1 /*
2 * Common Public License Version 0.5
3 *
4 * THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF
5 * THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE,
6 * REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES
7 * RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
8 *
9 * 1. DEFINITIONS
10 *
11 * "Contribution" means:
12 * a) in the case of the initial Contributor, the
13 * initial code and documentation distributed under
14 * this Agreement, and
15 *
16 * b) in the case of each subsequent Contributor:
17 * i) changes to the Program, and
18 * ii) additions to the Program;
19 *
20 * where such changes and/or additions to the Program
21 * originate from and are distributed by that
22 * particular Contributor. A Contribution 'originates'
23 * from a Contributor if it was added to the Program
24 * by such Contributor itself or anyone acting on such
25 * Contributor's behalf. Contributions do not include
26 * additions to the Program which: (i) are separate
27 * modules of software distributed in conjunction with
28 * the Program under their own license agreement, and
29 * (ii) are not derivative works of the Program.
30 *
31 *
32 * "Contributor" means any person or entity that distributes
33 * the Program.
34 *
35 * "Licensed Patents " mean patent claims licensable by a
36 * Contributor which are necessarily infringed by the use or
37 * sale of its Contribution alone or when combined with the
38 * Program.
39 *
40 * "Program" means the Contributions distributed in
41 * accordance with this Agreement.
42 *
43 * "Recipient" means anyone who receives the Program under
44 * this Agreement, including all Contributors.
45 *
46 * 2. GRANT OF RIGHTS
47 *
48 * a) Subject to the terms of this Agreement, each
49 * Contributor hereby grants Recipient a
50 * no - exclusive, worldwide, royalt - free copyright
51 * license to reproduce, prepare derivative works of,
52 * publicly display, publicly perform, distribute and
53 * sublicense the Contribution of such Contributor, if
54 * any, and such derivative works, in source code and
55 * object code form.
56 *
57 * b) Subject to the terms of this Agreement, each
58 * Contributor hereby grants Recipient a
59 * no - exclusive, worldwide, royalt - free patent
60 * license under Licensed Patents to make, use, sell,
61 * offer to sell, import and otherwise transfer the
62 * Contribution of such Contributor, if any, in source
63 * code and object code form. This patent license
64 * shall apply to the combination of the Contribution
65 * and the Program if, at the time the Contribution is
66 * added by the Contributor, such addition of the
67 * Contribution causes such combination to be covered
68 * by the Licensed Patents. The patent license shall
69 * not apply to any other combinations which include
70 * the Contribution. No hardware per se is licensed
71 * hereunder.
72 *
73 * c) Recipient understands that although each
74 * Contributor grants the licenses to its
75 * Contributions set forth herein, no assurances are
76 * provided by any Contributor that the Program does
77 * not infringe the patent or other intellectual
78 * property rights of any other entity. Each
79 * Contributor disclaims any liability to Recipient
80 * for claims brought by any other entity based on
81 * infringement of intellectual property rights or
82 * otherwise. As a condition to exercising the rights
83 * and licenses granted hereunder, each Recipient
84 * hereby assumes sole responsibility to secure any
85 * other intellectual property rights needed, if any.
86 *
87 * For example, if a third party patent license is
88 * required to allow Recipient to distribute the
89 * Program, it is Recipient's responsibility to
90 * acquire that license before distributing the
91 * Program.
92 *
93 * d) Each Contributor represents that to its
94 * knowledge it has sufficient copyright rights in its
95 * Contribution, if any, to grant the copyright
96 * license set forth in this Agreement.
97 *
98 * 3. REQUIREMENTS
99 *
100 * A Contributor may choose to distribute the Program in
101 * object code form under its own license agreement, provided
102 * that:
103 * a) it complies with the terms and conditions of
104 * this Agreement; and
105 *
106 * b) its license agreement:
107 * i) effectively disclaims on behalf of all
108 * Contributors all warranties and conditions, express
109 * and implied, including warranties or conditions of
110 * title and no - infringement, and implied warranties
111 * or conditions of merchantability and fitness for a
112 * particular purpose;
113 *
114 * ii) effectively excludes on behalf of all
115 * Contributors all liability for damages, including
116 * direct, indirect, special, incidental and
117 * consequential damages, such as lost profits;
118 *
119 * iii) states that any provisions which differ from
120 * this Agreement are offered by that Contributor
121 * alone and not by any other party; and
122 *
123 * iv) states that source code for the Program is
124 * available from such Contributor, and informs
125 * licensees how to obtain it in a reasonable manner
126 * on or through a medium customarily used for
127 * software exchange.
128 *
129 * When the Program is made available in source code form:
130 * a) it must be made available under this Agreement;
131 * and
132 * b) a copy of this Agreement must be included with
133 * each copy of the Program.
134 *
135 * Contributors may not remove or alter any copyright notices
136 * contained within the Program.
137 *
138 * Each Contributor must identify itself as the originator of
139 * its Contribution, if any, in a manner that reasonably
140 * allows subsequent Recipients to identify the originator of
141 * the Contribution.
142 *
143 *
144 * 4. COMMERCIAL DISTRIBUTION
145 *
146 * Commercial distributors of software may accept certain
147 * responsibilities with respect to end users, business
148 * partners and the like. While this license is intended to
149 * facilitate the commercial use of the Program, the
150 * Contributor who includes the Program in a commercial
151 * product offering should do so in a manner which does not
152 * create potential liability for other Contributors.
153 * Therefore, if a Contributor includes the Program in a
154 * commercial product offering, such Contributor ("Commercial
155 * Contributor") hereby agrees to defend and indemnify every
156 * other Contributor ("Indemnified Contributor") against any
157 * losses, damages and costs (collectively "Losses") arising
158 * from claims, lawsuits and other legal actions brought by a
159 * third party against the Indemnified Contributor to the
160 * extent caused by the acts or omissions of such Commercial
161 * Contributor in connection with its distribution of the
162 * Program in a commercial product offering. The obligations
163 * in this section do not apply to any claims or Losses
164 * relating to any actual or alleged intellectual property
165 * infringement. In order to qualify, an Indemnified
166 * Contributor must: a) promptly notify the Commercial
167 * Contributor in writing of such claim, and b) allow the
168 * Commercial Contributor to control, and cooperate with the
169 * Commercial Contributor in, the defense and any related
170 * settlement negotiations. The Indemnified Contributor may
171 * participate in any such claim at its own expense.
172 *
173 *
174 * For example, a Contributor might include the Program in a
175 * commercial product offering, Product X. That Contributor
176 * is then a Commercial Contributor. If that Commercial
177 * Contributor then makes performance claims, or offers
178 * warranties related to Product X, those performance claims
179 * and warranties are such Commercial Contributor's
180 * responsibility alone. Under this section, the Commercial
181 * Contributor would have to defend claims against the other
182 * Contributors related to those performance claims and
183 * warranties, and if a court requires any other Contributor
184 * to pay any damages as a result, the Commercial Contributor
185 * must pay those damages.
186 *
187 *
188 * 5. NO WARRANTY
189 *
190 * EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE
191 * PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT
192 * WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
193 * IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR
194 * CONDITIONS OF TITLE, NO - INFRINGEMENT, MERCHANTABILITY OR
195 * FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely
196 * responsible for determining the appropriateness of using
197 * and distributing the Program and assumes all risks
198 * associated with its exercise of rights under this
199 * Agreement, including but not limited to the risks and
200 * costs of program errors, compliance with applicable laws,
201 * damage to or loss of data, programs or equipment, and
202 * unavailability or interruption of operations.
203 *
204 * 6. DISCLAIMER OF LIABILITY
205 * EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER
206 * RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY
207 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
208 * OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION
209 * LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF
210 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
211 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
212 * OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE
213 * OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE
214 * POSSIBILITY OF SUCH DAMAGES.
215 *
216 * 7. GENERAL
217 *
218 * If any provision of this Agreement is invalid or
219 * unenforceable under applicable law, it shall not affect
220 * the validity or enforceability of the remainder of the
221 * terms of this Agreement, and without further action by the
222 * parties hereto, such provision shall be reformed to the
223 * minimum extent necessary to make such provision valid and
224 * enforceable.
225 *
226 *
227 * If Recipient institutes patent litigation against a
228 * Contributor with respect to a patent applicable to
229 * software (including a cros - claim or counterclaim in a
230 * lawsuit), then any patent licenses granted by that
231 * Contributor to such Recipient under this Agreement shall
232 * terminate as of the date such litigation is filed. In
233 * addition, If Recipient institutes patent litigation
234 * against any entity (including a cros - claim or
235 * counterclaim in a lawsuit) alleging that the Program
236 * itself (excluding combinations of the Program with other
237 * software or hardware) infringes such Recipient's
238 * patent(s), then such Recipient's rights granted under
239 * Section 2(b) shall terminate as of the date such
240 * litigation is filed.
241 *
242 * All Recipient's rights under this Agreement shall
243 * terminate if it fails to comply with any of the material
244 * terms or conditions of this Agreement and does not cure
245 * such failure in a reasonable period of time after becoming
246 * aware of such noncompliance. If all Recipient's rights
247 * under this Agreement terminate, Recipient agrees to cease
248 * use and distribution of the Program as soon as reasonably
249 * practicable. However, Recipient's obligations under this
250 * Agreement and any licenses granted by Recipient relating
251 * to the Program shall continue and survive.
252 *
253 * Everyone is permitted to copy and distribute copies of
254 * this Agreement, but in order to avoid inconsistency the
255 * Agreement is copyrighted and may only be modified in the
256 * following manner. The Agreement Steward reserves the right
257 * to publish new versions (including revisions) of this
258 * Agreement from time to time. No one other than the
259 * Agreement Steward has the right to modify this Agreement.
260 *
261 * IBM is the initial Agreement Steward. IBM may assign the
262 * responsibility to serve as the Agreement Steward to a
263 * suitable separate entity. Each new version of the
264 * Agreement will be given a distinguishing version number.
265 * The Program (including Contributions) may always be
266 * distributed subject to the version of the Agreement under
267 * which it was received. In addition, after a new version of
268 * the Agreement is published, Contributor may elect to
269 * distribute the Program (including its Contributions) under
270 * the new version. Except as expressly stated in Sections
271 * 2(a) and 2(b) above, Recipient receives no rights or
272 * licenses to the intellectual property of any Contributor
273 * under this Agreement, whether expressly, by implication,
274 * estoppel or otherwise. All rights in the Program not
275 * expressly granted under this Agreement are reserved.
276 *
277 *
278 * This Agreement is governed by the laws of the State of New
279 * York and the intellectual property laws of the United
280 * States of America. No party to this Agreement will bring a
281 * legal action under this Agreement more than one year after
282 * the cause of action arose. Each party waives its rights to
283 * a jury trial in any resulting litigation.
284 *
285 *
286 *
287 * (C) COPYRIGHT International Business Machines Corp. 2001, 2002
288 */
289 /*
290 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
291 * Use is subject to license terms.
292 */
293 #include "tpmtok_int.h"
294
295 CK_ULONG
ber_encode_INTEGER(CK_BBOOL length_only,CK_BYTE ** ber_int,CK_ULONG * ber_int_len,CK_BYTE * data,CK_ULONG data_len)296 ber_encode_INTEGER(CK_BBOOL length_only,
297 CK_BYTE ** ber_int,
298 CK_ULONG * ber_int_len,
299 CK_BYTE * data,
300 CK_ULONG data_len)
301 {
302 CK_BYTE *buf = NULL;
303 CK_ULONG len;
304
305 /*
306 * if data_len < 127 use short form length id
307 * if data_len < 256 use long form length id with
308 * byte length field
309 * if data_len < 65536 use long form length id with
310 * byte length field
311 * if data_len < 16777216 use long form length id
312 * with byte length field
313 */
314 if (data_len < 128)
315 len = 1 + 1 + data_len;
316 else if (data_len < 256)
317 len = 1 + (1 + 1) + data_len;
318 else if (data_len < (1 << 16))
319 len = 1 + (1 + 2) + data_len;
320 else if (data_len < (1 << 24))
321 len = 1 + (1 + 3) + data_len;
322 else
323 return (CKR_FUNCTION_FAILED);
324
325 if (length_only == TRUE) {
326 *ber_int_len = len;
327 return (CKR_OK);
328 }
329
330 buf = (CK_BYTE *)malloc(len);
331 if (! buf) {
332 return (CKR_HOST_MEMORY);
333 }
334 if (data_len < 128) {
335 buf[0] = 0x02;
336 buf[1] = data_len;
337 (void) memcpy(&buf[2], data, data_len);
338
339 *ber_int_len = len;
340 *ber_int = buf;
341 return (CKR_OK);
342 }
343
344 if (data_len < 256) {
345 buf[0] = 0x02;
346 buf[1] = 0x81;
347 buf[2] = data_len;
348 (void) memcpy(&buf[3], data, data_len);
349
350 *ber_int_len = len;
351 *ber_int = buf;
352 return (CKR_OK);
353 }
354
355 if (data_len < (1 << 16)) {
356 buf[0] = 0x02;
357 buf[1] = 0x82;
358 buf[2] = (data_len >> 8) & 0xFF;
359 buf[3] = (data_len) & 0xFF;
360 (void) memcpy(&buf[4], data, data_len);
361
362 *ber_int_len = len;
363 *ber_int = buf;
364 return (CKR_OK);
365 }
366
367 if (data_len < (1 << 24)) {
368 buf[0] = 0x02;
369 buf[1] = 0x83;
370 buf[2] = (data_len >> 16) & 0xFF;
371 buf[3] = (data_len >> 8) & 0xFF;
372 buf[4] = (data_len) & 0xFF;
373 (void) memcpy(&buf[5], data, data_len);
374
375 *ber_int_len = len;
376 *ber_int = buf;
377 return (CKR_OK);
378 }
379
380 free(buf);
381 return (CKR_FUNCTION_FAILED);
382 }
383
384 CK_RV
ber_decode_INTEGER(CK_BYTE * ber_int,CK_BYTE ** data,CK_ULONG * data_len,CK_ULONG * field_len)385 ber_decode_INTEGER(CK_BYTE * ber_int,
386 CK_BYTE ** data,
387 CK_ULONG * data_len,
388 CK_ULONG * field_len)
389 {
390 CK_ULONG len, length_octets;
391
392 if (! ber_int) {
393 return (CKR_FUNCTION_FAILED);
394 }
395 if (ber_int[0] != 0x02) {
396 return (CKR_FUNCTION_FAILED);
397 }
398 if ((ber_int[1] & 0x80) == 0) {
399 len = ber_int[1] & 0x7F;
400
401 *data = &ber_int[2];
402 *data_len = len;
403 *field_len = 1 + 1 + len;
404 return (CKR_OK);
405 }
406
407 length_octets = ber_int[1] & 0x7F;
408
409 if (length_octets == 1) {
410 len = ber_int[2];
411
412 *data = &ber_int[3];
413 *data_len = len;
414 *field_len = 1 + (1 + 1) + len;
415 return (CKR_OK);
416 }
417
418 if (length_octets == 2) {
419 len = ber_int[2];
420 len = len << 8;
421 len |= ber_int[3];
422
423 *data = &ber_int[4];
424 *data_len = len;
425 *field_len = 1 + (1 + 2) + len;
426 return (CKR_OK);
427 }
428
429 if (length_octets == 3) {
430 len = ber_int[2];
431 len = len << 8;
432 len |= ber_int[3];
433 len = len << 8;
434 len |= ber_int[4];
435
436 *data = &ber_int[5];
437 *data_len = len;
438 *field_len = 1 + (1 + 3) + len;
439 return (CKR_OK);
440 }
441
442 return (CKR_FUNCTION_FAILED);
443 }
444
445 CK_RV
ber_encode_OCTET_STRING(CK_BBOOL length_only,CK_BYTE ** str,CK_ULONG * str_len,CK_BYTE * data,CK_ULONG data_len)446 ber_encode_OCTET_STRING(CK_BBOOL length_only,
447 CK_BYTE ** str,
448 CK_ULONG * str_len,
449 CK_BYTE * data,
450 CK_ULONG data_len)
451 {
452 CK_BYTE *buf = NULL;
453 CK_ULONG len;
454
455
456 /*
457 * if data_len < 128 use shor - form length id
458 * if data_len < 256 use lon - form length id with - byte length field
459 * if data_len < 65536 use lon - form length id with - byte length field
460 */
461 if (data_len < 128)
462 len = 1 + 1 + data_len;
463 else if (data_len < 256)
464 len = 1 + (1 + 1) + data_len;
465 else if (data_len < (1 << 16))
466 len = 1 + (1 + 2) + data_len;
467 else if (data_len < (1 << 24))
468 len = 1 + (1 + 3) + data_len;
469 else
470 return (CKR_FUNCTION_FAILED);
471
472 if (length_only == TRUE) {
473 *str_len = len;
474 return (CKR_OK);
475 }
476
477 buf = (CK_BYTE *)malloc(len);
478 if (! buf) {
479 return (CKR_HOST_MEMORY);
480 }
481
482 if (data_len < 128) {
483 buf[0] = 0x04; /* primitive, OCTET STRING */
484 buf[1] = data_len;
485 (void) memcpy(&buf[2], data, data_len);
486
487 *str_len = len;
488 *str = buf;
489 return (CKR_OK);
490 }
491
492 if (data_len < 256) {
493 buf[0] = 0x04; /* primitive, OCTET STRING */
494 buf[1] = 0x81; /* length header -- 1 length octets */
495 buf[2] = data_len;
496
497 (void) memcpy(&buf[3], data, data_len);
498
499 *str_len = len;
500 *str = buf;
501 return (CKR_OK);
502 }
503
504 if (data_len < (1 << 16)) {
505 buf[0] = 0x04; /* primitive, OCTET STRING */
506 buf[1] = 0x82; /* length header -- 2 length octets */
507 buf[2] = (data_len >> 8) & 0xFF;
508 buf[3] = (data_len) & 0xFF;
509
510 (void) memcpy(&buf[4], data, data_len);
511
512 *str_len = len;
513 *str = buf;
514 return (CKR_OK);
515 }
516
517 if (data_len < (1 << 24)) {
518 buf[0] = 0x04; /* primitive, OCTET STRING */
519 buf[1] = 0x83; /* length header -- 3 length octets */
520 buf[2] = (data_len >> 16) & 0xFF;
521 buf[3] = (data_len >> 8) & 0xFF;
522 buf[4] = (data_len) & 0xFF;
523
524 (void) memcpy(&buf[5], data, data_len);
525
526 *str_len = len;
527 *str = buf;
528 return (CKR_OK);
529 }
530
531 free(buf);
532 return (CKR_FUNCTION_FAILED);
533 }
534
535 CK_RV
ber_decode_OCTET_STRING(CK_BYTE * str,CK_BYTE ** data,CK_ULONG * data_len,CK_ULONG * field_len)536 ber_decode_OCTET_STRING(CK_BYTE * str,
537 CK_BYTE ** data,
538 CK_ULONG * data_len,
539 CK_ULONG * field_len)
540 {
541 CK_ULONG len, length_octets;
542
543 if (! str) {
544 return (CKR_FUNCTION_FAILED);
545 }
546 if (str[0] != 0x04) {
547 return (CKR_FUNCTION_FAILED);
548 }
549 if ((str[1] & 0x80) == 0) {
550 len = str[1] & 0x7F;
551
552 *data = &str[2];
553 *data_len = len;
554 *field_len = 1 + (1) + len;
555 return (CKR_OK);
556 }
557
558 length_octets = str[1] & 0x7F;
559
560 if (length_octets == 1) {
561 len = str[2];
562
563 *data = &str[3];
564 *data_len = len;
565 *field_len = 1 + (1 + 1) + len;
566 return (CKR_OK);
567 }
568
569 if (length_octets == 2) {
570 len = str[2];
571 len = len << 8;
572 len |= str[3];
573
574 *data = &str[4];
575 *data_len = len;
576 *field_len = 1 + (1 + 2) + len;
577 return (CKR_OK);
578 }
579
580 if (length_octets == 3) {
581 len = str[2];
582 len = len << 8;
583 len |= str[3];
584 len = len << 8;
585 len |= str[4];
586
587 *data = &str[5];
588 *data_len = len;
589 *field_len = 1 + (1 + 3) + len;
590 return (CKR_OK);
591 }
592
593 /* > 3 length octets implies a length > 16MB */
594 return (CKR_FUNCTION_FAILED);
595 }
596
597 CK_RV
ber_encode_SEQUENCE(CK_BBOOL length_only,CK_BYTE ** seq,CK_ULONG * seq_len,CK_BYTE * data,CK_ULONG data_len)598 ber_encode_SEQUENCE(CK_BBOOL length_only,
599 CK_BYTE ** seq,
600 CK_ULONG * seq_len,
601 CK_BYTE * data,
602 CK_ULONG data_len)
603 {
604 CK_BYTE *buf = NULL;
605 CK_ULONG len;
606
607 if (data_len < 128)
608 len = 1 + 1 + data_len;
609 else if (data_len < 256)
610 len = 1 + (1 + 1) + data_len;
611 else if (data_len < (1 << 16))
612 len = 1 + (1 + 2) + data_len;
613 else if (data_len < (1 << 24))
614 len = 1 + (1 + 3) + data_len;
615 else
616 return (CKR_FUNCTION_FAILED);
617
618 if (length_only == TRUE) {
619 *seq_len = len;
620 return (CKR_OK);
621 }
622
623 buf = (CK_BYTE *)malloc(len);
624 if (! buf) {
625 return (CKR_HOST_MEMORY);
626 }
627
628 if (data_len < 128) {
629 buf[0] = 0x30; /* constructed, SEQUENCE */
630 buf[1] = data_len;
631 (void) memcpy(&buf[2], data, data_len);
632
633 *seq_len = len;
634 *seq = buf;
635 return (CKR_OK);
636 }
637
638 if (data_len < 256) {
639 buf[0] = 0x30; /* constructed, SEQUENCE */
640 buf[1] = 0x81; /* length header -- 1 length octets */
641 buf[2] = data_len;
642
643 (void) memcpy(&buf[3], data, data_len);
644
645 *seq_len = len;
646 *seq = buf;
647 return (CKR_OK);
648 }
649
650 if (data_len < (1 << 16)) {
651 buf[0] = 0x30; /* constructed, SEQUENCE */
652 buf[1] = 0x82; /* length header -- 2 length octets */
653 buf[2] = (data_len >> 8) & 0xFF;
654 buf[3] = (data_len) & 0xFF;
655
656 (void) memcpy(&buf[4], data, data_len);
657
658 *seq_len = len;
659 *seq = buf;
660 return (CKR_OK);
661 }
662
663 if (data_len < (1 << 24)) {
664 buf[0] = 0x30; /* constructed, SEQUENCE */
665 buf[1] = 0x83; /* length header -- 3 length octets */
666 buf[2] = (data_len >> 16) & 0xFF;
667 buf[3] = (data_len >> 8) & 0xFF;
668 buf[4] = (data_len) & 0xFF;
669
670 (void) memcpy(&buf[5], data, data_len);
671
672 *seq_len = len;
673 *seq = buf;
674 return (CKR_OK);
675 }
676
677 return (CKR_FUNCTION_FAILED);
678 }
679
680 CK_RV
ber_decode_SEQUENCE(CK_BYTE * seq,CK_BYTE ** data,CK_ULONG * data_len,CK_ULONG * field_len)681 ber_decode_SEQUENCE(CK_BYTE * seq,
682 CK_BYTE ** data,
683 CK_ULONG * data_len,
684 CK_ULONG * field_len)
685 {
686 CK_ULONG len, length_octets;
687
688 if (! seq) {
689 return (CKR_FUNCTION_FAILED);
690 }
691 if (seq[0] != 0x30) {
692 return (CKR_FUNCTION_FAILED);
693 }
694 if ((seq[1] & 0x80) == 0) {
695 len = seq[1] & 0x7F;
696
697 *data = &seq[2];
698 *data_len = len;
699 *field_len = 1 + (1) + len;
700 return (CKR_OK);
701 }
702
703 length_octets = seq[1] & 0x7F;
704
705 if (length_octets == 1) {
706 len = seq[2];
707
708 *data = &seq[3];
709 *data_len = len;
710 *field_len = 1 + (1 + 1) + len;
711 return (CKR_OK);
712 }
713
714 if (length_octets == 2) {
715 len = seq[2];
716 len = len << 8;
717 len |= seq[3];
718
719 *data = &seq[4];
720 *data_len = len;
721 *field_len = 1 + (1 + 2) + len;
722 return (CKR_OK);
723 }
724
725 if (length_octets == 3) {
726 len = seq[2];
727 len = len << 8;
728 len |= seq[3];
729 len = len << 8;
730 len |= seq[4];
731
732 *data = &seq[5];
733 *data_len = len;
734 *field_len = 1 + (1 + 3) + len;
735 return (CKR_OK);
736 }
737
738 return (CKR_FUNCTION_FAILED);
739 }
740
741 /*
742 *
743 * PrivateKeyInfo ::= SEQUENCE {
744 * version Version -- always '0' for now
745 * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier
746 * privateKey PrivateKey
747 * attributes
748 * }
749 */
750 CK_RV
ber_encode_PrivateKeyInfo(CK_BBOOL length_only,CK_BYTE ** data,CK_ULONG * data_len,CK_BYTE * algorithm_id,CK_ULONG algorithm_id_len,CK_BYTE * priv_key,CK_ULONG priv_key_len)751 ber_encode_PrivateKeyInfo(CK_BBOOL length_only,
752 CK_BYTE ** data,
753 CK_ULONG * data_len,
754 CK_BYTE * algorithm_id,
755 CK_ULONG algorithm_id_len,
756 CK_BYTE * priv_key,
757 CK_ULONG priv_key_len)
758 {
759 CK_BYTE * buf = NULL;
760 CK_BYTE * tmp = NULL;
761 CK_BYTE version[] = { 0 };
762 CK_BYTE attrib[] = { 0x05, 0x00 };
763 CK_ULONG len, total;
764 CK_RV rc;
765
766 len = 0;
767
768 rc = ber_encode_INTEGER(TRUE, NULL, &total, version, sizeof (version));
769 if (rc != CKR_OK) {
770 return (rc);
771 }
772 else
773 len += total;
774
775 len += algorithm_id_len;
776
777 rc = ber_encode_OCTET_STRING(TRUE, NULL, &total,
778 priv_key, priv_key_len);
779
780 if (rc != CKR_OK)
781 return (rc);
782
783 len += total;
784
785 /* for this stuff, attributes are always NULL == 05 00 */
786 len += sizeof (attrib);
787
788 if (length_only == TRUE) {
789 rc = ber_encode_SEQUENCE(TRUE, NULL, &total, NULL, len);
790
791 if (rc == CKR_OK)
792 *data_len = total;
793 return (rc);
794 }
795
796 buf = (CK_BYTE *)malloc(len);
797 if (! buf) {
798 return (CKR_HOST_MEMORY);
799 }
800 len = 0;
801 rc = ber_encode_INTEGER(FALSE, &tmp, &total, version, sizeof (version));
802 if (rc != CKR_OK) {
803 goto error;
804 }
805 (void) memcpy(buf + len, tmp, total);
806 len += total;
807 free(tmp);
808
809 (void) memcpy(buf + len, algorithm_id, algorithm_id_len);
810 len += algorithm_id_len;
811
812 rc = ber_encode_OCTET_STRING(FALSE, &tmp, &total,
813 priv_key, priv_key_len);
814 if (rc != CKR_OK) {
815 goto error;
816 }
817 (void) memcpy(buf + len, tmp, total);
818 len += total;
819 free(tmp);
820
821 (void) memcpy(buf + len, attrib, sizeof (attrib));
822 len += sizeof (attrib);
823
824 rc = ber_encode_SEQUENCE(FALSE, data, data_len, buf, len);
825
826 error:
827 free(buf);
828 return (rc);
829 }
830
831 CK_RV
ber_decode_PrivateKeyInfo(CK_BYTE * data,CK_ULONG data_len,CK_BYTE ** algorithm,CK_ULONG * alg_len,CK_BYTE ** priv_key)832 ber_decode_PrivateKeyInfo(CK_BYTE * data,
833 CK_ULONG data_len,
834 CK_BYTE ** algorithm,
835 CK_ULONG * alg_len,
836 CK_BYTE ** priv_key)
837 {
838 CK_BYTE *buf = NULL;
839 CK_BYTE *alg = NULL;
840 CK_BYTE *ver = NULL;
841 CK_ULONG buf_len, offset, len, field_len;
842 CK_RV rc;
843
844 if (! data || (data_len == 0)) {
845 return (CKR_FUNCTION_FAILED);
846 }
847 rc = ber_decode_SEQUENCE(data, &buf, &buf_len, &field_len);
848 if (rc != CKR_OK) {
849 return (rc);
850 }
851 offset = 0;
852 rc = ber_decode_INTEGER(buf + offset, &ver, &len, &field_len);
853 if (rc != CKR_OK) {
854 return (rc);
855 }
856 offset += field_len;
857
858 rc = ber_decode_SEQUENCE(buf + offset, &alg, &len, &field_len);
859 if (rc != CKR_OK) {
860 return (rc);
861 }
862 *algorithm = alg;
863 *alg_len = len;
864
865 rc = ber_decode_OCTET_STRING(alg + len, priv_key, &buf_len, &field_len);
866 return (rc);
867 }
868
869 /*
870 * RSAPrivateKey ::= SEQUENCE {
871 * version Version -- always '0' for now
872 * modulus INTEGER
873 * publicExponent INTEGER
874 * privateExponent INTEGER
875 * prime1 INTEGER
876 * prime2 INTEGER
877 * exponent1 INTEGER
878 * exponent2 INTEGER
879 * coefficient INTEGER
880 * }
881 */
882 CK_RV
ber_encode_RSAPrivateKey(CK_BBOOL length_only,CK_BYTE ** data,CK_ULONG * data_len,CK_ATTRIBUTE * modulus,CK_ATTRIBUTE * publ_exp,CK_ATTRIBUTE * priv_exp,CK_ATTRIBUTE * prime1,CK_ATTRIBUTE * prime2,CK_ATTRIBUTE * exponent1,CK_ATTRIBUTE * exponent2,CK_ATTRIBUTE * coeff)883 ber_encode_RSAPrivateKey(CK_BBOOL length_only,
884 CK_BYTE ** data,
885 CK_ULONG * data_len,
886 CK_ATTRIBUTE * modulus,
887 CK_ATTRIBUTE * publ_exp,
888 CK_ATTRIBUTE * priv_exp,
889 CK_ATTRIBUTE * prime1,
890 CK_ATTRIBUTE * prime2,
891 CK_ATTRIBUTE * exponent1,
892 CK_ATTRIBUTE * exponent2,
893 CK_ATTRIBUTE * coeff)
894 {
895 CK_BYTE *buf = NULL;
896 CK_BYTE *buf2 = NULL;
897 CK_ULONG len, offset;
898 CK_BYTE version[] = { 0 };
899 CK_RV rc;
900
901 offset = 0;
902 rc = 0;
903
904 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
905 sizeof (version));
906 offset += len;
907 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
908 modulus->ulValueLen);
909 offset += len;
910 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
911 publ_exp->ulValueLen);
912 offset += len;
913 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
914 priv_exp->ulValueLen);
915 offset += len;
916 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
917 prime1->ulValueLen);
918 offset += len;
919 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
920 prime2->ulValueLen);
921 offset += len;
922 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
923 exponent1->ulValueLen);
924 offset += len;
925 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
926 exponent2->ulValueLen);
927 offset += len;
928 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
929 coeff->ulValueLen);
930 offset += len;
931
932 if (rc != CKR_OK) {
933 return (CKR_FUNCTION_FAILED);
934 }
935 if (length_only == TRUE) {
936 rc = ber_encode_SEQUENCE(TRUE, NULL, &len, NULL, offset);
937 if (rc != CKR_OK)
938 return (rc);
939 rc = ber_encode_PrivateKeyInfo(TRUE,
940 NULL, data_len,
941 NULL, ber_AlgIdRSAEncryptionLen,
942 NULL, len);
943 if (rc != CKR_OK)
944 return (rc);
945 return (rc);
946 }
947
948 buf = (CK_BYTE *)malloc(offset);
949 if (! buf) {
950 return (CKR_HOST_MEMORY);
951 }
952 offset = 0;
953 rc = 0;
954
955 rc = ber_encode_INTEGER(FALSE, &buf2, &len, version, sizeof (version));
956 if (rc != CKR_OK) {
957 goto error;
958 }
959 (void) memcpy(buf + offset, buf2, len);
960 offset += len;
961 free(buf2);
962
963 rc = ber_encode_INTEGER(FALSE, &buf2, &len,
964 (CK_BYTE *)modulus + sizeof (CK_ATTRIBUTE), modulus->ulValueLen);
965 if (rc != CKR_OK) {
966 goto error;
967 }
968 (void) memcpy(buf + offset, buf2, len);
969 offset += len;
970 free(buf2);
971
972 rc = ber_encode_INTEGER(FALSE, &buf2, &len,
973 (CK_BYTE *)publ_exp + sizeof (CK_ATTRIBUTE), publ_exp->ulValueLen);
974 if (rc != CKR_OK) {
975 goto error;
976 }
977 (void) memcpy(buf + offset, buf2, len);
978 offset += len;
979 free(buf2);
980
981 rc = ber_encode_INTEGER(FALSE, &buf2, &len,
982 (CK_BYTE *)priv_exp + sizeof (CK_ATTRIBUTE),
983 priv_exp->ulValueLen);
984 if (rc != CKR_OK) {
985 goto error;
986 }
987 (void) memcpy(buf + offset, buf2, len);
988 offset += len;
989 free(buf2);
990
991 rc = ber_encode_INTEGER(FALSE, &buf2, &len,
992 (CK_BYTE *)prime1 + sizeof (CK_ATTRIBUTE), prime1->ulValueLen);
993 if (rc != CKR_OK) {
994 goto error;
995 }
996 (void) memcpy(buf + offset, buf2, len);
997 offset += len;
998 free(buf2);
999
1000 rc = ber_encode_INTEGER(FALSE, &buf2, &len,
1001 (CK_BYTE *)prime2 + sizeof (CK_ATTRIBUTE), prime2->ulValueLen);
1002 if (rc != CKR_OK) {
1003 goto error;
1004 }
1005 (void) memcpy(buf + offset, buf2, len);
1006 offset += len;
1007 free(buf2);
1008
1009 rc = ber_encode_INTEGER(FALSE, &buf2, &len,
1010 (CK_BYTE *)exponent1 + sizeof (CK_ATTRIBUTE),
1011 exponent1->ulValueLen);
1012 if (rc != CKR_OK) {
1013 goto error;
1014 }
1015 (void) memcpy(buf + offset, buf2, len);
1016 offset += len;
1017 free(buf2);
1018
1019 rc = ber_encode_INTEGER(FALSE, &buf2, &len,
1020 (CK_BYTE *)exponent2 + sizeof (CK_ATTRIBUTE),
1021 exponent2->ulValueLen);
1022 if (rc != CKR_OK) {
1023 goto error;
1024 }
1025 (void) memcpy(buf + offset, buf2, len);
1026 offset += len;
1027 free(buf2);
1028
1029 rc = ber_encode_INTEGER(FALSE, &buf2, &len,
1030 (CK_BYTE *)coeff + sizeof (CK_ATTRIBUTE), coeff->ulValueLen);
1031 if (rc != CKR_OK) {
1032 goto error;
1033 }
1034 (void) memcpy(buf + offset, buf2, len);
1035 offset += len;
1036 free(buf2);
1037
1038 rc = ber_encode_SEQUENCE(FALSE, &buf2, &len, buf, offset);
1039 if (rc != CKR_OK) {
1040 goto error;
1041 }
1042 rc = ber_encode_PrivateKeyInfo(FALSE,
1043 data, data_len,
1044 ber_AlgIdRSAEncryption, ber_AlgIdRSAEncryptionLen,
1045 buf2, len);
1046 error:
1047 if (buf2) free(buf2);
1048 if (buf) free(buf);
1049 return (rc);
1050 }
1051
1052 CK_RV
ber_decode_RSAPrivateKey(CK_BYTE * data,CK_ULONG data_len,CK_ATTRIBUTE ** modulus,CK_ATTRIBUTE ** publ_exp,CK_ATTRIBUTE ** priv_exp,CK_ATTRIBUTE ** prime1,CK_ATTRIBUTE ** prime2,CK_ATTRIBUTE ** exponent1,CK_ATTRIBUTE ** exponent2,CK_ATTRIBUTE ** coeff)1053 ber_decode_RSAPrivateKey(CK_BYTE * data,
1054 CK_ULONG data_len,
1055 CK_ATTRIBUTE ** modulus,
1056 CK_ATTRIBUTE ** publ_exp,
1057 CK_ATTRIBUTE ** priv_exp,
1058 CK_ATTRIBUTE ** prime1,
1059 CK_ATTRIBUTE ** prime2,
1060 CK_ATTRIBUTE ** exponent1,
1061 CK_ATTRIBUTE ** exponent2,
1062 CK_ATTRIBUTE ** coeff)
1063 {
1064 CK_ATTRIBUTE *n_attr = NULL;
1065 CK_ATTRIBUTE *e_attr = NULL;
1066 CK_ATTRIBUTE *d_attr = NULL;
1067 CK_ATTRIBUTE *p_attr = NULL;
1068 CK_ATTRIBUTE *q_attr = NULL;
1069 CK_ATTRIBUTE *e1_attr = NULL;
1070 CK_ATTRIBUTE *e2_attr = NULL;
1071 CK_ATTRIBUTE *coeff_attr = NULL;
1072
1073 CK_BYTE *alg = NULL;
1074 CK_BYTE *rsa_priv_key = NULL;
1075 CK_BYTE *buf = NULL;
1076 CK_BYTE *tmp = NULL;
1077 CK_ULONG offset, buf_len, field_len, len;
1078 CK_RV rc;
1079
1080 rc = ber_decode_PrivateKeyInfo(data, data_len, &alg,
1081 &len, &rsa_priv_key);
1082 if (rc != CKR_OK) {
1083 return (rc);
1084 }
1085 if (memcmp(alg, ber_rsaEncryption, ber_rsaEncryptionLen) != 0) {
1086 return (CKR_FUNCTION_FAILED);
1087 }
1088 rc = ber_decode_SEQUENCE(rsa_priv_key, &buf, &buf_len, &field_len);
1089 if (rc != CKR_OK)
1090 return (rc);
1091 offset = 0;
1092
1093 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1094 if (rc != CKR_OK) {
1095 goto cleanup;
1096 }
1097 offset += field_len;
1098
1099 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1100 if (rc != CKR_OK) {
1101 goto cleanup;
1102 }
1103 offset += field_len;
1104
1105 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1106 if (rc != CKR_OK) {
1107 goto cleanup;
1108 }
1109 offset += field_len;
1110
1111 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1112 if (rc != CKR_OK) {
1113 goto cleanup;
1114 }
1115 offset += field_len;
1116
1117 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1118 if (rc != CKR_OK) {
1119 goto cleanup;
1120 }
1121 offset += field_len;
1122
1123 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1124 if (rc != CKR_OK) {
1125 goto cleanup;
1126 }
1127 offset += field_len;
1128
1129 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1130 if (rc != CKR_OK) {
1131 goto cleanup;
1132 }
1133 offset += field_len;
1134
1135 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1136 if (rc != CKR_OK) {
1137 goto cleanup;
1138 }
1139 offset += field_len;
1140
1141 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1142 if (rc != CKR_OK) {
1143 goto cleanup;
1144 }
1145 offset += field_len;
1146
1147 if (offset > buf_len) {
1148 return (CKR_FUNCTION_FAILED);
1149 }
1150
1151 offset = 0;
1152
1153 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1154 if (rc != CKR_OK) {
1155 goto cleanup;
1156 }
1157 offset += field_len;
1158
1159 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1160 if (rc != CKR_OK) {
1161 goto cleanup;
1162 } else {
1163 rc = build_attribute(CKA_MODULUS, tmp, len, &n_attr);
1164 if (rc != CKR_OK) {
1165 goto cleanup;
1166 }
1167 offset += field_len;
1168 }
1169
1170 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1171 if (rc != CKR_OK) {
1172 goto cleanup;
1173 } else {
1174 rc = build_attribute(CKA_PUBLIC_EXPONENT, tmp, len, &e_attr);
1175 if (rc != CKR_OK) {
1176 goto cleanup;
1177 }
1178 offset += field_len;
1179 }
1180
1181 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1182 if (rc != CKR_OK) {
1183 goto cleanup;
1184 } else {
1185 rc = build_attribute(CKA_PRIVATE_EXPONENT, tmp, len, &d_attr);
1186 if (rc != CKR_OK) {
1187 goto cleanup;
1188 }
1189 offset += field_len;
1190 }
1191
1192 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1193 if (rc != CKR_OK) {
1194 goto cleanup;
1195 } else {
1196 rc = build_attribute(CKA_PRIME_1, tmp, len, &p_attr);
1197 if (rc != CKR_OK) {
1198 goto cleanup;
1199 }
1200 offset += field_len;
1201 }
1202
1203 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1204 if (rc != CKR_OK) {
1205 goto cleanup;
1206 } else {
1207 rc = build_attribute(CKA_PRIME_2, tmp, len, &q_attr);
1208 if (rc != CKR_OK) {
1209 goto cleanup;
1210 }
1211 offset += field_len;
1212 }
1213
1214 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1215 if (rc != CKR_OK) {
1216 goto cleanup;
1217 } else {
1218 rc = build_attribute(CKA_EXPONENT_1, tmp, len, &e1_attr);
1219 if (rc != CKR_OK) {
1220 goto cleanup;
1221 }
1222 offset += field_len;
1223 }
1224
1225 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1226 if (rc != CKR_OK) {
1227 goto cleanup;
1228 } else {
1229 rc = build_attribute(CKA_EXPONENT_2, tmp, len, &e2_attr);
1230 if (rc != CKR_OK) {
1231 goto cleanup;
1232 }
1233 offset += field_len;
1234 }
1235
1236 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1237 if (rc != CKR_OK) {
1238 goto cleanup;
1239 } else {
1240 rc = build_attribute(CKA_COEFFICIENT, tmp, len, &coeff_attr);
1241 if (rc != CKR_OK) {
1242 goto cleanup;
1243 }
1244 offset += len;
1245 }
1246
1247 *modulus = n_attr;
1248 *publ_exp = e_attr;
1249 *priv_exp = d_attr;
1250 *prime1 = p_attr;
1251 *prime2 = q_attr;
1252 *exponent1 = e1_attr;
1253 *exponent2 = e2_attr;
1254 *coeff = coeff_attr;
1255
1256 return (CKR_OK);
1257
1258 cleanup:
1259 if (n_attr) free(n_attr);
1260 if (e_attr) free(e_attr);
1261 if (d_attr) free(d_attr);
1262 if (p_attr) free(p_attr);
1263 if (q_attr) free(q_attr);
1264 if (e1_attr) free(e1_attr);
1265 if (e2_attr) free(e2_attr);
1266 if (coeff_attr) free(coeff_attr);
1267
1268 return (rc);
1269 }
1270