[unleashed/tickless.git] / usr / src / lib / pkcs11 / pkcs11_softtoken / common / softAttributeUtil.c
| blob | b753f0f7f8eaded3f99a54c4e2a1559fe3d9e991 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright 2012 Milan Jurik. All rights reserved.
25 */
27 #include <stdlib.h>
28 #include <string.h>
29 #include <security/cryptoki.h>
30 #include <sys/crypto/common.h>
31 #include <arcfour.h>
32 #include <aes_impl.h>
33 #include <blowfish_impl.h>
34 #include <bignum.h>
35 #include <des_impl.h>
36 #include <rsa_impl.h>
45 /*
46 * This attribute table is used by the soft_lookup_attr()
47 * to validate the attributes.
48 */
49 CK_ATTRIBUTE_TYPE attr_map[] = {
50 CKA_PRIVATE,
51 CKA_LABEL,
52 CKA_APPLICATION,
53 CKA_OBJECT_ID,
54 CKA_CERTIFICATE_TYPE,
55 CKA_ISSUER,
56 CKA_SERIAL_NUMBER,
57 CKA_AC_ISSUER,
58 CKA_OWNER,
59 CKA_ATTR_TYPES,
60 CKA_SUBJECT,
61 CKA_ID,
62 CKA_SENSITIVE,
63 CKA_START_DATE,
64 CKA_END_DATE,
65 CKA_MODULUS,
66 CKA_MODULUS_BITS,
67 CKA_PUBLIC_EXPONENT,
68 CKA_PRIVATE_EXPONENT,
69 CKA_PRIME_1,
70 CKA_PRIME_2,
71 CKA_EXPONENT_1,
72 CKA_EXPONENT_2,
73 CKA_COEFFICIENT,
74 CKA_PRIME,
75 CKA_SUBPRIME,
76 CKA_BASE,
77 CKA_EXTRACTABLE,
78 CKA_LOCAL,
79 CKA_NEVER_EXTRACTABLE,
80 CKA_ALWAYS_SENSITIVE,
81 CKA_MODIFIABLE,
82 CKA_ECDSA_PARAMS,
83 CKA_EC_PARAMS,
84 CKA_EC_POINT,
85 CKA_SECONDARY_AUTH,
86 CKA_AUTH_PIN_FLAGS,
87 CKA_HW_FEATURE_TYPE,
88 CKA_RESET_ON_INIT,
89 CKA_HAS_RESET
90 };
92 /*
93 * attributes that exists only in public key objects
94 * Note: some attributes may also exist in one or two
95 * other object classes, but they are also listed
96 * because not all object have them.
97 */
98 CK_ATTRIBUTE_TYPE PUB_KEY_ATTRS[] =
99 {
100 CKA_SUBJECT,
101 CKA_ENCRYPT,
102 CKA_WRAP,
103 CKA_VERIFY,
104 CKA_VERIFY_RECOVER,
105 CKA_MODULUS,
106 CKA_MODULUS_BITS,
107 CKA_PUBLIC_EXPONENT,
108 CKA_PRIME,
109 CKA_SUBPRIME,
110 CKA_BASE,
111 CKA_TRUSTED,
112 CKA_ECDSA_PARAMS,
113 CKA_EC_PARAMS,
114 CKA_EC_POINT
115 };
117 /*
118 * attributes that exists only in private key objects
119 * Note: some attributes may also exist in one or two
120 * other object classes, but they are also listed
121 * because not all object have them.
122 */
123 CK_ATTRIBUTE_TYPE PRIV_KEY_ATTRS[] =
124 {
125 CKA_DECRYPT,
126 CKA_UNWRAP,
127 CKA_SIGN,
128 CKA_SIGN_RECOVER,
129 CKA_MODULUS,
130 CKA_PUBLIC_EXPONENT,
131 CKA_PRIVATE_EXPONENT,
132 CKA_PRIME,
133 CKA_SUBPRIME,
134 CKA_BASE,
135 CKA_PRIME_1,
136 CKA_PRIME_2,
137 CKA_EXPONENT_1,
138 CKA_EXPONENT_2,
139 CKA_COEFFICIENT,
140 CKA_VALUE_BITS,
141 CKA_SUBJECT,
142 CKA_SENSITIVE,
143 CKA_EXTRACTABLE,
144 CKA_NEVER_EXTRACTABLE,
145 CKA_ALWAYS_SENSITIVE,
146 CKA_EC_PARAMS
147 };
149 /*
150 * attributes that exists only in secret key objects
151 * Note: some attributes may also exist in one or two
152 * other object classes, but they are also listed
153 * because not all object have them.
154 */
155 CK_ATTRIBUTE_TYPE SECRET_KEY_ATTRS[] =
156 {
157 CKA_VALUE_LEN,
158 CKA_ENCRYPT,
159 CKA_DECRYPT,
160 CKA_WRAP,
161 CKA_UNWRAP,
162 CKA_SIGN,
163 CKA_VERIFY,
164 CKA_SENSITIVE,
165 CKA_EXTRACTABLE,
166 CKA_NEVER_EXTRACTABLE,
167 CKA_ALWAYS_SENSITIVE
168 };
170 /*
171 * attributes that exists only in domain parameter objects
172 * Note: some attributes may also exist in one or two
173 * other object classes, but they are also listed
174 * because not all object have them.
175 */
176 CK_ATTRIBUTE_TYPE DOMAIN_ATTRS[] =
177 {
178 CKA_PRIME,
179 CKA_SUBPRIME,
180 CKA_BASE,
181 CKA_PRIME_BITS,
182 CKA_SUBPRIME_BITS,
183 CKA_SUB_PRIME_BITS
184 };
186 /*
187 * attributes that exists only in hardware feature objects
188 *
189 */
190 CK_ATTRIBUTE_TYPE HARDWARE_ATTRS[] =
191 {
192 CKA_HW_FEATURE_TYPE,
193 CKA_RESET_ON_INIT,
194 CKA_HAS_RESET
195 };
197 /*
198 * attributes that exists only in certificate objects
199 */
200 CK_ATTRIBUTE_TYPE CERT_ATTRS[] =
201 {
202 CKA_CERTIFICATE_TYPE,
203 CKA_TRUSTED,
204 CKA_SUBJECT,
205 CKA_ID,
206 CKA_ISSUER,
207 CKA_AC_ISSUER,
208 CKA_SERIAL_NUMBER,
209 CKA_OWNER,
210 CKA_ATTR_TYPES
211 };
214 /*
215 * Validate the attribute by using binary search algorithm.
216 */
217 CK_RV
219 {
227 /* Always starts from middle. */
231 /* Adjust the lower bound to upper half. */
234 }
237 /* Found it. */
239 }
242 /* Adjust the upper bound to lower half. */
245 }
246 }
248 /* Failed to find the matching attribute from the attribute table. */
250 }
253 /*
254 * Validate the attribute by using the following search algorithm:
255 *
256 * 1) Search for the most frequently used attributes first.
257 * 2) If not found, search for the usage-purpose attributes - these
258 * attributes have dense set of values, therefore compiler will
259 * optimize it with a branch table and branch to the appropriate
260 * case.
261 * 3) If still not found, use binary search for the rest of the
262 * attributes in the attr_map[] table.
263 */
264 CK_RV
267 {
269 CK_ULONG i;
273 /* First tier search */
289 /* Second tier search */
310 /* Third tier search */
315 }
317 }
318 }
320 }
322 static void
324 {
329 }
332 }
333 }
335 static CK_RV
337 {
346 /* free memory if its already allocated */
354 }
364 }
369 }
372 }
374 void
376 {
388 }
393 }
400 }
405 }
407 }
408 }
410 /*
411 * Clean up and release all the storage in the extra attribute list
412 * of an object.
413 */
414 void
416 {
418 CK_ATTRIBUTE_INFO_PTR extra_attr;
419 CK_ATTRIBUTE_INFO_PTR tmp;
426 /* Free the storage for the attribute_info struct. */
429 }
432 }
435 /*
436 * Create the attribute_info struct to hold the object's attribute,
437 * and add it to the extra attribute list of an object.
438 */
439 CK_RV
441 {
443 CK_ATTRIBUTE_INFO_PTR attrp;
445 /* Allocate the storage for the attribute_info struct. */
449 }
451 /* Set up attribute_info struct. */
457 /* Allocate storage for the value of the attribute. */
462 }
468 }
470 /* Insert the new attribute in front of extra attribute list. */
477 }
480 }
482 CK_RV
484 CK_CERTIFICATE_TYPE type)
485 {
488 x509_cert_t x509;
489 x509_attr_cert_t x509_attr;
494 }
517 /* wrong certificate type */
519 }
523 }
525 /*
526 * Copy the attribute_info struct from the old object to a new attribute_info
527 * struct, and add that new struct to the extra attribute list of the new
528 * object.
529 */
530 CK_RV
532 {
533 CK_ATTRIBUTE_INFO_PTR attrp;
535 /* Allocate attribute_info struct. */
539 }
550 }
556 }
558 /* Insert the new attribute in front of extra attribute list */
565 }
568 }
571 /*
572 * Get the attribute triple from the extra attribute list in the object
573 * (if the specified attribute type is found), and copy it to a template.
574 * Note the type of the attribute to be copied is specified by the template,
575 * and the storage is pre-allocated for the atrribute value in the template
576 * for doing the copy.
577 */
578 CK_RV
580 {
582 CK_ATTRIBUTE_INFO_PTR extra_attr;
589 /* Found it. */
592 /* Does not match, try next one. */
594 }
595 }
598 /* A valid but un-initialized attribute. */
601 }
603 /*
604 * We found the attribute in the extra attribute list.
605 */
609 }
612 /*
613 * The buffer provided by the application is large
614 * enough to hold the value of the attribute.
615 */
621 /*
622 * The buffer provided by the application does
623 * not have enough space to hold the value.
624 */
627 }
628 }
631 /*
632 * Modify the attribute triple in the extra attribute list of the object
633 * if the specified attribute type is found. Otherwise, just add it to
634 * list.
635 */
636 CK_RV
639 {
641 CK_ATTRIBUTE_INFO_PTR extra_attr;
647 /* Found it. */
650 /* Does not match, try next one. */
652 }
653 }
656 /*
657 * This attribute is a new one, go ahead adding it to
658 * the extra attribute list.
659 */
661 }
663 /* We found the attribute in the extra attribute list. */
667 /* The old buffer is too small to hold the new value. */
670 /* Allocate storage for the new attribute value. */
674 }
675 }
677 /* Replace the attribute with new value. */
683 }
686 }
689 /*
690 * Copy the big integer attribute value from template to a biginteger_t struct.
691 */
692 CK_RV
694 {
698 /* Allocate storage for the value of the attribute. */
702 }
710 }
713 }
716 /*
717 * Copy the big integer attribute value from a biginteger_t struct in the
718 * object to a template.
719 */
720 CK_RV
722 {
727 }
732 }
735 /*
736 * The buffer provided by the application is large
737 * enough to hold the value of the attribute.
738 */
744 /*
745 * The buffer provided by the application does
746 * not have enough space to hold the value.
747 */
750 }
751 }
754 /*
755 * Copy the boolean data type attribute value from an object for the
756 * specified attribute to the template.
757 */
758 CK_RV
761 {
766 }
769 /*
770 * The buffer provided by the application is large
771 * enough to hold the value of the attribute.
772 */
777 }
782 /*
783 * The buffer provided by the application does
784 * not have enough space to hold the value.
785 */
788 }
789 }
791 /*
792 * Set the boolean data type attribute value in the object.
793 */
794 CK_RV
797 {
801 else
805 }
808 /*
809 * Copy the CK_ULONG data type attribute value from an object to the
810 * template.
811 */
812 CK_RV
814 {
819 }
822 /*
823 * The buffer provided by the application is large
824 * enough to hold the value of the attribute.
825 * It is also assumed to be correctly aligned.
826 */
831 /*
832 * The buffer provided by the application does
833 * not have enough space to hold the value.
834 */
837 }
838 }
841 /*
842 * Copy the CK_ULONG data type attribute value from a template to the
843 * object.
844 */
845 static CK_RV
847 {
856 }
859 }
861 /*
862 * Copy the big integer attribute value from source's biginteger_t to
863 * destination's biginteger_t.
864 */
865 void
867 {
871 /*
872 * To do the copy, just have dst's big_value points
873 * to src's.
874 */
878 /*
879 * After the copy, nullify the src's big_value pointer.
880 * It prevents any double freeing the value.
881 */
887 }
888 }
890 CK_RV
892 {
895 /* Allocate storage for the value of the attribute. */
899 }
909 }
913 }
915 CK_RV
917 {
919 /*
920 * If the attribute was already set, clear out the
921 * existing value and release the memory.
922 */
928 }
933 }
935 }
941 }
944 }
947 }
949 /*
950 * Copy the certificate attribute information to the template.
951 * If the template attribute is not big enough, set the ulValueLen=-1
952 * and return CKR_BUFFER_TOO_SMALL.
953 */
954 static CK_RV
956 {
961 /*
962 * The buffer provided by the application is large
963 * enough to hold the value of the attribute.
964 */
969 /*
970 * The buffer provided by the application does
971 * not have enough space to hold the value.
972 */
975 }
976 }
978 void
980 {
986 }
987 }
989 /*
990 * Release the storage allocated for object attribute with big integer
991 * value.
992 */
993 void
995 {
1005 }
1006 }
1009 /*
1010 * Clean up and release all the storage allocated to hold the big integer
1011 * attributes associated with the type (i.e. class) of the object. Also,
1012 * release the storage allocated to the type of the object.
1013 */
1014 void
1016 {
1028 object_p));
1030 object_p));
1035 object_p));
1037 object_p));
1039 object_p));
1041 object_p));
1046 object_p));
1048 object_p));
1050 object_p));
1055 object_p));
1057 object_p));
1059 object_p));
1061 object_p));
1065 object_p));
1067 }
1069 /* Release Public Key Object struct */
1072 }
1080 object_p));
1082 object_p));
1084 object_p));
1086 object_p));
1088 object_p));
1090 object_p));
1092 object_p));
1094 object_p));
1099 object_p));
1101 object_p));
1103 object_p));
1105 object_p));
1110 object_p));
1112 object_p));
1114 object_p));
1119 object_p));
1121 object_p));
1123 object_p));
1125 object_p));
1130 object_p));
1132 }
1134 /* Release Private Key Object struct. */
1137 }
1142 /* cleanup key data area */
1148 }
1149 /* cleanup key schedule data area */
1155 }
1157 /* Release Secret Key Object struct. */
1160 }
1168 object_p));
1170 object_p));
1172 object_p));
1177 object_p));
1179 object_p));
1184 object_p));
1186 object_p));
1188 object_p));
1190 }
1192 /* Release Domain Parameters Object struct. */
1195 }
1197 }
1198 }
1201 /*
1202 * Parse the common attributes. Return to caller with appropriate return
1203 * value to indicate if the supplied template specifies a valid attribute
1204 * with a valid value.
1205 */
1206 CK_RV
1208 {
1216 /* default boolean attributes */
1222 }
1229 /*
1230 * Check if this is the special case when
1231 * the PIN is never initialized in the keystore.
1232 * If true, we will let it pass here and let
1233 * it fail with CKR_PIN_EXPIRED later on.
1234 */
1239 }
1240 }
1243 }
1251 }
1254 }
1257 /*
1258 * Build a Public Key Object.
1259 *
1260 * - Parse the object's template, and when an error is detected such as
1261 * invalid attribute type, invalid attribute value, etc., return
1262 * with appropriate return value.
1263 * - Set up attribute mask field in the object for the supplied common
1264 * attributes that have boolean type.
1265 * - Build the attribute_info struct to hold the value of each supplied
1266 * attribute that has byte array type. Link attribute_info structs
1267 * together to form the extra attribute list of the object.
1268 * - Allocate storage for the Public Key object.
1269 * - Build the Public Key object according to the key type. Allocate
1270 * storage to hold the big integer value for the supplied attributes
1271 * that are required for a certain key type.
1272 *
1273 */
1274 CK_RV
1277 {
1279 ulong_t i;
1284 /* Must set flags */
1293 /* Must not set flags */
1297 biginteger_t modulus;
1298 biginteger_t pubexpo;
1299 biginteger_t prime;
1300 biginteger_t subprime;
1301 biginteger_t base;
1302 biginteger_t value;
1303 biginteger_t point;
1304 CK_ATTRIBUTE string_tmp;
1305 CK_ATTRIBUTE param_tmp;
1313 BIGNUM n;
1315 /* prevent bigint_attr_cleanup from freeing invalid attr value */
1328 /* Public Key Object Attributes */
1331 /* common key attributes */
1340 /* common public key attribute */
1342 /*
1343 * Allocate storage to hold the attribute
1344 * value with byte array type, and add it to
1345 * the extra attribute list of the object.
1346 */
1348 new_object);
1351 }
1354 /*
1355 * The following key related attribute types must
1356 * not be specified by C_CreateObject, C_GenerateKey(Pair).
1357 */
1363 /* Key related boolean attributes */
1372 else
1379 else
1386 else
1393 else
1407 /*
1408 * The following key related attribute types must
1409 * be specified according to the key type by
1410 * C_CreateObject.
1411 */
1415 /*
1416 * Copyin big integer attribute from template
1417 * to a local variable.
1418 */
1424 /*
1425 * Modulus length needs to be between min key length and
1426 * max key length.
1427 */
1429 MIN_RSA_KEYLENGTH_IN_BYTES) ||
1431 MAX_RSA_KEYLENGTH_IN_BYTES)) {
1434 }
1476 }
1477 }
1522 }
1525 /* Allocate storage for Public Key Object. */
1530 }
1538 }
1542 }
1545 /*
1546 * The key type specified in the template does not
1547 * match the implied key type based on the mechanism.
1548 */
1551 }
1555 /* Supported key types of the Public Key Object */
1564 }
1567 /*
1568 * Derive modulus_bits attribute from modulus.
1569 * Save modulus_bits integer value to the
1570 * designated place in the public key object.
1571 */
1578 }
1586 /*
1587 * After modulus_bits has been computed,
1588 * it is safe to move modulus and pubexpo
1589 * big integer attribute value to the
1590 * designated place in the public key object.
1591 */
1600 }
1602 /* mode is SOFT_GEN_KEY */
1608 }
1612 /*
1613 * Copy big integer attribute value to the
1614 * designated place in the public key object.
1615 */
1620 }
1622 /*
1623 * Use PKCS#11 default 0x010001 for public exponent
1624 * if not not specified in attribute template.
1625 */
1632 }
1633 /*
1634 * Copy big integer attribute value to the
1635 * designated place in the public key object.
1636 */
1638 }
1647 }
1655 }
1658 isValue) {
1661 }
1666 }
1667 }
1680 isSubprime) {
1683 }
1691 }
1697 }
1702 }
1703 }
1716 }
1724 }
1727 isValue) {
1730 }
1735 }
1736 }
1756 }
1766 }
1767 }
1771 }
1781 }
1783 /* Set up object. */
1791 }
1795 fail_cleanup:
1796 /*
1797 * cleanup the storage allocated to the local variables.
1798 */
1809 /*
1810 * cleanup the storage allocated inside the object itself.
1811 */
1815 }
1818 /*
1819 * Build a Private Key Object.
1820 *
1821 * - Parse the object's template, and when an error is detected such as
1822 * invalid attribute type, invalid attribute value, etc., return
1823 * with appropriate return value.
1824 * - Set up attribute mask field in the object for the supplied common
1825 * attributes that have boolean type.
1826 * - Build the attribute_info struct to hold the value of each supplied
1827 * attribute that has byte array type. Link attribute_info structs
1828 * together to form the extra attribute list of the object.
1829 * - Allocate storage for the Private Key object.
1830 * - Build the Private Key object according to the key type. Allocate
1831 * storage to hold the big integer value for the supplied attributes
1832 * that are required for a certain key type.
1833 *
1834 */
1835 CK_RV
1838 {
1839 ulong_t i;
1845 /* Must set flags unless mode == SOFT_UNWRAP_KEY */
1851 /* Must set flags if mode == SOFT_GEN_KEY */
1853 /* Must not set flags */
1857 /* Private Key RSA optional */
1865 biginteger_t modulus;
1866 biginteger_t priexpo;
1867 biginteger_t prime;
1868 biginteger_t subprime;
1869 biginteger_t base;
1870 biginteger_t value;
1872 biginteger_t pubexpo;
1873 biginteger_t prime1;
1874 biginteger_t prime2;
1875 biginteger_t expo1;
1876 biginteger_t expo2;
1877 biginteger_t coef;
1878 CK_ATTRIBUTE string_tmp;
1879 CK_ATTRIBUTE param_tmp;
1885 /* prevent bigint_attr_cleanup from freeing invalid attr value */
1905 /* Private Key Object Attributes */
1907 /* common key attributes */
1916 /* common private key attribute */
1918 /*
1919 * Allocate storage to hold the attribute
1920 * value with byte array type, and add it to
1921 * the extra attribute list of the object.
1922 */
1924 new_object);
1927 }
1930 /*
1931 * The following key related attribute types must
1932 * not be specified by C_CreateObject or C_GenerateKey(Pair).
1933 */
1942 /* Key related boolean attributes */
1957 }
1963 else
1970 else
1977 else
1984 else
1991 else
2000 /*
2001 * The following key related attribute types must
2002 * be specified according to the key type by
2003 * C_CreateObject.
2004 */
2008 /*
2009 * Copyin big integer attribute from template
2010 * to a local variable.
2011 */
2017 /*
2018 * Modulus length needs to be between min key length and
2019 * max key length.
2020 */
2022 MIN_RSA_KEYLENGTH_IN_BYTES) ||
2024 MAX_RSA_KEYLENGTH_IN_BYTES)) {
2027 }
2119 }
2120 }
2159 }
2162 /* Allocate storage for Private Key Object. */
2167 }
2175 }
2178 /*
2179 * The key type is not specified in the application's
2180 * template, so we use the implied key type based on
2181 * the mechanism.
2182 */
2185 }
2187 /* If still unspecified, template is incomplete */
2191 }
2193 /*
2194 * The key type specified in the template does not
2195 * match the implied key type based on the mechanism.
2196 */
2200 }
2201 }
2204 /*
2205 * Note that, for mode SOFT_UNWRAP_KEY, key type is not
2206 * implied by the mechanism (key_type), so if it is not
2207 * specified from the attribute template (keytype), it is
2208 * incomplete.
2209 */
2213 }
2214 }
2218 /* Supported key types of the Private Key Object */
2222 isValueBits) {
2225 }
2234 }
2237 /*
2238 * Copy big integer attribute value to the
2239 * designated place in the Private Key object.
2240 */
2247 }
2249 /* The following attributes are optional. */
2252 }
2256 }
2260 }
2264 }
2268 }
2272 }
2278 isValueBits) {
2281 }
2289 }
2292 /*
2293 * The private value x must be less than subprime q.
2294 * Size for big_init is in BIG_CHUNK_TYPE words.
2295 */
2301 }
2307 }
2316 }
2328 }
2334 isSubprime) {
2337 }
2339 /* CKA_VALUE_BITS is for key gen but not unwrap */
2347 }
2348 }
2356 }
2361 }
2372 }
2378 isValueBits) {
2381 }
2389 }
2403 }
2418 }
2421 }
2427 }
2429 /* Set up object. */
2437 }
2443 fail_cleanup:
2444 /*
2445 * cleanup the storage allocated to the local variables.
2446 */
2464 /*
2465 * cleanup the storage allocated inside the object itself.
2466 */
2470 }
2473 /*
2474 * Build a Secret Key Object.
2475 *
2476 * - Parse the object's template, and when an error is detected such as
2477 * invalid attribute type, invalid attribute value, etc., return
2478 * with appropriate return value.
2479 * - Set up attribute mask field in the object for the supplied common
2480 * attributes that have boolean type.
2481 * - Build the attribute_info struct to hold the value of each supplied
2482 * attribute that has byte array type. Link attribute_info structs
2483 * together to form the extra attribute list of the object.
2484 * - Allocate storage for the Secret Key object.
2485 * - Build the Secret Key object. Allocate storage to hold the big integer
2486 * value for the attribute CKA_VALUE that is required for all the key
2487 * types supported by secret key object.
2488 * This function is called internally with mode = SOFT_CREATE_OBJ_INT.
2489 *
2490 */
2491 CK_RV
2494 CK_KEY_TYPE key_type)
2495 {
2497 ulong_t i;
2502 /* Must set flags if mode != SOFT_UNWRAP_KEY, else must not set */
2504 /* Must not set flags if mode != SOFT_UNWRAP_KEY, else optional */
2507 CK_ATTRIBUTE string_tmp;
2514 /* Allocate storage for Secret Key Object. */
2519 }
2526 /* Secret Key Object Attributes */
2529 /* common key attributes */
2537 /*
2538 * Allocate storage to hold the attribute
2539 * value with byte array type, and add it to
2540 * the extra attribute list of the object.
2541 */
2543 new_object);
2546 }
2549 /*
2550 * The following key related attribute types must
2551 * not be specified by C_CreateObject and C_GenerateKey.
2552 */
2560 /* Key related boolean attributes */
2574 else
2581 else
2588 else
2595 else
2602 else
2609 else
2616 else
2632 }
2633 }
2635 /*
2636 * Copyin attribute from template
2637 * to a local variable.
2638 */
2668 }
2675 /*
2676 * The key type must be specified in the application's
2677 * template. Otherwise, returns error.
2678 */
2682 }
2687 /*
2688 * The key type is not specified in the application's
2689 * template, so we use the implied key type based on
2690 * the mechanism.
2691 */
2695 /*
2696 * The key type specified in the template
2697 * does not match the implied key type based
2698 * on the mechanism.
2699 */
2702 }
2703 }
2705 /*
2706 * If a key_len is passed as a parameter, it has to
2707 * match the one found in the template.
2708 */
2713 }
2716 }
2720 /*
2721 * Note that, for mode SOFT_UNWRAP_KEY, key type is not
2722 * implied by the mechanism (key_type), so if it is not
2723 * specified from the attribute template (keytype), it is
2724 * incomplete.
2725 */
2729 }
2733 /*
2734 * For CKM_MD5_KEY_DERIVATION & CKM_SHA1_KEY_DERIVATION, the
2735 * key type is optional.
2736 */
2739 }
2741 }
2751 }
2756 }
2763 }
2770 }
2776 }
2783 }
2788 }
2796 }
2800 }
2807 }
2811 }
2818 }
2822 }
2828 }
2831 /*
2832 * Templates for internal object creation come from
2833 * applications calls to C_DeriveKey(), for which it
2834 * is OKey to pass a CKA_VALUE_LEN attribute, as
2835 * long as it does not conflict with the length of the
2836 * CKA_VALUE attribute.
2837 */
2842 }
2843 }
2847 /* CKA_VALUE must not be specified */
2851 }
2854 /*
2855 * CKA_VALUE_LEN must be specified by C_GenerateKey
2856 * if mech is CKK_RC4, CKK_AES, CKK_GENERIC_SECRET.
2857 */
2862 }
2863 ;
2868 }
2872 /* arbitrary key length - no length checking */
2876 }
2883 }
2890 }
2898 }
2903 }
2910 /* CKA_VALUE_LEN attribute does not apply to DES<n> */
2914 }
2920 }
2924 /*
2925 * According to v2.11 of PKCS#11 spec, neither CKA_VALUE nor
2926 * CKA_VALUE_LEN can be be specified; however v2.20 has this
2927 * restriction removed, perhaps because it makes it hard to
2928 * determine variable-length key sizes. This case statement
2929 * complied with v2.20.
2930 */
2934 }
2937 /*
2938 * CKA_VALUE_LEN is optional
2939 * if key is CKK_RC4, CKK_AES, CKK_GENERIC_SECRET
2940 * and the unwrapping mech is *_CBC_PAD.
2941 *
2942 * CKA_VALUE_LEN is required
2943 * if key is CKK_RC4, CKK_AES, CKK_GENERIC_SECRET
2944 * and the unwrapping mech is *_ECB or *_CBC.
2945 *
2946 * since mech is not known at this point, CKA_VALUE_LEN is
2947 * treated as optional and the caller needs to enforce it.
2948 */
2952 ARCFOUR_MIN_KEY_BYTES) ||
2954 ARCFOUR_MAX_KEY_BYTES)) {
2957 }
2958 }
2962 /* arbitrary key length - no length checking */
2972 }
2973 }
2982 }
2988 /* CKA_VALUE_LEN attribute does not apply to DES<n> */
2992 }
2998 }
3002 /* CKA_VALUE must not be specified */
3006 }
3009 /*
3010 * CKA_VALUE_LEN is optional
3011 * if mech is CKK_RC4, CKK_AES, CKK_GENERIC_SECRET.
3012 */
3016 ARCFOUR_MIN_KEY_BYTES) ||
3018 ARCFOUR_MAX_KEY_BYTES)) {
3021 }
3022 }
3026 /* arbitrary key length - no length checking */
3036 }
3037 }
3047 }
3053 /* CKA_VALUE_LEN attribute does not apply to DES<n> */
3057 }
3063 }
3067 /* CKA_VALUE must not be specified */
3071 }
3074 /*
3075 * CKA_VALUE_LEN is an optional attribute for
3076 * CKM_SHA1_KEY_DERIVATION and CKM_MD5_KEY_DERIVATION
3077 * if mech is CKK_RC4, CKK_AES, CKK_GENERIC_SECRET.
3078 */
3083 /*
3084 * No need to check key length value here, it will be
3085 * validated later in soft_key_derive_check_length().
3086 */
3092 /* CKA_VALUE_LEN attribute does not apply to DES<n> */
3096 }
3102 }
3104 }
3106 /* Set up object. */
3115 }
3118 fail_cleanup:
3119 /*
3120 * cleanup the storage allocated to the local variables.
3121 */
3125 /*
3126 * cleanup the storage allocated inside the object itself.
3127 */
3131 }
3134 /*
3135 * Build a Domain Parameter Object.
3136 *
3137 * - Parse the object's template, and when an error is detected such as
3138 * invalid attribute type, invalid attribute value, etc., return
3139 * with appropriate return value.
3140 * - Allocate storage for the Domain Parameter object.
3141 * - Build the Domain Parameter object according to the key type. Allocate
3142 * storage to hold the big integer value for the supplied attributes
3143 * that are required for a certain key type.
3144 *
3145 */
3146 CK_RV
3149 {
3151 ulong_t i;
3155 /* Must set flags */
3159 /* Must not set flags */
3163 biginteger_t prime;
3164 biginteger_t subprime;
3165 biginteger_t base;
3166 CK_ATTRIBUTE string_tmp;
3171 /* prevent bigint_attr_cleanup from freeing invalid attr value */
3179 /* Domain Parameters Object Attributes */
3182 /* common domain parameter attribute */
3187 /*
3188 * The following common domain parameter attribute
3189 * must not be specified by C_CreateObject.
3190 */
3195 /*
3196 * The following domain parameter attributes must be
3197 * specified according to the key type by
3198 * C_CreateObject.
3199 */
3202 /*
3203 * Copyin big integer attribute from template
3204 * to a local variable.
3205 */
3251 }
3254 /* Allocate storage for Domain Parameters Object. */
3259 }
3267 }
3271 /* Supported key types of the Domain Parameters Object */
3277 }
3280 /*
3281 * Copy big integer attribute value to the
3282 * designated place in the domain parameter
3283 * object.
3284 */
3293 }
3300 }
3309 }
3316 }
3328 }
3334 }
3343 }
3347 fail_cleanup:
3348 /*
3349 * cleanup the storage allocated to the local variables.
3350 */
3356 /*
3357 * cleanup the storage allocated inside the object itself.
3358 */
3362 }
3364 /*
3365 * Build a Certificate Object
3366 *
3367 * - Parse the object's template, and when an error is detected such as
3368 * invalid attribute type, invalid attribute value, etc., return
3369 * with appropriate return value.
3370 * - Allocate storage for the Certificate object
3371 */
3372 static CK_RV
3375 CK_CERTIFICATE_TYPE cert_type)
3376 {
3379 CK_ULONG i;
3384 /* certificate type defaults to the value given as a parameter */
3386 CK_ATTRIBUTE string_tmp;
3390 /*
3391 * Look for the certificate type attribute and do some
3392 * sanity checking before creating the structures.
3393 */
3395 /* Certificate Object Attributes */
3398 certtype =
3410 }
3411 }
3413 /* The certificate type MUST be specified */
3417 /*
3418 * For X.509 certs, the CKA_SUBJECT and CKA_VALUE
3419 * must be present at creation time.
3420 */
3425 /*
3426 * For X.509 Attribute certs, the CKA_OWNER and CKA_VALUE
3427 * must be present at creation time.
3428 */
3437 }
3441 /* Certificate Object Attributes */
3467 new_object);
3471 B_FALSE)
3472 attr_mask |=
3473 NOT_MODIFIABLE_BOOL_ON;
3482 }
3507 new_object);
3512 B_FALSE)
3513 attr_mask |=
3514 NOT_MODIFIABLE_BOOL_ON;
3524 }
3529 }
3530 }
3543 }
3544 }
3546 fail_cleanup:
3549 }
3551 }
3554 /*
3555 * Validate the attribute types in the object's template. Then,
3556 * call the appropriate build function according to the class of
3557 * the object specified in the template.
3558 *
3559 * Note: The following classes of objects are supported:
3560 * - CKO_PUBLIC_KEY
3561 * - CKO_PRIVATE_KEY
3562 * - CKO_SECRET_KEY
3563 * - CKO_DOMAIN_PARAMETERS
3564 * - CKO_CERTIFICATE
3565 *
3566 */
3567 CK_RV
3570 {
3577 }
3579 /* Validate the attribute type in the template. */
3583 /*
3584 * CKA_CLASS is a mandatory attribute for C_CreateObject
3585 */
3589 /*
3590 * Call the appropriate function based on the supported class
3591 * of the object.
3592 */
3611 new_object);
3624 }
3627 }
3629 /*
3630 * Validate the attribute types in the object's template. Then,
3631 * call the appropriate build function according to the class of
3632 * the object specified in the template.
3633 *
3634 */
3635 CK_RV
3639 {
3644 /* Validate the attribute type in the template. */
3649 }
3651 /*
3652 * If either the class from the parameter list ("class") or
3653 * the class from the template ("temp_class") is not specified,
3654 * try to use the other one.
3655 */
3660 }
3662 /* If object class is still not specified, template is incomplete. */
3666 /* Class should match if specified in both parameters and template. */
3670 /*
3671 * Call the appropriate function based on the supported class
3672 * of the object.
3673 */
3677 /* Unwrapping public keys is not supported. */
3681 }
3701 /* Unwrapping domain parameters is not supported. */
3705 }
3708 new_object);
3717 }
3720 }
3723 /*
3724 * Get the value of a requested attribute that is common to all supported
3725 * classes (i.e. public key, private key, secret key, domain parameters,
3726 * and certificate classes).
3727 */
3728 CK_RV
3730 uchar_t object_type)
3731 {
3741 /* default boolean attributes */
3746 }
3749 else
3758 }
3761 else
3769 }
3772 else
3781 /*
3782 * The specified attribute for the object is invalid.
3783 * (the object does not possess such an attribute.)
3784 */
3787 }
3790 }
3792 /*
3793 * Get the value of a requested attribute that is common to all key objects
3794 * (i.e. public key, private key and secret key).
3795 */
3796 CK_RV
3798 {
3809 /*
3810 * The above extra attributes have byte array type.
3811 */
3815 /* Key related boolean attributes */
3830 }
3831 }
3833 /*
3834 * Get the value of a requested attribute of a Public Key Object.
3835 *
3836 * Rule: All the attributes in the public key object can be revealed.
3837 */
3838 CK_RV
3841 {
3850 /*
3851 * The above extra attributes have byte array type.
3852 */
3856 /* Key related boolean attributes */
3878 /*
3879 * This attribute is valid only for RSA public key
3880 * object.
3881 */
3888 }
3897 }
3906 }
3925 }
3940 }
3959 }
3982 }
3985 /*
3986 * First, get the value of the request attribute defined
3987 * in the list of common key attributes. If the request
3988 * attribute is not found in that list, then get the
3989 * attribute from the list of common attributes.
3990 */
3995 }
3997 }
4000 }
4003 /*
4004 * Get the value of a requested attribute of a Private Key Object.
4005 *
4006 * Rule: All the attributes in the private key object can be revealed
4007 * except those marked with footnote number "7" when the object
4008 * has its CKA_SENSITIVE attribute set to TRUE or its
4009 * CKA_EXTRACTABLE attribute set to FALSE (p.88 in PKCS11 spec.).
4010 */
4011 CK_RV
4014 {
4020 /*
4021 * If the following specified attributes for the private key
4022 * object cannot be revealed because the object is sensitive
4023 * or unextractable, then the ulValueLen is set to -1.
4024 */
4038 }
4039 }
4045 /*
4046 * The above extra attributes have byte array type.
4047 */
4051 /* Key related boolean attributes */
4096 }
4106 }
4116 }
4126 }
4136 }
4146 }
4156 }
4166 }
4176 }
4195 }
4210 }
4229 }
4252 }
4255 /*
4256 * First, get the value of the request attribute defined
4257 * in the list of common key attributes. If the request
4258 * attribute is not found in that list, then get the
4259 * attribute from the list of common attributes.
4260 */
4265 }
4267 }
4270 }
4273 /*
4274 * Get the value of a requested attribute of a Secret Key Object.
4275 *
4276 * Rule: All the attributes in the secret key object can be revealed
4277 * except those marked with footnote number "7" when the object
4278 * has its CKA_SENSITIVE attribute set to TRUE or its
4279 * CKA_EXTRACTABLE attribute set to FALSE (p.88 in PKCS11 spec.).
4280 */
4281 CK_RV
4284 {
4291 /* Key related boolean attributes */
4334 /*
4335 * If the specified attribute for the secret key object
4336 * cannot be revealed because the object is sensitive
4337 * or unextractable, then the ulValueLen is set to -1.
4338 */
4343 }
4363 }
4368 }
4372 /*
4373 * First, get the value of the request attribute defined
4374 * in the list of common key attributes. If the request
4375 * attribute is not found in that list, then get the
4376 * attribute from the list of common attributes.
4377 */
4382 }
4384 }
4387 }
4390 /*
4391 * Get the value of a requested attribute of a Domain Parameters Object.
4392 *
4393 * Rule: All the attributes in the domain parameters object can be revealed.
4394 */
4395 CK_RV
4398 {
4430 }
4445 }
4464 }
4483 }
4494 }
4497 /*
4498 * Get the value of a common attribute.
4499 */
4503 }
4506 }
4508 /*
4509 * Get certificate attributes from an object.
4510 * return CKR_ATTRIBUTE_TYPE_INVALID if the requested type
4511 * does not exist in the certificate.
4512 */
4513 CK_RV
4516 {
4518 cert_attr_t src;
4525 }
4534 }
4540 }
4559 }
4561 /*
4562 * If we got this far, then the combination of certificate type
4563 * and requested attribute is invalid.
4564 */
4566 }
4568 CK_RV
4571 {
4577 /* SUBJECT attr cannot be modified. */
4579 }
4583 /* OWNER attr cannot be modified. */
4585 }
4588 /* VALUE attr cannot be modified. */
4595 }
4602 }
4611 }
4613 /*
4614 * If we got this far, then the combination of certificate type
4615 * and requested attribute is invalid.
4616 */
4618 }
4620 /*
4621 * Call the appropriate get attribute function according to the class
4622 * of object.
4623 *
4624 * The caller of this function holds the lock on the object.
4625 */
4626 CK_RV
4628 {
4655 /*
4656 * If the specified attribute for the object is invalid
4657 * (the object does not possess such as attribute), then
4658 * the ulValueLen is modified to hold the value -1.
4659 */
4662 }
4666 }
4668 CK_RV
4671 {
4683 }
4686 }
4695 /*
4696 * Check if this is the special case
4697 * when the PIN is never initialized
4698 * in the keystore. If true, we will
4699 * let it pass here and let it fail
4700 * with CKR_PIN_EXPIRED later on.
4701 */
4706 }
4707 }
4710 }
4713 }
4721 else
4723 NOT_MODIFIABLE_BOOL_ON;
4726 }
4735 }
4738 }
4740 /*
4741 * Set the value of an attribute that is common to all key objects
4742 * (i.e. public key, private key and secret key).
4743 */
4744 CK_RV
4747 {
4752 /*
4753 * Only the LABEL can be modified in the common storage
4754 * object attributes after the object is created.
4755 */
4784 }
4786 }
4789 /*
4790 * Set the value of an attribute of a Public Key Object.
4791 *
4792 * Rule: The attributes marked with footnote number "8" in the PKCS11
4793 * spec may be modified (p.88 in PKCS11 spec.).
4794 */
4795 CK_RV
4798 {
4846 /*
4847 * Set the value of a common key attribute.
4848 */
4852 }
4853 /*
4854 * If we got this far, then the combination of key type
4855 * and requested attribute is invalid.
4856 */
4858 }
4861 /*
4862 * Set the value of an attribute of a Private Key Object.
4863 *
4864 * Rule: The attributes marked with footnote number "8" in the PKCS11
4865 * spec may be modified (p.88 in PKCS11 spec.).
4866 */
4867 CK_RV
4870 {
4880 /*
4881 * Cannot set SENSITIVE to FALSE if it is already ON.
4882 */
4886 }
4909 /*
4910 * Cannot set EXTRACTABLE to TRUE if it is already OFF.
4911 */
4915 }
4931 }
4955 /*
4956 * Set the value of a common key attribute.
4957 */
4960 }
4962 /*
4963 * If we got this far, then the combination of key type
4964 * and requested attribute is invalid.
4965 */
4967 }
4969 /*
4970 * Set the value of an attribute of a Secret Key Object.
4971 *
4972 * Rule: The attributes marked with footnote number "8" in the PKCS11
4973 * spec may be modified (p.88 in PKCS11 spec.).
4974 */
4975 CK_RV
4978 {
4984 /*
4985 * Cannot set SENSITIVE to FALSE if it is already ON.
4986 */
4990 }
5021 /*
5022 * Cannot set EXTRACTABLE to TRUE if it is already OFF.
5023 */
5027 }
5045 /*
5046 * Set the value of a common key attribute.
5047 */
5051 }
5052 /*
5053 * If we got this far, then the combination of key type
5054 * and requested attribute is invalid.
5055 */
5057 }
5060 /*
5061 * Call the appropriate set attribute function according to the class
5062 * of object.
5063 *
5064 * The caller of this function does not hold the lock on the original
5065 * object, since this function is setting the attribute on the new object
5066 * that is being modified.
5067 *
5068 * Argument copy: TRUE when called by C_CopyObject,
5069 * FALSE when called by C_SetAttributeValue.
5070 */
5071 CK_RV
5073 boolean_t copy)
5074 {
5096 /*
5097 * Only the LABEL can be modified in the common
5098 * storage object attributes after the object is
5099 * created.
5100 */
5105 }
5111 /*
5112 * If the template specifies a value of an attribute
5113 * which is incompatible with other existing attributes
5114 * of the object, then fails with return code
5115 * CKR_TEMPLATE_INCONSISTENT.
5116 */
5119 }
5122 }
5124 CK_RV
5127 {
5131 /* The following attributes belong to RSA */
5133 len =
5136 /* This attribute MUST BE set */
5139 }
5149 len =
5152 /* This attribute MUST BE set */
5155 }
5164 /* The following attributes belong to DSA and DH */
5168 len =
5170 big_value_len;
5171 else
5172 len =
5174 big_value_len;
5176 /* This attribute MUST BE set */
5179 }
5186 else
5194 len =
5197 /* This attribute MUST BE set */
5200 }
5212 len =
5214 big_value_len;
5215 else
5216 len =
5218 big_value_len;
5220 /* This attribute MUST BE set */
5223 }
5230 else
5239 len =
5241 big_value_len;
5242 else
5243 len =
5245 big_value_len;
5247 /* This attribute MUST BE set */
5250 }
5257 else
5263 }
5266 }
5269 CK_RV
5272 {
5278 /* The following attributes belong to RSA */
5280 len =
5283 /* This attribute MUST BE set */
5286 }
5296 len =
5299 /* This attribute MUST BE set */
5302 }
5312 len =
5317 }
5322 }
5331 len =
5336 }
5341 }
5350 len =
5355 }
5360 }
5369 len =
5374 }
5379 }
5388 len =
5393 }
5398 }
5406 /* The following attributes belong to DSA and DH */
5410 len =
5412 big_value_len;
5413 else
5414 len =
5416 big_value_len;
5418 /* This attribute MUST BE set */
5421 }
5428 else
5436 len =
5439 /* This attribute MUST BE set */
5442 }
5454 len =
5456 big_value_len;
5457 else
5458 len =
5460 big_value_len;
5462 /* This attribute MUST BE set */
5465 }
5472 else
5481 len =
5483 big_value_len;
5485 len =
5487 big_value_len;
5489 len =
5491 big_value_len;
5492 }
5494 /* This attribute MUST BE set */
5497 }
5512 }
5515 }
5519 }
5521 static CK_RV
5523 {
5529 }
5535 }
5537 static void
5539 {
5542 }
5571 }
5573 }
5575 CK_RV
5578 {
5586 }
5593 /* copy modulus */
5599 }
5600 /* copy public exponent */
5606 }
5613 /* copy prime */
5619 }
5621 /* copy subprime */
5627 }
5629 /* copy base */
5635 }
5637 /* copy value */
5643 }
5650 /* copy prime */
5656 }
5658 /* copy base */
5664 }
5666 /* copy value */
5672 }
5679 /* copy point */
5685 }
5692 /* copy prime */
5698 }
5700 /* copy subprime */
5706 }
5708 /* copy base */
5714 }
5716 /* copy value */
5722 }
5726 }
5729 }
5731 static void
5733 {
5736 }
5771 }
5773 }
5775 CK_RV
5778 {
5785 }
5792 /* copy modulus */
5798 }
5799 /* copy public exponent */
5805 }
5806 /* copy private exponent */
5812 }
5813 /* copy prime_1 */
5819 }
5820 /* copy prime_2 */
5826 }
5827 /* copy exponent_1 */
5833 }
5834 /* copy exponent_2 */
5840 }
5841 /* copy coefficient */
5847 }
5854 /* copy prime */
5860 }
5862 /* copy subprime */
5868 }
5870 /* copy base */
5876 }
5878 /* copy value */
5884 }
5891 /* copy prime */
5897 }
5899 /* copy base */
5905 }
5907 /* copy value */
5913 }
5920 /* copy value */
5926 }
5933 /* copy prime */
5939 }
5941 /* copy subprime */
5947 }
5949 /* copy base */
5955 }
5957 /* copy value */
5963 }
5967 }
5970 }
5972 static void
5974 {
5977 }
5996 }
5998 }
6000 CK_RV
6003 {
6010 }
6018 /* copy prime */
6024 }
6026 /* copy subprime */
6032 }
6034 /* copy base */
6040 }
6048 /* copy prime */
6054 }
6056 /* copy base */
6062 }
6070 /* copy prime */
6076 }
6078 /* copy subprime */
6084 }
6086 /* copy base */
6092 }
6097 }
6100 }
6102 CK_RV
6105 {
6111 }
6114 /* copy the secret key value */
6119 }
6123 /*
6124 * Copy the pre-expanded key schedule.
6125 */
6132 }
6136 }
6141 }
6143 /*
6144 * If CKA_CLASS not given, guess CKA_CLASS using
6145 * attributes on template .
6146 *
6147 * Some attributes are specific to an object class. If one or more
6148 * of these attributes are in the template, make a list of classes
6149 * that can have these attributes. This would speed up the search later,
6150 * because we can immediately skip an object if the class of that
6151 * object can not possibly contain one of the attributes.
6152 *
6153 */
6154 void
6157 CK_ULONG ulCount)
6158 {
6159 ulong_t i;
6174 /*
6175 * don't need to guess the class, it is specified.
6176 * Just record the class, and return.
6177 */
6182 }
6183 }
6185 num_pub_key_attrs =
6187 num_priv_key_attrs =
6189 num_secret_key_attrs =
6191 num_domain_attrs =
6193 num_hardware_attrs =
6195 num_cert_attrs =
6198 /*
6199 * Get the list of objects class that might contain
6200 * some attributes.
6201 */
6203 /*
6204 * only check if this attribute can belong to public key object
6205 * class if public key object isn't already in the list
6206 */
6212 CKO_PUBLIC_KEY;
6214 }
6215 }
6216 }
6223 CKO_PRIVATE_KEY;
6225 }
6226 }
6227 }
6234 CKO_SECRET_KEY;
6236 }
6237 }
6238 }
6245 CKO_DOMAIN_PARAMETERS;
6247 }
6248 }
6249 }
6256 CKO_HW_FEATURE;
6258 }
6259 }
6260 }
6267 CKO_CERTIFICATE;
6269 }
6270 }
6271 }
6272 }
6274 }
6276 boolean_t
6279 {
6280 ulong_t i;
6288 /*
6289 * Check if the class of this object match with any
6290 * of object classes that can possibly contain the
6291 * requested attributes.
6292 */
6297 }
6298 }
6300 /*
6301 * this object can't possibly contain one or
6302 * more attributes, don't need to check this object
6303 */
6305 }
6306 }
6308 /* need to examine everything */
6317 /* First, check the most common attributes */
6322 }
6328 }
6352 SIGN_RECOVER_BOOL_ON;
6361 VERIFY_RECOVER_BOOL_ON;
6378 SECONDARY_AUTH_BOOL_ON;
6387 EXTRACTABLE_BOOL_ON;
6392 ALWAYS_SENSITIVE_BOOL_ON;
6397 NEVER_EXTRACTABLE_BOOL_ON;
6409 {
6410 CK_BBOOL bval;
6412 NOT_MODIFIABLE_BOOL_ON;
6418 }
6421 }
6423 }
6425 /*
6426 * For X.509 attribute certificate object, get its
6427 * CKA_OWNER attribute from the x509_attr_cert_t struct.
6428 */
6433 }
6436 /*
6437 * For X.509 certificate object, get its CKA_SUBJECT
6438 * attribute from the x509_cert_t struct (not from
6439 * the extra_attrlistp).
6440 */
6446 }
6447 /*FALLTHRU*/
6457 /* find these attributes from extra_attrlistp */
6465 /* only secret key has this attribute */
6470 }
6473 }
6478 /*
6479 * secret_key_obj_t is the same as
6480 * biginteger_t
6481 */
6494 }
6506 }
6513 CKC_X_509_ATTR_CERT) {
6515 }
6520 }
6523 /* only RSA public and private key have this attr */
6531 }
6535 }
6538 /* only RSA public key has this attribute */
6545 }
6548 }
6551 /* only RSA public and private key have this attr */
6559 }
6563 }
6566 /* only RSA private key has this attribute */
6573 }
6576 /* only RSA private key has this attribute */
6583 }
6586 /* only RSA private key has this attribute */
6593 }
6596 /* only RSA private key has this attribute */
6603 }
6606 /* only RSA private key has this attribute */
6613 }
6616 /* only RSA private key has this attribute */
6623 }
6626 /* only Diffie-Hellman private key has this attr */
6633 }
6636 }
6652 }
6666 }
6680 }
6683 }
6697 }
6708 }
6719 }
6722 }
6739 }
6753 }
6767 }
6770 }
6775 CK_ULONG prime_bits;
6777 prime_bits =
6780 prime_bits =
6783 prime_bits =
6787 }
6791 }
6794 }
6799 CK_ULONG subprime_bits =
6804 }
6807 }
6810 /*
6811 * any other attributes are currently not supported.
6812 * so, it's not possible for them to be in the
6813 * object
6814 */
6816 }
6818 CK_BBOOL bval;
6824 }
6827 }
6831 }
6834 }
6838 }
6841 /*
6842 * The attribute type is valid, and its value
6843 * has not been initialized in the object. In
6844 * this case, it only matches the template's
6845 * attribute if the template's value length
6846 * is 0.
6847 */
6854 }
6858 }
6859 }
6862 /* specific attribute not found */
6864 }
6867 }
6871 }
6876 }
6877 }
6878 }
6880 }
6882 CK_ATTRIBUTE_PTR
6884 {
6885 CK_ATTRIBUTE_INFO_PTR tmp;
6891 }
6893 }
6894 /* if get there, the specified attribute is not found */
6896 }