Overview
| Comment: | Merged in changes from piv |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | protected-auth-path |
| Files: | files | file ages | folders |
| SHA1: |
5f8f3e59a7e878f209ac206c41d2ae0a |
| User & Date: | rkeene on 2013-09-14 04:11:55 |
| Other Links: | branch diff | manifest | tags |
Context
|
2014-01-17
| ||
| 13:42 | Merged in trunk check-in: b5af3ab373 user: rkeene tags: protected-auth-path | |
|
2013-09-14
| ||
| 04:11 | Merged in changes from piv check-in: 5f8f3e59a7 user: rkeene tags: protected-auth-path | |
| 02:50 | Updated to treat a return code of 0x6E00 (wrong instruction class) the same as 0x6982 (security status not satisified) check-in: 2e1e0bfc20 user: rkeene tags: piv | |
|
2013-08-14
| ||
| 06:29 | Updated to not dead-lock when prompting for PIN during a signing operation check-in: 27d18fd03a user: rkeene tags: protected-auth-path | |
Changes
Modified cackey.c from [37c3fd69d4] to [5ad2713a20].
| ︙ | ︙ | |||
876 877 878 879 880 881 882 | #include "cackey_builtin_certs.h" }; /* Protected Authentication Path command */ #define CACKEY_PIN_COMMAND_DEFAULT_XSTR(str) CACKEY_PIN_COMMAND_DEFAULT_STR(str) #define CACKEY_PIN_COMMAND_DEFAULT_STR(str) #str static char *cackey_pin_command = NULL; | < | 876 877 878 879 880 881 882 883 884 885 886 887 888 889 |
#include "cackey_builtin_certs.h"
};
/* Protected Authentication Path command */
#define CACKEY_PIN_COMMAND_DEFAULT_XSTR(str) CACKEY_PIN_COMMAND_DEFAULT_STR(str)
#define CACKEY_PIN_COMMAND_DEFAULT_STR(str) #str
static char *cackey_pin_command = NULL;
/* PCSC Global Handles */
static LPSCARDCONTEXT cackey_pcsc_handle = NULL;
static unsigned long cackey_getversion(void) {
static unsigned long retval = 255;
unsigned long major = 0;
|
| ︙ | ︙ | |||
2453 2454 2455 2456 2457 2458 2459 |
}
if (!slot->slot_reset) {
if (slot->cached_certs) {
if (certs == NULL) {
certs = malloc(sizeof(*certs) * slot->cached_certs_count);
*count = slot->cached_certs_count;
| < | 2452 2453 2454 2455 2456 2457 2458 2459 2460 2461 2462 2463 2464 2465 |
}
if (!slot->slot_reset) {
if (slot->cached_certs) {
if (certs == NULL) {
certs = malloc(sizeof(*certs) * slot->cached_certs_count);
*count = slot->cached_certs_count;
} else {
if (*count > slot->cached_certs_count) {
*count = slot->cached_certs_count;
}
}
cackey_copy_certs(certs, slot->cached_certs, *count);
|
| ︙ | ︙ | |||
2871 2872 2873 2874 2875 2876 2877 |
}
}
/* End transaction */
cackey_end_transaction(slot);
if (respcode == 0x6982 || respcode == 0x6e00) {
| | | 2869 2870 2871 2872 2873 2874 2875 2876 2877 2878 2879 2880 2881 2882 2883 |
}
}
/* End transaction */
cackey_end_transaction(slot);
if (respcode == 0x6982 || respcode == 0x6e00) {
CACKEY_DEBUG_PRINTF("Security status not satisified (respcode = 0x%04x). Returning NEEDLOGIN", (int) respcode);
cackey_mark_slot_reset(slot);
return(CACKEY_PCSC_E_NEEDLOGIN);
}
if (send_ret == CACKEY_PCSC_E_TOKENABSENT) {
|
| ︙ | ︙ | |||
3081 3082 3083 3084 3085 3086 3087 3088 3089 3090 3091 3092 3093 3094 |
CACKEY_DEBUG_PRINTF("We recently had a PIV card, so we will attempt to authenticate using the PIV Application key reference");
key_reference = 0x80;
break;
default:
break;
}
}
/* Issue PIN Verify */
send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_VERIFY, 0x00, key_reference, sizeof(cac_pin), cac_pin, 0x00, &response_code, NULL, NULL);
if (send_ret != CACKEY_PCSC_S_OK) {
if ((response_code & 0x63C0) == 0x63C0) {
| > > | 3079 3080 3081 3082 3083 3084 3085 3086 3087 3088 3089 3090 3091 3092 3093 3094 |
CACKEY_DEBUG_PRINTF("We recently had a PIV card, so we will attempt to authenticate using the PIV Application key reference");
key_reference = 0x80;
break;
default:
break;
}
cackey_free_certs(pcsc_identities, num_certs, 1);
}
/* Issue PIN Verify */
send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_VERIFY, 0x00, key_reference, sizeof(cac_pin), cac_pin, 0x00, &response_code, NULL, NULL);
if (send_ret != CACKEY_PCSC_S_OK) {
if ((response_code & 0x63C0) == 0x63C0) {
|
| ︙ | ︙ | |||
4079 4080 4081 4082 4083 4084 4085 4086 4087 4088 4089 4090 4091 4092 |
return(NULL);
}
CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) {
CK_C_INITIALIZE_ARGS CK_PTR args;
uint32_t idx, highest_slot;
int mutex_init_ret;
CACKEY_DEBUG_PRINTF("Called.");
if (cackey_initialized) {
CACKEY_DEBUG_PRINTF("Error. Already initialized.");
return(CKR_CRYPTOKI_ALREADY_INITIALIZED);
| > | 4079 4080 4081 4082 4083 4084 4085 4086 4087 4088 4089 4090 4091 4092 4093 |
return(NULL);
}
CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) {
CK_C_INITIALIZE_ARGS CK_PTR args;
uint32_t idx, highest_slot;
int mutex_init_ret;
int include_dod_certs;
CACKEY_DEBUG_PRINTF("Called.");
if (cackey_initialized) {
CACKEY_DEBUG_PRINTF("Error. Already initialized.");
return(CKR_CRYPTOKI_ALREADY_INITIALIZED);
|
| ︙ | ︙ | |||
4122 4123 4124 4125 4126 4127 4128 4129 4130 4131 4132 4133 4134 4135 4136 |
cackey_slots[idx].transaction_need_hw_lock = 0;
cackey_slots[idx].slot_reset = 0;
cackey_slots[idx].token_flags = 0;
cackey_slots[idx].label = NULL;
cackey_slots[idx].internal = 0;
}
if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) {
CACKEY_DEBUG_PRINTF("Asked not to include DoD certificates");
} else {
highest_slot = (sizeof(cackey_slots) / sizeof(cackey_slots[0])) - 1;
CACKEY_DEBUG_PRINTF("Including DoD certs in slot %lu", (unsigned long) highest_slot);
cackey_slots[highest_slot].active = 1;
| > > > > > > > > > > > > > > | 4123 4124 4125 4126 4127 4128 4129 4130 4131 4132 4133 4134 4135 4136 4137 4138 4139 4140 4141 4142 4143 4144 4145 4146 4147 4148 4149 4150 4151 |
cackey_slots[idx].transaction_need_hw_lock = 0;
cackey_slots[idx].slot_reset = 0;
cackey_slots[idx].token_flags = 0;
cackey_slots[idx].label = NULL;
cackey_slots[idx].internal = 0;
}
#ifdef CACKEY_NO_EXTRA_CERTS
if (getenv("CACKEY_EXTRA_CERTS") != NULL) {
include_dod_certs = 1;
} else {
include_dod_certs = 0;
}
#else
if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) {
include_dod_certs = 0;
} else {
include_dod_certs = 1;
}
#endif
if (include_dod_certs == 0) {
CACKEY_DEBUG_PRINTF("Asked not to include DoD certificates");
} else {
highest_slot = (sizeof(cackey_slots) / sizeof(cackey_slots[0])) - 1;
CACKEY_DEBUG_PRINTF("Including DoD certs in slot %lu", (unsigned long) highest_slot);
cackey_slots[highest_slot].active = 1;
|
| ︙ | ︙ | |||
4154 4155 4156 4157 4158 4159 4160 4161 | cackey_biglock_init = 1; } /* Define a command to prompt user for a PIN */ #ifdef CACKEY_PIN_COMMAND_DEFAULT cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT); #endif #ifdef CACKEY_PIN_COMMAND_XONLY_DEFAULT | > > | > | | < < < < | 4169 4170 4171 4172 4173 4174 4175 4176 4177 4178 4179 4180 4181 4182 4183 4184 4185 4186 4187 4188 4189 4190 4191 4192 4193 4194 4195 4196 4197 |
cackey_biglock_init = 1;
}
/* Define a command to prompt user for a PIN */
#ifdef CACKEY_PIN_COMMAND_DEFAULT
cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT);
#endif
#ifdef CACKEY_PIN_COMMAND_XONLY_DEFAULT
if (getenv("DISPLAY") != NULL) {
cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT);
}
#endif
if (getenv("CACKEY_PIN_COMMAND") != NULL) {
cackey_pin_command = getenv("CACKEY_PIN_COMMAND");
}
if (getenv("CACKEY_PIN_COMMAND_XONLY") != NULL && getenv("DISPLAY") != NULL) {
cackey_pin_command = getenv("CACKEY_PIN_COMMAND_XONLY");
}
CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
return(CKR_OK);
}
CK_DEFINE_FUNCTION(CK_RV, C_Finalize)(CK_VOID_PTR pReserved) {
uint32_t idx;
|
| ︙ | ︙ |