[opensc-devel] pkcs11-tool

Andre Zepezauer Thu, 25 Nov 2010 08:24:11 -0800

Hello,

I would like to commit the attached patch. It modifies the method of
public key retrieval in pkcs11-tool.


Currently the non standard attribute CKA_VALUE is uses. With the patch
applied, only attributes defined by PKCS#11 are used for public key
retrieval. Tested with OpenSSL 0.9.8.

Regards
Andre

Index: src/tools/pkcs11-tool.c
===================================================================
--- src/tools/pkcs11-tool.c	(revision 4880)
+++ src/tools/pkcs11-tool.c	(working copy)
@@ -1930,6 +1930,7 @@
 VARATTR_METHOD(ID, unsigned char);
 VARATTR_METHOD(OBJECT_ID, unsigned char);
 VARATTR_METHOD(MODULUS, unsigned char);
+VARATTR_METHOD(PUBLIC_EXPONENT, unsigned char);
 VARATTR_METHOD(VALUE, unsigned char);
 VARATTR_METHOD(GOSTR3410_PARAMS, unsigned char);
 
@@ -2490,13 +2491,14 @@
 #ifdef ENABLE_OPENSSL
 static EVP_PKEY *get_public_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE privKeyObject)
 {
-	unsigned char  *id;
-	CK_ULONG        idLen;
+	unsigned char  *id, *modulus, *exponent;
+	CK_ULONG        idLen, modLen, expLen;
 	CK_OBJECT_HANDLE pubkeyObject;
 	unsigned char  *pubkey;
 	const unsigned char *pubkey_c;
 	CK_ULONG        pubkeyLen;
 	EVP_PKEY       *pkey;
+	RSA            *rsa;
 
 	id = NULL;
 	id = getID(session, privKeyObject, &idLen);
@@ -2512,6 +2514,39 @@
 	}
 	free(id);
 
+	switch(getKEY_TYPE(session, pubkeyObject)) {
+		case CKK_RSA:
+			pkey = EVP_PKEY_new();
+			rsa = RSA_new();
+			modulus = getMODULUS(session, pubkeyObject, &modLen);
+			exponent = getPUBLIC_EXPONENT(session, pubkeyObject, &expLen);
+			if ( !pkey || !rsa || !modulus || !exponent) {
+				printf("public key not extractable\n");
+				if (pkey)
+					free(pkey);
+				if (rsa)
+					free(rsa);
+				if (modulus)
+					free(modulus);
+				if (exponent)
+					free(exponent);
+				return NULL;
+			}
+			rsa->n = BN_bin2bn(modulus, modLen, NULL);
+			rsa->e = BN_bin2bn(exponent, expLen, NULL);
+			EVP_PKEY_assign_RSA(pkey, rsa);
+			free(modulus);
+			free(exponent);
+			return pkey;
+		case CKK_DSA:
+		case CKK_ECDSA:
+		case CKK_GOSTR3410:
+			break;
+		default:
+			printf("public key of unsupported type\n");
+			return NULL;
+	}
+
 	pubkey = getVALUE(session, pubkeyObject, &pubkeyLen);
 	if (pubkey == NULL) {
 		printf("couldn't get the pubkey VALUE attribute, no validation done\n");

_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] pkcs11-tool

Reply via email to