From a540bc27160b6e28cbc65d9e146c67fccfe346f4 Mon Sep 17 00:00:00 2001 From: "wtchang%redhat.com" Date: Mon, 2 Oct 2006 22:48:31 +0000 Subject: [PATCH] Bugzilla Bug 354900: audit the modifications, accesses, deletions, and additions of cryptographic keys. r=glen.beasley,relyea. Modified files: fipstokn.c manifest.mn pkcs11c.c softoken.h Added file: fipsaudt.c git-svn-id: svn://10.0.0.236/trunk@213032 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/security/nss/lib/softoken/fipsaudt.c | 307 ++++++++++++++++++ mozilla/security/nss/lib/softoken/fipstokn.c | 221 +++++++++---- mozilla/security/nss/lib/softoken/manifest.mn | 1 + mozilla/security/nss/lib/softoken/pkcs11c.c | 2 +- mozilla/security/nss/lib/softoken/softoken.h | 67 +++- 5 files changed, 535 insertions(+), 63 deletions(-) create mode 100644 mozilla/security/nss/lib/softoken/fipsaudt.c diff --git a/mozilla/security/nss/lib/softoken/fipsaudt.c b/mozilla/security/nss/lib/softoken/fipsaudt.c new file mode 100644 index 00000000000..dc4393083a3 --- /dev/null +++ b/mozilla/security/nss/lib/softoken/fipsaudt.c @@ -0,0 +1,307 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is Network Security Services (NSS). + * + * The Initial Developer of the Original Code is + * Red Hat, Inc. + * Portions created by the Initial Developer are Copyright (C) 2006 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +/* + * This file implements audit logging required by FIPS 140-2 Security + * Level 2. + */ + +#include "prprf.h" +#include "softoken.h" + +void sftk_AuditCreateObject(CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject, CK_RV rv) +{ + char msg[256]; + char shObject[32]; + NSSAuditSeverity severity = (rv == CKR_OK) ? + NSS_AUDIT_INFO : NSS_AUDIT_ERROR; + if (rv == CKR_OK) { + PR_snprintf(shObject, sizeof shObject, " *phObject=0x%08lX", + (PRUint32)*phObject); + } else { + shObject[0] = '\0'; + } + PR_snprintf(msg, sizeof msg, + "C_CreateObject(hSession=0x%08lX, pTemplate=%p, ulCount=%lu, " + "phObject=%p)=0x%08lX%s", + (PRUint32)hSession, pTemplate, (PRUint32)ulCount, + phObject, (PRUint32)rv, shObject); + sftk_LogAuditMessage(severity, msg); +} + +void sftk_AuditCopyObject(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv) +{ + char msg[256]; + char shNewObject[32]; + NSSAuditSeverity severity = (rv == CKR_OK) ? + NSS_AUDIT_INFO : NSS_AUDIT_ERROR; + if (rv == CKR_OK) { + PR_snprintf(shNewObject, sizeof shNewObject, + " *phNewObject=0x%08lX", (PRUint32)*phNewObject); + } else { + shNewObject[0] = '\0'; + } + PR_snprintf(msg, sizeof msg, + "C_CopyObject(hSession=0x%08lX, hObject=0x%08lX, " + "pTemplate=%p, ulCount=%lu, phNewObject=%p)=0x%08lX%s", + (PRUint32)hSession, (PRUint32)hObject, + pTemplate, (PRUint32)ulCount, phNewObject, (PRUint32)rv, shNewObject); + sftk_LogAuditMessage(severity, msg); +} + +/* WARNING: hObject has been destroyed and can only be printed. */ +void sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, CK_RV rv) +{ + char msg[256]; + NSSAuditSeverity severity = (rv == CKR_OK) ? + NSS_AUDIT_INFO : NSS_AUDIT_ERROR; + PR_snprintf(msg, sizeof msg, + "C_DestroyObject(hSession=0x%08lX, hObject=0x%08lX)=0x%08lX", + (PRUint32)hSession, (PRUint32)hObject, (PRUint32)rv); + sftk_LogAuditMessage(severity, msg); +} + +void sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize, CK_RV rv) +{ + char msg[256]; + NSSAuditSeverity severity = (rv == CKR_OK) ? + NSS_AUDIT_INFO : NSS_AUDIT_ERROR; + PR_snprintf(msg, sizeof msg, + "C_GetObjectSize(hSession=0x%08lX, hObject=0x%08lX, " + "pulSize=%p)=0x%08lX", + (PRUint32)hSession, (PRUint32)hObject, + pulSize, (PRUint32)rv); + sftk_LogAuditMessage(severity, msg); +} + +void sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, CK_RV rv) +{ + char msg[256]; + NSSAuditSeverity severity = (rv == CKR_OK) ? + NSS_AUDIT_INFO : NSS_AUDIT_ERROR; + PR_snprintf(msg, sizeof msg, + "C_GetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, " + "pTemplate=%p, ulCount=%lu)=0x%08lX", + (PRUint32)hSession, (PRUint32)hObject, + pTemplate, (PRUint32)ulCount, (PRUint32)rv); + sftk_LogAuditMessage(severity, msg); +} + +void sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, CK_RV rv) +{ + char msg[256]; + NSSAuditSeverity severity = (rv == CKR_OK) ? + NSS_AUDIT_INFO : NSS_AUDIT_ERROR; + PR_snprintf(msg, sizeof msg, + "C_SetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, " + "pTemplate=%p, ulCount=%lu)=0x%08lX", + (PRUint32)hSession, (PRUint32)hObject, + pTemplate, (PRUint32)ulCount, (PRUint32)rv); + sftk_LogAuditMessage(severity, msg); +} + +void sftk_AuditCryptInit(const char *opName, CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey, CK_RV rv) +{ + char msg[256]; + NSSAuditSeverity severity = (rv == CKR_OK) ? + NSS_AUDIT_INFO : NSS_AUDIT_ERROR; + PR_snprintf(msg, sizeof msg, + "C_%sInit(hSession=0x%08lX, pMechanism->mechanism=0x%08lX, " + "hKey=0x%08lX)=0x%08lX", + opName, (PRUint32)hSession, (PRUint32)pMechanism->mechanism, + (PRUint32)hKey, (PRUint32)rv); + sftk_LogAuditMessage(severity, msg); +} + +void sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey, CK_RV rv) +{ + char msg[256]; + char shKey[32]; + NSSAuditSeverity severity = (rv == CKR_OK) ? + NSS_AUDIT_INFO : NSS_AUDIT_ERROR; + if (rv == CKR_OK) { + PR_snprintf(shKey, sizeof shKey, + " *phKey=0x%08lX", (PRUint32)*phKey); + } else { + shKey[0] = '\0'; + } + PR_snprintf(msg, sizeof msg, + "C_GenerateKey(hSession=0x%08lX, pMechanism->mechanism=0x%08lX, " + "pTemplate=%p, ulCount=%lu, phKey=%p)=0x%08lX%s", + (PRUint32)hSession, (PRUint32)pMechanism->mechanism, + pTemplate, (PRUint32)ulCount, phKey, (PRUint32)rv, shKey); + sftk_LogAuditMessage(severity, msg); +} + +void sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv) +{ + char msg[512]; + char shPublicKey[32]; + char shPrivateKey[32]; + NSSAuditSeverity severity = (rv == CKR_OK) ? + NSS_AUDIT_INFO : NSS_AUDIT_ERROR; + if (rv == CKR_OK) { + PR_snprintf(shPublicKey, sizeof shPublicKey, + " *phPublicKey=0x%08lX", (PRUint32)*phPublicKey); + PR_snprintf(shPrivateKey, sizeof shPrivateKey, + " *phPrivateKey=0x%08lX", (PRUint32)*phPrivateKey); + } else { + shPublicKey[0] = shPrivateKey[0] = '\0'; + } + PR_snprintf(msg, sizeof msg, + "C_GenerateKeyPair(hSession=0x%08lX, pMechanism->mechanism=0x%08lX, " + "pPublicKeyTemplate=%p, ulPublicKeyAttributeCount=%lu, " + "pPrivateKeyTemplate=%p, ulPrivateKeyAttributeCount=%lu, " + "phPublicKey=%p, phPrivateKey=%p)=0x%08lX%s%s", + (PRUint32)hSession, (PRUint32)pMechanism->mechanism, + pPublicKeyTemplate, (PRUint32)ulPublicKeyAttributeCount, + pPrivateKeyTemplate, (PRUint32)ulPrivateKeyAttributeCount, + phPublicKey, phPrivateKey, (PRUint32)rv, shPublicKey, shPrivateKey); + sftk_LogAuditMessage(severity, msg); +} + +void sftk_AuditWrapKey(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey, + CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey, + CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv) +{ + char msg[256]; + NSSAuditSeverity severity = (rv == CKR_OK) ? + NSS_AUDIT_INFO : NSS_AUDIT_ERROR; + PR_snprintf(msg, sizeof msg, + "C_WrapKey(hSession=0x%08lX, hWrappingKey=0x%08lX, hKey=0x%08lX, " + "pWrappedKey=%p, pulWrappedKeyLen=%p)=0x%08lX", + (PRUint32)hSession, (PRUint32)hWrappingKey, (PRUint32)hKey, + pWrappedKey, pulWrappedKeyLen, (PRUint32)rv); + sftk_LogAuditMessage(severity, msg); +} + +void sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey, + CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey, CK_RV rv) +{ + char msg[256]; + char shKey[32]; + NSSAuditSeverity severity = (rv == CKR_OK) ? + NSS_AUDIT_INFO : NSS_AUDIT_ERROR; + if (rv == CKR_OK) { + PR_snprintf(shKey, sizeof shKey, + " *phKey=0x%08lX", (PRUint32)*phKey); + } else { + shKey[0] = '\0'; + } + PR_snprintf(msg, sizeof msg, + "C_UnwrapKey(hSession=0x%08lX, pMechanism->mechanism=0x%08lX, " + "hUnwrappingKey=0x%08lX, pWrappedKey=%p, ulWrappedKeyLen=%lu, " + "pTemplate=%p, ulAttributeCount=%lu, phKey=%p)=0x%08lX%s", + (PRUint32)hSession, (PRUint32)pMechanism->mechanism, + (PRUint32)hUnwrappingKey, pWrappedKey, (PRUint32)ulWrappedKeyLen, + pTemplate, (PRUint32)ulAttributeCount, phKey, (PRUint32)rv, shKey); + sftk_LogAuditMessage(severity, msg); +} + +void sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey, CK_RV rv) +{ + char msg[512]; + char shKey[32]; + char sTlsKeys[128]; + NSSAuditSeverity severity = (rv == CKR_OK) ? + NSS_AUDIT_INFO : NSS_AUDIT_ERROR; + /* phKey is NULL for CKM_TLS_KEY_AND_MAC_DERIVE */ + if ((rv == CKR_OK) && phKey) { + PR_snprintf(shKey, sizeof shKey, + " *phKey=0x%08lX", (PRUint32)*phKey); + } else { + shKey[0] = '\0'; + } + if ((rv == CKR_OK) && + (pMechanism->mechanism == CKM_TLS_KEY_AND_MAC_DERIVE)) { + CK_SSL3_KEY_MAT_PARAMS *param = + (CK_SSL3_KEY_MAT_PARAMS *)pMechanism->pParameter; + CK_SSL3_KEY_MAT_OUT *keymat = param->pReturnedKeyMaterial; + PR_snprintf(sTlsKeys, sizeof sTlsKeys, + " hClientMacSecret=0x%08lX hServerMacSecret=0x%08lX" + " hClientKey=0x%08lX hServerKey=0x%08lX", + (PRUint32)keymat->hClientMacSecret, + (PRUint32)keymat->hServerMacSecret, + (PRUint32)keymat->hClientKey, + (PRUint32)keymat->hServerKey); + } else { + sTlsKeys[0] = '\0'; + } + PR_snprintf(msg, sizeof msg, + "C_DeriveKey(hSession=0x%08lX, pMechanism->mechanism=0x%08lX, " + "hBaseKey=0x%08lX, pTemplate=%p, ulAttributeCount=%lu, " + "phKey=%p)=0x%08lX%s%s", + (PRUint32)hSession, (PRUint32)pMechanism->mechanism, + (PRUint32)hBaseKey, pTemplate,(PRUint32)ulAttributeCount, + phKey, (PRUint32)rv, shKey, sTlsKeys); + sftk_LogAuditMessage(severity, msg); +} + +void sftk_AuditDigestKey(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hKey, CK_RV rv) +{ + char msg[256]; + NSSAuditSeverity severity = (rv == CKR_OK) ? + NSS_AUDIT_INFO : NSS_AUDIT_ERROR; + PR_snprintf(msg, sizeof msg, + "C_DigestKey(hSession=0x%08lX, hKey=0x%08lX)=0x%08lX", + (PRUint32)hSession, (PRUint32)hKey, (PRUint32)rv); + sftk_LogAuditMessage(severity, msg); +} diff --git a/mozilla/security/nss/lib/softoken/fipstokn.c b/mozilla/security/nss/lib/softoken/fipstokn.c index 1e86b379605..81f1238a630 100644 --- a/mozilla/security/nss/lib/softoken/fipstokn.c +++ b/mozilla/security/nss/lib/softoken/fipstokn.c @@ -295,21 +295,27 @@ static CK_FUNCTION_LIST sftk_fipsTable = { #undef __PASTE +/* CKO_NOT_A_KEY can be any object class that's not a key object. */ +#define CKO_NOT_A_KEY CKO_DATA + +#define SFTK_IS_KEY_OBJECT(objClass) \ + (((objClass) == CKO_PUBLIC_KEY) || \ + ((objClass) == CKO_PRIVATE_KEY) || \ + ((objClass) == CKO_SECRET_KEY)) + +#define SFTK_IS_SECURE_KEY_OBJECT(objClass) \ + (((objClass) == CKO_PRIVATE_KEY) || ((objClass) == CKO_SECRET_KEY)) + static CK_RV -fips_login_if_key_object(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject) +fips_get_object_class(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, CK_OBJECT_CLASS *pObjClass) { CK_RV rv; - CK_OBJECT_CLASS objClass; CK_ATTRIBUTE class; class.type = CKA_CLASS; - class.pValue = &objClass; - class.ulValueLen = sizeof(objClass); + class.pValue = pObjClass; + class.ulValueLen = sizeof(*pObjClass); rv = NSC_GetAttributeValue(hSession, hObject, &class, 1); - if (rv == CKR_OK) { - if ((objClass == CKO_PRIVATE_KEY) || (objClass == CKO_SECRET_KEY)) { - rv = sftk_fipsCheck(); - } - } return rv; } @@ -568,7 +574,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR; PR_snprintf(msg,sizeof msg, - "C_InitPIN(hSession=%lu)=0x%08lX", + "C_InitPIN(hSession=0x%08lX)=0x%08lX", (PRUint32)hSession,(PRUint32)rv); sftk_LogAuditMessage(severity, msg); } @@ -590,7 +596,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR; PR_snprintf(msg,sizeof msg, - "C_SetPIN(hSession=%lu)=0x%08lX", + "C_SetPIN(hSession=0x%08lX)=0x%08lX", (PRUint32)hSession,(PRUint32)rv); sftk_LogAuditMessage(severity, msg); } @@ -650,7 +656,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { NSSAuditSeverity severity; severity = successful ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR; PR_snprintf(msg,sizeof msg, - "C_Login(hSession=%lu, userType=%lu)=0x%08lX", + "C_Login(hSession=0x%08lX, userType=%lu)=0x%08lX", (PRUint32)hSession,(PRUint32)userType,(PRUint32)rv); sftk_LogAuditMessage(severity, msg); } @@ -669,7 +675,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR; PR_snprintf(msg,sizeof msg, - "C_Logout(hSession=%lu)=0x%08lX", + "C_Logout(hSession=0x%08lX)=0x%08lX", (PRUint32)hSession,(PRUint32)rv); sftk_LogAuditMessage(severity, msg); } @@ -687,10 +693,15 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { if (classptr == NULL) return CKR_TEMPLATE_INCOMPLETE; /* FIPS can't create keys from raw key material */ - if ((*classptr == CKO_SECRET_KEY) || (*classptr == CKO_PRIVATE_KEY)) { - return CKR_ATTRIBUTE_VALUE_INVALID; + if (SFTK_IS_SECURE_KEY_OBJECT(*classptr)) { + rv = CKR_ATTRIBUTE_VALUE_INVALID; + } else { + rv = NSC_CreateObject(hSession,pTemplate,ulCount,phObject); } - return NSC_CreateObject(hSession,pTemplate,ulCount,phObject); + if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(*classptr)) { + sftk_AuditCreateObject(hSession,pTemplate,ulCount,phObject,rv); + } + return rv; } @@ -699,15 +710,23 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { /* FC_CopyObject copies an object, creating a new object for the copy. */ CK_RV FC_CopyObject(CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount, + CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phNewObject) { CK_RV rv; + CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY; SFTK_FIPSFATALCHECK(); - rv = fips_login_if_key_object(hSession, hObject); - if (rv != CKR_OK) { - return rv; + rv = fips_get_object_class(hSession, hObject, &objClass); + if ((rv == CKR_OK) && SFTK_IS_SECURE_KEY_OBJECT(objClass)) { + rv = sftk_fipsCheck(); } - return NSC_CopyObject(hSession,hObject,pTemplate,usCount,phNewObject); + if (rv == CKR_OK) { + rv = NSC_CopyObject(hSession,hObject,pTemplate,ulCount,phNewObject); + } + if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) { + sftk_AuditCopyObject(hSession, + hObject,pTemplate,ulCount,phNewObject,rv); + } + return rv; } @@ -715,51 +734,79 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject) { CK_RV rv; + CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY; SFTK_FIPSFATALCHECK(); - rv = fips_login_if_key_object(hSession, hObject); - if (rv != CKR_OK) { - return rv; + rv = fips_get_object_class(hSession, hObject, &objClass); + if ((rv == CKR_OK) && SFTK_IS_SECURE_KEY_OBJECT(objClass)) { + rv = sftk_fipsCheck(); } - return NSC_DestroyObject(hSession,hObject); + if (rv == CKR_OK) { + rv = NSC_DestroyObject(hSession,hObject); + } + if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) { + sftk_AuditDestroyObject(hSession,hObject,rv); + } + return rv; } /* FC_GetObjectSize gets the size of an object in bytes. */ CK_RV FC_GetObjectSize(CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pusSize) { + CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize) { CK_RV rv; + CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY; SFTK_FIPSFATALCHECK(); - rv = fips_login_if_key_object(hSession, hObject); - if (rv != CKR_OK) { - return rv; + rv = fips_get_object_class(hSession, hObject, &objClass); + if ((rv == CKR_OK) && SFTK_IS_SECURE_KEY_OBJECT(objClass)) { + rv = sftk_fipsCheck(); } - return NSC_GetObjectSize(hSession, hObject, pusSize); + if (rv == CKR_OK) { + rv = NSC_GetObjectSize(hSession, hObject, pulSize); + } + if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) { + sftk_AuditGetObjectSize(hSession, hObject, pulSize, rv); + } + return rv; } /* FC_GetAttributeValue obtains the value of one or more object attributes. */ CK_RV FC_GetAttributeValue(CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) { + CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) { CK_RV rv; + CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY; SFTK_FIPSFATALCHECK(); - rv = fips_login_if_key_object(hSession, hObject); - if (rv != CKR_OK) { - return rv; + rv = fips_get_object_class(hSession, hObject, &objClass); + if ((rv == CKR_OK) && SFTK_IS_SECURE_KEY_OBJECT(objClass)) { + rv = sftk_fipsCheck(); } - return NSC_GetAttributeValue(hSession,hObject,pTemplate,usCount); + if (rv == CKR_OK) { + rv = NSC_GetAttributeValue(hSession,hObject,pTemplate,ulCount); + } + if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) { + sftk_AuditGetAttributeValue(hSession,hObject,pTemplate,ulCount,rv); + } + return rv; } /* FC_SetAttributeValue modifies the value of one or more object attributes */ CK_RV FC_SetAttributeValue (CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) { + CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) { CK_RV rv; + CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY; SFTK_FIPSFATALCHECK(); - rv = fips_login_if_key_object(hSession, hObject); - if (rv != CKR_OK) { - return rv; + rv = fips_get_object_class(hSession, hObject, &objClass); + if ((rv == CKR_OK) && SFTK_IS_SECURE_KEY_OBJECT(objClass)) { + rv = sftk_fipsCheck(); } - return NSC_SetAttributeValue(hSession,hObject,pTemplate,usCount); + if (rv == CKR_OK) { + rv = NSC_SetAttributeValue(hSession,hObject,pTemplate,ulCount); + } + if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) { + sftk_AuditSetAttributeValue(hSession,hObject,pTemplate,ulCount,rv); + } + return rv; } @@ -819,7 +866,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) { SFTK_FIPSCHECK(); - return NSC_EncryptInit(hSession,pMechanism,hKey); + rv = NSC_EncryptInit(hSession,pMechanism,hKey); + if (sftk_audit_enabled) { + sftk_AuditCryptInit("Encrypt",hSession,pMechanism,hKey,rv); + } + return rv; } /* FC_Encrypt encrypts single-part data. */ @@ -860,7 +911,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_DecryptInit( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) { SFTK_FIPSCHECK(); - return NSC_DecryptInit(hSession,pMechanism,hKey); + rv = NSC_DecryptInit(hSession,pMechanism,hKey); + if (sftk_audit_enabled) { + sftk_AuditCryptInit("Decrypt",hSession,pMechanism,hKey,rv); + } + return rv; } /* FC_Decrypt decrypts encrypted data in a single part. */ @@ -938,7 +993,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) { SFTK_FIPSCHECK(); - return NSC_SignInit(hSession,pMechanism,hKey); + rv = NSC_SignInit(hSession,pMechanism,hKey); + if (sftk_audit_enabled) { + sftk_AuditCryptInit("Sign",hSession,pMechanism,hKey,rv); + } + return rv; } @@ -980,7 +1039,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) { SFTK_FIPSCHECK(); - return NSC_SignRecoverInit(hSession,pMechanism,hKey); + rv = NSC_SignRecoverInit(hSession,pMechanism,hKey); + if (sftk_audit_enabled) { + sftk_AuditCryptInit("SignRecover",hSession,pMechanism,hKey,rv); + } + return rv; } @@ -1003,7 +1066,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) { SFTK_FIPSCHECK(); - return NSC_VerifyInit(hSession,pMechanism,hKey); + rv = NSC_VerifyInit(hSession,pMechanism,hKey); + if (sftk_audit_enabled) { + sftk_AuditCryptInit("Verify",hSession,pMechanism,hKey,rv); + } + return rv; } @@ -1046,7 +1113,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) { SFTK_FIPSCHECK(); - return NSC_VerifyRecoverInit(hSession,pMechanism,hKey); + rv = NSC_VerifyRecoverInit(hSession,pMechanism,hKey); + if (sftk_audit_enabled) { + sftk_AuditCryptInit("VerifyRecover",hSession,pMechanism,hKey,rv); + } + return rv; } @@ -1082,7 +1153,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { } } - return NSC_GenerateKey(hSession,pMechanism,pTemplate,ulCount,phKey); + rv = NSC_GenerateKey(hSession,pMechanism,pTemplate,ulCount,phKey); + if (sftk_audit_enabled) { + sftk_AuditGenerateKey(hSession,pMechanism,pTemplate,ulCount,phKey,rv); + } + return rv; } @@ -1114,6 +1189,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { /* pairwise consistency check failed. */ sftk_fatalError = PR_TRUE; } + if (sftk_audit_enabled) { + sftk_AuditGenerateKeyPair(hSession,pMechanism,pPublicKeyTemplate, + usPublicKeyAttributeCount,pPrivateKeyTemplate, + usPrivateKeyAttributeCount,phPublicKey,phPrivateKey,crv); + } return crv; } @@ -1122,18 +1202,23 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_RV FC_WrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey, - CK_ULONG_PTR pusWrappedKeyLen) { + CK_ULONG_PTR pulWrappedKeyLen) { SFTK_FIPSCHECK(); - return NSC_WrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey, - pusWrappedKeyLen); + rv = NSC_WrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey, + pulWrappedKeyLen); + if (sftk_audit_enabled) { + sftk_AuditWrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey, + pulWrappedKeyLen,rv); + } + return rv; } /* FC_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object. */ CK_RV FC_UnwrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey, - CK_BYTE_PTR pWrappedKey, CK_ULONG usWrappedKeyLen, - CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usAttributeCount, + CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey) { CK_BBOOL *boolptr; @@ -1142,21 +1227,26 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { /* all secret keys must be sensitive, if the upper level code tries to say * otherwise, reject it. */ boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, - usAttributeCount, CKA_SENSITIVE); + ulAttributeCount, CKA_SENSITIVE); if (boolptr != NULL) { if (!(*boolptr)) { return CKR_ATTRIBUTE_VALUE_INVALID; } } - return NSC_UnwrapKey(hSession,pMechanism,hUnwrappingKey,pWrappedKey, - usWrappedKeyLen,pTemplate,usAttributeCount,phKey); + rv = NSC_UnwrapKey(hSession,pMechanism,hUnwrappingKey,pWrappedKey, + ulWrappedKeyLen,pTemplate,ulAttributeCount,phKey); + if (sftk_audit_enabled) { + sftk_AuditUnwrapKey(hSession,pMechanism,hUnwrappingKey,pWrappedKey, + ulWrappedKeyLen,pTemplate,ulAttributeCount,phKey,rv); + } + return rv; } /* FC_DeriveKey derives a key from a base key, creating a new key object. */ CK_RV FC_DeriveKey( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey, - CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usAttributeCount, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey) { CK_BBOOL *boolptr; @@ -1165,14 +1255,19 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { /* all secret keys must be sensitive, if the upper level code tries to say * otherwise, reject it. */ boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, - usAttributeCount, CKA_SENSITIVE); + ulAttributeCount, CKA_SENSITIVE); if (boolptr != NULL) { if (!(*boolptr)) { return CKR_ATTRIBUTE_VALUE_INVALID; } } - return NSC_DeriveKey(hSession,pMechanism,hBaseKey,pTemplate, - usAttributeCount, phKey); + rv = NSC_DeriveKey(hSession,pMechanism,hBaseKey,pTemplate, + ulAttributeCount, phKey); + if (sftk_audit_enabled) { + sftk_AuditDeriveKey(hSession,pMechanism,hBaseKey,pTemplate, + ulAttributeCount,phKey,rv); + } + return rv; } /* @@ -1206,7 +1301,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { if (sftk_audit_enabled) { char msg[128]; PR_snprintf(msg,sizeof msg, - "C_GenerateRandom(hSession=%lu, pRandomData=%p, " + "C_GenerateRandom(hSession=0x%08lX, pRandomData=%p, " "ulRandomLen=%lu)=0x%08lX " "self-test: continuous RNG test failed", (PRUint32)hSession,pRandomData, @@ -1315,7 +1410,11 @@ CK_RV FC_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, */ CK_RV FC_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) { SFTK_FIPSCHECK(); - return NSC_DigestKey(hSession,hKey); + rv = NSC_DigestKey(hSession,hKey); + if (sftk_audit_enabled) { + sftk_AuditDigestKey(hSession,hKey,rv); + } + return rv; } diff --git a/mozilla/security/nss/lib/softoken/manifest.mn b/mozilla/security/nss/lib/softoken/manifest.mn index 294bd0b493f..983d66887cc 100644 --- a/mozilla/security/nss/lib/softoken/manifest.mn +++ b/mozilla/security/nss/lib/softoken/manifest.mn @@ -70,6 +70,7 @@ CSRCS = \ dbinit.c \ dbmshim.c \ ecdecode.c \ + fipsaudt.c \ fipstest.c \ fipstokn.c \ keydb.c \ diff --git a/mozilla/security/nss/lib/softoken/pkcs11c.c b/mozilla/security/nss/lib/softoken/pkcs11c.c index dc1dc67f491..b722d3d4c43 100644 --- a/mozilla/security/nss/lib/softoken/pkcs11c.c +++ b/mozilla/security/nss/lib/softoken/pkcs11c.c @@ -3813,7 +3813,7 @@ ecgn_done: if (sftk_audit_enabled) { char msg[128]; PR_snprintf(msg,sizeof msg, - "C_GenerateKeyPair(hSession=%lu, " + "C_GenerateKeyPair(hSession=0x%08lX, " "pMechanism->mechanism=0x%08lX)=0x%08lX " "self-test: pair-wise consistency test failed", (PRUint32)hSession,(PRUint32)pMechanism->mechanism, diff --git a/mozilla/security/nss/lib/softoken/softoken.h b/mozilla/security/nss/lib/softoken/softoken.h index 30033118648..9ff0998e7e2 100644 --- a/mozilla/security/nss/lib/softoken/softoken.h +++ b/mozilla/security/nss/lib/softoken/softoken.h @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: softoken.h,v 1.13 2006-07-31 18:10:17 wtchang%redhat.com Exp $ */ +/* $Id: softoken.h,v 1.14 2006-10-02 22:48:31 wtchang%redhat.com Exp $ */ #ifndef _SOFTOKEN_H_ #define _SOFTOKEN_H_ @@ -184,6 +184,71 @@ extern PRBool sftk_audit_enabled; extern void sftk_LogAuditMessage(NSSAuditSeverity severity, const char *msg); +extern void sftk_AuditCreateObject(CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject, CK_RV rv); + +extern void sftk_AuditCopyObject(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv); + +extern void sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, CK_RV rv); + +extern void sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize, + CK_RV rv); + +extern void sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, CK_RV rv); + +extern void sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, CK_RV rv); + +extern void sftk_AuditCryptInit(const char *opName, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey, CK_RV rv); + +extern void sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey, CK_RV rv); + +extern void sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv); + +extern void sftk_AuditWrapKey(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv); + +extern void sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hUnwrappingKey, + CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey, CK_RV rv); + +extern void sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey, CK_RV rv); + +extern void sftk_AuditDigestKey(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hKey, CK_RV rv); + /* ** FIPS 140-2 Error state */