YKCS11: Added raw certificate extraction.

This commit is contained in:
Alessio Di Mauro
2015-10-23 19:43:36 +02:00
parent aff57db279
commit 4f12dc41e9
3 changed files with 53 additions and 23 deletions
+31 -22
View File
@@ -233,6 +233,10 @@ static CK_RV get_curve_parameters(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR
return do_get_curve_parameters(key, data, len); return do_get_curve_parameters(key, data, len);
} }
static CK_RV get_raw_cert(X509 *cert, CK_BYTE_PTR data, CK_ULONG_PTR len) {
return do_get_raw_cert(cert, data, len);
}
/* Get data object attribute */ /* Get data object attribute */
CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) { CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
CK_BYTE_PTR data; CK_BYTE_PTR data;
@@ -319,31 +323,32 @@ CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
/* Get certificate object attribute */ /* Get certificate object attribute */
CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) { CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
CK_BYTE_PTR data; CK_BYTE_PTR data;
CK_BYTE tmp[64]; CK_BYTE b_tmp[1024];
CK_ULONG ul_tmp;
CK_ULONG len = 0; CK_ULONG len = 0;
DBG(("For certificate object %lu, get ", obj)); DBG(("For certificate object %lu, get ", obj));
switch (template->type) { // TODO: is this needed here? or is it enough ot have one a "level" above? switch (template->type) {
case CKA_CLASS: case CKA_CLASS:
DBG(("CLASS")); DBG(("CLASS"));
len = 1; len = sizeof(CK_ULONG);
tmp[0] = CKO_CERTIFICATE; ul_tmp = CKO_CERTIFICATE;
data = tmp; data = (CK_BYTE_PTR) &ul_tmp;
break; break;
case CKA_TOKEN: case CKA_TOKEN:
// Technically all these objects are token objects // Technically all these objects are token objects
DBG(("TOKEN")); DBG(("TOKEN"));
len = 1; len = sizeof(CK_BBOOL);
tmp[0] = piv_objects[obj].token; b_tmp[0] = piv_objects[obj].token;
data = tmp; data = b_tmp;
break; break;
case CKA_PRIVATE: case CKA_PRIVATE:
DBG(("PRIVATE")); DBG(("PRIVATE"));
len = 1; len = sizeof(CK_BBOOL);
tmp[0] = piv_objects[obj].private; b_tmp[0] = piv_objects[obj].private;
data = tmp; data = b_tmp;
break; break;
case CKA_LABEL: case CKA_LABEL:
@@ -353,14 +358,18 @@ CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
break; break;
case CKA_VALUE: case CKA_VALUE:
DBG(("VALUE TODO")); DBG(("VALUE"));
len = sizeof(b_tmp);
if (get_raw_cert(cert_objects[piv_objects[obj].sub_id].data, b_tmp, &len) != CKR_OK)
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
data = b_tmp;
break;
case CKA_CERTIFICATE_TYPE: case CKA_CERTIFICATE_TYPE:
DBG(("CERTIFICATE TYPE")); DBG(("CERTIFICATE TYPE"));
len = 1; len = sizeof(CK_ULONG);
tmp[0] = CKC_X_509; // Support only X.509 certs ul_tmp = CKC_X_509; // Support only X.509 certs
data = tmp; data = (CK_BYTE_PTR) ul_tmp;
break; break;
case CKA_ISSUER: case CKA_ISSUER:
@@ -377,9 +386,9 @@ CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
case CKA_ID: case CKA_ID:
DBG(("ID")); DBG(("ID"));
len = 1; len = sizeof(CK_BYTE);
tmp[0] = piv_objects[obj].sub_id; b_tmp[0] = piv_objects[obj].sub_id;
data = tmp; data = b_tmp;
break; break;
case CKA_START_DATE: case CKA_START_DATE:
@@ -392,9 +401,9 @@ CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
case CKA_MODIFIABLE: case CKA_MODIFIABLE:
DBG(("MODIFIABLE")); DBG(("MODIFIABLE"));
len = 1; len = sizeof(CK_BBOOL);
tmp[0] = piv_objects[obj].modifiable; b_tmp[0] = piv_objects[obj].modifiable;
data = tmp; data = b_tmp;
break; break;
default: // TODO: there are other attributes for a (x509) certificate default: // TODO: there are other attributes for a (x509) certificate
@@ -666,7 +675,7 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) { CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
CK_BYTE_PTR data; CK_BYTE_PTR data;
CK_BYTE b_tmp[1024]; CK_BYTE b_tmp[1024];
CK_ULONG ul_tmp; // TODO: fix elsewhere too CK_ULONG ul_tmp;
CK_ULONG len = 0; CK_ULONG len = 0;
DBG(("For public key object %lu, get ", obj)); DBG(("For public key object %lu, get ", obj));
+20
View File
@@ -236,6 +236,26 @@ CK_RV do_check_cert(CK_BYTE_PTR in, CK_ULONG_PTR cert_len) {
return CKR_OK; return CKR_OK;
} }
CK_RV do_get_raw_cert(X509 *cert, CK_BYTE_PTR out, CK_ULONG_PTR out_len) {
CK_BYTE_PTR p;
int len;
len = i2d_X509(cert, NULL);
if (len < 0)
return CKR_FUNCTION_FAILED;
if ((CK_ULONG)len > *out_len)
return CKR_BUFFER_TOO_SMALL;
p = out;
if ((*out_len = i2d_X509(cert, &p)) == 0)
return CKR_FUNCTION_FAILED;
return CKR_OK;
}
CK_RV free_cert(X509 *cert) { CK_RV free_cert(X509 *cert) {
X509_free((X509 *) cert); X509_free((X509 *) cert);
+1
View File
@@ -13,6 +13,7 @@ CK_RV do_store_cert(CK_BYTE_PTR data, CK_ULONG len, X509 **cert);
CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa, CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa,
CK_BYTE_PTR out, CK_ULONG_PTR out_len); CK_BYTE_PTR out, CK_ULONG_PTR out_len);
CK_RV do_check_cert(CK_BYTE_PTR in, CK_ULONG_PTR cert_len); CK_RV do_check_cert(CK_BYTE_PTR in, CK_ULONG_PTR cert_len);
CK_RV do_get_raw_cert(X509 *cert, CK_BYTE_PTR out, CK_ULONG_PTR out_len);
CK_RV free_cert(X509 *cert); CK_RV free_cert(X509 *cert);
CK_RV do_store_pubk(X509 *cert, EVP_PKEY **key); CK_RV do_store_pubk(X509 *cert, EVP_PKEY **key);