diff options
Diffstat (limited to 'src/shared/pkcs11-util.c')
-rw-r--r-- | src/shared/pkcs11-util.c | 1033 |
1 files changed, 875 insertions, 158 deletions
diff --git a/src/shared/pkcs11-util.c b/src/shared/pkcs11-util.c index 6e88dc3..b5cd9a3 100644 --- a/src/shared/pkcs11-util.c +++ b/src/shared/pkcs11-util.c @@ -43,22 +43,29 @@ bool pkcs11_uri_valid(const char *uri) { static void *p11kit_dl = NULL; -char *(*sym_p11_kit_module_get_name)(CK_FUNCTION_LIST *module); -void (*sym_p11_kit_modules_finalize_and_release)(CK_FUNCTION_LIST **modules); -CK_FUNCTION_LIST **(*sym_p11_kit_modules_load_and_initialize)(int flags); -const char *(*sym_p11_kit_strerror)(CK_RV rv); -int (*sym_p11_kit_uri_format)(P11KitUri *uri, P11KitUriType uri_type, char **string); -void (*sym_p11_kit_uri_free)(P11KitUri *uri); -CK_ATTRIBUTE_PTR (*sym_p11_kit_uri_get_attributes)(P11KitUri *uri, CK_ULONG *n_attrs); -CK_INFO_PTR (*sym_p11_kit_uri_get_module_info)(P11KitUri *uri); -CK_SLOT_INFO_PTR (*sym_p11_kit_uri_get_slot_info)(P11KitUri *uri); -CK_TOKEN_INFO_PTR (*sym_p11_kit_uri_get_token_info)(P11KitUri *uri); -int (*sym_p11_kit_uri_match_token_info)(const P11KitUri *uri, const CK_TOKEN_INFO *token_info); -const char *(*sym_p11_kit_uri_message)(int code); -P11KitUri *(*sym_p11_kit_uri_new)(void); -int (*sym_p11_kit_uri_parse)(const char *string, P11KitUriType uri_type, P11KitUri *uri); +DLSYM_FUNCTION(p11_kit_module_get_name); +DLSYM_FUNCTION(p11_kit_modules_finalize_and_release); +DLSYM_FUNCTION(p11_kit_modules_load_and_initialize); +DLSYM_FUNCTION(p11_kit_strerror); +DLSYM_FUNCTION(p11_kit_uri_format); +DLSYM_FUNCTION(p11_kit_uri_free); +DLSYM_FUNCTION(p11_kit_uri_get_attributes); +DLSYM_FUNCTION(p11_kit_uri_get_attribute); +DLSYM_FUNCTION(p11_kit_uri_set_attribute); +DLSYM_FUNCTION(p11_kit_uri_get_module_info); +DLSYM_FUNCTION(p11_kit_uri_get_slot_info); +DLSYM_FUNCTION(p11_kit_uri_get_token_info); +DLSYM_FUNCTION(p11_kit_uri_match_token_info); +DLSYM_FUNCTION(p11_kit_uri_message); +DLSYM_FUNCTION(p11_kit_uri_new); +DLSYM_FUNCTION(p11_kit_uri_parse); int dlopen_p11kit(void) { + ELF_NOTE_DLOPEN("p11-kit", + "Support for PKCS11 hardware tokens", + ELF_NOTE_DLOPEN_PRIORITY_SUGGESTED, + "libp11-kit.so.0"); + return dlopen_many_sym_or_warn( &p11kit_dl, "libp11-kit.so.0", LOG_DEBUG, @@ -69,6 +76,8 @@ int dlopen_p11kit(void) { DLSYM_ARG(p11_kit_uri_format), DLSYM_ARG(p11_kit_uri_free), DLSYM_ARG(p11_kit_uri_get_attributes), + DLSYM_ARG(p11_kit_uri_get_attribute), + DLSYM_ARG(p11_kit_uri_set_attribute), DLSYM_ARG(p11_kit_uri_get_module_info), DLSYM_ARG(p11_kit_uri_get_slot_info), DLSYM_ARG(p11_kit_uri_get_token_info), @@ -287,12 +296,11 @@ int pkcs11_token_login( CK_SLOT_ID slotid, const CK_TOKEN_INFO *token_info, const char *friendly_name, - const char *icon_name, - const char *key_name, - const char *credential_name, + const char *askpw_icon, + const char *askpw_keyring, + const char *askpw_credential, usec_t until, - AskPasswordFlags ask_password_flags, - bool headless, + AskPasswordFlags askpw_flags, char **ret_used_pin) { _cleanup_free_ char *token_uri_string = NULL, *token_uri_escaped = NULL, *id = NULL, *token_label = NULL; @@ -347,7 +355,7 @@ int pkcs11_token_login( if (!passwords) return log_oom(); - } else if (headless) + } else if (FLAGS_SET(askpw_flags, ASK_PASSWORD_HEADLESS)) return log_error_errno(SYNTHETIC_ERRNO(ENOPKG), "PIN querying disabled via 'headless' option. Use the 'PIN' environment variable."); else { _cleanup_free_ char *text = NULL; @@ -371,8 +379,16 @@ int pkcs11_token_login( if (r < 0) return log_oom(); + AskPasswordRequest req = { + .message = text, + .icon = askpw_icon, + .id = id, + .keyring = askpw_keyring, + .credential = askpw_credential, + }; + /* We never cache PINs, simply because it's fatal if we use wrong PINs, since usually there are only 3 tries */ - r = ask_password_auto(text, icon_name, id, key_name, credential_name, until, ask_password_flags, &passwords); + r = ask_password_auto(&req, until, askpw_flags, &passwords); if (r < 0) return log_error_errno(r, "Failed to query PIN for security token '%s': %m", token_label); } @@ -523,13 +539,294 @@ int pkcs11_token_find_x509_certificate( } #if HAVE_OPENSSL +static int read_public_key_info( + CK_FUNCTION_LIST *m, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + EVP_PKEY **ret_pkey) { + + CK_ATTRIBUTE attribute = { CKA_PUBLIC_KEY_INFO, NULL_PTR, 0 }; + _cleanup_(EVP_PKEY_freep) EVP_PKEY *pkey = NULL; + CK_RV rv; + + rv = m->C_GetAttributeValue(session, object, &attribute, 1); + if (rv != CKR_OK) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), + "Failed to get size of CKA_PUBLIC_KEY_INFO: %s", sym_p11_kit_strerror(rv)); + + if (attribute.ulValueLen == 0) + return log_debug_errno(SYNTHETIC_ERRNO(ENOENT), "CKA_PUBLIC_KEY_INFO is empty"); + + _cleanup_free_ void *buffer = malloc(attribute.ulValueLen); + if (!buffer) + return log_oom_debug(); + + attribute.pValue = buffer; + + rv = m->C_GetAttributeValue(session, object, &attribute, 1); + if (rv != CKR_OK) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), + "Failed to read CKA_PUBLIC_KEY_INFO: %s", sym_p11_kit_strerror(rv)); + + const unsigned char *value = attribute.pValue; + pkey = d2i_PUBKEY(NULL, &value, attribute.ulValueLen); + if (!pkey) + return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "Failed to parse CKA_PUBLIC_KEY_INFO"); + + *ret_pkey = TAKE_PTR(pkey); + return 0; +} + +int pkcs11_token_read_public_key( + CK_FUNCTION_LIST *m, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + EVP_PKEY **ret_pkey) { + + _cleanup_(EVP_PKEY_freep) EVP_PKEY *pkey = NULL; + CK_RV rv; + int r; + + r = read_public_key_info(m, session, object, &pkey); + if (r >= 0) { + *ret_pkey = TAKE_PTR(pkey); + return 0; + } + + CK_KEY_TYPE key_type; + CK_ATTRIBUTE attribute = { CKA_KEY_TYPE, &key_type, sizeof(key_type) }; + + rv = m->C_GetAttributeValue(session, object, &attribute, 1); + if (rv != CKR_OK) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), + "Failed to get CKA_KEY_TYPE of a public key: %s", sym_p11_kit_strerror(rv)); + + switch (key_type) { + case CKK_RSA: { + CK_ATTRIBUTE rsa_attributes[] = { + { CKA_MODULUS, NULL_PTR, 0 }, + { CKA_PUBLIC_EXPONENT, NULL_PTR, 0 }, + }; + + rv = m->C_GetAttributeValue(session, object, rsa_attributes, ELEMENTSOF(rsa_attributes)); + if (rv != CKR_OK) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), + "Failed to get size of attributes of an RSA public key: %s", sym_p11_kit_strerror(rv)); + + if (rsa_attributes[0].ulValueLen == 0) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "An RSA public key has empty CKA_MODULUS."); + + _cleanup_free_ void *modulus = malloc(rsa_attributes[0].ulValueLen); + if (!modulus) + return log_oom_debug(); + + rsa_attributes[0].pValue = modulus; + + if (rsa_attributes[1].ulValueLen == 0) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "An RSA public key has empty CKA_PUBLIC_EXPONENT."); + + _cleanup_free_ void *public_exponent = malloc(rsa_attributes[1].ulValueLen); + if (!public_exponent) + return log_oom_debug(); + + rsa_attributes[1].pValue = public_exponent; + + rv = m->C_GetAttributeValue(session, object, rsa_attributes, ELEMENTSOF(rsa_attributes)); + if (rv != CKR_OK) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), + "Failed to get attributes of an RSA public key: %s", sym_p11_kit_strerror(rv)); + + size_t n_size = rsa_attributes[0].ulValueLen, e_size = rsa_attributes[1].ulValueLen; + r = rsa_pkey_from_n_e(rsa_attributes[0].pValue, n_size, rsa_attributes[1].pValue, e_size, &pkey); + if (r < 0) + return log_debug_errno(r, "Failed to create an EVP_PKEY from RSA parameters."); + + break; + } + case CKK_EC: { + CK_ATTRIBUTE ec_attributes[] = { + { CKA_EC_PARAMS, NULL_PTR, 0 }, + { CKA_EC_POINT, NULL_PTR, 0 }, + }; + + rv = m->C_GetAttributeValue(session, object, ec_attributes, ELEMENTSOF(ec_attributes)); + if (rv != CKR_OK) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), + "Failed to get size of attributes of an EC public key: %s", sym_p11_kit_strerror(rv)); + + if (ec_attributes[0].ulValueLen == 0) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "An EC public key has empty CKA_EC_PARAMS."); + + _cleanup_free_ void *ec_group = malloc(ec_attributes[0].ulValueLen); + if (!ec_group) + return log_oom_debug(); + + ec_attributes[0].pValue = ec_group; + + if (ec_attributes[1].ulValueLen == 0) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "An EC public key has empty CKA_EC_POINT."); + + _cleanup_free_ void *ec_point = malloc(ec_attributes[1].ulValueLen); + if (!ec_point) + return log_oom_debug(); + + ec_attributes[1].pValue = ec_point; + + rv = m->C_GetAttributeValue(session, object, ec_attributes, ELEMENTSOF(ec_attributes)); + if (rv != CKR_OK) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), + "Failed to get attributes of an EC public key: %s", sym_p11_kit_strerror(rv)); + + _cleanup_(EC_GROUP_freep) EC_GROUP *group = NULL; + _cleanup_(ASN1_OCTET_STRING_freep) ASN1_OCTET_STRING *os = NULL; + + const unsigned char *ec_params_value = ec_attributes[0].pValue; + group = d2i_ECPKParameters(NULL, &ec_params_value, ec_attributes[0].ulValueLen); + if (!group) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to decode CKA_EC_PARAMS."); + + const unsigned char *ec_point_value = ec_attributes[1].pValue; + os = d2i_ASN1_OCTET_STRING(NULL, &ec_point_value, ec_attributes[1].ulValueLen); + if (!os) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to decode CKA_EC_POINT."); + +#if OPENSSL_VERSION_MAJOR >= 3 + _cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); + if (!ctx) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to create an EVP_PKEY_CTX for EC."); + + if (EVP_PKEY_fromdata_init(ctx) != 1) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to init an EVP_PKEY_CTX for EC."); + + OSSL_PARAM ec_params[8] = { + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, os->data, os->length) + }; + + _cleanup_free_ void *order = NULL, *p = NULL, *a = NULL, *b = NULL, *generator = NULL; + size_t order_size, p_size, a_size, b_size, generator_size; + + int nid = EC_GROUP_get_curve_name(group); + if (nid != NID_undef) { + const char* name = OSSL_EC_curve_nid2name(nid); + ec_params[1] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, (char*)name, strlen(name)); + ec_params[2] = OSSL_PARAM_construct_end(); + } else { + const char *field_type = EC_GROUP_get_field_type(group) == NID_X9_62_prime_field ? + "prime-field" : "characteristic-two-field"; + + const BIGNUM *bn_order = EC_GROUP_get0_order(group); + + _cleanup_(BN_CTX_freep) BN_CTX *bnctx = BN_CTX_new(); + if (!bnctx) + return log_oom_debug(); + + _cleanup_(BN_freep) BIGNUM *bn_p = BN_new(); + if (!bn_p) + return log_oom_debug(); + + _cleanup_(BN_freep) BIGNUM *bn_a = BN_new(); + if (!bn_a) + return log_oom_debug(); + + _cleanup_(BN_freep) BIGNUM *bn_b = BN_new(); + if (!bn_b) + return log_oom_debug(); + + if (EC_GROUP_get_curve(group, bn_p, bn_a, bn_b, bnctx) != 1) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to extract EC parameters from EC_GROUP."); + + order_size = BN_num_bytes(bn_order); + p_size = BN_num_bytes(bn_p); + a_size = BN_num_bytes(bn_a); + b_size = BN_num_bytes(bn_b); + + order = malloc(order_size); + if (!order) + return log_oom_debug(); + + p = malloc(p_size); + if (!p) + return log_oom_debug(); + + a = malloc(a_size); + if (!a) + return log_oom_debug(); + + b = malloc(b_size); + if (!b) + return log_oom_debug(); + + if (BN_bn2nativepad(bn_order, order, order_size) <= 0 || + BN_bn2nativepad(bn_p, p, p_size) <= 0 || + BN_bn2nativepad(bn_a, a, a_size) <= 0 || + BN_bn2nativepad(bn_b, b, b_size) <= 0 ) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to store EC parameters in native byte order."); + + const EC_POINT *point_gen = EC_GROUP_get0_generator(group); + generator_size = EC_POINT_point2oct(group, point_gen, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, bnctx); + if (generator_size == 0) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to determine size of a EC generator."); + + generator = malloc(generator_size); + if (!generator) + return log_oom_debug(); + + generator_size = EC_POINT_point2oct(group, point_gen, POINT_CONVERSION_UNCOMPRESSED, generator, generator_size, bnctx); + if (generator_size == 0) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to convert a EC generator to octet string."); + + ec_params[1] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_FIELD_TYPE, (char*)field_type, strlen(field_type)); + ec_params[2] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_EC_GENERATOR, generator, generator_size); + ec_params[3] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_EC_ORDER, order, order_size); + ec_params[4] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_EC_P, p, p_size); + ec_params[5] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_EC_A, a, a_size); + ec_params[6] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_EC_B, b, b_size); + ec_params[7] = OSSL_PARAM_construct_end(); + } + + if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_PUBLIC_KEY, ec_params) != 1) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to create EVP_PKEY from EC parameters."); +#else + _cleanup_(EC_POINT_freep) EC_POINT *point = EC_POINT_new(group); + if (!point) + return log_oom_debug(); + + if (EC_POINT_oct2point(group, point, os->data, os->length, NULL) != 1) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to decode CKA_EC_POINT."); + + _cleanup_(EC_KEY_freep) EC_KEY *ec_key = EC_KEY_new(); + if (!ec_key) + return log_oom_debug(); + + if (EC_KEY_set_group(ec_key, group) != 1) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to set group for EC_KEY."); + + if (EC_KEY_set_public_key(ec_key, point) != 1) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to set public key for EC_KEY."); + + pkey = EVP_PKEY_new(); + if (!pkey) + return log_oom_debug(); + + if (EVP_PKEY_set1_EC_KEY(pkey, ec_key) != 1) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to assign EC_KEY to EVP_PKEY."); +#endif + break; + } + default: + return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Unsupported type of public key: %lu", key_type); + } + + *ret_pkey = TAKE_PTR(pkey); + return 0; +} + int pkcs11_token_read_x509_certificate( CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, X509 **ret_cert) { - _cleanup_free_ void *buffer = NULL; _cleanup_free_ char *t = NULL; CK_ATTRIBUTE attribute = { .type = CKA_VALUE @@ -537,7 +834,6 @@ int pkcs11_token_read_x509_certificate( CK_RV rv; _cleanup_(X509_freep) X509 *x509 = NULL; X509_NAME *name = NULL; - const unsigned char *p; int r; r = dlopen_p11kit(); @@ -546,32 +842,32 @@ int pkcs11_token_read_x509_certificate( rv = m->C_GetAttributeValue(session, object, &attribute, 1); if (rv != CKR_OK) - return log_error_errno(SYNTHETIC_ERRNO(EIO), + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to read X.509 certificate size off token: %s", sym_p11_kit_strerror(rv)); - buffer = malloc(attribute.ulValueLen); + _cleanup_free_ void *buffer = malloc(attribute.ulValueLen); if (!buffer) - return log_oom(); + return log_oom_debug(); attribute.pValue = buffer; rv = m->C_GetAttributeValue(session, object, &attribute, 1); if (rv != CKR_OK) - return log_error_errno(SYNTHETIC_ERRNO(EIO), + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to read X.509 certificate data off token: %s", sym_p11_kit_strerror(rv)); - p = attribute.pValue; + const unsigned char *p = attribute.pValue; x509 = d2i_X509(NULL, &p, attribute.ulValueLen); if (!x509) - return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Failed parse X.509 certificate."); + return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "Failed to parse X.509 certificate."); name = X509_get_subject_name(x509); if (!name) - return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Failed to acquire X.509 subject name."); + return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "Failed to acquire X.509 subject name."); t = X509_NAME_oneline(name, NULL, 0); if (!t) - return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to format X.509 subject name as string."); + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to format X.509 subject name as string."); log_debug("Using X.509 certificate issued for '%s'.", t); @@ -586,143 +882,429 @@ int pkcs11_token_find_private_key( P11KitUri *search_uri, CK_OBJECT_HANDLE *ret_object) { - bool found_decrypt = false, found_class = false, found_key_type = false; + bool found_class = false; _cleanup_free_ CK_ATTRIBUTE *attributes_buffer = NULL; - CK_ULONG n_attributes, a, n_objects; - CK_ATTRIBUTE *attributes = NULL; - CK_OBJECT_HANDLE objects[2]; - CK_RV rv, rv2; - int r; + CK_KEY_TYPE key_type; + CK_BBOOL decrypt_value, derive_value; + CK_ATTRIBUTE optional_attributes[] = { + { CKA_KEY_TYPE, &key_type, sizeof(key_type) }, + { CKA_DECRYPT, &decrypt_value, sizeof(decrypt_value) }, + { CKA_DERIVE, &derive_value, sizeof(derive_value) }, + }; + uint8_t n_private_keys = 0; + CK_OBJECT_HANDLE private_key = CK_INVALID_HANDLE; + CK_RV rv; assert(m); assert(search_uri); assert(ret_object); - r = dlopen_p11kit(); - if (r < 0) - return r; - - attributes = sym_p11_kit_uri_get_attributes(search_uri, &n_attributes); - for (a = 0; a < n_attributes; a++) { + CK_ULONG n_attributes; + CK_ATTRIBUTE *attributes = sym_p11_kit_uri_get_attributes(search_uri, &n_attributes); + for (CK_ULONG i = 0; i < n_attributes; i++) { /* We use the URI's included match attributes, but make them more strict. This allows users * to specify a token URL instead of an object URL and the right thing should happen if * there's only one suitable key on the token. */ - switch (attributes[a].type) { - + switch (attributes[i].type) { case CKA_CLASS: { - CK_OBJECT_CLASS c; - - if (attributes[a].ulValueLen != sizeof(c)) + if (attributes[i].ulValueLen != sizeof(CK_OBJECT_CLASS)) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid PKCS#11 CKA_CLASS attribute size."); - memcpy(&c, attributes[a].pValue, sizeof(c)); - if (c != CKO_PRIVATE_KEY) + CK_OBJECT_CLASS *class = (CK_OBJECT_CLASS*) attributes[i].pValue; + if (*class != CKO_PRIVATE_KEY) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Selected PKCS#11 object is not a private key, refusing."); found_class = true; break; - } + }} + } - case CKA_DECRYPT: { - CK_BBOOL b; + if (!found_class) { + /* Hmm, let's slightly extend the attribute list we search for */ + static const CK_OBJECT_CLASS required_class = CKO_PRIVATE_KEY; - if (attributes[a].ulValueLen != sizeof(b)) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid PKCS#11 CKA_DECRYPT attribute size."); + attributes_buffer = new(CK_ATTRIBUTE, n_attributes + 1); + if (!attributes_buffer) + return log_oom(); - memcpy(&b, attributes[a].pValue, sizeof(b)); - if (!b) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Selected PKCS#11 object is not suitable for decryption, refusing."); + memcpy(attributes_buffer, attributes, sizeof(CK_ATTRIBUTE) * n_attributes); + + attributes_buffer[n_attributes++] = (CK_ATTRIBUTE) { + .type = CKA_CLASS, + .pValue = (CK_OBJECT_CLASS*) &required_class, + .ulValueLen = sizeof(required_class), + }; + + attributes = attributes_buffer; + } - found_decrypt = true; + rv = m->C_FindObjectsInit(session, attributes, n_attributes); + if (rv != CKR_OK) + return log_error_errno(SYNTHETIC_ERRNO(EIO), + "Failed to initialize object find call: %s", sym_p11_kit_strerror(rv)); + + for (;;) { + CK_ULONG b; + CK_OBJECT_HANDLE candidate; + rv = m->C_FindObjects(session, &candidate, 1, &b); + if (rv != CKR_OK) + return log_error_errno(SYNTHETIC_ERRNO(EIO), + "Failed to find objects: %s", sym_p11_kit_strerror(rv)); + + if (b == 0) break; - } - case CKA_KEY_TYPE: { - CK_KEY_TYPE t; + optional_attributes[0].ulValueLen = sizeof(key_type); + optional_attributes[1].ulValueLen = sizeof(decrypt_value); + optional_attributes[2].ulValueLen = sizeof(derive_value); - if (attributes[a].ulValueLen != sizeof(t)) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid PKCS#11 CKA_KEY_TYPE attribute size."); + rv = m->C_GetAttributeValue(session, candidate, optional_attributes, ELEMENTSOF(optional_attributes)); + if (!IN_SET(rv, CKR_OK, CKR_ATTRIBUTE_TYPE_INVALID)) + return log_error_errno(SYNTHETIC_ERRNO(EIO), + "Failed to get attributes of a found private key: %s", sym_p11_kit_strerror(rv)); - memcpy(&t, attributes[a].pValue, sizeof(t)); - if (t != CKK_RSA) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Selected PKCS#11 object is not an RSA key, refusing."); + if (optional_attributes[0].ulValueLen == CK_UNAVAILABLE_INFORMATION) { + log_debug("A found private key does not have CKA_KEY_TYPE, rejecting the key."); + continue; + } + + if (key_type == CKK_RSA) + if (optional_attributes[1].ulValueLen == CK_UNAVAILABLE_INFORMATION || decrypt_value == CK_FALSE) { + log_debug("A found private RSA key can't decrypt, rejecting the key."); + continue; + } - found_key_type = true; + if (key_type == CKK_EC) + if (optional_attributes[2].ulValueLen == CK_UNAVAILABLE_INFORMATION || derive_value == CK_FALSE) { + log_debug("A found private EC key can't derive, rejecting the key."); + continue; + } + + n_private_keys++; + if (n_private_keys > 1) break; - }} + private_key = candidate; } - if (!found_decrypt || !found_class || !found_key_type) { - /* Hmm, let's slightly extend the attribute list we search for */ + rv = m->C_FindObjectsFinal(session); + if (rv != CKR_OK) + return log_error_errno(SYNTHETIC_ERRNO(EIO), + "Failed to finalize object find call: %s", sym_p11_kit_strerror(rv)); - attributes_buffer = new(CK_ATTRIBUTE, n_attributes + !found_decrypt + !found_class + !found_key_type); - if (!attributes_buffer) + if (n_private_keys == 0) + return log_error_errno(SYNTHETIC_ERRNO(ENOENT), + "Failed to find selected private key suitable for decryption or derivation on token."); + + if (n_private_keys > 1) + return log_error_errno(SYNTHETIC_ERRNO(ENOTUNIQ), + "Configured private key URI matches multiple keys, refusing."); + + *ret_object = private_key; + return 0; +} + +static const char* object_class_to_string(CK_OBJECT_CLASS class) { + switch (class) { + case CKO_CERTIFICATE: + return "CKO_CERTIFICATE"; + case CKO_PUBLIC_KEY: + return "CKO_PUBLIC_KEY"; + case CKO_PRIVATE_KEY: + return "CKO_PRIVATE_KEY"; + case CKO_SECRET_KEY: + return "CKO_SECRET_KEY"; + default: + return NULL; + } +} + +/* Returns an object with the given class and the same CKA_ID or CKA_LABEL as prototype */ +int pkcs11_token_find_related_object( + CK_FUNCTION_LIST *m, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE prototype, + CK_OBJECT_CLASS class, + CK_OBJECT_HANDLE *ret_object ) { + + _cleanup_free_ void *buffer = NULL; + CK_ATTRIBUTE attributes[] = { + { CKA_ID, NULL_PTR, 0 }, + { CKA_LABEL, NULL_PTR, 0 } + }; + CK_OBJECT_CLASS search_class = class; + CK_ATTRIBUTE search_attributes[2] = { + { CKA_CLASS, &search_class, sizeof(search_class) } + }; + CK_ULONG n_objects; + CK_OBJECT_HANDLE objects[2]; + CK_RV rv; + + rv = m->C_GetAttributeValue(session, prototype, attributes, ELEMENTSOF(attributes)); + if (!IN_SET(rv, CKR_OK, CKR_ATTRIBUTE_TYPE_INVALID)) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to retrieve length of attributes: %s", sym_p11_kit_strerror(rv)); + + if (attributes[0].ulValueLen != CK_UNAVAILABLE_INFORMATION) { + buffer = malloc(attributes[0].ulValueLen); + if (!buffer) return log_oom(); - memcpy(attributes_buffer, attributes, sizeof(CK_ATTRIBUTE) * n_attributes); + attributes[0].pValue = buffer; + rv = m->C_GetAttributeValue(session, prototype, &attributes[0], 1); + if (rv != CKR_OK) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), + "Failed to retrieve CKA_ID: %s", sym_p11_kit_strerror(rv)); - if (!found_decrypt) { - static const CK_BBOOL yes = true; + search_attributes[1] = attributes[0]; - attributes_buffer[n_attributes++] = (CK_ATTRIBUTE) { - .type = CKA_DECRYPT, - .pValue = (CK_BBOOL*) &yes, - .ulValueLen = sizeof(yes), - }; - } + } else if (attributes[1].ulValueLen != CK_UNAVAILABLE_INFORMATION) { + buffer = malloc(attributes[1].ulValueLen); + if (!buffer) + return log_oom(); - if (!found_class) { - static const CK_OBJECT_CLASS class = CKO_PRIVATE_KEY; + attributes[1].pValue = buffer; + rv = m->C_GetAttributeValue(session, prototype, &attributes[1], 1); + if (rv != CKR_OK) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), + "Failed to retrieve CKA_LABEL: %s", sym_p11_kit_strerror(rv)); - attributes_buffer[n_attributes++] = (CK_ATTRIBUTE) { - .type = CKA_CLASS, - .pValue = (CK_OBJECT_CLASS*) &class, - .ulValueLen = sizeof(class), - }; - } + search_attributes[1] = attributes[1]; - if (!found_key_type) { - static const CK_KEY_TYPE type = CKK_RSA; + } else + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "The prototype does not have CKA_ID or CKA_LABEL"); - attributes_buffer[n_attributes++] = (CK_ATTRIBUTE) { - .type = CKA_KEY_TYPE, - .pValue = (CK_KEY_TYPE*) &type, - .ulValueLen = sizeof(type), - }; - } + rv = m->C_FindObjectsInit(session, search_attributes, 2); + if (rv != CKR_OK) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), + "Failed to initialize object find call: %s", sym_p11_kit_strerror(rv)); - attributes = attributes_buffer; + rv = m->C_FindObjects(session, objects, 2, &n_objects); + if (rv != CKR_OK) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), + "Failed to find objects: %s", sym_p11_kit_strerror(rv)); + + rv = m->C_FindObjectsFinal(session); + if (rv != CKR_OK) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), + "Failed to finalize object find call: %s", sym_p11_kit_strerror(rv)); + + if (n_objects == 0) + return log_debug_errno(SYNTHETIC_ERRNO(ENOENT), + "Failed to find a related object with class %s", object_class_to_string(class)); + + if (n_objects > 1) + log_warning("Found multiple related objects with class %s, using the first object.", + object_class_to_string(class)); + + *ret_object = objects[0]; + return 0; +} + +#if HAVE_OPENSSL +static int ecc_convert_to_compressed( + CK_FUNCTION_LIST *m, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + const void *uncompressed_point, + size_t uncompressed_point_size, + void **ret_compressed_point, + size_t *ret_compressed_point_size) { + + _cleanup_free_ void *ec_params_buffer = NULL; + CK_ATTRIBUTE ec_params_attr = { CKA_EC_PARAMS, NULL_PTR, 0 }; + CK_RV rv; + int r; + + rv = m->C_GetAttributeValue(session, object, &ec_params_attr, 1); + if (!IN_SET(rv, CKR_OK, CKR_ATTRIBUTE_TYPE_INVALID)) + return log_error_errno(SYNTHETIC_ERRNO(EIO), + "Failed to retrieve length of CKA_EC_PARAMS: %s", sym_p11_kit_strerror(rv)); + + if (ec_params_attr.ulValueLen != CK_UNAVAILABLE_INFORMATION) { + ec_params_buffer = malloc(ec_params_attr.ulValueLen); + if (!ec_params_buffer) + return log_oom(); + + ec_params_attr.pValue = ec_params_buffer; + rv = m->C_GetAttributeValue(session, object, &ec_params_attr, 1); + if (rv != CKR_OK) + return log_error_errno(SYNTHETIC_ERRNO(EIO), + "Failed to retrieve CKA_EC_PARAMS from a private key: %s", sym_p11_kit_strerror(rv)); + } else { + CK_OBJECT_HANDLE public_key; + r = pkcs11_token_find_related_object(m, session, object, CKO_PUBLIC_KEY, &public_key); + if (r < 0) + return log_error_errno(r, "Failed to find a public key for compressing a EC point"); + + ec_params_attr.ulValueLen = 0; + rv = m->C_GetAttributeValue(session, public_key, &ec_params_attr, 1); + if (!IN_SET(rv, CKR_OK, CKR_ATTRIBUTE_TYPE_INVALID)) + return log_error_errno(SYNTHETIC_ERRNO(EIO), + "Failed to retrieve length of CKA_EC_PARAMS: %s", sym_p11_kit_strerror(rv)); + + if (ec_params_attr.ulValueLen == CK_UNAVAILABLE_INFORMATION) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "The public key does not have CKA_EC_PARAMS"); + + ec_params_buffer = malloc(ec_params_attr.ulValueLen); + if (!ec_params_buffer) + return log_oom(); + + ec_params_attr.pValue = ec_params_buffer; + rv = m->C_GetAttributeValue(session, public_key, &ec_params_attr, 1); + if (rv != CKR_OK) + return log_error_errno(SYNTHETIC_ERRNO(EIO), + "Failed to retrieve CKA_EC_PARAMS from a public key: %s", sym_p11_kit_strerror(rv)); } - rv = m->C_FindObjectsInit(session, attributes, n_attributes); + _cleanup_(EC_GROUP_freep) EC_GROUP *group = NULL; + _cleanup_(EC_POINT_freep) EC_POINT *point = NULL; + _cleanup_(BN_CTX_freep) BN_CTX *bnctx = NULL; + _cleanup_free_ void *compressed_point = NULL; + size_t compressed_point_size; + + const unsigned char *ec_params_value = ec_params_attr.pValue; + group = d2i_ECPKParameters(NULL, &ec_params_value, ec_params_attr.ulValueLen); + if (!group) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to decode CKA_EC_PARAMS"); + + point = EC_POINT_new(group); + if (!point) + return log_oom(); + + bnctx = BN_CTX_new(); + if (!bnctx) + return log_oom(); + + if (EC_POINT_oct2point(group, point, uncompressed_point, uncompressed_point_size, bnctx) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to decode an uncompressed EC point"); + + compressed_point_size = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, NULL, 0, bnctx); + if (compressed_point_size == 0) + return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to determine size of a compressed EC point"); + + compressed_point = malloc(compressed_point_size); + if (!compressed_point) + return log_oom(); + + compressed_point_size = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, compressed_point, compressed_point_size, bnctx); + if (compressed_point_size == 0) + return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to convert a EC point to compressed format"); + + *ret_compressed_point = TAKE_PTR(compressed_point); + *ret_compressed_point_size = compressed_point_size; + return 0; +} +#endif + +/* Since EC keys doesn't support encryption directly, we use ECDH protocol to derive shared secret here. + * We use PKCS#11 C_DeriveKey function to derive a shared secret with a private key stored in the token and + * a public key saved on enrollment. */ +static int pkcs11_token_decrypt_data_ecc( + CK_FUNCTION_LIST *m, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + const void *encrypted_data, + size_t encrypted_data_size, + void **ret_decrypted_data, + size_t *ret_decrypted_data_size) { + + static const CK_BBOOL yes = CK_TRUE, no = CK_FALSE; + static const CK_OBJECT_CLASS shared_secret_class = CKO_SECRET_KEY; + static const CK_KEY_TYPE shared_secret_type = CKK_GENERIC_SECRET; + static const CK_ATTRIBUTE shared_secret_template[] = { + { CKA_TOKEN, (void*) &no, sizeof(no) }, + { CKA_CLASS, (void*) &shared_secret_class, sizeof(shared_secret_class) }, + { CKA_KEY_TYPE, (void*) &shared_secret_type, sizeof(shared_secret_type) }, + { CKA_SENSITIVE, (void*) &no, sizeof(no) }, + { CKA_EXTRACTABLE, (void*) &yes, sizeof(yes) } + }; + CK_ECDH1_DERIVE_PARAMS params = { + .kdf = CKD_NULL, + .pPublicData = (void*) encrypted_data, + .ulPublicDataLen = encrypted_data_size + }; + CK_MECHANISM mechanism = { + .mechanism = CKM_ECDH1_DERIVE, + .pParameter = ¶ms, + .ulParameterLen = sizeof(params) + }; + CK_OBJECT_HANDLE shared_secret_handle; + CK_SESSION_INFO session_info; + CK_MECHANISM_INFO mechanism_info; + CK_RV rv, rv2; +#if HAVE_OPENSSL + _cleanup_free_ void *compressed_point = NULL; + int r; +#endif + + rv = m->C_GetSessionInfo(session, &session_info); if (rv != CKR_OK) return log_error_errno(SYNTHETIC_ERRNO(EIO), - "Failed to initialize object find call: %s", sym_p11_kit_strerror(rv)); + "Failed to get information about the PKCS#11 session: %s", sym_p11_kit_strerror(rv)); - rv = m->C_FindObjects(session, objects, ELEMENTSOF(objects), &n_objects); - rv2 = m->C_FindObjectsFinal(session); + rv = m->C_GetMechanismInfo(session_info.slotID, CKM_ECDH1_DERIVE, &mechanism_info); if (rv != CKR_OK) return log_error_errno(SYNTHETIC_ERRNO(EIO), - "Failed to find objects: %s", sym_p11_kit_strerror(rv)); + "Failed to get information about CKM_ECDH1_DERIVE: %s", sym_p11_kit_strerror(rv)); + + if (!(mechanism_info.flags & CKF_EC_UNCOMPRESS)) { + if (mechanism_info.flags & CKF_EC_COMPRESS) { +#if HAVE_OPENSSL + log_debug("CKM_ECDH1_DERIVE accepts compressed EC points only, trying to convert."); + size_t compressed_point_size = 0; /* Explicit initialization to appease gcc */ + r = ecc_convert_to_compressed(m, session, object, encrypted_data, encrypted_data_size, &compressed_point, &compressed_point_size); + if (r < 0) + return r; + + params.pPublicData = compressed_point; + params.ulPublicDataLen = compressed_point_size; +#else + return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), + "CKM_ECDH1_DERIVE does not support uncompressed format of EC points"); +#endif + } else + log_debug("Both CKF_EC_UNCOMPRESS and CKF_EC_COMPRESS are false for CKM_ECDH1_DERIVE, ignoring."); + } + + rv = m->C_DeriveKey(session, &mechanism, object, (CK_ATTRIBUTE*) shared_secret_template, ELEMENTSOF(shared_secret_template), &shared_secret_handle); + if (rv != CKR_OK) + return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to derive a shared secret: %s", sym_p11_kit_strerror(rv)); + + CK_ATTRIBUTE shared_secret_attr = { CKA_VALUE, NULL_PTR, 0}; + + rv = m->C_GetAttributeValue(session, shared_secret_handle, &shared_secret_attr, 1); + if (rv != CKR_OK) { + rv2 = m->C_DestroyObject(session, shared_secret_handle); + if (rv2 != CKR_OK) + log_warning("Failed to destroy a shared secret, ignoring: %s", sym_p11_kit_strerror(rv2)); + return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to retrieve shared secret length: %s", sym_p11_kit_strerror(rv)); + } + + shared_secret_attr.pValue = malloc(shared_secret_attr.ulValueLen); + if (!shared_secret_attr.pValue) + return log_oom(); + + rv = m->C_GetAttributeValue(session, shared_secret_handle, &shared_secret_attr, 1); + rv2 = m->C_DestroyObject(session, shared_secret_handle); if (rv2 != CKR_OK) - return log_error_errno(SYNTHETIC_ERRNO(EIO), - "Failed to finalize object find call: %s", sym_p11_kit_strerror(rv)); - if (n_objects == 0) - return log_error_errno(SYNTHETIC_ERRNO(ENOENT), - "Failed to find selected private key suitable for decryption on token."); - if (n_objects > 1) - return log_error_errno(SYNTHETIC_ERRNO(ENOTUNIQ), - "Configured private key URI matches multiple keys, refusing."); + log_warning("Failed to destroy a shared secret, ignoring: %s", sym_p11_kit_strerror(rv2)); - *ret_object = objects[0]; + if (rv != CKR_OK) { + erase_and_free(shared_secret_attr.pValue); + return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to retrieve a shared secret: %s", sym_p11_kit_strerror(rv)); + } + + log_info("Successfully derived key with security token."); + + *ret_decrypted_data = shared_secret_attr.pValue; + *ret_decrypted_data_size = shared_secret_attr.ulValueLen; return 0; } -int pkcs11_token_decrypt_data( +static int pkcs11_token_decrypt_data_rsa( CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, @@ -737,17 +1319,6 @@ int pkcs11_token_decrypt_data( _cleanup_(erase_and_freep) CK_BYTE *dbuffer = NULL; CK_ULONG dbuffer_size = 0; CK_RV rv; - int r; - - assert(m); - assert(encrypted_data); - assert(encrypted_data_size > 0); - assert(ret_decrypted_data); - assert(ret_decrypted_data_size); - - r = dlopen_p11kit(); - if (r < 0) - return r; rv = m->C_DecryptInit(session, (CK_MECHANISM*) &mechanism, object); if (rv != CKR_OK) @@ -780,6 +1351,42 @@ int pkcs11_token_decrypt_data( return 0; } +int pkcs11_token_decrypt_data( + CK_FUNCTION_LIST *m, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + const void *encrypted_data, + size_t encrypted_data_size, + void **ret_decrypted_data, + size_t *ret_decrypted_data_size) { + + CK_KEY_TYPE key_type; + CK_ATTRIBUTE key_type_template = { CKA_KEY_TYPE, &key_type, sizeof(key_type) }; + CK_RV rv; + + assert(m); + assert(encrypted_data); + assert(encrypted_data_size > 0); + assert(ret_decrypted_data); + assert(ret_decrypted_data_size); + + rv = m->C_GetAttributeValue(session, object, &key_type_template, 1); + if (rv != CKR_OK) + return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to retrieve private key type"); + + switch (key_type) { + + case CKK_RSA: + return pkcs11_token_decrypt_data_rsa(m, session, object, encrypted_data, encrypted_data_size, ret_decrypted_data, ret_decrypted_data_size); + + case CKK_EC: + return pkcs11_token_decrypt_data_ecc(m, session, object, encrypted_data, encrypted_data_size, ret_decrypted_data, ret_decrypted_data_size); + + default: + return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Unsupported private key type: %lu", key_type); + } +} + int pkcs11_token_acquire_rng( CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session) { @@ -1055,20 +1662,19 @@ int pkcs11_find_token( } #if HAVE_OPENSSL -struct pkcs11_acquire_certificate_callback_data { +struct pkcs11_acquire_public_key_callback_data { char *pin_used; - X509 *cert; - const char *askpw_friendly_name, *askpw_icon_name; + EVP_PKEY *pkey; + const char *askpw_friendly_name, *askpw_icon, *askpw_credential; AskPasswordFlags askpw_flags; - bool headless; }; -static void pkcs11_acquire_certificate_callback_data_release(struct pkcs11_acquire_certificate_callback_data *data) { +static void pkcs11_acquire_public_key_callback_data_release(struct pkcs11_acquire_public_key_callback_data *data) { erase_and_free(data->pin_used); - X509_free(data->cert); + EVP_PKEY_free(data->pkey); } -static int pkcs11_acquire_certificate_callback( +static int pkcs11_acquire_public_key_callback( CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slot_id, @@ -1078,8 +1684,16 @@ static int pkcs11_acquire_certificate_callback( void *userdata) { _cleanup_(erase_and_freep) char *pin_used = NULL; - struct pkcs11_acquire_certificate_callback_data *data = ASSERT_PTR(userdata); - CK_OBJECT_HANDLE object; + _cleanup_(EVP_PKEY_freep) EVP_PKEY *pkey = NULL; + CK_OBJECT_CLASS class; + CK_CERTIFICATE_TYPE type; + CK_ATTRIBUTE candidate_attributes[] = { + { CKA_CLASS, &class, sizeof(class) }, + { CKA_CERTIFICATE_TYPE, &type, sizeof(type) }, + }; + CK_OBJECT_HANDLE candidate, public_key = CK_INVALID_HANDLE, certificate = CK_INVALID_HANDLE; + uint8_t n_public_keys = 0, n_certificates = 0; + CK_RV rv; int r; assert(m); @@ -1087,6 +1701,8 @@ static int pkcs11_acquire_certificate_callback( assert(token_info); assert(uri); + struct pkcs11_acquire_public_key_callback_data *data = ASSERT_PTR(userdata); + /* Called for every token matching our URI */ r = pkcs11_token_login( @@ -1095,50 +1711,154 @@ static int pkcs11_acquire_certificate_callback( slot_id, token_info, data->askpw_friendly_name, - data->askpw_icon_name, - "pkcs11-pin", + data->askpw_icon, "pkcs11-pin", + data->askpw_credential, UINT64_MAX, data->askpw_flags, - data->headless, &pin_used); if (r < 0) return r; - r = pkcs11_token_find_x509_certificate(m, session, uri, &object); - if (r < 0) - return r; + CK_ULONG n_attributes; + CK_ATTRIBUTE *attributes = sym_p11_kit_uri_get_attributes(uri, &n_attributes); + for (CK_ULONG i = 0; i < n_attributes; i++) { + switch (attributes[i].type) { + case CKA_CLASS: { + CK_OBJECT_CLASS requested_class = *((CK_OBJECT_CLASS*) attributes[i].pValue); + if (!IN_SET(requested_class, CKO_PUBLIC_KEY, CKO_CERTIFICATE)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Selected PKCS#11 object is not a public key or certificate, refusing."); + break; + } - r = pkcs11_token_read_x509_certificate(m, session, object, &data->cert); - if (r < 0) - return r; + case CKA_CERTIFICATE_TYPE: { + CK_CERTIFICATE_TYPE requested_type = *((CK_CERTIFICATE_TYPE*) attributes[i].pValue); + if (requested_type != CKC_X_509) + return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Selected PKCS#11 object is not an X.509 certificate, refusing."); + break; + }} + } + + rv = m->C_FindObjectsInit(session, attributes, n_attributes); + if (rv != CKR_OK) + return log_error_errno(SYNTHETIC_ERRNO(EIO), + "Failed to initialize object find call: %s", sym_p11_kit_strerror(rv)); + + for (;;) { + CK_ULONG n; + rv = m->C_FindObjects(session, &candidate, 1, &n); + if (rv != CKR_OK) + return log_error_errno(SYNTHETIC_ERRNO(EIO), + "Failed to find objects: %s", sym_p11_kit_strerror(rv)); + + if (n == 0) + break; + + candidate_attributes[0].ulValueLen = sizeof(class); + candidate_attributes[1].ulValueLen = sizeof(type); + rv = m->C_GetAttributeValue(session, candidate, candidate_attributes, ELEMENTSOF(candidate_attributes)); + if (!IN_SET(rv, CKR_OK, CKR_ATTRIBUTE_TYPE_INVALID)) + return log_error_errno(SYNTHETIC_ERRNO(EIO), + "Failed to get attributes of a selected candidate: %s", sym_p11_kit_strerror(rv)); + + if (candidate_attributes[0].ulValueLen == CK_UNAVAILABLE_INFORMATION) { + log_debug("Failed to get CKA_CLASS of a selected candidate"); + continue; + } + + if (class == CKO_PUBLIC_KEY) { + n_public_keys++; + if (n_public_keys > 1) + break; + public_key = candidate; + continue; + } + + if (class == CKO_CERTIFICATE) { + if (candidate_attributes[1].ulValueLen == CK_UNAVAILABLE_INFORMATION) { + log_debug("Failed to get CKA_CERTIFICATE_TYPE of a selected candidate"); + continue; + } + if (type != CKC_X_509) + continue; + n_certificates++; + if (n_certificates > 1) + break; + certificate = candidate; + continue; + } + } + + rv = m->C_FindObjectsFinal(session); + if (rv != CKR_OK) + return log_error_errno(SYNTHETIC_ERRNO(EIO), + "Failed to finalize object find call: %s", sym_p11_kit_strerror(rv)); + + if (n_public_keys == 0 && n_certificates == 0) + return log_error_errno(SYNTHETIC_ERRNO(ENOENT), + "Failed to find selected public key or X.509 certificate."); + + if (n_public_keys > 1) + return log_error_errno(SYNTHETIC_ERRNO(ENOTUNIQ), + "Provided URI matches multiple public keys, refusing."); + if (n_certificates > 1) + return log_error_errno(SYNTHETIC_ERRNO(ENOTUNIQ), + "Provided URI matches multiple certificates, refusing."); + + if (n_public_keys != 0) { + r = pkcs11_token_read_public_key(m, session, public_key, &pkey); + if (r >= 0) + goto success; + } + + if (n_certificates == 0) + return log_error_errno(r, "Failed to read a found public key."); + + { + _cleanup_(X509_freep) X509 *cert = NULL; + + r = pkcs11_token_read_x509_certificate(m, session, certificate, &cert); + if (r < 0) + return log_error_errno(r, "Failed to read a found X.509 certificate."); + + pkey = X509_get_pubkey(cert); + if (!pkey) + return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to extract public key from X.509 certificate."); + } +success: /* Let's read some random data off the token and write it to the kernel pool before we generate our * random key from it. This way we can claim the quality of the RNG is at least as good as the * kernel's and the token's pool */ (void) pkcs11_token_acquire_rng(m, session); data->pin_used = TAKE_PTR(pin_used); - return 1; + data->pkey = TAKE_PTR(pkey); + return 0; } -int pkcs11_acquire_certificate( +int pkcs11_acquire_public_key( const char *uri, const char *askpw_friendly_name, - const char *askpw_icon_name, - X509 **ret_cert, + const char *askpw_icon, + const char *askpw_credential, + AskPasswordFlags askpw_flags, + EVP_PKEY **ret_pkey, char **ret_pin_used) { - _cleanup_(pkcs11_acquire_certificate_callback_data_release) struct pkcs11_acquire_certificate_callback_data data = { + _cleanup_(pkcs11_acquire_public_key_callback_data_release) struct pkcs11_acquire_public_key_callback_data data = { .askpw_friendly_name = askpw_friendly_name, - .askpw_icon_name = askpw_icon_name, + .askpw_icon = askpw_icon, + .askpw_credential = askpw_credential, + .askpw_flags = askpw_flags, }; int r; assert(uri); - assert(ret_cert); + assert(ret_pkey); - r = pkcs11_find_token(uri, pkcs11_acquire_certificate_callback, &data); + r = pkcs11_find_token(uri, pkcs11_acquire_public_key_callback, &data); if (r == -EAGAIN) /* pkcs11_find_token() doesn't log about this error, but all others */ return log_error_errno(SYNTHETIC_ERRNO(ENXIO), "Specified PKCS#11 token with URI '%s' not found.", @@ -1146,11 +1866,9 @@ int pkcs11_acquire_certificate( if (r < 0) return r; - *ret_cert = TAKE_PTR(data.cert); - + *ret_pkey = TAKE_PTR(data.pkey); if (ret_pin_used) *ret_pin_used = TAKE_PTR(data.pin_used); - return 0; } #endif @@ -1229,7 +1947,7 @@ int pkcs11_list_tokens(void) { if (r < 0 && r != -EAGAIN) return r; - if (table_get_rows(t) <= 1) { + if (table_isempty(t)) { log_info("No suitable PKCS#11 tokens found."); return 0; } @@ -1338,10 +2056,9 @@ int pkcs11_crypt_device_callback( data->friendly_name, "drive-harddisk", "pkcs11-pin", - "cryptsetup.pkcs11-pin", + data->askpw_credential, data->until, data->askpw_flags, - data->headless, NULL); if (r < 0) return r; |