Added support for touch and change policy during key import.
This commit is contained in:
+24
-4
@@ -151,7 +151,7 @@ static CK_RV COMMON_token_import_cert(ykpiv_state *state, CK_ULONG cert_id, CK_B
|
||||
|
||||
CK_RV COMMON_token_import_private_key(ykpiv_state *state, CK_BYTE key_id, CK_BYTE_PTR p, CK_BYTE_PTR q,
|
||||
CK_BYTE_PTR dp, CK_BYTE_PTR dq, CK_BYTE_PTR qinv,
|
||||
CK_BYTE_PTR ec_data, CK_ULONG elem_len) {
|
||||
CK_BYTE_PTR ec_data, CK_ULONG elem_len, CK_ULONG vendor_defined) {
|
||||
|
||||
unsigned char key_data[1024];
|
||||
unsigned char *in_ptr = key_data;
|
||||
@@ -193,17 +193,37 @@ CK_RV COMMON_token_import_private_key(ykpiv_state *state, CK_BYTE key_id, CK_BYT
|
||||
memcpy(in_ptr, qinv, (size_t)(elem_len));
|
||||
in_ptr += elem_len;
|
||||
}
|
||||
else if(templ[2] == YKPIV_ALGO_ECCP256) {
|
||||
else if (templ[2] == YKPIV_ALGO_ECCP256) {
|
||||
*in_ptr++ = 0x06;
|
||||
in_ptr += set_length(in_ptr, elem_len);
|
||||
memcpy(in_ptr, ec_data, (size_t)(elem_len));
|
||||
in_ptr += elem_len;
|
||||
}
|
||||
|
||||
if(ykpiv_transfer_data(state, templ, key_data, in_ptr - key_data, data, &recv_len, &sw) != YKPIV_OK)
|
||||
// PIN policy and touch
|
||||
if (vendor_defined != 0) {
|
||||
if (vendor_defined & CKA_PIN_ONCE) {
|
||||
*in_ptr++ = YKPIV_PINPOLICY_TAG;
|
||||
*in_ptr++ = 0x01;
|
||||
*in_ptr++ = YKPIV_PINPOLICY_ONCE;
|
||||
}
|
||||
else if (vendor_defined & CKA_PIN_ALWAYS) {
|
||||
*in_ptr++ = YKPIV_PINPOLICY_TAG;
|
||||
*in_ptr++ = 0x01;
|
||||
*in_ptr++ = YKPIV_PINPOLICY_ALWAYS;
|
||||
}
|
||||
|
||||
if (vendor_defined & CKA_TOUCH_ALWAYS) {
|
||||
*in_ptr++ = YKPIV_TOUCHPOLICY_TAG;
|
||||
*in_ptr++ = 0x01;
|
||||
*in_ptr++ = YKPIV_TOUCHPOLICY_ALWAYS;
|
||||
}
|
||||
}
|
||||
|
||||
if (ykpiv_transfer_data(state, templ, key_data, in_ptr - key_data, data, &recv_len, &sw) != YKPIV_OK)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
if(sw != 0x9000)
|
||||
if (sw != 0x9000)
|
||||
return CKR_DEVICE_ERROR;
|
||||
|
||||
return CKR_OK;
|
||||
|
||||
Reference in New Issue
Block a user