4
* Copyright (C) 2008 Stefan Walter
6
* This program is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU Lesser General Public License as
8
* published by the Free Software Foundation; either version 2.1 of
9
* the License, or (at your option) any later version.
11
* This program is distributed in the hope that it will be useful, but
12
* WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14
* Lesser General Public License for more details.
16
* You should have received a copy of the GNU Lesser General Public
17
* License along with this program; if not, write to the Free Software
18
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
24
#include "pkcs11/pkcs11.h"
26
#include "gck-aes-mechanism.h"
27
#include "gck-attributes.h"
28
#include "gck-crypto.h"
29
#include "gck-aes-key.h"
30
#include "gck-session.h"
31
#include "gck-transaction.h"
34
#include "egg/egg-secure-memory.h"
42
G_DEFINE_TYPE (GckAesKey, gck_aes_key, GCK_TYPE_SECRET_KEY);
44
/* -----------------------------------------------------------------------------
49
algorithm_for_length (gsize length)
53
return GCRY_CIPHER_AES128;
55
return GCRY_CIPHER_AES192;
57
return GCRY_CIPHER_AES256;
64
attribute_set_check_value (GckAesKey *self, CK_ATTRIBUTE *attr)
71
g_assert (GCK_IS_AES_KEY (self));
74
/* Just asking for the length */
80
cih = gck_aes_key_get_cipher (self, GCRY_CIPHER_MODE_ECB);
82
return CKR_FUNCTION_FAILED;
85
data = g_malloc0 (self->n_value);
88
gcry = gcry_cipher_encrypt (cih, data, self->n_value, NULL, 0);
89
g_return_val_if_fail (gcry == 0, CKR_GENERAL_ERROR);
91
/* Use the first three bytes */
92
g_assert (self->n_value > 3);
93
rv = gck_attribute_set_data (attr, data, 3);
95
gcry_cipher_close (cih);
102
factory_create_aes_key (GckSession *session, GckTransaction *transaction,
103
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
107
CK_ATTRIBUTE_PTR value;
109
value = gck_attributes_find (attrs, n_attrs, CKA_VALUE);
111
gck_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
115
if (algorithm_for_length (value->ulValueLen) == 0) {
116
gck_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT);
120
manager = gck_manager_for_template (attrs, n_attrs, session);
121
key = g_object_new (GCK_TYPE_AES_KEY,
122
"module", gck_session_get_module (session),
126
key->value = egg_secure_alloc (value->ulValueLen);
127
key->n_value = value->ulValueLen;
128
memcpy (key->value, value->pValue, key->n_value);
130
gck_attribute_consume (value);
132
gck_session_complete_object_creation (session, transaction, GCK_OBJECT (key),
133
TRUE, attrs, n_attrs);
134
return GCK_OBJECT (key);
137
/* -----------------------------------------------------------------------------
142
gck_aes_key_real_get_attribute (GckObject *base, GckSession *session, CK_ATTRIBUTE *attr)
144
GckAesKey *self = GCK_AES_KEY (base);
149
return gck_attribute_set_ulong (attr, CKK_AES);
153
return gck_attribute_set_bool (attr, CK_TRUE);
156
return gck_attribute_set_data (attr, self->value, self->n_value);
159
return gck_attribute_set_ulong (attr, self->n_value);
161
case CKA_CHECK_VALUE:
162
return attribute_set_check_value (self, attr);
164
case CKA_ALLOWED_MECHANISMS:
165
return gck_attribute_set_data (attr, (CK_VOID_PTR)GCK_AES_MECHANISMS,
166
sizeof (GCK_AES_MECHANISMS));
169
return GCK_OBJECT_CLASS (gck_aes_key_parent_class)->get_attribute (base, session, attr);
173
gck_aes_key_init (GckAesKey *self)
179
gck_aes_key_finalize (GObject *obj)
181
GckAesKey *self = GCK_AES_KEY (obj);
184
egg_secure_clear (self->value, self->n_value);
185
egg_secure_free (self->value);
190
G_OBJECT_CLASS (gck_aes_key_parent_class)->finalize (obj);
194
gck_aes_key_class_init (GckAesKeyClass *klass)
196
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
197
GckObjectClass *gck_class = GCK_OBJECT_CLASS (klass);
199
gck_aes_key_parent_class = g_type_class_peek_parent (klass);
201
gobject_class->finalize = gck_aes_key_finalize;
203
gck_class->get_attribute = gck_aes_key_real_get_attribute;
206
/* -----------------------------------------------------------------------------
211
gck_aes_key_get_factory (void)
213
static CK_OBJECT_CLASS klass = CKO_SECRET_KEY;
214
static CK_KEY_TYPE type = CKK_AES;
216
static CK_ATTRIBUTE attributes[] = {
217
{ CKA_CLASS, &klass, sizeof (klass) },
218
{ CKA_KEY_TYPE, &type, sizeof (type) }
221
static GckFactory factory = {
223
G_N_ELEMENTS (attributes),
224
factory_create_aes_key
231
gck_aes_key_get_block_size (GckAesKey *self)
235
g_return_val_if_fail (GCK_IS_AES_KEY (self), 0);
237
algorithm = algorithm_for_length (self->n_value);
238
g_return_val_if_fail (algorithm != 0, 0);
240
return self->n_value;
244
gck_aes_key_get_cipher (GckAesKey *self, int mode)
246
gcry_cipher_hd_t cih;
250
g_return_val_if_fail (GCK_IS_AES_KEY (self), NULL);
252
algorithm = algorithm_for_length (self->n_value);
253
g_return_val_if_fail (algorithm != 0, NULL);
255
gcry = gcry_cipher_open (&cih, algorithm, mode, 0);
257
g_warning ("couldn't open %s cipher: %s",
258
gcry_cipher_algo_name (algorithm), gcry_strerror (gcry));
263
gcry = gcry_cipher_setkey (cih, self->value, self->n_value);
264
g_return_val_if_fail (gcry == 0, NULL);