Yet another refactor of objects.
This commit is contained in:
@@ -37,6 +37,7 @@ libykcs11_la_SOURCES = ykcs11.c version.c ykcs11.pc.in ykcs11.map
|
||||
libykcs11_la_SOURCES += vendors.c vendor.h vendor_ids.h
|
||||
libykcs11_la_SOURCES += slot_vendors.c slot_vendor.h
|
||||
libykcs11_la_SOURCES += token_vendors.c token_vendor.h
|
||||
libykcs11_la_SOURCES += mechanisms.c mechanisms.h
|
||||
libykcs11_la_SOURCES += yubico_slot.c yubico_slot.h yubico_token.c yubico_token.h
|
||||
libykcs11_la_SOURCES += utils.h utils.c
|
||||
libykcs11_la_SOURCES += obj_types.h objects.h objects.c
|
||||
|
||||
+55
-9
@@ -1,7 +1,7 @@
|
||||
#include "mechanisms.h"
|
||||
|
||||
// Supported mechanisms for signature
|
||||
static const CK_MECHANISM_TYPE sign[] = {
|
||||
static const CK_MECHANISM_TYPE sign_mechanisms[] = {
|
||||
CKM_RSA_PKCS,
|
||||
CKM_RSA_PKCS_PSS,
|
||||
CKM_RSA_X_509,
|
||||
@@ -17,14 +17,16 @@ static const CK_MECHANISM_TYPE sign[] = {
|
||||
CKM_ECDSA_SHA1
|
||||
};
|
||||
|
||||
CK_RV check_sign_mechanism(const ykcs11_session_t *s, const CK_MECHANISM_PTR m, const CK_OBJECT_HANDLE k) {
|
||||
CK_RV check_sign_mechanism(const ykcs11_session_t *s, const CK_MECHANISM_PTR m) {
|
||||
|
||||
CK_ULONG i;
|
||||
CK_BBOOL supported = CK_FALSE;
|
||||
CK_ULONG i;
|
||||
CK_BBOOL supported = CK_FALSE;
|
||||
token_vendor_t token;
|
||||
CK_MECHANISM_INFO info;
|
||||
|
||||
/* Check if mechanism is supported by the module */
|
||||
for (i = 0; i < sizeof(sign) / sizeof(CK_MECHANISM_TYPE); i++) {
|
||||
if (m->mechanism == sign[i]) {
|
||||
// Check if the mechanism is supported by the module
|
||||
for (i = 0; i < sizeof(sign_mechanisms) / sizeof(CK_MECHANISM_TYPE); i++) {
|
||||
if (m->mechanism == sign_mechanisms[i]) {
|
||||
supported = CK_TRUE;
|
||||
break;
|
||||
}
|
||||
@@ -32,9 +34,53 @@ CK_RV check_sign_mechanism(const ykcs11_session_t *s, const CK_MECHANISM_PTR m,
|
||||
if (supported == CK_FALSE)
|
||||
return CKR_MECHANISM_INVALID;
|
||||
|
||||
/* Check if mechanism is supported by the token */
|
||||
// Check if the mechanism is supported by the token
|
||||
token = get_token_vendor(s->slot->token->vid);
|
||||
|
||||
if (token.get_token_mechanism_info(m->mechanism, &info) != CKR_OK)
|
||||
return CKR_MECHANISM_INVALID;
|
||||
|
||||
CK_OK;
|
||||
// TODO: also check that parametes make sens if any?
|
||||
|
||||
CKR_OK;
|
||||
|
||||
}
|
||||
|
||||
CK_BBOOL is_RSA_mechanism(CK_MECHANISM_TYPE m) {
|
||||
|
||||
switch (m) {
|
||||
case CKM_RSA_PKCS_KEY_PAIR_GEN:
|
||||
case CKM_RSA_PKCS:
|
||||
case CKM_RSA_9796:
|
||||
case CKM_RSA_X_509:
|
||||
case CKM_MD2_RSA_PKCS:
|
||||
case CKM_MD5_RSA_PKCS:
|
||||
case CKM_SHA1_RSA_PKCS:
|
||||
// case CKM_SHA224_RSA_PKCS:
|
||||
case CKM_SHA256_RSA_PKCS:
|
||||
case CKM_SHA384_RSA_PKCS:
|
||||
case CKM_SHA512_RSA_PKCS:
|
||||
// case CKM_RIPEMD128_RSA_PKCS:
|
||||
// case CKM_RIPEMD160_RSA_PKCS:
|
||||
// case CKM_RSA_PKCS_OAEP:
|
||||
// case CKM_RSA_X9_31_KEY_PAIR_GEN:
|
||||
// case CKM_RSA_X9_31:
|
||||
// case CKM_SHA1_RSA_X9_31:
|
||||
case CKM_RSA_PKCS_PSS:
|
||||
case CKM_SHA1_RSA_PKCS_PSS:
|
||||
// case CKM_SHA224_RSA_PKCS_PSS:
|
||||
case CKM_SHA256_RSA_PKCS_PSS:
|
||||
case CKM_SHA512_RSA_PKCS_PSS:
|
||||
case CKM_SHA384_RSA_PKCS_PSS:
|
||||
// case CKM_RSA_PKCS_TPM_1_1:
|
||||
// case CKM_RSA_PKCS_OAEP_TPM_1_1:
|
||||
// case CKM_RSA_AES_KEY_WRAP:
|
||||
return CK_TRUE;
|
||||
|
||||
default:
|
||||
return CK_FALSE;
|
||||
}
|
||||
|
||||
// Not reached
|
||||
return CK_FALSE;
|
||||
}
|
||||
|
||||
+3
-3
@@ -1,10 +1,10 @@
|
||||
#ifndef MECHANISMS_H
|
||||
#define MECHANISMS_H
|
||||
|
||||
#include "pkcs11t.h"
|
||||
#include "ykcs11.h"
|
||||
|
||||
|
||||
CK_RV check_sign_mechanism(const CK_MECHANISM_PTR m, const CK_OBJECT_HANDLE k);
|
||||
|
||||
CK_RV check_sign_mechanism(const ykcs11_session_t *s, CK_MECHANISM_PTR m);
|
||||
CK_BBOOL is_RSA_mechanism(CK_MECHANISM_TYPE m);
|
||||
|
||||
#endif
|
||||
|
||||
+99
-82
@@ -5,88 +5,96 @@
|
||||
|
||||
// TODO: this is mostly from OpenSC, how to give credit?
|
||||
typedef enum {
|
||||
PIV_DATA_OBJ_CCC = 0, // Card capability container
|
||||
PIV_DATA_OBJ_CHUI, // Cardholder unique id
|
||||
/* PIV_DATA_OBJ_UCHUI is not in new with 800-73-2 */
|
||||
PIV_DATA_OBJ_X509_PIV_AUTH, // PIV authentication
|
||||
PIV_DATA_OBJ_CHF, // Cardholder fingerprints
|
||||
PIV_DATA_OBJ_SEC_OBJ, // Security object
|
||||
PIV_DATA_OBJ_CHFI, // Cardholder facial images
|
||||
PIV_DATA_OBJ_X509_CARD_AUTH, // Certificate for card authentication
|
||||
PIV_DATA_OBJ_X509_DS, // Certificate for digital signature
|
||||
PIV_DATA_OBJ_X509_KM, // Certificate for key management
|
||||
PIV_DATA_OBJ_PI, // Cardholder printed information
|
||||
PIV_DATA_OBJ_DISCOVERY, // Discovery object
|
||||
PIV_DATA_OBJ_HISTORY, // History object
|
||||
PIV_DATA_OBJ_RETIRED_X509_1, // Retired certificate for KM 1
|
||||
PIV_DATA_OBJ_RETIRED_X509_2, // Retired certificate for KM 2
|
||||
PIV_DATA_OBJ_RETIRED_X509_3, // Retired certificate for KM 3
|
||||
PIV_DATA_OBJ_RETIRED_X509_4, // Retired certificate for KM 4
|
||||
PIV_DATA_OBJ_RETIRED_X509_5, // Retired certificate for KM 5
|
||||
PIV_DATA_OBJ_RETIRED_X509_6, // Retired certificate for KM 6
|
||||
PIV_DATA_OBJ_RETIRED_X509_7, // Retired certificate for KM 7
|
||||
PIV_DATA_OBJ_RETIRED_X509_8, // Retired certificate for KM 8
|
||||
PIV_DATA_OBJ_RETIRED_X509_9, // Retired certificate for KM 9
|
||||
PIV_DATA_OBJ_RETIRED_X509_10, // Retired certificate for KM 10
|
||||
PIV_DATA_OBJ_RETIRED_X509_11, // Retired certificate for KM 11
|
||||
PIV_DATA_OBJ_RETIRED_X509_12, // Retired certificate for KM 12
|
||||
PIV_DATA_OBJ_RETIRED_X509_13, // Retired certificate for KM 13
|
||||
PIV_DATA_OBJ_RETIRED_X509_14, // Retired certificate for KM 14
|
||||
PIV_DATA_OBJ_RETIRED_X509_15, // Retired certificate for KM 15
|
||||
PIV_DATA_OBJ_RETIRED_X509_16, // Retired certificate for KM 16
|
||||
PIV_DATA_OBJ_RETIRED_X509_17, // Retired certificate for KM 17
|
||||
PIV_DATA_OBJ_RETIRED_X509_18, // Retired certificate for KM 18
|
||||
PIV_DATA_OBJ_RETIRED_X509_19, // Retired certificate for KM 19
|
||||
PIV_DATA_OBJ_RETIRED_X509_20, // Retired certificate for KM 20
|
||||
PIV_DATA_OBJ_IRIS_IMAGE, // Cardholder iris images
|
||||
PIV_DATA_OBJ_BITGT, // Biometric information templates group template
|
||||
PIV_DATA_OBJ_SM_SIGNER, // Secure messaging signer
|
||||
PIV_DATA_OBJ_PC_REF_DATA, // Pairing code reference data
|
||||
PIV_DATA_OBJ_X509_PIV_AUTH = 0, // PIV authentication
|
||||
PIV_DATA_OBJ_X509_CARD_AUTH, // Certificate for card authentication
|
||||
PIV_DATA_OBJ_X509_DS, // Certificate for digital signature
|
||||
PIV_DATA_OBJ_X509_KM, // Certificate for key management
|
||||
PIV_DATA_OBJ_CCC, // Card capability container
|
||||
PIV_DATA_OBJ_CHUI, // Cardholder unique id
|
||||
PIV_DATA_OBJ_CHF, // Cardholder fingerprints
|
||||
PIV_DATA_OBJ_SEC_OBJ, // Security object
|
||||
PIV_DATA_OBJ_CHFI, // Cardholder facial images
|
||||
PIV_DATA_OBJ_PI, // Cardholder printed information
|
||||
PIV_DATA_OBJ_DISCOVERY, // Discovery object
|
||||
PIV_DATA_OBJ_HISTORY, // History object
|
||||
PIV_DATA_OBJ_RETIRED_X509_1, // Retired certificate for KM 1
|
||||
PIV_DATA_OBJ_RETIRED_X509_2, // Retired certificate for KM 2
|
||||
PIV_DATA_OBJ_RETIRED_X509_3, // Retired certificate for KM 3
|
||||
PIV_DATA_OBJ_RETIRED_X509_4, // Retired certificate for KM 4
|
||||
PIV_DATA_OBJ_RETIRED_X509_5, // Retired certificate for KM 5
|
||||
PIV_DATA_OBJ_RETIRED_X509_6, // Retired certificate for KM 6
|
||||
PIV_DATA_OBJ_RETIRED_X509_7, // Retired certificate for KM 7
|
||||
PIV_DATA_OBJ_RETIRED_X509_8, // Retired certificate for KM 8
|
||||
PIV_DATA_OBJ_RETIRED_X509_9, // Retired certificate for KM 9
|
||||
PIV_DATA_OBJ_RETIRED_X509_10, // Retired certificate for KM 10
|
||||
PIV_DATA_OBJ_RETIRED_X509_11, // Retired certificate for KM 11
|
||||
PIV_DATA_OBJ_RETIRED_X509_12, // Retired certificate for KM 12
|
||||
PIV_DATA_OBJ_RETIRED_X509_13, // Retired certificate for KM 13
|
||||
PIV_DATA_OBJ_RETIRED_X509_14, // Retired certificate for KM 14
|
||||
PIV_DATA_OBJ_RETIRED_X509_15, // Retired certificate for KM 15
|
||||
PIV_DATA_OBJ_RETIRED_X509_16, // Retired certificate for KM 16
|
||||
PIV_DATA_OBJ_RETIRED_X509_17, // Retired certificate for KM 17
|
||||
PIV_DATA_OBJ_RETIRED_X509_18, // Retired certificate for KM 18
|
||||
PIV_DATA_OBJ_RETIRED_X509_19, // Retired certificate for KM 19
|
||||
PIV_DATA_OBJ_RETIRED_X509_20, // Retired certificate for KM 20
|
||||
PIV_DATA_OBJ_IRIS_IMAGE, // Cardholder iris images
|
||||
PIV_DATA_OBJ_BITGT, // Biometric information templates group template
|
||||
PIV_DATA_OBJ_SM_SIGNER, // Secure messaging signer
|
||||
PIV_DATA_OBJ_PC_REF_DATA, // Pairing code reference data
|
||||
/* PIV_DATA_OBJ_9B03, // NON-STANDARD TODO: remove?
|
||||
PIV_DATA_OBJ_9A06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9C06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9D06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9E06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8206, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8306, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8406, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8506, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8606, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8706, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8806, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8906, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8A06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8B06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8C06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8D06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8E06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8F06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9006, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9106, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9206, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9306, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9406, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9506, // NON-STANDARD*/
|
||||
PIV_DATA_OBJ_9A06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9C06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9D06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9E06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8206, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8306, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8406, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8506, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8606, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8706, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8806, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8906, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8A06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8B06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8C06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8D06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8E06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_8F06, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9006, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9106, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9206, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9306, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9406, // NON-STANDARD
|
||||
PIV_DATA_OBJ_9506, // NON-STANDARD*/
|
||||
PIV_DATA_OBJ_LAST,
|
||||
|
||||
PIV_CERT_OBJ_X509_PIV_AUTH, // PIV authentication
|
||||
PIV_CERT_OBJ_X509_CARD_AUTH, // Certificate for card authentication
|
||||
PIV_CERT_OBJ_X509_DS, // Certificate for digital signature
|
||||
PIV_CERT_OBJ_X509_KM, // Certificate for key management
|
||||
PIV_CERT_OBJ_LAST
|
||||
// TODO: private keys?
|
||||
PIV_CERT_OBJ_X509_PIV_AUTH, // PIV authentication
|
||||
PIV_CERT_OBJ_X509_CARD_AUTH, // Certificate for card authentication
|
||||
PIV_CERT_OBJ_X509_DS, // Certificate for digital signature
|
||||
PIV_CERT_OBJ_X509_KM, // Certificate for key management
|
||||
PIV_CERT_OBJ_LAST,
|
||||
|
||||
PIV_PVTK_OBJ_PIV_AUTH, // Private key for PIV authentication
|
||||
PIV_PVTK_OBJ_CARD_AUTH, // Private Key for card authentication
|
||||
PIV_PVTK_OBJ_DS, // Private Key for digital signature
|
||||
PIV_PVTK_OBJ_KM, // Private Key for key management
|
||||
PIV_PVTK_OBJ_LAST,
|
||||
|
||||
PIV_PUBK_OBJ_PIV_AUTH, // Public key for PIV authentication
|
||||
PIV_PUBK_OBJ_CARD_AUTH, // Public Key for card authentication
|
||||
PIV_PUBK_OBJ_DS, // Public Key for digital signature
|
||||
PIV_PUBK_OBJ_KM, // Public Key for key management
|
||||
PIV_PUBK_OBJ_LAST
|
||||
|
||||
} piv_obj_id_t;
|
||||
|
||||
|
||||
/*#define PIV_OBJECT_TYPE_CERT 1 // TODO: redundant now?
|
||||
#define PIV_OBJECT_TYPE_PUBKEY 2
|
||||
#define PIV_OBJECT_NOT_PRESENT 4*/
|
||||
typedef CK_RV (*get_attr_f)(CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR);
|
||||
|
||||
typedef struct {
|
||||
const char *oid;
|
||||
CK_BYTE tag_len; // TODO: or ulong?
|
||||
CK_BYTE tag_value[3]; // TODO: needed?
|
||||
CK_BYTE containerid[2]; /* will use as relative paths for simulation */ // TODO: needed?
|
||||
CK_BYTE tag_len;
|
||||
CK_BYTE tag_value[3]; // TODO: needed?
|
||||
CK_BYTE containerid[2]; /* will use as relative paths for simulation */ // TODO: needed?
|
||||
} piv_data_obj_t;
|
||||
|
||||
typedef struct {
|
||||
@@ -94,14 +102,23 @@ typedef struct {
|
||||
} piv_cert_obj_t;
|
||||
|
||||
typedef struct {
|
||||
piv_obj_id_t type; // TODO: technically redundant
|
||||
CK_BBOOL token; // TODO: not used yet
|
||||
CK_BBOOL private;
|
||||
CK_BBOOL modifiable;
|
||||
const char *label;
|
||||
CK_BBOOL copyable;
|
||||
CK_BBOOL destroyable;
|
||||
CK_ULONG sub_id;
|
||||
CK_BBOOL todo;
|
||||
} piv_pvtk_obj_t;
|
||||
|
||||
typedef struct {
|
||||
CK_BBOOL todo;
|
||||
} piv_pubk_obj_t;
|
||||
|
||||
typedef struct {
|
||||
piv_obj_id_t piv_id; // TODO: technically redundant
|
||||
CK_BBOOL token; // TODO: not used yet
|
||||
CK_BBOOL private;
|
||||
CK_BBOOL modifiable;
|
||||
char *label;
|
||||
CK_BBOOL copyable; // TODO: Optional, not used so far (default TRUE)
|
||||
CK_BBOOL destroyable; // TODO: Optional, not used so far (default TRUE)
|
||||
get_attr_f get_attribute;
|
||||
CK_ULONG sub_id; // Sub-object id
|
||||
} piv_obj_t;
|
||||
|
||||
#endif
|
||||
|
||||
+620
-176
@@ -1,91 +1,84 @@
|
||||
#include "obj_types.h"
|
||||
#include "objects.h"
|
||||
#include <ykpiv.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template); // TODO: static?
|
||||
CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template);
|
||||
CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template);
|
||||
CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template);
|
||||
|
||||
//TODO: this is mostly a snippet from OpenSC how to give credit? Less and less so now
|
||||
/* Must be in order, and one per enumerated PIV_OBJ */
|
||||
static piv_obj_t objects[] = {
|
||||
{PIV_DATA_OBJ_CCC, 0, 0, 0, "Card Capability Container", 0, 0, 0},
|
||||
{PIV_DATA_OBJ_CHUI, 0, 0, 0, "Card Holder Unique Identifier", 0, 0, 1},
|
||||
// PIV_DATA_OBJ_UCHUI
|
||||
{PIV_DATA_OBJ_X509_PIV_AUTH, 0, 0, 0, "X.509 Certificate for PIV Authentication", 0, 0, 2},
|
||||
{PIV_DATA_OBJ_CHF, 0, 0, 0, "Card Holder Fingerprints", 0, 0, 3},
|
||||
{PIV_DATA_OBJ_SEC_OBJ, 0, 0, 0, "Security Object", 0, 0, 4},
|
||||
{PIV_DATA_OBJ_CHFI, 0, 0, 0, "Cardholder Facial Images", 0, 0, 5},
|
||||
{PIV_DATA_OBJ_X509_CARD_AUTH, 0, 0, 0, "X.509 Certificate for Card Authentication", 0, 0, 6},
|
||||
{PIV_DATA_OBJ_X509_DS, 0, 0, 0, "X.509 Certificate for Digital Signature", 0, 0, 7},
|
||||
{PIV_DATA_OBJ_X509_KM, 0, 0, 0, "X.509 Certificate for Key Management", 0, 0, 8},
|
||||
{PIV_DATA_OBJ_PI, 0, 0, 0, "Printed Information", 0, 0, 9},
|
||||
{PIV_DATA_OBJ_DISCOVERY, 0, 0, 0, "Discovery Object", 0, 0, 10},
|
||||
{PIV_DATA_OBJ_HISTORY, 0, 0, 0, "Key History Object", 0, 0, 11},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_1, 0, 0, 0, "Retired X.509 Certificate for Key Management 1", 0, 0, 12},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_2, 0, 0, 0, "Retired X.509 Certificate for Key Management 2", 0, 0, 13},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_3, 0, 0, 0, "Retired X.509 Certificate for Key Management 3", 0, 0, 14},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_4, 0, 0, 0, "Retired X.509 Certificate for Key Management 4", 0, 0, 15},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_5, 0, 0, 0, "Retired X.509 Certificate for Key Management 5", 0, 0, 16},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_6, 0, 0, 0, "Retired X.509 Certificate for Key Management 6", 0, 0, 17},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_7, 0, 0, 0, "Retired X.509 Certificate for Key Management 7", 0, 0, 18},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_8, 0, 0, 0, "Retired X.509 Certificate for Key Management 8", 0, 0, 19},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_9, 0, 0, 0, "Retired X.509 Certificate for Key Management 9", 0, 0, 20},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_10, 0, 0, 0, "Retired X.509 Certificate for Key Management 10", 0, 0, 21},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_11, 0, 0, 0, "Retired X.509 Certificate for Key Management 11", 0, 0, 22},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_12, 0, 0, 0, "Retired X.509 Certificate for Key Management 12", 0, 0, 23},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_13, 0, 0, 0, "Retired X.509 Certificate for Key Management 13", 0, 0, 24},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_14, 0, 0, 0, "Retired X.509 Certificate for Key Management 14", 0, 0, 25},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_15, 0, 0, 0, "Retired X.509 Certificate for Key Management 15", 0, 0, 26},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_16, 0, 0, 0, "Retired X.509 Certificate for Key Management 16", 0, 0, 27},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_17, 0, 0, 0, "Retired X.509 Certificate for Key Management 17", 0, 0, 28},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_18, 0, 0, 0, "Retired X.509 Certificate for Key Management 18", 0, 0, 29},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_19, 0, 0, 0, "Retired X.509 Certificate for Key Management 19", 0, 0, 30},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_20, 0, 0, 0, "Retired X.509 Certificate for Key Management 20", 0, 0, 31},
|
||||
{PIV_DATA_OBJ_IRIS_IMAGE, 0, 0, 0, "Cardholder Iris Images", 0, 0, 32},
|
||||
{PIV_DATA_OBJ_BITGT, 0, 0, 0, "Biometric Information Templates Group Template", 0, 0, 33},
|
||||
{PIV_DATA_OBJ_SM_SIGNER, 0, 0, 0, "Secure Messaging Certificate Signer", 0, 0, 34},
|
||||
{PIV_DATA_OBJ_PC_REF_DATA, 0, 0, 0, "Pairing Code Reference Data Container", 0, 0, 35},
|
||||
/* {PIV_DATA_OBJ_9B03, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_9A06, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_9C06, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_9D06, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_9E06, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_8206, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_8306, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_8406, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_8506, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_8606, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_8706, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_8806, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_8906, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_8A06, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_8B06, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_8C06, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_8D06, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_8E06, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_8F06, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_9006, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_9106, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_9206, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_9306, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_9406, 0, 0, 0, "", 0, 0, },
|
||||
{PIV_DATA_OBJ_9506, 0, 0, 0, "", 0, 0, },*/
|
||||
{PIV_DATA_OBJ_LAST, 0, 0, 0, "", 0, 0, 36},
|
||||
{PIV_CERT_OBJ_X509_PIV_AUTH, 0, 0, 0, "X.509 Certificate for PIV Authentication", 0, 0, 0},
|
||||
{PIV_CERT_OBJ_X509_CARD_AUTH, 0, 0, 0, "X.509 Certificate for Card Authentication", 0, 0, 1},
|
||||
{PIV_CERT_OBJ_X509_DS, 0, 0, 0, "X.509 Certificate for Digital Signature", 0, 0, 2},
|
||||
{PIV_CERT_OBJ_X509_KM, 0, 0, 0, "X.509 Certificate for Key Management", 0, 0, 3},
|
||||
{PIV_CERT_OBJ_LAST, 0, 0, 0, "", 0, 41}
|
||||
static piv_obj_t piv_objects[] = {
|
||||
{PIV_DATA_OBJ_X509_PIV_AUTH, 1, 0, 0, "X.509 Certificate for PIV Authentication", 0, 0, get_doa, 0},
|
||||
{PIV_DATA_OBJ_X509_CARD_AUTH, 1, 0, 0, "X.509 Certificate for Card Authentication", 0, 0, get_doa, 1},
|
||||
{PIV_DATA_OBJ_X509_DS, 1, 0, 0, "X.509 Certificate for Digital Signature", 0, 0, get_doa, 2},
|
||||
{PIV_DATA_OBJ_X509_KM, 1, 0, 0, "X.509 Certificate for Key Management", 0, 0, get_doa, 3},
|
||||
{PIV_DATA_OBJ_CCC, 1, 0, 0, "Card Capability Container", 0, 0, get_doa, 4},
|
||||
{PIV_DATA_OBJ_CHUI, 1, 0, 0, "Card Holder Unique Identifier", 0, 0, get_doa, 5},
|
||||
{PIV_DATA_OBJ_CHF, 1, 1, 0, "Card Holder Fingerprints", 0, 0, get_doa, 6},
|
||||
{PIV_DATA_OBJ_SEC_OBJ, 1, 0, 0, "Security Object", 0, 0, get_doa, 7},
|
||||
{PIV_DATA_OBJ_CHFI, 1, 1, 0, "Cardholder Facial Images", 0, 0, get_doa, 8},
|
||||
{PIV_DATA_OBJ_PI, 1, 1, 0, "Printed Information", 0, 0, get_doa, 9},
|
||||
{PIV_DATA_OBJ_DISCOVERY, 1, 0, 0, "Discovery Object", 0, 0, get_doa, 10},
|
||||
{PIV_DATA_OBJ_HISTORY, 1, 0, 0, "Key History Object", 0, 0, get_doa, 11},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_1, 1, 0, 0, "Retired X.509 Certificate for Key Management 1", 0, 0, get_doa, 12},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_2, 1, 0, 0, "Retired X.509 Certificate for Key Management 2", 0, 0, get_doa, 13},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_3, 1, 0, 0, "Retired X.509 Certificate for Key Management 3", 0, 0, get_doa, 14},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_4, 1, 0, 0, "Retired X.509 Certificate for Key Management 4", 0, 0, get_doa, 15},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_5, 1, 0, 0, "Retired X.509 Certificate for Key Management 5", 0, 0, get_doa, 16},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_6, 1, 0, 0, "Retired X.509 Certificate for Key Management 6", 0, 0, get_doa, 17},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_7, 1, 0, 0, "Retired X.509 Certificate for Key Management 7", 0, 0, get_doa, 18},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_8, 1, 0, 0, "Retired X.509 Certificate for Key Management 8", 0, 0, get_doa, 19},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_9, 1, 0, 0, "Retired X.509 Certificate for Key Management 9", 0, 0, get_doa, 20},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_10, 1, 0, 0, "Retired X.509 Certificate for Key Management 10", 0, 0, get_doa, 21},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_11, 1, 0, 0, "Retired X.509 Certificate for Key Management 11", 0, 0, get_doa, 22},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_12, 1, 0, 0, "Retired X.509 Certificate for Key Management 12", 0, 0, get_doa, 23},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_13, 1, 0, 0, "Retired X.509 Certificate for Key Management 13", 0, 0, get_doa, 24},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_14, 1, 0, 0, "Retired X.509 Certificate for Key Management 14", 0, 0, get_doa, 25},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_15, 1, 0, 0, "Retired X.509 Certificate for Key Management 15", 0, 0, get_doa, 26},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_16, 1, 0, 0, "Retired X.509 Certificate for Key Management 16", 0, 0, get_doa, 27},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_17, 1, 0, 0, "Retired X.509 Certificate for Key Management 17", 0, 0, get_doa, 28},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_18, 1, 0, 0, "Retired X.509 Certificate for Key Management 18", 0, 0, get_doa, 29},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_19, 1, 0, 0, "Retired X.509 Certificate for Key Management 19", 0, 0, get_doa, 30},
|
||||
{PIV_DATA_OBJ_RETIRED_X509_20, 1, 0, 0, "Retired X.509 Certificate for Key Management 20", 0, 0, get_doa, 31},
|
||||
{PIV_DATA_OBJ_IRIS_IMAGE, 1, 1, 0, "Cardholder Iris Images", 0, 0, get_doa, 32},
|
||||
{PIV_DATA_OBJ_BITGT, 1, 0, 0, "Biometric Information Templates Group Template", 0, 0, get_doa, 33},
|
||||
{PIV_DATA_OBJ_SM_SIGNER, 1, 0, 0, "Secure Messaging Certificate Signer", 0, 0, get_doa, 34},
|
||||
{PIV_DATA_OBJ_PC_REF_DATA, 1, 1, 0, "Pairing Code Reference Data Container", 0, 0, get_doa, 35},
|
||||
{PIV_DATA_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 36},
|
||||
|
||||
{PIV_CERT_OBJ_X509_PIV_AUTH, 1, 0, 0, "X.509 Certificate for PIV Authentication", 0, 0, get_coa, 0},
|
||||
{PIV_CERT_OBJ_X509_CARD_AUTH, 1, 0, 0, "X.509 Certificate for Card Authentication", 0, 0, get_coa, 1},
|
||||
{PIV_CERT_OBJ_X509_DS, 1, 0, 0, "X.509 Certificate for Digital Signature", 0, 0, get_coa, 2},
|
||||
{PIV_CERT_OBJ_X509_KM, 1, 0, 0, "X.509 Certificate for Key Management", 0, 0, get_coa, 3},
|
||||
{PIV_CERT_OBJ_LAST, 1, 0, 0, "", 0, 0, get_coa, 4},
|
||||
|
||||
{PIV_PVTK_OBJ_PIV_AUTH, 1, 0, 0, "Pivate key for PIV Authentication", 0, 0, get_proa, 0},
|
||||
{PIV_PVTK_OBJ_CARD_AUTH, 1, 0, 0, "Pivate key for Card Authentication", 0, 0, get_proa, 1},
|
||||
{PIV_PVTK_OBJ_DS, 1, 0, 0, "Pivate key for Digital Signature", 0, 0, get_proa, 2},
|
||||
{PIV_PVTK_OBJ_KM, 1, 0, 0, "Private key for Key Management", 0, 0, get_proa, 3},
|
||||
{PIV_PVTK_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 4},
|
||||
|
||||
{PIV_PUBK_OBJ_PIV_AUTH, 1, 0, 0, "Public key for PIV Authentication", 0, 0, get_proa, 0},
|
||||
{PIV_PUBK_OBJ_CARD_AUTH, 1, 0, 0, "Public key for Card Authentication", 0, 0, get_proa, 1},
|
||||
{PIV_PUBK_OBJ_DS, 1, 0, 0, "Public key for Digital Signature", 0, 0, get_proa, 2},
|
||||
{PIV_PUBK_OBJ_KM, 1, 0, 0, "Public key for Key Management", 0, 0, get_proa, 3},
|
||||
{PIV_PUBK_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 4}
|
||||
};
|
||||
|
||||
static piv_data_obj_t data_objects[] = {
|
||||
{"2.16.840.1.101.3.7.1.219.0", 3, "\x5F\xC1\x07", "\xDB\x00"},
|
||||
{"2.16.840.1.101.3.7.2.48.0", 3, "\x5F\xC1\x02", "\x30\x00"},
|
||||
{"2.16.840.1.101.3.7.2.1.1", 3, "\x5F\xC1\x05", "\x01\x01"},
|
||||
{"2.16.840.1.101.3.7.2.96.16", 3, "\x5F\xC1\x03", "\x60\x10"},
|
||||
{"2.16.840.1.101.3.7.2.144.0", 3, "\x5F\xC1\x06", "\x90\x00"},
|
||||
{"2.16.840.1.101.3.7.2.96.48", 3, "\x5F\xC1\x08", "\x60\x30"},
|
||||
{"2.16.840.1.101.3.7.2.5.0", 3, "\x5F\xC1\x01", "\x05\x00"},
|
||||
{"2.16.840.1.101.3.7.2.1.0", 3, "\x5F\xC1\x0A", "\x01\x00"},
|
||||
{"2.16.840.1.101.3.7.2.1.2", 3, "\x5F\xC1\x0B", "\x01\x02"},
|
||||
{"2.16.840.1.101.3.7.1.219.0", 3, "\x5F\xC1\x07", "\xDB\x00"},
|
||||
{"2.16.840.1.101.3.7.2.48.0", 3, "\x5F\xC1\x02", "\x30\x00"},
|
||||
{"2.16.840.1.101.3.7.2.96.16", 3, "\x5F\xC1\x03", "\x60\x10"},
|
||||
{"2.16.840.1.101.3.7.2.144.0", 3, "\x5F\xC1\x06", "\x90\x00"},
|
||||
{"2.16.840.1.101.3.7.2.96.48", 3, "\x5F\xC1\x08", "\x60\x30"},
|
||||
{"2.16.840.1.101.3.7.2.48.1", 3, "\x5F\xC1\x09", "\x30\x01"},
|
||||
{"2.16.840.1.101.3.7.2.96.80", 1, "\x7E", "\x60\x50"},
|
||||
{"2.16.840.1.101.3.7.2.96.96", 3, "\x5F\xC1\x0C", "\x60\x60"},
|
||||
@@ -114,64 +107,6 @@ static piv_data_obj_t data_objects[] = {
|
||||
{"2.16.840.1.101.3.7.2.16.22", 2, "\x7F\x61", "\x10\x16"},
|
||||
{"2.16.840.1.101.3.7.2.16.23", 3, "\x5F\xC1\x22", "\x10\x17"},
|
||||
{"2.16.840.1.101.3.7.2.16.24", 3, "\x5F\xC1\x23", "\x10\x18"},
|
||||
|
||||
/* following not standard , to be used by piv-tool only for testing */
|
||||
/* {PIV_DATA_OBJ_9B03, "3DES-ECB ADM",
|
||||
"2.16.840.1.101.3.7.2.9999.3", 2, "\x9B\x03", "\x9B\x03", 0},*/
|
||||
/* Only used when signing a cert req, usually from engine
|
||||
* after piv-tool generated the key and saved the pub key
|
||||
* to a file. Note RSA key can be 1024, 2048 or 3072
|
||||
* but still use the "9x06" name.
|
||||
*/
|
||||
/* {PIV_DATA_OBJ_9A06, "RSA 9A Pub key from last genkey",
|
||||
"2.16.840.1.101.3.7.2.9999.20", 2, "\x9A\x06", "\x9A\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_9C06, "Pub 9C key from last genkey",
|
||||
"2.16.840.1.101.3.7.2.9999.21", 2, "\x9C\x06", "\x9C\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_9D06, "Pub 9D key from last genkey",
|
||||
"2.16.840.1.101.3.7.2.9999.22", 2, "\x9D\x06", "\x9D\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_9E06, "Pub 9E key from last genkey",
|
||||
"2.16.840.1.101.3.7.2.9999.23", 2, "\x9E\x06", "\x9E\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
|
||||
{PIV_DATA_OBJ_8206, "Pub 82 key ",
|
||||
"2.16.840.1.101.3.7.2.9999.101", 2, "\x82\x06", "\x82\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_8306, "Pub 83 key ",
|
||||
"2.16.840.1.101.3.7.2.9999.102", 2, "\x83\x06", "\x83\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_8406, "Pub 84 key ",
|
||||
"2.16.840.1.101.3.7.2.9999.103", 2, "\x84\x06", "\x84\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_8506, "Pub 85 key ",
|
||||
"2.16.840.1.101.3.7.2.9999.104", 2, "\x85\x06", "\x85\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_8606, "Pub 86 key ",
|
||||
"2.16.840.1.101.3.7.2.9999.105", 2, "\x86\x06", "\x86\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_8706, "Pub 87 key ",
|
||||
"2.16.840.1.101.3.7.2.9999.106", 2, "\x87\x06", "\x87\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_8806, "Pub 88 key ",
|
||||
"2.16.840.1.101.3.7.2.9999.107", 2, "\x88\x06", "\x88\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_8906, "Pub 89 key ",
|
||||
"2.16.840.1.101.3.7.2.9999.108", 2, "\x89\x06", "\x89\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_8A06, "Pub 8A key ",
|
||||
"2.16.840.1.101.3.7.2.9999.109", 2, "\x8A\x06", "\x8A\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_8B06, "Pub 8B key ",
|
||||
"2.16.840.1.101.3.7.2.9999.110", 2, "\x8B\x06", "\x8B\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_8C06, "Pub 8C key ",
|
||||
"2.16.840.1.101.3.7.2.9999.111", 2, "\x8C\x06", "\x8C\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_8D06, "Pub 8D key ",
|
||||
"2.16.840.1.101.3.7.2.9999.112", 2, "\x8D\x06", "\x8D\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_8E06, "Pub 8E key ",
|
||||
"2.16.840.1.101.3.7.2.9999.113", 2, "\x8E\x06", "\x8E\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_8F06, "Pub 8F key ",
|
||||
"2.16.840.1.101.3.7.2.9999.114", 2, "\x8F\x06", "\x8F\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_9006, "Pub 90 key ",
|
||||
"2.16.840.1.101.3.7.2.9999.115", 2, "\x90\x06", "\x90\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_9106, "Pub 91 key ",
|
||||
"2.16.840.1.101.3.7.2.9999.116", 2, "\x91\x06", "\x91\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_9206, "Pub 92 key ",
|
||||
"2.16.840.1.101.3.7.2.9999.117", 2, "\x92\x06", "\x92\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_9306, "Pub 93 key ",
|
||||
"2.16.840.1.101.3.7.2.9999.118", 2, "\x93\x06", "\x93\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_9406, "Pub 94 key ",
|
||||
"2.16.840.1.101.3.7.2.9999.119", 2, "\x94\x06", "\x94\x06", PIV_OBJECT_TYPE_PUBKEY},
|
||||
{PIV_DATA_OBJ_9506, "Pub 95 key ",
|
||||
"2.16.840.1.101.3.7.2.9999.120", 2, "\x95\x06", "\x95\x06", PIV_OBJECT_TYPE_PUBKEY},*/
|
||||
{"", 0, "", ""}
|
||||
};
|
||||
|
||||
@@ -183,17 +118,31 @@ static piv_cert_obj_t cert_objects[] = {
|
||||
{0}
|
||||
};
|
||||
|
||||
static piv_pvtk_obj_t pvtkey_objects[] = {
|
||||
{0},
|
||||
{0},
|
||||
{0},
|
||||
{0},
|
||||
{0}
|
||||
};
|
||||
|
||||
//static const CK_ULONG n_objects = sizeof(objects) / sizeof(piv_obj_t);
|
||||
static piv_pubk_obj_t pubkey_objects[] = {
|
||||
{0},
|
||||
{0},
|
||||
{0},
|
||||
{0},
|
||||
{0}
|
||||
};
|
||||
|
||||
static void get_object_class(CK_OBJECT_HANDLE obj, CK_OBJECT_CLASS_PTR class) {
|
||||
|
||||
/*static void get_object_class(CK_OBJECT_HANDLE obj, CK_OBJECT_CLASS_PTR class) {
|
||||
if (obj >= 0 && obj < PIV_DATA_OBJ_LAST)
|
||||
*class = CKO_DATA;
|
||||
else if (obj > PIV_DATA_OBJ_LAST && obj < PIV_CERT_OBJ_LAST)
|
||||
*class = CKO_CERTIFICATE;
|
||||
else
|
||||
*class = CKO_VENDOR_DEFINED | CKO_DATA; // Invalid value
|
||||
}
|
||||
}*/
|
||||
|
||||
/*static void get_object_label(CK_OBJECT_HANDLE obj, CK_UTF8CHAR_PTR label) {
|
||||
strcpy((char *)label, objects[obj].name);
|
||||
@@ -286,67 +235,79 @@ static void get_object_key_id(CK_OBJECT_HANDLE obj, CK_UTF8CHAR_PTR key_id) {
|
||||
}
|
||||
*/
|
||||
|
||||
CK_RV get_attribute(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
/* Get data object attribute */
|
||||
CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
CK_BYTE_PTR data;
|
||||
CK_BYTE tmp[64];
|
||||
CK_ULONG len = 0;
|
||||
fprintf(stderr, "FOR OBJECT %lu, I WANT ", obj);
|
||||
fprintf(stderr, "FOR DATA OBJECT %lu, I WANT ", obj);
|
||||
|
||||
switch (template->type) {
|
||||
case CKA_CLASS:
|
||||
fprintf(stderr, "CLASS\n");
|
||||
len = 1;
|
||||
get_object_class(obj, (CK_OBJECT_CLASS_PTR)tmp);
|
||||
tmp[0] = CKO_DATA;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_TOKEN:
|
||||
// Technically all these objects are token objects
|
||||
fprintf(stderr, "TOKEN\n");
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].token;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
// case CKA_TOKEN:
|
||||
case CKA_PRIVATE:
|
||||
fprintf(stderr, "PRIVATE\n"); // TODO: check more
|
||||
template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
|
||||
return CKR_OK;
|
||||
fprintf(stderr, "PRIVATE\n");
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].private;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_LABEL:
|
||||
fprintf(stderr, "LABEL\n");
|
||||
len = strlen(objects[obj].label) + 1;
|
||||
data = objects[obj].label;
|
||||
len = strlen(piv_objects[obj].label) + 1;
|
||||
data = piv_objects[obj].label;
|
||||
break;
|
||||
|
||||
case CKA_APPLICATION:
|
||||
fprintf(stderr, "APPLICATION\n");
|
||||
len = strlen(objects[obj].label) + 1;
|
||||
data = objects[obj].label;
|
||||
len = strlen(piv_objects[obj].label) + 1;
|
||||
data = piv_objects[obj].label;
|
||||
break;
|
||||
|
||||
// case CKA_VALUE: // TODO: this can be done with -r and -d|-a
|
||||
case CKA_VALUE: // TODO: this can be done with -r and -d|-a
|
||||
fprintf(stderr, "VALUE TODO!!!\n");
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_OBJECT_ID: // TODO: how about just storing the OID in DER ?
|
||||
// This only makes sense for data objects
|
||||
fprintf(stderr, "OID\n");
|
||||
strcpy((char *)tmp, data_objects[objects[obj].sub_id].oid);
|
||||
strcpy((char *)tmp, data_objects[piv_objects[obj].sub_id].oid);
|
||||
asn1_encode_oid(tmp, tmp, &len);
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_CERTIFICATE_TYPE:
|
||||
fprintf(stderr, "CERTIFICATE TYPE\n");
|
||||
len = 1;
|
||||
tmp[0] = CKC_X_509; // Support only X.509 certs
|
||||
data = tmp;
|
||||
break;
|
||||
/* case CKA_CERTIFICATE_TYPE: */
|
||||
/* fprintf(stderr, "CERTIFICATE TYPE\n"); */
|
||||
/* len = 1; */
|
||||
/* tmp[0] = CKC_X_509; // Support only X.509 certs */
|
||||
/* data = tmp; */
|
||||
/* break; */
|
||||
|
||||
// case CKA_ISSUER:
|
||||
// case CKA_SERIAL_NUMBER:
|
||||
case CKA_KEY_TYPE:
|
||||
fprintf(stderr, "Return the key type TODO!!!\n");
|
||||
return CKR_OK;
|
||||
/* case CKA_KEY_TYPE: */
|
||||
/* fprintf(stderr, "Return the key type TODO!!!\n"); */
|
||||
/* return CKR_OK; */
|
||||
|
||||
/* case CKA_SUBJECT: */
|
||||
case CKA_ID:
|
||||
// This only makes sense for data objects
|
||||
fprintf(stderr, "ID\n");
|
||||
len = data_objects[objects[obj].sub_id].tag_len;
|
||||
data = data_objects[objects[obj].sub_id].tag_value;
|
||||
break;
|
||||
/* case CKA_ID: */
|
||||
/* fprintf(stderr, "ID\n"); */
|
||||
/* len = data_objects[objects[obj].sub_id].tag_len; */
|
||||
/* data = data_objects[objects[obj].sub_id].tag_value; */
|
||||
/* break; */
|
||||
|
||||
/* case CKA_SENSITIVE: */
|
||||
/* case CKA_ENCRYPT: */
|
||||
@@ -381,28 +342,511 @@ CK_RV get_attribute(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
case CKA_MODIFIABLE:
|
||||
fprintf(stderr, "MODIFIABLE\n");
|
||||
len = 1;
|
||||
tmp[0] = CK_FALSE;
|
||||
tmp[0] = piv_objects[obj].modifiable;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_VENDOR_DEFINED:
|
||||
/* case CKA_VENDOR_DEFINED: */
|
||||
default:
|
||||
fprintf(stderr, "UNKNOWN ATTRIBUTE!!!!! %lx\n", template[0].type);
|
||||
template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
|
||||
return CKR_ATTRIBUTE_TYPE_INVALID;
|
||||
}
|
||||
|
||||
if (template->pValue == NULL_PTR) {
|
||||
template->ulValueLen = len; // TODO: define?
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
if (template->ulValueLen < len)
|
||||
return CKR_BUFFER_TOO_SMALL;
|
||||
|
||||
template->ulValueLen = len;
|
||||
memcpy(template->pValue, data, len);
|
||||
|
||||
/* Just get the length */
|
||||
if (template->pValue == NULL_PTR) {
|
||||
template->ulValueLen = len; // TODO: define?
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
/* Actually get the attribute */
|
||||
if (template->ulValueLen < len)
|
||||
return CKR_BUFFER_TOO_SMALL;
|
||||
|
||||
template->ulValueLen = len;
|
||||
memcpy(template->pValue, data, len);
|
||||
|
||||
return CKR_OK;
|
||||
|
||||
}
|
||||
|
||||
/* Get certificate object attribute */
|
||||
CK_RV get_coa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
CK_BYTE_PTR data;
|
||||
CK_BYTE tmp[64];
|
||||
CK_ULONG len = 0;
|
||||
fprintf(stderr, "FOR CERTIFICATE OBJECT %lu, I WANT ", obj);
|
||||
|
||||
switch (template->type) { // TODO: is this needed here? or is it enough ot have one a "level" above?
|
||||
case CKA_CLASS:
|
||||
fprintf(stderr, "CLASS\n");
|
||||
len = 1;
|
||||
tmp[0] = CKO_CERTIFICATE;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_TOKEN:
|
||||
// Technically all these objects are token objects
|
||||
fprintf(stderr, "TOKEN\n");
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].token;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_PRIVATE:
|
||||
fprintf(stderr, "PRIVATE\n");
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].private;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_LABEL:
|
||||
fprintf(stderr, "LABEL\n");
|
||||
len = strlen(piv_objects[obj].label) + 1;
|
||||
data = piv_objects[obj].label;
|
||||
break;
|
||||
|
||||
/* case CKA_APPLICATION: */
|
||||
/* fprintf(stderr, "APPLICATION\n"); */
|
||||
/* len = strlen(objects[obj].label) + 1; */
|
||||
/* data = objects[obj].label; */
|
||||
/* break; */
|
||||
|
||||
case CKA_VALUE:
|
||||
fprintf(stderr, "VALUE TODO\n");
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
/* case CKA_OBJECT_ID: // TODO: how about just storing the OID in DER ? */
|
||||
/* // This only makes sense for data objects */
|
||||
/* fprintf(stderr, "OID\n"); */
|
||||
/* strcpy((char *)tmp, certificate_objects[objects[obj].sub_id].oid); */
|
||||
/* asn1_encode_oid(tmp, tmp, &len); */
|
||||
/* data = tmp; */
|
||||
/* break; */
|
||||
|
||||
case CKA_CERTIFICATE_TYPE:
|
||||
fprintf(stderr, "CERTIFICATE TYPE\n");
|
||||
len = 1;
|
||||
tmp[0] = CKC_X_509; // Support only X.509 certs
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_ISSUER:
|
||||
fprintf(stderr, "ISSUER TODO\n"); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_SERIAL_NUMBER:
|
||||
fprintf(stderr, "SERIAL NUMBER TODO\n"); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
/* case CKA_KEY_TYPE: */
|
||||
/* fprintf(stderr, "Return the key type TODO!!!\n"); */
|
||||
/* return CKR_OK; */
|
||||
|
||||
case CKA_SUBJECT:
|
||||
fprintf(stderr, "SUBJECT TODO\n"); // Required
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_ID:
|
||||
fprintf(stderr, "ID\n");
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].sub_id;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
/* case CKA_SENSITIVE: */
|
||||
/* case CKA_ENCRYPT: */
|
||||
/* case CKA_DECRYPT: */
|
||||
/* case CKA_WRAP: */
|
||||
/* case CKA_UNWRAP: */
|
||||
/* case CKA_SIGN: */
|
||||
/* case CKA_SIGN_RECOVER: */
|
||||
/* case CKA_VERIFY: */
|
||||
/* case CKA_VERIFY_RECOVER: */
|
||||
/* case CKA_DERIVE: */
|
||||
case CKA_START_DATE:
|
||||
fprintf(stderr, "START DATE TODO\n"); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_END_DATE:
|
||||
fprintf(stderr, "END DATE TODO\n"); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
/* case CKA_MODULUS: */
|
||||
/* case CKA_MODULUS_BITS: */
|
||||
/* case CKA_PUBLIC_EXPONENT: */
|
||||
/* case CKA_PRIVATE_EXPONENT: */
|
||||
/* case CKA_PRIME_1: */
|
||||
/* case CKA_PRIME_2: */
|
||||
/* case CKA_EXPONENT_1: */
|
||||
/* case CKA_EXPONENT_2: */
|
||||
/* case CKA_COEFFICIENT: */
|
||||
/* case CKA_PRIME: */
|
||||
/* case CKA_SUBPRIME: */
|
||||
/* case CKA_BASE: */
|
||||
/* case CKA_VALUE_BITS: */
|
||||
/* case CKA_VALUE_LEN: */
|
||||
/* case CKA_EXTRACTABLE: */
|
||||
/* case CKA_LOCAL: */
|
||||
/* case CKA_NEVER_EXTRACTABLE: */
|
||||
/* case CKA_ALWAYS_SENSITIVE: */
|
||||
case CKA_MODIFIABLE:
|
||||
fprintf(stderr, "MODIFIABLE\n");
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].modifiable;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
/* case CKA_VENDOR_DEFINED: */
|
||||
default: // TODO: there are other attributes for a (x509) certificate
|
||||
fprintf(stderr, "UNKNOWN ATTRIBUTE!!!!! %lx\n", template[0].type);
|
||||
template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
|
||||
return CKR_ATTRIBUTE_TYPE_INVALID;
|
||||
}
|
||||
|
||||
/* Just get the length */
|
||||
if (template->pValue == NULL_PTR) {
|
||||
template->ulValueLen = len; // TODO: define?
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
/* Actually get the attribute */
|
||||
if (template->ulValueLen < len)
|
||||
return CKR_BUFFER_TOO_SMALL;
|
||||
|
||||
template->ulValueLen = len;
|
||||
memcpy(template->pValue, data, len);
|
||||
|
||||
return CKR_OK;
|
||||
|
||||
}
|
||||
|
||||
/* Get private key object attribute */
|
||||
CK_RV get_proa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
CK_BYTE_PTR data;
|
||||
CK_BYTE tmp[64];
|
||||
CK_ULONG len = 0;
|
||||
fprintf(stderr, "FOR PRIVATE KEY OBJECT %lu, I WANT ", obj);
|
||||
|
||||
switch (template->type) {
|
||||
case CKA_CLASS:
|
||||
fprintf(stderr, "CLASS\n");
|
||||
len = 1;
|
||||
tmp[0] = CKO_PRIVATE_KEY;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_TOKEN:
|
||||
// Technically all these objects are token objects
|
||||
fprintf(stderr, "TOKEN\n");
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].token;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_PRIVATE:
|
||||
fprintf(stderr, "PRIVATE\n");
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].private;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_LABEL:
|
||||
fprintf(stderr, "LABEL\n");
|
||||
len = strlen(piv_objects[obj].label) + 1;
|
||||
data = piv_objects[obj].label;
|
||||
break;
|
||||
|
||||
/* case CKA_APPLICATION: */
|
||||
/* fprintf(stderr, "APPLICATION\n"); */
|
||||
/* len = strlen(objects[obj].label) + 1; */
|
||||
/* data = objects[obj].label; */
|
||||
/* break; */
|
||||
|
||||
// case CKA_VALUE: // TODO: this can be done with -r and -d|-a
|
||||
/* case CKA_OBJECT_ID: // TODO: how about just storing the OID in DER ? */
|
||||
/* // This only makes sense for data objects */
|
||||
/* fprintf(stderr, "OID\n"); */
|
||||
/* strcpy((char *)tmp, pvtkey_objects[objects[obj].sub_id].oid); */
|
||||
/* asn1_encode_oid(tmp, tmp, &len); */
|
||||
/* data = tmp; */
|
||||
/* break; */
|
||||
|
||||
/* case CKA_CERTIFICATE_TYPE: */
|
||||
/* fprintf(stderr, "CERTIFICATE TYPE\n"); */
|
||||
/* len = 1; */
|
||||
/* tmp[0] = CKC_X_509; // Support only X.509 certs */
|
||||
/* data = tmp; */
|
||||
/* break; */
|
||||
|
||||
// case CKA_ISSUER:
|
||||
// case CKA_SERIAL_NUMBER:
|
||||
case CKA_KEY_TYPE:
|
||||
fprintf(stderr, "KEY TYPE TODO\n");
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_SUBJECT:
|
||||
fprintf(stderr, "SUBJECT TODO\n"); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_ID:
|
||||
fprintf(stderr, "ID\n");
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].sub_id;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_SENSITIVE:
|
||||
fprintf(stderr, "SENSITIVE TODO\n"); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
/* case CKA_ENCRYPT: */
|
||||
case CKA_DECRYPT:
|
||||
fprintf(stderr, "DECRYPT TODO\n"); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
/* case CKA_WRAP: */
|
||||
case CKA_UNWRAP:
|
||||
fprintf(stderr, "UNWRAP TODO\n"); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_SIGN:
|
||||
fprintf(stderr, "SIGN TODO\n"); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_SIGN_RECOVER:
|
||||
fprintf(stderr, "SIGN RECOVER TODO\n"); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
/* case CKA_VERIFY: */
|
||||
/* case CKA_VERIFY_RECOVER: */
|
||||
case CKA_DERIVE:
|
||||
fprintf(stderr, "DERIVE TODO\n"); // Default false
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_START_DATE:
|
||||
fprintf(stderr, "START DATE TODO\n"); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_END_DATE:
|
||||
fprintf(stderr, "END DATE TODO\n"); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
/* case CKA_MODULUS: */
|
||||
/* case CKA_MODULUS_BITS: */
|
||||
/* case CKA_PUBLIC_EXPONENT: */
|
||||
/* case CKA_PRIVATE_EXPONENT: */
|
||||
/* case CKA_PRIME_1: */
|
||||
/* case CKA_PRIME_2: */
|
||||
/* case CKA_EXPONENT_1: */
|
||||
/* case CKA_EXPONENT_2: */
|
||||
/* case CKA_COEFFICIENT: */
|
||||
/* case CKA_PRIME: */
|
||||
/* case CKA_SUBPRIME: */
|
||||
/* case CKA_BASE: */
|
||||
/* case CKA_VALUE_BITS: */
|
||||
/* case CKA_VALUE_LEN: */
|
||||
/* case CKA_EXTRACTABLE: */
|
||||
case CKA_LOCAL:
|
||||
fprintf(stderr, "LOCAL TODO\n"); // Required
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
/* case CKA_NEVER_EXTRACTABLE: */
|
||||
/* case CKA_ALWAYS_SENSITIVE: */
|
||||
case CKA_MODIFIABLE:
|
||||
fprintf(stderr, "MODIFIABLE\n");
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].modifiable;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
/*case CKA_VENDOR_DEFINED:*/
|
||||
default:
|
||||
fprintf(stderr, "UNKNOWN ATTRIBUTE!!!!! %lx\n", template[0].type); // TODO: there are other parameters for public keys, plus there is more if the key is RSA
|
||||
template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
|
||||
return CKR_ATTRIBUTE_TYPE_INVALID;
|
||||
}
|
||||
|
||||
/* Just get the length */
|
||||
if (template->pValue == NULL_PTR) {
|
||||
template->ulValueLen = len; // TODO: define?
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
/* Actually get the attribute */
|
||||
if (template->ulValueLen < len)
|
||||
return CKR_BUFFER_TOO_SMALL;
|
||||
|
||||
template->ulValueLen = len;
|
||||
memcpy(template->pValue, data, len);
|
||||
|
||||
return CKR_OK;
|
||||
|
||||
}
|
||||
|
||||
/* Get public key object attribute */
|
||||
CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
CK_BYTE_PTR data;
|
||||
CK_BYTE tmp[64];
|
||||
CK_ULONG len = 0;
|
||||
fprintf(stderr, "FOR PUBLIC KEY OBJECT %lu, I WANT ", obj);
|
||||
|
||||
switch (template->type) {
|
||||
case CKA_CLASS:
|
||||
fprintf(stderr, "CLASS\n");
|
||||
len = 1;
|
||||
tmp[0] = CKO_PUBLIC_KEY;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_TOKEN:
|
||||
// Technically all these objects are token objects
|
||||
fprintf(stderr, "TOKEN\n");
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].token;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_PRIVATE:
|
||||
fprintf(stderr, "PRIVATE\n");
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].private;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
case CKA_LABEL:
|
||||
fprintf(stderr, "LABEL\n");
|
||||
len = strlen(piv_objects[obj].label) + 1;
|
||||
data = piv_objects[obj].label;
|
||||
break;
|
||||
|
||||
/* case CKA_APPLICATION: */
|
||||
/* fprintf(stderr, "APPLICATION\n"); */
|
||||
/* len = strlen(objects[obj].label) + 1; */
|
||||
/* data = objects[obj].label; */
|
||||
/* break; */
|
||||
|
||||
// case CKA_VALUE: // TODO: this can be done with -r and -d|-a
|
||||
/* case CKA_OBJECT_ID: // TODO: how about just storing the OID in DER ? */
|
||||
/* // This only makes sense for data objects */
|
||||
/* fprintf(stderr, "OID\n"); */
|
||||
/* strcpy((char *)tmp, pubkey_objects[objects[obj].sub_id].oid); */
|
||||
/* asn1_encode_oid(tmp, tmp, &len); */
|
||||
/* data = tmp; */
|
||||
/* break; */
|
||||
|
||||
/* case CKA_CERTIFICATE_TYPE: */
|
||||
/* fprintf(stderr, "CERTIFICATE TYPE\n"); */
|
||||
/* len = 1; */
|
||||
/* tmp[0] = CKC_X_509; // Support only X.509 certs */
|
||||
/* data = tmp; */
|
||||
/* break; */
|
||||
|
||||
// case CKA_ISSUER:
|
||||
// case CKA_SERIAL_NUMBER:
|
||||
case CKA_KEY_TYPE:
|
||||
fprintf(stderr, "KEY TYPE TODO\n");
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_SUBJECT:
|
||||
fprintf(stderr, "SUBJECT TODO\n"); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_ID:
|
||||
fprintf(stderr, "ID\n");
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].sub_id;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
/* case CKA_SENSITIVE: */
|
||||
case CKA_ENCRYPT:
|
||||
fprintf(stderr, "ENCRYPT TODO\n"); // Required
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_DECRYPT:
|
||||
fprintf(stderr, "DECRYPT TODO\n"); // Required
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_WRAP:
|
||||
fprintf(stderr, "WRAP TODO\n"); // Required
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
/* case CKA_UNWRAP: */
|
||||
/* case CKA_SIGN: */
|
||||
/* case CKA_SIGN_RECOVER: */
|
||||
/* case CKA_VERIFY: */
|
||||
/* case CKA_VERIFY_RECOVER: */
|
||||
case CKA_DERIVE:
|
||||
fprintf(stderr, "DERIVE TODO\n"); // Defaul false
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_START_DATE:
|
||||
fprintf(stderr, "START DATE TODO\n"); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
case CKA_END_DATE:
|
||||
fprintf(stderr, "END DATE TODO\n"); // Default empty
|
||||
return CKR_FUNCTION_FAILED;
|
||||
/* case CKA_MODULUS: */
|
||||
/* case CKA_MODULUS_BITS: */
|
||||
/* case CKA_PUBLIC_EXPONENT: */
|
||||
/* case CKA_PRIVATE_EXPONENT: */
|
||||
/* case CKA_PRIME_1: */
|
||||
/* case CKA_PRIME_2: */
|
||||
/* case CKA_EXPONENT_1: */
|
||||
/* case CKA_EXPONENT_2: */
|
||||
/* case CKA_COEFFICIENT: */
|
||||
/* case CKA_PRIME: */
|
||||
/* case CKA_SUBPRIME: */
|
||||
/* case CKA_BASE: */
|
||||
/* case CKA_VALUE_BITS: */
|
||||
/* case CKA_VALUE_LEN: */
|
||||
/* case CKA_EXTRACTABLE: */
|
||||
case CKA_LOCAL:
|
||||
fprintf(stderr, "LOCAL TODO\n"); // Required
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
/* case CKA_NEVER_EXTRACTABLE: */
|
||||
/* case CKA_ALWAYS_SENSITIVE: */
|
||||
case CKA_MODIFIABLE:
|
||||
fprintf(stderr, "MODIFIABLE\n");
|
||||
len = 1;
|
||||
tmp[0] = piv_objects[obj].modifiable;
|
||||
data = tmp;
|
||||
break;
|
||||
|
||||
/* case CKA_VENDOR_DEFINED: */
|
||||
default:
|
||||
fprintf(stderr, "UNKNOWN ATTRIBUTE!!!!! %lx\n", template[0].type); // TODO: there are other parameters for public keys
|
||||
template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
|
||||
return CKR_ATTRIBUTE_TYPE_INVALID;
|
||||
}
|
||||
|
||||
/* Just get the length */
|
||||
if (template->pValue == NULL_PTR) {
|
||||
template->ulValueLen = len; // TODO: define?
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
/* Actually get the attribute */
|
||||
if (template->ulValueLen < len)
|
||||
return CKR_BUFFER_TOO_SMALL;
|
||||
|
||||
template->ulValueLen = len;
|
||||
memcpy(template->pValue, data, len);
|
||||
|
||||
return CKR_OK;
|
||||
|
||||
}
|
||||
|
||||
CK_RV get_attribute(ykcs11_session_t *s, CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) {
|
||||
CK_ULONG i;
|
||||
|
||||
for (i = 0; i < s->slot->token->n_objects; i++)
|
||||
if (s->slot->token->objects[i] == obj) {
|
||||
return piv_objects[obj].get_attribute(obj, template);
|
||||
}
|
||||
|
||||
|
||||
return CKR_OBJECT_HANDLE_INVALID;
|
||||
}
|
||||
|
||||
+2
-4
@@ -1,12 +1,10 @@
|
||||
#ifndef OBJECTS_H
|
||||
#define OBJECTS_H
|
||||
|
||||
#include "pkcs11t.h"
|
||||
#include "obj_types.h"
|
||||
#include "ykcs11.h"
|
||||
|
||||
#include <stdio.h> // TODO: delete
|
||||
|
||||
CK_RV get_attribute(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template);
|
||||
//CK_RV get_object_class(CK_OBJECT_HANDLE obj, CK_OBJECT_CLASS_PTR class);
|
||||
CK_RV get_attribute(ykcs11_session_t *s, CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template);
|
||||
|
||||
#endif
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
|
||||
#include "pkcs11.h"
|
||||
#include "vendor_ids.h"
|
||||
#include "objects.h"
|
||||
#include "obj_types.h"
|
||||
#include <ykpiv.h>
|
||||
|
||||
typedef CK_RV (*get_t_label_f)(CK_UTF8CHAR_PTR, CK_ULONG);
|
||||
|
||||
+1
-1
@@ -90,7 +90,7 @@ failure:
|
||||
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
|
||||
#include <stdio.h> // TODO: Delete
|
||||
CK_RV create_token(CK_BYTE_PTR p, ykcs11_slot_t *slot) {
|
||||
|
||||
token_vendor_t token;
|
||||
|
||||
@@ -8,4 +8,5 @@ CK_RV parse_readers(const CK_BYTE_PTR readers, const CK_ULONG len,
|
||||
ykcs11_slot_t *slots, CK_ULONG_PTR n_slots, CK_ULONG_PTR n_with_token);
|
||||
CK_RV create_token(CK_BYTE_PTR p, ykcs11_slot_t *slot);
|
||||
void destroy_token(ykcs11_slot_t *slot);
|
||||
|
||||
#endif
|
||||
|
||||
+58
-23
@@ -1,11 +1,12 @@
|
||||
#include "ykcs11.h"
|
||||
#include "pkcs11.h"
|
||||
//#include "pkcs11.h"
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <ykpiv.h>
|
||||
#include <string.h>
|
||||
//#include "vendors.h"
|
||||
#include "obj_types.h"
|
||||
#include "utils.h"
|
||||
#include "mechanisms.h"
|
||||
|
||||
#define D(x) do { \
|
||||
printf ("debug: %s:%d (%s): ", __FILE__, __LINE__, __FUNCTION__); \
|
||||
@@ -14,7 +15,7 @@
|
||||
} while (0)
|
||||
|
||||
#define YKCS11_DBG 1 // General debug, must be either 1 or 0
|
||||
#define YKCS11_DINOUT 1 // Function in/out debug, must be either 1 or 0
|
||||
#define YKCS11_DINOUT 0 // Function in/out debug, must be either 1 or 0
|
||||
|
||||
#define YKCS11_MANUFACTURER "Yubico (www.yubico.com)"
|
||||
#define YKCS11_LIBDESC "PKCS#11 PIV Library (SP-800-73)"
|
||||
@@ -218,8 +219,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetSlotInfo)(
|
||||
{
|
||||
DIN;
|
||||
|
||||
if (piv_state == NULL)
|
||||
if (piv_state == NULL) {
|
||||
DBG(("libykpiv is not initialized or already finalized"));
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
if (slotID >= n_slots)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
@@ -240,8 +243,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(
|
||||
token_vendor_t token;
|
||||
CK_BYTE buf[64];
|
||||
|
||||
if (piv_state == NULL)
|
||||
if (piv_state == NULL) {
|
||||
DBG(("libykpiv is not initialized or already finalized"));
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
if (slotID >= n_slots)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
@@ -429,8 +434,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(
|
||||
|
||||
token_vendor_t token;
|
||||
|
||||
if (piv_state == NULL)
|
||||
if (piv_state == NULL) {
|
||||
DBG(("libykpiv is not initialized or already finalized"));
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
if (slotID >= n_slots || phSession == NULL)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
@@ -514,8 +521,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_CloseSession)(
|
||||
{
|
||||
DIN;
|
||||
|
||||
if (piv_state == NULL)
|
||||
if (piv_state == NULL) {
|
||||
DBG(("libykpiv is not initialized or already finalized"));
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
if (session.handle == CK_INVALID_HANDLE) {
|
||||
DBG(("There is no existing session"));
|
||||
@@ -544,8 +553,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_CloseAllSessions)(
|
||||
DIN;
|
||||
CK_RV rv;
|
||||
|
||||
if (piv_state == NULL)
|
||||
if (piv_state == NULL) {
|
||||
DBG(("libykpiv is not initialized or already finalized"));
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
if (session.slot != slots + slotID)
|
||||
return CKR_SLOT_ID_INVALID;
|
||||
@@ -563,8 +574,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetSessionInfo)(
|
||||
{
|
||||
DIN;
|
||||
|
||||
if (piv_state == NULL)
|
||||
if (piv_state == NULL) {
|
||||
DBG(("libykpiv is not initialized or already finalized"));
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
if (pInfo == NULL)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
@@ -614,8 +627,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_Login)(
|
||||
DIN;
|
||||
CK_ULONG tries;
|
||||
|
||||
if (piv_state == NULL)
|
||||
if (piv_state == NULL) {
|
||||
DBG(("libykpiv is not initialized or already finalized"));
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
if (userType != CKU_USER &&
|
||||
userType != CKU_SO &&
|
||||
@@ -736,9 +751,12 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetAttributeValue)(
|
||||
)
|
||||
{
|
||||
DIN;
|
||||
CK_RV rv;
|
||||
|
||||
if (piv_state == NULL)
|
||||
if (piv_state == NULL) {
|
||||
DBG(("libykpiv is not initialized or already finalized"));
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
if (session.handle != YKCS11_SESSION_ID)
|
||||
return CKR_SESSION_CLOSED;
|
||||
@@ -754,14 +772,19 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetAttributeValue)(
|
||||
|
||||
if (pTemplate[0].pValue == NULL_PTR) {
|
||||
DBG(("Just get size"));
|
||||
get_attribute(hObject, pTemplate); // TODO: get attribute size
|
||||
rv = get_attribute(&session, hObject, pTemplate);
|
||||
|
||||
if (rv != CKR_OK) {
|
||||
DBG(("Unable to get size for attribute %lu of object %lu", pTemplate->type, hObject));
|
||||
}
|
||||
DOUT;
|
||||
return CKR_OK;
|
||||
}
|
||||
DBG(("Trying to get %lu attributes for object %lx", ulCount, hObject));
|
||||
DBG(("Trying to get %lu attribute(s) for object %lu", ulCount, hObject));
|
||||
DBG(("Type: 0x%lx Value: %lu Len: %lu", pTemplate[0].type, *((CK_ULONG_PTR)pTemplate[0].pValue), pTemplate[0].ulValueLen));
|
||||
// TODO: here for i in ulCount
|
||||
return get_attribute(hObject, pTemplate);
|
||||
// TODO: here for i in ulCount (get all the attributes)
|
||||
|
||||
return get_attribute(&session, hObject, pTemplate);
|
||||
|
||||
DOUT;
|
||||
return CKR_OK;
|
||||
@@ -788,10 +811,11 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)(
|
||||
{
|
||||
DIN;
|
||||
CK_ULONG i;
|
||||
//token_vendor_t token;
|
||||
|
||||
if (piv_state == NULL)
|
||||
if (piv_state == NULL) {
|
||||
DBG(("libykpiv is not initialized or already finalized"));
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
if (session.handle != YKCS11_SESSION_ID)
|
||||
return CKR_SESSION_CLOSED;
|
||||
@@ -833,8 +857,9 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)(
|
||||
}
|
||||
|
||||
// TODO: do it properly here, jsut a test now
|
||||
//find_obj.objects = session.slot->token->objects + 3;
|
||||
memmove(find_obj.objects, find_obj.objects + 3, sizeof(piv_obj_id_t) * (find_obj.num - 3));
|
||||
find_obj.num = 1;
|
||||
find_obj.objects = session.slot->token->objects + 3;
|
||||
|
||||
DOUT;
|
||||
return CKR_OK;
|
||||
@@ -849,8 +874,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjects)(
|
||||
{
|
||||
DIN;
|
||||
|
||||
if (piv_state == NULL)
|
||||
if (piv_state == NULL) {
|
||||
DBG(("libykpiv is not initialized or already finalized"));
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
if (session.handle != YKCS11_SESSION_ID)
|
||||
return CKR_SESSION_CLOSED;
|
||||
@@ -889,8 +916,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsFinal)(
|
||||
{
|
||||
DIN;
|
||||
|
||||
if (piv_state == NULL)
|
||||
if (piv_state == NULL) {
|
||||
DBG(("libykpiv is not initialized or already finalized"));
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
if (session.handle != YKCS11_SESSION_ID)
|
||||
return CKR_SESSION_CLOSED;
|
||||
@@ -1082,8 +1111,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_SignInit)(
|
||||
{
|
||||
DIN;
|
||||
|
||||
if (piv_state == NULL)
|
||||
if (piv_state == NULL) {
|
||||
DBG(("libykpiv is not initialized or already finalized"));
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
if (session.handle != YKCS11_SESSION_ID)
|
||||
return CKR_SESSION_CLOSED;
|
||||
@@ -1095,10 +1126,14 @@ CK_DEFINE_FUNCTION(CK_RV, C_SignInit)(
|
||||
hKey == NULL_PTR)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
DBG(("Trying to sign some data with mechanism %lu and key %lu more", pMechanism->mechanism, hKey));
|
||||
DBG(("Trying to sign some data with mechanism %lu and key %lu", pMechanism->mechanism, hKey));
|
||||
|
||||
if (check_sign_mechanism(pMechanism, hKey) == CK_FALSE) // TODO: do we need session here?
|
||||
if (check_sign_mechanism(&session, pMechanism) != CKR_OK) {
|
||||
DBG(("Mechanism %lu is not supported either by the token or the slot", pMechanism->mechanism));
|
||||
return CKR_MECHANISM_INVALID;
|
||||
}
|
||||
|
||||
|
||||
|
||||
sign_info.active = CK_TRUE;
|
||||
memcpy(&sign_info.mechanism, pMechanism, sizeof(CK_MECHANISM));
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
#define YKCS11_H
|
||||
|
||||
#include "pkcs11t.h"
|
||||
#include "obj_types.h"
|
||||
#include "vendors.h"
|
||||
|
||||
typedef struct {
|
||||
|
||||
+35
-20
@@ -63,15 +63,15 @@ static const CK_MECHANISM_INFO token_mechanism_infos[] = { // KEEP ALIGNED WITH
|
||||
};
|
||||
|
||||
static const piv_obj_id_t token_objects[] = { // TODO: is there a way to get this from the token?
|
||||
PIV_DATA_OBJ_CCC, // Card capability container
|
||||
PIV_DATA_OBJ_CHUI, // Cardholder unique id
|
||||
PIV_DATA_OBJ_X509_PIV_AUTH, // PIV authentication
|
||||
PIV_DATA_OBJ_CHF, // Cardholder fingerprints
|
||||
PIV_DATA_OBJ_SEC_OBJ, // Security object
|
||||
PIV_DATA_OBJ_CHFI, // Cardholder facial images
|
||||
PIV_DATA_OBJ_X509_CARD_AUTH, // Certificate for card authentication
|
||||
PIV_DATA_OBJ_X509_DS, // Certificate for digital signature
|
||||
PIV_DATA_OBJ_X509_KM, // Certificate for key management
|
||||
PIV_DATA_OBJ_CCC, // Card capability container
|
||||
PIV_DATA_OBJ_CHUI, // Cardholder unique id
|
||||
PIV_DATA_OBJ_CHF, // Cardholder fingerprints
|
||||
PIV_DATA_OBJ_SEC_OBJ, // Security object
|
||||
PIV_DATA_OBJ_CHFI, // Cardholder facial images
|
||||
//PIV_DATA_OBJ_PI, // Cardholder printed information
|
||||
//PIV_DATA_OBJ_DISCOVERY, // Discovery object
|
||||
//PIV_DATA_OBJ_HISTORY, // History object
|
||||
@@ -215,6 +215,8 @@ static CK_RV get_objects(ykpiv_state *state, CK_BBOOL num_only, piv_obj_id_t *ob
|
||||
CK_ULONG buf_len;
|
||||
|
||||
piv_obj_id_t certs[4];
|
||||
piv_obj_id_t pvtkeys[4];
|
||||
piv_obj_id_t pubkeys[4];
|
||||
CK_ULONG n_cert = 0;
|
||||
|
||||
if (state == NULL || len == NULL_PTR)
|
||||
@@ -225,48 +227,61 @@ static CK_RV get_objects(ykpiv_state *state, CK_BBOOL num_only, piv_obj_id_t *ob
|
||||
|
||||
buf_len = sizeof(buf);
|
||||
if (ykpiv_fetch_object(state, YKPIV_OBJ_AUTHENTICATION, buf, &buf_len) == YKPIV_OK) {
|
||||
certs[n_cert] = PIV_CERT_OBJ_X509_PIV_AUTH;
|
||||
pvtkeys[n_cert] = PIV_PVTK_OBJ_PIV_AUTH;
|
||||
pubkeys[n_cert] = PIV_PUBK_OBJ_PIV_AUTH;
|
||||
n_cert++;
|
||||
certs[0] = PIV_CERT_OBJ_X509_PIV_AUTH;
|
||||
fprintf(stderr, "Found AUTH cert (9a)\n");
|
||||
}
|
||||
|
||||
buf_len = sizeof(buf);
|
||||
if (ykpiv_fetch_object(state, YKPIV_OBJ_SIGNATURE, buf, &buf_len) == YKPIV_OK) {
|
||||
if (ykpiv_fetch_object(state, YKPIV_OBJ_CARD_AUTH, buf, &buf_len) == YKPIV_OK) {
|
||||
certs[n_cert] = PIV_CERT_OBJ_X509_CARD_AUTH;
|
||||
pvtkeys[n_cert] = PIV_PVTK_OBJ_CARD_AUTH;
|
||||
pubkeys[n_cert] = PIV_PUBK_OBJ_CARD_AUTH;
|
||||
n_cert++;
|
||||
fprintf(stderr, "Found CARD AUTH cert (9e)\n");
|
||||
}
|
||||
|
||||
buf_len = sizeof(buf);
|
||||
if (ykpiv_fetch_object(state, YKPIV_OBJ_SIGNATURE, buf, &buf_len) == YKPIV_OK) {
|
||||
certs[n_cert] = PIV_CERT_OBJ_X509_DS;
|
||||
pvtkeys[n_cert] = PIV_PVTK_OBJ_DS;
|
||||
pubkeys[n_cert] = PIV_PUBK_OBJ_DS;
|
||||
n_cert++;
|
||||
certs[1] = PIV_CERT_OBJ_X509_DS;
|
||||
fprintf(stderr, "Found SIGNATURE cert (9c)\n");
|
||||
}
|
||||
|
||||
buf_len = sizeof(buf);
|
||||
if (ykpiv_fetch_object(state, YKPIV_OBJ_KEY_MANAGEMENT, buf, &buf_len) == YKPIV_OK) {
|
||||
certs[n_cert] = PIV_CERT_OBJ_X509_KM;
|
||||
pvtkeys[n_cert] = PIV_PVTK_OBJ_KM;
|
||||
pubkeys[n_cert] = PIV_PUBK_OBJ_KM;
|
||||
n_cert++;
|
||||
certs[2] = PIV_CERT_OBJ_X509_KM;
|
||||
fprintf(stderr, "Found KMK cert (9d)\n");
|
||||
}
|
||||
|
||||
buf_len = sizeof(buf);
|
||||
if (ykpiv_fetch_object(state, YKPIV_OBJ_CARD_AUTH, buf, &buf_len) == YKPIV_OK) {
|
||||
n_cert++;
|
||||
certs[3] = PIV_CERT_OBJ_X509_CARD_AUTH;
|
||||
fprintf(stderr, "Found CARD AUTH cert (9e)\n");
|
||||
}
|
||||
|
||||
fprintf(stderr, "The total number of objects for this token is %lu\n", n_cert + token_objects_num);
|
||||
fprintf(stderr, "The total number of objects for this token is %lu\n", (n_cert * 3) + token_objects_num);
|
||||
|
||||
if (num_only == CK_TRUE) {
|
||||
// We just want the number of objects
|
||||
*len = n_cert + token_objects_num;
|
||||
// Each cert object counts for 3: cert, pub key, pvt key
|
||||
*len = (n_cert * 3) + token_objects_num;
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
if (*len < n_cert + token_objects_num)
|
||||
if (*len < (n_cert * 3) + token_objects_num)
|
||||
return CKR_BUFFER_TOO_SMALL;
|
||||
|
||||
// Copy mandatory data objects
|
||||
memcpy(obj, token_objects, token_objects_num * sizeof(piv_obj_id_t));
|
||||
|
||||
// Copy certificates
|
||||
memcpy(obj + token_objects_num, certs, n_cert * sizeof(piv_obj_id_t));
|
||||
if (n_cert > 0) {
|
||||
memcpy(obj + token_objects_num, certs, n_cert * sizeof(piv_obj_id_t));
|
||||
memcpy(obj + token_objects_num + n_cert, pvtkeys, n_cert * sizeof(piv_obj_id_t));
|
||||
memcpy(obj + token_objects_num + (2 * n_cert), pubkeys, n_cert * sizeof(piv_obj_id_t));
|
||||
}
|
||||
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user