53#if defined(MBEDTLS_PKCS11_C)
59#if defined(MBEDTLS_PLATFORM_C)
63#define mbedtls_calloc calloc
64#define mbedtls_free free
69void mbedtls_pkcs11_init( mbedtls_pkcs11_context *
ctx )
71 memset(
ctx, 0,
sizeof( mbedtls_pkcs11_context ) );
77 unsigned char *cert_blob =
NULL;
78 size_t cert_blob_size = 0;
86 if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert,
NULL,
87 &cert_blob_size ) != CKR_OK )
94 if(
NULL == cert_blob )
100 if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob,
101 &cert_blob_size ) != CKR_OK )
116 if(
NULL != cert_blob )
123int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key,
124 pkcs11h_certificate_t pkcs11_cert )
131 if( priv_key ==
NULL )
134 if( 0 != mbedtls_pkcs11_x509_cert_bind( &
cert, pkcs11_cert ) )
138 priv_key->pkcs11h_cert = pkcs11_cert;
148void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key )
150 if(
NULL != priv_key )
151 pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert );
154int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *
ctx,
155 int mode,
size_t *olen,
156 const unsigned char *
input,
157 unsigned char *output,
158 size_t output_max_len )
160 size_t input_len, output_len;
168 output_len = input_len =
ctx->len;
170 if( input_len < 16 || input_len > output_max_len )
174 if( pkcs11h_certificate_decryptAny(
ctx->pkcs11h_cert, CKM_RSA_PKCS,
input,
175 input_len,
NULL, &output_len ) != CKR_OK )
180 if( output_len > output_max_len )
183 if( pkcs11h_certificate_decryptAny(
ctx->pkcs11h_cert, CKM_RSA_PKCS,
input,
184 input_len, output, &output_len ) != CKR_OK )
192int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *
ctx,
195 unsigned int hashlen,
196 const unsigned char *
hash,
199 size_t sig_len = 0, asn_len = 0, oid_size = 0;
200 unsigned char *
p = sig;
212 if( md_info ==
NULL )
219 asn_len = 10 + oid_size;
223 if( hashlen > sig_len || asn_len > sig_len ||
224 hashlen + asn_len > sig_len )
241 *
p++ = (
unsigned char) ( 0x08 + oid_size + hashlen );
243 *
p++ = (
unsigned char) ( 0x04 + oid_size );
245 *
p++ = oid_size & 0xFF;
256 if( pkcs11h_certificate_signAny(
ctx->pkcs11h_cert, CKM_RSA_PKCS, sig,
257 asn_len + hashlen, sig, &sig_len ) != CKR_OK )
static void cleanup(void)
GLenum GLenum GLenum input
#define MBEDTLS_ASN1_OCTET_STRING
#define MBEDTLS_ASN1_SEQUENCE
#define MBEDTLS_ASN1_CONSTRUCTED
#define MBEDTLS_ASN1_NULL
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
Initialize a certificate (chain)
int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chaine...
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
Unallocate all certificate data.
This file contains the generic message-digest wrapper.
mbedtls_md_type_t
Supported message digests.
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
This function extracts the message-digest size from the message-digest information structure.
#define memcpy(s1, s2, n)
Object Identifier (OID) database.
int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen)
Translate md_type into hash algorithm OID.
static size_t mbedtls_pk_get_len(const mbedtls_pk_context *ctx)
Get the length in bytes of the underlying key.
Wrapper for PKCS#11 library libpkcs11-helper.
#define MBEDTLS_RSA_PRIVATE
#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA
#define mbedtls_md_info_from_type
X.509 certificate parsing and writing.