More object handling.
This commit is contained in:
+7
-7
@@ -76,13 +76,13 @@ typedef enum {
|
|||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
//const CK_OBJECT_CLASS class;
|
//const CK_OBJECT_CLASS class;
|
||||||
piv_obj_id_t type;
|
piv_obj_id_t type;
|
||||||
const CK_CHAR_PTR name; // TODO: or utf8
|
const char *name; // TODO: or utf8
|
||||||
const CK_CHAR_PTR oid;
|
const char *oid;
|
||||||
CK_BYTE tag_len; // TODO: or ulong?
|
CK_BYTE tag_len; // TODO: or ulong?
|
||||||
CK_BYTE tag_value[3];
|
CK_BYTE tag_value[3];
|
||||||
CK_BYTE containerid[2]; /* will use as relative paths for simulation */ // TODO: needed?
|
CK_BYTE containerid[2]; /* will use as relative paths for simulation */ // TODO: needed?
|
||||||
CK_ULONG flags; /* object has some internal object like a cert */
|
CK_ULONG flags; /* object has some internal object like a cert */
|
||||||
} piv_obj_t;
|
} piv_obj_t;
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
+307
-208
@@ -1,277 +1,376 @@
|
|||||||
#include "objects.h"
|
#include "objects.h"
|
||||||
#include <ykpiv.h>
|
#include <ykpiv.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
|
||||||
//TODO: this is mostly a snippet from OpenSC how to give credit?
|
//TODO: this is mostly a snippet from OpenSC how to give credit?
|
||||||
/* Must be in order, and one per enumerated PIV_OBJ */
|
/* Must be in order, and one per enumerated PIV_OBJ */
|
||||||
static const piv_obj_t objects[] = {
|
static piv_obj_t objects[] = {
|
||||||
{ PIV_OBJ_CCC, "Card Capability Container",
|
{PIV_OBJ_CCC, "Card Capability Container",
|
||||||
"2.16.840.1.101.3.7.1.219.0", 3, "\x5F\xC1\x07", "\xDB\x00", 0},
|
"2.16.840.1.101.3.7.1.219.0", 3, "\x5F\xC1\x07", "\xDB\x00", 0},
|
||||||
{ PIV_OBJ_CHUI, "Card Holder Unique Identifier",
|
{PIV_OBJ_CHUI, "Card Holder Unique Identifier",
|
||||||
"2.16.840.1.101.3.7.2.48.0", 3, "\x5F\xC1\x02", "\x30\x00", 0},
|
"2.16.840.1.101.3.7.2.48.0", 3, "\x5F\xC1\x02", "\x30\x00", 0},
|
||||||
{ PIV_OBJ_X509_PIV_AUTH, "X.509 Certificate for PIV Authentication",
|
{PIV_OBJ_X509_PIV_AUTH, "X.509 Certificate for PIV Authentication",
|
||||||
"2.16.840.1.101.3.7.2.1.1", 3, "\x5F\xC1\x05", "\x01\x01", PIV_OBJECT_TYPE_CERT},
|
"2.16.840.1.101.3.7.2.1.1", 3, "\x5F\xC1\x05", "\x01\x01", PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_CHF, "Card Holder Fingerprints",
|
{PIV_OBJ_CHF, "Card Holder Fingerprints",
|
||||||
"2.16.840.1.101.3.7.2.96.16", 3, "\x5F\xC1\x03", "\x60\x10", 0},
|
"2.16.840.1.101.3.7.2.96.16", 3, "\x5F\xC1\x03", "\x60\x10", 0},
|
||||||
{ PIV_OBJ_SEC_OBJ, "Security Object",
|
{PIV_OBJ_SEC_OBJ, "Security Object",
|
||||||
"2.16.840.1.101.3.7.2.144.0", 3, "\x5F\xC1\x06", "\x90\x00", 0},
|
"2.16.840.1.101.3.7.2.144.0", 3, "\x5F\xC1\x06", "\x90\x00", 0},
|
||||||
{ PIV_OBJ_CHFI, "Cardholder Facial Images",
|
{PIV_OBJ_CHFI, "Cardholder Facial Images",
|
||||||
"2.16.840.1.101.3.7.2.96.48", 3, "\x5F\xC1\x08", "\x60\x30", 0},
|
"2.16.840.1.101.3.7.2.96.48", 3, "\x5F\xC1\x08", "\x60\x30", 0},
|
||||||
{ PIV_OBJ_X509_CARD_AUTH, "X.509 Certificate for Card Authentication",
|
{PIV_OBJ_X509_CARD_AUTH, "X.509 Certificate for Card Authentication",
|
||||||
"2.16.840.1.101.3.7.2.5.0", 3, "\x5F\xC1\x01", "\x05\x00", PIV_OBJECT_TYPE_CERT},
|
"2.16.840.1.101.3.7.2.5.0", 3, "\x5F\xC1\x01", "\x05\x00", PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_X509_DS, "X.509 Certificate for Digital Signature",
|
{PIV_OBJ_X509_DS, "X.509 Certificate for Digital Signature",
|
||||||
"2.16.840.1.101.3.7.2.1.0", 3, "\x5F\xC1\x0A", "\x01\x00", PIV_OBJECT_TYPE_CERT},
|
"2.16.840.1.101.3.7.2.1.0", 3, "\x5F\xC1\x0A", "\x01\x00", PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_X509_KM, "X.509 Certificate for Key Management",
|
{PIV_OBJ_X509_KM, "X.509 Certificate for Key Management",
|
||||||
"2.16.840.1.101.3.7.2.1.2", 3, "\x5F\xC1\x0B", "\x01\x02", PIV_OBJECT_TYPE_CERT},
|
"2.16.840.1.101.3.7.2.1.2", 3, "\x5F\xC1\x0B", "\x01\x02", PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_PI, "Printed Information",
|
{PIV_OBJ_PI, "Printed Information",
|
||||||
"2.16.840.1.101.3.7.2.48.1", 3, "\x5F\xC1\x09", "\x30\x01", 0},
|
"2.16.840.1.101.3.7.2.48.1", 3, "\x5F\xC1\x09", "\x30\x01", 0},
|
||||||
{ PIV_OBJ_DISCOVERY, "Discovery Object",
|
{PIV_OBJ_DISCOVERY, "Discovery Object",
|
||||||
"2.16.840.1.101.3.7.2.96.80", 1, "\x7E", "\x60\x50", 0},
|
"2.16.840.1.101.3.7.2.96.80", 1, "\x7E", "\x60\x50", 0},
|
||||||
{ PIV_OBJ_HISTORY, "Key History Object",
|
{PIV_OBJ_HISTORY, "Key History Object",
|
||||||
"2.16.840.1.101.3.7.2.96.96", 3, "\x5F\xC1\x0C", "\x60\x60", 0},
|
"2.16.840.1.101.3.7.2.96.96", 3, "\x5F\xC1\x0C", "\x60\x60", 0},
|
||||||
|
|
||||||
/* 800-73-3, 21 new objects, 20 history certificates */
|
/* 800-73-3, 21 new objects, 20 history certificates */
|
||||||
{ PIV_OBJ_RETIRED_X509_1, "Retired X.509 Certificate for Key Management 1",
|
{PIV_OBJ_RETIRED_X509_1, "Retired X.509 Certificate for Key Management 1",
|
||||||
"2.16.840.1.101.3.7.2.16.1", 3, "\x5F\xC1\x0D", "\x10\x01",
|
"2.16.840.1.101.3.7.2.16.1", 3, "\x5F\xC1\x0D", "\x10\x01",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_2, "Retired X.509 Certificate for Key Management 2",
|
{PIV_OBJ_RETIRED_X509_2, "Retired X.509 Certificate for Key Management 2",
|
||||||
"2.16.840.1.101.3.7.2.16.2", 3, "\x5F\xC1\x0E", "\x10\x02",
|
"2.16.840.1.101.3.7.2.16.2", 3, "\x5F\xC1\x0E", "\x10\x02",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_3, "Retired X.509 Certificate for Key Management 3",
|
{PIV_OBJ_RETIRED_X509_3, "Retired X.509 Certificate for Key Management 3",
|
||||||
"2.16.840.1.101.3.7.2.16.3", 3, "\x5F\xC1\x0F", "\x10\x03",
|
"2.16.840.1.101.3.7.2.16.3", 3, "\x5F\xC1\x0F", "\x10\x03",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_4, "Retired X.509 Certificate for Key Management 4",
|
{PIV_OBJ_RETIRED_X509_4, "Retired X.509 Certificate for Key Management 4",
|
||||||
"2.16.840.1.101.3.7.2.16.4", 3, "\x5F\xC1\x10", "\x10\x04",
|
"2.16.840.1.101.3.7.2.16.4", 3, "\x5F\xC1\x10", "\x10\x04",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_5, "Retired X.509 Certificate for Key Management 5",
|
{PIV_OBJ_RETIRED_X509_5, "Retired X.509 Certificate for Key Management 5",
|
||||||
"2.16.840.1.101.3.7.2.16.5", 3, "\x5F\xC1\x11", "\x10\x05",
|
"2.16.840.1.101.3.7.2.16.5", 3, "\x5F\xC1\x11", "\x10\x05",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_6, "Retired X.509 Certificate for Key Management 6",
|
{PIV_OBJ_RETIRED_X509_6, "Retired X.509 Certificate for Key Management 6",
|
||||||
"2.16.840.1.101.3.7.2.16.6", 3, "\x5F\xC1\x12", "\x10\x06",
|
"2.16.840.1.101.3.7.2.16.6", 3, "\x5F\xC1\x12", "\x10\x06",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_7, "Retired X.509 Certificate for Key Management 7",
|
{PIV_OBJ_RETIRED_X509_7, "Retired X.509 Certificate for Key Management 7",
|
||||||
"2.16.840.1.101.3.7.2.16.7", 3, "\x5F\xC1\x13", "\x10\x07",
|
"2.16.840.1.101.3.7.2.16.7", 3, "\x5F\xC1\x13", "\x10\x07",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_8, "Retired X.509 Certificate for Key Management 8",
|
{PIV_OBJ_RETIRED_X509_8, "Retired X.509 Certificate for Key Management 8",
|
||||||
"2.16.840.1.101.3.7.2.16.8", 3, "\x5F\xC1\x14", "\x10\x08",
|
"2.16.840.1.101.3.7.2.16.8", 3, "\x5F\xC1\x14", "\x10\x08",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_9, "Retired X.509 Certificate for Key Management 9",
|
{PIV_OBJ_RETIRED_X509_9, "Retired X.509 Certificate for Key Management 9",
|
||||||
"2.16.840.1.101.3.7.2.16.9", 3, "\x5F\xC1\x15", "\x10\x09",
|
"2.16.840.1.101.3.7.2.16.9", 3, "\x5F\xC1\x15", "\x10\x09",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_10, "Retired X.509 Certificate for Key Management 10",
|
{PIV_OBJ_RETIRED_X509_10, "Retired X.509 Certificate for Key Management 10",
|
||||||
"2.16.840.1.101.3.7.2.16.10", 3, "\x5F\xC1\x16", "\x10\x0A",
|
"2.16.840.1.101.3.7.2.16.10", 3, "\x5F\xC1\x16", "\x10\x0A",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_11, "Retired X.509 Certificate for Key Management 11",
|
{PIV_OBJ_RETIRED_X509_11, "Retired X.509 Certificate for Key Management 11",
|
||||||
"2.16.840.1.101.3.7.2.16.11", 3, "\x5F\xC1\x17", "\x10\x0B",
|
"2.16.840.1.101.3.7.2.16.11", 3, "\x5F\xC1\x17", "\x10\x0B",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_12, "Retired X.509 Certificate for Key Management 12",
|
{PIV_OBJ_RETIRED_X509_12, "Retired X.509 Certificate for Key Management 12",
|
||||||
"2.16.840.1.101.3.7.2.16.12", 3, "\x5F\xC1\x18", "\x10\x0C",
|
"2.16.840.1.101.3.7.2.16.12", 3, "\x5F\xC1\x18", "\x10\x0C",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_13, "Retired X.509 Certificate for Key Management 13",
|
{PIV_OBJ_RETIRED_X509_13, "Retired X.509 Certificate for Key Management 13",
|
||||||
"2.16.840.1.101.3.7.2.16.13", 3, "\x5F\xC1\x19", "\x10\x0D",
|
"2.16.840.1.101.3.7.2.16.13", 3, "\x5F\xC1\x19", "\x10\x0D",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_14, "Retired X.509 Certificate for Key Management 14",
|
{PIV_OBJ_RETIRED_X509_14, "Retired X.509 Certificate for Key Management 14",
|
||||||
"2.16.840.1.101.3.7.2.16.14", 3, "\x5F\xC1\x1A", "\x10\x0E",
|
"2.16.840.1.101.3.7.2.16.14", 3, "\x5F\xC1\x1A", "\x10\x0E",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_15, "Retired X.509 Certificate for Key Management 15",
|
{PIV_OBJ_RETIRED_X509_15, "Retired X.509 Certificate for Key Management 15",
|
||||||
"2.16.840.1.101.3.7.2.16.15", 3, "\x5F\xC1\x1B", "\x10\x0F",
|
"2.16.840.1.101.3.7.2.16.15", 3, "\x5F\xC1\x1B", "\x10\x0F",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_16, "Retired X.509 Certificate for Key Management 16",
|
{PIV_OBJ_RETIRED_X509_16, "Retired X.509 Certificate for Key Management 16",
|
||||||
"2.16.840.1.101.3.7.2.16.16", 3, "\x5F\xC1\x1C", "\x10\x10",
|
"2.16.840.1.101.3.7.2.16.16", 3, "\x5F\xC1\x1C", "\x10\x10",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_17, "Retired X.509 Certificate for Key Management 17",
|
{PIV_OBJ_RETIRED_X509_17, "Retired X.509 Certificate for Key Management 17",
|
||||||
"2.16.840.1.101.3.7.2.16.17", 3, "\x5F\xC1\x1D", "\x10\x11",
|
"2.16.840.1.101.3.7.2.16.17", 3, "\x5F\xC1\x1D", "\x10\x11",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_18, "Retired X.509 Certificate for Key Management 18",
|
{PIV_OBJ_RETIRED_X509_18, "Retired X.509 Certificate for Key Management 18",
|
||||||
"2.16.840.1.101.3.7.2.16.18", 3, "\x5F\xC1\x1E", "\x10\x12",
|
"2.16.840.1.101.3.7.2.16.18", 3, "\x5F\xC1\x1E", "\x10\x12",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_19, "Retired X.509 Certificate for Key Management 19",
|
{PIV_OBJ_RETIRED_X509_19, "Retired X.509 Certificate for Key Management 19",
|
||||||
"2.16.840.1.101.3.7.2.16.19", 3, "\x5F\xC1\x1F", "\x10\x13",
|
"2.16.840.1.101.3.7.2.16.19", 3, "\x5F\xC1\x1F", "\x10\x13",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
{ PIV_OBJ_RETIRED_X509_20, "Retired X.509 Certificate for Key Management 20",
|
{PIV_OBJ_RETIRED_X509_20, "Retired X.509 Certificate for Key Management 20",
|
||||||
"2.16.840.1.101.3.7.2.16.20", 3, "\x5F\xC1\x20", "\x10\x14",
|
"2.16.840.1.101.3.7.2.16.20", 3, "\x5F\xC1\x20", "\x10\x14",
|
||||||
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
|
||||||
|
|
||||||
{ PIV_OBJ_IRIS_IMAGE, "Cardholder Iris Images",
|
{PIV_OBJ_IRIS_IMAGE, "Cardholder Iris Images",
|
||||||
"2.16.840.1.101.3.7.2.16.21", 3, "\x5F\xC1\x21", "\x10\x15", 0},
|
"2.16.840.1.101.3.7.2.16.21", 3, "\x5F\xC1\x21", "\x10\x15", 0},
|
||||||
{ PIV_OBJ_BITGT, "Biometric Information Templates Group Template",
|
{PIV_OBJ_BITGT, "Biometric Information Templates Group Template",
|
||||||
"2.16.840.1.101.3.7.2.16.22", 2, "\x7F\x61", "\x10\x16" },
|
"2.16.840.1.101.3.7.2.16.22", 2, "\x7F\x61", "\x10\x16", 0},
|
||||||
{ PIV_OBJ_SM_SIGNER, "Secure Messaging Certificate Signer",
|
{PIV_OBJ_SM_SIGNER, "Secure Messaging Certificate Signer",
|
||||||
"2.16.840.1.101.3.7.2.16.23", 3, "\x5F\xC1\x22", "\x10\x17"},
|
"2.16.840.1.101.3.7.2.16.23", 3, "\x5F\xC1\x22", "\x10\x17", 0},
|
||||||
{ PIV_OBJ_PC_REF_DATA, "Pairing Code Reference Data Container",
|
{PIV_OBJ_PC_REF_DATA, "Pairing Code Reference Data Container",
|
||||||
"2.16.840.1.101.3.7.2.16.24", 3, "\x5F\xC1\x23", "\x10\x18"},
|
"2.16.840.1.101.3.7.2.16.24", 3, "\x5F\xC1\x23", "\x10\x18", 0},
|
||||||
|
|
||||||
/* following not standard , to be used by piv-tool only for testing */
|
/* following not standard , to be used by piv-tool only for testing */
|
||||||
{ PIV_OBJ_9B03, "3DES-ECB ADM",
|
{PIV_OBJ_9B03, "3DES-ECB ADM",
|
||||||
"2.16.840.1.101.3.7.2.9999.3", 2, "\x9B\x03", "\x9B\x03", 0},
|
"2.16.840.1.101.3.7.2.9999.3", 2, "\x9B\x03", "\x9B\x03", 0},
|
||||||
/* Only used when signing a cert req, usually from engine
|
/* Only used when signing a cert req, usually from engine
|
||||||
* after piv-tool generated the key and saved the pub key
|
* after piv-tool generated the key and saved the pub key
|
||||||
* to a file. Note RSA key can be 1024, 2048 or 3072
|
* to a file. Note RSA key can be 1024, 2048 or 3072
|
||||||
* but still use the "9x06" name.
|
* but still use the "9x06" name.
|
||||||
*/
|
*/
|
||||||
{ PIV_OBJ_9A06, "RSA 9A Pub key from last genkey",
|
{PIV_OBJ_9A06, "RSA 9A Pub key from last genkey",
|
||||||
"2.16.840.1.101.3.7.2.9999.20", 2, "\x9A\x06", "\x9A\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.20", 2, "\x9A\x06", "\x9A\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_9C06, "Pub 9C key from last genkey",
|
{PIV_OBJ_9C06, "Pub 9C key from last genkey",
|
||||||
"2.16.840.1.101.3.7.2.9999.21", 2, "\x9C\x06", "\x9C\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.21", 2, "\x9C\x06", "\x9C\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_9D06, "Pub 9D key from last genkey",
|
{PIV_OBJ_9D06, "Pub 9D key from last genkey",
|
||||||
"2.16.840.1.101.3.7.2.9999.22", 2, "\x9D\x06", "\x9D\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.22", 2, "\x9D\x06", "\x9D\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_9E06, "Pub 9E key from last genkey",
|
{PIV_OBJ_9E06, "Pub 9E key from last genkey",
|
||||||
"2.16.840.1.101.3.7.2.9999.23", 2, "\x9E\x06", "\x9E\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.23", 2, "\x9E\x06", "\x9E\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
|
|
||||||
{ PIV_OBJ_8206, "Pub 82 key ",
|
{PIV_OBJ_8206, "Pub 82 key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.101", 2, "\x82\x06", "\x82\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.101", 2, "\x82\x06", "\x82\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_8306, "Pub 83 key ",
|
{PIV_OBJ_8306, "Pub 83 key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.102", 2, "\x83\x06", "\x83\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.102", 2, "\x83\x06", "\x83\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_8406, "Pub 84 key ",
|
{PIV_OBJ_8406, "Pub 84 key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.103", 2, "\x84\x06", "\x84\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.103", 2, "\x84\x06", "\x84\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_8506, "Pub 85 key ",
|
{PIV_OBJ_8506, "Pub 85 key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.104", 2, "\x85\x06", "\x85\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.104", 2, "\x85\x06", "\x85\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_8606, "Pub 86 key ",
|
{PIV_OBJ_8606, "Pub 86 key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.105", 2, "\x86\x06", "\x86\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.105", 2, "\x86\x06", "\x86\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_8706, "Pub 87 key ",
|
{PIV_OBJ_8706, "Pub 87 key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.106", 2, "\x87\x06", "\x87\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.106", 2, "\x87\x06", "\x87\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_8806, "Pub 88 key ",
|
{PIV_OBJ_8806, "Pub 88 key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.107", 2, "\x88\x06", "\x88\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.107", 2, "\x88\x06", "\x88\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_8906, "Pub 89 key ",
|
{PIV_OBJ_8906, "Pub 89 key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.108", 2, "\x89\x06", "\x89\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.108", 2, "\x89\x06", "\x89\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_8A06, "Pub 8A key ",
|
{PIV_OBJ_8A06, "Pub 8A key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.109", 2, "\x8A\x06", "\x8A\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.109", 2, "\x8A\x06", "\x8A\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_8B06, "Pub 8B key ",
|
{PIV_OBJ_8B06, "Pub 8B key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.110", 2, "\x8B\x06", "\x8B\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.110", 2, "\x8B\x06", "\x8B\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_8C06, "Pub 8C key ",
|
{PIV_OBJ_8C06, "Pub 8C key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.111", 2, "\x8C\x06", "\x8C\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.111", 2, "\x8C\x06", "\x8C\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_8D06, "Pub 8D key ",
|
{PIV_OBJ_8D06, "Pub 8D key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.112", 2, "\x8D\x06", "\x8D\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.112", 2, "\x8D\x06", "\x8D\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_8E06, "Pub 8E key ",
|
{PIV_OBJ_8E06, "Pub 8E key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.113", 2, "\x8E\x06", "\x8E\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.113", 2, "\x8E\x06", "\x8E\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_8F06, "Pub 8F key ",
|
{PIV_OBJ_8F06, "Pub 8F key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.114", 2, "\x8F\x06", "\x8F\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.114", 2, "\x8F\x06", "\x8F\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_9006, "Pub 90 key ",
|
{PIV_OBJ_9006, "Pub 90 key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.115", 2, "\x90\x06", "\x90\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.115", 2, "\x90\x06", "\x90\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_9106, "Pub 91 key ",
|
{PIV_OBJ_9106, "Pub 91 key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.116", 2, "\x91\x06", "\x91\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.116", 2, "\x91\x06", "\x91\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_9206, "Pub 92 key ",
|
{PIV_OBJ_9206, "Pub 92 key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.117", 2, "\x92\x06", "\x92\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.117", 2, "\x92\x06", "\x92\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_9306, "Pub 93 key ",
|
{PIV_OBJ_9306, "Pub 93 key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.118", 2, "\x93\x06", "\x93\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.118", 2, "\x93\x06", "\x93\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_9406, "Pub 94 key ",
|
{PIV_OBJ_9406, "Pub 94 key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.119", 2, "\x94\x06", "\x94\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.119", 2, "\x94\x06", "\x94\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_9506, "Pub 95 key ",
|
{PIV_OBJ_9506, "Pub 95 key ",
|
||||||
"2.16.840.1.101.3.7.2.9999.120", 2, "\x95\x06", "\x95\x06", PIV_OBJECT_TYPE_PUBKEY},
|
"2.16.840.1.101.3.7.2.9999.120", 2, "\x95\x06", "\x95\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||||
{ PIV_OBJ_LAST_ENUM, "", "", 0, "", "", 0}
|
{PIV_OBJ_LAST_ENUM, "", "", 0, "", "", 0}
|
||||||
};
|
};
|
||||||
|
|
||||||
static const CK_ULONG n_objects = sizeof(objects) / sizeof(piv_obj_t);
|
static const CK_ULONG n_objects = sizeof(objects) / sizeof(piv_obj_t);
|
||||||
|
|
||||||
static CK_RV get_object_class(CK_OBJECT_HANDLE obj, CK_OBJECT_CLASS_PTR class) {
|
static void get_object_class(CK_OBJECT_HANDLE obj, CK_OBJECT_CLASS_PTR class) {
|
||||||
if ((objects[obj].flags & PIV_OBJECT_TYPE_PUBKEY))
|
if ((objects[obj].flags & PIV_OBJECT_TYPE_PUBKEY))
|
||||||
*class = CKO_PUBLIC_KEY;
|
*class = CKO_PUBLIC_KEY;
|
||||||
else if ((objects[obj].flags & PIV_OBJECT_TYPE_CERT))
|
else if ((objects[obj].flags & PIV_OBJECT_TYPE_CERT))
|
||||||
*class = CKO_CERTIFICATE;
|
*class = CKO_CERTIFICATE;
|
||||||
else
|
else
|
||||||
*class - CKO_DATA; // TODO: other possibilities?
|
*class = CKO_DATA; // TODO: other possibilities?
|
||||||
return CKR_OK;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static CK_RV get_object_label(CK_OBJECT_HANDLE obj, CK_UTF8CHAR_PTR label) {
|
static void get_object_label(CK_OBJECT_HANDLE obj, CK_UTF8CHAR_PTR label) {
|
||||||
strcpy(label, objects[obj].name);
|
strcpy((char *)label, objects[obj].name);
|
||||||
}
|
}
|
||||||
|
|
||||||
static CK_RV get_object_oid(CK_OBJECT_HANDLE obj, CK_UTF8CHAR_PTR oid) {
|
// Next two functions based off the code at
|
||||||
// strcpy(oid, objects[obj].oid);
|
// https://github.com/m9aertner/oidConverter/blob/master/oid.c
|
||||||
oid[0] = 0x2b;
|
// TODO: how to give credit?
|
||||||
oid[1] = 0x06;
|
static void make_base128(unsigned long l, int first, CK_BYTE_PTR buf, CK_ULONG_PTR n) {
|
||||||
oid[2] = 0x01;
|
if (l > 127)
|
||||||
oid[3] = 0x04;
|
make_base128(l / 128, 0, buf, n);
|
||||||
oid[4] = 0x01;
|
|
||||||
oid[5] = 0x82;
|
l %= 128;
|
||||||
oid[6] = 0x37;
|
|
||||||
oid[7] = 0x15;
|
if (first)
|
||||||
oid[8] = 0x14;
|
buf[(*n)++] = (CK_BYTE)l;
|
||||||
|
else
|
||||||
|
buf[(*n)++] = 0x80 | (CK_BYTE)l;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void asn1_encode_oid(CK_CHAR_PTR oid, CK_BYTE_PTR asn1_oid, CK_ULONG_PTR len) {
|
||||||
|
CK_CHAR_PTR tmp = strdup((char *)oid);
|
||||||
|
CK_CHAR_PTR p = tmp;
|
||||||
|
CK_BYTE_PTR q = NULL;
|
||||||
|
CK_ULONG n = 0;
|
||||||
|
CK_BYTE b = 0;
|
||||||
|
CK_ULONG l = 0;
|
||||||
|
CK_ULONG nodes;
|
||||||
|
|
||||||
|
q = p;
|
||||||
|
*len = 0;
|
||||||
|
nodes = 1;
|
||||||
|
while (*p != 0) {
|
||||||
|
if (*p == '.')
|
||||||
|
nodes++;
|
||||||
|
p++;
|
||||||
|
}
|
||||||
|
|
||||||
|
n = 0;
|
||||||
|
b = 0;
|
||||||
|
p = q;
|
||||||
|
while (n < nodes) {
|
||||||
|
q = p;
|
||||||
|
while (*p != 0) {
|
||||||
|
if (*p == '.')
|
||||||
|
break;
|
||||||
|
p++;
|
||||||
|
}
|
||||||
|
|
||||||
|
l = 0;
|
||||||
|
if (*p == '.') {
|
||||||
|
*p = 0;
|
||||||
|
l = (CK_ULONG) atoi((char *)q);
|
||||||
|
q = p + 1;
|
||||||
|
p = q;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
l = (CK_ULONG) atoi((char *)q);
|
||||||
|
q = p;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Digit is in l. */
|
||||||
|
if (n == 0)
|
||||||
|
b = 40 * ((CK_BYTE)l);
|
||||||
|
else if (n == 1) {
|
||||||
|
b += (CK_BYTE) l;
|
||||||
|
asn1_oid[(*len)++] = b;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
make_base128(l, 1, asn1_oid, len);
|
||||||
|
}
|
||||||
|
n++;
|
||||||
|
}
|
||||||
|
|
||||||
|
free(tmp);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void get_object_oid(CK_OBJECT_HANDLE obj, CK_UTF8CHAR_PTR oid) {
|
||||||
|
strcpy((char *)oid, objects[obj].oid);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void get_object_certificate_type(CK_OBJECT_HANDLE obj, CK_CERTIFICATE_TYPE_PTR type) {
|
||||||
|
if ((objects[obj].flags & PIV_OBJECT_TYPE_CERT))
|
||||||
|
*type = CKC_X_509;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void get_object_key_id(CK_OBJECT_HANDLE obj, CK_UTF8CHAR_PTR key_id) {
|
||||||
|
memcpy((char *)key_id, objects[obj].containerid, 2);
|
||||||
|
}
|
||||||
|
|
||||||
CK_RV get_attribute(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
CK_RV get_attribute(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||||
fprintf(stderr, "FOR OBJECT %lu, I WANT ", obj);
|
fprintf(stderr, "FOR OBJECT %lu, I WANT ", obj);
|
||||||
CK_ULONG i;
|
|
||||||
|
|
||||||
switch (template->type) {
|
switch (template->type) {
|
||||||
case CKA_CLASS:
|
case CKA_CLASS:
|
||||||
fprintf(stderr, "CLASS\n");
|
fprintf(stderr, "CLASS\n");
|
||||||
get_object_class(obj, template->pValue);
|
if (template->pValue == NULL_PTR) // TODO: just don't use functions, break and check return later?
|
||||||
|
template->ulValueLen = 1;
|
||||||
|
else
|
||||||
|
get_object_class(obj, template->pValue);
|
||||||
|
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
|
|
||||||
case CKA_TOKEN:
|
// case CKA_TOKEN:
|
||||||
//get_object
|
|
||||||
case CKA_PRIVATE:
|
case CKA_PRIVATE:
|
||||||
|
fprintf(stderr, "PRIVATE\n"); // TODO: check more
|
||||||
template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
|
template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
|
|
||||||
case CKA_LABEL:
|
case CKA_LABEL:
|
||||||
fprintf(stderr, "LABEL\n");
|
fprintf(stderr, "LABEL\n");
|
||||||
get_object_label(obj, template->pValue);
|
if (template->pValue == NULL_PTR)
|
||||||
|
template->ulValueLen = strlen(objects[obj].name);
|
||||||
|
else
|
||||||
|
strcpy((char *)template->pValue, objects[obj].name);
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
|
|
||||||
case CKA_APPLICATION:
|
case CKA_APPLICATION:
|
||||||
fprintf(stderr, "APPLICATION\n");
|
fprintf(stderr, "APPLICATION\n");
|
||||||
get_object_label(obj, template->pValue);
|
if (template->pValue == NULL_PTR)
|
||||||
|
template->ulValueLen = strlen(objects[obj].name);
|
||||||
|
else
|
||||||
|
strcpy((char *)template->pValue, objects[obj].name);
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
|
|
||||||
case CKA_VALUE:
|
// case CKA_VALUE:
|
||||||
case CKA_OBJECT_ID:
|
case CKA_OBJECT_ID: // TODO: how about just storing the OID in DER ?
|
||||||
fprintf(stderr, "OID\n!!!"); // TODO: this is a DER encoded byte array
|
fprintf(stderr, "OID\n");
|
||||||
|
if (template->pValue == NULL_PTR)
|
||||||
get_object_oid(obj, template->pValue);
|
template->ulValueLen = strlen(objects[obj].oid) * 2; // Slightly oversized
|
||||||
template->ulValueLen = 9;
|
else {
|
||||||
|
strcpy((char *)template->pValue, objects[obj].oid);
|
||||||
|
asn1_encode_oid(template->pValue, template->pValue, &template->ulValueLen);
|
||||||
|
}
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
|
|
||||||
case CKA_CERTIFICATE_TYPE:
|
case CKA_CERTIFICATE_TYPE:
|
||||||
case CKA_ISSUER:
|
fprintf(stderr, "CERTIFICATE TYPE\n");
|
||||||
case CKA_SERIAL_NUMBER:
|
if (template->pValue == NULL_PTR)
|
||||||
|
template->ulValueLen = 1;
|
||||||
|
else
|
||||||
|
*((CK_ULONG_PTR)template->pValue) = CKC_X_509; // Support only X.509 certs
|
||||||
|
return CKR_OK;
|
||||||
|
// case CKA_ISSUER:
|
||||||
|
// case CKA_SERIAL_NUMBER:
|
||||||
case CKA_KEY_TYPE:
|
case CKA_KEY_TYPE:
|
||||||
fprintf(stderr, "Return the key type\n");
|
fprintf(stderr, "Return the key type TODO!!!\n");
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
|
|
||||||
case CKA_SUBJECT:
|
/* case CKA_SUBJECT: */
|
||||||
case CKA_ID:
|
case CKA_ID:
|
||||||
case CKA_SENSITIVE:
|
fprintf(stderr, "KEY ID\n");
|
||||||
case CKA_ENCRYPT:
|
if (template->pValue == NULL_PTR)
|
||||||
case CKA_DECRYPT:
|
template->ulValueLen = 2;
|
||||||
case CKA_WRAP:
|
else
|
||||||
case CKA_UNWRAP:
|
memcpy((char *)template->pValue, objects[obj].containerid, 2);
|
||||||
case CKA_SIGN:
|
return CKR_OK;
|
||||||
case CKA_SIGN_RECOVER:
|
/* case CKA_SENSITIVE: */
|
||||||
case CKA_VERIFY:
|
/* case CKA_ENCRYPT: */
|
||||||
case CKA_VERIFY_RECOVER:
|
/* case CKA_DECRYPT: */
|
||||||
case CKA_DERIVE:
|
/* case CKA_WRAP: */
|
||||||
case CKA_START_DATE:
|
/* case CKA_UNWRAP: */
|
||||||
case CKA_END_DATE:
|
/* case CKA_SIGN: */
|
||||||
case CKA_MODULUS:
|
/* case CKA_SIGN_RECOVER: */
|
||||||
case CKA_MODULUS_BITS:
|
/* case CKA_VERIFY: */
|
||||||
case CKA_PUBLIC_EXPONENT:
|
/* case CKA_VERIFY_RECOVER: */
|
||||||
case CKA_PRIVATE_EXPONENT:
|
/* case CKA_DERIVE: */
|
||||||
case CKA_PRIME_1:
|
/* case CKA_START_DATE: */
|
||||||
case CKA_PRIME_2:
|
/* case CKA_END_DATE: */
|
||||||
case CKA_EXPONENT_1:
|
/* case CKA_MODULUS: */
|
||||||
case CKA_EXPONENT_2:
|
/* case CKA_MODULUS_BITS: */
|
||||||
case CKA_COEFFICIENT:
|
/* case CKA_PUBLIC_EXPONENT: */
|
||||||
case CKA_PRIME:
|
/* case CKA_PRIVATE_EXPONENT: */
|
||||||
case CKA_SUBPRIME:
|
/* case CKA_PRIME_1: */
|
||||||
case CKA_BASE:
|
/* case CKA_PRIME_2: */
|
||||||
case CKA_VALUE_BITS:
|
/* case CKA_EXPONENT_1: */
|
||||||
case CKA_VALUE_LEN:
|
/* case CKA_EXPONENT_2: */
|
||||||
case CKA_EXTRACTABLE:
|
/* case CKA_COEFFICIENT: */
|
||||||
case CKA_LOCAL:
|
/* case CKA_PRIME: */
|
||||||
case CKA_NEVER_EXTRACTABLE:
|
/* case CKA_SUBPRIME: */
|
||||||
case CKA_ALWAYS_SENSITIVE:
|
/* case CKA_BASE: */
|
||||||
|
/* case CKA_VALUE_BITS: */
|
||||||
|
/* case CKA_VALUE_LEN: */
|
||||||
|
/* case CKA_EXTRACTABLE: */
|
||||||
|
/* case CKA_LOCAL: */
|
||||||
|
/* case CKA_NEVER_EXTRACTABLE: */
|
||||||
|
/* case CKA_ALWAYS_SENSITIVE: */
|
||||||
case CKA_MODIFIABLE:
|
case CKA_MODIFIABLE:
|
||||||
fprintf(stderr, "MODIFIABLE\n");
|
fprintf(stderr, "MODIFIABLE\n");
|
||||||
|
if (template->pValue == NULL_PTR)
|
||||||
|
template->ulValueLen = 1;
|
||||||
|
else
|
||||||
*((CK_ULONG_PTR)template->pValue) = CK_FALSE;
|
*((CK_ULONG_PTR)template->pValue) = CK_FALSE;
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
|
|
||||||
case CKA_VENDOR_DEFINED:
|
case CKA_VENDOR_DEFINED:
|
||||||
default:
|
default:
|
||||||
fprintf(stderr, "UNKNOWN ATTRIBUTE!!!!! %lu\n", template[0].type);
|
fprintf(stderr, "UNKNOWN ATTRIBUTE!!!!! %lx\n", template[0].type);
|
||||||
|
template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_FUNCTION_FAILED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -356,6 +356,7 @@ typedef CK_ULONG CK_KEY_TYPE;
|
|||||||
/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
|
/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
|
||||||
* for v2.0 */
|
* for v2.0 */
|
||||||
typedef CK_ULONG CK_CERTIFICATE_TYPE;
|
typedef CK_ULONG CK_CERTIFICATE_TYPE;
|
||||||
|
typedef CK_CERTIFICATE_TYPE CK_PTR CK_CERTIFICATE_TYPE_PTR;
|
||||||
|
|
||||||
/* The following certificate types are defined: */
|
/* The following certificate types are defined: */
|
||||||
#define CKC_X_509 0x00000000
|
#define CKC_X_509 0x00000000
|
||||||
|
|||||||
+23
-10
@@ -11,7 +11,7 @@
|
|||||||
printf ("\n"); \
|
printf ("\n"); \
|
||||||
} while (0)
|
} while (0)
|
||||||
|
|
||||||
#define YKCS11_DBG 1 // General debug, must be either 1 or 0
|
#define YKCS11_DBG 0 // General debug, must be either 1 or 0
|
||||||
#define YKCS11_DINOUT 0 // Function in/out debug, must be either 1 or 0
|
#define YKCS11_DINOUT 0 // Function in/out debug, must be either 1 or 0
|
||||||
|
|
||||||
#define YKCS11_MANUFACTURER "Yubico (www.yubico.com)"
|
#define YKCS11_MANUFACTURER "Yubico (www.yubico.com)"
|
||||||
@@ -49,6 +49,7 @@ static CK_SESSION_INFO session_info;
|
|||||||
|
|
||||||
static struct {
|
static struct {
|
||||||
CK_BBOOL active;
|
CK_BBOOL active;
|
||||||
|
CK_ULONG num;
|
||||||
CK_ULONG idx;
|
CK_ULONG idx;
|
||||||
CK_BBOOL all;
|
CK_BBOOL all;
|
||||||
CK_OBJECT_CLASS class;
|
CK_OBJECT_CLASS class;
|
||||||
@@ -750,7 +751,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetAttributeValue)(
|
|||||||
|
|
||||||
if (pTemplate[0].pValue == NULL_PTR) {
|
if (pTemplate[0].pValue == NULL_PTR) {
|
||||||
DBG(("Just get size"));
|
DBG(("Just get size"));
|
||||||
pTemplate[0].ulValueLen = 1024; // TODO: get attribute size
|
get_attribute(hObject, pTemplate); // TODO: get attribute size
|
||||||
DOUT;
|
DOUT;
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
}
|
}
|
||||||
@@ -784,6 +785,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)(
|
|||||||
{
|
{
|
||||||
DIN;
|
DIN;
|
||||||
CK_ULONG i;
|
CK_ULONG i;
|
||||||
|
vendor_t vendor;
|
||||||
|
|
||||||
if (piv_state == NULL)
|
if (piv_state == NULL)
|
||||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||||
@@ -792,16 +794,23 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)(
|
|||||||
return CKR_SESSION_CLOSED;
|
return CKR_SESSION_CLOSED;
|
||||||
|
|
||||||
if (hSession != session)
|
if (hSession != session)
|
||||||
return CKR_SESSION_HANDLE_INVALID;
|
return CKR_SESSION_HANDLE_INVALID; // TODO: or session closed?
|
||||||
|
|
||||||
if (find_obj.active == CK_TRUE)
|
if (find_obj.active == CK_TRUE)
|
||||||
return CKR_OPERATION_ACTIVE;
|
return CKR_OPERATION_ACTIVE;
|
||||||
|
|
||||||
|
if (slots[session_info.slotID].vid == UNKNOWN) {
|
||||||
|
DBG(("Slot %lu is tokenless/unsupported", slotID));
|
||||||
|
return CKR_SLOT_ID_INVALID;
|
||||||
|
}
|
||||||
|
vendor = get_vendor(slots[session_info.slotID].vid); // TODO: make a token field in slot_t ?;
|
||||||
|
|
||||||
if (ulCount == 0) {
|
if (ulCount == 0) {
|
||||||
DBG(("Find ALL the objects!"));
|
DBG(("Find ALL the objects!"));
|
||||||
find_obj.active = CK_TRUE;
|
find_obj.active = CK_TRUE;
|
||||||
find_obj.all = CK_TRUE;
|
vendor.get_token_objects_num(&find_obj.num);
|
||||||
find_obj.idx = 0;
|
find_obj.idx = 0;
|
||||||
|
find_obj.all = CK_TRUE;
|
||||||
DOUT;
|
DOUT;
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
}
|
}
|
||||||
@@ -824,7 +833,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)(
|
|||||||
DOUT;
|
DOUT;
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
}
|
}
|
||||||
CK_ULONG bla = 1; // TODO: delete
|
|
||||||
CK_DEFINE_FUNCTION(CK_RV, C_FindObjects)(
|
CK_DEFINE_FUNCTION(CK_RV, C_FindObjects)(
|
||||||
CK_SESSION_HANDLE hSession,
|
CK_SESSION_HANDLE hSession,
|
||||||
CK_OBJECT_HANDLE_PTR phObject,
|
CK_OBJECT_HANDLE_PTR phObject,
|
||||||
@@ -853,11 +862,15 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjects)(
|
|||||||
|
|
||||||
DBG(("Can return %lu object(s)", ulMaxObjectCount));
|
DBG(("Can return %lu object(s)", ulMaxObjectCount));
|
||||||
if (find_obj.all == CK_TRUE) {
|
if (find_obj.all == CK_TRUE) {
|
||||||
// Trying to get all the objects, just return the next
|
// Trying to get all the objects, just return the next one
|
||||||
//*phObject = piv_objects[find_obj.idx++];
|
if (find_obj.idx == find_obj.num) {
|
||||||
//*pulObjectCount = 1;
|
*pulObjectCount = 0;
|
||||||
*phObject = piv_objects[bla];
|
DOUT;
|
||||||
*pulObjectCount = bla--;
|
return CKR_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
*phObject = piv_objects[find_obj.idx++];
|
||||||
|
*pulObjectCount = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
+38
-2
@@ -67,8 +67,43 @@ static const CK_MECHANISM_INFO token_mechanism_infos[] = { // KEEP ALIGNED WITH
|
|||||||
{0, 0, CKF_DIGEST} // CKM_SHA512
|
{0, 0, CKF_DIGEST} // CKM_SHA512
|
||||||
};
|
};
|
||||||
|
|
||||||
static const piv_obj_id_t token_objects[] = {
|
static const piv_obj_id_t token_objects[] = { // TODO: is there a way to get this from the token?
|
||||||
|
PIV_OBJ_CCC, // Card capability container
|
||||||
|
PIV_OBJ_CHUI, // Cardholder unique id
|
||||||
|
PIV_OBJ_X509_PIV_AUTH, // PIV authentication
|
||||||
|
PIV_OBJ_CHF, // Cardholder fingerprints
|
||||||
|
PIV_OBJ_SEC_OBJ, // Security object
|
||||||
|
PIV_OBJ_CHFI, // Cardholder facial images
|
||||||
|
PIV_OBJ_X509_CARD_AUTH, // Certificate for card authentication
|
||||||
|
PIV_OBJ_X509_DS, // Certificate for digital signature
|
||||||
|
PIV_OBJ_X509_KM, // Certificate for key management
|
||||||
|
//PIV_OBJ_PI, // Cardholder printed information
|
||||||
|
//PIV_OBJ_DISCOVERY, // Discovery object
|
||||||
|
//PIV_OBJ_HISTORY, // History object
|
||||||
|
/* PIV_OBJ_RETIRED_X509_1, // Retired certificate for KM 1
|
||||||
|
PIV_OBJ_RETIRED_X509_2, // Retired certificate for KM 2
|
||||||
|
PIV_OBJ_RETIRED_X509_3, // Retired certificate for KM 3
|
||||||
|
PIV_OBJ_RETIRED_X509_4, // Retired certificate for KM 4
|
||||||
|
PIV_OBJ_RETIRED_X509_5, // Retired certificate for KM 5
|
||||||
|
PIV_OBJ_RETIRED_X509_6, // Retired certificate for KM 6
|
||||||
|
PIV_OBJ_RETIRED_X509_7, // Retired certificate for KM 7
|
||||||
|
PIV_OBJ_RETIRED_X509_8, // Retired certificate for KM 8
|
||||||
|
PIV_OBJ_RETIRED_X509_9, // Retired certificate for KM 9
|
||||||
|
PIV_OBJ_RETIRED_X509_10, // Retired certificate for KM 10
|
||||||
|
PIV_OBJ_RETIRED_X509_11, // Retired certificate for KM 11
|
||||||
|
PIV_OBJ_RETIRED_X509_12, // Retired certificate for KM 12
|
||||||
|
PIV_OBJ_RETIRED_X509_13, // Retired certificate for KM 13
|
||||||
|
PIV_OBJ_RETIRED_X509_14, // Retired certificate for KM 14
|
||||||
|
PIV_OBJ_RETIRED_X509_15, // Retired certificate for KM 15
|
||||||
|
PIV_OBJ_RETIRED_X509_16, // Retired certificate for KM 16
|
||||||
|
PIV_OBJ_RETIRED_X509_17, // Retired certificate for KM 17
|
||||||
|
PIV_OBJ_RETIRED_X509_18, // Retired certificate for KM 18
|
||||||
|
PIV_OBJ_RETIRED_X509_19, // Retired certificate for KM 19
|
||||||
|
PIV_OBJ_RETIRED_X509_20, // Retired certificate for KM 20*/
|
||||||
|
//PIV_OBJ_IRIS_IMAGE, // Cardholder iris images
|
||||||
|
//PIV_OBJ_BITGT, // Biometric information templates group template
|
||||||
|
//PIV_OBJ_SM_SIGNER, // Secure messaging signer
|
||||||
|
//PIV_OBJ_PC_REF_DATA, // Pairing code reference data
|
||||||
};
|
};
|
||||||
static const CK_ULONG token_objects_num = sizeof(token_objects) / sizeof(piv_obj_id_t);
|
static const CK_ULONG token_objects_num = sizeof(token_objects) / sizeof(piv_obj_id_t);
|
||||||
|
|
||||||
@@ -220,6 +255,7 @@ CK_RV YUBICO_get_token_mechanism_info(CK_MECHANISM_TYPE mec, CK_MECHANISM_INFO_P
|
|||||||
CK_RV YUBICO_get_token_objects_num(CK_ULONG_PTR num) {
|
CK_RV YUBICO_get_token_objects_num(CK_ULONG_PTR num) {
|
||||||
|
|
||||||
*num = token_objects_num;
|
*num = token_objects_num;
|
||||||
|
//fprintf("TIENI %lu\n", token_objects_num);
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user