diff options
Diffstat (limited to 'ckcapi-trust.c')
-rw-r--r-- | ckcapi-trust.c | 129 |
1 files changed, 62 insertions, 67 deletions
diff --git a/ckcapi-trust.c b/ckcapi-trust.c index aa8475a..b514d04 100644 --- a/ckcapi-trust.c +++ b/ckcapi-trust.c @@ -4,8 +4,6 @@ #include "pkcs11/pkcs11n.h" -#include <wincrypt.h> - /* * These are the attributes expected by NSS on a trust object: * @@ -33,17 +31,19 @@ typedef struct _TrustObject } TrustObject; -typedef struct _TrustData +typedef struct _TrustObjectData { + CkCapiObjectData base; + PCCERT_CONTEXT cert; CTL_USAGE* usage; } -TrustData; +TrustObjectData; static CK_ULONG -has_usage(TrustData* trust_data, const char* oid) +has_usage(TrustObjectData* tdata, const char* oid) { - CTL_USAGE* usage = trust_data->usage; + CTL_USAGE* usage = tdata->usage; DWORD i; /* No usages, means anything goes */ @@ -62,14 +62,14 @@ has_usage(TrustData* trust_data, const char* oid) } static CK_RV -trust_bool_attribute(void* obj, CK_ATTRIBUTE_TYPE type, - CK_VOID_PTR data, CK_ULONG_PTR len) +trust_bool_attribute(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attr) { CK_BBOOL val; - ASSERT(obj); + ASSERT(objdata); + ASSERT(attr); - switch(type) + switch(attr->type) { /* * Resides on the token @@ -106,19 +106,19 @@ trust_bool_attribute(void* obj, CK_ATTRIBUTE_TYPE type, return CKR_ATTRIBUTE_TYPE_INVALID; }; - return ckcapi_return_data(data, len, &val, sizeof(CK_BBOOL)); + return ckcapi_return_data(attr->pValue, &attr->ulValueLen, &val, sizeof(CK_BBOOL)); } static CK_RV -trust_ulong_attribute(void* obj, CK_ATTRIBUTE_TYPE type, - CK_VOID_PTR data, CK_ULONG_PTR len) +trust_ulong_attribute(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attr) { - TrustData* trust_data = (TrustData*)obj; + TrustObjectData* tdata = (TrustObjectData*)objdata; CK_ULONG val; - ASSERT(obj); + ASSERT(tdata); + ASSERT(attr); - switch(type) + switch(attr->type) { /* @@ -133,51 +133,46 @@ trust_ulong_attribute(void* obj, CK_ATTRIBUTE_TYPE type, * Various trust flags */ case CKA_TRUST_SERVER_AUTH: - val = has_usage(trust_data, X509_USAGE_SERVER_AUTH); + val = has_usage(tdata, X509_USAGE_SERVER_AUTH); break; case CKA_TRUST_CLIENT_AUTH: - val = has_usage(trust_data, X509_USAGE_CLIENT_AUTH); + val = has_usage(tdata, X509_USAGE_CLIENT_AUTH); break; case CKA_TRUST_CODE_SIGNING: - val = has_usage(trust_data, X509_USAGE_CODE_SIGNING); + val = has_usage(tdata, X509_USAGE_CODE_SIGNING); break; case CKA_TRUST_EMAIL_PROTECTION: - val = has_usage(trust_data, X509_USAGE_EMAIL); + val = has_usage(tdata, X509_USAGE_EMAIL); break; case CKA_TRUST_IPSEC_END_SYSTEM: - val = has_usage(trust_data, X509_USAGE_IPSEC_ENDPOINT); + val = has_usage(tdata, X509_USAGE_IPSEC_ENDPOINT); break; case CKA_TRUST_IPSEC_TUNNEL: - val = has_usage(trust_data, X509_USAGE_IPSEC_TUNNEL); + val = has_usage(tdata, X509_USAGE_IPSEC_TUNNEL); break; case CKA_TRUST_IPSEC_USER: - val = has_usage(trust_data, X509_USAGE_IPSEC_USER); + val = has_usage(tdata, X509_USAGE_IPSEC_USER); break; case CKA_TRUST_TIME_STAMPING: - val = has_usage(trust_data, X509_USAGE_TIME_STAMPING); + val = has_usage(tdata, X509_USAGE_TIME_STAMPING); break; default: return CKR_ATTRIBUTE_TYPE_INVALID; }; - if(*len < sizeof(CK_ULONG)) - { - *len = sizeof(CK_ULONG); - return CKR_BUFFER_TOO_SMALL; - } - - return ckcapi_return_data(data, len, &val, sizeof(CK_ULONG)); + return ckcapi_return_data(attr->pValue, &attr->ulValueLen, &val, sizeof(CK_ULONG)); } static CK_RV -trust_bytes_attribute(void* obj, CK_ATTRIBUTE_TYPE type, - CK_VOID_PTR data, CK_ULONG_PTR len) +trust_bytes_attribute(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attr) { - TrustData* trust_data = (TrustData*)obj; - ASSERT(obj); + TrustObjectData* tdata = (TrustObjectData*)objdata; + + ASSERT(tdata); + ASSERT(attr); - switch(type) + switch(attr->type) { /* * Forward these through to the certificate itself. @@ -186,18 +181,18 @@ trust_bytes_attribute(void* obj, CK_ATTRIBUTE_TYPE type, case CKA_ISSUER: case CKA_SERIAL_NUMBER: case CKA_LABEL: - ASSERT(trust_data->cert); - return ckcapi_cert_get_bytes_attribute((void*)(trust_data->cert), - type, data, len); + ASSERT(tdata->cert); + return ckcapi_cert_certificate_get_bytes(tdata->cert, attr); /* * The hash of the DER encoded certificate. */ case CKA_CERT_MD5_HASH: case CKA_CERT_SHA1_HASH: - if(!CryptHashCertificate(0, type == CKA_CERT_MD5_HASH ? CALG_MD5 : CALG_SHA1, - 0, trust_data->cert->pbCertEncoded, - trust_data->cert->cbCertEncoded, data, (DWORD*)len)) + if(!CryptHashCertificate(0, attr->type == CKA_CERT_MD5_HASH ? CALG_MD5 : CALG_SHA1, + 0, tdata->cert->pbCertEncoded, + tdata->cert->cbCertEncoded, attr->pValue, + (DWORD*)(&attr->ulValueLen))) return ckcapi_winerr_to_ckr(GetLastError()); return CKR_OK; }; @@ -206,8 +201,7 @@ trust_bytes_attribute(void* obj, CK_ATTRIBUTE_TYPE type, } static CK_RV -trust_date_attribute(void* obj, CK_ATTRIBUTE_TYPE type, - CK_VOID_PTR data, CK_ULONG_PTR len) +trust_date_attribute(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attr) { return CKR_ATTRIBUTE_TYPE_INVALID; } @@ -215,16 +209,16 @@ trust_date_attribute(void* obj, CK_ATTRIBUTE_TYPE type, static void trust_release(void* data) { - TrustData* trust_data = (TrustData*)data; - ASSERT(trust_data); + TrustObjectData* tdata = (TrustObjectData*)data; + ASSERT(tdata); - ASSERT(trust_data->cert); - CertFreeCertificateContext(trust_data->cert); + ASSERT(tdata->cert); + CertFreeCertificateContext(tdata->cert); - if(trust_data->usage) - free(trust_data->usage); + if(tdata->usage) + free(tdata->usage); - free(trust_data); + free(tdata); } static const CkCapiObjectDataVtable trust_objdata_vtable = { @@ -236,16 +230,16 @@ static const CkCapiObjectDataVtable trust_objdata_vtable = { }; static CK_RV -parse_usage(TrustData* trust_data) +parse_usage(TrustObjectData* tdata) { DWORD size, usize, err; CTL_USAGE* usage; void* buf; - ASSERT(!trust_data->usage); + ASSERT(!tdata->usage); /* Get the size of the usage property */ - if(!CertGetCertificateContextProperty(trust_data->cert, CERT_CTL_USAGE_PROP_ID, + if(!CertGetCertificateContextProperty(tdata->cert, CERT_CTL_USAGE_PROP_ID, NULL, &size)) { err = GetLastError(); @@ -258,7 +252,7 @@ parse_usage(TrustData* trust_data) /* Now get the actual usage property */ buf = _alloca(size); - if(!CertGetCertificateContextProperty(trust_data->cert, CERT_CTL_USAGE_PROP_ID, + if(!CertGetCertificateContextProperty(tdata->cert, CERT_CTL_USAGE_PROP_ID, buf, &size)) { err = GetLastError(); @@ -283,15 +277,15 @@ parse_usage(TrustData* trust_data) return ckcapi_winerr_to_ckr(GetLastError()); } - trust_data->usage = usage; + tdata->usage = usage; return CKR_OK; } static CK_RV -trust_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData* objdata) +trust_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData** objdata) { TrustObject* tobj = (TrustObject*)obj; - TrustData* trust_data; + TrustObjectData* tdata; CkCapiObjectData* certdata; CK_RV ret; @@ -303,27 +297,28 @@ trust_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData* objdat if(ret != CKR_OK) return ret; - trust_data = (TrustData*)calloc(1, sizeof(TrustData)); - if(!trust_data) + tdata = (TrustObjectData*)calloc(1, sizeof(TrustObjectData)); + if(!tdata) return CKR_HOST_MEMORY; - ASSERT(certdata->data); - trust_data->cert = certdata->data; + tdata->cert = ckcapi_cert_object_data_get_certificate (certdata); + ASSERT(tdata->cert); /* Dig up the usage data */ - ret = parse_usage(trust_data); + ret = parse_usage(tdata); if(ret != CKR_OK) { - free(trust_data); + free(tdata); return ret; } /* And keep a reference to the certificate */ - trust_data->cert = CertDuplicateCertificateContext((PCCERT_CONTEXT)(certdata->data)); + tdata->cert = CertDuplicateCertificateContext(tdata->cert); - objdata->data = trust_data; - objdata->data_funcs = &trust_objdata_vtable; + tdata->base.object = obj->id; + tdata->base.data_funcs = &trust_objdata_vtable; + *objdata = &(tdata->base); return CKR_OK; } |