Diff

Differences From Artifact [e9e3a11241]:

To Artifact [80414011fe]:


    53     53   #  define CKA_TRUST_CODE_SIGNING 0xce53635a
    54     54   #endif
    55     55   #ifndef CKA_TRUST_EMAIL_PROTECTION
    56     56   #  define CKA_TRUST_EMAIL_PROTECTION 0xce53635b
    57     57   #endif
    58     58   
    59     59   /* GSC-IS v2.1 Definitions */
           60  +/** Classes **/
    60     61   #define GSCIS_CLASS_ISO7816           0x00
    61     62   #define GSCIS_CLASS_GLOBAL_PLATFORM   0x80
    62     63   
           64  +/** Instructions **/
    63     65   #define GSCIS_INSTR_GET_RESPONSE      0xC0
    64     66   #define GSCIS_INSTR_READ_BINARY       0xB0
    65     67   #define GSCIS_INSTR_UPDATE_BINARY     0xD6
    66     68   #define GSCIS_INSTR_SELECT            0xA4
    67     69   #define GSCIS_INSTR_EXTERNAL_AUTH     0x82
    68     70   #define GSCIS_INSTR_GET_CHALLENGE     0x84
    69     71   #define GSCIS_INSTR_INTERNAL_AUTH     0x88
................................................................................
    72     74   #define GSCIS_INSTR_GET_PROP          0x56
    73     75   #define GSCIS_INSTR_GET_ACR           0x4C
    74     76   #define GSCIS_INSTR_READ_BUFFER       0x52
    75     77   #define GSCIS_INSTR_SIGNDECRYPT       0x42
    76     78   
    77     79   #define GSCIS_PARAM_SELECT_APPLET     0x04
    78     80   
    79         -/* CCC */
           81  +/** Tags **/
           82  +/*** CCC Tags ***/
    80     83   #define GSCIS_TAG_CARDID              0xF0
    81     84   #define GSCIS_TAG_CCC_VER             0xF1
    82     85   #define GSCIS_TAG_CCG_VER             0xF2
    83     86   #define GSCIS_TAG_CARDURL             0xF3
    84     87   #define GSCIS_TAG_PKCS15              0xF4
    85     88   #define GSCIS_TAG_REG_DATA_MODEL      0xF5
    86     89   #define GSCIS_TAG_ACR_TABLE           0xF6
    87     90   #define GSCIS_TAG_CARD_APDU           0xF7
    88     91   #define GSCIS_TAG_REDIRECTION         0xFA
    89     92   #define GSCIS_TAG_CT                  0xFB
    90     93   #define GSCIS_TAG_ST                  0xFC
    91     94   #define GSCIS_TAG_NEXTCCC             0xFD
    92     95   
    93         -/* General - EF 2200 */
           96  +/*** General - EF 2200 ***/
    94     97   #define GSCIS_TAG_FNAME               0x01
    95     98   #define GSCIS_TAG_MNAME               0x02
    96     99   #define GSCIS_TAG_LNAME               0x03
    97    100   #define GSCIS_TAG_SUFFIX              0x04
    98    101   #define GSCIS_TAG_GOVT_AGENCY         0x05
    99    102   #define GSCIS_TAG_BUREAU              0x06
   100    103   #define GSCIS_TAG_BUREAU_CODE         0x07
................................................................................
   111    114   #define GSCIS_TAG_OFFICE_PHONE_EXT    0x18
   112    115   #define GSCIS_TAG_OFFICE_FAX          0x19
   113    116   #define GSCIS_TAG_OFFICE_EMAIL        0x1A
   114    117   #define GSCIS_TAG_OFFICE_ROOM         0x1B
   115    118   #define GSCIS_TAG_NONGOV_AGENCY       0x1C
   116    119   #define GSCIS_TAG_SSN_DESIGNATOR      0x1D
   117    120   
   118         -/* PII - EF 2100 */
          121  +/*** PII - EF 2100 ***/
   119    122   #define GSCIS_TAG_SSN                 0x20
   120    123   #define GSCIS_TAG_DOB                 0x21
   121    124   #define GSCIS_TAG_GENDER              0x22
   122    125   
   123         -/* Login Information - EF 4000 */
          126  +/*** Login Information - EF 4000 ***/
   124    127   #define GSCIS_TAG_USERID              0x40
   125    128   #define GSCIS_TAG_DOMAIN              0x41
   126    129   #define GSCIS_TAG_PASSWORD            0x42
   127    130   
   128         -/* Card Information - EF 5000 */
          131  +/*** Card Information - EF 5000 ***/
   129    132   #define GSCIS_TAG_ISSUERID            0x50
   130    133   #define GSCIS_TAG_SERNO               0x51
   131    134   #define GSCIS_TAG_ISSUE_DATE          0x52
   132    135   #define GSCIS_TAG_EXPIRE_DATE         0x53
   133    136   #define GSCIS_TAG_CARD_TYPE           0x54
   134    137   #define GSCIS_TAG_SECURITY_CODE       0x57
   135    138   #define GSCIS_TAG_CARDID_AID          0x58
   136    139   
   137         -/* PKI Information - EF 7000 */
          140  +/*** PKI Information - EF 7000 ***/
   138    141   #define GSCIS_TAG_CERTIFICATE         0x70
   139    142   #define GSCIS_TAG_CERT_ISSUE_DATE     0x71
   140    143   #define GSCIS_TAG_CERT_EXPIRE_DATE    0x72
   141    144   
          145  +/** Applet IDs **/
          146  +#define GSCIS_AID_CCC                 0xA0, 0x00, 0x00, 0x01, 0x16, 0xDB, 0x00
          147  +
   142    148   #ifdef CACKEY_DEBUG
   143    149   #  ifdef HAVE_STDIO_H
   144    150   #    include <stdio.h>
   145    151   #  endif
   146    152   
   147    153   #  define CACKEY_DEBUG_PRINTF(x...) { fprintf(stderr, "%s(): ", __func__); fprintf(stderr, x); fprintf(stderr, "\n"); }
   148    154   #  define CACKEY_DEBUG_PRINTBUF(f, x, y) { unsigned char *buf; unsigned long idx; buf = (unsigned char *) (x); fprintf(stderr, "%s(): %s  (%s/%lu = {%02x", __func__, f, #x, (unsigned long) (y), buf[0]); for (idx = 1; idx < (y); idx++) { fprintf(stderr, ", %02x", buf[idx]); }; fprintf(stderr, "})\n"); }
................................................................................
   386    392   	}
   387    393   	
   388    394   	return("UNKNOWN");
   389    395   }
   390    396   
   391    397   static const char *CACKEY_DEBUG_FUNC_APPTYPE_TO_STR(uint8_t apptype) {
   392    398   	switch (apptype) {
          399  +		case 0x00:
          400  +			return("NONE");
   393    401   		case 0x01:
   394    402   			return("CACKEY_TLV_APP_GENERIC");
   395    403   		case 0x02:
   396    404   			return("CACKEY_TLV_APP_SKI");
   397    405   		case 0x03:
   398    406   			return("CACKEY_TLV_APP_GENERIC | CACKEY_TLV_APP_SKI");
   399    407   		case 0x04:
................................................................................
   416    424   #  define CACKEY_DEBUG_PRINTBUF(f, x, y) /**/
   417    425   #  define CACKEY_DEBUG_PERROR(x) /**/
   418    426   #  define CACKEY_DEBUG_FUNC_TAG_TO_STR(x) "DEBUG_DISABLED"
   419    427   #  define CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(x) "DEBUG_DISABLED"
   420    428   #  define CACKEY_DEBUG_FUNC_OBJID_TO_STR(x) "DEBUG_DISABLED"
   421    429   #  define CACKEY_DEBUG_FUNC_APPTYPE_TO_STR(x) "DEBUG_DISABLED"
   422    430   #endif
          431  +
          432  +struct cackey_pcsc_identity {
          433  +	unsigned char applet[7];
          434  +	uint16_t file;
          435  +
          436  +	unsigned char *label;
          437  +
          438  +	size_t certificate_len;
          439  +	unsigned char *certificate;
          440  +};
   423    441   
   424    442   struct cackey_identity {
          443  +	struct cackey_pcsc_identity *identity;
          444  +
   425    445   	CK_ATTRIBUTE *attributes;
   426    446   	CK_ULONG attributes_count;
   427    447   };
   428    448   
   429    449   struct cackey_session {
   430    450   	int active;
   431    451   
................................................................................
   813    833   
   814    834   static ssize_t cackey_read_buffer(struct cackey_slot *slot, unsigned char *buffer, size_t count, unsigned char t_or_v, size_t initial_offset) {
   815    835   	size_t offset = 0, max_offset, max_count;
   816    836   	unsigned char cmd[2];
   817    837   	uint16_t respcode;
   818    838   	int send_ret;
   819    839   
   820         -	CACKEY_DEBUG_PRINTF("Called");
          840  +	CACKEY_DEBUG_PRINTF("Called.");
   821    841   
   822    842   	max_offset = count;
   823         -	max_count = 64;
          843  +	max_count = 252;
   824    844   
   825    845   	cmd[0] = t_or_v;
   826    846   
   827    847   	while (1) {
   828    848   		if (offset >= max_offset) {
   829    849   			CACKEY_DEBUG_PRINTF("Buffer too small, returning what we got...");
   830    850   
................................................................................
   868    888   
   869    889   	return(offset);
   870    890   }
   871    891   
   872    892   static int cackey_select_applet(struct cackey_slot *slot, unsigned char *aid, size_t aid_len) {
   873    893   	int send_ret;
   874    894   
   875         -	CACKEY_DEBUG_PRINTF("Called");
          895  +	CACKEY_DEBUG_PRINTF("Called.");
   876    896   
   877    897   	CACKEY_DEBUG_PRINTBUF("Selecting applet:", aid, aid_len);
   878    898   
   879    899   	send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_SELECT, GSCIS_PARAM_SELECT_APPLET, 0x0C, aid_len, aid, 0x00, NULL, NULL, NULL);
   880    900   	if (send_ret < 0) {
   881    901   		CACKEY_DEBUG_PRINTF("Failed to open applet, returning in failure");
   882    902   
................................................................................
   888    908   	return(0);
   889    909   }
   890    910   
   891    911   static int cackey_select_file(struct cackey_slot *slot, uint16_t ef) {
   892    912   	unsigned char fid_buf[2];
   893    913   	int send_ret;
   894    914   
   895         -	CACKEY_DEBUG_PRINTF("Called");
          915  +	CACKEY_DEBUG_PRINTF("Called.");
   896    916   
   897    917   	/* Open the elementary file */
   898    918   	fid_buf[0] = (ef >> 8) & 0xff;
   899    919   	fid_buf[1] = ef & 0xff;
          920  +
          921  +	CACKEY_DEBUG_PRINTF("Selecting file: %04lx", (unsigned long) ef);
   900    922   
   901    923   	send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_SELECT, 0x02, 0x0C, sizeof(fid_buf), fid_buf, 0x00, NULL, NULL, NULL);
   902    924   	if (send_ret < 0) {
   903    925   		CACKEY_DEBUG_PRINTF("Failed to open file, returning in failure");
   904    926   
   905    927   		return(-1);
   906    928   	}
................................................................................
   908    930   	CACKEY_DEBUG_PRINTF("Successfully selected file");
   909    931   
   910    932   	return(0);
   911    933   }
   912    934   
   913    935   static void cackey_free_tlv(struct cackey_tlv_entity *root) {
   914    936   	struct cackey_tlv_entity *curr, *next;
          937  +
          938  +	if (root == NULL) {
          939  +		return;
          940  +	}
   915    941   
   916    942   	for (curr = root; curr; curr = next) {
   917    943   		next = curr->_next;
   918    944   
   919    945   		switch (curr->tag) {
   920    946   			case GSCIS_TAG_ACR_TABLE:
          947  +			case GSCIS_TAG_CERTIFICATE:
   921    948   				if (curr->value) {
   922    949   					free(curr->value);
   923    950   				}
   924    951   				break;
   925    952   			case GSCIS_TAG_CARDURL:
   926    953   				if (curr->value_cardurl) {
   927    954   					free(curr->value_cardurl);
................................................................................
   942    969   	unsigned char *tmpbuf;
   943    970   	ssize_t tlen, vlen;
   944    971   	ssize_t read_ret;
   945    972   	size_t offset_t = 0, offset_v = 0;
   946    973   	unsigned char tag;
   947    974   	size_t length;
   948    975   
   949         -	CACKEY_DEBUG_PRINTF("Called");
          976  +	CACKEY_DEBUG_PRINTF("Called.");
   950    977   
   951    978   	read_ret = cackey_read_buffer(slot, tlen_buf, sizeof(tlen_buf), 1, offset_t);
   952    979   	if (read_ret != sizeof(tlen_buf)) {
   953    980   		CACKEY_DEBUG_PRINTF("Read failed, returning in failure");
   954    981   
   955    982   		return(NULL);
   956    983   	}
................................................................................
  1044   1071   				memcpy(tmpbuf, vval, length);
  1045   1072   
  1046   1073   				curr_entity->tag = tag;
  1047   1074   				curr_entity->length = length;
  1048   1075   				curr_entity->value = tmpbuf;
  1049   1076   				curr_entity->_next = NULL;
  1050   1077   
         1078  +				break;
         1079  +			case GSCIS_TAG_CERTIFICATE:
         1080  +				curr_entity = malloc(sizeof(*curr_entity));
         1081  +				tmpbuf = malloc(length);
         1082  +
         1083  +				memcpy(tmpbuf, vval, length);
         1084  +
         1085  +				curr_entity->tag = tag;
         1086  +				curr_entity->length = length;
         1087  +				curr_entity->value = tmpbuf;
         1088  +				curr_entity->_next = NULL;
         1089  +
  1051   1090   				break;
  1052   1091   			case GSCIS_TAG_PKCS15:
  1053   1092   				curr_entity = malloc(sizeof(*curr_entity));
  1054   1093   
  1055   1094   				curr_entity->tag = tag;
  1056   1095   				curr_entity->value_byte = vval[0];
  1057   1096   				curr_entity->_next = NULL;
................................................................................
  1070   1109   
  1071   1110   			last = curr_entity;
  1072   1111   		}
  1073   1112   	}
  1074   1113   
  1075   1114   	return(root);
  1076   1115   }
         1116  +
         1117  +static void cackey_free_certs(struct cackey_pcsc_identity *start, size_t count, int free_start) {
         1118  +	size_t idx;
         1119  +
         1120  +	for (idx = 0; idx < count; idx++) {
         1121  +		if (start[idx].certificate) {
         1122  +			free(start[idx].certificate);
         1123  +		}
         1124  +	}
         1125  +
         1126  +	if (free_start) {
         1127  +		free(start);
         1128  +	}
         1129  +
         1130  +	return;
         1131  +}
         1132  +
         1133  +static struct cackey_pcsc_identity *cackey_read_certs(struct cackey_slot *slot, struct cackey_pcsc_identity *certs, unsigned long *count) {
         1134  +	struct cackey_pcsc_identity *curr_id;
         1135  +	struct cackey_tlv_entity *ccc_tlv, *ccc_curr, *app_tlv, *app_curr;
         1136  +	unsigned char ccc_aid[] = {GSCIS_AID_CCC};
         1137  +	unsigned char curr_aid[7];
         1138  +	unsigned long outidx = 0;
         1139  +	int certs_resizable;
         1140  +	int send_ret, select_ret;
         1141  +
         1142  +	CACKEY_DEBUG_PRINTF("Called.");
         1143  +
         1144  +	if (count == NULL) {
         1145  +		CACKEY_DEBUG_PRINTF("count is NULL, returning in failure");
         1146  +
         1147  +		return(NULL);
         1148  +	}
         1149  +
         1150  +	if (*count == 0) {
         1151  +		if (certs != NULL) {
         1152  +			CACKEY_DEBUG_PRINTF("Requested we return 0 objects, short-circuit");
         1153  +
         1154  +			return(certs);
         1155  +		}
         1156  +	}
         1157  +
         1158  +	if (certs == NULL) {
         1159  +		certs = malloc(sizeof(*certs) * 5);
         1160  +		*count = 5;
         1161  +		certs_resizable = 1;
         1162  +	} else {
         1163  +		certs_resizable = 0;
         1164  +	}
         1165  +
         1166  +	/* Select the CCC Applet */
         1167  +	send_ret = cackey_select_applet(slot, ccc_aid, sizeof(ccc_aid));
         1168  +	if (send_ret < 0) {
         1169  +		CACKEY_DEBUG_PRINTF("Unable to select CCC Applet, returning in failure");
         1170  +
         1171  +		return(NULL);
         1172  +	}
         1173  +
         1174  +	/* Read all the applets from the CCC's TLV */
         1175  +	ccc_tlv = cackey_read_tlv(slot);
         1176  +
         1177  +	/* Look for CARDURLs that coorespond to PKI applets */
         1178  +	for (ccc_curr = ccc_tlv; ccc_curr; ccc_curr = ccc_curr->_next) {
         1179  +		CACKEY_DEBUG_PRINTF("Found tag: %s ... ", CACKEY_DEBUG_FUNC_TAG_TO_STR(ccc_curr->tag));
         1180  +
         1181  +		if (ccc_curr->tag != GSCIS_TAG_CARDURL) {
         1182  +			CACKEY_DEBUG_PRINTF("  ... skipping it (we only care about CARDURLs)");
         1183  +
         1184  +			continue;
         1185  +		}
         1186  +
         1187  +		if ((ccc_curr->value_cardurl->apptype & CACKEY_TLV_APP_PKI) != CACKEY_TLV_APP_PKI) {
         1188  +			CACKEY_DEBUG_PRINTF("  ... skipping it (we only care about PKI applets, this applet supports: %s/%02x)", CACKEY_DEBUG_FUNC_APPTYPE_TO_STR(ccc_curr->value_cardurl->apptype), (unsigned int) ccc_curr->value_cardurl->apptype);
         1189  +
         1190  +			continue;
         1191  +		}
         1192  +
         1193  +		CACKEY_DEBUG_PRINTBUF("RID:", ccc_curr->value_cardurl->rid, sizeof(ccc_curr->value_cardurl->rid));
         1194  +		CACKEY_DEBUG_PRINTF("AppID = %s/%04lx", CACKEY_DEBUG_FUNC_OBJID_TO_STR(ccc_curr->value_cardurl->appid), (unsigned long) ccc_curr->value_cardurl->appid);
         1195  +		CACKEY_DEBUG_PRINTF("ObjectID = %s/%04lx", CACKEY_DEBUG_FUNC_OBJID_TO_STR(ccc_curr->value_cardurl->objectid), (unsigned long) ccc_curr->value_cardurl->objectid);
         1196  +
         1197  +		memcpy(curr_aid, ccc_curr->value_cardurl->rid, sizeof(ccc_curr->value_cardurl->rid));
         1198  +		curr_aid[sizeof(curr_aid) - 2] = (ccc_curr->value_cardurl->appid >> 8) & 0xff;
         1199  +		curr_aid[sizeof(curr_aid) - 1] = ccc_curr->value_cardurl->appid & 0xff;
         1200  +
         1201  +		/* Select found applet ... */
         1202  +		select_ret = cackey_select_applet(slot, curr_aid, sizeof(curr_aid));
         1203  +		if (select_ret < 0) {
         1204  +			CACKEY_DEBUG_PRINTF("Failed to select applet, skipping processing of this object");
         1205  +
         1206  +			continue;
         1207  +		}
         1208  +
         1209  +		/* ... and object (file) */
         1210  +		select_ret = cackey_select_file(slot, ccc_curr->value_cardurl->objectid);
         1211  +		if (select_ret < 0) {
         1212  +			CACKEY_DEBUG_PRINTF("Failed to select file, skipping processing of this object");
         1213  +
         1214  +			continue;
         1215  +		}
         1216  +
         1217  +		/* Process this file's TLV looking for certificates */
         1218  +		app_tlv = cackey_read_tlv(slot);
         1219  +
         1220  +		for (app_curr = app_tlv; app_curr; app_curr = app_curr->_next) {
         1221  +			CACKEY_DEBUG_PRINTF("Found tag: %s", CACKEY_DEBUG_FUNC_TAG_TO_STR(app_curr->tag));
         1222  +			if (app_curr->tag != GSCIS_TAG_CERTIFICATE) {
         1223  +				CACKEY_DEBUG_PRINTF("  ... skipping it (we only care about CERTIFICATEs)");
         1224  +
         1225  +				continue;
         1226  +			}
         1227  +
         1228  +			curr_id = &certs[outidx];
         1229  +			outidx++;
         1230  +
         1231  +			memcpy(curr_id->applet, curr_aid, sizeof(curr_id->applet));
         1232  +			curr_id->file = ccc_curr->value_cardurl->objectid;
         1233  +			curr_id->label = NULL;
         1234  +
         1235  +			curr_id->certificate_len = app_curr->length;
         1236  +
         1237  +			curr_id->certificate = malloc(curr_id->certificate_len);
         1238  +			memcpy(curr_id->certificate, app_curr->value, curr_id->certificate_len);
         1239  +
         1240  +			if (outidx >= *count) {
         1241  +				if (certs_resizable) {
         1242  +					*count *= 2;
         1243  +					certs = realloc(certs, sizeof(*certs) * (*count));
         1244  +				} else {
         1245  +					break;
         1246  +				}
         1247  +			}
         1248  +		}
         1249  +
         1250  +		cackey_free_tlv(app_tlv);
         1251  +
         1252  +		if (outidx >= *count) {
         1253  +			break;
         1254  +		}
         1255  +	}
         1256  +
         1257  +	cackey_free_tlv(ccc_tlv);
         1258  +
         1259  +	*count = outidx;
         1260  +
         1261  +	if (certs_resizable) {
         1262  +		certs = realloc(certs, sizeof(*certs) * (*count));
         1263  +	}
         1264  +
         1265  +	return(certs);
         1266  +}
  1077   1267   
  1078   1268   /* Returns 1 if a token is in the specified slot, 0 otherwise */
  1079   1269   static int cackey_token_present(struct cackey_slot *slot) {
  1080         -	struct cackey_tlv_entity *tlvs, *curr;
  1081         -	unsigned char ccc_aid[] = {0xa0, 0x00, 0x00, 0x01, 0x16, 0xdb, 0x00};
  1082         -	unsigned char curr_aid[7];
         1270  +	unsigned char ccc_aid[] = {GSCIS_AID_CCC};
  1083   1271   	int send_ret;
  1084   1272   
  1085   1273   	/* Select the CCC Applet */
  1086   1274   	send_ret = cackey_select_applet(slot, ccc_aid, sizeof(ccc_aid));
  1087   1275   	if (send_ret < 0) {
  1088   1276   		return(0);
  1089   1277   	}
  1090   1278   
  1091         -	tlvs = cackey_read_tlv(slot);
  1092         -
  1093         -	for (curr = tlvs; curr; curr = curr->_next) {
  1094         -		CACKEY_DEBUG_PRINTF("Found tag: %s", CACKEY_DEBUG_FUNC_TAG_TO_STR(curr->tag));
  1095         -		switch (curr->tag) {
  1096         -			case GSCIS_TAG_CARDURL:
  1097         -				if ((curr->value_cardurl->apptype & CACKEY_TLV_APP_PKI) == CACKEY_TLV_APP_PKI) {
  1098         -					CACKEY_DEBUG_PRINTBUF("RID:", curr->value_cardurl->rid, sizeof(curr->value_cardurl->rid));
  1099         -					CACKEY_DEBUG_PRINTF("AppID = %s/%04lx", CACKEY_DEBUG_FUNC_OBJID_TO_STR(curr->value_cardurl->appid), (unsigned long) curr->value_cardurl->appid);
  1100         -					CACKEY_DEBUG_PRINTF("ObjectID = %s/%04lx", CACKEY_DEBUG_FUNC_OBJID_TO_STR(curr->value_cardurl->objectid), (unsigned long) curr->value_cardurl->objectid);
  1101         -
  1102         -					memcpy(curr_aid, curr->value_cardurl->rid, sizeof(curr->value_cardurl->rid));
  1103         -					curr_aid[sizeof(curr_aid) - 2] = (curr->value_cardurl->appid >> 8) & 0xff;
  1104         -					curr_aid[sizeof(curr_aid) - 1] = curr->value_cardurl->appid & 0xff;
  1105         -
  1106         -					cackey_select_applet(slot, curr_aid, sizeof(curr_aid));
  1107         -					cackey_select_file(slot, curr->value_cardurl->objectid);
  1108         -				}
  1109         -				break;
  1110         -		}
  1111         -	}
  1112         -
  1113         -	cackey_free_tlv(tlvs);
  1114         -
  1115   1279   	return(1);
  1116   1280   }
  1117   1281   
  1118   1282   /* Returns 0 on success */
  1119   1283   static int cackey_mutex_create(void **mutex) {
  1120   1284   	pthread_mutex_t *pthread_mutex;
  1121   1285   	int pthread_retval;
................................................................................
  1220   1384   	}
  1221   1385   
  1222   1386   	CACKEY_DEBUG_PRINTF("Returning sucessfully (0)");
  1223   1387   
  1224   1388   	return(0);
  1225   1389   }
  1226   1390   
  1227         -static CK_ATTRIBUTE_PTR cackey_get_attributes(CK_OBJECT_CLASS objectclass, void *identity, unsigned long identity_num, CK_ULONG_PTR pulCount) {
         1391  +static CK_ATTRIBUTE_PTR cackey_get_attributes(CK_OBJECT_CLASS objectclass, struct cackey_pcsc_identity *identity, unsigned long identity_num, CK_ULONG_PTR pulCount) {
  1228   1392   	static CK_BBOOL ck_true = 1;
  1229   1393   	static CK_BBOOL ck_false = 0;
  1230   1394   	CK_ULONG numattrs = 0, retval_count;
  1231   1395   	CK_ATTRIBUTE_TYPE curr_attr_type;
  1232   1396   	CK_ATTRIBUTE curr_attr, *retval;
  1233   1397   	CK_VOID_PTR pValue;
  1234   1398   	CK_ULONG ulValueLen;
................................................................................
  2121   2285   
  2122   2286   	CACKEY_DEBUG_PRINTF("Returning CKR_FUNCTION_NOT_SUPPORTED (%i)", CKR_FUNCTION_NOT_SUPPORTED);
  2123   2287   
  2124   2288   	return(CKR_FUNCTION_NOT_SUPPORTED);
  2125   2289   }
  2126   2290   
  2127   2291   CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY notify, CK_SESSION_HANDLE_PTR phSession) {
         2292  +	struct cackey_pcsc_identity *pcsc_identities;
  2128   2293   	struct cackey_identity *identities;
  2129   2294   	unsigned long idx, num_ids, id_idx, curr_id_type;
  2130         -#if 0
  2131         -	CK_BYTE sigbuf[1024];
  2132         -	ssize_t sigbuflen;
  2133         -#endif
         2295  +	unsigned long num_certs, cert_idx;
  2134   2296   	int mutex_retval;
  2135   2297   	int found_session = 0;
  2136   2298   
  2137   2299   	CACKEY_DEBUG_PRINTF("Called.");
  2138   2300   
  2139   2301   	if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
  2140   2302   		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID);
................................................................................
  2155   2317   	if (!cackey_initialized) {
  2156   2318   		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
  2157   2319   
  2158   2320   		return(CKR_CRYPTOKI_NOT_INITIALIZED);
  2159   2321   	}
  2160   2322   
  2161   2323   	/* Verify that the card is actually in the slot. */
  2162         -	/* XXX: Talk to card */
  2163         -	if (0) {
  2164         -		if (0) {
  2165         -			CACKEY_DEBUG_PRINTF("Error.  Card not present.  Returning CKR_DEVICE_REMOVED");
         2324  +	if (!cackey_token_present(&cackey_slots[slotID])) {
         2325  +		CACKEY_DEBUG_PRINTF("Error.  Card not present.  Returning CKR_DEVICE_REMOVED");
  2166   2326   
  2167         -			return(CKR_DEVICE_REMOVED);
  2168         -		}
         2327  +		return(CKR_DEVICE_REMOVED);
  2169   2328   	}
  2170   2329   
  2171   2330   	mutex_retval = cackey_mutex_lock(cackey_biglock);
  2172   2331   	if (mutex_retval != 0) {
  2173   2332   		CACKEY_DEBUG_PRINTF("Error.  Locking failed.");
  2174   2333   
  2175   2334   		return(CKR_GENERAL_ERROR);
................................................................................
  2188   2347   			cackey_sessions[idx].ulDeviceError = 0;
  2189   2348   			cackey_sessions[idx].pApplication = pApplication;
  2190   2349   			cackey_sessions[idx].Notify = notify;
  2191   2350   
  2192   2351   			cackey_sessions[idx].identities = NULL;
  2193   2352   			cackey_sessions[idx].identities_count = 0;
  2194   2353   
  2195         -			if (0) {
  2196         -				num_ids = 0;
  2197         -				/* XXX: Determine number of IDs */
  2198         -
         2354  +			pcsc_identities = cackey_read_certs(&cackey_slots[slotID], NULL, &num_certs);
         2355  +			if (pcsc_identities != NULL) {
  2199   2356   				/* Convert number of IDs to number of objects */
  2200         -				num_ids = (CKO_PRIVATE_KEY - CKO_CERTIFICATE + 1) * num_ids;
         2357  +				num_ids = (CKO_PRIVATE_KEY - CKO_CERTIFICATE + 1) * num_certs;
  2201   2358   
  2202   2359   				identities = malloc(num_ids * sizeof(*identities));
  2203   2360   
  2204   2361   				id_idx = 0;
  2205         -				for (;;) {
         2362  +				for (cert_idx = 0; cert_idx < num_certs; cert_idx++) {
  2206   2363   					for (curr_id_type = CKO_CERTIFICATE; curr_id_type <= CKO_PRIVATE_KEY; curr_id_type++) {
  2207         -						/* XXX: Determine base index */
  2208         -
  2209         -						identities[id_idx].attributes = cackey_get_attributes(curr_id_type, NULL, -1, &identities[id_idx].attributes_count);
         2364  +						identities[id_idx].attributes = cackey_get_attributes(curr_id_type, &pcsc_identities[cert_idx], -1, &identities[id_idx].attributes_count);
  2210   2365   
  2211   2366   						if (identities[id_idx].attributes == NULL) {
  2212   2367   							identities[id_idx].attributes_count = 0;
  2213   2368   						}
  2214   2369   
  2215   2370   						id_idx++;
  2216   2371   					}
  2217   2372   				}
  2218   2373   
  2219   2374   				cackey_sessions[idx].identities = identities;
  2220   2375   				cackey_sessions[idx].identities_count = num_ids;
         2376  +
         2377  +				cackey_free_certs(pcsc_identities, num_certs, 1);
  2221   2378   			}
  2222   2379   
  2223   2380   			cackey_sessions[idx].search_active = 0;
  2224   2381   
  2225   2382   			cackey_sessions[idx].sign_active = 0;
  2226   2383   
  2227   2384   			cackey_sessions[idx].decrypt_active = 0;