Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>


   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.

  24  */
  25 
  26 #include <strings.h>
  27 #include <errno.h>
  28 #include <ecc_impl.h>
  29 #include <security/cryptoki.h>
  30 #include <sys/crypto/ioctl.h>
  31 #include "kernelGlobal.h"
  32 #include "kernelSession.h"
  33 #include "kernelObject.h"
  34 
  35 static boolean_t
  36 attribute_in_template(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE_PTR t, CK_ULONG cnt)
  37 {
  38         int i;
  39 
  40         for (i = 0; i < cnt; i++) {
  41                 if (t[i].type == type)
  42                         return (B_TRUE);
  43         }


 326             obj_ngk.ngk_out_attributes);
 327         free_attributes(obj_ngk.ngk_out_attributes, &obj_ngk.ngk_out_count);
 328         if (rv != CRYPTO_SUCCESS) {
 329                 goto failed_exit;
 330         }
 331 
 332         /*
 333          * CKA_VALUE_LEN is not stored with the secret key object,
 334          * so we remove it by shifting attributes down one.
 335          */
 336         (void) remove_one_attribute(newTemplate, CKA_VALUE_LEN,
 337             attr_count, B_FALSE);
 338 
 339         rv = kernel_build_object(newTemplate, attr_count - 1,
 340             new_objp, session_p, KERNEL_GEN_KEY);
 341         if (rv != CRYPTO_SUCCESS) {
 342                 goto failed_exit;
 343         }
 344         new_objp->is_lib_obj = B_TRUE;
 345         new_objp->session_handle = (CK_SESSION_HANDLE)session_p;
 346         (void) free(newTemplate);
 347         bzero(key_buf, key_len);
 348         (void) free(key_buf);
 349         return (CKR_OK);
 350 
 351 failed_exit:
 352         free_attributes(obj_ngk.ngk_in_attributes, &obj_ngk.ngk_in_count);
 353         free_attributes(obj_ngk.ngk_out_attributes, &obj_ngk.ngk_out_count);
 354         if (key_buf != NULL) {
 355                 bzero(key_buf, key_len);
 356                 (void) free(key_buf);
 357         }
 358         if (newTemplate != NULL) {
 359                 (void) free(newTemplate);
 360         }
 361         return (rv);
 362 }
 363 
 364 CK_RV
 365 C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
 366     CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey)
 367 {
 368         CK_RV                   rv = CKR_OK;
 369         kernel_session_t        *session_p;
 370         kernel_object_t         *new_objp = NULL;
 371         kernel_slot_t           *pslot;
 372         boolean_t               ses_lock_held = B_FALSE;
 373         CK_BBOOL                is_pri_obj;
 374         CK_BBOOL                is_token_obj = FALSE;
 375         crypto_mech_type_t      k_mech_type;
 376         int r;
 377 
 378         if (!kernel_initialized)
 379                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 380 




   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  * Copyright 2018, Joyent, Inc.
  25  */
  26 
  27 #include <strings.h>
  28 #include <errno.h>
  29 #include <ecc_impl.h>
  30 #include <security/cryptoki.h>
  31 #include <sys/crypto/ioctl.h>
  32 #include "kernelGlobal.h"
  33 #include "kernelSession.h"
  34 #include "kernelObject.h"
  35 
  36 static boolean_t
  37 attribute_in_template(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE_PTR t, CK_ULONG cnt)
  38 {
  39         int i;
  40 
  41         for (i = 0; i < cnt; i++) {
  42                 if (t[i].type == type)
  43                         return (B_TRUE);
  44         }


 327             obj_ngk.ngk_out_attributes);
 328         free_attributes(obj_ngk.ngk_out_attributes, &obj_ngk.ngk_out_count);
 329         if (rv != CRYPTO_SUCCESS) {
 330                 goto failed_exit;
 331         }
 332 
 333         /*
 334          * CKA_VALUE_LEN is not stored with the secret key object,
 335          * so we remove it by shifting attributes down one.
 336          */
 337         (void) remove_one_attribute(newTemplate, CKA_VALUE_LEN,
 338             attr_count, B_FALSE);
 339 
 340         rv = kernel_build_object(newTemplate, attr_count - 1,
 341             new_objp, session_p, KERNEL_GEN_KEY);
 342         if (rv != CRYPTO_SUCCESS) {
 343                 goto failed_exit;
 344         }
 345         new_objp->is_lib_obj = B_TRUE;
 346         new_objp->session_handle = (CK_SESSION_HANDLE)session_p;
 347         free(newTemplate);
 348         freezero(key_buf, key_len);

 349         return (CKR_OK);
 350 
 351 failed_exit:
 352         free_attributes(obj_ngk.ngk_in_attributes, &obj_ngk.ngk_in_count);
 353         free_attributes(obj_ngk.ngk_out_attributes, &obj_ngk.ngk_out_count);
 354         freezero(key_buf, key_len);
 355         free(newTemplate);





 356         return (rv);
 357 }
 358 
 359 CK_RV
 360 C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
 361     CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey)
 362 {
 363         CK_RV                   rv = CKR_OK;
 364         kernel_session_t        *session_p;
 365         kernel_object_t         *new_objp = NULL;
 366         kernel_slot_t           *pslot;
 367         boolean_t               ses_lock_held = B_FALSE;
 368         CK_BBOOL                is_pri_obj;
 369         CK_BBOOL                is_token_obj = FALSE;
 370         crypto_mech_type_t      k_mech_type;
 371         int r;
 372 
 373         if (!kernel_initialized)
 374                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 375