diff options
| author | Ade Lee <alee@redhat.com> | 2012-08-15 14:06:08 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2012-08-15 14:06:08 -0400 |
| commit | 75e1c66acb48e67951fc0ce5680328773fe837ae (patch) | |
| tree | 0da680311142b5c2c80012eae86817aafeb1dad5 /base/tps/tools/raclient/RA_Token.h | |
| parent | 0198bf929702b756214b5f509ffe677ca58bf650 (diff) | |
| download | pki-75e1c66acb48e67951fc0ce5680328773fe837ae.tar.gz pki-75e1c66acb48e67951fc0ce5680328773fe837ae.tar.xz pki-75e1c66acb48e67951fc0ce5680328773fe837ae.zip | |
https://fedorahosted.org/pki/ticket/237
ECC support for tpsclient
two parameters are added in the config file (see enroll.tps.ec for example): slotnamefile - this points to a file that contains the slot name. The reason why the slot name goes into another file instead of the conf file is because the existing conf file uses spaces for deliminator and I don't want to change the usage (and QE's tests) by changing it to something else. tokpasswod is the tokebn password
This ECC feature requires the up-coming ECC supporting TPS to trigger. Testing of the ECC specific areas requires the availability of such ECC TPS. Without it, one can test with the old RSA method to see if it's broken.
Diffstat (limited to 'base/tps/tools/raclient/RA_Token.h')
| -rw-r--r-- | base/tps/tools/raclient/RA_Token.h | 64 |
1 files changed, 43 insertions, 21 deletions
diff --git a/base/tps/tools/raclient/RA_Token.h b/base/tps/tools/raclient/RA_Token.h index bf92e4e89..de60857da 100644 --- a/base/tps/tools/raclient/RA_Token.h +++ b/base/tps/tools/raclient/RA_Token.h @@ -62,6 +62,7 @@ #include "apdu/List_Objects_APDU.h" #include "apdu/Create_Pin_APDU.h" #include "apdu/Generate_Key_APDU.h" +#include "apdu/Generate_Key_ECC_APDU.h" #include "apdu/Select_APDU.h" #include "apdu/Delete_File_APDU.h" #include "apdu/Get_Version_APDU.h" @@ -76,6 +77,7 @@ typedef enum { kek } keyType; + class RA_Token { public: @@ -103,6 +105,17 @@ class RA_Token void SetMinorVersion(int v); BYTE GetLifeCycleState(); public: +typedef struct { + enum { + PW_NONE = 0, + PW_FROMFILE = 1, + PW_PLAINTEXT = 2, + PW_EXTERNAL = 3 + } source; + char *data; +} secuPWData; + + static char *getModulePasswordText(PK11SlotInfo *slot, PRBool retry, void *arg); int VerifyMAC(APDU *apdu); void ComputeAPDUMac(APDU *apdu, Buffer &new_mac); PK11SymKey *CreateSessionKey(keyType keytype, @@ -189,6 +202,9 @@ class RA_Token APDU_Response *ProcessGenerateKey(Generate_Key_APDU *apdu, NameValueSet *vars, NameValueSet *params); + APDU_Response *ProcessGenerateKeyECC(Generate_Key_ECC_APDU *apdu, + NameValueSet *vars, + NameValueSet *params); APDU_Response *ProcessImportKeyEnc(Import_Key_Enc_APDU *apdu, NameValueSet *vars, NameValueSet *params); @@ -198,28 +214,34 @@ class RA_Token APDU_Response *ProcessPutKey(Put_Key_APDU *apdu, NameValueSet *vars, NameValueSet *params); + +#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1 +/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */ + + static SECKEYECParams *getECParams(const char *curve); public: - Buffer m_card_challenge; - Buffer m_host_challenge; - PK11SymKey *m_session_key; - PK11SymKey *m_enc_session_key; - Buffer m_icv; - Buffer m_cuid; - Buffer m_msn; - Buffer m_version; - Buffer m_key_info; - Buffer m_auth_key; - Buffer m_mac_key; - Buffer m_kek_key; - Buffer m_buffer; - BYTE m_lifecycle_state; - char *m_pin; - Buffer* m_object; - int m_major_version; - int m_minor_version; - int m_object_len; - int m_chunk_len; - char m_objectid[3]; + Buffer m_card_challenge; + Buffer m_host_challenge; + PK11SymKey *m_session_key; + PK11SymKey *m_enc_session_key; + Buffer m_icv; + Buffer m_cuid; + Buffer m_msn; + Buffer m_version; + Buffer m_key_info; + Buffer m_auth_key; + Buffer m_mac_key; + Buffer m_kek_key; + Buffer m_buffer; + BYTE m_lifecycle_state; + char *m_pin; + Buffer* m_object; + int m_major_version; + int m_minor_version; + int m_object_len; + int m_chunk_len; + char m_objectid[3]; + char *m_tokenpassword; }; #endif /* RA_TOKEN_H */ |