xref: /titanic_44/usr/src/lib/pkcs11/pkcs11_tpm/common/asn1.c (revision c3a558e7c77127215b010652905be7916ec5a080)
1 /*
2  *		Common Public License Version 0.5
3  *
4  *		THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF
5  *		THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE,
6  *		REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES
7  *		RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
8  *
9  *		1. DEFINITIONS
10  *
11  *		"Contribution" means:
12  *		      a) in the case of the initial Contributor, the
13  *		      initial code and documentation distributed under
14  *		      this Agreement, and
15  *
16  *		      b) in the case of each subsequent Contributor:
17  *		      i) changes to the Program, and
18  *		      ii) additions to the Program;
19  *
20  *		      where such changes and/or additions to the Program
21  *		      originate from and are distributed by that
22  *		      particular Contributor. A Contribution 'originates'
23  *		      from a Contributor if it was added to the Program
24  *		      by such Contributor itself or anyone acting on such
25  *		      Contributor's behalf. Contributions do not include
26  *		      additions to the Program which: (i) are separate
27  *		      modules of software distributed in conjunction with
28  *		      the Program under their own license agreement, and
29  *		      (ii) are not derivative works of the Program.
30  *
31  *
32  *		"Contributor" means any person or entity that distributes
33  *		the Program.
34  *
35  *		"Licensed Patents " mean patent claims licensable by a
36  *		Contributor which are necessarily infringed by the use or
37  *		sale of its Contribution alone or when combined with the
38  *		Program.
39  *
40  *		"Program" means the Contributions distributed in
41  *		accordance with this Agreement.
42  *
43  *		"Recipient" means anyone who receives the Program under
44  *		this Agreement, including all Contributors.
45  *
46  *		2. GRANT OF RIGHTS
47  *
48  *		      a) Subject to the terms of this Agreement, each
49  *		      Contributor hereby grants Recipient a
50  *		      no - exclusive, worldwide, royalt - free copyright
51  *		      license to reproduce, prepare derivative works of,
52  *		      publicly display, publicly perform, distribute and
53  *		      sublicense the Contribution of such Contributor, if
54  *		      any, and such derivative works, in source code and
55  *		      object code form.
56  *
57  *		      b) Subject to the terms of this Agreement, each
58  *		      Contributor hereby grants Recipient a
59  *		      no - exclusive, worldwide, royalt - free patent
60  *		      license under Licensed Patents to make, use, sell,
61  *		      offer to sell, import and otherwise transfer the
62  *		      Contribution of such Contributor, if any, in source
63  *		      code and object code form. This patent license
64  *		      shall apply to the combination of the Contribution
65  *		      and the Program if, at the time the Contribution is
66  *		      added by the Contributor, such addition of the
67  *		      Contribution causes such combination to be covered
68  *		      by the Licensed Patents. The patent license shall
69  *		      not apply to any other combinations which include
70  *		      the Contribution. No hardware per se is licensed
71  *		      hereunder.
72  *
73  *		      c) Recipient understands that although each
74  *		      Contributor grants the licenses to its
75  *		      Contributions set forth herein, no assurances are
76  *		      provided by any Contributor that the Program does
77  *		      not infringe the patent or other intellectual
78  *		      property rights of any other entity. Each
79  *		      Contributor disclaims any liability to Recipient
80  *		      for claims brought by any other entity based on
81  *		      infringement of intellectual property rights or
82  *		      otherwise. As a condition to exercising the rights
83  *		      and licenses granted hereunder, each Recipient
84  *		      hereby assumes sole responsibility to secure any
85  *		      other intellectual property rights needed, if any.
86  *
87  *		      For example, if a third party patent license is
88  *		      required to allow Recipient to distribute the
89  *		      Program, it is Recipient's responsibility to
90  *		      acquire that license before distributing the
91  *		      Program.
92  *
93  *		      d) Each Contributor represents that to its
94  *		      knowledge it has sufficient copyright rights in its
95  *		      Contribution, if any, to grant the copyright
96  *		      license set forth in this Agreement.
97  *
98  *		3. REQUIREMENTS
99  *
100  *		A Contributor may choose to distribute the Program in
101  *		object code form under its own license agreement, provided
102  *		that:
103  *		      a) it complies with the terms and conditions of
104  *		      this Agreement; and
105  *
106  *		      b) its license agreement:
107  *		      i) effectively disclaims on behalf of all
108  *		      Contributors all warranties and conditions, express
109  *		      and implied, including warranties or conditions of
110  *		      title and no - infringement, and implied warranties
111  *		      or conditions of merchantability and fitness for a
112  *		      particular purpose;
113  *
114  *		      ii) effectively excludes on behalf of all
115  *		      Contributors all liability for damages, including
116  *		      direct, indirect, special, incidental and
117  *		      consequential damages, such as lost profits;
118  *
119  *		      iii) states that any provisions which differ from
120  *		      this Agreement are offered by that Contributor
121  *		      alone and not by any other party; and
122  *
123  *		      iv) states that source code for the Program is
124  *		      available from such Contributor, and informs
125  *		      licensees how to obtain it in a reasonable manner
126  *		      on or through a medium customarily used for
127  *		      software exchange.
128  *
129  *		When the Program is made available in source code form:
130  *		      a) it must be made available under this Agreement;
131  *		      and
132  *		      b) a copy of this Agreement must be included with
133  *		      each copy of the Program.
134  *
135  *		Contributors may not remove or alter any copyright notices
136  *		contained within the Program.
137  *
138  *		Each Contributor must identify itself as the originator of
139  *		its Contribution, if any, in a manner that reasonably
140  *		allows subsequent Recipients to identify the originator of
141  *		the Contribution.
142  *
143  *
144  *		4. COMMERCIAL DISTRIBUTION
145  *
146  *		Commercial distributors of software may accept certain
147  *		responsibilities with respect to end users, business
148  *		partners and the like. While this license is intended to
149  *		facilitate the commercial use of the Program, the
150  *		Contributor who includes the Program in a commercial
151  *		product offering should do so in a manner which does not
152  *		create potential liability for other Contributors.
153  *		Therefore, if a Contributor includes the Program in a
154  *		commercial product offering, such Contributor ("Commercial
155  *		Contributor") hereby agrees to defend and indemnify every
156  *		other Contributor ("Indemnified Contributor") against any
157  *		losses, damages and costs (collectively "Losses") arising
158  *		from claims, lawsuits and other legal actions brought by a
159  *		third party against the Indemnified Contributor to the
160  *		extent caused by the acts or omissions of such Commercial
161  *		Contributor in connection with its distribution of the
162  *		Program in a commercial product offering. The obligations
163  *		in this section do not apply to any claims or Losses
164  *		relating to any actual or alleged intellectual property
165  *		infringement. In order to qualify, an Indemnified
166  *		Contributor must: a) promptly notify the Commercial
167  *		Contributor in writing of such claim, and b) allow the
168  *		Commercial Contributor to control, and cooperate with the
169  *		Commercial Contributor in, the defense and any related
170  *		settlement negotiations. The Indemnified Contributor may
171  *		participate in any such claim at its own expense.
172  *
173  *
174  *		For example, a Contributor might include the Program in a
175  *		commercial product offering, Product X. That Contributor
176  *		is then a Commercial Contributor. If that Commercial
177  *		Contributor then makes performance claims, or offers
178  *		warranties related to Product X, those performance claims
179  *		and warranties are such Commercial Contributor's
180  *		responsibility alone. Under this section, the Commercial
181  *		Contributor would have to defend claims against the other
182  *		Contributors related to those performance claims and
183  *		warranties, and if a court requires any other Contributor
184  *		to pay any damages as a result, the Commercial Contributor
185  *		must pay those damages.
186  *
187  *
188  *		5. NO WARRANTY
189  *
190  *		EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE
191  *		PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT
192  *		WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
193  *		IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR
194  *		CONDITIONS OF TITLE, NO - INFRINGEMENT, MERCHANTABILITY OR
195  *		FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely
196  *		responsible for determining the appropriateness of using
197  *		and distributing the Program and assumes all risks
198  *		associated with its exercise of rights under this
199  *		Agreement, including but not limited to the risks and
200  *		costs of program errors, compliance with applicable laws,
201  *		damage to or loss of data, programs or equipment, and
202  *		unavailability or interruption of operations.
203  *
204  *		6. DISCLAIMER OF LIABILITY
205  *		EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER
206  *		RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY
207  *		FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
208  *		OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION
209  *		LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF
210  *		LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
211  *		(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
212  *		OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE
213  *		OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE
214  *		POSSIBILITY OF SUCH DAMAGES.
215  *
216  *		7. GENERAL
217  *
218  *		If any provision of this Agreement is invalid or
219  *		unenforceable under applicable law, it shall not affect
220  *		the validity or enforceability of the remainder of the
221  *		terms of this Agreement, and without further action by the
222  *		parties hereto, such provision shall be reformed to the
223  *		minimum extent necessary to make such provision valid and
224  *		enforceable.
225  *
226  *
227  *		If Recipient institutes patent litigation against a
228  *		Contributor with respect to a patent applicable to
229  *		software (including a cros - claim or counterclaim in a
230  *		lawsuit), then any patent licenses granted by that
231  *		Contributor to such Recipient under this Agreement shall
232  *		terminate as of the date such litigation is filed. In
233  *		addition, If Recipient institutes patent litigation
234  *		against any entity (including a cros - claim or
235  *		counterclaim in a lawsuit) alleging that the Program
236  *		itself (excluding combinations of the Program with other
237  *		software or hardware) infringes such Recipient's
238  *		patent(s), then such Recipient's rights granted under
239  *		Section 2(b) shall terminate as of the date such
240  *		litigation is filed.
241  *
242  *		All Recipient's rights under this Agreement shall
243  *		terminate if it fails to comply with any of the material
244  *		terms or conditions of this Agreement and does not cure
245  *		such failure in a reasonable period of time after becoming
246  *		aware of such noncompliance. If all Recipient's rights
247  *		under this Agreement terminate, Recipient agrees to cease
248  *		use and distribution of the Program as soon as reasonably
249  *		practicable. However, Recipient's obligations under this
250  *		Agreement and any licenses granted by Recipient relating
251  *		to the Program shall continue and survive.
252  *
253  *		Everyone is permitted to copy and distribute copies of
254  *		this Agreement, but in order to avoid inconsistency the
255  *		Agreement is copyrighted and may only be modified in the
256  *		following manner. The Agreement Steward reserves the right
257  *		to publish new versions (including revisions) of this
258  *		Agreement from time to time. No one other than the
259  *		Agreement Steward has the right to modify this Agreement.
260  *
261  *		IBM is the initial Agreement Steward. IBM may assign the
262  *		responsibility to serve as the Agreement Steward to a
263  *		suitable separate entity. Each new version of the
264  *		Agreement will be given a distinguishing version number.
265  *		The Program (including Contributions) may always be
266  *		distributed subject to the version of the Agreement under
267  *		which it was received. In addition, after a new version of
268  *		the Agreement is published, Contributor may elect to
269  *		distribute the Program (including its Contributions) under
270  *		the new version. Except as expressly stated in Sections
271  *		2(a) and 2(b) above, Recipient receives no rights or
272  *		licenses to the intellectual property of any Contributor
273  *		under this Agreement, whether expressly, by implication,
274  *		estoppel or otherwise. All rights in the Program not
275  *		expressly granted under this Agreement are reserved.
276  *
277  *
278  *		This Agreement is governed by the laws of the State of New
279  *		York and the intellectual property laws of the United
280  *		States of America. No party to this Agreement will bring a
281  *		legal action under this Agreement more than one year after
282  *		the cause of action arose. Each party waives its rights to
283  *		a jury trial in any resulting litigation.
284  *
285  *
286  *
287  * (C) COPYRIGHT International Business Machines Corp. 2001, 2002
288  */
289 /*
290  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
291  * Use is subject to license terms.
292  */
293 #include "tpmtok_int.h"
294 
295 CK_ULONG
296 ber_encode_INTEGER(CK_BBOOL    length_only,
297 	CK_BYTE  ** ber_int,
298 	CK_ULONG  * ber_int_len,
299 	CK_BYTE   * data,
300 	CK_ULONG    data_len)
301 {
302 	CK_BYTE   *buf = NULL;
303 	CK_ULONG   len;
304 
305 	/*
306 	 * if data_len < 127 use short form length id
307 	 * if data_len < 256 use long form length id with
308 	 * byte length field
309 	 * if data_len < 65536 use long form length id with
310 	 * byte length field
311 	 * if data_len < 16777216 use long form length id
312 	 * with byte length field
313 	 */
314 	if (data_len < 128)
315 		len = 1 + 1 + data_len;
316 	else if (data_len < 256)
317 		len = 1 + (1 + 1) + data_len;
318 	else if (data_len < (1 << 16))
319 		len = 1 + (1 + 2) + data_len;
320 	else if (data_len < (1 << 24))
321 		len = 1 + (1 + 3) + data_len;
322 	else
323 		return (CKR_FUNCTION_FAILED);
324 
325 	if (length_only == TRUE) {
326 		*ber_int_len = len;
327 		return (CKR_OK);
328 	}
329 
330 	buf = (CK_BYTE *)malloc(len);
331 	if (! buf) {
332 		return (CKR_HOST_MEMORY);
333 	}
334 	if (data_len < 128) {
335 		buf[0] = 0x02;
336 		buf[1] = data_len;
337 		(void) memcpy(&buf[2], data, data_len);
338 
339 		*ber_int_len = len;
340 		*ber_int = buf;
341 		return (CKR_OK);
342 	}
343 
344 	if (data_len < 256) {
345 		buf[0] = 0x02;
346 		buf[1] = 0x81;
347 		buf[2] = data_len;
348 		(void) memcpy(&buf[3], data, data_len);
349 
350 		*ber_int_len = len;
351 		*ber_int = buf;
352 		return (CKR_OK);
353 	}
354 
355 	if (data_len < (1 << 16)) {
356 		buf[0] = 0x02;
357 		buf[1] = 0x82;
358 		buf[2] = (data_len >> 8) & 0xFF;
359 		buf[3] = (data_len) & 0xFF;
360 		(void) memcpy(&buf[4], data, data_len);
361 
362 		*ber_int_len = len;
363 		*ber_int = buf;
364 		return (CKR_OK);
365 	}
366 
367 	if (data_len < (1 << 24)) {
368 		buf[0] = 0x02;
369 		buf[1] = 0x83;
370 		buf[2] = (data_len >> 16) & 0xFF;
371 		buf[3] = (data_len >>  8) & 0xFF;
372 		buf[4] = (data_len) & 0xFF;
373 		(void) memcpy(&buf[5], data, data_len);
374 
375 		*ber_int_len = len;
376 		*ber_int = buf;
377 		return (CKR_OK);
378 	}
379 
380 	free(buf);
381 	return (CKR_FUNCTION_FAILED);
382 }
383 
384 CK_RV
385 ber_decode_INTEGER(CK_BYTE   * ber_int,
386 	CK_BYTE  ** data,
387 	CK_ULONG  * data_len,
388 	CK_ULONG  * field_len)
389 {
390 	CK_ULONG  len, length_octets;
391 
392 	if (! ber_int) {
393 		return (CKR_FUNCTION_FAILED);
394 	}
395 	if (ber_int[0] != 0x02) {
396 		return (CKR_FUNCTION_FAILED);
397 	}
398 	if ((ber_int[1] & 0x80) == 0) {
399 		len = ber_int[1] & 0x7F;
400 
401 		*data = &ber_int[2];
402 		*data_len  = len;
403 		*field_len = 1 + 1 + len;
404 		return (CKR_OK);
405 	}
406 
407 	length_octets = ber_int[1] & 0x7F;
408 
409 	if (length_octets == 1) {
410 		len = ber_int[2];
411 
412 		*data = &ber_int[3];
413 		*data_len  = len;
414 		*field_len = 1 + (1 + 1) + len;
415 		return (CKR_OK);
416 	}
417 
418 	if (length_octets == 2) {
419 		len = ber_int[2];
420 		len = len << 8;
421 		len |= ber_int[3];
422 
423 		*data = &ber_int[4];
424 		*data_len  = len;
425 		*field_len = 1 + (1 + 2) + len;
426 		return (CKR_OK);
427 	}
428 
429 	if (length_octets == 3) {
430 		len = ber_int[2];
431 		len = len << 8;
432 		len |= ber_int[3];
433 		len = len << 8;
434 		len |= ber_int[4];
435 
436 		*data = &ber_int[5];
437 		*data_len  = len;
438 		*field_len = 1 + (1 + 3) + len;
439 		return (CKR_OK);
440 	}
441 
442 	return (CKR_FUNCTION_FAILED);
443 }
444 
445 CK_RV
446 ber_encode_OCTET_STRING(CK_BBOOL    length_only,
447 CK_BYTE  ** str,
448 CK_ULONG  * str_len,
449 CK_BYTE   * data,
450 CK_ULONG    data_len)
451 {
452 	CK_BYTE   *buf = NULL;
453 	CK_ULONG   len;
454 
455 
456 	/*
457 	 * if data_len < 128 use shor - form length id
458 	 * if data_len < 256 use lon - form length id with - byte length field
459 	 * if data_len < 65536 use lon - form length id with - byte length field
460 	 */
461 	if (data_len < 128)
462 		len = 1 + 1 + data_len;
463 	else if (data_len < 256)
464 		len = 1 + (1 + 1) + data_len;
465 	else if (data_len < (1 << 16))
466 		len = 1 + (1 + 2) + data_len;
467 	else if (data_len < (1 << 24))
468 		len = 1 + (1 + 3) + data_len;
469 	else
470 		return (CKR_FUNCTION_FAILED);
471 
472 	if (length_only == TRUE) {
473 		*str_len = len;
474 		return (CKR_OK);
475 	}
476 
477 	buf = (CK_BYTE *)malloc(len);
478 	if (! buf) {
479 		return (CKR_HOST_MEMORY);
480 	}
481 
482 	if (data_len < 128) {
483 		buf[0] = 0x04; /* primitive, OCTET STRING */
484 		buf[1] = data_len;
485 		(void) memcpy(&buf[2], data, data_len);
486 
487 		*str_len = len;
488 		*str = buf;
489 		return (CKR_OK);
490 	}
491 
492 	if (data_len < 256) {
493 		buf[0] = 0x04;	/* primitive, OCTET STRING */
494 		buf[1] = 0x81;	/* length header -- 1 length octets */
495 		buf[2] = data_len;
496 
497 		(void) memcpy(&buf[3], data, data_len);
498 
499 		*str_len = len;
500 		*str = buf;
501 		return (CKR_OK);
502 	}
503 
504 	if (data_len < (1 << 16)) {
505 		buf[0] = 0x04;	/* primitive, OCTET STRING */
506 		buf[1] = 0x82;	/* length header -- 2 length octets */
507 		buf[2] = (data_len >> 8) & 0xFF;
508 		buf[3] = (data_len) & 0xFF;
509 
510 		(void) memcpy(&buf[4], data, data_len);
511 
512 		*str_len = len;
513 		*str = buf;
514 		return (CKR_OK);
515 	}
516 
517 	if (data_len < (1 << 24)) {
518 		buf[0] = 0x04;	/* primitive, OCTET STRING */
519 		buf[1] = 0x83;	/* length header -- 3 length octets */
520 		buf[2] = (data_len >> 16) & 0xFF;
521 		buf[3] = (data_len >>  8) & 0xFF;
522 		buf[4] = (data_len) & 0xFF;
523 
524 		(void) memcpy(&buf[5], data, data_len);
525 
526 		*str_len = len;
527 		*str = buf;
528 		return (CKR_OK);
529 	}
530 
531 	free(buf);
532 	return (CKR_FUNCTION_FAILED);
533 }
534 
535 CK_RV
536 ber_decode_OCTET_STRING(CK_BYTE  * str,
537 	CK_BYTE ** data,
538 	CK_ULONG * data_len,
539 	CK_ULONG * field_len)
540 {
541 	CK_ULONG  len, length_octets;
542 
543 	if (! str) {
544 		return (CKR_FUNCTION_FAILED);
545 	}
546 	if (str[0] != 0x04) {
547 		return (CKR_FUNCTION_FAILED);
548 	}
549 	if ((str[1] & 0x80) == 0) {
550 		len = str[1] & 0x7F;
551 
552 		*data = &str[2];
553 		*data_len  = len;
554 		*field_len = 1 + (1) + len;
555 		return (CKR_OK);
556 	}
557 
558 	length_octets = str[1] & 0x7F;
559 
560 	if (length_octets == 1) {
561 		len = str[2];
562 
563 		*data = &str[3];
564 		*data_len  = len;
565 		*field_len = 1 + (1 + 1) + len;
566 		return (CKR_OK);
567 	}
568 
569 	if (length_octets == 2) {
570 		len = str[2];
571 		len = len << 8;
572 		len |= str[3];
573 
574 		*data = &str[4];
575 		*data_len  = len;
576 		*field_len = 1 + (1 + 2) + len;
577 		return (CKR_OK);
578 	}
579 
580 	if (length_octets == 3) {
581 		len = str[2];
582 		len = len << 8;
583 		len |= str[3];
584 		len = len << 8;
585 		len |= str[4];
586 
587 		*data = &str[5];
588 		*data_len  = len;
589 		*field_len = 1 + (1 + 3) + len;
590 		return (CKR_OK);
591 	}
592 
593 	/* > 3 length octets implies a length > 16MB */
594 	return (CKR_FUNCTION_FAILED);
595 }
596 
597 CK_RV
598 ber_encode_SEQUENCE(CK_BBOOL    length_only,
599 	CK_BYTE  ** seq,
600 	CK_ULONG  * seq_len,
601 	CK_BYTE   * data,
602 	CK_ULONG    data_len)
603 {
604 	CK_BYTE   *buf = NULL;
605 	CK_ULONG   len;
606 
607 	if (data_len < 128)
608 		len = 1 + 1 + data_len;
609 	else if (data_len < 256)
610 		len = 1 + (1 + 1) + data_len;
611 	else if (data_len < (1 << 16))
612 		len = 1 + (1 + 2) + data_len;
613 	else if (data_len < (1 << 24))
614 		len = 1 + (1 + 3) + data_len;
615 	else
616 		return (CKR_FUNCTION_FAILED);
617 
618 	if (length_only == TRUE) {
619 		*seq_len = len;
620 		return (CKR_OK);
621 	}
622 
623 	buf = (CK_BYTE *)malloc(len);
624 	if (! buf) {
625 		return (CKR_HOST_MEMORY);
626 	}
627 
628 	if (data_len < 128) {
629 		buf[0] = 0x30;	/* constructed, SEQUENCE */
630 		buf[1] = data_len;
631 		(void) memcpy(&buf[2], data, data_len);
632 
633 		*seq_len = len;
634 		*seq = buf;
635 		return (CKR_OK);
636 	}
637 
638 	if (data_len < 256) {
639 		buf[0] = 0x30;	/* constructed, SEQUENCE */
640 		buf[1] = 0x81;	/* length header -- 1 length octets */
641 		buf[2] = data_len;
642 
643 		(void) memcpy(&buf[3], data, data_len);
644 
645 		*seq_len = len;
646 		*seq = buf;
647 		return (CKR_OK);
648 	}
649 
650 	if (data_len < (1 << 16)) {
651 		buf[0] = 0x30;	/* constructed, SEQUENCE */
652 		buf[1] = 0x82;	/* length header -- 2 length octets */
653 		buf[2] = (data_len >> 8) & 0xFF;
654 		buf[3] = (data_len) & 0xFF;
655 
656 		(void) memcpy(&buf[4], data, data_len);
657 
658 		*seq_len = len;
659 		*seq = buf;
660 		return (CKR_OK);
661 	}
662 
663 	if (data_len < (1 << 24)) {
664 		buf[0] = 0x30;	/* constructed, SEQUENCE */
665 		buf[1] = 0x83;	/* length header -- 3 length octets */
666 		buf[2] = (data_len >> 16) & 0xFF;
667 		buf[3] = (data_len >>  8) & 0xFF;
668 		buf[4] = (data_len) & 0xFF;
669 
670 		(void) memcpy(&buf[5], data, data_len);
671 
672 		*seq_len = len;
673 		*seq = buf;
674 		return (CKR_OK);
675 	}
676 
677 	return (CKR_FUNCTION_FAILED);
678 }
679 
680 CK_RV
681 ber_decode_SEQUENCE(CK_BYTE  * seq,
682 	CK_BYTE ** data,
683 	CK_ULONG * data_len,
684 	CK_ULONG * field_len)
685 {
686 	CK_ULONG  len, length_octets;
687 
688 	if (! seq) {
689 		return (CKR_FUNCTION_FAILED);
690 	}
691 	if (seq[0] != 0x30) {
692 		return (CKR_FUNCTION_FAILED);
693 	}
694 	if ((seq[1] & 0x80) == 0) {
695 		len = seq[1] & 0x7F;
696 
697 		*data = &seq[2];
698 		*data_len  = len;
699 		*field_len = 1 + (1) + len;
700 		return (CKR_OK);
701 	}
702 
703 	length_octets = seq[1] & 0x7F;
704 
705 	if (length_octets == 1) {
706 		len = seq[2];
707 
708 		*data = &seq[3];
709 		*data_len  = len;
710 		*field_len = 1 + (1 + 1) + len;
711 		return (CKR_OK);
712 	}
713 
714 	if (length_octets == 2) {
715 		len = seq[2];
716 		len = len << 8;
717 		len |= seq[3];
718 
719 		*data = &seq[4];
720 		*data_len  = len;
721 		*field_len = 1 + (1 + 2) + len;
722 		return (CKR_OK);
723 	}
724 
725 	if (length_octets == 3) {
726 		len = seq[2];
727 		len = len << 8;
728 		len |= seq[3];
729 		len = len << 8;
730 		len |= seq[4];
731 
732 		*data = &seq[5];
733 		*data_len  = len;
734 		*field_len = 1 + (1 + 3) + len;
735 		return (CKR_OK);
736 	}
737 
738 	return (CKR_FUNCTION_FAILED);
739 }
740 
741 /*
742  *
743  * PrivateKeyInfo ::= SEQUENCE {
744  *    version  Version  -- always '0' for now
745  *    privateKeyAlgorithm PrivateKeyAlgorithmIdentifier
746  *    privateKey  PrivateKey
747  *    attributes
748  * }
749  */
750 CK_RV
751 ber_encode_PrivateKeyInfo(CK_BBOOL    length_only,
752 CK_BYTE  ** data,
753 CK_ULONG  * data_len,
754 CK_BYTE   * algorithm_id,
755 CK_ULONG    algorithm_id_len,
756 CK_BYTE   * priv_key,
757 CK_ULONG    priv_key_len)
758 {
759 	CK_BYTE  * buf = NULL;
760 	CK_BYTE  * tmp = NULL;
761 	CK_BYTE    version[] = { 0 };
762 	CK_BYTE    attrib[]  = { 0x05, 0x00 };
763 	CK_ULONG   len, total;
764 	CK_RV rc;
765 
766 	len = 0;
767 
768 	rc = ber_encode_INTEGER(TRUE, NULL, &total, version, sizeof (version));
769 	if (rc != CKR_OK) {
770 		return (rc);
771 	}
772 	else
773 	len += total;
774 
775 	len += algorithm_id_len;
776 
777 	rc = ber_encode_OCTET_STRING(TRUE, NULL, &total,
778 	    priv_key, priv_key_len);
779 
780 	if (rc != CKR_OK)
781 		return (rc);
782 
783 	len += total;
784 
785 	/* for this stuff, attributes are always NULL == 05 00 */
786 	len += sizeof (attrib);
787 
788 	if (length_only == TRUE) {
789 		rc = ber_encode_SEQUENCE(TRUE, NULL, &total, NULL, len);
790 
791 		if (rc == CKR_OK)
792 			*data_len = total;
793 		return (rc);
794 	}
795 
796 	buf = (CK_BYTE *)malloc(len);
797 	if (! buf) {
798 		return (CKR_HOST_MEMORY);
799 	}
800 	len = 0;
801 	rc = ber_encode_INTEGER(FALSE, &tmp, &total, version, sizeof (version));
802 	if (rc != CKR_OK) {
803 		goto error;
804 	}
805 	(void) memcpy(buf + len, tmp, total);
806 	len += total;
807 	free(tmp);
808 
809 	(void) memcpy(buf + len, algorithm_id, algorithm_id_len);
810 	len += algorithm_id_len;
811 
812 	rc = ber_encode_OCTET_STRING(FALSE, &tmp, &total,
813 	    priv_key, priv_key_len);
814 	if (rc != CKR_OK) {
815 		goto error;
816 	}
817 	(void) memcpy(buf + len, tmp, total);
818 	len += total;
819 	free(tmp);
820 
821 	(void) memcpy(buf + len, attrib, sizeof (attrib));
822 	len += sizeof (attrib);
823 
824 	rc = ber_encode_SEQUENCE(FALSE, data, data_len, buf, len);
825 
826 error:
827 	free(buf);
828 	return (rc);
829 }
830 
831 CK_RV
832 ber_decode_PrivateKeyInfo(CK_BYTE   * data,
833 	CK_ULONG    data_len,
834 	CK_BYTE  ** algorithm,
835 	CK_ULONG  * alg_len,
836 	CK_BYTE  ** priv_key)
837 {
838 	CK_BYTE  *buf = NULL;
839 	CK_BYTE  *alg = NULL;
840 	CK_BYTE  *ver = NULL;
841 	CK_ULONG  buf_len, offset, len, field_len;
842 	CK_RV rc;
843 
844 	if (! data || (data_len == 0)) {
845 		return (CKR_FUNCTION_FAILED);
846 	}
847 	rc = ber_decode_SEQUENCE(data, &buf, &buf_len, &field_len);
848 	if (rc != CKR_OK) {
849 		return (rc);
850 	}
851 	offset = 0;
852 	rc = ber_decode_INTEGER(buf + offset, &ver, &len, &field_len);
853 	if (rc != CKR_OK) {
854 		return (rc);
855 	}
856 	offset += field_len;
857 
858 	rc = ber_decode_SEQUENCE(buf + offset, &alg, &len, &field_len);
859 	if (rc != CKR_OK) {
860 		return (rc);
861 	}
862 	*algorithm = alg;
863 	*alg_len   = len;
864 
865 	rc = ber_decode_OCTET_STRING(alg + len, priv_key, &buf_len, &field_len);
866 	return (rc);
867 }
868 
869 /*
870  * RSAPrivateKey ::= SEQUENCE {
871  *    version  Version  -- always '0' for now
872  *    modulus  INTEGER
873  *    publicExponent  INTEGER
874  *    privateExponent INTEGER
875  *    prime1  INTEGER
876  *    prime2  INTEGER
877  *    exponent1  INTEGER
878  *    exponent2  INTEGER
879  *    coefficient INTEGER
880  * }
881  */
882 CK_RV
883 ber_encode_RSAPrivateKey(CK_BBOOL    length_only,
884 	CK_BYTE  ** data,
885 	CK_ULONG  * data_len,
886 	CK_ATTRIBUTE * modulus,
887 	CK_ATTRIBUTE * publ_exp,
888 	CK_ATTRIBUTE * priv_exp,
889 	CK_ATTRIBUTE * prime1,
890 	CK_ATTRIBUTE * prime2,
891 	CK_ATTRIBUTE * exponent1,
892 	CK_ATTRIBUTE * exponent2,
893 	CK_ATTRIBUTE * coeff)
894 {
895 	CK_BYTE   *buf = NULL;
896 	CK_BYTE   *buf2 = NULL;
897 	CK_ULONG   len, offset;
898 	CK_BYTE    version[] = { 0 };
899 	CK_RV rc;
900 
901 	offset = 0;
902 	rc = 0;
903 
904 	rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
905 	    sizeof (version));
906 	offset += len;
907 	rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
908 	    modulus->ulValueLen);
909 	offset += len;
910 	rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
911 	    publ_exp->ulValueLen);
912 	offset += len;
913 	rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
914 	    priv_exp->ulValueLen);
915 	offset += len;
916 	rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
917 	    prime1->ulValueLen);
918 	offset += len;
919 	rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
920 	    prime2->ulValueLen);
921 	offset += len;
922 	rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
923 	    exponent1->ulValueLen);
924 	offset += len;
925 	rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
926 	    exponent2->ulValueLen);
927 	offset += len;
928 	rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL,
929 	    coeff->ulValueLen);
930 	offset += len;
931 
932 	if (rc != CKR_OK) {
933 		return (CKR_FUNCTION_FAILED);
934 	}
935 	if (length_only == TRUE) {
936 		rc = ber_encode_SEQUENCE(TRUE, NULL, &len, NULL, offset);
937 		if (rc != CKR_OK)
938 			return (rc);
939 		rc = ber_encode_PrivateKeyInfo(TRUE,
940 		    NULL, data_len,
941 		    NULL, ber_AlgIdRSAEncryptionLen,
942 		    NULL, len);
943 		if (rc != CKR_OK)
944 			return (rc);
945 		return (rc);
946 	}
947 
948 	buf = (CK_BYTE *)malloc(offset);
949 	if (! buf) {
950 		return (CKR_HOST_MEMORY);
951 	}
952 	offset = 0;
953 	rc = 0;
954 
955 	rc = ber_encode_INTEGER(FALSE, &buf2, &len, version, sizeof (version));
956 	if (rc != CKR_OK) {
957 		goto error;
958 	}
959 	(void) memcpy(buf + offset, buf2, len);
960 	offset += len;
961 	free(buf2);
962 
963 	rc = ber_encode_INTEGER(FALSE, &buf2, &len,
964 	    (CK_BYTE *)modulus + sizeof (CK_ATTRIBUTE), modulus->ulValueLen);
965 	if (rc != CKR_OK) {
966 		goto error;
967 	}
968 	(void) memcpy(buf + offset, buf2, len);
969 	offset += len;
970 	free(buf2);
971 
972 	rc = ber_encode_INTEGER(FALSE, &buf2, &len,
973 	    (CK_BYTE *)publ_exp + sizeof (CK_ATTRIBUTE), publ_exp->ulValueLen);
974 	if (rc != CKR_OK) {
975 		goto error;
976 	}
977 	(void) memcpy(buf + offset, buf2, len);
978 	offset += len;
979 	free(buf2);
980 
981 	rc = ber_encode_INTEGER(FALSE, &buf2, &len,
982 	    (CK_BYTE *)priv_exp  + sizeof (CK_ATTRIBUTE),
983 	    priv_exp->ulValueLen);
984 	if (rc != CKR_OK) {
985 		goto error;
986 	}
987 	(void) memcpy(buf + offset, buf2, len);
988 	offset += len;
989 	free(buf2);
990 
991 	rc = ber_encode_INTEGER(FALSE, &buf2, &len,
992 	    (CK_BYTE *)prime1 + sizeof (CK_ATTRIBUTE), prime1->ulValueLen);
993 	if (rc != CKR_OK) {
994 		goto error;
995 	}
996 	(void) memcpy(buf + offset, buf2, len);
997 	offset += len;
998 	free(buf2);
999 
1000 	rc = ber_encode_INTEGER(FALSE, &buf2, &len,
1001 	    (CK_BYTE *)prime2 + sizeof (CK_ATTRIBUTE), prime2->ulValueLen);
1002 	if (rc != CKR_OK) {
1003 		goto error;
1004 	}
1005 	(void) memcpy(buf + offset, buf2, len);
1006 	offset += len;
1007 	free(buf2);
1008 
1009 	rc = ber_encode_INTEGER(FALSE, &buf2, &len,
1010 	    (CK_BYTE *)exponent1 + sizeof (CK_ATTRIBUTE),
1011 	    exponent1->ulValueLen);
1012 	if (rc != CKR_OK) {
1013 		goto error;
1014 	}
1015 	(void) memcpy(buf + offset, buf2, len);
1016 	offset += len;
1017 	free(buf2);
1018 
1019 	rc = ber_encode_INTEGER(FALSE, &buf2, &len,
1020 	    (CK_BYTE *)exponent2 + sizeof (CK_ATTRIBUTE),
1021 	    exponent2->ulValueLen);
1022 	if (rc != CKR_OK) {
1023 		goto error;
1024 	}
1025 	(void) memcpy(buf + offset, buf2, len);
1026 	offset += len;
1027 	free(buf2);
1028 
1029 	rc = ber_encode_INTEGER(FALSE, &buf2, &len,
1030 	    (CK_BYTE *)coeff + sizeof (CK_ATTRIBUTE), coeff->ulValueLen);
1031 	if (rc != CKR_OK) {
1032 		goto error;
1033 	}
1034 	(void) memcpy(buf + offset, buf2, len);
1035 	offset += len;
1036 	free(buf2);
1037 
1038 	rc = ber_encode_SEQUENCE(FALSE, &buf2, &len, buf, offset);
1039 	if (rc != CKR_OK) {
1040 		goto error;
1041 	}
1042 	rc = ber_encode_PrivateKeyInfo(FALSE,
1043 	    data, data_len,
1044 	    ber_AlgIdRSAEncryption, ber_AlgIdRSAEncryptionLen,
1045 	    buf2, len);
1046 error:
1047 	if (buf2) free(buf2);
1048 	if (buf)  free(buf);
1049 	return (rc);
1050 }
1051 
1052 CK_RV
1053 ber_decode_RSAPrivateKey(CK_BYTE    * data,
1054 	CK_ULONG data_len,
1055 	CK_ATTRIBUTE ** modulus,
1056 	CK_ATTRIBUTE ** publ_exp,
1057 	CK_ATTRIBUTE ** priv_exp,
1058 	CK_ATTRIBUTE ** prime1,
1059 	CK_ATTRIBUTE ** prime2,
1060 	CK_ATTRIBUTE ** exponent1,
1061 	CK_ATTRIBUTE ** exponent2,
1062 	CK_ATTRIBUTE ** coeff)
1063 {
1064 	CK_ATTRIBUTE *n_attr = NULL;
1065 	CK_ATTRIBUTE *e_attr = NULL;
1066 	CK_ATTRIBUTE *d_attr = NULL;
1067 	CK_ATTRIBUTE *p_attr = NULL;
1068 	CK_ATTRIBUTE *q_attr = NULL;
1069 	CK_ATTRIBUTE *e1_attr = NULL;
1070 	CK_ATTRIBUTE *e2_attr = NULL;
1071 	CK_ATTRIBUTE *coeff_attr = NULL;
1072 
1073 	CK_BYTE  *alg = NULL;
1074 	CK_BYTE  *rsa_priv_key = NULL;
1075 	CK_BYTE  *buf = NULL;
1076 	CK_BYTE  *tmp = NULL;
1077 	CK_ULONG offset, buf_len, field_len, len;
1078 	CK_RV rc;
1079 
1080 	rc = ber_decode_PrivateKeyInfo(data, data_len, &alg,
1081 	    &len, &rsa_priv_key);
1082 	if (rc != CKR_OK) {
1083 		return (rc);
1084 	}
1085 	if (memcmp(alg, ber_rsaEncryption, ber_rsaEncryptionLen) != 0) {
1086 		return (CKR_FUNCTION_FAILED);
1087 	}
1088 	rc = ber_decode_SEQUENCE(rsa_priv_key, &buf, &buf_len, &field_len);
1089 	if (rc != CKR_OK)
1090 		return (rc);
1091 	offset = 0;
1092 
1093 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1094 	if (rc != CKR_OK) {
1095 		goto cleanup;
1096 	}
1097 	offset += field_len;
1098 
1099 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1100 	if (rc != CKR_OK) {
1101 		goto cleanup;
1102 	}
1103 	offset += field_len;
1104 
1105 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1106 	if (rc != CKR_OK) {
1107 		goto cleanup;
1108 	}
1109 	offset += field_len;
1110 
1111 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1112 	if (rc != CKR_OK) {
1113 		goto cleanup;
1114 	}
1115 	offset += field_len;
1116 
1117 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1118 	if (rc != CKR_OK) {
1119 		goto cleanup;
1120 	}
1121 	offset += field_len;
1122 
1123 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1124 	if (rc != CKR_OK) {
1125 		goto cleanup;
1126 	}
1127 	offset += field_len;
1128 
1129 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1130 	if (rc != CKR_OK) {
1131 		goto cleanup;
1132 	}
1133 	offset += field_len;
1134 
1135 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1136 	if (rc != CKR_OK) {
1137 		goto cleanup;
1138 	}
1139 	offset += field_len;
1140 
1141 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1142 	if (rc != CKR_OK) {
1143 		goto cleanup;
1144 	}
1145 	offset += field_len;
1146 
1147 	if (offset > buf_len) {
1148 		return (CKR_FUNCTION_FAILED);
1149 	}
1150 
1151 	offset = 0;
1152 
1153 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1154 	if (rc != CKR_OK) {
1155 		goto cleanup;
1156 	}
1157 	offset += field_len;
1158 
1159 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1160 	if (rc != CKR_OK) {
1161 		goto cleanup;
1162 	} else {
1163 		rc = build_attribute(CKA_MODULUS, tmp, len, &n_attr);
1164 		if (rc != CKR_OK) {
1165 			goto cleanup;
1166 		}
1167 		offset += field_len;
1168 	}
1169 
1170 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1171 	if (rc != CKR_OK) {
1172 		goto cleanup;
1173 	} else {
1174 		rc = build_attribute(CKA_PUBLIC_EXPONENT, tmp, len, &e_attr);
1175 		if (rc != CKR_OK) {
1176 			goto cleanup;
1177 		}
1178 		offset += field_len;
1179 	}
1180 
1181 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1182 	if (rc != CKR_OK) {
1183 		goto cleanup;
1184 	} else {
1185 		rc = build_attribute(CKA_PRIVATE_EXPONENT, tmp, len, &d_attr);
1186 		if (rc != CKR_OK) {
1187 			goto cleanup;
1188 		}
1189 		offset += field_len;
1190 	}
1191 
1192 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1193 	if (rc != CKR_OK) {
1194 		goto cleanup;
1195 	} else {
1196 		rc = build_attribute(CKA_PRIME_1, tmp, len, &p_attr);
1197 		if (rc != CKR_OK) {
1198 			goto cleanup;
1199 		}
1200 		offset += field_len;
1201 	}
1202 
1203 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1204 	if (rc != CKR_OK) {
1205 		goto cleanup;
1206 	} else {
1207 		rc = build_attribute(CKA_PRIME_2, tmp, len, &q_attr);
1208 		if (rc != CKR_OK) {
1209 			goto cleanup;
1210 		}
1211 		offset += field_len;
1212 	}
1213 
1214 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1215 	if (rc != CKR_OK) {
1216 		goto cleanup;
1217 	} else {
1218 		rc = build_attribute(CKA_EXPONENT_1, tmp, len, &e1_attr);
1219 		if (rc != CKR_OK) {
1220 			goto cleanup;
1221 		}
1222 		offset += field_len;
1223 	}
1224 
1225 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1226 	if (rc != CKR_OK) {
1227 		goto cleanup;
1228 	} else {
1229 		rc = build_attribute(CKA_EXPONENT_2, tmp, len, &e2_attr);
1230 		if (rc != CKR_OK) {
1231 			goto cleanup;
1232 		}
1233 		offset += field_len;
1234 	}
1235 
1236 	rc = ber_decode_INTEGER(buf + offset, &tmp, &len, &field_len);
1237 	if (rc != CKR_OK) {
1238 		goto cleanup;
1239 	} else {
1240 		rc = build_attribute(CKA_COEFFICIENT, tmp, len, &coeff_attr);
1241 		if (rc != CKR_OK) {
1242 			goto cleanup;
1243 		}
1244 		offset += len;
1245 	}
1246 
1247 	*modulus   = n_attr;
1248 	*publ_exp  = e_attr;
1249 	*priv_exp  = d_attr;
1250 	*prime1 = p_attr;
1251 	*prime2 = q_attr;
1252 	*exponent1 = e1_attr;
1253 	*exponent2 = e2_attr;
1254 	*coeff = coeff_attr;
1255 
1256 	return (CKR_OK);
1257 
1258 cleanup:
1259 	if (n_attr) free(n_attr);
1260 	if (e_attr) free(e_attr);
1261 	if (d_attr) free(d_attr);
1262 	if (p_attr) free(p_attr);
1263 	if (q_attr) free(q_attr);
1264 	if (e1_attr) free(e1_attr);
1265 	if (e2_attr) free(e2_attr);
1266 	if (coeff_attr) free(coeff_attr);
1267 
1268 	return (rc);
1269 }
1270