32 #if defined(POLARSSL_PKCS11_C)
37 #if defined(POLARSSL_PLATFORM_C)
41 #define polarssl_malloc malloc
42 #define polarssl_free free
45 int pkcs11_x509_cert_init(
x509_crt *cert, pkcs11h_certificate_t pkcs11_cert )
48 unsigned char *cert_blob = NULL;
49 size_t cert_blob_size = 0;
57 if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL,
58 &cert_blob_size ) != CKR_OK )
65 if( NULL == cert_blob )
71 if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob,
72 &cert_blob_size ) != CKR_OK )
87 if( NULL != cert_blob )
94 int pkcs11_priv_key_init( pkcs11_context *priv_key,
95 pkcs11h_certificate_t pkcs11_cert )
102 if( priv_key == NULL )
105 if( 0 != pkcs11_x509_cert_init( &cert, pkcs11_cert ) )
109 priv_key->pkcs11h_cert = pkcs11_cert;
119 void pkcs11_priv_key_free( pkcs11_context *priv_key )
121 if( NULL != priv_key )
122 pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert );
125 int pkcs11_decrypt( pkcs11_context *ctx,
126 int mode,
size_t *olen,
127 const unsigned char *input,
128 unsigned char *output,
129 size_t output_max_len )
131 size_t input_len, output_len;
139 output_len = input_len = ctx->len;
141 if( input_len < 16 || input_len > output_max_len )
145 if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
146 input_len, NULL, &output_len ) != CKR_OK )
151 if( output_len > output_max_len )
154 if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
155 input_len, output, &output_len ) != CKR_OK )
163 int pkcs11_sign( pkcs11_context *ctx,
166 unsigned int hashlen,
167 const unsigned char *hash,
170 size_t sig_len = 0, asn_len = 0, oid_size = 0;
171 unsigned char *p = sig;
183 if( md_info == NULL )
190 asn_len = 10 + oid_size;
194 if ( hashlen > sig_len || asn_len > sig_len ||
195 hashlen + asn_len > sig_len )
212 *p++ = (
unsigned char) ( 0x08 + oid_size + hashlen );
214 *p++ = (
unsigned char) ( 0x04 + oid_size );
216 *p++ = oid_size & 0xFF;
217 memcpy( p, oid, oid_size );
225 memcpy( p, hash, hashlen );
227 if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig,
228 asn_len + hashlen, sig, &sig_len ) != CKR_OK )
#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE
The output buffer for decryption is not large enough.
static size_t pk_get_len(const pk_context *ctx)
Get the length in bytes of the underlying key.
int x509_crt_parse(x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one or more certificates and add them to the chained list.
void x509_crt_free(x509_crt *crt)
Unallocate all certificate data.
static unsigned char md_get_size(const md_info_t *md_info)
Returns the size of the message digest output.
Object Identifier (OID) database.
const md_info_t * md_info_from_type(md_type_t md_type)
Returns the message digest information associated with the given digest type.
Container for an X.509 certificate.
void x509_crt_init(x509_crt *crt)
Initialize a certificate (chain)
X.509 certificate parsing and writing.
Generic message digest wrapper.
#define POLARSSL_ERR_RSA_BAD_INPUT_DATA
Bad input parameters to function.
int oid_get_oid_by_md(md_type_t md_alg, const char **oid, size_t *olen)
Translate md_type into hash algorithm OID.
pk_context pk
Container for the public key context.
#define ASN1_OCTET_STRING
Wrapper for PKCS#11 library libpkcs11-helper.
Message digest information.