Changes In Branch protected-auth-path Through [14d49a499f] Excluding Merge-Ins
This is equivalent to a diff from 8a76f09a85 to 14d49a499f
|
2013-08-19
| ||
| 03:19 | Fixed memory leak when checking PIV certificates check-in: 182c88b988 user: rkeene tags: piv | |
|
2013-08-18
| ||
| 06:53 | First work towards implementing C_WaitForSlotEvent check-in: 4d4946cc1f user: rkeene tags: wait-for-slot-event | |
|
2013-08-14
| ||
| 06:29 | Updated to not dead-lock when prompting for PIN during a signing operation check-in: 27d18fd03a user: rkeene tags: protected-auth-path | |
| 05:53 | If using Protected Authentication Path, don't set the LOGIN_REQUIRED flag check-in: 14d49a499f user: rkeene tags: protected-auth-path | |
| 04:54 | Added support for enabling the PROTECTED_AUTHENTICATION_PATH flag for the token if a command to provide the PIN is configured check-in: 8a76f09a85 user: rkeene tags: piv | |
| 04:49 | Merged trunk check-in: 2e12e46ded user: rkeene tags: piv | |
| 04:22 | Merged in updates check-in: 5469f9a4d0 user: rkeene tags: protected-auth-path | |
Modified cackey.c from [ce38432e82] to [345685b667].
| ︙ | ︙ | |||
1114 1115 1116 1117 1118 1119 1120 |
if (slot->pcsc_card_connected) {
SCardDisconnect(slot->pcsc_card, SCARD_LEAVE_CARD);
}
slot->slot_reset = 1;
slot->pcsc_card_connected = 0;
| > | > > > | 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 |
if (slot->pcsc_card_connected) {
SCardDisconnect(slot->pcsc_card, SCARD_LEAVE_CARD);
}
slot->slot_reset = 1;
slot->pcsc_card_connected = 0;
if (cackey_pin_command == NULL) {
slot->token_flags = CKF_LOGIN_REQUIRED;
} else {
slot->token_flags = 0;
}
CACKEY_DEBUG_PRINTF("Returning.");
return;
}
/*
|
| ︙ | ︙ | |||
2870 2871 2872 2873 2874 2875 2876 |
/* End transaction */
cackey_end_transaction(slot);
if (respcode == 0x6982) {
CACKEY_DEBUG_PRINTF("Security status not satisified. Returning NEEDLOGIN");
cackey_mark_slot_reset(slot);
| < | 2874 2875 2876 2877 2878 2879 2880 2881 2882 2883 2884 2885 2886 2887 |
/* End transaction */
cackey_end_transaction(slot);
if (respcode == 0x6982) {
CACKEY_DEBUG_PRINTF("Security status not satisified. Returning NEEDLOGIN");
cackey_mark_slot_reset(slot);
return(CACKEY_PCSC_E_NEEDLOGIN);
}
if (send_ret == CACKEY_PCSC_E_TOKENABSENT) {
CACKEY_DEBUG_PRINTF("Token absent. Returning TOKENABSENT");
|
| ︙ | ︙ | |||
4418 4419 4420 4421 4422 4423 4424 |
if (slot_reset) {
cackey_slots[currslot].active = 1;
cackey_slots[currslot].internal = 0;
cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);
cackey_slots[currslot].pcsc_card_connected = 0;
cackey_slots[currslot].transaction_depth = 0;
cackey_slots[currslot].transaction_need_hw_lock = 0;
| > | > > > | 4421 4422 4423 4424 4425 4426 4427 4428 4429 4430 4431 4432 4433 4434 4435 4436 4437 4438 4439 |
if (slot_reset) {
cackey_slots[currslot].active = 1;
cackey_slots[currslot].internal = 0;
cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);
cackey_slots[currslot].pcsc_card_connected = 0;
cackey_slots[currslot].transaction_depth = 0;
cackey_slots[currslot].transaction_need_hw_lock = 0;
if (cackey_pin_command == NULL) {
cackey_slots[currslot].token_flags = CKF_LOGIN_REQUIRED;
} else {
cackey_slots[currslot].token_flags = 0;
}
cackey_slots[currslot].label = NULL;
cackey_mark_slot_reset(&cackey_slots[currslot]);
}
} else {
/* Artificially increase the number of active slots by what will become active */
slot_count++;
|
| ︙ | ︙ | |||
5373 5374 5375 5376 5377 5378 5379 | cackey_mutex_unlock(cackey_biglock); return(CKR_GENERAL_ERROR); } cackey_sessions[hSession].state = CKS_RO_PUBLIC_SESSION; | > > | > > > | 5380 5381 5382 5383 5384 5385 5386 5387 5388 5389 5390 5391 5392 5393 5394 5395 5396 5397 5398 5399 |
cackey_mutex_unlock(cackey_biglock);
return(CKR_GENERAL_ERROR);
}
cackey_sessions[hSession].state = CKS_RO_PUBLIC_SESSION;
if (cackey_pin_command == NULL) {
cackey_slots[slotID].token_flags = CKF_LOGIN_REQUIRED;
} else {
cackey_slots[slotID].token_flags = 0;
}
mutex_retval = cackey_mutex_unlock(cackey_biglock);
if (mutex_retval != 0) {
CACKEY_DEBUG_PRINTF("Error. Unlocking failed.");
return(CKR_GENERAL_ERROR);
}
|
| ︙ | ︙ | |||
6297 6298 6299 6300 6301 6302 6303 6304 6305 6306 6307 6308 6309 6310 |
return(CKR_GENERAL_ERROR);
}
switch (cackey_sessions[hSession].decrypt_mechanism) {
case CKM_RSA_PKCS:
/* Ask card to decrypt */
buflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].decrypt_identity, pEncryptedPart, ulEncryptedPartLen, buf, sizeof(buf), 0, 1);
if (buflen < 0) {
/* Decryption failed. */
if (buflen == CACKEY_PCSC_E_NEEDLOGIN) {
retval = CKR_USER_NOT_LOGGED_IN;
} else if (buflen == CACKEY_PCSC_E_TOKENABSENT) {
retval = CKR_DEVICE_REMOVED;
| > > > > > > | 6309 6310 6311 6312 6313 6314 6315 6316 6317 6318 6319 6320 6321 6322 6323 6324 6325 6326 6327 6328 |
return(CKR_GENERAL_ERROR);
}
switch (cackey_sessions[hSession].decrypt_mechanism) {
case CKM_RSA_PKCS:
/* Ask card to decrypt */
buflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].decrypt_identity, pEncryptedPart, ulEncryptedPartLen, buf, sizeof(buf), 0, 1);
if (buflen == CACKEY_PCSC_E_NEEDLOGIN && cackey_pin_command != NULL) {
if (C_Login(hSession, CKU_USER, NULL, 0) == CKR_OK) {
buflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].decrypt_identity, pEncryptedPart, ulEncryptedPartLen, buf, sizeof(buf), 0, 1);
}
}
if (buflen < 0) {
/* Decryption failed. */
if (buflen == CACKEY_PCSC_E_NEEDLOGIN) {
retval = CKR_USER_NOT_LOGGED_IN;
} else if (buflen == CACKEY_PCSC_E_TOKENABSENT) {
retval = CKR_DEVICE_REMOVED;
|
| ︙ | ︙ | |||
6808 6809 6810 6811 6812 6813 6814 6815 6816 6817 6818 6819 6820 6821 |
}
switch (cackey_sessions[hSession].sign_mechanism) {
case CKM_RSA_PKCS:
/* Ask card to sign */
CACKEY_DEBUG_PRINTF("Asking to sign from identity %p in session %lu", (void *) cackey_sessions[hSession].sign_identity, (unsigned long) hSession);
sigbuflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].sign_identity, cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_bufused, sigbuf, sizeof(sigbuf), 1, 0);
if (sigbuflen < 0) {
/* Signing failed. */
if (sigbuflen == CACKEY_PCSC_E_NEEDLOGIN) {
retval = CKR_USER_NOT_LOGGED_IN;
} else if (sigbuflen == CACKEY_PCSC_E_TOKENABSENT) {
retval = CKR_DEVICE_REMOVED;
| > > > > > > | 6826 6827 6828 6829 6830 6831 6832 6833 6834 6835 6836 6837 6838 6839 6840 6841 6842 6843 6844 6845 |
}
switch (cackey_sessions[hSession].sign_mechanism) {
case CKM_RSA_PKCS:
/* Ask card to sign */
CACKEY_DEBUG_PRINTF("Asking to sign from identity %p in session %lu", (void *) cackey_sessions[hSession].sign_identity, (unsigned long) hSession);
sigbuflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].sign_identity, cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_bufused, sigbuf, sizeof(sigbuf), 1, 0);
if (sigbuflen == CACKEY_PCSC_E_NEEDLOGIN && cackey_pin_command != NULL) {
if (C_Login(hSession, CKU_USER, NULL, 0) == CKR_OK) {
sigbuflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].sign_identity, cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_bufused, sigbuf, sizeof(sigbuf), 1, 0);
}
}
if (sigbuflen < 0) {
/* Signing failed. */
if (sigbuflen == CACKEY_PCSC_E_NEEDLOGIN) {
retval = CKR_USER_NOT_LOGGED_IN;
} else if (sigbuflen == CACKEY_PCSC_E_TOKENABSENT) {
retval = CKR_DEVICE_REMOVED;
|
| ︙ | ︙ |