handle.
+ OSObject *object = (OSObject *)handleManager->getObject(hObject);
+ if (object == NULL_PTR || !object->isValid()) return CKR_OBJECT_HANDLE_INVALID;
+
+ CK_BBOOL isOnToken = object->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL isPrivate = object->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check user credentials
+ CK_RV rv = haveWrite(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+ if (rv == CKR_SESSION_READ_ONLY)
+ INFO_MSG("Session is read-only");
+
+ return rv;
+ }
+
+ // Check if the object is modifiable
+ CK_BBOOL isModifiable = object->getBooleanValue(CKA_MODIFIABLE, true);
+ if (!isModifiable) return CKR_ACTION_PROHIBITED;
+
+ // Wrap a P11Object around the OSObject so we can access the attributes in the
+ // context of the object in which it is defined.
+ P11Object* p11object = NULL;
+ rv = newP11Object(object,&p11object);
+ if (rv != CKR_OK)
+ return rv;
+
+ // Ask the P11Object to save the template with attribute values.
+ rv = p11object->saveTemplate(token, isPrivate != CK_FALSE, pTemplate,ulCount,OBJECT_OP_SET);
+ delete p11object;
+ return rv;
+}
+
+// Initialise object search in the specified session using the specified attribute template as search parameters
+CK_RV SoftHSM::C_FindObjectsInit(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the slot
+ Slot* slot = session->getSlot();
+ if (slot == NULL_PTR) return CKR_GENERAL_ERROR;
+
+ // Determine whether we have a public session or not.
+ bool isPublicSession;
+ switch (session->getState()) {
+ case CKS_RO_USER_FUNCTIONS:
+ case CKS_RW_USER_FUNCTIONS:
+ isPublicSession = false;
+ break;
+ default:
+ isPublicSession = true;
+ }
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL_PTR) return CKR_GENERAL_ERROR;
+
+ // Check if we have another operation
+ if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;
+
+ session->setOpType(SESSION_OP_FIND);
+ FindOperation *findOp = FindOperation::create();
+
+ // Check if we are out of memory
+ if (findOp == NULL_PTR) return CKR_HOST_MEMORY;
+
+ std::set<OSObject*> allObjects;
+ token->getObjects(allObjects);
+ sessionObjectStore->getObjects(slot->getSlotID(),allObjects);
+
+ std::set<CK_OBJECT_HANDLE> handles;
+ std::set<OSObject*>::iterator it;
+ for (it=allObjects.begin(); it != allObjects.end(); ++it)
+ {
+ // Refresh object and check if it is valid
+ if (!(*it)->isValid()) {
+ DEBUG_MSG("Object is not valid, skipping");
+ continue;
+ }
+
+ // Determine if the object has CKA_PRIVATE set to CK_TRUE
+ bool isPrivateObject = (*it)->getBooleanValue(CKA_PRIVATE, true);
+
+ // If the object is private, and we are in a public session then skip it !
+ if (isPublicSession && isPrivateObject)
+ continue; // skip object
+
+ // Perform the actual attribute matching.
+ bool bAttrMatch = true; // We let an empty template match everything.
+ for (CK_ULONG i=0; i<ulCount; ++i)
+ {
+ bAttrMatch = false;
+
+ if (!(*it)->attributeExists(pTemplate[i].type))
+ break;
+
+ OSAttribute attr = (*it)->getAttribute(pTemplate[i].type);
+
+ if (attr.isBooleanAttribute())
+ {
+ if (sizeof(CK_BBOOL) != pTemplate[i].ulValueLen)
+ break;
+ bool bTemplateValue = (*(CK_BBOOL*)pTemplate[i].pValue == CK_TRUE);
+ if (attr.getBooleanValue() != bTemplateValue)
+ break;
+ }
+ else
+ {
+ if (attr.isUnsignedLongAttribute())
+ {
+ if (sizeof(CK_ULONG) != pTemplate[i].ulValueLen)
+ break;
+ CK_ULONG ulTemplateValue = *(CK_ULONG_PTR)pTemplate[i].pValue;
+ if (attr.getUnsignedLongValue() != ulTemplateValue)
+ break;
+ }
+ else
+ {
+ if (attr.isByteStringAttribute())
+ {
+ ByteString bsAttrValue;
+ if (isPrivateObject && attr.getByteStringValue().size() != 0)
+ {
+ if (!token->decrypt(attr.getByteStringValue(), bsAttrValue))
+ {
+ delete findOp;
+ return CKR_GENERAL_ERROR;
+ }
+ }
+ else
+ bsAttrValue = attr.getByteStringValue();
+
+ if (bsAttrValue.size() != pTemplate[i].ulValueLen)
+ break;
+ if (pTemplate[i].ulValueLen != 0)
+ {
+ ByteString bsTemplateValue((const unsigned char*)pTemplate[i].pValue, pTemplate[i].ulValueLen);
+ if (bsAttrValue != bsTemplateValue)
+ break;
+ }
+ }
+ else
+ break;
+ }
+ }
+ // The attribute matched !
+ bAttrMatch = true;
+ }
+
+ if (bAttrMatch)
+ {
+ CK_SLOT_ID slotID = slot->getSlotID();
+ bool isOnToken = (*it)->getBooleanValue(CKA_TOKEN, false);
+ bool isPrivate = (*it)->getBooleanValue(CKA_PRIVATE, true);
+ // Create an object handle for every returned object.
+ CK_OBJECT_HANDLE hObject;
+ if (isOnToken)
+ hObject = handleManager->addTokenObject(slotID,isPrivate,*it);
+ else
+ hObject = handleManager->addSessionObject(slotID,hSession,isPrivate,*it);
+ if (hObject == CK_INVALID_HANDLE)
+ {
+ delete findOp;
+ return CKR_GENERAL_ERROR;
+ }
+ handles.insert(hObject);
+ }
+ }
+
+ // Storing the object handles for the find will protect the library
+ // whenever a stale object handle is used to access the library.
+ findOp->setHandles(handles);
+
+ session->setFindOp(findOp);
+
+ return CKR_OK;
+}
+
+// Continue the search for objects in the specified session
+CK_RV SoftHSM::C_FindObjects(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount, CK_ULONG_PTR pulObjectCount)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+ if (phObject == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (pulObjectCount == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_FIND) return CKR_OPERATION_NOT_INITIALIZED;
+
+ // return the object handles that have been added to the find operation.
+ FindOperation *findOp = session->getFindOp();
+ if (findOp == NULL) return CKR_GENERAL_ERROR;
+
+ // Ask the find operation to retrieve the object handles
+ *pulObjectCount = findOp->retrieveHandles(phObject,ulMaxObjectCount);
+
+ // Erase the object handles from the find operation.
+ findOp->eraseHandles(0,*pulObjectCount);
+
+ return CKR_OK;
+}
+
+// Finish searching for objects
+CK_RV SoftHSM::C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_FIND) return CKR_OPERATION_NOT_INITIALIZED;
+
+ session->resetOp();
+ return CKR_OK;
+}
+
+// Encrypt*/Decrypt*() is for Symmetrical ciphers too
+static bool isSymMechanism(CK_MECHANISM_PTR pMechanism)
+{
+ if (pMechanism == NULL_PTR) return false;
+
+ switch(pMechanism->mechanism) {
+ case CKM_DES_ECB:
+ case CKM_DES_CBC:
+ case CKM_DES_CBC_PAD:
+ case CKM_DES3_ECB:
+ case CKM_DES3_CBC:
+ case CKM_DES3_CBC_PAD:
+ case CKM_AES_ECB:
+ case CKM_AES_CBC:
+ case CKM_AES_CBC_PAD:
+ case CKM_AES_CTR:
+ case CKM_AES_GCM:
+ return true;
+ default:
+ return false;
+ }
+}
+
+// SymAlgorithm version of C_EncryptInit
+CK_RV SoftHSM::SymEncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we have another operation
+ if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ // Check the key handle.
+ OSObject *key = (OSObject *)handleManager->getObject(hKey);
+ if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;
+
+ CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check read user credentials
+ CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+
+ return rv;
+ }
+
+ // Check if key can be used for encryption
+ if (!key->getBooleanValue(CKA_ENCRYPT, false))
+ return CKR_KEY_FUNCTION_NOT_PERMITTED;
+
+ // Check if the specified mechanism is allowed for the key
+ if (!isMechanismPermitted(key, pMechanism))
+ return CKR_MECHANISM_INVALID;
+
+ // Get the symmetric algorithm matching the mechanism
+ SymAlgo::Type algo = SymAlgo::Unknown;
+ SymMode::Type mode = SymMode::Unknown;
+ bool padding = false;
+ ByteString iv;
+ size_t bb = 8;
+ size_t counterBits = 0;
+ ByteString aad;
+ size_t tagBytes = 0;
+ switch(pMechanism->mechanism) {
+#ifndef WITH_FIPS
+ case CKM_DES_ECB:
+ algo = SymAlgo::DES;
+ mode = SymMode::ECB;
+ bb = 7;
+ break;
+ case CKM_DES_CBC:
+ algo = SymAlgo::DES;
+ mode = SymMode::CBC;
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen == 0)
+ {
+ DEBUG_MSG("CBC mode requires an init vector");
+ return CKR_ARGUMENTS_BAD;
+ }
+ iv.resize(pMechanism->ulParameterLen);
+ memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
+ bb = 7;
+ break;
+ case CKM_DES_CBC_PAD:
+ algo = SymAlgo::DES;
+ mode = SymMode::CBC;
+ padding = true;
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen == 0)
+ {
+ DEBUG_MSG("CBC mode requires an init vector");
+ return CKR_ARGUMENTS_BAD;
+ }
+ iv.resize(pMechanism->ulParameterLen);
+ memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
+ bb = 7;
+ break;
+#endif
+ case CKM_DES3_ECB:
+ algo = SymAlgo::DES3;
+ mode = SymMode::ECB;
+ bb = 7;
+ break;
+ case CKM_DES3_CBC:
+ algo = SymAlgo::DES3;
+ mode = SymMode::CBC;
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen == 0)
+ {
+ DEBUG_MSG("CBC mode requires an init vector");
+ return CKR_ARGUMENTS_BAD;
+ }
+ iv.resize(pMechanism->ulParameterLen);
+ memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
+ bb = 7;
+ break;
+ case CKM_DES3_CBC_PAD:
+ algo = SymAlgo::DES3;
+ mode = SymMode::CBC;
+ padding = true;
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen == 0)
+ {
+ DEBUG_MSG("CBC mode requires an init vector");
+ return CKR_ARGUMENTS_BAD;
+ }
+ iv.resize(pMechanism->ulParameterLen);
+ memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
+ bb = 7;
+ break;
+ case CKM_AES_ECB:
+ algo = SymAlgo::AES;
+ mode = SymMode::ECB;
+ break;
+ case CKM_AES_CBC:
+ algo = SymAlgo::AES;
+ mode = SymMode::CBC;
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen == 0)
+ {
+ DEBUG_MSG("CBC mode requires an init vector");
+ return CKR_ARGUMENTS_BAD;
+ }
+ iv.resize(pMechanism->ulParameterLen);
+ memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
+ break;
+ case CKM_AES_CBC_PAD:
+ algo = SymAlgo::AES;
+ mode = SymMode::CBC;
+ padding = true;
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen == 0)
+ {
+ DEBUG_MSG("CBC mode requires an init vector");
+ return CKR_ARGUMENTS_BAD;
+ }
+ iv.resize(pMechanism->ulParameterLen);
+ memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
+ break;
+ case CKM_AES_CTR:
+ algo = SymAlgo::AES;
+ mode = SymMode::CTR;
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_AES_CTR_PARAMS))
+ {
+ DEBUG_MSG("CTR mode requires a counter block");
+ return CKR_ARGUMENTS_BAD;
+ }
+ counterBits = CK_AES_CTR_PARAMS_PTR(pMechanism->pParameter)->ulCounterBits;
+ if (counterBits == 0 || counterBits > 128)
+ {
+ DEBUG_MSG("Invalid ulCounterBits");
+ return CKR_MECHANISM_PARAM_INVALID;
+ }
+ iv.resize(16);
+ memcpy(&iv[0], CK_AES_CTR_PARAMS_PTR(pMechanism->pParameter)->cb, 16);
+ break;
+#ifdef WITH_AES_GCM
+ case CKM_AES_GCM:
+ algo = SymAlgo::AES;
+ mode = SymMode::GCM;
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_GCM_PARAMS))
+ {
+ DEBUG_MSG("GCM mode requires parameters");
+ return CKR_ARGUMENTS_BAD;
+ }
+ iv.resize(CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulIvLen);
+ memcpy(&iv[0], CK_GCM_PARAMS_PTR(pMechanism->pParameter)->pIv, CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulIvLen);
+ aad.resize(CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
+ memcpy(&aad[0], CK_GCM_PARAMS_PTR(pMechanism->pParameter)->pAAD, CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
+ tagBytes = CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulTagBits;
+ if (tagBytes > 128 || tagBytes % 8 != 0)
+ {
+ DEBUG_MSG("Invalid ulTagBits value");
+ return CKR_ARGUMENTS_BAD;
+ }
+ tagBytes = tagBytes / 8;
+ break;
+#endif
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+ SymmetricAlgorithm* cipher = CryptoFactory::i()->getSymmetricAlgorithm(algo);
+ if (cipher == NULL) return CKR_MECHANISM_INVALID;
+
+ SymmetricKey* secretkey = new SymmetricKey();
+
+ if (getSymmetricKey(secretkey, token, key) != CKR_OK)
+ {
+ cipher->recycleKey(secretkey);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+ return CKR_GENERAL_ERROR;
+ }
+
+ // adjust key bit length
+ secretkey->setBitLen(secretkey->getKeyBits().size() * bb);
+
+ // Initialize encryption
+ if (!cipher->encryptInit(secretkey, mode, iv, padding, counterBits, aad, tagBytes))
+ {
+ cipher->recycleKey(secretkey);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+ return CKR_MECHANISM_INVALID;
+ }
+
+ session->setOpType(SESSION_OP_ENCRYPT);
+ session->setSymmetricCryptoOp(cipher);
+ session->setAllowMultiPartOp(true);
+ session->setAllowSinglePartOp(true);
+ session->setSymmetricKey(secretkey);
+
+ return CKR_OK;
+}
+
+// AsymAlgorithm version of C_EncryptInit
+CK_RV SoftHSM::AsymEncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we have another operation
+ if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ // Check the key handle.
+ OSObject *key = (OSObject *)handleManager->getObject(hKey);
+ if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;
+
+ CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check read user credentials
+ CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+
+ return rv;
+ }
+
+ // Check if key can be used for encryption
+ if (!key->getBooleanValue(CKA_ENCRYPT, false))
+ return CKR_KEY_FUNCTION_NOT_PERMITTED;
+
+ // Get the asymmetric algorithm matching the mechanism
+ AsymMech::Type mechanism;
+ bool isRSA = false;
+ switch(pMechanism->mechanism) {
+ case CKM_RSA_PKCS:
+ mechanism = AsymMech::RSA_PKCS;
+ isRSA = true;
+ break;
+ case CKM_RSA_X_509:
+ mechanism = AsymMech::RSA;
+ isRSA = true;
+ break;
+ case CKM_RSA_PKCS_OAEP:
+ rv = MechParamCheckRSAPKCSOAEP(pMechanism);
+ if (rv != CKR_OK)
+ return rv;
+
+ mechanism = AsymMech::RSA_PKCS_OAEP;
+ isRSA = true;
+ break;
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+
+ AsymmetricAlgorithm* asymCrypto = NULL;
+ PublicKey* publicKey = NULL;
+ if (isRSA)
+ {
+ asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::RSA);
+ if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;
+
+ publicKey = asymCrypto->newPublicKey();
+ if (publicKey == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_HOST_MEMORY;
+ }
+
+ if (getRSAPublicKey((RSAPublicKey*)publicKey, token, key) != CKR_OK)
+ {
+ asymCrypto->recyclePublicKey(publicKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_GENERAL_ERROR;
+ }
+ }
+ else
+ {
+ return CKR_MECHANISM_INVALID;
+ }
+
+ session->setOpType(SESSION_OP_ENCRYPT);
+ session->setAsymmetricCryptoOp(asymCrypto);
+ session->setMechanism(mechanism);
+ session->setAllowMultiPartOp(false);
+ session->setAllowSinglePartOp(true);
+ session->setPublicKey(publicKey);
+
+ return CKR_OK;
+}
+
+// Initialise encryption using the specified object and mechanism
+CK_RV SoftHSM::C_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+ if (isSymMechanism(pMechanism))
+ return SymEncryptInit(hSession, pMechanism, hKey);
+ else
+ return AsymEncryptInit(hSession, pMechanism, hKey);
+}
+
+// SymAlgorithm version of C_Encrypt
+static CK_RV SymEncrypt(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
+{
+ SymmetricAlgorithm* cipher = session->getSymmetricCryptoOp();
+ if (cipher == NULL || !session->getAllowSinglePartOp())
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Check data size
+ CK_ULONG maxSize = ulDataLen + cipher->getTagBytes();
+ if (cipher->isBlockCipher())
+ {
+ CK_ULONG remainder = ulDataLen % cipher->getBlockSize();
+ if (cipher->getPaddingMode() == false && remainder != 0)
+ {
+ session->resetOp();
+ return CKR_DATA_LEN_RANGE;
+ }
+
+ // Round up to block size
+ if (remainder != 0)
+ {
+ maxSize = ulDataLen + cipher->getBlockSize() - remainder;
+ }
+ else if (cipher->getPaddingMode() == true)
+ {
+ maxSize = ulDataLen + cipher->getBlockSize();
+ }
+ }
+ if (!cipher->checkMaximumBytes(ulDataLen))
+ {
+ session->resetOp();
+ return CKR_DATA_LEN_RANGE;
+ }
+
+ if (pEncryptedData == NULL_PTR)
+ {
+ *pulEncryptedDataLen = maxSize;
+ return CKR_OK;
+ }
+
+ // Check buffer size
+ if (*pulEncryptedDataLen < maxSize)
+ {
+ *pulEncryptedDataLen = maxSize;
+ return CKR_BUFFER_TOO_SMALL;
+ }
+
+ // Get the data
+ ByteString data(pData, ulDataLen);
+ ByteString encryptedData;
+
+ // Encrypt the data
+ if (!cipher->encryptUpdate(data, encryptedData))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Finalize encryption
+ ByteString encryptedFinal;
+ if (!cipher->encryptFinal(encryptedFinal))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+ encryptedData += encryptedFinal;
+ encryptedData.resize(maxSize);
+
+ memcpy(pEncryptedData, encryptedData.byte_str(), encryptedData.size());
+ *pulEncryptedDataLen = encryptedData.size();
+
+ session->resetOp();
+ return CKR_OK;
+}
+
+// AsymAlgorithm version of C_Encrypt
+static CK_RV AsymEncrypt(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
+{
+ AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
+ AsymMech::Type mechanism = session->getMechanism();
+ PublicKey* publicKey = session->getPublicKey();
+ if (asymCrypto == NULL || !session->getAllowSinglePartOp() || publicKey == NULL)
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Size of the encrypted data
+ CK_ULONG size = publicKey->getOutputLength();
+
+ if (pEncryptedData == NULL_PTR)
+ {
+ *pulEncryptedDataLen = size;
+ return CKR_OK;
+ }
+
+ // Check buffer size
+ if (*pulEncryptedDataLen < size)
+ {
+ *pulEncryptedDataLen = size;
+ return CKR_BUFFER_TOO_SMALL;
+ }
+
+ // Get the data
+ ByteString data;
+ ByteString encryptedData;
+
+ // We must allow input length <= k and therfore need to prepend the data with zeroes.
+ if (mechanism == AsymMech::RSA) {
+ data.wipe(size-ulDataLen);
+ }
+
+ data += ByteString(pData, ulDataLen);
+
+ // Encrypt the data
+ if (!asymCrypto->encrypt(publicKey,data,encryptedData,mechanism))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Check size
+ if (encryptedData.size() != size)
+ {
+ ERROR_MSG("The size of the encrypted data differs from the size of the mechanism");
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+ memcpy(pEncryptedData, encryptedData.byte_str(), size);
+ *pulEncryptedDataLen = size;
+
+ session->resetOp();
+ return CKR_OK;
+}
+
+// Perform a single operation encryption operation in the specified session
+CK_RV SoftHSM::C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pData == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (pulEncryptedDataLen == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_ENCRYPT)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if (session->getSymmetricCryptoOp() != NULL)
+ return SymEncrypt(session, pData, ulDataLen,
+ pEncryptedData, pulEncryptedDataLen);
+ else
+ return AsymEncrypt(session, pData, ulDataLen,
+ pEncryptedData, pulEncryptedDataLen);
+}
+
+// SymAlgorithm version of C_EncryptUpdate
+static CK_RV SymEncryptUpdate(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
+{
+ SymmetricAlgorithm* cipher = session->getSymmetricCryptoOp();
+ if (cipher == NULL || !session->getAllowMultiPartOp())
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Check data size
+ size_t blockSize = cipher->getBlockSize();
+ size_t remainingSize = cipher->getBufferSize();
+ CK_ULONG maxSize = ulDataLen + remainingSize;
+ if (cipher->isBlockCipher())
+ {
+ int nrOfBlocks = (ulDataLen + remainingSize) / blockSize;
+ maxSize = nrOfBlocks * blockSize;
+ }
+ if (!cipher->checkMaximumBytes(ulDataLen))
+ {
+ session->resetOp();
+ return CKR_DATA_LEN_RANGE;
+ }
+
+ // Check data size
+ if (pEncryptedData == NULL_PTR)
+ {
+ *pulEncryptedDataLen = maxSize;
+ return CKR_OK;
+ }
+
+ // Check output buffer size
+ if (*pulEncryptedDataLen < maxSize)
+ {
+ DEBUG_MSG("ulDataLen: %#5x output buffer size: %#5x blockSize: %#3x remainingSize: %#4x maxSize: %#5x",
+ ulDataLen, *pulEncryptedDataLen, blockSize, remainingSize, maxSize);
+ *pulEncryptedDataLen = maxSize;
+ return CKR_BUFFER_TOO_SMALL;
+ }
+
+ // Get the data
+ ByteString data(pData, ulDataLen);
+ ByteString encryptedData;
+
+ // Encrypt the data
+ if (!cipher->encryptUpdate(data, encryptedData))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+ DEBUG_MSG("ulDataLen: %#5x output buffer size: %#5x blockSize: %#3x remainingSize: %#4x maxSize: %#5x encryptedData.size(): %#5x",
+ ulDataLen, *pulEncryptedDataLen, blockSize, remainingSize, maxSize, encryptedData.size());
+
+ // Check output size from crypto. Unrecoverable error if to large.
+ if (*pulEncryptedDataLen < encryptedData.size())
+ {
+ session->resetOp();
+ ERROR_MSG("EncryptUpdate returning too much data. Length of output data buffer is %i but %i bytes was returned by the encrypt.",
+ *pulEncryptedDataLen, encryptedData.size());
+ return CKR_GENERAL_ERROR;
+ }
+
+ if (encryptedData.size() > 0)
+ {
+ memcpy(pEncryptedData, encryptedData.byte_str(), encryptedData.size());
+ }
+ *pulEncryptedDataLen = encryptedData.size();
+
+ return CKR_OK;
+}
+
+// Feed data to the running encryption operation in a session
+CK_RV SoftHSM::C_EncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pData == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (pulEncryptedDataLen == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_ENCRYPT)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if (session->getSymmetricCryptoOp() != NULL)
+ return SymEncryptUpdate(session, pData, ulDataLen,
+ pEncryptedData, pulEncryptedDataLen);
+ else
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+// SymAlgorithm version of C_EncryptFinal
+static CK_RV SymEncryptFinal(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
+{
+ SymmetricAlgorithm* cipher = session->getSymmetricCryptoOp();
+ if (cipher == NULL || !session->getAllowMultiPartOp())
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Check data size
+ size_t remainingSize = cipher->getBufferSize() + cipher->getTagBytes();
+ CK_ULONG size = remainingSize;
+ if (cipher->isBlockCipher())
+ {
+ size_t blockSize = cipher->getBlockSize();
+ bool isPadding = cipher->getPaddingMode();
+ if ((remainingSize % blockSize) != 0 && !isPadding)
+ {
+ session->resetOp();
+ DEBUG_MSG("Remaining buffer size is not an integral of the block size. Block size: %#2x Remaining size: %#2x",
+ blockSize, remainingSize);
+ return CKR_DATA_LEN_RANGE;
+ }
+ // when padding: an integral of the block size that is longer than the remaining data.
+ size = isPadding ? ((remainingSize + blockSize) / blockSize) * blockSize : remainingSize;
+ }
+
+ // Give required output buffer size.
+ if (pEncryptedData == NULL_PTR)
+ {
+ *pulEncryptedDataLen = size;
+ return CKR_OK;
+ }
+
+ // Check output buffer size
+ if (*pulEncryptedDataLen < size)
+ {
+ DEBUG_MSG("output buffer size: %#5x size: %#5x",
+ *pulEncryptedDataLen, size);
+ *pulEncryptedDataLen = size;
+ return CKR_BUFFER_TOO_SMALL;
+ }
+
+ // Finalize encryption
+ ByteString encryptedFinal;
+ if (!cipher->encryptFinal(encryptedFinal))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+ DEBUG_MSG("output buffer size: %#2x size: %#2x encryptedFinal.size(): %#2x",
+ *pulEncryptedDataLen, size, encryptedFinal.size());
+
+ // Check output size from crypto. Unrecoverable error if to large.
+ if (*pulEncryptedDataLen < encryptedFinal.size())
+ {
+ session->resetOp();
+ ERROR_MSG("EncryptFinal returning too much data. Length of output data buffer is %i but %i bytes was returned by the encrypt.",
+ *pulEncryptedDataLen, encryptedFinal.size());
+ return CKR_GENERAL_ERROR;
+ }
+
+ if (encryptedFinal.size() > 0)
+ {
+ memcpy(pEncryptedData, encryptedFinal.byte_str(), encryptedFinal.size());
+ }
+ *pulEncryptedDataLen = encryptedFinal.size();
+
+ session->resetOp();
+ return CKR_OK;
+}
+
+// Finalise the encryption operation
+CK_RV SoftHSM::C_EncryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_ENCRYPT) return CKR_OPERATION_NOT_INITIALIZED;
+
+ if (session->getSymmetricCryptoOp() != NULL)
+ return SymEncryptFinal(session, pEncryptedData, pulEncryptedDataLen);
+ else
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+// SymAlgorithm version of C_DecryptInit
+CK_RV SoftHSM::SymDecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ // Check if we have another operation
+ if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;
+
+ // Check the key handle.
+ OSObject *key = (OSObject *)handleManager->getObject(hKey);
+ if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;
+
+ CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check read user credentials
+ CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+
+ return rv;
+ }
+
+ // Check if key can be used for decryption
+ if (!key->getBooleanValue(CKA_DECRYPT, false))
+ return CKR_KEY_FUNCTION_NOT_PERMITTED;
+
+
+ // Check if the specified mechanism is allowed for the key
+ if (!isMechanismPermitted(key, pMechanism))
+ return CKR_MECHANISM_INVALID;
+
+ // Get the symmetric algorithm matching the mechanism
+ SymAlgo::Type algo = SymAlgo::Unknown;
+ SymMode::Type mode = SymMode::Unknown;
+ bool padding = false;
+ ByteString iv;
+ size_t bb = 8;
+ size_t counterBits = 0;
+ ByteString aad;
+ size_t tagBytes = 0;
+ switch(pMechanism->mechanism) {
+#ifndef WITH_FIPS
+ case CKM_DES_ECB:
+ algo = SymAlgo::DES;
+ mode = SymMode::ECB;
+ bb = 7;
+ break;
+ case CKM_DES_CBC:
+ algo = SymAlgo::DES;
+ mode = SymMode::CBC;
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen == 0)
+ {
+ DEBUG_MSG("CBC mode requires an init vector");
+ return CKR_ARGUMENTS_BAD;
+ }
+ iv.resize(pMechanism->ulParameterLen);
+ memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
+ bb = 7;
+ break;
+ case CKM_DES_CBC_PAD:
+ algo = SymAlgo::DES;
+ mode = SymMode::CBC;
+ padding = true;
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen == 0)
+ {
+ DEBUG_MSG("CBC mode requires an init vector");
+ return CKR_ARGUMENTS_BAD;
+ }
+ iv.resize(pMechanism->ulParameterLen);
+ memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
+ bb = 7;
+ break;
+#endif
+ case CKM_DES3_ECB:
+ algo = SymAlgo::DES3;
+ mode = SymMode::ECB;
+ bb = 7;
+ break;
+ case CKM_DES3_CBC:
+ algo = SymAlgo::DES3;
+ mode = SymMode::CBC;
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen == 0)
+ {
+ DEBUG_MSG("CBC mode requires an init vector");
+ return CKR_ARGUMENTS_BAD;
+ }
+ iv.resize(pMechanism->ulParameterLen);
+ memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
+ bb = 7;
+ break;
+ case CKM_DES3_CBC_PAD:
+ algo = SymAlgo::DES3;
+ mode = SymMode::CBC;
+ padding = true;
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen == 0)
+ {
+ DEBUG_MSG("CBC mode requires an init vector");
+ return CKR_ARGUMENTS_BAD;
+ }
+ iv.resize(pMechanism->ulParameterLen);
+ memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
+ bb = 7;
+ break;
+ case CKM_AES_ECB:
+ algo = SymAlgo::AES;
+ mode = SymMode::ECB;
+ break;
+ case CKM_AES_CBC:
+ algo = SymAlgo::AES;
+ mode = SymMode::CBC;
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen == 0)
+ {
+ DEBUG_MSG("CBC mode requires an init vector");
+ return CKR_ARGUMENTS_BAD;
+ }
+ iv.resize(pMechanism->ulParameterLen);
+ memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
+ break;
+ case CKM_AES_CBC_PAD:
+ algo = SymAlgo::AES;
+ mode = SymMode::CBC;
+ padding = true;
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen == 0)
+ {
+ DEBUG_MSG("CBC mode requires an init vector");
+ return CKR_ARGUMENTS_BAD;
+ }
+ iv.resize(pMechanism->ulParameterLen);
+ memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
+ break;
+ case CKM_AES_CTR:
+ algo = SymAlgo::AES;
+ mode = SymMode::CTR;
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_AES_CTR_PARAMS))
+ {
+ DEBUG_MSG("CTR mode requires a counter block");
+ return CKR_ARGUMENTS_BAD;
+ }
+ counterBits = CK_AES_CTR_PARAMS_PTR(pMechanism->pParameter)->ulCounterBits;
+ if (counterBits == 0 || counterBits > 128)
+ {
+ DEBUG_MSG("Invalid ulCounterBits");
+ return CKR_MECHANISM_PARAM_INVALID;
+ }
+ iv.resize(16);
+ memcpy(&iv[0], CK_AES_CTR_PARAMS_PTR(pMechanism->pParameter)->cb, 16);
+ break;
+#ifdef WITH_AES_GCM
+ case CKM_AES_GCM:
+ algo = SymAlgo::AES;
+ mode = SymMode::GCM;
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_GCM_PARAMS))
+ {
+ DEBUG_MSG("GCM mode requires parameters");
+ return CKR_ARGUMENTS_BAD;
+ }
+ iv.resize(CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulIvLen);
+ memcpy(&iv[0], CK_GCM_PARAMS_PTR(pMechanism->pParameter)->pIv, CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulIvLen);
+ aad.resize(CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
+ memcpy(&aad[0], CK_GCM_PARAMS_PTR(pMechanism->pParameter)->pAAD, CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
+ tagBytes = CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulTagBits;
+ if (tagBytes > 128 || tagBytes % 8 != 0)
+ {
+ DEBUG_MSG("Invalid ulTagBits value");
+ return CKR_ARGUMENTS_BAD;
+ }
+ tagBytes = tagBytes / 8;
+ break;
+#endif
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+ SymmetricAlgorithm* cipher = CryptoFactory::i()->getSymmetricAlgorithm(algo);
+ if (cipher == NULL) return CKR_MECHANISM_INVALID;
+
+ SymmetricKey* secretkey = new SymmetricKey();
+
+ if (getSymmetricKey(secretkey, token, key) != CKR_OK)
+ {
+ cipher->recycleKey(secretkey);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+ return CKR_GENERAL_ERROR;
+ }
+
+ // adjust key bit length
+ secretkey->setBitLen(secretkey->getKeyBits().size() * bb);
+
+ // Initialize decryption
+ if (!cipher->decryptInit(secretkey, mode, iv, padding, counterBits, aad, tagBytes))
+ {
+ cipher->recycleKey(secretkey);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+ return CKR_MECHANISM_INVALID;
+ }
+
+ session->setOpType(SESSION_OP_DECRYPT);
+ session->setSymmetricCryptoOp(cipher);
+ session->setAllowMultiPartOp(true);
+ session->setAllowSinglePartOp(true);
+ session->setSymmetricKey(secretkey);
+
+ return CKR_OK;
+}
+
+// AsymAlgorithm version of C_DecryptInit
+CK_RV SoftHSM::AsymDecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ // Check if we have another operation
+ if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;
+
+ // Check the key handle.
+ OSObject *key = (OSObject *)handleManager->getObject(hKey);
+ if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;
+
+ CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check read user credentials
+ CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+
+ return rv;
+ }
+
+ // Check if key can be used for decryption
+ if (!key->getBooleanValue(CKA_DECRYPT, false))
+ return CKR_KEY_FUNCTION_NOT_PERMITTED;
+
+ // Check if the specified mechanism is allowed for the key
+ if (!isMechanismPermitted(key, pMechanism))
+ return CKR_MECHANISM_INVALID;
+
+ // Get the asymmetric algorithm matching the mechanism
+ AsymMech::Type mechanism = AsymMech::Unknown;
+ bool isRSA = false;
+ switch(pMechanism->mechanism) {
+ case CKM_RSA_PKCS:
+ mechanism = AsymMech::RSA_PKCS;
+ isRSA = true;
+ break;
+ case CKM_RSA_X_509:
+ mechanism = AsymMech::RSA;
+ isRSA = true;
+ break;
+ case CKM_RSA_PKCS_OAEP:
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS))
+ {
+ DEBUG_MSG("pParameter must be of type CK_RSA_PKCS_OAEP_PARAMS");
+ return CKR_ARGUMENTS_BAD;
+ }
+ if (CK_RSA_PKCS_OAEP_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA_1)
+ {
+ DEBUG_MSG("hashAlg must be CKM_SHA_1");
+ return CKR_ARGUMENTS_BAD;
+ }
+ if (CK_RSA_PKCS_OAEP_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA1)
+ {
+ DEBUG_MSG("mgf must be CKG_MGF1_SHA1");
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ mechanism = AsymMech::RSA_PKCS_OAEP;
+ isRSA = true;
+ break;
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+
+ AsymmetricAlgorithm* asymCrypto = NULL;
+ PrivateKey* privateKey = NULL;
+ if (isRSA)
+ {
+ asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::RSA);
+ if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;
+
+ privateKey = asymCrypto->newPrivateKey();
+ if (privateKey == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_HOST_MEMORY;
+ }
+
+ if (getRSAPrivateKey((RSAPrivateKey*)privateKey, token, key) != CKR_OK)
+ {
+ asymCrypto->recyclePrivateKey(privateKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_GENERAL_ERROR;
+ }
+ }
+ else
+ {
+ return CKR_MECHANISM_INVALID;
+ }
+
+ // Check if re-authentication is required
+ if (key->getBooleanValue(CKA_ALWAYS_AUTHENTICATE, false))
+ {
+ session->setReAuthentication(true);
+ }
+
+ session->setOpType(SESSION_OP_DECRYPT);
+ session->setAsymmetricCryptoOp(asymCrypto);
+ session->setMechanism(mechanism);
+ session->setAllowMultiPartOp(false);
+ session->setAllowSinglePartOp(true);
+ session->setPrivateKey(privateKey);
+
+ return CKR_OK;
+}
+
+// Initialise decryption using the specified object
+CK_RV SoftHSM::C_DecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+ if (isSymMechanism(pMechanism))
+ return SymDecryptInit(hSession, pMechanism, hKey);
+ else
+ return AsymDecryptInit(hSession, pMechanism, hKey);
+}
+
+// SymAlgorithm version of C_Decrypt
+static CK_RV SymDecrypt(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
+{
+ SymmetricAlgorithm* cipher = session->getSymmetricCryptoOp();
+ if (cipher == NULL || !session->getAllowSinglePartOp())
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Check encrypted data size
+ if (cipher->isBlockCipher() && ulEncryptedDataLen % cipher->getBlockSize() != 0)
+ {
+ session->resetOp();
+ return CKR_ENCRYPTED_DATA_LEN_RANGE;
+ }
+ if (!cipher->checkMaximumBytes(ulEncryptedDataLen))
+ {
+ session->resetOp();
+ return CKR_ENCRYPTED_DATA_LEN_RANGE;
+ }
+
+ if (pData == NULL_PTR)
+ {
+ *pulDataLen = ulEncryptedDataLen;
+ return CKR_OK;
+ }
+
+ // Check buffer size
+ if (*pulDataLen < ulEncryptedDataLen)
+ {
+ *pulDataLen = ulEncryptedDataLen;
+ return CKR_BUFFER_TOO_SMALL;
+ }
+
+ // Get the data
+ ByteString encryptedData(pEncryptedData, ulEncryptedDataLen);
+ ByteString data;
+
+ // Decrypt the data
+ if (!cipher->decryptUpdate(encryptedData,data))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Finalize decryption
+ ByteString dataFinal;
+ if (!cipher->decryptFinal(dataFinal))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+ data += dataFinal;
+ if (data.size() > ulEncryptedDataLen)
+ {
+ data.resize(ulEncryptedDataLen);
+ }
+
+ if (data.size() != 0)
+ {
+ memcpy(pData, data.byte_str(), data.size());
+ }
+ *pulDataLen = data.size();
+
+ session->resetOp();
+ return CKR_OK;
+
+}
+
+// AsymAlgorithm version of C_Decrypt
+static CK_RV AsymDecrypt(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
+{
+ AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
+ AsymMech::Type mechanism = session->getMechanism();
+ PrivateKey* privateKey = session->getPrivateKey();
+ if (asymCrypto == NULL || !session->getAllowSinglePartOp() || privateKey == NULL)
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Check if re-authentication is required
+ if (session->getReAuthentication())
+ {
+ session->resetOp();
+ return CKR_USER_NOT_LOGGED_IN;
+ }
+
+ // Size of the data
+ CK_ULONG size = privateKey->getOutputLength();
+ if (pData == NULL_PTR)
+ {
+ *pulDataLen = size;
+ return CKR_OK;
+ }
+
+ // Check buffer size
+ if (*pulDataLen < size)
+ {
+ *pulDataLen = size;
+ return CKR_BUFFER_TOO_SMALL;
+ }
+
+ // Get the data
+ ByteString encryptedData(pEncryptedData, ulEncryptedDataLen);
+ ByteString data;
+
+ // Decrypt the data
+ if (!asymCrypto->decrypt(privateKey,encryptedData,data,mechanism))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Check size
+ if (data.size() > size)
+ {
+ ERROR_MSG("The size of the decrypted data exceeds the size of the mechanism");
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+ if (data.size() != 0)
+ {
+ memcpy(pData, data.byte_str(), data.size());
+ }
+ *pulDataLen = data.size();
+
+ session->resetOp();
+ return CKR_OK;
+
+}
+
+// Perform a single operation decryption in the given session
+CK_RV SoftHSM::C_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pEncryptedData == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (pulDataLen == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_DECRYPT)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if (session->getSymmetricCryptoOp() != NULL)
+ return SymDecrypt(session, pEncryptedData, ulEncryptedDataLen,
+ pData, pulDataLen);
+ else
+ return AsymDecrypt(session, pEncryptedData, ulEncryptedDataLen,
+ pData, pulDataLen);
+}
+
+// SymAlgorithm version of C_DecryptUpdate
+static CK_RV SymDecryptUpdate(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pDataLen)
+{
+ SymmetricAlgorithm* cipher = session->getSymmetricCryptoOp();
+ if (cipher == NULL || !session->getAllowMultiPartOp())
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Check encrypted data size
+ size_t blockSize = cipher->getBlockSize();
+ size_t remainingSize = cipher->getBufferSize();
+ CK_ULONG maxSize = ulEncryptedDataLen + remainingSize;
+ if (cipher->isBlockCipher())
+ {
+ // There must always be one block left in padding mode if next operation is DecryptFinal.
+ // To guarantee that one byte is removed in padding mode when the number of blocks is calculated.
+ size_t paddingAdjustByte = cipher->getPaddingMode() ? 1 : 0;
+ int nrOfBlocks = (ulEncryptedDataLen + remainingSize - paddingAdjustByte) / blockSize;
+ maxSize = nrOfBlocks * blockSize;
+ }
+ if (!cipher->checkMaximumBytes(ulEncryptedDataLen))
+ {
+ session->resetOp();
+ return CKR_ENCRYPTED_DATA_LEN_RANGE;
+ }
+
+ // Give required output buffer size.
+ if (pData == NULL_PTR)
+ {
+ *pDataLen = maxSize;
+ return CKR_OK;
+ }
+
+ // Check output buffer size
+ if (*pDataLen < maxSize)
+ {
+ DEBUG_MSG("Output buffer too short ulEncryptedDataLen: %#5x output buffer size: %#5x blockSize: %#3x remainingSize: %#4x maxSize: %#5x",
+ ulEncryptedDataLen, *pDataLen, blockSize, remainingSize, maxSize);
+ *pDataLen = maxSize;
+ return CKR_BUFFER_TOO_SMALL;
+ }
+
+ // Get the data
+ ByteString data(pEncryptedData, ulEncryptedDataLen);
+ ByteString decryptedData;
+
+ // Encrypt the data
+ if (!cipher->decryptUpdate(data, decryptedData))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+ DEBUG_MSG("ulEncryptedDataLen: %#5x output buffer size: %#5x blockSize: %#3x remainingSize: %#4x maxSize: %#5x decryptedData.size(): %#5x",
+ ulEncryptedDataLen, *pDataLen, blockSize, remainingSize, maxSize, decryptedData.size());
+
+ // Check output size from crypto. Unrecoverable error if to large.
+ if (*pDataLen < decryptedData.size())
+ {
+ session->resetOp();
+ ERROR_MSG("DecryptUpdate returning too much data. Length of output data buffer is %i but %i bytes was returned by the decrypt.",
+ *pDataLen, decryptedData.size());
+ return CKR_GENERAL_ERROR;
+ }
+
+ if (decryptedData.size() > 0)
+ {
+ memcpy(pData, decryptedData.byte_str(), decryptedData.size());
+ }
+ *pDataLen = decryptedData.size();
+
+ return CKR_OK;
+}
+
+
+// Feed data to the running decryption operation in a session
+CK_RV SoftHSM::C_DecryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pDataLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pEncryptedData == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (pDataLen == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_DECRYPT)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if (session->getSymmetricCryptoOp() != NULL)
+ return SymDecryptUpdate(session, pEncryptedData, ulEncryptedDataLen,
+ pData, pDataLen);
+ else
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+static CK_RV SymDecryptFinal(Session* session, CK_BYTE_PTR pDecryptedData, CK_ULONG_PTR pulDecryptedDataLen)
+{
+ SymmetricAlgorithm* cipher = session->getSymmetricCryptoOp();
+ if (cipher == NULL || !session->getAllowMultiPartOp())
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Check encrypted data size
+ size_t remainingSize = cipher->getBufferSize();
+ CK_ULONG size = remainingSize;
+ if (cipher->isBlockCipher())
+ {
+ size_t blockSize = cipher->getBlockSize();
+ if (remainingSize % blockSize != 0)
+ {
+ session->resetOp();
+ DEBUG_MSG("Remaining data length is not an integral of the block size. Block size: %#2x Remaining size: %#2x",
+ blockSize, remainingSize);
+ return CKR_ENCRYPTED_DATA_LEN_RANGE;
+ }
+ // It is at least one padding byte. If no padding the all remains will be returned.
+ size_t paddingAdjustByte = cipher->getPaddingMode() ? 1 : 0;
+ size = remainingSize - paddingAdjustByte;
+ }
+
+ // Give required output buffer size.
+ if (pDecryptedData == NULL_PTR)
+ {
+ *pulDecryptedDataLen = size;
+ return CKR_OK;
+ }
+
+ // Check output buffer size
+ if (*pulDecryptedDataLen < size)
+ {
+ DEBUG_MSG("output buffer size: %#5x size: %#5x",
+ *pulDecryptedDataLen, size);
+ *pulDecryptedDataLen = size;
+ return CKR_BUFFER_TOO_SMALL;
+ }
+
+ // Finalize decryption
+ ByteString decryptedFinal;
+ if (!cipher->decryptFinal(decryptedFinal))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+ DEBUG_MSG("output buffer size: %#2x size: %#2x decryptedFinal.size(): %#2x",
+ *pulDecryptedDataLen, size, decryptedFinal.size());
+
+ // Check output size from crypto. Unrecoverable error if to large.
+ if (*pulDecryptedDataLen < decryptedFinal.size())
+ {
+ session->resetOp();
+ ERROR_MSG("DecryptFinal returning too much data. Length of output data buffer is %i but %i bytes was returned by the encrypt.",
+ *pulDecryptedDataLen, decryptedFinal.size());
+ return CKR_GENERAL_ERROR;
+ }
+
+ if (decryptedFinal.size() > 0)
+ {
+ memcpy(pDecryptedData, decryptedFinal.byte_str(), decryptedFinal.size());
+ }
+ *pulDecryptedDataLen = decryptedFinal.size();
+
+ session->resetOp();
+ return CKR_OK;
+}
+
+// Finalise the decryption operation
+CK_RV SoftHSM::C_DecryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG_PTR pDataLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_DECRYPT) return CKR_OPERATION_NOT_INITIALIZED;
+
+ if (session->getSymmetricCryptoOp() != NULL)
+ return SymDecryptFinal(session, pData, pDataLen);
+ else
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+// Initialise digesting using the specified mechanism in the specified session
+CK_RV SoftHSM::C_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we have another operation
+ if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;
+
+ // Get the mechanism
+ HashAlgo::Type algo = HashAlgo::Unknown;
+ switch(pMechanism->mechanism) {
+#ifndef WITH_FIPS
+ case CKM_MD5:
+ algo = HashAlgo::MD5;
+ break;
+#endif
+ case CKM_SHA_1:
+ algo = HashAlgo::SHA1;
+ break;
+ case CKM_SHA224:
+ algo = HashAlgo::SHA224;
+ break;
+ case CKM_SHA256:
+ algo = HashAlgo::SHA256;
+ break;
+ case CKM_SHA384:
+ algo = HashAlgo::SHA384;
+ break;
+ case CKM_SHA512:
+ algo = HashAlgo::SHA512;
+ break;
+#ifdef WITH_GOST
+ case CKM_GOSTR3411:
+ algo = HashAlgo::GOST;
+ break;
+#endif
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+ HashAlgorithm* hash = CryptoFactory::i()->getHashAlgorithm(algo);
+ if (hash == NULL) return CKR_MECHANISM_INVALID;
+
+ // Initialize hashing
+ if (hash->hashInit() == false)
+ {
+ CryptoFactory::i()->recycleHashAlgorithm(hash);
+ return CKR_GENERAL_ERROR;
+ }
+
+ session->setOpType(SESSION_OP_DIGEST);
+ session->setDigestOp(hash);
+ session->setHashAlgo(algo);
+
+ return CKR_OK;
+}
+
+// Digest the specified data in a one-pass operation and return the resulting digest
+CK_RV SoftHSM::C_Digest(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pulDigestLen == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (pData == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_DIGEST) return CKR_OPERATION_NOT_INITIALIZED;
+
+ // Return size
+ CK_ULONG size = session->getDigestOp()->getHashSize();
+ if (pDigest == NULL_PTR)
+ {
+ *pulDigestLen = size;
+ return CKR_OK;
+ }
+
+ // Check buffer size
+ if (*pulDigestLen < size)
+ {
+ *pulDigestLen = size;
+ return CKR_BUFFER_TOO_SMALL;
+ }
+
+ // Get the data
+ ByteString data(pData, ulDataLen);
+
+ // Digest the data
+ if (session->getDigestOp()->hashUpdate(data) == false)
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Get the digest
+ ByteString digest;
+ if (session->getDigestOp()->hashFinal(digest) == false)
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Check size
+ if (digest.size() != size)
+ {
+ ERROR_MSG("The size of the digest differ from the size of the mechanism");
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+ memcpy(pDigest, digest.byte_str(), size);
+ *pulDigestLen = size;
+
+ session->resetOp();
+
+ return CKR_OK;
+}
+
+// Update a running digest operation
+CK_RV SoftHSM::C_DigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pPart == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_DIGEST) return CKR_OPERATION_NOT_INITIALIZED;
+
+ // Get the data
+ ByteString data(pPart, ulPartLen);
+
+ // Digest the data
+ if (session->getDigestOp()->hashUpdate(data) == false)
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ return CKR_OK;
+}
+
+// Update a running digest operation by digesting a secret key with the specified handle
+CK_RV SoftHSM::C_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_DIGEST) return CKR_OPERATION_NOT_INITIALIZED;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ // Check the key handle.
+ OSObject *key = (OSObject *)handleManager->getObject(hObject);
+ if (key == NULL_PTR || !key->isValid()) return CKR_KEY_HANDLE_INVALID;
+
+ CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check read user credentials
+ CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+
+ // CKR_USER_NOT_LOGGED_IN is not a valid return code for this function,
+ // so we use CKR_GENERAL_ERROR.
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Whitelist
+ HashAlgo::Type algo = session->getHashAlgo();
+ if (algo != HashAlgo::SHA1 &&
+ algo != HashAlgo::SHA224 &&
+ algo != HashAlgo::SHA256 &&
+ algo != HashAlgo::SHA384 &&
+ algo != HashAlgo::SHA512)
+ {
+ // Parano...
+ if (!key->getBooleanValue(CKA_EXTRACTABLE, false))
+ return CKR_KEY_INDIGESTIBLE;
+ if (key->getBooleanValue(CKA_SENSITIVE, false))
+ return CKR_KEY_INDIGESTIBLE;
+ }
+
+ // Get value
+ if (!key->attributeExists(CKA_VALUE))
+ return CKR_KEY_INDIGESTIBLE;
+ ByteString keybits;
+ if (isPrivate)
+ {
+ if (!token->decrypt(key->getByteStringValue(CKA_VALUE), keybits))
+ return CKR_GENERAL_ERROR;
+ }
+ else
+ {
+ keybits = key->getByteStringValue(CKA_VALUE);
+ }
+
+ // Digest the value
+ if (session->getDigestOp()->hashUpdate(keybits) == false)
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ return CKR_OK;
+}
+
+// Finalise the digest operation in the specified session and return the digest
+CK_RV SoftHSM::C_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pulDigestLen == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_DIGEST) return CKR_OPERATION_NOT_INITIALIZED;
+
+ // Return size
+ CK_ULONG size = session->getDigestOp()->getHashSize();
+ if (pDigest == NULL_PTR)
+ {
+ *pulDigestLen = size;
+ return CKR_OK;
+ }
+
+ // Check buffer size
+ if (*pulDigestLen < size)
+ {
+ *pulDigestLen = size;
+ return CKR_BUFFER_TOO_SMALL;
+ }
+
+ // Get the digest
+ ByteString digest;
+ if (session->getDigestOp()->hashFinal(digest) == false)
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Check size
+ if (digest.size() != size)
+ {
+ ERROR_MSG("The size of the digest differ from the size of the mechanism");
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+ memcpy(pDigest, digest.byte_str(), size);
+ *pulDigestLen = size;
+
+ session->resetOp();
+
+ return CKR_OK;
+}
+
+// Sign*/Verify*() is for MACs too
+static bool isMacMechanism(CK_MECHANISM_PTR pMechanism)
+{
+ if (pMechanism == NULL_PTR) return false;
+
+ switch(pMechanism->mechanism) {
+ case CKM_MD5_HMAC:
+ case CKM_SHA_1_HMAC:
+ case CKM_SHA224_HMAC:
+ case CKM_SHA256_HMAC:
+ case CKM_SHA384_HMAC:
+ case CKM_SHA512_HMAC:
+#ifdef WITH_GOST
+ case CKM_GOSTR3411_HMAC:
+#endif
+ case CKM_DES3_CMAC:
+ case CKM_AES_CMAC:
+ return true;
+ default:
+ return false;
+ }
+}
+
+// MacAlgorithm version of C_SignInit
+CK_RV SoftHSM::MacSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we have another operation
+ if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ // Check the key handle.
+ OSObject *key = (OSObject *)handleManager->getObject(hKey);
+ if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;
+
+ CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check read user credentials
+ CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+
+ return rv;
+ }
+
+ // Check if key can be used for signing
+ if (!key->getBooleanValue(CKA_SIGN, false))
+ return CKR_KEY_FUNCTION_NOT_PERMITTED;
+
+ // Check if the specified mechanism is allowed for the key
+ if (!isMechanismPermitted(key, pMechanism))
+ return CKR_MECHANISM_INVALID;
+
+ // Get key info
+ CK_KEY_TYPE keyType = key->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED);
+
+ // Get the MAC algorithm matching the mechanism
+ // Also check mechanism constraints
+ MacAlgo::Type algo = MacAlgo::Unknown;
+ size_t bb = 8;
+ size_t minSize = 0;
+ switch(pMechanism->mechanism) {
+#ifndef WITH_FIPS
+ case CKM_MD5_HMAC:
+ if (keyType != CKK_GENERIC_SECRET && keyType != CKK_MD5_HMAC)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ minSize = 16;
+ algo = MacAlgo::HMAC_MD5;
+ break;
+#endif
+ case CKM_SHA_1_HMAC:
+ if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA_1_HMAC)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ minSize = 20;
+ algo = MacAlgo::HMAC_SHA1;
+ break;
+ case CKM_SHA224_HMAC:
+ if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA224_HMAC)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ minSize = 28;
+ algo = MacAlgo::HMAC_SHA224;
+ break;
+ case CKM_SHA256_HMAC:
+ if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA256_HMAC)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ minSize = 32;
+ algo = MacAlgo::HMAC_SHA256;
+ break;
+ case CKM_SHA384_HMAC:
+ if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA384_HMAC)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ minSize = 48;
+ algo = MacAlgo::HMAC_SHA384;
+ break;
+ case CKM_SHA512_HMAC:
+ if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA512_HMAC)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ minSize = 64;
+ algo = MacAlgo::HMAC_SHA512;
+ break;
+#ifdef WITH_GOST
+ case CKM_GOSTR3411_HMAC:
+ if (keyType != CKK_GENERIC_SECRET && keyType != CKK_GOST28147)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ minSize = 32;
+ algo = MacAlgo::HMAC_GOST;
+ break;
+#endif
+ case CKM_DES3_CMAC:
+ if (keyType != CKK_DES2 && keyType != CKK_DES3)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ algo = MacAlgo::CMAC_DES;
+ bb = 7;
+ break;
+ case CKM_AES_CMAC:
+ if (keyType != CKK_AES)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ algo = MacAlgo::CMAC_AES;
+ break;
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+ MacAlgorithm* mac = CryptoFactory::i()->getMacAlgorithm(algo);
+ if (mac == NULL) return CKR_MECHANISM_INVALID;
+
+ SymmetricKey* privkey = new SymmetricKey();
+
+ if (getSymmetricKey(privkey, token, key) != CKR_OK)
+ {
+ mac->recycleKey(privkey);
+ CryptoFactory::i()->recycleMacAlgorithm(mac);
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Adjust key bit length
+ privkey->setBitLen(privkey->getKeyBits().size() * bb);
+
+ // Check key size
+ if (privkey->getBitLen() < (minSize*8))
+ {
+ mac->recycleKey(privkey);
+ CryptoFactory::i()->recycleMacAlgorithm(mac);
+ return CKR_KEY_SIZE_RANGE;
+ }
+
+ // Initialize signing
+ if (!mac->signInit(privkey))
+ {
+ mac->recycleKey(privkey);
+ CryptoFactory::i()->recycleMacAlgorithm(mac);
+ return CKR_MECHANISM_INVALID;
+ }
+
+ session->setOpType(SESSION_OP_SIGN);
+ session->setMacOp(mac);
+ session->setAllowMultiPartOp(true);
+ session->setAllowSinglePartOp(true);
+ session->setSymmetricKey(privkey);
+
+ return CKR_OK;
+}
+
+// AsymmetricAlgorithm version of C_SignInit
+CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we have another operation
+ if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ // Check the key handle.
+ OSObject *key = (OSObject *)handleManager->getObject(hKey);
+ if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;
+
+ CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check read user credentials
+ CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+
+ return rv;
+ }
+
+ // Check if key can be used for signing
+ if (!key->getBooleanValue(CKA_SIGN, false))
+ return CKR_KEY_FUNCTION_NOT_PERMITTED;
+
+ // Check if the specified mechanism is allowed for the key
+ if (!isMechanismPermitted(key, pMechanism))
+ return CKR_MECHANISM_INVALID;
+
+ // Get the asymmetric algorithm matching the mechanism
+ AsymMech::Type mechanism = AsymMech::Unknown;
+ void* param = NULL;
+ size_t paramLen = 0;
+ RSA_PKCS_PSS_PARAMS pssParam;
+ bool bAllowMultiPartOp;
+ bool isRSA = false;
+ bool isDSA = false;
+ bool isECDSA = false;
+ switch(pMechanism->mechanism) {
+ case CKM_RSA_PKCS:
+ mechanism = AsymMech::RSA_PKCS;
+ bAllowMultiPartOp = false;
+ isRSA = true;
+ break;
+ case CKM_RSA_X_509:
+ mechanism = AsymMech::RSA;
+ bAllowMultiPartOp = false;
+ isRSA = true;
+ break;
+#ifndef WITH_FIPS
+ case CKM_MD5_RSA_PKCS:
+ mechanism = AsymMech::RSA_MD5_PKCS;
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+#endif
+ case CKM_SHA1_RSA_PKCS:
+ mechanism = AsymMech::RSA_SHA1_PKCS;
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_SHA224_RSA_PKCS:
+ mechanism = AsymMech::RSA_SHA224_PKCS;
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_SHA256_RSA_PKCS:
+ mechanism = AsymMech::RSA_SHA256_PKCS;
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_SHA384_RSA_PKCS:
+ mechanism = AsymMech::RSA_SHA384_PKCS;
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_SHA512_RSA_PKCS:
+ mechanism = AsymMech::RSA_SHA512_PKCS;
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+#ifdef WITH_RAW_PSS
+ case CKM_RSA_PKCS_PSS:
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS))
+ {
+ ERROR_MSG("Invalid RSA-PSS parameters");
+ return CKR_ARGUMENTS_BAD;
+ }
+ mechanism = AsymMech::RSA_PKCS_PSS;
+ unsigned long allowedMgf;
+
+ switch(CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg) {
+ case CKM_SHA_1:
+ pssParam.hashAlg = HashAlgo::SHA1;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA1;
+ allowedMgf = CKG_MGF1_SHA1;
+ break;
+ case CKM_SHA224:
+ pssParam.hashAlg = HashAlgo::SHA224;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA224;
+ allowedMgf = CKG_MGF1_SHA224;
+ break;
+ case CKM_SHA256:
+ pssParam.hashAlg = HashAlgo::SHA256;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA256;
+ allowedMgf = CKG_MGF1_SHA256;
+ break;
+ case CKM_SHA384:
+ pssParam.hashAlg = HashAlgo::SHA384;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA384;
+ allowedMgf = CKG_MGF1_SHA384;
+ break;
+ case CKM_SHA512:
+ pssParam.hashAlg = HashAlgo::SHA512;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA512;
+ allowedMgf = CKG_MGF1_SHA512;
+ break;
+ default:
+ ERROR_MSG("Invalid RSA-PSS hash");
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ if (CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != allowedMgf) {
+ ERROR_MSG("Hash and MGF don't match");
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
+ param = &pssParam;
+ paramLen = sizeof(pssParam);
+ bAllowMultiPartOp = false;
+ isRSA = true;
+ break;
+#endif
+ case CKM_SHA1_RSA_PKCS_PSS:
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA_1 ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA1)
+ {
+ ERROR_MSG("Invalid parameters");
+ return CKR_ARGUMENTS_BAD;
+ }
+ mechanism = AsymMech::RSA_SHA1_PKCS_PSS;
+ pssParam.hashAlg = HashAlgo::SHA1;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA1;
+ pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
+ param = &pssParam;
+ paramLen = sizeof(pssParam);
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_SHA224_RSA_PKCS_PSS:
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA224 ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA224)
+ {
+ ERROR_MSG("Invalid parameters");
+ return CKR_ARGUMENTS_BAD;
+ }
+ mechanism = AsymMech::RSA_SHA224_PKCS_PSS;
+ pssParam.hashAlg = HashAlgo::SHA224;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA224;
+ pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
+ param = &pssParam;
+ paramLen = sizeof(pssParam);
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_SHA256_RSA_PKCS_PSS:
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA256 ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA256)
+ {
+ ERROR_MSG("Invalid parameters");
+ return CKR_ARGUMENTS_BAD;
+ }
+ mechanism = AsymMech::RSA_SHA256_PKCS_PSS;
+ pssParam.hashAlg = HashAlgo::SHA256;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA256;
+ pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
+ param = &pssParam;
+ paramLen = sizeof(pssParam);
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_SHA384_RSA_PKCS_PSS:
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA384 ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA384)
+ {
+ ERROR_MSG("Invalid parameters");
+ return CKR_ARGUMENTS_BAD;
+ }
+ mechanism = AsymMech::RSA_SHA384_PKCS_PSS;
+ pssParam.hashAlg = HashAlgo::SHA384;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA384;
+ pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
+ param = &pssParam;
+ paramLen = sizeof(pssParam);
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_SHA512_RSA_PKCS_PSS:
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA512 ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA512)
+ {
+ ERROR_MSG("Invalid parameters");
+ return CKR_ARGUMENTS_BAD;
+ }
+ mechanism = AsymMech::RSA_SHA512_PKCS_PSS;
+ pssParam.hashAlg = HashAlgo::SHA512;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA512;
+ pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
+ param = &pssParam;
+ paramLen = sizeof(pssParam);
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_DSA:
+ mechanism = AsymMech::DSA;
+ bAllowMultiPartOp = false;
+ isDSA = true;
+ break;
+ case CKM_DSA_SHA1:
+ mechanism = AsymMech::DSA_SHA1;
+ bAllowMultiPartOp = true;
+ isDSA = true;
+ break;
+ case CKM_DSA_SHA224:
+ mechanism = AsymMech::DSA_SHA224;
+ bAllowMultiPartOp = true;
+ isDSA = true;
+ break;
+ case CKM_DSA_SHA256:
+ mechanism = AsymMech::DSA_SHA256;
+ bAllowMultiPartOp = true;
+ isDSA = true;
+ break;
+ case CKM_DSA_SHA384:
+ mechanism = AsymMech::DSA_SHA384;
+ bAllowMultiPartOp = true;
+ isDSA = true;
+ break;
+ case CKM_DSA_SHA512:
+ mechanism = AsymMech::DSA_SHA512;
+ bAllowMultiPartOp = true;
+ isDSA = true;
+ break;
+#ifdef WITH_ECC
+ case CKM_ECDSA:
+ mechanism = AsymMech::ECDSA;
+ bAllowMultiPartOp = false;
+ isECDSA = true;
+ break;
+#endif
+#ifdef WITH_GOST
+ case CKM_GOSTR3410:
+ mechanism = AsymMech::GOST;
+ bAllowMultiPartOp = false;
+ break;
+ case CKM_GOSTR3410_WITH_GOSTR3411:
+ mechanism = AsymMech::GOST_GOST;
+ bAllowMultiPartOp = true;
+ break;
+#endif
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+
+ AsymmetricAlgorithm* asymCrypto = NULL;
+ PrivateKey* privateKey = NULL;
+ if (isRSA)
+ {
+ asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::RSA);
+ if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;
+
+ privateKey = asymCrypto->newPrivateKey();
+ if (privateKey == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_HOST_MEMORY;
+ }
+
+ if (getRSAPrivateKey((RSAPrivateKey*)privateKey, token, key) != CKR_OK)
+ {
+ asymCrypto->recyclePrivateKey(privateKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_GENERAL_ERROR;
+ }
+ }
+ else if (isDSA)
+ {
+ asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DSA);
+ if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;
+
+ privateKey = asymCrypto->newPrivateKey();
+ if (privateKey == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_HOST_MEMORY;
+ }
+
+ if (getDSAPrivateKey((DSAPrivateKey*)privateKey, token, key) != CKR_OK)
+ {
+ asymCrypto->recyclePrivateKey(privateKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_GENERAL_ERROR;
+ }
+ }
+#ifdef WITH_ECC
+ else if (isECDSA)
+ {
+ asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::ECDSA);
+ if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;
+
+ privateKey = asymCrypto->newPrivateKey();
+ if (privateKey == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_HOST_MEMORY;
+ }
+
+ if (getECPrivateKey((ECPrivateKey*)privateKey, token, key) != CKR_OK)
+ {
+ asymCrypto->recyclePrivateKey(privateKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_GENERAL_ERROR;
+ }
+ }
+#endif
+ else
+ {
+#ifdef WITH_GOST
+ asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::GOST);
+ if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;
+
+ privateKey = asymCrypto->newPrivateKey();
+ if (privateKey == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_HOST_MEMORY;
+ }
+
+ if (getGOSTPrivateKey((GOSTPrivateKey*)privateKey, token, key) != CKR_OK)
+ {
+ asymCrypto->recyclePrivateKey(privateKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_GENERAL_ERROR;
+ }
+#else
+ return CKR_MECHANISM_INVALID;
+#endif
+ }
+
+ // Initialize signing
+ if (bAllowMultiPartOp && !asymCrypto->signInit(privateKey,mechanism,param,paramLen))
+ {
+ asymCrypto->recyclePrivateKey(privateKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_MECHANISM_INVALID;
+ }
+
+ // Check if re-authentication is required
+ if (key->getBooleanValue(CKA_ALWAYS_AUTHENTICATE, false))
+ {
+ session->setReAuthentication(true);
+ }
+
+ session->setOpType(SESSION_OP_SIGN);
+ session->setAsymmetricCryptoOp(asymCrypto);
+ session->setMechanism(mechanism);
+ session->setParameters(param, paramLen);
+ session->setAllowMultiPartOp(bAllowMultiPartOp);
+ session->setAllowSinglePartOp(true);
+ session->setPrivateKey(privateKey);
+
+ return CKR_OK;
+}
+
+// Initialise a signing operation using the specified key and mechanism
+CK_RV SoftHSM::C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+ if (isMacMechanism(pMechanism))
+ return MacSignInit(hSession, pMechanism, hKey);
+ else
+ return AsymSignInit(hSession, pMechanism, hKey);
+}
+
+// MacAlgorithm version of C_Sign
+static CK_RV MacSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
+{
+ MacAlgorithm* mac = session->getMacOp();
+ if (mac == NULL || !session->getAllowSinglePartOp())
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Size of the signature
+ CK_ULONG size = mac->getMacSize();
+ if (pSignature == NULL_PTR)
+ {
+ *pulSignatureLen = size;
+ return CKR_OK;
+ }
+
+ // Check buffer size
+ if (*pulSignatureLen < size)
+ {
+ *pulSignatureLen = size;
+ return CKR_BUFFER_TOO_SMALL;
+ }
+
+ // Get the data
+ ByteString data(pData, ulDataLen);
+
+ // Sign the data
+ if (!mac->signUpdate(data))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Get the signature
+ ByteString signature;
+ if (!mac->signFinal(signature))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Check size
+ if (signature.size() != size)
+ {
+ ERROR_MSG("The size of the signature differs from the size of the mechanism");
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+ memcpy(pSignature, signature.byte_str(), size);
+ *pulSignatureLen = size;
+
+ session->resetOp();
+ return CKR_OK;
+}
+
+// AsymmetricAlgorithm version of C_Sign
+static CK_RV AsymSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
+{
+ AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
+ AsymMech::Type mechanism = session->getMechanism();
+ PrivateKey* privateKey = session->getPrivateKey();
+ size_t paramLen;
+ void* param = session->getParameters(paramLen);
+ if (asymCrypto == NULL || !session->getAllowSinglePartOp() || privateKey == NULL)
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Check if re-authentication is required
+ if (session->getReAuthentication())
+ {
+ session->resetOp();
+ return CKR_USER_NOT_LOGGED_IN;
+ }
+
+ // Size of the signature
+ CK_ULONG size = privateKey->getOutputLength();
+ if (pSignature == NULL_PTR)
+ {
+ *pulSignatureLen = size;
+ return CKR_OK;
+ }
+
+ // Check buffer size
+ if (*pulSignatureLen < size)
+ {
+ *pulSignatureLen = size;
+ return CKR_BUFFER_TOO_SMALL;
+ }
+
+ // Get the data
+ ByteString data;
+
+ // We must allow input length <= k and therfore need to prepend the data with zeroes.
+ if (mechanism == AsymMech::RSA) {
+ data.wipe(size-ulDataLen);
+ }
+
+ data += ByteString(pData, ulDataLen);
+ ByteString signature;
+
+ // Sign the data
+ if (session->getAllowMultiPartOp())
+ {
+ if (!asymCrypto->signUpdate(data) ||
+ !asymCrypto->signFinal(signature))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+ }
+ else if (!asymCrypto->sign(privateKey,data,signature,mechanism,param,paramLen))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Check size
+ if (signature.size() != size)
+ {
+ ERROR_MSG("The size of the signature differs from the size of the mechanism");
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+ memcpy(pSignature, signature.byte_str(), size);
+ *pulSignatureLen = size;
+
+ session->resetOp();
+ return CKR_OK;
+}
+
+// Sign the data in a single pass operation
+CK_RV SoftHSM::C_Sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pData == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (pulSignatureLen == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_SIGN)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if (session->getMacOp() != NULL)
+ return MacSign(session, pData, ulDataLen,
+ pSignature, pulSignatureLen);
+ else
+ return AsymSign(session, pData, ulDataLen,
+ pSignature, pulSignatureLen);
+}
+
+// MacAlgorithm version of C_SignUpdate
+static CK_RV MacSignUpdate(Session* session, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
+{
+ MacAlgorithm* mac = session->getMacOp();
+ if (mac == NULL || !session->getAllowMultiPartOp())
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Get the part
+ ByteString part(pPart, ulPartLen);
+
+ // Sign the data
+ if (!mac->signUpdate(part))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ session->setAllowSinglePartOp(false);
+ return CKR_OK;
+}
+
+// AsymmetricAlgorithm version of C_SignUpdate
+static CK_RV AsymSignUpdate(Session* session, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
+{
+ AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
+ if (asymCrypto == NULL || !session->getAllowMultiPartOp())
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Check if re-authentication is required
+ if (session->getReAuthentication())
+ {
+ session->resetOp();
+ return CKR_USER_NOT_LOGGED_IN;
+ }
+
+ // Get the part
+ ByteString part(pPart, ulPartLen);
+
+ // Sign the data
+ if (!asymCrypto->signUpdate(part))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ session->setAllowSinglePartOp(false);
+ return CKR_OK;
+}
+
+// Update a running signing operation with additional data
+CK_RV SoftHSM::C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pPart == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_SIGN)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if (session->getMacOp() != NULL)
+ return MacSignUpdate(session, pPart, ulPartLen);
+ else
+ return AsymSignUpdate(session, pPart, ulPartLen);
+}
+
+// MacAlgorithm version of C_SignFinal
+static CK_RV MacSignFinal(Session* session, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
+{
+ MacAlgorithm* mac = session->getMacOp();
+ if (mac == NULL)
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Size of the signature
+ CK_ULONG size = mac->getMacSize();
+ if (pSignature == NULL_PTR)
+ {
+ *pulSignatureLen = size;
+ return CKR_OK;
+ }
+
+ // Check buffer size
+ if (*pulSignatureLen < size)
+ {
+ *pulSignatureLen = size;
+ return CKR_BUFFER_TOO_SMALL;
+ }
+
+ // Get the signature
+ ByteString signature;
+ if (!mac->signFinal(signature))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Check size
+ if (signature.size() != size)
+ {
+ ERROR_MSG("The size of the signature differs from the size of the mechanism");
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+ memcpy(pSignature, signature.byte_str(), size);
+ *pulSignatureLen = size;
+
+ session->resetOp();
+ return CKR_OK;
+}
+
+// AsymmetricAlgorithm version of C_SignFinal
+static CK_RV AsymSignFinal(Session* session, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
+{
+ AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
+ PrivateKey* privateKey = session->getPrivateKey();
+ if (asymCrypto == NULL || privateKey == NULL)
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Check if re-authentication is required
+ if (session->getReAuthentication())
+ {
+ session->resetOp();
+ return CKR_USER_NOT_LOGGED_IN;
+ }
+
+ // Size of the signature
+ CK_ULONG size = privateKey->getOutputLength();
+ if (pSignature == NULL_PTR)
+ {
+ *pulSignatureLen = size;
+ return CKR_OK;
+ }
+
+ // Check buffer size
+ if (*pulSignatureLen < size)
+ {
+ *pulSignatureLen = size;
+ return CKR_BUFFER_TOO_SMALL;
+ }
+
+ // Get the signature
+ ByteString signature;
+ if (!asymCrypto->signFinal(signature))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Check size
+ if (signature.size() != size)
+ {
+ ERROR_MSG("The size of the signature differs from the size of the mechanism");
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+ memcpy(pSignature, signature.byte_str(), size);
+ *pulSignatureLen = size;
+
+ session->resetOp();
+ return CKR_OK;
+}
+
+// Finalise a running signing operation and return the signature
+CK_RV SoftHSM::C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pulSignatureLen == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_SIGN || !session->getAllowMultiPartOp())
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if (session->getMacOp() != NULL)
+ return MacSignFinal(session, pSignature, pulSignatureLen);
+ else
+ return AsymSignFinal(session, pSignature, pulSignatureLen);
+}
+
+// Initialise a signing operation that allows recovery of the signed data
+CK_RV SoftHSM::C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR /*pMechanism*/, CK_OBJECT_HANDLE /*hKey*/)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we have another operation
+ if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;
+
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+// Perform a single part signing operation that allows recovery of the signed data
+CK_RV SoftHSM::C_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR /*pData*/, CK_ULONG /*ulDataLen*/, CK_BYTE_PTR /*pSignature*/, CK_ULONG_PTR /*pulSignatureLen*/)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+// MacAlgorithm version of C_VerifyInit
+CK_RV SoftHSM::MacVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we have another operation
+ if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ // Check the key handle.
+ OSObject *key = (OSObject *)handleManager->getObject(hKey);
+ if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;
+
+ CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check read user credentials
+ CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+
+ return rv;
+ }
+
+ // Check if key can be used for verifying
+ if (!key->getBooleanValue(CKA_VERIFY, false))
+ return CKR_KEY_FUNCTION_NOT_PERMITTED;
+
+ // Check if the specified mechanism is allowed for the key
+ if (!isMechanismPermitted(key, pMechanism))
+ return CKR_MECHANISM_INVALID;
+
+ // Get key info
+ CK_KEY_TYPE keyType = key->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED);
+
+ // Get the MAC algorithm matching the mechanism
+ // Also check mechanism constraints
+ MacAlgo::Type algo = MacAlgo::Unknown;
+ size_t bb = 8;
+ size_t minSize = 0;
+ switch(pMechanism->mechanism) {
+#ifndef WITH_FIPS
+ case CKM_MD5_HMAC:
+ if (keyType != CKK_GENERIC_SECRET && keyType != CKK_MD5_HMAC)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ minSize = 16;
+ algo = MacAlgo::HMAC_MD5;
+ break;
+#endif
+ case CKM_SHA_1_HMAC:
+ if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA_1_HMAC)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ minSize = 20;
+ algo = MacAlgo::HMAC_SHA1;
+ break;
+ case CKM_SHA224_HMAC:
+ if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA224_HMAC)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ minSize = 28;
+ algo = MacAlgo::HMAC_SHA224;
+ break;
+ case CKM_SHA256_HMAC:
+ if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA256_HMAC)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ minSize = 32;
+ algo = MacAlgo::HMAC_SHA256;
+ break;
+ case CKM_SHA384_HMAC:
+ if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA384_HMAC)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ minSize = 48;
+ algo = MacAlgo::HMAC_SHA384;
+ break;
+ case CKM_SHA512_HMAC:
+ if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA512_HMAC)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ minSize = 64;
+ algo = MacAlgo::HMAC_SHA512;
+ break;
+#ifdef WITH_GOST
+ case CKM_GOSTR3411_HMAC:
+ if (keyType != CKK_GENERIC_SECRET && keyType != CKK_GOST28147)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ minSize = 32;
+ algo = MacAlgo::HMAC_GOST;
+ break;
+#endif
+ case CKM_DES3_CMAC:
+ if (keyType != CKK_DES2 && keyType != CKK_DES3)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ algo = MacAlgo::CMAC_DES;
+ bb = 7;
+ break;
+ case CKM_AES_CMAC:
+ if (keyType != CKK_AES)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ algo = MacAlgo::CMAC_AES;
+ break;
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+ MacAlgorithm* mac = CryptoFactory::i()->getMacAlgorithm(algo);
+ if (mac == NULL) return CKR_MECHANISM_INVALID;
+
+ SymmetricKey* pubkey = new SymmetricKey();
+
+ if (getSymmetricKey(pubkey, token, key) != CKR_OK)
+ {
+ mac->recycleKey(pubkey);
+ CryptoFactory::i()->recycleMacAlgorithm(mac);
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Adjust key bit length
+ pubkey->setBitLen(pubkey->getKeyBits().size() * bb);
+
+ // Check key size
+ if (pubkey->getBitLen() < (minSize*8))
+ {
+ mac->recycleKey(pubkey);
+ CryptoFactory::i()->recycleMacAlgorithm(mac);
+ return CKR_KEY_SIZE_RANGE;
+ }
+
+ // Initialize verifying
+ if (!mac->verifyInit(pubkey))
+ {
+ mac->recycleKey(pubkey);
+ CryptoFactory::i()->recycleMacAlgorithm(mac);
+ return CKR_MECHANISM_INVALID;
+ }
+
+ session->setOpType(SESSION_OP_VERIFY);
+ session->setMacOp(mac);
+ session->setAllowMultiPartOp(true);
+ session->setAllowSinglePartOp(true);
+ session->setSymmetricKey(pubkey);
+
+ return CKR_OK;
+}
+
+// AsymmetricAlgorithm version of C_VerifyInit
+CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we have another operation
+ if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ // Check the key handle.
+ OSObject *key = (OSObject *)handleManager->getObject(hKey);
+ if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;
+
+ CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check read user credentials
+ CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+
+ return rv;
+ }
+
+ // Check if key can be used for verifying
+ if (!key->getBooleanValue(CKA_VERIFY, false))
+ return CKR_KEY_FUNCTION_NOT_PERMITTED;
+
+ // Check if the specified mechanism is allowed for the key
+ if (!isMechanismPermitted(key, pMechanism))
+ return CKR_MECHANISM_INVALID;
+
+ // Get the asymmetric algorithm matching the mechanism
+ AsymMech::Type mechanism = AsymMech::Unknown;
+ void* param = NULL;
+ size_t paramLen = 0;
+ RSA_PKCS_PSS_PARAMS pssParam;
+ bool bAllowMultiPartOp;
+ bool isRSA = false;
+ bool isDSA = false;
+ bool isECDSA = false;
+ switch(pMechanism->mechanism) {
+ case CKM_RSA_PKCS:
+ mechanism = AsymMech::RSA_PKCS;
+ bAllowMultiPartOp = false;
+ isRSA = true;
+ break;
+ case CKM_RSA_X_509:
+ mechanism = AsymMech::RSA;
+ bAllowMultiPartOp = false;
+ isRSA = true;
+ break;
+#ifndef WITH_FIPS
+ case CKM_MD5_RSA_PKCS:
+ mechanism = AsymMech::RSA_MD5_PKCS;
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+#endif
+ case CKM_SHA1_RSA_PKCS:
+ mechanism = AsymMech::RSA_SHA1_PKCS;
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_SHA224_RSA_PKCS:
+ mechanism = AsymMech::RSA_SHA224_PKCS;
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_SHA256_RSA_PKCS:
+ mechanism = AsymMech::RSA_SHA256_PKCS;
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_SHA384_RSA_PKCS:
+ mechanism = AsymMech::RSA_SHA384_PKCS;
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_SHA512_RSA_PKCS:
+ mechanism = AsymMech::RSA_SHA512_PKCS;
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+#ifdef WITH_RAW_PSS
+ case CKM_RSA_PKCS_PSS:
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS))
+ {
+ ERROR_MSG("Invalid parameters");
+ return CKR_ARGUMENTS_BAD;
+ }
+ mechanism = AsymMech::RSA_PKCS_PSS;
+
+ unsigned long expectedMgf;
+ switch(CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg) {
+ case CKM_SHA_1:
+ pssParam.hashAlg = HashAlgo::SHA1;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA1;
+ expectedMgf = CKG_MGF1_SHA1;
+ break;
+ case CKM_SHA224:
+ pssParam.hashAlg = HashAlgo::SHA224;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA224;
+ expectedMgf = CKG_MGF1_SHA224;
+ break;
+ case CKM_SHA256:
+ pssParam.hashAlg = HashAlgo::SHA256;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA256;
+ expectedMgf = CKG_MGF1_SHA256;
+ break;
+ case CKM_SHA384:
+ pssParam.hashAlg = HashAlgo::SHA384;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA384;
+ expectedMgf = CKG_MGF1_SHA384;
+ break;
+ case CKM_SHA512:
+ pssParam.hashAlg = HashAlgo::SHA512;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA512;
+ expectedMgf = CKG_MGF1_SHA512;
+ break;
+ default:
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ if (CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != expectedMgf) {
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
+ param = &pssParam;
+ paramLen = sizeof(pssParam);
+ bAllowMultiPartOp = false;
+ isRSA = true;
+ break;
+#endif
+ case CKM_SHA1_RSA_PKCS_PSS:
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA_1 ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA1)
+ {
+ ERROR_MSG("Invalid parameters");
+ return CKR_ARGUMENTS_BAD;
+ }
+ mechanism = AsymMech::RSA_SHA1_PKCS_PSS;
+ pssParam.hashAlg = HashAlgo::SHA1;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA1;
+ pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
+ param = &pssParam;
+ paramLen = sizeof(pssParam);
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_SHA224_RSA_PKCS_PSS:
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA224 ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA224)
+ {
+ ERROR_MSG("Invalid parameters");
+ return CKR_ARGUMENTS_BAD;
+ }
+ mechanism = AsymMech::RSA_SHA224_PKCS_PSS;
+ pssParam.hashAlg = HashAlgo::SHA224;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA224;
+ pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
+ param = &pssParam;
+ paramLen = sizeof(pssParam);
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_SHA256_RSA_PKCS_PSS:
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA256 ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA256)
+ {
+ ERROR_MSG("Invalid parameters");
+ return CKR_ARGUMENTS_BAD;
+ }
+ mechanism = AsymMech::RSA_SHA256_PKCS_PSS;
+ pssParam.hashAlg = HashAlgo::SHA256;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA256;
+ pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
+ param = &pssParam;
+ paramLen = sizeof(pssParam);
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_SHA384_RSA_PKCS_PSS:
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA384 ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA384)
+ {
+ ERROR_MSG("Invalid parameters");
+ return CKR_ARGUMENTS_BAD;
+ }
+ mechanism = AsymMech::RSA_SHA384_PKCS_PSS;
+ pssParam.hashAlg = HashAlgo::SHA384;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA384;
+ pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
+ param = &pssParam;
+ paramLen = sizeof(pssParam);
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_SHA512_RSA_PKCS_PSS:
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA512 ||
+ CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA512)
+ {
+ ERROR_MSG("Invalid parameters");
+ return CKR_ARGUMENTS_BAD;
+ }
+ mechanism = AsymMech::RSA_SHA512_PKCS_PSS;
+ pssParam.hashAlg = HashAlgo::SHA512;
+ pssParam.mgf = AsymRSAMGF::MGF1_SHA512;
+ pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
+ param = &pssParam;
+ paramLen = sizeof(pssParam);
+ bAllowMultiPartOp = true;
+ isRSA = true;
+ break;
+ case CKM_DSA:
+ mechanism = AsymMech::DSA;
+ bAllowMultiPartOp = false;
+ isDSA = true;
+ break;
+ case CKM_DSA_SHA1:
+ mechanism = AsymMech::DSA_SHA1;
+ bAllowMultiPartOp = true;
+ isDSA = true;
+ break;
+ case CKM_DSA_SHA224:
+ mechanism = AsymMech::DSA_SHA224;
+ bAllowMultiPartOp = true;
+ isDSA = true;
+ break;
+ case CKM_DSA_SHA256:
+ mechanism = AsymMech::DSA_SHA256;
+ bAllowMultiPartOp = true;
+ isDSA = true;
+ break;
+ case CKM_DSA_SHA384:
+ mechanism = AsymMech::DSA_SHA384;
+ bAllowMultiPartOp = true;
+ isDSA = true;
+ break;
+ case CKM_DSA_SHA512:
+ mechanism = AsymMech::DSA_SHA512;
+ bAllowMultiPartOp = true;
+ isDSA = true;
+ break;
+#ifdef WITH_ECC
+ case CKM_ECDSA:
+ mechanism = AsymMech::ECDSA;
+ bAllowMultiPartOp = false;
+ isECDSA = true;
+ break;
+#endif
+#ifdef WITH_GOST
+ case CKM_GOSTR3410:
+ mechanism = AsymMech::GOST;
+ bAllowMultiPartOp = false;
+ break;
+ case CKM_GOSTR3410_WITH_GOSTR3411:
+ mechanism = AsymMech::GOST_GOST;
+ bAllowMultiPartOp = true;
+ break;
+#endif
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+
+ AsymmetricAlgorithm* asymCrypto = NULL;
+ PublicKey* publicKey = NULL;
+ if (isRSA)
+ {
+ asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::RSA);
+ if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;
+
+ publicKey = asymCrypto->newPublicKey();
+ if (publicKey == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_HOST_MEMORY;
+ }
+
+ if (getRSAPublicKey((RSAPublicKey*)publicKey, token, key) != CKR_OK)
+ {
+ asymCrypto->recyclePublicKey(publicKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_GENERAL_ERROR;
+ }
+ }
+ else if (isDSA)
+ {
+ asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DSA);
+ if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;
+
+ publicKey = asymCrypto->newPublicKey();
+ if (publicKey == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_HOST_MEMORY;
+ }
+
+ if (getDSAPublicKey((DSAPublicKey*)publicKey, token, key) != CKR_OK)
+ {
+ asymCrypto->recyclePublicKey(publicKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_GENERAL_ERROR;
+ }
+ }
+#ifdef WITH_ECC
+ else if (isECDSA)
+ {
+ asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::ECDSA);
+ if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;
+
+ publicKey = asymCrypto->newPublicKey();
+ if (publicKey == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_HOST_MEMORY;
+ }
+
+ if (getECPublicKey((ECPublicKey*)publicKey, token, key) != CKR_OK)
+ {
+ asymCrypto->recyclePublicKey(publicKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_GENERAL_ERROR;
+ }
+ }
+#endif
+ else
+ {
+#ifdef WITH_GOST
+ asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::GOST);
+ if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;
+
+ publicKey = asymCrypto->newPublicKey();
+ if (publicKey == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_HOST_MEMORY;
+ }
+
+ if (getGOSTPublicKey((GOSTPublicKey*)publicKey, token, key) != CKR_OK)
+ {
+ asymCrypto->recyclePublicKey(publicKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_GENERAL_ERROR;
+ }
+#else
+ return CKR_MECHANISM_INVALID;
+#endif
+ }
+
+ // Initialize verifying
+ if (bAllowMultiPartOp && !asymCrypto->verifyInit(publicKey,mechanism,param,paramLen))
+ {
+ asymCrypto->recyclePublicKey(publicKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_MECHANISM_INVALID;
+ }
+
+ session->setOpType(SESSION_OP_VERIFY);
+ session->setAsymmetricCryptoOp(asymCrypto);
+ session->setMechanism(mechanism);
+ session->setParameters(param, paramLen);
+ session->setAllowMultiPartOp(bAllowMultiPartOp);
+ session->setAllowSinglePartOp(true);
+ session->setPublicKey(publicKey);
+
+ return CKR_OK;
+}
+
+// Initialise a verification operation using the specified key and mechanism
+CK_RV SoftHSM::C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+ if (isMacMechanism(pMechanism))
+ return MacVerifyInit(hSession, pMechanism, hKey);
+ else
+ return AsymVerifyInit(hSession, pMechanism, hKey);
+}
+
+// MacAlgorithm version of C_Verify
+static CK_RV MacVerify(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
+{
+ MacAlgorithm* mac = session->getMacOp();
+ if (mac == NULL || !session->getAllowSinglePartOp())
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Size of the signature
+ CK_ULONG size = mac->getMacSize();
+
+ // Check buffer size
+ if (ulSignatureLen != size)
+ {
+ ERROR_MSG("The size of the signature differs from the size of the mechanism");
+ session->resetOp();
+ return CKR_SIGNATURE_LEN_RANGE;
+ }
+
+ // Get the data
+ ByteString data(pData, ulDataLen);
+
+ // Verify the data
+ if (!mac->verifyUpdate(data))
+ {
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Get the signature
+ ByteString signature(pSignature, ulSignatureLen);
+
+ // Verify the signature
+ if (!mac->verifyFinal(signature))
+ {
+ session->resetOp();
+ return CKR_SIGNATURE_INVALID;
+ }
+
+ session->resetOp();
+ return CKR_OK;
+}
+
+// AsymmetricAlgorithm version of C_Verify
+static CK_RV AsymVerify(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
+{
+ AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
+ AsymMech::Type mechanism = session->getMechanism();
+ PublicKey* publicKey = session->getPublicKey();
+ size_t paramLen;
+ void* param = session->getParameters(paramLen);
+ if (asymCrypto == NULL || !session->getAllowSinglePartOp() || publicKey == NULL)
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Size of the signature
+ CK_ULONG size = publicKey->getOutputLength();
+
+ // Check buffer size
+ if (ulSignatureLen != size)
+ {
+ ERROR_MSG("The size of the signature differs from the size of the mechanism");
+ session->resetOp();
+ return CKR_SIGNATURE_LEN_RANGE;
+ }
+
+ // Get the data
+ ByteString data;
+
+ // We must allow input length <= k and therfore need to prepend the data with zeroes.
+ if (mechanism == AsymMech::RSA) {
+ data.wipe(size-ulDataLen);
+ }
+
+ data += ByteString(pData, ulDataLen);
+ ByteString signature(pSignature, ulSignatureLen);
+
+ // Verify the data
+ if (session->getAllowMultiPartOp())
+ {
+ if (!asymCrypto->verifyUpdate(data) ||
+ !asymCrypto->verifyFinal(signature))
+ {
+ session->resetOp();
+ return CKR_SIGNATURE_INVALID;
+ }
+ }
+ else if (!asymCrypto->verify(publicKey,data,signature,mechanism,param,paramLen))
+ {
+ session->resetOp();
+ return CKR_SIGNATURE_INVALID;
+ }
+
+ session->resetOp();
+ return CKR_OK;
+}
+
+// Perform a single pass verification operation
+CK_RV SoftHSM::C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pData == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (pSignature == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_VERIFY)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if (session->getMacOp() != NULL)
+ return MacVerify(session, pData, ulDataLen,
+ pSignature, ulSignatureLen);
+ else
+ return AsymVerify(session, pData, ulDataLen,
+ pSignature, ulSignatureLen);
+}
+
+// MacAlgorithm version of C_VerifyUpdate
+static CK_RV MacVerifyUpdate(Session* session, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
+{
+ MacAlgorithm* mac = session->getMacOp();
+ if (mac == NULL || !session->getAllowMultiPartOp())
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Get the part
+ ByteString part(pPart, ulPartLen);
+
+ // Verify the data
+ if (!mac->verifyUpdate(part))
+ {
+ // verifyUpdate can't fail for a logical reason, so we assume total breakdown.
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ session->setAllowSinglePartOp(false);
+ return CKR_OK;
+}
+
+// AsymmetricAlgorithm version of C_VerifyUpdate
+static CK_RV AsymVerifyUpdate(Session* session, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
+{
+ AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
+ if (asymCrypto == NULL || !session->getAllowMultiPartOp())
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Get the part
+ ByteString part(pPart, ulPartLen);
+
+ // Verify the data
+ if (!asymCrypto->verifyUpdate(part))
+ {
+ // verifyUpdate can't fail for a logical reason, so we assume total breakdown.
+ session->resetOp();
+ return CKR_GENERAL_ERROR;
+ }
+
+ session->setAllowSinglePartOp(false);
+ return CKR_OK;
+}
+
+// Update a running verification operation with additional data
+CK_RV SoftHSM::C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pPart == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_VERIFY)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if (session->getMacOp() != NULL)
+ return MacVerifyUpdate(session, pPart, ulPartLen);
+ else
+ return AsymVerifyUpdate(session, pPart, ulPartLen);
+}
+
+// MacAlgorithm version of C_SignFinal
+static CK_RV MacVerifyFinal(Session* session, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
+{
+ MacAlgorithm* mac = session->getMacOp();
+ if (mac == NULL)
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Size of the signature
+ CK_ULONG size = mac->getMacSize();
+
+ // Check buffer size
+ if (ulSignatureLen != size)
+ {
+ ERROR_MSG("The size of the signature differs from the size of the mechanism");
+ session->resetOp();
+ return CKR_SIGNATURE_LEN_RANGE;
+ }
+
+ // Get the signature
+ ByteString signature(pSignature, ulSignatureLen);
+
+ // Verify the data
+ if (!mac->verifyFinal(signature))
+ {
+ session->resetOp();
+ return CKR_SIGNATURE_INVALID;
+ }
+
+ session->resetOp();
+ return CKR_OK;
+}
+
+// AsymmetricAlgorithm version of C_VerifyFinal
+static CK_RV AsymVerifyFinal(Session* session, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
+{
+ AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
+ PublicKey* publicKey = session->getPublicKey();
+ if (asymCrypto == NULL || publicKey == NULL)
+ {
+ session->resetOp();
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ // Size of the signature
+ CK_ULONG size = publicKey->getOutputLength();
+
+ // Check buffer size
+ if (ulSignatureLen != size)
+ {
+ ERROR_MSG("The size of the signature differs from the size of the mechanism");
+ session->resetOp();
+ return CKR_SIGNATURE_LEN_RANGE;
+ }
+
+ // Get the data
+ ByteString signature(pSignature, ulSignatureLen);
+
+ // Verify the data
+ if (!asymCrypto->verifyFinal(signature))
+ {
+ session->resetOp();
+ return CKR_SIGNATURE_INVALID;
+ }
+
+ session->resetOp();
+ return CKR_OK;
+}
+
+// Finalise the verification operation and check the signature
+CK_RV SoftHSM::C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pSignature == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we are doing the correct operation
+ if (session->getOpType() != SESSION_OP_VERIFY || !session->getAllowMultiPartOp())
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if (session->getMacOp() != NULL)
+ return MacVerifyFinal(session, pSignature, ulSignatureLen);
+ else
+ return AsymVerifyFinal(session, pSignature, ulSignatureLen);
+}
+
+// Initialise a verification operation the allows recovery of the signed data from the signature
+CK_RV SoftHSM::C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR /*pMechanism*/, CK_OBJECT_HANDLE /*hKey*/)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check if we have another operation
+ if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;
+
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+// Perform a single part verification operation and recover the signed data
+CK_RV SoftHSM::C_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR /*pSignature*/, CK_ULONG /*ulSignatureLen*/, CK_BYTE_PTR /*pData*/, CK_ULONG_PTR /*pulDataLen*/)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+// Update a running multi-part encryption and digesting operation
+CK_RV SoftHSM::C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR /*pPart*/, CK_ULONG /*ulPartLen*/, CK_BYTE_PTR /*pEncryptedPart*/, CK_ULONG_PTR /*pulEncryptedPartLen*/)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+// Update a running multi-part decryption and digesting operation
+CK_RV SoftHSM::C_DecryptDigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR /*pPart*/, CK_ULONG /*ulPartLen*/, CK_BYTE_PTR /*pDecryptedPart*/, CK_ULONG_PTR /*pulDecryptedPartLen*/)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+// Update a running multi-part signing and encryption operation
+CK_RV SoftHSM::C_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR /*pPart*/, CK_ULONG /*ulPartLen*/, CK_BYTE_PTR /*pEncryptedPart*/, CK_ULONG_PTR /*pulEncryptedPartLen*/)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+// Update a running multi-part decryption and verification operation
+CK_RV SoftHSM::C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR /*pEncryptedPart*/, CK_ULONG /*ulEncryptedPartLen*/, CK_BYTE_PTR /*pPart*/, CK_ULONG_PTR /*pulPartLen*/)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+// Generate a secret key or a domain parameter set using the specified mechanism
+CK_RV SoftHSM::C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (phKey == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check the mechanism, only accept DSA and DH parameters
+ // and symmetric ciphers
+ CK_OBJECT_CLASS objClass;
+ CK_KEY_TYPE keyType;
+ switch (pMechanism->mechanism)
+ {
+ case CKM_DSA_PARAMETER_GEN:
+ objClass = CKO_DOMAIN_PARAMETERS;
+ keyType = CKK_DSA;
+ break;
+ case CKM_DH_PKCS_PARAMETER_GEN:
+ objClass = CKO_DOMAIN_PARAMETERS;
+ keyType = CKK_DH;
+ break;
+#ifndef WITH_FIPS
+ case CKM_DES_KEY_GEN:
+ objClass = CKO_SECRET_KEY;
+ keyType = CKK_DES;
+ break;
+#endif
+ case CKM_DES2_KEY_GEN:
+ objClass = CKO_SECRET_KEY;
+ keyType = CKK_DES2;
+ break;
+ case CKM_DES3_KEY_GEN:
+ objClass = CKO_SECRET_KEY;
+ keyType = CKK_DES3;
+ break;
+ case CKM_AES_KEY_GEN:
+ objClass = CKO_SECRET_KEY;
+ keyType = CKK_AES;
+ break;
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+
+ // Extract information from the template that is needed to create the object.
+ CK_BBOOL isOnToken = CK_FALSE;
+ CK_BBOOL isPrivate = CK_TRUE;
+ CK_CERTIFICATE_TYPE dummy;
+ bool isImplicit = true;
+ extractObjectInformation(pTemplate, ulCount, objClass, keyType, dummy, isOnToken, isPrivate, isImplicit);
+
+ // Report errors and/or unexpected usage.
+ if (objClass != CKO_SECRET_KEY && objClass != CKO_DOMAIN_PARAMETERS)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ if (pMechanism->mechanism == CKM_DSA_PARAMETER_GEN &&
+ (objClass != CKO_DOMAIN_PARAMETERS || keyType != CKK_DSA))
+ return CKR_TEMPLATE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_DH_PKCS_PARAMETER_GEN &&
+ (objClass != CKO_DOMAIN_PARAMETERS || keyType != CKK_DH))
+ return CKR_TEMPLATE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_DES_KEY_GEN &&
+ (objClass != CKO_SECRET_KEY || keyType != CKK_DES))
+ return CKR_TEMPLATE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_DES2_KEY_GEN &&
+ (objClass != CKO_SECRET_KEY || keyType != CKK_DES2))
+ return CKR_TEMPLATE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_DES3_KEY_GEN &&
+ (objClass != CKO_SECRET_KEY || keyType != CKK_DES3))
+ return CKR_TEMPLATE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_AES_KEY_GEN &&
+ (objClass != CKO_SECRET_KEY || keyType != CKK_AES))
+ return CKR_TEMPLATE_INCONSISTENT;
+
+ // Check authorization
+ CK_RV rv = haveWrite(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+ if (rv == CKR_SESSION_READ_ONLY)
+ INFO_MSG("Session is read-only");
+
+ return rv;
+ }
+
+ // Generate DSA domain parameters
+ if (pMechanism->mechanism == CKM_DSA_PARAMETER_GEN)
+ {
+ return this->generateDSAParameters(hSession, pTemplate, ulCount, phKey, isOnToken, isPrivate);
+ }
+
+ // Generate DH domain parameters
+ if (pMechanism->mechanism == CKM_DH_PKCS_PARAMETER_GEN)
+ {
+ return this->generateDHParameters(hSession, pTemplate, ulCount, phKey, isOnToken, isPrivate);
+ }
+
+ // Generate DES secret key
+ if (pMechanism->mechanism == CKM_DES_KEY_GEN)
+ {
+ return this->generateDES(hSession, pTemplate, ulCount, phKey, isOnToken, isPrivate);
+ }
+
+ // Generate DES2 secret key
+ if (pMechanism->mechanism == CKM_DES2_KEY_GEN)
+ {
+ return this->generateDES2(hSession, pTemplate, ulCount, phKey, isOnToken, isPrivate);
+ }
+
+ // Generate DES3 secret key
+ if (pMechanism->mechanism == CKM_DES3_KEY_GEN)
+ {
+ return this->generateDES3(hSession, pTemplate, ulCount, phKey, isOnToken, isPrivate);
+ }
+
+ // Generate AES secret key
+ if (pMechanism->mechanism == CKM_AES_KEY_GEN)
+ {
+ return this->generateAES(hSession, pTemplate, ulCount, phKey, isOnToken, isPrivate);
+ }
+
+ return CKR_GENERAL_ERROR;
+}
+
+// Generate a key-pair using the specified mechanism
+CK_RV SoftHSM::C_GenerateKeyPair
+(
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+ CK_ULONG ulPublicKeyAttributeCount,
+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+ CK_ULONG ulPrivateKeyAttributeCount,
+ CK_OBJECT_HANDLE_PTR phPublicKey,
+ CK_OBJECT_HANDLE_PTR phPrivateKey
+)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (phPublicKey == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (phPrivateKey == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check the mechanism, only accept RSA, DSA, EC and DH key pair generation.
+ CK_KEY_TYPE keyType;
+ switch (pMechanism->mechanism)
+ {
+ case CKM_RSA_PKCS_KEY_PAIR_GEN:
+ keyType = CKK_RSA;
+ break;
+ case CKM_DSA_KEY_PAIR_GEN:
+ keyType = CKK_DSA;
+ break;
+ case CKM_DH_PKCS_KEY_PAIR_GEN:
+ keyType = CKK_DH;
+ break;
+#ifdef WITH_ECC
+ case CKM_EC_KEY_PAIR_GEN:
+ keyType = CKK_EC;
+ break;
+#endif
+#ifdef WITH_GOST
+ case CKM_GOSTR3410_KEY_PAIR_GEN:
+ keyType = CKK_GOSTR3410;
+ break;
+#endif
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+ CK_CERTIFICATE_TYPE dummy;
+
+ // Extract information from the public key template that is needed to create the object.
+ CK_OBJECT_CLASS publicKeyClass = CKO_PUBLIC_KEY;
+ CK_BBOOL ispublicKeyToken = CK_FALSE;
+ CK_BBOOL ispublicKeyPrivate = CK_FALSE;
+ bool isPublicKeyImplicit = true;
+ extractObjectInformation(pPublicKeyTemplate, ulPublicKeyAttributeCount, publicKeyClass, keyType, dummy, ispublicKeyToken, ispublicKeyPrivate, isPublicKeyImplicit);
+
+ // Report errors caused by accidental template mix-ups in the application using this cryptoki lib.
+ if (publicKeyClass != CKO_PUBLIC_KEY)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ if (pMechanism->mechanism == CKM_RSA_PKCS_KEY_PAIR_GEN && keyType != CKK_RSA)
+ return CKR_TEMPLATE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_DSA_KEY_PAIR_GEN && keyType != CKK_DSA)
+ return CKR_TEMPLATE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_EC_KEY_PAIR_GEN && keyType != CKK_EC)
+ return CKR_TEMPLATE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_DH_PKCS_KEY_PAIR_GEN && keyType != CKK_DH)
+ return CKR_TEMPLATE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_GOSTR3410_KEY_PAIR_GEN && keyType != CKK_GOSTR3410)
+ return CKR_TEMPLATE_INCONSISTENT;
+
+ // Extract information from the private key template that is needed to create the object.
+ CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY;
+ CK_BBOOL isprivateKeyToken = CK_FALSE;
+ CK_BBOOL isprivateKeyPrivate = CK_TRUE;
+ bool isPrivateKeyImplicit = true;
+ extractObjectInformation(pPrivateKeyTemplate, ulPrivateKeyAttributeCount, privateKeyClass, keyType, dummy, isprivateKeyToken, isprivateKeyPrivate, isPrivateKeyImplicit);
+
+ // Report errors caused by accidental template mix-ups in the application using this cryptoki lib.
+ if (privateKeyClass != CKO_PRIVATE_KEY)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ if (pMechanism->mechanism == CKM_RSA_PKCS_KEY_PAIR_GEN && keyType != CKK_RSA)
+ return CKR_TEMPLATE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_DSA_KEY_PAIR_GEN && keyType != CKK_DSA)
+ return CKR_TEMPLATE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_EC_KEY_PAIR_GEN && keyType != CKK_EC)
+ return CKR_TEMPLATE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_DH_PKCS_KEY_PAIR_GEN && keyType != CKK_DH)
+ return CKR_TEMPLATE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_GOSTR3410_KEY_PAIR_GEN && keyType != CKK_GOSTR3410)
+ return CKR_TEMPLATE_INCONSISTENT;
+
+ // Check user credentials
+ CK_RV rv = haveWrite(session->getState(), ispublicKeyToken || isprivateKeyToken, ispublicKeyPrivate || isprivateKeyPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+ if (rv == CKR_SESSION_READ_ONLY)
+ INFO_MSG("Session is read-only");
+
+ return rv;
+ }
+
+ // Generate RSA keys
+ if (pMechanism->mechanism == CKM_RSA_PKCS_KEY_PAIR_GEN)
+ {
+ return this->generateRSA(hSession,
+ pPublicKeyTemplate, ulPublicKeyAttributeCount,
+ pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
+ phPublicKey, phPrivateKey,
+ ispublicKeyToken, ispublicKeyPrivate, isprivateKeyToken, isprivateKeyPrivate);
+ }
+
+ // Generate DSA keys
+ if (pMechanism->mechanism == CKM_DSA_KEY_PAIR_GEN)
+ {
+ return this->generateDSA(hSession,
+ pPublicKeyTemplate, ulPublicKeyAttributeCount,
+ pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
+ phPublicKey, phPrivateKey,
+ ispublicKeyToken, ispublicKeyPrivate, isprivateKeyToken, isprivateKeyPrivate);
+ }
+
+ // Generate EC keys
+ if (pMechanism->mechanism == CKM_EC_KEY_PAIR_GEN)
+ {
+ return this->generateEC(hSession,
+ pPublicKeyTemplate, ulPublicKeyAttributeCount,
+ pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
+ phPublicKey, phPrivateKey,
+ ispublicKeyToken, ispublicKeyPrivate, isprivateKeyToken, isprivateKeyPrivate);
+ }
+
+ // Generate DH keys
+ if (pMechanism->mechanism == CKM_DH_PKCS_KEY_PAIR_GEN)
+ {
+ return this->generateDH(hSession,
+ pPublicKeyTemplate, ulPublicKeyAttributeCount,
+ pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
+ phPublicKey, phPrivateKey,
+ ispublicKeyToken, ispublicKeyPrivate, isprivateKeyToken, isprivateKeyPrivate);
+ }
+
+ // Generate GOST keys
+ if (pMechanism->mechanism == CKM_GOSTR3410_KEY_PAIR_GEN)
+ {
+ return this->generateGOST(hSession,
+ pPublicKeyTemplate, ulPublicKeyAttributeCount,
+ pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
+ phPublicKey, phPrivateKey,
+ ispublicKeyToken, ispublicKeyPrivate, isprivateKeyToken, isprivateKeyPrivate);
+ }
+
+ return CKR_GENERAL_ERROR;
+}
+
+// Internal: Wrap blob using symmetric key
+CK_RV SoftHSM::WrapKeySym
+(
+ CK_MECHANISM_PTR pMechanism,
+ Token* token,
+ OSObject* wrapKey,
+ ByteString& keydata,
+ ByteString& wrapped
+)
+{
+ // Get the symmetric algorithm matching the mechanism
+ SymAlgo::Type algo = SymAlgo::Unknown;
+ SymWrap::Type mode = SymWrap::Unknown;
+ size_t bb = 8;
+#ifdef HAVE_AES_KEY_WRAP
+ CK_ULONG wrappedlen = keydata.size();
+
+ // [PKCS#11 v2.40, 2.14.3 AES Key Wrap]
+ // A key whose length is not a multiple of the AES Key Wrap block
+ // size (8 bytes) will be zero padded to fit.
+ CK_ULONG alignment = wrappedlen % 8;
+ if (alignment != 0)
+ {
+ keydata.resize(wrappedlen + 8 - alignment);
+ memset(&keydata[wrappedlen], 0, 8 - alignment);
+ wrappedlen = keydata.size();
+ }
+#endif
+ switch(pMechanism->mechanism) {
+#ifdef HAVE_AES_KEY_WRAP
+ case CKM_AES_KEY_WRAP:
+ if ((wrappedlen < 16) || ((wrappedlen % 8) != 0))
+ return CKR_KEY_SIZE_RANGE;
+ algo = SymAlgo::AES;
+ mode = SymWrap::AES_KEYWRAP;
+ break;
+#endif
+#ifdef HAVE_AES_KEY_WRAP_PAD
+ case CKM_AES_KEY_WRAP_PAD:
+ algo = SymAlgo::AES;
+ mode = SymWrap::AES_KEYWRAP_PAD;
+ break;
+#endif
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+ SymmetricAlgorithm* cipher = CryptoFactory::i()->getSymmetricAlgorithm(algo);
+ if (cipher == NULL) return CKR_MECHANISM_INVALID;
+
+ SymmetricKey* wrappingkey = new SymmetricKey();
+
+ if (getSymmetricKey(wrappingkey, token, wrapKey) != CKR_OK)
+ {
+ cipher->recycleKey(wrappingkey);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+ return CKR_GENERAL_ERROR;
+ }
+
+ // adjust key bit length
+ wrappingkey->setBitLen(wrappingkey->getKeyBits().size() * bb);
+
+ // Wrap the key
+ if (!cipher->wrapKey(wrappingkey, mode, keydata, wrapped))
+ {
+ cipher->recycleKey(wrappingkey);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+ return CKR_GENERAL_ERROR;
+ }
+
+ cipher->recycleKey(wrappingkey);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+ return CKR_OK;
+}
+
+// Internal: Wrap blob using asymmetric key
+CK_RV SoftHSM::WrapKeyAsym
+(
+ CK_MECHANISM_PTR pMechanism,
+ Token* token,
+ OSObject* wrapKey,
+ ByteString& keydata,
+ ByteString& wrapped
+)
+{
+ const size_t bb = 8;
+ AsymAlgo::Type algo = AsymAlgo::Unknown;
+ AsymMech::Type mech = AsymMech::Unknown;
+
+ CK_ULONG modulus_length;
+ switch(pMechanism->mechanism) {
+ case CKM_RSA_PKCS:
+ case CKM_RSA_PKCS_OAEP:
+ algo = AsymAlgo::RSA;
+ if (!wrapKey->attributeExists(CKA_MODULUS_BITS))
+ return CKR_GENERAL_ERROR;
+ modulus_length = wrapKey->getUnsignedLongValue(CKA_MODULUS_BITS, 0);
+ // adjust key bit length
+ modulus_length /= bb;
+ break;
+
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+
+ switch(pMechanism->mechanism) {
+ case CKM_RSA_PKCS:
+ mech = AsymMech::RSA_PKCS;
+ // RFC 3447 section 7.2.1
+ if (keydata.size() > modulus_length - 11)
+ return CKR_KEY_SIZE_RANGE;
+ break;
+
+ case CKM_RSA_PKCS_OAEP:
+ mech = AsymMech::RSA_PKCS_OAEP;
+ // SHA-1 is the only supported option
+ // PKCS#11 2.40 draft 2 section 2.1.8: input length <= k-2-2hashLen
+ if (keydata.size() > modulus_length - 2 - 2 * 160 / 8)
+ return CKR_KEY_SIZE_RANGE;
+ break;
+
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+
+ AsymmetricAlgorithm* cipher = CryptoFactory::i()->getAsymmetricAlgorithm(algo);
+ if (cipher == NULL) return CKR_MECHANISM_INVALID;
+
+ PublicKey* publicKey = cipher->newPublicKey();
+ if (publicKey == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
+ return CKR_HOST_MEMORY;
+ }
+
+ switch(pMechanism->mechanism) {
+ case CKM_RSA_PKCS:
+ case CKM_RSA_PKCS_OAEP:
+ if (getRSAPublicKey((RSAPublicKey*)publicKey, token, wrapKey) != CKR_OK)
+ {
+ cipher->recyclePublicKey(publicKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
+ return CKR_GENERAL_ERROR;
+ }
+ break;
+
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+ // Wrap the key
+ if (!cipher->wrapKey(publicKey, keydata, wrapped, mech))
+ {
+ cipher->recyclePublicKey(publicKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
+ return CKR_GENERAL_ERROR;
+ }
+
+ cipher->recyclePublicKey(publicKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
+
+ return CKR_OK;
+}
+
+
+// Wrap the specified key using the specified wrapping key and mechanism
+CK_RV SoftHSM::C_WrapKey
+(
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hWrappingKey,
+ CK_OBJECT_HANDLE hKey,
+ CK_BYTE_PTR pWrappedKey,
+ CK_ULONG_PTR pulWrappedKeyLen
+)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (pulWrappedKeyLen == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ CK_RV rv;
+ // Check the mechanism, only accept advanced AES key wrapping and RSA
+ switch(pMechanism->mechanism)
+ {
+#ifdef HAVE_AES_KEY_WRAP
+ case CKM_AES_KEY_WRAP:
+#endif
+#ifdef HAVE_AES_KEY_WRAP_PAD
+ case CKM_AES_KEY_WRAP_PAD:
+#endif
+ case CKM_RSA_PKCS:
+ // Does not handle optional init vector
+ if (pMechanism->pParameter != NULL_PTR ||
+ pMechanism->ulParameterLen != 0)
+ return CKR_ARGUMENTS_BAD;
+ break;
+ case CKM_RSA_PKCS_OAEP:
+ rv = MechParamCheckRSAPKCSOAEP(pMechanism);
+ if (rv != CKR_OK)
+ return rv;
+ break;
+
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ // Check the wrapping key handle.
+ OSObject *wrapKey = (OSObject *)handleManager->getObject(hWrappingKey);
+ if (wrapKey == NULL_PTR || !wrapKey->isValid()) return CKR_WRAPPING_KEY_HANDLE_INVALID;
+
+ CK_BBOOL isWrapKeyOnToken = wrapKey->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL isWrapKeyPrivate = wrapKey->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check user credentials for the wrapping key
+ rv = haveRead(session->getState(), isWrapKeyOnToken, isWrapKeyPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+
+ return rv;
+ }
+
+ // Check wrapping key class and type
+ if ((pMechanism->mechanism == CKM_AES_KEY_WRAP || pMechanism->mechanism == CKM_AES_KEY_WRAP_PAD) && wrapKey->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) != CKO_SECRET_KEY)
+ return CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
+ if ((pMechanism->mechanism == CKM_RSA_PKCS || pMechanism->mechanism == CKM_RSA_PKCS_OAEP) && wrapKey->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) != CKO_PUBLIC_KEY)
+ return CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_AES_KEY_WRAP && wrapKey->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_AES)
+ return CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_AES_KEY_WRAP_PAD && wrapKey->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_AES)
+ return CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
+ if ((pMechanism->mechanism == CKM_RSA_PKCS || pMechanism->mechanism == CKM_RSA_PKCS_OAEP) && wrapKey->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_RSA)
+ return CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
+
+ // Check if the wrapping key can be used for wrapping
+ if (wrapKey->getBooleanValue(CKA_WRAP, false) == false)
+ return CKR_KEY_FUNCTION_NOT_PERMITTED;
+
+ // Check if the specified mechanism is allowed for the wrapping key
+ if (!isMechanismPermitted(wrapKey, pMechanism))
+ return CKR_MECHANISM_INVALID;
+
+ // Check the to be wrapped key handle.
+ OSObject *key = (OSObject *)handleManager->getObject(hKey);
+ if (key == NULL_PTR || !key->isValid()) return CKR_KEY_HANDLE_INVALID;
+
+ CK_BBOOL isKeyOnToken = key->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check user credentials for the to be wrapped key
+ rv = haveRead(session->getState(), isKeyOnToken, isKeyPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+
+ return rv;
+ }
+
+ // Check if the to be wrapped key can be wrapped
+ if (key->getBooleanValue(CKA_EXTRACTABLE, false) == false)
+ return CKR_KEY_UNEXTRACTABLE;
+ if (key->getBooleanValue(CKA_WRAP_WITH_TRUSTED, false) && wrapKey->getBooleanValue(CKA_TRUSTED, false) == false)
+ return CKR_KEY_NOT_WRAPPABLE;
+
+ // Check the class
+ CK_OBJECT_CLASS keyClass = key->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED);
+ if (keyClass != CKO_SECRET_KEY && keyClass != CKO_PRIVATE_KEY)
+ return CKR_KEY_NOT_WRAPPABLE;
+ // CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP can be used only on SECRET keys: PKCS#11 2.40 draft 2 section 2.1.6 PKCS #1 v1.5 RSA & section 2.1.8 PKCS #1 RSA OAEP
+ if ((pMechanism->mechanism == CKM_RSA_PKCS || pMechanism->mechanism == CKM_RSA_PKCS_OAEP) && keyClass != CKO_SECRET_KEY)
+ return CKR_KEY_NOT_WRAPPABLE;
+
+ // Verify the wrap template attribute
+ if (wrapKey->attributeExists(CKA_WRAP_TEMPLATE))
+ {
+ OSAttribute attr = wrapKey->getAttribute(CKA_WRAP_TEMPLATE);
+
+ if (attr.isAttributeMapAttribute())
+ {
+ typedef std::map<CK_ATTRIBUTE_TYPE,OSAttribute> attrmap_type;
+
+ const attrmap_type& map = attr.getAttributeMapValue();
+
+ for (attrmap_type::const_iterator it = map.begin(); it != map.end(); ++it)
+ {
+ if (!key->attributeExists(it->first))
+ {
+ return CKR_KEY_NOT_WRAPPABLE;
+ }
+
+ OSAttribute keyAttr = key->getAttribute(it->first);
+ ByteString v1, v2;
+ if (!keyAttr.peekValue(v1) || !it->second.peekValue(v2) || (v1 != v2))
+ {
+ return CKR_KEY_NOT_WRAPPABLE;
+ }
+ }
+ }
+ }
+
+ // Get the key data to encrypt
+ ByteString keydata;
+ if (keyClass == CKO_SECRET_KEY)
+ {
+ if (isKeyPrivate)
+ {
+ bool bOK = token->decrypt(key->getByteStringValue(CKA_VALUE), keydata);
+ if (!bOK) return CKR_GENERAL_ERROR;
+ }
+ else
+ {
+ keydata = key->getByteStringValue(CKA_VALUE);
+ }
+ }
+ else
+ {
+ CK_KEY_TYPE keyType = key->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED);
+ AsymAlgo::Type alg = AsymAlgo::Unknown;
+ switch (keyType) {
+ case CKK_RSA:
+ alg = AsymAlgo::RSA;
+ break;
+ case CKK_DSA:
+ alg = AsymAlgo::DSA;
+ break;
+ case CKK_DH:
+ alg = AsymAlgo::DH;
+ break;
+#ifdef WITH_ECC
+ case CKK_EC:
+ // can be ecdh too but it doesn't matter
+ alg = AsymAlgo::ECDSA;
+ break;
+#endif
+ default:
+ return CKR_KEY_NOT_WRAPPABLE;
+ }
+ AsymmetricAlgorithm* asymCrypto = NULL;
+ PrivateKey* privateKey = NULL;
+ asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(alg);
+ if (asymCrypto == NULL)
+ return CKR_GENERAL_ERROR;
+ privateKey = asymCrypto->newPrivateKey();
+ if (privateKey == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_HOST_MEMORY;
+ }
+ switch (keyType) {
+ case CKK_RSA:
+ rv = getRSAPrivateKey((RSAPrivateKey*)privateKey, token, key);
+ break;
+ case CKK_DSA:
+ rv = getDSAPrivateKey((DSAPrivateKey*)privateKey, token, key);
+ break;
+ case CKK_DH:
+ rv = getDHPrivateKey((DHPrivateKey*)privateKey, token, key);
+ break;
+#ifdef WITH_ECC
+ case CKK_EC:
+ rv = getECPrivateKey((ECPrivateKey*)privateKey, token, key);
+ break;
+#endif
+ }
+ if (rv != CKR_OK)
+ {
+ asymCrypto->recyclePrivateKey(privateKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ return CKR_GENERAL_ERROR;
+ }
+ keydata = privateKey->PKCS8Encode();
+ asymCrypto->recyclePrivateKey(privateKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+ }
+ if (keydata.size() == 0)
+ return CKR_KEY_NOT_WRAPPABLE;
+
+ keyClass = wrapKey->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED);
+ ByteString wrapped;
+ if (keyClass == CKO_SECRET_KEY)
+ rv = SoftHSM::WrapKeySym(pMechanism, token, wrapKey, keydata, wrapped);
+ else
+ rv = SoftHSM::WrapKeyAsym(pMechanism, token, wrapKey, keydata, wrapped);
+ if (rv != CKR_OK)
+ return rv;
+
+ if (pWrappedKey != NULL) {
+ if (*pulWrappedKeyLen >= wrapped.size())
+ memcpy(pWrappedKey, wrapped.byte_str(), wrapped.size());
+ else
+ rv = CKR_BUFFER_TOO_SMALL;
+ }
+
+ *pulWrappedKeyLen = wrapped.size();
+ return rv;
+}
+
+// Internal: Unwrap blob using symmetric key
+CK_RV SoftHSM::UnwrapKeySym
+(
+ CK_MECHANISM_PTR pMechanism,
+ ByteString& wrapped,
+ Token* token,
+ OSObject* unwrapKey,
+ ByteString& keydata
+)
+{
+ // Get the symmetric algorithm matching the mechanism
+ SymAlgo::Type algo = SymAlgo::Unknown;
+ SymWrap::Type mode = SymWrap::Unknown;
+ size_t bb = 8;
+ switch(pMechanism->mechanism) {
+#ifdef HAVE_AES_KEY_WRAP
+ case CKM_AES_KEY_WRAP:
+ algo = SymAlgo::AES;
+ mode = SymWrap::AES_KEYWRAP;
+ break;
+#endif
+#ifdef HAVE_AES_KEY_WRAP_PAD
+ case CKM_AES_KEY_WRAP_PAD:
+ algo = SymAlgo::AES;
+ mode = SymWrap::AES_KEYWRAP_PAD;
+ break;
+#endif
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+ SymmetricAlgorithm* cipher = CryptoFactory::i()->getSymmetricAlgorithm(algo);
+ if (cipher == NULL) return CKR_MECHANISM_INVALID;
+
+ SymmetricKey* unwrappingkey = new SymmetricKey();
+
+ if (getSymmetricKey(unwrappingkey, token, unwrapKey) != CKR_OK)
+ {
+ cipher->recycleKey(unwrappingkey);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+ return CKR_GENERAL_ERROR;
+ }
+
+ // adjust key bit length
+ unwrappingkey->setBitLen(unwrappingkey->getKeyBits().size() * bb);
+
+ // Unwrap the key
+ CK_RV rv = CKR_OK;
+ if (!cipher->unwrapKey(unwrappingkey, mode, wrapped, keydata))
+ rv = CKR_GENERAL_ERROR;
+ cipher->recycleKey(unwrappingkey);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+ return rv;
+}
+
+// Internal: Unwrap blob using asymmetric key
+CK_RV SoftHSM::UnwrapKeyAsym
+(
+ CK_MECHANISM_PTR pMechanism,
+ ByteString& wrapped,
+ Token* token,
+ OSObject* unwrapKey,
+ ByteString& keydata
+)
+{
+ // Get the symmetric algorithm matching the mechanism
+ AsymAlgo::Type algo = AsymAlgo::Unknown;
+ AsymMech::Type mode = AsymMech::Unknown;
+ switch(pMechanism->mechanism) {
+ case CKM_RSA_PKCS:
+ algo = AsymAlgo::RSA;
+ mode = AsymMech::RSA_PKCS;
+ break;
+
+ case CKM_RSA_PKCS_OAEP:
+ algo = AsymAlgo::RSA;
+ mode = AsymMech::RSA_PKCS_OAEP;
+ break;
+
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+ AsymmetricAlgorithm* cipher = CryptoFactory::i()->getAsymmetricAlgorithm(algo);
+ if (cipher == NULL) return CKR_MECHANISM_INVALID;
+
+ PrivateKey* unwrappingkey = cipher->newPrivateKey();
+ if (unwrappingkey == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
+ return CKR_HOST_MEMORY;
+ }
+
+ switch(pMechanism->mechanism) {
+ case CKM_RSA_PKCS:
+ case CKM_RSA_PKCS_OAEP:
+ if (getRSAPrivateKey((RSAPrivateKey*)unwrappingkey, token, unwrapKey) != CKR_OK)
+ {
+ cipher->recyclePrivateKey(unwrappingkey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
+ return CKR_GENERAL_ERROR;
+ }
+ break;
+
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+
+ // Unwrap the key
+ CK_RV rv = CKR_OK;
+ if (!cipher->unwrapKey(unwrappingkey, wrapped, keydata, mode))
+ rv = CKR_GENERAL_ERROR;
+ cipher->recyclePrivateKey(unwrappingkey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
+ return rv;
+}
+
+// Unwrap the specified key using the specified unwrapping key
+CK_RV SoftHSM::C_UnwrapKey
+(
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hUnwrappingKey,
+ CK_BYTE_PTR pWrappedKey,
+ CK_ULONG ulWrappedKeyLen,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR hKey
+)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (pWrappedKey == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (pTemplate == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (hKey == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ CK_RV rv;
+ // Check the mechanism
+ switch(pMechanism->mechanism)
+ {
+#ifdef HAVE_AES_KEY_WRAP
+ case CKM_AES_KEY_WRAP:
+ if ((ulWrappedKeyLen < 24) || ((ulWrappedKeyLen % 8) != 0))
+ return CKR_WRAPPED_KEY_LEN_RANGE;
+ // Does not handle optional init vector
+ if (pMechanism->pParameter != NULL_PTR ||
+ pMechanism->ulParameterLen != 0)
+ return CKR_ARGUMENTS_BAD;
+ break;
+#endif
+#ifdef HAVE_AES_KEY_WRAP_PAD
+ case CKM_AES_KEY_WRAP_PAD:
+ if ((ulWrappedKeyLen < 16) || ((ulWrappedKeyLen % 8) != 0))
+ return CKR_WRAPPED_KEY_LEN_RANGE;
+ // Does not handle optional init vector
+ if (pMechanism->pParameter != NULL_PTR ||
+ pMechanism->ulParameterLen != 0)
+ return CKR_ARGUMENTS_BAD;
+ break;
+#endif
+ case CKM_RSA_PKCS:
+ // Input length checks needs to be done later when unwrapping key is known
+ break;
+ case CKM_RSA_PKCS_OAEP:
+ rv = MechParamCheckRSAPKCSOAEP(pMechanism);
+ if (rv != CKR_OK)
+ return rv;
+ break;
+
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ // Check the unwrapping key handle.
+ OSObject *unwrapKey = (OSObject *)handleManager->getObject(hUnwrappingKey);
+ if (unwrapKey == NULL_PTR || !unwrapKey->isValid()) return CKR_UNWRAPPING_KEY_HANDLE_INVALID;
+
+ CK_BBOOL isUnwrapKeyOnToken = unwrapKey->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL isUnwrapKeyPrivate = unwrapKey->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check user credentials
+ rv = haveRead(session->getState(), isUnwrapKeyOnToken, isUnwrapKeyPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+
+ return rv;
+ }
+
+ // Check unwrapping key class and type
+ if ((pMechanism->mechanism == CKM_AES_KEY_WRAP || pMechanism->mechanism == CKM_AES_KEY_WRAP_PAD) && unwrapKey->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) != CKO_SECRET_KEY)
+ return CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_AES_KEY_WRAP && unwrapKey->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_AES)
+ return CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_AES_KEY_WRAP_PAD && unwrapKey->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_AES)
+ return CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
+ if ((pMechanism->mechanism == CKM_RSA_PKCS || pMechanism->mechanism == CKM_RSA_PKCS_OAEP) && unwrapKey->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) != CKO_PRIVATE_KEY)
+ return CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
+ if ((pMechanism->mechanism == CKM_RSA_PKCS || pMechanism->mechanism == CKM_RSA_PKCS_OAEP) && unwrapKey->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_RSA)
+ return CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
+
+ // Check if the unwrapping key can be used for unwrapping
+ if (unwrapKey->getBooleanValue(CKA_UNWRAP, false) == false)
+ return CKR_KEY_FUNCTION_NOT_PERMITTED;
+
+ // Check if the specified mechanism is allowed for the unwrap key
+ if (!isMechanismPermitted(unwrapKey, pMechanism))
+ return CKR_MECHANISM_INVALID;
+
+ // Extract information from the template that is needed to create the object.
+ CK_OBJECT_CLASS objClass;
+ CK_KEY_TYPE keyType;
+ CK_BBOOL isOnToken = CK_FALSE;
+ CK_BBOOL isPrivate = CK_TRUE;
+ CK_CERTIFICATE_TYPE dummy;
+ bool isImplicit = false;
+ rv = extractObjectInformation(pTemplate, ulCount, objClass, keyType, dummy, isOnToken, isPrivate, isImplicit);
+ if (rv != CKR_OK)
+ {
+ ERROR_MSG("Mandatory attribute not present in template");
+ return rv;
+ }
+
+ // Report errors and/or unexpected usage.
+ if (objClass != CKO_SECRET_KEY && objClass != CKO_PRIVATE_KEY)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ // Key type will be handled at object creation
+
+ // Check authorization
+ rv = haveWrite(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+ if (rv == CKR_SESSION_READ_ONLY)
+ INFO_MSG("Session is read-only");
+
+ return rv;
+ }
+
+ // Build unwrapped key template
+ const CK_ULONG maxAttribs = 32;
+ CK_ATTRIBUTE secretAttribs[maxAttribs] = {
+ { CKA_CLASS, &objClass, sizeof(objClass) },
+ { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
+ { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
+ { CKA_KEY_TYPE, &keyType, sizeof(keyType) }
+ };
+ CK_ULONG secretAttribsCount = 4;
+
+ // Add the additional
+ if (ulCount > (maxAttribs - secretAttribsCount))
+ return CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i = 0; i < ulCount; ++i)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ continue;
+ default:
+ secretAttribs[secretAttribsCount++] = pTemplate[i];
+ }
+ }
+
+ // Apply the unwrap template
+ if (unwrapKey->attributeExists(CKA_UNWRAP_TEMPLATE))
+ {
+ OSAttribute unwrapAttr = unwrapKey->getAttribute(CKA_UNWRAP_TEMPLATE);
+
+ if (unwrapAttr.isAttributeMapAttribute())
+ {
+ typedef std::map<CK_ATTRIBUTE_TYPE,OSAttribute> attrmap_type;
+
+ const attrmap_type& map = unwrapAttr.getAttributeMapValue();
+
+ for (attrmap_type::const_iterator it = map.begin(); it != map.end(); ++it)
+ {
+ CK_ATTRIBUTE* attr = NULL;
+ for (CK_ULONG i = 0; i < secretAttribsCount; ++i)
+ {
+ if (it->first == secretAttribs[i].type)
+ {
+ if (attr != NULL)
+ {
+ return CKR_TEMPLATE_INCONSISTENT;
+ }
+ attr = &secretAttribs[i];
+ ByteString value;
+ it->second.peekValue(value);
+ if (attr->ulValueLen != value.size())
+ {
+ return CKR_TEMPLATE_INCONSISTENT;
+ }
+ if (memcmp(attr->pValue, value.const_byte_str(), value.size()) != 0)
+ {
+ return CKR_TEMPLATE_INCONSISTENT;
+ }
+ }
+ }
+ if (attr == NULL)
+ {
+ return CKR_TEMPLATE_INCONSISTENT;
+ }
+ }
+ }
+ }
+
+ *hKey = CK_INVALID_HANDLE;
+
+ // Unwrap the key
+ ByteString wrapped(pWrappedKey, ulWrappedKeyLen);
+ ByteString keydata;
+ if (unwrapKey->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) == CKO_SECRET_KEY)
+ rv = UnwrapKeySym(pMechanism, wrapped, token, unwrapKey, keydata);
+ else if (unwrapKey->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) == CKO_PRIVATE_KEY)
+ rv = UnwrapKeyAsym(pMechanism, wrapped, token, unwrapKey, keydata);
+ else
+ rv = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
+ if (rv != CKR_OK)
+ return rv;
+
+ // Create the secret object using C_CreateObject
+ rv = this->CreateObject(hSession, secretAttribs, secretAttribsCount, hKey, OBJECT_OP_UNWRAP);
+
+ // Store the attributes that are being supplied
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*hKey);
+ if (osobject == NULL_PTR || !osobject->isValid())
+ rv = CKR_FUNCTION_FAILED;
+ if (osobject->startTransaction())
+ {
+ bool bOK = true;
+
+ // Common Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL, false);
+
+ // Common Secret Key Attributes
+ bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE, false);
+ bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, false);
+
+ // Secret Attributes
+ if (objClass == CKO_SECRET_KEY)
+ {
+ ByteString value;
+ if (isPrivate)
+ token->encrypt(keydata, value);
+ else
+ value = keydata;
+ bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
+ }
+ else if (keyType == CKK_RSA)
+ {
+ bOK = bOK && setRSAPrivateKey(osobject, keydata, token, isPrivate != CK_FALSE);
+ }
+ else if (keyType == CKK_DSA)
+ {
+ bOK = bOK && setDSAPrivateKey(osobject, keydata, token, isPrivate != CK_FALSE);
+ }
+ else if (keyType == CKK_DH)
+ {
+ bOK = bOK && setDHPrivateKey(osobject, keydata, token, isPrivate != CK_FALSE);
+ }
+ else if (keyType == CKK_EC)
+ {
+ bOK = bOK && setECPrivateKey(osobject, keydata, token, isPrivate != CK_FALSE);
+ }
+ else
+ bOK = false;
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ }
+ else
+ rv = CKR_FUNCTION_FAILED;
+ }
+
+ // Remove secret that may have been created already when the function fails.
+ if (rv != CKR_OK)
+ {
+ if (*hKey != CK_INVALID_HANDLE)
+ {
+ OSObject* obj = (OSObject*)handleManager->getObject(*hKey);
+ handleManager->destroyObject(*hKey);
+ if (obj) obj->destroyObject();
+ *hKey = CK_INVALID_HANDLE;
+ }
+
+ }
+
+ return rv;
+}
+
+// Derive a key from the specified base key
+CK_RV SoftHSM::C_DeriveKey
+(
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hBaseKey,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phKey
+)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (pTemplate == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (phKey == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Check the mechanism, only accept DH and ECDH derive
+ switch (pMechanism->mechanism)
+ {
+ case CKM_DH_PKCS_DERIVE:
+#ifdef WITH_ECC
+ case CKM_ECDH1_DERIVE:
+#endif
+#ifndef WITH_FIPS
+ case CKM_DES_ECB_ENCRYPT_DATA:
+ case CKM_DES_CBC_ENCRYPT_DATA:
+#endif
+ case CKM_DES3_ECB_ENCRYPT_DATA:
+ case CKM_DES3_CBC_ENCRYPT_DATA:
+ case CKM_AES_ECB_ENCRYPT_DATA:
+ case CKM_AES_CBC_ENCRYPT_DATA:
+ break;
+ default:
+ ERROR_MSG("Invalid mechanism");
+ return CKR_MECHANISM_INVALID;
+ }
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL) return CKR_GENERAL_ERROR;
+
+ // Check the key handle.
+ OSObject *key = (OSObject *)handleManager->getObject(hBaseKey);
+ if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;
+
+ CK_BBOOL isKeyOnToken = key->getBooleanValue(CKA_TOKEN, false);
+ CK_BBOOL isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, true);
+
+ // Check user credentials
+ CK_RV rv = haveRead(session->getState(), isKeyOnToken, isKeyPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+
+ return rv;
+ }
+
+ // Check if key can be used for derive
+ if (!key->getBooleanValue(CKA_DERIVE, false))
+ return CKR_KEY_FUNCTION_NOT_PERMITTED;
+
+ // Check if the specified mechanism is allowed for the key
+ if (!isMechanismPermitted(key, pMechanism))
+ return CKR_MECHANISM_INVALID;
+
+ // Extract information from the template that is needed to create the object.
+ CK_OBJECT_CLASS objClass;
+ CK_KEY_TYPE keyType;
+ CK_BBOOL isOnToken = CK_FALSE;
+ CK_BBOOL isPrivate = CK_TRUE;
+ CK_CERTIFICATE_TYPE dummy;
+ bool isImplicit = false;
+ rv = extractObjectInformation(pTemplate, ulCount, objClass, keyType, dummy, isOnToken, isPrivate, isImplicit);
+ if (rv != CKR_OK)
+ {
+ ERROR_MSG("Mandatory attribute not present in template");
+ return rv;
+ }
+
+ // Report errors and/or unexpected usage.
+ if (objClass != CKO_SECRET_KEY)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ if (keyType != CKK_GENERIC_SECRET &&
+ keyType != CKK_DES &&
+ keyType != CKK_DES2 &&
+ keyType != CKK_DES3 &&
+ keyType != CKK_AES)
+ return CKR_TEMPLATE_INCONSISTENT;
+
+ // Check authorization
+ rv = haveWrite(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+ if (rv == CKR_SESSION_READ_ONLY)
+ INFO_MSG("Session is read-only");
+
+ return rv;
+ }
+
+ // Derive DH secret
+ if (pMechanism->mechanism == CKM_DH_PKCS_DERIVE)
+ {
+ // Check key class and type
+ if (key->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) != CKO_PRIVATE_KEY)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ if (key->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_DH)
+ return CKR_KEY_TYPE_INCONSISTENT;
+
+ return this->deriveDH(hSession, pMechanism, hBaseKey, pTemplate, ulCount, phKey, keyType, isOnToken, isPrivate);
+ }
+
+#ifdef WITH_ECC
+ // Derive ECDH secret
+ if (pMechanism->mechanism == CKM_ECDH1_DERIVE)
+ {
+ // Check key class and type
+ if (key->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) != CKO_PRIVATE_KEY)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ if (key->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_EC)
+ return CKR_KEY_TYPE_INCONSISTENT;
+
+ return this->deriveECDH(hSession, pMechanism, hBaseKey, pTemplate, ulCount, phKey, keyType, isOnToken, isPrivate);
+ }
+#endif
+
+ // Derive symmetric secret
+ if (pMechanism->mechanism == CKM_DES_ECB_ENCRYPT_DATA ||
+ pMechanism->mechanism == CKM_DES_CBC_ENCRYPT_DATA ||
+ pMechanism->mechanism == CKM_DES3_ECB_ENCRYPT_DATA ||
+ pMechanism->mechanism == CKM_DES3_CBC_ENCRYPT_DATA ||
+ pMechanism->mechanism == CKM_AES_ECB_ENCRYPT_DATA ||
+ pMechanism->mechanism == CKM_AES_CBC_ENCRYPT_DATA)
+ {
+ // Check key class and type
+ CK_KEY_TYPE baseKeyType = key->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED);
+ if (key->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) != CKO_SECRET_KEY)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_DES_ECB_ENCRYPT_DATA &&
+ baseKeyType != CKK_DES)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_DES_CBC_ENCRYPT_DATA &&
+ baseKeyType != CKK_DES)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_DES3_ECB_ENCRYPT_DATA &&
+ baseKeyType != CKK_DES2 && baseKeyType != CKK_DES3)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_DES3_CBC_ENCRYPT_DATA &&
+ baseKeyType != CKK_DES2 && baseKeyType != CKK_DES3)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_AES_ECB_ENCRYPT_DATA &&
+ baseKeyType != CKK_AES)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_AES_CBC_ENCRYPT_DATA &&
+ baseKeyType != CKK_AES)
+ return CKR_KEY_TYPE_INCONSISTENT;
+
+ return this->deriveSymmetric(hSession, pMechanism, hBaseKey, pTemplate, ulCount, phKey, keyType, isOnToken, isPrivate);
+ }
+
+ return CKR_MECHANISM_INVALID;
+}
+
+// Seed the random number generator with new data
+CK_RV SoftHSM::C_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pSeed == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the RNG
+ RNG* rng = CryptoFactory::i()->getRNG();
+ if (rng == NULL) return CKR_GENERAL_ERROR;
+
+ // Seed the RNG
+ ByteString seed(pSeed, ulSeedLen);
+ rng->seed(seed);
+
+ return CKR_OK;
+}
+
+// Generate the specified amount of random data
+CK_RV SoftHSM::C_GenerateRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pRandomData == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the RNG
+ RNG* rng = CryptoFactory::i()->getRNG();
+ if (rng == NULL) return CKR_GENERAL_ERROR;
+
+ // Generate random data
+ ByteString randomData;
+ if (!rng->generateRandom(randomData, ulRandomLen)) return CKR_GENERAL_ERROR;
+
+ // Return random data
+ if (ulRandomLen != 0)
+ {
+ memcpy(pRandomData, randomData.byte_str(), ulRandomLen);
+ }
+
+ return CKR_OK;
+}
+
+// Legacy function
+CK_RV SoftHSM::C_GetFunctionStatus(CK_SESSION_HANDLE hSession)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ return CKR_FUNCTION_NOT_PARALLEL;
+}
+
+// Legacy function
+CK_RV SoftHSM::C_CancelFunction(CK_SESSION_HANDLE hSession)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ return CKR_FUNCTION_NOT_PARALLEL;
+}
+
+// Wait or poll for a slot event on the specified slot
+CK_RV SoftHSM::C_WaitForSlotEvent(CK_FLAGS /*flags*/, CK_SLOT_ID_PTR /*pSlot*/, CK_VOID_PTR /*pReserved*/)
+{
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+// Generate an AES secret key
+CK_RV SoftHSM::generateAES
+(CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phKey,
+ CK_BBOOL isOnToken,
+ CK_BBOOL isPrivate)
+{
+ *phKey = CK_INVALID_HANDLE;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL)
+ return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL)
+ return CKR_GENERAL_ERROR;
+
+ // Extract desired parameter information
+ size_t keyLen = 0;
+ bool checkValue = true;
+ for (CK_ULONG i = 0; i < ulCount; i++)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_VALUE_LEN:
+ if (pTemplate[i].ulValueLen != sizeof(CK_ULONG))
+ {
+ INFO_MSG("CKA_VALUE_LEN does not have the size of CK_ULONG");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ keyLen = *(CK_ULONG*)pTemplate[i].pValue;
+ break;
+ case CKA_CHECK_VALUE:
+ if (pTemplate[i].ulValueLen > 0)
+ {
+ INFO_MSG("CKA_CHECK_VALUE must be a no-value (0 length) entry");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ checkValue = false;
+ break;
+ default:
+ break;
+ }
+ }
+
+ // CKA_VALUE_LEN must be specified
+ if (keyLen == 0)
+ {
+ INFO_MSG("Missing CKA_VALUE_LEN in pTemplate");
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+
+ // keyLen must be 16, 24, or 32
+ if (keyLen != 16 && keyLen != 24 && keyLen != 32)
+ {
+ INFO_MSG("bad AES key length");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+
+ // Generate the secret key
+ AESKey* key = new AESKey(keyLen * 8);
+ SymmetricAlgorithm* aes = CryptoFactory::i()->getSymmetricAlgorithm(SymAlgo::AES);
+ if (aes == NULL)
+ {
+ ERROR_MSG("Could not get SymmetricAlgorithm");
+ delete key;
+ return CKR_GENERAL_ERROR;
+ }
+ RNG* rng = CryptoFactory::i()->getRNG();
+ if (rng == NULL)
+ {
+ ERROR_MSG("Could not get RNG");
+ aes->recycleKey(key);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(aes);
+ return CKR_GENERAL_ERROR;
+ }
+ if (!aes->generateKey(*key, rng))
+ {
+ ERROR_MSG("Could not generate AES secret key");
+ aes->recycleKey(key);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(aes);
+ return CKR_GENERAL_ERROR;
+ }
+
+ CK_RV rv = CKR_OK;
+
+ // Create the secret key object using C_CreateObject
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
+ CK_KEY_TYPE keyType = CKK_AES;
+ CK_ATTRIBUTE keyAttribs[maxAttribs] = {
+ { CKA_CLASS, &objClass, sizeof(objClass) },
+ { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
+ { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
+ { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
+ };
+ CK_ULONG keyAttribsCount = 4;
+
+ // Add the additional
+ if (ulCount > (maxAttribs - keyAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ case CKA_CHECK_VALUE:
+ continue;
+ default:
+ keyAttribs[keyAttribsCount++] = pTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession, keyAttribs, keyAttribsCount, phKey,OBJECT_OP_GENERATE);
+
+ // Store the attributes that are being supplied
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+ CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_AES_KEY_GEN;
+ bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+ // Common Secret Key Attributes
+ bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
+ bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
+ bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
+ bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);
+
+ // AES Secret Key Attributes
+ ByteString value;
+ ByteString kcv;
+ if (isPrivate)
+ {
+ token->encrypt(key->getKeyBits(), value);
+ token->encrypt(key->getKeyCheckValue(), kcv);
+ }
+ else
+ {
+ value = key->getKeyBits();
+ kcv = key->getKeyCheckValue();
+ }
+ bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
+ if (checkValue)
+ bOK = bOK && osobject->setAttribute(CKA_CHECK_VALUE, kcv);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+
+ // Clean up
+ aes->recycleKey(key);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(aes);
+
+ // Remove the key that may have been created already when the function fails.
+ if (rv != CKR_OK)
+ {
+ if (*phKey != CK_INVALID_HANDLE)
+ {
+ OSObject* oskey = (OSObject*)handleManager->getObject(*phKey);
+ handleManager->destroyObject(*phKey);
+ if (oskey) oskey->destroyObject();
+ *phKey = CK_INVALID_HANDLE;
+ }
+ }
+
+ return rv;
+}
+
+// Generate a DES secret key
+CK_RV SoftHSM::generateDES
+(CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phKey,
+ CK_BBOOL isOnToken,
+ CK_BBOOL isPrivate)
+{
+ *phKey = CK_INVALID_HANDLE;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL)
+ return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL)
+ return CKR_GENERAL_ERROR;
+
+ // Extract desired parameter information
+ bool checkValue = true;
+ for (CK_ULONG i = 0; i < ulCount; i++)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_CHECK_VALUE:
+ if (pTemplate[i].ulValueLen > 0)
+ {
+ INFO_MSG("CKA_CHECK_VALUE must be a no-value (0 length) entry");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ checkValue = false;
+ break;
+ default:
+ break;
+ }
+ }
+
+ // Generate the secret key
+ DESKey* key = new DESKey(56);
+ SymmetricAlgorithm* des = CryptoFactory::i()->getSymmetricAlgorithm(SymAlgo::DES);
+ if (des == NULL)
+ {
+ ERROR_MSG("Could not get SymmetricAlgorithm");
+ delete key;
+ return CKR_GENERAL_ERROR;
+ }
+ RNG* rng = CryptoFactory::i()->getRNG();
+ if (rng == NULL)
+ {
+ ERROR_MSG("Could not get RNG");
+ des->recycleKey(key);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(des);
+ return CKR_GENERAL_ERROR;
+ }
+ if (!des->generateKey(*key, rng))
+ {
+ ERROR_MSG("Could not generate DES secret key");
+ des->recycleKey(key);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(des);
+ return CKR_GENERAL_ERROR;
+ }
+
+ CK_RV rv = CKR_OK;
+
+ // Create the secret key object using C_CreateObject
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
+ CK_KEY_TYPE keyType = CKK_DES;
+ CK_ATTRIBUTE keyAttribs[maxAttribs] = {
+ { CKA_CLASS, &objClass, sizeof(objClass) },
+ { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
+ { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
+ { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
+ };
+ CK_ULONG keyAttribsCount = 4;
+
+ // Add the additional
+ if (ulCount > (maxAttribs - keyAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ case CKA_CHECK_VALUE:
+ continue;
+ default:
+ keyAttribs[keyAttribsCount++] = pTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession, keyAttribs, keyAttribsCount, phKey,OBJECT_OP_GENERATE);
+
+ // Store the attributes that are being supplied
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+ CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DES_KEY_GEN;
+ bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+ // Common Secret Key Attributes
+ bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
+ bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
+ bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
+ bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);
+
+ // DES Secret Key Attributes
+ ByteString value;
+ ByteString kcv;
+ if (isPrivate)
+ {
+ token->encrypt(key->getKeyBits(), value);
+ token->encrypt(key->getKeyCheckValue(), kcv);
+ }
+ else
+ {
+ value = key->getKeyBits();
+ kcv = key->getKeyCheckValue();
+ }
+ bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
+ if (checkValue)
+ bOK = bOK && osobject->setAttribute(CKA_CHECK_VALUE, kcv);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+
+ // Clean up
+ des->recycleKey(key);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(des);
+
+ // Remove the key that may have been created already when the function fails.
+ if (rv != CKR_OK)
+ {
+ if (*phKey != CK_INVALID_HANDLE)
+ {
+ OSObject* oskey = (OSObject*)handleManager->getObject(*phKey);
+ handleManager->destroyObject(*phKey);
+ if (oskey) oskey->destroyObject();
+ *phKey = CK_INVALID_HANDLE;
+ }
+ }
+
+ return rv;
+}
+
+// Generate a DES2 secret key
+CK_RV SoftHSM::generateDES2
+(CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phKey,
+ CK_BBOOL isOnToken,
+ CK_BBOOL isPrivate)
+{
+ *phKey = CK_INVALID_HANDLE;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL)
+ return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL)
+ return CKR_GENERAL_ERROR;
+
+ // Extract desired parameter information
+ bool checkValue = true;
+ for (CK_ULONG i = 0; i < ulCount; i++)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_CHECK_VALUE:
+ if (pTemplate[i].ulValueLen > 0)
+ {
+ INFO_MSG("CKA_CHECK_VALUE must be a no-value (0 length) entry");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ checkValue = false;
+ break;
+ default:
+ break;
+ }
+ }
+
+ // Generate the secret key
+ DESKey* key = new DESKey(112);
+ SymmetricAlgorithm* des = CryptoFactory::i()->getSymmetricAlgorithm(SymAlgo::DES3);
+ if (des == NULL)
+ {
+ ERROR_MSG("Could not get SymmetricAlgorith");
+ delete key;
+ return CKR_GENERAL_ERROR;
+ }
+ RNG* rng = CryptoFactory::i()->getRNG();
+ if (rng == NULL)
+ {
+ ERROR_MSG("Could not get RNG");
+ des->recycleKey(key);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(des);
+ return CKR_GENERAL_ERROR;
+ }
+ if (!des->generateKey(*key, rng))
+ {
+ ERROR_MSG("Could not generate DES secret key");
+ des->recycleKey(key);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(des);
+ return CKR_GENERAL_ERROR;
+ }
+
+ CK_RV rv = CKR_OK;
+
+ // Create the secret key object using C_CreateObject
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
+ CK_KEY_TYPE keyType = CKK_DES2;
+ CK_ATTRIBUTE keyAttribs[maxAttribs] = {
+ { CKA_CLASS, &objClass, sizeof(objClass) },
+ { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
+ { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
+ { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
+ };
+ CK_ULONG keyAttribsCount = 4;
+
+ // Add the additional
+ if (ulCount > (maxAttribs - keyAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ case CKA_CHECK_VALUE:
+ continue;
+ default:
+ keyAttribs[keyAttribsCount++] = pTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession, keyAttribs, keyAttribsCount, phKey,OBJECT_OP_GENERATE);
+
+ // Store the attributes that are being supplied
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+ CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DES2_KEY_GEN;
+ bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+ // Common Secret Key Attributes
+ bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
+ bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
+ bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
+ bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);
+
+ // DES Secret Key Attributes
+ ByteString value;
+ ByteString kcv;
+ if (isPrivate)
+ {
+ token->encrypt(key->getKeyBits(), value);
+ token->encrypt(key->getKeyCheckValue(), kcv);
+ }
+ else
+ {
+ value = key->getKeyBits();
+ kcv = key->getKeyCheckValue();
+ }
+ bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
+ if (checkValue)
+ bOK = bOK && osobject->setAttribute(CKA_CHECK_VALUE, kcv);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+
+ // Clean up
+ des->recycleKey(key);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(des);
+
+ // Remove the key that may have been created already when the function fails.
+ if (rv != CKR_OK)
+ {
+ if (*phKey != CK_INVALID_HANDLE)
+ {
+ OSObject* oskey = (OSObject*)handleManager->getObject(*phKey);
+ handleManager->destroyObject(*phKey);
+ if (oskey) oskey->destroyObject();
+ *phKey = CK_INVALID_HANDLE;
+ }
+ }
+
+ return rv;
+}
+
+// Generate a DES3 secret key
+CK_RV SoftHSM::generateDES3
+(CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phKey,
+ CK_BBOOL isOnToken,
+ CK_BBOOL isPrivate)
+{
+ *phKey = CK_INVALID_HANDLE;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL)
+ return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL)
+ return CKR_GENERAL_ERROR;
+
+ // Extract desired parameter information
+ bool checkValue = true;
+ for (CK_ULONG i = 0; i < ulCount; i++)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_CHECK_VALUE:
+ if (pTemplate[i].ulValueLen > 0)
+ {
+ INFO_MSG("CKA_CHECK_VALUE must be a no-value (0 length) entry");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ checkValue = false;
+ break;
+ default:
+ break;
+ }
+ }
+
+ // Generate the secret key
+ DESKey* key = new DESKey(168);
+ SymmetricAlgorithm* des = CryptoFactory::i()->getSymmetricAlgorithm(SymAlgo::DES3);
+ if (des == NULL)
+ {
+ ERROR_MSG("Could not get SymmetricAlgorithm");
+ delete key;
+ return CKR_GENERAL_ERROR;
+ }
+ RNG* rng = CryptoFactory::i()->getRNG();
+ if (rng == NULL)
+ {
+ ERROR_MSG("Could not get RNG");
+ des->recycleKey(key);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(des);
+ return CKR_GENERAL_ERROR;
+ }
+ if (!des->generateKey(*key, rng))
+ {
+ ERROR_MSG("Could not generate DES secret key");
+ des->recycleKey(key);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(des);
+ return CKR_GENERAL_ERROR;
+ }
+
+ CK_RV rv = CKR_OK;
+
+ // Create the secret key object using C_CreateObject
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
+ CK_KEY_TYPE keyType = CKK_DES3;
+ CK_ATTRIBUTE keyAttribs[maxAttribs] = {
+ { CKA_CLASS, &objClass, sizeof(objClass) },
+ { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
+ { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
+ { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
+ };
+ CK_ULONG keyAttribsCount = 4;
+
+ // Add the additional
+ if (ulCount > (maxAttribs - keyAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ case CKA_CHECK_VALUE:
+ continue;
+ default:
+ keyAttribs[keyAttribsCount++] = pTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession, keyAttribs, keyAttribsCount, phKey,OBJECT_OP_GENERATE);
+
+ // Store the attributes that are being supplied
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+ CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DES3_KEY_GEN;
+ bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+ // Common Secret Key Attributes
+ bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
+ bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
+ bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
+ bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);
+
+ // DES Secret Key Attributes
+ ByteString value;
+ ByteString kcv;
+ if (isPrivate)
+ {
+ token->encrypt(key->getKeyBits(), value);
+ token->encrypt(key->getKeyCheckValue(), kcv);
+ }
+ else
+ {
+ value = key->getKeyBits();
+ kcv = key->getKeyCheckValue();
+ }
+ bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
+ if (checkValue)
+ bOK = bOK && osobject->setAttribute(CKA_CHECK_VALUE, kcv);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+
+ // Clean up
+ des->recycleKey(key);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(des);
+
+ // Remove the key that may have been created already when the function fails.
+ if (rv != CKR_OK)
+ {
+ if (*phKey != CK_INVALID_HANDLE)
+ {
+ OSObject* oskey = (OSObject*)handleManager->getObject(*phKey);
+ handleManager->destroyObject(*phKey);
+ if (oskey) oskey->destroyObject();
+ *phKey = CK_INVALID_HANDLE;
+ }
+ }
+
+ return rv;
+}
+
+// Generate an RSA key pair
+CK_RV SoftHSM::generateRSA
+(CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+ CK_ULONG ulPublicKeyAttributeCount,
+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+ CK_ULONG ulPrivateKeyAttributeCount,
+ CK_OBJECT_HANDLE_PTR phPublicKey,
+ CK_OBJECT_HANDLE_PTR phPrivateKey,
+ CK_BBOOL isPublicKeyOnToken,
+ CK_BBOOL isPublicKeyPrivate,
+ CK_BBOOL isPrivateKeyOnToken,
+ CK_BBOOL isPrivateKeyPrivate
+)
+{
+ *phPublicKey = CK_INVALID_HANDLE;
+ *phPrivateKey = CK_INVALID_HANDLE;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL)
+ return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL)
+ return CKR_GENERAL_ERROR;
+
+ // Extract desired key information: bitlen and public exponent
+ size_t bitLen = 0;
+ ByteString exponent("010001");
+ for (CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++)
+ {
+ switch (pPublicKeyTemplate[i].type)
+ {
+ case CKA_MODULUS_BITS:
+ if (pPublicKeyTemplate[i].ulValueLen != sizeof(CK_ULONG))
+ {
+ INFO_MSG("CKA_MODULUS_BITS does not have the size of CK_ULONG");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ bitLen = *(CK_ULONG*)pPublicKeyTemplate[i].pValue;
+ break;
+ case CKA_PUBLIC_EXPONENT:
+ exponent = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
+ break;
+ default:
+ break;
+ }
+ }
+
+ // CKA_MODULUS_BITS must be specified to be able to generate a key pair.
+ if (bitLen == 0) {
+ INFO_MSG("Missing CKA_MODULUS_BITS in pPublicKeyTemplate");
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+
+ // Set the parameters
+ RSAParameters p;
+ p.setE(exponent);
+ p.setBitLength(bitLen);
+
+ // Generate key pair
+ AsymmetricKeyPair* kp = NULL;
+ AsymmetricAlgorithm* rsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::RSA);
+ if (rsa == NULL)
+ return CKR_GENERAL_ERROR;
+ if (!rsa->generateKeyPair(&kp, &p))
+ {
+ ERROR_MSG("Could not generate key pair");
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(rsa);
+ return CKR_GENERAL_ERROR;
+ }
+
+ RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
+ RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
+
+ CK_RV rv = CKR_OK;
+
+ // Create a public key using C_CreateObject
+ if (rv == CKR_OK)
+ {
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS publicKeyClass = CKO_PUBLIC_KEY;
+ CK_KEY_TYPE publicKeyType = CKK_RSA;
+ CK_ATTRIBUTE publicKeyAttribs[maxAttribs] = {
+ { CKA_CLASS, &publicKeyClass, sizeof(publicKeyClass) },
+ { CKA_TOKEN, &isPublicKeyOnToken, sizeof(isPublicKeyOnToken) },
+ { CKA_PRIVATE, &isPublicKeyPrivate, sizeof(isPublicKeyPrivate) },
+ { CKA_KEY_TYPE, &publicKeyType, sizeof(publicKeyType) },
+ };
+ CK_ULONG publicKeyAttribsCount = 4;
+
+ // Add the additional
+ if (ulPublicKeyAttributeCount > (maxAttribs - publicKeyAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulPublicKeyAttributeCount && rv == CKR_OK; ++i)
+ {
+ switch (pPublicKeyTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ case CKA_PUBLIC_EXPONENT:
+ continue;
+ default:
+ publicKeyAttribs[publicKeyAttribsCount++] = pPublicKeyTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession,publicKeyAttribs,publicKeyAttribsCount,phPublicKey,OBJECT_OP_GENERATE);
+
+ // Store the attributes that are being supplied by the key generation to the object
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phPublicKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Key Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+ CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_RSA_PKCS_KEY_PAIR_GEN;
+ bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+ // RSA Public Key Attributes
+ ByteString modulus;
+ ByteString publicExponent;
+ if (isPublicKeyPrivate)
+ {
+ token->encrypt(pub->getN(), modulus);
+ token->encrypt(pub->getE(), publicExponent);
+ }
+ else
+ {
+ modulus = pub->getN();
+ publicExponent = pub->getE();
+ }
+ bOK = bOK && osobject->setAttribute(CKA_MODULUS, modulus);
+ bOK = bOK && osobject->setAttribute(CKA_PUBLIC_EXPONENT, publicExponent);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+ }
+
+ // Create a private key using C_CreateObject
+ if (rv == CKR_OK)
+ {
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY;
+ CK_KEY_TYPE privateKeyType = CKK_RSA;
+ CK_ATTRIBUTE privateKeyAttribs[maxAttribs] = {
+ { CKA_CLASS, &privateKeyClass, sizeof(privateKeyClass) },
+ { CKA_TOKEN, &isPrivateKeyOnToken, sizeof(isPrivateKeyOnToken) },
+ { CKA_PRIVATE, &isPrivateKeyPrivate, sizeof(isPrivateKeyPrivate) },
+ { CKA_KEY_TYPE, &privateKeyType, sizeof(privateKeyType) },
+ };
+ CK_ULONG privateKeyAttribsCount = 4;
+ if (ulPrivateKeyAttributeCount > (maxAttribs - privateKeyAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulPrivateKeyAttributeCount && rv == CKR_OK; ++i)
+ {
+ switch (pPrivateKeyTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ continue;
+ default:
+ privateKeyAttribs[privateKeyAttribsCount++] = pPrivateKeyTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession,privateKeyAttribs,privateKeyAttribsCount,phPrivateKey,OBJECT_OP_GENERATE);
+
+ // Store the attributes that are being supplied by the key generation to the object
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phPrivateKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Key Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+ CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_RSA_PKCS_KEY_PAIR_GEN;
+ bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+ // Common Private Key Attributes
+ bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
+ bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
+ bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
+ bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);
+
+ // RSA Private Key Attributes
+ ByteString modulus;
+ ByteString publicExponent;
+ ByteString privateExponent;
+ ByteString prime1;
+ ByteString prime2;
+ ByteString exponent1;
+ ByteString exponent2;
+ ByteString coefficient;
+ if (isPrivateKeyPrivate)
+ {
+ token->encrypt(priv->getN(), modulus);
+ token->encrypt(priv->getE(), publicExponent);
+ token->encrypt(priv->getD(), privateExponent);
+ token->encrypt(priv->getP(), prime1);
+ token->encrypt(priv->getQ(), prime2);
+ token->encrypt(priv->getDP1(), exponent1);
+ token->encrypt(priv->getDQ1(), exponent2);
+ token->encrypt(priv->getPQ(), coefficient);
+ }
+ else
+ {
+ modulus = priv->getN();
+ publicExponent = priv->getE();
+ privateExponent = priv->getD();
+ prime1 = priv->getP();
+ prime2 = priv->getQ();
+ exponent1 = priv->getDP1();
+ exponent2 = priv->getDQ1();
+ coefficient = priv->getPQ();
+ }
+ bOK = bOK && osobject->setAttribute(CKA_MODULUS, modulus);
+ bOK = bOK && osobject->setAttribute(CKA_PUBLIC_EXPONENT, publicExponent);
+ bOK = bOK && osobject->setAttribute(CKA_PRIVATE_EXPONENT, privateExponent);
+ bOK = bOK && osobject->setAttribute(CKA_PRIME_1, prime1);
+ bOK = bOK && osobject->setAttribute(CKA_PRIME_2, prime2);
+ bOK = bOK && osobject->setAttribute(CKA_EXPONENT_1,exponent1);
+ bOK = bOK && osobject->setAttribute(CKA_EXPONENT_2, exponent2);
+ bOK = bOK && osobject->setAttribute(CKA_COEFFICIENT, coefficient);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+ }
+
+ // Clean up
+ rsa->recycleKeyPair(kp);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(rsa);
+
+ // Remove keys that may have been created already when the function fails.
+ if (rv != CKR_OK)
+ {
+ if (*phPrivateKey != CK_INVALID_HANDLE)
+ {
+ OSObject* ospriv = (OSObject*)handleManager->getObject(*phPrivateKey);
+ handleManager->destroyObject(*phPrivateKey);
+ if (ospriv) ospriv->destroyObject();
+ *phPrivateKey = CK_INVALID_HANDLE;
+ }
+
+ if (*phPublicKey != CK_INVALID_HANDLE)
+ {
+ OSObject* ospub = (OSObject*)handleManager->getObject(*phPublicKey);
+ handleManager->destroyObject(*phPublicKey);
+ if (ospub) ospub->destroyObject();
+ *phPublicKey = CK_INVALID_HANDLE;
+ }
+ }
+
+ return rv;
+}
+
+// Generate a DSA key pair
+CK_RV SoftHSM::generateDSA
+(CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+ CK_ULONG ulPublicKeyAttributeCount,
+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+ CK_ULONG ulPrivateKeyAttributeCount,
+ CK_OBJECT_HANDLE_PTR phPublicKey,
+ CK_OBJECT_HANDLE_PTR phPrivateKey,
+ CK_BBOOL isPublicKeyOnToken,
+ CK_BBOOL isPublicKeyPrivate,
+ CK_BBOOL isPrivateKeyOnToken,
+ CK_BBOOL isPrivateKeyPrivate)
+{
+ *phPublicKey = CK_INVALID_HANDLE;
+ *phPrivateKey = CK_INVALID_HANDLE;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL)
+ return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL)
+ return CKR_GENERAL_ERROR;
+
+ // Extract desired key information
+ ByteString prime;
+ ByteString subprime;
+ ByteString generator;
+ for (CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++)
+ {
+ switch (pPublicKeyTemplate[i].type)
+ {
+ case CKA_PRIME:
+ prime = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
+ break;
+ case CKA_SUBPRIME:
+ subprime = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
+ break;
+ case CKA_BASE:
+ generator = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
+ break;
+ default:
+ break;
+ }
+ }
+
+ // The parameters must be specified to be able to generate a key pair.
+ if (prime.size() == 0 || subprime.size() == 0 || generator.size() == 0) {
+ INFO_MSG("Missing parameter(s) in pPublicKeyTemplate");
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+
+ // Set the parameters
+ DSAParameters p;
+ p.setP(prime);
+ p.setQ(subprime);
+ p.setG(generator);
+
+ // Generate key pair
+ AsymmetricKeyPair* kp = NULL;
+ AsymmetricAlgorithm* dsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DSA);
+ if (dsa == NULL) return CKR_GENERAL_ERROR;
+ if (!dsa->generateKeyPair(&kp, &p))
+ {
+ ERROR_MSG("Could not generate key pair");
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dsa);
+ return CKR_GENERAL_ERROR;
+ }
+
+ DSAPublicKey* pub = (DSAPublicKey*) kp->getPublicKey();
+ DSAPrivateKey* priv = (DSAPrivateKey*) kp->getPrivateKey();
+
+ CK_RV rv = CKR_OK;
+
+ // Create a public key using C_CreateObject
+ if (rv == CKR_OK)
+ {
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS publicKeyClass = CKO_PUBLIC_KEY;
+ CK_KEY_TYPE publicKeyType = CKK_DSA;
+ CK_ATTRIBUTE publicKeyAttribs[maxAttribs] = {
+ { CKA_CLASS, &publicKeyClass, sizeof(publicKeyClass) },
+ { CKA_TOKEN, &isPublicKeyOnToken, sizeof(isPublicKeyOnToken) },
+ { CKA_PRIVATE, &isPublicKeyPrivate, sizeof(isPublicKeyPrivate) },
+ { CKA_KEY_TYPE, &publicKeyType, sizeof(publicKeyType) },
+ };
+ CK_ULONG publicKeyAttribsCount = 4;
+
+ // Add the additional
+ if (ulPublicKeyAttributeCount > (maxAttribs - publicKeyAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulPublicKeyAttributeCount && rv == CKR_OK; ++i)
+ {
+ switch (pPublicKeyTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ continue;
+ default:
+ publicKeyAttribs[publicKeyAttribsCount++] = pPublicKeyTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession,publicKeyAttribs,publicKeyAttribsCount,phPublicKey,OBJECT_OP_GENERATE);
+
+ // Store the attributes that are being supplied by the key generation to the object
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phPublicKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Key Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+ CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DSA_KEY_PAIR_GEN;
+ bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+ // DSA Public Key Attributes
+ ByteString value;
+ if (isPublicKeyPrivate)
+ {
+ token->encrypt(pub->getY(), value);
+ }
+ else
+ {
+ value = pub->getY();
+ }
+ bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+ }
+
+ // Create a private key using C_CreateObject
+ if (rv == CKR_OK)
+ {
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY;
+ CK_KEY_TYPE privateKeyType = CKK_DSA;
+ CK_ATTRIBUTE privateKeyAttribs[maxAttribs] = {
+ { CKA_CLASS, &privateKeyClass, sizeof(privateKeyClass) },
+ { CKA_TOKEN, &isPrivateKeyOnToken, sizeof(isPrivateKeyOnToken) },
+ { CKA_PRIVATE, &isPrivateKeyPrivate, sizeof(isPrivateKeyPrivate) },
+ { CKA_KEY_TYPE, &privateKeyType, sizeof(privateKeyType) },
+ };
+ CK_ULONG privateKeyAttribsCount = 4;
+ if (ulPrivateKeyAttributeCount > (maxAttribs - privateKeyAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulPrivateKeyAttributeCount && rv == CKR_OK; ++i)
+ {
+ switch (pPrivateKeyTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ continue;
+ default:
+ privateKeyAttribs[privateKeyAttribsCount++] = pPrivateKeyTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession,privateKeyAttribs,privateKeyAttribsCount,phPrivateKey,OBJECT_OP_GENERATE);
+
+ // Store the attributes that are being supplied by the key generation to the object
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phPrivateKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Key Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+ CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DSA_KEY_PAIR_GEN;
+ bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+ // Common Private Key Attributes
+ bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
+ bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
+ bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
+ bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);
+
+ // DSA Private Key Attributes
+ ByteString bPrime;
+ ByteString bSubprime;
+ ByteString bGenerator;
+ ByteString bValue;
+ if (isPrivateKeyPrivate)
+ {
+ token->encrypt(priv->getP(), bPrime);
+ token->encrypt(priv->getQ(), bSubprime);
+ token->encrypt(priv->getG(), bGenerator);
+ token->encrypt(priv->getX(), bValue);
+ }
+ else
+ {
+ bPrime = priv->getP();
+ bSubprime = priv->getQ();
+ bGenerator = priv->getG();
+ bValue = priv->getX();
+ }
+ bOK = bOK && osobject->setAttribute(CKA_PRIME, bPrime);
+ bOK = bOK && osobject->setAttribute(CKA_SUBPRIME, bSubprime);
+ bOK = bOK && osobject->setAttribute(CKA_BASE, bGenerator);
+ bOK = bOK && osobject->setAttribute(CKA_VALUE, bValue);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+ }
+
+ // Clean up
+ dsa->recycleKeyPair(kp);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dsa);
+
+ // Remove keys that may have been created already when the function fails.
+ if (rv != CKR_OK)
+ {
+ if (*phPrivateKey != CK_INVALID_HANDLE)
+ {
+ OSObject* ospriv = (OSObject*)handleManager->getObject(*phPrivateKey);
+ handleManager->destroyObject(*phPrivateKey);
+ if (ospriv) ospriv->destroyObject();
+ *phPrivateKey = CK_INVALID_HANDLE;
+ }
+
+ if (*phPublicKey != CK_INVALID_HANDLE)
+ {
+ OSObject* ospub = (OSObject*)handleManager->getObject(*phPublicKey);
+ handleManager->destroyObject(*phPublicKey);
+ if (ospub) ospub->destroyObject();
+ *phPublicKey = CK_INVALID_HANDLE;
+ }
+ }
+
+ return rv;
+}
+
+// Generate a DSA domain parameter set
+CK_RV SoftHSM::generateDSAParameters
+(CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phKey,
+ CK_BBOOL isOnToken,
+ CK_BBOOL isPrivate)
+{
+ *phKey = CK_INVALID_HANDLE;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL)
+ return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL)
+ return CKR_GENERAL_ERROR;
+
+ // Extract desired parameter information
+ size_t bitLen = 0;
+ size_t qLen = 0;
+ for (CK_ULONG i = 0; i < ulCount; i++)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_PRIME_BITS:
+ if (pTemplate[i].ulValueLen != sizeof(CK_ULONG))
+ {
+ INFO_MSG("CKA_PRIME_BITS does not have the size of CK_ULONG");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ bitLen = *(CK_ULONG*)pTemplate[i].pValue;
+ break;
+ case CKA_SUBPRIME_BITS:
+ if (pTemplate[i].ulValueLen != sizeof(CK_ULONG))
+ {
+ INFO_MSG("CKA_SUBPRIME_BITS does not have the size of CK_ULONG");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ qLen = *(CK_ULONG*)pTemplate[i].pValue;
+ break;
+ default:
+ break;
+ }
+ }
+
+ // CKA_PRIME_BITS must be specified
+ if (bitLen == 0)
+ {
+ INFO_MSG("Missing CKA_PRIME_BITS in pTemplate");
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+
+ // No real choice for CKA_SUBPRIME_BITS
+ if ((qLen != 0) &&
+ (((bitLen >= 2048) && (qLen != 256)) ||
+ ((bitLen < 2048) && (qLen != 160))))
+ INFO_MSG("CKA_SUBPRIME_BITS is ignored");
+
+
+ // Generate domain parameters
+ AsymmetricParameters* p = NULL;
+ AsymmetricAlgorithm* dsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DSA);
+ if (dsa == NULL) return CKR_GENERAL_ERROR;
+ if (!dsa->generateParameters(&p, (void *)bitLen))
+ {
+ ERROR_MSG("Could not generate parameters");
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dsa);
+ return CKR_GENERAL_ERROR;
+ }
+
+ DSAParameters* params = (DSAParameters*) p;
+
+ CK_RV rv = CKR_OK;
+
+ // Create the domain parameter object using C_CreateObject
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS objClass = CKO_DOMAIN_PARAMETERS;
+ CK_KEY_TYPE keyType = CKK_DSA;
+ CK_ATTRIBUTE paramsAttribs[maxAttribs] = {
+ { CKA_CLASS, &objClass, sizeof(objClass) },
+ { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
+ { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
+ { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
+ };
+ CK_ULONG paramsAttribsCount = 4;
+
+ // Add the additional
+ if (ulCount > (maxAttribs - paramsAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ continue;
+ default:
+ paramsAttribs[paramsAttribsCount++] = pTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession, paramsAttribs, paramsAttribsCount, phKey,OBJECT_OP_GENERATE);
+
+ // Store the attributes that are being supplied
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+ CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DSA_PARAMETER_GEN;
+ bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+ // DSA Domain Parameters Attributes
+ ByteString prime;
+ ByteString subprime;
+ ByteString generator;
+ if (isPrivate)
+ {
+ token->encrypt(params->getP(), prime);
+ token->encrypt(params->getQ(), subprime);
+ token->encrypt(params->getG(), generator);
+ }
+ else
+ {
+ prime = params->getP();
+ subprime = params->getQ();
+ generator = params->getG();
+ }
+ bOK = bOK && osobject->setAttribute(CKA_PRIME, prime);
+ bOK = bOK && osobject->setAttribute(CKA_SUBPRIME, subprime);
+ bOK = bOK && osobject->setAttribute(CKA_BASE, generator);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+
+ // Clean up
+ dsa->recycleParameters(p);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dsa);
+
+ // Remove parameters that may have been created already when the function fails.
+ if (rv != CKR_OK)
+ {
+ if (*phKey != CK_INVALID_HANDLE)
+ {
+ OSObject* osparams = (OSObject*)handleManager->getObject(*phKey);
+ handleManager->destroyObject(*phKey);
+ if (osparams) osparams->destroyObject();
+ *phKey = CK_INVALID_HANDLE;
+ }
+ }
+
+ return rv;
+}
+
+// Generate an EC key pair
+CK_RV SoftHSM::generateEC
+(CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+ CK_ULONG ulPublicKeyAttributeCount,
+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+ CK_ULONG ulPrivateKeyAttributeCount,
+ CK_OBJECT_HANDLE_PTR phPublicKey,
+ CK_OBJECT_HANDLE_PTR phPrivateKey,
+ CK_BBOOL isPublicKeyOnToken,
+ CK_BBOOL isPublicKeyPrivate,
+ CK_BBOOL isPrivateKeyOnToken,
+ CK_BBOOL isPrivateKeyPrivate)
+{
+ *phPublicKey = CK_INVALID_HANDLE;
+ *phPrivateKey = CK_INVALID_HANDLE;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL)
+ return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL)
+ return CKR_GENERAL_ERROR;
+
+ // Extract desired key information
+ ByteString params;
+ for (CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++)
+ {
+ switch (pPublicKeyTemplate[i].type)
+ {
+ case CKA_EC_PARAMS:
+ params = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
+ break;
+ default:
+ break;
+ }
+ }
+
+ // The parameters must be specified to be able to generate a key pair.
+ if (params.size() == 0) {
+ INFO_MSG("Missing parameter(s) in pPublicKeyTemplate");
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+
+ // Set the parameters
+ ECParameters p;
+ p.setEC(params);
+
+ // Generate key pair
+ AsymmetricKeyPair* kp = NULL;
+ AsymmetricAlgorithm* ec = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::ECDSA);
+ if (ec == NULL) return CKR_GENERAL_ERROR;
+ if (!ec->generateKeyPair(&kp, &p))
+ {
+ ERROR_MSG("Could not generate key pair");
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(ec);
+ return CKR_GENERAL_ERROR;
+ }
+
+ ECPublicKey* pub = (ECPublicKey*) kp->getPublicKey();
+ ECPrivateKey* priv = (ECPrivateKey*) kp->getPrivateKey();
+
+ CK_RV rv = CKR_OK;
+
+ // Create a public key using C_CreateObject
+ if (rv == CKR_OK)
+ {
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS publicKeyClass = CKO_PUBLIC_KEY;
+ CK_KEY_TYPE publicKeyType = CKK_EC;
+ CK_ATTRIBUTE publicKeyAttribs[maxAttribs] = {
+ { CKA_CLASS, &publicKeyClass, sizeof(publicKeyClass) },
+ { CKA_TOKEN, &isPublicKeyOnToken, sizeof(isPublicKeyOnToken) },
+ { CKA_PRIVATE, &isPublicKeyPrivate, sizeof(isPublicKeyPrivate) },
+ { CKA_KEY_TYPE, &publicKeyType, sizeof(publicKeyType) },
+ };
+ CK_ULONG publicKeyAttribsCount = 4;
+
+ // Add the additional
+ if (ulPublicKeyAttributeCount > (maxAttribs - publicKeyAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulPublicKeyAttributeCount && rv == CKR_OK; ++i)
+ {
+ switch (pPublicKeyTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ continue;
+ default:
+ publicKeyAttribs[publicKeyAttribsCount++] = pPublicKeyTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession,publicKeyAttribs,publicKeyAttribsCount,phPublicKey,OBJECT_OP_GENERATE);
+
+ // Store the attributes that are being supplied by the key generation to the object
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phPublicKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Key Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+ CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_EC_KEY_PAIR_GEN;
+ bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+ // EC Public Key Attributes
+ ByteString point;
+ if (isPublicKeyPrivate)
+ {
+ token->encrypt(pub->getQ(), point);
+ }
+ else
+ {
+ point = pub->getQ();
+ }
+ bOK = bOK && osobject->setAttribute(CKA_EC_POINT, point);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+ }
+
+ // Create a private key using C_CreateObject
+ if (rv == CKR_OK)
+ {
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY;
+ CK_KEY_TYPE privateKeyType = CKK_EC;
+ CK_ATTRIBUTE privateKeyAttribs[maxAttribs] = {
+ { CKA_CLASS, &privateKeyClass, sizeof(privateKeyClass) },
+ { CKA_TOKEN, &isPrivateKeyOnToken, sizeof(isPrivateKeyOnToken) },
+ { CKA_PRIVATE, &isPrivateKeyPrivate, sizeof(isPrivateKeyPrivate) },
+ { CKA_KEY_TYPE, &privateKeyType, sizeof(privateKeyType) },
+ };
+ CK_ULONG privateKeyAttribsCount = 4;
+ if (ulPrivateKeyAttributeCount > (maxAttribs - privateKeyAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulPrivateKeyAttributeCount && rv == CKR_OK; ++i)
+ {
+ switch (pPrivateKeyTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ continue;
+ default:
+ privateKeyAttribs[privateKeyAttribsCount++] = pPrivateKeyTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession,privateKeyAttribs,privateKeyAttribsCount,phPrivateKey,OBJECT_OP_GENERATE);
+
+ // Store the attributes that are being supplied by the key generation to the object
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phPrivateKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Key Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+ CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_EC_KEY_PAIR_GEN;
+ bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+ // Common Private Key Attributes
+ bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
+ bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
+ bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
+ bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);
+
+ // EC Private Key Attributes
+ ByteString group;
+ ByteString value;
+ if (isPrivateKeyPrivate)
+ {
+ token->encrypt(priv->getEC(), group);
+ token->encrypt(priv->getD(), value);
+ }
+ else
+ {
+ group = priv->getEC();
+ value = priv->getD();
+ }
+ bOK = bOK && osobject->setAttribute(CKA_EC_PARAMS, group);
+ bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+ }
+
+ // Clean up
+ ec->recycleKeyPair(kp);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(ec);
+
+ // Remove keys that may have been created already when the function fails.
+ if (rv != CKR_OK)
+ {
+ if (*phPrivateKey != CK_INVALID_HANDLE)
+ {
+ OSObject* ospriv = (OSObject*)handleManager->getObject(*phPrivateKey);
+ handleManager->destroyObject(*phPrivateKey);
+ if (ospriv) ospriv->destroyObject();
+ *phPrivateKey = CK_INVALID_HANDLE;
+ }
+
+ if (*phPublicKey != CK_INVALID_HANDLE)
+ {
+ OSObject* ospub = (OSObject*)handleManager->getObject(*phPublicKey);
+ handleManager->destroyObject(*phPublicKey);
+ if (ospub) ospub->destroyObject();
+ *phPublicKey = CK_INVALID_HANDLE;
+ }
+ }
+
+ return rv;
+}
+
+// Generate a DH key pair
+CK_RV SoftHSM::generateDH
+(CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+ CK_ULONG ulPublicKeyAttributeCount,
+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+ CK_ULONG ulPrivateKeyAttributeCount,
+ CK_OBJECT_HANDLE_PTR phPublicKey,
+ CK_OBJECT_HANDLE_PTR phPrivateKey,
+ CK_BBOOL isPublicKeyOnToken,
+ CK_BBOOL isPublicKeyPrivate,
+ CK_BBOOL isPrivateKeyOnToken,
+ CK_BBOOL isPrivateKeyPrivate)
+{
+ *phPublicKey = CK_INVALID_HANDLE;
+ *phPrivateKey = CK_INVALID_HANDLE;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL)
+ return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL)
+ return CKR_GENERAL_ERROR;
+
+ // Extract desired key information
+ ByteString prime;
+ ByteString generator;
+ for (CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++)
+ {
+ switch (pPublicKeyTemplate[i].type)
+ {
+ case CKA_PRIME:
+ prime = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
+ break;
+ case CKA_BASE:
+ generator = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
+ break;
+ default:
+ break;
+ }
+ }
+
+ // The parameters must be specified to be able to generate a key pair.
+ if (prime.size() == 0 || generator.size() == 0) {
+ INFO_MSG("Missing parameter(s) in pPublicKeyTemplate");
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+
+ // Extract optional bit length
+ size_t bitLen = 0;
+ for (CK_ULONG i = 0; i < ulPrivateKeyAttributeCount; i++)
+ {
+ switch (pPrivateKeyTemplate[i].type)
+ {
+ case CKA_VALUE_BITS:
+ bitLen = *(CK_ULONG*)pPrivateKeyTemplate[i].pValue;
+ break;
+ default:
+ break;
+ }
+ }
+
+ // Set the parameters
+ DHParameters p;
+ p.setP(prime);
+ p.setG(generator);
+ p.setXBitLength(bitLen);
+
+ // Generate key pair
+ AsymmetricKeyPair* kp = NULL;
+ AsymmetricAlgorithm* dh = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DH);
+ if (dh == NULL) return CKR_GENERAL_ERROR;
+ if (!dh->generateKeyPair(&kp, &p))
+ {
+ ERROR_MSG("Could not generate key pair");
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
+ return CKR_GENERAL_ERROR;
+ }
+
+ DHPublicKey* pub = (DHPublicKey*) kp->getPublicKey();
+ DHPrivateKey* priv = (DHPrivateKey*) kp->getPrivateKey();
+
+ CK_RV rv = CKR_OK;
+
+ // Create a public key using C_CreateObject
+ if (rv == CKR_OK)
+ {
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS publicKeyClass = CKO_PUBLIC_KEY;
+ CK_KEY_TYPE publicKeyType = CKK_DH;
+ CK_ATTRIBUTE publicKeyAttribs[maxAttribs] = {
+ { CKA_CLASS, &publicKeyClass, sizeof(publicKeyClass) },
+ { CKA_TOKEN, &isPublicKeyOnToken, sizeof(isPublicKeyOnToken) },
+ { CKA_PRIVATE, &isPublicKeyPrivate, sizeof(isPublicKeyPrivate) },
+ { CKA_KEY_TYPE, &publicKeyType, sizeof(publicKeyType) },
+ };
+ CK_ULONG publicKeyAttribsCount = 4;
+
+ // Add the additional
+ if (ulPublicKeyAttributeCount > (maxAttribs - publicKeyAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulPublicKeyAttributeCount && rv == CKR_OK; ++i)
+ {
+ switch (pPublicKeyTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ continue;
+ default:
+ publicKeyAttribs[publicKeyAttribsCount++] = pPublicKeyTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession,publicKeyAttribs,publicKeyAttribsCount,phPublicKey,OBJECT_OP_GENERATE);
+
+ // Store the attributes that are being supplied by the key generation to the object
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phPublicKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Key Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+ CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DH_PKCS_KEY_PAIR_GEN;
+ bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+ // DH Public Key Attributes
+ ByteString value;
+ if (isPublicKeyPrivate)
+ {
+ token->encrypt(pub->getY(), value);
+ }
+ else
+ {
+ value = pub->getY();
+ }
+ bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+ }
+
+ // Create a private key using C_CreateObject
+ if (rv == CKR_OK)
+ {
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY;
+ CK_KEY_TYPE privateKeyType = CKK_DH;
+ CK_ATTRIBUTE privateKeyAttribs[maxAttribs] = {
+ { CKA_CLASS, &privateKeyClass, sizeof(privateKeyClass) },
+ { CKA_TOKEN, &isPrivateKeyOnToken, sizeof(isPrivateKeyOnToken) },
+ { CKA_PRIVATE, &isPrivateKeyPrivate, sizeof(isPrivateKeyPrivate) },
+ { CKA_KEY_TYPE, &privateKeyType, sizeof(privateKeyType) },
+ };
+ CK_ULONG privateKeyAttribsCount = 4;
+ if (ulPrivateKeyAttributeCount > (maxAttribs - privateKeyAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulPrivateKeyAttributeCount && rv == CKR_OK; ++i)
+ {
+ switch (pPrivateKeyTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ continue;
+ default:
+ privateKeyAttribs[privateKeyAttribsCount++] = pPrivateKeyTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession,privateKeyAttribs,privateKeyAttribsCount,phPrivateKey,OBJECT_OP_GENERATE);
+
+ // Store the attributes that are being supplied by the key generation to the object
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phPrivateKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Key Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+ CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DH_PKCS_KEY_PAIR_GEN;
+ bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+ // Common Private Key Attributes
+ bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
+ bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
+ bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
+ bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);
+
+ // DH Private Key Attributes
+ ByteString bPrime;
+ ByteString bGenerator;
+ ByteString bValue;
+ if (isPrivateKeyPrivate)
+ {
+ token->encrypt(priv->getP(), bPrime);
+ token->encrypt(priv->getG(), bGenerator);
+ token->encrypt(priv->getX(), bValue);
+ }
+ else
+ {
+ bPrime = priv->getP();
+ bGenerator = priv->getG();
+ bValue = priv->getX();
+ }
+ bOK = bOK && osobject->setAttribute(CKA_PRIME, bPrime);
+ bOK = bOK && osobject->setAttribute(CKA_BASE, bGenerator);
+ bOK = bOK && osobject->setAttribute(CKA_VALUE, bValue);
+
+ if (bitLen == 0)
+ {
+ bOK = bOK && osobject->setAttribute(CKA_VALUE_BITS, (unsigned long)priv->getX().bits());
+ }
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+ }
+
+ // Clean up
+ dh->recycleKeyPair(kp);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
+
+ // Remove keys that may have been created already when the function fails.
+ if (rv != CKR_OK)
+ {
+ if (*phPrivateKey != CK_INVALID_HANDLE)
+ {
+ OSObject* ospriv = (OSObject*)handleManager->getObject(*phPrivateKey);
+ handleManager->destroyObject(*phPrivateKey);
+ if (ospriv) ospriv->destroyObject();
+ *phPrivateKey = CK_INVALID_HANDLE;
+ }
+
+ if (*phPublicKey != CK_INVALID_HANDLE)
+ {
+ OSObject* ospub = (OSObject*)handleManager->getObject(*phPublicKey);
+ handleManager->destroyObject(*phPublicKey);
+ if (ospub) ospub->destroyObject();
+ *phPublicKey = CK_INVALID_HANDLE;
+ }
+ }
+
+ return rv;
+}
+
+// Generate a DH domain parameter set
+CK_RV SoftHSM::generateDHParameters
+(CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phKey,
+ CK_BBOOL isOnToken,
+ CK_BBOOL isPrivate)
+{
+ *phKey = CK_INVALID_HANDLE;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL)
+ return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL)
+ return CKR_GENERAL_ERROR;
+
+ // Extract desired parameter information
+ size_t bitLen = 0;
+ for (CK_ULONG i = 0; i < ulCount; i++)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_PRIME_BITS:
+ if (pTemplate[i].ulValueLen != sizeof(CK_ULONG))
+ {
+ INFO_MSG("CKA_PRIME_BITS does not have the size of CK_ULONG");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ bitLen = *(CK_ULONG*)pTemplate[i].pValue;
+ break;
+ default:
+ break;
+ }
+ }
+
+ // CKA_PRIME_BITS must be specified
+ if (bitLen == 0)
+ {
+ INFO_MSG("Missing CKA_PRIME_BITS in pTemplate");
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+
+ // Generate domain parameters
+ AsymmetricParameters* p = NULL;
+ AsymmetricAlgorithm* dh = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DH);
+ if (dh == NULL) return CKR_GENERAL_ERROR;
+ if (!dh->generateParameters(&p, (void *)bitLen))
+ {
+ ERROR_MSG("Could not generate parameters");
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
+ return CKR_GENERAL_ERROR;
+ }
+
+ DHParameters* params = (DHParameters*) p;
+
+ CK_RV rv = CKR_OK;
+
+ // Create the domain parameter object using C_CreateObject
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS objClass = CKO_DOMAIN_PARAMETERS;
+ CK_KEY_TYPE keyType = CKK_DH;
+ CK_ATTRIBUTE paramsAttribs[maxAttribs] = {
+ { CKA_CLASS, &objClass, sizeof(objClass) },
+ { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
+ { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
+ { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
+ };
+ CK_ULONG paramsAttribsCount = 4;
+
+ // Add the additional
+ if (ulCount > (maxAttribs - paramsAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ continue;
+ default:
+ paramsAttribs[paramsAttribsCount++] = pTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession, paramsAttribs, paramsAttribsCount, phKey,OBJECT_OP_GENERATE);
+
+ // Store the attributes that are being supplied
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+ CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DH_PKCS_PARAMETER_GEN;
+ bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+ // DH Domain Parameters Attributes
+ ByteString prime;
+ ByteString generator;
+ if (isPrivate)
+ {
+ token->encrypt(params->getP(), prime);
+ token->encrypt(params->getG(), generator);
+ }
+ else
+ {
+ prime = params->getP();
+ generator = params->getG();
+ }
+ bOK = bOK && osobject->setAttribute(CKA_PRIME, prime);
+ bOK = bOK && osobject->setAttribute(CKA_BASE, generator);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+
+ // Clean up
+ dh->recycleParameters(p);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
+
+ // Remove parameters that may have been created already when the function fails.
+ if (rv != CKR_OK)
+ {
+ if (*phKey != CK_INVALID_HANDLE)
+ {
+ OSObject* osparams = (OSObject*)handleManager->getObject(*phKey);
+ handleManager->destroyObject(*phKey);
+ if (osparams) osparams->destroyObject();
+ *phKey = CK_INVALID_HANDLE;
+ }
+ }
+
+ return rv;
+}
+
+// Generate a GOST key pair
+CK_RV SoftHSM::generateGOST
+(CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+ CK_ULONG ulPublicKeyAttributeCount,
+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+ CK_ULONG ulPrivateKeyAttributeCount,
+ CK_OBJECT_HANDLE_PTR phPublicKey,
+ CK_OBJECT_HANDLE_PTR phPrivateKey,
+ CK_BBOOL isPublicKeyOnToken,
+ CK_BBOOL isPublicKeyPrivate,
+ CK_BBOOL isPrivateKeyOnToken,
+ CK_BBOOL isPrivateKeyPrivate)
+{
+ *phPublicKey = CK_INVALID_HANDLE;
+ *phPrivateKey = CK_INVALID_HANDLE;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL)
+ return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL)
+ return CKR_GENERAL_ERROR;
+
+ // Extract desired key information
+ ByteString param_3410;
+ ByteString param_3411;
+ ByteString param_28147;
+ for (CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++)
+ {
+ switch (pPublicKeyTemplate[i].type)
+ {
+ case CKA_GOSTR3410_PARAMS:
+ param_3410 = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
+ break;
+ case CKA_GOSTR3411_PARAMS:
+ param_3411 = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
+ break;
+ case CKA_GOST28147_PARAMS:
+ param_28147 = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
+ break;
+ default:
+ break;
+ }
+ }
+
+ // The parameters must be specified to be able to generate a key pair.
+ if (param_3410.size() == 0 || param_3411.size() == 0) {
+ INFO_MSG("Missing parameter(s) in pPublicKeyTemplate");
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+
+ // Set the parameters
+ ECParameters p;
+ p.setEC(param_3410);
+
+ // Generate key pair
+ AsymmetricKeyPair* kp = NULL;
+ AsymmetricAlgorithm* gost = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::GOST);
+ if (gost == NULL) return CKR_GENERAL_ERROR;
+ if (!gost->generateKeyPair(&kp, &p))
+ {
+ ERROR_MSG("Could not generate key pair");
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(gost);
+ return CKR_GENERAL_ERROR;
+ }
+
+ GOSTPublicKey* pub = (GOSTPublicKey*) kp->getPublicKey();
+ GOSTPrivateKey* priv = (GOSTPrivateKey*) kp->getPrivateKey();
+
+ CK_RV rv = CKR_OK;
+
+ // Create a public key using C_CreateObject
+ if (rv == CKR_OK)
+ {
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS publicKeyClass = CKO_PUBLIC_KEY;
+ CK_KEY_TYPE publicKeyType = CKK_GOSTR3410;
+ CK_ATTRIBUTE publicKeyAttribs[maxAttribs] = {
+ { CKA_CLASS, &publicKeyClass, sizeof(publicKeyClass) },
+ { CKA_TOKEN, &isPublicKeyOnToken, sizeof(isPublicKeyOnToken) },
+ { CKA_PRIVATE, &isPublicKeyPrivate, sizeof(isPublicKeyPrivate) },
+ { CKA_KEY_TYPE, &publicKeyType, sizeof(publicKeyType) },
+ };
+ CK_ULONG publicKeyAttribsCount = 4;
+
+ // Add the additional
+ if (ulPublicKeyAttributeCount > (maxAttribs - publicKeyAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulPublicKeyAttributeCount && rv == CKR_OK; ++i)
+ {
+ switch (pPublicKeyTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ continue;
+ default:
+ publicKeyAttribs[publicKeyAttribsCount++] = pPublicKeyTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession,publicKeyAttribs,publicKeyAttribsCount,phPublicKey,OBJECT_OP_GENERATE);
+
+ // Store the attributes that are being supplied by the key generation to the object
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phPublicKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Key Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+ CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_EC_KEY_PAIR_GEN;
+ bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+ // EC Public Key Attributes
+ ByteString point;
+ if (isPublicKeyPrivate)
+ {
+ token->encrypt(pub->getQ(), point);
+ }
+ else
+ {
+ point = pub->getQ();
+ }
+ bOK = bOK && osobject->setAttribute(CKA_VALUE, point);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+ }
+
+ // Create a private key using C_CreateObject
+ if (rv == CKR_OK)
+ {
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY;
+ CK_KEY_TYPE privateKeyType = CKK_GOSTR3410;
+ CK_ATTRIBUTE privateKeyAttribs[maxAttribs] = {
+ { CKA_CLASS, &privateKeyClass, sizeof(privateKeyClass) },
+ { CKA_TOKEN, &isPrivateKeyOnToken, sizeof(isPrivateKeyOnToken) },
+ { CKA_PRIVATE, &isPrivateKeyPrivate, sizeof(isPrivateKeyPrivate) },
+ { CKA_KEY_TYPE, &privateKeyType, sizeof(privateKeyType) },
+ };
+ CK_ULONG privateKeyAttribsCount = 4;
+ if (ulPrivateKeyAttributeCount > (maxAttribs - privateKeyAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulPrivateKeyAttributeCount && rv == CKR_OK; ++i)
+ {
+ switch (pPrivateKeyTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ continue;
+ default:
+ privateKeyAttribs[privateKeyAttribsCount++] = pPrivateKeyTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession,privateKeyAttribs,privateKeyAttribsCount,phPrivateKey,OBJECT_OP_GENERATE);
+
+ // Store the attributes that are being supplied by the key generation to the object
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phPrivateKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Key Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+ CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_EC_KEY_PAIR_GEN;
+ bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+ // Common Private Key Attributes
+ bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
+ bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
+ bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
+ bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);
+
+ // GOST Private Key Attributes
+ ByteString value;
+ ByteString param_a;
+ ByteString param_b;
+ ByteString param_c;
+ if (isPrivateKeyPrivate)
+ {
+ token->encrypt(priv->getD(), value);
+ token->encrypt(priv->getEC(), param_a);
+ token->encrypt(param_3411, param_b);
+ token->encrypt(param_28147, param_c);
+ }
+ else
+ {
+ value = priv->getD();
+ param_a = priv->getEC();
+ param_b = param_3411;
+ param_c = param_28147;
+ }
+ bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
+ bOK = bOK && osobject->setAttribute(CKA_GOSTR3410_PARAMS, param_a);
+ bOK = bOK && osobject->setAttribute(CKA_GOSTR3411_PARAMS, param_b);
+ bOK = bOK && osobject->setAttribute(CKA_GOST28147_PARAMS, param_c);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+ }
+
+ // Clean up
+ gost->recycleKeyPair(kp);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(gost);
+
+ // Remove keys that may have been created already when the function fails.
+ if (rv != CKR_OK)
+ {
+ if (*phPrivateKey != CK_INVALID_HANDLE)
+ {
+ OSObject* ospriv = (OSObject*)handleManager->getObject(*phPrivateKey);
+ handleManager->destroyObject(*phPrivateKey);
+ if (ospriv) ospriv->destroyObject();
+ *phPrivateKey = CK_INVALID_HANDLE;
+ }
+
+ if (*phPublicKey != CK_INVALID_HANDLE)
+ {
+ OSObject* ospub = (OSObject*)handleManager->getObject(*phPublicKey);
+ handleManager->destroyObject(*phPublicKey);
+ if (ospub) ospub->destroyObject();
+ *phPublicKey = CK_INVALID_HANDLE;
+ }
+ }
+
+ return rv;
+}
+
+// Derive a DH secret
+CK_RV SoftHSM::deriveDH
+(CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hBaseKey,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phKey,
+ CK_KEY_TYPE keyType,
+ CK_BBOOL isOnToken,
+ CK_BBOOL isPrivate)
+{
+ *phKey = CK_INVALID_HANDLE;
+
+ if (pMechanism->pParameter == NULL_PTR) return CKR_MECHANISM_PARAM_INVALID;
+ if (pMechanism->ulParameterLen == 0) return CKR_MECHANISM_PARAM_INVALID;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL)
+ return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL)
+ return CKR_GENERAL_ERROR;
+
+ // Extract desired parameter information
+ size_t byteLen = 0;
+ bool checkValue = true;
+ for (CK_ULONG i = 0; i < ulCount; i++)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_VALUE:
+ INFO_MSG("CKA_VALUE must not be included");
+ return CKR_ATTRIBUTE_READ_ONLY;
+ case CKA_VALUE_LEN:
+ if (pTemplate[i].ulValueLen != sizeof(CK_ULONG))
+ {
+ INFO_MSG("CKA_VALUE_LEN does not have the size of CK_ULONG");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ byteLen = *(CK_ULONG*)pTemplate[i].pValue;
+ break;
+ case CKA_CHECK_VALUE:
+ if (pTemplate[i].ulValueLen > 0)
+ {
+ INFO_MSG("CKA_CHECK_VALUE must be a no-value (0 length) entry");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ checkValue = false;
+ break;
+ default:
+ break;
+ }
+ }
+
+ // Check the length
+ switch (keyType)
+ {
+ case CKK_GENERIC_SECRET:
+ if (byteLen == 0)
+ {
+ INFO_MSG("CKA_VALUE_LEN must be set");
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+ break;
+#ifndef WITH_FIPS
+ case CKK_DES:
+ if (byteLen != 0)
+ {
+ INFO_MSG("CKA_VALUE_LEN must not be set");
+ return CKR_ATTRIBUTE_READ_ONLY;
+ }
+ byteLen = 8;
+ break;
+#endif
+ case CKK_DES2:
+ if (byteLen != 0)
+ {
+ INFO_MSG("CKA_VALUE_LEN must not be set");
+ return CKR_ATTRIBUTE_READ_ONLY;
+ }
+ byteLen = 16;
+ break;
+ case CKK_DES3:
+ if (byteLen != 0)
+ {
+ INFO_MSG("CKA_VALUE_LEN must not be set");
+ return CKR_ATTRIBUTE_READ_ONLY;
+ }
+ byteLen = 24;
+ break;
+ case CKK_AES:
+ if (byteLen != 16 && byteLen != 24 && byteLen != 32)
+ {
+ INFO_MSG("CKA_VALUE_LEN must be 16, 24, or 32");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ break;
+ default:
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+
+ // Get the base key handle
+ OSObject *baseKey = (OSObject *)handleManager->getObject(hBaseKey);
+ if (baseKey == NULL || !baseKey->isValid())
+ return CKR_KEY_HANDLE_INVALID;
+
+ // Get the DH algorithm handler
+ AsymmetricAlgorithm* dh = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DH);
+ if (dh == NULL)
+ return CKR_MECHANISM_INVALID;
+
+ // Get the keys
+ PrivateKey* privateKey = dh->newPrivateKey();
+ if (privateKey == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
+ return CKR_HOST_MEMORY;
+ }
+ if (getDHPrivateKey((DHPrivateKey*)privateKey, token, baseKey) != CKR_OK)
+ {
+ dh->recyclePrivateKey(privateKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
+ return CKR_GENERAL_ERROR;
+ }
+
+ ByteString mechParameters;
+ mechParameters.resize(pMechanism->ulParameterLen);
+ memcpy(&mechParameters[0], pMechanism->pParameter, pMechanism->ulParameterLen);
+ PublicKey* publicKey = dh->newPublicKey();
+ if (publicKey == NULL)
+ {
+ dh->recyclePrivateKey(privateKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
+ return CKR_HOST_MEMORY;
+ }
+ if (getDHPublicKey((DHPublicKey*)publicKey, (DHPrivateKey*)privateKey, mechParameters) != CKR_OK)
+ {
+ dh->recyclePrivateKey(privateKey);
+ dh->recyclePublicKey(publicKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Derive the secret
+ SymmetricKey* secret = NULL;
+ CK_RV rv = CKR_OK;
+ if (!dh->deriveKey(&secret, publicKey, privateKey))
+ rv = CKR_GENERAL_ERROR;
+ dh->recyclePrivateKey(privateKey);
+ dh->recyclePublicKey(publicKey);
+
+ // Create the secret object using C_CreateObject
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
+ CK_ATTRIBUTE secretAttribs[maxAttribs] = {
+ { CKA_CLASS, &objClass, sizeof(objClass) },
+ { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
+ { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
+ { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
+ };
+ CK_ULONG secretAttribsCount = 4;
+
+ // Add the additional
+ if (ulCount > (maxAttribs - secretAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ case CKA_CHECK_VALUE:
+ continue;
+ default:
+ secretAttribs[secretAttribsCount++] = pTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession, secretAttribs, secretAttribsCount, phKey, OBJECT_OP_DERIVE);
+
+ // Store the attributes that are being supplied
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,false);
+
+ // Common Secret Key Attributes
+ if (baseKey->getBooleanValue(CKA_ALWAYS_SENSITIVE, false))
+ {
+ bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
+ bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
+ }
+ else
+ {
+ bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,false);
+ }
+ if (baseKey->getBooleanValue(CKA_NEVER_EXTRACTABLE, true))
+ {
+ bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
+ bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE,bNeverExtractable);
+ }
+ else
+ {
+ bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE,false);
+ }
+
+ // Secret Attributes
+ ByteString secretValue = secret->getKeyBits();
+ ByteString value;
+ ByteString plainKCV;
+ ByteString kcv;
+
+ if (byteLen > secretValue.size())
+ {
+ INFO_MSG("The derived secret is too short");
+ bOK = false;
+ }
+ else
+ {
+ // Truncate value when requested, remove from the leading end
+ if (byteLen < secretValue.size())
+ secretValue.split(secretValue.size() - byteLen);
+
+ // Fix the odd parity for DES
+ if (keyType == CKK_DES ||
+ keyType == CKK_DES2 ||
+ keyType == CKK_DES3)
+ {
+ for (size_t i = 0; i < secretValue.size(); i++)
+ {
+ secretValue[i] = odd_parity[secretValue[i]];
+ }
+ }
+
+ // Get the KCV
+ switch (keyType)
+ {
+ case CKK_GENERIC_SECRET:
+ secret->setBitLen(byteLen * 8);
+ plainKCV = secret->getKeyCheckValue();
+ break;
+ case CKK_DES:
+ case CKK_DES2:
+ case CKK_DES3:
+ secret->setBitLen(byteLen * 7);
+ plainKCV = ((DESKey*)secret)->getKeyCheckValue();
+ break;
+ case CKK_AES:
+ secret->setBitLen(byteLen * 8);
+ plainKCV = ((AESKey*)secret)->getKeyCheckValue();
+ break;
+ default:
+ bOK = false;
+ break;
+ }
+
+ if (isPrivate)
+ {
+ token->encrypt(secretValue, value);
+ token->encrypt(plainKCV, kcv);
+ }
+ else
+ {
+ value = secretValue;
+ kcv = plainKCV;
+ }
+ }
+ bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
+ if (checkValue)
+ bOK = bOK && osobject->setAttribute(CKA_CHECK_VALUE, kcv);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+
+ // Clean up
+ dh->recycleSymmetricKey(secret);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
+
+ // Remove secret that may have been created already when the function fails.
+ if (rv != CKR_OK)
+ {
+ if (*phKey != CK_INVALID_HANDLE)
+ {
+ OSObject* ossecret = (OSObject*)handleManager->getObject(*phKey);
+ handleManager->destroyObject(*phKey);
+ if (ossecret) ossecret->destroyObject();
+ *phKey = CK_INVALID_HANDLE;
+ }
+ }
+
+ return rv;
+}
+
+// Derive an ECDH secret
+CK_RV SoftHSM::deriveECDH
+(CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hBaseKey,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phKey,
+ CK_KEY_TYPE keyType,
+ CK_BBOOL isOnToken,
+ CK_BBOOL isPrivate)
+{
+#ifdef WITH_ECC
+ *phKey = CK_INVALID_HANDLE;
+
+ if ((pMechanism->pParameter == NULL_PTR) ||
+ (pMechanism->ulParameterLen != sizeof(CK_ECDH1_DERIVE_PARAMS)))
+ {
+ DEBUG_MSG("pParameter must be of type CK_ECDH1_DERIVE_PARAMS");
+ return CKR_MECHANISM_PARAM_INVALID;
+ }
+ if (CK_ECDH1_DERIVE_PARAMS_PTR(pMechanism->pParameter)->kdf != CKD_NULL)
+ {
+ DEBUG_MSG("kdf must be CKD_NULL");
+ return CKR_MECHANISM_PARAM_INVALID;
+ }
+ if ((CK_ECDH1_DERIVE_PARAMS_PTR(pMechanism->pParameter)->ulSharedDataLen != 0) ||
+ (CK_ECDH1_DERIVE_PARAMS_PTR(pMechanism->pParameter)->pSharedData != NULL_PTR))
+ {
+ DEBUG_MSG("there must be no shared data");
+ return CKR_MECHANISM_PARAM_INVALID;
+ }
+ if ((CK_ECDH1_DERIVE_PARAMS_PTR(pMechanism->pParameter)->ulPublicDataLen == 0) ||
+ (CK_ECDH1_DERIVE_PARAMS_PTR(pMechanism->pParameter)->pPublicData == NULL_PTR))
+ {
+ DEBUG_MSG("there must be a public data");
+ return CKR_MECHANISM_PARAM_INVALID;
+ }
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL)
+ return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL)
+ return CKR_GENERAL_ERROR;
+
+ // Extract desired parameter information
+ size_t byteLen = 0;
+ bool checkValue = true;
+ for (CK_ULONG i = 0; i < ulCount; i++)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_VALUE:
+ INFO_MSG("CKA_VALUE must not be included");
+ return CKR_ATTRIBUTE_READ_ONLY;
+ case CKA_VALUE_LEN:
+ if (pTemplate[i].ulValueLen != sizeof(CK_ULONG))
+ {
+ INFO_MSG("CKA_VALUE_LEN does not have the size of CK_ULONG");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ byteLen = *(CK_ULONG*)pTemplate[i].pValue;
+ break;
+ case CKA_CHECK_VALUE:
+ if (pTemplate[i].ulValueLen > 0)
+ {
+ INFO_MSG("CKA_CHECK_VALUE must be a no-value (0 length) entry");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ checkValue = false;
+ break;
+ default:
+ break;
+ }
+ }
+
+ // Check the length
+ // byteLen == 0 impiles return max size the ECC can derive
+ switch (keyType)
+ {
+ case CKK_GENERIC_SECRET:
+ break;
+#ifndef WITH_FIPS
+ case CKK_DES:
+ if (byteLen != 0 && byteLen != 8)
+ {
+ INFO_MSG("CKA_VALUE_LEN must be 0 or 8");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ byteLen = 8;
+ break;
+#endif
+ case CKK_DES2:
+ if (byteLen != 0 && byteLen != 16)
+ {
+ INFO_MSG("CKA_VALUE_LEN must be 0 or 16");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ byteLen = 16;
+ break;
+ case CKK_DES3:
+ if (byteLen != 0 && byteLen != 24)
+ {
+ INFO_MSG("CKA_VALUE_LEN must be 0 or 24");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ byteLen = 24;
+ break;
+ case CKK_AES:
+ if (byteLen != 0 && byteLen != 16 && byteLen != 24 && byteLen != 32)
+ {
+ INFO_MSG("CKA_VALUE_LEN must be 0, 16, 24, or 32");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ break;
+ default:
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+
+ // Get the base key handle
+ OSObject *baseKey = (OSObject *)handleManager->getObject(hBaseKey);
+ if (baseKey == NULL || !baseKey->isValid())
+ return CKR_KEY_HANDLE_INVALID;
+
+ // Get the ECDH algorithm handler
+ AsymmetricAlgorithm* ecdh = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::ECDH);
+ if (ecdh == NULL)
+ return CKR_MECHANISM_INVALID;
+
+ // Get the keys
+ PrivateKey* privateKey = ecdh->newPrivateKey();
+ if (privateKey == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(ecdh);
+ return CKR_HOST_MEMORY;
+ }
+ if (getECPrivateKey((ECPrivateKey*)privateKey, token, baseKey) != CKR_OK)
+ {
+ ecdh->recyclePrivateKey(privateKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(ecdh);
+ return CKR_GENERAL_ERROR;
+ }
+
+ ByteString publicData;
+ publicData.resize(CK_ECDH1_DERIVE_PARAMS_PTR(pMechanism->pParameter)->ulPublicDataLen);
+ memcpy(&publicData[0],
+ CK_ECDH1_DERIVE_PARAMS_PTR(pMechanism->pParameter)->pPublicData,
+ CK_ECDH1_DERIVE_PARAMS_PTR(pMechanism->pParameter)->ulPublicDataLen);
+ PublicKey* publicKey = ecdh->newPublicKey();
+ if (publicKey == NULL)
+ {
+ ecdh->recyclePrivateKey(privateKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(ecdh);
+ return CKR_HOST_MEMORY;
+ }
+ if (getECDHPublicKey((ECPublicKey*)publicKey, (ECPrivateKey*)privateKey, publicData) != CKR_OK)
+ {
+ ecdh->recyclePrivateKey(privateKey);
+ ecdh->recyclePublicKey(publicKey);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(ecdh);
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Derive the secret
+ SymmetricKey* secret = NULL;
+ CK_RV rv = CKR_OK;
+ if (!ecdh->deriveKey(&secret, publicKey, privateKey))
+ rv = CKR_GENERAL_ERROR;
+ ecdh->recyclePrivateKey(privateKey);
+ ecdh->recyclePublicKey(publicKey);
+
+ // Create the secret object using C_CreateObject
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
+ CK_ATTRIBUTE secretAttribs[maxAttribs] = {
+ { CKA_CLASS, &objClass, sizeof(objClass) },
+ { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
+ { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
+ { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
+ };
+ CK_ULONG secretAttribsCount = 4;
+
+ // Add the additional
+ if (ulCount > (maxAttribs - secretAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ case CKA_CHECK_VALUE:
+ continue;
+ default:
+ secretAttribs[secretAttribsCount++] = pTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession, secretAttribs, secretAttribsCount, phKey, OBJECT_OP_DERIVE);
+
+ // Store the attributes that are being supplied
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,false);
+
+ // Common Secret Key Attributes
+ if (baseKey->getBooleanValue(CKA_ALWAYS_SENSITIVE, false))
+ {
+ bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
+ bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
+ }
+ else
+ {
+ bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,false);
+ }
+ if (baseKey->getBooleanValue(CKA_NEVER_EXTRACTABLE, true))
+ {
+ bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
+ bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE,bNeverExtractable);
+ }
+ else
+ {
+ bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE,false);
+ }
+
+ // Secret Attributes
+ ByteString secretValue = secret->getKeyBits();
+ ByteString value;
+ ByteString plainKCV;
+ ByteString kcv;
+
+ // For generic and AES keys:
+ // default to return max size available.
+ if (byteLen == 0)
+ {
+ switch (keyType)
+ {
+ case CKK_GENERIC_SECRET:
+ byteLen = secretValue.size();
+ break;
+ case CKK_AES:
+ if (secretValue.size() >= 32)
+ byteLen = 32;
+ else if (secretValue.size() >= 24)
+ byteLen = 24;
+ else
+ byteLen = 16;
+ }
+ }
+
+ if (byteLen > secretValue.size())
+ {
+ INFO_MSG("The derived secret is too short");
+ bOK = false;
+ }
+ else
+ {
+ // Truncate value when requested, remove from the leading end
+ if (byteLen < secretValue.size())
+ secretValue.split(secretValue.size() - byteLen);
+
+ // Fix the odd parity for DES
+ if (keyType == CKK_DES ||
+ keyType == CKK_DES2 ||
+ keyType == CKK_DES3)
+ {
+ for (size_t i = 0; i < secretValue.size(); i++)
+ {
+ secretValue[i] = odd_parity[secretValue[i]];
+ }
+ }
+
+ // Get the KCV
+ switch (keyType)
+ {
+ case CKK_GENERIC_SECRET:
+ secret->setBitLen(byteLen * 8);
+ plainKCV = secret->getKeyCheckValue();
+ break;
+ case CKK_DES:
+ case CKK_DES2:
+ case CKK_DES3:
+ secret->setBitLen(byteLen * 7);
+ plainKCV = ((DESKey*)secret)->getKeyCheckValue();
+ break;
+ case CKK_AES:
+ secret->setBitLen(byteLen * 8);
+ plainKCV = ((AESKey*)secret)->getKeyCheckValue();
+ break;
+ default:
+ bOK = false;
+ break;
+ }
+
+ if (isPrivate)
+ {
+ token->encrypt(secretValue, value);
+ token->encrypt(plainKCV, kcv);
+ }
+ else
+ {
+ value = secretValue;
+ kcv = plainKCV;
+ }
+ }
+ bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
+ if (checkValue)
+ bOK = bOK && osobject->setAttribute(CKA_CHECK_VALUE, kcv);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+
+ // Clean up
+ ecdh->recycleSymmetricKey(secret);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(ecdh);
+
+ // Remove secret that may have been created already when the function fails.
+ if (rv != CKR_OK)
+ {
+ if (*phKey != CK_INVALID_HANDLE)
+ {
+ OSObject* ossecret = (OSObject*)handleManager->getObject(*phKey);
+ handleManager->destroyObject(*phKey);
+ if (ossecret) ossecret->destroyObject();
+ *phKey = CK_INVALID_HANDLE;
+ }
+ }
+
+ return rv;
+#else
+ return CKR_MECHANISM_INVALID;
+#endif
+}
+
+// Derive an symmetric secret
+CK_RV SoftHSM::deriveSymmetric
+(CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hBaseKey,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phKey,
+ CK_KEY_TYPE keyType,
+ CK_BBOOL isOnToken,
+ CK_BBOOL isPrivate)
+{
+ *phKey = CK_INVALID_HANDLE;
+
+ if (pMechanism->pParameter == NULL_PTR)
+ {
+ DEBUG_MSG("pParameter must be supplied");
+ return CKR_MECHANISM_PARAM_INVALID;
+ }
+
+ ByteString data;
+
+ if ((pMechanism->mechanism == CKM_DES_ECB_ENCRYPT_DATA ||
+ pMechanism->mechanism == CKM_DES3_ECB_ENCRYPT_DATA) &&
+ pMechanism->ulParameterLen == sizeof(CK_KEY_DERIVATION_STRING_DATA))
+ {
+ CK_BYTE_PTR pData = CK_KEY_DERIVATION_STRING_DATA_PTR(pMechanism->pParameter)->pData;
+ CK_ULONG ulLen = CK_KEY_DERIVATION_STRING_DATA_PTR(pMechanism->pParameter)->ulLen;
+ if (ulLen == 0 || pData == NULL_PTR)
+ {
+ DEBUG_MSG("There must be data in the parameter");
+ return CKR_MECHANISM_PARAM_INVALID;
+ }
+ if (ulLen % 8 != 0)
+ {
+ DEBUG_MSG("The data must be a multiple of 8 bytes long");
+ return CKR_MECHANISM_PARAM_INVALID;
+ }
+ data.resize(ulLen);
+ memcpy(&data[0],
+ pData,
+ ulLen);
+ }
+ else if ((pMechanism->mechanism == CKM_DES_CBC_ENCRYPT_DATA ||
+ pMechanism->mechanism == CKM_DES3_CBC_ENCRYPT_DATA) &&
+ pMechanism->ulParameterLen == sizeof(CK_DES_CBC_ENCRYPT_DATA_PARAMS))
+ {
+ CK_BYTE_PTR pData = CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR(pMechanism->pParameter)->pData;
+ CK_ULONG length = CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR(pMechanism->pParameter)->length;
+ if (length == 0 || pData == NULL_PTR)
+ {
+ DEBUG_MSG("There must be data in the parameter");
+ return CKR_MECHANISM_PARAM_INVALID;
+ }
+ if (length % 8 != 0)
+ {
+ DEBUG_MSG("The data must be a multiple of 8 bytes long");
+ return CKR_MECHANISM_PARAM_INVALID;
+ }
+ data.resize(length);
+ memcpy(&data[0],
+ pData,
+ length);
+ }
+ else if (pMechanism->mechanism == CKM_AES_ECB_ENCRYPT_DATA &&
+ pMechanism->ulParameterLen == sizeof(CK_KEY_DERIVATION_STRING_DATA))
+ {
+ CK_BYTE_PTR pData = CK_KEY_DERIVATION_STRING_DATA_PTR(pMechanism->pParameter)->pData;
+ CK_ULONG ulLen = CK_KEY_DERIVATION_STRING_DATA_PTR(pMechanism->pParameter)->ulLen;
+ if (ulLen == 0 || pData == NULL_PTR)
+ {
+ DEBUG_MSG("There must be data in the parameter");
+ return CKR_MECHANISM_PARAM_INVALID;
+ }
+ if (ulLen % 16 != 0)
+ {
+ DEBUG_MSG("The data must be a multiple of 16 bytes long");
+ return CKR_MECHANISM_PARAM_INVALID;
+ }
+ data.resize(ulLen);
+ memcpy(&data[0],
+ pData,
+ ulLen);
+ }
+ else if ((pMechanism->mechanism == CKM_AES_CBC_ENCRYPT_DATA) &&
+ pMechanism->ulParameterLen == sizeof(CK_AES_CBC_ENCRYPT_DATA_PARAMS))
+ {
+ CK_BYTE_PTR pData = CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR(pMechanism->pParameter)->pData;
+ CK_ULONG length = CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR(pMechanism->pParameter)->length;
+ if (length == 0 || pData == NULL_PTR)
+ {
+ DEBUG_MSG("There must be data in the parameter");
+ return CKR_MECHANISM_PARAM_INVALID;
+ }
+ if (length % 16 != 0)
+ {
+ DEBUG_MSG("The data must be a multiple of 16 bytes long");
+ return CKR_MECHANISM_PARAM_INVALID;
+ }
+ data.resize(length);
+ memcpy(&data[0],
+ pData,
+ length);
+ }
+ else
+ {
+ DEBUG_MSG("pParameter is invalid");
+ return CKR_MECHANISM_PARAM_INVALID;
+ }
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL)
+ return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL)
+ return CKR_GENERAL_ERROR;
+
+ // Extract desired parameter information
+ size_t byteLen = 0;
+ bool checkValue = true;
+ for (CK_ULONG i = 0; i < ulCount; i++)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_VALUE:
+ INFO_MSG("CKA_VALUE must not be included");
+ return CKR_ATTRIBUTE_READ_ONLY;
+ case CKA_VALUE_LEN:
+ if (pTemplate[i].ulValueLen != sizeof(CK_ULONG))
+ {
+ INFO_MSG("CKA_VALUE_LEN does not have the size of CK_ULONG");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ byteLen = *(CK_ULONG*)pTemplate[i].pValue;
+ break;
+ case CKA_CHECK_VALUE:
+ if (pTemplate[i].ulValueLen > 0)
+ {
+ INFO_MSG("CKA_CHECK_VALUE must be a no-value (0 length) entry");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ checkValue = false;
+ break;
+ default:
+ break;
+ }
+ }
+
+ // Check the length
+ switch (keyType)
+ {
+ case CKK_GENERIC_SECRET:
+ if (byteLen == 0)
+ {
+ INFO_MSG("CKA_VALUE_LEN must be set");
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+ break;
+#ifndef WITH_FIPS
+ case CKK_DES:
+ if (byteLen != 0)
+ {
+ INFO_MSG("CKA_VALUE_LEN must not be set");
+ return CKR_ATTRIBUTE_READ_ONLY;
+ }
+ byteLen = 8;
+ break;
+#endif
+ case CKK_DES2:
+ if (byteLen != 0)
+ {
+ INFO_MSG("CKA_VALUE_LEN must not be set");
+ return CKR_ATTRIBUTE_READ_ONLY;
+ }
+ byteLen = 16;
+ break;
+ case CKK_DES3:
+ if (byteLen != 0)
+ {
+ INFO_MSG("CKA_VALUE_LEN must not be set");
+ return CKR_ATTRIBUTE_READ_ONLY;
+ }
+ byteLen = 24;
+ break;
+ case CKK_AES:
+ if (byteLen != 16 && byteLen != 24 && byteLen != 32)
+ {
+ INFO_MSG("CKA_VALUE_LEN must be 16, 24, or 32");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ break;
+ default:
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+
+ // Get the symmetric algorithm matching the mechanism
+ SymAlgo::Type algo = SymAlgo::Unknown;
+ SymMode::Type mode = SymMode::Unknown;
+ bool padding = false;
+ ByteString iv;
+ size_t bb = 8;
+ switch(pMechanism->mechanism) {
+#ifndef WITH_FIPS
+ case CKM_DES_ECB_ENCRYPT_DATA:
+ algo = SymAlgo::DES;
+ mode = SymMode::ECB;
+ bb = 7;
+ break;
+ case CKM_DES_CBC_ENCRYPT_DATA:
+ algo = SymAlgo::DES;
+ mode = SymMode::CBC;
+ bb = 7;
+ iv.resize(8);
+ memcpy(&iv[0],
+ &(CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR(pMechanism->pParameter)->iv[0]),
+ 8);
+ break;
+#endif
+ case CKM_DES3_ECB_ENCRYPT_DATA:
+ algo = SymAlgo::DES3;
+ mode = SymMode::ECB;
+ bb = 7;
+ break;
+ case CKM_DES3_CBC_ENCRYPT_DATA:
+ algo = SymAlgo::DES3;
+ mode = SymMode::CBC;
+ bb = 7;
+ iv.resize(8);
+ memcpy(&iv[0],
+ &(CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR(pMechanism->pParameter)->iv[0]),
+ 8);
+ break;
+ case CKM_AES_ECB_ENCRYPT_DATA:
+ algo = SymAlgo::AES;
+ mode = SymMode::ECB;
+ break;
+ case CKM_AES_CBC_ENCRYPT_DATA:
+ algo = SymAlgo::AES;
+ mode = SymMode::CBC;
+ iv.resize(16);
+ memcpy(&iv[0],
+ &(CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR(pMechanism->pParameter)->iv[0]),
+ 16);
+ break;
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+
+ // Check the key handle
+ OSObject *baseKey = (OSObject *)handleManager->getObject(hBaseKey);
+ if (baseKey == NULL_PTR || !baseKey->isValid()) return CKR_OBJECT_HANDLE_INVALID;
+
+ SymmetricAlgorithm* cipher = CryptoFactory::i()->getSymmetricAlgorithm(algo);
+ if (cipher == NULL) return CKR_MECHANISM_INVALID;
+
+ SymmetricKey* secretkey = new SymmetricKey();
+
+ if (getSymmetricKey(secretkey, token, baseKey) != CKR_OK)
+ {
+ cipher->recycleKey(secretkey);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+ return CKR_GENERAL_ERROR;
+ }
+
+ // adjust key bit length
+ secretkey->setBitLen(secretkey->getKeyBits().size() * bb);
+
+ // Initialize encryption
+ if (!cipher->encryptInit(secretkey, mode, iv, padding))
+ {
+ cipher->recycleKey(secretkey);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+ return CKR_MECHANISM_INVALID;
+ }
+
+ // Get the data
+ ByteString secretValue;
+
+ // Encrypt the data
+ if (!cipher->encryptUpdate(data, secretValue))
+ {
+ cipher->recycleKey(secretkey);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+ return CKR_GENERAL_ERROR;
+ }
+
+ // Finalize encryption
+ ByteString encryptedFinal;
+ if (!cipher->encryptFinal(encryptedFinal))
+ {
+ cipher->recycleKey(secretkey);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+ return CKR_GENERAL_ERROR;
+ }
+ cipher->recycleKey(secretkey);
+ CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+ secretValue += encryptedFinal;
+
+ // Create the secret object using C_CreateObject
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
+ CK_ATTRIBUTE secretAttribs[maxAttribs] = {
+ { CKA_CLASS, &objClass, sizeof(objClass) },
+ { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
+ { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
+ { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
+ };
+ CK_ULONG secretAttribsCount = 4;
+
+ // Add the additional
+ CK_RV rv = CKR_OK;
+ if (ulCount > (maxAttribs - secretAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ case CKA_PRIVATE:
+ case CKA_KEY_TYPE:
+ case CKA_CHECK_VALUE:
+ continue;
+ default:
+ secretAttribs[secretAttribsCount++] = pTemplate[i];
+ }
+ }
+
+ if (rv == CKR_OK)
+ rv = this->CreateObject(hSession, secretAttribs, secretAttribsCount, phKey, OBJECT_OP_DERIVE);
+
+ // Store the attributes that are being supplied
+ if (rv == CKR_OK)
+ {
+ OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
+ if (osobject == NULL_PTR || !osobject->isValid()) {
+ rv = CKR_FUNCTION_FAILED;
+ } else if (osobject->startTransaction()) {
+ bool bOK = true;
+
+ // Common Attributes
+ bOK = bOK && osobject->setAttribute(CKA_LOCAL,false);
+
+ // Common Secret Key Attributes
+ if (baseKey->getBooleanValue(CKA_ALWAYS_SENSITIVE, false))
+ {
+ bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
+ bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
+ }
+ else
+ {
+ bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,false);
+ }
+ if (baseKey->getBooleanValue(CKA_NEVER_EXTRACTABLE, true))
+ {
+ bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
+ bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE,bNeverExtractable);
+ }
+ else
+ {
+ bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE,false);
+ }
+
+ ByteString value;
+ ByteString plainKCV;
+ ByteString kcv;
+
+ if (byteLen > secretValue.size())
+ {
+ INFO_MSG("The derived secret is too short");
+ bOK = false;
+ }
+ else
+ {
+ // Truncate value when requested, remove from the trailing end
+ if (byteLen < secretValue.size())
+ secretValue.resize(byteLen);
+
+ // Fix the odd parity for DES
+ if (keyType == CKK_DES ||
+ keyType == CKK_DES2 ||
+ keyType == CKK_DES3)
+ {
+ for (size_t i = 0; i < secretValue.size(); i++)
+ {
+ secretValue[i] = odd_parity[secretValue[i]];
+ }
+ }
+
+ // Get the KCV
+ SymmetricKey* secret = new SymmetricKey();
+ secret->setKeyBits(secretValue);
+ switch (keyType)
+ {
+ case CKK_GENERIC_SECRET:
+ secret->setBitLen(byteLen * 8);
+ plainKCV = secret->getKeyCheckValue();
+ break;
+ case CKK_DES:
+ case CKK_DES2:
+ case CKK_DES3:
+ secret->setBitLen(byteLen * 7);
+ plainKCV = ((DESKey*)secret)->getKeyCheckValue();
+ break;
+ case CKK_AES:
+ secret->setBitLen(byteLen * 8);
+ plainKCV = ((AESKey*)secret)->getKeyCheckValue();
+ break;
+ default:
+ bOK = false;
+ break;
+ }
+ delete secret;
+
+ if (isPrivate)
+ {
+ token->encrypt(secretValue, value);
+ token->encrypt(plainKCV, kcv);
+ }
+ else
+ {
+ value = secretValue;
+ kcv = plainKCV;
+ }
+ }
+ bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
+ if (checkValue)
+ bOK = bOK && osobject->setAttribute(CKA_CHECK_VALUE, kcv);
+
+ if (bOK)
+ bOK = osobject->commitTransaction();
+ else
+ osobject->abortTransaction();
+
+ if (!bOK)
+ rv = CKR_FUNCTION_FAILED;
+ } else
+ rv = CKR_FUNCTION_FAILED;
+ }
+
+ // Remove secret that may have been created already when the function fails.
+ if (rv != CKR_OK)
+ {
+ if (*phKey != CK_INVALID_HANDLE)
+ {
+ OSObject* ossecret = (OSObject*)handleManager->getObject(*phKey);
+ handleManager->destroyObject(*phKey);
+ if (ossecret) ossecret->destroyObject();
+ *phKey = CK_INVALID_HANDLE;
+ }
+ }
+
+ return rv;
+}
+
+CK_RV SoftHSM::CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject, int op)
+{
+ if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (pTemplate == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ if (phObject == NULL_PTR) return CKR_ARGUMENTS_BAD;
+
+ // Get the session
+ Session* session = (Session*)handleManager->getSession(hSession);
+ if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+
+ // Get the slot
+ Slot* slot = session->getSlot();
+ if (slot == NULL_PTR) return CKR_GENERAL_ERROR;
+
+ // Get the token
+ Token* token = session->getToken();
+ if (token == NULL_PTR) return CKR_GENERAL_ERROR;
+
+ // Extract information from the template that is needed to create the object.
+ CK_OBJECT_CLASS objClass = CKO_DATA;
+ CK_KEY_TYPE keyType = CKK_RSA;
+ CK_CERTIFICATE_TYPE certType = CKC_X_509;
+ CK_BBOOL isOnToken = CK_FALSE;
+ CK_BBOOL isPrivate = CK_TRUE;
+ bool isImplicit = false;
+ CK_RV rv = extractObjectInformation(pTemplate,ulCount,objClass,keyType,certType, isOnToken, isPrivate, isImplicit);
+ if (rv != CKR_OK)
+ {
+ ERROR_MSG("Mandatory attribute not present in template");
+ return rv;
+ }
+
+ // Check user credentials
+ rv = haveWrite(session->getState(), isOnToken, isPrivate);
+ if (rv != CKR_OK)
+ {
+ if (rv == CKR_USER_NOT_LOGGED_IN)
+ INFO_MSG("User is not authorized");
+ if (rv == CKR_SESSION_READ_ONLY)
+ INFO_MSG("Session is read-only");
+
+ return rv;
+ }
+
+ // Change order of attributes
+ const CK_ULONG maxAttribs = 32;
+ CK_ATTRIBUTE attribs[maxAttribs];
+ CK_ATTRIBUTE saveAttribs[maxAttribs];
+ CK_ULONG attribsCount = 0;
+ CK_ULONG saveAttribsCount = 0;
+ if (ulCount > maxAttribs)
+ {
+ return CKR_TEMPLATE_INCONSISTENT;
+ }
+ for (CK_ULONG i=0; i < ulCount; i++)
+ {
+ switch (pTemplate[i].type)
+ {
+ case CKA_CHECK_VALUE:
+ saveAttribs[saveAttribsCount++] = pTemplate[i];
+ break;
+ default:
+ attribs[attribsCount++] = pTemplate[i];
+ }
+ }
+ for (CK_ULONG i=0; i < saveAttribsCount; i++)
+ {
+ attribs[attribsCount++] = saveAttribs[i];
+ }
+
+ P11Object* p11object = NULL;
+ rv = newP11Object(objClass,keyType,certType,&p11object);
+ if (rv != CKR_OK)
+ return rv;
+
+ // Create the object in session or on the token
+ OSObject *object = NULL_PTR;
+ if (isOnToken)
+ {
+ object = (OSObject*) token->createObject();
+ }
+ else
+ {
+ object = sessionObjectStore->createObject(slot->getSlotID(), hSession, isPrivate != CK_FALSE);
+ }
+
+ if (object == NULL || !p11object->init(object))
+ {
+ delete p11object;
+ return CKR_GENERAL_ERROR;
+ }
+
+ rv = p11object->saveTemplate(token, isPrivate != CK_FALSE, attribs,attribsCount,op);
+ delete p11object;
+ if (rv != CKR_OK)
+ return rv;
+
+ if (op == OBJECT_OP_CREATE)
+ {
+ if (objClass == CKO_PUBLIC_KEY &&
+ (!object->startTransaction() ||
+ !object->setAttribute(CKA_LOCAL, false) ||
+ !object->commitTransaction()))
+ {
+ return CKR_GENERAL_ERROR;
+ }
+
+ if ((objClass == CKO_SECRET_KEY || objClass == CKO_PRIVATE_KEY) &&
+ (!object->startTransaction() ||
+ !object->setAttribute(CKA_LOCAL, false) ||
+ !object->setAttribute(CKA_ALWAYS_SENSITIVE, false) ||
+ !object->setAttribute(CKA_NEVER_EXTRACTABLE, false) ||
+ !object->commitTransaction()))
+ {
+ return CKR_GENERAL_ERROR;
+ }
+ }
+
+ if (isOnToken)
+ {
+ *phObject = handleManager->addTokenObject(slot->getSlotID(), isPrivate != CK_FALSE, object);
+ } else {
+ *phObject = handleManager->addSessionObject(slot->getSlotID(), hSession, isPrivate != CK_FALSE, object);
+ }
+
+ return CKR_OK;
+}
+
+CK_RV SoftHSM::getRSAPrivateKey(RSAPrivateKey* privateKey, Token* token, OSObject* key)
+{
+ if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
+ if (token == NULL) return CKR_ARGUMENTS_BAD;
+ if (key == NULL) return CKR_ARGUMENTS_BAD;
+
+ // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
+ bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
+
+ // RSA Private Key Attributes
+ ByteString modulus;
+ ByteString publicExponent;
+ ByteString privateExponent;
+ ByteString prime1;
+ ByteString prime2;
+ ByteString exponent1;
+ ByteString exponent2;
+ ByteString coefficient;
+ if (isKeyPrivate)
+ {
+ bool bOK = true;
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_MODULUS), modulus);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_PUBLIC_EXPONENT), publicExponent);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_PRIVATE_EXPONENT), privateExponent);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_PRIME_1), prime1);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_PRIME_2), prime2);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_EXPONENT_1), exponent1);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_EXPONENT_2), exponent2);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_COEFFICIENT), coefficient);
+ if (!bOK)
+ return CKR_GENERAL_ERROR;
+ }
+ else
+ {
+ modulus = key->getByteStringValue(CKA_MODULUS);
+ publicExponent = key->getByteStringValue(CKA_PUBLIC_EXPONENT);
+ privateExponent = key->getByteStringValue(CKA_PRIVATE_EXPONENT);
+ prime1 = key->getByteStringValue(CKA_PRIME_1);
+ prime2 = key->getByteStringValue(CKA_PRIME_2);
+ exponent1 = key->getByteStringValue(CKA_EXPONENT_1);
+ exponent2 = key->getByteStringValue(CKA_EXPONENT_2);
+ coefficient = key->getByteStringValue(CKA_COEFFICIENT);
+ }
+
+ privateKey->setN(modulus);
+ privateKey->setE(publicExponent);
+ privateKey->setD(privateExponent);
+ privateKey->setP(prime1);
+ privateKey->setQ(prime2);
+ privateKey->setDP1(exponent1);
+ privateKey->setDQ1(exponent2);
+ privateKey->setPQ(coefficient);
+
+ return CKR_OK;
+}
+
+CK_RV SoftHSM::getRSAPublicKey(RSAPublicKey* publicKey, Token* token, OSObject* key)
+{
+ if (publicKey == NULL) return CKR_ARGUMENTS_BAD;
+ if (token == NULL) return CKR_ARGUMENTS_BAD;
+ if (key == NULL) return CKR_ARGUMENTS_BAD;
+
+ // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
+ bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
+
+ // RSA Public Key Attributes
+ ByteString modulus;
+ ByteString publicExponent;
+ if (isKeyPrivate)
+ {
+ bool bOK = true;
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_MODULUS), modulus);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_PUBLIC_EXPONENT), publicExponent);
+ if (!bOK)
+ return CKR_GENERAL_ERROR;
+ }
+ else
+ {
+ modulus = key->getByteStringValue(CKA_MODULUS);
+ publicExponent = key->getByteStringValue(CKA_PUBLIC_EXPONENT);
+ }
+
+ publicKey->setN(modulus);
+ publicKey->setE(publicExponent);
+
+ return CKR_OK;
+}
+
+CK_RV SoftHSM::getDSAPrivateKey(DSAPrivateKey* privateKey, Token* token, OSObject* key)
+{
+ if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
+ if (token == NULL) return CKR_ARGUMENTS_BAD;
+ if (key == NULL) return CKR_ARGUMENTS_BAD;
+
+ // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
+ bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
+
+ // DSA Private Key Attributes
+ ByteString prime;
+ ByteString subprime;
+ ByteString generator;
+ ByteString value;
+ if (isKeyPrivate)
+ {
+ bool bOK = true;
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_PRIME), prime);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_SUBPRIME), subprime);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_BASE), generator);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), value);
+ if (!bOK)
+ return CKR_GENERAL_ERROR;
+ }
+ else
+ {
+ prime = key->getByteStringValue(CKA_PRIME);
+ subprime = key->getByteStringValue(CKA_SUBPRIME);
+ generator = key->getByteStringValue(CKA_BASE);
+ value = key->getByteStringValue(CKA_VALUE);
+ }
+
+ privateKey->setP(prime);
+ privateKey->setQ(subprime);
+ privateKey->setG(generator);
+ privateKey->setX(value);
+
+ return CKR_OK;
+}
+
+CK_RV SoftHSM::getDSAPublicKey(DSAPublicKey* publicKey, Token* token, OSObject* key)
+{
+ if (publicKey == NULL) return CKR_ARGUMENTS_BAD;
+ if (token == NULL) return CKR_ARGUMENTS_BAD;
+ if (key == NULL) return CKR_ARGUMENTS_BAD;
+
+ // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
+ bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
+
+ // DSA Public Key Attributes
+ ByteString prime;
+ ByteString subprime;
+ ByteString generator;
+ ByteString value;
+ if (isKeyPrivate)
+ {
+ bool bOK = true;
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_PRIME), prime);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_SUBPRIME), subprime);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_BASE), generator);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), value);
+ if (!bOK)
+ return CKR_GENERAL_ERROR;
+ }
+ else
+ {
+ prime = key->getByteStringValue(CKA_PRIME);
+ subprime = key->getByteStringValue(CKA_SUBPRIME);
+ generator = key->getByteStringValue(CKA_BASE);
+ value = key->getByteStringValue(CKA_VALUE);
+ }
+
+ publicKey->setP(prime);
+ publicKey->setQ(subprime);
+ publicKey->setG(generator);
+ publicKey->setY(value);
+
+ return CKR_OK;
+}
+
+CK_RV SoftHSM::getECPrivateKey(ECPrivateKey* privateKey, Token* token, OSObject* key)
+{
+ if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
+ if (token == NULL) return CKR_ARGUMENTS_BAD;
+ if (key == NULL) return CKR_ARGUMENTS_BAD;
+
+ // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
+ bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
+
+ // EC Private Key Attributes
+ ByteString group;
+ ByteString value;
+ if (isKeyPrivate)
+ {
+ bool bOK = true;
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_EC_PARAMS), group);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), value);
+ if (!bOK)
+ return CKR_GENERAL_ERROR;
+ }
+ else
+ {
+ group = key->getByteStringValue(CKA_EC_PARAMS);
+ value = key->getByteStringValue(CKA_VALUE);
+ }
+
+ privateKey->setEC(group);
+ privateKey->setD(value);
+
+ return CKR_OK;
+}
+
+CK_RV SoftHSM::getECPublicKey(ECPublicKey* publicKey, Token* token, OSObject* key)
+{
+ if (publicKey == NULL) return CKR_ARGUMENTS_BAD;
+ if (token == NULL) return CKR_ARGUMENTS_BAD;
+ if (key == NULL) return CKR_ARGUMENTS_BAD;
+
+ // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
+ bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
+
+ // EC Public Key Attributes
+ ByteString group;
+ ByteString point;
+ if (isKeyPrivate)
+ {
+ bool bOK = true;
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_EC_PARAMS), group);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_EC_POINT), point);
+ if (!bOK)
+ return CKR_GENERAL_ERROR;
+ }
+ else
+ {
+ group = key->getByteStringValue(CKA_EC_PARAMS);
+ point = key->getByteStringValue(CKA_EC_POINT);
+ }
+
+ publicKey->setEC(group);
+ publicKey->setQ(point);
+
+ return CKR_OK;
+}
+
+CK_RV SoftHSM::getDHPrivateKey(DHPrivateKey* privateKey, Token* token, OSObject* key)
+{
+ if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
+ if (token == NULL) return CKR_ARGUMENTS_BAD;
+ if (key == NULL) return CKR_ARGUMENTS_BAD;
+
+ // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
+ bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
+
+ // DH Private Key Attributes
+ ByteString prime;
+ ByteString generator;
+ ByteString value;
+ if (isKeyPrivate)
+ {
+ bool bOK = true;
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_PRIME), prime);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_BASE), generator);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), value);
+ if (!bOK)
+ return CKR_GENERAL_ERROR;
+ }
+ else
+ {
+ prime = key->getByteStringValue(CKA_PRIME);
+ generator = key->getByteStringValue(CKA_BASE);
+ value = key->getByteStringValue(CKA_VALUE);
+ }
+
+ privateKey->setP(prime);
+ privateKey->setG(generator);
+ privateKey->setX(value);
+
+ return CKR_OK;
+}
+
+CK_RV SoftHSM::getDHPublicKey(DHPublicKey* publicKey, DHPrivateKey* privateKey, ByteString& pubParams)
+{
+ if (publicKey == NULL) return CKR_ARGUMENTS_BAD;
+ if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
+
+ // Copy Domain Parameters from Private Key
+ publicKey->setP(privateKey->getP());
+ publicKey->setG(privateKey->getG());
+
+ // Set value
+ publicKey->setY(pubParams);
+
+ return CKR_OK;
+}
+
+CK_RV SoftHSM::getECDHPublicKey(ECPublicKey* publicKey, ECPrivateKey* privateKey, ByteString& pubData)
+{
+ if (publicKey == NULL) return CKR_ARGUMENTS_BAD;
+ if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
+
+ // Copy Domain Parameters from Private Key
+ publicKey->setEC(privateKey->getEC());
+
+ // Set value
+ ByteString data = getECDHPubData(pubData);
+ publicKey->setQ(data);
+
+ return CKR_OK;
+}
+
+// ECDH pubData can be in RAW or DER format.
+// Need to convert RAW as SoftHSM uses DER.
+ByteString SoftHSM::getECDHPubData(ByteString& pubData)
+{
+ size_t len = pubData.size();
+ size_t controlOctets = 2;
+ if (len == 65 || len == 97 || len == 133)
+ {
+ // Raw: Length matches the public key size of P-256, P-384, or P-521
+ controlOctets = 0;
+ }
+ else if (len < controlOctets || pubData[0] != 0x04)
+ {
+ // Raw: Too short or does not start with 0x04
+ controlOctets = 0;
+ }
+ else if (pubData[1] < 0x80)
+ {
+ // Raw: Length octet does not match remaining data length
+ if (pubData[1] != (len - controlOctets)) controlOctets = 0;
+ }
+ else
+ {
+ size_t lengthOctets = pubData[1] & 0x7F;
+ controlOctets += lengthOctets;
+
+ if (controlOctets >= len)
+ {
+ // Raw: Too short
+ controlOctets = 0;
+ }
+ else
+ {
+ ByteString length(&pubData[2], lengthOctets);
+
+ if (length.long_val() != (len - controlOctets))
+ {
+ // Raw: Length octets does not match remaining data length
+ controlOctets = 0;
+ }
+ }
+ }
+
+ // DER format
+ if (controlOctets != 0) return pubData;
+
+ // RAW format
+ ByteString header;
+ if (len < 0x80)
+ {
+ header.resize(2);
+ header[0] = (unsigned char)0x04;
+ header[1] = (unsigned char)(len & 0x7F);
+ }
+ else
+ {
+ // Count significate bytes
+ size_t bytes = sizeof(size_t);
+ for(; bytes > 0; bytes--)
+ {
+ size_t value = len >> ((bytes - 1) * 8);
+ if (value & 0xFF) break;
+ }
+
+ // Set header data
+ header.resize(2 + bytes);
+ header[0] = (unsigned char)0x04;
+ header[1] = (unsigned char)(0x80 | bytes);
+ for (size_t i = 1; i <= bytes; i++)
+ {
+ header[2+bytes-i] = (unsigned char) (len & 0xFF);
+ len >>= 8;
+ }
+ }
+
+ return header + pubData;
+}
+
+CK_RV SoftHSM::getGOSTPrivateKey(GOSTPrivateKey* privateKey, Token* token, OSObject* key)
+{
+ if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
+ if (token == NULL) return CKR_ARGUMENTS_BAD;
+ if (key == NULL) return CKR_ARGUMENTS_BAD;
+
+ // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
+ bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
+
+ // GOST Private Key Attributes
+ ByteString value;
+ ByteString param;
+ if (isKeyPrivate)
+ {
+ bool bOK = true;
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), value);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_GOSTR3410_PARAMS), param);
+ if (!bOK)
+ return CKR_GENERAL_ERROR;
+ }
+ else
+ {
+ value = key->getByteStringValue(CKA_VALUE);
+ param = key->getByteStringValue(CKA_GOSTR3410_PARAMS);
+ }
+
+ privateKey->setD(value);
+ privateKey->setEC(param);
+
+ return CKR_OK;
+}
+
+CK_RV SoftHSM::getGOSTPublicKey(GOSTPublicKey* publicKey, Token* token, OSObject* key)
+{
+ if (publicKey == NULL) return CKR_ARGUMENTS_BAD;
+ if (token == NULL) return CKR_ARGUMENTS_BAD;
+ if (key == NULL) return CKR_ARGUMENTS_BAD;
+
+ // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
+ bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
+
+ // GOST Public Key Attributes
+ ByteString point;
+ ByteString param;
+ if (isKeyPrivate)
+ {
+ bool bOK = true;
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), point);
+ bOK = bOK && token->decrypt(key->getByteStringValue(CKA_GOSTR3410_PARAMS), param);
+ if (!bOK)
+ return CKR_GENERAL_ERROR;
+ }
+ else
+ {
+ point = key->getByteStringValue(CKA_VALUE);
+ param = key->getByteStringValue(CKA_GOSTR3410_PARAMS);
+ }
+
+ publicKey->setQ(point);
+ publicKey->setEC(param);
+
+ return CKR_OK;
+}
+
+CK_RV SoftHSM::getSymmetricKey(SymmetricKey* skey, Token* token, OSObject* key)
+{
+ if (skey == NULL) return CKR_ARGUMENTS_BAD;
+ if (token == NULL) return CKR_ARGUMENTS_BAD;
+ if (key == NULL) return CKR_ARGUMENTS_BAD;
+
+ // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
+ bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
+
+ ByteString keybits;
+ if (isKeyPrivate)
+ {
+ if (!token->decrypt(key->getByteStringValue(CKA_VALUE), keybits))
+ return CKR_GENERAL_ERROR;
+ }
+ else
+ {
+ keybits = key->getByteStringValue(CKA_VALUE);
+ }
+
+ skey->setKeyBits(keybits);
+
+ return CKR_OK;
+}
+
+bool SoftHSM::setRSAPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const
+{
+ AsymmetricAlgorithm* rsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::RSA);
+ if (rsa == NULL)
+ return false;
+ PrivateKey* priv = rsa->newPrivateKey();
+ if (priv == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(rsa);
+ return false;
+ }
+ if (!priv->PKCS8Decode(ber))
+ {
+ rsa->recyclePrivateKey(priv);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(rsa);
+ return false;
+ }
+ // RSA Private Key Attributes
+ ByteString modulus;
+ ByteString publicExponent;
+ ByteString privateExponent;
+ ByteString prime1;
+ ByteString prime2;
+ ByteString exponent1;
+ ByteString exponent2;
+ ByteString coefficient;
+ if (isPrivate)
+ {
+ token->encrypt(((RSAPrivateKey*)priv)->getN(), modulus);
+ token->encrypt(((RSAPrivateKey*)priv)->getE(), publicExponent);
+ token->encrypt(((RSAPrivateKey*)priv)->getD(), privateExponent);
+ token->encrypt(((RSAPrivateKey*)priv)->getP(), prime1);
+ token->encrypt(((RSAPrivateKey*)priv)->getQ(), prime2);
+ token->encrypt(((RSAPrivateKey*)priv)->getDP1(), exponent1);
+ token->encrypt(((RSAPrivateKey*)priv)->getDQ1(), exponent2);
+ token->encrypt(((RSAPrivateKey*)priv)->getPQ(), coefficient);
+ }
+ else
+ {
+ modulus = ((RSAPrivateKey*)priv)->getN();
+ publicExponent = ((RSAPrivateKey*)priv)->getE();
+ privateExponent = ((RSAPrivateKey*)priv)->getD();
+ prime1 = ((RSAPrivateKey*)priv)->getP();
+ prime2 = ((RSAPrivateKey*)priv)->getQ();
+ exponent1 = ((RSAPrivateKey*)priv)->getDP1();
+ exponent2 = ((RSAPrivateKey*)priv)->getDQ1();
+ coefficient = ((RSAPrivateKey*)priv)->getPQ();
+ }
+ bool bOK = true;
+ bOK = bOK && key->setAttribute(CKA_MODULUS, modulus);
+ bOK = bOK && key->setAttribute(CKA_PUBLIC_EXPONENT, publicExponent);
+ bOK = bOK && key->setAttribute(CKA_PRIVATE_EXPONENT, privateExponent);
+ bOK = bOK && key->setAttribute(CKA_PRIME_1, prime1);
+ bOK = bOK && key->setAttribute(CKA_PRIME_2, prime2);
+ bOK = bOK && key->setAttribute(CKA_EXPONENT_1,exponent1);
+ bOK = bOK && key->setAttribute(CKA_EXPONENT_2, exponent2);
+ bOK = bOK && key->setAttribute(CKA_COEFFICIENT, coefficient);
+
+ rsa->recyclePrivateKey(priv);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(rsa);
+
+ return bOK;
+}
+
+bool SoftHSM::setDSAPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const
+{
+ AsymmetricAlgorithm* dsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DSA);
+ if (dsa == NULL)
+ return false;
+ PrivateKey* priv = dsa->newPrivateKey();
+ if (priv == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dsa);
+ return false;
+ }
+ if (!priv->PKCS8Decode(ber))
+ {
+ dsa->recyclePrivateKey(priv);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dsa);
+ return false;
+ }
+ // DSA Private Key Attributes
+ ByteString prime;
+ ByteString subprime;
+ ByteString generator;
+ ByteString value;
+ if (isPrivate)
+ {
+ token->encrypt(((DSAPrivateKey*)priv)->getP(), prime);
+ token->encrypt(((DSAPrivateKey*)priv)->getQ(), subprime);
+ token->encrypt(((DSAPrivateKey*)priv)->getG(), generator);
+ token->encrypt(((DSAPrivateKey*)priv)->getX(), value);
+ }
+ else
+ {
+ prime = ((DSAPrivateKey*)priv)->getP();
+ subprime = ((DSAPrivateKey*)priv)->getQ();
+ generator = ((DSAPrivateKey*)priv)->getG();
+ value = ((DSAPrivateKey*)priv)->getX();
+ }
+ bool bOK = true;
+ bOK = bOK && key->setAttribute(CKA_PRIME, prime);
+ bOK = bOK && key->setAttribute(CKA_SUBPRIME, subprime);
+ bOK = bOK && key->setAttribute(CKA_BASE, generator);
+ bOK = bOK && key->setAttribute(CKA_VALUE, value);
+
+ dsa->recyclePrivateKey(priv);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dsa);
+
+ return bOK;
+}
+
+bool SoftHSM::setDHPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const
+{
+ AsymmetricAlgorithm* dh = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DH);
+ if (dh == NULL)
+ return false;
+ PrivateKey* priv = dh->newPrivateKey();
+ if (priv == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
+ return false;
+ }
+ if (!priv->PKCS8Decode(ber))
+ {
+ dh->recyclePrivateKey(priv);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
+ return false;
+ }
+ // DH Private Key Attributes
+ ByteString prime;
+ ByteString generator;
+ ByteString value;
+ if (isPrivate)
+ {
+ token->encrypt(((DHPrivateKey*)priv)->getP(), prime);
+ token->encrypt(((DHPrivateKey*)priv)->getG(), generator);
+ token->encrypt(((DHPrivateKey*)priv)->getX(), value);
+ }
+ else
+ {
+ prime = ((DHPrivateKey*)priv)->getP();
+ generator = ((DHPrivateKey*)priv)->getG();
+ value = ((DHPrivateKey*)priv)->getX();
+ }
+ bool bOK = true;
+ bOK = bOK && key->setAttribute(CKA_PRIME, prime);
+ bOK = bOK && key->setAttribute(CKA_BASE, generator);
+ bOK = bOK && key->setAttribute(CKA_VALUE, value);
+
+ dh->recyclePrivateKey(priv);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
+
+ return bOK;
+}
+bool SoftHSM::setECPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const
+{
+ AsymmetricAlgorithm* ecc = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::ECDSA);
+ if (ecc == NULL)
+ return false;
+ PrivateKey* priv = ecc->newPrivateKey();
+ if (priv == NULL)
+ {
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(ecc);
+ return false;
+ }
+ if (!priv->PKCS8Decode(ber))
+ {
+ ecc->recyclePrivateKey(priv);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(ecc);
+ return false;
+ }
+ // EC Private Key Attributes
+ ByteString group;
+ ByteString value;
+ if (isPrivate)
+ {
+ token->encrypt(((ECPrivateKey*)priv)->getEC(), group);
+ token->encrypt(((ECPrivateKey*)priv)->getD(), value);
+ }
+ else
+ {
+ group = ((ECPrivateKey*)priv)->getEC();
+ value = ((ECPrivateKey*)priv)->getD();
+ }
+ bool bOK = true;
+ bOK = bOK && key->setAttribute(CKA_EC_PARAMS, group);
+ bOK = bOK && key->setAttribute(CKA_VALUE, value);
+
+ ecc->recyclePrivateKey(priv);
+ CryptoFactory::i()->recycleAsymmetricAlgorithm(ecc);
+
+ return bOK;
+}
+
+CK_RV SoftHSM::MechParamCheckRSAPKCSOAEP(CK_MECHANISM_PTR pMechanism)
+{
+ // This is a programming error
+ if (pMechanism->mechanism != CKM_RSA_PKCS_OAEP) {
+ ERROR_MSG("MechParamCheckRSAPKCSOAEP called on wrong mechanism");
+ return CKR_GENERAL_ERROR;
+ }
+
+ if (pMechanism->pParameter == NULL_PTR ||
+ pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS))
+ {
+ ERROR_MSG("pParameter must be of type CK_RSA_PKCS_OAEP_PARAMS");
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ CK_RSA_PKCS_OAEP_PARAMS_PTR params = (CK_RSA_PKCS_OAEP_PARAMS_PTR)pMechanism->pParameter;
+ if (params->hashAlg != CKM_SHA_1)
+ {
+ ERROR_MSG("hashAlg must be CKM_SHA_1");
+ return CKR_ARGUMENTS_BAD;
+ }
+ if (params->mgf != CKG_MGF1_SHA1)
+ {
+ ERROR_MSG("mgf must be CKG_MGF1_SHA1");
+ return CKR_ARGUMENTS_BAD;
+ }
+ if (params->source != CKZ_DATA_SPECIFIED)
+ {
+ ERROR_MSG("source must be CKZ_DATA_SPECIFIED");
+ return CKR_ARGUMENTS_BAD;
+ }
+ if (params->pSourceData != NULL)
+ {
+ ERROR_MSG("pSourceData must be NULL");
+ return CKR_ARGUMENTS_BAD;
+ }
+ if (params->ulSourceDataLen != 0)
+ {
+ ERROR_MSG("ulSourceDataLen must be 0");
+ return CKR_ARGUMENTS_BAD;
+ }
+ return CKR_OK;
+}
+
+bool SoftHSM::isMechanismPermitted(OSObject* key, CK_MECHANISM_PTR pMechanism) {
+ OSAttribute attribute = key->getAttribute(CKA_ALLOWED_MECHANISMS);
+ std::set<CK_MECHANISM_TYPE> allowed = attribute.getMechanismTypeSetValue();
+ if (allowed.empty()) {
+ return true;
+ }
+
+ return allowed.find(pMechanism->mechanism) != allowed.end();
+}