|
 |
971d89 |
From c6d6be8b7c1c1fa346af420daada56e28da5af6d Mon Sep 17 00:00:00 2001
|
|
|
971d89 |
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
971d89 |
Date: Fri, 4 Nov 2022 09:44:35 +0100
|
|
|
971d89 |
Subject: [PATCH 06/34] EP11: Pass back chain code for CKM_IBM_BTC_DERIVE
|
|
|
971d89 |
|
|
|
971d89 |
When deriving a key using CKM_IBM_BTC_DERIVE, the resulting chain code
|
|
|
971d89 |
must be passed back in the buffer supplied by the caller in the
|
|
|
971d89 |
mechanism parameter (field pChainCode in CK_IBM_BTC_DERIVE_PARAMS).
|
|
|
971d89 |
This chain code can then be used to derive further keys from the just
|
|
|
971d89 |
derived key.
|
|
|
971d89 |
|
|
|
971d89 |
Note that field ulChainCodeLen must be zero for any BTC master key
|
|
|
971d89 |
derivation, but pChainCode must still point to a buffer of 32 bytes
|
|
|
971d89 |
(CK_IBM_BTC_CHAINCODE_LENGTH) to receive the resulting chain code.
|
|
|
971d89 |
|
|
|
971d89 |
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
971d89 |
---
|
|
|
971d89 |
usr/lib/ep11_stdll/ep11_specific.c | 20 ++++++++++++++++++++
|
|
|
971d89 |
1 file changed, 20 insertions(+)
|
|
|
971d89 |
|
|
|
971d89 |
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
|
|
|
971d89 |
index 432790f1..a56b5b82 100644
|
|
|
971d89 |
--- a/usr/lib/ep11_stdll/ep11_specific.c
|
|
|
971d89 |
+++ b/usr/lib/ep11_stdll/ep11_specific.c
|
|
|
971d89 |
@@ -4988,6 +4988,7 @@ CK_RV ep11tok_derive_key(STDLL_TokData_t * tokdata, SESSION * session,
|
|
|
971d89 |
CK_ULONG used_firmware_API_version;
|
|
|
971d89 |
CK_MECHANISM_PTR mech_orig = mech;
|
|
|
971d89 |
CK_ATTRIBUTE *ec_params;
|
|
|
971d89 |
+ CK_IBM_BTC_DERIVE_PARAMS *btc_params = NULL;
|
|
|
971d89 |
|
|
|
971d89 |
memset(newblob, 0, sizeof(newblob));
|
|
|
971d89 |
|
|
|
971d89 |
@@ -5106,6 +5107,18 @@ CK_RV ep11tok_derive_key(STDLL_TokData_t * tokdata, SESSION * session,
|
|
|
971d89 |
}
|
|
|
971d89 |
}
|
|
|
971d89 |
|
|
|
971d89 |
+ if (mech->mechanism == CKM_IBM_BTC_DERIVE) {
|
|
|
971d89 |
+ if (mech->ulParameterLen != sizeof(CK_IBM_BTC_DERIVE_PARAMS) ||
|
|
|
971d89 |
+ mech->pParameter == NULL) {
|
|
|
971d89 |
+ TRACE_ERROR("%s Param NULL or len for %s wrong: %lu\n",
|
|
|
971d89 |
+ __func__, ep11_get_ckm(tokdata, mech->mechanism),
|
|
|
971d89 |
+ mech->ulParameterLen);
|
|
|
971d89 |
+ return CKR_MECHANISM_PARAM_INVALID;
|
|
|
971d89 |
+ }
|
|
|
971d89 |
+
|
|
|
971d89 |
+ btc_params = (CK_IBM_BTC_DERIVE_PARAMS *)mech->pParameter;
|
|
|
971d89 |
+ }
|
|
|
971d89 |
+
|
|
|
971d89 |
rc = h_opaque_2_blob(tokdata, hBaseKey, &keyblob, &keyblobsize,
|
|
|
971d89 |
&base_key_obj, READ_LOCK);
|
|
|
971d89 |
if (rc != CKR_OK) {
|
|
|
971d89 |
@@ -5300,6 +5313,13 @@ CK_RV ep11tok_derive_key(STDLL_TokData_t * tokdata, SESSION * session,
|
|
|
971d89 |
}
|
|
|
971d89 |
opaque_attr = NULL;
|
|
|
971d89 |
|
|
|
971d89 |
+ if (mech->mechanism == CKM_IBM_BTC_DERIVE &&
|
|
|
971d89 |
+ btc_params != NULL && btc_params->pChainCode != NULL &&
|
|
|
971d89 |
+ cslen >= CK_IBM_BTC_CHAINCODE_LENGTH) {
|
|
|
971d89 |
+ memcpy(btc_params->pChainCode, csum, CK_IBM_BTC_CHAINCODE_LENGTH);
|
|
|
971d89 |
+ btc_params->ulChainCodeLen = CK_IBM_BTC_CHAINCODE_LENGTH;
|
|
|
971d89 |
+ }
|
|
|
971d89 |
+
|
|
|
971d89 |
if (mech->mechanism == CKM_IBM_BTC_DERIVE && class == CKO_PUBLIC_KEY) {
|
|
|
971d89 |
/* Derived blob is an SPKI, extract public EC key attributes */
|
|
|
971d89 |
rc = ecdsa_priv_unwrap_get_data(key_obj->template,
|
|
|
971d89 |
--
|
|
|
971d89 |
2.16.2.windows.1
|
|
|
971d89 |
|