Check-in [9fc3b9fa03]
Overview
Comment:Updated to select correct applet and file for given identity for sign/decrypt

Added more debugging for selecting a key for sign/decrypt

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:9fc3b9fa035d09ce98fe56b3c55a61221e85cc57
User & Date: rkeene on 2010-05-15 00:25:26
Other Links: manifest | tags
Context
2010-05-15
00:34
Added line numbers to debugging output

Added overloaded debugging strdup to check for leaks check-in: 709b50760d user: rkeene tags: trunk

00:25
Updated to select correct applet and file for given identity for sign/decrypt

Added more debugging for selecting a key for sign/decrypt check-in: 9fc3b9fa03 user: rkeene tags: trunk

2010-05-14
23:33
Added untested support for Sign/Decrypt check-in: fc063dd0df user: rkeene tags: trunk
Changes

Modified cackey.c from [4487b6bfe2] to [36bd79ba26].

   475    475   	unsigned long search_curr_id;
   476    476   
   477    477   	int sign_active;
   478    478   	CK_MECHANISM_TYPE sign_mechanism;
   479    479   	CK_BYTE_PTR sign_buf;
   480    480   	unsigned long sign_buflen;
   481    481   	unsigned long sign_bufused;
          482  +	struct cackey_identity *sign_identity;
   482    483   
   483    484   	int decrypt_active;
   484    485   	CK_MECHANISM_TYPE decrypt_mechanism;
   485    486   	CK_VOID_PTR decrypt_mech_parm;
   486    487   	CK_ULONG decrypt_mech_parmlen;
   487         -
          488  +	struct cackey_identity *decrypt_identity;
   488    489   };
   489    490   
   490    491   struct cackey_slot {
   491    492   	int active;
   492    493   
   493    494   	char *pcsc_reader;
   494    495   
................................................................................
  1786   1787    * RETURN VALUE
  1787   1788    *     ...
  1788   1789    *
  1789   1790    * NOTES
  1790   1791    *     ...
  1791   1792    *
  1792   1793    */
  1793         -static ssize_t cackey_signdecrypt(struct cackey_slot *slot, unsigned char *buf, size_t buflen, unsigned char *outbuf, size_t outbuflen) {
         1794  +static ssize_t cackey_signdecrypt(struct cackey_slot *slot, struct cackey_identity *identity, unsigned char *buf, size_t buflen, unsigned char *outbuf, size_t outbuflen) {
  1794   1795   	cackey_ret send_ret;
  1795   1796   
  1796   1797   	CACKEY_DEBUG_PRINTF("Called.");
  1797   1798   
  1798   1799   	if (buflen > 255) {
  1799   1800   		CACKEY_DEBUG_PRINTF("Error.  buflen is greater than 255 (buflen = %lu)", (unsigned long) buflen);
  1800   1801   
................................................................................
  1821   1822   
  1822   1823   	if (outbuf == NULL) {
  1823   1824   		CACKEY_DEBUG_PRINTF("Error.  outbuf is NULL");
  1824   1825   
  1825   1826   		return(-1);
  1826   1827   	}
  1827   1828   
         1829  +	/* Begin transaction */
         1830  +	cackey_begin_transaction(slot);
         1831  +
         1832  +	/* Select correct applet */
         1833  +	cackey_select_applet(slot, identity->identity->applet, sizeof(identity->identity->applet));
         1834  +
         1835  +	/* Select correct file */
         1836  +	cackey_select_file(slot, identity->identity->file);
         1837  +
  1828   1838   	send_ret = cackey_send_apdu(slot, GSCIS_CLASS_GLOBAL_PLATFORM, GSCIS_INSTR_SIGNDECRYPT, 0x00, 0x00, buflen, buf, outbuflen, NULL, outbuf, &outbuflen);
  1829   1839   	if (send_ret != CACKEY_PCSC_S_OK) {
  1830   1840   		CACKEY_DEBUG_PRINTF("ADPU Sending Failed -- returning in error.");
  1831   1841   
         1842  +		/* End transaction */
         1843  +		cackey_end_transaction(slot);
         1844  +
  1832   1845   		return(-1);
  1833   1846   	}
  1834   1847   
         1848  +	/* End transaction */
         1849  +	cackey_end_transaction(slot);
         1850  +
  1835   1851   	CACKEY_DEBUG_PRINTF("Returning in success.");
  1836   1852   
  1837   1853   	return(outbuflen);
  1838   1854   }
  1839   1855   
  1840   1856   /*
  1841   1857    * SYNPOSIS
................................................................................
  4120   4136   		
  4121   4137   		return(CKR_OPERATION_ACTIVE);
  4122   4138   	}
  4123   4139   
  4124   4140   	if (hKey >= cackey_sessions[hSession].identities_count) {
  4125   4141   		cackey_mutex_unlock(cackey_biglock);
  4126   4142   
  4127         -		CACKEY_DEBUG_PRINTF("Error.  Key handle out of range.");
         4143  +		CACKEY_DEBUG_PRINTF("Error.  Key handle out of range (requested key %lu, only %lu identities available).", (unsigned long) hKey, (unsigned long) cackey_sessions[hSession].identities_count);
  4128   4144   
  4129   4145   		return(CKR_KEY_HANDLE_INVALID);
  4130   4146   	}
  4131   4147   
  4132   4148   	cackey_sessions[hSession].decrypt_active = 1;
  4133   4149   
  4134   4150   	cackey_sessions[hSession].decrypt_mechanism = pMechanism->mechanism;
  4135   4151   	cackey_sessions[hSession].decrypt_mech_parm = pMechanism->pParameter;
  4136   4152   	cackey_sessions[hSession].decrypt_mech_parmlen = pMechanism->ulParameterLen;
         4153  +	cackey_sessions[hSession].decrypt_identity = &cackey_sessions[hSession].identities[hKey];
  4137   4154   
  4138   4155   	mutex_retval = cackey_mutex_unlock(cackey_biglock);
  4139   4156   	if (mutex_retval != 0) {
  4140   4157   		CACKEY_DEBUG_PRINTF("Error.  Unlocking failed.");
  4141   4158   
  4142   4159   		return(CKR_GENERAL_ERROR);
  4143   4160   	}
................................................................................
  4260   4277   		
  4261   4278   		return(CKR_OPERATION_NOT_INITIALIZED);
  4262   4279   	}
  4263   4280   
  4264   4281   	switch (cackey_sessions[hSession].decrypt_mechanism) {
  4265   4282   		case CKM_RSA_PKCS:
  4266   4283   			/* Ask card to decrypt */
  4267         -			buflen = cackey_signdecrypt(&cackey_slots[cackey_sessions[hSession].slotID], pEncryptedPart, ulEncryptedPartLen, buf, sizeof(buf));
         4284  +			buflen = cackey_signdecrypt(&cackey_slots[cackey_sessions[hSession].slotID], cackey_sessions[hSession].decrypt_identity, pEncryptedPart, ulEncryptedPartLen, buf, sizeof(buf));
  4268   4285   
  4269   4286   			if (buflen < 0) {
  4270   4287   				/* Decryption failed. */
  4271   4288   				retval = CKR_GENERAL_ERROR;
  4272   4289   			} else if (((unsigned long) buflen) > *pulPartLen && pPart) {
  4273   4290   				/* Decrypted data too large */
  4274   4291   				retval = CKR_BUFFER_TOO_SMALL;
................................................................................
  4489   4506   		
  4490   4507   		return(CKR_OPERATION_ACTIVE);
  4491   4508   	}
  4492   4509   
  4493   4510   	if (hKey >= cackey_sessions[hSession].identities_count) {
  4494   4511   		cackey_mutex_unlock(cackey_biglock);
  4495   4512   
  4496         -		CACKEY_DEBUG_PRINTF("Error.  Key handle out of range.");
         4513  +		CACKEY_DEBUG_PRINTF("Error.  Key handle out of range (requested key %lu, only %lu identities available).", (unsigned long) hKey, (unsigned long) cackey_sessions[hSession].identities_count);
  4497   4514   
  4498   4515   		return(CKR_KEY_HANDLE_INVALID);
  4499   4516   	}
  4500   4517   
  4501   4518   	cackey_sessions[hSession].sign_active = 1;
  4502   4519   
  4503   4520   	cackey_sessions[hSession].sign_mechanism = pMechanism->mechanism;
  4504   4521   
  4505   4522   	cackey_sessions[hSession].sign_buflen = 128;
  4506   4523   	cackey_sessions[hSession].sign_bufused = 0;
  4507   4524   	cackey_sessions[hSession].sign_buf = malloc(sizeof(*cackey_sessions[hSession].sign_buf) * cackey_sessions[hSession].sign_buflen);
         4525  +	cackey_sessions[hSession].sign_identity = &cackey_sessions[hSession].identities[hKey];
  4508   4526   
  4509   4527   	mutex_retval = cackey_mutex_unlock(cackey_biglock);
  4510   4528   	if (mutex_retval != 0) {
  4511   4529   		CACKEY_DEBUG_PRINTF("Error.  Unlocking failed.");
  4512   4530   
  4513   4531   		return(CKR_GENERAL_ERROR);
  4514   4532   	}
................................................................................
  4692   4710   		
  4693   4711   		return(CKR_OPERATION_NOT_INITIALIZED);
  4694   4712   	}
  4695   4713   
  4696   4714   	switch (cackey_sessions[hSession].sign_mechanism) {
  4697   4715   		case CKM_RSA_PKCS:
  4698   4716   			/* Ask card to sign */
  4699         -			sigbuflen = cackey_signdecrypt(&cackey_slots[cackey_sessions[hSession].slotID], cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_buflen, sigbuf, sizeof(sigbuf));
         4717  +			sigbuflen = cackey_signdecrypt(&cackey_slots[cackey_sessions[hSession].slotID], cackey_sessions[hSession].sign_identity, cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_buflen, sigbuf, sizeof(sigbuf));
  4700   4718   
  4701   4719   			if (sigbuflen < 0) {
  4702   4720   				/* Signing failed. */
  4703   4721   				retval = CKR_GENERAL_ERROR;
  4704   4722   			} else if (((unsigned long) sigbuflen) > *pulSignatureLen && pSignature) {
  4705   4723   				/* Signed data too large */
  4706   4724   				retval = CKR_BUFFER_TOO_SMALL;