fortpk11.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言代码 · 共 2,331 行 · 第 1/5 页
2,331 行
/* quick tohex function to get rid of scanf */staticint fort11_tohex(char *s) {    int val = 0;    for(;*s;s++) {	if ((*s >= '0') && (*s <= '9')) {	    val = (val << 4) + (*s - '0');	    continue;	} else if ((*s >= 'a') && (*s <= 'f')) {	    val = (val << 4) + (*s - 'a') + 10;	    continue;	} else if ((*s >= 'A') && (*s <= 'F')) {	    val = (val << 4) + (*s - 'A') + 10;	    continue;	}	break;    }    return val;}/* only should be called for V3 KEA cert labels. */static intfort11_GetSibling(CI_CERT_STR label)  {	int value = 0;        char s[3];        label +=4;        strcpy(s,"00");        memcpy(s, label, 2);	value = fort11_tohex(s);        	/*  sibling of 255 means no sibling */        if (value == 255) {	    value = -1;	}	return value;}static PrivKeyTypefort11_GetKeyType(CI_CERT_STR label) {     if (label == NULL) return INVALID_KEY;    if ( (!PORT_Memcmp(label, "DSA1", 4)) ||   /* v3 certs */          (!PORT_Memcmp(label, "DSAI", 4)) ||	 (!PORT_Memcmp(label, "DSAO", 4)) ||         (!PORT_Memcmp(label, "3IXS", 4)) ||   /* old v3 certs */          (!PORT_Memcmp(label, "3OXS", 4)) ) {        return DSA_KEY;    }    if ( (!PORT_Memcmp(label, "KEAK", 4)) ||          (!PORT_Memcmp(label, "3IKX", 4)) ) {        return KEA_KEY;    }     if ( (!PORT_Memcmp(label, "INKS", 4)) ||  /* V1 Certs*/         (!PORT_Memcmp(label, "INKX", 4)) ||         (!PORT_Memcmp(label, "ONKS", 4)) ||         (!PORT_Memcmp(label, "ONKX", 4)) ||           (!PORT_Memcmp(label, "RRXX", 4)) ||         (!PORT_Memcmp(label, "RTXX", 4)) ||         (!PORT_Memcmp(label, "LAXX", 4)) ) {          return V1_KEY;    }    return INVALID_KEY;} static CK_RVfort11_ConvertToDSAKey(PK11Object *privateKey, PK11Slot *slot) {    CK_KEY_TYPE     key_type  = CKK_DSA;    CK_BBOOL        cktrue    = TRUE;    CK_BBOOL        ckfalse   = FALSE;    CK_OBJECT_CLASS privClass = CKO_PRIVATE_KEY;    CK_CHAR         label[]   = "A DSA Private Key";    /* Fill in the common Default values */    if (fort11_AddAttributeType(privateKey,CKA_START_DATE, NULL, 0) != CKR_OK) {	return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey,CKA_END_DATE, NULL, 0) != CKR_OK) {	return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey,CKA_SUBJECT, NULL, 0) != CKR_OK) {	return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_CLASS, &privClass, 			      sizeof (CK_OBJECT_CLASS)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_KEY_TYPE, &key_type, 			      sizeof(CK_KEY_TYPE)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType (privateKey, CKA_TOKEN, &cktrue, 			      sizeof (CK_BBOOL)) != CKR_OK) {       return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType (privateKey, CKA_LABEL, label,			       PORT_Strlen((char*)label)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_SENSITIVE, &cktrue, 			      sizeof (CK_BBOOL)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_SIGN, &cktrue, 			      sizeof (CK_BBOOL)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_DERIVE, &cktrue,			      sizeof(cktrue)) != CKR_OK) {	return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_LOCAL, &ckfalse,			      sizeof(ckfalse)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_DECRYPT, &ckfalse,			      sizeof(ckfalse)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_SIGN_RECOVER, &ckfalse,			      sizeof(ckfalse)) != CKR_OK) { 	return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_UNWRAP, &ckfalse,			      sizeof(ckfalse)) != CKR_OK) { 	return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_EXTRACTABLE, &ckfalse,			      sizeof(ckfalse))  != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_ALWAYS_SENSITIVE, &cktrue,			      sizeof(cktrue)) != CKR_OK) {       return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_NEVER_EXTRACTABLE, &cktrue,			      sizeof(ckfalse)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_PRIME, NULL, 0) != CKR_OK){        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_SUBPRIME, NULL, 0) != CKR_OK){        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_BASE, NULL, 0) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_VALUE, NULL, 0) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_PRIVATE, &cktrue,			      sizeof(cktrue)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_MODIFIABLE,&ckfalse,			      sizeof(ckfalse)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    FMUTEX_Lock(slot->objectLock);    privateKey->handle = slot->tokenIDCount++;    privateKey->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);    FMUTEX_Unlock(slot->objectLock);    privateKey->objclass = privClass;    privateKey->slot = slot;    privateKey->inDB = PR_TRUE;    return CKR_OK;}static intfort11_LoadRootPAAKey(PK11Slot *slot, PK11Session *session) {    CK_OBJECT_CLASS theClass   = CKO_SECRET_KEY;    int              id      = 0;    CK_BBOOL         True    = TRUE;    CK_BBOOL          False   = FALSE;    CK_CHAR          label[] = "Trusted Root PAA Key";    PK11Object      *rootKey;    FortezzaKey     *newKey;    FortezzaSocket *socket  = &fortezzaSockets[slot->slotID-1];        /*Don't know the key type.  Does is matter?*/    rootKey = fort11_NewObject(slot);    if (rootKey == NULL) {        return CKR_HOST_MEMORY;    }    if (fort11_AddAttributeType(rootKey, CKA_CLASS, &theClass,			      sizeof(theClass)) != CKR_OK) {	return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(rootKey, CKA_TOKEN, &True,			      sizeof(True)) != CKR_OK) {        	return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(rootKey, CKA_LABEL, label,			      sizeof(label)) != CKR_OK) {	return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(rootKey, CKA_PRIVATE, &True,			      sizeof (True)) != CKR_OK) {	return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(rootKey,CKA_MODIFIABLE, &False, 			      sizeof(False)) != CKR_OK) {	return CKR_GENERAL_ERROR;    }        if (fort11_AddAttributeType(rootKey, CKA_ID, &id,			      sizeof(int)) != CKR_OK) {	return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(rootKey, CKA_DERIVE, &True,			      sizeof(True)) != CKR_OK) {	return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(rootKey, CKA_SENSITIVE, &True,			      sizeof(True)) != CKR_OK) {	return CKR_GENERAL_ERROR;    }    FMUTEX_Lock(slot->objectLock);    rootKey->handle = slot->tokenIDCount++;    rootKey->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);    FMUTEX_Unlock(slot->objectLock);    rootKey->objclass = theClass;    rootKey->slot = slot;    rootKey->inDB = PR_TRUE;    newKey = NewFortezzaKey(socket, Ks, NULL, 0);    if (newKey == NULL) {        fort11_FreeObject(rootKey);        return CKR_HOST_MEMORY;    }    rootKey->objectInfo = (void*)newKey;    rootKey->infoFree   = fort11_FreeFortezzaKey;    fort11_AddObject(session, rootKey);    return CKR_OK;}static CK_RVfort11_ConvertToKEAKey (PK11Object *privateKey, PK11Slot *slot) {    CK_OBJECT_CLASS theClass   = CKO_PRIVATE_KEY;    CK_KEY_TYPE     keyType = CKK_KEA;    CK_CHAR         label[] = "A KEA private key Object";    CK_BBOOL        True    = TRUE;    CK_BBOOL        False   = FALSE;    if (fort11_AddAttributeType(privateKey, CKA_CLASS, &theClass,			      sizeof (CK_OBJECT_CLASS)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_KEY_TYPE, &keyType,			      sizeof (CK_KEY_TYPE)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_TOKEN, &True, 			      sizeof(CK_BBOOL)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType (privateKey, CKA_LABEL, label,			       PORT_Strlen((char*)label)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType (privateKey, CKA_SENSITIVE, 			       &True, sizeof(CK_BBOOL)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }        if (fort11_AddAttributeType (privateKey, CKA_DERIVE, 			       &True, sizeof(CK_BBOOL)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_PRIVATE, &True,			      sizeof(True)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_START_DATE, NULL, 0) != CKR_OK) {        return CKR_GENERAL_ERROR;    }     if (fort11_AddAttributeType(privateKey, CKA_END_DATE, NULL, 0) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    if (fort11_AddAttributeType(privateKey, CKA_LOCAL, &False,			      sizeof(False)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    FMUTEX_Lock(slot->objectLock);    privateKey->handle = slot->tokenIDCount++;    privateKey->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);    FMUTEX_Unlock(slot->objectLock);    privateKey->objclass = theClass;    privateKey->slot = slot;    privateKey->inDB = PR_TRUE;    return CKR_OK;}static CK_RVfort11_ConvertToV1Key (PK11Object* privateKey, PK11Slot *slot) {    CK_RV    rv;    CK_BBOOL True = TRUE;    rv = fort11_ConvertToDSAKey(privateKey, slot);    if (rv != CKR_OK) {        return rv;    }    if (fort11_AddAttributeType(privateKey, CKA_DERIVE, &True, 			      sizeof (CK_BBOOL)) != CKR_OK) {        return CKR_GENERAL_ERROR;    }    return CKR_OK;}static CK_RVfort11_NewPrivateKey(PK11Object *privKeyObject, PK11Slot *slot,CI_PERSON currPerson) {  PrivKeyType keyType = fort11_GetKeyType(currPerson.CertLabel);  CK_RV       rv;  switch (keyType) {  case DSA_KEY:    rv = fort11_ConvertToDSAKey(privKeyObject, slot);    break;  case KEA_KEY:    rv = fort11_ConvertToKEAKey(privKeyObject, slot);    break;  case V1_KEY:    rv = fort11_ConvertToV1Key(privKeyObject, slot);    break;  default:    rv = CKR_GENERAL_ERROR;    break;  }  return rv;}PRBoolfort11_LoadCertObjectForSearch(CI_PERSON currPerson, PK11Slot *slot, 			PK11Session *session, CI_PERSON *pers_array) {    PK11Object          *certObject, *privKeyObject;    PK11Attribute       *attribute, *newAttribute;    int                  ci_rv;    CI_CERTIFICATE       cert;    CK_OBJECT_CLASS      certClass = CKO_CERTIFICATE;    CK_CERTIFICATE_TYPE  certType  = CKC_X_509;    CK_BBOOL             cktrue    = TRUE;    CK_BBOOL             ckfalse   = FALSE;    CertItem             issuer, serial, subject;    int			 certSize;    char                 nickname[50];    char                *cursor;     PrivKeyType		 priv_key;    int			 sibling;      certObject = fort11_NewObject(slot);    if (certObject == NULL)        return PR_FALSE;    ci_rv = MACI_GetCertificate (fortezzaSockets[slot->slotID-1].maciSession,				 currPerson.CertificateIndex, cert);    if (ci_rv != CI_OK){        fort11_FreeObject(certObject);	return PR_FALSE;    }    ci_rv = fort11_GetCertFields(cert,CI_CERT_SIZE,&issuer,&serial,&subject);    if (ci_rv != CKR_OK) {        fort11_FreeObject(certObject);	return PR_FALSE;    }    if (fort11_AddAttributeType(certObject, CKA_CLASS, &certClass,			      sizeof (CK_OBJECT_CLASS)) != CKR_OK) {        fort11_FreeObject (certObject);	return PR_FALSE;    }    if (fort11_AddAttributeType(certObject, CKA_TOKEN, &cktrue,			      sizeof (CK_BBOOL)) != CKR_OK) {        fort11_FreeObject(certObject);	return PR_FALSE;    }    if (fort11_AddAttributeType(certObject, CKA_PRIVATE, &ckfalse,			      sizeof (CK_BBOOL)) != CKR_OK) {        fort11_FreeObject(certObject);	return PR_FALSE;    }        /* check if the label represents a KEA key. if so, the       nickname should be made the same as the corresponding DSA       sibling cert. */            priv_key = fort11_GetKeyType(currPerson.CertLabel);    if (priv_key == KEA_KEY) {	sibling = fort11_GetSibling(currPerson.CertLabel);	/* check for failure of fort11_GetSibling.  also check that	   the sibling is not zero.  */	if (sibling > 0) {	    /* assign the KEA cert label to be the same as the	       sibling DSA label */	    sprintf (nickname, "%s", &pers_array[sibling-1].CertLabel[8] );	} else {	    sprintf (nickname, "%s", &currPerson.CertLabel[8]);	}    } else {        sprintf (nickname, "%s", &currPerson.CertLabel[8]);    }    cursor = nickname+PORT_Strlen(nickname)-1;    while ((*cursor) == ' ') {        cursor--;    }    cursor[1] = '\0';    if (fort11_AddAttributeType(certObject, CKA_LABEL, nickname,			      PORT_Strlen(nickname)) != CKR_OK) {        fort11_FreeObject(certObject);	return PR_FALSE;    }     if (fort11_AddAttributeType(certObject, CKA_CERTIFICATE_TYPE, &certType,			      sizeof(CK_CERTIFICATE_TYPE)) != CKR_OK) {        fort11_FreeObject(certObject);	return PR_FALSE;    }    certSize = fort11_cert_length(cert,CI_CERT_SIZE);    if (fort11_AddAttributeType (certObject, CKA_VALUE, cert, certSize)	                                                        != CI_OK) {        fort11_FreeObject(certObject);
fortpk11.c - 源码说明

本页面展示了「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509v3证书等安全协议或标准的开发库编译用到NSPR」中的 fortpk11.c 源码文件，采用 C语言编程语言编写，共 2,331 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。
虫虫下载站收录了大量与PKCS相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。
⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?