Blame SOURCES/0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch

397a93
From c6d6be8b7c1c1fa346af420daada56e28da5af6d Mon Sep 17 00:00:00 2001
397a93
From: Ingo Franzki <ifranzki@linux.ibm.com>
397a93
Date: Fri, 4 Nov 2022 09:44:35 +0100
397a93
Subject: [PATCH 06/34] EP11: Pass back chain code for CKM_IBM_BTC_DERIVE
397a93
397a93
When deriving a key using CKM_IBM_BTC_DERIVE, the resulting chain code
397a93
must be passed back in the buffer supplied by the caller in the
397a93
mechanism parameter (field pChainCode in CK_IBM_BTC_DERIVE_PARAMS).
397a93
This chain code can then be used to derive further keys from the just
397a93
derived key.
397a93
397a93
Note that field ulChainCodeLen must be zero for any BTC master key
397a93
derivation, but pChainCode must still point to a buffer of 32 bytes
397a93
(CK_IBM_BTC_CHAINCODE_LENGTH) to receive the resulting chain code.
397a93
397a93
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
397a93
---
397a93
 usr/lib/ep11_stdll/ep11_specific.c | 20 ++++++++++++++++++++
397a93
 1 file changed, 20 insertions(+)
397a93
397a93
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
397a93
index 432790f1..a56b5b82 100644
397a93
--- a/usr/lib/ep11_stdll/ep11_specific.c
397a93
+++ b/usr/lib/ep11_stdll/ep11_specific.c
397a93
@@ -4988,6 +4988,7 @@ CK_RV ep11tok_derive_key(STDLL_TokData_t * tokdata, SESSION * session,
397a93
     CK_ULONG used_firmware_API_version;
397a93
     CK_MECHANISM_PTR mech_orig = mech;
397a93
     CK_ATTRIBUTE *ec_params;
397a93
+    CK_IBM_BTC_DERIVE_PARAMS *btc_params = NULL;
397a93
 
397a93
     memset(newblob, 0, sizeof(newblob));
397a93
 
397a93
@@ -5106,6 +5107,18 @@ CK_RV ep11tok_derive_key(STDLL_TokData_t * tokdata, SESSION * session,
397a93
         }
397a93
     }
397a93
 
397a93
+    if (mech->mechanism == CKM_IBM_BTC_DERIVE) {
397a93
+        if (mech->ulParameterLen != sizeof(CK_IBM_BTC_DERIVE_PARAMS) ||
397a93
+            mech->pParameter == NULL) {
397a93
+            TRACE_ERROR("%s Param NULL or len for %s wrong: %lu\n",
397a93
+                        __func__, ep11_get_ckm(tokdata, mech->mechanism),
397a93
+                        mech->ulParameterLen);
397a93
+            return CKR_MECHANISM_PARAM_INVALID;
397a93
+        }
397a93
+
397a93
+        btc_params = (CK_IBM_BTC_DERIVE_PARAMS *)mech->pParameter;
397a93
+    }
397a93
+
397a93
     rc = h_opaque_2_blob(tokdata, hBaseKey, &keyblob, &keyblobsize,
397a93
                          &base_key_obj, READ_LOCK);
397a93
     if (rc != CKR_OK) {
397a93
@@ -5300,6 +5313,13 @@ CK_RV ep11tok_derive_key(STDLL_TokData_t * tokdata, SESSION * session,
397a93
     }
397a93
     opaque_attr = NULL;
397a93
 
397a93
+    if (mech->mechanism == CKM_IBM_BTC_DERIVE &&
397a93
+        btc_params != NULL && btc_params->pChainCode != NULL &&
397a93
+        cslen >= CK_IBM_BTC_CHAINCODE_LENGTH) {
397a93
+        memcpy(btc_params->pChainCode, csum, CK_IBM_BTC_CHAINCODE_LENGTH);
397a93
+        btc_params->ulChainCodeLen = CK_IBM_BTC_CHAINCODE_LENGTH;
397a93
+    }
397a93
+
397a93
     if (mech->mechanism == CKM_IBM_BTC_DERIVE && class == CKO_PUBLIC_KEY) {
397a93
         /* Derived blob is an SPKI, extract public EC key attributes */
397a93
         rc = ecdsa_priv_unwrap_get_data(key_obj->template,
397a93
-- 
397a93
2.16.2.windows.1
397a93