2002-01-16 22:49:03 +00:00
|
|
|
|
/*
|
|
|
|
|
|
* framework-pkcs15.c: PKCS#15 framework and related objects
|
|
|
|
|
|
*
|
|
|
|
|
|
* Copyright (C) 2002 Timo Ter<EFBFBD>s <timo.teras@iki.fi>
|
|
|
|
|
|
*
|
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
|
|
*
|
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
|
|
*
|
|
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
#include <malloc.h>
|
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
|
|
#include "sc-pkcs11.h"
|
|
|
|
|
|
#include <sc-log.h>
|
|
|
|
|
|
|
|
|
|
|
|
#define check_attribute_buffer(attr,size) \
|
|
|
|
|
|
if (attr->pValue == NULL_PTR) { \
|
|
|
|
|
|
attr->ulValueLen = size; \
|
|
|
|
|
|
return CKR_OK; \
|
|
|
|
|
|
} \
|
|
|
|
|
|
if (attr->ulValueLen < size) { \
|
|
|
|
|
|
attr->ulValueLen = size; \
|
|
|
|
|
|
return CKR_BUFFER_TOO_SMALL; \
|
|
|
|
|
|
} \
|
|
|
|
|
|
attr->ulValueLen = size;
|
|
|
|
|
|
|
|
|
|
|
|
extern struct sc_pkcs11_object_ops pkcs15_cert_ops;
|
|
|
|
|
|
extern struct sc_pkcs11_object_ops pkcs15_prkey_ops;
|
2002-03-12 14:36:40 +00:00
|
|
|
|
extern struct sc_pkcs11_object_ops pkcs15_cert_key_ops;
|
2002-01-24 16:27:09 +00:00
|
|
|
|
extern struct sc_pkcs11_object_ops pkcs15_pubkey_ops;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
|
|
|
|
|
struct pkcs15_cert_object {
|
|
|
|
|
|
struct sc_pkcs11_object object;
|
2002-03-03 17:36:23 +00:00
|
|
|
|
|
|
|
|
|
|
struct sc_pkcs15_object *certificate_object;
|
|
|
|
|
|
struct sc_pkcs15_cert_info *certificate_info;
|
|
|
|
|
|
struct sc_pkcs15_cert *certificate;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
struct pkcs15_prkey_object {
|
|
|
|
|
|
struct sc_pkcs11_object object;
|
2002-03-03 17:36:23 +00:00
|
|
|
|
|
|
|
|
|
|
struct sc_pkcs15_object *prkey_object;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
struct sc_pkcs15_prkey_info *prkey_info;
|
|
|
|
|
|
struct pkcs15_cert_object *cert_object;
|
2002-03-12 14:36:40 +00:00
|
|
|
|
struct pkcs15_pubkey_object *pubkey_object;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
2002-03-12 14:36:40 +00:00
|
|
|
|
struct pkcs15_cert_key_object {
|
2002-01-24 16:27:09 +00:00
|
|
|
|
struct sc_pkcs11_object object;
|
2002-03-03 17:36:23 +00:00
|
|
|
|
|
|
|
|
|
|
struct sc_pkcs15_object *certificate_object;
|
|
|
|
|
|
struct sc_pkcs15_cert_info *certificate_info;
|
|
|
|
|
|
struct sc_pkcs15_pubkey_rsa *rsakey;
|
2002-01-24 16:27:09 +00:00
|
|
|
|
};
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
2002-03-12 14:36:40 +00:00
|
|
|
|
struct pkcs15_pubkey_object {
|
|
|
|
|
|
struct sc_pkcs11_object object;
|
|
|
|
|
|
|
|
|
|
|
|
struct sc_pkcs15_object *pubkey_object;
|
|
|
|
|
|
struct sc_pkcs15_pubkey_info *pubkey_info;
|
|
|
|
|
|
struct sc_pkcs15_pubkey_rsa *rsakey;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
static int get_public_exponent(struct sc_pkcs15_pubkey_rsa *,
|
|
|
|
|
|
CK_ATTRIBUTE_PTR);
|
|
|
|
|
|
static int get_modulus(struct sc_pkcs15_pubkey_rsa *,
|
|
|
|
|
|
CK_ATTRIBUTE_PTR);
|
|
|
|
|
|
static int get_modulus_bits(struct sc_pkcs15_pubkey_rsa *,
|
|
|
|
|
|
CK_ATTRIBUTE_PTR);
|
|
|
|
|
|
|
2002-01-16 22:49:03 +00:00
|
|
|
|
/* PKCS#15 Framework */
|
|
|
|
|
|
|
|
|
|
|
|
static CK_RV pkcs15_bind(struct sc_pkcs11_card *p11card)
|
|
|
|
|
|
{
|
|
|
|
|
|
int rc = sc_pkcs15_bind(p11card->card,
|
|
|
|
|
|
(struct sc_pkcs15_card**) &p11card->fw_data);
|
|
|
|
|
|
debug(context, "Binding to PKCS#15, rc=%d\n", rc);
|
2002-02-25 12:04:39 +00:00
|
|
|
|
return sc_to_cryptoki_error(rc, p11card->reader);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static CK_RV pkcs15_unbind(struct sc_pkcs11_card *p11card)
|
|
|
|
|
|
{
|
|
|
|
|
|
struct sc_pkcs15_card *card = (struct sc_pkcs15_card*) p11card->fw_data;
|
|
|
|
|
|
int rc = sc_pkcs15_unbind(card);
|
2002-02-25 12:04:39 +00:00
|
|
|
|
return sc_to_cryptoki_error(rc, p11card->reader);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void pkcs15_init_token_info(struct sc_pkcs15_card *card, CK_TOKEN_INFO_PTR pToken)
|
|
|
|
|
|
{
|
|
|
|
|
|
strcpy_bp(pToken->manufacturerID, card->manufacturer_id, 32);
|
2002-01-22 16:43:38 +00:00
|
|
|
|
strcpy_bp(pToken->model, "PKCS #15 SCard", 16);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
strcpy_bp(pToken->serialNumber, card->serial_number, 16);
|
|
|
|
|
|
pToken->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE;
|
|
|
|
|
|
pToken->ulSessionCount = 0; /* FIXME */
|
|
|
|
|
|
pToken->ulMaxRwSessionCount = CK_EFFECTIVELY_INFINITE;
|
|
|
|
|
|
pToken->ulRwSessionCount = 0; /* FIXME */
|
|
|
|
|
|
pToken->ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION;
|
|
|
|
|
|
pToken->ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION;
|
|
|
|
|
|
pToken->ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION;
|
|
|
|
|
|
pToken->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION;
|
|
|
|
|
|
pToken->hardwareVersion.major = 1;
|
|
|
|
|
|
pToken->hardwareVersion.minor = 0;
|
|
|
|
|
|
pToken->firmwareVersion.major = 1;
|
|
|
|
|
|
pToken->firmwareVersion.minor = 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static struct pkcs15_cert_object *pkcs15_add_cert_object(struct sc_pkcs11_slot *slot,
|
|
|
|
|
|
struct sc_pkcs15_card *card,
|
2002-03-03 17:36:23 +00:00
|
|
|
|
struct sc_pkcs15_object *cert)
|
2002-01-16 22:49:03 +00:00
|
|
|
|
{
|
|
|
|
|
|
struct pkcs15_cert_object *object;
|
2002-03-12 14:36:40 +00:00
|
|
|
|
struct pkcs15_cert_key_object *obj2;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
2002-01-24 16:27:09 +00:00
|
|
|
|
/* Certificate object */
|
2002-03-12 14:36:40 +00:00
|
|
|
|
object = (struct pkcs15_cert_object*) calloc(1, sizeof(struct pkcs15_cert_object));
|
2002-01-16 22:49:03 +00:00
|
|
|
|
object->object.ops = &pkcs15_cert_ops;
|
2002-03-03 17:36:23 +00:00
|
|
|
|
object->certificate_object = cert;
|
|
|
|
|
|
object->certificate_info = (struct sc_pkcs15_cert_info*) cert->data;
|
|
|
|
|
|
sc_pkcs15_read_certificate(card, object->certificate_info, &object->certificate);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
pool_insert(&slot->object_pool, object, NULL);
|
|
|
|
|
|
|
2002-01-24 16:27:09 +00:00
|
|
|
|
/* Corresponding public key */
|
2002-03-12 14:36:40 +00:00
|
|
|
|
obj2 = (struct pkcs15_cert_key_object*) calloc(1, sizeof(struct pkcs15_cert_key_object));
|
|
|
|
|
|
obj2->object.ops = &pkcs15_cert_key_ops;
|
2002-03-03 17:36:23 +00:00
|
|
|
|
obj2->rsakey = &object->certificate->key;
|
|
|
|
|
|
obj2->certificate_object = cert;
|
|
|
|
|
|
obj2->certificate_info = (struct sc_pkcs15_cert_info*) cert->data;
|
2002-01-24 16:27:09 +00:00
|
|
|
|
pool_insert(&slot->object_pool, obj2, NULL);
|
|
|
|
|
|
|
2002-01-16 22:49:03 +00:00
|
|
|
|
/* Mark as seen */
|
2002-03-03 17:36:23 +00:00
|
|
|
|
cert->flags |= SC_PKCS15_CO_FLAG_OBJECT_SEEN;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
|
|
|
|
|
return object;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-03-12 14:36:40 +00:00
|
|
|
|
static struct pkcs15_pubkey_object *pkcs15_add_pubkey_object(struct sc_pkcs11_slot *slot,
|
|
|
|
|
|
struct sc_pkcs15_card *card,
|
|
|
|
|
|
struct sc_pkcs15_object *pubkey)
|
|
|
|
|
|
{
|
|
|
|
|
|
struct pkcs15_pubkey_object *object;
|
|
|
|
|
|
|
|
|
|
|
|
/* Certificate object */
|
|
|
|
|
|
object = (struct pkcs15_pubkey_object*) calloc(1, sizeof(struct pkcs15_pubkey_object));
|
|
|
|
|
|
object->object.ops = &pkcs15_pubkey_ops;
|
|
|
|
|
|
object->pubkey_object = pubkey;
|
|
|
|
|
|
object->pubkey_info = (struct sc_pkcs15_pubkey_info*) pubkey->data;
|
|
|
|
|
|
sc_pkcs15_read_pubkey(card, object->pubkey_info, &object->rsakey);
|
|
|
|
|
|
pool_insert(&slot->object_pool, object, NULL);
|
|
|
|
|
|
|
|
|
|
|
|
/* Mark as seen */
|
|
|
|
|
|
pubkey->flags |= SC_PKCS15_CO_FLAG_OBJECT_SEEN;
|
|
|
|
|
|
|
|
|
|
|
|
return object;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-01-16 22:49:03 +00:00
|
|
|
|
static struct pkcs15_prkey_object *pkcs15_add_prkey_object(struct sc_pkcs11_slot *slot,
|
2002-03-03 17:36:23 +00:00
|
|
|
|
struct sc_pkcs15_card *card,
|
|
|
|
|
|
struct sc_pkcs15_object *prkey,
|
|
|
|
|
|
struct sc_pkcs15_object **certs,
|
2002-03-12 14:36:40 +00:00
|
|
|
|
int cert_count,
|
|
|
|
|
|
struct sc_pkcs15_object **pubkeys,
|
|
|
|
|
|
int pubkey_count
|
2002-03-03 17:36:23 +00:00
|
|
|
|
)
|
2002-01-16 22:49:03 +00:00
|
|
|
|
{
|
|
|
|
|
|
struct pkcs15_prkey_object *object;
|
|
|
|
|
|
int i;
|
|
|
|
|
|
|
2002-03-12 14:36:40 +00:00
|
|
|
|
object = (struct pkcs15_prkey_object*) calloc(1, sizeof(struct pkcs15_prkey_object));
|
2002-01-16 22:49:03 +00:00
|
|
|
|
object->object.ops = &pkcs15_prkey_ops;
|
2002-03-03 17:36:23 +00:00
|
|
|
|
object->prkey_object = prkey;
|
|
|
|
|
|
object->prkey_info = (struct sc_pkcs15_prkey_info*) prkey->data;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
pool_insert(&slot->object_pool, object, NULL);
|
|
|
|
|
|
|
|
|
|
|
|
/* Mark as seen */
|
2002-03-03 17:36:23 +00:00
|
|
|
|
prkey->flags |= SC_PKCS15_CO_FLAG_OBJECT_SEEN;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
|
|
|
|
|
/* Also add the related certificate if found */
|
2002-03-03 17:36:23 +00:00
|
|
|
|
for (i=0; i < cert_count; i++) {
|
|
|
|
|
|
if (sc_pkcs15_compare_id(&object->prkey_info->id,
|
|
|
|
|
|
&((struct sc_pkcs15_cert_info*)certs[i]->data)->id)) {
|
2002-01-16 22:49:03 +00:00
|
|
|
|
debug(context, "Adding certificate %d relating to private key\n", i);
|
2002-03-03 17:36:23 +00:00
|
|
|
|
object->cert_object = pkcs15_add_cert_object(slot, card, certs[i]);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
break;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-03-12 14:36:40 +00:00
|
|
|
|
/* Add public key if found */
|
|
|
|
|
|
for (i=0; i < pubkey_count; i++) {
|
|
|
|
|
|
if (sc_pkcs15_compare_id(&object->prkey_info->id,
|
|
|
|
|
|
&((struct sc_pkcs15_pubkey_info*)pubkeys[i]->data)->id)) {
|
|
|
|
|
|
debug(context, "Adding public key %d relating to private key\n", i);
|
|
|
|
|
|
object->pubkey_object = pkcs15_add_pubkey_object(slot, card, pubkeys[i]);
|
|
|
|
|
|
break;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-01-16 22:49:03 +00:00
|
|
|
|
return object;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-03-18 11:05:21 +00:00
|
|
|
|
static CK_RV pkcs15_create_slot(struct sc_pkcs11_card *p11card,
|
|
|
|
|
|
struct sc_pkcs15_object *auth,
|
|
|
|
|
|
struct sc_pkcs11_slot **out)
|
|
|
|
|
|
{
|
|
|
|
|
|
struct sc_pkcs15_card *card = (struct sc_pkcs15_card*) p11card->fw_data;
|
|
|
|
|
|
struct sc_pkcs15_pin_info *pin_info = NULL;
|
|
|
|
|
|
struct sc_pkcs11_slot *slot;
|
|
|
|
|
|
char tmp[33];
|
|
|
|
|
|
int rv;
|
|
|
|
|
|
|
|
|
|
|
|
if (*out)
|
|
|
|
|
|
return CKR_OK;
|
|
|
|
|
|
|
|
|
|
|
|
rv = slot_allocate(&slot, p11card);
|
|
|
|
|
|
if (rv != CKR_OK)
|
|
|
|
|
|
return rv;
|
|
|
|
|
|
|
|
|
|
|
|
pkcs15_init_token_info(card, &slot->token_info);
|
2002-03-18 12:49:46 +00:00
|
|
|
|
slot->token_info.flags = CKF_USER_PIN_INITIALIZED
|
|
|
|
|
|
| CKF_WRITE_PROTECTED;
|
2002-03-18 11:05:21 +00:00
|
|
|
|
slot->fw_data = auth;
|
|
|
|
|
|
|
|
|
|
|
|
if (auth != NULL) {
|
|
|
|
|
|
pin_info = (struct sc_pkcs15_pin_info*) auth->data;
|
|
|
|
|
|
|
|
|
|
|
|
snprintf(tmp, sizeof(tmp), "%s (%s)",
|
|
|
|
|
|
card->label, auth->label);
|
|
|
|
|
|
strcpy_bp(slot->token_info.label, tmp, 32);
|
|
|
|
|
|
slot->token_info.flags |= CKF_LOGIN_REQUIRED;
|
|
|
|
|
|
} else {
|
|
|
|
|
|
strcpy_bp(slot->token_info.label, "public", 32);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (pin_info && pin_info->magic == SC_PKCS15_PIN_MAGIC) {
|
|
|
|
|
|
slot->token_info.ulMaxPinLen = pin_info->stored_length;
|
|
|
|
|
|
slot->token_info.ulMinPinLen = pin_info->min_length;
|
|
|
|
|
|
} else {
|
|
|
|
|
|
/* choose reasonable defaults */
|
|
|
|
|
|
slot->token_info.ulMaxPinLen = 8;
|
|
|
|
|
|
slot->token_info.ulMinPinLen = 4;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-03-18 12:49:46 +00:00
|
|
|
|
debug(context, "Initialized token '%s'\n", slot->token_info.label);
|
2002-03-18 11:05:21 +00:00
|
|
|
|
*out = slot;
|
|
|
|
|
|
return CKR_OK;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-01-16 22:49:03 +00:00
|
|
|
|
static CK_RV pkcs15_create_tokens(struct sc_pkcs11_card *p11card)
|
|
|
|
|
|
{
|
|
|
|
|
|
struct sc_pkcs15_card *card = (struct sc_pkcs15_card*) p11card->fw_data;
|
|
|
|
|
|
struct sc_pkcs11_slot *slot;
|
|
|
|
|
|
|
2002-03-03 17:36:23 +00:00
|
|
|
|
struct sc_pkcs15_object
|
|
|
|
|
|
*auths[SC_PKCS15_MAX_PINS],
|
|
|
|
|
|
*certs[SC_PKCS15_MAX_CERTS],
|
2002-03-12 14:36:40 +00:00
|
|
|
|
*prkeys[SC_PKCS15_MAX_PRKEYS],
|
|
|
|
|
|
*pubkeys[SC_PKCS15_MAX_PUBKEYS];
|
2002-03-03 17:36:23 +00:00
|
|
|
|
|
|
|
|
|
|
int i, j, rv, reader = p11card->reader;
|
2002-03-12 14:36:40 +00:00
|
|
|
|
int auth_count, cert_count, prkey_count, pubkey_count;
|
2002-03-03 17:36:23 +00:00
|
|
|
|
|
|
|
|
|
|
rv = auth_count = sc_pkcs15_get_objects(card, SC_PKCS15_TYPE_AUTH_PIN, auths, SC_PKCS15_MAX_PINS);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
if (rv < 0)
|
|
|
|
|
|
return sc_to_cryptoki_error(rv, reader);
|
2002-03-03 17:36:23 +00:00
|
|
|
|
debug(context, "Found %d authentication objects\n", auth_count);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
2002-03-03 17:36:23 +00:00
|
|
|
|
rv = cert_count = sc_pkcs15_get_objects(card, SC_PKCS15_TYPE_CERT_X509, certs, SC_PKCS15_MAX_CERTS);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
if (rv < 0)
|
|
|
|
|
|
return sc_to_cryptoki_error(rv, reader);
|
2002-03-03 17:36:23 +00:00
|
|
|
|
debug(context, "Found %d certificates\n", cert_count);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
2002-03-03 17:36:23 +00:00
|
|
|
|
rv = prkey_count = sc_pkcs15_get_objects(card, SC_PKCS15_TYPE_PRKEY_RSA, prkeys, SC_PKCS15_MAX_PRKEYS);
|
2002-01-21 09:05:22 +00:00
|
|
|
|
if (rv < 0)
|
2002-01-16 22:49:03 +00:00
|
|
|
|
return sc_to_cryptoki_error(rv, reader);
|
2002-03-03 17:36:23 +00:00
|
|
|
|
debug(context, "Found %d private keys\n", prkey_count);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
2002-03-12 14:36:40 +00:00
|
|
|
|
rv = pubkey_count = sc_pkcs15_get_objects(card, SC_PKCS15_TYPE_PUBKEY_RSA, pubkeys, SC_PKCS15_MAX_PUBKEYS);
|
|
|
|
|
|
if (rv < 0)
|
|
|
|
|
|
return sc_to_cryptoki_error(rv, reader);
|
|
|
|
|
|
debug(context, "Found %d public keys\n", pubkey_count);
|
|
|
|
|
|
|
2002-03-03 17:36:23 +00:00
|
|
|
|
for (i = 0; i < auth_count; i++) {
|
2002-03-18 11:05:21 +00:00
|
|
|
|
struct sc_pkcs15_pin_info *pin_info = NULL;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
|
|
|
|
|
/* Add all the private keys related to this pin */
|
2002-03-18 11:05:21 +00:00
|
|
|
|
pin_info = (struct sc_pkcs15_pin_info*) auths[i]->data;
|
|
|
|
|
|
slot = NULL;
|
2002-03-03 17:36:23 +00:00
|
|
|
|
for (j=0; j < prkey_count; j++) {
|
|
|
|
|
|
if (sc_pkcs15_compare_id(&pin_info->auth_id,
|
|
|
|
|
|
&prkeys[j]->auth_id)) {
|
2002-03-18 11:05:21 +00:00
|
|
|
|
if (!slot) {
|
|
|
|
|
|
rv = pkcs15_create_slot(p11card,
|
|
|
|
|
|
auths[i], &slot);
|
|
|
|
|
|
if (rv != CKR_OK)
|
|
|
|
|
|
return rv;
|
|
|
|
|
|
}
|
2002-01-16 22:49:03 +00:00
|
|
|
|
debug(context, "Adding private key %d to PIN %d\n", j, i);
|
2002-03-12 14:36:40 +00:00
|
|
|
|
pkcs15_add_prkey_object(slot, card, prkeys[j],
|
|
|
|
|
|
certs, cert_count,
|
|
|
|
|
|
pubkeys, pubkey_count);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-03-18 11:05:21 +00:00
|
|
|
|
/* Add all public objects to a virtual slot without
|
|
|
|
|
|
* pin protection */
|
|
|
|
|
|
slot = NULL;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
|
|
|
|
|
/* Add all the remaining private keys */
|
2002-03-03 17:36:23 +00:00
|
|
|
|
for (j=0; j < prkey_count; j++) {
|
|
|
|
|
|
if (!(prkeys[j]->flags & SC_PKCS15_CO_FLAG_OBJECT_SEEN)) {
|
2002-01-16 22:49:03 +00:00
|
|
|
|
debug(context, "Private key %d was not seen previously\n", j);
|
2002-03-18 11:05:21 +00:00
|
|
|
|
if (!slot) {
|
|
|
|
|
|
rv = pkcs15_create_slot(p11card, NULL, &slot);
|
|
|
|
|
|
if (rv != CKR_OK)
|
|
|
|
|
|
return rv;
|
|
|
|
|
|
}
|
2002-03-12 14:36:40 +00:00
|
|
|
|
pkcs15_add_prkey_object(slot, card, prkeys[j],
|
|
|
|
|
|
certs, cert_count,
|
|
|
|
|
|
pubkeys, pubkey_count);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Add all the remaining certificates */
|
2002-03-03 17:36:23 +00:00
|
|
|
|
for (j=0; j < cert_count; j++) {
|
2002-03-18 11:05:21 +00:00
|
|
|
|
/* XXX netscape wants to see all certificates in a slot
|
|
|
|
|
|
* that doesn't require login */
|
2002-03-03 17:36:23 +00:00
|
|
|
|
if (!(certs[j]->flags & SC_PKCS15_CO_FLAG_OBJECT_SEEN)) {
|
2002-01-16 22:49:03 +00:00
|
|
|
|
debug(context, "Certificate %d was not seen previously\n", j);
|
2002-03-18 11:05:21 +00:00
|
|
|
|
if (!slot) {
|
|
|
|
|
|
rv = pkcs15_create_slot(p11card, NULL, &slot);
|
|
|
|
|
|
if (rv != CKR_OK)
|
|
|
|
|
|
return rv;
|
|
|
|
|
|
}
|
2002-03-03 17:36:23 +00:00
|
|
|
|
pkcs15_add_cert_object(slot, card, certs[j]);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
debug(context, "All tokens created\n");
|
|
|
|
|
|
return CKR_OK;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static CK_RV pkcs15_release_token(struct sc_pkcs11_card *p11card, void *fw_token)
|
|
|
|
|
|
{
|
|
|
|
|
|
/* struct sc_pkcs15_card *card = (struct sc_pkcs15_card*) fw_card; */
|
|
|
|
|
|
return CKR_OK;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static CK_RV pkcs15_get_mechanism_list(struct sc_pkcs11_card *p11card,
|
|
|
|
|
|
void *fw_token,
|
|
|
|
|
|
CK_MECHANISM_TYPE_PTR pMechanismList,
|
|
|
|
|
|
CK_ULONG_PTR pulCount)
|
|
|
|
|
|
{
|
|
|
|
|
|
static const CK_MECHANISM_TYPE mechanism_list[] = {
|
|
|
|
|
|
CKM_RSA_PKCS,
|
|
|
|
|
|
CKM_SHA1_RSA_PKCS
|
|
|
|
|
|
};
|
|
|
|
|
|
const int numMechanisms = sizeof(mechanism_list) / sizeof(mechanism_list[0]);
|
|
|
|
|
|
|
|
|
|
|
|
if (pMechanismList == NULL_PTR) {
|
|
|
|
|
|
*pulCount = numMechanisms;
|
|
|
|
|
|
return CKR_OK;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (*pulCount < numMechanisms) {
|
|
|
|
|
|
*pulCount = numMechanisms;
|
|
|
|
|
|
return CKR_BUFFER_TOO_SMALL;
|
|
|
|
|
|
}
|
|
|
|
|
|
memcpy(pMechanismList, &mechanism_list, sizeof(mechanism_list));
|
|
|
|
|
|
|
|
|
|
|
|
return CKR_OK;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static CK_RV pkcs15_get_mechanism_info(struct sc_pkcs11_card *p11card,
|
|
|
|
|
|
void *fw_token,
|
|
|
|
|
|
CK_MECHANISM_TYPE type,
|
|
|
|
|
|
CK_MECHANISM_INFO_PTR pInfo)
|
|
|
|
|
|
{
|
|
|
|
|
|
switch (type) {
|
|
|
|
|
|
case CKM_RSA_PKCS:
|
|
|
|
|
|
case CKM_SHA1_RSA_PKCS:
|
|
|
|
|
|
pInfo->flags = CKF_HW | CKF_SIGN;
|
|
|
|
|
|
pInfo->ulMinKeySize = 512;
|
|
|
|
|
|
pInfo->ulMaxKeySize = 2048;
|
|
|
|
|
|
break;
|
|
|
|
|
|
default:
|
|
|
|
|
|
return CKR_MECHANISM_INVALID;
|
|
|
|
|
|
}
|
|
|
|
|
|
return CKR_OK;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static CK_RV pkcs15_login(struct sc_pkcs11_card *p11card,
|
|
|
|
|
|
void *fw_token,
|
|
|
|
|
|
CK_CHAR_PTR pPin,
|
|
|
|
|
|
CK_ULONG ulPinLen)
|
|
|
|
|
|
{
|
2002-01-21 12:49:00 +00:00
|
|
|
|
int rc;
|
|
|
|
|
|
struct sc_pkcs15_card *card = (struct sc_pkcs15_card*) p11card->fw_data;
|
2002-03-03 17:36:23 +00:00
|
|
|
|
struct sc_pkcs15_object *auth_object = (struct sc_pkcs15_object*) fw_token;
|
|
|
|
|
|
struct sc_pkcs15_pin_info *pin = (struct sc_pkcs15_pin_info*) auth_object->data;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
2002-03-07 11:57:49 +00:00
|
|
|
|
if (ulPinLen < pin->min_length ||
|
|
|
|
|
|
ulPinLen > pin->stored_length)
|
|
|
|
|
|
return CKR_PIN_LEN_RANGE;
|
|
|
|
|
|
|
2002-03-12 14:36:40 +00:00
|
|
|
|
rc = sc_lock(card->card);
|
|
|
|
|
|
if (rc < 0) {
|
|
|
|
|
|
debug(context, "Failed to lock card (%d)\n", rc);
|
|
|
|
|
|
return sc_to_cryptoki_error(rc, p11card->reader);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-01-16 22:49:03 +00:00
|
|
|
|
rc = sc_pkcs15_verify_pin(card, pin, pPin, ulPinLen);
|
2002-03-03 17:36:23 +00:00
|
|
|
|
debug(context, "PIN verification returned %d\n", rc);
|
2002-02-25 12:04:39 +00:00
|
|
|
|
return sc_to_cryptoki_error(rc, p11card->reader);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static CK_RV pkcs15_logout(struct sc_pkcs11_card *p11card, void *fw_token)
|
|
|
|
|
|
{
|
2002-03-12 14:36:40 +00:00
|
|
|
|
struct sc_pkcs15_card *card = (struct sc_pkcs15_card*) p11card->fw_data;
|
|
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
|
|
rc = sc_unlock(card->card);
|
|
|
|
|
|
return sc_to_cryptoki_error(rc, p11card->reader);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct sc_pkcs11_framework_ops framework_pkcs15 = {
|
|
|
|
|
|
pkcs15_bind,
|
|
|
|
|
|
pkcs15_unbind,
|
|
|
|
|
|
pkcs15_create_tokens,
|
|
|
|
|
|
pkcs15_release_token,
|
|
|
|
|
|
pkcs15_get_mechanism_list,
|
|
|
|
|
|
pkcs15_get_mechanism_info,
|
|
|
|
|
|
pkcs15_login,
|
|
|
|
|
|
pkcs15_logout
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
|
* PKCS#15 Certificate Object
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
void pkcs15_cert_release(void *obj)
|
|
|
|
|
|
{
|
|
|
|
|
|
struct pkcs15_cert_object *cert = (struct pkcs15_cert_object *) obj;
|
2002-03-03 17:36:23 +00:00
|
|
|
|
sc_pkcs15_free_certificate(cert->certificate);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
CK_RV pkcs15_cert_get_attribute(struct sc_pkcs11_session *session,
|
|
|
|
|
|
void *object,
|
|
|
|
|
|
CK_ATTRIBUTE_PTR attr)
|
|
|
|
|
|
{
|
|
|
|
|
|
struct pkcs15_cert_object *cert = (struct pkcs15_cert_object*) object;
|
|
|
|
|
|
|
|
|
|
|
|
switch (attr->type) {
|
|
|
|
|
|
case CKA_CLASS:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_OBJECT_CLASS));
|
|
|
|
|
|
*(CK_OBJECT_CLASS*)attr->pValue = CKO_CERTIFICATE;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_TOKEN:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_BBOOL));
|
|
|
|
|
|
*(CK_BBOOL*)attr->pValue = TRUE;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_PRIVATE:
|
|
|
|
|
|
case CKA_MODIFIABLE:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_BBOOL));
|
|
|
|
|
|
*(CK_BBOOL*)attr->pValue = FALSE;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_LABEL:
|
2002-03-03 17:36:23 +00:00
|
|
|
|
check_attribute_buffer(attr, strlen(cert->certificate_object->label));
|
|
|
|
|
|
memcpy(attr->pValue, cert->certificate_object->label, strlen(cert->certificate_object->label));
|
2002-01-16 22:49:03 +00:00
|
|
|
|
break;
|
|
|
|
|
|
case CKA_CERTIFICATE_TYPE:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_CERTIFICATE_TYPE));
|
|
|
|
|
|
*(CK_CERTIFICATE_TYPE*)attr->pValue = CKC_X_509;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_ID:
|
2002-03-03 17:36:23 +00:00
|
|
|
|
if (cert->certificate_info->authority) {
|
2002-01-24 16:27:09 +00:00
|
|
|
|
check_attribute_buffer(attr, 1);
|
|
|
|
|
|
*(unsigned char*)attr->pValue = 0;
|
|
|
|
|
|
} else {
|
2002-03-03 17:36:23 +00:00
|
|
|
|
check_attribute_buffer(attr, cert->certificate_info->id.len);
|
|
|
|
|
|
memcpy(attr->pValue, cert->certificate_info->id.value, cert->certificate_info->id.len);
|
2002-01-24 16:27:09 +00:00
|
|
|
|
}
|
2002-01-16 22:49:03 +00:00
|
|
|
|
break;
|
|
|
|
|
|
case CKA_TRUSTED:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_BBOOL));
|
2002-03-03 17:36:23 +00:00
|
|
|
|
*(CK_BBOOL*)attr->pValue = cert->certificate_info->authority?TRUE:FALSE;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
break;
|
|
|
|
|
|
case CKA_VALUE:
|
2002-03-03 17:36:23 +00:00
|
|
|
|
check_attribute_buffer(attr, cert->certificate->data_len);
|
|
|
|
|
|
memcpy(attr->pValue, cert->certificate->data, cert->certificate->data_len);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
break;
|
2002-03-15 15:22:41 +00:00
|
|
|
|
case CKA_SERIAL_NUMBER:
|
|
|
|
|
|
check_attribute_buffer(attr, cert->certificate->serial_len);
|
|
|
|
|
|
memcpy(attr->pValue, cert->certificate->serial, cert->certificate->serial_len);
|
|
|
|
|
|
break;
|
2002-03-20 13:08:51 +00:00
|
|
|
|
case CKA_SUBJECT:
|
|
|
|
|
|
check_attribute_buffer(attr, cert->certificate->subject_len);
|
|
|
|
|
|
memcpy(attr->pValue, cert->certificate->subject, cert->certificate->subject_len);
|
|
|
|
|
|
break;
|
2002-03-15 15:22:41 +00:00
|
|
|
|
case CKA_ISSUER:
|
|
|
|
|
|
check_attribute_buffer(attr, cert->certificate->issuer_len);
|
|
|
|
|
|
memcpy(attr->pValue, cert->certificate->issuer, cert->certificate->issuer_len);
|
|
|
|
|
|
break;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
default:
|
|
|
|
|
|
return CKR_ATTRIBUTE_TYPE_INVALID;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return CKR_OK;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-03-18 11:05:21 +00:00
|
|
|
|
static int
|
|
|
|
|
|
pkcs15_cert_cmp_attribute(struct sc_pkcs11_session *session,
|
|
|
|
|
|
void *object,
|
|
|
|
|
|
CK_ATTRIBUTE_PTR attr)
|
|
|
|
|
|
{
|
|
|
|
|
|
struct pkcs15_cert_object *cert = (struct pkcs15_cert_object*) object;
|
|
|
|
|
|
u8 *data;
|
|
|
|
|
|
size_t len;
|
|
|
|
|
|
|
|
|
|
|
|
switch (attr->type) {
|
|
|
|
|
|
/* Check the issuer. Some pkcs11 callers (i.e. netscape) will pass
|
|
|
|
|
|
* in the ASN.1 encoded SEQUENCE OF SET ... while OpenSC just
|
|
|
|
|
|
* keeps the SET in the issuer field. */
|
|
|
|
|
|
case CKA_ISSUER:
|
|
|
|
|
|
if (cert->certificate->issuer_len == 0)
|
|
|
|
|
|
break;
|
|
|
|
|
|
data = attr->pValue;
|
|
|
|
|
|
len = attr->ulValueLen;
|
|
|
|
|
|
/* SEQUENCE is tag 0x30, SET is 0x31
|
|
|
|
|
|
* I know this code is icky, but hey... this is netscape
|
|
|
|
|
|
* we're dealing with :-) */
|
|
|
|
|
|
if (cert->certificate->issuer[0] == 0x31
|
|
|
|
|
|
&& data[0] == 0x30 && len >= 2) {
|
|
|
|
|
|
/* skip the length byte(s) */
|
|
|
|
|
|
len = (data[1] & 0x80)? (data[1] & 0x7F) : 0;
|
|
|
|
|
|
if (attr->ulValueLen < len + 2)
|
|
|
|
|
|
break;
|
|
|
|
|
|
data += len + 2;
|
|
|
|
|
|
len = attr->ulValueLen - len - 2;
|
|
|
|
|
|
}
|
|
|
|
|
|
if (len == cert->certificate->issuer_len
|
|
|
|
|
|
&& !memcmp(cert->certificate->issuer, data, len))
|
|
|
|
|
|
return 1;
|
|
|
|
|
|
break;
|
|
|
|
|
|
default:
|
|
|
|
|
|
return sc_pkcs11_any_cmp_attribute(session, object, attr);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-01-16 22:49:03 +00:00
|
|
|
|
struct sc_pkcs11_object_ops pkcs15_cert_ops = {
|
|
|
|
|
|
pkcs15_cert_release,
|
|
|
|
|
|
NULL,
|
|
|
|
|
|
pkcs15_cert_get_attribute,
|
2002-03-18 11:05:21 +00:00
|
|
|
|
pkcs15_cert_cmp_attribute,
|
2002-01-16 22:49:03 +00:00
|
|
|
|
NULL,
|
|
|
|
|
|
NULL,
|
|
|
|
|
|
NULL
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
|
* PKCS#15 Private Key Object
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
CK_RV pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session,
|
|
|
|
|
|
void *object,
|
|
|
|
|
|
CK_ATTRIBUTE_PTR attr)
|
|
|
|
|
|
{
|
|
|
|
|
|
struct pkcs15_prkey_object *prkey = (struct pkcs15_prkey_object*) object;
|
2002-03-12 14:36:40 +00:00
|
|
|
|
struct sc_pkcs15_pubkey_rsa *key = NULL;
|
|
|
|
|
|
|
|
|
|
|
|
if (prkey->cert_object && prkey->cert_object->certificate)
|
|
|
|
|
|
key = &prkey->cert_object->certificate->key;
|
|
|
|
|
|
else if (prkey->pubkey_object)
|
|
|
|
|
|
key = prkey->pubkey_object->rsakey;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
|
|
|
|
|
switch (attr->type) {
|
|
|
|
|
|
case CKA_CLASS:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_OBJECT_CLASS));
|
|
|
|
|
|
*(CK_OBJECT_CLASS*)attr->pValue = CKO_PRIVATE_KEY;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_TOKEN:
|
|
|
|
|
|
case CKA_LOCAL:
|
|
|
|
|
|
case CKA_SENSITIVE:
|
|
|
|
|
|
case CKA_ALWAYS_SENSITIVE:
|
|
|
|
|
|
case CKA_NEVER_EXTRACTABLE:
|
|
|
|
|
|
case CKA_SIGN:
|
2002-01-24 16:27:09 +00:00
|
|
|
|
case CKA_PRIVATE:
|
2002-03-15 15:22:41 +00:00
|
|
|
|
case CKA_UNWRAP: /* XXX should make an attempt to find out whether
|
|
|
|
|
|
the card supports unwrap */
|
2002-01-16 22:49:03 +00:00
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_BBOOL));
|
|
|
|
|
|
*(CK_BBOOL*)attr->pValue = TRUE;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_MODIFIABLE:
|
|
|
|
|
|
case CKA_DERIVE:
|
|
|
|
|
|
case CKA_DECRYPT:
|
|
|
|
|
|
case CKA_SIGN_RECOVER:
|
|
|
|
|
|
case CKA_EXTRACTABLE:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_BBOOL));
|
|
|
|
|
|
*(CK_BBOOL*)attr->pValue = FALSE;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_LABEL:
|
2002-03-03 17:36:23 +00:00
|
|
|
|
check_attribute_buffer(attr, strlen(prkey->prkey_object->label));
|
|
|
|
|
|
memcpy(attr->pValue, prkey->prkey_object->label, strlen(prkey->prkey_object->label));
|
2002-01-16 22:49:03 +00:00
|
|
|
|
break;
|
|
|
|
|
|
case CKA_KEY_TYPE:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_KEY_TYPE));
|
|
|
|
|
|
*(CK_KEY_TYPE*)attr->pValue = CKK_RSA;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_ID:
|
|
|
|
|
|
check_attribute_buffer(attr, prkey->prkey_info->id.len);
|
|
|
|
|
|
memcpy(attr->pValue, prkey->prkey_info->id.value, prkey->prkey_info->id.len);
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_KEY_GEN_MECHANISM:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_MECHANISM_TYPE));
|
|
|
|
|
|
*(CK_MECHANISM_TYPE*)attr->pValue = CK_UNAVAILABLE_INFORMATION;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_MODULUS:
|
2002-03-12 14:36:40 +00:00
|
|
|
|
return get_modulus(key, attr);
|
|
|
|
|
|
case CKA_MODULUS_BITS:
|
|
|
|
|
|
return get_modulus_bits(key, attr);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
case CKA_PUBLIC_EXPONENT:
|
2002-03-12 14:36:40 +00:00
|
|
|
|
return get_public_exponent(key, attr);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
case CKA_PRIVATE_EXPONENT:
|
|
|
|
|
|
case CKA_PRIME_1:
|
|
|
|
|
|
case CKA_PRIME_2:
|
|
|
|
|
|
case CKA_EXPONENT_1:
|
|
|
|
|
|
case CKA_EXPONENT_2:
|
|
|
|
|
|
case CKA_COEFFICIENT:
|
|
|
|
|
|
return CKR_ATTRIBUTE_SENSITIVE;
|
|
|
|
|
|
/*
|
|
|
|
|
|
case CKA_SUBJECT:
|
|
|
|
|
|
case CKA_START_DATE:
|
|
|
|
|
|
case CKA_END_DATE:
|
|
|
|
|
|
*/
|
|
|
|
|
|
default:
|
|
|
|
|
|
return CKR_ATTRIBUTE_TYPE_INVALID;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return CKR_OK;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
CK_RV pkcs15_prkey_sign(struct sc_pkcs11_session *ses, void *obj,
|
|
|
|
|
|
CK_MECHANISM_PTR pMechanism, CK_BYTE_PTR pData,
|
|
|
|
|
|
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
|
|
|
|
|
|
CK_ULONG_PTR pulDataLen)
|
|
|
|
|
|
{
|
|
|
|
|
|
struct pkcs15_prkey_object *prkey = (struct pkcs15_prkey_object *) obj;
|
2002-01-21 09:05:22 +00:00
|
|
|
|
int rv, flags = 0;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
|
|
|
|
|
debug(context, "Initiating signing operation.\n");
|
|
|
|
|
|
|
2002-03-08 05:59:57 +00:00
|
|
|
|
flags = SC_ALGORITHM_RSA_PAD_PKCS1;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
switch (pMechanism->mechanism) {
|
|
|
|
|
|
case CKM_RSA_PKCS:
|
2002-03-15 12:37:31 +00:00
|
|
|
|
/* Um. We need to guess what netscape is trying to
|
|
|
|
|
|
* sign here. We're lucky that all these things have
|
|
|
|
|
|
* different sizes. */
|
|
|
|
|
|
switch (ulDataLen) {
|
|
|
|
|
|
case 34:flags |= SC_ALGORITHM_RSA_HASH_MD5; /* MD5 + header */
|
|
|
|
|
|
pData += 18; ulDataLen -= 18;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case 35:flags |= SC_ALGORITHM_RSA_HASH_SHA1; /* SHA1 + hdr */
|
|
|
|
|
|
pData += 15; ulDataLen -= 15;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case 36:flags |= SC_ALGORITHM_RSA_HASH_MD5_SHA1; /* SSL hash */
|
|
|
|
|
|
break;
|
|
|
|
|
|
default:
|
2002-03-13 10:34:05 +00:00
|
|
|
|
flags |= SC_ALGORITHM_RSA_HASH_NONE;
|
2002-03-15 12:37:31 +00:00
|
|
|
|
}
|
2002-01-16 22:49:03 +00:00
|
|
|
|
break;
|
|
|
|
|
|
case CKM_SHA1_RSA_PKCS:
|
2002-03-08 05:59:57 +00:00
|
|
|
|
flags |= SC_ALGORITHM_RSA_HASH_SHA1;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
break;
|
|
|
|
|
|
default:
|
|
|
|
|
|
return CKR_MECHANISM_INVALID;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-03-08 05:59:57 +00:00
|
|
|
|
debug(context, "Selected flags %X. Now computing signature for %d bytes. %d bytes reserved.\n", flags, ulDataLen, *pulDataLen);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
rv = sc_pkcs15_compute_signature((struct sc_pkcs15_card*) ses->slot->card->fw_data,
|
2002-03-08 05:59:57 +00:00
|
|
|
|
prkey->prkey_object,
|
2002-01-21 09:05:22 +00:00
|
|
|
|
flags,
|
2002-01-16 22:49:03 +00:00
|
|
|
|
pData,
|
|
|
|
|
|
ulDataLen,
|
|
|
|
|
|
pSignature,
|
|
|
|
|
|
*pulDataLen);
|
|
|
|
|
|
debug(context, "Sign complete. Result %d.\n", rv);
|
|
|
|
|
|
|
|
|
|
|
|
if (rv > 0) {
|
|
|
|
|
|
*pulDataLen = rv;
|
|
|
|
|
|
return CKR_OK;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return sc_to_cryptoki_error(rv, ses->slot->card->reader);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-03-15 15:22:41 +00:00
|
|
|
|
static CK_RV
|
|
|
|
|
|
pkcs15_prkey_unwrap(struct sc_pkcs11_session *ses, void *obj,
|
|
|
|
|
|
CK_MECHANISM_PTR pMechanism,
|
|
|
|
|
|
CK_BYTE_PTR pData, CK_ULONG ulDataLen,
|
|
|
|
|
|
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
|
|
|
|
|
|
void **result)
|
|
|
|
|
|
{
|
|
|
|
|
|
struct pkcs15_prkey_object *prkey;
|
|
|
|
|
|
struct sc_pkcs15_card *p15card;
|
|
|
|
|
|
u8 unwrapped_key[256];
|
|
|
|
|
|
int rv;
|
|
|
|
|
|
|
|
|
|
|
|
debug(context, "Initiating key unwrap.\n");
|
|
|
|
|
|
|
|
|
|
|
|
if (pMechanism->mechanism != CKM_RSA_PKCS)
|
|
|
|
|
|
return CKR_MECHANISM_INVALID;
|
|
|
|
|
|
|
|
|
|
|
|
p15card = (struct sc_pkcs15_card*) ses->slot->card->fw_data;
|
|
|
|
|
|
prkey = (struct pkcs15_prkey_object *) obj;
|
|
|
|
|
|
rv = sc_pkcs15_decipher(p15card, prkey->prkey_object,
|
|
|
|
|
|
pData, ulDataLen,
|
|
|
|
|
|
unwrapped_key, sizeof(unwrapped_key));
|
|
|
|
|
|
debug(context, "Key unwrap complete. Result %d.\n", rv);
|
|
|
|
|
|
|
|
|
|
|
|
if (rv < 0)
|
|
|
|
|
|
return sc_to_cryptoki_error(rv, ses->slot->card->reader);
|
|
|
|
|
|
return sc_pkcs11_create_secret_key(ses,
|
|
|
|
|
|
unwrapped_key, rv,
|
|
|
|
|
|
pTemplate, ulAttributeCount,
|
|
|
|
|
|
(struct sc_pkcs11_object **) result);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-01-16 22:49:03 +00:00
|
|
|
|
struct sc_pkcs11_object_ops pkcs15_prkey_ops = {
|
|
|
|
|
|
NULL,
|
|
|
|
|
|
NULL,
|
|
|
|
|
|
pkcs15_prkey_get_attribute,
|
2002-03-18 11:05:21 +00:00
|
|
|
|
sc_pkcs11_any_cmp_attribute,
|
2002-01-16 22:49:03 +00:00
|
|
|
|
NULL,
|
|
|
|
|
|
NULL,
|
2002-03-15 15:22:41 +00:00
|
|
|
|
pkcs15_prkey_sign,
|
|
|
|
|
|
pkcs15_prkey_unwrap
|
2002-01-16 22:49:03 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
2002-01-24 16:27:09 +00:00
|
|
|
|
/*
|
2002-03-12 14:36:40 +00:00
|
|
|
|
* PKCS#15 RSA Public Key Object (as part of certificate)
|
2002-01-24 16:27:09 +00:00
|
|
|
|
*/
|
|
|
|
|
|
|
2002-03-12 14:36:40 +00:00
|
|
|
|
CK_RV pkcs15_cert_key_get_attribute(struct sc_pkcs11_session *session,
|
2002-01-24 16:27:09 +00:00
|
|
|
|
void *object,
|
|
|
|
|
|
CK_ATTRIBUTE_PTR attr)
|
|
|
|
|
|
{
|
2002-03-12 14:36:40 +00:00
|
|
|
|
struct pkcs15_cert_key_object *pubkey = (struct pkcs15_cert_key_object*) object;
|
2002-01-24 16:27:09 +00:00
|
|
|
|
|
|
|
|
|
|
switch (attr->type) {
|
|
|
|
|
|
case CKA_CLASS:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_OBJECT_CLASS));
|
|
|
|
|
|
*(CK_OBJECT_CLASS*)attr->pValue = CKO_PUBLIC_KEY;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_TOKEN:
|
|
|
|
|
|
case CKA_LOCAL:
|
|
|
|
|
|
case CKA_SENSITIVE:
|
|
|
|
|
|
case CKA_ALWAYS_SENSITIVE:
|
|
|
|
|
|
case CKA_NEVER_EXTRACTABLE:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_BBOOL));
|
|
|
|
|
|
*(CK_BBOOL*)attr->pValue = TRUE;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_PRIVATE:
|
|
|
|
|
|
case CKA_MODIFIABLE:
|
|
|
|
|
|
case CKA_ENCRYPT:
|
|
|
|
|
|
case CKA_VERIFY:
|
|
|
|
|
|
case CKA_VERIFY_RECOVER:
|
|
|
|
|
|
case CKA_WRAP:
|
|
|
|
|
|
case CKA_DERIVE:
|
|
|
|
|
|
case CKA_EXTRACTABLE:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_BBOOL));
|
|
|
|
|
|
*(CK_BBOOL*)attr->pValue = FALSE;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_LABEL:
|
2002-03-03 17:36:23 +00:00
|
|
|
|
check_attribute_buffer(attr, strlen(pubkey->certificate_object->label));
|
|
|
|
|
|
memcpy(attr->pValue, pubkey->certificate_object->label, strlen(pubkey->certificate_object->label));
|
2002-01-24 16:27:09 +00:00
|
|
|
|
break;
|
|
|
|
|
|
case CKA_KEY_TYPE:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_KEY_TYPE));
|
|
|
|
|
|
*(CK_KEY_TYPE*)attr->pValue = CKK_RSA;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_ID:
|
2002-03-03 17:36:23 +00:00
|
|
|
|
check_attribute_buffer(attr, pubkey->certificate_info->id.len);
|
|
|
|
|
|
memcpy(attr->pValue, pubkey->certificate_info->id.value, pubkey->certificate_info->id.len);
|
2002-01-24 16:27:09 +00:00
|
|
|
|
break;
|
|
|
|
|
|
case CKA_KEY_GEN_MECHANISM:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_MECHANISM_TYPE));
|
|
|
|
|
|
*(CK_MECHANISM_TYPE*)attr->pValue = CK_UNAVAILABLE_INFORMATION;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_MODULUS:
|
2002-03-12 14:36:40 +00:00
|
|
|
|
return get_modulus(pubkey->rsakey, attr);
|
2002-01-24 16:27:09 +00:00
|
|
|
|
case CKA_MODULUS_BITS:
|
2002-03-12 14:36:40 +00:00
|
|
|
|
return get_modulus_bits(pubkey->rsakey, attr);
|
2002-01-24 16:27:09 +00:00
|
|
|
|
case CKA_PUBLIC_EXPONENT:
|
2002-03-12 14:36:40 +00:00
|
|
|
|
return get_public_exponent(pubkey->rsakey, attr);
|
|
|
|
|
|
default:
|
|
|
|
|
|
return CKR_ATTRIBUTE_TYPE_INVALID;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return CKR_OK;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct sc_pkcs11_object_ops pkcs15_cert_key_ops = {
|
|
|
|
|
|
NULL,
|
|
|
|
|
|
NULL,
|
|
|
|
|
|
pkcs15_cert_key_get_attribute,
|
2002-03-18 11:05:21 +00:00
|
|
|
|
sc_pkcs11_any_cmp_attribute,
|
2002-03-12 14:36:40 +00:00
|
|
|
|
NULL,
|
|
|
|
|
|
NULL,
|
|
|
|
|
|
NULL
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
|
* PKCS#15 RSA Public Key Object (stored on card as-is)
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
CK_RV pkcs15_pubkey_get_attribute(struct sc_pkcs11_session *session,
|
|
|
|
|
|
void *object,
|
|
|
|
|
|
CK_ATTRIBUTE_PTR attr)
|
|
|
|
|
|
{
|
|
|
|
|
|
struct pkcs15_pubkey_object *pubkey = (struct pkcs15_pubkey_object*) object;
|
|
|
|
|
|
|
|
|
|
|
|
switch (attr->type) {
|
|
|
|
|
|
case CKA_CLASS:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_OBJECT_CLASS));
|
|
|
|
|
|
*(CK_OBJECT_CLASS*)attr->pValue = CKO_PUBLIC_KEY;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_TOKEN:
|
|
|
|
|
|
case CKA_LOCAL:
|
|
|
|
|
|
case CKA_SENSITIVE:
|
|
|
|
|
|
case CKA_ALWAYS_SENSITIVE:
|
|
|
|
|
|
case CKA_NEVER_EXTRACTABLE:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_BBOOL));
|
|
|
|
|
|
*(CK_BBOOL*)attr->pValue = TRUE;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_PRIVATE:
|
|
|
|
|
|
case CKA_MODIFIABLE:
|
|
|
|
|
|
case CKA_ENCRYPT:
|
|
|
|
|
|
case CKA_VERIFY:
|
|
|
|
|
|
case CKA_VERIFY_RECOVER:
|
|
|
|
|
|
case CKA_WRAP:
|
|
|
|
|
|
case CKA_DERIVE:
|
|
|
|
|
|
case CKA_EXTRACTABLE:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_BBOOL));
|
|
|
|
|
|
*(CK_BBOOL*)attr->pValue = FALSE;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_LABEL:
|
|
|
|
|
|
check_attribute_buffer(attr, strlen(pubkey->pubkey_object->label));
|
|
|
|
|
|
memcpy(attr->pValue, pubkey->pubkey_object->label, strlen(pubkey->pubkey_object->label));
|
2002-03-07 11:57:49 +00:00
|
|
|
|
break;
|
2002-03-12 14:36:40 +00:00
|
|
|
|
case CKA_KEY_TYPE:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_KEY_TYPE));
|
|
|
|
|
|
*(CK_KEY_TYPE*)attr->pValue = CKK_RSA;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_ID:
|
|
|
|
|
|
check_attribute_buffer(attr, pubkey->pubkey_info->id.len);
|
|
|
|
|
|
memcpy(attr->pValue, pubkey->pubkey_info->id.value, pubkey->pubkey_info->id.len);
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_KEY_GEN_MECHANISM:
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(CK_MECHANISM_TYPE));
|
|
|
|
|
|
*(CK_MECHANISM_TYPE*)attr->pValue = CK_UNAVAILABLE_INFORMATION;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case CKA_MODULUS:
|
|
|
|
|
|
return get_modulus(pubkey->rsakey, attr);
|
|
|
|
|
|
case CKA_MODULUS_BITS:
|
|
|
|
|
|
return get_modulus_bits(pubkey->rsakey, attr);
|
|
|
|
|
|
case CKA_PUBLIC_EXPONENT:
|
|
|
|
|
|
return get_public_exponent(pubkey->rsakey, attr);
|
2002-01-24 16:27:09 +00:00
|
|
|
|
default:
|
|
|
|
|
|
return CKR_ATTRIBUTE_TYPE_INVALID;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return CKR_OK;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct sc_pkcs11_object_ops pkcs15_pubkey_ops = {
|
|
|
|
|
|
NULL,
|
|
|
|
|
|
NULL,
|
|
|
|
|
|
pkcs15_pubkey_get_attribute,
|
2002-03-18 11:05:21 +00:00
|
|
|
|
sc_pkcs11_any_cmp_attribute,
|
2002-01-24 16:27:09 +00:00
|
|
|
|
NULL,
|
|
|
|
|
|
NULL,
|
|
|
|
|
|
NULL
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-03-12 14:36:40 +00:00
|
|
|
|
/*
|
|
|
|
|
|
* get_attribute helpers
|
|
|
|
|
|
*/
|
|
|
|
|
|
static int
|
|
|
|
|
|
get_modulus(struct sc_pkcs15_pubkey_rsa *key, CK_ATTRIBUTE_PTR attr)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (key == NULL)
|
|
|
|
|
|
return CKR_ATTRIBUTE_TYPE_INVALID;
|
|
|
|
|
|
check_attribute_buffer(attr, key->modulus_len);
|
|
|
|
|
|
memcpy(attr->pValue, key->modulus, key->modulus_len);
|
|
|
|
|
|
return CKR_OK;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
|
get_modulus_bits(struct sc_pkcs15_pubkey_rsa *key, CK_ATTRIBUTE_PTR attr)
|
|
|
|
|
|
{
|
|
|
|
|
|
CK_ULONG bits, mask;
|
|
|
|
|
|
|
|
|
|
|
|
if (key == NULL)
|
|
|
|
|
|
return CKR_ATTRIBUTE_TYPE_INVALID;
|
|
|
|
|
|
bits = key->modulus_len * 8;
|
|
|
|
|
|
for (mask = 0x80; mask; mask >>= 1, bits--) {
|
|
|
|
|
|
if (key->modulus[0] & mask)
|
|
|
|
|
|
break;
|
|
|
|
|
|
}
|
|
|
|
|
|
check_attribute_buffer(attr, sizeof(bits));
|
|
|
|
|
|
*(CK_ULONG *) attr->pValue = bits;
|
|
|
|
|
|
return CKR_OK;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
|
get_public_exponent(struct sc_pkcs15_pubkey_rsa *key, CK_ATTRIBUTE_PTR attr)
|
|
|
|
|
|
{
|
|
|
|
|
|
CK_ULONG word;
|
|
|
|
|
|
unsigned int j, n;
|
|
|
|
|
|
CK_BYTE exponent[4];
|
|
|
|
|
|
|
|
|
|
|
|
if (key == NULL)
|
|
|
|
|
|
return CKR_ATTRIBUTE_TYPE_INVALID;
|
|
|
|
|
|
word = key->exponent;
|
|
|
|
|
|
for (j = 0, n = 4; j < n; word <<= 8) {
|
|
|
|
|
|
if ((word & 0xFF000000) || j)
|
|
|
|
|
|
exponent[j++] = word >> 24;
|
|
|
|
|
|
else
|
|
|
|
|
|
n--;
|
|
|
|
|
|
}
|
|
|
|
|
|
check_attribute_buffer(attr, n);
|
|
|
|
|
|
memcpy(attr->pValue, exponent, n);
|
|
|
|
|
|
return CKR_OK;
|
|
|
|
|
|
}
|
