How to find private key in token by using X509 certificate modulus in C++

Question

In c++ code using pkcs#11 we are trying to find the private key and install corresponding x509 certificate in the token. But unable to find the key pair in token using modulus. Below is my code sample.

    //Install certificate

    const char bytes[] = "-----BEGIN CERTIFICATE-----" "\n"
        ....
        "-----END CERTIFICATE-----" "\n";
    BIO *bio_mem = BIO_new(BIO_s_mem());
    BIO_puts(bio_mem, bytes);
    X509 * x509 = PEM_read_bio_X509(bio_mem, NULL, NULL, NULL);
    //
    BIO *bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);

    EVP_PKEY *pkey = X509_get_pubkey(x509);

    RSA *rsa_key;
    DSA *dsa_key;
    char *rsa_e_dec, *rsa_n_hex, *dsa_p_hex,
        *dsa_q_hex, *dsa_g_hex, *dsa_y_hex;

    rsa_key = pkey->pkey.rsa;
    //IFNULL_FAIL(rsa_e_dec, "unable to extract rsa exponent");
    CK_BYTE_PTR modulus, exponent;

    modulus = (unsigned char *)malloc(256);
    int mo = BN_bn2bin(rsa_key->n, modulus);
    //EVP_PKEY_free(pkey);
//  CK_RV result;
    CK_OBJECT_HANDLE hObject;
    CK_OBJECT_HANDLE hObjects[100];
    CK_OBJECT_HANDLE_PTR hObject_PTR = NULL;
    CK_ULONG count;
    vector<CK_OBJECT_HANDLE> *handles = new vector<CK_OBJECT_HANDLE>();
    //Object class attribute
    CK_OBJECT_CLASS classValue = CKO_PRIVATE_KEY;
    CK_OBJECT_CLASS keytype = CKK_RSA;

    CK_ATTRIBUTE privKeySearchTemplate[] = {
        { CKA_CLASS, &classValue,sizeof(classValue) },
    { CKA_KEY_TYPE, &keytype,sizeof(keytype) },
    { CKA_MODULUS, &modulus, sizeof(modulus) },
    };
    //
    //{ CKA_PUBLIC_EXPONENT, exponent},

    // Read label and ID from private key handle
    CK_ATTRIBUTE privKeyAttrsToRead[] =
    { { CKA_LABEL, NULL_PTR, 0 },
    { CKA_ID, NULL_PTR, 0 },
    };
    //WriteToLog(modulus, modulus_len11);
    // Find all objects with the template specified
    result = m_pPKCS11->C_FindObjectsInit(m_SessionHandle, privKeySearchTemplate, 2);


    do {

        // Find the next object
        result = m_pPKCS11->C_FindObjects(m_SessionHandle, &hObject, 1, &count);


        if (count != 0)
            handles->push_back(hObject);

    } while (count != 0);

    result = m_pPKCS11->C_FindObjectsFinal(m_SessionHandle);

Answer 1

There are several bugs here:

{ CKA_MODULUS, &modulus, sizeof(modulus) }

like always, sizeof(modulus) is size of your pointer which is 4 or 8 based on your system. This should be size of your modulus which in your case is mo . In addition, use correct type here:

CK_KEY_TYPE keytype = CKK_RSA;

Another bug is here:

m_pPKCS11->C_FindObjectsInit(m_SessionHandle, privKeySearchTemplate, 2);

You are searching a template with 3 attributes, but you have set number of attributes as 2. Normally you need to write code like this to prevent such bugs:

m_pPKCS11->C_FindObjectsInit(m_SessionHandle, privKeySearchTemplate, sizeof(privKeySearchTemplate) / sizeof(CK_ATTRIBUTE));

Finally, you need to allocate enough memory for your modulus before using BN_bn2bin , unless you like to get memory exceptions. Allocating 256 bytes may not be sufficient.