[packages/opencryptoki.git] / opencryptoki-aep.patch

--- opencryptoki-2.4/usr/lib/pkcs11/aep_stdll/aeptok_api.c.orig	2011-05-18 00:27:00.000000000 +0200
+++ opencryptoki-2.4/usr/lib/pkcs11/aep_stdll/aeptok_api.c	2011-06-19 20:39:06.422327697 +0200
@@ -34,6 +34,12 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+#include <string.h>
+
+#include "pkcs11types.h"
+#include "defs.h"
+#include "host_defs.h"
+#include "h_extern.h"
 
 #include "aeptok_api.h"
 
--- opencryptoki/usr/lib/pkcs11/aep_stdll/aeptok_specific.c.orig	2013-07-15 19:25:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/aep_stdll/aeptok_specific.c	2013-12-30 22:59:58.222059030 +0100
@@ -14,7 +14,6 @@
 #include "defs.h"
 #include "host_defs.h"
 #include "h_extern.h"
-#include "args.h"
 #include "errno.h"
 #include "tok_specific.h"
 
@@ -49,13 +48,13 @@ int cryptoki_aep_avail = TRUE;
 static int max_key_len = 2176;
 
 CK_RV
-token_specific_session(CK_SLOT_ID  slotid)
+token_specific_open_session(SESSION *session)
 {
 	return CKR_OK;
 }
 
 CK_RV
-token_rng(CK_BYTE *output, CK_ULONG bytes)
+token_specific_rng(CK_BYTE *output, CK_ULONG bytes)
 {
 #if 0
 	int bytes2 = 384;
@@ -97,19 +96,19 @@ tok_slot2local(CK_SLOT_ID snum)
 
 
 CK_RV
-token_specific_init(char * Correlator,CK_SLOT_ID SlotNumber)
+token_specific_init(char * Correlator,CK_SLOT_ID SlotNumber,char * conf_name)
 {
 	return CKR_OK;
 }
 
 CK_RV
-token_specific_final()
+token_specific_final(void)
 {
 	return CKR_OK;
 }
 
 CK_RV
-token_specific_des_key_gen(CK_BYTE  *des_key,CK_ULONG len)
+token_specific_des_key_gen(CK_BYTE  *des_key,CK_ULONG len,CK_ULONG keysize)
 {
       
 	// Nothing different to do for DES or TDES here as this is just
@@ -127,10 +126,11 @@ token_specific_des_ecb(CK_BYTE * in_data
                        CK_ULONG in_data_len,
                        CK_BYTE *out_data,
                        CK_ULONG *out_data_len,
-                       CK_BYTE  *key_value,
+                       OBJECT  *key,
                        CK_BYTE  encrypt)
 {
 	CK_ULONG       rc;
+	CK_ATTRIBUTE *attr = NULL;
 	
 	des_key_schedule des_key2;
    	const_des_cblock key_val_SSL, in_key_data;
@@ -138,8 +138,14 @@ token_specific_des_ecb(CK_BYTE * in_data
 	int i,j;
    	int ret;
 
+	// get the key value
+	if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
+		OCK_LOG_ERR(ERR_FUNCTION_FAILED);
+		return CKR_FUNCTION_FAILED;
+	}
+
   	// Create the key schedule
-	memcpy(&key_val_SSL, key_value, 8);
+	memcpy(&key_val_SSL, attr->pValue, 8);
 	des_set_key_unchecked(&key_val_SSL, des_key2);
 
 	// the des decrypt will only fail if the data length is not 
@@ -181,11 +187,12 @@ token_specific_des_cbc(CK_BYTE * in_data
                        CK_ULONG in_data_len,
                        CK_BYTE *out_data,
                        CK_ULONG *out_data_len,
-                       CK_BYTE  *key_value, 
+                       OBJECT  *key, 
                        CK_BYTE *init_v,
                        CK_BYTE  encrypt)
 {
 	CK_ULONG         rc;
+	CK_ATTRIBUTE *attr = NULL;
 	
 	des_cblock ivec;
 	int ret;
@@ -194,8 +201,14 @@ token_specific_des_cbc(CK_BYTE * in_data
    	const_des_cblock key_val_SSL, in_key_data;
 	des_cblock out_key_data;
 
+	// get the key value
+	if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
+		OCK_LOG_ERR(ERR_FUNCTION_FAILED);
+		return CKR_FUNCTION_FAILED;
+	}
+
 	// Create the key schedule
-	memcpy(&key_val_SSL, key_value, 8);
+	memcpy(&key_val_SSL, attr->pValue, 8);
    	des_set_key_unchecked(&key_val_SSL, des_key2);
    
 	memcpy(&ivec, init_v, 8);
@@ -225,10 +238,13 @@ token_specific_tdes_ecb(CK_BYTE * in_dat
 			CK_ULONG in_data_len,
 			CK_BYTE *out_data,
 			CK_ULONG *out_data_len,
-			CK_BYTE  *key_value,
+			OBJECT   *key,
 			CK_BYTE  encrypt)
 {
 	CK_RV  rc;
+	CK_ATTRIBUTE *attr = NULL;
+	CK_KEY_TYPE keytype;
+	CK_BYTE key_value[3*DES_KEY_SIZE];
 	
 	int k,j, ret;
 	des_cblock out_temp;
@@ -239,6 +255,25 @@ token_specific_tdes_ecb(CK_BYTE * in_dat
    	const_des_cblock key_SSL1, key_SSL2, key_SSL3, in_key_data;
 	des_cblock out_key_data;
 
+	// get the key type
+	rc = template_attribute_find(key->template, CKA_KEY_TYPE, &attr);
+	if (rc == FALSE) {
+		OCK_LOG_ERR(ERR_FUNCTION_FAILED);
+		return CKR_FUNCTION_FAILED;
+	}
+	keytype = *(CK_KEY_TYPE *)attr->pValue;
+
+	// get the key value
+	if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
+		OCK_LOG_ERR(ERR_FUNCTION_FAILED);
+		return CKR_FUNCTION_FAILED;
+	}
+	if (keytype == CKK_DES2) {
+		memcpy(key_value, attr->pValue, 2*DES_KEY_SIZE);
+		memcpy(key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE);
+	} else
+		memcpy(key_value, attr->pValue, 3*DES_KEY_SIZE);
+
 	// The key as passed is a 24 byte long string containing three des keys
 	// pick them apart and create the 3 corresponding key schedules
 	memcpy(&key_SSL1, key_value, 8);
@@ -291,12 +326,16 @@ token_specific_tdes_cbc(CK_BYTE * in_dat
                        CK_ULONG in_data_len,
                        CK_BYTE *out_data,
                        CK_ULONG *out_data_len,
-                       CK_BYTE  *key_value, 
+                       OBJECT  *key, 
                        CK_BYTE *init_v,
                        CK_BYTE  encrypt)
 {
 
 	CK_RV rc = CKR_OK;
+	CK_ATTRIBUTE *attr = NULL;
+	CK_KEY_TYPE keytype;
+	CK_BYTE key_value[3*DES_KEY_SIZE];
+
 	des_key_schedule des_key1;
 	des_key_schedule des_key2;
 	des_key_schedule des_key3;
@@ -304,6 +343,25 @@ token_specific_tdes_cbc(CK_BYTE * in_dat
    	const_des_cblock key_SSL1, key_SSL2, key_SSL3, in_key_data;
 	des_cblock ivec;
 
+	// get the key type
+	rc = template_attribute_find(key->template, CKA_KEY_TYPE, &attr);
+	if (rc == FALSE) {
+		OCK_LOG_ERR(ERR_FUNCTION_FAILED);
+		return CKR_FUNCTION_FAILED;
+	}
+	keytype = *(CK_KEY_TYPE *)attr->pValue;
+
+	// get the key value
+	if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
+		OCK_LOG_ERR(ERR_FUNCTION_FAILED);
+		return CKR_FUNCTION_FAILED;
+	}
+	if (keytype == CKK_DES2) {
+		memcpy(key_value, attr->pValue, 2*DES_KEY_SIZE);
+		memcpy(key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE);
+	} else
+		memcpy(key_value, attr->pValue, 3*DES_KEY_SIZE);
+
 	// The key as passed in is a 24 byte string containing 3 keys
 	// pick it apart and create the key schedules
 	memcpy(&key_SSL1, key_value, 8);
@@ -829,12 +887,18 @@ CK_RV
 token_specific_rsa_encrypt( CK_BYTE   * in_data,
 			    CK_ULONG    in_data_len,
 			    CK_BYTE   * out_data,
+			    CK_ULONG  * out_data_len,
 			    OBJECT    * key_obj )
 {
 	CK_RV rc;
 	RSA *rsa;
 	int mLen;
 	
+	if (in_data_len > *out_data_len) {
+		OCK_LOG_DEBUG("CKR_DATA_LEN_RANGE\n");
+		return CKR_DATA_LEN_RANGE;
+	}
+
 	// Convert the local representation to an RSA representation
 	rsa = (RSA *)rsa_convert_public_key(key_obj, &mLen);
 	if (rsa==NULL) {
@@ -862,6 +926,7 @@ token_specific_rsa_encrypt( CK_BYTE   *
 	}
 	
 	if (rc != 0) {
+		*out_data_len = in_data_len;
 		rc = CKR_OK;
 	} else {
 		OCK_LOG_ERR(ERR_FUNCTION_FAILED);
@@ -879,12 +944,18 @@ CK_RV
 token_specific_rsa_decrypt( CK_BYTE   * in_data,
 			    CK_ULONG    in_data_len,
 			    CK_BYTE   * out_data,
+			    CK_ULONG  * out_data_len,
 			    OBJECT    * key_obj )
 {
 	CK_RV  rc;
 	RSA   *rsa;
 	int mLen;
 
+	if (*out_data_len < in_data_len) {
+		OCK_LOG_ERR(ERR_BUFFER_TOO_SMALL);
+		return CKR_BUFFER_TOO_SMALL;
+	}
+
 	// Convert the local key representation to an RSA key representaion
 	rsa = (RSA *)rsa_convert_private_key(key_obj, &mLen);
 	if (rsa == NULL) {
@@ -910,6 +981,7 @@ token_specific_rsa_decrypt( CK_BYTE   *
 					 rsa, RSA_NO_PADDING);
 	}
 	if (rc != 0) {
+		*out_data_len = in_data_len;
 		rc = CKR_OK;
 	} else {
 		OCK_LOG_ERR(ERR_FUNCTION_FAILED);
@@ -925,7 +997,7 @@ token_specific_rsa_decrypt( CK_BYTE   *
 #ifndef NOAES
 
 CK_RV
-token_specific_aes_key_gen( CK_BYTE *key, CK_ULONG len )
+token_specific_aes_key_gen( CK_BYTE *key, CK_ULONG len, CK_ULONG keysize )
 {
         return rng_generate(key, len);
 }
@@ -935,22 +1007,28 @@ token_specific_aes_ecb( CK_BYTE
                         CK_ULONG        in_data_len,
                         CK_BYTE         *out_data,
                         CK_ULONG        *out_data_len,
-                        CK_BYTE         *key_value,
-                        CK_ULONG        key_len,
+                        OBJECT          *key,
                         CK_BYTE         encrypt)
 {
+	CK_ATTRIBUTE *attr = NULL;
         AES_KEY         ssl_aes_key;
         int             i;
         /* There's a previous check that in_data_len % AES_BLOCK_SIZE == 0,
          * so this is fine */
         CK_ULONG        loops = (CK_ULONG)(in_data_len/AES_BLOCK_SIZE);
 
+	// get the key value
+	if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
+		OCK_LOG_ERR(ERR_FUNCTION_FAILED);
+		return CKR_FUNCTION_FAILED;
+	}
+
         memset( &ssl_aes_key, 0, sizeof(AES_KEY));
 
         // AES_ecb_encrypt encrypts only a single block, so we have to break up the
         // input data here
         if (encrypt) {
-                AES_set_encrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
+                AES_set_encrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
                 for( i=0; i<loops; i++ ) {
                         AES_ecb_encrypt((unsigned char *)in_data + (i*AES_BLOCK_SIZE),
                                         (unsigned char *)out_data + (i*AES_BLOCK_SIZE),
@@ -958,7 +1036,7 @@ token_specific_aes_ecb( CK_BYTE
                                         AES_ENCRYPT);
                 }
         } else {
-                AES_set_decrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
+                AES_set_decrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
                 for( i=0; i<loops; i++ ) {
                         AES_ecb_encrypt((unsigned char *)in_data + (i*AES_BLOCK_SIZE),
                                         (unsigned char *)out_data + (i*AES_BLOCK_SIZE),
@@ -976,25 +1054,31 @@ token_specific_aes_cbc( CK_BYTE
                         CK_ULONG        in_data_len,
                         CK_BYTE         *out_data,
                         CK_ULONG        *out_data_len,
-                        CK_BYTE         *key_value,
-                        CK_ULONG        key_len,
+                        OBJECT          *key,
                         CK_BYTE         *init_v,
                         CK_BYTE         encrypt)
 {
         AES_KEY         ssl_aes_key;
+	CK_ATTRIBUTE *attr = NULL;
         int             i;
 
+	// get the key value
+	if(template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
+		OCK_LOG_ERR(ERR_FUNCTION_FAILED);
+		return CKR_FUNCTION_FAILED;
+	}
+
         memset( &ssl_aes_key, 0, sizeof(AES_KEY));
 
         // AES_cbc_encrypt chunks the data into AES_BLOCK_SIZE blocks, unlike
         // AES_ecb_encrypt, so no looping required.
         if (encrypt) {
-                AES_set_encrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
+                AES_set_encrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
                 AES_cbc_encrypt((unsigned char *)in_data, (unsigned char *)out_data,
                                 in_data_len,              &ssl_aes_key,
                                 init_v,                   AES_ENCRYPT);
         } else {
-                AES_set_decrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
+                AES_set_decrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
                 AES_cbc_encrypt((unsigned char *)in_data, (unsigned char *)out_data,
                                 in_data_len,              &ssl_aes_key,
                                 init_v,                   AES_DECRYPT);
--- opencryptoki/usr/lib/pkcs11/aep_stdll/tok_struct.h.orig	2013-07-15 19:25:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/aep_stdll/tok_struct.h	2013-12-30 23:06:15.798709893 +0100
@@ -310,26 +310,91 @@
 token_spec_t token_specific  = {
      AEP_CONFIG_PATH,
      "aep",
-     "AEP_STDLL_Debug",
+     0,
+     {
+	     FALSE,
+	     FALSE,
+	     CKM_DES3_CBC,
+	     "12345678",
+	     "10293847"
+     },
+     NULL, /* creatlock */
+     NULL, /* attach_shm */
      &token_specific_init,
+     NULL, /* init_token_data */
+     NULL, /* load_token_data */
+     NULL, /* save_token_data */
      &tok_slot2local,
-     &token_rng,
-     &token_specific_session,
+     &token_specific_rng,
+     &token_specific_open_session,
+     NULL, /* close_session */
      &token_specific_final,
+     NULL, /* init_token */
+     NULL, /* login */
+     NULL, /* logout */
+     NULL, /* init_pin */
+     NULL, /* set_pin */
+     NULL, /* copy object */
+     NULL, /* create_object */
+     NULL, /* get_attribute_value */
+     NULL, /* set_attribute_value */
+     NULL, /* find_objects_init */
+     NULL, /* destroy_object */
+     NULL, /* generate_key */
+     NULL, /* generate_key_pair */
+     NULL, /* encrypt_init */
+     NULL, /* encrypt */
+     NULL, /* encrypt_update */
+     NULL, /* encrypt_final */
+     NULL, /* decrypt_init */
+     NULL, /* decrypt */
+     NULL, /* decrypt_update */
+     NULL, /* decrypt_final */
+     NULL, /* derive_key */
+     NULL, /* wrap_key */
+     NULL, /* unwrap_key */
+     NULL, /* sign_init */
+     NULL, /* sign */
+     NULL, /* sign_update */
+     NULL, /* sign_final */
+     NULL, /* verify_init */
+     NULL, /* verify */
+     NULL, /* verify_update */
+     NULL, /* verify_final */
+
      &token_specific_des_key_gen,
      &token_specific_des_ecb,
      &token_specific_des_cbc,
 
      &token_specific_tdes_ecb,
      &token_specific_tdes_cbc,
-
+     NULL, /* tdes_ofb */
+     NULL, /* tdes_cfb */
+     NULL, /* tdes_mac */
 
      &token_specific_rsa_decrypt,
      &token_specific_rsa_encrypt,
+     NULL, /* rsa_sign */
+     NULL, /* rsa_verify */
+     NULL, /* rsa_verify_recover */
+     NULL, /* rsa_x509_decrypt */
+     NULL, /* rsa_x509_encrypt */
+     NULL, /* rsa_x509_sign */
+     NULL, /* rsa_x509_verify */
+     NULL, /* rsa_x509_verify_recover */
      &token_specific_rsa_generate_keypair,
+
+     NULL, /* ec_sign */
+     NULL, /* ec_verify */
+     NULL, /* ec_generate_keypair */
      // DH
+#ifndef NODH
      &token_specific_dh_pkcs_derive,
      &token_specific_dh_pkcs_key_pair_gen,
+#else
+     NULL,
+     NULL,
+#endif
      // SHA1
      NULL,
      NULL,
@@ -346,15 +411,29 @@ token_spec_t token_specific  = {
      NULL,
      NULL,
      NULL,
-#ifndef NOAES
      // AES
+#ifndef NOAES
      &token_specific_aes_key_gen,
      &token_specific_aes_ecb,
      &token_specific_aes_cbc,
+#else
+     NULL,
+     NULL,
      NULL,
 #endif
+     NULL,
+
+     NULL, /* t_aes_ofb */
+     NULL, /* t_aes_cfb */
+     NULL, /* t_aes_mac */
+
+     NULL, /* dsa_generate_keypair */
+     NULL, /* dsa_sign */
+     NULL, /* dsa_verify */
+
      &token_specific_get_mechanism_list,
-     &token_specific_get_mechanism_info
+     &token_specific_get_mechanism_info,
+     NULL /* object_add */
 };
 
 #endif
Commit	Line	Data
cb394d7c JB	1	--- opencryptoki-2.4/usr/lib/pkcs11/aep_stdll/aeptok_api.c.orig 2011-05-18 00:27:00.000000000 +0200
	2	+++ opencryptoki-2.4/usr/lib/pkcs11/aep_stdll/aeptok_api.c 2011-06-19 20:39:06.422327697 +0200
	3	@@ -34,6 +34,12 @@
	4	#include <sys/types.h>
	5	#include <sys/stat.h>
	6	#include <fcntl.h>
	7	+#include <string.h>
	8	+
	9	+#include "pkcs11types.h"
	10	+#include "defs.h"
	11	+#include "host_defs.h"
	12	+#include "h_extern.h"
	13
	14	#include "aeptok_api.h"
	15
fb843822 JB	16	--- opencryptoki/usr/lib/pkcs11/aep_stdll/aeptok_specific.c.orig 2013-07-15 19:25:40.000000000 +0200
	17	+++ opencryptoki/usr/lib/pkcs11/aep_stdll/aeptok_specific.c 2013-12-30 22:59:58.222059030 +0100
	18	@@ -14,7 +14,6 @@
	19	#include "defs.h"
	20	#include "host_defs.h"
	21	#include "h_extern.h"
	22	-#include "args.h"
	23	#include "errno.h"
	24	#include "tok_specific.h"
	25
	26	@@ -49,13 +48,13 @@ int cryptoki_aep_avail = TRUE;
	27	static int max_key_len = 2176;
	28
	29	CK_RV
	30	-token_specific_session(CK_SLOT_ID slotid)
	31	+token_specific_open_session(SESSION *session)
	32	{
	33	return CKR_OK;
	34	}
	35
	36	CK_RV
	37	-token_rng(CK_BYTE *output, CK_ULONG bytes)
	38	+token_specific_rng(CK_BYTE *output, CK_ULONG bytes)
	39	{
	40	#if 0
	41	int bytes2 = 384;
	42	@@ -97,19 +96,19 @@ tok_slot2local(CK_SLOT_ID snum)
	43
	44
	45	CK_RV
	46	-token_specific_init(char * Correlator,CK_SLOT_ID SlotNumber)
	47	+token_specific_init(char * Correlator,CK_SLOT_ID SlotNumber,char * conf_name)
	48	{
	49	return CKR_OK;
	50	}
	51
	52	CK_RV
	53	-token_specific_final()
	54	+token_specific_final(void)
	55	{
	56	return CKR_OK;
	57	}
	58
	59	CK_RV
	60	-token_specific_des_key_gen(CK_BYTE *des_key,CK_ULONG len)
	61	+token_specific_des_key_gen(CK_BYTE *des_key,CK_ULONG len,CK_ULONG keysize)
	62	{
	63
	64	// Nothing different to do for DES or TDES here as this is just
	65	@@ -127,10 +126,11 @@ token_specific_des_ecb(CK_BYTE * in_data
	66	CK_ULONG in_data_len,
	67	CK_BYTE *out_data,
	68	CK_ULONG *out_data_len,
	69	- CK_BYTE *key_value,
	70	+ OBJECT *key,
	71	CK_BYTE encrypt)
	72	{
	73	CK_ULONG rc;
	74	+ CK_ATTRIBUTE *attr = NULL;
	75
	76	des_key_schedule des_key2;
	77	const_des_cblock key_val_SSL, in_key_data;
	78	@@ -138,8 +138,14 @@ token_specific_des_ecb(CK_BYTE * in_data
	79	int i,j;
80	int ret;
81
82	+ // get the key value
83	+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
84	+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
85	+ return CKR_FUNCTION_FAILED;
86	+ }
87	+
88	// Create the key schedule
89	- memcpy(&key_val_SSL, key_value, 8);
90	+ memcpy(&key_val_SSL, attr->pValue, 8);
91	des_set_key_unchecked(&key_val_SSL, des_key2);
92
93	// the des decrypt will only fail if the data length is not
94	@@ -181,11 +187,12 @@ token_specific_des_cbc(CK_BYTE * in_data
95	CK_ULONG in_data_len,
96	CK_BYTE *out_data,
97	CK_ULONG *out_data_len,
98	- CK_BYTE *key_value,
99	+ OBJECT *key,
100	CK_BYTE *init_v,
101	CK_BYTE encrypt)
102	{
103	CK_ULONG rc;
104	+ CK_ATTRIBUTE *attr = NULL;
105
106	des_cblock ivec;
107	int ret;
108	@@ -194,8 +201,14 @@ token_specific_des_cbc(CK_BYTE * in_data
109	const_des_cblock key_val_SSL, in_key_data;
110	des_cblock out_key_data;
111
112	+ // get the key value
113	+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
114	+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
115	+ return CKR_FUNCTION_FAILED;
116	+ }
117	+
118	// Create the key schedule
119	- memcpy(&key_val_SSL, key_value, 8);
120	+ memcpy(&key_val_SSL, attr->pValue, 8);
121	des_set_key_unchecked(&key_val_SSL, des_key2);
122
123	memcpy(&ivec, init_v, 8);
124	@@ -225,10 +238,13 @@ token_specific_tdes_ecb(CK_BYTE * in_dat
125	CK_ULONG in_data_len,
126	CK_BYTE *out_data,
127	CK_ULONG *out_data_len,
128	- CK_BYTE *key_value,
129	+ OBJECT *key,
130	CK_BYTE encrypt)
131	{
132	CK_RV rc;
133	+ CK_ATTRIBUTE *attr = NULL;
134	+ CK_KEY_TYPE keytype;
135	+ CK_BYTE key_value[3*DES_KEY_SIZE];
136
137	int k,j, ret;
138	des_cblock out_temp;
139	@@ -239,6 +255,25 @@ token_specific_tdes_ecb(CK_BYTE * in_dat
140	const_des_cblock key_SSL1, key_SSL2, key_SSL3, in_key_data;
141	des_cblock out_key_data;
142
143	+ // get the key type
144	+ rc = template_attribute_find(key->template, CKA_KEY_TYPE, &attr);
145	+ if (rc == FALSE) {
146	+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
147	+ return CKR_FUNCTION_FAILED;
148	+ }
149	+ keytype = (CK_KEY_TYPE )attr->pValue;
150	+
151	+ // get the key value
152	+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
153	+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
154	+ return CKR_FUNCTION_FAILED;
155	+ }
156	+ if (keytype == CKK_DES2) {
157	+ memcpy(key_value, attr->pValue, 2*DES_KEY_SIZE);
158	+ memcpy(key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE);
159	+ } else
160	+ memcpy(key_value, attr->pValue, 3*DES_KEY_SIZE);
161	+
162	// The key as passed is a 24 byte long string containing three des keys
163	// pick them apart and create the 3 corresponding key schedules
164	memcpy(&key_SSL1, key_value, 8);
165	@@ -291,12 +326,16 @@ token_specific_tdes_cbc(CK_BYTE * in_dat
166	CK_ULONG in_data_len,
167	CK_BYTE *out_data,
168	CK_ULONG *out_data_len,
169	- CK_BYTE *key_value,
170	+ OBJECT *key,
171	CK_BYTE *init_v,
172	CK_BYTE encrypt)
173	{
174
175	CK_RV rc = CKR_OK;
176	+ CK_ATTRIBUTE *attr = NULL;
177	+ CK_KEY_TYPE keytype;
178	+ CK_BYTE key_value[3*DES_KEY_SIZE];
179	+
180	des_key_schedule des_key1;
181	des_key_schedule des_key2;
182	des_key_schedule des_key3;
183	@@ -304,6 +343,25 @@ token_specific_tdes_cbc(CK_BYTE * in_dat
184	const_des_cblock key_SSL1, key_SSL2, key_SSL3, in_key_data;
185	des_cblock ivec;
186
187	+ // get the key type
188	+ rc = template_attribute_find(key->template, CKA_KEY_TYPE, &attr);
189	+ if (rc == FALSE) {
190	+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
191	+ return CKR_FUNCTION_FAILED;
192	+ }
193	+ keytype = (CK_KEY_TYPE )attr->pValue;
194	+
195	+ // get the key value
196	+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
197	+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
198	+ return CKR_FUNCTION_FAILED;
199	+ }
200	+ if (keytype == CKK_DES2) {
201	+ memcpy(key_value, attr->pValue, 2*DES_KEY_SIZE);
202	+ memcpy(key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE);
203	+ } else
204	+ memcpy(key_value, attr->pValue, 3*DES_KEY_SIZE);
205	+
206	// The key as passed in is a 24 byte string containing 3 keys
207	// pick it apart and create the key schedules
208	memcpy(&key_SSL1, key_value, 8);
209	@@ -829,12 +887,18 @@ CK_RV
210	token_specific_rsa_encrypt( CK_BYTE * in_data,
211	CK_ULONG in_data_len,
212	CK_BYTE * out_data,
213	+ CK_ULONG * out_data_len,
214	OBJECT * key_obj )
215	{
216	CK_RV rc;
217	RSA *rsa;
218	int mLen;
219
220	+ if (in_data_len > *out_data_len) {
221	+ OCK_LOG_DEBUG("CKR_DATA_LEN_RANGE\n");
222	+ return CKR_DATA_LEN_RANGE;
223	+ }
224	+
225	// Convert the local representation to an RSA representation
226	rsa = (RSA *)rsa_convert_public_key(key_obj, &mLen);
227	if (rsa==NULL) {
228	@@ -862,6 +926,7 @@ token_specific_rsa_encrypt( CK_BYTE *
229	}
230
231	if (rc != 0) {
232	+ *out_data_len = in_data_len;
233	rc = CKR_OK;
234	} else {
235	OCK_LOG_ERR(ERR_FUNCTION_FAILED);
236	@@ -879,12 +944,18 @@ CK_RV
237	token_specific_rsa_decrypt( CK_BYTE * in_data,
238	CK_ULONG in_data_len,
239	CK_BYTE * out_data,
240	+ CK_ULONG * out_data_len,
241	OBJECT * key_obj )
242	{
243	CK_RV rc;
244	RSA *rsa;
245	int mLen;
246
247	+ if (*out_data_len < in_data_len) {
248	+ OCK_LOG_ERR(ERR_BUFFER_TOO_SMALL);
249	+ return CKR_BUFFER_TOO_SMALL;
250	+ }
251	+
252	// Convert the local key representation to an RSA key representaion
253	rsa = (RSA *)rsa_convert_private_key(key_obj, &mLen);
254	if (rsa == NULL) {
255	@@ -910,6 +981,7 @@ token_specific_rsa_decrypt( CK_BYTE *
256	rsa, RSA_NO_PADDING);
257	}
258	if (rc != 0) {
259	+ *out_data_len = in_data_len;
260	rc = CKR_OK;
261	} else {
262	OCK_LOG_ERR(ERR_FUNCTION_FAILED);
263	@@ -925,7 +997,7 @@ token_specific_rsa_decrypt( CK_BYTE *
264	#ifndef NOAES
265
266	CK_RV
267	-token_specific_aes_key_gen( CK_BYTE *key, CK_ULONG len )
268	+token_specific_aes_key_gen( CK_BYTE *key, CK_ULONG len, CK_ULONG keysize )
269	{
270	return rng_generate(key, len);
271	}
272	@@ -935,22 +1007,28 @@ token_specific_aes_ecb( CK_BYTE
273	CK_ULONG in_data_len,
274	CK_BYTE *out_data,
275	CK_ULONG *out_data_len,
276	- CK_BYTE *key_value,
277	- CK_ULONG key_len,
278	+ OBJECT *key,
279	CK_BYTE encrypt)
280	{
281	+ CK_ATTRIBUTE *attr = NULL;
282	AES_KEY ssl_aes_key;
283	int i;
284	/* There's a previous check that in_data_len % AES_BLOCK_SIZE == 0,
285	* so this is fine */
286	CK_ULONG loops = (CK_ULONG)(in_data_len/AES_BLOCK_SIZE);
287
288	+ // get the key value
289	+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
290	+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
291	+ return CKR_FUNCTION_FAILED;
292	+ }
293	+
294	memset( &ssl_aes_key, 0, sizeof(AES_KEY));
295
296	// AES_ecb_encrypt encrypts only a single block, so we have to break up the
297	// input data here
298	if (encrypt) {
299	- AES_set_encrypt_key((unsigned char )key_value, (key_len8), &ssl_aes_key);
300	+ AES_set_encrypt_key((unsigned char )attr->pValue, (attr->ulValueLen8), &ssl_aes_key);
301	for( i=0; i<loops; i++ ) {
302	AES_ecb_encrypt((unsigned char )in_data + (iAES_BLOCK_SIZE),
303	(unsigned char )out_data + (iAES_BLOCK_SIZE),
304	@@ -958,7 +1036,7 @@ token_specific_aes_ecb( CK_BYTE
305	AES_ENCRYPT);
306	}
307	} else {
308	- AES_set_decrypt_key((unsigned char )key_value, (key_len8), &ssl_aes_key);
309	+ AES_set_decrypt_key((unsigned char )attr->pValue, (attr->ulValueLen8), &ssl_aes_key);
310	for( i=0; i<loops; i++ ) {
311	AES_ecb_encrypt((unsigned char )in_data + (iAES_BLOCK_SIZE),
312	(unsigned char )out_data + (iAES_BLOCK_SIZE),
313	@@ -976,25 +1054,31 @@ token_specific_aes_cbc( CK_BYTE
314	CK_ULONG in_data_len,
315	CK_BYTE *out_data,
316	CK_ULONG *out_data_len,
317	- CK_BYTE *key_value,
318	- CK_ULONG key_len,
319	+ OBJECT *key,
320	CK_BYTE *init_v,
321	CK_BYTE encrypt)
322	{
323	AES_KEY ssl_aes_key;
324	+ CK_ATTRIBUTE *attr = NULL;
325	int i;
326
327	+ // get the key value
328	+ if(template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
329	+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
330	+ return CKR_FUNCTION_FAILED;
331	+ }
332	+
333	memset( &ssl_aes_key, 0, sizeof(AES_KEY));
334
335	// AES_cbc_encrypt chunks the data into AES_BLOCK_SIZE blocks, unlike
336	// AES_ecb_encrypt, so no looping required.
337	if (encrypt) {
338	- AES_set_encrypt_key((unsigned char )key_value, (key_len8), &ssl_aes_key);
339	+ AES_set_encrypt_key((unsigned char )attr->pValue, (attr->ulValueLen8), &ssl_aes_key);
340	AES_cbc_encrypt((unsigned char )in_data, (unsigned char )out_data,
341	in_data_len, &ssl_aes_key,
342	init_v, AES_ENCRYPT);
343	} else {
344	- AES_set_decrypt_key((unsigned char )key_value, (key_len8), &ssl_aes_key);
345	+ AES_set_decrypt_key((unsigned char )attr->pValue, (attr->ulValueLen8), &ssl_aes_key);
346	AES_cbc_encrypt((unsigned char )in_data, (unsigned char )out_data,
347	in_data_len, &ssl_aes_key,
348	init_v, AES_DECRYPT);
349	--- opencryptoki/usr/lib/pkcs11/aep_stdll/tok_struct.h.orig 2013-07-15 19:25:40.000000000 +0200
350	+++ opencryptoki/usr/lib/pkcs11/aep_stdll/tok_struct.h 2013-12-30 23:06:15.798709893 +0100
351	@@ -310,26 +310,91 @@
352	token_spec_t token_specific = {
353	AEP_CONFIG_PATH,
354	"aep",
355	- "AEP_STDLL_Debug",
356	+ 0,
357	+ {
358	+ FALSE,
359	+ FALSE,
360	+ CKM_DES3_CBC,
361	+ "12345678",
362	+ "10293847"
363	+ },
364	+ NULL, /* creatlock */
365	+ NULL, /* attach_shm */
366	&token_specific_init,
367	+ NULL, /* init_token_data */
368	+ NULL, /* load_token_data */
369	+ NULL, /* save_token_data */
370	&tok_slot2local,
371	- &token_rng,
372	- &token_specific_session,
373	+ &token_specific_rng,
374	+ &token_specific_open_session,
375	+ NULL, /* close_session */
376	&token_specific_final,
377	+ NULL, /* init_token */
378	+ NULL, /* login */
379	+ NULL, /* logout */
380	+ NULL, /* init_pin */
381	+ NULL, /* set_pin */
382	+ NULL, /* copy object */
383	+ NULL, /* create_object */
384	+ NULL, /* get_attribute_value */
385	+ NULL, /* set_attribute_value */
386	+ NULL, /* find_objects_init */
387	+ NULL, /* destroy_object */
388	+ NULL, /* generate_key */
389	+ NULL, /* generate_key_pair */
390	+ NULL, /* encrypt_init */
391	+ NULL, /* encrypt */
392	+ NULL, /* encrypt_update */
393	+ NULL, /* encrypt_final */
394	+ NULL, /* decrypt_init */
395	+ NULL, /* decrypt */
396	+ NULL, /* decrypt_update */
397	+ NULL, /* decrypt_final */
398	+ NULL, /* derive_key */
399	+ NULL, /* wrap_key */
400	+ NULL, /* unwrap_key */
401	+ NULL, /* sign_init */
402	+ NULL, /* sign */
403	+ NULL, /* sign_update */
404	+ NULL, /* sign_final */
405	+ NULL, /* verify_init */
406	+ NULL, /* verify */
407	+ NULL, /* verify_update */
408	+ NULL, /* verify_final */
409	+
410	&token_specific_des_key_gen,
411	&token_specific_des_ecb,
412	&token_specific_des_cbc,
413
414	&token_specific_tdes_ecb,
415	&token_specific_tdes_cbc,
416	-
417	+ NULL, /* tdes_ofb */
418	+ NULL, /* tdes_cfb */
419	+ NULL, /* tdes_mac */
420
421	&token_specific_rsa_decrypt,
422	&token_specific_rsa_encrypt,
423	+ NULL, /* rsa_sign */
424	+ NULL, /* rsa_verify */
425	+ NULL, /* rsa_verify_recover */
426	+ NULL, /* rsa_x509_decrypt */
427	+ NULL, /* rsa_x509_encrypt */
428	+ NULL, /* rsa_x509_sign */
429	+ NULL, /* rsa_x509_verify */
430	+ NULL, /* rsa_x509_verify_recover */
431	&token_specific_rsa_generate_keypair,
432	+
433	+ NULL, /* ec_sign */
434	+ NULL, /* ec_verify */
435	+ NULL, /* ec_generate_keypair */
436	// DH
437	+#ifndef NODH
438	&token_specific_dh_pkcs_derive,
439	&token_specific_dh_pkcs_key_pair_gen,
440	+#else
441	+ NULL,
442	+ NULL,
443	+#endif
444	// SHA1
445	NULL,
446	NULL,
447	@@ -346,15 +411,29 @@ token_spec_t token_specific = {
448	NULL,
449	NULL,
450	NULL,
451	-#ifndef NOAES
452	// AES
453	+#ifndef NOAES
454	&token_specific_aes_key_gen,
455	&token_specific_aes_ecb,
456	&token_specific_aes_cbc,
457	+#else
458	+ NULL,
459	+ NULL,
460	NULL,
461	#endif
462	+ NULL,
463	+
464	+ NULL, /* t_aes_ofb */
465	+ NULL, /* t_aes_cfb */
466	+ NULL, /* t_aes_mac */
467	+
468	+ NULL, /* dsa_generate_keypair */
469	+ NULL, /* dsa_sign */
470	+ NULL, /* dsa_verify */
471	+
472	&token_specific_get_mechanism_list,
473	- &token_specific_get_mechanism_info
474	+ &token_specific_get_mechanism_info,
475	+ NULL /* object_add */
476	};
477
478	#endif