- many bug fixes in pkcs #11 module
- pkcs #11 module now creates public key objects too git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@193 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
fd9c25eeed
commit
e6ccf518da
|
@ -16,3 +16,12 @@ lib_LTLIBRARIES = opensc-pkcs11.la
|
|||
|
||||
opensc_pkcs11_la_SOURCES = $(SRC) $(INC)
|
||||
opensc_pkcs11_la_LDFLAGS = -module -avoid-version
|
||||
|
||||
jar-dir:
|
||||
if test ! -d jar-dir ; then mkdir jar-dir ; fi
|
||||
|
||||
pkcs11-jar: jar-dir
|
||||
cp .libs/*.so jar-dir
|
||||
cp opensc_pkcs11_install.js jar-dir
|
||||
signtool -Z"opensc-pkcs11.jar" -i"opensc_pkcs11_install.js" \
|
||||
-k"testcert" jar-dir
|
||||
|
|
|
@ -37,6 +37,7 @@
|
|||
|
||||
extern struct sc_pkcs11_object_ops pkcs15_cert_ops;
|
||||
extern struct sc_pkcs11_object_ops pkcs15_prkey_ops;
|
||||
extern struct sc_pkcs11_object_ops pkcs15_pubkey_ops;
|
||||
|
||||
struct pkcs15_cert_object {
|
||||
struct sc_pkcs11_object object;
|
||||
|
@ -50,6 +51,11 @@ struct pkcs15_prkey_object {
|
|||
struct pkcs15_cert_object *cert_object;
|
||||
};
|
||||
|
||||
struct pkcs15_pubkey_object {
|
||||
struct sc_pkcs11_object object;
|
||||
struct sc_pkcs15_rsa_pubkey *rsakey;
|
||||
struct sc_pkcs15_cert_info *cert;
|
||||
};
|
||||
|
||||
/* PKCS#15 Framework */
|
||||
|
||||
|
@ -92,14 +98,22 @@ static struct pkcs15_cert_object *pkcs15_add_cert_object(struct sc_pkcs11_slot *
|
|||
struct sc_pkcs15_cert_info *cert)
|
||||
{
|
||||
struct pkcs15_cert_object *object;
|
||||
struct pkcs15_pubkey_object *obj2;
|
||||
|
||||
/* Certificate object */
|
||||
object = (struct pkcs15_cert_object*) malloc(sizeof(struct pkcs15_cert_object));
|
||||
object->object.ops = &pkcs15_cert_ops;
|
||||
object->cert_info = cert;
|
||||
sc_pkcs15_read_certificate(card, cert, &object->cert);
|
||||
|
||||
pool_insert(&slot->object_pool, object, NULL);
|
||||
|
||||
/* Corresponding public key */
|
||||
obj2 = (struct pkcs15_pubkey_object*) malloc(sizeof(struct pkcs15_pubkey_object));
|
||||
obj2->object.ops = &pkcs15_pubkey_ops;
|
||||
obj2->rsakey = &object->cert->key;
|
||||
obj2->cert = cert;
|
||||
pool_insert(&slot->object_pool, obj2, NULL);
|
||||
|
||||
/* Mark as seen */
|
||||
cert->com_attr.flags |= SC_PKCS15_CO_FLAG_OBJECT_SEEN;
|
||||
|
||||
|
@ -368,8 +382,13 @@ CK_RV pkcs15_cert_get_attribute(struct sc_pkcs11_session *session,
|
|||
*(CK_CERTIFICATE_TYPE*)attr->pValue = CKC_X_509;
|
||||
break;
|
||||
case CKA_ID:
|
||||
check_attribute_buffer(attr, cert->cert_info->id.len);
|
||||
memcpy(attr->pValue, cert->cert_info->id.value, cert->cert_info->id.len);
|
||||
if (cert->cert_info->authority) {
|
||||
check_attribute_buffer(attr, 1);
|
||||
*(unsigned char*)attr->pValue = 0;
|
||||
} else {
|
||||
check_attribute_buffer(attr, cert->cert_info->id.len);
|
||||
memcpy(attr->pValue, cert->cert_info->id.value, cert->cert_info->id.len);
|
||||
}
|
||||
break;
|
||||
case CKA_TRUSTED:
|
||||
check_attribute_buffer(attr, sizeof(CK_BBOOL));
|
||||
|
@ -418,12 +437,12 @@ CK_RV pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session,
|
|||
*(CK_OBJECT_CLASS*)attr->pValue = CKO_PRIVATE_KEY;
|
||||
break;
|
||||
case CKA_TOKEN:
|
||||
case CKA_PRIVATE:
|
||||
case CKA_LOCAL:
|
||||
case CKA_SENSITIVE:
|
||||
case CKA_ALWAYS_SENSITIVE:
|
||||
case CKA_NEVER_EXTRACTABLE:
|
||||
case CKA_SIGN:
|
||||
case CKA_PRIVATE:
|
||||
check_attribute_buffer(attr, sizeof(CK_BBOOL));
|
||||
*(CK_BBOOL*)attr->pValue = TRUE;
|
||||
break;
|
||||
|
@ -525,3 +544,79 @@ struct sc_pkcs11_object_ops pkcs15_prkey_ops = {
|
|||
pkcs15_prkey_sign
|
||||
};
|
||||
|
||||
/*
|
||||
* PKCS#15 RSA Public Key Object
|
||||
*/
|
||||
|
||||
CK_RV pkcs15_pubkey_get_attribute(struct sc_pkcs11_session *session,
|
||||
void *object,
|
||||
CK_ATTRIBUTE_PTR attr)
|
||||
{
|
||||
struct pkcs15_pubkey_object *pubkey = (struct pkcs15_pubkey_object*) object;
|
||||
|
||||
switch (attr->type) {
|
||||
case CKA_CLASS:
|
||||
check_attribute_buffer(attr, sizeof(CK_OBJECT_CLASS));
|
||||
*(CK_OBJECT_CLASS*)attr->pValue = CKO_PUBLIC_KEY;
|
||||
break;
|
||||
case CKA_TOKEN:
|
||||
case CKA_LOCAL:
|
||||
case CKA_SENSITIVE:
|
||||
case CKA_ALWAYS_SENSITIVE:
|
||||
case CKA_NEVER_EXTRACTABLE:
|
||||
check_attribute_buffer(attr, sizeof(CK_BBOOL));
|
||||
*(CK_BBOOL*)attr->pValue = TRUE;
|
||||
break;
|
||||
case CKA_PRIVATE:
|
||||
case CKA_MODIFIABLE:
|
||||
case CKA_ENCRYPT:
|
||||
case CKA_VERIFY:
|
||||
case CKA_VERIFY_RECOVER:
|
||||
case CKA_WRAP:
|
||||
case CKA_DERIVE:
|
||||
case CKA_EXTRACTABLE:
|
||||
check_attribute_buffer(attr, sizeof(CK_BBOOL));
|
||||
*(CK_BBOOL*)attr->pValue = FALSE;
|
||||
break;
|
||||
case CKA_LABEL:
|
||||
check_attribute_buffer(attr, strlen(pubkey->cert->com_attr.label));
|
||||
memcpy(attr->pValue, pubkey->cert->com_attr.label, strlen(pubkey->cert->com_attr.label));
|
||||
break;
|
||||
case CKA_KEY_TYPE:
|
||||
check_attribute_buffer(attr, sizeof(CK_KEY_TYPE));
|
||||
*(CK_KEY_TYPE*)attr->pValue = CKK_RSA;
|
||||
break;
|
||||
case CKA_ID:
|
||||
check_attribute_buffer(attr, pubkey->cert->id.len);
|
||||
memcpy(attr->pValue, pubkey->cert->id.value, pubkey->cert->id.len);
|
||||
break;
|
||||
case CKA_KEY_GEN_MECHANISM:
|
||||
check_attribute_buffer(attr, sizeof(CK_MECHANISM_TYPE));
|
||||
*(CK_MECHANISM_TYPE*)attr->pValue = CK_UNAVAILABLE_INFORMATION;
|
||||
break;
|
||||
case CKA_MODULUS:
|
||||
check_attribute_buffer(attr, pubkey->rsakey->modulus_len);
|
||||
memcpy(attr->pValue,
|
||||
pubkey->rsakey->modulus,
|
||||
pubkey->rsakey->modulus_len);
|
||||
break;
|
||||
case CKA_MODULUS_BITS:
|
||||
case CKA_PUBLIC_EXPONENT:
|
||||
//break;
|
||||
default:
|
||||
return CKR_ATTRIBUTE_TYPE_INVALID;
|
||||
}
|
||||
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
struct sc_pkcs11_object_ops pkcs15_pubkey_ops = {
|
||||
NULL,
|
||||
NULL,
|
||||
pkcs15_pubkey_get_attribute,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -76,7 +76,7 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle
|
|||
debug(context, "Object %d, Attribute 0x%x\n", hObject, pTemplate[i].type);
|
||||
rv = object->ops->get_attribute(session, object, &pTemplate[i]);
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
pTemplate[i].ulValueLen = -1;
|
||||
}
|
||||
|
||||
return CKR_OK;
|
||||
|
@ -152,8 +152,12 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
if (session->slot->login_user != CKU_USER) {
|
||||
if (object->ops->get_attribute(session, object, &private_attribute) != CKR_OK)
|
||||
continue;
|
||||
if (is_private)
|
||||
continue;
|
||||
if (is_private) {
|
||||
debug(context, "Object %d/%d: Private object and not logged in.\n",
|
||||
session->slot->id,
|
||||
item->handle);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
/* Try to match every attribute */
|
||||
|
@ -168,18 +172,21 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
temp_attribute.ulValueLen != pTemplate[j].ulValueLen ||
|
||||
memcmp(temp_attribute.pValue, pTemplate[j].pValue, temp_attribute.ulValueLen) != 0) {
|
||||
|
||||
debug(context, "Object %d: Attribute 0x%x does NOT match.\n",
|
||||
debug(context, "Object %d/%d: Attribute 0x%x does NOT match.\n",
|
||||
session->slot->id,
|
||||
item->handle, pTemplate[j].type);
|
||||
match = 0;
|
||||
break;
|
||||
}
|
||||
|
||||
debug(context, "Object %d: Attribute 0x%x matches.\n",
|
||||
debug(context, "Object %d/%d: Attribute 0x%x matches.\n",
|
||||
session->slot->id,
|
||||
item->handle, pTemplate[j].type);
|
||||
}
|
||||
|
||||
if (match) {
|
||||
debug(context, "Object %d matches\n", item->handle);
|
||||
debug(context, "Object %d/%d matches\n",
|
||||
session->slot->id, item->handle);
|
||||
operation->handles[operation->num_handles++] = item->handle;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -78,12 +78,12 @@ CK_RV C_CloseSession(CK_SESSION_HANDLE hSession) /* the session's handle */
|
|||
|
||||
CK_RV C_CloseAllSessions(CK_SLOT_ID slotID) /* the token's slot */
|
||||
{
|
||||
struct sc_pkcs11_pool_item *item;
|
||||
struct sc_pkcs11_pool_item *item, *next;
|
||||
struct sc_pkcs11_session *session;
|
||||
|
||||
for (item = session_pool.head; item != NULL; ) {
|
||||
for (item = session_pool.head; item != NULL; item = next) {
|
||||
session = (struct sc_pkcs11_session*) item->item;
|
||||
item = item->next;
|
||||
next = item->next;
|
||||
|
||||
if (session->slot->id == slotID) {
|
||||
C_CloseSession(item->handle);
|
||||
|
|
|
@ -108,7 +108,7 @@ CK_RV card_removed(int reader)
|
|||
}
|
||||
|
||||
card = &card_table[reader];
|
||||
card->framework->unbind(card->fw_data);
|
||||
card->framework->unbind(card);
|
||||
card->framework = NULL;
|
||||
card->fw_data = NULL;
|
||||
|
||||
|
@ -186,8 +186,10 @@ CK_RV slot_token_removed(int id)
|
|||
C_CloseAllSessions(id);
|
||||
|
||||
/* Object pool */
|
||||
while (pool_find_and_delete(&slot->object_pool, 0, (void**) &object) == CKR_OK)
|
||||
object->ops->release(object);
|
||||
while (pool_find_and_delete(&slot->object_pool, 0, (void**) &object) == CKR_OK) {
|
||||
if (object->ops->release)
|
||||
object->ops->release(object);
|
||||
}
|
||||
|
||||
/* Release framework stuff */
|
||||
if (slot->card != NULL && slot->fw_data != NULL) {
|
||||
|
|
Loading…
Reference in New Issue