1 --- opencryptoki-2.4/usr/lib/pkcs11/aep_stdll/aeptok_api.c.orig 2011-05-18 00:27:00.000000000 +0200
2 +++ opencryptoki-2.4/usr/lib/pkcs11/aep_stdll/aeptok_api.c 2011-06-19 20:39:06.422327697 +0200
9 +#include "pkcs11types.h"
11 +#include "host_defs.h"
12 +#include "h_extern.h"
14 #include "aeptok_api.h"
16 --- opencryptoki/usr/lib/pkcs11/aep_stdll/aeptok_specific.c.orig 2013-07-15 19:25:40.000000000 +0200
17 +++ opencryptoki/usr/lib/pkcs11/aep_stdll/aeptok_specific.c 2013-12-30 22:59:58.222059030 +0100
20 #include "host_defs.h"
24 #include "tok_specific.h"
26 @@ -49,13 +48,13 @@ int cryptoki_aep_avail = TRUE;
27 static int max_key_len = 2176;
30 -token_specific_session(CK_SLOT_ID slotid)
31 +token_specific_open_session(SESSION *session)
37 -token_rng(CK_BYTE *output, CK_ULONG bytes)
38 +token_specific_rng(CK_BYTE *output, CK_ULONG bytes)
42 @@ -97,19 +96,19 @@ tok_slot2local(CK_SLOT_ID snum)
46 -token_specific_init(char * Correlator,CK_SLOT_ID SlotNumber)
47 +token_specific_init(char * Correlator,CK_SLOT_ID SlotNumber,char * conf_name)
53 -token_specific_final()
54 +token_specific_final(void)
60 -token_specific_des_key_gen(CK_BYTE *des_key,CK_ULONG len)
61 +token_specific_des_key_gen(CK_BYTE *des_key,CK_ULONG len,CK_ULONG keysize)
64 // Nothing different to do for DES or TDES here as this is just
65 @@ -127,10 +126,11 @@ token_specific_des_ecb(CK_BYTE * in_data
68 CK_ULONG *out_data_len,
74 + CK_ATTRIBUTE *attr = NULL;
76 des_key_schedule des_key2;
77 const_des_cblock key_val_SSL, in_key_data;
78 @@ -138,8 +138,14 @@ token_specific_des_ecb(CK_BYTE * in_data
82 + // get the key value
83 + if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
84 + OCK_LOG_ERR(ERR_FUNCTION_FAILED);
85 + return CKR_FUNCTION_FAILED;
88 // Create the key schedule
89 - memcpy(&key_val_SSL, key_value, 8);
90 + memcpy(&key_val_SSL, attr->pValue, 8);
91 des_set_key_unchecked(&key_val_SSL, des_key2);
93 // the des decrypt will only fail if the data length is not
94 @@ -181,11 +187,12 @@ token_specific_des_cbc(CK_BYTE * in_data
97 CK_ULONG *out_data_len,
104 + CK_ATTRIBUTE *attr = NULL;
108 @@ -194,8 +201,14 @@ token_specific_des_cbc(CK_BYTE * in_data
109 const_des_cblock key_val_SSL, in_key_data;
110 des_cblock out_key_data;
112 + // get the key value
113 + if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
114 + OCK_LOG_ERR(ERR_FUNCTION_FAILED);
115 + return CKR_FUNCTION_FAILED;
118 // Create the key schedule
119 - memcpy(&key_val_SSL, key_value, 8);
120 + memcpy(&key_val_SSL, attr->pValue, 8);
121 des_set_key_unchecked(&key_val_SSL, des_key2);
123 memcpy(&ivec, init_v, 8);
124 @@ -225,10 +238,13 @@ token_specific_tdes_ecb(CK_BYTE * in_dat
125 CK_ULONG in_data_len,
127 CK_ULONG *out_data_len,
128 - CK_BYTE *key_value,
133 + CK_ATTRIBUTE *attr = NULL;
134 + CK_KEY_TYPE keytype;
135 + CK_BYTE key_value[3*DES_KEY_SIZE];
139 @@ -239,6 +255,25 @@ token_specific_tdes_ecb(CK_BYTE * in_dat
140 const_des_cblock key_SSL1, key_SSL2, key_SSL3, in_key_data;
141 des_cblock out_key_data;
143 + // get the key type
144 + rc = template_attribute_find(key->template, CKA_KEY_TYPE, &attr);
146 + OCK_LOG_ERR(ERR_FUNCTION_FAILED);
147 + return CKR_FUNCTION_FAILED;
149 + keytype = *(CK_KEY_TYPE *)attr->pValue;
151 + // get the key value
152 + if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
153 + OCK_LOG_ERR(ERR_FUNCTION_FAILED);
154 + return CKR_FUNCTION_FAILED;
156 + if (keytype == CKK_DES2) {
157 + memcpy(key_value, attr->pValue, 2*DES_KEY_SIZE);
158 + memcpy(key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE);
160 + memcpy(key_value, attr->pValue, 3*DES_KEY_SIZE);
162 // The key as passed is a 24 byte long string containing three des keys
163 // pick them apart and create the 3 corresponding key schedules
164 memcpy(&key_SSL1, key_value, 8);
165 @@ -291,12 +326,16 @@ token_specific_tdes_cbc(CK_BYTE * in_dat
166 CK_ULONG in_data_len,
168 CK_ULONG *out_data_len,
169 - CK_BYTE *key_value,
176 + CK_ATTRIBUTE *attr = NULL;
177 + CK_KEY_TYPE keytype;
178 + CK_BYTE key_value[3*DES_KEY_SIZE];
180 des_key_schedule des_key1;
181 des_key_schedule des_key2;
182 des_key_schedule des_key3;
183 @@ -304,6 +343,25 @@ token_specific_tdes_cbc(CK_BYTE * in_dat
184 const_des_cblock key_SSL1, key_SSL2, key_SSL3, in_key_data;
187 + // get the key type
188 + rc = template_attribute_find(key->template, CKA_KEY_TYPE, &attr);
190 + OCK_LOG_ERR(ERR_FUNCTION_FAILED);
191 + return CKR_FUNCTION_FAILED;
193 + keytype = *(CK_KEY_TYPE *)attr->pValue;
195 + // get the key value
196 + if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
197 + OCK_LOG_ERR(ERR_FUNCTION_FAILED);
198 + return CKR_FUNCTION_FAILED;
200 + if (keytype == CKK_DES2) {
201 + memcpy(key_value, attr->pValue, 2*DES_KEY_SIZE);
202 + memcpy(key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE);
204 + memcpy(key_value, attr->pValue, 3*DES_KEY_SIZE);
206 // The key as passed in is a 24 byte string containing 3 keys
207 // pick it apart and create the key schedules
208 memcpy(&key_SSL1, key_value, 8);
209 @@ -829,12 +887,18 @@ CK_RV
210 token_specific_rsa_encrypt( CK_BYTE * in_data,
211 CK_ULONG in_data_len,
213 + CK_ULONG * out_data_len,
220 + if (in_data_len > *out_data_len) {
221 + OCK_LOG_DEBUG("CKR_DATA_LEN_RANGE\n");
222 + return CKR_DATA_LEN_RANGE;
225 // Convert the local representation to an RSA representation
226 rsa = (RSA *)rsa_convert_public_key(key_obj, &mLen);
228 @@ -862,6 +926,7 @@ token_specific_rsa_encrypt( CK_BYTE *
232 + *out_data_len = in_data_len;
235 OCK_LOG_ERR(ERR_FUNCTION_FAILED);
236 @@ -879,12 +944,18 @@ CK_RV
237 token_specific_rsa_decrypt( CK_BYTE * in_data,
238 CK_ULONG in_data_len,
240 + CK_ULONG * out_data_len,
247 + if (*out_data_len < in_data_len) {
248 + OCK_LOG_ERR(ERR_BUFFER_TOO_SMALL);
249 + return CKR_BUFFER_TOO_SMALL;
252 // Convert the local key representation to an RSA key representaion
253 rsa = (RSA *)rsa_convert_private_key(key_obj, &mLen);
255 @@ -910,6 +981,7 @@ token_specific_rsa_decrypt( CK_BYTE *
256 rsa, RSA_NO_PADDING);
259 + *out_data_len = in_data_len;
262 OCK_LOG_ERR(ERR_FUNCTION_FAILED);
263 @@ -925,7 +997,7 @@ token_specific_rsa_decrypt( CK_BYTE *
267 -token_specific_aes_key_gen( CK_BYTE *key, CK_ULONG len )
268 +token_specific_aes_key_gen( CK_BYTE *key, CK_ULONG len, CK_ULONG keysize )
270 return rng_generate(key, len);
272 @@ -935,22 +1007,28 @@ token_specific_aes_ecb( CK_BYTE
273 CK_ULONG in_data_len,
275 CK_ULONG *out_data_len,
276 - CK_BYTE *key_value,
281 + CK_ATTRIBUTE *attr = NULL;
284 /* There's a previous check that in_data_len % AES_BLOCK_SIZE == 0,
286 CK_ULONG loops = (CK_ULONG)(in_data_len/AES_BLOCK_SIZE);
288 + // get the key value
289 + if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
290 + OCK_LOG_ERR(ERR_FUNCTION_FAILED);
291 + return CKR_FUNCTION_FAILED;
294 memset( &ssl_aes_key, 0, sizeof(AES_KEY));
296 // AES_ecb_encrypt encrypts only a single block, so we have to break up the
299 - AES_set_encrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
300 + AES_set_encrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
301 for( i=0; i<loops; i++ ) {
302 AES_ecb_encrypt((unsigned char *)in_data + (i*AES_BLOCK_SIZE),
303 (unsigned char *)out_data + (i*AES_BLOCK_SIZE),
304 @@ -958,7 +1036,7 @@ token_specific_aes_ecb( CK_BYTE
308 - AES_set_decrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
309 + AES_set_decrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
310 for( i=0; i<loops; i++ ) {
311 AES_ecb_encrypt((unsigned char *)in_data + (i*AES_BLOCK_SIZE),
312 (unsigned char *)out_data + (i*AES_BLOCK_SIZE),
313 @@ -976,25 +1054,31 @@ token_specific_aes_cbc( CK_BYTE
314 CK_ULONG in_data_len,
316 CK_ULONG *out_data_len,
317 - CK_BYTE *key_value,
324 + CK_ATTRIBUTE *attr = NULL;
327 + // get the key value
328 + if(template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
329 + OCK_LOG_ERR(ERR_FUNCTION_FAILED);
330 + return CKR_FUNCTION_FAILED;
333 memset( &ssl_aes_key, 0, sizeof(AES_KEY));
335 // AES_cbc_encrypt chunks the data into AES_BLOCK_SIZE blocks, unlike
336 // AES_ecb_encrypt, so no looping required.
338 - AES_set_encrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
339 + AES_set_encrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
340 AES_cbc_encrypt((unsigned char *)in_data, (unsigned char *)out_data,
341 in_data_len, &ssl_aes_key,
342 init_v, AES_ENCRYPT);
344 - AES_set_decrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
345 + AES_set_decrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
346 AES_cbc_encrypt((unsigned char *)in_data, (unsigned char *)out_data,
347 in_data_len, &ssl_aes_key,
348 init_v, AES_DECRYPT);
349 --- opencryptoki/usr/lib/pkcs11/aep_stdll/tok_struct.h.orig 2013-07-15 19:25:40.000000000 +0200
350 +++ opencryptoki/usr/lib/pkcs11/aep_stdll/tok_struct.h 2013-12-30 23:06:15.798709893 +0100
351 @@ -310,26 +310,91 @@
352 token_spec_t token_specific = {
364 + NULL, /* creatlock */
365 + NULL, /* attach_shm */
366 &token_specific_init,
367 + NULL, /* init_token_data */
368 + NULL, /* load_token_data */
369 + NULL, /* save_token_data */
372 - &token_specific_session,
373 + &token_specific_rng,
374 + &token_specific_open_session,
375 + NULL, /* close_session */
376 &token_specific_final,
377 + NULL, /* init_token */
380 + NULL, /* init_pin */
381 + NULL, /* set_pin */
382 + NULL, /* copy object */
383 + NULL, /* create_object */
384 + NULL, /* get_attribute_value */
385 + NULL, /* set_attribute_value */
386 + NULL, /* find_objects_init */
387 + NULL, /* destroy_object */
388 + NULL, /* generate_key */
389 + NULL, /* generate_key_pair */
390 + NULL, /* encrypt_init */
391 + NULL, /* encrypt */
392 + NULL, /* encrypt_update */
393 + NULL, /* encrypt_final */
394 + NULL, /* decrypt_init */
395 + NULL, /* decrypt */
396 + NULL, /* decrypt_update */
397 + NULL, /* decrypt_final */
398 + NULL, /* derive_key */
399 + NULL, /* wrap_key */
400 + NULL, /* unwrap_key */
401 + NULL, /* sign_init */
403 + NULL, /* sign_update */
404 + NULL, /* sign_final */
405 + NULL, /* verify_init */
407 + NULL, /* verify_update */
408 + NULL, /* verify_final */
410 &token_specific_des_key_gen,
411 &token_specific_des_ecb,
412 &token_specific_des_cbc,
414 &token_specific_tdes_ecb,
415 &token_specific_tdes_cbc,
417 + NULL, /* tdes_ofb */
418 + NULL, /* tdes_cfb */
419 + NULL, /* tdes_mac */
421 &token_specific_rsa_decrypt,
422 &token_specific_rsa_encrypt,
423 + NULL, /* rsa_sign */
424 + NULL, /* rsa_verify */
425 + NULL, /* rsa_verify_recover */
426 + NULL, /* rsa_x509_decrypt */
427 + NULL, /* rsa_x509_encrypt */
428 + NULL, /* rsa_x509_sign */
429 + NULL, /* rsa_x509_verify */
430 + NULL, /* rsa_x509_verify_recover */
431 &token_specific_rsa_generate_keypair,
433 + NULL, /* ec_sign */
434 + NULL, /* ec_verify */
435 + NULL, /* ec_generate_keypair */
438 &token_specific_dh_pkcs_derive,
439 &token_specific_dh_pkcs_key_pair_gen,
447 @@ -346,15 +411,29 @@ token_spec_t token_specific = {
454 &token_specific_aes_key_gen,
455 &token_specific_aes_ecb,
456 &token_specific_aes_cbc,
464 + NULL, /* t_aes_ofb */
465 + NULL, /* t_aes_cfb */
466 + NULL, /* t_aes_mac */
468 + NULL, /* dsa_generate_keypair */
469 + NULL, /* dsa_sign */
470 + NULL, /* dsa_verify */
472 &token_specific_get_mechanism_list,
473 - &token_specific_get_mechanism_info
474 + &token_specific_get_mechanism_info,
475 + NULL /* object_add */