From f43f23050cd6d290b67db45020805c3e46a90721 Mon Sep 17 00:00:00 2001 From: jey Date: Thu, 25 Oct 2001 11:56:26 +0000 Subject: [PATCH] added: - certificate parsing - support for reading RSA public key modulus on the fly - support for ASN.1 object id decoding and printing - fixed a lot of u8 * --> const u8 * git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@28 c6295689-39f2-0310-b995-f0e70906c6a9 --- src/pkcs11/generic.c | 13 +++---- src/pkcs11/session.c | 2 ++ src/pkcs11/slot.c | 86 ++++++++++++++++++-------------------------- src/tests/hst-test.c | 24 +++++++------ 4 files changed, 56 insertions(+), 69 deletions(-) diff --git a/src/pkcs11/generic.c b/src/pkcs11/generic.c index ac859508..9c0cd3b4 100644 --- a/src/pkcs11/generic.c +++ b/src/pkcs11/generic.c @@ -122,6 +122,7 @@ CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) } pInfo->hardwareVersion.major = 1; pInfo->firmwareVersion.major = 1; + LOG("C_GetSlotInfo() ret: flags %X\n", pInfo->flags); return CKR_OK; } @@ -149,8 +150,9 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) strncpy(pInfo->serialNumber, slot[slotID].p15card->serial_number, 16); pInfo->serialNumber[15] = 0; - pInfo->flags = CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED; - pInfo->ulMaxSessionCount = 1; /* opened in exclusive mode */ + pInfo->flags = CKF_USER_PIN_INITIALIZED | CKF_LOGIN_REQUIRED; +// pInfo->ulMaxSessionCount = 1; /* opened in exclusive mode */ + pInfo->ulMaxSessionCount = 0; /* FIXME */ pInfo->ulSessionCount = 0; pInfo->ulMaxRwSessionCount = 1; pInfo->ulRwSessionCount = 0; @@ -179,8 +181,9 @@ CK_RV C_GetMechanismList(CK_SLOT_ID slotID, CK_ULONG_PTR pulCount) { static const CK_MECHANISM_TYPE mechanism_list[] = { - //CKM_RSA_PKCS, - //CKM_RSA_X_509 + CKM_RSA_PKCS, + CKM_RSA_X_509, + CKM_SHA1_RSA_PKCS, }; const int numMechanisms = sizeof(mechanism_list) / sizeof(mechanism_list[0]); @@ -218,5 +221,3 @@ CK_RV C_InitToken(CK_SLOT_ID slotID, LOG("C_InitToken(%d, '%s', %d, '%s')\n", slotID, pPin, ulPinLen, pLabel); return CKR_FUNCTION_NOT_SUPPORTED; } - - diff --git a/src/pkcs11/session.c b/src/pkcs11/session.c index 49d45417..9f20048d 100644 --- a/src/pkcs11/session.c +++ b/src/pkcs11/session.c @@ -83,6 +83,8 @@ CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession, /* the session's handle */ pInfo->state = ses->state; pInfo->flags = ses->flags; pInfo->ulDeviceError = 0; + LOG("C_GetSessionInfo() ret: slotID = %d, state %ld, flags 0x%X\n", + pInfo->slotID, pInfo->state, pInfo->flags); return CKR_OK; } diff --git a/src/pkcs11/slot.c b/src/pkcs11/slot.c index b3086c2e..799c2063 100644 --- a/src/pkcs11/slot.c +++ b/src/pkcs11/slot.c @@ -2,30 +2,6 @@ #include #include "sc-pkcs11.h" -static CK_BYTE modulus[] = -#if 1 - "\x00\xdd\x7e\x8d\x0c\x62\x31\x6e\xb7\x8f\x59\xa2\xd5\x93\x29" - "\xd5\xe8\x5d\xdb\x28\x1a\x63\xfb\x36\x94\x69\x8e\x0a\xf4\xb5" - "\xf5\xb7\x43\xb8\xce\xaf\x95\x6f\x5b\xfc\x4f\x59\xc2\xda\xcf" - "\x1c\x59\x9b\x55\xb6\xe8\x42\x26\xc5\x8d\x67\x86\xf0\x65\xff" - "\xbe\x65\x9b\x7a\x46\xde\x94\xb0\xb0\xda\x46\x6e\x55\x84\xed" - "\xef\x74\xf7\x1f\xb3\x92\x02\xe5\x9a\xb9\x7a\xfe\xe7\x00\x9f" - "\x6f\x66\x02\xf8\x99\xb5\xca\x6f\x09\x1a\x08\xeb\x7a\xfd\xea" - "\x88\x37\xc2\xf4\xc5\x79\xa4\xcf\x86\x78\xf2\x56\x82\x99\x60" - "\x8b\x49\xf7\x9c\xf4\x01\xc2\xd3\xdd"; -#else - "\x00\xba\xb3\xc3\x65\xfb\xab\xd3\x4f\xf1\xe8\x72\xb8\xaa\x48" - "\x6a\x82\x31\x43\xc9\x3e\xe6\xff\x6b\xb6\x0e\xa3\x82\xb4\xda" - "\x3f\xed\xa6\x0b\xbc\xf2\xd3\xad\x53\x88\x88\x14\x14\x3f\x2b" - "\x24\x8d\xd7\x3f\x4b\xb3\xe6\xc1\xb9\xb1\x4d\x3a\x10\xc4\x65" - "\xdc\xe2\xa1\x27\xd2\x8f\xb2\x67\x54\x34\x73\x53\xeb\xec\x84" - "\xab\xdd\xc1\x76\xc9\x73\x49\x4c\x7c\x18\x98\xd3\x40\xc4\x1c" - "\xfd\x0d\x6b\xae\xb7\x9f\x44\xc6\x0a\x5a\x89\x91\xb8\x6e\x20" - "\x38\x2b\xff\x42\xf7\xfe\x95\xc0\x1f\xa5\xca\x07\x2e\x4a\xb0" - "\x9c\x07\x60\x02\x61\xe1\x8b\x25\x01"; -#endif - - void set_attribute(CK_ATTRIBUTE_PTR attr, CK_OBJECT_CLASS oc, void *ptr, int len) { attr->type = oc; @@ -59,7 +35,8 @@ int slot_add_object(int id, int token_id, CK_ATTRIBUTE_PTR object, int num_attrs return CKR_OK; } -int slot_add_private_key_object(int id, int token_id, struct sc_pkcs15_prkey_info *key) +int slot_add_private_key_object(int id, int token_id, struct sc_pkcs15_prkey_info *key, + struct sc_pkcs15_cert *cert) { static CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY; static CK_BBOOL btrue = 1; @@ -71,23 +48,24 @@ int slot_add_private_key_object(int id, int token_id, struct sc_pkcs15_prkey_inf set_attribute(&object[2], CKA_ID, key->id.value, key->id.len); set_attribute(&object[3], CKA_TOKEN, &btrue, sizeof(btrue)); set_attribute(&object[4], CKA_KEY_TYPE, &rsakey, sizeof(rsakey)); - set_attribute(&object[5], CKA_MODULUS, modulus, sizeof(modulus)-1); + set_attribute(&object[5], CKA_MODULUS, cert->key.modulus, cert->key.modulus_len); return slot_add_object(id, token_id, object, 6); } int slot_add_certificate_object(int id, int token_id, - struct sc_pkcs15_cert_info *cert, - u8 *x509data, int x509length) + struct sc_pkcs15_cert_info *info, + struct sc_pkcs15_cert *cert) { static CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; CK_ATTRIBUTE_PTR object = (CK_ATTRIBUTE_PTR) malloc(sizeof(CK_ATTRIBUTE) * 4); set_attribute(&object[0], CKA_CLASS, &cert_class, sizeof(cert_class)); - set_attribute(&object[1], CKA_LABEL, cert->com_attr.label, strlen(cert->com_attr.label)); - set_attribute(&object[2], CKA_ID, cert->id.value, cert->id.len); - set_attribute(&object[3], CKA_VALUE, x509data, x509length); - + set_attribute(&object[1], CKA_LABEL, info->com_attr.label, strlen(info->com_attr.label)); + set_attribute(&object[2], CKA_ID, info->id.value, info->id.len); + set_attribute(&object[3], CKA_VALUE, cert->data, cert->data_len); + /* FIXME: save cert object */ + return slot_add_object(id, token_id, object, 4); } @@ -95,7 +73,7 @@ int slot_connect(int id) { struct sc_card *card; struct sc_pkcs15_card *p15card; - int r, c; + int r, c, i; r = sc_connect_card(ctx, id, &card); if (r) { @@ -123,30 +101,34 @@ int slot_connect(int id) r = sc_pkcs15_enum_certificates(p15card); if (r < 0) return CKR_DEVICE_ERROR; - - LOG("Found total of %d certificates.\n", r); - for (c = 0; c < r; c++) { - int len; - u8 *buf; - - LOG("Reading '%s' certificate.\n", p15card->cert_info[c].com_attr.label); - len = sc_pkcs15_read_certificate(p15card, &p15card->cert_info[c], &buf); - if (len < 0) - return len; - - LOG("Adding '%s' certificate object.\n", p15card->cert_info[c].com_attr.label); - slot_add_certificate_object(id, c, &p15card->cert_info[c], - buf, len); - } + LOG("Found total of %d certificates.\n", p15card->cert_count); r = sc_pkcs15_enum_private_keys(p15card); if (r < 0) return CKR_DEVICE_ERROR; + LOG("Found total of %d private keys.\n", p15card->prkey_count); - LOG("Found total of %d private keys.\n", r); - for (c = 0; c < r; c++) { - LOG("Adding '%s' private key object.\n", p15card->prkey_info[c].com_attr.label); - slot_add_private_key_object(id, c, &p15card->prkey_info[c]); + for (c = 0; c < p15card->cert_count; c++) { + struct sc_pkcs15_cert *cert; + struct sc_pkcs15_cert_info *cinfo = &p15card->cert_info[c]; + +// if (cinfo->authority) +// continue; + LOG("Reading '%s' certificate.\n", cinfo->com_attr.label); + r = sc_pkcs15_read_certificate(p15card, cinfo, &cert); + if (r) + return r; + LOG("Adding '%s' certificate object (id %X).\n", + cinfo->com_attr.label, cinfo->id); + slot_add_certificate_object(id, c, cinfo, cert); + for (i = 0; i < p15card->prkey_count; i++) { + struct sc_pkcs15_prkey_info *pinfo = &p15card->prkey_info[i]; + if (sc_pkcs15_compare_id(&cinfo->id, &pinfo->id)) { + LOG("Adding '%s' private key object (id %X).\n", + pinfo->com_attr.label, pinfo->id); + slot_add_private_key_object(id, i, pinfo, cert); + } + } } return CKR_OK; diff --git a/src/tests/hst-test.c b/src/tests/hst-test.c index 85334a44..52c5448e 100644 --- a/src/tests/hst-test.c +++ b/src/tests/hst-test.c @@ -14,10 +14,10 @@ struct sc_card *card = NULL; struct sc_pkcs15_card *p15_card = NULL; #define DO_PRKEY_ENUM 1 -#define DO_PIN_ENUM 1 -#define DO_PIN_VERIFY 1 -#define DO_DECIPHER 1 -#define DO_SIGN 1 +#define DO_PIN_ENUM 0 +#define DO_PIN_VERIFY 0 +#define DO_DECIPHER 0 +#define DO_SIGN 0 #define DO_CERT_ENUM 1 #define DO_CERT_READ 1 @@ -88,9 +88,12 @@ int main(int argc, char **argv) u8 buf[256], buf2[256]; struct sc_security_env senv; FILE *file; + struct sc_object_id oid; int i, c; + sc_asn1_decode_object_id("\x2a\x86\x48\x86\xf7\x0d", 6, &oid); + i = sc_establish_context(&ctx); if (i < 0) { printf("sc_establish_context() failed (%d)\n", i); @@ -228,7 +231,7 @@ int main(int argc, char **argv) #if DO_CERT_READ for (i = 0; i < p15_card->cert_count; i++) { char fname[16]; - u8 *certbuf; + struct sc_pkcs15_cert *cert; sc_pkcs15_print_cert_info(&p15_card->cert_info[i]); @@ -239,17 +242,16 @@ int main(int argc, char **argv) if (file != NULL) { c = sc_pkcs15_read_certificate(p15_card, &p15_card->cert_info[i], - &certbuf); - if (c < 0) { + &cert); + if (c) { fprintf(stderr, "Certificate read failed.\n"); return 1; } - sc_asn1_print_tags(certbuf, c); printf("Dumping certificate to file '%s' (%d bytes)\n", - fname, c); - fwrite(certbuf, c, 1, file); - free(certbuf); + fname, cert->data_len); + fwrite(cert->data, cert->data_len, 1, file); + sc_pkcs15_free_certificate(cert); fclose(file); } }