|
|
|
@ -35,6 +35,10 @@ |
|
|
|
/*! @defgroup cryptokitypes Cryptoki C++ Types and Auxiliary */ |
|
|
|
/*! @defgroup cryptokitypes Cryptoki C++ Types and Auxiliary */ |
|
|
|
/*! @defgroup cryptokiexceptions Cryptoki Exceptions */ |
|
|
|
/*! @defgroup cryptokiexceptions Cryptoki Exceptions */ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#ifndef CRYPTOKI_LOG |
|
|
|
|
|
|
|
#define CRYPTOKI_LOG(X) |
|
|
|
|
|
|
|
#endif |
|
|
|
|
|
|
|
|
|
|
|
#ifndef CRYPTOKI_FN_LOG |
|
|
|
#ifndef CRYPTOKI_FN_LOG |
|
|
|
#include <iostream> |
|
|
|
#include <iostream> |
|
|
|
#if __GNUC__ >= 2 |
|
|
|
#if __GNUC__ >= 2 |
|
|
|
@ -287,7 +291,7 @@ namespace cryptoki { |
|
|
|
operator CK_ATTRIBUTE() const { |
|
|
|
operator CK_ATTRIBUTE() const { |
|
|
|
CK_ATTRIBUTE a; |
|
|
|
CK_ATTRIBUTE a; |
|
|
|
a.type = type; |
|
|
|
a.type = type; |
|
|
|
a.pValue = const_cast<char*>(value.begin().operator->()); |
|
|
|
a.pValue = const_cast<char*>(&value[0]); |
|
|
|
a.ulValueLen = value.size(); |
|
|
|
a.ulValueLen = value.size(); |
|
|
|
return a; |
|
|
|
return a; |
|
|
|
} |
|
|
|
} |
|
|
|
@ -360,7 +364,7 @@ namespace cryptoki { |
|
|
|
std::string readableValue() const { |
|
|
|
std::string readableValue() const { |
|
|
|
switch (type) { |
|
|
|
switch (type) { |
|
|
|
case CKA_CLASS: |
|
|
|
case CKA_CLASS: |
|
|
|
switch (*((CK_OBJECT_CLASS*)value.begin().operator->())) { |
|
|
|
switch (*((CK_OBJECT_CLASS*)&value[0])) { |
|
|
|
case CKO_DATA: return "DATA"; |
|
|
|
case CKO_DATA: return "DATA"; |
|
|
|
case CKO_CERTIFICATE: return "CERTIFICATE"; |
|
|
|
case CKO_CERTIFICATE: return "CERTIFICATE"; |
|
|
|
case CKO_PUBLIC_KEY: return "PUBLIC_KEY"; |
|
|
|
case CKO_PUBLIC_KEY: return "PUBLIC_KEY"; |
|
|
|
@ -380,7 +384,7 @@ namespace cryptoki { |
|
|
|
} |
|
|
|
} |
|
|
|
template<typename TYPE> TYPE to() const { |
|
|
|
template<typename TYPE> TYPE to() const { |
|
|
|
assert(sizeof(TYPE)==value.size()); |
|
|
|
assert(sizeof(TYPE)==value.size()); |
|
|
|
return *reinterpret_cast<const TYPE*>(value.begin().operator->()); |
|
|
|
return *reinterpret_cast<const TYPE*>(&value[0]); |
|
|
|
} |
|
|
|
} |
|
|
|
CK_ATTRIBUTE_TYPE type; |
|
|
|
CK_ATTRIBUTE_TYPE type; |
|
|
|
std::string value; |
|
|
|
std::string value; |
|
|
|
@ -963,8 +967,8 @@ namespace cryptoki { |
|
|
|
//! calls @c C_InitToken
|
|
|
|
//! calls @c C_InitToken
|
|
|
|
return check(_init->_fn->C_InitToken |
|
|
|
return check(_init->_fn->C_InitToken |
|
|
|
(_slot, |
|
|
|
(_slot, |
|
|
|
(unsigned char*)pin.begin().operator->(), pin.size(), |
|
|
|
(unsigned char*)&pin[0], pin.size(), |
|
|
|
(unsigned char*)label.fix().begin().operator->()) |
|
|
|
(unsigned char*)label.&fix()[0]) |
|
|
|
CRYPTOKI_FN_LOG("C_InitToken")); |
|
|
|
CRYPTOKI_FN_LOG("C_InitToken")); |
|
|
|
} |
|
|
|
} |
|
|
|
@endcode */ |
|
|
|
@endcode */ |
|
|
|
@ -1130,8 +1134,8 @@ namespace cryptoki { |
|
|
|
//! calls @c C_Digest
|
|
|
|
//! calls @c C_Digest
|
|
|
|
check(_slot._init->_fn->C_Digest |
|
|
|
check(_slot._init->_fn->C_Digest |
|
|
|
(_session, |
|
|
|
(_session, |
|
|
|
(unsigned char*)in.begin().operator->(), in.size(), |
|
|
|
(unsigned char*)&in[0], in.size(), |
|
|
|
(unsigned char*)res.begin().operator->(), &size), |
|
|
|
(unsigned char*)&res[0], &size), |
|
|
|
CRYPTOKI_FN_LOG("C_Digest")); |
|
|
|
CRYPTOKI_FN_LOG("C_Digest")); |
|
|
|
res.resize(size); |
|
|
|
res.resize(size); |
|
|
|
return res; |
|
|
|
return res; |
|
|
|
@ -1145,8 +1149,8 @@ namespace cryptoki { |
|
|
|
//! calls @c C_DigestEncryptUpdate
|
|
|
|
//! calls @c C_DigestEncryptUpdate
|
|
|
|
check(_slot._init->_fn->C_DigestEncryptUpdate |
|
|
|
check(_slot._init->_fn->C_DigestEncryptUpdate |
|
|
|
(_session, |
|
|
|
(_session, |
|
|
|
(unsigned char*)in.begin().operator->(), in.size(), |
|
|
|
(unsigned char*)&in[0], in.size(), |
|
|
|
(unsigned char*)res.begin().operator->(), &size), |
|
|
|
(unsigned char*)&res[0], &size), |
|
|
|
CRYPTOKI_FN_LOG("C_DigestEncryptUpdate")); |
|
|
|
CRYPTOKI_FN_LOG("C_DigestEncryptUpdate")); |
|
|
|
res.resize(size); |
|
|
|
res.resize(size); |
|
|
|
return res; |
|
|
|
return res; |
|
|
|
@ -1334,8 +1338,8 @@ namespace cryptoki { |
|
|
|
//! calls @c C_Sign
|
|
|
|
//! calls @c C_Sign
|
|
|
|
check(_slot._init->_fn->C_Sign |
|
|
|
check(_slot._init->_fn->C_Sign |
|
|
|
(_session, |
|
|
|
(_session, |
|
|
|
(unsigned char*)in.begin().operator->(), in.size(), |
|
|
|
(unsigned char*)&in[0], in.size(), |
|
|
|
(unsigned char*)res.begin().operator->(), &size), |
|
|
|
(unsigned char*)&res[0], &size), |
|
|
|
CRYPTOKI_FN_LOG("C_Sign")); |
|
|
|
CRYPTOKI_FN_LOG("C_Sign")); |
|
|
|
res.resize(size); |
|
|
|
res.resize(size); |
|
|
|
return res; |
|
|
|
return res; |
|
|
|
@ -1349,8 +1353,8 @@ namespace cryptoki { |
|
|
|
//! calls @c C_SignEncryptUpdate
|
|
|
|
//! calls @c C_SignEncryptUpdate
|
|
|
|
check(_slot._init->_fn->C_SignEncryptUpdate |
|
|
|
check(_slot._init->_fn->C_SignEncryptUpdate |
|
|
|
(_session, |
|
|
|
(_session, |
|
|
|
(unsigned char*)in.begin().operator->(), in.size(), |
|
|
|
(unsigned char*)&in[0], in.size(), |
|
|
|
(unsigned char*)res.begin().operator->(), &size), |
|
|
|
(unsigned char*)&res[0], &size), |
|
|
|
CRYPTOKI_FN_LOG("C_SignEncryptUpdate")); |
|
|
|
CRYPTOKI_FN_LOG("C_SignEncryptUpdate")); |
|
|
|
res.resize(size); |
|
|
|
res.resize(size); |
|
|
|
return res; |
|
|
|
return res; |
|
|
|
@ -1374,8 +1378,8 @@ namespace cryptoki { |
|
|
|
//! calls @c C_SignRecover
|
|
|
|
//! calls @c C_SignRecover
|
|
|
|
check(_slot._init->_fn->C_SignRecover |
|
|
|
check(_slot._init->_fn->C_SignRecover |
|
|
|
(_session, |
|
|
|
(_session, |
|
|
|
(unsigned char*)in.begin().operator->(), in.size(), |
|
|
|
(unsigned char*)&in[0], in.size(), |
|
|
|
(unsigned char*)res.begin().operator->(), &size), |
|
|
|
(unsigned char*)&res[0], &size), |
|
|
|
CRYPTOKI_FN_LOG("C_SignRecover")); |
|
|
|
CRYPTOKI_FN_LOG("C_SignRecover")); |
|
|
|
res.resize(size); |
|
|
|
res.resize(size); |
|
|
|
return res; |
|
|
|
return res; |
|
|
|
@ -1420,8 +1424,8 @@ namespace cryptoki { |
|
|
|
//! calls @c C_VerifyRecover
|
|
|
|
//! calls @c C_VerifyRecover
|
|
|
|
check(_slot._init->_fn->C_VerifyRecover |
|
|
|
check(_slot._init->_fn->C_VerifyRecover |
|
|
|
(_session, |
|
|
|
(_session, |
|
|
|
(unsigned char*)in.begin().operator->(), in.size(), |
|
|
|
(unsigned char*)&in[0], in.size(), |
|
|
|
(unsigned char*)res.begin().operator->(), &size), |
|
|
|
(unsigned char*)&res[0], &size), |
|
|
|
CRYPTOKI_FN_LOG("C_VerifyRecover")); |
|
|
|
CRYPTOKI_FN_LOG("C_VerifyRecover")); |
|
|
|
res.resize(size); |
|
|
|
res.resize(size); |
|
|
|
return res; |
|
|
|
return res; |
|
|
|
@ -1485,8 +1489,18 @@ namespace cryptoki { |
|
|
|
Functions. They provide a higher level simpler access. */ |
|
|
|
Functions. They provide a higher level simpler access. */ |
|
|
|
//@{
|
|
|
|
//@{
|
|
|
|
|
|
|
|
|
|
|
|
std::string decrypt(std::string data, CK_MECHANISM_TYPE type, |
|
|
|
std::string encrypt(const std::string& data, CK_MECHANISM_TYPE type, |
|
|
|
std::string param=std::string()) { |
|
|
|
const std::string& param=std::string()) { |
|
|
|
|
|
|
|
CRYPTOKI_LOG("log"); |
|
|
|
|
|
|
|
CRYPTOKI_LOG("encryptinit"); |
|
|
|
|
|
|
|
encryptinit(type, param); |
|
|
|
|
|
|
|
CRYPTOKI_LOG("encrypt"); |
|
|
|
|
|
|
|
return encrypt(data); |
|
|
|
|
|
|
|
//! @todo don't call encryptfinal()?
|
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
std::string decrypt(const std::string& data, CK_MECHANISM_TYPE type, |
|
|
|
|
|
|
|
const std::string& param=std::string()) { |
|
|
|
CRYPTOKI_LOG("log"); |
|
|
|
CRYPTOKI_LOG("log"); |
|
|
|
CRYPTOKI_LOG("decryptinit"); |
|
|
|
CRYPTOKI_LOG("decryptinit"); |
|
|
|
decryptinit(type, param); |
|
|
|
decryptinit(type, param); |
|
|
|
@ -1550,7 +1564,7 @@ namespace cryptoki { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
//! requires decryptinit to be called before
|
|
|
|
//! requires decryptinit to be called before
|
|
|
|
std::string decrypt(std::string in) { |
|
|
|
std::string decrypt(const std::string& in) { |
|
|
|
CRYPTOKI_LOG("log"); |
|
|
|
CRYPTOKI_LOG("log"); |
|
|
|
std::string res; |
|
|
|
std::string res; |
|
|
|
CK_ULONG size(0); // two calls, first to get minimum buffer length
|
|
|
|
CK_ULONG size(0); // two calls, first to get minimum buffer length
|
|
|
|
@ -1580,8 +1594,8 @@ namespace cryptoki { |
|
|
|
//! calls @c C_DecryptDigestUpdate
|
|
|
|
//! calls @c C_DecryptDigestUpdate
|
|
|
|
check(_session._slot._init->_fn->C_DecryptDigestUpdate |
|
|
|
check(_session._slot._init->_fn->C_DecryptDigestUpdate |
|
|
|
(_session._session, |
|
|
|
(_session._session, |
|
|
|
(unsigned char*)in.begin().operator->(), in.size(), |
|
|
|
(unsigned char*)&in[0], in.size(), |
|
|
|
(unsigned char*)res.begin().operator->(), &size), |
|
|
|
(unsigned char*)&res[0], &size), |
|
|
|
CRYPTOKI_FN_LOG("C_DecryptDigestUpdate")); |
|
|
|
CRYPTOKI_FN_LOG("C_DecryptDigestUpdate")); |
|
|
|
res.resize(size); |
|
|
|
res.resize(size); |
|
|
|
return res; |
|
|
|
return res; |
|
|
|
@ -1604,8 +1618,8 @@ namespace cryptoki { |
|
|
|
//! calls @c C_DecryptUpdate
|
|
|
|
//! calls @c C_DecryptUpdate
|
|
|
|
check(_session._slot._init->_fn->C_DecryptUpdate |
|
|
|
check(_session._slot._init->_fn->C_DecryptUpdate |
|
|
|
(_session._session, |
|
|
|
(_session._session, |
|
|
|
(unsigned char*)in.begin().operator->(), in.size(), |
|
|
|
(unsigned char*)&in[0], in.size(), |
|
|
|
(unsigned char*)res.begin().operator->(), &size), |
|
|
|
(unsigned char*)&res[0], &size), |
|
|
|
CRYPTOKI_FN_LOG("C_DecryptUpdate")); |
|
|
|
CRYPTOKI_FN_LOG("C_DecryptUpdate")); |
|
|
|
res.resize(size); |
|
|
|
res.resize(size); |
|
|
|
return res; |
|
|
|
return res; |
|
|
|
@ -1619,8 +1633,8 @@ namespace cryptoki { |
|
|
|
//! calls @c C_DecryptVerifyUpdate
|
|
|
|
//! calls @c C_DecryptVerifyUpdate
|
|
|
|
check(_session._slot._init->_fn->C_DecryptVerifyUpdate |
|
|
|
check(_session._slot._init->_fn->C_DecryptVerifyUpdate |
|
|
|
(_session._session, |
|
|
|
(_session._session, |
|
|
|
(unsigned char*)in.begin().operator->(), in.size(), |
|
|
|
(unsigned char*)&in[0], in.size(), |
|
|
|
(unsigned char*)res.begin().operator->(), &size), |
|
|
|
(unsigned char*)&res[0], &size), |
|
|
|
CRYPTOKI_FN_LOG("C_DecryptVerifyUpdate")); |
|
|
|
CRYPTOKI_FN_LOG("C_DecryptVerifyUpdate")); |
|
|
|
res.resize(size); |
|
|
|
res.resize(size); |
|
|
|
return res; |
|
|
|
return res; |
|
|
|
@ -1656,27 +1670,35 @@ namespace cryptoki { |
|
|
|
} |
|
|
|
} |
|
|
|
@endcode */ |
|
|
|
@endcode */ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
bool encryptinit(CK_MECHANISM_TYPE type, const std::string& param) { |
|
|
|
/*! @todo Not implemented:
|
|
|
|
CRYPTOKI_LOG("log"); |
|
|
|
@code |
|
|
|
CK_MECHANISM mech = { |
|
|
|
bool encryptinit() { |
|
|
|
type, param.size()?(void*)¶m[0]:0, param.size() |
|
|
|
CRYPTOKI_LOG("log"); |
|
|
|
}; |
|
|
|
|
|
|
|
CRYPTOKI_LOG("encryptinit: type="<<type<<"; mech=("<<mech.mechanism |
|
|
|
|
|
|
|
<<", "<<mech.pParameter<<", "<<mech.ulParameterLen<<')'); |
|
|
|
//! calls @c C_EncryptInit
|
|
|
|
//! calls @c C_EncryptInit
|
|
|
|
return check(_session._slot._init->_fn->C_EncryptInit(_session._session, CK_MECHANISM_PTR, CK_OBJECT_HANDLE), |
|
|
|
return check(_session._slot._init->_fn->C_EncryptInit |
|
|
|
|
|
|
|
(_session._session, &mech, _object), |
|
|
|
CRYPTOKI_FN_LOG("C_EncryptInit")); |
|
|
|
CRYPTOKI_FN_LOG("C_EncryptInit")); |
|
|
|
} |
|
|
|
} |
|
|
|
@endcode */ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
std::string encrypt(std::string in) { |
|
|
|
std::string encrypt(const std::string& in) { |
|
|
|
CRYPTOKI_LOG("log"); |
|
|
|
CRYPTOKI_LOG("log"); |
|
|
|
std::string res; |
|
|
|
std::string res; |
|
|
|
res.resize(in.size()); |
|
|
|
CK_ULONG size(0); // two calls, first to get minimum buffer length
|
|
|
|
CK_ULONG size(res.size()); //! @todo check if size is ok
|
|
|
|
CRYPTOKI_LOG("get size"); |
|
|
|
//! calls @c C_Encrypt
|
|
|
|
//! calls @c C_Encrypt
|
|
|
|
check(_session._slot._init->_fn->C_Encrypt |
|
|
|
check(_session._slot._init->_fn->C_Encrypt |
|
|
|
(_session._session, |
|
|
|
(_session._session, |
|
|
|
(unsigned char*)in.begin().operator->(), in.size(), |
|
|
|
(unsigned char*)&in[0], in.size(), 0, &size), |
|
|
|
(unsigned char*)res.begin().operator->(), &size), |
|
|
|
CRYPTOKI_FN_LOG("C_Decrypt")); |
|
|
|
|
|
|
|
CRYPTOKI_LOG("maximum size is "<<size<<"Bytes"); |
|
|
|
|
|
|
|
res.resize(size, 0); |
|
|
|
|
|
|
|
check(_session._slot._init->_fn->C_Encrypt |
|
|
|
|
|
|
|
(_session._session, |
|
|
|
|
|
|
|
(unsigned char*)&in[0], in.size(), |
|
|
|
|
|
|
|
(unsigned char*)&res[0], &size), |
|
|
|
CRYPTOKI_FN_LOG("C_Encrypt")); |
|
|
|
CRYPTOKI_FN_LOG("C_Encrypt")); |
|
|
|
res.resize(size); |
|
|
|
res.resize(size); |
|
|
|
return res; |
|
|
|
return res; |
|
|
|
@ -1700,8 +1722,8 @@ namespace cryptoki { |
|
|
|
//! calls @c C_EncryptUpdate
|
|
|
|
//! calls @c C_EncryptUpdate
|
|
|
|
check(_session._slot._init->_fn->C_EncryptUpdate |
|
|
|
check(_session._slot._init->_fn->C_EncryptUpdate |
|
|
|
(_session._session, |
|
|
|
(_session._session, |
|
|
|
(unsigned char*)in.begin().operator->(), in.size(), |
|
|
|
(unsigned char*)&in[0], in.size(), |
|
|
|
(unsigned char*)res.begin().operator->(), &size), |
|
|
|
(unsigned char*)&res[0], &size), |
|
|
|
CRYPTOKI_FN_LOG("C_EncryptUpdate")); |
|
|
|
CRYPTOKI_FN_LOG("C_EncryptUpdate")); |
|
|
|
res.resize(size); |
|
|
|
res.resize(size); |
|
|
|
return res; |
|
|
|
return res; |
|
|
|
|
Marc Wäckerlin
15 years ago