diff --git a/lib/hx509/softp11.c b/lib/hx509/softp11.c index 518651dbc..d94762652 100644 --- a/lib/hx509/softp11.c +++ b/lib/hx509/softp11.c @@ -80,15 +80,10 @@ static struct soft_token { int next_object; } find; - int encrypt_object; - CK_MECHANISM_PTR encrypt_mechanism; - int decrypt_object; - CK_MECHANISM_PTR decrypt_mechanism; int sign_object; CK_MECHANISM_PTR sign_mechanism; int verify_object; CK_MECHANISM_PTR verify_mechanism; - int digest_object; } state[10]; #define MAX_NUM_SESSION (sizeof(soft_token.state)/sizeof(soft_token.state[0])) FILE *logfile; @@ -648,14 +643,6 @@ find_object_final(struct session_state *state) static void reset_crypto_state(struct session_state *state) { - state->encrypt_object = -1; - if (state->encrypt_mechanism) - free(state->encrypt_mechanism); - state->encrypt_mechanism = NULL_PTR; - state->decrypt_object = -1; - if (state->decrypt_mechanism) - free(state->decrypt_mechanism); - state->decrypt_mechanism = NULL_PTR; state->sign_object = -1; if (state->sign_mechanism) free(state->sign_mechanism); @@ -664,7 +651,6 @@ reset_crypto_state(struct session_state *state) if (state->verify_mechanism) free(state->verify_mechanism); state->verify_mechanism = NULL_PTR; - state->digest_object = -1; } static void @@ -1388,317 +1374,6 @@ dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism) return CKR_OK; } -#if 0 - -CK_RV -C_EncryptInit(CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey) -{ - struct session_state *state; - CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS }; - CK_BBOOL bool_true = CK_TRUE; - CK_ATTRIBUTE attr[] = { - { CKA_ENCRYPT, &bool_true, sizeof(bool_true) } - }; - struct st_object *o; - CK_RV ret; - - INIT_CONTEXT(); - - st_logf("EncryptInit\n"); - VERIFY_SESSION_HANDLE(hSession, &state); - - ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), - mechs, sizeof(mechs)/sizeof(mechs[0]), - pMechanism, hKey, &o); - if (ret) - return ret; - - ret = dup_mechanism(&state->encrypt_mechanism, pMechanism); - if (ret == CKR_OK) - state->encrypt_object = OBJECT_ID(o); - - return ret; -} - -CK_RV -C_Encrypt(CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pEncryptedData, - CK_ULONG_PTR pulEncryptedDataLen) -{ - CK_RV ret = CKR_FUNCTION_NOT_SUPPORTED; -#if 0 - struct session_state *state; - struct st_object *o; - void *buffer = NULL; - RSA *rsa; - int padding, len, buffer_len, padding_len; - - INIT_CONTEXT(); - - st_logf("Encrypt\n"); - - VERIFY_SESSION_HANDLE(hSession, &state); - - if (state->encrypt_object == -1) - return CKR_ARGUMENTS_BAD; - - o = soft_token.object.objs[state->encrypt_object]; - - if (o->u.public_key == NULL) { - st_logf("public key NULL\n"); - return CKR_ARGUMENTS_BAD; - } - - rsa = o->u.public_key->pkey.rsa; - - if (rsa == NULL) - return CKR_ARGUMENTS_BAD; - - RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */ - - buffer_len = RSA_size(rsa); - - buffer = malloc(buffer_len); - if (buffer == NULL) { - ret = CKR_DEVICE_MEMORY; - goto out; - } - - ret = CKR_OK; - switch(state->encrypt_mechanism->mechanism) { - case CKM_RSA_PKCS: - padding = RSA_PKCS1_PADDING; - padding_len = RSA_PKCS1_PADDING_SIZE; - break; - default: - ret = CKR_FUNCTION_NOT_SUPPORTED; - goto out; - } - - if (buffer_len + padding_len < ulDataLen) { - ret = CKR_ARGUMENTS_BAD; - goto out; - } - - if (pulEncryptedDataLen == NULL) { - st_logf("pulEncryptedDataLen NULL\n"); - ret = CKR_ARGUMENTS_BAD; - goto out; - } - - if (pData == NULL_PTR) { - st_logf("data NULL\n"); - ret = CKR_ARGUMENTS_BAD; - goto out; - } - - len = RSA_public_encrypt(ulDataLen, pData, buffer, rsa, padding); - if (len <= 0) { - ret = CKR_DEVICE_ERROR; - goto out; - } - if (len > buffer_len) - abort(); - - if (pEncryptedData != NULL_PTR) - memcpy(pEncryptedData, buffer, len); - *pulEncryptedDataLen = len; - - out: - if (buffer) { - memset(buffer, 0, buffer_len); - free(buffer); - } -#endif - return ret; -} - -CK_RV -C_EncryptUpdate(CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen) -{ - INIT_CONTEXT(); - st_logf("EncryptUpdate\n"); - VERIFY_SESSION_HANDLE(hSession, NULL); - return CKR_FUNCTION_NOT_SUPPORTED; -} - - -CK_RV -C_EncryptFinal(CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pLastEncryptedPart, - CK_ULONG_PTR pulLastEncryptedPartLen) -{ - INIT_CONTEXT(); - st_logf("EncryptFinal\n"); - VERIFY_SESSION_HANDLE(hSession, NULL); - return CKR_FUNCTION_NOT_SUPPORTED; -} - - -/* C_DecryptInit initializes a decryption operation. */ -CK_RV -C_DecryptInit(CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey) -{ - struct session_state *state; - CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS }; - CK_BBOOL bool_true = CK_TRUE; - CK_ATTRIBUTE attr[] = { - { CKA_DECRYPT, &bool_true, sizeof(bool_true) } - }; - struct st_object *o; - CK_RV ret; - - INIT_CONTEXT(); - st_logf("DecryptInit\n"); - VERIFY_SESSION_HANDLE(hSession, &state); - - ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), - mechs, sizeof(mechs)/sizeof(mechs[0]), - pMechanism, hKey, &o); - if (ret) - return ret; - - ret = dup_mechanism(&state->decrypt_mechanism, pMechanism); - if (ret == CKR_OK) - state->decrypt_object = OBJECT_ID(o); - - return CKR_OK; -} - - -CK_RV -C_Decrypt(CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedData, - CK_ULONG ulEncryptedDataLen, - CK_BYTE_PTR pData, - CK_ULONG_PTR pulDataLen) -{ - CK_RV ret = CKR_FUNCTION_NOT_SUPPORTED; -#if 0 - struct session_state *state; - struct st_object *o; - void *buffer = NULL; - RSA *rsa; - int padding, len, buffer_len, padding_len; - - INIT_CONTEXT(); - st_logf("Decrypt\n"); - - VERIFY_SESSION_HANDLE(hSession, &state); - - if (state->decrypt_object == -1) - return CKR_ARGUMENTS_BAD; - - o = soft_token.object.objs[state->decrypt_object]; - - if (o->u.private_key.key == NULL) { - st_logf("private key NULL\n"); - return CKR_ARGUMENTS_BAD; - } - - rsa = o->u.private_key.key->pkey.rsa; - - if (rsa == NULL) - return CKR_ARGUMENTS_BAD; - - RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */ - - buffer_len = RSA_size(rsa); - - buffer = malloc(buffer_len); - if (buffer == NULL) { - ret = CKR_DEVICE_MEMORY; - goto out; - } - - ret = CKR_OK; - switch(state->decrypt_mechanism->mechanism) { - case CKM_RSA_PKCS: - padding = RSA_PKCS1_PADDING; - padding_len = RSA_PKCS1_PADDING_SIZE; - break; - default: - ret = CKR_FUNCTION_NOT_SUPPORTED; - goto out; - } - - if (buffer_len + padding_len < ulEncryptedDataLen) { - ret = CKR_ARGUMENTS_BAD; - goto out; - } - - if (pulDataLen == NULL) { - st_logf("pulDataLen NULL\n"); - ret = CKR_ARGUMENTS_BAD; - goto out; - } - - if (pEncryptedData == NULL_PTR) { - st_logf("data NULL\n"); - ret = CKR_ARGUMENTS_BAD; - goto out; - } - - len = RSA_private_decrypt(ulEncryptedDataLen, pEncryptedData, buffer, - rsa, padding); - if (len <= 0) { - ret = CKR_DEVICE_ERROR; - goto out; - } - if (len > buffer_len) - abort(); - - if (pData != NULL_PTR) - memcpy(pData, buffer, len); - *pulDataLen = len; - - out: - if (buffer) { - memset(buffer, 0, buffer_len); - free(buffer); - } -#endif - return ret; -} - - -CK_RV -C_DecryptUpdate(CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen) - -{ - st_logf("DecryptUpdate\n"); - INIT_CONTEXT(); - VERIFY_SESSION_HANDLE(hSession, NULL); - return CKR_FUNCTION_NOT_SUPPORTED; -} - - -CK_RV -C_DecryptFinal(CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pLastPart, - CK_ULONG_PTR pulLastPartLen) -{ - st_logf("DecryptFinal\n"); - INIT_CONTEXT(); - VERIFY_SESSION_HANDLE(hSession, NULL); - return CKR_FUNCTION_NOT_SUPPORTED; -} -#endif - CK_RV C_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism)