More refactoring.
This commit is contained in:
+30
-1
@@ -84,6 +84,8 @@ typedef long int CK_LONG;
|
|||||||
/* at least 32 bits; each bit is a Boolean flag */
|
/* at least 32 bits; each bit is a Boolean flag */
|
||||||
typedef CK_ULONG CK_FLAGS;
|
typedef CK_ULONG CK_FLAGS;
|
||||||
|
|
||||||
|
/* Custom type defined for consistency */
|
||||||
|
typedef CK_FLAGS CK_PTR CK_FLAGS_PTR;
|
||||||
|
|
||||||
/* some special values for certain CK_ULONG variables */
|
/* some special values for certain CK_ULONG variables */
|
||||||
#define CK_UNAVAILABLE_INFORMATION (~0UL)
|
#define CK_UNAVAILABLE_INFORMATION (~0UL)
|
||||||
@@ -456,11 +458,26 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
|
|||||||
#define CKM_MD5_RSA_PKCS 0x00000005
|
#define CKM_MD5_RSA_PKCS 0x00000005
|
||||||
#define CKM_SHA1_RSA_PKCS 0x00000006
|
#define CKM_SHA1_RSA_PKCS 0x00000006
|
||||||
|
|
||||||
|
/* Added for 2.4 */
|
||||||
|
#define CKM_RSA_PKCS_PSS 0x0000000D
|
||||||
|
#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
|
||||||
|
/* Added for 2.4 */
|
||||||
|
|
||||||
#define CKM_DSA_KEY_PAIR_GEN 0x00000010
|
#define CKM_DSA_KEY_PAIR_GEN 0x00000010
|
||||||
#define CKM_DSA 0x00000011
|
#define CKM_DSA 0x00000011
|
||||||
#define CKM_DSA_SHA1 0x00000012
|
#define CKM_DSA_SHA1 0x00000012
|
||||||
#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
|
#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
|
||||||
#define CKM_DH_PKCS_DERIVE 0x00000021
|
#define CKM_DH_PKCS_DERIVE 0x00000021
|
||||||
|
|
||||||
|
/* Added for 2.4 */
|
||||||
|
#define CKM_SHA256_RSA_PKCS 0x00000040
|
||||||
|
#define CKM_SHA384_RSA_PKCS 0x00000041
|
||||||
|
#define CKM_SHA512_RSA_PKCS 0x00000042
|
||||||
|
#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
|
||||||
|
#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
|
||||||
|
#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
|
||||||
|
/* Added for 2.4 */
|
||||||
|
|
||||||
#define CKM_RC2_KEY_GEN 0x00000100
|
#define CKM_RC2_KEY_GEN 0x00000100
|
||||||
#define CKM_RC2_ECB 0x00000101
|
#define CKM_RC2_ECB 0x00000101
|
||||||
#define CKM_RC2_CBC 0x00000102
|
#define CKM_RC2_CBC 0x00000102
|
||||||
@@ -517,6 +534,12 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
|
|||||||
#define CKM_SHA_1_HMAC 0x00000221
|
#define CKM_SHA_1_HMAC 0x00000221
|
||||||
#define CKM_SHA_1_HMAC_GENERAL 0x00000222
|
#define CKM_SHA_1_HMAC_GENERAL 0x00000222
|
||||||
|
|
||||||
|
/* Added for 2.4 */
|
||||||
|
#define CKM_SHA256 0x00000250
|
||||||
|
#define CKM_SHA384 0x00000260
|
||||||
|
#define CKM_SHA512 0x00000270
|
||||||
|
/* Added for 2.4 */
|
||||||
|
|
||||||
/* All of the following mechanisms are new for v2.0 */
|
/* All of the following mechanisms are new for v2.0 */
|
||||||
/* Note that CAST128 and CAST5 are the same algorithm */
|
/* Note that CAST128 and CAST5 are the same algorithm */
|
||||||
#define CKM_CAST_KEY_GEN 0x00000300
|
#define CKM_CAST_KEY_GEN 0x00000300
|
||||||
@@ -611,10 +634,16 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
|
|||||||
#define CKM_BATON_WRAP 0x00001036
|
#define CKM_BATON_WRAP 0x00001036
|
||||||
|
|
||||||
/* PKCS #11 V2.01 probably won't actually have ECDSA in it */
|
/* PKCS #11 V2.01 probably won't actually have ECDSA in it */
|
||||||
#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
|
#define CKM_EC_KEY_PAIR_GEN 0x00001040
|
||||||
|
//#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040 // Deprecated in 2.11
|
||||||
#define CKM_ECDSA 0x00001041
|
#define CKM_ECDSA 0x00001041
|
||||||
#define CKM_ECDSA_SHA1 0x00001042
|
#define CKM_ECDSA_SHA1 0x00001042
|
||||||
|
|
||||||
|
/* Added for 2.4 */
|
||||||
|
#define CKM_ECDH1_DERIVE 0x00001050
|
||||||
|
#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
|
||||||
|
/* Added for 2.4 */
|
||||||
|
|
||||||
#define CKM_JUNIPER_KEY_GEN 0x00001060
|
#define CKM_JUNIPER_KEY_GEN 0x00001060
|
||||||
#define CKM_JUNIPER_ECB128 0x00001061
|
#define CKM_JUNIPER_ECB128 0x00001061
|
||||||
#define CKM_JUNIPER_CBC128 0x00001062
|
#define CKM_JUNIPER_CBC128 0x00001062
|
||||||
|
|||||||
+21
-8
@@ -30,7 +30,7 @@ CK_BBOOL parse_readers(const CK_BYTE_PTR readers, const CK_ULONG len,
|
|||||||
if (readers[i] == '\0' && i != len - 1) {
|
if (readers[i] == '\0' && i != len - 1) {
|
||||||
slots[*n_slots].vid = get_vendor_id(p);
|
slots[*n_slots].vid = get_vendor_id(p);
|
||||||
|
|
||||||
if (slots[*n_slots].vid == UNKNOWN) {
|
if (slots[*n_slots].vid == UNKNOWN) { // TODO: distinguish between tokenless and unsupported?
|
||||||
// Unknown slot, just save what info we have
|
// Unknown slot, just save what info we have
|
||||||
memset(&slots[*n_slots].info, 0, sizeof(CK_SLOT_INFO));
|
memset(&slots[*n_slots].info, 0, sizeof(CK_SLOT_INFO));
|
||||||
memset(slots[*n_slots].info.slotDescription, ' ', sizeof(slots[*n_slots].info.slotDescription));
|
memset(slots[*n_slots].info.slotDescription, ' ', sizeof(slots[*n_slots].info.slotDescription));
|
||||||
@@ -42,16 +42,26 @@ CK_BBOOL parse_readers(const CK_BYTE_PTR readers, const CK_ULONG len,
|
|||||||
// Values must NOT be null terminated and ' ' padded
|
// Values must NOT be null terminated and ' ' padded
|
||||||
|
|
||||||
memset(slots[*n_slots].info.slotDescription, ' ', sizeof(slots[*n_slots].info.slotDescription));
|
memset(slots[*n_slots].info.slotDescription, ' ', sizeof(slots[*n_slots].info.slotDescription));
|
||||||
s = vendor.get_slot_description();
|
s = slots[*n_slots].info.slotDescription;
|
||||||
l = strlen(s);
|
l = sizeof(slots[*n_slots].info.slotDescription);
|
||||||
strncpy(slots[*n_slots].info.slotDescription, s, l);
|
if (vendor.get_slot_description(s, l) != CKR_OK)
|
||||||
|
return CK_FALSE;
|
||||||
|
|
||||||
memset(slots[*n_slots].info.manufacturerID, ' ', sizeof(slots[*n_slots].info.manufacturerID));
|
memset(slots[*n_slots].info.manufacturerID, ' ', sizeof(slots[*n_slots].info.manufacturerID));
|
||||||
s = vendor.get_slot_manufacturer();
|
s = slots[*n_slots].info.manufacturerID;
|
||||||
l = strlen(s);
|
l = sizeof(slots[*n_slots].info.manufacturerID);
|
||||||
strncpy(slots[*n_slots].info.manufacturerID, s, l);
|
if(vendor.get_slot_manufacturer(s, l) != CKR_OK)
|
||||||
|
return CK_FALSE;
|
||||||
|
|
||||||
slots[*n_slots].info.flags = vendor.get_slot_flags();
|
if (vendor.get_slot_flags(&slots[*n_slots].info.flags) != CKR_OK)
|
||||||
|
return CK_FALSE;
|
||||||
|
|
||||||
|
// Treating hw and fw version the same
|
||||||
|
if (vendor.get_slot_version(&slots[*n_slots].info.hardwareVersion) != CKR_OK)
|
||||||
|
return CK_FALSE;
|
||||||
|
|
||||||
|
if (vendor.get_slot_version(&slots[*n_slots].info.firmwareVersion) != CKR_OK)
|
||||||
|
return CK_FALSE;
|
||||||
|
|
||||||
if (has_token(slots + *n_slots))
|
if (has_token(slots + *n_slots))
|
||||||
(*n_with_token)++;
|
(*n_with_token)++;
|
||||||
@@ -59,4 +69,7 @@ CK_BBOOL parse_readers(const CK_BYTE_PTR readers, const CK_ULONG len,
|
|||||||
(*n_slots)++;
|
(*n_slots)++;
|
||||||
p += i + 1;
|
p += i + 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return CK_TRUE;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
+22
-20
@@ -16,30 +16,32 @@ vendor_t get_vendor(vendor_id_t vid) {
|
|||||||
|
|
||||||
switch (vid) {
|
switch (vid) {
|
||||||
case YUBICO:
|
case YUBICO:
|
||||||
v.get_slot_description = YUBICO_get_slot_description;
|
v.get_slot_description = YUBICO_get_slot_description;
|
||||||
v.get_slot_manufacturer = YUBICO_get_slot_manufacturer;
|
v.get_slot_manufacturer = YUBICO_get_slot_manufacturer;
|
||||||
v.get_slot_flags = YUBICO_get_slot_flags;
|
v.get_slot_flags = YUBICO_get_slot_flags;
|
||||||
v.get_slot_version = YUBICO_get_slot_version;
|
v.get_slot_version = YUBICO_get_slot_version;
|
||||||
v.get_token_label = YUBICO_get_token_label;
|
v.get_token_label = YUBICO_get_token_label;
|
||||||
v.get_token_manufacturer = YUBICO_get_token_manufacturer;
|
v.get_token_manufacturer = YUBICO_get_token_manufacturer;
|
||||||
v.get_token_model = YUBICO_get_token_model;
|
v.get_token_model = YUBICO_get_token_model;
|
||||||
v.get_token_flags = YUBICO_get_token_flags;
|
v.get_token_flags = YUBICO_get_token_flags;
|
||||||
v.get_token_version = YUBICO_get_token_version;
|
v.get_token_version = YUBICO_get_token_version;
|
||||||
v.get_token_serial = YUBICO_get_token_serial;
|
v.get_token_serial = YUBICO_get_token_serial;
|
||||||
|
v.get_token_mechanisms_num = YUBICO_get_token_mechanisms_num;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case UNKNOWN:
|
case UNKNOWN:
|
||||||
default:
|
default:
|
||||||
v.get_slot_description = NULL;
|
v.get_slot_description = NULL;
|
||||||
v.get_slot_manufacturer = NULL;
|
v.get_slot_manufacturer = NULL;
|
||||||
v.get_slot_flags = NULL;
|
v.get_slot_flags = NULL;
|
||||||
v.get_slot_version = NULL;
|
v.get_slot_version = NULL;
|
||||||
v.get_token_label = NULL;
|
v.get_token_label = NULL;
|
||||||
v.get_token_manufacturer = NULL;
|
v.get_token_manufacturer = NULL;
|
||||||
v.get_token_model = NULL;
|
v.get_token_model = NULL;
|
||||||
v.get_token_flags = NULL;
|
v.get_token_flags = NULL;
|
||||||
v.get_token_version = NULL;
|
v.get_token_version = NULL;
|
||||||
v.get_token_serial = NULL;
|
v.get_token_serial = NULL;
|
||||||
|
v.get_token_mechanisms_num = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
return v;
|
return v;
|
||||||
|
|||||||
+23
-20
@@ -8,29 +8,32 @@ typedef enum {
|
|||||||
YUBICO = 0x01
|
YUBICO = 0x01
|
||||||
} vendor_id_t;
|
} vendor_id_t;
|
||||||
|
|
||||||
typedef CK_UTF8CHAR_PTR (*get_s_description_f)(void);
|
typedef CK_RV (*get_s_description_f)(CK_UTF8CHAR_PTR, CK_ULONG);
|
||||||
typedef CK_UTF8CHAR_PTR (*get_s_manufacturer_f)(void);
|
typedef CK_RV (*get_s_manufacturer_f)(CK_UTF8CHAR_PTR, CK_ULONG);
|
||||||
typedef CK_FLAGS (*get_s_flags_f)(void);
|
typedef CK_RV (*get_s_flags_f)(CK_FLAGS_PTR);
|
||||||
typedef CK_VERSION (*get_s_version_f)(CK_UTF8CHAR_PTR, CK_ULONG);
|
typedef CK_RV (*get_s_version_f)(CK_VERSION_PTR);
|
||||||
typedef CK_UTF8CHAR_PTR (*get_t_label_f)(void);
|
typedef CK_RV (*get_t_label_f)(CK_UTF8CHAR_PTR, CK_ULONG);
|
||||||
typedef CK_UTF8CHAR_PTR (*get_t_manufacturer_f)(void);
|
typedef CK_RV (*get_t_manufacturer_f)(CK_UTF8CHAR_PTR, CK_ULONG);
|
||||||
typedef CK_UTF8CHAR_PTR (*get_t_model_f)(void);
|
typedef CK_RV (*get_t_model_f)(CK_UTF8CHAR_PTR, CK_ULONG);
|
||||||
typedef CK_FLAGS (*get_t_flags_f)(void);
|
typedef CK_RV (*get_t_flags_f)(CK_FLAGS_PTR);
|
||||||
typedef CK_VERSION (*get_t_version_f)(CK_UTF8CHAR_PTR, CK_ULONG);
|
typedef CK_RV (*get_t_version_f)(CK_UTF8CHAR_PTR, CK_ULONG, CK_VERSION_PTR);
|
||||||
typedef CK_CHAR_PTR (*get_t_serial_f)(void);
|
typedef CK_RV (*get_t_serial_f)(CK_CHAR_PTR, CK_ULONG);
|
||||||
|
typedef CK_RV (*get_t_mechanisms_num_f)(CK_ULONG_PTR);
|
||||||
|
//typedef CK_RV (*get_t_mechanisms)(CK_);
|
||||||
|
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
get_s_description_f get_slot_description;
|
get_s_description_f get_slot_description;
|
||||||
get_s_manufacturer_f get_slot_manufacturer;
|
get_s_manufacturer_f get_slot_manufacturer;
|
||||||
get_s_flags_f get_slot_flags;
|
get_s_flags_f get_slot_flags;
|
||||||
get_s_version_f get_slot_version;
|
get_s_version_f get_slot_version;
|
||||||
get_t_label_f get_token_label;
|
get_t_label_f get_token_label;
|
||||||
get_t_manufacturer_f get_token_manufacturer;
|
get_t_manufacturer_f get_token_manufacturer;
|
||||||
get_t_model_f get_token_model;
|
get_t_model_f get_token_model;
|
||||||
get_t_flags_f get_token_flags;
|
get_t_flags_f get_token_flags;
|
||||||
get_t_version_f get_token_version;
|
get_t_version_f get_token_version;
|
||||||
get_t_serial_f get_token_serial;
|
get_t_serial_f get_token_serial;
|
||||||
|
get_t_mechanisms_num_f get_token_mechanisms_num;
|
||||||
} vendor_t;
|
} vendor_t;
|
||||||
|
|
||||||
vendor_id_t get_vendor_id(char *vendor_name);
|
vendor_id_t get_vendor_id(char *vendor_name);
|
||||||
|
|||||||
+54
-33
@@ -99,7 +99,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Finalize)(
|
|||||||
memset(slots, 0, sizeof(slots));
|
memset(slots, 0, sizeof(slots));
|
||||||
|
|
||||||
ykpiv_done(piv_state); // TODO: this calls disconnect...
|
ykpiv_done(piv_state); // TODO: this calls disconnect...
|
||||||
piv_state == NULL;
|
piv_state = NULL;
|
||||||
|
|
||||||
DOUT;
|
DOUT;
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
@@ -154,7 +154,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(
|
|||||||
int i;
|
int i;
|
||||||
int j;
|
int j;
|
||||||
|
|
||||||
//ykpiv_get_reader_slot_number(piv_state, &n_readers, &tot_reader_len); // TODO: maybe refactor this with a reader struct?
|
// TODO: check more preconditions
|
||||||
if (pSlotList == NULL_PTR) {
|
if (pSlotList == NULL_PTR) {
|
||||||
// Just return the number of slots
|
// Just return the number of slots
|
||||||
*pulCount = n_slots;
|
*pulCount = n_slots;
|
||||||
@@ -220,8 +220,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(
|
|||||||
vendor_id_t vid;
|
vendor_id_t vid;
|
||||||
vendor_t vendor;
|
vendor_t vendor;
|
||||||
CK_BYTE buf[64];
|
CK_BYTE buf[64];
|
||||||
CK_UTF8CHAR_PTR p;
|
|
||||||
CK_BYTE len;
|
|
||||||
|
|
||||||
if (piv_state == NULL)
|
if (piv_state == NULL)
|
||||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||||
@@ -244,26 +242,24 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(
|
|||||||
vendor = get_vendor(vid); // TODO: make a token field in slot_t ?
|
vendor = get_vendor(vid); // TODO: make a token field in slot_t ?
|
||||||
|
|
||||||
memset(pInfo->label, ' ', sizeof(pInfo->label));
|
memset(pInfo->label, ' ', sizeof(pInfo->label));
|
||||||
p = vendor.get_token_label();
|
if (vendor.get_token_label(pInfo->label, sizeof(pInfo->label)) != CKR_OK)
|
||||||
len = strlen(p);
|
return CKR_FUNCTION_FAILED;
|
||||||
strncpy(pInfo->label, p, len);
|
|
||||||
|
|
||||||
memset(pInfo->manufacturerID, ' ', sizeof(pInfo->manufacturerID));
|
memset(pInfo->manufacturerID, ' ', sizeof(pInfo->manufacturerID));
|
||||||
p = vendor.get_token_manufacturer();
|
if(vendor.get_token_manufacturer(pInfo->manufacturerID, sizeof(pInfo->manufacturerID)) != CKR_OK)
|
||||||
len = strlen(p);
|
return CKR_FUNCTION_FAILED;
|
||||||
strncpy(pInfo->manufacturerID, p, len);
|
|
||||||
|
|
||||||
memset(pInfo->model, ' ', sizeof(pInfo->model));
|
memset(pInfo->model, ' ', sizeof(pInfo->model));
|
||||||
p = vendor.get_token_model();
|
if(vendor.get_token_model(pInfo->model, sizeof(pInfo->model)) != CKR_OK)
|
||||||
len = strlen(p);
|
return CKR_FUNCTION_FAILED;
|
||||||
strncpy(pInfo->model, p, len);
|
|
||||||
|
|
||||||
memset(pInfo->serialNumber, ' ', sizeof(pInfo->serialNumber));
|
memset(pInfo->serialNumber, ' ', sizeof(pInfo->serialNumber));
|
||||||
p = vendor.get_token_serial();
|
if(vendor.get_token_serial(pInfo->serialNumber, sizeof(pInfo->serialNumber)) != CKR_OK)
|
||||||
len = strlen(p);
|
return CKR_FUNCTION_FAILED;
|
||||||
strncpy(pInfo->serialNumber, p, len);
|
|
||||||
|
|
||||||
pInfo->flags = vendor.get_token_flags(); // bit flags indicating capabilities and status of the device as defined below // TODO: what about other flags? Like last attempt
|
// bit flags indicating capabilities and status of the device as defined below // TODO: what about other flags? Like last attempt
|
||||||
|
if (vendor.get_token_flags(&pInfo->flags) != CKR_OK)
|
||||||
|
return CKR_FUNCTION_FAILED;
|
||||||
|
|
||||||
pInfo->ulMaxSessionCount = CK_UNAVAILABLE_INFORMATION; // TODO: should this be 1?
|
pInfo->ulMaxSessionCount = CK_UNAVAILABLE_INFORMATION; // TODO: should this be 1?
|
||||||
|
|
||||||
@@ -286,7 +282,8 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(
|
|||||||
pInfo->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION;
|
pInfo->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION;
|
||||||
|
|
||||||
ykpiv_get_version(piv_state, buf, sizeof(buf));
|
ykpiv_get_version(piv_state, buf, sizeof(buf));
|
||||||
ver = vendor.get_token_version(buf, strlen(buf));
|
if (vendor.get_token_version(buf, strlen(buf), &ver) != CKR_OK)
|
||||||
|
return CKR_FUNCTION_FAILED;
|
||||||
|
|
||||||
pInfo->hardwareVersion = ver; // version number of hardware
|
pInfo->hardwareVersion = ver; // version number of hardware
|
||||||
|
|
||||||
@@ -317,18 +314,40 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismList)(
|
|||||||
)
|
)
|
||||||
{
|
{
|
||||||
DIN;
|
DIN;
|
||||||
|
vendor_t vendor;
|
||||||
|
int i;
|
||||||
|
CK_ULONG count;
|
||||||
|
|
||||||
|
if (piv_state == NULL) {
|
||||||
|
DBG(("libykpiv is not initialized or already finalized"));
|
||||||
|
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (slotID > n_slots || pulCount == NULL_PTR)
|
||||||
|
return CKR_ARGUMENTS_BAD;
|
||||||
|
|
||||||
|
if (slots[slotID].vid == UNKNOWN) {
|
||||||
|
DBG(("Slot %lu is tokenless/unsupported", slotID));
|
||||||
|
return CKR_SLOT_ID_INVALID;
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: check more return values
|
||||||
|
// TODO: user NULL_PTR more for coherence
|
||||||
|
|
||||||
|
vendor = get_vendor(slots[slotID].vid); // TODO: make a token field in slot_t ?;
|
||||||
|
|
||||||
|
if (vendor.get_token_mechanisms_num(&count) != CKR_OK)
|
||||||
|
return CKR_FUNCTION_FAILED;
|
||||||
|
|
||||||
int i;
|
|
||||||
// TODO: check more return values like not init ...
|
|
||||||
if (pMechanismList == NULL_PTR) {
|
if (pMechanismList == NULL_PTR) {
|
||||||
// Just return the number of mechanisms
|
*pulCount = count;
|
||||||
*pulCount = 3;
|
DBG(("Found %lu mechanisms", *pulCount));
|
||||||
DOUT;
|
DOUT;
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (*pulCount < 3) {
|
if (*pulCount < count) {
|
||||||
DBG(("Buffer too small: needed %lu, provided %lu", 1l, *pulCount));
|
DBG(("Buffer too small: needed %lu, provided %lu", count, *pulCount));
|
||||||
return CKR_BUFFER_TOO_SMALL;
|
return CKR_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -411,7 +430,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(
|
|||||||
return CKR_TOKEN_NOT_PRESENT;
|
return CKR_TOKEN_NOT_PRESENT;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (flags & CKF_SERIAL_SESSION == 0) {
|
if ((flags & CKF_SERIAL_SESSION) == 0) {
|
||||||
DBG(("Open session called without CKF_SERIAL_SESSION set"));
|
DBG(("Open session called without CKF_SERIAL_SESSION set"));
|
||||||
return CKR_SESSION_PARALLEL_NOT_SUPPORTED;
|
return CKR_SESSION_PARALLEL_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
@@ -421,11 +440,13 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(
|
|||||||
return CKR_SESSION_COUNT;
|
return CKR_SESSION_COUNT;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: make sue we don't open a session with an UNKNOWN slot/token
|
||||||
|
|
||||||
session = YKCS11_SESSION_ID;
|
session = YKCS11_SESSION_ID;
|
||||||
session_info.slotID = slotID;
|
session_info.slotID = slotID;
|
||||||
// TODO: KEEP TRACK OF THE APPLICATION
|
// TODO: KEEP TRACK OF THE APPLICATION
|
||||||
|
|
||||||
if (flags & CKF_RW_SESSION) {
|
if ((flags & CKF_RW_SESSION)) {
|
||||||
// R/W Session
|
// R/W Session
|
||||||
session_info.state = CKS_RW_PUBLIC_SESSION; // Nobody has logged in, default session
|
session_info.state = CKS_RW_PUBLIC_SESSION; // Nobody has logged in, default session
|
||||||
}
|
}
|
||||||
@@ -472,7 +493,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_CloseAllSessions)(
|
|||||||
)
|
)
|
||||||
{
|
{
|
||||||
DIN;
|
DIN;
|
||||||
|
|
||||||
if (piv_state == NULL)
|
if (piv_state == NULL)
|
||||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||||
|
|
||||||
@@ -481,7 +502,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_CloseAllSessions)(
|
|||||||
|
|
||||||
session = CK_INVALID_HANDLE;
|
session = CK_INVALID_HANDLE;
|
||||||
memset(&session_info, 0, sizeof(CK_SESSION_INFO)); // TODO: Better to call close session?
|
memset(&session_info, 0, sizeof(CK_SESSION_INFO)); // TODO: Better to call close session?
|
||||||
|
|
||||||
DOUT;
|
DOUT;
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
}
|
}
|
||||||
@@ -498,12 +519,12 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetSessionInfo)(
|
|||||||
|
|
||||||
if (pInfo == NULL)
|
if (pInfo == NULL)
|
||||||
return CKR_ARGUMENTS_BAD;
|
return CKR_ARGUMENTS_BAD;
|
||||||
|
|
||||||
if (hSession != session)
|
if (hSession != session)
|
||||||
return CKR_SESSION_HANDLE_INVALID;
|
return CKR_SESSION_HANDLE_INVALID;
|
||||||
|
|
||||||
memcpy(pInfo, &session_info, sizeof(CK_SESSION_INFO));
|
memcpy(pInfo, &session_info, sizeof(CK_SESSION_INFO));
|
||||||
|
|
||||||
DOUT;
|
DOUT;
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
}
|
}
|
||||||
@@ -560,7 +581,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Login)(
|
|||||||
|
|
||||||
if (session == CK_INVALID_HANDLE)
|
if (session == CK_INVALID_HANDLE)
|
||||||
return CKR_SESSION_CLOSED;
|
return CKR_SESSION_CLOSED;
|
||||||
|
|
||||||
if (hSession != session)
|
if (hSession != session)
|
||||||
return CKR_SESSION_HANDLE_INVALID;
|
return CKR_SESSION_HANDLE_INVALID;
|
||||||
|
|
||||||
@@ -569,7 +590,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Login)(
|
|||||||
userType != CKU_CONTEXT_SPECIFIC)
|
userType != CKU_CONTEXT_SPECIFIC)
|
||||||
return CKR_USER_TYPE_INVALID;
|
return CKR_USER_TYPE_INVALID;
|
||||||
|
|
||||||
if (session_info.flags & CKF_RW_SESSION == 0) { // TODO: make macros for these?
|
if ((session_info.flags & CKF_RW_SESSION) == 0) { // TODO: make macros for these?
|
||||||
DBG(("Tried to log-in to a read-only session"));
|
DBG(("Tried to log-in to a read-only session"));
|
||||||
return CKR_SESSION_READ_ONLY_EXISTS;
|
return CKR_SESSION_READ_ONLY_EXISTS;
|
||||||
}
|
}
|
||||||
@@ -578,7 +599,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Login)(
|
|||||||
case CKU_USER:
|
case CKU_USER:
|
||||||
if (session_info.state == CKS_RW_USER_FUNCTIONS)
|
if (session_info.state == CKS_RW_USER_FUNCTIONS)
|
||||||
return CKR_USER_ALREADY_LOGGED_IN;
|
return CKR_USER_ALREADY_LOGGED_IN;
|
||||||
|
|
||||||
tries = 0;
|
tries = 0;
|
||||||
if (ykpiv_verify(piv_state, pPin, (int *)&tries) != YKPIV_OK) {
|
if (ykpiv_verify(piv_state, pPin, (int *)&tries) != YKPIV_OK) {
|
||||||
DBG(("You loose! %lu", tries));
|
DBG(("You loose! %lu", tries));
|
||||||
|
|||||||
+112
-30
@@ -1,86 +1,168 @@
|
|||||||
#include "yubico.h"
|
#include "yubico.h"
|
||||||
#include "pkcs11.h"
|
#include "pkcs11.h"
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
#define YUBICO_MECHANISMS_NUM 5
|
||||||
|
|
||||||
|
// TODO add a type in vendor_t for SLOT | READER
|
||||||
|
static const CK_UTF8CHAR_PTR slot_description = "YubiKey Virtual Reader";
|
||||||
|
static const CK_UTF8CHAR_PTR slot_manufacturer = "Yubico";
|
||||||
|
static const CK_FLAGS slot_flags = CKF_TOKEN_PRESENT | CKF_HW_SLOT;
|
||||||
|
static const CK_VERSION slot_version = {1, 0};
|
||||||
|
static const CK_UTF8CHAR_PTR token_label = "YubiKey PIV X";
|
||||||
|
static const CK_UTF8CHAR_PTR token_manufacturer = "Yubico";
|
||||||
|
static const CK_UTF8CHAR_PTR token_model = "YubiKey MODEL";
|
||||||
|
static const CK_FLAGS token_flags = CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED;
|
||||||
|
static const CK_BYTE_PTR token_serial = "1234";
|
||||||
|
static const CK_MECHANISM_TYPE token_mechanisms[] = {
|
||||||
|
CKM_RSA_PKCS_KEY_PAIR_GEN,
|
||||||
|
CKM_RSA_PKCS,
|
||||||
|
// CKM_RSA_PKCS_PSS,
|
||||||
|
CKM_RSA_X_509,
|
||||||
|
CKM_SHA1_RSA_PKCS,
|
||||||
|
CKM_SHA256_RSA_PKCS,
|
||||||
|
// CKM_SHA384_RSA_PKCS,
|
||||||
|
CKM_SHA512_RSA_PKCS,
|
||||||
|
CKM_SHA1_RSA_PKCS_PSS,
|
||||||
|
CKM_SHA256_RSA_PKCS_PSS,
|
||||||
|
// CKM_SHA384_RSA_PKCS_PSS,
|
||||||
|
CKM_SHA256_RSA_PKCS_PSS,
|
||||||
|
CKM_EC_KEY_PAIR_GEN,
|
||||||
|
//CKM_ECDSA_KEY_PAIR_GEN, Same as CKM_EC_KEY_PAIR_GEN, deprecated in 2.11
|
||||||
|
CKM_ECDSA,
|
||||||
|
CKM_ECDSA_SHA1,
|
||||||
|
CKM_ECDH1_DERIVE,
|
||||||
|
// CKM_ECDH1_COFACTOR_DERIVE,
|
||||||
|
CKM_SHA_1,
|
||||||
|
CKM_SHA256,
|
||||||
|
CKM_SHA384,
|
||||||
|
CKM_SHA512
|
||||||
|
// SUPPORT FOR OATH?
|
||||||
|
};
|
||||||
|
static const CK_ULONG token_mechanisms_num = sizeof(token_mechanisms) / sizeof(CK_MECHANISM_TYPE);
|
||||||
|
|
||||||
|
|
||||||
CK_UTF8CHAR_PTR YUBICO_get_slot_description(void) {
|
CK_RV YUBICO_get_slot_description(CK_UTF8CHAR_PTR str, CK_ULONG len) {
|
||||||
|
|
||||||
return "YubiKey Virtual Reader";
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
CK_UTF8CHAR_PTR YUBICO_get_slot_manufacturer(void) {
|
if (strlen(slot_description) > len)
|
||||||
|
return CKR_BUFFER_TOO_SMALL;
|
||||||
|
|
||||||
return "Yubico";
|
memcpy(str, slot_description, strlen(slot_description));
|
||||||
|
return CKR_OK;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_FLAGS YUBICO_get_slot_flags(void) {
|
CK_RV YUBICO_get_slot_manufacturer(CK_UTF8CHAR_PTR str, CK_ULONG len) {
|
||||||
|
|
||||||
return CKF_TOKEN_PRESENT | CKF_HW_SLOT;
|
if (strlen(slot_manufacturer) > len)
|
||||||
|
return CKR_BUFFER_TOO_SMALL;
|
||||||
|
|
||||||
|
memcpy(str, slot_manufacturer, strlen(slot_manufacturer));
|
||||||
|
return CKR_OK;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_VERSION YUBICO_get_slot_version(CK_UTF8CHAR_PTR version, CK_ULONG len) {
|
CK_RV YUBICO_get_slot_flags(CK_FLAGS_PTR flags) {
|
||||||
|
|
||||||
CK_VERSION v = {1.0}; // Dummy value
|
*flags = slot_flags;
|
||||||
|
return CKR_OK;
|
||||||
|
|
||||||
return v;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_UTF8CHAR_PTR YUBICO_get_token_label(void) {
|
CK_RV YUBICO_get_slot_version(CK_VERSION_PTR version) {
|
||||||
|
|
||||||
return "YubiKey PIV";
|
version->major = slot_version.major;
|
||||||
|
version->minor = slot_version.minor;
|
||||||
|
|
||||||
|
return CKR_OK;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_UTF8CHAR_PTR YUBICO_get_token_manufacturer(void) {
|
CK_RV YUBICO_get_token_label(CK_UTF8CHAR_PTR str, CK_ULONG len) {
|
||||||
|
|
||||||
return "Yubico";
|
if (strlen(token_label) > len)
|
||||||
|
return CKR_BUFFER_TOO_SMALL;
|
||||||
|
|
||||||
|
memcpy(str, token_label, strlen(token_label));
|
||||||
|
return CKR_OK;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_UTF8CHAR_PTR YUBICO_get_token_model(void) {
|
CK_RV YUBICO_get_token_manufacturer(CK_UTF8CHAR_PTR str, CK_ULONG len) {
|
||||||
|
|
||||||
return "PRO";
|
if (strlen(token_manufacturer) > len)
|
||||||
|
return CKR_BUFFER_TOO_SMALL;
|
||||||
|
|
||||||
|
memcpy(str, token_manufacturer, strlen(token_manufacturer));
|
||||||
|
return CKR_OK;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_FLAGS YUBICO_get_token_flags(void) {
|
CK_RV YUBICO_get_token_model(CK_UTF8CHAR_PTR str, CK_ULONG len) {
|
||||||
|
|
||||||
return CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED;
|
if (strlen(token_model) > len)
|
||||||
|
return CKR_BUFFER_TOO_SMALL;
|
||||||
|
|
||||||
|
memcpy(str, token_model, strlen(token_model));
|
||||||
|
return CKR_OK;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_VERSION YUBICO_get_token_version(CK_UTF8CHAR_PTR version, CK_ULONG len) {
|
CK_RV YUBICO_get_token_flags(CK_FLAGS_PTR flags) {
|
||||||
|
|
||||||
|
*flags = token_flags;
|
||||||
|
return CKR_OK;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
CK_RV YUBICO_get_token_version(CK_UTF8CHAR_PTR v_str, CK_ULONG len, CK_VERSION_PTR version) {
|
||||||
|
|
||||||
CK_VERSION v = {0, 0};
|
CK_VERSION v = {0, 0};
|
||||||
int i = 0;
|
int i = 0;
|
||||||
|
|
||||||
while (i < len && version[i] != '.') {
|
while (i < len && v_str[i] != '.') {
|
||||||
v.major *= 10;
|
v.major *= 10;
|
||||||
v.major += version[i++] - '0';
|
v.major += v_str[i++] - '0';
|
||||||
}
|
}
|
||||||
|
|
||||||
i++;
|
i++;
|
||||||
|
|
||||||
while (i < len && version[i] != '.') {
|
while (i < len && v_str[i] != '.') {
|
||||||
v.minor *= 10;
|
v.minor *= 10;
|
||||||
v.minor += version[i++] - '0';
|
v.minor += v_str[i++] - '0';
|
||||||
}
|
}
|
||||||
|
|
||||||
i++;
|
i++;
|
||||||
|
|
||||||
while (i < len && version[i] != '.') {
|
while (i < len && v_str[i] != '.') {
|
||||||
v.minor *= 10;
|
v.minor *= 10;
|
||||||
v.minor += version[i++] - '0';
|
v.minor += v_str[i++] - '0';
|
||||||
}
|
}
|
||||||
|
|
||||||
return v;
|
version->major = v.major;
|
||||||
|
version->minor = v.minor;
|
||||||
|
|
||||||
|
return CKR_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_BYTE_PTR YUBICO_get_token_serial(void) {
|
CK_RV YUBICO_get_token_serial(CK_CHAR_PTR str, CK_ULONG len) {
|
||||||
|
|
||||||
return "1234";
|
if (strlen(token_serial) > len)
|
||||||
|
return CKR_BUFFER_TOO_SMALL;
|
||||||
|
|
||||||
|
memcpy(str, token_serial, strlen(token_serial));
|
||||||
|
return CKR_OK;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CK_RV YUBICO_get_token_mechanisms_num(CK_ULONG_PTR num) {
|
||||||
|
|
||||||
|
*num = token_mechanisms_num;
|
||||||
|
return CKR_OK;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/*CK_RV YUBICO_get_token_mechanisms(void) {
|
||||||
|
|
||||||
|
}*/
|
||||||
|
|||||||
+11
-10
@@ -3,15 +3,16 @@
|
|||||||
|
|
||||||
#include "pkcs11.h"
|
#include "pkcs11.h"
|
||||||
|
|
||||||
CK_UTF8CHAR_PTR YUBICO_get_slot_description(void);
|
CK_RV YUBICO_get_slot_description(CK_UTF8CHAR_PTR str, CK_ULONG len);
|
||||||
CK_UTF8CHAR_PTR YUBICO_get_slot_manufacturer(void);
|
CK_RV YUBICO_get_slot_manufacturer(CK_UTF8CHAR_PTR str, CK_ULONG len);
|
||||||
CK_FLAGS YUBICO_get_slot_flags(void);
|
CK_RV YUBICO_get_slot_flags(CK_FLAGS_PTR flags);
|
||||||
CK_VERSION YUBICO_get_slot_version(CK_UTF8CHAR_PTR version, CK_ULONG len);
|
CK_RV YUBICO_get_slot_version(CK_VERSION_PTR version);
|
||||||
CK_UTF8CHAR_PTR YUBICO_get_token_label(void);
|
CK_RV YUBICO_get_token_label(CK_UTF8CHAR_PTR str, CK_ULONG len);
|
||||||
CK_UTF8CHAR_PTR YUBICO_get_token_manufacturer(void);
|
CK_RV YUBICO_get_token_manufacturer(CK_UTF8CHAR_PTR str, CK_ULONG len);
|
||||||
CK_UTF8CHAR_PTR YUBICO_get_token_model(void);
|
CK_RV YUBICO_get_token_model(CK_UTF8CHAR_PTR str, CK_ULONG len);
|
||||||
CK_FLAGS YUBICO_get_token_flags(void);
|
CK_RV YUBICO_get_token_flags(CK_FLAGS_PTR flags);
|
||||||
CK_CHAR_PTR YUBICO_get_token_serial(void);
|
CK_RV YUBICO_get_token_serial(CK_CHAR_PTR str, CK_ULONG len);
|
||||||
CK_VERSION YUBICO_get_token_version(CK_UTF8CHAR_PTR version, CK_ULONG len);
|
CK_RV YUBICO_get_token_version(CK_UTF8CHAR_PTR v_str, CK_ULONG v_str_len, CK_VERSION_PTR version);
|
||||||
|
CK_RV YUBICO_get_token_mechanisms_num(CK_ULONG_PTR num);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Reference in New Issue
Block a user