diff --git a/lib/ykpiv.h b/lib/ykpiv.h index be1fb5b..0ccbfbb 100644 --- a/lib/ykpiv.h +++ b/lib/ykpiv.h @@ -74,7 +74,7 @@ extern "C" ykpiv_rc ykpiv_hex_decode(const char *hex_in, size_t in_len, unsigned char *hex_out, size_t *out_len); ykpiv_rc ykpiv_sign_data(ykpiv_state *state, const unsigned char *sign_in, - size_t in_len,unsigned char *sign_out, size_t *out_len, + size_t in_len, unsigned char *sign_out, size_t *out_len, unsigned char algorithm, unsigned char key); ykpiv_rc ykpiv_decipher_data(ykpiv_state *state, const unsigned char *enc_in, size_t in_len, unsigned char *enc_out, size_t *out_len, diff --git a/ykcs11/pkcs11t.h b/ykcs11/pkcs11t.h index b9bf233..adc0575 100644 --- a/ykcs11/pkcs11t.h +++ b/ykcs11/pkcs11t.h @@ -245,9 +245,11 @@ typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR; * v2.0 */ typedef CK_ULONG CK_USER_TYPE; /* Security Officer */ -#define CKU_SO 0 +#define CKU_SO 0 /* Normal user */ -#define CKU_USER 1 +#define CKU_USER 1 +/* Context specific */ +#define CKU_CONTEXT_SPECIFIC 2 /* CK_STATE enumerates the session states */ diff --git a/ykcs11/ykcs11.c b/ykcs11/ykcs11.c index bdfc373..010c3e0 100644 --- a/ykcs11/ykcs11.c +++ b/ykcs11/ykcs11.c @@ -42,7 +42,7 @@ static ykcs11_slot_t slots[YKCS11_MAX_SLOTS]; static CK_ULONG n_slots = 0; static CK_ULONG n_tokenless_slots = 0; -extern CK_FUNCTION_LIST function_list; +extern CK_FUNCTION_LIST function_list; // TODO: check all return values /* General Purpose */ @@ -92,7 +92,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Finalize)( } memset(slots, 0, sizeof(slots)); - + ykpiv_done(piv_state); // TODO: this calls disconnect... piv_state == NULL; @@ -235,7 +235,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)( DBG(("Slot %lu has no token inserted", slotID)); return CKR_TOKEN_NOT_PRESENT; } - + vendor = get_vendor(vid); // TODO: make a token field in slot_t ? memset(pInfo->label, ' ', sizeof(pInfo->label)); @@ -464,7 +464,31 @@ CK_DEFINE_FUNCTION(CK_RV, C_Login)( ) { DIN; - DBG(("TODO!!!")); + CK_ULONG tries; + + if (piv_state == NULL) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (userType != CKU_USER && + userType != CKU_SO && + userType != CKU_CONTEXT_SPECIFIC) + return CKR_ARGUMENTS_BAD; + + if (ulPinLen < PIV_MIN_PIN_LEN || + ulPinLen > PIV_MAX_PIN_LEN) + return CKR_ARGUMENTS_BAD; + + //TODO: check session (read only?) + DBG(("user %lu, pin %s, pinlen %lu", userType, pPin, ulPinLen)); + + tries = 0; + if (ykpiv_verify(piv_state, pPin, (int *)&tries) != YKPIV_OK) { + DBG(("You loose! %lu", tries)); + return CKR_PIN_INCORRECT; + } + + DBG(("You win! %lu", tries)) + DOUT; return CKR_OK; }