PageRenderTime 89ms CodeModel.GetById 2ms app.highlight 77ms RepoModel.GetById 1ms app.codeStats 1ms

/kpkcs11/cki_objs.c

https://github.com/secure-endpoints/kcacred
C | 1397 lines | 1166 code | 139 blank | 92 comment | 180 complexity | 4ae04ddd15895b6da697eeaa699f1527 MD5 | raw file
   1/*
   2 * Copyright (c) 1999
   3 * The Trustees of Columbia University in the City of New York.
   4 * All rights reserved.
   5 * 
   6 * Permission is granted to you to use, copy, create derivative works,
   7 * and redistribute this software and such derivative works for any
   8 * purpose, so long as the name of Columbia University is not used in any
   9 * advertising, publicity, or for any other purpose pertaining to the use
  10 * or distribution of this software, other than for including the
  11 * copyright notice set forth herein, without specific, written prior
  12 * authorization.  Columbia University reserves the rights to use, copy,
  13 * and distribute any such derivative works for any purposes.  The above
  14 * copyright notice must be included in any copy of any portion of this
  15 * software and the disclaimer below must also be included.
  16 * 
  17 *   THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION FROM THE
  18 *   TRUSTEES OF COLUMBIA UNIVERSITY IN THE CITY OF NEW YORK AS TO ITS
  19 *   FITNESS FOR ANY PURPOSE, AND WITHOUT WARRANTY BY THE TRUSTEES OF
  20 *   COLUMBIA UNIVERSITY IN THE CITY OF NEW YORK OF ANY KIND, EITHER
  21 *   EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED
  22 *   WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  23 *   THE TRUSTEES OF COLUMBIA UNIVERSITY IN THE CITY OF NEW YORK SHALL
  24 *   NOT BE LIABLE FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT,
  25 *   INCIDENTAL, OR CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM
  26 *   ARISING OUT OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN IF
  27 *   IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF SUCH
  28 *   DAMAGES.  YOU SHALL INDEMNIFY AND HOLD HARMLESS THE TRUSTEES OF
  29 *   COLUMBIA UNIVERSITY IN THE CITY OF NEW YORK, ITS EMPLOYEES AND
  30 *   AGENTS FROM AND AGAINST ANY AND ALL CLAIMS, DEMANDS, LOSS, DAMAGE OR
  31 *   EXPENSE (INCLUDING ATTORNEYS' FEES) ARISING OUT OF YOUR USE OF THIS
  32 *   SOFTWARE. 
  33 * 
  34 * The Trustees of Columbia University in the City of New York reserves
  35 * the right to revoke this permission if any of the terms of use set
  36 * forth above are breached.
  37 */ 
  38
  39/*
  40 * Copyright  Š  2000,2002
  41 * The Regents of the University of Michigan
  42 * ALL RIGHTS RESERVED
  43 *
  44 * permission is granted to use, copy, create derivative works 
  45 * and redistribute this software and such derivative works 
  46 * for any purpose, so long as the name of the university of 
  47 * michigan is not used in any advertising or publicity 
  48 * pertaining to the use or distribution of this software 
  49 * without specific, written prior authorization.  if the 
  50 * above copyright notice or any other identification of the 
  51 * university of michigan is included in any copy of any 
  52 * portion of this software, then the disclaimer below must 
  53 * also be included.
  54 *
  55 * this software is provided as is, without representation 
  56 * from the university of michigan as to its fitness for any 
  57 * purpose, and without warranty by the university of 
  58 * michigan of any kind, either express or implied, including 
  59 * without limitation the implied warranties of 
  60 * merchantability and fitness for a particular purpose. the 
  61 * regents of the university of michigan shall not be liable 
  62 * for any damages, including special, indirect, incidental, or 
  63 * consequential damages, with respect to any claim arising 
  64 * out of or in connection with the use of the software, even 
  65 * if it has been or is hereafter advised of the possibility of 
  66 * such damages.
  67 */
  68
  69/*
  70 * Copyright  Š  2006
  71 * Secure Endpoints Inc.
  72 * ALL RIGHTS RESERVED
  73 *
  74 */
  75
  76#include <stdlib.h>
  77#include <string.h>
  78
  79#include "cki_types.h"
  80#include "pkcs11_types.h"
  81#include "cki_funcs.h"
  82#include "pkcs11_funcs.h"
  83#include "cki_globals.h"
  84#include "pkcs11_globals.h"
  85#include "cki_new_free.h"
  86#include "pkcs11_new_free.h"
  87#include "cki_dup.h"
  88#include "debug.h"
  89#ifdef DEBUG
  90#include <assert.h>
  91#endif
  92
  93CK_RV CK_ENTRY C_CreateObject(CK_SESSION_HANDLE hSession, 
  94			      CK_ATTRIBUTE_PTR pTemplate, 
  95			      CK_ULONG ulCount,
  96			      CK_OBJECT_HANDLE_PTR pObject) {
  97    PKCS11_SESSION *pSession;
  98    CK_RV res;
  99    CK_ATTRIBUTE_PTR attr;
 100    CK_OBJECT_CLASS objV;
 101    CK_CERTIFICATE_TYPE certV;
 102    CK_KEY_TYPE keyV;
 103#ifdef DEBUG
 104	int i;
 105#endif
 106	
 107    log_printf("entering C_CreateObject\n");
 108	
 109    /* now we have to check the attributes for every object they might
 110     * create and that we know about. */
 111	
 112    /* first: is it a valid session handle? */
 113    if ((pSession=PKCS11_FindSession(hSession))==NULL)
 114	return(CKR_SESSION_HANDLE_INVALID);
 115
 116#ifdef DEBUG
 117    /* debug only */
 118    for (i = 0; i < 20; i++) {
 119	if (pTemplate[i].ulValueLen == 0L) break;
 120	if (pTemplate[i].type == CKA_CLASS) {
 121	    log_printf("attr type is CKA_CLASS, value is 0x%08x\n",*(CK_OBJECT_CLASS *)pTemplate[i].value);
 122	    break;
 123	}
 124    }
 125    /* end debug */
 126#endif
 127
 128    attr = PKCS11_GetAttribute(pTemplate,CKA_CLASS);
 129    if (!attr) {
 130	log_printf("C_CreateObject: could not locate CKA_CLASS attribute, returning with CKR_TEMPLATE_INCOMPLETE\n");
 131	return(CKR_TEMPLATE_INCOMPLETE);
 132    }
 133
 134    objV = *(CK_OBJECT_CLASS *)attr->value;
 135    log_printf("C_CreateObject: CKA_CLASS object class value 0x%08x\n", objV);
 136
 137    CKI_Attribute_Free(attr);
 138	attr = NULL;
 139
 140    switch (objV) {
 141    case CKO_DATA:
 142	log_printf("C_CreateObject: processing class value CKO_DATA\n");
 143	res = PKCS11_CreateDataObject(pSession, pTemplate, ulCount, pObject);
 144	break;
 145    case CKO_CERTIFICATE:
 146	log_printf("C_CreateObject: processing class value CKO_CERTIFICATE\n");
 147	attr = PKCS11_GetAttribute(pTemplate,CKA_CERTIFICATE_TYPE);
 148	if (!attr) {
 149	    log_printf("C_CreateObject: could not get CKA_CERTIFICATE_TYPE attribute\n");
 150	    return(CKR_TEMPLATE_INCOMPLETE);
 151	}
 152	certV = *((CK_CERTIFICATE_TYPE *)(attr->value));
 153	CKI_Attribute_Free(attr);
 154	attr = NULL;
 155	switch (certV) {
 156	case CKC_X_509:
 157	    log_printf("C_CreateObject: processing CKC_X_509 certificate\n");
 158	    res = PKCS11_CreateX509CertificateObject(pSession, pTemplate, ulCount, pObject);
 159	    break;
 160	default:
 161	    log_printf("C_CreateObject: invalid certificate type encounted (0x%08x)\n", certV);
 162	    return(CKR_ATTRIBUTE_VALUE_INVALID);
 163	}
 164	break;
 165    case CKO_PUBLIC_KEY:
 166	log_printf("C_CreateObject: processing class value CKO_PUBLIC_KEY\n");
 167	attr = PKCS11_GetAttribute(pTemplate,CKA_KEY_TYPE);
 168	if (!attr) {
 169	    log_printf("C_CreateObject: could not get CKA_KEY_TYPE\n");
 170	    return(CKR_TEMPLATE_INCOMPLETE);
 171	}
 172	keyV = *((CK_KEY_TYPE *)(attr->value));
 173	CKI_Attribute_Free(attr);
 174	attr = NULL;
 175	switch (keyV) {
 176	case CKK_RSA:
 177	    res = PKCS11_CreateRSAPublicKeyObject(pSession, pTemplate, ulCount, pObject);
 178	    break;
 179	case CKK_DSA:
 180	case CKK_ECDSA:
 181	case CKK_DH:
 182	case CKK_KEA:
 183	case CKK_MAYFLY:
 184	    log_printf("C_CreateObject: returning CKR_FUNCTION_NOT_SUPPORTED\n");
 185	    return(CKR_FUNCTION_NOT_SUPPORTED);
 186	default:
 187	    log_printf("C_CreateObject: returning CKR_ATTRIBUTE_VALUE_INVALID\n");
 188	    return(CKR_ATTRIBUTE_VALUE_INVALID);
 189	}
 190	break;
 191    case CKO_PRIVATE_KEY:
 192	log_printf("C_CreateObject: processing class value CKO_PRIVATE_KEY\n");
 193	attr = PKCS11_GetAttribute(pTemplate,CKA_KEY_TYPE);
 194	if (!attr) {
 195	    log_printf("C_CreateObject: could not get CKA_KEY_TYPE\n");
 196	    return(CKR_TEMPLATE_INCOMPLETE);
 197	}
 198	keyV = *((CK_KEY_TYPE *)(attr->value));
 199	CKI_Attribute_Free(attr);
 200	attr = NULL;
 201	switch (keyV) {
 202	case CKK_RSA:
 203	    res = PKCS11_CreateRSAPrivateKeyObject(pSession, pTemplate, ulCount, pObject);
 204	    break;
 205	case CKK_DSA:
 206	case CKK_ECDSA:
 207	case CKK_DH:
 208	case CKK_KEA:
 209	case CKK_MAYFLY:
 210	    log_printf("C_CreateObject: returning CKR_FUNCTION_NOT_SUPPORTED\n");
 211	    return(CKR_FUNCTION_NOT_SUPPORTED);
 212	default:
 213	    log_printf("C_CreateObject: returning CKR_ATTRIBUTE_VALUE_INVALID\n");
 214	    return(CKR_ATTRIBUTE_VALUE_INVALID);
 215	}
 216	break;
 217    case CKO_SECRET_KEY:
 218	log_printf("C_CreateObject: processing class value CKO_SECRET_KEY\n");
 219	res = PKCS11_CreateSecretKeyObject(pSession, pTemplate, ulCount, pObject);
 220	break;
 221    case CKO_VENDOR_DEFINED:
 222	log_printf("C_CreateObject: processing class value CKO_VENDOR_DEFINED\n");
 223	res = PKCS11_CreateVendorDefinedObject(pSession, pTemplate, ulCount, pObject);
 224	break;
 225    default:
 226	log_printf("C_CreateObject: processing class value *UNKNOWN* (0x%08x)\n", objV);
 227	return(CKR_ATTRIBUTE_TYPE_INVALID);
 228    }
 229    log_printf("C_CreateObject: returning with result %d\n", res);
 230    return(res);
 231}	
 232
 233CK_RV CK_ENTRY C_DestroyObject(CK_SESSION_HANDLE hSession,
 234			       CK_OBJECT_HANDLE hObject) {
 235    int j;
 236    PKCS11_SESSION *pSession;
 237    int ctr = 0;
 238	
 239    log_printf("entering C_DestroyObject\n");
 240
 241    /* first: is it a valid session handle? */
 242    if ((pSession=PKCS11_FindSession(hSession))==NULL)
 243	return(CKR_SESSION_HANDLE_INVALID);
 244
 245    for(ctr = 0; pSession->pToken->ppTokenObject[ctr]; ctr++) {
 246	if (pSession->pToken->ppTokenObject[ctr]->ulObjectHandle == hObject) {
 247	    break;
 248	}
 249    }
 250    if (!pSession->pToken->ppTokenObject[ctr])
 251	return(CKR_OBJECT_HANDLE_INVALID);
 252
 253    log_printf("C_DestroyObject: found an object to free\n");    
 254    PKCS11_Object_Free(pSession->pToken->ppTokenObject[ctr]);
 255    pSession->pToken->ppTokenObject[ctr] = NULL_PTR;
 256
 257    /* move 'em all up in the chain */
 258    j = ctr;
 259    while (pSession->pToken->ppTokenObject[j+1]) {
 260	pSession->pToken->ppTokenObject[j] = pSession->pToken->ppTokenObject[j+1];
 261	j++;
 262    }
 263    pSession->pToken->ppTokenObject[j] = NULL_PTR;
 264    return(CKR_OK);
 265}	
 266
 267
 268CK_ATTRIBUTE_PTR PKCS11_FindAttribute_p(CK_ATTRIBUTE_PTR pAttributes, 
 269					CK_ATTRIBUTE_TYPE Type) {
 270    int i;
 271	
 272    log_printf("PKCS11_FindAttribute_p: entered to find Type 0x%08x\n", Type);
 273
 274    if (!pAttributes)
 275    {
 276	log_printf("PKCS11_FindAttribute_p: no CK_ATTRIBUTE_PTR given\n");
 277	return(NULL);
 278    }
 279	
 280    for (i=0; pAttributes[i].value; i++) {
 281#ifdef VERBBOSE_DEBUG
 282	log_printf("PKCS11_FindAttribute_p: checking index %02d (0x%08x vs. 0x%08x)\n",
 283		    i, pAttributes[i].type, Type);
 284#endif		
 285	if (pAttributes[i].type == Type) {
 286	    log_printf("PKCS11_FindAttribute_p: found a match at index %d\n", i);
 287	    return(&(pAttributes[i]));
 288	}
 289    }
 290    log_printf("PKCS11_FindAttribute_p: returning with no match\n");
 291    return(NULL);
 292}
 293
 294CK_ATTRIBUTE_PTR PKCS11_GetAttribute(CK_ATTRIBUTE_PTR pAttributes, 
 295				     CK_ATTRIBUTE_TYPE Type) {
 296    CK_ATTRIBUTE_PTR attr_copy;
 297    CK_ATTRIBUTE_PTR attr_source;
 298    CK_RV res;
 299	int i = 0;
 300	
 301    log_printf("PKCS11_GetAttribute: looking for attribute type 0x%08x\n", Type);
 302
 303    if (!pAttributes)
 304    {
 305	log_printf("PKCS11_GetAttribute: no CK_ATTRIBUTE_PTR given\n");
 306	return(NULL);
 307    }
 308
 309    attr_source = PKCS11_FindAttribute_p(pAttributes, Type);
 310    if (!attr_source)
 311    {
 312	log_printf("PKCS11_GetAttribute: returning without finding a match\n");
 313	return(NULL);
 314    }
 315
 316    attr_copy = CKI_Attribute_New();
 317    if (!attr_copy)
 318    {
 319	log_printf("PKCS11_GetAttribute: could not CKI_Attribute_New()\n");
 320	return(NULL);
 321    }
 322	
 323    res = CKI_Attribute_Dup(attr_copy, attr_source);
 324    if (res != CKR_OK)
 325    {
 326	log_printf("PKCS11_GetAttribute: failed to duplicate the attribute!\n");
 327	CKI_Attribute_Free(attr_copy);
 328	return(NULL);
 329    }
 330    log_printf("PKCS11_GetAttribute: returning attribute at location 0x%08x\n", attr_copy);
 331    return(attr_copy);
 332}	
 333
 334CK_ULONG PKCS11_NextObjectHandle() {
 335    PKCS11_ObjectHandleCounter++;  
 336    return(PKCS11_ObjectHandleCounter);
 337}
 338
 339#define NUM_ATTRS 8
 340CK_RV PKCS11_CreateDataObject(PKCS11_SESSION *pSession, CK_ATTRIBUTE_PTR pTemplate,
 341			      CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR pObject) {
 342    int i;
 343    CK_ATTRIBUTE_PTR pAttributes, pTemp, attr;
 344    PKCS11_OBJECT ** ppTokenObject, *object;
 345    CK_RV res;
 346    CK_BYTE empty = '\0';
 347
 348    log_printf("entering PKCS11_CreateDataObject\n");
 349
 350    pAttributes = malloc(sizeof(CK_ATTRIBUTE)*NUM_ATTRS);
 351    if (!pAttributes)
 352    {
 353	log_printf("PKCS11_CreateDataObject: unable to allocate space for attributes\n");
 354	return(CKR_HOST_MEMORY);
 355    }
 356
 357    /* set default values first */
 358    memset(pAttributes,0,sizeof(sizeof(CK_ATTRIBUTE)*NUM_ATTRS));
 359    
 360    i = 0;
 361    res = PKCS11_SetCommonObjectAttrs(pAttributes, CKO_DATA, &i);
 362    if (res != CKR_OK) {
 363	log_printf("PKCS11_CreateDataObject: failed to PKCS11_SetCommonObjectAttrs (0x%08x)\n", res);
 364	CKI_AttributePtr_Free(pAttributes);
 365	return(res);
 366    }
 367	
 368    pAttributes[i].type = CKA_APPLICATION;
 369    pAttributes[i].ulValueLen = 1L;
 370    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 371    if (res != CKR_OK) {
 372	log_printf("PKCS11_CreateDataObject: failed to set attribute CKA_APPLICATION (0x%08x)\n", res);
 373	CKI_AttributePtr_Free(pAttributes);
 374	return(res);
 375    }
 376    i++;
 377	
 378    pAttributes[i].type = CKA_VALUE;
 379    pAttributes[i].ulValueLen = 1L;
 380    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 381    if (res != CKR_OK) {
 382	log_printf("PKCS11_CreateDataObject: failed to set attribute CKA_VALUE (0x%08x)\n", res);
 383	CKI_AttributePtr_Free(pAttributes);
 384	return(res);
 385    }
 386#ifdef DEBUG
 387    assert(i < NUM_ATTRS);
 388#endif
 389
 390    for (i = 0; (char *)pTemplate[i].value; i++) {
 391	attr = &(pTemplate[i]);
 392	switch (attr->type) {
 393	case CKA_CLASS:
 394	    break;
 395	case CKA_TOKEN:
 396	case CKA_PRIVATE:
 397	case CKA_LABEL:
 398	case CKA_APPLICATION:
 399	case CKA_VALUE:
 400	case CKA_MODIFIABLE:
 401	    pTemp = PKCS11_FindAttribute_p(pAttributes, attr->type);
 402	    res = CKI_Attribute_Dup(pTemp, attr);
 403	    if (res != CKR_OK) {
 404		log_printf("PKCS11_CreateDataObject: failed to dup attribute type 0x%08x (result 0x%08x)\n",
 405			    attr->type, res);
 406		CKI_AttributePtr_Free(pAttributes);
 407		return(CKR_FUNCTION_FAILED);
 408	    }
 409	    break;
 410	default:
 411	    log_printf("PKCS11_CreateDataObject: returning CKR_ATTRIBUTE_TYPE_INVALID\n");
 412	    CKI_AttributePtr_Free(pAttributes);
 413	    return(CKR_ATTRIBUTE_TYPE_INVALID);
 414	}
 415    }
 416
 417    /* now put them somewhere... */
 418    if (!pSession->pToken->ppTokenObject) {
 419	pSession->pToken->ppTokenObject = (PKCS11_OBJECT **)malloc(sizeof(PKCS11_OBJECT *));
 420	pSession->pToken->ppTokenObject[0] = NULL;
 421    }
 422    ppTokenObject = pSession->pToken->ppTokenObject;
 423    for (i = 0; ppTokenObject[i]; i++)
 424	;
 425    ppTokenObject = (PKCS11_OBJECT **)realloc(ppTokenObject,sizeof(PKCS11_OBJECT *)*(i+2));
 426    if (!ppTokenObject)
 427    {
 428	log_printf("PKCS11_CreateDataObject: failed to realloc space for object\n");
 429	CKI_AttributePtr_Free(pAttributes);
 430	return(CKR_HOST_MEMORY);
 431    }
 432    pSession->pToken->ppTokenObject = ppTokenObject;
 433    ppTokenObject[i+1] = NULL;
 434    ppTokenObject[i] = PKCS11_Object_New();
 435    if (!ppTokenObject[i])
 436    {
 437	log_printf("PKCS11_CreateDataObject: failed to allocate new object\n");
 438	CKI_AttributePtr_Free(pAttributes);
 439	return(CKR_HOST_MEMORY);
 440    }
 441
 442    object = ppTokenObject[i];
 443    object->ulObjectHandle = PKCS11_NextObjectHandle();
 444    *pObject = object->ulObjectHandle;
 445    object->ulObjectClass = CKO_DATA;
 446    object->pAttribute = pAttributes;
 447    log_printf("PKCS11_CreateDataObject: returning CKR_OK\n");
 448    return(CKR_OK);
 449}
 450#undef NUM_ATTRS
 451
 452#define NUM_ATTRS 12
 453CK_RV PKCS11_CreateX509CertificateObject(PKCS11_SESSION *pSession, CK_ATTRIBUTE_PTR pTemplate,
 454					 CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR pObject) {
 455	
 456    int i;
 457    CK_ATTRIBUTE_PTR pAttributes, pTemp, attr;
 458    PKCS11_OBJECT ** ppTokenObject, *object;
 459    CK_CERTIFICATE_TYPE certValue = CKC_X_509;
 460    CK_BYTE empty = '\0';
 461    CK_RV res;
 462	
 463    log_printf("entering PKCS11_CreateX509CertificateObject\n");
 464	
 465    pAttributes = malloc(sizeof(CK_ATTRIBUTE)*NUM_ATTRS);
 466    if (!pAttributes)
 467    {
 468	log_printf("PKCS11_CreateX509CertificateObject: could not get memory for attributes\n");
 469	return(CKR_HOST_MEMORY);
 470    }
 471	
 472    /* set default values first */
 473    memset(pAttributes, 0, sizeof(CK_ATTRIBUTE)*NUM_ATTRS);
 474
 475    i = 0;
 476    res = PKCS11_SetCommonObjectAttrs(pAttributes, CKO_CERTIFICATE, &i);
 477    if (res != CKR_OK) {
 478	log_printf("PKCS11_CreateX509CertificateObject: error from PKCS11_SetCommonObjectAttrs (0x%08x)\n", res);
 479	CKI_AttributePtr_Free(pAttributes);
 480	return(res);
 481    }
 482
 483    pAttributes[i].type = CKA_CERTIFICATE_TYPE;
 484    pAttributes[i].ulValueLen = sizeof(CK_CERTIFICATE_TYPE);
 485    res = CKI_SetAttrValue(&(pAttributes[i]),&certValue);
 486    if (res != CKR_OK) {
 487	log_printf("PKCS11_CreateX509CertificateObject: error while setting CKA_CERTIFICATE_TYPE (0x%08x)\n", res);
 488	CKI_AttributePtr_Free(pAttributes);
 489	return(res);
 490    }
 491    i++;
 492
 493    pAttributes[i].type = CKA_SUBJECT;
 494    pAttributes[i].ulValueLen = 1L;
 495    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 496    if (res != CKR_OK) {
 497	log_printf("PKCS11_CreateX509CertificateObject: error while setting CKA_SUBJECT (0x%08x)\n", res);
 498	CKI_AttributePtr_Free(pAttributes);
 499	return(res);
 500    }
 501    i++;
 502	
 503    pAttributes[i].type = CKA_ID;
 504    pAttributes[i].ulValueLen = 1L;
 505    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 506    if (res != CKR_OK) {
 507	log_printf("PKCS11_CreateX509CertificateObject: error while setting CKA_ID (0x%08x)\n", res);
 508	CKI_AttributePtr_Free(pAttributes);
 509	return(res);
 510    }
 511    i++;
 512
 513    pAttributes[i].type = CKA_ISSUER;
 514    pAttributes[i].ulValueLen = 1L;
 515    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 516    if (res != CKR_OK) {
 517	log_printf("PKCS11_CreateX509CertificateObject: error while setting CKA_ISSUER (0x%08x)\n", res);
 518	CKI_AttributePtr_Free(pAttributes);
 519	return(res);
 520    }
 521    i++;
 522
 523    pAttributes[i].type = CKA_SERIAL_NUMBER;
 524    pAttributes[i].ulValueLen = 1L;
 525    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 526    if (res != CKR_OK) {
 527	log_printf("PKCS11_CreateX509CertificateObject: error while setting CKA_SERIAL_NUMBER (0x%08x)\n", res);
 528	CKI_AttributePtr_Free(pAttributes);
 529	return(res);
 530    }
 531    i++;
 532
 533    pAttributes[i].type = CKA_VALUE;
 534    pAttributes[i].ulValueLen = 1L;
 535    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 536    if (res != CKR_OK) {
 537	log_printf("PKCS11_CreateX509CertificateObject: error while setting CKA_VALUE (0x%08x)\n", res);
 538	CKI_AttributePtr_Free(pAttributes);
 539	return(res);
 540    }
 541#ifdef DEBUG
 542    assert(i < NUM_ATTRS);
 543#endif
 544
 545    for (i = 0; pTemplate[i].value; i++) {
 546	attr = &(pTemplate[i]);
 547	log_printf("PKCS11_CreateX509CertificateObject: attr->type is 0x%08x\n",attr->type);
 548	switch (attr->type) {
 549	case CKA_CLASS:
 550	case CKA_CERTIFICATE_TYPE:
 551	    log_printf("PKCS11_CreateX509CertificateObject: ignoring CKA_CLASS or CKA_CERTIFICATE_TYPE\n");
 552	    break;
 553	case CKA_TOKEN:
 554	case CKA_PRIVATE:
 555	case CKA_MODIFIABLE:
 556	case CKA_LABEL:
 557	case CKA_VALUE:
 558	case CKA_SUBJECT:
 559	case CKA_ID:
 560	case CKA_ISSUER:
 561	case CKA_SERIAL_NUMBER:
 562	    log_printf("PKCS11_CreateX509CertificateObject: processing attribute\n");
 563	    pTemp = PKCS11_FindAttribute_p(pAttributes,attr->type);
 564	    if (attr->type == CKA_VALUE) 
 565		log_printf("PKCS11_CreateX509CertificateObject: attr value length for CKA_VALUE is %ld\n",attr->ulValueLen);
 566	    if (attr->type == CKA_VALUE) 
 567		log_printf("PKCS11_CreateX509CertificateObject: pTemp->type is 0x%08x\n",pTemp->type);
 568	    res = CKI_Attribute_Dup(pTemp,attr);
 569	    if (res != CKR_OK) {
 570		log_printf("PKCS11_CreateX509CertificateObject: unable to dup attribute (0x%08x)\n", res);
 571		CKI_AttributePtr_Free(pAttributes);
 572		return(CKR_FUNCTION_FAILED);
 573	    }
 574	    break;
 575	default:
 576	    log_printf("PKCS11_CreateX509CertificateObject: returning CKR_ATTRIBUTE_TYPE_INVALID\n");
 577	    CKI_AttributePtr_Free(pAttributes);
 578	    return(CKR_ATTRIBUTE_TYPE_INVALID);
 579	}
 580    }
 581
 582    /* now put them somewhere... */
 583    log_printf("PKCS11_CreateX509CertificateObject: now creating object...\n");
 584    if (!pSession->pToken->ppTokenObject) {
 585	log_printf("PKCS11_CreateX509CertificateObject: initial malloc of objects space\n");
 586	pSession->pToken->ppTokenObject = (PKCS11_OBJECT **)malloc(sizeof(PKCS11_OBJECT *));
 587	pSession->pToken->ppTokenObject[0] = NULL;
 588    }
 589    ppTokenObject = pSession->pToken->ppTokenObject;
 590
 591    for (i = 0; ppTokenObject[i]; i++)
 592	;
 593    log_printf("PKCS11_CreateX509CertificateObject: create new object at index %d\n",i);
 594    ppTokenObject = (PKCS11_OBJECT **)realloc(ppTokenObject,sizeof(PKCS11_OBJECT *)*(i+2));
 595
 596    if (!ppTokenObject)
 597    {
 598	log_printf("PKCS11_CreateX509CertificateObject: realloc failed for new object!\n");
 599	CKI_AttributePtr_Free(pAttributes);
 600	return(CKR_HOST_MEMORY);
 601    }
 602
 603    pSession->pToken->ppTokenObject = ppTokenObject;
 604    ppTokenObject[i+1] = NULL;
 605    ppTokenObject[i] = PKCS11_Object_New();
 606    if (!ppTokenObject[i])
 607    {
 608	log_printf("PKCS11_CreateX509CertificateObject: PKCS11_Object_New failed!\n");
 609	CKI_AttributePtr_Free(pAttributes);
 610	return(CKR_HOST_MEMORY);
 611    }
 612
 613    object = ppTokenObject[i];
 614    object->ulObjectHandle = PKCS11_NextObjectHandle();
 615    *pObject = object->ulObjectHandle;
 616    object->ulObjectClass = CKO_CERTIFICATE;
 617    object->pAttribute = pAttributes;
 618    log_printf("PKCS11_CreateX509CertificateObject: returning CKR_OK\n");
 619    return(CKR_OK);
 620}	
 621#undef NUM_ATTRS
 622
 623#define NUM_ATTRS 21
 624CK_RV PKCS11_CreateRSAPublicKeyObject(PKCS11_SESSION *pSession, CK_ATTRIBUTE_PTR pTemplate,
 625				      CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR pObject) {
 626    int i;
 627    CK_ATTRIBUTE_PTR pAttributes, pTemp, attr;
 628    PKCS11_OBJECT ** ppTokenObject, *object;
 629    CK_BYTE empty = '\0';
 630    CK_ULONG zero = 0;
 631    CK_RV res;
 632	
 633    log_printf("entering CreateRSAPublicKey\n");
 634
 635    pAttributes = malloc(sizeof(CK_ATTRIBUTE)*NUM_ATTRS);
 636    if (!pAttributes) 
 637	return(CKR_HOST_MEMORY);
 638
 639	/* set default values first */
 640    memset(pAttributes, 0, sizeof(CK_ATTRIBUTE)*NUM_ATTRS);
 641
 642    i = 0;
 643    res = PKCS11_SetCommonObjectAttrs(pAttributes, CKO_PUBLIC_KEY, &i);
 644    if (res != CKR_OK) {
 645	log_printf("CreateRSAPublicKey: PKCS11_SetCommonObjectAttrs failed! (0x%08x)\n", res);
 646	CKI_AttributePtr_Free(pAttributes);
 647	return(res);
 648    }
 649    res = PKCS11_SetCommonKeyObjectAttrs(pAttributes, CKK_RSA, &i);
 650    if (res != CKR_OK) {
 651	log_printf("CreateRSAPublicKey: PKCS11_SetCommonKeyObjectAttrs failed! (0x%08x)\n", res);
 652	CKI_AttributePtr_Free(pAttributes);
 653	return(res);
 654    }
 655    res = PKCS11_SetCommonPublicKeyObjectAttrs(pAttributes, &i);
 656    if (res != CKR_OK) {
 657	log_printf("CreateRSAPublicKey: PKCS11_SetCommonPublicKeyObjectAttrs failed! (0x%08x)\n", res);
 658	CKI_AttributePtr_Free(pAttributes);
 659	return(res);
 660    }
 661	
 662    pAttributes[i].type = CKA_MODULUS;
 663    pAttributes[i].ulValueLen = 1L;
 664    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 665    if (res != CKR_OK) {
 666	log_printf("CreateRSAPublicKey: CKI_SetAttrValue failed for CKA_MODULUS! (0x%08x)\n", res);
 667	CKI_AttributePtr_Free(pAttributes);
 668	return(res);
 669    }
 670    i++;
 671
 672    pAttributes[i].type = CKA_MODULUS_BITS;
 673    pAttributes[i].ulValueLen = sizeof(CK_ULONG);
 674    res = CKI_SetAttrValue(&(pAttributes[i]),&zero);
 675    if (res != CKR_OK) {
 676	log_printf("CreateRSAPublicKey: CKI_SetAttrValue failed for CKA_MODULUS_BITS! (0x%08x)\n", res);
 677	CKI_AttributePtr_Free(pAttributes);
 678	return(res);
 679    }
 680    i++;
 681	
 682    pAttributes[i].type = CKA_PUBLIC_EXPONENT;
 683    pAttributes[i].ulValueLen = 1L;
 684    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 685    if (res != CKR_OK) {
 686	log_printf("CreateRSAPublicKey: CKI_SetAttrValue failed for CKA_PUBLIC_EXPONENT! (0x%08x)\n", res);
 687	CKI_AttributePtr_Free(pAttributes);
 688	return(res);
 689    }
 690    i++;
 691#ifdef DEBUG
 692    assert(i < NUM_ATTRS);
 693#endif
 694
 695    for (i = 0; pTemplate[i].value; i++) {
 696	attr = &(pTemplate[i]);
 697	switch (attr->type) {
 698	case CKA_CLASS:
 699	case CKA_KEY_TYPE:
 700	    break;
 701	case CKA_TOKEN:
 702	case CKA_PRIVATE:
 703	case CKA_MODIFIABLE:
 704	case CKA_LABEL:
 705	case CKA_VALUE:
 706	case CKA_ID:
 707	case CKA_START_DATE:
 708	case CKA_END_DATE:
 709	case CKA_DERIVE:
 710	case CKA_LOCAL:
 711	case CKA_SUBJECT:
 712	case CKA_ENCRYPT:
 713	case CKA_VERIFY:
 714	case CKA_VERIFY_RECOVER:
 715	case CKA_WRAP:
 716	case CKA_MODULUS:
 717	case CKA_MODULUS_BITS:
 718	case CKA_PUBLIC_EXPONENT:
 719	    pTemp = PKCS11_FindAttribute_p(pAttributes,attr->type);
 720	    res = CKI_Attribute_Dup(pTemp,attr);
 721	    if (res != CKR_OK) {
 722		log_printf("CreateRSAPublicKey: dup failed (0x%08x)\n", res);
 723		CKI_AttributePtr_Free(pAttributes);
 724		return(CKR_FUNCTION_FAILED);
 725	    }
 726	    break;
 727	default:
 728	    log_printf("CreateRSAPublicKey: invalid attr type 0x%08x\n", attr->type);
 729	    CKI_AttributePtr_Free(pAttributes);
 730	    return(CKR_ATTRIBUTE_TYPE_INVALID);
 731	}
 732    }
 733    /* now put them somewhere... */
 734    if (!pSession->pToken->ppTokenObject) {
 735	log_printf("CreateRSAPublicKey: initial malloc of objects space\n");
 736	pSession->pToken->ppTokenObject = (PKCS11_OBJECT **)malloc(sizeof(PKCS11_OBJECT *));
 737	pSession->pToken->ppTokenObject[0] = NULL;
 738    }
 739    ppTokenObject = pSession->pToken->ppTokenObject;
 740
 741    for (i = 0; ppTokenObject[i]; i++)
 742	;
 743    log_printf("CreateRSAPublicKey: creating new object at index %d\n", i);
 744
 745    ppTokenObject = (PKCS11_OBJECT **)realloc(ppTokenObject,sizeof(PKCS11_OBJECT *)*(i+2));
 746    if (!ppTokenObject)
 747    {
 748	log_printf("CreateRSAPublicKey: realloc failed for sessionobject\n");
 749	CKI_AttributePtr_Free(pAttributes);
 750	return(CKR_HOST_MEMORY);
 751    }
 752    pSession->pToken->ppTokenObject = ppTokenObject;
 753    ppTokenObject[i+1] = NULL;
 754    ppTokenObject[i] = PKCS11_Object_New();
 755    if (!ppTokenObject[i])
 756    {
 757	log_printf("CreateRSAPublicKey: PKCS11_Object_New failed!\n");
 758	CKI_AttributePtr_Free(pAttributes);
 759	return(CKR_HOST_MEMORY);
 760    }
 761
 762    object = ppTokenObject[i];
 763    object->ulObjectHandle = PKCS11_NextObjectHandle();
 764    *pObject = object->ulObjectHandle;
 765    object->ulObjectClass = CKO_PUBLIC_KEY;
 766    object->pAttribute = pAttributes;
 767    log_printf("CreateRSAPublicKey: returning CKR_OK\n");
 768    return(CKR_OK);
 769}
 770#undef NUM_ATTRS
 771
 772
 773#define NUM_ATTRS 29
 774CK_RV PKCS11_CreateRSAPrivateKeyObject(PKCS11_SESSION *pSession, CK_ATTRIBUTE_PTR pTemplate,
 775				       CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR pObject) {
 776    int i;
 777    CK_ATTRIBUTE_PTR pAttributes, pTemp, attr;
 778    PKCS11_OBJECT ** ppTokenObject, *object;
 779    CK_BYTE empty = '\0';
 780    CK_RV res;
 781	
 782    log_printf("entering PKCS11_CreateRSAPrivateKeyObject\n");
 783	
 784    pAttributes = malloc(sizeof(CK_ATTRIBUTE)*NUM_ATTRS);
 785    if (!pAttributes)
 786    {
 787	log_printf("PKCS11_CreateRSAPrivateKeyObject: could not allocate memory for attributes\n");
 788	return(CKR_HOST_MEMORY);
 789    }
 790	
 791    /* set default values first */
 792    memset(pAttributes, 0, sizeof(CK_ATTRIBUTE)*NUM_ATTRS);
 793
 794    i = 0;
 795    res = PKCS11_SetCommonObjectAttrs(pAttributes, CKO_PRIVATE_KEY, &i);
 796    if (res != CKR_OK) {
 797	log_printf("PKCS11_CreateRSAPrivateKeyObject: PKCS11_SetCommonObjectAttrs failed! (0x%08x)\n", res);
 798	CKI_AttributePtr_Free(pAttributes);
 799	return(res);
 800    }
 801    res = PKCS11_SetCommonKeyObjectAttrs(pAttributes, CKK_RSA, &i);
 802    if (res != CKR_OK) {
 803	log_printf("PKCS11_CreateRSAPrivateKeyObject: PKCS11_SetCommonKeyObjectAttrs failed! (0x%08x)\n", res);
 804	CKI_AttributePtr_Free(pAttributes);
 805	return(res);
 806    }
 807    res = PKCS11_SetCommonPrivateKeyObjectAttrs(pAttributes, &i);
 808    if (res != CKR_OK) {
 809	log_printf("PKCS11_CreateRSAPrivateKeyObject: PKCS11_SetCommonPrivateKeyObjectAttrs failed! (0x%08x)\n", res);
 810	CKI_AttributePtr_Free(pAttributes);
 811	return(res);
 812    }
 813	
 814    pAttributes[i].type = CKA_MODULUS;
 815    pAttributes[i].ulValueLen = 1L;
 816    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 817    if (res != CKR_OK) {
 818	log_printf("PKCS11_CreateRSAPrivateKeyObject: CKI_SetAttrValue failed for CKA_MODULUS! (0x%08x)\n", res);
 819	CKI_AttributePtr_Free(pAttributes);
 820	return(res);
 821    }
 822    i++;
 823
 824    pAttributes[i].type = CKA_PUBLIC_EXPONENT;
 825    pAttributes[i].ulValueLen = 1L;
 826    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 827    if (res != CKR_OK) {
 828	log_printf("PKCS11_CreateRSAPrivateKeyObject: CKI_SetAttrValue failed for CKA_PUBLIC_EXPONENT! (0x%08x)\n", res);
 829	CKI_AttributePtr_Free(pAttributes);
 830	return(res);
 831    }
 832    i++;
 833
 834    pAttributes[i].type = CKA_PRIVATE_EXPONENT;
 835    pAttributes[i].ulValueLen = 1L;
 836    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 837    if (res != CKR_OK) {
 838	log_printf("PKCS11_CreateRSAPrivateKeyObject: CKI_SetAttrValue failed for CKA_PRIVATE_EXPONENT! (0x%08x)\n", res);
 839	CKI_AttributePtr_Free(pAttributes);
 840	return(res);
 841    }
 842    i++;
 843
 844    pAttributes[i].type = CKA_PRIME_1;
 845    pAttributes[i].ulValueLen = 1L;
 846    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 847    if (res != CKR_OK) {
 848	log_printf("PKCS11_CreateRSAPrivateKeyObject: CKI_SetAttrValue failed for CKA_PRIME_1! (0x%08x)\n", res);
 849	CKI_AttributePtr_Free(pAttributes);
 850	return(res);
 851    }
 852    i++;
 853
 854    pAttributes[i].type = CKA_PRIME_2;
 855    pAttributes[i].ulValueLen = 1L;
 856    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 857    if (res != CKR_OK) {
 858	log_printf("PKCS11_CreateRSAPrivateKeyObject: CKI_SetAttrValue failed for CKA_PRIME_2! (0x%08x)\n", res);
 859	CKI_AttributePtr_Free(pAttributes);
 860	return(res);
 861    }
 862    i++;
 863
 864    pAttributes[i].type = CKA_EXPONENT_1;
 865    pAttributes[i].ulValueLen = 1L;
 866    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 867    if (res != CKR_OK) {
 868	log_printf("PKCS11_CreateRSAPrivateKeyObject: CKI_SetAttrValue failed for CKA_EXPONENT_1! (0x%08x)\n", res);
 869	CKI_AttributePtr_Free(pAttributes);
 870	return(res);
 871    }
 872    i++;
 873
 874    pAttributes[i].type = CKA_EXPONENT_2;
 875    pAttributes[i].ulValueLen = 1L;
 876    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 877    if (res != CKR_OK) {
 878	log_printf("PKCS11_CreateRSAPrivateKeyObject: CKI_SetAttrValue failed for CKA_EXPONENT_2! (0x%08x)\n", res);
 879	CKI_AttributePtr_Free(pAttributes);
 880		return(res);
 881    }
 882    i++;
 883	
 884    pAttributes[i].type = CKA_COEFFICIENT;
 885    pAttributes[i].ulValueLen = 1L;
 886    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
 887    if (res != CKR_OK) {
 888	log_printf("PKCS11_CreateRSAPrivateKeyObject: CKI_SetAttrValue failed for CKA_COEFFICIENT! (0x%08x)\n", res);
 889	CKI_AttributePtr_Free(pAttributes);
 890	return(res);
 891    }
 892#ifdef DEBUG
 893    assert(i < NUM_ATTRS);
 894#endif
 895
 896    for (i = 0; (char *)pTemplate[i].value; i++) {
 897	attr = &(pTemplate[i]);
 898	switch (attr->type) {
 899	case CKA_CLASS:
 900	case CKA_KEY_TYPE:
 901	    break;
 902	case CKA_TOKEN:
 903	case CKA_PRIVATE:
 904	case CKA_MODIFIABLE:
 905	case CKA_LABEL:
 906	case CKA_SUBJECT:
 907	case CKA_ID:
 908	case CKA_START_DATE:
 909	case CKA_END_DATE:
 910	case CKA_DERIVE:
 911	case CKA_LOCAL:
 912	case CKA_SENSITIVE:
 913	case CKA_DECRYPT:
 914	case CKA_SIGN:
 915	case CKA_SIGN_RECOVER:
 916	case CKA_UNWRAP:
 917	case CKA_EXTRACTABLE:
 918	case CKA_ALWAYS_SENSITIVE:
 919	case CKA_NEVER_EXTRACTABLE:
 920	case CKA_MODULUS:
 921	case CKA_PUBLIC_EXPONENT:
 922	case CKA_PRIVATE_EXPONENT:
 923	case CKA_PRIME_1:
 924	case CKA_PRIME_2:
 925	case CKA_EXPONENT_1:
 926	case CKA_EXPONENT_2:
 927	case CKA_COEFFICIENT:
 928	    pTemp = PKCS11_FindAttribute_p(pAttributes,attr->type);
 929	    res = CKI_Attribute_Dup(pTemp,attr);
 930	    if (res != CKR_OK) {
 931		log_printf("PKCS11_CreateRSAPrivateKeyObject: CKI_AttrDup failed for type 0x%08x! (result 0x%08x)\n", attr->type, res);
 932		CKI_AttributePtr_Free(pAttributes);
 933		return(CKR_FUNCTION_FAILED);
 934	    }
 935	    break;
 936	default:
 937	    log_printf("PKCS11_CreateRSAPrivateKeyObject: invalid attr 0x%08x\n",attr->type);
 938	    CKI_AttributePtr_Free(pAttributes);
 939	    return(CKR_ATTRIBUTE_TYPE_INVALID);
 940	}
 941    }
 942    
 943    /* now put them somewhere... */
 944    if (!pSession->pToken->ppTokenObject) {
 945	log_printf("PKCS11_CreateRSAPrivateKeyObject: initial malloc of objects space\n");
 946	pSession->pToken->ppTokenObject = (PKCS11_OBJECT **)malloc(sizeof(PKCS11_OBJECT *));
 947	pSession->pToken->ppTokenObject[0] = NULL;
 948    }
 949    ppTokenObject = pSession->pToken->ppTokenObject;
 950    for (i=0; ppTokenObject[i]; i++)
 951	;
 952    log_printf("PKCS11_CreateRSAPrivateKeyObject: inserting new objects starting at index %d \n",i);
 953    ppTokenObject = (PKCS11_OBJECT **)realloc(ppTokenObject,sizeof(PKCS11_OBJECT *)*(i+2));
 954
 955    if (!ppTokenObject)
 956    {
 957	log_printf("PKCS11_CreateRSAPrivateKeyObject: could not realloc space for session objects\n");
 958	CKI_AttributePtr_Free(pAttributes);
 959	return(CKR_HOST_MEMORY);
 960    }
 961    pSession->pToken->ppTokenObject = ppTokenObject;
 962    ppTokenObject[i+1] = NULL;
 963    ppTokenObject[i] = PKCS11_Object_New();
 964    if (!ppTokenObject[i])
 965    {
 966	log_printf("PKCS11_CreateRSAPrivateKeyObject: PKCS11_Object_New failed!\n");
 967	CKI_AttributePtr_Free(pAttributes);
 968	return(CKR_HOST_MEMORY);
 969    }
 970
 971    object = ppTokenObject[i];
 972    object->ulObjectHandle = PKCS11_NextObjectHandle();
 973    object->ulSessionHandle = pSession->ulSessionHandle;
 974    *pObject = object->ulObjectHandle;
 975    object->ulObjectClass = CKO_PRIVATE_KEY;
 976    object->pAttribute = pAttributes;
 977
 978    log_printf("PKCS11_CreateRSAPrivateKeyObject: returning CKR_OK\n");
 979    return(CKR_OK);
 980}
 981#undef NUM_ATTRS
 982
 983CK_RV PKCS11_CreateSecretKeyObject(PKCS11_SESSION *pSession, CK_ATTRIBUTE_PTR pTemplate,
 984				   CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR pObject) {
 985	
 986    return(CKR_FUNCTION_NOT_SUPPORTED);
 987}
 988
 989CK_RV PKCS11_CreateVendorDefinedObject(PKCS11_SESSION *pSession, CK_ATTRIBUTE_PTR pTemplate,
 990				       CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR pObject) {
 991	
 992    return(CKR_FUNCTION_NOT_SUPPORTED);
 993}
 994
 995CK_RV PKCS11_SetCommonObjectAttrs(CK_ATTRIBUTE_PTR pAttributes, 
 996				  CK_OBJECT_CLASS objectClass, int *ctr) {
 997    int i;
 998    CK_RV res;
 999    CK_BBOOL false = FALSE;
1000    CK_BBOOL true = TRUE;
1001    CK_BYTE empty = '\0';
1002
1003    log_printf("entering PKCS11_SetCommonObjectAttrs\n");
1004
1005    i = *ctr;
1006    pAttributes[i].type = CKA_CLASS;
1007    pAttributes[i].ulValueLen = sizeof(CK_OBJECT_CLASS);
1008    res = CKI_SetAttrValue(&(pAttributes[i]), &objectClass);
1009    if (res != CKR_OK)
1010    {
1011	log_printf("PKCS11_SetCommonObjectAttrs: error setting CKA_CLASS (0x%08x)\n", res);
1012	return(res);
1013    }
1014    i++;
1015	
1016    pAttributes[i].type = CKA_TOKEN;
1017    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1018    res = CKI_SetAttrValue(&(pAttributes[i]),&false);
1019    if (res != CKR_OK)
1020    {
1021	log_printf("PKCS11_SetCommonObjectAttrs: error setting CKA_TOKEN (0x%08x)\n", res);
1022	return(res);
1023    }
1024    i++;
1025
1026    pAttributes[i].type = CKA_PRIVATE;
1027    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1028    res = CKI_SetAttrValue(&(pAttributes[i]),&false);
1029    if (res != CKR_OK)
1030    {
1031	log_printf("PKCS11_SetCommonObjectAttrs: error setting CKA_PRIVATE (0x%08x)\n", res);
1032	return(res);
1033    }
1034    i++;
1035
1036    pAttributes[i].type = CKA_MODIFIABLE;
1037    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1038    res = CKI_SetAttrValue(&(pAttributes[i]),&true);
1039    if (res != CKR_OK)
1040    {
1041	log_printf("PKCS11_SetCommonObjectAttrs: error setting CKA_MODIFIABLE (0x%08x)\n", res);
1042	return(res);
1043    }
1044    i++;
1045
1046    pAttributes[i].type = CKA_LABEL;
1047    pAttributes[i].ulValueLen = 1L;
1048    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
1049    if (res != CKR_OK)
1050    {
1051	log_printf("PKCS11_SetCommonObjectAttrs: error setting CKA_LABEL (0x%08x)\n", res);
1052	return(res);
1053    }
1054    i++;
1055    *ctr = i;
1056
1057    log_printf("PKCS11_SetCommonObjectAttrs: returning CKR_OK\n", res);
1058    return(CKR_OK);
1059}	
1060
1061void CKI_Date_Init(CK_DATE *Date) {
1062    log_printf("CKI_Date_Init: yr 0x%08x mo 0x%08x da 0x%08x\n",
1063		Date->year, Date->month, Date->day);
1064    memset(Date->year,' ',sizeof(Date->year));
1065    memset(Date->month,' ',sizeof(Date->month));
1066    memset(Date->day,' ',sizeof(Date->day));
1067    return;
1068}	
1069
1070CK_RV PKCS11_SetCommonKeyObjectAttrs(CK_ATTRIBUTE_PTR pAttributes, CK_KEY_TYPE keyType, int *ctr) {
1071    int i;
1072    CK_RV res;
1073    CK_BBOOL false = FALSE;
1074    CK_BYTE empty = '\0';
1075    CK_DATE date;
1076
1077    CKI_Date_Init(&date);
1078
1079    i = *ctr;
1080
1081    pAttributes[i].type = CKA_KEY_TYPE;
1082    pAttributes[i].ulValueLen = sizeof(CK_KEY_TYPE);
1083    res = CKI_SetAttrValue(&(pAttributes[i]), &keyType);
1084    if (res != CKR_OK) return(res);
1085    i++;
1086
1087    pAttributes[i].type = CKA_ID;
1088    pAttributes[i].ulValueLen = 1L;
1089    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
1090    if (res != CKR_OK) return(res);
1091    i++;
1092	
1093    pAttributes[i].type = CKA_START_DATE;
1094    pAttributes[i].ulValueLen = sizeof(CK_DATE);
1095    res = CKI_SetAttrValue(&(pAttributes[i]),&date);
1096    if (res != CKR_OK) return(res);
1097    i++;
1098
1099    pAttributes[i].type = CKA_END_DATE;
1100    pAttributes[i].ulValueLen = sizeof(CK_DATE);
1101    res = CKI_SetAttrValue(&(pAttributes[i]),&date);
1102    if (res != CKR_OK) return(res);
1103    i++;
1104	
1105    pAttributes[i].type = CKA_DERIVE;
1106    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1107    res = CKI_SetAttrValue(&(pAttributes[i]),&false);
1108    if (res != CKR_OK) return(res);
1109    i++;
1110
1111    pAttributes[i].type = CKA_LOCAL;
1112    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1113    res = CKI_SetAttrValue(&(pAttributes[i]),&false);
1114    if (res != CKR_OK) return(res);
1115    i++;
1116	
1117    *ctr = i;
1118    return(CKR_OK);
1119}	
1120
1121CK_RV PKCS11_SetCommonPublicKeyObjectAttrs(CK_ATTRIBUTE_PTR pAttributes, int *ctr) {
1122    int i;
1123    CK_RV res;
1124    CK_BBOOL false = FALSE;
1125    CK_BYTE empty = '\0';
1126	
1127    i = *ctr;
1128    pAttributes[i].type = CKA_SUBJECT;
1129    pAttributes[i].ulValueLen = 1L;
1130    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
1131    if (res != CKR_OK) return(res);
1132    i++;
1133
1134    pAttributes[i].type = CKA_ENCRYPT;
1135    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1136    res = CKI_SetAttrValue(&(pAttributes[i]),&false);
1137    if (res != CKR_OK) return(res);
1138    i++;
1139
1140    pAttributes[i].type = CKA_VERIFY;
1141    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1142    res = CKI_SetAttrValue(&(pAttributes[i]),&false);
1143    if (res != CKR_OK) return(res);
1144    i++;
1145
1146    pAttributes[i].type = CKA_VERIFY_RECOVER;
1147    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1148    res = CKI_SetAttrValue(&(pAttributes[i]),&false);
1149    if (res != CKR_OK) return(res);
1150    i++;
1151
1152    pAttributes[i].type = CKA_WRAP;
1153    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1154    res = CKI_SetAttrValue(&(pAttributes[i]),&false);
1155    if (res != CKR_OK) return(res);
1156    i++;
1157
1158    *ctr = i;
1159    return(CKR_OK);
1160}	
1161
1162CK_RV PKCS11_SetCommonPrivateKeyObjectAttrs(CK_ATTRIBUTE_PTR pAttributes, int *ctr) {
1163    int i;
1164    CK_RV res;
1165    CK_BBOOL false = FALSE;
1166    CK_BYTE empty = '\0';
1167	
1168    i = *ctr;
1169    pAttributes[i].type = CKA_SUBJECT;
1170    pAttributes[i].ulValueLen = 1L;
1171    res = CKI_SetAttrValue(&(pAttributes[i]),&empty);
1172    if (res != CKR_OK) return(res);
1173    i++;
1174	
1175    pAttributes[i].type = CKA_SENSITIVE;
1176    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1177    res = CKI_SetAttrValue(&(pAttributes[i]),&false);
1178    if (res != CKR_OK) return(res);
1179    i++;
1180	
1181    pAttributes[i].type = CKA_DECRYPT;
1182    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1183    res = CKI_SetAttrValue(&(pAttributes[i]),&false);
1184    if (res != CKR_OK) return(res);
1185    i++;
1186	
1187    pAttributes[i].type = CKA_SIGN;
1188    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1189    res = CKI_SetAttrValue(&(pAttributes[i]),&false);
1190    if (res != CKR_OK) return(res);
1191    i++;
1192
1193    pAttributes[i].type = CKA_SIGN_RECOVER;
1194    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1195    res = CKI_SetAttrValue(&(pAttributes[i]),&false);
1196    if (res != CKR_OK) return(res);
1197    i++;
1198
1199    pAttributes[i].type = CKA_UNWRAP;
1200    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1201    res = CKI_SetAttrValue(&(pAttributes[i]),&false);
1202    if (res != CKR_OK) return(res);
1203    i++;
1204
1205    pAttributes[i].type = CKA_EXTRACTABLE;
1206    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1207    res = CKI_SetAttrValue(&(pAttributes[i]),&false);
1208    if (res != CKR_OK) return(res);
1209    i++;
1210
1211    pAttributes[i].type = CKA_ALWAYS_SENSITIVE;
1212    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1213    res = CKI_SetAttrValue(&(pAttributes[i]),&false);
1214    if (res != CKR_OK) return(res);
1215    i++;
1216
1217    pAttributes[i].type = CKA_NEVER_EXTRACTABLE;
1218    pAttributes[i].ulValueLen = sizeof(CK_BBOOL);
1219    res = CKI_SetAttrValue(&(pAttributes[i]),&false);
1220    if (res != CKR_OK) return(res);
1221    i++;
1222
1223    *ctr = i;
1224    return(CKR_OK);
1225}	
1226
1227/* expects pAttribute->type and pAttribute->ulValueLen to be set */
1228CK_RV CKI_SetAttrValue_nf(CK_ATTRIBUTE_PTR pAttribute,CK_VOID_PTR pValue) {
1229    CK_RV res;
1230	
1231    log_printf("entering CKI_SetAttrValue_nf with type 0x%08x, len %03ld\n",
1232		pAttribute->type, pAttribute->ulValueLen);
1233	
1234    switch (pAttribute->type) {
1235    case CKA_TOKEN:
1236    case CKA_PRIVATE:
1237    case CKA_MODIFIABLE:
1238    case CKA_DERIVE:
1239    case CKA_LOCAL:
1240    case CKA_ENCRYPT:
1241    case CKA_VERIFY:
1242    case CKA_VERIFY_RECOVER:
1243    case CKA_WRAP:
1244    case CKA_SENSITIVE:
1245    case CKA_DECRYPT:
1246    case CKA_SIGN:
1247    case CKA_SIGN_RECOVER:
1248    case CKA_UNWRAP:
1249    case CKA_EXTRACTABLE:
1250    case CKA_ALWAYS_SENSITIVE:
1251    case CKA_NEVER_EXTRACTABLE:
1252	*(CK_BBOOL *)pAttribute->value = *(CK_BBOOL *)pValue;
1253	break;
1254    case CKA_LABEL:
1255    case CKA_APPLICATION:
1256	memcpy(pAttribute->value,pValue,pAttribute->ulValueLen);
1257	break;
1258    case CKA_CERTIFICATE_TYPE:
1259	*(CK_CERTIFICATE_TYPE *)pAttribute->value = *(CK_CERTIFICATE_TYPE *)pValue;
1260	break;
1261    case CKA_VALUE: /* Bigint and BYTE_PTR are the same now; later, FIXME. */
1262    case CKA_SUBJECT:
1263    case CKA_ID:
1264    case CKA_ISSUER:
1265    case CKA_SERIAL_NUMBER:
1266	memcpy(pAttribute->value,pValue,pAttribute->ulValueLen);
1267	break;
1268    case CKA_KEY_TYPE:
1269	*(CK_KEY_TYPE *)pAttribute->value = *(CK_KEY_TYPE *)pValue;
1270	break;
1271    case CKA_MODULUS:
1272    case CKA_PUBLIC_EXPONENT:
1273    case CKA_PRIME:
1274    case CKA_SUBPRIME:
1275    case CKA_BASE:
1276    case CKA_PRIVATE_EXPONENT:
1277    case CKA_PRIME_1:
1278    case CKA_PRIME_2:
1279    case CKA_EXPONENT_1:
1280    case CKA_EXPONENT_2:
1281    case CKA_COEFFICIENT:
1282	/* these are 'bigints' */
1283	memcpy(pAttribute->value,pValue,pAttribute->ulValueLen);
1284	break;
1285    case CKA_CLASS:
1286    case CKA_MODULUS_BITS:
1287    case CKA_VALUE_BITS:
1288    case CKA_VALUE_LEN:
1289	*(CK_ULONG_PTR)pAttribute->value = *(CK_ULONG_PTR)pValue;
1290	break;
1291    case CKA_START_DATE:
1292    case CKA_END_DATE:
1293	res = CKI_Date_Dup(pAttribute->value,(CK_DATE *)pValue);
1294	if (res != CKR_OK)
1295	{
1296	    log_printf("CKI_SetAttrValue_nf: error processing START_DATE, END_DATE (0x%08x)\n", res);
1297	    return(res);
1298	}
1299	break;
1300    case CKA_VENDOR_DEFINED:
1301    default:
1302	return(CKR_FUNCTION_NOT_SUPPORTED);
1303    }
1304    display_attribute(pAttribute);
1305    return(CKR_OK);
1306}	
1307
1308
1309/* expects pAttribute->type and pAttribute->ulValueLen to be set;
1310if pAttribute->value is set, it is freed first */
1311CK_RV CKI_SetAttrValue(CK_ATTRIBUTE_PTR pAttribute,CK_VOID_PTR pValue) {
1312    CK_RV res;
1313	
1314    log_printf("entering CKI_SetAttrValue with type 0x%08x, len %03ld, value 0x%08x\n",
1315		pAttribute->type, pAttribute->ulValueLen, pAttribute->value);
1316
1317    if (pAttribute->value) {
1318	free(pAttribute->value);
1319	pAttribute->value = NULL;
1320    }
1321
1322    switch (pAttribute->type) {
1323    case CKA_TOKEN:
1324    case CKA_PRIVATE:
1325    case CKA_MODIFIABLE:
1326    case CKA_DERIVE:
1327    case CKA_LOCAL:
1328    case CKA_ENCRYPT:
1329    case CKA_VERIFY:
1330    case CKA_VERIFY_RECOVER:
1331    case CKA_WRAP:
1332    case CKA_SENSITIVE:
1333    case CKA_DECRYPT:
1334    case CKA_SIGN:
1335    case CKA_SIGN_RECOVER:
1336    case CKA_UNWRAP:
1337    case CKA_EXTRACTABLE:
1338    case CKA_ALWAYS_SENSITIVE:
1339    case CKA_NEVER_EXTRACTABLE:
1340	pAttribute->value = (CK_BBOOL *)malloc(pAttribute->ulValueLen);
1341	*(CK_BBOOL *)pAttribute->value = *(CK_BBOOL *)pValue;
1342	break;
1343    case CKA_LABEL:
1344    case CKA_APPLICATION:
1345	pAttribute->value = (CK_CHAR_PTR)malloc(pAttribute->ulValueLen);
1346	memcpy(pAttribute->value,pValue,pAttribute->ulValueLen);
1347	break;
1348    case CKA_CERTIFICATE_TYPE:
1349	pAttribute->value = (CK_CERTIFICATE_TYPE *)malloc(pAttribute->ulValueLen);
1350	memcpy(pAttribute->value,pValue,pAttribute->ulValueLen);
1351	break;
1352    case CKA_VALUE: /* Bigint and BYTE_PTR are the same now; later, FIXME. */
1353    case CKA_SUBJECT:
1354    case CKA_ID:
1355    case CKA_ISSUER:
1356    case CKA_SERIAL_NUMBER:
1357	pAttribute->value = (CK_BYTE_PTR)malloc(pAttribute->ulValueLen);
1358	memcpy(pAttribute->value,pValue,pAttribute->ulValueLen);
1359	break;
1360    case CKA_KEY_TYPE:
1361	pAttribute->value = (CK_KEY_TYPE *)malloc(pAttribute->ulValueLen);
1362	*(CK_KEY_TYPE *)pAttribute->value = *(CK_KEY_TYPE *)pValue;
1363	break;
1364    case CKA_MODULUS:
1365    case CKA_PUBLIC_EXPONENT:
1366    case CKA_PRIME:
1367    case CKA_SUBPRIME:
1368    case CKA_BASE:
1369    case CKA_PRIVATE_EXPONENT:
1370    case CKA_PRIME_1:
1371    case CKA_PRIME_2:
1372    case CKA_EXPONENT_1:
1373    case CKA_EXPONENT_2:
1374    case CKA_COEFFICIENT:
1375	/* these are 'bigints' */
1376	pAttribute->value = (CK_BYTE_PTR)malloc(pAttribute->ulValueLen);
1377	memcpy(pAttribute->value,pValue,pAttribute->ulValueLen);
1378	break;
1379    case CKA_CLASS:
1380    case CKA_MODULUS_BITS:
1381    case CKA_VALUE_BITS:
1382    case CKA_VALUE_LEN:
1383	pAttribute->value = (CK_ULONG_PTR)malloc(pAttribute->ulValueLen);
1384	*(CK_ULONG_PTR)pAttribute->value = *(CK_ULONG_PTR)pValue;
1385	break;
1386    case CKA_START_DATE:
1387    case CKA_END_DATE:
1388	pAttribute->value = (CK_DATE *)malloc(pAttribute->ulValueLen);
1389	res = CKI_Date_Dup(pAttribute->value,(CK_DATE *)pValue);
1390	if (res != CKR_OK) return(res);
1391	break;
1392    case CKA_VENDOR_DEFINED:
1393    default:
1394	return(CKR_FUNCTION_NOT_SUPPORTED);
1395    }
1396    return(CKR_OK);
1397}