[CADP-18311] : CKA_KEY_TYPE changes and fpe struct changed to generic…

… struct
ThalesGroup · May 24, 2024 · 51ec779 · 51ec779
1 parent 78f37fc
commit 51ec779
Show file tree

Hide file tree

Showing 5 changed files with 123 additions and 10 deletions.
diff --git a/pkcs11/C/fpe.h b/pkcs11/C/fpe.h
@@ -55,16 +55,16 @@ typedef struct FF1_PARAMETER_UTF {
   CK_BYTE        charset[4*65536]; /* this is an open array with a minimum length of 2 bytes and a theoretical maximum length of 65535*4 bytes */
   /* tweak data is optional - if present, it immediately follows the charset data (within the charset array) */
 } CK_FF1_PARAMETER_UTF;
-typedef struct FF31_PARAMETER {
+typedef struct FPE_GEN_PARAMETER {
   CK_BYTE        tweakAlgo[8];
   unsigned       tweakAlgolen;
   CK_BYTE        tweak[256];
   unsigned       tweaklen;
-  CK_BYTE        mode;       /* 0...ASCII, 1...UTF8, 2...UTF16LE, 3...UTF16BE, 4...UTF32LE, 5...UTF32BE, 6...CS_CARD10, 7...CS_CARD26, 8...CS_CARD62 */
+  unsigned short mode;       /* 0...ASCII, 1...UTF8, 2...UTF16LE, 3...UTF16BE, 4...UTF32LE, 5...UTF32BE, 6...CS_CARD10, 7...CS_CARD26, 8...CS_CARD62 */
   unsigned short radix;      /* radix in network byte order, 2..65535 */
   unsigned       charsetlen; /* length of character set data in bytes, in network byte order */
   CK_BYTE        charset[4*65535];
-} CK_FF31_PARAMETER;
+} CK_FPE_GENERIC_PARAMETER;
 
 
 #if defined(_AIX) || defined(__hpux) || defined(__sun) || defined(__s390x__)

diff --git a/pkcs11/C/pkcs11_sample_attributes.c b/pkcs11/C/pkcs11_sample_attributes.c
@@ -350,6 +350,8 @@ int main(int argc, char *argv[])
     int         ksid_type = keyIdLabel;
     char        *keyAlias = NULL;
     char        *idattr = NULL;
+    char        *keyType = NULL;
+    CK_KEY_TYPE keytype = CKK_AES;
     CK_ULONG     modulusBufLen = 520;
     CK_ULONG     privExpoBufLen = 512;
     CK_ULONG     pubExpoBufLen = 32;
@@ -367,7 +369,7 @@ int main(int argc, char *argv[])
     CK_BYTE     modulusBuf[ASYMKEY_BUF_LEN];
     unsigned long lifespan = 1;
 
-    while ((c = newgetopt(argc, argv, "c:p:kp:m:s:i:a:I:z:d:g:v:1:2:3:4:5:ls:ct:CDZP")) != EOF)
+    while ((c = newgetopt(argc, argv, "c:p:kp:m:s:i:a:I:kt:z:d:g:v:1:2:3:4:5:ls:ct:CDZP")) != EOF)
     {
         switch (c)
         {
@@ -383,6 +385,9 @@ int main(int argc, char *argv[])
         case 'I':
 			idattr = optarg;
             break;
+        case kt:
+		    keyType = optarg;// AES, RSA, EC, HMAC
+            break;
         case 'k':
             keyLabel = optarg;
             break;
@@ -469,8 +474,9 @@ int main(int argc, char *argv[])
         pKsid = idattr;
         ksid_type = keyIdAttr;
 	}
+    else if (keyType) keytype = getKeyType(keyType);
 
-    if (NULL == pin || !pKsid) usage();
+    if (NULL == pin || (!pKsid && !keyType)) usage();
 
     printf("Begin Get/Set/Delete Attributes Sample: ...\n");
     do
@@ -525,6 +531,22 @@ int main(int argc, char *argv[])
 				getAttributesValue(phKeys[i], 0, NULL, NULL);
 			}
 		}
+        else if (keyType != NULL)
+        {
+            CK_ULONG numObjects = 1000;
+			CK_OBJECT_HANDLE phKeys[1000];
+			int i = 0;
+
+			rc = findKeysByCkaType(keytype, &numObjects, phKeys);
+			if (rc != CKR_OK) {
+				break;
+			}
+			for (i = 0; i < numObjects; i++) {
+				printf("\nAttributes for key number %d\n", i + 1);
+				getAttributesValue(phKeys[i], 0, NULL, NULL);
+			}
+
+        }
 		else if (symmetric == 0)
         {
             rc = findKey(pKsid, ksid_type, CKO_PRIVATE_KEY, &hPrivateKey);
@@ -554,7 +576,6 @@ int main(int argc, char *argv[])
             {
                 printf("Finding public key succeeded, about to retrieve its attributes.\n");
                 getAsymAttributesValue(hPublicKey, CKO_PUBLIC_KEY, modulusBuf, &modulusBufLen, pubExponentBuf, &pubExpoBufLen);
-
                 if (bDeleteTwoAttributes) printf("About to delete custom attributes 4 and 5\n");
                 else if (bCustomAttr)     printf("About to set custom attributes 4 and 5 to '%s' and '%s', respectively.\n", custom4, custom5);
 
@@ -576,7 +597,6 @@ int main(int argc, char *argv[])
                 printf("Finding private key succeeded, about to retrieve its attributes.\n");
                 modulusBufLen = 520;
                 getAsymAttributesValue(hPrivateKey, CKO_PRIVATE_KEY, modulusBuf, &modulusBufLen, privExponentBuf, &privExpoBufLen);
-
                 if (bDeleteTwoAttributes) printf("About to delete custom attributes 4 and 5\n");
                 else if (bCustomAttr)     printf("About to set custom attributes 4 and 5 to '%s' and '%s', respectively.\n", custom4, custom5);
 

diff --git a/pkcs11/C/pkcs11_sample_encrypt_decrypt.c b/pkcs11/C/pkcs11_sample_encrypt_decrypt.c
@@ -379,7 +379,7 @@ static CK_RV encryptDecryptBuf(CK_SESSION_HANDLE hSess, CK_MECHANISM *pMechEnc,
     else return CKR_OK;
 }
 
-int setDefaultForFF3_1(CK_FF31_PARAMETER *ff31params, char *tweakfilename, char *tweak_algo){
+int setDefaultForFF3_1(CK_FPE_GENERIC_PARAMETER *ff31params, char *tweakfilename, char *tweak_algo){
     int tweak_file_size = 0;
     if(tweak_algo){
         ff31params->tweakAlgolen = strlen(tweak_algo);
@@ -534,7 +534,7 @@ static CK_RV encryptDecrypt(char *operation, char *in_filename, char *piv, char
         CK_FPE_PARAMETER     fpeparams;
         CK_FPE_PARAMETER_UTF fpeparamsutf;
         CK_FF1_PARAMETER_UTF ff1paramsutf;
-        CK_FF31_PARAMETER ff31params;
+        CK_FPE_GENERIC_PARAMETER ff31params;
         CK_MECHANISM	mechEncryptionPad =    { encheader|CKM_AES_CBC_PAD,   def_iv, 16 };
         CK_MECHANISM	mechEncryptionCtr =    { encheader|CKM_AES_CTR,       def_iv, 16 };
         CK_MECHANISM    mechEncryptionGCM =    { CKM_AES_GCM, &gcmParams, sizeof (CK_GCM_PARAMS) };

diff --git a/pkcs11/C/pkcs11_sample_helper.c b/pkcs11/C/pkcs11_sample_helper.c
@@ -513,6 +513,16 @@ parse_key_class(char *key, CK_OBJECT_CLASS  *pObjCls)
     }
 }
 
+CK_KEY_TYPE getKeyType(char *keyType)
+{
+        if (strncmp(keyType, "AES", 3) == 0) return CKK_AES;
+        else if (strncmp(keyType, "RSA", 3) == 0) return CKK_RSA;
+        else if (strncmp(keyType, "EC", 2) == 0) return CKK_EC;
+        else if (strncmp(keyType, "HMAC-SHA1", 9) == 0) return CKK_SHA_1_HMAC;
+        else if (strncmp(keyType, "HMAC-SHA256", 11) == 0) return CKK_SHA256_HMAC;
+        else if (strncmp(keyType, "HAMC-SHA384", 11) == 0) return CKK_SHA384_HMAC;
+        else if (strncmp(keyType, "HMAC-SHA512", 11) == 0) return CKK_SHA512_HMAC;
+}
 
 CK_RV findKey( char* keySearchId, int keyidType, CK_OBJECT_CLASS keyType, CK_OBJECT_HANDLE *phKey )
 {
@@ -620,6 +630,88 @@ CK_RV findKey( char* keySearchId, int keyidType, CK_OBJECT_CLASS keyType, CK_OBJ
     return rc;
 }
 
+/*
+ ************************************************************************
+ * Function: findKeysByCkaType
+ * Finds the keys present on the CM by key type.
+ ************************************************************************
+ * Parameters: keytype, max number of objects, buffer for key handles returned  
+ * 
+ * Returns: CK_RV
+ ************************************************************************
+ */
+
+CK_RV findKeysByCkaType(CK_KEY_TYPE *keytype, CK_ULONG *numObjects, CK_OBJECT_HANDLE *phKeys)
+{
+    CK_RV rc = CKR_OK;
+
+    /* find the key by CKA_ID. */
+    CK_ULONG  numOfObjReturned = 0;
+    CK_ATTRIBUTE_PTR findKeyTemplatePtr;
+    CK_ULONG  findKeyTemplateSize;
+
+    /* find the key by CKA_KEY_TYPE. */
+    CK_ATTRIBUTE findKeyTemplatePass[] =
+    {
+        {CKA_KEY_TYPE, &keytype, sizeof(keytype)}
+    };
+
+	findKeyTemplatePtr = findKeyTemplatePass;
+    findKeyTemplateSize = sizeof(findKeyTemplatePass)/sizeof(CK_ATTRIBUTE);
+
+    /* call FindObjectsFinal just in case there's another search ongoing for this session. */
+    rc = FunctionListFuncPtr->C_FindObjectsFinal(hSession);
+    if (rc != CKR_OK)
+    {
+        fprintf (stderr, "FAIL: call to the first C_FindObjectsFinal() failed; rc=0x%08x\n", (unsigned int)rc);
+        *phKeys = CK_INVALID_HANDLE;
+        return rc;
+    }
+
+    rc = FunctionListFuncPtr->C_FindObjectsInit(hSession,
+            findKeyTemplatePtr,
+            findKeyTemplateSize
+                                               );
+    if (rc != CKR_OK)
+    {
+        fprintf (stderr, "FAIL: call to C_FindObjectsInit() failed: rc=0x%08x.\n", (unsigned int)rc);
+        *phKeys = CK_INVALID_HANDLE;
+        return rc;
+    }
+
+    /* loop thorugh C_FindObjcts until numOfObjReturned is 0 and we break out
+     * of the loop. we expect to find only 1  key that matches the name.
+     */
+
+    while (CK_TRUE)
+    {
+        rc = FunctionListFuncPtr->C_FindObjects( hSession,
+                phKeys,
+                *numObjects,
+                &numOfObjReturned);
+
+        if (rc != CKR_OK )
+        {
+            fprintf (stderr, "Error: call to C_FindObjects() returned %d objects with error; rc=0x%08x.\n", (int)numOfObjReturned, (unsigned int)rc);
+        }
+
+        if ((numOfObjReturned == 0) || (numOfObjReturned <= *numObjects))
+        {
+			*numObjects = numOfObjReturned;
+            break;
+        }
+    }
+
+    rc = FunctionListFuncPtr->C_FindObjectsFinal(hSession);
+
+    if (rc != CKR_OK)
+    {
+        fprintf (stderr, "FAIL: Call to C_FindObjectsFinal failed; rc=0x%08x.\n", (unsigned int)rc);
+    }
+
+    return rc;
+}
+
 
 CK_RV findKeysByIdAttr(char* keySearchId, CK_ULONG *numObjects, CK_OBJECT_HANDLE *phKeys)
 {
@@ -2655,4 +2747,4 @@ void put_BOM_mode(CK_BYTE bom_mode, FILE* fp_write)
         fputs("\xEF\xBB\xBF", fp_write);
         break;
     }
-}
+}
diff --git a/pkcs11/C/pkcs11_sample_helper.h b/pkcs11/C/pkcs11_sample_helper.h
@@ -72,6 +72,7 @@ extern CK_BBOOL             bNeverExtractable;
 
 
 #define kp  ((int)'k' << 8 | (int)'p')
+#define kt  ((int)'k' << 8 | (int)'t')
 #define ks  ((int)'k' << 8 | (int)'s')
 #define ka  ((int)'k' << 8 | (int)'a')