Implemented C_SetPIN

This commit is contained in:
Mikhail Denisenko
2015-12-10 17:31:22 -05:00
parent fb28d56a07
commit 6042a2140e
9 changed files with 159 additions and 28 deletions
+1
View File
@@ -290,6 +290,7 @@ token_vendor_t get_token_vendor(vendor_id_t vid) {
v.token_import_cert = COMMON_token_import_cert;
v.token_import_private_key = COMMON_token_import_private_key;
v.token_delete_cert = COMMON_token_delete_cert;
v.token_change_pin = YUBICO_token_change_pin;
break;
case UNKNOWN:
+2
View File
@@ -18,6 +18,7 @@ typedef CK_RV (*get_t_mechanism_info_f)(CK_MECHANISM_TYPE, CK_MECHANISM_INFO_PTR
typedef CK_RV (*get_t_objects_num_f)(ykpiv_state *, CK_ULONG_PTR, CK_ULONG_PTR);
typedef CK_RV (*get_t_object_list_f)(ykpiv_state *, piv_obj_id_t *, CK_ULONG);
typedef CK_RV (*get_t_raw_certificate_f)(ykpiv_state *, piv_obj_id_t, CK_BYTE_PTR, CK_ULONG_PTR);
typedef CK_RV (*t_change_pin_f)(ykpiv_state *, CK_USER_TYPE, CK_UTF8CHAR_PTR, CK_ULONG, CK_UTF8CHAR_PTR, CK_ULONG);
// Common token functions below
typedef CK_RV (*t_login_f)(ykpiv_state *, CK_USER_TYPE, CK_UTF8CHAR_PTR, CK_ULONG);
@@ -53,6 +54,7 @@ typedef struct {
t_import_cert_f token_import_cert;
t_import_private_key_f token_import_private_key;
t_delete_cert_f token_delete_cert;
t_change_pin_f token_change_pin;
} token_vendor_t;
token_vendor_t get_token_vendor(vendor_id_t vid);
+31 -1
View File
@@ -421,7 +421,36 @@ CK_DEFINE_FUNCTION(CK_RV, C_SetPIN)(
)
{
DIN;
DBG("TODO!!!");
CK_RV rv;
token_vendor_t token;
if (piv_state == NULL) {
DBG("libykpiv is not initialized or already finalized");
return CKR_CRYPTOKI_NOT_INITIALIZED;
}
if (session.handle == CK_INVALID_HANDLE) {
DBG("User called SetPIN on closed session");
return CKR_SESSION_CLOSED;
}
if (hSession != YKCS11_SESSION_ID) {
DBG("Unknown session %lu", hSession);
return CKR_SESSION_HANDLE_INVALID;
}
CK_USER_TYPE user_type = CKU_USER;
if (session.info.state == CKS_RW_SO_FUNCTIONS) {
user_type = CKU_SO;
}
token = get_token_vendor(session.slot->token->vid);
rv = token.token_change_pin(piv_state, user_type, pOldPin, ulOldLen, pNewPin, ulNewLen);
if (rv != CKR_OK) {
DBG("Pin change failed %lx", rv);
return rv;
}
DOUT;
return CKR_OK;
}
@@ -979,6 +1008,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_CreateObject)(
DBG("Unable to store certificate data");
return CKR_FUNCTION_FAILED;
}
*phObject = cert_id;
break;
+22
View File
@@ -334,3 +334,25 @@ CK_RV YUBICO_get_token_raw_certificate(ykpiv_state *state, piv_obj_id_t obj, CK_
return CKR_OK;
}
CK_RV YUBICO_token_change_pin(ykpiv_state *state, CK_USER_TYPE user_type, CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewLen) {
int tries;
ykpiv_rc res;
if (user_type != CKU_USER) {
DBG("TODO implement other users pin change");
return CKR_FUNCTION_FAILED;
}
res = ykpiv_change_pin(state, pOldPin, ulOldLen, pNewPin, ulNewLen, &tries);
switch (res) {
case YKPIV_OK:
return CKR_OK;
case YKPIV_SIZE_ERROR:
return CKR_PIN_LEN_RANGE;
case YKPIV_WRONG_PIN:
return CKR_PIN_INCORRECT;
case YKPIV_PIN_LOCKED:
return CKR_PIN_LOCKED;
default:
return CKR_FUNCTION_FAILED;
}
}
+2
View File
@@ -17,5 +17,7 @@ CK_RV YUBICO_get_token_mechanism_info(CK_MECHANISM_TYPE mec, CK_MECHANISM_INFO_P
CK_RV YUBICO_get_token_objects_num(ykpiv_state *state, CK_ULONG_PTR num, CK_ULONG_PTR num_certs);
CK_RV YUBICO_get_token_object_list(ykpiv_state *state, piv_obj_id_t *obj, CK_ULONG num);
CK_RV YUBICO_get_token_raw_certificate(ykpiv_state *state, piv_obj_id_t obj, CK_BYTE_PTR data, CK_ULONG_PTR len);
CK_RV YUBICO_token_change_pin(ykpiv_state *state, CK_USER_TYPE user_type, CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldLen,
CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewLen);
#endif