giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

- many bug fixes in pkcs #11 module 

- pkcs #11 module now creates public key objects too


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@193 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
fabled 2002-01-24 16:27:09 +00:00
parent fd9c25eeed
commit e6ccf518da
5 changed files with 129 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/pkcs11/Makefile.am
View File

@ -16,3 +16,12 @@ lib_LTLIBRARIES = opensc-pkcs11.la
opensc_pkcs11_la_SOURCES = $(SRC) $(INC)
opensc_pkcs11_la_LDFLAGS = -module -avoid-version
jar-dir:
if test ! -d jar-dir ; then mkdir jar-dir ; fi
pkcs11-jar: jar-dir
cp .libs/*.so jar-dir
cp opensc_pkcs11_install.js jar-dir
signtool -Z"opensc-pkcs11.jar" -i"opensc_pkcs11_install.js" \
-k"testcert" jar-dir

103
src/pkcs11/framework-pkcs15.c
View File

@ -37,6 +37,7 @@
extern struct sc_pkcs11_object_ops pkcs15_cert_ops;
extern struct sc_pkcs11_object_ops pkcs15_prkey_ops;
extern struct sc_pkcs11_object_ops pkcs15_pubkey_ops;
struct pkcs15_cert_object {
struct sc_pkcs11_object object;
@ -50,6 +51,11 @@ struct pkcs15_prkey_object {
struct pkcs15_cert_object *cert_object;
};
struct pkcs15_pubkey_object {
struct sc_pkcs11_object object;
struct sc_pkcs15_rsa_pubkey *rsakey;
struct sc_pkcs15_cert_info *cert;
};
/* PKCS#15 Framework */
@ -92,14 +98,22 @@ static struct pkcs15_cert_object *pkcs15_add_cert_object(struct sc_pkcs11_slot *
struct sc_pkcs15_cert_info *cert)
{
struct pkcs15_cert_object *object;
struct pkcs15_pubkey_object *obj2;
/* Certificate object */
object = (struct pkcs15_cert_object*) malloc(sizeof(struct pkcs15_cert_object));
object->object.ops = &pkcs15_cert_ops;
object->cert_info = cert;
sc_pkcs15_read_certificate(card, cert, &object->cert);
pool_insert(&slot->object_pool, object, NULL);
/* Corresponding public key */
obj2 = (struct pkcs15_pubkey_object*) malloc(sizeof(struct pkcs15_pubkey_object));
obj2->object.ops = &pkcs15_pubkey_ops;
obj2->rsakey = &object->cert->key;
obj2->cert = cert;
pool_insert(&slot->object_pool, obj2, NULL);
/* Mark as seen */
cert->com_attr.flags |= SC_PKCS15_CO_FLAG_OBJECT_SEEN;
@ -368,8 +382,13 @@ CK_RV pkcs15_cert_get_attribute(struct sc_pkcs11_session *session,
*(CK_CERTIFICATE_TYPE*)attr->pValue = CKC_X_509;
break;
case CKA_ID:
check_attribute_buffer(attr, cert->cert_info->id.len);
memcpy(attr->pValue, cert->cert_info->id.value, cert->cert_info->id.len);
if (cert->cert_info->authority) {
check_attribute_buffer(attr, 1);
*(unsigned char*)attr->pValue = 0;
} else {
check_attribute_buffer(attr, cert->cert_info->id.len);
memcpy(attr->pValue, cert->cert_info->id.value, cert->cert_info->id.len);
}
break;
case CKA_TRUSTED:
check_attribute_buffer(attr, sizeof(CK_BBOOL));
@ -418,12 +437,12 @@ CK_RV pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session,
*(CK_OBJECT_CLASS*)attr->pValue = CKO_PRIVATE_KEY;
break;
case CKA_TOKEN:
case CKA_PRIVATE:
case CKA_LOCAL:
case CKA_SENSITIVE:
case CKA_ALWAYS_SENSITIVE:
case CKA_NEVER_EXTRACTABLE:
case CKA_SIGN:
case CKA_PRIVATE:
check_attribute_buffer(attr, sizeof(CK_BBOOL));
*(CK_BBOOL*)attr->pValue = TRUE;
break;
@ -525,3 +544,79 @@ struct sc_pkcs11_object_ops pkcs15_prkey_ops = {
pkcs15_prkey_sign
};
/*
* PKCS#15 RSA Public Key Object
*/
CK_RV pkcs15_pubkey_get_attribute(struct sc_pkcs11_session *session,
void *object,
CK_ATTRIBUTE_PTR attr)
{
struct pkcs15_pubkey_object *pubkey = (struct pkcs15_pubkey_object*) object;
switch (attr->type) {
case CKA_CLASS:
check_attribute_buffer(attr, sizeof(CK_OBJECT_CLASS));
*(CK_OBJECT_CLASS*)attr->pValue = CKO_PUBLIC_KEY;
break;
case CKA_TOKEN:
case CKA_LOCAL:
case CKA_SENSITIVE:
case CKA_ALWAYS_SENSITIVE:
case CKA_NEVER_EXTRACTABLE:
check_attribute_buffer(attr, sizeof(CK_BBOOL));
*(CK_BBOOL*)attr->pValue = TRUE;
break;
case CKA_PRIVATE:
case CKA_MODIFIABLE:
case CKA_ENCRYPT:
case CKA_VERIFY:
case CKA_VERIFY_RECOVER:
case CKA_WRAP:
case CKA_DERIVE:
case CKA_EXTRACTABLE:
check_attribute_buffer(attr, sizeof(CK_BBOOL));
*(CK_BBOOL*)attr->pValue = FALSE;
break;
case CKA_LABEL:
check_attribute_buffer(attr, strlen(pubkey->cert->com_attr.label));
memcpy(attr->pValue, pubkey->cert->com_attr.label, strlen(pubkey->cert->com_attr.label));
break;
case CKA_KEY_TYPE:
check_attribute_buffer(attr, sizeof(CK_KEY_TYPE));
*(CK_KEY_TYPE*)attr->pValue = CKK_RSA;
break;
case CKA_ID:
check_attribute_buffer(attr, pubkey->cert->id.len);
memcpy(attr->pValue, pubkey->cert->id.value, pubkey->cert->id.len);
break;
case CKA_KEY_GEN_MECHANISM:
check_attribute_buffer(attr, sizeof(CK_MECHANISM_TYPE));
*(CK_MECHANISM_TYPE*)attr->pValue = CK_UNAVAILABLE_INFORMATION;
break;
case CKA_MODULUS:
check_attribute_buffer(attr, pubkey->rsakey->modulus_len);
memcpy(attr->pValue,
pubkey->rsakey->modulus,
pubkey->rsakey->modulus_len);
break;
case CKA_MODULUS_BITS:
case CKA_PUBLIC_EXPONENT:
//break;
default:
return CKR_ATTRIBUTE_TYPE_INVALID;
}
return CKR_OK;
}
struct sc_pkcs11_object_ops pkcs15_pubkey_ops = {
NULL,
NULL,
pkcs15_pubkey_get_attribute,
NULL,
NULL,
NULL
};

19
src/pkcs11/pkcs11-object.c
View File

@ -76,7 +76,7 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle
debug(context, "Object %d, Attribute 0x%x\n", hObject, pTemplate[i].type);
rv = object->ops->get_attribute(session, object, &pTemplate[i]);
if (rv != CKR_OK)
return rv;
pTemplate[i].ulValueLen = -1;
}
return CKR_OK;
@ -152,8 +152,12 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, /* the session's handle */
if (session->slot->login_user != CKU_USER) {
if (object->ops->get_attribute(session, object, &private_attribute) != CKR_OK)
continue;
if (is_private)
continue;
if (is_private) {
debug(context, "Object %d/%d: Private object and not logged in.\n",
session->slot->id,
item->handle);
continue;
}
}
/* Try to match every attribute */
@ -168,18 +172,21 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, /* the session's handle */
temp_attribute.ulValueLen != pTemplate[j].ulValueLen ||
memcmp(temp_attribute.pValue, pTemplate[j].pValue, temp_attribute.ulValueLen) != 0) {
debug(context, "Object %d: Attribute 0x%x does NOT match.\n",
debug(context, "Object %d/%d: Attribute 0x%x does NOT match.\n",
session->slot->id,
item->handle, pTemplate[j].type);
match = 0;
break;
}
debug(context, "Object %d: Attribute 0x%x matches.\n",
debug(context, "Object %d/%d: Attribute 0x%x matches.\n",
session->slot->id,
item->handle, pTemplate[j].type);
}
if (match) {
debug(context, "Object %d matches\n", item->handle);
debug(context, "Object %d/%d matches\n",
session->slot->id, item->handle);
operation->handles[operation->num_handles++] = item->handle;
}
}

6
src/pkcs11/pkcs11-session.c
View File

@ -78,12 +78,12 @@ CK_RV C_CloseSession(CK_SESSION_HANDLE hSession) /* the session's handle */
CK_RV C_CloseAllSessions(CK_SLOT_ID slotID) /* the token's slot */
{
struct sc_pkcs11_pool_item *item;
struct sc_pkcs11_pool_item *item, *next;
struct sc_pkcs11_session *session;
for (item = session_pool.head; item != NULL; ) {
for (item = session_pool.head; item != NULL; item = next) {
session = (struct sc_pkcs11_session*) item->item;
item = item->next;
next = item->next;
if (session->slot->id == slotID) {
C_CloseSession(item->handle);

8
src/pkcs11/slot.c
View File

@ -108,7 +108,7 @@ CK_RV card_removed(int reader)
}
card = &card_table[reader];
card->framework->unbind(card->fw_data);
card->framework->unbind(card);
card->framework = NULL;
card->fw_data = NULL;
@ -186,8 +186,10 @@ CK_RV slot_token_removed(int id)
C_CloseAllSessions(id);
/* Object pool */
while (pool_find_and_delete(&slot->object_pool, 0, (void**) &object) == CKR_OK)
object->ops->release(object);
while (pool_find_and_delete(&slot->object_pool, 0, (void**) &object) == CKR_OK) {
if (object->ops->release)
object->ops->release(object);
}
/* Release framework stuff */
if (slot->card != NULL && slot->fw_data != NULL) {