Updates.

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@19 c6295689-39f2-0310-b995-f0e70906c6a9

src/pkcs11/README

@@ -36,3 +36,31 @@ than mozilla. Otherwise all stuff is untested.
 
 Please note that the library currently writes debug log to
 /tmp/libsc-pkcs11.log.
+
+
+
+
+C_CreateObject(1, 0xbfffe484, 8, 0x-1073748876)
+	CKA_CLASS, CKO_PUBLIC_KEY	
+	CKA_KEY_TYPE, CKK_RSA
+	CKA_TOKEN, 00
+	CKA_WRAP, TRUE
+	CKA_ENCRYPT, TRUE
+	CKA_VERIFY, TRUE
+	CKA_MODULUS
+	CKA_PUBLIC_EXPOTENT, 100001
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

src/pkcs11/generic.c

@@ -178,8 +178,8 @@ CK_RV C_GetMechanismList(CK_SLOT_ID slotID,
                          CK_ULONG_PTR pulCount)
 {
 	static const CK_MECHANISM_TYPE mechanism_list[] = {
-		CKM_RSA_PKCS,
-		CKM_RSA_X_509
+		//CKM_RSA_PKCS,
+		//CKM_RSA_X_509
 	};
         const int numMechanisms = sizeof(mechanism_list) / sizeof(mechanism_list[0]);
 

src/pkcs11/object.c

@@ -13,7 +13,7 @@ static void dump_template(char *info, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCou
 		unsigned char *value = (unsigned char*) pTemplate[i].pValue;
 
 		if (pTemplate[i].pValue) {
-			if (pTemplate[i].ulValueLen < 16) {
+			if (pTemplate[i].ulValueLen < 32) {
 				for (j = 0; j < pTemplate[i].ulValueLen; j++)
 					sprintf(&foo[j*2], "%02X", value[j]);
 
@@ -37,6 +37,8 @@ CK_RV C_CreateObject(CK_SESSION_HANDLE hSession,    /* the session's handle */
 		     CK_OBJECT_HANDLE_PTR phObject) /* receives new object's handle. */
 {
         LOG("C_CreateObject(%d, 0x%x, %d, 0x%d)\n", hSession, pTemplate, ulCount, phObject);
+	dump_template("C_CreateObject", pTemplate, ulCount);
+
         return CKR_FUNCTION_NOT_SUPPORTED;
 }
 
@@ -76,7 +78,6 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,   /* the session's handle
         int i, j;
 
         LOG("C_GetAttributeValue(%d, %d, 0x%x, %d)\n", hSession, hObject, pTemplate, ulCount);
-	dump_template("C_GetAttributeValue", pTemplate, ulCount);
 
 	if (hSession < 1 || hSession > PKCS11_MAX_SESSIONS || session[hSession] == NULL)
 		return CKR_SESSION_HANDLE_INVALID;
@@ -87,9 +88,6 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,   /* the session's handle
 
 	object = slt->object[hObject];
 
-	LOG("C_GetAttributeValue: Slot %d, Object: 0x%x,  Attributes: %d\n",
-	    session[hSession]->slot, object, object->num_attributes);
-
 	for (i = 0; i < ulCount; i++) {
 		// For each request attribute
 
@@ -127,6 +125,7 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,   /* the session's handle
 		}
 
 		// 5. Otherwise set length to minus one
+		LOG("C_GetAttributeValue: Attribute 0x%x ignored\n", pTemplate[i].type);
 		pTemplate[i].ulValueLen = -1;
 	}
 
@@ -217,6 +216,7 @@ CK_RV C_FindObjects(CK_SESSION_HANDLE    hSession,          /* the session's han
 
         ses->search.position += to_return;
 
+	LOG("C_FindObjects: returning %d matching objects\n", to_return);
         return CKR_OK;
 }
 

src/pkcs11/session.c

@@ -136,8 +136,13 @@ CK_RV C_Login(CK_SESSION_HANDLE hSession,  /* the session's handle */
 	    ses->state != CKS_RW_PUBLIC_SESSION)
                 return CKR_USER_ALREADY_LOGGED_IN;
 
+#if 1
 	LOG("Master PIN code verification starts.\n");
         rc = sc_pkcs15_verify_pin(card, &card->pin_info[0], pPin, ulPinLen);
+#else
+	LOG("MASTER PIN VERIFICATION SKIPPED!\n");
+        rc = 0;
+#endif
 	switch (rc) {
 	case 0:
                 LOG("Master PIN code verified succesfully.\n");

src/pkcs11/slot.c

@@ -2,70 +2,61 @@
 #include <malloc.h>
 #include "sc-pkcs11.h"
 
-static CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE;
-static CK_BYTE cert_value[] =
-"\x30\x82\x03\x8f\x30\x82\x02\x77\xa0\x03\x02\x01\x02\x02\x02\x68\xf6\x30\x0d\x06"
-"\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x4c\x31\x0b\x30\x09\x06\x03"
-"\x55\x04\x06\x13\x02\x46\x49\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x14\x13\x56\x52"
-"\x4b\x2d\x46\x49\x4e\x53\x49\x47\x4e\x20\x47\x6f\x76\x2e\x20\x43\x41\x31\x1f\x30"
-"\x1d\x06\x03\x55\x04\x03\x14\x16\x46\x49\x4e\x53\x49\x47\x4e\x20\x43\x41\x20\x66"
-"\x6f\x72\x20\x43\x69\x74\x69\x7a\x65\x6e\x30\x1e\x17\x0d\x30\x31\x30\x39\x31\x32"
-"\x32\x33\x35\x39\x35\x39\x5a\x17\x0d\x30\x34\x30\x39\x30\x35\x32\x33\x35\x39\x35"
-"\x39\x5a\x30\x5f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x49\x31\x0e\x30"
-"\x0c\x06\x03\x55\x04\x04\x14\x05\x54\x45\x52\xc4\x53\x31\x0d\x30\x0b\x06\x03\x55"
-"\x04\x2a\x14\x04\x54\x49\x4d\x4f\x31\x1d\x30\x1b\x06\x03\x55\x04\x03\x14\x14\x54"
-"\x45\x52\xc4\x53\x20\x54\x49\x4d\x4f\x20\x31\x30\x30\x31\x30\x33\x30\x33\x30\x31"
-"\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x31\x30\x30\x31\x30\x33\x30\x33\x30\x30"
-"\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d"
-"\x00\x30\x81\x89\x02\x81\x81\x00\xba\xb3\xc3\x65\xfb\xab\xd3\x4f\xf1\xe8\x72\xb8"
-"\xaa\x48\x6a\x82\x31\x43\xc9\x3e\xe6\xff\x6b\xb6\x0e\xa3\x82\xb4\xda\x3f\xed\xa6"
-"\x0b\xbc\xf2\xd3\xad\x53\x88\x88\x14\x14\x3f\x2b\x24\x8d\xd7\x3f\x4b\xb3\xe6\xc1"
-"\xb9\xb1\x4d\x3a\x10\xc4\x65\xdc\xe2\xa1\x27\xd2\x8f\xb2\x67\x54\x34\x73\x53\xeb"
-"\xec\x84\xab\xdd\xc1\x76\xc9\x73\x49\x4c\x7c\x18\x98\xd3\x40\xc4\x1c\xfd\x0d\x6b"
-"\xae\xb7\x9f\x44\xc6\x0a\x5a\x89\x91\xb8\x6e\x20\x38\x2b\xff\x42\xf7\xfe\x95\xc0"
-"\x1f\xa5\xca\x07\x2e\x4a\xb0\x9c\x07\x60\x02\x61\xe1\x8b\x25\x01\x02\x03\x01\x00"
-"\x01\xa3\x81\xeb\x30\x81\xe8\x30\x11\x06\x03\x55\x1d\x0e\x04\x0a\x04\x08\x43\x9b"
-"\x88\x1f\x86\xef\x7c\x8c\x30\x14\x06\x03\x55\x1d\x20\x04\x0d\x30\x0b\x30\x09\x06"
-"\x07\x2a\x81\x76\x84\x05\x01\x01\x30\x13\x06\x03\x55\x1d\x23\x04\x0c\x30\x0a\x80"
-"\x08\x46\x49\x4e\x43\x41\x4b\x30\x31\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04"
-"\x04\x03\x02\x04\xb0\x30\x81\x97\x06\x03\x55\x1d\x1f\x04\x81\x8f\x30\x81\x8c\x30"
-"\x81\x89\xa0\x81\x86\xa0\x81\x83\x86\x81\x80\x6c\x64\x61\x70\x3a\x2f\x2f\x31\x39"
-"\x33\x2e\x32\x32\x39\x2e\x30\x2e\x32\x31\x30\x3a\x33\x38\x39\x2f\x63\x6e\x3d\x66"
-"\x69\x6e\x73\x69\x67\x6e\x25\x32\x30\x63\x61\x25\x32\x30\x66\x6f\x72\x25\x32\x30"
-"\x63\x69\x74\x69\x7a\x65\x6e\x2c\x6f\x3d\x76\x72\x6b\x2d\x66\x69\x6e\x73\x69\x67"
-"\x6e\x25\x32\x30\x67\x6f\x76\x2e\x25\x32\x30\x63\x61\x2c\x64\x6d\x64\x6e\x61\x6d"
-"\x65\x3d\x66\x69\x6e\x65\x69\x64\x2c\x63\x3d\x46\x49\x3f\x63\x65\x72\x74\x69\x66"
-"\x69\x63\x61\x74\x65\x72\x65\x76\x6f\x63\x61\x74\x69\x6f\x6e\x6c\x69\x73\x74\x30"
-"\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7d"
-"\x4d\xc2\x22\xcb\x63\x82\x9f\xee\x09\x73\xda\x2d\xef\x2f\xb5\x82\x30\x61\x32\x42"
-"\x1a\xee\x1c\x41\xac\x24\x36\xd3\x70\xdc\xd9\x02\x84\x58\x47\x11\xb3\x93\xc2\x7b"
-"\xa3\x12\x82\x64\xa5\xf2\x8b\x33\x63\x38\x2d\x19\xe7\xfd\xe0\xb0\xf8\x70\xa2\xde"
-"\xa3\xd2\x11\xdf\x8c\x41\xcb\x9b\x9a\xa0\xf8\x2c\xdb\xf9\x75\x97\x36\x92\x2d\x90"
-"\xd9\x32\x10\xb4\x66\x9c\x21\xd9\xfe\xe5\x46\x59\xbf\x9b\x08\x19\x21\x6a\x52\x30"
-"\x19\xac\x35\xc2\x98\x15\x49\x90\x5b\x22\x28\x84\xbd\x61\x3e\xd5\xf6\xa4\xba\x90"
-"\x24\xa1\x58\x6f\x8c\xe4\x52\x96\xf7\x31\xb8\x82\xf2\xaa\x9d\x4d\xb0\xf7\xfc\x6a"
-"\x1d\x7f\xec\xc4\x39\x50\x3a\x98\x87\xe2\x7b\x59\x16\x42\x3e\xe9\x32\x05\x07\xf0"
-"\x5d\x35\xc1\x49\x7f\x91\xde\x75\x58\x30\xd3\xfd\x5f\xb9\x24\x90\xe7\xd9\xd4\x11"
-"\x60\x93\x5c\x73\x97\x16\x20\x52\x8f\x04\x9d\x3b\x77\x0f\x12\xb9\x84\x02\x68\x47"
-"\x92\x15\xa2\xbb\x79\x10\x04\x28\x24\xa4\xed\x60\x2c\x9f\xd0\xfd\x7b\xa6\xb3\xf7"
-"\x80\xe0\x2d\x4d\xdf\x00\x52\x0a\x3b\xbe\x26\x3a\xb5\xed\xf7\x87\x35\x39\x3a\xe8"
-"\x0a\x80\x06\x67\x60\x24\x38\xc4\x79\x0b\xa4\x17\x65\x62\x14";
+void set_attribute(CK_ATTRIBUTE_PTR attr, CK_OBJECT_CLASS oc, void *ptr, int len)
+{
+	attr->type = oc;
+	attr->pValue = malloc(len);
+	memcpy(attr->pValue, ptr, len);
+        attr->ulValueLen = len;
+}
 
-static CK_BYTE cert_id[] = "\x01";
-static CK_BYTE cert_label[] = "Timo Teras / Verification certificate";
+int slot_add_object(int id, CK_ATTRIBUTE_PTR object, int num_attrs)
+{
+	struct pkcs11_slot *slt = &slot[id];
+	int idx;
 
-static CK_ATTRIBUTE certificate[] = {
-	{ CKA_CLASS, &cert_class, sizeof(cert_class) },
-	{ CKA_VALUE, cert_value, sizeof(cert_value)-1 },
-	{ CKA_ID, cert_id, sizeof(cert_id)-1 },
-	{ CKA_LABEL, cert_label, sizeof(cert_label) }
-};
+	if (slt->num_objects >= PKCS11_MAX_OBJECTS)
+                return CKR_BUFFER_TOO_SMALL;
+
+	idx = ++slt->num_objects;
+	slt->object[idx] = (struct pkcs11_object*) malloc(sizeof(struct pkcs11_object));
+	slt->object[idx]->num_attributes = num_attrs;
+	slt->object[idx]->attribute = object;
+
+        return CKR_OK;
+}
+
+int slot_add_private_key_object(int id, struct sc_pkcs15_prkey_info *key)
+{
+	static CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
+	CK_ATTRIBUTE_PTR object = (CK_ATTRIBUTE_PTR) malloc(sizeof(CK_ATTRIBUTE) * 3);
+
+        set_attribute(&object[0], CKA_CLASS, &key_class, sizeof(key_class));
+        set_attribute(&object[1], CKA_LABEL, key->com_attr.label, strlen(key->com_attr.label));
+	set_attribute(&object[2], CKA_ID,    key->id.value, key->id.len);
+
+        return slot_add_object(id, object, 3);
+}
+
+int slot_add_certificate_object(int id, struct sc_pkcs15_cert_info *cert,
+			        u8 *x509data, int x509length)
+{
+	static CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE;
+	CK_ATTRIBUTE_PTR object = (CK_ATTRIBUTE_PTR) malloc(sizeof(CK_ATTRIBUTE) * 4);
+
+        set_attribute(&object[0], CKA_CLASS, &cert_class, sizeof(cert_class));
+        set_attribute(&object[1], CKA_LABEL, cert->com_attr.label, strlen(cert->com_attr.label));
+        set_attribute(&object[2], CKA_ID,    cert->id.value, cert->id.len);
+	set_attribute(&object[3], CKA_VALUE, x509data, x509length);
+
+        return slot_add_object(id, object, 4);
+}
 
 int slot_connect(int id)
 {
 	struct sc_card *card;
-	struct sc_pkcs15_pin_info pin;
-	int r, c = 0;
+        struct sc_pkcs15_card *p15card;
+	int r, c;
 
 	r = sc_connect_card(ctx, id, &card);
 	if (r) {
@@ -80,16 +71,44 @@ int slot_connect(int id)
 		sc_disconnect_card(card);
 		return CKR_TOKEN_NOT_RECOGNIZED;
 	}
-	c = sc_pkcs15_enum_pins(slot[id].p15card);
+
+        p15card = slot[id].p15card;
+
+	c = sc_pkcs15_enum_pins(p15card);
 	// FIXME: c < 0 ==> error
+
 	LOG("Found total of %d PIN codes.\n", c);
 	slot[id].flags = SLOT_CONNECTED;
+        slot[id].num_objects = 0;
 
-	// KLUDGE:
-	slot[id].num_objects = 1;
-	slot[id].object[1] = (struct pkcs11_object*) malloc(sizeof(struct pkcs11_object));
-	slot[id].object[1]->num_attributes = sizeof(certificate) / sizeof(certificate[0]);
-	slot[id].object[1]->attribute = certificate;
+	r = sc_pkcs15_enum_certificates(p15card);
+	if (r < 0)
+		return CKR_DEVICE_ERROR;
+
+        LOG("Found total of %d certificates.\n", r);
+	for (c = 0; c < r; c++) {
+                int len;
+		u8 *buf;
+
+		LOG("Reading '%s' certificate.\n", p15card->cert_info[c].com_attr.label);
+		len = sc_pkcs15_read_certificate(p15card, &p15card->cert_info[c], &buf);
+		if (len < 0)
+			return len;
+
+		LOG("Adding '%s' certificate object.\n", p15card->cert_info[c].com_attr.label);
+		slot_add_certificate_object(id, &p15card->cert_info[c],
+					    buf, len);
+	}
+
+	r = sc_pkcs15_enum_private_keys(p15card);
+	if (r < 0)
+            return CKR_DEVICE_ERROR;
+
+        LOG("Found total of %d private keys.\n", r);
+	for (c = 0; c < r; c++) {
+		LOG("Adding '%s' private key object.\n", p15card->prkey_info[c].com_attr.label);
+		slot_add_private_key_object(id, &p15card->prkey_info[c]);
+	}
 
         return CKR_OK;
 }

src/pkcs11/verify.c

@@ -4,6 +4,7 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession,    /* the session's handle */
 		   CK_MECHANISM_PTR  pMechanism,  /* the verification mechanism */
 		   CK_OBJECT_HANDLE  hKey)        /* handle of the verification key */
 {
+        LOG("C_VerifyInit\n");
         return CKR_FUNCTION_NOT_SUPPORTED;
 }
 
@@ -13,6 +14,7 @@ CK_RV C_Verify(CK_SESSION_HANDLE hSession,       /* the session's handle */
 	       CK_BYTE_PTR       pSignature,     /* the signature to be verified */
 	       CK_ULONG          ulSignatureLen) /* count of bytes of signature */
 {
+        LOG("C_Verify\n");
         return CKR_FUNCTION_NOT_SUPPORTED;
 }
 
@@ -20,6 +22,7 @@ CK_RV C_VerifyUpdate(CK_SESSION_HANDLE hSession,  /* the session's handle */
 		     CK_BYTE_PTR       pPart,     /* plaintext data (digest) to compare */
 		     CK_ULONG          ulPartLen) /* length of data (digest) in bytes */
 {
+        LOG("C_VerifyUpdate\n");
         return CKR_FUNCTION_NOT_SUPPORTED;
 }
 
@@ -27,6 +30,7 @@ CK_RV C_VerifyFinal(CK_SESSION_HANDLE hSession,       /* the session's handle */
 		    CK_BYTE_PTR       pSignature,     /* the signature to be verified */
 		    CK_ULONG          ulSignatureLen) /* count of bytes of signature */
 {
+        LOG("C_VerifyFinal\n");
         return CKR_FUNCTION_NOT_SUPPORTED;
 }
 
@@ -34,6 +38,7 @@ CK_RV C_VerifyRecoverInit(CK_SESSION_HANDLE hSession,    /* the session's handle
 			  CK_MECHANISM_PTR  pMechanism,  /* the verification mechanism */
 			  CK_OBJECT_HANDLE  hKey)        /* handle of the verification key */
 {
+        LOG("C_VerifyRecoverInit\n");
         return CKR_FUNCTION_NOT_SUPPORTED;
 }
 
@@ -43,6 +48,7 @@ CK_RV C_VerifyRecover(CK_SESSION_HANDLE hSession,        /* the session's handle
 		      CK_BYTE_PTR       pData,           /* receives decrypted data (digest) */
 		      CK_ULONG_PTR      pulDataLen)      /* receives byte count of data */
 {
+        LOG("C_VerifyRecover\n");
         return CKR_FUNCTION_NOT_SUPPORTED;
 }