YKCS11: added support for touch and PIN policy during generate.
This commit is contained in:
+34
-10
@@ -31,9 +31,11 @@ static CK_RV COMMON_token_login(ykpiv_state *state, CK_USER_TYPE user, CK_UTF8CH
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
static CK_RV COMMON_token_generate_key(ykpiv_state *state, CK_BBOOL rsa, CK_BYTE key, CK_ULONG key_len) {
|
||||
static CK_RV COMMON_token_generate_key(ykpiv_state *state, CK_BBOOL rsa,
|
||||
CK_BYTE key, CK_ULONG key_len, CK_ULONG vendor_defined) {
|
||||
// TODO: make a function in ykpiv for this
|
||||
unsigned char in_data[5];
|
||||
unsigned char in_data[11];
|
||||
unsigned char *in_ptr = in_data;
|
||||
unsigned char data[1024];
|
||||
unsigned char templ[] = {0, YKPIV_INS_GENERATE_ASYMMERTRIC, 0, 0};
|
||||
unsigned char *certptr;
|
||||
@@ -45,10 +47,10 @@ static CK_RV COMMON_token_generate_key(ykpiv_state *state, CK_BBOOL rsa, CK_BYTE
|
||||
|
||||
templ[3] = key;
|
||||
|
||||
in_data[0] = 0xac;
|
||||
in_data[1] = 3;
|
||||
in_data[2] = 0x80;
|
||||
in_data[3] = 1;
|
||||
*in_ptr++ = 0xac;
|
||||
*in_ptr++ = 3;
|
||||
*in_ptr++ = 0x80;
|
||||
*in_ptr++ = 1;
|
||||
|
||||
switch(key_len) {
|
||||
case 2048:
|
||||
@@ -61,7 +63,7 @@ static CK_RV COMMON_token_generate_key(ykpiv_state *state, CK_BBOOL rsa, CK_BYTE
|
||||
|
||||
case 1024:
|
||||
if (rsa == CK_TRUE)
|
||||
in_data[4] = YKPIV_ALGO_RSA1024;
|
||||
*in_ptr++ = YKPIV_ALGO_RSA1024;
|
||||
else
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
@@ -69,7 +71,7 @@ static CK_RV COMMON_token_generate_key(ykpiv_state *state, CK_BBOOL rsa, CK_BYTE
|
||||
|
||||
case 256:
|
||||
if (rsa == CK_FALSE)
|
||||
in_data[4] = YKPIV_ALGO_ECCP256;
|
||||
*in_ptr++ = YKPIV_ALGO_ECCP256;
|
||||
else
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
@@ -78,8 +80,30 @@ static CK_RV COMMON_token_generate_key(ykpiv_state *state, CK_BBOOL rsa, CK_BYTE
|
||||
default:
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
//DBG(("Generating key %x with algorithm %u and length %lu", templ[3], in_data[4], key_len));
|
||||
if(ykpiv_transfer_data(state, templ, in_data, sizeof(in_data), data, &recv_len, &sw) != YKPIV_OK ||
|
||||
// PIN policy and touch
|
||||
if (vendor_defined != 0) {
|
||||
if (vendor_defined & CKA_PIN_ONCE) {
|
||||
in_data[1] += 3;
|
||||
*in_ptr++ = YKPIV_PINPOLICY_TAG;
|
||||
*in_ptr++ = 0x01;
|
||||
*in_ptr++ = YKPIV_PINPOLICY_ONCE;
|
||||
}
|
||||
else if (vendor_defined & CKA_PIN_ALWAYS) {
|
||||
in_data[1] += 3;
|
||||
*in_ptr++ = YKPIV_PINPOLICY_TAG;
|
||||
*in_ptr++ = 0x01;
|
||||
*in_ptr++ = YKPIV_PINPOLICY_ALWAYS;
|
||||
}
|
||||
|
||||
if (vendor_defined & CKA_TOUCH_ALWAYS) {
|
||||
in_data[1] += 3;
|
||||
*in_ptr++ = YKPIV_TOUCHPOLICY_TAG;
|
||||
*in_ptr++ = 0x01;
|
||||
*in_ptr++ = YKPIV_TOUCHPOLICY_ALWAYS;
|
||||
}
|
||||
}
|
||||
|
||||
if(ykpiv_transfer_data(state, templ, in_data, in_ptr - in_data, data, &recv_len, &sw) != YKPIV_OK ||
|
||||
sw != 0x9000)
|
||||
return CKR_DEVICE_ERROR;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user