Bugzilla Bug 354900: audit the modifications, accesses, deletions, and

additions of cryptographic keys. r=glen.beasley,relyea. Modified files: fipstokn.c manifest.mn pkcs11c.c softoken.h Added file: fipsaudt.c git-svn-id: svn://10.0.0.236/trunk@213032 18797224-902f-48f8-a5cc-f745e15eee43
2006-10-02 22:48:31 +00:00 · 2006-10-02 22:48:31 +00:00 · a540bc2716
commit a540bc2716
parent 1787349f78
5 changed files with 535 additions and 63 deletions
--- a/mozilla/security/nss/lib/softoken/fipsaudt.c
+++ b/mozilla/security/nss/lib/softoken/fipsaudt.c
@ -0,0 +1,307 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is Network Security Services (NSS).
+ *
+ * The Initial Developer of the Original Code is
+ * Red Hat, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2006
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+/*
+ * This file implements audit logging required by FIPS 140-2 Security
+ * Level 2.
+ */
+
+#include "prprf.h"
+#include "softoken.h"
+
+void sftk_AuditCreateObject(CK_SESSION_HANDLE hSession,
+    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+    CK_OBJECT_HANDLE_PTR phObject, CK_RV rv)
+{
+    char msg[256];
+    char shObject[32];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    if (rv == CKR_OK) {
+	PR_snprintf(shObject, sizeof shObject, " *phObject=0x%08lX",
+	    (PRUint32)*phObject);
+    } else {
+	shObject[0] = '\0';
+    }
+    PR_snprintf(msg, sizeof msg,
+	"C_CreateObject(hSession=0x%08lX, pTemplate=%p, ulCount=%lu, "
+	"phObject=%p)=0x%08lX%s",
+	(PRUint32)hSession, pTemplate, (PRUint32)ulCount,
+	phObject, (PRUint32)rv, shObject);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditCopyObject(CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+    CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv)
+{
+    char msg[256];
+    char shNewObject[32];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    if (rv == CKR_OK) {
+	PR_snprintf(shNewObject, sizeof shNewObject,
+	    " *phNewObject=0x%08lX", (PRUint32)*phNewObject);
+    } else {
+	shNewObject[0] = '\0';
+    }
+    PR_snprintf(msg, sizeof msg,
+	"C_CopyObject(hSession=0x%08lX, hObject=0x%08lX, "
+	"pTemplate=%p, ulCount=%lu, phNewObject=%p)=0x%08lX%s",
+	(PRUint32)hSession, (PRUint32)hObject,
+	pTemplate, (PRUint32)ulCount, phNewObject, (PRUint32)rv, shNewObject);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+/* WARNING: hObject has been destroyed and can only be printed. */
+void sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    PR_snprintf(msg, sizeof msg,
+	"C_DestroyObject(hSession=0x%08lX, hObject=0x%08lX)=0x%08lX",
+	(PRUint32)hSession, (PRUint32)hObject, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    PR_snprintf(msg, sizeof msg,
+	"C_GetObjectSize(hSession=0x%08lX, hObject=0x%08lX, "
+	"pulSize=%p)=0x%08lX",
+	(PRUint32)hSession, (PRUint32)hObject,
+	pulSize, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    PR_snprintf(msg, sizeof msg,
+	"C_GetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
+	"pTemplate=%p, ulCount=%lu)=0x%08lX",
+	(PRUint32)hSession, (PRUint32)hObject,
+	pTemplate, (PRUint32)ulCount, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    PR_snprintf(msg, sizeof msg,
+	"C_SetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
+	"pTemplate=%p, ulCount=%lu)=0x%08lX",
+	(PRUint32)hSession, (PRUint32)hObject,
+	pTemplate, (PRUint32)ulCount, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditCryptInit(const char *opName, CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    PR_snprintf(msg, sizeof msg,
+	"C_%sInit(hSession=0x%08lX, pMechanism->mechanism=0x%08lX, "
+	"hKey=0x%08lX)=0x%08lX",
+	opName, (PRUint32)hSession, (PRUint32)pMechanism->mechanism,
+	(PRUint32)hKey, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
+{
+    char msg[256];
+    char shKey[32];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    if (rv == CKR_OK) {
+	PR_snprintf(shKey, sizeof shKey,
+	    " *phKey=0x%08lX", (PRUint32)*phKey);
+    } else {
+        shKey[0] = '\0';
+    }
+    PR_snprintf(msg, sizeof msg,
+	"C_GenerateKey(hSession=0x%08lX, pMechanism->mechanism=0x%08lX, "
+	"pTemplate=%p, ulCount=%lu, phKey=%p)=0x%08lX%s",
+	(PRUint32)hSession, (PRUint32)pMechanism->mechanism,
+	pTemplate, (PRUint32)ulCount, phKey, (PRUint32)rv, shKey);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+    CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+    CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey,
+    CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv)
+{
+    char msg[512];
+    char shPublicKey[32];
+    char shPrivateKey[32];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    if (rv == CKR_OK) {
+	PR_snprintf(shPublicKey, sizeof shPublicKey,
+	    " *phPublicKey=0x%08lX", (PRUint32)*phPublicKey);
+	PR_snprintf(shPrivateKey, sizeof shPrivateKey,
+	    " *phPrivateKey=0x%08lX", (PRUint32)*phPrivateKey);
+    } else {
+	shPublicKey[0] = shPrivateKey[0] = '\0';
+    }
+    PR_snprintf(msg, sizeof msg,
+	"C_GenerateKeyPair(hSession=0x%08lX, pMechanism->mechanism=0x%08lX, "
+	"pPublicKeyTemplate=%p, ulPublicKeyAttributeCount=%lu, "
+	"pPrivateKeyTemplate=%p, ulPrivateKeyAttributeCount=%lu, "
+	"phPublicKey=%p, phPrivateKey=%p)=0x%08lX%s%s",
+	(PRUint32)hSession, (PRUint32)pMechanism->mechanism,
+	pPublicKeyTemplate, (PRUint32)ulPublicKeyAttributeCount,
+	pPrivateKeyTemplate, (PRUint32)ulPrivateKeyAttributeCount,
+	phPublicKey, phPrivateKey, (PRUint32)rv, shPublicKey, shPrivateKey);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditWrapKey(CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
+    CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
+    CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    PR_snprintf(msg, sizeof msg,
+	"C_WrapKey(hSession=0x%08lX, hWrappingKey=0x%08lX, hKey=0x%08lX, "
+	"pWrappedKey=%p, pulWrappedKeyLen=%p)=0x%08lX",
+	(PRUint32)hSession, (PRUint32)hWrappingKey, (PRUint32)hKey,
+	pWrappedKey, pulWrappedKeyLen, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
+    CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
+    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+    CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
+{
+    char msg[256];
+    char shKey[32];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    if (rv == CKR_OK) {
+	PR_snprintf(shKey, sizeof shKey,
+	    " *phKey=0x%08lX", (PRUint32)*phKey);
+    } else {
+	shKey[0] = '\0';
+    }
+    PR_snprintf(msg, sizeof msg,
+	"C_UnwrapKey(hSession=0x%08lX, pMechanism->mechanism=0x%08lX, "
+	"hUnwrappingKey=0x%08lX, pWrappedKey=%p, ulWrappedKeyLen=%lu, "
+	"pTemplate=%p, ulAttributeCount=%lu, phKey=%p)=0x%08lX%s",
+	(PRUint32)hSession, (PRUint32)pMechanism->mechanism,
+	(PRUint32)hUnwrappingKey, pWrappedKey, (PRUint32)ulWrappedKeyLen,
+	pTemplate, (PRUint32)ulAttributeCount, phKey, (PRUint32)rv, shKey);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
+    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+    CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
+{
+    char msg[512];
+    char shKey[32];
+    char sTlsKeys[128];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    /* phKey is NULL for CKM_TLS_KEY_AND_MAC_DERIVE */
+    if ((rv == CKR_OK) && phKey) {
+	PR_snprintf(shKey, sizeof shKey,
+	    " *phKey=0x%08lX", (PRUint32)*phKey);
+    } else {
+	shKey[0] = '\0';
+    }
+    if ((rv == CKR_OK) &&
+	(pMechanism->mechanism == CKM_TLS_KEY_AND_MAC_DERIVE)) {
+	CK_SSL3_KEY_MAT_PARAMS *param =
+	    (CK_SSL3_KEY_MAT_PARAMS *)pMechanism->pParameter;
+	CK_SSL3_KEY_MAT_OUT *keymat = param->pReturnedKeyMaterial;
+	PR_snprintf(sTlsKeys, sizeof sTlsKeys,
+	    " hClientMacSecret=0x%08lX hServerMacSecret=0x%08lX"
+	    " hClientKey=0x%08lX hServerKey=0x%08lX",
+	    (PRUint32)keymat->hClientMacSecret,
+	    (PRUint32)keymat->hServerMacSecret,
+	    (PRUint32)keymat->hClientKey,
+	    (PRUint32)keymat->hServerKey);
+    } else {
+	sTlsKeys[0] = '\0';
+    }
+    PR_snprintf(msg, sizeof msg,
+	"C_DeriveKey(hSession=0x%08lX, pMechanism->mechanism=0x%08lX, "
+	"hBaseKey=0x%08lX, pTemplate=%p, ulAttributeCount=%lu, "
+	"phKey=%p)=0x%08lX%s%s",
+	(PRUint32)hSession, (PRUint32)pMechanism->mechanism,
+	(PRUint32)hBaseKey, pTemplate,(PRUint32)ulAttributeCount,
+	phKey, (PRUint32)rv, shKey, sTlsKeys);
+    sftk_LogAuditMessage(severity, msg);
+}
+
+void sftk_AuditDigestKey(CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hKey, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ?
+	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    PR_snprintf(msg, sizeof msg,
+	"C_DigestKey(hSession=0x%08lX, hKey=0x%08lX)=0x%08lX",
+	(PRUint32)hSession, (PRUint32)hKey, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, msg);
+}
--- a/mozilla/security/nss/lib/softoken/fipstokn.c
+++ b/mozilla/security/nss/lib/softoken/fipstokn.c
@ -295,21 +295,27 @@ static CK_FUNCTION_LIST sftk_fipsTable = {

 #undef __PASTE

+/* CKO_NOT_A_KEY can be any object class that's not a key object. */
+#define CKO_NOT_A_KEY CKO_DATA
+
+#define SFTK_IS_KEY_OBJECT(objClass) \
+    (((objClass) == CKO_PUBLIC_KEY) || \
+    ((objClass) == CKO_PRIVATE_KEY) || \
+    ((objClass) == CKO_SECRET_KEY))
+
+#define SFTK_IS_SECURE_KEY_OBJECT(objClass) \
+    (((objClass) == CKO_PRIVATE_KEY) || ((objClass) == CKO_SECRET_KEY))
+
 static CK_RV
-fips_login_if_key_object(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
+fips_get_object_class(CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject, CK_OBJECT_CLASS *pObjClass)
 {
    CK_RV rv;
-    CK_OBJECT_CLASS objClass;
    CK_ATTRIBUTE class; 
    class.type = CKA_CLASS;
-    class.pValue = &objClass;
-    class.ulValueLen = sizeof(objClass);
+    class.pValue = pObjClass;
+    class.ulValueLen = sizeof(*pObjClass);
    rv = NSC_GetAttributeValue(hSession, hObject, &class, 1);
-    if (rv == CKR_OK) {
-	if ((objClass == CKO_PRIVATE_KEY) || (objClass == CKO_SECRET_KEY)) {
-	    rv = sftk_fipsCheck();
-	}
-    }
    return rv;
 }

@ -568,7 +574,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 	NSSAuditSeverity severity = (rv == CKR_OK) ?
 		NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 	PR_snprintf(msg,sizeof msg,
-		"C_InitPIN(hSession=%lu)=0x%08lX",
+		"C_InitPIN(hSession=0x%08lX)=0x%08lX",
 		(PRUint32)hSession,(PRUint32)rv);
 	sftk_LogAuditMessage(severity, msg);
    }
@ -590,7 +596,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 	NSSAuditSeverity severity = (rv == CKR_OK) ?
 		NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 	PR_snprintf(msg,sizeof msg,
-		"C_SetPIN(hSession=%lu)=0x%08lX",
+		"C_SetPIN(hSession=0x%08lX)=0x%08lX",
 		(PRUint32)hSession,(PRUint32)rv);
 	sftk_LogAuditMessage(severity, msg);
    }
@ -650,7 +656,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 	NSSAuditSeverity severity;
 	severity = successful ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 	PR_snprintf(msg,sizeof msg,
-		    "C_Login(hSession=%lu, userType=%lu)=0x%08lX",
+		    "C_Login(hSession=0x%08lX, userType=%lu)=0x%08lX",
 		    (PRUint32)hSession,(PRUint32)userType,(PRUint32)rv);
 	sftk_LogAuditMessage(severity, msg);
    }
@ -669,7 +675,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 	NSSAuditSeverity severity = (rv == CKR_OK) ?
 		NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 	PR_snprintf(msg,sizeof msg,
-		    "C_Logout(hSession=%lu)=0x%08lX",
+		    "C_Logout(hSession=0x%08lX)=0x%08lX",
 		    (PRUint32)hSession,(PRUint32)rv);
 	sftk_LogAuditMessage(severity, msg);
    }
@ -687,10 +693,15 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
    if (classptr == NULL) return CKR_TEMPLATE_INCOMPLETE;

    /* FIPS can't create keys from raw key material */
-    if ((*classptr == CKO_SECRET_KEY) || (*classptr == CKO_PRIVATE_KEY)) {
-	return CKR_ATTRIBUTE_VALUE_INVALID;
+    if (SFTK_IS_SECURE_KEY_OBJECT(*classptr)) {
+	rv = CKR_ATTRIBUTE_VALUE_INVALID;
+    } else {
+	rv = NSC_CreateObject(hSession,pTemplate,ulCount,phObject);
    }
-    return NSC_CreateObject(hSession,pTemplate,ulCount,phObject);
+    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(*classptr)) {
+	sftk_AuditCreateObject(hSession,pTemplate,ulCount,phObject,rv);
+    }
+    return rv;
 }


@ -699,15 +710,23 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {

 /* FC_CopyObject copies an object, creating a new object for the copy. */
 CK_RV FC_CopyObject(CK_SESSION_HANDLE hSession,
-       CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount,
+       CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
 					CK_OBJECT_HANDLE_PTR phNewObject) {
    CK_RV rv;
+    CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
    SFTK_FIPSFATALCHECK();
-    rv = fips_login_if_key_object(hSession, hObject);
-    if (rv != CKR_OK) {
-	return rv;
+    rv = fips_get_object_class(hSession, hObject, &objClass);
+    if ((rv == CKR_OK) && SFTK_IS_SECURE_KEY_OBJECT(objClass)) {
+	rv = sftk_fipsCheck();
    }
-    return NSC_CopyObject(hSession,hObject,pTemplate,usCount,phNewObject);
+    if (rv == CKR_OK) {
+	rv = NSC_CopyObject(hSession,hObject,pTemplate,ulCount,phNewObject);
+    }
+    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
+	sftk_AuditCopyObject(hSession,
+	    hObject,pTemplate,ulCount,phNewObject,rv);
+    }
+    return rv;
 }


@ -715,51 +734,79 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 CK_RV FC_DestroyObject(CK_SESSION_HANDLE hSession,
 		 				CK_OBJECT_HANDLE hObject) {
    CK_RV rv;
+    CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
    SFTK_FIPSFATALCHECK();
-    rv = fips_login_if_key_object(hSession, hObject);
-    if (rv != CKR_OK) {
-	return rv;
+    rv = fips_get_object_class(hSession, hObject, &objClass);
+    if ((rv == CKR_OK) && SFTK_IS_SECURE_KEY_OBJECT(objClass)) {
+	rv = sftk_fipsCheck();
    }
-    return NSC_DestroyObject(hSession,hObject);
+    if (rv == CKR_OK) {
+	rv = NSC_DestroyObject(hSession,hObject);
+    }
+    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
+	sftk_AuditDestroyObject(hSession,hObject,rv);
+    }
+    return rv;
 }


 /* FC_GetObjectSize gets the size of an object in bytes. */
 CK_RV FC_GetObjectSize(CK_SESSION_HANDLE hSession,
-    			CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pusSize) {
+    			CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize) {
    CK_RV rv;
+    CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
    SFTK_FIPSFATALCHECK();
-    rv = fips_login_if_key_object(hSession, hObject);
-    if (rv != CKR_OK) {
-	return rv;
+    rv = fips_get_object_class(hSession, hObject, &objClass);
+    if ((rv == CKR_OK) && SFTK_IS_SECURE_KEY_OBJECT(objClass)) {
+	rv = sftk_fipsCheck();
    }
-    return NSC_GetObjectSize(hSession, hObject, pusSize);
+    if (rv == CKR_OK) {
+	rv = NSC_GetObjectSize(hSession, hObject, pulSize);
+    }
+    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
+	sftk_AuditGetObjectSize(hSession, hObject, pulSize, rv);
+    }
+    return rv;
 }


 /* FC_GetAttributeValue obtains the value of one or more object attributes. */
 CK_RV FC_GetAttributeValue(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) {
+ CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) {
    CK_RV rv;
+    CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
    SFTK_FIPSFATALCHECK();
-    rv = fips_login_if_key_object(hSession, hObject);
-    if (rv != CKR_OK) {
-	return rv;
+    rv = fips_get_object_class(hSession, hObject, &objClass);
+    if ((rv == CKR_OK) && SFTK_IS_SECURE_KEY_OBJECT(objClass)) {
+	rv = sftk_fipsCheck();
    }
-    return NSC_GetAttributeValue(hSession,hObject,pTemplate,usCount);
+    if (rv == CKR_OK) {
+	rv = NSC_GetAttributeValue(hSession,hObject,pTemplate,ulCount);
+    }
+    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
+	sftk_AuditGetAttributeValue(hSession,hObject,pTemplate,ulCount,rv);
+    }
+    return rv;
 }


 /* FC_SetAttributeValue modifies the value of one or more object attributes */
 CK_RV FC_SetAttributeValue (CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) {
+ CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) {
    CK_RV rv;
+    CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
    SFTK_FIPSFATALCHECK();
-    rv = fips_login_if_key_object(hSession, hObject);
-    if (rv != CKR_OK) {
-	return rv;
+    rv = fips_get_object_class(hSession, hObject, &objClass);
+    if ((rv == CKR_OK) && SFTK_IS_SECURE_KEY_OBJECT(objClass)) {
+	rv = sftk_fipsCheck();
    }
-    return NSC_SetAttributeValue(hSession,hObject,pTemplate,usCount);
+    if (rv == CKR_OK) {
+	rv = NSC_SetAttributeValue(hSession,hObject,pTemplate,ulCount);
+    }
+    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
+	sftk_AuditSetAttributeValue(hSession,hObject,pTemplate,ulCount,rv);
+    }
+    return rv;
 }


@ -819,7 +866,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 CK_RV FC_EncryptInit(CK_SESSION_HANDLE hSession,
 		 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
    SFTK_FIPSCHECK();
-    return NSC_EncryptInit(hSession,pMechanism,hKey);
+    rv = NSC_EncryptInit(hSession,pMechanism,hKey);
+    if (sftk_audit_enabled) {
+	sftk_AuditCryptInit("Encrypt",hSession,pMechanism,hKey,rv);
+    }
+    return rv;
 }

 /* FC_Encrypt encrypts single-part data. */
@ -860,7 +911,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 CK_RV FC_DecryptInit( CK_SESSION_HANDLE hSession,
 			 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
    SFTK_FIPSCHECK();
-    return NSC_DecryptInit(hSession,pMechanism,hKey);
+    rv = NSC_DecryptInit(hSession,pMechanism,hKey);
+    if (sftk_audit_enabled) {
+	sftk_AuditCryptInit("Decrypt",hSession,pMechanism,hKey,rv);
+    }
+    return rv;
 }

 /* FC_Decrypt decrypts encrypted data in a single part. */
@ -938,7 +993,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 CK_RV FC_SignInit(CK_SESSION_HANDLE hSession,
 		 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
    SFTK_FIPSCHECK();
-    return NSC_SignInit(hSession,pMechanism,hKey);
+    rv = NSC_SignInit(hSession,pMechanism,hKey);
+    if (sftk_audit_enabled) {
+	sftk_AuditCryptInit("Sign",hSession,pMechanism,hKey,rv);
+    }
+    return rv;
 }


@ -980,7 +1039,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 CK_RV FC_SignRecoverInit(CK_SESSION_HANDLE hSession,
 			 CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
    SFTK_FIPSCHECK();
-    return NSC_SignRecoverInit(hSession,pMechanism,hKey);
+    rv = NSC_SignRecoverInit(hSession,pMechanism,hKey);
+    if (sftk_audit_enabled) {
+	sftk_AuditCryptInit("SignRecover",hSession,pMechanism,hKey,rv);
+    }
+    return rv;
 }


@ -1003,7 +1066,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 CK_RV FC_VerifyInit(CK_SESSION_HANDLE hSession,
 			   CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
    SFTK_FIPSCHECK();
-    return NSC_VerifyInit(hSession,pMechanism,hKey);
+    rv = NSC_VerifyInit(hSession,pMechanism,hKey);
+    if (sftk_audit_enabled) {
+	sftk_AuditCryptInit("Verify",hSession,pMechanism,hKey,rv);
+    }
+    return rv;
 }


@ -1046,7 +1113,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 CK_RV FC_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
 			CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
    SFTK_FIPSCHECK();
-    return NSC_VerifyRecoverInit(hSession,pMechanism,hKey);
+    rv = NSC_VerifyRecoverInit(hSession,pMechanism,hKey);
+    if (sftk_audit_enabled) {
+	sftk_AuditCryptInit("VerifyRecover",hSession,pMechanism,hKey,rv);
+    }
+    return rv;
 }


@ -1082,7 +1153,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 	}
    }

-    return NSC_GenerateKey(hSession,pMechanism,pTemplate,ulCount,phKey);
+    rv = NSC_GenerateKey(hSession,pMechanism,pTemplate,ulCount,phKey);
+    if (sftk_audit_enabled) {
+	sftk_AuditGenerateKey(hSession,pMechanism,pTemplate,ulCount,phKey,rv);
+    }
+    return rv;
 }


@ -1114,6 +1189,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 	/* pairwise consistency check failed. */
 	sftk_fatalError = PR_TRUE;
    }
+    if (sftk_audit_enabled) {
+	sftk_AuditGenerateKeyPair(hSession,pMechanism,pPublicKeyTemplate,
+    		usPublicKeyAttributeCount,pPrivateKeyTemplate,
+		usPrivateKeyAttributeCount,phPublicKey,phPrivateKey,crv);
+    }
    return crv;
 }

@ -1122,18 +1202,23 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 CK_RV FC_WrapKey(CK_SESSION_HANDLE hSession,
    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
    CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
-					 CK_ULONG_PTR pusWrappedKeyLen) {
+					 CK_ULONG_PTR pulWrappedKeyLen) {
    SFTK_FIPSCHECK();
-    return NSC_WrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey,
-							pusWrappedKeyLen);
+    rv = NSC_WrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey,
+							pulWrappedKeyLen);
+    if (sftk_audit_enabled) {
+	sftk_AuditWrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey,
+							pulWrappedKeyLen,rv);
+    }
+    return rv;
 }


 /* FC_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object. */
 CK_RV FC_UnwrapKey(CK_SESSION_HANDLE hSession,
    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
-    CK_BYTE_PTR pWrappedKey, CK_ULONG usWrappedKeyLen,
-    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usAttributeCount,
+    CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
+    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
 						 CK_OBJECT_HANDLE_PTR phKey) {
    CK_BBOOL *boolptr;

@ -1142,21 +1227,26 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
    /* all secret keys must be sensitive, if the upper level code tries to say
     * otherwise, reject it. */
    boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, 
-					usAttributeCount, CKA_SENSITIVE);
+					ulAttributeCount, CKA_SENSITIVE);
    if (boolptr != NULL) {
 	if (!(*boolptr)) {
 	    return CKR_ATTRIBUTE_VALUE_INVALID;
 	}
    }
-    return NSC_UnwrapKey(hSession,pMechanism,hUnwrappingKey,pWrappedKey,
-			usWrappedKeyLen,pTemplate,usAttributeCount,phKey);
+    rv = NSC_UnwrapKey(hSession,pMechanism,hUnwrappingKey,pWrappedKey,
+			ulWrappedKeyLen,pTemplate,ulAttributeCount,phKey);
+    if (sftk_audit_enabled) {
+	sftk_AuditUnwrapKey(hSession,pMechanism,hUnwrappingKey,pWrappedKey,
+			ulWrappedKeyLen,pTemplate,ulAttributeCount,phKey,rv);
+    }
+    return rv;
 }


 /* FC_DeriveKey derives a key from a base key, creating a new key object. */
 CK_RV FC_DeriveKey( CK_SESSION_HANDLE hSession,
 	 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
-	 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usAttributeCount, 
+	 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, 
 						CK_OBJECT_HANDLE_PTR phKey) {
    CK_BBOOL *boolptr;

@ -1165,14 +1255,19 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
    /* all secret keys must be sensitive, if the upper level code tries to say
     * otherwise, reject it. */
    boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, 
-					usAttributeCount, CKA_SENSITIVE);
+					ulAttributeCount, CKA_SENSITIVE);
    if (boolptr != NULL) {
 	if (!(*boolptr)) {
 	    return CKR_ATTRIBUTE_VALUE_INVALID;
 	}
    }
-    return NSC_DeriveKey(hSession,pMechanism,hBaseKey,pTemplate,
-			usAttributeCount, phKey);
+    rv = NSC_DeriveKey(hSession,pMechanism,hBaseKey,pTemplate,
+			ulAttributeCount, phKey);
+    if (sftk_audit_enabled) {
+	sftk_AuditDeriveKey(hSession,pMechanism,hBaseKey,pTemplate,
+			ulAttributeCount,phKey,rv);
+    }
+    return rv;
 }

 /*
@ -1206,7 +1301,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 	if (sftk_audit_enabled) {
 	    char msg[128];
 	    PR_snprintf(msg,sizeof msg,
-			"C_GenerateRandom(hSession=%lu, pRandomData=%p, "
+			"C_GenerateRandom(hSession=0x%08lX, pRandomData=%p, "
 			"ulRandomLen=%lu)=0x%08lX "
 			"self-test: continuous RNG test failed",
 			(PRUint32)hSession,pRandomData,
@ -1315,7 +1410,11 @@ CK_RV FC_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
 */
 CK_RV FC_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) {
    SFTK_FIPSCHECK();
-    return NSC_DigestKey(hSession,hKey);
+    rv = NSC_DigestKey(hSession,hKey);
+    if (sftk_audit_enabled) {
+	sftk_AuditDigestKey(hSession,hKey,rv);
+    }
+    return rv;
 }


--- a/mozilla/security/nss/lib/softoken/manifest.mn
+++ b/mozilla/security/nss/lib/softoken/manifest.mn
@ -70,6 +70,7 @@ CSRCS = \
 	dbinit.c \
 	dbmshim.c \
 	ecdecode.c \
+	fipsaudt.c \
 	fipstest.c \
 	fipstokn.c \
 	keydb.c    \
--- a/mozilla/security/nss/lib/softoken/pkcs11c.c
+++ b/mozilla/security/nss/lib/softoken/pkcs11c.c
@ -3813,7 +3813,7 @@ ecgn_done:
 	if (sftk_audit_enabled) {
 	    char msg[128];
 	    PR_snprintf(msg,sizeof msg,
-			"C_GenerateKeyPair(hSession=%lu, "
+			"C_GenerateKeyPair(hSession=0x%08lX, "
 			"pMechanism->mechanism=0x%08lX)=0x%08lX "
 			"self-test: pair-wise consistency test failed",
 			(PRUint32)hSession,(PRUint32)pMechanism->mechanism,
--- a/mozilla/security/nss/lib/softoken/softoken.h
+++ b/mozilla/security/nss/lib/softoken/softoken.h
@ -36,7 +36,7 @@
 * the terms of any one of the MPL, the GPL or the LGPL.
 *
 * ***** END LICENSE BLOCK ***** */
-/* $Id: softoken.h,v 1.13 2006-07-31 18:10:17 wtchang%redhat.com Exp $ */
+/* $Id: softoken.h,v 1.14 2006-10-02 22:48:31 wtchang%redhat.com Exp $ */

 #ifndef _SOFTOKEN_H_
 #define _SOFTOKEN_H_
@ -184,6 +184,71 @@ extern PRBool sftk_audit_enabled;

 extern void sftk_LogAuditMessage(NSSAuditSeverity severity, const char *msg);

+extern void sftk_AuditCreateObject(CK_SESSION_HANDLE hSession,
+			CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+			CK_OBJECT_HANDLE_PTR phObject, CK_RV rv);
+
+extern void sftk_AuditCopyObject(CK_SESSION_HANDLE hSession,
+			CK_OBJECT_HANDLE hObject,
+			CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+			CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv);
+
+extern void sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession,
+			CK_OBJECT_HANDLE hObject, CK_RV rv);
+
+extern void sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession,
+			CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize,
+			CK_RV rv);
+
+extern void sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession,
+			CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
+			CK_ULONG ulCount, CK_RV rv);
+
+extern void sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession,
+			CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
+			CK_ULONG ulCount, CK_RV rv);
+
+extern void sftk_AuditCryptInit(const char *opName,
+			CK_SESSION_HANDLE hSession,
+			CK_MECHANISM_PTR pMechanism,
+			CK_OBJECT_HANDLE hKey, CK_RV rv);
+
+extern void sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession,
+			CK_MECHANISM_PTR pMechanism,
+			CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+			CK_OBJECT_HANDLE_PTR phKey, CK_RV rv);
+
+extern void sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession,
+			CK_MECHANISM_PTR pMechanism,
+			CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+			CK_ULONG ulPublicKeyAttributeCount,
+			CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+			CK_ULONG ulPrivateKeyAttributeCount,
+			CK_OBJECT_HANDLE_PTR phPublicKey,
+			CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv);
+
+extern void sftk_AuditWrapKey(CK_SESSION_HANDLE hSession,
+			CK_MECHANISM_PTR pMechanism,
+			CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
+			CK_BYTE_PTR pWrappedKey,
+			CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv);
+
+extern void sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession,
+			CK_MECHANISM_PTR pMechanism,
+			CK_OBJECT_HANDLE hUnwrappingKey,
+			CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
+			CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+			CK_OBJECT_HANDLE_PTR phKey, CK_RV rv);
+
+extern void sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession,
+			CK_MECHANISM_PTR pMechanism,
+			CK_OBJECT_HANDLE hBaseKey,
+			CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+			CK_OBJECT_HANDLE_PTR phKey, CK_RV rv);
+
+extern void sftk_AuditDigestKey(CK_SESSION_HANDLE hSession,
+			CK_OBJECT_HANDLE hKey, CK_RV rv);
+
 /*
 ** FIPS 140-2 Error state
 */