Diff

Differences From Artifact [a01b1ce264]:

To Artifact [0c58d0837a]:


730
731
732
733
734
735
736

737
738
739
740
741
742
743
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744







+







		struct {
			unsigned char applet[7];
			uint16_t file;
		} cac;

		struct {
			unsigned char key_id;
			char label[32];
		} piv;
	} card;
};

struct cackey_identity {
	struct cackey_pcsc_identity *pcsc_identity;

2369
2370
2371
2372
2373
2374
2375

2376
2377
2378
2379
2380
2381
2382
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384







+







		switch (dest[idx].id_type) {
			case CACKEY_ID_TYPE_CAC:
				memcpy(dest[idx].card.cac.applet, start[idx].card.cac.applet, sizeof(dest[idx].card.cac.applet));
				dest[idx].card.cac.file = start[idx].card.cac.file;
				break;
			case CACKEY_ID_TYPE_PIV:
				dest[idx].card.piv.key_id = start[idx].card.piv.key_id;
				memcpy(dest[idx].card.piv.label, start[idx].card.piv.label, sizeof(dest[idx].card.piv.label));
				break;
			case CACKEY_ID_TYPE_CERT_ONLY:
				break;
		}
		dest[idx].certificate_len = start[idx].certificate_len;
		dest[idx].keysize = start[idx].keysize;

2405
2406
2407
2408
2409
2410
2411

2412
2413
2414
2415
2416
2417
2418
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421







+







	struct cackey_pcsc_identity *curr_id;
	struct cackey_tlv_entity *ccc_tlv, *ccc_curr, *app_tlv, *app_curr;
	unsigned char ccc_aid[] = {GSCIS_AID_CCC}, piv_aid[] = {NISTSP800_73_3_PIV_AID};
	unsigned char *piv_oid, piv_oid_pivauth[] = {NISTSP800_73_3_OID_PIVAUTH}, piv_oid_signature[] = {NISTSP800_73_3_OID_SIGNATURE}, piv_oid_keymgt[] = {NISTSP800_73_3_OID_KEYMGT};
	unsigned char curr_aid[7];
	unsigned char buffer[8192], *buffer_p;
	unsigned long outidx = 0;
	char *piv_label;
	cackey_ret transaction_ret;
	ssize_t read_ret;
	size_t buffer_len;
	int certs_resizable;
	int send_ret, select_ret;
	int piv_key, piv = 0;
	int idx;
2494
2495
2496
2497
2498
2499
2500

2501
2502
2503
2504

2505
2506
2507
2508

2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523

2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534


2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545


2546
2547
2548
2549
2550
2551
2552







+




+




+















+




-
-











-
-








	if (piv) {
		for (idx = 0; idx < 3; idx++) {
			switch (idx) {
				case 0:
					piv_oid = piv_oid_pivauth;
					piv_key = NISTSP800_78_3_KEY_PIVAUTH;
					piv_label = "Authentication";
					break;
				case 1:
					piv_oid = piv_oid_signature;
					piv_key = NISTSP800_78_3_KEY_SIGNATURE;
					piv_label = "Signature";
					break;
				case 2:
					piv_oid = piv_oid_keymgt;
					piv_key = NISTSP800_78_3_KEY_KEYMGT;
					piv_label = "Key Management";
					break;
			}

			read_ret = cackey_get_data(slot, buffer, sizeof(buffer), piv_oid);

			if (read_ret <= 0) {
				continue;
			}

			curr_id = &certs[outidx];
			outidx++;

			curr_id->keysize = -1;
			curr_id->id_type = CACKEY_ID_TYPE_PIV;
			curr_id->card.piv.key_id = piv_key;
			memcpy(curr_id->card.piv.label, piv_label, strlen(piv_label) + 1);

			curr_id->certificate_len = read_ret;
			curr_id->certificate = malloc(curr_id->certificate_len);

			CACKEY_DEBUG_PRINTBUF("Pre-shrink (-4header, -5trailer) == ", buffer, curr_id->certificate_len);

			buffer_len = sizeof(buffer);
			buffer_p = cackey_read_bertlv_tag(buffer, &buffer_len, 0x70, curr_id->certificate, &curr_id->certificate_len);

			if (buffer_p == NULL) {
				CACKEY_DEBUG_PRINTF("Reading certificate from BER-TLV response failed, skipping key %i", idx);
				free(curr_id->certificate);

				outidx--;

				continue;
			}

			CACKEY_DEBUG_PRINTBUF("Post-shrink (-4header, -5trailer) == ", curr_id->certificate, curr_id->certificate_len);
		}
	} else {
		/* Read all the applets from the CCC's TLV */
		ccc_tlv = cackey_read_tlv(slot);

		/* Look for CARDURLs that coorespond to PKI applets */
		for (ccc_curr = ccc_tlv; ccc_curr; ccc_curr = ccc_curr->_next) {
3474
3475
3476
3477
3478
3479
3480



3481
3482
3483



3484
3485
3486
3487




3488
3489
3490
3491
3492
3493
3494
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486



3487
3488
3489
3490



3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501







+
+
+
-
-
-
+
+
+

-
-
-
+
+
+
+








				CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen);

				break;
			case CKA_LABEL:
				CACKEY_DEBUG_PRINTF("Requesting attribute CKA_LABEL (0x%08lx) ...", (unsigned long) curr_attr_type);

				if (identity->id_type == CACKEY_ID_TYPE_PIV) {
					pValue = identity->card.piv.label;
					ulValueLen = strlen(pValue);
				/* XXX: Determine name */
				ulValueLen = snprintf((char *) ucTmpBuf, sizeof(ucTmpBuf), "Identity #%lu", (unsigned long) identity_num);
				pValue = ucTmpBuf;
				} else {
					ulValueLen = snprintf((char *) ucTmpBuf, sizeof(ucTmpBuf), "Identity #%lu", (unsigned long) identity_num);
					pValue = ucTmpBuf;

				if (ulValueLen >= sizeof(ucTmpBuf)) {
					ulValueLen = 0;
					pValue = NULL;
					if (ulValueLen >= sizeof(ucTmpBuf)) {
						ulValueLen = 0;
						pValue = NULL;
					}
				}

				CACKEY_DEBUG_PRINTF(" ... returning (%p/%lu)", pValue, (unsigned long) ulValueLen);

				break;
			case CKA_VALUE:
				CACKEY_DEBUG_PRINTF("Requesting attribute CKA_VALUE (0x%08lx) ...", (unsigned long) curr_attr_type);