diff --git a/cmake/Package.cmake b/cmake/Package.cmake index 86fc9bc..083001b 100644 --- a/cmake/Package.cmake +++ b/cmake/Package.cmake @@ -28,6 +28,7 @@ set(CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX /home/tsg) install(PROGRAMS build/program/certstore DESTINATION ./bin) install(DIRECTORY resource/cert DESTINATION ./) install(DIRECTORY resource/conf DESTINATION ./) +install(DIRECTORY resource/lib DESTINATION ./) install(FILES script/tool/signssl.sh DESTINATION ./tool) install(FILES script/tool/x509 DESTINATION ./tool) @@ -35,6 +36,8 @@ install(FILES script/tool/x509 DESTINATION ./tool) install(FILES script/service/certstore.service DESTINATION /usr/lib/systemd/system/) install(FILES script/tmpfiles/cert_store.conf DESTINATION /usr/lib/tmpfiles.d/) +install(FILES resource/rcsp/rcsp.conf DESTINATION /etc) + # Must uninstall the debug package before install release package if(CMAKE_BUILD_TYPE STREQUAL "Debug") set(CPACK_RPM_PACKAGE_CONFLICTS "certostre") diff --git a/common/CMakeLists.txt b/common/CMakeLists.txt index 60b82a3..bb934f5 100644 --- a/common/CMakeLists.txt +++ b/common/CMakeLists.txt @@ -2,7 +2,7 @@ add_library(common syslogd/src/logging.cpp json/src/arraylist.c json/src/debug.c json/src/json_object.c json/src/json_object_iterator.c json/src/json_tokener.c json/src/json_util.c json/src/libjson.c json/src/linkhash.c json/src/parse_flags.c json/src/printbuf.c json/src/json_checker.c json/src/random_seed.c - rt/src/rt_file.cpp rt/src/rt_stdlib.cpp rt/src/rt_string.cpp rt/src/rt_tmr.cpp rt/src/rt_time.cpp rt/src/rlib_load.cpp) + rt/src/rt_file.cpp rt/src/rt_stdlib.cpp rt/src/rt_string.cpp rt/src/rt_tmr.cpp rt/src/rt_time.cpp pkcs11/src/rlib_load.cpp) -target_include_directories(common PUBLIC syslogd/include json/include rt/include) +target_include_directories(common PUBLIC syslogd/include json/include rt/include pkcs11/include) target_link_libraries(common PUBLIC rt MESA_handle_logger breakpad_mini) diff --git a/common/pkcs11/include/ErrorHSM.h b/common/pkcs11/include/ErrorHSM.h new file mode 100644 index 0000000..83923c7 --- /dev/null +++ b/common/pkcs11/include/ErrorHSM.h @@ -0,0 +1,36 @@ +// Допустимые ошибки при работе с CERTEX HSM +// Ошибки сервера +#define ERR_SRV_BASE 0xFF000000 +#define ERR_BindInProgress (ERR_SRV_BASE+1) // Процесс аутентификации не завершен. Требуются дополнительные данные +#define ERR_InvalidCredentials (ERR_SRV_BASE+2) // Ошибочные имя или пароль +#define ERR_OperationsError (ERR_SRV_BASE+3) // Неизветная операция +#define ERR_ProtocolError (ERR_SRV_BASE+4) // Неверная последовательность команд +#define ERR_SizeLimitExceeded (ERR_SRV_BASE+5) // Объем данных слишком велик +#define ERR_StrongAuthRequired (ERR_SRV_BASE+6) // Для выполнения операции требуется строгая аутентификация +// Ошибки клиента +#define ERROR_BASE 0xFF008000 +#define ERROR_CONNECT_TO_SERVER (ERROR_BASE+1) // Ошибка подключения к HSM +#define ERROR_SSL_HANDLE (ERROR_BASE+2) // Не создан SSL-контекст (возможно ошибка настроек SSL) +#define ERROR_SSL_CONNECT (ERROR_BASE+3) // Ошибка SSL-подключения к HSM (неверные ключи, невалидные сертификаты и т.д.) +#define ERROR_DN_CHECK (ERROR_BASE+4) // Ошибка DN-имени владельца сертификата +#define ERROR_SEND_REQUEST (ERROR_BASE+5) // Ошибка отправки запроса команды +#define ERROR_RECV_RESPONSE (ERROR_BASE+6) // Ошибка получения ответа команды +#define ERROR_BAD_RESPONSE (ERROR_BASE+7) // Ошибочный формат данных ответа +#define ERROR_INVALID_PARAM (ERROR_BASE+8) // Ошибка в параметрах команд +#define ERROR_BIND (ERROR_BASE+9) // Ошибка выполнения команды Bind (запрос на соединение) +#define ERROR_CONFIG_LOAD (ERROR_BASE+10) // Ошибка загрузки/чтения файла конфигурации +// Дополнительные коды ошибок +#define ERR_SSL_PARAM 40 - FF008028 +#define ERR_SSL_CREATE_CTX 41 - FF008029 +#define ERR_SSL_SET_OPTION 42 - FF00802A +#define ERR_SSL_SET_CERT_CA 43 - FF00802B +#define ERR_SSL_SET_CERT_MY 44 - FF00802C +#define ERR_SSL_SET_PKEY 45 - FF00802D +#define ERR_SSL_SESSION_CLOSE 47 - FF00802F +#define ERR_SSL_CONNECT 48 - FF008030 +#define ERR_SSL_ACCEPT 49 - FF008031 +#define ERR_SSL_CREATE_SSL 50 - FF008032 +#define ERR_SSL_SET_FD 51 - FF008033 +#define ERR_SSL_IO 52 - FF008034 +#define ERR_SSL_LOAD_LIB 53 - FF008035 +#define ERR_SSL_CHECK_PKEY 54 - FF008036 \ No newline at end of file diff --git a/common/rt/include/pkcs11.h b/common/pkcs11/include/pkcs11.h similarity index 99% rename from common/rt/include/pkcs11.h rename to common/pkcs11/include/pkcs11.h index 26c959f..6c61220 100644 --- a/common/rt/include/pkcs11.h +++ b/common/pkcs11/include/pkcs11.h @@ -223,9 +223,7 @@ extern "C" { /* All the various Cryptoki types and #define'd values are in the * file pkcs11t.h. */ -#pragma pack(push, cryptoki, 1) - #include "pkcs11t.h" -#pragma pack(pop, cryptoki) +#include "pkcs11t.h" #define __PASTE(x,y) x##y diff --git a/common/rt/include/pkcs11f.h b/common/pkcs11/include/pkcs11f.h similarity index 100% rename from common/rt/include/pkcs11f.h rename to common/pkcs11/include/pkcs11f.h diff --git a/common/rt/include/pkcs11g.h b/common/pkcs11/include/pkcs11g.h similarity index 100% rename from common/rt/include/pkcs11g.h rename to common/pkcs11/include/pkcs11g.h diff --git a/common/rt/include/pkcs11t.h b/common/pkcs11/include/pkcs11t.h similarity index 96% rename from common/rt/include/pkcs11t.h rename to common/pkcs11/include/pkcs11t.h index 25f687f..14ac456 100644 --- a/common/rt/include/pkcs11t.h +++ b/common/pkcs11/include/pkcs11t.h @@ -270,8 +270,17 @@ typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR; /* CK_SESSION_HANDLE is a Cryptoki-assigned value that * identifies a session */ -typedef CK_ULONG CK_SESSION_HANDLE; - +#ifdef WIN64 +typedef unsigned long long CK_SESSION_HANDLE; +typedef unsigned long long CK_SESSION_HANDLE_64; +#else +typedef CK_ULONG CK_SESSION_HANDLE; +#ifdef _OLD_HSM_VERSION +typedef unsigned long CK_SESSION_HANDLE_64; +#else +typedef unsigned long long CK_SESSION_HANDLE_64; +#endif +#endif typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR; @@ -319,7 +328,17 @@ typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR; /* CK_OBJECT_HANDLE is a token-specific identifier for an * object */ -typedef CK_ULONG CK_OBJECT_HANDLE; +#ifdef WIN64 +typedef unsigned long long CK_OBJECT_HANDLE; +typedef unsigned long long CK_OBJECT_HANDLE_64; +#else +typedef CK_ULONG CK_OBJECT_HANDLE; +#ifdef _OLD_HSM_VERSION +typedef unsigned long CK_OBJECT_HANDLE_64; +#else +typedef unsigned long long CK_OBJECT_HANDLE_64; +#endif +#endif typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR; @@ -603,6 +622,7 @@ typedef CK_ULONG CK_ATTRIBUTE_TYPE; /* CK_ATTRIBUTE is a structure that includes the type, length * and value of an attribute */ +//#pragma pack (push, 8) typedef struct CK_ATTRIBUTE { CK_ATTRIBUTE_TYPE type; CK_VOID_PTR pValue; @@ -610,6 +630,7 @@ typedef struct CK_ATTRIBUTE { /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */ CK_ULONG ulValueLen; /* in bytes */ } CK_ATTRIBUTE; +//#pragma pack (pop) typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR; @@ -1883,27 +1904,37 @@ typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR; /* Key Gost */ -#define CKK_CERTEX_DEFINED (CKK_VENDOR_DEFINED + 0x0E000000) // = 0x8E000000 +#define CKK_CERTEX_DEFINED (CKK_VENDOR_DEFINED + 0x0E000000) // = 0x8E000000 /* GOST 28147.89 */ -#define CKK_CERTEX_GOST_28147_89 (CKK_CERTEX_DEFINED + 0x00000001) +#define CKK_CERTEX_GOST_28147_89 (CKK_CERTEX_DEFINED + 0x00000001) /* RDS - GOST R 34.10-2001 */ -#define CKK_CERTEX_RDS (CKK_CERTEX_DEFINED + 0x00000002) +#define CKK_CERTEX_RDS (CKK_CERTEX_DEFINED + 0x00000002) /* Atributes Gost*/ -#define CKA_CERTEX_DEFINED (CKA_VENDOR_DEFINED + 0x0E000000) // = 0x8E000000 -#define CKA_CERTEX_RDS_TYPE (CKA_CERTEX_DEFINED + 0x00000011) +#define CKA_CERTEX_DEFINED (CKA_VENDOR_DEFINED + 0x0E000000) // = 0x8E000000 +#define CKA_CERTEX_RDS_TYPE (CKA_CERTEX_DEFINED + 0x00000011) /* Mechanisms Gost*/ -#define CKM_CERTEX_DEFINED (CKM_VENDOR_DEFINED + 0x0E000000) // = 0x8E000000 +#define CKM_CERTEX_DEFINED (CKM_VENDOR_DEFINED + 0x0E000000) // = 0x8E000000 /* GOST 28147.89 */ -#define CKM_CERTEX_GOST_28147_89_KEY_GEN (CKM_CERTEX_DEFINED + 0x00000000) -#define CKM_CERTEX_GOST_28147_89 (CKM_CERTEX_DEFINED + 0x00000001) -#define CKM_CERTEX_GOST_28147_89_MAC (CKM_CERTEX_DEFINED + 0x00000002) +#define CKM_CERTEX_GOST_28147_89_KEY_GEN (CKM_CERTEX_DEFINED + 0x00000000) +#define CKM_CERTEX_GOST_28147_89 (CKM_CERTEX_DEFINED + 0x00000001) +#define CKM_CERTEX_GOST_28147_89_MAC (CKM_CERTEX_DEFINED + 0x00000002) /* Hash for GOST R 34.11-94 */ -#define CKM_CERTEX_GOSTR3411 (CKM_CERTEX_DEFINED + 0x0000000A) +#define CKM_CERTEX_GOSTR3411 (CKM_CERTEX_DEFINED + 0x0000000A) +#define CKM_CERTEX_GOSTR3411_2012_32 (CKM_CERTEX_DEFINED + 0x00000010) +#define CKM_CERTEX_GOSTR3411_2012_64 (CKM_CERTEX_DEFINED + 0x00000011) /* GOST R 34.10-2001 keypair generation mechanism */ -#define CKM_CERTEX_GOSTR3410_2001_KEY_PAIR_GEN (CKM_CERTEX_DEFINED + 0x0000000B) +#define CKM_CERTEX_GOSTR3410_2001_KEY_PAIR_GEN (CKM_CERTEX_DEFINED + 0x0000000B) +#define CKM_CERTEX_GOSTR3410_2012_KEY_PAIR_GEN (CKM_CERTEX_DEFINED + 0x00000012) /* GOST R 34.10-2001 'raw' mechanism */ -#define CKM_CERTEX_GOSTR3410_2001 (CKM_CERTEX_DEFINED + 0x0000000C) +#define CKM_CERTEX_GOSTR3410_2001 (CKM_CERTEX_DEFINED + 0x0000000C) +#define CKM_CERTEX_GOSTR3410_2012 (CKM_CERTEX_DEFINED + 0x00000013) /* GOST R 34.11-94 hash with GOST R 34.10-2001 mechanism */ -#define CKM_CERTEX_GOSTR3411_94_GOSTR3410_2001 (CKM_CERTEX_DEFINED + 0x0000000D) +#define CKM_CERTEX_GOSTR3411_94_GOSTR3410_2001 (CKM_CERTEX_DEFINED + 0x0000000D) +#define CKM_CERTEX_GOSTR3411_GOSTR3410_2012 (CKM_CERTEX_DEFINED + 0x00000014) +#define CKM_CERTEX_GOSTR3411_2012_GOSTR3410_2001 (CKM_CERTEX_DEFINED + 0x00000015) + +#define CKM_CERTEX_DES_X919_MAC (CKM_CERTEX_DEFINED + 0x00000004) +#define CKM_CERTEX_DES_X919_MAC_GENERAL (CKM_CERTEX_DEFINED + 0x00000005) + #endif diff --git a/common/pkcs11/include/rlib_load.h b/common/pkcs11/include/rlib_load.h new file mode 100644 index 0000000..ba903fe --- /dev/null +++ b/common/pkcs11/include/rlib_load.h @@ -0,0 +1,139 @@ +//------------------------------------------------------------------------------ +// RCSP Project +// Copyright (c) 2007 Scientific Lab. Gamma Technologies. All rights reserved. +// +// R-CSP/R-PKCS11 LIB Loader +//------------------------------------------------------------------------------ +#ifndef __RLIB_LOAD_H +#define __RLIB_LOAD_H +//------------------------------------------------------------------------------ +#define LOADLIBRARY +//------------------------------------------------------------------------------ +#ifndef CK_PTR +#define CK_PTR * +#endif +#ifndef NULL_PTR +#define NULL_PTR 0 +#endif +#ifndef CK_CALLBACK_FUNCTION +#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name) +#endif +#ifndef CK_DEFINE_FUNCTION +#define CK_DEFINE_FUNCTION(returnType, name) returnType name +#endif +#ifndef CK_DECLARE_FUNCTION +#define CK_DECLARE_FUNCTION(returnType, name) returnType name +#endif +#ifndef CK_DECLARE_FUNCTION_POINTER +#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name) +#endif + +#pragma pack(push, cryptoki, 1) +#include "pkcs11.h" +#pragma pack(pop, cryptoki) +//------------------------------------------------------------------------------ +#ifdef WIND32 +#define CSP_REGKEY "SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Tumar CSP" +#define CAPI_LIB_PATH "" +#define PKCS_LIB_PATH "" +#else +#ifdef USE_CRITICAL_SECTION +#if defined HPXX +#define CAPI_LIB_PATH "/usr/lib/libcertex-csp.1.0.0_r.sl" +#define PKCS_LIB_PATH "/usr/lib/libcertex-pkcs11.1.0.0_r.sl" +#elif defined DEC64 +#define CAPI_LIB_PATH "/usr/shlib/libcertex-csp.1.0.0_r.so" +#define PKCS_LIB_PATH "/usr/shlib/libcertex-pkcs11.1.0.0_r.so" +#else +#define CAPI_LIB_PATH "/lib/libcertex-csp_r.so.1.0.0" +#define PKCS_LIB_PATH "/lib/libcertex-pkcs11_r.so.1.0.0" +#endif +#else +#if defined HPXX +#define CAPI_LIB_PATH "/usr/lib/libcertex-csp.1.0.0.sl" +#define PKCS_LIB_PATH "/usr/lib/libcertex-pkcs11.1.0.0.sl" +#elif defined DEC64 +#define CAPI_LIB_PATH "/usr/shlib/libcertex-csp.1.0.0.so" +#define PKCS_LIB_PATH "/usr/shlib/libcertex-pkcs11.1.0.0.so" +#else +#define CAPI_LIB_PATH "/lib/libcertex-csp.so.1.0.0" +#define PKCS_LIB_PATH "/lib/libcertex-pkcs11.so.1.0.0" +#endif +#endif +#endif +//------------------------------------------------------------------------------ +int LoadPkcsLib (char *dllpkcs); +void FreePkcsLib(void); +int do_GetFunctionList( void ); +//------------------------------------------------------------------------------ + +extern CK_C_Initialize FC_Initialize; +extern CK_C_Finalize FC_Finalize; +extern CK_C_GetInfo FC_GetInfo; +extern CK_C_GetFunctionList FC_GetFunctionList; +extern CK_C_GetSlotList FC_GetSlotList; +extern CK_C_GetSlotInfo FC_GetSlotInfo; +extern CK_C_GetTokenInfo FC_GetTokenInfo; +extern CK_C_GetMechanismList FC_GetMechanismList; +extern CK_C_GetMechanismInfo FC_GetMechanismInfo; +extern CK_C_InitToken FC_InitToken; +extern CK_C_InitPIN FC_InitPIN; +extern CK_C_SetPIN FC_SetPIN; +extern CK_C_OpenSession FC_OpenSession; +extern CK_C_CloseSession FC_CloseSession; +extern CK_C_CloseAllSessions FC_CloseAllSessions; +extern CK_C_GetSessionInfo FC_GetSessionInfo; +extern CK_C_GetOperationState FC_GetOperationState; +extern CK_C_SetOperationState FC_SetOperationState; +extern CK_C_Login FC_Login; +extern CK_C_Logout FC_Logout; +extern CK_C_CreateObject FC_CreateObject; +extern CK_C_CopyObject FC_CopyObject; +extern CK_C_DestroyObject FC_DestroyObject; +extern CK_C_GetObjectSize FC_GetObjectSize; +extern CK_C_GetAttributeValue FC_GetAttributeValue; +extern CK_C_SetAttributeValue FC_SetAttributeValue; +extern CK_C_FindObjectsInit FC_FindObjectsInit; +extern CK_C_FindObjects FC_FindObjects; +extern CK_C_FindObjectsFinal FC_FindObjectsFinal; +extern CK_C_EncryptInit FC_EncryptInit; +extern CK_C_Encrypt FC_Encrypt; +extern CK_C_EncryptUpdate FC_EncryptUpdate; +extern CK_C_EncryptFinal FC_EncryptFinal; +extern CK_C_DecryptInit FC_DecryptInit; +extern CK_C_Decrypt FC_Decrypt; +extern CK_C_DecryptUpdate FC_DecryptUpdate; +extern CK_C_DecryptFinal FC_DecryptFinal; +extern CK_C_DigestInit FC_DigestInit; +extern CK_C_Digest FC_Digest; +extern CK_C_DigestUpdate FC_DigestUpdate; +extern CK_C_DigestKey FC_DigestKey; +extern CK_C_DigestFinal FC_DigestFinal; +extern CK_C_SignInit FC_SignInit; +extern CK_C_Sign FC_Sign; +extern CK_C_SignUpdate FC_SignUpdate; +extern CK_C_SignFinal FC_SignFinal; +extern CK_C_SignRecoverInit FC_SignRecoverInit; +extern CK_C_SignRecover FC_SignRecover; +extern CK_C_VerifyInit FC_VerifyInit; +extern CK_C_Verify FC_Verify; +extern CK_C_VerifyUpdate FC_VerifyUpdate; +extern CK_C_VerifyFinal FC_VerifyFinal; +extern CK_C_VerifyRecoverInit FC_VerifyRecoverInit; +extern CK_C_VerifyRecover FC_VerifyRecover; +extern CK_C_DigestEncryptUpdate FC_DigestEncryptUpdate; +extern CK_C_DecryptDigestUpdate FC_DecryptDigestUpdate; +extern CK_C_SignEncryptUpdate FC_SignEncryptUpdate; +extern CK_C_DecryptVerifyUpdate FC_DecryptVerifyUpdate; +extern CK_C_GenerateKey FC_GenerateKey; +extern CK_C_GenerateKeyPair FC_GenerateKeyPair; +extern CK_C_WrapKey FC_WrapKey; +extern CK_C_UnwrapKey FC_UnwrapKey; +extern CK_C_DeriveKey FC_DeriveKey; +extern CK_C_SeedRandom FC_SeedRandom; +extern CK_C_GenerateRandom FC_GenerateRandom; +extern CK_C_GetFunctionStatus FC_GetFunctionStatus; +extern CK_C_CancelFunction FC_CancelFunction; +extern CK_C_WaitForSlotEvent FC_WaitForSlotEvent; +//------------------------------------------------------------------------------ +#endif diff --git a/common/pkcs11/include/tdefs.h b/common/pkcs11/include/tdefs.h new file mode 100644 index 0000000..90bf049 --- /dev/null +++ b/common/pkcs11/include/tdefs.h @@ -0,0 +1,208 @@ +//------------------------------------------------------------------------------ +// ALL Projects +// Copyright (c) 2010 Scientific Lab. Gamma Technologies. All rights reserved. +//------------------------------------------------------------------------------ +#ifndef __TDEFS_H +#define __TDEFS_H +//------------------------------------------------------------------------------ +#undef LINUX32 +#undef LINUX64 +#undef LINUXXX +#undef DEC64 +#undef WIND32 +#undef WIND64 +#undef WINDXX +#undef SPARC32 +#undef SPARC64 +#undef SPARCXX +#undef AIX32 +#undef AIX64 +#undef AIXXX +#undef HP32 +#undef HP64 +#undef HPXX +//------------------------------------------------------------------------------ +#if defined(WIN32) || defined(__WIN32__) +#if !defined(_WIN32) +#define _WIN32 +#endif +#endif +// +#if defined(WIN64) || defined(__WIN64__) +#if !defined(_WIN64) +#define _WIN64 +#endif +#endif +//------------------------------------------------------------------------------ +#if defined(__gnu_linux__) || defined(__linux__) + #define LINUXXX + #if defined(__x86_64__) || defined(__x86_64) || defined(__amd64__) + #define LINUX64 + #else + #define LINUX32 + #endif +#elif defined(_WIN32) || defined(_WIN64) + #define WIND32 + #define WINDXX + #ifdef _WIN64 + #define WIND64 + #endif +#elif defined(__alpha) && defined(__arch64__) + #define DEC64 +#elif __sparc__ + #define SPARCXX + #ifdef FORCE32 + #define SPARC32 + #else + #define SPARC64 + #endif +#elif _AIX + #define AIXXX + #ifdef FORCE32 + #define AIX32 + #else + #define AIX64 + #endif +#else // __hpux + #define HPXX + #ifdef FORCE32 + #define HP32 + #else + #define HP64 + #endif +#endif +//------------------------------------------------------------------------------ +#ifdef WINDXX + #ifndef _MT + #define _MT + #endif +// #include + #define SLASH '\\' +#else + #ifdef PTHREAD + #include + #endif + #define SLASH '/' +#endif +//------------------------------------------------------------------------------ +#if defined DEC64 + #define _BSD +#endif +//------------------------------------------------------------------------------ +#if defined WINDXX + #define RANG32 + #define INVERT + typedef __int64 long64; + typedef unsigned __int64 ulong64; +#elif defined LINUX32 + #define RANG32 + #define INVERT + typedef long long long64; + typedef unsigned long long ulong64; +#elif defined LINUX64 + #define RANG64 + #define INVERT + typedef long long64; + typedef unsigned long ulong64; +#elif defined DEC64 + #define RANG64 + #define INVERT + typedef long long64; + typedef unsigned long ulong64; +#elif defined SPARC32 + #define RANG32 + #define DIRECT + typedef long long long64; + typedef unsigned long long ulong64; +#elif defined SPARC64 + #define RANG64 + #define DIRECT + typedef long long64; + typedef unsigned long ulong64; +#elif defined HP32 + #define RANG32 + #define DIRECT + typedef long long long64; + typedef unsigned long long ulong64; +#elif defined HP64 + #define RANG64 + #define DIRECT + typedef long long64; + typedef unsigned long ulong64; +#elif defined AIX32 + #define RANG32 + #define DIRECT + typedef long long long64; + typedef unsigned long long ulong64; +#elif defined AIX64 + #define RANG64 + #define DIRECT + typedef long long64; + typedef unsigned long ulong64; +#endif +//------------------------------------------------------------------------------ +#if defined(RANG32) && !defined(WIND64) + typedef long long32; + typedef unsigned long ulong32; +#else + typedef int long32; + typedef unsigned int ulong32; +#endif + typedef unsigned short int UINT2; + typedef unsigned int UINT4; + typedef ulong64 UINT8; +//------------------------------------------------------------------------------ +#if defined INVERT + #define I0 0 + #define I1 1 + #define C0 0 + #define C1 1 + #define C2 2 + #define C3 3 +#elif defined DIRECT + #define I0 1 + #define I1 0 + #define C0 3 + #define C1 2 + #define C2 1 + #define C3 0 +#endif +//------------------------------------------------------------------------------ +#ifndef drct_i +#define drct_i(i) i=((i>>8)|(i<<8)) +#endif +#ifndef drct_l +#define drct_l(l) l=(((l<<24)|(l>>8))&0xFF00FF00)|(((l<<8)|(l>>24))&0x00FF00FF) +#endif +//------------------------------------------------------------------------------ +#if defined WINDXX + // необходимые типы unix вида + typedef int pid_t; + // приведение имен run time libc к unix виду + // функции + #define getpid _getpid + #define mkdir _mkdir + #define open _open + #define creat _creat + #define close _close + #define write _write + #define read _read + #define unlink _unlink + #define chmod _chmod + #define utime _utime + #define itoa _itoa + // флаги + #define O_CREAT _O_CREAT + #define O_RDWR _O_RDWR + #define O_EXCL _O_EXCL + #define O_WRONLY _O_WRONLY + #define O_TRUNC _O_TRUNC + #define S_IREAD _S_IREAD + #define S_IWRITE _S_IWRITE + #if defined WIND64 + #define _CRT_SECURE_NO_WARNINGS + #define strdup _strdup + #endif +#endif +//------------------------------------------------------------------------------ +#endif diff --git a/common/pkcs11/src/rlib_load.cpp b/common/pkcs11/src/rlib_load.cpp new file mode 100644 index 0000000..e63e973 --- /dev/null +++ b/common/pkcs11/src/rlib_load.cpp @@ -0,0 +1,344 @@ +//------------------------------------------------------------------------------ +// RCSP Project +// Copyright (c) 2007 Scientific Lab. Gamma Technologies. All rights reserved. +// +// R-CSP/R-PKCS11 LIB Loader +//------------------------------------------------------------------------------ +#include "tdefs.h" +#include +#include +#ifdef WIND32 +#include +#else +#include +#include +#include +#endif +#include "rlib_load.h" + +#ifndef WIND32 +typedef void* HINSTANCE; +#endif +//------------------------------------------------------------------------------ +#ifndef F_CPAcquireContext +#define F_CPAcquireContext 1 +#define F_CPGetProvParam 2 +#define F_CPReleaseContext 3 +#define F_CPSetProvParam 4 +#define F_CPDeriveKey 5 +#define F_CPDestroyKey 6 +#define F_CPDuplicateKey 7 +#define F_CPExportKey 8 +#define F_CPGenKey 9 +#define F_CPGenRandom 10 +#define F_CPGetKeyParam 11 +#define F_CPGetUserKey 12 +#define F_CPImportKey 13 +#define F_CPSetKeyParam 14 +#define F_CPDecrypt 15 +#define F_CPEncrypt 16 +#define F_CPCreateHash 17 +#define F_CPDestroyHash 18 +#define F_CPDuplicateHash 19 +#define F_CPGetHashParam 20 +#define F_CPHashData 21 +#define F_CPHashSessionKey 22 +#define F_CPSetHashParam 23 +#define F_CPSignHash 24 +#define F_CPVerifySignature 25 +#endif +//------------------------------------------------------------------------------ +#ifndef F_Initialize +#define F_Initialize 31 +#define F_Finalize 32 +#define F_GetInfo 33 +#define F_GetFunctionList 34 +#define F_GetSlotList 35 +#define F_GetSlotInfo 36 +#define F_GetTokenInfo 37 +#define F_GetMechanismList 38 +#define F_GetMechanismInfo 39 +#define F_InitToken 40 +#define F_InitPIN 41 +#define F_SetPIN 42 +#define F_OpenSession 43 +#define F_CloseSession 44 +#define F_CloseAllSessions 45 +#define F_GetSessionInfo 46 +#define F_GetOperationState 47 +#define F_SetOperationState 48 +#define F_Login 49 +#define F_Logout 50 +#define F_CreateObject 51 +#define F_CopyObject 52 +#define F_DestroyObject 53 +#define F_GetObjectSize 54 +#define F_GetAttributeValue 55 +#define F_SetAttributeValue 56 +#define F_FindObjectsInit 57 +#define F_FindObjects 58 +#define F_FindObjectsFinal 59 +#define F_EncryptInit 60 +#define F_Encrypt 61 +#define F_EncryptUpdate 62 +#define F_EncryptFinal 63 +#define F_DecryptInit 64 +#define F_Decrypt 65 +#define F_DecryptUpdate 66 +#define F_DecryptFinal 67 +#define F_DigestInit 68 +#define F_Digest 69 +#define F_DigestUpdate 70 +#define F_DigestKey 71 +#define F_DigestFinal 72 +#define F_SignInit 73 +#define F_Sign 74 +#define F_SignUpdate 75 +#define F_SignFinal 76 +#define F_SignRecoverInit 77 +#define F_SignRecover 78 +#define F_VerifyInit 79 +#define F_Verify 80 +#define F_VerifyUpdate 81 +#define F_VerifyFinal 82 +#define F_VerifyRecoverInit 83 +#define F_VerifyRecover 84 +#define F_DigestEncryptUpdate 85 +#define F_DecryptDigestUpdate 86 +#define F_SignEncryptUpdate 87 +#define F_DecryptVerifyUpdate 88 +#define F_GenerateKey 89 +#define F_GenerateKeyPair 90 +#define F_WrapKey 91 +#define F_UnwrapKey 92 +#define F_DeriveKey 93 +#define F_SeedRandom 94 +#define F_GenerateRandom 95 +#define F_GetFunctionStatus 96 +#define F_CancelFunction 97 +#define F_WaitForSlotEvent 98 +#endif + + +//------------------------------------------------------------------------------ +CK_C_Initialize FC_Initialize; +CK_C_Finalize FC_Finalize; +CK_C_GetInfo FC_GetInfo; +CK_C_GetFunctionList FC_GetFunctionList; +CK_C_GetSlotList FC_GetSlotList; +CK_C_GetSlotInfo FC_GetSlotInfo; +CK_C_GetTokenInfo FC_GetTokenInfo; +CK_C_GetMechanismList FC_GetMechanismList; +CK_C_GetMechanismInfo FC_GetMechanismInfo; +CK_C_InitToken FC_InitToken; +CK_C_InitPIN FC_InitPIN; +CK_C_SetPIN FC_SetPIN; +CK_C_OpenSession FC_OpenSession; +CK_C_CloseSession FC_CloseSession; +CK_C_CloseAllSessions FC_CloseAllSessions; +CK_C_GetSessionInfo FC_GetSessionInfo; +CK_C_GetOperationState FC_GetOperationState; +CK_C_SetOperationState FC_SetOperationState; +CK_C_Login FC_Login; +CK_C_Logout FC_Logout; +CK_C_CreateObject FC_CreateObject; +CK_C_CopyObject FC_CopyObject; +CK_C_DestroyObject FC_DestroyObject; +CK_C_GetObjectSize FC_GetObjectSize; +CK_C_GetAttributeValue FC_GetAttributeValue; +CK_C_SetAttributeValue FC_SetAttributeValue; +CK_C_FindObjectsInit FC_FindObjectsInit; +CK_C_FindObjects FC_FindObjects; +CK_C_FindObjectsFinal FC_FindObjectsFinal; +CK_C_EncryptInit FC_EncryptInit; +CK_C_Encrypt FC_Encrypt; +CK_C_EncryptUpdate FC_EncryptUpdate; +CK_C_EncryptFinal FC_EncryptFinal; +CK_C_DecryptInit FC_DecryptInit; +CK_C_Decrypt FC_Decrypt; +CK_C_DecryptUpdate FC_DecryptUpdate; +CK_C_DecryptFinal FC_DecryptFinal; +CK_C_DigestInit FC_DigestInit; +CK_C_Digest FC_Digest; +CK_C_DigestUpdate FC_DigestUpdate; +CK_C_DigestKey FC_DigestKey; +CK_C_DigestFinal FC_DigestFinal; +CK_C_SignInit FC_SignInit; +CK_C_Sign FC_Sign; +CK_C_SignUpdate FC_SignUpdate; +CK_C_SignFinal FC_SignFinal; +CK_C_SignRecoverInit FC_SignRecoverInit; +CK_C_SignRecover FC_SignRecover; +CK_C_VerifyInit FC_VerifyInit; +CK_C_Verify FC_Verify; +CK_C_VerifyUpdate FC_VerifyUpdate; +CK_C_VerifyFinal FC_VerifyFinal; +CK_C_VerifyRecoverInit FC_VerifyRecoverInit; +CK_C_VerifyRecover FC_VerifyRecover; +CK_C_DigestEncryptUpdate FC_DigestEncryptUpdate; +CK_C_DecryptDigestUpdate FC_DecryptDigestUpdate; +CK_C_SignEncryptUpdate FC_SignEncryptUpdate; +CK_C_DecryptVerifyUpdate FC_DecryptVerifyUpdate; +CK_C_GenerateKey FC_GenerateKey; +CK_C_GenerateKeyPair FC_GenerateKeyPair; +CK_C_WrapKey FC_WrapKey; +CK_C_UnwrapKey FC_UnwrapKey; +CK_C_DeriveKey FC_DeriveKey; +CK_C_SeedRandom FC_SeedRandom; +CK_C_GenerateRandom FC_GenerateRandom; +CK_C_GetFunctionStatus FC_GetFunctionStatus; +CK_C_CancelFunction FC_CancelFunction; +CK_C_WaitForSlotEvent FC_WaitForSlotEvent; +//------------------------------------------------------------------------------ +HINSTANCE load_lib(char *lib) +{ +#ifdef WIND32 + return LoadLibrary(lib); +#else + return dlopen(lib,RTLD_LAZY); +#endif +} +//------------------------------------------------------------------------------ +void* get_sym(HINSTANCE inst, const char *proc) +{ +#ifdef WIND32 + return (void*) GetProcAddress(inst,proc); +#else + return dlsym(inst,proc); +#endif +} +//------------------------------------------------------------------------------ +void free_lib(HINSTANCE inst) +{ +#ifdef WIND32 + FreeLibrary(inst); +#else + dlclose(inst); +#endif +} +//------------------------------------------------------------------------------ +int Get_PKCS_Fancs(HINSTANCE hLib) +{ + FC_Initialize =(CK_C_Initialize ) get_sym(hLib,"C_Initialize" ); if (!FC_Initialize ) return F_Initialize; + FC_Finalize =(CK_C_Finalize ) get_sym(hLib,"C_Finalize" ); if (!FC_Finalize ) return F_Finalize; + FC_GetInfo =(CK_C_GetInfo ) get_sym(hLib,"C_GetInfo" ); if (!FC_GetInfo ) return F_GetInfo; + FC_GetFunctionList =(CK_C_GetFunctionList ) get_sym(hLib,"C_GetFunctionList" ); if (!FC_GetFunctionList ) return F_GetFunctionList; + FC_GetSlotList =(CK_C_GetSlotList ) get_sym(hLib,"C_GetSlotList" ); if (!FC_GetSlotList ) return F_GetSlotList; + FC_GetSlotInfo =(CK_C_GetSlotInfo ) get_sym(hLib,"C_GetSlotInfo" ); if (!FC_GetSlotInfo ) return F_GetSlotInfo; + FC_GetTokenInfo =(CK_C_GetTokenInfo ) get_sym(hLib,"C_GetTokenInfo" ); if (!FC_GetTokenInfo ) return F_GetTokenInfo; + FC_GetMechanismList =(CK_C_GetMechanismList ) get_sym(hLib,"C_GetMechanismList" ); if (!FC_GetMechanismList ) return F_GetMechanismList; + FC_GetMechanismInfo =(CK_C_GetMechanismInfo ) get_sym(hLib,"C_GetMechanismInfo" ); if (!FC_GetMechanismInfo ) return F_GetMechanismInfo; + FC_InitToken =(CK_C_InitToken ) get_sym(hLib,"C_InitToken" ); if (!FC_InitToken ) return F_InitToken; + FC_InitPIN =(CK_C_InitPIN ) get_sym(hLib,"C_InitPIN" ); if (!FC_InitPIN ) return F_InitPIN; + FC_SetPIN =(CK_C_SetPIN ) get_sym(hLib,"C_SetPIN" ); if (!FC_SetPIN ) return F_SetPIN; + FC_OpenSession =(CK_C_OpenSession ) get_sym(hLib,"C_OpenSession" ); if (!FC_OpenSession ) return F_OpenSession; + FC_CloseSession =(CK_C_CloseSession ) get_sym(hLib,"C_CloseSession" ); if (!FC_CloseSession ) return F_CloseSession; + FC_CloseAllSessions =(CK_C_CloseAllSessions ) get_sym(hLib,"C_CloseAllSessions" ); if (!FC_CloseAllSessions ) return F_CloseAllSessions; + FC_GetSessionInfo =(CK_C_GetSessionInfo ) get_sym(hLib,"C_GetSessionInfo" ); if (!FC_GetSessionInfo ) return F_GetSessionInfo; + FC_GetOperationState =(CK_C_GetOperationState ) get_sym(hLib,"C_GetOperationState" ); if (!FC_GetOperationState ) return F_GetOperationState; + FC_SetOperationState =(CK_C_SetOperationState ) get_sym(hLib,"C_SetOperationState" ); if (!FC_SetOperationState ) return F_SetOperationState; + FC_Login =(CK_C_Login ) get_sym(hLib,"C_Login" ); if (!FC_Login ) return F_Login; + FC_Logout =(CK_C_Logout ) get_sym(hLib,"C_Logout" ); if (!FC_Logout ) return F_Logout; + FC_CreateObject =(CK_C_CreateObject ) get_sym(hLib,"C_CreateObject" ); if (!FC_CreateObject ) return F_CreateObject; + FC_CopyObject =(CK_C_CopyObject ) get_sym(hLib,"C_CopyObject" ); if (!FC_CopyObject ) return F_CopyObject; + FC_DestroyObject =(CK_C_DestroyObject ) get_sym(hLib,"C_DestroyObject" ); if (!FC_DestroyObject ) return F_DestroyObject; + FC_GetObjectSize =(CK_C_GetObjectSize ) get_sym(hLib,"C_GetObjectSize" ); if (!FC_GetObjectSize ) return F_GetObjectSize; + FC_GetAttributeValue =(CK_C_GetAttributeValue ) get_sym(hLib,"C_GetAttributeValue" ); if (!FC_GetAttributeValue ) return F_GetAttributeValue; + FC_SetAttributeValue =(CK_C_SetAttributeValue ) get_sym(hLib,"C_SetAttributeValue" ); if (!FC_SetAttributeValue ) return F_SetAttributeValue; + FC_FindObjectsInit =(CK_C_FindObjectsInit ) get_sym(hLib,"C_FindObjectsInit" ); if (!FC_FindObjectsInit ) return F_FindObjectsInit; + FC_FindObjects =(CK_C_FindObjects ) get_sym(hLib,"C_FindObjects" ); if (!FC_FindObjects ) return F_FindObjects; + FC_FindObjectsFinal =(CK_C_FindObjectsFinal ) get_sym(hLib,"C_FindObjectsFinal" ); if (!FC_FindObjectsFinal ) return F_FindObjectsFinal; + FC_EncryptInit =(CK_C_EncryptInit ) get_sym(hLib,"C_EncryptInit" ); if (!FC_EncryptInit ) return F_EncryptInit; + FC_Encrypt =(CK_C_Encrypt ) get_sym(hLib,"C_Encrypt" ); if (!FC_Encrypt ) return F_Encrypt; + FC_EncryptUpdate =(CK_C_EncryptUpdate ) get_sym(hLib,"C_EncryptUpdate" ); if (!FC_EncryptUpdate ) return F_EncryptUpdate; + FC_EncryptFinal =(CK_C_EncryptFinal ) get_sym(hLib,"C_EncryptFinal" ); if (!FC_EncryptFinal ) return F_EncryptFinal; + FC_DecryptInit =(CK_C_DecryptInit ) get_sym(hLib,"C_DecryptInit" ); if (!FC_DecryptInit ) return F_DecryptInit; + FC_Decrypt =(CK_C_Decrypt ) get_sym(hLib,"C_Decrypt" ); if (!FC_Decrypt ) return F_Decrypt; + FC_DecryptUpdate =(CK_C_DecryptUpdate ) get_sym(hLib,"C_DecryptUpdate" ); if (!FC_DecryptUpdate ) return F_DecryptUpdate; + FC_DecryptFinal =(CK_C_DecryptFinal ) get_sym(hLib,"C_DecryptFinal" ); if (!FC_DecryptFinal ) return F_DecryptFinal; + FC_DigestInit =(CK_C_DigestInit ) get_sym(hLib,"C_DigestInit" ); if (!FC_DigestInit ) return F_DigestInit; + FC_Digest =(CK_C_Digest ) get_sym(hLib,"C_Digest" ); if (!FC_Digest ) return F_Digest; + FC_DigestUpdate =(CK_C_DigestUpdate ) get_sym(hLib,"C_DigestUpdate" ); if (!FC_DigestUpdate ) return F_DigestUpdate; + FC_DigestKey =(CK_C_DigestKey ) get_sym(hLib,"C_DigestKey" ); if (!FC_DigestKey ) return F_DigestKey; + FC_DigestFinal =(CK_C_DigestFinal ) get_sym(hLib,"C_DigestFinal" ); if (!FC_DigestFinal ) return F_DigestFinal; + FC_SignInit =(CK_C_SignInit ) get_sym(hLib,"C_SignInit" ); if (!FC_SignInit ) return F_SignInit; + FC_Sign =(CK_C_Sign ) get_sym(hLib,"C_Sign" ); if (!FC_Sign ) return F_Sign; + FC_SignUpdate =(CK_C_SignUpdate ) get_sym(hLib,"C_SignUpdate" ); if (!FC_SignUpdate ) return F_SignUpdate; + FC_SignFinal =(CK_C_SignFinal ) get_sym(hLib,"C_SignFinal" ); if (!FC_SignFinal ) return F_SignFinal; + FC_SignRecoverInit =(CK_C_SignRecoverInit ) get_sym(hLib,"C_SignRecoverInit" ); if (!FC_SignRecoverInit ) return F_SignRecoverInit; + FC_SignRecover =(CK_C_SignRecover ) get_sym(hLib,"C_SignRecover" ); if (!FC_SignRecover ) return F_SignRecover; + FC_VerifyInit =(CK_C_VerifyInit ) get_sym(hLib,"C_VerifyInit" ); if (!FC_VerifyInit ) return F_VerifyInit; + FC_Verify =(CK_C_Verify ) get_sym(hLib,"C_Verify" ); if (!FC_Verify ) return F_Verify; + FC_VerifyUpdate =(CK_C_VerifyUpdate ) get_sym(hLib,"C_VerifyUpdate" ); if (!FC_VerifyUpdate ) return F_VerifyUpdate; + FC_VerifyFinal =(CK_C_VerifyFinal ) get_sym(hLib,"C_VerifyFinal" ); if (!FC_VerifyFinal ) return F_VerifyFinal; + FC_VerifyRecoverInit =(CK_C_VerifyRecoverInit ) get_sym(hLib,"C_VerifyRecoverInit" ); if (!FC_VerifyRecoverInit ) return F_VerifyRecoverInit; + FC_VerifyRecover =(CK_C_VerifyRecover ) get_sym(hLib,"C_VerifyRecover" ); if (!FC_VerifyRecover ) return F_VerifyRecover; + FC_DigestEncryptUpdate=(CK_C_DigestEncryptUpdate) get_sym(hLib,"C_DigestEncryptUpdate"); if (!FC_DigestEncryptUpdate) return F_DigestEncryptUpdate; + FC_DecryptDigestUpdate=(CK_C_DecryptDigestUpdate) get_sym(hLib,"C_DecryptDigestUpdate"); if (!FC_DecryptDigestUpdate) return F_DecryptDigestUpdate; + FC_SignEncryptUpdate =(CK_C_SignEncryptUpdate ) get_sym(hLib,"C_SignEncryptUpdate" ); if (!FC_SignEncryptUpdate ) return F_SignEncryptUpdate; + FC_DecryptVerifyUpdate=(CK_C_DecryptVerifyUpdate) get_sym(hLib,"C_DecryptVerifyUpdate"); if (!FC_DecryptVerifyUpdate) return F_DecryptVerifyUpdate; + FC_GenerateKey =(CK_C_GenerateKey ) get_sym(hLib,"C_GenerateKey" ); if (!FC_GenerateKey ) return F_GenerateKey; + FC_GenerateKeyPair =(CK_C_GenerateKeyPair ) get_sym(hLib,"C_GenerateKeyPair" ); if (!FC_GenerateKeyPair ) return F_GenerateKeyPair; + FC_WrapKey =(CK_C_WrapKey ) get_sym(hLib,"C_WrapKey" ); if (!FC_WrapKey ) return F_WrapKey; + FC_UnwrapKey =(CK_C_UnwrapKey ) get_sym(hLib,"C_UnwrapKey" ); if (!FC_UnwrapKey ) return F_UnwrapKey; + FC_DeriveKey =(CK_C_DeriveKey ) get_sym(hLib,"C_DeriveKey" ); if (!FC_DeriveKey ) return F_DeriveKey; + FC_SeedRandom =(CK_C_SeedRandom ) get_sym(hLib,"C_SeedRandom" ); if (!FC_SeedRandom ) return F_SeedRandom; + FC_GenerateRandom =(CK_C_GenerateRandom ) get_sym(hLib,"C_GenerateRandom" ); if (!FC_GenerateRandom ) return F_GenerateRandom; + FC_GetFunctionStatus =(CK_C_GetFunctionStatus ) get_sym(hLib,"C_GetFunctionStatus" ); if (!FC_GetFunctionStatus ) return F_GetFunctionStatus; + FC_CancelFunction =(CK_C_CancelFunction ) get_sym(hLib,"C_CancelFunction" ); if (!FC_CancelFunction ) return F_CancelFunction; + FC_WaitForSlotEvent =(CK_C_WaitForSlotEvent ) get_sym(hLib,"C_WaitForSlotEvent" ); if (!FC_WaitForSlotEvent ) return F_WaitForSlotEvent; + return 0; +} +//------------------------------------------------------------------------------ +HINSTANCE hPkcsLib=NULL; +//------------------------------------------------------------------------------ +#ifdef WIND32 +int GetCapiPath(char *path) +{ + HKEY hKey; + DWORD Disposition,DataSize; + if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,CSP_REGKEY,0,KEY_READ,&hKey)!=ERROR_SUCCESS) return 1; + path[0]=0; DataSize=255; RegQueryValueEx(hKey,"Image Path",0,&Disposition,(BYTE *)path,&DataSize); + RegCloseKey(hKey); + if (!strlen(path)) return 2; + return 0; +} +#else +int GetCapiPath(char *path) {strcpy(path,CAPI_LIB_PATH); return 0;} +#endif +//------------------------------------------------------------------------------ +#ifdef WIND32 +int GetPkcsPath(char *path) + {return GetCapiPath(path);} +#else +int GetPkcsPath(char *path) {strcpy(path,PKCS_LIB_PATH); return 0;} +#endif +//------------------------------------------------------------------------------ +int LoadPkcsLib(char *dllpkcs) +{ + int code; + char path[260]; + if (hPkcsLib) return 0; + if ((dllpkcs)&&(*dllpkcs)) strcpy(path,dllpkcs); + else if (GetPkcsPath(path)) return -1; + hPkcsLib=load_lib(dllpkcs); + if (!hPkcsLib) return -2; + code=Get_PKCS_Fancs(hPkcsLib); + if (code) {free_lib(hPkcsLib); hPkcsLib=NULL;} + return code; +} +//------------------------------------------------------------------------------ +void FreePkcsLib(void) +{ + if (hPkcsLib) {free_lib(hPkcsLib); hPkcsLib=NULL;} +} +//------------------------------------------------------------------------------ +int do_GetFunctionList( void ) +{ + CK_RV rc = 0; + extern CK_FUNCTION_LIST *funcs; + rc=FC_GetFunctionList(&funcs); + if (rc != CKR_OK) {printf ("err %x\n",rc); return rc;} + return 0; +} +//------------------------------------------------------------------------------ diff --git a/common/rt/include/rlib_load.h b/common/rt/include/rlib_load.h deleted file mode 100644 index eb331d5..0000000 --- a/common/rt/include/rlib_load.h +++ /dev/null @@ -1,45 +0,0 @@ -//------------------------------------------------------------------------------ -// RCSP Project -// Copyright (c) 2007 Scientific Lab. Gamma Technologies. All rights reserved. -// -// R-CSP/R-PKCS11 LIB Loader -//------------------------------------------------------------------------------ -#ifndef __RLIB_LOAD_H -#define __RLIB_LOAD_H -//------------------------------------------------------------------------------ -#define LOADLIBRARY -//------------------------------------------------------------------------------ -#ifndef CK_PTR -#define CK_PTR * -#endif -#ifndef NULL_PTR -#define NULL_PTR 0 -#endif -#ifndef CK_CALLBACK_FUNCTION -#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name) -#endif -#ifndef CK_DEFINE_FUNCTION -#define CK_DEFINE_FUNCTION(returnType, name) returnType name -#endif -#ifndef CK_DECLARE_FUNCTION -#define CK_DECLARE_FUNCTION(returnType, name) returnType name -#endif -#ifndef CK_DECLARE_FUNCTION_POINTER -#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name) -#endif - -#pragma pack(push, cryptoki, 1) -#include "pkcs11.h" -#pragma pack(pop, cryptoki) -//------------------------------------------------------------------------------ -#define CSP_REGKEY "SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Tumar CSP" -#define CAPI_LIB_PATH "" -#define PKCS_LIB_PATH "" -//------------------------------------------------------------------------------ -int LoadPkcsLib (char *dllpkcs); -void FreePkcsLib(void); -int do_GetFunctionList( void ); -//------------------------------------------------------------------------------ -extern CK_C_GetFunctionList FC_GetFunctionList; -//------------------------------------------------------------------------------ -#endif diff --git a/common/rt/src/rlib_load.cpp b/common/rt/src/rlib_load.cpp deleted file mode 100644 index abcc7e0..0000000 --- a/common/rt/src/rlib_load.cpp +++ /dev/null @@ -1,220 +0,0 @@ -//------------------------------------------------------------------------------ -// RCSP Project -// Copyright (c) 2007 Scientific Lab. Gamma Technologies. All rights reserved. -// -// R-CSP/R-PKCS11 LIB Loader -//------------------------------------------------------------------------------ -#include -#include -#include -#include "rlib_load.h" -//------------------------------------------------------------------------------ -#ifndef F_CPAcquireContext -#define F_CPAcquireContext 1 -#define F_CPGetProvParam 2 -#define F_CPReleaseContext 3 -#define F_CPSetProvParam 4 -#define F_CPDeriveKey 5 -#define F_CPDestroyKey 6 -#define F_CPDuplicateKey 7 -#define F_CPExportKey 8 -#define F_CPGenKey 9 -#define F_CPGenRandom 10 -#define F_CPGetKeyParam 11 -#define F_CPGetUserKey 12 -#define F_CPImportKey 13 -#define F_CPSetKeyParam 14 -#define F_CPDecrypt 15 -#define F_CPEncrypt 16 -#define F_CPCreateHash 17 -#define F_CPDestroyHash 18 -#define F_CPDuplicateHash 19 -#define F_CPGetHashParam 20 -#define F_CPHashData 21 -#define F_CPHashSessionKey 22 -#define F_CPSetHashParam 23 -#define F_CPSignHash 24 -#define F_CPVerifySignature 25 -#endif -//------------------------------------------------------------------------------ -#ifndef F_Initialize -#define F_Initialize 31 -#define F_Finalize 32 -#define F_GetInfo 33 -#define F_GetFunctionList 34 -#define F_GetSlotList 35 -#define F_GetSlotInfo 36 -#define F_GetTokenInfo 37 -#define F_GetMechanismList 38 -#define F_GetMechanismInfo 39 -#define F_InitToken 40 -#define F_InitPIN 41 -#define F_SetPIN 42 -#define F_OpenSession 43 -#define F_CloseSession 44 -#define F_CloseAllSessions 45 -#define F_GetSessionInfo 46 -#define F_GetOperationState 47 -#define F_SetOperationState 48 -#define F_Login 49 -#define F_Logout 50 -#define F_CreateObject 51 -#define F_CopyObject 52 -#define F_DestroyObject 53 -#define F_GetObjectSize 54 -#define F_GetAttributeValue 55 -#define F_SetAttributeValue 56 -#define F_FindObjectsInit 57 -#define F_FindObjects 58 -#define F_FindObjectsFinal 59 -#define F_EncryptInit 60 -#define F_Encrypt 61 -#define F_EncryptUpdate 62 -#define F_EncryptFinal 63 -#define F_DecryptInit 64 -#define F_Decrypt 65 -#define F_DecryptUpdate 66 -#define F_DecryptFinal 67 -#define F_DigestInit 68 -#define F_Digest 69 -#define F_DigestUpdate 70 -#define F_DigestKey 71 -#define F_DigestFinal 72 -#define F_SignInit 73 -#define F_Sign 74 -#define F_SignUpdate 75 -#define F_SignFinal 76 -#define F_SignRecoverInit 77 -#define F_SignRecover 78 -#define F_VerifyInit 79 -#define F_Verify 80 -#define F_VerifyUpdate 81 -#define F_VerifyFinal 82 -#define F_VerifyRecoverInit 83 -#define F_VerifyRecover 84 -#define F_DigestEncryptUpdate 85 -#define F_DecryptDigestUpdate 86 -#define F_SignEncryptUpdate 87 -#define F_DecryptVerifyUpdate 88 -#define F_GenerateKey 89 -#define F_GenerateKeyPair 90 -#define F_WrapKey 91 -#define F_UnwrapKey 92 -#define F_DeriveKey 93 -#define F_SeedRandom 94 -#define F_GenerateRandom 95 -#define F_GetFunctionStatus 96 -#define F_CancelFunction 97 -#define F_WaitForSlotEvent 98 -#endif - -#define HINSTANCE void* - -//------------------------------------------------------------------------------ -CK_C_Initialize FC_Initialize; -CK_C_GetFunctionList FC_GetFunctionList; -//------------------------------------------------------------------------------ -HINSTANCE load_lib(char *lib) -{ - return dlopen(lib, RTLD_LAZY | RTLD_LOCAL); -} -//------------------------------------------------------------------------------ -void* get_sym(HINSTANCE inst, const char *proc) -{ - return (void*)dlsym(inst,proc); -} -//------------------------------------------------------------------------------ -void free_lib(HINSTANCE inst) -{ - dlclose(inst); -} -//------------------------------------------------------------------------------ -int Get_PKCS_Fancs(HINSTANCE hLib) -{ - FC_GetFunctionList =(CK_C_GetFunctionList) get_sym(hLib,"C_GetFunctionList"); - if (!FC_GetFunctionList) - return F_GetFunctionList; - return 0; -} -//------------------------------------------------------------------------------ -HINSTANCE hPkcsLib=NULL; -//------------------------------------------------------------------------------ -#ifdef WIND32 -int GetCapiPath(char *path) -{ - HKEY hKey; - DWORD Disposition,DataSize; - if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,CSP_REGKEY,0,KEY_READ,&hKey)!=ERROR_SUCCESS) - return 1; - path[0]=0; - DataSize=255; - RegQueryValueEx(hKey,"Image Path",0,&Disposition,(BYTE *)path,&DataSize); - RegCloseKey(hKey); - if (!strlen(path)) - return 2; - return 0; -} -#else -int GetCapiPath(char *path) -{ - strcpy(path,CAPI_LIB_PATH); - return 0; -} -#endif -//------------------------------------------------------------------------------ -#ifdef WIND32 -int GetPkcsPath(char *path) -{ - return GetCapiPath(path); -} -#else -int GetPkcsPath(char *path) -{ - strcpy(path,PKCS_LIB_PATH); - return 0; -} -#endif -//------------------------------------------------------------------------------ -int LoadPkcsLib(char *dllpkcs) -{ - int code; - char path[260]; - if (hPkcsLib) - return 0; - - if ((dllpkcs)&&(*dllpkcs)) - strcpy(path,dllpkcs); - else if (GetPkcsPath(path)) - return -1; - - hPkcsLib=load_lib(path); - if (!hPkcsLib) - return -2; - - code=Get_PKCS_Fancs(hPkcsLib); - if(code) - { - free_lib(hPkcsLib); - hPkcsLib=NULL; - } - return code; -} -//------------------------------------------------------------------------------ -void FreePkcsLib(void) -{ - if (hPkcsLib) - { - free_lib(hPkcsLib); - hPkcsLib=NULL; - } -} -//------------------------------------------------------------------------------ -int do_GetFunctionList( void ) -{ - CK_RV rc = 0; - extern CK_FUNCTION_LIST *funcs; - rc=FC_GetFunctionList(&funcs); - if (rc != CKR_OK) {printf ("err %x\n",rc); return rc;} - return 0; -} -//------------------------------------------------------------------------------ diff --git a/program/include/cert_conf.h b/program/include/cert_conf.h index 3b2e5fa..3412b81 100644 --- a/program/include/cert_conf.h +++ b/program/include/cert_conf.h @@ -86,6 +86,9 @@ struct cert_store_policy{ uint16_t store_port; char store_ip[46]; + char password[128]; + char label[128]; + char ca_path[128]; char uninsec_path[128]; }; diff --git a/program/src/cert_session.cpp b/program/src/cert_session.cpp index 9de5cfb..5f614cc 100644 --- a/program/src/cert_session.cpp +++ b/program/src/cert_session.cpp @@ -785,6 +785,7 @@ int pkcs11_signature_algotonid(unsigned long algo) case CKM_SHA1_RSA_PKCS: return NID_sha1WithRSAEncryption; case CKM_RSA_PKCS: + case CKM_CERTEX_GOSTR3410_2001: case CKM_SHA256_RSA_PKCS: return NID_sha256WithRSAEncryption; default: @@ -792,40 +793,85 @@ int pkcs11_signature_algotonid(unsigned long algo) } return 0; } - -int X509_pkcs11_sign(X509* x509, unsigned long pkcs11_signing_algo, CK_SESSION_HANDLE pkcs11_session) +int x509_find_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE *hObject) { - int rv =0; - CK_OBJECT_HANDLE pkcs11_key_handle = 0; + int xret=0; + CK_ULONG objcount; + CK_OBJECT_CLASS sec_class = CKO_PRIVATE_KEY; + CK_BBOOL xtrue = 1; - // set signature algorithm in the certificate + CK_ATTRIBUTE key_attr[] = + { + {CKA_CLASS, &sec_class, sizeof(sec_class) }, + {CKA_PRIVATE, &xtrue, sizeof (xtrue) }, + {CKA_LABEL, g_certstore_policy->label, strlen((const char *)g_certstore_policy->label)} + }; + + xret = FC_FindObjectsInit( session, key_attr, sizeof(key_attr)/sizeof(CK_ATTRIBUTE) ); + if (xret != CKR_OK) + { + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Object failed to initialize"); + goto finish; + + } + xret = FC_FindObjects(session, hObject, 1,&objcount); + if (xret != CKR_OK || objcount == 0) + { + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to get private key handle"); + goto finish; + } + return 0; +finish: + *hObject = CK_INVALID_HANDLE; + return -1; +} + +int X509_hsm_sign(X509* x509, unsigned long mech, CK_SESSION_HANDLE session) +{ + int xret =1; + CK_OBJECT_HANDLE hObject = 0; + + xret = x509_find_object(session, &hObject); + if(xret != 0 || hObject == CK_INVALID_HANDLE) + { + return 0; + } + + CK_MECHANISM sign_mechanism; + memset (&sign_mechanism, 0, sizeof (sign_mechanism)); + sign_mechanism.mechanism = mech; + xret = FC_SignInit (session, &sign_mechanism, hObject); + if (xret != CKR_OK ) + { + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "There was an error initializing the sign function"); + return 0; + } + // set signature algorithm in the certificate const X509_ALGOR *tsig_alg_org = X509_get0_tbs_sigalg(x509); X509_ALGOR *tsig_alg=const_cast(tsig_alg_org); if (tsig_alg) { - const int signingAlgoNid = pkcs11_signature_algotonid(pkcs11_signing_algo); + const int signingAlgoNid = pkcs11_signature_algotonid(mech); X509_ALGOR_set0(tsig_alg, OBJ_nid2obj(signingAlgoNid), V_ASN1_NULL, NULL); } - const X509_ALGOR *sig_alg_org; X509_get0_signature(NULL, &sig_alg_org, x509); X509_ALGOR *sig_alg=const_cast(sig_alg_org); if (sig_alg) { - const int signingAlgoNid = pkcs11_signature_algotonid(pkcs11_signing_algo); + const int signingAlgoNid = pkcs11_signature_algotonid(mech); X509_ALGOR_set0(sig_alg, OBJ_nid2obj(signingAlgoNid), V_ASN1_NULL, NULL); } - // DER-encode certificate - unsigned char *x509_der_buf; + // DER-encode certificate + unsigned char *x509_der_buf;CK_ULONG signature_size = 0; const size_t x509_der_len = i2d_re_X509_tbs(x509, &x509_der_buf); + xret = FC_Sign (session, x509_der_buf, x509_der_len, NULL, &signature_size); + if (xret != CKR_OK) + { + return 0; + } - CK_MECHANISM mechanism = { pkcs11_signing_algo, NULL_PTR, 0 }; - rv = funcs->C_SignInit(pkcs11_session, &mechanism, pkcs11_key_handle); - - // determine signature size - CK_ULONG signature_size = 0; - rv= funcs->C_Sign(pkcs11_session, x509_der_buf, x509_der_len, NULL, &signature_size); // sign const ASN1_BIT_STRING *psig_org; X509_get0_signature(&psig_org, NULL, x509); @@ -834,13 +880,14 @@ int X509_pkcs11_sign(X509* x509, unsigned long pkcs11_signing_algo, CK_SESSION_H OPENSSL_free(psig->data); psig->data = (unsigned char*)OPENSSL_malloc(signature_size); psig->length = signature_size; - rv = funcs->C_Sign(pkcs11_session, x509_der_buf, x509_der_len, psig->data, &signature_size); - + xret = FC_Sign(session, x509_der_buf, x509_der_len, psig->data, &signature_size); psig->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); psig->flags|=ASN1_STRING_FLAG_BITS_LEFT; - OPENSSL_free(x509_der_buf); - return rv; + OPENSSL_free(x509_der_buf); + FC_FindObjectsFinal(session); + + return xret; } X509 *ssl_x509_forge(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey, int *expire_time, char *crlurl, char *public_algo, CK_SESSION_HANDLE session) @@ -947,7 +994,7 @@ X509 *ssl_x509_forge(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey, in } else { - if(!X509_pkcs11_sign(crt, CKM_RSA_PKCS, session)) + if(!X509_hsm_sign(crt, CKM_CERTEX_GOSTR3410_2001, session)) goto errout; } @@ -1115,6 +1162,11 @@ long __attribute__((__unused__))argl, void __attribute__((__unused__))*argp) if (pxy_obj->stack_ca) sk_X509_pop_free(pxy_obj->stack_ca, X509_free); + if(pxy_obj->session) + { + FC_Logout(pxy_obj->session); + FC_CloseSession(pxy_obj->session); + } free(pxy_obj); pxy_obj = NULL; *ad=NULL; @@ -2256,6 +2308,7 @@ static int field_stat_init(struct cert_store_policy *certstore_policy, const cha return 0; } +#if 0 static struct pxy_profile_hsm* get_profile_by_id(int profile_id) { struct pxy_profile_hsm* ply_profile=NULL; @@ -2267,6 +2320,7 @@ static struct pxy_profile_hsm* get_profile_by_id(int profile_id) ply_profile = (struct pxy_profile_hsm*)Maat_plugin_get_EX_data(g_certstore_policy->feather, table_id, (const char*)cfg_id_str); return ply_profile; } +#endif CK_SESSION_HANDLE keyring_pkcs11_login(int slot_id) { @@ -2274,30 +2328,26 @@ CK_SESSION_HANDLE keyring_pkcs11_login(int slot_id) CK_FLAGS flags; CK_SESSION_HANDLE session=0; - struct pxy_profile_hsm* ply_profile = get_profile_by_id(0); - if(ply_profile == NULL || funcs->C_OpenSession==NULL) - { - goto error; - } - + //struct pxy_profile_hsm* ply_profile = get_profile_by_id(0); flags = CKF_SERIAL_SESSION | CKF_RW_SESSION; - ret = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &session); - if(ret) + ret = FC_OpenSession(slot_id, flags, NULL, NULL, &session); + if(ret != CKR_OK) { - mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "hsm_sdk open session faild, error : %d", ret); + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Hsm open session faild, error : %d", ret); goto error; } - ret = funcs->C_Login(session, CKU_USER, (CK_UTF8CHAR_PTR)ply_profile->passwd, strlen(ply_profile->passwd)); - if(ret) + ret = FC_Login(session, CKU_USER, (CK_UTF8CHAR_PTR)g_certstore_policy->password, strlen(g_certstore_policy->password)); + if(ret != CKR_OK) { - mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "hsm_sdk login faild, error : %d", ret); + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Hsm login faild, error : %d", ret); goto error; } return session; error: if(session) { - funcs->C_CloseSession(session); + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Init FC_OpenSession faild, error : %d", ret); + FC_CloseSession(session); } return 0; } @@ -2558,12 +2608,14 @@ int maat_feather_init(struct cert_store_policy *certstore_policy, const char *ma mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "certstore register table PXY_PROFILE_KEYRING failed"); } +#if 0 table_id = maat_table_ex_init("PXY_PROFILE_HSM", POLICY_PROFILE_TABLE_HSM, hsm_profile_table_start_cb, hsm_profile_table_free_cb, hsm_profile_table_dup_cb); if(table_id<0) { mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Register table PXY_PROFILE_HSM failed"); return 0; } +#endif field_stat_init(certstore_policy, main_profile); @@ -2583,6 +2635,8 @@ int pkcs11_module_init(struct cert_store_policy *certstore_policy, const char *m MESA_load_profile_uint_nodef(main_profile, "certex_hsm", "enable", &(certstore_policy->enable)); MESA_load_profile_string_def(main_profile, "certex_hsm", "library_path", library_path, sizeof(library_path), ""); + MESA_load_profile_string_def(main_profile, "certex_hsm", "password", g_certstore_policy->password, sizeof(g_certstore_policy->password), "987654321"); + MESA_load_profile_string_def(main_profile, "certex_hsm", "label", g_certstore_policy->label, sizeof(g_certstore_policy->label), "TEST"); if(certstore_policy->enable == 0) { @@ -2595,17 +2649,20 @@ int pkcs11_module_init(struct cert_store_policy *certstore_policy, const char *m mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Load %s failed", library_path); goto finish; } +#if 0 xret = do_user_GetFunctionList(); if(xret!=0 || funcs->C_Initialize==NULL) { mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Get function list failed, errro = %d",xret); goto finish; } +#endif memset(&cinit_args, 0x0, sizeof(cinit_args)); cinit_args.flags = CKF_OS_LOCKING_OK; - xret = funcs->C_Initialize(&cinit_args); + xret = FC_Initialize(&cinit_args); if(xret!=0) { + //FreePkcsLib(); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Function Initialize failed"); } finish: @@ -2614,10 +2671,10 @@ finish: int cert_store_session_init(struct cert_store_policy *certstore_policy, const char *main_profile) { - maat_feather_init(certstore_policy, main_profile); - pkcs11_module_init(certstore_policy, main_profile); + maat_feather_init(certstore_policy, main_profile); + keyring_server_init(certstore_policy); return 0; diff --git a/resource/conf/cert_store.ini b/resource/conf/cert_store.ini index 19e4550..455f0d4 100644 --- a/resource/conf/cert_store.ini +++ b/resource/conf/cert_store.ini @@ -59,6 +59,8 @@ statsd_server=192.168.10.72 statsd_port=8126 [certex_hsm] -enable=0 -library_path=lib/libcertex-rcsp_r.so.v.3.0.40.2 +enable=1 +password="987654321" +label="TEST" +library_path=./lib/libcertex-rcsp_r.so.v.3.0.40.3 diff --git a/resource/lib/libcertex-rcsp_r.so.v.3.0.40.3 b/resource/lib/libcertex-rcsp_r.so.v.3.0.40.3 new file mode 100644 index 0000000..b3a22cd Binary files /dev/null and b/resource/lib/libcertex-rcsp_r.so.v.3.0.40.3 differ diff --git a/resource/rcsp/rcsp.conf b/resource/rcsp/rcsp.conf new file mode 100644 index 0000000..e94dfa5 --- /dev/null +++ b/resource/rcsp/rcsp.conf @@ -0,0 +1,18 @@ +[RAPI] +host = 172.16.172.216 +port = 62556 +auth = 0 + +[Admin] +name = hsm +pass = qwerty + +[SSL] +level = 0 +host = 172.16.172.216 +key_file = /Certex/etc/ssl/key.pem +crt_file = /Certex/etc/ssl/cert.pem +ca_file = /Certex/etc/ssl/ca.pem +ca_path = /Certex/etc/ssl/certs +mask = C=KZ;O=Gamma;OU=Certex;CN=HSMII-B-0028 +