/src/nss/lib/softoken/fipsaudt.c

Source (jump to first uncovered line)
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
 * This file implements audit logging required by FIPS 140-2 Security
 * Level 2.
 */

#include "prprf.h"
#include "softoken.h"

/*
 * Print the value of the returned object handle in the output buffer
 * on a successful return of the PKCS #11 function.  If the PKCS #11
 * function failed or the pointer to object handle is NULL (which is
 * the case for C_DeriveKey with CKM_TLS_KEY_AND_MAC_DERIVE), an empty
 * string is stored in the output buffer.
 *
 * out: the output buffer
 * outlen: the length of the output buffer
 * argName: the name of the "pointer to object handle" argument
 * phObject: the pointer to object handle
 * rv: the return value of the PKCS #11 function
 */
static void
sftk_PrintReturnedObjectHandle(char *out, PRUint32 outlen,
                               const char *argName, CK_OBJECT_HANDLE_PTR phObject, CK_RV rv)
{
    if ((rv == CKR_OK) && phObject) {
        PR_snprintf(out, outlen,
                    " *%s=0x%08lX", argName, (PRUint32)*phObject);
    } else {
        PORT_Assert(outlen != 0);
        out[0] = '\0';
    }
}

/*
 * MECHANISM_BUFSIZE needs to be large enough for sftk_PrintMechanism,
 * which uses <= 49 bytes.
 */
#define MECHANISM_BUFSIZE 64

static void
sftk_PrintMechanism(char *out, PRUint32 outlen,
                    CK_MECHANISM_PTR pMechanism)
{
    if (pMechanism) {
        /*
         * If we change the format string, we need to make sure
         * MECHANISM_BUFSIZE is still large enough.  We allow
         * 20 bytes for %p on a 64-bit platform.
         */
        PR_snprintf(out, outlen, "%p {mechanism=0x%08lX, ...}",
                    pMechanism, (PRUint32)pMechanism->mechanism);
    } else {
        PR_snprintf(out, outlen, "%p", pMechanism);
    }
}

void
sftk_AuditCreateObject(CK_SESSION_HANDLE hSession,
                       CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
                       CK_OBJECT_HANDLE_PTR phObject, CK_RV rv)
{
    char msg[256];
    char shObject[32];
    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintReturnedObjectHandle(shObject, sizeof shObject,
                                   "phObject", phObject, rv);
    PR_snprintf(msg, sizeof msg,
                "C_CreateObject(hSession=0x%08lX, pTemplate=%p, ulCount=%lu, "
                "phObject=%p)=0x%08lX%s",
                (PRUint32)hSession, pTemplate, (PRUint32)ulCount,
                phObject, (PRUint32)rv, shObject);
    sftk_LogAuditMessage(severity, NSS_AUDIT_LOAD_KEY, msg);
}

void
sftk_AuditCopyObject(CK_SESSION_HANDLE hSession,
                     CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
                     CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv)
{
    char msg[256];
    char shNewObject[32];
    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintReturnedObjectHandle(shNewObject, sizeof shNewObject,
                                   "phNewObject", phNewObject, rv);
    PR_snprintf(msg, sizeof msg,
                "C_CopyObject(hSession=0x%08lX, hObject=0x%08lX, "
                "pTemplate=%p, ulCount=%lu, phNewObject=%p)=0x%08lX%s",
                (PRUint32)hSession, (PRUint32)hObject,
                pTemplate, (PRUint32)ulCount, phNewObject, (PRUint32)rv, shNewObject);
    sftk_LogAuditMessage(severity, NSS_AUDIT_COPY_KEY, msg);
}

/* WARNING: hObject has been destroyed and can only be printed. */
void
sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession,
                        CK_OBJECT_HANDLE hObject, CK_RV rv)
{
    char msg[256];
    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    PR_snprintf(msg, sizeof msg,
                "C_DestroyObject(hSession=0x%08lX, hObject=0x%08lX)=0x%08lX",
                (PRUint32)hSession, (PRUint32)hObject, (PRUint32)rv);
    sftk_LogAuditMessage(severity, NSS_AUDIT_DESTROY_KEY, msg);
}

void
sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession,
                        CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize, CK_RV rv)
{
    char msg[256];
    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    PR_snprintf(msg, sizeof msg,
                "C_GetObjectSize(hSession=0x%08lX, hObject=0x%08lX, "
                "pulSize=%p)=0x%08lX",
                (PRUint32)hSession, (PRUint32)hObject,
                pulSize, (PRUint32)rv);
    sftk_LogAuditMessage(severity, NSS_AUDIT_ACCESS_KEY, msg);
}

void
sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession,
                            CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
                            CK_ULONG ulCount, CK_RV rv)
{
    char msg[256];
    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    PR_snprintf(msg, sizeof msg,
                "C_GetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
                "pTemplate=%p, ulCount=%lu)=0x%08lX",
                (PRUint32)hSession, (PRUint32)hObject,
                pTemplate, (PRUint32)ulCount, (PRUint32)rv);
    sftk_LogAuditMessage(severity, NSS_AUDIT_ACCESS_KEY, msg);
}

void
sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession,
                            CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
                            CK_ULONG ulCount, CK_RV rv)
{
    char msg[256];
    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    PR_snprintf(msg, sizeof msg,
                "C_SetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
                "pTemplate=%p, ulCount=%lu)=0x%08lX",
                (PRUint32)hSession, (PRUint32)hObject,
                pTemplate, (PRUint32)ulCount, (PRUint32)rv);
    sftk_LogAuditMessage(severity, NSS_AUDIT_CHANGE_KEY, msg);
}

void
sftk_AuditCryptInit(const char *opName, CK_SESSION_HANDLE hSession,
                    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey, CK_RV rv)
{
    char msg[256];
    char mech[MECHANISM_BUFSIZE];
    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
    PR_snprintf(msg, sizeof msg,
                "C_%sInit(hSession=0x%08lX, pMechanism=%s, "
                "hKey=0x%08lX)=0x%08lX",
                opName, (PRUint32)hSession, mech,
                (PRUint32)hKey, (PRUint32)rv);
    sftk_LogAuditMessage(severity, NSS_AUDIT_CRYPT, msg);
}

void
sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession,
                      CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate,
                      CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
{
    char msg[256];
    char mech[MECHANISM_BUFSIZE];
    char shKey[32];
    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
    sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
    PR_snprintf(msg, sizeof msg,
                "C_GenerateKey(hSession=0x%08lX, pMechanism=%s, "
                "pTemplate=%p, ulCount=%lu, phKey=%p)=0x%08lX%s",
                (PRUint32)hSession, mech,
                pTemplate, (PRUint32)ulCount, phKey, (PRUint32)rv, shKey);
    sftk_LogAuditMessage(severity, NSS_AUDIT_GENERATE_KEY, msg);
}

void
sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession,
                          CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
                          CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
                          CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey,
                          CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv)
{
    char msg[512];
    char mech[MECHANISM_BUFSIZE];
    char shPublicKey[32];
    char shPrivateKey[32];
    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
    sftk_PrintReturnedObjectHandle(shPublicKey, sizeof shPublicKey,
                                   "phPublicKey", phPublicKey, rv);
    sftk_PrintReturnedObjectHandle(shPrivateKey, sizeof shPrivateKey,
                                   "phPrivateKey", phPrivateKey, rv);
    PR_snprintf(msg, sizeof msg,
                "C_GenerateKeyPair(hSession=0x%08lX, pMechanism=%s, "
                "pPublicKeyTemplate=%p, ulPublicKeyAttributeCount=%lu, "
                "pPrivateKeyTemplate=%p, ulPrivateKeyAttributeCount=%lu, "
                "phPublicKey=%p, phPrivateKey=%p)=0x%08lX%s%s",
                (PRUint32)hSession, mech,
                pPublicKeyTemplate, (PRUint32)ulPublicKeyAttributeCount,
                pPrivateKeyTemplate, (PRUint32)ulPrivateKeyAttributeCount,
                phPublicKey, phPrivateKey, (PRUint32)rv, shPublicKey, shPrivateKey);
    sftk_LogAuditMessage(severity, NSS_AUDIT_GENERATE_KEY, msg);
}

void
sftk_AuditWrapKey(CK_SESSION_HANDLE hSession,
                  CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
                  CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
                  CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv)
{
    char msg[256];
    char mech[MECHANISM_BUFSIZE];
    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
    PR_snprintf(msg, sizeof msg,
                "C_WrapKey(hSession=0x%08lX, pMechanism=%s, hWrappingKey=0x%08lX, "
                "hKey=0x%08lX, pWrappedKey=%p, pulWrappedKeyLen=%p)=0x%08lX",
                (PRUint32)hSession, mech, (PRUint32)hWrappingKey,
                (PRUint32)hKey, pWrappedKey, pulWrappedKeyLen, (PRUint32)rv);
    sftk_LogAuditMessage(severity, NSS_AUDIT_WRAP_KEY, msg);
}

void
sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession,
                    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
                    CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
                    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
                    CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
{
    char msg[256];
    char mech[MECHANISM_BUFSIZE];
    char shKey[32];
    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
    sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
    PR_snprintf(msg, sizeof msg,
                "C_UnwrapKey(hSession=0x%08lX, pMechanism=%s, "
                "hUnwrappingKey=0x%08lX, pWrappedKey=%p, ulWrappedKeyLen=%lu, "
                "pTemplate=%p, ulAttributeCount=%lu, phKey=%p)=0x%08lX%s",
                (PRUint32)hSession, mech,
                (PRUint32)hUnwrappingKey, pWrappedKey, (PRUint32)ulWrappedKeyLen,
                pTemplate, (PRUint32)ulAttributeCount, phKey, (PRUint32)rv, shKey);
    sftk_LogAuditMessage(severity, NSS_AUDIT_UNWRAP_KEY, msg);
}

void
sftk_AuditEncapsulateKey(CK_SESSION_HANDLE hSession,
                         CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hPublicKey,
                         CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
                         CK_BYTE_PTR pCiphertext, CK_ULONG_PTR pulCiphertextLen,
                         CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
{
    char msg[256];
    char mech[MECHANISM_BUFSIZE];
    char shKey[32];
    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
    sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
    PR_snprintf(msg, sizeof msg,
                "C_EncapsulateKey(hSession=0x%08lX, pMechanism=%s, "
                "hPublicKey=0x%08lX, pTemplate=%p, ulAttributeCount=%lu, "
                "pCiphertext=%p, ulCiphertestLen=%lu, "
                " phKey=%p)=0x%08lX%s",
                (PRUint32)hSession, mech, (PRUint32)hPublicKey,
                pTemplate, (PRUint32)ulAttributeCount,
                pCiphertext, (PRUint32)*pulCiphertextLen,
                phKey, (PRUint32)rv, shKey);
    sftk_LogAuditMessage(severity, NSS_AUDIT_ENCAPSULATE_KEY, msg);
}

void
sftk_AuditDecapsulateKey(CK_SESSION_HANDLE hSession,
                         CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hPrivateKey,
                         CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
                         CK_BYTE_PTR pCiphertext, CK_ULONG ulCiphertextLen,
                         CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
{
    char msg[256];
    char mech[MECHANISM_BUFSIZE];
    char shKey[32];
    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
    sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
    PR_snprintf(msg, sizeof msg,
                "C_DecapsulateKey(hSession=0x%08lX, pMechanism=%s, "
                "hPrivateKey=0x%08lX, pTemplate=%p, ulAttributeCount=%lu, "
                "pCiphertext=%p, ulCiphertestLen=%lu, "
                " phKey=%p)=0x%08lX%s",
                (PRUint32)hSession, mech, (PRUint32)hPrivateKey,
                pTemplate, (PRUint32)ulAttributeCount,
                pCiphertext, (PRUint32)ulCiphertextLen,
                phKey, (PRUint32)rv, shKey);
    sftk_LogAuditMessage(severity, NSS_AUDIT_DECAPSULATE_KEY, msg);
}

void
sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession,
                    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
                    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
                    CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
{
    char msg[512];
    char mech[MECHANISM_BUFSIZE];
    char shKey[32];
    char sTlsKeys[128];
    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
    sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
    if ((rv == CKR_OK) &&
        (pMechanism->mechanism == CKM_TLS_KEY_AND_MAC_DERIVE)) {
        CK_SSL3_KEY_MAT_PARAMS *param =
            (CK_SSL3_KEY_MAT_PARAMS *)pMechanism->pParameter;
        CK_SSL3_KEY_MAT_OUT *keymat = param->pReturnedKeyMaterial;
        PR_snprintf(sTlsKeys, sizeof sTlsKeys,
                    " hClientMacSecret=0x%08lX hServerMacSecret=0x%08lX"
                    " hClientKey=0x%08lX hServerKey=0x%08lX",
                    (PRUint32)keymat->hClientMacSecret,
                    (PRUint32)keymat->hServerMacSecret,
                    (PRUint32)keymat->hClientKey,
                    (PRUint32)keymat->hServerKey);
    } else {
        sTlsKeys[0] = '\0';
    }
    PR_snprintf(msg, sizeof msg,
                "C_DeriveKey(hSession=0x%08lX, pMechanism=%s, "
                "hBaseKey=0x%08lX, pTemplate=%p, ulAttributeCount=%lu, "
                "phKey=%p)=0x%08lX%s%s",
                (PRUint32)hSession, mech,
                (PRUint32)hBaseKey, pTemplate, (PRUint32)ulAttributeCount,
                phKey, (PRUint32)rv, shKey, sTlsKeys);
    sftk_LogAuditMessage(severity, NSS_AUDIT_DERIVE_KEY, msg);
}

void
sftk_AuditDigestKey(CK_SESSION_HANDLE hSession,
                    CK_OBJECT_HANDLE hKey, CK_RV rv)
{
    char msg[256];
    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;

    PR_snprintf(msg, sizeof msg,
                "C_DigestKey(hSession=0x%08lX, hKey=0x%08lX)=0x%08lX",
                (PRUint32)hSession, (PRUint32)hKey, (PRUint32)rv);
    sftk_LogAuditMessage(severity, NSS_AUDIT_DIGEST_KEY, msg);
}

Coverage Report

Created: 2025-08-18 06:35

Line	Count	Source (jump to first uncovered line)
1		/* This Source Code Form is subject to the terms of the Mozilla Public
2		* License, v. 2.0. If a copy of the MPL was not distributed with this
3		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5		/*
6		* This file implements audit logging required by FIPS 140-2 Security
7		* Level 2.
8		*/
9
10		#include "prprf.h"
11		#include "softoken.h"
12
13		/*
14		* Print the value of the returned object handle in the output buffer
15		* on a successful return of the PKCS #11 function. If the PKCS #11
16		* function failed or the pointer to object handle is NULL (which is
17		* the case for C_DeriveKey with CKM_TLS_KEY_AND_MAC_DERIVE), an empty
18		* string is stored in the output buffer.
19		*
20		* out: the output buffer
21		* outlen: the length of the output buffer
22		* argName: the name of the "pointer to object handle" argument
23		* phObject: the pointer to object handle
24		* rv: the return value of the PKCS #11 function
25		*/
26		static void
27		sftk_PrintReturnedObjectHandle(char *out, PRUint32 outlen,
28		const char *argName, CK_OBJECT_HANDLE_PTR phObject, CK_RV rv)
29	0	{
30	0	if ((rv == CKR_OK) && phObject) {
31	0	PR_snprintf(out, outlen,
32	0	" %s=0x%08lX", argName, (PRUint32)phObject);
33	0	} else {
34	0	PORT_Assert(outlen != 0);
35	0	out[0] = '\0';
36	0	}
37	0	}
38
39		/*
40		* MECHANISM_BUFSIZE needs to be large enough for sftk_PrintMechanism,
41		* which uses <= 49 bytes.
42		*/
43		#define MECHANISM_BUFSIZE 64
44
45		static void
46		sftk_PrintMechanism(char *out, PRUint32 outlen,
47		CK_MECHANISM_PTR pMechanism)
48	0	{
49	0	if (pMechanism) {
50		/*
51		* If we change the format string, we need to make sure
52		* MECHANISM_BUFSIZE is still large enough. We allow
53		* 20 bytes for %p on a 64-bit platform.
54		*/
55	0	PR_snprintf(out, outlen, "%p {mechanism=0x%08lX, ...}",
56	0	pMechanism, (PRUint32)pMechanism->mechanism);
57	0	} else {
58	0	PR_snprintf(out, outlen, "%p", pMechanism);
59	0	}
60	0	}
61
62		void
63		sftk_AuditCreateObject(CK_SESSION_HANDLE hSession,
64		CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
65		CK_OBJECT_HANDLE_PTR phObject, CK_RV rv)
66	0	{
67	0	char msg[256];
68	0	char shObject[32];
69	0	NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
70
71	0	sftk_PrintReturnedObjectHandle(shObject, sizeof shObject,
72	0	"phObject", phObject, rv);
73	0	PR_snprintf(msg, sizeof msg,
74	0	"C_CreateObject(hSession=0x%08lX, pTemplate=%p, ulCount=%lu, "
75	0	"phObject=%p)=0x%08lX%s",
76	0	(PRUint32)hSession, pTemplate, (PRUint32)ulCount,
77	0	phObject, (PRUint32)rv, shObject);
78	0	sftk_LogAuditMessage(severity, NSS_AUDIT_LOAD_KEY, msg);
79	0	}
80
81		void
82		sftk_AuditCopyObject(CK_SESSION_HANDLE hSession,
83		CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
84		CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv)
85	0	{
86	0	char msg[256];
87	0	char shNewObject[32];
88	0	NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
89
90	0	sftk_PrintReturnedObjectHandle(shNewObject, sizeof shNewObject,
91	0	"phNewObject", phNewObject, rv);
92	0	PR_snprintf(msg, sizeof msg,
93	0	"C_CopyObject(hSession=0x%08lX, hObject=0x%08lX, "
94	0	"pTemplate=%p, ulCount=%lu, phNewObject=%p)=0x%08lX%s",
95	0	(PRUint32)hSession, (PRUint32)hObject,
96	0	pTemplate, (PRUint32)ulCount, phNewObject, (PRUint32)rv, shNewObject);
97	0	sftk_LogAuditMessage(severity, NSS_AUDIT_COPY_KEY, msg);
98	0	}
99
100		/* WARNING: hObject has been destroyed and can only be printed. */
101		void
102		sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession,
103		CK_OBJECT_HANDLE hObject, CK_RV rv)
104	0	{
105	0	char msg[256];
106	0	NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
107
108	0	PR_snprintf(msg, sizeof msg,
109	0	"C_DestroyObject(hSession=0x%08lX, hObject=0x%08lX)=0x%08lX",
110	0	(PRUint32)hSession, (PRUint32)hObject, (PRUint32)rv);
111	0	sftk_LogAuditMessage(severity, NSS_AUDIT_DESTROY_KEY, msg);
112	0	}
113
114		void
115		sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession,
116		CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize, CK_RV rv)
117	0	{
118	0	char msg[256];
119	0	NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
120
121	0	PR_snprintf(msg, sizeof msg,
122	0	"C_GetObjectSize(hSession=0x%08lX, hObject=0x%08lX, "
123	0	"pulSize=%p)=0x%08lX",
124	0	(PRUint32)hSession, (PRUint32)hObject,
125	0	pulSize, (PRUint32)rv);
126	0	sftk_LogAuditMessage(severity, NSS_AUDIT_ACCESS_KEY, msg);
127	0	}
128
129		void
130		sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession,
131		CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
132		CK_ULONG ulCount, CK_RV rv)
133	0	{
134	0	char msg[256];
135	0	NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
136
137	0	PR_snprintf(msg, sizeof msg,
138	0	"C_GetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
139	0	"pTemplate=%p, ulCount=%lu)=0x%08lX",
140	0	(PRUint32)hSession, (PRUint32)hObject,
141	0	pTemplate, (PRUint32)ulCount, (PRUint32)rv);
142	0	sftk_LogAuditMessage(severity, NSS_AUDIT_ACCESS_KEY, msg);
143	0	}
144
145		void
146		sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession,
147		CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
148		CK_ULONG ulCount, CK_RV rv)
149	0	{
150	0	char msg[256];
151	0	NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
152
153	0	PR_snprintf(msg, sizeof msg,
154	0	"C_SetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
155	0	"pTemplate=%p, ulCount=%lu)=0x%08lX",
156	0	(PRUint32)hSession, (PRUint32)hObject,
157	0	pTemplate, (PRUint32)ulCount, (PRUint32)rv);
158	0	sftk_LogAuditMessage(severity, NSS_AUDIT_CHANGE_KEY, msg);
159	0	}
160
161		void
162		sftk_AuditCryptInit(const char *opName, CK_SESSION_HANDLE hSession,
163		CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey, CK_RV rv)
164	0	{
165	0	char msg[256];
166	0	char mech[MECHANISM_BUFSIZE];
167	0	NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
168
169	0	sftk_PrintMechanism(mech, sizeof mech, pMechanism);
170	0	PR_snprintf(msg, sizeof msg,
171	0	"C_%sInit(hSession=0x%08lX, pMechanism=%s, "
172	0	"hKey=0x%08lX)=0x%08lX",
173	0	opName, (PRUint32)hSession, mech,
174	0	(PRUint32)hKey, (PRUint32)rv);
175	0	sftk_LogAuditMessage(severity, NSS_AUDIT_CRYPT, msg);
176	0	}
177
178		void
179		sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession,
180		CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate,
181		CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
182	0	{
183	0	char msg[256];
184	0	char mech[MECHANISM_BUFSIZE];
185	0	char shKey[32];
186	0	NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
187
188	0	sftk_PrintMechanism(mech, sizeof mech, pMechanism);
189	0	sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
190	0	PR_snprintf(msg, sizeof msg,
191	0	"C_GenerateKey(hSession=0x%08lX, pMechanism=%s, "
192	0	"pTemplate=%p, ulCount=%lu, phKey=%p)=0x%08lX%s",
193	0	(PRUint32)hSession, mech,
194	0	pTemplate, (PRUint32)ulCount, phKey, (PRUint32)rv, shKey);
195	0	sftk_LogAuditMessage(severity, NSS_AUDIT_GENERATE_KEY, msg);
196	0	}
197
198		void
199		sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession,
200		CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
201		CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
202		CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey,
203		CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv)
204	0	{
205	0	char msg[512];
206	0	char mech[MECHANISM_BUFSIZE];
207	0	char shPublicKey[32];
208	0	char shPrivateKey[32];
209	0	NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
210
211	0	sftk_PrintMechanism(mech, sizeof mech, pMechanism);
212	0	sftk_PrintReturnedObjectHandle(shPublicKey, sizeof shPublicKey,
213	0	"phPublicKey", phPublicKey, rv);
214	0	sftk_PrintReturnedObjectHandle(shPrivateKey, sizeof shPrivateKey,
215	0	"phPrivateKey", phPrivateKey, rv);
216	0	PR_snprintf(msg, sizeof msg,
217	0	"C_GenerateKeyPair(hSession=0x%08lX, pMechanism=%s, "
218	0	"pPublicKeyTemplate=%p, ulPublicKeyAttributeCount=%lu, "
219	0	"pPrivateKeyTemplate=%p, ulPrivateKeyAttributeCount=%lu, "
220	0	"phPublicKey=%p, phPrivateKey=%p)=0x%08lX%s%s",
221	0	(PRUint32)hSession, mech,
222	0	pPublicKeyTemplate, (PRUint32)ulPublicKeyAttributeCount,
223	0	pPrivateKeyTemplate, (PRUint32)ulPrivateKeyAttributeCount,
224	0	phPublicKey, phPrivateKey, (PRUint32)rv, shPublicKey, shPrivateKey);
225	0	sftk_LogAuditMessage(severity, NSS_AUDIT_GENERATE_KEY, msg);
226	0	}
227
228		void
229		sftk_AuditWrapKey(CK_SESSION_HANDLE hSession,
230		CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
231		CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
232		CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv)
233	0	{
234	0	char msg[256];
235	0	char mech[MECHANISM_BUFSIZE];
236	0	NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
237
238	0	sftk_PrintMechanism(mech, sizeof mech, pMechanism);
239	0	PR_snprintf(msg, sizeof msg,
240	0	"C_WrapKey(hSession=0x%08lX, pMechanism=%s, hWrappingKey=0x%08lX, "
241	0	"hKey=0x%08lX, pWrappedKey=%p, pulWrappedKeyLen=%p)=0x%08lX",
242	0	(PRUint32)hSession, mech, (PRUint32)hWrappingKey,
243	0	(PRUint32)hKey, pWrappedKey, pulWrappedKeyLen, (PRUint32)rv);
244	0	sftk_LogAuditMessage(severity, NSS_AUDIT_WRAP_KEY, msg);
245	0	}
246
247		void
248		sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession,
249		CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
250		CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
251		CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
252		CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
253	0	{
254	0	char msg[256];
255	0	char mech[MECHANISM_BUFSIZE];
256	0	char shKey[32];
257	0	NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
258
259	0	sftk_PrintMechanism(mech, sizeof mech, pMechanism);
260	0	sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
261	0	PR_snprintf(msg, sizeof msg,
262	0	"C_UnwrapKey(hSession=0x%08lX, pMechanism=%s, "
263	0	"hUnwrappingKey=0x%08lX, pWrappedKey=%p, ulWrappedKeyLen=%lu, "
264	0	"pTemplate=%p, ulAttributeCount=%lu, phKey=%p)=0x%08lX%s",
265	0	(PRUint32)hSession, mech,
266	0	(PRUint32)hUnwrappingKey, pWrappedKey, (PRUint32)ulWrappedKeyLen,
267	0	pTemplate, (PRUint32)ulAttributeCount, phKey, (PRUint32)rv, shKey);
268	0	sftk_LogAuditMessage(severity, NSS_AUDIT_UNWRAP_KEY, msg);
269	0	}
270
271		void
272		sftk_AuditEncapsulateKey(CK_SESSION_HANDLE hSession,
273		CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hPublicKey,
274		CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
275		CK_BYTE_PTR pCiphertext, CK_ULONG_PTR pulCiphertextLen,
276		CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
277	0	{
278	0	char msg[256];
279	0	char mech[MECHANISM_BUFSIZE];
280	0	char shKey[32];
281	0	NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
282
283	0	sftk_PrintMechanism(mech, sizeof mech, pMechanism);
284	0	sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
285	0	PR_snprintf(msg, sizeof msg,
286	0	"C_EncapsulateKey(hSession=0x%08lX, pMechanism=%s, "
287	0	"hPublicKey=0x%08lX, pTemplate=%p, ulAttributeCount=%lu, "
288	0	"pCiphertext=%p, ulCiphertestLen=%lu, "
289	0	" phKey=%p)=0x%08lX%s",
290	0	(PRUint32)hSession, mech, (PRUint32)hPublicKey,
291	0	pTemplate, (PRUint32)ulAttributeCount,
292	0	pCiphertext, (PRUint32)*pulCiphertextLen,
293	0	phKey, (PRUint32)rv, shKey);
294	0	sftk_LogAuditMessage(severity, NSS_AUDIT_ENCAPSULATE_KEY, msg);
295	0	}
296
297		void
298		sftk_AuditDecapsulateKey(CK_SESSION_HANDLE hSession,
299		CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hPrivateKey,
300		CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
301		CK_BYTE_PTR pCiphertext, CK_ULONG ulCiphertextLen,
302		CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
303	0	{
304	0	char msg[256];
305	0	char mech[MECHANISM_BUFSIZE];
306	0	char shKey[32];
307	0	NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
308
309	0	sftk_PrintMechanism(mech, sizeof mech, pMechanism);
310	0	sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
311	0	PR_snprintf(msg, sizeof msg,
312	0	"C_DecapsulateKey(hSession=0x%08lX, pMechanism=%s, "
313	0	"hPrivateKey=0x%08lX, pTemplate=%p, ulAttributeCount=%lu, "
314	0	"pCiphertext=%p, ulCiphertestLen=%lu, "
315	0	" phKey=%p)=0x%08lX%s",
316	0	(PRUint32)hSession, mech, (PRUint32)hPrivateKey,
317	0	pTemplate, (PRUint32)ulAttributeCount,
318	0	pCiphertext, (PRUint32)ulCiphertextLen,
319	0	phKey, (PRUint32)rv, shKey);
320	0	sftk_LogAuditMessage(severity, NSS_AUDIT_DECAPSULATE_KEY, msg);
321	0	}
322
323		void
324		sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession,
325		CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
326		CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
327		CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
328	0	{
329	0	char msg[512];
330	0	char mech[MECHANISM_BUFSIZE];
331	0	char shKey[32];
332	0	char sTlsKeys[128];
333	0	NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
334
335	0	sftk_PrintMechanism(mech, sizeof mech, pMechanism);
336	0	sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
337	0	if ((rv == CKR_OK) &&
338	0	(pMechanism->mechanism == CKM_TLS_KEY_AND_MAC_DERIVE)) {
339	0	CK_SSL3_KEY_MAT_PARAMS *param =
340	0	(CK_SSL3_KEY_MAT_PARAMS *)pMechanism->pParameter;
341	0	CK_SSL3_KEY_MAT_OUT *keymat = param->pReturnedKeyMaterial;
342	0	PR_snprintf(sTlsKeys, sizeof sTlsKeys,
343	0	" hClientMacSecret=0x%08lX hServerMacSecret=0x%08lX"
344	0	" hClientKey=0x%08lX hServerKey=0x%08lX",
345	0	(PRUint32)keymat->hClientMacSecret,
346	0	(PRUint32)keymat->hServerMacSecret,
347	0	(PRUint32)keymat->hClientKey,
348	0	(PRUint32)keymat->hServerKey);
349	0	} else {
350	0	sTlsKeys[0] = '\0';
351	0	}
352	0	PR_snprintf(msg, sizeof msg,
353	0	"C_DeriveKey(hSession=0x%08lX, pMechanism=%s, "
354	0	"hBaseKey=0x%08lX, pTemplate=%p, ulAttributeCount=%lu, "
355	0	"phKey=%p)=0x%08lX%s%s",
356	0	(PRUint32)hSession, mech,
357	0	(PRUint32)hBaseKey, pTemplate, (PRUint32)ulAttributeCount,
358	0	phKey, (PRUint32)rv, shKey, sTlsKeys);
359	0	sftk_LogAuditMessage(severity, NSS_AUDIT_DERIVE_KEY, msg);
360	0	}
361
362		void
363		sftk_AuditDigestKey(CK_SESSION_HANDLE hSession,
364		CK_OBJECT_HANDLE hKey, CK_RV rv)
365	0	{
366	0	char msg[256];
367	0	NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
368
369	0	PR_snprintf(msg, sizeof msg,
370	0	"C_DigestKey(hSession=0x%08lX, hKey=0x%08lX)=0x%08lX",
371	0	(PRUint32)hSession, (PRUint32)hKey, (PRUint32)rv);
372	0	sftk_LogAuditMessage(severity, NSS_AUDIT_DIGEST_KEY, msg);
373	0	}