PolarSSL v1.1.4
pkcs11.c
Go to the documentation of this file.
00001 
00030 #include "polarssl/pkcs11.h"
00031 
00032 #if defined(POLARSSL_PKCS11_C)
00033 
00034 #include <stdlib.h>
00035 
00036 int pkcs11_x509_cert_init( x509_cert *cert, pkcs11h_certificate_t pkcs11_cert )
00037 {
00038     int ret = 1;
00039     unsigned char *cert_blob = NULL;
00040     size_t cert_blob_size = 0;
00041 
00042     if( cert == NULL )
00043     {
00044         ret = 2;
00045         goto cleanup;
00046     }
00047 
00048     if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL, &cert_blob_size ) != CKR_OK )
00049     {
00050         ret = 3;
00051         goto cleanup;
00052     }
00053 
00054     cert_blob = malloc( cert_blob_size );
00055     if( NULL == cert_blob )
00056     {
00057         ret = 4;
00058         goto cleanup;
00059     }
00060 
00061     if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob, &cert_blob_size ) != CKR_OK )
00062     {
00063         ret = 5;
00064         goto cleanup;
00065     }
00066 
00067     if( 0 != x509parse_crt(cert, cert_blob, cert_blob_size ) )
00068     {
00069         ret = 6;
00070         goto cleanup;
00071     }
00072 
00073     ret = 0;
00074 
00075 cleanup:
00076     if( NULL != cert_blob )
00077         free( cert_blob );
00078 
00079     return ret;
00080 }
00081 
00082 
00083 int pkcs11_priv_key_init( pkcs11_context *priv_key,
00084         pkcs11h_certificate_t pkcs11_cert )
00085 {
00086     int ret = 1;
00087     x509_cert cert;
00088 
00089     memset( &cert, 0, sizeof( cert ) );
00090 
00091     if( priv_key == NULL )
00092         goto cleanup;
00093 
00094     if( 0 != pkcs11_x509_cert_init( &cert, pkcs11_cert ) )
00095         goto cleanup;
00096 
00097     priv_key->len = cert.rsa.len;
00098     priv_key->pkcs11h_cert = pkcs11_cert;
00099 
00100     ret = 0;
00101 
00102 cleanup:
00103     x509_free( &cert );
00104 
00105     return ret;
00106 }
00107 
00108 void pkcs11_priv_key_free( pkcs11_context *priv_key )
00109 {
00110     if( NULL != priv_key )
00111         pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert );
00112 }
00113 
00114 int pkcs11_decrypt( pkcs11_context *ctx,
00115                        int mode, size_t *olen,
00116                        const unsigned char *input,
00117                        unsigned char *output,
00118                        unsigned int output_max_len )
00119 {
00120     size_t input_len, output_len;
00121 
00122     if( NULL == ctx )
00123         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00124 
00125     if( RSA_PUBLIC == mode )
00126         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00127 
00128     output_len = input_len = ctx->len;
00129 
00130     if( input_len < 16 || input_len > output_max_len )
00131         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00132 
00133     /* Determine size of output buffer */
00134     if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
00135             input_len, NULL, &output_len ) != CKR_OK )
00136     {
00137         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00138     }
00139 
00140     if( output_len > output_max_len )
00141         return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE );
00142 
00143     if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
00144             input_len, output, &output_len ) != CKR_OK )
00145     {
00146         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00147     }
00148     *olen = output_len;
00149     return( 0 );
00150 }
00151 
00152 int pkcs11_sign( pkcs11_context *ctx,
00153                     int mode,
00154                     int hash_id,
00155                     unsigned int hashlen,
00156                     const unsigned char *hash,
00157                     unsigned char *sig )
00158 {
00159     size_t olen, asn_len;
00160     unsigned char *p = sig;
00161 
00162     if( NULL == ctx )
00163         return POLARSSL_ERR_RSA_BAD_INPUT_DATA;
00164 
00165     if( RSA_PUBLIC == mode )
00166         return POLARSSL_ERR_RSA_BAD_INPUT_DATA;
00167 
00168     olen = ctx->len;
00169 
00170     switch( hash_id )
00171     {
00172         case SIG_RSA_RAW:
00173             asn_len = 0;
00174             memcpy( p, hash, hashlen );
00175             break;
00176 
00177         case SIG_RSA_MD2:
00178             asn_len = OID_SIZE(ASN1_HASH_MDX);
00179             memcpy( p, ASN1_HASH_MDX, asn_len );
00180             memcpy( p + asn_len, hash, hashlen );
00181             p[13] = 2; break;
00182 
00183         case SIG_RSA_MD4:
00184             asn_len = OID_SIZE(ASN1_HASH_MDX);
00185             memcpy( p, ASN1_HASH_MDX, asn_len );
00186             memcpy( p + asn_len, hash, hashlen );
00187             p[13] = 4; break;
00188 
00189         case SIG_RSA_MD5:
00190             asn_len = OID_SIZE(ASN1_HASH_MDX);
00191             memcpy( p, ASN1_HASH_MDX, asn_len );
00192             memcpy( p + asn_len, hash, hashlen );
00193             p[13] = 5; break;
00194 
00195         case SIG_RSA_SHA1:
00196             asn_len = OID_SIZE(ASN1_HASH_SHA1);
00197             memcpy( p, ASN1_HASH_SHA1, asn_len );
00198             memcpy( p + 15, hash, hashlen );
00199             break;
00200 
00201         case SIG_RSA_SHA224:
00202             asn_len = OID_SIZE(ASN1_HASH_SHA2X);
00203             memcpy( p, ASN1_HASH_SHA2X, asn_len );
00204             memcpy( p + asn_len, hash, hashlen );
00205             p[1] += hashlen; p[14] = 4; p[18] += hashlen; break;
00206 
00207         case SIG_RSA_SHA256:
00208             asn_len = OID_SIZE(ASN1_HASH_SHA2X);
00209             memcpy( p, ASN1_HASH_SHA2X, asn_len );
00210             memcpy( p + asn_len, hash, hashlen );
00211             p[1] += hashlen; p[14] = 1; p[18] += hashlen; break;
00212 
00213         case SIG_RSA_SHA384:
00214             asn_len = OID_SIZE(ASN1_HASH_SHA2X);
00215             memcpy( p, ASN1_HASH_SHA2X, asn_len );
00216             memcpy( p + asn_len, hash, hashlen );
00217             p[1] += hashlen; p[14] = 2; p[18] += hashlen; break;
00218 
00219         case SIG_RSA_SHA512:
00220             asn_len = OID_SIZE(ASN1_HASH_SHA2X);
00221             memcpy( p, ASN1_HASH_SHA2X, asn_len );
00222             memcpy( p + asn_len, hash, hashlen );
00223             p[1] += hashlen; p[14] = 3; p[18] += hashlen; break;
00224 
00225         default:
00226             return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00227     }
00228 
00229     if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig,
00230             asn_len + hashlen, sig, &olen ) != CKR_OK )
00231     {
00232         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00233     }
00234 
00235     return( 0 );
00236 }
00237 
00238 #endif /* defined(POLARSSL_PKCS11_C) */