cryptool.cpp
资源名称:pkcs11.rar [点击查看]
上传用户:filter2008
上传日期:2013-02-01
资源大小:101k
文件大小:21k
源码类别:
CA认证
开发平台:
C/C++
- #include <stdio.h>
- #include <stdlib.h>
- #include <memory.h>
- #include <errno.h>
- #include <string.h>
- #include<windows.h>
- #include <wincrypt.h>
- #include <time.h>
- #include "cryptool.h"
- #define CK_API __stdcall
- typedef void * SYS_HANDLE;
- typedef int ( CK_API *CK_PFUNCTION)();
- SYS_HANDLE dllPtr;
- int traceLevel=0;
- bool initializeDone=false;
- CK_RV init(CK_FUNCTION_LIST_PTR CK_PTR pFunctionList){
- CK_RV rc; // Return Code
- CK_C_GetFunctionList pFuncList;
- /* Open the PKCS11 API shared library*/
- int l = 50;
- char buf[50 + 1];
- int rl;
- rl = GetPrivateProfileString( SECTION_PKCS_NAME, KEY_PKCS_NAME ,"",(char *) buf, 51,CSP_PKCS11_INI);
- if(rl==0)
- return CKR_CANCEL;
- dllPtr = LoadLibrary(buf);
- if (!dllPtr) {
- return CKR_CANCEL;
- }
- // Get the list of the PKCS11 functions this token supports
- pFuncList = (CK_C_GetFunctionList)GetProcAddress((HINSTANCE)dllPtr,(LPCSTR)"C_GetFunctionList");
- if (!pFuncList) {
- rc = errno;
- return rc;
- }
- //pFuncList(&FunctionPtr);
- (*pFuncList)(pFunctionList);
- rc=initialize(*pFunctionList,NULL_PTR);
- if (rc != CKR_OK) {
- cleanup(*pFunctionList);
- return CKR_CANCEL;
- }
- initializeDone=true;
- return CKR_OK;
- }
- /*
- %--------------------------------------------------------------------------
- % cleanup
- %
- % R鬺e : cleanup est utilis閑 pour lib閞er la dll PKCS
- %
- %
- % Param鑤res d'entr閑 :
- % IN
- %
- % Valeur retourn閑 : TRUE si l'op閞ation s'est bien pass閑
- % FALSE sinon
- %---------------------------------------------------------------------------
- */
- CK_RV cleanup(CK_FUNCTION_LIST_PTR pFunctionList){
- CK_RV rc=CKR_OK; // Return Code
- /* To clean up we will free the slot list we create, call the Finalize
- * routine for PKCS11 and close the dynamically linked library */
- if(initializeDone){
- initializeDone=false;
- rc = pFunctionList->C_Finalize(NULL);
- if(rc!=CKR_OK)
- return rc;
- }
- return CKR_OK;
- }
- /*
- %--------------------------------------------------------------------------
- % initialize
- %
- % R鬺e : initialize est utilis閑 pour initialiser la dll PKCS
- %
- %
- % Param鑤res d'entr閑 :
- % IN
- %
- % Valeur retourn閑 : TRUE si l'op閞ation s'est bien pass閑
- % FALSE sinon
- %---------------------------------------------------------------------------
- */
- CK_RV initialize(CK_FUNCTION_LIST_PTR pFunctionList, char * pReserved) {
- CK_RV rv=CKR_OK;
- CK_C_INITIALIZE_ARGS initArgs;
- if (pReserved!=NULL_PTR) {
- initArgs.CreateMutex=NULL_PTR;
- initArgs.DestroyMutex=NULL_PTR;
- initArgs.LockMutex=NULL_PTR;
- initArgs.UnlockMutex=NULL_PTR;
- initArgs.flags=0;
- initArgs.pReserved=pReserved;
- }
- rv = (*pFunctionList->C_Initialize)(pReserved==NULL_PTR?NULL_PTR:&initArgs);
- return rv;
- }
- CK_BBOOL isPrivKeySupportSign(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPrivKey)
- {
- CK_RV rv=CKR_OK;
- CK_BBOOL bbool;
- CK_ATTRIBUTE templateAttr [] =
- {
- {CKA_SIGN,&bbool,sizeof(CK_BBOOL)}
- };
- rv = (*pFunctionList->C_GetAttributeValue)(hSession,hPrivKey,templateAttr,1);
- return bbool;
- }
- CK_RV getKeyFromX509Cert(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phKey,
- CK_OBJECT_HANDLE hCert,
- CK_OBJECT_CLASS keyClass, int occurence)
- {
- CK_RV rv=CKR_OK;
- CK_ULONG keyIdLen=256;
- CK_ULONG subjectLen=256;
- CK_ULONG keyListLen=10;
- CK_OBJECT_HANDLE_PTR phKeyList = (CK_OBJECT_HANDLE_PTR)malloc(keyListLen*sizeof(CK_OBJECT_HANDLE));
- CK_BYTE_PTR subject = NULL;
- CK_ULONG nbAttribut=0;
- CK_BYTE_PTR keyId = NULL;
- CK_ATTRIBUTE KeyTemplate[] = {
- {CKA_CLASS,&keyClass,sizeof(keyClass)},
- {CKA_ID,keyId,keyIdLen},
- {CKA_SUBJECT,subject,subjectLen}
- };
- if ( phKeyList == NULL)
- {
- return CKR_HOST_MEMORY;
- }
- rv = getX509KeyId(pFunctionList, hSession, hCert, NULL_PTR, &keyIdLen);
- if (rv!=CKR_OK) {
- free(phKeyList);
- return rv;
- }
- keyId = (CK_BYTE_PTR) malloc(keyIdLen*sizeof(CK_BYTE));
- if ( keyId == NULL)
- {
- free(phKeyList);
- return CKR_HOST_MEMORY;
- }
- rv = getX509KeyId(pFunctionList, hSession, hCert, keyId, &keyIdLen);
- if (rv!=CKR_OK) {
- free(phKeyList);
- free(keyId);
- return rv;
- }
- nbAttribut=2;
- if (keyClass==CKO_PRIVATE_KEY) {
- rv = getX509Subject(pFunctionList, hSession, hCert, NULL_PTR, &subjectLen);
- if (rv!=CKR_OK) {
- }
- else
- {
- subject = (CK_BYTE_PTR) malloc(subjectLen*sizeof(CK_BYTE));
- if ( subject == NULL)
- {
- }
- else
- {
- rv = getX509Subject(pFunctionList, hSession, hCert, subject, &subjectLen);
- /* DREN le 10/12/2002: Au cas ou le subject n'existerait pas ou
- serait faux ( ne commencant pas par 0x30 ASN1) ce n'est pas une erreur!
- if (rv!=CKR_OK) */
- if (rv!=CKR_OK || subject [0] != ' x30')
- {
- /*
- free(phKeyList);
- free(keyId);
- free(subject);
- return rv; */
- /* DREN le 10/12/2002: Fin */
- }
- else
- {
- nbAttribut=3;
- KeyTemplate[2].type = CKA_SUBJECT;
- KeyTemplate[2].pValue = subject;
- KeyTemplate[2].ulValueLen = subjectLen;
- }
- }
- }
- }
- KeyTemplate[0].type = CKA_CLASS;
- KeyTemplate[0].pValue = &keyClass;
- KeyTemplate[0].ulValueLen = sizeof(keyClass);
- KeyTemplate[1].type = CKA_ID;
- KeyTemplate[1].pValue = keyId;
- KeyTemplate[1].ulValueLen = keyIdLen;
- rv = (*pFunctionList->C_FindObjectsInit)(hSession,KeyTemplate,nbAttribut);
- if (rv == CKR_OK)
- {
- CK_ULONG ulObjectCount=keyListLen;
- int index = 0;
- while (1)
- {
- rv = (*pFunctionList->C_FindObjects)(hSession,phKeyList,keyListLen, &ulObjectCount);
- if ( (rv != CKR_OK) || (ulObjectCount == 0) ) break;
- if (index == occurence) {
- *phKey=phKeyList[index];
- /*CK_ULONG keySubjectLen=256;
- CK_BYTE_PTR keySubject = (CK_BYTE_PTR) malloc(keySubjectLen);
- memset(keySubject, 0, keySubjectLen);
- rv = getKeySubject(hSession, *phKey, keySubject, &keySubjectLen);
- free(keySubject);*/
- break;
- }
- index ++;
- }
- rv = (*pFunctionList->C_FindObjectsFinal)(hSession);
- if (ulObjectCount == 0)
- rv=-1;
- } else {
- }
- free(phKeyList);
- if ( keyId != NULL)
- free(keyId);
- if ( subject != NULL)
- free(subject);
- return rv;
- }
- CK_RV getX509KeyId(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hCert,
- CK_BYTE_PTR keyId, CK_ULONG_PTR plenKeyId
- )
- {
- CK_RV rv=CKR_OK;
- CK_ATTRIBUTE templateAttr[] =
- {
- {CKA_ID,keyId,*plenKeyId}
- };
- rv = (*pFunctionList->C_GetAttributeValue)(hSession,hCert,templateAttr,1);
- *plenKeyId=templateAttr[0].ulValueLen;
- return rv;
- }
- CK_RV getX509Subject(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hCert,
- CK_BYTE_PTR subject, CK_ULONG_PTR pSubjectLen
- )
- {
- CK_RV rv=CKR_OK;
- CK_ATTRIBUTE templateAttr [] =
- {
- {CKA_SUBJECT,subject,*pSubjectLen}
- };
- rv = (*pFunctionList->C_GetAttributeValue)(hSession,hCert,templateAttr,1);
- *pSubjectLen=templateAttr[0].ulValueLen;
- return rv;
- }
- CK_RV getX509Label(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hCert,
- CK_BYTE_PTR label, CK_ULONG_PTR plabelLen
- )
- {
- CK_RV rv=CKR_OK;
- CK_ATTRIBUTE templateAttr [] =
- {
- {CKA_LABEL,label,*plabelLen}
- };
- rv = (*pFunctionList->C_GetAttributeValue)(hSession,hCert,templateAttr,1);
- *plabelLen=templateAttr[0].ulValueLen;
- return rv;
- }
- CK_RV getX509Issuer(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hCert,
- CK_BYTE_PTR issuer, CK_ULONG_PTR pIssuerLen)
- {
- CK_RV rv=CKR_OK;
- CK_ATTRIBUTE templateAttr [] =
- {
- {CKA_ISSUER,issuer,*pIssuerLen}
- };
- rv = (*pFunctionList->C_GetAttributeValue)(hSession,hCert,templateAttr,1);
- *pIssuerLen=templateAttr[0].ulValueLen;
- return rv;
- }
- CK_RV login(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_CHAR_PTR pinCode, CK_ULONG len)
- {
- CK_RV rv=CKR_OK;
- //trying to log using pin number
- rv = (*pFunctionList->C_Login)(hSession,CKU_USER,pinCode,len);
- if (rv == CKR_OK)
- {
- return rv;
- }
- return rv;
- }
- CK_RV logout(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession)
- {
- CK_RV rv=CKR_OK;
- rv = (*pFunctionList->C_Logout)(hSession);
- return rv;
- }
- CK_RV getAllX509CertificateList(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phCertList, CK_ULONG_PTR pCertListSize)
- /* DREN le 11/07/2002 : Fin */
- {
- CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
- CK_CERTIFICATE_TYPE certType = CKC_X_509;
- CK_ATTRIBUTE certTemplate[] = {
- {CKA_CLASS,&certClass,sizeof(certClass)},
- {CKA_CERTIFICATE_TYPE,&certType,sizeof(certType)}
- };
- return getCertListFromAttr(pFunctionList, hSession, certTemplate, sizeof(certTemplate)/sizeof(CK_ATTRIBUTE), phCertList, pCertListSize);
- }
- CK_RV getCertListFromAttr(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pCertTemplate, CK_ULONG certTemplateSize, CK_OBJECT_HANDLE_PTR phCertList, CK_ULONG_PTR pCertListSize)
- {
- CK_RV rv=CKR_OK;
- rv = (*pFunctionList->C_FindObjectsInit)(hSession,pCertTemplate,certTemplateSize);
- if (rv == CKR_OK)
- {
- rv = (*pFunctionList->C_FindObjects)(hSession,phCertList,*pCertListSize, pCertListSize);
- if ( (rv != CKR_OK) || (*pCertListSize == 0) )
- if (*pCertListSize == 0)
- rv=-1;
- rv = (*pFunctionList->C_FindObjectsFinal)(hSession);
- }
- return rv;
- }
- CK_RV getPrivateKeyFromX509Cert(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phKey, CK_OBJECT_HANDLE hCert)
- {
- return getKeyFromX509Cert(pFunctionList, hSession,phKey, hCert, CKO_PRIVATE_KEY,0);
- }
- CK_RV getPublicKeyFromX509Cert(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phKey, CK_OBJECT_HANDLE hCert)
- {
- return getKeyFromX509Cert(pFunctionList, hSession,phKey, hCert, CKO_PUBLIC_KEY,0);
- }
- CK_RV getKeyType(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey,
- CK_KEY_TYPE * keyType)
- {
- CK_RV rv=CKR_OK;
- CK_ATTRIBUTE templateAttr [] =
- {
- {CKA_KEY_TYPE,keyType,sizeof(CK_KEY_TYPE)}
- };
- rv = (*pFunctionList->C_GetAttributeValue)(hSession,hKey,templateAttr,1);
- return rv;
- }
- CK_RV getSlotListWithToken(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID_PTR tokenInSlotList, CK_ULONG_PTR pTokenInSlotListSize)
- {
- CK_RV rv=CKR_OK;
- CK_ULONG ulCount;
- CK_SLOT_ID_PTR pSlotList;
- CK_SLOT_INFO slotInfo;
- int i = 0;
- rv = (*pFunctionList->C_GetSlotList)(FALSE,NULL_PTR,&ulCount);
- if ( (rv== CKR_OK) && (ulCount>0))
- {
- //Get slot list
- pSlotList = (CK_SLOT_ID_PTR) malloc(ulCount*sizeof(CK_SLOT_ID));
- rv = (*pFunctionList->C_GetSlotList)(FALSE,pSlotList,&ulCount);
- if (rv == CKR_OK)
- {
- for (unsigned int j=0; j<min(ulCount,*pTokenInSlotListSize); j++) {
- //Get slot information for slotId
- rv = (*pFunctionList->C_GetSlotInfo)(pSlotList[j], &slotInfo);
- if ((rv == CKR_OK)&&((slotInfo.flags & CKF_TOKEN_PRESENT) != 0)) {
- tokenInSlotList[i] = pSlotList[j];
- i++;
- }
- }
- }
- free(pSlotList);
- }
- *pTokenInSlotListSize=i;
- return rv;
- }
- CK_RV openSession(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID slotId, CK_SESSION_HANDLE_PTR phSession)
- {
- CK_RV rv=CKR_OK;
- //open session with token
- rv = (*pFunctionList->C_OpenSession)(slotId,CKF_SERIAL_SESSION,NULL_PTR,NULL_PTR,phSession);
- return rv;
- }
- CK_RV closeSession(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession)
- {
- CK_RV rv=CKR_OK;
- rv = (*pFunctionList->C_CloseSession)(hSession);
- return rv;
- }
- CK_RV getX509Value(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hCert,
- CK_BYTE_PTR value, CK_ULONG_PTR plenValue
- )
- {
- CK_RV rv=CKR_OK;
- if ( getTraceLevel() > 1)
- TRACE_local(__LINE__,"getX509Value():");
- CK_ATTRIBUTE templateAttr [] =
- {
- {CKA_VALUE,value,*plenValue}
- };
- rv = (*pFunctionList->C_GetAttributeValue)(hSession,hCert,templateAttr,1);
- *plenValue=templateAttr[0].ulValueLen;
- if ( getTraceLevel() > 1)
- TRACE_local(__LINE__,"C_GetAttributeValue()=0x%x",rv);
- return rv;
- }
- CK_RV getSlotList(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pSlotListSize)
- {
- CK_RV rv= (*pFunctionList->C_GetSlotList)(FALSE,pSlotList,pSlotListSize);
- return rv;
- }
- CK_RV waitForSlotEvent(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID_PTR pSlotId)
- {
- CK_RV rv=CKR_OK;
- CK_FLAGS flags = 0;
- rv = (*pFunctionList->C_WaitForSlotEvent)(flags, pSlotId, NULL_PTR);
- return rv;
- }
- bool propCertChain(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hCert,unsigned char * valuecert,unsigned long valuecertLen){
- HCERTSTORE hCertStore = NULL;
- PCCERT_CONTEXT pCertContext,pDesiredCert;
- HCRYPTPROV hProv;
- bool root=FALSE;
- CK_BYTE_PTR pSubject;
- CK_ULONG subjectLen=0;
- CK_BYTE_PTR pIssuer;
- CK_ULONG issuerLen=0;
- CK_RV rv=CKR_OK;
- TRACE_local(__LINE__,"propCertChain : BEGIN",NULL);
- /* on r閏up鑢e le subject name*/
- rv = getX509Subject(pFunctionList, hSession, hCert,NULL_PTR, &subjectLen);
- if (rv!=CKR_OK)
- return false;
- pSubject=(CK_BYTE_PTR) malloc(subjectLen*sizeof(CK_BYTE));
- rv = getX509Subject( pFunctionList, hSession, hCert,pSubject, &subjectLen);
- if(rv!=CKR_OK)
- {
- free(pSubject);
- return false;
- }
- TRACE_local(__LINE__,"pSubject : %s",pSubject);
- /* on r閏up鑢e l'issuer name*/
- rv = getX509Issuer(pFunctionList, hSession, hCert,NULL_PTR, &issuerLen);
- if (rv!=CKR_OK){
- free(pSubject);
- return false;
- }
- pIssuer=(CK_BYTE_PTR) malloc(issuerLen*sizeof(CK_BYTE));
- rv = getX509Issuer( pFunctionList, hSession, hCert,pIssuer, &issuerLen);
- if(rv!=CKR_OK)
- {
- free(pIssuer);
- free(pSubject);
- return false;
- }
- TRACE_local(__LINE__,"pIssuer : %s",pIssuer);
- if(memcmp(pIssuer,pSubject,issuerLen)==0)
- root=true;
- free(pSubject);
- free(pIssuer);
- if (RCRYPT_FAILED(CryptAcquireContext(&hProv,NULL,NULL,PROV_RSA_FULL,CRYPT_VERIFYCONTEXT )))
- {
- DWORD dw=GetLastError();
- TRACE_local(__LINE__,"CryptAcquireContext ERROR: %d",dw);
- return false;
- }
- // Open the user's specified store for writing.
- //
- if(root)
- hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_W,
- 0,
- hProv,
- CERT_STORE_NO_CRYPT_RELEASE_FLAG |
- CERT_SYSTEM_STORE_CURRENT_USER,
- L"Root");
- else
- hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_W,
- 0,
- hProv,
- CERT_STORE_NO_CRYPT_RELEASE_FLAG |
- CERT_SYSTEM_STORE_CURRENT_USER,
- L"CA");
- if (NULL == hCertStore){
- TRACE_local(__LINE__,"CertOpenStore FAILED ",NULL);
- return false;
- }
- //
- // Build certificate context for this certificate.
- //
- pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING,
- valuecert,
- valuecertLen);
- if (pCertContext == NULL)
- {
- TRACE_local(__LINE__,"CertCreateCertificateContext FAILED ",NULL);
- return false;
- }
- if(pDesiredCert=CertFindCertificateInStore(
- hCertStore,
- X509_ASN_ENCODING,
- 0,
- CERT_FIND_EXISTING,
- pCertContext,
- NULL))
- {
- TRACE_local(__LINE__,"propCertChain CERTIFICATE ALREADY INSTALLED TRUE",NULL);
- if (pCertContext != NULL)
- CertFreeCertificateContext(pCertContext);
- CryptReleaseContext(hProv,0);
- if (hCertStore != NULL)
- CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
- return true;
- }
- //
- // Put the cert in the store!
- //
- if (!CertAddCertificateContextToStore(hCertStore,
- pCertContext,
- CERT_STORE_ADD_REPLACE_EXISTING,
- // or CERT_STORE_ADD_NEW
- NULL))
- {
- TRACE_local(__LINE__,"CertAddCertificateContextToStore FAILED ",NULL);
- return false;
- }
- if (pCertContext != NULL)
- {
- CertFreeCertificateContext(pCertContext);
- }
- CryptReleaseContext(hProv,0);
- if (hCertStore != NULL)
- {
- CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
- }
- TRACE_local(__LINE__,"propCertChain : TRUE",NULL);
- return true;
- }
- /*
- %--------------------------------------------------------------------------
- % propCert
- %
- % R鬺e : La fonction propCert est utilis閑 pour ins閞er des certificats
- % vers CAPI