Diff

Differences From Artifact [5510d07f5c]:

To Artifact [dce840ec61]:


469
470
471
472
473
474
475





























































































































476
477
478
479
480
481
482
483
484
485
486
487
488
489
490

491
492
493
494
495
496
497
			return("CACKEY_TLV_APP_SKI | CACKEY_TLV_APP_PKI");
		case 0x07:
			return("CACKEY_TLV_APP_GENERIC | CACKEY_TLV_APP_SKI | CACKEY_TLV_APP_PKI");
	}

	return("INVALID");
}






























































































































#  define malloc(x) CACKEY_DEBUG_FUNC_MALLOC(x, __func__, __LINE__)
#  define realloc(x, y) CACKEY_DEBUG_FUNC_REALLOC(x, y, __func__, __LINE__)
#  ifdef strdup
#    undef strdup
#  endif
#  define strdup(x) CACKEY_DEBUG_FUNC_STRDUP(x, __func__, __LINE__)
#else
#  define CACKEY_DEBUG_PRINTF(x...) /**/
#  define CACKEY_DEBUG_PRINTBUF(f, x, y) /**/
#  define CACKEY_DEBUG_PERROR(x) /**/
#  define CACKEY_DEBUG_FUNC_TAG_TO_STR(x) "DEBUG_DISABLED"
#  define CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(x) "DEBUG_DISABLED"
#  define CACKEY_DEBUG_FUNC_OBJID_TO_STR(x) "DEBUG_DISABLED"
#  define CACKEY_DEBUG_FUNC_APPTYPE_TO_STR(x) "DEBUG_DISABLED"

#endif

struct cackey_pcsc_identity {
	unsigned char applet[7];
	uint16_t file;

	size_t certificate_len;







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>















>







469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
			return("CACKEY_TLV_APP_SKI | CACKEY_TLV_APP_PKI");
		case 0x07:
			return("CACKEY_TLV_APP_GENERIC | CACKEY_TLV_APP_SKI | CACKEY_TLV_APP_PKI");
	}

	return("INVALID");
}

static const char *CACKEY_DEBUG_FUNC_ATTRIBUTE_TO_STR(CK_ATTRIBUTE_TYPE attr) {
	switch (attr) {
		case CKA_CLASS:
			return("CKA_CLASS");
		case CKA_TOKEN:
			return("CKA_TOKEN");
		case CKA_PRIVATE:
			return("CKA_PRIVATE");
		case CKA_LABEL:
			return("CKA_LABEL");
		case CKA_APPLICATION:
			return("CKA_APPLICATION");
		case CKA_VALUE:
			return("CKA_VALUE");
		case CKA_OBJECT_ID:
			return("CKA_OBJECT_ID");
		case CKA_CERTIFICATE_TYPE:
			return("CKA_CERTIFICATE_TYPE");
		case CKA_ISSUER:
			return("CKA_ISSUER");
		case CKA_SERIAL_NUMBER:
			return("CKA_SERIAL_NUMBER");
		case CKA_AC_ISSUER:
			return("CKA_AC_ISSUER");
		case CKA_OWNER:
			return("CKA_OWNER");
		case CKA_ATTR_TYPES:
			return("CKA_ATTR_TYPES");
		case CKA_TRUSTED:
			return("CKA_TRUSTED");
		case CKA_KEY_TYPE:
			return("CKA_KEY_TYPE");
		case CKA_SUBJECT:
			return("CKA_SUBJECT");
		case CKA_ID:
			return("CKA_ID");
		case CKA_SENSITIVE:
			return("CKA_SENSITIVE");
		case CKA_ENCRYPT:
			return("CKA_ENCRYPT");
		case CKA_DECRYPT:
			return("CKA_DECRYPT");
		case CKA_WRAP:
			return("CKA_WRAP");
		case CKA_UNWRAP:
			return("CKA_UNWRAP");
		case CKA_SIGN:
			return("CKA_SIGN");
		case CKA_SIGN_RECOVER:
			return("CKA_SIGN_RECOVER");
		case CKA_VERIFY:
			return("CKA_VERIFY");
		case CKA_VERIFY_RECOVER:
			return("CKA_VERIFY_RECOVER");
		case CKA_DERIVE:
			return("CKA_DERIVE");
		case CKA_START_DATE:
			return("CKA_START_DATE");
		case CKA_END_DATE:
			return("CKA_END_DATE");
		case CKA_MODULUS:
			return("CKA_MODULUS");
		case CKA_MODULUS_BITS:
			return("CKA_MODULUS_BITS");
		case CKA_PUBLIC_EXPONENT:
			return("CKA_PUBLIC_EXPONENT");
		case CKA_PRIVATE_EXPONENT:
			return("CKA_PRIVATE_EXPONENT");
		case CKA_PRIME_1:
			return("CKA_PRIME_1");
		case CKA_PRIME_2:
			return("CKA_PRIME_2");
		case CKA_EXPONENT_1:
			return("CKA_EXPONENT_1");
		case CKA_EXPONENT_2:
			return("CKA_EXPONENT_2");
		case CKA_COEFFICIENT:
			return("CKA_COEFFICIENT");
		case CKA_PRIME:
			return("CKA_PRIME");
		case CKA_SUBPRIME:
			return("CKA_SUBPRIME");
		case CKA_BASE:
			return("CKA_BASE");
		case CKA_PRIME_BITS:
			return("CKA_PRIME_BITS");
		case CKA_SUB_PRIME_BITS:
			return("CKA_SUB_PRIME_BITS");
		case CKA_VALUE_BITS:
			return("CKA_VALUE_BITS");
		case CKA_VALUE_LEN:
			return("CKA_VALUE_LEN");
		case CKA_EXTRACTABLE:
			return("CKA_EXTRACTABLE");
		case CKA_LOCAL:
			return("CKA_LOCAL");
		case CKA_NEVER_EXTRACTABLE:
			return("CKA_NEVER_EXTRACTABLE");
		case CKA_ALWAYS_SENSITIVE:
			return("CKA_ALWAYS_SENSITIVE");
		case CKA_KEY_GEN_MECHANISM:
			return("CKA_KEY_GEN_MECHANISM");
		case CKA_MODIFIABLE:
			return("CKA_MODIFIABLE");
		case CKA_ECDSA_PARAMS:
			return("CKA_ECDSA_PARAMS");
		case CKA_EC_POINT:
			return("CKA_EC_POINT");
		case CKA_SECONDARY_AUTH:
			return("CKA_SECONDARY_AUTH");
		case CKA_AUTH_PIN_FLAGS:
			return("CKA_AUTH_PIN_FLAGS");
		case CKA_HW_FEATURE_TYPE:
			return("CKA_HW_FEATURE_TYPE");
		case CKA_RESET_ON_INIT:
			return("CKA_RESET_ON_INIT");
		case CKA_HAS_RESET:
			return("CKA_HAS_RESET");
		case CKA_VENDOR_DEFINED:
			return("CKA_VENDOR_DEFINED");
	}

	return("UNKNOWN");
}

#  define malloc(x) CACKEY_DEBUG_FUNC_MALLOC(x, __func__, __LINE__)
#  define realloc(x, y) CACKEY_DEBUG_FUNC_REALLOC(x, y, __func__, __LINE__)
#  ifdef strdup
#    undef strdup
#  endif
#  define strdup(x) CACKEY_DEBUG_FUNC_STRDUP(x, __func__, __LINE__)
#else
#  define CACKEY_DEBUG_PRINTF(x...) /**/
#  define CACKEY_DEBUG_PRINTBUF(f, x, y) /**/
#  define CACKEY_DEBUG_PERROR(x) /**/
#  define CACKEY_DEBUG_FUNC_TAG_TO_STR(x) "DEBUG_DISABLED"
#  define CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(x) "DEBUG_DISABLED"
#  define CACKEY_DEBUG_FUNC_OBJID_TO_STR(x) "DEBUG_DISABLED"
#  define CACKEY_DEBUG_FUNC_APPTYPE_TO_STR(x) "DEBUG_DISABLED"
#  define CACKEY_DEBUG_FUNC_ATTRIBUTE_TO_STR(x) "DEBUG_DISABLED"
#endif

struct cackey_pcsc_identity {
	unsigned char applet[7];
	uint16_t file;

	size_t certificate_len;
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
		return(NULL);
	}

	pcsc_identities = cackey_read_certs(slot, NULL, &num_certs);
	if (pcsc_identities != NULL) {
		/* Convert number of Certs to number of objects */
		num_ids = (CKO_PRIVATE_KEY - CKO_CERTIFICATE + 1) * num_certs;
		num_ids += num_extra_certs * 2;

		identities = malloc(num_ids * sizeof(*identities));

		/* Add certificates, public keys, and private keys from the smartcard */
		id_idx = 0;
		for (cert_idx = 0; cert_idx < num_certs; cert_idx++) {
			for (curr_id_type = CKO_CERTIFICATE; curr_id_type <= CKO_PRIVATE_KEY; curr_id_type++) {







|







3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
		return(NULL);
	}

	pcsc_identities = cackey_read_certs(slot, NULL, &num_certs);
	if (pcsc_identities != NULL) {
		/* Convert number of Certs to number of objects */
		num_ids = (CKO_PRIVATE_KEY - CKO_CERTIFICATE + 1) * num_certs;
		num_ids += num_extra_certs * 3;

		identities = malloc(num_ids * sizeof(*identities));

		/* Add certificates, public keys, and private keys from the smartcard */
		id_idx = 0;
		for (cert_idx = 0; cert_idx < num_certs; cert_idx++) {
			for (curr_id_type = CKO_CERTIFICATE; curr_id_type <= CKO_PRIVATE_KEY; curr_id_type++) {
3285
3286
3287
3288
3289
3290
3291

3292


3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306

		cackey_free_certs(pcsc_identities, num_certs, 1);

		/* Add DoD Certificates and Netscape Trust Objects */
		for (cert_idx = 0; cert_idx < num_extra_certs; cert_idx++) {
			identities[id_idx].pcsc_identity = NULL;
			identities[id_idx].attributes = cackey_get_attributes(CKO_CERTIFICATE, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);




			id_idx++;
		}

		for (cert_idx = 0; cert_idx < num_extra_certs; cert_idx++) {
			identities[id_idx].pcsc_identity = NULL;
			identities[id_idx].attributes = cackey_get_attributes(CKO_NETSCAPE_TRUST, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);

			id_idx++;
		}

		*ids_found = num_ids;
		return(identities);
	}








>

>
>

|
<
<


<







3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423


3424
3425

3426
3427
3428
3429
3430
3431
3432

		cackey_free_certs(pcsc_identities, num_certs, 1);

		/* Add DoD Certificates and Netscape Trust Objects */
		for (cert_idx = 0; cert_idx < num_extra_certs; cert_idx++) {
			identities[id_idx].pcsc_identity = NULL;
			identities[id_idx].attributes = cackey_get_attributes(CKO_CERTIFICATE, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
			id_idx++;

			identities[id_idx].pcsc_identity = NULL;
			identities[id_idx].attributes = cackey_get_attributes(CKO_PUBLIC_KEY, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
			id_idx++;



			identities[id_idx].pcsc_identity = NULL;
			identities[id_idx].attributes = cackey_get_attributes(CKO_NETSCAPE_TRUST, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);

			id_idx++;
		}

		*ids_found = num_ids;
		return(identities);
	}

4910
4911
4912
4913
4914
4915
4916
4917
4918
4919
4920
4921
4922
4923
4924
		matched_count = 0;

		for (curr_attr_idx = 0; curr_attr_idx < cackey_sessions[hSession].search_query_count; curr_attr_idx++) {
			prev_matched_count = matched_count;

			curr_attr = &cackey_sessions[hSession].search_query[curr_attr_idx];

			CACKEY_DEBUG_PRINTF("  Checking for attribute 0x%08lx in identity:%i...", (unsigned long) curr_attr->type, (int) curr_id_idx);
			CACKEY_DEBUG_PRINTBUF("    Value looking for:", curr_attr->pValue, curr_attr->ulValueLen);

			for (sess_attr_idx = 0; sess_attr_idx < curr_id->attributes_count; sess_attr_idx++) {
				if (cackey_pkcs11_compare_attributes(&curr_id->attributes[sess_attr_idx], curr_attr)) {
					matched_count++;

					break;







|







5036
5037
5038
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
		matched_count = 0;

		for (curr_attr_idx = 0; curr_attr_idx < cackey_sessions[hSession].search_query_count; curr_attr_idx++) {
			prev_matched_count = matched_count;

			curr_attr = &cackey_sessions[hSession].search_query[curr_attr_idx];

			CACKEY_DEBUG_PRINTF("  Checking for attribute %s (0x%08lx) in identity:%i...", CACKEY_DEBUG_FUNC_ATTRIBUTE_TO_STR(curr_attr->type), (unsigned long) curr_attr->type, (int) curr_id_idx);
			CACKEY_DEBUG_PRINTBUF("    Value looking for:", curr_attr->pValue, curr_attr->ulValueLen);

			for (sess_attr_idx = 0; sess_attr_idx < curr_id->attributes_count; sess_attr_idx++) {
				if (cackey_pkcs11_compare_attributes(&curr_id->attributes[sess_attr_idx], curr_attr)) {
					matched_count++;

					break;