@@ -732,10 +732,11 @@ uint16_t file; } cac; struct { unsigned char key_id; + char label[32]; } piv; } card; }; struct cackey_identity { @@ -2371,10 +2372,11 @@ memcpy(dest[idx].card.cac.applet, start[idx].card.cac.applet, sizeof(dest[idx].card.cac.applet)); dest[idx].card.cac.file = start[idx].card.cac.file; break; case CACKEY_ID_TYPE_PIV: dest[idx].card.piv.key_id = start[idx].card.piv.key_id; + memcpy(dest[idx].card.piv.label, start[idx].card.piv.label, sizeof(dest[idx].card.piv.label)); break; case CACKEY_ID_TYPE_CERT_ONLY: break; } dest[idx].certificate_len = start[idx].certificate_len; @@ -2407,10 +2409,11 @@ unsigned char ccc_aid[] = {GSCIS_AID_CCC}, piv_aid[] = {NISTSP800_73_3_PIV_AID}; unsigned char *piv_oid, piv_oid_pivauth[] = {NISTSP800_73_3_OID_PIVAUTH}, piv_oid_signature[] = {NISTSP800_73_3_OID_SIGNATURE}, piv_oid_keymgt[] = {NISTSP800_73_3_OID_KEYMGT}; unsigned char curr_aid[7]; unsigned char buffer[8192], *buffer_p; unsigned long outidx = 0; + char *piv_label; cackey_ret transaction_ret; ssize_t read_ret; size_t buffer_len; int certs_resizable; int send_ret, select_ret; @@ -2496,18 +2499,21 @@ for (idx = 0; idx < 3; idx++) { switch (idx) { case 0: piv_oid = piv_oid_pivauth; piv_key = NISTSP800_78_3_KEY_PIVAUTH; + piv_label = "Authentication"; break; case 1: piv_oid = piv_oid_signature; piv_key = NISTSP800_78_3_KEY_SIGNATURE; + piv_label = "Signature"; break; case 2: piv_oid = piv_oid_keymgt; piv_key = NISTSP800_78_3_KEY_KEYMGT; + piv_label = "Key Management"; break; } read_ret = cackey_get_data(slot, buffer, sizeof(buffer), piv_oid); @@ -2519,16 +2525,15 @@ outidx++; curr_id->keysize = -1; curr_id->id_type = CACKEY_ID_TYPE_PIV; curr_id->card.piv.key_id = piv_key; + memcpy(curr_id->card.piv.label, piv_label, strlen(piv_label) + 1); curr_id->certificate_len = read_ret; curr_id->certificate = malloc(curr_id->certificate_len); - CACKEY_DEBUG_PRINTBUF("Pre-shrink (-4header, -5trailer) == ", buffer, curr_id->certificate_len); - buffer_len = sizeof(buffer); buffer_p = cackey_read_bertlv_tag(buffer, &buffer_len, 0x70, curr_id->certificate, &curr_id->certificate_len); if (buffer_p == NULL) { CACKEY_DEBUG_PRINTF("Reading certificate from BER-TLV response failed, skipping key %i", idx); @@ -2536,12 +2541,10 @@ outidx--; continue; } - - CACKEY_DEBUG_PRINTBUF("Post-shrink (-4header, -5trailer) == ", curr_id->certificate, curr_id->certificate_len); } } else { /* Read all the applets from the CCC's TLV */ ccc_tlv = cackey_read_tlv(slot); @@ -3476,17 +3479,21 @@ break; case CKA_LABEL: CACKEY_DEBUG_PRINTF("Requesting attribute CKA_LABEL (0x%08lx) ...", (unsigned long) curr_attr_type); - /* XXX: Determine name */ - ulValueLen = snprintf((char *) ucTmpBuf, sizeof(ucTmpBuf), "Identity #%lu", (unsigned long) identity_num); - pValue = ucTmpBuf; + if (identity->id_type == CACKEY_ID_TYPE_PIV) { + pValue = identity->card.piv.label; + ulValueLen = strlen(pValue); + } else { + ulValueLen = snprintf((char *) ucTmpBuf, sizeof(ucTmpBuf), "Identity #%lu", (unsigned long) identity_num); + pValue = ucTmpBuf; - if (ulValueLen >= sizeof(ucTmpBuf)) { - ulValueLen = 0; - pValue = NULL; + if (ulValueLen >= sizeof(ucTmpBuf)) { + ulValueLen = 0; + pValue = NULL; + } } CACKEY_DEBUG_PRINTF(" ... returning (%p/%lu)", pValue, (unsigned long) ulValueLen); break;