Diff

Differences From Artifact [ca30d967da]:

To Artifact [26bb9837f1]:


  3857   3857   
  3858   3858   	CACKEY_DEBUG_PRINTF("Returning CKR_FUNCTION_NOT_SUPPORTED (%i)", CKR_FUNCTION_NOT_SUPPORTED);
  3859   3859   
  3860   3860   	return(CKR_FUNCTION_NOT_SUPPORTED);
  3861   3861   }
  3862   3862   
  3863   3863   CK_DEFINE_FUNCTION(CK_RV, C_Login)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen) {
         3864  +	CK_SLOT_ID slotID;
  3864   3865   	int mutex_retval;
  3865   3866   	int tries_remaining;
  3866   3867   	int login_ret;
  3867   3868   
  3868   3869   	CACKEY_DEBUG_PRINTF("Called.");
  3869   3870   
  3870   3871   	if (!cackey_initialized) {
................................................................................
  3896   3897   		cackey_mutex_unlock(cackey_biglock);
  3897   3898   
  3898   3899   		CACKEY_DEBUG_PRINTF("Error.  Session not active.");
  3899   3900   		
  3900   3901   		return(CKR_SESSION_HANDLE_INVALID);
  3901   3902   	}
  3902   3903   
  3903         -	login_ret = cackey_login(&cackey_slots[cackey_sessions[hSession].slotID], pPin, ulPinLen, &tries_remaining);
         3904  +	slotID = cackey_sessions[hSession].slotID;
         3905  +
         3906  +	if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
         3907  +		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID);
         3908  +
         3909  +		return(CKR_GENERAL_ERROR);
         3910  +	}
         3911  +
         3912  +	if (cackey_slots[slotID].active == 0) {
         3913  +		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
         3914  +
         3915  +		cackey_mutex_unlock(cackey_biglock);
         3916  +
         3917  +		return(CKR_GENERAL_ERROR);
         3918  +	}
         3919  +
         3920  +	login_ret = cackey_login(&cackey_slots[slotID], pPin, ulPinLen, &tries_remaining);
  3904   3921   	if (login_ret != CACKEY_PCSC_S_OK) {
  3905   3922   		cackey_mutex_unlock(cackey_biglock);
  3906   3923   
  3907   3924   		if (login_ret == CACKEY_PCSC_E_LOCKED) {
  3908   3925   			CACKEY_DEBUG_PRINTF("Error.  Token is locked.");
  3909   3926   
  3910         -			cackey_slots[cackey_sessions[hSession].slotID].token_flags |= CKF_USER_PIN_LOCKED;
         3927  +			cackey_slots[slotID].token_flags |= CKF_USER_PIN_LOCKED;
  3911   3928   
  3912   3929   			return(CKR_PIN_LOCKED);
  3913   3930   		} else if (login_ret == CACKEY_PCSC_E_BADPIN) {
  3914   3931   			CACKEY_DEBUG_PRINTF("Error.  Invalid PIN.");
  3915   3932   
  3916         -			cackey_slots[cackey_sessions[hSession].slotID].token_flags |= CKF_USER_PIN_COUNT_LOW;
         3933  +			cackey_slots[slotID].token_flags |= CKF_USER_PIN_COUNT_LOW;
  3917   3934   
  3918   3935   			if (tries_remaining == 1) {
  3919         -				cackey_slots[cackey_sessions[hSession].slotID].token_flags |= CKF_USER_PIN_FINAL_TRY;
         3936  +				cackey_slots[slotID].token_flags |= CKF_USER_PIN_FINAL_TRY;
  3920   3937   			}
  3921   3938   
  3922   3939   			return(CKR_PIN_INCORRECT);
  3923   3940   		}
  3924   3941   
  3925   3942   		CACKEY_DEBUG_PRINTF("Error.  Unknown error returned from cackey_login() (%i)", login_ret);
  3926   3943   
  3927   3944   		return(CKR_GENERAL_ERROR);
  3928   3945   	}
  3929   3946   
  3930         -	cackey_slots[cackey_sessions[hSession].slotID].token_flags &= ~(CKF_USER_PIN_LOCKED | CKF_USER_PIN_COUNT_LOW | CKF_LOGIN_REQUIRED | CKF_USER_PIN_FINAL_TRY);
         3947  +	cackey_slots[slotID].token_flags &= ~(CKF_USER_PIN_LOCKED | CKF_USER_PIN_COUNT_LOW | CKF_LOGIN_REQUIRED | CKF_USER_PIN_FINAL_TRY);
  3931   3948   
  3932   3949   	cackey_sessions[hSession].state = CKS_RO_USER_FUNCTIONS;
  3933   3950   
  3934   3951   	mutex_retval = cackey_mutex_unlock(cackey_biglock);
  3935   3952   	if (mutex_retval != 0) {
  3936   3953   		CACKEY_DEBUG_PRINTF("Error.  Unlocking failed.");
  3937   3954   
................................................................................
  3940   3957   
  3941   3958   	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
  3942   3959   
  3943   3960   	return(CKR_OK);
  3944   3961   }
  3945   3962   
  3946   3963   CK_DEFINE_FUNCTION(CK_RV, C_Logout)(CK_SESSION_HANDLE hSession) {
         3964  +	CK_SLOT_ID slotID;
  3947   3965   	int mutex_retval;
  3948   3966   
  3949   3967   	CACKEY_DEBUG_PRINTF("Called.");
  3950   3968   
  3951   3969   	if (!cackey_initialized) {
  3952   3970   		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
  3953   3971   
................................................................................
  3970   3988   	if (!cackey_sessions[hSession].active) {
  3971   3989   		cackey_mutex_unlock(cackey_biglock);
  3972   3990   
  3973   3991   		CACKEY_DEBUG_PRINTF("Error.  Session not active.");
  3974   3992   		
  3975   3993   		return(CKR_SESSION_HANDLE_INVALID);
  3976   3994   	}
         3995  +
         3996  +	slotID = cackey_sessions[hSession].slotID;
         3997  +
         3998  +	if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
         3999  +		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID);
         4000  +
         4001  +		return(CKR_GENERAL_ERROR);
         4002  +	}
         4003  +
         4004  +	if (cackey_slots[slotID].active == 0) {
         4005  +		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
         4006  +
         4007  +		cackey_mutex_unlock(cackey_biglock);
         4008  +
         4009  +		return(CKR_GENERAL_ERROR);
         4010  +	}
  3977   4011   
  3978   4012   	cackey_sessions[hSession].state = CKS_RO_PUBLIC_SESSION;
         4013  +	cackey_slots[slotID].token_flags = CKF_LOGIN_REQUIRED;
  3979   4014   
  3980   4015   	mutex_retval = cackey_mutex_unlock(cackey_biglock);
  3981   4016   	if (mutex_retval != 0) {
  3982   4017   		CACKEY_DEBUG_PRINTF("Error.  Unlocking failed.");
  3983   4018   
  3984   4019   		return(CKR_GENERAL_ERROR);
  3985   4020   	}
................................................................................
  4177   4212   
  4178   4213   	CACKEY_DEBUG_PRINTF("Returning CKR_FUNCTION_NOT_SUPPORTED (%i)", CKR_FUNCTION_NOT_SUPPORTED);
  4179   4214   
  4180   4215   	return(CKR_FUNCTION_NOT_SUPPORTED);
  4181   4216   }
  4182   4217   
  4183   4218   CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) {
         4219  +	CK_SLOT_ID slotID;
  4184   4220   	int mutex_retval;
  4185   4221   
  4186   4222   	CACKEY_DEBUG_PRINTF("Called.");
  4187   4223   
  4188   4224   	if (!cackey_initialized) {
  4189   4225   		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
  4190   4226   
................................................................................
  4216   4252   		cackey_mutex_unlock(cackey_biglock);
  4217   4253   
  4218   4254   		CACKEY_DEBUG_PRINTF("Error.  Search already active.");
  4219   4255   		
  4220   4256   		return(CKR_OPERATION_ACTIVE);
  4221   4257   	}
  4222   4258   
  4223         -	if (cackey_slots[cackey_sessions[hSession].slotID].slot_reset) {
         4259  +	slotID = cackey_sessions[hSession].slotID;
         4260  +
         4261  +	if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
         4262  +		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID);
         4263  +
         4264  +		return(CKR_GENERAL_ERROR);
         4265  +	}
         4266  +
         4267  +	if (cackey_slots[slotID].active == 0) {
         4268  +		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
         4269  +
         4270  +		cackey_mutex_unlock(cackey_biglock);
         4271  +
         4272  +		return(CKR_GENERAL_ERROR);
         4273  +	}
         4274  +
         4275  +	if (cackey_slots[slotID].slot_reset) {
  4224   4276   		CACKEY_DEBUG_PRINTF("The slot has been reset since we last looked for identities -- rescanning");
  4225   4277   
  4226   4278   		if (cackey_sessions[hSession].identities != NULL) {
  4227   4279   			cackey_free_identities(cackey_sessions[hSession].identities, cackey_sessions[hSession].identities_count);
  4228   4280   
  4229   4281   			cackey_sessions[hSession].identities = NULL;
  4230   4282   			cackey_sessions[hSession].identities_count = 0;
  4231   4283   		}
  4232   4284   
  4233         -		if (cackey_slots[cackey_sessions[hSession].slotID].label != NULL) {
  4234         -			free(cackey_slots[cackey_sessions[hSession].slotID].label);
  4235         -			cackey_slots[cackey_sessions[hSession].slotID].label = NULL;
         4285  +		if (cackey_slots[slotID].label != NULL) {
         4286  +			free(cackey_slots[slotID].label);
         4287  +			cackey_slots[slotID].label = NULL;
  4236   4288   		}
  4237   4289   
  4238         -		cackey_slots[cackey_sessions[hSession].slotID].slot_reset = 0;
  4239         -		cackey_slots[cackey_sessions[hSession].slotID].token_flags = CKF_LOGIN_REQUIRED;
         4290  +		cackey_slots[slotID].slot_reset = 0;
         4291  +		cackey_slots[slotID].token_flags = CKF_LOGIN_REQUIRED;
  4240   4292   	}
  4241   4293   
  4242   4294   	if (cackey_sessions[hSession].identities == NULL) {
  4243         -		cackey_sessions[hSession].identities = cackey_read_identities(&cackey_slots[cackey_sessions[hSession].slotID], &cackey_sessions[hSession].identities_count);
         4295  +		cackey_sessions[hSession].identities = cackey_read_identities(&cackey_slots[slotID], &cackey_sessions[hSession].identities_count);
  4244   4296   	}
  4245   4297   
  4246   4298   	if (pTemplate != NULL) {
  4247   4299   		if (ulCount != 0) {
  4248   4300   			cackey_sessions[hSession].search_query_count = ulCount;
  4249   4301   			cackey_sessions[hSession].search_query = malloc(ulCount * sizeof(*pTemplate));
  4250   4302   
................................................................................
  4663   4715   
  4664   4716   	return(CKR_OK);
  4665   4717   }
  4666   4718   
  4667   4719   CK_DEFINE_FUNCTION(CK_RV, C_DecryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen) {
  4668   4720   	static CK_BYTE buf[16384];
  4669   4721   	ssize_t buflen;
         4722  +	CK_SLOT_ID slotID;
  4670   4723   	CK_RV retval = CKR_GENERAL_ERROR;
  4671   4724   	int mutex_retval;
  4672   4725   
  4673   4726   	CACKEY_DEBUG_PRINTF("Called.");
  4674   4727   
  4675   4728   	if (!cackey_initialized) {
  4676   4729   		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
................................................................................
  4727   4780   	if (!cackey_sessions[hSession].decrypt_active) {
  4728   4781   		cackey_mutex_unlock(cackey_biglock);
  4729   4782   
  4730   4783   		CACKEY_DEBUG_PRINTF("Error.  Decrypt not active.");
  4731   4784   		
  4732   4785   		return(CKR_OPERATION_NOT_INITIALIZED);
  4733   4786   	}
         4787  +
         4788  +	slotID = cackey_sessions[hSession].slotID;
         4789  +
         4790  +	if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
         4791  +		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID);
         4792  +
         4793  +		return(CKR_GENERAL_ERROR);
         4794  +	}
         4795  +
         4796  +	if (cackey_slots[slotID].active == 0) {
         4797  +		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
         4798  +
         4799  +		cackey_mutex_unlock(cackey_biglock);
         4800  +
         4801  +		return(CKR_GENERAL_ERROR);
         4802  +	}
  4734   4803   
  4735   4804   	switch (cackey_sessions[hSession].decrypt_mechanism) {
  4736   4805   		case CKM_RSA_PKCS:
  4737   4806   			/* Ask card to decrypt */
  4738         -			buflen = cackey_signdecrypt(&cackey_slots[cackey_sessions[hSession].slotID], cackey_sessions[hSession].decrypt_identity, pEncryptedPart, ulEncryptedPartLen, buf, sizeof(buf), 0, 1);
         4807  +			buflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].decrypt_identity, pEncryptedPart, ulEncryptedPartLen, buf, sizeof(buf), 0, 1);
  4739   4808   
  4740   4809   			if (buflen < 0) {
  4741   4810   				/* Decryption failed. */
  4742   4811   				retval = CKR_GENERAL_ERROR;
  4743   4812   			} else if (((unsigned long) buflen) > *pulPartLen && pPart) {
  4744   4813   				/* Decrypted data too large */
  4745   4814   				retval = CKR_BUFFER_TOO_SMALL;
................................................................................
  5133   5202   
  5134   5203   	return(CKR_OK);
  5135   5204   }
  5136   5205   
  5137   5206   CK_DEFINE_FUNCTION(CK_RV, C_SignFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) {
  5138   5207   	static CK_BYTE sigbuf[1024];
  5139   5208   	ssize_t sigbuflen;
         5209  +	CK_SLOT_ID slotID;
  5140   5210   	CK_RV retval = CKR_GENERAL_ERROR;
  5141   5211   	int terminate_sign = 1;
  5142   5212   	int mutex_retval;
  5143   5213   
  5144   5214   	CACKEY_DEBUG_PRINTF("Called.");
  5145   5215   
  5146   5216   	if (!cackey_initialized) {
................................................................................
  5179   5249   	if (!cackey_sessions[hSession].sign_active) {
  5180   5250   		cackey_mutex_unlock(cackey_biglock);
  5181   5251   
  5182   5252   		CACKEY_DEBUG_PRINTF("Error.  Sign not active.");
  5183   5253   		
  5184   5254   		return(CKR_OPERATION_NOT_INITIALIZED);
  5185   5255   	}
         5256  +
         5257  +	slotID = cackey_sessions[hSession].slotID;
         5258  +
         5259  +	if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
         5260  +		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID);
         5261  +
         5262  +		return(CKR_GENERAL_ERROR);
         5263  +	}
         5264  +
         5265  +	if (cackey_slots[slotID].active == 0) {
         5266  +		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
         5267  +
         5268  +		cackey_mutex_unlock(cackey_biglock);
         5269  +
         5270  +		return(CKR_GENERAL_ERROR);
         5271  +	}
  5186   5272   
  5187   5273   	switch (cackey_sessions[hSession].sign_mechanism) {
  5188   5274   		case CKM_RSA_PKCS:
  5189   5275   			/* Ask card to sign */
  5190   5276   			CACKEY_DEBUG_PRINTF("Asking to sign from identity %p in session %lu", cackey_sessions[hSession].sign_identity, (unsigned long) hSession);
  5191         -			sigbuflen = cackey_signdecrypt(&cackey_slots[cackey_sessions[hSession].slotID], cackey_sessions[hSession].sign_identity, cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_bufused, sigbuf, sizeof(sigbuf), 1, 0);
         5277  +			sigbuflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].sign_identity, cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_bufused, sigbuf, sizeof(sigbuf), 1, 0);
  5192   5278   
  5193   5279   			if (sigbuflen < 0) {
  5194   5280   				/* Signing failed. */
  5195   5281   				retval = CKR_GENERAL_ERROR;
  5196   5282   			} else if (((unsigned long) sigbuflen) > *pulSignatureLen && pSignature) {
  5197   5283   				/* Signed data too large */
  5198   5284   				CACKEY_DEBUG_PRINTF("retval = CKR_BUFFER_TOO_SMALL;  sigbuflen = %lu, pulSignatureLen = %lu", (unsigned long) sigbuflen, (unsigned long) *pulSignatureLen);