Check-in [e2ba3f7684]
Overview
Comment:Updated to label PIV keys with their types. Removed extraneous debugging output
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | piv
Files: files | file ages | folders
SHA1:e2ba3f7684674e7943f57e1c03afc390dfa10d3d
User & Date: rkeene on 2013-01-15 21:12:44
Other Links: manifest | tags
Context
2013-01-16
15:21
Updated to determine what kind of authentication to perform based on token present (PIV/CAC) check-in: def08b9deb user: rkeene tags: piv
2013-01-15
21:12
Updated to label PIV keys with their types. Removed extraneous debugging output check-in: e2ba3f7684 user: rkeene tags: piv
21:00
Added additional debugging output check-in: b7f98935cd user: rkeene tags: piv
Changes

Modified cackey.c from [a01b1ce264] to [0c58d0837a].

   730    730   		struct {
   731    731   			unsigned char applet[7];
   732    732   			uint16_t file;
   733    733   		} cac;
   734    734   
   735    735   		struct {
   736    736   			unsigned char key_id;
          737  +			char label[32];
   737    738   		} piv;
   738    739   	} card;
   739    740   };
   740    741   
   741    742   struct cackey_identity {
   742    743   	struct cackey_pcsc_identity *pcsc_identity;
   743    744   
................................................................................
  2369   2370   		switch (dest[idx].id_type) {
  2370   2371   			case CACKEY_ID_TYPE_CAC:
  2371   2372   				memcpy(dest[idx].card.cac.applet, start[idx].card.cac.applet, sizeof(dest[idx].card.cac.applet));
  2372   2373   				dest[idx].card.cac.file = start[idx].card.cac.file;
  2373   2374   				break;
  2374   2375   			case CACKEY_ID_TYPE_PIV:
  2375   2376   				dest[idx].card.piv.key_id = start[idx].card.piv.key_id;
         2377  +				memcpy(dest[idx].card.piv.label, start[idx].card.piv.label, sizeof(dest[idx].card.piv.label));
  2376   2378   				break;
  2377   2379   			case CACKEY_ID_TYPE_CERT_ONLY:
  2378   2380   				break;
  2379   2381   		}
  2380   2382   		dest[idx].certificate_len = start[idx].certificate_len;
  2381   2383   		dest[idx].keysize = start[idx].keysize;
  2382   2384   
................................................................................
  2405   2407   	struct cackey_pcsc_identity *curr_id;
  2406   2408   	struct cackey_tlv_entity *ccc_tlv, *ccc_curr, *app_tlv, *app_curr;
  2407   2409   	unsigned char ccc_aid[] = {GSCIS_AID_CCC}, piv_aid[] = {NISTSP800_73_3_PIV_AID};
  2408   2410   	unsigned char *piv_oid, piv_oid_pivauth[] = {NISTSP800_73_3_OID_PIVAUTH}, piv_oid_signature[] = {NISTSP800_73_3_OID_SIGNATURE}, piv_oid_keymgt[] = {NISTSP800_73_3_OID_KEYMGT};
  2409   2411   	unsigned char curr_aid[7];
  2410   2412   	unsigned char buffer[8192], *buffer_p;
  2411   2413   	unsigned long outidx = 0;
         2414  +	char *piv_label;
  2412   2415   	cackey_ret transaction_ret;
  2413   2416   	ssize_t read_ret;
  2414   2417   	size_t buffer_len;
  2415   2418   	int certs_resizable;
  2416   2419   	int send_ret, select_ret;
  2417   2420   	int piv_key, piv = 0;
  2418   2421   	int idx;
................................................................................
  2494   2497   
  2495   2498   	if (piv) {
  2496   2499   		for (idx = 0; idx < 3; idx++) {
  2497   2500   			switch (idx) {
  2498   2501   				case 0:
  2499   2502   					piv_oid = piv_oid_pivauth;
  2500   2503   					piv_key = NISTSP800_78_3_KEY_PIVAUTH;
         2504  +					piv_label = "Authentication";
  2501   2505   					break;
  2502   2506   				case 1:
  2503   2507   					piv_oid = piv_oid_signature;
  2504   2508   					piv_key = NISTSP800_78_3_KEY_SIGNATURE;
         2509  +					piv_label = "Signature";
  2505   2510   					break;
  2506   2511   				case 2:
  2507   2512   					piv_oid = piv_oid_keymgt;
  2508   2513   					piv_key = NISTSP800_78_3_KEY_KEYMGT;
         2514  +					piv_label = "Key Management";
  2509   2515   					break;
  2510   2516   			}
  2511   2517   
  2512   2518   			read_ret = cackey_get_data(slot, buffer, sizeof(buffer), piv_oid);
  2513   2519   
  2514   2520   			if (read_ret <= 0) {
  2515   2521   				continue;
................................................................................
  2517   2523   
  2518   2524   			curr_id = &certs[outidx];
  2519   2525   			outidx++;
  2520   2526   
  2521   2527   			curr_id->keysize = -1;
  2522   2528   			curr_id->id_type = CACKEY_ID_TYPE_PIV;
  2523   2529   			curr_id->card.piv.key_id = piv_key;
         2530  +			memcpy(curr_id->card.piv.label, piv_label, strlen(piv_label) + 1);
  2524   2531   
  2525   2532   			curr_id->certificate_len = read_ret;
  2526   2533   			curr_id->certificate = malloc(curr_id->certificate_len);
  2527   2534   
  2528         -			CACKEY_DEBUG_PRINTBUF("Pre-shrink (-4header, -5trailer) == ", buffer, curr_id->certificate_len);
  2529         -
  2530   2535   			buffer_len = sizeof(buffer);
  2531   2536   			buffer_p = cackey_read_bertlv_tag(buffer, &buffer_len, 0x70, curr_id->certificate, &curr_id->certificate_len);
  2532   2537   
  2533   2538   			if (buffer_p == NULL) {
  2534   2539   				CACKEY_DEBUG_PRINTF("Reading certificate from BER-TLV response failed, skipping key %i", idx);
  2535   2540   				free(curr_id->certificate);
  2536   2541   
  2537   2542   				outidx--;
  2538   2543   
  2539   2544   				continue;
  2540   2545   			}
  2541         -
  2542         -			CACKEY_DEBUG_PRINTBUF("Post-shrink (-4header, -5trailer) == ", curr_id->certificate, curr_id->certificate_len);
  2543   2546   		}
  2544   2547   	} else {
  2545   2548   		/* Read all the applets from the CCC's TLV */
  2546   2549   		ccc_tlv = cackey_read_tlv(slot);
  2547   2550   
  2548   2551   		/* Look for CARDURLs that coorespond to PKI applets */
  2549   2552   		for (ccc_curr = ccc_tlv; ccc_curr; ccc_curr = ccc_curr->_next) {
................................................................................
  3474   3477   
  3475   3478   				CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);
  3476   3479   
  3477   3480   				break;
  3478   3481   			case CKA_LABEL:
  3479   3482   				CACKEY_DEBUG_PRINTF("Requesting attribute CKA_LABEL (0x%08lx) ...", (unsigned long) curr_attr_type);
  3480   3483   
  3481         -				/* XXX: Determine name */
         3484  +				if (identity->id_type == CACKEY_ID_TYPE_PIV) {
         3485  +					pValue = identity->card.piv.label;
         3486  +					ulValueLen = strlen(pValue);
         3487  +				} else {
  3482   3488   				ulValueLen = snprintf((char *) ucTmpBuf, sizeof(ucTmpBuf), "Identity #%lu", (unsigned long) identity_num);
  3483   3489   				pValue = ucTmpBuf;
  3484   3490   
  3485   3491   				if (ulValueLen >= sizeof(ucTmpBuf)) {
  3486   3492   					ulValueLen = 0;
  3487   3493   					pValue = NULL;
  3488   3494   				}
         3495  +				}
  3489   3496   
  3490   3497   				CACKEY_DEBUG_PRINTF(" ... returning (%p/%lu)", pValue, (unsigned long) ulValueLen);
  3491   3498   
  3492   3499   				break;
  3493   3500   			case CKA_VALUE:
  3494   3501   				CACKEY_DEBUG_PRINTF("Requesting attribute CKA_VALUE (0x%08lx) ...", (unsigned long) curr_attr_type);
  3495   3502