ReactOS 0.4.16-dev-306-g647d351
pkcs11.c
Go to the documentation of this file.
1
51#include "mbedtls/pkcs11.h"
52
53#if defined(MBEDTLS_PKCS11_C)
54
55#include "mbedtls/md.h"
56#include "mbedtls/oid.h"
57#include "mbedtls/x509_crt.h"
58
59#if defined(MBEDTLS_PLATFORM_C)
60#include "mbedtls/platform.h"
61#else
62#include <stdlib.h>
63#define mbedtls_calloc calloc
64#define mbedtls_free free
65#endif
66
67#include <string.h>
68
69void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx )
70{
71 memset( ctx, 0, sizeof( mbedtls_pkcs11_context ) );
72}
73
74int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11_cert )
75{
76 int ret = 1;
77 unsigned char *cert_blob = NULL;
78 size_t cert_blob_size = 0;
79
80 if( cert == NULL )
81 {
82 ret = 2;
83 goto cleanup;
84 }
85
86 if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL,
87 &cert_blob_size ) != CKR_OK )
88 {
89 ret = 3;
90 goto cleanup;
91 }
92
93 cert_blob = mbedtls_calloc( 1, cert_blob_size );
94 if( NULL == cert_blob )
95 {
96 ret = 4;
97 goto cleanup;
98 }
99
100 if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob,
101 &cert_blob_size ) != CKR_OK )
102 {
103 ret = 5;
104 goto cleanup;
105 }
106
107 if( 0 != mbedtls_x509_crt_parse( cert, cert_blob, cert_blob_size ) )
108 {
109 ret = 6;
110 goto cleanup;
111 }
112
113 ret = 0;
114
115cleanup:
116 if( NULL != cert_blob )
117 mbedtls_free( cert_blob );
118
119 return( ret );
120}
121
122
123int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key,
124 pkcs11h_certificate_t pkcs11_cert )
125{
126 int ret = 1;
128
130
131 if( priv_key == NULL )
132 goto cleanup;
133
134 if( 0 != mbedtls_pkcs11_x509_cert_bind( &cert, pkcs11_cert ) )
135 goto cleanup;
136
137 priv_key->len = mbedtls_pk_get_len( &cert.pk );
138 priv_key->pkcs11h_cert = pkcs11_cert;
139
140 ret = 0;
141
142cleanup:
144
145 return( ret );
146}
147
148void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key )
149{
150 if( NULL != priv_key )
151 pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert );
152}
153
154int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
155 int mode, size_t *olen,
156 const unsigned char *input,
157 unsigned char *output,
158 size_t output_max_len )
159{
160 size_t input_len, output_len;
161
162 if( NULL == ctx )
164
167
168 output_len = input_len = ctx->len;
169
170 if( input_len < 16 || input_len > output_max_len )
172
173 /* Determine size of output buffer */
174 if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
175 input_len, NULL, &output_len ) != CKR_OK )
176 {
178 }
179
180 if( output_len > output_max_len )
182
183 if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
184 input_len, output, &output_len ) != CKR_OK )
185 {
187 }
188 *olen = output_len;
189 return( 0 );
190}
191
192int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
193 int mode,
194 mbedtls_md_type_t md_alg,
195 unsigned int hashlen,
196 const unsigned char *hash,
197 unsigned char *sig )
198{
199 size_t sig_len = 0, asn_len = 0, oid_size = 0;
200 unsigned char *p = sig;
201 const char *oid;
202
203 if( NULL == ctx )
205
208
209 if( md_alg != MBEDTLS_MD_NONE )
210 {
211 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
212 if( md_info == NULL )
214
215 if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
217
218 hashlen = mbedtls_md_get_size( md_info );
219 asn_len = 10 + oid_size;
220 }
221
222 sig_len = ctx->len;
223 if( hashlen > sig_len || asn_len > sig_len ||
224 hashlen + asn_len > sig_len )
225 {
227 }
228
229 if( md_alg != MBEDTLS_MD_NONE )
230 {
231 /*
232 * DigestInfo ::= SEQUENCE {
233 * digestAlgorithm DigestAlgorithmIdentifier,
234 * digest Digest }
235 *
236 * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
237 *
238 * Digest ::= OCTET STRING
239 */
241 *p++ = (unsigned char) ( 0x08 + oid_size + hashlen );
243 *p++ = (unsigned char) ( 0x04 + oid_size );
244 *p++ = MBEDTLS_ASN1_OID;
245 *p++ = oid_size & 0xFF;
246 memcpy( p, oid, oid_size );
247 p += oid_size;
248 *p++ = MBEDTLS_ASN1_NULL;
249 *p++ = 0x00;
251 *p++ = hashlen;
252 }
253
254 memcpy( p, hash, hashlen );
255
256 if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig,
257 asn_len + hashlen, sig, &sig_len ) != CKR_OK )
258 {
260 }
261
262 return( 0 );
263}
264
265#endif /* defined(MBEDTLS_PKCS11_C) */
#define NULL
Definition: types.h:112
static void cleanup(void)
Definition: main.c:1335
unsigned char
Definition: typeof.h:29
GLenum mode
Definition: glext.h:6217
GLfloat GLfloat p
Definition: glext.h:8902
GLenum GLenum GLenum input
Definition: glext.h:9031
#define MBEDTLS_ASN1_OCTET_STRING
Definition: asn1.h:100
#define MBEDTLS_ASN1_SEQUENCE
Definition: asn1.h:104
#define MBEDTLS_ASN1_CONSTRUCTED
Definition: asn1.h:114
#define MBEDTLS_ASN1_OID
Definition: asn1.h:102
#define MBEDTLS_ASN1_NULL
Definition: asn1.h:101
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
Initialize a certificate (chain)
int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chaine...
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
Unallocate all certificate data.
This file contains the generic message-digest wrapper.
mbedtls_md_type_t
Supported message digests.
Definition: md.h:83
@ MBEDTLS_MD_NONE
Definition: md.h:84
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
This function extracts the message-digest size from the message-digest information structure.
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
static BYTE cert[]
Definition: msg.c:1437
Object Identifier (OID) database.
int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen)
Translate md_type into hash algorithm OID.
static size_t mbedtls_pk_get_len(const mbedtls_pk_context *ctx)
Get the length in bytes of the underlying key.
Definition: pk.h:313
Wrapper for PKCS#11 library libpkcs11-helper.
#define MBEDTLS_RSA_PRIVATE
Definition: rsa.h:95
#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
Definition: rsa.h:81
#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA
Definition: rsa.h:74
#define mbedtls_md_info_from_type
This file contains the definitions and functions of the Mbed TLS platform abstraction layer.
#define mbedtls_free
Definition: platform.h:168
#define mbedtls_calloc
Definition: platform.h:169
#define memset(x, y, z)
Definition: compat.h:39
Definition: _hash_fun.h:40
int ret
X.509 certificate parsing and writing.