From 5a39b5f582a0ee962cb643aa4fce9ae04aea755e Mon Sep 17 00:00:00 2001 From: Alessio Di Mauro Date: Thu, 16 Jul 2015 16:07:06 +0200 Subject: [PATCH] More refactoring. --- ykcs11/pkcs11t.h | 31 ++++++++++- ykcs11/utils.c | 29 +++++++--- ykcs11/vendors.c | 42 +++++++------- ykcs11/vendors.h | 43 +++++++------- ykcs11/ykcs11.c | 87 ++++++++++++++++++----------- ykcs11/yubico.c | 142 +++++++++++++++++++++++++++++++++++++---------- ykcs11/yubico.h | 21 +++---- 7 files changed, 273 insertions(+), 122 deletions(-) diff --git a/ykcs11/pkcs11t.h b/ykcs11/pkcs11t.h index adc0575..ddb608e 100644 --- a/ykcs11/pkcs11t.h +++ b/ykcs11/pkcs11t.h @@ -84,6 +84,8 @@ typedef long int CK_LONG; /* at least 32 bits; each bit is a Boolean flag */ typedef CK_ULONG CK_FLAGS; +/* Custom type defined for consistency */ +typedef CK_FLAGS CK_PTR CK_FLAGS_PTR; /* some special values for certain CK_ULONG variables */ #define CK_UNAVAILABLE_INFORMATION (~0UL) @@ -456,11 +458,26 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_MD5_RSA_PKCS 0x00000005 #define CKM_SHA1_RSA_PKCS 0x00000006 +/* Added for 2.4 */ +#define CKM_RSA_PKCS_PSS 0x0000000D +#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E +/* Added for 2.4 */ + #define CKM_DSA_KEY_PAIR_GEN 0x00000010 #define CKM_DSA 0x00000011 #define CKM_DSA_SHA1 0x00000012 #define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020 #define CKM_DH_PKCS_DERIVE 0x00000021 + +/* Added for 2.4 */ +#define CKM_SHA256_RSA_PKCS 0x00000040 +#define CKM_SHA384_RSA_PKCS 0x00000041 +#define CKM_SHA512_RSA_PKCS 0x00000042 +#define CKM_SHA256_RSA_PKCS_PSS 0x00000043 +#define CKM_SHA384_RSA_PKCS_PSS 0x00000044 +#define CKM_SHA512_RSA_PKCS_PSS 0x00000045 +/* Added for 2.4 */ + #define CKM_RC2_KEY_GEN 0x00000100 #define CKM_RC2_ECB 0x00000101 #define CKM_RC2_CBC 0x00000102 @@ -517,6 +534,12 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_SHA_1_HMAC 0x00000221 #define CKM_SHA_1_HMAC_GENERAL 0x00000222 +/* Added for 2.4 */ +#define CKM_SHA256 0x00000250 +#define CKM_SHA384 0x00000260 +#define CKM_SHA512 0x00000270 +/* Added for 2.4 */ + /* All of the following mechanisms are new for v2.0 */ /* Note that CAST128 and CAST5 are the same algorithm */ #define CKM_CAST_KEY_GEN 0x00000300 @@ -611,10 +634,16 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_BATON_WRAP 0x00001036 /* PKCS #11 V2.01 probably won't actually have ECDSA in it */ -#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040 +#define CKM_EC_KEY_PAIR_GEN 0x00001040 +//#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040 // Deprecated in 2.11 #define CKM_ECDSA 0x00001041 #define CKM_ECDSA_SHA1 0x00001042 +/* Added for 2.4 */ +#define CKM_ECDH1_DERIVE 0x00001050 +#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051 +/* Added for 2.4 */ + #define CKM_JUNIPER_KEY_GEN 0x00001060 #define CKM_JUNIPER_ECB128 0x00001061 #define CKM_JUNIPER_CBC128 0x00001062 diff --git a/ykcs11/utils.c b/ykcs11/utils.c index fe94111..45acf8c 100644 --- a/ykcs11/utils.c +++ b/ykcs11/utils.c @@ -30,7 +30,7 @@ CK_BBOOL parse_readers(const CK_BYTE_PTR readers, const CK_ULONG len, if (readers[i] == '\0' && i != len - 1) { slots[*n_slots].vid = get_vendor_id(p); - if (slots[*n_slots].vid == UNKNOWN) { + if (slots[*n_slots].vid == UNKNOWN) { // TODO: distinguish between tokenless and unsupported? // Unknown slot, just save what info we have memset(&slots[*n_slots].info, 0, sizeof(CK_SLOT_INFO)); memset(slots[*n_slots].info.slotDescription, ' ', sizeof(slots[*n_slots].info.slotDescription)); @@ -42,16 +42,26 @@ CK_BBOOL parse_readers(const CK_BYTE_PTR readers, const CK_ULONG len, // Values must NOT be null terminated and ' ' padded memset(slots[*n_slots].info.slotDescription, ' ', sizeof(slots[*n_slots].info.slotDescription)); - s = vendor.get_slot_description(); - l = strlen(s); - strncpy(slots[*n_slots].info.slotDescription, s, l); + s = slots[*n_slots].info.slotDescription; + l = sizeof(slots[*n_slots].info.slotDescription); + if (vendor.get_slot_description(s, l) != CKR_OK) + return CK_FALSE; memset(slots[*n_slots].info.manufacturerID, ' ', sizeof(slots[*n_slots].info.manufacturerID)); - s = vendor.get_slot_manufacturer(); - l = strlen(s); - strncpy(slots[*n_slots].info.manufacturerID, s, l); + s = slots[*n_slots].info.manufacturerID; + l = sizeof(slots[*n_slots].info.manufacturerID); + if(vendor.get_slot_manufacturer(s, l) != CKR_OK) + return CK_FALSE; - slots[*n_slots].info.flags = vendor.get_slot_flags(); + if (vendor.get_slot_flags(&slots[*n_slots].info.flags) != CKR_OK) + return CK_FALSE; + + // Treating hw and fw version the same + if (vendor.get_slot_version(&slots[*n_slots].info.hardwareVersion) != CKR_OK) + return CK_FALSE; + + if (vendor.get_slot_version(&slots[*n_slots].info.firmwareVersion) != CKR_OK) + return CK_FALSE; if (has_token(slots + *n_slots)) (*n_with_token)++; @@ -59,4 +69,7 @@ CK_BBOOL parse_readers(const CK_BYTE_PTR readers, const CK_ULONG len, (*n_slots)++; p += i + 1; } + + return CK_TRUE; + } diff --git a/ykcs11/vendors.c b/ykcs11/vendors.c index 0353368..36bc6dc 100644 --- a/ykcs11/vendors.c +++ b/ykcs11/vendors.c @@ -16,30 +16,32 @@ vendor_t get_vendor(vendor_id_t vid) { switch (vid) { case YUBICO: - v.get_slot_description = YUBICO_get_slot_description; - v.get_slot_manufacturer = YUBICO_get_slot_manufacturer; - v.get_slot_flags = YUBICO_get_slot_flags; - v.get_slot_version = YUBICO_get_slot_version; - v.get_token_label = YUBICO_get_token_label; - v.get_token_manufacturer = YUBICO_get_token_manufacturer; - v.get_token_model = YUBICO_get_token_model; - v.get_token_flags = YUBICO_get_token_flags; - v.get_token_version = YUBICO_get_token_version; - v.get_token_serial = YUBICO_get_token_serial; + v.get_slot_description = YUBICO_get_slot_description; + v.get_slot_manufacturer = YUBICO_get_slot_manufacturer; + v.get_slot_flags = YUBICO_get_slot_flags; + v.get_slot_version = YUBICO_get_slot_version; + v.get_token_label = YUBICO_get_token_label; + v.get_token_manufacturer = YUBICO_get_token_manufacturer; + v.get_token_model = YUBICO_get_token_model; + v.get_token_flags = YUBICO_get_token_flags; + v.get_token_version = YUBICO_get_token_version; + v.get_token_serial = YUBICO_get_token_serial; + v.get_token_mechanisms_num = YUBICO_get_token_mechanisms_num; break; case UNKNOWN: default: - v.get_slot_description = NULL; - v.get_slot_manufacturer = NULL; - v.get_slot_flags = NULL; - v.get_slot_version = NULL; - v.get_token_label = NULL; - v.get_token_manufacturer = NULL; - v.get_token_model = NULL; - v.get_token_flags = NULL; - v.get_token_version = NULL; - v.get_token_serial = NULL; + v.get_slot_description = NULL; + v.get_slot_manufacturer = NULL; + v.get_slot_flags = NULL; + v.get_slot_version = NULL; + v.get_token_label = NULL; + v.get_token_manufacturer = NULL; + v.get_token_model = NULL; + v.get_token_flags = NULL; + v.get_token_version = NULL; + v.get_token_serial = NULL; + v.get_token_mechanisms_num = NULL; } return v; diff --git a/ykcs11/vendors.h b/ykcs11/vendors.h index d82f6c4..ab2a75a 100644 --- a/ykcs11/vendors.h +++ b/ykcs11/vendors.h @@ -8,29 +8,32 @@ typedef enum { YUBICO = 0x01 } vendor_id_t; -typedef CK_UTF8CHAR_PTR (*get_s_description_f)(void); -typedef CK_UTF8CHAR_PTR (*get_s_manufacturer_f)(void); -typedef CK_FLAGS (*get_s_flags_f)(void); -typedef CK_VERSION (*get_s_version_f)(CK_UTF8CHAR_PTR, CK_ULONG); -typedef CK_UTF8CHAR_PTR (*get_t_label_f)(void); -typedef CK_UTF8CHAR_PTR (*get_t_manufacturer_f)(void); -typedef CK_UTF8CHAR_PTR (*get_t_model_f)(void); -typedef CK_FLAGS (*get_t_flags_f)(void); -typedef CK_VERSION (*get_t_version_f)(CK_UTF8CHAR_PTR, CK_ULONG); -typedef CK_CHAR_PTR (*get_t_serial_f)(void); +typedef CK_RV (*get_s_description_f)(CK_UTF8CHAR_PTR, CK_ULONG); +typedef CK_RV (*get_s_manufacturer_f)(CK_UTF8CHAR_PTR, CK_ULONG); +typedef CK_RV (*get_s_flags_f)(CK_FLAGS_PTR); +typedef CK_RV (*get_s_version_f)(CK_VERSION_PTR); +typedef CK_RV (*get_t_label_f)(CK_UTF8CHAR_PTR, CK_ULONG); +typedef CK_RV (*get_t_manufacturer_f)(CK_UTF8CHAR_PTR, CK_ULONG); +typedef CK_RV (*get_t_model_f)(CK_UTF8CHAR_PTR, CK_ULONG); +typedef CK_RV (*get_t_flags_f)(CK_FLAGS_PTR); +typedef CK_RV (*get_t_version_f)(CK_UTF8CHAR_PTR, CK_ULONG, CK_VERSION_PTR); +typedef CK_RV (*get_t_serial_f)(CK_CHAR_PTR, CK_ULONG); +typedef CK_RV (*get_t_mechanisms_num_f)(CK_ULONG_PTR); +//typedef CK_RV (*get_t_mechanisms)(CK_); typedef struct { - get_s_description_f get_slot_description; - get_s_manufacturer_f get_slot_manufacturer; - get_s_flags_f get_slot_flags; - get_s_version_f get_slot_version; - get_t_label_f get_token_label; - get_t_manufacturer_f get_token_manufacturer; - get_t_model_f get_token_model; - get_t_flags_f get_token_flags; - get_t_version_f get_token_version; - get_t_serial_f get_token_serial; + get_s_description_f get_slot_description; + get_s_manufacturer_f get_slot_manufacturer; + get_s_flags_f get_slot_flags; + get_s_version_f get_slot_version; + get_t_label_f get_token_label; + get_t_manufacturer_f get_token_manufacturer; + get_t_model_f get_token_model; + get_t_flags_f get_token_flags; + get_t_version_f get_token_version; + get_t_serial_f get_token_serial; + get_t_mechanisms_num_f get_token_mechanisms_num; } vendor_t; vendor_id_t get_vendor_id(char *vendor_name); diff --git a/ykcs11/ykcs11.c b/ykcs11/ykcs11.c index ce4de29..163bc6a 100644 --- a/ykcs11/ykcs11.c +++ b/ykcs11/ykcs11.c @@ -99,7 +99,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Finalize)( memset(slots, 0, sizeof(slots)); ykpiv_done(piv_state); // TODO: this calls disconnect... - piv_state == NULL; + piv_state = NULL; DOUT; return CKR_OK; @@ -154,7 +154,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)( int i; int j; - //ykpiv_get_reader_slot_number(piv_state, &n_readers, &tot_reader_len); // TODO: maybe refactor this with a reader struct? + // TODO: check more preconditions if (pSlotList == NULL_PTR) { // Just return the number of slots *pulCount = n_slots; @@ -220,8 +220,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)( vendor_id_t vid; vendor_t vendor; CK_BYTE buf[64]; - CK_UTF8CHAR_PTR p; - CK_BYTE len; if (piv_state == NULL) return CKR_CRYPTOKI_NOT_INITIALIZED; @@ -244,26 +242,24 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)( vendor = get_vendor(vid); // TODO: make a token field in slot_t ? memset(pInfo->label, ' ', sizeof(pInfo->label)); - p = vendor.get_token_label(); - len = strlen(p); - strncpy(pInfo->label, p, len); + if (vendor.get_token_label(pInfo->label, sizeof(pInfo->label)) != CKR_OK) + return CKR_FUNCTION_FAILED; memset(pInfo->manufacturerID, ' ', sizeof(pInfo->manufacturerID)); - p = vendor.get_token_manufacturer(); - len = strlen(p); - strncpy(pInfo->manufacturerID, p, len); + if(vendor.get_token_manufacturer(pInfo->manufacturerID, sizeof(pInfo->manufacturerID)) != CKR_OK) + return CKR_FUNCTION_FAILED; memset(pInfo->model, ' ', sizeof(pInfo->model)); - p = vendor.get_token_model(); - len = strlen(p); - strncpy(pInfo->model, p, len); + if(vendor.get_token_model(pInfo->model, sizeof(pInfo->model)) != CKR_OK) + return CKR_FUNCTION_FAILED; memset(pInfo->serialNumber, ' ', sizeof(pInfo->serialNumber)); - p = vendor.get_token_serial(); - len = strlen(p); - strncpy(pInfo->serialNumber, p, len); + if(vendor.get_token_serial(pInfo->serialNumber, sizeof(pInfo->serialNumber)) != CKR_OK) + return CKR_FUNCTION_FAILED; - pInfo->flags = vendor.get_token_flags(); // bit flags indicating capabilities and status of the device as defined below // TODO: what about other flags? Like last attempt + // bit flags indicating capabilities and status of the device as defined below // TODO: what about other flags? Like last attempt + if (vendor.get_token_flags(&pInfo->flags) != CKR_OK) + return CKR_FUNCTION_FAILED; pInfo->ulMaxSessionCount = CK_UNAVAILABLE_INFORMATION; // TODO: should this be 1? @@ -286,7 +282,8 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)( pInfo->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION; ykpiv_get_version(piv_state, buf, sizeof(buf)); - ver = vendor.get_token_version(buf, strlen(buf)); + if (vendor.get_token_version(buf, strlen(buf), &ver) != CKR_OK) + return CKR_FUNCTION_FAILED; pInfo->hardwareVersion = ver; // version number of hardware @@ -317,18 +314,40 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismList)( ) { DIN; + vendor_t vendor; + int i; + CK_ULONG count; + + if (piv_state == NULL) { + DBG(("libykpiv is not initialized or already finalized")); + return CKR_CRYPTOKI_NOT_INITIALIZED; + } + + if (slotID > n_slots || pulCount == NULL_PTR) + return CKR_ARGUMENTS_BAD; + + if (slots[slotID].vid == UNKNOWN) { + DBG(("Slot %lu is tokenless/unsupported", slotID)); + return CKR_SLOT_ID_INVALID; + } + + // TODO: check more return values + // TODO: user NULL_PTR more for coherence + + vendor = get_vendor(slots[slotID].vid); // TODO: make a token field in slot_t ?; + + if (vendor.get_token_mechanisms_num(&count) != CKR_OK) + return CKR_FUNCTION_FAILED; - int i; - // TODO: check more return values like not init ... if (pMechanismList == NULL_PTR) { - // Just return the number of mechanisms - *pulCount = 3; + *pulCount = count; + DBG(("Found %lu mechanisms", *pulCount)); DOUT; return CKR_OK; } - if (*pulCount < 3) { - DBG(("Buffer too small: needed %lu, provided %lu", 1l, *pulCount)); + if (*pulCount < count) { + DBG(("Buffer too small: needed %lu, provided %lu", count, *pulCount)); return CKR_BUFFER_TOO_SMALL; } @@ -411,7 +430,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)( return CKR_TOKEN_NOT_PRESENT; } - if (flags & CKF_SERIAL_SESSION == 0) { + if ((flags & CKF_SERIAL_SESSION) == 0) { DBG(("Open session called without CKF_SERIAL_SESSION set")); return CKR_SESSION_PARALLEL_NOT_SUPPORTED; } @@ -421,11 +440,13 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)( return CKR_SESSION_COUNT; } + // TODO: make sue we don't open a session with an UNKNOWN slot/token + session = YKCS11_SESSION_ID; session_info.slotID = slotID; // TODO: KEEP TRACK OF THE APPLICATION - if (flags & CKF_RW_SESSION) { + if ((flags & CKF_RW_SESSION)) { // R/W Session session_info.state = CKS_RW_PUBLIC_SESSION; // Nobody has logged in, default session } @@ -472,7 +493,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_CloseAllSessions)( ) { DIN; - + if (piv_state == NULL) return CKR_CRYPTOKI_NOT_INITIALIZED; @@ -481,7 +502,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_CloseAllSessions)( session = CK_INVALID_HANDLE; memset(&session_info, 0, sizeof(CK_SESSION_INFO)); // TODO: Better to call close session? - + DOUT; return CKR_OK; } @@ -498,12 +519,12 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetSessionInfo)( if (pInfo == NULL) return CKR_ARGUMENTS_BAD; - + if (hSession != session) return CKR_SESSION_HANDLE_INVALID; memcpy(pInfo, &session_info, sizeof(CK_SESSION_INFO)); - + DOUT; return CKR_OK; } @@ -560,7 +581,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Login)( if (session == CK_INVALID_HANDLE) return CKR_SESSION_CLOSED; - + if (hSession != session) return CKR_SESSION_HANDLE_INVALID; @@ -569,7 +590,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Login)( userType != CKU_CONTEXT_SPECIFIC) return CKR_USER_TYPE_INVALID; - if (session_info.flags & CKF_RW_SESSION == 0) { // TODO: make macros for these? + if ((session_info.flags & CKF_RW_SESSION) == 0) { // TODO: make macros for these? DBG(("Tried to log-in to a read-only session")); return CKR_SESSION_READ_ONLY_EXISTS; } @@ -578,7 +599,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Login)( case CKU_USER: if (session_info.state == CKS_RW_USER_FUNCTIONS) return CKR_USER_ALREADY_LOGGED_IN; - + tries = 0; if (ykpiv_verify(piv_state, pPin, (int *)&tries) != YKPIV_OK) { DBG(("You loose! %lu", tries)); diff --git a/ykcs11/yubico.c b/ykcs11/yubico.c index 7dfb61d..8b7d3c6 100644 --- a/ykcs11/yubico.c +++ b/ykcs11/yubico.c @@ -1,86 +1,168 @@ #include "yubico.h" #include "pkcs11.h" +#include + +#define YUBICO_MECHANISMS_NUM 5 + +// TODO add a type in vendor_t for SLOT | READER +static const CK_UTF8CHAR_PTR slot_description = "YubiKey Virtual Reader"; +static const CK_UTF8CHAR_PTR slot_manufacturer = "Yubico"; +static const CK_FLAGS slot_flags = CKF_TOKEN_PRESENT | CKF_HW_SLOT; +static const CK_VERSION slot_version = {1, 0}; +static const CK_UTF8CHAR_PTR token_label = "YubiKey PIV X"; +static const CK_UTF8CHAR_PTR token_manufacturer = "Yubico"; +static const CK_UTF8CHAR_PTR token_model = "YubiKey MODEL"; +static const CK_FLAGS token_flags = CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED; +static const CK_BYTE_PTR token_serial = "1234"; +static const CK_MECHANISM_TYPE token_mechanisms[] = { + CKM_RSA_PKCS_KEY_PAIR_GEN, + CKM_RSA_PKCS, + // CKM_RSA_PKCS_PSS, + CKM_RSA_X_509, + CKM_SHA1_RSA_PKCS, + CKM_SHA256_RSA_PKCS, + // CKM_SHA384_RSA_PKCS, + CKM_SHA512_RSA_PKCS, + CKM_SHA1_RSA_PKCS_PSS, + CKM_SHA256_RSA_PKCS_PSS, + // CKM_SHA384_RSA_PKCS_PSS, + CKM_SHA256_RSA_PKCS_PSS, + CKM_EC_KEY_PAIR_GEN, + //CKM_ECDSA_KEY_PAIR_GEN, Same as CKM_EC_KEY_PAIR_GEN, deprecated in 2.11 + CKM_ECDSA, + CKM_ECDSA_SHA1, + CKM_ECDH1_DERIVE, + // CKM_ECDH1_COFACTOR_DERIVE, + CKM_SHA_1, + CKM_SHA256, + CKM_SHA384, + CKM_SHA512 + // SUPPORT FOR OATH? +}; +static const CK_ULONG token_mechanisms_num = sizeof(token_mechanisms) / sizeof(CK_MECHANISM_TYPE); -CK_UTF8CHAR_PTR YUBICO_get_slot_description(void) { - - return "YubiKey Virtual Reader"; - -} +CK_RV YUBICO_get_slot_description(CK_UTF8CHAR_PTR str, CK_ULONG len) { -CK_UTF8CHAR_PTR YUBICO_get_slot_manufacturer(void) { + if (strlen(slot_description) > len) + return CKR_BUFFER_TOO_SMALL; - return "Yubico"; + memcpy(str, slot_description, strlen(slot_description)); + return CKR_OK; } -CK_FLAGS YUBICO_get_slot_flags(void) { +CK_RV YUBICO_get_slot_manufacturer(CK_UTF8CHAR_PTR str, CK_ULONG len) { - return CKF_TOKEN_PRESENT | CKF_HW_SLOT; + if (strlen(slot_manufacturer) > len) + return CKR_BUFFER_TOO_SMALL; + + memcpy(str, slot_manufacturer, strlen(slot_manufacturer)); + return CKR_OK; } -CK_VERSION YUBICO_get_slot_version(CK_UTF8CHAR_PTR version, CK_ULONG len) { +CK_RV YUBICO_get_slot_flags(CK_FLAGS_PTR flags) { - CK_VERSION v = {1.0}; // Dummy value + *flags = slot_flags; + return CKR_OK; - return v; } -CK_UTF8CHAR_PTR YUBICO_get_token_label(void) { +CK_RV YUBICO_get_slot_version(CK_VERSION_PTR version) { - return "YubiKey PIV"; + version->major = slot_version.major; + version->minor = slot_version.minor; + + return CKR_OK; } -CK_UTF8CHAR_PTR YUBICO_get_token_manufacturer(void) { +CK_RV YUBICO_get_token_label(CK_UTF8CHAR_PTR str, CK_ULONG len) { - return "Yubico"; + if (strlen(token_label) > len) + return CKR_BUFFER_TOO_SMALL; + + memcpy(str, token_label, strlen(token_label)); + return CKR_OK; } -CK_UTF8CHAR_PTR YUBICO_get_token_model(void) { +CK_RV YUBICO_get_token_manufacturer(CK_UTF8CHAR_PTR str, CK_ULONG len) { - return "PRO"; + if (strlen(token_manufacturer) > len) + return CKR_BUFFER_TOO_SMALL; + + memcpy(str, token_manufacturer, strlen(token_manufacturer)); + return CKR_OK; } -CK_FLAGS YUBICO_get_token_flags(void) { +CK_RV YUBICO_get_token_model(CK_UTF8CHAR_PTR str, CK_ULONG len) { - return CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED; + if (strlen(token_model) > len) + return CKR_BUFFER_TOO_SMALL; + + memcpy(str, token_model, strlen(token_model)); + return CKR_OK; } -CK_VERSION YUBICO_get_token_version(CK_UTF8CHAR_PTR version, CK_ULONG len) { +CK_RV YUBICO_get_token_flags(CK_FLAGS_PTR flags) { + + *flags = token_flags; + return CKR_OK; + +} + +CK_RV YUBICO_get_token_version(CK_UTF8CHAR_PTR v_str, CK_ULONG len, CK_VERSION_PTR version) { CK_VERSION v = {0, 0}; int i = 0; - while (i < len && version[i] != '.') { + while (i < len && v_str[i] != '.') { v.major *= 10; - v.major += version[i++] - '0'; + v.major += v_str[i++] - '0'; } i++; - while (i < len && version[i] != '.') { + while (i < len && v_str[i] != '.') { v.minor *= 10; - v.minor += version[i++] - '0'; + v.minor += v_str[i++] - '0'; } i++; - while (i < len && version[i] != '.') { + while (i < len && v_str[i] != '.') { v.minor *= 10; - v.minor += version[i++] - '0'; + v.minor += v_str[i++] - '0'; } - return v; + version->major = v.major; + version->minor = v.minor; + + return CKR_OK; } -CK_BYTE_PTR YUBICO_get_token_serial(void) { +CK_RV YUBICO_get_token_serial(CK_CHAR_PTR str, CK_ULONG len) { - return "1234"; + if (strlen(token_serial) > len) + return CKR_BUFFER_TOO_SMALL; + + memcpy(str, token_serial, strlen(token_serial)); + return CKR_OK; } + +CK_RV YUBICO_get_token_mechanisms_num(CK_ULONG_PTR num) { + + *num = token_mechanisms_num; + return CKR_OK; + +} + +/*CK_RV YUBICO_get_token_mechanisms(void) { + +}*/ diff --git a/ykcs11/yubico.h b/ykcs11/yubico.h index cdac771..aefeb4e 100644 --- a/ykcs11/yubico.h +++ b/ykcs11/yubico.h @@ -3,15 +3,16 @@ #include "pkcs11.h" -CK_UTF8CHAR_PTR YUBICO_get_slot_description(void); -CK_UTF8CHAR_PTR YUBICO_get_slot_manufacturer(void); -CK_FLAGS YUBICO_get_slot_flags(void); -CK_VERSION YUBICO_get_slot_version(CK_UTF8CHAR_PTR version, CK_ULONG len); -CK_UTF8CHAR_PTR YUBICO_get_token_label(void); -CK_UTF8CHAR_PTR YUBICO_get_token_manufacturer(void); -CK_UTF8CHAR_PTR YUBICO_get_token_model(void); -CK_FLAGS YUBICO_get_token_flags(void); -CK_CHAR_PTR YUBICO_get_token_serial(void); -CK_VERSION YUBICO_get_token_version(CK_UTF8CHAR_PTR version, CK_ULONG len); +CK_RV YUBICO_get_slot_description(CK_UTF8CHAR_PTR str, CK_ULONG len); +CK_RV YUBICO_get_slot_manufacturer(CK_UTF8CHAR_PTR str, CK_ULONG len); +CK_RV YUBICO_get_slot_flags(CK_FLAGS_PTR flags); +CK_RV YUBICO_get_slot_version(CK_VERSION_PTR version); +CK_RV YUBICO_get_token_label(CK_UTF8CHAR_PTR str, CK_ULONG len); +CK_RV YUBICO_get_token_manufacturer(CK_UTF8CHAR_PTR str, CK_ULONG len); +CK_RV YUBICO_get_token_model(CK_UTF8CHAR_PTR str, CK_ULONG len); +CK_RV YUBICO_get_token_flags(CK_FLAGS_PTR flags); +CK_RV YUBICO_get_token_serial(CK_CHAR_PTR str, CK_ULONG len); +CK_RV YUBICO_get_token_version(CK_UTF8CHAR_PTR v_str, CK_ULONG v_str_len, CK_VERSION_PTR version); +CK_RV YUBICO_get_token_mechanisms_num(CK_ULONG_PTR num); #endif