YKCS11: Change DBG to print to stderr.

This commit is contained in:
Alessio Di Mauro
2015-11-05 15:26:59 +01:00
parent 98f3462e5e
commit 602208bf20
7 changed files with 318 additions and 318 deletions
+5 -5
View File
@@ -4,15 +4,15 @@
#define YKCS11_DBG 1 // General debug, must be either 1 or 0 #define YKCS11_DBG 1 // General debug, must be either 1 or 0
#define YKCS11_DINOUT 1 // Function in/out debug, must be either 1 or 0 #define YKCS11_DINOUT 1 // Function in/out debug, must be either 1 or 0
#define D(x) do { \ #define D(x...) do { \
printf ("debug: %s:%d (%s): ", __FILE__, __LINE__, __FUNCTION__); \ fprintf (stderr, "debug: %s:%d (%s): ", __FILE__, __LINE__, __FUNCTION__); \
printf x; \ fprintf (stderr, x); \
printf ("\n"); \ fprintf (stderr, "\n"); \
} while (0) } while (0)
#if YKCS11_DBG #if YKCS11_DBG
#include <stdio.h> #include <stdio.h>
#define DBG(x) D(x); #define DBG(x...) D(x);
#else #else
#define DBG(x) #define DBG(x)
#endif #endif
+4 -4
View File
@@ -376,7 +376,7 @@ CK_RV check_pubkey_template(op_info_t *op_info, CK_ATTRIBUTE_PTR templ, CK_ULONG
// Only support F4 // Only support F4
if (templ[i].ulValueLen != 3 || memcmp((CK_BYTE_PTR)templ[i].pValue, F4, 3) != 0) { if (templ[i].ulValueLen != 3 || memcmp((CK_BYTE_PTR)templ[i].pValue, F4, 3) != 0) {
DBG(("Unsupported public exponent")); DBG("Unsupported public exponent");
return CKR_ATTRIBUTE_VALUE_INVALID; return CKR_ATTRIBUTE_VALUE_INVALID;
} }
@@ -388,7 +388,7 @@ CK_RV check_pubkey_template(op_info_t *op_info, CK_ATTRIBUTE_PTR templ, CK_ULONG
if (*((CK_ULONG_PTR) templ[i].pValue) != 1024 && if (*((CK_ULONG_PTR) templ[i].pValue) != 1024 &&
*((CK_ULONG_PTR) templ[i].pValue) != 2048) { // TODO: make define? *((CK_ULONG_PTR) templ[i].pValue) != 2048) { // TODO: make define?
DBG(("Unsupported MODULUS_BITS (key length)")); DBG("Unsupported MODULUS_BITS (key length)");
return CKR_ATTRIBUTE_VALUE_INVALID; return CKR_ATTRIBUTE_VALUE_INVALID;
} }
@@ -419,7 +419,7 @@ CK_RV check_pubkey_template(op_info_t *op_info, CK_ATTRIBUTE_PTR templ, CK_ULONG
break; break;
default: default:
DBG(("Invalid attribute %lx in public key template", templ[i].type)); DBG("Invalid attribute %lx in public key template", templ[i].type);
return CKR_ATTRIBUTE_TYPE_INVALID; return CKR_ATTRIBUTE_TYPE_INVALID;
} }
} }
@@ -488,7 +488,7 @@ CK_RV check_pvtkey_template(op_info_t *op_info, CK_ATTRIBUTE_PTR templ, CK_ULONG
break; break;
default: default:
DBG(("Invalid attribute %lx in private key template", templ[i].type)); DBG("Invalid attribute %lx in private key template", templ[i].type);
return CKR_ATTRIBUTE_TYPE_INVALID; return CKR_ATTRIBUTE_TYPE_INVALID;
} }
} }
+76 -76
View File
@@ -242,11 +242,11 @@ CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
CK_BYTE_PTR data; CK_BYTE_PTR data;
CK_BYTE tmp[64]; CK_BYTE tmp[64];
CK_ULONG len = 0; CK_ULONG len = 0;
DBG(("For data object %lu, get ", obj)); DBG("For data object %lu, get ", obj);
switch (template->type) { switch (template->type) {
case CKA_CLASS: case CKA_CLASS:
DBG(("CLASS")); DBG("CLASS");
len = 1; len = 1;
tmp[0] = CKO_DATA; tmp[0] = CKO_DATA;
data = tmp; data = tmp;
@@ -254,51 +254,51 @@ CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
case CKA_TOKEN: case CKA_TOKEN:
// Technically all these objects are token objects // Technically all these objects are token objects
DBG(("TOKEN")); DBG("TOKEN");
len = 1; len = 1;
tmp[0] = piv_objects[obj].token; tmp[0] = piv_objects[obj].token;
data = tmp; data = tmp;
break; break;
case CKA_PRIVATE: case CKA_PRIVATE:
DBG(("PRIVATE")); DBG("PRIVATE");
len = 1; len = 1;
tmp[0] = piv_objects[obj].private; tmp[0] = piv_objects[obj].private;
data = tmp; data = tmp;
break; break;
case CKA_LABEL: case CKA_LABEL:
DBG(("LABEL")); DBG("LABEL");
len = strlen(piv_objects[obj].label) + 1; len = strlen(piv_objects[obj].label) + 1;
data = (CK_BYTE_PTR) piv_objects[obj].label; data = (CK_BYTE_PTR) piv_objects[obj].label;
break; break;
case CKA_APPLICATION: case CKA_APPLICATION:
DBG(("APPLICATION")); DBG("APPLICATION");
len = strlen(piv_objects[obj].label) + 1; len = strlen(piv_objects[obj].label) + 1;
data = (CK_BYTE_PTR) piv_objects[obj].label; data = (CK_BYTE_PTR) piv_objects[obj].label;
break; break;
case CKA_VALUE: // TODO: this can be done with -r and -d|-a case CKA_VALUE: // TODO: this can be done with -r and -d|-a
DBG(("VALUE TODO!!!")); DBG("VALUE TODO!!!");
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
case CKA_OBJECT_ID: // TODO: how about just storing the OID in DER ? case CKA_OBJECT_ID: // TODO: how about just storing the OID in DER ?
DBG(("OID")); DBG("OID");
strcpy((char *)tmp, data_objects[piv_objects[obj].sub_id].oid); strcpy((char *)tmp, data_objects[piv_objects[obj].sub_id].oid);
asn1_encode_oid(tmp, tmp, &len); asn1_encode_oid(tmp, tmp, &len);
data = tmp; data = tmp;
break; break;
case CKA_MODIFIABLE: case CKA_MODIFIABLE:
DBG(("MODIFIABLE")); DBG("MODIFIABLE");
len = 1; len = 1;
tmp[0] = piv_objects[obj].modifiable; tmp[0] = piv_objects[obj].modifiable;
data = tmp; data = tmp;
break; break;
default: default:
DBG(("UNKNOWN ATTRIBUTE %lx", template[0].type)); DBG("UNKNOWN ATTRIBUTE %lx", template[0].type);
template->ulValueLen = CK_UNAVAILABLE_INFORMATION; template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
return CKR_ATTRIBUTE_TYPE_INVALID; return CKR_ATTRIBUTE_TYPE_INVALID;
} }
@@ -326,11 +326,11 @@ CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
CK_BYTE b_tmp[1024]; CK_BYTE b_tmp[1024];
CK_ULONG ul_tmp; CK_ULONG ul_tmp;
CK_ULONG len = 0; CK_ULONG len = 0;
DBG(("For certificate object %lu, get ", obj)); DBG("For certificate object %lu, get ", obj);
switch (template->type) { switch (template->type) {
case CKA_CLASS: case CKA_CLASS:
DBG(("CLASS")); DBG("CLASS");
len = sizeof(CK_ULONG); len = sizeof(CK_ULONG);
ul_tmp = CKO_CERTIFICATE; ul_tmp = CKO_CERTIFICATE;
data = (CK_BYTE_PTR) &ul_tmp; data = (CK_BYTE_PTR) &ul_tmp;
@@ -338,27 +338,27 @@ CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
case CKA_TOKEN: case CKA_TOKEN:
// Technically all these objects are token objects // Technically all these objects are token objects
DBG(("TOKEN")); DBG("TOKEN");
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = piv_objects[obj].token; b_tmp[0] = piv_objects[obj].token;
data = b_tmp; data = b_tmp;
break; break;
case CKA_PRIVATE: case CKA_PRIVATE:
DBG(("PRIVATE")); DBG("PRIVATE");
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = piv_objects[obj].private; b_tmp[0] = piv_objects[obj].private;
data = b_tmp; data = b_tmp;
break; break;
case CKA_LABEL: case CKA_LABEL:
DBG(("LABEL")); DBG("LABEL");
len = strlen(piv_objects[obj].label) + 1; len = strlen(piv_objects[obj].label) + 1;
data = (CK_BYTE_PTR) piv_objects[obj].label; data = (CK_BYTE_PTR) piv_objects[obj].label;
break; break;
case CKA_VALUE: case CKA_VALUE:
DBG(("VALUE")); DBG("VALUE");
len = sizeof(b_tmp); len = sizeof(b_tmp);
if (get_raw_cert(cert_objects[piv_objects[obj].sub_id].data, b_tmp, &len) != CKR_OK) if (get_raw_cert(cert_objects[piv_objects[obj].sub_id].data, b_tmp, &len) != CKR_OK)
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
@@ -366,48 +366,48 @@ CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
break; break;
case CKA_CERTIFICATE_TYPE: case CKA_CERTIFICATE_TYPE:
DBG(("CERTIFICATE TYPE")); DBG("CERTIFICATE TYPE");
len = sizeof(CK_ULONG); len = sizeof(CK_ULONG);
ul_tmp = CKC_X_509; // Support only X.509 certs ul_tmp = CKC_X_509; // Support only X.509 certs
data = (CK_BYTE_PTR) &ul_tmp; data = (CK_BYTE_PTR) &ul_tmp;
break; break;
case CKA_ISSUER: case CKA_ISSUER:
DBG(("ISSUER TODO")); // Default empty DBG("ISSUER TODO"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
case CKA_SERIAL_NUMBER: case CKA_SERIAL_NUMBER:
DBG(("SERIAL NUMBER TODO")); // Default empty DBG("SERIAL NUMBER TODO"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
case CKA_SUBJECT: case CKA_SUBJECT:
DBG(("SUBJECT TODO")); // Required DBG("SUBJECT TODO"); // Required
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
case CKA_ID: case CKA_ID:
DBG(("ID")); DBG("ID");
len = sizeof(CK_BYTE); len = sizeof(CK_BYTE);
b_tmp[0] = piv_objects[obj].sub_id; b_tmp[0] = piv_objects[obj].sub_id;
data = b_tmp; data = b_tmp;
break; break;
case CKA_START_DATE: case CKA_START_DATE:
DBG(("START DATE TODO")); // Default empty DBG("START DATE TODO"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
case CKA_END_DATE: case CKA_END_DATE:
DBG(("END DATE TODO")); // Default empty DBG("END DATE TODO"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
case CKA_MODIFIABLE: case CKA_MODIFIABLE:
DBG(("MODIFIABLE")); DBG("MODIFIABLE");
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = piv_objects[obj].modifiable; b_tmp[0] = piv_objects[obj].modifiable;
data = b_tmp; data = b_tmp;
break; break;
default: // TODO: there are other attributes for a (x509) certificate default: // TODO: there are other attributes for a (x509) certificate
DBG(("UNKNOWN ATTRIBUTE %lx", template[0].type)); DBG("UNKNOWN ATTRIBUTE %lx", template[0].type);
template->ulValueLen = CK_UNAVAILABLE_INFORMATION; template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
return CKR_ATTRIBUTE_TYPE_INVALID; return CKR_ATTRIBUTE_TYPE_INVALID;
} }
@@ -435,11 +435,11 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
CK_BYTE b_tmp[1024]; CK_BYTE b_tmp[1024];
CK_ULONG ul_tmp; // TODO: fix elsewhere too CK_ULONG ul_tmp; // TODO: fix elsewhere too
CK_ULONG len = 0; CK_ULONG len = 0;
DBG(("For private key object %lu, get ", obj)); DBG("For private key object %lu, get ", obj);
switch (template->type) { switch (template->type) {
case CKA_CLASS: case CKA_CLASS:
DBG(("CLASS")); DBG("CLASS");
len = sizeof(CK_ULONG); len = sizeof(CK_ULONG);
ul_tmp = CKO_PRIVATE_KEY; ul_tmp = CKO_PRIVATE_KEY;
data = (CK_BYTE_PTR) &ul_tmp; data = (CK_BYTE_PTR) &ul_tmp;
@@ -447,27 +447,27 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
case CKA_TOKEN: case CKA_TOKEN:
// Technically all these objects are token objects // Technically all these objects are token objects
DBG(("TOKEN")); DBG("TOKEN");
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = piv_objects[obj].token; b_tmp[0] = piv_objects[obj].token;
data = b_tmp; data = b_tmp;
break; break;
case CKA_PRIVATE: case CKA_PRIVATE:
DBG(("PRIVATE")); DBG("PRIVATE");
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = piv_objects[obj].private; b_tmp[0] = piv_objects[obj].private;
data = b_tmp; data = b_tmp;
break; break;
case CKA_LABEL: case CKA_LABEL:
DBG(("LABEL")); DBG("LABEL");
len = strlen(piv_objects[obj].label) + 1; len = strlen(piv_objects[obj].label) + 1;
data =(CK_BYTE_PTR) piv_objects[obj].label; data =(CK_BYTE_PTR) piv_objects[obj].label;
break; break;
case CKA_KEY_TYPE: case CKA_KEY_TYPE:
DBG(("KEY TYPE")); DBG("KEY TYPE");
len = sizeof(CK_ULONG); len = sizeof(CK_ULONG);
ul_tmp = get_key_type(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk ul_tmp = get_key_type(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk
if (ul_tmp == CKK_VENDOR_DEFINED) if (ul_tmp == CKK_VENDOR_DEFINED)
@@ -476,62 +476,62 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
break; break;
case CKA_SUBJECT: case CKA_SUBJECT:
DBG(("SUBJECT TODO")); // Default empty DBG("SUBJECT TODO"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
case CKA_ID: case CKA_ID:
DBG(("ID")); DBG("ID");
len = sizeof(CK_BYTE); len = sizeof(CK_BYTE);
ul_tmp = piv_objects[obj].sub_id; ul_tmp = piv_objects[obj].sub_id;
data = (CK_BYTE_PTR) &ul_tmp; data = (CK_BYTE_PTR) &ul_tmp;
break; break;
case CKA_SENSITIVE: case CKA_SENSITIVE:
DBG(("SENSITIVE TODO")); // Default empty DBG("SENSITIVE TODO"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
case CKA_DECRYPT: case CKA_DECRYPT:
DBG(("DECRYPT")); // Default empty DBG("DECRYPT"); // Default empy
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].decrypt; b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].decrypt;
data = b_tmp; data = b_tmp;
break; break;
case CKA_UNWRAP: case CKA_UNWRAP:
DBG(("UNWRAP")); // Default empty DBG("UNWRAP"); // Default empty
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].unwrap; b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].unwrap;
data = b_tmp; data = b_tmp;
break; break;
case CKA_SIGN: case CKA_SIGN:
DBG(("SIGN")); // Default empty DBG("SIGN"); // Default empty
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].sign; b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].sign;
data = b_tmp; data = b_tmp;
break; break;
case CKA_SIGN_RECOVER: case CKA_SIGN_RECOVER:
DBG(("SIGN RECOVER TODO")); // Default empty DBG("SIGN RECOVER TODO"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
case CKA_DERIVE: case CKA_DERIVE:
DBG(("DERIVE")); // Default false DBG("DERIVE"); // Default false
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].derive; b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].derive;
data = b_tmp; data = b_tmp;
break; break;
case CKA_START_DATE: case CKA_START_DATE:
DBG(("START DATE TODO")); // Default empty DBG("START DATE TODO"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
case CKA_END_DATE: case CKA_END_DATE:
DBG(("END DATE TODO")); // Default empty DBG("END DATE TODO"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
case CKA_MODULUS: case CKA_MODULUS:
DBG(("MODULUS")); DBG("MODULUS");
len = sizeof(b_tmp); len = sizeof(b_tmp);
// Make sure that this is an RSA key // Make sure that this is an RSA key
@@ -547,7 +547,7 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
break; break;
case CKA_EC_POINT: case CKA_EC_POINT:
DBG(("EC_POINT")); DBG("EC_POINT");
len = sizeof(b_tmp); len = sizeof(b_tmp);
// Make sure that this is an EC key // Make sure that this is an EC key
@@ -564,7 +564,7 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
case CKA_EC_PARAMS: case CKA_EC_PARAMS:
// Here we want the curve parameters (DER encoded OID) // Here we want the curve parameters (DER encoded OID)
DBG(("EC_PARAMS")); DBG("EC_PARAMS");
len = sizeof(b_tmp); len = sizeof(b_tmp);
// Make sure that this is an EC key // Make sure that this is an EC key
@@ -581,7 +581,7 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
break; break;
case CKA_MODULUS_BITS: case CKA_MODULUS_BITS:
DBG(("MODULUS BITS")); DBG("MODULUS BITS");
len = sizeof(CK_ULONG); len = sizeof(CK_ULONG);
// Make sure that this is an RSA key // Make sure that this is an RSA key
@@ -598,7 +598,7 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
break; break;
case CKA_PUBLIC_EXPONENT: case CKA_PUBLIC_EXPONENT:
DBG(("PUBLIC EXPONENT")); DBG("PUBLIC EXPONENT");
len = sizeof(CK_ULONG); len = sizeof(CK_ULONG);
// Make sure that this is an RSA key // Make sure that this is an RSA key
@@ -627,21 +627,21 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
/* case CKA_VALUE_LEN: */ /* case CKA_VALUE_LEN: */
/* case CKA_EXTRACTABLE: */ /* case CKA_EXTRACTABLE: */
case CKA_LOCAL: case CKA_LOCAL:
DBG(("LOCAL TODO")); // Required DBG("LOCAL TODO"); // Required
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
/* case CKA_NEVER_EXTRACTABLE: */ /* case CKA_NEVER_EXTRACTABLE: */
/*case CKA_ALWAYS_SENSITIVE:*/ /*case CKA_ALWAYS_SENSITIVE:*/
case CKA_ALWAYS_AUTHENTICATE: case CKA_ALWAYS_AUTHENTICATE:
DBG(("ALWAYS AUTHENTICATE")); DBG("ALWAYS AUTHENTICATE");
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].always_auth; b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].always_auth;
data = b_tmp; data = b_tmp;
break; break;
case CKA_MODIFIABLE: case CKA_MODIFIABLE:
DBG(("MODIFIABLE")); DBG("MODIFIABLE");
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = piv_objects[obj].modifiable; b_tmp[0] = piv_objects[obj].modifiable;
data = b_tmp; data = b_tmp;
@@ -649,7 +649,7 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
/*case CKA_VENDOR_DEFINED:*/ /*case CKA_VENDOR_DEFINED:*/
default: default:
DBG(("UNKNOWN ATTRIBUTE %lx", template[0].type)); // TODO: there are other parameters for public keys, plus there is more if the key is RSA DBG("UNKNOWN ATTRIBUTE %lx", template[0].type); // TODO: there are other parameters for public keys, plus there is more if the key is RSA
template->ulValueLen = CK_UNAVAILABLE_INFORMATION; template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
return CKR_ATTRIBUTE_TYPE_INVALID; return CKR_ATTRIBUTE_TYPE_INVALID;
} }
@@ -677,11 +677,11 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
CK_BYTE b_tmp[1024]; CK_BYTE b_tmp[1024];
CK_ULONG ul_tmp; CK_ULONG ul_tmp;
CK_ULONG len = 0; CK_ULONG len = 0;
DBG(("For public key object %lu, get ", obj)); DBG("For public key object %lu, get ", obj);
switch (template->type) { switch (template->type) {
case CKA_CLASS: case CKA_CLASS:
DBG(("CLASS")); DBG("CLASS");
len = sizeof(CK_ULONG); len = sizeof(CK_ULONG);
ul_tmp = CKO_PUBLIC_KEY; ul_tmp = CKO_PUBLIC_KEY;
data = (CK_BYTE_PTR) &ul_tmp; data = (CK_BYTE_PTR) &ul_tmp;
@@ -689,27 +689,27 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
case CKA_TOKEN: case CKA_TOKEN:
// Technically all these objects are token objects // Technically all these objects are token objects
DBG(("TOKEN")); DBG("TOKEN");
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = piv_objects[obj].token; b_tmp[0] = piv_objects[obj].token;
data = b_tmp; data = b_tmp;
break; break;
case CKA_PRIVATE: case CKA_PRIVATE:
DBG(("PRIVATE")); DBG("PRIVATE");
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = piv_objects[obj].private; b_tmp[0] = piv_objects[obj].private;
data = b_tmp; data = b_tmp;
break; break;
case CKA_LABEL: case CKA_LABEL:
DBG(("LABEL")); DBG("LABEL");
len = strlen(piv_objects[obj].label) + 1; len = strlen(piv_objects[obj].label) + 1;
data = (CK_BYTE_PTR)piv_objects[obj].label; data = (CK_BYTE_PTR)piv_objects[obj].label;
break; break;
case CKA_KEY_TYPE: case CKA_KEY_TYPE:
DBG(("KEY TYPE")); DBG("KEY TYPE");
len = sizeof(CK_ULONG); len = sizeof(CK_ULONG);
ul_tmp = get_key_type(pubkey_objects[piv_objects[obj].sub_id].data); ul_tmp = get_key_type(pubkey_objects[piv_objects[obj].sub_id].data);
if (ul_tmp == CKK_VENDOR_DEFINED) // This value is used as an error here if (ul_tmp == CKK_VENDOR_DEFINED) // This value is used as an error here
@@ -718,54 +718,54 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
break; break;
case CKA_SUBJECT: case CKA_SUBJECT:
DBG(("SUBJECT TODO")); // Default empty DBG("SUBJECT TODO"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
case CKA_ID: case CKA_ID:
DBG(("ID")); DBG("ID");
len = sizeof(CK_BYTE); len = sizeof(CK_BYTE);
b_tmp[0] = piv_objects[obj].sub_id; b_tmp[0] = piv_objects[obj].sub_id;
data = b_tmp; data = b_tmp;
break; break;
case CKA_ENCRYPT: case CKA_ENCRYPT:
DBG(("ENCRYPT")); DBG("ENCRYPT");
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = pubkey_objects[piv_objects[obj].sub_id].encrypt; b_tmp[0] = pubkey_objects[piv_objects[obj].sub_id].encrypt;
data = b_tmp; data = b_tmp;
break; break;
case CKA_VERIFY: // TODO: what about verify recover ? case CKA_VERIFY: // TODO: what about verify recover ?
DBG(("VERIFY")); DBG("VERIFY");
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = pubkey_objects[piv_objects[obj].sub_id].verify; b_tmp[0] = pubkey_objects[piv_objects[obj].sub_id].verify;
data = b_tmp; data = b_tmp;
break; break;
case CKA_WRAP: case CKA_WRAP:
DBG(("WRAP")); DBG("WRAP");
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = pubkey_objects[piv_objects[obj].sub_id].wrap; b_tmp[0] = pubkey_objects[piv_objects[obj].sub_id].wrap;
data = b_tmp; data = b_tmp;
break; break;
case CKA_DERIVE: case CKA_DERIVE:
DBG(("DERIVE")); DBG("DERIVE");
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = pubkey_objects[piv_objects[obj].sub_id].derive; b_tmp[0] = pubkey_objects[piv_objects[obj].sub_id].derive;
data = b_tmp; data = b_tmp;
break; break;
case CKA_START_DATE: case CKA_START_DATE:
DBG(("START DATE TODO")); // Default empty DBG("START DATE TODO"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
case CKA_END_DATE: case CKA_END_DATE:
DBG(("END DATE TODO")); // Default empty DBG("END DATE TODO"); // Default empty
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
case CKA_EC_POINT: case CKA_EC_POINT:
DBG(("EC_POINT")); DBG("EC_POINT");
len = sizeof(b_tmp); len = sizeof(b_tmp);
// Make sure that this is an EC key // Make sure that this is an EC key
@@ -782,7 +782,7 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
case CKA_EC_PARAMS: case CKA_EC_PARAMS:
// Here we want the curve parameters (DER encoded OID) // Here we want the curve parameters (DER encoded OID)
DBG(("EC_PARAMS")); DBG("EC_PARAMS");
len = sizeof(b_tmp); len = sizeof(b_tmp);
// Make sure that this is an EC key // Make sure that this is an EC key
@@ -799,7 +799,7 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
break; break;
case CKA_MODULUS: case CKA_MODULUS:
DBG(("MODULUS")); DBG("MODULUS");
len = sizeof(b_tmp); len = sizeof(b_tmp);
// Make sure that this is an RSA key // Make sure that this is an RSA key
@@ -815,7 +815,7 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
break; break;
case CKA_MODULUS_BITS: case CKA_MODULUS_BITS:
DBG(("MODULUS BITS")); DBG("MODULUS BITS");
len = sizeof(CK_ULONG); len = sizeof(CK_ULONG);
// Make sure that this is an RSA key // Make sure that this is an RSA key
@@ -832,7 +832,7 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
break; break;
case CKA_PUBLIC_EXPONENT: case CKA_PUBLIC_EXPONENT:
DBG(("PUBLIC EXPONENT")); DBG("PUBLIC EXPONENT");
len = sizeof(CK_ULONG); len = sizeof(CK_ULONG);
// Make sure that this is an RSA key // Make sure that this is an RSA key
@@ -849,18 +849,18 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
break; break;
case CKA_LOCAL: case CKA_LOCAL:
DBG(("LOCAL TODO")); // Required DBG("LOCAL TODO"); // Required
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
case CKA_MODIFIABLE: case CKA_MODIFIABLE:
DBG(("MODIFIABLE")); DBG("MODIFIABLE");
len = sizeof(CK_BBOOL); len = sizeof(CK_BBOOL);
b_tmp[0] = piv_objects[obj].modifiable; b_tmp[0] = piv_objects[obj].modifiable;
data = b_tmp; data = b_tmp;
break; break;
default: default:
DBG(("UNKNOWN ATTRIBUTE %lx", template[0].type)); // TODO: there are other parameters for public keys DBG("UNKNOWN ATTRIBUTE %lx", template[0].type); // TODO: there are other parameters for public keys
template->ulValueLen = CK_UNAVAILABLE_INFORMATION; template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
return CKR_ATTRIBUTE_TYPE_INVALID; return CKR_ATTRIBUTE_TYPE_INVALID;
} }
@@ -990,7 +990,7 @@ CK_RV get_available_certificate_ids(ykcs11_session_t *s, piv_obj_id_t *cert_ids,
if (IS_CERT(s->slot->token->objects[i]) == CK_TRUE) if (IS_CERT(s->slot->token->objects[i]) == CK_TRUE)
cert_ids[j++] = s->slot->token->objects[i]; cert_ids[j++] = s->slot->token->objects[i];
DBG(("Just to check: %lu %lu", j, n_certs)); DBG("Just to check: %lu %lu", j, n_certs);
return CKR_OK; return CKR_OK;
} }
@@ -1066,7 +1066,7 @@ CK_RV check_create_cert(CK_ATTRIBUTE_PTR templ, CK_ULONG n,
break; break;
default: default:
DBG(("Invalid %lx", templ[i].type)); DBG("Invalid %lx", templ[i].type);
return CKR_ATTRIBUTE_TYPE_INVALID; return CKR_ATTRIBUTE_TYPE_INVALID;
} }
} }
@@ -1139,7 +1139,7 @@ CK_RV check_create_ec_key(CK_ATTRIBUTE_PTR templ, CK_ULONG n, CK_BYTE_PTR id,
break; break;
default: default:
DBG(("Invalid %lx", templ[i].type)); DBG("Invalid %lx", templ[i].type);
return CKR_ATTRIBUTE_TYPE_INVALID; return CKR_ATTRIBUTE_TYPE_INVALID;
} }
} }
@@ -1254,7 +1254,7 @@ CK_RV check_create_rsa_key(CK_ATTRIBUTE_PTR templ, CK_ULONG n, CK_BYTE_PTR id,
break; break;
default: default:
DBG(("Invalid %lx", templ[i].type)); DBG("Invalid %lx", templ[i].type);
return CKR_ATTRIBUTE_TYPE_INVALID; return CKR_ATTRIBUTE_TYPE_INVALID;
} }
} }
+2 -2
View File
@@ -468,7 +468,7 @@ CK_RV do_pkcs_1_t1(CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG_PT
unsigned char buffer[512]; unsigned char buffer[512];
key_len /= 8; key_len /= 8;
DBG(("Apply padding to %lu bytes and get %lu\n", in_len, key_len)); DBG("Apply padding to %lu bytes and get %lu\n", in_len, key_len);
// TODO: rand must be seeded first (should be automatic) // TODO: rand must be seeded first (should be automatic)
if (*out_len < key_len) if (*out_len < key_len)
@@ -508,7 +508,7 @@ CK_RV do_pkcs_pss(RSA *key, CK_BYTE_PTR in, CK_ULONG in_len, int nid,
if (*out_len < (CK_ULONG)RSA_size(key)) if (*out_len < (CK_ULONG)RSA_size(key))
return CKR_BUFFER_TOO_SMALL; return CKR_BUFFER_TOO_SMALL;
DBG(("Apply PSS padding to %lu bytes and get %d\n", in_len, RSA_size(key))); DBG("Apply PSS padding to %lu bytes and get %d\n", in_len, RSA_size(key));
if (out != in) if (out != in)
memcpy(out, in, in_len); memcpy(out, in, in_len);
+3 -3
View File
@@ -15,18 +15,18 @@ static CK_RV COMMON_token_login(ykpiv_state *state, CK_USER_TYPE user, CK_UTF8CH
if (user == CKU_USER) { if (user == CKU_USER) {
if (ykpiv_verify(state, (char *)pin, &tries) != YKPIV_OK) { if (ykpiv_verify(state, (char *)pin, &tries) != YKPIV_OK) {
DBG(("Failed to login")); DBG("Failed to login");
return CKR_PIN_INCORRECT; return CKR_PIN_INCORRECT;
} }
} }
else if (user == CKU_SO) { else if (user == CKU_SO) {
if(ykpiv_hex_decode((char *)pin, pin_len, key, &key_len) != YKPIV_OK) { if(ykpiv_hex_decode((char *)pin, pin_len, key, &key_len) != YKPIV_OK) {
DBG(("Failed decoding key")); DBG("Failed decoding key");
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
} }
if(ykpiv_authenticate(state, key) != YKPIV_OK) { if(ykpiv_authenticate(state, key) != YKPIV_OK) {
DBG(("Failed to authenticate")); DBG("Failed to authenticate");
return CKR_PIN_INCORRECT; return CKR_PIN_INCORRECT;
} }
} }
+223 -223
View File
File diff suppressed because it is too large Load Diff
+5 -5
View File
@@ -247,7 +247,7 @@ static CK_RV get_objects(ykpiv_state *state, CK_BBOOL num_only,
pvtkeys[n_cert] = PIV_PVTK_OBJ_PIV_AUTH; pvtkeys[n_cert] = PIV_PVTK_OBJ_PIV_AUTH;
pubkeys[n_cert] = PIV_PUBK_OBJ_PIV_AUTH; pubkeys[n_cert] = PIV_PUBK_OBJ_PIV_AUTH;
n_cert++; n_cert++;
DBG(("Found AUTH cert (9a)")); DBG("Found AUTH cert (9a)");
} }
buf_len = sizeof(buf); buf_len = sizeof(buf);
@@ -256,7 +256,7 @@ static CK_RV get_objects(ykpiv_state *state, CK_BBOOL num_only,
pvtkeys[n_cert] = PIV_PVTK_OBJ_CARD_AUTH; pvtkeys[n_cert] = PIV_PVTK_OBJ_CARD_AUTH;
pubkeys[n_cert] = PIV_PUBK_OBJ_CARD_AUTH; pubkeys[n_cert] = PIV_PUBK_OBJ_CARD_AUTH;
n_cert++; n_cert++;
DBG(("Found CARD AUTH cert (9e)")); DBG("Found CARD AUTH cert (9e)");
} }
buf_len = sizeof(buf); buf_len = sizeof(buf);
@@ -265,7 +265,7 @@ static CK_RV get_objects(ykpiv_state *state, CK_BBOOL num_only,
pvtkeys[n_cert] = PIV_PVTK_OBJ_DS; pvtkeys[n_cert] = PIV_PVTK_OBJ_DS;
pubkeys[n_cert] = PIV_PUBK_OBJ_DS; pubkeys[n_cert] = PIV_PUBK_OBJ_DS;
n_cert++; n_cert++;
DBG(("Found SIGNATURE cert (9c)")); DBG("Found SIGNATURE cert (9c)");
} }
buf_len = sizeof(buf); buf_len = sizeof(buf);
@@ -274,10 +274,10 @@ static CK_RV get_objects(ykpiv_state *state, CK_BBOOL num_only,
pvtkeys[n_cert] = PIV_PVTK_OBJ_KM; pvtkeys[n_cert] = PIV_PVTK_OBJ_KM;
pubkeys[n_cert] = PIV_PUBK_OBJ_KM; pubkeys[n_cert] = PIV_PUBK_OBJ_KM;
n_cert++; n_cert++;
DBG(("Found KMK cert (9d)")); DBG("Found KMK cert (9d)");
} }
DBG(("The total number of objects for this token is %lu", (n_cert * 3) + token_objects_num)); DBG("The total number of objects for this token is %lu", (n_cert * 3) + token_objects_num);
if (num_only == CK_TRUE) { if (num_only == CK_TRUE) {
// We just want the number of objects // We just want the number of objects