diff options
author | Guido Trotter <ultrotter@debian.org> | 2011-09-10 09:20:39 +0100 |
---|---|---|
committer | Guido Trotter <ultrotter@debian.org> | 2011-09-10 09:20:39 +0100 |
commit | 84e0d7d3e77d7f757be6f58198957d3c9ed0e688 (patch) | |
tree | e7d833da14479bf0ecc69f4e771c208289818a15 /usr/lib/pkcs11/tpm_stdll/dig_mgr.c |
opencryptoki (2.3.1+dfsg-3) unstable; urgency=low
* QA upload.
* Fix pkcs11_startup module paths (Closes: #641080)
# imported from the archive
Diffstat (limited to 'usr/lib/pkcs11/tpm_stdll/dig_mgr.c')
-rw-r--r-- | usr/lib/pkcs11/tpm_stdll/dig_mgr.c | 641 |
1 files changed, 641 insertions, 0 deletions
diff --git a/usr/lib/pkcs11/tpm_stdll/dig_mgr.c b/usr/lib/pkcs11/tpm_stdll/dig_mgr.c new file mode 100644 index 0000000..fa20f91 --- /dev/null +++ b/usr/lib/pkcs11/tpm_stdll/dig_mgr.c @@ -0,0 +1,641 @@ +/* + Common Public License Version 0.5 + + THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF + THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE, + REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES + RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. + + 1. DEFINITIONS + + "Contribution" means: + a) in the case of the initial Contributor, the + initial code and documentation distributed under + this Agreement, and + + b) in the case of each subsequent Contributor: + i) changes to the Program, and + ii) additions to the Program; + + where such changes and/or additions to the Program + originate from and are distributed by that + particular Contributor. A Contribution 'originates' + from a Contributor if it was added to the Program + by such Contributor itself or anyone acting on such + Contributor's behalf. Contributions do not include + additions to the Program which: (i) are separate + modules of software distributed in conjunction with + the Program under their own license agreement, and + (ii) are not derivative works of the Program. + + + "Contributor" means any person or entity that distributes + the Program. + + "Licensed Patents " mean patent claims licensable by a + Contributor which are necessarily infringed by the use or + sale of its Contribution alone or when combined with the + Program. + + "Program" means the Contributions distributed in + accordance with this Agreement. + + "Recipient" means anyone who receives the Program under + this Agreement, including all Contributors. + + 2. GRANT OF RIGHTS + + a) Subject to the terms of this Agreement, each + Contributor hereby grants Recipient a + non-exclusive, worldwide, royalty-free copyright + license to reproduce, prepare derivative works of, + publicly display, publicly perform, distribute and + sublicense the Contribution of such Contributor, if + any, and such derivative works, in source code and + object code form. + + b) Subject to the terms of this Agreement, each + Contributor hereby grants Recipient a + non-exclusive, worldwide, royalty-free patent + license under Licensed Patents to make, use, sell, + offer to sell, import and otherwise transfer the + Contribution of such Contributor, if any, in source + code and object code form. This patent license + shall apply to the combination of the Contribution + and the Program if, at the time the Contribution is + added by the Contributor, such addition of the + Contribution causes such combination to be covered + by the Licensed Patents. The patent license shall + not apply to any other combinations which include + the Contribution. No hardware per se is licensed + hereunder. + + c) Recipient understands that although each + Contributor grants the licenses to its + Contributions set forth herein, no assurances are + provided by any Contributor that the Program does + not infringe the patent or other intellectual + property rights of any other entity. Each + Contributor disclaims any liability to Recipient + for claims brought by any other entity based on + infringement of intellectual property rights or + otherwise. As a condition to exercising the rights + and licenses granted hereunder, each Recipient + hereby assumes sole responsibility to secure any + other intellectual property rights needed, if any. + + For example, if a third party patent license is + required to allow Recipient to distribute the + Program, it is Recipient's responsibility to + acquire that license before distributing the + Program. + + d) Each Contributor represents that to its + knowledge it has sufficient copyright rights in its + Contribution, if any, to grant the copyright + license set forth in this Agreement. + + 3. REQUIREMENTS + + A Contributor may choose to distribute the Program in + object code form under its own license agreement, provided + that: + a) it complies with the terms and conditions of + this Agreement; and + + b) its license agreement: + i) effectively disclaims on behalf of all + Contributors all warranties and conditions, express + and implied, including warranties or conditions of + title and non-infringement, and implied warranties + or conditions of merchantability and fitness for a + particular purpose; + + ii) effectively excludes on behalf of all + Contributors all liability for damages, including + direct, indirect, special, incidental and + consequential damages, such as lost profits; + + iii) states that any provisions which differ from + this Agreement are offered by that Contributor + alone and not by any other party; and + + iv) states that source code for the Program is + available from such Contributor, and informs + licensees how to obtain it in a reasonable manner + on or through a medium customarily used for + software exchange. + + When the Program is made available in source code form: + a) it must be made available under this Agreement; + and + b) a copy of this Agreement must be included with + each copy of the Program. + + Contributors may not remove or alter any copyright notices + contained within the Program. + + Each Contributor must identify itself as the originator of + its Contribution, if any, in a manner that reasonably + allows subsequent Recipients to identify the originator of + the Contribution. + + + 4. COMMERCIAL DISTRIBUTION + + Commercial distributors of software may accept certain + responsibilities with respect to end users, business + partners and the like. While this license is intended to + facilitate the commercial use of the Program, the + Contributor who includes the Program in a commercial + product offering should do so in a manner which does not + create potential liability for other Contributors. + Therefore, if a Contributor includes the Program in a + commercial product offering, such Contributor ("Commercial + Contributor") hereby agrees to defend and indemnify every + other Contributor ("Indemnified Contributor") against any + losses, damages and costs (collectively "Losses") arising + from claims, lawsuits and other legal actions brought by a + third party against the Indemnified Contributor to the + extent caused by the acts or omissions of such Commercial + Contributor in connection with its distribution of the + Program in a commercial product offering. The obligations + in this section do not apply to any claims or Losses + relating to any actual or alleged intellectual property + infringement. In order to qualify, an Indemnified + Contributor must: a) promptly notify the Commercial + Contributor in writing of such claim, and b) allow the + Commercial Contributor to control, and cooperate with the + Commercial Contributor in, the defense and any related + settlement negotiations. The Indemnified Contributor may + participate in any such claim at its own expense. + + + For example, a Contributor might include the Program in a + commercial product offering, Product X. That Contributor + is then a Commercial Contributor. If that Commercial + Contributor then makes performance claims, or offers + warranties related to Product X, those performance claims + and warranties are such Commercial Contributor's + responsibility alone. Under this section, the Commercial + Contributor would have to defend claims against the other + Contributors related to those performance claims and + warranties, and if a court requires any other Contributor + to pay any damages as a result, the Commercial Contributor + must pay those damages. + + + 5. NO WARRANTY + + EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE + PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR + IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR + CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR + FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely + responsible for determining the appropriateness of using + and distributing the Program and assumes all risks + associated with its exercise of rights under this + Agreement, including but not limited to the risks and + costs of program errors, compliance with applicable laws, + damage to or loss of data, programs or equipment, and + unavailability or interruption of operations. + + 6. DISCLAIMER OF LIABILITY + EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER + RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION + LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE + OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGES. + + 7. GENERAL + + If any provision of this Agreement is invalid or + unenforceable under applicable law, it shall not affect + the validity or enforceability of the remainder of the + terms of this Agreement, and without further action by the + parties hereto, such provision shall be reformed to the + minimum extent necessary to make such provision valid and + enforceable. + + + If Recipient institutes patent litigation against a + Contributor with respect to a patent applicable to + software (including a cross-claim or counterclaim in a + lawsuit), then any patent licenses granted by that + Contributor to such Recipient under this Agreement shall + terminate as of the date such litigation is filed. In + addition, If Recipient institutes patent litigation + against any entity (including a cross-claim or + counterclaim in a lawsuit) alleging that the Program + itself (excluding combinations of the Program with other + software or hardware) infringes such Recipient's + patent(s), then such Recipient's rights granted under + Section 2(b) shall terminate as of the date such + litigation is filed. + + All Recipient's rights under this Agreement shall + terminate if it fails to comply with any of the material + terms or conditions of this Agreement and does not cure + such failure in a reasonable period of time after becoming + aware of such noncompliance. If all Recipient's rights + under this Agreement terminate, Recipient agrees to cease + use and distribution of the Program as soon as reasonably + practicable. However, Recipient's obligations under this + Agreement and any licenses granted by Recipient relating + to the Program shall continue and survive. + + Everyone is permitted to copy and distribute copies of + this Agreement, but in order to avoid inconsistency the + Agreement is copyrighted and may only be modified in the + following manner. The Agreement Steward reserves the right + to publish new versions (including revisions) of this + Agreement from time to time. No one other than the + Agreement Steward has the right to modify this Agreement. + + IBM is the initial Agreement Steward. IBM may assign the + responsibility to serve as the Agreement Steward to a + suitable separate entity. Each new version of the + Agreement will be given a distinguishing version number. + The Program (including Contributions) may always be + distributed subject to the version of the Agreement under + which it was received. In addition, after a new version of + the Agreement is published, Contributor may elect to + distribute the Program (including its Contributions) under + the new version. Except as expressly stated in Sections + 2(a) and 2(b) above, Recipient receives no rights or + licenses to the intellectual property of any Contributor + under this Agreement, whether expressly, by implication, + estoppel or otherwise. All rights in the Program not + expressly granted under this Agreement are reserved. + + + This Agreement is governed by the laws of the State of New + York and the intellectual property laws of the United + States of America. No party to this Agreement will bring a + legal action under this Agreement more than one year after + the cause of action arose. Each party waives its rights to + a jury trial in any resulting litigation. + + + +*/ + +/* (C) COPYRIGHT International Business Machines Corp. 2001,2002 */ + + +// File: dig_mgr.c +// +// Digest manager routines +// + +#include <pthread.h> +#include <string.h> // for memcmp() et al +#include <stdlib.h> + +#include "pkcs11types.h" +#include "pkcs11/stdll.h" +#include "defs.h" +#include "host_defs.h" +#include "h_extern.h" +#include "tok_spec_struct.h" + + +// +// +CK_RV +digest_mgr_init( SESSION *sess, + DIGEST_CONTEXT *ctx, + CK_MECHANISM *mech ) +{ + CK_BYTE * ptr = NULL; + + + if (!sess || !ctx){ + st_err_log(4, __FILE__, __LINE__, __FUNCTION__); + return CKR_FUNCTION_FAILED; + } + if (ctx->active != FALSE){ + st_err_log(31, __FILE__, __LINE__); + return CKR_OPERATION_ACTIVE; + } + + // is the mechanism supported? is the parameter present if required? + // + switch (mech->mechanism) { + case CKM_SHA_1: + { + if (mech->ulParameterLen != 0){ + st_err_log(29, __FILE__, __LINE__); + return CKR_MECHANISM_PARAM_INVALID; + } + + ctx->context = NULL; + ckm_sha1_init( ctx ); + + if (!ctx->context) { + st_err_log(1, __FILE__, __LINE__); + return CKR_HOST_MEMORY; + } + } + break; + + case CKM_MD2: + { + if (mech->ulParameterLen != 0){ + st_err_log(29, __FILE__, __LINE__); + return CKR_MECHANISM_PARAM_INVALID; + } + ctx->context_len = sizeof(MD2_CONTEXT); + ctx->context = (CK_BYTE *)malloc(sizeof(MD2_CONTEXT)); + if (!ctx->context){ + st_err_log(1, __FILE__, __LINE__); + return CKR_HOST_MEMORY; + } + memset( ctx->context, 0x0, sizeof(MD2_CONTEXT) ); + } + break; + + case CKM_MD5: + { + if (mech->ulParameterLen != 0){ + st_err_log(29, __FILE__, __LINE__); + return CKR_MECHANISM_PARAM_INVALID; + } + ctx->context_len = sizeof(MD5_CONTEXT); + ctx->context = (CK_BYTE *)malloc(sizeof(MD5_CONTEXT)); + if (!ctx->context){ + st_err_log(1, __FILE__, __LINE__); + return CKR_HOST_MEMORY; + } + ckm_md5_init( (MD5_CONTEXT *)ctx->context ); + } + break; + + default: + st_err_log(28, __FILE__, __LINE__); + return CKR_MECHANISM_INVALID; + } + + + if (mech->ulParameterLen > 0) { + ptr = (CK_BYTE *)malloc(mech->ulParameterLen); + if (!ptr){ + st_err_log(1, __FILE__, __LINE__); + return CKR_HOST_MEMORY; + } + memcpy( ptr, mech->pParameter, mech->ulParameterLen ); + } + + ctx->mech.ulParameterLen = mech->ulParameterLen; + ctx->mech.mechanism = mech->mechanism; + ctx->mech.pParameter = ptr; + ctx->multi = FALSE; + ctx->active = TRUE; + + return CKR_OK; +} + + +// +// +CK_RV +digest_mgr_cleanup( DIGEST_CONTEXT *ctx ) +{ + if (!ctx){ + st_err_log(4, __FILE__, __LINE__, __FUNCTION__); + return CKR_FUNCTION_FAILED; + } + ctx->mech.ulParameterLen = 0; + ctx->mech.mechanism = 0; + ctx->multi = FALSE; + ctx->active = FALSE; + ctx->context_len = 0; + + if (ctx->mech.pParameter) { + free( ctx->mech.pParameter ); + ctx->mech.pParameter = NULL; + } + + if (ctx->context != NULL) { + free( ctx->context ); + ctx->context = NULL; + } + + return CKR_OK; +} + + + +// +// +CK_RV +digest_mgr_digest( SESSION *sess, + CK_BBOOL length_only, + DIGEST_CONTEXT *ctx, + CK_BYTE *in_data, + CK_ULONG in_data_len, + CK_BYTE *out_data, + CK_ULONG *out_data_len ) +{ + + if (!sess || !ctx){ + st_err_log(4, __FILE__, __LINE__, __FUNCTION__); + return CKR_FUNCTION_FAILED; + } + if (ctx->active == FALSE){ + st_err_log(32, __FILE__, __LINE__); + return CKR_OPERATION_NOT_INITIALIZED; + } + + // if the caller just wants the encrypted length, there is no reason to + // specify the input data. I just need the data length + // + if ((length_only == FALSE) && (!in_data || !out_data)){ + st_err_log(4, __FILE__, __LINE__, __FUNCTION__); + return CKR_FUNCTION_FAILED; + } + + if (ctx->multi == TRUE){ + st_err_log(31, __FILE__, __LINE__); + return CKR_OPERATION_ACTIVE; + } + switch (ctx->mech.mechanism) { + case CKM_SHA_1: + return sha1_hash( sess, length_only, ctx, + in_data, in_data_len, + out_data, out_data_len ); + +#if !(NOMD2 ) + case CKM_MD2: + return md2_hash( sess, length_only, ctx, + in_data, in_data_len, + out_data, out_data_len ); +#endif + + case CKM_MD5: + return md5_hash( sess, length_only, ctx, + in_data, in_data_len, + out_data, out_data_len ); + + default: + st_err_log(4, __FILE__, __LINE__, __FUNCTION__); + return CKR_FUNCTION_FAILED; // shouldn't happen + } + + st_err_log(4, __FILE__, __LINE__, __FUNCTION__); + return CKR_FUNCTION_FAILED; +} + + +// +// +CK_RV +digest_mgr_digest_update( SESSION *sess, + DIGEST_CONTEXT *ctx, + CK_BYTE *data, + CK_ULONG data_len ) +{ + if (!sess || !ctx){ + st_err_log(4, __FILE__, __LINE__, __FUNCTION__); + return CKR_FUNCTION_FAILED; + } + if (ctx->active == FALSE){ + st_err_log(32, __FILE__, __LINE__); + return CKR_OPERATION_NOT_INITIALIZED; + } + + ctx->multi = TRUE; + + switch (ctx->mech.mechanism) { + case CKM_SHA_1: + return sha1_hash_update( sess, ctx, data, data_len ); + +#if !(NOMD2) + case CKM_MD2: + return md2_hash_update( sess, ctx, data, data_len ); +#endif + + case CKM_MD5: + return md5_hash_update( sess, ctx, data, data_len ); + + default: + st_err_log(28, __FILE__, __LINE__); + return CKR_MECHANISM_INVALID; + } + + st_err_log(28, __FILE__, __LINE__); + return CKR_MECHANISM_INVALID; // shouldn't happen! +} + + +// +// +CK_RV +digest_mgr_digest_key( SESSION * sess, + DIGEST_CONTEXT * ctx, + CK_OBJECT_HANDLE key_handle ) +{ + CK_ATTRIBUTE * attr = NULL; + OBJECT * key_obj = NULL; + CK_OBJECT_CLASS class; + CK_RV rc; + + + if (!sess || !ctx){ + st_err_log(4, __FILE__, __LINE__, __FUNCTION__); + return CKR_FUNCTION_FAILED; + } + + rc = object_mgr_find_in_map1( key_handle, &key_obj ); + if (rc != CKR_OK){ + st_err_log(18, __FILE__, __LINE__); + return CKR_KEY_HANDLE_INVALID; + } + // only allow digesting of CKO_SECRET keys + // + rc = template_attribute_find( key_obj->template, CKA_CLASS, &attr ); + if (rc == FALSE) { + st_err_log(24, __FILE__, __LINE__); + return CKR_KEY_INDIGESTIBLE; + } + else + class = *(CK_OBJECT_CLASS *)attr->pValue; + + if (class != CKO_SECRET_KEY){ + st_err_log(24, __FILE__, __LINE__); + return CKR_KEY_INDIGESTIBLE; + } + + // every secret key has a CKA_VALUE attribute + // + rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr ); + if (!rc){ + st_err_log(24, __FILE__, __LINE__); + return CKR_KEY_INDIGESTIBLE; + } + rc = digest_mgr_digest_update( sess, + ctx, + attr->pValue, + attr->ulValueLen ); + if (rc != CKR_OK){ + st_err_log(24, __FILE__, __LINE__); + } + return rc; +} + + +// +// +CK_RV +digest_mgr_digest_final( SESSION *sess, + CK_BBOOL length_only, + DIGEST_CONTEXT *ctx, + CK_BYTE *hash, + CK_ULONG *hash_len ) +{ + if (!sess || !ctx){ + st_err_log(4, __FILE__, __LINE__, __FUNCTION__); + return CKR_FUNCTION_FAILED; + } + if (ctx->active == FALSE){ + st_err_log(32, __FILE__, __LINE__); + return CKR_OPERATION_NOT_INITIALIZED; + } + + /* XXX KEY - Turn off the multi flag to tell the next layer that this + * is the final part of a multi part operation. + */ + ctx->multi = FALSE; + + switch (ctx->mech.mechanism) { + case CKM_SHA_1: + return sha1_hash_final( sess, length_only, + ctx, + hash, hash_len ); + +#if !(NOMD2) + case CKM_MD2: + return md2_hash_final( sess, length_only, + ctx, + hash, hash_len ); +#endif + + case CKM_MD5: + return md5_hash_final( sess, length_only, + ctx, + hash, hash_len ); + + default: + st_err_log(28, __FILE__, __LINE__); + return CKR_MECHANISM_INVALID; // shouldn't happen + } + + st_err_log(28, __FILE__, __LINE__); + return CKR_MECHANISM_INVALID; +} |