32 #if defined(POLARSSL_PKCS11_C)
36 int pkcs11_x509_cert_init(
x509_cert *cert, pkcs11h_certificate_t pkcs11_cert )
39 unsigned char *cert_blob = NULL;
40 size_t cert_blob_size = 0;
48 if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL, &cert_blob_size ) != CKR_OK )
54 cert_blob = malloc( cert_blob_size );
55 if( NULL == cert_blob )
61 if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob, &cert_blob_size ) != CKR_OK )
76 if( NULL != cert_blob )
83 int pkcs11_priv_key_init( pkcs11_context *priv_key,
84 pkcs11h_certificate_t pkcs11_cert )
89 memset( &cert, 0,
sizeof( cert ) );
91 if( priv_key == NULL )
94 if( 0 != pkcs11_x509_cert_init( &cert, pkcs11_cert ) )
97 priv_key->len = cert.
rsa.
len;
98 priv_key->pkcs11h_cert = pkcs11_cert;
108 void pkcs11_priv_key_free( pkcs11_context *priv_key )
110 if( NULL != priv_key )
111 pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert );
114 int pkcs11_decrypt( pkcs11_context *ctx,
115 int mode,
size_t *olen,
116 const unsigned char *input,
117 unsigned char *output,
118 size_t output_max_len )
120 size_t input_len, output_len;
128 output_len = input_len = ctx->len;
130 if( input_len < 16 || input_len > output_max_len )
134 if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
135 input_len, NULL, &output_len ) != CKR_OK )
140 if( output_len > output_max_len )
143 if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
144 input_len, output, &output_len ) != CKR_OK )
152 int pkcs11_sign( pkcs11_context *ctx,
155 unsigned int hashlen,
156 const unsigned char *hash,
159 size_t olen, asn_len;
160 unsigned char *p = sig;
174 memcpy( p, hash, hashlen );
180 memcpy( p + asn_len, hash, hashlen );
186 memcpy( p + asn_len, hash, hashlen );
192 memcpy( p + asn_len, hash, hashlen );
198 memcpy( p + 15, hash, hashlen );
204 memcpy( p + asn_len, hash, hashlen );
205 p[1] += hashlen; p[14] = 4; p[18] += hashlen;
break;
210 memcpy( p + asn_len, hash, hashlen );
211 p[1] += hashlen; p[14] = 1; p[18] += hashlen;
break;
216 memcpy( p + asn_len, hash, hashlen );
217 p[1] += hashlen; p[14] = 2; p[18] += hashlen;
break;
222 memcpy( p + asn_len, hash, hashlen );
223 p[1] += hashlen; p[14] = 3; p[18] += hashlen;
break;
229 if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig,
230 asn_len + hashlen, sig, &olen ) != CKR_OK )
#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE
The output buffer for decryption is not large enough.
void x509_free(x509_cert *crt)
Unallocate all certificate data.
Container for an X.509 certificate.
#define OID_SIZE(x)
Returns the size of the binary string, without the trailing \0.
int x509parse_crt(x509_cert *chain, const unsigned char *buf, size_t buflen)
Parse one or more certificates and add them to the chained list.
#define POLARSSL_ERR_RSA_BAD_INPUT_DATA
Bad input parameters to function.
Wrapper for PKCS#11 library libpkcs11-helper.
rsa_context rsa
Container for the RSA context.