Moved debug capabilities to its own file.
Fixed EC point replresentation.
This commit is contained in:
@@ -34,6 +34,7 @@ AM_CPPFLAGS += -I$(top_srcdir)/lib -I$(top_builddir)/lib
|
||||
lib_LTLIBRARIES = libykcs11.la
|
||||
|
||||
libykcs11_la_SOURCES = ykcs11.c version.c ykcs11.pc.in ykcs11.map
|
||||
libykcs11_la_SOURCES += debug.h
|
||||
libykcs11_la_SOURCES += vendors.c vendor.h vendor_ids.h
|
||||
libykcs11_la_SOURCES += slot_vendors.c slot_vendor.h
|
||||
libykcs11_la_SOURCES += token_vendors.c token_vendor.h
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
#ifndef DEBUG_H
|
||||
#define DEBUG_H
|
||||
|
||||
#define D(x) do { \
|
||||
printf ("debug: %s:%d (%s): ", __FILE__, __LINE__, __FUNCTION__); \
|
||||
printf x; \
|
||||
printf ("\n"); \
|
||||
} while (0)
|
||||
|
||||
#define YKCS11_DBG 0 // General debug, must be either 1 or 0
|
||||
#define YKCS11_DINOUT 0 // Function in/out debug, must be either 1 or 0
|
||||
|
||||
#if YKCS11_DBG
|
||||
#include <stdio.h>
|
||||
#define DBG(x) D(x);
|
||||
#else
|
||||
#define DBG(x)
|
||||
#endif
|
||||
|
||||
#if YKCS11_DINOUT
|
||||
#define DIN D(("In"));
|
||||
#define DOUT D(("Out"));
|
||||
#else
|
||||
#define DIN
|
||||
#define DOUT
|
||||
#endif
|
||||
|
||||
#endif
|
||||
+2
-2
@@ -257,7 +257,7 @@ CK_RV apply_sign_mechanism_finalize(op_info_t *op_info) {
|
||||
rv = do_md_finalize(op_info->op.sign.md_ctx, op_info->buf, &op_info->buf_len, &nid);
|
||||
if (rv != CKR_OK)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
fprintf(stderr, "The hashed value is %lu long and looks like\n", op_info->buf_len);
|
||||
DBG(("The hashed value is %lu long and looks like\n", op_info->buf_len));
|
||||
dump_hex(op_info->buf, op_info->buf_len, stderr, CK_TRUE);
|
||||
|
||||
case CKM_RSA_PKCS:
|
||||
@@ -267,7 +267,7 @@ CK_RV apply_sign_mechanism_finalize(op_info_t *op_info) {
|
||||
if (rv != CKR_OK)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
fprintf(stderr, "After adding digestinfo is %lu long and looks like\n", op_info->buf_len);
|
||||
DBG(("After adding digestinfo is %lu long and looks like\n", op_info->buf_len));
|
||||
dump_hex(op_info->buf, op_info->buf_len, stderr, CK_TRUE);
|
||||
}
|
||||
|
||||
|
||||
+70
-70
@@ -4,6 +4,7 @@
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include "openssl_utils.h"
|
||||
#include "debug.h"
|
||||
|
||||
#define IS_CERT(x) (((x) >= PIV_CERT_OBJ_X509_PIV_AUTH && (x) < PIV_CERT_OBJ_LAST) ? CK_TRUE : CK_FALSE)
|
||||
|
||||
@@ -259,11 +260,11 @@ CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
CK_BYTE_PTR data;
|
||||
CK_BYTE tmp[64];
|
||||
CK_ULONG len = 0;
|
||||
fprintf(stderr, "FOR DATA OBJECT %lu, I WANT ", obj);
|
||||
DBG(("For data object %lu, get ", obj));
|
||||
|
||||
switch (template->type) {
|
||||
case CKA_CLASS:
|
||||
fprintf(stderr, "CLASS\n");
|
||||
DBG(("CLASS\n"));
|
||||
len = 1;
|
||||
tmp[0] = CKO_DATA;
|
||||
data = tmp;
|
||||
@@ -271,51 +272,51 @@ CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
|
||||
case CKA_TOKEN:
|
||||
// Technically all these objects are token objects
|
||||
fprintf(stderr, "TOKEN\n");
|
||||
DBG(("TOKEN\n"));
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].token;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_PRIVATE:
|
||||
fprintf(stderr, "PRIVATE\n");
|
||||
DBG(("PRIVATE\n"));
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].private;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_LABEL:
|
||||
fprintf(stderr, "LABEL\n");
|
||||
DBG(("LABEL\n"));
|
||||
len = strlen(piv_objects[obj].label) + 1;
|
||||
data = piv_objects[obj].label;
|
||||
break;
|
||||
|
||||
case CKA_APPLICATION:
|
||||
fprintf(stderr, "APPLICATION\n");
|
||||
DBG(("APPLICATION\n"));
|
||||
len = strlen(piv_objects[obj].label) + 1;
|
||||
data = piv_objects[obj].label;
|
||||
break;
|
||||
|
||||
case CKA_VALUE: // TODO: this can be done with -r and -d|-a
|
||||
fprintf(stderr, "VALUE TODO!!!\n");
|
||||
DBG(("VALUE TODO!!!\n"));
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_OBJECT_ID: // TODO: how about just storing the OID in DER ?
|
||||
fprintf(stderr, "OID\n");
|
||||
DBG(("OID\n"));
|
||||
strcpy((char *)tmp, data_objects[piv_objects[obj].sub_id].oid);
|
||||
asn1_encode_oid(tmp, tmp, &len);
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_MODIFIABLE:
|
||||
fprintf(stderr, "MODIFIABLE\n");
|
||||
DBG(("MODIFIABLE\n"));
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].modifiable;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
default:
|
||||
fprintf(stderr, "UNKNOWN ATTRIBUTE!!!!! %lx\n", template[0].type);
|
||||
DBG(("UNKNOWN ATTRIBUTE %lx\n", template[0].type));
|
||||
template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
|
||||
return CKR_ATTRIBUTE_TYPE_INVALID;
|
||||
}
|
||||
@@ -342,11 +343,11 @@ CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
CK_BYTE_PTR data;
|
||||
CK_BYTE tmp[64];
|
||||
CK_ULONG len = 0;
|
||||
fprintf(stderr, "FOR CERTIFICATE OBJECT %lu, I WANT ", obj);
|
||||
DBG(("For certificate object %lu, get ", obj));
|
||||
|
||||
switch (template->type) { // TODO: is this needed here? or is it enough ot have one a "level" above?
|
||||
case CKA_CLASS:
|
||||
fprintf(stderr, "CLASS\n");
|
||||
DBG(("CLASS\n"));
|
||||
len = 1;
|
||||
tmp[0] = CKO_CERTIFICATE;
|
||||
data = tmp;
|
||||
@@ -354,72 +355,72 @@ CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
|
||||
case CKA_TOKEN:
|
||||
// Technically all these objects are token objects
|
||||
fprintf(stderr, "TOKEN\n");
|
||||
DBG(("TOKEN\n"));
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].token;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_PRIVATE:
|
||||
fprintf(stderr, "PRIVATE\n");
|
||||
DBG(("PRIVATE\n"));
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].private;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_LABEL:
|
||||
fprintf(stderr, "LABEL\n");
|
||||
DBG(("LABEL\n"));
|
||||
len = strlen(piv_objects[obj].label) + 1;
|
||||
data = piv_objects[obj].label;
|
||||
break;
|
||||
|
||||
case CKA_VALUE:
|
||||
fprintf(stderr, "VALUE TODO\n");
|
||||
DBG(("VALUE TODO\n"));
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_CERTIFICATE_TYPE:
|
||||
fprintf(stderr, "CERTIFICATE TYPE\n");
|
||||
DBG(("CERTIFICATE TYPE\n"));
|
||||
len = 1;
|
||||
tmp[0] = CKC_X_509; // Support only X.509 certs
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_ISSUER:
|
||||
fprintf(stderr, "ISSUER TODO\n"); // Default empty
|
||||
DBG(("ISSUER TODO\n")); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_SERIAL_NUMBER:
|
||||
fprintf(stderr, "SERIAL NUMBER TODO\n"); // Default empty
|
||||
DBG(("SERIAL NUMBER TODO\n")); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_SUBJECT:
|
||||
fprintf(stderr, "SUBJECT TODO\n"); // Required
|
||||
DBG(("SUBJECT TODO\n")); // Required
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_ID:
|
||||
fprintf(stderr, "ID\n");
|
||||
DBG(("ID\n"));
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].sub_id;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_START_DATE:
|
||||
fprintf(stderr, "START DATE TODO\n"); // Default empty
|
||||
DBG(("START DATE TODO\n")); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_END_DATE:
|
||||
fprintf(stderr, "END DATE TODO\n"); // Default empty
|
||||
DBG(("END DATE TODO\n")); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_MODIFIABLE:
|
||||
fprintf(stderr, "MODIFIABLE\n");
|
||||
DBG(("MODIFIABLE\n"));
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].modifiable;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
default: // TODO: there are other attributes for a (x509) certificate
|
||||
fprintf(stderr, "UNKNOWN ATTRIBUTE!!!!! %lx\n", template[0].type);
|
||||
DBG(("UNKNOWN ATTRIBUTE %lx\n", template[0].type));
|
||||
template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
|
||||
return CKR_ATTRIBUTE_TYPE_INVALID;
|
||||
}
|
||||
@@ -447,11 +448,11 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
CK_BYTE b_tmp[1024];
|
||||
CK_ULONG ul_tmp; // TODO: fix elsewhere too
|
||||
CK_ULONG len = 0;
|
||||
fprintf(stderr, "FOR PRIVATE KEY OBJECT %lu, I WANT ", obj);
|
||||
DBG(("For private key object %lu, get ", obj));
|
||||
|
||||
switch (template->type) {
|
||||
case CKA_CLASS:
|
||||
fprintf(stderr, "CLASS\n");
|
||||
DBG(("CLASS\n"));
|
||||
len = sizeof(CK_ULONG);
|
||||
ul_tmp = CKO_PRIVATE_KEY;
|
||||
data = (CK_BYTE_PTR) &ul_tmp;
|
||||
@@ -459,27 +460,27 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
|
||||
case CKA_TOKEN:
|
||||
// Technically all these objects are token objects
|
||||
fprintf(stderr, "TOKEN\n");
|
||||
DBG(("TOKEN\n"));
|
||||
len = sizeof(CK_BBOOL);
|
||||
b_tmp[0] = piv_objects[obj].token;
|
||||
data = b_tmp;
|
||||
break;
|
||||
|
||||
case CKA_PRIVATE:
|
||||
fprintf(stderr, "PRIVATE\n");
|
||||
DBG(("PRIVATE\n"));
|
||||
len = sizeof(CK_BBOOL);
|
||||
b_tmp[0] = piv_objects[obj].private;
|
||||
data = b_tmp;
|
||||
break;
|
||||
|
||||
case CKA_LABEL:
|
||||
fprintf(stderr, "LABEL\n");
|
||||
DBG(("LABEL\n"));
|
||||
len = strlen(piv_objects[obj].label) + 1;
|
||||
data = piv_objects[obj].label;
|
||||
break;
|
||||
|
||||
case CKA_KEY_TYPE:
|
||||
fprintf(stderr, "KEY TYPE\n");
|
||||
DBG(("KEY TYPE\n"));
|
||||
len = sizeof(CK_ULONG);
|
||||
ul_tmp = get_key_type(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk
|
||||
if (ul_tmp == CKK_VENDOR_DEFINED)
|
||||
@@ -488,62 +489,62 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
break;
|
||||
|
||||
case CKA_SUBJECT:
|
||||
fprintf(stderr, "SUBJECT TODO\n"); // Default empty
|
||||
DBG(("SUBJECT TODO\n")); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_ID:
|
||||
fprintf(stderr, "ID\n");
|
||||
DBG(("ID\n"));
|
||||
len = sizeof(CK_BYTE);
|
||||
ul_tmp = piv_objects[obj].sub_id;
|
||||
data = (CK_BYTE_PTR) &ul_tmp;
|
||||
break;
|
||||
|
||||
case CKA_SENSITIVE:
|
||||
fprintf(stderr, "SENSITIVE TODO\n"); // Default empty
|
||||
DBG(("SENSITIVE TODO\n")); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_DECRYPT:
|
||||
fprintf(stderr, "DECRYPT\n"); // Default empty
|
||||
DBG(("DECRYPT\n")); // Default empty
|
||||
len = sizeof(CK_BBOOL);
|
||||
b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].decrypt;
|
||||
data = b_tmp;
|
||||
break;
|
||||
|
||||
case CKA_UNWRAP:
|
||||
fprintf(stderr, "UNWRAP\n"); // Default empty
|
||||
DBG(("UNWRAP\n")); // Default empty
|
||||
len = sizeof(CK_BBOOL);
|
||||
b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].unwrap;
|
||||
data = b_tmp;
|
||||
break;
|
||||
|
||||
case CKA_SIGN:
|
||||
fprintf(stderr, "SIGN\n"); // Default empty
|
||||
DBG(("SIGN\n")); // Default empty
|
||||
len = sizeof(CK_BBOOL);
|
||||
b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].sign;
|
||||
data = b_tmp;
|
||||
break;
|
||||
|
||||
case CKA_SIGN_RECOVER:
|
||||
fprintf(stderr, "SIGN RECOVER TODO\n"); // Default empty
|
||||
DBG(("SIGN RECOVER TODO\n")); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_DERIVE:
|
||||
fprintf(stderr, "DERIVE\n"); // Default false
|
||||
DBG(("DERIVE\n")); // Default false
|
||||
len = sizeof(CK_BBOOL);
|
||||
b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].derive;
|
||||
data = b_tmp;
|
||||
break;
|
||||
|
||||
case CKA_START_DATE:
|
||||
fprintf(stderr, "START DATE TODO\n"); // Default empty
|
||||
DBG(("START DATE TODO\n")); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_END_DATE:
|
||||
fprintf(stderr, "END DATE TODO\n"); // Default empty
|
||||
DBG(("END DATE TODO\n")); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_MODULUS:
|
||||
fprintf(stderr, "MODULUS\n");
|
||||
DBG(("MODULUS\n"));
|
||||
len = sizeof(b_tmp);
|
||||
if (get_public_key(pubkey_objects[piv_objects[obj].sub_id].data, b_tmp, &len) != CKR_OK)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
@@ -553,7 +554,7 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
case CKA_EC_POINT:
|
||||
// We're trying to get the key length, get the ec point of the PUBLIC key
|
||||
// TODO: or just give an error and explicitly fetch the pubk len when needed
|
||||
fprintf(stderr, "EC_POINT\n");
|
||||
DBG(("EC_POINT\n"));
|
||||
len = sizeof(b_tmp);
|
||||
if (get_public_key(pubkey_objects[piv_objects[obj].sub_id].data, b_tmp, &len) != CKR_OK)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
@@ -561,7 +562,7 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
break;
|
||||
|
||||
case CKA_MODULUS_BITS:
|
||||
fprintf(stderr, "MODULUS BITS\n");
|
||||
DBG(("MODULUS BITS\n"));
|
||||
len = sizeof(CK_ULONG);
|
||||
ul_tmp = get_modulus_bits(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk
|
||||
if (ul_tmp == 0)
|
||||
@@ -583,21 +584,21 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
/* case CKA_VALUE_LEN: */
|
||||
/* case CKA_EXTRACTABLE: */
|
||||
case CKA_LOCAL:
|
||||
fprintf(stderr, "LOCAL TODO\n"); // Required
|
||||
DBG(("LOCAL TODO\n")); // Required
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
/* case CKA_NEVER_EXTRACTABLE: */
|
||||
/*case CKA_ALWAYS_SENSITIVE:*/
|
||||
|
||||
case CKA_ALWAYS_AUTHENTICATE:
|
||||
fprintf(stderr, "ALWAYS AUTHENTICATE\n");
|
||||
DBG(("ALWAYS AUTHENTICATE\n"));
|
||||
len = sizeof(CK_BBOOL);
|
||||
b_tmp[0] = pvtkey_objects[piv_objects[obj].sub_id].always_auth;
|
||||
data = b_tmp;
|
||||
break;
|
||||
|
||||
case CKA_MODIFIABLE:
|
||||
fprintf(stderr, "MODIFIABLE\n");
|
||||
DBG(("MODIFIABLE\n"));
|
||||
len = sizeof(CK_BBOOL);
|
||||
b_tmp[0] = piv_objects[obj].modifiable;
|
||||
data = b_tmp;
|
||||
@@ -605,7 +606,7 @@ CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
|
||||
/*case CKA_VENDOR_DEFINED:*/
|
||||
default:
|
||||
fprintf(stderr, "UNKNOWN ATTRIBUTE!!!!! %lx\n", template[0].type); // TODO: there are other parameters for public keys, plus there is more if the key is RSA
|
||||
DBG(("UNKNOWN ATTRIBUTE %lx\n", template[0].type)); // TODO: there are other parameters for public keys, plus there is more if the key is RSA
|
||||
template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
|
||||
return CKR_ATTRIBUTE_TYPE_INVALID;
|
||||
}
|
||||
@@ -633,11 +634,11 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
CK_BYTE b_tmp[1024];
|
||||
CK_ULONG ul_tmp; // TODO: fix elsewhere too
|
||||
CK_ULONG len = 0;
|
||||
fprintf(stderr, "FOR PUBLIC KEY OBJECT %lu, I WANT ", obj);
|
||||
DBG(("For public key object %lu, get ", obj));
|
||||
|
||||
switch (template->type) {
|
||||
case CKA_CLASS:
|
||||
fprintf(stderr, "CLASS\n");
|
||||
DBG(("CLASS\n"));
|
||||
len = sizeof(CK_ULONG);
|
||||
ul_tmp = CKO_PUBLIC_KEY;
|
||||
data = (CK_BYTE_PTR) &ul_tmp;
|
||||
@@ -645,21 +646,21 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
|
||||
case CKA_TOKEN:
|
||||
// Technically all these objects are token objects
|
||||
fprintf(stderr, "TOKEN\n");
|
||||
DBG(("TOKEN\n"));
|
||||
len = sizeof(CK_BBOOL);
|
||||
b_tmp[0] = piv_objects[obj].token;
|
||||
data = b_tmp;
|
||||
break;
|
||||
|
||||
case CKA_PRIVATE:
|
||||
fprintf(stderr, "PRIVATE\n");
|
||||
DBG(("PRIVATE\n"));
|
||||
len = sizeof(CK_BBOOL);
|
||||
b_tmp[0] = piv_objects[obj].private;
|
||||
data = b_tmp;
|
||||
break;
|
||||
|
||||
case CKA_LABEL:
|
||||
fprintf(stderr, "LABEL\n");
|
||||
DBG(("LABEL\n"));
|
||||
len = strlen(piv_objects[obj].label) + 1;
|
||||
data = piv_objects[obj].label;
|
||||
break;
|
||||
@@ -667,7 +668,7 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
// case CKA_VALUE: // TODO: this can be done with -r and -d|-a
|
||||
|
||||
case CKA_KEY_TYPE:
|
||||
fprintf(stderr, "KEY TYPE\n");
|
||||
DBG(("KEY TYPE\n"));
|
||||
len = sizeof(CK_ULONG);
|
||||
ul_tmp = get_key_type(pubkey_objects[piv_objects[obj].sub_id].data);
|
||||
if (ul_tmp == CKK_VENDOR_DEFINED) // This value is used as an error here
|
||||
@@ -676,55 +677,55 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
break;
|
||||
|
||||
case CKA_SUBJECT:
|
||||
fprintf(stderr, "SUBJECT TODO\n"); // Default empty
|
||||
DBG(("SUBJECT TODO\n")); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_ID:
|
||||
fprintf(stderr, "ID\n");
|
||||
DBG(("ID\n"));
|
||||
len = sizeof(CK_BYTE);
|
||||
b_tmp[0] = piv_objects[obj].sub_id;
|
||||
data = b_tmp;
|
||||
break;
|
||||
|
||||
case CKA_ENCRYPT:
|
||||
fprintf(stderr, "ENCRYPT\n");
|
||||
DBG(("ENCRYPT\n"));
|
||||
len = sizeof(CK_BBOOL);
|
||||
b_tmp[0] = pubkey_objects[piv_objects[obj].sub_id].encrypt;
|
||||
data = b_tmp;
|
||||
break;
|
||||
|
||||
case CKA_VERIFY: // TODO: what about verify recover ?
|
||||
fprintf(stderr, "VERIFY\n");
|
||||
DBG(("VERIFY\n"));
|
||||
len = sizeof(CK_BBOOL);
|
||||
b_tmp[0] = pubkey_objects[piv_objects[obj].sub_id].verify;
|
||||
data = b_tmp;
|
||||
break;
|
||||
|
||||
case CKA_WRAP:
|
||||
fprintf(stderr, "WRAP\n");
|
||||
DBG(("WRAP\n"));
|
||||
len = sizeof(CK_BBOOL);
|
||||
b_tmp[0] = pubkey_objects[piv_objects[obj].sub_id].wrap;
|
||||
data = b_tmp;
|
||||
break;
|
||||
|
||||
case CKA_DERIVE:
|
||||
fprintf(stderr, "DERIVE\n");
|
||||
DBG(("DERIVE\n"));
|
||||
len = sizeof(CK_BBOOL);
|
||||
b_tmp[0] = pubkey_objects[piv_objects[obj].sub_id].derive;
|
||||
data = b_tmp;
|
||||
break;
|
||||
|
||||
case CKA_START_DATE:
|
||||
fprintf(stderr, "START DATE TODO\n"); // Default empty
|
||||
DBG(("START DATE TODO\n")); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_END_DATE:
|
||||
fprintf(stderr, "END DATE TODO\n"); // Default empty
|
||||
DBG(("END DATE TODO\n")); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_EC_POINT:
|
||||
// We're trying to get the key length, get the ec point of the PUBLIC key
|
||||
fprintf(stderr, "EC_POINT\n");
|
||||
DBG(("EC_POINT\n"));
|
||||
len = sizeof(b_tmp);
|
||||
if (get_public_key(pubkey_objects[piv_objects[obj].sub_id].data, b_tmp, &len) != CKR_OK)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
@@ -733,7 +734,7 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
|
||||
case CKA_EC_PARAMS:
|
||||
// Here we want the curve parameters (DER encoded OID)
|
||||
fprintf(stderr, "EC_PARAMS\n");
|
||||
DBG(("EC_PARAMS\n"));
|
||||
len = sizeof(b_tmp);
|
||||
if (get_curve_parameters(pubkey_objects[piv_objects[obj].sub_id].data, b_tmp, &len) != CKR_OK)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
@@ -741,7 +742,7 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
break;
|
||||
|
||||
case CKA_MODULUS_BITS:
|
||||
fprintf(stderr, "MODULUS BITS\n");
|
||||
DBG(("MODULUS BITS\n"));
|
||||
len = sizeof(CK_ULONG);
|
||||
ul_tmp = get_modulus_bits(pubkey_objects[piv_objects[obj].sub_id].data); // Getting the info from the pubk
|
||||
if (ul_tmp == 0)
|
||||
@@ -750,18 +751,18 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
break;
|
||||
|
||||
case CKA_LOCAL:
|
||||
fprintf(stderr, "LOCAL TODO\n"); // Required
|
||||
DBG(("LOCAL TODO\n")); // Required
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_MODIFIABLE:
|
||||
fprintf(stderr, "MODIFIABLE\n");
|
||||
DBG(("MODIFIABLE\n"));
|
||||
len = sizeof(CK_BBOOL);
|
||||
b_tmp[0] = piv_objects[obj].modifiable;
|
||||
data = b_tmp;
|
||||
break;
|
||||
|
||||
default:
|
||||
fprintf(stderr, "UNKNOWN ATTRIBUTE!!!!! 0x%lx\n", template[0].type); // TODO: there are other parameters for public keys
|
||||
DBG(("UNKNOWN ATTRIBUTE %lx\n", template[0].type)); // TODO: there are other parameters for public keys
|
||||
template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
|
||||
return CKR_ATTRIBUTE_TYPE_INVALID;
|
||||
}
|
||||
@@ -891,7 +892,7 @@ CK_RV get_available_certificate_ids(ykcs11_session_t *s, piv_obj_id_t *cert_ids,
|
||||
if (IS_CERT(s->slot->token->objects[i]) == CK_TRUE)
|
||||
cert_ids[j++] = s->slot->token->objects[i];
|
||||
|
||||
fprintf(stderr, "Just to check: %lu %lu\n", j, n_certs);
|
||||
DBG(("Just to check: %lu %lu\n", j, n_certs));
|
||||
|
||||
return CKR_OK;
|
||||
}
|
||||
@@ -910,4 +911,3 @@ CK_RV store_cert(piv_obj_id_t cert_id, CK_BYTE_PTR data, CK_ULONG len) {
|
||||
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
|
||||
@@ -3,8 +3,6 @@
|
||||
|
||||
#include "ykcs11.h"
|
||||
|
||||
#include <stdio.h> // TODO: delete
|
||||
|
||||
CK_ULONG piv_2_ykpiv(piv_obj_id_t id);
|
||||
|
||||
CK_RV get_attribute(ykcs11_session_t *s, CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template);
|
||||
|
||||
+14
-6
@@ -115,8 +115,8 @@ CK_RV do_get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) {
|
||||
/*BN_bn2bin(rsa->n, data);
|
||||
*len = 256;*/
|
||||
|
||||
fprintf(stderr, "Public key is: \n");
|
||||
dump_hex(data, *len, stderr, CK_TRUE);
|
||||
/* fprintf(stderr, "Public key is: \n"); */
|
||||
/* dump_hex(data, *len, stderr, CK_TRUE); */
|
||||
|
||||
break;
|
||||
|
||||
@@ -125,8 +125,16 @@ CK_RV do_get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) {
|
||||
ecg = EC_KEY_get0_group(eck);
|
||||
ecp = EC_KEY_get0_public_key(eck);
|
||||
|
||||
if ((*len = EC_POINT_point2oct(ecg, ecp, pcf, data, *len, NULL)) == 0)
|
||||
// Adde the DER structure with length after extracting the point
|
||||
data[0] = 0x04;
|
||||
|
||||
if ((*len = EC_POINT_point2oct(ecg, ecp, pcf, data + 2, *len - 2, NULL)) == 0)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
data[1] = *len;
|
||||
|
||||
*len += 2;
|
||||
|
||||
break;
|
||||
|
||||
default:
|
||||
@@ -178,7 +186,7 @@ CK_RV free_key(EVP_PKEY *key) {
|
||||
|
||||
CK_RV do_pkcs_1_t1(CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG_PTR out_len, CK_ULONG key_len) {
|
||||
key_len /= 8;
|
||||
fprintf(stderr, "Apply padding to %lu bytes and get %lu\n", in_len, key_len);
|
||||
DBG(("Apply padding to %lu bytes and get %lu\n", in_len, key_len));
|
||||
|
||||
// TODO: rand must be seeded first (should be automatic)
|
||||
if (*out_len < key_len)
|
||||
@@ -215,13 +223,13 @@ CK_RV do_pkcs_pss(RSA *key, CK_BYTE_PTR in, CK_ULONG in_len, int nid,
|
||||
if (*out_len < RSA_size(key))
|
||||
CKR_BUFFER_TOO_SMALL;
|
||||
|
||||
fprintf(stderr, "Apply PSS padding to %lu bytes and get %d\n", in_len, RSA_size(key));
|
||||
DBG(("Apply PSS padding to %lu bytes and get %d\n", in_len, RSA_size(key)));
|
||||
|
||||
if (RSA_padding_add_PKCS1_PSS(key, em, in, EVP_get_digestbynid(nid), -2) == 0)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
*out_len = RSA_size(key);
|
||||
printf("hello!!!!!!!\n");
|
||||
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
|
||||
+1
-2
@@ -90,12 +90,11 @@ failure:
|
||||
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
#include <stdio.h> // TODO: Delete
|
||||
|
||||
CK_RV create_token(CK_BYTE_PTR p, ykcs11_slot_t *slot) {
|
||||
|
||||
token_vendor_t token;
|
||||
CK_TOKEN_INFO_PTR t_info;
|
||||
fprintf(stderr, "Now trying to get token info from %s\n", p); // TODO: is p needed?
|
||||
|
||||
slot->token = malloc(sizeof(ykcs11_token_t)); // TODO: free
|
||||
if (slot->token == NULL)
|
||||
|
||||
+3
-27
@@ -1,6 +1,5 @@
|
||||
#include "ykcs11.h"
|
||||
//#include "pkcs11.h"
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <ykpiv.h>
|
||||
#include <string.h>
|
||||
@@ -8,15 +7,7 @@
|
||||
#include "utils.h"
|
||||
#include "mechanisms.h"
|
||||
#include "openssl_types.h"
|
||||
|
||||
#define D(x) do { \
|
||||
printf ("debug: %s:%d (%s): ", __FILE__, __LINE__, __FUNCTION__); \
|
||||
printf x; \
|
||||
printf ("\n"); \
|
||||
} while (0)
|
||||
|
||||
#define YKCS11_DBG 0 // General debug, must be either 1 or 0
|
||||
#define YKCS11_DINOUT 0 // Function in/out debug, must be either 1 or 0
|
||||
#include "debug.h"
|
||||
|
||||
#define YKCS11_MANUFACTURER "Yubico (www.yubico.com)"
|
||||
#define YKCS11_LIBDESC "PKCS#11 PIV Library (SP-800-73)"
|
||||
@@ -29,21 +20,6 @@
|
||||
|
||||
#define YKCS11_SESSION_ID 5355104
|
||||
|
||||
|
||||
#if YKCS11_DBG
|
||||
#define DBG(x) D(x);
|
||||
#else
|
||||
#define DBG(x)
|
||||
#endif
|
||||
|
||||
#if YKCS11_DINOUT
|
||||
#define DIN D(("In"));
|
||||
#define DOUT D(("Out"));
|
||||
#else
|
||||
#define DIN
|
||||
#define DOUT
|
||||
#endif
|
||||
|
||||
static ykpiv_state *piv_state = NULL;
|
||||
|
||||
static ykcs11_slot_t slots[YKCS11_MAX_SLOTS]; // TODO: build at runtime?
|
||||
@@ -1292,8 +1268,8 @@ CK_DEFINE_FUNCTION(CK_RV, C_SignInit)(
|
||||
return CKR_KEY_HANDLE_INVALID;
|
||||
}
|
||||
|
||||
// The buffer contains an uncompressed point of the form 04, x, y
|
||||
// TODO: is this a fine representation for an EC public key?
|
||||
// The buffer contains an uncompressed point of the form 04, len, 04, x, y
|
||||
|
||||
op_info.op.sign.key_len = ((template[3].ulValueLen - 1) / 2) * 8;
|
||||
|
||||
if (op_info.op.sign.key_len == 256)
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
#include "yubico_token.h"
|
||||
#include "pkcs11.h"
|
||||
#include <string.h>
|
||||
#include "debug.h"
|
||||
|
||||
#define YUBICO_MECHANISMS_NUM 5
|
||||
|
||||
@@ -209,7 +210,7 @@ CK_RV YUBICO_get_token_mechanism_info(CK_MECHANISM_TYPE mec, CK_MECHANISM_INFO_P
|
||||
return CKR_MECHANISM_INVALID;
|
||||
|
||||
}
|
||||
#include <stdio.h> // TODO: delete
|
||||
|
||||
static CK_RV get_objects(ykpiv_state *state, CK_BBOOL num_only,
|
||||
piv_obj_id_t *obj, CK_ULONG_PTR len, CK_ULONG_PTR num_certs) {
|
||||
CK_BYTE buf[2048];
|
||||
@@ -232,7 +233,7 @@ static CK_RV get_objects(ykpiv_state *state, CK_BBOOL num_only,
|
||||
pvtkeys[n_cert] = PIV_PVTK_OBJ_PIV_AUTH;
|
||||
pubkeys[n_cert] = PIV_PUBK_OBJ_PIV_AUTH;
|
||||
n_cert++;
|
||||
fprintf(stderr, "Found AUTH cert (9a)\n");
|
||||
DBG(("Found AUTH cert (9a)\n"));
|
||||
}
|
||||
|
||||
buf_len = sizeof(buf);
|
||||
@@ -241,7 +242,7 @@ static CK_RV get_objects(ykpiv_state *state, CK_BBOOL num_only,
|
||||
pvtkeys[n_cert] = PIV_PVTK_OBJ_CARD_AUTH;
|
||||
pubkeys[n_cert] = PIV_PUBK_OBJ_CARD_AUTH;
|
||||
n_cert++;
|
||||
fprintf(stderr, "Found CARD AUTH cert (9e)\n");
|
||||
DBG(("Found CARD AUTH cert (9e)\n"));
|
||||
}
|
||||
|
||||
buf_len = sizeof(buf);
|
||||
@@ -250,7 +251,7 @@ static CK_RV get_objects(ykpiv_state *state, CK_BBOOL num_only,
|
||||
pvtkeys[n_cert] = PIV_PVTK_OBJ_DS;
|
||||
pubkeys[n_cert] = PIV_PUBK_OBJ_DS;
|
||||
n_cert++;
|
||||
fprintf(stderr, "Found SIGNATURE cert (9c)\n");
|
||||
DBG(("Found SIGNATURE cert (9c)\n"));
|
||||
}
|
||||
|
||||
buf_len = sizeof(buf);
|
||||
@@ -259,10 +260,10 @@ static CK_RV get_objects(ykpiv_state *state, CK_BBOOL num_only,
|
||||
pvtkeys[n_cert] = PIV_PVTK_OBJ_KM;
|
||||
pubkeys[n_cert] = PIV_PUBK_OBJ_KM;
|
||||
n_cert++;
|
||||
fprintf(stderr, "Found KMK cert (9d)\n");
|
||||
DBG(("Found KMK cert (9d)\n"));
|
||||
}
|
||||
|
||||
fprintf(stderr, "The total number of objects for this token is %lu\n", (n_cert * 3) + token_objects_num);
|
||||
DBG(("The total number of objects for this token is %lu\n", (n_cert * 3) + token_objects_num));
|
||||
|
||||
if (num_only == CK_TRUE) {
|
||||
// We just want the number of objects
|
||||
|
||||
Reference in New Issue
Block a user