YKCS11: Added raw certificate extraction.
This commit is contained in:
+31
-22
@@ -233,6 +233,10 @@ static CK_RV get_curve_parameters(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR
|
|||||||
return do_get_curve_parameters(key, data, len);
|
return do_get_curve_parameters(key, data, len);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static CK_RV get_raw_cert(X509 *cert, CK_BYTE_PTR data, CK_ULONG_PTR len) {
|
||||||
|
return do_get_raw_cert(cert, data, len);
|
||||||
|
}
|
||||||
|
|
||||||
/* Get data object attribute */
|
/* Get data object attribute */
|
||||||
CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||||
CK_BYTE_PTR data;
|
CK_BYTE_PTR data;
|
||||||
@@ -319,31 +323,32 @@ CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
|||||||
/* Get certificate object attribute */
|
/* Get certificate object attribute */
|
||||||
CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||||
CK_BYTE_PTR data;
|
CK_BYTE_PTR data;
|
||||||
CK_BYTE tmp[64];
|
CK_BYTE b_tmp[1024];
|
||||||
|
CK_ULONG ul_tmp;
|
||||||
CK_ULONG len = 0;
|
CK_ULONG len = 0;
|
||||||
DBG(("For certificate object %lu, get ", obj));
|
DBG(("For certificate object %lu, get ", obj));
|
||||||
|
|
||||||
switch (template->type) { // TODO: is this needed here? or is it enough ot have one a "level" above?
|
switch (template->type) {
|
||||||
case CKA_CLASS:
|
case CKA_CLASS:
|
||||||
DBG(("CLASS"));
|
DBG(("CLASS"));
|
||||||
len = 1;
|
len = sizeof(CK_ULONG);
|
||||||
tmp[0] = CKO_CERTIFICATE;
|
ul_tmp = CKO_CERTIFICATE;
|
||||||
data = tmp;
|
data = (CK_BYTE_PTR) &ul_tmp;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case CKA_TOKEN:
|
case CKA_TOKEN:
|
||||||
// Technically all these objects are token objects
|
// Technically all these objects are token objects
|
||||||
DBG(("TOKEN"));
|
DBG(("TOKEN"));
|
||||||
len = 1;
|
len = sizeof(CK_BBOOL);
|
||||||
tmp[0] = piv_objects[obj].token;
|
b_tmp[0] = piv_objects[obj].token;
|
||||||
data = tmp;
|
data = b_tmp;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case CKA_PRIVATE:
|
case CKA_PRIVATE:
|
||||||
DBG(("PRIVATE"));
|
DBG(("PRIVATE"));
|
||||||
len = 1;
|
len = sizeof(CK_BBOOL);
|
||||||
tmp[0] = piv_objects[obj].private;
|
b_tmp[0] = piv_objects[obj].private;
|
||||||
data = tmp;
|
data = b_tmp;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case CKA_LABEL:
|
case CKA_LABEL:
|
||||||
@@ -353,14 +358,18 @@ CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case CKA_VALUE:
|
case CKA_VALUE:
|
||||||
DBG(("VALUE TODO"));
|
DBG(("VALUE"));
|
||||||
|
len = sizeof(b_tmp);
|
||||||
|
if (get_raw_cert(cert_objects[piv_objects[obj].sub_id].data, b_tmp, &len) != CKR_OK)
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_FUNCTION_FAILED;
|
||||||
|
data = b_tmp;
|
||||||
|
break;
|
||||||
|
|
||||||
case CKA_CERTIFICATE_TYPE:
|
case CKA_CERTIFICATE_TYPE:
|
||||||
DBG(("CERTIFICATE TYPE"));
|
DBG(("CERTIFICATE TYPE"));
|
||||||
len = 1;
|
len = sizeof(CK_ULONG);
|
||||||
tmp[0] = CKC_X_509; // Support only X.509 certs
|
ul_tmp = CKC_X_509; // Support only X.509 certs
|
||||||
data = tmp;
|
data = (CK_BYTE_PTR) ul_tmp;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case CKA_ISSUER:
|
case CKA_ISSUER:
|
||||||
@@ -377,9 +386,9 @@ CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
|||||||
|
|
||||||
case CKA_ID:
|
case CKA_ID:
|
||||||
DBG(("ID"));
|
DBG(("ID"));
|
||||||
len = 1;
|
len = sizeof(CK_BYTE);
|
||||||
tmp[0] = piv_objects[obj].sub_id;
|
b_tmp[0] = piv_objects[obj].sub_id;
|
||||||
data = tmp;
|
data = b_tmp;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case CKA_START_DATE:
|
case CKA_START_DATE:
|
||||||
@@ -392,9 +401,9 @@ CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
|||||||
|
|
||||||
case CKA_MODIFIABLE:
|
case CKA_MODIFIABLE:
|
||||||
DBG(("MODIFIABLE"));
|
DBG(("MODIFIABLE"));
|
||||||
len = 1;
|
len = sizeof(CK_BBOOL);
|
||||||
tmp[0] = piv_objects[obj].modifiable;
|
b_tmp[0] = piv_objects[obj].modifiable;
|
||||||
data = tmp;
|
data = b_tmp;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default: // TODO: there are other attributes for a (x509) certificate
|
default: // TODO: there are other attributes for a (x509) certificate
|
||||||
@@ -666,7 +675,7 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
|||||||
CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||||
CK_BYTE_PTR data;
|
CK_BYTE_PTR data;
|
||||||
CK_BYTE b_tmp[1024];
|
CK_BYTE b_tmp[1024];
|
||||||
CK_ULONG ul_tmp; // TODO: fix elsewhere too
|
CK_ULONG ul_tmp;
|
||||||
CK_ULONG len = 0;
|
CK_ULONG len = 0;
|
||||||
DBG(("For public key object %lu, get ", obj));
|
DBG(("For public key object %lu, get ", obj));
|
||||||
|
|
||||||
|
|||||||
@@ -236,6 +236,26 @@ CK_RV do_check_cert(CK_BYTE_PTR in, CK_ULONG_PTR cert_len) {
|
|||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CK_RV do_get_raw_cert(X509 *cert, CK_BYTE_PTR out, CK_ULONG_PTR out_len) {
|
||||||
|
|
||||||
|
CK_BYTE_PTR p;
|
||||||
|
int len;
|
||||||
|
|
||||||
|
len = i2d_X509(cert, NULL);
|
||||||
|
|
||||||
|
if (len < 0)
|
||||||
|
return CKR_FUNCTION_FAILED;
|
||||||
|
|
||||||
|
if ((CK_ULONG)len > *out_len)
|
||||||
|
return CKR_BUFFER_TOO_SMALL;
|
||||||
|
|
||||||
|
p = out;
|
||||||
|
if ((*out_len = i2d_X509(cert, &p)) == 0)
|
||||||
|
return CKR_FUNCTION_FAILED;
|
||||||
|
|
||||||
|
return CKR_OK;
|
||||||
|
}
|
||||||
|
|
||||||
CK_RV free_cert(X509 *cert) {
|
CK_RV free_cert(X509 *cert) {
|
||||||
|
|
||||||
X509_free((X509 *) cert);
|
X509_free((X509 *) cert);
|
||||||
|
|||||||
@@ -13,6 +13,7 @@ CK_RV do_store_cert(CK_BYTE_PTR data, CK_ULONG len, X509 **cert);
|
|||||||
CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa,
|
CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa,
|
||||||
CK_BYTE_PTR out, CK_ULONG_PTR out_len);
|
CK_BYTE_PTR out, CK_ULONG_PTR out_len);
|
||||||
CK_RV do_check_cert(CK_BYTE_PTR in, CK_ULONG_PTR cert_len);
|
CK_RV do_check_cert(CK_BYTE_PTR in, CK_ULONG_PTR cert_len);
|
||||||
|
CK_RV do_get_raw_cert(X509 *cert, CK_BYTE_PTR out, CK_ULONG_PTR out_len);
|
||||||
CK_RV free_cert(X509 *cert);
|
CK_RV free_cert(X509 *cert);
|
||||||
|
|
||||||
CK_RV do_store_pubk(X509 *cert, EVP_PKEY **key);
|
CK_RV do_store_pubk(X509 *cert, EVP_PKEY **key);
|
||||||
|
|||||||
Reference in New Issue
Block a user