xref: /illumos-gate/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeys.c (revision 7d1e83948cb684521e72cab96020be241508f449)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <security/cryptoki.h>
27 #include "softGlobal.h"
28 #include "softSession.h"
29 #include "softKeys.h"
30 #include "softOps.h"
31 
32 
33 CK_RV
34 C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
35     CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey)
36 {
37 
38 	CK_RV		rv;
39 	soft_session_t	*session_p;
40 	boolean_t	lock_held = B_FALSE;
41 
42 	if (!softtoken_initialized)
43 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
44 
45 	/* Obtain the session pointer. */
46 	rv = handle2session(hSession, &session_p);
47 	if (rv != CKR_OK)
48 		return (rv);
49 
50 	if ((pMechanism == NULL) || (phKey == NULL)) {
51 		rv = CKR_ARGUMENTS_BAD;
52 		goto clean_exit;
53 	}
54 
55 	if ((pTemplate == NULL) && (ulCount != 0)) {
56 		rv = CKR_ARGUMENTS_BAD;
57 		goto clean_exit;
58 	}
59 
60 	rv = soft_genkey(session_p, pMechanism, pTemplate,
61 	    ulCount, phKey);
62 
63 clean_exit:
64 	SES_REFRELE(session_p, lock_held);
65 	return (rv);
66 
67 }
68 
69 
70 CK_RV
71 C_GenerateKeyPair(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
72     CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount,
73     CK_ATTRIBUTE_PTR pPrivateKeyTemplate, CK_ULONG ulPrivateKeyAttributeCount,
74     CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey)
75 {
76 
77 	CK_RV		rv;
78 	soft_session_t	*session_p;
79 	boolean_t	lock_held = B_FALSE;
80 
81 	if (!softtoken_initialized)
82 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
83 
84 	/* Obtain the session pointer. */
85 	rv = handle2session(hSession, &session_p);
86 	if (rv != CKR_OK)
87 		return (rv);
88 
89 	if ((pMechanism == NULL) || (phPublicKey == NULL) ||
90 	    (phPrivateKey == NULL)) {
91 		rv = CKR_ARGUMENTS_BAD;
92 		goto clean_exit;
93 	}
94 
95 	if ((pPublicKeyTemplate == NULL) ||
96 	    (ulPublicKeyAttributeCount == 0)) {
97 		rv = CKR_ARGUMENTS_BAD;
98 		goto clean_exit;
99 	}
100 
101 	if ((pPrivateKeyTemplate == NULL) &&
102 	    (ulPrivateKeyAttributeCount != 0)) {
103 		rv = CKR_ARGUMENTS_BAD;
104 		goto clean_exit;
105 	}
106 
107 	rv = soft_genkey_pair(session_p, pMechanism, pPublicKeyTemplate,
108 	    ulPublicKeyAttributeCount, pPrivateKeyTemplate,
109 	    ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey);
110 
111 clean_exit:
112 	SES_REFRELE(session_p, lock_held);
113 	return (rv);
114 }
115 
116 CK_RV
117 C_WrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
118     CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
119     CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen)
120 {
121 	CK_RV		rv;
122 	soft_session_t	*session_p;
123 	soft_object_t	*wrappingkey_p;
124 	soft_object_t	*hkey_p;
125 	boolean_t	lock_held = B_FALSE;
126 
127 	if (!softtoken_initialized)
128 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
129 
130 	/* Obtain the session pointer. */
131 	rv = handle2session(hSession, &session_p);
132 	if (rv != CKR_OK)
133 		return (rv);
134 
135 	if (pMechanism == NULL) {
136 		rv = CKR_ARGUMENTS_BAD;
137 		goto clean_exit;
138 	}
139 
140 	if (pulWrappedKeyLen == NULL) {
141 		rv = CKR_ARGUMENTS_BAD;
142 		goto clean_exit;
143 	}
144 
145 	/* Obtain the wrapping key object pointer. */
146 	HANDLE2OBJECT(hWrappingKey, wrappingkey_p, rv);
147 	if (rv != CKR_OK) {
148 		rv = CKR_WRAPPING_KEY_HANDLE_INVALID;
149 		goto clean_exit;
150 	}
151 
152 	/* Obtain the to-be-wrapped key object pointer. */
153 	HANDLE2OBJECT(hKey, hkey_p, rv);
154 	if (rv != CKR_OK)
155 		goto clean_exit1;
156 
157 	/* Check if given wrapping key may be used for wrapping. */
158 	if (!(wrappingkey_p->bool_attr_mask & WRAP_BOOL_ON)) {
159 		rv = CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
160 		goto clean_exit2;
161 	}
162 
163 	/* Check if given wrapping key may be used for encryption. */
164 	if (!(wrappingkey_p->bool_attr_mask & ENCRYPT_BOOL_ON)) {
165 		rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
166 		goto clean_exit2;
167 	}
168 
169 	/*
170 	 * Check to see if key to be wrapped is extractable.
171 	 * Note: this should always be true for softtoken keys.
172 	 */
173 	if (!(hkey_p->bool_attr_mask & EXTRACTABLE_BOOL_ON)) {
174 		rv = CKR_KEY_UNEXTRACTABLE;
175 		goto clean_exit2;
176 	}
177 
178 	(void) pthread_mutex_lock(&session_p->session_mutex);
179 	lock_held = B_TRUE;
180 
181 	/*
182 	 * Wrapping key objects requires calling encrypt operations.
183 	 * Check to see if encrypt operation is already active.
184 	 */
185 	if (session_p->encrypt.flags & CRYPTO_OPERATION_ACTIVE) {
186 		/* free the memory to avoid memory leak */
187 		soft_crypt_cleanup(session_p, B_TRUE, lock_held);
188 	}
189 
190 	/* This active flag will remain ON while wrapping the key. */
191 	session_p->encrypt.flags = CRYPTO_OPERATION_ACTIVE;
192 
193 	(void) pthread_mutex_unlock(&session_p->session_mutex);
194 	lock_held = B_FALSE;
195 
196 	rv = soft_wrapkey(session_p, pMechanism, wrappingkey_p,
197 	    hkey_p, pWrappedKey, pulWrappedKeyLen);
198 
199 	(void) pthread_mutex_lock(&session_p->session_mutex);
200 
201 	lock_held = B_TRUE;
202 	session_p->encrypt.flags = 0;
203 
204 	if ((rv == CKR_OK && pWrappedKey == NULL) ||
205 	    rv == CKR_BUFFER_TOO_SMALL)
206 		soft_crypt_cleanup(session_p, B_TRUE, lock_held);
207 
208 clean_exit2:
209 	OBJ_REFRELE(hkey_p);
210 clean_exit1:
211 	OBJ_REFRELE(wrappingkey_p);
212 clean_exit:
213 	SES_REFRELE(session_p, lock_held);
214 	return (rv);
215 }
216 
217 CK_RV
218 C_UnwrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
219     CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey,
220     CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate,
221     CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
222 {
223 	CK_RV		rv;
224 	soft_session_t	*session_p;
225 	soft_object_t	*unwrappingkey_p;
226 	boolean_t	lock_held = B_FALSE;
227 
228 	if (!softtoken_initialized)
229 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
230 
231 	/* Obtain the session pointer. */
232 	rv = handle2session(hSession, &session_p);
233 	if (rv != CKR_OK)
234 		return (rv);
235 
236 	if (pMechanism == NULL) {
237 		rv = CKR_ARGUMENTS_BAD;
238 		goto clean_exit;
239 	}
240 
241 	if ((pTemplate == NULL) || (ulAttributeCount == 0)) {
242 		rv = CKR_ARGUMENTS_BAD;
243 		goto clean_exit;
244 	}
245 
246 	if ((pWrappedKey == NULL) || (ulWrappedKeyLen == 0)) {
247 		rv = CKR_ARGUMENTS_BAD;
248 		goto clean_exit;
249 	}
250 
251 	if (phKey == NULL) {
252 		rv = CKR_ARGUMENTS_BAD;
253 		goto clean_exit;
254 	}
255 
256 	/* Obtain the unwrapping key object pointer. */
257 	HANDLE2OBJECT(hUnwrappingKey, unwrappingkey_p, rv);
258 	if (rv != CKR_OK) {
259 		rv = CKR_UNWRAPPING_KEY_HANDLE_INVALID;
260 		goto clean_exit;
261 	}
262 
263 	/* Check if given unwrapping key may be used for unwrapping. */
264 	if (!(unwrappingkey_p->bool_attr_mask & UNWRAP_BOOL_ON)) {
265 		rv = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
266 		goto clean_exit1;
267 	}
268 
269 	/* Check if given unwrapping key may be used to decrypt. */
270 	if (!(unwrappingkey_p->bool_attr_mask & DECRYPT_BOOL_ON)) {
271 		rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
272 		goto clean_exit1;
273 	}
274 
275 	(void) pthread_mutex_lock(&session_p->session_mutex);
276 	lock_held = B_TRUE;
277 
278 	/*
279 	 * Unwrapping key objects requires calling decrypt operations.
280 	 * Check to see if decrypt operation is already active.
281 	 */
282 	if (session_p->decrypt.flags & CRYPTO_OPERATION_ACTIVE) {
283 		/* free the memory to avoid memory leak */
284 		soft_crypt_cleanup(session_p, B_FALSE, lock_held);
285 	}
286 
287 	/*
288 	 * This active flag will remain ON until application
289 	 * is done unwrapping the key.
290 	 */
291 	session_p->decrypt.flags = CRYPTO_OPERATION_ACTIVE;
292 
293 	(void) pthread_mutex_unlock(&session_p->session_mutex);
294 	lock_held = B_FALSE;
295 
296 	rv = soft_unwrapkey(session_p, pMechanism, unwrappingkey_p,
297 	    pWrappedKey, ulWrappedKeyLen, pTemplate, ulAttributeCount,
298 	    phKey);
299 
300 	(void) pthread_mutex_lock(&session_p->session_mutex);
301 
302 	if ((rv == CKR_OK && pWrappedKey == NULL) ||
303 	    rv == CKR_BUFFER_TOO_SMALL)
304 		soft_crypt_cleanup(session_p, B_TRUE, lock_held);
305 
306 	session_p->decrypt.flags = 0;
307 	lock_held = B_TRUE;
308 
309 clean_exit1:
310 	OBJ_REFRELE(unwrappingkey_p);
311 clean_exit:
312 	SES_REFRELE(session_p, lock_held);
313 	return (rv);
314 }
315 
316 
317 CK_RV
318 C_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
319     CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate,
320     CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
321 {
322 
323 	CK_RV		rv;
324 	soft_session_t	*session_p;
325 	soft_object_t	*basekey_p;
326 	boolean_t	lock_held = B_FALSE;
327 
328 	if (!softtoken_initialized)
329 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
330 
331 	/* Obtain the session pointer. */
332 	rv = handle2session(hSession, &session_p);
333 	if (rv != CKR_OK)
334 		return (rv);
335 
336 	if (pMechanism == NULL) {
337 		rv = CKR_ARGUMENTS_BAD;
338 		goto clean_exit;
339 	}
340 
341 	if (((pTemplate != NULL) && (ulAttributeCount == 0)) ||
342 	    ((pTemplate == NULL) && (ulAttributeCount != 0))) {
343 		rv = CKR_ARGUMENTS_BAD;
344 		goto clean_exit;
345 	}
346 
347 	/* Obtain the private key object pointer. */
348 	HANDLE2OBJECT(hBaseKey, basekey_p, rv);
349 	if (rv != CKR_OK)
350 		goto clean_exit;
351 
352 	/* Check to see if key object allows for derivation. */
353 	if (!(basekey_p->bool_attr_mask & DERIVE_BOOL_ON)) {
354 		rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
355 		goto clean_exit1;
356 	}
357 
358 	rv = soft_derivekey(session_p, pMechanism, basekey_p,
359 	    pTemplate, ulAttributeCount, phKey);
360 
361 clean_exit1:
362 	OBJ_REFRELE(basekey_p);
363 clean_exit:
364 	SES_REFRELE(session_p, lock_held);
365 	return (rv);
366 }
367