PageRenderTime 6ms CodeModel.GetById 141ms app.highlight 301ms RepoModel.GetById 132ms app.codeStats 0ms

/kpkcs11/cki_ssleay.c

https://github.com/secure-endpoints/kcacred
C | 1012 lines | 822 code | 113 blank | 77 comment | 119 complexity | 9f32508e34c43fc03e8f8c1019559bfc MD5 | raw file
   1/*
   2 * Copyright (c) 1999
   3 * The Trustees of Columbia University in the City of New York.
   4 * All rights reserved.
   5 * 
   6 * Permission is granted to you to use, copy, create derivative works,
   7 * and redistribute this software and such derivative works for any
   8 * purpose, so long as the name of Columbia University is not used in any
   9 * advertising, publicity, or for any other purpose pertaining to the use
  10 * or distribution of this software, other than for including the
  11 * copyright notice set forth herein, without specific, written prior
  12 * authorization.  Columbia University reserves the rights to use, copy,
  13 * and distribute any such derivative works for any purposes.  The above
  14 * copyright notice must be included in any copy of any portion of this
  15 * software and the disclaimer below must also be included.
  16 * 
  17 *   THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION FROM THE
  18 *   TRUSTEES OF COLUMBIA UNIVERSITY IN THE CITY OF NEW YORK AS TO ITS
  19 *   FITNESS FOR ANY PURPOSE, AND WITHOUT WARRANTY BY THE TRUSTEES OF
  20 *   COLUMBIA UNIVERSITY IN THE CITY OF NEW YORK OF ANY KIND, EITHER
  21 *   EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED
  22 *   WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  23 *   THE TRUSTEES OF COLUMBIA UNIVERSITY IN THE CITY OF NEW YORK SHALL
  24 *   NOT BE LIABLE FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT,
  25 *   INCIDENTAL, OR CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM
  26 *   ARISING OUT OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN IF
  27 *   IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF SUCH
  28 *   DAMAGES.  YOU SHALL INDEMNIFY AND HOLD HARMLESS THE TRUSTEES OF
  29 *   COLUMBIA UNIVERSITY IN THE CITY OF NEW YORK, ITS EMPLOYEES AND
  30 *   AGENTS FROM AND AGAINST ANY AND ALL CLAIMS, DEMANDS, LOSS, DAMAGE OR
  31 *   EXPENSE (INCLUDING ATTORNEYS' FEES) ARISING OUT OF YOUR USE OF THIS
  32 *   SOFTWARE. 
  33 * 
  34 * The Trustees of Columbia University in the City of New York reserves
  35 * the right to revoke this permission if any of the terms of use set
  36 * forth above are breached.
  37 */ 
  38
  39/*
  40 * Copyright  Š  2000
  41 * The Regents of the University of Michigan
  42 * ALL RIGHTS RESERVED
  43 *
  44 * permission is granted to use, copy, create derivative works 
  45 * and redistribute this software and such derivative works 
  46 * for any purpose, so long as the name of the university of 
  47 * michigan is not used in any advertising or publicity 
  48 * pertaining to the use or distribution of this software 
  49 * without specific, written prior authorization.  if the 
  50 * above copyright notice or any other identification of the 
  51 * university of michigan is included in any copy of any 
  52 * portion of this software, then the disclaimer below must 
  53 * also be included.
  54 *
  55 * this software is provided as is, without representation 
  56 * from the university of michigan as to its fitness for any 
  57 * purpose, and without warranty by the university of 
  58 * michigan of any kind, either express or implied, including 
  59 * without limitation the implied warranties of 
  60 * merchantability and fitness for a particular purpose. the 
  61 * regents of the university of michigan shall not be liable 
  62 * for any damages, including special, indirect, incidental, or 
  63 * consequential damages, with respect to any claim arising 
  64 * out of or in connection with the use of the software, even 
  65 * if it has been or is hereafter advised of the possibility of 
  66 * such damages.
  67 */
  68
  69/*
  70 * Copyright  Š  2006-2008
  71 * Secure Endpoints Inc.
  72 * ALL RIGHTS RESERVED
  73 *
  74 */
  75
  76/* functions that use SSLeay routines */
  77#include <stdlib.h>
  78#include <string.h>
  79
  80#include "cki_types.h"
  81#include "pkcs11_types.h"
  82#include "cki_funcs.h"
  83#include "pkcs11_funcs.h"
  84#include "cki_globals.h"
  85#include "pkcs11_globals.h"
  86#include "cki_new_free.h"
  87#include "pkcs11_new_free.h"
  88#include "cki_dup.h"
  89#include "b64.h"
  90#include "debug.h"
  91#ifdef DEBUG
  92#include <assert.h>
  93#endif
  94
  95static CK_KEY_TYPE keyType=CKK_RSA; 				/* XXX KWC Made static */
  96static CK_BBOOL True=TRUE;					/* XXX KWC Made static */
  97static CK_BBOOL False=FALSE;					/* XXX KWC Made static */
  98static CK_CERTIFICATE_TYPE certType=CKC_X_509;			/* KWC */
  99
 100#define NUM_ATTRS 29
 101CK_RV PKCS11_RSA_to_RsaPrivateKey(CK_SESSION_HANDLE hSession, RSA *rsa, 
 102				  char *username, char *subject, int subject_len,
 103				  CK_CHAR_PTR pID) {
 104    CK_ATTRIBUTE_PTR pTemplate;
 105    CK_OBJECT_CLASS *pObjectClass;				/* KWC */
 106    int i=0;
 107    CK_CHAR_PTR label = NULL;
 108    CK_CHAR_PTR id = NULL;
 109    unsigned char *n,*e,*d,*p,*q,*dmp1,*dmq1,*iqmp;
 110    CK_OBJECT_HANDLE_PTR pObject; /* we don't use this after it gets filled, oh well. */
 111    CK_DATE date;		
 112    CK_BYTE empty='\0';	
 113    CK_RV res = CKR_OK;
 114
 115    log_printf("entering PKCS11_RSA_to_RsaPrivateKey\n");
 116    CKI_Date_Init(&date);
 117	
 118    pObject=(CK_OBJECT_HANDLE *)malloc(sizeof(CK_OBJECT_HANDLE));
 119    if (!pObject) 
 120	return(CKR_HOST_MEMORY);
 121	
 122    pTemplate=(CK_ATTRIBUTE_PTR)malloc(sizeof(CK_ATTRIBUTE)*NUM_ATTRS);
 123    if (!pTemplate) {
 124	free(pObject);
 125	return(CKR_HOST_MEMORY);
 126    }
 127    for (i=0; i<NUM_ATTRS; i++) {
 128	pTemplate[i].ulValueLen=(CK_ULONG)-1L;
 129	pTemplate[i].value=NULL_PTR;
 130    }
 131    i=0;
 132	
 133    pObjectClass=(CK_OBJECT_CLASS *)malloc(sizeof(CK_OBJECT_CLASS));
 134    if (!pObjectClass) {
 135	free(pObject);
 136	free(pTemplate);
 137	return(CKR_HOST_MEMORY);
 138    }
 139    *pObjectClass = CKO_PRIVATE_KEY;
 140	
 141    pTemplate[i].type=CKA_CLASS;
 142    pTemplate[i].ulValueLen=sizeof(CK_OBJECT_CLASS);
 143    res=CKI_SetAttrValue(&(pTemplate[i]), pObjectClass);
 144    if (res!=CKR_OK)
 145	goto error;
 146    i++;
 147	
 148    pTemplate[i].type=CKA_TOKEN;
 149    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 150    res=CKI_SetAttrValue(&(pTemplate[i]),&True);
 151    if (res!=CKR_OK)
 152	goto error;
 153    i++;
 154
 155    pTemplate[i].type=CKA_PRIVATE;
 156    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 157    res=CKI_SetAttrValue(&(pTemplate[i]),&True);
 158    if (res!=CKR_OK)
 159	goto error;
 160    i++;
 161	
 162    pTemplate[i].type=CKA_MODIFIABLE;
 163    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 164    res=CKI_SetAttrValue(&(pTemplate[i]),&False);
 165    if (res!=CKR_OK)
 166	goto error;
 167    i++;
 168	
 169    label=(CK_CHAR_PTR)malloc(strlen(username)+strlen("'s private key")+2);
 170    if (!label) { 
 171	res = CKR_HOST_MEMORY;
 172	goto error;
 173    }
 174    sprintf((char *)label,"%s's private key",username);
 175    pTemplate[i].type=CKA_LABEL;
 176    pTemplate[i].ulValueLen=(CK_ULONG)strlen((char *)label);
 177    pTemplate[i].value=label;
 178    label = NULL;
 179    i++;
 180	
 181    pTemplate[i].type=CKA_KEY_TYPE;
 182    pTemplate[i].ulValueLen=sizeof(CK_KEY_TYPE);
 183    res=CKI_SetAttrValue(&(pTemplate[i]),&keyType);
 184    if (res!=CKR_OK)
 185	goto error;
 186    i++;
 187
 188    id=_strdup(pID);
 189    if (!id) {
 190	res = CKR_HOST_MEMORY;
 191	goto error;
 192    }
 193    pTemplate[i].type=CKA_ID;
 194    pTemplate[i].ulValueLen=(CK_ULONG)strlen((char *)id);
 195    pTemplate[i].value=id;
 196    id = NULL;
 197    i++;
 198
 199    pTemplate[i].type=CKA_START_DATE;
 200    pTemplate[i].ulValueLen=sizeof(CK_DATE);
 201    res=CKI_SetAttrValue(&(pTemplate[i]),&date);
 202    if (res!=CKR_OK)
 203	goto error;
 204    i++;
 205	
 206    pTemplate[i].type=CKA_END_DATE;
 207    pTemplate[i].ulValueLen=sizeof(CK_DATE);
 208    res=CKI_SetAttrValue(&(pTemplate[i]),&date);
 209    if (res!=CKR_OK)
 210	goto error;
 211    i++;
 212	
 213    pTemplate[i].type=CKA_DERIVE;
 214    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 215    res=CKI_SetAttrValue(&(pTemplate[i]),&False);
 216    if (res!=CKR_OK)
 217	goto error;
 218    i++;
 219
 220    pTemplate[i].type=CKA_LOCAL;
 221    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 222    res=CKI_SetAttrValue(&(pTemplate[i]),&True);
 223    if (res!=CKR_OK)
 224	goto error;
 225    i++;
 226	
 227    pTemplate[i].type=CKA_SUBJECT;
 228    if (subject) {
 229	pTemplate[i].ulValueLen=subject_len;
 230	res=CKI_SetAttrValue(&(pTemplate[i]),subject);
 231    }
 232    else {
 233	pTemplate[i].ulValueLen=1L;
 234	res=CKI_SetAttrValue(&(pTemplate[i]),&empty);
 235    }
 236    if (res!=CKR_OK)
 237	goto error;
 238    i++;
 239
 240    pTemplate[i].type=CKA_SENSITIVE;
 241    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 242    res=CKI_SetAttrValue(&(pTemplate[i]),&True);
 243    if (res!=CKR_OK)
 244	goto error;
 245    i++;
 246	
 247    pTemplate[i].type=CKA_DECRYPT;
 248    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 249    res=CKI_SetAttrValue(&(pTemplate[i]),&False);
 250    if (res!=CKR_OK)
 251	goto error;
 252    i++;
 253	
 254    pTemplate[i].type=CKA_SIGN;
 255    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 256    res=CKI_SetAttrValue(&(pTemplate[i]),&True);
 257    if (res!=CKR_OK)
 258	goto error;
 259    i++;
 260	
 261    pTemplate[i].type=CKA_SIGN_RECOVER;
 262    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 263    res=CKI_SetAttrValue(&(pTemplate[i]),&False);
 264    if (res!=CKR_OK)
 265	goto error;
 266    i++;
 267	
 268    pTemplate[i].type=CKA_UNWRAP;
 269    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 270    res=CKI_SetAttrValue(&(pTemplate[i]),&False);
 271    if (res!=CKR_OK)
 272	goto error;
 273    i++;
 274	
 275    pTemplate[i].type=CKA_EXTRACTABLE;
 276    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 277    res=CKI_SetAttrValue(&(pTemplate[i]),&False);
 278    if (res!=CKR_OK)
 279	goto error;
 280    i++;
 281	
 282    pTemplate[i].type=CKA_ALWAYS_SENSITIVE;
 283    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 284    res=CKI_SetAttrValue(&(pTemplate[i]),&True);
 285    if (res!=CKR_OK)
 286	goto error;
 287    i++;
 288	
 289    pTemplate[i].type=CKA_NEVER_EXTRACTABLE;
 290    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 291    res=CKI_SetAttrValue(&(pTemplate[i]),&True);
 292    if (res!=CKR_OK)
 293	goto error;
 294    i++;
 295	
 296    pTemplate[i].type=CKA_MODULUS;
 297    pTemplate[i].ulValueLen=BN_num_bytes(rsa->n);
 298    n=(unsigned char *)malloc(pTemplate[i].ulValueLen);
 299    BN_bn2bin(rsa->n,n);
 300    res=CKI_SetAttrValue(&(pTemplate[i]),n);
 301    if (res!=CKR_OK)
 302	goto error;
 303    i++;
 304	
 305    pTemplate[i].type=CKA_PUBLIC_EXPONENT;
 306    pTemplate[i].ulValueLen=BN_num_bytes(rsa->e);
 307    e=(unsigned char *)malloc(pTemplate[i].ulValueLen);
 308    BN_bn2bin(rsa->e,e);
 309    res=CKI_SetAttrValue(&(pTemplate[i]),e);
 310    if (res!=CKR_OK)
 311	goto error;
 312    i++;
 313
 314    pTemplate[i].type=CKA_PRIVATE_EXPONENT;
 315    pTemplate[i].ulValueLen=BN_num_bytes(rsa->d);
 316    d=(unsigned char *)malloc(pTemplate[i].ulValueLen);
 317    BN_bn2bin(rsa->d,d);
 318    res=CKI_SetAttrValue(&(pTemplate[i]),d);
 319    if (res!=CKR_OK)
 320	goto error;
 321    i++;
 322
 323    pTemplate[i].type=CKA_PRIME_1;
 324    pTemplate[i].ulValueLen=BN_num_bytes(rsa->p);
 325    p=(unsigned char *)malloc(pTemplate[i].ulValueLen);
 326    BN_bn2bin(rsa->p,p);
 327    res=CKI_SetAttrValue(&(pTemplate[i]),p);
 328    if (res!=CKR_OK)
 329	goto error;
 330    i++;
 331	
 332    pTemplate[i].type=CKA_PRIME_2;
 333    pTemplate[i].ulValueLen=BN_num_bytes(rsa->q);
 334    q=(unsigned char *)malloc(pTemplate[i].ulValueLen);
 335    BN_bn2bin(rsa->q,q);
 336    res=CKI_SetAttrValue(&(pTemplate[i]),q);
 337    if (res!=CKR_OK)
 338	goto error;
 339    i++;
 340	
 341    pTemplate[i].type=CKA_EXPONENT_1;
 342    pTemplate[i].ulValueLen=BN_num_bytes(rsa->dmp1);
 343    dmp1=(unsigned char *)malloc(pTemplate[i].ulValueLen);
 344    BN_bn2bin(rsa->dmp1,dmp1);
 345    res=CKI_SetAttrValue(&(pTemplate[i]),dmp1);
 346    if (res!=CKR_OK)
 347	goto error;
 348    i++;
 349	
 350    pTemplate[i].type=CKA_EXPONENT_2;
 351    pTemplate[i].ulValueLen=BN_num_bytes(rsa->dmq1);
 352    dmq1=(unsigned char *)malloc(pTemplate[i].ulValueLen);
 353    BN_bn2bin(rsa->dmq1,dmq1);
 354    res=CKI_SetAttrValue(&(pTemplate[i]),dmq1);
 355    if (res!=CKR_OK)
 356	goto error;
 357    i++;
 358	
 359    pTemplate[i].type=CKA_COEFFICIENT;
 360    pTemplate[i].ulValueLen=BN_num_bytes(rsa->iqmp);
 361    iqmp=(unsigned char *)malloc(pTemplate[i].ulValueLen);
 362    BN_bn2bin(rsa->iqmp,iqmp);
 363    res=CKI_SetAttrValue(&(pTemplate[i]),iqmp);
 364    if (res!=CKR_OK)
 365	goto error;
 366#ifdef DEBUG
 367    assert(i < NUM_ATTRS);
 368#endif
 369
 370    /* pObject is an object handle or something. do we do anything with it? */
 371    res=C_CreateObject(hSession,pTemplate,1L,pObject);
 372    if (res!=CKR_OK)
 373    {
 374	log_printf("PKCS11_RSA_to_RsaPrivateKey: error creating pObject (0x%08x)\n", res);
 375	goto error;
 376    }
 377
 378    log_printf("PKCS11_RSA_to_RsaPrivateKey: private key created with handle 0x%0x\n", 
 379		*pObject);
 380
 381  error:
 382    if (id)
 383	free(id);
 384    if (label)
 385	free(label);
 386    if (pTemplate)
 387	CKI_AttributePtr_Free(pTemplate);
 388    if (pObject)
 389	free(pObject);
 390    if (pObjectClass)
 391	free(pObjectClass);
 392    return res;
 393}
 394#undef NUM_ATTRS
 395
 396#define NUM_ATTRS 29
 397CK_RV PKCS11_RSA_to_RsaPublicKey(CK_SESSION_HANDLE hSession, RSA *rsa, 
 398				 char *username, char *subject, int subject_len,
 399				 CK_CHAR_PTR pID) {
 400    CK_ATTRIBUTE_PTR pTemplate = NULL;
 401    CK_OBJECT_CLASS *pObjectClass = NULL;				/* KWC */
 402    int i=0;
 403    CK_CHAR_PTR label = NULL;
 404    CK_CHAR_PTR id = NULL;
 405    CK_RV res = CKR_OK;
 406    unsigned char *n, *e;
 407    CK_OBJECT_HANDLE_PTR pObject = NULL; /* we don't use this after it gets filled,
 408    oh well. */
 409    CK_DATE date;		
 410    CK_BYTE empty='\0';	
 411    CK_ULONG mod_length; 
 412	
 413    log_printf("entering PKCS11_RSA_to_RsaPublicKey\n");
 414    CKI_Date_Init(&date);
 415	
 416    pObject=(CK_OBJECT_HANDLE *)malloc(sizeof(CK_OBJECT_HANDLE));
 417    if (!pObject) { 
 418	res = CKR_HOST_MEMORY;
 419	goto error;
 420    }
 421	
 422    pTemplate=(CK_ATTRIBUTE_PTR)malloc(sizeof(CK_ATTRIBUTE)*NUM_ATTRS);
 423    if (!pTemplate) {
 424	res = CKR_HOST_MEMORY;
 425	goto error;
 426    }
 427	
 428    for (i=0; i<NUM_ATTRS; i++) {
 429	pTemplate[i].ulValueLen=(CK_ULONG)-1L;
 430	pTemplate[i].value=NULL_PTR;
 431    }
 432    
 433    i=0;
 434    pObjectClass=(CK_OBJECT_CLASS *)malloc(sizeof(CK_OBJECT_CLASS));
 435    if (!pObjectClass) {
 436	res = CKR_HOST_MEMORY;
 437	goto error;
 438    }
 439    *pObjectClass = CKO_PUBLIC_KEY;
 440	
 441    pTemplate[i].type=CKA_CLASS;
 442    pTemplate[i].ulValueLen=sizeof(CK_OBJECT_CLASS);
 443    res=CKI_SetAttrValue(&(pTemplate[i]),pObjectClass);
 444    if (res!=CKR_OK) 
 445	goto error;
 446    i++;
 447	
 448    pTemplate[i].type=CKA_TOKEN;
 449    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 450    res=CKI_SetAttrValue(&(pTemplate[i]),&True);
 451    if (res!=CKR_OK) 
 452	goto error;
 453    i++;
 454	
 455    pTemplate[i].type=CKA_PRIVATE;
 456    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 457    res=CKI_SetAttrValue(&(pTemplate[i]),&True);
 458    if (res!=CKR_OK) 
 459	goto error;
 460    i++;
 461	
 462    pTemplate[i].type=CKA_MODIFIABLE;
 463    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 464    res=CKI_SetAttrValue(&(pTemplate[i]),&False);
 465    if (res!=CKR_OK) 
 466	goto error;
 467    i++;
 468	
 469    label=(CK_CHAR_PTR)malloc(strlen(username)+strlen("'s public key")+2);
 470    if (!label) {
 471	res = CKR_HOST_MEMORY;
 472	goto error;
 473    }
 474    sprintf((char *)label,"%s's public key",username);
 475    pTemplate[i].type=CKA_LABEL;
 476    pTemplate[i].ulValueLen=(CK_ULONG)strlen((char *)label);
 477    pTemplate[i].value=label;
 478    label = NULL;
 479    i++;
 480	
 481    pTemplate[i].type=CKA_KEY_TYPE;
 482    pTemplate[i].ulValueLen=sizeof(CK_KEY_TYPE);
 483    res=CKI_SetAttrValue(&(pTemplate[i]),&keyType);
 484    if (res!=CKR_OK) 
 485	goto error;
 486    i++;
 487	
 488    id=_strdup(pID);
 489    if (!id) {
 490	res = CKR_HOST_MEMORY;
 491	goto error;
 492    }
 493    pTemplate[i].type=CKA_ID;
 494    pTemplate[i].ulValueLen=(CK_ULONG)strlen((char *)id);
 495    pTemplate[i].value=id;
 496    id = NULL;
 497    i++;
 498	
 499    pTemplate[i].type=CKA_START_DATE;
 500    pTemplate[i].ulValueLen=sizeof(CK_DATE);
 501    res=CKI_SetAttrValue(&(pTemplate[i]),&date);
 502    if (res!=CKR_OK) 
 503	goto error;
 504    i++;
 505	
 506    pTemplate[i].type=CKA_END_DATE;
 507    pTemplate[i].ulValueLen=sizeof(CK_DATE);
 508    res=CKI_SetAttrValue(&(pTemplate[i]),&date);
 509    if (res!=CKR_OK) 
 510	goto error;
 511    i++;
 512	
 513    pTemplate[i].type=CKA_DERIVE;
 514    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 515    res=CKI_SetAttrValue(&(pTemplate[i]),&False);
 516    if (res!=CKR_OK) 
 517	goto error;
 518    i++;
 519	
 520    pTemplate[i].type=CKA_LOCAL;
 521    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 522    res=CKI_SetAttrValue(&(pTemplate[i]),&True);
 523    if (res!=CKR_OK) 
 524	goto error;
 525    i++;
 526	
 527    pTemplate[i].type=CKA_SUBJECT;
 528    if (subject) {
 529	pTemplate[i].ulValueLen=subject_len;
 530	res=CKI_SetAttrValue(&(pTemplate[i]),subject);
 531    }
 532    else {
 533	pTemplate[i].ulValueLen=1L;
 534	res=CKI_SetAttrValue(&(pTemplate[i]),&empty);
 535    }
 536    if (res!=CKR_OK) 
 537	goto error;
 538    i++;
 539	
 540    pTemplate[i].type=CKA_ENCRYPT;
 541    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 542    res=CKI_SetAttrValue(&(pTemplate[i]),&False);
 543    if (res!=CKR_OK) 
 544	goto error;
 545    i++;
 546	
 547    pTemplate[i].type=CKA_VERIFY;
 548    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 549    res=CKI_SetAttrValue(&(pTemplate[i]),&False);
 550    if (res!=CKR_OK) 
 551	goto error;
 552    i++;
 553	
 554    pTemplate[i].type=CKA_VERIFY_RECOVER;
 555    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 556    res=CKI_SetAttrValue(&(pTemplate[i]),&False);
 557    if (res!=CKR_OK) 
 558	goto error;
 559    i++;
 560
 561    pTemplate[i].type=CKA_WRAP;
 562    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 563    res=CKI_SetAttrValue(&(pTemplate[i]),&False);
 564    if (res!=CKR_OK) 
 565	goto error;
 566    i++;
 567	
 568    pTemplate[i].type=CKA_MODULUS;
 569    pTemplate[i].ulValueLen=BN_num_bytes(rsa->n);
 570    n=(unsigned char *)malloc(pTemplate[i].ulValueLen);
 571    BN_bn2bin(rsa->n,n);
 572    res=CKI_SetAttrValue(&(pTemplate[i]),n);
 573    if (res!=CKR_OK) 
 574	goto error;
 575    i++;
 576	
 577    pTemplate[i].type=CKA_MODULUS_BITS; 
 578    pTemplate[i].ulValueLen=sizeof(CK_ULONG);
 579    mod_length=BN_num_bits(rsa->n);
 580    res=CKI_SetAttrValue(&(pTemplate[i]),&mod_length);
 581    if (res!=CKR_OK) 
 582	goto error;
 583    i++;
 584	
 585    pTemplate[i].type=CKA_PUBLIC_EXPONENT;
 586    pTemplate[i].ulValueLen=BN_num_bytes(rsa->e);
 587    e=(unsigned char *)malloc(pTemplate[i].ulValueLen);
 588    BN_bn2bin(rsa->e,e);
 589    res=CKI_SetAttrValue(&(pTemplate[i]),e);
 590    if (res!=CKR_OK) 
 591	goto error;
 592#ifdef DEBUG
 593    assert(i < NUM_ATTRS);
 594#endif
 595
 596    /* pObject is an object handle or something. do we do anything with it? */
 597    res=C_CreateObject(hSession,pTemplate,1L,pObject);
 598    if (res!=CKR_OK)
 599    {
 600	log_printf("PKCS11_RSA_to_RsaPublicKey: error creating pObject (0x%08x)\n", res);
 601	goto error;
 602    }
 603
 604    log_printf("PKCS11_RSA_to_RsaPublicKey: public key created with handle 0x%0x\n", 
 605		*pObject);
 606
 607  error:
 608    if (id)
 609	free(id);
 610    if (label)
 611	free(label);
 612    if (pTemplate)
 613	CKI_AttributePtr_Free(pTemplate);
 614    if (pObject)
 615	free(pObject);
 616    if (pObjectClass)
 617	free(pObjectClass);
 618    return(res);
 619}
 620#undef NUM_ATTRS
 621
 622#define NUM_ATTRS 14
 623CK_RV PKCS11_X509_to_X509Certificate(CK_SESSION_HANDLE hSession, X509 *x, char *username, CK_CHAR_PTR * ppID) 
 624{
 625    CK_ATTRIBUTE_PTR pTemplate = NULL;
 626    CK_OBJECT_CLASS *pObjectClass = NULL;				/* KWC */
 627    int i=0;
 628    CK_CHAR_PTR label = NULL;
 629    CK_CHAR_PTR id = NULL;
 630    char *cert_der = NULL;
 631    char *serial_der = NULL;
 632    char *subject_der = NULL;
 633    char *issuer_der = NULL;
 634    char *issuer_enc = NULL;
 635    char *serial_enc = NULL;
 636    int cert_len;
 637    int serial_len, subject_len, issuer_len;
 638    X509_NAME *issuer = NULL, *subject = NULL;
 639    ASN1_INTEGER *serial;
 640    CK_RV res = CKR_OK;
 641    char *ptr = NULL;
 642    CK_OBJECT_HANDLE_PTR pObject = NULL;
 643	
 644    log_printf("entering PKCS11_X509_to_X509Certificate\n");
 645    pObject=(CK_OBJECT_HANDLE *)malloc(sizeof(CK_OBJECT_HANDLE));
 646    if (!pObject)
 647    {
 648	log_printf("PKCS11_X509_to_X509Certificate: could not malloc object handle\n");
 649	res = CKR_HOST_MEMORY;
 650	goto error;
 651    }
 652	
 653    pTemplate=(CK_ATTRIBUTE_PTR)malloc(sizeof(CK_ATTRIBUTE)*NUM_ATTRS);
 654    if (!pTemplate)
 655    {
 656	log_printf("PKCS11_X509_to_X509Certificate: could not malloc attribute space\n");
 657	res = CKR_HOST_MEMORY;
 658	goto error;
 659    }
 660
 661    for (i=0; i<NUM_ATTRS; i++) {
 662	pTemplate[i].ulValueLen=(CK_ULONG)-1L;
 663	pTemplate[i].value=NULL_PTR;
 664    }
 665    i=0;
 666
 667    pObjectClass=(CK_OBJECT_CLASS *)malloc(sizeof(CK_OBJECT_CLASS));
 668    if (!pObjectClass)
 669    {
 670	log_printf("PKCS11_X509_to_X509Certificate: could not malloc object class space\n");
 671	res = CKR_HOST_MEMORY;
 672	goto error;
 673    }
 674    *pObjectClass = CKO_CERTIFICATE;
 675	
 676    pTemplate[i].type=CKA_CLASS;
 677    pTemplate[i].ulValueLen=sizeof(CK_OBJECT_CLASS);
 678
 679    res=CKI_SetAttrValue(&(pTemplate[i]), pObjectClass);
 680
 681    log_printf("PKCS11_X509_to_X509Certificate: pTemplate[%d].value is %ld\n",
 682		i, *(CK_ULONG *)pTemplate[i].value);
 683
 684    if (res!=CKR_OK)
 685    {
 686	log_printf("PKCS11_X509_to_X509Certificate: error setting CKA_CLASS (0x%08x)\n", res);
 687	goto error;
 688    }
 689    i++;
 690	
 691    pTemplate[i].type=CKA_TOKEN;
 692    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 693    res=CKI_SetAttrValue(&(pTemplate[i]),&True);
 694    if (res!=CKR_OK)
 695    {
 696	log_printf("PKCS11_X509_to_X509Certificate: error setting CKA_TOKEN (0x%08x)\n", res);
 697	goto error;
 698    }
 699    i++;
 700	
 701    pTemplate[i].type=CKA_PRIVATE;
 702    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 703    res=CKI_SetAttrValue(&(pTemplate[i]),&True);
 704    if (res!=CKR_OK)
 705    {
 706	log_printf("PKCS11_X509_to_X509Certificate: error setting CKA_PRIVATE (0x%08x)\n", res);
 707	goto error;
 708    }
 709    i++;
 710
 711    pTemplate[i].type=CKA_MODIFIABLE;
 712    pTemplate[i].ulValueLen=sizeof(CK_BBOOL);
 713    res=CKI_SetAttrValue(&(pTemplate[i]),&False);
 714    if (res!=CKR_OK)
 715    {
 716	log_printf("PKCS11_X509_to_X509Certificate: error setting CKA_MODIFIABLE (0x%08x)\n", res);
 717	goto error;
 718    }
 719    i++;
 720
 721    label=(CK_CHAR_PTR)malloc(strlen(username)+strlen("'s certificate")+2);
 722    if (!label)
 723    {
 724	log_printf("PKCS11_X509_to_X509Certificate: error allocating space for label\n");
 725	res = CKR_HOST_MEMORY; 
 726	goto error;
 727    }
 728    sprintf((char *)label,"%s's certificate",username);
 729    pTemplate[i].type=CKA_LABEL;
 730    pTemplate[i].ulValueLen=(CK_ULONG)strlen((char *)label);
 731    pTemplate[i].value=label;
 732    label = NULL;
 733    i++;
 734	
 735    pTemplate[i].type=CKA_CERTIFICATE_TYPE;
 736    pTemplate[i].ulValueLen=sizeof(CK_CERTIFICATE_TYPE);
 737    res=CKI_SetAttrValue(&(pTemplate[i]),&certType);
 738    if (res!=CKR_OK)
 739    {
 740	log_printf("PKCS11_X509_to_X509Certificate: error setting CKA_CERTIFICATE_TYPE (0x%08x)\n", res);
 741	goto error;
 742    }
 743    i++;
 744
 745    cert_len=i2d_X509(x,NULL);
 746    cert_der=(char *)malloc(cert_len);
 747    if (!cert_der)
 748    {
 749	log_printf("PKCS11_X509_to_X509Certificate: error allocating space for cert_der\n");
 750	res = CKR_HOST_MEMORY;
 751	goto error;
 752    }
 753    ptr=cert_der;
 754    i2d_X509(x,(unsigned char **)&ptr);
 755
 756    issuer=X509_get_issuer_name(x);
 757    issuer_len=i2d_X509_NAME(issuer,NULL);
 758    issuer_der=(char *)malloc(issuer_len);
 759    if (!issuer_der)
 760    {
 761	log_printf("PKCS11_X509_to_X509Certificate: error allocating space for issuer_der\n");
 762	res = CKR_HOST_MEMORY;
 763	goto error;
 764    }
 765    ptr=issuer_der;
 766    i2d_X509_NAME(issuer,(unsigned char **)&ptr);
 767
 768    subject=X509_get_subject_name(x);
 769    subject_len=i2d_X509_NAME(subject,NULL);
 770    subject_der=(char *)malloc(subject_len);
 771    if (!subject_der)
 772    {
 773	log_printf("PKCS11_X509_to_X509Certificate: error allocating space for subject_der\n");
 774	res = CKR_HOST_MEMORY;
 775	goto error;
 776    }
 777    ptr=subject_der;
 778    i2d_X509_NAME(subject,(unsigned char **)&ptr);
 779
 780    serial=X509_get_serialNumber(x);	/* does not get freed */
 781    if (serial==NULL) {
 782	log_printf("PKCS11_X509_to_X509Certificate: couldn't get serial number from cert\n");	
 783	res =CKR_FUNCTION_FAILED;
 784	goto error;
 785    }
 786    serial_len=i2d_ASN1_INTEGER(serial,NULL);
 787    serial_der=(char *)malloc(serial_len);
 788    if (!serial_der)
 789    {
 790	log_printf("PKCS11_X509_to_X509Certificate: error allocating space for serial_der\n");
 791	res = CKR_HOST_MEMORY;
 792	goto error;
 793    }
 794    ptr=serial_der;
 795
 796    log_printf("PKCS11_X509_to_X509Certificate: serial_len is %d\n",serial_len);
 797    i2d_ASN1_INTEGER(serial,(unsigned char **)&ptr);
 798
 799    pTemplate[i].type=CKA_SUBJECT;
 800    pTemplate[i].ulValueLen=subject_len;
 801    res=CKI_SetAttrValue(&(pTemplate[i]),subject_der);
 802    if (res!=CKR_OK)
 803    {
 804	log_printf("PKCS11_X509_to_X509Certificate: error setting CKA_SUBJECT (0x%08x)\n", res);
 805	goto error;
 806    }
 807    i++;
 808	
 809    pTemplate[i].type=CKA_ISSUER;
 810    pTemplate[i].ulValueLen=issuer_len;
 811    res=CKI_SetAttrValue(&(pTemplate[i]),issuer_der);
 812    if (res!=CKR_OK)
 813    {
 814	log_printf("PKCS11_X509_to_X509Certificate: error setting CKA_ISSUER (0x%08x)\n", res);
 815	goto error;
 816    }
 817    i++;
 818
 819    pTemplate[i].type=CKA_SERIAL_NUMBER;
 820    pTemplate[i].ulValueLen=serial_len;
 821    res=CKI_SetAttrValue(&(pTemplate[i]),serial_der);
 822    if (res!=CKR_OK)
 823    {
 824	log_printf("PKCS11_X509_to_X509Certificate: error setting CKA_SERIAL_NUMBER (0x%08x)\n", res);
 825	goto error;
 826    }
 827    i++;
 828
 829    pTemplate[i].type=CKA_VALUE;
 830    pTemplate[i].ulValueLen=cert_len;
 831    res=CKI_SetAttrValue(&(pTemplate[i]),cert_der);
 832    if (res!=CKR_OK)
 833    {
 834	log_printf("PKCS11_X509_to_X509Certificate: error setting CKA_VALUE (0x%08x)\n", res);
 835	goto error;
 836    }
 837    i++;
 838	
 839    issuer_enc=(char *)malloc((issuer_len+1)*2);
 840    if (!issuer_enc) { 
 841	log_printf("PKCS11_X509_to_X509Certificate: error allocating space for issuer_enc\n");
 842	res = CKR_HOST_MEMORY;
 843	goto error;
 844    }
 845    b64_encode(issuer_der,issuer_len,issuer_enc);
 846
 847    serial_enc=(char *)malloc((serial_len+1)*2);
 848    if (!serial_enc) { 
 849	log_printf("PKCS11_X509_to_X509Certificate: error allocating space for serial_enc\n");
 850	res = CKR_HOST_MEMORY;
 851	goto error;
 852    }
 853    b64_encode(serial_der,serial_len,serial_enc);
 854
 855    id=(CK_CHAR_PTR)malloc(strlen(issuer_enc)+strlen(serial_enc)+2);
 856    if (!id)
 857    {
 858	log_printf("PKCS11_X509_to_X509Certificate: error allocating space for id\n");
 859	res = CKR_HOST_MEMORY;
 860	goto error;
 861    }
 862
 863    sprintf(id,"%s:%s",issuer_enc,serial_enc);
 864    pTemplate[i].type=CKA_ID;
 865    pTemplate[i].ulValueLen=(CK_ULONG)strlen((char *)id);
 866    pTemplate[i].value=id;
 867    *ppID = _strdup(id);
 868    id = NULL;
 869
 870#ifdef DEBUG
 871    assert(i < NUM_ATTRS);
 872#endif
 873
 874    /* pObject is an object handle or something. do we do anything with it? */
 875    res=C_CreateObject(hSession,pTemplate,1L,pObject);
 876    if (res!=CKR_OK)
 877    {
 878	log_printf("PKCS11_X509_to_X509Certificate: error creating pObject (0x%08x)\n", res);
 879	goto error;
 880    }
 881
 882    log_printf("PKCS11_X509_to_X509Certificate: certficate created with handle 0x%0x\n", 
 883		*pObject);
 884
 885  error:
 886    if (cert_der)
 887	free(cert_der);
 888    if (serial_der)
 889	free(serial_der);
 890    if (subject_der)
 891	free(subject_der);
 892    if (issuer_der)
 893	free(issuer_der);
 894    if (issuer_enc)
 895	free(issuer_enc);
 896    if (serial_enc)
 897	free(serial_enc);
 898
 899    if (id)
 900	free(id);
 901    if (label)
 902	free(label);
 903    if (pTemplate)
 904	CKI_AttributePtr_Free(pTemplate);
 905    if (pObject)
 906	free(pObject);
 907    if (pObjectClass)
 908	free(pObjectClass);
 909
 910    log_printf("PKCS11_X509_to_X509Certificate: returning 0x%08x\n", res);
 911    return(res);
 912}
 913#undef NUM_ATTRS
 914
 915RSA *PKCS11_RsaPrivateKey_to_RSA(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) { 
 916    RSA *rsa = NULL;	/* freed by caller */
 917    int i=0;
 918    int ctr = 0;
 919    PKCS11_SESSION *pSession = NULL;
 920    CK_ATTRIBUTE_PTR pAttributes = NULL;
 921    CK_ATTRIBUTE_PTR attr = NULL;
 922    CK_RV res = CKR_OK;
 923    int bFound = FALSE;
 924	
 925    log_printf("entering PKCS11_RsaPrivateKey_to_RSA: hKey = 0x%0x\n", hKey);
 926    if ((pSession=PKCS11_FindSession(hSession))==NULL)
 927	return(NULL);
 928    if (!pSession->pToken->ppTokenObject)
 929	return(NULL);
 930
 931    for (ctr = 0; pSession->pToken->ppTokenObject[ctr]; ctr++) {
 932	if (pSession->pToken->ppTokenObject[ctr]->ulObjectHandle==hKey) {
 933	    pAttributes=pSession->pToken->ppTokenObject[ctr]->pAttribute;
 934	    break;
 935	}
 936    }
 937
 938    if (!pAttributes)
 939    {
 940	log_printf("PKCS11_RsaPrivateKey_to_RSA: could not find CKA_MODULUS\n");
 941	goto error;
 942    }
 943
 944    attr=PKCS11_FindAttribute_p(pAttributes,CKA_MODULUS);
 945    if (!attr)
 946    {
 947	log_printf("PKCS11_RsaPrivateKey_to_RSA: could not find CKA_MODULUS\n");
 948	goto error;
 949    }
 950
 951    rsa=RSA_new();
 952
 953    rsa->n=BN_bin2bn(attr->value,attr->ulValueLen,rsa->n);
 954    attr=PKCS11_FindAttribute_p(pAttributes,CKA_PUBLIC_EXPONENT);
 955    if (!attr)
 956    {
 957	log_printf("PKCS11_RsaPrivateKey_to_RSA: could not find CKA_PUBLIC_EXPONENT\n");
 958	goto error;
 959    }
 960    rsa->e=BN_bin2bn(attr->value,attr->ulValueLen,rsa->e);
 961    attr=PKCS11_FindAttribute_p(pAttributes,CKA_PRIVATE_EXPONENT);
 962    if (!attr)
 963    {
 964	log_printf("PKCS11_RsaPrivateKey_to_RSA: could not find CKA_PRIVATE_EXPONENT\n");
 965	goto error;
 966    }
 967    rsa->d=BN_bin2bn(attr->value,attr->ulValueLen,rsa->d);
 968    attr=PKCS11_FindAttribute_p(pAttributes,CKA_PRIME_1);
 969    if (!attr)
 970    {
 971	log_printf("PKCS11_RsaPrivateKey_to_RSA: could not find CKA_PRIME_1\n");
 972	goto error;
 973    }
 974    rsa->p=BN_bin2bn(attr->value,attr->ulValueLen,rsa->p);
 975    attr=PKCS11_FindAttribute_p(pAttributes,CKA_PRIME_2);
 976    if (!attr)
 977    {
 978	log_printf("PKCS11_RsaPrivateKey_to_RSA: could not find CKA_PRIME_2\n");
 979	goto error;
 980    }
 981    rsa->q=BN_bin2bn(attr->value,attr->ulValueLen,rsa->q);
 982    attr=PKCS11_FindAttribute_p(pAttributes,CKA_EXPONENT_1);
 983    if (!attr)
 984    {
 985	log_printf("PKCS11_RsaPrivateKey_to_RSA: could not find CKA_EXPONENT_1\n");
 986	goto error;
 987    }
 988    rsa->dmp1=BN_bin2bn(attr->value,attr->ulValueLen,rsa->dmp1);
 989    attr=PKCS11_FindAttribute_p(pAttributes,CKA_EXPONENT_2);
 990    if (!attr)
 991    {
 992	log_printf("PKCS11_RsaPrivateKey_to_RSA: could not find CKA_EXPONENT_2\n");
 993	goto error;
 994    }
 995    rsa->dmq1=BN_bin2bn(attr->value,attr->ulValueLen,rsa->dmq1);
 996    attr=PKCS11_FindAttribute_p(pAttributes,CKA_COEFFICIENT);
 997    if (!attr)
 998    {
 999	log_printf("PKCS11_RsaPrivateKey_to_RSA: could not find CKA_COEFFICIENT\n");
1000	goto error;
1001    }
1002    rsa->iqmp=BN_bin2bn(attr->value,attr->ulValueLen,rsa->iqmp);
1003    return(rsa);
1004
1005  error:
1006    if (rsa)
1007	RSA_free(rsa);
1008
1009    return(NULL);
1010}
1011
1012