Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>


   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.

  24  */
  25 
  26 #include <fcntl.h>
  27 #include <strings.h>
  28 #include <sys/stat.h>
  29 #include <sys/types.h>
  30 #include <sys/sha1.h>
  31 #include <sys/md5.h>
  32 #include <sys/sysmacros.h>
  33 #include <security/cryptoki.h>
  34 #include "softGlobal.h"
  35 #include "softKeys.h"
  36 #include "softKeystore.h"
  37 #include "softMAC.h"
  38 #include "softObject.h"
  39 #include "softSession.h"
  40 #include "softSSL.h"
  41 
  42 /*
  43  * This files contains the implementation of the following PKCS#11


 908         }
 909 
 910         rv = soft_add_derived_key(new_tmpl, newattrcount,
 911             &(kmo->hServerKey), sp, basekey_p);
 912 
 913         if (rv != CKR_OK)
 914                 goto out_err;
 915 
 916         kb += secret_key_bytes;
 917 
 918         /* Finally, the IVs */
 919         if (iv_bytes > 0) {
 920                 bcopy(kb, kmo->pIVClient, iv_bytes);
 921                 kb += iv_bytes;
 922                 bcopy(kb, kmo->pIVServer, iv_bytes);
 923         }
 924 
 925         if (new_tmpl_allocated)
 926                 free(new_tmpl);
 927 
 928         if (export_keys != NULL)
 929                 free(export_keys);
 930 
 931         return (rv);
 932 
 933 out_err:
 934         if (kmo->hClientMacSecret != CK_INVALID_HANDLE) {
 935                 (void) soft_delete_derived_key(sp,
 936                     (soft_object_t *)(kmo->hClientMacSecret));
 937                 kmo->hClientMacSecret = CK_INVALID_HANDLE;
 938         }
 939         if (kmo->hServerMacSecret != CK_INVALID_HANDLE) {
 940                 (void) soft_delete_derived_key(sp,
 941                     (soft_object_t *)(kmo->hServerMacSecret));
 942                 kmo->hServerMacSecret = CK_INVALID_HANDLE;
 943         }
 944         if (kmo->hClientKey != CK_INVALID_HANDLE) {
 945                 (void) soft_delete_derived_key(sp,
 946                     (soft_object_t *)(kmo->hClientKey));
 947                 kmo->hClientKey = CK_INVALID_HANDLE;
 948         }
 949         if (kmo->hServerKey != CK_INVALID_HANDLE) {
 950                 (void) soft_delete_derived_key(sp,
 951                     (soft_object_t *)(kmo->hServerKey));
 952                 kmo->hServerKey = CK_INVALID_HANDLE;
 953         }
 954 
 955         if (new_tmpl_allocated)
 956                 free(new_tmpl);
 957 
 958         if (export_keys != NULL)
 959                 free(export_keys);
 960 
 961         return (rv);
 962 }
 963 
 964 /*
 965  * Add the derived key to the session, and, if it's a token object,
 966  * write it to the token.
 967  */
 968 static CK_RV
 969 soft_add_derived_key(CK_ATTRIBUTE_PTR tmpl, CK_ULONG attrcount,
 970     CK_OBJECT_HANDLE_PTR phKey, soft_session_t *sp, soft_object_t *basekey_p)
 971 {
 972         CK_RV rv;
 973         soft_object_t *secret_key;
 974 
 975         if ((secret_key = calloc(1, sizeof (soft_object_t))) == NULL) {
 976                 return (CKR_HOST_MEMORY);
 977         }
 978 
 979         if (((rv = soft_build_secret_key_object(tmpl, attrcount, secret_key,




   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  * Copyright 2018, Joyent, Inc.
  25  */
  26 
  27 #include <fcntl.h>
  28 #include <strings.h>
  29 #include <sys/stat.h>
  30 #include <sys/types.h>
  31 #include <sys/sha1.h>
  32 #include <sys/md5.h>
  33 #include <sys/sysmacros.h>
  34 #include <security/cryptoki.h>
  35 #include "softGlobal.h"
  36 #include "softKeys.h"
  37 #include "softKeystore.h"
  38 #include "softMAC.h"
  39 #include "softObject.h"
  40 #include "softSession.h"
  41 #include "softSSL.h"
  42 
  43 /*
  44  * This files contains the implementation of the following PKCS#11


 909         }
 910 
 911         rv = soft_add_derived_key(new_tmpl, newattrcount,
 912             &(kmo->hServerKey), sp, basekey_p);
 913 
 914         if (rv != CKR_OK)
 915                 goto out_err;
 916 
 917         kb += secret_key_bytes;
 918 
 919         /* Finally, the IVs */
 920         if (iv_bytes > 0) {
 921                 bcopy(kb, kmo->pIVClient, iv_bytes);
 922                 kb += iv_bytes;
 923                 bcopy(kb, kmo->pIVServer, iv_bytes);
 924         }
 925 
 926         if (new_tmpl_allocated)
 927                 free(new_tmpl);
 928 
 929         freezero(export_keys, 2 * MD5_HASH_SIZE);

 930 
 931         return (rv);
 932 
 933 out_err:
 934         if (kmo->hClientMacSecret != CK_INVALID_HANDLE) {
 935                 (void) soft_delete_derived_key(sp,
 936                     (soft_object_t *)(kmo->hClientMacSecret));
 937                 kmo->hClientMacSecret = CK_INVALID_HANDLE;
 938         }
 939         if (kmo->hServerMacSecret != CK_INVALID_HANDLE) {
 940                 (void) soft_delete_derived_key(sp,
 941                     (soft_object_t *)(kmo->hServerMacSecret));
 942                 kmo->hServerMacSecret = CK_INVALID_HANDLE;
 943         }
 944         if (kmo->hClientKey != CK_INVALID_HANDLE) {
 945                 (void) soft_delete_derived_key(sp,
 946                     (soft_object_t *)(kmo->hClientKey));
 947                 kmo->hClientKey = CK_INVALID_HANDLE;
 948         }
 949         if (kmo->hServerKey != CK_INVALID_HANDLE) {
 950                 (void) soft_delete_derived_key(sp,
 951                     (soft_object_t *)(kmo->hServerKey));
 952                 kmo->hServerKey = CK_INVALID_HANDLE;
 953         }
 954 
 955         if (new_tmpl_allocated)
 956                 free(new_tmpl);
 957 
 958         freezero(export_keys, 2 * MD5_HASH_SIZE);

 959 
 960         return (rv);
 961 }
 962 
 963 /*
 964  * Add the derived key to the session, and, if it's a token object,
 965  * write it to the token.
 966  */
 967 static CK_RV
 968 soft_add_derived_key(CK_ATTRIBUTE_PTR tmpl, CK_ULONG attrcount,
 969     CK_OBJECT_HANDLE_PTR phKey, soft_session_t *sp, soft_object_t *basekey_p)
 970 {
 971         CK_RV rv;
 972         soft_object_t *secret_key;
 973 
 974         if ((secret_key = calloc(1, sizeof (soft_object_t))) == NULL) {
 975                 return (CKR_HOST_MEMORY);
 976         }
 977 
 978         if (((rv = soft_build_secret_key_object(tmpl, attrcount, secret_key,