PolarSSL v1.1.4
|
00001 00030 #include "polarssl/pkcs11.h" 00031 00032 #if defined(POLARSSL_PKCS11_C) 00033 00034 #include <stdlib.h> 00035 00036 int pkcs11_x509_cert_init( x509_cert *cert, pkcs11h_certificate_t pkcs11_cert ) 00037 { 00038 int ret = 1; 00039 unsigned char *cert_blob = NULL; 00040 size_t cert_blob_size = 0; 00041 00042 if( cert == NULL ) 00043 { 00044 ret = 2; 00045 goto cleanup; 00046 } 00047 00048 if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL, &cert_blob_size ) != CKR_OK ) 00049 { 00050 ret = 3; 00051 goto cleanup; 00052 } 00053 00054 cert_blob = malloc( cert_blob_size ); 00055 if( NULL == cert_blob ) 00056 { 00057 ret = 4; 00058 goto cleanup; 00059 } 00060 00061 if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob, &cert_blob_size ) != CKR_OK ) 00062 { 00063 ret = 5; 00064 goto cleanup; 00065 } 00066 00067 if( 0 != x509parse_crt(cert, cert_blob, cert_blob_size ) ) 00068 { 00069 ret = 6; 00070 goto cleanup; 00071 } 00072 00073 ret = 0; 00074 00075 cleanup: 00076 if( NULL != cert_blob ) 00077 free( cert_blob ); 00078 00079 return ret; 00080 } 00081 00082 00083 int pkcs11_priv_key_init( pkcs11_context *priv_key, 00084 pkcs11h_certificate_t pkcs11_cert ) 00085 { 00086 int ret = 1; 00087 x509_cert cert; 00088 00089 memset( &cert, 0, sizeof( cert ) ); 00090 00091 if( priv_key == NULL ) 00092 goto cleanup; 00093 00094 if( 0 != pkcs11_x509_cert_init( &cert, pkcs11_cert ) ) 00095 goto cleanup; 00096 00097 priv_key->len = cert.rsa.len; 00098 priv_key->pkcs11h_cert = pkcs11_cert; 00099 00100 ret = 0; 00101 00102 cleanup: 00103 x509_free( &cert ); 00104 00105 return ret; 00106 } 00107 00108 void pkcs11_priv_key_free( pkcs11_context *priv_key ) 00109 { 00110 if( NULL != priv_key ) 00111 pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert ); 00112 } 00113 00114 int pkcs11_decrypt( pkcs11_context *ctx, 00115 int mode, size_t *olen, 00116 const unsigned char *input, 00117 unsigned char *output, 00118 unsigned int output_max_len ) 00119 { 00120 size_t input_len, output_len; 00121 00122 if( NULL == ctx ) 00123 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); 00124 00125 if( RSA_PUBLIC == mode ) 00126 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); 00127 00128 output_len = input_len = ctx->len; 00129 00130 if( input_len < 16 || input_len > output_max_len ) 00131 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); 00132 00133 /* Determine size of output buffer */ 00134 if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input, 00135 input_len, NULL, &output_len ) != CKR_OK ) 00136 { 00137 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); 00138 } 00139 00140 if( output_len > output_max_len ) 00141 return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE ); 00142 00143 if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input, 00144 input_len, output, &output_len ) != CKR_OK ) 00145 { 00146 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); 00147 } 00148 *olen = output_len; 00149 return( 0 ); 00150 } 00151 00152 int pkcs11_sign( pkcs11_context *ctx, 00153 int mode, 00154 int hash_id, 00155 unsigned int hashlen, 00156 const unsigned char *hash, 00157 unsigned char *sig ) 00158 { 00159 size_t olen, asn_len; 00160 unsigned char *p = sig; 00161 00162 if( NULL == ctx ) 00163 return POLARSSL_ERR_RSA_BAD_INPUT_DATA; 00164 00165 if( RSA_PUBLIC == mode ) 00166 return POLARSSL_ERR_RSA_BAD_INPUT_DATA; 00167 00168 olen = ctx->len; 00169 00170 switch( hash_id ) 00171 { 00172 case SIG_RSA_RAW: 00173 asn_len = 0; 00174 memcpy( p, hash, hashlen ); 00175 break; 00176 00177 case SIG_RSA_MD2: 00178 asn_len = OID_SIZE(ASN1_HASH_MDX); 00179 memcpy( p, ASN1_HASH_MDX, asn_len ); 00180 memcpy( p + asn_len, hash, hashlen ); 00181 p[13] = 2; break; 00182 00183 case SIG_RSA_MD4: 00184 asn_len = OID_SIZE(ASN1_HASH_MDX); 00185 memcpy( p, ASN1_HASH_MDX, asn_len ); 00186 memcpy( p + asn_len, hash, hashlen ); 00187 p[13] = 4; break; 00188 00189 case SIG_RSA_MD5: 00190 asn_len = OID_SIZE(ASN1_HASH_MDX); 00191 memcpy( p, ASN1_HASH_MDX, asn_len ); 00192 memcpy( p + asn_len, hash, hashlen ); 00193 p[13] = 5; break; 00194 00195 case SIG_RSA_SHA1: 00196 asn_len = OID_SIZE(ASN1_HASH_SHA1); 00197 memcpy( p, ASN1_HASH_SHA1, asn_len ); 00198 memcpy( p + 15, hash, hashlen ); 00199 break; 00200 00201 case SIG_RSA_SHA224: 00202 asn_len = OID_SIZE(ASN1_HASH_SHA2X); 00203 memcpy( p, ASN1_HASH_SHA2X, asn_len ); 00204 memcpy( p + asn_len, hash, hashlen ); 00205 p[1] += hashlen; p[14] = 4; p[18] += hashlen; break; 00206 00207 case SIG_RSA_SHA256: 00208 asn_len = OID_SIZE(ASN1_HASH_SHA2X); 00209 memcpy( p, ASN1_HASH_SHA2X, asn_len ); 00210 memcpy( p + asn_len, hash, hashlen ); 00211 p[1] += hashlen; p[14] = 1; p[18] += hashlen; break; 00212 00213 case SIG_RSA_SHA384: 00214 asn_len = OID_SIZE(ASN1_HASH_SHA2X); 00215 memcpy( p, ASN1_HASH_SHA2X, asn_len ); 00216 memcpy( p + asn_len, hash, hashlen ); 00217 p[1] += hashlen; p[14] = 2; p[18] += hashlen; break; 00218 00219 case SIG_RSA_SHA512: 00220 asn_len = OID_SIZE(ASN1_HASH_SHA2X); 00221 memcpy( p, ASN1_HASH_SHA2X, asn_len ); 00222 memcpy( p + asn_len, hash, hashlen ); 00223 p[1] += hashlen; p[14] = 3; p[18] += hashlen; break; 00224 00225 default: 00226 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); 00227 } 00228 00229 if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig, 00230 asn_len + hashlen, sig, &olen ) != CKR_OK ) 00231 { 00232 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); 00233 } 00234 00235 return( 0 ); 00236 } 00237 00238 #endif /* defined(POLARSSL_PKCS11_C) */