From 2ea35bbd18ff936daebf0d34f61b3339fdac4fac Mon Sep 17 00:00:00 2001 From: Alessio Di Mauro Date: Thu, 17 Sep 2015 16:31:21 +0200 Subject: [PATCH] Export more public key parameters. --- ykcs11/objects.c | 79 +++++++++++++++++++++++++++++++++++++++++- ykcs11/openssl_utils.c | 17 +++++++++ ykcs11/openssl_utils.h | 1 + 3 files changed, 96 insertions(+), 1 deletion(-) diff --git a/ykcs11/objects.c b/ykcs11/objects.c index 91b3380..c9780a8 100644 --- a/ykcs11/objects.c +++ b/ykcs11/objects.c @@ -221,6 +221,10 @@ static CK_ULONG get_modulus_bits(EVP_PKEY *key) { return do_get_rsa_modulus_length(key); } +static CK_ULONG get_public_exponent(EVP_PKEY *key) { + return do_get_public_exponent(key); +} + static CK_RV get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) { return do_get_public_key(key, data, len); } @@ -520,6 +524,14 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) { case CKA_MODULUS: DBG(("MODULUS")); len = sizeof(b_tmp); + + // Make sure that this is an RSA key + ul_tmp = get_key_type(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk + if (ul_tmp == CKK_VENDOR_DEFINED) + return CKR_FUNCTION_FAILED; + if (ul_tmp != CKK_RSA) + return CKR_ATTRIBUTE_VALUE_INVALID; + if (get_public_key(pubkey_objects[piv_objects[obj].sub_id].data, b_tmp, &len) != CKR_OK) return CKR_FUNCTION_FAILED; data = b_tmp; @@ -538,13 +550,37 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) { case CKA_MODULUS_BITS: DBG(("MODULUS BITS")); len = sizeof(CK_ULONG); + + // Make sure that this is an RSA key + ul_tmp = get_key_type(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk + if (ul_tmp == CKK_VENDOR_DEFINED) + return CKR_FUNCTION_FAILED; + if (ul_tmp != CKK_RSA) + return CKR_ATTRIBUTE_VALUE_INVALID; + ul_tmp = get_modulus_bits(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk if (ul_tmp == 0) return CKR_FUNCTION_FAILED; data = (CK_BYTE_PTR) &ul_tmp; break; - /* case CKA_PUBLIC_EXPONENT: */ + case CKA_PUBLIC_EXPONENT: + DBG(("PUBLIC EXPONENT")); + len = sizeof(CK_ULONG); + + // Make sure that this is an RSA key + ul_tmp = get_key_type(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk + if (ul_tmp == CKK_VENDOR_DEFINED) + return CKR_FUNCTION_FAILED; + if (ul_tmp != CKK_RSA) + return CKR_ATTRIBUTE_VALUE_INVALID; + + ul_tmp = get_public_exponent(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk + if (ul_tmp == 0) + return CKR_FUNCTION_FAILED; + data = (CK_BYTE_PTR) &ul_tmp; + break; + /* case CKA_PRIVATE_EXPONENT: */ /* case CKA_PRIME_1: */ /* case CKA_PRIME_2: */ @@ -714,15 +750,56 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) { data = b_tmp; break; + case CKA_MODULUS: + DBG(("MODULUS")); + len = sizeof(b_tmp); + + // Make sure that this is an RSA key + ul_tmp = get_key_type(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk + if (ul_tmp == CKK_VENDOR_DEFINED) + return CKR_FUNCTION_FAILED; + if (ul_tmp != CKK_RSA) + return CKR_ATTRIBUTE_VALUE_INVALID; + + if (get_public_key(pubkey_objects[piv_objects[obj].sub_id].data, b_tmp, &len) != CKR_OK) + return CKR_FUNCTION_FAILED; + data = b_tmp; + break; + case CKA_MODULUS_BITS: DBG(("MODULUS BITS")); len = sizeof(CK_ULONG); + + // Make sure that this is an RSA key + ul_tmp = get_key_type(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk + if (ul_tmp == CKK_VENDOR_DEFINED) + return CKR_FUNCTION_FAILED; + if (ul_tmp != CKK_RSA) + return CKR_ATTRIBUTE_VALUE_INVALID; + ul_tmp = get_modulus_bits(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk if (ul_tmp == 0) return CKR_FUNCTION_FAILED; data = (CK_BYTE_PTR) &ul_tmp; break; + case CKA_PUBLIC_EXPONENT: + DBG(("PUBLIC EXPONENT")); + len = sizeof(CK_ULONG); + + // Make sure that this is an RSA key + ul_tmp = get_key_type(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk + if (ul_tmp == CKK_VENDOR_DEFINED) + return CKR_FUNCTION_FAILED; + if (ul_tmp != CKK_RSA) + return CKR_ATTRIBUTE_VALUE_INVALID; + + ul_tmp = get_public_exponent(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk + if (ul_tmp == 0) + return CKR_FUNCTION_FAILED; + data = (CK_BYTE_PTR) &ul_tmp; + break; + case CKA_LOCAL: DBG(("LOCAL TODO")); // Required return CKR_FUNCTION_FAILED; diff --git a/ykcs11/openssl_utils.c b/ykcs11/openssl_utils.c index 1ce68a0..7a11896 100644 --- a/ykcs11/openssl_utils.c +++ b/ykcs11/openssl_utils.c @@ -288,6 +288,23 @@ CK_ULONG do_get_rsa_modulus_length(EVP_PKEY *key) { } +CK_ULONG do_get_public_exponent(EVP_PKEY *key) { + + CK_ULONG e = 0; + RSA *rsa; + + rsa = EVP_PKEY_get1_RSA(key); + if (rsa == NULL) + return 0; + + BN_bn2bin(rsa->e, (unsigned char *)&e); + + RSA_free(rsa); + rsa = NULL; + + return e; +} + /* #include */ /* #include */ /* ERR_load_crypto_strings(); */ diff --git a/ykcs11/openssl_utils.h b/ykcs11/openssl_utils.h index 12f8dde..8ded6f2 100644 --- a/ykcs11/openssl_utils.h +++ b/ykcs11/openssl_utils.h @@ -18,6 +18,7 @@ CK_RV free_cert(X509 *cert); CK_RV do_store_pubk(X509 *cert, EVP_PKEY **key); CK_KEY_TYPE do_get_key_type(EVP_PKEY *key); CK_ULONG do_get_rsa_modulus_length(EVP_PKEY *key); +CK_ULONG do_get_public_exponent(EVP_PKEY *key); CK_RV do_get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len); CK_RV do_encode_rsa_public_key(CK_BYTE_PTR data, CK_ULONG len, RSA **key); CK_RV do_get_curve_parameters(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len);