Refactor more.

This commit is contained in:
Alessio Di Mauro
2015-07-24 15:39:37 +02:00
parent 91d7e52b21
commit b9268982a5
7 changed files with 434 additions and 299 deletions
+90 -71
View File
@@ -5,84 +5,103 @@
// TODO: this is mostly from OpenSC, how to give credit?
typedef enum {
PIV_OBJ_CCC = 0, // Card capability container
PIV_OBJ_CHUI, // Cardholder unique id
/* PIV_OBJ_UCHUI is not in new with 800-73-2 */
PIV_OBJ_X509_PIV_AUTH, // PIV authentication
PIV_OBJ_CHF, // Cardholder fingerprints
PIV_OBJ_SEC_OBJ, // Security object
PIV_OBJ_CHFI, // Cardholder facial images
PIV_OBJ_X509_CARD_AUTH, // Certificate for card authentication
PIV_OBJ_X509_DS, // Certificate for digital signature
PIV_OBJ_X509_KM, // Certificate for key management
PIV_OBJ_PI, // Cardholder printed information
PIV_OBJ_DISCOVERY, // Discovery object
PIV_OBJ_HISTORY, // History object
PIV_OBJ_RETIRED_X509_1, // Retired certificate for KM 1
PIV_OBJ_RETIRED_X509_2, // Retired certificate for KM 2
PIV_OBJ_RETIRED_X509_3, // Retired certificate for KM 3
PIV_OBJ_RETIRED_X509_4, // Retired certificate for KM 4
PIV_OBJ_RETIRED_X509_5, // Retired certificate for KM 5
PIV_OBJ_RETIRED_X509_6, // Retired certificate for KM 6
PIV_OBJ_RETIRED_X509_7, // Retired certificate for KM 7
PIV_OBJ_RETIRED_X509_8, // Retired certificate for KM 8
PIV_OBJ_RETIRED_X509_9, // Retired certificate for KM 9
PIV_OBJ_RETIRED_X509_10, // Retired certificate for KM 10
PIV_OBJ_RETIRED_X509_11, // Retired certificate for KM 11
PIV_OBJ_RETIRED_X509_12, // Retired certificate for KM 12
PIV_OBJ_RETIRED_X509_13, // Retired certificate for KM 13
PIV_OBJ_RETIRED_X509_14, // Retired certificate for KM 14
PIV_OBJ_RETIRED_X509_15, // Retired certificate for KM 15
PIV_OBJ_RETIRED_X509_16, // Retired certificate for KM 16
PIV_OBJ_RETIRED_X509_17, // Retired certificate for KM 17
PIV_OBJ_RETIRED_X509_18, // Retired certificate for KM 18
PIV_OBJ_RETIRED_X509_19, // Retired certificate for KM 19
PIV_OBJ_RETIRED_X509_20, // Retired certificate for KM 20
PIV_OBJ_IRIS_IMAGE, // Cardholder iris images
PIV_OBJ_BITGT, // Biometric information templates group template
PIV_OBJ_SM_SIGNER, // Secure messaging signer
PIV_OBJ_PC_REF_DATA, // Pairing code reference data
PIV_OBJ_9B03, // NON-STANDARD TODO: remove?
PIV_OBJ_9A06, // NON-STANDARD
PIV_OBJ_9C06, // NON-STANDARD
PIV_OBJ_9D06, // NON-STANDARD
PIV_OBJ_9E06, // NON-STANDARD
PIV_OBJ_8206, // NON-STANDARD
PIV_OBJ_8306, // NON-STANDARD
PIV_OBJ_8406, // NON-STANDARD
PIV_OBJ_8506, // NON-STANDARD
PIV_OBJ_8606, // NON-STANDARD
PIV_OBJ_8706, // NON-STANDARD
PIV_OBJ_8806, // NON-STANDARD
PIV_OBJ_8906, // NON-STANDARD
PIV_OBJ_8A06, // NON-STANDARD
PIV_OBJ_8B06, // NON-STANDARD
PIV_OBJ_8C06, // NON-STANDARD
PIV_OBJ_8D06, // NON-STANDARD
PIV_OBJ_8E06, // NON-STANDARD
PIV_OBJ_8F06, // NON-STANDARD
PIV_OBJ_9006, // NON-STANDARD
PIV_OBJ_9106, // NON-STANDARD
PIV_OBJ_9206, // NON-STANDARD
PIV_OBJ_9306, // NON-STANDARD
PIV_OBJ_9406, // NON-STANDARD
PIV_OBJ_9506, // NON-STANDARD
PIV_OBJ_LAST_ENUM
PIV_DATA_OBJ_CCC = 0, // Card capability container
PIV_DATA_OBJ_CHUI, // Cardholder unique id
/* PIV_DATA_OBJ_UCHUI is not in new with 800-73-2 */
PIV_DATA_OBJ_X509_PIV_AUTH, // PIV authentication
PIV_DATA_OBJ_CHF, // Cardholder fingerprints
PIV_DATA_OBJ_SEC_OBJ, // Security object
PIV_DATA_OBJ_CHFI, // Cardholder facial images
PIV_DATA_OBJ_X509_CARD_AUTH, // Certificate for card authentication
PIV_DATA_OBJ_X509_DS, // Certificate for digital signature
PIV_DATA_OBJ_X509_KM, // Certificate for key management
PIV_DATA_OBJ_PI, // Cardholder printed information
PIV_DATA_OBJ_DISCOVERY, // Discovery object
PIV_DATA_OBJ_HISTORY, // History object
PIV_DATA_OBJ_RETIRED_X509_1, // Retired certificate for KM 1
PIV_DATA_OBJ_RETIRED_X509_2, // Retired certificate for KM 2
PIV_DATA_OBJ_RETIRED_X509_3, // Retired certificate for KM 3
PIV_DATA_OBJ_RETIRED_X509_4, // Retired certificate for KM 4
PIV_DATA_OBJ_RETIRED_X509_5, // Retired certificate for KM 5
PIV_DATA_OBJ_RETIRED_X509_6, // Retired certificate for KM 6
PIV_DATA_OBJ_RETIRED_X509_7, // Retired certificate for KM 7
PIV_DATA_OBJ_RETIRED_X509_8, // Retired certificate for KM 8
PIV_DATA_OBJ_RETIRED_X509_9, // Retired certificate for KM 9
PIV_DATA_OBJ_RETIRED_X509_10, // Retired certificate for KM 10
PIV_DATA_OBJ_RETIRED_X509_11, // Retired certificate for KM 11
PIV_DATA_OBJ_RETIRED_X509_12, // Retired certificate for KM 12
PIV_DATA_OBJ_RETIRED_X509_13, // Retired certificate for KM 13
PIV_DATA_OBJ_RETIRED_X509_14, // Retired certificate for KM 14
PIV_DATA_OBJ_RETIRED_X509_15, // Retired certificate for KM 15
PIV_DATA_OBJ_RETIRED_X509_16, // Retired certificate for KM 16
PIV_DATA_OBJ_RETIRED_X509_17, // Retired certificate for KM 17
PIV_DATA_OBJ_RETIRED_X509_18, // Retired certificate for KM 18
PIV_DATA_OBJ_RETIRED_X509_19, // Retired certificate for KM 19
PIV_DATA_OBJ_RETIRED_X509_20, // Retired certificate for KM 20
PIV_DATA_OBJ_IRIS_IMAGE, // Cardholder iris images
PIV_DATA_OBJ_BITGT, // Biometric information templates group template
PIV_DATA_OBJ_SM_SIGNER, // Secure messaging signer
PIV_DATA_OBJ_PC_REF_DATA, // Pairing code reference data
/* PIV_DATA_OBJ_9B03, // NON-STANDARD TODO: remove?
PIV_DATA_OBJ_9A06, // NON-STANDARD
PIV_DATA_OBJ_9C06, // NON-STANDARD
PIV_DATA_OBJ_9D06, // NON-STANDARD
PIV_DATA_OBJ_9E06, // NON-STANDARD
PIV_DATA_OBJ_8206, // NON-STANDARD
PIV_DATA_OBJ_8306, // NON-STANDARD
PIV_DATA_OBJ_8406, // NON-STANDARD
PIV_DATA_OBJ_8506, // NON-STANDARD
PIV_DATA_OBJ_8606, // NON-STANDARD
PIV_DATA_OBJ_8706, // NON-STANDARD
PIV_DATA_OBJ_8806, // NON-STANDARD
PIV_DATA_OBJ_8906, // NON-STANDARD
PIV_DATA_OBJ_8A06, // NON-STANDARD
PIV_DATA_OBJ_8B06, // NON-STANDARD
PIV_DATA_OBJ_8C06, // NON-STANDARD
PIV_DATA_OBJ_8D06, // NON-STANDARD
PIV_DATA_OBJ_8E06, // NON-STANDARD
PIV_DATA_OBJ_8F06, // NON-STANDARD
PIV_DATA_OBJ_9006, // NON-STANDARD
PIV_DATA_OBJ_9106, // NON-STANDARD
PIV_DATA_OBJ_9206, // NON-STANDARD
PIV_DATA_OBJ_9306, // NON-STANDARD
PIV_DATA_OBJ_9406, // NON-STANDARD
PIV_DATA_OBJ_9506, // NON-STANDARD*/
PIV_DATA_OBJ_LAST,
PIV_CERT_OBJ_X509_PIV_AUTH, // PIV authentication
PIV_CERT_OBJ_X509_CARD_AUTH, // Certificate for card authentication
PIV_CERT_OBJ_X509_DS, // Certificate for digital signature
PIV_CERT_OBJ_X509_KM, // Certificate for key management
PIV_CERT_OBJ_LAST
// TODO: private keys?
} piv_obj_id_t;
#define PIV_OBJECT_TYPE_CERT 1
/*#define PIV_OBJECT_TYPE_CERT 1 // TODO: redundant now?
#define PIV_OBJECT_TYPE_PUBKEY 2
#define PIV_OBJECT_NOT_PRESENT 4
#define PIV_OBJECT_NOT_PRESENT 4*/
typedef struct {
//const CK_OBJECT_CLASS class;
piv_obj_id_t type;
const char *name; // TODO: or utf8
const char *oid;
CK_BYTE tag_len; // TODO: or ulong?
CK_BYTE tag_value[3];
CK_BYTE containerid[2]; /* will use as relative paths for simulation */ // TODO: needed?
CK_ULONG flags; /* object has some internal object like a cert */
CK_BYTE tag_value[3]; // TODO: needed?
CK_BYTE containerid[2]; /* will use as relative paths for simulation */ // TODO: needed?
} piv_data_obj_t;
typedef struct {
CK_BBOOL todo;
} piv_cert_obj_t;
typedef struct {
piv_obj_id_t type; // TODO: technically redundant
CK_BBOOL token; // TODO: not used yet
CK_BBOOL private;
CK_BBOOL modifiable;
const char *label;
CK_BBOOL copyable;
CK_BBOOL destroyable;
CK_ULONG sub_id;
} piv_obj_t;
#endif
+161 -137
View File
@@ -3,174 +3,196 @@
#include <string.h>
#include <stdlib.h>
//TODO: this is mostly a snippet from OpenSC how to give credit?
//TODO: this is mostly a snippet from OpenSC how to give credit? Less and less so now
/* Must be in order, and one per enumerated PIV_OBJ */
static piv_obj_t objects[] = {
{PIV_OBJ_CCC, "Card Capability Container",
"2.16.840.1.101.3.7.1.219.0", 3, "\x5F\xC1\x07", "\xDB\x00", 0},
{PIV_OBJ_CHUI, "Card Holder Unique Identifier",
"2.16.840.1.101.3.7.2.48.0", 3, "\x5F\xC1\x02", "\x30\x00", 0},
{PIV_OBJ_X509_PIV_AUTH, "X.509 Certificate for PIV Authentication",
"2.16.840.1.101.3.7.2.1.1", 3, "\x5F\xC1\x05", "\x01\x01", PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_CHF, "Card Holder Fingerprints",
"2.16.840.1.101.3.7.2.96.16", 3, "\x5F\xC1\x03", "\x60\x10", 0},
{PIV_OBJ_SEC_OBJ, "Security Object",
"2.16.840.1.101.3.7.2.144.0", 3, "\x5F\xC1\x06", "\x90\x00", 0},
{PIV_OBJ_CHFI, "Cardholder Facial Images",
"2.16.840.1.101.3.7.2.96.48", 3, "\x5F\xC1\x08", "\x60\x30", 0},
{PIV_OBJ_X509_CARD_AUTH, "X.509 Certificate for Card Authentication",
"2.16.840.1.101.3.7.2.5.0", 3, "\x5F\xC1\x01", "\x05\x00", PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_X509_DS, "X.509 Certificate for Digital Signature",
"2.16.840.1.101.3.7.2.1.0", 3, "\x5F\xC1\x0A", "\x01\x00", PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_X509_KM, "X.509 Certificate for Key Management",
"2.16.840.1.101.3.7.2.1.2", 3, "\x5F\xC1\x0B", "\x01\x02", PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_PI, "Printed Information",
"2.16.840.1.101.3.7.2.48.1", 3, "\x5F\xC1\x09", "\x30\x01", 0},
{PIV_OBJ_DISCOVERY, "Discovery Object",
"2.16.840.1.101.3.7.2.96.80", 1, "\x7E", "\x60\x50", 0},
{PIV_OBJ_HISTORY, "Key History Object",
"2.16.840.1.101.3.7.2.96.96", 3, "\x5F\xC1\x0C", "\x60\x60", 0},
{PIV_DATA_OBJ_CCC, 0, 0, 0, "Card Capability Container", 0, 0, 0},
{PIV_DATA_OBJ_CHUI, 0, 0, 0, "Card Holder Unique Identifier", 0, 0, 1},
// PIV_DATA_OBJ_UCHUI
{PIV_DATA_OBJ_X509_PIV_AUTH, 0, 0, 0, "X.509 Certificate for PIV Authentication", 0, 0, 2},
{PIV_DATA_OBJ_CHF, 0, 0, 0, "Card Holder Fingerprints", 0, 0, 3},
{PIV_DATA_OBJ_SEC_OBJ, 0, 0, 0, "Security Object", 0, 0, 4},
{PIV_DATA_OBJ_CHFI, 0, 0, 0, "Cardholder Facial Images", 0, 0, 5},
{PIV_DATA_OBJ_X509_CARD_AUTH, 0, 0, 0, "X.509 Certificate for Card Authentication", 0, 0, 6},
{PIV_DATA_OBJ_X509_DS, 0, 0, 0, "X.509 Certificate for Digital Signature", 0, 0, 7},
{PIV_DATA_OBJ_X509_KM, 0, 0, 0, "X.509 Certificate for Key Management", 0, 0, 8},
{PIV_DATA_OBJ_PI, 0, 0, 0, "Printed Information", 0, 0, 9},
{PIV_DATA_OBJ_DISCOVERY, 0, 0, 0, "Discovery Object", 0, 0, 10},
{PIV_DATA_OBJ_HISTORY, 0, 0, 0, "Key History Object", 0, 0, 11},
{PIV_DATA_OBJ_RETIRED_X509_1, 0, 0, 0, "Retired X.509 Certificate for Key Management 1", 0, 0, 12},
{PIV_DATA_OBJ_RETIRED_X509_2, 0, 0, 0, "Retired X.509 Certificate for Key Management 2", 0, 0, 13},
{PIV_DATA_OBJ_RETIRED_X509_3, 0, 0, 0, "Retired X.509 Certificate for Key Management 3", 0, 0, 14},
{PIV_DATA_OBJ_RETIRED_X509_4, 0, 0, 0, "Retired X.509 Certificate for Key Management 4", 0, 0, 15},
{PIV_DATA_OBJ_RETIRED_X509_5, 0, 0, 0, "Retired X.509 Certificate for Key Management 5", 0, 0, 16},
{PIV_DATA_OBJ_RETIRED_X509_6, 0, 0, 0, "Retired X.509 Certificate for Key Management 6", 0, 0, 17},
{PIV_DATA_OBJ_RETIRED_X509_7, 0, 0, 0, "Retired X.509 Certificate for Key Management 7", 0, 0, 18},
{PIV_DATA_OBJ_RETIRED_X509_8, 0, 0, 0, "Retired X.509 Certificate for Key Management 8", 0, 0, 19},
{PIV_DATA_OBJ_RETIRED_X509_9, 0, 0, 0, "Retired X.509 Certificate for Key Management 9", 0, 0, 20},
{PIV_DATA_OBJ_RETIRED_X509_10, 0, 0, 0, "Retired X.509 Certificate for Key Management 10", 0, 0, 21},
{PIV_DATA_OBJ_RETIRED_X509_11, 0, 0, 0, "Retired X.509 Certificate for Key Management 11", 0, 0, 22},
{PIV_DATA_OBJ_RETIRED_X509_12, 0, 0, 0, "Retired X.509 Certificate for Key Management 12", 0, 0, 23},
{PIV_DATA_OBJ_RETIRED_X509_13, 0, 0, 0, "Retired X.509 Certificate for Key Management 13", 0, 0, 24},
{PIV_DATA_OBJ_RETIRED_X509_14, 0, 0, 0, "Retired X.509 Certificate for Key Management 14", 0, 0, 25},
{PIV_DATA_OBJ_RETIRED_X509_15, 0, 0, 0, "Retired X.509 Certificate for Key Management 15", 0, 0, 26},
{PIV_DATA_OBJ_RETIRED_X509_16, 0, 0, 0, "Retired X.509 Certificate for Key Management 16", 0, 0, 27},
{PIV_DATA_OBJ_RETIRED_X509_17, 0, 0, 0, "Retired X.509 Certificate for Key Management 17", 0, 0, 28},
{PIV_DATA_OBJ_RETIRED_X509_18, 0, 0, 0, "Retired X.509 Certificate for Key Management 18", 0, 0, 29},
{PIV_DATA_OBJ_RETIRED_X509_19, 0, 0, 0, "Retired X.509 Certificate for Key Management 19", 0, 0, 30},
{PIV_DATA_OBJ_RETIRED_X509_20, 0, 0, 0, "Retired X.509 Certificate for Key Management 20", 0, 0, 31},
{PIV_DATA_OBJ_IRIS_IMAGE, 0, 0, 0, "Cardholder Iris Images", 0, 0, 32},
{PIV_DATA_OBJ_BITGT, 0, 0, 0, "Biometric Information Templates Group Template", 0, 0, 33},
{PIV_DATA_OBJ_SM_SIGNER, 0, 0, 0, "Secure Messaging Certificate Signer", 0, 0, 34},
{PIV_DATA_OBJ_PC_REF_DATA, 0, 0, 0, "Pairing Code Reference Data Container", 0, 0, 35},
/* {PIV_DATA_OBJ_9B03, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_9A06, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_9C06, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_9D06, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_9E06, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_8206, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_8306, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_8406, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_8506, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_8606, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_8706, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_8806, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_8906, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_8A06, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_8B06, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_8C06, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_8D06, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_8E06, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_8F06, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_9006, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_9106, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_9206, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_9306, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_9406, 0, 0, 0, "", 0, 0, },
{PIV_DATA_OBJ_9506, 0, 0, 0, "", 0, 0, },*/
{PIV_DATA_OBJ_LAST, 0, 0, 0, "", 0, 0, 36},
{PIV_CERT_OBJ_X509_PIV_AUTH, 0, 0, 0, "X.509 Certificate for PIV Authentication", 0, 0, 0},
{PIV_CERT_OBJ_X509_CARD_AUTH, 0, 0, 0, "X.509 Certificate for Card Authentication", 0, 0, 1},
{PIV_CERT_OBJ_X509_DS, 0, 0, 0, "X.509 Certificate for Digital Signature", 0, 0, 2},
{PIV_CERT_OBJ_X509_KM, 0, 0, 0, "X.509 Certificate for Key Management", 0, 0, 3},
{PIV_CERT_OBJ_LAST, 0, 0, 0, "", 0, 41}
};
static piv_data_obj_t data_objects[] = {
{"2.16.840.1.101.3.7.1.219.0", 3, "\x5F\xC1\x07", "\xDB\x00"},
{"2.16.840.1.101.3.7.2.48.0", 3, "\x5F\xC1\x02", "\x30\x00"},
{"2.16.840.1.101.3.7.2.1.1", 3, "\x5F\xC1\x05", "\x01\x01"},
{"2.16.840.1.101.3.7.2.96.16", 3, "\x5F\xC1\x03", "\x60\x10"},
{"2.16.840.1.101.3.7.2.144.0", 3, "\x5F\xC1\x06", "\x90\x00"},
{"2.16.840.1.101.3.7.2.96.48", 3, "\x5F\xC1\x08", "\x60\x30"},
{"2.16.840.1.101.3.7.2.5.0", 3, "\x5F\xC1\x01", "\x05\x00"},
{"2.16.840.1.101.3.7.2.1.0", 3, "\x5F\xC1\x0A", "\x01\x00"},
{"2.16.840.1.101.3.7.2.1.2", 3, "\x5F\xC1\x0B", "\x01\x02"},
{"2.16.840.1.101.3.7.2.48.1", 3, "\x5F\xC1\x09", "\x30\x01"},
{"2.16.840.1.101.3.7.2.96.80", 1, "\x7E", "\x60\x50"},
{"2.16.840.1.101.3.7.2.96.96", 3, "\x5F\xC1\x0C", "\x60\x60"},
/* 800-73-3, 21 new objects, 20 history certificates */
{PIV_OBJ_RETIRED_X509_1, "Retired X.509 Certificate for Key Management 1",
"2.16.840.1.101.3.7.2.16.1", 3, "\x5F\xC1\x0D", "\x10\x01",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_2, "Retired X.509 Certificate for Key Management 2",
"2.16.840.1.101.3.7.2.16.2", 3, "\x5F\xC1\x0E", "\x10\x02",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_3, "Retired X.509 Certificate for Key Management 3",
"2.16.840.1.101.3.7.2.16.3", 3, "\x5F\xC1\x0F", "\x10\x03",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_4, "Retired X.509 Certificate for Key Management 4",
"2.16.840.1.101.3.7.2.16.4", 3, "\x5F\xC1\x10", "\x10\x04",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_5, "Retired X.509 Certificate for Key Management 5",
"2.16.840.1.101.3.7.2.16.5", 3, "\x5F\xC1\x11", "\x10\x05",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_6, "Retired X.509 Certificate for Key Management 6",
"2.16.840.1.101.3.7.2.16.6", 3, "\x5F\xC1\x12", "\x10\x06",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_7, "Retired X.509 Certificate for Key Management 7",
"2.16.840.1.101.3.7.2.16.7", 3, "\x5F\xC1\x13", "\x10\x07",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_8, "Retired X.509 Certificate for Key Management 8",
"2.16.840.1.101.3.7.2.16.8", 3, "\x5F\xC1\x14", "\x10\x08",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_9, "Retired X.509 Certificate for Key Management 9",
"2.16.840.1.101.3.7.2.16.9", 3, "\x5F\xC1\x15", "\x10\x09",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_10, "Retired X.509 Certificate for Key Management 10",
"2.16.840.1.101.3.7.2.16.10", 3, "\x5F\xC1\x16", "\x10\x0A",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_11, "Retired X.509 Certificate for Key Management 11",
"2.16.840.1.101.3.7.2.16.11", 3, "\x5F\xC1\x17", "\x10\x0B",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_12, "Retired X.509 Certificate for Key Management 12",
"2.16.840.1.101.3.7.2.16.12", 3, "\x5F\xC1\x18", "\x10\x0C",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_13, "Retired X.509 Certificate for Key Management 13",
"2.16.840.1.101.3.7.2.16.13", 3, "\x5F\xC1\x19", "\x10\x0D",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_14, "Retired X.509 Certificate for Key Management 14",
"2.16.840.1.101.3.7.2.16.14", 3, "\x5F\xC1\x1A", "\x10\x0E",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_15, "Retired X.509 Certificate for Key Management 15",
"2.16.840.1.101.3.7.2.16.15", 3, "\x5F\xC1\x1B", "\x10\x0F",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_16, "Retired X.509 Certificate for Key Management 16",
"2.16.840.1.101.3.7.2.16.16", 3, "\x5F\xC1\x1C", "\x10\x10",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_17, "Retired X.509 Certificate for Key Management 17",
"2.16.840.1.101.3.7.2.16.17", 3, "\x5F\xC1\x1D", "\x10\x11",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_18, "Retired X.509 Certificate for Key Management 18",
"2.16.840.1.101.3.7.2.16.18", 3, "\x5F\xC1\x1E", "\x10\x12",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_19, "Retired X.509 Certificate for Key Management 19",
"2.16.840.1.101.3.7.2.16.19", 3, "\x5F\xC1\x1F", "\x10\x13",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_RETIRED_X509_20, "Retired X.509 Certificate for Key Management 20",
"2.16.840.1.101.3.7.2.16.20", 3, "\x5F\xC1\x20", "\x10\x14",
PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT},
{PIV_OBJ_IRIS_IMAGE, "Cardholder Iris Images",
"2.16.840.1.101.3.7.2.16.21", 3, "\x5F\xC1\x21", "\x10\x15", 0},
{PIV_OBJ_BITGT, "Biometric Information Templates Group Template",
"2.16.840.1.101.3.7.2.16.22", 2, "\x7F\x61", "\x10\x16", 0},
{PIV_OBJ_SM_SIGNER, "Secure Messaging Certificate Signer",
"2.16.840.1.101.3.7.2.16.23", 3, "\x5F\xC1\x22", "\x10\x17", 0},
{PIV_OBJ_PC_REF_DATA, "Pairing Code Reference Data Container",
"2.16.840.1.101.3.7.2.16.24", 3, "\x5F\xC1\x23", "\x10\x18", 0},
{"2.16.840.1.101.3.7.2.16.1", 3, "\x5F\xC1\x0D", "\x10\x01"},
{"2.16.840.1.101.3.7.2.16.2", 3, "\x5F\xC1\x0E", "\x10\x02"},
{"2.16.840.1.101.3.7.2.16.3", 3, "\x5F\xC1\x0F", "\x10\x03"},
{"2.16.840.1.101.3.7.2.16.4", 3, "\x5F\xC1\x10", "\x10\x04"},
{"2.16.840.1.101.3.7.2.16.5", 3, "\x5F\xC1\x11", "\x10\x05"},
{"2.16.840.1.101.3.7.2.16.7", 3, "\x5F\xC1\x13", "\x10\x07"},
{"2.16.840.1.101.3.7.2.16.8", 3, "\x5F\xC1\x14", "\x10\x08"},
{"2.16.840.1.101.3.7.2.16.9", 3, "\x5F\xC1\x15", "\x10\x09"},
{"2.16.840.1.101.3.7.2.16.10", 3, "\x5F\xC1\x16", "\x10\x0A"},
{"2.16.840.1.101.3.7.2.16.11", 3, "\x5F\xC1\x17", "\x10\x0B"},
{"2.16.840.1.101.3.7.2.16.12", 3, "\x5F\xC1\x18", "\x10\x0C"},
{"2.16.840.1.101.3.7.2.16.13", 3, "\x5F\xC1\x19", "\x10\x0D"},
{"2.16.840.1.101.3.7.2.16.14", 3, "\x5F\xC1\x1A", "\x10\x0E"},
{"2.16.840.1.101.3.7.2.16.15", 3, "\x5F\xC1\x1B", "\x10\x0F"},
{"2.16.840.1.101.3.7.2.16.16", 3, "\x5F\xC1\x1C", "\x10\x10"},
{"2.16.840.1.101.3.7.2.16.17", 3, "\x5F\xC1\x1D", "\x10\x11"},
{"2.16.840.1.101.3.7.2.16.18", 3, "\x5F\xC1\x1E", "\x10\x12"},
{"2.16.840.1.101.3.7.2.16.19", 3, "\x5F\xC1\x1F", "\x10\x13"},
{"2.16.840.1.101.3.7.2.16.20", 3, "\x5F\xC1\x20", "\x10\x14"},
{"2.16.840.1.101.3.7.2.16.21", 3, "\x5F\xC1\x21", "\x10\x15"},
{"2.16.840.1.101.3.7.2.16.22", 2, "\x7F\x61", "\x10\x16"},
{"2.16.840.1.101.3.7.2.16.23", 3, "\x5F\xC1\x22", "\x10\x17"},
{"2.16.840.1.101.3.7.2.16.24", 3, "\x5F\xC1\x23", "\x10\x18"},
/* following not standard , to be used by piv-tool only for testing */
{PIV_OBJ_9B03, "3DES-ECB ADM",
"2.16.840.1.101.3.7.2.9999.3", 2, "\x9B\x03", "\x9B\x03", 0},
/* {PIV_DATA_OBJ_9B03, "3DES-ECB ADM",
"2.16.840.1.101.3.7.2.9999.3", 2, "\x9B\x03", "\x9B\x03", 0},*/
/* Only used when signing a cert req, usually from engine
* after piv-tool generated the key and saved the pub key
* to a file. Note RSA key can be 1024, 2048 or 3072
* but still use the "9x06" name.
*/
{PIV_OBJ_9A06, "RSA 9A Pub key from last genkey",
/* {PIV_DATA_OBJ_9A06, "RSA 9A Pub key from last genkey",
"2.16.840.1.101.3.7.2.9999.20", 2, "\x9A\x06", "\x9A\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_9C06, "Pub 9C key from last genkey",
{PIV_DATA_OBJ_9C06, "Pub 9C key from last genkey",
"2.16.840.1.101.3.7.2.9999.21", 2, "\x9C\x06", "\x9C\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_9D06, "Pub 9D key from last genkey",
{PIV_DATA_OBJ_9D06, "Pub 9D key from last genkey",
"2.16.840.1.101.3.7.2.9999.22", 2, "\x9D\x06", "\x9D\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_9E06, "Pub 9E key from last genkey",
{PIV_DATA_OBJ_9E06, "Pub 9E key from last genkey",
"2.16.840.1.101.3.7.2.9999.23", 2, "\x9E\x06", "\x9E\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_8206, "Pub 82 key ",
{PIV_DATA_OBJ_8206, "Pub 82 key ",
"2.16.840.1.101.3.7.2.9999.101", 2, "\x82\x06", "\x82\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_8306, "Pub 83 key ",
{PIV_DATA_OBJ_8306, "Pub 83 key ",
"2.16.840.1.101.3.7.2.9999.102", 2, "\x83\x06", "\x83\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_8406, "Pub 84 key ",
{PIV_DATA_OBJ_8406, "Pub 84 key ",
"2.16.840.1.101.3.7.2.9999.103", 2, "\x84\x06", "\x84\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_8506, "Pub 85 key ",
{PIV_DATA_OBJ_8506, "Pub 85 key ",
"2.16.840.1.101.3.7.2.9999.104", 2, "\x85\x06", "\x85\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_8606, "Pub 86 key ",
{PIV_DATA_OBJ_8606, "Pub 86 key ",
"2.16.840.1.101.3.7.2.9999.105", 2, "\x86\x06", "\x86\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_8706, "Pub 87 key ",
{PIV_DATA_OBJ_8706, "Pub 87 key ",
"2.16.840.1.101.3.7.2.9999.106", 2, "\x87\x06", "\x87\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_8806, "Pub 88 key ",
{PIV_DATA_OBJ_8806, "Pub 88 key ",
"2.16.840.1.101.3.7.2.9999.107", 2, "\x88\x06", "\x88\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_8906, "Pub 89 key ",
{PIV_DATA_OBJ_8906, "Pub 89 key ",
"2.16.840.1.101.3.7.2.9999.108", 2, "\x89\x06", "\x89\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_8A06, "Pub 8A key ",
{PIV_DATA_OBJ_8A06, "Pub 8A key ",
"2.16.840.1.101.3.7.2.9999.109", 2, "\x8A\x06", "\x8A\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_8B06, "Pub 8B key ",
{PIV_DATA_OBJ_8B06, "Pub 8B key ",
"2.16.840.1.101.3.7.2.9999.110", 2, "\x8B\x06", "\x8B\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_8C06, "Pub 8C key ",
{PIV_DATA_OBJ_8C06, "Pub 8C key ",
"2.16.840.1.101.3.7.2.9999.111", 2, "\x8C\x06", "\x8C\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_8D06, "Pub 8D key ",
{PIV_DATA_OBJ_8D06, "Pub 8D key ",
"2.16.840.1.101.3.7.2.9999.112", 2, "\x8D\x06", "\x8D\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_8E06, "Pub 8E key ",
{PIV_DATA_OBJ_8E06, "Pub 8E key ",
"2.16.840.1.101.3.7.2.9999.113", 2, "\x8E\x06", "\x8E\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_8F06, "Pub 8F key ",
{PIV_DATA_OBJ_8F06, "Pub 8F key ",
"2.16.840.1.101.3.7.2.9999.114", 2, "\x8F\x06", "\x8F\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_9006, "Pub 90 key ",
{PIV_DATA_OBJ_9006, "Pub 90 key ",
"2.16.840.1.101.3.7.2.9999.115", 2, "\x90\x06", "\x90\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_9106, "Pub 91 key ",
{PIV_DATA_OBJ_9106, "Pub 91 key ",
"2.16.840.1.101.3.7.2.9999.116", 2, "\x91\x06", "\x91\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_9206, "Pub 92 key ",
{PIV_DATA_OBJ_9206, "Pub 92 key ",
"2.16.840.1.101.3.7.2.9999.117", 2, "\x92\x06", "\x92\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_9306, "Pub 93 key ",
{PIV_DATA_OBJ_9306, "Pub 93 key ",
"2.16.840.1.101.3.7.2.9999.118", 2, "\x93\x06", "\x93\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_9406, "Pub 94 key ",
{PIV_DATA_OBJ_9406, "Pub 94 key ",
"2.16.840.1.101.3.7.2.9999.119", 2, "\x94\x06", "\x94\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_9506, "Pub 95 key ",
"2.16.840.1.101.3.7.2.9999.120", 2, "\x95\x06", "\x95\x06", PIV_OBJECT_TYPE_PUBKEY},
{PIV_OBJ_LAST_ENUM, "", "", 0, "", "", 0}
{PIV_DATA_OBJ_9506, "Pub 95 key ",
"2.16.840.1.101.3.7.2.9999.120", 2, "\x95\x06", "\x95\x06", PIV_OBJECT_TYPE_PUBKEY},*/
{"", 0, "", ""}
};
static const CK_ULONG n_objects = sizeof(objects) / sizeof(piv_obj_t);
static piv_cert_obj_t cert_objects[] = {
{0},
{0},
{0},
{0},
{0}
};
//static const CK_ULONG n_objects = sizeof(objects) / sizeof(piv_obj_t);
static void get_object_class(CK_OBJECT_HANDLE obj, CK_OBJECT_CLASS_PTR class) {
if ((objects[obj].flags & PIV_OBJECT_TYPE_PUBKEY))
*class = CKO_PUBLIC_KEY;
else if ((objects[obj].flags & PIV_OBJECT_TYPE_CERT))
if (obj >= 0 && obj < PIV_DATA_OBJ_LAST)
*class = CKO_DATA;
else if (obj > PIV_DATA_OBJ_LAST && obj < PIV_CERT_OBJ_LAST)
*class = CKO_CERTIFICATE;
else
*class = CKO_DATA; // TODO: other possibilities?
*class = CKO_VENDOR_DEFINED | CKO_DATA; // Invalid value
}
/*static void get_object_label(CK_OBJECT_HANDLE obj, CK_UTF8CHAR_PTR label) {
@@ -180,7 +202,7 @@ static void get_object_class(CK_OBJECT_HANDLE obj, CK_OBJECT_CLASS_PTR class) {
// Next two functions based off the code at
// https://github.com/m9aertner/oidConverter/blob/master/oid.c
// TODO: how to give credit?
// TODO: how to give credit? OR JUST STORE THE OID ALREADY ENCODED?
static void make_base128(unsigned long l, int first, CK_BYTE_PTR buf, CK_ULONG_PTR n) {
if (l > 127)
make_base128(l / 128, 0, buf, n);
@@ -286,20 +308,21 @@ CK_RV get_attribute(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
case CKA_LABEL:
fprintf(stderr, "LABEL\n");
len = strlen(objects[obj].name) + 1;
data = objects[obj].name;
len = strlen(objects[obj].label) + 1;
data = objects[obj].label;
break;
case CKA_APPLICATION:
fprintf(stderr, "APPLICATION\n");
len = strlen(objects[obj].name) + 1;
data = objects[obj].name;
len = strlen(objects[obj].label) + 1;
data = objects[obj].label;
break;
// case CKA_VALUE:
// case CKA_VALUE: // TODO: this can be done with -r and -d|-a
case CKA_OBJECT_ID: // TODO: how about just storing the OID in DER ?
// This only makes sense for data objects
fprintf(stderr, "OID\n");
strcpy((char *)tmp, objects[obj].oid);
strcpy((char *)tmp, data_objects[objects[obj].sub_id].oid);
asn1_encode_oid(tmp, tmp, &len);
data = tmp;
break;
@@ -319,9 +342,10 @@ CK_RV get_attribute(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
/* case CKA_SUBJECT: */
case CKA_ID:
fprintf(stderr, "KEY ID\n");
len = 2;
data = objects[obj].containerid;
// This only makes sense for data objects
fprintf(stderr, "ID\n");
len = data_objects[objects[obj].sub_id].tag_len;
data = data_objects[objects[obj].sub_id].tag_value;
break;
/* case CKA_SENSITIVE: */
+2 -2
View File
@@ -29,7 +29,7 @@ vendor_t get_vendor(vendor_id_t vid) {
v.get_token_mechanisms_num = YUBICO_get_token_mechanisms_num;
v.get_token_mechanism_list = YUBICO_get_token_mechanism_list;
v.get_token_mechanism_info = YUBICO_get_token_mechanism_info;
v.get_token_objects_num = YUBICO_get_token_objects_num;
// v.get_token_objects_num = YUBICO_get_token_objects_num;
v.get_token_object_list = YUBICO_get_token_object_list;
break;
@@ -48,7 +48,7 @@ vendor_t get_vendor(vendor_id_t vid) {
v.get_token_mechanisms_num = NULL;
v.get_token_mechanism_list = NULL;
v.get_token_mechanism_info = NULL;
v.get_token_objects_num = NULL;
// v.get_token_objects_num = NULL;
v.get_token_object_list = NULL;
}
+4 -3
View File
@@ -3,6 +3,7 @@
#include "pkcs11.h"
#include "objects.h"
#include <ykpiv.h>
typedef enum {
UNKNOWN = 0x00,
@@ -22,8 +23,8 @@ typedef CK_RV (*get_t_serial_f)(CK_CHAR_PTR, CK_ULONG);
typedef CK_RV (*get_t_mechanisms_num_f)(CK_ULONG_PTR);
typedef CK_RV (*get_t_mechanism_list_f)(CK_MECHANISM_TYPE_PTR, CK_ULONG);
typedef CK_RV (*get_t_mechanism_info_f)(CK_MECHANISM_TYPE, CK_MECHANISM_INFO_PTR);
typedef CK_RV (*get_t_objects_num_f)(CK_ULONG_PTR);
typedef CK_RV (*get_t_object_list_f)(piv_obj_id_t *, CK_ULONG);
//typedef CK_RV (*get_t_objects_num_f)(CK_ULONG_PTR);
typedef CK_RV (*get_t_object_list_f)(ykpiv_state *, piv_obj_id_t *, CK_ULONG_PTR);
typedef struct {
@@ -40,7 +41,7 @@ typedef struct {
get_t_mechanisms_num_f get_token_mechanisms_num;
get_t_mechanism_list_f get_token_mechanism_list;
get_t_mechanism_info_f get_token_mechanism_info;
get_t_objects_num_f get_token_objects_num;
// get_t_objects_num_f get_token_objects_num;
get_t_object_list_f get_token_object_list;
} vendor_t;
+82 -40
View File
@@ -7,7 +7,7 @@
#define D(x) do { \
printf ("debug: %s:%d (%s): ", __FILE__, __LINE__, __FUNCTION__); \
printf x; \
printf x;; \
printf ("\n"); \
} while (0)
@@ -40,7 +40,7 @@
static ykpiv_state *piv_state = NULL;
static ykcs11_slot_t slots[YKCS11_MAX_SLOTS];
static ykcs11_slot_t slots[YKCS11_MAX_SLOTS]; // TODO: build at runtime?
static CK_ULONG n_slots = 0;
static CK_ULONG n_slots_with_token = 0;
@@ -51,21 +51,11 @@ static struct {
CK_BBOOL active;
CK_ULONG num;
CK_ULONG idx;
CK_BBOOL all;
CK_OBJECT_CLASS class;
piv_obj_id_t *objects;
} find_obj;
static piv_obj_id_t piv_objects[] = { // Mandatory PIV objects
PIV_OBJ_CCC, // Card capability container
PIV_OBJ_CHUI, // Cardholder unique id
PIV_OBJ_X509_PIV_AUTH, // PIV authentication
PIV_OBJ_CHF, // Cardholder fingerprints
PIV_OBJ_CHFI, // Cardholder facial images
PIV_OBJ_X509_DS, // Certificate for digital signature
PIV_OBJ_X509_KM, // Certificate for key management
PIV_OBJ_X509_CARD_AUTH, // Certificate for card authentication
PIV_OBJ_SEC_OBJ // Security object
};
static piv_obj_id_t token_objects[PIV_CERT_OBJ_LAST]; // TODO: tide this up, also build at runtime (during open session)?
static CK_ULONG n_token_objects = 0;
extern CK_FUNCTION_LIST function_list; // TODO: check all return values
@@ -200,7 +190,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(
for (j = 0, i = 0; i < n_slots; i++) {
if (tokenPresent) {
if (has_token(slots + i))
if (has_token(slots + i)) // TODO: use more to check if TOKEN_REMOVED
pSlotList[j++] = i;
}
else
@@ -229,8 +219,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetSlotInfo)(
memcpy(pInfo, &slots[slotID].info, sizeof(CK_SLOT_INFO));
//DBG(("slotID %lu, pInfo %s", slotID, pInfo->slotDescription));
DOUT;
return CKR_OK;
}
@@ -465,18 +453,34 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(
{
DIN;
vendor_t vendor;
if (piv_state == NULL)
return CKR_CRYPTOKI_NOT_INITIALIZED;
if (slotID >= n_slots || phSession == NULL)
return CKR_ARGUMENTS_BAD;
if (slots[slotID].vid == UNKNOWN) {
DBG(("No support for token in slot %lu", slotID));
return CKR_TOKEN_NOT_RECOGNIZED;
}
if (!has_token(slots + slotID)) {
DBG(("Slot %lu has no token inserted", slotID));
return CKR_TOKEN_NOT_PRESENT;
}
if ((flags & CKF_SERIAL_SESSION) == 0) {
vendor = get_vendor(slots[slotID].vid); // TODO: make a token field in slot_t ?
// Store all the objects available in the token
n_token_objects = sizeof(token_objects) / sizeof(piv_obj_id_t);
if (vendor.get_token_object_list(piv_state, token_objects, &n_token_objects) != CKR_OK) {
DBG(("Unable to retrieve token objects"));
return CKR_FUNCTION_FAILED;
}
if ((flags & CKF_SERIAL_SESSION) == 0) { // TODO: check more error conditions
DBG(("Open session called without CKF_SERIAL_SESSION set"));
return CKR_SESSION_PARALLEL_NOT_SUPPORTED;
}
@@ -755,7 +759,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetAttributeValue)(
DOUT;
return CKR_OK;
}
DBG(("Trying to get object %lx", hObject));
DBG(("Trying to get %lu attributes for object %lx", ulCount, hObject));
DBG(("Type: 0x%lx Value: %lu Len: %lu", pTemplate[0].type, *((CK_ULONG_PTR)pTemplate[0].pValue), pTemplate[0].ulValueLen));
// TODO: here for i in ulCount
return get_attribute(hObject, pTemplate);
@@ -808,14 +812,14 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)(
if (ulCount == 0) {
DBG(("Find ALL the objects!"));
find_obj.active = CK_TRUE;
vendor.get_token_objects_num(&find_obj.num);
find_obj.num = n_token_objects;
find_obj.idx = 0;
find_obj.all = CK_TRUE;
find_obj.objects = token_objects;
DOUT;
return CKR_OK;
}
return CKR_FUNCTION_FAILED;
DBG(("Initialized search for %lu objects", ulCount));
// return CKR_FUNCTION_FAILED;
DBG(("Initialized search with %lu parameters", ulCount));
if (pTemplate == NULL_PTR)
return CKR_ARGUMENTS_BAD;
@@ -823,10 +827,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)(
find_obj.active = CK_TRUE;
for (i = 0; i < ulCount; i++) {
DBG(("Object %lu\nType: %lu Value: %lu Len: %lu", i, pTemplate[i].type, *((CK_ULONG_PTR)pTemplate[i].pValue), pTemplate[i].ulValueLen));
// if ()
DBG(("Parameter %lu\nType: %lu Value: %lu Len: %lu", i, pTemplate[i].type, *((CK_ULONG_PTR)pTemplate[i].pValue), pTemplate[i].ulValueLen));
}
@@ -861,19 +862,22 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjects)(
return CKR_OPERATION_NOT_INITIALIZED;
DBG(("Can return %lu object(s)", ulMaxObjectCount));
if (find_obj.all == CK_TRUE) {
// Trying to get all the objects, just return the next one
if (find_obj.idx == find_obj.num) {
*pulObjectCount = 0;
DOUT;
return CKR_OK;
}
*phObject = piv_objects[find_obj.idx++];
*pulObjectCount = 1;
// Return the next object
if (find_obj.idx == find_obj.num) {
*pulObjectCount = 0;
DOUT;
return CKR_OK;
}
*phObject = find_obj.objects[find_obj.idx++];
*pulObjectCount = 1;
return CKR_OK;
// NEVER REACHED
DBG(("GETTING SOMETHING ELSE"));
*phObject = PIV_DATA_OBJ_X509_DS;
*pulObjectCount = 2;
DOUT;
return CKR_OK;
}
@@ -1073,11 +1077,35 @@ CK_DEFINE_FUNCTION(CK_RV, C_SignInit)(
)
{
DIN;
DBG(("TODO!!!"));
if (piv_state == NULL)
return CKR_CRYPTOKI_NOT_INITIALIZED;
if (session != YKCS11_SESSION_ID)
return CKR_SESSION_CLOSED;
if (hSession != session)
return CKR_SESSION_HANDLE_INVALID;
if (pMechanism == NULL_PTR ||
hKey == NULL_PTR)
return CKR_ARGUMENTS_BAD;
DBG(("Trying to sign some data with mechanism %lu and key %lu", pMechanism->mechanism, hKey));
DOUT;
return CKR_OK;
}
/* TOTOD: DELETE */
CK_BYTE sig_buf[1024];
CK_ULONG sig_len = 1024;
void dump_hex(const unsigned char *buf, unsigned int len, FILE *output, CK_BBOOL space) {
unsigned int i;
for (i = 0; i < len; i++) {
fprintf(output, "%02x%s", buf[i], space == CK_TRUE ? " " : "");
}
fprintf(output, "\n");
}
/* TODO: DELETE END*/
CK_DEFINE_FUNCTION(CK_RV, C_Sign)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
@@ -1087,7 +1115,21 @@ CK_DEFINE_FUNCTION(CK_RV, C_Sign)(
)
{
DIN;
DBG(("TODO!!!"));
// TODO: check conditions
char test_buf[] = "\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20\xa7\x47\x16\x1b\x15\x5f\xd0\x05\xbc\xbe\x84\x4a\x28\xa9\x6c\x74\xfe\xf6\x6a\x42\x84\xa0\x4e\x05\x7a\x0c\x88\xe2\xc8\x83\xc0\x00";
CK_ULONG sig_len_in = sizeof(test_buf) - 1;
CK_ULONG sig_len_out = 1024;
ykpiv_rc r;
DBG(("Sending %lu bytes to sign", /*ulDataLen*/sig_len_in));
dump_hex(test_buf, sig_len_in, stderr, CK_TRUE);
if ((r = ykpiv_sign_data(piv_state, /*pData*/test_buf, /*ulDataLen*/sig_len_in, sig_buf, &sig_len_out, YKPIV_ALGO_RSA2048, YKPIV_KEY_AUTHENTICATION)) != YKPIV_OK) {
DBG(("Sign error %s", ykpiv_strerror(r)));
return CKR_FUNCTION_FAILED;
}
DBG(("Got %lu bytes back", sig_len_out));
dump_hex(sig_buf, sig_len_out, stderr, CK_TRUE);
memcpy(pSignature, sig_buf, sig_len_out);
*pulSignatureLen = sig_len_out;
DOUT;
return CKR_OK;
}
+90 -42
View File
@@ -68,42 +68,42 @@ static const CK_MECHANISM_INFO token_mechanism_infos[] = { // KEEP ALIGNED WITH
};
static const piv_obj_id_t token_objects[] = { // TODO: is there a way to get this from the token?
PIV_OBJ_CCC, // Card capability container
PIV_OBJ_CHUI, // Cardholder unique id
PIV_OBJ_X509_PIV_AUTH, // PIV authentication
PIV_OBJ_CHF, // Cardholder fingerprints
PIV_OBJ_SEC_OBJ, // Security object
PIV_OBJ_CHFI, // Cardholder facial images
PIV_OBJ_X509_CARD_AUTH, // Certificate for card authentication
PIV_OBJ_X509_DS, // Certificate for digital signature
PIV_OBJ_X509_KM, // Certificate for key management
//PIV_OBJ_PI, // Cardholder printed information
//PIV_OBJ_DISCOVERY, // Discovery object
//PIV_OBJ_HISTORY, // History object
/* PIV_OBJ_RETIRED_X509_1, // Retired certificate for KM 1
PIV_OBJ_RETIRED_X509_2, // Retired certificate for KM 2
PIV_OBJ_RETIRED_X509_3, // Retired certificate for KM 3
PIV_OBJ_RETIRED_X509_4, // Retired certificate for KM 4
PIV_OBJ_RETIRED_X509_5, // Retired certificate for KM 5
PIV_OBJ_RETIRED_X509_6, // Retired certificate for KM 6
PIV_OBJ_RETIRED_X509_7, // Retired certificate for KM 7
PIV_OBJ_RETIRED_X509_8, // Retired certificate for KM 8
PIV_OBJ_RETIRED_X509_9, // Retired certificate for KM 9
PIV_OBJ_RETIRED_X509_10, // Retired certificate for KM 10
PIV_OBJ_RETIRED_X509_11, // Retired certificate for KM 11
PIV_OBJ_RETIRED_X509_12, // Retired certificate for KM 12
PIV_OBJ_RETIRED_X509_13, // Retired certificate for KM 13
PIV_OBJ_RETIRED_X509_14, // Retired certificate for KM 14
PIV_OBJ_RETIRED_X509_15, // Retired certificate for KM 15
PIV_OBJ_RETIRED_X509_16, // Retired certificate for KM 16
PIV_OBJ_RETIRED_X509_17, // Retired certificate for KM 17
PIV_OBJ_RETIRED_X509_18, // Retired certificate for KM 18
PIV_OBJ_RETIRED_X509_19, // Retired certificate for KM 19
PIV_OBJ_RETIRED_X509_20, // Retired certificate for KM 20*/
//PIV_OBJ_IRIS_IMAGE, // Cardholder iris images
//PIV_OBJ_BITGT, // Biometric information templates group template
//PIV_OBJ_SM_SIGNER, // Secure messaging signer
//PIV_OBJ_PC_REF_DATA, // Pairing code reference data
PIV_DATA_OBJ_CCC, // Card capability container
PIV_DATA_OBJ_CHUI, // Cardholder unique id
PIV_DATA_OBJ_X509_PIV_AUTH, // PIV authentication
PIV_DATA_OBJ_CHF, // Cardholder fingerprints
PIV_DATA_OBJ_SEC_OBJ, // Security object
PIV_DATA_OBJ_CHFI, // Cardholder facial images
PIV_DATA_OBJ_X509_CARD_AUTH, // Certificate for card authentication
PIV_DATA_OBJ_X509_DS, // Certificate for digital signature
PIV_DATA_OBJ_X509_KM, // Certificate for key management
//PIV_DATA_OBJ_PI, // Cardholder printed information
//PIV_DATA_OBJ_DISCOVERY, // Discovery object
//PIV_DATA_OBJ_HISTORY, // History object
/* PIV_DATA_OBJ_RETIRED_X509_1, // Retired certificate for KM 1
PIV_DATA_OBJ_RETIRED_X509_2, // Retired certificate for KM 2
PIV_DATA_OBJ_RETIRED_X509_3, // Retired certificate for KM 3
PIV_DATA_OBJ_RETIRED_X509_4, // Retired certificate for KM 4
PIV_DATA_OBJ_RETIRED_X509_5, // Retired certificate for KM 5
PIV_DATA_OBJ_RETIRED_X509_6, // Retired certificate for KM 6
PIV_DATA_OBJ_RETIRED_X509_7, // Retired certificate for KM 7
PIV_DATA_OBJ_RETIRED_X509_8, // Retired certificate for KM 8
PIV_DATA_OBJ_RETIRED_X509_9, // Retired certificate for KM 9
PIV_DATA_OBJ_RETIRED_X509_10, // Retired certificate for KM 10
PIV_DATA_OBJ_RETIRED_X509_11, // Retired certificate for KM 11
PIV_DATA_OBJ_RETIRED_X509_12, // Retired certificate for KM 12
PIV_DATA_OBJ_RETIRED_X509_13, // Retired certificate for KM 13
PIV_DATA_OBJ_RETIRED_X509_14, // Retired certificate for KM 14
PIV_DATA_OBJ_RETIRED_X509_15, // Retired certificate for KM 15
PIV_DATA_OBJ_RETIRED_X509_16, // Retired certificate for KM 16
PIV_DATA_OBJ_RETIRED_X509_17, // Retired certificate for KM 17
PIV_DATA_OBJ_RETIRED_X509_18, // Retired certificate for KM 18
PIV_DATA_OBJ_RETIRED_X509_19, // Retired certificate for KM 19
PIV_DATA_OBJ_RETIRED_X509_20, // Retired certificate for KM 20*/
//PIV_DATA_OBJ_IRIS_IMAGE, // Cardholder iris images
//PIV_DATA_OBJ_BITGT, // Biometric information templates group template
//PIV_DATA_OBJ_SM_SIGNER, // Secure messaging signer
//PIV_DATA_OBJ_PC_REF_DATA, // Pairing code reference data
};
static const CK_ULONG token_objects_num = sizeof(token_objects) / sizeof(piv_obj_id_t);
@@ -252,13 +252,61 @@ CK_RV YUBICO_get_token_mechanism_info(CK_MECHANISM_TYPE mec, CK_MECHANISM_INFO_P
}
CK_RV YUBICO_get_token_objects_num(CK_ULONG_PTR num) {
/*CK_RV YUBICO_get_token_objects_num(CK_ULONG_PTR num) {
*num = token_objects_num;
//fprintf("TIENI %lu\n", token_objects_num);
return CKR_OK;
}*/
#include <stdio.h>
CK_RV YUBICO_get_token_object_list(ykpiv_state *state, piv_obj_id_t *obj, CK_ULONG_PTR len) {
CK_BYTE buf[2048];
CK_ULONG buf_len;
piv_obj_id_t certs[4];
CK_ULONG n_cert = 0;
if (state == NULL || obj == NULL || len == NULL_PTR)
return CKR_ARGUMENTS_BAD;
buf_len = sizeof(buf);
if (ykpiv_fetch_object(state, YKPIV_OBJ_AUTHENTICATION, buf, &buf_len) == YKPIV_OK) {
n_cert++;
certs[0] = PIV_CERT_OBJ_X509_PIV_AUTH;
fprintf(stderr, "Found AUTH cert (9a)\n");
}
buf_len = sizeof(buf);
if (ykpiv_fetch_object(state, YKPIV_OBJ_SIGNATURE, buf, &buf_len) == YKPIV_OK) {
n_cert++;
certs[1] = PIV_CERT_OBJ_X509_DS;
fprintf(stderr, "Found SIGNATURE cert (9c)\n");
}
buf_len = sizeof(buf);
if (ykpiv_fetch_object(state, YKPIV_OBJ_KEY_MANAGEMENT, buf, &buf_len) == YKPIV_OK) {
n_cert++;
certs[2] = PIV_CERT_OBJ_X509_KM;
fprintf(stderr, "Found KMK cert (9d)\n");
}
buf_len = sizeof(buf);
if (ykpiv_fetch_object(state, YKPIV_OBJ_CARD_AUTH, buf, &buf_len) == YKPIV_OK) {
n_cert++;
certs[3] = PIV_CERT_OBJ_X509_CARD_AUTH;
fprintf(stderr, "Found CARD AUTH cert\n");
}
if (n_cert + token_objects_num > *len)
return CKR_BUFFER_TOO_SMALL;
// Copy mandatory data objects
memcpy(obj, token_objects, token_objects_num * sizeof(piv_obj_id_t));
// Copy certificates
memcpy(obj + token_objects_num, certs, n_cert * sizeof(piv_obj_id_t));
*len = token_objects_num + n_cert;
fprintf(stderr, "The total number of objects for this token is %lu\n", *len);
return CKR_OK;
}
CK_RV YUBICO_get_token_object_list(piv_obj_id_t *obj, CK_ULONG len) {
}
+3 -2
View File
@@ -3,6 +3,7 @@
#include "pkcs11.h"
#include "obj_types.h"
#include <ykpiv.h>
CK_RV YUBICO_get_slot_description(CK_UTF8CHAR_PTR str, CK_ULONG len);
CK_RV YUBICO_get_slot_manufacturer(CK_UTF8CHAR_PTR str, CK_ULONG len);
@@ -17,7 +18,7 @@ CK_RV YUBICO_get_token_version(CK_UTF8CHAR_PTR v_str, CK_ULONG v_str_len, CK_VER
CK_RV YUBICO_get_token_mechanisms_num(CK_ULONG_PTR num);
CK_RV YUBICO_get_token_mechanism_list(CK_MECHANISM_TYPE_PTR mec, CK_ULONG num);
CK_RV YUBICO_get_token_mechanism_info(CK_MECHANISM_TYPE mec, CK_MECHANISM_INFO_PTR info);
CK_RV YUBICO_get_token_objects_num(CK_ULONG_PTR num);
CK_RV YUBICO_get_token_object_list(piv_obj_id_t * obj, CK_ULONG num);
//CK_RV YUBICO_get_token_objects_num(CK_ULONG_PTR num);
CK_RV YUBICO_get_token_object_list(ykpiv_state *state, piv_obj_id_t * obj, CK_ULONG_PTR num);
#endif