Update object in the session after key creation (if object already exists).
This commit is contained in:
+1
-1
@@ -1,7 +1,7 @@
|
|||||||
#ifndef DEBUG_H
|
#ifndef DEBUG_H
|
||||||
#define DEBUG_H
|
#define DEBUG_H
|
||||||
|
|
||||||
#define YKCS11_DBG 1 // General debug, must be either 1 or 0
|
#define YKCS11_DBG 0 // General debug, must be either 1 or 0
|
||||||
#define YKCS11_DINOUT 0 // Function in/out debug, must be either 1 or 0
|
#define YKCS11_DINOUT 0 // Function in/out debug, must be either 1 or 0
|
||||||
|
|
||||||
#define D(x) do { \
|
#define D(x) do { \
|
||||||
|
|||||||
+1
-1
@@ -58,7 +58,7 @@ static piv_obj_t piv_objects[] = {
|
|||||||
{PIV_CERT_OBJ_X509_CARD_AUTH, 1, 0, 0, "X.509 Certificate for Card Authentication", 0, 0, get_coa, 1},
|
{PIV_CERT_OBJ_X509_CARD_AUTH, 1, 0, 0, "X.509 Certificate for Card Authentication", 0, 0, get_coa, 1},
|
||||||
{PIV_CERT_OBJ_X509_DS, 1, 0, 0, "X.509 Certificate for Digital Signature", 0, 0, get_coa, 2},
|
{PIV_CERT_OBJ_X509_DS, 1, 0, 0, "X.509 Certificate for Digital Signature", 0, 0, get_coa, 2},
|
||||||
{PIV_CERT_OBJ_X509_KM, 1, 0, 0, "X.509 Certificate for Key Management", 0, 0, get_coa, 3},
|
{PIV_CERT_OBJ_X509_KM, 1, 0, 0, "X.509 Certificate for Key Management", 0, 0, get_coa, 3},
|
||||||
{PIV_CERT_OBJ_LAST, 1, 0, 0, "", 0, 0, get_coa, 4},
|
{PIV_CERT_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 4},
|
||||||
|
|
||||||
{PIV_PVTK_OBJ_PIV_AUTH, 1, 1, 0, "Private key for PIV Authentication", 0, 0, get_proa, 0}, // 9a
|
{PIV_PVTK_OBJ_PIV_AUTH, 1, 1, 0, "Private key for PIV Authentication", 0, 0, get_proa, 0}, // 9a
|
||||||
{PIV_PVTK_OBJ_CARD_AUTH, 1, 0, 0, "Private key for Card Authentication", 0, 0, get_proa, 1}, // 9e
|
{PIV_PVTK_OBJ_CARD_AUTH, 1, 0, 0, "Private key for Card Authentication", 0, 0, get_proa, 1}, // 9e
|
||||||
|
|||||||
@@ -78,8 +78,6 @@ static CK_RV COMMON_token_generate_key(ykpiv_state *state, CK_BBOOL rsa, CK_BYTE
|
|||||||
*certptr++ = 0xfe; /* LRC */
|
*certptr++ = 0xfe; /* LRC */
|
||||||
*certptr++ = 0;
|
*certptr++ = 0;
|
||||||
|
|
||||||
dump_hex(data, (size_t)(certptr - data), stderr, CK_TRUE);
|
|
||||||
|
|
||||||
// Store the certificate into the token
|
// Store the certificate into the token
|
||||||
if (ykpiv_save_object(state, key_to_object_id(key), data, (size_t)(certptr - data)) != YKPIV_OK)
|
if (ykpiv_save_object(state, key_to_object_id(key), data, (size_t)(certptr - data)) != YKPIV_OK)
|
||||||
return CKR_DEVICE_ERROR;
|
return CKR_DEVICE_ERROR;
|
||||||
|
|||||||
+67
-1
@@ -502,7 +502,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(
|
|||||||
|
|
||||||
// Get the actual certificate data from the token and store it as an X509 object
|
// Get the actual certificate data from the token and store it as an X509 object
|
||||||
for (i = 0; i < session.slot->token->n_certs; i++) {
|
for (i = 0; i < session.slot->token->n_certs; i++) {
|
||||||
rv = token.get_token_raw_certificate(piv_state, cert_ids[i], cert_data, cert_len);
|
rv = token.get_token_raw_certificate(piv_state, cert_ids[i], cert_data, cert_len); // TODO: double check len here (check inside, never changed but used below)
|
||||||
if (rv != CKR_OK) {
|
if (rv != CKR_OK) {
|
||||||
DBG(("Unable to get certificate data from token"));
|
DBG(("Unable to get certificate data from token"));
|
||||||
goto failure;
|
goto failure;
|
||||||
@@ -1589,6 +1589,18 @@ CK_DEFINE_FUNCTION(CK_RV, C_GenerateKeyPair)(
|
|||||||
DIN;
|
DIN;
|
||||||
CK_RV rv;
|
CK_RV rv;
|
||||||
token_vendor_t token;
|
token_vendor_t token;
|
||||||
|
CK_ULONG n_objs;
|
||||||
|
CK_ULONG n_certs;
|
||||||
|
CK_ULONG i;
|
||||||
|
CK_BBOOL is_new;
|
||||||
|
CK_ULONG dobj_id;
|
||||||
|
CK_ULONG cert_id;
|
||||||
|
CK_ULONG pvtk_id;
|
||||||
|
CK_ULONG pubk_id;
|
||||||
|
piv_obj_id_t *obj_ptr;
|
||||||
|
CK_BYTE cert_data[2100];
|
||||||
|
CK_ULONG cert_len;
|
||||||
|
|
||||||
|
|
||||||
if (piv_state == NULL) {
|
if (piv_state == NULL) {
|
||||||
DBG(("libykpiv is not initialized or already finalized"));
|
DBG(("libykpiv is not initialized or already finalized"));
|
||||||
@@ -1671,6 +1683,60 @@ CK_DEFINE_FUNCTION(CK_RV, C_GenerateKeyPair)(
|
|||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rv = token.get_token_objects_num(piv_state, &n_objs, &n_certs);
|
||||||
|
if (rv != CKR_OK) {
|
||||||
|
DBG(("Unable to retrieve token objects"));
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
DBG(("There were %lu objs and %lu certs, there are %lu objs and %lu certs", session.slot->token->n_objects, session.slot->token->n_certs, n_objs, n_certs));
|
||||||
|
|
||||||
|
is_new = CK_TRUE;
|
||||||
|
for (i = 0; i < session.slot->token->n_objects; i++) {
|
||||||
|
if (session.slot->token->objects[i] == op_info.op.gen.key_id)
|
||||||
|
is_new = CK_FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
dobj_id = op_info.op.gen.key_id - PIV_PVTK_OBJ_PIV_AUTH; // TODO: make function for these
|
||||||
|
cert_id = PIV_DATA_OBJ_LAST + 1 + dobj_id;
|
||||||
|
pvtk_id = op_info.op.gen.key_id;
|
||||||
|
pubk_id = PIV_PVTK_OBJ_LAST + 1 + dobj_id;
|
||||||
|
|
||||||
|
// Check whether we created a new object or updated an existing one
|
||||||
|
if (is_new == CK_TRUE) {
|
||||||
|
// New object created
|
||||||
|
DBG(("OBJECT NOT FOUND!"));
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// Updated old object
|
||||||
|
cert_len = sizeof(cert_data);
|
||||||
|
rv = token.get_token_raw_certificate(piv_state, cert_id, cert_data, cert_len); // TODO: double check len here (check inside, never changed but used below). One more time above
|
||||||
|
if (rv != CKR_OK) {
|
||||||
|
DBG(("Unable to get certificate data from token"));
|
||||||
|
return CKR_FUNCTION_FAILED; // TODO: although key generation succeeded at this point
|
||||||
|
}
|
||||||
|
|
||||||
|
rv = store_cert(cert_id, cert_data, cert_len);
|
||||||
|
if (rv != CKR_OK) {
|
||||||
|
DBG(("Unable to store certificate data"));
|
||||||
|
return CKR_FUNCTION_FAILED; // TODO: although key generation succeeded at this point
|
||||||
|
}
|
||||||
|
|
||||||
|
/*session.slot->token->n_objects += 4;
|
||||||
|
session.slot->token->n_certs++;
|
||||||
|
|
||||||
|
obj_ptr = realloc(session.slot->token->objects, session.slot->token->n_objects * sizeof(piv_obj_id_t));
|
||||||
|
if (obj_ptr == NULL) {
|
||||||
|
DBG(("Unable to store new item in the session"));
|
||||||
|
return CKR_HOST_MEMORY;
|
||||||
|
}
|
||||||
|
|
||||||
|
obj_ptr = session.slot->token->objects + session.slot->token->n_objects - 4;
|
||||||
|
*obj_ptr++ = dobj_id;
|
||||||
|
*obj_ptr++ = cert_id;
|
||||||
|
*obj_ptr++ = pvtk_id;
|
||||||
|
*obj_ptr++ = pubk_id;*/
|
||||||
|
}
|
||||||
|
|
||||||
*phPrivateKey = op_info.op.gen.key_id;
|
*phPrivateKey = op_info.op.gen.key_id;
|
||||||
*phPublicKey = op_info.op.gen.key_id - PIV_PVTK_OBJ_KM + PIV_PUBK_OBJ_KM; // TODO: make function for these?
|
*phPublicKey = op_info.op.gen.key_id - PIV_PVTK_OBJ_KM + PIV_PUBK_OBJ_KM; // TODO: make function for these?
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user