32 #if defined(POLARSSL_PKCS11_C)
34 #if defined(POLARSSL_MEMORY_C)
37 #define polarssl_malloc malloc
38 #define polarssl_free free
43 int pkcs11_x509_cert_init(
x509_crt *cert, pkcs11h_certificate_t pkcs11_cert )
46 unsigned char *cert_blob = NULL;
47 size_t cert_blob_size = 0;
55 if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL, &cert_blob_size ) != CKR_OK )
62 if( NULL == cert_blob )
68 if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob, &cert_blob_size ) != CKR_OK )
83 if( NULL != cert_blob )
90 int pkcs11_priv_key_init( pkcs11_context *priv_key,
91 pkcs11h_certificate_t pkcs11_cert )
98 if( priv_key == NULL )
101 if( 0 != pkcs11_x509_cert_init( &cert, pkcs11_cert ) )
104 priv_key->len = cert.rsa.len;
105 priv_key->pkcs11h_cert = pkcs11_cert;
115 void pkcs11_priv_key_free( pkcs11_context *priv_key )
117 if( NULL != priv_key )
118 pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert );
121 int pkcs11_decrypt( pkcs11_context *ctx,
122 int mode,
size_t *olen,
123 const unsigned char *input,
124 unsigned char *output,
125 size_t output_max_len )
127 size_t input_len, output_len;
135 output_len = input_len = ctx->len;
137 if( input_len < 16 || input_len > output_max_len )
141 if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
142 input_len, NULL, &output_len ) != CKR_OK )
147 if( output_len > output_max_len )
150 if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
151 input_len, output, &output_len ) != CKR_OK )
159 int pkcs11_sign( pkcs11_context *ctx,
162 unsigned int hashlen,
163 const unsigned char *hash,
166 size_t olen, asn_len;
167 unsigned char *p = sig;
181 memcpy( p, hash, hashlen );
186 memcpy( p, ASN1_HASH_MDX, asn_len );
187 memcpy( p + asn_len, hash, hashlen );
192 memcpy( p, ASN1_HASH_MDX, asn_len );
193 memcpy( p + asn_len, hash, hashlen );
198 memcpy( p, ASN1_HASH_MDX, asn_len );
199 memcpy( p + asn_len, hash, hashlen );
204 memcpy( p, ASN1_HASH_SHA1, asn_len );
205 memcpy( p + 15, hash, hashlen );
209 asn_len =
OID_SIZE(ASN1_HASH_SHA2X);
210 memcpy( p, ASN1_HASH_SHA2X, asn_len );
211 memcpy( p + asn_len, hash, hashlen );
212 p[1] += hashlen; p[14] = 4; p[18] += hashlen;
break;
215 asn_len =
OID_SIZE(ASN1_HASH_SHA2X);
216 memcpy( p, ASN1_HASH_SHA2X, asn_len );
217 memcpy( p + asn_len, hash, hashlen );
218 p[1] += hashlen; p[14] = 1; p[18] += hashlen;
break;
221 asn_len =
OID_SIZE(ASN1_HASH_SHA2X);
222 memcpy( p, ASN1_HASH_SHA2X, asn_len );
223 memcpy( p + asn_len, hash, hashlen );
224 p[1] += hashlen; p[14] = 2; p[18] += hashlen;
break;
227 asn_len =
OID_SIZE(ASN1_HASH_SHA2X);
228 memcpy( p, ASN1_HASH_SHA2X, asn_len );
229 memcpy( p + asn_len, hash, hashlen );
230 p[1] += hashlen; p[14] = 3; p[18] += hashlen;
break;
236 if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig,
237 asn_len + hashlen, sig, &olen ) != CKR_OK )