More refactoring.
This commit is contained in:
+30
-1
@@ -84,6 +84,8 @@ typedef long int CK_LONG;
|
||||
/* at least 32 bits; each bit is a Boolean flag */
|
||||
typedef CK_ULONG CK_FLAGS;
|
||||
|
||||
/* Custom type defined for consistency */
|
||||
typedef CK_FLAGS CK_PTR CK_FLAGS_PTR;
|
||||
|
||||
/* some special values for certain CK_ULONG variables */
|
||||
#define CK_UNAVAILABLE_INFORMATION (~0UL)
|
||||
@@ -456,11 +458,26 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
|
||||
#define CKM_MD5_RSA_PKCS 0x00000005
|
||||
#define CKM_SHA1_RSA_PKCS 0x00000006
|
||||
|
||||
/* Added for 2.4 */
|
||||
#define CKM_RSA_PKCS_PSS 0x0000000D
|
||||
#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
|
||||
/* Added for 2.4 */
|
||||
|
||||
#define CKM_DSA_KEY_PAIR_GEN 0x00000010
|
||||
#define CKM_DSA 0x00000011
|
||||
#define CKM_DSA_SHA1 0x00000012
|
||||
#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
|
||||
#define CKM_DH_PKCS_DERIVE 0x00000021
|
||||
|
||||
/* Added for 2.4 */
|
||||
#define CKM_SHA256_RSA_PKCS 0x00000040
|
||||
#define CKM_SHA384_RSA_PKCS 0x00000041
|
||||
#define CKM_SHA512_RSA_PKCS 0x00000042
|
||||
#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
|
||||
#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
|
||||
#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
|
||||
/* Added for 2.4 */
|
||||
|
||||
#define CKM_RC2_KEY_GEN 0x00000100
|
||||
#define CKM_RC2_ECB 0x00000101
|
||||
#define CKM_RC2_CBC 0x00000102
|
||||
@@ -517,6 +534,12 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
|
||||
#define CKM_SHA_1_HMAC 0x00000221
|
||||
#define CKM_SHA_1_HMAC_GENERAL 0x00000222
|
||||
|
||||
/* Added for 2.4 */
|
||||
#define CKM_SHA256 0x00000250
|
||||
#define CKM_SHA384 0x00000260
|
||||
#define CKM_SHA512 0x00000270
|
||||
/* Added for 2.4 */
|
||||
|
||||
/* All of the following mechanisms are new for v2.0 */
|
||||
/* Note that CAST128 and CAST5 are the same algorithm */
|
||||
#define CKM_CAST_KEY_GEN 0x00000300
|
||||
@@ -611,10 +634,16 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
|
||||
#define CKM_BATON_WRAP 0x00001036
|
||||
|
||||
/* PKCS #11 V2.01 probably won't actually have ECDSA in it */
|
||||
#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
|
||||
#define CKM_EC_KEY_PAIR_GEN 0x00001040
|
||||
//#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040 // Deprecated in 2.11
|
||||
#define CKM_ECDSA 0x00001041
|
||||
#define CKM_ECDSA_SHA1 0x00001042
|
||||
|
||||
/* Added for 2.4 */
|
||||
#define CKM_ECDH1_DERIVE 0x00001050
|
||||
#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
|
||||
/* Added for 2.4 */
|
||||
|
||||
#define CKM_JUNIPER_KEY_GEN 0x00001060
|
||||
#define CKM_JUNIPER_ECB128 0x00001061
|
||||
#define CKM_JUNIPER_CBC128 0x00001062
|
||||
|
||||
+21
-8
@@ -30,7 +30,7 @@ CK_BBOOL parse_readers(const CK_BYTE_PTR readers, const CK_ULONG len,
|
||||
if (readers[i] == '\0' && i != len - 1) {
|
||||
slots[*n_slots].vid = get_vendor_id(p);
|
||||
|
||||
if (slots[*n_slots].vid == UNKNOWN) {
|
||||
if (slots[*n_slots].vid == UNKNOWN) { // TODO: distinguish between tokenless and unsupported?
|
||||
// Unknown slot, just save what info we have
|
||||
memset(&slots[*n_slots].info, 0, sizeof(CK_SLOT_INFO));
|
||||
memset(slots[*n_slots].info.slotDescription, ' ', sizeof(slots[*n_slots].info.slotDescription));
|
||||
@@ -42,16 +42,26 @@ CK_BBOOL parse_readers(const CK_BYTE_PTR readers, const CK_ULONG len,
|
||||
// Values must NOT be null terminated and ' ' padded
|
||||
|
||||
memset(slots[*n_slots].info.slotDescription, ' ', sizeof(slots[*n_slots].info.slotDescription));
|
||||
s = vendor.get_slot_description();
|
||||
l = strlen(s);
|
||||
strncpy(slots[*n_slots].info.slotDescription, s, l);
|
||||
s = slots[*n_slots].info.slotDescription;
|
||||
l = sizeof(slots[*n_slots].info.slotDescription);
|
||||
if (vendor.get_slot_description(s, l) != CKR_OK)
|
||||
return CK_FALSE;
|
||||
|
||||
memset(slots[*n_slots].info.manufacturerID, ' ', sizeof(slots[*n_slots].info.manufacturerID));
|
||||
s = vendor.get_slot_manufacturer();
|
||||
l = strlen(s);
|
||||
strncpy(slots[*n_slots].info.manufacturerID, s, l);
|
||||
s = slots[*n_slots].info.manufacturerID;
|
||||
l = sizeof(slots[*n_slots].info.manufacturerID);
|
||||
if(vendor.get_slot_manufacturer(s, l) != CKR_OK)
|
||||
return CK_FALSE;
|
||||
|
||||
slots[*n_slots].info.flags = vendor.get_slot_flags();
|
||||
if (vendor.get_slot_flags(&slots[*n_slots].info.flags) != CKR_OK)
|
||||
return CK_FALSE;
|
||||
|
||||
// Treating hw and fw version the same
|
||||
if (vendor.get_slot_version(&slots[*n_slots].info.hardwareVersion) != CKR_OK)
|
||||
return CK_FALSE;
|
||||
|
||||
if (vendor.get_slot_version(&slots[*n_slots].info.firmwareVersion) != CKR_OK)
|
||||
return CK_FALSE;
|
||||
|
||||
if (has_token(slots + *n_slots))
|
||||
(*n_with_token)++;
|
||||
@@ -59,4 +69,7 @@ CK_BBOOL parse_readers(const CK_BYTE_PTR readers, const CK_ULONG len,
|
||||
(*n_slots)++;
|
||||
p += i + 1;
|
||||
}
|
||||
|
||||
return CK_TRUE;
|
||||
|
||||
}
|
||||
|
||||
+22
-20
@@ -16,30 +16,32 @@ vendor_t get_vendor(vendor_id_t vid) {
|
||||
|
||||
switch (vid) {
|
||||
case YUBICO:
|
||||
v.get_slot_description = YUBICO_get_slot_description;
|
||||
v.get_slot_manufacturer = YUBICO_get_slot_manufacturer;
|
||||
v.get_slot_flags = YUBICO_get_slot_flags;
|
||||
v.get_slot_version = YUBICO_get_slot_version;
|
||||
v.get_token_label = YUBICO_get_token_label;
|
||||
v.get_token_manufacturer = YUBICO_get_token_manufacturer;
|
||||
v.get_token_model = YUBICO_get_token_model;
|
||||
v.get_token_flags = YUBICO_get_token_flags;
|
||||
v.get_token_version = YUBICO_get_token_version;
|
||||
v.get_token_serial = YUBICO_get_token_serial;
|
||||
v.get_slot_description = YUBICO_get_slot_description;
|
||||
v.get_slot_manufacturer = YUBICO_get_slot_manufacturer;
|
||||
v.get_slot_flags = YUBICO_get_slot_flags;
|
||||
v.get_slot_version = YUBICO_get_slot_version;
|
||||
v.get_token_label = YUBICO_get_token_label;
|
||||
v.get_token_manufacturer = YUBICO_get_token_manufacturer;
|
||||
v.get_token_model = YUBICO_get_token_model;
|
||||
v.get_token_flags = YUBICO_get_token_flags;
|
||||
v.get_token_version = YUBICO_get_token_version;
|
||||
v.get_token_serial = YUBICO_get_token_serial;
|
||||
v.get_token_mechanisms_num = YUBICO_get_token_mechanisms_num;
|
||||
break;
|
||||
|
||||
case UNKNOWN:
|
||||
default:
|
||||
v.get_slot_description = NULL;
|
||||
v.get_slot_manufacturer = NULL;
|
||||
v.get_slot_flags = NULL;
|
||||
v.get_slot_version = NULL;
|
||||
v.get_token_label = NULL;
|
||||
v.get_token_manufacturer = NULL;
|
||||
v.get_token_model = NULL;
|
||||
v.get_token_flags = NULL;
|
||||
v.get_token_version = NULL;
|
||||
v.get_token_serial = NULL;
|
||||
v.get_slot_description = NULL;
|
||||
v.get_slot_manufacturer = NULL;
|
||||
v.get_slot_flags = NULL;
|
||||
v.get_slot_version = NULL;
|
||||
v.get_token_label = NULL;
|
||||
v.get_token_manufacturer = NULL;
|
||||
v.get_token_model = NULL;
|
||||
v.get_token_flags = NULL;
|
||||
v.get_token_version = NULL;
|
||||
v.get_token_serial = NULL;
|
||||
v.get_token_mechanisms_num = NULL;
|
||||
}
|
||||
|
||||
return v;
|
||||
|
||||
+23
-20
@@ -8,29 +8,32 @@ typedef enum {
|
||||
YUBICO = 0x01
|
||||
} vendor_id_t;
|
||||
|
||||
typedef CK_UTF8CHAR_PTR (*get_s_description_f)(void);
|
||||
typedef CK_UTF8CHAR_PTR (*get_s_manufacturer_f)(void);
|
||||
typedef CK_FLAGS (*get_s_flags_f)(void);
|
||||
typedef CK_VERSION (*get_s_version_f)(CK_UTF8CHAR_PTR, CK_ULONG);
|
||||
typedef CK_UTF8CHAR_PTR (*get_t_label_f)(void);
|
||||
typedef CK_UTF8CHAR_PTR (*get_t_manufacturer_f)(void);
|
||||
typedef CK_UTF8CHAR_PTR (*get_t_model_f)(void);
|
||||
typedef CK_FLAGS (*get_t_flags_f)(void);
|
||||
typedef CK_VERSION (*get_t_version_f)(CK_UTF8CHAR_PTR, CK_ULONG);
|
||||
typedef CK_CHAR_PTR (*get_t_serial_f)(void);
|
||||
typedef CK_RV (*get_s_description_f)(CK_UTF8CHAR_PTR, CK_ULONG);
|
||||
typedef CK_RV (*get_s_manufacturer_f)(CK_UTF8CHAR_PTR, CK_ULONG);
|
||||
typedef CK_RV (*get_s_flags_f)(CK_FLAGS_PTR);
|
||||
typedef CK_RV (*get_s_version_f)(CK_VERSION_PTR);
|
||||
typedef CK_RV (*get_t_label_f)(CK_UTF8CHAR_PTR, CK_ULONG);
|
||||
typedef CK_RV (*get_t_manufacturer_f)(CK_UTF8CHAR_PTR, CK_ULONG);
|
||||
typedef CK_RV (*get_t_model_f)(CK_UTF8CHAR_PTR, CK_ULONG);
|
||||
typedef CK_RV (*get_t_flags_f)(CK_FLAGS_PTR);
|
||||
typedef CK_RV (*get_t_version_f)(CK_UTF8CHAR_PTR, CK_ULONG, CK_VERSION_PTR);
|
||||
typedef CK_RV (*get_t_serial_f)(CK_CHAR_PTR, CK_ULONG);
|
||||
typedef CK_RV (*get_t_mechanisms_num_f)(CK_ULONG_PTR);
|
||||
//typedef CK_RV (*get_t_mechanisms)(CK_);
|
||||
|
||||
|
||||
typedef struct {
|
||||
get_s_description_f get_slot_description;
|
||||
get_s_manufacturer_f get_slot_manufacturer;
|
||||
get_s_flags_f get_slot_flags;
|
||||
get_s_version_f get_slot_version;
|
||||
get_t_label_f get_token_label;
|
||||
get_t_manufacturer_f get_token_manufacturer;
|
||||
get_t_model_f get_token_model;
|
||||
get_t_flags_f get_token_flags;
|
||||
get_t_version_f get_token_version;
|
||||
get_t_serial_f get_token_serial;
|
||||
get_s_description_f get_slot_description;
|
||||
get_s_manufacturer_f get_slot_manufacturer;
|
||||
get_s_flags_f get_slot_flags;
|
||||
get_s_version_f get_slot_version;
|
||||
get_t_label_f get_token_label;
|
||||
get_t_manufacturer_f get_token_manufacturer;
|
||||
get_t_model_f get_token_model;
|
||||
get_t_flags_f get_token_flags;
|
||||
get_t_version_f get_token_version;
|
||||
get_t_serial_f get_token_serial;
|
||||
get_t_mechanisms_num_f get_token_mechanisms_num;
|
||||
} vendor_t;
|
||||
|
||||
vendor_id_t get_vendor_id(char *vendor_name);
|
||||
|
||||
+54
-33
@@ -99,7 +99,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Finalize)(
|
||||
memset(slots, 0, sizeof(slots));
|
||||
|
||||
ykpiv_done(piv_state); // TODO: this calls disconnect...
|
||||
piv_state == NULL;
|
||||
piv_state = NULL;
|
||||
|
||||
DOUT;
|
||||
return CKR_OK;
|
||||
@@ -154,7 +154,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(
|
||||
int i;
|
||||
int j;
|
||||
|
||||
//ykpiv_get_reader_slot_number(piv_state, &n_readers, &tot_reader_len); // TODO: maybe refactor this with a reader struct?
|
||||
// TODO: check more preconditions
|
||||
if (pSlotList == NULL_PTR) {
|
||||
// Just return the number of slots
|
||||
*pulCount = n_slots;
|
||||
@@ -220,8 +220,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(
|
||||
vendor_id_t vid;
|
||||
vendor_t vendor;
|
||||
CK_BYTE buf[64];
|
||||
CK_UTF8CHAR_PTR p;
|
||||
CK_BYTE len;
|
||||
|
||||
if (piv_state == NULL)
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
@@ -244,26 +242,24 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(
|
||||
vendor = get_vendor(vid); // TODO: make a token field in slot_t ?
|
||||
|
||||
memset(pInfo->label, ' ', sizeof(pInfo->label));
|
||||
p = vendor.get_token_label();
|
||||
len = strlen(p);
|
||||
strncpy(pInfo->label, p, len);
|
||||
if (vendor.get_token_label(pInfo->label, sizeof(pInfo->label)) != CKR_OK)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
memset(pInfo->manufacturerID, ' ', sizeof(pInfo->manufacturerID));
|
||||
p = vendor.get_token_manufacturer();
|
||||
len = strlen(p);
|
||||
strncpy(pInfo->manufacturerID, p, len);
|
||||
if(vendor.get_token_manufacturer(pInfo->manufacturerID, sizeof(pInfo->manufacturerID)) != CKR_OK)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
memset(pInfo->model, ' ', sizeof(pInfo->model));
|
||||
p = vendor.get_token_model();
|
||||
len = strlen(p);
|
||||
strncpy(pInfo->model, p, len);
|
||||
if(vendor.get_token_model(pInfo->model, sizeof(pInfo->model)) != CKR_OK)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
memset(pInfo->serialNumber, ' ', sizeof(pInfo->serialNumber));
|
||||
p = vendor.get_token_serial();
|
||||
len = strlen(p);
|
||||
strncpy(pInfo->serialNumber, p, len);
|
||||
if(vendor.get_token_serial(pInfo->serialNumber, sizeof(pInfo->serialNumber)) != CKR_OK)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
pInfo->flags = vendor.get_token_flags(); // bit flags indicating capabilities and status of the device as defined below // TODO: what about other flags? Like last attempt
|
||||
// bit flags indicating capabilities and status of the device as defined below // TODO: what about other flags? Like last attempt
|
||||
if (vendor.get_token_flags(&pInfo->flags) != CKR_OK)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
pInfo->ulMaxSessionCount = CK_UNAVAILABLE_INFORMATION; // TODO: should this be 1?
|
||||
|
||||
@@ -286,7 +282,8 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(
|
||||
pInfo->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION;
|
||||
|
||||
ykpiv_get_version(piv_state, buf, sizeof(buf));
|
||||
ver = vendor.get_token_version(buf, strlen(buf));
|
||||
if (vendor.get_token_version(buf, strlen(buf), &ver) != CKR_OK)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
pInfo->hardwareVersion = ver; // version number of hardware
|
||||
|
||||
@@ -317,18 +314,40 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismList)(
|
||||
)
|
||||
{
|
||||
DIN;
|
||||
vendor_t vendor;
|
||||
int i;
|
||||
CK_ULONG count;
|
||||
|
||||
if (piv_state == NULL) {
|
||||
DBG(("libykpiv is not initialized or already finalized"));
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
if (slotID > n_slots || pulCount == NULL_PTR)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
if (slots[slotID].vid == UNKNOWN) {
|
||||
DBG(("Slot %lu is tokenless/unsupported", slotID));
|
||||
return CKR_SLOT_ID_INVALID;
|
||||
}
|
||||
|
||||
// TODO: check more return values
|
||||
// TODO: user NULL_PTR more for coherence
|
||||
|
||||
vendor = get_vendor(slots[slotID].vid); // TODO: make a token field in slot_t ?;
|
||||
|
||||
if (vendor.get_token_mechanisms_num(&count) != CKR_OK)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
int i;
|
||||
// TODO: check more return values like not init ...
|
||||
if (pMechanismList == NULL_PTR) {
|
||||
// Just return the number of mechanisms
|
||||
*pulCount = 3;
|
||||
*pulCount = count;
|
||||
DBG(("Found %lu mechanisms", *pulCount));
|
||||
DOUT;
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
if (*pulCount < 3) {
|
||||
DBG(("Buffer too small: needed %lu, provided %lu", 1l, *pulCount));
|
||||
if (*pulCount < count) {
|
||||
DBG(("Buffer too small: needed %lu, provided %lu", count, *pulCount));
|
||||
return CKR_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
@@ -411,7 +430,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(
|
||||
return CKR_TOKEN_NOT_PRESENT;
|
||||
}
|
||||
|
||||
if (flags & CKF_SERIAL_SESSION == 0) {
|
||||
if ((flags & CKF_SERIAL_SESSION) == 0) {
|
||||
DBG(("Open session called without CKF_SERIAL_SESSION set"));
|
||||
return CKR_SESSION_PARALLEL_NOT_SUPPORTED;
|
||||
}
|
||||
@@ -421,11 +440,13 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(
|
||||
return CKR_SESSION_COUNT;
|
||||
}
|
||||
|
||||
// TODO: make sue we don't open a session with an UNKNOWN slot/token
|
||||
|
||||
session = YKCS11_SESSION_ID;
|
||||
session_info.slotID = slotID;
|
||||
// TODO: KEEP TRACK OF THE APPLICATION
|
||||
|
||||
if (flags & CKF_RW_SESSION) {
|
||||
if ((flags & CKF_RW_SESSION)) {
|
||||
// R/W Session
|
||||
session_info.state = CKS_RW_PUBLIC_SESSION; // Nobody has logged in, default session
|
||||
}
|
||||
@@ -472,7 +493,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_CloseAllSessions)(
|
||||
)
|
||||
{
|
||||
DIN;
|
||||
|
||||
|
||||
if (piv_state == NULL)
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
|
||||
@@ -481,7 +502,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_CloseAllSessions)(
|
||||
|
||||
session = CK_INVALID_HANDLE;
|
||||
memset(&session_info, 0, sizeof(CK_SESSION_INFO)); // TODO: Better to call close session?
|
||||
|
||||
|
||||
DOUT;
|
||||
return CKR_OK;
|
||||
}
|
||||
@@ -498,12 +519,12 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetSessionInfo)(
|
||||
|
||||
if (pInfo == NULL)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
|
||||
if (hSession != session)
|
||||
return CKR_SESSION_HANDLE_INVALID;
|
||||
|
||||
memcpy(pInfo, &session_info, sizeof(CK_SESSION_INFO));
|
||||
|
||||
|
||||
DOUT;
|
||||
return CKR_OK;
|
||||
}
|
||||
@@ -560,7 +581,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Login)(
|
||||
|
||||
if (session == CK_INVALID_HANDLE)
|
||||
return CKR_SESSION_CLOSED;
|
||||
|
||||
|
||||
if (hSession != session)
|
||||
return CKR_SESSION_HANDLE_INVALID;
|
||||
|
||||
@@ -569,7 +590,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Login)(
|
||||
userType != CKU_CONTEXT_SPECIFIC)
|
||||
return CKR_USER_TYPE_INVALID;
|
||||
|
||||
if (session_info.flags & CKF_RW_SESSION == 0) { // TODO: make macros for these?
|
||||
if ((session_info.flags & CKF_RW_SESSION) == 0) { // TODO: make macros for these?
|
||||
DBG(("Tried to log-in to a read-only session"));
|
||||
return CKR_SESSION_READ_ONLY_EXISTS;
|
||||
}
|
||||
@@ -578,7 +599,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Login)(
|
||||
case CKU_USER:
|
||||
if (session_info.state == CKS_RW_USER_FUNCTIONS)
|
||||
return CKR_USER_ALREADY_LOGGED_IN;
|
||||
|
||||
|
||||
tries = 0;
|
||||
if (ykpiv_verify(piv_state, pPin, (int *)&tries) != YKPIV_OK) {
|
||||
DBG(("You loose! %lu", tries));
|
||||
|
||||
+112
-30
@@ -1,86 +1,168 @@
|
||||
#include "yubico.h"
|
||||
#include "pkcs11.h"
|
||||
#include <string.h>
|
||||
|
||||
#define YUBICO_MECHANISMS_NUM 5
|
||||
|
||||
// TODO add a type in vendor_t for SLOT | READER
|
||||
static const CK_UTF8CHAR_PTR slot_description = "YubiKey Virtual Reader";
|
||||
static const CK_UTF8CHAR_PTR slot_manufacturer = "Yubico";
|
||||
static const CK_FLAGS slot_flags = CKF_TOKEN_PRESENT | CKF_HW_SLOT;
|
||||
static const CK_VERSION slot_version = {1, 0};
|
||||
static const CK_UTF8CHAR_PTR token_label = "YubiKey PIV X";
|
||||
static const CK_UTF8CHAR_PTR token_manufacturer = "Yubico";
|
||||
static const CK_UTF8CHAR_PTR token_model = "YubiKey MODEL";
|
||||
static const CK_FLAGS token_flags = CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED;
|
||||
static const CK_BYTE_PTR token_serial = "1234";
|
||||
static const CK_MECHANISM_TYPE token_mechanisms[] = {
|
||||
CKM_RSA_PKCS_KEY_PAIR_GEN,
|
||||
CKM_RSA_PKCS,
|
||||
// CKM_RSA_PKCS_PSS,
|
||||
CKM_RSA_X_509,
|
||||
CKM_SHA1_RSA_PKCS,
|
||||
CKM_SHA256_RSA_PKCS,
|
||||
// CKM_SHA384_RSA_PKCS,
|
||||
CKM_SHA512_RSA_PKCS,
|
||||
CKM_SHA1_RSA_PKCS_PSS,
|
||||
CKM_SHA256_RSA_PKCS_PSS,
|
||||
// CKM_SHA384_RSA_PKCS_PSS,
|
||||
CKM_SHA256_RSA_PKCS_PSS,
|
||||
CKM_EC_KEY_PAIR_GEN,
|
||||
//CKM_ECDSA_KEY_PAIR_GEN, Same as CKM_EC_KEY_PAIR_GEN, deprecated in 2.11
|
||||
CKM_ECDSA,
|
||||
CKM_ECDSA_SHA1,
|
||||
CKM_ECDH1_DERIVE,
|
||||
// CKM_ECDH1_COFACTOR_DERIVE,
|
||||
CKM_SHA_1,
|
||||
CKM_SHA256,
|
||||
CKM_SHA384,
|
||||
CKM_SHA512
|
||||
// SUPPORT FOR OATH?
|
||||
};
|
||||
static const CK_ULONG token_mechanisms_num = sizeof(token_mechanisms) / sizeof(CK_MECHANISM_TYPE);
|
||||
|
||||
|
||||
CK_UTF8CHAR_PTR YUBICO_get_slot_description(void) {
|
||||
|
||||
return "YubiKey Virtual Reader";
|
||||
|
||||
}
|
||||
CK_RV YUBICO_get_slot_description(CK_UTF8CHAR_PTR str, CK_ULONG len) {
|
||||
|
||||
CK_UTF8CHAR_PTR YUBICO_get_slot_manufacturer(void) {
|
||||
if (strlen(slot_description) > len)
|
||||
return CKR_BUFFER_TOO_SMALL;
|
||||
|
||||
return "Yubico";
|
||||
memcpy(str, slot_description, strlen(slot_description));
|
||||
return CKR_OK;
|
||||
|
||||
}
|
||||
|
||||
CK_FLAGS YUBICO_get_slot_flags(void) {
|
||||
CK_RV YUBICO_get_slot_manufacturer(CK_UTF8CHAR_PTR str, CK_ULONG len) {
|
||||
|
||||
return CKF_TOKEN_PRESENT | CKF_HW_SLOT;
|
||||
if (strlen(slot_manufacturer) > len)
|
||||
return CKR_BUFFER_TOO_SMALL;
|
||||
|
||||
memcpy(str, slot_manufacturer, strlen(slot_manufacturer));
|
||||
return CKR_OK;
|
||||
|
||||
}
|
||||
|
||||
CK_VERSION YUBICO_get_slot_version(CK_UTF8CHAR_PTR version, CK_ULONG len) {
|
||||
CK_RV YUBICO_get_slot_flags(CK_FLAGS_PTR flags) {
|
||||
|
||||
CK_VERSION v = {1.0}; // Dummy value
|
||||
*flags = slot_flags;
|
||||
return CKR_OK;
|
||||
|
||||
return v;
|
||||
|
||||
}
|
||||
|
||||
CK_UTF8CHAR_PTR YUBICO_get_token_label(void) {
|
||||
CK_RV YUBICO_get_slot_version(CK_VERSION_PTR version) {
|
||||
|
||||
return "YubiKey PIV";
|
||||
version->major = slot_version.major;
|
||||
version->minor = slot_version.minor;
|
||||
|
||||
return CKR_OK;
|
||||
|
||||
}
|
||||
|
||||
CK_UTF8CHAR_PTR YUBICO_get_token_manufacturer(void) {
|
||||
CK_RV YUBICO_get_token_label(CK_UTF8CHAR_PTR str, CK_ULONG len) {
|
||||
|
||||
return "Yubico";
|
||||
if (strlen(token_label) > len)
|
||||
return CKR_BUFFER_TOO_SMALL;
|
||||
|
||||
memcpy(str, token_label, strlen(token_label));
|
||||
return CKR_OK;
|
||||
|
||||
}
|
||||
|
||||
CK_UTF8CHAR_PTR YUBICO_get_token_model(void) {
|
||||
CK_RV YUBICO_get_token_manufacturer(CK_UTF8CHAR_PTR str, CK_ULONG len) {
|
||||
|
||||
return "PRO";
|
||||
if (strlen(token_manufacturer) > len)
|
||||
return CKR_BUFFER_TOO_SMALL;
|
||||
|
||||
memcpy(str, token_manufacturer, strlen(token_manufacturer));
|
||||
return CKR_OK;
|
||||
|
||||
}
|
||||
|
||||
CK_FLAGS YUBICO_get_token_flags(void) {
|
||||
CK_RV YUBICO_get_token_model(CK_UTF8CHAR_PTR str, CK_ULONG len) {
|
||||
|
||||
return CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED;
|
||||
if (strlen(token_model) > len)
|
||||
return CKR_BUFFER_TOO_SMALL;
|
||||
|
||||
memcpy(str, token_model, strlen(token_model));
|
||||
return CKR_OK;
|
||||
|
||||
}
|
||||
|
||||
CK_VERSION YUBICO_get_token_version(CK_UTF8CHAR_PTR version, CK_ULONG len) {
|
||||
CK_RV YUBICO_get_token_flags(CK_FLAGS_PTR flags) {
|
||||
|
||||
*flags = token_flags;
|
||||
return CKR_OK;
|
||||
|
||||
}
|
||||
|
||||
CK_RV YUBICO_get_token_version(CK_UTF8CHAR_PTR v_str, CK_ULONG len, CK_VERSION_PTR version) {
|
||||
|
||||
CK_VERSION v = {0, 0};
|
||||
int i = 0;
|
||||
|
||||
while (i < len && version[i] != '.') {
|
||||
while (i < len && v_str[i] != '.') {
|
||||
v.major *= 10;
|
||||
v.major += version[i++] - '0';
|
||||
v.major += v_str[i++] - '0';
|
||||
}
|
||||
|
||||
i++;
|
||||
|
||||
while (i < len && version[i] != '.') {
|
||||
while (i < len && v_str[i] != '.') {
|
||||
v.minor *= 10;
|
||||
v.minor += version[i++] - '0';
|
||||
v.minor += v_str[i++] - '0';
|
||||
}
|
||||
|
||||
i++;
|
||||
|
||||
while (i < len && version[i] != '.') {
|
||||
while (i < len && v_str[i] != '.') {
|
||||
v.minor *= 10;
|
||||
v.minor += version[i++] - '0';
|
||||
v.minor += v_str[i++] - '0';
|
||||
}
|
||||
|
||||
return v;
|
||||
version->major = v.major;
|
||||
version->minor = v.minor;
|
||||
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
CK_BYTE_PTR YUBICO_get_token_serial(void) {
|
||||
CK_RV YUBICO_get_token_serial(CK_CHAR_PTR str, CK_ULONG len) {
|
||||
|
||||
return "1234";
|
||||
if (strlen(token_serial) > len)
|
||||
return CKR_BUFFER_TOO_SMALL;
|
||||
|
||||
memcpy(str, token_serial, strlen(token_serial));
|
||||
return CKR_OK;
|
||||
|
||||
}
|
||||
|
||||
CK_RV YUBICO_get_token_mechanisms_num(CK_ULONG_PTR num) {
|
||||
|
||||
*num = token_mechanisms_num;
|
||||
return CKR_OK;
|
||||
|
||||
}
|
||||
|
||||
/*CK_RV YUBICO_get_token_mechanisms(void) {
|
||||
|
||||
}*/
|
||||
|
||||
+11
-10
@@ -3,15 +3,16 @@
|
||||
|
||||
#include "pkcs11.h"
|
||||
|
||||
CK_UTF8CHAR_PTR YUBICO_get_slot_description(void);
|
||||
CK_UTF8CHAR_PTR YUBICO_get_slot_manufacturer(void);
|
||||
CK_FLAGS YUBICO_get_slot_flags(void);
|
||||
CK_VERSION YUBICO_get_slot_version(CK_UTF8CHAR_PTR version, CK_ULONG len);
|
||||
CK_UTF8CHAR_PTR YUBICO_get_token_label(void);
|
||||
CK_UTF8CHAR_PTR YUBICO_get_token_manufacturer(void);
|
||||
CK_UTF8CHAR_PTR YUBICO_get_token_model(void);
|
||||
CK_FLAGS YUBICO_get_token_flags(void);
|
||||
CK_CHAR_PTR YUBICO_get_token_serial(void);
|
||||
CK_VERSION YUBICO_get_token_version(CK_UTF8CHAR_PTR version, CK_ULONG len);
|
||||
CK_RV YUBICO_get_slot_description(CK_UTF8CHAR_PTR str, CK_ULONG len);
|
||||
CK_RV YUBICO_get_slot_manufacturer(CK_UTF8CHAR_PTR str, CK_ULONG len);
|
||||
CK_RV YUBICO_get_slot_flags(CK_FLAGS_PTR flags);
|
||||
CK_RV YUBICO_get_slot_version(CK_VERSION_PTR version);
|
||||
CK_RV YUBICO_get_token_label(CK_UTF8CHAR_PTR str, CK_ULONG len);
|
||||
CK_RV YUBICO_get_token_manufacturer(CK_UTF8CHAR_PTR str, CK_ULONG len);
|
||||
CK_RV YUBICO_get_token_model(CK_UTF8CHAR_PTR str, CK_ULONG len);
|
||||
CK_RV YUBICO_get_token_flags(CK_FLAGS_PTR flags);
|
||||
CK_RV YUBICO_get_token_serial(CK_CHAR_PTR str, CK_ULONG len);
|
||||
CK_RV YUBICO_get_token_version(CK_UTF8CHAR_PTR v_str, CK_ULONG v_str_len, CK_VERSION_PTR version);
|
||||
CK_RV YUBICO_get_token_mechanisms_num(CK_ULONG_PTR num);
|
||||
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user