From 9f6dfed7cde65e4ba1b53987037db09a7f11d297 Mon Sep 17 00:00:00 2001 From: Alessio Di Mauro Date: Mon, 6 Jul 2015 16:42:36 +0200 Subject: [PATCH] More GetTokenInfo. --- ykcs11/pkcs11t.h | 2 ++ ykcs11/vendors.c | 15 ++++++++++++--- ykcs11/vendors.h | 12 ++++++++++-- ykcs11/ykcs11.c | 48 ++++++++++++++++++++++++++++++++++-------------- ykcs11/yubico.c | 26 +++++++++++++++++++++++++- ykcs11/yubico.h | 6 +++++- 6 files changed, 88 insertions(+), 21 deletions(-) diff --git a/ykcs11/pkcs11t.h b/ykcs11/pkcs11t.h index 497dfe0..b9bf233 100644 --- a/ykcs11/pkcs11t.h +++ b/ykcs11/pkcs11t.h @@ -228,6 +228,8 @@ typedef struct CK_TOKEN_INFO { * and sign) */ #define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200 +#define CKF_TOKEN_INITIALIZED 0x00000400 + typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR; diff --git a/ykcs11/vendors.c b/ykcs11/vendors.c index fcbb803..179cc99 100644 --- a/ykcs11/vendors.c +++ b/ykcs11/vendors.c @@ -1,10 +1,11 @@ #include "vendors.h" #include "yubico.h" +#include vendor_id_t get_vendor_id(char *vendor_name) { vendor_id_t vid; - if (strncmp(vendor_name, "Yubico", 6) == 0) + if (strstr(vendor_name, "Yubico") != NULL) return YUBICO; return UNKNOWN; @@ -15,11 +16,19 @@ vendor_t get_vendor(vendor_id_t vid) { switch (vid) { case YUBICO: - v.get_version = YUBICO_get_version; + v.get_version = YUBICO_get_version; + v.get_label = YUBICO_get_label; + v.get_manufacturer = YUBICO_get_manufacturer; + v.get_model = YUBICO_get_model; + v.get_flags = YUBICO_get_flags; break; case UNKNOWN: - v.get_version = NULL; + v.get_version = NULL; // TODO: make up dummy functions? + v.get_label = NULL; + v.get_manufacturer = NULL; + v.get_model = NULL; + v.get_flags = NULL; } diff --git a/ykcs11/vendors.h b/ykcs11/vendors.h index c456d0e..5f1e867 100644 --- a/ykcs11/vendors.h +++ b/ykcs11/vendors.h @@ -8,10 +8,18 @@ typedef enum { YUBICO = 0x01 } vendor_id_t; -typedef CK_VERSION (*get_version_f)(char *, int); +typedef CK_VERSION (*get_version_f)(CK_UTF8CHAR_PTR, CK_ULONG); +typedef CK_UTF8CHAR_PTR (*get_label_f)(void); +typedef CK_UTF8CHAR_PTR (*get_manufacturer_f)(void); +typedef CK_UTF8CHAR_PTR (*get_model_f)(void); +typedef CK_FLAGS (*get_flags_f)(void); typedef struct { - get_version_f get_version; + get_version_f get_version; + get_label_f get_label; + get_manufacturer_f get_manufacturer; + get_model_f get_model; + get_flags_f get_flags; } vendor_t; vendor_id_t get_vendor_id(char *vendor_name); diff --git a/ykcs11/ykcs11.c b/ykcs11/ykcs11.c index 242e767..2457197 100644 --- a/ykcs11/ykcs11.c +++ b/ykcs11/ykcs11.c @@ -4,8 +4,6 @@ #include #include "vendors.h" -// TODO: do a bit of backend magic or should be handled by libykpiv? - #define D(x) do { \ printf ("debug: %s:%d (%s): ", __FILE__, __LINE__, __FUNCTION__); \ printf x; \ @@ -15,6 +13,9 @@ #define YKCS11_DBG 1 // General debug, must be either 1 or 0 #define YKCS11_DINOUT 1 // Function in/out debug, must be either 1 or 0 +#define PIV_MIN_PIN_LEN 6 +#define PIV_MAX_PIN_LEN 8 + #if YKCS11_DBG #define DBG(x) D(x); #else @@ -164,27 +165,43 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)( ) { DIN; - CK_VERSION ver = {0, 0}; - vendor_t yubico; - char buf[64]; + CK_VERSION ver = {0, 0}; + vendor_id_t vid; + vendor_t vendor; + CK_BYTE buf[64]; + CK_UTF8CHAR_PTR p; + CK_BYTE len; - ykpiv_get_version(piv_state, buf, 64); - yubico = get_vendor(get_vendor_id("Yubico")); - ver = yubico.get_version(buf, strlen(buf)); + if (piv_state == NULL) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + ykpiv_get_reader_slot(piv_state, slotID, buf); + vid = get_vendor_id(buf); + + if (vid == UNKNOWN) + return CKR_TOKEN_NOT_RECOGNIZED; + + vendor = get_vendor(vid); memset(pInfo->label, ' ', sizeof(pInfo->label)); - strncpy(pInfo->label, "LABEL", 5); + p = vendor.get_label(); + len = strlen(p); + strncpy(pInfo->label, p, len); memset(pInfo->manufacturerID, ' ', sizeof(pInfo->manufacturerID)); - strncpy(pInfo->manufacturerID, "MANUFACTURER_ID", 15); + p = vendor.get_manufacturer(); + len = strlen(p); + strncpy(pInfo->manufacturerID, p, len); memset(pInfo->model, ' ', sizeof(pInfo->model)); - strncpy(pInfo->model, "MODEL", 5); + p = vendor.get_model(); + len = strlen(p); + strncpy(pInfo->model, p, len); memset(pInfo->serialNumber, ' ', sizeof(pInfo->serialNumber)); strncpy(pInfo->serialNumber, "12345", 5); - pInfo->flags = 0x00000400; // bit flags indicating capabilities and status of the device as defined below + pInfo->flags = vendor.get_flags(); // bit flags indicating capabilities and status of the device as defined below pInfo->ulMaxSessionCount = CK_UNAVAILABLE_INFORMATION; // TODO: should this be 1? @@ -194,9 +211,9 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)( pInfo->ulRwSessionCount = CK_UNAVAILABLE_INFORMATION; // number of read/write sessions that this application currently has open with the token - pInfo->ulMaxPinLen = 127; // maximum length in bytes of the PIN + pInfo->ulMaxPinLen = PIV_MIN_PIN_LEN; // maximum length in bytes of the PIN - pInfo->ulMinPinLen = 3; // minimum length in bytes of the PIN + pInfo->ulMinPinLen = PIV_MAX_PIN_LEN; // minimum length in bytes of the PIN pInfo->ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION; @@ -206,6 +223,9 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)( pInfo->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION; + ykpiv_get_version(piv_state, buf, sizeof(buf)); + ver = vendor.get_version(buf, strlen(buf)); + pInfo->hardwareVersion = ver; // version number of hardware pInfo->firmwareVersion = ver; // version number of firmware diff --git a/ykcs11/yubico.c b/ykcs11/yubico.c index 80f40be..5f14296 100644 --- a/ykcs11/yubico.c +++ b/ykcs11/yubico.c @@ -1,7 +1,7 @@ #include "yubico.h" #include "pkcs11.h" -CK_VERSION YUBICO_get_version(char *version, int len) { +CK_VERSION YUBICO_get_version(CK_UTF8CHAR_PTR version, CK_ULONG len) { CK_VERSION v = {0, 0}; int i = 0; @@ -27,3 +27,27 @@ CK_VERSION YUBICO_get_version(char *version, int len) { return v; } + +CK_UTF8CHAR_PTR YUBICO_get_label(void) { + + return "YubiKey"; + +} + +CK_UTF8CHAR_PTR YUBICO_get_manufacturer(void) { + + return "Yubico"; + +} + +CK_UTF8CHAR_PTR YUBICO_get_model(void) { + + return "PRO"; + +} + +CK_FLAGS YUBICO_get_flags(void) { + + return CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED; + +} diff --git a/ykcs11/yubico.h b/ykcs11/yubico.h index e2487f6..cf78790 100644 --- a/ykcs11/yubico.h +++ b/ykcs11/yubico.h @@ -3,6 +3,10 @@ #include "pkcs11.h" -CK_VERSION YUBICO_get_version(char *version, int len); +CK_VERSION YUBICO_get_version(CK_UTF8CHAR_PTR version, CK_ULONG len); +CK_UTF8CHAR_PTR YUBICO_get_label(void); +CK_UTF8CHAR_PTR YUBICO_get_manufacturer(void); +CK_UTF8CHAR_PTR YUBICO_get_model(void); +CK_FLAGS YUBICO_get_flags(void); #endif