TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / b23b04d1777074d340e64fb137016bf74414e168 / . / library / pkcs11_client.c
blob: 1244f4008dafa638ac3f6b9ebf67f81b1a550321 [file] [log] [blame]
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]1/*
2 * Generic wrapper for Cryptoki (PKCS#11) support
3 *
4 * Copyright (C) 2017, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22#if !defined(MBEDTLS_CONFIG_FILE)
23#include "mbedtls/config.h"
24#else
25#include MBEDTLS_CONFIG_FILE
26#endif
27
28#if defined(MBEDTLS_PKCS11_CLIENT_C)
29
30#include <stdint.h>
31#include <string.h>
32#include <pkcs11.h>
33
34#include "mbedtls/pkcs11_client.h"
35
36#if defined(MBEDTLS_PLATFORM_C)
37#include "mbedtls/platform.h"
38#else
39#include <stdlib.h>
40#define mbedtls_calloc calloc
41#define mbedtls_free free
42#endif
43
44
45
46#if defined(MBEDTLS_PK_C)
47#include "mbedtls/pk.h"
48#include "mbedtls/pk_info.h"
49
50#if defined(MBEDTLS_RSA_C)
51#include "mbedtls/bignum.h"
52#include "mbedtls/rsa.h"
53#endif
54
55#if defined(MBEDTLS_ECDSA_C)
56#include "mbedtls/asn1.h"
57#include "mbedtls/asn1write.h"
58#include "mbedtls/bignum.h"
59#include "mbedtls/ecdsa.h"
60#include "mbedtls/ecp.h"
61#include "mbedtls/oid.h"
62#endif
63
64#define ARRAY_LENGTH( a ) ( sizeof( a ) / sizeof( *( a ) ) )
65
66typedef struct {
67 mbedtls_pk_type_t key_type; /**< key type */
68 CK_SESSION_HANDLE hSession; /**< session handle */
69 CK_OBJECT_HANDLE hPublicKey; /**< public key handle (must not be null) */
70 CK_OBJECT_HANDLE hPrivateKey; /**< private key handle (may be null) */
71 uint16_t bit_length; /**< key length in bits */
72} mbedtls_pk_pkcs11_context_t;
73
74static int pkcs11_err_to_mbedtls_pk_err( CK_RV rv )
75{
76 switch( rv )
77 {
78 case CKR_OK:
79 return( 0 );
80 case CKR_HOST_MEMORY:
81 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
82 case CKR_ARGUMENTS_BAD:
83 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
84 case CKR_KEY_FUNCTION_NOT_PERMITTED:
85 return( MBEDTLS_ERR_PK_NOT_PERMITTED );
86 case CKR_MECHANISM_INVALID:
87 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
88 case CKR_MECHANISM_PARAM_INVALID:
89 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
90 case CKR_OBJECT_HANDLE_INVALID:
91 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
92 case CKR_SIGNATURE_INVALID:
93 return( MBEDTLS_ERR_PK_INVALID_SIGNATURE );
94 case CKR_SIGNATURE_LEN_RANGE:
95 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
96 case CKR_TEMPLATE_INCOMPLETE:
97 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
98 case CKR_BUFFER_TOO_SMALL:
99 return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL );
100 default:
101 return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
102 }
103}
104
105static size_t pkcs11_pk_get_bitlen( const void *ctx_arg )
106{
107 const mbedtls_pk_pkcs11_context_t *ctx = ctx_arg;
108 return( ctx->bit_length );
109}
110
111static int pkcs11_pk_can_do( const void *ctx_arg, mbedtls_pk_type_t type )
112{
113 const mbedtls_pk_pkcs11_context_t *ctx = ctx_arg;
Andrzej Kurek686a05e2018-03-02 17:11:39 -0500[diff] [blame]114 return( ctx->key_type == mbedtls_pk_representation_type( type ) );
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]115}
116
117static void *pkcs11_pk_alloc( )
118{
119 return( mbedtls_calloc( 1, sizeof( mbedtls_pk_pkcs11_context_t ) ) );
120}
121
122static void pkcs11_pk_free( void *ctx )
123{
124 mbedtls_free( ctx );
125}
126
127static size_t pkcs11_pk_signature_size( const void *ctx_arg )
128{
129 const mbedtls_pk_pkcs11_context_t *ctx = ctx_arg;
130 switch( ctx->key_type )
131 {
132 case MBEDTLS_PK_RSA:
133 return( ( ctx->bit_length + 7 ) / 8 );
134 case MBEDTLS_PK_ECKEY:
135 return( MBEDTLS_ECDSA_MAX_SIG_LEN( ctx->bit_length ) );
136 default:
137 return( 0 );
138 }
139}
140
Andrzej Kurek686a05e2018-03-02 17:11:39 -0500[diff] [blame]141#if defined(MBEDTLS_RSA_C)
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame]142static int pkcs11_sign_core( mbedtls_pk_pkcs11_context_t *ctx,
143 CK_MECHANISM_TYPE mechanism_type,
144 const unsigned char *payload, size_t payload_len,
145 unsigned char *sig, size_t *sig_len,
146 size_t sig_size )
147{
148 CK_ULONG ck_sig_len = sig_size;
Andrzej Kurek686a05e2018-03-02 17:11:39 -0500[diff] [blame]149 CK_MECHANISM mechanism = { mechanism_type, NULL_PTR, 0 };
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame]150 CK_RV rv;
151 rv = C_SignInit( ctx->hSession, &mechanism, ctx->hPrivateKey );
152 if( rv != CKR_OK )
153 goto exit;
154 rv = C_Sign( ctx->hSession, (CK_BYTE_PTR) payload, payload_len,
155 sig, &ck_sig_len );
156 if( rv != CKR_OK )
157 goto exit;
158 *sig_len = ck_sig_len;
159exit:
Andrzej Kurekb23b04d2018-03-20 05:02:29 -0400[diff] [blame^]160 if( rv != CKR_OK )
161 memset( sig, 0, ck_sig_len );
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame]162 return( pkcs11_err_to_mbedtls_pk_err( rv ) );
163}
Andrzej Kurek686a05e2018-03-02 17:11:39 -0500[diff] [blame]164#endif /* MBEDTLS_RSA_C */
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame]165
166#if defined(MBEDTLS_RSA_C)
167static int pkcs11_sign_rsa( mbedtls_pk_pkcs11_context_t *ctx,
168 const unsigned char *digest_info,
169 size_t digest_info_len,
170 unsigned char *sig, size_t *sig_len )
171{
172 return( pkcs11_sign_core( ctx, CKM_RSA_PKCS,
173 digest_info, digest_info_len,
174 sig, sig_len, ( ctx->bit_length + 7 ) / 8 ) );
175}
176#endif /* MBEDTLS_RSA_C */
177
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]178static int pkcs11_sign( void *ctx_arg,
179 mbedtls_md_type_t md_alg,
180 const unsigned char *hash, size_t hash_len,
181 unsigned char *sig, size_t *sig_len,
182 int (*f_rng)(void *, unsigned char *, size_t),
183 void *p_rng )
184{
185 mbedtls_pk_pkcs11_context_t *ctx = ctx_arg;
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame]186 int ret;
187
188 *sig_len = 0;
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]189
190 /* This function takes size_t arguments but the underlying layer
191 takes unsigned long. Either type may be smaller than the other.
192 Legitimate values won't overflow either type but we still need
193 to check for overflow for robustness. */
194 if( hash_len > (CK_ULONG)( -1 ) )
195 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
196 (void) f_rng;
197 (void) p_rng;
198
199 switch( ctx->key_type )
200 {
201#if defined(MBEDTLS_RSA_C)
202 case MBEDTLS_PK_RSA:
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame]203 /* There is no mechanism in PKCS#11 that computes a PKCS#1 v1.5
204 * signature from a hash value and a hash type, only mechanisms
205 * that include the hash calculation and a mechanism that expects
206 * a DigestInfo (encoded hash that isn't padded). So we use the
207 * mechanism that expects a DigestInfo, and calculate the DigestInfo
208 * ourselves if needed. */
209 if( md_alg == MBEDTLS_MD_NONE )
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]210 {
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame]211 ret = pkcs11_sign_rsa( ctx, hash, hash_len, sig, sig_len );
212 }
213 else
214 {
215 unsigned char digest_info[MBEDTLS_RSA_PKCS1_DIGESTINFO_MAX_SIZE];
216 unsigned char *p = digest_info + sizeof( digest_info );
217 size_t digest_info_len;
218 if( mbedtls_rsa_emsa_pkcs1_v15_encode_digestinfo(
219 &p, digest_info,
220 md_alg, hash, hash_len ) != 0 )
221 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
222 digest_info_len = digest_info + sizeof( digest_info ) - p;
223 ret = pkcs11_sign_rsa( ctx, p, digest_info_len, sig, sig_len );
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]224 }
225 break;
226#endif /* MBEDTLS_RSA_C */
227 default:
228 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
229 }
230
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame]231 return( ret );
232}
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]233
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame]234static int pkcs11_verify_core( mbedtls_pk_pkcs11_context_t *ctx,
235 CK_MECHANISM_TYPE mechanism_type,
236 const unsigned char *payload, size_t payload_len,
237 const unsigned char *sig, size_t sig_len )
238{
Andrzej Kurek686a05e2018-03-02 17:11:39 -0500[diff] [blame]239 CK_MECHANISM mechanism = { mechanism_type, NULL_PTR, 0 };
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame]240 CK_RV rv;
241
242 rv = C_VerifyInit( ctx->hSession, &mechanism, ctx->hPublicKey );
243 if( rv != CKR_OK )
244 goto exit;
245 rv = C_Verify( ctx->hSession, (CK_BYTE_PTR) payload, payload_len,
246 (CK_BYTE_PTR) sig, sig_len );
247 if( rv != CKR_OK )
248 goto exit;
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]249
250exit:
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]251 return( pkcs11_err_to_mbedtls_pk_err( rv ) );
252}
253
Andrzej Kurek79f4e0e2018-01-24 08:15:51 -0500[diff] [blame]254static int pkcs11_verify( void *ctx_arg,
255 mbedtls_md_type_t md_alg,
256 const unsigned char *hash, size_t hash_len,
257 const unsigned char *sig, size_t sig_len)
258{
259 mbedtls_pk_pkcs11_context_t *ctx = ctx_arg;
260
261 /* This function takes size_t arguments but the underlying layer
262 takes unsigned long. Either type may be smaller than the other.
263 Legitimate values won't overflow either type but we still need
264 to check for overflow for robustness. */
265 if( hash_len > (CK_ULONG)( -1 ) )
266 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
267
268 switch( ctx->key_type )
269 {
270#if defined(MBEDTLS_RSA_C)
271 case MBEDTLS_PK_RSA:
272 /* There is no mechanism in PKCS#11 that computes a PKCS#1 v1.5
273 * signature from a hash value and a hash type, only mechanisms
274 * that include the hash calculation and a mechanism that expects
275 * a DigestInfo (encoded hash that isn't padded). So we use the
276 * mechanism that expects a DigestInfo, and calculate the DigestInfo
277 * ourselves if needed. */
278 if( md_alg == MBEDTLS_MD_NONE )
279 {
280 return( pkcs11_verify_core( ctx, CKM_RSA_PKCS,
281 hash, hash_len,
282 sig, sig_len ) );
283 }
284 else
285 {
286 unsigned char digest_info[MBEDTLS_RSA_PKCS1_DIGESTINFO_MAX_SIZE];
287 unsigned char *p = digest_info + sizeof( digest_info );
288 size_t digest_info_len;
289 if( mbedtls_rsa_emsa_pkcs1_v15_encode_digestinfo(
290 &p, digest_info,
291 md_alg, hash, hash_len ) != 0 )
292 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
293 digest_info_len = digest_info + sizeof( digest_info ) - p;
294 return( pkcs11_verify_core( ctx, CKM_RSA_PKCS,
295 p, digest_info_len,
296 sig, sig_len ) );
297 }
298 break;
299#endif /* MBEDTLS_RSA_C */
300 default:
301 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
302 }
303}
304
305static const mbedtls_pk_info_t mbedtls_pk_pkcs11_info =
306 MBEDTLS_PK_OPAQUE_INFO_1( "pkcs11"
307 , pkcs11_pk_get_bitlen
308 , pkcs11_pk_can_do //can_do
309 , pkcs11_pk_signature_size
310 , pkcs11_verify
311 , pkcs11_sign
312 , NULL //pkcs11_decrypt
313 , NULL //pkcs11_encrypt
314 , NULL //check_pair_func
315 , pkcs11_pk_alloc
316 , pkcs11_pk_free
317 , NULL //debug_func
318 );
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]319
320int mbedtls_pk_setup_pkcs11( mbedtls_pk_context *ctx,
321 CK_SESSION_HANDLE hSession,
322 CK_OBJECT_HANDLE hPublicKey,
323 CK_OBJECT_HANDLE hPrivateKey )
324{
325 CK_OBJECT_CLASS public_key_class = -1, private_key_class = -1;
326 CK_KEY_TYPE public_key_type = -1, private_key_type = -1;
327 mbedtls_pk_type_t can_do;
328 CK_ATTRIBUTE attributes[] = {
329 {CKA_CLASS, &public_key_class, sizeof( public_key_class )},
330 {CKA_KEY_TYPE, &public_key_type, sizeof( public_key_type )},
331 };
332 CK_RV rv;
333 uint16_t key_size = 0;
334
335 rv = C_GetAttributeValue( hSession, hPublicKey,
336 attributes, ARRAY_LENGTH( attributes ) );
337 if( rv != CKR_OK )
338 return( pkcs11_err_to_mbedtls_pk_err( rv ) );
339 if( public_key_class != CKO_PUBLIC_KEY )
340 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
341
342 if( hPrivateKey != CK_INVALID_HANDLE )
343 {
344 attributes[0].pValue = &private_key_class;
345 attributes[1].pValue = &private_key_type;
346 rv = C_GetAttributeValue( hSession, hPrivateKey,
347 attributes, ARRAY_LENGTH( attributes ) );
348 if( rv != CKR_OK )
349 return( pkcs11_err_to_mbedtls_pk_err( rv ) );
350 if( private_key_class != CKO_PRIVATE_KEY )
351 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
352 if( public_key_type != private_key_type )
353 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
354 }
355
356 switch( public_key_type ) {
357#if defined(MBEDTLS_RSA_C)
358 case CKK_RSA:
359 can_do = MBEDTLS_PK_RSA;
360 {
361 CK_ULONG modulus_bits;
362 attributes[0].type = CKA_MODULUS_BITS;
363 attributes[0].pValue = &modulus_bits;
364 attributes[0].ulValueLen = sizeof( modulus_bits );
Andrzej Kurekf1a41642018-01-23 09:25:37 -0500[diff] [blame]365 rv = C_GetAttributeValue( hSession, hPublicKey, attributes, 1 );
Andrzej Kurek753b86c2018-01-23 08:56:17 -0500[diff] [blame]366 if( rv != CKR_OK )
367 return( pkcs11_err_to_mbedtls_pk_err( rv ) );
368 if( modulus_bits > (uint16_t)( -1 ) )
369 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
370 key_size = modulus_bits;
371 }
372 break;
373#endif /* MBEDTLS_RSA_C */
374 default:
375 can_do = MBEDTLS_PK_OPAQUE;
376 break;
377 }
378
379 {
380 int ret = mbedtls_pk_setup( ctx, &mbedtls_pk_pkcs11_info );
381 if( ret != 0 )
382 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
383 }
384 {
385 mbedtls_pk_pkcs11_context_t *pkcs11_ctx = ctx->pk_ctx;
386 pkcs11_ctx->key_type = can_do;
387 pkcs11_ctx->bit_length = key_size;
388 pkcs11_ctx->hSession = hSession;
389 pkcs11_ctx->hPublicKey = hPublicKey;
390 pkcs11_ctx->hPrivateKey = hPrivateKey;
391 }
392 return( 0 );
393}
394
395#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
396static int mpi_to_ck( const mbedtls_mpi *mpi,
397 CK_ATTRIBUTE *attr, CK_ATTRIBUTE_TYPE at,
398 unsigned char **p, size_t len )
399{
400 if( mbedtls_mpi_write_binary( mpi, *p, len ) != 0 )
401 return( 0 );
402 attr->type = at;
403 attr->pValue = *p;
404 attr->ulValueLen = len;
405 *p += len;
406 return( 1 );
407}
408#define MPI_TO_CK( mpi, attr, at, p, len ) \
409 do \
410 { \
411 if( !mpi_to_ck( ( mpi ), ( attr ), ( at ), ( p ), ( len ) ) ) \
412 { \
413 rv = CKR_ARGUMENTS_BAD; \
414 goto exit; \
415 } \
416 } \
417 while( 0 )
418#endif /* defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) */
419
420#define CK_BOOL( x ) ( ( x ) ? CK_TRUE : CK_FALSE )
421
422int mbedtls_pk_import_to_pkcs11( const mbedtls_pk_context *ctx,
423 uint32_t flags,
424 CK_SESSION_HANDLE hSession,
425 CK_OBJECT_HANDLE *hPublicKey,
426 CK_OBJECT_HANDLE *hPrivateKey )
427{
428 CK_OBJECT_CLASS cko_private_key = CKO_PRIVATE_KEY;
429 CK_OBJECT_CLASS cko_public_key = CKO_PUBLIC_KEY;
430 CK_KEY_TYPE ck_key_type;
431 CK_BBOOL ck_sensitive = CK_BOOL( flags & MBEDTLS_PK_FLAG_SENSITIVE );
432 CK_BBOOL ck_extractable = CK_BOOL( flags & MBEDTLS_PK_FLAG_EXTRACTABLE );
433 CK_BBOOL ck_sign = CK_BOOL( flags & MBEDTLS_PK_FLAG_SIGN );
434 CK_BBOOL ck_verify = CK_BOOL( flags & MBEDTLS_PK_FLAG_VERIFY );
435 CK_BBOOL ck_decrypt = CK_BOOL( flags & MBEDTLS_PK_FLAG_DECRYPT );
436 CK_BBOOL ck_encrypt = CK_BOOL( flags & MBEDTLS_PK_FLAG_ENCRYPT );
437 CK_BBOOL ck_token = CK_BOOL( flags & MBEDTLS_PKCS11_FLAG_TOKEN );
438 CK_ATTRIBUTE public_attributes[] = {
439 {CKA_CLASS, &cko_public_key, sizeof( cko_public_key )},
440 {CKA_KEY_TYPE, &ck_key_type, sizeof( ck_key_type )},
441 {CKA_TOKEN, &ck_token, sizeof( ck_token )},
442 {CKA_ENCRYPT, &ck_encrypt, sizeof( ck_encrypt )},
443 {CKA_VERIFY, &ck_verify, sizeof( ck_verify )},
444#define COMMON_PUBLIC_ATTRIBUTES 5 // number of attributes above
445 {-1, NULL, 0},
446 {-1, NULL, 0},
447 };
448 CK_ATTRIBUTE private_attributes[] = {
449 {CKA_CLASS, &cko_private_key, sizeof( cko_private_key )},
450 {CKA_KEY_TYPE, &ck_key_type, sizeof( ck_key_type )},
451 {CKA_TOKEN, &ck_token, sizeof( ck_token )},
452 {CKA_DECRYPT, &ck_decrypt, sizeof( ck_decrypt )},
453 {CKA_SIGN, &ck_sign, sizeof( ck_sign )},
454 {CKA_SENSITIVE, &ck_sensitive, sizeof( ck_sensitive )},
455 {CKA_EXTRACTABLE, &ck_extractable, sizeof( ck_extractable )},
456#define COMMON_PRIVATE_ATTRIBUTES 7 // number of attributes above
457 {-1, NULL, 0},
458 {-1, NULL, 0},
459 {-1, NULL, 0},
460 {-1, NULL, 0},
461 {-1, NULL, 0},
462 {-1, NULL, 0},
463 {-1, NULL, 0},
464 {-1, NULL, 0},
465 };
466 CK_ATTRIBUTE *public_end = public_attributes + COMMON_PUBLIC_ATTRIBUTES;
467 CK_ATTRIBUTE *private_end = private_attributes + COMMON_PRIVATE_ATTRIBUTES;
468#undef COMMON_PUBLIC_ATTRIBUTES
469#undef COMMON_PRIVATE_ATTRIBUTES
470 unsigned char *data = NULL;
471 CK_RV rv;
472
473 if( hPublicKey != NULL )
474 *hPublicKey = CK_INVALID_HANDLE;
475 if( hPrivateKey != NULL )
476 *hPrivateKey = CK_INVALID_HANDLE;
477
478 /* Prepare the data-dependent key attributes */
479 switch( mbedtls_pk_representation_type( mbedtls_pk_get_type( ctx ) ) )
480 {
481#if defined(MBEDTLS_RSA_C)
482 case MBEDTLS_PK_RSA:
483 {
484 const mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *ctx );
485 unsigned char *p;
486 size_t half_len = ( rsa->len + 1 ) / 2;
487 data = mbedtls_calloc( 1, 3 * rsa->len + 5 * half_len );
488 if( data == NULL )
489 {
490 rv = CKR_HOST_MEMORY;
491 goto exit;
492 }
493 p = data;
494 ck_key_type = CKK_RSA;
495 MPI_TO_CK( &rsa->N, public_end, CKA_MODULUS, &p, rsa->len );
496 *private_end++ = *public_end++;
497 MPI_TO_CK( &rsa->E, public_end, CKA_PUBLIC_EXPONENT, &p, rsa->len );
498 *private_end++ = *public_end++;
499 if( hPrivateKey != NULL )
500 {
501 MPI_TO_CK( &rsa->D, private_end++,
502 CKA_PRIVATE_EXPONENT, &p, rsa->len );
503 MPI_TO_CK( &rsa->P, private_end++,
504 CKA_PRIME_1, &p, half_len );
505 MPI_TO_CK( &rsa->Q, private_end++,
506 CKA_PRIME_2, &p, half_len );
507 MPI_TO_CK( &rsa->DP, private_end++,
508 CKA_EXPONENT_1, &p, half_len );
509 MPI_TO_CK( &rsa->DQ, private_end++,
510 CKA_EXPONENT_2, &p, half_len );
511 MPI_TO_CK( &rsa->QP, private_end++,
512 CKA_COEFFICIENT, &p, half_len );
513 }
514 }
515 break;
516#endif /* MBEDTLS_RSA_C */
517 default:
518 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
519 }
520
521 if( hPublicKey != NULL )
522 {
523 *hPublicKey = CK_INVALID_HANDLE;
524 rv = C_CreateObject( hSession,
525 public_attributes,
526 public_end - public_attributes,
527 hPublicKey );
528 if( rv != CKR_OK )
529 goto exit;
530 }
531
532 if( hPrivateKey != NULL )
533 {
534 rv = C_CreateObject( hSession,
535 private_attributes,
536 private_end - private_attributes,
537 hPrivateKey );
538 if( rv != CKR_OK )
539 goto exit;
540 }
541
542exit:
543 if( rv != CKR_OK )
544 {
545 /* In case an error happened, destroy any object that we
546 created. In case C_DestroyObject failed, we report the original
547 error, but *hPublicKey may contain a valid handle if
548 creating the private key failed and then destroying the public key
549 also failed (e.g. because the token disconnected). */
550 if( hPublicKey != NULL && *hPublicKey != CK_INVALID_HANDLE )
551 {
552 if( C_DestroyObject( hSession, *hPublicKey ) == CKR_OK )
553 *hPublicKey = CK_INVALID_HANDLE;
554 }
555 if( hPrivateKey != NULL && *hPrivateKey != CK_INVALID_HANDLE )
556 {
557 if( C_DestroyObject( hSession, *hPrivateKey ) == CKR_OK )
558 *hPrivateKey = CK_INVALID_HANDLE;
559 }
560 }
561 mbedtls_free( data );
562 return( pkcs11_err_to_mbedtls_pk_err( rv ) );
563}
564
565#endif /* MBEDTLS_PK_C */
566
567
568
569#endif /* MBEDTLS_PKCS11_CLIENT_C */