/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" #include #include #include #include #include #include #include #include "metaGlobal.h" /* Size of the template for creating key used for wrap/unwrap */ #define WRAP_KEY_TEMPLATE_SIZE 7 /* * Information necessary to create keys for C_WrapKey/C_UnwrapKey */ typedef struct _wrap_info { CK_OBJECT_CLASS class; /* class of the key for wrap/unwrap */ CK_KEY_TYPE key_type; /* key type of key for wrap/unwrap */ CK_ULONG key_length; /* length of key */ CK_MECHANISM_TYPE mech_type; /* mech used for wrap/unwrap */ CK_ULONG iv_length; /* length of iv for mech */ boolean_t src_supports; boolean_t dst_supports; } wrap_info_t; extern pthread_rwlock_t meta_sessionlist_lock; extern meta_session_t *meta_sessionlist_head; static wrap_info_t common_wrap_info[] = { {CKO_SECRET_KEY, CKK_AES, 16, CKM_AES_CBC_PAD, 16, B_FALSE, B_FALSE}, {CKO_SECRET_KEY, CKK_DES3, 24, CKM_DES3_CBC_PAD, 8, B_FALSE, B_FALSE}, {CKO_SECRET_KEY, CKK_DES, 8, CKM_DES_CBC_PAD, 8, B_FALSE, B_FALSE}, }; static unsigned int num_common_wrap_info = sizeof (common_wrap_info) / sizeof (wrap_info_t); static wrap_info_t special_wrap_info[] = { {CKO_SECRET_KEY, CKK_SKIPJACK, 12, CKM_SKIPJACK_WRAP, 0, B_FALSE, B_FALSE}, {CKO_SECRET_KEY, CKK_BATON, 40, CKM_BATON_WRAP, 0, B_FALSE, B_FALSE}, {CKO_SECRET_KEY, CKK_JUNIPER, 40, CKM_JUNIPER_WRAP, 0, B_FALSE, B_FALSE}, }; static unsigned int num_special_wrap_info = sizeof (special_wrap_info) / sizeof (wrap_info_t); static wrap_info_t rsa_wrap_info[] = { {CKO_PUBLIC_KEY, CKK_RSA, 0, CKM_RSA_PKCS, 0, B_FALSE, B_FALSE}, {CKO_PUBLIC_KEY, CKK_RSA, 0, CKM_RSA_X_509, 0, B_FALSE, B_FALSE}, }; static unsigned int num_rsa_wrap_info = sizeof (rsa_wrap_info) / sizeof (wrap_info_t); static pthread_rwlock_t meta_objectclose_lock; static pthread_rwlock_t tokenobject_list_lock; static meta_object_t *tokenobject_list_head; CK_BBOOL falsevalue = FALSE; CK_BBOOL truevalue = TRUE; /* * Public and private exponent, and Module value for * creating the RSA public/private key. * */ static CK_BYTE PubExpo[3] = {0x01, 0x00, 0x01}; CK_BYTE PriExpo[128] = { 0x8e, 0xc9, 0x70, 0x57, 0x6b, 0xcd, 0xfb, 0xa9, 0x19, 0xad, 0xcd, 0x91, 0x69, 0xd5, 0x52, 0xec, 0x72, 0x1e, 0x45, 0x15, 0x06, 0xdc, 0x65, 0x2d, 0x98, 0xc4, 0xce, 0x33, 0x54, 0x15, 0x70, 0x8d, 0xfa, 0x65, 0xea, 0x53, 0x44, 0xf3, 0x3e, 0x3f, 0xb4, 0x4c, 0x60, 0xd5, 0x01, 0x2d, 0xa4, 0x12, 0x99, 0xbf, 0x3f, 0x0b, 0xcd, 0xbb, 0x24, 0x10, 0x60, 0x30, 0x5e, 0x58, 0xf8, 0x59, 0xaa, 0xd1, 0x63, 0x3b, 0xbc, 0xcb, 0x94, 0x58, 0x38, 0x24, 0xfc, 0x65, 0x25, 0xc5, 0xa6, 0x51, 0xa2, 0x2e, 0xf1, 0x5e, 0xf5, 0xc1, 0xf5, 0x46, 0xf7, 0xbd, 0xc7, 0x62, 0xa8, 0xe2, 0x27, 0xd6, 0x94, 0x5b, 0xd3, 0xa2, 0xb5, 0x76, 0x42, 0x67, 0x6b, 0x86, 0x91, 0x97, 0x4d, 0x07, 0x92, 0x00, 0x4a, 0xdf, 0x0b, 0x65, 0x64, 0x05, 0x03, 0x48, 0x27, 0xeb, 0xce, 0x9a, 0x49, 0x7f, 0x3e, 0x10, 0xe0, 0x01}; static CK_BYTE Modulus[128] = { 0x94, 0x32, 0xb9, 0x12, 0x1d, 0x68, 0x2c, 0xda, 0x2b, 0xe0, 0xe4, 0x97, 0x1b, 0x4d, 0xdc, 0x43, 0xdf, 0x38, 0x6e, 0x7b, 0x9f, 0x07, 0x58, 0xae, 0x9d, 0x82, 0x1e, 0xc7, 0xbc, 0x92, 0xbf, 0xd3, 0xce, 0x00, 0xbb, 0x91, 0xc9, 0x79, 0x06, 0x03, 0x1f, 0xbc, 0x9f, 0x94, 0x75, 0x29, 0x5f, 0xd7, 0xc5, 0xf3, 0x73, 0x8a, 0xa4, 0x35, 0x43, 0x7a, 0x00, 0x32, 0x97, 0x3e, 0x86, 0xef, 0x70, 0x6f, 0x18, 0x56, 0x15, 0xaa, 0x6a, 0x87, 0xe7, 0x8d, 0x7d, 0xdd, 0x1f, 0xa4, 0xe4, 0x31, 0xd4, 0x7a, 0x8c, 0x0e, 0x20, 0xd2, 0x23, 0xf5, 0x57, 0x3c, 0x1b, 0xa8, 0x44, 0xa4, 0x57, 0x8f, 0x33, 0x52, 0xad, 0x83, 0xae, 0x4a, 0x97, 0xa6, 0x1e, 0xa6, 0x2b, 0xfa, 0xea, 0xeb, 0x6e, 0x71, 0xb8, 0xb6, 0x0a, 0x36, 0xed, 0x83, 0xce, 0xb0, 0xdf, 0xc1, 0xd4, 0x3a, 0xe9, 0x99, 0x6f, 0xf3, 0x96, 0xb7}; static CK_RV meta_clone_template_setup(meta_object_t *object, const generic_attr_t *attributes, size_t num_attributes); /* * meta_objectManager_initialize * * Called from meta_Initialize. Initializes all the variables used * by the object manager. */ CK_RV meta_objectManager_initialize() { if (pthread_rwlock_init(&meta_objectclose_lock, NULL) != 0) { return (CKR_FUNCTION_FAILED); } if (pthread_rwlock_init(&tokenobject_list_lock, NULL) != 0) { (void) pthread_rwlock_destroy(&meta_objectclose_lock); return (CKR_FUNCTION_FAILED); } tokenobject_list_head = NULL; return (CKR_OK); } void meta_objectManager_finalize() { /* * If there are still any token object in the list, need to * deactivate all of them. */ (void) meta_token_object_deactivate(ALL_TOKEN); (void) pthread_rwlock_destroy(&meta_objectclose_lock); (void) pthread_rwlock_destroy(&tokenobject_list_lock); } /* * meta_handle2object * * Convert a CK_OBJECT_HANDLE to the corresponding metaobject. If * successful, a reader-lock on the object will be held to indicate * that it's in use. Call OBJRELEASE() when finished. * */ CK_RV meta_handle2object(CK_OBJECT_HANDLE hObject, meta_object_t **object) { meta_object_t *tmp_object = (meta_object_t *)(hObject); /* Check for bad args (eg CK_INVALID_HANDLE, which is 0/NULL). */ if (tmp_object == NULL) { *object = NULL; return (CKR_OBJECT_HANDLE_INVALID); } /* Lock to ensure the magic-check + read-lock is atomic. */ (void) pthread_rwlock_rdlock(&meta_objectclose_lock); if (tmp_object->magic_marker != METASLOT_OBJECT_MAGIC) { (void) pthread_rwlock_unlock(&meta_objectclose_lock); *object = NULL; return (CKR_OBJECT_HANDLE_INVALID); } (void) pthread_rwlock_rdlock(&tmp_object->object_lock); (void) pthread_rwlock_unlock(&meta_objectclose_lock); *object = tmp_object; return (CKR_OK); } /* * meta_object_alloc * * Creates a new metaobject, but does not yet add it to the object list. * Once the caller has finished initializing the object (by setting * object attributes), meta_object_add should be called. This two-step * process prevents others from seeing the object until fully intitialized. * */ CK_RV meta_object_alloc(meta_session_t *session, meta_object_t **object) { meta_object_t *new_object; CK_ULONG num_slots; /* Allocate memory for the object. */ new_object = calloc(1, sizeof (meta_object_t)); if (new_object == NULL) return (CKR_HOST_MEMORY); num_slots = meta_slotManager_get_slotcount(); new_object->clones = calloc(num_slots, sizeof (slot_object_t *)); if (new_object->clones == NULL) { free(new_object); return (CKR_HOST_MEMORY); } new_object->tried_create_clone = calloc(num_slots, sizeof (boolean_t)); if (new_object->tried_create_clone == NULL) { free(new_object->clones); free(new_object); return (CKR_HOST_MEMORY); } /* Initialize the object fields. */ new_object->magic_marker = METASLOT_OBJECT_MAGIC; (void) pthread_rwlock_init(&new_object->object_lock, NULL); (void) pthread_rwlock_init(&new_object->attribute_lock, NULL); (void) pthread_mutex_init(&new_object->clone_create_lock, NULL); (void) pthread_mutex_init(&new_object->isClosingObject_lock, NULL); new_object->creator_session = session; *object = new_object; return (CKR_OK); } /* * meta_object_get_attr * * Get attribute values to fill in attribute values * being kept in the metaslot object. The following 4 attributes * in the meta_object_t structure will be filled in: * isToken, isPrivate, isSensitive, isExtractable * * It's basically an easy way to do a C_GetAttributeValue. * So, the hSession argument is assumed * to be valid, and the pointer to meta_object_t is also assumed * to be valid. */ CK_RV meta_object_get_attr(slot_session_t *slot_session, CK_OBJECT_HANDLE hObject, meta_object_t *object) { CK_BBOOL is_sensitive = object->isSensitive; CK_BBOOL is_extractable = object->isExtractable; CK_BBOOL is_token = B_FALSE, is_private = B_FALSE; CK_KEY_TYPE keytype; CK_OBJECT_CLASS class; CK_ATTRIBUTE attrs[3]; CK_RV rv; CK_SESSION_HANDLE hSession = slot_session->hSession; CK_SLOT_ID fw_st_id = slot_session->fw_st_id; int count = 1; attrs[0].type = CKA_CLASS; attrs[0].pValue = &class; attrs[0].ulValueLen = sizeof (class); if (object->isFreeObject != FREE_ENABLED) { attrs[1].type = CKA_TOKEN; attrs[1].pValue = &is_token; attrs[1].ulValueLen = sizeof (is_token); count++; } /* * If this is a freeobject, we already know the Private value * and we don't want to overwrite it with the wrong value */ if (object->isFreeObject <= FREE_DISABLED) { attrs[count].type = CKA_PRIVATE; attrs[count].pValue = &is_private; attrs[count].ulValueLen = sizeof (is_private); count++; } else is_private = object->isPrivate; rv = FUNCLIST(fw_st_id)->C_GetAttributeValue(hSession, hObject, attrs, count); if (rv != CKR_OK) { return (rv); } count = 0; switch (class) { case CKO_PRIVATE_KEY: case CKO_SECRET_KEY: /* Only need to check these for private & secret keys */ attrs[0].type = CKA_EXTRACTABLE; attrs[0].pValue = &is_extractable; attrs[0].ulValueLen = sizeof (is_extractable); count = 1; /* * If this is a freeobject, we already know the Sensitive * value and we don't want to overwrite it with the wrong * value. */ if (object->isFreeObject <= FREE_DISABLED) { attrs[1].type = CKA_SENSITIVE; attrs[1].pValue = &is_sensitive; attrs[1].ulValueLen = sizeof (is_sensitive); count = 2; /* * We only need the key type if this is the first * time we've looked at the object */ if (object->isFreeObject == FREE_UNCHECKED) { attrs[2].type = CKA_KEY_TYPE; attrs[2].pValue = &keytype; attrs[2].ulValueLen = sizeof (keytype); count = 3; } } break; case CKO_PUBLIC_KEY: if (object->isFreeObject == FREE_UNCHECKED) { attrs[count].type = CKA_KEY_TYPE; attrs[count].pValue = &keytype; attrs[count].ulValueLen = sizeof (keytype); count++; } is_sensitive = CK_FALSE; is_extractable = CK_TRUE; break; default: object->isFreeObject = FREE_DISABLED; is_sensitive = CK_FALSE; is_extractable = CK_TRUE; }; if (count > 0) { rv = FUNCLIST(fw_st_id)->C_GetAttributeValue(hSession, hObject, attrs, count); if (rv != CKR_OK) { return (rv); } if (object->isFreeObject == FREE_UNCHECKED) { if (keytype == CKK_EC || keytype == CKK_RSA || keytype == CKK_DH) { if (metaslot_config.auto_key_migrate) { object->isFreeObject = FREE_DISABLED; object->isFreeToken = FREE_DISABLED; } object->isFreeObject = FREE_ENABLED; if (is_token) object->isFreeToken = FREE_ENABLED; } else object->isFreeObject = FREE_DISABLED; } } object->isToken = is_token; object->isPrivate = is_private; object->isSensitive = is_sensitive; object->isExtractable = is_extractable; return (CKR_OK); } /* * meta_object_activate * * Add a new metaobject to the list of objects. See also meta_object_create, * which would be called to create an object before it is added. */ void meta_object_activate(meta_object_t *new_object) { pthread_rwlock_t *list_lock; meta_object_t **list_head; /* * For session objects, we keep the list in the session that created * this object, because this object will be destroyed when that session * is closed. * * For token objects, the list is global (ie, not associated with any * particular session). */ if (new_object->isToken) { list_lock = &tokenobject_list_lock; list_head = &tokenobject_list_head; } else { list_lock = &new_object->creator_session->object_list_lock; list_head = &new_object->creator_session->object_list_head; } /* Add object to the list of objects. */ (void) pthread_rwlock_wrlock(list_lock); INSERT_INTO_LIST(*list_head, new_object); (void) pthread_rwlock_unlock(list_lock); } /* * meta_object_deactivate * * Removes the object from the list of valid meta objects. Note * that this function does not clean up any allocated * resources (memory, object clones, etc). Cleaning up of * allocated resources is done by calling the meta_object_deallocate() * */ CK_RV meta_object_deactivate(meta_object_t *object, boolean_t have_list_lock, boolean_t have_object_lock) { pthread_rwlock_t *list_lock; meta_object_t **list_head; if (!have_object_lock) { (void) pthread_rwlock_rdlock(&object->object_lock); } (void) pthread_mutex_lock(&object->isClosingObject_lock); if (object->isClosingObject) { /* Lost a delete race. */ (void) pthread_mutex_unlock(&object->isClosingObject_lock); OBJRELEASE(object); return (CKR_OBJECT_HANDLE_INVALID); } object->isClosingObject = B_TRUE; (void) pthread_mutex_unlock(&object->isClosingObject_lock); if (object->isToken) { list_lock = &tokenobject_list_lock; list_head = &tokenobject_list_head; } else { list_lock = &object->creator_session->object_list_lock; list_head = &object->creator_session->object_list_head; } /* * Remove object from the object list. Once removed, it will not * be possible for another thread to begin using the object. */ (void) pthread_rwlock_wrlock(&meta_objectclose_lock); if (!have_list_lock) { (void) pthread_rwlock_wrlock(list_lock); } object->magic_marker = METASLOT_OBJECT_BADMAGIC; /* * Can't use the regular REMOVE_FROM_LIST() function because * that will miss the "error cleanup" situation where object is not yet * in the list (object->next == NULL && object->prev == NULL) */ if (*list_head == object) { /* Object is the first one in the list */ if (object->next) { *list_head = object->next; object->next->prev = NULL; } else { /* Object is the only one in the list */ *list_head = NULL; } } else if (object->next != NULL || object->prev != NULL) { if (object->next) { object->prev->next = object->next; object->next->prev = object->prev; } else { /* Object is the last one in the list */ object->prev->next = NULL; } } if (!have_list_lock) { (void) pthread_rwlock_unlock(list_lock); } (void) pthread_rwlock_unlock(&meta_objectclose_lock); /* * Wait for anyone already using object to finish, by obtaining * a writer-lock (need to release our reader-lock first). Once we * get the write lock, we can just release it and finish cleaning * up the object. */ (void) pthread_rwlock_unlock(&object->object_lock); /* rdlock */ (void) pthread_rwlock_wrlock(&object->object_lock); (void) pthread_rwlock_unlock(&object->object_lock); /* wrlock */ return (CKR_OK); } /* * meta_object_dealloc * * Performs final object cleanup, releasing any allocated memory and * destroying any clones on other slots. Caller is assumed to have * called meta_object_deactivate() before this function. * * Caller is assumed to have only reference to object, but should have * released any lock. * * If "nukeSourceObj" argument is true, we will actually delete the * object from the underlying slot. */ CK_RV meta_object_dealloc(meta_object_t *object, boolean_t nukeSourceObj) { CK_RV rv, save_rv = CKR_OK; CK_ULONG slotnum, num_slots; CK_ULONG i; /* First, delete all the clones of this object on other slots. */ num_slots = meta_slotManager_get_slotcount(); for (slotnum = 0; slotnum < num_slots; slotnum++) { slot_session_t *obj_session; slot_object_t *clone; clone = object->clones[slotnum]; if (clone == NULL) continue; if (nukeSourceObj || (!object->isToken && !(object->isFreeToken == FREE_ENABLED && get_keystore_slotnum() == slotnum))) { rv = meta_get_slot_session(slotnum, &obj_session, object->creator_session->session_flags); if (rv == CKR_OK) { rv = FUNCLIST(obj_session->fw_st_id)->\ C_DestroyObject(obj_session->hSession, clone->hObject); meta_release_slot_session(obj_session); if ((rv != CKR_OK) && (save_rv == CKR_OK)) { save_rv = rv; } } } meta_slot_object_deactivate(clone); meta_slot_object_dealloc(clone); object->clones[slotnum] = NULL; } /* Now erase and delete any attributes in the metaobject. */ dealloc_attributes(object->attributes, object->num_attributes); free(object->clones); free(object->tried_create_clone); if (object->clone_template) { for (i = 0; i < object->clone_template_size; i++) { free(((object->clone_template)[i]).pValue); } free(object->clone_template); } /* Cleanup remaining object fields. */ (void) pthread_rwlock_destroy(&object->object_lock); (void) pthread_rwlock_destroy(&object->attribute_lock); (void) pthread_mutex_destroy(&object->isClosingObject_lock); (void) pthread_mutex_destroy(&object->clone_create_lock); meta_object_delay_free(object); return (save_rv); } /* * meta_slot_object_alloc */ CK_RV meta_slot_object_alloc(slot_object_t **object) { slot_object_t *new_object; new_object = calloc(1, sizeof (slot_object_t)); if (new_object == NULL) return (CKR_HOST_MEMORY); *object = new_object; return (CKR_OK); } /* * meta_slot_object_activate */ void meta_slot_object_activate(slot_object_t *object, slot_session_t *creator_session, boolean_t isToken) { object->creator_session = creator_session; if (isToken) { extern slot_data_t *slots; slot_data_t *slot; slot = &(slots[object->creator_session->slotnum]); (void) pthread_rwlock_wrlock(&slot->tokenobject_list_lock); INSERT_INTO_LIST(slot->tokenobject_list_head, object); (void) pthread_rwlock_unlock(&slot->tokenobject_list_lock); } else { slot_session_t *session = object->creator_session; /* Add to session's list of session objects. */ (void) pthread_rwlock_wrlock(&session->object_list_lock); INSERT_INTO_LIST(session->object_list_head, object); (void) pthread_rwlock_unlock(&session->object_list_lock); } /* * This set tells the slot object that we are in the token list, * but does not cause harm with the metaobject knowing the object * isn't a token, but a freetoken */ object->isToken = isToken; } /* * meta_slot_object_deactivate * * Remove the specified slot object from the appropriate object list. */ void meta_slot_object_deactivate(slot_object_t *object) { slot_object_t **list_head; pthread_rwlock_t *list_lock; if (object->isToken) { extern slot_data_t *slots; slot_data_t *slot; slot = &(slots[object->creator_session->slotnum]); list_head = &slot->tokenobject_list_head; list_lock = &slot->tokenobject_list_lock; } else { list_head = &object->creator_session->object_list_head; list_lock = &object->creator_session->object_list_lock; } (void) pthread_rwlock_wrlock(list_lock); REMOVE_FROM_LIST(*list_head, object); (void) pthread_rwlock_unlock(list_lock); } /* * meta_slot_object_dealloc */ void meta_slot_object_dealloc(slot_object_t *object) { /* Not much cleanup for slot objects, unlike meta objects... */ free(object); } /* * meta_object_copyin * * When a key is generated/derived/unwrapped, the attribute values * created by the token are not immediately read into our copy of the * attributes. We defer this work until we actually need to know. */ CK_RV meta_object_copyin(meta_object_t *object) { CK_RV rv = CKR_OK; slot_session_t *session = NULL; CK_ATTRIBUTE *attrs = NULL, *attrs_with_val = NULL; slot_object_t *slot_object = NULL; CK_ULONG num_attrs = 0, i, num_attrs_with_val; CK_SESSION_HANDLE hSession; CK_SLOT_ID fw_st_id; /* Make sure no one else is looking at attributes. */ (void) pthread_rwlock_wrlock(&object->attribute_lock); /* Did we just lose a copyin race with another thread */ if (object->attributes != NULL) { goto finish; } slot_object = object->clones[object->master_clone_slotnum]; rv = meta_get_slot_session(object->master_clone_slotnum, &session, object->creator_session->session_flags); if (rv != CKR_OK) { goto finish; } /* * first, get the master template of all the attributes * for this object */ rv = get_master_attributes_by_object(session, slot_object, &(object->attributes), &(object->num_attributes)); if (rv != CKR_OK) { goto finish; } /* * Get value for each attribute items. * * Some attributes are required by the given object type. * Some are optional. Get all the values first, and then * make sure we have value for all required values, */ attrs = calloc(object->num_attributes, sizeof (CK_ATTRIBUTE)); if (attrs == NULL) { rv = CKR_HOST_MEMORY; goto finish; } for (i = 0; i < object->num_attributes; i++) { attrs[i].type = ((object->attributes[i]).attribute).type; } num_attrs = object->num_attributes; hSession = session->hSession; fw_st_id = session->fw_st_id; /* first, call C_GetAttributeValue() to get size for each attribute */ rv = FUNCLIST(fw_st_id)->C_GetAttributeValue(hSession, slot_object->hObject, attrs, num_attrs); /* * If the return value is not CKR_OK, allow it to be * CKR_ATTRIBUTE_TYPE_INVALID for now. * Some attributes defined in PKCS#11 version 2.11 * might not be defined in earlier versions. We will * TRY to work with those providers if the attribute * is optional. */ if ((rv != CKR_OK) && (rv != CKR_ATTRIBUTE_TYPE_INVALID)) { rv = CKR_FUNCTION_FAILED; /* make sure rv is appropriate */ goto finish; } /* * allocate space. * Since we don't know how many attributes have * values at this time, just assume all of them * have values so we save one loop to count the number * of attributes that have value. */ attrs_with_val = calloc(num_attrs, sizeof (CK_ATTRIBUTE)); if (attrs_with_val == NULL) { rv = CKR_HOST_MEMORY; goto finish; } num_attrs_with_val = 0; for (i = 0; i < num_attrs; i++) { if (!(((CK_LONG)(attrs[i].ulValueLen)) > 0)) { /* if it isn't an optional attr, len should be > 0 */ if (!object->attributes[i].canBeEmptyValue) { rv = CKR_FUNCTION_FAILED; goto finish; } } else { attrs_with_val[num_attrs_with_val].type = attrs[i].type; attrs_with_val[num_attrs_with_val].ulValueLen = attrs[i].ulValueLen; attrs_with_val[num_attrs_with_val].pValue = malloc(attrs[i].ulValueLen); if (attrs_with_val[num_attrs_with_val].pValue == NULL) { rv = CKR_HOST_MEMORY; goto finish; } num_attrs_with_val++; } } rv = FUNCLIST(fw_st_id)->C_GetAttributeValue(hSession, slot_object->hObject, attrs_with_val, num_attrs_with_val); if (rv != CKR_OK) { goto finish; } /* store these values into the meta object */ for (i = 0; i < num_attrs_with_val; i++) { rv = attribute_set_value(&(attrs_with_val[i]), object->attributes, object->num_attributes); if (rv != CKR_OK) { goto finish; } } finish: (void) pthread_rwlock_unlock(&object->attribute_lock); if (session) meta_release_slot_session(session); if (attrs) { for (i = 0; i < num_attrs; i++) { if (attrs[i].pValue != NULL) { free(attrs[i].pValue); } } free(attrs); } if (attrs_with_val) { for (i = 0; i < num_attrs; i++) { if (attrs_with_val[i].pValue != NULL) { free(attrs_with_val[i].pValue); } } free(attrs_with_val); } return (rv); } /* * Create an object to be used for wrapping and unwrapping. * The same template will be used for all wrapping/unwrapping keys all * the time */ static CK_RV create_wrap_unwrap_key(slot_session_t *slot_session, CK_OBJECT_HANDLE *hObject, wrap_info_t *wrap_info, char *key_data, CK_ULONG key_len) { CK_OBJECT_CLASS objclass; CK_KEY_TYPE keytype; CK_RV rv = CKR_OK; int i; CK_ATTRIBUTE template[WRAP_KEY_TEMPLATE_SIZE]; i = 0; objclass = wrap_info->class; template[i].type = CKA_CLASS; template[i].pValue = &objclass; template[i].ulValueLen = sizeof (objclass); i++; keytype = wrap_info->key_type; template[i].type = CKA_KEY_TYPE; template[i].pValue = &keytype; template[i].ulValueLen = sizeof (keytype); i++; template[i].type = CKA_TOKEN; template[i].pValue = &falsevalue; template[i].ulValueLen = sizeof (falsevalue); if (objclass == CKO_SECRET_KEY) { i++; template[i].type = CKA_VALUE; template[i].pValue = key_data; template[i].ulValueLen = key_len; i++; template[i].type = CKA_WRAP; template[i].pValue = &truevalue; template[i].ulValueLen = sizeof (truevalue); i++; template[i].type = CKA_UNWRAP; template[i].pValue = &truevalue; template[i].ulValueLen = sizeof (truevalue); } else { /* Modulus is the same for rsa public and private key */ i++; template[i].type = CKA_MODULUS; template[i].pValue = Modulus; template[i].ulValueLen = sizeof (Modulus); if (objclass == CKO_PUBLIC_KEY) { /* RSA public key */ i++; template[i].type = CKA_PUBLIC_EXPONENT; template[i].pValue = PubExpo; template[i].ulValueLen = sizeof (PubExpo); i++; template[i].type = CKA_WRAP; template[i].pValue = &truevalue; template[i].ulValueLen = sizeof (truevalue); } else { /* RSA private key */ i++; template[i].type = CKA_PRIVATE_EXPONENT; template[i].pValue = PriExpo; template[i].ulValueLen = sizeof (PriExpo); i++; template[i].type = CKA_UNWRAP; template[i].pValue = &truevalue; template[i].ulValueLen = sizeof (truevalue); } } rv = FUNCLIST(slot_session->fw_st_id)->C_CreateObject( slot_session->hSession, template, i + 1, hObject); return (rv); } /* * Create a clone of a non-sensitive and extractable object. * If the template required for creating the clone doesn't exist, * it will be retrieved from the master clone. */ static CK_RV clone_by_create(meta_object_t *object, slot_object_t *new_clone, slot_session_t *dst_slot_session) { CK_RV rv; int free_token_index = -1; if (object->attributes == NULL) { rv = meta_object_copyin(object); if (rv != CKR_OK) { return (rv); } } if (object->clone_template == NULL) { rv = meta_clone_template_setup(object, object->attributes, object->num_attributes); if (rv != CKR_OK) { return (rv); } } if (object->isFreeToken == FREE_ENABLED) { if (dst_slot_session->slotnum == get_keystore_slotnum()) free_token_index = set_template_boolean(CKA_TOKEN, object->clone_template, object->clone_template_size, B_FALSE, &truevalue); else free_token_index = set_template_boolean(CKA_TOKEN, object->clone_template, object->clone_template_size, B_FALSE, &falsevalue); } /* Create the clone... */ rv = FUNCLIST(dst_slot_session->fw_st_id)->C_CreateObject( dst_slot_session->hSession, object->clone_template, object->clone_template_size, &(new_clone->hObject)); if (free_token_index != -1) { free_token_index = set_template_boolean( CKA_TOKEN, object->clone_template, object->clone_template_size, B_FALSE, &falsevalue); } if (rv != CKR_OK) { return (rv); } return (CKR_OK); } /* * Goes through the list of wraping mechanisms, and returns the first * one that is supported by both the source and the destination slot. * If none of the mechanisms are supported by both slot, return the * first mechanism that's supported by the source slot */ static CK_RV find_best_match_wrap_mech(wrap_info_t *wrap_info, int num_info, CK_ULONG src_slotnum, CK_ULONG dst_slotnum, int *first_both_mech, int *first_src_mech) { int i; boolean_t src_supports, dst_supports; CK_RV rv; for (i = 0; i < num_info; i++) { src_supports = B_FALSE; dst_supports = B_FALSE; rv = meta_mechManager_slot_supports_mech( (wrap_info[i]).mech_type, src_slotnum, &src_supports, NULL, B_FALSE); if (rv != CKR_OK) { return (rv); } rv = meta_mechManager_slot_supports_mech( (wrap_info[i]).mech_type, dst_slotnum, &dst_supports, NULL, B_FALSE); if (rv != CKR_OK) { return (rv); } /* both source and destination supports the mech */ if ((src_supports) && (dst_supports)) { *first_both_mech = i; return (CKR_OK); } if ((src_supports) && (*first_src_mech == -1)) { *first_src_mech = i; } } return (CKR_OK); } /* * Determine the wrapping/unwrapping mechanism to be used * * If possible, select a mechanism that's supported by both source * and destination slot. If none of the mechanisms are supported * by both slot, then, select the first one supported by * the source slot. */ static CK_RV get_wrap_mechanism(CK_OBJECT_CLASS obj_class, CK_KEY_TYPE key_type, CK_ULONG src_slotnum, CK_ULONG dst_slotnum, wrap_info_t *wrap_info) { wrap_info_t *wrap_info_to_search = NULL; unsigned int num_wrap_info; CK_RV rv; int i; boolean_t src_supports = B_FALSE, dst_supports = B_FALSE; int first_src_mech, rsa_first_src_mech, first_both_mech; if ((obj_class == CKO_PRIVATE_KEY) && (key_type == CKK_KEA)) { /* * only SKIPJACK keys can be used for wrapping * KEA private keys */ for (i = 0; i < num_special_wrap_info; i++) { if ((special_wrap_info[i]).mech_type != CKM_SKIPJACK_WRAP) { continue; } src_supports = B_FALSE; dst_supports = B_FALSE; rv = meta_mechManager_slot_supports_mech( (special_wrap_info[i]).mech_type, src_slotnum, &src_supports, NULL, B_FALSE); if (rv != CKR_OK) { goto finish; } rv = meta_mechManager_slot_supports_mech( (special_wrap_info[i]).mech_type, dst_slotnum, &dst_supports, NULL, B_FALSE); if (rv != CKR_OK) { goto finish; } if (src_supports) { /* * both src and dst supports the mech or * only the src supports the mech */ (void) memcpy(wrap_info, &(special_wrap_info[i]), sizeof (wrap_info_t)); wrap_info->src_supports = src_supports; wrap_info->dst_supports = dst_supports; rv = CKR_OK; goto finish; } } /* * if we are here, that means neither the source slot * nor the destination slots suppports CKM_SKIPJACK_WRAP */ rv = CKR_FUNCTION_FAILED; goto finish; } if ((key_type == CKK_SKIPJACK) || (key_type == CKK_BATON) || (key_type == CKK_JUNIPER)) { /* special key types */ wrap_info_to_search = special_wrap_info; num_wrap_info = num_special_wrap_info; } else { /* use the regular wrapping mechanisms */ wrap_info_to_search = common_wrap_info; num_wrap_info = num_common_wrap_info; } first_both_mech = -1; first_src_mech = -1; rv = find_best_match_wrap_mech(wrap_info_to_search, num_wrap_info, src_slotnum, dst_slotnum, &first_both_mech, &first_src_mech); if (rv != CKR_OK) { goto finish; } if (first_both_mech != -1) { (void) memcpy(wrap_info, &(wrap_info_to_search[first_both_mech]), sizeof (wrap_info_t)); wrap_info->src_supports = B_TRUE; wrap_info->dst_supports = B_TRUE; rv = CKR_OK; goto finish; } /* * If we are here, we did not find a mechanism that's supported * by both source and destination slot. * * If it is a secret key, can also try to wrap it with * a RSA public key */ if (obj_class == CKO_SECRET_KEY) { first_both_mech = -1; rsa_first_src_mech = -1; rv = find_best_match_wrap_mech(rsa_wrap_info, num_rsa_wrap_info, src_slotnum, dst_slotnum, &first_both_mech, &rsa_first_src_mech); if (rv != CKR_OK) { goto finish; } if (first_both_mech > -1) { (void) memcpy(wrap_info, &(rsa_wrap_info[first_both_mech]), sizeof (wrap_info_t)); wrap_info->src_supports = B_TRUE; wrap_info->dst_supports = B_TRUE; rv = CKR_OK; goto finish; } } /* * if we are here, that means none of the mechanisms are supported * by both the source and the destination */ if (first_src_mech > -1) { /* source slot support one of the secret key mechs */ (void) memcpy(wrap_info, &(wrap_info_to_search[first_src_mech]), sizeof (wrap_info_t)); wrap_info->src_supports = B_TRUE; wrap_info->dst_supports = B_FALSE; rv = CKR_OK; } else if (rsa_first_src_mech > -1) { /* source slot support one of the RSA mechs */ (void) memcpy(wrap_info, &(rsa_wrap_info[rsa_first_src_mech]), sizeof (wrap_info_t)); wrap_info->src_supports = B_TRUE; wrap_info->dst_supports = B_FALSE; rv = CKR_OK; } else { /* neither source nor destination support any wrap mechs */ rv = CKR_FUNCTION_FAILED; } finish: return (rv); } /* * This is called if the object to be cloned is a sensitive object */ static CK_RV clone_by_wrap(meta_object_t *object, slot_object_t *new_clone, slot_session_t *dst_slot_session) { slot_session_t *src_slot_session = NULL; CK_OBJECT_HANDLE wrappingKey = NULL, unwrappingKey = NULL; CK_MECHANISM wrappingMech; CK_BYTE *wrappedKey = NULL; CK_ULONG wrappedKeyLen = 0; slot_object_t *slot_object = NULL; CK_RV rv = CKR_OK; CK_OBJECT_HANDLE unwrapped_obj; meta_object_t *tmp_meta_obj = NULL; slot_object_t *tmp_slot_obj = NULL; CK_OBJECT_CLASS obj_class; CK_KEY_TYPE key_type; meta_session_t *tmp_meta_session = NULL; CK_ATTRIBUTE unwrap_template[4]; char key_data[1024]; /* should be big enough for any key size */ char ivbuf[1024]; /* should be big enough for any mech */ wrap_info_t wrap_info; CK_ULONG key_len, unwrap_template_size; slot_object = object->clones[object->master_clone_slotnum]; rv = meta_get_slot_session(object->master_clone_slotnum, &src_slot_session, object->creator_session->session_flags); if (rv != CKR_OK) { return (rv); } /* * get the object class and key type for unwrap template * This information will also be used for determining * which wrap mechanism and which key to use for * doing the wrapping */ unwrap_template[0].type = CKA_CLASS; unwrap_template[0].pValue = &obj_class; unwrap_template[0].ulValueLen = sizeof (obj_class); unwrap_template[1].type = CKA_KEY_TYPE; unwrap_template[1].pValue = &key_type; unwrap_template[1].ulValueLen = sizeof (key_type); rv = FUNCLIST(src_slot_session->fw_st_id)->C_GetAttributeValue( src_slot_session->hSession, slot_object->hObject, unwrap_template, 2); if (rv != CKR_OK) { goto finish; } rv = get_wrap_mechanism(obj_class, key_type, src_slot_session->slotnum, dst_slot_session->slotnum, &wrap_info); if (rv != CKR_OK) { goto finish; } /* * open the random device and read number of bytes required for * creating a secret key for wrapping and unwrapping */ if (wrap_info.class == CKO_SECRET_KEY) { /* * /dev/urandom will be used for generating the key used * for doing the wrap/unwrap. It's should be ok to * use /dev/urandom because this key is used for this * one time operation only. It doesn't need to be stored. */ int fd; while ((fd = open(RANDOM_DEVICE, O_RDONLY)) < 0) { if (errno != EINTR) break; } if (fd == -1) { rv = CKR_FUNCTION_FAILED; goto finish; } key_len = wrap_info.key_length; if (looping_read(fd, key_data, key_len) != key_len) { rv = CKR_FUNCTION_FAILED; goto finish; } if (wrap_info.iv_length > 0) { if (looping_read(fd, ivbuf, wrap_info.iv_length) != wrap_info.iv_length) { rv = CKR_FUNCTION_FAILED; goto finish; } } (void) close(fd); } /* create the wrapping key */ rv = create_wrap_unwrap_key(src_slot_session, &wrappingKey, &wrap_info, key_data, key_len); if (rv != CKR_OK) { goto finish; } wrappingMech.mechanism = wrap_info.mech_type; wrappingMech.pParameter = ((wrap_info.iv_length > 0) ? ivbuf : NULL); wrappingMech.ulParameterLen = wrap_info.iv_length; /* get the size of the wrapped key */ rv = FUNCLIST(src_slot_session->fw_st_id)->C_WrapKey( src_slot_session->hSession, &wrappingMech, wrappingKey, slot_object->hObject, NULL, &wrappedKeyLen); if (rv != CKR_OK) { goto finish; } wrappedKey = malloc(wrappedKeyLen * sizeof (CK_BYTE)); if (wrappedKey == NULL) { rv = CKR_HOST_MEMORY; goto finish; } /* do the actual key wrapping */ rv = FUNCLIST(src_slot_session->fw_st_id)->C_WrapKey( src_slot_session->hSession, &wrappingMech, wrappingKey, slot_object->hObject, wrappedKey, &wrappedKeyLen); if (rv != CKR_OK) { goto finish; } /* explicitly force the unwrapped object to be not sensitive */ unwrap_template[2].type = CKA_SENSITIVE; unwrap_template[2].pValue = &falsevalue; unwrap_template[2].ulValueLen = sizeof (falsevalue); unwrap_template[3].type = CKA_TOKEN; unwrap_template[3].pValue = &falsevalue; unwrap_template[3].ulValueLen = sizeof (falsevalue); unwrap_template_size = sizeof (unwrap_template) / sizeof (CK_ATTRIBUTE); if (!wrap_info.dst_supports) { /* * if we know for sure that the destination slot doesn't * support the wrapping mechanism, no point in trying. * go directly to unwrap in source slot, and create key * in destination */ goto unwrap_in_source; } /* create the unwrapping key in destination slot */ if (wrap_info.key_type == CKK_RSA) { /* for RSA key, the unwrapping key need to be private key */ wrap_info.class = CKO_PRIVATE_KEY; } rv = create_wrap_unwrap_key(dst_slot_session, &unwrappingKey, &wrap_info, key_data, key_len); if (rv != CKR_OK) { goto finish; } rv = FUNCLIST(dst_slot_session->fw_st_id)->C_UnwrapKey( dst_slot_session->hSession, &wrappingMech, unwrappingKey, wrappedKey, wrappedKeyLen, unwrap_template, unwrap_template_size, &(new_clone->hObject)); if (rv != CKR_OK) { unwrap_in_source: /* * There seemed to be a problem with unwrapping in the * destination slot. * Try to do the unwrap in the src slot so it becomes * a non-sensitive object, then, get all the attributes * and create the object in the destination slot */ if (wrap_info.class == CKO_SECRET_KEY) { /* unwrap with same key used for wrapping */ rv = FUNCLIST(src_slot_session->fw_st_id)->C_UnwrapKey( src_slot_session->hSession, &wrappingMech, wrappingKey, wrappedKey, wrappedKeyLen, unwrap_template, unwrap_template_size, &(unwrapped_obj)); } else { /* * If the object is wrapping with RSA public key, need * need to create RSA private key for unwrapping */ wrap_info.class = CKO_PRIVATE_KEY; rv = create_wrap_unwrap_key(src_slot_session, &unwrappingKey, &wrap_info, key_data, key_len); if (rv != CKR_OK) { goto finish; } rv = FUNCLIST(src_slot_session->fw_st_id)->C_UnwrapKey( src_slot_session->hSession, &wrappingMech, unwrappingKey, wrappedKey, wrappedKeyLen, unwrap_template, unwrap_template_size, &(unwrapped_obj)); } if (rv != CKR_OK) { goto finish; } rv = meta_session_alloc(&tmp_meta_session); if (rv != CKR_OK) { goto finish; } tmp_meta_session->session_flags = CKF_SERIAL_SESSION; rv = meta_object_alloc(tmp_meta_session, &tmp_meta_obj); if (rv != CKR_OK) { goto finish; } rv = meta_slot_object_alloc(&tmp_slot_obj); if (rv != CKR_OK) { goto finish; } tmp_meta_obj->master_clone_slotnum = src_slot_session->slotnum; tmp_slot_obj->hObject = unwrapped_obj; tmp_meta_obj->clones[tmp_meta_obj->master_clone_slotnum] = tmp_slot_obj; meta_slot_object_activate(tmp_slot_obj, src_slot_session, B_FALSE); tmp_slot_obj = NULL; rv = clone_by_create(tmp_meta_obj, new_clone, dst_slot_session); if (rv != CKR_OK) { goto finish; } } finish: if (unwrappingKey) { (void) FUNCLIST(dst_slot_session->fw_st_id)->C_DestroyObject( dst_slot_session->hSession, unwrappingKey); } if (wrappingKey) { (void) FUNCLIST(src_slot_session->fw_st_id)->C_DestroyObject( src_slot_session->hSession, wrappingKey); } if (tmp_slot_obj) { (void) meta_slot_object_dealloc(tmp_slot_obj); } if (tmp_meta_obj) { (void) meta_object_dealloc(tmp_meta_obj, B_TRUE); } if (tmp_meta_session) { (void) meta_session_dealloc(tmp_meta_session); } if (wrappedKey) { free(wrappedKey); } if (src_slot_session) { meta_release_slot_session(src_slot_session); } return (rv); } /* * meta_object_get_clone * * Creates a "clone" of a metaobject on the specified slot. A clone is a * copy of the object. * * Clones are cached, so that they can be reused with subsquent operations. */ CK_RV meta_object_get_clone(meta_object_t *object, CK_ULONG slot_num, slot_session_t *slot_session, slot_object_t **clone) { CK_RV rv = CKR_OK; slot_object_t *newclone = NULL; /* Does a clone already exist? */ if (object->clones[slot_num] != NULL) { *clone = object->clones[slot_num]; return (CKR_OK); } if ((object->isSensitive) && (object->isToken) && (!metaslot_auto_key_migrate)) { /* * if the object is a sensitive token object, and auto * key migrate is not allowed, will not create the clone * in another slot */ return (CKR_FUNCTION_FAILED); } /* object attributes can't be extracted and attributes are not known */ if ((!object->isExtractable) && (object->attributes == NULL)) { return (CKR_FUNCTION_FAILED); } /* * has an attempt already been made to create this object in * slot? If yes, and there's no clone, as indicated above, * that means this object can't be created in this slot. */ if (object->tried_create_clone[slot_num]) { return (CKR_FUNCTION_FAILED); } (void) pthread_mutex_lock(&object->clone_create_lock); /* Maybe someone just created one? */ if (object->clones[slot_num] != NULL) { *clone = object->clones[slot_num]; goto finish; } rv = meta_slot_object_alloc(&newclone); if (rv != CKR_OK) goto finish; object->tried_create_clone[slot_num] = B_TRUE; /* * If this object is sensitive and we do not have not copied in the * attributes via FreeObject functionality, then we need to wrap it off * the provider. If we do have attributes, we can just create the * clone */ if (object->isSensitive && object->attributes == NULL) { rv = clone_by_wrap(object, newclone, slot_session); } else { rv = clone_by_create(object, newclone, slot_session); } if (rv != CKR_OK) { goto finish; } object->clones[slot_num] = newclone; meta_slot_object_activate(newclone, slot_session, object->isToken); *clone = newclone; newclone = NULL; finish: (void) pthread_mutex_unlock(&object->clone_create_lock); if (newclone) meta_slot_object_dealloc(newclone); return (rv); } /* * meta_setup_clone_template * * Create a clone template for the specified object. */ static CK_RV meta_clone_template_setup(meta_object_t *object, const generic_attr_t *attributes, size_t num_attributes) { CK_RV rv = CKR_OK; CK_ATTRIBUTE *clone_template; size_t i, c = 0; clone_template = malloc(num_attributes * sizeof (CK_ATTRIBUTE)); if (clone_template == NULL) { rv = CKR_HOST_MEMORY; goto finish; } /* Don't allow attributes to change while we look at them. */ (void) pthread_rwlock_rdlock(&object->attribute_lock); for (i = 0; i < num_attributes; i++) { if (!attributes[i].isCloneAttr || (attributes[i].attribute.type == CKA_TOKEN && object->isFreeToken == FREE_DISABLED)) { continue; } if ((!(attributes[i].hasValueForClone)) && (attributes[i].canBeEmptyValue)) { continue; } clone_template[c].type = attributes[i].attribute.type; clone_template[c].ulValueLen = attributes[i].attribute.ulValueLen; /* Allocate space to store the attribute value. */ clone_template[c].pValue = malloc(clone_template[c].ulValueLen); if (clone_template[c].pValue == NULL) { rv = CKR_HOST_MEMORY; (void) pthread_rwlock_unlock(&object->attribute_lock); goto finish; } (void) memcpy(clone_template[c].pValue, object->attributes[i].attribute.pValue, clone_template[c].ulValueLen); c++; } (void) pthread_rwlock_unlock(&object->attribute_lock); object->clone_template = clone_template; object->clone_template_size = c; finish: return (rv); } /* * meta_object_find_by_handle * * Search for an existing metaobject, using the object handle of a clone * on a particular slot. * * Returns a matching metaobject, or NULL if no match was found. */ meta_object_t * meta_object_find_by_handle(CK_OBJECT_HANDLE hObject, CK_ULONG slotnum, boolean_t token_only) { meta_object_t *object = NULL, *tmp_obj; meta_session_t *session; if (!token_only) { (void) pthread_rwlock_rdlock(&meta_sessionlist_lock); session = meta_sessionlist_head; while (session != NULL) { /* lock the objects list while we look at it */ (void) pthread_rwlock_rdlock( &(session->object_list_lock)); tmp_obj = session->object_list_head; while (tmp_obj != NULL) { slot_object_t *slot_object; (void) pthread_rwlock_rdlock( &(tmp_obj->object_lock)); slot_object = tmp_obj->clones[slotnum]; if (slot_object != NULL) { if (slot_object->hObject == hObject) { object = tmp_obj; } } (void) pthread_rwlock_unlock( &(tmp_obj->object_lock)); if (object != NULL) { break; } tmp_obj = tmp_obj->next; } (void) pthread_rwlock_unlock( &(session->object_list_lock)); if (object != NULL) { break; } session = session->next; } (void) pthread_rwlock_unlock(&meta_sessionlist_lock); } if (object != NULL) { /* found the object, no need to look further */ return (object); } /* * Look at list of token objects */ (void) pthread_rwlock_rdlock(&tokenobject_list_lock); tmp_obj = tokenobject_list_head; while (tmp_obj != NULL) { slot_object_t *slot_object; (void) pthread_rwlock_rdlock(&(tmp_obj->object_lock)); slot_object = tmp_obj->clones[slotnum]; if (slot_object != NULL) { if (slot_object->hObject == hObject) object = tmp_obj; } (void) pthread_rwlock_unlock(&(tmp_obj->object_lock)); if (object != NULL) { break; } tmp_obj = tmp_obj->next; } (void) pthread_rwlock_unlock(&tokenobject_list_lock); return (object); } CK_RV meta_token_object_deactivate(token_obj_type_t token_type) { meta_object_t *object, *tmp_object; CK_RV save_rv = CKR_OK, rv; /* get a write lock on the token object list */ (void) pthread_rwlock_wrlock(&tokenobject_list_lock); object = tokenobject_list_head; /* go through each object and delete the one with matching type */ while (object != NULL) { tmp_object = object->next; if ((token_type == ALL_TOKEN) || ((object->isPrivate) && (token_type == PRIVATE_TOKEN)) || ((!object->isPrivate) && (token_type == PUBLIC_TOKEN))) { rv = meta_object_deactivate(object, B_TRUE, B_FALSE); if ((rv != CKR_OK) && (save_rv == CKR_OK)) { save_rv = rv; goto finish; } rv = meta_object_dealloc(object, B_FALSE); if ((rv != CKR_OK) && (save_rv == CKR_OK)) { save_rv = rv; goto finish; } } object = tmp_object; } finish: (void) pthread_rwlock_unlock(&tokenobject_list_lock); return (save_rv); } /* * This function adds the to-be-freed meta object to a linked list. * When the number of objects queued in the linked list reaches the * maximum threshold MAX_OBJ_TO_BE_FREED, it will free the first * object (FIFO) in the list. */ void meta_object_delay_free(meta_object_t *objp) { meta_object_t *tmp; (void) pthread_mutex_lock(&obj_delay_freed.obj_to_be_free_mutex); /* Add the newly deleted object at the end of the list */ objp->next = NULL; if (obj_delay_freed.first == NULL) { obj_delay_freed.last = objp; obj_delay_freed.first = objp; } else { obj_delay_freed.last->next = objp; obj_delay_freed.last = objp; } if (++obj_delay_freed.count >= MAX_OBJ_TO_BE_FREED) { /* * Free the first object in the list only if * the total count reaches maximum threshold. */ obj_delay_freed.count--; tmp = obj_delay_freed.first->next; free(obj_delay_freed.first); obj_delay_freed.first = tmp; } (void) pthread_mutex_unlock(&obj_delay_freed.obj_to_be_free_mutex); } /* * This function checks if the object passed can be a freeobject. * * If there is more than one provider that supports the supported freeobject * mechanisms then allow freeobjects to be an option. */ boolean_t meta_freeobject_check(meta_session_t *session, meta_object_t *object, CK_MECHANISM *pMech, CK_ATTRIBUTE *tmpl, CK_ULONG tmpl_len, CK_KEY_TYPE keytype) { mech_support_info_t *info = &(session->mech_support_info); /* * If key migration is turned off, or the object does not has any of * the required flags and there is only one slot, then we don't need * FreeObjects. */ if (!metaslot_auto_key_migrate || (!object->isToken && !object->isSensitive && meta_slotManager_get_slotcount() < 2)) goto failure; /* * If this call is for key generation, check pMech for supported * FreeObject mechs */ if (pMech != NULL) { if (pMech->mechanism == CKM_RSA_PKCS_KEY_PAIR_GEN || pMech->mechanism == CKM_EC_KEY_PAIR_GEN || pMech->mechanism == CKM_DH_PKCS_KEY_PAIR_GEN || pMech->mechanism == CKM_DH_PKCS_DERIVE) info->mech = pMech->mechanism; else goto failure; /* * If this call is for an object creation, look inside the template * for supported FreeObject mechs */ } else if (tmpl_len > 0) { if (!get_template_ulong(CKA_KEY_TYPE, tmpl, tmpl_len, &keytype)) goto failure; switch (keytype) { case CKK_RSA: info->mech = CKM_RSA_PKCS_KEY_PAIR_GEN; break; case CKK_EC: info->mech = CKM_EC_KEY_PAIR_GEN; break; case CKK_DH: info->mech = CKM_DH_PKCS_KEY_PAIR_GEN; break; default: goto failure; } } else goto failure; /* Get the slot that support this mech... */ if (meta_mechManager_get_slots(info, B_FALSE) != CKR_OK) goto failure; /* * If there is only one slot with the mech or the first slot in * the list is the keystore slot, we should bail. */ if (info->num_supporting_slots < 2 && info->supporting_slots[0]->slotnum == get_keystore_slotnum()) goto failure; if (object->isToken) object->isFreeToken = FREE_ALLOWED_KEY; else object->isFreeToken = FREE_DISABLED; object->isFreeObject = FREE_ALLOWED_KEY; return (B_TRUE); failure: object->isFreeToken = FREE_DISABLED; object->isFreeObject = FREE_DISABLED; return (B_FALSE); } /* * This function assumes meta_freeobject_check() has just been called and set * the isFreeObject and/or isFreeToken vars to FREE_ALLOWED_KEY. * * If the template value for CKA_PRIVATE, CKA_SENSITIVE and/or CKA_TOKEN are * true, then isFreeObject is fully enabled. In addition isFreeToken is * enabled if is CKA_TOKEN true. * * If create is true, we are doing a C_CreateObject operation and don't * handle CKA_PRIVATE & CKA_SENSITIVE flags, we only care about CKA_TOKEN. */ boolean_t meta_freeobject_set(meta_object_t *object, CK_ATTRIBUTE *tmpl, CK_ULONG tmpl_len, boolean_t create) { /* This check should never be true, if it is, it's a bug */ if (object->isFreeObject < FREE_ALLOWED_KEY) return (B_FALSE); if (!create) { /* Turn off the Sensitive flag */ if (object->isSensitive) { if (set_template_boolean(CKA_SENSITIVE, tmpl, tmpl_len, B_TRUE, &falsevalue) == -1) goto failure; object->isFreeObject = FREE_ENABLED; } /* Turn off the Private flag */ if (object->isPrivate) { if (set_template_boolean(CKA_PRIVATE, tmpl, tmpl_len, B_TRUE, &falsevalue) == -1) goto failure; object->isFreeObject = FREE_ENABLED; } } if (object->isToken) { object->isToken = B_FALSE; object->isFreeToken = FREE_ENABLED; object->isFreeObject = FREE_ENABLED; } else object->isFreeToken = FREE_DISABLED; /* * If isFreeObject is not in the FREE_ENABLED state yet, it can be * turned off because the object doesn't not need to be a FreeObject. */ if (object->isFreeObject == FREE_ALLOWED_KEY) object->isFreeObject = FREE_DISABLED; return (B_TRUE); failure: object->isFreeToken = FREE_DISABLED; object->isFreeObject = FREE_DISABLED; return (B_FALSE); } /* * This function sets the CKA_TOKEN flag on a given object template depending * if the slot being used is a keystore. * * If the object is a token, but the slot is not the system keystore or has * no keystore, then set the template to token = false; otherwise it's true. * In addition we know ahead of time what the value is, so if the value is * already correct, bypass the setting function */ CK_RV meta_freetoken_set(CK_ULONG slot_num, CK_BBOOL *current_value, CK_ATTRIBUTE *tmpl, CK_ULONG tmpl_len) { if (slot_num == get_keystore_slotnum()) { if (*current_value == TRUE) return (CKR_OK); if (set_template_boolean(CKA_TOKEN, tmpl, tmpl_len, B_TRUE, &truevalue) == -1) return (CKR_FUNCTION_FAILED); } else { if (*current_value == FALSE) return (CKR_OK); if (set_template_boolean(CKA_TOKEN, tmpl, tmpl_len, B_TRUE, &falsevalue) == -1) return (CKR_FUNCTION_FAILED); *current_value = FALSE; } return (CKR_OK); } /* * Cloning function for meta_freeobject_clone() to use. This function * is streamlined because we know what the object is and this should * not be called as a generic cloner. */ static CK_RV meta_freeobject_clone_maker(meta_session_t *session, meta_object_t *object, CK_ULONG slotnum) { slot_object_t *slot_object = NULL; slot_session_t *slot_session = NULL; CK_RV rv; rv = meta_slot_object_alloc(&slot_object); if (rv != CKR_OK) goto cleanup; rv = meta_get_slot_session(slotnum, &slot_session, session->session_flags); if (rv != CKR_OK) goto cleanup; rv = clone_by_create(object, slot_object, slot_session); if (rv == CKR_OK) { object->clones[slotnum] = slot_object; meta_slot_object_activate(slot_object, slot_session, B_TRUE); } cleanup: meta_release_slot_session(slot_session); return (rv); } /* * This function is called when a object is a FreeObject. * * What we are given is an object that has been generated on a provider * that is not its final usage place. That maybe because: * 1) it's a token and needs to be stored in keystore. * 2) it was to be a private/sensitive object that we modified so we could know * the important attributes for cloning before we make it private/sensitive. */ boolean_t meta_freeobject_clone(meta_session_t *session, meta_object_t *object) { CK_RV rv; CK_ULONG keystore_slotnum; CK_ATTRIBUTE attr[2]; boolean_t failover = B_FALSE; if (object->attributes == NULL) { rv = meta_object_copyin(object); if (rv != CKR_OK) return (rv); } if (object->isPrivate) { CK_OBJECT_HANDLE new_clone; CK_ULONG slotnum = object->master_clone_slotnum; slot_session_t *slot_session; attr[0].type = CKA_PRIVATE; attr[0].pValue = &truevalue; attr[0].ulValueLen = sizeof (truevalue); /* Set the master attribute list */ rv = attribute_set_value(attr, object->attributes, object->num_attributes); if (rv > 0) return (CKR_FUNCTION_FAILED); /* Get a slot session */ rv = meta_get_slot_session(slotnum, &slot_session, session->session_flags); if (rv > 0) return (rv); /* Create the new CKA_PRIVATE one */ rv = FUNCLIST(slot_session->fw_st_id)->\ C_CopyObject(slot_session->hSession, object->clones[slotnum]->hObject, attr, 1, &new_clone); if (rv == CKR_USER_NOT_LOGGED_IN) { /* * If the CopyObject fails, we may be using a provider * that has a keystore that is not the default * keystore set in metaslot or has object management * abilities. In which case we should write this * object to metaslot's keystore and let the failover. * rest of the function know we've changed providers. */ failover = B_TRUE; keystore_slotnum = get_keystore_slotnum(); if (object->clones[keystore_slotnum] == NULL) { rv = meta_freeobject_clone_maker(session, object, keystore_slotnum); if (rv != CKR_OK) { goto failure; } } object->master_clone_slotnum = keystore_slotnum; } else if (rv != CKR_OK) { meta_release_slot_session(slot_session); goto failure; } /* Remove the old object */ rv = FUNCLIST(slot_session->fw_st_id)-> \ C_DestroyObject(slot_session->hSession, object->clones[slotnum]->hObject); if (rv != CKR_OK) { meta_release_slot_session(slot_session); goto failure; } if (!failover) object->clones[slotnum]->hObject = new_clone; else object->clones[slotnum] = NULL; meta_release_slot_session(slot_session); } if (object->isSensitive) { slot_session_t *slot_session; CK_ULONG slotnum = object->master_clone_slotnum; attr[0].type = CKA_SENSITIVE; attr[0].pValue = &truevalue; attr[0].ulValueLen = sizeof (truevalue); rv = attribute_set_value(attr, object->attributes, object->num_attributes); if (rv != CKR_OK) goto failure; rv = meta_get_slot_session(slotnum, &slot_session, session->session_flags); if (rv == CKR_OK) { rv = FUNCLIST(slot_session->fw_st_id)-> \ C_SetAttributeValue(slot_session->hSession, object->clones[slotnum]->hObject, attr, 1); meta_release_slot_session(slot_session); } } if (object->isFreeToken == FREE_ENABLED || failover) { keystore_slotnum = get_keystore_slotnum(); if (object->clones[keystore_slotnum] == NULL) { rv = meta_freeobject_clone_maker(session, object, keystore_slotnum); if (rv != CKR_OK) goto failure; object->master_clone_slotnum = keystore_slotnum; } object->isFreeToken = FREE_ENABLED; } object->isFreeObject = FREE_ENABLED; return (CKR_OK); failure: object->isFreeToken = FREE_DISABLED; object->isFreeObject = FREE_DISABLED; return (rv); }