From 5a60faf7791d4c4401a36fd90c952ab692d6e9b1 Mon Sep 17 00:00:00 2001 From: Mikhail Denisenko Date: Wed, 9 Dec 2015 13:13:24 -0500 Subject: [PATCH] Fixed extraction of RSA modulus and exponent --- ykcs11/objects.c | 22 +++++++++++++--------- ykcs11/openssl_utils.c | 33 ++++++++++++++++++++++++++++++--- ykcs11/openssl_utils.h | 3 ++- 3 files changed, 45 insertions(+), 13 deletions(-) diff --git a/ykcs11/objects.c b/ykcs11/objects.c index 9e62342..c94af52 100644 --- a/ykcs11/objects.c +++ b/ykcs11/objects.c @@ -340,8 +340,12 @@ static CK_ULONG get_modulus_bits(EVP_PKEY *key) { return do_get_rsa_modulus_length(key); } -static CK_ULONG get_public_exponent(EVP_PKEY *key) { - return do_get_public_exponent(key); +static CK_RV get_public_exponent(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) { + return do_get_public_exponent(key, data, len); +} + +static CK_RV get_modulus(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) { + return do_get_modulus(key, data, len); } static CK_RV get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) { @@ -727,10 +731,9 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) { if (ul_tmp != CKK_RSA) return CKR_ATTRIBUTE_VALUE_INVALID; - ul_tmp = get_public_exponent(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk - if (ul_tmp == 0) + if (get_public_exponent(pubkey_objects[piv_objects[obj].sub_id].data, b_tmp, &len) != CKR_OK) return CKR_FUNCTION_FAILED; - data = (CK_BYTE_PTR) &ul_tmp; + data = b_tmp; break; /* case CKA_PRIVATE_EXPONENT: */ @@ -928,7 +931,7 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) { if (ul_tmp != CKK_RSA) return CKR_ATTRIBUTE_VALUE_INVALID; - if (get_public_key(pubkey_objects[piv_objects[obj].sub_id].data, b_tmp, &len) != CKR_OK) + if (get_modulus(pubkey_objects[piv_objects[obj].sub_id].data, b_tmp, &len) != CKR_OK) return CKR_FUNCTION_FAILED; data = b_tmp; break; @@ -961,10 +964,9 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) { if (ul_tmp != CKK_RSA) return CKR_ATTRIBUTE_VALUE_INVALID; - ul_tmp = get_public_exponent(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk - if (ul_tmp == 0) + if (get_public_exponent(pubkey_objects[piv_objects[obj].sub_id].data, b_tmp, &len) != CKR_OK) return CKR_FUNCTION_FAILED; - data = (CK_BYTE_PTR) &ul_tmp; + data = b_tmp; break; case CKA_LOCAL: @@ -1301,6 +1303,8 @@ CK_RV check_create_cert(CK_ATTRIBUTE_PTR templ, CK_ULONG n, case CKA_TOKEN: case CKA_LABEL: case CKA_SUBJECT: + case CKA_ISSUER: + case CKA_CERTIFICATE_TYPE: // Ignore other attributes break; diff --git a/ykcs11/openssl_utils.c b/ykcs11/openssl_utils.c index 353c29f..43a4550 100644 --- a/ykcs11/openssl_utils.c +++ b/ykcs11/openssl_utils.c @@ -317,16 +317,43 @@ CK_ULONG do_get_rsa_modulus_length(EVP_PKEY *key) { } -CK_ULONG do_get_public_exponent(EVP_PKEY *key) { +CK_RV do_get_modulus(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) { + RSA *rsa; + + rsa = EVP_PKEY_get1_RSA(key); + if (rsa == NULL) + return CKR_FUNCTION_FAILED; + + if ((CK_ULONG)BN_num_bytes(rsa->n) > *len) { + RSA_free(rsa); + rsa = NULL; + return CKR_BUFFER_TOO_SMALL; + } + + *len = (CK_ULONG)BN_bn2bin(rsa->n, data); + + RSA_free(rsa); + rsa = NULL; + + return CKR_OK; +} + +CK_RV do_get_public_exponent(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) { CK_ULONG e = 0; RSA *rsa; rsa = EVP_PKEY_get1_RSA(key); if (rsa == NULL) - return 0; + return CKR_FUNCTION_FAILED; - BN_bn2bin(rsa->e, (unsigned char *)&e); + if ((CK_ULONG)BN_num_bytes(rsa->e) > *len) { + RSA_free(rsa); + rsa = NULL; + return CKR_BUFFER_TOO_SMALL; + } + + *len = (CK_ULONG)BN_bn2bin(rsa->e, data); RSA_free(rsa); rsa = NULL; diff --git a/ykcs11/openssl_utils.h b/ykcs11/openssl_utils.h index 35461a5..8281be3 100644 --- a/ykcs11/openssl_utils.h +++ b/ykcs11/openssl_utils.h @@ -20,8 +20,9 @@ CK_RV do_delete_cert(X509 **cert); CK_RV do_store_pubk(X509 *cert, EVP_PKEY **key); CK_KEY_TYPE do_get_key_type(EVP_PKEY *key); CK_ULONG do_get_rsa_modulus_length(EVP_PKEY *key); -CK_ULONG do_get_public_exponent(EVP_PKEY *key); +CK_RV do_get_public_exponent(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len); CK_RV do_get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len); +CK_RV do_get_modulus(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len); CK_RV do_encode_rsa_public_key(CK_BYTE_PTR data, CK_ULONG len, RSA **key); CK_RV do_get_curve_parameters(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len); CK_RV do_delete_pubk(EVP_PKEY **key);