added:

- certificate parsing
- support for reading RSA public key modulus on the fly
- support for ASN.1 object id decoding and printing
- fixed a lot of u8 * --> const u8 *


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@28 c6295689-39f2-0310-b995-f0e70906c6a9

src/pkcs11/generic.c

@@ -122,6 +122,7 @@ CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
 	}
 	pInfo->hardwareVersion.major = 1;
 	pInfo->firmwareVersion.major = 1;
+	LOG("C_GetSlotInfo() ret: flags %X\n", pInfo->flags);
 
 	return CKR_OK;
 }
@@ -149,8 +150,9 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
 	strncpy(pInfo->serialNumber, slot[slotID].p15card->serial_number, 16);
 	pInfo->serialNumber[15] = 0;
 
-	pInfo->flags = CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED;
-	pInfo->ulMaxSessionCount = 1;	/* opened in exclusive mode */
+	pInfo->flags = CKF_USER_PIN_INITIALIZED | CKF_LOGIN_REQUIRED;
+//	pInfo->ulMaxSessionCount = 1;	/* opened in exclusive mode */
+	pInfo->ulMaxSessionCount = 0; /* FIXME */
 	pInfo->ulSessionCount = 0;
 	pInfo->ulMaxRwSessionCount = 1;
 	pInfo->ulRwSessionCount = 0;
@@ -179,8 +181,9 @@ CK_RV C_GetMechanismList(CK_SLOT_ID slotID,
                          CK_ULONG_PTR pulCount)
 {
 	static const CK_MECHANISM_TYPE mechanism_list[] = {
-		//CKM_RSA_PKCS,
-		//CKM_RSA_X_509
+		CKM_RSA_PKCS,
+		CKM_RSA_X_509,
+		CKM_SHA1_RSA_PKCS,
 	};
         const int numMechanisms = sizeof(mechanism_list) / sizeof(mechanism_list[0]);
 
@@ -218,5 +221,3 @@ CK_RV C_InitToken(CK_SLOT_ID slotID,
         LOG("C_InitToken(%d, '%s', %d, '%s')\n", slotID, pPin, ulPinLen, pLabel);
         return CKR_FUNCTION_NOT_SUPPORTED;
 }
-
-

src/pkcs11/session.c

@@ -83,6 +83,8 @@ CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession,  /* the session's handle */
 	pInfo->state = ses->state;
         pInfo->flags = ses->flags;
         pInfo->ulDeviceError = 0;
+	LOG("C_GetSessionInfo() ret: slotID = %d, state %ld, flags 0x%X\n",
+	    pInfo->slotID, pInfo->state, pInfo->flags);
 
         return CKR_OK;
 }

src/pkcs11/slot.c

@@ -2,30 +2,6 @@
 #include <malloc.h>
 #include "sc-pkcs11.h"
 
-static CK_BYTE modulus[] =
-#if 1
-                    "\x00\xdd\x7e\x8d\x0c\x62\x31\x6e\xb7\x8f\x59\xa2\xd5\x93\x29"
-		    "\xd5\xe8\x5d\xdb\x28\x1a\x63\xfb\x36\x94\x69\x8e\x0a\xf4\xb5"
-                    "\xf5\xb7\x43\xb8\xce\xaf\x95\x6f\x5b\xfc\x4f\x59\xc2\xda\xcf"
-		    "\x1c\x59\x9b\x55\xb6\xe8\x42\x26\xc5\x8d\x67\x86\xf0\x65\xff"
-                    "\xbe\x65\x9b\x7a\x46\xde\x94\xb0\xb0\xda\x46\x6e\x55\x84\xed"
-		    "\xef\x74\xf7\x1f\xb3\x92\x02\xe5\x9a\xb9\x7a\xfe\xe7\x00\x9f"
-                    "\x6f\x66\x02\xf8\x99\xb5\xca\x6f\x09\x1a\x08\xeb\x7a\xfd\xea"
-		    "\x88\x37\xc2\xf4\xc5\x79\xa4\xcf\x86\x78\xf2\x56\x82\x99\x60"
-		    "\x8b\x49\xf7\x9c\xf4\x01\xc2\xd3\xdd";
-#else
-                    "\x00\xba\xb3\xc3\x65\xfb\xab\xd3\x4f\xf1\xe8\x72\xb8\xaa\x48"
-                    "\x6a\x82\x31\x43\xc9\x3e\xe6\xff\x6b\xb6\x0e\xa3\x82\xb4\xda"
-                    "\x3f\xed\xa6\x0b\xbc\xf2\xd3\xad\x53\x88\x88\x14\x14\x3f\x2b"
-                    "\x24\x8d\xd7\x3f\x4b\xb3\xe6\xc1\xb9\xb1\x4d\x3a\x10\xc4\x65"
-                    "\xdc\xe2\xa1\x27\xd2\x8f\xb2\x67\x54\x34\x73\x53\xeb\xec\x84"
-                    "\xab\xdd\xc1\x76\xc9\x73\x49\x4c\x7c\x18\x98\xd3\x40\xc4\x1c"
-                    "\xfd\x0d\x6b\xae\xb7\x9f\x44\xc6\x0a\x5a\x89\x91\xb8\x6e\x20"
-                    "\x38\x2b\xff\x42\xf7\xfe\x95\xc0\x1f\xa5\xca\x07\x2e\x4a\xb0"
-                    "\x9c\x07\x60\x02\x61\xe1\x8b\x25\x01";
-#endif
-
-
 void set_attribute(CK_ATTRIBUTE_PTR attr, CK_OBJECT_CLASS oc, void *ptr, int len)
 {
 	attr->type = oc;
@@ -59,7 +35,8 @@ int slot_add_object(int id, int token_id, CK_ATTRIBUTE_PTR object, int num_attrs
         return CKR_OK;
 }
 
-int slot_add_private_key_object(int id, int token_id, struct sc_pkcs15_prkey_info *key)
+int slot_add_private_key_object(int id, int token_id, struct sc_pkcs15_prkey_info *key,
+				struct sc_pkcs15_cert *cert)
 {
 	static CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
 	static CK_BBOOL btrue = 1;
@@ -71,23 +48,24 @@ int slot_add_private_key_object(int id, int token_id, struct sc_pkcs15_prkey_inf
 	set_attribute(&object[2], CKA_ID,    key->id.value, key->id.len);
 	set_attribute(&object[3], CKA_TOKEN, &btrue, sizeof(btrue));
 	set_attribute(&object[4], CKA_KEY_TYPE, &rsakey, sizeof(rsakey));
-        set_attribute(&object[5], CKA_MODULUS, modulus, sizeof(modulus)-1);
+        set_attribute(&object[5], CKA_MODULUS, cert->key.modulus, cert->key.modulus_len);
 
         return slot_add_object(id, token_id, object, 6);
 }
 
 int slot_add_certificate_object(int id, int token_id,
-				struct sc_pkcs15_cert_info *cert,
-			        u8 *x509data, int x509length)
+				struct sc_pkcs15_cert_info *info,
+			        struct sc_pkcs15_cert *cert)
 {
 	static CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE;
 	CK_ATTRIBUTE_PTR object = (CK_ATTRIBUTE_PTR) malloc(sizeof(CK_ATTRIBUTE) * 4);
 
         set_attribute(&object[0], CKA_CLASS, &cert_class, sizeof(cert_class));
-        set_attribute(&object[1], CKA_LABEL, cert->com_attr.label, strlen(cert->com_attr.label));
-        set_attribute(&object[2], CKA_ID,    cert->id.value, cert->id.len);
-	set_attribute(&object[3], CKA_VALUE, x509data, x509length);
-
+        set_attribute(&object[1], CKA_LABEL, info->com_attr.label, strlen(info->com_attr.label));
+        set_attribute(&object[2], CKA_ID,    info->id.value, info->id.len);
+	set_attribute(&object[3], CKA_VALUE, cert->data, cert->data_len);
+	/* FIXME: save cert object */
+	
         return slot_add_object(id, token_id, object, 4);
 }
 
@@ -95,7 +73,7 @@ int slot_connect(int id)
 {
 	struct sc_card *card;
         struct sc_pkcs15_card *p15card;
-	int r, c;
+	int r, c, i;
 
 	r = sc_connect_card(ctx, id, &card);
 	if (r) {
@@ -123,30 +101,34 @@ int slot_connect(int id)
 	r = sc_pkcs15_enum_certificates(p15card);
 	if (r < 0)
 		return CKR_DEVICE_ERROR;
-
-        LOG("Found total of %d certificates.\n", r);
-	for (c = 0; c < r; c++) {
-                int len;
-		u8 *buf;
-
-		LOG("Reading '%s' certificate.\n", p15card->cert_info[c].com_attr.label);
-		len = sc_pkcs15_read_certificate(p15card, &p15card->cert_info[c], &buf);
-		if (len < 0)
-			return len;
-
-		LOG("Adding '%s' certificate object.\n", p15card->cert_info[c].com_attr.label);
-		slot_add_certificate_object(id, c, &p15card->cert_info[c],
-					    buf, len);
-	}
+        LOG("Found total of %d certificates.\n", p15card->cert_count);
 
 	r = sc_pkcs15_enum_private_keys(p15card);
 	if (r < 0)
             return CKR_DEVICE_ERROR;
+        LOG("Found total of %d private keys.\n", p15card->prkey_count);
 
-        LOG("Found total of %d private keys.\n", r);
-	for (c = 0; c < r; c++) {
-		LOG("Adding '%s' private key object.\n", p15card->prkey_info[c].com_attr.label);
-		slot_add_private_key_object(id, c, &p15card->prkey_info[c]);
+	for (c = 0; c < p15card->cert_count; c++) {
+		struct sc_pkcs15_cert *cert;
+		struct sc_pkcs15_cert_info *cinfo = &p15card->cert_info[c];
+
+//		if (cinfo->authority)
+//			continue;
+		LOG("Reading '%s' certificate.\n", cinfo->com_attr.label);
+		r = sc_pkcs15_read_certificate(p15card, cinfo, &cert);
+		if (r)
+			return r;
+		LOG("Adding '%s' certificate object (id %X).\n",
+		    cinfo->com_attr.label, cinfo->id);
+		slot_add_certificate_object(id, c, cinfo, cert);
+		for (i = 0; i < p15card->prkey_count; i++) {
+			struct sc_pkcs15_prkey_info *pinfo = &p15card->prkey_info[i];
+			if (sc_pkcs15_compare_id(&cinfo->id, &pinfo->id)) {
+				LOG("Adding '%s' private key object (id %X).\n", 
+				    pinfo->com_attr.label, pinfo->id);
+				slot_add_private_key_object(id, i, pinfo, cert);
+			}
+		}
 	}
 
         return CKR_OK;

src/tests/hst-test.c

@@ -14,10 +14,10 @@ struct sc_card *card = NULL;
 struct sc_pkcs15_card *p15_card = NULL;
 
 #define DO_PRKEY_ENUM		1
-#define	DO_PIN_ENUM		1
-#define DO_PIN_VERIFY		1
-#define DO_DECIPHER		1
-#define DO_SIGN			1
+#define	DO_PIN_ENUM		0
+#define DO_PIN_VERIFY		0
+#define DO_DECIPHER		0
+#define DO_SIGN			0
 #define DO_CERT_ENUM		1
 #define DO_CERT_READ		1
 
@@ -88,9 +88,12 @@ int main(int argc, char **argv)
 	u8 buf[256], buf2[256];
 	struct sc_security_env senv;
 	FILE *file;
+	struct sc_object_id oid;
 
 	int i, c;
 
+	sc_asn1_decode_object_id("\x2a\x86\x48\x86\xf7\x0d", 6, &oid);
+
 	i = sc_establish_context(&ctx);
 	if (i < 0) {
 		printf("sc_establish_context() failed (%d)\n", i);
@@ -228,7 +231,7 @@ int main(int argc, char **argv)
 #if DO_CERT_READ
 	for (i = 0; i < p15_card->cert_count; i++) {
 		char fname[16];
-		u8 *certbuf;
+		struct sc_pkcs15_cert *cert;
 
 		sc_pkcs15_print_cert_info(&p15_card->cert_info[i]);
 
@@ -239,17 +242,16 @@ int main(int argc, char **argv)
 		if (file != NULL) {
 			c = sc_pkcs15_read_certificate(p15_card,
 						       &p15_card->cert_info[i],
-						       &certbuf);
-			if (c < 0) {
+						       &cert);
+			if (c) {
 				fprintf(stderr,
 					"Certificate read failed.\n");
 				return 1;
 			}
-			sc_asn1_print_tags(certbuf, c);
 			printf("Dumping certificate to file '%s' (%d bytes)\n",
-			       fname, c);
-			fwrite(certbuf, c, 1, file);
-			free(certbuf);
+			       fname, cert->data_len);
+			fwrite(cert->data, cert->data_len, 1, file);
+			sc_pkcs15_free_certificate(cert);
 			fclose(file);
 		}
 	}