gfwleak/tango-certstore
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加获取HSM私钥句柄

Browse Source 
安装包增加libcertex库
增加HSM配置文件rcsp.con
This commit is contained in:
fengweihao
2020-11-25 14:10:26 +08:00
parent d452d7b5f2
commit f3cbd19825
17 changed files with 899 additions and 325 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cmake/Package.cmake
View File

@@ -28,6 +28,7 @@ set(CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX /home/tsg)
install(PROGRAMS build/program/certstore DESTINATION ./bin)
install(DIRECTORY resource/cert DESTINATION ./)
install(DIRECTORY resource/conf DESTINATION ./)
install(DIRECTORY resource/lib DESTINATION ./)
install(FILES script/tool/signssl.sh DESTINATION ./tool)
install(FILES script/tool/x509 DESTINATION ./tool)
@@ -35,6 +36,8 @@ install(FILES script/tool/x509 DESTINATION ./tool)
install(FILES script/service/certstore.service DESTINATION /usr/lib/systemd/system/)
install(FILES script/tmpfiles/cert_store.conf DESTINATION /usr/lib/tmpfiles.d/)
install(FILES resource/rcsp/rcsp.conf DESTINATION /etc)
# Must uninstall the debug package before install release package
if(CMAKE_BUILD_TYPE STREQUAL "Debug")
set(CPACK_RPM_PACKAGE_CONFLICTS "certostre")

4
common/CMakeLists.txt
View File

@@ -2,7 +2,7 @@ add_library(common syslogd/src/logging.cpp json/src/arraylist.c json/src/debug.c
json/src/json_object.c json/src/json_object_iterator.c json/src/json_tokener.c
json/src/json_util.c json/src/libjson.c json/src/linkhash.c
json/src/parse_flags.c json/src/printbuf.c json/src/json_checker.c json/src/random_seed.c
rt/src/rt_file.cpp rt/src/rt_stdlib.cpp rt/src/rt_string.cpp rt/src/rt_tmr.cpp rt/src/rt_time.cpp rt/src/rlib_load.cpp)
rt/src/rt_file.cpp rt/src/rt_stdlib.cpp rt/src/rt_string.cpp rt/src/rt_tmr.cpp rt/src/rt_time.cpp pkcs11/src/rlib_load.cpp)
target_include_directories(common PUBLIC syslogd/include json/include rt/include)
target_include_directories(common PUBLIC syslogd/include json/include rt/include pkcs11/include)
target_link_libraries(common PUBLIC rt MESA_handle_logger breakpad_mini)

36
common/pkcs11/include/ErrorHSM.h Normal file
View File

@@ -0,0 +1,36 @@
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> CERTEX HSM
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
#define ERR_SRV_BASE 0xFF000000
#define ERR_BindInProgress (ERR_SRV_BASE+1) // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
#define ERR_InvalidCredentials (ERR_SRV_BASE+2) // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
#define ERR_OperationsError (ERR_SRV_BASE+3) // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
#define ERR_ProtocolError (ERR_SRV_BASE+4) // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
#define ERR_SizeLimitExceeded (ERR_SRV_BASE+5) // <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
#define ERR_StrongAuthRequired (ERR_SRV_BASE+6) // <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
#define ERROR_BASE 0xFF008000
#define ERROR_CONNECT_TO_SERVER (ERROR_BASE+1) // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> HSM
#define ERROR_SSL_HANDLE (ERROR_BASE+2) // <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> SSL-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> SSL)
#define ERROR_SSL_CONNECT (ERROR_BASE+3) // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> SSL-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> HSM (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20>.<2E>.)
#define ERROR_DN_CHECK (ERROR_BASE+4) // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> DN-<2D><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
#define ERROR_SEND_REQUEST (ERROR_BASE+5) // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
#define ERROR_RECV_RESPONSE (ERROR_BASE+6) // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
#define ERROR_BAD_RESPONSE (ERROR_BASE+7) // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
#define ERROR_INVALID_PARAM (ERROR_BASE+8) // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
#define ERROR_BIND (ERROR_BASE+9) // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Bind (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
#define ERROR_CONFIG_LOAD (ERROR_BASE+10) // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>/<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
#define ERR_SSL_PARAM 40 - FF008028
#define ERR_SSL_CREATE_CTX 41 - FF008029
#define ERR_SSL_SET_OPTION 42 - FF00802A
#define ERR_SSL_SET_CERT_CA 43 - FF00802B
#define ERR_SSL_SET_CERT_MY 44 - FF00802C
#define ERR_SSL_SET_PKEY 45 - FF00802D
#define ERR_SSL_SESSION_CLOSE 47 - FF00802F
#define ERR_SSL_CONNECT 48 - FF008030
#define ERR_SSL_ACCEPT 49 - FF008031
#define ERR_SSL_CREATE_SSL 50 - FF008032
#define ERR_SSL_SET_FD 51 - FF008033
#define ERR_SSL_IO 52 - FF008034
#define ERR_SSL_LOAD_LIB 53 - FF008035
#define ERR_SSL_CHECK_PKEY 54 - FF008036

4
common/rt/include/pkcs11.h → common/pkcs11/include/pkcs11.h
View File

@@ -223,9 +223,7 @@ extern "C" {
/* All the various Cryptoki types and #define'd values are in the
* file pkcs11t.h. */
#pragma pack(push, cryptoki, 1)
#include "pkcs11t.h"
#pragma pack(pop, cryptoki)
#include "pkcs11t.h"
#define __PASTE(x,y) x##y

0
common/rt/include/pkcs11f.h → common/pkcs11/include/pkcs11f.h
View File

0
common/rt/include/pkcs11g.h → common/pkcs11/include/pkcs11g.h
View File

63
common/rt/include/pkcs11t.h → common/pkcs11/include/pkcs11t.h
View File

@@ -270,8 +270,17 @@ typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
* identifies a session */
typedef CK_ULONG CK_SESSION_HANDLE;
#ifdef WIN64
typedef unsigned long long CK_SESSION_HANDLE;
typedef unsigned long long CK_SESSION_HANDLE_64;
#else
typedef CK_ULONG CK_SESSION_HANDLE;
#ifdef _OLD_HSM_VERSION
typedef unsigned long CK_SESSION_HANDLE_64;
#else
typedef unsigned long long CK_SESSION_HANDLE_64;
#endif
#endif
typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
@@ -319,7 +328,17 @@ typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
/* CK_OBJECT_HANDLE is a token-specific identifier for an
* object */
typedef CK_ULONG CK_OBJECT_HANDLE;
#ifdef WIN64
typedef unsigned long long CK_OBJECT_HANDLE;
typedef unsigned long long CK_OBJECT_HANDLE_64;
#else
typedef CK_ULONG CK_OBJECT_HANDLE;
#ifdef _OLD_HSM_VERSION
typedef unsigned long CK_OBJECT_HANDLE_64;
#else
typedef unsigned long long CK_OBJECT_HANDLE_64;
#endif
#endif
typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
@@ -603,6 +622,7 @@ typedef CK_ULONG CK_ATTRIBUTE_TYPE;
/* CK_ATTRIBUTE is a structure that includes the type, length
* and value of an attribute */
//#pragma pack (push, 8)
typedef struct CK_ATTRIBUTE {
CK_ATTRIBUTE_TYPE type;
CK_VOID_PTR pValue;
@@ -610,6 +630,7 @@ typedef struct CK_ATTRIBUTE {
/* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
CK_ULONG ulValueLen; /* in bytes */
} CK_ATTRIBUTE;
//#pragma pack (pop)
typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
@@ -1883,27 +1904,37 @@ typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
/* Key Gost */
#define CKK_CERTEX_DEFINED (CKK_VENDOR_DEFINED + 0x0E000000) // = 0x8E000000
#define CKK_CERTEX_DEFINED (CKK_VENDOR_DEFINED + 0x0E000000) // = 0x8E000000
/* GOST 28147.89 */
#define CKK_CERTEX_GOST_28147_89 (CKK_CERTEX_DEFINED + 0x00000001)
#define CKK_CERTEX_GOST_28147_89 (CKK_CERTEX_DEFINED + 0x00000001)
/* RDS - GOST R 34.10-2001 */
#define CKK_CERTEX_RDS (CKK_CERTEX_DEFINED + 0x00000002)
#define CKK_CERTEX_RDS (CKK_CERTEX_DEFINED + 0x00000002)
/* Atributes Gost*/
#define CKA_CERTEX_DEFINED (CKA_VENDOR_DEFINED + 0x0E000000) // = 0x8E000000
#define CKA_CERTEX_RDS_TYPE (CKA_CERTEX_DEFINED + 0x00000011)
#define CKA_CERTEX_DEFINED (CKA_VENDOR_DEFINED + 0x0E000000) // = 0x8E000000
#define CKA_CERTEX_RDS_TYPE (CKA_CERTEX_DEFINED + 0x00000011)
/* Mechanisms Gost*/
#define CKM_CERTEX_DEFINED (CKM_VENDOR_DEFINED + 0x0E000000) // = 0x8E000000
#define CKM_CERTEX_DEFINED (CKM_VENDOR_DEFINED + 0x0E000000) // = 0x8E000000
/* GOST 28147.89 */
#define CKM_CERTEX_GOST_28147_89_KEY_GEN (CKM_CERTEX_DEFINED + 0x00000000)
#define CKM_CERTEX_GOST_28147_89 (CKM_CERTEX_DEFINED + 0x00000001)
#define CKM_CERTEX_GOST_28147_89_MAC (CKM_CERTEX_DEFINED + 0x00000002)
#define CKM_CERTEX_GOST_28147_89_KEY_GEN (CKM_CERTEX_DEFINED + 0x00000000)
#define CKM_CERTEX_GOST_28147_89 (CKM_CERTEX_DEFINED + 0x00000001)
#define CKM_CERTEX_GOST_28147_89_MAC (CKM_CERTEX_DEFINED + 0x00000002)
/* Hash for GOST R 34.11-94 */
#define CKM_CERTEX_GOSTR3411 (CKM_CERTEX_DEFINED + 0x0000000A)
#define CKM_CERTEX_GOSTR3411 (CKM_CERTEX_DEFINED + 0x0000000A)
#define CKM_CERTEX_GOSTR3411_2012_32 (CKM_CERTEX_DEFINED + 0x00000010)
#define CKM_CERTEX_GOSTR3411_2012_64 (CKM_CERTEX_DEFINED + 0x00000011)
/* GOST R 34.10-2001 keypair generation mechanism */
#define CKM_CERTEX_GOSTR3410_2001_KEY_PAIR_GEN (CKM_CERTEX_DEFINED + 0x0000000B)
#define CKM_CERTEX_GOSTR3410_2001_KEY_PAIR_GEN (CKM_CERTEX_DEFINED + 0x0000000B)
#define CKM_CERTEX_GOSTR3410_2012_KEY_PAIR_GEN (CKM_CERTEX_DEFINED + 0x00000012)
/* GOST R 34.10-2001 'raw' mechanism */
#define CKM_CERTEX_GOSTR3410_2001 (CKM_CERTEX_DEFINED + 0x0000000C)
#define CKM_CERTEX_GOSTR3410_2001 (CKM_CERTEX_DEFINED + 0x0000000C)
#define CKM_CERTEX_GOSTR3410_2012 (CKM_CERTEX_DEFINED + 0x00000013)
/* GOST R 34.11-94 hash with GOST R 34.10-2001 mechanism */
#define CKM_CERTEX_GOSTR3411_94_GOSTR3410_2001 (CKM_CERTEX_DEFINED + 0x0000000D)
#define CKM_CERTEX_GOSTR3411_94_GOSTR3410_2001 (CKM_CERTEX_DEFINED + 0x0000000D)
#define CKM_CERTEX_GOSTR3411_GOSTR3410_2012 (CKM_CERTEX_DEFINED + 0x00000014)
#define CKM_CERTEX_GOSTR3411_2012_GOSTR3410_2001 (CKM_CERTEX_DEFINED + 0x00000015)
#define CKM_CERTEX_DES_X919_MAC (CKM_CERTEX_DEFINED + 0x00000004)
#define CKM_CERTEX_DES_X919_MAC_GENERAL (CKM_CERTEX_DEFINED + 0x00000005)
#endif

139
common/pkcs11/include/rlib_load.h Normal file
View File

@@ -0,0 +1,139 @@
//------------------------------------------------------------------------------
// RCSP Project
// Copyright (c) 2007 Scientific Lab. Gamma Technologies. All rights reserved.
//
// R-CSP/R-PKCS11 LIB Loader
//------------------------------------------------------------------------------
#ifndef __RLIB_LOAD_H
#define __RLIB_LOAD_H
//------------------------------------------------------------------------------
#define LOADLIBRARY
//------------------------------------------------------------------------------
#ifndef CK_PTR
#define CK_PTR *
#endif
#ifndef NULL_PTR
#define NULL_PTR 0
#endif
#ifndef CK_CALLBACK_FUNCTION
#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
#endif
#ifndef CK_DEFINE_FUNCTION
#define CK_DEFINE_FUNCTION(returnType, name) returnType name
#endif
#ifndef CK_DECLARE_FUNCTION
#define CK_DECLARE_FUNCTION(returnType, name) returnType name
#endif
#ifndef CK_DECLARE_FUNCTION_POINTER
#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
#endif
#pragma pack(push, cryptoki, 1)
#include "pkcs11.h"
#pragma pack(pop, cryptoki)
//------------------------------------------------------------------------------
#ifdef WIND32
#define CSP_REGKEY "SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Tumar CSP"
#define CAPI_LIB_PATH ""
#define PKCS_LIB_PATH ""
#else
#ifdef USE_CRITICAL_SECTION
#if defined HPXX
#define CAPI_LIB_PATH "/usr/lib/libcertex-csp.1.0.0_r.sl"
#define PKCS_LIB_PATH "/usr/lib/libcertex-pkcs11.1.0.0_r.sl"
#elif defined DEC64
#define CAPI_LIB_PATH "/usr/shlib/libcertex-csp.1.0.0_r.so"
#define PKCS_LIB_PATH "/usr/shlib/libcertex-pkcs11.1.0.0_r.so"
#else
#define CAPI_LIB_PATH "/lib/libcertex-csp_r.so.1.0.0"
#define PKCS_LIB_PATH "/lib/libcertex-pkcs11_r.so.1.0.0"
#endif
#else
#if defined HPXX
#define CAPI_LIB_PATH "/usr/lib/libcertex-csp.1.0.0.sl"
#define PKCS_LIB_PATH "/usr/lib/libcertex-pkcs11.1.0.0.sl"
#elif defined DEC64
#define CAPI_LIB_PATH "/usr/shlib/libcertex-csp.1.0.0.so"
#define PKCS_LIB_PATH "/usr/shlib/libcertex-pkcs11.1.0.0.so"
#else
#define CAPI_LIB_PATH "/lib/libcertex-csp.so.1.0.0"
#define PKCS_LIB_PATH "/lib/libcertex-pkcs11.so.1.0.0"
#endif
#endif
#endif
//------------------------------------------------------------------------------
int LoadPkcsLib (char *dllpkcs);
void FreePkcsLib(void);
int do_GetFunctionList( void );
//------------------------------------------------------------------------------
extern CK_C_Initialize FC_Initialize;
extern CK_C_Finalize FC_Finalize;
extern CK_C_GetInfo FC_GetInfo;
extern CK_C_GetFunctionList FC_GetFunctionList;
extern CK_C_GetSlotList FC_GetSlotList;
extern CK_C_GetSlotInfo FC_GetSlotInfo;
extern CK_C_GetTokenInfo FC_GetTokenInfo;
extern CK_C_GetMechanismList FC_GetMechanismList;
extern CK_C_GetMechanismInfo FC_GetMechanismInfo;
extern CK_C_InitToken FC_InitToken;
extern CK_C_InitPIN FC_InitPIN;
extern CK_C_SetPIN FC_SetPIN;
extern CK_C_OpenSession FC_OpenSession;
extern CK_C_CloseSession FC_CloseSession;
extern CK_C_CloseAllSessions FC_CloseAllSessions;
extern CK_C_GetSessionInfo FC_GetSessionInfo;
extern CK_C_GetOperationState FC_GetOperationState;
extern CK_C_SetOperationState FC_SetOperationState;
extern CK_C_Login FC_Login;
extern CK_C_Logout FC_Logout;
extern CK_C_CreateObject FC_CreateObject;
extern CK_C_CopyObject FC_CopyObject;
extern CK_C_DestroyObject FC_DestroyObject;
extern CK_C_GetObjectSize FC_GetObjectSize;
extern CK_C_GetAttributeValue FC_GetAttributeValue;
extern CK_C_SetAttributeValue FC_SetAttributeValue;
extern CK_C_FindObjectsInit FC_FindObjectsInit;
extern CK_C_FindObjects FC_FindObjects;
extern CK_C_FindObjectsFinal FC_FindObjectsFinal;
extern CK_C_EncryptInit FC_EncryptInit;
extern CK_C_Encrypt FC_Encrypt;
extern CK_C_EncryptUpdate FC_EncryptUpdate;
extern CK_C_EncryptFinal FC_EncryptFinal;
extern CK_C_DecryptInit FC_DecryptInit;
extern CK_C_Decrypt FC_Decrypt;
extern CK_C_DecryptUpdate FC_DecryptUpdate;
extern CK_C_DecryptFinal FC_DecryptFinal;
extern CK_C_DigestInit FC_DigestInit;
extern CK_C_Digest FC_Digest;
extern CK_C_DigestUpdate FC_DigestUpdate;
extern CK_C_DigestKey FC_DigestKey;
extern CK_C_DigestFinal FC_DigestFinal;
extern CK_C_SignInit FC_SignInit;
extern CK_C_Sign FC_Sign;
extern CK_C_SignUpdate FC_SignUpdate;
extern CK_C_SignFinal FC_SignFinal;
extern CK_C_SignRecoverInit FC_SignRecoverInit;
extern CK_C_SignRecover FC_SignRecover;
extern CK_C_VerifyInit FC_VerifyInit;
extern CK_C_Verify FC_Verify;
extern CK_C_VerifyUpdate FC_VerifyUpdate;
extern CK_C_VerifyFinal FC_VerifyFinal;
extern CK_C_VerifyRecoverInit FC_VerifyRecoverInit;
extern CK_C_VerifyRecover FC_VerifyRecover;
extern CK_C_DigestEncryptUpdate FC_DigestEncryptUpdate;
extern CK_C_DecryptDigestUpdate FC_DecryptDigestUpdate;
extern CK_C_SignEncryptUpdate FC_SignEncryptUpdate;
extern CK_C_DecryptVerifyUpdate FC_DecryptVerifyUpdate;
extern CK_C_GenerateKey FC_GenerateKey;
extern CK_C_GenerateKeyPair FC_GenerateKeyPair;
extern CK_C_WrapKey FC_WrapKey;
extern CK_C_UnwrapKey FC_UnwrapKey;
extern CK_C_DeriveKey FC_DeriveKey;
extern CK_C_SeedRandom FC_SeedRandom;
extern CK_C_GenerateRandom FC_GenerateRandom;
extern CK_C_GetFunctionStatus FC_GetFunctionStatus;
extern CK_C_CancelFunction FC_CancelFunction;
extern CK_C_WaitForSlotEvent FC_WaitForSlotEvent;
//------------------------------------------------------------------------------
#endif

208
common/pkcs11/include/tdefs.h Normal file
View File

@@ -0,0 +1,208 @@
//------------------------------------------------------------------------------
// ALL Projects
// Copyright (c) 2010 Scientific Lab. Gamma Technologies. All rights reserved.
//------------------------------------------------------------------------------
#ifndef __TDEFS_H
#define __TDEFS_H
//------------------------------------------------------------------------------
#undef LINUX32
#undef LINUX64
#undef LINUXXX
#undef DEC64
#undef WIND32
#undef WIND64
#undef WINDXX
#undef SPARC32
#undef SPARC64
#undef SPARCXX
#undef AIX32
#undef AIX64
#undef AIXXX
#undef HP32
#undef HP64
#undef HPXX
//------------------------------------------------------------------------------
#if defined(WIN32) || defined(__WIN32__)
#if !defined(_WIN32)
#define _WIN32
#endif
#endif
//
#if defined(WIN64) || defined(__WIN64__)
#if !defined(_WIN64)
#define _WIN64
#endif
#endif
//------------------------------------------------------------------------------
#if defined(__gnu_linux__) || defined(__linux__)
#define LINUXXX
#if defined(__x86_64__) || defined(__x86_64) || defined(__amd64__)
#define LINUX64
#else
#define LINUX32
#endif
#elif defined(_WIN32) || defined(_WIN64)
#define WIND32
#define WINDXX
#ifdef _WIN64
#define WIND64
#endif
#elif defined(__alpha) && defined(__arch64__)
#define DEC64
#elif __sparc__
#define SPARCXX
#ifdef FORCE32
#define SPARC32
#else
#define SPARC64
#endif
#elif _AIX
#define AIXXX
#ifdef FORCE32
#define AIX32
#else
#define AIX64
#endif
#else // __hpux
#define HPXX
#ifdef FORCE32
#define HP32
#else
#define HP64
#endif
#endif
//------------------------------------------------------------------------------
#ifdef WINDXX
#ifndef _MT
#define _MT
#endif
// #include <windows.h>
#define SLASH '\\'
#else
#ifdef PTHREAD
#include <pthread.h>
#endif
#define SLASH '/'
#endif
//------------------------------------------------------------------------------
#if defined DEC64
#define _BSD
#endif
//------------------------------------------------------------------------------
#if defined WINDXX
#define RANG32
#define INVERT
typedef __int64 long64;
typedef unsigned __int64 ulong64;
#elif defined LINUX32
#define RANG32
#define INVERT
typedef long long long64;
typedef unsigned long long ulong64;
#elif defined LINUX64
#define RANG64
#define INVERT
typedef long long64;
typedef unsigned long ulong64;
#elif defined DEC64
#define RANG64
#define INVERT
typedef long long64;
typedef unsigned long ulong64;
#elif defined SPARC32
#define RANG32
#define DIRECT
typedef long long long64;
typedef unsigned long long ulong64;
#elif defined SPARC64
#define RANG64
#define DIRECT
typedef long long64;
typedef unsigned long ulong64;
#elif defined HP32
#define RANG32
#define DIRECT
typedef long long long64;
typedef unsigned long long ulong64;
#elif defined HP64
#define RANG64
#define DIRECT
typedef long long64;
typedef unsigned long ulong64;
#elif defined AIX32
#define RANG32
#define DIRECT
typedef long long long64;
typedef unsigned long long ulong64;
#elif defined AIX64
#define RANG64
#define DIRECT
typedef long long64;
typedef unsigned long ulong64;
#endif
//------------------------------------------------------------------------------
#if defined(RANG32) && !defined(WIND64)
typedef long long32;
typedef unsigned long ulong32;
#else
typedef int long32;
typedef unsigned int ulong32;
#endif
typedef unsigned short int UINT2;
typedef unsigned int UINT4;
typedef ulong64 UINT8;
//------------------------------------------------------------------------------
#if defined INVERT
#define I0 0
#define I1 1
#define C0 0
#define C1 1
#define C2 2
#define C3 3
#elif defined DIRECT
#define I0 1
#define I1 0
#define C0 3
#define C1 2
#define C2 1
#define C3 0
#endif
//------------------------------------------------------------------------------
#ifndef drct_i
#define drct_i(i) i=((i>>8)|(i<<8))
#endif
#ifndef drct_l
#define drct_l(l) l=(((l<<24)|(l>>8))&0xFF00FF00)|(((l<<8)|(l>>24))&0x00FF00FF)
#endif
//------------------------------------------------------------------------------
#if defined WINDXX
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> unix <20><><EFBFBD><EFBFBD>
typedef int pid_t;
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> run time libc <20> unix <20><><EFBFBD><EFBFBD>
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
#define getpid _getpid
#define mkdir _mkdir
#define open _open
#define creat _creat
#define close _close
#define write _write
#define read _read
#define unlink _unlink
#define chmod _chmod
#define utime _utime
#define itoa _itoa
// <20><><EFBFBD><EFBFBD><EFBFBD>
#define O_CREAT _O_CREAT
#define O_RDWR _O_RDWR
#define O_EXCL _O_EXCL
#define O_WRONLY _O_WRONLY
#define O_TRUNC _O_TRUNC
#define S_IREAD _S_IREAD
#define S_IWRITE _S_IWRITE
#if defined WIND64
#define _CRT_SECURE_NO_WARNINGS
#define strdup _strdup
#endif
#endif
//------------------------------------------------------------------------------
#endif

344
common/pkcs11/src/rlib_load.cpp Normal file
View File

@@ -0,0 +1,344 @@
//------------------------------------------------------------------------------
// RCSP Project
// Copyright (c) 2007 Scientific Lab. Gamma Technologies. All rights reserved.
//
// R-CSP/R-PKCS11 LIB Loader
//------------------------------------------------------------------------------
#include "tdefs.h"
#include <stdio.h>
#include <string.h>
#ifdef WIND32
#include <windows.h>
#else
#include <stdlib.h>
#include <unistd.h>
#include <dlfcn.h>
#endif
#include "rlib_load.h"
#ifndef WIND32
typedef void* HINSTANCE;
#endif
//------------------------------------------------------------------------------
#ifndef F_CPAcquireContext
#define F_CPAcquireContext 1
#define F_CPGetProvParam 2
#define F_CPReleaseContext 3
#define F_CPSetProvParam 4
#define F_CPDeriveKey 5
#define F_CPDestroyKey 6
#define F_CPDuplicateKey 7
#define F_CPExportKey 8
#define F_CPGenKey 9
#define F_CPGenRandom 10
#define F_CPGetKeyParam 11
#define F_CPGetUserKey 12
#define F_CPImportKey 13
#define F_CPSetKeyParam 14
#define F_CPDecrypt 15
#define F_CPEncrypt 16
#define F_CPCreateHash 17
#define F_CPDestroyHash 18
#define F_CPDuplicateHash 19
#define F_CPGetHashParam 20
#define F_CPHashData 21
#define F_CPHashSessionKey 22
#define F_CPSetHashParam 23
#define F_CPSignHash 24
#define F_CPVerifySignature 25
#endif
//------------------------------------------------------------------------------
#ifndef F_Initialize
#define F_Initialize 31
#define F_Finalize 32
#define F_GetInfo 33
#define F_GetFunctionList 34
#define F_GetSlotList 35
#define F_GetSlotInfo 36
#define F_GetTokenInfo 37
#define F_GetMechanismList 38
#define F_GetMechanismInfo 39
#define F_InitToken 40
#define F_InitPIN 41
#define F_SetPIN 42
#define F_OpenSession 43
#define F_CloseSession 44
#define F_CloseAllSessions 45
#define F_GetSessionInfo 46
#define F_GetOperationState 47
#define F_SetOperationState 48
#define F_Login 49
#define F_Logout 50
#define F_CreateObject 51
#define F_CopyObject 52
#define F_DestroyObject 53
#define F_GetObjectSize 54
#define F_GetAttributeValue 55
#define F_SetAttributeValue 56
#define F_FindObjectsInit 57
#define F_FindObjects 58
#define F_FindObjectsFinal 59
#define F_EncryptInit 60
#define F_Encrypt 61
#define F_EncryptUpdate 62
#define F_EncryptFinal 63
#define F_DecryptInit 64
#define F_Decrypt 65
#define F_DecryptUpdate 66
#define F_DecryptFinal 67
#define F_DigestInit 68
#define F_Digest 69
#define F_DigestUpdate 70
#define F_DigestKey 71
#define F_DigestFinal 72
#define F_SignInit 73
#define F_Sign 74
#define F_SignUpdate 75
#define F_SignFinal 76
#define F_SignRecoverInit 77
#define F_SignRecover 78
#define F_VerifyInit 79
#define F_Verify 80
#define F_VerifyUpdate 81
#define F_VerifyFinal 82
#define F_VerifyRecoverInit 83
#define F_VerifyRecover 84
#define F_DigestEncryptUpdate 85
#define F_DecryptDigestUpdate 86
#define F_SignEncryptUpdate 87
#define F_DecryptVerifyUpdate 88
#define F_GenerateKey 89
#define F_GenerateKeyPair 90
#define F_WrapKey 91
#define F_UnwrapKey 92
#define F_DeriveKey 93
#define F_SeedRandom 94
#define F_GenerateRandom 95
#define F_GetFunctionStatus 96
#define F_CancelFunction 97
#define F_WaitForSlotEvent 98
#endif
//------------------------------------------------------------------------------
CK_C_Initialize FC_Initialize;
CK_C_Finalize FC_Finalize;
CK_C_GetInfo FC_GetInfo;
CK_C_GetFunctionList FC_GetFunctionList;
CK_C_GetSlotList FC_GetSlotList;
CK_C_GetSlotInfo FC_GetSlotInfo;
CK_C_GetTokenInfo FC_GetTokenInfo;
CK_C_GetMechanismList FC_GetMechanismList;
CK_C_GetMechanismInfo FC_GetMechanismInfo;
CK_C_InitToken FC_InitToken;
CK_C_InitPIN FC_InitPIN;
CK_C_SetPIN FC_SetPIN;
CK_C_OpenSession FC_OpenSession;
CK_C_CloseSession FC_CloseSession;
CK_C_CloseAllSessions FC_CloseAllSessions;
CK_C_GetSessionInfo FC_GetSessionInfo;
CK_C_GetOperationState FC_GetOperationState;
CK_C_SetOperationState FC_SetOperationState;
CK_C_Login FC_Login;
CK_C_Logout FC_Logout;
CK_C_CreateObject FC_CreateObject;
CK_C_CopyObject FC_CopyObject;
CK_C_DestroyObject FC_DestroyObject;
CK_C_GetObjectSize FC_GetObjectSize;
CK_C_GetAttributeValue FC_GetAttributeValue;
CK_C_SetAttributeValue FC_SetAttributeValue;
CK_C_FindObjectsInit FC_FindObjectsInit;
CK_C_FindObjects FC_FindObjects;
CK_C_FindObjectsFinal FC_FindObjectsFinal;
CK_C_EncryptInit FC_EncryptInit;
CK_C_Encrypt FC_Encrypt;
CK_C_EncryptUpdate FC_EncryptUpdate;
CK_C_EncryptFinal FC_EncryptFinal;
CK_C_DecryptInit FC_DecryptInit;
CK_C_Decrypt FC_Decrypt;
CK_C_DecryptUpdate FC_DecryptUpdate;
CK_C_DecryptFinal FC_DecryptFinal;
CK_C_DigestInit FC_DigestInit;
CK_C_Digest FC_Digest;
CK_C_DigestUpdate FC_DigestUpdate;
CK_C_DigestKey FC_DigestKey;
CK_C_DigestFinal FC_DigestFinal;
CK_C_SignInit FC_SignInit;
CK_C_Sign FC_Sign;
CK_C_SignUpdate FC_SignUpdate;
CK_C_SignFinal FC_SignFinal;
CK_C_SignRecoverInit FC_SignRecoverInit;
CK_C_SignRecover FC_SignRecover;
CK_C_VerifyInit FC_VerifyInit;
CK_C_Verify FC_Verify;
CK_C_VerifyUpdate FC_VerifyUpdate;
CK_C_VerifyFinal FC_VerifyFinal;
CK_C_VerifyRecoverInit FC_VerifyRecoverInit;
CK_C_VerifyRecover FC_VerifyRecover;
CK_C_DigestEncryptUpdate FC_DigestEncryptUpdate;
CK_C_DecryptDigestUpdate FC_DecryptDigestUpdate;
CK_C_SignEncryptUpdate FC_SignEncryptUpdate;
CK_C_DecryptVerifyUpdate FC_DecryptVerifyUpdate;
CK_C_GenerateKey FC_GenerateKey;
CK_C_GenerateKeyPair FC_GenerateKeyPair;
CK_C_WrapKey FC_WrapKey;
CK_C_UnwrapKey FC_UnwrapKey;
CK_C_DeriveKey FC_DeriveKey;
CK_C_SeedRandom FC_SeedRandom;
CK_C_GenerateRandom FC_GenerateRandom;
CK_C_GetFunctionStatus FC_GetFunctionStatus;
CK_C_CancelFunction FC_CancelFunction;
CK_C_WaitForSlotEvent FC_WaitForSlotEvent;
//------------------------------------------------------------------------------
HINSTANCE load_lib(char *lib)
{
#ifdef WIND32
return LoadLibrary(lib);
#else
return dlopen(lib,RTLD_LAZY);
#endif
}
//------------------------------------------------------------------------------
void* get_sym(HINSTANCE inst, const char *proc)
{
#ifdef WIND32
return (void*) GetProcAddress(inst,proc);
#else
return dlsym(inst,proc);
#endif
}
//------------------------------------------------------------------------------
void free_lib(HINSTANCE inst)
{
#ifdef WIND32
FreeLibrary(inst);
#else
dlclose(inst);
#endif
}
//------------------------------------------------------------------------------
int Get_PKCS_Fancs(HINSTANCE hLib)
{
FC_Initialize =(CK_C_Initialize ) get_sym(hLib,"C_Initialize" ); if (!FC_Initialize ) return F_Initialize;
FC_Finalize =(CK_C_Finalize ) get_sym(hLib,"C_Finalize" ); if (!FC_Finalize ) return F_Finalize;
FC_GetInfo =(CK_C_GetInfo ) get_sym(hLib,"C_GetInfo" ); if (!FC_GetInfo ) return F_GetInfo;
FC_GetFunctionList =(CK_C_GetFunctionList ) get_sym(hLib,"C_GetFunctionList" ); if (!FC_GetFunctionList ) return F_GetFunctionList;
FC_GetSlotList =(CK_C_GetSlotList ) get_sym(hLib,"C_GetSlotList" ); if (!FC_GetSlotList ) return F_GetSlotList;
FC_GetSlotInfo =(CK_C_GetSlotInfo ) get_sym(hLib,"C_GetSlotInfo" ); if (!FC_GetSlotInfo ) return F_GetSlotInfo;
FC_GetTokenInfo =(CK_C_GetTokenInfo ) get_sym(hLib,"C_GetTokenInfo" ); if (!FC_GetTokenInfo ) return F_GetTokenInfo;
FC_GetMechanismList =(CK_C_GetMechanismList ) get_sym(hLib,"C_GetMechanismList" ); if (!FC_GetMechanismList ) return F_GetMechanismList;
FC_GetMechanismInfo =(CK_C_GetMechanismInfo ) get_sym(hLib,"C_GetMechanismInfo" ); if (!FC_GetMechanismInfo ) return F_GetMechanismInfo;
FC_InitToken =(CK_C_InitToken ) get_sym(hLib,"C_InitToken" ); if (!FC_InitToken ) return F_InitToken;
FC_InitPIN =(CK_C_InitPIN ) get_sym(hLib,"C_InitPIN" ); if (!FC_InitPIN ) return F_InitPIN;
FC_SetPIN =(CK_C_SetPIN ) get_sym(hLib,"C_SetPIN" ); if (!FC_SetPIN ) return F_SetPIN;
FC_OpenSession =(CK_C_OpenSession ) get_sym(hLib,"C_OpenSession" ); if (!FC_OpenSession ) return F_OpenSession;
FC_CloseSession =(CK_C_CloseSession ) get_sym(hLib,"C_CloseSession" ); if (!FC_CloseSession ) return F_CloseSession;
FC_CloseAllSessions =(CK_C_CloseAllSessions ) get_sym(hLib,"C_CloseAllSessions" ); if (!FC_CloseAllSessions ) return F_CloseAllSessions;
FC_GetSessionInfo =(CK_C_GetSessionInfo ) get_sym(hLib,"C_GetSessionInfo" ); if (!FC_GetSessionInfo ) return F_GetSessionInfo;
FC_GetOperationState =(CK_C_GetOperationState ) get_sym(hLib,"C_GetOperationState" ); if (!FC_GetOperationState ) return F_GetOperationState;
FC_SetOperationState =(CK_C_SetOperationState ) get_sym(hLib,"C_SetOperationState" ); if (!FC_SetOperationState ) return F_SetOperationState;
FC_Login =(CK_C_Login ) get_sym(hLib,"C_Login" ); if (!FC_Login ) return F_Login;
FC_Logout =(CK_C_Logout ) get_sym(hLib,"C_Logout" ); if (!FC_Logout ) return F_Logout;
FC_CreateObject =(CK_C_CreateObject ) get_sym(hLib,"C_CreateObject" ); if (!FC_CreateObject ) return F_CreateObject;
FC_CopyObject =(CK_C_CopyObject ) get_sym(hLib,"C_CopyObject" ); if (!FC_CopyObject ) return F_CopyObject;
FC_DestroyObject =(CK_C_DestroyObject ) get_sym(hLib,"C_DestroyObject" ); if (!FC_DestroyObject ) return F_DestroyObject;
FC_GetObjectSize =(CK_C_GetObjectSize ) get_sym(hLib,"C_GetObjectSize" ); if (!FC_GetObjectSize ) return F_GetObjectSize;
FC_GetAttributeValue =(CK_C_GetAttributeValue ) get_sym(hLib,"C_GetAttributeValue" ); if (!FC_GetAttributeValue ) return F_GetAttributeValue;
FC_SetAttributeValue =(CK_C_SetAttributeValue ) get_sym(hLib,"C_SetAttributeValue" ); if (!FC_SetAttributeValue ) return F_SetAttributeValue;
FC_FindObjectsInit =(CK_C_FindObjectsInit ) get_sym(hLib,"C_FindObjectsInit" ); if (!FC_FindObjectsInit ) return F_FindObjectsInit;
FC_FindObjects =(CK_C_FindObjects ) get_sym(hLib,"C_FindObjects" ); if (!FC_FindObjects ) return F_FindObjects;
FC_FindObjectsFinal =(CK_C_FindObjectsFinal ) get_sym(hLib,"C_FindObjectsFinal" ); if (!FC_FindObjectsFinal ) return F_FindObjectsFinal;
FC_EncryptInit =(CK_C_EncryptInit ) get_sym(hLib,"C_EncryptInit" ); if (!FC_EncryptInit ) return F_EncryptInit;
FC_Encrypt =(CK_C_Encrypt ) get_sym(hLib,"C_Encrypt" ); if (!FC_Encrypt ) return F_Encrypt;
FC_EncryptUpdate =(CK_C_EncryptUpdate ) get_sym(hLib,"C_EncryptUpdate" ); if (!FC_EncryptUpdate ) return F_EncryptUpdate;
FC_EncryptFinal =(CK_C_EncryptFinal ) get_sym(hLib,"C_EncryptFinal" ); if (!FC_EncryptFinal ) return F_EncryptFinal;
FC_DecryptInit =(CK_C_DecryptInit ) get_sym(hLib,"C_DecryptInit" ); if (!FC_DecryptInit ) return F_DecryptInit;
FC_Decrypt =(CK_C_Decrypt ) get_sym(hLib,"C_Decrypt" ); if (!FC_Decrypt ) return F_Decrypt;
FC_DecryptUpdate =(CK_C_DecryptUpdate ) get_sym(hLib,"C_DecryptUpdate" ); if (!FC_DecryptUpdate ) return F_DecryptUpdate;
FC_DecryptFinal =(CK_C_DecryptFinal ) get_sym(hLib,"C_DecryptFinal" ); if (!FC_DecryptFinal ) return F_DecryptFinal;
FC_DigestInit =(CK_C_DigestInit ) get_sym(hLib,"C_DigestInit" ); if (!FC_DigestInit ) return F_DigestInit;
FC_Digest =(CK_C_Digest ) get_sym(hLib,"C_Digest" ); if (!FC_Digest ) return F_Digest;
FC_DigestUpdate =(CK_C_DigestUpdate ) get_sym(hLib,"C_DigestUpdate" ); if (!FC_DigestUpdate ) return F_DigestUpdate;
FC_DigestKey =(CK_C_DigestKey ) get_sym(hLib,"C_DigestKey" ); if (!FC_DigestKey ) return F_DigestKey;
FC_DigestFinal =(CK_C_DigestFinal ) get_sym(hLib,"C_DigestFinal" ); if (!FC_DigestFinal ) return F_DigestFinal;
FC_SignInit =(CK_C_SignInit ) get_sym(hLib,"C_SignInit" ); if (!FC_SignInit ) return F_SignInit;
FC_Sign =(CK_C_Sign ) get_sym(hLib,"C_Sign" ); if (!FC_Sign ) return F_Sign;
FC_SignUpdate =(CK_C_SignUpdate ) get_sym(hLib,"C_SignUpdate" ); if (!FC_SignUpdate ) return F_SignUpdate;
FC_SignFinal =(CK_C_SignFinal ) get_sym(hLib,"C_SignFinal" ); if (!FC_SignFinal ) return F_SignFinal;
FC_SignRecoverInit =(CK_C_SignRecoverInit ) get_sym(hLib,"C_SignRecoverInit" ); if (!FC_SignRecoverInit ) return F_SignRecoverInit;
FC_SignRecover =(CK_C_SignRecover ) get_sym(hLib,"C_SignRecover" ); if (!FC_SignRecover ) return F_SignRecover;
FC_VerifyInit =(CK_C_VerifyInit ) get_sym(hLib,"C_VerifyInit" ); if (!FC_VerifyInit ) return F_VerifyInit;
FC_Verify =(CK_C_Verify ) get_sym(hLib,"C_Verify" ); if (!FC_Verify ) return F_Verify;
FC_VerifyUpdate =(CK_C_VerifyUpdate ) get_sym(hLib,"C_VerifyUpdate" ); if (!FC_VerifyUpdate ) return F_VerifyUpdate;
FC_VerifyFinal =(CK_C_VerifyFinal ) get_sym(hLib,"C_VerifyFinal" ); if (!FC_VerifyFinal ) return F_VerifyFinal;
FC_VerifyRecoverInit =(CK_C_VerifyRecoverInit ) get_sym(hLib,"C_VerifyRecoverInit" ); if (!FC_VerifyRecoverInit ) return F_VerifyRecoverInit;
FC_VerifyRecover =(CK_C_VerifyRecover ) get_sym(hLib,"C_VerifyRecover" ); if (!FC_VerifyRecover ) return F_VerifyRecover;
FC_DigestEncryptUpdate=(CK_C_DigestEncryptUpdate) get_sym(hLib,"C_DigestEncryptUpdate"); if (!FC_DigestEncryptUpdate) return F_DigestEncryptUpdate;
FC_DecryptDigestUpdate=(CK_C_DecryptDigestUpdate) get_sym(hLib,"C_DecryptDigestUpdate"); if (!FC_DecryptDigestUpdate) return F_DecryptDigestUpdate;
FC_SignEncryptUpdate =(CK_C_SignEncryptUpdate ) get_sym(hLib,"C_SignEncryptUpdate" ); if (!FC_SignEncryptUpdate ) return F_SignEncryptUpdate;
FC_DecryptVerifyUpdate=(CK_C_DecryptVerifyUpdate) get_sym(hLib,"C_DecryptVerifyUpdate"); if (!FC_DecryptVerifyUpdate) return F_DecryptVerifyUpdate;
FC_GenerateKey =(CK_C_GenerateKey ) get_sym(hLib,"C_GenerateKey" ); if (!FC_GenerateKey ) return F_GenerateKey;
FC_GenerateKeyPair =(CK_C_GenerateKeyPair ) get_sym(hLib,"C_GenerateKeyPair" ); if (!FC_GenerateKeyPair ) return F_GenerateKeyPair;
FC_WrapKey =(CK_C_WrapKey ) get_sym(hLib,"C_WrapKey" ); if (!FC_WrapKey ) return F_WrapKey;
FC_UnwrapKey =(CK_C_UnwrapKey ) get_sym(hLib,"C_UnwrapKey" ); if (!FC_UnwrapKey ) return F_UnwrapKey;
FC_DeriveKey =(CK_C_DeriveKey ) get_sym(hLib,"C_DeriveKey" ); if (!FC_DeriveKey ) return F_DeriveKey;
FC_SeedRandom =(CK_C_SeedRandom ) get_sym(hLib,"C_SeedRandom" ); if (!FC_SeedRandom ) return F_SeedRandom;
FC_GenerateRandom =(CK_C_GenerateRandom ) get_sym(hLib,"C_GenerateRandom" ); if (!FC_GenerateRandom ) return F_GenerateRandom;
FC_GetFunctionStatus =(CK_C_GetFunctionStatus ) get_sym(hLib,"C_GetFunctionStatus" ); if (!FC_GetFunctionStatus ) return F_GetFunctionStatus;
FC_CancelFunction =(CK_C_CancelFunction ) get_sym(hLib,"C_CancelFunction" ); if (!FC_CancelFunction ) return F_CancelFunction;
FC_WaitForSlotEvent =(CK_C_WaitForSlotEvent ) get_sym(hLib,"C_WaitForSlotEvent" ); if (!FC_WaitForSlotEvent ) return F_WaitForSlotEvent;
return 0;
}
//------------------------------------------------------------------------------
HINSTANCE hPkcsLib=NULL;
//------------------------------------------------------------------------------
#ifdef WIND32
int GetCapiPath(char *path)
{
HKEY hKey;
DWORD Disposition,DataSize;
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,CSP_REGKEY,0,KEY_READ,&hKey)!=ERROR_SUCCESS) return 1;
path[0]=0; DataSize=255; RegQueryValueEx(hKey,"Image Path",0,&Disposition,(BYTE *)path,&DataSize);
RegCloseKey(hKey);
if (!strlen(path)) return 2;
return 0;
}
#else
int GetCapiPath(char *path) {strcpy(path,CAPI_LIB_PATH); return 0;}
#endif
//------------------------------------------------------------------------------
#ifdef WIND32
int GetPkcsPath(char *path)
{return GetCapiPath(path);}
#else
int GetPkcsPath(char *path) {strcpy(path,PKCS_LIB_PATH); return 0;}
#endif
//------------------------------------------------------------------------------
int LoadPkcsLib(char *dllpkcs)
{
int code;
char path[260];
if (hPkcsLib) return 0;
if ((dllpkcs)&&(*dllpkcs)) strcpy(path,dllpkcs);
else if (GetPkcsPath(path)) return -1;
hPkcsLib=load_lib(dllpkcs);
if (!hPkcsLib) return -2;
code=Get_PKCS_Fancs(hPkcsLib);
if (code) {free_lib(hPkcsLib); hPkcsLib=NULL;}
return code;
}
//------------------------------------------------------------------------------
void FreePkcsLib(void)
{
if (hPkcsLib) {free_lib(hPkcsLib); hPkcsLib=NULL;}
}
//------------------------------------------------------------------------------
int do_GetFunctionList( void )
{
CK_RV rc = 0;
extern CK_FUNCTION_LIST *funcs;
rc=FC_GetFunctionList(&funcs);
if (rc != CKR_OK) {printf ("err %x\n",rc); return rc;}
return 0;
}
//------------------------------------------------------------------------------

45
common/rt/include/rlib_load.h
View File

@@ -1,45 +0,0 @@
//------------------------------------------------------------------------------
// RCSP Project
// Copyright (c) 2007 Scientific Lab. Gamma Technologies. All rights reserved.
//
// R-CSP/R-PKCS11 LIB Loader
//------------------------------------------------------------------------------
#ifndef __RLIB_LOAD_H
#define __RLIB_LOAD_H
//------------------------------------------------------------------------------
#define LOADLIBRARY
//------------------------------------------------------------------------------
#ifndef CK_PTR
#define CK_PTR *
#endif
#ifndef NULL_PTR
#define NULL_PTR 0
#endif
#ifndef CK_CALLBACK_FUNCTION
#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
#endif
#ifndef CK_DEFINE_FUNCTION
#define CK_DEFINE_FUNCTION(returnType, name) returnType name
#endif
#ifndef CK_DECLARE_FUNCTION
#define CK_DECLARE_FUNCTION(returnType, name) returnType name
#endif
#ifndef CK_DECLARE_FUNCTION_POINTER
#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
#endif
#pragma pack(push, cryptoki, 1)
#include "pkcs11.h"
#pragma pack(pop, cryptoki)
//------------------------------------------------------------------------------
#define CSP_REGKEY "SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Tumar CSP"
#define CAPI_LIB_PATH ""
#define PKCS_LIB_PATH ""
//------------------------------------------------------------------------------
int LoadPkcsLib (char *dllpkcs);
void FreePkcsLib(void);
int do_GetFunctionList( void );
//------------------------------------------------------------------------------
extern CK_C_GetFunctionList FC_GetFunctionList;
//------------------------------------------------------------------------------
#endif

220
common/rt/src/rlib_load.cpp
View File

@@ -1,220 +0,0 @@
//------------------------------------------------------------------------------
// RCSP Project
// Copyright (c) 2007 Scientific Lab. Gamma Technologies. All rights reserved.
//
// R-CSP/R-PKCS11 LIB Loader
//------------------------------------------------------------------------------
#include <stdio.h>
#include <string.h>
#include <dlfcn.h>
#include "rlib_load.h"
//------------------------------------------------------------------------------
#ifndef F_CPAcquireContext
#define F_CPAcquireContext 1
#define F_CPGetProvParam 2
#define F_CPReleaseContext 3
#define F_CPSetProvParam 4
#define F_CPDeriveKey 5
#define F_CPDestroyKey 6
#define F_CPDuplicateKey 7
#define F_CPExportKey 8
#define F_CPGenKey 9
#define F_CPGenRandom 10
#define F_CPGetKeyParam 11
#define F_CPGetUserKey 12
#define F_CPImportKey 13
#define F_CPSetKeyParam 14
#define F_CPDecrypt 15
#define F_CPEncrypt 16
#define F_CPCreateHash 17
#define F_CPDestroyHash 18
#define F_CPDuplicateHash 19
#define F_CPGetHashParam 20
#define F_CPHashData 21
#define F_CPHashSessionKey 22
#define F_CPSetHashParam 23
#define F_CPSignHash 24
#define F_CPVerifySignature 25
#endif
//------------------------------------------------------------------------------
#ifndef F_Initialize
#define F_Initialize 31
#define F_Finalize 32
#define F_GetInfo 33
#define F_GetFunctionList 34
#define F_GetSlotList 35
#define F_GetSlotInfo 36
#define F_GetTokenInfo 37
#define F_GetMechanismList 38
#define F_GetMechanismInfo 39
#define F_InitToken 40
#define F_InitPIN 41
#define F_SetPIN 42
#define F_OpenSession 43
#define F_CloseSession 44
#define F_CloseAllSessions 45
#define F_GetSessionInfo 46
#define F_GetOperationState 47
#define F_SetOperationState 48
#define F_Login 49
#define F_Logout 50
#define F_CreateObject 51
#define F_CopyObject 52
#define F_DestroyObject 53
#define F_GetObjectSize 54
#define F_GetAttributeValue 55
#define F_SetAttributeValue 56
#define F_FindObjectsInit 57
#define F_FindObjects 58
#define F_FindObjectsFinal 59
#define F_EncryptInit 60
#define F_Encrypt 61
#define F_EncryptUpdate 62
#define F_EncryptFinal 63
#define F_DecryptInit 64
#define F_Decrypt 65
#define F_DecryptUpdate 66
#define F_DecryptFinal 67
#define F_DigestInit 68
#define F_Digest 69
#define F_DigestUpdate 70
#define F_DigestKey 71
#define F_DigestFinal 72
#define F_SignInit 73
#define F_Sign 74
#define F_SignUpdate 75
#define F_SignFinal 76
#define F_SignRecoverInit 77
#define F_SignRecover 78
#define F_VerifyInit 79
#define F_Verify 80
#define F_VerifyUpdate 81
#define F_VerifyFinal 82
#define F_VerifyRecoverInit 83
#define F_VerifyRecover 84
#define F_DigestEncryptUpdate 85
#define F_DecryptDigestUpdate 86
#define F_SignEncryptUpdate 87
#define F_DecryptVerifyUpdate 88
#define F_GenerateKey 89
#define F_GenerateKeyPair 90
#define F_WrapKey 91
#define F_UnwrapKey 92
#define F_DeriveKey 93
#define F_SeedRandom 94
#define F_GenerateRandom 95
#define F_GetFunctionStatus 96
#define F_CancelFunction 97
#define F_WaitForSlotEvent 98
#endif
#define HINSTANCE void*
//------------------------------------------------------------------------------
CK_C_Initialize FC_Initialize;
CK_C_GetFunctionList FC_GetFunctionList;
//------------------------------------------------------------------------------
HINSTANCE load_lib(char *lib)
{
return dlopen(lib, RTLD_LAZY | RTLD_LOCAL);
}
//------------------------------------------------------------------------------
void* get_sym(HINSTANCE inst, const char *proc)
{
return (void*)dlsym(inst,proc);
}
//------------------------------------------------------------------------------
void free_lib(HINSTANCE inst)
{
dlclose(inst);
}
//------------------------------------------------------------------------------
int Get_PKCS_Fancs(HINSTANCE hLib)
{
FC_GetFunctionList =(CK_C_GetFunctionList) get_sym(hLib,"C_GetFunctionList");
if (!FC_GetFunctionList)
return F_GetFunctionList;
return 0;
}
//------------------------------------------------------------------------------
HINSTANCE hPkcsLib=NULL;
//------------------------------------------------------------------------------
#ifdef WIND32
int GetCapiPath(char *path)
{
HKEY hKey;
DWORD Disposition,DataSize;
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,CSP_REGKEY,0,KEY_READ,&hKey)!=ERROR_SUCCESS)
return 1;
path[0]=0;
DataSize=255;
RegQueryValueEx(hKey,"Image Path",0,&Disposition,(BYTE *)path,&DataSize);
RegCloseKey(hKey);
if (!strlen(path))
return 2;
return 0;
}
#else
int GetCapiPath(char *path)
{
strcpy(path,CAPI_LIB_PATH);
return 0;
}
#endif
//------------------------------------------------------------------------------
#ifdef WIND32
int GetPkcsPath(char *path)
{
return GetCapiPath(path);
}
#else
int GetPkcsPath(char *path)
{
strcpy(path,PKCS_LIB_PATH);
return 0;
}
#endif
//------------------------------------------------------------------------------
int LoadPkcsLib(char *dllpkcs)
{
int code;
char path[260];
if (hPkcsLib)
return 0;
if ((dllpkcs)&&(*dllpkcs))
strcpy(path,dllpkcs);
else if (GetPkcsPath(path))
return -1;
hPkcsLib=load_lib(path);
if (!hPkcsLib)
return -2;
code=Get_PKCS_Fancs(hPkcsLib);
if(code)
{
free_lib(hPkcsLib);
hPkcsLib=NULL;
}
return code;
}
//------------------------------------------------------------------------------
void FreePkcsLib(void)
{
if (hPkcsLib)
{
free_lib(hPkcsLib);
hPkcsLib=NULL;
}
}
//------------------------------------------------------------------------------
int do_GetFunctionList( void )
{
CK_RV rc = 0;
extern CK_FUNCTION_LIST *funcs;
rc=FC_GetFunctionList(&funcs);
if (rc != CKR_OK) {printf ("err %x\n",rc); return rc;}
return 0;
}
//------------------------------------------------------------------------------

3
program/include/cert_conf.h
View File

@@ -86,6 +86,9 @@ struct cert_store_policy{
uint16_t store_port;
char store_ip[46];
char password[128];
char label[128];
char ca_path[128];
char uninsec_path[128];
};

131
program/src/cert_session.cpp
View File

@@ -785,6 +785,7 @@ int pkcs11_signature_algotonid(unsigned long algo)
case CKM_SHA1_RSA_PKCS:
return NID_sha1WithRSAEncryption;
case CKM_RSA_PKCS:
case CKM_CERTEX_GOSTR3410_2001:
case CKM_SHA256_RSA_PKCS:
return NID_sha256WithRSAEncryption;
default:
@@ -792,40 +793,85 @@ int pkcs11_signature_algotonid(unsigned long algo)
}
return 0;
}
int X509_pkcs11_sign(X509* x509, unsigned long pkcs11_signing_algo, CK_SESSION_HANDLE pkcs11_session)
int x509_find_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE *hObject)
{
int rv =0;
CK_OBJECT_HANDLE pkcs11_key_handle = 0;
int xret=0;
CK_ULONG objcount;
CK_OBJECT_CLASS sec_class = CKO_PRIVATE_KEY;
CK_BBOOL xtrue = 1;
// set signature algorithm in the certificate
CK_ATTRIBUTE key_attr[] =
{
{CKA_CLASS, &sec_class, sizeof(sec_class) },
{CKA_PRIVATE, &xtrue, sizeof (xtrue) },
{CKA_LABEL, g_certstore_policy->label, strlen((const char *)g_certstore_policy->label)}
};
xret = FC_FindObjectsInit( session, key_attr, sizeof(key_attr)/sizeof(CK_ATTRIBUTE) );
if (xret != CKR_OK)
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Object failed to initialize");
goto finish;
}
xret = FC_FindObjects(session, hObject, 1,&objcount);
if (xret != CKR_OK || objcount == 0)
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to get private key handle");
goto finish;
}
return 0;
finish:
*hObject = CK_INVALID_HANDLE;
return -1;
}
int X509_hsm_sign(X509* x509, unsigned long mech, CK_SESSION_HANDLE session)
{
int xret =1;
CK_OBJECT_HANDLE hObject = 0;
xret = x509_find_object(session, &hObject);
if(xret != 0 || hObject == CK_INVALID_HANDLE)
{
return 0;
}
CK_MECHANISM sign_mechanism;
memset (&sign_mechanism, 0, sizeof (sign_mechanism));
sign_mechanism.mechanism = mech;
xret = FC_SignInit (session, &sign_mechanism, hObject);
if (xret != CKR_OK )
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "There was an error initializing the sign function");
return 0;
}
// set signature algorithm in the certificate
const X509_ALGOR *tsig_alg_org = X509_get0_tbs_sigalg(x509);
X509_ALGOR *tsig_alg=const_cast<X509_ALGOR *>(tsig_alg_org);
if (tsig_alg)
{
const int signingAlgoNid = pkcs11_signature_algotonid(pkcs11_signing_algo);
const int signingAlgoNid = pkcs11_signature_algotonid(mech);
X509_ALGOR_set0(tsig_alg, OBJ_nid2obj(signingAlgoNid), V_ASN1_NULL, NULL);
}
const X509_ALGOR *sig_alg_org;
X509_get0_signature(NULL, &sig_alg_org, x509);
X509_ALGOR *sig_alg=const_cast<X509_ALGOR *>(sig_alg_org);
if (sig_alg)
{
const int signingAlgoNid = pkcs11_signature_algotonid(pkcs11_signing_algo);
const int signingAlgoNid = pkcs11_signature_algotonid(mech);
X509_ALGOR_set0(sig_alg, OBJ_nid2obj(signingAlgoNid), V_ASN1_NULL, NULL);
}
// DER-encode certificate
unsigned char *x509_der_buf;
// DER-encode certificate
unsigned char *x509_der_buf;CK_ULONG signature_size = 0;
const size_t x509_der_len = i2d_re_X509_tbs(x509, &x509_der_buf);
xret = FC_Sign (session, x509_der_buf, x509_der_len, NULL, &signature_size);
if (xret != CKR_OK)
{
return 0;
}
CK_MECHANISM mechanism = { pkcs11_signing_algo, NULL_PTR, 0 };
rv = funcs->C_SignInit(pkcs11_session, &mechanism, pkcs11_key_handle);
// determine signature size
CK_ULONG signature_size = 0;
rv= funcs->C_Sign(pkcs11_session, x509_der_buf, x509_der_len, NULL, &signature_size);
// sign
const ASN1_BIT_STRING *psig_org;
X509_get0_signature(&psig_org, NULL, x509);
@@ -834,13 +880,14 @@ int X509_pkcs11_sign(X509* x509, unsigned long pkcs11_signing_algo, CK_SESSION_H
OPENSSL_free(psig->data);
psig->data = (unsigned char*)OPENSSL_malloc(signature_size);
psig->length = signature_size;
rv = funcs->C_Sign(pkcs11_session, x509_der_buf, x509_der_len, psig->data, &signature_size);
xret = FC_Sign(session, x509_der_buf, x509_der_len, psig->data, &signature_size);
psig->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
psig->flags|=ASN1_STRING_FLAG_BITS_LEFT;
OPENSSL_free(x509_der_buf);
return rv;
OPENSSL_free(x509_der_buf);
FC_FindObjectsFinal(session);
return xret;
}
X509 *ssl_x509_forge(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey, int *expire_time, char *crlurl, char *public_algo, CK_SESSION_HANDLE session)
@@ -947,7 +994,7 @@ X509 *ssl_x509_forge(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey, in
}
else
{
if(!X509_pkcs11_sign(crt, CKM_RSA_PKCS, session))
if(!X509_hsm_sign(crt, CKM_CERTEX_GOSTR3410_2001, session))
goto errout;
}
@@ -1115,6 +1162,11 @@ long __attribute__((__unused__))argl, void __attribute__((__unused__))*argp)
if (pxy_obj->stack_ca)
sk_X509_pop_free(pxy_obj->stack_ca, X509_free);
if(pxy_obj->session)
{
FC_Logout(pxy_obj->session);
FC_CloseSession(pxy_obj->session);
}
free(pxy_obj);
pxy_obj = NULL;
*ad=NULL;
@@ -2256,6 +2308,7 @@ static int field_stat_init(struct cert_store_policy *certstore_policy, const cha
return 0;
}
#if 0
static struct pxy_profile_hsm* get_profile_by_id(int profile_id)
{
struct pxy_profile_hsm* ply_profile=NULL;
@@ -2267,6 +2320,7 @@ static struct pxy_profile_hsm* get_profile_by_id(int profile_id)
ply_profile = (struct pxy_profile_hsm*)Maat_plugin_get_EX_data(g_certstore_policy->feather, table_id, (const char*)cfg_id_str);
return ply_profile;
}
#endif
CK_SESSION_HANDLE keyring_pkcs11_login(int slot_id)
{
@@ -2274,30 +2328,26 @@ CK_SESSION_HANDLE keyring_pkcs11_login(int slot_id)
CK_FLAGS flags;
CK_SESSION_HANDLE session=0;
struct pxy_profile_hsm* ply_profile = get_profile_by_id(0);
if(ply_profile == NULL || funcs->C_OpenSession==NULL)
{
goto error;
}
//struct pxy_profile_hsm* ply_profile = get_profile_by_id(0);
flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
ret = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &session);
if(ret)
ret = FC_OpenSession(slot_id, flags, NULL, NULL, &session);
if(ret != CKR_OK)
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "hsm_sdk open session faild, error : %d", ret);
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Hsm open session faild, error : %d", ret);
goto error;
}
ret = funcs->C_Login(session, CKU_USER, (CK_UTF8CHAR_PTR)ply_profile->passwd, strlen(ply_profile->passwd));
if(ret)
ret = FC_Login(session, CKU_USER, (CK_UTF8CHAR_PTR)g_certstore_policy->password, strlen(g_certstore_policy->password));
if(ret != CKR_OK)
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "hsm_sdk login faild, error : %d", ret);
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Hsm login faild, error : %d", ret);
goto error;
}
return session;
error:
if(session)
{
funcs->C_CloseSession(session);
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Init FC_OpenSession faild, error : %d", ret);
FC_CloseSession(session);
}
return 0;
}
@@ -2558,12 +2608,14 @@ int maat_feather_init(struct cert_store_policy *certstore_policy, const char *ma
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "certstore register table PXY_PROFILE_KEYRING failed");
}
#if 0
table_id = maat_table_ex_init("PXY_PROFILE_HSM", POLICY_PROFILE_TABLE_HSM, hsm_profile_table_start_cb, hsm_profile_table_free_cb, hsm_profile_table_dup_cb);
if(table_id<0)
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Register table PXY_PROFILE_HSM failed");
return 0;
}
#endif
field_stat_init(certstore_policy, main_profile);
@@ -2583,6 +2635,8 @@ int pkcs11_module_init(struct cert_store_policy *certstore_policy, const char *m
MESA_load_profile_uint_nodef(main_profile, "certex_hsm", "enable", &(certstore_policy->enable));
MESA_load_profile_string_def(main_profile, "certex_hsm", "library_path", library_path, sizeof(library_path), "");
MESA_load_profile_string_def(main_profile, "certex_hsm", "password", g_certstore_policy->password, sizeof(g_certstore_policy->password), "987654321");
MESA_load_profile_string_def(main_profile, "certex_hsm", "label", g_certstore_policy->label, sizeof(g_certstore_policy->label), "TEST");
if(certstore_policy->enable == 0)
{
@@ -2595,17 +2649,20 @@ int pkcs11_module_init(struct cert_store_policy *certstore_policy, const char *m
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Load %s failed", library_path);
goto finish;
}
#if 0
xret = do_user_GetFunctionList();
if(xret!=0 || funcs->C_Initialize==NULL)
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Get function list failed, errro = %d",xret);
goto finish;
}
#endif
memset(&cinit_args, 0x0, sizeof(cinit_args));
cinit_args.flags = CKF_OS_LOCKING_OK;
xret = funcs->C_Initialize(&cinit_args);
xret = FC_Initialize(&cinit_args);
if(xret!=0)
{
//FreePkcsLib();
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Function Initialize failed");
}
finish:
@@ -2614,10 +2671,10 @@ finish:
int cert_store_session_init(struct cert_store_policy *certstore_policy, const char *main_profile)
{
maat_feather_init(certstore_policy, main_profile);
pkcs11_module_init(certstore_policy, main_profile);
maat_feather_init(certstore_policy, main_profile);
keyring_server_init(certstore_policy);
return 0;

6
resource/conf/cert_store.ini
View File

@@ -59,6 +59,8 @@ statsd_server=192.168.10.72
statsd_port=8126
[certex_hsm]
enable=0
library_path=lib/libcertex-rcsp_r.so.v.3.0.40.2
enable=1
password="987654321"
label="TEST"
library_path=./lib/libcertex-rcsp_r.so.v.3.0.40.3

BIN
resource/lib/libcertex-rcsp_r.so.v.3.0.40.3 Normal file
View File

Binary file not shown.

18
resource/rcsp/rcsp.conf Normal file
View File

@@ -0,0 +1,18 @@
[RAPI]
host = 172.16.172.216
port = 62556
auth = 0
[Admin]
name = hsm
pass = qwerty
[SSL]
level = 0
host = 172.16.172.216
key_file = /Certex/etc/ssl/key.pem
crt_file = /Certex/etc/ssl/cert.pem
ca_file = /Certex/etc/ssl/ca.pem
ca_path = /Certex/etc/ssl/certs
mask = C=KZ;O=Gamma;OU=Certex;CN=HSMII-B-0028