[pkg-opensc-commit] [libp11] 89/239: add code to store private key by Alexander Starostin <assur at esc.ru>

Sat Oct 17 06:21:12 UTC 2015

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit dcacb3c52303f0cfba04bee5469e82e52faaea35
Author: Andreas Jellinghaus <andreas at ionisiert.de>
Date:   Fri Nov 17 11:10:04 2006 +0000

    add code to store private key by Alexander Starostin <assur at esc.ru>
---
 src/libp11-int.h |  1 +
 src/libp11.h     | 30 ++++++++++++++++++---
 src/p11_attr.c   |  7 ++++-
 src/p11_cert.c   |  1 +
 src/p11_key.c    | 80 +++++++++++++++++++-------------------------------------
 5 files changed, 62 insertions(+), 57 deletions(-)

diff --git a/src/libp11-int.h b/src/libp11-int.h
index ca7fb78..43af918 100644
--- a/src/libp11-int.h
+++ b/src/libp11-int.h
@@ -144,6 +144,7 @@ extern int pkcs11_getattr_bn(PKCS11_TOKEN *, CK_OBJECT_HANDLE,
 typedef int (*pkcs11_i2d_fn) (void *, unsigned char **);
 extern void pkcs11_addattr(CK_ATTRIBUTE_PTR, int, const void *, size_t);
 extern void pkcs11_addattr_int(CK_ATTRIBUTE_PTR, int, unsigned long);
+extern void pkcs11_addattr_bool(CK_ATTRIBUTE_PTR, int, int);
 extern void pkcs11_addattr_s(CK_ATTRIBUTE_PTR, int, const char *);
 extern void pkcs11_addattr_bn(CK_ATTRIBUTE_PTR, int, const BIGNUM *);
 extern void pkcs11_addattr_obj(CK_ATTRIBUTE_PTR, int, pkcs11_i2d_fn, void *);
diff --git a/src/libp11.h b/src/libp11.h
index 406c6da..6f8d3df 100644
--- a/src/libp11.h
+++ b/src/libp11.h
@@ -271,9 +271,33 @@ extern int PKCS11_init_pin(PKCS11_TOKEN * token, const char *pin);
 extern int PKCS11_change_pin(PKCS11_SLOT * slot, const char *old_pin,
 	const char *new_pin);
 
-/* Store various objects on the token */
-extern int PKCS11_generate_key(PKCS11_TOKEN *, int, unsigned int, char *);
-extern int PKCS11_store_private_key(PKCS11_TOKEN *, EVP_PKEY *, char *);
+/** 
+ * Generate and store a private key on the token
+ *
+ * @param token token returned by PKCS11_find_token()
+ * @param algorithm EVP_PKEY_RSA
+ * @param label label for this key
+ * @param id bytes to use as id value
+ * @param id_len length of id value.
+ * @retval 0 success
+ * @retval -1 error
+ */
+
+extern int PKCS11_generate_key(PKCS11_TOKEN * token, int algorithm, unsigned int bits, char *label, unsigned char* id, unsigned int id_len);
+
+/** 
+ * Store private key on a token
+ *
+ * @param token token returned by PKCS11_find_token()
+ * @param pk private key
+ * @param label label for this key
+ * @param id bytes to use as id value
+ * @param id_len length of id value.
+ * @retval 0 success
+ * @retval -1 error
+ */
+extern int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, unsigned char *id, unsigned int id_len);
+
 
 /** 
  * Store certificate on a token
diff --git a/src/p11_attr.c b/src/p11_attr.c
index 9519ca6..3676af4 100644
--- a/src/p11_attr.c
+++ b/src/p11_attr.c
@@ -116,9 +116,14 @@ void pkcs11_addattr_int(CK_ATTRIBUTE_PTR ap, int type, unsigned long value)
 	pkcs11_addattr(ap, type, &ulValue, sizeof(ulValue));
 }
 
+void pkcs11_addattr_bool(CK_ATTRIBUTE_PTR ap, int type, int value)
+{
+	pkcs11_addattr(ap, type, &value, sizeof(CK_BBOOL));
+}
+
 void pkcs11_addattr_s(CK_ATTRIBUTE_PTR ap, int type, const char *s)
 {
-	pkcs11_addattr(ap, type, s, s ? strlen(s) + 1 : 0);
+	pkcs11_addattr(ap, type, s, s ? strlen(s) : 0); // RFC2279 string an unpadded string of CK_UTF8CHARs with no null-termination
 }
 
 void pkcs11_addattr_bn(CK_ATTRIBUTE_PTR ap, int type, const BIGNUM * bn)
diff --git a/src/p11_cert.c b/src/p11_cert.c
index 1f8e708..efbeba7 100644
--- a/src/p11_cert.c
+++ b/src/p11_cert.c
@@ -237,6 +237,7 @@ PKCS11_store_certificate(PKCS11_TOKEN * token, X509 * x509, char *label,
 
 	/* Now build the template */
 	pkcs11_addattr_int(attrs + n++, CKA_CLASS, CKO_CERTIFICATE);
+	pkcs11_addattr_bool(attrs + n++, CKA_TOKEN, TRUE);
 	pkcs11_addattr_int(attrs + n++, CKA_CERTIFICATE_TYPE, CKC_X_509);
 	pkcs11_addattr_obj(attrs + n++, CKA_VALUE, (pkcs11_i2d_fn) i2d_X509, x509);
 	if (label)
diff --git a/src/p11_key.c b/src/p11_key.c
index e6edb0c..1d998a5 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -33,7 +33,6 @@ static int pkcs11_store_private_key(PKCS11_TOKEN *, EVP_PKEY *, char *,
 				    unsigned char *, unsigned int, PKCS11_KEY **);
 static int pkcs11_store_public_key(PKCS11_TOKEN *, EVP_PKEY *, char *,
 				   unsigned char *, unsigned int, PKCS11_KEY **);
-static int hex_to_bin(const char *in, unsigned char *out, size_t * outlen);
 
 static CK_OBJECT_CLASS key_search_class;
 static CK_ATTRIBUTE key_search_attrs[] = {
@@ -93,9 +92,16 @@ PKCS11_KEY *PKCS11_find_key(PKCS11_CERT *cert)
 /*
  * Store a private key on the token
  */
-int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label)
+int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, unsigned char *id, unsigned int id_len)
 {
-	if (pkcs11_store_private_key(token, pk, label, NULL, 0, NULL))
+	if (pkcs11_store_private_key(token, pk, label, id, id_len, NULL))
+		return -1;
+	return 0;
+}
+
+int PKCS11_store_public_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, unsigned char *id, unsigned int id_len)
+{
+	if (pkcs11_store_public_key(token, pk, label, id, id_len, NULL))
 		return -1;
 	return 0;
 }
@@ -107,7 +113,7 @@ int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label)
  */
 int
 PKCS11_generate_key(PKCS11_TOKEN * token,
-		    int algorithm, unsigned int bits, char *label)
+		    int algorithm, unsigned int bits, char *label, unsigned char* id, unsigned int id_len)
 {
 	PKCS11_KEY *key_obj;
 	EVP_PKEY *pk;
@@ -130,7 +136,7 @@ PKCS11_generate_key(PKCS11_TOKEN * token,
 
 	pk = EVP_PKEY_new();
 	EVP_PKEY_assign_RSA(pk, rsa);
-	rc = pkcs11_store_private_key(token, pk, label, NULL, 0, &key_obj);
+	rc = pkcs11_store_private_key(token, pk, label, id, id_len, &key_obj);
 
 	if (rc == 0) {
 		PKCS11_KEY_private *kpriv;
@@ -347,15 +353,25 @@ pkcs11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label,
 
 		pkcs11_addattr_int(attrs + n++, CKA_CLASS, CKO_PRIVATE_KEY);
 		pkcs11_addattr_int(attrs + n++, CKA_KEY_TYPE, CKK_RSA);
+
+		pkcs11_addattr_bool(attrs + n++, CKA_TOKEN, TRUE);
+		pkcs11_addattr_bool(attrs + n++, CKA_PRIVATE, TRUE);
+		pkcs11_addattr_bool(attrs + n++, CKA_SENSITIVE, TRUE);
+		pkcs11_addattr_bool(attrs + n++, CKA_DECRYPT, TRUE);
+		pkcs11_addattr_bool(attrs + n++, CKA_SIGN, TRUE);
+		pkcs11_addattr_bool(attrs + n++, CKA_UNWRAP, TRUE);
+
 		pkcs11_addattr_bn(attrs + n++, CKA_MODULUS, rsa->n);
 		pkcs11_addattr_bn(attrs + n++, CKA_PUBLIC_EXPONENT, rsa->e);
 		pkcs11_addattr_bn(attrs + n++, CKA_PRIVATE_EXPONENT, rsa->d);
 		pkcs11_addattr_bn(attrs + n++, CKA_PRIME_1, rsa->p);
 		pkcs11_addattr_bn(attrs + n++, CKA_PRIME_2, rsa->q);
+
 		if (label)
 			pkcs11_addattr_s(attrs + n++, CKA_LABEL, label);
 		if (id && id_len)
 			pkcs11_addattr(attrs + n++, CKA_ID, id, id_len);
+
 	} else {
 		PKCS11err(PKCS11_F_PKCS11_STORE_PRIVATE_KEY, PKCS11_NOT_SUPPORTED);
 		return -1;
@@ -401,6 +417,12 @@ pkcs11_store_public_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label,
 
 		pkcs11_addattr_int(attrs + n++, CKA_CLASS, CKO_PUBLIC_KEY);
 		pkcs11_addattr_int(attrs + n++, CKA_KEY_TYPE, CKK_RSA);
+
+		pkcs11_addattr_bool(attrs + n++, CKA_TOKEN, TRUE);
+		pkcs11_addattr_bool(attrs + n++, CKA_ENCRYPT, TRUE);
+		pkcs11_addattr_bool(attrs + n++, CKA_VERIFY, TRUE);
+		pkcs11_addattr_bool(attrs + n++, CKA_WRAP, TRUE);
+
 		pkcs11_addattr_bn(attrs + n++, CKA_MODULUS, rsa->n);
 		pkcs11_addattr_bn(attrs + n++, CKA_PUBLIC_EXPONENT, rsa->e);
 		if (label)
@@ -449,51 +471,3 @@ int PKCS11_get_key_size(const PKCS11_KEY * key)
 	BN_free(n);
 	return numbytes;
 }
-
-
-static int hex_to_bin(const char *in, unsigned char *out, size_t * outlen)
-{
-	size_t left, count = 0;
-
-	if (in == NULL || *in == '\0') {
-		*outlen = 0;
-		return 1;
-	}
-
-	left = *outlen;
-
-	while (*in != '\0') {
-		int byte = 0, nybbles = 2;
-
-		while (nybbles-- && *in && *in != ':') {
-			char c;
-			byte <<= 4;
-			c = *in++;
-			if ('0' <= c && c <= '9')
-				c -= '0';
-			else if ('a' <= c && c <= 'f')
-				c = c - 'a' + 10;
-			else if ('A' <= c && c <= 'F')
-				c = c - 'A' + 10;
-			else {
-				fprintf(stderr,"hex_to_bin(): invalid char '%c' in hex string\n", c);
-				*outlen = 0;
-				return 0;
-			}
-			byte |= c;
-		}
-		if (*in == ':')
-			in++;
-		if (left <= 0) {
-			fprintf(stderr,"hex_to_bin(): hex string too long");
-			*outlen = 0;
-			return 0;
-		}
-		out[count++] = (unsigned char) byte;
-		left--;
-	}
-
-	*outlen = count;
-	return 1;
-}
-

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git

