Merge remote-tracking branch 'upstream/master' into wrapping-rebased and resolve conflicts
This commit is contained in:
commit
351e0d2bd6
|
@ -163,7 +163,7 @@ typedef list_hash_t (*element_hash_computer)(const void *el);
|
||||||
* @param serialize_buffer reference to fill with the length of the buffer
|
* @param serialize_buffer reference to fill with the length of the buffer
|
||||||
* @return reference to the buffer with the serialized data
|
* @return reference to the buffer with the serialized data
|
||||||
*/
|
*/
|
||||||
typedef void *(*element_serializer)(const void *simclist_restrict el, uint32_t *simclist_restrict serializ_len);
|
typedef void *(*element_serializer)(const void *simclist_restrict el, uint32_t *simclist_restrict serialize_buffer);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* a function for un-serializing an element.
|
* a function for un-serializing an element.
|
||||||
|
|
|
@ -31,6 +31,7 @@
|
||||||
#include "sm/sm-eac.h"
|
#include "sm/sm-eac.h"
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
static int fread_to_eof(const char *file, unsigned char **buf, size_t *buflen);
|
||||||
#include "../tools/fread_to_eof.c"
|
#include "../tools/fread_to_eof.c"
|
||||||
|
|
||||||
struct npa_drv_data {
|
struct npa_drv_data {
|
||||||
|
|
|
@ -27,13 +27,13 @@ extern "C" {
|
||||||
|
|
||||||
#include "sm/sm-eac.h"
|
#include "sm/sm-eac.h"
|
||||||
|
|
||||||
const unsigned char esign_chat[] = {
|
static const unsigned char esign_chat[] = {
|
||||||
0x7F, 0x4C, 0x0E,
|
0x7F, 0x4C, 0x0E,
|
||||||
0x06, 0x09, 0x04, 0x00, 0x7F, 0x00, 0x07, 0x03, 0x01, 0x02, 0x03,
|
0x06, 0x09, 0x04, 0x00, 0x7F, 0x00, 0x07, 0x03, 0x01, 0x02, 0x03,
|
||||||
0x53, 0x01, 0x03,
|
0x53, 0x01, 0x03,
|
||||||
};
|
};
|
||||||
|
|
||||||
const unsigned char df_esign_aid[] = { 0xa0, 0x00, 0x00, 0x01, 0x67, 0x45, 0x53, 0x49, 0x47, 0x4e};
|
static const unsigned char df_esign_aid[] = { 0xa0, 0x00, 0x00, 0x01, 0x67, 0x45, 0x53, 0x49, 0x47, 0x4e};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Sends a reset retry counter APDU
|
* @brief Sends a reset retry counter APDU
|
||||||
|
|
|
@ -155,7 +155,7 @@ int sc_pkcs1_strip_digest_info_prefix(unsigned int *algorithm,
|
||||||
* @param inlen IN length of the input
|
* @param inlen IN length of the input
|
||||||
* @param out OUT output buffer (in == out is allowed)
|
* @param out OUT output buffer (in == out is allowed)
|
||||||
* @param outlen OUT length of the output buffer
|
* @param outlen OUT length of the output buffer
|
||||||
* @param modlen IN length of the modulus in bytes
|
* @param mod_bits IN length of the modulus in bits
|
||||||
* @return SC_SUCCESS on success and an error code otherwise
|
* @return SC_SUCCESS on success and an error code otherwise
|
||||||
*/
|
*/
|
||||||
int sc_pkcs1_encode(sc_context_t *ctx, unsigned long flags,
|
int sc_pkcs1_encode(sc_context_t *ctx, unsigned long flags,
|
||||||
|
|
|
@ -93,7 +93,7 @@ void _sc_log(struct sc_context *ctx, const char *format, ...);
|
||||||
* @brief Log binary data
|
* @brief Log binary data
|
||||||
*
|
*
|
||||||
* @param[in] ctx Context for logging
|
* @param[in] ctx Context for logging
|
||||||
* @param[in] type Debug level
|
* @param[in] level Debug level
|
||||||
* @param[in] file File name to be prepended
|
* @param[in] file File name to be prepended
|
||||||
* @param[in] line Line to be prepended
|
* @param[in] line Line to be prepended
|
||||||
* @param[in] func Function to be prepended
|
* @param[in] func Function to be prepended
|
||||||
|
|
|
@ -808,7 +808,7 @@ typedef struct sc_context {
|
||||||
* @param apdu sc_apdu_t object of the APDU to be send
|
* @param apdu sc_apdu_t object of the APDU to be send
|
||||||
* @return SC_SUCCESS on success and an error code otherwise
|
* @return SC_SUCCESS on success and an error code otherwise
|
||||||
*/
|
*/
|
||||||
int sc_transmit_apdu(struct sc_card *, struct sc_apdu *);
|
int sc_transmit_apdu(struct sc_card *card, struct sc_apdu *apdu);
|
||||||
|
|
||||||
void sc_format_apdu(struct sc_card *, struct sc_apdu *, int, int, int, int);
|
void sc_format_apdu(struct sc_card *, struct sc_apdu *, int, int, int, int);
|
||||||
|
|
||||||
|
@ -1081,7 +1081,7 @@ size_t sc_get_max_recv_size(const sc_card_t *card);
|
||||||
* Takes card limitations into account such as extended length support as well
|
* Takes card limitations into account such as extended length support as well
|
||||||
* as the reader's limitation for data transfer.
|
* as the reader's limitation for data transfer.
|
||||||
*
|
*
|
||||||
* @param card
|
* @param card card
|
||||||
*
|
*
|
||||||
* @return maximum Nc
|
* @return maximum Nc
|
||||||
*/
|
*/
|
||||||
|
@ -1499,7 +1499,7 @@ extern sc_card_driver_t *sc_get_iso7816_driver(void);
|
||||||
/**
|
/**
|
||||||
* @brief Read a complete EF by short file identifier.
|
* @brief Read a complete EF by short file identifier.
|
||||||
*
|
*
|
||||||
* @param[in] card
|
* @param[in] card card
|
||||||
* @param[in] sfid Short file identifier
|
* @param[in] sfid Short file identifier
|
||||||
* @param[in,out] ef Where to safe the file. the buffer will be allocated
|
* @param[in,out] ef Where to safe the file. the buffer will be allocated
|
||||||
* using \c realloc() and should be set to NULL, if
|
* using \c realloc() and should be set to NULL, if
|
||||||
|
@ -1514,7 +1514,7 @@ int iso7816_read_binary_sfid(sc_card_t *card, unsigned char sfid,
|
||||||
/**
|
/**
|
||||||
* @brief Write a complete EF by short file identifier.
|
* @brief Write a complete EF by short file identifier.
|
||||||
*
|
*
|
||||||
* @param[in] card
|
* @param[in] card card
|
||||||
* @param[in] sfid Short file identifier
|
* @param[in] sfid Short file identifier
|
||||||
* @param[in] ef Date to write
|
* @param[in] ef Date to write
|
||||||
* @param[in] ef_len Length of \a ef
|
* @param[in] ef_len Length of \a ef
|
||||||
|
@ -1527,7 +1527,7 @@ int iso7816_write_binary_sfid(sc_card_t *card, unsigned char sfid,
|
||||||
/**
|
/**
|
||||||
* @brief Set verification status of a specific PIN to “not verified”
|
* @brief Set verification status of a specific PIN to “not verified”
|
||||||
*
|
*
|
||||||
* @param[in] card
|
* @param[in] card card
|
||||||
* @param[in] pin_reference PIN reference written to P2
|
* @param[in] pin_reference PIN reference written to P2
|
||||||
*
|
*
|
||||||
* @note The appropriate directory must be selected before calling this function.
|
* @note The appropriate directory must be selected before calling this function.
|
||||||
|
|
|
@ -362,7 +362,7 @@ int sc_sm_single_transmit(struct sc_card *, struct sc_apdu *);
|
||||||
* Calls \a card->sm_ctx.ops.close() if available and \c card->sm_ctx.sm_mode
|
* Calls \a card->sm_ctx.ops.close() if available and \c card->sm_ctx.sm_mode
|
||||||
* is \c SM_MODE_TRANSMIT
|
* is \c SM_MODE_TRANSMIT
|
||||||
*
|
*
|
||||||
* @param[in] card
|
* @param[in] card card
|
||||||
*
|
*
|
||||||
* @return \c SC_SUCCESS or error code if an error occurred
|
* @return \c SC_SUCCESS or error code if an error occurred
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -425,10 +425,13 @@ pkcs15_init_token_info(struct sc_pkcs15_card *p15card, CK_TOKEN_INFO_PTR pToken)
|
||||||
* will assure that the serial within each type of card will be
|
* will assure that the serial within each type of card will be
|
||||||
* unique in pkcs11 (at least for the first 8^16 cards :-) */
|
* unique in pkcs11 (at least for the first 8^16 cards :-) */
|
||||||
if (p15card->tokeninfo->serial_number != NULL) {
|
if (p15card->tokeninfo->serial_number != NULL) {
|
||||||
int sn_start = strlen(p15card->tokeninfo->serial_number) - 16;
|
size_t sn_start = strlen(p15card->tokeninfo->serial_number);
|
||||||
|
|
||||||
if (sn_start < 0)
|
if (sn_start <= 16)
|
||||||
sn_start = 0;
|
sn_start = 0;
|
||||||
|
else
|
||||||
|
sn_start -= 16;
|
||||||
|
|
||||||
strcpy_bp(pToken->serialNumber, p15card->tokeninfo->serial_number + sn_start, 16);
|
strcpy_bp(pToken->serialNumber, p15card->tokeninfo->serial_number + sn_start, 16);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -451,7 +454,7 @@ static char *
|
||||||
set_cka_label(CK_ATTRIBUTE_PTR attr, char *label)
|
set_cka_label(CK_ATTRIBUTE_PTR attr, char *label)
|
||||||
{
|
{
|
||||||
char *l = (char *)attr->pValue;
|
char *l = (char *)attr->pValue;
|
||||||
int len = attr->ulValueLen;
|
unsigned long len = attr->ulValueLen;
|
||||||
|
|
||||||
if (len >= SC_PKCS15_MAX_LABEL_SIZE)
|
if (len >= SC_PKCS15_MAX_LABEL_SIZE)
|
||||||
len = SC_PKCS15_MAX_LABEL_SIZE-1;
|
len = SC_PKCS15_MAX_LABEL_SIZE-1;
|
||||||
|
@ -1121,7 +1124,7 @@ pkcs15_create_slot(struct sc_pkcs11_card *p11card, struct pkcs15_fw_data *fw_dat
|
||||||
struct sc_pkcs11_slot **out)
|
struct sc_pkcs11_slot **out)
|
||||||
{
|
{
|
||||||
struct sc_pkcs11_slot *slot = NULL;
|
struct sc_pkcs11_slot *slot = NULL;
|
||||||
int rv;
|
CK_RV rv;
|
||||||
|
|
||||||
sc_log(context, "Create slot (p11card %p, fw_data %p, auth %p, app_info %p)", p11card, fw_data, auth, app_info);
|
sc_log(context, "Create slot (p11card %p, fw_data %p, auth %p, app_info %p)", p11card, fw_data, auth, app_info);
|
||||||
rv = slot_allocate(&slot, p11card);
|
rv = slot_allocate(&slot, p11card);
|
||||||
|
@ -1409,7 +1412,8 @@ pkcs15_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app_inf
|
||||||
struct sc_pkcs15_object *auth_user_pin = NULL, *auth_sign_pin = NULL;
|
struct sc_pkcs15_object *auth_user_pin = NULL, *auth_sign_pin = NULL;
|
||||||
struct sc_pkcs11_slot *slot = NULL, *sign_slot = NULL;
|
struct sc_pkcs11_slot *slot = NULL, *sign_slot = NULL;
|
||||||
unsigned int cs_flags = sc_pkcs11_conf.create_slots_flags;
|
unsigned int cs_flags = sc_pkcs11_conf.create_slots_flags;
|
||||||
int i, rv, idx;
|
CK_RV rv;
|
||||||
|
int rc, i, idx;
|
||||||
|
|
||||||
sc_log(context, "create PKCS#15 tokens; fws:%p,%p,%p", p11card->fws_data[0], p11card->fws_data[1], p11card->fws_data[2]);
|
sc_log(context, "create PKCS#15 tokens; fws:%p,%p,%p", p11card->fws_data[0], p11card->fws_data[1], p11card->fws_data[2]);
|
||||||
sc_log(context, "create slots flags 0x%X", cs_flags);
|
sc_log(context, "create slots flags 0x%X", cs_flags);
|
||||||
|
@ -1430,9 +1434,9 @@ pkcs15_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app_inf
|
||||||
sc_log(context, "Flags:0x%X; Auth User/Sign PINs %p/%p", cs_flags, auth_user_pin, auth_sign_pin);
|
sc_log(context, "Flags:0x%X; Auth User/Sign PINs %p/%p", cs_flags, auth_user_pin, auth_sign_pin);
|
||||||
|
|
||||||
/* Add PKCS#15 objects of the known types to the framework data */
|
/* Add PKCS#15 objects of the known types to the framework data */
|
||||||
rv = _pkcs15_create_typed_objects(fw_data);
|
rc = _pkcs15_create_typed_objects(fw_data);
|
||||||
if (rv < 0)
|
if (rc < 0)
|
||||||
return sc_to_cryptoki_error(rv, NULL);
|
return sc_to_cryptoki_error(rc, NULL);
|
||||||
sc_log(context, "Found %d FW objects objects", fw_data->num_objects);
|
sc_log(context, "Found %d FW objects objects", fw_data->num_objects);
|
||||||
|
|
||||||
/* Create slots for all non-unblock, non-so PINs if:
|
/* Create slots for all non-unblock, non-so PINs if:
|
||||||
|
@ -1445,10 +1449,10 @@ pkcs15_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app_inf
|
||||||
|
|
||||||
memset(auths, 0, sizeof(auths));
|
memset(auths, 0, sizeof(auths));
|
||||||
/* Get authentication PKCS#15 objects present in the associated on-card application */
|
/* Get authentication PKCS#15 objects present in the associated on-card application */
|
||||||
rv = sc_pkcs15_get_objects(fw_data->p15_card, SC_PKCS15_TYPE_AUTH_PIN, auths, SC_PKCS15_MAX_PINS);
|
rc = sc_pkcs15_get_objects(fw_data->p15_card, SC_PKCS15_TYPE_AUTH_PIN, auths, SC_PKCS15_MAX_PINS);
|
||||||
if (rv < 0)
|
if (rc < 0)
|
||||||
return sc_to_cryptoki_error(rv, NULL);
|
return sc_to_cryptoki_error(rc, NULL);
|
||||||
auth_count = rv;
|
auth_count = rc;
|
||||||
sc_log(context, "Found %d authentication objects", auth_count);
|
sc_log(context, "Found %d authentication objects", auth_count);
|
||||||
|
|
||||||
for (i = 0; i < auth_count; i++) {
|
for (i = 0; i < auth_count; i++) {
|
||||||
|
@ -1564,7 +1568,7 @@ pkcs15_login(struct sc_pkcs11_slot *slot, CK_USER_TYPE userType,
|
||||||
if (sc_pkcs11_conf.pin_unblock_style == SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN) {
|
if (sc_pkcs11_conf.pin_unblock_style == SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN) {
|
||||||
if (ulPinLen && ulPinLen < sizeof(fw_data->user_puk)) {
|
if (ulPinLen && ulPinLen < sizeof(fw_data->user_puk)) {
|
||||||
memcpy(fw_data->user_puk, pPin, ulPinLen);
|
memcpy(fw_data->user_puk, pPin, ulPinLen);
|
||||||
fw_data->user_puk_len = ulPinLen;
|
fw_data->user_puk_len = (unsigned int) ulPinLen;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2062,7 +2066,8 @@ pkcs15_create_private_key(struct sc_pkcs11_slot *slot, struct sc_profile *profil
|
||||||
CK_KEY_TYPE key_type;
|
CK_KEY_TYPE key_type;
|
||||||
struct sc_pkcs15_prkey_rsa *rsa = NULL;
|
struct sc_pkcs15_prkey_rsa *rsa = NULL;
|
||||||
struct sc_pkcs15_prkey_gostr3410 *gost = NULL;
|
struct sc_pkcs15_prkey_gostr3410 *gost = NULL;
|
||||||
int rc, rv;
|
int rc;
|
||||||
|
CK_RV rv;
|
||||||
char label[SC_PKCS15_MAX_LABEL_SIZE];
|
char label[SC_PKCS15_MAX_LABEL_SIZE];
|
||||||
|
|
||||||
memset(&args, 0, sizeof(args));
|
memset(&args, 0, sizeof(args));
|
||||||
|
@ -2347,7 +2352,7 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
key_obj->data = skey_info;
|
key_obj->data = skey_info;
|
||||||
skey_info->usage = args.usage;
|
skey_info->usage = (unsigned int) args.usage;
|
||||||
skey_info->native = 0; /* card can not use this */
|
skey_info->native = 0; /* card can not use this */
|
||||||
skey_info->access_flags = 0; /* looks like not needed */
|
skey_info->access_flags = 0; /* looks like not needed */
|
||||||
skey_info->key_type = key_type; /* PKCS#11 CKK_* */
|
skey_info->key_type = key_type; /* PKCS#11 CKK_* */
|
||||||
|
@ -2395,7 +2400,8 @@ pkcs15_create_public_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile
|
||||||
struct sc_pkcs15_auth_info *pin = NULL;
|
struct sc_pkcs15_auth_info *pin = NULL;
|
||||||
CK_KEY_TYPE key_type;
|
CK_KEY_TYPE key_type;
|
||||||
struct sc_pkcs15_pubkey_rsa *rsa = NULL;
|
struct sc_pkcs15_pubkey_rsa *rsa = NULL;
|
||||||
int rc, rv;
|
int rc;
|
||||||
|
CK_RV rv;
|
||||||
char label[SC_PKCS15_MAX_LABEL_SIZE];
|
char label[SC_PKCS15_MAX_LABEL_SIZE];
|
||||||
|
|
||||||
memset(&args, 0, sizeof(args));
|
memset(&args, 0, sizeof(args));
|
||||||
|
@ -2500,7 +2506,8 @@ pkcs15_create_certificate(struct sc_pkcs11_slot *slot,
|
||||||
struct sc_pkcs15_object *cert_obj = NULL;
|
struct sc_pkcs15_object *cert_obj = NULL;
|
||||||
CK_CERTIFICATE_TYPE cert_type;
|
CK_CERTIFICATE_TYPE cert_type;
|
||||||
CK_BBOOL bValue;
|
CK_BBOOL bValue;
|
||||||
int rc, rv;
|
int rc;
|
||||||
|
CK_RV rv;
|
||||||
char label[SC_PKCS15_MAX_LABEL_SIZE];
|
char label[SC_PKCS15_MAX_LABEL_SIZE];
|
||||||
|
|
||||||
memset(&args, 0, sizeof(args));
|
memset(&args, 0, sizeof(args));
|
||||||
|
@ -2581,7 +2588,8 @@ pkcs15_create_data(struct sc_pkcs11_slot *slot, struct sc_profile *profile,
|
||||||
struct sc_pkcs15_object *data_obj = NULL;
|
struct sc_pkcs15_object *data_obj = NULL;
|
||||||
struct sc_pkcs15_auth_info *pin = NULL;
|
struct sc_pkcs15_auth_info *pin = NULL;
|
||||||
CK_BBOOL bValue;
|
CK_BBOOL bValue;
|
||||||
int rc, rv;
|
int rc;
|
||||||
|
CK_RV rv;
|
||||||
char label[SC_PKCS15_MAX_LABEL_SIZE];
|
char label[SC_PKCS15_MAX_LABEL_SIZE];
|
||||||
|
|
||||||
memset(&args, 0, sizeof(args));
|
memset(&args, 0, sizeof(args));
|
||||||
|
@ -2661,7 +2669,8 @@ pkcs15_create_object(struct sc_pkcs11_slot *slot, CK_ATTRIBUTE_PTR pTemplate, CK
|
||||||
struct sc_profile *profile = NULL;
|
struct sc_profile *profile = NULL;
|
||||||
CK_OBJECT_CLASS _class;
|
CK_OBJECT_CLASS _class;
|
||||||
CK_BBOOL _token = FALSE;
|
CK_BBOOL _token = FALSE;
|
||||||
int rv, rc;
|
CK_RV rv;
|
||||||
|
int rc;
|
||||||
CK_BBOOL p15init_create_object;
|
CK_BBOOL p15init_create_object;
|
||||||
|
|
||||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
|
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
|
||||||
|
@ -2918,7 +2927,8 @@ pkcs15_gen_keypair(struct sc_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism,
|
||||||
CK_ULONG keybits = 0;
|
CK_ULONG keybits = 0;
|
||||||
char pub_label[SC_PKCS15_MAX_LABEL_SIZE];
|
char pub_label[SC_PKCS15_MAX_LABEL_SIZE];
|
||||||
char priv_label[SC_PKCS15_MAX_LABEL_SIZE];
|
char priv_label[SC_PKCS15_MAX_LABEL_SIZE];
|
||||||
int rc, rv = CKR_OK;
|
int rc;
|
||||||
|
CK_RV rv = CKR_OK;
|
||||||
|
|
||||||
sc_log(context, "Keypair generation, mech = 0x%0lx",
|
sc_log(context, "Keypair generation, mech = 0x%0lx",
|
||||||
pMechanism->mechanism);
|
pMechanism->mechanism);
|
||||||
|
@ -3039,7 +3049,7 @@ pkcs15_gen_keypair(struct sc_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism,
|
||||||
sc_pkcs15init_set_p15card(profile, fw_data->p15_card);
|
sc_pkcs15init_set_p15card(profile, fw_data->p15_card);
|
||||||
|
|
||||||
sc_log(context, "Try on-card key pair generation");
|
sc_log(context, "Try on-card key pair generation");
|
||||||
rc = sc_pkcs15init_generate_key(fw_data->p15_card, profile, &keygen_args, keybits, &priv_key_obj);
|
rc = sc_pkcs15init_generate_key(fw_data->p15_card, profile, &keygen_args, (unsigned int) keybits, &priv_key_obj);
|
||||||
if (rc >= 0) {
|
if (rc >= 0) {
|
||||||
id = ((struct sc_pkcs15_prkey_info *) priv_key_obj->data)->id;
|
id = ((struct sc_pkcs15_prkey_info *) priv_key_obj->data)->id;
|
||||||
rc = sc_pkcs15_find_pubkey_by_id(fw_data->p15_card, &id, &pub_key_obj);
|
rc = sc_pkcs15_find_pubkey_by_id(fw_data->p15_card, &id, &pub_key_obj);
|
||||||
|
@ -3288,7 +3298,7 @@ pkcs15_set_attrib(struct sc_pkcs11_session *session, struct sc_pkcs15_object *p1
|
||||||
switch(attr->type) {
|
switch(attr->type) {
|
||||||
case CKA_LABEL:
|
case CKA_LABEL:
|
||||||
rv = sc_pkcs15init_change_attrib(fw_data->p15_card, profile, p15_object,
|
rv = sc_pkcs15init_change_attrib(fw_data->p15_card, profile, p15_object,
|
||||||
P15_ATTR_TYPE_LABEL, attr->pValue, attr->ulValueLen);
|
P15_ATTR_TYPE_LABEL, attr->pValue, (unsigned int) attr->ulValueLen);
|
||||||
break;
|
break;
|
||||||
case CKA_ID:
|
case CKA_ID:
|
||||||
if (attr->ulValueLen > SC_PKCS15_MAX_ID_SIZE) {
|
if (attr->ulValueLen > SC_PKCS15_MAX_ID_SIZE) {
|
||||||
|
@ -3309,7 +3319,7 @@ pkcs15_set_attrib(struct sc_pkcs11_session *session, struct sc_pkcs15_object *p1
|
||||||
goto set_attr_done;
|
goto set_attr_done;
|
||||||
}
|
}
|
||||||
rv = sc_pkcs15init_change_attrib(fw_data->p15_card, profile, p15_object,
|
rv = sc_pkcs15init_change_attrib(fw_data->p15_card, profile, p15_object,
|
||||||
P15_ATTR_TYPE_VALUE, attr->pValue, attr->ulValueLen);
|
P15_ATTR_TYPE_VALUE, attr->pValue, (unsigned int) attr->ulValueLen);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
ck_rv = CKR_ATTRIBUTE_READ_ONLY;
|
ck_rv = CKR_ATTRIBUTE_READ_ONLY;
|
||||||
|
@ -3450,7 +3460,7 @@ pkcs15_cert_get_attribute(struct sc_pkcs11_session *session, void *object, CK_AT
|
||||||
|
|
||||||
#define ASN1_SET_TAG (SC_ASN1_SET | SC_ASN1_TAG_CONSTRUCTED)
|
#define ASN1_SET_TAG (SC_ASN1_SET | SC_ASN1_TAG_CONSTRUCTED)
|
||||||
#define ASN1_SEQ_TAG (SC_ASN1_SEQUENCE | SC_ASN1_TAG_CONSTRUCTED)
|
#define ASN1_SEQ_TAG (SC_ASN1_SEQUENCE | SC_ASN1_TAG_CONSTRUCTED)
|
||||||
static int
|
static CK_RV
|
||||||
pkcs15_cert_cmp_attribute(struct sc_pkcs11_session *session,
|
pkcs15_cert_cmp_attribute(struct sc_pkcs11_session *session,
|
||||||
void *object, CK_ATTRIBUTE_PTR attr)
|
void *object, CK_ATTRIBUTE_PTR attr)
|
||||||
{
|
{
|
||||||
|
@ -3795,7 +3805,8 @@ pkcs15_prkey_sign(struct sc_pkcs11_session *session, void *obj,
|
||||||
struct pkcs15_prkey_object *prkey = (struct pkcs15_prkey_object *) obj;
|
struct pkcs15_prkey_object *prkey = (struct pkcs15_prkey_object *) obj;
|
||||||
struct sc_pkcs11_card *p11card = session->slot->p11card;
|
struct sc_pkcs11_card *p11card = session->slot->p11card;
|
||||||
struct pkcs15_fw_data *fw_data = NULL;
|
struct pkcs15_fw_data *fw_data = NULL;
|
||||||
int rv, flags = 0, prkey_has_path = 0;
|
CK_RV rv;
|
||||||
|
int flags = 0, prkey_has_path = 0, rc;
|
||||||
unsigned sign_flags = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
|
unsigned sign_flags = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
|
||||||
| SC_PKCS15_PRKEY_USAGE_NONREPUDIATION;
|
| SC_PKCS15_PRKEY_USAGE_NONREPUDIATION;
|
||||||
|
|
||||||
|
@ -3920,16 +3931,16 @@ pkcs15_prkey_sign(struct sc_pkcs11_session *session, void *obj,
|
||||||
return CKR_MECHANISM_INVALID;
|
return CKR_MECHANISM_INVALID;
|
||||||
}
|
}
|
||||||
|
|
||||||
rv = sc_lock(p11card->card);
|
rc = sc_lock(p11card->card);
|
||||||
if (rv < 0)
|
if (rc < 0)
|
||||||
return sc_to_cryptoki_error(rv, "C_Sign");
|
return sc_to_cryptoki_error(rc, "C_Sign");
|
||||||
|
|
||||||
sc_log(context,
|
sc_log(context,
|
||||||
"Selected flags %X. Now computing signature for %lu bytes. %lu bytes reserved.",
|
"Selected flags %X. Now computing signature for %lu bytes. %lu bytes reserved.",
|
||||||
flags, ulDataLen, *pulDataLen);
|
flags, ulDataLen, *pulDataLen);
|
||||||
rv = sc_pkcs15_compute_signature(fw_data->p15_card, prkey->prv_p15obj, flags,
|
rc = sc_pkcs15_compute_signature(fw_data->p15_card, prkey->prv_p15obj, flags,
|
||||||
pData, ulDataLen, pSignature, *pulDataLen);
|
pData, ulDataLen, pSignature, *pulDataLen);
|
||||||
if (rv < 0 && !sc_pkcs11_conf.lock_login && !prkey_has_path) {
|
if (rc < 0 && !sc_pkcs11_conf.lock_login && !prkey_has_path) {
|
||||||
/* If private key PKCS#15 object do not have 'path' attribute,
|
/* If private key PKCS#15 object do not have 'path' attribute,
|
||||||
* and if PKCS#11 login session is not locked,
|
* and if PKCS#11 login session is not locked,
|
||||||
* the compute signature could fail because of concurrent access to the card
|
* the compute signature could fail because of concurrent access to the card
|
||||||
|
@ -3937,20 +3948,20 @@ pkcs15_prkey_sign(struct sc_pkcs11_session *session, void *obj,
|
||||||
* In this particular case try to 'reselect' application DF.
|
* In this particular case try to 'reselect' application DF.
|
||||||
*/
|
*/
|
||||||
if (reselect_app_df(fw_data->p15_card) == SC_SUCCESS)
|
if (reselect_app_df(fw_data->p15_card) == SC_SUCCESS)
|
||||||
rv = sc_pkcs15_compute_signature(fw_data->p15_card, prkey->prv_p15obj, flags,
|
rc = sc_pkcs15_compute_signature(fw_data->p15_card, prkey->prv_p15obj, flags,
|
||||||
pData, ulDataLen, pSignature, *pulDataLen);
|
pData, ulDataLen, pSignature, *pulDataLen);
|
||||||
}
|
}
|
||||||
|
|
||||||
sc_unlock(p11card->card);
|
sc_unlock(p11card->card);
|
||||||
|
|
||||||
sc_log(context, "Sign complete. Result %d.", rv);
|
sc_log(context, "Sign complete. Result %d.", rc);
|
||||||
|
|
||||||
if (rv > 0) {
|
if (rc > 0) {
|
||||||
*pulDataLen = rv;
|
*pulDataLen = rc;
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
return sc_to_cryptoki_error(rv, "C_Sign");
|
return sc_to_cryptoki_error(rc, "C_Sign");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -4554,7 +4565,7 @@ pkcs15_dobj_set_attribute(struct sc_pkcs11_session *session,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int
|
static CK_RV
|
||||||
pkcs15_dobj_get_value(struct sc_pkcs11_session *session,
|
pkcs15_dobj_get_value(struct sc_pkcs11_session *session,
|
||||||
struct pkcs15_data_object *dobj,
|
struct pkcs15_data_object *dobj,
|
||||||
struct sc_pkcs15_data **out_data)
|
struct sc_pkcs15_data **out_data)
|
||||||
|
@ -5182,12 +5193,12 @@ get_usage_bit(unsigned int usage, CK_ATTRIBUTE_PTR attr)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int
|
static CK_RV
|
||||||
register_gost_mechanisms(struct sc_pkcs11_card *p11card, int flags)
|
register_gost_mechanisms(struct sc_pkcs11_card *p11card, int flags)
|
||||||
{
|
{
|
||||||
CK_MECHANISM_INFO mech_info;
|
CK_MECHANISM_INFO mech_info;
|
||||||
sc_pkcs11_mechanism_type_t *mt;
|
sc_pkcs11_mechanism_type_t *mt;
|
||||||
int rc;
|
CK_RV rc;
|
||||||
|
|
||||||
mech_info.flags = CKF_HW | CKF_SIGN | CKF_DECRYPT;
|
mech_info.flags = CKF_HW | CKF_SIGN | CKF_DECRYPT;
|
||||||
#ifdef ENABLE_OPENSSL
|
#ifdef ENABLE_OPENSSL
|
||||||
|
@ -5230,13 +5241,13 @@ register_gost_mechanisms(struct sc_pkcs11_card *p11card, int flags)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int register_ec_mechanisms(struct sc_pkcs11_card *p11card, int flags,
|
static CK_RV register_ec_mechanisms(struct sc_pkcs11_card *p11card, int flags,
|
||||||
unsigned long ext_flags, CK_ULONG min_key_size, CK_ULONG max_key_size)
|
unsigned long ext_flags, CK_ULONG min_key_size, CK_ULONG max_key_size)
|
||||||
{
|
{
|
||||||
CK_MECHANISM_INFO mech_info;
|
CK_MECHANISM_INFO mech_info;
|
||||||
sc_pkcs11_mechanism_type_t *mt;
|
sc_pkcs11_mechanism_type_t *mt;
|
||||||
CK_FLAGS ec_flags = 0;
|
CK_FLAGS ec_flags = 0;
|
||||||
int rc;
|
CK_RV rc;
|
||||||
|
|
||||||
if (ext_flags & SC_ALGORITHM_EXT_EC_F_P)
|
if (ext_flags & SC_ALGORITHM_EXT_EC_F_P)
|
||||||
ec_flags |= CKF_EC_F_P;
|
ec_flags |= CKF_EC_F_P;
|
||||||
|
@ -5368,7 +5379,8 @@ register_mechanisms(struct sc_pkcs11_card *p11card)
|
||||||
unsigned long ec_ext_flags;
|
unsigned long ec_ext_flags;
|
||||||
sc_pkcs11_mechanism_type_t *mt;
|
sc_pkcs11_mechanism_type_t *mt;
|
||||||
unsigned int num;
|
unsigned int num;
|
||||||
int rc, rsa_flags = 0, ec_flags = 0, gostr_flags = 0, aes_flags = 0;
|
int rsa_flags = 0, ec_flags = 0, gostr_flags = 0, aes_flags = 0;
|
||||||
|
CK_RV rc;
|
||||||
|
|
||||||
/* Register generic mechanisms */
|
/* Register generic mechanisms */
|
||||||
sc_pkcs11_register_generic_mechanisms(p11card);
|
sc_pkcs11_register_generic_mechanisms(p11card);
|
||||||
|
|
|
@ -57,7 +57,7 @@ pkcs15init_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app
|
||||||
{
|
{
|
||||||
struct sc_profile *profile;
|
struct sc_profile *profile;
|
||||||
struct sc_pkcs11_slot *slot;
|
struct sc_pkcs11_slot *slot;
|
||||||
int rc;
|
CK_RV rc;
|
||||||
|
|
||||||
profile = (struct sc_profile *) p11card->fws_data[0];
|
profile = (struct sc_profile *) p11card->fws_data[0];
|
||||||
|
|
||||||
|
@ -130,7 +130,8 @@ pkcs15init_initialize(struct sc_pkcs11_slot *pslot, void *ptr,
|
||||||
struct sc_profile *profile = (struct sc_profile *) p11card->fws_data[0];
|
struct sc_profile *profile = (struct sc_profile *) p11card->fws_data[0];
|
||||||
struct sc_pkcs15init_initargs args;
|
struct sc_pkcs15init_initargs args;
|
||||||
struct sc_pkcs11_slot *slot;
|
struct sc_pkcs11_slot *slot;
|
||||||
int rc, rv, id;
|
CK_RV rv;
|
||||||
|
int rc, id;
|
||||||
|
|
||||||
memset(&args, 0, sizeof(args));
|
memset(&args, 0, sizeof(args));
|
||||||
args.so_pin = pPin;
|
args.so_pin = pPin;
|
||||||
|
|
|
@ -95,7 +95,7 @@ sc_pkcs11_get_mechanism_list(struct sc_pkcs11_card *p11card,
|
||||||
{
|
{
|
||||||
sc_pkcs11_mechanism_type_t *mt;
|
sc_pkcs11_mechanism_type_t *mt;
|
||||||
unsigned int n, count = 0;
|
unsigned int n, count = 0;
|
||||||
int rv;
|
CK_RV rv;
|
||||||
|
|
||||||
if (!p11card)
|
if (!p11card)
|
||||||
return CKR_TOKEN_NOT_PRESENT;
|
return CKR_TOKEN_NOT_PRESENT;
|
||||||
|
@ -166,7 +166,7 @@ sc_pkcs11_md_init(struct sc_pkcs11_session *session,
|
||||||
struct sc_pkcs11_card *p11card;
|
struct sc_pkcs11_card *p11card;
|
||||||
sc_pkcs11_operation_t *operation;
|
sc_pkcs11_operation_t *operation;
|
||||||
sc_pkcs11_mechanism_type_t *mt;
|
sc_pkcs11_mechanism_type_t *mt;
|
||||||
int rv;
|
CK_RV rv;
|
||||||
|
|
||||||
LOG_FUNC_CALLED(context);
|
LOG_FUNC_CALLED(context);
|
||||||
if (!session || !session->slot || !(p11card = session->slot->p11card))
|
if (!session || !session->slot || !(p11card = session->slot->p11card))
|
||||||
|
@ -179,7 +179,7 @@ sc_pkcs11_md_init(struct sc_pkcs11_session *session,
|
||||||
|
|
||||||
rv = session_start_operation(session, SC_PKCS11_OPERATION_DIGEST, mt, &operation);
|
rv = session_start_operation(session, SC_PKCS11_OPERATION_DIGEST, mt, &operation);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
|
|
||||||
memcpy(&operation->mechanism, pMechanism, sizeof(CK_MECHANISM));
|
memcpy(&operation->mechanism, pMechanism, sizeof(CK_MECHANISM));
|
||||||
|
|
||||||
|
@ -188,7 +188,7 @@ sc_pkcs11_md_init(struct sc_pkcs11_session *session,
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
session_stop_operation(session, SC_PKCS11_OPERATION_DIGEST);
|
session_stop_operation(session, SC_PKCS11_OPERATION_DIGEST);
|
||||||
|
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV
|
CK_RV
|
||||||
|
@ -196,7 +196,7 @@ sc_pkcs11_md_update(struct sc_pkcs11_session *session,
|
||||||
CK_BYTE_PTR pData, CK_ULONG ulDataLen)
|
CK_BYTE_PTR pData, CK_ULONG ulDataLen)
|
||||||
{
|
{
|
||||||
sc_pkcs11_operation_t *op;
|
sc_pkcs11_operation_t *op;
|
||||||
int rv;
|
CK_RV rv;
|
||||||
|
|
||||||
rv = session_get_operation(session, SC_PKCS11_OPERATION_DIGEST, &op);
|
rv = session_get_operation(session, SC_PKCS11_OPERATION_DIGEST, &op);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
|
@ -208,7 +208,7 @@ done:
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
session_stop_operation(session, SC_PKCS11_OPERATION_DIGEST);
|
session_stop_operation(session, SC_PKCS11_OPERATION_DIGEST);
|
||||||
|
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV
|
CK_RV
|
||||||
|
@ -220,7 +220,7 @@ sc_pkcs11_md_final(struct sc_pkcs11_session *session,
|
||||||
|
|
||||||
rv = session_get_operation(session, SC_PKCS11_OPERATION_DIGEST, &op);
|
rv = session_get_operation(session, SC_PKCS11_OPERATION_DIGEST, &op);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
|
|
||||||
/* This is a request for the digest length */
|
/* This is a request for the digest length */
|
||||||
if (pData == NULL)
|
if (pData == NULL)
|
||||||
|
@ -231,7 +231,7 @@ sc_pkcs11_md_final(struct sc_pkcs11_session *session,
|
||||||
LOG_FUNC_RETURN(context, pData == NULL ? CKR_OK : CKR_BUFFER_TOO_SMALL);
|
LOG_FUNC_RETURN(context, pData == NULL ? CKR_OK : CKR_BUFFER_TOO_SMALL);
|
||||||
|
|
||||||
session_stop_operation(session, SC_PKCS11_OPERATION_DIGEST);
|
session_stop_operation(session, SC_PKCS11_OPERATION_DIGEST);
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -245,7 +245,7 @@ sc_pkcs11_sign_init(struct sc_pkcs11_session *session, CK_MECHANISM_PTR pMechani
|
||||||
struct sc_pkcs11_card *p11card;
|
struct sc_pkcs11_card *p11card;
|
||||||
sc_pkcs11_operation_t *operation;
|
sc_pkcs11_operation_t *operation;
|
||||||
sc_pkcs11_mechanism_type_t *mt;
|
sc_pkcs11_mechanism_type_t *mt;
|
||||||
int rv;
|
CK_RV rv;
|
||||||
|
|
||||||
LOG_FUNC_CALLED(context);
|
LOG_FUNC_CALLED(context);
|
||||||
if (!session || !session->slot || !(p11card = session->slot->p11card))
|
if (!session || !session->slot || !(p11card = session->slot->p11card))
|
||||||
|
@ -268,7 +268,7 @@ sc_pkcs11_sign_init(struct sc_pkcs11_session *session, CK_MECHANISM_PTR pMechani
|
||||||
|
|
||||||
rv = session_start_operation(session, SC_PKCS11_OPERATION_SIGN, mt, &operation);
|
rv = session_start_operation(session, SC_PKCS11_OPERATION_SIGN, mt, &operation);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
|
|
||||||
memcpy(&operation->mechanism, pMechanism, sizeof(CK_MECHANISM));
|
memcpy(&operation->mechanism, pMechanism, sizeof(CK_MECHANISM));
|
||||||
if (pMechanism->pParameter) {
|
if (pMechanism->pParameter) {
|
||||||
|
@ -280,7 +280,7 @@ sc_pkcs11_sign_init(struct sc_pkcs11_session *session, CK_MECHANISM_PTR pMechani
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
session_stop_operation(session, SC_PKCS11_OPERATION_SIGN);
|
session_stop_operation(session, SC_PKCS11_OPERATION_SIGN);
|
||||||
|
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV
|
CK_RV
|
||||||
|
@ -288,12 +288,12 @@ sc_pkcs11_sign_update(struct sc_pkcs11_session *session,
|
||||||
CK_BYTE_PTR pData, CK_ULONG ulDataLen)
|
CK_BYTE_PTR pData, CK_ULONG ulDataLen)
|
||||||
{
|
{
|
||||||
sc_pkcs11_operation_t *op;
|
sc_pkcs11_operation_t *op;
|
||||||
int rv;
|
CK_RV rv;
|
||||||
|
|
||||||
LOG_FUNC_CALLED(context);
|
LOG_FUNC_CALLED(context);
|
||||||
rv = session_get_operation(session, SC_PKCS11_OPERATION_SIGN, &op);
|
rv = session_get_operation(session, SC_PKCS11_OPERATION_SIGN, &op);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
|
|
||||||
if (op->type->sign_update == NULL) {
|
if (op->type->sign_update == NULL) {
|
||||||
rv = CKR_KEY_TYPE_INCONSISTENT;
|
rv = CKR_KEY_TYPE_INCONSISTENT;
|
||||||
|
@ -306,7 +306,7 @@ done:
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
session_stop_operation(session, SC_PKCS11_OPERATION_SIGN);
|
session_stop_operation(session, SC_PKCS11_OPERATION_SIGN);
|
||||||
|
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV
|
CK_RV
|
||||||
|
@ -314,12 +314,12 @@ sc_pkcs11_sign_final(struct sc_pkcs11_session *session,
|
||||||
CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
|
CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
|
||||||
{
|
{
|
||||||
sc_pkcs11_operation_t *op;
|
sc_pkcs11_operation_t *op;
|
||||||
int rv;
|
CK_RV rv;
|
||||||
|
|
||||||
LOG_FUNC_CALLED(context);
|
LOG_FUNC_CALLED(context);
|
||||||
rv = session_get_operation(session, SC_PKCS11_OPERATION_SIGN, &op);
|
rv = session_get_operation(session, SC_PKCS11_OPERATION_SIGN, &op);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
|
|
||||||
/* Bail out for signature mechanisms that don't do hashing */
|
/* Bail out for signature mechanisms that don't do hashing */
|
||||||
if (op->type->sign_final == NULL) {
|
if (op->type->sign_final == NULL) {
|
||||||
|
@ -333,18 +333,18 @@ done:
|
||||||
if (rv != CKR_BUFFER_TOO_SMALL && pSignature != NULL)
|
if (rv != CKR_BUFFER_TOO_SMALL && pSignature != NULL)
|
||||||
session_stop_operation(session, SC_PKCS11_OPERATION_SIGN);
|
session_stop_operation(session, SC_PKCS11_OPERATION_SIGN);
|
||||||
|
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV
|
CK_RV
|
||||||
sc_pkcs11_sign_size(struct sc_pkcs11_session *session, CK_ULONG_PTR pLength)
|
sc_pkcs11_sign_size(struct sc_pkcs11_session *session, CK_ULONG_PTR pLength)
|
||||||
{
|
{
|
||||||
sc_pkcs11_operation_t *op;
|
sc_pkcs11_operation_t *op;
|
||||||
int rv;
|
CK_RV rv;
|
||||||
|
|
||||||
rv = session_get_operation(session, SC_PKCS11_OPERATION_SIGN, &op);
|
rv = session_get_operation(session, SC_PKCS11_OPERATION_SIGN, &op);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
|
|
||||||
/* Bail out for signature mechanisms that don't do hashing */
|
/* Bail out for signature mechanisms that don't do hashing */
|
||||||
if (op->type->sign_size == NULL) {
|
if (op->type->sign_size == NULL) {
|
||||||
|
@ -358,7 +358,7 @@ done:
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
session_stop_operation(session, SC_PKCS11_OPERATION_SIGN);
|
session_stop_operation(session, SC_PKCS11_OPERATION_SIGN);
|
||||||
|
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -392,7 +392,7 @@ sc_pkcs11_signature_init(sc_pkcs11_operation_t *operation,
|
||||||
else {
|
else {
|
||||||
/* Mechanism recognised but cannot be performed by pkcs#15 card, or some general error. */
|
/* Mechanism recognised but cannot be performed by pkcs#15 card, or some general error. */
|
||||||
free(data);
|
free(data);
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -402,7 +402,7 @@ sc_pkcs11_signature_init(sc_pkcs11_operation_t *operation,
|
||||||
if (rv != CKR_OK) {
|
if (rv != CKR_OK) {
|
||||||
/* Probably bad arguments */
|
/* Probably bad arguments */
|
||||||
free(data);
|
free(data);
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -421,7 +421,7 @@ sc_pkcs11_signature_init(sc_pkcs11_operation_t *operation,
|
||||||
if (rv != CKR_OK) {
|
if (rv != CKR_OK) {
|
||||||
sc_pkcs11_release_operation(&data->md);
|
sc_pkcs11_release_operation(&data->md);
|
||||||
free(data);
|
free(data);
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
}
|
}
|
||||||
data->info = info;
|
data->info = info;
|
||||||
}
|
}
|
||||||
|
@ -441,7 +441,7 @@ sc_pkcs11_signature_update(sc_pkcs11_operation_t *operation,
|
||||||
data = (struct signature_data *) operation->priv_data;
|
data = (struct signature_data *) operation->priv_data;
|
||||||
if (data->md) {
|
if (data->md) {
|
||||||
CK_RV rv = data->md->type->md_update(data->md, pPart, ulPartLen);
|
CK_RV rv = data->md->type->md_update(data->md, pPart, ulPartLen);
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* This signature mechanism operates on the raw data */
|
/* This signature mechanism operates on the raw data */
|
||||||
|
@ -449,7 +449,6 @@ sc_pkcs11_signature_update(sc_pkcs11_operation_t *operation,
|
||||||
LOG_FUNC_RETURN(context, CKR_DATA_LEN_RANGE);
|
LOG_FUNC_RETURN(context, CKR_DATA_LEN_RANGE);
|
||||||
memcpy(data->buffer + data->buffer_len, pPart, ulPartLen);
|
memcpy(data->buffer + data->buffer_len, pPart, ulPartLen);
|
||||||
data->buffer_len += ulPartLen;
|
data->buffer_len += ulPartLen;
|
||||||
sc_log(context, "data length %u", data->buffer_len);
|
|
||||||
LOG_FUNC_RETURN(context, CKR_OK);
|
LOG_FUNC_RETURN(context, CKR_OK);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -462,7 +461,6 @@ sc_pkcs11_signature_final(sc_pkcs11_operation_t *operation,
|
||||||
|
|
||||||
LOG_FUNC_CALLED(context);
|
LOG_FUNC_CALLED(context);
|
||||||
data = (struct signature_data *) operation->priv_data;
|
data = (struct signature_data *) operation->priv_data;
|
||||||
sc_log(context, "data length %u", data->buffer_len);
|
|
||||||
if (data->md) {
|
if (data->md) {
|
||||||
sc_pkcs11_operation_t *md = data->md;
|
sc_pkcs11_operation_t *md = data->md;
|
||||||
CK_ULONG len = sizeof(data->buffer);
|
CK_ULONG len = sizeof(data->buffer);
|
||||||
|
@ -471,14 +469,13 @@ sc_pkcs11_signature_final(sc_pkcs11_operation_t *operation,
|
||||||
if (rv == CKR_BUFFER_TOO_SMALL)
|
if (rv == CKR_BUFFER_TOO_SMALL)
|
||||||
rv = CKR_FUNCTION_FAILED;
|
rv = CKR_FUNCTION_FAILED;
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
data->buffer_len = len;
|
data->buffer_len = (unsigned int) len;
|
||||||
}
|
}
|
||||||
|
|
||||||
sc_log(context, "%u bytes to sign", data->buffer_len);
|
|
||||||
rv = data->key->ops->sign(operation->session, data->key, &operation->mechanism,
|
rv = data->key->ops->sign(operation->session, data->key, &operation->mechanism,
|
||||||
data->buffer, data->buffer_len, pSignature, pulSignatureLen);
|
data->buffer, data->buffer_len, pSignature, pulSignatureLen);
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
}
|
}
|
||||||
|
|
||||||
static CK_RV
|
static CK_RV
|
||||||
|
@ -521,7 +518,7 @@ sc_pkcs11_signature_size(sc_pkcs11_operation_t *operation, CK_ULONG_PTR pLength)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
@ -549,7 +546,7 @@ sc_pkcs11_verif_init(struct sc_pkcs11_session *session, CK_MECHANISM_PTR pMechan
|
||||||
struct sc_pkcs11_card *p11card;
|
struct sc_pkcs11_card *p11card;
|
||||||
sc_pkcs11_operation_t *operation;
|
sc_pkcs11_operation_t *operation;
|
||||||
sc_pkcs11_mechanism_type_t *mt;
|
sc_pkcs11_mechanism_type_t *mt;
|
||||||
int rv;
|
CK_RV rv;
|
||||||
|
|
||||||
if (!session || !session->slot
|
if (!session || !session->slot
|
||||||
|| !(p11card = session->slot->p11card))
|
|| !(p11card = session->slot->p11card))
|
||||||
|
@ -583,7 +580,7 @@ sc_pkcs11_verif_update(struct sc_pkcs11_session *session,
|
||||||
CK_BYTE_PTR pData, CK_ULONG ulDataLen)
|
CK_BYTE_PTR pData, CK_ULONG ulDataLen)
|
||||||
{
|
{
|
||||||
sc_pkcs11_operation_t *op;
|
sc_pkcs11_operation_t *op;
|
||||||
int rv;
|
CK_RV rv;
|
||||||
|
|
||||||
rv = session_get_operation(session, SC_PKCS11_OPERATION_VERIFY, &op);
|
rv = session_get_operation(session, SC_PKCS11_OPERATION_VERIFY, &op);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
|
@ -608,7 +605,7 @@ sc_pkcs11_verif_final(struct sc_pkcs11_session *session,
|
||||||
CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
|
CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
|
||||||
{
|
{
|
||||||
sc_pkcs11_operation_t *op;
|
sc_pkcs11_operation_t *op;
|
||||||
int rv;
|
CK_RV rv;
|
||||||
|
|
||||||
rv = session_get_operation(session, SC_PKCS11_OPERATION_VERIFY, &op);
|
rv = session_get_operation(session, SC_PKCS11_OPERATION_VERIFY, &op);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
|
@ -635,7 +632,7 @@ sc_pkcs11_verify_init(sc_pkcs11_operation_t *operation,
|
||||||
{
|
{
|
||||||
struct hash_signature_info *info;
|
struct hash_signature_info *info;
|
||||||
struct signature_data *data;
|
struct signature_data *data;
|
||||||
int rv;
|
CK_RV rv;
|
||||||
|
|
||||||
if (!(data = calloc(1, sizeof(*data))))
|
if (!(data = calloc(1, sizeof(*data))))
|
||||||
return CKR_HOST_MEMORY;
|
return CKR_HOST_MEMORY;
|
||||||
|
@ -651,7 +648,7 @@ sc_pkcs11_verify_init(sc_pkcs11_operation_t *operation,
|
||||||
else {
|
else {
|
||||||
/* Mechanism cannot be performed by pkcs#15 card, or some general error. */
|
/* Mechanism cannot be performed by pkcs#15 card, or some general error. */
|
||||||
free(data);
|
free(data);
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -661,7 +658,7 @@ sc_pkcs11_verify_init(sc_pkcs11_operation_t *operation,
|
||||||
if (rv != CKR_OK) {
|
if (rv != CKR_OK) {
|
||||||
/* Probably bad arguments */
|
/* Probably bad arguments */
|
||||||
free(data);
|
free(data);
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -721,7 +718,7 @@ sc_pkcs11_verify_final(sc_pkcs11_operation_t *operation,
|
||||||
CK_ATTRIBUTE attr = {CKA_VALUE, NULL, 0};
|
CK_ATTRIBUTE attr = {CKA_VALUE, NULL, 0};
|
||||||
CK_ATTRIBUTE attr_key_type = {CKA_KEY_TYPE, &key_type, sizeof(key_type)};
|
CK_ATTRIBUTE attr_key_type = {CKA_KEY_TYPE, &key_type, sizeof(key_type)};
|
||||||
CK_ATTRIBUTE attr_key_params = {CKA_GOSTR3410_PARAMS, ¶ms, sizeof(params)};
|
CK_ATTRIBUTE attr_key_params = {CKA_GOSTR3410_PARAMS, ¶ms, sizeof(params)};
|
||||||
int rv;
|
CK_RV rv;
|
||||||
|
|
||||||
data = (struct signature_data *) operation->priv_data;
|
data = (struct signature_data *) operation->priv_data;
|
||||||
|
|
||||||
|
@ -756,10 +753,10 @@ sc_pkcs11_verify_final(sc_pkcs11_operation_t *operation,
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
rv = sc_pkcs11_verify_data(pubkey_value, attr.ulValueLen,
|
rv = sc_pkcs11_verify_data(pubkey_value, (unsigned int) attr.ulValueLen,
|
||||||
params, sizeof(params),
|
params, sizeof(params),
|
||||||
&operation->mechanism, data->md,
|
&operation->mechanism, data->md,
|
||||||
data->buffer, data->buffer_len, pSignature, ulSignatureLen);
|
data->buffer, data->buffer_len, pSignature, (unsigned int) ulSignatureLen);
|
||||||
|
|
||||||
done:
|
done:
|
||||||
free(pubkey_value);
|
free(pubkey_value);
|
||||||
|
@ -815,7 +812,7 @@ sc_pkcs11_decr(struct sc_pkcs11_session *session,
|
||||||
CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
|
CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
|
||||||
{
|
{
|
||||||
sc_pkcs11_operation_t *op;
|
sc_pkcs11_operation_t *op;
|
||||||
int rv;
|
CK_RV rv;
|
||||||
|
|
||||||
rv = session_get_operation(session, SC_PKCS11_OPERATION_DECRYPT, &op);
|
rv = session_get_operation(session, SC_PKCS11_OPERATION_DECRYPT, &op);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
|
@ -1049,7 +1046,7 @@ sc_pkcs11_decrypt_init(sc_pkcs11_operation_t *operation,
|
||||||
else {
|
else {
|
||||||
/* Mechanism cannot be performed by pkcs#15 card, or some general error. */
|
/* Mechanism cannot be performed by pkcs#15 card, or some general error. */
|
||||||
free(data);
|
free(data);
|
||||||
LOG_FUNC_RETURN(context, rv);
|
LOG_FUNC_RETURN(context, (int) rv);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -305,7 +305,7 @@ CK_RV session_stop_operation(struct sc_pkcs11_session * session, int type)
|
||||||
|
|
||||||
CK_RV attr_extract(CK_ATTRIBUTE_PTR pAttr, void *ptr, size_t * sizep)
|
CK_RV attr_extract(CK_ATTRIBUTE_PTR pAttr, void *ptr, size_t * sizep)
|
||||||
{
|
{
|
||||||
unsigned int size;
|
size_t size;
|
||||||
|
|
||||||
if (sizep) {
|
if (sizep) {
|
||||||
size = *sizep;
|
size = *sizep;
|
||||||
|
|
|
@ -352,10 +352,10 @@ static void reverse(unsigned char *buf, size_t len)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static CK_RV gostr3410_verify_data(const unsigned char *pubkey, int pubkey_len,
|
static CK_RV gostr3410_verify_data(const unsigned char *pubkey, unsigned int pubkey_len,
|
||||||
const unsigned char *params, int params_len,
|
const unsigned char *params, unsigned int params_len,
|
||||||
unsigned char *data, int data_len,
|
unsigned char *data, unsigned int data_len,
|
||||||
unsigned char *signat, int signat_len)
|
unsigned char *signat, unsigned int signat_len)
|
||||||
{
|
{
|
||||||
EVP_PKEY *pkey;
|
EVP_PKEY *pkey;
|
||||||
EVP_PKEY_CTX *pkey_ctx = NULL;
|
EVP_PKEY_CTX *pkey_ctx = NULL;
|
||||||
|
@ -429,11 +429,11 @@ static CK_RV gostr3410_verify_data(const unsigned char *pubkey, int pubkey_len,
|
||||||
* If a hash function was used, we can make a big shortcut by
|
* If a hash function was used, we can make a big shortcut by
|
||||||
* finishing with EVP_VerifyFinal().
|
* finishing with EVP_VerifyFinal().
|
||||||
*/
|
*/
|
||||||
CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, int pubkey_len,
|
CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, unsigned int pubkey_len,
|
||||||
const unsigned char *pubkey_params, int pubkey_params_len,
|
const unsigned char *pubkey_params, unsigned int pubkey_params_len,
|
||||||
CK_MECHANISM_PTR mech, sc_pkcs11_operation_t *md,
|
CK_MECHANISM_PTR mech, sc_pkcs11_operation_t *md,
|
||||||
unsigned char *data, int data_len,
|
unsigned char *data, unsigned int data_len,
|
||||||
unsigned char *signat, int signat_len)
|
unsigned char *signat, unsigned int signat_len)
|
||||||
{
|
{
|
||||||
int res;
|
int res;
|
||||||
CK_RV rv = CKR_GENERAL_ERROR;
|
CK_RV rv = CKR_GENERAL_ERROR;
|
||||||
|
@ -614,8 +614,8 @@ CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, int pubkey_len,
|
||||||
data_len = tmp_len;
|
data_len = tmp_len;
|
||||||
}
|
}
|
||||||
rv = CKR_SIGNATURE_INVALID;
|
rv = CKR_SIGNATURE_INVALID;
|
||||||
if (data_len == EVP_MD_size(pss_md) &&
|
if (data_len == (unsigned int) EVP_MD_size(pss_md)
|
||||||
RSA_verify_PKCS1_PSS_mgf1(rsa, data, pss_md, mgf_md,
|
&& RSA_verify_PKCS1_PSS_mgf1(rsa, data, pss_md, mgf_md,
|
||||||
rsa_out, EVP_MD_size(pss_md)/*sLen*/) == 1)
|
rsa_out, EVP_MD_size(pss_md)/*sLen*/) == 1)
|
||||||
rv = CKR_OK;
|
rv = CKR_OK;
|
||||||
RSA_free(rsa);
|
RSA_free(rsa);
|
||||||
|
@ -625,7 +625,7 @@ CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, int pubkey_len,
|
||||||
}
|
}
|
||||||
RSA_free(rsa);
|
RSA_free(rsa);
|
||||||
|
|
||||||
if (rsa_outlen == data_len && memcmp(rsa_out, data, data_len) == 0)
|
if ((unsigned int) rsa_outlen == data_len && memcmp(rsa_out, data, data_len) == 0)
|
||||||
rv = CKR_OK;
|
rv = CKR_OK;
|
||||||
else
|
else
|
||||||
rv = CKR_SIGNATURE_INVALID;
|
rv = CKR_SIGNATURE_INVALID;
|
||||||
|
|
|
@ -130,7 +130,8 @@ CK_RV sc_create_object_int(CK_SESSION_HANDLE hSession, /* the session's handle *
|
||||||
out:
|
out:
|
||||||
if (use_lock)
|
if (use_lock)
|
||||||
sc_pkcs11_unlock();
|
sc_pkcs11_unlock();
|
||||||
LOG_FUNC_RETURN(context, rv);
|
|
||||||
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -212,7 +213,7 @@ C_GetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||||
CK_ATTRIBUTE_PTR pTemplate, /* specifies attributes, gets values */
|
CK_ATTRIBUTE_PTR pTemplate, /* specifies attributes, gets values */
|
||||||
CK_ULONG ulCount) /* attributes in template */
|
CK_ULONG ulCount) /* attributes in template */
|
||||||
{
|
{
|
||||||
static int precedence[] = {
|
static CK_RV precedence[] = {
|
||||||
CKR_OK,
|
CKR_OK,
|
||||||
CKR_BUFFER_TOO_SMALL,
|
CKR_BUFFER_TOO_SMALL,
|
||||||
CKR_ATTRIBUTE_TYPE_INVALID,
|
CKR_ATTRIBUTE_TYPE_INVALID,
|
||||||
|
@ -220,11 +221,12 @@ C_GetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||||
-1
|
-1
|
||||||
};
|
};
|
||||||
char object_name[64];
|
char object_name[64];
|
||||||
int j;
|
CK_RV j;
|
||||||
CK_RV rv;
|
CK_RV rv;
|
||||||
struct sc_pkcs11_session *session;
|
struct sc_pkcs11_session *session;
|
||||||
struct sc_pkcs11_object *object;
|
struct sc_pkcs11_object *object;
|
||||||
int res, res_type;
|
CK_RV res;
|
||||||
|
CK_RV res_type;
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
|
||||||
if (pTemplate == NULL_PTR || ulCount == 0)
|
if (pTemplate == NULL_PTR || ulCount == 0)
|
||||||
|
@ -258,7 +260,7 @@ C_GetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||||
* should be handled - we give them highest
|
* should be handled - we give them highest
|
||||||
* precedence
|
* precedence
|
||||||
*/
|
*/
|
||||||
for (j = 0; precedence[j] != -1; j++) {
|
for (j = 0; precedence[j] != (CK_RV) -1; j++) {
|
||||||
if (precedence[j] == res)
|
if (precedence[j] == res)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -1451,14 +1453,13 @@ CK_RV C_VerifyRecover(CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||||
/*
|
/*
|
||||||
* Helper function to compare attributes on any sort of object
|
* Helper function to compare attributes on any sort of object
|
||||||
*/
|
*/
|
||||||
int sc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *session, void *ptr, CK_ATTRIBUTE_PTR attr)
|
CK_RV sc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *session, void *ptr, CK_ATTRIBUTE_PTR attr)
|
||||||
{
|
{
|
||||||
int rv;
|
CK_RV rv;
|
||||||
struct sc_pkcs11_object *object;
|
struct sc_pkcs11_object *object;
|
||||||
u8 temp1[1024];
|
u8 temp1[1024];
|
||||||
u8 *temp2 = NULL; /* dynamic allocation for large attributes */
|
u8 *temp2 = NULL; /* dynamic allocation for large attributes */
|
||||||
CK_ATTRIBUTE temp_attr;
|
CK_ATTRIBUTE temp_attr;
|
||||||
int res;
|
|
||||||
|
|
||||||
object = (struct sc_pkcs11_object *)ptr;
|
object = (struct sc_pkcs11_object *)ptr;
|
||||||
temp_attr.type = attr->type;
|
temp_attr.type = attr->type;
|
||||||
|
@ -1482,7 +1483,7 @@ int sc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *session, void *ptr, CK
|
||||||
/* Get the attribute */
|
/* Get the attribute */
|
||||||
rv = object->ops->get_attribute(session, object, &temp_attr);
|
rv = object->ops->get_attribute(session, object, &temp_attr);
|
||||||
if (rv != CKR_OK) {
|
if (rv != CKR_OK) {
|
||||||
res = 0;
|
rv = 0;
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
|
@ -1493,12 +1494,12 @@ int sc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *session, void *ptr, CK
|
||||||
dump_template(SC_LOG_DEBUG_NORMAL, foo, &temp_attr, 1);
|
dump_template(SC_LOG_DEBUG_NORMAL, foo, &temp_attr, 1);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
res = temp_attr.ulValueLen == attr->ulValueLen
|
rv = temp_attr.ulValueLen == attr->ulValueLen
|
||||||
&& !memcmp(temp_attr.pValue, attr->pValue, attr->ulValueLen);
|
&& !memcmp(temp_attr.pValue, attr->pValue, attr->ulValueLen);
|
||||||
|
|
||||||
done:
|
done:
|
||||||
if (temp2 != NULL)
|
if (temp2 != NULL)
|
||||||
free(temp2);
|
free(temp2);
|
||||||
|
|
||||||
return res;
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
|
@ -313,7 +313,7 @@ CK_RV C_Login(CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||||
if (rv == CKR_OK)
|
if (rv == CKR_OK)
|
||||||
rv = push_login_state(slot, userType, pPin, ulPinLen);
|
rv = push_login_state(slot, userType, pPin, ulPinLen);
|
||||||
if (rv == CKR_OK) {
|
if (rv == CKR_OK) {
|
||||||
slot->login_user = userType;
|
slot->login_user = (int) userType;
|
||||||
}
|
}
|
||||||
rv = reset_login_state(slot, rv);
|
rv = reset_login_state(slot, rv);
|
||||||
}
|
}
|
||||||
|
|
|
@ -55,7 +55,7 @@ static CK_RV
|
||||||
init_spy(void)
|
init_spy(void)
|
||||||
{
|
{
|
||||||
const char *output, *module;
|
const char *output, *module;
|
||||||
int rv = CKR_OK;
|
CK_RV rv = CKR_OK;
|
||||||
#ifdef _WIN32
|
#ifdef _WIN32
|
||||||
char temp_path[PATH_MAX], expanded_path[PATH_MAX];
|
char temp_path[PATH_MAX], expanded_path[PATH_MAX];
|
||||||
DWORD temp_len, expanded_len;
|
DWORD temp_len, expanded_len;
|
||||||
|
|
|
@ -91,7 +91,7 @@ struct sc_pkcs11_object_ops {
|
||||||
/* Management methods */
|
/* Management methods */
|
||||||
CK_RV (*set_attribute)(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR);
|
CK_RV (*set_attribute)(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR);
|
||||||
CK_RV (*get_attribute)(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR);
|
CK_RV (*get_attribute)(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR);
|
||||||
int (*cmp_attribute)(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR);
|
CK_RV (*cmp_attribute)(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR);
|
||||||
|
|
||||||
CK_RV (*destroy_object)(struct sc_pkcs11_session *, void *);
|
CK_RV (*destroy_object)(struct sc_pkcs11_session *, void *);
|
||||||
CK_RV (*get_size)(struct sc_pkcs11_session *, void *);
|
CK_RV (*get_size)(struct sc_pkcs11_session *, void *);
|
||||||
|
@ -397,7 +397,7 @@ CK_RV sc_pkcs11_create_secret_key(struct sc_pkcs11_session *,
|
||||||
CK_ATTRIBUTE_PTR, CK_ULONG,
|
CK_ATTRIBUTE_PTR, CK_ULONG,
|
||||||
struct sc_pkcs11_object **);
|
struct sc_pkcs11_object **);
|
||||||
/* Generic object handling */
|
/* Generic object handling */
|
||||||
int sc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *,
|
CK_RV sc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *,
|
||||||
void *, CK_ATTRIBUTE_PTR);
|
void *, CK_ATTRIBUTE_PTR);
|
||||||
|
|
||||||
/* Get attributes from template (misc.c) */
|
/* Get attributes from template (misc.c) */
|
||||||
|
@ -456,11 +456,11 @@ CK_RV sc_pkcs11_register_sign_and_hash_mechanism(struct sc_pkcs11_card *,
|
||||||
sc_pkcs11_mechanism_type_t *);
|
sc_pkcs11_mechanism_type_t *);
|
||||||
|
|
||||||
#ifdef ENABLE_OPENSSL
|
#ifdef ENABLE_OPENSSL
|
||||||
CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, int pubkey_len,
|
CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, unsigned int pubkey_len,
|
||||||
const unsigned char *pubkey_params, int pubkey_params_len,
|
const unsigned char *pubkey_params, unsigned int pubkey_params_len,
|
||||||
CK_MECHANISM_PTR mech, sc_pkcs11_operation_t *md,
|
CK_MECHANISM_PTR mech, sc_pkcs11_operation_t *md,
|
||||||
unsigned char *inp, int inp_len,
|
unsigned char *inp, unsigned int inp_len,
|
||||||
unsigned char *signat, int signat_len);
|
unsigned char *signat, unsigned int signat_len);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Load configuration defaults */
|
/* Load configuration defaults */
|
||||||
|
|
|
@ -447,7 +447,7 @@ CK_RV slot_get_slot(CK_SLOT_ID id, struct sc_pkcs11_slot ** slot)
|
||||||
|
|
||||||
CK_RV slot_get_token(CK_SLOT_ID id, struct sc_pkcs11_slot ** slot)
|
CK_RV slot_get_token(CK_SLOT_ID id, struct sc_pkcs11_slot ** slot)
|
||||||
{
|
{
|
||||||
int rv;
|
CK_RV rv;
|
||||||
|
|
||||||
sc_log(context, "Slot(id=0x%lX): get token", id);
|
sc_log(context, "Slot(id=0x%lX): get token", id);
|
||||||
rv = slot_get_slot(id, slot);
|
rv = slot_get_slot(id, slot);
|
||||||
|
@ -473,7 +473,8 @@ CK_RV slot_get_token(CK_SLOT_ID id, struct sc_pkcs11_slot ** slot)
|
||||||
|
|
||||||
CK_RV slot_token_removed(CK_SLOT_ID id)
|
CK_RV slot_token_removed(CK_SLOT_ID id)
|
||||||
{
|
{
|
||||||
int rv, token_was_present;
|
CK_RV rv;
|
||||||
|
int token_was_present;
|
||||||
struct sc_pkcs11_slot *slot;
|
struct sc_pkcs11_slot *slot;
|
||||||
struct sc_pkcs11_object *object;
|
struct sc_pkcs11_object *object;
|
||||||
|
|
||||||
|
|
|
@ -88,14 +88,15 @@ static int getline(char **lineptr, size_t *n, FILE *stream)
|
||||||
#define ASN1_APP_IMP_OPT(stname, field, type, tag) ASN1_EX_TYPE(ASN1_TFLG_IMPTAG|ASN1_TFLG_APPLICATION|ASN1_TFLG_OPTIONAL, tag, stname, field, type)
|
#define ASN1_APP_IMP_OPT(stname, field, type, tag) ASN1_EX_TYPE(ASN1_TFLG_IMPTAG|ASN1_TFLG_APPLICATION|ASN1_TFLG_OPTIONAL, tag, stname, field, type)
|
||||||
#define ASN1_APP_IMP(stname, field, type, tag) ASN1_EX_TYPE(ASN1_TFLG_IMPTAG|ASN1_TFLG_APPLICATION, tag, stname, field, type)
|
#define ASN1_APP_IMP(stname, field, type, tag) ASN1_EX_TYPE(ASN1_TFLG_IMPTAG|ASN1_TFLG_APPLICATION, tag, stname, field, type)
|
||||||
|
|
||||||
|
typedef ASN1_AUXILIARY_DATA ASN1_AUXILIARY_DATA_NPA_TOOL;
|
||||||
/* 0x67
|
/* 0x67
|
||||||
* Auxiliary authenticated data */
|
* Auxiliary authenticated data */
|
||||||
ASN1_ITEM_TEMPLATE(ASN1_AUXILIARY_DATA) =
|
ASN1_ITEM_TEMPLATE(ASN1_AUXILIARY_DATA_NPA_TOOL) =
|
||||||
ASN1_EX_TEMPLATE_TYPE(
|
ASN1_EX_TEMPLATE_TYPE(
|
||||||
ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_IMPTAG|ASN1_TFLG_APPLICATION,
|
ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_IMPTAG|ASN1_TFLG_APPLICATION,
|
||||||
7, AuxiliaryAuthenticatedData, CVC_DISCRETIONARY_DATA_TEMPLATE)
|
7, AuxiliaryAuthenticatedData, CVC_DISCRETIONARY_DATA_TEMPLATE)
|
||||||
ASN1_ITEM_TEMPLATE_END(ASN1_AUXILIARY_DATA)
|
ASN1_ITEM_TEMPLATE_END(ASN1_AUXILIARY_DATA_NPA_TOOL)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(ASN1_AUXILIARY_DATA)
|
IMPLEMENT_ASN1_FUNCTIONS(ASN1_AUXILIARY_DATA_NPA_TOOL)
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Print binary data to a file stream
|
* @brief Print binary data to a file stream
|
||||||
|
@ -285,8 +286,8 @@ int npa_translate_apdus(sc_card_t *card, FILE *input)
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int add_to_ASN1_AUXILIARY_DATA(
|
static int add_to_ASN1_AUXILIARY_DATA_NPA_TOOL(
|
||||||
ASN1_AUXILIARY_DATA **auxiliary_data,
|
ASN1_AUXILIARY_DATA_NPA_TOOL **auxiliary_data,
|
||||||
int nid, const unsigned char *data, size_t data_len)
|
int nid, const unsigned char *data, size_t data_len)
|
||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
|
@ -298,7 +299,7 @@ static int add_to_ASN1_AUXILIARY_DATA(
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!*auxiliary_data) {
|
if (!*auxiliary_data) {
|
||||||
*auxiliary_data = ASN1_AUXILIARY_DATA_new();
|
*auxiliary_data = ASN1_AUXILIARY_DATA_NPA_TOOL_new();
|
||||||
if (!*auxiliary_data) {
|
if (!*auxiliary_data) {
|
||||||
r = SC_ERROR_INTERNAL;
|
r = SC_ERROR_INTERNAL;
|
||||||
goto err;
|
goto err;
|
||||||
|
@ -372,7 +373,7 @@ main (int argc, char **argv)
|
||||||
unsigned char *certs_chat = NULL;
|
unsigned char *certs_chat = NULL;
|
||||||
unsigned char *dg = NULL;
|
unsigned char *dg = NULL;
|
||||||
size_t dg_len = 0;
|
size_t dg_len = 0;
|
||||||
ASN1_AUXILIARY_DATA *templates = NULL;
|
ASN1_AUXILIARY_DATA_NPA_TOOL *templates = NULL;
|
||||||
unsigned char *ef_cardsecurity = NULL;
|
unsigned char *ef_cardsecurity = NULL;
|
||||||
size_t ef_cardsecurity_len = 0;
|
size_t ef_cardsecurity_len = 0;
|
||||||
|
|
||||||
|
@ -671,7 +672,7 @@ main (int argc, char **argv)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (cmdline.older_than_given) {
|
if (cmdline.older_than_given) {
|
||||||
r = add_to_ASN1_AUXILIARY_DATA(&templates,
|
r = add_to_ASN1_AUXILIARY_DATA_NPA_TOOL(&templates,
|
||||||
NID_id_DateOfBirth,
|
NID_id_DateOfBirth,
|
||||||
(unsigned char *) cmdline.older_than_arg,
|
(unsigned char *) cmdline.older_than_arg,
|
||||||
strlen(cmdline.older_than_arg));
|
strlen(cmdline.older_than_arg));
|
||||||
|
@ -679,7 +680,7 @@ main (int argc, char **argv)
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (cmdline.verify_validity_given) {
|
if (cmdline.verify_validity_given) {
|
||||||
r = add_to_ASN1_AUXILIARY_DATA(&templates,
|
r = add_to_ASN1_AUXILIARY_DATA_NPA_TOOL(&templates,
|
||||||
NID_id_DateOfExpiry,
|
NID_id_DateOfExpiry,
|
||||||
(unsigned char *) cmdline.verify_validity_arg,
|
(unsigned char *) cmdline.verify_validity_arg,
|
||||||
strlen(cmdline.verify_validity_arg));
|
strlen(cmdline.verify_validity_arg));
|
||||||
|
@ -693,7 +694,7 @@ main (int argc, char **argv)
|
||||||
fprintf(stderr, "Could not parse community ID.\n");
|
fprintf(stderr, "Could not parse community ID.\n");
|
||||||
exit(2);
|
exit(2);
|
||||||
}
|
}
|
||||||
r = add_to_ASN1_AUXILIARY_DATA(&templates,
|
r = add_to_ASN1_AUXILIARY_DATA_NPA_TOOL(&templates,
|
||||||
NID_id_CommunityID,
|
NID_id_CommunityID,
|
||||||
community_id, community_id_len);
|
community_id, community_id_len);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
|
@ -701,7 +702,7 @@ main (int argc, char **argv)
|
||||||
}
|
}
|
||||||
if (templates) {
|
if (templates) {
|
||||||
unsigned char *p = NULL;
|
unsigned char *p = NULL;
|
||||||
auxiliary_data_len = i2d_ASN1_AUXILIARY_DATA(
|
auxiliary_data_len = i2d_ASN1_AUXILIARY_DATA_NPA_TOOL(
|
||||||
templates, &p);
|
templates, &p);
|
||||||
if (0 > (int) auxiliary_data_len
|
if (0 > (int) auxiliary_data_len
|
||||||
|| auxiliary_data_len > sizeof auxiliary_data) {
|
|| auxiliary_data_len > sizeof auxiliary_data) {
|
||||||
|
@ -892,7 +893,7 @@ err:
|
||||||
free(privkey);
|
free(privkey);
|
||||||
free(dg);
|
free(dg);
|
||||||
if (templates)
|
if (templates)
|
||||||
ASN1_AUXILIARY_DATA_free(templates);
|
ASN1_AUXILIARY_DATA_NPA_TOOL_free(templates);
|
||||||
|
|
||||||
sc_sm_stop(card);
|
sc_sm_stop(card);
|
||||||
sc_reset(card, 1);
|
sc_reset(card, 1);
|
||||||
|
|
|
@ -253,7 +253,7 @@ static void print_common_flags(const struct sc_pkcs15_object *obj)
|
||||||
{
|
{
|
||||||
const char *common_flags[] = {"private", "modifiable"};
|
const char *common_flags[] = {"private", "modifiable"};
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
printf("\tObject Flags : [0x%X]", obj->flags);
|
printf("\tObject Flags : [0x%02X]", obj->flags);
|
||||||
for (i = 0; i < NELEMENTS(common_flags); i++) {
|
for (i = 0; i < NELEMENTS(common_flags); i++) {
|
||||||
if (obj->flags & (1 << i)) {
|
if (obj->flags & (1 << i)) {
|
||||||
printf(", %s", common_flags[i]);
|
printf(", %s", common_flags[i]);
|
||||||
|
@ -620,7 +620,7 @@ static void print_prkey_info(const struct sc_pkcs15_object *obj)
|
||||||
printf(" Ref:0x%02X", prkey->key_reference);
|
printf(" Ref:0x%02X", prkey->key_reference);
|
||||||
if (obj->auth_id.len != 0)
|
if (obj->auth_id.len != 0)
|
||||||
printf(" AuthID:%s", sc_pkcs15_print_id(&obj->auth_id));
|
printf(" AuthID:%s", sc_pkcs15_print_id(&obj->auth_id));
|
||||||
printf("\n\t %-16.*s [0x%X", 16, obj->label, prkey->usage);
|
printf("\n\t %-18.*s [0x%02X", (int) sizeof obj->label, obj->label, prkey->usage);
|
||||||
print_key_usages(prkey->usage);
|
print_key_usages(prkey->usage);
|
||||||
printf("]");
|
printf("]");
|
||||||
return;
|
return;
|
||||||
|
@ -628,10 +628,10 @@ static void print_prkey_info(const struct sc_pkcs15_object *obj)
|
||||||
|
|
||||||
printf("Private %s Key [%.*s]\n", key_types[7 & obj->type], (int) sizeof obj->label, obj->label);
|
printf("Private %s Key [%.*s]\n", key_types[7 & obj->type], (int) sizeof obj->label, obj->label);
|
||||||
print_common_flags(obj);
|
print_common_flags(obj);
|
||||||
printf("\tUsage : [0x%X]", prkey->usage);
|
printf("\tUsage : [0x%02X]", prkey->usage);
|
||||||
print_key_usages(prkey->usage);
|
print_key_usages(prkey->usage);
|
||||||
printf("\n");
|
printf("\n");
|
||||||
printf("\tAccess Flags : [0x%X]", prkey->access_flags);
|
printf("\tAccess Flags : [0x%02X]", prkey->access_flags);
|
||||||
print_key_access_flags(prkey->access_flags);
|
print_key_access_flags(prkey->access_flags);
|
||||||
printf("\n");
|
printf("\n");
|
||||||
|
|
||||||
|
@ -641,7 +641,7 @@ static void print_prkey_info(const struct sc_pkcs15_object *obj)
|
||||||
printf("\tModLength : %lu\n", (unsigned long)prkey->modulus_length);
|
printf("\tModLength : %lu\n", (unsigned long)prkey->modulus_length);
|
||||||
else
|
else
|
||||||
printf("\tFieldLength : %lu\n", (unsigned long)prkey->field_length);
|
printf("\tFieldLength : %lu\n", (unsigned long)prkey->field_length);
|
||||||
printf("\tKey ref : %d (0x%X)\n", prkey->key_reference, prkey->key_reference);
|
printf("\tKey ref : %d (0x%02X)\n", prkey->key_reference, prkey->key_reference);
|
||||||
printf("\tNative : %s\n", prkey->native ? "yes" : "no");
|
printf("\tNative : %s\n", prkey->native ? "yes" : "no");
|
||||||
if (prkey->path.len || prkey->path.aid.len)
|
if (prkey->path.len || prkey->path.aid.len)
|
||||||
printf("\tPath : %s\n", sc_print_path(&prkey->path));
|
printf("\tPath : %s\n", sc_print_path(&prkey->path));
|
||||||
|
@ -701,7 +701,7 @@ static void print_pubkey_info(const struct sc_pkcs15_object *obj)
|
||||||
printf(" Ref:0x%02X", pubkey->key_reference);
|
printf(" Ref:0x%02X", pubkey->key_reference);
|
||||||
if (obj->auth_id.len != 0)
|
if (obj->auth_id.len != 0)
|
||||||
printf(" AuthID:%s", sc_pkcs15_print_id(&obj->auth_id));
|
printf(" AuthID:%s", sc_pkcs15_print_id(&obj->auth_id));
|
||||||
printf(" %15.*s [0x%X", (int) sizeof obj->label, obj->label, pubkey->usage);
|
printf(" %-18.*s [0x%02X", (int) sizeof obj->label, obj->label, pubkey->usage);
|
||||||
print_key_usages(pubkey->usage);
|
print_key_usages(pubkey->usage);
|
||||||
printf("]");
|
printf("]");
|
||||||
return;
|
return;
|
||||||
|
@ -709,11 +709,11 @@ static void print_pubkey_info(const struct sc_pkcs15_object *obj)
|
||||||
|
|
||||||
printf("Public %s Key [%.*s]\n", key_types[7 & obj->type], (int) sizeof obj->label, obj->label);
|
printf("Public %s Key [%.*s]\n", key_types[7 & obj->type], (int) sizeof obj->label, obj->label);
|
||||||
print_common_flags(obj);
|
print_common_flags(obj);
|
||||||
printf("\tUsage : [0x%X]", pubkey->usage);
|
printf("\tUsage : [0x%02X]", pubkey->usage);
|
||||||
print_key_usages(pubkey->usage);
|
print_key_usages(pubkey->usage);
|
||||||
printf("\n");
|
printf("\n");
|
||||||
|
|
||||||
printf("\tAccess Flags : [0x%X]", pubkey->access_flags);
|
printf("\tAccess Flags : [0x%02X]", pubkey->access_flags);
|
||||||
print_key_access_flags(pubkey->access_flags);
|
print_key_access_flags(pubkey->access_flags);
|
||||||
printf("\n");
|
printf("\n");
|
||||||
|
|
||||||
|
@ -733,7 +733,7 @@ static void print_pubkey_info(const struct sc_pkcs15_object *obj)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
printf("\tKey ref : %d (0x%X)\n", pubkey->key_reference, pubkey->key_reference);
|
printf("\tKey ref : %d (0x%02X)\n", pubkey->key_reference, pubkey->key_reference);
|
||||||
printf("\tNative : %s\n", pubkey->native ? "yes" : "no");
|
printf("\tNative : %s\n", pubkey->native ? "yes" : "no");
|
||||||
if (have_path)
|
if (have_path)
|
||||||
printf("\tPath : %s\n", sc_print_path(&pubkey->path));
|
printf("\tPath : %s\n", sc_print_path(&pubkey->path));
|
||||||
|
@ -840,11 +840,11 @@ static void print_skey_info(const struct sc_pkcs15_object *obj)
|
||||||
|
|
||||||
printf("Secret %s Key [%.*s]\n", skey_types[7 & obj->type], (int) sizeof obj->label, obj->label);
|
printf("Secret %s Key [%.*s]\n", skey_types[7 & obj->type], (int) sizeof obj->label, obj->label);
|
||||||
print_common_flags(obj);
|
print_common_flags(obj);
|
||||||
printf("\tUsage : [0x%X]", skey->usage);
|
printf("\tUsage : [0x%02X]", skey->usage);
|
||||||
print_key_usages(skey->usage);
|
print_key_usages(skey->usage);
|
||||||
printf("\n");
|
printf("\n");
|
||||||
|
|
||||||
printf("\tAccess Flags : [0x%X]", skey->access_flags);
|
printf("\tAccess Flags : [0x%02X]", skey->access_flags);
|
||||||
print_key_access_flags(skey->access_flags);
|
print_key_access_flags(skey->access_flags);
|
||||||
printf("\n");
|
printf("\n");
|
||||||
|
|
||||||
|
@ -853,7 +853,7 @@ static void print_skey_info(const struct sc_pkcs15_object *obj)
|
||||||
printf("\tSize : %lu bits\n", (unsigned long)skey->value_len);
|
printf("\tSize : %lu bits\n", (unsigned long)skey->value_len);
|
||||||
printf("\tID : %s\n", sc_pkcs15_print_id(&skey->id));
|
printf("\tID : %s\n", sc_pkcs15_print_id(&skey->id));
|
||||||
printf("\tNative : %s\n", skey->native ? "yes" : "no");
|
printf("\tNative : %s\n", skey->native ? "yes" : "no");
|
||||||
printf("\tKey ref : %d (0x%X)\n", skey->key_reference, skey->key_reference);
|
printf("\tKey ref : %d (0x%02X)\n", skey->key_reference, skey->key_reference);
|
||||||
|
|
||||||
if (skey->path.len || skey->path.aid.len)
|
if (skey->path.len || skey->path.aid.len)
|
||||||
printf("\tPath : %s\n", sc_print_path(&skey->path));
|
printf("\tPath : %s\n", sc_print_path(&skey->path));
|
||||||
|
|
Loading…
Reference in New Issue