FreeRDP
ncrypt_pkcs11.c File Reference
#include <stdlib.h>
#include <pkcs11-helper-1.0/pkcs11.h>
#include <winpr/library.h>
#include <winpr/assert.h>
#include <winpr/spec.h>
#include <winpr/smartcard.h>
#include <winpr/asn1.h>
#include "../log.h"
#include "ncrypt.h"

Macros

#define TAG   WINPR_TAG("ncryptp11")
 
#define MAX_SLOTS   64
 
#define MAX_KEYS   64
 
#define MAX_KEYS_PER_SLOT   64
 
#define PIV_CONTAINER_NAME_LEN   36
 
#define ERR_ENTRY(X)
 
#define ALGO_CASE(V, S)
 
#define SLOT_DESC_SZ   sizeof(slotInfo.slotDescription)
 

Functions

static SECURITY_STATUS NCryptP11StorageProvider_dtor (NCRYPT_HANDLE handle)
 
static void fix_padded_string (char *str, size_t maxlen)
 
static BOOL attributes_have_unallocated_buffers (CK_ATTRIBUTE_PTR attributes, CK_ULONG count)
 
static BOOL attribute_allocate_attribute_array (CK_ATTRIBUTE_PTR attribute)
 
static BOOL attribute_allocate_ulong_array (CK_ATTRIBUTE_PTR attribute)
 
static BOOL attribute_allocate_buffer (CK_ATTRIBUTE_PTR attribute)
 
static BOOL attributes_allocate_buffers (CK_ATTRIBUTE_PTR attributes, CK_ULONG count)
 
static CK_RV object_load_attributes (NCryptP11ProviderHandle *provider, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR attributes, CK_ULONG count)
 
static const char * CK_RV_error_string (CK_RV rv)
 
static SECURITY_STATUS collect_keys (NCryptP11ProviderHandle *provider, P11EnumKeysState *state)
 
static BOOL convertKeyType (CK_KEY_TYPE k, LPWSTR dest, DWORD len, DWORD *outlen)
 
static void wprintKeyName (LPWSTR str, CK_SLOT_ID slotId, CK_BYTE *id, CK_ULONG idLen)
 
static size_t parseHex (const char *str, const char *end, CK_BYTE *target)
 
static SECURITY_STATUS parseKeyName (LPCWSTR pszKeyName, CK_SLOT_ID *slotId, CK_BYTE *id, CK_ULONG *idLen)
 
static SECURITY_STATUS NCryptP11EnumKeys (NCRYPT_PROV_HANDLE hProvider, LPCWSTR pszScope, NCryptKeyName **ppKeyName, PVOID *ppEnumState, DWORD dwFlags)
 
static SECURITY_STATUS get_piv_container_name (NCryptP11KeyHandle *key, BYTE *piv_tag, BYTE *output, size_t output_len)
 
static SECURITY_STATUS check_for_piv_container_name (NCryptP11KeyHandle *key, BYTE *pbOutput, DWORD cbOutput, DWORD *pcbResult, char *label, size_t label_len)
 
static SECURITY_STATUS NCryptP11KeyGetProperties (NCryptP11KeyHandle *keyHandle, NCryptKeyGetPropertyEnum property, PBYTE pbOutput, DWORD cbOutput, DWORD *pcbResult, DWORD dwFlags)
 
static SECURITY_STATUS NCryptP11GetProperty (NCRYPT_HANDLE hObject, NCryptKeyGetPropertyEnum prop, PBYTE pbOutput, DWORD cbOutput, DWORD *pcbResult, DWORD dwFlags)
 
static SECURITY_STATUS NCryptP11OpenKey (NCRYPT_PROV_HANDLE hProvider, NCRYPT_KEY_HANDLE *phKey, LPCWSTR pszKeyName, DWORD dwLegacyKeySpec, DWORD dwFlags)
 
static SECURITY_STATUS initialize_pkcs11 (HANDLE handle, CK_RV(*c_get_function_list)(CK_FUNCTION_LIST_PTR_PTR), NCRYPT_PROV_HANDLE *phProvider)
 
SECURITY_STATUS NCryptOpenP11StorageProviderEx (NCRYPT_PROV_HANDLE *phProvider, LPCWSTR pszProviderName, DWORD dwFlags, LPCSTR *modulePaths)
 

Variables

struct {
   const char *   label
 
   BYTE   tag [3]
 
piv_cert_tags []
 
static const BYTE APDU_PIV_SELECT_AID []
 
static const BYTE APDU_PIV_GET_CHUID []
 
static CK_OBJECT_CLASS object_class_public_key = CKO_PUBLIC_KEY
 
static CK_BBOOL object_verify = CK_TRUE
 
static CK_KEY_TYPE object_ktype_rsa = CKK_RSA
 
static CK_ATTRIBUTE public_key_filter []
 

Macro Definition Documentation

◆ ALGO_CASE

#define ALGO_CASE (   V,
 
)
Value:
case V: \
r = S; \
break

◆ ERR_ENTRY

#define ERR_ENTRY (   X)
Value:
case X: \
return #X

◆ MAX_KEYS

#define MAX_KEYS   64

◆ MAX_KEYS_PER_SLOT

#define MAX_KEYS_PER_SLOT   64

◆ MAX_SLOTS

#define MAX_SLOTS   64

◆ PIV_CONTAINER_NAME_LEN

#define PIV_CONTAINER_NAME_LEN   36

◆ SLOT_DESC_SZ

#define SLOT_DESC_SZ   sizeof(slotInfo.slotDescription)

◆ TAG

#define TAG   WINPR_TAG("ncryptp11")

WinPR: Windows Portable Runtime NCrypt pkcs11 provider

Copyright 2021 David Fort conta.nosp@m.ct@h.nosp@m.arden.nosp@m.ing-.nosp@m.consu.nosp@m.ltin.nosp@m.g.com

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Function Documentation

◆ attribute_allocate_attribute_array()

static BOOL attribute_allocate_attribute_array ( CK_ATTRIBUTE_PTR  attribute)
static
Here is the caller graph for this function:

◆ attribute_allocate_buffer()

static BOOL attribute_allocate_buffer ( CK_ATTRIBUTE_PTR  attribute)
static
Here is the caller graph for this function:

◆ attribute_allocate_ulong_array()

static BOOL attribute_allocate_ulong_array ( CK_ATTRIBUTE_PTR  attribute)
static
Here is the caller graph for this function:

◆ attributes_allocate_buffers()

static BOOL attributes_allocate_buffers ( CK_ATTRIBUTE_PTR  attributes,
CK_ULONG  count 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ attributes_have_unallocated_buffers()

static BOOL attributes_have_unallocated_buffers ( CK_ATTRIBUTE_PTR  attributes,
CK_ULONG  count 
)
static
Here is the caller graph for this function:

◆ check_for_piv_container_name()

static SECURITY_STATUS check_for_piv_container_name ( NCryptP11KeyHandle *  key,
BYTE pbOutput,
DWORD  cbOutput,
DWORD *  pcbResult,
char *  label,
size_t  label_len 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ CK_RV_error_string()

static const char* CK_RV_error_string ( CK_RV  rv)
static
Here is the caller graph for this function:

◆ collect_keys()

static SECURITY_STATUS collect_keys ( NCryptP11ProviderHandle *  provider,
P11EnumKeysState *  state 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ convertKeyType()

static BOOL convertKeyType ( CK_KEY_TYPE  k,
LPWSTR  dest,
DWORD  len,
DWORD *  outlen 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ fix_padded_string()

static void fix_padded_string ( char *  str,
size_t  maxlen 
)
static
Here is the caller graph for this function:

◆ get_piv_container_name()

static SECURITY_STATUS get_piv_container_name ( NCryptP11KeyHandle *  key,
BYTE piv_tag,
BYTE output,
size_t  output_len 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ initialize_pkcs11()

static SECURITY_STATUS initialize_pkcs11 ( HANDLE  handle,
CK_RV(*)(CK_FUNCTION_LIST_PTR_PTR)  c_get_function_list,
NCRYPT_PROV_HANDLE phProvider 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ NCryptOpenP11StorageProviderEx()

SECURITY_STATUS NCryptOpenP11StorageProviderEx ( NCRYPT_PROV_HANDLE phProvider,
LPCWSTR  pszProviderName,
DWORD  dwFlags,
LPCSTR *  modulePaths 
)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ NCryptP11EnumKeys()

static SECURITY_STATUS NCryptP11EnumKeys ( NCRYPT_PROV_HANDLE  hProvider,
LPCWSTR  pszScope,
NCryptKeyName **  ppKeyName,
PVOID *  ppEnumState,
DWORD  dwFlags 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ NCryptP11GetProperty()

static SECURITY_STATUS NCryptP11GetProperty ( NCRYPT_HANDLE  hObject,
NCryptKeyGetPropertyEnum  prop,
PBYTE  pbOutput,
DWORD  cbOutput,
DWORD *  pcbResult,
DWORD  dwFlags 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ NCryptP11KeyGetProperties()

static SECURITY_STATUS NCryptP11KeyGetProperties ( NCryptP11KeyHandle *  keyHandle,
NCryptKeyGetPropertyEnum  property,
PBYTE  pbOutput,
DWORD  cbOutput,
DWORD *  pcbResult,
DWORD  dwFlags 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ NCryptP11OpenKey()

static SECURITY_STATUS NCryptP11OpenKey ( NCRYPT_PROV_HANDLE  hProvider,
NCRYPT_KEY_HANDLE phKey,
LPCWSTR  pszKeyName,
DWORD  dwLegacyKeySpec,
DWORD  dwFlags 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ NCryptP11StorageProvider_dtor()

static SECURITY_STATUS NCryptP11StorageProvider_dtor ( NCRYPT_HANDLE  handle)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ object_load_attributes()

static CK_RV object_load_attributes ( NCryptP11ProviderHandle *  provider,
CK_SESSION_HANDLE  session,
CK_OBJECT_HANDLE  object,
CK_ATTRIBUTE_PTR  attributes,
CK_ULONG  count 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ parseHex()

static size_t parseHex ( const char *  str,
const char *  end,
CK_BYTE *  target 
)
static
Here is the caller graph for this function:

◆ parseKeyName()

static SECURITY_STATUS parseKeyName ( LPCWSTR  pszKeyName,
CK_SLOT_ID *  slotId,
CK_BYTE *  id,
CK_ULONG *  idLen 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ wprintKeyName()

static void wprintKeyName ( LPWSTR  str,
CK_SLOT_ID  slotId,
CK_BYTE *  id,
CK_ULONG  idLen 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

Variable Documentation

◆ APDU_PIV_GET_CHUID

const BYTE APDU_PIV_GET_CHUID[]
static
Initial value:
= { 0x00, 0xCB, 0x3F, 0xFF, 0x05, 0x5C,
0x03, 0x5F, 0xC1, 0x02, 0x00 }

◆ APDU_PIV_SELECT_AID

const BYTE APDU_PIV_SELECT_AID[]
static
Initial value:
= { 0x00, 0xA4, 0x04, 0x00, 0x09, 0xA0, 0x00, 0x00,
0x03, 0x08, 0x00, 0x00, 0x10, 0x00, 0x00 }

◆ label

const char* label

◆ object_class_public_key

CK_OBJECT_CLASS object_class_public_key = CKO_PUBLIC_KEY
static

◆ object_ktype_rsa

CK_KEY_TYPE object_ktype_rsa = CKK_RSA
static

◆ object_verify

CK_BBOOL object_verify = CK_TRUE
static

◆ 

struct { ... } piv_cert_tags[]
Initial value:
= {
{ "Certificate for PIV Authentication", "\x5F\xC1\x05" },
{ "Certificate for Digital Signature", "\x5F\xC1\x0A" },
{ "Certificate for Key Management", "\x5F\xC1\x0B" },
{ "Certificate for Card Authentication", "\x5F\xC1\x01" },
}

◆ public_key_filter

CK_ATTRIBUTE public_key_filter[]
static
Initial value:
= {
{ CKA_VERIFY, &object_verify, sizeof(object_verify) },
{ CKA_KEY_TYPE, &object_ktype_rsa, sizeof(object_ktype_rsa) }
}
static CK_OBJECT_CLASS object_class_public_key
Definition: ncrypt_pkcs11.c:95
static CK_BBOOL object_verify
Definition: ncrypt_pkcs11.c:96
static CK_KEY_TYPE object_ktype_rsa
Definition: ncrypt_pkcs11.c:97

◆ tag

BYTE tag[3]