ssh-pkcs11.c (204917) | ssh-pkcs11.c (215116) |
---|---|
1/* $OpenBSD: ssh-pkcs11.c,v 1.4 2010/02/24 06:12:53 djm Exp $ */ | 1/* $OpenBSD: ssh-pkcs11.c,v 1.6 2010/06/08 21:32:19 markus Exp $ */ |
2/* 3 * Copyright (c) 2010 Markus Friedl. All rights reserved. 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES --- 172 unchanged lines hidden (view full) --- 182 pkcs11_provider_unref(k11->provider); 183 if (k11->keyid) 184 xfree(k11->keyid); 185 xfree(k11); 186 } 187 return (rv); 188} 189 | 2/* 3 * Copyright (c) 2010 Markus Friedl. All rights reserved. 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES --- 172 unchanged lines hidden (view full) --- 182 pkcs11_provider_unref(k11->provider); 183 if (k11->keyid) 184 xfree(k11->keyid); 185 xfree(k11); 186 } 187 return (rv); 188} 189 |
190/* find a single 'obj' for given attributes */ 191static int 192pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr, 193 CK_ULONG nattr, CK_OBJECT_HANDLE *obj) 194{ 195 CK_FUNCTION_LIST *f; 196 CK_SESSION_HANDLE session; 197 CK_ULONG nfound = 0; 198 CK_RV rv; 199 int ret = -1; 200 201 f = p->function_list; 202 session = p->slotinfo[slotidx].session; 203 if ((rv = f->C_FindObjectsInit(session, attr, nattr)) != CKR_OK) { 204 error("C_FindObjectsInit failed (nattr %lu): %lu", nattr, rv); 205 return (-1); 206 } 207 if ((rv = f->C_FindObjects(session, obj, 1, &nfound)) != CKR_OK || 208 nfound != 1) { 209 debug("C_FindObjects failed (nfound %lu nattr %lu): %lu", 210 nfound, nattr, rv); 211 } else 212 ret = 0; 213 if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) 214 error("C_FindObjectsFinal failed: %lu", rv); 215 return (ret); 216} 217 |
|
190/* openssl callback doing the actual signing operation */ 191static int 192pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, 193 int padding) 194{ 195 struct pkcs11_key *k11; 196 struct pkcs11_slotinfo *si; 197 CK_FUNCTION_LIST *f; 198 CK_OBJECT_HANDLE obj; | 218/* openssl callback doing the actual signing operation */ 219static int 220pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, 221 int padding) 222{ 223 struct pkcs11_key *k11; 224 struct pkcs11_slotinfo *si; 225 CK_FUNCTION_LIST *f; 226 CK_OBJECT_HANDLE obj; |
199 CK_ULONG tlen = 0, nfound = 0; | 227 CK_ULONG tlen = 0; |
200 CK_RV rv; 201 CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY; 202 CK_BBOOL true_val = CK_TRUE; 203 CK_MECHANISM mech = { 204 CKM_RSA_PKCS, NULL_PTR, 0 205 }; 206 CK_ATTRIBUTE key_filter[] = { 207 {CKA_CLASS, NULL, sizeof(private_key_class) }, --- 34 unchanged lines hidden (view full) --- 242 error("C_Login failed: %lu", rv); 243 return (-1); 244 } 245 xfree(pin); 246 si->logged_in = 1; 247 } 248 key_filter[1].pValue = k11->keyid; 249 key_filter[1].ulValueLen = k11->keyid_len; | 228 CK_RV rv; 229 CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY; 230 CK_BBOOL true_val = CK_TRUE; 231 CK_MECHANISM mech = { 232 CKM_RSA_PKCS, NULL_PTR, 0 233 }; 234 CK_ATTRIBUTE key_filter[] = { 235 {CKA_CLASS, NULL, sizeof(private_key_class) }, --- 34 unchanged lines hidden (view full) --- 270 error("C_Login failed: %lu", rv); 271 return (-1); 272 } 273 xfree(pin); 274 si->logged_in = 1; 275 } 276 key_filter[1].pValue = k11->keyid; 277 key_filter[1].ulValueLen = k11->keyid_len; |
250 if ((rv = f->C_FindObjectsInit(si->session, key_filter, 3)) != CKR_OK) { 251 error("C_FindObjectsInit failed: %lu", rv); 252 return (-1); 253 } 254 if ((rv = f->C_FindObjects(si->session, &obj, 1, &nfound)) != CKR_OK || 255 nfound != 1) { 256 error("C_FindObjects failed (%lu nfound): %lu", nfound, rv); | 278 /* try to find object w/CKA_SIGN first, retry w/o */ 279 if (pkcs11_find(k11->provider, k11->slotidx, key_filter, 3, &obj) < 0 && 280 pkcs11_find(k11->provider, k11->slotidx, key_filter, 2, &obj) < 0) { 281 error("cannot find private key"); |
257 } else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) { 258 error("C_SignInit failed: %lu", rv); 259 } else { 260 /* XXX handle CKR_BUFFER_TOO_SMALL */ 261 tlen = RSA_size(rsa); 262 rv = f->C_Sign(si->session, (CK_BYTE *)from, flen, to, &tlen); 263 if (rv == CKR_OK) 264 rval = tlen; 265 else 266 error("C_Sign failed: %lu", rv); 267 } | 282 } else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) { 283 error("C_SignInit failed: %lu", rv); 284 } else { 285 /* XXX handle CKR_BUFFER_TOO_SMALL */ 286 tlen = RSA_size(rsa); 287 rv = f->C_Sign(si->session, (CK_BYTE *)from, flen, to, &tlen); 288 if (rv == CKR_OK) 289 rval = tlen; 290 else 291 error("C_Sign failed: %lu", rv); 292 } |
268 if ((rv = f->C_FindObjectsFinal(si->session)) != CKR_OK) 269 error("C_FindObjectsFinal failed: %lu", rv); | |
270 return (rval); 271} 272 273static int 274pkcs11_rsa_private_decrypt(int flen, const u_char *from, u_char *to, RSA *rsa, 275 int padding) 276{ 277 return (-1); --- 127 unchanged lines hidden (view full) --- 405 || nfound == 0) 406 break; 407 /* found a key, so figure out size of the attributes */ 408 if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3)) 409 != CKR_OK) { 410 error("C_GetAttributeValue failed: %lu", rv); 411 continue; 412 } | 293 return (rval); 294} 295 296static int 297pkcs11_rsa_private_decrypt(int flen, const u_char *from, u_char *to, RSA *rsa, 298 int padding) 299{ 300 return (-1); --- 127 unchanged lines hidden (view full) --- 428 || nfound == 0) 429 break; 430 /* found a key, so figure out size of the attributes */ 431 if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3)) 432 != CKR_OK) { 433 error("C_GetAttributeValue failed: %lu", rv); 434 continue; 435 } |
413 /* allocate buffers for attributes, XXX check ulValueLen? */ | 436 /* check that none of the attributes are zero length */ 437 if (attribs[0].ulValueLen == 0 || 438 attribs[1].ulValueLen == 0 || 439 attribs[2].ulValueLen == 0) { 440 continue; 441 } 442 /* allocate buffers for attributes */ |
414 for (i = 0; i < 3; i++) 415 attribs[i].pValue = xmalloc(attribs[i].ulValueLen); 416 /* retrieve ID, modulus and public exponent of RSA key */ 417 if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3)) 418 != CKR_OK) { 419 error("C_GetAttributeValue failed: %lu", rv); 420 } else if ((rsa = RSA_new()) == NULL) { 421 error("RSA_new failed"); --- 143 unchanged lines hidden --- | 443 for (i = 0; i < 3; i++) 444 attribs[i].pValue = xmalloc(attribs[i].ulValueLen); 445 /* retrieve ID, modulus and public exponent of RSA key */ 446 if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3)) 447 != CKR_OK) { 448 error("C_GetAttributeValue failed: %lu", rv); 449 } else if ((rsa = RSA_new()) == NULL) { 450 error("RSA_new failed"); --- 143 unchanged lines hidden --- |