OSX: Support Firefox add PKCS11 module

PeculiarVentures · Aug 19, 2019 · 38d9e37 · 38d9e37
1 parent 3e977a9
commit 38d9e37
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 5 deletions.
diff --git a/src/core/objects/private_key.cpp b/src/core/objects/private_key.cpp
@@ -10,6 +10,7 @@ PrivateKey::PrivateKey() :
 
     try {
         ItemByType(CKA_CLASS)->To<AttributeNumber>()->Set(CKO_PRIVATE_KEY);
+        ItemByType(CKA_PRIVATE)->To<AttributeBool>()->Set(CK_TRUE);
 
         Add(AttributeBytes::New(CKA_SUBJECT, NULL, 0, PVF_8));
         Add(AttributeBool::New(CKA_SENSITIVE, CK_FALSE, PVF_8 | PVF_11));

diff --git a/src/osx/certificate.cpp b/src/osx/certificate.cpp
@@ -84,12 +84,24 @@ void osx::X509Certificate::Assign
         }
         // CKA_SERIAL_NUMBER
         {
+            SecAsn1CoderRef coder = NULL;
+            SecAsn1CoderCreate(&coder);
+
             CFRef<CFDataRef> cfSerialNumber = SecCertificateCopySerialNumber(*value, NULL);
             Scoped<Buffer> serialNumber(new Buffer(0));
             serialNumber->resize((CK_ULONG)CFDataGetLength(*cfSerialNumber));
             CFDataGetBytes(*cfSerialNumber, CFRangeMake(0, serialNumber->size()), serialNumber->data());
-            ItemByType(CKA_SERIAL_NUMBER)->To<core::AttributeBytes>()->Set(serialNumber->data(),
-                                                                           serialNumber->size());
+
+            SecAsn1Item serial;
+            serial.Data = (uint8*)CFDataGetBytePtr(*cfSerialNumber);
+            serial.Length = CFDataGetLength(*cfSerialNumber);
+            SecAsn1Item serialEncoded;
+            SecAsn1EncodeItem(coder, &serial, kSecAsn1IntegerTemplate, &serialEncoded);
+
+            ItemByType(CKA_SERIAL_NUMBER)->To<core::AttributeBytes>()->Set(serialEncoded.Data,
+                                                                           serialEncoded.Length);
+
+            SecAsn1CoderRelease(coder);
         }
     }
     CATCH_EXCEPTION

diff --git a/src/osx/slot.cpp b/src/osx/slot.cpp
@@ -14,7 +14,7 @@ osx::Slot::Slot() :
     try {
         SET_STRING(this->manufacturerID, MANUFACTURER_ID, 32);
         SET_STRING(this->description, OSX_SLOT_NAME, 64);
-        this->flags = CKF_TOKEN_INITIALIZED | CKF_RNG;
+        this->flags |= CKF_TOKEN_PRESENT;
         this->hardwareVersion.major = 0;
         this->hardwareVersion.minor = 1;
         this->firmwareVersion.major = 0;
@@ -24,10 +24,26 @@ osx::Slot::Slot() :
         SET_STRING(this->tokenInfo.label, OSX_SLOT_NAME, 32);
         SET_STRING(this->tokenInfo.manufacturerID, MANUFACTURER_ID, 32);
         SET_STRING(this->tokenInfo.serialNumber, "1", 16);
+        SET_STRING(this->tokenInfo.model, "MacOS Crypto", 16);
         this->tokenInfo.hardwareVersion.major = 0;
         this->tokenInfo.hardwareVersion.minor = 1;
         this->tokenInfo.firmwareVersion.major = 0;
         this->tokenInfo.firmwareVersion.minor = 1;
+        this->tokenInfo.flags |= CKF_RESTORE_KEY_NOT_NEEDED;
+        this->tokenInfo.flags |= CKF_TOKEN_INITIALIZED;
+        this->tokenInfo.flags |= CKF_USER_PIN_INITIALIZED;
+        this->tokenInfo.flags |= CKF_RNG;
+
+        this->tokenInfo.ulMaxSessionCount = 0;
+        this->tokenInfo.ulSessionCount = ULONG_MAX;
+        this->tokenInfo.ulRwSessionCount = 0;
+        this->tokenInfo.ulMaxRwSessionCount = ULONG_MAX;
+        this->tokenInfo.ulMaxPinLen = 255;
+        this->tokenInfo.ulMinPinLen = 4;
+        this->tokenInfo.ulTotalPublicMemory = ULONG_MAX;
+        this->tokenInfo.ulFreePublicMemory = ULONG_MAX;
+        this->tokenInfo.ulTotalPrivateMemory = ULONG_MAX;
+        this->tokenInfo.ulFreePrivateMemory = ULONG_MAX;
 
         // Add mechanisms
         //   SHA
@@ -51,6 +67,7 @@ osx::Slot::Slot() :
         //      OAEP
         this->mechanisms.add(Scoped<core::Mechanism>(new core::Mechanism(CKM_RSA_PKCS_OAEP, 1024, 4096, CKF_ENCRYPT | CKF_DECRYPT)));
          */
+
         //   EC
         this->mechanisms.add(Scoped<core::Mechanism>(new core::Mechanism(CKM_ECDSA_KEY_PAIR_GEN, 256, 521, CKF_GENERATE)));
         //      ECDSA
@@ -59,10 +76,9 @@ osx::Slot::Slot() :
         this->mechanisms.add(Scoped<core::Mechanism>(new core::Mechanism(CKM_ECDSA_SHA384, 256, 521, CKF_SIGN | CKF_VERIFY)));
         this->mechanisms.add(Scoped<core::Mechanism>(new core::Mechanism(CKM_ECDSA_SHA512, 256, 521, CKF_SIGN | CKF_VERIFY)));
 
-        /*
-         */
         //      ECDH
         // this->mechanisms.add(Scoped<core::Mechanism>(new core::Mechanism(CKM_ECDH1_DERIVE, 256, 521, CKF_DERIVE)));
+
         //   AES
         this->mechanisms.add(Scoped<core::Mechanism>(new core::Mechanism(CKM_AES_KEY_GEN, 128, 256, CKF_GENERATE)));
         this->mechanisms.add(Scoped<core::Mechanism>(new core::Mechanism(CKM_AES_CBC_PAD, 128, 256, CKF_ENCRYPT | CKF_DECRYPT)));