summaryrefslogtreecommitdiff
path: root/ckcapi-trust.c
diff options
context:
space:
mode:
Diffstat (limited to 'ckcapi-trust.c')
-rw-r--r--ckcapi-trust.c129
1 files changed, 62 insertions, 67 deletions
diff --git a/ckcapi-trust.c b/ckcapi-trust.c
index aa8475a..b514d04 100644
--- a/ckcapi-trust.c
+++ b/ckcapi-trust.c
@@ -4,8 +4,6 @@
#include "pkcs11/pkcs11n.h"
-#include <wincrypt.h>
-
/*
* These are the attributes expected by NSS on a trust object:
*
@@ -33,17 +31,19 @@ typedef struct _TrustObject
}
TrustObject;
-typedef struct _TrustData
+typedef struct _TrustObjectData
{
+ CkCapiObjectData base;
+
PCCERT_CONTEXT cert;
CTL_USAGE* usage;
}
-TrustData;
+TrustObjectData;
static CK_ULONG
-has_usage(TrustData* trust_data, const char* oid)
+has_usage(TrustObjectData* tdata, const char* oid)
{
- CTL_USAGE* usage = trust_data->usage;
+ CTL_USAGE* usage = tdata->usage;
DWORD i;
/* No usages, means anything goes */
@@ -62,14 +62,14 @@ has_usage(TrustData* trust_data, const char* oid)
}
static CK_RV
-trust_bool_attribute(void* obj, CK_ATTRIBUTE_TYPE type,
- CK_VOID_PTR data, CK_ULONG_PTR len)
+trust_bool_attribute(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attr)
{
CK_BBOOL val;
- ASSERT(obj);
+ ASSERT(objdata);
+ ASSERT(attr);
- switch(type)
+ switch(attr->type)
{
/*
* Resides on the token
@@ -106,19 +106,19 @@ trust_bool_attribute(void* obj, CK_ATTRIBUTE_TYPE type,
return CKR_ATTRIBUTE_TYPE_INVALID;
};
- return ckcapi_return_data(data, len, &val, sizeof(CK_BBOOL));
+ return ckcapi_return_data(attr->pValue, &attr->ulValueLen, &val, sizeof(CK_BBOOL));
}
static CK_RV
-trust_ulong_attribute(void* obj, CK_ATTRIBUTE_TYPE type,
- CK_VOID_PTR data, CK_ULONG_PTR len)
+trust_ulong_attribute(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attr)
{
- TrustData* trust_data = (TrustData*)obj;
+ TrustObjectData* tdata = (TrustObjectData*)objdata;
CK_ULONG val;
- ASSERT(obj);
+ ASSERT(tdata);
+ ASSERT(attr);
- switch(type)
+ switch(attr->type)
{
/*
@@ -133,51 +133,46 @@ trust_ulong_attribute(void* obj, CK_ATTRIBUTE_TYPE type,
* Various trust flags
*/
case CKA_TRUST_SERVER_AUTH:
- val = has_usage(trust_data, X509_USAGE_SERVER_AUTH);
+ val = has_usage(tdata, X509_USAGE_SERVER_AUTH);
break;
case CKA_TRUST_CLIENT_AUTH:
- val = has_usage(trust_data, X509_USAGE_CLIENT_AUTH);
+ val = has_usage(tdata, X509_USAGE_CLIENT_AUTH);
break;
case CKA_TRUST_CODE_SIGNING:
- val = has_usage(trust_data, X509_USAGE_CODE_SIGNING);
+ val = has_usage(tdata, X509_USAGE_CODE_SIGNING);
break;
case CKA_TRUST_EMAIL_PROTECTION:
- val = has_usage(trust_data, X509_USAGE_EMAIL);
+ val = has_usage(tdata, X509_USAGE_EMAIL);
break;
case CKA_TRUST_IPSEC_END_SYSTEM:
- val = has_usage(trust_data, X509_USAGE_IPSEC_ENDPOINT);
+ val = has_usage(tdata, X509_USAGE_IPSEC_ENDPOINT);
break;
case CKA_TRUST_IPSEC_TUNNEL:
- val = has_usage(trust_data, X509_USAGE_IPSEC_TUNNEL);
+ val = has_usage(tdata, X509_USAGE_IPSEC_TUNNEL);
break;
case CKA_TRUST_IPSEC_USER:
- val = has_usage(trust_data, X509_USAGE_IPSEC_USER);
+ val = has_usage(tdata, X509_USAGE_IPSEC_USER);
break;
case CKA_TRUST_TIME_STAMPING:
- val = has_usage(trust_data, X509_USAGE_TIME_STAMPING);
+ val = has_usage(tdata, X509_USAGE_TIME_STAMPING);
break;
default:
return CKR_ATTRIBUTE_TYPE_INVALID;
};
- if(*len < sizeof(CK_ULONG))
- {
- *len = sizeof(CK_ULONG);
- return CKR_BUFFER_TOO_SMALL;
- }
-
- return ckcapi_return_data(data, len, &val, sizeof(CK_ULONG));
+ return ckcapi_return_data(attr->pValue, &attr->ulValueLen, &val, sizeof(CK_ULONG));
}
static CK_RV
-trust_bytes_attribute(void* obj, CK_ATTRIBUTE_TYPE type,
- CK_VOID_PTR data, CK_ULONG_PTR len)
+trust_bytes_attribute(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attr)
{
- TrustData* trust_data = (TrustData*)obj;
- ASSERT(obj);
+ TrustObjectData* tdata = (TrustObjectData*)objdata;
+
+ ASSERT(tdata);
+ ASSERT(attr);
- switch(type)
+ switch(attr->type)
{
/*
* Forward these through to the certificate itself.
@@ -186,18 +181,18 @@ trust_bytes_attribute(void* obj, CK_ATTRIBUTE_TYPE type,
case CKA_ISSUER:
case CKA_SERIAL_NUMBER:
case CKA_LABEL:
- ASSERT(trust_data->cert);
- return ckcapi_cert_get_bytes_attribute((void*)(trust_data->cert),
- type, data, len);
+ ASSERT(tdata->cert);
+ return ckcapi_cert_certificate_get_bytes(tdata->cert, attr);
/*
* The hash of the DER encoded certificate.
*/
case CKA_CERT_MD5_HASH:
case CKA_CERT_SHA1_HASH:
- if(!CryptHashCertificate(0, type == CKA_CERT_MD5_HASH ? CALG_MD5 : CALG_SHA1,
- 0, trust_data->cert->pbCertEncoded,
- trust_data->cert->cbCertEncoded, data, (DWORD*)len))
+ if(!CryptHashCertificate(0, attr->type == CKA_CERT_MD5_HASH ? CALG_MD5 : CALG_SHA1,
+ 0, tdata->cert->pbCertEncoded,
+ tdata->cert->cbCertEncoded, attr->pValue,
+ (DWORD*)(&attr->ulValueLen)))
return ckcapi_winerr_to_ckr(GetLastError());
return CKR_OK;
};
@@ -206,8 +201,7 @@ trust_bytes_attribute(void* obj, CK_ATTRIBUTE_TYPE type,
}
static CK_RV
-trust_date_attribute(void* obj, CK_ATTRIBUTE_TYPE type,
- CK_VOID_PTR data, CK_ULONG_PTR len)
+trust_date_attribute(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attr)
{
return CKR_ATTRIBUTE_TYPE_INVALID;
}
@@ -215,16 +209,16 @@ trust_date_attribute(void* obj, CK_ATTRIBUTE_TYPE type,
static void
trust_release(void* data)
{
- TrustData* trust_data = (TrustData*)data;
- ASSERT(trust_data);
+ TrustObjectData* tdata = (TrustObjectData*)data;
+ ASSERT(tdata);
- ASSERT(trust_data->cert);
- CertFreeCertificateContext(trust_data->cert);
+ ASSERT(tdata->cert);
+ CertFreeCertificateContext(tdata->cert);
- if(trust_data->usage)
- free(trust_data->usage);
+ if(tdata->usage)
+ free(tdata->usage);
- free(trust_data);
+ free(tdata);
}
static const CkCapiObjectDataVtable trust_objdata_vtable = {
@@ -236,16 +230,16 @@ static const CkCapiObjectDataVtable trust_objdata_vtable = {
};
static CK_RV
-parse_usage(TrustData* trust_data)
+parse_usage(TrustObjectData* tdata)
{
DWORD size, usize, err;
CTL_USAGE* usage;
void* buf;
- ASSERT(!trust_data->usage);
+ ASSERT(!tdata->usage);
/* Get the size of the usage property */
- if(!CertGetCertificateContextProperty(trust_data->cert, CERT_CTL_USAGE_PROP_ID,
+ if(!CertGetCertificateContextProperty(tdata->cert, CERT_CTL_USAGE_PROP_ID,
NULL, &size))
{
err = GetLastError();
@@ -258,7 +252,7 @@ parse_usage(TrustData* trust_data)
/* Now get the actual usage property */
buf = _alloca(size);
- if(!CertGetCertificateContextProperty(trust_data->cert, CERT_CTL_USAGE_PROP_ID,
+ if(!CertGetCertificateContextProperty(tdata->cert, CERT_CTL_USAGE_PROP_ID,
buf, &size))
{
err = GetLastError();
@@ -283,15 +277,15 @@ parse_usage(TrustData* trust_data)
return ckcapi_winerr_to_ckr(GetLastError());
}
- trust_data->usage = usage;
+ tdata->usage = usage;
return CKR_OK;
}
static CK_RV
-trust_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData* objdata)
+trust_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData** objdata)
{
TrustObject* tobj = (TrustObject*)obj;
- TrustData* trust_data;
+ TrustObjectData* tdata;
CkCapiObjectData* certdata;
CK_RV ret;
@@ -303,27 +297,28 @@ trust_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData* objdat
if(ret != CKR_OK)
return ret;
- trust_data = (TrustData*)calloc(1, sizeof(TrustData));
- if(!trust_data)
+ tdata = (TrustObjectData*)calloc(1, sizeof(TrustObjectData));
+ if(!tdata)
return CKR_HOST_MEMORY;
- ASSERT(certdata->data);
- trust_data->cert = certdata->data;
+ tdata->cert = ckcapi_cert_object_data_get_certificate (certdata);
+ ASSERT(tdata->cert);
/* Dig up the usage data */
- ret = parse_usage(trust_data);
+ ret = parse_usage(tdata);
if(ret != CKR_OK)
{
- free(trust_data);
+ free(tdata);
return ret;
}
/* And keep a reference to the certificate */
- trust_data->cert = CertDuplicateCertificateContext((PCCERT_CONTEXT)(certdata->data));
+ tdata->cert = CertDuplicateCertificateContext(tdata->cert);
- objdata->data = trust_data;
- objdata->data_funcs = &trust_objdata_vtable;
+ tdata->base.object = obj->id;
+ tdata->base.data_funcs = &trust_objdata_vtable;
+ *objdata = &(tdata->base);
return CKR_OK;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-06 18:20:05 +0000