Check-in [fbed2df898]
Overview
Comment:Updated to try more application IDs for CACs
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: fbed2df8985248e290f0415c94f8e5b406426b0a
User & Date: rkeene on 2017-03-09 02:41:47
Other Links: manifest | tags
Context
2017-03-09
02:42
Better linking to zlib for AppFS build check-in: ee07cc40d0 user: rkeene tags: trunk
02:41
Updated to try more application IDs for CACs check-in: fbed2df898 user: rkeene tags: trunk
02:15
ChromeOS: Fix debug check-in: 1c45a8940d user: rkeene tags: trunk
Changes

Modified cackey.c from [3a53605d32] to [de5cf6edd0].

160
161
162
163
164
165
166

167
168
169
170
171
172
173
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174







+







/*** PKI Information - EF 7000 ***/
#define GSCIS_TAG_CERTIFICATE         0x70
#define GSCIS_TAG_CERT_ISSUE_DATE     0x71
#define GSCIS_TAG_CERT_EXPIRE_DATE    0x72

/** Applet IDs **/
#define GSCIS_AID_CCC                 0xA0, 0x00, 0x00, 0x01, 0x16, 0xDB, 0x00
#define GSCIS_AID_ID0                 0xA0, 0x00, 0x00, 0x00, 0x79, 0x01, 0x00
#define NISTSP800_73_3_PIV_AID        0xA0, 0x00, 0x00, 0x03, 0x08, 0x00, 0x00, 0x10, 0x00, 0x01, 0x00

/* PIV IDs */
/** Key Identifiers (NIST SP 800-78-3, Table 6-1 **/
#define NISTSP800_78_3_KEY_PIVAUTH   0x9A
#define NISTSP800_78_3_KEY_SIGNATURE 0x9C
#define NISTSP800_78_3_KEY_KEYMGT    0x9D
213
214
215
216
217
218
219
220

221
222
223
224
225
226
227
214
215
216
217
218
219
220

221
222
223
224
225
226
227
228







-
+







	static char buf_user[4096] = {0}; \
	snprintf(buf_user, sizeof(buf_user), x); \
	buf_user[sizeof(buf_user) - 1] = '\0'; \
	fprintf(cackey_debug_fd(), "[%lu]: %s():%i: %s\n", CACKEY_DEBUG_GETTIME(), __func__, __LINE__, buf_user); \
	fflush(cackey_debug_fd()); \
}
#  define CACKEY_DEBUG_PRINTBUF(f, x, y) { \
	static char buf_user[4096] = {0}, *buf_user_p, *buf_user_print; \
	static char buf_user[8192] = {0}, *buf_user_p, *buf_user_print; \
	unsigned long buf_user_size; \
	unsigned char *TMPBUF; \
	unsigned long idx; \
	int snprintf_ret; \
	TMPBUF = (unsigned char *) (x); \
	buf_user[0] = 0; \
	buf_user[2] = 0; \
2158
2159
2160
2161
2162
2163
2164


2165

2166
2167
2168
2169
2170
2171
2172
2159
2160
2161
2162
2163
2164
2165
2166
2167

2168
2169
2170
2171
2172
2173
2174
2175







+
+
-
+







 *
 * NOTES
 *     This function reselects the "root" applet, after this function is called
 *     the user may be required to login again
 *
 */
static cackey_pcsc_id_type cackey_detect_and_select_root_applet(struct cackey_slot *slot, cackey_pcsc_id_type type_hint) {
	unsigned char cac_ccc_aid[] = {GSCIS_AID_CCC};
	unsigned char cac_id0_aid[] = {GSCIS_AID_ID0};
	unsigned char ccc_aid[] = {GSCIS_AID_CCC}, piv_aid[] = {NISTSP800_73_3_PIV_AID};
	unsigned char piv_aid[] = {NISTSP800_73_3_PIV_AID};
	cackey_pcsc_id_type try_types[2], try_type;
	int send_ret;
	int idx;

	CACKEY_DEBUG_PRINTF("Reselecting the root applet");

	if (type_hint == CACKEY_ID_TYPE_UNKNOWN) {
2195
2196
2197
2198
2199
2200
2201
2202




2203
2204
2205
2206
2207
2208
2209
2198
2199
2200
2201
2202
2203
2204

2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215







-
+
+
+
+







	for (idx = 0; idx < (sizeof(try_types) / sizeof(try_types[0])); idx++) {
		try_type = try_types[idx];

		switch (try_type) {
			case CACKEY_ID_TYPE_CAC:
				CACKEY_DEBUG_PRINTF("Trying to select the CAC CCC applet");

				send_ret = cackey_select_applet(slot, ccc_aid, sizeof(ccc_aid));
				send_ret = cackey_select_applet(slot, cac_ccc_aid, sizeof(cac_ccc_aid));
				if (send_ret != CACKEY_PCSC_S_OK) {
					send_ret = cackey_select_applet(slot, cac_id0_aid, sizeof(cac_id0_aid));
				}

				break;
			case CACKEY_ID_TYPE_PIV:
				CACKEY_DEBUG_PRINTF("Trying to select the PIV root applet");

				send_ret = cackey_select_applet(slot, piv_aid, sizeof(piv_aid));