alias RSA type, call openssl functions only in openssl_utils.c
This commit is contained in:
+1
-1
@@ -282,7 +282,7 @@ CK_RV apply_sign_mechanism_finalize(op_info_t *op_info) {
|
|||||||
// Compute padding for all PSS variants
|
// Compute padding for all PSS variants
|
||||||
// TODO: digestinfo/paraminfo ?
|
// TODO: digestinfo/paraminfo ?
|
||||||
rv = do_pkcs_pss(op_info->op.sign.key, op_info->buf, op_info->buf_len, nid, op_info->buf, &op_info->buf_len);
|
rv = do_pkcs_pss(op_info->op.sign.key, op_info->buf, op_info->buf_len, nid, op_info->buf, &op_info->buf_len);
|
||||||
RSA_free(op_info->op.sign.key);
|
do_free_rsa_public_key(op_info->op.sign.key);
|
||||||
|
|
||||||
return rv;
|
return rv;
|
||||||
|
|
||||||
|
|||||||
@@ -50,4 +50,6 @@ typedef enum {
|
|||||||
typedef EVP_MD_CTX ykcs11_md_ctx_t;
|
typedef EVP_MD_CTX ykcs11_md_ctx_t;
|
||||||
//typedef EVP_PKEY ykcs11_evp_pkey_t;
|
//typedef EVP_PKEY ykcs11_evp_pkey_t;
|
||||||
|
|
||||||
|
typedef RSA ykcs11_rsa_key_t;
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
+19
-9
@@ -467,18 +467,28 @@ CK_RV do_get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV do_encode_rsa_public_key(CK_BYTE_PTR data, CK_ULONG len, RSA **key) {
|
CK_RV do_encode_rsa_public_key(ykcs11_rsa_key_t **key, CK_BYTE_PTR modulus,
|
||||||
|
CK_ULONG mlen, CK_BYTE_PTR exponent, CK_ULONG elen) {
|
||||||
const unsigned char *p = data;
|
ykcs11_rsa_key_t *k;
|
||||||
|
if (modulus == NULL || exponent == NULL)
|
||||||
if (data == NULL)
|
|
||||||
return CKR_ARGUMENTS_BAD;
|
return CKR_ARGUMENTS_BAD;
|
||||||
|
|
||||||
if ((*key = d2i_RSAPublicKey(NULL, &p, (long) len)) == NULL)
|
if ((k = RSA_new()) == NULL)
|
||||||
|
return CKR_HOST_MEMORY;
|
||||||
|
|
||||||
|
if ((k->n = BN_bin2bn(modulus, mlen, NULL)) == NULL)
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_FUNCTION_FAILED;
|
||||||
|
|
||||||
return CKR_OK;
|
if ((k->e = BN_bin2bn(exponent, elen, NULL)) == NULL)
|
||||||
|
return CKR_FUNCTION_FAILED;
|
||||||
|
|
||||||
|
*key = k;
|
||||||
|
return CKR_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
CK_RV do_free_rsa_public_key(ykcs11_rsa_key_t *key) {
|
||||||
|
RSA_free(key);
|
||||||
|
return CKR_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV do_get_curve_parameters(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) {
|
CK_RV do_get_curve_parameters(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) {
|
||||||
@@ -555,8 +565,8 @@ CK_RV do_pkcs_1_digest_info(CK_BYTE_PTR in, CK_ULONG in_len, int nid, CK_BYTE_PT
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV do_pkcs_pss(RSA *key, CK_BYTE_PTR in, CK_ULONG in_len, int nid,
|
CK_RV do_pkcs_pss(ykcs11_rsa_key_t *key, CK_BYTE_PTR in, CK_ULONG in_len,
|
||||||
CK_BYTE_PTR out, CK_ULONG_PTR out_len) {
|
int nid, CK_BYTE_PTR out, CK_ULONG_PTR out_len) {
|
||||||
unsigned char em[RSA_size(key)];
|
unsigned char em[RSA_size(key)];
|
||||||
|
|
||||||
OpenSSL_add_all_digests();
|
OpenSSL_add_all_digests();
|
||||||
|
|||||||
@@ -53,11 +53,13 @@ CK_ULONG do_get_rsa_modulus_length(EVP_PKEY *key);
|
|||||||
CK_RV do_get_public_exponent(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len);
|
CK_RV do_get_public_exponent(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len);
|
||||||
CK_RV do_get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len);
|
CK_RV do_get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len);
|
||||||
CK_RV do_get_modulus(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len);
|
CK_RV do_get_modulus(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len);
|
||||||
CK_RV do_encode_rsa_public_key(CK_BYTE_PTR data, CK_ULONG len, RSA **key);
|
|
||||||
CK_RV do_get_curve_parameters(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len);
|
CK_RV do_get_curve_parameters(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len);
|
||||||
CK_RV do_delete_pubk(EVP_PKEY **key);
|
CK_RV do_delete_pubk(EVP_PKEY **key);
|
||||||
//CK_RV free_key(EVP_PKEY *key);
|
//CK_RV free_key(EVP_PKEY *key);
|
||||||
|
|
||||||
|
CK_RV do_encode_rsa_public_key(ykcs11_rsa_key_t **key, CK_BYTE_PTR modulus, CK_ULONG mlen, CK_BYTE_PTR exponent, CK_ULONG elen);
|
||||||
|
CK_RV do_free_rsa_public_key(ykcs11_rsa_key_t *key);
|
||||||
|
|
||||||
CK_RV do_pkcs_1_t1(CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG_PTR out_len, CK_ULONG key_len);
|
CK_RV do_pkcs_1_t1(CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG_PTR out_len, CK_ULONG key_len);
|
||||||
CK_RV do_pkcs_1_digest_info(CK_BYTE_PTR in, CK_ULONG in_len, int nid, CK_BYTE_PTR out, CK_ULONG_PTR out_len);
|
CK_RV do_pkcs_1_digest_info(CK_BYTE_PTR in, CK_ULONG in_len, int nid, CK_BYTE_PTR out, CK_ULONG_PTR out_len);
|
||||||
|
|
||||||
|
|||||||
+4
-13
@@ -38,6 +38,7 @@
|
|||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
#include "mechanisms.h"
|
#include "mechanisms.h"
|
||||||
#include "openssl_types.h"
|
#include "openssl_types.h"
|
||||||
|
#include "openssl_utils.h"
|
||||||
#include "debug.h"
|
#include "debug.h"
|
||||||
|
|
||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
@@ -1756,10 +1757,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_SignInit)(
|
|||||||
|
|
||||||
// Also store the raw public key if the mechanism is PSS
|
// Also store the raw public key if the mechanism is PSS
|
||||||
if (is_PSS_mechanism(pMechanism->mechanism)) {
|
if (is_PSS_mechanism(pMechanism->mechanism)) {
|
||||||
op_info.op.sign.key = RSA_new();
|
|
||||||
if (op_info.op.sign.key == NULL)
|
|
||||||
return CKR_HOST_MEMORY;
|
|
||||||
|
|
||||||
template[2].pValue = buf;
|
template[2].pValue = buf;
|
||||||
template[2].ulValueLen = (key_len + 7) / 8 ;
|
template[2].ulValueLen = (key_len + 7) / 8 ;
|
||||||
|
|
||||||
@@ -1767,20 +1764,14 @@ CK_DEFINE_FUNCTION(CK_RV, C_SignInit)(
|
|||||||
DBG("Unable to get public key");
|
DBG("Unable to get public key");
|
||||||
return CKR_KEY_HANDLE_INVALID;
|
return CKR_KEY_HANDLE_INVALID;
|
||||||
}
|
}
|
||||||
op_info.op.sign.key->n = BN_bin2bn(buf, (key_len + 7) / 8, NULL);
|
|
||||||
if(op_info.op.sign.key->n == NULL) {
|
|
||||||
DBG("Failed to parse public key modulus.");
|
|
||||||
return CKR_KEY_HANDLE_INVALID;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (get_attribute(&session, hKey, template + 3) != CKR_OK) {
|
if (get_attribute(&session, hKey, template + 3) != CKR_OK) {
|
||||||
DBG("Unable to get public exponent");
|
DBG("Unable to get public exponent");
|
||||||
return CKR_KEY_HANDLE_INVALID;
|
return CKR_KEY_HANDLE_INVALID;
|
||||||
}
|
}
|
||||||
op_info.op.sign.key->e = BN_bin2bn(exp, sizeof(exp), NULL);
|
|
||||||
if(op_info.op.sign.key->e == NULL) {
|
if (do_encode_rsa_public_key(&op_info.op.sign.key, buf, (key_len + 7) / 8, exp, sizeof(exp)) != CKR_OK) {
|
||||||
DBG("Failed to parse public key exponent.");
|
return CKR_FUNCTION_FAILED;
|
||||||
return CKR_KEY_HANDLE_INVALID;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|||||||
+1
-1
@@ -75,7 +75,7 @@ typedef struct {
|
|||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
ykcs11_md_ctx_t *md_ctx; // Digest context
|
ykcs11_md_ctx_t *md_ctx; // Digest context
|
||||||
RSA *key; // Raw public key (needed for PSS)
|
ykcs11_rsa_key_t *key; // Raw public key (needed for PSS)
|
||||||
CK_BYTE algo; // Algo for ykpiv // TODO: infer this from the key length?
|
CK_BYTE algo; // Algo for ykpiv // TODO: infer this from the key length?
|
||||||
CK_ULONG key_id; // Key id for ykpiv // TODO: make this a BYTE and store the id {0, 1, 2, 3}
|
CK_ULONG key_id; // Key id for ykpiv // TODO: make this a BYTE and store the id {0, 1, 2, 3}
|
||||||
CK_ULONG key_len; // Length in bits
|
CK_ULONG key_len; // Length in bits
|
||||||
|
|||||||
Reference in New Issue
Block a user