|
|
|
@ -18,6 +18,8 @@ |
|
|
|
|
#include <sstream> |
|
|
|
|
#include <cstdlib> // malloc/free |
|
|
|
|
|
|
|
|
|
#include <iostream> // debug |
|
|
|
|
|
|
|
|
|
//! C++ Wrapper around Cryptoki API
|
|
|
|
|
namespace cryptoki { |
|
|
|
|
|
|
|
|
@ -88,12 +90,80 @@ namespace cryptoki { |
|
|
|
|
value = v; |
|
|
|
|
return *this; |
|
|
|
|
} |
|
|
|
|
std::string name() { |
|
|
|
|
switch (type) { |
|
|
|
|
case CKA_CLASS: return "CKA_CLASS"; |
|
|
|
|
case CKA_TOKEN: return "CKA_TOKEN"; |
|
|
|
|
case CKA_PRIVATE: return "CKA_PRIVATE"; |
|
|
|
|
case CKA_LABEL: return "CKA_LABEL"; |
|
|
|
|
case CKA_APPLICATION: return "CKA_APPLICATION"; |
|
|
|
|
case CKA_VALUE: return "CKA_VALUE"; |
|
|
|
|
case CKA_OBJECT_ID: return "CKA_OBJECT_ID"; |
|
|
|
|
case CKA_CERTIFICATE_TYPE: return "CKA_CERTIFICATE_TYPE"; |
|
|
|
|
case CKA_ISSUER: return "CKA_ISSUER"; |
|
|
|
|
case CKA_SERIAL_NUMBER: return "CKA_SERIAL_NUMBER"; |
|
|
|
|
case CKA_AC_ISSUER: return "CKA_AC_ISSUER"; |
|
|
|
|
case CKA_OWNER: return "CKA_OWNER"; |
|
|
|
|
case CKA_ATTR_TYPES: return "CKA_ATTR_TYPES"; |
|
|
|
|
case CKA_TRUSTED: return "CKA_TRUSTED"; |
|
|
|
|
case CKA_KEY_TYPE: return "CKA_KEY_TYPE"; |
|
|
|
|
case CKA_SUBJECT: return "CKA_SUBJECT"; |
|
|
|
|
case CKA_ID: return "CKA_ID"; |
|
|
|
|
case CKA_SENSITIVE: return "CKA_SENSITIVE"; |
|
|
|
|
case CKA_ENCRYPT: return "CKA_ENCRYPT"; |
|
|
|
|
case CKA_DECRYPT: return "CKA_DECRYPT"; |
|
|
|
|
case CKA_WRAP: return "CKA_WRAP"; |
|
|
|
|
case CKA_UNWRAP: return "CKA_UNWRAP"; |
|
|
|
|
case CKA_SIGN: return "CKA_SIGN"; |
|
|
|
|
case CKA_SIGN_RECOVER: return "CKA_SIGN_RECOVER"; |
|
|
|
|
case CKA_VERIFY: return "CKA_VERIFY"; |
|
|
|
|
case CKA_VERIFY_RECOVER: return "CKA_VERIFY_RECOVER"; |
|
|
|
|
case CKA_DERIVE: return "CKA_DERIVE"; |
|
|
|
|
case CKA_START_DATE: return "CKA_START_DATE"; |
|
|
|
|
case CKA_END_DATE: return "CKA_END_DATE"; |
|
|
|
|
case CKA_MODULUS: return "CKA_MODULUS"; |
|
|
|
|
case CKA_MODULUS_BITS: return "CKA_MODULUS_BITS"; |
|
|
|
|
case CKA_PUBLIC_EXPONENT: return "CKA_PUBLIC_EXPONENT"; |
|
|
|
|
case CKA_PRIVATE_EXPONENT: return "CKA_PRIVATE_EXPONENT"; |
|
|
|
|
case CKA_PRIME_1: return "CKA_PRIME_1"; |
|
|
|
|
case CKA_PRIME_2: return "CKA_PRIME_2"; |
|
|
|
|
case CKA_EXPONENT_1: return "CKA_EXPONENT_1"; |
|
|
|
|
case CKA_EXPONENT_2: return "CKA_EXPONENT_2"; |
|
|
|
|
case CKA_COEFFICIENT: return "CKA_COEFFICIENT"; |
|
|
|
|
case CKA_PRIME: return "CKA_PRIME"; |
|
|
|
|
case CKA_SUBPRIME: return "CKA_SUBPRIME"; |
|
|
|
|
case CKA_BASE: return "CKA_BASE"; |
|
|
|
|
case CKA_PRIME_BITS: return "CKA_PRIME_BITS"; |
|
|
|
|
case CKA_SUBPRIME_BITS: return "CKA_SUBPRIME_BITS"; |
|
|
|
|
case CKA_VALUE_BITS: return "CKA_VALUE_BITS"; |
|
|
|
|
case CKA_VALUE_LEN: return "CKA_VALUE_LEN"; |
|
|
|
|
case CKA_EXTRACTABLE: return "CKA_EXTRACTABLE"; |
|
|
|
|
case CKA_LOCAL: return "CKA_LOCAL"; |
|
|
|
|
case CKA_NEVER_EXTRACTABLE: return "CKA_NEVER_EXTRACTABLE"; |
|
|
|
|
case CKA_ALWAYS_SENSITIVE: return "CKA_ALWAYS_SENSITIVE"; |
|
|
|
|
case CKA_KEY_GEN_MECHANISM: return "CKA_KEY_GEN_MECHANISM"; |
|
|
|
|
case CKA_MODIFIABLE: return "CKA_MODIFIABLE"; |
|
|
|
|
//case CKA_ECDSA_PARAMS: return "CKA_ECDSA_PARAMS";
|
|
|
|
|
case CKA_EC_PARAMS: return "CKA_ECDSA_PARAMS or CKA_EC_PARAMS"; |
|
|
|
|
case CKA_EC_POINT: return "CKA_EC_POINT"; |
|
|
|
|
case CKA_SECONDARY_AUTH: return "CKA_SECONDARY_AUTH"; |
|
|
|
|
case CKA_AUTH_PIN_FLAGS: return "CKA_AUTH_PIN_FLAGS"; |
|
|
|
|
case CKA_HW_FEATURE_TYPE: return "CKA_HW_FEATURE_TYPE"; |
|
|
|
|
case CKA_RESET_ON_INIT: return "CKA_RESET_ON_INIT"; |
|
|
|
|
case CKA_HAS_RESET: return "CKA_HAS_RESET"; |
|
|
|
|
case CKA_VENDOR_DEFINED: return "CKA_VENDOR_DEFINED"; |
|
|
|
|
case CKA_IBM_OPAQUE: return "CKA_IBM_OPAQUE"; |
|
|
|
|
default: return "unknown"; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
CK_ATTRIBUTE_TYPE type; |
|
|
|
|
std::string value; |
|
|
|
|
}; |
|
|
|
|
typedef std::map<CK_ATTRIBUTE_TYPE, Attribute> AttributeMap; |
|
|
|
|
typedef std::vector<Attribute> AttributeList; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// //! Map Attribute Class to type
|
|
|
|
|
// /*! @todo to be completed ... */
|
|
|
|
|
// template<CK_ATTRIBUTE_TYPE Attribute> class AttributeType {};
|
|
|
|
@ -1261,35 +1331,128 @@ namespace cryptoki { |
|
|
|
|
} |
|
|
|
|
@endcode */ |
|
|
|
|
|
|
|
|
|
AttributeMap getattributevalue(const AttributeTypeList& attributes) { |
|
|
|
|
AttributeMap getattributevalue(AttributeTypeList attributes |
|
|
|
|
=AttributeTypeList()) { |
|
|
|
|
AttributeMap res; |
|
|
|
|
CK_ATTRIBUTE* attrs(new CK_ATTRIBUTE[attributes.size()]); |
|
|
|
|
AttributeTypeList::const_iterator it(attributes.begin()); |
|
|
|
|
for (AttributeTypeList::size_type i(0); it!=attributes.end(); ++it, ++i) |
|
|
|
|
attrs[i] = (CK_ATTRIBUTE){*it, 0, 0}; |
|
|
|
|
//! Gets all attributes, if @c attributes is empty
|
|
|
|
|
if (!attributes.size()) { |
|
|
|
|
attributes.push_back(CKA_CLASS); |
|
|
|
|
attributes.push_back(CKA_TOKEN); |
|
|
|
|
attributes.push_back(CKA_PRIVATE); |
|
|
|
|
attributes.push_back(CKA_LABEL); |
|
|
|
|
attributes.push_back(CKA_APPLICATION); |
|
|
|
|
attributes.push_back(CKA_VALUE); |
|
|
|
|
attributes.push_back(CKA_OBJECT_ID); |
|
|
|
|
attributes.push_back(CKA_CERTIFICATE_TYPE); |
|
|
|
|
attributes.push_back(CKA_ISSUER); |
|
|
|
|
attributes.push_back(CKA_SERIAL_NUMBER); |
|
|
|
|
attributes.push_back(CKA_AC_ISSUER); |
|
|
|
|
attributes.push_back(CKA_OWNER); |
|
|
|
|
attributes.push_back(CKA_ATTR_TYPES); |
|
|
|
|
attributes.push_back(CKA_TRUSTED); |
|
|
|
|
attributes.push_back(CKA_KEY_TYPE); |
|
|
|
|
attributes.push_back(CKA_SUBJECT); |
|
|
|
|
attributes.push_back(CKA_ID); |
|
|
|
|
attributes.push_back(CKA_SENSITIVE); |
|
|
|
|
attributes.push_back(CKA_ENCRYPT); |
|
|
|
|
attributes.push_back(CKA_DECRYPT); |
|
|
|
|
attributes.push_back(CKA_WRAP); |
|
|
|
|
attributes.push_back(CKA_UNWRAP); |
|
|
|
|
attributes.push_back(CKA_SIGN); |
|
|
|
|
attributes.push_back(CKA_SIGN_RECOVER); |
|
|
|
|
attributes.push_back(CKA_VERIFY); |
|
|
|
|
attributes.push_back(CKA_VERIFY_RECOVER); |
|
|
|
|
attributes.push_back(CKA_DERIVE); |
|
|
|
|
attributes.push_back(CKA_START_DATE); |
|
|
|
|
attributes.push_back(CKA_END_DATE); |
|
|
|
|
attributes.push_back(CKA_MODULUS); |
|
|
|
|
attributes.push_back(CKA_MODULUS_BITS); |
|
|
|
|
attributes.push_back(CKA_PUBLIC_EXPONENT); |
|
|
|
|
attributes.push_back(CKA_PRIVATE_EXPONENT); |
|
|
|
|
attributes.push_back(CKA_PRIME_1); |
|
|
|
|
attributes.push_back(CKA_PRIME_2); |
|
|
|
|
attributes.push_back(CKA_EXPONENT_1); |
|
|
|
|
attributes.push_back(CKA_EXPONENT_2); |
|
|
|
|
attributes.push_back(CKA_COEFFICIENT); |
|
|
|
|
attributes.push_back(CKA_PRIME); |
|
|
|
|
attributes.push_back(CKA_SUBPRIME); |
|
|
|
|
attributes.push_back(CKA_BASE); |
|
|
|
|
attributes.push_back(CKA_PRIME_BITS); |
|
|
|
|
attributes.push_back(CKA_SUBPRIME_BITS); |
|
|
|
|
attributes.push_back(CKA_VALUE_BITS); |
|
|
|
|
attributes.push_back(CKA_VALUE_LEN); |
|
|
|
|
attributes.push_back(CKA_EXTRACTABLE); |
|
|
|
|
attributes.push_back(CKA_LOCAL); |
|
|
|
|
attributes.push_back(CKA_NEVER_EXTRACTABLE); |
|
|
|
|
attributes.push_back(CKA_ALWAYS_SENSITIVE); |
|
|
|
|
attributes.push_back(CKA_KEY_GEN_MECHANISM); |
|
|
|
|
attributes.push_back(CKA_MODIFIABLE); |
|
|
|
|
attributes.push_back(CKA_ECDSA_PARAMS); |
|
|
|
|
attributes.push_back(CKA_EC_PARAMS); |
|
|
|
|
attributes.push_back(CKA_EC_POINT); |
|
|
|
|
attributes.push_back(CKA_SECONDARY_AUTH); |
|
|
|
|
attributes.push_back(CKA_AUTH_PIN_FLAGS); |
|
|
|
|
attributes.push_back(CKA_HW_FEATURE_TYPE); |
|
|
|
|
attributes.push_back(CKA_RESET_ON_INIT); |
|
|
|
|
attributes.push_back(CKA_HAS_RESET); |
|
|
|
|
attributes.push_back(CKA_VENDOR_DEFINED); |
|
|
|
|
attributes.push_back(CKA_IBM_OPAQUE); |
|
|
|
|
} |
|
|
|
|
CK_ATTRIBUTE attrs; |
|
|
|
|
for (AttributeTypeList::const_iterator it(attributes.begin()); |
|
|
|
|
it!=attributes.end(); ++it) { |
|
|
|
|
attrs = (CK_ATTRIBUTE){*it, 0, 0}; |
|
|
|
|
try { |
|
|
|
|
//! calls @c C_GetAttributeValue
|
|
|
|
|
if (check(_session->_slot._init->_fn->C_GetAttributeValue |
|
|
|
|
(_session->_session, _object, attrs, attributes.size()), |
|
|
|
|
(_session->_session, _object, &attrs, 1), |
|
|
|
|
CRYPTOKI_FN_LOG("C_GetAttributeValue"))) { |
|
|
|
|
for (AttributeTypeList::size_type i(0); i<attributes.size(); ++i) |
|
|
|
|
if (attrs[i].ulValueLen>0) |
|
|
|
|
attrs[i].pValue = malloc(attrs[i].ulValueLen); |
|
|
|
|
check(_session->_slot._init->_fn->C_GetAttributeValue |
|
|
|
|
(_session->_session, _object, attrs, attributes.size()), |
|
|
|
|
CRYPTOKI_FN_LOG("C_GetAttributeValue")); |
|
|
|
|
} |
|
|
|
|
for (AttributeTypeList::size_type i(0); i<attributes.size(); ++i) |
|
|
|
|
if (attrs[i].ulValueLen>0) |
|
|
|
|
res.insert(std::make_pair(attrs[i].type, Attribute(attrs[i]))); |
|
|
|
|
if (attrs.ulValueLen>0) { |
|
|
|
|
attrs.pValue = malloc(attrs.ulValueLen); |
|
|
|
|
if (_session->_slot._init->_fn->C_GetAttributeValue |
|
|
|
|
(_session->_session, _object, &attrs, 1) |
|
|
|
|
== CKR_ATTRIBUTE_TYPE_INVALID) |
|
|
|
|
std::cerr<<"*** Inv. Attr:"<<Attribute(*it).name()<<std::endl; |
|
|
|
|
else { |
|
|
|
|
check(_res, CRYPTOKI_FN_LOG("C_GetAttributeValue")); |
|
|
|
|
res.insert(std::make_pair(attrs.type, Attribute(attrs))); |
|
|
|
|
} |
|
|
|
|
} else |
|
|
|
|
std::cerr<<"*** Wrong Attr: "<<Attribute(*it).name()<<std::endl; |
|
|
|
|
} |
|
|
|
|
return res; |
|
|
|
|
} catch (...) { |
|
|
|
|
for (AttributeTypeList::size_type i(0); i<attributes.size(); ++i) |
|
|
|
|
free(attrs[i].pValue); |
|
|
|
|
delete[] attrs; |
|
|
|
|
free(attrs.pValue); |
|
|
|
|
throw; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
// CK_ATTRIBUTE* attrs(new CK_ATTRIBUTE[attributes.size()]);
|
|
|
|
|
// AttributeTypeList::const_iterator it(attributes.begin());
|
|
|
|
|
// for (AttributeTypeList::size_type i(0); it!=attributes.end(); ++it, ++i)
|
|
|
|
|
// attrs[i] = (CK_ATTRIBUTE){*it, 0, 0};
|
|
|
|
|
// try {
|
|
|
|
|
// //! calls @c C_GetAttributeValue
|
|
|
|
|
// if (check(_session->_slot._init->_fn->C_GetAttributeValue
|
|
|
|
|
// (_session->_session, _object, attrs, attributes.size()),
|
|
|
|
|
// CRYPTOKI_FN_LOG("C_GetAttributeValue"))) {
|
|
|
|
|
// for (AttributeTypeList::size_type i(0); i<attributes.size(); ++i)
|
|
|
|
|
// if (attrs[i].ulValueLen>0)
|
|
|
|
|
// attrs[i].pValue = malloc(attrs[i].ulValueLen);
|
|
|
|
|
// check(_session->_slot._init->_fn->C_GetAttributeValue
|
|
|
|
|
// (_session->_session, _object, attrs, attributes.size()),
|
|
|
|
|
// CRYPTOKI_FN_LOG("C_GetAttributeValue"));
|
|
|
|
|
// }
|
|
|
|
|
// for (AttributeTypeList::size_type i(0); i<attributes.size(); ++i)
|
|
|
|
|
// if (attrs[i].ulValueLen>0)
|
|
|
|
|
// res.insert(std::make_pair(attrs[i].type, Attribute(attrs[i])));
|
|
|
|
|
// return res;
|
|
|
|
|
// } catch (...) {
|
|
|
|
|
// for (AttributeTypeList::size_type i(0); i<attributes.size(); ++i)
|
|
|
|
|
// free(attrs[i].pValue);
|
|
|
|
|
// delete[] attrs;
|
|
|
|
|
// throw;
|
|
|
|
|
// }
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/*! @todo Not implemented:
|
|
|
|
|
@code |
|
|
|
|