|
Lines 277-283
Link Here
|
| 277 |
key_filter[1].ulValueLen = k11->keyid_len; |
277 |
key_filter[1].ulValueLen = k11->keyid_len; |
| 278 |
/* try to find object w/CKA_SIGN first, retry w/o */ |
278 |
/* try to find object w/CKA_SIGN first, retry w/o */ |
| 279 |
if (pkcs11_find(k11->provider, k11->slotidx, key_filter, 3, &obj) < 0 && |
279 |
if (pkcs11_find(k11->provider, k11->slotidx, key_filter, 3, &obj) < 0 && |
| 280 |
pkcs11_find(k11->provider, k11->slotidx, key_filter, 2, &obj) < 0) { |
280 |
pkcs11_find(k11->provider, k11->slotidx, key_filter, 2, &obj) < 0 && |
|
|
281 |
pkcs11_find(k11->provider, k11->slotidx, key_filter, 1, &obj) < 0) { |
| 281 |
error("cannot find private key"); |
282 |
error("cannot find private key"); |
| 282 |
} else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) { |
283 |
} else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) { |
| 283 |
error("C_SignInit failed: %lu", rv); |
284 |
error("C_SignInit failed: %lu", rv); |
|
Lines 391-396
Link Here
|
| 391 |
{ |
392 |
{ |
| 392 |
Key *key; |
393 |
Key *key; |
| 393 |
RSA *rsa; |
394 |
RSA *rsa; |
|
|
395 |
X509 *x509; |
| 394 |
int i; |
396 |
int i; |
| 395 |
CK_RV rv; |
397 |
CK_RV rv; |
| 396 |
CK_OBJECT_HANDLE obj; |
398 |
CK_OBJECT_HANDLE obj; |
|
Lines 398-415
Link Here
|
| 398 |
CK_SESSION_HANDLE session; |
400 |
CK_SESSION_HANDLE session; |
| 399 |
CK_FUNCTION_LIST *f; |
401 |
CK_FUNCTION_LIST *f; |
| 400 |
CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY; |
402 |
CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY; |
|
|
403 |
CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; |
| 401 |
CK_ATTRIBUTE pubkey_filter[] = { |
404 |
CK_ATTRIBUTE pubkey_filter[] = { |
| 402 |
{ CKA_CLASS, NULL, sizeof(pubkey_class) } |
405 |
{ CKA_CLASS, NULL, sizeof(pubkey_class) } |
| 403 |
}; |
406 |
}; |
|
|
407 |
CK_ATTRIBUTE cert_filter[] = { |
| 408 |
{ CKA_CLASS, NULL, sizeof(cert_class) } |
| 409 |
}; |
| 404 |
CK_ATTRIBUTE attribs[] = { |
410 |
CK_ATTRIBUTE attribs[] = { |
| 405 |
{ CKA_ID, NULL, 0 }, |
411 |
{ CKA_ID, NULL, 0 }, |
| 406 |
{ CKA_MODULUS, NULL, 0 }, |
412 |
{ CKA_MODULUS, NULL, 0 }, |
| 407 |
{ CKA_PUBLIC_EXPONENT, NULL, 0 } |
413 |
{ CKA_PUBLIC_EXPONENT, NULL, 0 } |
| 408 |
}; |
414 |
}; |
|
|
415 |
CK_ATTRIBUTE attribs_cert[] = { |
| 416 |
{ CKA_ID, NULL, 0 }, |
| 417 |
{ CKA_SUBJECT, NULL, 0 }, |
| 418 |
{ CKA_VALUE, NULL, 0 }, |
| 419 |
}; |
| 409 |
|
420 |
|
| 410 |
/* some compilers complain about non-constant initializer so we |
421 |
/* some compilers complain about non-constant initializer so we |
| 411 |
use NULL in CK_ATTRIBUTE above and set the value here */ |
422 |
use NULL in CK_ATTRIBUTE above and set the value here */ |
| 412 |
pubkey_filter[0].pValue = &pubkey_class; |
423 |
pubkey_filter[0].pValue = &pubkey_class; |
|
|
424 |
cert_filter[0].pValue = &cert_class; |
| 413 |
|
425 |
|
| 414 |
f = p->function_list; |
426 |
f = p->function_list; |
| 415 |
session = p->slotinfo[slotidx].session; |
427 |
session = p->slotinfo[slotidx].session; |
|
Lines 474-479
Link Here
|
| 474 |
} |
486 |
} |
| 475 |
if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) |
487 |
if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) |
| 476 |
error("C_FindObjectsFinal failed: %lu", rv); |
488 |
error("C_FindObjectsFinal failed: %lu", rv); |
|
|
489 |
|
| 490 |
debug("Search X509"); |
| 491 |
f = p->function_list; |
| 492 |
session = p->slotinfo[slotidx].session; |
| 493 |
/* setup a filter the looks for certificates */ |
| 494 |
if ((rv = f->C_FindObjectsInit(session, cert_filter, 1)) != CKR_OK) { |
| 495 |
error("C_FindObjectsInit failed: %lu", rv); |
| 496 |
return (-1); |
| 497 |
} |
| 498 |
while (1) { |
| 499 |
/* XXX 3 attributes in attribs[] */ |
| 500 |
for (i = 0; i < 3; i++) { |
| 501 |
attribs_cert[i].pValue = NULL; |
| 502 |
attribs_cert[i].ulValueLen = 0; |
| 503 |
} |
| 504 |
if ((rv = f->C_FindObjects(session, &obj, 1, &nfound)) != CKR_OK |
| 505 |
|| nfound == 0) |
| 506 |
break; |
| 507 |
/* found a key, so figure out size of the attributes */ |
| 508 |
if ((rv = f->C_GetAttributeValue(session, obj, attribs_cert, 3)) |
| 509 |
!= CKR_OK) { |
| 510 |
error("C_GetAttributeValue failed: %lu", rv); |
| 511 |
continue; |
| 512 |
} |
| 513 |
/* check that none of the attributes are zero length */ |
| 514 |
if (attribs_cert[0].ulValueLen == 0 || |
| 515 |
attribs_cert[1].ulValueLen == 0 || |
| 516 |
attribs_cert[2].ulValueLen == 0) { |
| 517 |
continue; |
| 518 |
} |
| 519 |
/* allocate buffers for attributes */ |
| 520 |
for (i = 0; i < 3; i++) |
| 521 |
attribs_cert[i].pValue = xmalloc(attribs_cert[i].ulValueLen); |
| 522 |
/* retrieve LABEL, SUBJECT and VALUE of X509 cert */ |
| 523 |
if ((rv = f->C_GetAttributeValue(session, obj, attribs_cert, 3)) |
| 524 |
!= CKR_OK) { |
| 525 |
error("C_GetAttributeValue failed: %lu", rv); |
| 526 |
} else if ((x509 = X509_new()) == NULL) { |
| 527 |
error("X509_new failed"); |
| 528 |
} else { |
| 529 |
|
| 530 |
CK_BYTE_PTR der_value; |
| 531 |
CK_BYTE_PTR ptr; |
| 532 |
CK_ULONG n_der_value; |
| 533 |
EVP_PKEY *pubkey = NULL; |
| 534 |
|
| 535 |
n_der_value = attribs_cert[2].ulValueLen; |
| 536 |
ptr = attribs_cert[2].pValue; |
| 537 |
x509 = d2i_X509(NULL, (const unsigned char**)&ptr, n_der_value); |
| 538 |
if(x509 == NULL) { |
| 539 |
debug("CKA_VALUE:Error"); |
| 540 |
} else { |
| 541 |
//PEM_write_X509(stdout, x509); |
| 542 |
pubkey = X509_get_pubkey(x509); |
| 543 |
rsa = pubkey->pkey.rsa; |
| 544 |
|
| 545 |
if (rsa->n && rsa->e && |
| 546 |
pkcs11_rsa_wrap(p, slotidx, &attribs_cert[0], rsa) == 0) { |
| 547 |
key = key_new(KEY_UNSPEC); |
| 548 |
key->rsa = rsa; |
| 549 |
key->type = KEY_RSA; |
| 550 |
key->flags |= KEY_FLAG_EXT; |
| 551 |
/* expand key array and add key */ |
| 552 |
*keysp = xrealloc(*keysp, *nkeys + 1, |
| 553 |
sizeof(Key *)); |
| 554 |
(*keysp)[*nkeys] = key; |
| 555 |
*nkeys = *nkeys + 1; |
| 556 |
debug("have %d keys", *nkeys); |
| 557 |
} else { |
| 558 |
RSA_free(rsa); |
| 559 |
} |
| 560 |
} |
| 561 |
} |
| 562 |
for (i = 0; i < 3; i++) |
| 563 |
xfree(attribs_cert[i].pValue); |
| 564 |
} |
| 565 |
if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) |
| 566 |
error("C_FindObjectsFinal failed: %lu", rv); |
| 477 |
return (0); |
567 |
return (0); |
| 478 |
} |
568 |
} |
| 479 |
|
569 |
|