[unleashed/tickless.git] / usr / src / lib / pkcs11 / pkcs11_softtoken / common / softAttributeUtil.c
| blob | 33a99ee0d0fef04b49fdbc3bf214cba9cf4b5756 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright 2012 Milan Jurik. All rights reserved.
25 */
27 #include <stdlib.h>
28 #include <string.h>
29 #include <security/cryptoki.h>
30 #include <sys/crypto/common.h>
31 #include <arcfour.h>
32 #include <aes_impl.h>
33 #include <blowfish_impl.h>
34 #include <bignum.h>
35 #include <des_impl.h>
36 #include <rsa_impl.h>
45 /*
46 * This attribute table is used by the soft_lookup_attr()
47 * to validate the attributes.
48 */
49 CK_ATTRIBUTE_TYPE attr_map[] = {
50 CKA_PRIVATE,
51 CKA_LABEL,
52 CKA_APPLICATION,
53 CKA_OBJECT_ID,
54 CKA_CERTIFICATE_TYPE,
55 CKA_ISSUER,
56 CKA_SERIAL_NUMBER,
57 CKA_AC_ISSUER,
58 CKA_OWNER,
59 CKA_ATTR_TYPES,
60 CKA_SUBJECT,
61 CKA_ID,
62 CKA_SENSITIVE,
63 CKA_START_DATE,
64 CKA_END_DATE,
65 CKA_MODULUS,
66 CKA_MODULUS_BITS,
67 CKA_PUBLIC_EXPONENT,
68 CKA_PRIVATE_EXPONENT,
69 CKA_PRIME_1,
70 CKA_PRIME_2,
71 CKA_EXPONENT_1,
72 CKA_EXPONENT_2,
73 CKA_COEFFICIENT,
74 CKA_PRIME,
75 CKA_SUBPRIME,
76 CKA_BASE,
77 CKA_EXTRACTABLE,
78 CKA_LOCAL,
79 CKA_NEVER_EXTRACTABLE,
80 CKA_ALWAYS_SENSITIVE,
81 CKA_MODIFIABLE,
82 CKA_ECDSA_PARAMS,
83 CKA_EC_PARAMS,
84 CKA_EC_POINT,
85 CKA_SECONDARY_AUTH,
86 CKA_AUTH_PIN_FLAGS,
87 CKA_HW_FEATURE_TYPE,
88 CKA_RESET_ON_INIT,
89 CKA_HAS_RESET
90 };
92 /*
93 * attributes that exists only in public key objects
94 * Note: some attributes may also exist in one or two
95 * other object classes, but they are also listed
96 * because not all object have them.
97 */
98 CK_ATTRIBUTE_TYPE PUB_KEY_ATTRS[] =
99 {
100 CKA_SUBJECT,
101 CKA_ENCRYPT,
102 CKA_WRAP,
103 CKA_VERIFY,
104 CKA_VERIFY_RECOVER,
105 CKA_MODULUS,
106 CKA_MODULUS_BITS,
107 CKA_PUBLIC_EXPONENT,
108 CKA_PRIME,
109 CKA_SUBPRIME,
110 CKA_BASE,
111 CKA_TRUSTED,
112 CKA_ECDSA_PARAMS,
113 CKA_EC_PARAMS,
114 CKA_EC_POINT
115 };
117 /*
118 * attributes that exists only in private key objects
119 * Note: some attributes may also exist in one or two
120 * other object classes, but they are also listed
121 * because not all object have them.
122 */
123 CK_ATTRIBUTE_TYPE PRIV_KEY_ATTRS[] =
124 {
125 CKA_DECRYPT,
126 CKA_UNWRAP,
127 CKA_SIGN,
128 CKA_SIGN_RECOVER,
129 CKA_MODULUS,
130 CKA_PUBLIC_EXPONENT,
131 CKA_PRIVATE_EXPONENT,
132 CKA_PRIME,
133 CKA_SUBPRIME,
134 CKA_BASE,
135 CKA_PRIME_1,
136 CKA_PRIME_2,
137 CKA_EXPONENT_1,
138 CKA_EXPONENT_2,
139 CKA_COEFFICIENT,
140 CKA_VALUE_BITS,
141 CKA_SUBJECT,
142 CKA_SENSITIVE,
143 CKA_EXTRACTABLE,
144 CKA_NEVER_EXTRACTABLE,
145 CKA_ALWAYS_SENSITIVE,
146 CKA_EC_PARAMS
147 };
149 /*
150 * attributes that exists only in secret key objects
151 * Note: some attributes may also exist in one or two
152 * other object classes, but they are also listed
153 * because not all object have them.
154 */
155 CK_ATTRIBUTE_TYPE SECRET_KEY_ATTRS[] =
156 {
157 CKA_VALUE_LEN,
158 CKA_ENCRYPT,
159 CKA_DECRYPT,
160 CKA_WRAP,
161 CKA_UNWRAP,
162 CKA_SIGN,
163 CKA_VERIFY,
164 CKA_SENSITIVE,
165 CKA_EXTRACTABLE,
166 CKA_NEVER_EXTRACTABLE,
167 CKA_ALWAYS_SENSITIVE
168 };
170 /*
171 * attributes that exists only in domain parameter objects
172 * Note: some attributes may also exist in one or two
173 * other object classes, but they are also listed
174 * because not all object have them.
175 */
176 CK_ATTRIBUTE_TYPE DOMAIN_ATTRS[] =
177 {
178 CKA_PRIME,
179 CKA_SUBPRIME,
180 CKA_BASE,
181 CKA_PRIME_BITS,
182 CKA_SUBPRIME_BITS,
183 CKA_SUB_PRIME_BITS
184 };
186 /*
187 * attributes that exists only in hardware feature objects
188 *
189 */
190 CK_ATTRIBUTE_TYPE HARDWARE_ATTRS[] =
191 {
192 CKA_HW_FEATURE_TYPE,
193 CKA_RESET_ON_INIT,
194 CKA_HAS_RESET
195 };
197 /*
198 * attributes that exists only in certificate objects
199 */
200 CK_ATTRIBUTE_TYPE CERT_ATTRS[] =
201 {
202 CKA_CERTIFICATE_TYPE,
203 CKA_TRUSTED,
204 CKA_SUBJECT,
205 CKA_ID,
206 CKA_ISSUER,
207 CKA_AC_ISSUER,
208 CKA_SERIAL_NUMBER,
209 CKA_OWNER,
210 CKA_ATTR_TYPES
211 };
214 /*
215 * Validate the attribute by using binary search algorithm.
216 */
217 CK_RV
219 {
227 /* Always starts from middle. */
231 /* Adjust the lower bound to upper half. */
234 }
237 /* Found it. */
239 }
242 /* Adjust the upper bound to lower half. */
245 }
246 }
248 /* Failed to find the matching attribute from the attribute table. */
250 }
253 /*
254 * Validate the attribute by using the following search algorithm:
255 *
256 * 1) Search for the most frequently used attributes first.
257 * 2) If not found, search for the usage-purpose attributes - these
258 * attributes have dense set of values, therefore compiler will
259 * optimize it with a branch table and branch to the appropriate
260 * case.
261 * 3) If still not found, use binary search for the rest of the
262 * attributes in the attr_map[] table.
263 */
264 CK_RV
267 {
269 CK_ULONG i;
273 /* First tier search */
289 /* Second tier search */
310 /* Third tier search */
315 }
317 }
318 }
320 }
322 static void
324 {
329 }
332 }
333 }
335 static CK_RV
337 {
346 /* free memory if its already allocated */
354 }
364 }
369 }
372 }
374 void
376 {
388 }
393 }
400 }
405 }
407 }
408 }
410 /*
411 * Clean up and release all the storage in the extra attribute list
412 * of an object.
413 */
414 void
416 {
418 CK_ATTRIBUTE_INFO_PTR extra_attr;
419 CK_ATTRIBUTE_INFO_PTR tmp;
426 /* Free the storage for the attribute_info struct. */
429 }
432 }
435 /*
436 * Create the attribute_info struct to hold the object's attribute,
437 * and add it to the extra attribute list of an object.
438 */
439 CK_RV
441 {
443 CK_ATTRIBUTE_INFO_PTR attrp;
445 /* Allocate the storage for the attribute_info struct. */
449 }
451 /* Set up attribute_info struct. */
457 /* Allocate storage for the value of the attribute. */
462 }
468 }
470 /* Insert the new attribute in front of extra attribute list. */
477 }
480 }
482 CK_RV
484 CK_CERTIFICATE_TYPE type)
485 {
488 x509_cert_t x509;
489 x509_attr_cert_t x509_attr;
494 }
517 /* wrong certificate type */
519 }
523 }
525 /*
526 * Copy the attribute_info struct from the old object to a new attribute_info
527 * struct, and add that new struct to the extra attribute list of the new
528 * object.
529 */
530 CK_RV
532 {
533 CK_ATTRIBUTE_INFO_PTR attrp;
535 /* Allocate attribute_info struct. */
539 }
550 }
556 }
558 /* Insert the new attribute in front of extra attribute list */
565 }
568 }
571 /*
572 * Get the attribute triple from the extra attribute list in the object
573 * (if the specified attribute type is found), and copy it to a template.
574 * Note the type of the attribute to be copied is specified by the template,
575 * and the storage is pre-allocated for the atrribute value in the template
576 * for doing the copy.
577 */
578 CK_RV
580 {
582 CK_ATTRIBUTE_INFO_PTR extra_attr;
589 /* Found it. */
592 /* Does not match, try next one. */
594 }
595 }
598 /* A valid but un-initialized attribute. */
601 }
603 /*
604 * We found the attribute in the extra attribute list.
605 */
609 }
612 /*
613 * The buffer provided by the application is large
614 * enough to hold the value of the attribute.
615 */
621 /*
622 * The buffer provided by the application does
623 * not have enough space to hold the value.
624 */
627 }
628 }
631 /*
632 * Modify the attribute triple in the extra attribute list of the object
633 * if the specified attribute type is found. Otherwise, just add it to
634 * list.
635 */
636 CK_RV
639 {
641 CK_ATTRIBUTE_INFO_PTR extra_attr;
647 /* Found it. */
650 /* Does not match, try next one. */
652 }
653 }
656 /*
657 * This attribute is a new one, go ahead adding it to
658 * the extra attribute list.
659 */
661 }
663 /* We found the attribute in the extra attribute list. */
667 /* The old buffer is too small to hold the new value. */
670 /* Allocate storage for the new attribute value. */
674 }
675 }
677 /* Replace the attribute with new value. */
683 }
686 }
689 /*
690 * Copy the big integer attribute value from template to a biginteger_t struct.
691 */
692 CK_RV
694 {
698 /* Allocate storage for the value of the attribute. */
702 }
710 }
713 }
716 /*
717 * Copy the big integer attribute value from a biginteger_t struct in the
718 * object to a template.
719 */
720 CK_RV
722 {
727 }
732 }
735 /*
736 * The buffer provided by the application is large
737 * enough to hold the value of the attribute.
738 */
744 /*
745 * The buffer provided by the application does
746 * not have enough space to hold the value.
747 */
750 }
751 }
754 /*
755 * Copy the boolean data type attribute value from an object for the
756 * specified attribute to the template.
757 */
758 CK_RV
761 {
766 }
769 /*
770 * The buffer provided by the application is large
771 * enough to hold the value of the attribute.
772 */
777 }
782 /*
783 * The buffer provided by the application does
784 * not have enough space to hold the value.
785 */
788 }
789 }
791 /*
792 * Set the boolean data type attribute value in the object.
793 */
794 CK_RV
797 {
801 else
805 }
808 /*
809 * Copy the CK_ULONG data type attribute value from an object to the
810 * template.
811 */
812 CK_RV
814 {
819 }
822 /*
823 * The buffer provided by the application is large
824 * enough to hold the value of the attribute.
825 * It is also assumed to be correctly aligned.
826 */
831 /*
832 * The buffer provided by the application does
833 * not have enough space to hold the value.
834 */
837 }
838 }
841 /*
842 * Copy the CK_ULONG data type attribute value from a template to the
843 * object.
844 */
845 static CK_RV
847 {
856 }
859 }
861 /*
862 * Copy the big integer attribute value from source's biginteger_t to
863 * destination's biginteger_t.
864 */
865 void
867 {
871 /*
872 * To do the copy, just have dst's big_value points
873 * to src's.
874 */
878 /*
879 * After the copy, nullify the src's big_value pointer.
880 * It prevents any double freeing the value.
881 */
887 }
888 }
890 CK_RV
892 {
895 /* Allocate storage for the value of the attribute. */
899 }
909 }
913 }
915 CK_RV
917 {
919 /*
920 * If the attribute was already set, clear out the
921 * existing value and release the memory.
922 */
928 }
933 }
935 }
941 }
944 }
947 }
949 /*
950 * Copy the certificate attribute information to the template.
951 * If the template attribute is not big enough, set the ulValueLen=-1
952 * and return CKR_BUFFER_TOO_SMALL.
953 */
954 static CK_RV
956 {
961 /*
962 * The buffer provided by the application is large
963 * enough to hold the value of the attribute.
964 */
969 /*
970 * The buffer provided by the application does
971 * not have enough space to hold the value.
972 */
975 }
976 }
978 void
980 {
986 }
987 }
989 /*
990 * Release the storage allocated for object attribute with big integer
991 * value.
992 */
993 void
995 {
1005 }
1006 }
1009 /*
1010 * Clean up and release all the storage allocated to hold the big integer
1011 * attributes associated with the type (i.e. class) of the object. Also,
1012 * release the storage allocated to the type of the object.
1013 */
1014 void
1016 {
1028 object_p));
1030 object_p));
1035 object_p));
1037 object_p));
1039 object_p));
1041 object_p));
1046 object_p));
1048 object_p));
1050 object_p));
1055 object_p));
1057 object_p));
1059 object_p));
1061 object_p));
1065 object_p));
1067 }
1069 /* Release Public Key Object struct */
1072 }
1080 object_p));
1082 object_p));
1084 object_p));
1086 object_p));
1088 object_p));
1090 object_p));
1092 object_p));
1094 object_p));
1099 object_p));
1101 object_p));
1103 object_p));
1105 object_p));
1110 object_p));
1112 object_p));
1114 object_p));
1119 object_p));
1121 object_p));
1123 object_p));
1125 object_p));
1130 object_p));
1132 }
1134 /* Release Private Key Object struct. */
1137 }
1142 /* cleanup key data area */
1148 }
1149 /* cleanup key schedule data area */
1155 }
1157 /* Release Secret Key Object struct. */
1160 }
1168 object_p));
1170 object_p));
1172 object_p));
1177 object_p));
1179 object_p));
1184 object_p));
1186 object_p));
1188 object_p));
1190 }
1192 /* Release Domain Parameters Object struct. */
1195 }
1197 }
1198 }
1201 /*
1202 * Parse the common attributes. Return to caller with appropriate return
1203 * value to indicate if the supplied template specifies a valid attribute
1204 * with a valid value.
1205 */
1206 CK_RV
1208 {
1216 /* default boolean attributes */
1222 }
1229 /*
1230 * Check if this is the special case when
1231 * the PIN is never initialized in the keystore.
1232 * If true, we will let it pass here and let
1233 * it fail with CKR_PIN_EXPIRED later on.
1234 */
1239 }
1240 }
1243 }
1251 }
1254 }
1257 /*
1258 * Build a Public Key Object.
1259 *
1260 * - Parse the object's template, and when an error is detected such as
1261 * invalid attribute type, invalid attribute value, etc., return
1262 * with appropriate return value.
1263 * - Set up attribute mask field in the object for the supplied common
1264 * attributes that have boolean type.
1265 * - Build the attribute_info struct to hold the value of each supplied
1266 * attribute that has byte array type. Link attribute_info structs
1267 * together to form the extra attribute list of the object.
1268 * - Allocate storage for the Public Key object.
1269 * - Build the Public Key object according to the key type. Allocate
1270 * storage to hold the big integer value for the supplied attributes
1271 * that are required for a certain key type.
1272 *
1273 */
1274 CK_RV
1277 {
1279 ulong_t i;
1284 /* Must set flags */
1293 /* Must not set flags */
1297 biginteger_t modulus;
1298 biginteger_t pubexpo;
1299 biginteger_t prime;
1300 biginteger_t subprime;
1301 biginteger_t base;
1302 biginteger_t value;
1303 biginteger_t point;
1304 CK_ATTRIBUTE string_tmp;
1305 CK_ATTRIBUTE param_tmp;
1313 BIGNUM n;
1315 /* prevent bigint_attr_cleanup from freeing invalid attr value */
1328 /* Public Key Object Attributes */
1331 /* common key attributes */
1340 /* common public key attribute */
1342 /*
1343 * Allocate storage to hold the attribute
1344 * value with byte array type, and add it to
1345 * the extra attribute list of the object.
1346 */
1348 new_object);
1351 }
1354 /*
1355 * The following key related attribute types must
1356 * not be specified by C_CreateObject, C_GenerateKey(Pair).
1357 */
1363 /* Key related boolean attributes */
1372 else
1379 else
1386 else
1393 else
1407 /*
1408 * The following key related attribute types must
1409 * be specified according to the key type by
1410 * C_CreateObject.
1411 */
1415 /*
1416 * Copyin big integer attribute from template
1417 * to a local variable.
1418 */
1424 /*
1425 * Modulus length needs to be between min key length and
1426 * max key length.
1427 */
1429 MIN_RSA_KEYLENGTH_IN_BYTES) ||
1431 MAX_RSA_KEYLENGTH_IN_BYTES)) {
1434 }
1476 }
1477 }
1522 }
1525 /* Allocate storage for Public Key Object. */
1530 }
1538 }
1542 }
1545 /*
1546 * The key type specified in the template does not
1547 * match the implied key type based on the mechanism.
1548 */
1551 }
1555 /* Supported key types of the Public Key Object */
1564 }
1567 /*
1568 * Derive modulus_bits attribute from modulus.
1569 * Save modulus_bits integer value to the
1570 * designated place in the public key object.
1571 */
1573 #ifdef __sparcv9
1583 }
1591 /*
1592 * After modulus_bits has been computed,
1593 * it is safe to move modulus and pubexpo
1594 * big integer attribute value to the
1595 * designated place in the public key object.
1596 */
1605 }
1607 /* mode is SOFT_GEN_KEY */
1613 }
1617 /*
1618 * Copy big integer attribute value to the
1619 * designated place in the public key object.
1620 */
1625 }
1627 /*
1628 * Use PKCS#11 default 0x010001 for public exponent
1629 * if not not specified in attribute template.
1630 */
1637 }
1638 /*
1639 * Copy big integer attribute value to the
1640 * designated place in the public key object.
1641 */
1643 }
1652 }
1660 }
1663 isValue) {
1666 }
1671 }
1672 }
1685 isSubprime) {
1688 }
1696 }
1702 }
1707 }
1708 }
1721 }
1729 }
1732 isValue) {
1735 }
1740 }
1741 }
1761 }
1771 }
1772 }
1776 }
1786 }
1788 /* Set up object. */
1796 }
1800 fail_cleanup:
1801 /*
1802 * cleanup the storage allocated to the local variables.
1803 */
1814 /*
1815 * cleanup the storage allocated inside the object itself.
1816 */
1820 }
1823 /*
1824 * Build a Private Key Object.
1825 *
1826 * - Parse the object's template, and when an error is detected such as
1827 * invalid attribute type, invalid attribute value, etc., return
1828 * with appropriate return value.
1829 * - Set up attribute mask field in the object for the supplied common
1830 * attributes that have boolean type.
1831 * - Build the attribute_info struct to hold the value of each supplied
1832 * attribute that has byte array type. Link attribute_info structs
1833 * together to form the extra attribute list of the object.
1834 * - Allocate storage for the Private Key object.
1835 * - Build the Private Key object according to the key type. Allocate
1836 * storage to hold the big integer value for the supplied attributes
1837 * that are required for a certain key type.
1838 *
1839 */
1840 CK_RV
1843 {
1844 ulong_t i;
1850 /* Must set flags unless mode == SOFT_UNWRAP_KEY */
1856 /* Must set flags if mode == SOFT_GEN_KEY */
1858 /* Must not set flags */
1862 /* Private Key RSA optional */
1870 biginteger_t modulus;
1871 biginteger_t priexpo;
1872 biginteger_t prime;
1873 biginteger_t subprime;
1874 biginteger_t base;
1875 biginteger_t value;
1877 biginteger_t pubexpo;
1878 biginteger_t prime1;
1879 biginteger_t prime2;
1880 biginteger_t expo1;
1881 biginteger_t expo2;
1882 biginteger_t coef;
1883 CK_ATTRIBUTE string_tmp;
1884 CK_ATTRIBUTE param_tmp;
1890 /* prevent bigint_attr_cleanup from freeing invalid attr value */
1910 /* Private Key Object Attributes */
1912 /* common key attributes */
1921 /* common private key attribute */
1923 /*
1924 * Allocate storage to hold the attribute
1925 * value with byte array type, and add it to
1926 * the extra attribute list of the object.
1927 */
1929 new_object);
1932 }
1935 /*
1936 * The following key related attribute types must
1937 * not be specified by C_CreateObject or C_GenerateKey(Pair).
1938 */
1947 /* Key related boolean attributes */
1962 }
1968 else
1975 else
1982 else
1989 else
1996 else
2005 /*
2006 * The following key related attribute types must
2007 * be specified according to the key type by
2008 * C_CreateObject.
2009 */
2013 /*
2014 * Copyin big integer attribute from template
2015 * to a local variable.
2016 */
2022 /*
2023 * Modulus length needs to be between min key length and
2024 * max key length.
2025 */
2027 MIN_RSA_KEYLENGTH_IN_BYTES) ||
2029 MAX_RSA_KEYLENGTH_IN_BYTES)) {
2032 }
2124 }
2125 }
2164 }
2167 /* Allocate storage for Private Key Object. */
2172 }
2180 }
2183 /*
2184 * The key type is not specified in the application's
2185 * template, so we use the implied key type based on
2186 * the mechanism.
2187 */
2190 }
2192 /* If still unspecified, template is incomplete */
2196 }
2198 /*
2199 * The key type specified in the template does not
2200 * match the implied key type based on the mechanism.
2201 */
2205 }
2206 }
2209 /*
2210 * Note that, for mode SOFT_UNWRAP_KEY, key type is not
2211 * implied by the mechanism (key_type), so if it is not
2212 * specified from the attribute template (keytype), it is
2213 * incomplete.
2214 */
2218 }
2219 }
2223 /* Supported key types of the Private Key Object */
2227 isValueBits) {
2230 }
2239 }
2242 /*
2243 * Copy big integer attribute value to the
2244 * designated place in the Private Key object.
2245 */
2252 }
2254 /* The following attributes are optional. */
2257 }
2261 }
2265 }
2269 }
2273 }
2277 }
2283 isValueBits) {
2286 }
2294 }
2297 /*
2298 * The private value x must be less than subprime q.
2299 * Size for big_init is in BIG_CHUNK_TYPE words.
2300 */
2301 #ifdef __sparcv9
2312 }
2313 #ifdef __sparcv9
2324 }
2333 }
2345 }
2351 isSubprime) {
2354 }
2356 /* CKA_VALUE_BITS is for key gen but not unwrap */
2364 }
2365 }
2373 }
2378 }
2389 }
2395 isValueBits) {
2398 }
2406 }
2420 }
2435 }
2438 }
2444 }
2446 /* Set up object. */
2454 }
2460 fail_cleanup:
2461 /*
2462 * cleanup the storage allocated to the local variables.
2463 */
2481 /*
2482 * cleanup the storage allocated inside the object itself.
2483 */
2487 }
2490 /*
2491 * Build a Secret Key Object.
2492 *
2493 * - Parse the object's template, and when an error is detected such as
2494 * invalid attribute type, invalid attribute value, etc., return
2495 * with appropriate return value.
2496 * - Set up attribute mask field in the object for the supplied common
2497 * attributes that have boolean type.
2498 * - Build the attribute_info struct to hold the value of each supplied
2499 * attribute that has byte array type. Link attribute_info structs
2500 * together to form the extra attribute list of the object.
2501 * - Allocate storage for the Secret Key object.
2502 * - Build the Secret Key object. Allocate storage to hold the big integer
2503 * value for the attribute CKA_VALUE that is required for all the key
2504 * types supported by secret key object.
2505 * This function is called internally with mode = SOFT_CREATE_OBJ_INT.
2506 *
2507 */
2508 CK_RV
2511 CK_KEY_TYPE key_type)
2512 {
2514 ulong_t i;
2519 /* Must set flags if mode != SOFT_UNWRAP_KEY, else must not set */
2521 /* Must not set flags if mode != SOFT_UNWRAP_KEY, else optional */
2524 CK_ATTRIBUTE string_tmp;
2531 /* Allocate storage for Secret Key Object. */
2536 }
2543 /* Secret Key Object Attributes */
2546 /* common key attributes */
2554 /*
2555 * Allocate storage to hold the attribute
2556 * value with byte array type, and add it to
2557 * the extra attribute list of the object.
2558 */
2560 new_object);
2563 }
2566 /*
2567 * The following key related attribute types must
2568 * not be specified by C_CreateObject and C_GenerateKey.
2569 */
2577 /* Key related boolean attributes */
2591 else
2598 else
2605 else
2612 else
2619 else
2626 else
2633 else
2649 }
2650 }
2652 /*
2653 * Copyin attribute from template
2654 * to a local variable.
2655 */
2685 }
2692 /*
2693 * The key type must be specified in the application's
2694 * template. Otherwise, returns error.
2695 */
2699 }
2704 /*
2705 * The key type is not specified in the application's
2706 * template, so we use the implied key type based on
2707 * the mechanism.
2708 */
2712 /*
2713 * The key type specified in the template
2714 * does not match the implied key type based
2715 * on the mechanism.
2716 */
2719 }
2720 }
2722 /*
2723 * If a key_len is passed as a parameter, it has to
2724 * match the one found in the template.
2725 */
2730 }
2733 }
2737 /*
2738 * Note that, for mode SOFT_UNWRAP_KEY, key type is not
2739 * implied by the mechanism (key_type), so if it is not
2740 * specified from the attribute template (keytype), it is
2741 * incomplete.
2742 */
2746 }
2750 /*
2751 * For CKM_MD5_KEY_DERIVATION & CKM_SHA1_KEY_DERIVATION, the
2752 * key type is optional.
2753 */
2756 }
2758 }
2768 }
2773 }
2780 }
2787 }
2793 }
2800 }
2805 }
2813 }
2817 }
2824 }
2828 }
2835 }
2839 }
2845 }
2848 /*
2849 * Templates for internal object creation come from
2850 * applications calls to C_DeriveKey(), for which it
2851 * is OKey to pass a CKA_VALUE_LEN attribute, as
2852 * long as it does not conflict with the length of the
2853 * CKA_VALUE attribute.
2854 */
2859 }
2860 }
2864 /* CKA_VALUE must not be specified */
2868 }
2871 /*
2872 * CKA_VALUE_LEN must be specified by C_GenerateKey
2873 * if mech is CKK_RC4, CKK_AES, CKK_GENERIC_SECRET.
2874 */
2879 }
2880 ;
2885 }
2889 /* arbitrary key length - no length checking */
2893 }
2900 }
2907 }
2915 }
2920 }
2927 /* CKA_VALUE_LEN attribute does not apply to DES<n> */
2931 }
2937 }
2941 /*
2942 * According to v2.11 of PKCS#11 spec, neither CKA_VALUE nor
2943 * CKA_VALUE_LEN can be be specified; however v2.20 has this
2944 * restriction removed, perhaps because it makes it hard to
2945 * determine variable-length key sizes. This case statement
2946 * complied with v2.20.
2947 */
2951 }
2954 /*
2955 * CKA_VALUE_LEN is optional
2956 * if key is CKK_RC4, CKK_AES, CKK_GENERIC_SECRET
2957 * and the unwrapping mech is *_CBC_PAD.
2958 *
2959 * CKA_VALUE_LEN is required
2960 * if key is CKK_RC4, CKK_AES, CKK_GENERIC_SECRET
2961 * and the unwrapping mech is *_ECB or *_CBC.
2962 *
2963 * since mech is not known at this point, CKA_VALUE_LEN is
2964 * treated as optional and the caller needs to enforce it.
2965 */
2969 ARCFOUR_MIN_KEY_BYTES) ||
2971 ARCFOUR_MAX_KEY_BYTES)) {
2974 }
2975 }
2979 /* arbitrary key length - no length checking */
2989 }
2990 }
2999 }
3005 /* CKA_VALUE_LEN attribute does not apply to DES<n> */
3009 }
3015 }
3019 /* CKA_VALUE must not be specified */
3023 }
3026 /*
3027 * CKA_VALUE_LEN is optional
3028 * if mech is CKK_RC4, CKK_AES, CKK_GENERIC_SECRET.
3029 */
3033 ARCFOUR_MIN_KEY_BYTES) ||
3035 ARCFOUR_MAX_KEY_BYTES)) {
3038 }
3039 }
3043 /* arbitrary key length - no length checking */
3053 }
3054 }
3064 }
3070 /* CKA_VALUE_LEN attribute does not apply to DES<n> */
3074 }
3080 }
3084 /* CKA_VALUE must not be specified */
3088 }
3091 /*
3092 * CKA_VALUE_LEN is an optional attribute for
3093 * CKM_SHA1_KEY_DERIVATION and CKM_MD5_KEY_DERIVATION
3094 * if mech is CKK_RC4, CKK_AES, CKK_GENERIC_SECRET.
3095 */
3100 /*
3101 * No need to check key length value here, it will be
3102 * validated later in soft_key_derive_check_length().
3103 */
3109 /* CKA_VALUE_LEN attribute does not apply to DES<n> */
3113 }
3119 }
3121 }
3123 /* Set up object. */
3132 }
3135 fail_cleanup:
3136 /*
3137 * cleanup the storage allocated to the local variables.
3138 */
3142 /*
3143 * cleanup the storage allocated inside the object itself.
3144 */
3148 }
3151 /*
3152 * Build a Domain Parameter Object.
3153 *
3154 * - Parse the object's template, and when an error is detected such as
3155 * invalid attribute type, invalid attribute value, etc., return
3156 * with appropriate return value.
3157 * - Allocate storage for the Domain Parameter object.
3158 * - Build the Domain Parameter object according to the key type. Allocate
3159 * storage to hold the big integer value for the supplied attributes
3160 * that are required for a certain key type.
3161 *
3162 */
3163 CK_RV
3166 {
3168 ulong_t i;
3172 /* Must set flags */
3176 /* Must not set flags */
3180 biginteger_t prime;
3181 biginteger_t subprime;
3182 biginteger_t base;
3183 CK_ATTRIBUTE string_tmp;
3188 /* prevent bigint_attr_cleanup from freeing invalid attr value */
3196 /* Domain Parameters Object Attributes */
3199 /* common domain parameter attribute */
3204 /*
3205 * The following common domain parameter attribute
3206 * must not be specified by C_CreateObject.
3207 */
3212 /*
3213 * The following domain parameter attributes must be
3214 * specified according to the key type by
3215 * C_CreateObject.
3216 */
3219 /*
3220 * Copyin big integer attribute from template
3221 * to a local variable.
3222 */
3268 }
3271 /* Allocate storage for Domain Parameters Object. */
3276 }
3284 }
3288 /* Supported key types of the Domain Parameters Object */
3294 }
3297 /*
3298 * Copy big integer attribute value to the
3299 * designated place in the domain parameter
3300 * object.
3301 */
3310 }
3317 }
3326 }
3333 }
3345 }
3351 }
3360 }
3364 fail_cleanup:
3365 /*
3366 * cleanup the storage allocated to the local variables.
3367 */
3373 /*
3374 * cleanup the storage allocated inside the object itself.
3375 */
3379 }
3381 /*
3382 * Build a Certificate Object
3383 *
3384 * - Parse the object's template, and when an error is detected such as
3385 * invalid attribute type, invalid attribute value, etc., return
3386 * with appropriate return value.
3387 * - Allocate storage for the Certificate object
3388 */
3389 static CK_RV
3392 CK_CERTIFICATE_TYPE cert_type)
3393 {
3396 CK_ULONG i;
3401 /* certificate type defaults to the value given as a parameter */
3403 CK_ATTRIBUTE string_tmp;
3407 /*
3408 * Look for the certificate type attribute and do some
3409 * sanity checking before creating the structures.
3410 */
3412 /* Certificate Object Attributes */
3415 certtype =
3427 }
3428 }
3430 /* The certificate type MUST be specified */
3434 /*
3435 * For X.509 certs, the CKA_SUBJECT and CKA_VALUE
3436 * must be present at creation time.
3437 */
3442 /*
3443 * For X.509 Attribute certs, the CKA_OWNER and CKA_VALUE
3444 * must be present at creation time.
3445 */
3454 }
3458 /* Certificate Object Attributes */
3484 new_object);
3488 B_FALSE)
3489 attr_mask |=
3490 NOT_MODIFIABLE_BOOL_ON;
3499 }
3524 new_object);
3529 B_FALSE)
3530 attr_mask |=
3531 NOT_MODIFIABLE_BOOL_ON;
3541 }
3546 }
3547 }
3560 }
3561 }
3563 fail_cleanup:
3566 }
3568 }
3571 /*
3572 * Validate the attribute types in the object's template. Then,
3573 * call the appropriate build function according to the class of
3574 * the object specified in the template.
3575 *
3576 * Note: The following classes of objects are supported:
3577 * - CKO_PUBLIC_KEY
3578 * - CKO_PRIVATE_KEY
3579 * - CKO_SECRET_KEY
3580 * - CKO_DOMAIN_PARAMETERS
3581 * - CKO_CERTIFICATE
3582 *
3583 */
3584 CK_RV
3587 {
3594 }
3596 /* Validate the attribute type in the template. */
3600 /*
3601 * CKA_CLASS is a mandatory attribute for C_CreateObject
3602 */
3606 /*
3607 * Call the appropriate function based on the supported class
3608 * of the object.
3609 */
3628 new_object);
3641 }
3644 }
3646 /*
3647 * Validate the attribute types in the object's template. Then,
3648 * call the appropriate build function according to the class of
3649 * the object specified in the template.
3650 *
3651 */
3652 CK_RV
3656 {
3661 /* Validate the attribute type in the template. */
3666 }
3668 /*
3669 * If either the class from the parameter list ("class") or
3670 * the class from the template ("temp_class") is not specified,
3671 * try to use the other one.
3672 */
3677 }
3679 /* If object class is still not specified, template is incomplete. */
3683 /* Class should match if specified in both parameters and template. */
3687 /*
3688 * Call the appropriate function based on the supported class
3689 * of the object.
3690 */
3694 /* Unwrapping public keys is not supported. */
3698 }
3718 /* Unwrapping domain parameters is not supported. */
3722 }
3725 new_object);
3734 }
3737 }
3740 /*
3741 * Get the value of a requested attribute that is common to all supported
3742 * classes (i.e. public key, private key, secret key, domain parameters,
3743 * and certificate classes).
3744 */
3745 CK_RV
3747 uchar_t object_type)
3748 {
3758 /* default boolean attributes */
3763 }
3766 else
3775 }
3778 else
3786 }
3789 else
3798 /*
3799 * The specified attribute for the object is invalid.
3800 * (the object does not possess such an attribute.)
3801 */
3804 }
3807 }
3809 /*
3810 * Get the value of a requested attribute that is common to all key objects
3811 * (i.e. public key, private key and secret key).
3812 */
3813 CK_RV
3815 {
3826 /*
3827 * The above extra attributes have byte array type.
3828 */
3832 /* Key related boolean attributes */
3847 }
3848 }
3850 /*
3851 * Get the value of a requested attribute of a Public Key Object.
3852 *
3853 * Rule: All the attributes in the public key object can be revealed.
3854 */
3855 CK_RV
3858 {
3867 /*
3868 * The above extra attributes have byte array type.
3869 */
3873 /* Key related boolean attributes */
3895 /*
3896 * This attribute is valid only for RSA public key
3897 * object.
3898 */
3905 }
3914 }
3923 }
3942 }
3957 }
3976 }
3999 }
4002 /*
4003 * First, get the value of the request attribute defined
4004 * in the list of common key attributes. If the request
4005 * attribute is not found in that list, then get the
4006 * attribute from the list of common attributes.
4007 */
4012 }
4014 }
4017 }
4020 /*
4021 * Get the value of a requested attribute of a Private Key Object.
4022 *
4023 * Rule: All the attributes in the private key object can be revealed
4024 * except those marked with footnote number "7" when the object
4025 * has its CKA_SENSITIVE attribute set to TRUE or its
4026 * CKA_EXTRACTABLE attribute set to FALSE (p.88 in PKCS11 spec.).
4027 */
4028 CK_RV
4031 {
4037 /*
4038 * If the following specified attributes for the private key
4039 * object cannot be revealed because the object is sensitive
4040 * or unextractable, then the ulValueLen is set to -1.
4041 */
4055 }
4056 }
4062 /*
4063 * The above extra attributes have byte array type.
4064 */
4068 /* Key related boolean attributes */
4113 }
4123 }
4133 }
4143 }
4153 }
4163 }
4173 }
4183 }
4193 }
4212 }
4227 }
4246 }
4269 }
4272 /*
4273 * First, get the value of the request attribute defined
4274 * in the list of common key attributes. If the request
4275 * attribute is not found in that list, then get the
4276 * attribute from the list of common attributes.
4277 */
4282 }
4284 }
4287 }
4290 /*
4291 * Get the value of a requested attribute of a Secret Key Object.
4292 *
4293 * Rule: All the attributes in the secret key object can be revealed
4294 * except those marked with footnote number "7" when the object
4295 * has its CKA_SENSITIVE attribute set to TRUE or its
4296 * CKA_EXTRACTABLE attribute set to FALSE (p.88 in PKCS11 spec.).
4297 */
4298 CK_RV
4301 {
4308 /* Key related boolean attributes */
4351 /*
4352 * If the specified attribute for the secret key object
4353 * cannot be revealed because the object is sensitive
4354 * or unextractable, then the ulValueLen is set to -1.
4355 */
4360 }
4380 }
4385 }
4389 /*
4390 * First, get the value of the request attribute defined
4391 * in the list of common key attributes. If the request
4392 * attribute is not found in that list, then get the
4393 * attribute from the list of common attributes.
4394 */
4399 }
4401 }
4404 }
4407 /*
4408 * Get the value of a requested attribute of a Domain Parameters Object.
4409 *
4410 * Rule: All the attributes in the domain parameters object can be revealed.
4411 */
4412 CK_RV
4415 {
4447 }
4462 }
4481 }
4500 }
4511 }
4514 /*
4515 * Get the value of a common attribute.
4516 */
4520 }
4523 }
4525 /*
4526 * Get certificate attributes from an object.
4527 * return CKR_ATTRIBUTE_TYPE_INVALID if the requested type
4528 * does not exist in the certificate.
4529 */
4530 CK_RV
4533 {
4535 cert_attr_t src;
4542 }
4551 }
4557 }
4576 }
4578 /*
4579 * If we got this far, then the combination of certificate type
4580 * and requested attribute is invalid.
4581 */
4583 }
4585 CK_RV
4588 {
4594 /* SUBJECT attr cannot be modified. */
4596 }
4600 /* OWNER attr cannot be modified. */
4602 }
4605 /* VALUE attr cannot be modified. */
4612 }
4619 }
4628 }
4630 /*
4631 * If we got this far, then the combination of certificate type
4632 * and requested attribute is invalid.
4633 */
4635 }
4637 /*
4638 * Call the appropriate get attribute function according to the class
4639 * of object.
4640 *
4641 * The caller of this function holds the lock on the object.
4642 */
4643 CK_RV
4645 {
4672 /*
4673 * If the specified attribute for the object is invalid
4674 * (the object does not possess such as attribute), then
4675 * the ulValueLen is modified to hold the value -1.
4676 */
4679 }
4683 }
4685 CK_RV
4688 {
4700 }
4703 }
4712 /*
4713 * Check if this is the special case
4714 * when the PIN is never initialized
4715 * in the keystore. If true, we will
4716 * let it pass here and let it fail
4717 * with CKR_PIN_EXPIRED later on.
4718 */
4723 }
4724 }
4727 }
4730 }
4738 else
4740 NOT_MODIFIABLE_BOOL_ON;
4743 }
4752 }
4755 }
4757 /*
4758 * Set the value of an attribute that is common to all key objects
4759 * (i.e. public key, private key and secret key).
4760 */
4761 CK_RV
4764 {
4769 /*
4770 * Only the LABEL can be modified in the common storage
4771 * object attributes after the object is created.
4772 */
4801 }
4803 }
4806 /*
4807 * Set the value of an attribute of a Public Key Object.
4808 *
4809 * Rule: The attributes marked with footnote number "8" in the PKCS11
4810 * spec may be modified (p.88 in PKCS11 spec.).
4811 */
4812 CK_RV
4815 {
4863 /*
4864 * Set the value of a common key attribute.
4865 */
4869 }
4870 /*
4871 * If we got this far, then the combination of key type
4872 * and requested attribute is invalid.
4873 */
4875 }
4878 /*
4879 * Set the value of an attribute of a Private Key Object.
4880 *
4881 * Rule: The attributes marked with footnote number "8" in the PKCS11
4882 * spec may be modified (p.88 in PKCS11 spec.).
4883 */
4884 CK_RV
4887 {
4897 /*
4898 * Cannot set SENSITIVE to FALSE if it is already ON.
4899 */
4903 }
4926 /*
4927 * Cannot set EXTRACTABLE to TRUE if it is already OFF.
4928 */
4932 }
4948 }
4972 /*
4973 * Set the value of a common key attribute.
4974 */
4977 }
4979 /*
4980 * If we got this far, then the combination of key type
4981 * and requested attribute is invalid.
4982 */
4984 }
4986 /*
4987 * Set the value of an attribute of a Secret Key Object.
4988 *
4989 * Rule: The attributes marked with footnote number "8" in the PKCS11
4990 * spec may be modified (p.88 in PKCS11 spec.).
4991 */
4992 CK_RV
4995 {
5001 /*
5002 * Cannot set SENSITIVE to FALSE if it is already ON.
5003 */
5007 }
5038 /*
5039 * Cannot set EXTRACTABLE to TRUE if it is already OFF.
5040 */
5044 }
5062 /*
5063 * Set the value of a common key attribute.
5064 */
5068 }
5069 /*
5070 * If we got this far, then the combination of key type
5071 * and requested attribute is invalid.
5072 */
5074 }
5077 /*
5078 * Call the appropriate set attribute function according to the class
5079 * of object.
5080 *
5081 * The caller of this function does not hold the lock on the original
5082 * object, since this function is setting the attribute on the new object
5083 * that is being modified.
5084 *
5085 * Argument copy: TRUE when called by C_CopyObject,
5086 * FALSE when called by C_SetAttributeValue.
5087 */
5088 CK_RV
5090 boolean_t copy)
5091 {
5113 /*
5114 * Only the LABEL can be modified in the common
5115 * storage object attributes after the object is
5116 * created.
5117 */
5122 }
5128 /*
5129 * If the template specifies a value of an attribute
5130 * which is incompatible with other existing attributes
5131 * of the object, then fails with return code
5132 * CKR_TEMPLATE_INCONSISTENT.
5133 */
5136 }
5139 }
5141 CK_RV
5144 {
5148 /* The following attributes belong to RSA */
5150 #ifdef __sparcv9
5151 len =
5152 /* LINTED */
5156 len =
5160 /* This attribute MUST BE set */
5163 }
5173 #ifdef __sparcv9
5174 len =
5175 /* LINTED */
5179 len =
5183 /* This attribute MUST BE set */
5186 }
5195 /* The following attributes belong to DSA and DH */
5199 #ifdef __sparcv9
5200 len =
5201 /* LINTED */
5204 big_value_len;
5206 len =
5208 big_value_len;
5210 else
5211 #ifdef __sparcv9
5212 len =
5213 /* LINTED */
5216 big_value_len;
5218 len =
5220 big_value_len;
5223 /* This attribute MUST BE set */
5226 }
5233 else
5241 #ifdef __sparcv9
5242 len =
5243 /* LINTED */
5247 len =
5251 /* This attribute MUST BE set */
5254 }
5266 #ifdef __sparcv9
5267 len =
5268 /* LINTED */
5271 big_value_len;
5273 len =
5275 big_value_len;
5277 else
5278 #ifdef __sparcv9
5279 len =
5280 /* LINTED */
5283 big_value_len;
5285 len =
5287 big_value_len;
5290 /* This attribute MUST BE set */
5293 }
5300 else
5309 #ifdef __sparcv9
5310 len =
5311 /* LINTED */
5314 big_value_len;
5316 len =
5318 big_value_len;
5320 else
5321 #ifdef __sparcv9
5322 len =
5323 /* LINTED */
5326 big_value_len;
5328 len =
5330 big_value_len;
5333 /* This attribute MUST BE set */
5336 }
5343 else
5349 }
5352 }
5355 CK_RV
5358 {
5364 /* The following attributes belong to RSA */
5366 #ifdef __sparcv9
5367 len =
5368 /* LINTED */
5372 len =
5376 /* This attribute MUST BE set */
5379 }
5389 #ifdef __sparcv9
5390 len =
5391 /* LINTED */
5395 len =
5399 /* This attribute MUST BE set */
5402 }
5412 #ifdef __sparcv9
5413 len =
5414 /* LINTED */
5418 len =
5424 }
5429 }
5438 #ifdef __sparcv9
5439 len =
5440 /* LINTED */
5444 len =
5450 }
5455 }
5464 #ifdef __sparcv9
5465 len =
5466 /* LINTED */
5470 len =
5476 }
5481 }
5490 #ifdef __sparcv9
5491 len =
5492 /* LINTED */
5496 len =
5502 }
5507 }
5516 #ifdef __sparcv9
5517 len =
5518 /* LINTED */
5522 len =
5528 }
5533 }
5541 /* The following attributes belong to DSA and DH */
5545 #ifdef __sparcv9
5546 len =
5547 /* LINTED */
5550 big_value_len;
5552 len =
5554 big_value_len;
5556 else
5557 #ifdef __sparcv9
5558 len =
5559 /* LINTED */
5562 big_value_len;
5564 len =
5566 big_value_len;
5569 /* This attribute MUST BE set */
5572 }
5579 else
5587 #ifdef __sparcv9
5588 len =
5589 /* LINTED */
5593 len =
5597 /* This attribute MUST BE set */
5600 }
5612 #ifdef __sparcv9
5613 len =
5614 /* LINTED */
5617 big_value_len;
5619 len =
5621 big_value_len;
5623 else
5624 #ifdef __sparcv9
5625 len =
5626 /* LINTED */
5629 big_value_len;
5631 len =
5633 big_value_len;
5636 /* This attribute MUST BE set */
5639 }
5646 else
5655 #ifdef __sparcv9
5656 len =
5657 /* LINTED */
5660 big_value_len;
5662 len =
5664 big_value_len;
5667 #ifdef __sparcv9
5668 len =
5669 /* LINTED */
5672 big_value_len;
5674 len =
5676 big_value_len;
5679 #ifdef __sparcv9
5680 len =
5681 /* LINTED */
5684 big_value_len;
5686 len =
5688 big_value_len;
5690 }
5692 /* This attribute MUST BE set */
5695 }
5710 }
5713 }
5717 }
5719 static CK_RV
5721 {
5727 }
5733 }
5735 static void
5737 {
5740 }
5769 }
5771 }
5773 CK_RV
5776 {
5784 }
5791 /* copy modulus */
5797 }
5798 /* copy public exponent */
5804 }
5811 /* copy prime */
5817 }
5819 /* copy subprime */
5825 }
5827 /* copy base */
5833 }
5835 /* copy value */
5841 }
5848 /* copy prime */
5854 }
5856 /* copy base */
5862 }
5864 /* copy value */
5870 }
5877 /* copy point */
5883 }
5890 /* copy prime */
5896 }
5898 /* copy subprime */
5904 }
5906 /* copy base */
5912 }
5914 /* copy value */
5920 }
5924 }
5927 }
5929 static void
5931 {
5934 }
5969 }
5971 }
5973 CK_RV
5976 {
5983 }
5990 /* copy modulus */
5996 }
5997 /* copy public exponent */
6003 }
6004 /* copy private exponent */
6010 }
6011 /* copy prime_1 */
6017 }
6018 /* copy prime_2 */
6024 }
6025 /* copy exponent_1 */
6031 }
6032 /* copy exponent_2 */
6038 }
6039 /* copy coefficient */
6045 }
6052 /* copy prime */
6058 }
6060 /* copy subprime */
6066 }
6068 /* copy base */
6074 }
6076 /* copy value */
6082 }
6089 /* copy prime */
6095 }
6097 /* copy base */
6103 }
6105 /* copy value */
6111 }
6118 /* copy value */
6124 }
6131 /* copy prime */
6137 }
6139 /* copy subprime */
6145 }
6147 /* copy base */
6153 }
6155 /* copy value */
6161 }
6165 }
6168 }
6170 static void
6172 {
6175 }
6194 }
6196 }
6198 CK_RV
6201 {
6208 }
6216 /* copy prime */
6222 }
6224 /* copy subprime */
6230 }
6232 /* copy base */
6238 }
6246 /* copy prime */
6252 }
6254 /* copy base */
6260 }
6268 /* copy prime */
6274 }
6276 /* copy subprime */
6282 }
6284 /* copy base */
6290 }
6295 }
6298 }
6300 CK_RV
6303 {
6309 }
6312 /* copy the secret key value */
6317 }
6321 /*
6322 * Copy the pre-expanded key schedule.
6323 */
6330 }
6334 }
6339 }
6341 /*
6342 * If CKA_CLASS not given, guess CKA_CLASS using
6343 * attributes on template .
6344 *
6345 * Some attributes are specific to an object class. If one or more
6346 * of these attributes are in the template, make a list of classes
6347 * that can have these attributes. This would speed up the search later,
6348 * because we can immediately skip an object if the class of that
6349 * object can not possibly contain one of the attributes.
6350 *
6351 */
6352 void
6355 CK_ULONG ulCount)
6356 {
6357 ulong_t i;
6372 /*
6373 * don't need to guess the class, it is specified.
6374 * Just record the class, and return.
6375 */
6380 }
6381 }
6383 num_pub_key_attrs =
6385 num_priv_key_attrs =
6387 num_secret_key_attrs =
6389 num_domain_attrs =
6391 num_hardware_attrs =
6393 num_cert_attrs =
6396 /*
6397 * Get the list of objects class that might contain
6398 * some attributes.
6399 */
6401 /*
6402 * only check if this attribute can belong to public key object
6403 * class if public key object isn't already in the list
6404 */
6410 CKO_PUBLIC_KEY;
6412 }
6413 }
6414 }
6421 CKO_PRIVATE_KEY;
6423 }
6424 }
6425 }
6432 CKO_SECRET_KEY;
6434 }
6435 }
6436 }
6443 CKO_DOMAIN_PARAMETERS;
6445 }
6446 }
6447 }
6454 CKO_HW_FEATURE;
6456 }
6457 }
6458 }
6465 CKO_CERTIFICATE;
6467 }
6468 }
6469 }
6470 }
6472 }
6474 boolean_t
6477 {
6478 ulong_t i;
6486 /*
6487 * Check if the class of this object match with any
6488 * of object classes that can possibly contain the
6489 * requested attributes.
6490 */
6495 }
6496 }
6498 /*
6499 * this object can't possibly contain one or
6500 * more attributes, don't need to check this object
6501 */
6503 }
6504 }
6506 /* need to examine everything */
6515 /* First, check the most common attributes */
6520 }
6526 }
6550 SIGN_RECOVER_BOOL_ON;
6559 VERIFY_RECOVER_BOOL_ON;
6576 SECONDARY_AUTH_BOOL_ON;
6585 EXTRACTABLE_BOOL_ON;
6590 ALWAYS_SENSITIVE_BOOL_ON;
6595 NEVER_EXTRACTABLE_BOOL_ON;
6607 {
6608 CK_BBOOL bval;
6610 NOT_MODIFIABLE_BOOL_ON;
6616 }
6619 }
6621 }
6623 /*
6624 * For X.509 attribute certificate object, get its
6625 * CKA_OWNER attribute from the x509_attr_cert_t struct.
6626 */
6631 }
6634 /*
6635 * For X.509 certificate object, get its CKA_SUBJECT
6636 * attribute from the x509_cert_t struct (not from
6637 * the extra_attrlistp).
6638 */
6644 }
6645 /*FALLTHRU*/
6655 /* find these attributes from extra_attrlistp */
6663 /* only secret key has this attribute */
6668 }
6671 }
6676 /*
6677 * secret_key_obj_t is the same as
6678 * biginteger_t
6679 */
6692 }
6704 }
6711 CKC_X_509_ATTR_CERT) {
6713 }
6718 }
6721 /* only RSA public and private key have this attr */
6729 }
6733 }
6736 /* only RSA public key has this attribute */
6743 }
6746 }
6749 /* only RSA public and private key have this attr */
6757 }
6761 }
6764 /* only RSA private key has this attribute */
6771 }
6774 /* only RSA private key has this attribute */
6781 }
6784 /* only RSA private key has this attribute */
6791 }
6794 /* only RSA private key has this attribute */
6801 }
6804 /* only RSA private key has this attribute */
6811 }
6814 /* only RSA private key has this attribute */
6821 }
6824 /* only Diffie-Hellman private key has this attr */
6831 }
6834 }
6850 }
6864 }
6878 }
6881 }
6895 }
6906 }
6917 }
6920 }
6937 }
6951 }
6965 }
6968 }
6973 CK_ULONG prime_bits;
6975 prime_bits =
6978 prime_bits =
6981 prime_bits =
6985 }
6989 }
6992 }
6997 CK_ULONG subprime_bits =
7002 }
7005 }
7008 /*
7009 * any other attributes are currently not supported.
7010 * so, it's not possible for them to be in the
7011 * object
7012 */
7014 }
7016 CK_BBOOL bval;
7022 }
7025 }
7029 }
7032 }
7036 }
7039 /*
7040 * The attribute type is valid, and its value
7041 * has not been initialized in the object. In
7042 * this case, it only matches the template's
7043 * attribute if the template's value length
7044 * is 0.
7045 */
7052 }
7056 }
7057 }
7060 /* specific attribute not found */
7062 }
7065 }
7069 }
7074 }
7075 }
7076 }
7078 }
7080 CK_ATTRIBUTE_PTR
7082 {
7083 CK_ATTRIBUTE_INFO_PTR tmp;
7089 }
7091 }
7092 /* if get there, the specified attribute is not found */
7094 }