Skip to content

Commit

Permalink
Cleaned up and created a new function for generic key generation
Browse files Browse the repository at this point in the history
  • Loading branch information
David Dobmeier committed Mar 2, 2018
1 parent 5f0e546 commit 0393f7a
Show file tree
Hide file tree
Showing 2 changed files with 127 additions and 101 deletions.
217 changes: 116 additions & 101 deletions src/lib/SoftHSM.cpp
View file
Expand Up @@ -5639,107 +5639,7 @@ CK_RV SoftHSM::C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha

if (pMechanism->mechanism == CKM_GENERIC_SECRET_KEY_GEN)
{
const CK_ULONG maxAttribs = 32;
CK_ATTRIBUTE keyAttribs[maxAttribs] = {
{ CKA_CLASS, &objClass, sizeof(objClass) },
{ CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
{ CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
{ CKA_KEY_TYPE, &keyType, sizeof(keyType) },
};
CK_ULONG keyAttribsCount = 4;
CK_ULONG gen_key_len = 0;
// Add the additional
if (ulCount > (maxAttribs - keyAttribsCount))
rv = CKR_TEMPLATE_INCONSISTENT;
for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
{
switch (pTemplate[i].type)
{
case CKA_CLASS:
case CKA_TOKEN:
case CKA_PRIVATE:
case CKA_KEY_TYPE:
case CKA_CHECK_VALUE:
continue;

case CKA_VALUE_LEN:
if (pTemplate[i].ulValueLen != sizeof(CK_ULONG))
{
INFO_MSG("CKA_VALUE_LEN does not have the size of CK_ULONG");
return CKR_ATTRIBUTE_VALUE_INVALID;
}
gen_key_len = *(CK_ULONG*)pTemplate[i].pValue;
keyAttribs[keyAttribsCount++] = pTemplate[i];
break;
default:
keyAttribs[keyAttribsCount++] = pTemplate[i];
}
}
CK_RV rv = CKR_OK;

CK_BYTE val[gen_key_len];
rv = C_GenerateRandom(hSession, val, gen_key_len);

if (keyType == CKK_GOST28147)
{
rv = CreateObject(hSession, keyAttribs, keyAttribsCount, phKey, OBJECT_OP_GENERATE);
}
else
{
rv = CreateObject(hSession, keyAttribs, keyAttribsCount, phKey, OBJECT_OP_GENERATE);
}

Session* session = (Session*)handleManager->getSession(hSession);
if (session == NULL)
return CKR_SESSION_HANDLE_INVALID;

// Get the token
Token* token = session->getToken();
if (token == NULL)
return CKR_GENERAL_ERROR;

// Store the attributes that are being supplied
if (rv == CKR_OK)
{
OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
if (osobject == NULL_PTR || !osobject->isValid()) {
rv = CKR_FUNCTION_FAILED;
} else if (osobject->startTransaction()) {
bool bOK = true;

// Common Attributes
bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_GENERIC_SECRET_KEY_GEN;
bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

// Common Secret Key Attributes
bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);

ByteString rawval = ByteString(val, gen_key_len);
ByteString value;
if (isPrivate)
{
token->encrypt(rawval, value);
}
else
{
value = rawval;
}
bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
if (bOK)
bOK = osobject->commitTransaction();
else
osobject->abortTransaction();

if (!bOK)
rv = CKR_FUNCTION_FAILED;
} else
rv = CKR_FUNCTION_FAILED;
}
return rv;
return this->generateGeneric(hSession, pTemplate, ulCount, phKey, isOnToken, isPrivate, objClass, keyType);
}

return CKR_GENERAL_ERROR;
Expand Down Expand Up @@ -6986,6 +6886,121 @@ CK_RV SoftHSM::C_WaitForSlotEvent(CK_FLAGS /*flags*/, CK_SLOT_ID_PTR /*pSlot*/,
return CKR_FUNCTION_NOT_SUPPORTED;
}

CK_RV SoftHSM::generateGeneric
(CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phKey,
CK_BBOOL isOnToken,
CK_BBOOL isPrivate,
CK_OBJECT_CLASS objClass,
CK_KEY_TYPE keyType)
{
const CK_ULONG maxAttribs = 32;
CK_ATTRIBUTE keyAttribs[maxAttribs] = {
{ CKA_CLASS, &objClass, sizeof(objClass) },
{ CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
{ CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
{ CKA_KEY_TYPE, &keyType, sizeof(keyType) },
};
CK_ULONG keyAttribsCount = 4;
CK_ULONG gen_key_len = 0;
CK_RV rv = CKR_OK;
// Add the additional
if (ulCount > (maxAttribs - keyAttribsCount))
rv = CKR_TEMPLATE_INCONSISTENT;
for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
{
switch (pTemplate[i].type)
{
case CKA_CLASS:
case CKA_TOKEN:
case CKA_PRIVATE:
case CKA_KEY_TYPE:
case CKA_CHECK_VALUE:
continue;

case CKA_VALUE_LEN:
if (pTemplate[i].ulValueLen != sizeof(CK_ULONG))
{
INFO_MSG("CKA_VALUE_LEN does not have the size of CK_ULONG");
return CKR_ATTRIBUTE_VALUE_INVALID;
}
gen_key_len = *(CK_ULONG*)pTemplate[i].pValue;
keyAttribs[keyAttribsCount++] = pTemplate[i];
break;
default:
keyAttribs[keyAttribsCount++] = pTemplate[i];
}
}

CK_BYTE val[gen_key_len];
rv = C_GenerateRandom(hSession, val, gen_key_len);
if (rv == CKR_OK)
{
if (keyType == CKK_GOST28147)
{
rv = CreateObject(hSession, keyAttribs, keyAttribsCount, phKey, OBJECT_OP_GENERATE);
}
else
{
rv = CreateObject(hSession, keyAttribs, keyAttribsCount, phKey, OBJECT_OP_GENERATE);
}
}

Session* session = (Session*)handleManager->getSession(hSession);
if (session == NULL)
return CKR_SESSION_HANDLE_INVALID;

// Get the token
Token* token = session->getToken();
if (token == NULL)
return CKR_GENERAL_ERROR;

// Store the attributes that are being supplied
if (rv == CKR_OK)
{
OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
if (osobject == NULL_PTR || !osobject->isValid()) {
rv = CKR_FUNCTION_FAILED;
} else if (osobject->startTransaction()) {
bool bOK = true;

// Common Attributes
bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_GENERIC_SECRET_KEY_GEN;
bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

// Common Secret Key Attributes
bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);

ByteString rawval = ByteString(val, gen_key_len);
ByteString value;
if (isPrivate)
{
token->encrypt(rawval, value);
}
else
{
value = rawval;
}
bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
if (bOK)
bOK = osobject->commitTransaction();
else
osobject->abortTransaction();

if (!bOK)
rv = CKR_FUNCTION_FAILED;
} else
rv = CKR_FUNCTION_FAILED;
}
return rv;
}

// Generate an AES secret key
CK_RV SoftHSM::generateAES
(CK_SESSION_HANDLE hSession,
Expand Down
11 changes: 11 additions & 0 deletions src/lib/SoftHSM.h
View file
Expand Up @@ -327,6 +327,17 @@ class SoftHSM
CK_BBOOL isPrivateKeyOnToken,
CK_BBOOL isPrivateKeyPrivate
);
CK_RV generateGeneric
(
CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phKey,
CK_BBOOL isOnToken,
CK_BBOOL isPrivate,
CK_OBJECT_CLASS objClass,
CK_KEY_TYPE keyType
);
CK_RV deriveDH
(
CK_SESSION_HANDLE hSession,
Expand Down

0 comments on commit 0393f7a

Please sign in to comment.