1 1.1 christos /* $NetBSD: pkcs11rsa_link.c,v 1.1 2024/02/18 20:57:33 christos Exp $ */ 2 1.1 christos 3 1.1 christos /* 4 1.1 christos * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 5 1.1 christos * 6 1.1 christos * SPDX-License-Identifier: MPL-2.0 7 1.1 christos * 8 1.1 christos * This Source Code Form is subject to the terms of the Mozilla Public 9 1.1 christos * License, v. 2.0. If a copy of the MPL was not distributed with this 10 1.1 christos * file, you can obtain one at https://mozilla.org/MPL/2.0/. 11 1.1 christos * 12 1.1 christos * See the COPYRIGHT file distributed with this work for additional 13 1.1 christos * information regarding copyright ownership. 14 1.1 christos */ 15 1.1 christos 16 1.1 christos /*! \file */ 17 1.1 christos 18 1.1 christos #if USE_PKCS11 19 1.1 christos 20 1.1 christos #include <inttypes.h> 21 1.1 christos #include <stdbool.h> 22 1.1 christos 23 1.1 christos #include <isc/mem.h> 24 1.1 christos #include <isc/safe.h> 25 1.1 christos #include <isc/string.h> 26 1.1 christos #include <isc/util.h> 27 1.1 christos 28 1.1 christos #include <pk11/internal.h> 29 1.1 christos #include <pk11/site.h> 30 1.1 christos 31 1.1 christos #include <dst/result.h> 32 1.1 christos 33 1.1 christos #include "dst_internal.h" 34 1.1 christos #include "dst_parse.h" 35 1.1 christos #include "dst_pkcs11.h" 36 1.1 christos 37 1.1 christos /* 38 1.1 christos * Limit the size of public exponents. 39 1.1 christos */ 40 1.1 christos #ifndef RSA_MAX_PUBEXP_BITS 41 1.1 christos #define RSA_MAX_PUBEXP_BITS 35 42 1.1 christos #endif /* ifndef RSA_MAX_PUBEXP_BITS */ 43 1.1 christos 44 1.1 christos #define DST_RET(a) \ 45 1.1 christos { \ 46 1.1 christos ret = a; \ 47 1.1 christos goto err; \ 48 1.1 christos } 49 1.1 christos 50 1.1 christos static CK_BBOOL truevalue = TRUE; 51 1.1 christos static CK_BBOOL falsevalue = FALSE; 52 1.1 christos 53 1.1 christos static void 54 1.1 christos pkcs11rsa_destroy(dst_key_t *key); 55 1.1 christos 56 1.1 christos #ifndef PK11_RSA_PKCS_REPLACE 57 1.1 christos 58 1.1 christos static isc_result_t 59 1.1 christos pkcs11rsa_createctx_sign(dst_key_t *key, dst_context_t *dctx) { 60 1.1 christos CK_RV rv; 61 1.1 christos CK_MECHANISM mech = { 0, NULL, 0 }; 62 1.1 christos CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY; 63 1.1 christos CK_KEY_TYPE keyType = CKK_RSA; 64 1.1 christos CK_ATTRIBUTE keyTemplate[] = { 65 1.1 christos { CKA_CLASS, &keyClass, (CK_ULONG)sizeof(keyClass) }, 66 1.1 christos { CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) }, 67 1.1 christos { CKA_TOKEN, &falsevalue, (CK_ULONG)sizeof(falsevalue) }, 68 1.1 christos { CKA_PRIVATE, &falsevalue, (CK_ULONG)sizeof(falsevalue) }, 69 1.1 christos { CKA_SENSITIVE, &falsevalue, (CK_ULONG)sizeof(falsevalue) }, 70 1.1 christos { CKA_SIGN, &truevalue, (CK_ULONG)sizeof(truevalue) }, 71 1.1 christos { CKA_MODULUS, NULL, 0 }, 72 1.1 christos { CKA_PUBLIC_EXPONENT, NULL, 0 }, 73 1.1 christos { CKA_PRIVATE_EXPONENT, NULL, 0 }, 74 1.1 christos { CKA_PRIME_1, NULL, 0 }, 75 1.1 christos { CKA_PRIME_2, NULL, 0 }, 76 1.1 christos { CKA_EXPONENT_1, NULL, 0 }, 77 1.1 christos { CKA_EXPONENT_2, NULL, 0 }, 78 1.1 christos { CKA_COEFFICIENT, NULL, 0 } 79 1.1 christos }; 80 1.1 christos CK_ATTRIBUTE *attr; 81 1.1 christos CK_SLOT_ID slotid; 82 1.1 christos pk11_object_t *rsa; 83 1.1 christos pk11_context_t *pk11_ctx; 84 1.1 christos isc_result_t ret; 85 1.1 christos unsigned int i; 86 1.1 christos 87 1.1 christos REQUIRE(key->key_alg == DST_ALG_RSASHA1 || 88 1.1 christos key->key_alg == DST_ALG_NSEC3RSASHA1 || 89 1.1 christos key->key_alg == DST_ALG_RSASHA256 || 90 1.1 christos key->key_alg == DST_ALG_RSASHA512); 91 1.1 christos 92 1.1 christos /* 93 1.1 christos * Reject incorrect RSA key lengths. 94 1.1 christos */ 95 1.1 christos switch (dctx->key->key_alg) { 96 1.1 christos case DST_ALG_RSASHA1: 97 1.1 christos case DST_ALG_NSEC3RSASHA1: 98 1.1 christos /* From RFC 3110 */ 99 1.1 christos if (dctx->key->key_size > 4096) { 100 1.1 christos return (ISC_R_FAILURE); 101 1.1 christos } 102 1.1 christos break; 103 1.1 christos case DST_ALG_RSASHA256: 104 1.1 christos /* From RFC 5702 */ 105 1.1 christos if ((dctx->key->key_size < 512) || (dctx->key->key_size > 4096)) 106 1.1 christos { 107 1.1 christos return (ISC_R_FAILURE); 108 1.1 christos } 109 1.1 christos break; 110 1.1 christos case DST_ALG_RSASHA512: 111 1.1 christos /* From RFC 5702 */ 112 1.1 christos if ((dctx->key->key_size < 1024) || 113 1.1 christos (dctx->key->key_size > 4096)) 114 1.1 christos { 115 1.1 christos return (ISC_R_FAILURE); 116 1.1 christos } 117 1.1 christos break; 118 1.1 christos default: 119 1.1 christos UNREACHABLE(); 120 1.1 christos } 121 1.1 christos 122 1.1 christos rsa = key->keydata.pkey; 123 1.1 christos 124 1.1 christos pk11_ctx = isc_mem_get(dctx->mctx, sizeof(*pk11_ctx)); 125 1.1 christos memset(pk11_ctx, 0, sizeof(*pk11_ctx)); 126 1.1 christos if (rsa->ontoken) { 127 1.1 christos slotid = rsa->slot; 128 1.1 christos } else { 129 1.1 christos slotid = pk11_get_best_token(OP_RSA); 130 1.1 christos } 131 1.1 christos ret = pk11_get_session(pk11_ctx, OP_RSA, true, false, rsa->reqlogon, 132 1.1 christos NULL, slotid); 133 1.1 christos if (ret != ISC_R_SUCCESS) { 134 1.1 christos goto err; 135 1.1 christos } 136 1.1 christos 137 1.1 christos if (rsa->ontoken && (rsa->object != CK_INVALID_HANDLE)) { 138 1.1 christos pk11_ctx->ontoken = rsa->ontoken; 139 1.1 christos pk11_ctx->object = rsa->object; 140 1.1 christos goto token_key; 141 1.1 christos } 142 1.1 christos 143 1.1 christos for (attr = pk11_attribute_first(rsa); attr != NULL; 144 1.1 christos attr = pk11_attribute_next(rsa, attr)) 145 1.1 christos { 146 1.1 christos switch (attr->type) { 147 1.1 christos case CKA_MODULUS: 148 1.1 christos INSIST(keyTemplate[6].type == attr->type); 149 1.1 christos keyTemplate[6].pValue = isc_mem_get(dctx->mctx, 150 1.1 christos attr->ulValueLen); 151 1.1 christos memmove(keyTemplate[6].pValue, attr->pValue, 152 1.1 christos attr->ulValueLen); 153 1.1 christos keyTemplate[6].ulValueLen = attr->ulValueLen; 154 1.1 christos break; 155 1.1 christos case CKA_PUBLIC_EXPONENT: 156 1.1 christos INSIST(keyTemplate[7].type == attr->type); 157 1.1 christos keyTemplate[7].pValue = isc_mem_get(dctx->mctx, 158 1.1 christos attr->ulValueLen); 159 1.1 christos memmove(keyTemplate[7].pValue, attr->pValue, 160 1.1 christos attr->ulValueLen); 161 1.1 christos keyTemplate[7].ulValueLen = attr->ulValueLen; 162 1.1 christos break; 163 1.1 christos case CKA_PRIVATE_EXPONENT: 164 1.1 christos INSIST(keyTemplate[8].type == attr->type); 165 1.1 christos keyTemplate[8].pValue = isc_mem_get(dctx->mctx, 166 1.1 christos attr->ulValueLen); 167 1.1 christos memmove(keyTemplate[8].pValue, attr->pValue, 168 1.1 christos attr->ulValueLen); 169 1.1 christos keyTemplate[8].ulValueLen = attr->ulValueLen; 170 1.1 christos break; 171 1.1 christos case CKA_PRIME_1: 172 1.1 christos INSIST(keyTemplate[9].type == attr->type); 173 1.1 christos keyTemplate[9].pValue = isc_mem_get(dctx->mctx, 174 1.1 christos attr->ulValueLen); 175 1.1 christos memmove(keyTemplate[9].pValue, attr->pValue, 176 1.1 christos attr->ulValueLen); 177 1.1 christos keyTemplate[9].ulValueLen = attr->ulValueLen; 178 1.1 christos break; 179 1.1 christos case CKA_PRIME_2: 180 1.1 christos INSIST(keyTemplate[10].type == attr->type); 181 1.1 christos keyTemplate[10].pValue = isc_mem_get(dctx->mctx, 182 1.1 christos attr->ulValueLen); 183 1.1 christos memmove(keyTemplate[10].pValue, attr->pValue, 184 1.1 christos attr->ulValueLen); 185 1.1 christos keyTemplate[10].ulValueLen = attr->ulValueLen; 186 1.1 christos break; 187 1.1 christos case CKA_EXPONENT_1: 188 1.1 christos INSIST(keyTemplate[11].type == attr->type); 189 1.1 christos keyTemplate[11].pValue = isc_mem_get(dctx->mctx, 190 1.1 christos attr->ulValueLen); 191 1.1 christos memmove(keyTemplate[11].pValue, attr->pValue, 192 1.1 christos attr->ulValueLen); 193 1.1 christos keyTemplate[11].ulValueLen = attr->ulValueLen; 194 1.1 christos break; 195 1.1 christos case CKA_EXPONENT_2: 196 1.1 christos INSIST(keyTemplate[12].type == attr->type); 197 1.1 christos keyTemplate[12].pValue = isc_mem_get(dctx->mctx, 198 1.1 christos attr->ulValueLen); 199 1.1 christos memmove(keyTemplate[12].pValue, attr->pValue, 200 1.1 christos attr->ulValueLen); 201 1.1 christos keyTemplate[12].ulValueLen = attr->ulValueLen; 202 1.1 christos break; 203 1.1 christos case CKA_COEFFICIENT: 204 1.1 christos INSIST(keyTemplate[13].type == attr->type); 205 1.1 christos keyTemplate[13].pValue = isc_mem_get(dctx->mctx, 206 1.1 christos attr->ulValueLen); 207 1.1 christos memmove(keyTemplate[13].pValue, attr->pValue, 208 1.1 christos attr->ulValueLen); 209 1.1 christos keyTemplate[13].ulValueLen = attr->ulValueLen; 210 1.1 christos break; 211 1.1 christos } 212 1.1 christos } 213 1.1 christos pk11_ctx->object = CK_INVALID_HANDLE; 214 1.1 christos pk11_ctx->ontoken = false; 215 1.1 christos PK11_RET(pkcs_C_CreateObject, 216 1.1 christos (pk11_ctx->session, keyTemplate, (CK_ULONG)14, 217 1.1 christos &pk11_ctx->object), 218 1.1 christos ISC_R_FAILURE); 219 1.1 christos 220 1.1 christos token_key: 221 1.1 christos 222 1.1 christos switch (dctx->key->key_alg) { 223 1.1 christos case DST_ALG_RSASHA1: 224 1.1 christos case DST_ALG_NSEC3RSASHA1: 225 1.1 christos mech.mechanism = CKM_SHA1_RSA_PKCS; 226 1.1 christos break; 227 1.1 christos case DST_ALG_RSASHA256: 228 1.1 christos mech.mechanism = CKM_SHA256_RSA_PKCS; 229 1.1 christos break; 230 1.1 christos case DST_ALG_RSASHA512: 231 1.1 christos mech.mechanism = CKM_SHA512_RSA_PKCS; 232 1.1 christos break; 233 1.1 christos default: 234 1.1 christos UNREACHABLE(); 235 1.1 christos } 236 1.1 christos 237 1.1 christos PK11_RET(pkcs_C_SignInit, (pk11_ctx->session, &mech, pk11_ctx->object), 238 1.1 christos ISC_R_FAILURE); 239 1.1 christos 240 1.1 christos dctx->ctxdata.pk11_ctx = pk11_ctx; 241 1.1 christos 242 1.1 christos for (i = 6; i <= 13; i++) { 243 1.1 christos if (keyTemplate[i].pValue != NULL) { 244 1.1 christos { 245 1.1 christos isc_safe_memwipe(keyTemplate[i].pValue, 246 1.1 christos keyTemplate[i].ulValueLen); 247 1.1 christos isc_mem_put(dctx->mctx, keyTemplate[i].pValue, 248 1.1 christos keyTemplate[i].ulValueLen); 249 1.1 christos } 250 1.1 christos } 251 1.1 christos } 252 1.1 christos 253 1.1 christos return (ISC_R_SUCCESS); 254 1.1 christos 255 1.1 christos err: 256 1.1 christos if (!pk11_ctx->ontoken && (pk11_ctx->object != CK_INVALID_HANDLE)) { 257 1.1 christos (void)pkcs_C_DestroyObject(pk11_ctx->session, pk11_ctx->object); 258 1.1 christos } 259 1.1 christos for (i = 6; i <= 13; i++) { 260 1.1 christos if (keyTemplate[i].pValue != NULL) { 261 1.1 christos { 262 1.1 christos isc_safe_memwipe(keyTemplate[i].pValue, 263 1.1 christos keyTemplate[i].ulValueLen); 264 1.1 christos isc_mem_put(dctx->mctx, keyTemplate[i].pValue, 265 1.1 christos keyTemplate[i].ulValueLen); 266 1.1 christos } 267 1.1 christos } 268 1.1 christos } 269 1.1 christos pk11_return_session(pk11_ctx); 270 1.1 christos isc_safe_memwipe(pk11_ctx, sizeof(*pk11_ctx)); 271 1.1 christos isc_mem_put(dctx->mctx, pk11_ctx, sizeof(*pk11_ctx)); 272 1.1 christos 273 1.1 christos return (ret); 274 1.1 christos } 275 1.1 christos 276 1.1 christos static isc_result_t 277 1.1 christos pkcs11rsa_createctx_verify(dst_key_t *key, unsigned int maxbits, 278 1.1 christos dst_context_t *dctx) { 279 1.1 christos CK_RV rv; 280 1.1 christos CK_MECHANISM mech = { 0, NULL, 0 }; 281 1.1 christos CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY; 282 1.1 christos CK_KEY_TYPE keyType = CKK_RSA; 283 1.1 christos CK_ATTRIBUTE keyTemplate[] = { 284 1.1 christos { CKA_CLASS, &keyClass, (CK_ULONG)sizeof(keyClass) }, 285 1.1 christos { CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) }, 286 1.1 christos { CKA_TOKEN, &falsevalue, (CK_ULONG)sizeof(falsevalue) }, 287 1.1 christos { CKA_PRIVATE, &falsevalue, (CK_ULONG)sizeof(falsevalue) }, 288 1.1 christos { CKA_VERIFY, &truevalue, (CK_ULONG)sizeof(truevalue) }, 289 1.1 christos { CKA_MODULUS, NULL, 0 }, 290 1.1 christos { CKA_PUBLIC_EXPONENT, NULL, 0 }, 291 1.1 christos }; 292 1.1 christos CK_ATTRIBUTE *attr; 293 1.1 christos pk11_object_t *rsa; 294 1.1 christos pk11_context_t *pk11_ctx; 295 1.1 christos isc_result_t ret; 296 1.1 christos unsigned int i; 297 1.1 christos 298 1.1 christos REQUIRE(key->key_alg == DST_ALG_RSASHA1 || 299 1.1 christos key->key_alg == DST_ALG_NSEC3RSASHA1 || 300 1.1 christos key->key_alg == DST_ALG_RSASHA256 || 301 1.1 christos key->key_alg == DST_ALG_RSASHA512); 302 1.1 christos REQUIRE(maxbits <= RSA_MAX_PUBEXP_BITS); 303 1.1 christos 304 1.1 christos /* 305 1.1 christos * Reject incorrect RSA key lengths. 306 1.1 christos */ 307 1.1 christos switch (dctx->key->key_alg) { 308 1.1 christos case DST_ALG_RSASHA1: 309 1.1 christos case DST_ALG_NSEC3RSASHA1: 310 1.1 christos /* From RFC 3110 */ 311 1.1 christos if (dctx->key->key_size > 4096) { 312 1.1 christos return (ISC_R_FAILURE); 313 1.1 christos } 314 1.1 christos break; 315 1.1 christos case DST_ALG_RSASHA256: 316 1.1 christos /* From RFC 5702 */ 317 1.1 christos if ((dctx->key->key_size < 512) || (dctx->key->key_size > 4096)) 318 1.1 christos { 319 1.1 christos return (ISC_R_FAILURE); 320 1.1 christos } 321 1.1 christos break; 322 1.1 christos case DST_ALG_RSASHA512: 323 1.1 christos /* From RFC 5702 */ 324 1.1 christos if ((dctx->key->key_size < 1024) || 325 1.1 christos (dctx->key->key_size > 4096)) 326 1.1 christos { 327 1.1 christos return (ISC_R_FAILURE); 328 1.1 christos } 329 1.1 christos break; 330 1.1 christos default: 331 1.1 christos UNREACHABLE(); 332 1.1 christos } 333 1.1 christos 334 1.1 christos rsa = key->keydata.pkey; 335 1.1 christos 336 1.1 christos pk11_ctx = isc_mem_get(dctx->mctx, sizeof(*pk11_ctx)); 337 1.1 christos ret = pk11_get_session(pk11_ctx, OP_RSA, true, false, rsa->reqlogon, 338 1.1 christos NULL, pk11_get_best_token(OP_RSA)); 339 1.1 christos if (ret != ISC_R_SUCCESS) { 340 1.1 christos goto err; 341 1.1 christos } 342 1.1 christos 343 1.1 christos for (attr = pk11_attribute_first(rsa); attr != NULL; 344 1.1 christos attr = pk11_attribute_next(rsa, attr)) 345 1.1 christos { 346 1.1 christos unsigned int bits; 347 1.1 christos 348 1.1 christos switch (attr->type) { 349 1.1 christos case CKA_MODULUS: 350 1.1 christos INSIST(keyTemplate[5].type == attr->type); 351 1.1 christos keyTemplate[5].pValue = isc_mem_get(dctx->mctx, 352 1.1 christos attr->ulValueLen); 353 1.1 christos memmove(keyTemplate[5].pValue, attr->pValue, 354 1.1 christos attr->ulValueLen); 355 1.1 christos keyTemplate[5].ulValueLen = attr->ulValueLen; 356 1.1 christos break; 357 1.1 christos case CKA_PUBLIC_EXPONENT: 358 1.1 christos INSIST(keyTemplate[6].type == attr->type); 359 1.1 christos keyTemplate[6].pValue = isc_mem_get(dctx->mctx, 360 1.1 christos attr->ulValueLen); 361 1.1 christos memmove(keyTemplate[6].pValue, attr->pValue, 362 1.1 christos attr->ulValueLen); 363 1.1 christos keyTemplate[6].ulValueLen = attr->ulValueLen; 364 1.1 christos ret = pk11_numbits(attr->pValue, attr->ulValueLen, 365 1.1 christos &bits); 366 1.1 christos if (ret != ISC_R_SUCCESS || 367 1.1 christos (bits > maxbits && maxbits != 0)) 368 1.1 christos { 369 1.1 christos DST_RET(DST_R_VERIFYFAILURE); 370 1.1 christos } 371 1.1 christos break; 372 1.1 christos } 373 1.1 christos } 374 1.1 christos pk11_ctx->object = CK_INVALID_HANDLE; 375 1.1 christos pk11_ctx->ontoken = false; 376 1.1 christos PK11_RET(pkcs_C_CreateObject, 377 1.1 christos (pk11_ctx->session, keyTemplate, (CK_ULONG)7, 378 1.1 christos &pk11_ctx->object), 379 1.1 christos ISC_R_FAILURE); 380 1.1 christos 381 1.1 christos switch (dctx->key->key_alg) { 382 1.1 christos case DST_ALG_RSASHA1: 383 1.1 christos case DST_ALG_NSEC3RSASHA1: 384 1.1 christos mech.mechanism = CKM_SHA1_RSA_PKCS; 385 1.1 christos break; 386 1.1 christos case DST_ALG_RSASHA256: 387 1.1 christos mech.mechanism = CKM_SHA256_RSA_PKCS; 388 1.1 christos break; 389 1.1 christos case DST_ALG_RSASHA512: 390 1.1 christos mech.mechanism = CKM_SHA512_RSA_PKCS; 391 1.1 christos break; 392 1.1 christos default: 393 1.1 christos UNREACHABLE(); 394 1.1 christos } 395 1.1 christos 396 1.1 christos PK11_RET(pkcs_C_VerifyInit, 397 1.1 christos (pk11_ctx->session, &mech, pk11_ctx->object), ISC_R_FAILURE); 398 1.1 christos 399 1.1 christos dctx->ctxdata.pk11_ctx = pk11_ctx; 400 1.1 christos 401 1.1 christos for (i = 5; i <= 6; i++) { 402 1.1 christos if (keyTemplate[i].pValue != NULL) { 403 1.1 christos { 404 1.1 christos isc_safe_memwipe(keyTemplate[i].pValue, 405 1.1 christos keyTemplate[i].ulValueLen); 406 1.1 christos isc_mem_put(dctx->mctx, keyTemplate[i].pValue, 407 1.1 christos keyTemplate[i].ulValueLen); 408 1.1 christos } 409 1.1 christos } 410 1.1 christos } 411 1.1 christos 412 1.1 christos return (ISC_R_SUCCESS); 413 1.1 christos 414 1.1 christos err: 415 1.1 christos if (!pk11_ctx->ontoken && (pk11_ctx->object != CK_INVALID_HANDLE)) { 416 1.1 christos (void)pkcs_C_DestroyObject(pk11_ctx->session, pk11_ctx->object); 417 1.1 christos } 418 1.1 christos for (i = 5; i <= 6; i++) { 419 1.1 christos if (keyTemplate[i].pValue != NULL) { 420 1.1 christos { 421 1.1 christos isc_safe_memwipe(keyTemplate[i].pValue, 422 1.1 christos keyTemplate[i].ulValueLen); 423 1.1 christos isc_mem_put(dctx->mctx, keyTemplate[i].pValue, 424 1.1 christos keyTemplate[i].ulValueLen); 425 1.1 christos } 426 1.1 christos } 427 1.1 christos } 428 1.1 christos pk11_return_session(pk11_ctx); 429 1.1 christos isc_safe_memwipe(pk11_ctx, sizeof(*pk11_ctx)); 430 1.1 christos isc_mem_put(dctx->mctx, pk11_ctx, sizeof(*pk11_ctx)); 431 1.1 christos 432 1.1 christos return (ret); 433 1.1 christos } 434 1.1 christos 435 1.1 christos static isc_result_t 436 1.1 christos pkcs11rsa_createctx(dst_key_t *key, dst_context_t *dctx) { 437 1.1 christos if (dctx->use == DO_SIGN) { 438 1.1 christos return (pkcs11rsa_createctx_sign(key, dctx)); 439 1.1 christos } else { 440 1.1 christos return (pkcs11rsa_createctx_verify(key, 0U, dctx)); 441 1.1 christos } 442 1.1 christos } 443 1.1 christos 444 1.1 christos static isc_result_t 445 1.1 christos pkcs11rsa_createctx2(dst_key_t *key, int maxbits, dst_context_t *dctx) { 446 1.1 christos if (dctx->use == DO_SIGN) { 447 1.1 christos return (pkcs11rsa_createctx_sign(key, dctx)); 448 1.1 christos } else { 449 1.1 christos return (pkcs11rsa_createctx_verify(key, (unsigned)maxbits, 450 1.1 christos dctx)); 451 1.1 christos } 452 1.1 christos } 453 1.1 christos 454 1.1 christos static void 455 1.1 christos pkcs11rsa_destroyctx(dst_context_t *dctx) { 456 1.1 christos pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx; 457 1.1 christos 458 1.1 christos if (pk11_ctx != NULL) { 459 1.1 christos if (!pk11_ctx->ontoken && 460 1.1 christos (pk11_ctx->object != CK_INVALID_HANDLE)) 461 1.1 christos { 462 1.1 christos (void)pkcs_C_DestroyObject(pk11_ctx->session, 463 1.1 christos pk11_ctx->object); 464 1.1 christos } 465 1.1 christos pk11_return_session(pk11_ctx); 466 1.1 christos isc_safe_memwipe(pk11_ctx, sizeof(*pk11_ctx)); 467 1.1 christos isc_mem_put(dctx->mctx, pk11_ctx, sizeof(*pk11_ctx)); 468 1.1 christos dctx->ctxdata.pk11_ctx = NULL; 469 1.1 christos } 470 1.1 christos } 471 1.1 christos 472 1.1 christos static isc_result_t 473 1.1 christos pkcs11rsa_adddata(dst_context_t *dctx, const isc_region_t *data) { 474 1.1 christos CK_RV rv; 475 1.1 christos pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx; 476 1.1 christos isc_result_t ret = ISC_R_SUCCESS; 477 1.1 christos 478 1.1 christos if (dctx->use == DO_SIGN) { 479 1.1 christos PK11_CALL(pkcs_C_SignUpdate, 480 1.1 christos (pk11_ctx->session, (CK_BYTE_PTR)data->base, 481 1.1 christos (CK_ULONG)data->length), 482 1.1 christos ISC_R_FAILURE); 483 1.1 christos } else { 484 1.1 christos PK11_CALL(pkcs_C_VerifyUpdate, 485 1.1 christos (pk11_ctx->session, (CK_BYTE_PTR)data->base, 486 1.1 christos (CK_ULONG)data->length), 487 1.1 christos ISC_R_FAILURE); 488 1.1 christos } 489 1.1 christos return (ret); 490 1.1 christos } 491 1.1 christos 492 1.1 christos static isc_result_t 493 1.1 christos pkcs11rsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { 494 1.1 christos CK_RV rv; 495 1.1 christos CK_ULONG siglen = 0; 496 1.1 christos isc_region_t r; 497 1.1 christos pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx; 498 1.1 christos isc_result_t ret = ISC_R_SUCCESS; 499 1.1 christos 500 1.1 christos PK11_RET(pkcs_C_SignFinal, (pk11_ctx->session, NULL, &siglen), 501 1.1 christos DST_R_SIGNFAILURE); 502 1.1 christos 503 1.1 christos isc_buffer_availableregion(sig, &r); 504 1.1 christos 505 1.1 christos if (r.length < (unsigned int)siglen) { 506 1.1 christos return (ISC_R_NOSPACE); 507 1.1 christos } 508 1.1 christos 509 1.1 christos PK11_RET(pkcs_C_SignFinal, 510 1.1 christos (pk11_ctx->session, (CK_BYTE_PTR)r.base, &siglen), 511 1.1 christos DST_R_SIGNFAILURE); 512 1.1 christos 513 1.1 christos isc_buffer_add(sig, (unsigned int)siglen); 514 1.1 christos 515 1.1 christos err: 516 1.1 christos return (ret); 517 1.1 christos } 518 1.1 christos 519 1.1 christos static isc_result_t 520 1.1 christos pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) { 521 1.1 christos CK_RV rv; 522 1.1 christos pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx; 523 1.1 christos isc_result_t ret = ISC_R_SUCCESS; 524 1.1 christos 525 1.1 christos PK11_CALL(pkcs_C_VerifyFinal, 526 1.1 christos (pk11_ctx->session, (CK_BYTE_PTR)sig->base, 527 1.1 christos (CK_ULONG)sig->length), 528 1.1 christos DST_R_VERIFYFAILURE); 529 1.1 christos return (ret); 530 1.1 christos } 531 1.1 christos 532 1.1 christos #else /* ifndef PK11_RSA_PKCS_REPLACE */ 533 1.1 christos 534 1.1 christos /* 535 1.1 christos * CKM_<hash>_RSA_PKCS mechanisms are not available so fall back 536 1.1 christos * to CKM_RSA_PKCS and do the EMSA-PKCS#1-v1.5 encapsulation by hand. 537 1.1 christos */ 538 1.1 christos 539 1.1 christos CK_BYTE md5_der[] = { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 540 1.1 christos 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 }; 541 1.1 christos CK_BYTE sha1_der[] = { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 542 1.1 christos 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 }; 543 1.1 christos CK_BYTE sha256_der[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 544 1.1 christos 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 545 1.1 christos 0x01, 0x05, 0x00, 0x04, 0x20 }; 546 1.1 christos CK_BYTE sha512_der[] = { 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 547 1.1 christos 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 548 1.1 christos 0x03, 0x05, 0x00, 0x04, 0x40 }; 549 1.1 christos #define MAX_DER_SIZE 19 550 1.1 christos #define MIN_PKCS1_PADLEN 11 551 1.1 christos 552 1.1 christos static isc_result_t 553 1.1 christos pkcs11rsa_createctx(dst_key_t *key, dst_context_t *dctx) { 554 1.1 christos CK_RV rv; 555 1.1 christos CK_MECHANISM mech = { 0, NULL, 0 }; 556 1.1 christos CK_SLOT_ID slotid; 557 1.1 christos pk11_object_t *rsa = key->keydata.pkey; 558 1.1 christos pk11_context_t *pk11_ctx; 559 1.1 christos isc_result_t ret; 560 1.1 christos 561 1.1 christos REQUIRE(key->key_alg == DST_ALG_RSASHA1 || 562 1.1 christos key->key_alg == DST_ALG_NSEC3RSASHA1 || 563 1.1 christos key->key_alg == DST_ALG_RSASHA256 || 564 1.1 christos key->key_alg == DST_ALG_RSASHA512); 565 1.1 christos REQUIRE(rsa != NULL); 566 1.1 christos 567 1.1 christos /* 568 1.1 christos * Reject incorrect RSA key lengths. 569 1.1 christos */ 570 1.1 christos switch (dctx->key->key_alg) { 571 1.1 christos case DST_ALG_RSASHA1: 572 1.1 christos case DST_ALG_NSEC3RSASHA1: 573 1.1 christos /* From RFC 3110 */ 574 1.1 christos if (dctx->key->key_size > 4096) { 575 1.1 christos return (ISC_R_FAILURE); 576 1.1 christos } 577 1.1 christos break; 578 1.1 christos case DST_ALG_RSASHA256: 579 1.1 christos /* From RFC 5702 */ 580 1.1 christos if ((dctx->key->key_size < 512) || (dctx->key->key_size > 4096)) 581 1.1 christos { 582 1.1 christos return (ISC_R_FAILURE); 583 1.1 christos } 584 1.1 christos break; 585 1.1 christos case DST_ALG_RSASHA512: 586 1.1 christos /* From RFC 5702 */ 587 1.1 christos if ((dctx->key->key_size < 1024) || 588 1.1 christos (dctx->key->key_size > 4096)) 589 1.1 christos { 590 1.1 christos return (ISC_R_FAILURE); 591 1.1 christos } 592 1.1 christos break; 593 1.1 christos default: 594 1.1 christos UNREACHABLE(); 595 1.1 christos } 596 1.1 christos 597 1.1 christos switch (key->key_alg) { 598 1.1 christos case DST_ALG_RSASHA1: 599 1.1 christos case DST_ALG_NSEC3RSASHA1: 600 1.1 christos mech.mechanism = CKM_SHA_1; 601 1.1 christos break; 602 1.1 christos case DST_ALG_RSASHA256: 603 1.1 christos mech.mechanism = CKM_SHA256; 604 1.1 christos break; 605 1.1 christos case DST_ALG_RSASHA512: 606 1.1 christos mech.mechanism = CKM_SHA512; 607 1.1 christos break; 608 1.1 christos default: 609 1.1 christos UNREACHABLE(); 610 1.1 christos } 611 1.1 christos 612 1.1 christos pk11_ctx = isc_mem_get(dctx->mctx, sizeof(*pk11_ctx)); 613 1.1 christos memset(pk11_ctx, 0, sizeof(*pk11_ctx)); 614 1.1 christos if (rsa->ontoken) { 615 1.1 christos slotid = rsa->slot; 616 1.1 christos } else { 617 1.1 christos slotid = pk11_get_best_token(OP_RSA); 618 1.1 christos } 619 1.1 christos ret = pk11_get_session(pk11_ctx, OP_RSA, true, false, rsa->reqlogon, 620 1.1 christos NULL, slotid); 621 1.1 christos if (ret != ISC_R_SUCCESS) { 622 1.1 christos goto err; 623 1.1 christos } 624 1.1 christos 625 1.1 christos PK11_RET(pkcs_C_DigestInit, (pk11_ctx->session, &mech), ISC_R_FAILURE); 626 1.1 christos dctx->ctxdata.pk11_ctx = pk11_ctx; 627 1.1 christos return (ISC_R_SUCCESS); 628 1.1 christos 629 1.1 christos err: 630 1.1 christos pk11_return_session(pk11_ctx); 631 1.1 christos isc_safe_memwipe(pk11_ctx, sizeof(*pk11_ctx)); 632 1.1 christos isc_mem_put(dctx->mctx, pk11_ctx, sizeof(*pk11_ctx)); 633 1.1 christos 634 1.1 christos return (ret); 635 1.1 christos } 636 1.1 christos 637 1.1 christos static void 638 1.1 christos pkcs11rsa_destroyctx(dst_context_t *dctx) { 639 1.1 christos CK_BYTE garbage[ISC_SHA512_DIGESTLENGTH]; 640 1.1 christos CK_ULONG len = ISC_SHA512_DIGESTLENGTH; 641 1.1 christos pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx; 642 1.1 christos 643 1.1 christos if (pk11_ctx != NULL) { 644 1.1 christos (void)pkcs_C_DigestFinal(pk11_ctx->session, garbage, &len); 645 1.1 christos isc_safe_memwipe(garbage, sizeof(garbage)); 646 1.1 christos pk11_return_session(pk11_ctx); 647 1.1 christos isc_safe_memwipe(pk11_ctx, sizeof(*pk11_ctx)); 648 1.1 christos isc_mem_put(dctx->mctx, pk11_ctx, sizeof(*pk11_ctx)); 649 1.1 christos dctx->ctxdata.pk11_ctx = NULL; 650 1.1 christos } 651 1.1 christos } 652 1.1 christos 653 1.1 christos static isc_result_t 654 1.1 christos pkcs11rsa_adddata(dst_context_t *dctx, const isc_region_t *data) { 655 1.1 christos CK_RV rv; 656 1.1 christos pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx; 657 1.1 christos isc_result_t ret = ISC_R_SUCCESS; 658 1.1 christos 659 1.1 christos PK11_CALL(pkcs_C_DigestUpdate, 660 1.1 christos (pk11_ctx->session, (CK_BYTE_PTR)data->base, 661 1.1 christos (CK_ULONG)data->length), 662 1.1 christos ISC_R_FAILURE); 663 1.1 christos 664 1.1 christos return (ret); 665 1.1 christos } 666 1.1 christos 667 1.1 christos static isc_result_t 668 1.1 christos pkcs11rsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { 669 1.1 christos CK_RV rv; 670 1.1 christos CK_MECHANISM mech = { CKM_RSA_PKCS, NULL, 0 }; 671 1.1 christos CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE; 672 1.1 christos CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY; 673 1.1 christos CK_KEY_TYPE keyType = CKK_RSA; 674 1.1 christos CK_ATTRIBUTE keyTemplate[] = { 675 1.1 christos { CKA_CLASS, &keyClass, (CK_ULONG)sizeof(keyClass) }, 676 1.1 christos { CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) }, 677 1.1 christos { CKA_TOKEN, &falsevalue, (CK_ULONG)sizeof(falsevalue) }, 678 1.1 christos { CKA_PRIVATE, &falsevalue, (CK_ULONG)sizeof(falsevalue) }, 679 1.1 christos { CKA_SENSITIVE, &falsevalue, (CK_ULONG)sizeof(falsevalue) }, 680 1.1 christos { CKA_SIGN, &truevalue, (CK_ULONG)sizeof(truevalue) }, 681 1.1 christos { CKA_MODULUS, NULL, 0 }, 682 1.1 christos { CKA_PUBLIC_EXPONENT, NULL, 0 }, 683 1.1 christos { CKA_PRIVATE_EXPONENT, NULL, 0 }, 684 1.1 christos { CKA_PRIME_1, NULL, 0 }, 685 1.1 christos { CKA_PRIME_2, NULL, 0 }, 686 1.1 christos { CKA_EXPONENT_1, NULL, 0 }, 687 1.1 christos { CKA_EXPONENT_2, NULL, 0 }, 688 1.1 christos { CKA_COEFFICIENT, NULL, 0 } 689 1.1 christos }; 690 1.1 christos CK_ATTRIBUTE *attr; 691 1.1 christos CK_BYTE digest[MAX_DER_SIZE + ISC_SHA512_DIGESTLENGTH]; 692 1.1 christos CK_BYTE *der; 693 1.1 christos CK_ULONG derlen; 694 1.1 christos CK_ULONG hashlen; 695 1.1 christos CK_ULONG dgstlen; 696 1.1 christos CK_ULONG siglen = 0; 697 1.1 christos pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx; 698 1.1 christos dst_key_t *key = dctx->key; 699 1.1 christos pk11_object_t *rsa = key->keydata.pkey; 700 1.1 christos isc_region_t r; 701 1.1 christos isc_result_t ret = ISC_R_SUCCESS; 702 1.1 christos unsigned int i; 703 1.1 christos 704 1.1 christos REQUIRE(key->key_alg == DST_ALG_RSASHA1 || 705 1.1 christos key->key_alg == DST_ALG_NSEC3RSASHA1 || 706 1.1 christos key->key_alg == DST_ALG_RSASHA256 || 707 1.1 christos key->key_alg == DST_ALG_RSASHA512); 708 1.1 christos REQUIRE(rsa != NULL); 709 1.1 christos 710 1.1 christos /* 711 1.1 christos * Reject incorrect RSA key lengths. 712 1.1 christos */ 713 1.1 christos switch (dctx->key->key_alg) { 714 1.1 christos case DST_ALG_RSASHA1: 715 1.1 christos case DST_ALG_NSEC3RSASHA1: 716 1.1 christos /* From RFC 3110 */ 717 1.1 christos if (dctx->key->key_size > 4096) { 718 1.1 christos return (ISC_R_FAILURE); 719 1.1 christos } 720 1.1 christos break; 721 1.1 christos case DST_ALG_RSASHA256: 722 1.1 christos /* From RFC 5702 */ 723 1.1 christos if ((dctx->key->key_size < 512) || (dctx->key->key_size > 4096)) 724 1.1 christos { 725 1.1 christos return (ISC_R_FAILURE); 726 1.1 christos } 727 1.1 christos break; 728 1.1 christos case DST_ALG_RSASHA512: 729 1.1 christos /* From RFC 5702 */ 730 1.1 christos if ((dctx->key->key_size < 1024) || 731 1.1 christos (dctx->key->key_size > 4096)) 732 1.1 christos { 733 1.1 christos return (ISC_R_FAILURE); 734 1.1 christos } 735 1.1 christos break; 736 1.1 christos default: 737 1.1 christos UNREACHABLE(); 738 1.1 christos } 739 1.1 christos 740 1.1 christos switch (key->key_alg) { 741 1.1 christos case DST_ALG_RSASHA1: 742 1.1 christos case DST_ALG_NSEC3RSASHA1: 743 1.1 christos der = sha1_der; 744 1.1 christos derlen = sizeof(sha1_der); 745 1.1 christos hashlen = ISC_SHA1_DIGESTLENGTH; 746 1.1 christos break; 747 1.1 christos case DST_ALG_RSASHA256: 748 1.1 christos der = sha256_der; 749 1.1 christos derlen = sizeof(sha256_der); 750 1.1 christos hashlen = ISC_SHA256_DIGESTLENGTH; 751 1.1 christos break; 752 1.1 christos case DST_ALG_RSASHA512: 753 1.1 christos der = sha512_der; 754 1.1 christos derlen = sizeof(sha512_der); 755 1.1 christos hashlen = ISC_SHA512_DIGESTLENGTH; 756 1.1 christos break; 757 1.1 christos default: 758 1.1 christos UNREACHABLE(); 759 1.1 christos } 760 1.1 christos dgstlen = derlen + hashlen; 761 1.1 christos INSIST(dgstlen <= sizeof(digest)); 762 1.1 christos memmove(digest, der, derlen); 763 1.1 christos 764 1.1 christos PK11_RET(pkcs_C_DigestFinal, 765 1.1 christos (pk11_ctx->session, digest + derlen, &hashlen), 766 1.1 christos DST_R_SIGNFAILURE); 767 1.1 christos 768 1.1 christos isc_buffer_availableregion(sig, &r); 769 1.1 christos if (r.length < (unsigned int)dgstlen + MIN_PKCS1_PADLEN) { 770 1.1 christos return (ISC_R_NOSPACE); 771 1.1 christos } 772 1.1 christos 773 1.1 christos if (rsa->ontoken && (rsa->object != CK_INVALID_HANDLE)) { 774 1.1 christos pk11_ctx->ontoken = rsa->ontoken; 775 1.1 christos pk11_ctx->object = rsa->object; 776 1.1 christos goto token_key; 777 1.1 christos } 778 1.1 christos 779 1.1 christos for (attr = pk11_attribute_first(rsa); attr != NULL; 780 1.1 christos attr = pk11_attribute_next(rsa, attr)) 781 1.1 christos { 782 1.1 christos switch (attr->type) { 783 1.1 christos case CKA_MODULUS: 784 1.1 christos INSIST(keyTemplate[6].type == attr->type); 785 1.1 christos keyTemplate[6].pValue = isc_mem_get(dctx->mctx, 786 1.1 christos attr->ulValueLen); 787 1.1 christos memmove(keyTemplate[6].pValue, attr->pValue, 788 1.1 christos attr->ulValueLen); 789 1.1 christos keyTemplate[6].ulValueLen = attr->ulValueLen; 790 1.1 christos break; 791 1.1 christos case CKA_PUBLIC_EXPONENT: 792 1.1 christos INSIST(keyTemplate[7].type == attr->type); 793 1.1 christos keyTemplate[7].pValue = isc_mem_get(dctx->mctx, 794 1.1 christos attr->ulValueLen); 795 1.1 christos memmove(keyTemplate[7].pValue, attr->pValue, 796 1.1 christos attr->ulValueLen); 797 1.1 christos keyTemplate[7].ulValueLen = attr->ulValueLen; 798 1.1 christos break; 799 1.1 christos case CKA_PRIVATE_EXPONENT: 800 1.1 christos INSIST(keyTemplate[8].type == attr->type); 801 1.1 christos keyTemplate[8].pValue = isc_mem_get(dctx->mctx, 802 1.1 christos attr->ulValueLen); 803 1.1 christos memmove(keyTemplate[8].pValue, attr->pValue, 804 1.1 christos attr->ulValueLen); 805 1.1 christos keyTemplate[8].ulValueLen = attr->ulValueLen; 806 1.1 christos break; 807 1.1 christos case CKA_PRIME_1: 808 1.1 christos INSIST(keyTemplate[9].type == attr->type); 809 1.1 christos keyTemplate[9].pValue = isc_mem_get(dctx->mctx, 810 1.1 christos attr->ulValueLen); 811 1.1 christos memmove(keyTemplate[9].pValue, attr->pValue, 812 1.1 christos attr->ulValueLen); 813 1.1 christos keyTemplate[9].ulValueLen = attr->ulValueLen; 814 1.1 christos break; 815 1.1 christos case CKA_PRIME_2: 816 1.1 christos INSIST(keyTemplate[10].type == attr->type); 817 1.1 christos keyTemplate[10].pValue = isc_mem_get(dctx->mctx, 818 1.1 christos attr->ulValueLen); 819 1.1 christos memmove(keyTemplate[10].pValue, attr->pValue, 820 1.1 christos attr->ulValueLen); 821 1.1 christos keyTemplate[10].ulValueLen = attr->ulValueLen; 822 1.1 christos break; 823 1.1 christos case CKA_EXPONENT_1: 824 1.1 christos INSIST(keyTemplate[11].type == attr->type); 825 1.1 christos keyTemplate[11].pValue = isc_mem_get(dctx->mctx, 826 1.1 christos attr->ulValueLen); 827 1.1 christos memmove(keyTemplate[11].pValue, attr->pValue, 828 1.1 christos attr->ulValueLen); 829 1.1 christos keyTemplate[11].ulValueLen = attr->ulValueLen; 830 1.1 christos break; 831 1.1 christos case CKA_EXPONENT_2: 832 1.1 christos INSIST(keyTemplate[12].type == attr->type); 833 1.1 christos keyTemplate[12].pValue = isc_mem_get(dctx->mctx, 834 1.1 christos attr->ulValueLen); 835 1.1 christos memmove(keyTemplate[12].pValue, attr->pValue, 836 1.1 christos attr->ulValueLen); 837 1.1 christos keyTemplate[12].ulValueLen = attr->ulValueLen; 838 1.1 christos break; 839 1.1 christos case CKA_COEFFICIENT: 840 1.1 christos INSIST(keyTemplate[13].type == attr->type); 841 1.1 christos keyTemplate[13].pValue = isc_mem_get(dctx->mctx, 842 1.1 christos attr->ulValueLen); 843 1.1 christos memmove(keyTemplate[13].pValue, attr->pValue, 844 1.1 christos attr->ulValueLen); 845 1.1 christos keyTemplate[13].ulValueLen = attr->ulValueLen; 846 1.1 christos break; 847 1.1 christos } 848 1.1 christos } 849 1.1 christos pk11_ctx->object = CK_INVALID_HANDLE; 850 1.1 christos pk11_ctx->ontoken = false; 851 1.1 christos PK11_RET(pkcs_C_CreateObject, 852 1.1 christos (pk11_ctx->session, keyTemplate, (CK_ULONG)14, &hKey), 853 1.1 christos ISC_R_FAILURE); 854 1.1 christos 855 1.1 christos token_key: 856 1.1 christos 857 1.1 christos PK11_RET(pkcs_C_SignInit, 858 1.1 christos (pk11_ctx->session, &mech, 859 1.1 christos pk11_ctx->ontoken ? pk11_ctx->object : hKey), 860 1.1 christos ISC_R_FAILURE); 861 1.1 christos 862 1.1 christos PK11_RET(pkcs_C_Sign, 863 1.1 christos (pk11_ctx->session, digest, dgstlen, NULL, &siglen), 864 1.1 christos DST_R_SIGNFAILURE); 865 1.1 christos 866 1.1 christos if (r.length < (unsigned int)siglen) { 867 1.1 christos return (ISC_R_NOSPACE); 868 1.1 christos } 869 1.1 christos 870 1.1 christos PK11_RET(pkcs_C_Sign, 871 1.1 christos (pk11_ctx->session, digest, dgstlen, (CK_BYTE_PTR)r.base, 872 1.1 christos &siglen), 873 1.1 christos DST_R_SIGNFAILURE); 874 1.1 christos 875 1.1 christos isc_buffer_add(sig, (unsigned int)siglen); 876 1.1 christos 877 1.1 christos err: 878 1.1 christos if (hKey != CK_INVALID_HANDLE) { 879 1.1 christos (void)pkcs_C_DestroyObject(pk11_ctx->session, hKey); 880 1.1 christos } 881 1.1 christos for (i = 6; i <= 13; i++) { 882 1.1 christos if (keyTemplate[i].pValue != NULL) { 883 1.1 christos { 884 1.1 christos isc_safe_memwipe(keyTemplate[i].pValue, 885 1.1 christos keyTemplate[i].ulValueLen); 886 1.1 christos isc_mem_put(dctx->mctx, keyTemplate[i].pValue, 887 1.1 christos keyTemplate[i].ulValueLen); 888 1.1 christos } 889 1.1 christos } 890 1.1 christos } 891 1.1 christos pk11_return_session(pk11_ctx); 892 1.1 christos isc_safe_memwipe(pk11_ctx, sizeof(*pk11_ctx)); 893 1.1 christos isc_mem_put(dctx->mctx, pk11_ctx, sizeof(*pk11_ctx)); 894 1.1 christos dctx->ctxdata.pk11_ctx = NULL; 895 1.1 christos 896 1.1 christos return (ret); 897 1.1 christos } 898 1.1 christos 899 1.1 christos static isc_result_t 900 1.1 christos pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) { 901 1.1 christos CK_RV rv; 902 1.1 christos CK_MECHANISM mech = { CKM_RSA_PKCS, NULL, 0 }; 903 1.1 christos CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE; 904 1.1 christos CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY; 905 1.1 christos CK_KEY_TYPE keyType = CKK_RSA; 906 1.1 christos CK_ATTRIBUTE keyTemplate[] = { 907 1.1 christos { CKA_CLASS, &keyClass, (CK_ULONG)sizeof(keyClass) }, 908 1.1 christos { CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) }, 909 1.1 christos { CKA_TOKEN, &falsevalue, (CK_ULONG)sizeof(falsevalue) }, 910 1.1 christos { CKA_PRIVATE, &falsevalue, (CK_ULONG)sizeof(falsevalue) }, 911 1.1 christos { CKA_VERIFY, &truevalue, (CK_ULONG)sizeof(truevalue) }, 912 1.1 christos { CKA_MODULUS, NULL, 0 }, 913 1.1 christos { CKA_PUBLIC_EXPONENT, NULL, 0 }, 914 1.1 christos }; 915 1.1 christos CK_ATTRIBUTE *attr; 916 1.1 christos CK_BYTE digest[MAX_DER_SIZE + ISC_SHA512_DIGESTLENGTH]; 917 1.1 christos CK_BYTE *der; 918 1.1 christos CK_ULONG derlen; 919 1.1 christos CK_ULONG hashlen; 920 1.1 christos CK_ULONG dgstlen; 921 1.1 christos pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx; 922 1.1 christos dst_key_t *key = dctx->key; 923 1.1 christos pk11_object_t *rsa = key->keydata.pkey; 924 1.1 christos isc_result_t ret = ISC_R_SUCCESS; 925 1.1 christos unsigned int i; 926 1.1 christos 927 1.1 christos REQUIRE(key->key_alg == DST_ALG_RSASHA1 || 928 1.1 christos key->key_alg == DST_ALG_NSEC3RSASHA1 || 929 1.1 christos key->key_alg == DST_ALG_RSASHA256 || 930 1.1 christos key->key_alg == DST_ALG_RSASHA512); 931 1.1 christos REQUIRE(rsa != NULL); 932 1.1 christos 933 1.1 christos switch (key->key_alg) { 934 1.1 christos case DST_ALG_RSASHA1: 935 1.1 christos case DST_ALG_NSEC3RSASHA1: 936 1.1 christos der = sha1_der; 937 1.1 christos derlen = sizeof(sha1_der); 938 1.1 christos hashlen = ISC_SHA1_DIGESTLENGTH; 939 1.1 christos break; 940 1.1 christos case DST_ALG_RSASHA256: 941 1.1 christos der = sha256_der; 942 1.1 christos derlen = sizeof(sha256_der); 943 1.1 christos hashlen = ISC_SHA256_DIGESTLENGTH; 944 1.1 christos break; 945 1.1 christos case DST_ALG_RSASHA512: 946 1.1 christos der = sha512_der; 947 1.1 christos derlen = sizeof(sha512_der); 948 1.1 christos hashlen = ISC_SHA512_DIGESTLENGTH; 949 1.1 christos break; 950 1.1 christos default: 951 1.1 christos UNREACHABLE(); 952 1.1 christos } 953 1.1 christos dgstlen = derlen + hashlen; 954 1.1 christos INSIST(dgstlen <= sizeof(digest)); 955 1.1 christos memmove(digest, der, derlen); 956 1.1 christos 957 1.1 christos PK11_RET(pkcs_C_DigestFinal, 958 1.1 christos (pk11_ctx->session, digest + derlen, &hashlen), 959 1.1 christos DST_R_SIGNFAILURE); 960 1.1 christos 961 1.1 christos for (attr = pk11_attribute_first(rsa); attr != NULL; 962 1.1 christos attr = pk11_attribute_next(rsa, attr)) 963 1.1 christos { 964 1.1 christos unsigned int bits; 965 1.1 christos 966 1.1 christos switch (attr->type) { 967 1.1 christos case CKA_MODULUS: 968 1.1 christos INSIST(keyTemplate[5].type == attr->type); 969 1.1 christos keyTemplate[5].pValue = isc_mem_get(dctx->mctx, 970 1.1 christos attr->ulValueLen); 971 1.1 christos memmove(keyTemplate[5].pValue, attr->pValue, 972 1.1 christos attr->ulValueLen); 973 1.1 christos keyTemplate[5].ulValueLen = attr->ulValueLen; 974 1.1 christos break; 975 1.1 christos case CKA_PUBLIC_EXPONENT: 976 1.1 christos INSIST(keyTemplate[6].type == attr->type); 977 1.1 christos keyTemplate[6].pValue = isc_mem_get(dctx->mctx, 978 1.1 christos attr->ulValueLen); 979 1.1 christos memmove(keyTemplate[6].pValue, attr->pValue, 980 1.1 christos attr->ulValueLen); 981 1.1 christos keyTemplate[6].ulValueLen = attr->ulValueLen; 982 1.1 christos ret = pk11_numbits(attr->pValue, attr->ulValueLen, 983 1.1 christos &bits); 984 1.1 christos if (ret != ISC_R_SUCCESS || bits > RSA_MAX_PUBEXP_BITS) 985 1.1 christos { 986 1.1 christos DST_RET(DST_R_VERIFYFAILURE); 987 1.1 christos } 988 1.1 christos break; 989 1.1 christos } 990 1.1 christos } 991 1.1 christos pk11_ctx->object = CK_INVALID_HANDLE; 992 1.1 christos pk11_ctx->ontoken = false; 993 1.1 christos PK11_RET(pkcs_C_CreateObject, 994 1.1 christos (pk11_ctx->session, keyTemplate, (CK_ULONG)7, &hKey), 995 1.1 christos ISC_R_FAILURE); 996 1.1 christos 997 1.1 christos PK11_RET(pkcs_C_VerifyInit, (pk11_ctx->session, &mech, hKey), 998 1.1 christos ISC_R_FAILURE); 999 1.1 christos 1000 1.1 christos PK11_RET(pkcs_C_Verify, 1001 1.1 christos (pk11_ctx->session, digest, dgstlen, (CK_BYTE_PTR)sig->base, 1002 1.1 christos (CK_ULONG)sig->length), 1003 1.1 christos DST_R_VERIFYFAILURE); 1004 1.1 christos 1005 1.1 christos err: 1006 1.1 christos if (hKey != CK_INVALID_HANDLE) { 1007 1.1 christos (void)pkcs_C_DestroyObject(pk11_ctx->session, hKey); 1008 1.1 christos } 1009 1.1 christos for (i = 5; i <= 6; i++) { 1010 1.1 christos if (keyTemplate[i].pValue != NULL) { 1011 1.1 christos { 1012 1.1 christos isc_safe_memwipe(keyTemplate[i].pValue, 1013 1.1 christos keyTemplate[i].ulValueLen); 1014 1.1 christos isc_mem_put(dctx->mctx, keyTemplate[i].pValue, 1015 1.1 christos keyTemplate[i].ulValueLen); 1016 1.1 christos } 1017 1.1 christos } 1018 1.1 christos } 1019 1.1 christos pk11_return_session(pk11_ctx); 1020 1.1 christos isc_safe_memwipe(pk11_ctx, sizeof(*pk11_ctx)); 1021 1.1 christos isc_mem_put(dctx->mctx, pk11_ctx, sizeof(*pk11_ctx)); 1022 1.1 christos dctx->ctxdata.pk11_ctx = NULL; 1023 1.1 christos 1024 1.1 christos return (ret); 1025 1.1 christos } 1026 1.1 christos #endif /* ifndef PK11_RSA_PKCS_REPLACE */ 1027 1.1 christos 1028 1.1 christos static bool 1029 1.1 christos pkcs11rsa_compare(const dst_key_t *key1, const dst_key_t *key2) { 1030 1.1 christos pk11_object_t *rsa1, *rsa2; 1031 1.1 christos CK_ATTRIBUTE *attr1, *attr2; 1032 1.1 christos 1033 1.1 christos rsa1 = key1->keydata.pkey; 1034 1.1 christos rsa2 = key2->keydata.pkey; 1035 1.1 christos 1036 1.1 christos if ((rsa1 == NULL) && (rsa2 == NULL)) { 1037 1.1 christos return (true); 1038 1.1 christos } else if ((rsa1 == NULL) || (rsa2 == NULL)) { 1039 1.1 christos return (false); 1040 1.1 christos } 1041 1.1 christos 1042 1.1 christos attr1 = pk11_attribute_bytype(rsa1, CKA_MODULUS); 1043 1.1 christos attr2 = pk11_attribute_bytype(rsa2, CKA_MODULUS); 1044 1.1 christos if ((attr1 == NULL) && (attr2 == NULL)) { 1045 1.1 christos return (true); 1046 1.1 christos } else if ((attr1 == NULL) || (attr2 == NULL) || 1047 1.1 christos (attr1->ulValueLen != attr2->ulValueLen) || 1048 1.1 christos !isc_safe_memequal(attr1->pValue, attr2->pValue, 1049 1.1 christos attr1->ulValueLen)) 1050 1.1 christos { 1051 1.1 christos return (false); 1052 1.1 christos } 1053 1.1 christos 1054 1.1 christos attr1 = pk11_attribute_bytype(rsa1, CKA_PUBLIC_EXPONENT); 1055 1.1 christos attr2 = pk11_attribute_bytype(rsa2, CKA_PUBLIC_EXPONENT); 1056 1.1 christos if ((attr1 == NULL) && (attr2 == NULL)) { 1057 1.1 christos return (true); 1058 1.1 christos } else if ((attr1 == NULL) || (attr2 == NULL) || 1059 1.1 christos (attr1->ulValueLen != attr2->ulValueLen) || 1060 1.1 christos !isc_safe_memequal(attr1->pValue, attr2->pValue, 1061 1.1 christos attr1->ulValueLen)) 1062 1.1 christos { 1063 1.1 christos return (false); 1064 1.1 christos } 1065 1.1 christos 1066 1.1 christos attr1 = pk11_attribute_bytype(rsa1, CKA_PRIVATE_EXPONENT); 1067 1.1 christos attr2 = pk11_attribute_bytype(rsa2, CKA_PRIVATE_EXPONENT); 1068 1.1 christos if (((attr1 != NULL) || (attr2 != NULL)) && 1069 1.1 christos ((attr1 == NULL) || (attr2 == NULL) || 1070 1.1 christos (attr1->ulValueLen != attr2->ulValueLen) || 1071 1.1 christos !isc_safe_memequal(attr1->pValue, attr2->pValue, 1072 1.1 christos attr1->ulValueLen))) 1073 1.1 christos { 1074 1.1 christos return (false); 1075 1.1 christos } 1076 1.1 christos 1077 1.1 christos if (!rsa1->ontoken && !rsa2->ontoken) { 1078 1.1 christos return (true); 1079 1.1 christos } else if (rsa1->ontoken || rsa2->ontoken || 1080 1.1 christos (rsa1->object != rsa2->object)) 1081 1.1 christos { 1082 1.1 christos return (false); 1083 1.1 christos } 1084 1.1 christos 1085 1.1 christos return (true); 1086 1.1 christos } 1087 1.1 christos 1088 1.1 christos static isc_result_t 1089 1.1 christos pkcs11rsa_generate(dst_key_t *key, int exp, void (*callback)(int)) { 1090 1.1 christos CK_RV rv; 1091 1.1 christos CK_MECHANISM mech = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL, 0 }; 1092 1.1 christos CK_OBJECT_HANDLE pub = CK_INVALID_HANDLE; 1093 1.1 christos CK_ULONG bits = 0; 1094 1.1 christos CK_BYTE pubexp[5]; 1095 1.1 christos CK_OBJECT_CLASS pubClass = CKO_PUBLIC_KEY; 1096 1.1 christos CK_KEY_TYPE keyType = CKK_RSA; 1097 1.1 christos CK_ATTRIBUTE pubTemplate[] = { 1098 1.1 christos { CKA_CLASS, &pubClass, (CK_ULONG)sizeof(pubClass) }, 1099 1.1 christos { CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) }, 1100 1.1 christos { CKA_TOKEN, &falsevalue, (CK_ULONG)sizeof(falsevalue) }, 1101 1.1 christos { CKA_PRIVATE, &falsevalue, (CK_ULONG)sizeof(falsevalue) }, 1102 1.1 christos { CKA_VERIFY, &truevalue, (CK_ULONG)sizeof(truevalue) }, 1103 1.1 christos { CKA_MODULUS_BITS, &bits, (CK_ULONG)sizeof(bits) }, 1104 1.1 christos { CKA_PUBLIC_EXPONENT, &pubexp, (CK_ULONG)sizeof(pubexp) } 1105 1.1 christos }; 1106 1.1 christos CK_OBJECT_HANDLE priv = CK_INVALID_HANDLE; 1107 1.1 christos CK_OBJECT_CLASS privClass = CKO_PRIVATE_KEY; 1108 1.1 christos CK_ATTRIBUTE privTemplate[] = { 1109 1.1 christos { CKA_CLASS, &privClass, (CK_ULONG)sizeof(privClass) }, 1110 1.1 christos { CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) }, 1111 1.1 christos { CKA_TOKEN, &falsevalue, (CK_ULONG)sizeof(falsevalue) }, 1112 1.1 christos { CKA_PRIVATE, &falsevalue, (CK_ULONG)sizeof(falsevalue) }, 1113 1.1 christos { CKA_SENSITIVE, &falsevalue, (CK_ULONG)sizeof(falsevalue) }, 1114 1.1 christos { CKA_EXTRACTABLE, &truevalue, (CK_ULONG)sizeof(truevalue) }, 1115 1.1 christos { CKA_SIGN, &truevalue, (CK_ULONG)sizeof(truevalue) }, 1116 1.1 christos }; 1117 1.1 christos CK_ATTRIBUTE *attr; 1118 1.1 christos pk11_object_t *rsa; 1119 1.1 christos pk11_context_t *pk11_ctx; 1120 1.1 christos isc_result_t ret; 1121 1.1 christos unsigned int i; 1122 1.1 christos 1123 1.1 christos UNUSED(callback); 1124 1.1 christos 1125 1.1 christos /* 1126 1.1 christos * Reject incorrect RSA key lengths. 1127 1.1 christos */ 1128 1.1 christos switch (key->key_alg) { 1129 1.1 christos case DST_ALG_RSASHA1: 1130 1.1 christos case DST_ALG_NSEC3RSASHA1: 1131 1.1 christos /* From RFC 3110 */ 1132 1.1 christos if (key->key_size > 4096) { 1133 1.1 christos return (ISC_R_FAILURE); 1134 1.1 christos } 1135 1.1 christos break; 1136 1.1 christos case DST_ALG_RSASHA256: 1137 1.1 christos /* From RFC 5702 */ 1138 1.1 christos if ((key->key_size < 512) || (key->key_size > 4096)) { 1139 1.1 christos return (ISC_R_FAILURE); 1140 1.1 christos } 1141 1.1 christos break; 1142 1.1 christos case DST_ALG_RSASHA512: 1143 1.1 christos /* From RFC 5702 */ 1144 1.1 christos if ((key->key_size < 1024) || (key->key_size > 4096)) { 1145 1.1 christos return (ISC_R_FAILURE); 1146 1.1 christos } 1147 1.1 christos break; 1148 1.1 christos default: 1149 1.1 christos UNREACHABLE(); 1150 1.1 christos } 1151 1.1 christos 1152 1.1 christos pk11_ctx = isc_mem_get(key->mctx, sizeof(*pk11_ctx)); 1153 1.1 christos ret = pk11_get_session(pk11_ctx, OP_RSA, true, false, false, NULL, 1154 1.1 christos pk11_get_best_token(OP_RSA)); 1155 1.1 christos if (ret != ISC_R_SUCCESS) { 1156 1.1 christos goto err; 1157 1.1 christos } 1158 1.1 christos 1159 1.1 christos bits = key->key_size; 1160 1.1 christos if (exp == 0) { 1161 1.1 christos /* RSA_F4 0x10001 */ 1162 1.1 christos pubexp[0] = 1; 1163 1.1 christos pubexp[1] = 0; 1164 1.1 christos pubexp[2] = 1; 1165 1.1 christos pubTemplate[6].ulValueLen = 3; 1166 1.1 christos } else { 1167 1.1 christos /* F5 0x100000001 */ 1168 1.1 christos pubexp[0] = 1; 1169 1.1 christos pubexp[1] = 0; 1170 1.1 christos pubexp[2] = 0; 1171 1.1 christos pubexp[3] = 0; 1172 1.1 christos pubexp[4] = 1; 1173 1.1 christos pubTemplate[6].ulValueLen = 5; 1174 1.1 christos } 1175 1.1 christos 1176 1.1 christos PK11_RET(pkcs_C_GenerateKeyPair, 1177 1.1 christos (pk11_ctx->session, &mech, pubTemplate, (CK_ULONG)7, 1178 1.1 christos privTemplate, (CK_ULONG)7, &pub, &priv), 1179 1.1 christos DST_R_CRYPTOFAILURE); 1180 1.1 christos 1181 1.1 christos rsa = isc_mem_get(key->mctx, sizeof(*rsa)); 1182 1.1 christos memset(rsa, 0, sizeof(*rsa)); 1183 1.1 christos key->keydata.pkey = rsa; 1184 1.1 christos rsa->repr = isc_mem_get(key->mctx, sizeof(*attr) * 8); 1185 1.1 christos memset(rsa->repr, 0, sizeof(*attr) * 8); 1186 1.1 christos rsa->attrcnt = 8; 1187 1.1 christos 1188 1.1 christos attr = rsa->repr; 1189 1.1 christos attr[0].type = CKA_MODULUS; 1190 1.1 christos attr[1].type = CKA_PUBLIC_EXPONENT; 1191 1.1 christos attr[2].type = CKA_PRIVATE_EXPONENT; 1192 1.1 christos attr[3].type = CKA_PRIME_1; 1193 1.1 christos attr[4].type = CKA_PRIME_2; 1194 1.1 christos attr[5].type = CKA_EXPONENT_1; 1195 1.1 christos attr[6].type = CKA_EXPONENT_2; 1196 1.1 christos attr[7].type = CKA_COEFFICIENT; 1197 1.1 christos 1198 1.1 christos PK11_RET(pkcs_C_GetAttributeValue, (pk11_ctx->session, pub, attr, 2), 1199 1.1 christos DST_R_CRYPTOFAILURE); 1200 1.1 christos for (i = 0; i <= 1; i++) { 1201 1.1 christos attr[i].pValue = isc_mem_get(key->mctx, attr[i].ulValueLen); 1202 1.1 christos memset(attr[i].pValue, 0, attr[i].ulValueLen); 1203 1.1 christos } 1204 1.1 christos PK11_RET(pkcs_C_GetAttributeValue, (pk11_ctx->session, pub, attr, 2), 1205 1.1 christos DST_R_CRYPTOFAILURE); 1206 1.1 christos 1207 1.1 christos attr += 2; 1208 1.1 christos PK11_RET(pkcs_C_GetAttributeValue, (pk11_ctx->session, priv, attr, 6), 1209 1.1 christos DST_R_CRYPTOFAILURE); 1210 1.1 christos for (i = 0; i <= 5; i++) { 1211 1.1 christos attr[i].pValue = isc_mem_get(key->mctx, attr[i].ulValueLen); 1212 1.1 christos memset(attr[i].pValue, 0, attr[i].ulValueLen); 1213 1.1 christos } 1214 1.1 christos PK11_RET(pkcs_C_GetAttributeValue, (pk11_ctx->session, priv, attr, 6), 1215 1.1 christos DST_R_CRYPTOFAILURE); 1216 1.1 christos 1217 1.1 christos (void)pkcs_C_DestroyObject(pk11_ctx->session, priv); 1218 1.1 christos (void)pkcs_C_DestroyObject(pk11_ctx->session, pub); 1219 1.1 christos pk11_return_session(pk11_ctx); 1220 1.1 christos isc_safe_memwipe(pk11_ctx, sizeof(*pk11_ctx)); 1221 1.1 christos isc_mem_put(key->mctx, pk11_ctx, sizeof(*pk11_ctx)); 1222 1.1 christos 1223 1.1 christos return (ISC_R_SUCCESS); 1224 1.1 christos 1225 1.1 christos err: 1226 1.1 christos pkcs11rsa_destroy(key); 1227 1.1 christos if (priv != CK_INVALID_HANDLE) { 1228 1.1 christos (void)pkcs_C_DestroyObject(pk11_ctx->session, priv); 1229 1.1 christos } 1230 1.1 christos if (pub != CK_INVALID_HANDLE) { 1231 1.1 christos (void)pkcs_C_DestroyObject(pk11_ctx->session, pub); 1232 1.1 christos } 1233 1.1 christos pk11_return_session(pk11_ctx); 1234 1.1 christos isc_safe_memwipe(pk11_ctx, sizeof(*pk11_ctx)); 1235 1.1 christos isc_mem_put(key->mctx, pk11_ctx, sizeof(*pk11_ctx)); 1236 1.1 christos 1237 1.1 christos return (ret); 1238 1.1 christos } 1239 1.1 christos 1240 1.1 christos static bool 1241 1.1 christos pkcs11rsa_isprivate(const dst_key_t *key) { 1242 1.1 christos pk11_object_t *rsa = key->keydata.pkey; 1243 1.1 christos CK_ATTRIBUTE *attr; 1244 1.1 christos 1245 1.1 christos if (rsa == NULL) { 1246 1.1 christos return (false); 1247 1.1 christos } 1248 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_PRIVATE_EXPONENT); 1249 1.1 christos return (attr != NULL || rsa->ontoken); 1250 1.1 christos } 1251 1.1 christos 1252 1.1 christos static void 1253 1.1 christos pkcs11rsa_destroy(dst_key_t *key) { 1254 1.1 christos pk11_object_t *rsa = key->keydata.pkey; 1255 1.1 christos CK_ATTRIBUTE *attr; 1256 1.1 christos 1257 1.1 christos if (rsa == NULL) { 1258 1.1 christos return; 1259 1.1 christos } 1260 1.1 christos 1261 1.1 christos INSIST((rsa->object == CK_INVALID_HANDLE) || rsa->ontoken); 1262 1.1 christos 1263 1.1 christos for (attr = pk11_attribute_first(rsa); attr != NULL; 1264 1.1 christos attr = pk11_attribute_next(rsa, attr)) 1265 1.1 christos { 1266 1.1 christos switch (attr->type) { 1267 1.1 christos case CKA_LABEL: 1268 1.1 christos case CKA_ID: 1269 1.1 christos case CKA_MODULUS: 1270 1.1 christos case CKA_PUBLIC_EXPONENT: 1271 1.1 christos case CKA_PRIVATE_EXPONENT: 1272 1.1 christos case CKA_PRIME_1: 1273 1.1 christos case CKA_PRIME_2: 1274 1.1 christos case CKA_EXPONENT_1: 1275 1.1 christos case CKA_EXPONENT_2: 1276 1.1 christos case CKA_COEFFICIENT: 1277 1.1 christos if (attr->pValue != NULL) { 1278 1.1 christos isc_safe_memwipe(attr->pValue, 1279 1.1 christos attr->ulValueLen); 1280 1.1 christos isc_mem_put(key->mctx, attr->pValue, 1281 1.1 christos attr->ulValueLen); 1282 1.1 christos } 1283 1.1 christos break; 1284 1.1 christos } 1285 1.1 christos } 1286 1.1 christos if (rsa->repr != NULL) { 1287 1.1 christos isc_safe_memwipe(rsa->repr, rsa->attrcnt * sizeof(*attr)); 1288 1.1 christos isc_mem_put(key->mctx, rsa->repr, rsa->attrcnt * sizeof(*attr)); 1289 1.1 christos } 1290 1.1 christos isc_safe_memwipe(rsa, sizeof(*rsa)); 1291 1.1 christos isc_mem_put(key->mctx, rsa, sizeof(*rsa)); 1292 1.1 christos key->keydata.pkey = NULL; 1293 1.1 christos } 1294 1.1 christos 1295 1.1 christos static isc_result_t 1296 1.1 christos pkcs11rsa_todns(const dst_key_t *key, isc_buffer_t *data) { 1297 1.1 christos pk11_object_t *rsa; 1298 1.1 christos CK_ATTRIBUTE *attr; 1299 1.1 christos isc_region_t r; 1300 1.1 christos unsigned int e_bytes = 0, mod_bytes = 0; 1301 1.1 christos CK_BYTE *exponent = NULL, *modulus = NULL; 1302 1.1 christos 1303 1.1 christos REQUIRE(key->keydata.pkey != NULL); 1304 1.1 christos 1305 1.1 christos rsa = key->keydata.pkey; 1306 1.1 christos 1307 1.1 christos for (attr = pk11_attribute_first(rsa); attr != NULL; 1308 1.1 christos attr = pk11_attribute_next(rsa, attr)) 1309 1.1 christos { 1310 1.1 christos switch (attr->type) { 1311 1.1 christos case CKA_PUBLIC_EXPONENT: 1312 1.1 christos exponent = (CK_BYTE *)attr->pValue; 1313 1.1 christos e_bytes = (unsigned int)attr->ulValueLen; 1314 1.1 christos break; 1315 1.1 christos case CKA_MODULUS: 1316 1.1 christos modulus = (CK_BYTE *)attr->pValue; 1317 1.1 christos mod_bytes = (unsigned int)attr->ulValueLen; 1318 1.1 christos break; 1319 1.1 christos } 1320 1.1 christos } 1321 1.1 christos REQUIRE((exponent != NULL) && (modulus != NULL)); 1322 1.1 christos 1323 1.1 christos isc_buffer_availableregion(data, &r); 1324 1.1 christos 1325 1.1 christos if (e_bytes < 256) { /*%< key exponent is <= 2040 bits */ 1326 1.1 christos if (r.length < 1) { 1327 1.1 christos return (ISC_R_NOSPACE); 1328 1.1 christos } 1329 1.1 christos isc_buffer_putuint8(data, (uint8_t)e_bytes); 1330 1.1 christos isc_region_consume(&r, 1); 1331 1.1 christos } else { 1332 1.1 christos if (r.length < 3) { 1333 1.1 christos return (ISC_R_NOSPACE); 1334 1.1 christos } 1335 1.1 christos isc_buffer_putuint8(data, 0); 1336 1.1 christos isc_buffer_putuint16(data, (uint16_t)e_bytes); 1337 1.1 christos isc_region_consume(&r, 3); 1338 1.1 christos } 1339 1.1 christos 1340 1.1 christos if (r.length < e_bytes + mod_bytes) { 1341 1.1 christos return (ISC_R_NOSPACE); 1342 1.1 christos } 1343 1.1 christos 1344 1.1 christos memmove(r.base, exponent, e_bytes); 1345 1.1 christos isc_region_consume(&r, e_bytes); 1346 1.1 christos memmove(r.base, modulus, mod_bytes); 1347 1.1 christos 1348 1.1 christos isc_buffer_add(data, e_bytes + mod_bytes); 1349 1.1 christos 1350 1.1 christos return (ISC_R_SUCCESS); 1351 1.1 christos } 1352 1.1 christos 1353 1.1 christos static isc_result_t 1354 1.1 christos pkcs11rsa_fromdns(dst_key_t *key, isc_buffer_t *data) { 1355 1.1 christos pk11_object_t *rsa; 1356 1.1 christos isc_region_t r; 1357 1.1 christos unsigned int e_bytes, mod_bytes; 1358 1.1 christos CK_BYTE *exponent = NULL, *modulus = NULL; 1359 1.1 christos CK_ATTRIBUTE *attr; 1360 1.1 christos unsigned int length; 1361 1.1 christos unsigned int bits; 1362 1.1 christos isc_result_t ret = ISC_R_SUCCESS; 1363 1.1 christos 1364 1.1 christos isc_buffer_remainingregion(data, &r); 1365 1.1 christos if (r.length == 0) { 1366 1.1 christos return (ISC_R_SUCCESS); 1367 1.1 christos } 1368 1.1 christos length = r.length; 1369 1.1 christos 1370 1.1 christos rsa = isc_mem_get(key->mctx, sizeof(*rsa)); 1371 1.1 christos 1372 1.1 christos memset(rsa, 0, sizeof(*rsa)); 1373 1.1 christos 1374 1.1 christos e_bytes = *r.base; 1375 1.1 christos isc_region_consume(&r, 1); 1376 1.1 christos 1377 1.1 christos if (e_bytes == 0) { 1378 1.1 christos if (r.length < 2) { 1379 1.1 christos DST_RET(DST_R_INVALIDPUBLICKEY); 1380 1.1 christos } 1381 1.1 christos e_bytes = (*r.base) << 8; 1382 1.1 christos isc_region_consume(&r, 1); 1383 1.1 christos e_bytes += *r.base; 1384 1.1 christos isc_region_consume(&r, 1); 1385 1.1 christos } 1386 1.1 christos 1387 1.1 christos if (r.length < e_bytes) { 1388 1.1 christos DST_RET(DST_R_INVALIDPUBLICKEY); 1389 1.1 christos } 1390 1.1 christos exponent = r.base; 1391 1.1 christos isc_region_consume(&r, e_bytes); 1392 1.1 christos modulus = r.base; 1393 1.1 christos mod_bytes = r.length; 1394 1.1 christos 1395 1.1 christos ret = pk11_numbits(modulus, mod_bytes, &bits); 1396 1.1 christos if (ret != ISC_R_SUCCESS) { 1397 1.1 christos goto err; 1398 1.1 christos } 1399 1.1 christos key->key_size = bits; 1400 1.1 christos 1401 1.1 christos isc_buffer_forward(data, length); 1402 1.1 christos 1403 1.1 christos rsa->repr = isc_mem_get(key->mctx, sizeof(*attr) * 2); 1404 1.1 christos memset(rsa->repr, 0, sizeof(*attr) * 2); 1405 1.1 christos rsa->attrcnt = 2; 1406 1.1 christos attr = rsa->repr; 1407 1.1 christos attr[0].type = CKA_MODULUS; 1408 1.1 christos attr[0].pValue = isc_mem_get(key->mctx, mod_bytes); 1409 1.1 christos memmove(attr[0].pValue, modulus, mod_bytes); 1410 1.1 christos attr[0].ulValueLen = (CK_ULONG)mod_bytes; 1411 1.1 christos attr[1].type = CKA_PUBLIC_EXPONENT; 1412 1.1 christos attr[1].pValue = isc_mem_get(key->mctx, e_bytes); 1413 1.1 christos memmove(attr[1].pValue, exponent, e_bytes); 1414 1.1 christos attr[1].ulValueLen = (CK_ULONG)e_bytes; 1415 1.1 christos 1416 1.1 christos key->keydata.pkey = rsa; 1417 1.1 christos 1418 1.1 christos return (ISC_R_SUCCESS); 1419 1.1 christos err: 1420 1.1 christos isc_safe_memwipe(rsa, sizeof(*rsa)); 1421 1.1 christos isc_mem_put(key->mctx, rsa, sizeof(*rsa)); 1422 1.1 christos return (ret); 1423 1.1 christos } 1424 1.1 christos 1425 1.1 christos static isc_result_t 1426 1.1 christos pkcs11rsa_tofile(const dst_key_t *key, const char *directory) { 1427 1.1 christos int i; 1428 1.1 christos pk11_object_t *rsa; 1429 1.1 christos CK_ATTRIBUTE *attr; 1430 1.1 christos CK_ATTRIBUTE *modulus = NULL, *exponent = NULL; 1431 1.1 christos CK_ATTRIBUTE *d = NULL, *p = NULL, *q = NULL; 1432 1.1 christos CK_ATTRIBUTE *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; 1433 1.1 christos dst_private_t priv; 1434 1.1 christos unsigned char *bufs[10]; 1435 1.1 christos isc_result_t result; 1436 1.1 christos 1437 1.1 christos if (key->keydata.pkey == NULL) { 1438 1.1 christos return (DST_R_NULLKEY); 1439 1.1 christos } 1440 1.1 christos 1441 1.1 christos if (key->external) { 1442 1.1 christos priv.nelements = 0; 1443 1.1 christos return (dst__privstruct_writefile(key, &priv, directory)); 1444 1.1 christos } 1445 1.1 christos 1446 1.1 christos rsa = key->keydata.pkey; 1447 1.1 christos 1448 1.1 christos for (attr = pk11_attribute_first(rsa); attr != NULL; 1449 1.1 christos attr = pk11_attribute_next(rsa, attr)) 1450 1.1 christos { 1451 1.1 christos switch (attr->type) { 1452 1.1 christos case CKA_MODULUS: 1453 1.1 christos modulus = attr; 1454 1.1 christos break; 1455 1.1 christos case CKA_PUBLIC_EXPONENT: 1456 1.1 christos exponent = attr; 1457 1.1 christos break; 1458 1.1 christos case CKA_PRIVATE_EXPONENT: 1459 1.1 christos d = attr; 1460 1.1 christos break; 1461 1.1 christos case CKA_PRIME_1: 1462 1.1 christos p = attr; 1463 1.1 christos break; 1464 1.1 christos case CKA_PRIME_2: 1465 1.1 christos q = attr; 1466 1.1 christos break; 1467 1.1 christos case CKA_EXPONENT_1: 1468 1.1 christos dmp1 = attr; 1469 1.1 christos break; 1470 1.1 christos case CKA_EXPONENT_2: 1471 1.1 christos dmq1 = attr; 1472 1.1 christos break; 1473 1.1 christos case CKA_COEFFICIENT: 1474 1.1 christos iqmp = attr; 1475 1.1 christos break; 1476 1.1 christos } 1477 1.1 christos } 1478 1.1 christos if ((modulus == NULL) || (exponent == NULL)) { 1479 1.1 christos return (DST_R_NULLKEY); 1480 1.1 christos } 1481 1.1 christos 1482 1.1 christos memset(bufs, 0, sizeof(bufs)); 1483 1.1 christos 1484 1.1 christos for (i = 0; i < 10; i++) { 1485 1.1 christos bufs[i] = isc_mem_get(key->mctx, modulus->ulValueLen); 1486 1.1 christos memset(bufs[i], 0, modulus->ulValueLen); 1487 1.1 christos } 1488 1.1 christos 1489 1.1 christos i = 0; 1490 1.1 christos 1491 1.1 christos priv.elements[i].tag = TAG_RSA_MODULUS; 1492 1.1 christos priv.elements[i].length = (unsigned short)modulus->ulValueLen; 1493 1.1 christos memmove(bufs[i], modulus->pValue, modulus->ulValueLen); 1494 1.1 christos priv.elements[i].data = bufs[i]; 1495 1.1 christos i++; 1496 1.1 christos 1497 1.1 christos priv.elements[i].tag = TAG_RSA_PUBLICEXPONENT; 1498 1.1 christos priv.elements[i].length = (unsigned short)exponent->ulValueLen; 1499 1.1 christos memmove(bufs[i], exponent->pValue, exponent->ulValueLen); 1500 1.1 christos priv.elements[i].data = bufs[i]; 1501 1.1 christos i++; 1502 1.1 christos 1503 1.1 christos if (d != NULL) { 1504 1.1 christos priv.elements[i].tag = TAG_RSA_PRIVATEEXPONENT; 1505 1.1 christos priv.elements[i].length = (unsigned short)d->ulValueLen; 1506 1.1 christos memmove(bufs[i], d->pValue, d->ulValueLen); 1507 1.1 christos priv.elements[i].data = bufs[i]; 1508 1.1 christos i++; 1509 1.1 christos } 1510 1.1 christos 1511 1.1 christos if (p != NULL) { 1512 1.1 christos priv.elements[i].tag = TAG_RSA_PRIME1; 1513 1.1 christos priv.elements[i].length = (unsigned short)p->ulValueLen; 1514 1.1 christos memmove(bufs[i], p->pValue, p->ulValueLen); 1515 1.1 christos priv.elements[i].data = bufs[i]; 1516 1.1 christos i++; 1517 1.1 christos } 1518 1.1 christos 1519 1.1 christos if (q != NULL) { 1520 1.1 christos priv.elements[i].tag = TAG_RSA_PRIME2; 1521 1.1 christos priv.elements[i].length = (unsigned short)q->ulValueLen; 1522 1.1 christos memmove(bufs[i], q->pValue, q->ulValueLen); 1523 1.1 christos priv.elements[i].data = bufs[i]; 1524 1.1 christos i++; 1525 1.1 christos } 1526 1.1 christos 1527 1.1 christos if (dmp1 != NULL) { 1528 1.1 christos priv.elements[i].tag = TAG_RSA_EXPONENT1; 1529 1.1 christos priv.elements[i].length = (unsigned short)dmp1->ulValueLen; 1530 1.1 christos memmove(bufs[i], dmp1->pValue, dmp1->ulValueLen); 1531 1.1 christos priv.elements[i].data = bufs[i]; 1532 1.1 christos i++; 1533 1.1 christos } 1534 1.1 christos 1535 1.1 christos if (dmq1 != NULL) { 1536 1.1 christos priv.elements[i].tag = TAG_RSA_EXPONENT2; 1537 1.1 christos priv.elements[i].length = (unsigned short)dmq1->ulValueLen; 1538 1.1 christos memmove(bufs[i], dmq1->pValue, dmq1->ulValueLen); 1539 1.1 christos priv.elements[i].data = bufs[i]; 1540 1.1 christos i++; 1541 1.1 christos } 1542 1.1 christos 1543 1.1 christos if (iqmp != NULL) { 1544 1.1 christos priv.elements[i].tag = TAG_RSA_COEFFICIENT; 1545 1.1 christos priv.elements[i].length = (unsigned short)iqmp->ulValueLen; 1546 1.1 christos memmove(bufs[i], iqmp->pValue, iqmp->ulValueLen); 1547 1.1 christos priv.elements[i].data = bufs[i]; 1548 1.1 christos i++; 1549 1.1 christos } 1550 1.1 christos 1551 1.1 christos if (key->engine != NULL) { 1552 1.1 christos priv.elements[i].tag = TAG_RSA_ENGINE; 1553 1.1 christos priv.elements[i].length = (unsigned short)strlen(key->engine) + 1554 1.1 christos 1; 1555 1.1 christos priv.elements[i].data = (unsigned char *)key->engine; 1556 1.1 christos i++; 1557 1.1 christos } 1558 1.1 christos 1559 1.1 christos if (key->label != NULL) { 1560 1.1 christos priv.elements[i].tag = TAG_RSA_LABEL; 1561 1.1 christos priv.elements[i].length = (unsigned short)strlen(key->label) + 1562 1.1 christos 1; 1563 1.1 christos priv.elements[i].data = (unsigned char *)key->label; 1564 1.1 christos i++; 1565 1.1 christos } 1566 1.1 christos 1567 1.1 christos priv.nelements = i; 1568 1.1 christos result = dst__privstruct_writefile(key, &priv, directory); 1569 1.1 christos for (i = 0; i < 10; i++) { 1570 1.1 christos if (bufs[i] == NULL) { 1571 1.1 christos break; 1572 1.1 christos } 1573 1.1 christos isc_safe_memwipe(bufs[i], modulus->ulValueLen); 1574 1.1 christos isc_mem_put(key->mctx, bufs[i], modulus->ulValueLen); 1575 1.1 christos } 1576 1.1 christos return (result); 1577 1.1 christos } 1578 1.1 christos 1579 1.1 christos static isc_result_t 1580 1.1 christos pkcs11rsa_fetch(dst_key_t *key, const char *engine, const char *label, 1581 1.1 christos dst_key_t *pub) { 1582 1.1 christos CK_RV rv; 1583 1.1 christos CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY; 1584 1.1 christos CK_KEY_TYPE keyType = CKK_RSA; 1585 1.1 christos CK_ATTRIBUTE searchTemplate[] = { 1586 1.1 christos { CKA_CLASS, &keyClass, (CK_ULONG)sizeof(keyClass) }, 1587 1.1 christos { CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) }, 1588 1.1 christos { CKA_TOKEN, &truevalue, (CK_ULONG)sizeof(truevalue) }, 1589 1.1 christos { CKA_LABEL, NULL, 0 } 1590 1.1 christos }; 1591 1.1 christos CK_ULONG cnt; 1592 1.1 christos CK_ATTRIBUTE *attr; 1593 1.1 christos CK_ATTRIBUTE *pubattr; 1594 1.1 christos pk11_object_t *rsa; 1595 1.1 christos pk11_object_t *pubrsa; 1596 1.1 christos pk11_context_t *pk11_ctx = NULL; 1597 1.1 christos isc_result_t ret; 1598 1.1 christos unsigned int bits; 1599 1.1 christos 1600 1.1 christos if (label == NULL) { 1601 1.1 christos return (DST_R_NOENGINE); 1602 1.1 christos } 1603 1.1 christos 1604 1.1 christos rsa = key->keydata.pkey; 1605 1.1 christos pubrsa = pub->keydata.pkey; 1606 1.1 christos 1607 1.1 christos rsa->object = CK_INVALID_HANDLE; 1608 1.1 christos rsa->ontoken = true; 1609 1.1 christos rsa->reqlogon = true; 1610 1.1 christos rsa->repr = isc_mem_get(key->mctx, sizeof(*attr) * 2); 1611 1.1 christos memset(rsa->repr, 0, sizeof(*attr) * 2); 1612 1.1 christos rsa->attrcnt = 2; 1613 1.1 christos attr = rsa->repr; 1614 1.1 christos 1615 1.1 christos attr->type = CKA_MODULUS; 1616 1.1 christos pubattr = pk11_attribute_bytype(pubrsa, CKA_MODULUS); 1617 1.1 christos INSIST(pubattr != NULL); 1618 1.1 christos attr->pValue = isc_mem_get(key->mctx, pubattr->ulValueLen); 1619 1.1 christos memmove(attr->pValue, pubattr->pValue, pubattr->ulValueLen); 1620 1.1 christos attr->ulValueLen = pubattr->ulValueLen; 1621 1.1 christos attr++; 1622 1.1 christos 1623 1.1 christos attr->type = CKA_PUBLIC_EXPONENT; 1624 1.1 christos pubattr = pk11_attribute_bytype(pubrsa, CKA_PUBLIC_EXPONENT); 1625 1.1 christos INSIST(pubattr != NULL); 1626 1.1 christos attr->pValue = isc_mem_get(key->mctx, pubattr->ulValueLen); 1627 1.1 christos memmove(attr->pValue, pubattr->pValue, pubattr->ulValueLen); 1628 1.1 christos attr->ulValueLen = pubattr->ulValueLen; 1629 1.1 christos 1630 1.1 christos ret = pk11_parse_uri(rsa, label, key->mctx, OP_RSA); 1631 1.1 christos if (ret != ISC_R_SUCCESS) { 1632 1.1 christos goto err; 1633 1.1 christos } 1634 1.1 christos 1635 1.1 christos pk11_ctx = isc_mem_get(key->mctx, sizeof(*pk11_ctx)); 1636 1.1 christos ret = pk11_get_session(pk11_ctx, OP_RSA, true, false, rsa->reqlogon, 1637 1.1 christos NULL, rsa->slot); 1638 1.1 christos if (ret != ISC_R_SUCCESS) { 1639 1.1 christos goto err; 1640 1.1 christos } 1641 1.1 christos 1642 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_LABEL); 1643 1.1 christos if (attr == NULL) { 1644 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_ID); 1645 1.1 christos INSIST(attr != NULL); 1646 1.1 christos searchTemplate[3].type = CKA_ID; 1647 1.1 christos } 1648 1.1 christos searchTemplate[3].pValue = attr->pValue; 1649 1.1 christos searchTemplate[3].ulValueLen = attr->ulValueLen; 1650 1.1 christos 1651 1.1 christos PK11_RET(pkcs_C_FindObjectsInit, 1652 1.1 christos (pk11_ctx->session, searchTemplate, (CK_ULONG)4), 1653 1.1 christos DST_R_CRYPTOFAILURE); 1654 1.1 christos PK11_RET(pkcs_C_FindObjects, 1655 1.1 christos (pk11_ctx->session, &rsa->object, (CK_ULONG)1, &cnt), 1656 1.1 christos DST_R_CRYPTOFAILURE); 1657 1.1 christos (void)pkcs_C_FindObjectsFinal(pk11_ctx->session); 1658 1.1 christos if (cnt == 0) { 1659 1.1 christos DST_RET(ISC_R_NOTFOUND); 1660 1.1 christos } 1661 1.1 christos if (cnt > 1) { 1662 1.1 christos DST_RET(ISC_R_EXISTS); 1663 1.1 christos } 1664 1.1 christos 1665 1.1 christos if (engine != NULL) { 1666 1.1 christos key->engine = isc_mem_strdup(key->mctx, engine); 1667 1.1 christos } 1668 1.1 christos 1669 1.1 christos key->label = isc_mem_strdup(key->mctx, label); 1670 1.1 christos 1671 1.1 christos pk11_return_session(pk11_ctx); 1672 1.1 christos isc_safe_memwipe(pk11_ctx, sizeof(*pk11_ctx)); 1673 1.1 christos isc_mem_put(key->mctx, pk11_ctx, sizeof(*pk11_ctx)); 1674 1.1 christos 1675 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_MODULUS); 1676 1.1 christos INSIST(attr != NULL); 1677 1.1 christos ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits); 1678 1.1 christos if (ret != ISC_R_SUCCESS) { 1679 1.1 christos goto err; 1680 1.1 christos } 1681 1.1 christos key->key_size = bits; 1682 1.1 christos 1683 1.1 christos return (ISC_R_SUCCESS); 1684 1.1 christos 1685 1.1 christos err: 1686 1.1 christos if (pk11_ctx != NULL) { 1687 1.1 christos pk11_return_session(pk11_ctx); 1688 1.1 christos isc_safe_memwipe(pk11_ctx, sizeof(*pk11_ctx)); 1689 1.1 christos isc_mem_put(key->mctx, pk11_ctx, sizeof(*pk11_ctx)); 1690 1.1 christos } 1691 1.1 christos 1692 1.1 christos return (ret); 1693 1.1 christos } 1694 1.1 christos 1695 1.1 christos static isc_result_t 1696 1.1 christos rsa_check(pk11_object_t *rsa, pk11_object_t *pubrsa) { 1697 1.1 christos CK_ATTRIBUTE *pubattr, *privattr; 1698 1.1 christos CK_BYTE *priv_exp = NULL, *priv_mod = NULL; 1699 1.1 christos CK_BYTE *pub_exp = NULL, *pub_mod = NULL; 1700 1.1 christos unsigned int priv_explen = 0, priv_modlen = 0; 1701 1.1 christos unsigned int pub_explen = 0, pub_modlen = 0; 1702 1.1 christos 1703 1.1 christos REQUIRE(rsa != NULL && pubrsa != NULL); 1704 1.1 christos 1705 1.1 christos privattr = pk11_attribute_bytype(rsa, CKA_PUBLIC_EXPONENT); 1706 1.1 christos INSIST(privattr != NULL); 1707 1.1 christos priv_exp = privattr->pValue; 1708 1.1 christos priv_explen = privattr->ulValueLen; 1709 1.1 christos 1710 1.1 christos pubattr = pk11_attribute_bytype(pubrsa, CKA_PUBLIC_EXPONENT); 1711 1.1 christos INSIST(pubattr != NULL); 1712 1.1 christos pub_exp = pubattr->pValue; 1713 1.1 christos pub_explen = pubattr->ulValueLen; 1714 1.1 christos 1715 1.1 christos if (priv_exp != NULL) { 1716 1.1 christos if (priv_explen != pub_explen) { 1717 1.1 christos return (DST_R_INVALIDPRIVATEKEY); 1718 1.1 christos } 1719 1.1 christos if (!isc_safe_memequal(priv_exp, pub_exp, pub_explen)) { 1720 1.1 christos return (DST_R_INVALIDPRIVATEKEY); 1721 1.1 christos } 1722 1.1 christos } else { 1723 1.1 christos privattr->pValue = pub_exp; 1724 1.1 christos privattr->ulValueLen = pub_explen; 1725 1.1 christos pubattr->pValue = NULL; 1726 1.1 christos pubattr->ulValueLen = 0; 1727 1.1 christos } 1728 1.1 christos 1729 1.1 christos if (privattr->pValue == NULL) { 1730 1.1 christos return (DST_R_INVALIDPRIVATEKEY); 1731 1.1 christos } 1732 1.1 christos 1733 1.1 christos privattr = pk11_attribute_bytype(rsa, CKA_MODULUS); 1734 1.1 christos INSIST(privattr != NULL); 1735 1.1 christos priv_mod = privattr->pValue; 1736 1.1 christos priv_modlen = privattr->ulValueLen; 1737 1.1 christos 1738 1.1 christos pubattr = pk11_attribute_bytype(pubrsa, CKA_MODULUS); 1739 1.1 christos INSIST(pubattr != NULL); 1740 1.1 christos pub_mod = pubattr->pValue; 1741 1.1 christos pub_modlen = pubattr->ulValueLen; 1742 1.1 christos 1743 1.1 christos if (priv_mod != NULL) { 1744 1.1 christos if (priv_modlen != pub_modlen) { 1745 1.1 christos return (DST_R_INVALIDPRIVATEKEY); 1746 1.1 christos } 1747 1.1 christos if (!isc_safe_memequal(priv_mod, pub_mod, pub_modlen)) { 1748 1.1 christos return (DST_R_INVALIDPRIVATEKEY); 1749 1.1 christos } 1750 1.1 christos } else { 1751 1.1 christos privattr->pValue = pub_mod; 1752 1.1 christos privattr->ulValueLen = pub_modlen; 1753 1.1 christos pubattr->pValue = NULL; 1754 1.1 christos pubattr->ulValueLen = 0; 1755 1.1 christos } 1756 1.1 christos 1757 1.1 christos if (privattr->pValue == NULL) { 1758 1.1 christos return (DST_R_INVALIDPRIVATEKEY); 1759 1.1 christos } 1760 1.1 christos 1761 1.1 christos return (ISC_R_SUCCESS); 1762 1.1 christos } 1763 1.1 christos 1764 1.1 christos static isc_result_t 1765 1.1 christos pkcs11rsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { 1766 1.1 christos dst_private_t priv; 1767 1.1 christos isc_result_t ret; 1768 1.1 christos int i; 1769 1.1 christos pk11_object_t *rsa; 1770 1.1 christos CK_ATTRIBUTE *attr; 1771 1.1 christos isc_mem_t *mctx = key->mctx; 1772 1.1 christos const char *engine = NULL, *label = NULL; 1773 1.1 christos unsigned int bits; 1774 1.1 christos 1775 1.1 christos /* read private key file */ 1776 1.1 christos ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv); 1777 1.1 christos if (ret != ISC_R_SUCCESS) { 1778 1.1 christos return (ret); 1779 1.1 christos } 1780 1.1 christos 1781 1.1 christos if (key->external) { 1782 1.1 christos if (priv.nelements != 0) { 1783 1.1 christos DST_RET(DST_R_INVALIDPRIVATEKEY); 1784 1.1 christos } 1785 1.1 christos if (pub == NULL) { 1786 1.1 christos DST_RET(DST_R_INVALIDPRIVATEKEY); 1787 1.1 christos } 1788 1.1 christos 1789 1.1 christos key->keydata.pkey = pub->keydata.pkey; 1790 1.1 christos pub->keydata.pkey = NULL; 1791 1.1 christos key->key_size = pub->key_size; 1792 1.1 christos 1793 1.1 christos dst__privstruct_free(&priv, mctx); 1794 1.1 christos isc_safe_memwipe(&priv, sizeof(priv)); 1795 1.1 christos 1796 1.1 christos return (ISC_R_SUCCESS); 1797 1.1 christos } 1798 1.1 christos 1799 1.1 christos for (i = 0; i < priv.nelements; i++) { 1800 1.1 christos switch (priv.elements[i].tag) { 1801 1.1 christos case TAG_RSA_ENGINE: 1802 1.1 christos engine = (char *)priv.elements[i].data; 1803 1.1 christos break; 1804 1.1 christos case TAG_RSA_LABEL: 1805 1.1 christos label = (char *)priv.elements[i].data; 1806 1.1 christos break; 1807 1.1 christos default: 1808 1.1 christos break; 1809 1.1 christos } 1810 1.1 christos } 1811 1.1 christos rsa = isc_mem_get(key->mctx, sizeof(*rsa)); 1812 1.1 christos memset(rsa, 0, sizeof(*rsa)); 1813 1.1 christos key->keydata.pkey = rsa; 1814 1.1 christos 1815 1.1 christos /* Is this key is stored in a HSM? See if we can fetch it. */ 1816 1.1 christos if ((label != NULL) || (engine != NULL)) { 1817 1.1 christos ret = pkcs11rsa_fetch(key, engine, label, pub); 1818 1.1 christos if (ret != ISC_R_SUCCESS) { 1819 1.1 christos goto err; 1820 1.1 christos } 1821 1.1 christos dst__privstruct_free(&priv, mctx); 1822 1.1 christos isc_safe_memwipe(&priv, sizeof(priv)); 1823 1.1 christos return (ret); 1824 1.1 christos } 1825 1.1 christos 1826 1.1 christos rsa->repr = isc_mem_get(key->mctx, sizeof(*attr) * 8); 1827 1.1 christos memset(rsa->repr, 0, sizeof(*attr) * 8); 1828 1.1 christos rsa->attrcnt = 8; 1829 1.1 christos attr = rsa->repr; 1830 1.1 christos attr[0].type = CKA_MODULUS; 1831 1.1 christos attr[1].type = CKA_PUBLIC_EXPONENT; 1832 1.1 christos attr[2].type = CKA_PRIVATE_EXPONENT; 1833 1.1 christos attr[3].type = CKA_PRIME_1; 1834 1.1 christos attr[4].type = CKA_PRIME_2; 1835 1.1 christos attr[5].type = CKA_EXPONENT_1; 1836 1.1 christos attr[6].type = CKA_EXPONENT_2; 1837 1.1 christos attr[7].type = CKA_COEFFICIENT; 1838 1.1 christos 1839 1.1 christos for (i = 0; i < priv.nelements; i++) { 1840 1.1 christos CK_BYTE *bn; 1841 1.1 christos 1842 1.1 christos switch (priv.elements[i].tag) { 1843 1.1 christos case TAG_RSA_ENGINE: 1844 1.1 christos continue; 1845 1.1 christos case TAG_RSA_LABEL: 1846 1.1 christos continue; 1847 1.1 christos default: 1848 1.1 christos bn = isc_mem_get(key->mctx, priv.elements[i].length); 1849 1.1 christos memmove(bn, priv.elements[i].data, 1850 1.1 christos priv.elements[i].length); 1851 1.1 christos } 1852 1.1 christos 1853 1.1 christos switch (priv.elements[i].tag) { 1854 1.1 christos case TAG_RSA_MODULUS: 1855 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_MODULUS); 1856 1.1 christos INSIST(attr != NULL); 1857 1.1 christos attr->pValue = bn; 1858 1.1 christos attr->ulValueLen = priv.elements[i].length; 1859 1.1 christos break; 1860 1.1 christos case TAG_RSA_PUBLICEXPONENT: 1861 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_PUBLIC_EXPONENT); 1862 1.1 christos INSIST(attr != NULL); 1863 1.1 christos attr->pValue = bn; 1864 1.1 christos attr->ulValueLen = priv.elements[i].length; 1865 1.1 christos break; 1866 1.1 christos case TAG_RSA_PRIVATEEXPONENT: 1867 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_PRIVATE_EXPONENT); 1868 1.1 christos INSIST(attr != NULL); 1869 1.1 christos attr->pValue = bn; 1870 1.1 christos attr->ulValueLen = priv.elements[i].length; 1871 1.1 christos break; 1872 1.1 christos case TAG_RSA_PRIME1: 1873 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_PRIME_1); 1874 1.1 christos INSIST(attr != NULL); 1875 1.1 christos attr->pValue = bn; 1876 1.1 christos attr->ulValueLen = priv.elements[i].length; 1877 1.1 christos break; 1878 1.1 christos case TAG_RSA_PRIME2: 1879 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_PRIME_2); 1880 1.1 christos INSIST(attr != NULL); 1881 1.1 christos attr->pValue = bn; 1882 1.1 christos attr->ulValueLen = priv.elements[i].length; 1883 1.1 christos break; 1884 1.1 christos case TAG_RSA_EXPONENT1: 1885 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_EXPONENT_1); 1886 1.1 christos INSIST(attr != NULL); 1887 1.1 christos attr->pValue = bn; 1888 1.1 christos attr->ulValueLen = priv.elements[i].length; 1889 1.1 christos break; 1890 1.1 christos case TAG_RSA_EXPONENT2: 1891 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_EXPONENT_2); 1892 1.1 christos INSIST(attr != NULL); 1893 1.1 christos attr->pValue = bn; 1894 1.1 christos attr->ulValueLen = priv.elements[i].length; 1895 1.1 christos break; 1896 1.1 christos case TAG_RSA_COEFFICIENT: 1897 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_COEFFICIENT); 1898 1.1 christos INSIST(attr != NULL); 1899 1.1 christos attr->pValue = bn; 1900 1.1 christos attr->ulValueLen = priv.elements[i].length; 1901 1.1 christos break; 1902 1.1 christos } 1903 1.1 christos } 1904 1.1 christos 1905 1.1 christos if (rsa_check(rsa, pub->keydata.pkey) != ISC_R_SUCCESS) { 1906 1.1 christos DST_RET(DST_R_INVALIDPRIVATEKEY); 1907 1.1 christos } 1908 1.1 christos 1909 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_MODULUS); 1910 1.1 christos INSIST(attr != NULL); 1911 1.1 christos ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits); 1912 1.1 christos if (ret != ISC_R_SUCCESS) { 1913 1.1 christos goto err; 1914 1.1 christos } 1915 1.1 christos key->key_size = bits; 1916 1.1 christos 1917 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_PUBLIC_EXPONENT); 1918 1.1 christos INSIST(attr != NULL); 1919 1.1 christos 1920 1.1 christos ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits); 1921 1.1 christos if (ret != ISC_R_SUCCESS) { 1922 1.1 christos goto err; 1923 1.1 christos } 1924 1.1 christos if (bits > RSA_MAX_PUBEXP_BITS) { 1925 1.1 christos DST_RET(ISC_R_RANGE); 1926 1.1 christos } 1927 1.1 christos 1928 1.1 christos dst__privstruct_free(&priv, mctx); 1929 1.1 christos isc_safe_memwipe(&priv, sizeof(priv)); 1930 1.1 christos 1931 1.1 christos return (ISC_R_SUCCESS); 1932 1.1 christos 1933 1.1 christos err: 1934 1.1 christos pkcs11rsa_destroy(key); 1935 1.1 christos dst__privstruct_free(&priv, mctx); 1936 1.1 christos isc_safe_memwipe(&priv, sizeof(priv)); 1937 1.1 christos return (ret); 1938 1.1 christos } 1939 1.1 christos 1940 1.1 christos static isc_result_t 1941 1.1 christos pkcs11rsa_fromlabel(dst_key_t *key, const char *engine, const char *label, 1942 1.1 christos const char *pin) { 1943 1.1 christos CK_RV rv; 1944 1.1 christos CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE; 1945 1.1 christos CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY; 1946 1.1 christos CK_KEY_TYPE keyType = CKK_RSA; 1947 1.1 christos CK_ATTRIBUTE searchTemplate[] = { 1948 1.1 christos { CKA_CLASS, &keyClass, (CK_ULONG)sizeof(keyClass) }, 1949 1.1 christos { CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) }, 1950 1.1 christos { CKA_TOKEN, &truevalue, (CK_ULONG)sizeof(truevalue) }, 1951 1.1 christos { CKA_LABEL, NULL, 0 } 1952 1.1 christos }; 1953 1.1 christos CK_ULONG cnt; 1954 1.1 christos CK_ATTRIBUTE *attr; 1955 1.1 christos pk11_object_t *rsa; 1956 1.1 christos pk11_context_t *pk11_ctx = NULL; 1957 1.1 christos isc_result_t ret; 1958 1.1 christos unsigned int i; 1959 1.1 christos unsigned int bits; 1960 1.1 christos 1961 1.1 christos UNUSED(pin); 1962 1.1 christos 1963 1.1 christos rsa = isc_mem_get(key->mctx, sizeof(*rsa)); 1964 1.1 christos memset(rsa, 0, sizeof(*rsa)); 1965 1.1 christos rsa->object = CK_INVALID_HANDLE; 1966 1.1 christos rsa->ontoken = true; 1967 1.1 christos rsa->reqlogon = true; 1968 1.1 christos key->keydata.pkey = rsa; 1969 1.1 christos 1970 1.1 christos rsa->repr = isc_mem_get(key->mctx, sizeof(*attr) * 2); 1971 1.1 christos memset(rsa->repr, 0, sizeof(*attr) * 2); 1972 1.1 christos rsa->attrcnt = 2; 1973 1.1 christos attr = rsa->repr; 1974 1.1 christos attr[0].type = CKA_MODULUS; 1975 1.1 christos attr[1].type = CKA_PUBLIC_EXPONENT; 1976 1.1 christos 1977 1.1 christos ret = pk11_parse_uri(rsa, label, key->mctx, OP_RSA); 1978 1.1 christos if (ret != ISC_R_SUCCESS) { 1979 1.1 christos goto err; 1980 1.1 christos } 1981 1.1 christos 1982 1.1 christos pk11_ctx = isc_mem_get(key->mctx, sizeof(*pk11_ctx)); 1983 1.1 christos ret = pk11_get_session(pk11_ctx, OP_RSA, true, false, rsa->reqlogon, 1984 1.1 christos NULL, rsa->slot); 1985 1.1 christos if (ret != ISC_R_SUCCESS) { 1986 1.1 christos goto err; 1987 1.1 christos } 1988 1.1 christos 1989 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_LABEL); 1990 1.1 christos if (attr == NULL) { 1991 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_ID); 1992 1.1 christos INSIST(attr != NULL); 1993 1.1 christos searchTemplate[3].type = CKA_ID; 1994 1.1 christos } 1995 1.1 christos searchTemplate[3].pValue = attr->pValue; 1996 1.1 christos searchTemplate[3].ulValueLen = attr->ulValueLen; 1997 1.1 christos 1998 1.1 christos PK11_RET(pkcs_C_FindObjectsInit, 1999 1.1 christos (pk11_ctx->session, searchTemplate, (CK_ULONG)4), 2000 1.1 christos DST_R_CRYPTOFAILURE); 2001 1.1 christos PK11_RET(pkcs_C_FindObjects, 2002 1.1 christos (pk11_ctx->session, &hKey, (CK_ULONG)1, &cnt), 2003 1.1 christos DST_R_CRYPTOFAILURE); 2004 1.1 christos (void)pkcs_C_FindObjectsFinal(pk11_ctx->session); 2005 1.1 christos if (cnt == 0) { 2006 1.1 christos DST_RET(ISC_R_NOTFOUND); 2007 1.1 christos } 2008 1.1 christos if (cnt > 1) { 2009 1.1 christos DST_RET(ISC_R_EXISTS); 2010 1.1 christos } 2011 1.1 christos 2012 1.1 christos attr = rsa->repr; 2013 1.1 christos PK11_RET(pkcs_C_GetAttributeValue, (pk11_ctx->session, hKey, attr, 2), 2014 1.1 christos DST_R_CRYPTOFAILURE); 2015 1.1 christos for (i = 0; i <= 1; i++) { 2016 1.1 christos attr[i].pValue = isc_mem_get(key->mctx, attr[i].ulValueLen); 2017 1.1 christos memset(attr[i].pValue, 0, attr[i].ulValueLen); 2018 1.1 christos } 2019 1.1 christos PK11_RET(pkcs_C_GetAttributeValue, (pk11_ctx->session, hKey, attr, 2), 2020 1.1 christos DST_R_CRYPTOFAILURE); 2021 1.1 christos 2022 1.1 christos keyClass = CKO_PRIVATE_KEY; 2023 1.1 christos PK11_RET(pkcs_C_FindObjectsInit, 2024 1.1 christos (pk11_ctx->session, searchTemplate, (CK_ULONG)4), 2025 1.1 christos DST_R_CRYPTOFAILURE); 2026 1.1 christos PK11_RET(pkcs_C_FindObjects, 2027 1.1 christos (pk11_ctx->session, &rsa->object, (CK_ULONG)1, &cnt), 2028 1.1 christos DST_R_CRYPTOFAILURE); 2029 1.1 christos (void)pkcs_C_FindObjectsFinal(pk11_ctx->session); 2030 1.1 christos if (cnt == 0) { 2031 1.1 christos DST_RET(ISC_R_NOTFOUND); 2032 1.1 christos } 2033 1.1 christos if (cnt > 1) { 2034 1.1 christos DST_RET(ISC_R_EXISTS); 2035 1.1 christos } 2036 1.1 christos 2037 1.1 christos if (engine != NULL) { 2038 1.1 christos key->engine = isc_mem_strdup(key->mctx, engine); 2039 1.1 christos } 2040 1.1 christos 2041 1.1 christos key->label = isc_mem_strdup(key->mctx, label); 2042 1.1 christos 2043 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_PUBLIC_EXPONENT); 2044 1.1 christos INSIST(attr != NULL); 2045 1.1 christos 2046 1.1 christos ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits); 2047 1.1 christos if (ret != ISC_R_SUCCESS) { 2048 1.1 christos goto err; 2049 1.1 christos } 2050 1.1 christos if (bits > RSA_MAX_PUBEXP_BITS) { 2051 1.1 christos DST_RET(ISC_R_RANGE); 2052 1.1 christos } 2053 1.1 christos 2054 1.1 christos attr = pk11_attribute_bytype(rsa, CKA_MODULUS); 2055 1.1 christos INSIST(attr != NULL); 2056 1.1 christos ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits); 2057 1.1 christos if (ret != ISC_R_SUCCESS) { 2058 1.1 christos goto err; 2059 1.1 christos } 2060 1.1 christos key->key_size = bits; 2061 1.1 christos 2062 1.1 christos pk11_return_session(pk11_ctx); 2063 1.1 christos isc_safe_memwipe(pk11_ctx, sizeof(*pk11_ctx)); 2064 1.1 christos isc_mem_put(key->mctx, pk11_ctx, sizeof(*pk11_ctx)); 2065 1.1 christos 2066 1.1 christos return (ISC_R_SUCCESS); 2067 1.1 christos 2068 1.1 christos err: 2069 1.1 christos pkcs11rsa_destroy(key); 2070 1.1 christos if (pk11_ctx != NULL) { 2071 1.1 christos pk11_return_session(pk11_ctx); 2072 1.1 christos isc_safe_memwipe(pk11_ctx, sizeof(*pk11_ctx)); 2073 1.1 christos isc_mem_put(key->mctx, pk11_ctx, sizeof(*pk11_ctx)); 2074 1.1 christos } 2075 1.1 christos 2076 1.1 christos return (ret); 2077 1.1 christos } 2078 1.1 christos 2079 1.1 christos static dst_func_t pkcs11rsa_functions = { 2080 1.1 christos pkcs11rsa_createctx, 2081 1.1 christos #ifndef PK11_RSA_PKCS_REPLACE 2082 1.1 christos pkcs11rsa_createctx2, 2083 1.1 christos #else /* ifndef PK11_RSA_PKCS_REPLACE */ 2084 1.1 christos NULL, /*%< createctx2 */ 2085 1.1 christos #endif /* ifndef PK11_RSA_PKCS_REPLACE */ 2086 1.1 christos pkcs11rsa_destroyctx, 2087 1.1 christos pkcs11rsa_adddata, 2088 1.1 christos pkcs11rsa_sign, 2089 1.1 christos pkcs11rsa_verify, 2090 1.1 christos NULL, /*%< verify2 */ 2091 1.1 christos NULL, /*%< computesecret */ 2092 1.1 christos pkcs11rsa_compare, 2093 1.1 christos NULL, /*%< paramcompare */ 2094 1.1 christos pkcs11rsa_generate, 2095 1.1 christos pkcs11rsa_isprivate, 2096 1.1 christos pkcs11rsa_destroy, 2097 1.1 christos pkcs11rsa_todns, 2098 1.1 christos pkcs11rsa_fromdns, 2099 1.1 christos pkcs11rsa_tofile, 2100 1.1 christos pkcs11rsa_parse, 2101 1.1 christos NULL, /*%< cleanup */ 2102 1.1 christos pkcs11rsa_fromlabel, 2103 1.1 christos NULL, /*%< dump */ 2104 1.1 christos NULL, /*%< restore */ 2105 1.1 christos }; 2106 1.1 christos 2107 1.1 christos isc_result_t 2108 1.1 christos dst__pkcs11rsa_init(dst_func_t **funcp) { 2109 1.1 christos REQUIRE(funcp != NULL); 2110 1.1 christos 2111 1.1 christos if (*funcp == NULL) { 2112 1.1 christos *funcp = &pkcs11rsa_functions; 2113 1.1 christos } 2114 1.1 christos return (ISC_R_SUCCESS); 2115 1.1 christos } 2116 1.1 christos 2117 1.1 christos #endif /* USE_PKCS11 */ 2118
Indexes created Sat Feb 28 05:31:39 UTC 2026