Differences From Artifact [05aec72ac3]:
- File cackey.c — part of check-in [d689039e52] at 2011-08-24 03:35:38 on branch trunk — Updated to deal with comparing the MODULUS attribute with non-exact matches (user: rkeene, size: 173370) [annotate] [blame] [check-ins using]
To Artifact [e7404c7b1a]:
- File
cackey.c
— part of check-in
[5027cbae9b]
at
2011-08-26 05:29:43
on branch trunk
— Updated to include DoD root CAs as objects in the PKCS#11 module
Updated to include Netscape Trust Objects (https://developer.mozilla.org/index.php?title=en/NSS/PKCS_%2311_Netscape_Trust) in PKCS#11 module
Added more attributes to scan for to test driver (user: rkeene, size: 176721) [annotate] [blame] [check-ins using]
| ︙ | ︙ | |||
51 52 53 54 55 56 57 58 59 60 61 62 63 | #define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name) #define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name) #ifndef NULL_PTR # define NULL_PTR 0 #endif #include "pkcs11.h" #include "asn1-x509.h" #ifndef CACKEY_CRYPTOKI_VERSION_CODE # define CACKEY_CRYPTOKI_VERSION_CODE 0x021e00 #endif | > > > < < < < < < < < < < < < < | 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 | #define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name) #define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name) #ifndef NULL_PTR # define NULL_PTR 0 #endif #include "pkcs11.h" #include "pkcs11n.h" #include "asn1-x509.h" #include "sha1.h" #include "md5.h" #ifndef CACKEY_CRYPTOKI_VERSION_CODE # define CACKEY_CRYPTOKI_VERSION_CODE 0x021e00 #endif /* GSC-IS v2.1 Definitions */ /** Classes **/ #define GSCIS_CLASS_ISO7816 0x00 #define GSCIS_CLASS_GLOBAL_PLATFORM 0x80 /** Instructions **/ #define GSCIS_INSTR_GET_RESPONSE 0xC0 |
| ︙ | ︙ | |||
619 620 621 622 623 624 625 626 627 628 629 630 631 632 |
/* CACKEY Global Handles */
static void *cackey_biglock = NULL;
static struct cackey_session cackey_sessions[128];
static struct cackey_slot cackey_slots[128];
static int cackey_initialized = 0;
static int cackey_biglock_init = 0;
CK_C_INITIALIZE_ARGS cackey_args;
/* PCSC Global Handles */
static LPSCARDCONTEXT cackey_pcsc_handle = NULL;
static unsigned long cackey_getversion(void) {
static unsigned long retval = 255;
unsigned long major = 0;
| > > > > > | 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 |
/* CACKEY Global Handles */
static void *cackey_biglock = NULL;
static struct cackey_session cackey_sessions[128];
static struct cackey_slot cackey_slots[128];
static int cackey_initialized = 0;
static int cackey_biglock_init = 0;
CK_C_INITIALIZE_ARGS cackey_args;
/** Extra certificates to include in token **/
struct cackey_pcsc_identity extra_certs[] = {
#include "cackey_builtin_certs.h"
};
/* PCSC Global Handles */
static LPSCARDCONTEXT cackey_pcsc_handle = NULL;
static unsigned long cackey_getversion(void) {
static unsigned long retval = 255;
unsigned long major = 0;
|
| ︙ | ︙ | |||
1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 |
*
* NOTES
* ...
*
*/
static void cackey_free_certs(struct cackey_pcsc_identity *start, size_t count, int free_start) {
size_t idx;
for (idx = 0; idx < count; idx++) {
if (start[idx].certificate) {
free(start[idx].certificate);
}
}
| > > > > | 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 |
*
* NOTES
* ...
*
*/
static void cackey_free_certs(struct cackey_pcsc_identity *start, size_t count, int free_start) {
size_t idx;
if (start == NULL) {
return;
}
for (idx = 0; idx < count; idx++) {
if (start[idx].certificate) {
free(start[idx].certificate);
}
}
|
| ︙ | ︙ | |||
2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 2674 2675 2676 2677 2678 2679 2680 2681 2682 2683 2684 2685 |
return(0);
}
static CK_ATTRIBUTE_PTR cackey_get_attributes(CK_OBJECT_CLASS objectclass, struct cackey_pcsc_identity *identity, unsigned long identity_num, CK_ULONG_PTR pulCount) {
static CK_BBOOL ck_true = 1;
static CK_BBOOL ck_false = 0;
CK_ULONG numattrs = 0, retval_count;
CK_ATTRIBUTE_TYPE curr_attr_type;
CK_ATTRIBUTE curr_attr, *retval;
CK_VOID_PTR pValue;
CK_ULONG ulValueLen;
CK_OBJECT_CLASS ck_object_class;
CK_CERTIFICATE_TYPE ck_certificate_type;
CK_KEY_TYPE ck_key_type;
CK_UTF8CHAR ucTmpBuf[1024];
unsigned char *certificate;
ssize_t certificate_len = -1, x509_read_ret;
int pValue_free;
CACKEY_DEBUG_PRINTF("Called (objectClass = %lu, identity_num = %lu).", (unsigned long) objectclass, identity_num);
| > > > > > > > | | 2663 2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 2674 2675 2676 2677 2678 2679 2680 2681 2682 2683 2684 2685 2686 2687 2688 2689 2690 2691 2692 2693 2694 2695 2696 2697 2698 2699 |
return(0);
}
static CK_ATTRIBUTE_PTR cackey_get_attributes(CK_OBJECT_CLASS objectclass, struct cackey_pcsc_identity *identity, unsigned long identity_num, CK_ULONG_PTR pulCount) {
static CK_BBOOL ck_true = 1;
static CK_BBOOL ck_false = 0;
static CK_TRUST ck_trusted = CK_TRUSTED_DELEGATOR;
CK_ULONG numattrs = 0, retval_count;
CK_ATTRIBUTE_TYPE curr_attr_type;
CK_ATTRIBUTE curr_attr, *retval;
CK_VOID_PTR pValue;
CK_ULONG ulValueLen;
CK_OBJECT_CLASS ck_object_class;
CK_CERTIFICATE_TYPE ck_certificate_type;
CK_KEY_TYPE ck_key_type;
CK_UTF8CHAR ucTmpBuf[1024];
SHA1Context sha1_ctx;
MD5_CTX md5_ctx;
uint8_t sha1_hash[SHA1HashSize];
uint8_t md5_hash[MD5HashSize];
unsigned char *certificate;
ssize_t certificate_len = -1, x509_read_ret;
int pValue_free;
CACKEY_DEBUG_PRINTF("Called (objectClass = %lu, identity_num = %lu).", (unsigned long) objectclass, identity_num);
*pulCount = 0;
if (objectclass != CKO_CERTIFICATE && objectclass != CKO_PUBLIC_KEY && objectclass != CKO_PRIVATE_KEY && objectclass != CKO_NETSCAPE_TRUST) {
CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), invalid object class");
return(NULL);
}
/* Get Cert */
if (identity == NULL) {
|
| ︙ | ︙ | |||
2708 2709 2710 2711 2712 2713 2714 |
/* Verify that certificate is ASN.1 encoded X.509 certificate */
if (x509_to_serial(certificate, certificate_len, NULL) < 0) {
CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), the X.509 certificate associated with this identity is not valid");
return(NULL);
}
| | | | 2714 2715 2716 2717 2718 2719 2720 2721 2722 2723 2724 2725 2726 2727 2728 2729 2730 2731 |
/* Verify that certificate is ASN.1 encoded X.509 certificate */
if (x509_to_serial(certificate, certificate_len, NULL) < 0) {
CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), the X.509 certificate associated with this identity is not valid");
return(NULL);
}
retval_count = 64;
retval = malloc(retval_count * sizeof(*retval));
for (curr_attr_type = 0; curr_attr_type < 0xce5363bf; curr_attr_type++) {
if (curr_attr_type == 0x800) {
curr_attr_type = 0xce536300;
}
pValue_free = 0;
pValue = NULL;
ulValueLen = (CK_LONG) -1;
|
| ︙ | ︙ | |||
2740 2741 2742 2743 2744 2745 2746 2747 2748 2749 2750 2751 2752 2753 2754 2755 2756 |
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_TOKEN (0x%08lx) ...", (unsigned long) curr_attr_type);
pValue = &ck_true;
ulValueLen = sizeof(ck_true);
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_TRUSTED:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_TRUSTED (0x%08lx) ...", (unsigned long) curr_attr_type);
pValue = &ck_true;
ulValueLen = sizeof(ck_true);
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
| > > > > > > > > > > > > > > > > > > > > > | 2746 2747 2748 2749 2750 2751 2752 2753 2754 2755 2756 2757 2758 2759 2760 2761 2762 2763 2764 2765 2766 2767 2768 2769 2770 2771 2772 2773 2774 2775 2776 2777 2778 2779 2780 2781 2782 2783 |
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_TOKEN (0x%08lx) ...", (unsigned long) curr_attr_type);
pValue = &ck_true;
ulValueLen = sizeof(ck_true);
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_PRIVATE:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_PRIVATE (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass != CKO_NETSCAPE_TRUST) {
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are not a Netscape trust object");
break;
}
pValue = &ck_false;
ulValueLen = sizeof(ck_false);
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_TRUSTED:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_TRUSTED (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass == CKO_NETSCAPE_TRUST) {
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are a Netscape trust object");
break;
}
pValue = &ck_true;
ulValueLen = sizeof(ck_true);
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
|
| ︙ | ︙ | |||
2781 2782 2783 2784 2785 2786 2787 2788 2789 2790 2791 2792 2793 2794 2795 2796 2797 2798 2799 2800 2801 2802 2803 2804 2805 |
case CKA_VALUE:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_VALUE (0x%08lx) ...", (unsigned long) curr_attr_type);
switch (objectclass) {
case CKO_PRIVATE_KEY:
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are a private key.");
break;
case CKO_PUBLIC_KEY:
/* XXX: TODO */
break;
case CKO_CERTIFICATE:
pValue = certificate;
ulValueLen = certificate_len;
break;
}
CACKEY_DEBUG_PRINTF(" ... returning %p/%lu", pValue, (unsigned long) ulValueLen);
break;
case CKA_ISSUER:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_ISSUER (0x%08lx) ...", (unsigned long) curr_attr_type);
| > > > > | | | | | > > > > > > | 2808 2809 2810 2811 2812 2813 2814 2815 2816 2817 2818 2819 2820 2821 2822 2823 2824 2825 2826 2827 2828 2829 2830 2831 2832 2833 2834 2835 2836 2837 2838 2839 2840 2841 2842 2843 2844 2845 2846 2847 2848 2849 2850 2851 2852 2853 2854 2855 2856 2857 2858 2859 2860 2861 2862 2863 2864 2865 2866 2867 2868 2869 2870 2871 2872 2873 2874 2875 2876 2877 2878 2879 2880 2881 2882 2883 2884 2885 2886 2887 2888 2889 2890 2891 2892 2893 2894 2895 2896 2897 2898 2899 2900 2901 2902 2903 2904 2905 2906 2907 2908 2909 2910 2911 |
case CKA_VALUE:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_VALUE (0x%08lx) ...", (unsigned long) curr_attr_type);
switch (objectclass) {
case CKO_PRIVATE_KEY:
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are a private key.");
break;
case CKO_NETSCAPE_TRUST:
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are a Netscape trust object");
break;
case CKO_PUBLIC_KEY:
/* XXX: TODO */
break;
case CKO_CERTIFICATE:
pValue = certificate;
ulValueLen = certificate_len;
break;
}
CACKEY_DEBUG_PRINTF(" ... returning %p/%lu", pValue, (unsigned long) ulValueLen);
break;
case CKA_ISSUER:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_ISSUER (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass != CKO_CERTIFICATE && objectclass != CKO_NETSCAPE_TRUST) {
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are not a certificate or Netscape trust object");
break;
}
if (certificate_len >= 0) {
x509_read_ret = x509_to_issuer(certificate, certificate_len, &pValue);
if (x509_read_ret < 0) {
pValue = NULL;
} else {
ulValueLen = x509_read_ret;
}
}
CACKEY_DEBUG_PRINTF(" ... returning %p/%lu", pValue, (unsigned long) ulValueLen);
break;
case CKA_SERIAL_NUMBER:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_SERIAL_NUMBER (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass != CKO_CERTIFICATE && objectclass != CKO_NETSCAPE_TRUST) {
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are not a certificate or Netscape trust object");
break;
}
if (certificate_len >= 0) {
x509_read_ret = x509_to_serial(certificate, certificate_len, &pValue);
if (x509_read_ret < 0) {
pValue = NULL;
} else {
ulValueLen = x509_read_ret;
}
}
CACKEY_DEBUG_PRINTF(" ... returning (%p/%lu)", pValue, (unsigned long) ulValueLen);
break;
case CKA_SUBJECT:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_SUBJECT (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass != CKO_CERTIFICATE) {
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are not a certificate");
break;
}
if (certificate_len >= 0) {
x509_read_ret = x509_to_subject(certificate, certificate_len, &pValue);
if (x509_read_ret < 0) {
pValue = NULL;
} else {
ulValueLen = x509_read_ret;
}
}
CACKEY_DEBUG_PRINTF(" ... returning %p/%lu", pValue, (unsigned long) ulValueLen);
break;
case CKA_ID:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_ID (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass == CKO_NETSCAPE_TRUST) {
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are a Netscape trust object");
break;
}
ucTmpBuf[0] = ((identity_num + 1) >> 8) & 0xff;
ucTmpBuf[1] = (identity_num + 1) & 0xff;
pValue = &ucTmpBuf;
ulValueLen = 2;
|
| ︙ | ︙ | |||
2909 2910 2911 2912 2913 2914 2915 2916 2917 2918 2919 2920 2921 2922 2923 2924 2925 2926 2927 2928 2929 2930 2931 2932 2933 2934 2935 2936 2937 2938 2939 2940 2941 2942 2943 2944 2945 2946 2947 2948 2949 2950 2951 2952 2953 2954 2955 2956 2957 2958 2959 2960 2961 2962 2963 2964 2965 2966 2967 2968 2969 2970 2971 2972 2973 2974 2975 2976 2977 2978 2979 2980 2981 2982 2983 2984 2985 2986 2987 2988 2989 2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 3000 3001 3002 3003 3004 3005 3006 3007 3008 3009 3010 |
ulValueLen = sizeof(ck_key_type);
CACKEY_DEBUG_PRINTF(" ... returning CKK_RSA (%lu) (%p/%lu)", (unsigned long) *((CK_CERTIFICATE_TYPE *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_SIGN:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_SIGN (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass == CKO_PRIVATE_KEY) {
pValue = &ck_true;
ulValueLen = sizeof(ck_true);
} else {
pValue = &ck_false;
ulValueLen = sizeof(ck_false);
}
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_SIGN_RECOVER:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_SIGN_RECOVER (0x%08lx) ...", (unsigned long) curr_attr_type);
/* We currently only support "Sign with Appendix" */
pValue = &ck_false;
ulValueLen = sizeof(ck_false);
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_DECRYPT:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_DECRYPT (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass == CKO_PRIVATE_KEY || objectclass == CKO_PUBLIC_KEY) {
pValue = &ck_true;
ulValueLen = sizeof(ck_true);
} else {
pValue = &ck_false;
ulValueLen = sizeof(ck_false);
}
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_SENSITIVE:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_SENSITIVE (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass == CKO_PRIVATE_KEY) {
pValue = &ck_true;
ulValueLen = sizeof(ck_true);
} else {
pValue = &ck_false;
ulValueLen = sizeof(ck_false);
}
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_EXTRACTABLE:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_EXTRACTABLE (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass == CKO_PRIVATE_KEY) {
pValue = &ck_false;
ulValueLen = sizeof(ck_true);
} else {
pValue = &ck_true;
ulValueLen = sizeof(ck_false);
}
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_MODULUS:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_MODULUS (0x%08lx) ...", (unsigned long) curr_attr_type);
if (certificate_len >= 0) {
x509_read_ret = x509_to_modulus(certificate, certificate_len, &pValue);
if (x509_read_ret < 0) {
pValue = NULL;
} else {
ulValueLen = x509_read_ret;
}
}
CACKEY_DEBUG_PRINTF(" ... returning (%p/%lu)", pValue, (unsigned long) ulValueLen);
break;
case CKA_PUBLIC_EXPONENT:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_PUBLIC_EXPONENT (0x%08lx) ...", (unsigned long) curr_attr_type);
if (certificate_len >= 0) {
x509_read_ret = x509_to_exponent(certificate, certificate_len, &pValue);
if (x509_read_ret < 0) {
pValue = NULL;
} else {
ulValueLen = x509_read_ret;
}
}
CACKEY_DEBUG_PRINTF(" ... returning (%p/%lu)", pValue, (unsigned long) ulValueLen);
break;
case CKA_TRUST_SERVER_AUTH:
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | | | | | | > > | < > | < | | | | | | | | > > > > > > > > > > | | | | 2946 2947 2948 2949 2950 2951 2952 2953 2954 2955 2956 2957 2958 2959 2960 2961 2962 2963 2964 2965 2966 2967 2968 2969 2970 2971 2972 2973 2974 2975 2976 2977 2978 2979 2980 2981 2982 2983 2984 2985 2986 2987 2988 2989 2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 3000 3001 3002 3003 3004 3005 3006 3007 3008 3009 3010 3011 3012 3013 3014 3015 3016 3017 3018 3019 3020 3021 3022 3023 3024 3025 3026 3027 3028 3029 3030 3031 3032 3033 3034 3035 3036 3037 3038 3039 3040 3041 3042 3043 3044 3045 3046 3047 3048 3049 3050 3051 3052 3053 3054 3055 3056 3057 3058 3059 3060 3061 3062 3063 3064 3065 3066 3067 3068 3069 3070 3071 3072 3073 3074 3075 3076 3077 3078 3079 3080 3081 3082 3083 3084 3085 3086 3087 3088 3089 3090 3091 3092 3093 3094 3095 3096 3097 3098 3099 3100 3101 3102 3103 3104 3105 3106 3107 3108 3109 3110 3111 3112 3113 3114 3115 3116 3117 3118 3119 3120 3121 3122 3123 3124 3125 3126 3127 3128 3129 3130 3131 3132 3133 3134 3135 3136 3137 3138 3139 3140 3141 3142 3143 3144 3145 3146 3147 3148 3149 3150 |
ulValueLen = sizeof(ck_key_type);
CACKEY_DEBUG_PRINTF(" ... returning CKK_RSA (%lu) (%p/%lu)", (unsigned long) *((CK_CERTIFICATE_TYPE *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_SIGN:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_SIGN (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass == CKO_NETSCAPE_TRUST) {
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are a Netscape trust object");
break;
}
if (objectclass == CKO_PRIVATE_KEY) {
pValue = &ck_true;
ulValueLen = sizeof(ck_true);
} else {
pValue = &ck_false;
ulValueLen = sizeof(ck_false);
}
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_SIGN_RECOVER:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_SIGN_RECOVER (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass == CKO_NETSCAPE_TRUST) {
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are a Netscape trust object");
break;
}
/* We currently only support "Sign with Appendix" */
pValue = &ck_false;
ulValueLen = sizeof(ck_false);
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_DECRYPT:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_DECRYPT (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass == CKO_NETSCAPE_TRUST) {
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are a Netscape trust object");
break;
}
if (objectclass == CKO_PRIVATE_KEY || objectclass == CKO_PUBLIC_KEY) {
pValue = &ck_true;
ulValueLen = sizeof(ck_true);
} else {
pValue = &ck_false;
ulValueLen = sizeof(ck_false);
}
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_SENSITIVE:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_SENSITIVE (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass == CKO_NETSCAPE_TRUST) {
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are a Netscape trust object");
break;
}
if (objectclass == CKO_PRIVATE_KEY) {
pValue = &ck_true;
ulValueLen = sizeof(ck_true);
} else {
pValue = &ck_false;
ulValueLen = sizeof(ck_false);
}
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_EXTRACTABLE:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_EXTRACTABLE (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass == CKO_NETSCAPE_TRUST) {
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are a Netscape trust object");
break;
}
if (objectclass == CKO_PRIVATE_KEY) {
pValue = &ck_false;
ulValueLen = sizeof(ck_true);
} else {
pValue = &ck_true;
ulValueLen = sizeof(ck_false);
}
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_MODULUS:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_MODULUS (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass == CKO_NETSCAPE_TRUST) {
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are a Netscape trust object");
break;
}
if (certificate_len >= 0) {
x509_read_ret = x509_to_modulus(certificate, certificate_len, &pValue);
if (x509_read_ret < 0) {
pValue = NULL;
} else {
ulValueLen = x509_read_ret;
}
}
CACKEY_DEBUG_PRINTF(" ... returning (%p/%lu)", pValue, (unsigned long) ulValueLen);
break;
case CKA_PUBLIC_EXPONENT:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_PUBLIC_EXPONENT (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass == CKO_NETSCAPE_TRUST) {
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are a Netscape trust object");
break;
}
if (certificate_len >= 0) {
x509_read_ret = x509_to_exponent(certificate, certificate_len, &pValue);
if (x509_read_ret < 0) {
pValue = NULL;
} else {
ulValueLen = x509_read_ret;
}
}
CACKEY_DEBUG_PRINTF(" ... returning (%p/%lu)", pValue, (unsigned long) ulValueLen);
break;
case CKA_TRUST_DIGITAL_SIGNATURE:
case CKA_TRUST_NON_REPUDIATION:
case CKA_TRUST_KEY_ENCIPHERMENT:
case CKA_TRUST_DATA_ENCIPHERMENT:
case CKA_TRUST_KEY_AGREEMENT:
case CKA_TRUST_KEY_CERT_SIGN:
case CKA_TRUST_CRL_SIGN:
case CKA_TRUST_SERVER_AUTH:
case CKA_TRUST_CLIENT_AUTH:
case CKA_TRUST_CODE_SIGNING:
case CKA_TRUST_EMAIL_PROTECTION:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_TRUST_... (0x%08lx) ...", (unsigned long) curr_attr_type);
pValue = &ck_trusted;
ulValueLen = sizeof(ck_trusted);
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_TRUST *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_CERT_SHA1_HASH:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_CERT_SHA1_HASH (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass != CKO_NETSCAPE_TRUST) {
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are not a Netscape trust object");
break;
}
SHA1Reset(&sha1_ctx);
SHA1Input(&sha1_ctx, certificate, certificate_len);
SHA1Result(&sha1_ctx, sha1_hash);
pValue = sha1_hash;
ulValueLen = sizeof(sha1_hash);
CACKEY_DEBUG_PRINTF(" ... returning %p/%lu", pValue, (unsigned long) ulValueLen);
break;
case CKA_CERT_MD5_HASH:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_CERT_MD5_HASH (0x%08lx) ...", (unsigned long) curr_attr_type);
if (objectclass != CKO_NETSCAPE_TRUST) {
CACKEY_DEBUG_PRINTF(" ... but not getting it because we are not a Netscape trust object");
break;
}
MD5Init(&md5_ctx);
MD5Update(&md5_ctx, certificate, certificate_len);
MD5Final(md5_hash, &md5_ctx);
pValue = md5_hash;
ulValueLen = sizeof(md5_hash);
CACKEY_DEBUG_PRINTF(" ... returning %p/%lu", pValue, (unsigned long) ulValueLen);
break;
default:
pValue = NULL;
ulValueLen = (CK_LONG) -1;
break;
}
|
| ︙ | ︙ | |||
3058 3059 3060 3061 3062 3063 3064 |
memcpy(curr_attr.pValue, pValue, curr_attr.ulValueLen);
if (pValue_free && pValue) {
free(pValue);
}
if (numattrs >= retval_count) {
| < | 3158 3159 3160 3161 3162 3163 3164 3165 3166 3167 3168 3169 3170 3171 |
memcpy(curr_attr.pValue, pValue, curr_attr.ulValueLen);
if (pValue_free && pValue) {
free(pValue);
}
if (numattrs >= retval_count) {
retval = realloc(retval, retval_count * sizeof(*retval));
}
memcpy(&retval[numattrs], &curr_attr, sizeof(curr_attr));
numattrs++;
}
}
|
| ︙ | ︙ | |||
3116 3117 3118 3119 3120 3121 3122 |
free(identities);
}
static struct cackey_identity *cackey_read_identities(struct cackey_slot *slot, unsigned long *ids_found) {
struct cackey_pcsc_identity *pcsc_identities;
struct cackey_identity *identities;
unsigned long num_ids, id_idx, curr_id_type;
| | > > > > < < < < > > > > > > > > > > > > > > > | 3215 3216 3217 3218 3219 3220 3221 3222 3223 3224 3225 3226 3227 3228 3229 3230 3231 3232 3233 3234 3235 3236 3237 3238 3239 3240 3241 3242 3243 3244 3245 3246 3247 3248 3249 3250 3251 3252 3253 3254 3255 3256 3257 3258 3259 3260 3261 3262 3263 3264 3265 3266 3267 3268 3269 3270 3271 3272 3273 3274 3275 3276 3277 3278 3279 3280 |
free(identities);
}
static struct cackey_identity *cackey_read_identities(struct cackey_slot *slot, unsigned long *ids_found) {
struct cackey_pcsc_identity *pcsc_identities;
struct cackey_identity *identities;
unsigned long num_ids, id_idx, curr_id_type;
unsigned long num_certs, num_extra_certs, cert_idx;
CACKEY_DEBUG_PRINTF("Called.");
num_extra_certs = sizeof(extra_certs) / sizeof(extra_certs[0]);
if (ids_found == NULL) {
CACKEY_DEBUG_PRINTF("Error. ids_found is NULL");
return(NULL);
}
pcsc_identities = cackey_read_certs(slot, NULL, &num_certs);
if (pcsc_identities != NULL) {
/* Convert number of Certs to number of objects */
num_ids = (CKO_PRIVATE_KEY - CKO_CERTIFICATE + 1) * num_certs;
num_ids += num_extra_certs * 2;
identities = malloc(num_ids * sizeof(*identities));
/* Add certificates, public keys, and private keys from the smartcard */
id_idx = 0;
for (cert_idx = 0; cert_idx < num_certs; cert_idx++) {
for (curr_id_type = CKO_CERTIFICATE; curr_id_type <= CKO_PRIVATE_KEY; curr_id_type++) {
identities[id_idx].attributes = cackey_get_attributes(curr_id_type, &pcsc_identities[cert_idx], cert_idx, &identities[id_idx].attributes_count);
identities[id_idx].pcsc_identity = malloc(sizeof(*identities[id_idx].pcsc_identity));
memcpy(identities[id_idx].pcsc_identity, &pcsc_identities[cert_idx], sizeof(*identities[id_idx].pcsc_identity));
identities[id_idx].pcsc_identity->certificate = malloc(pcsc_identities[cert_idx].certificate_len);
memcpy(identities[id_idx].pcsc_identity->certificate, pcsc_identities[cert_idx].certificate, pcsc_identities[cert_idx].certificate_len);
id_idx++;
}
}
cackey_free_certs(pcsc_identities, num_certs, 1);
/* Add DoD Certificates and Netscape Trust Objects */
for (cert_idx = 0; cert_idx < num_extra_certs; cert_idx++) {
identities[id_idx].pcsc_identity = NULL;
identities[id_idx].attributes = cackey_get_attributes(CKO_CERTIFICATE, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
id_idx++;
}
for (cert_idx = 0; cert_idx < num_extra_certs; cert_idx++) {
identities[id_idx].pcsc_identity = NULL;
identities[id_idx].attributes = cackey_get_attributes(CKO_NETSCAPE_TRUST, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
id_idx++;
}
*ids_found = num_ids;
return(identities);
}
*ids_found = 0;
return(NULL);
|
| ︙ | ︙ | |||
4630 4631 4632 4633 4634 4635 4636 |
return(CKR_OK);
}
static int cackey_pkcs11_compare_attributes(CK_ATTRIBUTE *a, CK_ATTRIBUTE *b) {
unsigned char *smallbuf, *largebuf;
size_t smallbuf_len, largebuf_len;
| < < | 4744 4745 4746 4747 4748 4749 4750 4751 4752 4753 4754 4755 4756 4757 |
return(CKR_OK);
}
static int cackey_pkcs11_compare_attributes(CK_ATTRIBUTE *a, CK_ATTRIBUTE *b) {
unsigned char *smallbuf, *largebuf;
size_t smallbuf_len, largebuf_len;
if (a->type != b->type) {
return(0);
}
CACKEY_DEBUG_PRINTF(" ... found matching type ...");
CACKEY_DEBUG_PRINTBUF(" ... our value:", a->pValue, a->ulValueLen);
|
| ︙ | ︙ |