Indent sources
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1426 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
a02ef5e722
commit
bbc64d01ff
|
@ -43,7 +43,8 @@ static sc_card_t *card = NULL;
|
|||
static sc_pkcs15_card_t *p15card = NULL;
|
||||
static char *sc_pin = NULL;
|
||||
|
||||
int opensc_finish(void) {
|
||||
int opensc_finish(void)
|
||||
{
|
||||
if (p15card) {
|
||||
sc_pkcs15_unbind(p15card);
|
||||
p15card = NULL;
|
||||
|
@ -59,7 +60,8 @@ int opensc_finish(void) {
|
|||
return 1;
|
||||
}
|
||||
|
||||
int opensc_init(void) {
|
||||
int opensc_init(void)
|
||||
{
|
||||
int r = 0;
|
||||
|
||||
if (!quiet)
|
||||
|
@ -83,30 +85,35 @@ err:
|
|||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
opensc_rsa_finish(RSA* rsa) {
|
||||
int opensc_rsa_finish(RSA * rsa)
|
||||
{
|
||||
struct sc_pkcs15_key_id *key_id;
|
||||
|
||||
key_id = (struct sc_pkcs15_key_id *) RSA_get_app_data(rsa);
|
||||
free(key_id);
|
||||
if(sc_pin) {free(sc_pin);}
|
||||
if (sc_pin) {
|
||||
free(sc_pin);
|
||||
}
|
||||
return 1;
|
||||
|
||||
}
|
||||
|
||||
BIGNUM *sc_bignum_t_to_BIGNUM(sc_pkcs15_bignum_t* bignum, BIGNUM* BN) {
|
||||
BIGNUM *sc_bignum_t_to_BIGNUM(sc_pkcs15_bignum_t * bignum, BIGNUM * BN)
|
||||
{
|
||||
BN_bin2bn((unsigned char *) bignum->data, bignum->len, BN);
|
||||
return BN;
|
||||
}
|
||||
|
||||
void sc_set_pubkey_data(EVP_PKEY* key_out, sc_pkcs15_pubkey_t* pubkey) {
|
||||
key_out->pkey.rsa->n=sc_bignum_t_to_BIGNUM(&(pubkey->u.rsa.modulus),BN_new());
|
||||
key_out->pkey.rsa->e=sc_bignum_t_to_BIGNUM(&(pubkey->u.rsa.exponent),BN_new());
|
||||
void sc_set_pubkey_data(EVP_PKEY * key_out, sc_pkcs15_pubkey_t * pubkey)
|
||||
{
|
||||
key_out->pkey.rsa->n =
|
||||
sc_bignum_t_to_BIGNUM(&(pubkey->u.rsa.modulus), BN_new());
|
||||
key_out->pkey.rsa->e =
|
||||
sc_bignum_t_to_BIGNUM(&(pubkey->u.rsa.exponent), BN_new());
|
||||
}
|
||||
|
||||
/* private key operations */
|
||||
|
||||
int
|
||||
sc_prkey_op_init(const RSA *rsa, struct sc_pkcs15_object **key_obj_out)
|
||||
int sc_prkey_op_init(const RSA * rsa, struct sc_pkcs15_object **key_obj_out)
|
||||
{
|
||||
int r;
|
||||
struct sc_pkcs15_object *key_obj;
|
||||
|
@ -136,8 +143,7 @@ sc_prkey_op_init(const RSA *rsa, struct sc_pkcs15_object **key_obj_out)
|
|||
goto err;
|
||||
}
|
||||
key = (struct sc_pkcs15_prkey_info *) key_obj->data;
|
||||
r = sc_pkcs15_find_pin_by_auth_id(p15card, &key_obj->auth_id,
|
||||
&pin_obj);
|
||||
r = sc_pkcs15_find_pin_by_auth_id(p15card, &key_obj->auth_id, &pin_obj);
|
||||
if (r) {
|
||||
fprintf(stderr, "Unable to find PIN object from SmartCard: %s",
|
||||
sc_strerror(r));
|
||||
|
@ -169,8 +175,8 @@ err:
|
|||
}
|
||||
|
||||
EVP_PKEY *opensc_load_public_key(ENGINE * e, const char *s_key_id,
|
||||
UI_METHOD *ui_method, void *callback_data) {
|
||||
|
||||
UI_METHOD * ui_method, void *callback_data)
|
||||
{
|
||||
int r;
|
||||
struct sc_pkcs15_id *id;
|
||||
struct sc_pkcs15_object *obj;
|
||||
|
@ -194,10 +200,11 @@ EVP_PKEY *opensc_load_public_key(ENGINE *e, const char *s_key_id,
|
|||
r = sc_pkcs15_find_cert_by_id(p15card, id, &obj);
|
||||
if (r >= 0) {
|
||||
if (!quiet)
|
||||
printf("Reading certificate with ID '%s'\n", s_key_id);
|
||||
printf("Reading certificate with ID '%s'\n",
|
||||
s_key_id);
|
||||
r = sc_pkcs15_read_certificate(p15card,
|
||||
(sc_pkcs15_cert_info_t *) obj->data,
|
||||
&cert);
|
||||
(sc_pkcs15_cert_info_t *)
|
||||
obj->data, &cert);
|
||||
}
|
||||
if (r >= 0)
|
||||
pubkey = &cert->key;
|
||||
|
@ -208,14 +215,17 @@ EVP_PKEY *opensc_load_public_key(ENGINE *e, const char *s_key_id,
|
|||
return NULL;
|
||||
}
|
||||
if (r < 0) {
|
||||
fprintf(stderr, "Public key enumeration failed: %s\n", sc_strerror(r));
|
||||
fprintf(stderr, "Public key enumeration failed: %s\n",
|
||||
sc_strerror(r));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* now, set EVP_PKEY data from pubkey object */
|
||||
key_out = EVP_PKEY_new();
|
||||
if(!key_out)
|
||||
{fprintf(stderr, "failed to create new EVP_PKEY\n"); return NULL;};
|
||||
if (!key_out) {
|
||||
fprintf(stderr, "failed to create new EVP_PKEY\n");
|
||||
return NULL;
|
||||
};
|
||||
EVP_PKEY_assign_RSA(key_out, RSA_new_method(e));
|
||||
#if 0
|
||||
RSA_set_method(keyout->rsa, sc_get_rsa_method());
|
||||
|
@ -231,27 +241,36 @@ EVP_PKEY *opensc_load_public_key(ENGINE *e, const char *s_key_id,
|
|||
return key_out;
|
||||
}
|
||||
|
||||
char* get_pin(UI_METHOD* ui_method, char* sc_pin, int maxlen) {
|
||||
char *get_pin(UI_METHOD * ui_method, char *sc_pin, int maxlen)
|
||||
{
|
||||
UI *ui;
|
||||
|
||||
ui = UI_new();
|
||||
UI_set_method(ui, ui_method);
|
||||
if (!UI_add_input_string(ui, "SmartCard Password: ", 0, sc_pin, 1, maxlen)) {
|
||||
fprintf(stderr, "UI_add_input_string failed");
|
||||
UI_free(ui); return NULL; }
|
||||
UI_free(ui);
|
||||
return NULL;
|
||||
}
|
||||
if (!UI_process(ui)) {
|
||||
fprintf(stderr, "UI_process failed"); return NULL;}
|
||||
fprintf(stderr, "UI_process failed");
|
||||
return NULL;
|
||||
}
|
||||
UI_free(ui);
|
||||
return sc_pin;
|
||||
|
||||
}
|
||||
|
||||
EVP_PKEY *opensc_load_private_key(ENGINE * e, const char *s_key_id,
|
||||
UI_METHOD *ui_method, void *callback_data) {
|
||||
UI_METHOD * ui_method, void *callback_data)
|
||||
{
|
||||
EVP_PKEY *key_out;
|
||||
|
||||
if (!quiet)
|
||||
fprintf(stderr, "Loading private key!");
|
||||
|
||||
if(sc_pin) {free(sc_pin); sc_pin=NULL;}
|
||||
if (sc_pin) {
|
||||
free(sc_pin);
|
||||
sc_pin = NULL;
|
||||
}
|
||||
key_out = opensc_load_public_key(e, s_key_id, ui_method, callback_data);
|
||||
sc_pin = (char *) malloc(12);
|
||||
get_pin(ui_method, sc_pin, 12); /* do this here, when storing sc_pin in RSA */
|
||||
|
@ -301,8 +320,10 @@ sc_sign(int type, const u_char *m, unsigned int m_len,
|
|||
/* FIXME: length of sigret correct? */
|
||||
/* FIXME: check 'type' and modify flags accordingly */
|
||||
flags |= SC_ALGORITHM_RSA_PAD_PKCS1;
|
||||
if(type==NID_sha1) flags|=SC_ALGORITHM_RSA_HASH_SHA1;
|
||||
if(type==NID_md5) flags|=SC_ALGORITHM_RSA_HASH_MD5;
|
||||
if (type == NID_sha1)
|
||||
flags |= SC_ALGORITHM_RSA_HASH_SHA1;
|
||||
if (type == NID_md5)
|
||||
flags |= SC_ALGORITHM_RSA_HASH_MD5;
|
||||
r = sc_pkcs15_compute_signature(p15card, key_obj, flags,
|
||||
m, m_len, sigret, RSA_size(rsa));
|
||||
sc_unlock(card);
|
||||
|
|
|
@ -35,40 +35,46 @@
|
|||
#define fail(msg) { fprintf(stderr,msg); return NULL;}
|
||||
|
||||
PKCS11_CTX *ctx;
|
||||
char* pin;
|
||||
char *pin = NULL;
|
||||
int quiet = 1;
|
||||
|
||||
const char *module = PKCS11_DEFAULT_MODULE_NAME;
|
||||
|
||||
int set_module(const char *modulename) {
|
||||
int set_module(const char *modulename)
|
||||
{
|
||||
module = modulename;
|
||||
return 1;
|
||||
}
|
||||
|
||||
char* get_pin(UI_METHOD* ui_method, char* sc_pin, int maxlen) {
|
||||
char *get_pin(UI_METHOD * ui_method, char *sc_pin, int maxlen)
|
||||
{
|
||||
UI *ui;
|
||||
|
||||
ui = UI_new();
|
||||
UI_set_method(ui, ui_method);
|
||||
if (!UI_add_input_string(ui, "SmartCard PIN: ", 0, sc_pin, 1, maxlen)) {
|
||||
fprintf(stderr, "UI_add_input_string failed\n");
|
||||
UI_free(ui); return NULL; }
|
||||
UI_free(ui);
|
||||
return NULL;
|
||||
}
|
||||
if (!UI_process(ui)) {
|
||||
fprintf(stderr, "UI_process failed\n"); return NULL;}
|
||||
fprintf(stderr, "UI_process failed\n");
|
||||
return NULL;
|
||||
}
|
||||
UI_free(ui);
|
||||
return sc_pin;
|
||||
|
||||
}
|
||||
|
||||
int pkcs11_finish(ENGINE *engine) {
|
||||
|
||||
int pkcs11_finish(ENGINE * engine)
|
||||
{
|
||||
if (ctx) {
|
||||
PKCS11_CTX_free(ctx);
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int pkcs11_init(ENGINE *engine) {
|
||||
int pkcs11_init(ENGINE * engine)
|
||||
{
|
||||
if (!quiet)
|
||||
fprintf(stderr, "initializing engine\n");
|
||||
|
||||
|
@ -77,17 +83,16 @@ int pkcs11_init(ENGINE *engine) {
|
|||
fprintf(stderr, "unable to load module\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int
|
||||
pkcs11_rsa_finish(RSA* rsa) {
|
||||
|
||||
if(pin) {free(pin);}
|
||||
int pkcs11_rsa_finish(RSA * rsa)
|
||||
{
|
||||
if (pin) {
|
||||
free(pin);
|
||||
}
|
||||
/* need to free RSA_ex_data? */
|
||||
return 1;
|
||||
|
||||
}
|
||||
|
||||
static int hex_to_bin(const char *in, unsigned char *out, size_t * outlen)
|
||||
|
@ -110,11 +115,9 @@ static int hex_to_bin(const char *in, unsigned char *out, size_t *outlen)
|
|||
c = *in++;
|
||||
if ('0' <= c && c <= '9')
|
||||
c -= '0';
|
||||
else
|
||||
if ('a' <= c && c <= 'f')
|
||||
else if ('a' <= c && c <= 'f')
|
||||
c = c - 'a' + 10;
|
||||
else
|
||||
if ('A' <= c && c <= 'F')
|
||||
else if ('A' <= c && c <= 'F')
|
||||
c = c - 'A' + 10;
|
||||
else {
|
||||
printf("hex_to_bin(): invalid char '%c' in hex string\n", c);
|
||||
|
@ -142,8 +145,8 @@ static int hex_to_bin(const char *in, unsigned char *out, size_t *outlen)
|
|||
#define MAX_VALUE_LEN 200
|
||||
|
||||
EVP_PKEY *pkcs11_load_key(ENGINE * e, const char *s_slot_key_id,
|
||||
UI_METHOD *ui_method, void *callback_data, int isPrivate) {
|
||||
|
||||
UI_METHOD * ui_method, void *callback_data, int isPrivate)
|
||||
{
|
||||
PKCS11_SLOT *slot_list, *slot;
|
||||
PKCS11_TOKEN *tok;
|
||||
PKCS11_KEY *keys, *selected_key = NULL;
|
||||
|
@ -194,22 +197,20 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id,
|
|||
printf("Slot number \"%s\" should be an integer\n", val);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
else if (strncasecmp(s_slot_key_id, "id", p_sep1 - s_slot_key_id) == 0) {
|
||||
} else if (strncasecmp(s_slot_key_id, "id", p_sep1 - s_slot_key_id)
|
||||
== 0) {
|
||||
if (!hex_to_bin(val, key_id, &key_id_len)) {
|
||||
printf("Key id \"%s\" should be a hex string\n", val);
|
||||
return NULL;
|
||||
}
|
||||
strcpy(buf, val);
|
||||
s_key_id = buf;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
memcpy(val, s_slot_key_id, p_sep1 - s_slot_key_id);
|
||||
val[p_sep1 - s_slot_key_id] = '\0';
|
||||
printf("Now allowed in -key: \"%s\"\n", val);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
s_slot_key_id = (*p_sep2 == '\0' ? p_sep2 : p_sep2 + 1);
|
||||
}
|
||||
|
||||
|
@ -247,8 +248,7 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id,
|
|||
if (slot_nr == -1) {
|
||||
if (!(slot = PKCS11_find_token(ctx)))
|
||||
fail("didn't find any tokens\n");
|
||||
}
|
||||
else if (slot_nr >= 0 && slot_nr < count)
|
||||
} else if (slot_nr >= 0 && slot_nr < count)
|
||||
slot = slot_list + slot_nr;
|
||||
else {
|
||||
printf("Invalid slot number: %d\n", slot_nr);
|
||||
|
@ -277,8 +277,7 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id,
|
|||
PKCS11_CERT *c = certs + n;
|
||||
char *dn = NULL;
|
||||
|
||||
printf(" %2u %s", n+1,
|
||||
c->label);
|
||||
printf(" %2u %s", n + 1, c->label);
|
||||
if (c->x509)
|
||||
dn = X509_NAME_oneline(X509_get_subject_name(c->x509), NULL, 0);
|
||||
if (dn) {
|
||||
|
@ -314,9 +313,7 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id,
|
|||
PKCS11_KEY *k = keys + n;
|
||||
|
||||
printf(" %2u %c%c %s\n", n + 1,
|
||||
k->isPrivate? 'P' : ' ',
|
||||
k->needLogin? 'L' : ' ',
|
||||
k->label);
|
||||
k->isPrivate ? 'P' : ' ', k->needLogin ? 'L' : ' ', k->label);
|
||||
|
||||
if (key_id_len != 0 && k->id_len == key_id_len &&
|
||||
memcmp(k->id, key_id, key_id_len) == 0) {
|
||||
|
@ -329,8 +326,7 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id,
|
|||
if (s_key_id != NULL) {
|
||||
printf("No key with ID \"%s\" found.\n", s_key_id);
|
||||
return NULL;
|
||||
}
|
||||
else /* Take the first key that was found */
|
||||
} else /* Take the first key that was found */
|
||||
selected_key = &keys[0];
|
||||
}
|
||||
|
||||
|
@ -346,8 +342,10 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id,
|
|||
}
|
||||
|
||||
EVP_PKEY *pkcs11_load_public_key(ENGINE * e, const char *s_key_id,
|
||||
UI_METHOD *ui_method, void *callback_data) {
|
||||
UI_METHOD * ui_method, void *callback_data)
|
||||
{
|
||||
EVP_PKEY *pk;
|
||||
|
||||
pk = pkcs11_load_key(e, s_key_id, ui_method, callback_data, 0);
|
||||
if (pk == NULL)
|
||||
fail("PKCS11_load_public_key returned NULL\n");
|
||||
|
@ -355,8 +353,10 @@ EVP_PKEY *pkcs11_load_public_key(ENGINE *e, const char *s_key_id,
|
|||
}
|
||||
|
||||
EVP_PKEY *pkcs11_load_private_key(ENGINE * e, const char *s_key_id,
|
||||
UI_METHOD *ui_method, void *callback_data) {
|
||||
UI_METHOD * ui_method, void *callback_data)
|
||||
{
|
||||
EVP_PKEY *pk;
|
||||
|
||||
pk = pkcs11_load_key(e, s_key_id, ui_method, callback_data, 1);
|
||||
if (pk == NULL)
|
||||
fail("PKCS11_get_private_key returned NULL\n");
|
||||
|
|
|
@ -96,12 +96,12 @@ static const ENGINE_CMD_DEFN opensc_cmd_defns[] = {
|
|||
{0, NULL, NULL, 0}
|
||||
};
|
||||
|
||||
static int opensc_engine_finish(ENGINE *e) {
|
||||
static int opensc_engine_finish(ENGINE * e)
|
||||
{
|
||||
return opensc_finish();
|
||||
}
|
||||
|
||||
static int
|
||||
opensc_engine_init(ENGINE *e)
|
||||
static int opensc_engine_init(ENGINE * e)
|
||||
{
|
||||
return opensc_init();
|
||||
}
|
||||
|
@ -114,27 +114,25 @@ static int opensc_engine_destroy(ENGINE *e)
|
|||
|
||||
static int opensc_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ())
|
||||
{
|
||||
switch(cmd)
|
||||
{
|
||||
switch (cmd) {
|
||||
default:
|
||||
break;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* set up default rsa_meth_st with overloaded rsa functions */
|
||||
/* the actual implementation needs to be in another object */
|
||||
|
||||
static int (*orig_finish) (RSA * rsa);
|
||||
|
||||
static int
|
||||
opensc_engine_rsa_finish(RSA* rsa) {
|
||||
|
||||
static int opensc_engine_rsa_finish(RSA * rsa)
|
||||
{
|
||||
opensc_rsa_finish(rsa);
|
||||
|
||||
if (orig_finish)
|
||||
orig_finish(rsa);
|
||||
return 1;
|
||||
|
||||
}
|
||||
|
||||
static RSA_METHOD *sc_get_rsa_method(void)
|
||||
|
@ -165,8 +163,7 @@ static RSA_METHOD * sc_get_rsa_method(void)
|
|||
* "dynamic" ENGINE support too */
|
||||
static int bind_helper(ENGINE * e)
|
||||
{
|
||||
if(
|
||||
!ENGINE_set_id(e, OPENSC_ENGINE_ID) ||
|
||||
if (!ENGINE_set_id(e, OPENSC_ENGINE_ID) ||
|
||||
!ENGINE_set_destroy_function(e, opensc_engine_destroy) ||
|
||||
!ENGINE_set_init_function(e, opensc_engine_init) ||
|
||||
!ENGINE_set_finish_function(e, opensc_engine_finish) ||
|
||||
|
@ -187,8 +184,7 @@ static int bind_helper(ENGINE *e)
|
|||
!ENGINE_set_BN_mod_exp(e, BN_mod_exp) ||
|
||||
#endif
|
||||
!ENGINE_set_load_pubkey_function(e, opensc_load_public_key) ||
|
||||
!ENGINE_set_load_privkey_function(e, opensc_load_private_key) )
|
||||
{
|
||||
!ENGINE_set_load_privkey_function(e, opensc_load_private_key)) {
|
||||
return 0;
|
||||
} else {
|
||||
return 1;
|
||||
|
@ -197,12 +193,16 @@ static int bind_helper(ENGINE *e)
|
|||
|
||||
static int bind_fn(ENGINE * e, const char *id)
|
||||
{
|
||||
if(id && (strcmp(id, OPENSC_ENGINE_ID) != 0))
|
||||
{fprintf(stderr, "bad engine id");return 0;}
|
||||
if(!bind_helper(e))
|
||||
{fprintf(stderr, "bind failed"); return 0;}
|
||||
if (id && (strcmp(id, OPENSC_ENGINE_ID) != 0)) {
|
||||
fprintf(stderr, "bad engine id");
|
||||
return 0;
|
||||
}
|
||||
if (!bind_helper(e)) {
|
||||
fprintf(stderr, "bind failed");
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
IMPLEMENT_DYNAMIC_CHECK_FN()
|
||||
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
|
||||
IMPLEMENT_DYNAMIC_CHECK_FN();
|
||||
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn);
|
||||
|
|
|
@ -104,8 +104,7 @@ static int pkcs11_engine_destroy(ENGINE *e)
|
|||
static int pkcs11_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ())
|
||||
{
|
||||
/*int initialised = ((pkcs11_dso == NULL) ? 0 : 1); */
|
||||
switch(cmd)
|
||||
{
|
||||
switch (cmd) {
|
||||
case CMD_MODULE_PATH:
|
||||
return set_module((const char *) p);
|
||||
|
||||
|
@ -114,13 +113,14 @@ static int pkcs11_engine_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
|
|||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* set up default rsa_meth_st with overloaded rsa functions */
|
||||
/* the actual implementation needs to be in another object */
|
||||
|
||||
static int (*orig_finish) (RSA * rsa);
|
||||
|
||||
static int
|
||||
pkcs11_engine_rsa_finish(RSA* rsa) {
|
||||
static int pkcs11_engine_rsa_finish(RSA * rsa)
|
||||
{
|
||||
|
||||
pkcs11_rsa_finish(rsa);
|
||||
|
||||
|
@ -134,8 +134,7 @@ pkcs11_engine_rsa_finish(RSA* rsa) {
|
|||
* "dynamic" ENGINE support too */
|
||||
static int bind_helper(ENGINE * e)
|
||||
{
|
||||
if(
|
||||
!ENGINE_set_id(e, PKCS11_ENGINE_ID) ||
|
||||
if (!ENGINE_set_id(e, PKCS11_ENGINE_ID) ||
|
||||
!ENGINE_set_destroy_function(e, pkcs11_engine_destroy) ||
|
||||
!ENGINE_set_init_function(e, pkcs11_init) ||
|
||||
!ENGINE_set_finish_function(e, pkcs11_finish) ||
|
||||
|
@ -156,8 +155,7 @@ static int bind_helper(ENGINE *e)
|
|||
!ENGINE_set_BN_mod_exp(e, BN_mod_exp) ||
|
||||
#endif
|
||||
!ENGINE_set_load_pubkey_function(e, pkcs11_load_public_key) ||
|
||||
!ENGINE_set_load_privkey_function(e, pkcs11_load_private_key) )
|
||||
{
|
||||
!ENGINE_set_load_privkey_function(e, pkcs11_load_private_key)) {
|
||||
return 0;
|
||||
} else {
|
||||
return 1;
|
||||
|
@ -166,12 +164,16 @@ static int bind_helper(ENGINE *e)
|
|||
|
||||
static int bind_fn(ENGINE * e, const char *id)
|
||||
{
|
||||
if(id && (strcmp(id, PKCS11_ENGINE_ID) != 0))
|
||||
{fprintf(stderr, "bad engine id");return 0;}
|
||||
if(!bind_helper(e))
|
||||
{fprintf(stderr, "bind failed"); return 0;}
|
||||
if (id && (strcmp(id, PKCS11_ENGINE_ID) != 0)) {
|
||||
fprintf(stderr, "bad engine id");
|
||||
return 0;
|
||||
}
|
||||
if (!bind_helper(e)) {
|
||||
fprintf(stderr, "bind failed");
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
IMPLEMENT_DYNAMIC_CHECK_FN()
|
||||
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
|
||||
IMPLEMENT_DYNAMIC_CHECK_FN();
|
||||
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn);
|
||||
|
|
|
@ -12,15 +12,15 @@
|
|||
#include <string.h>
|
||||
|
||||
static int pkcs11_getattr_int(PKCS11_CTX *, CK_SESSION_HANDLE,
|
||||
CK_OBJECT_HANDLE, CK_ATTRIBUTE_TYPE,
|
||||
void *, size_t *);
|
||||
CK_OBJECT_HANDLE, CK_ATTRIBUTE_TYPE, void *, size_t *);
|
||||
|
||||
/*
|
||||
* Query pkcs11 attributes
|
||||
*/
|
||||
static int
|
||||
pkcs11_getattr_int(PKCS11_CTX * ctx, CK_SESSION_HANDLE session,
|
||||
CK_OBJECT_HANDLE o, CK_ATTRIBUTE_TYPE type, void *value, size_t *size)
|
||||
CK_OBJECT_HANDLE o, CK_ATTRIBUTE_TYPE type, void *value,
|
||||
size_t * size)
|
||||
{
|
||||
CK_ATTRIBUTE templ;
|
||||
int rv;
|
||||
|
@ -81,8 +81,7 @@ pkcs11_getattr_bn(PKCS11_TOKEN *token, CK_OBJECT_HANDLE object,
|
|||
/*
|
||||
* Add attributes to template
|
||||
*/
|
||||
void
|
||||
pkcs11_addattr(CK_ATTRIBUTE_PTR ap, int type, const void *data, size_t size)
|
||||
void pkcs11_addattr(CK_ATTRIBUTE_PTR ap, int type, const void *data, size_t size)
|
||||
{
|
||||
ap->type = type;
|
||||
ap->pValue = malloc(size);
|
||||
|
@ -91,22 +90,19 @@ pkcs11_addattr(CK_ATTRIBUTE_PTR ap, int type, const void *data, size_t size)
|
|||
}
|
||||
|
||||
/* In PKCS11, virtually every integer is a CK_ULONG */
|
||||
void
|
||||
pkcs11_addattr_int(CK_ATTRIBUTE_PTR ap, int type, unsigned long value)
|
||||
void pkcs11_addattr_int(CK_ATTRIBUTE_PTR ap, int type, unsigned long value)
|
||||
{
|
||||
CK_ULONG ulValue = value;
|
||||
|
||||
pkcs11_addattr(ap, type, &ulValue, sizeof(ulValue));
|
||||
}
|
||||
|
||||
void
|
||||
pkcs11_addattr_s(CK_ATTRIBUTE_PTR ap, int type, const char *s)
|
||||
void pkcs11_addattr_s(CK_ATTRIBUTE_PTR ap, int type, const char *s)
|
||||
{
|
||||
pkcs11_addattr(ap, type, s, s ? strlen(s) + 1 : 0);
|
||||
}
|
||||
|
||||
void
|
||||
pkcs11_addattr_bn(CK_ATTRIBUTE_PTR ap, int type, const BIGNUM *bn)
|
||||
void pkcs11_addattr_bn(CK_ATTRIBUTE_PTR ap, int type, const BIGNUM * bn)
|
||||
{
|
||||
unsigned char temp[1024];
|
||||
unsigned int n;
|
||||
|
@ -116,8 +112,7 @@ pkcs11_addattr_bn(CK_ATTRIBUTE_PTR ap, int type, const BIGNUM *bn)
|
|||
pkcs11_addattr(ap, type, temp, n);
|
||||
}
|
||||
|
||||
void
|
||||
pkcs11_addattr_obj(CK_ATTRIBUTE_PTR ap, int type, pkcs11_i2d_fn enc, void *obj)
|
||||
void pkcs11_addattr_obj(CK_ATTRIBUTE_PTR ap, int type, pkcs11_i2d_fn enc, void *obj)
|
||||
{
|
||||
unsigned char *p;
|
||||
|
||||
|
@ -127,8 +122,7 @@ pkcs11_addattr_obj(CK_ATTRIBUTE_PTR ap, int type, pkcs11_i2d_fn enc, void *obj)
|
|||
enc(obj, &p);
|
||||
}
|
||||
|
||||
void
|
||||
pkcs11_zap_attrs(CK_ATTRIBUTE_PTR ap, unsigned int n)
|
||||
void pkcs11_zap_attrs(CK_ATTRIBUTE_PTR ap, unsigned int n)
|
||||
{
|
||||
while (n--) {
|
||||
if (ap[n].pValue)
|
||||
|
|
|
@ -8,8 +8,7 @@
|
|||
#include <string.h>
|
||||
|
||||
static int pkcs11_find_certs(PKCS11_TOKEN *);
|
||||
static int pkcs11_next_cert(PKCS11_CTX *, PKCS11_TOKEN *,
|
||||
CK_SESSION_HANDLE);
|
||||
static int pkcs11_next_cert(PKCS11_CTX *, PKCS11_TOKEN *, CK_SESSION_HANDLE);
|
||||
static int pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
|
||||
CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o,
|
||||
PKCS11_CERT **);
|
||||
|
@ -28,8 +27,7 @@ static CK_ATTRIBUTE cert_search_attrs[] = {
|
|||
*/
|
||||
int
|
||||
PKCS11_enumerate_certs(PKCS11_TOKEN * token,
|
||||
PKCS11_CERT **certp,
|
||||
unsigned int *countp)
|
||||
PKCS11_CERT ** certp, unsigned int *countp)
|
||||
{
|
||||
PKCS11_TOKEN_private *priv = PRIVTOKEN(token);
|
||||
|
||||
|
@ -48,8 +46,7 @@ PKCS11_enumerate_certs(PKCS11_TOKEN *token,
|
|||
/*
|
||||
* Find certificate matching a key
|
||||
*/
|
||||
PKCS11_CERT *
|
||||
PKCS11_find_certificate(PKCS11_KEY *key)
|
||||
PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY * key)
|
||||
{
|
||||
PKCS11_KEY_private *kpriv;
|
||||
PKCS11_CERT_private *cpriv;
|
||||
|
@ -71,8 +68,7 @@ PKCS11_find_certificate(PKCS11_KEY *key)
|
|||
/*
|
||||
* Find all certs of a given type (public or private)
|
||||
*/
|
||||
int
|
||||
pkcs11_find_certs(PKCS11_TOKEN *token)
|
||||
int pkcs11_find_certs(PKCS11_TOKEN * token)
|
||||
{
|
||||
PKCS11_SLOT *slot = TOKEN2SLOT(token);
|
||||
PKCS11_CTX *ctx = TOKEN2CTX(token);
|
||||
|
@ -99,8 +95,7 @@ pkcs11_find_certs(PKCS11_TOKEN *token)
|
|||
}
|
||||
|
||||
int
|
||||
pkcs11_next_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
|
||||
CK_SESSION_HANDLE session)
|
||||
pkcs11_next_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token, CK_SESSION_HANDLE session)
|
||||
{
|
||||
CK_OBJECT_HANDLE obj;
|
||||
CK_ULONG count;
|
||||
|
@ -121,8 +116,7 @@ pkcs11_next_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
|
|||
|
||||
int
|
||||
pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
|
||||
CK_SESSION_HANDLE session, CK_OBJECT_HANDLE obj,
|
||||
PKCS11_CERT **ret)
|
||||
CK_SESSION_HANDLE session, CK_OBJECT_HANDLE obj, PKCS11_CERT ** ret)
|
||||
{
|
||||
PKCS11_TOKEN_private *tpriv;
|
||||
PKCS11_CERT_private *kpriv;
|
||||
|
@ -133,8 +127,7 @@ pkcs11_init_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
|
|||
size_t size;
|
||||
|
||||
size = sizeof(cert_type);
|
||||
if (pkcs11_getattr_var(token, obj, CKA_CERTIFICATE_TYPE,
|
||||
&cert_type, &size))
|
||||
if (pkcs11_getattr_var(token, obj, CKA_CERTIFICATE_TYPE, &cert_type, &size))
|
||||
return -1;
|
||||
|
||||
/* Ignore any certs we don't understand */
|
||||
|
@ -143,7 +136,8 @@ pkcs11_init_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
|
|||
|
||||
tpriv = PRIVTOKEN(token);
|
||||
tpriv->certs = (PKCS11_CERT *) OPENSSL_realloc(tpriv->certs,
|
||||
(tpriv->ncerts + 1) * sizeof(PKCS11_CERT));
|
||||
(tpriv->ncerts +
|
||||
1) * sizeof(PKCS11_CERT));
|
||||
|
||||
cert = tpriv->certs + tpriv->ncerts++;
|
||||
memset(cert, 0, sizeof(*cert));
|
||||
|
@ -179,8 +173,7 @@ pkcs11_init_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
|
|||
/*
|
||||
* Destroy all certs
|
||||
*/
|
||||
void
|
||||
pkcs11_destroy_certs(PKCS11_TOKEN *token)
|
||||
void pkcs11_destroy_certs(PKCS11_TOKEN * token)
|
||||
{
|
||||
PKCS11_TOKEN_private *priv = PRIVTOKEN(token);
|
||||
|
||||
|
@ -223,8 +216,7 @@ pkcs11_store_certificate(PKCS11_TOKEN *token, X509 *x509, char *label,
|
|||
/* Now build the template */
|
||||
pkcs11_addattr_int(attrs + n++, CKA_CLASS, CKO_CERTIFICATE);
|
||||
pkcs11_addattr_int(attrs + n++, CKA_CERTIFICATE_TYPE, CKC_X_509);
|
||||
pkcs11_addattr_obj(attrs + n++, CKA_VALUE,
|
||||
(pkcs11_i2d_fn) i2d_X509, x509);
|
||||
pkcs11_addattr_obj(attrs + n++, CKA_VALUE, (pkcs11_i2d_fn) i2d_X509, x509);
|
||||
if (label)
|
||||
pkcs11_addattr_s(attrs + n++, CKA_LABEL, label);
|
||||
if (id && id_len)
|
||||
|
@ -239,6 +231,5 @@ pkcs11_store_certificate(PKCS11_TOKEN *token, X509 *x509, char *label,
|
|||
CRYPTOKI_checkerr(PKCS11_F_PKCS11_STORE_CERTIFICATE, rv);
|
||||
|
||||
/* Gobble the key object */
|
||||
return pkcs11_init_cert(ctx, token, session,
|
||||
object, ret_cert);
|
||||
return pkcs11_init_cert(ctx, token, session, object, ret_cert);
|
||||
}
|
||||
|
|
|
@ -94,7 +94,6 @@ static ERR_STRING_DATA PKCS11_str_reasons[] = {
|
|||
{PKCS11_SYMBOL_NOT_FOUND_ERROR, "Symbol not found in PKCS#11 module"},
|
||||
{PKCS11_NOT_SUPPORTED, "Not supported"},
|
||||
{PKCS11_NO_SESSION, "No session open"},
|
||||
|
||||
{CKR_CANCEL, "Cancel"},
|
||||
{CKR_HOST_MEMORY, "Host memory error"},
|
||||
{CKR_SLOT_ID_INVALID, "Invalid slot ID"},
|
||||
|
@ -141,13 +140,11 @@ static ERR_STRING_DATA PKCS11_str_reasons[] = {
|
|||
{CKR_SESSION_CLOSED, "Session closed"},
|
||||
{CKR_SESSION_COUNT, "Session count"},
|
||||
{CKR_SESSION_HANDLE_INVALID, "Session handle invalid"},
|
||||
{CKR_SESSION_PARALLEL_NOT_SUPPORTED,
|
||||
"Session parallel not supported" },
|
||||
{CKR_SESSION_PARALLEL_NOT_SUPPORTED, "Session parallel not supported"},
|
||||
{CKR_SESSION_READ_ONLY, "Session read only"},
|
||||
{CKR_SESSION_EXISTS, "Session exists"},
|
||||
{CKR_SESSION_READ_ONLY_EXISTS, "Read-only session exists"},
|
||||
{CKR_SESSION_READ_WRITE_SO_EXISTS,
|
||||
"Read/write SO session exists" },
|
||||
{CKR_SESSION_READ_WRITE_SO_EXISTS, "Read/write SO session exists"},
|
||||
{CKR_SIGNATURE_INVALID, "Signature invalid"},
|
||||
{CKR_SIGNATURE_LEN_RANGE, "Signature len range"},
|
||||
{CKR_TEMPLATE_INCOMPLETE, "Incomplete template"},
|
||||
|
@ -155,25 +152,20 @@ static ERR_STRING_DATA PKCS11_str_reasons[] = {
|
|||
{CKR_TOKEN_NOT_PRESENT, "No PKCS#11 token present"},
|
||||
{CKR_TOKEN_NOT_RECOGNIZED, "PKCS#11 token not recognized"},
|
||||
{CKR_TOKEN_WRITE_PROTECTED, "Token write protected"},
|
||||
{CKR_UNWRAPPING_KEY_HANDLE_INVALID,
|
||||
"Unwrapping key handle invalid" },
|
||||
{CKR_UNWRAPPING_KEY_HANDLE_INVALID, "Unwrapping key handle invalid"},
|
||||
{CKR_UNWRAPPING_KEY_SIZE_RANGE, "Unwrapping key size range"},
|
||||
{CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT,
|
||||
"Unwrapping key type inconsistent" },
|
||||
{CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, "Unwrapping key type inconsistent"},
|
||||
{CKR_USER_ALREADY_LOGGED_IN, "User already logged in"},
|
||||
{CKR_USER_NOT_LOGGED_IN, "User not logged in"},
|
||||
{CKR_USER_PIN_NOT_INITIALIZED, "User pin not initialized"},
|
||||
{CKR_USER_TYPE_INVALID, "User type invalid"},
|
||||
{CKR_USER_ANOTHER_ALREADY_LOGGED_IN,
|
||||
"User another is already logged in" },
|
||||
{CKR_USER_ANOTHER_ALREADY_LOGGED_IN, "User another is already logged in"},
|
||||
{CKR_USER_TOO_MANY_TYPES, "User too many types"},
|
||||
{CKR_WRAPPED_KEY_INVALID, "Wrapped key invalid"},
|
||||
{CKR_WRAPPED_KEY_LEN_RANGE, "Wrapped key len range"},
|
||||
{CKR_WRAPPING_KEY_HANDLE_INVALID,
|
||||
"Wrapping key handle invalid" },
|
||||
{CKR_WRAPPING_KEY_HANDLE_INVALID, "Wrapping key handle invalid"},
|
||||
{CKR_WRAPPING_KEY_SIZE_RANGE, "Wrapping key size range"},
|
||||
{CKR_WRAPPING_KEY_TYPE_INCONSISTENT,
|
||||
"Wrapping key type inconsistent" },
|
||||
{CKR_WRAPPING_KEY_TYPE_INCONSISTENT, "Wrapping key type inconsistent"},
|
||||
{CKR_RANDOM_SEED_NOT_SUPPORTED, "Random seed not supported"},
|
||||
{CKR_RANDOM_NO_RNG, "Random no rng"},
|
||||
{CKR_DOMAIN_PARAMS_INVALID, "Domain params invalid"},
|
||||
|
@ -182,8 +174,7 @@ static ERR_STRING_DATA PKCS11_str_reasons[] = {
|
|||
{CKR_INFORMATION_SENSITIVE, "Information sensitive"},
|
||||
{CKR_STATE_UNSAVEABLE, "State unsaveable"},
|
||||
{CKR_CRYPTOKI_NOT_INITIALIZED, "Cryptoki not initialized"},
|
||||
{CKR_CRYPTOKI_ALREADY_INITIALIZED,
|
||||
"Cryptoki already initialized" },
|
||||
{CKR_CRYPTOKI_ALREADY_INITIALIZED, "Cryptoki already initialized"},
|
||||
{CKR_MUTEX_BAD, "Mutex bad"},
|
||||
{CKR_MUTEX_NOT_LOCKED, "Mutex not locked"},
|
||||
{CKR_VENDOR_DEFINED, "Vendor defined"},
|
||||
|
@ -191,8 +182,7 @@ static ERR_STRING_DATA PKCS11_str_reasons[] = {
|
|||
};
|
||||
#endif
|
||||
|
||||
void
|
||||
ERR_load_PKCS11_strings(void)
|
||||
void ERR_load_PKCS11_strings(void)
|
||||
{
|
||||
static int init = 1;
|
||||
|
||||
|
|
|
@ -65,11 +65,9 @@ static int pkcs11_init_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
|
|||
CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o,
|
||||
CK_OBJECT_CLASS type, PKCS11_KEY **);
|
||||
static int pkcs11_store_private_key(PKCS11_TOKEN *, EVP_PKEY *, char *,
|
||||
unsigned char *, unsigned int,
|
||||
PKCS11_KEY **);
|
||||
unsigned char *, unsigned int, PKCS11_KEY **);
|
||||
static int pkcs11_store_public_key(PKCS11_TOKEN *, EVP_PKEY *, char *,
|
||||
unsigned char *, unsigned int,
|
||||
PKCS11_KEY **);
|
||||
unsigned char *, unsigned int, PKCS11_KEY **);
|
||||
|
||||
static CK_OBJECT_CLASS key_search_class;
|
||||
static CK_ATTRIBUTE key_search_attrs[] = {
|
||||
|
@ -82,9 +80,7 @@ static CK_ATTRIBUTE key_search_attrs[] = {
|
|||
* For now, we enumerate just the private keys.
|
||||
*/
|
||||
int
|
||||
PKCS11_enumerate_keys(PKCS11_TOKEN *token,
|
||||
PKCS11_KEY **keyp,
|
||||
unsigned int *countp)
|
||||
PKCS11_enumerate_keys(PKCS11_TOKEN * token, PKCS11_KEY ** keyp, unsigned int *countp)
|
||||
{
|
||||
PKCS11_TOKEN_private *priv = PRIVTOKEN(token);
|
||||
|
||||
|
@ -108,8 +104,7 @@ PKCS11_enumerate_keys(PKCS11_TOKEN *token,
|
|||
/*
|
||||
* Store a private key on the token
|
||||
*/
|
||||
int
|
||||
PKCS11_store_private_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label)
|
||||
int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label)
|
||||
{
|
||||
if (pkcs11_store_private_key(token, pk, label, NULL, 0, NULL))
|
||||
return -1;
|
||||
|
@ -123,8 +118,7 @@ PKCS11_store_private_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label)
|
|||
*/
|
||||
int
|
||||
PKCS11_generate_key(PKCS11_TOKEN * token,
|
||||
int algorithm, unsigned int bits,
|
||||
char *label)
|
||||
int algorithm, unsigned int bits, char *label)
|
||||
{
|
||||
PKCS11_KEY *key_obj;
|
||||
EVP_PKEY *pk;
|
||||
|
@ -133,8 +127,7 @@ PKCS11_generate_key(PKCS11_TOKEN *token,
|
|||
int rc;
|
||||
|
||||
if (algorithm != EVP_PKEY_RSA) {
|
||||
PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY,
|
||||
PKCS11_NOT_SUPPORTED);
|
||||
PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY, PKCS11_NOT_SUPPORTED);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
@ -142,8 +135,7 @@ PKCS11_generate_key(PKCS11_TOKEN *token,
|
|||
rsa = RSA_generate_key(bits, 0x10001, NULL, err);
|
||||
BIO_free(err);
|
||||
if (rsa == NULL) {
|
||||
PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY,
|
||||
PKCS11_KEYGEN_FAILED);
|
||||
PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY, PKCS11_KEYGEN_FAILED);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
@ -165,8 +157,7 @@ PKCS11_generate_key(PKCS11_TOKEN *token,
|
|||
/*
|
||||
* Get the key type
|
||||
*/
|
||||
int
|
||||
PKCS11_get_key_type(PKCS11_KEY *key)
|
||||
int PKCS11_get_key_type(PKCS11_KEY * key)
|
||||
{
|
||||
PKCS11_KEY_private *priv = PRIVKEY(key);
|
||||
|
||||
|
@ -177,8 +168,7 @@ PKCS11_get_key_type(PKCS11_KEY *key)
|
|||
* Create a key object that will allow an OpenSSL application
|
||||
* to use the token via an EVP_PKEY
|
||||
*/
|
||||
EVP_PKEY *
|
||||
PKCS11_get_private_key(PKCS11_KEY *key)
|
||||
EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY * key)
|
||||
{
|
||||
PKCS11_KEY_private *priv = PRIVKEY(key);
|
||||
EVP_PKEY *pk;
|
||||
|
@ -196,8 +186,7 @@ PKCS11_get_private_key(PKCS11_KEY *key)
|
|||
/*
|
||||
* Find all keys of a given type (public or private)
|
||||
*/
|
||||
int
|
||||
pkcs11_find_keys(PKCS11_TOKEN *token, unsigned int type)
|
||||
int pkcs11_find_keys(PKCS11_TOKEN * token, unsigned int type)
|
||||
{
|
||||
PKCS11_SLOT *slot = TOKEN2SLOT(token);
|
||||
PKCS11_CTX *ctx = TOKEN2CTX(token);
|
||||
|
@ -247,8 +236,7 @@ pkcs11_next_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
|
|||
int
|
||||
pkcs11_init_key(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
|
||||
CK_SESSION_HANDLE session, CK_OBJECT_HANDLE obj,
|
||||
CK_OBJECT_CLASS type,
|
||||
PKCS11_KEY **ret)
|
||||
CK_OBJECT_CLASS type, PKCS11_KEY ** ret)
|
||||
{
|
||||
PKCS11_TOKEN_private *tpriv;
|
||||
PKCS11_KEY_private *kpriv;
|
||||
|
@ -274,7 +262,8 @@ pkcs11_init_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
|
|||
|
||||
tpriv = PRIVTOKEN(token);
|
||||
tpriv->keys = (PKCS11_KEY *) OPENSSL_realloc(tpriv->keys,
|
||||
(tpriv->nkeys + 1) * sizeof(PKCS11_KEY));
|
||||
(tpriv->nkeys +
|
||||
1) * sizeof(PKCS11_KEY));
|
||||
|
||||
key = tpriv->keys + tpriv->nkeys++;
|
||||
memset(key, 0, sizeof(*key));
|
||||
|
@ -305,8 +294,7 @@ pkcs11_init_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
|
|||
/*
|
||||
* Destroy all keys
|
||||
*/
|
||||
void
|
||||
pkcs11_destroy_keys(PKCS11_TOKEN *token)
|
||||
void pkcs11_destroy_keys(PKCS11_TOKEN * token)
|
||||
{
|
||||
PKCS11_TOKEN_private *priv = PRIVTOKEN(token);
|
||||
|
||||
|
@ -363,8 +351,7 @@ pkcs11_store_private_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label,
|
|||
if (id && id_len)
|
||||
pkcs11_addattr(attrs + n++, CKA_ID, id, id_len);
|
||||
} else {
|
||||
PKCS11err(PKCS11_F_PKCS11_STORE_PRIVATE_KEY,
|
||||
PKCS11_NOT_SUPPORTED);
|
||||
PKCS11err(PKCS11_F_PKCS11_STORE_PRIVATE_KEY, PKCS11_NOT_SUPPORTED);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
@ -415,8 +402,7 @@ pkcs11_store_public_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label,
|
|||
if (id && id_len)
|
||||
pkcs11_addattr(attrs + n++, CKA_ID, id, id_len);
|
||||
} else {
|
||||
PKCS11err(PKCS11_F_PKCS11_STORE_PUBLIC_KEY,
|
||||
PKCS11_NOT_SUPPORTED);
|
||||
PKCS11err(PKCS11_F_PKCS11_STORE_PUBLIC_KEY, PKCS11_NOT_SUPPORTED);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
@ -429,6 +415,5 @@ pkcs11_store_public_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label,
|
|||
CRYPTOKI_checkerr(PKCS11_F_PKCS11_STORE_PUBLIC_KEY, rv);
|
||||
|
||||
/* Gobble the key object */
|
||||
return pkcs11_init_key(ctx, token, session,
|
||||
object, CKO_PUBLIC_KEY, ret_key);
|
||||
return pkcs11_init_key(ctx, token, session, object, CKO_PUBLIC_KEY, ret_key);
|
||||
}
|
||||
|
|
|
@ -63,8 +63,7 @@ static void *handle = NULL;
|
|||
/*
|
||||
* Create a new context
|
||||
*/
|
||||
PKCS11_CTX *
|
||||
PKCS11_CTX_new(void)
|
||||
PKCS11_CTX *PKCS11_CTX_new(void)
|
||||
{
|
||||
PKCS11_CTX_private *priv;
|
||||
PKCS11_CTX *ctx;
|
||||
|
@ -85,8 +84,7 @@ PKCS11_CTX_new(void)
|
|||
/*
|
||||
* Load the shared library, and initialize it.
|
||||
*/
|
||||
int
|
||||
PKCS11_CTX_load(PKCS11_CTX *ctx, const char *name)
|
||||
int PKCS11_CTX_load(PKCS11_CTX * ctx, const char *name)
|
||||
{
|
||||
PKCS11_CTX_private *priv = PRIVCTX(ctx);
|
||||
CK_INFO ck_info;
|
||||
|
@ -119,8 +117,7 @@ PKCS11_CTX_load(PKCS11_CTX *ctx, const char *name)
|
|||
/*
|
||||
* Unload the shared library
|
||||
*/
|
||||
void
|
||||
PKCS11_CTX_unload(PKCS11_CTX *ctx)
|
||||
void PKCS11_CTX_unload(PKCS11_CTX * ctx)
|
||||
{
|
||||
PKCS11_CTX_private *priv;
|
||||
priv = PRIVCTX(ctx);
|
||||
|
@ -138,8 +135,7 @@ PKCS11_CTX_unload(PKCS11_CTX *ctx)
|
|||
/*
|
||||
* Free a context
|
||||
*/
|
||||
void
|
||||
PKCS11_CTX_free(PKCS11_CTX *ctx)
|
||||
void PKCS11_CTX_free(PKCS11_CTX * ctx)
|
||||
{
|
||||
PKCS11_CTX_unload(ctx); /* Make sure */
|
||||
OPENSSL_free(ctx->manufacturer);
|
||||
|
|
|
@ -59,8 +59,7 @@
|
|||
#include <string.h>
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
void *
|
||||
pkcs11_malloc(size_t size)
|
||||
void *pkcs11_malloc(size_t size)
|
||||
{
|
||||
void *p = OPENSSL_malloc(size);
|
||||
memset(p, 0, size);
|
||||
|
@ -71,8 +70,7 @@ pkcs11_malloc(size_t size)
|
|||
* so when strduping them we must make sure
|
||||
* we stop at the end of the buffer, and while we're
|
||||
* at it it's nice to remove the padding */
|
||||
char *
|
||||
pkcs11_strdup(char *mem, size_t size)
|
||||
char *pkcs11_strdup(char *mem, size_t size)
|
||||
{
|
||||
char *res;
|
||||
|
||||
|
@ -87,8 +85,7 @@ pkcs11_strdup(char *mem, size_t size)
|
|||
/*
|
||||
* Dup memory
|
||||
*/
|
||||
void *
|
||||
memdup(const void *src, size_t size)
|
||||
void *memdup(const void *src, size_t size)
|
||||
{
|
||||
void *dst;
|
||||
|
||||
|
|
|
@ -77,8 +77,7 @@ RSA_METHOD * pkcs11_get_rsa_method(void);
|
|||
/*
|
||||
* Get RSA key material
|
||||
*/
|
||||
int
|
||||
pkcs11_get_rsa_private(PKCS11_KEY *key, EVP_PKEY *pk)
|
||||
int pkcs11_get_rsa_private(PKCS11_KEY * key, EVP_PKEY * pk)
|
||||
{
|
||||
CK_BBOOL sensitive, extractable;
|
||||
RSA *rsa;
|
||||
|
@ -112,8 +111,7 @@ pkcs11_get_rsa_private(PKCS11_KEY *key, EVP_PKEY *pk)
|
|||
return -1;
|
||||
}
|
||||
|
||||
int
|
||||
pkcs11_get_rsa_public(PKCS11_KEY *key, EVP_PKEY *pk)
|
||||
int pkcs11_get_rsa_public(PKCS11_KEY * key, EVP_PKEY * pk)
|
||||
{
|
||||
/* TBD */
|
||||
return 0;
|
||||
|
@ -175,7 +173,8 @@ pkcs11_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
|
|||
* by OpenSSL). The library assumes that the memory passed
|
||||
* by the caller is always big enough */
|
||||
sigsize = BN_num_bytes(rsa->n);
|
||||
rv = CRYPTOKI_call(ctx, C_Sign(session, (CK_BYTE *) m, m_len, sigret, &sigsize));
|
||||
rv = CRYPTOKI_call(ctx,
|
||||
C_Sign(session, (CK_BYTE *) m, m_len, sigret, &sigsize));
|
||||
if (rv)
|
||||
goto fail;
|
||||
|
||||
|
@ -213,8 +212,7 @@ pkcs11_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
|
|||
/*
|
||||
* Overload the default OpenSSL methods for RSA
|
||||
*/
|
||||
RSA_METHOD *
|
||||
pkcs11_get_rsa_method(void)
|
||||
RSA_METHOD *pkcs11_get_rsa_method(void)
|
||||
{
|
||||
static RSA_METHOD ops;
|
||||
|
||||
|
|
|
@ -67,9 +67,7 @@ static void pkcs11_destroy_token(PKCS11_TOKEN *);
|
|||
* Enumerate slots
|
||||
*/
|
||||
int
|
||||
PKCS11_enumerate_slots(PKCS11_CTX *ctx,
|
||||
PKCS11_SLOT **slotp,
|
||||
unsigned int *countp)
|
||||
PKCS11_enumerate_slots(PKCS11_CTX * ctx, PKCS11_SLOT ** slotp, unsigned int *countp)
|
||||
{
|
||||
PKCS11_CTX_private *priv = PRIVCTX(ctx);
|
||||
|
||||
|
@ -82,8 +80,7 @@ PKCS11_enumerate_slots(PKCS11_CTX *ctx,
|
|||
rv = priv->method->C_GetSlotList(FALSE, slotid, &nslots);
|
||||
CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_SLOTS, rv);
|
||||
|
||||
slots = (PKCS11_SLOT *) pkcs11_malloc(nslots
|
||||
* sizeof(PKCS11_SLOT));
|
||||
slots = (PKCS11_SLOT *) pkcs11_malloc(nslots * sizeof(PKCS11_SLOT));
|
||||
for (n = 0; n < nslots; n++) {
|
||||
if (pkcs11_init_slot(ctx, &slots[n], slotid[n])) {
|
||||
while (n--)
|
||||
|
@ -104,8 +101,7 @@ PKCS11_enumerate_slots(PKCS11_CTX *ctx,
|
|||
/*
|
||||
* Find a slot with a token that looks "valuable"
|
||||
*/
|
||||
PKCS11_SLOT *
|
||||
PKCS11_find_token(PKCS11_CTX *ctx)
|
||||
PKCS11_SLOT *PKCS11_find_token(PKCS11_CTX * ctx)
|
||||
{
|
||||
PKCS11_SLOT *slot_list, *slot, *best;
|
||||
PKCS11_TOKEN *tok;
|
||||
|
@ -130,8 +126,7 @@ PKCS11_find_token(PKCS11_CTX *ctx)
|
|||
/*
|
||||
* Open a session with this slot
|
||||
*/
|
||||
int
|
||||
PKCS11_open_session(PKCS11_SLOT *slot, int rw)
|
||||
int PKCS11_open_session(PKCS11_SLOT * slot, int rw)
|
||||
{
|
||||
PKCS11_SLOT_private *priv = PRIVSLOT(slot);
|
||||
PKCS11_CTX *ctx = SLOT2CTX(slot);
|
||||
|
@ -143,8 +138,9 @@ PKCS11_open_session(PKCS11_SLOT *slot, int rw)
|
|||
}
|
||||
rv = CRYPTOKI_call(ctx,
|
||||
C_OpenSession(priv->id,
|
||||
CKF_SERIAL_SESSION | (rw? CKF_RW_SESSION : 0),
|
||||
NULL, NULL, &priv->session));
|
||||
CKF_SERIAL_SESSION | (rw ? CKF_RW_SESSION :
|
||||
0), NULL, NULL,
|
||||
&priv->session));
|
||||
CRYPTOKI_checkerr(PKCS11_F_PKCS11_OPEN_SESSION, rv);
|
||||
priv->haveSession = 1;
|
||||
|
||||
|
@ -154,8 +150,7 @@ PKCS11_open_session(PKCS11_SLOT *slot, int rw)
|
|||
/*
|
||||
* Authenticate with the card
|
||||
*/
|
||||
int
|
||||
PKCS11_login(PKCS11_SLOT *slot, int so, char *pin)
|
||||
int PKCS11_login(PKCS11_SLOT * slot, int so, char *pin)
|
||||
{
|
||||
PKCS11_SLOT_private *priv = PRIVSLOT(slot);
|
||||
PKCS11_CTX *ctx = priv->parent;
|
||||
|
@ -188,8 +183,7 @@ PKCS11_login(PKCS11_SLOT *slot, int so, char *pin)
|
|||
/*
|
||||
* Log out
|
||||
*/
|
||||
int
|
||||
PKCS11_logout(PKCS11_SLOT *slot)
|
||||
int PKCS11_logout(PKCS11_SLOT * slot)
|
||||
{
|
||||
PKCS11_SLOT_private *priv = PRIVSLOT(slot);
|
||||
PKCS11_CTX *ctx = priv->parent;
|
||||
|
@ -213,8 +207,7 @@ PKCS11_logout(PKCS11_SLOT *slot)
|
|||
/*
|
||||
* Initialize the token
|
||||
*/
|
||||
int
|
||||
PKCS11_init_token(PKCS11_TOKEN *token, char *pin, char *label)
|
||||
int PKCS11_init_token(PKCS11_TOKEN * token, char *pin, char *label)
|
||||
{
|
||||
PKCS11_SLOT_private *priv = PRIVSLOT(TOKEN2SLOT(token));
|
||||
PKCS11_CTX_private *cpriv;
|
||||
|
@ -224,7 +217,8 @@ PKCS11_init_token(PKCS11_TOKEN *token, char *pin, char *label)
|
|||
if (!label)
|
||||
label = "PKCS#11 Token";
|
||||
rv = CRYPTOKI_call(ctx, C_InitToken(priv->id,
|
||||
(CK_UTF8CHAR *) pin, strlen(pin), (CK_UTF8CHAR *) label));
|
||||
(CK_UTF8CHAR *) pin, strlen(pin),
|
||||
(CK_UTF8CHAR *) label));
|
||||
CRYPTOKI_checkerr(PKCS11_F_PKCS11_INIT_TOKEN, rv);
|
||||
|
||||
cpriv = PRIVCTX(ctx);
|
||||
|
@ -239,8 +233,7 @@ PKCS11_init_token(PKCS11_TOKEN *token, char *pin, char *label)
|
|||
/*
|
||||
* Set the User PIN
|
||||
*/
|
||||
int
|
||||
PKCS11_init_pin(PKCS11_TOKEN *token, char *pin)
|
||||
int PKCS11_init_pin(PKCS11_TOKEN * token, char *pin)
|
||||
{
|
||||
PKCS11_SLOT_private *priv = PRIVSLOT(TOKEN2SLOT(token));
|
||||
PKCS11_CTX *ctx = priv->parent;
|
||||
|
@ -261,8 +254,7 @@ PKCS11_init_pin(PKCS11_TOKEN *token, char *pin)
|
|||
/*
|
||||
* Helper functions
|
||||
*/
|
||||
int
|
||||
pkcs11_init_slot(PKCS11_CTX *ctx, PKCS11_SLOT *slot, CK_SLOT_ID id)
|
||||
int pkcs11_init_slot(PKCS11_CTX * ctx, PKCS11_SLOT * slot, CK_SLOT_ID id)
|
||||
{
|
||||
PKCS11_SLOT_private *priv;
|
||||
CK_SLOT_INFO info;
|
||||
|
@ -286,8 +278,7 @@ pkcs11_init_slot(PKCS11_CTX *ctx, PKCS11_SLOT *slot, CK_SLOT_ID id)
|
|||
return 0;
|
||||
}
|
||||
|
||||
void
|
||||
pkcs11_destroy_all_slots(PKCS11_CTX *ctx)
|
||||
void pkcs11_destroy_all_slots(PKCS11_CTX * ctx)
|
||||
{
|
||||
PKCS11_CTX_private *priv = PRIVCTX(ctx);
|
||||
|
||||
|
@ -298,8 +289,7 @@ pkcs11_destroy_all_slots(PKCS11_CTX *ctx)
|
|||
priv->nslots = -1;
|
||||
}
|
||||
|
||||
void
|
||||
pkcs11_destroy_slot(PKCS11_CTX *ctx, PKCS11_SLOT *slot)
|
||||
void pkcs11_destroy_slot(PKCS11_CTX * ctx, PKCS11_SLOT * slot)
|
||||
{
|
||||
PKCS11_SLOT_private *priv = PRIVSLOT(slot);
|
||||
|
||||
|
@ -314,8 +304,7 @@ pkcs11_destroy_slot(PKCS11_CTX *ctx, PKCS11_SLOT *slot)
|
|||
memset(slot, 0, sizeof(*slot));
|
||||
}
|
||||
|
||||
int
|
||||
pkcs11_check_token(PKCS11_CTX *ctx, PKCS11_SLOT *slot)
|
||||
int pkcs11_check_token(PKCS11_CTX * ctx, PKCS11_SLOT * slot)
|
||||
{
|
||||
PKCS11_SLOT_private *priv = PRIVSLOT(slot);
|
||||
PKCS11_TOKEN_private *tpriv;
|
||||
|
@ -355,8 +344,7 @@ pkcs11_check_token(PKCS11_CTX *ctx, PKCS11_SLOT *slot)
|
|||
return 0;
|
||||
}
|
||||
|
||||
void
|
||||
pkcs11_destroy_token(PKCS11_TOKEN *token)
|
||||
void pkcs11_destroy_token(PKCS11_TOKEN * token)
|
||||
{
|
||||
/* XXX destroy keys associated with this token */
|
||||
OPENSSL_free(token->label);
|
||||
|
|
|
@ -87,12 +87,6 @@ ERR_PUT_error(ERR_LIB_PKCS11,(f),(r),__FILE__,__LINE__)
|
|||
*
|
||||
* - no support for any operations that alter the card,
|
||||
* i.e. readonly-login
|
||||
*
|
||||
* Rather than include the complete PKCS#11 type definition
|
||||
* header file here, I'm defining my own bunch of types,
|
||||
* leaving out those that are not needed.
|
||||
* I also hope that they will be more in line with OpenSSL
|
||||
* coding style.
|
||||
*/
|
||||
|
||||
/* PKCS11 key object (public or private) */
|
||||
|
@ -158,8 +152,7 @@ extern int PKCS11_login(PKCS11_SLOT *, int so, char *pin);
|
|||
extern int PKCS11_logout(PKCS11_SLOT *);
|
||||
|
||||
/* Get a list of all keys associated with this token */
|
||||
extern int PKCS11_enumerate_keys(PKCS11_TOKEN *,
|
||||
PKCS11_KEY **, unsigned int *);
|
||||
extern int PKCS11_enumerate_keys(PKCS11_TOKEN *, PKCS11_KEY **, unsigned int *);
|
||||
|
||||
/* Get the key type (as EVP_PKEY_XXX) */
|
||||
extern int PKCS11_get_key_type(PKCS11_KEY *);
|
||||
|
@ -171,21 +164,17 @@ extern EVP_PKEY * PKCS11_get_private_key(PKCS11_KEY *);
|
|||
extern PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *);
|
||||
|
||||
/* Get a list of all certificates associated with this token */
|
||||
extern int PKCS11_enumerate_certs(PKCS11_TOKEN *,
|
||||
PKCS11_CERT **, unsigned int *);
|
||||
extern int PKCS11_enumerate_certs(PKCS11_TOKEN *, PKCS11_CERT **, unsigned int *);
|
||||
|
||||
/* Initialize a token */
|
||||
extern int PKCS11_init_token(PKCS11_TOKEN *,
|
||||
char *pin, char *label);
|
||||
extern int PKCS11_init_token(PKCS11_TOKEN *, char *pin, char *label);
|
||||
|
||||
/* Initialize the user PIN on a token */
|
||||
extern int PKCS11_init_pin(PKCS11_TOKEN *, char *pin);
|
||||
|
||||
/* Store various objects on the token */
|
||||
extern int PKCS11_generate_key(PKCS11_TOKEN *, int,
|
||||
unsigned int, char *);
|
||||
extern int PKCS11_store_private_key(PKCS11_TOKEN *,
|
||||
EVP_PKEY *, char *);
|
||||
extern int PKCS11_generate_key(PKCS11_TOKEN *, int, unsigned int, char *);
|
||||
extern int PKCS11_store_private_key(PKCS11_TOKEN *, EVP_PKEY *, char *);
|
||||
|
||||
/* Load PKCS11 error strings */
|
||||
extern void ERR_load_PKCS11_strings(void);
|
||||
|
@ -240,8 +229,7 @@ typedef struct pkcs11_ctx_private {
|
|||
|
||||
typedef struct pkcs11_slot_private {
|
||||
PKCS11_CTX *parent;
|
||||
unsigned char haveSession,
|
||||
loggedIn;
|
||||
unsigned char haveSession, loggedIn;
|
||||
CK_SLOT_ID id;
|
||||
CK_SESSION_HANDLE session;
|
||||
} PKCS11_SLOT_private;
|
||||
|
@ -333,8 +321,7 @@ extern void pkcs11_addattr(CK_ATTRIBUTE_PTR, int, const void *, size_t);
|
|||
extern void pkcs11_addattr_int(CK_ATTRIBUTE_PTR, int, unsigned long);
|
||||
extern void pkcs11_addattr_s(CK_ATTRIBUTE_PTR, int, const char *);
|
||||
extern void pkcs11_addattr_bn(CK_ATTRIBUTE_PTR, int, const BIGNUM *);
|
||||
extern void pkcs11_addattr_obj(CK_ATTRIBUTE_PTR, int,
|
||||
pkcs11_i2d_fn, void *);
|
||||
extern void pkcs11_addattr_obj(CK_ATTRIBUTE_PTR, int, pkcs11_i2d_fn, void *);
|
||||
extern void pkcs11_zap_attrs(CK_ATTRIBUTE_PTR, unsigned int);
|
||||
|
||||
extern void *memdup(const void *, size_t);
|
||||
|
|
Loading…
Reference in New Issue