00001
00030 #include "polarssl/pkcs11.h"
00031
00032 #if defined(POLARSSL_PKCS11_C)
00033
00034 #if defined(POLARSSL_MEMORY_C)
00035 #include "polarssl/memory.h"
00036 #else
00037 #define polarssl_malloc malloc
00038 #define polarssl_free free
00039 #endif
00040
00041 #include <stdlib.h>
00042
00043 int pkcs11_x509_cert_init( x509_crt *cert, pkcs11h_certificate_t pkcs11_cert )
00044 {
00045 int ret = 1;
00046 unsigned char *cert_blob = NULL;
00047 size_t cert_blob_size = 0;
00048
00049 if( cert == NULL )
00050 {
00051 ret = 2;
00052 goto cleanup;
00053 }
00054
00055 if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL, &cert_blob_size ) != CKR_OK )
00056 {
00057 ret = 3;
00058 goto cleanup;
00059 }
00060
00061 cert_blob = polarssl_malloc( cert_blob_size );
00062 if( NULL == cert_blob )
00063 {
00064 ret = 4;
00065 goto cleanup;
00066 }
00067
00068 if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob, &cert_blob_size ) != CKR_OK )
00069 {
00070 ret = 5;
00071 goto cleanup;
00072 }
00073
00074 if( 0 != x509_crt_parse(cert, cert_blob, cert_blob_size ) )
00075 {
00076 ret = 6;
00077 goto cleanup;
00078 }
00079
00080 ret = 0;
00081
00082 cleanup:
00083 if( NULL != cert_blob )
00084 polarssl_free( cert_blob );
00085
00086 return ret;
00087 }
00088
00089
00090 int pkcs11_priv_key_init( pkcs11_context *priv_key,
00091 pkcs11h_certificate_t pkcs11_cert )
00092 {
00093 int ret = 1;
00094 x509_crt cert;
00095
00096 x509_crt_init( &cert );
00097
00098 if( priv_key == NULL )
00099 goto cleanup;
00100
00101 if( 0 != pkcs11_x509_cert_init( &cert, pkcs11_cert ) )
00102 goto cleanup;
00103
00104 priv_key->len = cert.rsa.len;
00105 priv_key->pkcs11h_cert = pkcs11_cert;
00106
00107 ret = 0;
00108
00109 cleanup:
00110 x509_crt_free( &cert );
00111
00112 return ret;
00113 }
00114
00115 void pkcs11_priv_key_free( pkcs11_context *priv_key )
00116 {
00117 if( NULL != priv_key )
00118 pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert );
00119 }
00120
00121 int pkcs11_decrypt( pkcs11_context *ctx,
00122 int mode, size_t *olen,
00123 const unsigned char *input,
00124 unsigned char *output,
00125 size_t output_max_len )
00126 {
00127 size_t input_len, output_len;
00128
00129 if( NULL == ctx )
00130 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00131
00132 if( RSA_PUBLIC == mode )
00133 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00134
00135 output_len = input_len = ctx->len;
00136
00137 if( input_len < 16 || input_len > output_max_len )
00138 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00139
00140
00141 if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
00142 input_len, NULL, &output_len ) != CKR_OK )
00143 {
00144 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00145 }
00146
00147 if( output_len > output_max_len )
00148 return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE );
00149
00150 if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
00151 input_len, output, &output_len ) != CKR_OK )
00152 {
00153 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00154 }
00155 *olen = output_len;
00156 return( 0 );
00157 }
00158
00159 int pkcs11_sign( pkcs11_context *ctx,
00160 int mode,
00161 int hash_id,
00162 unsigned int hashlen,
00163 const unsigned char *hash,
00164 unsigned char *sig )
00165 {
00166 size_t olen, asn_len;
00167 unsigned char *p = sig;
00168
00169 if( NULL == ctx )
00170 return POLARSSL_ERR_RSA_BAD_INPUT_DATA;
00171
00172 if( RSA_PUBLIC == mode )
00173 return POLARSSL_ERR_RSA_BAD_INPUT_DATA;
00174
00175 olen = ctx->len;
00176
00177 switch( hash_id )
00178 {
00179 case SIG_RSA_RAW:
00180 asn_len = 0;
00181 memcpy( p, hash, hashlen );
00182 break;
00183
00184 case SIG_RSA_MD2:
00185 asn_len = OID_SIZE(ASN1_HASH_MDX);
00186 memcpy( p, ASN1_HASH_MDX, asn_len );
00187 memcpy( p + asn_len, hash, hashlen );
00188 p[13] = 2; break;
00189
00190 case SIG_RSA_MD4:
00191 asn_len = OID_SIZE(ASN1_HASH_MDX);
00192 memcpy( p, ASN1_HASH_MDX, asn_len );
00193 memcpy( p + asn_len, hash, hashlen );
00194 p[13] = 4; break;
00195
00196 case SIG_RSA_MD5:
00197 asn_len = OID_SIZE(ASN1_HASH_MDX);
00198 memcpy( p, ASN1_HASH_MDX, asn_len );
00199 memcpy( p + asn_len, hash, hashlen );
00200 p[13] = 5; break;
00201
00202 case SIG_RSA_SHA1:
00203 asn_len = OID_SIZE(ASN1_HASH_SHA1);
00204 memcpy( p, ASN1_HASH_SHA1, asn_len );
00205 memcpy( p + 15, hash, hashlen );
00206 break;
00207
00208 case SIG_RSA_SHA224:
00209 asn_len = OID_SIZE(ASN1_HASH_SHA2X);
00210 memcpy( p, ASN1_HASH_SHA2X, asn_len );
00211 memcpy( p + asn_len, hash, hashlen );
00212 p[1] += hashlen; p[14] = 4; p[18] += hashlen; break;
00213
00214 case SIG_RSA_SHA256:
00215 asn_len = OID_SIZE(ASN1_HASH_SHA2X);
00216 memcpy( p, ASN1_HASH_SHA2X, asn_len );
00217 memcpy( p + asn_len, hash, hashlen );
00218 p[1] += hashlen; p[14] = 1; p[18] += hashlen; break;
00219
00220 case SIG_RSA_SHA384:
00221 asn_len = OID_SIZE(ASN1_HASH_SHA2X);
00222 memcpy( p, ASN1_HASH_SHA2X, asn_len );
00223 memcpy( p + asn_len, hash, hashlen );
00224 p[1] += hashlen; p[14] = 2; p[18] += hashlen; break;
00225
00226 case SIG_RSA_SHA512:
00227 asn_len = OID_SIZE(ASN1_HASH_SHA2X);
00228 memcpy( p, ASN1_HASH_SHA2X, asn_len );
00229 memcpy( p + asn_len, hash, hashlen );
00230 p[1] += hashlen; p[14] = 3; p[18] += hashlen; break;
00231
00232 default:
00233 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00234 }
00235
00236 if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig,
00237 asn_len + hashlen, sig, &olen ) != CKR_OK )
00238 {
00239 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00240 }
00241
00242 return( 0 );
00243 }
00244
00245 #endif