| ︙ | | |
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
-
-
-
|
# include <zlib.h>
# endif
#else
# ifdef HAVE_LIBZ
# undef HAVE_LIBZ
# endif
#endif
#ifdef CACKEY_DEBUG_SEARCH_SPEEDTEST
# include <sys/time.h>
#endif
|
| ︙ | | |
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
|
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
|
-
+
-
-
-
-
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
-
-
-
-
+
+
+
+
-
-
-
-
+
+
+
+
|
#define MAX_ATR_SIZE 1024
#endif
#ifdef CACKEY_DEBUG
# ifdef HAVE_TIME_H
# include <time.h>
static time_t cackey_debug_start_time = 0;
# define CACKEY_DEBUG_PRINTTIME { if (cackey_debug_start_time == 0) { cackey_debug_start_time = time(NULL); }; fprintf(cackey_debug_fd(), "[%lu]: ", (unsigned long) (time(NULL) - cackey_debug_start_time)); }
# define CACKEY_DEBUG_PRINTTIME { if (cackey_debug_start_time == 0) { cackey_debug_start_time = time(NULL); }; fprintf(stderr, "[%lu]: ", (unsigned long) (time(NULL) - cackey_debug_start_time)); }
# else
# define CACKEY_DEBUG_PRINTTIME /**/
# endif
# define CACKEY_DEBUG_PRINTF(x...) { CACKEY_DEBUG_PRINTTIME; fprintf(cackey_debug_fd(), "%s():%i: ", __func__, __LINE__); fprintf(cackey_debug_fd(), x); fprintf(cackey_debug_fd(), "\n"); fflush(cackey_debug_fd()); }
# define CACKEY_DEBUG_PRINTBUF(f, x, y) { unsigned char *TMPBUF; unsigned long idx; TMPBUF = (unsigned char *) (x); CACKEY_DEBUG_PRINTTIME; fprintf(cackey_debug_fd(), "%s():%i: %s (%s/%lu = {%02x", __func__, __LINE__, f, #x, (unsigned long) (y), TMPBUF[0]); for (idx = 1; idx < (y); idx++) { fprintf(cackey_debug_fd(), ", %02x", TMPBUF[idx]); }; fprintf(cackey_debug_fd(), "})\n"); fflush(cackey_debug_fd()); }
# define CACKEY_DEBUG_PERROR(x) { fprintf(cackey_debug_fd(), "%s():%i: ", __func__, __LINE__); CACKEY_DEBUG_PRINTTIME; perror(x); fflush(cackey_debug_fd()); }
# define free(x) { CACKEY_DEBUG_PRINTF("FREE(%p) (%s)", (void *) x, #x); free(x); }
# define CACKEY_DEBUG_PRINTF(x...) { CACKEY_DEBUG_PRINTTIME; fprintf(stderr, "%s():%i: ", __func__, __LINE__); fprintf(stderr, x); fprintf(stderr, "\n"); fflush(stderr); }
# define CACKEY_DEBUG_PRINTBUF(f, x, y) { unsigned char *TMPBUF; unsigned long idx; TMPBUF = (unsigned char *) (x); CACKEY_DEBUG_PRINTTIME; fprintf(stderr, "%s():%i: %s (%s/%lu = {%02x", __func__, __LINE__, f, #x, (unsigned long) (y), TMPBUF[0]); for (idx = 1; idx < (y); idx++) { fprintf(stderr, ", %02x", TMPBUF[idx]); }; fprintf(stderr, "})\n"); fflush(stderr); }
# define CACKEY_DEBUG_PERROR(x) { fprintf(stderr, "%s():%i: ", __func__, __LINE__); CACKEY_DEBUG_PRINTTIME; perror(x); fflush(stderr); }
# define free(x) { CACKEY_DEBUG_PRINTF("FREE(%p) (%s)", x, #x); free(x); }
static FILE *cackey_debug_fd(void) {
static FILE *fd = NULL;
char *logfile;
if (fd != NULL) {
return(fd);
}
/*
* Log to stderr initially so we can use debugging within
* this function without getting into an infinite loop
*/
fd = stderr;
logfile = getenv("CACKEY_DEBUG_LOGFILE");
if (logfile != NULL) {
CACKEY_DEBUG_PRINTF("Found environment variable: %s", logfile);
logfile = strchr(logfile, '=');
if (logfile == NULL) {
logfile = getenv("CACKEY_DEBUG_LOGFILE");
} else {
logfile++;
}
}
if (logfile != NULL) {
CACKEY_DEBUG_PRINTF("Found log file: %s", logfile);
fd = fopen(logfile, "a");
}
if (fd == NULL) {
fd = stderr;
}
if (fd == stderr) {
CACKEY_DEBUG_PRINTF("Returning stderr");
} else {
CACKEY_DEBUG_PRINTF("Returning %p", (void *) fd);
}
return(fd);
}
fprintf(cackey_debug_fd(), "%s():%i: ", func, line);
fprintf(cackey_debug_fd(), "MALLOC() = %p", retval);
fprintf(cackey_debug_fd(), "\n");
fflush(cackey_debug_fd());
fprintf(stderr, "%s():%i: ", func, line);
fprintf(stderr, "MALLOC() = %p", retval);
fprintf(stderr, "\n");
fflush(stderr);
return(retval);
}
static void *CACKEY_DEBUG_FUNC_REALLOC(void *ptr, size_t size, const char *func, int line) {
void *retval;
retval = realloc(ptr, size);
if (retval != ptr) {
CACKEY_DEBUG_PRINTTIME;
fprintf(cackey_debug_fd(), "%s():%i: ", func, line);
fprintf(cackey_debug_fd(), "REALLOC(%p) = %p", ptr, retval);
fprintf(cackey_debug_fd(), "\n");
fflush(cackey_debug_fd());
fprintf(stderr, "%s():%i: ", func, line);
fprintf(stderr, "REALLOC(%p) = %p", ptr, retval);
fprintf(stderr, "\n");
fflush(stderr);
}
if (retval == NULL) {
CACKEY_DEBUG_PRINTF(" *** ERROR *** realloc returned NULL (size = %lu)", (unsigned long) size);
}
return(retval);
}
static char *CACKEY_DEBUG_FUNC_STRDUP(const char *ptr, const char *func, int line) {
char *retval;
retval = strdup(ptr);
CACKEY_DEBUG_PRINTTIME;
fprintf(cackey_debug_fd(), "%s():%i: ", func, line);
fprintf(cackey_debug_fd(), "STRDUP_MALLOC() = %p", retval);
fprintf(cackey_debug_fd(), "\n");
fflush(cackey_debug_fd());
fprintf(stderr, "%s():%i: ", func, line);
fprintf(stderr, "STRDUP_MALLOC() = %p", retval);
fprintf(stderr, "\n");
fflush(stderr);
return(retval);
}
static const char *CACKEY_DEBUG_FUNC_TAG_TO_STR(unsigned char tag) {
switch (tag) {
case GSCIS_TAG_CARDID:
|
| ︙ | | |
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
|
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
|
-
-
-
-
|
CK_VOID_PTR decrypt_mech_parm;
CK_ULONG decrypt_mech_parmlen;
struct cackey_identity *decrypt_identity;
};
struct cackey_slot {
int active;
int internal;
unsigned int cached_certs_count;
struct cackey_pcsc_identity *cached_certs;
|
| ︙ | | |
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
|
808
809
810
811
812
813
814
815
816
817
818
819
820
821
|
-
-
-
-
-
|
*/
static void cackey_slots_disconnect_all(void) {
uint32_t idx;
CACKEY_DEBUG_PRINTF("Called.");
for (idx = 0; idx < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); idx++) {
if (cackey_slots[idx].internal) {
/* Skip internal slots */
continue;
}
|
| ︙ | | |
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
|
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
|
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
|
if (free_start) {
free(start);
}
return;
}
static struct cackey_pcsc_identity *cackey_copy_certs(struct cackey_pcsc_identity *dest, struct cackey_pcsc_identity *start, size_t count) {
size_t idx;
if (start == NULL) {
return(NULL);
}
if (dest == NULL) {
dest = malloc(sizeof(*dest) * count);
}
for (idx = 0; idx < count; idx++) {
memcpy(dest[idx].applet, start[idx].applet, sizeof(dest[idx].applet));
dest[idx].file = start[idx].file;
dest[idx].certificate_len = start[idx].certificate_len;
dest[idx].keysize = start[idx].keysize;
dest[idx].certificate = malloc(dest[idx].certificate_len);
memcpy(dest[idx].certificate, start[idx].certificate, dest[idx].certificate_len);
}
return(dest);
}
|
| ︙ | | |
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
|
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
|
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
|
if (*count == 0) {
CACKEY_DEBUG_PRINTF("Requested we return 0 objects, short-circuit");
return(certs);
}
}
if (!slot->slot_reset) {
if (slot->cached_certs) {
if (certs == NULL) {
certs = malloc(sizeof(*certs) * slot->cached_certs_count);
*count = slot->cached_certs_count;
} else {
if (*count > slot->cached_certs_count) {
*count = slot->cached_certs_count;
}
}
cackey_copy_certs(certs, slot->cached_certs, *count);
return(certs);
}
}
if (slot->cached_certs) {
cackey_free_certs(slot->cached_certs, slot->cached_certs_count, 1);
slot->cached_certs = NULL;
}
|
| ︙ | | |
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
|
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
|
-
-
-
|
*count = outidx;
if (certs_resizable) {
certs = realloc(certs, sizeof(*certs) * (*count));
}
slot->cached_certs = cackey_copy_certs(NULL, certs, *count);
slot->cached_certs_count = *count;
|
| ︙ | | |
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
|
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
|
+
|
return(CACKEY_PCSC_E_NEEDLOGIN);
}
if (send_ret == CACKEY_PCSC_E_TOKENABSENT) {
CACKEY_DEBUG_PRINTF("Token absent. Returning TOKENABSENT");
cackey_mark_slot_reset(slot);
slot->token_flags = CKF_LOGIN_REQUIRED;
return(CACKEY_PCSC_E_TOKENABSENT);
}
return(-1);
}
|
| ︙ | | |
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
|
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
|
-
+
-
-
-
-
-
-
|
*
* NOTES
* ...
*
*/
static cackey_ret cackey_token_present(struct cackey_slot *slot) {
cackey_ret pcsc_connect_ret;
DWORD reader_len = 0, state = 0, protocol = 0, atr_len;
DWORD reader_len, state, protocol, atr_len;
BYTE atr[MAX_ATR_SIZE];
LONG status_ret, scard_reconn_ret;
CACKEY_DEBUG_PRINTF("Called.");
if (slot->internal) {
CACKEY_DEBUG_PRINTF("Returning token present (internal token)");
return(CACKEY_PCSC_S_TOKENPRESENT);
}
|
| ︙ | | |
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
|
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
|
-
+
|
*
* NOTES
* ...
*
*/
static ssize_t cackey_pcsc_identity_to_label(struct cackey_pcsc_identity *identity, unsigned char *label_buf, unsigned long label_buf_len) {
unsigned long certificate_len;
void *label_asn1;
char *label_asn1;
void *certificate;
int x509_read_ret;
certificate = identity->certificate;
certificate_len = identity->certificate_len;
if (certificate_len < 0) {
|
| ︙ | | |
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
|
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
|
-
+
|
free(retval);
retval = NULL;
}
*pulCount = numattrs;
CACKEY_DEBUG_PRINTF("Returning %lu objects (%p).", numattrs, (void *) retval);
CACKEY_DEBUG_PRINTF("Returning %lu objects (%p).", numattrs, retval);
return(retval);
}
static void cackey_free_identities(struct cackey_identity *identities, unsigned long identities_count) {
CK_ATTRIBUTE *curr_attr;
unsigned long id_idx, attr_idx;
|
| ︙ | | |
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550
3551
3552
3553
3554
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
|
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
|
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-
-
+
-
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
+
+
-
-
-
-
+
|
cackey_free_certs(identities[id_idx].pcsc_identity, 1, 1);
}
}
free(identities);
}
static unsigned long cackey_read_dod_identities(struct cackey_identity *identities, unsigned long num_dod_certs) {
unsigned long cert_idx, id_idx = 0;
if (identities == NULL) {
return(num_dod_certs * 3);
}
for (cert_idx = 0; cert_idx < num_dod_certs; cert_idx++) {
identities[id_idx].pcsc_identity = NULL;
identities[id_idx].attributes = cackey_get_attributes(CKO_CERTIFICATE, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
id_idx++;
identities[id_idx].pcsc_identity = NULL;
identities[id_idx].attributes = cackey_get_attributes(CKO_PUBLIC_KEY, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
id_idx++;
identities[id_idx].pcsc_identity = NULL;
identities[id_idx].attributes = cackey_get_attributes(CKO_NETSCAPE_TRUST, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
id_idx++;
}
return(id_idx);
}
unsigned long num_certs, num_dod_certs, cert_idx;
int include_extra_certs = 0;
unsigned long num_certs, num_extra_certs, cert_idx;
int include_extra_certs = 1;
CACKEY_DEBUG_PRINTF("Called.");
if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) {
CACKEY_DEBUG_PRINTF("Asked not to include extra (DoD) certificates");
include_extra_certs = 0;
}
if (include_extra_certs) {
num_extra_certs = sizeof(extra_certs) / sizeof(extra_certs[0]);
CACKEY_DEBUG_PRINTF("Including %i DoD Certificates as objects on this token", num_extra_certs);
} else {
num_extra_certs = 0;
}
if (ids_found == NULL) {
CACKEY_DEBUG_PRINTF("Error. ids_found is NULL");
return(NULL);
}
#ifdef CACKEY_CARD_SLOT_INCLUDE_EXTRA_CERTS
include_extra_certs = 1;
#endif
if (getenv("CACKEY_DOD_CERTS_ON_HW_SLOTS") != NULL) {
include_extra_certs = 1;
}
if (getenv("CACKEY_NO_DOD_CERTS_ON_HW_SLOTS") != NULL) {
include_extra_certs = 0;
}
if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) {
num_dod_certs = 0;
} else {
num_dod_certs = sizeof(extra_certs) / sizeof(extra_certs[0]);
}
if (slot->internal) {
num_ids = cackey_read_dod_identities(NULL, num_dod_certs);
if (num_ids != 0) {
identities = malloc(num_ids * sizeof(*identities));
cackey_read_dod_identities(identities, num_dod_certs);
} else {
identities = NULL;
}
*ids_found = num_ids;
return(identities);
}
f (include_extra_certs) {
num_ids += cackey_read_dod_identities(NULL, num_dod_certs);
}
if (include_extra_certs) {
CACKEY_DEBUG_PRINTF("Including DoD Certificates on hardware slot");
cackey_read_dod_identities(identities + id_idx, num_dod_certs);
}
identities[id_idx].pcsc_identity = NULL;
identities[id_idx].attributes = cackey_get_attributes(CKO_PUBLIC_KEY, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
id_idx++;
identities[id_idx].pcsc_identity = NULL;
identities[id_idx].attributes = cackey_get_attributes(CKO_NETSCAPE_TRUST, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
id_idx++;
}
cackey_free_certs(pcsc_identities, num_certs, 1);
uint32_t idx, highest_slot;
uint32_t idx;
int mutex_init_ret;
CACKEY_DEBUG_PRINTF("Called.");
if (cackey_initialized) {
CACKEY_DEBUG_PRINTF("Error. Already initialized.");
|
| ︙ | | |
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
|
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
|
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
|
cackey_slots[idx].active = 0;
cackey_slots[idx].pcsc_reader = NULL;
cackey_slots[idx].transaction_depth = 0;
cackey_slots[idx].transaction_need_hw_lock = 0;
cackey_slots[idx].slot_reset = 0;
cackey_slots[idx].token_flags = 0;
cackey_slots[idx].label = NULL;
cackey_slots[idx].internal = 0;
}
if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) {
CACKEY_DEBUG_PRINTF("Asked not to include DoD certificates");
} else {
highest_slot = (sizeof(cackey_slots) / sizeof(cackey_slots[0])) - 1;
CACKEY_DEBUG_PRINTF("Including DoD certs in slot %lu", (unsigned long) highest_slot);
cackey_slots[highest_slot].active = 1;
cackey_slots[highest_slot].internal = 1;
cackey_slots[highest_slot].label = (unsigned char *) "DoD Certificates";
cackey_slots[highest_slot].pcsc_reader = "CACKey";
cackey_slots[highest_slot].token_flags = 0;
|
| ︙ | | |
3689
3690
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
3715
|
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
|
-
-
-
-
-
-
-
-
-
-
|
C_CloseSession(idx);
}
}
cackey_slots_disconnect_all();
for (idx = 0; idx < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); idx++) {
if (cackey_slots[idx].internal) {
continue;
}
if (cackey_slots[idx].cached_certs) {
cackey_free_certs(cackey_slots[idx].cached_certs, cackey_slots[idx].cached_certs_count, 1);
cackey_slots[idx].cached_certs = NULL;
}
|
| ︙ | | |
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
|
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
|
-
-
+
-
|
return(CKR_OK);
}
/*
* Process list of readers, and create mapping between reader name and slot ID
*/
CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
static int first_call = 1;
CK_ULONG count, slot_count = 0, currslot, slot_idx;
CK_ULONG count, slot_count = 0, currslot;
char *pcsc_readers, *pcsc_readers_s, *pcsc_readers_e;
DWORD pcsc_readers_len;
LONG scard_listreaders_ret;
size_t curr_reader_len;
int slot_reset;
|
| ︙ | | |
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
|
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
|
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-
-
+
+
-
+
-
-
-
-
-
-
+
+
-
-
+
+
-
-
+
+
-
-
+
+
-
+
-
-
-
|
if (mutex_retval != 0) {
CACKEY_DEBUG_PRINTF("Error. Locking failed.");
return(CKR_GENERAL_ERROR);
}
/* Clear list of slots */
slot_reset = 0;
if (first_call) {
first_call = 0;
slot_reset = 1;
}
/* If any of the slots have been reset then purge all information and check again */
for (currslot = 0; currslot < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); currslot++) {
if (cackey_slots[currslot].internal) {
continue;
}
if (!cackey_slots[currslot].active) {
continue;
}
if (cackey_slots[currslot].slot_reset) {
slot_reset = 1;
break;
}
}
if (slot_reset) {
CACKEY_DEBUG_PRINTF("Purging all slot information.");
/* Only update the list of slots if we are actually being supply the slot information */
cackey_slots_disconnect_all();
for (currslot = 0; currslot < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); currslot++) {
if (cackey_slots[currslot].internal) {
continue;
}
if (cackey_slots[currslot].pcsc_reader) {
free(cackey_slots[currslot].pcsc_reader);
cackey_slots[currslot].pcsc_reader = NULL;
}
if (cackey_slots[currslot].label) {
free(cackey_slots[currslot].label);
cackey_slots[currslot].label = NULL;
}
cackey_slots[currslot].active = 0;
}
} else {
|
| ︙ | | |
3873
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939
3940
3941
3942
|
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
3715
3716
3717
|
-
-
-
-
-
-
-
-
-
-
+
-
-
-
-
-
-
-
+
+
+
+
+
+
+
-
+
-
-
-
-
-
-
+
+
+
-
-
-
+
+
+
-
|
scard_listreaders_ret = SCardListReaders(*cackey_pcsc_handle, NULL, pcsc_readers, &pcsc_readers_len);
if (scard_listreaders_ret == SCARD_S_SUCCESS) {
pcsc_readers_e = pcsc_readers + pcsc_readers_len;
/* Start with Slot ID 1, to avoid a bug in GDM on RHEL */
/* Bug 594911: https://bugzilla.redhat.com/show_bug.cgi?id=594911 */
currslot = 1;
slot_count = 0;
/* Find next available slot */
for (; currslot < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); currslot++) {
if (!cackey_slots[currslot].active) {
break;
}
}
if (slot_reset) {
cackey_slots[currslot].active = 1;
cackey_slots[currslot].internal = 0;
cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);
cackey_slots[currslot].pcsc_card_connected = 0;
cackey_slots[currslot].transaction_depth = 0;
cackey_slots[currslot].transaction_need_hw_lock = 0;
cackey_slots[currslot].token_flags = CKF_LOGIN_REQUIRED;
cackey_slots[currslot].label = NULL;
cackey_mark_slot_reset(&cackey_slots[currslot]);
}
} else {
/* Artificially increase the number of active slots by what will become active */
slot_count++;
for (currslot = 0; currslot < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); currslot++) {
if (cackey_slots[currslot].active) {
/* Start with Slot ID 1, to avoid a bug in GDM on RHEL */
/* Bug 594911: https://bugzilla.redhat.com/show_bug.cgi?id=594911 */
if (currslot > 1) {
CACKEY_DEBUG_PRINTF("Found active slot %lu", (unsigned long) currslot);
slot_count++;
}
|
| ︙ | | |
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
3990
3991
3992
3993
3994
3995
3996
3997
3998
3999
4000
4001
4002
4003
4004
4005
|
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
|
-
-
-
-
-
-
+
-
-
-
+
-
-
-
-
-
-
+
-
-
-
-
-
-
-
+
-
-
-
-
-
-
-
-
|
return(CKR_OK);
}
count = *pulCount;
if (count < slot_count) {
CACKEY_DEBUG_PRINTF("Error. User allocated %lu entries, but we have %lu entries.", count, slot_count);
CACKEY_DEBUG_PRINTF("Returning CKR_BUFFER_TOO_SMALL");
mutex_retval = cackey_mutex_lock(cackey_biglock);
if (mutex_retval != 0) {
CACKEY_DEBUG_PRINTF("Error. Locking failed.");
return(CKR_GENERAL_ERROR);
}
slot_idx = 0;
for (currslot = 0; (currslot < (sizeof(cackey_slots) / sizeof(cackey_slots[0]))); currslot++) {
if (!cackey_slots[currslot].active) {
continue;
}
if (slot_idx >= count) {
CACKEY_DEBUG_PRINTF("Error. User allocated %lu entries, but we just tried to write to the %lu index -- ignoring", count, slot_idx);
continue;
}
_idx] = currslot;
slot_idx++;
}
mutex_retval = cackey_mutex_unlock(cackey_biglock);
if (mutex_retval != 0) {
CACKEY_DEBUG_PRINTF("Error. Unlocking failed.");
return(CKR_GENERAL_ERROR);
|
| ︙ | | |
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
|
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
|
-
+
-
-
-
-
|
CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
cackey_mutex_unlock(cackey_biglock);
return(CKR_SLOT_ID_INVALID);
}
pInfo->flags = CKF_HW_SLOT;
pInfo->flags = CKF_REMOVABLE_DEVICE | CKF_HW_SLOT;
if (!cackey_slots[slotID].internal) {
pInfo->flags |= CKF_REMOVABLE_DEVICE;
}
|
| ︙ | | |
5213
5214
5215
5216
5217
5218
5219
5220
5221
5222
5223
5224
5225
5226
5227
5228
5229
5230
|
4958
4959
4960
4961
4962
4963
4964
4965
4966
4967
4968
4969
4970
4971
|
-
-
-
-
|
CK_DEFINE_FUNCTION(CK_RV, C_FindObjects)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount, CK_ULONG_PTR pulObjectCount) {
struct cackey_identity *curr_id;
CK_ATTRIBUTE *curr_attr;
CK_ULONG curr_id_idx, curr_out_id_idx, curr_attr_idx, sess_attr_idx;
CK_ULONG matched_count, prev_matched_count;
int mutex_retval;
#ifdef CACKEY_DEBUG_SEARCH_SPEEDTEST
struct timeval start, end;
uint64_t start_int, end_int;
#endif
|
| ︙ | | |
5282
5283
5284
5285
5286
5287
5288
5289
5290
5291
5292
5293
5294
5295
5296
5297
5298
5299
|
5023
5024
5025
5026
5027
5028
5029
5030
5031
5032
5033
5034
5035
5036
|
-
-
-
-
|
cackey_mutex_unlock(cackey_biglock);
CACKEY_DEBUG_PRINTF("Error. Search not active.");
return(CKR_OPERATION_NOT_INITIALIZED);
}
#ifdef CACKEY_DEBUG_SEARCH_SPEEDTEST
gettimeofday(&start, NULL);
#endif
|
| ︙ | | |
5331
5332
5333
5334
5335
5336
5337
5338
5339
5340
5341
5342
5343
5344
5345
5346
5347
5348
5349
5350
5351
|
5068
5069
5070
5071
5072
5073
5074
5075
5076
5077
5078
5079
5080
5081
|
-
-
-
-
-
-
-
|
} else {
CACKEY_DEBUG_PRINTF(" ... Not all %i (only found %i) attributes checked for found, not adding identity:%i", (int) cackey_sessions[hSession].search_query_count, (int) matched_count, (int) curr_id_idx);
}
}
cackey_sessions[hSession].search_curr_id = curr_id_idx;
*pulObjectCount = curr_out_id_idx;
#ifdef CACKEY_DEBUG_SEARCH_SPEEDTEST
gettimeofday(&end, NULL);
start_int = (start.tv_sec * 1000000) + start.tv_usec;
end_int = (end.tv_sec * 1000000) + end.tv_usec;
fprintf(stderr, "Search took %lu microseconds\n", (unsigned long) (end_int - start_int));
#endif
|
| ︙ | | |
5971
5972
5973
5974
5975
5976
5977
5978
5979
5980
5981
5982
5983
5984
5985
|
5701
5702
5703
5704
5705
5706
5707
5708
5709
5710
5711
5712
5713
5714
5715
|
-
+
|
cackey_sessions[hSession].sign_mechanism = pMechanism->mechanism;
cackey_sessions[hSession].sign_buflen = 128;
cackey_sessions[hSession].sign_bufused = 0;
cackey_sessions[hSession].sign_buf = malloc(sizeof(*cackey_sessions[hSession].sign_buf) * cackey_sessions[hSession].sign_buflen);
CACKEY_DEBUG_PRINTF("Session %lu sign_identity is %p (identity #%lu)", (unsigned long) hSession, (void *) &cackey_sessions[hSession].identities[hKey], (unsigned long) hKey);
CACKEY_DEBUG_PRINTF("Session %lu sign_identity is %p (identity #%lu)", (unsigned long) hSession, &cackey_sessions[hSession].identities[hKey], (unsigned long) hKey);
cackey_sessions[hSession].sign_identity = &cackey_sessions[hSession].identities[hKey];
mutex_retval = cackey_mutex_unlock(cackey_biglock);
if (mutex_retval != 0) {
CACKEY_DEBUG_PRINTF("Error. Unlocking failed.");
return(CKR_GENERAL_ERROR);
|
| ︙ | | |
6233
6234
6235
6236
6237
6238
6239
6240
6241
6242
6243
6244
6245
6246
6247
|
5963
5964
5965
5966
5967
5968
5969
5970
5971
5972
5973
5974
5975
5976
5977
|
-
+
|
return(CKR_GENERAL_ERROR);
}
switch (cackey_sessions[hSession].sign_mechanism) {
case CKM_RSA_PKCS:
/* Ask card to sign */
CACKEY_DEBUG_PRINTF("Asking to sign from identity %p in session %lu", (void *) cackey_sessions[hSession].sign_identity, (unsigned long) hSession);
CACKEY_DEBUG_PRINTF("Asking to sign from identity %p in session %lu", cackey_sessions[hSession].sign_identity, (unsigned long) hSession);
sigbuflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].sign_identity, cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_bufused, sigbuf, sizeof(sigbuf), 1, 0);
if (sigbuflen < 0) {
/* Signing failed. */
if (sigbuflen == CACKEY_PCSC_E_NEEDLOGIN) {
retval = CKR_USER_NOT_LOGGED_IN;
} else if (sigbuflen == CACKEY_PCSC_E_TOKENABSENT) {
|
| ︙ | | |