99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <stdio.h> /* debugging only */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <errno.h>

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <values.h>

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <kmfapiP.h>

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <ber_der.h>

9b37d29632d2cb262ba42f1d804f85fcb0aa3709wyllys#include <fcntl.h>

9b37d29632d2cb262ba42f1d804f85fcb0aa3709wyllys#include <sha1.h>

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys#include <bignum.h>

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <cryptoutil.h>

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <security/cryptoki.h>

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <security/pkcs11.h>

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

c197cb9db36685d2808c057fdbe5700734483ab2hylee#define DEV_RANDOM "/dev/random"

c197cb9db36685d2808c057fdbe5700734483ab2hylee

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define SETATTR(t, n, atype, value, size) \

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys t[n].type = atype; \

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys t[n].pValue = (CK_BYTE *)value; \

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys t[n].ulValueLen = (CK_ULONG)size;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define SET_ERROR(h, c) h->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN; \

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys h->lasterr.errcode = c;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct _objlist {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_OBJECT_HANDLE handle;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys struct _objlist *next;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys} OBJLIST;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyssearch_certs(KMF_HANDLE_T, char *, char *, char *, KMF_BIGINT *,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys boolean_t, KMF_CERT_VALIDITY, OBJLIST **, uint32_t *);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

71593db26bb6ef7b739cffe06d53bf990cac112cwyllysstatic CK_RV

71593db26bb6ef7b739cffe06d53bf990cac112cwyllysgetObjectLabel(KMF_HANDLE_T, CK_OBJECT_HANDLE, char **);

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyskeyObj2RawKey(KMF_HANDLE_T, KMF_KEY_HANDLE *, KMF_RAW_KEY_DATA **);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

c197cb9db36685d2808c057fdbe5700734483ab2hyleestatic KMF_RETURN

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyscreate_generic_secret_key(KMF_HANDLE_T,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int, KMF_ATTRIBUTE *, CK_OBJECT_HANDLE *);

c197cb9db36685d2808c057fdbe5700734483ab2hylee

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_ConfigureKeystore(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_FindCert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMFPK11_FreeKMFCert(KMF_HANDLE_T,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_X509_DER_CERT *kmf_cert);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_StoreCert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_ImportCert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_DeleteCert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_CreateKeypair(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_StoreKey(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_DeleteKey(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMFPK11_EncodePubKeyData(KMF_HANDLE_T, KMF_KEY_HANDLE *, KMF_DATA *);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMFPK11_SignData(KMF_HANDLE_T, KMF_KEY_HANDLE *, KMF_OID *,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_DATA *, KMF_DATA *);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMFPK11_GetErrorString(KMF_HANDLE_T, char **);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_FindPrikeyByCert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMFPK11_DecryptData(KMF_HANDLE_T, KMF_KEY_HANDLE *, KMF_OID *,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_DATA *, KMF_DATA *);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_FindKey(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_CreateSymKey(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMFPK11_GetSymKeyValue(KMF_HANDLE_T, KMF_KEY_HANDLE *, KMF_RAW_SYM_KEY *);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_SetTokenPin(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_ExportPK12(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_PLUGIN_FUNCLIST pk11token_plugin_table =

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys 1, /* Version */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMFPK11_ConfigureKeystore,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMFPK11_FindCert,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMFPK11_FreeKMFCert,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMFPK11_StoreCert,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMFPK11_ImportCert,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys NULL, /* ImportCRL */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMFPK11_DeleteCert,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys NULL, /* DeleteCRL */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMFPK11_CreateKeypair,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMFPK11_FindKey,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMFPK11_EncodePubKeyData,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMFPK11_SignData,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMFPK11_DeleteKey,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys NULL, /* ListCRL */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys NULL, /* FindCRL */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys NULL, /* FindCertInCRL */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMFPK11_GetErrorString,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMFPK11_FindPrikeyByCert,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMFPK11_DecryptData,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMFPK11_ExportPK12,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMFPK11_CreateSymKey,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMFPK11_GetSymKeyValue,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMFPK11_SetTokenPin,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMFPK11_StoreKey,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys NULL /* Finalize */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys};

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_PLUGIN_FUNCLIST *

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_Plugin_Initialize()

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (&pk11token_plugin_table);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_ConfigureKeystore(KMF_HANDLE_T handle,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int numattr, KMF_ATTRIBUTE *attrlist)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv = KMF_OK;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *label;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys boolean_t readonly = B_TRUE;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys label = kmf_get_attr_ptr(KMF_TOKEN_LABEL_ATTR, attrlist, numattr);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (label == NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_BAD_PARAMETER);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* "readonly" is optional. Default is TRUE */

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (void) kmf_get_attr(KMF_READONLY_ATTR, attrlist, numattr,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (void *)&readonly, NULL);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_select_token(handle, label, readonly);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk11_authenticate(KMF_HANDLE_T handle,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_CREDENTIAL *cred)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_RV ck_rv = CKR_OK;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_SESSION_HANDLE hSession = (CK_SESSION_HANDLE)handle->pk11handle;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (hSession == NULL)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_NO_TOKEN_SELECTED);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys if (cred == NULL || cred->cred == NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_BAD_PARAMETER);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if ((ck_rv = C_Login(hSession, CKU_USER, (uchar_t *)cred->cred,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys cred->credlen)) != CKR_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (ck_rv != CKR_USER_ALREADY_LOGGED_IN) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys handle->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys handle->lasterr.errcode = ck_rv;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_AUTH_FAILED);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_OK);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysPK11Cert2KMFCert(KMF_HANDLE *kmfh, CK_OBJECT_HANDLE hObj,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_X509_DER_CERT *kmfcert)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_RV ckrv = CKR_OK;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_CERTIFICATE_TYPE cktype;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_OBJECT_CLASS class;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_ULONG subject_len, value_len, issuer_len, serno_len, id_len;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_BYTE *subject = NULL, *value = NULL;

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys char *label = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_ATTRIBUTE templ[10];

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys (void) memset(templ, 0, 10 * sizeof (CK_ATTRIBUTE));

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(templ, 0, CKA_CLASS, &class, sizeof (class));

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Is this a certificate object ? */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys ckrv = C_GetAttributeValue(kmfh->pk11handle, hObj, templ, 1);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (ckrv != CKR_OK || class != CKO_CERTIFICATE) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SET_ERROR(kmfh, ckrv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_INTERNAL);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(templ, 0, CKA_CERTIFICATE_TYPE, &cktype, sizeof (cktype));

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys ckrv = C_GetAttributeValue(kmfh->pk11handle, hObj, templ, 1);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (ckrv != CKR_OK || cktype != CKC_X_509) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SET_ERROR(kmfh, ckrv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (ckrv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else {

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys int i = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* What attributes are available and how big are they? */

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys subject_len = issuer_len = serno_len = id_len = value_len = 0;

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys SETATTR(templ, i, CKA_SUBJECT, NULL, subject_len);

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys i++;

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys SETATTR(templ, i, CKA_ISSUER, NULL, issuer_len);

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys i++;

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys SETATTR(templ, i, CKA_SERIAL_NUMBER, NULL, serno_len);

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys i++;

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys SETATTR(templ, i, CKA_ID, NULL, id_len);

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys i++;

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys SETATTR(templ, i, CKA_VALUE, NULL, value_len);

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys ckrv = C_GetAttributeValue(kmfh->pk11handle, hObj, templ, i);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (ckrv != CKR_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SET_ERROR(kmfh, ckrv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_INTERNAL); /* TODO - Error messages ? */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys subject_len = templ[0].ulValueLen;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys issuer_len = templ[1].ulValueLen;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys serno_len = templ[2].ulValueLen;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys id_len = templ[3].ulValueLen;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys value_len = templ[4].ulValueLen;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (subject_len == 0 || issuer_len == 0 ||

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys serno_len == 0 || value_len == 0) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_INTERNAL);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Only fetch the value field if we are saving the data */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kmfcert != NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int i = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys value = malloc(value_len);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (value == NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = KMF_ERR_MEMORY;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys goto errout;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(templ, i, CKA_VALUE, value, value_len);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* re-query the object with room for the value attr */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys ckrv = C_GetAttributeValue(kmfh->pk11handle, hObj,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys templ, i);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (ckrv != CKR_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SET_ERROR(kmfh, ckrv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = KMF_ERR_INTERNAL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys goto errout;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmfcert->certificate.Data = value;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmfcert->certificate.Length = value_len;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmfcert->kmf_private.flags |= KMF_FLAG_CERT_SIGNED;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmfcert->kmf_private.keystore_type =

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_PK11TOKEN;

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys ckrv = getObjectLabel(kmfh, hObj, &label);

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys if (ckrv == CKR_OK && label != NULL) {

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys kmfcert->kmf_private.label = (char *)label;

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = KMF_OK;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyserrout:

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (subject)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(subject);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (value)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(value);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kmfcert) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmfcert->certificate.Data = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmfcert->certificate.Length = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic void

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysfree_objlist(OBJLIST *head)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys OBJLIST *temp = head;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys while (temp != NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys head = head->next;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(temp);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys temp = head;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysget_attr(KMF_HANDLE *kmfh, CK_OBJECT_HANDLE obj,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_ATTRIBUTE *templ)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_RV rv;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = C_GetAttributeValue(kmfh->pk11handle, obj, templ, 1);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != CKR_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SET_ERROR(kmfh, rv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_INTERNAL);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (templ->ulValueLen > 0) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys templ->pValue = malloc(templ->ulValueLen);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (templ->pValue == NULL)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_MEMORY);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = C_GetAttributeValue(kmfh->pk11handle, obj, templ, 1);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != CKR_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SET_ERROR(kmfh, rv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_INTERNAL);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_OK);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysmatchcert(KMF_HANDLE *kmfh, CK_OBJECT_HANDLE obj,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_X509_NAME *issuer, KMF_X509_NAME *subject)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv = KMF_OK;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_ATTRIBUTE certattr;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_DATA name;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_X509_NAME dn;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (issuer->numberOfRDNs > 0) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys certattr.type = CKA_ISSUER;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys certattr.pValue = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys certattr.ulValueLen = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = get_attr(kmfh, obj, &certattr);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys name.Data = certattr.pValue;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys name.Length = certattr.ulValueLen;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = DerDecodeName(&name, &dn);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK) {

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_compare_rdns(issuer, &dn);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_dn(&dn);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(certattr.pValue);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (subject->numberOfRDNs > 0) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys certattr.type = CKA_SUBJECT;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys certattr.pValue = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys certattr.ulValueLen = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = get_attr(kmfh, obj, &certattr);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys name.Data = certattr.pValue;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys name.Length = certattr.ulValueLen;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = DerDecodeName(&name, &dn);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK) {

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_compare_rdns(subject, &dn);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_dn(&dn);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(certattr.pValue);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic void

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk11_delete_obj_from_list(OBJLIST **newlist,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys OBJLIST **prev, OBJLIST **curr)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (*curr == *newlist) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* first node in the list */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *newlist = (*curr)->next;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *prev = (*curr)->next;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(*curr);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *curr = *newlist;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (*prev)->next = (*curr)->next;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(*curr);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *curr = (*prev)->next;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyssearch_certs(KMF_HANDLE_T handle,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *label, char *issuer, char *subject, KMF_BIGINT *serial,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys boolean_t private, KMF_CERT_VALIDITY validity,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys OBJLIST **objlist, uint32_t *numobj)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv = KMF_OK;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_RV ckrv = CKR_OK;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_ATTRIBUTE templ[10];

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_BBOOL true = TRUE;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_OBJECT_CLASS oclass = CKO_CERTIFICATE;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_CERTIFICATE_TYPE ctype = CKC_X_509;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_X509_NAME subjectDN, issuerDN;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int i;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys OBJLIST *newlist, *tail;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_ULONG num = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys uint32_t num_ok_certs = 0; /* number of non-expired or expired certs */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) memset(&templ, 0, 10 * sizeof (CK_ATTRIBUTE));

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) memset(&issuerDN, 0, sizeof (KMF_X509_NAME));

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) memset(&subjectDN, 0, sizeof (KMF_X509_NAME));

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys i = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(templ, i, CKA_TOKEN, &true, sizeof (true)); i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(templ, i, CKA_CLASS, &oclass, sizeof (oclass)); i++;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys SETATTR(templ, i, CKA_CERTIFICATE_TYPE, &ctype, sizeof (ctype)); i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (label != NULL && strlen(label)) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(templ, i, CKA_LABEL, label, strlen(label));

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (private) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(templ, i, CKA_PRIVATE, &true, sizeof (true)); i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (issuer != NULL && strlen(issuer)) {

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if ((rv = kmf_dn_parser(issuer, &issuerDN)) != KMF_OK)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (subject != NULL && strlen(subject)) {

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if ((rv = kmf_dn_parser(subject, &subjectDN)) != KMF_OK)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (serial != NULL && serial->val != NULL && serial->len > 0) {

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys SETATTR(templ, i, CKA_SERIAL_NUMBER, serial->val, serial->len);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (*numobj) = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *objlist = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys newlist = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys ckrv = C_FindObjectsInit(kmfh->pk11handle, templ, i);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (ckrv != CKR_OK)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys goto cleanup;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys tail = newlist = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys while (ckrv == CKR_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_OBJECT_HANDLE tObj;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys ckrv = C_FindObjects(kmfh->pk11handle, &tObj, 1, &num);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (ckrv != CKR_OK || num == 0)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (matchcert(kmfh, tObj, &issuerDN, &subjectDN))

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys continue;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (newlist == NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys newlist = malloc(sizeof (OBJLIST));

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (newlist == NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = KMF_ERR_MEMORY;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys newlist->handle = tObj;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys newlist->next = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys tail = newlist;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys tail->next = malloc(sizeof (OBJLIST));

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (tail->next != NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys tail = tail->next;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = KMF_ERR_MEMORY;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys tail->handle = tObj;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys tail->next = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (*numobj)++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys ckrv = C_FindObjectsFinal(kmfh->pk11handle);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyscleanup:

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (ckrv != CKR_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SET_ERROR(kmfh, ckrv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = KMF_ERR_INTERNAL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (newlist != NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free_objlist(newlist);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *numobj = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys newlist = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (validity == KMF_ALL_CERTS) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *objlist = newlist;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys OBJLIST *node, *prev;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_X509_DER_CERT tmp_kmf_cert;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys uint32_t i = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys node = prev = newlist;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys while (node != NULL && i < (*numobj)) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) memset(&tmp_kmf_cert, 0,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys sizeof (KMF_X509_DER_CERT));

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = PK11Cert2KMFCert(kmfh, node->handle,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys &tmp_kmf_cert);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys goto cleanup1;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_check_cert_date(handle,

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys &tmp_kmf_cert.certificate);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (validity == KMF_NONEXPIRED_CERTS) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys num_ok_certs++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys prev = node;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys node = node->next;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else if (rv ==

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_ERR_VALIDITY_PERIOD) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys pk11_delete_obj_from_list(

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys &newlist, &prev, &node);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys goto cleanup1;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (validity == KMF_EXPIRED_CERTS) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_ERR_VALIDITY_PERIOD) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys num_ok_certs++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys prev = node;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys node = node->next;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = KMF_OK;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else if (rv == KMF_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys pk11_delete_obj_from_list(

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys &newlist, &prev, &node);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys goto cleanup1;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys i++;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_kmf_cert(handle, &tmp_kmf_cert);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *numobj = num_ok_certs;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *objlist = newlist;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyscleanup1:

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK && newlist != NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free_objlist(newlist);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *numobj = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *objlist = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (issuer != NULL)

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_dn(&issuerDN);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (subject != NULL)

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_dn(&subjectDN);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_FindCert(KMF_HANDLE_T handle, int numattr, KMF_ATTRIBUTE *attrlist)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys uint32_t want_certs;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys OBJLIST *objlist = NULL;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys uint32_t *num_certs;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_X509_DER_CERT *kmf_cert = NULL;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *certlabel = NULL;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *issuer = NULL;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *subject = NULL;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_BIGINT *serial = NULL;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CERT_VALIDITY validity;

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys KMF_CREDENTIAL *cred = NULL;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys boolean_t private;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmfh == NULL)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_UNINITIALIZED); /* Plugin Not Initialized */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kmfh->pk11handle == CK_INVALID_HANDLE)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_NO_TOKEN_SELECTED);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num_certs = kmf_get_attr_ptr(KMF_COUNT_ATTR, attrlist, numattr);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (num_certs == NULL)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_BAD_PARAMETER);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (*num_certs > 0)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys want_certs = *num_certs;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys else

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys want_certs = MAXINT; /* count them all */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *num_certs = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* Get the optional returned certificate list */

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_cert = kmf_get_attr_ptr(KMF_X509_DER_CERT_ATTR, attrlist,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* Get optional search criteria attributes */

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys certlabel = kmf_get_attr_ptr(KMF_CERT_LABEL_ATTR, attrlist, numattr);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys issuer = kmf_get_attr_ptr(KMF_ISSUER_NAME_ATTR, attrlist, numattr);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys subject = kmf_get_attr_ptr(KMF_SUBJECT_NAME_ATTR, attrlist, numattr);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys serial = kmf_get_attr_ptr(KMF_BIGINT_ATTR, attrlist, numattr);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_get_attr(KMF_CERT_VALIDITY_ATTR, attrlist, numattr,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &validity, NULL);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (rv != KMF_OK) {

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys validity = KMF_ALL_CERTS;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = KMF_OK;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_get_attr(KMF_PRIVATE_BOOL_ATTR, attrlist, numattr,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (void *)&private, NULL);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (rv != KMF_OK) {

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys private = B_FALSE;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = KMF_OK;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys cred = kmf_get_attr_ptr(KMF_CREDENTIAL_ATTR, attrlist, numattr);

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys if (cred != NULL) {

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys rv = pk11_authenticate(handle, cred);

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys if (rv != KMF_OK)

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys return (rv);

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys }

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* Start searching */

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = search_certs(handle, certlabel, issuer, subject, serial, private,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys validity, &objlist, num_certs);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK && objlist != NULL && kmf_cert != NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys OBJLIST *node = objlist;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int i = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys while (node != NULL && i < want_certs) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = PK11Cert2KMFCert(kmfh, node->handle,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &kmf_cert[i]);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys node = node->next;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (objlist != NULL)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free_objlist(objlist);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (*num_certs == 0)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = KMF_ERR_CERT_NOT_FOUND;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_FreeKMFCert(KMF_HANDLE_T handle, KMF_X509_DER_CERT *kmf_cert)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kmf_cert != NULL && kmf_cert->certificate.Data != NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(kmf_cert->certificate.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmf_cert->certificate.Data = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmf_cert->certificate.Length = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kmf_cert->kmf_private.label != NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(kmf_cert->kmf_private.label);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmf_cert->kmf_private.label = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMFPK11_EncodePubKeyData(KMF_HANDLE_T handle, KMF_KEY_HANDLE *pKey,

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll KMF_DATA *eData)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN ret = KMF_OK;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_RV rv;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_OBJECT_CLASS ckObjClass = CKO_PUBLIC_KEY;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_KEY_TYPE ckKeyType;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_DATA Modulus, Exponent, Prime, Subprime, Base, Value;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_OID *Algorithm;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys BerElement *asn1 = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys BerValue *PubKeyParams = NULL, *EncodedKey = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_X509_SPKI spki;

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll CK_BYTE ec_params[256], ec_point[256];

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_ATTRIBUTE rsaTemplate[4];

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_ATTRIBUTE dsaTemplate[6];

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll CK_ATTRIBUTE ecdsaTemplate[6];

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmfh == NULL)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_UNINITIALIZED); /* Plugin Not Initialized */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kmfh->pk11handle == CK_INVALID_HANDLE)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_NO_TOKEN_SELECTED);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (pKey == NULL || pKey->keyp == CK_INVALID_HANDLE)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_BAD_PARAMETER);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) memset(&Modulus, 0, sizeof (Modulus));

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) memset(&Exponent, 0, sizeof (Exponent));

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) memset(&Prime, 0, sizeof (Prime));

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) memset(&Subprime, 0, sizeof (Subprime));

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) memset(&Base, 0, sizeof (Base));

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) memset(&Value, 0, sizeof (Value));

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys switch (pKey->keyalg) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_RSA:

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll SETATTR(rsaTemplate, 0, CKA_CLASS, &ckObjClass,

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll sizeof (ckObjClass));

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll SETATTR(rsaTemplate, 1, CKA_KEY_TYPE, &ckKeyType,

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll sizeof (ckKeyType));

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll SETATTR(rsaTemplate, 2, CKA_MODULUS, Modulus.Data,

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll Modulus.Length);

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll SETATTR(rsaTemplate, 3, CKA_PUBLIC_EXPONENT,

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll Exponent.Data, Exponent.Length);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Get the length of the fields */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = C_GetAttributeValue(kmfh->pk11handle,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (CK_OBJECT_HANDLE)pKey->keyp, rsaTemplate, 4);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != CKR_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SET_ERROR(kmfh, rv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_BAD_PARAMETER);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys Modulus.Length = rsaTemplate[2].ulValueLen;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys Modulus.Data = malloc(Modulus.Length);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (Modulus.Data == NULL)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_MEMORY);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys Exponent.Length = rsaTemplate[3].ulValueLen;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys Exponent.Data = malloc(Exponent.Length);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (Exponent.Data == NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Modulus.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_MEMORY);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(rsaTemplate, 2, CKA_MODULUS, Modulus.Data,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys Modulus.Length);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(rsaTemplate, 3, CKA_PUBLIC_EXPONENT,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys Exponent.Data, Exponent.Length);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Now get the values */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = C_GetAttributeValue(kmfh->pk11handle,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (CK_OBJECT_HANDLE)pKey->keyp, rsaTemplate, 4);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != CKR_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SET_ERROR(kmfh, rv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Modulus.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Exponent.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_BAD_PARAMETER);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys Algorithm = x509_algid_to_algoid(KMF_ALGID_RSA);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (Algorithm != NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Encode the RSA Key Data */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if ((asn1 = kmfder_alloc()) == NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Modulus.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Exponent.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_MEMORY);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmfber_printf(asn1, "{II}", Modulus.Data,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys Modulus.Length, Exponent.Data,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys Exponent.Length) == -1) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmfber_free(asn1, 1);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Modulus.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Exponent.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_ENCODING);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kmfber_flatten(asn1, &EncodedKey) == -1) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmfber_free(asn1, 1);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Modulus.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Exponent.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_ENCODING);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmfber_free(asn1, 1);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Exponent.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Modulus.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_DSA:

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll SETATTR(dsaTemplate, 0, CKA_CLASS, &ckObjClass,

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll sizeof (ckObjClass));

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll SETATTR(dsaTemplate, 1, CKA_KEY_TYPE, &ckKeyType,

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll sizeof (ckKeyType));

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll SETATTR(dsaTemplate, 2, CKA_PRIME, Prime.Data,

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll Prime.Length);

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll SETATTR(dsaTemplate, 3, CKA_SUBPRIME, Subprime.Data,

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll Subprime.Length);

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll SETATTR(dsaTemplate, 4, CKA_BASE, Base.Data,

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll Base.Length);

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll SETATTR(dsaTemplate, 5, CKA_VALUE, Value.Data,

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll Value.Length);

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Get the length of the fields */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = C_GetAttributeValue(kmfh->pk11handle,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (CK_OBJECT_HANDLE)pKey->keyp, dsaTemplate, 6);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != CKR_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SET_ERROR(kmfh, rv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_BAD_PARAMETER);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys Prime.Length = dsaTemplate[2].ulValueLen;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys Prime.Data = malloc(Prime.Length);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (Prime.Data == NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_MEMORY);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys Subprime.Length = dsaTemplate[3].ulValueLen;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys Subprime.Data = malloc(Subprime.Length);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (Subprime.Data == NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Prime.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_MEMORY);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys Base.Length = dsaTemplate[4].ulValueLen;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys Base.Data = malloc(Base.Length);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (Base.Data == NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Prime.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Subprime.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_MEMORY);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys Value.Length = dsaTemplate[5].ulValueLen;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys Value.Data = malloc(Value.Length);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (Value.Data == NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Prime.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Subprime.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Base.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_MEMORY);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(dsaTemplate, 2, CKA_PRIME, Prime.Data,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys Prime.Length);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(dsaTemplate, 3, CKA_SUBPRIME, Subprime.Data,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys Subprime.Length);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(dsaTemplate, 4, CKA_BASE, Base.Data,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys Base.Length);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(dsaTemplate, 5, CKA_VALUE, Value.Data,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys Value.Length);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Now get the values */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = C_GetAttributeValue(kmfh->pk11handle,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (CK_OBJECT_HANDLE)pKey->keyp, dsaTemplate, 6);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != CKR_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Prime.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Subprime.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Base.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Value.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SET_ERROR(kmfh, rv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_BAD_PARAMETER);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys Algorithm = x509_algid_to_algoid(KMF_ALGID_DSA);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Encode the DSA Algorithm Parameters */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if ((asn1 = kmfder_alloc()) == NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Prime.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Subprime.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Base.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Value.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_MEMORY);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmfber_printf(asn1, "{III}", Prime.Data,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys Prime.Length, Subprime.Data, Subprime.Length,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys Base.Data, Base.Length) == -1) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmfber_free(asn1, 1);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Prime.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Subprime.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Base.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Value.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_ENCODING);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kmfber_flatten(asn1, &PubKeyParams) == -1) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmfber_free(asn1, 1);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Prime.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Subprime.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Base.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Value.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_ENCODING);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmfber_free(asn1, 1);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Prime.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Subprime.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Base.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Encode the DSA Key Value */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if ((asn1 = kmfder_alloc()) == NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Value.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_MEMORY);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kmfber_printf(asn1, "I",

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys Value.Data, Value.Length) == -1) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmfber_free(asn1, 1);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Value.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_ENCODING);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kmfber_flatten(asn1, &EncodedKey) == -1) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmfber_free(asn1, 1);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Value.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_ENCODING);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kmfber_free(asn1, 1);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Value.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll case KMF_ECDSA:

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll /* The EC_PARAMS are the PubKey algorithm parameters */

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll PubKeyParams = calloc(1, sizeof (BerValue));

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (PubKeyParams == NULL)

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll return (KMF_ERR_MEMORY);

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll EncodedKey = calloc(1, sizeof (BerValue));

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (EncodedKey == NULL) {

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll free(PubKeyParams);

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll return (KMF_ERR_MEMORY);

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll }

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll SETATTR(ecdsaTemplate, 0, CKA_EC_PARAMS,

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll &ec_params, sizeof (ec_params));

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll SETATTR(ecdsaTemplate, 1, CKA_EC_POINT,

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll &ec_point, sizeof (ec_point));

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll /* Get the length of the fields */

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll rv = C_GetAttributeValue(kmfh->pk11handle,

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll (CK_OBJECT_HANDLE)pKey->keyp,

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll ecdsaTemplate, 2);

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (rv != CKR_OK) {

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll SET_ERROR(kmfh, rv);

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll return (KMF_ERR_BAD_PARAMETER);

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll }

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll /* The params are to be used as algorithm parameters */

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll PubKeyParams->bv_val = (char *)ec_params;

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll PubKeyParams->bv_len = ecdsaTemplate[0].ulValueLen;

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll /*

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll EncodedKey->bv_val = (char *)ec_point;

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll EncodedKey->bv_len = ecdsaTemplate[1].ulValueLen;

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll /* Use the EC_PUBLIC_KEY OID */

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll Algorithm = (KMF_OID *)&KMFOID_EC_PUBLIC_KEY;

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll break;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys default:

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_BAD_PARAMETER);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Now, build an SPKI structure for the final encoding step */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys spki.algorithm.algorithm = *Algorithm;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (PubKeyParams != NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys spki.algorithm.parameters.Data =

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (uchar_t *)PubKeyParams->bv_val;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys spki.algorithm.parameters.Length = PubKeyParams->bv_len;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys spki.algorithm.parameters.Data = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys spki.algorithm.parameters.Length = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (EncodedKey != NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys spki.subjectPublicKey.Data = (uchar_t *)EncodedKey->bv_val;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys spki.subjectPublicKey.Length = EncodedKey->bv_len;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys spki.subjectPublicKey.Data = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys spki.subjectPublicKey.Length = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Finally, encode the entire SPKI record */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys ret = DerEncodeSPKI(&spki, eData);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyscleanup:

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (EncodedKey) {

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (pKey->keyalg != KMF_ECDSA)

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll free(EncodedKey->bv_val);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(EncodedKey);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (PubKeyParams) {

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (pKey->keyalg != KMF_ECDSA)

e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll free(PubKeyParams->bv_val);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(PubKeyParams);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (ret);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysCreateCertObject(KMF_HANDLE_T handle, char *label, KMF_DATA *pcert)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_X509_CERTIFICATE *signed_cert_ptr = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_DATA data;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_DATA Id;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_RV ckrv;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_ULONG subject_len, issuer_len, serno_len;

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys CK_BYTE *subject, *issuer, *serial, nullserno;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_BBOOL true = TRUE;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_CERTIFICATE_TYPE certtype = CKC_X_509;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_ATTRIBUTE x509templ[11];

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys CK_OBJECT_HANDLE hCert = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int i;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmfh == NULL)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_INTERNAL); /* should not happen */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kmfh->pk11handle == CK_INVALID_HANDLE)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_INTERNAL); /* should not happen */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (pcert == NULL || pcert->Data == NULL || pcert->Length == 0)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_INTERNAL); /* should not happen */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = DerDecodeSignedCertificate((const KMF_DATA *)pcert,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &signed_cert_ptr);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_ENCODING);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Get the subject name */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = DerEncodeName(&signed_cert_ptr->certificate.subject, &data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys subject = data.Data;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys subject_len = data.Length;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = KMF_ERR_ENCODING;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys goto cleanup;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Encode the issuer */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = DerEncodeName(&signed_cert_ptr->certificate.issuer, &data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys issuer = data.Data;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys issuer_len = data.Length;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = KMF_ERR_ENCODING;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys goto cleanup;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Encode serial number */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (signed_cert_ptr->certificate.serialNumber.len > 0 &&

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys signed_cert_ptr->certificate.serialNumber.val != NULL) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys serial = signed_cert_ptr->certificate.serialNumber.val;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys serno_len = signed_cert_ptr->certificate.serialNumber.len;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else {

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys /*

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys nullserno = '\0';

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys serial = &nullserno;

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys serno_len = 1;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Generate an ID from the SPKI data */

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = GetIDFromSPKI(&signed_cert_ptr->certificate.subjectPublicKeyInfo,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &Id);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK) {

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys goto cleanup;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys i = 0;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys SETATTR(x509templ, i, CKA_CLASS, &certClass, sizeof (certClass)); i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(x509templ, i, CKA_CERTIFICATE_TYPE, &certtype,

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (certtype));

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(x509templ, i, CKA_TOKEN, &true, sizeof (true)); i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(x509templ, i, CKA_SUBJECT, subject, subject_len); i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(x509templ, i, CKA_ISSUER, issuer, issuer_len); i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(x509templ, i, CKA_SERIAL_NUMBER, serial, serno_len); i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(x509templ, i, CKA_VALUE, pcert->Data, pcert->Length); i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys SETATTR(x509templ, i, CKA_ID, Id.Data, Id.Length); i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (label != NULL && strlen(label)) {

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys SETATTR(x509templ, i, CKA_LABEL, label, strlen(label)); i++;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys ckrv = C_CreateObject(kmfh->pk11handle, x509templ, i, &hCert);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (ckrv != CKR_OK) {

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys /* Report authentication failures to the caller */

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys if (ckrv == CKR_USER_NOT_LOGGED_IN ||

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys ckrv == CKR_PIN_INCORRECT ||

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys ckrv == CKR_PIN_INVALID ||

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys ckrv == CKR_PIN_EXPIRED ||

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys ckrv == CKR_PIN_LOCKED ||

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys ckrv == CKR_SESSION_READ_ONLY)

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys rv = KMF_ERR_AUTH_FAILED;

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys else

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys rv = KMF_ERR_INTERNAL;

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys SET_ERROR(kmfh, ckrv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(subject);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(issuer);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyscleanup:

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (Id.Data != NULL)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(Id.Data);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (signed_cert_ptr) {

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_signed_cert(signed_cert_ptr);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(signed_cert_ptr);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_StoreCert(KMF_HANDLE_T handle, int numattr, KMF_ATTRIBUTE *attrlist)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_DATA *cert = NULL;

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys KMF_CREDENTIAL *cred = NULL;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *label = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmfh == NULL)

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (KMF_ERR_UNINITIALIZED);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kmfh->pk11handle == CK_INVALID_HANDLE)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_NO_TOKEN_SELECTED);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys cert = kmf_get_attr_ptr(KMF_CERT_DATA_ATTR, attrlist, numattr);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (cert == NULL || cert->Data == NULL || cert->Length == 0)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_BAD_PARAMETER);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* label attribute is optional */

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys label = kmf_get_attr_ptr(KMF_CERT_LABEL_ATTR, attrlist, numattr);

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys cred = kmf_get_attr_ptr(KMF_CREDENTIAL_ATTR, attrlist, numattr);

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys if (cred != NULL) {

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys rv = pk11_authenticate(handle, cred);

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys if (rv != KMF_OK)

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys return (rv);

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys }

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = CreateCertObject(handle, label, cert);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMFPK11_ImportCert(KMF_HANDLE_T handle, int numattr, KMF_ATTRIBUTE *attrlist)

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv = 0;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *certfile = NULL;

30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *label = NULL;

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_ENCODE_FORMAT format;

fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys KMF_CREDENTIAL *cred = NULL;

6b35cb3cf158584a9408d44b9b6796564e8e1882Richard PALO KMF_DATA cert1 = { 0, NULL };

6b35cb3cf158584a9408d44b9b6796564e8e1882Richard PALO KMF_DATA cert2 = { 0, NULL };