Check-in [40726d3b6c]
Overview
Comment:Removed unused variables

Began work towards talking to the smartcard through PC/SC

Began work on a GSC-IS v2.1 SPM implementation

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:40726d3b6c5518c28b72f68b87454028cd3f5897
User & Date: rkeene on 2010-05-11 16:49:46
Other Links: manifest | tags
Context
2010-05-12
14:52
Added test driver (from libssh-agent-pkcs11-provider)

Added basic ASN.1 X.509 BER decoder (from libssh-agent-pkcs11-provider)

Work towards updating CACKey to talk to CAC using PC/SC check-in: a3d727289c user: rkeene tags: trunk

2010-05-11
16:49
Removed unused variables

Began work towards talking to the smartcard through PC/SC

Began work on a GSC-IS v2.1 SPM implementation check-in: 40726d3b6c user: rkeene tags: trunk

2010-05-04
19:04
Copied SSH Agent PKCS11 Provider to CACKey for use as a base check-in: 074f157a6a user: rkeene tags: trunk
Changes

Modified Makefile.in from [3fb5f04961] to [af3c88d20b].

     1      1   CC = @PTHREAD_CC@
     2      2   CFLAGS = @CFLAGS@ @PTHREAD_CFLAGS@
     3         -DEBUGCFLAGS = @CFLAGS@ @PTHREAD_CFLAGS@
            3  +DEBUGCFLAGS = @CFLAGS@ @PTHREAD_CFLAGS@ -DCACKEY_DEBUG=1
     4      4   CPPFLAGS = @CPPFLAGS@ @DEFS@ -I./pkcs11/
     5         -DEBUGCPPFLAGS = @CPPFLAGS@ @DEFS@
            5  +DEBUGCPPFLAGS = @CPPFLAGS@ -DCACKEY_DEBUG=1 -I./pkcs11/ @DEFS@
     6      6   LDFLAGS = @LDFLAGS@
     7      7   LIBS = @LIBS@ @PTHREAD_LIBS@
     8      8   SHOBJFLAGS = @SHOBJFLAGS@
     9      9   SHOBJLDFLAGS = @SHOBJLDFLAGS@
    10     10   AR = @AR@
    11     11   RANLIB = @RANLIB@
    12     12   prefix = @prefix@

Modified aclocal/dc_pcscheaders.m4 from [253ee75c46] to [0105515e9a].

     7      7   	for headerpath in /usr/include /usr/local/include /usr/cac/include; do
     8      8   		for subdir in smartcard PCSC pcsc pcsclite ""; do
     9      9   			headerdir="${headerpath}/${subdir}"
    10     10   			CFLAGS="${SAVE_CFLAGS} -I${headerdir}"
    11     11   			CPPFLAGS="${SAVE_CPPFLAGS} -I${headerdir}"
    12     12   
    13     13   			unset ac_cv_header_pcsclite_h
           14  +			unset ac_cv_header_winscard_h
    14     15   
    15     16   			AC_CHECK_HEADER(pcsclite.h, [
    16     17   				AC_DEFINE(HAVE_PCSCLITE_H, [1], [Define if you have the PCSC-Lite header file (you should)])
    17     18   
           19  +				ADD_CFLAGS=" -I${headerdir}"
           20  +				ADD_CPPFLAGS=" -I${headerdir}"
           21  +
           22  +				break
           23  +			])
           24  +
           25  +			AC_CHECK_HEADER(winscard.h, [
           26  +				AC_DEFINE(HAVE_WINSCARD_H, [1], [Define if you have the PCSC-Lite header file (you should)])
           27  +
    18     28   				ADD_CFLAGS=" -I${headerdir}"
    19     29   				ADD_CPPFLAGS=" -I${headerdir}"
    20     30   
    21     31   				break
    22     32   			])
    23     33   		done
    24     34   
................................................................................
    25     35   		if test -n "${ADD_CFLAGS}" -o -n "${ADD_CPPFLAGS}"; then
    26     36   			break
    27     37   		fi
    28     38   	done
    29     39   
    30     40   	CFLAGS="${SAVE_CFLAGS}${ADD_CFLAGS}"
    31     41   	CPPFLAGS="${SAVE_CPPFLAGS}${ADD_CPPFLAGS}"
           42  +
           43  +	unset ac_cv_header_winscard_h
           44  +	AC_CHECK_HEADER(winscard.h, [
           45  +		AC_DEFINE(HAVE_WINSCARD_H, [1], [Define if you have the PCSC-Lite header file (you should)])
           46  +	])
           47  +])
           48  +
           49  +AC_DEFUN(DC_PCSC_LIBS, [
           50  +	for lib in pcsclite pcsc-lite pcsc; do
           51  +		AC_CHECK_LIB(${lib}, SCardEstablishContext, [
           52  +			LIBS="${LIBS} -l${lib}"
           53  +
           54  +			break
           55  +		])
           56  +	done
           57  +
           58  +	AC_CHECK_FUNCS(SCardIsValidContext)
           59  +])
           60  +
           61  +AC_DEFUN(DC_PCSC, [
           62  +	DC_PCSC_HEADERS
           63  +	DC_PCSC_LIBS
    32     64   ])

Modified cackey.c from [f34f4e9e63] to [efb7accc6b].

     1      1   #ifdef HAVE_CONFIG_H
     2      2   #include "config.h"
     3      3   #endif
     4      4   
     5      5   #ifdef HAVE_PCSCLITE_H
     6      6   #  include <pcsclite.h>
     7      7   #endif
            8  +#ifdef HAVE_WINSCARD_H
            9  +#  include <winscard.h>
           10  +#endif
     8     11   #ifdef HAVE_STDINT_H
     9     12   #  include <stdint.h>
    10     13   #endif
    11     14   #ifdef HAVE_INTTYPES_H
    12     15   #  include <inttypes.h>
    13     16   #endif
    14     17   #ifdef HAVE_STDLIB_H
................................................................................
   127    130   
   128    131   	int decrypt_active;
   129    132   	CK_MECHANISM_TYPE decrypt_mechanism;
   130    133   	CK_VOID_PTR decrypt_mech_parm;
   131    134   	CK_ULONG decrypt_mech_parmlen;
   132    135   };
   133    136   
          137  +/* CACKEY Global Handles */
   134    138   static void *cackey_biglock = NULL;
   135         -static struct cackey_session cackey_sessions[8];
          139  +static struct cackey_session cackey_sessions[128];
   136    140   static int cackey_initialized = 0;
   137    141   static int cackey_biglock_init = 0;
   138    142   CK_C_INITIALIZE_ARGS cackey_args;
   139    143   
          144  +/* PCSC Global Handles */
          145  +static LPSCARDCONTEXT cackey_pcsc_handle = NULL;
          146  +
   140    147   static unsigned long cackey_getversion(void) {
   141    148   	static unsigned long retval = 255;
   142    149   	unsigned long major = 0;
   143    150   	unsigned long minor = 0;
   144    151   	char *major_str = NULL;
   145    152   	char *minor_str = NULL;
   146    153   
................................................................................
   167    174   	retval = (major << 16) | (minor << 8);
   168    175   #endif
   169    176   
   170    177   	CACKEY_DEBUG_PRINTF("Returning 0x%lx", retval);
   171    178   
   172    179   	return(retval);
   173    180   }
          181  +
          182  +/* APDU Related Functions */
          183  +static int cackey_send_apdu(unsigned char class, unsigned char instruction, unsigned char p1, unsigned char p2, unsigned char lc, unsigned char *data, unsigned char *resp, unsigned char resplen) {
          184  +	LONG scard_est_context_ret;
          185  +#ifdef HAVE_SCARDISVALIDCONTEXT
          186  +	LONG scard_isvalid_ret;
          187  +#endif
          188  +
          189  +	CACKEY_DEBUG_PRINTF("Called.");
          190  +
          191  +	if (cackey_pcsc_handle == NULL) {
          192  +		cackey_pcsc_handle = malloc(sizeof(*cackey_pcsc_handle));
          193  +		if (cackey_pcsc_handle == NULL) {
          194  +			CACKEY_DEBUG_PRINTF("Call to malloc() failed, returning in failure");
          195  +
          196  +			return(-1);
          197  +		}
          198  +
          199  +		scard_est_context_ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, cackey_pcsc_handle);
          200  +		if (scard_est_context_ret != SCARD_S_SUCCESS) {
          201  +			CACKEY_DEBUG_PRINTF("Call to SCardEstablishContext failed (returned %li), returning in failure", (long) scard_est_context_ret);
          202  +
          203  +			free(cackey_pcsc_handle);
          204  +
          205  +			return(-1);
          206  +		}
          207  +	}
          208  +
          209  +#ifdef HAVE_SCARDISVALIDCONTEXT
          210  +	scard_isvalid_ret = SCardIsValidContext(*cackey_pcsc_handle);
          211  +	if (scard_isvalid_ret != SCARD_S_SUCCESS) {
          212  +		CACKEY_DEBUG_PRINTF("Handle has become invalid, trying to re-establish...");
          213  +
          214  +		scard_est_context_ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, cackey_pcsc_handle);
          215  +		if (scard_est_context_ret != SCARD_S_SUCCESS) {
          216  +			CACKEY_DEBUG_PRINTF("Call to SCardEstablishContext failed (returned %li), returning in failure", (long) scard_est_context_ret);
          217  +
          218  +			free(cackey_pcsc_handle);
          219  +
          220  +			return(-1);
          221  +		}
          222  +
          223  +		CACKEY_DEBUG_PRINTF("Handle has been re-established");
          224  +	}
          225  +#endif
          226  +
          227  +	/* Connect to a reader, if needed */
          228  +
          229  +	/* Transmit */
          230  +}
   174    231   
   175    232   /* Returns 0 on success */
   176    233   static int cackey_mutex_create(void **mutex) {
   177    234   	pthread_mutex_t *pthread_mutex;
   178    235   	int pthread_retval;
   179    236   	CK_RV custom_retval;
   180    237   
................................................................................
   290    347   	CK_VOID_PTR pValue;
   291    348   	CK_ULONG ulValueLen;
   292    349   	CK_OBJECT_CLASS ck_object_class;
   293    350   	CK_CERTIFICATE_TYPE ck_certificate_type;
   294    351   	CK_KEY_TYPE ck_key_type;
   295    352   	CK_UTF8CHAR ucTmpBuf[1024];
   296    353   	unsigned char certificate[16384];
   297         -	ssize_t getcert_ret, certificate_len = -1, x509_read_ret;
   298         -	int fd;
          354  +	ssize_t certificate_len = -1, x509_read_ret;
   299    355   	int pValue_free;
   300    356   
   301    357   	CACKEY_DEBUG_PRINTF("Called (objectClass = %lu, identity_num = %lu).", (unsigned long) objectclass, identity_num);
   302    358   
   303    359   	if (objectclass != CKO_CERTIFICATE && objectclass != CKO_PUBLIC_KEY && objectclass != CKO_PRIVATE_KEY) {
   304    360   		CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), invalid object class");
   305    361   
................................................................................
   695    751   	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
   696    752   
   697    753   	return(CKR_OK);
   698    754   }
   699    755   
   700    756   CK_DEFINE_FUNCTION(CK_RV, C_GetInfo)(CK_INFO_PTR pInfo) {
   701    757   	static CK_UTF8CHAR manufacturerID[] = "U.S. Government";
   702         -	static CK_UTF8CHAR libraryDescription[] = "SSH Agent PKCS#11";
          758  +	static CK_UTF8CHAR libraryDescription[] = "CACKey";
   703    759   
   704    760   	CACKEY_DEBUG_PRINTF("Called.");
   705    761   
   706    762   	if (pInfo == NULL) {
   707    763   		CACKEY_DEBUG_PRINTF("Error. pInfo is NULL.");
   708    764   
   709    765   		return(CKR_ARGUMENTS_BAD);
................................................................................
   733    789   
   734    790   	return(CKR_OK);
   735    791   }
   736    792   
   737    793   /* We only support 1 slot.  If the slot exists, the token exists. */
   738    794   CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
   739    795   	CK_ULONG count, slot_present = 0, currslot;
   740         -	int fd;
   741    796   
   742    797   	CACKEY_DEBUG_PRINTF("Called.");
   743    798   
   744    799   	if (pulCount == NULL) {
   745    800   		CACKEY_DEBUG_PRINTF("Error. pulCount is NULL.");
   746    801   
   747    802   		return(CKR_ARGUMENTS_BAD);
................................................................................
   781    836   	return(CKR_OK);
   782    837   
   783    838   	tokenPresent = tokenPresent; /* Supress unused variable warning */
   784    839   }
   785    840   
   786    841   CK_DEFINE_FUNCTION(CK_RV, C_GetSlotInfo)(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
   787    842   	static CK_UTF8CHAR manufacturerID[] = "U.S. Government";
   788         -	static CK_UTF8CHAR slotDescription[] = "SSH Agent Slot";
          843  +	static CK_UTF8CHAR slotDescription[] = "CACKey Slot";
   789    844   
   790    845   	CACKEY_DEBUG_PRINTF("Called.");
   791    846   
   792    847   	if (pInfo == NULL) {
   793    848   		CACKEY_DEBUG_PRINTF("Error. pInfo is NULL.");
   794    849   
   795    850   		return(CKR_ARGUMENTS_BAD);
................................................................................
   826    881   
   827    882   	return(CKR_OK);
   828    883   }
   829    884   
   830    885   CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) {
   831    886   	static CK_UTF8CHAR manufacturerID[] = "U.S. Government";
   832    887   	static CK_UTF8CHAR defaultLabel[] = "Unknown Token";
   833         -	static CK_UTF8CHAR model[] = "SSH Agent Token";
   834         -	int fd, bytestocopy;
          888  +	static CK_UTF8CHAR model[] = "CAC Token";
   835    889   
   836    890   	CACKEY_DEBUG_PRINTF("Called.");
   837    891   
   838    892   	if (pInfo == NULL) {
   839    893   		CACKEY_DEBUG_PRINTF("Error. pInfo is NULL.");
   840    894   
   841    895   		return(CKR_ARGUMENTS_BAD);
................................................................................
   852    906   		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
   853    907   
   854    908   		return(CKR_CRYPTOKI_NOT_INITIALIZED);
   855    909   	}
   856    910   
   857    911   	/* XXX: Verify connection is valid */
   858    912   	if (0) {
   859         -		CACKEY_DEBUG_PRINTF("Error. Tried to connect to slot, but failed.  fd = %i", fd);
          913  +		CACKEY_DEBUG_PRINTF("Error. Tried to connect to slot, but failed.");
   860    914   
   861    915   		return(CKR_SLOT_ID_INVALID);
   862    916   	}
   863    917   
   864    918   	/* XXX: Get list of identities */
   865    919   	if (0) {
   866    920   		CACKEY_DEBUG_PRINTF("Error. No identities found in slot.");
................................................................................
  1055   1109   	CACKEY_DEBUG_PRINTF("Returning CKR_FUNCTION_NOT_SUPPORTED (%i)", CKR_FUNCTION_NOT_SUPPORTED);
  1056   1110   
  1057   1111   	return(CKR_FUNCTION_NOT_SUPPORTED);
  1058   1112   }
  1059   1113   
  1060   1114   CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY notify, CK_SESSION_HANDLE_PTR phSession) {
  1061   1115   	struct cackey_identity *identities;
  1062         -	unsigned long idx, num_ids, id_idx, curr_id_type, curr_ssh_id_idx;
         1116  +	unsigned long idx, num_ids, id_idx, curr_id_type;
  1063   1117   	CK_BYTE sigbuf[1024];
  1064   1118   	ssize_t sigbuflen;
  1065   1119   	int mutex_retval;
  1066   1120   	int found_session = 0;
  1067         -	int fd;
  1068   1121   
  1069   1122   	CACKEY_DEBUG_PRINTF("Called.");
  1070   1123   
  1071   1124   	if (slotID != 0) {
  1072   1125   		/* We only support one slot -- slot 0 */
  1073   1126   		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), only one slot available: 0", slotID);
  1074   1127   
................................................................................
  2124   2177   }
  2125   2178   
  2126   2179   CK_DEFINE_FUNCTION(CK_RV, C_DecryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen) {
  2127   2180   	static CK_BYTE buf[16384];
  2128   2181   	ssize_t buflen;
  2129   2182   	CK_RV retval = CKR_GENERAL_ERROR;
  2130   2183   	int mutex_retval;
  2131         -	int fd;
  2132   2184   
  2133   2185   	CACKEY_DEBUG_PRINTF("Called.");
  2134   2186   
  2135   2187   	if (!cackey_initialized) {
  2136   2188   		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
  2137   2189   
  2138   2190   		return(CKR_CRYPTOKI_NOT_INITIALIZED);
................................................................................
  2577   2629   
  2578   2630   CK_DEFINE_FUNCTION(CK_RV, C_SignFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) {
  2579   2631   	static CK_BYTE sigbuf[1024];
  2580   2632   	ssize_t sigbuflen;
  2581   2633   	CK_RV retval = CKR_GENERAL_ERROR;
  2582   2634   	int terminate_sign = 1;
  2583   2635   	int mutex_retval;
  2584         -	int fd;
  2585   2636   
  2586   2637   	CACKEY_DEBUG_PRINTF("Called.");
  2587   2638   
  2588   2639   	if (!cackey_initialized) {
  2589   2640   		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
  2590   2641   
  2591   2642   		return(CKR_CRYPTOKI_NOT_INITIALIZED);

Added cackey_spm.c version [2a7170f089].

            1  +/*
            2  + * GSC-IS (v2.1) Service Call Level Service Provider Module for PC/SC Lite and
            3  + * DoD CAC/CACv2/PIV/PIVv2 Cards
            4  + */
            5  +
            6  +#ifdef HAVE_CONFIG_H
            7  +#include "config.h"
            8  +#endif
            9  +
           10  +#include "cackey_spm.h"
           11  +
           12  +#ifdef HAVE_STDIO_H
           13  +#  include <stdio.h>
           14  +#endif
           15  +#ifdef HAVE_STDLIB_H
           16  +#  include <stdlib.h>
           17  +#endif
           18  +
           19  +unsigned long gscBsiUtilAcquireContext(unsigned long hCard, unsigned char *AID, struct BSIAuthenticator strctAuthenticator[], unsigned long authNb) {
           20  +}
           21  +
           22  +unsigned long gscBsiUtilConnect(unsigned char *readerName, unsigned long *hCard) {
           23  +}
           24  +
           25  +unsigned long gscBsiUtilDisconnect(unsigned long hCard) {
           26  +}
           27  +
           28  +unsigned long gscBsiUtilBeginTransaction(unsigned long hCard, _Bool blType) {
           29  +}
           30  +
           31  +unsigned long gscBsiUtilEndTransaction(unsigned long hCard) {
           32  +}
           33  +
           34  +unsigned long gscBsiUtilGetVersion(unsigned char **version) {
           35  +	int sprintf_ret;
           36  +
           37  +	if (version == NULL) {
           38  +		return(BSI_UNKNOWN_ERROR);
           39  +	}
           40  +
           41  +	if (*version == NULL) {
           42  +		sprintf_ret = sprintf(NULL, "2,1,0,%s", PACKAGE_VERSION);
           43  +
           44  +		if (sprintf_ret <= 0) {
           45  +			return(BSI_UNKNOWN_ERROR);
           46  +		}
           47  +
           48  +		*version = malloc(sprintf_ret + 1);
           49  +	}
           50  +
           51  +	/* Hopefully their buffer is large enough ... */
           52  +	sprintf(*version, "2,1,0,%s", PACKAGE_VERSION);
           53  +
           54  +	return(BSI_OK);
           55  +}
           56  +
           57  +unsigned long gscBsiUtilGetCardProperties(unsigned long hCard, unsigned char **CCCUniqueID, unsigned long *cardCapability) {
           58  +}
           59  +
           60  +unsigned long gscBsiUtilGetCardStatus(unsigned long hCard) {
           61  +}
           62  +
           63  +unsigned long gscBsiUtilGetExtendedErrorText(unsigned long hCard, unsigned char **errorText) {
           64  +	if (errorText == NULL) {
           65  +		return(BSI_UNKNOWN_ERROR);
           66  +	}
           67  +
           68  +	*errorText = NULL;
           69  +
           70  +	return(BSI_NO_TEXT_AVAILABLE);
           71  +}
           72  +
           73  +unsigned long gscBsiUtilGetReaderList(unsigned char ***readerList) {
           74  +}
           75  +
           76  +unsigned long gscBsiUtilPassthru(unsigned long hCard, unsigned char *cardCommand, unsigned char **cardResponse) {
           77  +}
           78  +
           79  +unsigned long gscBsiUtilReleaseContext(unsigned long hCard, unsigned char *AID) {
           80  +}
           81  +
           82  +unsigned long gscBsiGcDataCreate(unsigned long hCard, unsigned char *AID, unsigned char tag, unsigned char *value) {
           83  +}
           84  +
           85  +unsigned long gscBsiGcDataDelete(unsigned long hCard, unsigned char *AID, unsigned char tag) {
           86  +}
           87  +
           88  +unsigned long gscBsiGcGetContainerProperties(unsigned long hCard, unsigned char *AID, struct GCacr *strctGCacr, struct GCContainerSize *strctContainerSizes, unsigned char **containerVersion) {
           89  +}
           90  +
           91  +unsigned long gscBsiGcReadTagList(unsigned long hCard, unsigned char *AID, unsigned char **tagArray) {
           92  +}
           93  +
           94  +unsigned long gscBsiGcReadValue(unsigned long hCard, unsigned char *AID, unsigned char tag, unsigned char **value) {
           95  +}
           96  +
           97  +unsigned long gscBsiGcUpdateValue(unsigned long hCard, unsigned char *AID, unsigned char tag, unsigned char *value) {
           98  +}
           99  +
          100  +unsigned long gscBsiGetChallenge(unsigned long hCard, unsigned char *AID, unsigned char **challenge) {
          101  +}
          102  +
          103  +unsigned long gscBsiSkiInternalAuthenticate(unsigned long hCard, unsigned char *AID, unsigned char algoID, unsigned char *challenge, unsigned char **cryptogram) {
          104  +}
          105  +
          106  +unsigned long gscBsiPkiCompute(unsigned long hCard, unsigned char *AID, unsigned char algoID, unsigned char *message, unsigned char **result) {
          107  +}
          108  +
          109  +unsigned long gscBsiPkiGetCertificate(unsigned long hCard, unsigned char *AID, unsigned char **Certificate) {
          110  +}
          111  +
          112  +unsigned long gscBsiGetCryptoProperties(unsigned long hCard, unsigned char *AID, struct CRYPTOacr *strctCRYPTOacr, unsigned long *keyLen) {
          113  +}

Added cackey_spm.h version [8f907a66a1].

            1  +/*
            2  + * GSC-IS (v2.1) Service Call Level Service Provider Module for PC/SC Lite and
            3  + * DoD CAC/CACv2/PIV/PIVv2 Cards
            4  + */
            5  +
            6  +/* Access ... ? */
            7  +#define BSI_AM_XAUTH                 0x02
            8  +#define BSI_AM_SECURE_CHANNEL_GP     0x04
            9  +#define BSI_AM_PIN                   0x06
           10  +#define BSI_AM_SECURE_CHANNEL_ISO    0x0B
           11  +
           12  +/* Access Control Rules */
           13  +#define BSI_ACR_ALWYS                0x00
           14  +#define BSI_ACR_NEVER                0x01
           15  +#define BSI_ACR_XAUTH                0x02
           16  +#define BSI_ACR_XAUTH_OR_PIN         0x03
           17  +#define BSI_SECURE_CHANNEL_GP        0x04 /* typo in spec? */
           18  +#define BSI_ACR_SECURE_CHANNEL_GP    0x04
           19  +#define BSI_ACR_PIN_ALWAYS           0x05
           20  +#define BSI_ACR_PIN                  0x06
           21  +#define BSI_ACR_XAUTH_THEN_PIN       0x07
           22  +#define BSI_ACR_UPDATE_ONCE          0x08
           23  +#define BSI_ACR_PIN_THEN_XAUTH       0x09
           24  +#define BSI_SECURE_CHANNEL_ISO       0x0B /* typo in spec? */
           25  +#define BSI_ACR_SECURE_CHANNEL_ISO   0x0B
           26  +#define BSI_ACR_XAUTH_AND_PIN        0x0C
           27  +
           28  +/* Algorithms */
           29  +#define BSI_CKM_DES3_ECB             0x81
           30  +#define BSI_CKM_DES3_CBC             0x82
           31  +#define BSI_CKM_RSA_NO_PAD           0xA3
           32  +
           33  +/* Return Codes */
           34  +#define BSI_OK                       0x00
           35  +#define BSI_ACCESS_DENIED            0x01
           36  +#define BSI_ACR_NOT_AVAILABLE        0x02
           37  +#define BSI_BAD_AID                  0x03
           38  +#define BSI_BAD_ALGO_ID              0x04
           39  +#define BSI_BAD_AUTH                 0x05
           40  +#define BSI_BAD_HANDLE               0x06
           41  +#define BSI_BAD_PARAM                0x07
           42  +#define BSI_BAD_TAG                  0x08
           43  +#define BSI_CARD_ABSENT              0x09
           44  +#define BSI_CARD_REMOVED             0x0A
           45  +#define BSI_NO_SPSSERVICE            0x0B
           46  +#define BSI_IO_ERROR                 0x0C
           47  +#define BSI_INSUFFICIENT_BUFFER      0x0E
           48  +#define BSI_NO_CARDSERVICE           0x0F
           49  +#define BSI_NO_MORE_SPACE            0x10
           50  +#define BSI_PIN_BLOCKED              0x11
           51  +#define BSI_TAG_EXISTS               0x13
           52  +#define BSI_TIMEOUT_ERROR            0x14
           53  +#define BSI_TERMINAL_AUTH            0x15
           54  +#define BSI_NO_TEXT_AVAILABLE        0x16
           55  +#define BSI_UNKNOWN_ERROR            0x17
           56  +#define BSI_UNKNOWN_READER           0x18
           57  +#define BSI_SC_LOCKED                0x19
           58  +#define BSI_NOT_TRANSACTED           0x20
           59  +
           60  +#define MaxNbAM 50
           61  +
           62  +struct BSIAcr {
           63  +	unsigned long ACRType;
           64  +	unsigned long keyIDOrReference[MaxNbAM];
           65  +	unsigned long AuthNb;
           66  +	unsigned long ACRID;
           67  +};
           68  +
           69  +struct GCacr {
           70  +	struct BSIAcr createACR;
           71  +	struct BSIAcr deleteACR;
           72  +	struct BSIAcr readTagListACR;
           73  +	struct BSIAcr readValueACR;
           74  +	struct BSIAcr updateValueACR;
           75  +};
           76  +
           77  +struct GCContainerSize {
           78  +	unsigned long maxNbDataItems;
           79  +	unsigned long maxValueStorageSize;
           80  +	
           81  +};
           82  +
           83  +struct CRYPTOacr {
           84  +	struct BSIAcr getChallengeACR;
           85  +	struct BSIAcr internalAuthenticateACR;
           86  +	struct BSIAcr pkiComputeACR;
           87  +	struct BSIAcr createACR;
           88  +	struct BSIAcr deleteACR;
           89  +	struct BSIAcr readTagListACR;
           90  +	struct BSIAcr readValueACR;
           91  +	struct BSIAcr updateValueACR;
           92  +};
           93  +
           94  +struct BSIAuthenticator {
           95  +};
           96  +
           97  +unsigned long gscBsiUtilAcquireContext(unsigned long hCard, unsigned char *AID, struct BSIAuthenticator strctAuthenticator[], unsigned long authNb);
           98  +unsigned long gscBsiUtilConnect(unsigned char *readerName, unsigned long *hCard);
           99  +unsigned long gscBsiUtilDisconnect(unsigned long hCard);
          100  +unsigned long gscBsiUtilBeginTransaction(unsigned long hCard, _Bool blType);
          101  +unsigned long gscBsiUtilEndTransaction(unsigned long hCard);
          102  +unsigned long gscBsiUtilGetVersion(unsigned char **version);
          103  +unsigned long gscBsiUtilGetCardProperties(unsigned long hCard, unsigned char **CCCUniqueID, unsigned long *cardCapability);
          104  +unsigned long gscBsiUtilGetCardStatus(unsigned long hCard);
          105  +unsigned long gscBsiUtilGetExtendedErrorText(unsigned long hCard, unsigned char **errorText);
          106  +unsigned long gscBsiUtilGetReaderList(unsigned char ***readerList);
          107  +unsigned long gscBsiUtilPassthru(unsigned long hCard, unsigned char *cardCommand, unsigned char **cardResponse);
          108  +unsigned long gscBsiUtilReleaseContext(unsigned long hCard, unsigned char *AID);
          109  +unsigned long gscBsiGcDataCreate(unsigned long hCard, unsigned char *AID, unsigned char tag, unsigned char *value);
          110  +unsigned long gscBsiGcDataDelete(unsigned long hCard, unsigned char *AID, unsigned char tag);
          111  +unsigned long gscBsiGcGetContainerProperties(unsigned long hCard, unsigned char *AID, struct GCacr *strctGCacr, struct GCContainerSize *strctContainerSizes, unsigned char **containerVersion);
          112  +unsigned long gscBsiGcReadTagList(unsigned long hCard, unsigned char *AID, unsigned char **tagArray);
          113  +unsigned long gscBsiGcReadValue(unsigned long hCard, unsigned char *AID, unsigned char tag, unsigned char **value);
          114  +unsigned long gscBsiGcUpdateValue(unsigned long hCard, unsigned char *AID, unsigned char tag, unsigned char *value);
          115  +unsigned long gscBsiGetChallenge(unsigned long hCard, unsigned char *AID, unsigned char **challenge);
          116  +unsigned long gscBsiSkiInternalAuthenticate(unsigned long hCard, unsigned char *AID, unsigned char algoID, unsigned char *challenge, unsigned char **cryptogram);
          117  +unsigned long gscBsiPkiCompute(unsigned long hCard, unsigned char *AID, unsigned char algoID, unsigned char *message, unsigned char **result);
          118  +unsigned long gscBsiPkiGetCertificate(unsigned long hCard, unsigned char *AID, unsigned char **Certificate);
          119  +unsigned long gscBsiGetCryptoProperties(unsigned long hCard, unsigned char *AID, struct CRYPTOacr *strctCRYPTOacr, unsigned long *keyLen);

Modified configure.ac from [0206db0963] to [4d0c0e3f42].

    59     59   #  include <unistd.h>
    60     60   #endif
    61     61   #ifdef HAVE_PTHREAD_H
    62     62   #  include <pthread.h>
    63     63   #endif
    64     64   ])
    65     65   
    66         -dnl Check for PC/SC headers
    67         -DC_PCSC_HEADERS
           66  +dnl Check for PC/SC headers and libraries
           67  +DC_PCSC
    68     68   
    69     69   dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker
    70     70   DC_SYNC_RPATH
    71     71   
    72     72   dnl If we updated LIBOBJS, update SHLIBOBJS -- must be last.
    73     73   DC_SYNC_SHLIBOBJS
    74     74   
    75     75   dnl Produce Makefile
    76     76   AC_OUTPUT(Makefile)