/* RSA private key decryption */
int pkcs11_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
PKCS11_KEY *key, int padding)
{
PKCS11_SLOT *slot = KEY2SLOT(key);
PKCS11_CTX *ctx = KEY2CTX(key);
PKCS11_KEY_private *kpriv = PRIVKEY(key);
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
CK_MECHANISM mechanism;
CK_ULONG size = flen;
CK_RV rv;
if (pkcs11_mechanism(&mechanism, padding) < 0)
return -1;
CRYPTO_THREAD_write_lock(PRIVSLOT(slot)->rwlock);
rv = CRYPTOKI_call(ctx,
C_DecryptInit(spriv->session, &mechanism, kpriv->object));
if (rv == CKR_USER_NOT_LOGGED_IN)
rv = pkcs11_authenticate(key);
if (!rv)
rv = CRYPTOKI_call(ctx,
C_Decrypt(spriv->session, (CK_BYTE *)from, size,
(CK_BYTE_PTR)to, &size));
CRYPTO_THREAD_unlock(PRIVSLOT(slot)->rwlock);
if (rv) {
PKCS11err(PKCS11_F_PKCS11_RSA_DECRYPT, pkcs11_map_err(rv));
return -1;
}
return size;
}
/* No padding or other stuff needed. We can call PKCS11 from here */
static int pkcs11_ecdsa_sign(const unsigned char *msg, unsigned int msg_len,
unsigned char *sigret, unsigned int *siglen, PKCS11_KEY *key)
{
int rv;
PKCS11_SLOT *slot = KEY2SLOT(key);
PKCS11_CTX *ctx = KEY2CTX(key);
PKCS11_KEY_private *kpriv = PRIVKEY(key);
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
CK_MECHANISM mechanism;
CK_ULONG ck_sigsize;
ck_sigsize = *siglen;
memset(&mechanism, 0, sizeof(mechanism));
mechanism.mechanism = CKM_ECDSA;
CRYPTO_THREAD_write_lock(PRIVSLOT(slot)->rwlock);
rv = CRYPTOKI_call(ctx,
C_SignInit(spriv->session, &mechanism, kpriv->object));
if (!rv)
rv = pkcs11_authenticate(key);
if (!rv)
rv = CRYPTOKI_call(ctx,
C_Sign(spriv->session, (CK_BYTE *)msg, msg_len, sigret, &ck_sigsize));
CRYPTO_THREAD_unlock(PRIVSLOT(slot)->rwlock);
if (rv) {
PKCS11err(PKCS11_F_PKCS11_EC_KEY_SIGN, pkcs11_map_err(rv));
return -1;
}
*siglen = ck_sigsize;
return ck_sigsize;
}
int
pkcs11_getattr_bn(PKCS11_TOKEN * token, CK_OBJECT_HANDLE object,
unsigned int type, BIGNUM ** bn)
{
CK_BYTE binary[4196 / 8];
size_t size = sizeof(binary);
if (pkcs11_getattr_var(token, object, type, binary, &size))
return -1;
if (size == -1) {
PKCS11err(PKCS11_F_PKCS11_GETATTR,
pkcs11_map_err(CKR_ATTRIBUTE_TYPE_INVALID));
return -1;
}
*bn = BN_bin2bn(binary, size, *bn);
return *bn ? 0 : -1;
}
/* OpenSSL assumes that the output buffer is always big enough */
int pkcs11_private_encrypt(int flen,
const unsigned char *from, unsigned char *to,
PKCS11_KEY *key, int padding)
{
PKCS11_SLOT *slot = KEY2SLOT(key);
PKCS11_CTX *ctx = KEY2CTX(key);
PKCS11_KEY_private *kpriv = PRIVKEY(key);
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
CK_MECHANISM mechanism;
CK_ULONG size;
int rv;
size = pkcs11_get_key_size(key);
if (pkcs11_mechanism(&mechanism, padding) < 0)
return -1;
CRYPTO_THREAD_write_lock(PRIVSLOT(slot)->rwlock);
/* Try signing first, as applications are more likely to use it */
rv = CRYPTOKI_call(ctx,
C_SignInit(spriv->session, &mechanism, kpriv->object));
if (rv == CKR_USER_NOT_LOGGED_IN)
rv = pkcs11_authenticate(key);
if (!rv)
rv = CRYPTOKI_call(ctx,
C_Sign(spriv->session, (CK_BYTE *)from, flen, to, &size));
if (rv == CKR_KEY_FUNCTION_NOT_PERMITTED) {
/* OpenSSL may use it for encryption rather than signing */
rv = CRYPTOKI_call(ctx,
C_EncryptInit(spriv->session, &mechanism, kpriv->object));
if (rv == CKR_USER_NOT_LOGGED_IN)
rv = pkcs11_authenticate(key);
if (!rv)
rv = CRYPTOKI_call(ctx,
C_Encrypt(spriv->session, (CK_BYTE *)from, flen, to, &size));
}
CRYPTO_THREAD_unlock(PRIVSLOT(slot)->rwlock);
if (rv) {
PKCS11err(PKCS11_F_PKCS11_RSA_ENCRYPT, pkcs11_map_err(rv));
return -1;
}
return size;
}
int
PKCS11_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
PKCS11_KEY * key, int padding)
{
CK_RV rv;
PKCS11_KEY_private *priv;
PKCS11_SLOT *slot;
PKCS11_CTX *ctx;
CK_SESSION_HANDLE session;
CK_MECHANISM mechanism;
CK_ULONG size = flen;
if (padding != RSA_PKCS1_PADDING) {
printf("pkcs11 engine: only RSA_PKCS1_PADDING allowed so far\n");
return -1;
}
if (key == NULL)
return -1;
/* PKCS11 calls go here */
ctx = KEY2CTX(key);
priv = PRIVKEY(key);
slot = TOKEN2SLOT(priv->parent);
CHECK_KEY_FORK(key);
session = PRIVSLOT(slot)->session;
memset(&mechanism, 0, sizeof(mechanism));
mechanism.mechanism = CKM_RSA_PKCS;
pkcs11_w_lock(PRIVSLOT(slot)->lockid);
rv = CRYPTOKI_call(ctx, C_DecryptInit(session, &mechanism, priv->object)) ||
CRYPTOKI_call(ctx,
C_Decrypt(session, (CK_BYTE *) from, (CK_ULONG)flen,
(CK_BYTE_PTR)to, &size));
pkcs11_w_unlock(PRIVSLOT(slot)->lockid);
if (rv) {
PKCS11err(PKCS11_F_PKCS11_RSA_DECRYPT, pkcs11_map_err(rv));
}
return rv ? 0 : size;
}
int
PKCS11_ecdsa_sign(const unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen, PKCS11_KEY * key)
{
/* signature size is the issue, will assume caller has a big buffer ! */
/* No padding or other stuff needed, we can cal PKCS11 from here */
int rv;
PKCS11_KEY_private *priv;
PKCS11_SLOT *slot;
PKCS11_CTX *ctx;
CK_SESSION_HANDLE session;
CK_MECHANISM mechanism;
CK_ULONG ck_sigsize;
ctx = KEY2CTX(key);
priv = PRIVKEY(key);
slot = TOKEN2SLOT(priv->parent);
CHECK_KEY_FORK(key);
session = PRIVSLOT(slot)->session;
ck_sigsize = *siglen;
memset(&mechanism, 0, sizeof(mechanism));
mechanism.mechanism = CKM_ECDSA;
pkcs11_w_lock(PRIVSLOT(slot)->lockid);
rv = CRYPTOKI_call(ctx, C_SignInit(session, &mechanism, priv->object)) ||
CRYPTOKI_call(ctx,
C_Sign(session, (CK_BYTE *) m, m_len, sigret, &ck_sigsize));
pkcs11_w_unlock(PRIVSLOT(slot)->lockid);
if (rv) {
PKCS11err(PKCS11_F_PKCS11_EC_KEY_SIGN, pkcs11_map_err(rv));
return -1;
}
*siglen = ck_sigsize;
return ck_sigsize;
}
/* initial code will only support what is needed for pkcs11_ec_ckey
* i.e. CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE
* and CK_EC_KDF_TYPE supported by token
* The secret key object is deleted
*
* In future CKM_ECMQV_DERIVE with CK_ECMQV_DERIVE_PARAMS
* could also be supported, and the secret key object could be returned.
*/
static int pkcs11_ecdh_derive(unsigned char **out, size_t *outlen,
const unsigned long ecdh_mechanism,
const void * ec_params,
void *outnewkey,
PKCS11_KEY * key)
{
PKCS11_SLOT *slot = KEY2SLOT(key);
PKCS11_CTX *ctx = KEY2CTX(key);
PKCS11_TOKEN *token = KEY2TOKEN(key);
PKCS11_KEY_private *kpriv = PRIVKEY(key);
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
CK_MECHANISM mechanism;
int rv;
CK_BBOOL true = TRUE;
CK_BBOOL false = FALSE;
CK_OBJECT_HANDLE newkey = CK_INVALID_HANDLE;
CK_OBJECT_CLASS newkey_class= CKO_SECRET_KEY;
CK_KEY_TYPE newkey_type = CKK_GENERIC_SECRET;
CK_OBJECT_HANDLE * tmpnewkey = (CK_OBJECT_HANDLE *)outnewkey;
CK_ATTRIBUTE newkey_template[] = {
{CKA_TOKEN, &false, sizeof(false)}, /* session only object */
{CKA_CLASS, &newkey_class, sizeof(newkey_class)},
{CKA_KEY_TYPE, &newkey_type, sizeof(newkey_type)},
{CKA_ENCRYPT, &true, sizeof(true)},
{CKA_DECRYPT, &true, sizeof(true)}
};
memset(&mechanism, 0, sizeof(mechanism));
mechanism.mechanism = ecdh_mechanism;
mechanism.pParameter = (void*)ec_params;
switch (ecdh_mechanism) {
case CKM_ECDH1_DERIVE:
case CKM_ECDH1_COFACTOR_DERIVE:
mechanism.ulParameterLen = sizeof(CK_ECDH1_DERIVE_PARAMS);
break;
#if 0
/* TODO */
case CK_ECMQV_DERIVE_PARAMS:
mechanism.ulParameterLen = sizeof(CK_ECMQV_DERIVE_PARAMS);
break;
#endif
default:
PKCS11err(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY, pkcs11_map_err(PKCS11_NOT_SUPPORTED));
return -1;
}
rv = CRYPTOKI_call(ctx, C_DeriveKey(spriv->session, &mechanism, kpriv->object, newkey_template, 5, &newkey));
CRYPTOKI_checkerr(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY, rv);
/* Return the value of the secret key and/or the object handle of the secret key */
if (out && outlen) { /* pkcs11_ec_ckey only asks for the value */
if (pkcs11_getattr_alloc(token, newkey, CKA_VALUE, out, outlen)) {
PKCS11err(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY,
pkcs11_map_err(CKR_ATTRIBUTE_VALUE_INVALID));
CRYPTOKI_call(ctx, C_DestroyObject(spriv->session, newkey));
return -1;
}
}
if (tmpnewkey) /* For future use (not used by pkcs11_ec_ckey) */
*tmpnewkey = newkey;
else /* Destroy the temporary key */
CRYPTOKI_call(ctx, C_DestroyObject(spriv->session, newkey));
return 0;
}
/* initial code will only support what is needed for pkcs11_ec_ckey
* i.e. CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE
* and CK_EC_KDF_TYPE supported by token
* The secret key object is deleted
*
* In future CKM_ECMQV_DERIVE with CK_ECMQV_DERIVE_PARAMS
* could also be supported, and the secret key object could be returned.
*/
int pkcs11_ecdh_derive_internal(unsigned char **out, size_t *outlen,
const unsigned long ecdh_mechanism,
const void * ec_params,
void *outnewkey,
PKCS11_KEY * key)
{
int rv;
int ret = -1;
unsigned char * buf = NULL;
size_t buflen;
PKCS11_KEY_private *priv;
PKCS11_SLOT *slot;
PKCS11_CTX *ctx;
PKCS11_TOKEN *token;
CK_SESSION_HANDLE session;
CK_MECHANISM mechanism;
CK_BBOOL true = TRUE;
CK_BBOOL false = FALSE;
CK_OBJECT_HANDLE newkey = CK_INVALID_HANDLE;
CK_OBJECT_CLASS newkey_class= CKO_SECRET_KEY;
CK_KEY_TYPE newkey_type = CKK_GENERIC_SECRET;
CK_OBJECT_HANDLE * tmpnewkey = (CK_OBJECT_HANDLE *)outnewkey;
CK_ATTRIBUTE newkey_template[] = {
{CKA_TOKEN, &false, sizeof(false)}, /* session only object */
{CKA_CLASS, &newkey_class, sizeof(newkey_class)},
{CKA_KEY_TYPE, &newkey_type, sizeof(newkey_type)},
{CKA_ENCRYPT, &true, sizeof(true)},
{CKA_DECRYPT, &true, sizeof(true)}
};
ctx = KEY2CTX(key);
priv = PRIVKEY(key);
token = KEY2TOKEN(key);
slot = KEY2SLOT(key);
CHECK_KEY_FORK(key);
session = PRIVSLOT(slot)->session;
memset(&mechanism, 0, sizeof(mechanism));
mechanism.mechanism = ecdh_mechanism;
mechanism.pParameter = (void*)ec_params;
switch (ecdh_mechanism) {
case CKM_ECDH1_DERIVE:
case CKM_ECDH1_COFACTOR_DERIVE:
mechanism.ulParameterLen = sizeof(CK_ECDH1_DERIVE_PARAMS);
break;
// case CK_ECMQV_DERIVE_PARAMS:
// mechanism.ulParameterLen = sizeof(CK_ECMQV_DERIVE_PARAMS);
// break;
default:
PKCS11err(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY, PKCS11_NOT_SUPPORTED);
goto err;
}
CRYPTO_w_lock(PRIVSLOT(slot)->lockid);
rv = CRYPTOKI_call(ctx, C_DeriveKey(session, &mechanism, priv->object, newkey_template, 5, &newkey));
if (rv) {
PKCS11err(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY, pkcs11_map_err(rv));
goto err;
}
/* Return the value of the secret key and/or the object handle of the secret key */
/* pkcs11_ec_ckey only asks for the value */
if (out && outlen) {
/* get size of secret key value */
if (!pkcs11_getattr_var(token, newkey, CKA_VALUE, NULL, &buflen)
&& buflen > 0) {
buf = OPENSSL_malloc(buflen);
if (buf == NULL) {
PKCS11err(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY,
pkcs11_map_err(CKR_HOST_MEMORY));
goto err;
}
} else {
PKCS11err(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY,
pkcs11_map_err(CKR_ATTRIBUTE_VALUE_INVALID));
goto err;
}
pkcs11_getattr_var(token, newkey, CKA_VALUE, buf, &buflen);
*out = buf;
*outlen = buflen;
buf = NULL;
}
/* not used by pkcs11_ec_ckey for future use */
if (tmpnewkey) {
*tmpnewkey = newkey;
newkey = CK_INVALID_HANDLE;
}
ret = 1;
err:
if (buf)
OPENSSL_free(buf);
if (newkey != CK_INVALID_HANDLE && session != CK_INVALID_HANDLE)
CRYPTOKI_call(ctx, C_DestroyObject(session, newkey));
return ret;
}
int
PKCS11_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
PKCS11_KEY * key, int padding)
{
PKCS11_KEY_private *priv;
PKCS11_SLOT *slot;
PKCS11_CTX *ctx;
CK_SESSION_HANDLE session;
CK_MECHANISM mechanism;
int rv;
int sigsize;
CK_ULONG ck_sigsize;
if (key == NULL)
return -1;
sigsize=PKCS11_get_key_size(key);
ck_sigsize=sigsize;
memset(&mechanism, 0, sizeof(mechanism));
switch (padding) {
case RSA_NO_PADDING:
mechanism.mechanism = CKM_RSA_X_509;
break;
case RSA_PKCS1_PADDING:
if ((flen + RSA_PKCS1_PADDING_SIZE) > sigsize) {
return -1; /* the size is wrong */
}
mechanism.mechanism = CKM_RSA_PKCS;
break;
default:
printf("pkcs11 engine: only RSA_NO_PADDING or RSA_PKCS1_PADDING allowed so far\n");
return -1;
}
ctx = KEY2CTX(key);
priv = PRIVKEY(key);
slot = TOKEN2SLOT(priv->parent);
CHECK_KEY_FORK(key);
session = PRIVSLOT(slot)->session;
pkcs11_w_lock(PRIVSLOT(slot)->lockid);
/* API is somewhat fishy here. *siglen is 0 on entry (cleared
* by OpenSSL). The library assumes that the memory passed
* by the caller is always big enough */
rv = CRYPTOKI_call(ctx, C_SignInit(session, &mechanism, priv->object)) ||
CRYPTOKI_call(ctx,
C_Sign(session, (CK_BYTE *) from, flen, to, &ck_sigsize));
pkcs11_w_unlock(PRIVSLOT(slot)->lockid);
if (rv) {
PKCS11err(PKCS11_F_PKCS11_RSA_SIGN, pkcs11_map_err(rv));
return -1;
}
if ((unsigned)sigsize != ck_sigsize)
return -1;
return sigsize;
}
