Switch ykcs11 to use private key import from libykpiv.

This commit is contained in:
Alessio Di Mauro
2015-11-19 18:30:08 +01:00
parent 6269280578
commit 8e3314ab42
6 changed files with 120 additions and 100 deletions
+59 -71
View File
@@ -176,85 +176,73 @@ static CK_RV COMMON_token_import_cert(ykpiv_state *state, CK_ULONG cert_id, CK_B
return CKR_OK;
}
CK_RV COMMON_token_import_private_key(ykpiv_state *state, CK_BYTE key_id, CK_BYTE_PTR p, CK_BYTE_PTR q,
CK_BYTE_PTR dp, CK_BYTE_PTR dq, CK_BYTE_PTR qinv,
CK_BYTE_PTR ec_data, CK_ULONG elem_len, CK_ULONG vendor_defined) {
CK_RV COMMON_token_import_private_key(ykpiv_state *state, CK_BYTE key_id,
CK_BYTE_PTR p, CK_ULONG p_len,
CK_BYTE_PTR q, CK_ULONG q_len,
CK_BYTE_PTR dp, CK_ULONG dp_len,
CK_BYTE_PTR dq, CK_ULONG dq_len,
CK_BYTE_PTR qinv, CK_ULONG qinv_len,
CK_BYTE_PTR ec_data, CK_ULONG ec_data_len,
CK_ULONG vendor_defined) {
unsigned char key_data[1024];
unsigned char *in_ptr = key_data;
unsigned char templ[] = {0, YKPIV_INS_IMPORT_KEY, 0, key_id};
unsigned char data[0xff];
unsigned long recv_len = sizeof(data);
int sw;
CK_BYTE pin_policy;
CK_BYTE touch_policy;
CK_BYTE algo;
ykpiv_rc rc;
if (elem_len == 128) // TODO: add a flag to check algo type ?
templ[2] = YKPIV_ALGO_RSA2048;
else if (elem_len == 64)
templ[2] = YKPIV_ALGO_RSA1024;
else if(elem_len == 32)
templ[2] = YKPIV_ALGO_ECCP256;
if (templ[2] == YKPIV_ALGO_RSA1024 ||templ[2] == YKPIV_ALGO_RSA2048) {
*in_ptr++ = 0x01;
in_ptr += set_length(in_ptr, elem_len);
memcpy(in_ptr, p, (size_t)(elem_len));
in_ptr += elem_len;
*in_ptr++ = 0x02;
in_ptr += set_length(in_ptr, elem_len);
memcpy(in_ptr, q, (size_t)(elem_len));
in_ptr += elem_len;
*in_ptr++ = 0x03;
in_ptr += set_length(in_ptr, elem_len);
memcpy(in_ptr, dp, (size_t)(elem_len));
in_ptr += elem_len;
*in_ptr++ = 0x04;
in_ptr += set_length(in_ptr, elem_len);
memcpy(in_ptr, dq, (size_t)(elem_len));
in_ptr += elem_len;
*in_ptr++ = 0x05;
in_ptr += set_length(in_ptr, elem_len);
memcpy(in_ptr, qinv, (size_t)(elem_len));
in_ptr += elem_len;
if (p == NULL) {
if (ec_data_len == 32 || ec_data_len == 31)
algo = YKPIV_ALGO_ECCP256;
else
algo = YKPIV_ALGO_ECCP384;
}
else if (templ[2] == YKPIV_ALGO_ECCP256) {
*in_ptr++ = 0x06;
in_ptr += set_length(in_ptr, elem_len);
memcpy(in_ptr, ec_data, (size_t)(elem_len));
in_ptr += elem_len;
else if (ec_data == NULL) {
if (p_len == 64)
algo = YKPIV_ALGO_RSA1024;
else
algo = YKPIV_ALGO_RSA2048;
}
// PIN policy and touch
if (vendor_defined != 0) {
if (vendor_defined & CKA_PIN_ONCE) {
*in_ptr++ = YKPIV_PINPOLICY_TAG;
*in_ptr++ = 0x01;
*in_ptr++ = YKPIV_PINPOLICY_ONCE;
}
else if (vendor_defined & CKA_PIN_ALWAYS) {
*in_ptr++ = YKPIV_PINPOLICY_TAG;
*in_ptr++ = 0x01;
*in_ptr++ = YKPIV_PINPOLICY_ALWAYS;
}
if (vendor_defined & CKA_TOUCH_ALWAYS) {
*in_ptr++ = YKPIV_TOUCHPOLICY_TAG;
*in_ptr++ = 0x01;
*in_ptr++ = YKPIV_TOUCHPOLICY_ALWAYS;
}
}
if (ykpiv_transfer_data(state, templ, key_data, in_ptr - key_data, data, &recv_len, &sw) != YKPIV_OK)
else
return CKR_FUNCTION_FAILED;
if (sw != 0x9000)
return CKR_DEVICE_ERROR;
pin_policy = YKPIV_PINPOLICY_DEFAULT;
touch_policy = YKPIV_TOUCHPOLICY_DEFAULT;
if (vendor_defined != 0) {
if (vendor_defined & CKA_PIN_ONCE) {
pin_policy = YKPIV_PINPOLICY_ONCE;
}
else if (vendor_defined & CKA_PIN_ALWAYS) {
pin_policy = YKPIV_PINPOLICY_ALWAYS;
}
else if (vendor_defined & CKA_PIN_NEVER) {
pin_policy = YKPIV_PINPOLICY_NEVER;
}
else
return CKR_ATTRIBUTE_VALUE_INVALID;
return CKR_OK;
if (vendor_defined & CKA_TOUCH_ALWAYS) {
touch_policy = YKPIV_TOUCHPOLICY_ALWAYS;
}
else if (vendor_defined & CKA_TOUCH_NEVER) {
touch_policy = YKPIV_TOUCHPOLICY_NEVER;
}
else
return CKR_ATTRIBUTE_VALUE_INVALID;
}
rc = ykpiv_import_private_key(state, key_id, algo,
p, p_len,
q, q_len,
dp, dp_len,
dq, dq_len,
qinv, qinv_len,
ec_data, ec_data_len,
pin_policy, touch_policy);
if (rc != YKPIV_OK)
return CKR_FUNCTION_FAILED;
return CKR_OK;
}
CK_RV COMMON_token_delete_cert(ykpiv_state *state, CK_ULONG cert_id) {