[rt-commit] r118 - in /redwax-tool/trunk: ChangeLog redwax_p11kit.c
rt-commit at redwax.eu
rt-commit at redwax.eu
Mon Dec 6 19:00:55 CET 2021
Author: minfrin at redwax.eu
Date: Mon Dec 6 19:00:54 2021
New Revision: 118
Log:
Some tokens refuse to accept a computed SubjectPublicKeyInfo.
Retry the key import without one when CKR_ATTRIBUTE_TYPE_INVALID
is returned.
Modified:
redwax-tool/trunk/ChangeLog
redwax-tool/trunk/redwax_p11kit.c
Modified: redwax-tool/trunk/ChangeLog
==============================================================================
--- redwax-tool/trunk/ChangeLog (original)
+++ redwax-tool/trunk/ChangeLog Mon Dec 6 19:00:54 2021
@@ -1,6 +1,9 @@
Changes with v0.9.1
+ *) Some tokens refuse to accept a computed SubjectPublicKeyInfo.
+ Retry the key import without one when CKR_ATTRIBUTE_TYPE_INVALID
+ is returned. [Graham Leggett]
Changes with v0.9.0
Modified: redwax-tool/trunk/redwax_p11kit.c
==============================================================================
--- redwax-tool/trunk/redwax_p11kit.c (original)
+++ redwax-tool/trunk/redwax_p11kit.c Mon Dec 6 19:00:54 2021
@@ -631,6 +631,115 @@
redwax_pkcs11_add_attribute(privateTemplate, CKA_EXTRACTABLE, (void *)&true,
sizeof(true));
+ attr = p11_kit_uri_get_attribute(parsed, CKA_ID);
+ if (attr) {
+ redwax_pkcs11_add_attribute(publicTemplate, CKA_ID,
+ attr->pValue, attr->ulValueLen);
+ redwax_pkcs11_add_attribute(privateTemplate, CKA_ID,
+ attr->pValue, attr->ulValueLen);
+ }
+ else if (key->common.kid_len) {
+ redwax_pkcs11_add_attribute(publicTemplate, CKA_ID,
+ (void *)key->common.kid_der, key->common.kid_len);
+ redwax_pkcs11_add_attribute(privateTemplate, CKA_ID,
+ (void *)key->common.kid_der, key->common.kid_len);
+ }
+ else if (key->common.id_len) {
+ redwax_pkcs11_add_attribute(publicTemplate, CKA_ID,
+ (void *)key->common.id_der, key->common.id_len);
+ redwax_pkcs11_add_attribute(privateTemplate, CKA_ID,
+ (void *)key->common.id_der, key->common.id_len);
+ }
+ else if (key->common.gid_len) {
+ redwax_pkcs11_add_attribute(publicTemplate, CKA_ID,
+ (void *)key->common.gid_der, key->common.gid_len);
+ redwax_pkcs11_add_attribute(privateTemplate, CKA_ID,
+ (void *)key->common.gid_der, key->common.gid_len);
+ }
+
+ if (key->common.subject_len) {
+ redwax_pkcs11_add_attribute(publicTemplate, CKA_SUBJECT,
+ (void *)key->common.subject_der, key->common.subject_len);
+ }
+
+
+ /* CKA_CERTIFICATE_TYPE */
+ switch(key->common.type) {
+ case REDWAX_KEY_RSA:
+
+ if (key->rsa) {
+
+ CK_ULONG key_type = CKK_RSA;
+
+ redwax_pkcs11_add_attribute(publicTemplate, CKA_KEY_TYPE,
+ (void*) &key_type, sizeof(key_type));
+ redwax_pkcs11_add_attribute(privateTemplate, CKA_KEY_TYPE,
+ (void*) &key_type, sizeof(key_type));
+
+ /* Do we support CKA_DERIVE or CKA_ALLOWED_MECHANISMS? */
+
+ /* public / private */
+ if (key->rsa->modulus_len) {
+ redwax_pkcs11_add_attribute(publicTemplate, CKA_MODULUS,
+ key->rsa->modulus, key->rsa->modulus_len);
+ }
+ if (key->rsa->modulus_len) {
+ redwax_pkcs11_add_attribute(privateTemplate, CKA_MODULUS,
+ key->rsa->modulus, key->rsa->modulus_len);
+ }
+ if (key->rsa->public_exponent_len) {
+ redwax_pkcs11_add_attribute(publicTemplate,
+ CKA_PUBLIC_EXPONENT, key->rsa->public_exponent,
+ key->rsa->public_exponent_len);
+ }
+ if (key->rsa->public_exponent_len) {
+ redwax_pkcs11_add_attribute(privateTemplate,
+ CKA_PUBLIC_EXPONENT, key->rsa->public_exponent,
+ key->rsa->public_exponent_len);
+ }
+
+ /* private only */
+ if (key->rsa->private_exponent_len) {
+ redwax_pkcs11_add_attribute(privateTemplate,
+ CKA_PRIVATE_EXPONENT, key->rsa->private_exponent,
+ key->rsa->private_exponent_len);
+ }
+ if (key->rsa->prime_1_len) {
+ redwax_pkcs11_add_attribute(privateTemplate, CKA_PRIME_1,
+ key->rsa->prime_1, key->rsa->prime_1_len);
+ }
+ if (key->rsa->prime_2_len) {
+ redwax_pkcs11_add_attribute(privateTemplate, CKA_PRIME_2,
+ key->rsa->prime_2, key->rsa->prime_2_len);
+ }
+ if (key->rsa->exponent_1_len) {
+ redwax_pkcs11_add_attribute(privateTemplate, CKA_EXPONENT_1,
+ key->rsa->exponent_1, key->rsa->exponent_1_len);
+ }
+ if (key->rsa->exponent_2_len) {
+ redwax_pkcs11_add_attribute(privateTemplate, CKA_EXPONENT_2,
+ key->rsa->exponent_2, key->rsa->exponent_2_len);
+ }
+ if (key->rsa->coefficient_len) {
+ redwax_pkcs11_add_attribute(privateTemplate,
+ CKA_COEFFICIENT, key->rsa->coefficient,
+ key->rsa->coefficient_len);
+ }
+
+ }
+
+ break;
+ default:
+
+ redwax_print_error(r,
+ "pkcs11-out: could not write private key to '%s', "
+ "we only support RSA keys right now.\n",
+ redwax_pstrntrim(r->pool, (const char*) tokenInfo->label,
+ sizeof(tokenInfo->label)));
+
+ break;
+ }
+
/* CKA_PUBLIC_KEY_INFO */
if (key->common.subjectpublickeyinfo_len) {
redwax_pkcs11_add_attribute(publicTemplate, CKA_PUBLIC_KEY_INFO,
@@ -641,114 +750,6 @@
key->common.subjectpublickeyinfo_len);
}
- attr = p11_kit_uri_get_attribute(parsed, CKA_ID);
- if (attr) {
- redwax_pkcs11_add_attribute(publicTemplate, CKA_ID,
- attr->pValue, attr->ulValueLen);
- redwax_pkcs11_add_attribute(privateTemplate, CKA_ID,
- attr->pValue, attr->ulValueLen);
- }
- else if (key->common.kid_len) {
- redwax_pkcs11_add_attribute(publicTemplate, CKA_ID,
- (void *)key->common.kid_der, key->common.kid_len);
- redwax_pkcs11_add_attribute(privateTemplate, CKA_ID,
- (void *)key->common.kid_der, key->common.kid_len);
- }
- else if (key->common.id_len) {
- redwax_pkcs11_add_attribute(publicTemplate, CKA_ID,
- (void *)key->common.id_der, key->common.id_len);
- redwax_pkcs11_add_attribute(privateTemplate, CKA_ID,
- (void *)key->common.id_der, key->common.id_len);
- }
- else if (key->common.gid_len) {
- redwax_pkcs11_add_attribute(publicTemplate, CKA_ID,
- (void *)key->common.gid_der, key->common.gid_len);
- redwax_pkcs11_add_attribute(privateTemplate, CKA_ID,
- (void *)key->common.gid_der, key->common.gid_len);
- }
-
- if (key->common.subject_len) {
- redwax_pkcs11_add_attribute(publicTemplate, CKA_SUBJECT,
- (void *)key->common.subject_der, key->common.subject_len);
- }
-
-
- /* CKA_CERTIFICATE_TYPE */
- switch(key->common.type) {
- case REDWAX_KEY_RSA:
-
- if (key->rsa) {
-
- CK_ULONG key_type = CKK_RSA;
-
- redwax_pkcs11_add_attribute(publicTemplate, CKA_KEY_TYPE,
- (void*) &key_type, sizeof(key_type));
- redwax_pkcs11_add_attribute(privateTemplate, CKA_KEY_TYPE,
- (void*) &key_type, sizeof(key_type));
-
- /* Do we support CKA_DERIVE or CKA_ALLOWED_MECHANISMS? */
-
- /* public / private */
- if (key->rsa->modulus_len) {
- redwax_pkcs11_add_attribute(publicTemplate, CKA_MODULUS,
- key->rsa->modulus, key->rsa->modulus_len);
- }
- if (key->rsa->modulus_len) {
- redwax_pkcs11_add_attribute(privateTemplate, CKA_MODULUS,
- key->rsa->modulus, key->rsa->modulus_len);
- }
- if (key->rsa->public_exponent_len) {
- redwax_pkcs11_add_attribute(publicTemplate,
- CKA_PUBLIC_EXPONENT, key->rsa->public_exponent,
- key->rsa->public_exponent_len);
- }
- if (key->rsa->public_exponent_len) {
- redwax_pkcs11_add_attribute(privateTemplate,
- CKA_PUBLIC_EXPONENT, key->rsa->public_exponent,
- key->rsa->public_exponent_len);
- }
-
- /* private only */
- if (key->rsa->private_exponent_len) {
- redwax_pkcs11_add_attribute(privateTemplate,
- CKA_PRIVATE_EXPONENT, key->rsa->private_exponent,
- key->rsa->private_exponent_len);
- }
- if (key->rsa->prime_1_len) {
- redwax_pkcs11_add_attribute(privateTemplate, CKA_PRIME_1,
- key->rsa->prime_1, key->rsa->prime_1_len);
- }
- if (key->rsa->prime_2_len) {
- redwax_pkcs11_add_attribute(privateTemplate, CKA_PRIME_2,
- key->rsa->prime_2, key->rsa->prime_2_len);
- }
- if (key->rsa->exponent_1_len) {
- redwax_pkcs11_add_attribute(privateTemplate, CKA_EXPONENT_1,
- key->rsa->exponent_1, key->rsa->exponent_1_len);
- }
- if (key->rsa->exponent_2_len) {
- redwax_pkcs11_add_attribute(privateTemplate, CKA_EXPONENT_2,
- key->rsa->exponent_2, key->rsa->exponent_2_len);
- }
- if (key->rsa->coefficient_len) {
- redwax_pkcs11_add_attribute(privateTemplate,
- CKA_COEFFICIENT, key->rsa->coefficient,
- key->rsa->coefficient_len);
- }
-
- }
-
- break;
- default:
-
- redwax_print_error(r,
- "pkcs11-out: could not write private key to '%s', "
- "we only support RSA keys right now.\n",
- redwax_pstrntrim(r->pool, (const char*) tokenInfo->label,
- sizeof(tokenInfo->label)));
-
- break;
- }
#if 0
ret = module->C_CreateObject(session,
(CK_ATTRIBUTE_PTR) publicTemplate->elts, publicTemplate->nelts,
@@ -764,9 +765,19 @@
return APR_EACCES;
}
#endif
+
+ /* first, try create the object including the CKA_PUBLIC_KEY_INFO */
ret = module->C_CreateObject(session,
(CK_ATTRIBUTE_PTR) privateTemplate->elts,
privateTemplate->nelts, &key_obj);
+
+ if (ret == CKR_ATTRIBUTE_TYPE_INVALID) {
+
+ /* otherwise, try create the object excluding the CKA_PUBLIC_KEY_INFO */
+ ret = module->C_CreateObject(session,
+ (CK_ATTRIBUTE_PTR) privateTemplate->elts,
+ privateTemplate->nelts - 1, &key_obj);
+ }
if (ret != CKR_OK) {
More information about the rt-commit
mailing list