PKI_X509_XPAIR *PKI_X509_XPAIR_new_null ( void ) {
PKI_X509_XPAIR *ret = NULL;
if((ret = PKI_X509_new ( PKI_DATATYPE_X509_XPAIR, NULL )) == NULL ) {
return NULL;
}
if((ret->value = PKI_XPAIR_new()) == NULL ) {
PKI_X509_free ( ret );
return NULL;
}
return ret;
}
PKI_X509_PKCS7 *PKI_X509_PKCS7_new ( PKI_X509_PKCS7_TYPE type ) {
PKI_X509_PKCS7 *p7 = NULL;
PKI_X509_PKCS7_VALUE *value = NULL;
if((p7 = PKI_X509_new( PKI_DATATYPE_X509_PKCS7, NULL )) == NULL ) {
PKI_log_debug("PKI_X509_PKCS7_new()::Memory Error!");
return ( NULL );
}
if((value = p7->cb->create()) == NULL ) {
PKI_log_debug ("Memory Allocation Error.");
return NULL;
}
if(!PKCS7_set_type( value, type )) {
PKI_log_err( "PKI_X509_PKCS7_new()::Can not set PKCS7 type!");
return ( NULL );
}
p7->value = value;
switch ( type ) {
case PKI_X509_PKCS7_TYPE_ENCRYPTED:
case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED:
if(!PKI_X509_PKCS7_set_cipher( p7,
(EVP_CIPHER *) PKI_CIPHER_AES(256,cbc))) {
PKI_log_debug("PKI_X509_PKCS7_new()::Can not set "
"cipher!");
};
break;
case PKI_X509_PKCS7_TYPE_SIGNED:
PKCS7_content_new ( value, NID_pkcs7_data );
break;
default:
break;
}
return ( p7 );
}
int PKI_X509_put_value ( void *x, PKI_DATATYPE type, PKI_DATA_FORMAT format,
char *url_string, const char *mime, PKI_CRED *cred, HSM *hsm ) {
PKI_X509 *x_obj = NULL;
int ret = PKI_OK;
if ( !x || !url_string ) return PKI_ERR;
if(( x_obj = PKI_X509_new ( type, hsm )) == NULL ) {
return PKI_ERR;
}
x_obj->value = x;
ret = PKI_X509_put ( x_obj, format, url_string, mime, cred, hsm );
x_obj->value = NULL;
PKI_X509_free ( x_obj );
return ret;
}
/*! \brief Returns an empty PKI_X509_CERT data structure */
PKI_X509_CERT *PKI_X509_CERT_new_null ( void ) {
return PKI_X509_new(PKI_DATATYPE_X509_CERT, NULL);
}
PKI_X509_KEYPAIR *PKI_X509_KEYPAIR_new_null () {
return PKI_X509_new ( PKI_DATATYPE_X509_KEYPAIR, NULL );
}
PKI_X509_OCSP_RESP *PKI_X509_OCSP_RESP_new_null ( void )
{
return PKI_X509_new(PKI_DATATYPE_X509_OCSP_RESP, NULL);
}
PKI_X509_CRL *PKI_X509_CRL_new_null ( void ) {
return PKI_X509_new ( PKI_DATATYPE_X509_CRL, NULL );
}
PKI_X509_KEYPAIR *HSM_PKCS11_KEYPAIR_new( PKI_KEYPARAMS *kp,
URL *url, PKI_CRED *cred, HSM *driver ) {
PKCS11_HANDLER *lib = NULL;
int type = PKI_SCHEME_DEFAULT;
/*
CK_MECHANISM DSA_MECH = {
CKM_DSA_KEY_PAIR_GEN, NULL_PTR, 0 };
CK_MECHANISM ECDSA_MECH = {
CKM_ECDSA_KEY_PAIR_GEN, NULL_PTR, 0 };
*/
/* Return EVP Key */
PKI_X509_KEYPAIR *ret = NULL;
PKI_X509_KEYPAIR_VALUE *val = NULL;
/* If a RSA Key is generated we use the RSA pointer*/
PKI_RSA_KEY *rsa = NULL;
/* If a DSA Key is generated we use the DSA pointer*/
PKI_DSA_KEY *dsa = NULL;
#ifdef ENABLE_ECDSA
/* If an ECDSA Key is generated we use the DSA pointer*/
PKI_EC_KEY *ecdsa = NULL;
#endif
PKI_log_debug("HSM_PKCS11_KEYPAIR_new()::Start!");
if ((lib = _hsm_get_pkcs11_handler ( driver )) == NULL ) {
PKI_log_debug("HSM_PKCS11_KEYPAIR_new()::Can not get handler");
return NULL;
}
/*
if((val = (PKI_X509_KEYPAIR *) EVP_PKEY_new()) == NULL ) {
return NULL;
}
*/
/*
if( _pki_pkcs11_rand_seed() == 0 ) {
PKI_log_debug("WARNING, low rand available!");
}
*/
if ( kp && kp->scheme != PKI_SCHEME_UNKNOWN ) type = kp->scheme;
switch (type) {
case PKI_SCHEME_RSA:
break;
case PKI_SCHEME_DSA:
case PKI_SCHEME_ECDSA:
default:
PKI_ERROR(PKI_ERR_HSM_SCHEME_UNSUPPORTED, "Scheme %d", type );
return ( NULL );
}
/*
PKI_log_debug("HSM_PKCS11_KEYPAIR_new()::Closing existing key session");
rv = lib->callbacks->C_CloseSession( lib->session );
*/
if(( HSM_PKCS11_session_new( lib->slot_id, &lib->session,
CKF_SERIAL_SESSION | CKF_RW_SESSION, lib )) == PKI_ERR ) {
PKI_log_debug("HSM_PKCS11_KEYPAIR_new()::Failed in opening a "
"new session (R/W) with the token" );
return ( NULL );
};
/*
PKI_log_debug("HSM_PKCS11_KEYPAIR_new()::Opening new R/W key session");
if((rv = lib->callbacks->C_OpenSession (lib->slot_id,
CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL,
&(lib->session))) != CKR_OK ) {
PKI_log_debug("HSM_PKCS11_KEYPAIR_new()::Failed in opening a "
"new session (R/W) with the token" );
return ( NULL );
}
*/
if( HSM_PKCS11_login ( driver, cred ) == PKI_ERR ) {
HSM_PKCS11_session_close ( &lib->session, lib );
return ( PKI_ERR );
}
/*
PKI_log_debug("HSM_PKCS11_KEYPAIR_new()::Logging in" );
rv = lib->callbacks->C_Login(lib->session, CKU_USER,
(CK_UTF8CHAR *) cred->password,
cred->password ? strlen(cred->password) : 0);
*/
/*
if ( rv == CKR_USER_ALREADY_LOGGED_IN ) {
PKI_log_debug( "HSM_PKCS11_SLOT_select()::User Already logged "
"in!");
} else if( rv == CKR_PIN_INCORRECT ) {
PKI_log_err ( "HSM_PKCS11_SLOT_select()::Can not login "
"- Pin Incorrect (0X%8.8X) [%s]", rv, cred->password);
return ( PKI_ERR );
} else if ( rv != CKR_OK ) {
PKI_log_err ( "HSM_PKCS11_SLOT_select()::Can not login "
"- General Error (0X%8.8X)", rv);
return ( PKI_ERR );
}
*/
/* Generate the EVP_PKEY that will allow it to make use of it */
if((val = (PKI_X509_KEYPAIR_VALUE *) EVP_PKEY_new()) == NULL ) {
HSM_PKCS11_session_close ( &lib->session, lib );
PKI_ERROR(PKI_ERR_OBJECT_CREATE, "KeyPair value");
return NULL;
}
switch( type ) {
case PKI_SCHEME_RSA:
if ((rsa = _pki_pkcs11_rsakey_new ( kp, url,
lib, driver)) == NULL ) {
HSM_PKCS11_session_close ( &lib->session, lib );
return ( NULL );
};
if(!EVP_PKEY_assign_RSA( (EVP_PKEY *) val, rsa)) {
PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign RSA key");
if( rsa ) RSA_free ( rsa );
if( val ) EVP_PKEY_free( (EVP_PKEY *) val );
HSM_PKCS11_session_close ( &lib->session, lib );
return ( NULL );
}
break;
case PKI_SCHEME_DSA:
if ((dsa = _pki_pkcs11_dsakey_new ( kp, url,
lib, driver)) == NULL ) {
HSM_PKCS11_session_close ( &lib->session, lib );
return ( NULL );
};
if(!EVP_PKEY_assign_DSA( (EVP_PKEY *) val, dsa)) {
PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign DSA key");
if( dsa ) DSA_free ( dsa );
if( val ) EVP_PKEY_free( (EVP_PKEY *) val );
HSM_PKCS11_session_close ( &lib->session, lib );
return ( NULL );
}
break;
#ifdef ENABLE_ECDSA
case PKI_SCHEME_ECDSA:
if ((ecdsa = _pki_pkcs11_ecdsakey_new ( kp, url,
lib, driver)) == NULL ) {
HSM_PKCS11_session_close ( &lib->session, lib );
return ( NULL );
};
if(!EVP_PKEY_assign_EC_KEY( (EVP_PKEY *) val, ecdsa)) {
PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign ECDSA key");
if( ecdsa ) EC_KEY_free ( ecdsa );
if( val ) EVP_PKEY_free( (EVP_PKEY *) val );
HSM_PKCS11_session_close ( &lib->session, lib );
return ( NULL );
}
break;
#endif
default:
PKI_ERROR(PKI_ERR_HSM_SCHEME_UNSUPPORTED, "%d", type);
if ( val ) EVP_PKEY_free ( (EVP_PKEY *) val );
HSM_PKCS11_session_close ( &lib->session, lib );
return ( NULL );
}
HSM_PKCS11_session_close ( &lib->session, lib );
if (( ret = PKI_X509_new ( PKI_DATATYPE_X509_KEYPAIR, driver)) == NULL){
PKI_ERROR(PKI_ERR_OBJECT_CREATE, NULL );
if ( val ) EVP_PKEY_free ( (EVP_PKEY *) val );
if ( val ) EVP_PKEY_free ( val );
return NULL;
}
ret->value = val;
/* Let's return the PKI_X509_KEYPAIR infrastructure */
return ( ret );
}