From bff3bf85609dc5359919534ab24b4244b8f6f3d5 Mon Sep 17 00:00:00 2001 From: fabled Date: Sun, 21 Oct 2001 22:25:11 +0000 Subject: [PATCH] Updates. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@19 c6295689-39f2-0310-b995-f0e70906c6a9 --- src/pkcs11/README | 28 +++++++++ src/pkcs11/generic.c | 4 +- src/pkcs11/object.c | 10 +-- src/pkcs11/session.c | 5 ++ src/pkcs11/slot.c | 147 ++++++++++++++++++++++++------------------- src/pkcs11/verify.c | 6 ++ 6 files changed, 129 insertions(+), 71 deletions(-) diff --git a/src/pkcs11/README b/src/pkcs11/README index fa9b44e1..0cae29c7 100644 --- a/src/pkcs11/README +++ b/src/pkcs11/README @@ -36,3 +36,31 @@ than mozilla. Otherwise all stuff is untested. Please note that the library currently writes debug log to /tmp/libsc-pkcs11.log. + + + + +C_CreateObject(1, 0xbfffe484, 8, 0x-1073748876) + CKA_CLASS, CKO_PUBLIC_KEY + CKA_KEY_TYPE, CKK_RSA + CKA_TOKEN, 00 + CKA_WRAP, TRUE + CKA_ENCRYPT, TRUE + CKA_VERIFY, TRUE + CKA_MODULUS + CKA_PUBLIC_EXPOTENT, 100001 + + + + + + + + + + + + + + + diff --git a/src/pkcs11/generic.c b/src/pkcs11/generic.c index 1c792921..74e03dd7 100644 --- a/src/pkcs11/generic.c +++ b/src/pkcs11/generic.c @@ -178,8 +178,8 @@ CK_RV C_GetMechanismList(CK_SLOT_ID slotID, CK_ULONG_PTR pulCount) { static const CK_MECHANISM_TYPE mechanism_list[] = { - CKM_RSA_PKCS, - CKM_RSA_X_509 + //CKM_RSA_PKCS, + //CKM_RSA_X_509 }; const int numMechanisms = sizeof(mechanism_list) / sizeof(mechanism_list[0]); diff --git a/src/pkcs11/object.c b/src/pkcs11/object.c index bd888a64..042421b4 100644 --- a/src/pkcs11/object.c +++ b/src/pkcs11/object.c @@ -13,7 +13,7 @@ static void dump_template(char *info, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCou unsigned char *value = (unsigned char*) pTemplate[i].pValue; if (pTemplate[i].pValue) { - if (pTemplate[i].ulValueLen < 16) { + if (pTemplate[i].ulValueLen < 32) { for (j = 0; j < pTemplate[i].ulValueLen; j++) sprintf(&foo[j*2], "%02X", value[j]); @@ -37,6 +37,8 @@ CK_RV C_CreateObject(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_OBJECT_HANDLE_PTR phObject) /* receives new object's handle. */ { LOG("C_CreateObject(%d, 0x%x, %d, 0x%d)\n", hSession, pTemplate, ulCount, phObject); + dump_template("C_CreateObject", pTemplate, ulCount); + return CKR_FUNCTION_NOT_SUPPORTED; } @@ -76,7 +78,6 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle int i, j; LOG("C_GetAttributeValue(%d, %d, 0x%x, %d)\n", hSession, hObject, pTemplate, ulCount); - dump_template("C_GetAttributeValue", pTemplate, ulCount); if (hSession < 1 || hSession > PKCS11_MAX_SESSIONS || session[hSession] == NULL) return CKR_SESSION_HANDLE_INVALID; @@ -87,9 +88,6 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle object = slt->object[hObject]; - LOG("C_GetAttributeValue: Slot %d, Object: 0x%x, Attributes: %d\n", - session[hSession]->slot, object, object->num_attributes); - for (i = 0; i < ulCount; i++) { // For each request attribute @@ -127,6 +125,7 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle } // 5. Otherwise set length to minus one + LOG("C_GetAttributeValue: Attribute 0x%x ignored\n", pTemplate[i].type); pTemplate[i].ulValueLen = -1; } @@ -217,6 +216,7 @@ CK_RV C_FindObjects(CK_SESSION_HANDLE hSession, /* the session's han ses->search.position += to_return; + LOG("C_FindObjects: returning %d matching objects\n", to_return); return CKR_OK; } diff --git a/src/pkcs11/session.c b/src/pkcs11/session.c index dbe62bf4..49d45417 100644 --- a/src/pkcs11/session.c +++ b/src/pkcs11/session.c @@ -136,8 +136,13 @@ CK_RV C_Login(CK_SESSION_HANDLE hSession, /* the session's handle */ ses->state != CKS_RW_PUBLIC_SESSION) return CKR_USER_ALREADY_LOGGED_IN; +#if 1 LOG("Master PIN code verification starts.\n"); rc = sc_pkcs15_verify_pin(card, &card->pin_info[0], pPin, ulPinLen); +#else + LOG("MASTER PIN VERIFICATION SKIPPED!\n"); + rc = 0; +#endif switch (rc) { case 0: LOG("Master PIN code verified succesfully.\n"); diff --git a/src/pkcs11/slot.c b/src/pkcs11/slot.c index da5beea9..204576b7 100644 --- a/src/pkcs11/slot.c +++ b/src/pkcs11/slot.c @@ -2,70 +2,61 @@ #include #include "sc-pkcs11.h" -static CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; -static CK_BYTE cert_value[] = -"\x30\x82\x03\x8f\x30\x82\x02\x77\xa0\x03\x02\x01\x02\x02\x02\x68\xf6\x30\x0d\x06" -"\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x4c\x31\x0b\x30\x09\x06\x03" -"\x55\x04\x06\x13\x02\x46\x49\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x14\x13\x56\x52" -"\x4b\x2d\x46\x49\x4e\x53\x49\x47\x4e\x20\x47\x6f\x76\x2e\x20\x43\x41\x31\x1f\x30" -"\x1d\x06\x03\x55\x04\x03\x14\x16\x46\x49\x4e\x53\x49\x47\x4e\x20\x43\x41\x20\x66" -"\x6f\x72\x20\x43\x69\x74\x69\x7a\x65\x6e\x30\x1e\x17\x0d\x30\x31\x30\x39\x31\x32" -"\x32\x33\x35\x39\x35\x39\x5a\x17\x0d\x30\x34\x30\x39\x30\x35\x32\x33\x35\x39\x35" -"\x39\x5a\x30\x5f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x49\x31\x0e\x30" -"\x0c\x06\x03\x55\x04\x04\x14\x05\x54\x45\x52\xc4\x53\x31\x0d\x30\x0b\x06\x03\x55" -"\x04\x2a\x14\x04\x54\x49\x4d\x4f\x31\x1d\x30\x1b\x06\x03\x55\x04\x03\x14\x14\x54" -"\x45\x52\xc4\x53\x20\x54\x49\x4d\x4f\x20\x31\x30\x30\x31\x30\x33\x30\x33\x30\x31" -"\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x31\x30\x30\x31\x30\x33\x30\x33\x30\x30" -"\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d" -"\x00\x30\x81\x89\x02\x81\x81\x00\xba\xb3\xc3\x65\xfb\xab\xd3\x4f\xf1\xe8\x72\xb8" -"\xaa\x48\x6a\x82\x31\x43\xc9\x3e\xe6\xff\x6b\xb6\x0e\xa3\x82\xb4\xda\x3f\xed\xa6" -"\x0b\xbc\xf2\xd3\xad\x53\x88\x88\x14\x14\x3f\x2b\x24\x8d\xd7\x3f\x4b\xb3\xe6\xc1" -"\xb9\xb1\x4d\x3a\x10\xc4\x65\xdc\xe2\xa1\x27\xd2\x8f\xb2\x67\x54\x34\x73\x53\xeb" -"\xec\x84\xab\xdd\xc1\x76\xc9\x73\x49\x4c\x7c\x18\x98\xd3\x40\xc4\x1c\xfd\x0d\x6b" -"\xae\xb7\x9f\x44\xc6\x0a\x5a\x89\x91\xb8\x6e\x20\x38\x2b\xff\x42\xf7\xfe\x95\xc0" -"\x1f\xa5\xca\x07\x2e\x4a\xb0\x9c\x07\x60\x02\x61\xe1\x8b\x25\x01\x02\x03\x01\x00" -"\x01\xa3\x81\xeb\x30\x81\xe8\x30\x11\x06\x03\x55\x1d\x0e\x04\x0a\x04\x08\x43\x9b" -"\x88\x1f\x86\xef\x7c\x8c\x30\x14\x06\x03\x55\x1d\x20\x04\x0d\x30\x0b\x30\x09\x06" -"\x07\x2a\x81\x76\x84\x05\x01\x01\x30\x13\x06\x03\x55\x1d\x23\x04\x0c\x30\x0a\x80" -"\x08\x46\x49\x4e\x43\x41\x4b\x30\x31\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04" -"\x04\x03\x02\x04\xb0\x30\x81\x97\x06\x03\x55\x1d\x1f\x04\x81\x8f\x30\x81\x8c\x30" -"\x81\x89\xa0\x81\x86\xa0\x81\x83\x86\x81\x80\x6c\x64\x61\x70\x3a\x2f\x2f\x31\x39" -"\x33\x2e\x32\x32\x39\x2e\x30\x2e\x32\x31\x30\x3a\x33\x38\x39\x2f\x63\x6e\x3d\x66" -"\x69\x6e\x73\x69\x67\x6e\x25\x32\x30\x63\x61\x25\x32\x30\x66\x6f\x72\x25\x32\x30" -"\x63\x69\x74\x69\x7a\x65\x6e\x2c\x6f\x3d\x76\x72\x6b\x2d\x66\x69\x6e\x73\x69\x67" -"\x6e\x25\x32\x30\x67\x6f\x76\x2e\x25\x32\x30\x63\x61\x2c\x64\x6d\x64\x6e\x61\x6d" -"\x65\x3d\x66\x69\x6e\x65\x69\x64\x2c\x63\x3d\x46\x49\x3f\x63\x65\x72\x74\x69\x66" -"\x69\x63\x61\x74\x65\x72\x65\x76\x6f\x63\x61\x74\x69\x6f\x6e\x6c\x69\x73\x74\x30" -"\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7d" -"\x4d\xc2\x22\xcb\x63\x82\x9f\xee\x09\x73\xda\x2d\xef\x2f\xb5\x82\x30\x61\x32\x42" -"\x1a\xee\x1c\x41\xac\x24\x36\xd3\x70\xdc\xd9\x02\x84\x58\x47\x11\xb3\x93\xc2\x7b" -"\xa3\x12\x82\x64\xa5\xf2\x8b\x33\x63\x38\x2d\x19\xe7\xfd\xe0\xb0\xf8\x70\xa2\xde" -"\xa3\xd2\x11\xdf\x8c\x41\xcb\x9b\x9a\xa0\xf8\x2c\xdb\xf9\x75\x97\x36\x92\x2d\x90" -"\xd9\x32\x10\xb4\x66\x9c\x21\xd9\xfe\xe5\x46\x59\xbf\x9b\x08\x19\x21\x6a\x52\x30" -"\x19\xac\x35\xc2\x98\x15\x49\x90\x5b\x22\x28\x84\xbd\x61\x3e\xd5\xf6\xa4\xba\x90" -"\x24\xa1\x58\x6f\x8c\xe4\x52\x96\xf7\x31\xb8\x82\xf2\xaa\x9d\x4d\xb0\xf7\xfc\x6a" -"\x1d\x7f\xec\xc4\x39\x50\x3a\x98\x87\xe2\x7b\x59\x16\x42\x3e\xe9\x32\x05\x07\xf0" -"\x5d\x35\xc1\x49\x7f\x91\xde\x75\x58\x30\xd3\xfd\x5f\xb9\x24\x90\xe7\xd9\xd4\x11" -"\x60\x93\x5c\x73\x97\x16\x20\x52\x8f\x04\x9d\x3b\x77\x0f\x12\xb9\x84\x02\x68\x47" -"\x92\x15\xa2\xbb\x79\x10\x04\x28\x24\xa4\xed\x60\x2c\x9f\xd0\xfd\x7b\xa6\xb3\xf7" -"\x80\xe0\x2d\x4d\xdf\x00\x52\x0a\x3b\xbe\x26\x3a\xb5\xed\xf7\x87\x35\x39\x3a\xe8" -"\x0a\x80\x06\x67\x60\x24\x38\xc4\x79\x0b\xa4\x17\x65\x62\x14"; +void set_attribute(CK_ATTRIBUTE_PTR attr, CK_OBJECT_CLASS oc, void *ptr, int len) +{ + attr->type = oc; + attr->pValue = malloc(len); + memcpy(attr->pValue, ptr, len); + attr->ulValueLen = len; +} -static CK_BYTE cert_id[] = "\x01"; -static CK_BYTE cert_label[] = "Timo Teras / Verification certificate"; +int slot_add_object(int id, CK_ATTRIBUTE_PTR object, int num_attrs) +{ + struct pkcs11_slot *slt = &slot[id]; + int idx; -static CK_ATTRIBUTE certificate[] = { - { CKA_CLASS, &cert_class, sizeof(cert_class) }, - { CKA_VALUE, cert_value, sizeof(cert_value)-1 }, - { CKA_ID, cert_id, sizeof(cert_id)-1 }, - { CKA_LABEL, cert_label, sizeof(cert_label) } -}; + if (slt->num_objects >= PKCS11_MAX_OBJECTS) + return CKR_BUFFER_TOO_SMALL; + + idx = ++slt->num_objects; + slt->object[idx] = (struct pkcs11_object*) malloc(sizeof(struct pkcs11_object)); + slt->object[idx]->num_attributes = num_attrs; + slt->object[idx]->attribute = object; + + return CKR_OK; +} + +int slot_add_private_key_object(int id, struct sc_pkcs15_prkey_info *key) +{ + static CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY; + CK_ATTRIBUTE_PTR object = (CK_ATTRIBUTE_PTR) malloc(sizeof(CK_ATTRIBUTE) * 3); + + set_attribute(&object[0], CKA_CLASS, &key_class, sizeof(key_class)); + set_attribute(&object[1], CKA_LABEL, key->com_attr.label, strlen(key->com_attr.label)); + set_attribute(&object[2], CKA_ID, key->id.value, key->id.len); + + return slot_add_object(id, object, 3); +} + +int slot_add_certificate_object(int id, struct sc_pkcs15_cert_info *cert, + u8 *x509data, int x509length) +{ + static CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; + CK_ATTRIBUTE_PTR object = (CK_ATTRIBUTE_PTR) malloc(sizeof(CK_ATTRIBUTE) * 4); + + set_attribute(&object[0], CKA_CLASS, &cert_class, sizeof(cert_class)); + set_attribute(&object[1], CKA_LABEL, cert->com_attr.label, strlen(cert->com_attr.label)); + set_attribute(&object[2], CKA_ID, cert->id.value, cert->id.len); + set_attribute(&object[3], CKA_VALUE, x509data, x509length); + + return slot_add_object(id, object, 4); +} int slot_connect(int id) { struct sc_card *card; - struct sc_pkcs15_pin_info pin; - int r, c = 0; + struct sc_pkcs15_card *p15card; + int r, c; r = sc_connect_card(ctx, id, &card); if (r) { @@ -80,16 +71,44 @@ int slot_connect(int id) sc_disconnect_card(card); return CKR_TOKEN_NOT_RECOGNIZED; } - c = sc_pkcs15_enum_pins(slot[id].p15card); + + p15card = slot[id].p15card; + + c = sc_pkcs15_enum_pins(p15card); // FIXME: c < 0 ==> error + LOG("Found total of %d PIN codes.\n", c); slot[id].flags = SLOT_CONNECTED; + slot[id].num_objects = 0; - // KLUDGE: - slot[id].num_objects = 1; - slot[id].object[1] = (struct pkcs11_object*) malloc(sizeof(struct pkcs11_object)); - slot[id].object[1]->num_attributes = sizeof(certificate) / sizeof(certificate[0]); - slot[id].object[1]->attribute = certificate; + r = sc_pkcs15_enum_certificates(p15card); + if (r < 0) + return CKR_DEVICE_ERROR; + + LOG("Found total of %d certificates.\n", r); + for (c = 0; c < r; c++) { + int len; + u8 *buf; + + LOG("Reading '%s' certificate.\n", p15card->cert_info[c].com_attr.label); + len = sc_pkcs15_read_certificate(p15card, &p15card->cert_info[c], &buf); + if (len < 0) + return len; + + LOG("Adding '%s' certificate object.\n", p15card->cert_info[c].com_attr.label); + slot_add_certificate_object(id, &p15card->cert_info[c], + buf, len); + } + + r = sc_pkcs15_enum_private_keys(p15card); + if (r < 0) + return CKR_DEVICE_ERROR; + + LOG("Found total of %d private keys.\n", r); + for (c = 0; c < r; c++) { + LOG("Adding '%s' private key object.\n", p15card->prkey_info[c].com_attr.label); + slot_add_private_key_object(id, &p15card->prkey_info[c]); + } return CKR_OK; } diff --git a/src/pkcs11/verify.c b/src/pkcs11/verify.c index f73f5159..f0dac72e 100644 --- a/src/pkcs11/verify.c +++ b/src/pkcs11/verify.c @@ -4,6 +4,7 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ CK_OBJECT_HANDLE hKey) /* handle of the verification key */ { + LOG("C_VerifyInit\n"); return CKR_FUNCTION_NOT_SUPPORTED; } @@ -13,6 +14,7 @@ CK_RV C_Verify(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pSignature, /* the signature to be verified */ CK_ULONG ulSignatureLen) /* count of bytes of signature */ { + LOG("C_Verify\n"); return CKR_FUNCTION_NOT_SUPPORTED; } @@ -20,6 +22,7 @@ CK_RV C_VerifyUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pPart, /* plaintext data (digest) to compare */ CK_ULONG ulPartLen) /* length of data (digest) in bytes */ { + LOG("C_VerifyUpdate\n"); return CKR_FUNCTION_NOT_SUPPORTED; } @@ -27,6 +30,7 @@ CK_RV C_VerifyFinal(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pSignature, /* the signature to be verified */ CK_ULONG ulSignatureLen) /* count of bytes of signature */ { + LOG("C_VerifyFinal\n"); return CKR_FUNCTION_NOT_SUPPORTED; } @@ -34,6 +38,7 @@ CK_RV C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, /* the session's handle CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ CK_OBJECT_HANDLE hKey) /* handle of the verification key */ { + LOG("C_VerifyRecoverInit\n"); return CKR_FUNCTION_NOT_SUPPORTED; } @@ -43,6 +48,7 @@ CK_RV C_VerifyRecover(CK_SESSION_HANDLE hSession, /* the session's handle CK_BYTE_PTR pData, /* receives decrypted data (digest) */ CK_ULONG_PTR pulDataLen) /* receives byte count of data */ { + LOG("C_VerifyRecover\n"); return CKR_FUNCTION_NOT_SUPPORTED; }