Overview
| Comment: | Added routines for reading certificates
Updated OpenSession to use PC/SC certificates Comment and debugging update Updated to read in larger chunks to improve speed |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
06e07b8f0d3c1eeaa1618082d4f00bba |
| User & Date: | rkeene on 2010-05-12 21:52:55 |
| Other Links: | manifest | tags |
Context
|
2010-05-12
| ||
| 23:58 |
Moved certificate examination to occur during search initialization
Added support for logging in via PC/SC in C_Login() check-in: 0c536f15c1 user: rkeene tags: trunk | |
| 21:52 |
Added routines for reading certificates
Updated OpenSession to use PC/SC certificates Comment and debugging update Updated to read in larger chunks to improve speed check-in: 06e07b8f0d user: rkeene tags: trunk | |
| 19:35 |
Updated ignores
Updated read_tlv to return a list Added a free_tlv function Updated value->str conversion functions to be more flexible/direct Added sample code to select all PKI applets/files Simplified TLV entity check-in: 330efa4f3b user: rkeene tags: trunk | |
Changes
Modified cackey.c from [e9e3a11241] to [80414011fe].
| ︙ | ︙ | |||
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 | # define CKA_TRUST_CODE_SIGNING 0xce53635a #endif #ifndef CKA_TRUST_EMAIL_PROTECTION # define CKA_TRUST_EMAIL_PROTECTION 0xce53635b #endif /* GSC-IS v2.1 Definitions */ #define GSCIS_CLASS_ISO7816 0x00 #define GSCIS_CLASS_GLOBAL_PLATFORM 0x80 #define GSCIS_INSTR_GET_RESPONSE 0xC0 #define GSCIS_INSTR_READ_BINARY 0xB0 #define GSCIS_INSTR_UPDATE_BINARY 0xD6 #define GSCIS_INSTR_SELECT 0xA4 #define GSCIS_INSTR_EXTERNAL_AUTH 0x82 #define GSCIS_INSTR_GET_CHALLENGE 0x84 #define GSCIS_INSTR_INTERNAL_AUTH 0x88 #define GSCIS_INSTR_VERIFY 0x20 #define GSCIS_INSTR_SIGN 0x2A #define GSCIS_INSTR_GET_PROP 0x56 #define GSCIS_INSTR_GET_ACR 0x4C #define GSCIS_INSTR_READ_BUFFER 0x52 #define GSCIS_INSTR_SIGNDECRYPT 0x42 #define GSCIS_PARAM_SELECT_APPLET 0x04 | > > > | | | 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 | # define CKA_TRUST_CODE_SIGNING 0xce53635a #endif #ifndef CKA_TRUST_EMAIL_PROTECTION # define CKA_TRUST_EMAIL_PROTECTION 0xce53635b #endif /* GSC-IS v2.1 Definitions */ /** Classes **/ #define GSCIS_CLASS_ISO7816 0x00 #define GSCIS_CLASS_GLOBAL_PLATFORM 0x80 /** Instructions **/ #define GSCIS_INSTR_GET_RESPONSE 0xC0 #define GSCIS_INSTR_READ_BINARY 0xB0 #define GSCIS_INSTR_UPDATE_BINARY 0xD6 #define GSCIS_INSTR_SELECT 0xA4 #define GSCIS_INSTR_EXTERNAL_AUTH 0x82 #define GSCIS_INSTR_GET_CHALLENGE 0x84 #define GSCIS_INSTR_INTERNAL_AUTH 0x88 #define GSCIS_INSTR_VERIFY 0x20 #define GSCIS_INSTR_SIGN 0x2A #define GSCIS_INSTR_GET_PROP 0x56 #define GSCIS_INSTR_GET_ACR 0x4C #define GSCIS_INSTR_READ_BUFFER 0x52 #define GSCIS_INSTR_SIGNDECRYPT 0x42 #define GSCIS_PARAM_SELECT_APPLET 0x04 /** Tags **/ /*** CCC Tags ***/ #define GSCIS_TAG_CARDID 0xF0 #define GSCIS_TAG_CCC_VER 0xF1 #define GSCIS_TAG_CCG_VER 0xF2 #define GSCIS_TAG_CARDURL 0xF3 #define GSCIS_TAG_PKCS15 0xF4 #define GSCIS_TAG_REG_DATA_MODEL 0xF5 #define GSCIS_TAG_ACR_TABLE 0xF6 #define GSCIS_TAG_CARD_APDU 0xF7 #define GSCIS_TAG_REDIRECTION 0xFA #define GSCIS_TAG_CT 0xFB #define GSCIS_TAG_ST 0xFC #define GSCIS_TAG_NEXTCCC 0xFD /*** General - EF 2200 ***/ #define GSCIS_TAG_FNAME 0x01 #define GSCIS_TAG_MNAME 0x02 #define GSCIS_TAG_LNAME 0x03 #define GSCIS_TAG_SUFFIX 0x04 #define GSCIS_TAG_GOVT_AGENCY 0x05 #define GSCIS_TAG_BUREAU 0x06 #define GSCIS_TAG_BUREAU_CODE 0x07 |
| ︙ | ︙ | |||
111 112 113 114 115 116 117 | #define GSCIS_TAG_OFFICE_PHONE_EXT 0x18 #define GSCIS_TAG_OFFICE_FAX 0x19 #define GSCIS_TAG_OFFICE_EMAIL 0x1A #define GSCIS_TAG_OFFICE_ROOM 0x1B #define GSCIS_TAG_NONGOV_AGENCY 0x1C #define GSCIS_TAG_SSN_DESIGNATOR 0x1D | | | | | > > > | 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 |
#define GSCIS_TAG_OFFICE_PHONE_EXT 0x18
#define GSCIS_TAG_OFFICE_FAX 0x19
#define GSCIS_TAG_OFFICE_EMAIL 0x1A
#define GSCIS_TAG_OFFICE_ROOM 0x1B
#define GSCIS_TAG_NONGOV_AGENCY 0x1C
#define GSCIS_TAG_SSN_DESIGNATOR 0x1D
/*** PII - EF 2100 ***/
#define GSCIS_TAG_SSN 0x20
#define GSCIS_TAG_DOB 0x21
#define GSCIS_TAG_GENDER 0x22
/*** Login Information - EF 4000 ***/
#define GSCIS_TAG_USERID 0x40
#define GSCIS_TAG_DOMAIN 0x41
#define GSCIS_TAG_PASSWORD 0x42
/*** Card Information - EF 5000 ***/
#define GSCIS_TAG_ISSUERID 0x50
#define GSCIS_TAG_SERNO 0x51
#define GSCIS_TAG_ISSUE_DATE 0x52
#define GSCIS_TAG_EXPIRE_DATE 0x53
#define GSCIS_TAG_CARD_TYPE 0x54
#define GSCIS_TAG_SECURITY_CODE 0x57
#define GSCIS_TAG_CARDID_AID 0x58
/*** PKI Information - EF 7000 ***/
#define GSCIS_TAG_CERTIFICATE 0x70
#define GSCIS_TAG_CERT_ISSUE_DATE 0x71
#define GSCIS_TAG_CERT_EXPIRE_DATE 0x72
/** Applet IDs **/
#define GSCIS_AID_CCC 0xA0, 0x00, 0x00, 0x01, 0x16, 0xDB, 0x00
#ifdef CACKEY_DEBUG
# ifdef HAVE_STDIO_H
# include <stdio.h>
# endif
# define CACKEY_DEBUG_PRINTF(x...) { fprintf(stderr, "%s(): ", __func__); fprintf(stderr, x); fprintf(stderr, "\n"); }
# define CACKEY_DEBUG_PRINTBUF(f, x, y) { unsigned char *buf; unsigned long idx; buf = (unsigned char *) (x); fprintf(stderr, "%s(): %s (%s/%lu = {%02x", __func__, f, #x, (unsigned long) (y), buf[0]); for (idx = 1; idx < (y); idx++) { fprintf(stderr, ", %02x", buf[idx]); }; fprintf(stderr, "})\n"); }
|
| ︙ | ︙ | |||
386 387 388 389 390 391 392 393 394 395 396 397 398 399 |
}
return("UNKNOWN");
}
static const char *CACKEY_DEBUG_FUNC_APPTYPE_TO_STR(uint8_t apptype) {
switch (apptype) {
case 0x01:
return("CACKEY_TLV_APP_GENERIC");
case 0x02:
return("CACKEY_TLV_APP_SKI");
case 0x03:
return("CACKEY_TLV_APP_GENERIC | CACKEY_TLV_APP_SKI");
case 0x04:
| > > | 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 |
}
return("UNKNOWN");
}
static const char *CACKEY_DEBUG_FUNC_APPTYPE_TO_STR(uint8_t apptype) {
switch (apptype) {
case 0x00:
return("NONE");
case 0x01:
return("CACKEY_TLV_APP_GENERIC");
case 0x02:
return("CACKEY_TLV_APP_SKI");
case 0x03:
return("CACKEY_TLV_APP_GENERIC | CACKEY_TLV_APP_SKI");
case 0x04:
|
| ︙ | ︙ | |||
416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 |
# define CACKEY_DEBUG_PRINTBUF(f, x, y) /**/
# define CACKEY_DEBUG_PERROR(x) /**/
# define CACKEY_DEBUG_FUNC_TAG_TO_STR(x) "DEBUG_DISABLED"
# define CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(x) "DEBUG_DISABLED"
# define CACKEY_DEBUG_FUNC_OBJID_TO_STR(x) "DEBUG_DISABLED"
# define CACKEY_DEBUG_FUNC_APPTYPE_TO_STR(x) "DEBUG_DISABLED"
#endif
struct cackey_identity {
CK_ATTRIBUTE *attributes;
CK_ULONG attributes_count;
};
struct cackey_session {
int active;
| > > > > > > > > > > > > | 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 |
# define CACKEY_DEBUG_PRINTBUF(f, x, y) /**/
# define CACKEY_DEBUG_PERROR(x) /**/
# define CACKEY_DEBUG_FUNC_TAG_TO_STR(x) "DEBUG_DISABLED"
# define CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(x) "DEBUG_DISABLED"
# define CACKEY_DEBUG_FUNC_OBJID_TO_STR(x) "DEBUG_DISABLED"
# define CACKEY_DEBUG_FUNC_APPTYPE_TO_STR(x) "DEBUG_DISABLED"
#endif
struct cackey_pcsc_identity {
unsigned char applet[7];
uint16_t file;
unsigned char *label;
size_t certificate_len;
unsigned char *certificate;
};
struct cackey_identity {
struct cackey_pcsc_identity *identity;
CK_ATTRIBUTE *attributes;
CK_ULONG attributes_count;
};
struct cackey_session {
int active;
|
| ︙ | ︙ | |||
813 814 815 816 817 818 819 |
static ssize_t cackey_read_buffer(struct cackey_slot *slot, unsigned char *buffer, size_t count, unsigned char t_or_v, size_t initial_offset) {
size_t offset = 0, max_offset, max_count;
unsigned char cmd[2];
uint16_t respcode;
int send_ret;
| | | | 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 |
static ssize_t cackey_read_buffer(struct cackey_slot *slot, unsigned char *buffer, size_t count, unsigned char t_or_v, size_t initial_offset) {
size_t offset = 0, max_offset, max_count;
unsigned char cmd[2];
uint16_t respcode;
int send_ret;
CACKEY_DEBUG_PRINTF("Called.");
max_offset = count;
max_count = 252;
cmd[0] = t_or_v;
while (1) {
if (offset >= max_offset) {
CACKEY_DEBUG_PRINTF("Buffer too small, returning what we got...");
|
| ︙ | ︙ | |||
868 869 870 871 872 873 874 |
return(offset);
}
static int cackey_select_applet(struct cackey_slot *slot, unsigned char *aid, size_t aid_len) {
int send_ret;
| | | > > > > > > > | 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 |
return(offset);
}
static int cackey_select_applet(struct cackey_slot *slot, unsigned char *aid, size_t aid_len) {
int send_ret;
CACKEY_DEBUG_PRINTF("Called.");
CACKEY_DEBUG_PRINTBUF("Selecting applet:", aid, aid_len);
send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_SELECT, GSCIS_PARAM_SELECT_APPLET, 0x0C, aid_len, aid, 0x00, NULL, NULL, NULL);
if (send_ret < 0) {
CACKEY_DEBUG_PRINTF("Failed to open applet, returning in failure");
return(-1);
}
CACKEY_DEBUG_PRINTF("Successfully selected file");
return(0);
}
static int cackey_select_file(struct cackey_slot *slot, uint16_t ef) {
unsigned char fid_buf[2];
int send_ret;
CACKEY_DEBUG_PRINTF("Called.");
/* Open the elementary file */
fid_buf[0] = (ef >> 8) & 0xff;
fid_buf[1] = ef & 0xff;
CACKEY_DEBUG_PRINTF("Selecting file: %04lx", (unsigned long) ef);
send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_SELECT, 0x02, 0x0C, sizeof(fid_buf), fid_buf, 0x00, NULL, NULL, NULL);
if (send_ret < 0) {
CACKEY_DEBUG_PRINTF("Failed to open file, returning in failure");
return(-1);
}
CACKEY_DEBUG_PRINTF("Successfully selected file");
return(0);
}
static void cackey_free_tlv(struct cackey_tlv_entity *root) {
struct cackey_tlv_entity *curr, *next;
if (root == NULL) {
return;
}
for (curr = root; curr; curr = next) {
next = curr->_next;
switch (curr->tag) {
case GSCIS_TAG_ACR_TABLE:
case GSCIS_TAG_CERTIFICATE:
if (curr->value) {
free(curr->value);
}
break;
case GSCIS_TAG_CARDURL:
if (curr->value_cardurl) {
free(curr->value_cardurl);
|
| ︙ | ︙ | |||
942 943 944 945 946 947 948 | unsigned char *tmpbuf; ssize_t tlen, vlen; ssize_t read_ret; size_t offset_t = 0, offset_v = 0; unsigned char tag; size_t length; | | | 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 |
unsigned char *tmpbuf;
ssize_t tlen, vlen;
ssize_t read_ret;
size_t offset_t = 0, offset_v = 0;
unsigned char tag;
size_t length;
CACKEY_DEBUG_PRINTF("Called.");
read_ret = cackey_read_buffer(slot, tlen_buf, sizeof(tlen_buf), 1, offset_t);
if (read_ret != sizeof(tlen_buf)) {
CACKEY_DEBUG_PRINTF("Read failed, returning in failure");
return(NULL);
}
|
| ︙ | ︙ | |||
1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 | memcpy(tmpbuf, vval, length); curr_entity->tag = tag; curr_entity->length = length; curr_entity->value = tmpbuf; curr_entity->_next = NULL; break; case GSCIS_TAG_PKCS15: curr_entity = malloc(sizeof(*curr_entity)); curr_entity->tag = tag; curr_entity->value_byte = vval[0]; curr_entity->_next = NULL; | > > > > > > > > > > > > | 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 | memcpy(tmpbuf, vval, length); curr_entity->tag = tag; curr_entity->length = length; curr_entity->value = tmpbuf; curr_entity->_next = NULL; break; case GSCIS_TAG_CERTIFICATE: curr_entity = malloc(sizeof(*curr_entity)); tmpbuf = malloc(length); memcpy(tmpbuf, vval, length); curr_entity->tag = tag; curr_entity->length = length; curr_entity->value = tmpbuf; curr_entity->_next = NULL; break; case GSCIS_TAG_PKCS15: curr_entity = malloc(sizeof(*curr_entity)); curr_entity->tag = tag; curr_entity->value_byte = vval[0]; curr_entity->_next = NULL; |
| ︙ | ︙ | |||
1070 1071 1072 1073 1074 1075 1076 1077 | last = curr_entity; } } return(root); } | > > | > > > > > | > > > > > > > > > | | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > < < < < < < < < < < < < < < < < < < < < < < < < | 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 |
last = curr_entity;
}
}
return(root);
}
static void cackey_free_certs(struct cackey_pcsc_identity *start, size_t count, int free_start) {
size_t idx;
for (idx = 0; idx < count; idx++) {
if (start[idx].certificate) {
free(start[idx].certificate);
}
}
if (free_start) {
free(start);
}
return;
}
static struct cackey_pcsc_identity *cackey_read_certs(struct cackey_slot *slot, struct cackey_pcsc_identity *certs, unsigned long *count) {
struct cackey_pcsc_identity *curr_id;
struct cackey_tlv_entity *ccc_tlv, *ccc_curr, *app_tlv, *app_curr;
unsigned char ccc_aid[] = {GSCIS_AID_CCC};
unsigned char curr_aid[7];
unsigned long outidx = 0;
int certs_resizable;
int send_ret, select_ret;
CACKEY_DEBUG_PRINTF("Called.");
if (count == NULL) {
CACKEY_DEBUG_PRINTF("count is NULL, returning in failure");
return(NULL);
}
if (*count == 0) {
if (certs != NULL) {
CACKEY_DEBUG_PRINTF("Requested we return 0 objects, short-circuit");
return(certs);
}
}
if (certs == NULL) {
certs = malloc(sizeof(*certs) * 5);
*count = 5;
certs_resizable = 1;
} else {
certs_resizable = 0;
}
/* Select the CCC Applet */
send_ret = cackey_select_applet(slot, ccc_aid, sizeof(ccc_aid));
if (send_ret < 0) {
CACKEY_DEBUG_PRINTF("Unable to select CCC Applet, returning in failure");
return(NULL);
}
/* Read all the applets from the CCC's TLV */
ccc_tlv = cackey_read_tlv(slot);
/* Look for CARDURLs that coorespond to PKI applets */
for (ccc_curr = ccc_tlv; ccc_curr; ccc_curr = ccc_curr->_next) {
CACKEY_DEBUG_PRINTF("Found tag: %s ... ", CACKEY_DEBUG_FUNC_TAG_TO_STR(ccc_curr->tag));
if (ccc_curr->tag != GSCIS_TAG_CARDURL) {
CACKEY_DEBUG_PRINTF(" ... skipping it (we only care about CARDURLs)");
continue;
}
if ((ccc_curr->value_cardurl->apptype & CACKEY_TLV_APP_PKI) != CACKEY_TLV_APP_PKI) {
CACKEY_DEBUG_PRINTF(" ... skipping it (we only care about PKI applets, this applet supports: %s/%02x)", CACKEY_DEBUG_FUNC_APPTYPE_TO_STR(ccc_curr->value_cardurl->apptype), (unsigned int) ccc_curr->value_cardurl->apptype);
continue;
}
CACKEY_DEBUG_PRINTBUF("RID:", ccc_curr->value_cardurl->rid, sizeof(ccc_curr->value_cardurl->rid));
CACKEY_DEBUG_PRINTF("AppID = %s/%04lx", CACKEY_DEBUG_FUNC_OBJID_TO_STR(ccc_curr->value_cardurl->appid), (unsigned long) ccc_curr->value_cardurl->appid);
CACKEY_DEBUG_PRINTF("ObjectID = %s/%04lx", CACKEY_DEBUG_FUNC_OBJID_TO_STR(ccc_curr->value_cardurl->objectid), (unsigned long) ccc_curr->value_cardurl->objectid);
memcpy(curr_aid, ccc_curr->value_cardurl->rid, sizeof(ccc_curr->value_cardurl->rid));
curr_aid[sizeof(curr_aid) - 2] = (ccc_curr->value_cardurl->appid >> 8) & 0xff;
curr_aid[sizeof(curr_aid) - 1] = ccc_curr->value_cardurl->appid & 0xff;
/* Select found applet ... */
select_ret = cackey_select_applet(slot, curr_aid, sizeof(curr_aid));
if (select_ret < 0) {
CACKEY_DEBUG_PRINTF("Failed to select applet, skipping processing of this object");
continue;
}
/* ... and object (file) */
select_ret = cackey_select_file(slot, ccc_curr->value_cardurl->objectid);
if (select_ret < 0) {
CACKEY_DEBUG_PRINTF("Failed to select file, skipping processing of this object");
continue;
}
/* Process this file's TLV looking for certificates */
app_tlv = cackey_read_tlv(slot);
for (app_curr = app_tlv; app_curr; app_curr = app_curr->_next) {
CACKEY_DEBUG_PRINTF("Found tag: %s", CACKEY_DEBUG_FUNC_TAG_TO_STR(app_curr->tag));
if (app_curr->tag != GSCIS_TAG_CERTIFICATE) {
CACKEY_DEBUG_PRINTF(" ... skipping it (we only care about CERTIFICATEs)");
continue;
}
curr_id = &certs[outidx];
outidx++;
memcpy(curr_id->applet, curr_aid, sizeof(curr_id->applet));
curr_id->file = ccc_curr->value_cardurl->objectid;
curr_id->label = NULL;
curr_id->certificate_len = app_curr->length;
curr_id->certificate = malloc(curr_id->certificate_len);
memcpy(curr_id->certificate, app_curr->value, curr_id->certificate_len);
if (outidx >= *count) {
if (certs_resizable) {
*count *= 2;
certs = realloc(certs, sizeof(*certs) * (*count));
} else {
break;
}
}
}
cackey_free_tlv(app_tlv);
if (outidx >= *count) {
break;
}
}
cackey_free_tlv(ccc_tlv);
*count = outidx;
if (certs_resizable) {
certs = realloc(certs, sizeof(*certs) * (*count));
}
return(certs);
}
/* Returns 1 if a token is in the specified slot, 0 otherwise */
static int cackey_token_present(struct cackey_slot *slot) {
unsigned char ccc_aid[] = {GSCIS_AID_CCC};
int send_ret;
/* Select the CCC Applet */
send_ret = cackey_select_applet(slot, ccc_aid, sizeof(ccc_aid));
if (send_ret < 0) {
return(0);
}
return(1);
}
/* Returns 0 on success */
static int cackey_mutex_create(void **mutex) {
pthread_mutex_t *pthread_mutex;
int pthread_retval;
|
| ︙ | ︙ | |||
1220 1221 1222 1223 1224 1225 1226 |
}
CACKEY_DEBUG_PRINTF("Returning sucessfully (0)");
return(0);
}
| | | 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 |
}
CACKEY_DEBUG_PRINTF("Returning sucessfully (0)");
return(0);
}
static CK_ATTRIBUTE_PTR cackey_get_attributes(CK_OBJECT_CLASS objectclass, struct cackey_pcsc_identity *identity, unsigned long identity_num, CK_ULONG_PTR pulCount) {
static CK_BBOOL ck_true = 1;
static CK_BBOOL ck_false = 0;
CK_ULONG numattrs = 0, retval_count;
CK_ATTRIBUTE_TYPE curr_attr_type;
CK_ATTRIBUTE curr_attr, *retval;
CK_VOID_PTR pValue;
CK_ULONG ulValueLen;
|
| ︙ | ︙ | |||
2121 2122 2123 2124 2125 2126 2127 2128 2129 |
CACKEY_DEBUG_PRINTF("Returning CKR_FUNCTION_NOT_SUPPORTED (%i)", CKR_FUNCTION_NOT_SUPPORTED);
return(CKR_FUNCTION_NOT_SUPPORTED);
}
CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY notify, CK_SESSION_HANDLE_PTR phSession) {
struct cackey_identity *identities;
unsigned long idx, num_ids, id_idx, curr_id_type;
| > < | < < | 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 |
CACKEY_DEBUG_PRINTF("Returning CKR_FUNCTION_NOT_SUPPORTED (%i)", CKR_FUNCTION_NOT_SUPPORTED);
return(CKR_FUNCTION_NOT_SUPPORTED);
}
CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY notify, CK_SESSION_HANDLE_PTR phSession) {
struct cackey_pcsc_identity *pcsc_identities;
struct cackey_identity *identities;
unsigned long idx, num_ids, id_idx, curr_id_type;
unsigned long num_certs, cert_idx;
int mutex_retval;
int found_session = 0;
CACKEY_DEBUG_PRINTF("Called.");
if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID);
|
| ︙ | ︙ | |||
2155 2156 2157 2158 2159 2160 2161 |
if (!cackey_initialized) {
CACKEY_DEBUG_PRINTF("Error. Not initialized.");
return(CKR_CRYPTOKI_NOT_INITIALIZED);
}
/* Verify that the card is actually in the slot. */
| < | < | | < | 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 |
if (!cackey_initialized) {
CACKEY_DEBUG_PRINTF("Error. Not initialized.");
return(CKR_CRYPTOKI_NOT_INITIALIZED);
}
/* Verify that the card is actually in the slot. */
if (!cackey_token_present(&cackey_slots[slotID])) {
CACKEY_DEBUG_PRINTF("Error. Card not present. Returning CKR_DEVICE_REMOVED");
return(CKR_DEVICE_REMOVED);
}
mutex_retval = cackey_mutex_lock(cackey_biglock);
if (mutex_retval != 0) {
CACKEY_DEBUG_PRINTF("Error. Locking failed.");
return(CKR_GENERAL_ERROR);
|
| ︙ | ︙ | |||
2188 2189 2190 2191 2192 2193 2194 | cackey_sessions[idx].ulDeviceError = 0; cackey_sessions[idx].pApplication = pApplication; cackey_sessions[idx].Notify = notify; cackey_sessions[idx].identities = NULL; cackey_sessions[idx].identities_count = 0; | | < < | | | < < | > > | 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 |
cackey_sessions[idx].ulDeviceError = 0;
cackey_sessions[idx].pApplication = pApplication;
cackey_sessions[idx].Notify = notify;
cackey_sessions[idx].identities = NULL;
cackey_sessions[idx].identities_count = 0;
pcsc_identities = cackey_read_certs(&cackey_slots[slotID], NULL, &num_certs);
if (pcsc_identities != NULL) {
/* Convert number of IDs to number of objects */
num_ids = (CKO_PRIVATE_KEY - CKO_CERTIFICATE + 1) * num_certs;
identities = malloc(num_ids * sizeof(*identities));
id_idx = 0;
for (cert_idx = 0; cert_idx < num_certs; cert_idx++) {
for (curr_id_type = CKO_CERTIFICATE; curr_id_type <= CKO_PRIVATE_KEY; curr_id_type++) {
identities[id_idx].attributes = cackey_get_attributes(curr_id_type, &pcsc_identities[cert_idx], -1, &identities[id_idx].attributes_count);
if (identities[id_idx].attributes == NULL) {
identities[id_idx].attributes_count = 0;
}
id_idx++;
}
}
cackey_sessions[idx].identities = identities;
cackey_sessions[idx].identities_count = num_ids;
cackey_free_certs(pcsc_identities, num_certs, 1);
}
cackey_sessions[idx].search_active = 0;
cackey_sessions[idx].sign_active = 0;
cackey_sessions[idx].decrypt_active = 0;
|
| ︙ | ︙ |