1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * Copyright 2012 Milan Jurik. All rights reserved. 25 * Copyright (c) 2018, Joyent, Inc. 26 */ 27 28 #include <string.h> 29 #include <stdlib.h> 30 #include <strings.h> 31 #include "metaGlobal.h" 32 #include "metaAttrMasters.h" 33 34 static void 35 find_attribute(CK_ATTRIBUTE_TYPE attrtype, generic_attr_t *attributes, 36 size_t num_attributes, generic_attr_t **found_attribute); 37 38 /* 39 * get_master_attributes_by_object 40 * 41 * Returns an (statically allocated) set of object attributes, as determined by 42 * class and keytype of the supplied object. The attributes are only 43 * initialized to default values. 44 */ 45 CK_RV 46 get_master_attributes_by_object(slot_session_t *session, 47 slot_object_t *slot_object, generic_attr_t **attributes, 48 size_t *num_attributes) 49 { 50 CK_RV rv; 51 CK_ATTRIBUTE attr; 52 CK_OBJECT_CLASS class; 53 CK_ULONG subtype = CK_UNAVAILABLE_INFORMATION; 54 55 /* first get the class */ 56 attr.type = CKA_CLASS; 57 attr.pValue = &class; 58 attr.ulValueLen = sizeof (class); 59 rv = FUNCLIST(session->fw_st_id)->C_GetAttributeValue( 60 session->hSession, slot_object->hObject, &attr, 1); 61 if (rv != CKR_OK) { 62 return (rv); 63 } 64 65 attr.pValue = &subtype; 66 attr.ulValueLen = sizeof (subtype); 67 switch (class) { 68 case CKO_CERTIFICATE: 69 attr.type = CKA_CERTIFICATE_TYPE; 70 break; 71 case CKO_HW_FEATURE: 72 attr.type = CKA_HW_FEATURE_TYPE; 73 break; 74 case CKO_PUBLIC_KEY: 75 case CKO_PRIVATE_KEY: 76 case CKO_SECRET_KEY: 77 case CKO_DOMAIN_PARAMETERS: 78 attr.type = CKA_KEY_TYPE; 79 break; 80 case CKO_DATA: 81 goto get_attr; 82 default: 83 /* should never be here */ 84 return (CKR_ATTRIBUTE_VALUE_INVALID); 85 } 86 rv = FUNCLIST(session->fw_st_id)->C_GetAttributeValue( 87 session->hSession, slot_object->hObject, &attr, 1); 88 if (rv != CKR_OK) { 89 return (rv); 90 } 91 92 get_attr: 93 rv = get_master_attributes_by_type(class, subtype, 94 attributes, num_attributes); 95 96 return (rv); 97 } 98 99 /* 100 * get_master_attributes_by_template 101 * 102 * Returns an (statically allocated) set of object attributes, as determined by 103 * the supplied object template. The template is only used to determine the 104 * class/subclass of the object. The attributes are only initialized to 105 * default values. 106 */ 107 CK_RV 108 get_master_attributes_by_template( 109 CK_ATTRIBUTE *template, CK_ULONG template_size, 110 generic_attr_t **attributes, size_t *num_attributes) 111 { 112 CK_OBJECT_CLASS class; 113 CK_ULONG subtype = CK_UNAVAILABLE_INFORMATION; 114 boolean_t found; 115 116 found = get_template_ulong(CKA_CLASS, template, template_size, &class); 117 if (!found) { 118 return (CKR_TEMPLATE_INCOMPLETE); 119 } 120 121 switch (class) { 122 case CKO_CERTIFICATE: 123 found = get_template_ulong(CKA_CERTIFICATE_TYPE, 124 template, template_size, &subtype); 125 break; 126 case CKO_HW_FEATURE: 127 found = get_template_ulong(CKA_HW_FEATURE_TYPE, 128 template, template_size, &subtype); 129 break; 130 case CKO_PUBLIC_KEY: 131 case CKO_PRIVATE_KEY: 132 case CKO_SECRET_KEY: 133 case CKO_DOMAIN_PARAMETERS: 134 found = get_template_ulong(CKA_KEY_TYPE, 135 template, template_size, &subtype); 136 break; 137 case CKO_DATA: 138 /* CKO_DATA has no subtype, just pretend it is found */ 139 found = B_TRUE; 140 break; 141 default: 142 /* unknown object class */ 143 return (CKR_ATTRIBUTE_VALUE_INVALID); 144 } 145 146 if (!found) { 147 return (CKR_TEMPLATE_INCOMPLETE); 148 } 149 150 return (get_master_attributes_by_type(class, subtype, 151 attributes, num_attributes)); 152 } 153 154 /* 155 * get_master_template_by_type 156 * 157 * Returns an (statically allocated) set of object attributes, as determined 158 * by the specified class and subtype. The attributes are initialized to default 159 * values. 160 */ 161 CK_RV 162 get_master_template_by_type(CK_OBJECT_CLASS class, CK_ULONG subtype, 163 generic_attr_t **attributes, size_t *num_attributes) 164 { 165 generic_attr_t *master_template = NULL; 166 size_t master_template_size = 0; 167 168 switch (class) { 169 case CKO_HW_FEATURE: 170 switch (subtype) { 171 case CKO_HW_FEATURE: 172 master_template = (generic_attr_t *)OBJ_HW_CLOCK; 173 master_template_size = sizeof (OBJ_HW_CLOCK); 174 break; 175 176 case CKH_MONOTONIC_COUNTER: 177 master_template = (generic_attr_t *)OBJ_HW_MONOTONIC; 178 master_template_size = sizeof (OBJ_HW_MONOTONIC); 179 break; 180 181 default: 182 /* Unsupported. */ 183 break; 184 } 185 break; 186 187 case CKO_DATA: 188 /* Objects of this class have no subtype. */ 189 master_template = (generic_attr_t *)OBJ_DATA; 190 master_template_size = sizeof (OBJ_DATA); 191 break; 192 193 case CKO_CERTIFICATE: 194 switch (subtype) { 195 case CKC_X_509: 196 master_template = (generic_attr_t *)OBJ_CERT_X509; 197 master_template_size = sizeof (OBJ_CERT_X509); 198 break; 199 200 case CKC_X_509_ATTR_CERT: 201 master_template = (generic_attr_t *)OBJ_CERT_X509ATTR; 202 master_template_size = sizeof (OBJ_CERT_X509ATTR); 203 break; 204 205 default: 206 /* Unsupported. */ 207 break; 208 } 209 break; 210 211 case CKO_PUBLIC_KEY: 212 switch (subtype) { 213 case CKK_RSA: 214 master_template = (generic_attr_t *)OBJ_PUBKEY_RSA; 215 master_template_size = sizeof (OBJ_PUBKEY_RSA); 216 break; 217 218 case CKK_DSA: 219 master_template = (generic_attr_t *)OBJ_PUBKEY_DSA; 220 master_template_size = sizeof (OBJ_PUBKEY_DSA); 221 break; 222 223 case CKK_EC: 224 master_template = (generic_attr_t *)OBJ_PUBKEY_EC; 225 master_template_size = sizeof (OBJ_PUBKEY_EC); 226 break; 227 228 case CKK_DH: 229 master_template = (generic_attr_t *)OBJ_PUBKEY_DH; 230 master_template_size = sizeof (OBJ_PUBKEY_DH); 231 break; 232 233 case CKK_X9_42_DH: 234 master_template = (generic_attr_t *)OBJ_PUBKEY_X942DH; 235 master_template_size = sizeof (OBJ_PUBKEY_X942DH); 236 break; 237 238 case CKK_KEA: 239 master_template = (generic_attr_t *)OBJ_PUBKEY_KEA; 240 master_template_size = sizeof (OBJ_PUBKEY_KEA); 241 break; 242 243 default: 244 /* Unsupported. */ 245 break; 246 } 247 break; 248 249 case CKO_PRIVATE_KEY: 250 switch (subtype) { 251 case CKK_RSA: 252 master_template = (generic_attr_t *)OBJ_PRIVKEY_RSA; 253 master_template_size = sizeof (OBJ_PRIVKEY_RSA); 254 break; 255 256 case CKK_DSA: 257 master_template = (generic_attr_t *)OBJ_PRIVKEY_DSA; 258 master_template_size = sizeof (OBJ_PRIVKEY_DSA); 259 break; 260 261 case CKK_EC: 262 master_template = (generic_attr_t *)OBJ_PRIVKEY_EC; 263 master_template_size = sizeof (OBJ_PRIVKEY_EC); 264 break; 265 266 case CKK_DH: 267 master_template = (generic_attr_t *)OBJ_PRIVKEY_DH; 268 master_template_size = sizeof (OBJ_PRIVKEY_DH); 269 break; 270 271 case CKK_X9_42_DH: 272 master_template = (generic_attr_t *)OBJ_PRIVKEY_X942DH; 273 master_template_size = sizeof (OBJ_PRIVKEY_X942DH); 274 break; 275 276 case CKK_KEA: 277 master_template = (generic_attr_t *)OBJ_PRIVKEY_KEA; 278 master_template_size = sizeof (OBJ_PRIVKEY_KEA); 279 break; 280 281 default: 282 /* Unsupported. */ 283 break; 284 } 285 break; 286 287 case CKO_SECRET_KEY: 288 /* 289 * The only difference between secret keys is that some 290 * are valiable length (eg CKK_AES), while others are not 291 * (eg CKK_DES) -- and do not have a CKA_VALUE_LEN attribute. 292 * 293 * FUTURE(?): Consider using obj_seckey_withlen for unknown 294 * keytypes. This is the most likely choice, as new algorithms 295 * seem to support variable length keys. That's not the default 296 * now, because if people have implemented new key types with 297 * different attribute sets (like the mess of public/private 298 * key types), then incorrect behaviour would result. It's 299 * easier to relax this restriction than to tighten it (which 300 * would introduce a regression to anyone relying on this 301 * working for unknown key types). 302 * 303 */ 304 switch (subtype) { 305 case CKK_DES: 306 case CKK_DES2: 307 case CKK_DES3: 308 case CKK_IDEA: 309 case CKK_CDMF: 310 case CKK_SKIPJACK: 311 case CKK_BATON: 312 case CKK_JUNIPER: 313 master_template = (generic_attr_t *)OBJ_SECKEY; 314 master_template_size = sizeof (OBJ_SECKEY); 315 break; 316 317 case CKK_GENERIC_SECRET: 318 case CKK_RC2: 319 case CKK_RC4: 320 case CKK_RC5: 321 case CKK_AES: 322 case CKK_BLOWFISH: 323 case CKK_CAST: 324 case CKK_CAST3: 325 case CKK_CAST128: 326 master_template = (generic_attr_t *)OBJ_SECKEY_WITHLEN; 327 master_template_size = sizeof (OBJ_SECKEY_WITHLEN); 328 break; 329 330 default: 331 /* Unsupported. */ 332 break; 333 } 334 break; 335 336 case CKO_DOMAIN_PARAMETERS: 337 switch (subtype) { 338 case CKK_DSA: 339 master_template = (generic_attr_t *)OBJ_DOM_DSA; 340 master_template_size = sizeof (OBJ_DOM_DSA); 341 break; 342 343 case CKK_DH: 344 master_template = (generic_attr_t *)OBJ_DOM_DH; 345 master_template_size = sizeof (OBJ_DOM_DH); 346 break; 347 348 case CKK_X9_42_DH: 349 master_template = (generic_attr_t *)OBJ_DOM_X942DH; 350 master_template_size = sizeof (OBJ_DOM_X942DH); 351 break; 352 353 default: 354 /* Unsupported. */ 355 break; 356 } 357 break; 358 359 default: 360 /* Unsupported. */ 361 break; 362 } 363 364 /* Requested object is unknown or invalid. */ 365 if (master_template == NULL) 366 return (CKR_ATTRIBUTE_VALUE_INVALID); 367 else { 368 *attributes = master_template; 369 *num_attributes = master_template_size; 370 return (CKR_OK); 371 } 372 } 373 374 375 /* 376 * get_master_attributes_by_type 377 * 378 * Returns an (statically allocated) set of object attributes, as determined by 379 * the specified class and subtype. The attributes are initialized to default 380 * values. 381 */ 382 CK_RV 383 get_master_attributes_by_type(CK_OBJECT_CLASS class, CK_ULONG subtype, 384 generic_attr_t **attributes, size_t *num_attributes) 385 { 386 CK_RV rv; 387 generic_attr_t *master_template = NULL; 388 generic_attr_t *new_attributes; 389 size_t i, num_new_attributes, master_template_size = 0; 390 391 /* Determine the appropriate master template needed. */ 392 rv = get_master_template_by_type(class, subtype, 393 &master_template, &master_template_size); 394 if (rv != CKR_OK) 395 return (rv); 396 397 /* Duplicate the master template. */ 398 new_attributes = malloc(master_template_size); 399 if (new_attributes == NULL) 400 return (CKR_HOST_MEMORY); 401 402 (void) memcpy(new_attributes, master_template, master_template_size); 403 num_new_attributes = master_template_size / sizeof (generic_attr_t); 404 405 /* Set the pointer in the appropriate storage area. */ 406 for (i = 0; i < num_new_attributes; i++) { 407 generic_attr_t *attr; 408 409 attr = new_attributes + i; 410 411 switch (attr->attribute.ulValueLen) { 412 case (sizeof (CK_ULONG)): 413 attr->attribute.pValue = &attr->generic_ulong; 414 break; 415 case (sizeof (CK_BBOOL)): 416 attr->attribute.pValue = &attr->generic_bbool; 417 break; 418 default: 419 attr->attribute.pValue = attr->generic_data; 420 break; 421 } 422 423 } 424 425 /* Secret keys share a common template, so set the key type here. */ 426 if (class == CKO_SECRET_KEY) { 427 /* Keytype / subtype is always the second attribute. */ 428 new_attributes[1].generic_ulong = subtype; 429 } 430 431 *attributes = new_attributes; 432 *num_attributes = num_new_attributes; 433 434 return (CKR_OK); 435 } 436 437 438 /* 439 * get_master_attributes_by_duplication 440 * 441 * Returns an (statically allocated) set of object attributes, as copied from an 442 * existing set of attributes. The new attributes inherit the values from 443 * the old attributes. 444 */ 445 CK_RV 446 get_master_attributes_by_duplication( 447 generic_attr_t *src_attrs, size_t num_src_attrs, 448 generic_attr_t **dst_attrs, size_t *num_dst_attrs) 449 { 450 CK_RV rv = CKR_OK; 451 generic_attr_t *new_attrs, *src, *dst; 452 size_t i; 453 454 new_attrs = malloc(sizeof (generic_attr_t) * num_src_attrs); 455 if (new_attrs == NULL) 456 return (CKR_HOST_MEMORY); 457 458 for (i = 0; i < num_src_attrs; i++) { 459 src = src_attrs + i; 460 dst = new_attrs + i; 461 462 *dst = *src; 463 464 /* Adjust pointers in dst so that they don't point to src. */ 465 466 if (src->isMalloced) { 467 dst->attribute.pValue = 468 malloc(src->attribute.ulValueLen); 469 470 if (dst->attribute.pValue == NULL) { 471 /* 472 * Continue on error, so that the cleanup 473 * routine doesn't see pointers to src_attrs. 474 */ 475 dst->attribute.ulValueLen = 0; 476 rv = CKR_HOST_MEMORY; 477 continue; 478 } 479 } else if (src->attribute.pValue == &src->generic_bbool) { 480 dst->attribute.pValue = &dst->generic_bbool; 481 } else if (src->attribute.pValue == &src->generic_ulong) { 482 dst->attribute.pValue = &dst->generic_ulong; 483 } else if (src->attribute.pValue == &src->generic_data) { 484 dst->attribute.pValue = &dst->generic_data; 485 } else { 486 /* This shouldn't happen. */ 487 dst->attribute.pValue = NULL; 488 dst->attribute.ulValueLen = 0; 489 rv = CKR_GENERAL_ERROR; 490 num_src_attrs = i + 1; 491 break; 492 } 493 494 (void) memcpy(dst->attribute.pValue, src->attribute.pValue, 495 src->attribute.ulValueLen); 496 } 497 498 if (rv != CKR_OK) { 499 dealloc_attributes(new_attrs, num_src_attrs); 500 } else { 501 *dst_attrs = new_attrs; 502 *num_dst_attrs = num_src_attrs; 503 } 504 505 return (rv); 506 } 507 508 509 /* 510 * dealloc_attributes 511 * 512 * Deallocates the storage used for a set of attributes. The attribute 513 * values are zeroed out before being free'd. 514 */ 515 void 516 dealloc_attributes(generic_attr_t *attributes, size_t num_attributes) 517 { 518 size_t i; 519 generic_attr_t *attr; 520 521 for (i = 0; i < num_attributes; i++) { 522 attr = attributes + i; 523 524 /* 525 * Zero-out any attribute values. We could do this just for 526 * attributes with isSensitive == True, but it's not much 527 * extra work to just do them all. [Most attributes are just 528 * 1 or 4 bytes] 529 */ 530 explicit_bzero(attr->attribute.pValue, 531 attr->attribute.ulValueLen); 532 533 if (attr->isMalloced) 534 free(attr->attribute.pValue); 535 } 536 537 free(attributes); 538 } 539 540 541 /* 542 * attribute_set_value 543 * 544 * Sets the value of the specified attribute. Any portion of the old value 545 * which will not be overwritten by the new value is zeroed out. 546 */ 547 CK_RV 548 attribute_set_value(CK_ATTRIBUTE *new_attr, 549 generic_attr_t *attributes, size_t num_attributes) 550 { 551 generic_attr_t *attr = NULL; 552 553 if (new_attr == NULL) 554 return (CKR_TEMPLATE_INCOMPLETE); 555 else if (new_attr->pValue == NULL) { 556 return (CKR_ATTRIBUTE_VALUE_INVALID); 557 } 558 559 find_attribute(new_attr->type, attributes, num_attributes, &attr); 560 if (attr == NULL) { 561 return (CKR_ATTRIBUTE_TYPE_INVALID); 562 } 563 564 /* Store the new value. */ 565 if (attr->attribute.ulValueLen >= new_attr->ulValueLen) { 566 /* Existing storage is sufficient to store new value. */ 567 568 /* bzero() out any data that won't be overwritten. */ 569 explicit_bzero((char *)attr->attribute.pValue + 570 new_attr->ulValueLen, 571 attr->attribute.ulValueLen - new_attr->ulValueLen); 572 573 } else if (new_attr->ulValueLen <= sizeof (attr->generic_data)) { 574 /* Use generic storage to avoid a malloc. */ 575 576 explicit_bzero(attr->attribute.pValue, 577 attr->attribute.ulValueLen); 578 if (attr->isMalloced) { 579 /* 580 * If app sets a large value (triggering a malloc), 581 * then sets a tiny value, and finally again sets 582 * a large value (phew!) we could end up here. 583 * 584 * FUTURE?: Store the original malloc size, so that 585 * we can regrow the value up to the original size. 586 * This might avoid some heap churn for pathalogic 587 * applications. 588 */ 589 free(attr->attribute.pValue); 590 attr->isMalloced = B_FALSE; 591 } 592 593 attr->attribute.pValue = attr->generic_data; 594 595 } else { 596 /* Need to allocate storage for the new value. */ 597 void *newStorage; 598 599 newStorage = malloc(new_attr->ulValueLen); 600 if (newStorage == NULL) 601 return (CKR_HOST_MEMORY); 602 bzero(attr->attribute.pValue, attr->attribute.ulValueLen); 603 attr->attribute.pValue = newStorage; 604 attr->isMalloced = B_TRUE; 605 } 606 607 (void) memcpy(attr->attribute.pValue, new_attr->pValue, 608 new_attr->ulValueLen); 609 attr->attribute.ulValueLen = new_attr->ulValueLen; 610 attr->hasValueForClone = B_TRUE; 611 612 return (CKR_OK); 613 } 614 615 616 /* 617 * find_attribute 618 * 619 * Passes a pointer to the requested attribute, or NULL if not found. 620 */ 621 static void 622 find_attribute(CK_ATTRIBUTE_TYPE attrtype, generic_attr_t *attributes, 623 size_t num_attributes, generic_attr_t **found_attribute) 624 { 625 generic_attr_t *attr; 626 boolean_t found = B_FALSE; 627 size_t i; 628 629 /* Find the requested attribute. */ 630 for (i = 0, attr = attributes; i < num_attributes; i++, attr++) { 631 if (attr->attribute.type == attrtype) { 632 found = B_TRUE; 633 break; 634 } 635 } 636 637 *found_attribute = found ? attr : NULL; 638 } 639 640 641 /* 642 * get_template_ulong 643 * 644 * Look for the specified ulong-size attribute, and retrieve its value. The 645 * return value specifies if the attribute was found (or not). 646 */ 647 boolean_t 648 get_template_ulong(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attributes, 649 CK_ULONG num_attributes, CK_ULONG *result) 650 { 651 boolean_t found = B_FALSE; 652 CK_ULONG i; 653 654 for (i = 0; i < num_attributes; i++) { 655 if (attributes[i].type == type) { 656 CK_ULONG *value = attributes[i].pValue; 657 658 *result = *value; 659 found = B_TRUE; 660 break; 661 } 662 } 663 664 return (found); 665 } 666 667 668 /* 669 * get_template_boolean 670 * 671 * Look for the specified boolean attribute, and retrieve its value. The 672 * return value specifies if the attribute was found (or not). 673 */ 674 boolean_t 675 get_template_boolean(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attributes, 676 CK_ULONG num_attributes, boolean_t *result) 677 { 678 boolean_t found = B_FALSE; 679 CK_ULONG i; 680 681 for (i = 0; i < num_attributes; i++) { 682 if (attributes[i].type == type) { 683 CK_BBOOL *value = attributes[i].pValue; 684 685 if (*value == CK_FALSE) 686 *result = B_FALSE; 687 else 688 *result = B_TRUE; 689 690 found = B_TRUE; 691 break; 692 } 693 } 694 695 return (found); 696 } 697 698 /* 699 * set_template_boolean 700 * 701 * Look for the specified boolean attribute, and set its value. 702 * 703 * if 'local' is true, it sets the pointer to the value in the template a new 704 * location. There should be no memory leak created by this because we are 705 * only doing this to booleans which should not be malloc'ed. 706 * 707 * if 'local' is false, it sets its value. 708 * 709 * The return value specifies if the attribute was found (or not). 710 */ 711 int 712 set_template_boolean(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attributes, 713 CK_ULONG num_attributes, boolean_t local, CK_BBOOL *value) 714 { 715 int i; 716 717 for (i = 0; i < num_attributes; i++) { 718 if (attributes[i].type == type) { 719 if (local) 720 attributes[i].pValue = value; 721 else 722 *((CK_BBOOL *)attributes[i].pValue) = *value; 723 724 return (i); 725 } 726 } 727 728 return (-1); 729 }