search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / lib / pkcs11 / pkcs11_softtoken / common / softASN1.c
blob1c8824136ecf18c0578a490ce12507b68e2ac950
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright 2012 Milan Jurik. All rights reserved.
25 */
26
27 #include <stdlib.h>
28 #include <string.h>
29 #include <strings.h>
30 #include <lber.h>
31 #include <security/cryptoki.h>
32 #include "softDSA.h"
33 #include "softDH.h"
34 #include "softRSA.h"
35 #include "softObject.h"
36 #include "softASN1.h"
37
38 #define OID_TAG 0x06
39
40 #define MAX_DH_KEY MAX_DH_KEYLENGTH_IN_BYTES /* bytes in DH key */
41 static uchar_t DH_OID[] = {
42 /* DH key agreement OID: 1 . 2 . 840 . 113549 . 1 . 3 . 1 */
43 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x03, 0x01
44 };
45
46 #define MAX_DH942_KEY MAX_DH_KEYLENGTH_IN_BYTES /* bytes in DH X9.42 key */
47 static uchar_t DH942_OID[] = {
48 /* DH X9.42 OID: 1 . 2 . 840 . 10046 . 1 */
49 0x2A, 0x86, 0x48, 0xCE, 0x3E, 0x01
50 };
51
52 #define MAX_DSA_KEY MAX_DSA_KEY_LEN /* bytes in DSA key */
53 static uchar_t DSA_OID[] = {
54 /* DSA algorithm OID: 1 . 2 . 840 . 10040 . 4 . 1 */
55 0x2A, 0x86, 0x48, 0xCE, 0x38, 0x04, 0x01
56 };
57
58 #define MAX_RSA_KEY MAX_RSA_KEYLENGTH_IN_BYTES /* bytes in RSA key */
59 static uchar_t RSA_OID[] = {
60 /* RSA algorithm OID: 1 . 2 . 840 . 113549 . 1 . 1 . 1 */
61 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01
62 };
63
64
65 /*
66 * If the first bit of big integer is non-zero (i.e, first byte is
67 * 0x80 or greater), it may be interpreted as an ASN.1 negative number.
68 * Add one leading byte of zero-padding only in these cases to ensure
69 * it is treated as an unsigned integer.
70 */
71 static CK_RV
72 pad_bigint_attr(biginteger_t *src, biginteger_t *dst)
73 {
74 int padding;
75
76 /* Src and dst must already by previously allocated. */
77 if (src == NULL || dst == NULL)
78 return (CKR_HOST_MEMORY);
79
80 if (src->big_value_len == 0) {
81 dst->big_value = NULL;
82 dst->big_value_len = 0;
83 return (CKR_OK);
84 }
85 /*
86 * Realloc() may free() or shrink previous memory location, so
87 * clear out potentially sensitive data before that happens.
88 */
89 if (dst->big_value != NULL)
90 (void) memset(dst->big_value, 0x0, dst->big_value_len);
91
92 padding = (src->big_value[0] < 0x80) ? 0 : 1;
93 dst->big_value_len = src->big_value_len + padding;
94
95 dst->big_value = realloc(dst->big_value, dst->big_value_len);
96 if (dst->big_value == NULL)
97 return (CKR_HOST_MEMORY);
98
99 /* Set zero-pad at first byte, then append actual big_value. */
100 dst->big_value[0] = 0x0;
101 (void) memcpy(&(dst->big_value[padding]), src->big_value,
102 src->big_value_len);
103 return (CKR_OK);
104 }
105
106 /*
107 * Sometimes there is one bytes of zero-padding, if a big integer may
108 * be interpreted as an ASN.1 negative number (i.e, the first bit is
109 * non-zero, the first byte is 0x80 or greater). Remove first byte
110 * of zero-padding in those cases from the decoded octet strings.
111 */
112 static CK_RV
113 unpad_bigint_attr(biginteger_t src, biginteger_t *dst)
114 {
115 int offset;
116
117 if (dst == NULL)
118 return (CKR_HOST_MEMORY);
119
120 if (src.big_value_len == 0) {
121 dst->big_value = NULL;
122 dst->big_value_len = 0;
123 return (CKR_OK);
124 }
125
126 offset = (src.big_value[0] == 0x00) ? 1 : 0;
127 dst->big_value_len = src.big_value_len - offset;
128
129 /*
130 * Must allocate memory here because subsequent calls to
131 * copy_bigint_attr() just redirect pointer; it doesn't
132 * really copy the bigint like the function name implies.
133 */
134 dst->big_value = malloc(dst->big_value_len);
135 if (dst->big_value == NULL)
136 return (CKR_HOST_MEMORY);
137
138 (void) memcpy(dst->big_value, &(src.big_value[offset]),
139 dst->big_value_len);
140 return (CKR_OK);
141 }
142
143
144 /* Encode RSA private key in ASN.1 BER syntax. */
145 static CK_RV
146 rsa_pri_to_asn1(soft_object_t *objp, uchar_t *buf, ulong_t *buf_len)
147 {
148 CK_RV rv = CKR_OK;
149 BerElement *key_asn = NULLBER, *p8obj_asn = NULLBER;
150 BerValue *key_octs = NULL, *p8obj_octs = NULL;
151 int version = SOFT_ASN_VERSION;
152 biginteger_t tmp_pad = { NULL, 0 };
153
154 /*
155 * The ASN.1 syntax for an RSA private key is:
156 *
157 * PKCS#8 \* PrivateKeyInfo *\
158 * ---------------------------------
159 * Sequence {
160 * version INTEGER;
161 * Sequence { \* PrivateKeyAlgorithm *\
162 * OID 0x06, \* RSA algorithm OID *\
163 * param(NULL)
164 * }
165 * RSAPrivateKey OCTETSTRING =
166 * PKCS#1 \* RSAPrivateKey *\
167 * ---------------------------
168 * Sequence {
169 * version INTEGER,
170 * modulus INTEGER,
171 * publicExponent INTEGER,
172 * privateExponent INTEGER,
173 * prime1 INTEGER,
174 * prime2 INTEGER,
175 * exponent1 INTEGER,
176 * exponent2 INTEGER,
177 * coefficient INTEGER
178 * }
179 * }
180 *
181 * The code below starts building the innermost octets
182 * RSAPrivateKey, and then builds the PrivateKeyInfo
183 * sequence around that octet string. The BER syntax
184 * used in this function is (others may be possible):
185 * { i { to n } { i to to to to to to to to } }
186 * where "i" is for integers with fixed size
187 * where "to" is for integers that vary in size (length + value)
188 * where "n" is for nulls
189 * where "{}" delimit sequences
190 */
191
192 /* RSAPrivateKey ... */
193 if ((key_asn = ber_alloc()) == NULLBER)
194 return (CKR_HOST_MEMORY);
195
196 /* ... begin-sequence { version, */
197 if (ber_printf(key_asn, "{i", version) == -1) {
198 rv = CKR_GENERAL_ERROR;
199 goto cleanup_rsapri2asn;
200 }
201
202 /* ... modulus, */
203 if ((rv = pad_bigint_attr(OBJ_PRI_RSA_MOD(objp), &tmp_pad)) != CKR_OK)
204 goto cleanup_rsapri2asn;
205 if (ber_printf(key_asn, "to", LBER_INTEGER,
206 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
207 rv = CKR_GENERAL_ERROR;
208 goto cleanup_rsapri2asn;
209 }
210
211 /* ... public exponent, */
212 if ((rv = pad_bigint_attr(OBJ_PRI_RSA_PUBEXPO(objp), &tmp_pad)) !=
213 CKR_OK)
214 goto cleanup_rsapri2asn;
215
216 else if (ber_printf(key_asn, "to", LBER_INTEGER, tmp_pad.big_value,
217 tmp_pad.big_value_len) == -1) {
218 rv = CKR_GENERAL_ERROR;
219 goto cleanup_rsapri2asn;
220 }
221
222 /* ... private exponent, */
223 if ((rv = pad_bigint_attr(OBJ_PRI_RSA_PRIEXPO(objp), &tmp_pad)) !=
224 CKR_OK)
225 goto cleanup_rsapri2asn;
226 if (ber_printf(key_asn, "to", LBER_INTEGER,
227 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
228 rv = CKR_GENERAL_ERROR;
229 goto cleanup_rsapri2asn;
230 }
231
232 /* ... prime 1, */
233 if ((rv = pad_bigint_attr(OBJ_PRI_RSA_PRIME1(objp), &tmp_pad)) !=
234 CKR_OK)
235 goto cleanup_rsapri2asn;
236 else if (ber_printf(key_asn, "to", LBER_INTEGER,
237 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
238 rv = CKR_GENERAL_ERROR;
239 goto cleanup_rsapri2asn;
240 }
241
242 /* ... prime 2, */
243 if ((rv = pad_bigint_attr(OBJ_PRI_RSA_PRIME2(objp), &tmp_pad)) !=
244 CKR_OK)
245 goto cleanup_rsapri2asn;
246 else if (ber_printf(key_asn, "to", LBER_INTEGER,
247 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
248 rv = CKR_GENERAL_ERROR;
249 goto cleanup_rsapri2asn;
250 }
251
252 /* ... exponent 1, */
253 if ((rv = pad_bigint_attr(OBJ_PRI_RSA_EXPO1(objp), &tmp_pad)) != CKR_OK)
254 goto cleanup_rsapri2asn;
255 else if (ber_printf(key_asn, "to", LBER_INTEGER,
256 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
257 rv = CKR_GENERAL_ERROR;
258 goto cleanup_rsapri2asn;
259 }
260
261 /* ... exponent 2, */
262 if ((rv = pad_bigint_attr(OBJ_PRI_RSA_EXPO2(objp), &tmp_pad)) != CKR_OK)
263 goto cleanup_rsapri2asn;
264 else if (ber_printf(key_asn, "to", LBER_INTEGER,
265 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
266 rv = CKR_GENERAL_ERROR;
267 goto cleanup_rsapri2asn;
268 }
269
270 /* ... coefficient } end-sequence */
271 if ((rv = pad_bigint_attr(OBJ_PRI_RSA_COEF(objp), &tmp_pad)) != CKR_OK)
272 goto cleanup_rsapri2asn;
273 else if (ber_printf(key_asn, "to}", LBER_INTEGER,
274 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
275 rv = CKR_GENERAL_ERROR;
276 goto cleanup_rsapri2asn;
277 }
278
279 /* Convert key ASN.1 to octet string. */
280 if (ber_flatten(key_asn, &key_octs) == -1) {
281 rv = CKR_GENERAL_ERROR;
282 goto cleanup_rsapri2asn;
283 }
284
285 /* PKCS#8 PrivateKeyInfo ... */
286 if ((p8obj_asn = ber_alloc()) == NULLBER) {
287 rv = CKR_HOST_MEMORY;
288 goto cleanup_rsapri2asn;
289 }
290
291 /*
292 * Embed key octet string into PKCS#8 object ASN.1:
293 * begin-sequence {
294 * version
295 * begin-sequence {
296 * OID,
297 * NULL
298 * } end-sequence
299 * RSAPrivateKey
300 * } end-sequence
301 */
302 if (ber_printf(p8obj_asn, "{i{ton}o}", version,
303 OID_TAG, RSA_OID, sizeof (RSA_OID), /* NULL parameter, */
304 key_octs->bv_val, key_octs->bv_len) == -1) {
305 rv = CKR_GENERAL_ERROR;
306 goto cleanup_rsapri2asn;
307 }
308
309 /* Convert PKCS#8 object ASN.1 to octet string. */
310 if (ber_flatten(p8obj_asn, &p8obj_octs) == -1) {
311 rv = CKR_GENERAL_ERROR;
312 goto cleanup_rsapri2asn;
313 }
314
315 /* Ship out the PKCS#8 object ASN.1 octet string, if possible. */
316 /*
317 * If the user passes in a null buf, then buf_len is set.
318 * If the user passes in a value with buf_len, then it can
319 * be checked to see if the accompanying buf is big enough.
320 * If it is, the octet string is copied into a pre-malloc'd
321 * buf; otherwise the user must resize buf and call again.
322 * In either case, buf_len is reset to the corrected size.
323 * See PKCS#11 section 11.2.
324 */
325 #ifdef _LP64
326 /* LINTED E_CAST_INT_TO_SMALL_INT */
327 if ((buf == NULL) || ((ber_len_t)(*buf_len) < p8obj_octs->bv_len)) {
328 #else
329 if ((buf == NULL) || ((ber_len_t)(*buf_len) < p8obj_octs->bv_len)) {
330 #endif
331 *buf_len = p8obj_octs->bv_len;
332 rv = (buf == NULL) ? CKR_OK : CKR_BUFFER_TOO_SMALL;
333 goto cleanup_rsapri2asn;
334 }
335
336 *buf_len = p8obj_octs->bv_len;
337 (void) memcpy(buf, p8obj_octs->bv_val, *buf_len);
338
339 cleanup_rsapri2asn:
340
341 if (tmp_pad.big_value != NULL) {
342 (void) memset(tmp_pad.big_value, 0x0, tmp_pad.big_value_len);
343 free(tmp_pad.big_value);
344 }
345
346 if (key_asn != NULLBER)
347 ber_free(key_asn, 1);
348
349 if (key_octs != NULL)
350 ber_bvfree(key_octs);
351
352 if (p8obj_asn != NULLBER)
353 ber_free(p8obj_asn, 1);
354
355 if (p8obj_octs != NULL)
356 ber_bvfree(p8obj_octs);
357
358 return (rv);
359 }
360
361 /* Encode DSA private key in ASN.1 BER syntax. */
362 static CK_RV
363 dsa_pri_to_asn1(soft_object_t *objp, uchar_t *buf, ulong_t *buf_len)
364 {
365 CK_RV rv = CKR_OK;
366 BerElement *key_asn = NULLBER, *p8obj_asn = NULLBER;
367 BerValue *key_octs = NULL, *p8obj_octs = NULL;
368 int version = SOFT_ASN_VERSION;
369 biginteger_t tmp_pad = { NULL, 0 };
370
371 /*
372 * The ASN.1 syntax for a DSA private key is:
373 *
374 * PKCS#8 \* PrivateKeyInfo *\
375 * ---------------------------------
376 * Sequence {
377 * version INTEGER;
378 * Sequence { \* PrivateKeyAlgorithm *\
379 * OID 0x06, \* DSA algorithm OID *\
380 * param(DSS-params) OCTETSTRING =
381 * PKCS#? \* DSSParameter *\
382 * ----------------------------------
383 * Sequence {
384 * prime INTEGER,
385 * subprime INTEGER,
386 * base INTEGER,
387 * }
388 * }
389 * DSAPrivateKey OCTETSTRING =
390 * PKCS#1 \* DSAPrivateKey *\
391 * ---------------------------
392 * value INTEGER
393 * }
394 *
395 * The code below starts building the innermost octets
396 * DSAPrivateKey, and then builds the PrivateKeyInfo
397 * sequence around that octet string. The BER syntax
398 * used in this function is (others may be possible):
399 * { i { to { to to to } } to }
400 * where "i" is for integers with fixed size
401 * where "to" is for integers that vary in size (length + value)
402 * where "{}" delimit sequences
403 */
404
405 /* DSAPrivateKey ... */
406 if ((key_asn = ber_alloc()) == NULLBER)
407 return (CKR_HOST_MEMORY);
408
409 /* ... value */
410 if ((rv = pad_bigint_attr(OBJ_PRI_DSA_VALUE(objp), &tmp_pad)) != CKR_OK)
411 goto cleanup_dsapri2asn;
412 if (ber_printf(key_asn, "to", LBER_INTEGER,
413 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
414 rv = CKR_GENERAL_ERROR;
415 goto cleanup_dsapri2asn;
416 }
417
418 /* Convert key ASN.1 to octet string. */
419 if (ber_flatten(key_asn, &key_octs) == -1) {
420 rv = CKR_GENERAL_ERROR;
421 goto cleanup_dsapri2asn;
422 }
423
424 /* PKCS#8 PrivateKeyInfo ... */
425 if ((p8obj_asn = ber_alloc()) == NULLBER) {
426 rv = CKR_HOST_MEMORY;
427 goto cleanup_dsapri2asn;
428 }
429
430 /*
431 * Start off the PKCS#8 object ASN.1:
432 * begin-sequence {
433 * version
434 * begin-sequence {
435 * OID,
436 * ...
437 */
438 if (ber_printf(p8obj_asn, "{i{to", version,
439 OID_TAG, DSA_OID, sizeof (DSA_OID)) == -1) {
440 rv = CKR_GENERAL_ERROR;
441 goto cleanup_dsapri2asn;
442 }
443
444 /*
445 * Add DSS parameters:
446 * ...
447 * begin-sequence {
448 * prime,
449 * ...
450 */
451 if ((rv = pad_bigint_attr(OBJ_PRI_DSA_PRIME(objp), &tmp_pad)) != CKR_OK)
452 goto cleanup_dsapri2asn;
453 if (ber_printf(p8obj_asn, "{to", LBER_INTEGER,
454 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
455 rv = CKR_GENERAL_ERROR;
456 goto cleanup_dsapri2asn;
457 }
458
459 /*
460 * ...
461 * subprime,
462 * ...
463 */
464 if ((rv = pad_bigint_attr(OBJ_PRI_DSA_SUBPRIME(objp), &tmp_pad)) !=
465 CKR_OK)
466 goto cleanup_dsapri2asn;
467 if (ber_printf(p8obj_asn, "to", LBER_INTEGER,
468 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
469 rv = CKR_GENERAL_ERROR;
470 goto cleanup_dsapri2asn;
471 }
472
473 /*
474 * ...
475 * base
476 * } end-sequence
477 */
478 if ((rv = pad_bigint_attr(OBJ_PRI_DSA_BASE(objp), &tmp_pad)) != CKR_OK)
479 goto cleanup_dsapri2asn;
480 if (ber_printf(p8obj_asn, "to}", LBER_INTEGER,
481 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
482 rv = CKR_GENERAL_ERROR;
483 goto cleanup_dsapri2asn;
484 }
485
486 /*
487 * Add the key octet string:
488 * } end-sequence
489 * DSAPrivateKey
490 * } end-sequence
491 */
492 if (ber_printf(p8obj_asn, "}o}",
493 key_octs->bv_val, key_octs->bv_len) == -1) {
494 rv = CKR_GENERAL_ERROR;
495 goto cleanup_dsapri2asn;
496 }
497
498 /* Convert PKCS#8 object ASN.1 to octet string. */
499 if (ber_flatten(p8obj_asn, &p8obj_octs) == -1) {
500 rv = CKR_GENERAL_ERROR;
501 goto cleanup_dsapri2asn;
502 }
503
504 /* Ship out the PKCS#8 object ASN.1 octet string, if possible. */
505 /*
506 * If the user passes in a null buf, then buf_len is set.
507 * If the user passes in a value with buf_len, then it can
508 * be checked to see if the accompanying buf is big enough.
509 * If it is, the octet string is copied into a pre-malloc'd
510 * buf; otherwise the user must resize buf and call again.
511 * In either case, buf_len is reset to the corrected size.
512 * See PKCS#11 section 11.2.
513 */
514 #ifdef _LP64
515 /* LINTED E_CAST_INT_TO_SMALL_INT */
516 if ((buf == NULL) || ((ber_len_t)(*buf_len) < p8obj_octs->bv_len)) {
517 #else
518 if ((buf == NULL) || ((ber_len_t)(*buf_len) < p8obj_octs->bv_len)) {
519 #endif
520 *buf_len = p8obj_octs->bv_len;
521 rv = (buf == NULL) ? CKR_OK : CKR_BUFFER_TOO_SMALL;
522 goto cleanup_dsapri2asn;
523 }
524
525 *buf_len = p8obj_octs->bv_len;
526 (void) memcpy(buf, p8obj_octs->bv_val, *buf_len);
527
528 cleanup_dsapri2asn:
529
530 if (tmp_pad.big_value != NULL) {
531 (void) memset(tmp_pad.big_value, 0x0, tmp_pad.big_value_len);
532 free(tmp_pad.big_value);
533 }
534
535 if (key_asn != NULLBER)
536 ber_free(key_asn, 1);
537
538 if (key_octs != NULL)
539 ber_bvfree(key_octs);
540
541 if (p8obj_asn != NULLBER)
542 ber_free(p8obj_asn, 1);
543
544 if (p8obj_octs != NULL)
545 ber_bvfree(p8obj_octs);
546
547 return (rv);
548 }
549
550 /* Encode DH private key in ASN.1 BER syntax. */
551 static CK_RV
552 dh_pri_to_asn1(soft_object_t *objp, uchar_t *buf, ulong_t *buf_len)
553 {
554 CK_RV rv = CKR_OK;
555 BerElement *key_asn = NULLBER, *p8obj_asn = NULLBER;
556 BerValue *key_octs = NULL, *p8obj_octs = NULL;
557 int version = SOFT_ASN_VERSION;
558 biginteger_t tmp_pad = { NULL, 0 };
559
560 /*
561 * The ASN.1 syntax for a DH private key is:
562 *
563 * PKCS#8 \* PrivateKeyInfo *\
564 * ---------------------------------
565 * Sequence {
566 * version INTEGER;
567 * Sequence { \* PrivateKeyAlgorithm *\
568 * OID 0x06, \* DH algorithm OID *\
569 * param(DH-params) OCTETSTRING =
570 * PKCS#3 \* DHParameter *\
571 * -------------------------
572 * Sequence {
573 * prime INTEGER,
574 * base INTEGER
575 * }
576 * }
577 * DHPrivateKey OCTETSTRING =
578 * PKCS#1 \* DHPrivateKey *\
579 * --------------------------
580 * value INTEGER
581 * }
582 *
583 * The code below starts building the innermost octets
584 * DHPrivateKey, and then builds the PrivateKeyInfo
585 * sequence around that octet string. The BER syntax
586 * used in this function is (others may be possible):
587 * { i { to { to to } } to }
588 * where "i" is for integers with fixed size
589 * where "to" is for integers that vary in size (length + value)
590 * where "{}" delimit sequences
591 */
592
593 /* DHPrivateKey ... */
594 if ((key_asn = ber_alloc()) == NULLBER)
595 return (CKR_HOST_MEMORY);
596
597 /* ... value */
598 if ((rv = pad_bigint_attr(OBJ_PRI_DH_VALUE(objp), &tmp_pad)) != CKR_OK)
599 goto cleanup_dhpri2asn;
600 if (ber_printf(key_asn, "to", LBER_INTEGER,
601 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
602 rv = CKR_GENERAL_ERROR;
603 goto cleanup_dhpri2asn;
604 }
605
606 /* Convert key ASN.1 to octet string. */
607 if (ber_flatten(key_asn, &key_octs) == -1) {
608 rv = CKR_GENERAL_ERROR;
609 goto cleanup_dhpri2asn;
610 }
611
612 /* PKCS#8 PrivateKeyInfo ... */
613 if ((p8obj_asn = ber_alloc()) == NULLBER) {
614 rv = CKR_HOST_MEMORY;
615 goto cleanup_dhpri2asn;
616 }
617
618 /*
619 * Start off the PKCS#8 object ASN.1:
620 * begin-sequence {
621 * version
622 * begin-sequence {
623 * OID,
624 * ...
625 */
626 if (ber_printf(p8obj_asn, "{i{to", version,
627 OID_TAG, DH_OID, sizeof (DH_OID)) == -1) {
628 rv = CKR_GENERAL_ERROR;
629 goto cleanup_dhpri2asn;
630 }
631
632 /*
633 * Add DH parameters:
634 * ...
635 * begin-sequence {
636 * prime,
637 * ...
638 */
639 if ((rv = pad_bigint_attr(OBJ_PRI_DH_PRIME(objp), &tmp_pad)) != CKR_OK)
640 goto cleanup_dhpri2asn;
641 if (ber_printf(p8obj_asn, "{to", LBER_INTEGER,
642 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
643 rv = CKR_GENERAL_ERROR;
644 goto cleanup_dhpri2asn;
645 }
646
647 /*
648 * ...
649 * base
650 * } end-sequence
651 */
652 if ((rv = pad_bigint_attr(OBJ_PRI_DH_BASE(objp), &tmp_pad)) != CKR_OK)
653 goto cleanup_dhpri2asn;
654 if (ber_printf(p8obj_asn, "to}", LBER_INTEGER,
655 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
656 rv = CKR_GENERAL_ERROR;
657 goto cleanup_dhpri2asn;
658 }
659
660 /*
661 * Add the key octet string:
662 * } end-sequence
663 * DSAPrivateKey
664 * } end-sequence
665 */
666 if (ber_printf(p8obj_asn, "}o}",
667 key_octs->bv_val, key_octs->bv_len) == -1) {
668 rv = CKR_GENERAL_ERROR;
669 goto cleanup_dhpri2asn;
670 }
671
672 /* Convert PKCS#8 object ASN.1 to octet string. */
673 if (ber_flatten(p8obj_asn, &p8obj_octs) == -1) {
674 rv = CKR_GENERAL_ERROR;
675 goto cleanup_dhpri2asn;
676 }
677
678 /* Ship out the PKCS#8 object ASN.1 octet string, if possible. */
679 /*
680 * If the user passes in a null buf, then buf_len is set.
681 * If the user passes in a value with buf_len, then it can
682 * be checked to see if the accompanying buf is big enough.
683 * If it is, the octet string is copied into a pre-malloc'd
684 * buf; otherwise the user must resize buf and call again.
685 * In either case, buf_len is reset to the corrected size.
686 * See PKCS#11 section 11.2.
687 */
688 #ifdef _LP64
689 /* LINTED E_CAST_INT_TO_SMALL_INT */
690 if ((buf == NULL) || ((ber_len_t)(*buf_len) < p8obj_octs->bv_len)) {
691 #else
692 if ((buf == NULL) || ((ber_len_t)(*buf_len) < p8obj_octs->bv_len)) {
693 #endif
694 *buf_len = p8obj_octs->bv_len;
695 rv = (buf == NULL) ? CKR_OK : CKR_BUFFER_TOO_SMALL;
696 goto cleanup_dhpri2asn;
697 }
698
699 *buf_len = p8obj_octs->bv_len;
700 (void) memcpy(buf, p8obj_octs->bv_val, *buf_len);
701
702 cleanup_dhpri2asn:
703
704 if (tmp_pad.big_value != NULL) {
705 (void) memset(tmp_pad.big_value, 0x0, tmp_pad.big_value_len);
706 free(tmp_pad.big_value);
707 }
708
709 if (key_asn != NULLBER)
710 ber_free(key_asn, 1);
711
712 if (key_octs != NULL)
713 ber_bvfree(key_octs);
714
715 if (p8obj_asn != NULLBER)
716 ber_free(p8obj_asn, 1);
717
718 if (p8obj_octs != NULL)
719 ber_bvfree(p8obj_octs);
720
721 return (rv);
722 }
723
724 /* Encode DH X9.42 private key in ASN.1 BER syntax. */
725 static CK_RV
726 x942_dh_pri_to_asn1(soft_object_t *objp, uchar_t *buf, ulong_t *buf_len)
727 {
728 CK_RV rv = CKR_OK;
729 BerElement *key_asn = NULLBER, *p8obj_asn = NULLBER;
730 BerValue *key_octs = NULL, *p8obj_octs = NULL;
731 int version = SOFT_ASN_VERSION;
732 biginteger_t tmp_pad = { NULL, 0 };
733
734 /*
735 * The ASN.1 syntax for a X9.42 DH private key is:
736 *
737 * PKCS#8 \* PrivateKeyInfo *\
738 * ---------------------------------
739 * Sequence {
740 * version INTEGER;
741 * Sequence { \* PrivateKeyAlgorithm *\
742 * OID 0x06, \* DH X9.42 algorithm OID *\
743 * param(DH-params) OCTETSTRING =
744 * PKCS#3 \* DHParameter *\
745 * -------------------------
746 * Sequence {
747 * prime INTEGER,
748 * base INTEGER,
749 * subprime INTEGER \* for X9.42 *\
750 * }
751 * }
752 * DHPrivateKey OCTETSTRING =
753 * PKCS#1 \* DHPrivateKey *\
754 * --------------------------
755 * value INTEGER
756 * }
757 *
758 * The code below starts building the innermost octets
759 * DHPrivateKey, and then builds the PrivateKeyInfo
760 * sequence around that octet string. The BER syntax
761 * used in this function is (others may be possible):
762 * { i { to { to to } } to }
763 * where "i" is for integers with fixed size
764 * where "to" is for integers that vary in size (length + value)
765 * where "{}" delimit sequences
766 */
767
768 /* DHPrivateKey ... */
769 if ((key_asn = ber_alloc()) == NULLBER)
770 return (CKR_HOST_MEMORY);
771
772 /* ... value */
773 if ((rv = pad_bigint_attr(OBJ_PRI_DH942_VALUE(objp), &tmp_pad)) !=
774 CKR_OK)
775 goto cleanup_x942dhpri2asn;
776 if (ber_printf(key_asn, "to", LBER_INTEGER,
777 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
778 rv = CKR_GENERAL_ERROR;
779 goto cleanup_x942dhpri2asn;
780 }
781
782 /* Convert key ASN.1 to octet string. */
783 if (ber_flatten(key_asn, &key_octs) == -1) {
784 rv = CKR_GENERAL_ERROR;
785 goto cleanup_x942dhpri2asn;
786 }
787
788 /* PKCS#8 PrivateKeyInfo ... */
789 if ((p8obj_asn = ber_alloc()) == NULLBER) {
790 rv = CKR_HOST_MEMORY;
791 goto cleanup_x942dhpri2asn;
792 }
793
794 /*
795 * Start off the PKCS#8 object ASN.1:
796 * begin-sequence {
797 * version
798 * begin-sequence {
799 * OID,
800 * ...
801 */
802 if (ber_printf(p8obj_asn, "{i{to", version,
803 OID_TAG, DH942_OID, sizeof (DH942_OID)) == -1) {
804 rv = CKR_GENERAL_ERROR;
805 goto cleanup_x942dhpri2asn;
806 }
807
808 /*
809 * Add DH parameters:
810 * ...
811 * begin-sequence {
812 * prime,
813 * ...
814 */
815 if ((rv = pad_bigint_attr(OBJ_PRI_DH942_PRIME(objp), &tmp_pad)) !=
816 CKR_OK)
817 goto cleanup_x942dhpri2asn;
818 if (ber_printf(p8obj_asn, "{to", LBER_INTEGER,
819 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
820 rv = CKR_GENERAL_ERROR;
821 goto cleanup_x942dhpri2asn;
822 }
823
824 /*
825 * ...
826 * base,
827 * ...
828 */
829 if ((rv = pad_bigint_attr(OBJ_PRI_DH942_BASE(objp), &tmp_pad)) !=
830 CKR_OK)
831 goto cleanup_x942dhpri2asn;
832 if (ber_printf(p8obj_asn, "to", LBER_INTEGER,
833 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
834 rv = CKR_GENERAL_ERROR;
835 goto cleanup_x942dhpri2asn;
836 }
837
838 /*
839 * ...
840 * subprime
841 * } end-sequence
842 */
843 if ((rv = pad_bigint_attr(OBJ_PRI_DH942_SUBPRIME(objp), &tmp_pad)) !=
844 CKR_OK)
845 goto cleanup_x942dhpri2asn;
846 if (ber_printf(p8obj_asn, "to}", LBER_INTEGER,
847 tmp_pad.big_value, tmp_pad.big_value_len) == -1) {
848 rv = CKR_GENERAL_ERROR;
849 goto cleanup_x942dhpri2asn;
850 }
851
852 /*
853 * Add the key octet string:
854 * } end-sequence
855 * DHPrivateKey
856 * } end-sequence
857 */
858 if (ber_printf(p8obj_asn, "}o}",
859 key_octs->bv_val, key_octs->bv_len) == -1) {
860 rv = CKR_GENERAL_ERROR;
861 goto cleanup_x942dhpri2asn;
862 }
863
864 /* Convert PKCS#8 object ASN.1 to octet string. */
865 if (ber_flatten(p8obj_asn, &p8obj_octs) == -1) {
866 rv = CKR_GENERAL_ERROR;
867 goto cleanup_x942dhpri2asn;
868 }
869
870 /* Ship out the PKCS#8 object ASN.1 octet string, if possible. */
871 /*
872 * If the user passes in a null buf, then buf_len is set.
873 * If the user passes in a value with buf_len, then it can
874 * be checked to see if the accompanying buf is big enough.
875 * If it is, the octet string is copied into a pre-malloc'd
876 * buf; otherwise the user must resize buf and call again.
877 * In either case, buf_len is reset to the corrected size.
878 * See PKCS#11 section 11.2.
879 */
880 #ifdef _LP64
881 /* LINTED E_CAST_INT_TO_SMALL_INT */
882 if ((buf == NULL) || ((ber_len_t)(*buf_len) < p8obj_octs->bv_len)) {
883 #else
884 if ((buf == NULL) || ((ber_len_t)(*buf_len) < p8obj_octs->bv_len)) {
885 #endif
886 *buf_len = p8obj_octs->bv_len;
887 rv = (buf == NULL) ? CKR_OK : CKR_BUFFER_TOO_SMALL;
888 goto cleanup_x942dhpri2asn;
889 }
890
891 *buf_len = p8obj_octs->bv_len;
892 (void) memcpy(buf, p8obj_octs->bv_val, *buf_len);
893
894 cleanup_x942dhpri2asn:
895
896 if (tmp_pad.big_value != NULL) {
897 (void) memset(tmp_pad.big_value, 0x0, tmp_pad.big_value_len);
898 free(tmp_pad.big_value);
899 }
900
901 if (key_asn != NULLBER)
902 ber_free(key_asn, 1);
903
904 if (key_octs != NULL)
905 ber_bvfree(key_octs);
906
907 if (p8obj_asn != NULLBER)
908 ber_free(p8obj_asn, 1);
909
910 if (p8obj_octs != NULL)
911 ber_bvfree(p8obj_octs);
912
913 return (rv);
914 }
915
916 /*
917 * Encode the object key from the soft_object_t into ASN.1 format.
918 */
919 CK_RV
920 soft_object_to_asn1(soft_object_t *objp, uchar_t *buf, ulong_t *buf_len)
921 {
922 CK_OBJECT_CLASS class = objp->class;
923 CK_KEY_TYPE keytype = objp->key_type;
924
925 switch (class) {
926
927 case CKO_PRIVATE_KEY:
928 switch (keytype) {
929 case CKK_RSA:
930 return (rsa_pri_to_asn1(objp, buf, buf_len));
931
932 case CKK_DSA:
933 return (dsa_pri_to_asn1(objp, buf, buf_len));
934
935 case CKK_DH:
936 return (dh_pri_to_asn1(objp, buf, buf_len));
937
938 case CKK_X9_42_DH:
939 return (x942_dh_pri_to_asn1(objp, buf, buf_len));
940
941 default:
942 return (CKR_FUNCTION_NOT_SUPPORTED);
943 } /* keytype */
944
945 default:
946 return (CKR_FUNCTION_NOT_SUPPORTED);
947
948 } /* class */
949 }
950
951 /* Decode ASN.1 BER syntax into RSA private key. */
952 static CK_RV
953 asn1_to_rsa_pri(private_key_obj_t *keyp, uchar_t *buf, ulong_t buf_len)
954 {
955 CK_RV rv = CKR_OK;
956 BerValue p8obj_octs, key_octs;
957 BerElement *p8obj_asn = NULLBER, *key_asn = NULLBER;
958 ber_len_t size, tmplen;
959 char *cookie;
960 int version;
961 uchar_t oid[sizeof (RSA_OID) + 1];
962 biginteger_t tmp, tmp_nopad = { NULL, 0 };
963
964 p8obj_octs.bv_val = (char *)buf;
965 #ifdef _LP64
966 /* LINTED E_CAST_INT_TO_SMALL_INT */
967 p8obj_octs.bv_len = (ber_len_t)buf_len;
968 #else
969 p8obj_octs.bv_len = (ber_len_t)buf_len;
970 #endif
971
972 key_octs.bv_val = NULL;
973 key_octs.bv_len = 0;
974
975 /* Decode PKCS#8 object ASN.1, verifying it is RSA private key. */
976 if ((p8obj_asn = ber_init(&p8obj_octs)) == NULLBER)
977 return (CKR_GENERAL_ERROR);
978
979 /* PKCS#8 PrivateKeyInfo ... */
980 if (ber_first_element(p8obj_asn, &size, &cookie) != LBER_INTEGER) {
981 rv = CKR_WRAPPED_KEY_INVALID;
982 goto cleanup_asn2rsapri;
983 }
984 /* ... begin-sequence { version, */
985 (void) ber_scanf(p8obj_asn, "i", &version); /* "{i" ? */
986
987 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_SEQUENCE) {
988 rv = CKR_WRAPPED_KEY_INVALID;
989 goto cleanup_asn2rsapri;
990 }
991 /* ... begin-sequence { */
992 (void) ber_scanf(p8obj_asn, "{");
993
994 if (ber_next_element(p8obj_asn, &size, cookie) != OID_TAG) {
995 rv = CKR_WRAPPED_KEY_INVALID;
996 goto cleanup_asn2rsapri;
997 }
998 /* ... OID, \* RSA algorithm OID *\ */
999 if (size != sizeof (RSA_OID)) {
1000 rv = CKR_FUNCTION_NOT_SUPPORTED;
1001 goto cleanup_asn2rsapri;
1002 }
1003 size = sizeof (oid);
1004 (void) ber_scanf(p8obj_asn, "s", oid, &size);
1005 if (memcmp(oid, RSA_OID, size) != 0) {
1006 rv = CKR_FUNCTION_NOT_SUPPORTED;
1007 goto cleanup_asn2rsapri;
1008 }
1009
1010 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_NULL) {
1011 rv = CKR_WRAPPED_KEY_INVALID;
1012 goto cleanup_asn2rsapri;
1013 }
1014 /* ... param(NULL) } end-sequence */
1015 (void) ber_scanf(p8obj_asn, "n"); /* "n}" ? */
1016
1017 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_OCTETSTRING) {
1018 rv = CKR_WRAPPED_KEY_INVALID;
1019 goto cleanup_asn2rsapri;
1020 }
1021 /* ... RSAPrivateKey } end-sequence */
1022 key_octs.bv_len = size + 1;
1023 if ((key_octs.bv_val = malloc(size + 1)) == NULL) {
1024 rv = CKR_HOST_MEMORY;
1025 goto cleanup_asn2rsapri;
1026 }
1027 (void) ber_scanf(p8obj_asn, "s", /* "s}" ? */
1028 key_octs.bv_val, &key_octs.bv_len);
1029
1030 /* Decode key octet string into softtoken key object. */
1031 if ((key_asn = ber_init(&key_octs)) == NULLBER) {
1032 rv = CKR_GENERAL_ERROR;
1033 goto cleanup_asn2rsapri;
1034 }
1035
1036 /* ... begin-sequence { version, */
1037 if (ber_first_element(key_asn, &size, &cookie) != LBER_INTEGER) {
1038 rv = CKR_WRAPPED_KEY_INVALID;
1039 goto cleanup_asn2rsapri;
1040 }
1041 (void) ber_scanf(key_asn, "i", &version); /* "{i" ? */
1042
1043 /* ... modulus, */
1044 if (ber_next_element(key_asn, &size, cookie) != LBER_INTEGER) {
1045 rv = CKR_WRAPPED_KEY_INVALID;
1046 goto cleanup_asn2rsapri;
1047 }
1048 if (size > MAX_RSA_KEY) {
1049 rv = CKR_FUNCTION_NOT_SUPPORTED;
1050 goto cleanup_asn2rsapri;
1051 }
1052 tmplen = size + 1;
1053 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1054 rv = CKR_HOST_MEMORY;
1055 goto cleanup_asn2rsapri;
1056 }
1057 (void) ber_scanf(key_asn, "s", tmp.big_value, &tmplen);
1058 tmp.big_value_len = tmplen;
1059 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1060 free(tmp.big_value);
1061 goto cleanup_asn2rsapri;
1062 }
1063 free(tmp.big_value);
1064 copy_bigint_attr(&tmp_nopad, KEY_PRI_RSA_MOD(keyp));
1065
1066 /* ... public exponent, */
1067 if (ber_next_element(key_asn, &size, cookie) != LBER_INTEGER) {
1068 rv = CKR_WRAPPED_KEY_INVALID;
1069 goto error_asn2rsapri;
1070 }
1071 if (size > MAX_RSA_KEY) {
1072 rv = CKR_FUNCTION_NOT_SUPPORTED;
1073 goto error_asn2rsapri;
1074 }
1075 tmplen = size + 1;
1076 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1077 rv = CKR_HOST_MEMORY;
1078 goto error_asn2rsapri;
1079 }
1080 (void) ber_scanf(key_asn, "s", tmp.big_value, &tmplen);
1081 tmp.big_value_len = tmplen;
1082 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1083 free(tmp.big_value);
1084 goto error_asn2rsapri;
1085 }
1086 free(tmp.big_value);
1087 copy_bigint_attr(&tmp_nopad, KEY_PRI_RSA_PUBEXPO(keyp));
1088
1089 /* ... private exponent, */
1090 if (ber_next_element(key_asn, &size, cookie) != LBER_INTEGER) {
1091 rv = CKR_WRAPPED_KEY_INVALID;
1092 goto error_asn2rsapri;
1093 }
1094 if (size > MAX_RSA_KEY) {
1095 rv = CKR_FUNCTION_NOT_SUPPORTED;
1096 goto error_asn2rsapri;
1097 }
1098 tmplen = size + 1;
1099 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1100 rv = CKR_HOST_MEMORY;
1101 goto error_asn2rsapri;
1102 }
1103 (void) ber_scanf(key_asn, "s", tmp.big_value, &tmplen);
1104 tmp.big_value_len = tmplen;
1105 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1106 free(tmp.big_value);
1107 goto error_asn2rsapri;
1108 }
1109 free(tmp.big_value);
1110 copy_bigint_attr(&tmp_nopad, KEY_PRI_RSA_PRIEXPO(keyp));
1111
1112 /* ... prime 1, */
1113 if (ber_next_element(key_asn, &size, cookie) != LBER_INTEGER) {
1114 rv = CKR_WRAPPED_KEY_INVALID;
1115 goto error_asn2rsapri;
1116 }
1117 if (size > MAX_RSA_KEY) {
1118 rv = CKR_FUNCTION_NOT_SUPPORTED;
1119 goto error_asn2rsapri;
1120 }
1121 tmplen = size + 1;
1122 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1123 rv = CKR_HOST_MEMORY;
1124 goto error_asn2rsapri;
1125 }
1126 (void) ber_scanf(key_asn, "s", tmp.big_value, &tmplen);
1127 tmp.big_value_len = tmplen;
1128 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1129 free(tmp.big_value);
1130 goto error_asn2rsapri;
1131 }
1132 free(tmp.big_value);
1133 copy_bigint_attr(&tmp_nopad, KEY_PRI_RSA_PRIME1(keyp));
1134
1135 /* ... prime 2, */
1136 if (ber_next_element(key_asn, &size, cookie) != LBER_INTEGER) {
1137 rv = CKR_WRAPPED_KEY_INVALID;
1138 goto error_asn2rsapri;
1139 }
1140 if (size > MAX_RSA_KEY) {
1141 rv = CKR_FUNCTION_NOT_SUPPORTED;
1142 goto error_asn2rsapri;
1143 }
1144 tmplen = size + 1;
1145 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1146 rv = CKR_HOST_MEMORY;
1147 goto error_asn2rsapri;
1148 }
1149 (void) ber_scanf(key_asn, "s", tmp.big_value, &tmplen);
1150 tmp.big_value_len = tmplen;
1151 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1152 free(tmp.big_value);
1153 goto error_asn2rsapri;
1154 }
1155 free(tmp.big_value);
1156 copy_bigint_attr(&tmp_nopad, KEY_PRI_RSA_PRIME2(keyp));
1157
1158 /* ... exponent 1, */
1159 if (ber_next_element(key_asn, &size, cookie) != LBER_INTEGER) {
1160 rv = CKR_WRAPPED_KEY_INVALID;
1161 goto error_asn2rsapri;
1162 }
1163 if (size > MAX_RSA_KEY) {
1164 rv = CKR_FUNCTION_NOT_SUPPORTED;
1165 goto error_asn2rsapri;
1166 }
1167 tmplen = size + 1;
1168 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1169 rv = CKR_HOST_MEMORY;
1170 goto error_asn2rsapri;
1171 }
1172 (void) ber_scanf(key_asn, "s", tmp.big_value, &tmplen);
1173 tmp.big_value_len = tmplen;
1174 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1175 free(tmp.big_value);
1176 goto error_asn2rsapri;
1177 }
1178 free(tmp.big_value);
1179 copy_bigint_attr(&tmp_nopad, KEY_PRI_RSA_EXPO1(keyp));
1180
1181 /* ... exponent 2, */
1182 if (ber_next_element(key_asn, &size, cookie) != LBER_INTEGER) {
1183 rv = CKR_WRAPPED_KEY_INVALID;
1184 goto error_asn2rsapri;
1185 }
1186 if (size > MAX_RSA_KEY) {
1187 rv = CKR_FUNCTION_NOT_SUPPORTED;
1188 goto error_asn2rsapri;
1189 }
1190 tmplen = size + 1;
1191 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1192 rv = CKR_HOST_MEMORY;
1193 goto error_asn2rsapri;
1194 }
1195 (void) ber_scanf(key_asn, "s", tmp.big_value, &tmplen);
1196 tmp.big_value_len = tmplen;
1197 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1198 free(tmp.big_value);
1199 goto error_asn2rsapri;
1200 }
1201 free(tmp.big_value);
1202 copy_bigint_attr(&tmp_nopad, KEY_PRI_RSA_EXPO2(keyp));
1203
1204 /* ... coefficient } end-sequence */
1205 if (ber_next_element(key_asn, &size, cookie) != LBER_INTEGER) {
1206 rv = CKR_WRAPPED_KEY_INVALID;
1207 goto error_asn2rsapri;
1208 }
1209 if (size > MAX_RSA_KEY) {
1210 rv = CKR_FUNCTION_NOT_SUPPORTED;
1211 goto error_asn2rsapri;
1212 }
1213 tmplen = size + 1;
1214 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1215 rv = CKR_HOST_MEMORY;
1216 goto error_asn2rsapri;
1217 }
1218 (void) ber_scanf(key_asn, "s", /* "s}" ? */
1219 tmp.big_value, &tmplen);
1220 tmp.big_value_len = tmplen;
1221 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1222 free(tmp.big_value);
1223 goto error_asn2rsapri;
1224 }
1225 free(tmp.big_value);
1226 copy_bigint_attr(&tmp_nopad, KEY_PRI_RSA_COEF(keyp));
1227
1228 goto cleanup_asn2rsapri;
1229
1230 error_asn2rsapri:
1231
1232 bigint_attr_cleanup(KEY_PRI_RSA_MOD(keyp));
1233 bigint_attr_cleanup(KEY_PRI_RSA_PUBEXPO(keyp));
1234 bigint_attr_cleanup(KEY_PRI_RSA_PRIEXPO(keyp));
1235 bigint_attr_cleanup(KEY_PRI_RSA_PRIME1(keyp));
1236 bigint_attr_cleanup(KEY_PRI_RSA_PRIME2(keyp));
1237 bigint_attr_cleanup(KEY_PRI_RSA_EXPO1(keyp));
1238 bigint_attr_cleanup(KEY_PRI_RSA_EXPO2(keyp));
1239 bigint_attr_cleanup(KEY_PRI_RSA_COEF(keyp));
1240
1241 cleanup_asn2rsapri:
1242
1243 if (tmp_nopad.big_value != NULL) {
1244 (void) memset(tmp_nopad.big_value, 0x0,
1245 tmp_nopad.big_value_len);
1246 free(tmp_nopad.big_value);
1247 }
1248
1249 if (p8obj_asn != NULLBER)
1250 ber_free(p8obj_asn, 1);
1251
1252 free(key_octs.bv_val);
1253
1254 if (key_asn != NULLBER)
1255 ber_free(key_asn, 1);
1256
1257 return (rv);
1258 }
1259
1260 /* Decode ASN.1 BER syntax into DSA private key. */
1261 static CK_RV
1262 asn1_to_dsa_pri(private_key_obj_t *keyp, uchar_t *buf, ulong_t buf_len)
1263 {
1264 CK_RV rv = CKR_OK;
1265 BerValue p8obj_octs, key_octs;
1266 BerElement *p8obj_asn = NULLBER, *key_asn = NULLBER;
1267 ber_len_t size, tmplen;
1268 char *cookie;
1269 int version;
1270 uchar_t oid[sizeof (DSA_OID) + 1];
1271 biginteger_t tmp, tmp_nopad = { NULL, 0 };
1272
1273 p8obj_octs.bv_val = (char *)buf;
1274 #ifdef _LP64
1275 /* LINTED E_CAST_INT_TO_SMALL_INT */
1276 p8obj_octs.bv_len = (ber_len_t)buf_len;
1277 #else
1278 p8obj_octs.bv_len = (ber_len_t)buf_len;
1279 #endif
1280
1281 key_octs.bv_val = NULL;
1282 key_octs.bv_len = 0;
1283
1284 /* Decode PKCS#8 object ASN.1, verifying it is DSA private key. */
1285 if ((p8obj_asn = ber_init(&p8obj_octs)) == NULLBER)
1286 return (CKR_GENERAL_ERROR);
1287
1288 /* PKCS#8 PrivateKeyInfo ... */
1289 if (ber_first_element(p8obj_asn, &size, &cookie) != LBER_INTEGER) {
1290 rv = CKR_WRAPPED_KEY_INVALID;
1291 goto cleanup_asn2dsapri;
1292 }
1293 /* ... begin-sequence { version, */
1294 (void) ber_scanf(p8obj_asn, "i", &version); /* "{i" ? */
1295
1296 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_SEQUENCE) {
1297 rv = CKR_WRAPPED_KEY_INVALID;
1298 goto cleanup_asn2dsapri;
1299 }
1300 /* ... begin-sequence { */
1301 (void) ber_scanf(p8obj_asn, "{");
1302
1303 if (ber_next_element(p8obj_asn, &size, cookie) != OID_TAG) {
1304 rv = CKR_WRAPPED_KEY_INVALID;
1305 goto cleanup_asn2dsapri;
1306 }
1307 /* ... OID, \* DSA algorithm OID *\ */
1308 if (size != sizeof (DSA_OID)) {
1309 rv = CKR_FUNCTION_NOT_SUPPORTED;
1310 goto cleanup_asn2dsapri;
1311 }
1312 size = sizeof (oid);
1313 (void) ber_scanf(p8obj_asn, "s", oid, &size);
1314 if (memcmp(oid, DSA_OID, size) != 0) {
1315 rv = CKR_FUNCTION_NOT_SUPPORTED;
1316 goto cleanup_asn2dsapri;
1317 }
1318
1319 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_SEQUENCE) {
1320 rv = CKR_WRAPPED_KEY_INVALID;
1321 goto cleanup_asn2dsapri;
1322 }
1323 /* ... begin-sequence { */
1324 (void) ber_scanf(p8obj_asn, "{");
1325
1326 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_INTEGER) {
1327 rv = CKR_WRAPPED_KEY_INVALID;
1328 goto cleanup_asn2dsapri;
1329 }
1330 /* ... prime, */
1331 if (size > MAX_DSA_KEY) {
1332 rv = CKR_FUNCTION_NOT_SUPPORTED;
1333 goto cleanup_asn2dsapri;
1334 }
1335 tmplen = size + 1;
1336 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1337 rv = CKR_HOST_MEMORY;
1338 goto cleanup_asn2dsapri;
1339 }
1340 (void) ber_scanf(p8obj_asn, "s", tmp.big_value, &tmplen);
1341 tmp.big_value_len = tmplen;
1342 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1343 free(tmp.big_value);
1344 goto cleanup_asn2dsapri;
1345 }
1346 free(tmp.big_value);
1347 copy_bigint_attr(&tmp_nopad, KEY_PRI_DSA_PRIME(keyp));
1348
1349 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_INTEGER) {
1350 rv = CKR_WRAPPED_KEY_INVALID;
1351 goto error_asn2dsapri;
1352 }
1353 /* ... subprime, */
1354 if (size > MAX_DSA_KEY) {
1355 rv = CKR_FUNCTION_NOT_SUPPORTED;
1356 goto error_asn2dsapri;
1357 }
1358 tmplen = size + 1;
1359 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1360 rv = CKR_HOST_MEMORY;
1361 goto error_asn2dsapri;
1362 }
1363 (void) ber_scanf(p8obj_asn, "s", tmp.big_value, &tmplen);
1364 tmp.big_value_len = tmplen;
1365 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1366 free(tmp.big_value);
1367 goto error_asn2dsapri;
1368 }
1369 free(tmp.big_value);
1370 copy_bigint_attr(&tmp_nopad, KEY_PRI_DSA_SUBPRIME(keyp));
1371
1372 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_INTEGER) {
1373 rv = CKR_WRAPPED_KEY_INVALID;
1374 goto error_asn2dsapri;
1375 }
1376 /* ... base } end-sequence } end-sequence */
1377 if (size > MAX_DSA_KEY) {
1378 rv = CKR_FUNCTION_NOT_SUPPORTED;
1379 goto error_asn2dsapri;
1380 }
1381 tmplen = size + 1;
1382 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1383 rv = CKR_HOST_MEMORY;
1384 goto error_asn2dsapri;
1385 }
1386 (void) ber_scanf(p8obj_asn, "s", /* "s}}" ? */
1387 tmp.big_value, &tmplen);
1388 tmp.big_value_len = tmplen;
1389 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1390 free(tmp.big_value);
1391 goto error_asn2dsapri;
1392 }
1393 free(tmp.big_value);
1394 copy_bigint_attr(&tmp_nopad, KEY_PRI_DSA_BASE(keyp));
1395
1396 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_OCTETSTRING) {
1397 rv = CKR_WRAPPED_KEY_INVALID;
1398 goto error_asn2dsapri;
1399 }
1400 /* ... DSAPrivateKey } end-sequence */
1401 key_octs.bv_len = size + 1;
1402 if ((key_octs.bv_val = malloc(size + 1)) == NULL) {
1403 rv = CKR_HOST_MEMORY;
1404 goto error_asn2dsapri;
1405 }
1406 (void) ber_scanf(p8obj_asn, "s", /* "s}" ? */
1407 key_octs.bv_val, &key_octs.bv_len);
1408
1409 /* Decode key octet string into softtoken key object. */
1410 if ((key_asn = ber_init(&key_octs)) == NULLBER) {
1411 rv = CKR_GENERAL_ERROR;
1412 goto error_asn2dsapri;
1413 }
1414
1415 if (ber_next_element(key_asn, &size, cookie) != LBER_INTEGER) {
1416 rv = CKR_WRAPPED_KEY_INVALID;
1417 goto error_asn2dsapri;
1418 }
1419 /* ... value } end-sequence */
1420 if (size > MAX_DSA_KEY) {
1421 rv = CKR_FUNCTION_NOT_SUPPORTED;
1422 goto error_asn2dsapri;
1423 }
1424 tmplen = size + 1;
1425 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1426 rv = CKR_HOST_MEMORY;
1427 goto error_asn2dsapri;
1428 }
1429 (void) ber_scanf(key_asn, "s", /* "s}" ? */
1430 tmp.big_value, &tmplen);
1431 tmp.big_value_len = tmplen;
1432 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1433 free(tmp.big_value);
1434 goto error_asn2dsapri;
1435 }
1436 free(tmp.big_value);
1437 copy_bigint_attr(&tmp_nopad, KEY_PRI_DSA_VALUE(keyp));
1438
1439 goto cleanup_asn2dsapri;
1440
1441 error_asn2dsapri:
1442
1443 bigint_attr_cleanup(KEY_PRI_DSA_PRIME(keyp));
1444 bigint_attr_cleanup(KEY_PRI_DSA_SUBPRIME(keyp));
1445 bigint_attr_cleanup(KEY_PRI_DSA_BASE(keyp));
1446 bigint_attr_cleanup(KEY_PRI_DSA_VALUE(keyp));
1447
1448 cleanup_asn2dsapri:
1449
1450 if (tmp_nopad.big_value != NULL) {
1451 (void) memset(tmp_nopad.big_value, 0x0,
1452 tmp_nopad.big_value_len);
1453 free(tmp_nopad.big_value);
1454 }
1455
1456 if (p8obj_asn != NULLBER)
1457 ber_free(p8obj_asn, 1);
1458
1459 free(key_octs.bv_val);
1460
1461 if (key_asn != NULLBER)
1462 ber_free(key_asn, 1);
1463
1464 return (rv);
1465 }
1466
1467 /* Decode ASN.1 BER syntax into DH private key. */
1468 static CK_RV
1469 asn1_to_dh_pri(private_key_obj_t *keyp, uchar_t *buf, ulong_t buf_len)
1470 {
1471 CK_RV rv = CKR_OK;
1472 BerValue p8obj_octs, key_octs;
1473 BerElement *p8obj_asn = NULLBER, *key_asn = NULLBER;
1474 ber_len_t size, tmplen;
1475 char *cookie;
1476 int version;
1477 uchar_t oid[sizeof (DH_OID) + 1];
1478 biginteger_t tmp, tmp_nopad = { NULL, 0 };
1479
1480 p8obj_octs.bv_val = (char *)buf;
1481 #ifdef _LP64
1482 /* LINTED E_CAST_INT_TO_SMALL_INT */
1483 p8obj_octs.bv_len = (ber_len_t)buf_len;
1484 #else
1485 p8obj_octs.bv_len = (ber_len_t)buf_len;
1486 #endif
1487
1488 key_octs.bv_val = NULL;
1489 key_octs.bv_len = 0;
1490
1491 /* Decode PKCS#8 object ASN.1, verifying it is DH private key. */
1492 if ((p8obj_asn = ber_init(&p8obj_octs)) == NULLBER)
1493 return (CKR_GENERAL_ERROR);
1494
1495 /* PKCS#8 PrivateKeyInfo ... */
1496 if (ber_first_element(p8obj_asn, &size, &cookie) != LBER_INTEGER) {
1497 rv = CKR_WRAPPED_KEY_INVALID;
1498 goto cleanup_asn2dhpri;
1499 }
1500 /* ... begin-sequence { version, */
1501 (void) ber_scanf(p8obj_asn, "i", &version); /* "{i" ? */
1502
1503 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_SEQUENCE) {
1504 rv = CKR_WRAPPED_KEY_INVALID;
1505 goto cleanup_asn2dhpri;
1506 }
1507 /* ... begin-sequence { */
1508 (void) ber_scanf(p8obj_asn, "{");
1509
1510 if (ber_next_element(p8obj_asn, &size, cookie) != OID_TAG) {
1511 rv = CKR_WRAPPED_KEY_INVALID;
1512 goto cleanup_asn2dhpri;
1513 }
1514 /* ... OID, \* DH algorithm OID *\ */
1515 if (size != sizeof (DH_OID)) {
1516 rv = CKR_FUNCTION_NOT_SUPPORTED;
1517 goto cleanup_asn2dhpri;
1518 }
1519 size = sizeof (oid);
1520 (void) ber_scanf(p8obj_asn, "s", oid, &size);
1521 if (memcmp(oid, DH_OID, size) != 0) {
1522 rv = CKR_FUNCTION_NOT_SUPPORTED;
1523 goto cleanup_asn2dhpri;
1524 }
1525
1526 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_SEQUENCE) {
1527 rv = CKR_WRAPPED_KEY_INVALID;
1528 goto cleanup_asn2dhpri;
1529 }
1530 /* ... begin-sequence { */
1531 (void) ber_scanf(p8obj_asn, "{");
1532
1533 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_INTEGER) {
1534 rv = CKR_WRAPPED_KEY_INVALID;
1535 goto cleanup_asn2dhpri;
1536 }
1537 /* ... prime, */
1538 if (size > MAX_DH_KEY) {
1539 rv = CKR_FUNCTION_NOT_SUPPORTED;
1540 goto cleanup_asn2dhpri;
1541 }
1542 tmplen = size + 1;
1543 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1544 rv = CKR_HOST_MEMORY;
1545 goto cleanup_asn2dhpri;
1546 }
1547 (void) ber_scanf(p8obj_asn, "s", tmp.big_value, &tmplen);
1548 tmp.big_value_len = tmplen;
1549 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1550 free(tmp.big_value);
1551 goto cleanup_asn2dhpri;
1552 }
1553 free(tmp.big_value);
1554 copy_bigint_attr(&tmp_nopad, KEY_PRI_DH_PRIME(keyp));
1555
1556 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_INTEGER) {
1557 rv = CKR_WRAPPED_KEY_INVALID;
1558 goto error_asn2dhpri;
1559 }
1560 /* ... base } end-sequence } end-sequence */
1561 if (size > MAX_DH_KEY) {
1562 rv = CKR_FUNCTION_NOT_SUPPORTED;
1563 goto error_asn2dhpri;
1564 }
1565 tmplen = size + 1;
1566 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1567 rv = CKR_HOST_MEMORY;
1568 goto error_asn2dhpri;
1569 }
1570 (void) ber_scanf(p8obj_asn, "s", /* "s}}" ? */
1571 tmp.big_value, &tmplen);
1572 tmp.big_value_len = tmplen;
1573 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1574 free(tmp.big_value);
1575 goto error_asn2dhpri;
1576 }
1577 free(tmp.big_value);
1578 copy_bigint_attr(&tmp_nopad, KEY_PRI_DH_BASE(keyp));
1579
1580 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_OCTETSTRING) {
1581 rv = CKR_WRAPPED_KEY_INVALID;
1582 goto error_asn2dhpri;
1583 }
1584 /* ... DHPrivateKey } end-sequence */
1585 key_octs.bv_len = size + 1;
1586 if ((key_octs.bv_val = malloc(size + 1)) == NULL) {
1587 rv = CKR_HOST_MEMORY;
1588 goto error_asn2dhpri;
1589 }
1590 (void) ber_scanf(p8obj_asn, "s", /* "s}" ? */
1591 key_octs.bv_val, &key_octs.bv_len);
1592
1593 /* Decode key octet string into softtoken key object. */
1594 if ((key_asn = ber_init(&key_octs)) == NULLBER) {
1595 rv = CKR_GENERAL_ERROR;
1596 goto error_asn2dhpri;
1597 }
1598
1599 if (ber_next_element(key_asn, &size, cookie) != LBER_INTEGER) {
1600 rv = CKR_WRAPPED_KEY_INVALID;
1601 goto error_asn2dhpri;
1602 }
1603 /* ... value } end-sequence */
1604 if (size > MAX_DH_KEY) {
1605 rv = CKR_FUNCTION_NOT_SUPPORTED;
1606 goto error_asn2dhpri;
1607 }
1608 tmplen = size + 1;
1609 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1610 rv = CKR_HOST_MEMORY;
1611 goto error_asn2dhpri;
1612 }
1613 (void) ber_scanf(key_asn, "s", /* "s}" ? */
1614 tmp.big_value, &tmplen);
1615 tmp.big_value_len = tmplen;
1616 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1617 free(tmp.big_value);
1618 goto error_asn2dhpri;
1619 }
1620 free(tmp.big_value);
1621 copy_bigint_attr(&tmp_nopad, KEY_PRI_DH_VALUE(keyp));
1622
1623 goto cleanup_asn2dhpri;
1624
1625 error_asn2dhpri:
1626
1627 bigint_attr_cleanup(KEY_PRI_DH_PRIME(keyp));
1628 bigint_attr_cleanup(KEY_PRI_DH_BASE(keyp));
1629 bigint_attr_cleanup(KEY_PRI_DH_VALUE(keyp));
1630
1631 cleanup_asn2dhpri:
1632
1633 if (tmp_nopad.big_value != NULL) {
1634 (void) memset(tmp_nopad.big_value, 0x0,
1635 tmp_nopad.big_value_len);
1636 free(tmp_nopad.big_value);
1637 }
1638
1639 if (p8obj_asn != NULLBER)
1640 ber_free(p8obj_asn, 1);
1641
1642 free(key_octs.bv_val);
1643
1644 if (key_asn != NULLBER)
1645 ber_free(key_asn, 1);
1646
1647 return (rv);
1648 }
1649
1650 /* Decode ASN.1 BER syntax into DH X9.42 private key. */
1651 static CK_RV
1652 asn1_to_x942_dh_pri(private_key_obj_t *keyp, uchar_t *buf, ulong_t buf_len)
1653 {
1654 CK_RV rv = CKR_OK;
1655 BerValue p8obj_octs, key_octs;
1656 BerElement *p8obj_asn = NULLBER, *key_asn = NULLBER;
1657 ber_len_t size, tmplen;
1658 char *cookie;
1659 int version;
1660 uchar_t oid[sizeof (DH942_OID) + 1];
1661 biginteger_t tmp, tmp_nopad = { NULL, 0 };
1662
1663 p8obj_octs.bv_val = (char *)buf;
1664 #ifdef _LP64
1665 /* LINTED E_CAST_INT_TO_SMALL_INT */
1666 p8obj_octs.bv_len = (ber_len_t)buf_len;
1667 #else
1668 p8obj_octs.bv_len = (ber_len_t)buf_len;
1669 #endif
1670
1671 key_octs.bv_val = NULL;
1672 key_octs.bv_len = 0;
1673
1674 /* Decode PKCS#8 object ASN.1, verifying it is DH X9.42 private key. */
1675 if ((p8obj_asn = ber_init(&p8obj_octs)) == NULLBER)
1676 return (CKR_GENERAL_ERROR);
1677
1678 /* PKCS#8 PrivateKeyInfo ... */
1679 if (ber_first_element(p8obj_asn, &size, &cookie) != LBER_INTEGER) {
1680 rv = CKR_WRAPPED_KEY_INVALID;
1681 goto cleanup_asn2x942dhpri;
1682 }
1683 /* ... begin-sequence { version, */
1684 (void) ber_scanf(p8obj_asn, "i", &version); /* "{i" ? */
1685
1686 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_SEQUENCE) {
1687 rv = CKR_WRAPPED_KEY_INVALID;
1688 goto cleanup_asn2x942dhpri;
1689 }
1690 /* ... begin-sequence { */
1691 (void) ber_scanf(p8obj_asn, "{");
1692
1693 if (ber_next_element(p8obj_asn, &size, cookie) != OID_TAG) {
1694 rv = CKR_WRAPPED_KEY_INVALID;
1695 goto cleanup_asn2x942dhpri;
1696 }
1697 /* ... OID, \* DH X9.42 algorithm OID *\ */
1698 if (size != sizeof (DH942_OID)) {
1699 rv = CKR_FUNCTION_NOT_SUPPORTED;
1700 goto cleanup_asn2x942dhpri;
1701 }
1702 size = sizeof (oid);
1703 (void) ber_scanf(p8obj_asn, "s", oid, &size);
1704 if (memcmp(oid, DH942_OID, size) != 0) {
1705 rv = CKR_FUNCTION_NOT_SUPPORTED;
1706 goto cleanup_asn2x942dhpri;
1707 }
1708
1709 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_SEQUENCE) {
1710 rv = CKR_WRAPPED_KEY_INVALID;
1711 goto cleanup_asn2x942dhpri;
1712 }
1713 /* ... begin-sequence { */
1714 (void) ber_scanf(p8obj_asn, "{");
1715
1716 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_INTEGER) {
1717 rv = CKR_WRAPPED_KEY_INVALID;
1718 goto cleanup_asn2x942dhpri;
1719 }
1720 /* ... prime, */
1721 if (size > MAX_DH942_KEY) {
1722 rv = CKR_FUNCTION_NOT_SUPPORTED;
1723 goto cleanup_asn2x942dhpri;
1724 }
1725 tmplen = size + 1;
1726 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1727 rv = CKR_HOST_MEMORY;
1728 goto cleanup_asn2x942dhpri;
1729 }
1730 (void) ber_scanf(p8obj_asn, "s", tmp.big_value, &tmplen);
1731 tmp.big_value_len = tmplen;
1732 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1733 free(tmp.big_value);
1734 goto cleanup_asn2x942dhpri;
1735 }
1736 free(tmp.big_value);
1737 copy_bigint_attr(&tmp_nopad, KEY_PRI_DH942_PRIME(keyp));
1738
1739 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_INTEGER) {
1740 rv = CKR_WRAPPED_KEY_INVALID;
1741 goto error_asn2x942dhpri;
1742 }
1743 /* ... base, */
1744 if (size > MAX_DH942_KEY) {
1745 rv = CKR_FUNCTION_NOT_SUPPORTED;
1746 goto error_asn2x942dhpri;
1747 }
1748 tmplen = size + 1;
1749 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1750 rv = CKR_HOST_MEMORY;
1751 goto error_asn2x942dhpri;
1752 }
1753 (void) ber_scanf(p8obj_asn, "s", tmp.big_value, &tmplen);
1754 tmp.big_value_len = tmplen;
1755 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1756 free(tmp.big_value);
1757 goto error_asn2x942dhpri;
1758 }
1759 free(tmp.big_value);
1760 copy_bigint_attr(&tmp_nopad, KEY_PRI_DH942_BASE(keyp));
1761
1762 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_INTEGER) {
1763 rv = CKR_WRAPPED_KEY_INVALID;
1764 goto error_asn2x942dhpri;
1765 }
1766 /* ... subprime } end-sequence } end-sequence */
1767 if (size > MAX_DH942_KEY) {
1768 rv = CKR_FUNCTION_NOT_SUPPORTED;
1769 goto error_asn2x942dhpri;
1770 }
1771 tmplen = size + 1;
1772 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1773 rv = CKR_HOST_MEMORY;
1774 goto error_asn2x942dhpri;
1775 }
1776 (void) ber_scanf(p8obj_asn, "s", /* "s}}" ? */
1777 tmp.big_value, &tmplen);
1778 tmp.big_value_len = tmplen;
1779 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1780 free(tmp.big_value);
1781 goto error_asn2x942dhpri;
1782 }
1783 free(tmp.big_value);
1784 copy_bigint_attr(&tmp_nopad, KEY_PRI_DH942_SUBPRIME(keyp));
1785
1786 if (ber_next_element(p8obj_asn, &size, cookie) != LBER_OCTETSTRING) {
1787 rv = CKR_WRAPPED_KEY_INVALID;
1788 goto error_asn2x942dhpri;
1789 }
1790 /* ... DHPrivateKey } end-sequence */
1791 key_octs.bv_len = size + 1;
1792 if ((key_octs.bv_val = malloc(size + 1)) == NULL) {
1793 rv = CKR_HOST_MEMORY;
1794 goto error_asn2x942dhpri;
1795 }
1796 (void) ber_scanf(p8obj_asn, "s", /* "s}" ? */
1797 key_octs.bv_val, &key_octs.bv_len);
1798
1799 /* Decode key octet string into softtoken key object. */
1800 if ((key_asn = ber_init(&key_octs)) == NULLBER) {
1801 rv = CKR_GENERAL_ERROR;
1802 goto error_asn2x942dhpri;
1803 }
1804
1805 if (ber_next_element(key_asn, &size, cookie) != LBER_INTEGER) {
1806 rv = CKR_WRAPPED_KEY_INVALID;
1807 goto error_asn2x942dhpri;
1808 }
1809 /* ... value } end-sequence */
1810 if (size > MAX_DH942_KEY) {
1811 rv = CKR_FUNCTION_NOT_SUPPORTED;
1812 goto error_asn2x942dhpri;
1813 }
1814 tmplen = size + 1;
1815 if ((tmp.big_value = malloc(tmplen)) == NULL) {
1816 rv = CKR_HOST_MEMORY;
1817 goto error_asn2x942dhpri;
1818 }
1819 (void) ber_scanf(key_asn, "s", /* "s}" ? */
1820 tmp.big_value, &tmplen);
1821 tmp.big_value_len = tmplen;
1822 if ((rv = unpad_bigint_attr(tmp, &tmp_nopad)) != CKR_OK) {
1823 free(tmp.big_value);
1824 goto error_asn2x942dhpri;
1825 }
1826 free(tmp.big_value);
1827 copy_bigint_attr(&tmp_nopad, KEY_PRI_DH942_VALUE(keyp));
1828
1829 goto cleanup_asn2x942dhpri;
1830
1831 error_asn2x942dhpri:
1832
1833 bigint_attr_cleanup(KEY_PRI_DH942_PRIME(keyp));
1834 bigint_attr_cleanup(KEY_PRI_DH942_BASE(keyp));
1835 bigint_attr_cleanup(KEY_PRI_DH942_SUBPRIME(keyp));
1836 bigint_attr_cleanup(KEY_PRI_DH942_VALUE(keyp));
1837
1838 cleanup_asn2x942dhpri:
1839
1840 if (tmp_nopad.big_value != NULL) {
1841 (void) memset(tmp_nopad.big_value, 0x0,
1842 tmp_nopad.big_value_len);
1843 free(tmp_nopad.big_value);
1844 }
1845
1846 if (p8obj_asn != NULLBER)
1847 ber_free(p8obj_asn, 1);
1848
1849 free(key_octs.bv_val);
1850
1851 if (key_asn != NULLBER)
1852 ber_free(key_asn, 1);
1853
1854 return (rv);
1855 }
1856
1857 /*
1858 * Decode the object key from ASN.1 format into soft_object_t.
1859 */
1860 CK_RV
1861 soft_asn1_to_object(soft_object_t *objp, uchar_t *buf, ulong_t buf_len)
1862 {
1863 CK_RV rv = CKR_OK;
1864 CK_OBJECT_CLASS class = objp->class;
1865 CK_KEY_TYPE keytype = objp->key_type;
1866 private_key_obj_t *pvk;
1867
1868 switch (class) {
1869
1870 case CKO_PRIVATE_KEY:
1871 /* Allocate storage for Private Key Object. */
1872 if ((pvk = calloc(1, sizeof (private_key_obj_t))) == NULL) {
1873 rv = CKR_HOST_MEMORY;
1874 return (rv);
1875 }
1876
1877 switch (keytype) {
1878 case CKK_RSA:
1879 rv = asn1_to_rsa_pri(pvk, buf, buf_len);
1880 break;
1881
1882 case CKK_DSA:
1883 rv = asn1_to_dsa_pri(pvk, buf, buf_len);
1884 break;
1885
1886 case CKK_DH:
1887 rv = asn1_to_dh_pri(pvk, buf, buf_len);
1888 break;
1889
1890 case CKK_X9_42_DH:
1891 rv = asn1_to_x942_dh_pri(pvk, buf, buf_len);
1892 break;
1893
1894 default:
1895 rv = CKR_FUNCTION_NOT_SUPPORTED;
1896 break;
1897
1898 } /* keytype */
1899
1900 if (rv != CKR_OK)
1901 free(pvk);
1902 else
1903 objp->object_class_u.private_key = pvk;
1904 break;
1905
1906 default:
1907 rv = CKR_FUNCTION_NOT_SUPPORTED;
1908 break;
1909
1910 } /* class */
1911
1912 return (rv);
1913 }
unleashed repo fork