Overview
Comment: | Updated to determine what kind of authentication to perform based on token present (PIV/CAC) |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | piv |
Files: | files | file ages | folders |
SHA1: | def08b9deb8260a05fcfad50d67ee5ac9f02ab4a |
User & Date: | rkeene on 2013-01-16 15:21:31 |
Other Links: | manifest | tags |
Context
2013-01-16
| ||
15:46 | Updated macbuild contact information to have valid government email addresses to contact us. check-in: f42b92cf98 user: kvanals tags: piv | |
15:21 | Updated to determine what kind of authentication to perform based on token present (PIV/CAC) check-in: def08b9deb user: rkeene tags: piv | |
2013-01-15
| ||
21:12 | Updated to label PIV keys with their types. Removed extraneous debugging output check-in: e2ba3f7684 user: rkeene tags: piv | |
Changes
Modified cackey.c from [0c58d0837a] to [8554f45411].
3027 3027 * ... 3028 3028 * 3029 3029 * NOTES 3030 3030 * ... 3031 3031 * 3032 3032 */ 3033 3033 static cackey_ret cackey_login(struct cackey_slot *slot, unsigned char *pin, unsigned long pin_len, int *tries_remaining_p) { 3034 + struct cackey_pcsc_identity *pcsc_identities; 3034 3035 unsigned char cac_pin[8] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; 3036 + unsigned long num_certs; 3035 3037 uint16_t response_code; 3036 3038 int tries_remaining; 3037 3039 int send_ret; 3038 3040 int key_reference = 0x00; 3039 3041 3040 3042 /* Indicate that we do not know about how many tries are remaining */ 3041 3043 if (tries_remaining_p) { ................................................................................ 3044 3046 3045 3047 /* Apparently, CAC PINs are *EXACTLY* 8 bytes long -- pad with 0xFF if too short */ 3046 3048 if (pin_len >= 8) { 3047 3049 memcpy(cac_pin, pin, 8); 3048 3050 } else { 3049 3051 memcpy(cac_pin, pin, pin_len); 3050 3052 } 3053 + 3054 + /* PIV authentication uses a "key_reference" of 0x80 */ 3055 + pcsc_identities = cackey_read_certs(slot, NULL, &num_certs); 3056 + if (num_certs > 0 && pcsc_identities != NULL) { 3057 + switch (pcsc_identities[0].id_type) { 3058 + case CACKEY_ID_TYPE_PIV: 3059 + CACKEY_DEBUG_PRINTF("We recently had a PIV card, so we will attempt to authenticate using the PIV Application key reference"); 3060 + 3061 + key_reference = 0x80; 3062 + break; 3063 + default: 3064 + break; 3065 + } 3066 + } 3051 3067 3052 3068 /* Issue PIN Verify */ 3053 3069 send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_VERIFY, 0x00, key_reference, sizeof(cac_pin), cac_pin, 0x00, &response_code, NULL, NULL); 3054 - if (send_ret != CACKEY_PCSC_S_OK && response_code == 0x6A88) { 3055 - key_reference = 0x80; 3056 - 3057 - send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_VERIFY, 0x00, key_reference, sizeof(cac_pin), cac_pin, 0x00, &response_code, NULL, NULL); 3058 - } 3059 3070 3060 3071 if (send_ret != CACKEY_PCSC_S_OK) { 3061 3072 if ((response_code & 0x63C0) == 0x63C0) { 3062 3073 tries_remaining = (response_code & 0xF); 3063 3074 3064 3075 CACKEY_DEBUG_PRINTF("PIN Verification failed, %i tries remaining", tries_remaining); 3065 3076