2 * Copyright (c) 2011 .SE (The Internet Infrastructure Foundation)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 /*****************************************************************************
30 This file contains classes for controlling attributes
31 *****************************************************************************/
34 #include "P11Attributes.h"
35 #include "ByteString.h"
36 #include "CryptoFactory.h"
43 P11Attribute::P11Attribute(OSObject* inobject)
46 type = CKA_VENDOR_DEFINED;
52 P11Attribute::~P11Attribute()
56 CK_RV P11Attribute::updateAttr(Token *token, bool isPrivate, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
61 if (!token->encrypt(ByteString((unsigned char*)pValue, ulValueLen),value))
62 return CKR_GENERAL_ERROR;
65 value = ByteString((unsigned char*)pValue, ulValueLen);
66 if (value.size() < ulValueLen)
67 return CKR_GENERAL_ERROR;
68 osobject->setAttribute(type, value);
72 bool P11Attribute::isModifiable()
74 // Get the CKA_MODIFIABLE attribute, when the attribute is
75 // not present return the default value which is CK_TRUE.
76 if (!osobject->attributeExists(CKA_MODIFIABLE)) return true;
78 return osobject->getBooleanValue(CKA_MODIFIABLE, true);
81 bool P11Attribute::isSensitive()
83 // Get the CKA_SENSITIVE attribute, when the attribute is not present
84 // assume the object is not sensitive.
85 if (!osobject->attributeExists(CKA_SENSITIVE)) return false;
87 return osobject->getBooleanValue(CKA_SENSITIVE, false);
90 bool P11Attribute::isExtractable()
92 // Get the CKA_EXTRACTABLE attribute, when the attribute is
93 // not present assume the object allows extraction.
94 if (!osobject->attributeExists(CKA_EXTRACTABLE)) return true;
96 return osobject->getBooleanValue(CKA_EXTRACTABLE, true);
99 bool P11Attribute::isTrusted()
101 // Get the CKA_TRUSTED attribute, when the attribute is
102 // not present assume the object is not trusted.
103 if (!osobject->attributeExists(CKA_TRUSTED)) return false;
105 return osobject->getBooleanValue(CKA_TRUSTED, false);
108 // Initialize the attribute
109 bool P11Attribute::init()
111 if (osobject == NULL) return false;
113 // Create a default value if the attribute does not exist
114 if (osobject->attributeExists(type) == false)
122 // Return the attribute type
123 CK_ATTRIBUTE_TYPE P11Attribute::getType()
128 // Return the attribute checks
129 CK_ATTRIBUTE_TYPE P11Attribute::getChecks()
134 // Retrieve a template map
135 static CK_RV retrieveAttributeMap(CK_ATTRIBUTE_PTR pTemplate, const std::map<CK_ATTRIBUTE_TYPE,OSAttribute>& map)
139 for (size_t i = 0; i < map.size(); ++i)
141 if (pTemplate[i].pValue == NULL_PTR)
145 // Caller wants type & size
146 if (nullcnt == map.size())
148 std::map<CK_ATTRIBUTE_TYPE,OSAttribute>::const_iterator a = map.begin();
149 for (size_t i = 0; i < map.size(); ++i, ++a)
151 pTemplate[i].type = a->first;
152 const OSAttribute& attr = a->second;
153 if (attr.isBooleanAttribute())
155 pTemplate[i].ulValueLen = sizeof(CK_BBOOL);
157 else if (attr.isUnsignedLongAttribute())
159 pTemplate[i].ulValueLen = sizeof(CK_ULONG);
161 else if (attr.isByteStringAttribute())
163 pTemplate[i].ulValueLen = attr.getByteStringValue().size();
168 ERROR_MSG("Internal error: bad attribute in attribute map");
170 return CKR_GENERAL_ERROR;
177 // Callers wants to get values
178 for (size_t i = 0; i < map.size(); ++i)
180 std::map<CK_ATTRIBUTE_TYPE,OSAttribute>::const_iterator a = map.find(pTemplate[i].type);
183 pTemplate[i].ulValueLen = CK_UNAVAILABLE_INFORMATION;
184 return CKR_ATTRIBUTE_TYPE_INVALID;
186 const OSAttribute& attr = a->second;
187 if (attr.isBooleanAttribute())
189 if (pTemplate[i].ulValueLen < sizeof(CK_BBOOL))
191 pTemplate[i].ulValueLen = CK_UNAVAILABLE_INFORMATION;
192 return CKR_BUFFER_TOO_SMALL;
194 pTemplate[i].ulValueLen = sizeof(CK_BBOOL);
195 *(CK_BBOOL*)pTemplate[i].pValue = attr.getBooleanValue() ? CK_TRUE : CK_FALSE;
197 else if (attr.isUnsignedLongAttribute())
199 if (pTemplate[i].ulValueLen < sizeof(CK_ULONG))
201 pTemplate[i].ulValueLen= CK_UNAVAILABLE_INFORMATION;
202 return CKR_BUFFER_TOO_SMALL;
204 pTemplate[i].ulValueLen = sizeof(CK_ULONG);
205 *(CK_ULONG_PTR)pTemplate[i].pValue= attr.getUnsignedLongValue();
207 else if (attr.isByteStringAttribute())
209 ByteString value = attr.getByteStringValue();
210 if (pTemplate[i].ulValueLen < value.size())
212 pTemplate[i].ulValueLen= CK_UNAVAILABLE_INFORMATION;
213 return CKR_BUFFER_TOO_SMALL;
215 pTemplate[i].ulValueLen = value.size();
216 memcpy(pTemplate[i].pValue, value.const_byte_str(), value.size());
221 ERROR_MSG("Internal error: bad attribute in attribute map");
223 return CKR_GENERAL_ERROR;
230 // Retrieve the value if allowed
231 CK_RV P11Attribute::retrieve(Token *token, bool isPrivate, CK_VOID_PTR pValue, CK_ULONG_PTR pulValueLen)
234 if (osobject == NULL) {
235 ERROR_MSG("Internal error: osobject field contains NULL_PTR");
236 return CKR_GENERAL_ERROR;
239 if (pulValueLen == NULL) {
240 ERROR_MSG("Internal error: pulValueLen contains NULL_PTR");
241 return CKR_GENERAL_ERROR;
244 // [PKCS#11 v2.40, C_GetAttributeValue]
245 // 1. If the specified attribute (i.e., the attribute specified by the
246 // type field) for the object cannot be revealed because the object
247 // is sensitive or unextractable, then the ulValueLen field in that
248 // triple is modified to hold the value CK_UNAVAILABLE_INFORMATION.
250 // [PKCS#11 v2.40, 4.2 Common attributes, table 10]
251 // 7 Cannot be revealed if object has its CKA_SENSITIVE attribute
252 // set to CK_TRUE or its CKA_EXTRACTABLE attribute set to CK_FALSE.
253 if ((checks & ck7) == ck7 && (isSensitive() || !isExtractable())) {
254 *pulValueLen = CK_UNAVAILABLE_INFORMATION;
255 return CKR_ATTRIBUTE_SENSITIVE;
258 // Retrieve the lower level attribute.
259 if (!osobject->attributeExists(type)) {
260 // Should be impossible.
261 ERROR_MSG("Internal error: attribute not present");
262 return CKR_GENERAL_ERROR;
264 OSAttribute attr = osobject->getAttribute(type);
266 // Get the actual attribute size.
267 CK_ULONG attrSize = size;
268 if (size == (CK_ULONG)-1)
270 // We don't have a fixed size attribute so we need to consult
271 // the lower level attribute for the exact size.
273 // Lower level attribute has to be variable sized.
274 if (attr.isByteStringAttribute())
276 if (isPrivate && attr.getByteStringValue().size() != 0)
279 if (!token->decrypt(attr.getByteStringValue(),value))
281 ERROR_MSG("Internal error: failed to decrypt private attribute value");
282 return CKR_GENERAL_ERROR;
284 attrSize = value.size();
287 attrSize = attr.getByteStringValue().size();
289 else if (attr.isMechanismTypeSetAttribute())
291 attrSize = attr.getMechanismTypeSetValue().size() * sizeof(CK_MECHANISM_TYPE);
293 else if (attr.isAttributeMapAttribute())
295 attrSize = attr.getAttributeMapValue().size() * sizeof(CK_ATTRIBUTE);
297 else if (attr.isUnsignedLongAttribute())
299 attrSize = sizeof(unsigned long);
303 // Should be impossible.
304 ERROR_MSG("Internal error: attribute has fixed size");
305 return CKR_GENERAL_ERROR;
309 // [PKCS#11 v2.40, C_GetAttributeValue]
310 // 3. Otherwise, if the pValue field has the value NULL_PTR, then the
311 // ulValueLen field is modified to hold the exact length of the
312 // specified attribute for the object.
313 if (pValue == NULL_PTR) {
314 // Return the size of the attribute.
315 *pulValueLen = attrSize;
319 // [PKCS#11 v2.40, C_GetAttributeValue]
320 // 4. Otherwise, if the length specified in ulValueLen is large enough
321 // to hold the value of the specified attribute for the object, then
322 // that attribute is copied into the buffer located at pValue, and
323 // the ulValueLen field is modified to hold the exact length of the
325 if (*pulValueLen >= attrSize)
327 // Only copy when there is actually something to copy
330 if (attr.isUnsignedLongAttribute()) {
331 *(CK_ULONG_PTR)pValue = attr.getUnsignedLongValue();
333 else if (attr.isBooleanAttribute())
335 *(CK_BBOOL*)pValue = attr.getBooleanValue() ? CK_TRUE : CK_FALSE;
337 else if (attr.isByteStringAttribute())
339 if (isPrivate && attr.getByteStringValue().size() != 0)
342 if (!token->decrypt(attr.getByteStringValue(),value))
344 ERROR_MSG("Internal error: failed to decrypt private attribute value");
345 return CKR_GENERAL_ERROR;
347 const unsigned char* attrPtr = value.const_byte_str();
348 memcpy(pValue,attrPtr,attrSize);
350 else if (attr.getByteStringValue().size() != 0)
352 const unsigned char* attrPtr = attr.getByteStringValue().const_byte_str();
353 memcpy(pValue,attrPtr,attrSize);
356 else if (attr.isMechanismTypeSetAttribute())
358 CK_MECHANISM_TYPE_PTR pTemplate = (CK_MECHANISM_TYPE_PTR) pValue;
361 std::set<CK_MECHANISM_TYPE> set = attr.getMechanismTypeSetValue();
362 for (std::set<CK_MECHANISM_TYPE>::const_iterator it = set.begin(); it != set.end(); ++it)
363 pTemplate[++i] = *it;
367 // attr is already retrieved and verified to be an Attribute Map
368 rv = retrieveAttributeMap((CK_ATTRIBUTE_PTR)pValue, attr.getAttributeMapValue());
370 *pulValueLen = attrSize;
374 // [PKCS#11 v2.40, C_GetAttributeValue]
375 // 5. Otherwise, the ulValueLen field is modified to hold the value CK_UNAVAILABLE_INFORMATION.
376 *pulValueLen = CK_UNAVAILABLE_INFORMATION;
377 return CKR_BUFFER_TOO_SMALL;
380 // Update the value if allowed
381 CK_RV P11Attribute::update(Token* token, bool isPrivate, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
383 if (osobject == NULL) {
384 ERROR_MSG("Internal error: osobject field contains NULL_PTR");
385 return CKR_GENERAL_ERROR;
388 // [PKCS#11 v2.40, 4.1.1 Creating objects]
389 // 2. If the supplied template specifies an invalid value for a valid attribute, then the
390 // attempt should fail with the error code CKR_ATTRIBUTE_VALUE_INVALID.
391 // The valid values for Cryptoki attributes are described in the Cryptoki specification.
393 // Check for null pointers in values.
394 if (pValue == NULL_PTR && ulValueLen != 0) {
395 ERROR_MSG("The attribute is a NULL_PTR but has a non-zero length")
396 return CKR_ATTRIBUTE_VALUE_INVALID;
399 // For fixed sized attributes check that the size matches.
400 if (size != ((CK_ULONG)-1) && size != ulValueLen) {
401 ERROR_MSG("The attribute size is different from the expected size")
402 return CKR_ATTRIBUTE_VALUE_INVALID;
405 // [PKCS#11 v2.40, 4.1.1 Creating objects] OBJECT_OP_CREATE | OBJECT_OP_SET | OBJECT_OP_COPY
406 // 3. If the supplied template specifies a value for a read-only attribute, then the attempt
407 // should fail with the error code CKR_ATTRIBUTE_READ_ONLY.
408 // Whether or not a given Cryptoki attribute is read-only is explicitly stated in the Cryptoki
409 // specification; however, a particular library and token may be even more restrictive than
410 // Cryptoki specifies. In other words, an attribute which Cryptoki says is not read-only may
411 // nonetheless be read-only under certain circumstances (i.e., in conjunction with some
412 // combinations of other attributes) for a particular library and token. Whether or not a
413 // given non-Cryptoki attribute is read-only is obviously outside the scope of Cryptoki.
415 // Attributes cannot be changed if CKA_MODIFIABLE is set to false
416 if (!isModifiable() && op != OBJECT_OP_GENERATE && op != OBJECT_OP_CREATE) {
417 ERROR_MSG("An object is with CKA_MODIFIABLE set to false is not modifiable");
418 return CKR_ATTRIBUTE_READ_ONLY;
421 // Attributes cannot be modified if CKA_TRUSTED is true on a certificate object.
422 if (isTrusted() && op != OBJECT_OP_GENERATE && op != OBJECT_OP_CREATE) {
423 if (osobject->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) == CKO_CERTIFICATE)
425 ERROR_MSG("A trusted certificate cannot be modified");
426 return CKR_ATTRIBUTE_READ_ONLY;
430 // ck2 MUST not be specified when object is created with C_CreateObject.
431 if ((checks & ck2) == ck2)
433 if (OBJECT_OP_CREATE==op)
435 ERROR_MSG("Prohibited attribute was passed to object creation function");
436 return CKR_ATTRIBUTE_READ_ONLY;
440 // ck4 MUST not be specified when object is generated with C_GenerateKey or C_GenerateKeyPair.
441 if ((checks & ck4) == ck4)
443 if (OBJECT_OP_GENERATE==op)
445 ERROR_MSG("Prohibited attribute was passed to key generation function");
446 return CKR_ATTRIBUTE_READ_ONLY;
450 // ck6 MUST not be specified when object is unwrapped with C_UnwrapKey.
451 if ((checks & ck6) == ck6)
453 if (OBJECT_OP_UNWRAP==op)
455 ERROR_MSG("Prohibited attribute was passed to key unwrapping function");
456 return CKR_ATTRIBUTE_READ_ONLY;
460 // ck8 May be modified after object is created with a C_SetAttributeValue call
461 // or in the process of copying an object with a C_CopyObject call.
462 // However, it is possible that a particular token may not permit modification of
463 // the attribute during the course of a C_CopyObject call.
464 if ((checks & ck8) == ck8)
466 if (OBJECT_OP_SET==op || OBJECT_OP_COPY==op)
468 return updateAttr(token, isPrivate, pValue, ulValueLen, op);
472 // ck17 Can be changed in the process of copying the object using C_CopyObject.
473 if ((checks & ck17) == ck17)
475 if (OBJECT_OP_COPY==op)
477 return updateAttr(token, isPrivate, pValue, ulValueLen, op);
481 // For attributes that have not been explicitly excluded from modification
482 // during create/derive/generate/unwrap, we allow them to be modified.
483 if (OBJECT_OP_CREATE==op || OBJECT_OP_DERIVE==op || OBJECT_OP_GENERATE==op || OBJECT_OP_UNWRAP==op)
485 return updateAttr(token, isPrivate, pValue, ulValueLen, op);
488 return CKR_ATTRIBUTE_READ_ONLY;
491 /*****************************************
493 *****************************************/
496 bool P11AttrClass::setDefault()
498 OSAttribute attrClass((unsigned long)CKO_VENDOR_DEFINED);
499 return osobject->setAttribute(type, attrClass);
502 // Update the value if allowed
503 CK_RV P11AttrClass::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
505 // Attribute specific checks
507 if (ulValueLen !=sizeof(CK_ULONG))
509 return CKR_ATTRIBUTE_VALUE_INVALID;
512 if (osobject->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) != *(CK_ULONG*)pValue)
514 return CKR_TEMPLATE_INCONSISTENT;
520 /*****************************************
522 *****************************************/
525 bool P11AttrKeyType::setDefault()
527 OSAttribute attr((unsigned long)CKK_VENDOR_DEFINED);
528 return osobject->setAttribute(type, attr);
531 // Update the value if allowed
532 CK_RV P11AttrKeyType::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
534 // Attribute specific checks
536 if (ulValueLen !=sizeof(CK_ULONG))
538 return CKR_ATTRIBUTE_VALUE_INVALID;
541 if (osobject->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != *(CK_ULONG*)pValue)
543 return CKR_TEMPLATE_INCONSISTENT;
549 /*****************************************
550 * CKA_CERTIFICATE_TYPE
552 * 1 MUST be specified when object is created with C_CreateObject.
553 *****************************************/
556 bool P11AttrCertificateType::setDefault()
558 OSAttribute attr((unsigned long)CKC_VENDOR_DEFINED);
559 return osobject->setAttribute(type, attr);
562 // Update the value if allowed
563 CK_RV P11AttrCertificateType::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
565 // Attribute specific checks
567 if (ulValueLen !=sizeof(CK_ULONG))
569 return CKR_ATTRIBUTE_VALUE_INVALID;
572 if (osobject->getUnsignedLongValue(CKA_CERTIFICATE_TYPE, CKC_VENDOR_DEFINED) != *(CK_ULONG*)pValue)
574 return CKR_TEMPLATE_INCONSISTENT;
580 /*****************************************
582 *****************************************/
585 bool P11AttrToken::setDefault()
587 OSAttribute attr(false);
588 return osobject->setAttribute(type, attr);
591 // Update the value if allowed
592 CK_RV P11AttrToken::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
594 OSAttribute attrTrue(true);
595 OSAttribute attrFalse(false);
597 // Attribute specific checks
599 if (ulValueLen !=sizeof(CK_BBOOL))
601 return CKR_ATTRIBUTE_VALUE_INVALID;
606 if (*(CK_BBOOL*)pValue == CK_FALSE)
608 osobject->setAttribute(type, attrFalse);
612 osobject->setAttribute(type, attrTrue);
618 /*****************************************
620 *****************************************/
623 bool P11AttrPrivate::setDefault()
625 OSAttribute attr(true);
626 return osobject->setAttribute(type, attr);
629 // Update the value if allowed
630 CK_RV P11AttrPrivate::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
632 OSAttribute attrTrue(true);
633 OSAttribute attrFalse(false);
635 // Attribute specific checks
637 if (ulValueLen !=sizeof(CK_BBOOL))
639 return CKR_ATTRIBUTE_VALUE_INVALID;
644 if (*(CK_BBOOL*)pValue == CK_FALSE)
646 osobject->setAttribute(type, attrFalse);
650 osobject->setAttribute(type, attrTrue);
656 /*****************************************
658 *****************************************/
661 bool P11AttrModifiable::setDefault()
663 OSAttribute attr(true);
664 return osobject->setAttribute(type, attr);
667 // Update the value if allowed
668 CK_RV P11AttrModifiable::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
670 OSAttribute attrTrue(true);
671 OSAttribute attrFalse(false);
673 // Attribute specific checks
675 if (ulValueLen !=sizeof(CK_BBOOL))
677 return CKR_ATTRIBUTE_VALUE_INVALID;
682 if (*(CK_BBOOL*)pValue == CK_FALSE)
684 osobject->setAttribute(type, attrFalse);
688 osobject->setAttribute(type, attrTrue);
694 /*****************************************
696 *****************************************/
699 bool P11AttrLabel::setDefault()
701 OSAttribute attr(ByteString(""));
702 return osobject->setAttribute(type, attr);
705 /*****************************************
707 *****************************************/
710 bool P11AttrCopyable::setDefault()
712 OSAttribute attr(true);
713 return osobject->setAttribute(type, attr);
716 // Update the value if allowed
717 CK_RV P11AttrCopyable::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
719 OSAttribute attrTrue(true);
720 OSAttribute attrFalse(false);
722 // Attribute specific checks
724 if (ulValueLen !=sizeof(CK_BBOOL))
726 return CKR_ATTRIBUTE_VALUE_INVALID;
731 if (*(CK_BBOOL*)pValue == CK_FALSE)
733 osobject->setAttribute(type, attrFalse);
737 if (osobject->getBooleanValue(CKA_COPYABLE, true) == false)
739 return CKR_ATTRIBUTE_READ_ONLY;
746 /*****************************************
748 *****************************************/
751 bool P11AttrDestroyable::setDefault()
753 OSAttribute attr(true);
754 return osobject->setAttribute(type, attr);
757 // Update the value if allowed
758 CK_RV P11AttrDestroyable::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
760 OSAttribute attrTrue(true);
761 OSAttribute attrFalse(false);
763 // Attribute specific checks
765 if (ulValueLen !=sizeof(CK_BBOOL))
767 return CKR_ATTRIBUTE_VALUE_INVALID;
772 if (*(CK_BBOOL*)pValue == CK_FALSE)
774 osobject->setAttribute(type, attrFalse);
778 osobject->setAttribute(type, attrTrue);
784 /*****************************************
786 *****************************************/
789 bool P11AttrApplication::setDefault()
791 OSAttribute attr(ByteString(""));
792 return osobject->setAttribute(type, attr);
795 /*****************************************
797 *****************************************/
800 bool P11AttrObjectID::setDefault()
802 OSAttribute attr(ByteString(""));
803 return osobject->setAttribute(type, attr);
806 /*****************************************
808 *****************************************/
811 bool P11AttrCheckValue::setDefault()
813 OSAttribute attr(ByteString(""));
814 return osobject->setAttribute(type, attr);
817 // Update the value if allowed
818 CK_RV P11AttrCheckValue::updateAttr(Token *token, bool isPrivate, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
820 ByteString plaintext((unsigned char*)pValue, ulValueLen);
827 if (!token->encrypt(plaintext, value))
828 return CKR_GENERAL_ERROR;
833 // Attribute specific checks
835 if (value.size() < ulValueLen)
836 return CKR_GENERAL_ERROR;
841 osobject->setAttribute(type, value);
845 ByteString checkValue;
849 if (!token->decrypt(osobject->getByteStringValue(CKA_VALUE), keybits))
850 return CKR_GENERAL_ERROR;
854 keybits = osobject->getByteStringValue(CKA_VALUE);
860 switch (osobject->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED))
862 case CKK_GENERIC_SECRET:
865 case CKK_SHA224_HMAC:
866 case CKK_SHA256_HMAC:
867 case CKK_SHA384_HMAC:
868 case CKK_SHA512_HMAC:
869 key.setKeyBits(keybits);
870 key.setBitLen(keybits.size() * 8);
871 checkValue = key.getKeyCheckValue();
874 aes.setKeyBits(keybits);
875 aes.setBitLen(keybits.size() * 8);
876 checkValue = aes.getKeyCheckValue();
881 des.setKeyBits(keybits);
882 des.setBitLen(keybits.size() * 7);
883 checkValue = des.getKeyCheckValue();
886 // TODO: Encryption support for CKK_GOST28147
887 // We do not calculate the KCV
888 checkValue = plaintext;
891 return CKR_GENERAL_ERROR;
894 if (plaintext != checkValue)
895 return CKR_ATTRIBUTE_VALUE_INVALID;
897 osobject->setAttribute(type, value);
903 /*****************************************
904 * CKA_PUBLIC_KEY_INFO
905 *****************************************/
908 bool P11AttrPublicKeyInfo::setDefault()
910 OSAttribute attr(ByteString(""));
911 return osobject->setAttribute(type, attr);
914 /*****************************************
916 *****************************************/
919 bool P11AttrID::setDefault()
921 OSAttribute attr(ByteString(""));
922 return osobject->setAttribute(type, attr);
925 /*****************************************
927 *****************************************/
930 bool P11AttrValue::setDefault()
932 OSAttribute attr(ByteString(""));
933 return osobject->setAttribute(type, attr);
936 // Update the value if allowed
937 CK_RV P11AttrValue::updateAttr(Token *token, bool isPrivate, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
939 ByteString plaintext((unsigned char*)pValue, ulValueLen);
946 if (!token->encrypt(plaintext, value))
947 return CKR_GENERAL_ERROR;
952 // Attribute specific checks
954 if (value.size() < ulValueLen)
955 return CKR_GENERAL_ERROR;
959 osobject->setAttribute(type, value);
961 // Set the size during C_CreateObject and C_UnwrapKey.
963 if (op == OBJECT_OP_CREATE || op == OBJECT_OP_UNWRAP)
965 // Set the CKA_VALUE_LEN
966 if (osobject->attributeExists(CKA_VALUE_LEN))
968 OSAttribute bytes((unsigned long)plaintext.size());
969 osobject->setAttribute(CKA_VALUE_LEN, bytes);
972 // Set the CKA_VALUE_BITS
973 if (osobject->attributeExists(CKA_VALUE_BITS))
975 OSAttribute bits((unsigned long)plaintext.bits());
976 osobject->setAttribute(CKA_VALUE_BITS, bits);
980 // Calculate the CKA_CHECK_VALUE for certificates
981 if (osobject->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) == CKO_CERTIFICATE)
983 HashAlgorithm* hash = CryptoFactory::i()->getHashAlgorithm(HashAlgo::SHA1);
984 if (hash == NULL) return CKR_GENERAL_ERROR;
987 if (hash->hashInit() == false ||
988 hash->hashUpdate(plaintext) == false ||
989 hash->hashFinal(digest) == false)
991 CryptoFactory::i()->recycleHashAlgorithm(hash);
992 return CKR_GENERAL_ERROR;
994 CryptoFactory::i()->recycleHashAlgorithm(hash);
996 // First three bytes of the SHA-1 hash
1001 ByteString encrypted;
1002 if (!token->encrypt(digest, encrypted))
1003 return CKR_GENERAL_ERROR;
1004 osobject->setAttribute(CKA_CHECK_VALUE, encrypted);
1007 osobject->setAttribute(CKA_CHECK_VALUE, digest);
1010 // Calculate the CKA_CHECK_VALUE for secret keys
1011 if (op == OBJECT_OP_CREATE &&
1012 osobject->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) == CKO_SECRET_KEY)
1017 ByteString checkValue;
1018 switch (osobject->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED))
1020 case CKK_GENERIC_SECRET:
1022 case CKK_SHA_1_HMAC:
1023 case CKK_SHA224_HMAC:
1024 case CKK_SHA256_HMAC:
1025 case CKK_SHA384_HMAC:
1026 case CKK_SHA512_HMAC:
1027 key.setKeyBits(plaintext);
1028 key.setBitLen(plaintext.size() * 8);
1029 checkValue = key.getKeyCheckValue();
1032 aes.setKeyBits(plaintext);
1033 aes.setBitLen(plaintext.size() * 8);
1034 checkValue = aes.getKeyCheckValue();
1039 des.setKeyBits(plaintext);
1040 des.setBitLen(plaintext.size() * 7);
1041 checkValue = des.getKeyCheckValue();
1044 // TODO: Encryption support for CKK_GOST28147
1045 // We do not calculate the KCV
1048 return CKR_GENERAL_ERROR;
1053 ByteString encrypted;
1054 if (!token->encrypt(checkValue, encrypted))
1055 return CKR_GENERAL_ERROR;
1056 osobject->setAttribute(CKA_CHECK_VALUE, encrypted);
1059 osobject->setAttribute(CKA_CHECK_VALUE, checkValue);
1065 /*****************************************
1067 *****************************************/
1069 // Set default value
1070 bool P11AttrSubject::setDefault()
1072 OSAttribute attr(ByteString(""));
1073 return osobject->setAttribute(type, attr);
1076 /*****************************************
1078 *****************************************/
1080 // Set default value
1081 bool P11AttrIssuer::setDefault()
1083 OSAttribute attr(ByteString(""));
1084 return osobject->setAttribute(type, attr);
1087 /*****************************************
1089 *****************************************/
1091 // Set default value
1092 bool P11AttrTrusted::setDefault()
1094 OSAttribute attr(false);
1095 return osobject->setAttribute(type, attr);
1098 // Update the value if allowed
1099 CK_RV P11AttrTrusted::updateAttr(Token *token, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1101 OSAttribute attrTrue(true);
1102 OSAttribute attrFalse(false);
1104 // Attribute specific checks
1106 if (ulValueLen !=sizeof(CK_BBOOL))
1108 return CKR_ATTRIBUTE_VALUE_INVALID;
1113 if (*(CK_BBOOL*)pValue == CK_FALSE)
1115 osobject->setAttribute(type, attrFalse);
1119 if (!token->isSOLoggedIn())
1121 ERROR_MSG("CKA_TRUSTED can only be set to true by the SO");
1122 return CKR_ATTRIBUTE_READ_ONLY;
1124 osobject->setAttribute(type, attrTrue);
1130 /*****************************************
1131 * CKA_CERTIFICATE_CATEGORY
1132 *****************************************/
1134 // Set default value
1135 bool P11AttrCertificateCategory::setDefault()
1137 OSAttribute attr((unsigned long)0);
1138 return osobject->setAttribute(type, attr);
1141 // Update the value if allowed
1142 CK_RV P11AttrCertificateCategory::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1144 // Attribute specific checks
1146 if (ulValueLen !=sizeof(CK_ULONG))
1148 return CKR_ATTRIBUTE_VALUE_INVALID;
1152 osobject->setAttribute(type, *(CK_ULONG*)pValue);
1157 /*****************************************
1159 *****************************************/
1161 // Set default value
1162 bool P11AttrStartDate::setDefault()
1164 OSAttribute attr(ByteString(""));
1165 return osobject->setAttribute(type, attr);
1168 // Update the value if allowed
1169 CK_RV P11AttrStartDate::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1171 // Attribute specific checks
1173 if (ulValueLen !=sizeof(CK_DATE) && ulValueLen !=0)
1175 return CKR_ATTRIBUTE_VALUE_INVALID;
1179 osobject->setAttribute(type, ByteString((unsigned char*)pValue, ulValueLen));
1184 /*****************************************
1186 *****************************************/
1188 // Set default value
1189 bool P11AttrEndDate::setDefault()
1191 OSAttribute attr(ByteString(""));
1192 return osobject->setAttribute(type, attr);
1195 // Update the value if allowed
1196 CK_RV P11AttrEndDate::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1198 // Attribute specific checks
1200 if (ulValueLen !=sizeof(CK_DATE) && ulValueLen !=0)
1202 return CKR_ATTRIBUTE_VALUE_INVALID;
1206 osobject->setAttribute(type, ByteString((unsigned char*)pValue, ulValueLen));
1211 /*****************************************
1213 *****************************************/
1215 // Set default value
1216 bool P11AttrSerialNumber::setDefault()
1218 OSAttribute attr(ByteString(""));
1219 return osobject->setAttribute(type, attr);
1222 /*****************************************
1224 *****************************************/
1226 // Set default value
1227 bool P11AttrURL::setDefault()
1229 OSAttribute attr(ByteString(""));
1230 return osobject->setAttribute(type, attr);
1233 /*****************************************
1234 * CKA_HASH_OF_SUBJECT_PUBLIC_KEY
1235 *****************************************/
1237 // Set default value
1238 bool P11AttrHashOfSubjectPublicKey::setDefault()
1240 OSAttribute attr(ByteString(""));
1241 return osobject->setAttribute(type, attr);
1244 /*****************************************
1245 * CKA_HASH_OF_ISSUER_PUBLIC_KEY
1246 *****************************************/
1248 // Set default value
1249 bool P11AttrHashOfIssuerPublicKey::setDefault()
1251 OSAttribute attr(ByteString(""));
1252 return osobject->setAttribute(type, attr);
1255 /*****************************************
1256 * CKA_JAVA_MIDP_SECURITY_DOMAIN
1257 *****************************************/
1259 // Set default value
1260 bool P11AttrJavaMidpSecurityDomain::setDefault()
1262 OSAttribute attr((unsigned long)0);
1263 return osobject->setAttribute(type, attr);
1266 // Update the value if allowed
1267 CK_RV P11AttrJavaMidpSecurityDomain::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1269 // Attribute specific checks
1271 if (ulValueLen !=sizeof(CK_ULONG))
1273 return CKR_ATTRIBUTE_VALUE_INVALID;
1277 osobject->setAttribute(type, *(CK_ULONG*)pValue);
1282 /*****************************************
1283 * CKA_NAME_HASH_ALGORITHM
1284 *****************************************/
1286 // Set default value
1287 bool P11AttrNameHashAlgorithm::setDefault()
1289 OSAttribute attr((unsigned long)CKM_SHA_1);
1290 return osobject->setAttribute(type, attr);
1293 // Update the value if allowed
1294 CK_RV P11AttrNameHashAlgorithm::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1296 // Attribute specific checks
1298 if (ulValueLen !=sizeof(CK_ULONG))
1300 return CKR_ATTRIBUTE_VALUE_INVALID;
1304 osobject->setAttribute(type, *(CK_ULONG*)pValue);
1309 /*****************************************
1311 *****************************************/
1313 // Set default value
1314 bool P11AttrDerive::setDefault()
1316 OSAttribute attr(false);
1317 return osobject->setAttribute(type, attr);
1320 // Update the value if allowed
1321 CK_RV P11AttrDerive::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1323 OSAttribute attrTrue(true);
1324 OSAttribute attrFalse(false);
1326 // Attribute specific checks
1328 if (ulValueLen !=sizeof(CK_BBOOL))
1330 return CKR_ATTRIBUTE_VALUE_INVALID;
1335 if (*(CK_BBOOL*)pValue == CK_FALSE)
1337 osobject->setAttribute(type, attrFalse);
1341 osobject->setAttribute(type, attrTrue);
1347 /*****************************************
1349 *****************************************/
1351 // Set default value
1352 bool P11AttrEncrypt::setDefault()
1354 OSAttribute attr(true);
1355 return osobject->setAttribute(type, attr);
1358 // Update the value if allowed
1359 CK_RV P11AttrEncrypt::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1361 OSAttribute attrTrue(true);
1362 OSAttribute attrFalse(false);
1364 // Attribute specific checks
1366 if (ulValueLen !=sizeof(CK_BBOOL))
1368 return CKR_ATTRIBUTE_VALUE_INVALID;
1373 if (*(CK_BBOOL*)pValue == CK_FALSE)
1375 osobject->setAttribute(type, attrFalse);
1379 osobject->setAttribute(type, attrTrue);
1385 /*****************************************
1387 *****************************************/
1389 // Set default value
1390 bool P11AttrVerify::setDefault()
1392 OSAttribute attr(true);
1393 return osobject->setAttribute(type, attr);
1396 // Update the value if allowed
1397 CK_RV P11AttrVerify::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1399 OSAttribute attrTrue(true);
1400 OSAttribute attrFalse(false);
1402 // Attribute specific checks
1404 if (ulValueLen !=sizeof(CK_BBOOL))
1406 return CKR_ATTRIBUTE_VALUE_INVALID;
1411 if (*(CK_BBOOL*)pValue == CK_FALSE)
1413 osobject->setAttribute(type, attrFalse);
1417 osobject->setAttribute(type, attrTrue);
1423 /*****************************************
1424 * CKA_VERIFY_RECOVER
1425 *****************************************/
1427 // Set default value
1428 bool P11AttrVerifyRecover::setDefault()
1430 OSAttribute attr(true);
1431 return osobject->setAttribute(type, attr);
1434 // Update the value if allowed
1435 CK_RV P11AttrVerifyRecover::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1437 OSAttribute attrTrue(true);
1438 OSAttribute attrFalse(false);
1440 // Attribute specific checks
1442 if (ulValueLen !=sizeof(CK_BBOOL))
1444 return CKR_ATTRIBUTE_VALUE_INVALID;
1449 if (*(CK_BBOOL*)pValue == CK_FALSE)
1451 osobject->setAttribute(type, attrFalse);
1455 osobject->setAttribute(type, attrTrue);
1461 /*****************************************
1463 *****************************************/
1465 // Set default value
1466 bool P11AttrWrap::setDefault()
1468 OSAttribute attr(true);
1469 return osobject->setAttribute(type, attr);
1472 // Update the value if allowed
1473 CK_RV P11AttrWrap::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1475 OSAttribute attrTrue(true);
1476 OSAttribute attrFalse(false);
1478 // Attribute specific checks
1480 if (ulValueLen !=sizeof(CK_BBOOL))
1482 return CKR_ATTRIBUTE_VALUE_INVALID;
1487 if (*(CK_BBOOL*)pValue == CK_FALSE)
1489 osobject->setAttribute(type, attrFalse);
1493 osobject->setAttribute(type, attrTrue);
1499 /*****************************************
1501 *****************************************/
1503 // Set default value
1504 bool P11AttrDecrypt::setDefault()
1506 OSAttribute attr(true);
1507 return osobject->setAttribute(type, attr);
1510 // Update the value if allowed
1511 CK_RV P11AttrDecrypt::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1513 OSAttribute attrTrue(true);
1514 OSAttribute attrFalse(false);
1516 // Attribute specific checks
1518 if (ulValueLen !=sizeof(CK_BBOOL))
1520 return CKR_ATTRIBUTE_VALUE_INVALID;
1525 if (*(CK_BBOOL*)pValue == CK_FALSE)
1527 osobject->setAttribute(type, attrFalse);
1531 osobject->setAttribute(type, attrTrue);
1537 /*****************************************
1539 *****************************************/
1541 // Set default value
1542 bool P11AttrSign::setDefault()
1544 OSAttribute attr(true);
1545 return osobject->setAttribute(type, attr);
1548 // Update the value if allowed
1549 CK_RV P11AttrSign::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1551 OSAttribute attrTrue(true);
1552 OSAttribute attrFalse(false);
1554 // Attribute specific checks
1556 if (ulValueLen !=sizeof(CK_BBOOL))
1558 return CKR_ATTRIBUTE_VALUE_INVALID;
1563 if (*(CK_BBOOL*)pValue == CK_FALSE)
1565 osobject->setAttribute(type, attrFalse);
1569 osobject->setAttribute(type, attrTrue);
1575 /*****************************************
1577 *****************************************/
1579 // Set default value
1580 bool P11AttrSignRecover::setDefault()
1582 OSAttribute attr(true);
1583 return osobject->setAttribute(type, attr);
1586 // Update the value if allowed
1587 CK_RV P11AttrSignRecover::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1589 OSAttribute attrTrue(true);
1590 OSAttribute attrFalse(false);
1592 // Attribute specific checks
1594 if (ulValueLen !=sizeof(CK_BBOOL))
1596 return CKR_ATTRIBUTE_VALUE_INVALID;
1601 if (*(CK_BBOOL*)pValue == CK_FALSE)
1603 osobject->setAttribute(type, attrFalse);
1607 osobject->setAttribute(type, attrTrue);
1613 /*****************************************
1615 *****************************************/
1617 // Set default value
1618 bool P11AttrUnwrap::setDefault()
1620 OSAttribute attr(true);
1621 return osobject->setAttribute(type, attr);
1624 // Update the value if allowed
1625 CK_RV P11AttrUnwrap::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1627 OSAttribute attrTrue(true);
1628 OSAttribute attrFalse(false);
1630 // Attribute specific checks
1632 if (ulValueLen !=sizeof(CK_BBOOL))
1634 return CKR_ATTRIBUTE_VALUE_INVALID;
1639 if (*(CK_BBOOL*)pValue == CK_FALSE)
1641 osobject->setAttribute(type, attrFalse);
1645 osobject->setAttribute(type, attrTrue);
1651 /*****************************************
1653 *****************************************/
1655 // Set default value
1656 bool P11AttrLocal::setDefault()
1658 OSAttribute attr(false);
1659 return osobject->setAttribute(type, attr);
1662 // Update the value if allowed
1663 CK_RV P11AttrLocal::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR /*pValue*/, CK_ULONG /*ulValueLen*/, int /*op*/)
1665 return CKR_ATTRIBUTE_READ_ONLY;
1668 /*****************************************
1669 * CKA_KEY_GEN_MECHANISM
1670 *****************************************/
1672 // Set default value
1673 bool P11AttrKeyGenMechanism::setDefault()
1675 OSAttribute attr((unsigned long)CK_UNAVAILABLE_INFORMATION);
1676 return osobject->setAttribute(type, attr);
1679 // Update the value if allowed
1680 CK_RV P11AttrKeyGenMechanism::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR /*pValue*/, CK_ULONG /*ulValueLen*/, int /*op*/)
1682 return CKR_ATTRIBUTE_READ_ONLY;
1685 /*****************************************
1686 * CKA_ALWAYS_SENSITIVE
1687 *****************************************/
1689 // Set default value
1690 bool P11AttrAlwaysSensitive::setDefault()
1692 OSAttribute attr(false);
1693 return osobject->setAttribute(type, attr);
1696 // Update the value if allowed
1697 CK_RV P11AttrAlwaysSensitive::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR /*pValue*/, CK_ULONG /*ulValueLen*/, int /*op*/)
1699 return CKR_ATTRIBUTE_READ_ONLY;
1702 /*****************************************
1703 * CKA_NEVER_EXTRACTABLE
1704 *****************************************/
1706 // Set default value
1707 bool P11AttrNeverExtractable::setDefault()
1709 OSAttribute attr(true);
1710 return osobject->setAttribute(type, attr);
1713 // Update the value if allowed
1714 CK_RV P11AttrNeverExtractable::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR /*pValue*/, CK_ULONG /*ulValueLen*/, int /*op*/)
1716 return CKR_ATTRIBUTE_READ_ONLY;
1719 /*****************************************
1721 *****************************************/
1723 // Set default value
1724 bool P11AttrSensitive::setDefault()
1726 // We default to false because we want to handle the secret keys in a correct way
1727 OSAttribute attr(false);
1728 return osobject->setAttribute(type, attr);
1731 // Update the value if allowed
1732 CK_RV P11AttrSensitive::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
1734 OSAttribute attrTrue(true);
1735 OSAttribute attrFalse(false);
1737 // Attribute specific checks
1739 if (op == OBJECT_OP_SET || op == OBJECT_OP_COPY)
1741 if (osobject->getBooleanValue(CKA_SENSITIVE, false))
1743 return CKR_ATTRIBUTE_READ_ONLY;
1747 if (ulValueLen !=sizeof(CK_BBOOL))
1749 return CKR_ATTRIBUTE_VALUE_INVALID;
1754 if (*(CK_BBOOL*)pValue == CK_FALSE)
1756 osobject->setAttribute(type, attrFalse);
1757 osobject->setAttribute(CKA_ALWAYS_SENSITIVE, attrFalse);
1761 osobject->setAttribute(type, attrTrue);
1763 // This is so that generated keys get the correct value
1764 if (op == OBJECT_OP_GENERATE || op == OBJECT_OP_DERIVE)
1766 osobject->setAttribute(CKA_ALWAYS_SENSITIVE, attrTrue);
1773 /*****************************************
1775 *****************************************/
1777 // Set default value
1778 bool P11AttrExtractable::setDefault()
1780 OSAttribute attr(false);
1781 return osobject->setAttribute(type, attr);
1784 // Update the value if allowed
1785 CK_RV P11AttrExtractable::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
1787 OSAttribute attrTrue(true);
1788 OSAttribute attrFalse(false);
1790 // Attribute specific checks
1792 if (op == OBJECT_OP_SET || op == OBJECT_OP_COPY)
1794 if (osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false)
1796 return CKR_ATTRIBUTE_READ_ONLY;
1800 if (ulValueLen !=sizeof(CK_BBOOL))
1802 return CKR_ATTRIBUTE_VALUE_INVALID;
1807 if (*(CK_BBOOL*)pValue == CK_FALSE)
1809 osobject->setAttribute(type, attrFalse);
1813 osobject->setAttribute(type, attrTrue);
1814 osobject->setAttribute(CKA_NEVER_EXTRACTABLE, attrFalse);
1820 /*****************************************
1821 * CKA_WRAP_WITH_TRUSTED
1822 *****************************************/
1824 // Set default value
1825 bool P11AttrWrapWithTrusted::setDefault()
1827 OSAttribute attr(false);
1828 return osobject->setAttribute(type, attr);
1831 // Update the value if allowed
1832 CK_RV P11AttrWrapWithTrusted::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
1834 OSAttribute attrTrue(true);
1835 OSAttribute attrFalse(false);
1837 // Attribute specific checks
1839 if (op == OBJECT_OP_SET || op == OBJECT_OP_COPY)
1841 if (osobject->getBooleanValue(CKA_WRAP_WITH_TRUSTED, false))
1843 return CKR_ATTRIBUTE_READ_ONLY;
1847 if (ulValueLen !=sizeof(CK_BBOOL))
1849 return CKR_ATTRIBUTE_VALUE_INVALID;
1854 if (*(CK_BBOOL*)pValue == CK_FALSE)
1856 osobject->setAttribute(type, attrFalse);
1860 osobject->setAttribute(type, attrTrue);
1866 /*****************************************
1867 * CKA_ALWAYS_AUTHENTICATE
1868 *****************************************/
1870 // Set default value
1871 bool P11AttrAlwaysAuthenticate::setDefault()
1873 OSAttribute attr(false);
1874 return osobject->setAttribute(type, attr);
1877 // Update the value if allowed
1878 CK_RV P11AttrAlwaysAuthenticate::updateAttr(Token* /*token*/, bool isPrivate, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
1880 OSAttribute attrTrue(true);
1881 OSAttribute attrFalse(false);
1883 // Attribute specific checks
1885 if (ulValueLen !=sizeof(CK_BBOOL))
1887 return CKR_ATTRIBUTE_VALUE_INVALID;
1892 if (*(CK_BBOOL*)pValue == CK_FALSE)
1894 osobject->setAttribute(type, attrFalse);
1900 return CKR_TEMPLATE_INCONSISTENT;
1903 osobject->setAttribute(type, attrTrue);
1909 /*****************************************
1911 *****************************************/
1913 // Set default value
1914 bool P11AttrModulus::setDefault()
1916 OSAttribute attr(ByteString(""));
1917 return osobject->setAttribute(type, attr);
1920 // Update the value if allowed
1921 CK_RV P11AttrModulus::updateAttr(Token *token, bool isPrivate, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
1923 ByteString plaintext((unsigned char*)pValue, ulValueLen);
1930 if (!token->encrypt(plaintext, value))
1931 return CKR_GENERAL_ERROR;
1936 // Attribute specific checks
1938 if (value.size() < ulValueLen)
1939 return CKR_GENERAL_ERROR;
1943 osobject->setAttribute(type, value);
1945 // Set the CKA_MODULUS_BITS during C_CreateObject
1947 if (op == OBJECT_OP_CREATE && osobject->attributeExists(CKA_MODULUS_BITS))
1949 OSAttribute bits((unsigned long)plaintext.bits());
1950 osobject->setAttribute(CKA_MODULUS_BITS, bits);
1956 /*****************************************
1957 * CKA_PUBLIC_EXPONENT
1958 *****************************************/
1960 // Set default value
1961 bool P11AttrPublicExponent::setDefault()
1963 OSAttribute attr(ByteString(""));
1964 return osobject->setAttribute(type, attr);
1967 /*****************************************
1968 * CKA_PRIVATE_EXPONENT
1969 *****************************************/
1971 // Set default value
1972 bool P11AttrPrivateExponent::setDefault()
1974 OSAttribute attr(ByteString(""));
1975 return osobject->setAttribute(type, attr);
1978 /*****************************************
1980 *****************************************/
1982 // Set default value
1983 bool P11AttrPrime1::setDefault()
1985 OSAttribute attr(ByteString(""));
1986 return osobject->setAttribute(type, attr);
1989 /*****************************************
1991 *****************************************/
1993 // Set default value
1994 bool P11AttrPrime2::setDefault()
1996 OSAttribute attr(ByteString(""));
1997 return osobject->setAttribute(type, attr);
2000 /*****************************************
2002 *****************************************/
2004 // Set default value
2005 bool P11AttrExponent1::setDefault()
2007 OSAttribute attr(ByteString(""));
2008 return osobject->setAttribute(type, attr);
2011 /*****************************************
2013 *****************************************/
2015 // Set default value
2016 bool P11AttrExponent2::setDefault()
2018 OSAttribute attr(ByteString(""));
2019 return osobject->setAttribute(type, attr);
2022 /*****************************************
2024 *****************************************/
2026 // Set default value
2027 bool P11AttrCoefficient::setDefault()
2029 OSAttribute attr(ByteString(""));
2030 return osobject->setAttribute(type, attr);
2033 /*****************************************
2035 *****************************************/
2037 // Set default value
2038 bool P11AttrModulusBits::setDefault()
2040 OSAttribute attr((unsigned long)0);
2041 return osobject->setAttribute(type, attr);
2044 // Update the value if allowed
2045 CK_RV P11AttrModulusBits::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
2047 // Attribute specific checks
2049 if (op != OBJECT_OP_GENERATE)
2051 return CKR_ATTRIBUTE_READ_ONLY;
2054 if (ulValueLen !=sizeof(CK_ULONG))
2056 return CKR_ATTRIBUTE_VALUE_INVALID;
2061 osobject->setAttribute(type, *(CK_ULONG*)pValue);
2066 /*****************************************
2068 *****************************************/
2070 // Set default value
2071 bool P11AttrPrime::setDefault()
2073 OSAttribute attr(ByteString(""));
2074 return osobject->setAttribute(type, attr);
2077 // Update the value if allowed
2078 CK_RV P11AttrPrime::updateAttr(Token *token, bool isPrivate, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
2080 ByteString plaintext((unsigned char*)pValue, ulValueLen);
2087 if (!token->encrypt(plaintext, value))
2088 return CKR_GENERAL_ERROR;
2093 // Attribute specific checks
2095 if (value.size() < ulValueLen)
2096 return CKR_GENERAL_ERROR;
2100 osobject->setAttribute(type, value);
2102 // Set the CKA_PRIME_BITS during C_CreateObject
2104 if (op == OBJECT_OP_CREATE && osobject->attributeExists(CKA_PRIME_BITS))
2106 OSAttribute bits((unsigned long)plaintext.bits());
2107 osobject->setAttribute(CKA_PRIME_BITS, bits);
2113 /*****************************************
2115 *****************************************/
2117 // Set default value
2118 bool P11AttrSubPrime::setDefault()
2120 OSAttribute attr(ByteString(""));
2121 return osobject->setAttribute(type, attr);
2124 /*****************************************
2126 *****************************************/
2128 // Set default value
2129 bool P11AttrBase::setDefault()
2131 OSAttribute attr(ByteString(""));
2132 return osobject->setAttribute(type, attr);
2135 /*****************************************
2137 *****************************************/
2139 // Set default value
2140 bool P11AttrPrimeBits::setDefault()
2142 OSAttribute attr((unsigned long)0);
2143 return osobject->setAttribute(type, attr);
2146 // Update the value if allowed
2147 CK_RV P11AttrPrimeBits::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
2149 // Attribute specific checks
2151 if (op != OBJECT_OP_GENERATE)
2153 return CKR_ATTRIBUTE_READ_ONLY;
2156 if (ulValueLen != sizeof(CK_ULONG))
2158 return CKR_ATTRIBUTE_VALUE_INVALID;
2163 osobject->setAttribute(type, *(CK_ULONG*)pValue);
2168 /*****************************************
2170 *****************************************/
2172 // Set default value
2173 bool P11AttrValueBits::setDefault()
2175 OSAttribute attr((unsigned long)0);
2176 return osobject->setAttribute(type, attr);
2179 // Update the value if allowed
2180 CK_RV P11AttrValueBits::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
2182 // Attribute specific checks
2184 if (op != OBJECT_OP_GENERATE)
2186 return CKR_ATTRIBUTE_READ_ONLY;
2189 if (ulValueLen != sizeof(CK_ULONG))
2191 return CKR_ATTRIBUTE_VALUE_INVALID;
2196 osobject->setAttribute(type, *(CK_ULONG*)pValue);
2201 /*****************************************
2203 *****************************************/
2205 // Set default value
2206 bool P11AttrEcParams::setDefault()
2208 OSAttribute attr(ByteString(""));
2209 return osobject->setAttribute(type, attr);
2212 /*****************************************
2214 *****************************************/
2216 // Set default value
2217 bool P11AttrEcPoint::setDefault()
2219 OSAttribute attr(ByteString(""));
2220 return osobject->setAttribute(type, attr);
2223 /*****************************************
2224 * CKA_GOSTR3410_PARAMS
2225 *****************************************/
2227 // Set default value
2228 bool P11AttrGostR3410Params::setDefault()
2230 OSAttribute attr(ByteString(""));
2231 return osobject->setAttribute(type, attr);
2234 /*****************************************
2235 * CKA_GOSTR3411_PARAMS
2236 *****************************************/
2238 // Set default value
2239 bool P11AttrGostR3411Params::setDefault()
2241 OSAttribute attr(ByteString(""));
2242 return osobject->setAttribute(type, attr);
2245 /*****************************************
2246 * CKA_GOST28147_PARAMS
2247 *****************************************/
2249 // Set default value
2250 bool P11AttrGost28147Params::setDefault()
2252 OSAttribute attr(ByteString(""));
2253 return osobject->setAttribute(type, attr);
2256 /*****************************************
2258 *****************************************/
2260 // Set default value
2261 bool P11AttrValueLen::setDefault()
2263 OSAttribute attr((unsigned long)0);
2264 return osobject->setAttribute(type, attr);
2267 // Update the value if allowed
2268 CK_RV P11AttrValueLen::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
2270 // Attribute specific checks
2272 if (op != OBJECT_OP_GENERATE && op != OBJECT_OP_DERIVE)
2274 return CKR_ATTRIBUTE_READ_ONLY;
2277 if (ulValueLen != sizeof(CK_ULONG))
2279 return CKR_ATTRIBUTE_VALUE_INVALID;
2284 osobject->setAttribute(type, *(CK_ULONG*)pValue);
2289 /*****************************************
2291 *****************************************/
2293 // Set default value
2294 bool P11AttrWrapTemplate::setDefault()
2296 std::map<CK_ATTRIBUTE_TYPE,OSAttribute> empty;
2297 OSAttribute attr(empty);
2298 return osobject->setAttribute(type, attr);
2302 CK_RV P11AttrWrapTemplate::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
2304 // Attribute specific checks
2305 if ((ulValueLen % sizeof(CK_ATTRIBUTE)) != 0)
2307 return CKR_ATTRIBUTE_VALUE_INVALID;
2310 // Fill the template vector with elements
2311 CK_ATTRIBUTE_PTR attr = (CK_ATTRIBUTE_PTR) pValue;
2312 std::map<CK_ATTRIBUTE_TYPE,OSAttribute> data;
2313 for (size_t i = 0; i < ulValueLen / sizeof(CK_ATTRIBUTE); ++i, ++attr)
2314 // Specialization for known attributes
2319 case CKA_MODIFIABLE:
2325 case CKA_SIGN_RECOVER:
2327 case CKA_VERIFY_RECOVER:
2332 case CKA_ALWAYS_SENSITIVE:
2334 case CKA_NEVER_EXTRACTABLE:
2335 case CKA_EXTRACTABLE:
2336 case CKA_WRAP_WITH_TRUSTED:
2337 case CKA_SECONDARY_AUTH:
2338 case CKA_ALWAYS_AUTHENTICATE:
2341 if (attr->ulValueLen != sizeof(CK_BBOOL))
2342 return CKR_ATTRIBUTE_VALUE_INVALID;
2343 bool elem = (*(CK_BBOOL*)attr->pValue != CK_FALSE);
2344 data.insert(std::pair<CK_ATTRIBUTE_TYPE,OSAttribute> (attr->type, elem));
2350 case CKA_CERTIFICATE_TYPE:
2351 case CKA_CERTIFICATE_CATEGORY:
2352 case CKA_JAVA_MIDP_SECURITY_DOMAIN:
2353 case CKA_NAME_HASH_ALGORITHM:
2354 case CKA_KEY_GEN_MECHANISM:
2355 case CKA_MODULUS_BITS:
2356 case CKA_PRIME_BITS:
2357 case CKA_SUBPRIME_BITS:
2358 case CKA_VALUE_BITS:
2360 case CKA_AUTH_PIN_FLAGS:
2363 if (attr->ulValueLen != sizeof(CK_ULONG))
2364 return CKR_ATTRIBUTE_VALUE_INVALID;
2365 unsigned long elem = *(CK_ULONG*)attr->pValue;
2366 data.insert(std::pair<CK_ATTRIBUTE_TYPE,OSAttribute> (attr->type, elem));
2370 case CKA_WRAP_TEMPLATE:
2371 case CKA_UNWRAP_TEMPLATE:
2372 return CKR_ATTRIBUTE_VALUE_INVALID;
2377 ByteString elem = ByteString((unsigned char*)attr->pValue, attr->ulValueLen);
2378 data.insert(std::pair<CK_ATTRIBUTE_TYPE,OSAttribute> (attr->type, elem));
2383 osobject->setAttribute(type, data);
2388 /*****************************************
2389 * CKA_UNWRAP_TEMPLATE
2390 *****************************************/
2392 // Set default value
2393 bool P11AttrUnwrapTemplate::setDefault()
2395 std::map<CK_ATTRIBUTE_TYPE,OSAttribute> empty;
2396 OSAttribute attr(empty);
2397 return osobject->setAttribute(type, attr);
2401 CK_RV P11AttrUnwrapTemplate::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
2403 // Attribute specific checks
2404 if ((ulValueLen % sizeof(CK_ATTRIBUTE)) != 0)
2406 return CKR_ATTRIBUTE_VALUE_INVALID;
2409 // Fill the template vector with elements
2410 CK_ATTRIBUTE_PTR attr = (CK_ATTRIBUTE_PTR) pValue;
2411 std::map<CK_ATTRIBUTE_TYPE,OSAttribute> data;
2412 for (size_t i = 0; i < ulValueLen / sizeof(CK_ATTRIBUTE); ++i, ++attr)
2413 // Specialization for known attributes
2418 case CKA_MODIFIABLE:
2424 case CKA_SIGN_RECOVER:
2426 case CKA_VERIFY_RECOVER:
2431 case CKA_ALWAYS_SENSITIVE:
2433 case CKA_NEVER_EXTRACTABLE:
2434 case CKA_EXTRACTABLE:
2435 case CKA_WRAP_WITH_TRUSTED:
2436 case CKA_SECONDARY_AUTH:
2437 case CKA_ALWAYS_AUTHENTICATE:
2440 if (attr->ulValueLen != sizeof(CK_BBOOL))
2441 return CKR_ATTRIBUTE_VALUE_INVALID;
2442 bool elem = (*(CK_BBOOL*)attr->pValue != CK_FALSE);
2443 data.insert(std::pair<CK_ATTRIBUTE_TYPE,OSAttribute> (attr->type, elem));
2449 case CKA_CERTIFICATE_TYPE:
2450 case CKA_CERTIFICATE_CATEGORY:
2451 case CKA_JAVA_MIDP_SECURITY_DOMAIN:
2452 case CKA_NAME_HASH_ALGORITHM:
2453 case CKA_KEY_GEN_MECHANISM:
2454 case CKA_MODULUS_BITS:
2455 case CKA_PRIME_BITS:
2456 case CKA_SUBPRIME_BITS:
2457 case CKA_VALUE_BITS:
2459 case CKA_AUTH_PIN_FLAGS:
2462 if (attr->ulValueLen != sizeof(CK_ULONG))
2463 return CKR_ATTRIBUTE_VALUE_INVALID;
2464 unsigned long elem = *(CK_ULONG*)attr->pValue;
2465 data.insert(std::pair<CK_ATTRIBUTE_TYPE,OSAttribute> (attr->type, elem));
2469 case CKA_WRAP_TEMPLATE:
2470 case CKA_UNWRAP_TEMPLATE:
2471 return CKR_ATTRIBUTE_VALUE_INVALID;
2476 ByteString elem = ByteString((unsigned char*)attr->pValue, attr->ulValueLen);
2477 data.insert(std::pair<CK_ATTRIBUTE_TYPE,OSAttribute> (attr->type, elem));
2482 osobject->setAttribute(type, data);
2487 /*****************************************
2488 * CKA_ALLOWED_MECHANISMS
2489 *****************************************/
2491 // Set default value
2492 bool P11AttrAllowedMechanisms::setDefault()
2494 std::set<CK_MECHANISM_TYPE> emptyMap;
2495 return osobject->setAttribute(type, OSAttribute(emptyMap));
2498 // Update the value if allowed
2499 CK_RV P11AttrAllowedMechanisms::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/)
2501 if (ulValueLen == 0 || (ulValueLen % sizeof(CK_MECHANISM_TYPE)) != 0)
2503 return CKR_ATTRIBUTE_VALUE_INVALID;
2506 CK_MECHANISM_TYPE_PTR mechType = (CK_MECHANISM_TYPE_PTR) pValue;
2508 // Fill the set with values
2509 std::set<CK_MECHANISM_TYPE> data;
2510 for (size_t i = 0; i < ulValueLen / sizeof(CK_MECHANISM_TYPE); ++i, ++mechType)
2512 data.insert(*mechType);
2516 osobject->setAttribute(type, OSAttribute(data));
2521 // Set default value
2522 bool P11AttrPrivateHandle::setDefault()
2524 OSAttribute attr((CK_ULONG)0);
2525 return osobject->setAttribute(type, attr);
2528 // Update the value if allowed
2529 CK_RV P11AttrPrivateHandle::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op)
2531 // Attribute specific checks
2532 if (op != OBJECT_OP_CREATE)
2534 return CKR_ATTRIBUTE_READ_ONLY;
2537 if (ulValueLen !=sizeof(CK_ULONG))
2539 return CKR_ATTRIBUTE_VALUE_INVALID;
2543 osobject->setAttribute(type, *((CK_ULONG*)pValue));