FreeRDP
ncrypt_pkcs11.c File Reference
#include <stdlib.h>
#include <winpr/library.h>
#include <winpr/assert.h>
#include <winpr/spec.h>
#include <winpr/smartcard.h>
#include <winpr/asn1.h>
#include "../log.h"
#include "ncrypt.h"
#include "pkcs11-headers/pkcs11.h"

Macros

#define TAG   WINPR_TAG("ncryptp11")
 
#define MAX_SLOTS   64
 
#define MAX_KEYS   64
 
#define MAX_KEYS_PER_SLOT   64
 
#define PIV_CONTAINER_NAME_LEN   36
 
#define ERR_ENTRY(X)
 
#define loge(tag, msg, rv, index, slot)    log_((tag), (msg), (rv), (index), (slot), __FILE__, __func__, __LINE__)
 
#define ALGO_CASE(V, S)
 
#define SLOT_DESC_SZ   sizeof(slotInfo.slotDescription)
 

Functions

static SECURITY_STATUS NCryptP11StorageProvider_dtor (NCRYPT_HANDLE handle)
 
static void fix_padded_string (char *str, size_t maxlen)
 
static BOOL attributes_have_unallocated_buffers (CK_ATTRIBUTE_PTR attributes, CK_ULONG count)
 
static BOOL attribute_allocate_attribute_array (CK_ATTRIBUTE_PTR attribute)
 
static BOOL attribute_allocate_ulong_array (CK_ATTRIBUTE_PTR attribute)
 
static BOOL attribute_allocate_buffer (CK_ATTRIBUTE_PTR attribute)
 
static BOOL attributes_allocate_buffers (CK_ATTRIBUTE_PTR attributes, CK_ULONG count)
 
static CK_RV object_load_attributes (NCryptP11ProviderHandle *provider, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR attributes, CK_ULONG count)
 
static const char * CK_RV_error_string (CK_RV rv)
 
static void log_ (const char *tag, const char *msg, CK_RV rv, CK_ULONG index, CK_SLOT_ID slot, const char *file, const char *fkt, size_t line)
 
static SECURITY_STATUS collect_keys (NCryptP11ProviderHandle *provider, P11EnumKeysState *state)
 
static BOOL convertKeyType (CK_KEY_TYPE k, LPWSTR dest, DWORD len, DWORD *outlen)
 
static void wprintKeyName (LPWSTR str, CK_SLOT_ID slotId, CK_BYTE *id, CK_ULONG idLen)
 
static size_t parseHex (const char *str, const char *end, CK_BYTE *target)
 
static SECURITY_STATUS parseKeyName (LPCWSTR pszKeyName, CK_SLOT_ID *slotId, CK_BYTE *id, CK_ULONG *idLen)
 
static SECURITY_STATUS NCryptP11EnumKeys (NCRYPT_PROV_HANDLE hProvider, LPCWSTR pszScope, NCryptKeyName **ppKeyName, PVOID *ppEnumState, DWORD dwFlags)
 
static SECURITY_STATUS get_piv_container_name (NCryptP11KeyHandle *key, const BYTE *piv_tag, BYTE *output, size_t output_len)
 
static SECURITY_STATUS check_for_piv_container_name (NCryptP11KeyHandle *key, BYTE *pbOutput, DWORD cbOutput, DWORD *pcbResult, char *label, size_t label_len)
 
static SECURITY_STATUS NCryptP11KeyGetProperties (NCryptP11KeyHandle *keyHandle, NCryptKeyGetPropertyEnum property, PBYTE pbOutput, DWORD cbOutput, DWORD *pcbResult, DWORD dwFlags)
 
static SECURITY_STATUS NCryptP11GetProperty (NCRYPT_HANDLE hObject, NCryptKeyGetPropertyEnum prop, PBYTE pbOutput, DWORD cbOutput, DWORD *pcbResult, DWORD dwFlags)
 
static SECURITY_STATUS NCryptP11OpenKey (NCRYPT_PROV_HANDLE hProvider, NCRYPT_KEY_HANDLE *phKey, LPCWSTR pszKeyName, DWORD dwLegacyKeySpec, DWORD dwFlags)
 
static SECURITY_STATUS initialize_pkcs11 (HANDLE handle, CK_RV(*c_get_function_list)(CK_FUNCTION_LIST_PTR_PTR), NCRYPT_PROV_HANDLE *phProvider)
 
SECURITY_STATUS NCryptOpenP11StorageProviderEx (NCRYPT_PROV_HANDLE *phProvider, LPCWSTR pszProviderName, DWORD dwFlags, LPCSTR *modulePaths)
 
const char * NCryptGetModulePath (NCRYPT_PROV_HANDLE phProvider)
 

Variables

static const piv_cert_tags_t piv_cert_tags []
 
static const BYTE APDU_PIV_SELECT_AID []
 
static const BYTE APDU_PIV_GET_CHUID []
 
static CK_OBJECT_CLASS object_class_public_key = CKO_PUBLIC_KEY
 
static CK_BBOOL object_verify = CK_TRUE
 
static CK_KEY_TYPE object_ktype_rsa = CKK_RSA
 
static CK_ATTRIBUTE public_key_filter []
 

Macro Definition Documentation

◆ ALGO_CASE

#define ALGO_CASE (   V,
 
)
Value:
case V: \
r = S; \
break

◆ ERR_ENTRY

#define ERR_ENTRY (   X)
Value:
case X: \
return #X

◆ loge

#define loge (   tag,
  msg,
  rv,
  index,
  slot 
)     log_((tag), (msg), (rv), (index), (slot), __FILE__, __func__, __LINE__)

◆ MAX_KEYS

#define MAX_KEYS   64

◆ MAX_KEYS_PER_SLOT

#define MAX_KEYS_PER_SLOT   64

◆ MAX_SLOTS

#define MAX_SLOTS   64

◆ PIV_CONTAINER_NAME_LEN

#define PIV_CONTAINER_NAME_LEN   36

◆ SLOT_DESC_SZ

#define SLOT_DESC_SZ   sizeof(slotInfo.slotDescription)

◆ TAG

#define TAG   WINPR_TAG("ncryptp11")

WinPR: Windows Portable Runtime NCrypt pkcs11 provider

Copyright 2021 David Fort conta.nosp@m.ct@h.nosp@m.arden.nosp@m.ing-.nosp@m.consu.nosp@m.ltin.nosp@m.g.com

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Function Documentation

◆ attribute_allocate_attribute_array()

static BOOL attribute_allocate_attribute_array ( CK_ATTRIBUTE_PTR  attribute)
static
Here is the caller graph for this function:

◆ attribute_allocate_buffer()

static BOOL attribute_allocate_buffer ( CK_ATTRIBUTE_PTR  attribute)
static
Here is the caller graph for this function:

◆ attribute_allocate_ulong_array()

static BOOL attribute_allocate_ulong_array ( CK_ATTRIBUTE_PTR  attribute)
static
Here is the caller graph for this function:

◆ attributes_allocate_buffers()

static BOOL attributes_allocate_buffers ( CK_ATTRIBUTE_PTR  attributes,
CK_ULONG  count 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ attributes_have_unallocated_buffers()

static BOOL attributes_have_unallocated_buffers ( CK_ATTRIBUTE_PTR  attributes,
CK_ULONG  count 
)
static
Here is the caller graph for this function:

◆ check_for_piv_container_name()

static SECURITY_STATUS check_for_piv_container_name ( NCryptP11KeyHandle *  key,
BYTE pbOutput,
DWORD  cbOutput,
DWORD *  pcbResult,
char *  label,
size_t  label_len 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ CK_RV_error_string()

static const char* CK_RV_error_string ( CK_RV  rv)
static
Here is the caller graph for this function:

◆ collect_keys()

static SECURITY_STATUS collect_keys ( NCryptP11ProviderHandle *  provider,
P11EnumKeysState *  state 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ convertKeyType()

static BOOL convertKeyType ( CK_KEY_TYPE  k,
LPWSTR  dest,
DWORD  len,
DWORD *  outlen 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ fix_padded_string()

static void fix_padded_string ( char *  str,
size_t  maxlen 
)
static
Here is the caller graph for this function:

◆ get_piv_container_name()

static SECURITY_STATUS get_piv_container_name ( NCryptP11KeyHandle *  key,
const BYTE piv_tag,
BYTE output,
size_t  output_len 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ initialize_pkcs11()

static SECURITY_STATUS initialize_pkcs11 ( HANDLE  handle,
CK_RV(*)(CK_FUNCTION_LIST_PTR_PTR)  c_get_function_list,
NCRYPT_PROV_HANDLE phProvider 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ log_()

static void log_ ( const char *  tag,
const char *  msg,
CK_RV  rv,
CK_ULONG  index,
CK_SLOT_ID  slot,
const char *  file,
const char *  fkt,
size_t  line 
)
static
Here is the call graph for this function:

◆ NCryptGetModulePath()

const char* NCryptGetModulePath ( NCRYPT_PROV_HANDLE  phProvider)
Here is the caller graph for this function:

◆ NCryptOpenP11StorageProviderEx()

SECURITY_STATUS NCryptOpenP11StorageProviderEx ( NCRYPT_PROV_HANDLE phProvider,
LPCWSTR  pszProviderName,
DWORD  dwFlags,
LPCSTR *  modulePaths 
)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ NCryptP11EnumKeys()

static SECURITY_STATUS NCryptP11EnumKeys ( NCRYPT_PROV_HANDLE  hProvider,
LPCWSTR  pszScope,
NCryptKeyName **  ppKeyName,
PVOID *  ppEnumState,
DWORD  dwFlags 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ NCryptP11GetProperty()

static SECURITY_STATUS NCryptP11GetProperty ( NCRYPT_HANDLE  hObject,
NCryptKeyGetPropertyEnum  prop,
PBYTE  pbOutput,
DWORD  cbOutput,
DWORD *  pcbResult,
DWORD  dwFlags 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ NCryptP11KeyGetProperties()

static SECURITY_STATUS NCryptP11KeyGetProperties ( NCryptP11KeyHandle *  keyHandle,
NCryptKeyGetPropertyEnum  property,
PBYTE  pbOutput,
DWORD  cbOutput,
DWORD *  pcbResult,
DWORD  dwFlags 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ NCryptP11OpenKey()

static SECURITY_STATUS NCryptP11OpenKey ( NCRYPT_PROV_HANDLE  hProvider,
NCRYPT_KEY_HANDLE phKey,
LPCWSTR  pszKeyName,
DWORD  dwLegacyKeySpec,
DWORD  dwFlags 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ NCryptP11StorageProvider_dtor()

static SECURITY_STATUS NCryptP11StorageProvider_dtor ( NCRYPT_HANDLE  handle)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ object_load_attributes()

static CK_RV object_load_attributes ( NCryptP11ProviderHandle *  provider,
CK_SESSION_HANDLE  session,
CK_OBJECT_HANDLE  object,
CK_ATTRIBUTE_PTR  attributes,
CK_ULONG  count 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ parseHex()

static size_t parseHex ( const char *  str,
const char *  end,
CK_BYTE target 
)
static
Here is the caller graph for this function:

◆ parseKeyName()

static SECURITY_STATUS parseKeyName ( LPCWSTR  pszKeyName,
CK_SLOT_ID *  slotId,
CK_BYTE id,
CK_ULONG idLen 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ wprintKeyName()

static void wprintKeyName ( LPWSTR  str,
CK_SLOT_ID  slotId,
CK_BYTE id,
CK_ULONG  idLen 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

Variable Documentation

◆ APDU_PIV_GET_CHUID

const BYTE APDU_PIV_GET_CHUID[]
static
Initial value:
= { 0x00, 0xCB, 0x3F, 0xFF, 0x05, 0x5C,
0x03, 0x5F, 0xC1, 0x02, 0x00 }

◆ APDU_PIV_SELECT_AID

const BYTE APDU_PIV_SELECT_AID[]
static
Initial value:
= { 0x00, 0xA4, 0x04, 0x00, 0x09, 0xA0, 0x00, 0x00,
0x03, 0x08, 0x00, 0x00, 0x10, 0x00, 0x00 }

◆ object_class_public_key

CK_OBJECT_CLASS object_class_public_key = CKO_PUBLIC_KEY
static

◆ object_ktype_rsa

CK_KEY_TYPE object_ktype_rsa = CKK_RSA
static

◆ object_verify

CK_BBOOL object_verify = CK_TRUE
static

◆ piv_cert_tags

const piv_cert_tags_t piv_cert_tags[]
static
Initial value:
= {
{ "Certificate for PIV Authentication", "\x5F\xC1\x05" },
{ "Certificate for Digital Signature", "\x5F\xC1\x0A" },
{ "Certificate for Key Management", "\x5F\xC1\x0B" },
{ "Certificate for Card Authentication", "\x5F\xC1\x01" },
}

◆ public_key_filter

CK_ATTRIBUTE public_key_filter[]
static
Initial value:
= {
}
static CK_OBJECT_CLASS object_class_public_key
Definition: ncrypt_pkcs11.c:97
static CK_BBOOL object_verify
Definition: ncrypt_pkcs11.c:98
static CK_KEY_TYPE object_ktype_rsa
Definition: ncrypt_pkcs11.c:99
#define CKA_VERIFY
Definition: pkcs11.h:155
#define CKA_KEY_TYPE
Definition: pkcs11.h:145
#define CKA_CLASS
Definition: pkcs11.h:123