summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAntti Lyytinen2014-12-10 05:52:59 -0600
committerAntti Lyytinen2014-12-10 05:52:59 -0600
commit43c4f63a8d803fde2bcd8e4f8969e5fe9edf0e33 (patch)
tree8eedd24a49aa0b523bc1c1236527254e9df21d8f
parent7e6182d9b8460a91825f41e79c2de2dca606b858 (diff)
downloadlibp11-43c4f63a8d803fde2bcd8e4f8969e5fe9edf0e33.tar.gz
libp11-43c4f63a8d803fde2bcd8e4f8969e5fe9edf0e33.tar.xz
libp11-43c4f63a8d803fde2bcd8e4f8969e5fe9edf0e33.zip
-rw-r--r--src/libp11-int.h1
-rw-r--r--src/p11_cert.c4
-rw-r--r--src/p11_key.c95
-rw-r--r--src/p11_load.c17
-rw-r--r--src/p11_rsa.c1
5 files changed, 89 insertions, 29 deletions
diff --git a/src/libp11-int.h b/src/libp11-int.h
index be3965f..99a540a 100644
--- a/src/libp11-int.h
+++ b/src/libp11-int.h
@@ -43,6 +43,7 @@ typedef struct pkcs11_ctx_private {
43 43
44 CK_SESSION_HANDLE session; 44 CK_SESSION_HANDLE session;
45 char *init_args; 45 char *init_args;
46 unsigned char key_gen_on_token;
46} PKCS11_CTX_private; 47} PKCS11_CTX_private;
47#define PRIVCTX(ctx) ((PKCS11_CTX_private *) (ctx->_private)) 48#define PRIVCTX(ctx) ((PKCS11_CTX_private *) (ctx->_private))
48 49
diff --git a/src/p11_cert.c b/src/p11_cert.c
index 4b54bec..5a74f84 100644
--- a/src/p11_cert.c
+++ b/src/p11_cert.c
@@ -126,7 +126,7 @@ static int pkcs11_next_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
126 int rv; 126 int rv;
127 127
128 /* Get the next matching objects */ 128 /* Get the next matching objects */
129 rv = CRYPTOKI_call(ctx, C_FindObjects(session, &obj, 129 rv = CRYPTOKI_call(ctx, C_FindObjects(session, &(obj[0]),
130 FIND_OBJ_CERT_CNT, &count)); 130 FIND_OBJ_CERT_CNT, &count));
131 CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_CERTS, rv); 131 CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_CERTS, rv);
132 132
@@ -134,7 +134,7 @@ static int pkcs11_next_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
134 return 1; 134 return 1;
135 135
136 for (i = 0; i < count; i++) 136 for (i = 0; i < count; i++)
137 if (pkcs11_init_cert(ctx, token, session, obj, NULL)) 137 if (pkcs11_init_cert(ctx, token, session, obj[i], NULL))
138 return -1; 138 return -1;
139 139
140 return 0; 140 return 0;
diff --git a/src/p11_key.c b/src/p11_key.c
index 43cd5ee..e37f7bc 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -128,37 +128,80 @@ int
128PKCS11_generate_key(PKCS11_TOKEN * token, 128PKCS11_generate_key(PKCS11_TOKEN * token,
129 int algorithm, unsigned int bits, char *label, unsigned char* id, size_t id_len) 129 int algorithm, unsigned int bits, char *label, unsigned char* id, size_t id_len)
130{ 130{
131 PKCS11_KEY *key_obj; 131 PKCS11_CTX *ctx = TOKEN2CTX(token);
132 EVP_PKEY *pk; 132 PKCS11_CTX_private *priv = PRIVCTX(ctx);
133 RSA *rsa; 133 int rc = -1;
134 BIO *err;
135 int rc;
136
137 if (algorithm != EVP_PKEY_RSA) {
138 PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY, PKCS11_NOT_SUPPORTED);
139 return -1;
140 }
141 134
142 err = BIO_new_fp(stderr, BIO_NOCLOSE); 135 if(priv->key_gen_on_token) {
143 rsa = RSA_generate_key(bits, 0x10001, NULL, err); 136 PKCS11_SLOT *slot = TOKEN2SLOT(token);
144 BIO_free(err); 137
145 if (rsa == NULL) { 138 CK_SESSION_HANDLE session;
146 PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY, PKCS11_KEYGEN_FAILED); 139 CK_OBJECT_HANDLE hKey;
147 return -1; 140 CK_MECHANISM mechanism = {CKM_RSA_X9_31_KEY_PAIR_GEN, NULL_PTR, 0};
148 } 141 CK_RV rv;
149 142
150 pk = EVP_PKEY_new(); 143 CK_ATTRIBUTE attrs[32];
151 EVP_PKEY_assign_RSA(pk, rsa); 144 unsigned int n = 0;
152 rc = pkcs11_store_private_key(token, pk, label, id, id_len, &key_obj); 145
146 /* First, make sure we have a session */
147 if (!PRIVSLOT(slot)->haveSession && PKCS11_open_session(slot, 1)) {
148 return -1;
149 }
150 session = PRIVSLOT(slot)->session;
153 151
154 if (rc == 0) { 152 /* Now build the key attrs */
155 PKCS11_KEY_private *kpriv; 153 pkcs11_addattr_int(attrs + n++, CKA_CLASS, CKO_PRIVATE_KEY);
154 pkcs11_addattr_int(attrs + n++, CKA_KEY_TYPE, CKK_RSA);
155 pkcs11_addattr_bool(attrs + n++, CKA_TOKEN, TRUE);
156 pkcs11_addattr_int(attrs + n++, CKA_MODULUS_BITS, bits);
157 if (label) {
158 pkcs11_addattr_s(attrs + n++, CKA_LABEL, label);
159 }
160 if (id && id_len) {
161 pkcs11_addattr(attrs + n++, CKA_ID, id, id_len);
162 }
156 163
157 kpriv = PRIVKEY(key_obj); 164 rv = CRYPTOKI_call(ctx, C_GenerateKey(session, &mechanism, attrs, n, &hKey));
158 rc = pkcs11_store_public_key(token, pk, label, 165
159 kpriv->id, kpriv->id_len, NULL); 166 /* Zap all memory allocated when building the template */
167 pkcs11_zap_attrs(attrs, n);
168
169 if (rv == CKR_OK) {
170 rc = 0;
171 }
172 } else {
173
174 PKCS11_KEY *key_obj;
175 EVP_PKEY *pk;
176 RSA *rsa;
177 BIO *err;
178
179 if (algorithm != EVP_PKEY_RSA) {
180 PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY, PKCS11_NOT_SUPPORTED);
181 return -1;
182 }
183
184 err = BIO_new_fp(stderr, BIO_NOCLOSE);
185 rsa = RSA_generate_key(bits, 0x10001, NULL, err);
186 BIO_free(err);
187 if (rsa == NULL) {
188 PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY, PKCS11_KEYGEN_FAILED);
189 return -1;
190 }
191
192 pk = EVP_PKEY_new();
193 EVP_PKEY_assign_RSA(pk, rsa);
194 rc = pkcs11_store_private_key(token, pk, label, id, id_len, &key_obj);
195
196 if (rc == 0) {
197 PKCS11_KEY_private *kpriv;
198
199 kpriv = PRIVKEY(key_obj);
200 rc = pkcs11_store_public_key(token, pk, label,
201 kpriv->id, kpriv->id_len, NULL);
202 }
203 EVP_PKEY_free(pk);
160 } 204 }
161 EVP_PKEY_free(pk);
162 return rc; 205 return rc;
163} 206}
164 207
diff --git a/src/p11_load.c b/src/p11_load.c
index d315aa6..6528c31 100644
--- a/src/p11_load.c
+++ b/src/p11_load.c
@@ -58,6 +58,10 @@ int PKCS11_CTX_load(PKCS11_CTX * ctx, const char *name)
58 CK_C_INITIALIZE_ARGS _args; 58 CK_C_INITIALIZE_ARGS _args;
59 CK_C_INITIALIZE_ARGS *args = NULL; 59 CK_C_INITIALIZE_ARGS *args = NULL;
60 CK_INFO ck_info; 60 CK_INFO ck_info;
61 CK_SLOT_ID slot = 0;
62 CK_MECHANISM_TYPE mechanismList[8];
63 CK_ULONG count = 8;
64 int i;
61 int rv; 65 int rv;
62 66
63 if (priv->libinfo != NULL) { 67 if (priv->libinfo != NULL) {
@@ -89,6 +93,19 @@ int PKCS11_CTX_load(PKCS11_CTX * ctx, const char *name)
89 ctx->manufacturer = PKCS11_DUP(ck_info.manufacturerID); 93 ctx->manufacturer = PKCS11_DUP(ck_info.manufacturerID);
90 ctx->description = PKCS11_DUP(ck_info.libraryDescription); 94 ctx->description = PKCS11_DUP(ck_info.libraryDescription);
91 95
96 /* Check whether library supports key generation */
97 priv->key_gen_on_token = 0;
98 rv = CRYPTOKI_call(ctx, C_GetMechanismList(slot, &mechanismList, &count));
99 if(rv == 0) {
100 for(i=0; i<count; i++) {
101 if(mechanismList[i] == CKM_RSA_PKCS_KEY_PAIR_GEN) {
102 priv->key_gen_on_token = 1;
103 }
104 }
105 } else {
106 PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, rv);
107 return -1;
108 }
92 return 0; 109 return 0;
93} 110}
94 111
diff --git a/src/p11_rsa.c b/src/p11_rsa.c
index c25cf34..a96c654 100644
--- a/src/p11_rsa.c
+++ b/src/p11_rsa.c
@@ -124,7 +124,6 @@ static int pkcs11_rsa_decrypt(int flen, const unsigned char *from,
124static int pkcs11_rsa_encrypt(int flen, const unsigned char *from, 124static int pkcs11_rsa_encrypt(int flen, const unsigned char *from,
125 unsigned char *to, RSA * rsa, int padding) 125 unsigned char *to, RSA * rsa, int padding)
126{ 126{
127 printf("PKCS11_rsa_encrypt: flen(%d)\n", flen);
128 return PKCS11_private_encrypt(flen,from,to,(PKCS11_KEY *) RSA_get_app_data(rsa), padding); 127 return PKCS11_private_encrypt(flen,from,to,(PKCS11_KEY *) RSA_get_app_data(rsa), padding);
129} 128}
130 129