1 /* 2 * Common Public License Version 0.5 3 * 4 * THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF 5 * THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE, 6 * REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES 7 * RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. 8 * 9 * 1. DEFINITIONS 10 * 11 * "Contribution" means: 12 * a) in the case of the initial Contributor, the 13 * initial code and documentation distributed under 14 * this Agreement, and 15 * 16 * b) in the case of each subsequent Contributor: 17 * i) changes to the Program, and 18 * ii) additions to the Program; 19 * 20 * where such changes and/or additions to the Program 21 * originate from and are distributed by that 22 * particular Contributor. A Contribution 'originates' 23 * from a Contributor if it was added to the Program 24 * by such Contributor itself or anyone acting on such 25 * Contributor's behalf. Contributions do not include 26 * additions to the Program which: (i) are separate 27 * modules of software distributed in conjunction with 28 * the Program under their own license agreement, and 29 * (ii) are not derivative works of the Program. 30 * 31 * 32 * "Contributor" means any person or entity that distributes 33 * the Program. 34 * 35 * "Licensed Patents " mean patent claims licensable by a 36 * Contributor which are necessarily infringed by the use or 37 * sale of its Contribution alone or when combined with the 38 * Program. 39 * 40 * "Program" means the Contributions distributed in 41 * accordance with this Agreement. 42 * 43 * "Recipient" means anyone who receives the Program under 44 * this Agreement, including all Contributors. 45 * 46 * 2. GRANT OF RIGHTS 47 * 48 * a) Subject to the terms of this Agreement, each 49 * Contributor hereby grants Recipient a 50 * no - exclusive, worldwide, royalt - free copyright 51 * license to reproduce, prepare derivative works of, 52 * publicly display, publicly perform, distribute and 53 * sublicense the Contribution of such Contributor, if 54 * any, and such derivative works, in source code and 55 * object code form. 56 * 57 * b) Subject to the terms of this Agreement, each 58 * Contributor hereby grants Recipient a 59 * no - exclusive, worldwide, royalt - free patent 60 * license under Licensed Patents to make, use, sell, 61 * offer to sell, import and otherwise transfer the 62 * Contribution of such Contributor, if any, in source 63 * code and object code form. This patent license 64 * shall apply to the combination of the Contribution 65 * and the Program if, at the time the Contribution is 66 * added by the Contributor, such addition of the 67 * Contribution causes such combination to be covered 68 * by the Licensed Patents. The patent license shall 69 * not apply to any other combinations which include 70 * the Contribution. No hardware per se is licensed 71 * hereunder. 72 * 73 * c) Recipient understands that although each 74 * Contributor grants the licenses to its 75 * Contributions set forth herein, no assurances are 76 * provided by any Contributor that the Program does 77 * not infringe the patent or other intellectual 78 * property rights of any other entity. Each 79 * Contributor disclaims any liability to Recipient 80 * for claims brought by any other entity based on 81 * infringement of intellectual property rights or 82 * otherwise. As a condition to exercising the rights 83 * and licenses granted hereunder, each Recipient 84 * hereby assumes sole responsibility to secure any 85 * other intellectual property rights needed, if any. 86 * 87 * For example, if a third party patent license is 88 * required to allow Recipient to distribute the 89 * Program, it is Recipient's responsibility to 90 * acquire that license before distributing the 91 * Program. 92 * 93 * d) Each Contributor represents that to its 94 * knowledge it has sufficient copyright rights in its 95 * Contribution, if any, to grant the copyright 96 * license set forth in this Agreement. 97 * 98 * 3. REQUIREMENTS 99 * 100 * A Contributor may choose to distribute the Program in 101 * object code form under its own license agreement, provided 102 * that: 103 * a) it complies with the terms and conditions of 104 * this Agreement; and 105 * 106 * b) its license agreement: 107 * i) effectively disclaims on behalf of all 108 * Contributors all warranties and conditions, express 109 * and implied, including warranties or conditions of 110 * title and no - infringement, and implied warranties 111 * or conditions of merchantability and fitness for a 112 * particular purpose; 113 * 114 * ii) effectively excludes on behalf of all 115 * Contributors all liability for damages, including 116 * direct, indirect, special, incidental and 117 * consequential damages, such as lost profits; 118 * 119 * iii) states that any provisions which differ from 120 * this Agreement are offered by that Contributor 121 * alone and not by any other party; and 122 * 123 * iv) states that source code for the Program is 124 * available from such Contributor, and informs 125 * licensees how to obtain it in a reasonable manner 126 * on or through a medium customarily used for 127 * software exchange. 128 * 129 * When the Program is made available in source code form: 130 * a) it must be made available under this Agreement; 131 * and 132 * b) a copy of this Agreement must be included with 133 * each copy of the Program. 134 * 135 * Contributors may not remove or alter any copyright notices 136 * contained within the Program. 137 * 138 * Each Contributor must identify itself as the originator of 139 * its Contribution, if any, in a manner that reasonably 140 * allows subsequent Recipients to identify the originator of 141 * the Contribution. 142 * 143 * 144 * 4. COMMERCIAL DISTRIBUTION 145 * 146 * Commercial distributors of software may accept certain 147 * responsibilities with respect to end users, business 148 * partners and the like. While this license is intended to 149 * facilitate the commercial use of the Program, the 150 * Contributor who includes the Program in a commercial 151 * product offering should do so in a manner which does not 152 * create potential liability for other Contributors. 153 * Therefore, if a Contributor includes the Program in a 154 * commercial product offering, such Contributor ("Commercial 155 * Contributor") hereby agrees to defend and indemnify every 156 * other Contributor ("Indemnified Contributor") against any 157 * losses, damages and costs (collectively "Losses") arising 158 * from claims, lawsuits and other legal actions brought by a 159 * third party against the Indemnified Contributor to the 160 * extent caused by the acts or omissions of such Commercial 161 * Contributor in connection with its distribution of the 162 * Program in a commercial product offering. The obligations 163 * in this section do not apply to any claims or Losses 164 * relating to any actual or alleged intellectual property 165 * infringement. In order to qualify, an Indemnified 166 * Contributor must: a) promptly notify the Commercial 167 * Contributor in writing of such claim, and b) allow the 168 * Commercial Contributor to control, and cooperate with the 169 * Commercial Contributor in, the defense and any related 170 * settlement negotiations. The Indemnified Contributor may 171 * participate in any such claim at its own expense. 172 * 173 * 174 * For example, a Contributor might include the Program in a 175 * commercial product offering, Product X. That Contributor 176 * is then a Commercial Contributor. If that Commercial 177 * Contributor then makes performance claims, or offers 178 * warranties related to Product X, those performance claims 179 * and warranties are such Commercial Contributor's 180 * responsibility alone. Under this section, the Commercial 181 * Contributor would have to defend claims against the other 182 * Contributors related to those performance claims and 183 * warranties, and if a court requires any other Contributor 184 * to pay any damages as a result, the Commercial Contributor 185 * must pay those damages. 186 * 187 * 188 * 5. NO WARRANTY 189 * 190 * EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE 191 * PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT 192 * WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR 193 * IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR 194 * CONDITIONS OF TITLE, NO - INFRINGEMENT, MERCHANTABILITY OR 195 * FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely 196 * responsible for determining the appropriateness of using 197 * and distributing the Program and assumes all risks 198 * associated with its exercise of rights under this 199 * Agreement, including but not limited to the risks and 200 * costs of program errors, compliance with applicable laws, 201 * damage to or loss of data, programs or equipment, and 202 * unavailability or interruption of operations. 203 * 204 * 6. DISCLAIMER OF LIABILITY 205 * EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER 206 * RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY 207 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, 208 * OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION 209 * LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF 210 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 211 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 212 * OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE 213 * OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE 214 * POSSIBILITY OF SUCH DAMAGES. 215 * 216 * 7. GENERAL 217 * 218 * If any provision of this Agreement is invalid or 219 * unenforceable under applicable law, it shall not affect 220 * the validity or enforceability of the remainder of the 221 * terms of this Agreement, and without further action by the 222 * parties hereto, such provision shall be reformed to the 223 * minimum extent necessary to make such provision valid and 224 * enforceable. 225 * 226 * 227 * If Recipient institutes patent litigation against a 228 * Contributor with respect to a patent applicable to 229 * software (including a cros - claim or counterclaim in a 230 * lawsuit), then any patent licenses granted by that 231 * Contributor to such Recipient under this Agreement shall 232 * terminate as of the date such litigation is filed. In 233 * addition, If Recipient institutes patent litigation 234 * against any entity (including a cros - claim or 235 * counterclaim in a lawsuit) alleging that the Program 236 * itself (excluding combinations of the Program with other 237 * software or hardware) infringes such Recipient's 238 * patent(s), then such Recipient's rights granted under 239 * Section 2(b) shall terminate as of the date such 240 * litigation is filed. 241 * 242 * All Recipient's rights under this Agreement shall 243 * terminate if it fails to comply with any of the material 244 * terms or conditions of this Agreement and does not cure 245 * such failure in a reasonable period of time after becoming 246 * aware of such noncompliance. If all Recipient's rights 247 * under this Agreement terminate, Recipient agrees to cease 248 * use and distribution of the Program as soon as reasonably 249 * practicable. However, Recipient's obligations under this 250 * Agreement and any licenses granted by Recipient relating 251 * to the Program shall continue and survive. 252 * 253 * Everyone is permitted to copy and distribute copies of 254 * this Agreement, but in order to avoid inconsistency the 255 * Agreement is copyrighted and may only be modified in the 256 * following manner. The Agreement Steward reserves the right 257 * to publish new versions (including revisions) of this 258 * Agreement from time to time. No one other than the 259 * Agreement Steward has the right to modify this Agreement. 260 * 261 * IBM is the initial Agreement Steward. IBM may assign the 262 * responsibility to serve as the Agreement Steward to a 263 * suitable separate entity. Each new version of the 264 * Agreement will be given a distinguishing version number. 265 * The Program (including Contributions) may always be 266 * distributed subject to the version of the Agreement under 267 * which it was received. In addition, after a new version of 268 * the Agreement is published, Contributor may elect to 269 * distribute the Program (including its Contributions) under 270 * the new version. Except as expressly stated in Sections 271 * 2(a) and 2(b) above, Recipient receives no rights or 272 * licenses to the intellectual property of any Contributor 273 * under this Agreement, whether expressly, by implication, 274 * estoppel or otherwise. All rights in the Program not 275 * expressly granted under this Agreement are reserved. 276 * 277 * 278 * This Agreement is governed by the laws of the State of New 279 * York and the intellectual property laws of the United 280 * States of America. No party to this Agreement will bring a 281 * legal action under this Agreement more than one year after 282 * the cause of action arose. Each party waives its rights to 283 * a jury trial in any resulting litigation. 284 * 285 * 286 * 287 * (C) COPYRIGHT International Business Machines Corp. 2001, 2002 288 */ 289 /* 290 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 291 * Use is subject to license terms. 292 */ 293 #include "tpmtok_int.h" 294 295 CK_ULONG 296 ber_encode_INTEGER(CK_BBOOL length_only, 297 CK_BYTE ** ber_int, 298 CK_ULONG * ber_int_len, 299 CK_BYTE * data, 300 CK_ULONG data_len) 301 { 302 CK_BYTE *buf = NULL; 303 CK_ULONG len; 304 305 /* 306 * if data_len < 127 use short form length id 307 * if data_len < 256 use long form length id with 308 * byte length field 309 * if data_len < 65536 use long form length id with 310 * byte length field 311 * if data_len < 16777216 use long form length id 312 * with byte length field 313 */ 314 if (data_len < 128) 315 len = 1 + 1 + data_len; 316 else if (data_len < 256) 317 len = 1 + (1 + 1) + data_len; 318 else if (data_len < (1 << 16)) 319 len = 1 + (1 + 2) + data_len; 320 else if (data_len < (1 << 24)) 321 len = 1 + (1 + 3) + data_len; 322 else 323 return (CKR_FUNCTION_FAILED); 324 325 if (length_only == TRUE) { 326 *ber_int_len = len; 327 return (CKR_OK); 328 } 329 330 buf = (CK_BYTE *)malloc(len); 331 if (! buf) { 332 return (CKR_HOST_MEMORY); 333 } 334 if (data_len < 128) { 335 buf[0] = 0x02; 336 buf[1] = data_len; 337 (void) memcpy(&buf[2], data, data_len); 338 339 *ber_int_len = len; 340 *ber_int = buf; 341 return (CKR_OK); 342 } 343 344 if (data_len < 256) { 345 buf[0] = 0x02; 346 buf[1] = 0x81; 347 buf[2] = data_len; 348 (void) memcpy(&buf[3], data, data_len); 349 350 *ber_int_len = len; 351 *ber_int = buf; 352 return (CKR_OK); 353 } 354 355 if (data_len < (1 << 16)) { 356 buf[0] = 0x02; 357 buf[1] = 0x82; 358 buf[2] = (data_len >> 8) & 0xFF; 359 buf[3] = (data_len) & 0xFF; 360 (void) memcpy(&buf[4], data, data_len); 361 362 *ber_int_len = len; 363 *ber_int = buf; 364 return (CKR_OK); 365 } 366 367 if (data_len < (1 << 24)) { 368 buf[0] = 0x02; 369 buf[1] = 0x83; 370 buf[2] = (data_len >> 16) & 0xFF; 371 buf[3] = (data_len >> 8) & 0xFF; 372 buf[4] = (data_len) & 0xFF; 373 (void) memcpy(&buf[5], data, data_len); 374 375 *ber_int_len = len; 376 *ber_int = buf; 377 return (CKR_OK); 378 } 379 380 free(buf); 381 return (CKR_FUNCTION_FAILED); 382 } 383 384 CK_RV 385 ber_decode_INTEGER(CK_BYTE * ber_int, 386 CK_BYTE ** data, 387 CK_ULONG * data_len, 388 CK_ULONG * field_len) 389 { 390 CK_ULONG len, length_octets; 391 392 if (! ber_int) { 393 return (CKR_FUNCTION_FAILED); 394 } 395 if (ber_int[0] != 0x02) { 396 return (CKR_FUNCTION_FAILED); 397 } 398 if ((ber_int[1] & 0x80) == 0) { 399 len = ber_int[1] & 0x7F; 400 401 *data = &ber_int[2]; 402 *data_len = len; 403 *field_len = 1 + 1 + len; 404 return (CKR_OK); 405 } 406 407 length_octets = ber_int[1] & 0x7F; 408 409 if (length_octets == 1) { 410 len = ber_int[2]; 411 412 *data = &ber_int[3]; 413 *data_len = len; 414 *field_len = 1 + (1 + 1) + len; 415 return (CKR_OK); 416 } 417 418 if (length_octets == 2) { 419 len = ber_int[2]; 420 len = len << 8; 421 len |= ber_int[3]; 422 423 *data = &ber_int[4]; 424 *data_len = len; 425 *field_len = 1 + (1 + 2) + len; 426 return (CKR_OK); 427 } 428 429 if (length_octets == 3) { 430 len = ber_int[2]; 431 len = len << 8; 432 len |= ber_int[3]; 433 len = len << 8; 434 len |= ber_int[4]; 435 436 *data = &ber_int[5]; 437 *data_len = len; 438 *field_len = 1 + (1 + 3) + len; 439 return (CKR_OK); 440 } 441 442 return (CKR_FUNCTION_FAILED); 443 } 444 445 CK_RV 446 ber_encode_OCTET_STRING(CK_BBOOL length_only, 447 CK_BYTE ** str, 448 CK_ULONG * str_len, 449 CK_BYTE * data, 450 CK_ULONG data_len) 451 { 452 CK_BYTE *buf = NULL; 453 CK_ULONG len; 454 455 456 /* 457 * if data_len < 128 use shor - form length id 458 * if data_len < 256 use lon - form length id with - byte length field 459 * if data_len < 65536 use lon - form length id with - byte length field 460 */ 461 if (data_len < 128) 462 len = 1 + 1 + data_len; 463 else if (data_len < 256) 464 len = 1 + (1 + 1) + data_len; 465 else if (data_len < (1 << 16)) 466 len = 1 + (1 + 2) + data_len; 467 else if (data_len < (1 << 24)) 468 len = 1 + (1 + 3) + data_len; 469 else 470 return (CKR_FUNCTION_FAILED); 471 472 if (length_only == TRUE) { 473 *str_len = len; 474 return (CKR_OK); 475 } 476 477 buf = (CK_BYTE *)malloc(len); 478 if (! buf) { 479 return (CKR_HOST_MEMORY); 480 } 481 482 if (data_len < 128) { 483 buf[0] = 0x04; /* primitive, OCTET STRING */ 484 buf[1] = data_len; 485 (void) memcpy(&buf[2], data, data_len); 486 487 *str_len = len; 488 *str = buf; 489 return (CKR_OK); 490 } 491 492 if (data_len < 256) { 493 buf[0] = 0x04; /* primitive, OCTET STRING */ 494 buf[1] = 0x81; /* length header -- 1 length octets */ 495 buf[2] = data_len; 496 497 (void) memcpy(&buf[3], data, data_len); 498 499 *str_len = len; 500 *str = buf; 501 return (CKR_OK); 502 } 503 504 if (data_len < (1 << 16)) { 505 buf[0] = 0x04; /* primitive, OCTET STRING */ 506 buf[1] = 0x82; /* length header -- 2 length octets */ 507 buf[2] = (data_len >> 8) & 0xFF; 508 buf[3] = (data_len) & 0xFF; 509 510 (void) memcpy(&buf[4], data, data_len); 511 512 *str_len = len; 513 *str = buf; 514 return (CKR_OK); 515 } 516 517 if (data_len < (1 << 24)) { 518 buf[0] = 0x04; /* primitive, OCTET STRING */ 519 buf[1] = 0x83; /* length header -- 3 length octets */ 520 buf[2] = (data_len >> 16) & 0xFF; 521 buf[3] = (data_len >> 8) & 0xFF; 522 buf[4] = (data_len) & 0xFF; 523 524 (void) memcpy(&buf[5], data, data_len); 525 526 *str_len = len; 527 *str = buf; 528 return (CKR_OK); 529 } 530 531 free(buf); 532 return (CKR_FUNCTION_FAILED); 533 } 534 535 CK_RV 536 ber_decode_OCTET_STRING(CK_BYTE * str, 537 CK_BYTE ** data, 538 CK_ULONG * data_len, 539 CK_ULONG * field_len) 540 { 541 CK_ULONG len, length_octets; 542 543 if (! str) { 544 return (CKR_FUNCTION_FAILED); 545 } 546 if (str[0] != 0x04) { 547 return (CKR_FUNCTION_FAILED); 548 } 549 if ((str[1] & 0x80) == 0) { 550 len = str[1] & 0x7F; 551 552 *data = &str[2]; 553 *data_len = len; 554 *field_len = 1 + (1) + len; 555 return (CKR_OK); 556 } 557 558 length_octets = str[1] & 0x7F; 559 560 if (length_octets == 1) { 561 len = str[2]; 562 563 *data = &str[3]; 564 *data_len = len; 565 *field_len = 1 + (1 + 1) + len; 566 return (CKR_OK); 567 } 568 569 if (length_octets == 2) { 570 len = str[2]; 571 len = len << 8; 572 len |= str[3]; 573 574 *data = &str[4]; 575 *data_len = len; 576 *field_len = 1 + (1 + 2) + len; 577 return (CKR_OK); 578 } 579 580 if (length_octets == 3) { 581 len = str[2]; 582 len = len << 8; 583 len |= str[3]; 584 len = len << 8; 585 len |= str[4]; 586 587 *data = &str[5]; 588 *data_len = len; 589 *field_len = 1 + (1 + 3) + len; 590 return (CKR_OK); 591 } 592 593 /* > 3 length octets implies a length > 16MB */ 594 return (CKR_FUNCTION_FAILED); 595 } 596 597 CK_RV 598 ber_encode_SEQUENCE(CK_BBOOL length_only, 599 CK_BYTE ** seq, 600 CK_ULONG * seq_len, 601 CK_BYTE * data, 602 CK_ULONG data_len) 603 { 604 CK_BYTE *buf = NULL; 605 CK_ULONG len; 606 607 if (data_len < 128) 608 len = 1 + 1 + data_len; 609 else if (data_len < 256) 610 len = 1 + (1 + 1) + data_len; 611 else if (data_len < (1 << 16)) 612 len = 1 + (1 + 2) + data_len; 613 else if (data_len < (1 << 24)) 614 len = 1 + (1 + 3) + data_len; 615 else 616 return (CKR_FUNCTION_FAILED); 617 618 if (length_only == TRUE) { 619 *seq_len = len; 620 return (CKR_OK); 621 } 622 623 buf = (CK_BYTE *)malloc(len); 624 if (! buf) { 625 return (CKR_HOST_MEMORY); 626 } 627 628 if (data_len < 128) { 629 buf[0] = 0x30; /* constructed, SEQUENCE */ 630 buf[1] = data_len; 631 (void) memcpy(&buf[2], data, data_len); 632 633 *seq_len = len; 634 *seq = buf; 635 return (CKR_OK); 636 } 637 638 if (data_len < 256) { 639 buf[0] = 0x30; /* constructed, SEQUENCE */ 640 buf[1] = 0x81; /* length header -- 1 length octets */ 641 buf[2] = data_len; 642 643 (void) memcpy(&buf[3], data, data_len); 644 645 *seq_len = len; 646 *seq = buf; 647 return (CKR_OK); 648 } 649 650 if (data_len < (1 << 16)) { 651 buf[0] = 0x30; /* constructed, SEQUENCE */ 652 buf[1] = 0x82; /* length header -- 2 length octets */ 653 buf[2] = (data_len >> 8) & 0xFF; 654 buf[3] = (data_len) & 0xFF; 655 656 (void) memcpy(&buf[4], data, data_len); 657 658 *seq_len = len; 659 *seq = buf; 660 return (CKR_OK); 661 } 662 663 if (data_len < (1 << 24)) { 664 buf[0] = 0x30; /* constructed, SEQUENCE */ 665 buf[1] = 0x83; /* length header -- 3 length octets */ 666 buf[2] = (data_len >> 16) & 0xFF; 667 buf[3] = (data_len >> 8) & 0xFF; 668 buf[4] = (data_len) & 0xFF; 669 670 (void) memcpy(&buf[5], data, data_len); 671 672 *seq_len = len; 673 *seq = buf; 674 return (CKR_OK); 675 } 676 677 return (CKR_FUNCTION_FAILED); 678 } 679 680 CK_RV 681 ber_decode_SEQUENCE(CK_BYTE * seq, 682 CK_BYTE ** data, 683 CK_ULONG * data_len, 684 CK_ULONG * field_len) 685 { 686 CK_ULONG len, length_octets; 687 688 if (! seq) { 689 return (CKR_FUNCTION_FAILED); 690 } 691 if (seq[0] != 0x30) { 692 return (CKR_FUNCTION_FAILED); 693 } 694 if ((seq[1] & 0x80) == 0) { 695 len = seq[1] & 0x7F; 696 697 *data = &seq[2]; 698 *data_len = len; 699 *field_len = 1 + (1) + len; 700 return (CKR_OK); 701 } 702 703 length_octets = seq[1] & 0x7F; 704 705 if (length_octets == 1) { 706 len = seq[2]; 707 708 *data = &seq[3]; 709 *data_len = len; 710 *field_len = 1 + (1 + 1) + len; 711 return (CKR_OK); 712 } 713 714 if (length_octets == 2) { 715 len = seq[2]; 716 len = len << 8; 717 len |= seq[3]; 718 719 *data = &seq[4]; 720 *data_len = len; 721 *field_len = 1 + (1 + 2) + len; 722 return (CKR_OK); 723 } 724 725 if (length_octets == 3) { 726 len = seq[2]; 727 len = len << 8; 728 len |= seq[3]; 729 len = len << 8; 730 len |= seq[4]; 731 732 *data = &seq[5]; 733 *data_len = len; 734 *field_len = 1 + (1 + 3) + len; 735 return (CKR_OK); 736 } 737 738 return (CKR_FUNCTION_FAILED); 739 } 740 741 /* 742 * 743 * PrivateKeyInfo ::= SEQUENCE { 744 * version Version -- always '0' for now 745 * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier 746 * privateKey PrivateKey 747 * attributes 748 * } 749 */ 750 CK_RV 751 ber_encode_PrivateKeyInfo(CK_BBOOL length_only, 752 CK_BYTE ** data, 753 CK_ULONG * data_len, 754 CK_BYTE * algorithm_id, 755 CK_ULONG algorithm_id_len, 756 CK_BYTE * priv_key, 757 CK_ULONG priv_key_len) 758 { 759 CK_BYTE * buf = NULL; 760 CK_BYTE * tmp = NULL; 761 CK_BYTE version[] = { 0 }; 762 CK_BYTE attrib[] = { 0x05, 0x00 }; 763 CK_ULONG len, total; 764 CK_RV rc; 765 766 len = 0; 767 768 rc = ber_encode_INTEGER(TRUE, NULL, &total, version, sizeof (version)); 769 if (rc != CKR_OK) { 770 return (rc); 771 } 772 else 773 len += total; 774 775 len += algorithm_id_len; 776 777 rc = ber_encode_OCTET_STRING(TRUE, NULL, &total, 778 priv_key, priv_key_len); 779 780 if (rc != CKR_OK) 781 return (rc); 782 783 len += total; 784 785 /* for this stuff, attributes are always NULL == 05 00 */ 786 len += sizeof (attrib); 787 788 if (length_only == TRUE) { 789 rc = ber_encode_SEQUENCE(TRUE, NULL, &total, NULL, len); 790 791 if (rc == CKR_OK) 792 *data_len = total; 793 return (rc); 794 } 795 796 buf = (CK_BYTE *)malloc(len); 797 if (! buf) { 798 return (CKR_HOST_MEMORY); 799 } 800 len = 0; 801 rc = ber_encode_INTEGER(FALSE, &tmp, &total, version, sizeof (version)); 802 if (rc != CKR_OK) { 803 goto error; 804 } 805 (void) memcpy(buf + len, tmp, total); 806 len += total; 807 free(tmp); 808 809 (void) memcpy(buf + len, algorithm_id, algorithm_id_len); 810 len += algorithm_id_len; 811 812 rc = ber_encode_OCTET_STRING(FALSE, &tmp, &total, 813 priv_key, priv_key_len); 814 if (rc != CKR_OK) { 815 goto error; 816 } 817 (void) memcpy(buf + len, tmp, total); 818 len += total; 819 free(tmp); 820 821 (void) memcpy(buf + len, attrib, sizeof (attrib)); 822 len += sizeof (attrib); 823 824 rc = ber_encode_SEQUENCE(FALSE, data, data_len, buf, len); 825 826 error: 827 free(buf); 828 return (rc); 829 } 830 831 CK_RV 832 ber_decode_PrivateKeyInfo(CK_BYTE * data, 833 CK_ULONG data_len, 834 CK_BYTE ** algorithm, 835 CK_ULONG * alg_len, 836 CK_BYTE ** priv_key) 837 { 838 CK_BYTE *buf = NULL; 839 CK_BYTE *alg = NULL; 840 CK_BYTE *ver = NULL; 841 CK_ULONG buf_len, offset, len, field_len; 842 CK_RV rc; 843 844 if (! data || (data_len == 0)) { 845 return (CKR_FUNCTION_FAILED); 846 } 847 rc = ber_decode_SEQUENCE(data, &buf, &buf_len, &field_len); 848 if (rc != CKR_OK) { 849 return (rc); 850 } 851 offset = 0; 852 rc = ber_decode_INTEGER(buf + offset, &ver, &len, &field_len); 853 if (rc != CKR_OK) { 854 return (rc); 855 } 856 offset += field_len; 857 858 rc = ber_decode_SEQUENCE(buf + offset, &alg, &len, &field_len); 859 if (rc != CKR_OK) { 860 return (rc); 861 } 862 *algorithm = alg; 863 *alg_len = len; 864 865 rc = ber_decode_OCTET_STRING(alg + len, priv_key, &buf_len, &field_len); 866 return (rc); 867 } 868 869 /* 870 * RSAPrivateKey ::= SEQUENCE { 871 * version Version -- always '0' for now 872 * modulus INTEGER 873 * publicExponent INTEGER 874 * privateExponent INTEGER 875 * prime1 INTEGER 876 * prime2 INTEGER 877 * exponent1 INTEGER 878 * exponent2 INTEGER 879 * coefficient INTEGER 880 * } 881 */ 882 CK_RV 883 ber_encode_RSAPrivateKey(CK_BBOOL length_only, 884 CK_BYTE ** data, 885 CK_ULONG * data_len, 886 CK_ATTRIBUTE * modulus, 887 CK_ATTRIBUTE * publ_exp, 888 CK_ATTRIBUTE * priv_exp, 889 CK_ATTRIBUTE * prime1, 890 CK_ATTRIBUTE * prime2, 891 CK_ATTRIBUTE * exponent1, 892 CK_ATTRIBUTE * exponent2, 893 CK_ATTRIBUTE * coeff) 894 { 895 CK_BYTE *buf = NULL; 896 CK_BYTE *buf2 = NULL; 897 CK_ULONG len, offset; 898 CK_BYTE version[] = { 0 }; 899 CK_RV rc; 900 901 offset = 0; 902 rc = 0; 903 904 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL, 905 sizeof (version)); 906 offset += len; 907 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL, 908 modulus->ulValueLen); 909 offset += len; 910 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL, 911 publ_exp->ulValueLen); 912 offset += len; 913 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL, 914 priv_exp->ulValueLen); 915 offset += len; 916 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL, 917 prime1->ulValueLen); 918 offset += len; 919 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL, 920 prime2->ulValueLen); 921 offset += len; 922 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL, 923 exponent1->ulValueLen); 924 offset += len; 925 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL, 926 exponent2->ulValueLen); 927 offset += len; 928 rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL, 929 coeff->ulValueLen); 930 offset += len; 931 932 if (rc != CKR_OK) { 933 return (CKR_FUNCTION_FAILED); 934 } 935 if (length_only == TRUE) { 936 rc = ber_encode_SEQUENCE(TRUE, NULL, &len, NULL, offset); 937 if (rc != CKR_OK) 938 return (rc); 939 rc = ber_encode_PrivateKeyInfo(TRUE, 940 NULL, data_len, 941 NULL, ber_AlgIdRSAEncryptionLen, 942 NULL, len); 943 if (rc != CKR_OK) 944 return (rc); 945 return (rc); 946 } 947 948 buf = (CK_BYTE *)malloc(offset); 949 if (! buf) { 950 return (CKR_HOST_MEMORY); 951 } 952 offset = 0; 953 rc = 0; 954 955 rc = ber_encode_INTEGER(FALSE, &buf2, &len, version, sizeof (version)); 956 if (rc != CKR_OK) { 957 goto error; 958 } 959 (void) memcpy(buf + offset, buf2, len); 960 offset += len; 961 free(buf2); 962 963 rc = ber_encode_INTEGER(FALSE, &buf2, &len, 964 (CK_BYTE *)modulus + sizeof (CK_ATTRIBUTE), modulus->ulValueLen); 965 if (rc != CKR_OK) { 966 goto error; 967 } 968 (void) memcpy(buf + offset, buf2, len); 969 offset += len; 970 free(buf2); 971 972 rc = ber_encode_INTEGER(FALSE, &buf2, &len, 973 (CK_BYTE *)publ_exp + sizeof (CK_ATTRIBUTE), publ_exp->ulValueLen); 974 if (rc != CKR_OK) { 975 goto error; 976 } 977 (void) memcpy(buf + offset, buf2, len); 978 offset += len; 979 free(buf2); 980 981 rc = ber_encode_INTEGER(FALSE, &buf2, &len, 982 (CK_BYTE *)priv_exp + sizeof (CK_ATTRIBUTE), 983 priv_exp->ulValueLen); 984 if (rc != CKR_OK) { 985 goto error; 986 } 987 (void) memcpy(buf + offset, buf2, len); 988 offset += len; 989 free(buf2); 990 991 rc = ber_encode_INTEGER(FALSE, &buf2, &len, 992 (CK_BYTE *)prime1 + sizeof (CK_ATTRIBUTE), prime1->ulValueLen); 993 if (rc != CKR_OK) { 994 goto error; 995 } 996 (void) memcpy(buf + offset, buf2, len); 997 offset += len; 998 free(buf2); 999 1000 rc = ber_encode_INTEGER(FALSE, &buf2, &len, 1001 (CK_BYTE *)prime2 + sizeof (CK_ATTRIBUTE), prime2->ulValueLen); 1002 if (rc != CKR_OK) { 1003 goto error; 1004 } 1005 (void) memcpy(buf + offset, buf2, len); 1006 offset += len; 1007 free(buf2); 1008 1009 rc = ber_encode_INTEGER(FALSE, &buf2, &len, 1010 (CK_BYTE *)exponent1 + sizeof (CK_ATTRIBUTE), 1011 exponent1->ulValueLen); 1012 if (rc != CKR_OK) { 1013 goto error; 1014 } 1015 (void) memcpy(buf + offset, buf2, len); 1016 offset += len; 1017 free(buf2); 1018 1019 rc = ber_encode_INTEGER(FALSE, &buf2, &len, 1020 (CK_BYTE *)exponent2 + sizeof (CK_ATTRIBUTE), 1021 exponent2->ulValueLen); 1022 if (rc != CKR_OK) { 1023 goto error; 1024 } 1025 (void) memcpy(buf + offset, buf2, len); 1026 offset += len; 1027 free(buf2); 1028 1029 rc = ber_encode_INTEGER(FALSE, &buf2, &len, 1030 (CK_BYTE *)coeff + sizeof (CK_ATTRIBUTE), coeff->ulValueLen); 1031 if (rc != CKR_OK) { 1032 goto error; 1033 } 1034 (void) memcpy(buf + offset, buf2, len); 1035 offset += len; 1036 free(buf2); 1037 1038 rc = ber_encode_SEQUENCE(FALSE, &buf2, &len, buf, offset); 1039 if (rc != CKR_OK) { 1040 goto error; 1041 } 1042 rc = ber_encode_PrivateKeyInfo(FALSE, 1043 data, data_len, 1044 ber_AlgIdRSAEncryption, ber_AlgIdRSAEncryptionLen, 1045 buf2, len); 1046 error: 1047 if (buf2) free(buf2); 1048 if (buf) free(buf); 1049 return (rc); 1050 } 1051 1052 CK_RV 1053 ber_decode_RSAPrivateKey(CK_BYTE * data, 1054 CK_ULONG data_len, 1055 CK_ATTRIBUTE ** modulus, 1056 CK_ATTRIBUTE ** publ_exp, 1057 CK_ATTRIBUTE ** priv_exp, 1058 CK_ATTRIBUTE ** prime1, 1059 CK_ATTRIBUTE ** prime2, 1060 CK_ATTRIBUTE ** exponent1, 1061 CK_ATTRIBUTE ** exponent2, 1062 CK_ATTRIBUTE ** coeff) 1063 { 1064 CK_ATTRIBUTE *n_attr = NULL; 1065 CK_ATTRIBUTE *e_attr = NULL; 1066 CK_ATTRIBUTE *d_attr = NULL; 1067 CK_ATTRIBUTE *p_attr = NULL; 1068 CK_ATTRIBUTE *q_attr = NULL; 1069 CK_ATTRIBUTE *e1_attr = NULL; 1070 CK_ATTRIBUTE *e2_attr = NULL; 1071 CK_ATTRIBUTE *coeff_attr = NULL; 1072 1073 CK_BYTE *alg = NULL; 1074 CK_BYTE *rsa_priv_key = NULL; 1075 CK_BYTE *buf = NULL; 1076 CK_BYTE *tmp = NULL; 1077 CK_ULONG offset, buf_len, field_len, len; 1078 CK_RV rc; 1079 1080 rc = ber_decode_PrivateKeyInfo(data, data_len, &alg, 1081 &len, &rsa_priv_key); 1082 if (rc != CKR_OK) { 1083 return (rc); 1084 } 1085 if (memcmp(alg, ber_rsaEncryption, ber_rsaEncryptionLen) != 0) { 1086 return (CKR_FUNCTION_FAILED); 1087 } 1088 rc = ber_decode_SEQUENCE(rsa_priv_key, &buf, &buf_len, &field_len); 1089 if (rc != CKR_OK) 1090 return (rc); 1091 offset = 0; 1092 1093 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1094 if (rc != CKR_OK) { 1095 goto cleanup; 1096 } 1097 offset += field_len; 1098 1099 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1100 if (rc != CKR_OK) { 1101 goto cleanup; 1102 } 1103 offset += field_len; 1104 1105 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1106 if (rc != CKR_OK) { 1107 goto cleanup; 1108 } 1109 offset += field_len; 1110 1111 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1112 if (rc != CKR_OK) { 1113 goto cleanup; 1114 } 1115 offset += field_len; 1116 1117 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1118 if (rc != CKR_OK) { 1119 goto cleanup; 1120 } 1121 offset += field_len; 1122 1123 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1124 if (rc != CKR_OK) { 1125 goto cleanup; 1126 } 1127 offset += field_len; 1128 1129 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1130 if (rc != CKR_OK) { 1131 goto cleanup; 1132 } 1133 offset += field_len; 1134 1135 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1136 if (rc != CKR_OK) { 1137 goto cleanup; 1138 } 1139 offset += field_len; 1140 1141 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1142 if (rc != CKR_OK) { 1143 goto cleanup; 1144 } 1145 offset += field_len; 1146 1147 if (offset > buf_len) { 1148 return (CKR_FUNCTION_FAILED); 1149 } 1150 1151 offset = 0; 1152 1153 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1154 if (rc != CKR_OK) { 1155 goto cleanup; 1156 } 1157 offset += field_len; 1158 1159 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1160 if (rc != CKR_OK) { 1161 goto cleanup; 1162 } else { 1163 rc = build_attribute(CKA_MODULUS, tmp, len, &n_attr); 1164 if (rc != CKR_OK) { 1165 goto cleanup; 1166 } 1167 offset += field_len; 1168 } 1169 1170 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1171 if (rc != CKR_OK) { 1172 goto cleanup; 1173 } else { 1174 rc = build_attribute(CKA_PUBLIC_EXPONENT, tmp, len, &e_attr); 1175 if (rc != CKR_OK) { 1176 goto cleanup; 1177 } 1178 offset += field_len; 1179 } 1180 1181 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1182 if (rc != CKR_OK) { 1183 goto cleanup; 1184 } else { 1185 rc = build_attribute(CKA_PRIVATE_EXPONENT, tmp, len, &d_attr); 1186 if (rc != CKR_OK) { 1187 goto cleanup; 1188 } 1189 offset += field_len; 1190 } 1191 1192 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1193 if (rc != CKR_OK) { 1194 goto cleanup; 1195 } else { 1196 rc = build_attribute(CKA_PRIME_1, tmp, len, &p_attr); 1197 if (rc != CKR_OK) { 1198 goto cleanup; 1199 } 1200 offset += field_len; 1201 } 1202 1203 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1204 if (rc != CKR_OK) { 1205 goto cleanup; 1206 } else { 1207 rc = build_attribute(CKA_PRIME_2, tmp, len, &q_attr); 1208 if (rc != CKR_OK) { 1209 goto cleanup; 1210 } 1211 offset += field_len; 1212 } 1213 1214 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1215 if (rc != CKR_OK) { 1216 goto cleanup; 1217 } else { 1218 rc = build_attribute(CKA_EXPONENT_1, tmp, len, &e1_attr); 1219 if (rc != CKR_OK) { 1220 goto cleanup; 1221 } 1222 offset += field_len; 1223 } 1224 1225 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1226 if (rc != CKR_OK) { 1227 goto cleanup; 1228 } else { 1229 rc = build_attribute(CKA_EXPONENT_2, tmp, len, &e2_attr); 1230 if (rc != CKR_OK) { 1231 goto cleanup; 1232 } 1233 offset += field_len; 1234 } 1235 1236 rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len); 1237 if (rc != CKR_OK) { 1238 goto cleanup; 1239 } else { 1240 rc = build_attribute(CKA_COEFFICIENT, tmp, len, &coeff_attr); 1241 if (rc != CKR_OK) { 1242 goto cleanup; 1243 } 1244 offset += len; 1245 } 1246 1247 *modulus = n_attr; 1248 *publ_exp = e_attr; 1249 *priv_exp = d_attr; 1250 *prime1 = p_attr; 1251 *prime2 = q_attr; 1252 *exponent1 = e1_attr; 1253 *exponent2 = e2_attr; 1254 *coeff = coeff_attr; 1255 1256 return (CKR_OK); 1257 1258 cleanup: 1259 if (n_attr) free(n_attr); 1260 if (e_attr) free(e_attr); 1261 if (d_attr) free(d_attr); 1262 if (p_attr) free(p_attr); 1263 if (q_attr) free(q_attr); 1264 if (e1_attr) free(e1_attr); 1265 if (e2_attr) free(e2_attr); 1266 if (coeff_attr) free(coeff_attr); 1267 1268 return (rc); 1269 } 1270