[pkg-opensc-commit] [libp11] 89/239: add code to store private key by Alexander Starostin <assur at esc.ru>
Eric Dorland
eric at moszumanska.debian.org
Sat Oct 17 06:21:12 UTC 2015
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit dcacb3c52303f0cfba04bee5469e82e52faaea35
Author: Andreas Jellinghaus <andreas at ionisiert.de>
Date: Fri Nov 17 11:10:04 2006 +0000
add code to store private key by Alexander Starostin <assur at esc.ru>
---
src/libp11-int.h | 1 +
src/libp11.h | 30 ++++++++++++++++++---
src/p11_attr.c | 7 ++++-
src/p11_cert.c | 1 +
src/p11_key.c | 80 +++++++++++++++++++-------------------------------------
5 files changed, 62 insertions(+), 57 deletions(-)
diff --git a/src/libp11-int.h b/src/libp11-int.h
index ca7fb78..43af918 100644
--- a/src/libp11-int.h
+++ b/src/libp11-int.h
@@ -144,6 +144,7 @@ extern int pkcs11_getattr_bn(PKCS11_TOKEN *, CK_OBJECT_HANDLE,
typedef int (*pkcs11_i2d_fn) (void *, unsigned char **);
extern void pkcs11_addattr(CK_ATTRIBUTE_PTR, int, const void *, size_t);
extern void pkcs11_addattr_int(CK_ATTRIBUTE_PTR, int, unsigned long);
+extern void pkcs11_addattr_bool(CK_ATTRIBUTE_PTR, int, int);
extern void pkcs11_addattr_s(CK_ATTRIBUTE_PTR, int, const char *);
extern void pkcs11_addattr_bn(CK_ATTRIBUTE_PTR, int, const BIGNUM *);
extern void pkcs11_addattr_obj(CK_ATTRIBUTE_PTR, int, pkcs11_i2d_fn, void *);
diff --git a/src/libp11.h b/src/libp11.h
index 406c6da..6f8d3df 100644
--- a/src/libp11.h
+++ b/src/libp11.h
@@ -271,9 +271,33 @@ extern int PKCS11_init_pin(PKCS11_TOKEN * token, const char *pin);
extern int PKCS11_change_pin(PKCS11_SLOT * slot, const char *old_pin,
const char *new_pin);
-/* Store various objects on the token */
-extern int PKCS11_generate_key(PKCS11_TOKEN *, int, unsigned int, char *);
-extern int PKCS11_store_private_key(PKCS11_TOKEN *, EVP_PKEY *, char *);
+/**
+ * Generate and store a private key on the token
+ *
+ * @param token token returned by PKCS11_find_token()
+ * @param algorithm EVP_PKEY_RSA
+ * @param label label for this key
+ * @param id bytes to use as id value
+ * @param id_len length of id value.
+ * @retval 0 success
+ * @retval -1 error
+ */
+
+extern int PKCS11_generate_key(PKCS11_TOKEN * token, int algorithm, unsigned int bits, char *label, unsigned char* id, unsigned int id_len);
+
+/**
+ * Store private key on a token
+ *
+ * @param token token returned by PKCS11_find_token()
+ * @param pk private key
+ * @param label label for this key
+ * @param id bytes to use as id value
+ * @param id_len length of id value.
+ * @retval 0 success
+ * @retval -1 error
+ */
+extern int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, unsigned char *id, unsigned int id_len);
+
/**
* Store certificate on a token
diff --git a/src/p11_attr.c b/src/p11_attr.c
index 9519ca6..3676af4 100644
--- a/src/p11_attr.c
+++ b/src/p11_attr.c
@@ -116,9 +116,14 @@ void pkcs11_addattr_int(CK_ATTRIBUTE_PTR ap, int type, unsigned long value)
pkcs11_addattr(ap, type, &ulValue, sizeof(ulValue));
}
+void pkcs11_addattr_bool(CK_ATTRIBUTE_PTR ap, int type, int value)
+{
+ pkcs11_addattr(ap, type, &value, sizeof(CK_BBOOL));
+}
+
void pkcs11_addattr_s(CK_ATTRIBUTE_PTR ap, int type, const char *s)
{
- pkcs11_addattr(ap, type, s, s ? strlen(s) + 1 : 0);
+ pkcs11_addattr(ap, type, s, s ? strlen(s) : 0); // RFC2279 string an unpadded string of CK_UTF8CHARs with no null-termination
}
void pkcs11_addattr_bn(CK_ATTRIBUTE_PTR ap, int type, const BIGNUM * bn)
diff --git a/src/p11_cert.c b/src/p11_cert.c
index 1f8e708..efbeba7 100644
--- a/src/p11_cert.c
+++ b/src/p11_cert.c
@@ -237,6 +237,7 @@ PKCS11_store_certificate(PKCS11_TOKEN * token, X509 * x509, char *label,
/* Now build the template */
pkcs11_addattr_int(attrs + n++, CKA_CLASS, CKO_CERTIFICATE);
+ pkcs11_addattr_bool(attrs + n++, CKA_TOKEN, TRUE);
pkcs11_addattr_int(attrs + n++, CKA_CERTIFICATE_TYPE, CKC_X_509);
pkcs11_addattr_obj(attrs + n++, CKA_VALUE, (pkcs11_i2d_fn) i2d_X509, x509);
if (label)
diff --git a/src/p11_key.c b/src/p11_key.c
index e6edb0c..1d998a5 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -33,7 +33,6 @@ static int pkcs11_store_private_key(PKCS11_TOKEN *, EVP_PKEY *, char *,
unsigned char *, unsigned int, PKCS11_KEY **);
static int pkcs11_store_public_key(PKCS11_TOKEN *, EVP_PKEY *, char *,
unsigned char *, unsigned int, PKCS11_KEY **);
-static int hex_to_bin(const char *in, unsigned char *out, size_t * outlen);
static CK_OBJECT_CLASS key_search_class;
static CK_ATTRIBUTE key_search_attrs[] = {
@@ -93,9 +92,16 @@ PKCS11_KEY *PKCS11_find_key(PKCS11_CERT *cert)
/*
* Store a private key on the token
*/
-int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label)
+int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, unsigned char *id, unsigned int id_len)
{
- if (pkcs11_store_private_key(token, pk, label, NULL, 0, NULL))
+ if (pkcs11_store_private_key(token, pk, label, id, id_len, NULL))
+ return -1;
+ return 0;
+}
+
+int PKCS11_store_public_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, unsigned char *id, unsigned int id_len)
+{
+ if (pkcs11_store_public_key(token, pk, label, id, id_len, NULL))
return -1;
return 0;
}
@@ -107,7 +113,7 @@ int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label)
*/
int
PKCS11_generate_key(PKCS11_TOKEN * token,
- int algorithm, unsigned int bits, char *label)
+ int algorithm, unsigned int bits, char *label, unsigned char* id, unsigned int id_len)
{
PKCS11_KEY *key_obj;
EVP_PKEY *pk;
@@ -130,7 +136,7 @@ PKCS11_generate_key(PKCS11_TOKEN * token,
pk = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pk, rsa);
- rc = pkcs11_store_private_key(token, pk, label, NULL, 0, &key_obj);
+ rc = pkcs11_store_private_key(token, pk, label, id, id_len, &key_obj);
if (rc == 0) {
PKCS11_KEY_private *kpriv;
@@ -347,15 +353,25 @@ pkcs11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label,
pkcs11_addattr_int(attrs + n++, CKA_CLASS, CKO_PRIVATE_KEY);
pkcs11_addattr_int(attrs + n++, CKA_KEY_TYPE, CKK_RSA);
+
+ pkcs11_addattr_bool(attrs + n++, CKA_TOKEN, TRUE);
+ pkcs11_addattr_bool(attrs + n++, CKA_PRIVATE, TRUE);
+ pkcs11_addattr_bool(attrs + n++, CKA_SENSITIVE, TRUE);
+ pkcs11_addattr_bool(attrs + n++, CKA_DECRYPT, TRUE);
+ pkcs11_addattr_bool(attrs + n++, CKA_SIGN, TRUE);
+ pkcs11_addattr_bool(attrs + n++, CKA_UNWRAP, TRUE);
+
pkcs11_addattr_bn(attrs + n++, CKA_MODULUS, rsa->n);
pkcs11_addattr_bn(attrs + n++, CKA_PUBLIC_EXPONENT, rsa->e);
pkcs11_addattr_bn(attrs + n++, CKA_PRIVATE_EXPONENT, rsa->d);
pkcs11_addattr_bn(attrs + n++, CKA_PRIME_1, rsa->p);
pkcs11_addattr_bn(attrs + n++, CKA_PRIME_2, rsa->q);
+
if (label)
pkcs11_addattr_s(attrs + n++, CKA_LABEL, label);
if (id && id_len)
pkcs11_addattr(attrs + n++, CKA_ID, id, id_len);
+
} else {
PKCS11err(PKCS11_F_PKCS11_STORE_PRIVATE_KEY, PKCS11_NOT_SUPPORTED);
return -1;
@@ -401,6 +417,12 @@ pkcs11_store_public_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label,
pkcs11_addattr_int(attrs + n++, CKA_CLASS, CKO_PUBLIC_KEY);
pkcs11_addattr_int(attrs + n++, CKA_KEY_TYPE, CKK_RSA);
+
+ pkcs11_addattr_bool(attrs + n++, CKA_TOKEN, TRUE);
+ pkcs11_addattr_bool(attrs + n++, CKA_ENCRYPT, TRUE);
+ pkcs11_addattr_bool(attrs + n++, CKA_VERIFY, TRUE);
+ pkcs11_addattr_bool(attrs + n++, CKA_WRAP, TRUE);
+
pkcs11_addattr_bn(attrs + n++, CKA_MODULUS, rsa->n);
pkcs11_addattr_bn(attrs + n++, CKA_PUBLIC_EXPONENT, rsa->e);
if (label)
@@ -449,51 +471,3 @@ int PKCS11_get_key_size(const PKCS11_KEY * key)
BN_free(n);
return numbytes;
}
-
-
-static int hex_to_bin(const char *in, unsigned char *out, size_t * outlen)
-{
- size_t left, count = 0;
-
- if (in == NULL || *in == '\0') {
- *outlen = 0;
- return 1;
- }
-
- left = *outlen;
-
- while (*in != '\0') {
- int byte = 0, nybbles = 2;
-
- while (nybbles-- && *in && *in != ':') {
- char c;
- byte <<= 4;
- c = *in++;
- if ('0' <= c && c <= '9')
- c -= '0';
- else if ('a' <= c && c <= 'f')
- c = c - 'a' + 10;
- else if ('A' <= c && c <= 'F')
- c = c - 'A' + 10;
- else {
- fprintf(stderr,"hex_to_bin(): invalid char '%c' in hex string\n", c);
- *outlen = 0;
- return 0;
- }
- byte |= c;
- }
- if (*in == ':')
- in++;
- if (left <= 0) {
- fprintf(stderr,"hex_to_bin(): hex string too long");
- *outlen = 0;
- return 0;
- }
- out[count++] = (unsigned char) byte;
- left--;
- }
-
- *outlen = count;
- return 1;
-}
-
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list