Check-in [fbed2df898]
Overview
Comment:Updated to try more application IDs for CACs
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: fbed2df8985248e290f0415c94f8e5b406426b0a
User & Date: rkeene on 2017-03-09 02:41:47
Other Links: manifest | tags
Context
2017-03-09
02:42
Better linking to zlib for AppFS build check-in: ee07cc40d0 user: rkeene tags: trunk
02:41
Updated to try more application IDs for CACs check-in: fbed2df898 user: rkeene tags: trunk
02:15
ChromeOS: Fix debug check-in: 1c45a8940d user: rkeene tags: trunk
Changes

Modified cackey.c from [3a53605d32] to [de5cf6edd0].

160
161
162
163
164
165
166

167
168
169
170
171
172
173
/*** PKI Information - EF 7000 ***/
#define GSCIS_TAG_CERTIFICATE         0x70
#define GSCIS_TAG_CERT_ISSUE_DATE     0x71
#define GSCIS_TAG_CERT_EXPIRE_DATE    0x72

/** Applet IDs **/
#define GSCIS_AID_CCC                 0xA0, 0x00, 0x00, 0x01, 0x16, 0xDB, 0x00

#define NISTSP800_73_3_PIV_AID        0xA0, 0x00, 0x00, 0x03, 0x08, 0x00, 0x00, 0x10, 0x00, 0x01, 0x00

/* PIV IDs */
/** Key Identifiers (NIST SP 800-78-3, Table 6-1 **/
#define NISTSP800_78_3_KEY_PIVAUTH   0x9A
#define NISTSP800_78_3_KEY_SIGNATURE 0x9C
#define NISTSP800_78_3_KEY_KEYMGT    0x9D







>







160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
/*** PKI Information - EF 7000 ***/
#define GSCIS_TAG_CERTIFICATE         0x70
#define GSCIS_TAG_CERT_ISSUE_DATE     0x71
#define GSCIS_TAG_CERT_EXPIRE_DATE    0x72

/** Applet IDs **/
#define GSCIS_AID_CCC                 0xA0, 0x00, 0x00, 0x01, 0x16, 0xDB, 0x00
#define GSCIS_AID_ID0                 0xA0, 0x00, 0x00, 0x00, 0x79, 0x01, 0x00
#define NISTSP800_73_3_PIV_AID        0xA0, 0x00, 0x00, 0x03, 0x08, 0x00, 0x00, 0x10, 0x00, 0x01, 0x00

/* PIV IDs */
/** Key Identifiers (NIST SP 800-78-3, Table 6-1 **/
#define NISTSP800_78_3_KEY_PIVAUTH   0x9A
#define NISTSP800_78_3_KEY_SIGNATURE 0x9C
#define NISTSP800_78_3_KEY_KEYMGT    0x9D
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
	static char buf_user[4096] = {0}; \
	snprintf(buf_user, sizeof(buf_user), x); \
	buf_user[sizeof(buf_user) - 1] = '\0'; \
	fprintf(cackey_debug_fd(), "[%lu]: %s():%i: %s\n", CACKEY_DEBUG_GETTIME(), __func__, __LINE__, buf_user); \
	fflush(cackey_debug_fd()); \
}
#  define CACKEY_DEBUG_PRINTBUF(f, x, y) { \
	static char buf_user[4096] = {0}, *buf_user_p, *buf_user_print; \
	unsigned long buf_user_size; \
	unsigned char *TMPBUF; \
	unsigned long idx; \
	int snprintf_ret; \
	TMPBUF = (unsigned char *) (x); \
	buf_user[0] = 0; \
	buf_user[2] = 0; \







|







214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
	static char buf_user[4096] = {0}; \
	snprintf(buf_user, sizeof(buf_user), x); \
	buf_user[sizeof(buf_user) - 1] = '\0'; \
	fprintf(cackey_debug_fd(), "[%lu]: %s():%i: %s\n", CACKEY_DEBUG_GETTIME(), __func__, __LINE__, buf_user); \
	fflush(cackey_debug_fd()); \
}
#  define CACKEY_DEBUG_PRINTBUF(f, x, y) { \
	static char buf_user[8192] = {0}, *buf_user_p, *buf_user_print; \
	unsigned long buf_user_size; \
	unsigned char *TMPBUF; \
	unsigned long idx; \
	int snprintf_ret; \
	TMPBUF = (unsigned char *) (x); \
	buf_user[0] = 0; \
	buf_user[2] = 0; \
2158
2159
2160
2161
2162
2163
2164


2165
2166
2167
2168
2169
2170
2171
2172
 *
 * NOTES
 *     This function reselects the "root" applet, after this function is called
 *     the user may be required to login again
 *
 */
static cackey_pcsc_id_type cackey_detect_and_select_root_applet(struct cackey_slot *slot, cackey_pcsc_id_type type_hint) {


	unsigned char ccc_aid[] = {GSCIS_AID_CCC}, piv_aid[] = {NISTSP800_73_3_PIV_AID};
	cackey_pcsc_id_type try_types[2], try_type;
	int send_ret;
	int idx;

	CACKEY_DEBUG_PRINTF("Reselecting the root applet");

	if (type_hint == CACKEY_ID_TYPE_UNKNOWN) {







>
>
|







2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
 *
 * NOTES
 *     This function reselects the "root" applet, after this function is called
 *     the user may be required to login again
 *
 */
static cackey_pcsc_id_type cackey_detect_and_select_root_applet(struct cackey_slot *slot, cackey_pcsc_id_type type_hint) {
	unsigned char cac_ccc_aid[] = {GSCIS_AID_CCC};
	unsigned char cac_id0_aid[] = {GSCIS_AID_ID0};
	unsigned char piv_aid[] = {NISTSP800_73_3_PIV_AID};
	cackey_pcsc_id_type try_types[2], try_type;
	int send_ret;
	int idx;

	CACKEY_DEBUG_PRINTF("Reselecting the root applet");

	if (type_hint == CACKEY_ID_TYPE_UNKNOWN) {
2195
2196
2197
2198
2199
2200
2201
2202



2203
2204
2205
2206
2207
2208
2209
	for (idx = 0; idx < (sizeof(try_types) / sizeof(try_types[0])); idx++) {
		try_type = try_types[idx];

		switch (try_type) {
			case CACKEY_ID_TYPE_CAC:
				CACKEY_DEBUG_PRINTF("Trying to select the CAC CCC applet");

				send_ret = cackey_select_applet(slot, ccc_aid, sizeof(ccc_aid));




				break;
			case CACKEY_ID_TYPE_PIV:
				CACKEY_DEBUG_PRINTF("Trying to select the PIV root applet");

				send_ret = cackey_select_applet(slot, piv_aid, sizeof(piv_aid));








|
>
>
>







2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
	for (idx = 0; idx < (sizeof(try_types) / sizeof(try_types[0])); idx++) {
		try_type = try_types[idx];

		switch (try_type) {
			case CACKEY_ID_TYPE_CAC:
				CACKEY_DEBUG_PRINTF("Trying to select the CAC CCC applet");

				send_ret = cackey_select_applet(slot, cac_ccc_aid, sizeof(cac_ccc_aid));
				if (send_ret != CACKEY_PCSC_S_OK) {
					send_ret = cackey_select_applet(slot, cac_id0_aid, sizeof(cac_id0_aid));
				}

				break;
			case CACKEY_ID_TYPE_PIV:
				CACKEY_DEBUG_PRINTF("Trying to select the PIV root applet");

				send_ret = cackey_select_applet(slot, piv_aid, sizeof(piv_aid));