Added more attribute extraction for objects.

This commit is contained in:
Alessio Di Mauro
2015-08-06 16:22:48 +02:00
parent e3acd1f027
commit fa2cdaa2ed
5 changed files with 150 additions and 227 deletions
+10 -2
View File
@@ -106,11 +106,19 @@ typedef struct {
} piv_cert_obj_t; } piv_cert_obj_t;
typedef struct { // TODO: enough to use the public key for the parameters? typedef struct { // TODO: enough to use the public key for the parameters?
CK_BBOOL todo; CK_BBOOL decrypt;
CK_BBOOL sign;
CK_BBOOL unwrap;
CK_BBOOL derive;
CK_BBOOL always_auth;
} piv_pvtk_obj_t; } piv_pvtk_obj_t;
typedef struct { typedef struct {
EVP_PKEY *data; // TODO: make custo type for this and X509 EVP_PKEY *data; // TODO: make custom type for this and X509
CK_BBOOL encrypt;
CK_BBOOL verify;
CK_BBOOL wrap;
CK_BBOOL derive;
} piv_pubk_obj_t; } piv_pubk_obj_t;
typedef struct { typedef struct {
+118 -221
View File
@@ -122,19 +122,19 @@ static piv_cert_obj_t cert_objects[] = {
}; };
static piv_pvtk_obj_t pvtkey_objects[] = { static piv_pvtk_obj_t pvtkey_objects[] = {
{0}, {1, 1, 0, 0, 0},
{0}, {1, 1, 0, 0, 0},
{0}, {1, 1, 0, 0, 0},
{0}, {1, 1, 0, 0, 1},
{0} {1, 1, 0, 0, 0}
}; };
static piv_pubk_obj_t pubkey_objects[] = { static piv_pubk_obj_t pubkey_objects[] = {
{0}, {NULL, 1, 1, 0, 0},
{0}, {NULL, 1, 1, 0, 0},
{0}, {NULL, 1, 1, 0, 0},
{0}, {NULL, 1, 1, 0, 0},
{0} {NULL, 1, 1, 0, 0}
}; };
@@ -242,7 +242,7 @@ static CK_KEY_TYPE get_key_type(EVP_PKEY *key) {
return do_get_key_type(key); return do_get_key_type(key);
} }
static CK_KEY_TYPE get_modulus_bits(EVP_PKEY *key) { static CK_ULONG get_modulus_bits(EVP_PKEY *key) {
return do_get_rsa_modulus_length(key); return do_get_rsa_modulus_length(key);
} }
@@ -250,6 +250,10 @@ static CK_RV get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) {
return do_get_public_key(key, data, len); return do_get_public_key(key, data, len);
} }
static CK_RV get_curve_parameters(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) {
return do_get_curve_parameters(key, data, len);
}
/* Get data object attribute */ /* Get data object attribute */
CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) { CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
CK_BYTE_PTR data; CK_BYTE_PTR data;
@@ -297,63 +301,12 @@ CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
case CKA_OBJECT_ID: // TODO: how about just storing the OID in DER ? case CKA_OBJECT_ID: // TODO: how about just storing the OID in DER ?
// This only makes sense for data objects
fprintf(stderr, "OID\n"); fprintf(stderr, "OID\n");
strcpy((char *)tmp, data_objects[piv_objects[obj].sub_id].oid); strcpy((char *)tmp, data_objects[piv_objects[obj].sub_id].oid);
asn1_encode_oid(tmp, tmp, &len); asn1_encode_oid(tmp, tmp, &len);
data = tmp; data = tmp;
break; break;
/* case CKA_CERTIFICATE_TYPE: */
/* fprintf(stderr, "CERTIFICATE TYPE\n"); */
/* len = 1; */
/* tmp[0] = CKC_X_509; // Support only X.509 certs */
/* data = tmp; */
/* break; */
// case CKA_ISSUER:
// case CKA_SERIAL_NUMBER:
/* case CKA_KEY_TYPE: */
/* fprintf(stderr, "Return the key type TODO!!!\n"); */
/* return CKR_OK; */
/* case CKA_SUBJECT: */
/* case CKA_ID: */
/* fprintf(stderr, "ID\n"); */
/* len = data_objects[objects[obj].sub_id].tag_len; */
/* data = data_objects[objects[obj].sub_id].tag_value; */
/* break; */
/* case CKA_SENSITIVE: */
/* case CKA_ENCRYPT: */
/* case CKA_DECRYPT: */
/* case CKA_WRAP: */
/* case CKA_UNWRAP: */
/* case CKA_SIGN: */
/* case CKA_SIGN_RECOVER: */
/* case CKA_VERIFY: */
/* case CKA_VERIFY_RECOVER: */
/* case CKA_DERIVE: */
/* case CKA_START_DATE: */
/* case CKA_END_DATE: */
/* case CKA_MODULUS: */
/* case CKA_MODULUS_BITS: */
/* case CKA_PUBLIC_EXPONENT: */
/* case CKA_PRIVATE_EXPONENT: */
/* case CKA_PRIME_1: */
/* case CKA_PRIME_2: */
/* case CKA_EXPONENT_1: */
/* case CKA_EXPONENT_2: */
/* case CKA_COEFFICIENT: */
/* case CKA_PRIME: */
/* case CKA_SUBPRIME: */
/* case CKA_BASE: */
/* case CKA_VALUE_BITS: */
/* case CKA_VALUE_LEN: */
/* case CKA_EXTRACTABLE: */
/* case CKA_LOCAL: */
/* case CKA_NEVER_EXTRACTABLE: */
/* case CKA_ALWAYS_SENSITIVE: */
case CKA_MODIFIABLE: case CKA_MODIFIABLE:
fprintf(stderr, "MODIFIABLE\n"); fprintf(stderr, "MODIFIABLE\n");
len = 1; len = 1;
@@ -361,7 +314,6 @@ CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
data = tmp; data = tmp;
break; break;
/* case CKA_VENDOR_DEFINED: */
default: default:
fprintf(stderr, "UNKNOWN ATTRIBUTE!!!!! %lx\n", template[0].type); fprintf(stderr, "UNKNOWN ATTRIBUTE!!!!! %lx\n", template[0].type);
template->ulValueLen = CK_UNAVAILABLE_INFORMATION; template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
@@ -421,24 +373,10 @@ CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
data = piv_objects[obj].label; data = piv_objects[obj].label;
break; break;
/* case CKA_APPLICATION: */
/* fprintf(stderr, "APPLICATION\n"); */
/* len = strlen(objects[obj].label) + 1; */
/* data = objects[obj].label; */
/* break; */
case CKA_VALUE: case CKA_VALUE:
fprintf(stderr, "VALUE TODO\n"); fprintf(stderr, "VALUE TODO\n");
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
/* case CKA_OBJECT_ID: // TODO: how about just storing the OID in DER ? */
/* // This only makes sense for data objects */
/* fprintf(stderr, "OID\n"); */
/* strcpy((char *)tmp, certificate_objects[objects[obj].sub_id].oid); */
/* asn1_encode_oid(tmp, tmp, &len); */
/* data = tmp; */
/* break; */
case CKA_CERTIFICATE_TYPE: case CKA_CERTIFICATE_TYPE:
fprintf(stderr, "CERTIFICATE TYPE\n"); fprintf(stderr, "CERTIFICATE TYPE\n");
len = 1; len = 1;
@@ -454,10 +392,6 @@ CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
fprintf(stderr, "SERIAL NUMBER TODO\n"); // Default empty fprintf(stderr, "SERIAL NUMBER TODO\n"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
/* case CKA_KEY_TYPE: */
/* fprintf(stderr, "Return the key type TODO!!!\n"); */
/* return CKR_OK; */
case CKA_SUBJECT: case CKA_SUBJECT:
fprintf(stderr, "SUBJECT TODO\n"); // Required fprintf(stderr, "SUBJECT TODO\n"); // Required
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
@@ -469,16 +403,6 @@ CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
data = tmp; data = tmp;
break; break;
/* case CKA_SENSITIVE: */
/* case CKA_ENCRYPT: */
/* case CKA_DECRYPT: */
/* case CKA_WRAP: */
/* case CKA_UNWRAP: */
/* case CKA_SIGN: */
/* case CKA_SIGN_RECOVER: */
/* case CKA_VERIFY: */
/* case CKA_VERIFY_RECOVER: */
/* case CKA_DERIVE: */
case CKA_START_DATE: case CKA_START_DATE:
fprintf(stderr, "START DATE TODO\n"); // Default empty fprintf(stderr, "START DATE TODO\n"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
@@ -487,24 +411,6 @@ CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
fprintf(stderr, "END DATE TODO\n"); // Default empty fprintf(stderr, "END DATE TODO\n"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
/* case CKA_MODULUS: */
/* case CKA_MODULUS_BITS: */
/* case CKA_PUBLIC_EXPONENT: */
/* case CKA_PRIVATE_EXPONENT: */
/* case CKA_PRIME_1: */
/* case CKA_PRIME_2: */
/* case CKA_EXPONENT_1: */
/* case CKA_EXPONENT_2: */
/* case CKA_COEFFICIENT: */
/* case CKA_PRIME: */
/* case CKA_SUBPRIME: */
/* case CKA_BASE: */
/* case CKA_VALUE_BITS: */
/* case CKA_VALUE_LEN: */
/* case CKA_EXTRACTABLE: */
/* case CKA_LOCAL: */
/* case CKA_NEVER_EXTRACTABLE: */
/* case CKA_ALWAYS_SENSITIVE: */
case CKA_MODIFIABLE: case CKA_MODIFIABLE:
fprintf(stderr, "MODIFIABLE\n"); fprintf(stderr, "MODIFIABLE\n");
len = 1; len = 1;
@@ -512,7 +418,6 @@ CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
data = tmp; data = tmp;
break; break;
/* case CKA_VENDOR_DEFINED: */
default: // TODO: there are other attributes for a (x509) certificate default: // TODO: there are other attributes for a (x509) certificate
fprintf(stderr, "UNKNOWN ATTRIBUTE!!!!! %lx\n", template[0].type); fprintf(stderr, "UNKNOWN ATTRIBUTE!!!!! %lx\n", template[0].type);
template->ulValueLen = CK_UNAVAILABLE_INFORMATION; template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
@@ -573,30 +478,6 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
data = piv_objects[obj].label; data = piv_objects[obj].label;
break; break;
/* case CKA_APPLICATION: */
/* fprintf(stderr, "APPLICATION\n"); */
/* len = strlen(objects[obj].label) + 1; */
/* data = objects[obj].label; */
/* break; */
// case CKA_VALUE: // TODO: this can be done with -r and -d|-a
/* case CKA_OBJECT_ID: // TODO: how about just storing the OID in DER ? */
/* // This only makes sense for data objects */
/* fprintf(stderr, "OID\n"); */
/* strcpy((char *)tmp, pvtkey_objects[objects[obj].sub_id].oid); */
/* asn1_encode_oid(tmp, tmp, &len); */
/* data = tmp; */
/* break; */
/* case CKA_CERTIFICATE_TYPE: */
/* fprintf(stderr, "CERTIFICATE TYPE\n"); */
/* len = 1; */
/* tmp[0] = CKC_X_509; // Support only X.509 certs */
/* data = tmp; */
/* break; */
// case CKA_ISSUER:
// case CKA_SERIAL_NUMBER:
case CKA_KEY_TYPE: case CKA_KEY_TYPE:
fprintf(stderr, "KEY TYPE\n"); fprintf(stderr, "KEY TYPE\n");
len = sizeof(CK_ULONG); len = sizeof(CK_ULONG);
@@ -621,29 +502,37 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
fprintf(stderr, "SENSITIVE TODO\n"); // Default empty fprintf(stderr, "SENSITIVE TODO\n"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
/* case CKA_ENCRYPT: */
case CKA_DECRYPT: case CKA_DECRYPT:
fprintf(stderr, "DECRYPT TODO\n"); // Default empty fprintf(stderr, "DECRYPT\n"); // Default empty
return CKR_FUNCTION_FAILED; len = sizeof(CK_BBOOL);
b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].decrypt;
data = b_tmp;
break;
/* case CKA_WRAP: */
case CKA_UNWRAP: case CKA_UNWRAP:
fprintf(stderr, "UNWRAP TODO\n"); // Default empty fprintf(stderr, "UNWRAP\n"); // Default empty
return CKR_FUNCTION_FAILED; len = sizeof(CK_BBOOL);
b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].unwrap;
data = b_tmp;
break;
case CKA_SIGN: case CKA_SIGN:
fprintf(stderr, "SIGN TODO\n"); // Default empty fprintf(stderr, "SIGN\n"); // Default empty
return CKR_FUNCTION_FAILED; len = sizeof(CK_BBOOL);
b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].sign;
data = b_tmp;
break;
case CKA_SIGN_RECOVER: case CKA_SIGN_RECOVER:
fprintf(stderr, "SIGN RECOVER TODO\n"); // Default empty fprintf(stderr, "SIGN RECOVER TODO\n"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
/* case CKA_VERIFY: */
/* case CKA_VERIFY_RECOVER: */
case CKA_DERIVE: case CKA_DERIVE:
fprintf(stderr, "DERIVE TODO\n"); // Default false fprintf(stderr, "DERIVE\n"); // Default false
return CKR_FUNCTION_FAILED; len = sizeof(CK_BBOOL);
b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].derive;
data = b_tmp;
break;
case CKA_START_DATE: case CKA_START_DATE:
fprintf(stderr, "START DATE TODO\n"); // Default empty fprintf(stderr, "START DATE TODO\n"); // Default empty
@@ -698,7 +587,15 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
/* case CKA_NEVER_EXTRACTABLE: */ /* case CKA_NEVER_EXTRACTABLE: */
/* case CKA_ALWAYS_SENSITIVE: */ /*case CKA_ALWAYS_SENSITIVE:*/
case CKA_ALWAYS_AUTHENTICATE:
fprintf(stderr, "ALWAYS AUTHENTICATE\n");
len = sizeof(CK_BBOOL);
b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].always_auth;
data = b_tmp;
break;
case CKA_MODIFIABLE: case CKA_MODIFIABLE:
fprintf(stderr, "MODIFIABLE\n"); fprintf(stderr, "MODIFIABLE\n");
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
@@ -733,31 +630,32 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
/* Get public key object attribute */ /* Get public key object attribute */
CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) { CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
CK_BYTE_PTR data; CK_BYTE_PTR data;
CK_BYTE tmp[64]; CK_BYTE b_tmp[1024];
CK_ULONG ul_tmp; // TODO: fix elsewhere too
CK_ULONG len = 0; CK_ULONG len = 0;
fprintf(stderr, "FOR PUBLIC KEY OBJECT %lu, I WANT ", obj); fprintf(stderr, "FOR PUBLIC KEY OBJECT %lu, I WANT ", obj);
switch (template->type) { switch (template->type) {
case CKA_CLASS: case CKA_CLASS:
fprintf(stderr, "CLASS\n"); fprintf(stderr, "CLASS\n");
len = 1; len = sizeof(CK_ULONG);
tmp[0] = CKO_PUBLIC_KEY; ul_tmp = CKO_PUBLIC_KEY;
data = tmp; data = (CK_BYTE_PTR) &ul_tmp;
break; break;
case CKA_TOKEN: case CKA_TOKEN:
// Technically all these objects are token objects // Technically all these objects are token objects
fprintf(stderr, "TOKEN\n"); fprintf(stderr, "TOKEN\n");
len = 1; len = sizeof(CK_BBOOL);
tmp[0] = piv_objects[obj].token; b_tmp[0] = piv_objects[obj].token;
data = tmp; data = b_tmp;
break; break;
case CKA_PRIVATE: case CKA_PRIVATE:
fprintf(stderr, "PRIVATE\n"); fprintf(stderr, "PRIVATE\n");
len = 1; len = sizeof(CK_BBOOL);
tmp[0] = piv_objects[obj].private; b_tmp[0] = piv_objects[obj].private;
data = tmp; data = b_tmp;
break; break;
case CKA_LABEL: case CKA_LABEL:
@@ -766,33 +664,16 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
data = piv_objects[obj].label; data = piv_objects[obj].label;
break; break;
/* case CKA_APPLICATION: */
/* fprintf(stderr, "APPLICATION\n"); */
/* len = strlen(objects[obj].label) + 1; */
/* data = objects[obj].label; */
/* break; */
// case CKA_VALUE: // TODO: this can be done with -r and -d|-a // case CKA_VALUE: // TODO: this can be done with -r and -d|-a
/* case CKA_OBJECT_ID: // TODO: how about just storing the OID in DER ? */
/* // This only makes sense for data objects */
/* fprintf(stderr, "OID\n"); */
/* strcpy((char *)tmp, pubkey_objects[objects[obj].sub_id].oid); */
/* asn1_encode_oid(tmp, tmp, &len); */
/* data = tmp; */
/* break; */
/* case CKA_CERTIFICATE_TYPE: */
/* fprintf(stderr, "CERTIFICATE TYPE\n"); */
/* len = 1; */
/* tmp[0] = CKC_X_509; // Support only X.509 certs */
/* data = tmp; */
/* break; */
// case CKA_ISSUER:
// case CKA_SERIAL_NUMBER:
case CKA_KEY_TYPE: case CKA_KEY_TYPE:
fprintf(stderr, "KEY TYPE TODO\n"); fprintf(stderr, "KEY TYPE\n");
return CKR_FUNCTION_FAILED; len = sizeof(CK_ULONG);
ul_tmp = get_key_type(pubkey_objects[piv_objects[obj].sub_id].data);
if (ul_tmp == CKK_VENDOR_DEFINED) // This value is used as an error here
return CKR_FUNCTION_FAILED;
data = (CK_BYTE_PTR) &ul_tmp;
break;
case CKA_SUBJECT: case CKA_SUBJECT:
fprintf(stderr, "SUBJECT TODO\n"); // Default empty fprintf(stderr, "SUBJECT TODO\n"); // Default empty
@@ -800,32 +681,38 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
case CKA_ID: case CKA_ID:
fprintf(stderr, "ID\n"); fprintf(stderr, "ID\n");
len = 1; len = sizeof(CK_BYTE);
tmp[0] = piv_objects[obj].sub_id; b_tmp[0] = piv_objects[obj].sub_id;
data = tmp; data = b_tmp;
break; break;
/* case CKA_SENSITIVE: */
case CKA_ENCRYPT: case CKA_ENCRYPT:
fprintf(stderr, "ENCRYPT TODO\n"); // Required fprintf(stderr, "ENCRYPT\n");
return CKR_FUNCTION_FAILED; len = sizeof(CK_BBOOL);
b_tmp[0] = pubkey_objects[piv_objects[obj].sub_id].encrypt;
data = b_tmp;
break;
case CKA_DECRYPT: case CKA_VERIFY: // TODO: what about verify recover ?
fprintf(stderr, "DECRYPT TODO\n"); // Required fprintf(stderr, "VERIFY\n");
return CKR_FUNCTION_FAILED; len = sizeof(CK_BBOOL);
b_tmp[0] = pubkey_objects[piv_objects[obj].sub_id].verify;
data = b_tmp;
break;
case CKA_WRAP: case CKA_WRAP:
fprintf(stderr, "WRAP TODO\n"); // Required fprintf(stderr, "WRAP\n");
return CKR_FUNCTION_FAILED; len = sizeof(CK_BBOOL);
b_tmp[0] = pubkey_objects[piv_objects[obj].sub_id].wrap;
data = b_tmp;
break;
/* case CKA_UNWRAP: */
/* case CKA_SIGN: */
/* case CKA_SIGN_RECOVER: */
/* case CKA_VERIFY: */
/* case CKA_VERIFY_RECOVER: */
case CKA_DERIVE: case CKA_DERIVE:
fprintf(stderr, "DERIVE TODO\n"); // Defaul false fprintf(stderr, "DERIVE\n");
return CKR_FUNCTION_FAILED; len = sizeof(CK_BBOOL);
b_tmp[0] = pubkey_objects[piv_objects[obj].sub_id].derive;
data = b_tmp;
break;
case CKA_START_DATE: case CKA_START_DATE:
fprintf(stderr, "START DATE TODO\n"); // Default empty fprintf(stderr, "START DATE TODO\n"); // Default empty
@@ -834,37 +721,47 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
case CKA_END_DATE: case CKA_END_DATE:
fprintf(stderr, "END DATE TODO\n"); // Default empty fprintf(stderr, "END DATE TODO\n"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
/* case CKA_MODULUS: */
/* case CKA_MODULUS_BITS: */ case CKA_EC_POINT:
/* case CKA_PUBLIC_EXPONENT: */ // We're trying to get the key length, get the ec point of the PUBLIC key
/* case CKA_PRIVATE_EXPONENT: */ fprintf(stderr, "EC_POINT\n");
/* case CKA_PRIME_1: */ len = sizeof(b_tmp);
/* case CKA_PRIME_2: */ if (get_public_key(pubkey_objects[piv_objects[obj].sub_id].data, b_tmp, &len) != CKR_OK)
/* case CKA_EXPONENT_1: */ return CKR_FUNCTION_FAILED;
/* case CKA_EXPONENT_2: */ data = b_tmp;
/* case CKA_COEFFICIENT: */ break;
/* case CKA_PRIME: */
/* case CKA_SUBPRIME: */ case CKA_EC_PARAMS:
/* case CKA_BASE: */ // Here we want the curve parameters (DER encoded OID)
/* case CKA_VALUE_BITS: */ fprintf(stderr, "EC_PARAMS\n");
/* case CKA_VALUE_LEN: */ len = sizeof(b_tmp);
/* case CKA_EXTRACTABLE: */ if (get_curve_parameters(pubkey_objects[piv_objects[obj].sub_id].data, b_tmp, &len) != CKR_OK)
return CKR_FUNCTION_FAILED;
data = b_tmp;
break;
case CKA_MODULUS_BITS:
fprintf(stderr, "MODULUS BITS\n");
len = sizeof(CK_ULONG);
ul_tmp = get_modulus_bits(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk
if (ul_tmp == 0)
return CKR_FUNCTION_FAILED;
data = (CK_BYTE_PTR) &ul_tmp;
break;
case CKA_LOCAL: case CKA_LOCAL:
fprintf(stderr, "LOCAL TODO\n"); // Required fprintf(stderr, "LOCAL TODO\n"); // Required
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
/* case CKA_NEVER_EXTRACTABLE: */
/* case CKA_ALWAYS_SENSITIVE: */
case CKA_MODIFIABLE: case CKA_MODIFIABLE:
fprintf(stderr, "MODIFIABLE\n"); fprintf(stderr, "MODIFIABLE\n");
len = 1; len = sizeof(CK_BBOOL);
tmp[0] = piv_objects[obj].modifiable; b_tmp[0] = piv_objects[obj].modifiable;
data = tmp; data = b_tmp;
break; break;
/* case CKA_VENDOR_DEFINED: */
default: default:
fprintf(stderr, "UNKNOWN ATTRIBUTE!!!!! %lx\n", template[0].type); // TODO: there are other parameters for public keys fprintf(stderr, "UNKNOWN ATTRIBUTE!!!!! 0x%lx\n", template[0].type); // TODO: there are other parameters for public keys
template->ulValueLen = CK_UNAVAILABLE_INFORMATION; template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
return CKR_ATTRIBUTE_TYPE_INVALID; return CKR_ATTRIBUTE_TYPE_INVALID;
} }
+17
View File
@@ -151,6 +151,23 @@ CK_RV do_encode_rsa_public_key(CK_BYTE_PTR data, CK_ULONG len, RSA **key) {
} }
CK_RV do_get_curve_parameters( EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) {
EC_KEY *eck;
const EC_GROUP *ecg;
unsigned char *p;
eck = EVP_PKEY_get1_EC_KEY(key);
ecg = EC_KEY_get0_group(eck);
p = data;
if ((*len = i2d_ECPKParameters(ecg, &p)) == 0)
return CKR_FUNCTION_FAILED;
return CKR_OK;
}
CK_RV free_key(EVP_PKEY *key) { CK_RV free_key(EVP_PKEY *key) {
EVP_PKEY_free(key); EVP_PKEY_free(key);
+1
View File
@@ -17,6 +17,7 @@ CK_KEY_TYPE do_get_key_type(EVP_PKEY *key);
CK_ULONG do_get_rsa_modulus_length(EVP_PKEY *key); CK_ULONG do_get_rsa_modulus_length(EVP_PKEY *key);
CK_RV do_get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len); CK_RV do_get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len);
CK_RV do_encode_rsa_public_key(CK_BYTE_PTR data, CK_ULONG len, RSA **key); CK_RV do_encode_rsa_public_key(CK_BYTE_PTR data, CK_ULONG len, RSA **key);
CK_RV do_get_curve_parameters( EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len);
CK_RV free_key(EVP_PKEY *key); CK_RV free_key(EVP_PKEY *key);
CK_RV do_pkcs_1_t1(CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG_PTR out_len, CK_ULONG key_len); CK_RV do_pkcs_1_t1(CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG_PTR out_len, CK_ULONG key_len);
+2 -2
View File
@@ -15,7 +15,7 @@
printf ("\n"); \ printf ("\n"); \
} while (0) } while (0)
#define YKCS11_DBG 1 // General debug, must be either 1 or 0 #define YKCS11_DBG 0 // General debug, must be either 1 or 0
#define YKCS11_DINOUT 0 // Function in/out debug, must be either 1 or 0 #define YKCS11_DINOUT 0 // Function in/out debug, must be either 1 or 0
#define YKCS11_MANUFACTURER "Yubico (www.yubico.com)" #define YKCS11_MANUFACTURER "Yubico (www.yubico.com)"
@@ -838,7 +838,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetAttributeValue)(
// TODO: this function has some complex cases for return vlaue. Make sure to check them. // TODO: this function has some complex cases for return vlaue. Make sure to check them.
if (rv != CKR_OK) { if (rv != CKR_OK) {
DBG(("Unable to get attribute %lu of object %lu", (pTemplate + i)->type, hObject)); DBG(("Unable to get attribute 0x%lx of object %lu", (pTemplate + i)->type, hObject));
rv_final = rv; rv_final = rv;
} }
} }