TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 79f4e0e91d4d94dadc3713d9f3a73b544d47a14c / . / library / pkcs11_client.c
blob: 2e97d0e2735e0dcd11d7b6b9ba3c2c4006d049be [file] [log] [blame]
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]1/*
2 * Generic wrapper for Cryptoki (PKCS#11) support
3 *
4 * Copyright (C) 2017, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22#if !defined(MBEDTLS_CONFIG_FILE)
23#include "mbedtls/config.h"
24#else
25#include MBEDTLS_CONFIG_FILE
26#endif
27
28#if defined(MBEDTLS_PKCS11_CLIENT_C)
29
30#include <stdint.h>
31#include <string.h>
32#include <pkcs11.h>
33
34#include "mbedtls/pkcs11_client.h"
35
36#if defined(MBEDTLS_PLATFORM_C)
37#include "mbedtls/platform.h"
38#else
39#include <stdlib.h>
40#define mbedtls_calloc calloc
41#define mbedtls_free free
42#endif
43
44
45
46#if defined(MBEDTLS_PK_C)
47#include "mbedtls/pk.h"
48#include "mbedtls/pk_info.h"
49
50#if defined(MBEDTLS_RSA_C)
51#include "mbedtls/bignum.h"
52#include "mbedtls/rsa.h"
53#endif
54
55#if defined(MBEDTLS_ECDSA_C)
56#include "mbedtls/asn1.h"
57#include "mbedtls/asn1write.h"
58#include "mbedtls/bignum.h"
59#include "mbedtls/ecdsa.h"
60#include "mbedtls/ecp.h"
61#include "mbedtls/oid.h"
62#endif
63
64#define ARRAY_LENGTH( a ) ( sizeof( a ) / sizeof( *( a ) ) )
65
66typedef struct {
67 mbedtls_pk_type_t key_type; /**< key type */
68 CK_SESSION_HANDLE hSession; /**< session handle */
69 CK_OBJECT_HANDLE hPublicKey; /**< public key handle (must not be null) */
70 CK_OBJECT_HANDLE hPrivateKey; /**< private key handle (may be null) */
71 uint16_t bit_length; /**< key length in bits */
72} mbedtls_pk_pkcs11_context_t;
73
74static int pkcs11_err_to_mbedtls_pk_err( CK_RV rv )
75{
76 switch( rv )
77 {
78 case CKR_OK:
79 return( 0 );
80 case CKR_HOST_MEMORY:
81 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
82 case CKR_ARGUMENTS_BAD:
83 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
84 case CKR_KEY_FUNCTION_NOT_PERMITTED:
85 return( MBEDTLS_ERR_PK_NOT_PERMITTED );
86 case CKR_MECHANISM_INVALID:
87 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
88 case CKR_MECHANISM_PARAM_INVALID:
89 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
90 case CKR_OBJECT_HANDLE_INVALID:
91 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
92 case CKR_SIGNATURE_INVALID:
93 return( MBEDTLS_ERR_PK_INVALID_SIGNATURE );
94 case CKR_SIGNATURE_LEN_RANGE:
95 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
96 case CKR_TEMPLATE_INCOMPLETE:
97 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
98 case CKR_BUFFER_TOO_SMALL:
99 return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL );
100 default:
101 return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
102 }
103}
104
105static size_t pkcs11_pk_get_bitlen( const void *ctx_arg )
106{
107 const mbedtls_pk_pkcs11_context_t *ctx = ctx_arg;
108 return( ctx->bit_length );
109}
110
111static int pkcs11_pk_can_do( const void *ctx_arg, mbedtls_pk_type_t type )
112{
113 const mbedtls_pk_pkcs11_context_t *ctx = ctx_arg;
114 return ctx->key_type == mbedtls_pk_representation_type( type );
115}
116
117static void *pkcs11_pk_alloc( )
118{
119 return( mbedtls_calloc( 1, sizeof( mbedtls_pk_pkcs11_context_t ) ) );
120}
121
122static void pkcs11_pk_free( void *ctx )
123{
124 mbedtls_free( ctx );
125}
126
127static size_t pkcs11_pk_signature_size( const void *ctx_arg )
128{
129 const mbedtls_pk_pkcs11_context_t *ctx = ctx_arg;
130 switch( ctx->key_type )
131 {
132 case MBEDTLS_PK_RSA:
133 return( ( ctx->bit_length + 7 ) / 8 );
134 case MBEDTLS_PK_ECKEY:
135 return( MBEDTLS_ECDSA_MAX_SIG_LEN( ctx->bit_length ) );
136 default:
137 return( 0 );
138 }
139}
140
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame^]141static int pkcs11_sign_core( mbedtls_pk_pkcs11_context_t *ctx,
142 CK_MECHANISM_TYPE mechanism_type,
143 const unsigned char *payload, size_t payload_len,
144 unsigned char *sig, size_t *sig_len,
145 size_t sig_size )
146{
147 CK_ULONG ck_sig_len = sig_size;
148 CK_MECHANISM mechanism = {mechanism_type, NULL_PTR, 0};
149 CK_RV rv;
150 rv = C_SignInit( ctx->hSession, &mechanism, ctx->hPrivateKey );
151 if( rv != CKR_OK )
152 goto exit;
153 rv = C_Sign( ctx->hSession, (CK_BYTE_PTR) payload, payload_len,
154 sig, &ck_sig_len );
155 if( rv != CKR_OK )
156 goto exit;
157 *sig_len = ck_sig_len;
158exit:
159 return( pkcs11_err_to_mbedtls_pk_err( rv ) );
160}
161
162#if defined(MBEDTLS_RSA_C)
163static int pkcs11_sign_rsa( mbedtls_pk_pkcs11_context_t *ctx,
164 const unsigned char *digest_info,
165 size_t digest_info_len,
166 unsigned char *sig, size_t *sig_len )
167{
168 return( pkcs11_sign_core( ctx, CKM_RSA_PKCS,
169 digest_info, digest_info_len,
170 sig, sig_len, ( ctx->bit_length + 7 ) / 8 ) );
171}
172#endif /* MBEDTLS_RSA_C */
173
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]174static int pkcs11_sign( void *ctx_arg,
175 mbedtls_md_type_t md_alg,
176 const unsigned char *hash, size_t hash_len,
177 unsigned char *sig, size_t *sig_len,
178 int (*f_rng)(void *, unsigned char *, size_t),
179 void *p_rng )
180{
181 mbedtls_pk_pkcs11_context_t *ctx = ctx_arg;
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame^]182 int ret;
183
184 *sig_len = 0;
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]185
186 /* This function takes size_t arguments but the underlying layer
187 takes unsigned long. Either type may be smaller than the other.
188 Legitimate values won't overflow either type but we still need
189 to check for overflow for robustness. */
190 if( hash_len > (CK_ULONG)( -1 ) )
191 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
192 (void) f_rng;
193 (void) p_rng;
194
195 switch( ctx->key_type )
196 {
197#if defined(MBEDTLS_RSA_C)
198 case MBEDTLS_PK_RSA:
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame^]199 /* There is no mechanism in PKCS#11 that computes a PKCS#1 v1.5
200 * signature from a hash value and a hash type, only mechanisms
201 * that include the hash calculation and a mechanism that expects
202 * a DigestInfo (encoded hash that isn't padded). So we use the
203 * mechanism that expects a DigestInfo, and calculate the DigestInfo
204 * ourselves if needed. */
205 if( md_alg == MBEDTLS_MD_NONE )
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]206 {
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame^]207 ret = pkcs11_sign_rsa( ctx, hash, hash_len, sig, sig_len );
208 }
209 else
210 {
211 unsigned char digest_info[MBEDTLS_RSA_PKCS1_DIGESTINFO_MAX_SIZE];
212 unsigned char *p = digest_info + sizeof( digest_info );
213 size_t digest_info_len;
214 if( mbedtls_rsa_emsa_pkcs1_v15_encode_digestinfo(
215 &p, digest_info,
216 md_alg, hash, hash_len ) != 0 )
217 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
218 digest_info_len = digest_info + sizeof( digest_info ) - p;
219 ret = pkcs11_sign_rsa( ctx, p, digest_info_len, sig, sig_len );
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]220 }
221 break;
222#endif /* MBEDTLS_RSA_C */
223 default:
224 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
225 }
226
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame^]227 if( ret != 0 )
228 memset( sig, 0, *sig_len );
229 return( ret );
230}
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]231
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame^]232static int pkcs11_verify_core( mbedtls_pk_pkcs11_context_t *ctx,
233 CK_MECHANISM_TYPE mechanism_type,
234 const unsigned char *payload, size_t payload_len,
235 const unsigned char *sig, size_t sig_len )
236{
237 CK_MECHANISM mechanism = {mechanism_type, NULL_PTR, 0};
238 CK_RV rv;
239
240 rv = C_VerifyInit( ctx->hSession, &mechanism, ctx->hPublicKey );
241 if( rv != CKR_OK )
242 goto exit;
243 rv = C_Verify( ctx->hSession, (CK_BYTE_PTR) payload, payload_len,
244 (CK_BYTE_PTR) sig, sig_len );
245 if( rv != CKR_OK )
246 goto exit;
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]247
248exit:
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]249 return( pkcs11_err_to_mbedtls_pk_err( rv ) );
250}
251
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame^]252static int pkcs11_verify( void *ctx_arg,
253 mbedtls_md_type_t md_alg,
254 const unsigned char *hash, size_t hash_len,
255 const unsigned char *sig, size_t sig_len)
256{
257 mbedtls_pk_pkcs11_context_t *ctx = ctx_arg;
258
259 /* This function takes size_t arguments but the underlying layer
260 takes unsigned long. Either type may be smaller than the other.
261 Legitimate values won't overflow either type but we still need
262 to check for overflow for robustness. */
263 if( hash_len > (CK_ULONG)( -1 ) )
264 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
265
266 switch( ctx->key_type )
267 {
268#if defined(MBEDTLS_RSA_C)
269 case MBEDTLS_PK_RSA:
270 /* There is no mechanism in PKCS#11 that computes a PKCS#1 v1.5
271 * signature from a hash value and a hash type, only mechanisms
272 * that include the hash calculation and a mechanism that expects
273 * a DigestInfo (encoded hash that isn't padded). So we use the
274 * mechanism that expects a DigestInfo, and calculate the DigestInfo
275 * ourselves if needed. */
276 if( md_alg == MBEDTLS_MD_NONE )
277 {
278 return( pkcs11_verify_core( ctx, CKM_RSA_PKCS,
279 hash, hash_len,
280 sig, sig_len ) );
281 }
282 else
283 {
284 unsigned char digest_info[MBEDTLS_RSA_PKCS1_DIGESTINFO_MAX_SIZE];
285 unsigned char *p = digest_info + sizeof( digest_info );
286 size_t digest_info_len;
287 if( mbedtls_rsa_emsa_pkcs1_v15_encode_digestinfo(
288 &p, digest_info,
289 md_alg, hash, hash_len ) != 0 )
290 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
291 digest_info_len = digest_info + sizeof( digest_info ) - p;
292 return( pkcs11_verify_core( ctx, CKM_RSA_PKCS,
293 p, digest_info_len,
294 sig, sig_len ) );
295 }
296 break;
297#endif /* MBEDTLS_RSA_C */
298 default:
299 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
300 }
301}
302
303static const mbedtls_pk_info_t mbedtls_pk_pkcs11_info =
304 MBEDTLS_PK_OPAQUE_INFO_1( "pkcs11"
305 , pkcs11_pk_get_bitlen
306 , pkcs11_pk_can_do //can_do
307 , pkcs11_pk_signature_size
308 , pkcs11_verify
309 , pkcs11_sign
310 , NULL //pkcs11_decrypt
311 , NULL //pkcs11_encrypt
312 , NULL //check_pair_func
313 , pkcs11_pk_alloc
314 , pkcs11_pk_free
315 , NULL //debug_func
316 );
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]317
318int mbedtls_pk_setup_pkcs11( mbedtls_pk_context *ctx,
319 CK_SESSION_HANDLE hSession,
320 CK_OBJECT_HANDLE hPublicKey,
321 CK_OBJECT_HANDLE hPrivateKey )
322{
323 CK_OBJECT_CLASS public_key_class = -1, private_key_class = -1;
324 CK_KEY_TYPE public_key_type = -1, private_key_type = -1;
325 mbedtls_pk_type_t can_do;
326 CK_ATTRIBUTE attributes[] = {
327 {CKA_CLASS, &public_key_class, sizeof( public_key_class )},
328 {CKA_KEY_TYPE, &public_key_type, sizeof( public_key_type )},
329 };
330 CK_RV rv;
331 uint16_t key_size = 0;
332
333 rv = C_GetAttributeValue( hSession, hPublicKey,
334 attributes, ARRAY_LENGTH( attributes ) );
335 if( rv != CKR_OK )
336 return( pkcs11_err_to_mbedtls_pk_err( rv ) );
337 if( public_key_class != CKO_PUBLIC_KEY )
338 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
339
340 if( hPrivateKey != CK_INVALID_HANDLE )
341 {
342 attributes[0].pValue = &private_key_class;
343 attributes[1].pValue = &private_key_type;
344 rv = C_GetAttributeValue( hSession, hPrivateKey,
345 attributes, ARRAY_LENGTH( attributes ) );
346 if( rv != CKR_OK )
347 return( pkcs11_err_to_mbedtls_pk_err( rv ) );
348 if( private_key_class != CKO_PRIVATE_KEY )
349 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
350 if( public_key_type != private_key_type )
351 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
352 }
353
354 switch( public_key_type ) {
355#if defined(MBEDTLS_RSA_C)
356 case CKK_RSA:
357 can_do = MBEDTLS_PK_RSA;
358 {
359 CK_ULONG modulus_bits;
360 attributes[0].type = CKA_MODULUS_BITS;
361 attributes[0].pValue = &modulus_bits;
362 attributes[0].ulValueLen = sizeof( modulus_bits );
Andrzej Kurekf1a41642018-01-23 09:25:37 -0500[diff] [blame]363 rv = C_GetAttributeValue( hSession, hPublicKey, attributes, 1 );
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]364 if( rv != CKR_OK )
365 return( pkcs11_err_to_mbedtls_pk_err( rv ) );
366 if( modulus_bits > (uint16_t)( -1 ) )
367 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
368 key_size = modulus_bits;
369 }
370 break;
371#endif /* MBEDTLS_RSA_C */
372 default:
373 can_do = MBEDTLS_PK_OPAQUE;
374 break;
375 }
376
377 {
378 int ret = mbedtls_pk_setup( ctx, &mbedtls_pk_pkcs11_info );
379 if( ret != 0 )
380 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
381 }
382 {
383 mbedtls_pk_pkcs11_context_t *pkcs11_ctx = ctx->pk_ctx;
384 pkcs11_ctx->key_type = can_do;
385 pkcs11_ctx->bit_length = key_size;
386 pkcs11_ctx->hSession = hSession;
387 pkcs11_ctx->hPublicKey = hPublicKey;
388 pkcs11_ctx->hPrivateKey = hPrivateKey;
389 }
390 return( 0 );
391}
392
393#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
394static int mpi_to_ck( const mbedtls_mpi *mpi,
395 CK_ATTRIBUTE *attr, CK_ATTRIBUTE_TYPE at,
396 unsigned char **p, size_t len )
397{
398 if( mbedtls_mpi_write_binary( mpi, *p, len ) != 0 )
399 return( 0 );
400 attr->type = at;
401 attr->pValue = *p;
402 attr->ulValueLen = len;
403 *p += len;
404 return( 1 );
405}
406#define MPI_TO_CK( mpi, attr, at, p, len ) \
407 do \
408 { \
409 if( !mpi_to_ck( ( mpi ), ( attr ), ( at ), ( p ), ( len ) ) ) \
410 { \
411 rv = CKR_ARGUMENTS_BAD; \
412 goto exit; \
413 } \
414 } \
415 while( 0 )
416#endif /* defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) */
417
418#define CK_BOOL( x ) ( ( x ) ? CK_TRUE : CK_FALSE )
419
420int mbedtls_pk_import_to_pkcs11( const mbedtls_pk_context *ctx,
421 uint32_t flags,
422 CK_SESSION_HANDLE hSession,
423 CK_OBJECT_HANDLE *hPublicKey,
424 CK_OBJECT_HANDLE *hPrivateKey )
425{
426 CK_OBJECT_CLASS cko_private_key = CKO_PRIVATE_KEY;
427 CK_OBJECT_CLASS cko_public_key = CKO_PUBLIC_KEY;
428 CK_KEY_TYPE ck_key_type;
429 CK_BBOOL ck_sensitive = CK_BOOL( flags & MBEDTLS_PK_FLAG_SENSITIVE );
430 CK_BBOOL ck_extractable = CK_BOOL( flags & MBEDTLS_PK_FLAG_EXTRACTABLE );
431 CK_BBOOL ck_sign = CK_BOOL( flags & MBEDTLS_PK_FLAG_SIGN );
432 CK_BBOOL ck_verify = CK_BOOL( flags & MBEDTLS_PK_FLAG_VERIFY );
433 CK_BBOOL ck_decrypt = CK_BOOL( flags & MBEDTLS_PK_FLAG_DECRYPT );
434 CK_BBOOL ck_encrypt = CK_BOOL( flags & MBEDTLS_PK_FLAG_ENCRYPT );
435 CK_BBOOL ck_token = CK_BOOL( flags & MBEDTLS_PKCS11_FLAG_TOKEN );
436 CK_ATTRIBUTE public_attributes[] = {
437 {CKA_CLASS, &cko_public_key, sizeof( cko_public_key )},
438 {CKA_KEY_TYPE, &ck_key_type, sizeof( ck_key_type )},
439 {CKA_TOKEN, &ck_token, sizeof( ck_token )},
440 {CKA_ENCRYPT, &ck_encrypt, sizeof( ck_encrypt )},
441 {CKA_VERIFY, &ck_verify, sizeof( ck_verify )},
442#define COMMON_PUBLIC_ATTRIBUTES 5 // number of attributes above
443 {-1, NULL, 0},
444 {-1, NULL, 0},
445 };
446 CK_ATTRIBUTE private_attributes[] = {
447 {CKA_CLASS, &cko_private_key, sizeof( cko_private_key )},
448 {CKA_KEY_TYPE, &ck_key_type, sizeof( ck_key_type )},
449 {CKA_TOKEN, &ck_token, sizeof( ck_token )},
450 {CKA_DECRYPT, &ck_decrypt, sizeof( ck_decrypt )},
451 {CKA_SIGN, &ck_sign, sizeof( ck_sign )},
452 {CKA_SENSITIVE, &ck_sensitive, sizeof( ck_sensitive )},
453 {CKA_EXTRACTABLE, &ck_extractable, sizeof( ck_extractable )},
454#define COMMON_PRIVATE_ATTRIBUTES 7 // number of attributes above
455 {-1, NULL, 0},
456 {-1, NULL, 0},
457 {-1, NULL, 0},
458 {-1, NULL, 0},
459 {-1, NULL, 0},
460 {-1, NULL, 0},
461 {-1, NULL, 0},
462 {-1, NULL, 0},
463 };
464 CK_ATTRIBUTE *public_end = public_attributes + COMMON_PUBLIC_ATTRIBUTES;
465 CK_ATTRIBUTE *private_end = private_attributes + COMMON_PRIVATE_ATTRIBUTES;
466#undef COMMON_PUBLIC_ATTRIBUTES
467#undef COMMON_PRIVATE_ATTRIBUTES
468 unsigned char *data = NULL;
469 CK_RV rv;
470
471 if( hPublicKey != NULL )
472 *hPublicKey = CK_INVALID_HANDLE;
473 if( hPrivateKey != NULL )
474 *hPrivateKey = CK_INVALID_HANDLE;
475
476 /* Prepare the data-dependent key attributes */
477 switch( mbedtls_pk_representation_type( mbedtls_pk_get_type( ctx ) ) )
478 {
479#if defined(MBEDTLS_RSA_C)
480 case MBEDTLS_PK_RSA:
481 {
482 const mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *ctx );
483 unsigned char *p;
484 size_t half_len = ( rsa->len + 1 ) / 2;
485 data = mbedtls_calloc( 1, 3 * rsa->len + 5 * half_len );
486 if( data == NULL )
487 {
488 rv = CKR_HOST_MEMORY;
489 goto exit;
490 }
491 p = data;
492 ck_key_type = CKK_RSA;
493 MPI_TO_CK( &rsa->N, public_end, CKA_MODULUS, &p, rsa->len );
494 *private_end++ = *public_end++;
495 MPI_TO_CK( &rsa->E, public_end, CKA_PUBLIC_EXPONENT, &p, rsa->len );
496 *private_end++ = *public_end++;
497 if( hPrivateKey != NULL )
498 {
499 MPI_TO_CK( &rsa->D, private_end++,
500 CKA_PRIVATE_EXPONENT, &p, rsa->len );
501 MPI_TO_CK( &rsa->P, private_end++,
502 CKA_PRIME_1, &p, half_len );
503 MPI_TO_CK( &rsa->Q, private_end++,
504 CKA_PRIME_2, &p, half_len );
505 MPI_TO_CK( &rsa->DP, private_end++,
506 CKA_EXPONENT_1, &p, half_len );
507 MPI_TO_CK( &rsa->DQ, private_end++,
508 CKA_EXPONENT_2, &p, half_len );
509 MPI_TO_CK( &rsa->QP, private_end++,
510 CKA_COEFFICIENT, &p, half_len );
511 }
512 }
513 break;
514#endif /* MBEDTLS_RSA_C */
515 default:
516 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
517 }
518
519 if( hPublicKey != NULL )
520 {
521 *hPublicKey = CK_INVALID_HANDLE;
522 rv = C_CreateObject( hSession,
523 public_attributes,
524 public_end - public_attributes,
525 hPublicKey );
526 if( rv != CKR_OK )
527 goto exit;
528 }
529
530 if( hPrivateKey != NULL )
531 {
532 rv = C_CreateObject( hSession,
533 private_attributes,
534 private_end - private_attributes,
535 hPrivateKey );
536 if( rv != CKR_OK )
537 goto exit;
538 }
539
540exit:
541 if( rv != CKR_OK )
542 {
543 /* In case an error happened, destroy any object that we
544 created. In case C_DestroyObject failed, we report the original
545 error, but *hPublicKey may contain a valid handle if
546 creating the private key failed and then destroying the public key
547 also failed (e.g. because the token disconnected). */
548 if( hPublicKey != NULL && *hPublicKey != CK_INVALID_HANDLE )
549 {
550 if( C_DestroyObject( hSession, *hPublicKey ) == CKR_OK )
551 *hPublicKey = CK_INVALID_HANDLE;
552 }
553 if( hPrivateKey != NULL && *hPrivateKey != CK_INVALID_HANDLE )
554 {
555 if( C_DestroyObject( hSession, *hPrivateKey ) == CKR_OK )
556 *hPrivateKey = CK_INVALID_HANDLE;
557 }
558 }
559 mbedtls_free( data );
560 return( pkcs11_err_to_mbedtls_pk_err( rv ) );
561}
562
563#endif /* MBEDTLS_PK_C */
564
565
566
567#endif /* MBEDTLS_PKCS11_CLIENT_C */