CK_OBJECT_HANDLE SoftDatabase::importPublicKey(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) {
// Begin the transaction
if(sqlite3_exec(db, "BEGIN IMMEDIATE;", NULL, NULL, NULL) != SQLITE_OK) {
return CK_INVALID_HANDLE;
}
CHECK_DB_RESPONSE(sqlite3_step(insert_object_sql) != SQLITE_DONE);
CK_OBJECT_HANDLE objectID = sqlite3_last_insert_rowid(db);
sqlite3_reset(insert_object_sql);
CK_BBOOL ckTrue = CK_TRUE, ckFalse = CK_FALSE;
CK_DATE emptyDate;
CK_MECHANISM_TYPE mechType = CK_UNAVAILABLE_INFORMATION;
// Created by db handle and application. So we can remove the correct session objects in the future.
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_VENDOR_DEFINED, &db, sizeof(db)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_VENDOR_DEFINED+1, appID, strlen(appID)) != CKR_OK);
// General information
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_LOCAL, &ckFalse, sizeof(ckFalse)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_KEY_GEN_MECHANISM, &mechType, sizeof(mechType)) != CKR_OK);
// Default values, may be changed by the template.
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_LABEL, NULL_PTR, 0) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_ID, NULL_PTR, 0) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_SUBJECT, NULL_PTR, 0) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_PRIVATE, &ckTrue, sizeof(ckTrue)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_MODIFIABLE, &ckTrue, sizeof(ckTrue)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_TOKEN, &ckFalse, sizeof(ckFalse)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_DERIVE, &ckFalse, sizeof(ckFalse)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_ENCRYPT, &ckTrue, sizeof(ckTrue)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_VERIFY, &ckTrue, sizeof(ckTrue)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_VERIFY_RECOVER, &ckTrue, sizeof(ckTrue)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_WRAP, &ckTrue, sizeof(ckTrue)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_TRUSTED, &ckFalse, sizeof(ckFalse)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_START_DATE, &emptyDate, 0) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_END_DATE, &emptyDate, 0) != CKR_OK);
// Extract the attributes
for(CK_ULONG i = 0; i < ulCount; i++) {
if(pTemplate[i].type == CKA_MODULUS) {
Botan::BigInt bigModulus = Botan::BigInt(0);
bigModulus.binary_decode((Botan::byte*)pTemplate[i].pValue, pTemplate[i].ulValueLen);
CK_ULONG bits = bigModulus.bits();
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_MODULUS_BITS, &bits, sizeof(bits)) != CKR_OK);
}
CHECK_DB_RESPONSE(this->saveAttribute(objectID, pTemplate[i].type, pTemplate[i].pValue,
pTemplate[i].ulValueLen) != CKR_OK);
}
sqlite3_exec(db, "COMMIT;", NULL, NULL, NULL);
return objectID;
}
ticks ECDSA_Timing_Test::measure_critical_function(std::vector<uint8_t> input)
{
const Botan::BigInt k(input.data(), input.size());
const Botan::BigInt msg(Timing_Test::timing_test_rng(), m_order.bits());
ticks start = get_ticks();
//The following ECDSA operations involve and should not leak any information about k.
const Botan::PointGFp k_times_P = m_base_point.blinded_multiply(k, Timing_Test::timing_test_rng());
const Botan::BigInt r = m_mod_order.reduce(k_times_P.get_affine_x());
const Botan::BigInt s = m_mod_order.multiply(inverse_mod(k, m_order), mul_add(m_x, r, msg));
ticks end = get_ticks();
return (end - start);
}
CK_OBJECT_HANDLE SoftDatabase::addRSAKeyPub(CK_STATE state, Botan::RSA_PrivateKey *rsaKey, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
CK_ULONG ulPublicKeyAttributeCount) {
// Begin the transaction
if(sqlite3_exec(db, "BEGIN IMMEDIATE;", NULL, NULL, NULL) != SQLITE_OK) {
return CK_INVALID_HANDLE;
}
CHECK_DB_RESPONSE(sqlite3_step(insert_object_sql) != SQLITE_DONE);
CK_OBJECT_HANDLE objectID = sqlite3_last_insert_rowid(db);
sqlite3_reset(insert_object_sql);
CK_OBJECT_CLASS oClass = CKO_PUBLIC_KEY;
CK_KEY_TYPE keyType = CKK_RSA;
CK_MECHANISM_TYPE mechType = CKM_RSA_PKCS_KEY_PAIR_GEN;
CK_BBOOL ckTrue = CK_TRUE, ckFalse = CK_FALSE;
CK_DATE emptyDate;
// Created by db handle and application. So we can remove the correct session objects in the future.
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_VENDOR_DEFINED, &db, sizeof(db)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_VENDOR_DEFINED+1, appID, strlen(appID)) != CKR_OK);
// General information
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_CLASS, &oClass, sizeof(oClass)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_KEY_TYPE, &keyType, sizeof(keyType)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_KEY_GEN_MECHANISM, &mechType, sizeof(mechType)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_LOCAL, &ckTrue, sizeof(ckTrue)) != CKR_OK);
// Default values, may be changed by the template.
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_LABEL, NULL_PTR, 0) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_ID, NULL_PTR, 0) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_SUBJECT, NULL_PTR, 0) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_PRIVATE, &ckTrue, sizeof(ckTrue)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_MODIFIABLE, &ckTrue, sizeof(ckTrue)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_TOKEN, &ckFalse, sizeof(ckFalse)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_DERIVE, &ckFalse, sizeof(ckFalse)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_ENCRYPT, &ckTrue, sizeof(ckTrue)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_VERIFY, &ckTrue, sizeof(ckTrue)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_VERIFY_RECOVER, &ckTrue, sizeof(ckTrue)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_WRAP, &ckTrue, sizeof(ckTrue)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_TRUSTED, &ckFalse, sizeof(ckFalse)) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_START_DATE, &emptyDate, 0) != CKR_OK);
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_END_DATE, &emptyDate, 0) != CKR_OK);
// The RSA modulus bits
Botan::IF_Scheme_PublicKey *ifKey = dynamic_cast<Botan::IF_Scheme_PublicKey*>(rsaKey);
Botan::BigInt bigModulus = ifKey->get_n();
CK_ULONG bits = bigModulus.bits();
CHECK_DB_RESPONSE(this->saveAttribute(objectID, CKA_MODULUS_BITS, &bits, sizeof(bits)) != CKR_OK);
// The RSA modulus
CHECK_DB_RESPONSE(this->saveAttributeBigInt(objectID, CKA_MODULUS, &bigModulus) != CKR_OK);
// The RSA public exponent
Botan::BigInt bigExponent = ifKey->get_e();
CHECK_DB_RESPONSE(this->saveAttributeBigInt(objectID, CKA_PUBLIC_EXPONENT, &bigExponent) != CKR_OK);
CK_BBOOL trusted;
// Extract the attributes from the template
for(CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++) {
switch(pPublicKeyTemplate[i].type) {
// Byte array
case CKA_LABEL:
case CKA_ID:
case CKA_SUBJECT:
CHECK_DB_RESPONSE(this->saveAttribute(objectID, pPublicKeyTemplate[i].type, pPublicKeyTemplate[i].pValue,
pPublicKeyTemplate[i].ulValueLen) != CKR_OK);
break;
// Bool
case CKA_DERIVE:
case CKA_TOKEN:
case CKA_PRIVATE:
case CKA_MODIFIABLE:
case CKA_ENCRYPT:
case CKA_VERIFY:
case CKA_VERIFY_RECOVER:
case CKA_WRAP:
if(pPublicKeyTemplate[i].ulValueLen == sizeof(CK_BBOOL)) {
CHECK_DB_RESPONSE(this->saveAttribute(objectID, pPublicKeyTemplate[i].type, pPublicKeyTemplate[i].pValue,
pPublicKeyTemplate[i].ulValueLen) != CKR_OK);
}
break;
case CKA_TRUSTED:
// Check for the correct size
CHECK_DB_RESPONSE(pPublicKeyTemplate[i].ulValueLen != sizeof(CK_BBOOL))
// CKA_TRUSTED can only be set to true by SO
trusted = *(CK_BBOOL*)pPublicKeyTemplate[i].pValue;
CHECK_DB_RESPONSE(state != CKS_RW_SO_FUNCTIONS && trusted != CK_FALSE)
CHECK_DB_RESPONSE(this->saveAttribute(objectID, pPublicKeyTemplate[i].type, pPublicKeyTemplate[i].pValue,
pPublicKeyTemplate[i].ulValueLen) != CKR_OK);
break;
// Date
case CKA_START_DATE:
case CKA_END_DATE:
if(pPublicKeyTemplate[i].ulValueLen == sizeof(CK_DATE) ||
pPublicKeyTemplate[i].ulValueLen == 0) {
CHECK_DB_RESPONSE(this->saveAttribute(objectID, pPublicKeyTemplate[i].type, pPublicKeyTemplate[i].pValue,
pPublicKeyTemplate[i].ulValueLen) != CKR_OK);
}
break;
default:
break;
}
}
sqlite3_exec(db, "COMMIT;", NULL, NULL, NULL);
return objectID;
}