1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/softoken/fipsaudt.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,319 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +/*
1.9 + * This file implements audit logging required by FIPS 140-2 Security
1.10 + * Level 2.
1.11 + */
1.12 +
1.13 +#include "prprf.h"
1.14 +#include "softoken.h"
1.15 +
1.16 +/*
1.17 + * Print the value of the returned object handle in the output buffer
1.18 + * on a successful return of the PKCS #11 function. If the PKCS #11
1.19 + * function failed or the pointer to object handle is NULL (which is
1.20 + * the case for C_DeriveKey with CKM_TLS_KEY_AND_MAC_DERIVE), an empty
1.21 + * string is stored in the output buffer.
1.22 + *
1.23 + * out: the output buffer
1.24 + * outlen: the length of the output buffer
1.25 + * argName: the name of the "pointer to object handle" argument
1.26 + * phObject: the pointer to object handle
1.27 + * rv: the return value of the PKCS #11 function
1.28 + */
1.29 +static void sftk_PrintReturnedObjectHandle(char *out, PRUint32 outlen,
1.30 + const char *argName, CK_OBJECT_HANDLE_PTR phObject, CK_RV rv)
1.31 +{
1.32 + if ((rv == CKR_OK) && phObject) {
1.33 + PR_snprintf(out, outlen,
1.34 + " *%s=0x%08lX", argName, (PRUint32)*phObject);
1.35 + } else {
1.36 + PORT_Assert(outlen != 0);
1.37 + out[0] = '\0';
1.38 + }
1.39 +}
1.40 +
1.41 +/*
1.42 + * MECHANISM_BUFSIZE needs to be large enough for sftk_PrintMechanism,
1.43 + * which uses <= 49 bytes.
1.44 + */
1.45 +#define MECHANISM_BUFSIZE 64
1.46 +
1.47 +static void sftk_PrintMechanism(char *out, PRUint32 outlen,
1.48 + CK_MECHANISM_PTR pMechanism)
1.49 +{
1.50 + if (pMechanism) {
1.51 + /*
1.52 + * If we change the format string, we need to make sure
1.53 + * MECHANISM_BUFSIZE is still large enough. We allow
1.54 + * 20 bytes for %p on a 64-bit platform.
1.55 + */
1.56 + PR_snprintf(out, outlen, "%p {mechanism=0x%08lX, ...}",
1.57 + pMechanism, (PRUint32)pMechanism->mechanism);
1.58 + } else {
1.59 + PR_snprintf(out, outlen, "%p", pMechanism);
1.60 + }
1.61 +}
1.62 +
1.63 +void sftk_AuditCreateObject(CK_SESSION_HANDLE hSession,
1.64 + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
1.65 + CK_OBJECT_HANDLE_PTR phObject, CK_RV rv)
1.66 +{
1.67 + char msg[256];
1.68 + char shObject[32];
1.69 + NSSAuditSeverity severity = (rv == CKR_OK) ?
1.70 + NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
1.71 +
1.72 + sftk_PrintReturnedObjectHandle(shObject, sizeof shObject,
1.73 + "phObject", phObject, rv);
1.74 + PR_snprintf(msg, sizeof msg,
1.75 + "C_CreateObject(hSession=0x%08lX, pTemplate=%p, ulCount=%lu, "
1.76 + "phObject=%p)=0x%08lX%s",
1.77 + (PRUint32)hSession, pTemplate, (PRUint32)ulCount,
1.78 + phObject, (PRUint32)rv, shObject);
1.79 + sftk_LogAuditMessage(severity, NSS_AUDIT_LOAD_KEY, msg);
1.80 +}
1.81 +
1.82 +void sftk_AuditCopyObject(CK_SESSION_HANDLE hSession,
1.83 + CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
1.84 + CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv)
1.85 +{
1.86 + char msg[256];
1.87 + char shNewObject[32];
1.88 + NSSAuditSeverity severity = (rv == CKR_OK) ?
1.89 + NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
1.90 +
1.91 + sftk_PrintReturnedObjectHandle(shNewObject, sizeof shNewObject,
1.92 + "phNewObject", phNewObject, rv);
1.93 + PR_snprintf(msg, sizeof msg,
1.94 + "C_CopyObject(hSession=0x%08lX, hObject=0x%08lX, "
1.95 + "pTemplate=%p, ulCount=%lu, phNewObject=%p)=0x%08lX%s",
1.96 + (PRUint32)hSession, (PRUint32)hObject,
1.97 + pTemplate, (PRUint32)ulCount, phNewObject, (PRUint32)rv, shNewObject);
1.98 + sftk_LogAuditMessage(severity, NSS_AUDIT_COPY_KEY, msg);
1.99 +}
1.100 +
1.101 +/* WARNING: hObject has been destroyed and can only be printed. */
1.102 +void sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession,
1.103 + CK_OBJECT_HANDLE hObject, CK_RV rv)
1.104 +{
1.105 + char msg[256];
1.106 + NSSAuditSeverity severity = (rv == CKR_OK) ?
1.107 + NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
1.108 +
1.109 + PR_snprintf(msg, sizeof msg,
1.110 + "C_DestroyObject(hSession=0x%08lX, hObject=0x%08lX)=0x%08lX",
1.111 + (PRUint32)hSession, (PRUint32)hObject, (PRUint32)rv);
1.112 + sftk_LogAuditMessage(severity, NSS_AUDIT_DESTROY_KEY, msg);
1.113 +}
1.114 +
1.115 +void sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession,
1.116 + CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize, CK_RV rv)
1.117 +{
1.118 + char msg[256];
1.119 + NSSAuditSeverity severity = (rv == CKR_OK) ?
1.120 + NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
1.121 +
1.122 + PR_snprintf(msg, sizeof msg,
1.123 + "C_GetObjectSize(hSession=0x%08lX, hObject=0x%08lX, "
1.124 + "pulSize=%p)=0x%08lX",
1.125 + (PRUint32)hSession, (PRUint32)hObject,
1.126 + pulSize, (PRUint32)rv);
1.127 + sftk_LogAuditMessage(severity, NSS_AUDIT_ACCESS_KEY, msg);
1.128 +}
1.129 +
1.130 +void sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession,
1.131 + CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
1.132 + CK_ULONG ulCount, CK_RV rv)
1.133 +{
1.134 + char msg[256];
1.135 + NSSAuditSeverity severity = (rv == CKR_OK) ?
1.136 + NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
1.137 +
1.138 + PR_snprintf(msg, sizeof msg,
1.139 + "C_GetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
1.140 + "pTemplate=%p, ulCount=%lu)=0x%08lX",
1.141 + (PRUint32)hSession, (PRUint32)hObject,
1.142 + pTemplate, (PRUint32)ulCount, (PRUint32)rv);
1.143 + sftk_LogAuditMessage(severity, NSS_AUDIT_ACCESS_KEY, msg);
1.144 +}
1.145 +
1.146 +void sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession,
1.147 + CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
1.148 + CK_ULONG ulCount, CK_RV rv)
1.149 +{
1.150 + char msg[256];
1.151 + NSSAuditSeverity severity = (rv == CKR_OK) ?
1.152 + NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
1.153 +
1.154 + PR_snprintf(msg, sizeof msg,
1.155 + "C_SetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
1.156 + "pTemplate=%p, ulCount=%lu)=0x%08lX",
1.157 + (PRUint32)hSession, (PRUint32)hObject,
1.158 + pTemplate, (PRUint32)ulCount, (PRUint32)rv);
1.159 + sftk_LogAuditMessage(severity, NSS_AUDIT_CHANGE_KEY, msg);
1.160 +}
1.161 +
1.162 +void sftk_AuditCryptInit(const char *opName, CK_SESSION_HANDLE hSession,
1.163 + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey, CK_RV rv)
1.164 +{
1.165 + char msg[256];
1.166 + char mech[MECHANISM_BUFSIZE];
1.167 + NSSAuditSeverity severity = (rv == CKR_OK) ?
1.168 + NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
1.169 +
1.170 + sftk_PrintMechanism(mech, sizeof mech, pMechanism);
1.171 + PR_snprintf(msg, sizeof msg,
1.172 + "C_%sInit(hSession=0x%08lX, pMechanism=%s, "
1.173 + "hKey=0x%08lX)=0x%08lX",
1.174 + opName, (PRUint32)hSession, mech,
1.175 + (PRUint32)hKey, (PRUint32)rv);
1.176 + sftk_LogAuditMessage(severity, NSS_AUDIT_CRYPT, msg);
1.177 +}
1.178 +
1.179 +void sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession,
1.180 + CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate,
1.181 + CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
1.182 +{
1.183 + char msg[256];
1.184 + char mech[MECHANISM_BUFSIZE];
1.185 + char shKey[32];
1.186 + NSSAuditSeverity severity = (rv == CKR_OK) ?
1.187 + NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
1.188 +
1.189 + sftk_PrintMechanism(mech, sizeof mech, pMechanism);
1.190 + sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
1.191 + PR_snprintf(msg, sizeof msg,
1.192 + "C_GenerateKey(hSession=0x%08lX, pMechanism=%s, "
1.193 + "pTemplate=%p, ulCount=%lu, phKey=%p)=0x%08lX%s",
1.194 + (PRUint32)hSession, mech,
1.195 + pTemplate, (PRUint32)ulCount, phKey, (PRUint32)rv, shKey);
1.196 + sftk_LogAuditMessage(severity, NSS_AUDIT_GENERATE_KEY, msg);
1.197 +}
1.198 +
1.199 +void sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession,
1.200 + CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
1.201 + CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
1.202 + CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey,
1.203 + CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv)
1.204 +{
1.205 + char msg[512];
1.206 + char mech[MECHANISM_BUFSIZE];
1.207 + char shPublicKey[32];
1.208 + char shPrivateKey[32];
1.209 + NSSAuditSeverity severity = (rv == CKR_OK) ?
1.210 + NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
1.211 +
1.212 + sftk_PrintMechanism(mech, sizeof mech, pMechanism);
1.213 + sftk_PrintReturnedObjectHandle(shPublicKey, sizeof shPublicKey,
1.214 + "phPublicKey", phPublicKey, rv);
1.215 + sftk_PrintReturnedObjectHandle(shPrivateKey, sizeof shPrivateKey,
1.216 + "phPrivateKey", phPrivateKey, rv);
1.217 + PR_snprintf(msg, sizeof msg,
1.218 + "C_GenerateKeyPair(hSession=0x%08lX, pMechanism=%s, "
1.219 + "pPublicKeyTemplate=%p, ulPublicKeyAttributeCount=%lu, "
1.220 + "pPrivateKeyTemplate=%p, ulPrivateKeyAttributeCount=%lu, "
1.221 + "phPublicKey=%p, phPrivateKey=%p)=0x%08lX%s%s",
1.222 + (PRUint32)hSession, mech,
1.223 + pPublicKeyTemplate, (PRUint32)ulPublicKeyAttributeCount,
1.224 + pPrivateKeyTemplate, (PRUint32)ulPrivateKeyAttributeCount,
1.225 + phPublicKey, phPrivateKey, (PRUint32)rv, shPublicKey, shPrivateKey);
1.226 + sftk_LogAuditMessage(severity, NSS_AUDIT_GENERATE_KEY, msg);
1.227 +}
1.228 +
1.229 +void sftk_AuditWrapKey(CK_SESSION_HANDLE hSession,
1.230 + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
1.231 + CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
1.232 + CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv)
1.233 +{
1.234 + char msg[256];
1.235 + char mech[MECHANISM_BUFSIZE];
1.236 + NSSAuditSeverity severity = (rv == CKR_OK) ?
1.237 + NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
1.238 +
1.239 + sftk_PrintMechanism(mech, sizeof mech, pMechanism);
1.240 + PR_snprintf(msg, sizeof msg,
1.241 + "C_WrapKey(hSession=0x%08lX, pMechanism=%s, hWrappingKey=0x%08lX, "
1.242 + "hKey=0x%08lX, pWrappedKey=%p, pulWrappedKeyLen=%p)=0x%08lX",
1.243 + (PRUint32)hSession, mech, (PRUint32)hWrappingKey,
1.244 + (PRUint32)hKey, pWrappedKey, pulWrappedKeyLen, (PRUint32)rv);
1.245 + sftk_LogAuditMessage(severity, NSS_AUDIT_WRAP_KEY, msg);
1.246 +}
1.247 +
1.248 +void sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession,
1.249 + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
1.250 + CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
1.251 + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
1.252 + CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
1.253 +{
1.254 + char msg[256];
1.255 + char mech[MECHANISM_BUFSIZE];
1.256 + char shKey[32];
1.257 + NSSAuditSeverity severity = (rv == CKR_OK) ?
1.258 + NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
1.259 +
1.260 + sftk_PrintMechanism(mech, sizeof mech, pMechanism);
1.261 + sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
1.262 + PR_snprintf(msg, sizeof msg,
1.263 + "C_UnwrapKey(hSession=0x%08lX, pMechanism=%s, "
1.264 + "hUnwrappingKey=0x%08lX, pWrappedKey=%p, ulWrappedKeyLen=%lu, "
1.265 + "pTemplate=%p, ulAttributeCount=%lu, phKey=%p)=0x%08lX%s",
1.266 + (PRUint32)hSession, mech,
1.267 + (PRUint32)hUnwrappingKey, pWrappedKey, (PRUint32)ulWrappedKeyLen,
1.268 + pTemplate, (PRUint32)ulAttributeCount, phKey, (PRUint32)rv, shKey);
1.269 + sftk_LogAuditMessage(severity, NSS_AUDIT_UNWRAP_KEY, msg);
1.270 +}
1.271 +
1.272 +void sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession,
1.273 + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
1.274 + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
1.275 + CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
1.276 +{
1.277 + char msg[512];
1.278 + char mech[MECHANISM_BUFSIZE];
1.279 + char shKey[32];
1.280 + char sTlsKeys[128];
1.281 + NSSAuditSeverity severity = (rv == CKR_OK) ?
1.282 + NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
1.283 +
1.284 + sftk_PrintMechanism(mech, sizeof mech, pMechanism);
1.285 + sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
1.286 + if ((rv == CKR_OK) &&
1.287 + (pMechanism->mechanism == CKM_TLS_KEY_AND_MAC_DERIVE)) {
1.288 + CK_SSL3_KEY_MAT_PARAMS *param =
1.289 + (CK_SSL3_KEY_MAT_PARAMS *)pMechanism->pParameter;
1.290 + CK_SSL3_KEY_MAT_OUT *keymat = param->pReturnedKeyMaterial;
1.291 + PR_snprintf(sTlsKeys, sizeof sTlsKeys,
1.292 + " hClientMacSecret=0x%08lX hServerMacSecret=0x%08lX"
1.293 + " hClientKey=0x%08lX hServerKey=0x%08lX",
1.294 + (PRUint32)keymat->hClientMacSecret,
1.295 + (PRUint32)keymat->hServerMacSecret,
1.296 + (PRUint32)keymat->hClientKey,
1.297 + (PRUint32)keymat->hServerKey);
1.298 + } else {
1.299 + sTlsKeys[0] = '\0';
1.300 + }
1.301 + PR_snprintf(msg, sizeof msg,
1.302 + "C_DeriveKey(hSession=0x%08lX, pMechanism=%s, "
1.303 + "hBaseKey=0x%08lX, pTemplate=%p, ulAttributeCount=%lu, "
1.304 + "phKey=%p)=0x%08lX%s%s",
1.305 + (PRUint32)hSession, mech,
1.306 + (PRUint32)hBaseKey, pTemplate,(PRUint32)ulAttributeCount,
1.307 + phKey, (PRUint32)rv, shKey, sTlsKeys);
1.308 + sftk_LogAuditMessage(severity, NSS_AUDIT_DERIVE_KEY, msg);
1.309 +}
1.310 +
1.311 +void sftk_AuditDigestKey(CK_SESSION_HANDLE hSession,
1.312 + CK_OBJECT_HANDLE hKey, CK_RV rv)
1.313 +{
1.314 + char msg[256];
1.315 + NSSAuditSeverity severity = (rv == CKR_OK) ?
1.316 + NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
1.317 +
1.318 + PR_snprintf(msg, sizeof msg,
1.319 + "C_DigestKey(hSession=0x%08lX, hKey=0x%08lX)=0x%08lX",
1.320 + (PRUint32)hSession, (PRUint32)hKey, (PRUint32)rv);
1.321 + sftk_LogAuditMessage(severity, NSS_AUDIT_DIGEST_KEY, msg);
1.322 +}
