2 * Copyright (c) 2011 .SE (The Internet Infrastructure Foundation)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 /*****************************************************************************
30 This file contains classes for controlling attributes
31 *****************************************************************************/
34 #include "P11Attributes.h"
35 #include "ByteString.h"
36 #include "CryptoFactory.h"
43 P11Attribute::P11Attribute(OSObject* inobject)
46 type = CKA_VENDOR_DEFINED;
52 P11Attribute::~P11Attribute()
56 CK_RV P11Attribute::updateAttr(Token *token, bool isPrivate, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
61 if (!token->encrypt(ByteString((unsigned char*)pValue, ulValueLen),value))
62 return CKR_GENERAL_ERROR;
65 value = ByteString((unsigned char*)pValue, ulValueLen);
66 if (value.size() < ulValueLen)
67 return CKR_GENERAL_ERROR;
68 osobject->setAttribute(type, value);
72 bool P11Attribute::isModifiable()
74 // Get the CKA_MODIFIABLE attribute, when the attribute is
75 // not present return the default value which is CK_TRUE.
76 if (!osobject->attributeExists(CKA_MODIFIABLE)) return true;
78 return osobject->getBooleanValue(CKA_MODIFIABLE, true);
81 bool P11Attribute::isSensitive()
83 // Get the CKA_SENSITIVE attribute, when the attribute is not present
84 // assume the object is not sensitive.
85 if (!osobject->attributeExists(CKA_SENSITIVE)) return false;
87 return osobject->getBooleanValue(CKA_SENSITIVE, false);
90 bool P11Attribute::isExtractable()
92 // Get the CKA_EXTRACTABLE attribute, when the attribute is
93 // not present assume the object allows extraction.
94 if (!osobject->attributeExists(CKA_EXTRACTABLE)) return true;
96 return osobject->getBooleanValue(CKA_EXTRACTABLE, true);
99 bool P11Attribute::isTrusted()
101 // Get the CKA_TRUSTED attribute, when the attribute is
102 // not present assume the object is not trusted.
103 if (!osobject->attributeExists(CKA_TRUSTED)) return false;
105 return osobject->getBooleanValue(CKA_TRUSTED, false);
108 // Initialize the attribute
109 bool P11Attribute::init()
111 if (osobject == NULL) return false;
113 // Create a default value if the attribute does not exist
114 if (osobject->attributeExists(type) == false)
122 // Return the attribute type
123 CK_ATTRIBUTE_TYPE P11Attribute::getType()
128 // Return the attribute checks
129 CK_ATTRIBUTE_TYPE P11Attribute::getChecks()
134 // Retrieve a template map
135 static CK_RV retrieveAttributeMap(CK_ATTRIBUTE_PTR pTemplate, const std::map<CK_ATTRIBUTE_TYPE,OSAttribute>& map)
139 for (size_t i = 0; i < map.size(); ++i)
141 if (pTemplate[i].pValue == NULL_PTR)
145 // Caller wants type & size
146 if (nullcnt == map.size())
148 std::map<CK_ATTRIBUTE_TYPE,OSAttribute>::const_iterator a = map.begin();
149 for (size_t i = 0; i < map.size(); ++i, ++a)
151 pTemplate[i].type = a->first;
152 const OSAttribute& attr = a->second;
153 if (attr.isBooleanAttribute())
155 pTemplate[i].ulValueLen = sizeof(CK_BBOOL);
157 else if (attr.isUnsignedLongAttribute())
159 pTemplate[i].ulValueLen = sizeof(CK_ULONG);
161 else if (attr.isByteStringAttribute())
163 pTemplate[i].ulValueLen = attr.getByteStringValue().size();
168 ERROR_MSG("Internal error: bad attribute in attribute map");
170 return CKR_GENERAL_ERROR;
177 // Callers wants to get values
178 for (size_t i = 0; i < map.size(); ++i)
180 std::map<CK_ATTRIBUTE_TYPE,OSAttribute>::const_iterator a = map.find(pTemplate[i].type);
183 pTemplate[i].ulValueLen = CK_UNAVAILABLE_INFORMATION;
184 return CKR_ATTRIBUTE_TYPE_INVALID;
186 const OSAttribute& attr = a->second;
187 if (attr.isBooleanAttribute())
189 if (pTemplate[i].ulValueLen < sizeof(CK_BBOOL))
191 pTemplate[i].ulValueLen = CK_UNAVAILABLE_INFORMATION;
192 return CKR_BUFFER_TOO_SMALL;
194 pTemplate[i].ulValueLen = sizeof(CK_BBOOL);
195 *(CK_BBOOL*)pTemplate[i].pValue = attr.getBooleanValue() ? CK_TRUE : CK_FALSE;
197 else if (attr.isUnsignedLongAttribute())
199 if (pTemplate[i].ulValueLen < sizeof(CK_ULONG))
201 pTemplate[i].ulValueLen= CK_UNAVAILABLE_INFORMATION;
202 return CKR_BUFFER_TOO_SMALL;
204 pTemplate[i].ulValueLen = sizeof(CK_ULONG);
205 *(CK_ULONG_PTR)pTemplate[i].pValue= attr.getUnsignedLongValue();
207 else if (attr.isByteStringAttribute())
209 ByteString value = attr.getByteStringValue();
210 if (pTemplate[i].ulValueLen < value.size())
212 pTemplate[i].ulValueLen= CK_UNAVAILABLE_INFORMATION;
213 return CKR_BUFFER_TOO_SMALL;
215 pTemplate[i].ulValueLen = value.size();
216 memcpy(pTemplate[i].pValue, value.const_byte_str(), value.size());
221 ERROR_MSG("Internal error: bad attribute in attribute map");
223 return CKR_GENERAL_ERROR;
230 // Retrieve the value if allowed
231 CK_RV P11Attribute::retrieve(Token *token, bool isPrivate, CK_VOID_PTR pValue, CK_ULONG_PTR pulValueLen)
234 if (osobject == NULL) {
235 ERROR_MSG("Internal error: osobject field contains NULL_PTR");
236 return CKR_GENERAL_ERROR;
239 if (pulValueLen == NULL) {
240 ERROR_MSG("Internal error: pulValueLen contains NULL_PTR");
241 return CKR_GENERAL_ERROR;
244 // [PKCS#11 v2.40, C_GetAttributeValue]
245 // 1. If the specified attribute (i.e., the attribute specified by the
246 // type field) for the object cannot be revealed because the object
247 // is sensitive or unextractable, then the ulValueLen field in that
248 // triple is modified to hold the value CK_UNAVAILABLE_INFORMATION.
250 // [PKCS#11 v2.40, 4.2 Common attributes, table 10]
251 // 7 Cannot be revealed if object has its CKA_SENSITIVE attribute
252 // set to CK_TRUE or its CKA_EXTRACTABLE attribute set to CK_FALSE.
253 if ((checks & ck7) == ck7 && (isSensitive() || !isExtractable())) {
254 *pulValueLen = CK_UNAVAILABLE_INFORMATION;
255 return CKR_ATTRIBUTE_SENSITIVE;
258 // Retrieve the lower level attribute.
259 if (!osobject->attributeExists(type)) {
260 // Should be impossible.
261 ERROR_MSG("Internal error: attribute not present");
262 return CKR_GENERAL_ERROR;
264 OSAttribute attr = osobject->getAttribute(type);
266 // Get the actual attribute size.
267 CK_ULONG attrSize = size;
268 if (size == (CK_ULONG)-1)
270 // We don't have a fixed size attribute so we need to consult
271 // the lower level attribute for the exact size.
273 // Lower level attribute has to be variable sized.
274 if (attr.isByteStringAttribute())
276 if (isPrivate && attr.getByteStringValue().size() != 0)
279 if (!token->decrypt(attr.getByteStringValue(),value))
281 ERROR_MSG("Internal error: failed to decrypt private attribute value");
282 return CKR_GENERAL_ERROR;
284 attrSize = value.size();
287 attrSize = attr.getByteStringValue().size();
289 else if (attr.isMechanismTypeSetAttribute())
291 attrSize = attr.getMechanismTypeSetValue().size() * sizeof(CK_MECHANISM_TYPE);
293 else if (attr.isAttributeMapAttribute())
295 attrSize = attr.getAttributeMapValue().size() * sizeof(CK_ATTRIBUTE);
299 // Should be impossible.
300 ERROR_MSG("Internal error: attribute has fixed size");
301 return CKR_GENERAL_ERROR;
305 // [PKCS#11 v2.40, C_GetAttributeValue]
306 // 3. Otherwise, if the pValue field has the value NULL_PTR, then the
307 // ulValueLen field is modified to hold the exact length of the
308 // specified attribute for the object.
309 if (pValue == NULL_PTR) {
310 // Return the size of the attribute.
311 *pulValueLen = attrSize;
315 // [PKCS#11 v2.40, C_GetAttributeValue]
316 // 4. Otherwise, if the length specified in ulValueLen is large enough
317 // to hold the value of the specified attribute for the object, then
318 // that attribute is copied into the buffer located at pValue, and
319 // the ulValueLen field is modified to hold the exact length of the
321 if (*pulValueLen >= attrSize)
323 // Only copy when there is actually something to copy
326 if (attr.isUnsignedLongAttribute()) {
327 *(CK_ULONG_PTR)pValue = attr.getUnsignedLongValue();
329 else if (attr.isBooleanAttribute())
331 *(CK_BBOOL*)pValue = attr.getBooleanValue() ? CK_TRUE : CK_FALSE;
333 else if (attr.isByteStringAttribute())
335 if (isPrivate && attr.getByteStringValue().size() != 0)
338 if (!token->decrypt(attr.getByteStringValue(),value))
340 ERROR_MSG("Internal error: failed to decrypt private attribute value");
341 return CKR_GENERAL_ERROR;
343 const unsigned char* attrPtr = value.const_byte_str();
344 memcpy(pValue,attrPtr,attrSize);
346 else if (attr.getByteStringValue().size() != 0)
348 const unsigned char* attrPtr = attr.getByteStringValue().const_byte_str();
349 memcpy(pValue,attrPtr,attrSize);
352 else if (attr.isMechanismTypeSetAttribute())
354 CK_MECHANISM_TYPE_PTR pTemplate = (CK_MECHANISM_TYPE_PTR) pValue;
357 std::set<CK_MECHANISM_TYPE> set = attr.getMechanismTypeSetValue();
358 for (std::set<CK_MECHANISM_TYPE>::const_iterator it = set.begin(); it != set.end(); ++it)
359 pTemplate[++i] = *it;
363 // attr is already retrieved and verified to be an Attribute Map
364 rv = retrieveAttributeMap((CK_ATTRIBUTE_PTR)pValue, attr.getAttributeMapValue());
366 *pulValueLen = attrSize;
370 // [PKCS#11 v2.40, C_GetAttributeValue]
371 // 5. Otherwise, the ulValueLen field is modified to hold the value CK_UNAVAILABLE_INFORMATION.
372 *pulValueLen = CK_UNAVAILABLE_INFORMATION;
373 return CKR_BUFFER_TOO_SMALL;
376 // Update the value if allowed
377 CK_RV P11Attribute::update(Token* token, bool isPrivate, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
379 if (osobject == NULL) {
380 ERROR_MSG("Internal error: osobject field contains NULL_PTR");
381 return CKR_GENERAL_ERROR;
384 // [PKCS#11 v2.40, 4.1.1 Creating objects]
385 // 2. If the supplied template specifies an invalid value for a valid attribute, then the
386 // attempt should fail with the error code CKR_ATTRIBUTE_VALUE_INVALID.
387 // The valid values for Cryptoki attributes are described in the Cryptoki specification.
389 // Check for null pointers in values.
390 if (pValue == NULL_PTR && ulValueLen != 0) {
391 ERROR_MSG("The attribute is a NULL_PTR but has a non-zero length")
392 return CKR_ATTRIBUTE_VALUE_INVALID;
395 // For fixed sized attributes check that the size matches.
396 if (size != ((CK_ULONG)-1) && size != ulValueLen) {
397 ERROR_MSG("The attribute size is different from the expected size")
398 return CKR_ATTRIBUTE_VALUE_INVALID;
401 // [PKCS#11 v2.40, 4.1.1 Creating objects] OBJECT_OP_CREATE | OBJECT_OP_SET | OBJECT_OP_COPY
402 // 3. If the supplied template specifies a value for a read-only attribute, then the attempt
403 // should fail with the error code CKR_ATTRIBUTE_READ_ONLY.
404 // Whether or not a given Cryptoki attribute is read-only is explicitly stated in the Cryptoki
405 // specification; however, a particular library and token may be even more restrictive than
406 // Cryptoki specifies. In other words, an attribute which Cryptoki says is not read-only may
407 // nonetheless be read-only under certain circumstances (i.e., in conjunction with some
408 // combinations of other attributes) for a particular library and token. Whether or not a
409 // given non-Cryptoki attribute is read-only is obviously outside the scope of Cryptoki.
411 // Attributes cannot be changed if CKA_MODIFIABLE is set to false
412 if (!isModifiable() && op != OBJECT_OP_GENERATE && op != OBJECT_OP_CREATE) {
413 ERROR_MSG("An object is with CKA_MODIFIABLE set to false is not modifiable");
414 return CKR_ATTRIBUTE_READ_ONLY;
417 // Attributes cannot be modified if CKA_TRUSTED is true on a certificate object.
418 if (isTrusted() && op != OBJECT_OP_GENERATE && op != OBJECT_OP_CREATE) {
419 if (osobject->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) == CKO_CERTIFICATE)
421 ERROR_MSG("A trusted certificate cannot be modified");
422 return CKR_ATTRIBUTE_READ_ONLY;
426 // ck2 MUST not be specified when object is created with C_CreateObject.
427 if ((checks & ck2) == ck2)
429 if (OBJECT_OP_CREATE==op)
431 ERROR_MSG("Prohibited attribute was passed to object creation function");
432 return CKR_ATTRIBUTE_READ_ONLY;
436 // ck4 MUST not be specified when object is generated with C_GenerateKey or C_GenerateKeyPair.
437 if ((checks & ck4) == ck4)
439 if (OBJECT_OP_GENERATE==op)
441 ERROR_MSG("Prohibited attribute was passed to key generation function");
442 return CKR_ATTRIBUTE_READ_ONLY;
446 // ck6 MUST not be specified when object is unwrapped with C_UnwrapKey.
447 if ((checks & ck6) == ck6)
449 if (OBJECT_OP_UNWRAP==op)
451 ERROR_MSG("Prohibited attribute was passed to key unwrapping function");
452 return CKR_ATTRIBUTE_READ_ONLY;
456 // ck8 May be modified after object is created with a C_SetAttributeValue call
457 // or in the process of copying an object with a C_CopyObject call.
458 // However, it is possible that a particular token may not permit modification of
459 // the attribute during the course of a C_CopyObject call.
460 if ((checks & ck8) == ck8)
462 if (OBJECT_OP_SET==op || OBJECT_OP_COPY==op)
464 return updateAttr(token, isPrivate, pValue, ulValueLen, op);
468 // ck17 Can be changed in the process of copying the object using C_CopyObject.
469 if ((checks & ck17) == ck17)
471 if (OBJECT_OP_COPY==op)
473 return updateAttr(token, isPrivate, pValue, ulValueLen, op);
477 // For attributes that have not been explicitly excluded from modification
478 // during create/derive/generate/unwrap, we allow them to be modified.
479 if (OBJECT_OP_CREATE==op || OBJECT_OP_DERIVE==op || OBJECT_OP_GENERATE==op || OBJECT_OP_UNWRAP==op)
481 return updateAttr(token, isPrivate, pValue, ulValueLen, op);
484 return CKR_ATTRIBUTE_READ_ONLY;
487 /*****************************************
489 *****************************************/
492 bool P11AttrClass::setDefault()
494 OSAttribute attrClass((unsigned long)CKO_VENDOR_DEFINED);
495 return osobject->setAttribute(type, attrClass);
498 // Update the value if allowed
499 CK_RV P11AttrClass::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
501 // Attribute specific checks
503 if (ulValueLen !=sizeof(CK_ULONG))
505 return CKR_ATTRIBUTE_VALUE_INVALID;
508 if (osobject->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) != *(CK_ULONG*)pValue)
510 return CKR_TEMPLATE_INCONSISTENT;
516 /*****************************************
518 *****************************************/
521 bool P11AttrKeyType::setDefault()
523 OSAttribute attr((unsigned long)CKK_VENDOR_DEFINED);
524 return osobject->setAttribute(type, attr);
527 // Update the value if allowed
528 CK_RV P11AttrKeyType::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
530 // Attribute specific checks
532 if (ulValueLen !=sizeof(CK_ULONG))
534 return CKR_ATTRIBUTE_VALUE_INVALID;
537 if (osobject->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != *(CK_ULONG*)pValue)
539 return CKR_TEMPLATE_INCONSISTENT;
545 /*****************************************
546 * CKA_CERTIFICATE_TYPE
548 * 1 MUST be specified when object is created with C_CreateObject.
549 *****************************************/
552 bool P11AttrCertificateType::setDefault()
554 OSAttribute attr((unsigned long)CKC_VENDOR_DEFINED);
555 return osobject->setAttribute(type, attr);
558 // Update the value if allowed
559 CK_RV P11AttrCertificateType::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
561 // Attribute specific checks
563 if (ulValueLen !=sizeof(CK_ULONG))
565 return CKR_ATTRIBUTE_VALUE_INVALID;
568 if (osobject->getUnsignedLongValue(CKA_CERTIFICATE_TYPE, CKC_VENDOR_DEFINED) != *(CK_ULONG*)pValue)
570 return CKR_TEMPLATE_INCONSISTENT;
576 /*****************************************
578 *****************************************/
581 bool P11AttrToken::setDefault()
583 OSAttribute attr(false);
584 return osobject->setAttribute(type, attr);
587 // Update the value if allowed
588 CK_RV P11AttrToken::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
590 OSAttribute attrTrue(true);
591 OSAttribute attrFalse(false);
593 // Attribute specific checks
595 if (ulValueLen !=sizeof(CK_BBOOL))
597 return CKR_ATTRIBUTE_VALUE_INVALID;
602 if (*(CK_BBOOL*)pValue == CK_FALSE)
604 osobject->setAttribute(type, attrFalse);
608 osobject->setAttribute(type, attrTrue);
614 /*****************************************
616 *****************************************/
619 bool P11AttrPrivate::setDefault()
621 OSAttribute attr(true);
622 return osobject->setAttribute(type, attr);
625 // Update the value if allowed
626 CK_RV P11AttrPrivate::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
628 OSAttribute attrTrue(true);
629 OSAttribute attrFalse(false);
631 // Attribute specific checks
633 if (ulValueLen !=sizeof(CK_BBOOL))
635 return CKR_ATTRIBUTE_VALUE_INVALID;
640 if (*(CK_BBOOL*)pValue == CK_FALSE)
642 osobject->setAttribute(type, attrFalse);
646 osobject->setAttribute(type, attrTrue);
652 /*****************************************
654 *****************************************/
657 bool P11AttrModifiable::setDefault()
659 OSAttribute attr(true);
660 return osobject->setAttribute(type, attr);
663 // Update the value if allowed
664 CK_RV P11AttrModifiable::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
666 OSAttribute attrTrue(true);
667 OSAttribute attrFalse(false);
669 // Attribute specific checks
671 if (ulValueLen !=sizeof(CK_BBOOL))
673 return CKR_ATTRIBUTE_VALUE_INVALID;
678 if (*(CK_BBOOL*)pValue == CK_FALSE)
680 osobject->setAttribute(type, attrFalse);
684 osobject->setAttribute(type, attrTrue);
690 /*****************************************
692 *****************************************/
695 bool P11AttrLabel::setDefault()
697 OSAttribute attr(ByteString(""));
698 return osobject->setAttribute(type, attr);
701 /*****************************************
703 *****************************************/
706 bool P11AttrCopyable::setDefault()
708 OSAttribute attr(true);
709 return osobject->setAttribute(type, attr);
712 // Update the value if allowed
713 CK_RV P11AttrCopyable::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
715 OSAttribute attrTrue(true);
716 OSAttribute attrFalse(false);
718 // Attribute specific checks
720 if (ulValueLen !=sizeof(CK_BBOOL))
722 return CKR_ATTRIBUTE_VALUE_INVALID;
727 if (*(CK_BBOOL*)pValue == CK_FALSE)
729 osobject->setAttribute(type, attrFalse);
733 if (osobject->getBooleanValue(CKA_COPYABLE, true) == false)
735 return CKR_ATTRIBUTE_READ_ONLY;
742 /*****************************************
744 *****************************************/
747 bool P11AttrDestroyable::setDefault()
749 OSAttribute attr(true);
750 return osobject->setAttribute(type, attr);
753 // Update the value if allowed
754 CK_RV P11AttrDestroyable::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
756 OSAttribute attrTrue(true);
757 OSAttribute attrFalse(false);
759 // Attribute specific checks
761 if (ulValueLen !=sizeof(CK_BBOOL))
763 return CKR_ATTRIBUTE_VALUE_INVALID;
768 if (*(CK_BBOOL*)pValue == CK_FALSE)
770 osobject->setAttribute(type, attrFalse);
774 osobject->setAttribute(type, attrTrue);
780 /*****************************************
782 *****************************************/
785 bool P11AttrApplication::setDefault()
787 OSAttribute attr(ByteString(""));
788 return osobject->setAttribute(type, attr);
791 /*****************************************
793 *****************************************/
796 bool P11AttrObjectID::setDefault()
798 OSAttribute attr(ByteString(""));
799 return osobject->setAttribute(type, attr);
802 /*****************************************
804 *****************************************/
807 bool P11AttrCheckValue::setDefault()
809 OSAttribute attr(ByteString(""));
810 return osobject->setAttribute(type, attr);
813 // Update the value if allowed
814 CK_RV P11AttrCheckValue::updateAttr(Token *token, bool isPrivate, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
816 ByteString plaintext((unsigned char*)pValue, ulValueLen);
823 if (!token->encrypt(plaintext, value))
824 return CKR_GENERAL_ERROR;
829 // Attribute specific checks
831 if (value.size() < ulValueLen)
832 return CKR_GENERAL_ERROR;
837 osobject->setAttribute(type, value);
841 ByteString checkValue;
845 if (!token->decrypt(osobject->getByteStringValue(CKA_VALUE), keybits))
846 return CKR_GENERAL_ERROR;
850 keybits = osobject->getByteStringValue(CKA_VALUE);
856 switch (osobject->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED))
858 case CKK_GENERIC_SECRET:
861 case CKK_SHA224_HMAC:
862 case CKK_SHA256_HMAC:
863 case CKK_SHA384_HMAC:
864 case CKK_SHA512_HMAC:
865 key.setKeyBits(keybits);
866 key.setBitLen(keybits.size() * 8);
867 checkValue = key.getKeyCheckValue();
870 aes.setKeyBits(keybits);
871 aes.setBitLen(keybits.size() * 8);
872 checkValue = aes.getKeyCheckValue();
877 des.setKeyBits(keybits);
878 des.setBitLen(keybits.size() * 7);
879 checkValue = des.getKeyCheckValue();
882 // TODO: Encryption support for CKK_GOST28147
883 // We do not calculate the KCV
884 checkValue = plaintext;
887 return CKR_GENERAL_ERROR;
890 if (plaintext != checkValue)
891 return CKR_ATTRIBUTE_VALUE_INVALID;
893 osobject->setAttribute(type, value);
899 /*****************************************
900 * CKA_PUBLIC_KEY_INFO
901 *****************************************/
904 bool P11AttrPublicKeyInfo::setDefault()
906 OSAttribute attr(ByteString(""));
907 return osobject->setAttribute(type, attr);
910 /*****************************************
912 *****************************************/
915 bool P11AttrID::setDefault()
917 OSAttribute attr(ByteString(""));
918 return osobject->setAttribute(type, attr);
921 /*****************************************
923 *****************************************/
926 bool P11AttrValue::setDefault()
928 OSAttribute attr(ByteString(""));
929 return osobject->setAttribute(type, attr);
932 // Update the value if allowed
933 CK_RV P11AttrValue::updateAttr(Token *token, bool isPrivate, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
935 ByteString plaintext((unsigned char*)pValue, ulValueLen);
942 if (!token->encrypt(plaintext, value))
943 return CKR_GENERAL_ERROR;
948 // Attribute specific checks
950 if (value.size() < ulValueLen)
951 return CKR_GENERAL_ERROR;
955 osobject->setAttribute(type, value);
957 // Set the size during C_CreateObject and C_UnwrapKey.
959 if (op == OBJECT_OP_CREATE || op == OBJECT_OP_UNWRAP)
961 // Set the CKA_VALUE_LEN
962 if (osobject->attributeExists(CKA_VALUE_LEN))
964 OSAttribute bytes((unsigned long)plaintext.size());
965 osobject->setAttribute(CKA_VALUE_LEN, bytes);
968 // Set the CKA_VALUE_BITS
969 if (osobject->attributeExists(CKA_VALUE_BITS))
971 OSAttribute bits((unsigned long)plaintext.bits());
972 osobject->setAttribute(CKA_VALUE_BITS, bits);
976 // Calculate the CKA_CHECK_VALUE for certificates
977 if (osobject->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) == CKO_CERTIFICATE)
979 HashAlgorithm* hash = CryptoFactory::i()->getHashAlgorithm(HashAlgo::SHA1);
980 if (hash == NULL) return CKR_GENERAL_ERROR;
983 if (hash->hashInit() == false ||
984 hash->hashUpdate(plaintext) == false ||
985 hash->hashFinal(digest) == false)
987 CryptoFactory::i()->recycleHashAlgorithm(hash);
988 return CKR_GENERAL_ERROR;
990 CryptoFactory::i()->recycleHashAlgorithm(hash);
992 // First three bytes of the SHA-1 hash
997 ByteString encrypted;
998 if (!token->encrypt(digest, encrypted))
999 return CKR_GENERAL_ERROR;
1000 osobject->setAttribute(CKA_CHECK_VALUE, encrypted);
1003 osobject->setAttribute(CKA_CHECK_VALUE, digest);
1006 // Calculate the CKA_CHECK_VALUE for secret keys
1007 if (op == OBJECT_OP_CREATE &&
1008 osobject->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) == CKO_SECRET_KEY)
1013 ByteString checkValue;
1014 switch (osobject->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED))
1016 case CKK_GENERIC_SECRET:
1018 case CKK_SHA_1_HMAC:
1019 case CKK_SHA224_HMAC:
1020 case CKK_SHA256_HMAC:
1021 case CKK_SHA384_HMAC:
1022 case CKK_SHA512_HMAC:
1023 key.setKeyBits(plaintext);
1024 key.setBitLen(plaintext.size() * 8);
1025 checkValue = key.getKeyCheckValue();
1028 aes.setKeyBits(plaintext);
1029 aes.setBitLen(plaintext.size() * 8);
1030 checkValue = aes.getKeyCheckValue();
1035 des.setKeyBits(plaintext);
1036 des.setBitLen(plaintext.size() * 7);
1037 checkValue = des.getKeyCheckValue();
1040 // TODO: Encryption support for CKK_GOST28147
1041 // We do not calculate the KCV
1044 return CKR_GENERAL_ERROR;
1049 ByteString encrypted;
1050 if (!token->encrypt(checkValue, encrypted))
1051 return CKR_GENERAL_ERROR;
1052 osobject->setAttribute(CKA_CHECK_VALUE, encrypted);
1055 osobject->setAttribute(CKA_CHECK_VALUE, checkValue);
1061 /*****************************************
1063 *****************************************/
1065 // Set default value
1066 bool P11AttrSubject::setDefault()
1068 OSAttribute attr(ByteString(""));
1069 return osobject->setAttribute(type, attr);
1072 /*****************************************
1074 *****************************************/
1076 // Set default value
1077 bool P11AttrIssuer::setDefault()
1079 OSAttribute attr(ByteString(""));
1080 return osobject->setAttribute(type, attr);
1083 /*****************************************
1085 *****************************************/
1087 // Set default value
1088 bool P11AttrTrusted::setDefault()
1090 OSAttribute attr(false);
1091 return osobject->setAttribute(type, attr);
1094 // Update the value if allowed
1095 CK_RV P11AttrTrusted::updateAttr(Token *token, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1097 OSAttribute attrTrue(true);
1098 OSAttribute attrFalse(false);
1100 // Attribute specific checks
1102 if (ulValueLen !=sizeof(CK_BBOOL))
1104 return CKR_ATTRIBUTE_VALUE_INVALID;
1109 if (*(CK_BBOOL*)pValue == CK_FALSE)
1111 osobject->setAttribute(type, attrFalse);
1115 if (!token->isSOLoggedIn())
1117 ERROR_MSG("CKA_TRUSTED can only be set to true by the SO");
1118 return CKR_ATTRIBUTE_READ_ONLY;
1120 osobject->setAttribute(type, attrTrue);
1126 /*****************************************
1127 * CKA_CERTIFICATE_CATEGORY
1128 *****************************************/
1130 // Set default value
1131 bool P11AttrCertificateCategory::setDefault()
1133 OSAttribute attr((unsigned long)0);
1134 return osobject->setAttribute(type, attr);
1137 // Update the value if allowed
1138 CK_RV P11AttrCertificateCategory::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1140 // Attribute specific checks
1142 if (ulValueLen !=sizeof(CK_ULONG))
1144 return CKR_ATTRIBUTE_VALUE_INVALID;
1148 osobject->setAttribute(type, *(CK_ULONG*)pValue);
1153 /*****************************************
1155 *****************************************/
1157 // Set default value
1158 bool P11AttrStartDate::setDefault()
1160 OSAttribute attr(ByteString(""));
1161 return osobject->setAttribute(type, attr);
1164 // Update the value if allowed
1165 CK_RV P11AttrStartDate::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1167 // Attribute specific checks
1169 if (ulValueLen !=sizeof(CK_DATE) && ulValueLen !=0)
1171 return CKR_ATTRIBUTE_VALUE_INVALID;
1175 osobject->setAttribute(type, ByteString((unsigned char*)pValue, ulValueLen));
1180 /*****************************************
1182 *****************************************/
1184 // Set default value
1185 bool P11AttrEndDate::setDefault()
1187 OSAttribute attr(ByteString(""));
1188 return osobject->setAttribute(type, attr);
1191 // Update the value if allowed
1192 CK_RV P11AttrEndDate::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1194 // Attribute specific checks
1196 if (ulValueLen !=sizeof(CK_DATE) && ulValueLen !=0)
1198 return CKR_ATTRIBUTE_VALUE_INVALID;
1202 osobject->setAttribute(type, ByteString((unsigned char*)pValue, ulValueLen));
1207 /*****************************************
1209 *****************************************/
1211 // Set default value
1212 bool P11AttrSerialNumber::setDefault()
1214 OSAttribute attr(ByteString(""));
1215 return osobject->setAttribute(type, attr);
1218 /*****************************************
1220 *****************************************/
1222 // Set default value
1223 bool P11AttrURL::setDefault()
1225 OSAttribute attr(ByteString(""));
1226 return osobject->setAttribute(type, attr);
1229 /*****************************************
1230 * CKA_HASH_OF_SUBJECT_PUBLIC_KEY
1231 *****************************************/
1233 // Set default value
1234 bool P11AttrHashOfSubjectPublicKey::setDefault()
1236 OSAttribute attr(ByteString(""));
1237 return osobject->setAttribute(type, attr);
1240 /*****************************************
1241 * CKA_HASH_OF_ISSUER_PUBLIC_KEY
1242 *****************************************/
1244 // Set default value
1245 bool P11AttrHashOfIssuerPublicKey::setDefault()
1247 OSAttribute attr(ByteString(""));
1248 return osobject->setAttribute(type, attr);
1251 /*****************************************
1252 * CKA_JAVA_MIDP_SECURITY_DOMAIN
1253 *****************************************/
1255 // Set default value
1256 bool P11AttrJavaMidpSecurityDomain::setDefault()
1258 OSAttribute attr((unsigned long)0);
1259 return osobject->setAttribute(type, attr);
1262 // Update the value if allowed
1263 CK_RV P11AttrJavaMidpSecurityDomain::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1265 // Attribute specific checks
1267 if (ulValueLen !=sizeof(CK_ULONG))
1269 return CKR_ATTRIBUTE_VALUE_INVALID;
1273 osobject->setAttribute(type, *(CK_ULONG*)pValue);
1278 /*****************************************
1279 * CKA_NAME_HASH_ALGORITHM
1280 *****************************************/
1282 // Set default value
1283 bool P11AttrNameHashAlgorithm::setDefault()
1285 OSAttribute attr((unsigned long)CKM_SHA_1);
1286 return osobject->setAttribute(type, attr);
1289 // Update the value if allowed
1290 CK_RV P11AttrNameHashAlgorithm::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1292 // Attribute specific checks
1294 if (ulValueLen !=sizeof(CK_ULONG))
1296 return CKR_ATTRIBUTE_VALUE_INVALID;
1300 osobject->setAttribute(type, *(CK_ULONG*)pValue);
1305 /*****************************************
1307 *****************************************/
1309 // Set default value
1310 bool P11AttrDerive::setDefault()
1312 OSAttribute attr(false);
1313 return osobject->setAttribute(type, attr);
1316 // Update the value if allowed
1317 CK_RV P11AttrDerive::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1319 OSAttribute attrTrue(true);
1320 OSAttribute attrFalse(false);
1322 // Attribute specific checks
1324 if (ulValueLen !=sizeof(CK_BBOOL))
1326 return CKR_ATTRIBUTE_VALUE_INVALID;
1331 if (*(CK_BBOOL*)pValue == CK_FALSE)
1333 osobject->setAttribute(type, attrFalse);
1337 osobject->setAttribute(type, attrTrue);
1343 /*****************************************
1345 *****************************************/
1347 // Set default value
1348 bool P11AttrEncrypt::setDefault()
1350 OSAttribute attr(true);
1351 return osobject->setAttribute(type, attr);
1354 // Update the value if allowed
1355 CK_RV P11AttrEncrypt::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1357 OSAttribute attrTrue(true);
1358 OSAttribute attrFalse(false);
1360 // Attribute specific checks
1362 if (ulValueLen !=sizeof(CK_BBOOL))
1364 return CKR_ATTRIBUTE_VALUE_INVALID;
1369 if (*(CK_BBOOL*)pValue == CK_FALSE)
1371 osobject->setAttribute(type, attrFalse);
1375 osobject->setAttribute(type, attrTrue);
1381 /*****************************************
1383 *****************************************/
1385 // Set default value
1386 bool P11AttrVerify::setDefault()
1388 OSAttribute attr(true);
1389 return osobject->setAttribute(type, attr);
1392 // Update the value if allowed
1393 CK_RV P11AttrVerify::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1395 OSAttribute attrTrue(true);
1396 OSAttribute attrFalse(false);
1398 // Attribute specific checks
1400 if (ulValueLen !=sizeof(CK_BBOOL))
1402 return CKR_ATTRIBUTE_VALUE_INVALID;
1407 if (*(CK_BBOOL*)pValue == CK_FALSE)
1409 osobject->setAttribute(type, attrFalse);
1413 osobject->setAttribute(type, attrTrue);
1419 /*****************************************
1420 * CKA_VERIFY_RECOVER
1421 *****************************************/
1423 // Set default value
1424 bool P11AttrVerifyRecover::setDefault()
1426 OSAttribute attr(true);
1427 return osobject->setAttribute(type, attr);
1430 // Update the value if allowed
1431 CK_RV P11AttrVerifyRecover::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1433 OSAttribute attrTrue(true);
1434 OSAttribute attrFalse(false);
1436 // Attribute specific checks
1438 if (ulValueLen !=sizeof(CK_BBOOL))
1440 return CKR_ATTRIBUTE_VALUE_INVALID;
1445 if (*(CK_BBOOL*)pValue == CK_FALSE)
1447 osobject->setAttribute(type, attrFalse);
1451 osobject->setAttribute(type, attrTrue);
1457 /*****************************************
1459 *****************************************/
1461 // Set default value
1462 bool P11AttrWrap::setDefault()
1464 OSAttribute attr(true);
1465 return osobject->setAttribute(type, attr);
1468 // Update the value if allowed
1469 CK_RV P11AttrWrap::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1471 OSAttribute attrTrue(true);
1472 OSAttribute attrFalse(false);
1474 // Attribute specific checks
1476 if (ulValueLen !=sizeof(CK_BBOOL))
1478 return CKR_ATTRIBUTE_VALUE_INVALID;
1483 if (*(CK_BBOOL*)pValue == CK_FALSE)
1485 osobject->setAttribute(type, attrFalse);
1489 osobject->setAttribute(type, attrTrue);
1495 /*****************************************
1497 *****************************************/
1499 // Set default value
1500 bool P11AttrDecrypt::setDefault()
1502 OSAttribute attr(true);
1503 return osobject->setAttribute(type, attr);
1506 // Update the value if allowed
1507 CK_RV P11AttrDecrypt::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1509 OSAttribute attrTrue(true);
1510 OSAttribute attrFalse(false);
1512 // Attribute specific checks
1514 if (ulValueLen !=sizeof(CK_BBOOL))
1516 return CKR_ATTRIBUTE_VALUE_INVALID;
1521 if (*(CK_BBOOL*)pValue == CK_FALSE)
1523 osobject->setAttribute(type, attrFalse);
1527 osobject->setAttribute(type, attrTrue);
1533 /*****************************************
1535 *****************************************/
1537 // Set default value
1538 bool P11AttrSign::setDefault()
1540 OSAttribute attr(true);
1541 return osobject->setAttribute(type, attr);
1544 // Update the value if allowed
1545 CK_RV P11AttrSign::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1547 OSAttribute attrTrue(true);
1548 OSAttribute attrFalse(false);
1550 // Attribute specific checks
1552 if (ulValueLen !=sizeof(CK_BBOOL))
1554 return CKR_ATTRIBUTE_VALUE_INVALID;
1559 if (*(CK_BBOOL*)pValue == CK_FALSE)
1561 osobject->setAttribute(type, attrFalse);
1565 osobject->setAttribute(type, attrTrue);
1571 /*****************************************
1573 *****************************************/
1575 // Set default value
1576 bool P11AttrSignRecover::setDefault()
1578 OSAttribute attr(true);
1579 return osobject->setAttribute(type, attr);
1582 // Update the value if allowed
1583 CK_RV P11AttrSignRecover::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1585 OSAttribute attrTrue(true);
1586 OSAttribute attrFalse(false);
1588 // Attribute specific checks
1590 if (ulValueLen !=sizeof(CK_BBOOL))
1592 return CKR_ATTRIBUTE_VALUE_INVALID;
1597 if (*(CK_BBOOL*)pValue == CK_FALSE)
1599 osobject->setAttribute(type, attrFalse);
1603 osobject->setAttribute(type, attrTrue);
1609 /*****************************************
1611 *****************************************/
1613 // Set default value
1614 bool P11AttrUnwrap::setDefault()
1616 OSAttribute attr(true);
1617 return osobject->setAttribute(type, attr);
1620 // Update the value if allowed
1621 CK_RV P11AttrUnwrap::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1623 OSAttribute attrTrue(true);
1624 OSAttribute attrFalse(false);
1626 // Attribute specific checks
1628 if (ulValueLen !=sizeof(CK_BBOOL))
1630 return CKR_ATTRIBUTE_VALUE_INVALID;
1635 if (*(CK_BBOOL*)pValue == CK_FALSE)
1637 osobject->setAttribute(type, attrFalse);
1641 osobject->setAttribute(type, attrTrue);
1647 /*****************************************
1649 *****************************************/
1651 // Set default value
1652 bool P11AttrLocal::setDefault()
1654 OSAttribute attr(false);
1655 return osobject->setAttribute(type, attr);
1658 // Update the value if allowed
1659 CK_RV P11AttrLocal::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR /*pValue*/, CK_ULONG /*ulValueLen*/, int /*op*/)
1661 return CKR_ATTRIBUTE_READ_ONLY;
1664 /*****************************************
1665 * CKA_KEY_GEN_MECHANISM
1666 *****************************************/
1668 // Set default value
1669 bool P11AttrKeyGenMechanism::setDefault()
1671 OSAttribute attr((unsigned long)CK_UNAVAILABLE_INFORMATION);
1672 return osobject->setAttribute(type, attr);
1675 // Update the value if allowed
1676 CK_RV P11AttrKeyGenMechanism::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR /*pValue*/, CK_ULONG /*ulValueLen*/, int /*op*/)
1678 return CKR_ATTRIBUTE_READ_ONLY;
1681 /*****************************************
1682 * CKA_ALWAYS_SENSITIVE
1683 *****************************************/
1685 // Set default value
1686 bool P11AttrAlwaysSensitive::setDefault()
1688 OSAttribute attr(false);
1689 return osobject->setAttribute(type, attr);
1692 // Update the value if allowed
1693 CK_RV P11AttrAlwaysSensitive::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR /*pValue*/, CK_ULONG /*ulValueLen*/, int /*op*/)
1695 return CKR_ATTRIBUTE_READ_ONLY;
1698 /*****************************************
1699 * CKA_NEVER_EXTRACTABLE
1700 *****************************************/
1702 // Set default value
1703 bool P11AttrNeverExtractable::setDefault()
1705 OSAttribute attr(true);
1706 return osobject->setAttribute(type, attr);
1709 // Update the value if allowed
1710 CK_RV P11AttrNeverExtractable::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR /*pValue*/, CK_ULONG /*ulValueLen*/, int /*op*/)
1712 return CKR_ATTRIBUTE_READ_ONLY;
1715 /*****************************************
1717 *****************************************/
1719 // Set default value
1720 bool P11AttrSensitive::setDefault()
1722 // We default to false because we want to handle the secret keys in a correct way
1723 OSAttribute attr(false);
1724 return osobject->setAttribute(type, attr);
1727 // Update the value if allowed
1728 CK_RV P11AttrSensitive::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
1730 OSAttribute attrTrue(true);
1731 OSAttribute attrFalse(false);
1733 // Attribute specific checks
1735 if (op == OBJECT_OP_SET || op == OBJECT_OP_COPY)
1737 if (osobject->getBooleanValue(CKA_SENSITIVE, false))
1739 return CKR_ATTRIBUTE_READ_ONLY;
1743 if (ulValueLen !=sizeof(CK_BBOOL))
1745 return CKR_ATTRIBUTE_VALUE_INVALID;
1750 if (*(CK_BBOOL*)pValue == CK_FALSE)
1752 osobject->setAttribute(type, attrFalse);
1753 osobject->setAttribute(CKA_ALWAYS_SENSITIVE, attrFalse);
1757 osobject->setAttribute(type, attrTrue);
1759 // This is so that generated keys get the correct value
1760 if (op == OBJECT_OP_GENERATE || op == OBJECT_OP_DERIVE)
1762 osobject->setAttribute(CKA_ALWAYS_SENSITIVE, attrTrue);
1769 /*****************************************
1771 *****************************************/
1773 // Set default value
1774 bool P11AttrExtractable::setDefault()
1776 OSAttribute attr(false);
1777 return osobject->setAttribute(type, attr);
1780 // Update the value if allowed
1781 CK_RV P11AttrExtractable::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
1783 OSAttribute attrTrue(true);
1784 OSAttribute attrFalse(false);
1786 // Attribute specific checks
1788 if (op == OBJECT_OP_SET || op == OBJECT_OP_COPY)
1790 if (osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false)
1792 return CKR_ATTRIBUTE_READ_ONLY;
1796 if (ulValueLen !=sizeof(CK_BBOOL))
1798 return CKR_ATTRIBUTE_VALUE_INVALID;
1803 if (*(CK_BBOOL*)pValue == CK_FALSE)
1805 osobject->setAttribute(type, attrFalse);
1809 osobject->setAttribute(type, attrTrue);
1810 osobject->setAttribute(CKA_NEVER_EXTRACTABLE, attrFalse);
1816 /*****************************************
1817 * CKA_WRAP_WITH_TRUSTED
1818 *****************************************/
1820 // Set default value
1821 bool P11AttrWrapWithTrusted::setDefault()
1823 OSAttribute attr(false);
1824 return osobject->setAttribute(type, attr);
1827 // Update the value if allowed
1828 CK_RV P11AttrWrapWithTrusted::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
1830 OSAttribute attrTrue(true);
1831 OSAttribute attrFalse(false);
1833 // Attribute specific checks
1835 if (op == OBJECT_OP_SET || op == OBJECT_OP_COPY)
1837 if (osobject->getBooleanValue(CKA_WRAP_WITH_TRUSTED, false))
1839 return CKR_ATTRIBUTE_READ_ONLY;
1843 if (ulValueLen !=sizeof(CK_BBOOL))
1845 return CKR_ATTRIBUTE_VALUE_INVALID;
1850 if (*(CK_BBOOL*)pValue == CK_FALSE)
1852 osobject->setAttribute(type, attrFalse);
1856 osobject->setAttribute(type, attrTrue);
1862 /*****************************************
1863 * CKA_ALWAYS_AUTHENTICATE
1864 *****************************************/
1866 // Set default value
1867 bool P11AttrAlwaysAuthenticate::setDefault()
1869 OSAttribute attr(false);
1870 return osobject->setAttribute(type, attr);
1873 // Update the value if allowed
1874 CK_RV P11AttrAlwaysAuthenticate::updateAttr(Token* /*token*/, bool isPrivate, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1876 OSAttribute attrTrue(true);
1877 OSAttribute attrFalse(false);
1879 // Attribute specific checks
1881 if (ulValueLen !=sizeof(CK_BBOOL))
1883 return CKR_ATTRIBUTE_VALUE_INVALID;
1888 if (*(CK_BBOOL*)pValue == CK_FALSE)
1890 osobject->setAttribute(type, attrFalse);
1896 return CKR_TEMPLATE_INCONSISTENT;
1899 osobject->setAttribute(type, attrTrue);
1905 /*****************************************
1907 *****************************************/
1909 // Set default value
1910 bool P11AttrModulus::setDefault()
1912 OSAttribute attr(ByteString(""));
1913 return osobject->setAttribute(type, attr);
1916 // Update the value if allowed
1917 CK_RV P11AttrModulus::updateAttr(Token *token, bool isPrivate, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
1919 ByteString plaintext((unsigned char*)pValue, ulValueLen);
1926 if (!token->encrypt(plaintext, value))
1927 return CKR_GENERAL_ERROR;
1932 // Attribute specific checks
1934 if (value.size() < ulValueLen)
1935 return CKR_GENERAL_ERROR;
1939 osobject->setAttribute(type, value);
1941 // Set the CKA_MODULUS_BITS during C_CreateObject
1943 if (op == OBJECT_OP_CREATE && osobject->attributeExists(CKA_MODULUS_BITS))
1945 OSAttribute bits((unsigned long)plaintext.bits());
1946 osobject->setAttribute(CKA_MODULUS_BITS, bits);
1952 /*****************************************
1953 * CKA_PUBLIC_EXPONENT
1954 *****************************************/
1956 // Set default value
1957 bool P11AttrPublicExponent::setDefault()
1959 OSAttribute attr(ByteString(""));
1960 return osobject->setAttribute(type, attr);
1963 /*****************************************
1964 * CKA_PRIVATE_EXPONENT
1965 *****************************************/
1967 // Set default value
1968 bool P11AttrPrivateExponent::setDefault()
1970 OSAttribute attr(ByteString(""));
1971 return osobject->setAttribute(type, attr);
1974 /*****************************************
1976 *****************************************/
1978 // Set default value
1979 bool P11AttrPrime1::setDefault()
1981 OSAttribute attr(ByteString(""));
1982 return osobject->setAttribute(type, attr);
1985 /*****************************************
1987 *****************************************/
1989 // Set default value
1990 bool P11AttrPrime2::setDefault()
1992 OSAttribute attr(ByteString(""));
1993 return osobject->setAttribute(type, attr);
1996 /*****************************************
1998 *****************************************/
2000 // Set default value
2001 bool P11AttrExponent1::setDefault()
2003 OSAttribute attr(ByteString(""));
2004 return osobject->setAttribute(type, attr);
2007 /*****************************************
2009 *****************************************/
2011 // Set default value
2012 bool P11AttrExponent2::setDefault()
2014 OSAttribute attr(ByteString(""));
2015 return osobject->setAttribute(type, attr);
2018 /*****************************************
2020 *****************************************/
2022 // Set default value
2023 bool P11AttrCoefficient::setDefault()
2025 OSAttribute attr(ByteString(""));
2026 return osobject->setAttribute(type, attr);
2029 /*****************************************
2031 *****************************************/
2033 // Set default value
2034 bool P11AttrModulusBits::setDefault()
2036 OSAttribute attr((unsigned long)0);
2037 return osobject->setAttribute(type, attr);
2040 // Update the value if allowed
2041 CK_RV P11AttrModulusBits::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
2043 // Attribute specific checks
2045 if (op != OBJECT_OP_GENERATE)
2047 return CKR_ATTRIBUTE_READ_ONLY;
2050 if (ulValueLen !=sizeof(CK_ULONG))
2052 return CKR_ATTRIBUTE_VALUE_INVALID;
2057 osobject->setAttribute(type, *(CK_ULONG*)pValue);
2062 /*****************************************
2064 *****************************************/
2066 // Set default value
2067 bool P11AttrPrime::setDefault()
2069 OSAttribute attr(ByteString(""));
2070 return osobject->setAttribute(type, attr);
2073 // Update the value if allowed
2074 CK_RV P11AttrPrime::updateAttr(Token *token, bool isPrivate, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
2076 ByteString plaintext((unsigned char*)pValue, ulValueLen);
2083 if (!token->encrypt(plaintext, value))
2084 return CKR_GENERAL_ERROR;
2089 // Attribute specific checks
2091 if (value.size() < ulValueLen)
2092 return CKR_GENERAL_ERROR;
2096 osobject->setAttribute(type, value);
2098 // Set the CKA_PRIME_BITS during C_CreateObject
2100 if (op == OBJECT_OP_CREATE && osobject->attributeExists(CKA_PRIME_BITS))
2102 OSAttribute bits((unsigned long)plaintext.bits());
2103 osobject->setAttribute(CKA_PRIME_BITS, bits);
2109 /*****************************************
2111 *****************************************/
2113 // Set default value
2114 bool P11AttrSubPrime::setDefault()
2116 OSAttribute attr(ByteString(""));
2117 return osobject->setAttribute(type, attr);
2120 /*****************************************
2122 *****************************************/
2124 // Set default value
2125 bool P11AttrBase::setDefault()
2127 OSAttribute attr(ByteString(""));
2128 return osobject->setAttribute(type, attr);
2131 /*****************************************
2133 *****************************************/
2135 // Set default value
2136 bool P11AttrPrimeBits::setDefault()
2138 OSAttribute attr((unsigned long)0);
2139 return osobject->setAttribute(type, attr);
2142 // Update the value if allowed
2143 CK_RV P11AttrPrimeBits::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
2145 // Attribute specific checks
2147 if (op != OBJECT_OP_GENERATE)
2149 return CKR_ATTRIBUTE_READ_ONLY;
2152 if (ulValueLen != sizeof(CK_ULONG))
2154 return CKR_ATTRIBUTE_VALUE_INVALID;
2159 osobject->setAttribute(type, *(CK_ULONG*)pValue);
2164 /*****************************************
2166 *****************************************/
2168 // Set default value
2169 bool P11AttrValueBits::setDefault()
2171 OSAttribute attr((unsigned long)0);
2172 return osobject->setAttribute(type, attr);
2175 // Update the value if allowed
2176 CK_RV P11AttrValueBits::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
2178 // Attribute specific checks
2180 if (op != OBJECT_OP_GENERATE)
2182 return CKR_ATTRIBUTE_READ_ONLY;
2185 if (ulValueLen != sizeof(CK_ULONG))
2187 return CKR_ATTRIBUTE_VALUE_INVALID;
2192 osobject->setAttribute(type, *(CK_ULONG*)pValue);
2197 /*****************************************
2199 *****************************************/
2201 // Set default value
2202 bool P11AttrEcParams::setDefault()
2204 OSAttribute attr(ByteString(""));
2205 return osobject->setAttribute(type, attr);
2208 /*****************************************
2210 *****************************************/
2212 // Set default value
2213 bool P11AttrEcPoint::setDefault()
2215 OSAttribute attr(ByteString(""));
2216 return osobject->setAttribute(type, attr);
2219 /*****************************************
2220 * CKA_GOSTR3410_PARAMS
2221 *****************************************/
2223 // Set default value
2224 bool P11AttrGostR3410Params::setDefault()
2226 OSAttribute attr(ByteString(""));
2227 return osobject->setAttribute(type, attr);
2230 /*****************************************
2231 * CKA_GOSTR3411_PARAMS
2232 *****************************************/
2234 // Set default value
2235 bool P11AttrGostR3411Params::setDefault()
2237 OSAttribute attr(ByteString(""));
2238 return osobject->setAttribute(type, attr);
2241 /*****************************************
2242 * CKA_GOST28147_PARAMS
2243 *****************************************/
2245 // Set default value
2246 bool P11AttrGost28147Params::setDefault()
2248 OSAttribute attr(ByteString(""));
2249 return osobject->setAttribute(type, attr);
2252 /*****************************************
2254 *****************************************/
2256 // Set default value
2257 bool P11AttrValueLen::setDefault()
2259 OSAttribute attr((unsigned long)0);
2260 return osobject->setAttribute(type, attr);
2263 // Update the value if allowed
2264 CK_RV P11AttrValueLen::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
2266 // Attribute specific checks
2268 if (op != OBJECT_OP_GENERATE && op != OBJECT_OP_DERIVE)
2270 return CKR_ATTRIBUTE_READ_ONLY;
2273 if (ulValueLen != sizeof(CK_ULONG))
2275 return CKR_ATTRIBUTE_VALUE_INVALID;
2280 osobject->setAttribute(type, *(CK_ULONG*)pValue);
2285 /*****************************************
2287 *****************************************/
2289 // Set default value
2290 bool P11AttrWrapTemplate::setDefault()
2292 std::map<CK_ATTRIBUTE_TYPE,OSAttribute> empty;
2293 OSAttribute attr(empty);
2294 return osobject->setAttribute(type, attr);
2298 CK_RV P11AttrWrapTemplate::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
2300 // Attribute specific checks
2301 if ((ulValueLen % sizeof(CK_ATTRIBUTE)) != 0)
2303 return CKR_ATTRIBUTE_VALUE_INVALID;
2306 // Fill the template vector with elements
2307 CK_ATTRIBUTE_PTR attr = (CK_ATTRIBUTE_PTR) pValue;
2308 std::map<CK_ATTRIBUTE_TYPE,OSAttribute> data;
2309 for (size_t i = 0; i < ulValueLen / sizeof(CK_ATTRIBUTE); ++i, ++attr)
2310 // Specialization for known attributes
2315 case CKA_MODIFIABLE:
2321 case CKA_SIGN_RECOVER:
2323 case CKA_VERIFY_RECOVER:
2328 case CKA_ALWAYS_SENSITIVE:
2330 case CKA_NEVER_EXTRACTABLE:
2331 case CKA_EXTRACTABLE:
2332 case CKA_WRAP_WITH_TRUSTED:
2333 case CKA_SECONDARY_AUTH:
2334 case CKA_ALWAYS_AUTHENTICATE:
2337 if (attr->ulValueLen != sizeof(CK_BBOOL))
2338 return CKR_ATTRIBUTE_VALUE_INVALID;
2339 bool elem = (*(CK_BBOOL*)attr->pValue != CK_FALSE);
2340 data.insert(std::pair<CK_ATTRIBUTE_TYPE,OSAttribute> (attr->type, elem));
2346 case CKA_CERTIFICATE_TYPE:
2347 case CKA_CERTIFICATE_CATEGORY:
2348 case CKA_JAVA_MIDP_SECURITY_DOMAIN:
2349 case CKA_NAME_HASH_ALGORITHM:
2350 case CKA_KEY_GEN_MECHANISM:
2351 case CKA_MODULUS_BITS:
2352 case CKA_PRIME_BITS:
2353 case CKA_SUBPRIME_BITS:
2354 case CKA_VALUE_BITS:
2356 case CKA_AUTH_PIN_FLAGS:
2359 if (attr->ulValueLen != sizeof(CK_ULONG))
2360 return CKR_ATTRIBUTE_VALUE_INVALID;
2361 unsigned long elem = *(CK_ULONG*)attr->pValue;
2362 data.insert(std::pair<CK_ATTRIBUTE_TYPE,OSAttribute> (attr->type, elem));
2366 case CKA_WRAP_TEMPLATE:
2367 case CKA_UNWRAP_TEMPLATE:
2368 return CKR_ATTRIBUTE_VALUE_INVALID;
2373 ByteString elem = ByteString((unsigned char*)attr->pValue, attr->ulValueLen);
2374 data.insert(std::pair<CK_ATTRIBUTE_TYPE,OSAttribute> (attr->type, elem));
2379 osobject->setAttribute(type, data);
2384 /*****************************************
2385 * CKA_UNWRAP_TEMPLATE
2386 *****************************************/
2388 // Set default value
2389 bool P11AttrUnwrapTemplate::setDefault()
2391 std::map<CK_ATTRIBUTE_TYPE,OSAttribute> empty;
2392 OSAttribute attr(empty);
2393 return osobject->setAttribute(type, attr);
2397 CK_RV P11AttrUnwrapTemplate::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
2399 // Attribute specific checks
2400 if ((ulValueLen % sizeof(CK_ATTRIBUTE)) != 0)
2402 return CKR_ATTRIBUTE_VALUE_INVALID;
2405 // Fill the template vector with elements
2406 CK_ATTRIBUTE_PTR attr = (CK_ATTRIBUTE_PTR) pValue;
2407 std::map<CK_ATTRIBUTE_TYPE,OSAttribute> data;
2408 for (size_t i = 0; i < ulValueLen / sizeof(CK_ATTRIBUTE); ++i, ++attr)
2409 // Specialization for known attributes
2414 case CKA_MODIFIABLE:
2420 case CKA_SIGN_RECOVER:
2422 case CKA_VERIFY_RECOVER:
2427 case CKA_ALWAYS_SENSITIVE:
2429 case CKA_NEVER_EXTRACTABLE:
2430 case CKA_EXTRACTABLE:
2431 case CKA_WRAP_WITH_TRUSTED:
2432 case CKA_SECONDARY_AUTH:
2433 case CKA_ALWAYS_AUTHENTICATE:
2436 if (attr->ulValueLen != sizeof(CK_BBOOL))
2437 return CKR_ATTRIBUTE_VALUE_INVALID;
2438 bool elem = (*(CK_BBOOL*)attr->pValue != CK_FALSE);
2439 data.insert(std::pair<CK_ATTRIBUTE_TYPE,OSAttribute> (attr->type, elem));
2445 case CKA_CERTIFICATE_TYPE:
2446 case CKA_CERTIFICATE_CATEGORY:
2447 case CKA_JAVA_MIDP_SECURITY_DOMAIN:
2448 case CKA_NAME_HASH_ALGORITHM:
2449 case CKA_KEY_GEN_MECHANISM:
2450 case CKA_MODULUS_BITS:
2451 case CKA_PRIME_BITS:
2452 case CKA_SUBPRIME_BITS:
2453 case CKA_VALUE_BITS:
2455 case CKA_AUTH_PIN_FLAGS:
2458 if (attr->ulValueLen != sizeof(CK_ULONG))
2459 return CKR_ATTRIBUTE_VALUE_INVALID;
2460 unsigned long elem = *(CK_ULONG*)attr->pValue;
2461 data.insert(std::pair<CK_ATTRIBUTE_TYPE,OSAttribute> (attr->type, elem));
2465 case CKA_WRAP_TEMPLATE:
2466 case CKA_UNWRAP_TEMPLATE:
2467 return CKR_ATTRIBUTE_VALUE_INVALID;
2472 ByteString elem = ByteString((unsigned char*)attr->pValue, attr->ulValueLen);
2473 data.insert(std::pair<CK_ATTRIBUTE_TYPE,OSAttribute> (attr->type, elem));
2478 osobject->setAttribute(type, data);
2483 /*****************************************
2484 * CKA_ALLOWED_MECHANISMS
2485 *****************************************/
2487 // Set default value
2488 bool P11AttrAllowedMechanisms::setDefault()
2490 std::set<CK_MECHANISM_TYPE> emptyMap;
2491 return osobject->setAttribute(type, OSAttribute(emptyMap));
2494 // Update the value if allowed
2495 CK_RV P11AttrAllowedMechanisms::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
2497 if (ulValueLen == 0 || (ulValueLen % sizeof(CK_MECHANISM_TYPE)) != 0)
2499 return CKR_ATTRIBUTE_VALUE_INVALID;
2502 CK_MECHANISM_TYPE_PTR mechType = (CK_MECHANISM_TYPE_PTR) pValue;
2504 // Fill the set with values
2505 std::set<CK_MECHANISM_TYPE> data;
2506 for (size_t i = 0; i < ulValueLen / sizeof(CK_MECHANISM_TYPE); ++i, ++mechType)
2508 data.insert(*mechType);
2512 osobject->setAttribute(type, OSAttribute(data));