libraries
/
libpcscxx
1
0
Fork 0
Code Issues Releases Activity
This library provides a simple and nice C++ wrapper around these libraries, so that programmers can concentrate on functionality. It offers general support for PCSC-lite, OpenSSL, PKCS#11, plus specific functionality for the SuisseID.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
249 Commits
1 Branch
12 Tags
11 MiB
Tag: Branch: Tree: f3352be9e1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f3352be9e1'
${ noResults }
libpcscxx/src/cryptoki.cxx

409 lines
16 KiB
Raw Normal View History Unescape

first test with cryptoki
15 years ago
/*! @file
@id $Id$
*/
// 1 2 3 4 5 6 7 8
// 45678901234567890123456789012345678901234567890123456789012345678901234567890
#include <cryptoki.hxx>
#include <sstream>
replaced mrw::Shared by std::shared_ptr; refs #28
11 years ago
#include <mrw/checkcxx11.hxx>
first test with cryptoki
15 years ago
#include <memory>
compiles for windoze
15 years ago
#ifndef WIN32
first test with cryptoki
15 years ago
#include <dlfcn.h>
works for certimporter on win
15 years ago
#define CK_PTR *
typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
typedef CK_RV (*CK_C_GetFunctionList)
(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
compiles for windoze
15 years ago
#else
#include <windows.h>
#undef ERROR
#endif
first test with cryptoki
15 years ago
namespace cryptoki {
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
bool Library::Init::functionList(const std::string& library) {
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
CRYPTOLOG("try to load: "<<library);
compiles for windoze
15 years ago
#ifndef WIN32
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
_lib = dlopen(library.c_str(), RTLD_NOW);
compiles for windoze
15 years ago
#else
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
_lib = LoadLibrary(library.c_str());
compiles for windoze
15 years ago
#endif
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
if (!_lib) throw exception("open of library failed: "+library);
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
CRYPTOLOG("loaded: "<<library);
compiles for windoze
15 years ago
#ifndef WIN32
fixed tons of warnings; refs #28
11 years ago
/// @bug in dlsym: returns void* but should return void(*)()
CK_C_GetFunctionList fnl
(reinterpret_cast<CK_C_GetFunctionList>
(reinterpret_cast<long long>
(dlsym(_lib, "C_GetFunctionList"))));
compiles for windoze
15 years ago
#else
fixed tons of warnings; refs #28
11 years ago
CK_C_GetFunctionList fnl
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
((CK_C_GetFunctionList)GetProcAddress(_lib, "C_GetFunctionList"));
compiles for windoze
15 years ago
#endif
fixed tons of warnings; refs #28
11 years ago
if (!fnl)
first test with cryptoki
15 years ago
throw exception("required library symbol C_GetFunctionList not found in "
+library);
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
CRYPTOLOG("Got C_GetFunctionList, now call it");
first test with cryptoki
15 years ago
//! calls @c C_GetFunctionList
fixed tons of warnings; refs #28
11 years ago
return check(fnl(&_fn), CRYPTOKI_FN_LOG("C_GetFunctionList"));
first test with cryptoki
15 years ago
}
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
bool Library::Init::check(CK_RV result, const std::string& context) {
first test with cryptoki
15 years ago
_res = result;
fixed tons of warnings; refs #28
11 years ago
if (_exc && !*this) {
if (context.size()) {
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
if (_res==CKR_PIN_INCORRECT)
throw wrong_pin(context+": "+error());
else
throw access_error(context+": "+error());
fixed tons of warnings; refs #28
11 years ago
} else {
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
if (_res==CKR_PIN_INCORRECT)
throw wrong_pin(error());
else
throw access_error(error());
fixed tons of warnings; refs #28
11 years ago
}
}
first test with cryptoki
15 years ago
return _res==CKR_OK;
}
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
std::string Library::Init::error(CK_RV res) {
first test with cryptoki
15 years ago
switch (res) {
case CKR_OK: return "CKR_OK";
case CKR_CANCEL: return "CKR_CANCEL";
case CKR_HOST_MEMORY: return "CKR_HOST_MEMORY";
case CKR_SLOT_ID_INVALID: return "CKR_SLOT_ID_INVALID";
case CKR_GENERAL_ERROR: return "CKR_GENERAL_ERROR";
case CKR_FUNCTION_FAILED: return "CKR_FUNCTION_FAILED";
case CKR_ARGUMENTS_BAD: return "CKR_ARGUMENTS_BAD";
case CKR_NO_EVENT: return "CKR_NO_EVENT";
case CKR_NEED_TO_CREATE_THREADS: return "CKR_NEED_TO_CREATE_THREADS";
case CKR_CANT_LOCK: return "CKR_CANT_LOCK";
case CKR_ATTRIBUTE_READ_ONLY: return "CKR_ATTRIBUTE_READ_ONLY";
case CKR_ATTRIBUTE_SENSITIVE: return "CKR_ATTRIBUTE_SENSITIVE";
case CKR_ATTRIBUTE_TYPE_INVALID: return "CKR_ATTRIBUTE_TYPE_INVALID";
case CKR_ATTRIBUTE_VALUE_INVALID: return "CKR_ATTRIBUTE_VALUE_INVALID";
case CKR_DATA_INVALID: return "CKR_DATA_INVALID";
case CKR_DATA_LEN_RANGE: return "CKR_DATA_LEN_RANGE";
case CKR_DEVICE_ERROR: return "CKR_DEVICE_ERROR";
case CKR_DEVICE_MEMORY: return "CKR_DEVICE_MEMORY";
case CKR_DEVICE_REMOVED: return "CKR_DEVICE_REMOVED";
case CKR_ENCRYPTED_DATA_INVALID: return "CKR_ENCRYPTED_DATA_INVALID";
case CKR_ENCRYPTED_DATA_LEN_RANGE: return "CKR_ENCRYPTED_DATA_LEN_RANGE";
case CKR_FUNCTION_CANCELED: return "CKR_FUNCTION_CANCELED";
case CKR_FUNCTION_NOT_PARALLEL: return "CKR_FUNCTION_NOT_PARALLEL";
case CKR_FUNCTION_NOT_SUPPORTED: return "CKR_FUNCTION_NOT_SUPPORTED";
case CKR_KEY_HANDLE_INVALID: return "CKR_KEY_HANDLE_INVALID";
case CKR_KEY_SIZE_RANGE: return "CKR_KEY_SIZE_RANGE";
case CKR_KEY_TYPE_INCONSISTENT: return "CKR_KEY_TYPE_INCONSISTENT";
case CKR_KEY_NOT_NEEDED: return "CKR_KEY_NOT_NEEDED";
case CKR_KEY_CHANGED: return "CKR_KEY_CHANGED";
case CKR_KEY_NEEDED: return "CKR_KEY_NEEDED";
case CKR_KEY_INDIGESTIBLE: return "CKR_KEY_INDIGESTIBLE";
case CKR_KEY_FUNCTION_NOT_PERMITTED:
return "CKR_KEY_FUNCTION_NOT_PERMITTED";
case CKR_KEY_NOT_WRAPPABLE: return "CKR_KEY_NOT_WRAPPABLE";
case CKR_KEY_UNEXTRACTABLE: return "CKR_KEY_UNEXTRACTABLE";
case CKR_MECHANISM_INVALID: return "CKR_MECHANISM_INVALID";
case CKR_MECHANISM_PARAM_INVALID: return "CKR_MECHANISM_PARAM_INVALID";
case CKR_OBJECT_HANDLE_INVALID: return "CKR_OBJECT_HANDLE_INVALID";
case CKR_OPERATION_ACTIVE: return "CKR_OPERATION_ACTIVE";
case CKR_OPERATION_NOT_INITIALIZED:
return "CKR_OPERATION_NOT_INITIALIZED";
case CKR_PIN_INCORRECT: return "CKR_PIN_INCORRECT";
case CKR_PIN_INVALID: return "CKR_PIN_INVALID";
case CKR_PIN_LEN_RANGE: return "CKR_PIN_LEN_RANGE";
case CKR_PIN_EXPIRED: return "CKR_PIN_EXPIRED";
case CKR_PIN_LOCKED: return "CKR_PIN_LOCKED";
case CKR_SESSION_CLOSED: return "CKR_SESSION_CLOSED";
case CKR_SESSION_COUNT: return "CKR_SESSION_COUNT";
case CKR_SESSION_HANDLE_INVALID: return "CKR_SESSION_HANDLE_INVALID";
case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
return "CKR_SESSION_PARALLEL_NOT_SUPPORTED";
case CKR_SESSION_READ_ONLY: return "CKR_SESSION_READ_ONLY";
case CKR_SESSION_EXISTS: return "CKR_SESSION_EXISTS";
case CKR_SESSION_READ_ONLY_EXISTS: return "CKR_SESSION_READ_ONLY_EXISTS";
case CKR_SESSION_READ_WRITE_SO_EXISTS:
return "CKR_SESSION_READ_WRITE_SO_EXISTS";
case CKR_SIGNATURE_INVALID: return "CKR_SIGNATURE_INVALID";
case CKR_SIGNATURE_LEN_RANGE: return "CKR_SIGNATURE_LEN_RANGE";
case CKR_TEMPLATE_INCOMPLETE: return "CKR_TEMPLATE_INCOMPLETE";
case CKR_TEMPLATE_INCONSISTENT: return "CKR_TEMPLATE_INCONSISTENT";
case CKR_TOKEN_NOT_PRESENT: return "CKR_TOKEN_NOT_PRESENT";
case CKR_TOKEN_NOT_RECOGNIZED: return "CKR_TOKEN_NOT_RECOGNIZED";
case CKR_TOKEN_WRITE_PROTECTED: return "CKR_TOKEN_WRITE_PROTECTED";
case CKR_UNWRAPPING_KEY_HANDLE_INVALID:
return "CKR_UNWRAPPING_KEY_HANDLE_INVALID";
case CKR_UNWRAPPING_KEY_SIZE_RANGE:
return "CKR_UNWRAPPING_KEY_SIZE_RANGE";
case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT:
return "CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT";
case CKR_USER_ALREADY_LOGGED_IN: return "CKR_USER_ALREADY_LOGGED_IN";
case CKR_USER_NOT_LOGGED_IN: return "CKR_USER_NOT_LOGGED_IN";
case CKR_USER_PIN_NOT_INITIALIZED: return "CKR_USER_PIN_NOT_INITIALIZED";
case CKR_USER_TYPE_INVALID: return "CKR_USER_TYPE_INVALID";
case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
return "CKR_USER_ANOTHER_ALREADY_LOGGED_IN";
case CKR_USER_TOO_MANY_TYPES: return "CKR_USER_TOO_MANY_TYPES";
case CKR_WRAPPED_KEY_INVALID: return "CKR_WRAPPED_KEY_INVALID";
case CKR_WRAPPED_KEY_LEN_RANGE: return "CKR_WRAPPED_KEY_LEN_RANGE";
case CKR_WRAPPING_KEY_HANDLE_INVALID:
return "CKR_WRAPPING_KEY_HANDLE_INVALID";
case CKR_WRAPPING_KEY_SIZE_RANGE: return "CKR_WRAPPING_KEY_SIZE_RANGE";
case CKR_WRAPPING_KEY_TYPE_INCONSISTENT:
return "CKR_WRAPPING_KEY_TYPE_INCONSISTENT";
case CKR_RANDOM_SEED_NOT_SUPPORTED:
return "CKR_RANDOM_SEED_NOT_SUPPORTED";
case CKR_RANDOM_NO_RNG: return "CKR_RANDOM_NO_RNG";
case CKR_DOMAIN_PARAMS_INVALID: return "CKR_DOMAIN_PARAMS_INVALID";
case CKR_BUFFER_TOO_SMALL: return "CKR_BUFFER_TOO_SMALL";
case CKR_SAVED_STATE_INVALID: return "CKR_SAVED_STATE_INVALID";
case CKR_INFORMATION_SENSITIVE: return "CKR_INFORMATION_SENSITIVE";
case CKR_STATE_UNSAVEABLE: return "CKR_STATE_UNSAVEABLE";
case CKR_CRYPTOKI_NOT_INITIALIZED: return "CKR_CRYPTOKI_NOT_INITIALIZED";
case CKR_CRYPTOKI_ALREADY_INITIALIZED:
return "CKR_CRYPTOKI_ALREADY_INITIALIZED";
case CKR_MUTEX_BAD: return "CKR_MUTEX_BAD";
case CKR_MUTEX_NOT_LOCKED: return "CKR_MUTEX_NOT_LOCKED";
case CKR_VENDOR_DEFINED: return "CKR_VENDOR_DEFINED";
default: {
std::stringstream ss;
ss<<"unknown error code ("<<res<<')';
return ss.str();
}
}
}
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
Library::Init::Init(const std::string& library, bool exc) try:
_exc(exc), _res(CKR_OK), _fn(0) {
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
CRYPTOLOG("library: "<<library);
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
//! calls @c functionList
if (!functionList(library)) return;
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
CRYPTOLOG("now initialize "<<library);
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
assert(_fn);
//! calls @c C_Initialize
check(_fn->C_Initialize(0), //! @todo add optional argument
CRYPTOKI_FN_LOG("C_Initialize"));
} catch (...) {
better logging in PCSC and first engine release; refs #11
14 years ago
throw access_error(CRYPTOKI_FN_LOG("C_Initialize")
+": Error in initialization of library "+library);
first test with cryptoki
15 years ago
}
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
Library::Init::~Init() {
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
CRYPTOLOG("log");
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
try {
//! calls @c C_Finalize
check(_fn->C_Finalize(0), CRYPTOKI_FN_LOG("C_Finalize"));
#ifndef WIN32
if (_lib) dlclose(_lib);
_lib = 0;
#else
FreeLibrary(_lib);
_lib = 0;
#endif
_fn = 0;
} catch (...) {
if (!std::uncaught_exception()) throw;
}
}
Library::Init::operator bool() {
first test with cryptoki
15 years ago
return _res==CKR_OK;
}
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
std::string Library::Init::error() {
first test with cryptoki
15 years ago
return error(_res);
works for certimporter on win
15 years ago
}
first test with cryptoki
15 years ago
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
/*! @todo Not implemented:
@code
bool Library::Init::getinfo() {
//! calls @c C_GetInfo
return check(_init._fn->C_GetInfo(CK_INFO_PTR),
CRYPTOKI_FN_LOG("C_GetInfo"));
}
@endcode */
first test with cryptoki
15 years ago
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
SlotList Library::slotList(bool tokenPresent, std::string name) {
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
CRYPTOLOG("log");
more log; refs #34
10 years ago
CRYPTOLOG("looking for card name: ")<<name<<(tokenPresent?" with token":"");
first test with cryptoki
15 years ago
SlotList res;
CK_ULONG count(0);
//! calls @c C_GetSlotList
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
_init->check(_init->_fn->C_GetSlotList(tokenPresent?TRUE:FALSE, 0, &count),
CRYPTOKI_FN_LOG("C_GetSlotList"));
more log; refs #34
10 years ago
CRYPTOLOG("found ")<<count<<" readers, result: "<<(*this?"success":"error");
first test with cryptoki
15 years ago
if (!count || !*this) return res;
CK_SLOT_ID* slots = 0;
try {
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
CK_RV r(0);
first test with cryptoki
15 years ago
do {
delete[] slots;
slots = new CK_SLOT_ID[count];
added draft lib for suisseid - by now: detect Post SuisseID; refs #28
11 years ago
r = _init->_fn->C_GetSlotList(tokenPresent?TRUE:FALSE, slots, &count);
} while (r==CKR_BUFFER_TOO_SMALL);
_init->check(r, CRYPTOKI_FN_LOG("C_GetSlotList"));
first test with cryptoki
15 years ago
if (!*this) return res;
functions to scan specific cards; refs #28
11 years ago
for (CK_ULONG i(0); i<count; ++i) {
Slot s(*this, slots[i]);
more log; refs #34
10 years ago
CRYPTOLOG("found slot ")<<s.slotinfo().slotDescription;
if (!name.size() || name==s.slotinfo().slotDescription) {
CRYPTOLOG("-> slot matches");
functions to scan specific cards; refs #28
11 years ago
res.push_back(s);
more log; refs #34
10 years ago
}
functions to scan specific cards; refs #28
11 years ago
}
first test with cryptoki
15 years ago
} catch (...) {
delete[] slots;
throw;
}
delete[] slots;
return res;
}
find objects
15 years ago
//============================================================================
ObjectList Session::find(const AttributeList& attrs) {
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
CRYPTOLOG("log");
find objects
15 years ago
ObjectList res;
CK_ATTRIBUTE* a(0);
try {
if (attrs.size()) {
first try to create
15 years ago
a = new CK_ATTRIBUTE[attrs.size()];
for (AttributeList::size_type i(0); i<attrs.size(); ++i)
a[i] = attrs[i];
find objects
15 years ago
}
//! calls @c C_FindObjectsInit
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
if (check(_slot._library->C_FindObjectsInit
find objects
15 years ago
(_session, a, attrs.size()),
CRYPTOKI_FN_LOG("C_FindObjectsInit"))) {
CK_OBJECT_HANDLE obj;
//! calls @c C_FindObjects
for (CK_ULONG objs(0);
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
check(_slot._library->C_FindObjects
find objects
15 years ago
(_session, &obj, 1, &objs),
CRYPTOKI_FN_LOG("C_FindObjects")) && objs;
res.push_back(Object(*this, obj)));
}
//! calls @c C_FindObjectsFinal
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
check(_slot._library->C_FindObjectsFinal(_session),
find objects
15 years ago
CRYPTOKI_FN_LOG("C_FindObjectsFinal"));
delete[] a;
return res;
} catch (...) {
delete[] a;
throw;
}
}
first test with cryptoki
15 years ago
now secure channel enabled
15 years ago
//----------------------------------------------------------------------------
ObjectList Session::find(const Attribute& a) {
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
CRYPTOLOG("log");
now secure channel enabled
15 years ago
AttributeList al;
al.push_back(a);
return find(al);
}
//----------------------------------------------------------------------------
ObjectList Session::find(const Attribute& a1, const Attribute& a2) {
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
CRYPTOLOG("log");
now secure channel enabled
15 years ago
AttributeList al;
al.push_back(a1);
al.push_back(a2);
return find(al);
}
first try to create
15 years ago
//----------------------------------------------------------------------------
pass label on creation
15 years ago
Object Session::create(const std::string& label, const openssl::X509& cert) {
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
CRYPTOLOG("log");
first try to create
15 years ago
AttributeList attrs;
attrs.push_back(Attribute(CKA_CLASS)
.from<CK_OBJECT_CLASS>(CKO_CERTIFICATE));
new creation attributes
15 years ago
attrs.push_back(Attribute(CKA_TOKEN).from<CK_BBOOL>(TRUE));
attrs.push_back(Attribute(CKA_PRIVATE).from<CK_BBOOL>(FALSE));
attrs.push_back(Attribute(CKA_MODIFIABLE).from<CK_BBOOL>(TRUE));
attrs.push_back(Attribute(CKA_LABEL, label));
first try to create
15 years ago
attrs.push_back(Attribute(CKA_CERTIFICATE_TYPE)
.from<CK_CERTIFICATE_TYPE>(CKC_X_509));
mor get methods in certificate
15 years ago
attrs.push_back(Attribute(CKA_SUBJECT, cert.subjectDER()));
new creation attributes
15 years ago
attrs.push_back(Attribute(CKA_ID, cert.id()));
attrs.push_back(Attribute(CKA_ISSUER, cert.issuerDER()));
attrs.push_back(Attribute(CKA_SERIAL_NUMBER, cert.serial()));
mor get methods in certificate
15 years ago
attrs.push_back(Attribute(CKA_VALUE, cert.valueDER()));
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
CRYPTOLOG("create: serial = "<<crypto::hex(cert.serial()));
auxiliaries are now in cryptaux.hxx; some get methods for openssl::X509
15 years ago
return create(attrs);
}
works for certimporter on win
15 years ago
pass label on creation
15 years ago
Object Session::create(const std::string& label,
create and delete with certificate and key
15 years ago
const openssl::PrivateKey& key,
const openssl::X509& cert) {
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
CRYPTOLOG("log");
create and delete with certificate and key
15 years ago
int usage(cert.keyUsageFlags());
auxiliaries are now in cryptaux.hxx; some get methods for openssl::X509
15 years ago
AttributeList attrs;
create and delete with certificate and key
15 years ago
attrs.push_back(Attribute(CKA_CLASS)
.from<CK_OBJECT_CLASS>(CKO_PRIVATE_KEY));
attrs.push_back(Attribute(CKA_TOKEN).from<CK_BBOOL>(TRUE));
attrs.push_back(Attribute(CKA_PRIVATE).from<CK_BBOOL>(TRUE));
attrs.push_back(Attribute(CKA_MODIFIABLE).from<CK_BBOOL>(TRUE));
attrs.push_back(Attribute(CKA_LABEL, label));
attrs.push_back(Attribute(CKA_KEY_TYPE).from<CK_KEY_TYPE>(CKK_RSA));
attrs.push_back(Attribute(CKA_ID, cert.id()));
attrs.push_back(Attribute(CKA_DERIVE).from<CK_BBOOL>(FALSE));
attrs.push_back(Attribute(CKA_SUBJECT, cert.subjectDER()));
attrs.push_back(Attribute(CKA_SENSITIVE).from<CK_BBOOL>(TRUE));
attrs.push_back(Attribute(CKA_SECONDARY_AUTH).from<CK_BBOOL>(FALSE));
attrs.push_back(Attribute(CKA_DECRYPT) // Required by Doujak/Inverardi
.from<CK_BBOOL>(usage&(X509v3_KU_DATA_ENCIPHERMENT
fixed tons of warnings; refs #28
11 years ago
|(usage&X509v3_KU_KEY_ENCIPHERMENT))
create and delete with certificate and key
15 years ago
?TRUE:FALSE)); // instead of CKA_UNWRAP
attrs.push_back(Attribute(CKA_SIGN)
.from<CK_BBOOL>(usage&(X509v3_KU_DIGITAL_SIGNATURE
|X509v3_KU_NON_REPUDIATION)
?TRUE:FALSE));
attrs.push_back(Attribute(CKA_SIGN_RECOVER) // same as CKA_SIGN
.from<CK_BBOOL>(usage&(X509v3_KU_DIGITAL_SIGNATURE
|X509v3_KU_NON_REPUDIATION)
?TRUE:FALSE));
attrs.push_back(Attribute(CKA_EXTRACTABLE).from<CK_BBOOL>(FALSE));
attrs.push_back(Attribute(CKA_MODULUS, key.modulus()));
attrs.push_back(Attribute(CKA_PUBLIC_EXPONENT, key.publicExponent()));
attrs.push_back(Attribute(CKA_PRIVATE_EXPONENT, key.privateExponent()));
attrs.push_back(Attribute(CKA_PRIME_1, key.prime1()));
attrs.push_back(Attribute(CKA_PRIME_2, key.prime2()));
attrs.push_back(Attribute(CKA_EXPONENT_1, key.exponent1()));
attrs.push_back(Attribute(CKA_EXPONENT_2, key.exponent2()));
attrs.push_back(Attribute(CKA_COEFFICIENT, key.coefficient()));
auxiliaries are now in cryptaux.hxx; some get methods for openssl::X509
15 years ago
return create(attrs);
}
works for certimporter on win
15 years ago
first try to create
15 years ago
//----------------------------------------------------------------------------
Object Session::create(const AttributeList& attrs) {
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
CRYPTOLOG("log");
first try to create
15 years ago
CK_ATTRIBUTE* a(0);
try {
if (attrs.size()) {
a = new CK_ATTRIBUTE[attrs.size()];
for (AttributeList::size_type i(0); i<attrs.size(); ++i)
a[i] = attrs[i];
}
destroy object
15 years ago
for (AttributeList::size_type i(0); i<attrs.size(); ++i) {
std::string value((char*)a[i].pValue, a[i].ulValueLen);
Attribute xxx(a[i].type, value);
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
CRYPTOLOG("Attribute: "<<xxx.name()<<" = "<<xxx.readableValue());
destroy object
15 years ago
};
first try to create
15 years ago
CK_OBJECT_HANDLE object;
//! calls @c C_CreateObject
Added all SuisseID Functionality except certificate import from server, which shall remain closed; refs #28
11 years ago
check(_slot._library->C_CreateObject
first try to create
15 years ago
(_session, a, attrs.size(), &object),
CRYPTOKI_FN_LOG("C_CreateObject"));
delete[] a;
return Object(*this, object);
} catch (...) {
delete[] a;
throw;
}
}
first test with cryptoki
15 years ago
}