sustaining/oi_151a/sfw-gate: usr/src/lib/openssl/Patches/pkcs11-engine/hw_pk11

0 b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2	* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	3	* Use is subject to license terms.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	4	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	5
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	6	#pragma ident "@(#)hw_pk11_pub.c 1.1 09/08/27 SMI"
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	7
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	8	/* crypto/engine/hw_pk11_pub.c */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	9	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	10	* This product includes software developed by the OpenSSL Project for
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	11	* use in the OpenSSL Toolkit (http://www.openssl.org/).
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	12	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	13	* This project also referenced hw_pkcs11-0.9.7b.patch written by
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	14	* Afchine Madjlessi.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	15	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	16	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	17	* ====================================================================
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	18	* Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	19	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	20	* Redistribution and use in source and binary forms, with or without
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	21	* modification, are permitted provided that the following conditions
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	22	* are met:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	23	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	24	* 1. Redistributions of source code must retain the above copyright
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	25	* notice, this list of conditions and the following disclaimer.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	26	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	27	* 2. Redistributions in binary form must reproduce the above copyright
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	28	* notice, this list of conditions and the following disclaimer in
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	29	* the documentation and/or other materials provided with the
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	30	* distribution.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	31	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	32	* 3. All advertising materials mentioning features or use of this
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	33	* software must display the following acknowledgment:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	34	* "This product includes software developed by the OpenSSL Project
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	35	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	36	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	37	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	38	* endorse or promote products derived from this software without
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	39	* prior written permission. For written permission, please contact
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	40	* [email protected].
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	41	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	42	* 5. Products derived from this software may not be called "OpenSSL"
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	43	* nor may "OpenSSL" appear in their names without prior written
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	44	* permission of the OpenSSL Project.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	45	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	46	* 6. Redistributions of any form whatsoever must retain the following
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	47	* acknowledgment:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	48	* "This product includes software developed by the OpenSSL Project
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	49	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	50	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	51	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	52	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	53	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	54	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	55	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	56	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	57	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	58	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	59	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	60	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	61	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	62	* OF THE POSSIBILITY OF SUCH DAMAGE.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	63	* ====================================================================
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	64	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	65	* This product includes cryptographic software written by Eric Young
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	66	* ([email protected]). This product includes software written by Tim
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	67	* Hudson ([email protected]).
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	68	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	69	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	70
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	71	#include <stdio.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	72	#include <stdlib.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	73	#include <string.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	74	#include <sys/types.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	75	#include <unistd.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	76
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	77	#include <openssl/e_os2.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	78	#include <openssl/crypto.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	79	#include <openssl/engine.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	80	#include <openssl/dso.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	81	#include <openssl/err.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	82	#include <openssl/bn.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	83	#include <openssl/pem.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	84	#ifndef OPENSSL_NO_RSA
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	85	#include <openssl/rsa.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	86	#endif /* OPENSSL_NO_RSA */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	87	#ifndef OPENSSL_NO_DSA
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	88	#include <openssl/dsa.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	89	#endif /* OPENSSL_NO_DSA */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	90	#ifndef OPENSSL_NO_DH
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	91	#include <openssl/dh.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	92	#endif /* OPENSSL_NO_DH */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	93	#include <openssl/rand.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	94	#include <openssl/objects.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	95	#include <openssl/x509.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	96	#include <cryptlib.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	97	#include <pthread.h>
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	98
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	99	#ifndef OPENSSL_NO_HW
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	100	#ifndef OPENSSL_NO_HW_PK11
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	101
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	102	#include "cryptoki.h"
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	103	#include "pkcs11.h"
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	104	#include "hw_pk11_err.h"
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	105
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	106	#ifndef OPENSSL_NO_RSA
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	107	/* RSA stuff */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	108	static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	109	unsigned char to, RSA rsa, int padding);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	110	static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	111	unsigned char to, RSA rsa, int padding);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	112	static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	113	unsigned char to, RSA rsa, int padding);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	114	static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	115	unsigned char to, RSA rsa, int padding);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	116	static int pk11_RSA_init(RSA *rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	117	static int pk11_RSA_finish(RSA *rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	118	static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	119	unsigned char sigret, unsigned int siglen, const RSA *rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	120	static int pk11_RSA_verify(int dtype, const unsigned char *m,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	121	unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	122	const RSA *rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	123	EVP_PKEY pk11_load_privkey(ENGINE, const char *pubkey_file,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	124	UI_METHOD ui_method, void callback_data);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	125	EVP_PKEY pk11_load_pubkey(ENGINE, const char *pubkey_file,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	126	UI_METHOD ui_method, void callback_data);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	127
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	128	static int pk11_RSA_public_encrypt_low(int flen, const unsigned char *from,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	129	unsigned char to, RSA rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	130	static int pk11_RSA_private_encrypt_low(int flen, const unsigned char *from,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	131	unsigned char to, RSA rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	132	static int pk11_RSA_public_decrypt_low(int flen, const unsigned char *from,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	133	unsigned char to, RSA rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	134	static int pk11_RSA_private_decrypt_low(int flen, const unsigned char *from,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	135	unsigned char to, RSA rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	136
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	137	static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, RSA** key_ptr,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	138	BIGNUM rsa_n_num, BIGNUM rsa_e_num, CK_SESSION_HANDLE session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	139	static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, RSA** key_ptr,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	140	BIGNUM **rsa_d_num, CK_SESSION_HANDLE session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	141
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	142	static int check_new_rsa_key_pub(PK11_SESSION sp, const RSA rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	143	static int check_new_rsa_key_priv(PK11_SESSION sp, const RSA rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	144	#endif
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	145
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	146	/* DSA stuff */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	147	#ifndef OPENSSL_NO_DSA
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	148	static int pk11_DSA_init(DSA *dsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	149	static int pk11_DSA_finish(DSA *dsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	150	static DSA_SIG pk11_dsa_do_sign(const unsigned char dgst, int dlen,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	151	DSA *dsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	152	static int pk11_dsa_do_verify(const unsigned char *dgst, int dgst_len,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	153	DSA_SIG sig, DSA dsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	154
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	155	static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa, DSA **key_ptr,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	156	BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	157	static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa, DSA **key_ptr,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	158	BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	159
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	160	static int check_new_dsa_key_pub(PK11_SESSION sp, DSA dsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	161	static int check_new_dsa_key_priv(PK11_SESSION sp, DSA dsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	162	#endif
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	163
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	164	/* DH stuff */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	165	#ifndef OPENSSL_NO_DH
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	166	static int pk11_DH_init(DH *dh);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	167	static int pk11_DH_finish(DH *dh);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	168	static int pk11_DH_generate_key(DH *dh);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	169	static int pk11_DH_compute_key(unsigned char *key,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	170	const BIGNUM pub_key, DH dh);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	171
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	172	static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh, DH **key_ptr,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	173	BIGNUM **priv_key, CK_SESSION_HANDLE session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	174
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	175	static int check_new_dh_key(PK11_SESSION sp, DH dh);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	176	#endif
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	177
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	178	static int init_template_value(BIGNUM bn, CK_VOID_PTR pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	179	CK_ULONG *ulValueLen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	180
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	181	/* Read mode string to be used for fopen() */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	182	#if SOLARIS_OPENSSL
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	183	static char *read_mode_flags = "rF";
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	184	#else
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	185	static char *read_mode_flags = "r";
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	186	#endif
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	187
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	188	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	189	* increment/create reference for an asymmetric key handle via active list
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	190	* manipulation. If active list operation fails, unlock (if locked), set error
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	191	* variable and jump to the specified label.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	192	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	193	#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	194	{ \
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	195	if (pk11_active_add(key_handle, alg_type) < 0) \
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	196	{ \
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	197	var = TRUE; \
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	198	if (unlock) \
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	199	UNLOCK_OBJSTORE(alg_type); \
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	200	goto label; \
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	201	} \
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	202	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	203
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	204	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	205	* Find active list entry according to object handle and return pointer to the
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	206	* entry otherwise return NULL.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	207	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	208	* This function presumes it is called with lock protecting the active list
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	209	* held.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	210	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	211	static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	212	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	213	PK11_active *entry;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	214
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	215	for (entry = active_list[type]; entry != NULL; entry = entry->next)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	216	if (entry->h == h)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	217	return (entry);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	218
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	219	return (NULL);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	220	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	221
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	222	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	223	* Search for an entry in the active list using PKCS#11 object handle as a
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	224	* search key and return refcnt of the found/created entry or -1 in case of
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	225	* failure.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	226	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	227	* This function presumes it is called with lock protecting the active list
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	228	* held.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	229	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	230	int
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	231	pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	232	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	233	PK11_active *entry = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	234
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	235	if (h == CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	236	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	237	PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	238	return (-1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	239	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	240
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	241	/* search for entry in the active list */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	242	if ((entry = pk11_active_find(h, type)) != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	243	entry->refcnt++;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	244	else
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	245	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	246	/* not found, create new entry and add it to the list */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	247	entry = OPENSSL_malloc(sizeof (PK11_active));
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	248	if (entry == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	249	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	250	PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	251	return (-1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	252	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	253	entry->h = h;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	254	entry->refcnt = 1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	255	entry->prev = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	256	entry->next = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	257	/* connect the newly created entry to the list */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	258	if (active_list[type] == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	259	active_list[type] = entry;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	260	else /* make the entry first in the list */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	261	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	262	entry->next = active_list[type];
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	263	active_list[type]->prev = entry;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	264	active_list[type] = entry;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	265	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	266	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	267
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	268	return (entry->refcnt);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	269	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	270
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	271	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	272	* Remove active list entry from the list and free it.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	273	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	274	* This function presumes it is called with lock protecting the active list
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	275	* held.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	276	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	277	void
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	278	pk11_active_remove(PK11_active *entry, PK11_OPTYPE type)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	279	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	280	PK11_active *prev_entry;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	281
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	282	/* remove the entry from the list and free it */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	283	if ((prev_entry = entry->prev) != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	284	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	285	prev_entry->next = entry->next;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	286	if (entry->next != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	287	entry->next->prev = prev_entry;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	288	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	289	else
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	290	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	291	active_list[type] = entry->next;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	292	/* we were the first but not the only one */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	293	if (entry->next != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	294	entry->next->prev = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	295	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	296
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	297	/* sanitization */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	298	entry->h = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	299	entry->prev = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	300	entry->next = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	301	OPENSSL_free(entry);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	302	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	303
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	304	/* Free all entries from the active list. */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	305	void
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	306	pk11_free_active_list(PK11_OPTYPE type)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	307	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	308	PK11_active *entry;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	309
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	310	/* only for asymmetric types since only they have C_Find* locks. */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	311	switch (type)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	312	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	313	case OP_RSA:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	314	case OP_DSA:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	315	case OP_DH:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	316	break;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	317	default:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	318	return;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	319	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	320
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	321	/* see find_lock array definition for more info on object locking */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	322	LOCK_OBJSTORE(type);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	323	while ((entry = active_list[type]) != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	324	pk11_active_remove(entry, type);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	325	UNLOCK_OBJSTORE(type);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	326	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	327
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	328	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	329	* Search for active list entry associated with given PKCS#11 object handle,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	330	* decrement its refcnt and if it drops to 0, disconnect the entry and free it.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	331	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	332	* Return 1 if the PKCS#11 object associated with the entry has no references,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	333	* return 0 if there is at least one reference, -1 on error.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	334	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	335	* This function presumes it is called with lock protecting the active list
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	336	* held.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	337	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	338	int
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	339	pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	340	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	341	PK11_active *entry = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	342
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	343	if ((entry = pk11_active_find(h, type)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	344	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	345	PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	346	return (-1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	347	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	348
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	349	OPENSSL_assert(entry->refcnt > 0);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	350	entry->refcnt--;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	351	if (entry->refcnt == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	352	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	353	pk11_active_remove(entry, type);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	354	return (1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	355	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	356
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	357	return (0);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	358	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	359
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	360	#ifndef OPENSSL_NO_RSA
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	361	/* Our internal RSA_METHOD that we provide pointers to */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	362	static RSA_METHOD pk11_rsa =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	363	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	364	"PKCS#11 RSA method",
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	365	pk11_RSA_public_encrypt, /* rsa_pub_encrypt */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	366	pk11_RSA_public_decrypt, /* rsa_pub_decrypt */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	367	pk11_RSA_private_encrypt, /* rsa_priv_encrypt */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	368	pk11_RSA_private_decrypt, /* rsa_priv_decrypt */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	369	NULL, /* rsa_mod_exp */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	370	NULL, /* bn_mod_exp */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	371	pk11_RSA_init, /* init */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	372	pk11_RSA_finish, /* finish */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	373	RSA_FLAG_SIGN_VER, /* flags */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	374	NULL, /* app_data */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	375	pk11_RSA_sign, /* rsa_sign */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	376	pk11_RSA_verify /* rsa_verify */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	377	};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	378
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	379	RSA_METHOD *
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	380	PK11_RSA(void)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	381	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	382	return (&pk11_rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	383	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	384	#endif
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	385
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	386	#ifndef OPENSSL_NO_DSA
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	387	/* Our internal DSA_METHOD that we provide pointers to */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	388	static DSA_METHOD pk11_dsa =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	389	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	390	"PKCS#11 DSA method",
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	391	pk11_dsa_do_sign, /* dsa_do_sign */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	392	NULL, /* dsa_sign_setup */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	393	pk11_dsa_do_verify, /* dsa_do_verify */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	394	NULL, /* dsa_mod_exp */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	395	NULL, /* bn_mod_exp */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	396	pk11_DSA_init, /* init */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	397	pk11_DSA_finish, /* finish */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	398	0, /* flags */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	399	NULL /* app_data */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	400	};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	401
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	402	DSA_METHOD *
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	403	PK11_DSA(void)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	404	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	405	return (&pk11_dsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	406	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	407	#endif
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	408
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	409	#ifndef OPENSSL_NO_DH
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	410	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	411	* PKCS #11 V2.20, section 11.2 specifies that the number of bytes needed for
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	412	* output buffer may somewhat exceed the precise number of bytes needed, but
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	413	* should not exceed it by a large amount. That may be caused, for example, by
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	414	* rounding it up to multiple of X in the underlying bignum library. 8 should be
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	415	* enough.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	416	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	417	#define DH_BUF_RESERVE 8
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	418
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	419	/* Our internal DH_METHOD that we provide pointers to */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	420	static DH_METHOD pk11_dh =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	421	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	422	"PKCS#11 DH method",
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	423	pk11_DH_generate_key, /* generate_key */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	424	pk11_DH_compute_key, /* compute_key */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	425	NULL, /* bn_mod_exp */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	426	pk11_DH_init, /* init */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	427	pk11_DH_finish, /* finish */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	428	0, /* flags */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	429	NULL, /* app_data */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	430	NULL /* generate_params */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	431	};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	432
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	433	DH_METHOD *
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	434	PK11_DH(void)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	435	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	436	return (&pk11_dh);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	437	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	438	#endif
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	439
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	440	/* Size of an SSL signature: MD5+SHA1 */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	441	#define SSL_SIG_LENGTH 36
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	442
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	443	/* Lengths of DSA data and signature */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	444	#define DSA_DATA_LEN 20
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	445	#define DSA_SIGNATURE_LEN 40
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	446
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	447	static CK_BBOOL true = TRUE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	448	static CK_BBOOL false = FALSE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	449
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	450	#ifndef OPENSSL_NO_RSA
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	451	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	452	* Similiar to OpenSSL to take advantage of the paddings. The goal is to
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	453	* support all paddings in this engine although PK11 library does not
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	454	* support all the paddings used in OpenSSL.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	455	* The input errors should have been checked in the padding functions.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	456	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	457	static int pk11_RSA_public_encrypt(int flen, const unsigned char *from,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	458	unsigned char to, RSA rsa, int padding)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	459	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	460	int i, num = 0, r = -1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	461	unsigned char *buf = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	462
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	463	num = BN_num_bytes(rsa->n);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	464	if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	465	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	466	RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	467	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	468	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	469
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	470	switch (padding)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	471	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	472	case RSA_PKCS1_PADDING:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	473	i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	474	break;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	475	#ifndef OPENSSL_NO_SHA
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	476	case RSA_PKCS1_OAEP_PADDING:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	477	i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	478	break;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	479	#endif
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	480	case RSA_SSLV23_PADDING:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	481	i = RSA_padding_add_SSLv23(buf, num, from, flen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	482	break;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	483	case RSA_NO_PADDING:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	484	i = RSA_padding_add_none(buf, num, from, flen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	485	break;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	486	default:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	487	RSAerr(PK11_F_RSA_PUB_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	488	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	489	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	490	if (i <= 0) goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	491
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	492	/* PK11 functions are called here */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	493	r = pk11_RSA_public_encrypt_low(num, buf, to, rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	494	err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	495	if (buf != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	496	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	497	OPENSSL_cleanse(buf, num);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	498	OPENSSL_free(buf);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	499	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	500	return (r);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	501	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	502
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	503
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	504	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	505	* Similar to Openssl to take advantage of the paddings. The input errors
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	506	* should be catched in the padding functions
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	507	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	508	static int pk11_RSA_private_encrypt(int flen, const unsigned char *from,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	509	unsigned char to, RSA rsa, int padding)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	510	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	511	int i, num = 0, r = -1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	512	unsigned char *buf = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	513
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	514	num = BN_num_bytes(rsa->n);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	515	if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	516	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	517	RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	518	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	519	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	520
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	521	switch (padding)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	522	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	523	case RSA_PKCS1_PADDING:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	524	i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	525	break;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	526	case RSA_NO_PADDING:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	527	i = RSA_padding_add_none(buf, num, from, flen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	528	break;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	529	case RSA_SSLV23_PADDING:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	530	default:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	531	RSAerr(PK11_F_RSA_PRIV_ENC, PK11_R_UNKNOWN_PADDING_TYPE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	532	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	533	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	534	if (i <= 0) goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	535
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	536	/* PK11 functions are called here */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	537	r = pk11_RSA_private_encrypt_low(num, buf, to, rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	538	err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	539	if (buf != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	540	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	541	OPENSSL_cleanse(buf, num);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	542	OPENSSL_free(buf);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	543	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	544	return (r);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	545	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	546
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	547	/* Similar to OpenSSL code. Input errors are also checked here */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	548	static int pk11_RSA_private_decrypt(int flen, const unsigned char *from,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	549	unsigned char to, RSA rsa, int padding)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	550	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	551	BIGNUM f;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	552	int j, num = 0, r = -1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	553	unsigned char *p;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	554	unsigned char *buf = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	555
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	556	BN_init(&f);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	557
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	558	num = BN_num_bytes(rsa->n);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	559
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	560	if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	561	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	562	RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	563	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	564	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	565
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	566	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	567	* This check was for equality but PGP does evil things
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	568	* and chops off the top '0' bytes
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	569	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	570	if (flen > num)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	571	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	572	RSAerr(PK11_F_RSA_PRIV_DEC,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	573	PK11_R_DATA_GREATER_THAN_MOD_LEN);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	574	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	575	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	576
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	577	/* make data into a big number */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	578	if (BN_bin2bn(from, (int)flen, &f) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	579	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	580
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	581	if (BN_ucmp(&f, rsa->n) >= 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	582	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	583	RSAerr(PK11_F_RSA_PRIV_DEC,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	584	PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	585	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	586	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	587
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	588	/* PK11 functions are called here */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	589	r = pk11_RSA_private_decrypt_low(flen, from, buf, rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	590
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	591	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	592	* PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	593	* Needs to skip these 0's paddings here.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	594	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	595	for (j = 0; j < r; j++)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	596	if (buf[j] != 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	597	break;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	598
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	599	p = buf + j;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	600	j = r - j; /* j is only used with no-padding mode */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	601
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	602	switch (padding)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	603	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	604	case RSA_PKCS1_PADDING:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	605	r = RSA_padding_check_PKCS1_type_2(to, num, p, j, num);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	606	break;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	607	#ifndef OPENSSL_NO_SHA
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	608	case RSA_PKCS1_OAEP_PADDING:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	609	r = RSA_padding_check_PKCS1_OAEP(to, num, p, j, num, NULL, 0);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	610	break;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	611	#endif
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	612	case RSA_SSLV23_PADDING:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	613	r = RSA_padding_check_SSLv23(to, num, p, j, num);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	614	break;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	615	case RSA_NO_PADDING:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	616	r = RSA_padding_check_none(to, num, p, j, num);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	617	break;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	618	default:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	619	RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	620	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	621	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	622	if (r < 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	623	RSAerr(PK11_F_RSA_PRIV_DEC, PK11_R_PADDING_CHECK_FAILED);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	624
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	625	err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	626	BN_clear_free(&f);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	627	if (buf != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	628	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	629	OPENSSL_cleanse(buf, num);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	630	OPENSSL_free(buf);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	631	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	632	return (r);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	633	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	634
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	635	/* Similar to OpenSSL code. Input errors are also checked here */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	636	static int pk11_RSA_public_decrypt(int flen, const unsigned char *from,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	637	unsigned char to, RSA rsa, int padding)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	638	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	639	BIGNUM f;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	640	int i, num = 0, r = -1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	641	unsigned char *p;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	642	unsigned char *buf = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	643
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	644	BN_init(&f);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	645	num = BN_num_bytes(rsa->n);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	646	buf = (unsigned char *)OPENSSL_malloc(num);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	647	if (buf == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	648	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	649	RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	650	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	651	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	652
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	653	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	654	* This check was for equality but PGP does evil things
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	655	* and chops off the top '0' bytes
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	656	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	657	if (flen > num)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	658	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	659	RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_DATA_GREATER_THAN_MOD_LEN);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	660	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	661	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	662
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	663	if (BN_bin2bn(from, flen, &f) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	664	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	665
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	666	if (BN_ucmp(&f, rsa->n) >= 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	667	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	668	RSAerr(PK11_F_RSA_PUB_DEC,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	669	PK11_R_DATA_TOO_LARGE_FOR_MODULUS);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	670	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	671	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	672
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	673	/* PK11 functions are called here */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	674	r = pk11_RSA_public_decrypt_low(flen, from, buf, rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	675
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	676	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	677	* PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	678	* Needs to skip these 0's here
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	679	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	680	for (i = 0; i < r; i++)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	681	if (buf[i] != 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	682	break;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	683
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	684	p = buf + i;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	685	i = r - i; /* i is only used with no-padding mode */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	686
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	687	switch (padding)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	688	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	689	case RSA_PKCS1_PADDING:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	690	r = RSA_padding_check_PKCS1_type_1(to, num, p, i, num);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	691	break;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	692	case RSA_NO_PADDING:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	693	r = RSA_padding_check_none(to, num, p, i, num);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	694	break;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	695	default:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	696	RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_UNKNOWN_PADDING_TYPE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	697	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	698	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	699	if (r < 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	700	RSAerr(PK11_F_RSA_PUB_DEC, PK11_R_PADDING_CHECK_FAILED);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	701
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	702	err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	703	BN_clear_free(&f);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	704	if (buf != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	705	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	706	OPENSSL_cleanse(buf, num);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	707	OPENSSL_free(buf);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	708	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	709	return (r);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	710	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	711
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	712	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	713	* This function implements RSA public encryption using C_EncryptInit and
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	714	* C_Encrypt pk11 interfaces. Note that the CKM_RSA_X_509 is used here.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	715	* The calling function allocated sufficient memory in "to" to store results.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	716	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	717	static int pk11_RSA_public_encrypt_low(int flen,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	718	const unsigned char from, unsigned char to, RSA *rsa)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	719	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	720	CK_ULONG bytes_encrypted = flen;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	721	int retval = -1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	722	CK_RV rv;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	723	CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	724	CK_MECHANISM *p_mech = &mech_rsa;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	725	CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	726	PK11_SESSION *sp;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	727
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	728	if ((sp = pk11_get_session(OP_RSA)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	729	return (-1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	730
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	731	(void) check_new_rsa_key_pub(sp, rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	732
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	733	h_pub_key = sp->opdata_rsa_pub_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	734	if (h_pub_key == CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	735	h_pub_key = sp->opdata_rsa_pub_key =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	736	pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	737	&sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	738	sp->session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	739
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	740	if (h_pub_key != CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	741	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	742	rv = pFuncList->C_EncryptInit(sp->session, p_mech,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	743	h_pub_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	744
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	745	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	746	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	747	PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	748	PK11_R_ENCRYPTINIT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	749	pk11_return_session(sp, OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	750	return (-1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	751	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	752
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	753	rv = pFuncList->C_Encrypt(sp->session,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	754	(unsigned char *)from, flen, to, &bytes_encrypted);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	755
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	756	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	757	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	758	PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	759	PK11_R_ENCRYPT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	760	pk11_return_session(sp, OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	761	return (-1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	762	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	763	retval = bytes_encrypted;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	764	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	765
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	766	pk11_return_session(sp, OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	767	return (retval);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	768	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	769
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	770
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	771	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	772	* This function implements RSA private encryption using C_SignInit and
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	773	* C_Sign pk11 APIs. Note that CKM_RSA_X_509 is used here.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	774	* The calling function allocated sufficient memory in "to" to store results.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	775	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	776	static int pk11_RSA_private_encrypt_low(int flen,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	777	const unsigned char from, unsigned char to, RSA *rsa)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	778	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	779	CK_ULONG ul_sig_len = flen;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	780	int retval = -1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	781	CK_RV rv;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	782	CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	783	CK_MECHANISM *p_mech = &mech_rsa;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	784	CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	785	PK11_SESSION *sp;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	786
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	787	if ((sp = pk11_get_session(OP_RSA)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	788	return (-1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	789
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	790	(void) check_new_rsa_key_priv(sp, rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	791
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	792	h_priv_key = sp->opdata_rsa_priv_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	793	if (h_priv_key == CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	794	h_priv_key = sp->opdata_rsa_priv_key =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	795	pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	796	&sp->opdata_rsa_d_num, sp->session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	797
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	798	if (h_priv_key != CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	799	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	800	rv = pFuncList->C_SignInit(sp->session, p_mech,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	801	h_priv_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	802
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	803	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	804	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	805	PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	806	PK11_R_SIGNINIT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	807	pk11_return_session(sp, OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	808	return (-1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	809	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	810
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	811	rv = pFuncList->C_Sign(sp->session,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	812	(unsigned char *)from, flen, to, &ul_sig_len);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	813
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	814	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	815	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	816	PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW, PK11_R_SIGN,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	817	rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	818	pk11_return_session(sp, OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	819	return (-1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	820	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	821
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	822	retval = ul_sig_len;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	823	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	824
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	825	pk11_return_session(sp, OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	826	return (retval);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	827	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	828
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	829
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	830	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	831	* This function implements RSA private decryption using C_DecryptInit and
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	832	* C_Decrypt pk11 APIs. Note that CKM_RSA_X_509 mechanism is used here.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	833	* The calling function allocated sufficient memory in "to" to store results.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	834	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	835	static int pk11_RSA_private_decrypt_low(int flen,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	836	const unsigned char from, unsigned char to, RSA *rsa)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	837	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	838	CK_ULONG bytes_decrypted = flen;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	839	int retval = -1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	840	CK_RV rv;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	841	CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	842	CK_MECHANISM *p_mech = &mech_rsa;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	843	CK_OBJECT_HANDLE h_priv_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	844	PK11_SESSION *sp;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	845
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	846	if ((sp = pk11_get_session(OP_RSA)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	847	return (-1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	848
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	849	(void) check_new_rsa_key_priv(sp, rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	850
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	851	h_priv_key = sp->opdata_rsa_priv_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	852	if (h_priv_key == CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	853	h_priv_key = sp->opdata_rsa_priv_key =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	854	pk11_get_private_rsa_key(rsa, &sp->opdata_rsa_priv,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	855	&sp->opdata_rsa_d_num, sp->session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	856
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	857	if (h_priv_key != CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	858	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	859	rv = pFuncList->C_DecryptInit(sp->session, p_mech,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	860	h_priv_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	861
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	862	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	863	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	864	PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	865	PK11_R_DECRYPTINIT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	866	pk11_return_session(sp, OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	867	return (-1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	868	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	869
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	870	rv = pFuncList->C_Decrypt(sp->session,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	871	(unsigned char *)from, flen, to, &bytes_decrypted);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	872
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	873	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	874	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	875	PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	876	PK11_R_DECRYPT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	877	pk11_return_session(sp, OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	878	return (-1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	879	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	880	retval = bytes_decrypted;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	881	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	882
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	883	pk11_return_session(sp, OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	884	return (retval);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	885	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	886
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	887
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	888	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	889	* This function implements RSA public decryption using C_VerifyRecoverInit
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	890	* and C_VerifyRecover pk11 APIs. Note that CKM_RSA_X_509 is used here.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	891	* The calling function allocated sufficient memory in "to" to store results.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	892	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	893	static int pk11_RSA_public_decrypt_low(int flen,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	894	const unsigned char from, unsigned char to, RSA *rsa)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	895	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	896	CK_ULONG bytes_decrypted = flen;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	897	int retval = -1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	898	CK_RV rv;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	899	CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	900	CK_MECHANISM *p_mech = &mech_rsa;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	901	CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	902	PK11_SESSION *sp;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	903
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	904	if ((sp = pk11_get_session(OP_RSA)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	905	return (-1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	906
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	907	(void) check_new_rsa_key_pub(sp, rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	908
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	909	h_pub_key = sp->opdata_rsa_pub_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	910	if (h_pub_key == CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	911	h_pub_key = sp->opdata_rsa_pub_key =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	912	pk11_get_public_rsa_key(rsa, &sp->opdata_rsa_pub,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	913	&sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	914	sp->session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	915
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	916	if (h_pub_key != CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	917	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	918	rv = pFuncList->C_VerifyRecoverInit(sp->session,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	919	p_mech, h_pub_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	920
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	921	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	922	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	923	PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	924	PK11_R_VERIFYRECOVERINIT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	925	pk11_return_session(sp, OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	926	return (-1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	927	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	928
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	929	rv = pFuncList->C_VerifyRecover(sp->session,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	930	(unsigned char *)from, flen, to, &bytes_decrypted);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	931
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	932	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	933	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	934	PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	935	PK11_R_VERIFYRECOVER, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	936	pk11_return_session(sp, OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	937	return (-1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	938	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	939	retval = bytes_decrypted;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	940	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	941
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	942	pk11_return_session(sp, OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	943	return (retval);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	944	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	945
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	946	static int pk11_RSA_init(RSA *rsa)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	947	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	948	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	949	* This flag in the RSA_METHOD enables the new rsa_sign,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	950	* rsa_verify functions. See rsa.h for details.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	951	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	952	rsa->flags \|= RSA_FLAG_SIGN_VER;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	953
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	954	return (1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	955	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	956
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	957	static int pk11_RSA_finish(RSA *rsa)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	958	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	959	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	960	* Since we are overloading OpenSSL's native RSA_eay_finish() we need
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	961	* to do the same as in the original function, i.e. to free bignum
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	962	* structures.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	963	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	964	if (rsa->_method_mod_n != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	965	BN_MONT_CTX_free(rsa->_method_mod_n);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	966	if (rsa->_method_mod_p != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	967	BN_MONT_CTX_free(rsa->_method_mod_p);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	968	if (rsa->_method_mod_q != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	969	BN_MONT_CTX_free(rsa->_method_mod_q);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	970
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	971	return (1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	972	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	973
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	974	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	975	* Standard engine interface function. Majority codes here are from
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	976	* rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	977	* See more details in rsa/rsa_sign.c
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	978	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	979	static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	980	unsigned char sigret, unsigned int siglen, const RSA *rsa)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	981	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	982	X509_SIG sig;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	983	ASN1_TYPE parameter;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	984	int i, j;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	985	unsigned char p, s = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	986	X509_ALGOR algor;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	987	ASN1_OCTET_STRING digest;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	988	CK_RV rv;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	989	CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	990	CK_MECHANISM *p_mech = &mech_rsa;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	991	CK_OBJECT_HANDLE h_priv_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	992	PK11_SESSION *sp = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	993	int ret = 0;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	994	unsigned long ulsiglen;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	995
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	996	/* Encode the digest */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	997	/* Special case: SSL signature, just check the length */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	998	if (type == NID_md5_sha1)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	999	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1000	if (m_len != SSL_SIG_LENGTH)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1001	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1002	PK11err(PK11_F_RSA_SIGN,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1003	PK11_R_INVALID_MESSAGE_LENGTH);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1004	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1005	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1006	i = SSL_SIG_LENGTH;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1007	s = (unsigned char *)m;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1008	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1009	else
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1010	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1011	sig.algor = &algor;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1012	sig.algor->algorithm = OBJ_nid2obj(type);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1013	if (sig.algor->algorithm == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1014	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1015	PK11err(PK11_F_RSA_SIGN,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1016	PK11_R_UNKNOWN_ALGORITHM_TYPE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1017	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1018	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1019	if (sig.algor->algorithm->length == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1020	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1021	PK11err(PK11_F_RSA_SIGN,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1022	PK11_R_UNKNOWN_ASN1_OBJECT_ID);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1023	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1024	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1025	parameter.type = V_ASN1_NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1026	parameter.value.ptr = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1027	sig.algor->parameter = &parameter;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1028
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1029	sig.digest = &digest;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1030	sig.digest->data = (unsigned char *)m;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1031	sig.digest->length = m_len;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1032
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1033	i = i2d_X509_SIG(&sig, NULL);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1034	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1035
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1036	j = RSA_size(rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1037	if ((i - RSA_PKCS1_PADDING) > j)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1038	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1039	PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1040	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1041	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1042
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1043	if (type != NID_md5_sha1)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1044	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1045	s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1046	if (s == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1047	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1048	PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1049	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1050	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1051	p = s;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1052	(void) i2d_X509_SIG(&sig, &p);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1053	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1054
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1055	if ((sp = pk11_get_session(OP_RSA)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1056	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1057
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1058	(void) check_new_rsa_key_priv(sp, rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1059
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1060	h_priv_key = sp->opdata_rsa_priv_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1061	if (h_priv_key == CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1062	h_priv_key = sp->opdata_rsa_priv_key =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1063	pk11_get_private_rsa_key((RSA *)rsa,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1064	&sp->opdata_rsa_priv,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1065	&sp->opdata_rsa_d_num, sp->session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1066
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1067	if (h_priv_key != CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1068	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1069	rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1070
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1071	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1072	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1073	PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1074	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1075	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1076
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1077	ulsiglen = j;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1078	rv = pFuncList->C_Sign(sp->session, s, i, sigret,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1079	(CK_ULONG_PTR) &ulsiglen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1080	*siglen = ulsiglen;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1081
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1082	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1083	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1084	PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1085	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1086	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1087	ret = 1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1088	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1089
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1090	err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1091	if (type != NID_md5_sha1)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1092	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1093	(void) memset(s, 0, (unsigned int)(j + 1));
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1094	OPENSSL_free(s);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1095	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1096
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1097	pk11_return_session(sp, OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1098	return (ret);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1099	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1100
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1101	static int pk11_RSA_verify(int type, const unsigned char *m,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1102	unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1103	const RSA *rsa)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1104	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1105	X509_SIG sig;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1106	ASN1_TYPE parameter;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1107	int i, j;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1108	unsigned char p, s = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1109	X509_ALGOR algor;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1110	ASN1_OCTET_STRING digest;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1111	CK_RV rv;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1112	CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1113	CK_MECHANISM *p_mech = &mech_rsa;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1114	CK_OBJECT_HANDLE h_pub_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1115	PK11_SESSION *sp = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1116	int ret = 0;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1117
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1118	/* Encode the digest */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1119	/* Special case: SSL signature, just check the length */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1120	if (type == NID_md5_sha1)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1121	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1122	if (m_len != SSL_SIG_LENGTH)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1123	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1124	PK11err(PK11_F_RSA_VERIFY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1125	PK11_R_INVALID_MESSAGE_LENGTH);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1126	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1127	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1128	i = SSL_SIG_LENGTH;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1129	s = (unsigned char *)m;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1130	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1131	else
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1132	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1133	sig.algor = &algor;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1134	sig.algor->algorithm = OBJ_nid2obj(type);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1135	if (sig.algor->algorithm == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1136	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1137	PK11err(PK11_F_RSA_VERIFY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1138	PK11_R_UNKNOWN_ALGORITHM_TYPE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1139	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1140	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1141	if (sig.algor->algorithm->length == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1142	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1143	PK11err(PK11_F_RSA_VERIFY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1144	PK11_R_UNKNOWN_ASN1_OBJECT_ID);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1145	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1146	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1147	parameter.type = V_ASN1_NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1148	parameter.value.ptr = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1149	sig.algor->parameter = &parameter;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1150	sig.digest = &digest;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1151	sig.digest->data = (unsigned char *)m;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1152	sig.digest->length = m_len;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1153	i = i2d_X509_SIG(&sig, NULL);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1154	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1155
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1156	j = RSA_size(rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1157	if ((i - RSA_PKCS1_PADDING) > j)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1158	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1159	PK11err(PK11_F_RSA_VERIFY, PK11_R_DIGEST_TOO_BIG);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1160	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1161	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1162
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1163	if (type != NID_md5_sha1)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1164	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1165	s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1));
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1166	if (s == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1167	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1168	PK11err(PK11_F_RSA_VERIFY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1169	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1170	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1171	p = s;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1172	(void) i2d_X509_SIG(&sig, &p);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1173	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1174
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1175	if ((sp = pk11_get_session(OP_RSA)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1176	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1177
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1178	(void) check_new_rsa_key_pub(sp, rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1179
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1180	h_pub_key = sp->opdata_rsa_pub_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1181	if (h_pub_key == CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1182	h_pub_key = sp->opdata_rsa_pub_key =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1183	pk11_get_public_rsa_key((RSA *)rsa, &sp->opdata_rsa_pub,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1184	&sp->opdata_rsa_n_num, &sp->opdata_rsa_e_num,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1185	sp->session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1186
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1187	if (h_pub_key != CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1188	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1189	rv = pFuncList->C_VerifyInit(sp->session, p_mech,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1190	h_pub_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1191
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1192	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1193	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1194	PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFYINIT,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1195	rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1196	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1197	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1198	rv = pFuncList->C_Verify(sp->session, s, i, sigbuf,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1199	(CK_ULONG)siglen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1200
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1201	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1202	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1203	PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFY, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1204	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1205	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1206	ret = 1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1207	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1208
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1209	err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1210	if (type != NID_md5_sha1)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1211	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1212	(void) memset(s, 0, (unsigned int)siglen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1213	OPENSSL_free(s);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1214	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1215
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1216	pk11_return_session(sp, OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1217	return (ret);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1218	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1219
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1220	/* load RSA private key from a file */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1221	/* ARGSUSED */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1222	EVP_PKEY pk11_load_privkey(ENGINE e, const char *privkey_file,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1223	UI_METHOD ui_method, void callback_data)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1224	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1225	EVP_PKEY *pkey = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1226	FILE *pubkey;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1227	CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1228	RSA *rsa;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1229	PK11_SESSION *sp;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1230
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1231	if ((sp = pk11_get_session(OP_RSA)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1232	return (NULL);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1233
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1234	if ((pubkey = fopen(privkey_file, read_mode_flags)) != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1235	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1236	pkey = PEM_read_PrivateKey(pubkey, NULL, NULL, NULL);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1237	(void) fclose(pubkey);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1238	if (pkey != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1239	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1240	rsa = EVP_PKEY_get1_RSA(pkey);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1241	if (rsa != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1242	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1243	(void) check_new_rsa_key_priv(sp, rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1244
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1245	h_priv_key = sp->opdata_rsa_priv_key =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1246	pk11_get_private_rsa_key(rsa,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1247	&sp->opdata_rsa_priv, &sp->opdata_rsa_d_num,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1248	sp->session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1249	if (h_priv_key == CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1250	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1251	EVP_PKEY_free(pkey);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1252	pkey = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1253	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1254	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1255	else
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1256	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1257	EVP_PKEY_free(pkey);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1258	pkey = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1259	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1260	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1261	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1262
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1263	pk11_return_session(sp, OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1264	return (pkey);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1265	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1266
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1267	/* load RSA public key from a file */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1268	/* ARGSUSED */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1269	EVP_PKEY pk11_load_pubkey(ENGINE e, const char *pubkey_file,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1270	UI_METHOD ui_method, void callback_data)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1271	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1272	EVP_PKEY *pkey = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1273	FILE *pubkey;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1274	CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1275	RSA *rsa;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1276	PK11_SESSION *sp;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1277
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1278	if ((sp = pk11_get_session(OP_RSA)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1279	return (NULL);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1280
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1281	if ((pubkey = fopen(pubkey_file, read_mode_flags)) != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1282	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1283	pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1284	(void) fclose(pubkey);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1285	if (pkey != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1286	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1287	rsa = EVP_PKEY_get1_RSA(pkey);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1288	if (rsa != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1289	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1290	(void) check_new_rsa_key_pub(sp, rsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1291
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1292	h_pub_key = sp->opdata_rsa_pub_key =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1293	pk11_get_public_rsa_key(rsa,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1294	&sp->opdata_rsa_pub, &sp->opdata_rsa_n_num,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1295	&sp->opdata_rsa_e_num, sp->session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1296	if (h_pub_key == CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1297	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1298	EVP_PKEY_free(pkey);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1299	pkey = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1300	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1301	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1302	else
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1303	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1304	EVP_PKEY_free(pkey);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1305	pkey = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1306	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1307	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1308	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1309
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1310	pk11_return_session(sp, OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1311	return (pkey);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1312	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1313
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1314	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1315	* Create a public key object in a session from a given rsa structure.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1316	* The rsa_n_num and rsa_e_num pointers are non-NULL for RSA public keys.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1317	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1318	static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1319	RSA key_ptr, BIGNUM rsa_n_num, BIGNUM **rsa_e_num,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1320	CK_SESSION_HANDLE session)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1321	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1322	CK_RV rv;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1323	CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1324	CK_ULONG found;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1325	CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1326	CK_KEY_TYPE k_type = CKK_RSA;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1327	CK_ULONG ul_key_attr_count = 7;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1328	CK_BBOOL rollback = FALSE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1329
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1330	CK_ATTRIBUTE a_key_template[] =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1331	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1332	{CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1333	{CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1334	{CKA_TOKEN, &false, sizeof (true)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1335	{CKA_ENCRYPT, &true, sizeof (true)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1336	{CKA_VERIFY_RECOVER, &true, sizeof (true)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1337	{CKA_MODULUS, (void *)NULL, 0},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1338	{CKA_PUBLIC_EXPONENT, (void *)NULL, 0}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1339	};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1340
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1341	int i;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1342
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1343	a_key_template[0].pValue = &o_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1344	a_key_template[1].pValue = &k_type;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1345
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1346	a_key_template[5].ulValueLen = BN_num_bytes(rsa->n);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1347	a_key_template[5].pValue = (CK_VOID_PTR)OPENSSL_malloc(
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1348	(size_t)a_key_template[5].ulValueLen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1349	if (a_key_template[5].pValue == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1350	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1351	PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1352	goto malloc_err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1353	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1354
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1355	BN_bn2bin(rsa->n, a_key_template[5].pValue);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1356
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1357	a_key_template[6].ulValueLen = BN_num_bytes(rsa->e);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1358	a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1359	(size_t)a_key_template[6].ulValueLen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1360	if (a_key_template[6].pValue == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1361	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1362	PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1363	goto malloc_err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1364	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1365
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1366	BN_bn2bin(rsa->e, a_key_template[6].pValue);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1367
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1368	/* see find_lock array definition for more info on object locking */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1369	LOCK_OBJSTORE(OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1370	rv = pFuncList->C_FindObjectsInit(session, a_key_template,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1371	ul_key_attr_count);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1372
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1373	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1374	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1375	PK11err_add_data(PK11_F_GET_PUB_RSA_KEY, PK11_R_FINDOBJECTSINIT,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1376	rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1377	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1378	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1379
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1380	rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1381
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1382	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1383	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1384	PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1385	PK11_R_FINDOBJECTS, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1386	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1387	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1388
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1389	rv = pFuncList->C_FindObjectsFinal(session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1390
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1391	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1392	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1393	PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1394	PK11_R_FINDOBJECTSFINAL, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1395	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1396	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1397
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1398	if (found == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1399	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1400	rv = pFuncList->C_CreateObject(session,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1401	a_key_template, ul_key_attr_count, &h_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1402	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1403	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1404	PK11err_add_data(PK11_F_GET_PUB_RSA_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1405	PK11_R_CREATEOBJECT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1406	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1407	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1408	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1409
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1410	if (rsa_n_num != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1411	if ((*rsa_n_num = BN_dup(rsa->n)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1412	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1413	PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1414	rollback = TRUE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1415	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1416	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1417	if (rsa_e_num != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1418	if ((*rsa_e_num = BN_dup(rsa->e)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1419	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1420	PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1421	BN_free(*rsa_n_num);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1422	*rsa_n_num = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1423	rollback = TRUE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1424	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1425	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1426
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1427	/* LINTED: E_CONSTANT_CONDITION */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1428	KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1429	if (key_ptr != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1430	*key_ptr = rsa;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1431
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1432	err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1433	if (rollback)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1434	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1435	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1436	* We do not care about the return value from C_DestroyObject()
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1437	* since we are doing rollback.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1438	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1439	if (found == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1440	(void) pFuncList->C_DestroyObject(session, h_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1441	h_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1442	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1443
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1444	UNLOCK_OBJSTORE(OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1445
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1446	malloc_err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1447	for (i = 5; i <= 6; i++)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1448	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1449	if (a_key_template[i].pValue != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1450	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1451	OPENSSL_free(a_key_template[i].pValue);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1452	a_key_template[i].pValue = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1453	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1454	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1455
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1456	return (h_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1457	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1458
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1459	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1460	* Create a private key object in the session from a given rsa structure.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1461	* The *rsa_d_num pointer is non-NULL for RSA private keys.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1462	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1463	static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1464	RSA key_ptr, BIGNUM rsa_d_num, CK_SESSION_HANDLE session)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1465	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1466	CK_RV rv;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1467	CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1468	int i;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1469	CK_ULONG found;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1470	CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1471	CK_KEY_TYPE k_type = CKK_RSA;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1472	CK_ULONG ul_key_attr_count = 14;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1473	CK_BBOOL rollback = FALSE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1474
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1475	/* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1476	CK_ATTRIBUTE a_key_template[] =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1477	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1478	{CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1479	{CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1480	{CKA_TOKEN, &false, sizeof (true)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1481	{CKA_SENSITIVE, &false, sizeof (true)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1482	{CKA_DECRYPT, &true, sizeof (true)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1483	{CKA_SIGN, &true, sizeof (true)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1484	{CKA_MODULUS, (void *)NULL, 0},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1485	{CKA_PUBLIC_EXPONENT, (void *)NULL, 0},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1486	{CKA_PRIVATE_EXPONENT, (void *)NULL, 0},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1487	{CKA_PRIME_1, (void *)NULL, 0},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1488	{CKA_PRIME_2, (void *)NULL, 0},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1489	{CKA_EXPONENT_1, (void *)NULL, 0},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1490	{CKA_EXPONENT_2, (void *)NULL, 0},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1491	{CKA_COEFFICIENT, (void *)NULL, 0}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1492	};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1493
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1494	a_key_template[0].pValue = &o_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1495	a_key_template[1].pValue = &k_type;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1496
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1497	/* Put the private key components into the template */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1498	if (init_template_value(rsa->n, &a_key_template[6].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1499	&a_key_template[6].ulValueLen) == 0 \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1500	init_template_value(rsa->e, &a_key_template[7].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1501	&a_key_template[7].ulValueLen) == 0 \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1502	init_template_value(rsa->d, &a_key_template[8].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1503	&a_key_template[8].ulValueLen) == 0 \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1504	init_template_value(rsa->p, &a_key_template[9].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1505	&a_key_template[9].ulValueLen) == 0 \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1506	init_template_value(rsa->q, &a_key_template[10].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1507	&a_key_template[10].ulValueLen) == 0 \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1508	init_template_value(rsa->dmp1, &a_key_template[11].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1509	&a_key_template[11].ulValueLen) == 0 \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1510	init_template_value(rsa->dmq1, &a_key_template[12].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1511	&a_key_template[12].ulValueLen) == 0 \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1512	init_template_value(rsa->iqmp, &a_key_template[13].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1513	&a_key_template[13].ulValueLen) == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1514	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1515	PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1516	goto malloc_err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1517	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1518
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1519	/* see find_lock array definition for more info on object locking */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1520	LOCK_OBJSTORE(OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1521	rv = pFuncList->C_FindObjectsInit(session, a_key_template,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1522	ul_key_attr_count);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1523
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1524	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1525	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1526	PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1527	PK11_R_FINDOBJECTSINIT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1528	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1529	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1530
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1531	rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1532
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1533	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1534	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1535	PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1536	PK11_R_FINDOBJECTS, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1537	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1538	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1539
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1540	rv = pFuncList->C_FindObjectsFinal(session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1541
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1542	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1543	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1544	PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1545	PK11_R_FINDOBJECTSFINAL, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1546	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1547	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1548
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1549	if (found == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1550	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1551	rv = pFuncList->C_CreateObject(session,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1552	a_key_template, ul_key_attr_count, &h_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1553	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1554	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1555	PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1556	PK11_R_CREATEOBJECT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1557	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1558	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1559	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1560
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1561	if (rsa_d_num != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1562	if ((*rsa_d_num = BN_dup(rsa->d)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1563	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1564	PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1565	rollback = TRUE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1566	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1567	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1568
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1569	/* LINTED: E_CONSTANT_CONDITION */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1570	KEY_HANDLE_REFHOLD(h_key, OP_RSA, FALSE, rollback, err);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1571	if (key_ptr != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1572	*key_ptr = rsa;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1573
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1574	err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1575	if (rollback)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1576	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1577	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1578	* We do not care about the return value from C_DestroyObject()
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1579	* since we are doing rollback.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1580	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1581	if (found == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1582	(void) pFuncList->C_DestroyObject(session, h_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1583	h_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1584	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1585
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1586	UNLOCK_OBJSTORE(OP_RSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1587
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1588	malloc_err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1589	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1590	* 6 to 13 entries in the key template are key components.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1591	* They need to be freed apon exit or error.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1592	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1593	for (i = 6; i <= 13; i++)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1594	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1595	if (a_key_template[i].pValue != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1596	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1597	(void) memset(a_key_template[i].pValue, 0,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1598	a_key_template[i].ulValueLen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1599	OPENSSL_free(a_key_template[i].pValue);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1600	a_key_template[i].pValue = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1601	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1602	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1603
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1604	return (h_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1605	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1606
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1607	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1608	* Check for cache miss and clean the object pointer and handle
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1609	* in such case. Return 1 for cache hit, 0 for cache miss.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1610	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1611	static int check_new_rsa_key_pub(PK11_SESSION sp, const RSA rsa)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1612	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1613	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1614	* Provide protection against RSA structure reuse by making the
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1615	* check for cache hit stronger. Only public components of RSA
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1616	* key matter here so it is sufficient to compare them with values
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1617	* cached in PK11_SESSION structure.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1618	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1619	if ((sp->opdata_rsa_pub != rsa) \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1620	(BN_cmp(sp->opdata_rsa_n_num, rsa->n) != 0) \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1621	(BN_cmp(sp->opdata_rsa_e_num, rsa->e) != 0))
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1622	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1623	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1624	* We do not check the return value because even in case of
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1625	* failure the sp structure will have both key pointer
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1626	* and object handle cleaned and pk11_destroy_object()
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1627	* reports the failure to the OpenSSL error message buffer.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1628	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1629	(void) pk11_destroy_rsa_object_pub(sp, TRUE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1630	return (0);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1631	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1632	return (1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1633	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1634
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1635	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1636	* Check for cache miss and clean the object pointer and handle
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1637	* in such case. Return 1 for cache hit, 0 for cache miss.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1638	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1639	static int check_new_rsa_key_priv(PK11_SESSION sp, const RSA rsa)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1640	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1641	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1642	* Provide protection against RSA structure reuse by making the
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1643	* check for cache hit stronger. Comparing private exponent of RSA
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1644	* key with value cached in PK11_SESSION structure should
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1645	* be sufficient.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1646	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1647	if ((sp->opdata_rsa_priv != rsa) \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1648	(BN_cmp(sp->opdata_rsa_d_num, rsa->d) != 0))
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1649	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1650	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1651	* We do not check the return value because even in case of
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1652	* failure the sp structure will have both key pointer
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1653	* and object handle cleaned and pk11_destroy_object()
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1654	* reports the failure to the OpenSSL error message buffer.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1655	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1656	(void) pk11_destroy_rsa_object_priv(sp, TRUE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1657	return (0);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1658	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1659	return (1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1660	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1661	#endif
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1662
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1663	#ifndef OPENSSL_NO_DSA
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1664	/* The DSA function implementation */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1665	/* ARGSUSED */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1666	static int pk11_DSA_init(DSA *dsa)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1667	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1668	return (1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1669	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1670
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1671	/* ARGSUSED */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1672	static int pk11_DSA_finish(DSA *dsa)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1673	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1674	return (1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1675	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1676
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1677
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1678	static DSA_SIG *
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1679	pk11_dsa_do_sign(const unsigned char dgst, int dlen, DSA dsa)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1680	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1681	BIGNUM r = NULL, s = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1682	int i;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1683	DSA_SIG *dsa_sig = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1684
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1685	CK_RV rv;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1686	CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1687	CK_MECHANISM *p_mech = &Mechanism_dsa;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1688	CK_OBJECT_HANDLE h_priv_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1689
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1690	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1691	* The signature is the concatenation of r and s,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1692	* each is 20 bytes long
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1693	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1694	unsigned char sigret[DSA_SIGNATURE_LEN];
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1695	unsigned long siglen = DSA_SIGNATURE_LEN;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1696	unsigned int siglen2 = DSA_SIGNATURE_LEN / 2;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1697
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1698	PK11_SESSION *sp = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1699
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1700	if ((dsa->p == NULL) \|\| (dsa->q == NULL) \|\| (dsa->g == NULL))
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1701	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1702	PK11err(PK11_F_DSA_SIGN, PK11_R_MISSING_KEY_COMPONENT);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1703	goto ret;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1704	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1705
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1706	i = BN_num_bytes(dsa->q); /* should be 20 */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1707	if (dlen > i)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1708	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1709	PK11err(PK11_F_DSA_SIGN, PK11_R_INVALID_SIGNATURE_LENGTH);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1710	goto ret;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1711	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1712
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1713	if ((sp = pk11_get_session(OP_DSA)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1714	goto ret;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1715
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1716	(void) check_new_dsa_key_priv(sp, dsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1717
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1718	h_priv_key = sp->opdata_dsa_priv_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1719	if (h_priv_key == CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1720	h_priv_key = sp->opdata_dsa_priv_key =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1721	pk11_get_private_dsa_key((DSA *)dsa,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1722	&sp->opdata_dsa_priv,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1723	&sp->opdata_dsa_priv_num, sp->session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1724
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1725	if (h_priv_key != CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1726	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1727	rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1728
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1729	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1730	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1731	PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGNINIT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1732	goto ret;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1733	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1734
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1735	(void) memset(sigret, 0, siglen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1736	rv = pFuncList->C_Sign(sp->session,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1737	(unsigned char *) dgst, dlen, sigret,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1738	(CK_ULONG_PTR) &siglen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1739
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1740	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1741	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1742	PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGN, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1743	goto ret;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1744	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1745	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1746
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1747
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1748	if ((s = BN_new()) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1749	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1750	PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1751	goto ret;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1752	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1753
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1754	if ((r = BN_new()) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1755	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1756	PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1757	goto ret;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1758	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1759
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1760	if ((dsa_sig = DSA_SIG_new()) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1761	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1762	PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1763	goto ret;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1764	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1765
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1766	if (BN_bin2bn(sigret, siglen2, r) == NULL \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1767	BN_bin2bn(&sigret[siglen2], siglen2, s) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1768	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1769	PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1770	goto ret;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1771	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1772
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1773	dsa_sig->r = r;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1774	dsa_sig->s = s;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1775
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1776	ret:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1777	if (dsa_sig == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1778	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1779	if (r != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1780	BN_free(r);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1781	if (s != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1782	BN_free(s);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1783	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1784
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1785	pk11_return_session(sp, OP_DSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1786	return (dsa_sig);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1787	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1788
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1789	static int
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1790	pk11_dsa_do_verify(const unsigned char dgst, int dlen, DSA_SIG sig,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1791	DSA *dsa)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1792	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1793	int i;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1794	CK_RV rv;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1795	int retval = 0;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1796	CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1797	CK_MECHANISM *p_mech = &Mechanism_dsa;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1798	CK_OBJECT_HANDLE h_pub_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1799
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1800	unsigned char sigbuf[DSA_SIGNATURE_LEN];
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1801	unsigned long siglen = DSA_SIGNATURE_LEN;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1802	unsigned long siglen2 = DSA_SIGNATURE_LEN/2;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1803
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1804	PK11_SESSION *sp = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1805
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1806	if (BN_is_zero(sig->r) \|\| sig->r->neg \|\| BN_ucmp(sig->r, dsa->q) >= 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1807	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1808	PK11err(PK11_F_DSA_VERIFY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1809	PK11_R_INVALID_DSA_SIGNATURE_R);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1810	goto ret;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1811	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1812
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1813	if (BN_is_zero(sig->s) \|\| sig->s->neg \|\| BN_ucmp(sig->s, dsa->q) >= 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1814	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1815	PK11err(PK11_F_DSA_VERIFY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1816	PK11_R_INVALID_DSA_SIGNATURE_S);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1817	goto ret;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1818	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1819
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1820	i = BN_num_bytes(dsa->q); /* should be 20 */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1821
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1822	if (dlen > i)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1823	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1824	PK11err(PK11_F_DSA_VERIFY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1825	PK11_R_INVALID_SIGNATURE_LENGTH);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1826	goto ret;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1827	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1828
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1829	if ((sp = pk11_get_session(OP_DSA)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1830	goto ret;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1831
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1832	(void) check_new_dsa_key_pub(sp, dsa);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1833
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1834	h_pub_key = sp->opdata_dsa_pub_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1835	if (h_pub_key == CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1836	h_pub_key = sp->opdata_dsa_pub_key =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1837	pk11_get_public_dsa_key((DSA *)dsa, &sp->opdata_dsa_pub,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1838	&sp->opdata_dsa_pub_num, sp->session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1839
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1840	if (h_pub_key != CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1841	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1842	rv = pFuncList->C_VerifyInit(sp->session, p_mech,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1843	h_pub_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1844
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1845	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1846	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1847	PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFYINIT,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1848	rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1849	goto ret;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1850	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1851
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1852	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1853	* The representation of each of the two big numbers could
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1854	* be shorter than DSA_SIGNATURE_LEN/2 bytes so we need
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1855	* to act accordingly and shift if necessary.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1856	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1857	(void) memset(sigbuf, 0, siglen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1858	BN_bn2bin(sig->r, sigbuf + siglen2 - BN_num_bytes(sig->r));
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1859	BN_bn2bin(sig->s, &sigbuf[siglen2] + siglen2 -
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1860	BN_num_bytes(sig->s));
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1861
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1862	rv = pFuncList->C_Verify(sp->session,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1863	(unsigned char *) dgst, dlen, sigbuf, (CK_ULONG)siglen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1864
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1865	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1866	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1867	PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFY, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1868	goto ret;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1869	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1870	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1871
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1872	retval = 1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1873	ret:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1874
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1875	pk11_return_session(sp, OP_DSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1876	return (retval);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1877	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1878
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1879
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1880	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1881	* Create a public key object in a session from a given dsa structure.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1882	* The *dsa_pub_num pointer is non-NULL for DSA public keys.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1883	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1884	static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1885	DSA key_ptr, BIGNUM dsa_pub_num, CK_SESSION_HANDLE session)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1886	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1887	CK_RV rv;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1888	CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1889	CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1890	CK_ULONG found;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1891	CK_KEY_TYPE k_type = CKK_DSA;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1892	CK_ULONG ul_key_attr_count = 8;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1893	CK_BBOOL rollback = FALSE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1894	int i;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1895
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1896	CK_ATTRIBUTE a_key_template[] =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1897	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1898	{CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1899	{CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1900	{CKA_TOKEN, &false, sizeof (true)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1901	{CKA_VERIFY, &true, sizeof (true)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1902	{CKA_PRIME, (void )NULL, 0}, / p */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1903	{CKA_SUBPRIME, (void )NULL, 0}, / q */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1904	{CKA_BASE, (void )NULL, 0}, / g */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1905	{CKA_VALUE, (void )NULL, 0} / pub_key - y */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1906	};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1907
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1908	a_key_template[0].pValue = &o_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1909	a_key_template[1].pValue = &k_type;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1910
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1911	if (init_template_value(dsa->p, &a_key_template[4].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1912	&a_key_template[4].ulValueLen) == 0 \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1913	init_template_value(dsa->q, &a_key_template[5].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1914	&a_key_template[5].ulValueLen) == 0 \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1915	init_template_value(dsa->g, &a_key_template[6].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1916	&a_key_template[6].ulValueLen) == 0 \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1917	init_template_value(dsa->pub_key, &a_key_template[7].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1918	&a_key_template[7].ulValueLen) == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1919	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1920	PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1921	goto malloc_err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1922	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1923
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1924	/* see find_lock array definition for more info on object locking */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1925	LOCK_OBJSTORE(OP_DSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1926	rv = pFuncList->C_FindObjectsInit(session, a_key_template,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1927	ul_key_attr_count);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1928
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1929	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1930	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1931	PK11err_add_data(PK11_F_GET_PUB_DSA_KEY, PK11_R_FINDOBJECTSINIT,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1932	rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1933	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1934	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1935
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1936	rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1937
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1938	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1939	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1940	PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1941	PK11_R_FINDOBJECTS, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1942	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1943	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1944
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1945	rv = pFuncList->C_FindObjectsFinal(session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1946
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1947	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1948	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1949	PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1950	PK11_R_FINDOBJECTSFINAL, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1951	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1952	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1953
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1954	if (found == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1955	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1956	rv = pFuncList->C_CreateObject(session,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1957	a_key_template, ul_key_attr_count, &h_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1958	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1959	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1960	PK11err_add_data(PK11_F_GET_PUB_DSA_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1961	PK11_R_CREATEOBJECT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1962	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1963	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1964	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1965
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1966	if (dsa_pub_num != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1967	if ((*dsa_pub_num = BN_dup(dsa->pub_key)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1968	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1969	PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1970	rollback = TRUE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1971	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1972	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1973
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1974	/* LINTED: E_CONSTANT_CONDITION */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1975	KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1976	if (key_ptr != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1977	*key_ptr = dsa;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1978
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1979	err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1980	if (rollback)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1981	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1982	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1983	* We do not care about the return value from C_DestroyObject()
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1984	* since we are doing rollback.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1985	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1986	if (found == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1987	(void) pFuncList->C_DestroyObject(session, h_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1988	h_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1989	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1990
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1991	UNLOCK_OBJSTORE(OP_DSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1992
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1993	malloc_err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1994	for (i = 4; i <= 7; i++)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1995	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1996	if (a_key_template[i].pValue != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1997	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1998	OPENSSL_free(a_key_template[i].pValue);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	1999	a_key_template[i].pValue = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2000	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2001	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2002
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2003	return (h_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2004	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2005
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2006	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2007	* Create a private key object in the session from a given dsa structure
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2008	* The *dsa_priv_num pointer is non-NULL for DSA private keys.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2009	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2010	static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2011	DSA key_ptr, BIGNUM dsa_priv_num, CK_SESSION_HANDLE session)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2012	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2013	CK_RV rv;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2014	CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2015	CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2016	int i;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2017	CK_ULONG found;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2018	CK_KEY_TYPE k_type = CKK_DSA;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2019	CK_ULONG ul_key_attr_count = 9;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2020	CK_BBOOL rollback = FALSE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2021
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2022	/* Both CKA_TOKEN and CKA_SENSITIVE have to be FALSE for session keys */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2023	CK_ATTRIBUTE a_key_template[] =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2024	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2025	{CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2026	{CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2027	{CKA_TOKEN, &false, sizeof (true)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2028	{CKA_SENSITIVE, &false, sizeof (true)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2029	{CKA_SIGN, &true, sizeof (true)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2030	{CKA_PRIME, (void )NULL, 0}, / p */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2031	{CKA_SUBPRIME, (void )NULL, 0}, / q */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2032	{CKA_BASE, (void )NULL, 0}, / g */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2033	{CKA_VALUE, (void )NULL, 0} / priv_key - x */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2034	};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2035
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2036	a_key_template[0].pValue = &o_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2037	a_key_template[1].pValue = &k_type;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2038
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2039	/* Put the private key components into the template */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2040	if (init_template_value(dsa->p, &a_key_template[5].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2041	&a_key_template[5].ulValueLen) == 0 \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2042	init_template_value(dsa->q, &a_key_template[6].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2043	&a_key_template[6].ulValueLen) == 0 \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2044	init_template_value(dsa->g, &a_key_template[7].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2045	&a_key_template[7].ulValueLen) == 0 \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2046	init_template_value(dsa->priv_key, &a_key_template[8].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2047	&a_key_template[8].ulValueLen) == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2048	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2049	PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2050	goto malloc_err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2051	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2052
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2053	/* see find_lock array definition for more info on object locking */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2054	LOCK_OBJSTORE(OP_DSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2055	rv = pFuncList->C_FindObjectsInit(session, a_key_template,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2056	ul_key_attr_count);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2057
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2058	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2059	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2060	PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2061	PK11_R_FINDOBJECTSINIT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2062	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2063	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2064
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2065	rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2066
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2067	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2068	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2069	PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2070	PK11_R_FINDOBJECTS, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2071	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2072	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2073
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2074	rv = pFuncList->C_FindObjectsFinal(session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2075
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2076	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2077	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2078	PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2079	PK11_R_FINDOBJECTSFINAL, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2080	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2081	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2082
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2083	if (found == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2084	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2085	rv = pFuncList->C_CreateObject(session,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2086	a_key_template, ul_key_attr_count, &h_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2087	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2088	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2089	PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2090	PK11_R_CREATEOBJECT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2091	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2092	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2093	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2094
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2095	if (dsa_priv_num != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2096	if ((*dsa_priv_num = BN_dup(dsa->priv_key)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2097	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2098	PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2099	rollback = TRUE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2100	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2101	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2102
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2103	/* LINTED: E_CONSTANT_CONDITION */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2104	KEY_HANDLE_REFHOLD(h_key, OP_DSA, FALSE, rollback, err);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2105	if (key_ptr != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2106	*key_ptr = dsa;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2107
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2108	err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2109	if (rollback)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2110	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2111	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2112	* We do not care about the return value from C_DestroyObject()
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2113	* since we are doing rollback.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2114	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2115	if (found == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2116	(void) pFuncList->C_DestroyObject(session, h_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2117	h_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2118	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2119
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2120	UNLOCK_OBJSTORE(OP_DSA);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2121
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2122	malloc_err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2123	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2124	* 5 to 8 entries in the key template are key components.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2125	* They need to be freed apon exit or error.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2126	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2127	for (i = 5; i <= 8; i++)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2128	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2129	if (a_key_template[i].pValue != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2130	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2131	(void) memset(a_key_template[i].pValue, 0,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2132	a_key_template[i].ulValueLen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2133	OPENSSL_free(a_key_template[i].pValue);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2134	a_key_template[i].pValue = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2135	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2136	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2137
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2138	return (h_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2139	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2140
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2141	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2142	* Check for cache miss and clean the object pointer and handle
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2143	* in such case. Return 1 for cache hit, 0 for cache miss.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2144	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2145	static int check_new_dsa_key_pub(PK11_SESSION sp, DSA dsa)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2146	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2147	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2148	* Provide protection against DSA structure reuse by making the
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2149	* check for cache hit stronger. Only public key component of DSA
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2150	* key matters here so it is sufficient to compare it with value
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2151	* cached in PK11_SESSION structure.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2152	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2153	if ((sp->opdata_dsa_pub != dsa) \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2154	(BN_cmp(sp->opdata_dsa_pub_num, dsa->pub_key) != 0))
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2155	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2156	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2157	* We do not check the return value because even in case of
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2158	* failure the sp structure will have both key pointer
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2159	* and object handle cleaned and pk11_destroy_object()
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2160	* reports the failure to the OpenSSL error message buffer.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2161	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2162	(void) pk11_destroy_dsa_object_pub(sp, TRUE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2163	return (0);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2164	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2165	return (1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2166	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2167
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2168	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2169	* Check for cache miss and clean the object pointer and handle
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2170	* in such case. Return 1 for cache hit, 0 for cache miss.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2171	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2172	static int check_new_dsa_key_priv(PK11_SESSION sp, DSA dsa)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2173	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2174	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2175	* Provide protection against DSA structure reuse by making the
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2176	* check for cache hit stronger. Only private key component of DSA
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2177	* key matters here so it is sufficient to compare it with value
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2178	* cached in PK11_SESSION structure.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2179	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2180	if ((sp->opdata_dsa_priv != dsa) \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2181	(BN_cmp(sp->opdata_dsa_priv_num, dsa->priv_key) != 0))
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2182	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2183	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2184	* We do not check the return value because even in case of
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2185	* failure the sp structure will have both key pointer
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2186	* and object handle cleaned and pk11_destroy_object()
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2187	* reports the failure to the OpenSSL error message buffer.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2188	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2189	(void) pk11_destroy_dsa_object_priv(sp, TRUE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2190	return (0);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2191	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2192	return (1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2193	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2194	#endif
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2195
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2196
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2197	#ifndef OPENSSL_NO_DH
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2198	/* The DH function implementation */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2199	/* ARGSUSED */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2200	static int pk11_DH_init(DH *dh)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2201	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2202	return (1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2203	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2204
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2205	/* ARGSUSED */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2206	static int pk11_DH_finish(DH *dh)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2207	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2208	return (1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2209	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2210
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2211	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2212	* Generate DH key-pair.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2213	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2214	* Warning: Unlike OpenSSL's DH_generate_key(3) we ignore dh->priv_key
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2215	* and override it even if it is set. OpenSSL does not touch dh->priv_key
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2216	* if set and just computes dh->pub_key. It looks like PKCS#11 standard
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2217	* is not capable of providing this functionality. This could be a problem
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2218	* for applications relying on OpenSSL's semantics.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2219	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2220	static int pk11_DH_generate_key(DH *dh)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2221	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2222	CK_ULONG i;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2223	CK_RV rv, rv1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2224	int reuse_mem_len = 0, ret = 0;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2225	PK11_SESSION *sp = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2226	CK_BYTE_PTR reuse_mem;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2227
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2228	CK_MECHANISM mechanism = {CKM_DH_PKCS_KEY_PAIR_GEN, NULL_PTR, 0};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2229	CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2230	CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2231
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2232	CK_ULONG ul_pub_key_attr_count = 3;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2233	CK_ATTRIBUTE pub_key_template[] =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2234	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2235	{CKA_PRIVATE, &false, sizeof (false)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2236	{CKA_PRIME, (void *)NULL, 0},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2237	{CKA_BASE, (void *)NULL, 0}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2238	};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2239
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2240	CK_ULONG ul_priv_key_attr_count = 3;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2241	CK_ATTRIBUTE priv_key_template[] =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2242	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2243	{CKA_PRIVATE, &false, sizeof (false)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2244	{CKA_SENSITIVE, &false, sizeof (false)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2245	{CKA_DERIVE, &true, sizeof (true)}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2246	};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2247
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2248	CK_ULONG pub_key_attr_result_count = 1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2249	CK_ATTRIBUTE pub_key_result[] =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2250	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2251	{CKA_VALUE, (void *)NULL, 0}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2252	};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2253
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2254	CK_ULONG priv_key_attr_result_count = 1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2255	CK_ATTRIBUTE priv_key_result[] =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2256	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2257	{CKA_VALUE, (void *)NULL, 0}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2258	};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2259
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2260	pub_key_template[1].ulValueLen = BN_num_bytes(dh->p);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2261	if (pub_key_template[1].ulValueLen > 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2262	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2263	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2264	* We must not increase ulValueLen by DH_BUF_RESERVE since that
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2265	* could cause the same rounding problem. See definition of
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2266	* DH_BUF_RESERVE above.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2267	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2268	pub_key_template[1].pValue =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2269	OPENSSL_malloc(pub_key_template[1].ulValueLen +
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2270	DH_BUF_RESERVE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2271	if (pub_key_template[1].pValue == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2272	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2273	PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2274	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2275	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2276
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2277	i = BN_bn2bin(dh->p, pub_key_template[1].pValue);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2278	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2279	else
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2280	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2281
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2282	pub_key_template[2].ulValueLen = BN_num_bytes(dh->g);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2283	if (pub_key_template[2].ulValueLen > 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2284	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2285	pub_key_template[2].pValue =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2286	OPENSSL_malloc(pub_key_template[2].ulValueLen +
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2287	DH_BUF_RESERVE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2288	if (pub_key_template[2].pValue == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2289	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2290	PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2291	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2292	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2293
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2294	i = BN_bn2bin(dh->g, pub_key_template[2].pValue);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2295	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2296	else
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2297	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2298
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2299	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2300	* Note: we are only using PK11_SESSION structure for getting
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2301	* a session handle. The objects created in this function are
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2302	* destroyed before return and thus not cached.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2303	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2304	if ((sp = pk11_get_session(OP_DH)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2305	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2306
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2307	rv = pFuncList->C_GenerateKeyPair(sp->session,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2308	&mechanism,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2309	pub_key_template,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2310	ul_pub_key_attr_count,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2311	priv_key_template,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2312	ul_priv_key_attr_count,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2313	&h_pub_key,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2314	&h_priv_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2315	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2316	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2317	PK11err_add_data(PK11_F_DH_GEN_KEY, PK11_R_GEN_KEY, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2318	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2319	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2320
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2321	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2322	* Reuse the larger memory allocated. We know the larger memory
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2323	* should be sufficient for reuse.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2324	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2325	if (pub_key_template[1].ulValueLen > pub_key_template[2].ulValueLen)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2326	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2327	reuse_mem = pub_key_template[1].pValue;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2328	reuse_mem_len = pub_key_template[1].ulValueLen + DH_BUF_RESERVE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2329	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2330	else
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2331	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2332	reuse_mem = pub_key_template[2].pValue;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2333	reuse_mem_len = pub_key_template[2].ulValueLen + DH_BUF_RESERVE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2334	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2335
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2336	rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2337	pub_key_result, pub_key_attr_result_count);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2338	rv1 = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2339	priv_key_result, priv_key_attr_result_count);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2340
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2341	if (rv != CKR_OK \|\| rv1 != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2342	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2343	rv = (rv != CKR_OK) ? rv : rv1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2344	PK11err_add_data(PK11_F_DH_GEN_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2345	PK11_R_GETATTRIBUTVALUE, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2346	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2347	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2348
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2349	if (((CK_LONG) pub_key_result[0].ulValueLen) <= 0 \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2350	((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2351	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2352	PK11err(PK11_F_DH_GEN_KEY, PK11_R_GETATTRIBUTVALUE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2353	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2354	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2355
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2356	/* Reuse the memory allocated */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2357	pub_key_result[0].pValue = reuse_mem;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2358	pub_key_result[0].ulValueLen = reuse_mem_len;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2359
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2360	rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2361	pub_key_result, pub_key_attr_result_count);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2362
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2363	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2364	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2365	PK11err_add_data(PK11_F_DH_GEN_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2366	PK11_R_GETATTRIBUTVALUE, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2367	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2368	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2369
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2370	if (pub_key_result[0].type == CKA_VALUE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2371	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2372	if (dh->pub_key == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2373	if ((dh->pub_key = BN_new()) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2374	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2375	PK11err(PK11_F_DH_GEN_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2376	PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2377	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2378	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2379	dh->pub_key = BN_bin2bn(pub_key_result[0].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2380	pub_key_result[0].ulValueLen, dh->pub_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2381	if (dh->pub_key == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2382	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2383	PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2384	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2385	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2386	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2387
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2388	/* Reuse the memory allocated */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2389	priv_key_result[0].pValue = reuse_mem;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2390	priv_key_result[0].ulValueLen = reuse_mem_len;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2391
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2392	rv = pFuncList->C_GetAttributeValue(sp->session, h_priv_key,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2393	priv_key_result, priv_key_attr_result_count);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2394
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2395	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2396	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2397	PK11err_add_data(PK11_F_DH_GEN_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2398	PK11_R_GETATTRIBUTVALUE, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2399	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2400	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2401
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2402	if (priv_key_result[0].type == CKA_VALUE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2403	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2404	if (dh->priv_key == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2405	if ((dh->priv_key = BN_new()) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2406	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2407	PK11err(PK11_F_DH_GEN_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2408	PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2409	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2410	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2411	dh->priv_key = BN_bin2bn(priv_key_result[0].pValue,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2412	priv_key_result[0].ulValueLen, dh->priv_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2413	if (dh->priv_key == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2414	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2415	PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2416	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2417	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2418	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2419
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2420	ret = 1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2421
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2422	err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2423
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2424	if (h_pub_key != CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2425	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2426	rv = pFuncList->C_DestroyObject(sp->session, h_pub_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2427	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2428	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2429	PK11err_add_data(PK11_F_DH_GEN_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2430	PK11_R_DESTROYOBJECT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2431	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2432	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2433
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2434	if (h_priv_key != CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2435	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2436	rv = pFuncList->C_DestroyObject(sp->session, h_priv_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2437	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2438	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2439	PK11err_add_data(PK11_F_DH_GEN_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2440	PK11_R_DESTROYOBJECT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2441	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2442	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2443
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2444	for (i = 1; i <= 2; i++)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2445	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2446	if (pub_key_template[i].pValue != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2447	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2448	OPENSSL_free(pub_key_template[i].pValue);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2449	pub_key_template[i].pValue = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2450	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2451	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2452
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2453	pk11_return_session(sp, OP_DH);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2454	return (ret);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2455	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2456
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2457	static int pk11_DH_compute_key(unsigned char key, const BIGNUM pub_key,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2458	DH *dh)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2459	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2460	int i;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2461	CK_MECHANISM mechanism = {CKM_DH_PKCS_DERIVE, NULL_PTR, 0};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2462	CK_OBJECT_CLASS key_class = CKO_SECRET_KEY;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2463	CK_KEY_TYPE key_type = CKK_GENERIC_SECRET;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2464	CK_OBJECT_HANDLE h_derived_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2465	CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2466
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2467	CK_ULONG ul_priv_key_attr_count = 2;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2468	CK_ATTRIBUTE priv_key_template[] =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2469	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2470	{CKA_CLASS, (void*) NULL, sizeof (key_class)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2471	{CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2472	};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2473
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2474	CK_ULONG priv_key_attr_result_count = 1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2475	CK_ATTRIBUTE priv_key_result[] =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2476	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2477	{CKA_VALUE, (void *)NULL, 0}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2478	};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2479
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2480	CK_RV rv;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2481	int ret = -1;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2482	PK11_SESSION *sp = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2483
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2484	if (dh->priv_key == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2485	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2486
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2487	priv_key_template[0].pValue = &key_class;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2488	priv_key_template[1].pValue = &key_type;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2489
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2490	if ((sp = pk11_get_session(OP_DH)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2491	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2492
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2493	mechanism.ulParameterLen = BN_num_bytes(pub_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2494	mechanism.pParameter = OPENSSL_malloc(mechanism.ulParameterLen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2495	if (mechanism.pParameter == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2496	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2497	PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2498	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2499	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2500	BN_bn2bin(pub_key, mechanism.pParameter);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2501
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2502	(void) check_new_dh_key(sp, dh);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2503
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2504	h_key = sp->opdata_dh_key;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2505	if (h_key == CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2506	h_key = sp->opdata_dh_key =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2507	pk11_get_dh_key((DH*) dh, &sp->opdata_dh,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2508	&sp->opdata_dh_priv_num, sp->session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2509
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2510	if (h_key == CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2511	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2512	PK11err(PK11_F_DH_COMP_KEY, PK11_R_CREATEOBJECT);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2513	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2514	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2515
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2516	rv = pFuncList->C_DeriveKey(sp->session,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2517	&mechanism,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2518	h_key,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2519	priv_key_template,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2520	ul_priv_key_attr_count,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2521	&h_derived_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2522	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2523	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2524	PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_DERIVEKEY, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2525	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2526	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2527
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2528	rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2529	priv_key_result, priv_key_attr_result_count);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2530
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2531	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2532	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2533	PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2534	rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2535	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2536	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2537
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2538	if (((CK_LONG) priv_key_result[0].ulValueLen) <= 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2539	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2540	PK11err(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2541	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2542	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2543	priv_key_result[0].pValue =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2544	OPENSSL_malloc(priv_key_result[0].ulValueLen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2545	if (!priv_key_result[0].pValue)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2546	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2547	PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2548	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2549	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2550
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2551	rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2552	priv_key_result, priv_key_attr_result_count);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2553
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2554	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2555	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2556	PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2557	rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2558	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2559	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2560
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2561	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2562	* OpenSSL allocates the output buffer 'key' which is the same
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2563	* length of the public key. It is long enough for the derived key
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2564	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2565	if (priv_key_result[0].type == CKA_VALUE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2566	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2567	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2568	* CKM_DH_PKCS_DERIVE mechanism is not supposed to strip
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2569	* leading zeros from a computed shared secret. However,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2570	* OpenSSL always did it so we must do the same here. The
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2571	* vagueness of the spec regarding leading zero bytes was
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2572	* finally cleared with TLS 1.1 (RFC 4346) saying that leading
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2573	* zeros are stripped before the computed data is used as the
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2574	* pre-master secret.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2575	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2576	for (i = 0; i < priv_key_result[0].ulValueLen; ++i)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2577	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2578	if (((char *)priv_key_result[0].pValue)[i] != 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2579	break;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2580	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2581
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2582	(void) memcpy(key, ((char *)priv_key_result[0].pValue) + i,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2583	priv_key_result[0].ulValueLen - i);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2584	ret = priv_key_result[0].ulValueLen - i;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2585	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2586
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2587	err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2588
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2589	if (h_derived_key != CK_INVALID_HANDLE)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2590	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2591	rv = pFuncList->C_DestroyObject(sp->session, h_derived_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2592	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2593	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2594	PK11err_add_data(PK11_F_DH_COMP_KEY,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2595	PK11_R_DESTROYOBJECT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2596	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2597	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2598	if (priv_key_result[0].pValue)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2599	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2600	OPENSSL_free(priv_key_result[0].pValue);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2601	priv_key_result[0].pValue = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2602	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2603
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2604	if (mechanism.pParameter)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2605	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2606	OPENSSL_free(mechanism.pParameter);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2607	mechanism.pParameter = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2608	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2609
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2610	pk11_return_session(sp, OP_DH);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2611	return (ret);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2612	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2613
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2614
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2615	static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2616	DH key_ptr, BIGNUM dh_priv_num, CK_SESSION_HANDLE session)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2617	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2618	CK_RV rv;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2619	CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2620	CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2621	CK_KEY_TYPE key_type = CKK_DH;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2622	CK_ULONG found;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2623	CK_BBOOL rollback = FALSE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2624	int i;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2625
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2626	CK_ULONG ul_key_attr_count = 7;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2627	CK_ATTRIBUTE key_template[] =
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2628	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2629	{CKA_CLASS, (void*) NULL, sizeof (class)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2630	{CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2631	{CKA_DERIVE, &true, sizeof (true)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2632	{CKA_PRIVATE, &false, sizeof (false)},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2633	{CKA_PRIME, (void *) NULL, 0},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2634	{CKA_BASE, (void *) NULL, 0},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2635	{CKA_VALUE, (void *) NULL, 0},
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2636	};
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2637
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2638	key_template[0].pValue = &class;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2639	key_template[1].pValue = &key_type;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2640
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2641	key_template[4].ulValueLen = BN_num_bytes(dh->p);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2642	key_template[4].pValue = (CK_VOID_PTR)OPENSSL_malloc(
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2643	(size_t)key_template[4].ulValueLen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2644	if (key_template[4].pValue == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2645	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2646	PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2647	goto malloc_err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2648	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2649
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2650	BN_bn2bin(dh->p, key_template[4].pValue);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2651
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2652	key_template[5].ulValueLen = BN_num_bytes(dh->g);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2653	key_template[5].pValue = (CK_VOID_PTR)OPENSSL_malloc(
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2654	(size_t)key_template[5].ulValueLen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2655	if (key_template[5].pValue == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2656	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2657	PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2658	goto malloc_err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2659	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2660
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2661	BN_bn2bin(dh->g, key_template[5].pValue);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2662
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2663	key_template[6].ulValueLen = BN_num_bytes(dh->priv_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2664	key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc(
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2665	(size_t)key_template[6].ulValueLen);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2666	if (key_template[6].pValue == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2667	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2668	PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2669	goto malloc_err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2670	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2671
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2672	BN_bn2bin(dh->priv_key, key_template[6].pValue);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2673
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2674	/* see find_lock array definition for more info on object locking */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2675	LOCK_OBJSTORE(OP_DH);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2676	rv = pFuncList->C_FindObjectsInit(session, key_template,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2677	ul_key_attr_count);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2678
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2679	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2680	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2681	PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSINIT, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2682	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2683	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2684
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2685	rv = pFuncList->C_FindObjects(session, &h_key, 1, &found);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2686
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2687	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2688	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2689	PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTS, rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2690	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2691	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2692
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2693	rv = pFuncList->C_FindObjectsFinal(session);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2694
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2695	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2696	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2697	PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSFINAL,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2698	rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2699	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2700	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2701
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2702	if (found == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2703	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2704	rv = pFuncList->C_CreateObject(session,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2705	key_template, ul_key_attr_count, &h_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2706	if (rv != CKR_OK)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2707	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2708	PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_CREATEOBJECT,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2709	rv);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2710	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2711	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2712	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2713
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2714	if (dh_priv_num != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2715	if ((*dh_priv_num = BN_dup(dh->priv_key)) == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2716	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2717	PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2718	rollback = TRUE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2719	goto err;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2720	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2721
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2722	/* LINTED: E_CONSTANT_CONDITION */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2723	KEY_HANDLE_REFHOLD(h_key, OP_DH, FALSE, rollback, err);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2724	if (key_ptr != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2725	*key_ptr = dh;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2726
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2727	err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2728	if (rollback)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2729	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2730	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2731	* We do not care about the return value from C_DestroyObject()
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2732	* since we are doing rollback.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2733	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2734	if (found == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2735	(void) pFuncList->C_DestroyObject(session, h_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2736	h_key = CK_INVALID_HANDLE;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2737	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2738
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2739	UNLOCK_OBJSTORE(OP_DH);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2740
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2741	malloc_err:
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2742	for (i = 4; i <= 6; i++)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2743	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2744	if (key_template[i].pValue != NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2745	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2746	OPENSSL_free(key_template[i].pValue);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2747	key_template[i].pValue = NULL;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2748	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2749	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2750
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2751	return (h_key);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2752	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2753
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2754	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2755	* Check for cache miss and clean the object pointer and handle
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2756	* in such case. Return 1 for cache hit, 0 for cache miss.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2757	*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2758	* Note: we rely on pk11_destroy_dh_key_objects() to set sp->opdata_dh
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2759	* to CK_INVALID_HANDLE even when it fails to destroy the object.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2760	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2761	static int check_new_dh_key(PK11_SESSION sp, DH dh)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2762	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2763	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2764	* Provide protection against DH structure reuse by making the
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2765	* check for cache hit stronger. Private key component of DH key
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2766	* is unique so it is sufficient to compare it with value cached
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2767	* in PK11_SESSION structure.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2768	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2769	if ((sp->opdata_dh != dh) \|\|
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2770	(BN_cmp(sp->opdata_dh_priv_num, dh->priv_key) != 0))
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2771	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2772	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2773	* We do not check the return value because even in case of
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2774	* failure the sp structure will have both key pointer
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2775	* and object handle cleaned and pk11_destroy_object()
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2776	* reports the failure to the OpenSSL error message buffer.
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2777	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2778	(void) pk11_destroy_dh_object(sp, TRUE);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2779	return (0);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2780	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2781	return (1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2782	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2783	#endif
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2784
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2785	/*
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2786	* Local function to simplify key template population
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2787	* Return 0 -- error, 1 -- no error
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2788	*/
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2789	static int init_template_value(BIGNUM bn, CK_VOID_PTR p_value,
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2790	CK_ULONG *ul_value_len)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2791	{
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2792	CK_ULONG len = BN_num_bytes(bn);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2793	if (len == 0)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2794	return (1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2795
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2796	*ul_value_len = len;
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2797	p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)ul_value_len);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2798	if (*p_value == NULL)
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2799	return (0);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2800
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2801	BN_bn2bin(bn, *p_value);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2802
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2803	return (1);
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2804	}
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2805
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2806	#endif /* OPENSSL_NO_HW_PK11 */
b34509ac961f Import sfw repo b126 Cyril Plisko <cyril.plisko@grigale.com> parents: diff changeset	2807	#endif /* OPENSSL_NO_HW */

author	Cyril Plisko <cyril.plisko@grigale.com>
	Wed, 21 Oct 2009 17:43:30 +0200
changeset 0	b34509ac961f
child 3	ad3552f8e1ef
permissions	-rw-r--r--