Overview
| Comment: | Updated to label PIV keys with their types. Removed extraneous debugging output |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | piv |
| Files: | files | file ages | folders |
| SHA1: |
e2ba3f7684674e7943f57e1c03afc390 |
| User & Date: | rkeene on 2013-01-15 21:12:44 |
| Other Links: | branch diff | manifest | tags |
Context
|
2013-01-16
| ||
| 15:21 | Updated to determine what kind of authentication to perform based on token present (PIV/CAC) check-in: def08b9deb user: rkeene tags: piv | |
|
2013-01-15
| ||
| 21:12 | Updated to label PIV keys with their types. Removed extraneous debugging output check-in: e2ba3f7684 user: rkeene tags: piv | |
| 21:00 | Added additional debugging output check-in: b7f98935cd user: rkeene tags: piv | |
Changes
Modified cackey.c from [a01b1ce264] to [0c58d0837a].
| ︙ | ︙ | |||
730 731 732 733 734 735 736 737 738 739 740 741 742 743 |
struct {
unsigned char applet[7];
uint16_t file;
} cac;
struct {
unsigned char key_id;
} piv;
} card;
};
struct cackey_identity {
struct cackey_pcsc_identity *pcsc_identity;
| > | 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 |
struct {
unsigned char applet[7];
uint16_t file;
} cac;
struct {
unsigned char key_id;
char label[32];
} piv;
} card;
};
struct cackey_identity {
struct cackey_pcsc_identity *pcsc_identity;
|
| ︙ | ︙ | |||
2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 |
switch (dest[idx].id_type) {
case CACKEY_ID_TYPE_CAC:
memcpy(dest[idx].card.cac.applet, start[idx].card.cac.applet, sizeof(dest[idx].card.cac.applet));
dest[idx].card.cac.file = start[idx].card.cac.file;
break;
case CACKEY_ID_TYPE_PIV:
dest[idx].card.piv.key_id = start[idx].card.piv.key_id;
break;
case CACKEY_ID_TYPE_CERT_ONLY:
break;
}
dest[idx].certificate_len = start[idx].certificate_len;
dest[idx].keysize = start[idx].keysize;
| > | 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 |
switch (dest[idx].id_type) {
case CACKEY_ID_TYPE_CAC:
memcpy(dest[idx].card.cac.applet, start[idx].card.cac.applet, sizeof(dest[idx].card.cac.applet));
dest[idx].card.cac.file = start[idx].card.cac.file;
break;
case CACKEY_ID_TYPE_PIV:
dest[idx].card.piv.key_id = start[idx].card.piv.key_id;
memcpy(dest[idx].card.piv.label, start[idx].card.piv.label, sizeof(dest[idx].card.piv.label));
break;
case CACKEY_ID_TYPE_CERT_ONLY:
break;
}
dest[idx].certificate_len = start[idx].certificate_len;
dest[idx].keysize = start[idx].keysize;
|
| ︙ | ︙ | |||
2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 |
struct cackey_pcsc_identity *curr_id;
struct cackey_tlv_entity *ccc_tlv, *ccc_curr, *app_tlv, *app_curr;
unsigned char ccc_aid[] = {GSCIS_AID_CCC}, piv_aid[] = {NISTSP800_73_3_PIV_AID};
unsigned char *piv_oid, piv_oid_pivauth[] = {NISTSP800_73_3_OID_PIVAUTH}, piv_oid_signature[] = {NISTSP800_73_3_OID_SIGNATURE}, piv_oid_keymgt[] = {NISTSP800_73_3_OID_KEYMGT};
unsigned char curr_aid[7];
unsigned char buffer[8192], *buffer_p;
unsigned long outidx = 0;
cackey_ret transaction_ret;
ssize_t read_ret;
size_t buffer_len;
int certs_resizable;
int send_ret, select_ret;
int piv_key, piv = 0;
int idx;
| > | 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 |
struct cackey_pcsc_identity *curr_id;
struct cackey_tlv_entity *ccc_tlv, *ccc_curr, *app_tlv, *app_curr;
unsigned char ccc_aid[] = {GSCIS_AID_CCC}, piv_aid[] = {NISTSP800_73_3_PIV_AID};
unsigned char *piv_oid, piv_oid_pivauth[] = {NISTSP800_73_3_OID_PIVAUTH}, piv_oid_signature[] = {NISTSP800_73_3_OID_SIGNATURE}, piv_oid_keymgt[] = {NISTSP800_73_3_OID_KEYMGT};
unsigned char curr_aid[7];
unsigned char buffer[8192], *buffer_p;
unsigned long outidx = 0;
char *piv_label;
cackey_ret transaction_ret;
ssize_t read_ret;
size_t buffer_len;
int certs_resizable;
int send_ret, select_ret;
int piv_key, piv = 0;
int idx;
|
| ︙ | ︙ | |||
2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510 2511 2512 2513 2514 2515 2516 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 |
if (piv) {
for (idx = 0; idx < 3; idx++) {
switch (idx) {
case 0:
piv_oid = piv_oid_pivauth;
piv_key = NISTSP800_78_3_KEY_PIVAUTH;
break;
case 1:
piv_oid = piv_oid_signature;
piv_key = NISTSP800_78_3_KEY_SIGNATURE;
break;
case 2:
piv_oid = piv_oid_keymgt;
piv_key = NISTSP800_78_3_KEY_KEYMGT;
break;
}
read_ret = cackey_get_data(slot, buffer, sizeof(buffer), piv_oid);
if (read_ret <= 0) {
continue;
}
curr_id = &certs[outidx];
outidx++;
curr_id->keysize = -1;
curr_id->id_type = CACKEY_ID_TYPE_PIV;
curr_id->card.piv.key_id = piv_key;
curr_id->certificate_len = read_ret;
curr_id->certificate = malloc(curr_id->certificate_len);
| > > > > < < < < | 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510 2511 2512 2513 2514 2515 2516 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535 2536 2537 2538 2539 2540 2541 2542 2543 2544 2545 2546 2547 2548 2549 2550 2551 2552 |
if (piv) {
for (idx = 0; idx < 3; idx++) {
switch (idx) {
case 0:
piv_oid = piv_oid_pivauth;
piv_key = NISTSP800_78_3_KEY_PIVAUTH;
piv_label = "Authentication";
break;
case 1:
piv_oid = piv_oid_signature;
piv_key = NISTSP800_78_3_KEY_SIGNATURE;
piv_label = "Signature";
break;
case 2:
piv_oid = piv_oid_keymgt;
piv_key = NISTSP800_78_3_KEY_KEYMGT;
piv_label = "Key Management";
break;
}
read_ret = cackey_get_data(slot, buffer, sizeof(buffer), piv_oid);
if (read_ret <= 0) {
continue;
}
curr_id = &certs[outidx];
outidx++;
curr_id->keysize = -1;
curr_id->id_type = CACKEY_ID_TYPE_PIV;
curr_id->card.piv.key_id = piv_key;
memcpy(curr_id->card.piv.label, piv_label, strlen(piv_label) + 1);
curr_id->certificate_len = read_ret;
curr_id->certificate = malloc(curr_id->certificate_len);
buffer_len = sizeof(buffer);
buffer_p = cackey_read_bertlv_tag(buffer, &buffer_len, 0x70, curr_id->certificate, &curr_id->certificate_len);
if (buffer_p == NULL) {
CACKEY_DEBUG_PRINTF("Reading certificate from BER-TLV response failed, skipping key %i", idx);
free(curr_id->certificate);
outidx--;
continue;
}
}
} else {
/* Read all the applets from the CCC's TLV */
ccc_tlv = cackey_read_tlv(slot);
/* Look for CARDURLs that coorespond to PKI applets */
for (ccc_curr = ccc_tlv; ccc_curr; ccc_curr = ccc_curr->_next) {
|
| ︙ | ︙ | |||
3474 3475 3476 3477 3478 3479 3480 |
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_LABEL:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_LABEL (0x%08lx) ...", (unsigned long) curr_attr_type);
| > > > | | | | | | > | 3477 3478 3479 3480 3481 3482 3483 3484 3485 3486 3487 3488 3489 3490 3491 3492 3493 3494 3495 3496 3497 3498 3499 3500 3501 |
CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
break;
case CKA_LABEL:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_LABEL (0x%08lx) ...", (unsigned long) curr_attr_type);
if (identity->id_type == CACKEY_ID_TYPE_PIV) {
pValue = identity->card.piv.label;
ulValueLen = strlen(pValue);
} else {
ulValueLen = snprintf((char *) ucTmpBuf, sizeof(ucTmpBuf), "Identity #%lu", (unsigned long) identity_num);
pValue = ucTmpBuf;
if (ulValueLen >= sizeof(ucTmpBuf)) {
ulValueLen = 0;
pValue = NULL;
}
}
CACKEY_DEBUG_PRINTF(" ... returning (%p/%lu)", pValue, (unsigned long) ulValueLen);
break;
case CKA_VALUE:
CACKEY_DEBUG_PRINTF("Requesting attribute CKA_VALUE (0x%08lx) ...", (unsigned long) curr_attr_type);
|
| ︙ | ︙ |