Merged. Thanks!
regards,
Joy
On Thu, 2015-07-02 at 15:00 +0200, Harald Freudenberger wrote:
> Signed-off-by: Harald Freudenberger <fre...@linux.vnet.ibm.com>
> ---
> usr/lib/pkcs11/cca_stdll/cca_specific.c | 138
> ++++++++++++++++++++++++++++---
> usr/lib/pkcs11/cca_stdll/csulincl.h | 35 ++++++++
> 2 files changed, 160 insertions(+), 13 deletions(-)
>
> diff --git a/usr/lib/pkcs11/cca_stdll/cca_specific.c
> b/usr/lib/pkcs11/cca_stdll/cca_specific.c
> index 893b33c..9a649d0 100644
> --- a/usr/lib/pkcs11/cca_stdll/cca_specific.c
> +++ b/usr/lib/pkcs11/cca_stdll/cca_specific.c
> @@ -65,20 +65,20 @@ MECH_LIST_ELEMENT mech_list[] = {
> {CKM_AES_CBC_PAD, {16, 32, CKF_HW|CKF_ENCRYPT|CKF_DECRYPT|CKF_WRAP|
> CKF_UNWRAP}},
> {CKM_SHA512, {0, 0, CKF_HW|CKF_DIGEST}},
> - {CKM_SHA512_HMAC, {0, 0, CKF_SIGN|CKF_VERIFY}},
> - {CKM_SHA512_HMAC_GENERAL, {0, 0, CKF_SIGN|CKF_VERIFY}},
> + {CKM_SHA512_HMAC, {80, 2048, CKF_SIGN|CKF_VERIFY}},
> + {CKM_SHA512_HMAC_GENERAL, {80, 2048, CKF_SIGN|CKF_VERIFY}},
> {CKM_SHA384, {0, 0, CKF_HW|CKF_DIGEST}},
> - {CKM_SHA384_HMAC, {0, 0, CKF_SIGN|CKF_VERIFY}},
> - {CKM_SHA384_HMAC_GENERAL, {0, 0, CKF_SIGN|CKF_VERIFY}},
> + {CKM_SHA384_HMAC, {80, 2048, CKF_SIGN|CKF_VERIFY}},
> + {CKM_SHA384_HMAC_GENERAL, {80, 2048, CKF_SIGN|CKF_VERIFY}},
> {CKM_SHA256, {0, 0, CKF_HW|CKF_DIGEST}},
> - {CKM_SHA256_HMAC, {0, 0, CKF_SIGN|CKF_VERIFY}},
> - {CKM_SHA256_HMAC_GENERAL, {0, 0, CKF_SIGN|CKF_VERIFY}},
> + {CKM_SHA256_HMAC, {80, 2048, CKF_SIGN|CKF_VERIFY}},
> + {CKM_SHA256_HMAC_GENERAL, {80, 2048, CKF_SIGN|CKF_VERIFY}},
> {CKM_SHA_1, {0, 0, CKF_DIGEST}},
> - {CKM_SHA_1_HMAC, {0, 0, CKF_SIGN|CKF_VERIFY}},
> - {CKM_SHA_1_HMAC_GENERAL, {0, 0, CKF_SIGN|CKF_VERIFY}},
> + {CKM_SHA_1_HMAC, {80, 2048, CKF_SIGN|CKF_VERIFY}},
> + {CKM_SHA_1_HMAC_GENERAL, {80, 2048, CKF_SIGN|CKF_VERIFY}},
> {CKM_MD5, {0, 0, CKF_DIGEST}},
> - {CKM_MD5_HMAC, {0, 0, CKF_SIGN|CKF_VERIFY}},
> - {CKM_MD5_HMAC_GENERAL, {0, 0, CKF_SIGN|CKF_VERIFY}},
> + {CKM_MD5_HMAC, {80, 2048, CKF_SIGN|CKF_VERIFY}},
> + {CKM_MD5_HMAC_GENERAL, {80, 2048, CKF_SIGN|CKF_VERIFY}},
> {CKM_EC_KEY_PAIR_GEN, {160, 521, CKF_HW|CKF_GENERATE_KEY_PAIR|
> CKF_EC_NAMEDCURVE|CKF_EC_F_P}},
> {CKM_ECDSA, {160, 521, CKF_HW|CKF_SIGN|CKF_VERIFY|CKF_EC_NAMEDCURVE|
> @@ -1028,7 +1028,7 @@ token_specific_aes_ecb(CK_BYTE *in_data,
> return CKR_FUNCTION_FAILED;
> }
>
> - key_len = 64;
> + key_len = attr->ulValueLen;
> rule_array_count = 4;
> memcpy(rule_array, "AES ECB KEYIDENTINITIAL ",
> rule_array_count*(size_t)CCA_KEYWORD_SIZE);
> @@ -1145,7 +1145,7 @@ token_specific_aes_cbc(CK_BYTE *in_data,
> }
>
> length = in_data_len;
> - key_len = 64;
> + key_len = attr->ulValueLen;
> if (encrypt) {
> CSNBSAE(&return_code,
> &reason_code,
> @@ -2445,9 +2445,99 @@ static CK_RV import_des_key(unsigned char *key,
> CK_ULONG keylen,
> return CKR_OK;
> }
>
> -CK_RV token_specific_object_add(OBJECT *object)
> +static CK_RV import_generic_secret_key(unsigned char *key, CK_ULONG keylen,
> + TEMPLATE *obj_tmpl)
> {
> + CK_RV rc;
> + long return_code, reason_code, rule_array_count;
> + unsigned char key_token[CCA_KEY_TOKEN_SIZE] = { 0 };
> + unsigned char rule_array[CCA_RULE_ARRAY_SIZE] = { 0 };
> + long key_name_len = 0, clr_key_len = 0;
> + long user_data_len = 0, key_part_len = 0;
> + long token_data_len = 0, verb_data_len = 0;
> + long key_token_len = sizeof(key_token);
> + CK_ATTRIBUTE *opaque_key = NULL;
> +
> + /* key len needs to be 80-2048 bits */
> + if (8*keylen < 80 || 8*keylen > 2048) {
> + TRACE_ERROR("HMAC key size of %lu bits not within"
> + " CCA required range of 80-2048 bits\n",
> + 8*keylen);
> + return CKR_KEY_SIZE_RANGE;
> + }
> +
> + memcpy(rule_array,
> + "INTERNALNO-KEY HMAC MAC GENERATE",
> + 5 * CCA_KEYWORD_SIZE);
> + rule_array_count = 5;
> +
> + CSNBKTB2( &return_code, &reason_code,
> + NULL, NULL,
> + &rule_array_count, rule_array,
> + &clr_key_len, NULL,
> + &key_name_len, NULL,
> + &user_data_len, NULL,
> + &token_data_len, NULL,
> + &verb_data_len, NULL,
> + &key_token_len, key_token );
> + if (return_code != CCA_SUCCESS) {
> + TRACE_ERROR("CSNBKTB2 (HMAC KEY TOKEN BUILD) failed."
> + " return:%ld, reason:%ld\n",
> + return_code, reason_code);
> + return CKR_FUNCTION_FAILED;
> + }
> +
> + memcpy(rule_array, "HMAC FIRST MIN1PART", 3 * CCA_KEYWORD_SIZE);
> + rule_array_count = 3;
> + key_part_len = keylen * 8;
> + key_token_len = sizeof(key_token);
> +
> + CSNBKPI2( &return_code, &reason_code,
> + NULL, NULL,
> + &rule_array_count, rule_array,
> + &key_part_len, key,
> + &key_token_len, key_token );
> + if (return_code != CCA_SUCCESS) {
> + TRACE_ERROR("CSNBKPI2 (HMAC KEY IMPORT FIRST) failed."
> + " return:%ld, reason:%ld\n",
> + return_code, reason_code);
> + return CKR_FUNCTION_FAILED;
> + }
> +
> + memcpy(rule_array, "HMAC COMPLETE", 2 * CCA_KEYWORD_SIZE);
> + rule_array_count = 2;
> + key_part_len = 0;
> + key_token_len = sizeof(key_token);
> +
> + CSNBKPI2( &return_code, &reason_code,
> + NULL, NULL,
> + &rule_array_count, rule_array,
> + &key_part_len, NULL,
> + &key_token_len, key_token );
> + if (return_code != CCA_SUCCESS) {
> + TRACE_ERROR("CSNBKPI2 (HMAC KEY IMPORT COMPLETE) failed."
> + " return:%ld, reason:%ld\n",
> + return_code, reason_code);
> + return CKR_FUNCTION_FAILED;
> + }
>
> + /* Add the key object to the template */
> + if ((rc = build_attribute(CKA_IBM_OPAQUE, key_token,
> + key_token_len, &opaque_key))) {
> + TRACE_DEVEL("build_attribute(CKA_IBM_OPAQUE) failed\n");
> + return rc;
> + }
> + rc = template_update_attribute(obj_tmpl, opaque_key);
> + if (rc != CKR_OK) {
> + TRACE_DEVEL("template_update_attribute(CKA_IBM_OPAQUE)
> failed\n");
> + return rc;
> + }
> +
> + return CKR_OK;
> +}
> +
> +CK_RV token_specific_object_add(OBJECT *object)
> +{
> CK_RV rc;
> CK_ATTRIBUTE *attr;
> CK_KEY_TYPE keytype;
> @@ -2527,6 +2617,28 @@ CK_RV token_specific_object_add(OBJECT *object)
> }
> TRACE_INFO("AES key with len=%ld successful imported\n",
> attr->ulValueLen);
>
> + } else if (keytype == CKK_GENERIC_SECRET) {
> +
> + rc = template_attribute_find(object->template, CKA_VALUE,
> &attr);
> + if (rc == FALSE) {
> + TRACE_ERROR("Incomplete Generic Secret (HMAC) key
> template\n");
> + return CKR_TEMPLATE_INCOMPLETE;
> + }
> + rc = import_generic_secret_key(attr->pValue, attr->ulValueLen,
> + object->template);
> + if (rc != CKR_OK) {
> + TRACE_DEVEL("Generic Secret (HMAC) key import failed
> with rc=0x%lx\n", rc);
> + return CKR_FUNCTION_FAILED;
> + }
> + TRACE_INFO("Generic Secret (HMAC) key with len=%ld successful
> imported\n",
> + attr->ulValueLen);
> +
> + } else {
> +
> + /* unknown/unsupported key type */
> + TRACE_ERROR("Unknown/unsupported key type 0x%lx\n", keytype);
> + return CKR_KEY_FUNCTION_NOT_PERMITTED;
> +
> }
>
> return CKR_OK;
> diff --git a/usr/lib/pkcs11/cca_stdll/csulincl.h
> b/usr/lib/pkcs11/cca_stdll/csulincl.h
> index 6fbf686..b189c29 100644
> --- a/usr/lib/pkcs11/cca_stdll/csulincl.h
> +++ b/usr/lib/pkcs11/cca_stdll/csulincl.h
> @@ -34,6 +34,7 @@
> #define CSNBKGN CSNBKGN_32
> #define CSNBKIM CSNBKIM_32
> #define CSNBKPI CSNBKPI_32
> + #define CSNBKPI2 CSNBKPI2_32
> #define CSNBKRC CSNBKRC_32
> #define CSNBAKRC CSNBAKRC_32
> #define CSNBKRD CSNBKRD_32
> @@ -55,6 +56,7 @@
> #define CSNBMGN CSNBMGN_32
> #define CSNBMVR CSNBMVR_32
> #define CSNBKTB CSNBKTB_32
> + #define CSNBKTB2 CSNBKTB2_32
> #define CSNDPKG CSNDPKG_32
> #define CSNDPKB CSNDPKB_32
> #define CSNBOWH CSNBOWH_32
> @@ -218,6 +220,19 @@ extern void SECURITYAPI
> unsigned char * key_part,
> unsigned char * key_identifier);
>
> +/* Key Part Import2 */
> +extern void SECURITYAPI
> + CSNBKPI2_32(long * return_code,
> + long * reason_code,
> + long * exit_data_length,
> + unsigned char * exit_data,
> + long * rule_array_count,
> + unsigned char * rule_array,
> + long * clear_key_part_length,
> + unsigned char * clear_key_part,
> + long * key_identifier_length,
> + unsigned char * key_identifier);
> +
> /* Key Storage Initialization */
> extern void SECURITYAPI
> CSNBKSI_32(long * return_code,
> @@ -527,6 +542,26 @@ extern void SECURITYAPI
> unsigned char * reserved_field_6,
> unsigned char * master_key_verification_number );
>
> +/* Key Token Build2 */
> +extern void SECURITYAPI
> + CSNBKTB2_32(long * return_code,
> + long * reason_code,
> + long * exit_data_length,
> + unsigned char * exit_data,
> + long * rule_array_count,
> + unsigned char * rule_array,
> + long * clear_key_bit_length,
> + unsigned char * clear_key_value,
> + long * key_name_length,
> + unsigned char * key_name,
> + long * user_associated_data_length,
> + unsigned char * user_associated_data,
> + long * token_data_length,
> + unsigned char * token_data,
> + long * reserved_length,
> + unsigned char * reserved,
> + long * target_key_token_length,
> + unsigned char * target_key_token);
>
> /* PKA Key Generate */
> extern void SECURITYAPI
------------------------------------------------------------------------------
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________
Opencryptoki-tech mailing list
Opencryptoki-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
