1 /*
2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the License); you may
5 * not use this file except in compliance with the License.
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 */
9
10
11 #include <stdio.h>
12 #include <stdlib.h>
13 #include <string.h>
14 #include <limits.h>
15 #include "skf_int.h"
16 #include "skf_ext.h"
17 #include "skf.h"
18
19
20 #define SKFerr(f,e)
21
SKF_NewECCCipher(ULONG ulCipherLen,ECCCIPHERBLOB ** cipherBlob)22 ULONG DEVAPI SKF_NewECCCipher(ULONG ulCipherLen, ECCCIPHERBLOB **cipherBlob)
23 {
24 ECCCIPHERBLOB *ret = NULL;
25
26 if (!(ret = malloc(sizeof(ECCCIPHERBLOB) - 1 + ulCipherLen))) {
27 SKFerr(SKF_F_SKF_NEWECCCIPHER, ERR_R_MALLOC_FAILURE);
28 return SAR_MEMORYERR;
29 }
30
31 ret->CipherLen = ulCipherLen;
32 *cipherBlob = ret;
33 return SAR_OK;
34 }
35
SKF_NewEnvelopedKey(ULONG ulCipherLen,ENVELOPEDKEYBLOB ** envelopedKeyBlob)36 ULONG DEVAPI SKF_NewEnvelopedKey(ULONG ulCipherLen, ENVELOPEDKEYBLOB **envelopedKeyBlob)
37 {
38 ENVELOPEDKEYBLOB *ret = NULL;
39
40 if (!(ret = malloc(sizeof(ENVELOPEDKEYBLOB) - 1 + ulCipherLen))) {
41 SKFerr(SKF_F_SKF_NEWENVELOPEDKEY, ERR_R_MALLOC_FAILURE);
42 return SAR_MEMORYERR;
43 }
44
45 ret->ECCCipherBlob.CipherLen = ulCipherLen;
46 *envelopedKeyBlob = ret;
47 return SAR_OK;
48 }
49
SKF_OpenDevice(LPSTR devName,BYTE authKey[16],DEVINFO * devInfo,DEVHANDLE * phDev)50 ULONG DEVAPI SKF_OpenDevice(LPSTR devName, BYTE authKey[16], DEVINFO *devInfo, DEVHANDLE *phDev)
51 {
52 ULONG rv;
53 DEVHANDLE hDev = NULL;
54 HANDLE hKey = NULL;
55 ULONG ulTimeOut = 0xffffffff;
56 BYTE authRand[16] = {0};
57 BYTE authData[16] = {0};
58 ULONG authRandLen = SKF_AUTHRAND_LENGTH;
59 ULONG authDataLen = sizeof(authData);
60 BLOCKCIPHERPARAM encParam = {{0}, 0, 0, 0};
61
62 if ((rv = SKF_ConnectDev((LPSTR)devName, &hDev)) != SAR_OK
63 || (rv = SKF_GetDevInfo(hDev, devInfo)) != SAR_OK
64 || (rv = SKF_LockDev(hDev, ulTimeOut)) != SAR_OK
65 || (rv = SKF_GenRandom(hDev, authRand, authRandLen)) != SAR_OK
66 || (rv = SKF_SetSymmKey(hDev, authKey, devInfo->DevAuthAlgId, &hKey)) != SAR_OK
67 || (rv = SKF_EncryptInit(hKey, encParam)) != SAR_OK
68 || (rv = SKF_Encrypt(hKey, authRand, sizeof(authRand), authData, &authDataLen)) != SAR_OK
69 || (rv =SKF_DevAuth(hDev, authData, authDataLen)) != SAR_OK) {
70 SKFerr(SKF_F_SKF_OPENDEVICE, ERR_R_SKF_LIB);
71 goto end;
72 }
73 *phDev = hDev;
74 hDev = NULL;
75
76 end:
77 //OPENSSL_cleanse(authRand, sizeof(authRand));
78 //OPENSSL_cleanse(authData, sizeof(authData));
79 if (hKey && (rv = SKF_CloseHandle(hKey)) != SAR_OK) {
80 SKFerr(SKF_F_SKF_OPENDEVICE, ERR_R_SKF_LIB);
81 }
82 if (hDev && (rv = SKF_DisConnectDev(hDev)) != SAR_OK) {
83 SKFerr(SKF_F_SKF_OPENDEVICE, ERR_R_SKF_LIB);
84 }
85 return rv;
86 }
87
SKF_CloseDevice(DEVHANDLE hDev)88 ULONG DEVAPI SKF_CloseDevice(DEVHANDLE hDev)
89 {
90 ULONG rv;
91 if ((rv = SKF_UnlockDev(hDev)) != SAR_OK) {
92 SKFerr(SKF_F_SKF_CLOSEDEVICE, ERR_R_SKF_LIB);
93 }
94 if ((rv = SKF_DisConnectDev(hDev)) != SAR_OK) {
95 SKFerr(SKF_F_SKF_CLOSEDEVICE, ERR_R_SKF_LIB);
96 }
97 return rv;
98 }
99
100 #if 0
101 ULONG DEVAPI SKF_ImportECCPrivateKey(DEVHANDLE hDev, HCONTAINER hContainer,
102 EC_KEY *ec_key, ULONG symmAlgId)
103 {
104 int ret = 0;
105 ULONG rv;
106 ULONG containerType;
107 ECCPRIVATEKEYBLOB eccPriKeyBlob;
108 BYTE symmKey[16];
109 HANDLE hSymmKey = NULL;
110 BLOCKCIPHERPARAM encParam;
111 ULONG encedPriKeyLen;
112 SKF_PUBLICKEYBLOB signPubKeyBlob;
113 ULONG signPubKeyLen = sizeof(signPubKeyBlob);
114 ENVELOPEDKEYBLOB envelopedKeyBlob;
115
116 /* check container type */
117 if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
118 SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
119 return rv;
120 }
121 if (containerType != SKF_CONTAINER_TYPE_ECC) {
122 SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, SKF_R_CONTAINER_TYPE_NOT_MATCH);
123 return SAR_FAIL;
124 }
125
126 /* get private key and public key */
127 if (!EC_KEY_get_ECCPRIVATEKEYBLOB(ec_key, &eccPriKeyBlob)
128 || !EC_KEY_get_ECCPUBLICKEYBLOB(ec_key, &(envelopedKeyBlob.PubKey))) {
129 SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_GMAPI_LIB);
130 rv = SAR_FAIL;
131 goto end;
132 }
133
134 /* set Version, ulSymmAlgID, ulBits */
135 envelopedKeyBlob.Version = SKF_ENVELOPEDKEYBLOB_VERSION;
136 envelopedKeyBlob.ulSymmAlgID = symmAlgId;
137 envelopedKeyBlob.ulBits = eccPriKeyBlob.BitLen;
138
139 /* encrypt private key with random generated symmkey */
140 if (!rand_bytes(symmKey, sizeof(symmKey))) {
141 SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
142 rv = SAR_FAIL;
143 goto end;
144 }
145 if ((rv = SKF_SetSymmKey(hDev, symmKey, symmAlgId, &hSymmKey)) != SAR_OK) {
146 SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
147 goto end;
148 }
149 encParam.IVLen = 0;
150 encParam.PaddingType = SKF_NO_PADDING;
151 if ((rv = SKF_EncryptInit(hSymmKey, encParam)) != SAR_OK) {
152 SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
153 goto end;
154 }
155 encedPriKeyLen = sizeof(envelopedKeyBlob.cbEncryptedPriKey);
156 if ((rv = SKF_Encrypt(hSymmKey,
157 eccPriKeyBlob.PrivateKey, sizeof(eccPriKeyBlob.PrivateKey),
158 (BYTE *)&(envelopedKeyBlob.cbEncryptedPriKey), &encedPriKeyLen)) != SAR_OK) {
159 SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
160 goto end;
161 }
162 if (encedPriKeyLen != sizeof(eccPriKeyBlob.PrivateKey)) {
163 SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
164 rv = SAR_FAIL;
165 goto end;
166 }
167
168 /* encrypt symmKey */
169 if ((rv = SKF_ExportPublicKey(hContainer, TRUE,
170 (BYTE *)&signPubKeyBlob, &signPubKeyLen)) != SAR_OK) {
171 SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
172 goto end;
173 }
174 if (signPubKeyLen != sizeof(ECCPUBLICKEYBLOB)) {
175 SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
176 rv = SAR_FAIL;
177 goto end;
178 }
179 if ((rv = SKF_ExtECCEncrypt(hDev, (ECCPUBLICKEYBLOB *)&signPubKeyBlob,
180 symmKey, sizeof(symmKey), &(envelopedKeyBlob.ECCCipherBlob))) != SAR_OK) {
181 SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
182 goto end;
183 }
184
185 ret = 1;
186 end:
187 OPENSSL_cleanse(&eccPriKeyBlob, sizeof(eccPriKeyBlob));
188 OPENSSL_cleanse(symmKey, sizeof(symmKey));
189 if (hSymmKey && SKF_CloseHandle(hSymmKey) != SAR_OK) {
190 SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
191 ret = 0;
192 }
193 return ret;
194 }
195
196 ULONG DEVAPI SKF_ImportRSAPrivateKey(DEVHANDLE hDev, HCONTAINER hContainer,
197 RSA *rsa, ULONG symmAlgId)
198 {
199 ULONG rv;
200 ULONG containerType;
201 RSAPRIVATEKEYBLOB rsaPriKeyBlob;
202 unsigned char symmKey[16];
203 RSAPUBLICKEYBLOB rsaPubKeyBlob;
204 ULONG rsaPubKeyLen = sizeof(rsaPubKeyBlob);
205 BYTE wrappedKey[MAX_RSA_MODULUS_LEN];
206 ULONG wrappedKeyLen = sizeof(wrappedKey);
207 EVP_CIPHER_CTX *cctx = NULL;
208 unsigned char *p;
209 int len;
210 BYTE encedPriKey[sizeof(RSAPRIVATEKEYBLOB) + 16*2];
211 ULONG encedPriKeyLen = sizeof(encedPriKey);
212
213
214 if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
215 SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
216 return rv;
217 }
218 if (containerType != SKF_CONTAINER_TYPE_RSA) {
219 SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
220 return SAR_FAIL;
221 }
222
223 if (!RSA_get_RSAPRIVATEKEYBLOB(rsa, &rsaPriKeyBlob)) {
224 SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
225 goto end;
226 }
227
228 /* generate symmkey */
229 /* wrap symmkey with signing public key */
230 if (!rand_bytes(symmKey, sizeof(symmKey))) {
231 SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
232 goto end;
233 }
234 if ((rv = SKF_ExportPublicKey(hContainer, SGD_TRUE,
235 (BYTE *)&rsaPubKeyBlob, &rsaPubKeyLen)) != SAR_OK) {
236 SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
237 goto end;
238 }
239 if (!(rsa = RSA_new_from_RSAPUBLICKEYBLOB(&rsaPubKeyBlob))) {
240 SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
241 goto end;
242 }
243 if ((len = RSA_public_encrypt(sizeof(symmKey), symmKey, wrappedKey,
244 rsa, RSA_PKCS1_PADDING)) != rsaPriKeyBlob.BitLen / 8) {
245 goto end;
246 }
247 wrappedKeyLen = (ULONG)len;
248
249 /* encrypt private key with symmkey in ECB mode */
250 if (!(cctx = EVP_CIPHER_CTX_new())) {
251 SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
252 goto end;
253 }
254 if (!EVP_EncryptInit_ex(cctx, EVP_sms4_ecb(), NULL, symmKey, NULL)) {
255 SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_EVP_LIB);
256 goto end;
257 }
258 p = encedPriKey;
259 if (!EVP_EncryptUpdate(cctx, p, &len, (unsigned char *)&rsaPriKeyBlob,
260 sizeof(RSAPRIVATEKEYBLOB))) {
261 SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_EVP_LIB);
262 goto end;
263 }
264 p += len;
265 if (!EVP_EncryptFinal_ex(cctx, p, &len)) {
266 SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_EVP_LIB);
267 goto end;
268 }
269 p += len;
270 encedPriKeyLen = p - encedPriKey;
271
272 /* import */
273 if ((rv = SKF_ImportRSAKeyPair(hContainer, symmAlgId, wrappedKey, wrappedKeyLen,
274 encedPriKey, encedPriKeyLen)) != SAR_OK) {
275 SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
276 goto end;
277 }
278
279 end:
280 OPENSSL_cleanse(&rsaPriKeyBlob, sizeof(rsaPriKeyBlob));
281 OPENSSL_cleanse(symmKey, sizeof(symmKey));
282 OPENSSL_cleanse(wrappedKey, sizeof(wrappedKey));
283 EVP_CIPHER_CTX_free(cctx);
284 return rv;
285 }
286
287 ULONG DEVAPI SKF_ImportPrivateKey(DEVHANDLE hDev, HCONTAINER hContainer,
288 EVP_PKEY *pkey, ULONG symmAlgId)
289 {
290 ULONG rv;
291 switch (EVP_PKEY_id(pkey)) {
292 case EVP_PKEY_EC:
293 if ((rv = SKF_ImportECCPrivateKey(hDev, hContainer,
294 EVP_PKEY_get0_EC_KEY(pkey), symmAlgId)) != SAR_OK) {
295 SKFerr(SKF_F_SKF_IMPORTPRIVATEKEY, ERR_R_SKF_LIB);
296 return rv;
297 }
298 break;
299 case EVP_PKEY_RSA:
300 if ((rv = SKF_ImportRSAPrivateKey(hDev, hContainer,
301 EVP_PKEY_get0_RSA(pkey), symmAlgId)) != SAR_OK) {
302 SKFerr(SKF_F_SKF_IMPORTPRIVATEKEY, ERR_R_SKF_LIB);
303 return rv;
304 }
305 break;
306 default:
307 SKFerr(SKF_F_SKF_IMPORTPRIVATEKEY,
308 SKF_R_UNSUPPORTED_PRIVATE_KEY_TYPE);
309 return SAR_FAIL;
310 }
311 return SAR_OK;
312 }
313
314 ULONG DEVAPI SKF_ExportECCPublicKey(HCONTAINER hContainer, BOOL bSign, EC_KEY **ec_key)
315 {
316 ULONG rv;
317 ULONG containerType;
318 BYTE pubKeyBlob[sizeof(SKF_PUBLICKEYBLOB)];
319 ECCPUBLICKEYBLOB *pubKey = (ECCPUBLICKEYBLOB *)pubKeyBlob;
320 ULONG pubKeyLen = sizeof(SKF_PUBLICKEYBLOB);
321
322 if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
323 SKFerr(SKF_F_SKF_EXPORTECCPUBLICKEY, ERR_R_SKF_LIB);
324 return rv;
325 }
326 if (containerType != SKF_CONTAINER_TYPE_ECC) {
327 SKFerr(SKF_F_SKF_EXPORTECCPUBLICKEY, SKF_R_CONTAINER_TYPE_NOT_MATCH);
328 return SAR_FAIL;
329 }
330
331 if ((rv = SKF_ExportPublicKey(hContainer, bSign,
332 pubKeyBlob, &pubKeyLen)) != SAR_OK) {
333 SKFerr(SKF_F_SKF_EXPORTECCPUBLICKEY, ERR_R_SKF_LIB);
334 return rv;
335 }
336 if (pubKeyLen != sizeof(ECCPUBLICKEYBLOB)) {
337 SKFerr(SKF_F_SKF_EXPORTECCPUBLICKEY, ERR_R_SKF_LIB);
338 return SAR_FAIL;
339 }
340
341 if (!(*ec_key = EC_KEY_new_from_ECCPUBLICKEYBLOB(pubKey))) {
342 SKFerr(SKF_F_SKF_EXPORTECCPUBLICKEY, SKF_R_INVALID_ECC_PUBLIC_KEY);
343 return SAR_FAIL;
344 }
345 return SAR_OK;
346 }
347
348 ULONG DEVAPI SKF_ExportRSAPublicKey(HCONTAINER hContainer, BOOL bSign, RSA **rsa)
349 {
350 ULONG rv;
351 ULONG containerType;
352 BYTE pubKeyBlob[sizeof(SKF_PUBLICKEYBLOB)];
353 RSAPUBLICKEYBLOB *pubKey = (RSAPUBLICKEYBLOB *)pubKeyBlob;
354 ULONG pubKeyLen = sizeof(SKF_PUBLICKEYBLOB);
355
356 if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
357 SKFerr(SKF_F_SKF_EXPORTRSAPUBLICKEY, ERR_R_SKF_LIB);
358 return rv;
359 }
360 if (containerType != SKF_CONTAINER_TYPE_RSA) {
361 SKFerr(SKF_F_SKF_EXPORTRSAPUBLICKEY, SKF_R_CONTAINER_TYPE_NOT_MATCH);
362 return SAR_FAIL;
363 }
364
365 if ((rv = SKF_ExportPublicKey(hContainer, bSign,
366 pubKeyBlob, &pubKeyLen)) != SAR_OK) {
367 SKFerr(SKF_F_SKF_EXPORTRSAPUBLICKEY, ERR_R_SKF_LIB);
368 return rv;
369 }
370 if (pubKeyLen != sizeof(RSAPUBLICKEYBLOB)) {
371 SKFerr(SKF_F_SKF_EXPORTRSAPUBLICKEY, ERR_R_SKF_LIB);
372 return SAR_FAIL;
373 }
374
375 if (!(*rsa = RSA_new_from_RSAPUBLICKEYBLOB(pubKey))) {
376 SKFerr(SKF_F_SKF_EXPORTRSAPUBLICKEY, SKF_R_INVALID_RSA_PUBLIC_KEY);
377 return SAR_FAIL;
378 }
379 return SAR_OK;
380 }
381
382 ULONG DEVAPI SKF_ExportEVPPublicKey(HCONTAINER hContainer, BOOL bSign, EVP_PKEY **pp)
383 {
384 ULONG rv;
385 ULONG containerType;
386 EVP_PKEY *pkey = NULL;
387
388 if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
389 SKFerr(SKF_F_SKF_EXPORTEVPPUBLICKEY, ERR_R_SKF_LIB);
390 return rv;
391 }
392
393 if (!(pkey = EVP_PKEY_new())) {
394 SKFerr(SKF_F_SKF_EXPORTEVPPUBLICKEY, ERR_R_MALLOC_FAILURE);
395 return SAR_MEMORYERR;
396 }
397
398 if (containerType == SKF_CONTAINER_TYPE_ECC) {
399 EC_KEY *ec_key = NULL;
400 if ((rv = SKF_ExportECCPublicKey(hContainer, bSign,
401 &ec_key)) != SAR_OK) {
402 SKFerr(SKF_F_SKF_EXPORTEVPPUBLICKEY, ERR_R_SKF_LIB);
403 goto end;
404 }
405 if (!EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
406 EC_KEY_free(ec_key);
407 rv = SAR_FAIL;
408 goto end;
409 }
410
411 } else if (containerType == SKF_CONTAINER_TYPE_RSA) {
412 RSA *rsa = NULL;
413 if ((rv = SKF_ExportRSAPublicKey(hContainer, bSign,
414 &rsa)) != SAR_OK) {
415 SKFerr(SKF_F_SKF_EXPORTEVPPUBLICKEY, ERR_R_SKF_LIB);
416 goto end;
417 }
418 if (!EVP_PKEY_assign_RSA(pkey, rsa)) {
419 RSA_free(rsa);
420 rv = SAR_FAIL;
421 goto end;
422 }
423
424 } else {
425 SKFerr(SKF_F_SKF_EXPORTEVPPUBLICKEY, SKF_R_INVALID_CONTAINER_TYPE);
426 rv = SAR_FAIL;
427 goto end;
428 }
429
430 *pp = pkey;
431 pkey = NULL;
432 rv = SAR_OK;
433
434 end:
435 EVP_PKEY_free(pkey);
436 return rv;
437 }
438 #endif
439
440 /*
441 ULONG DEVAPI SKF_ImportX509Certificate(HCONTAINER hContainer, BOOL bSign, X509 *x509)
442 {
443 int ret = 0;
444 ULONG containerType;
445 unsigned char *cert = NULL;
446 unsigned char *p;
447 int len;
448
449 if (SKF_GetContainerType(hContainer, &containerType) != SAR_OK) {
450 return 0;
451 }
452 if (containerType == SKF_CONTAINER_TYPE_UNDEF) {
453 return 0;
454 }
455
456 switch (EVP_PKEY_id(X509_get0_pubkey(x509))) {
457 case EVP_PKEY_EC:
458 if (containerType != SKF_CONTAINER_TYPE_ECC) {
459 goto end;
460 }
461 if (!EC_KEY_is_sm2p256v1(EVP_PKEY_get0_EC_KEY(X509_get0_pubkey(x509)))) {
462 goto end;
463 }
464 break;
465
466 case EVP_PKEY_RSA:
467 if (containerType != SKF_CONTAINER_TYPE_RSA) {
468 goto end;
469 }
470 break;
471 default:
472 goto end;
473 }
474
475 if (X509_get_key_usage(x509) & (KU_DIGITAL_SIGNATURE|
476 KU_NON_REPUDIATION|KU_KEY_CERT_SIGN|KU_CRL_SIGN)) {
477 bSign = SGD_TRUE;
478 } else if (X509_get_key_usage(x509) & (KU_KEY_ENCIPHERMENT|
479 KU_DATA_ENCIPHERMENT|KU_KEY_AGREEMENT|KU_ENCIPHER_ONLY)) {
480 bSign = SGD_FALSE;
481 } else {
482 goto end;
483 }
484
485 if ((len = i2d_X509(x509, NULL)) <= 0
486 || !(p = cert = malloc(len))
487 || (len = i2d_X509(x509, &p)) <= 0) {
488 goto end;
489 }
490
491 if (SKF_ImportCertificate(hContainer, bSign, cert, (ULONG)len) != SAR_OK) {
492 goto end;
493 }
494
495 ret = 1;
496 end:
497 X509_free(x509);
498 OPENSSL_free(cert);
499 return ret;
500 }
501
502 ULONG DEVAPI SKF_ImportX509CertificateByKeyUsage(HCONTAINER hContainer, X509 *x509)
503 {
504 ULONG rv;
505 BOOL bSign;
506
507 if (X509_get_key_usage(x509) & (KU_DIGITAL_SIGNATURE|
508 KU_NON_REPUDIATION|KU_KEY_CERT_SIGN|KU_CRL_SIGN)) {
509 bSign = SGD_TRUE;
510 } else if (X509_get_key_usage(x509) & (KU_KEY_ENCIPHERMENT|
511 KU_DATA_ENCIPHERMENT|KU_KEY_AGREEMENT|KU_ENCIPHER_ONLY)) {
512 bSign = SGD_FALSE;
513 } else {
514 SKFerr(SKF_F_SKF_IMPORTX509CERTIFICATEBYKEYUSAGE,
515 SKF_R_UNKNOWN_CERTIFICATE_KEYUSAGE);
516 return SAR_FAIL;
517 }
518
519 if ((rv = SKF_ImportX509Certificate(hContainer, bSign, x509)) != SAR_OK) {
520 SKFerr(SKF_F_SKF_IMPORTX509CERTIFICATEBYKEYUSAGE, ERR_R_SKF_LIB);
521 return rv;
522 }
523
524 return SAR_OK;
525 }
526
527 ULONG DEVAPI SKF_ExportX509Certificate(HCONTAINER hContainer, BOOL bSign, X509 **px509)
528 {
529 ULONG rv = SAR_FAIL;
530 BYTE *pbCert = NULL;
531 ULONG ulCertLen;
532 const unsigned char *p;
533 X509 *x509 = NULL;
534
535 ulCertLen = SKF_MAX_CERTIFICATE_SIZE;
536 if (!(pbCert = malloc(ulCertLen))) {
537 SKFerr(SKF_F_SKF_EXPORTX509CERTIFICATE, ERR_R_MALLOC_FAILURE);
538 rv = SAR_MEMORYERR;
539 goto end;
540 }
541 if ((rv = SKF_ExportCertificate(hContainer, bSign,
542 pbCert, &ulCertLen)) != SAR_OK) {
543 SKFerr(SKF_F_SKF_EXPORTX509CERTIFICATE, ERR_R_SKF_LIB);
544 goto end;
545 }
546
547 p = pbCert;
548 if (!(x509 = d2i_X509(NULL, &p, (long)ulCertLen))) {
549 SKFerr(SKF_F_SKF_EXPORTX509CERTIFICATE,
550 SKF_R_PARSE_CERTIFICATE_FAILURE);
551 goto end;
552 }
553 if (p - pbCert != ulCertLen) {
554 SKFerr(SKF_F_SKF_EXPORTX509CERTIFICATE,
555 SKF_R_PARSE_CERTIFICATE_FAILURE);
556 goto end;
557 }
558
559 *px509 = x509;
560 x509 = NULL;
561 rv = SAR_OK;
562
563 end:
564 OPENSSL_free(pbCert);
565 X509_free(x509);
566 return rv;
567 }
568 */
569