web
/
surfer
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

closes #11

Browse Source
master
Marc Wäckerlin 14 years ago
parent cd84f2f7fe
commit 8069fba3ee
4 changed files with 46 additions and 26 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      openssl-act-engine/src/SlotList.h
  2. 1
      openssl-act-engine/src/engine_front.cpp
  3. 18
      openssl-act-engine/src/engine_sct.cpp
  4. 51
      openssl-act-engine/src/engine_sct_internal.h

2
openssl-act-engine/src/SlotList.h
Unescape View File

@ -33,7 +33,7 @@ private:
act::IToken* m_token; act::IToken* m_token;
}; };
/* /*!
* Holds a list of the present slots in the system * Holds a list of the present slots in the system
* TODO: Slot addition/removal detection * TODO: Slot addition/removal detection
*/ */

1
openssl-act-engine/src/engine_front.cpp
Unescape View File

@ -1,3 +1,4 @@
/*! @file OpenSSL HAndler/Callbacks */
#include <memory> #include <memory>
#include <cstring> #include <cstring>

18
openssl-act-engine/src/engine_sct.cpp
Unescape View File

@ -123,15 +123,15 @@ int SecureTokenEngine::finish()
int SecureTokenEngine::rsa_finish(RSA *rsa) int SecureTokenEngine::rsa_finish(RSA *rsa)
{ {
// This function is only called on freeing of 'our' own RSA keys which have been generated /*! This function is only called on freeing of 'our' own RSA keys which have
// by encapsule_CardKey been generated by encapsule_CardKey
// NB: If you use something like NB: If you use something like
// EVP_PKEY* pk_pub = ENGINE_load_public_key(e, key_id, NULL, NULL);
// EVP_PKEY* pk_pub = ENGINE_load_public_key(e, key_id, NULL, NULL); RSA* pubkey = EVP_PKEY_get1_RSA(pk_pub);
// RSA* pubkey = EVP_PKEY_get1_RSA(pk_pub);
// in the user code, you have to use both EVP_PKEY_free() and RSA_free()
// in the user code, you have to use both EVP_PKEY_free() and RSA_free() until the last traces are gone. until the last traces are gone. */
CardKey* ck(EXTRACT_CARD_KEY(rsa)); CardKey* ck(EXTRACT_CARD_KEY(rsa));

51
openssl-act-engine/src/engine_sct_internal.h
Unescape View File

@ -43,37 +43,58 @@ public:
SecureTokenEngine() { } SecureTokenEngine() { }
~SecureTokenEngine() { } ~SecureTokenEngine() { }
// NOTE: contents of source string will be overwritten for security reasons /*! Stores pin in internal buffer.
* @note contents of source string will be overwritten for security reasons
*/
int setPin(char *pin); int setPin(char *pin);
//! debug
int incVerbosity(); int incVerbosity();
//! not used
int setInitArgs(const char *args); int setInitArgs(const char *args);
//! Initialize PCSC, read slots
int init(); int init();
//! cleanup memory
int finish(); int finish();
//! Deletes OpenSSL rsa structure
int rsa_finish(RSA *rsa); int rsa_finish(RSA *rsa);
//! Read certificate from token
int loadCertCtrl(ENGINE *e, load_cert_params *p); int loadCertCtrl(ENGINE *e, load_cert_params *p);
//! Get Public Key
EVP_PKEY *load_pubkey(const char *s_key_id, UI_METHOD *ui_method, void *callback_data); EVP_PKEY *load_pubkey(const char *s_key_id, UI_METHOD *ui_method, void *callback_data);
//! Get Private Key
EVP_PKEY *load_privkey(const char *s_key_id, UI_METHOD *ui_method, void *callback_data); EVP_PKEY *load_privkey(const char *s_key_id, UI_METHOD *ui_method, void *callback_data);
// Caller is required to provide an output buffer of sufficient size, depending on input data's length
// and used key material. Improper usage may cause buffer overruns. OpenSSL API's weakness.
// Encrypt/Decrypt return size of output data on success, -1 on failure. /*! @defgroup engSign Crypto Operations
*
* Caller is required to provide an output buffer of sufficient size,
* depending on input data's length
* and used key material. Improper usage may cause buffer overruns. OpenSSL API's weakness. */
//@{
//! Encrypt/Decrypt return size of output data on success, -1 on failure.
int rsa_encrypt(int flen, const unsigned char *from, unsigned char *to, const CardKey* ck, int padding); int rsa_encrypt(int flen, const unsigned char *from, unsigned char *to, const CardKey* ck, int padding);
int rsa_decrypt(int flen, const unsigned char *from, unsigned char *to, CardKey* ck, int padding); int rsa_decrypt(int flen, const unsigned char *from, unsigned char *to, CardKey* ck, int padding);
// Sign/Verify return 1 on success, 0 on failure. //! Sign/Verify return 1 on success, 0 on failure.
int rsa_sign(int type, const unsigned char *msg, unsigned int msglen, unsigned char *sigret, unsigned int *siglen, CardKey* ck); int rsa_sign(int type, const unsigned char *msg, unsigned int msglen, unsigned char *sigret, unsigned int *siglen, CardKey* ck);
int rsa_verify(int type, const unsigned char *msg, unsigned int msglen, unsigned char *signature, unsigned int siglen, const CardKey* ck); int rsa_verify(int type, const unsigned char *msg, unsigned int msglen, unsigned char *signature, unsigned int siglen, const CardKey* ck);
// Return a list of all certificates and the necessary IDs to use them //@}
// !! frees up the memory of the previosly returned structure in subsequent calls !!
/*! Return a list of all certificates and the necessary IDs to use them
@note frees up the memory of the previosly returned structure in
subsequent calls */
int enumerate_certs(ENGINE *e, enum_certs_s **p); int enumerate_certs(ENGINE *e, enum_certs_s **p);
private: private:
//! Converts CardKey to OpenSSL EVP_PKEY
EVP_PKEY *encapsule_CardKey(CardKey *ck); EVP_PKEY *encapsule_CardKey(CardKey *ck);
act::Blob m_pin; act::Blob m_pin;
@ -81,10 +102,8 @@ private:
std::auto_ptr<CertificateList> m_cert_list; std::auto_ptr<CertificateList> m_cert_list;
}; };
// Needed in SecureTokenEngine for creation of new RSA key (stubs) as well //! Needed in SecureTokenEngine for creation of new RSA key (stubs) as well
RSA_METHOD* RSA_get_sct_method(); RSA_METHOD* RSA_get_sct_method();
#endif #endif

Write Preview
Loading…
Cancel
Save