C_CreateObject support on Starcos (iKey3000)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

C_CreateObject support on Starcos (iKey3000)

Alexandre Belloni
Hello,

I'd like to have confirmation that C_CreateObject is not implemented for
iKey3000. The key keeps answering CKR_FUNCTION_NOT_SUPPORTED when I try
to create an object of type CKO_DATA. Maybe I'm doing something wrong
but it is code that work under windows (without using opensc).

Best regards,

--
Alexandre Belloni

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: C_CreateObject support on Starcos (iKey3000)

Geoffrey Elgey
G'day,

Alexandre Belloni wrote:
> I'd like to have confirmation that C_CreateObject is not implemented for
> iKey3000. The key keeps answering CKR_FUNCTION_NOT_SUPPORTED when I try
> to create an object of type CKO_DATA. Maybe I'm doing something wrong
> but it is code that work under windows (without using opensc).

Creating a data object is currently not supported by opensc. I've
attached a small patch that creates data objects, but this is limited to
public data objects only. When I get some time I'll work on adding
CKA_PRIVATE support.

-- Geoff

--- src/pkcs11/framework-pkcs15.c 2005-04-13 07:04:27.000000000 +1000
+++ src/pkcs11/framework-pkcs15.c 2005-05-04 15:56:36.000000000 +1000
@@ -1146,6 +1146,93 @@
 out: return rv;
 }
 
+/**
+ * Create a PKCS#11 data object, using the attributes in the given template.
+ *
+ * The following PKCS#11 attributes are processed:
+ *
+ *   o  CKA_APPLICATION -- Description of the application that manages the
+ *                         object. May be absent.
+ *   o  CKA_LABEL       -- the label of the data object. May be absent.
+ *   o  CKA_OBJECT_ID   -- the object identifier indicating the data object
+ *                         type. May be absent.
+ *   o  CKA_VALUE       -- the value of the data object. May be absent.
+ */
+static CK_RV pkcs15_create_data (struct sc_pkcs11_card *p11card,
+ struct sc_pkcs11_slot *slot,
+ struct sc_profile *profile,
+ CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phObject)
+{
+ struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data;
+ struct sc_pkcs15init_dataargs args;
+ struct pkcs15_any_object *any_obj;
+ struct sc_pkcs15_object *obj;
+ int rc, rv;
+ size_t app_oid_len;
+
+ /* Fill in default values for args */
+ memset(&args, 0, sizeof(args));
+ args.app_oid.value[0] = -1;
+
+ rv = CKR_OK;
+
+ /* Examine the attributes of the data object */
+ while (ulCount--) {
+ CK_ATTRIBUTE_PTR attr = pTemplate++;
+
+ switch (attr->type) {
+ /* Skip attrs we already know or don't care for */
+ case CKA_CLASS:
+ /* this should already be verified as CKO_DATA */
+ break;
+ case CKA_LABEL:
+ args.label = (char *) attr->pValue;
+ break;
+ case CKA_APPLICATION:
+        args.app_label = (char *) attr->pValue;
+ break;
+ case CKA_OBJECT_ID:
+ app_oid_len = sizeof (args.app_oid);
+ rv = attr_extract(attr, args.app_oid.value, &app_oid_len);
+ if (rv != CKR_OK) {
+ goto out;
+ }
+ break;
+ case CKA_VALUE:
+ args.der_encoded.len = attr->ulValueLen;
+ args.der_encoded.value = (u8 *) attr->pValue;
+ break;
+ default:
+ /* ignore unknown attrs, or flag error? */
+ continue;
+ }
+ }
+
+ /* Store the pkcs15 data object */
+ rc = sc_pkcs15init_store_data_object(fw_data->p15_card, profile, &args, &obj);
+ if (rc < 0) {
+ rv = sc_to_cryptoki_error(rc, p11card->reader);
+ goto out;
+ }
+
+ /* Create a new pkcs11 object for it */
+ __pkcs15_create_data_object(fw_data, obj, &any_obj);
+ pkcs15_add_object(slot, any_obj, phObject);
+
+ rv = CKR_OK;
+
+out:
+ return rv;
+}
+
 static CK_RV pkcs15_create_object(struct sc_pkcs11_card *p11card,
  struct sc_pkcs11_slot *slot,
  CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
@@ -1187,7 +1274,9 @@
  pTemplate, ulCount, phObject);
  break;
  default:
- rv = CKR_FUNCTION_NOT_SUPPORTED;
+ rv = pkcs15_create_data(p11card, slot, profile,
+ pTemplate, ulCount, phObject);
+ break;
  }
 
  sc_unlock(p11card->card);

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user