Differences From Artifact [3db9c71bd5]:
- File
cackey.c
— part of check-in
[a5af46b2b5]
at
2012-07-30 05:06:18
on branch trunk
— Updated to cache certificate information
Added a C_FindObject() speed test macro
Updated to reset slot less frequently (user: rkeene, size: 186158) [annotate] [blame] [check-ins using]
To Artifact [dce840ec61]:
- File
cackey.c
— part of check-in
[638b5f52a7]
at
2012-05-09 16:38:24
on branch trunk
— Updated to print attribute type as string in lookups
Updated to include public key objects for DoD certificates (user: rkeene, size: 179862) [annotate] [blame] [check-ins using]
| ︙ | ︙ | |||
40 41 42 43 44 45 46 | # include <zlib.h> # endif #else # ifdef HAVE_LIBZ # undef HAVE_LIBZ # endif #endif | < < < | 40 41 42 43 44 45 46 47 48 49 50 51 52 53 | # include <zlib.h> # endif #else # ifdef HAVE_LIBZ # undef HAVE_LIBZ # endif #endif #define CK_PTR * #define CK_DEFINE_FUNCTION(returnType, name) returnType name #define CK_DECLARE_FUNCTION(returnType, name) returnType name #define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name) #define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name) #ifndef NULL_PTR |
| ︙ | ︙ | |||
173 174 175 176 177 178 179 | #define MAX_ATR_SIZE 1024 #endif #ifdef CACKEY_DEBUG # ifdef HAVE_TIME_H # include <time.h> static time_t cackey_debug_start_time = 0; | | | | | | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | | | | | | | | | | | | | 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 |
#define MAX_ATR_SIZE 1024
#endif
#ifdef CACKEY_DEBUG
# ifdef HAVE_TIME_H
# include <time.h>
static time_t cackey_debug_start_time = 0;
# define CACKEY_DEBUG_PRINTTIME { if (cackey_debug_start_time == 0) { cackey_debug_start_time = time(NULL); }; fprintf(stderr, "[%lu]: ", (unsigned long) (time(NULL) - cackey_debug_start_time)); }
# else
# define CACKEY_DEBUG_PRINTTIME /**/
# endif
# define CACKEY_DEBUG_PRINTF(x...) { CACKEY_DEBUG_PRINTTIME; fprintf(stderr, "%s():%i: ", __func__, __LINE__); fprintf(stderr, x); fprintf(stderr, "\n"); fflush(stderr); }
# define CACKEY_DEBUG_PRINTBUF(f, x, y) { unsigned char *TMPBUF; unsigned long idx; TMPBUF = (unsigned char *) (x); CACKEY_DEBUG_PRINTTIME; fprintf(stderr, "%s():%i: %s (%s/%lu = {%02x", __func__, __LINE__, f, #x, (unsigned long) (y), TMPBUF[0]); for (idx = 1; idx < (y); idx++) { fprintf(stderr, ", %02x", TMPBUF[idx]); }; fprintf(stderr, "})\n"); fflush(stderr); }
# define CACKEY_DEBUG_PERROR(x) { fprintf(stderr, "%s():%i: ", __func__, __LINE__); CACKEY_DEBUG_PRINTTIME; perror(x); fflush(stderr); }
# define free(x) { CACKEY_DEBUG_PRINTF("FREE(%p) (%s)", x, #x); free(x); }
static void *CACKEY_DEBUG_FUNC_MALLOC(size_t size, const char *func, int line) {
void *retval;
retval = malloc(size);
CACKEY_DEBUG_PRINTTIME;
fprintf(stderr, "%s():%i: ", func, line);
fprintf(stderr, "MALLOC() = %p", retval);
fprintf(stderr, "\n");
fflush(stderr);
return(retval);
}
static void *CACKEY_DEBUG_FUNC_REALLOC(void *ptr, size_t size, const char *func, int line) {
void *retval;
retval = realloc(ptr, size);
if (retval != ptr) {
CACKEY_DEBUG_PRINTTIME;
fprintf(stderr, "%s():%i: ", func, line);
fprintf(stderr, "REALLOC(%p) = %p", ptr, retval);
fprintf(stderr, "\n");
fflush(stderr);
}
if (retval == NULL) {
CACKEY_DEBUG_PRINTF(" *** ERROR *** realloc returned NULL (size = %lu)", (unsigned long) size);
}
return(retval);
}
static char *CACKEY_DEBUG_FUNC_STRDUP(const char *ptr, const char *func, int line) {
char *retval;
retval = strdup(ptr);
CACKEY_DEBUG_PRINTTIME;
fprintf(stderr, "%s():%i: ", func, line);
fprintf(stderr, "STRDUP_MALLOC() = %p", retval);
fprintf(stderr, "\n");
fflush(stderr);
return(retval);
}
static const char *CACKEY_DEBUG_FUNC_TAG_TO_STR(unsigned char tag) {
switch (tag) {
case GSCIS_TAG_CARDID:
|
| ︙ | ︙ | |||
712 713 714 715 716 717 718 |
CK_VOID_PTR decrypt_mech_parm;
CK_ULONG decrypt_mech_parmlen;
struct cackey_identity *decrypt_identity;
};
struct cackey_slot {
int active;
| < < < < | 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 |
CK_VOID_PTR decrypt_mech_parm;
CK_ULONG decrypt_mech_parmlen;
struct cackey_identity *decrypt_identity;
};
struct cackey_slot {
int active;
char *pcsc_reader;
int pcsc_card_connected;
SCARDHANDLE pcsc_card;
int transaction_depth;
int transaction_need_hw_lock;
int slot_reset;
CK_FLAGS token_flags;
unsigned char *label;
DWORD protocol;
};
typedef enum {
CACKEY_TLV_APP_GENERIC = 0x01,
CACKEY_TLV_APP_SKI = 0x02,
CACKEY_TLV_APP_PKI = 0x04
} cackey_tlv_apptype;
|
| ︙ | ︙ | |||
860 861 862 863 864 865 866 |
*/
static void cackey_slots_disconnect_all(void) {
uint32_t idx;
CACKEY_DEBUG_PRINTF("Called.");
for (idx = 0; idx < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); idx++) {
| < < < < < | 808 809 810 811 812 813 814 815 816 817 818 819 820 821 |
*/
static void cackey_slots_disconnect_all(void) {
uint32_t idx;
CACKEY_DEBUG_PRINTF("Called.");
for (idx = 0; idx < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); idx++) {
if (cackey_slots[idx].pcsc_card_connected) {
CACKEY_DEBUG_PRINTF("SCardDisconnect(%lu) called", (unsigned long) idx);
SCardDisconnect(cackey_slots[idx].pcsc_card, SCARD_LEAVE_CARD);
}
if (cackey_slots[idx].label) {
|
| ︙ | ︙ | |||
2089 2090 2091 2092 2093 2094 2095 |
if (free_start) {
free(start);
}
return;
}
| < < < < < < < < < < < < < < < < < < < < < < < < | 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 |
if (free_start) {
free(start);
}
return;
}
/*
* SYNPOSIS
* ...
*
* ARGUMENTS
* ...
*
|
| ︙ | ︙ | |||
2153 2154 2155 2156 2157 2158 2159 |
if (*count == 0) {
CACKEY_DEBUG_PRINTF("Requested we return 0 objects, short-circuit");
return(certs);
}
}
| < < < < < < < < < < < < < < < < < < < < < < < < | 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 |
if (*count == 0) {
CACKEY_DEBUG_PRINTF("Requested we return 0 objects, short-circuit");
return(certs);
}
}
/* Begin a SmartCard transaction */
transaction_ret = cackey_begin_transaction(slot);
if (transaction_ret != CACKEY_PCSC_S_OK) {
CACKEY_DEBUG_PRINTF("Unable begin transaction, returning in failure");
return(NULL);
}
|
| ︙ | ︙ | |||
2298 2299 2300 2301 2302 2303 2304 |
*count = outidx;
if (certs_resizable) {
certs = realloc(certs, sizeof(*certs) * (*count));
}
| < < < | 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 |
*count = outidx;
if (certs_resizable) {
certs = realloc(certs, sizeof(*certs) * (*count));
}
/* Terminate SmartCard Transaction */
cackey_end_transaction(slot);
return(certs);
}
/*
|
| ︙ | ︙ | |||
2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 2478 2479 |
return(CACKEY_PCSC_E_NEEDLOGIN);
}
if (send_ret == CACKEY_PCSC_E_TOKENABSENT) {
CACKEY_DEBUG_PRINTF("Token absent. Returning TOKENABSENT");
cackey_mark_slot_reset(slot);
return(CACKEY_PCSC_E_TOKENABSENT);
}
return(-1);
}
| > | 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 |
return(CACKEY_PCSC_E_NEEDLOGIN);
}
if (send_ret == CACKEY_PCSC_E_TOKENABSENT) {
CACKEY_DEBUG_PRINTF("Token absent. Returning TOKENABSENT");
cackey_mark_slot_reset(slot);
slot->token_flags = CKF_LOGIN_REQUIRED;
return(CACKEY_PCSC_E_TOKENABSENT);
}
return(-1);
}
|
| ︙ | ︙ | |||
2659 2660 2661 2662 2663 2664 2665 |
*
* NOTES
* ...
*
*/
static cackey_ret cackey_token_present(struct cackey_slot *slot) {
cackey_ret pcsc_connect_ret;
| | < < < < < < | 2552 2553 2554 2555 2556 2557 2558 2559 2560 2561 2562 2563 2564 2565 2566 2567 2568 2569 2570 2571 |
*
* NOTES
* ...
*
*/
static cackey_ret cackey_token_present(struct cackey_slot *slot) {
cackey_ret pcsc_connect_ret;
DWORD reader_len, state, protocol, atr_len;
BYTE atr[MAX_ATR_SIZE];
LONG status_ret, scard_reconn_ret;
CACKEY_DEBUG_PRINTF("Called.");
pcsc_connect_ret = cackey_connect_card(slot);
if (pcsc_connect_ret != CACKEY_PCSC_S_OK) {
CACKEY_DEBUG_PRINTF("Unable to connect to card, returning token absent");
return(CACKEY_PCSC_E_TOKENABSENT);
}
|
| ︙ | ︙ | |||
2760 2761 2762 2763 2764 2765 2766 |
*
* NOTES
* ...
*
*/
static ssize_t cackey_pcsc_identity_to_label(struct cackey_pcsc_identity *identity, unsigned char *label_buf, unsigned long label_buf_len) {
unsigned long certificate_len;
| | | 2647 2648 2649 2650 2651 2652 2653 2654 2655 2656 2657 2658 2659 2660 2661 |
*
* NOTES
* ...
*
*/
static ssize_t cackey_pcsc_identity_to_label(struct cackey_pcsc_identity *identity, unsigned char *label_buf, unsigned long label_buf_len) {
unsigned long certificate_len;
char *label_asn1;
void *certificate;
int x509_read_ret;
certificate = identity->certificate;
certificate_len = identity->certificate_len;
if (certificate_len < 0) {
|
| ︙ | ︙ | |||
3431 3432 3433 3434 3435 3436 3437 | free(retval); retval = NULL; } *pulCount = numattrs; | | | 3318 3319 3320 3321 3322 3323 3324 3325 3326 3327 3328 3329 3330 3331 3332 |
free(retval);
retval = NULL;
}
*pulCount = numattrs;
CACKEY_DEBUG_PRINTF("Returning %lu objects (%p).", numattrs, retval);
return(retval);
}
static void cackey_free_identities(struct cackey_identity *identities, unsigned long identities_count) {
CK_ATTRIBUTE *curr_attr;
unsigned long id_idx, attr_idx;
|
| ︙ | ︙ | |||
3465 3466 3467 3468 3469 3470 3471 | cackey_free_certs(identities[id_idx].pcsc_identity, 1, 1); } } free(identities); } | < < < < < < < < < < < < < < < < < < < < < < < < | | > > > > > > > > > > > > > > < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | < < > | | > > > > | > > | > > > | < < < | | 3352 3353 3354 3355 3356 3357 3358 3359 3360 3361 3362 3363 3364 3365 3366 3367 3368 3369 3370 3371 3372 3373 3374 3375 3376 3377 3378 3379 3380 3381 3382 3383 3384 3385 3386 3387 3388 3389 3390 3391 3392 3393 3394 3395 3396 3397 3398 3399 3400 3401 3402 3403 3404 3405 3406 3407 3408 3409 3410 3411 3412 3413 3414 3415 3416 3417 3418 3419 3420 3421 3422 3423 3424 3425 3426 3427 3428 3429 3430 3431 3432 3433 3434 3435 3436 3437 3438 3439 3440 3441 3442 3443 3444 3445 3446 |
cackey_free_certs(identities[id_idx].pcsc_identity, 1, 1);
}
}
free(identities);
}
static struct cackey_identity *cackey_read_identities(struct cackey_slot *slot, unsigned long *ids_found) {
struct cackey_pcsc_identity *pcsc_identities;
struct cackey_identity *identities;
unsigned long num_ids, id_idx, curr_id_type;
unsigned long num_certs, num_extra_certs, cert_idx;
int include_extra_certs = 1;
CACKEY_DEBUG_PRINTF("Called.");
if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) {
CACKEY_DEBUG_PRINTF("Asked not to include extra (DoD) certificates");
include_extra_certs = 0;
}
if (include_extra_certs) {
num_extra_certs = sizeof(extra_certs) / sizeof(extra_certs[0]);
CACKEY_DEBUG_PRINTF("Including %i DoD Certificates as objects on this token", num_extra_certs);
} else {
num_extra_certs = 0;
}
if (ids_found == NULL) {
CACKEY_DEBUG_PRINTF("Error. ids_found is NULL");
return(NULL);
}
pcsc_identities = cackey_read_certs(slot, NULL, &num_certs);
if (pcsc_identities != NULL) {
/* Convert number of Certs to number of objects */
num_ids = (CKO_PRIVATE_KEY - CKO_CERTIFICATE + 1) * num_certs;
num_ids += num_extra_certs * 3;
identities = malloc(num_ids * sizeof(*identities));
/* Add certificates, public keys, and private keys from the smartcard */
id_idx = 0;
for (cert_idx = 0; cert_idx < num_certs; cert_idx++) {
for (curr_id_type = CKO_CERTIFICATE; curr_id_type <= CKO_PRIVATE_KEY; curr_id_type++) {
identities[id_idx].attributes = cackey_get_attributes(curr_id_type, &pcsc_identities[cert_idx], cert_idx, &identities[id_idx].attributes_count);
identities[id_idx].pcsc_identity = malloc(sizeof(*identities[id_idx].pcsc_identity));
memcpy(identities[id_idx].pcsc_identity, &pcsc_identities[cert_idx], sizeof(*identities[id_idx].pcsc_identity));
identities[id_idx].pcsc_identity->certificate = malloc(pcsc_identities[cert_idx].certificate_len);
memcpy(identities[id_idx].pcsc_identity->certificate, pcsc_identities[cert_idx].certificate, pcsc_identities[cert_idx].certificate_len);
id_idx++;
}
}
cackey_free_certs(pcsc_identities, num_certs, 1);
/* Add DoD Certificates and Netscape Trust Objects */
for (cert_idx = 0; cert_idx < num_extra_certs; cert_idx++) {
identities[id_idx].pcsc_identity = NULL;
identities[id_idx].attributes = cackey_get_attributes(CKO_CERTIFICATE, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
id_idx++;
identities[id_idx].pcsc_identity = NULL;
identities[id_idx].attributes = cackey_get_attributes(CKO_PUBLIC_KEY, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
id_idx++;
identities[id_idx].pcsc_identity = NULL;
identities[id_idx].attributes = cackey_get_attributes(CKO_NETSCAPE_TRUST, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
id_idx++;
}
*ids_found = num_ids;
return(identities);
}
*ids_found = 0;
return(NULL);
}
CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) {
CK_C_INITIALIZE_ARGS CK_PTR args;
uint32_t idx;
int mutex_init_ret;
CACKEY_DEBUG_PRINTF("Called.");
if (cackey_initialized) {
CACKEY_DEBUG_PRINTF("Error. Already initialized.");
|
| ︙ | ︙ | |||
3627 3628 3629 3630 3631 3632 3633 | cackey_slots[idx].active = 0; cackey_slots[idx].pcsc_reader = NULL; cackey_slots[idx].transaction_depth = 0; cackey_slots[idx].transaction_need_hw_lock = 0; cackey_slots[idx].slot_reset = 0; cackey_slots[idx].token_flags = 0; cackey_slots[idx].label = NULL; | < < < < < < < < < < < < < < < | 3474 3475 3476 3477 3478 3479 3480 3481 3482 3483 3484 3485 3486 3487 |
cackey_slots[idx].active = 0;
cackey_slots[idx].pcsc_reader = NULL;
cackey_slots[idx].transaction_depth = 0;
cackey_slots[idx].transaction_need_hw_lock = 0;
cackey_slots[idx].slot_reset = 0;
cackey_slots[idx].token_flags = 0;
cackey_slots[idx].label = NULL;
}
cackey_initialized = 1;
if (!cackey_biglock_init) {
mutex_init_ret = cackey_mutex_create(&cackey_biglock);
|
| ︙ | ︙ | |||
3689 3690 3691 3692 3693 3694 3695 |
C_CloseSession(idx);
}
}
cackey_slots_disconnect_all();
for (idx = 0; idx < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); idx++) {
| < < < < < < < < < < | 3521 3522 3523 3524 3525 3526 3527 3528 3529 3530 3531 3532 3533 3534 3535 3536 3537 |
C_CloseSession(idx);
}
}
cackey_slots_disconnect_all();
for (idx = 0; idx < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); idx++) {
if (cackey_slots[idx].pcsc_reader) {
free(cackey_slots[idx].pcsc_reader);
}
}
cackey_pcsc_disconnect();
cackey_initialized = 0;
CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
|
| ︙ | ︙ | |||
3754 3755 3756 3757 3758 3759 3760 |
return(CKR_OK);
}
/*
* Process list of readers, and create mapping between reader name and slot ID
*/
CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
| < | < | 3576 3577 3578 3579 3580 3581 3582 3583 3584 3585 3586 3587 3588 3589 3590 3591 3592 3593 3594 3595 3596 |
return(CKR_OK);
}
/*
* Process list of readers, and create mapping between reader name and slot ID
*/
CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
int mutex_retval;
int pcsc_connect_ret;
CK_ULONG count, slot_count = 0, currslot;
char *pcsc_readers, *pcsc_readers_s, *pcsc_readers_e;
DWORD pcsc_readers_len;
LONG scard_listreaders_ret;
size_t curr_reader_len;
CACKEY_DEBUG_PRINTF("Called.");
if (pulCount == NULL) {
CACKEY_DEBUG_PRINTF("Error. pulCount is NULL.");
return(CKR_ARGUMENTS_BAD);
|
| ︙ | ︙ | |||
3786 3787 3788 3789 3790 3791 3792 |
if (mutex_retval != 0) {
CACKEY_DEBUG_PRINTF("Error. Locking failed.");
return(CKR_GENERAL_ERROR);
}
/* Clear list of slots */
| < < < < < < < < < < < < < < < < < < < < < < < < < | | | | < < < < | | | | | | | | | < < < | 3606 3607 3608 3609 3610 3611 3612 3613 3614 3615 3616 3617 3618 3619 3620 3621 3622 3623 3624 3625 3626 3627 3628 3629 3630 3631 3632 3633 3634 3635 3636 3637 3638 3639 |
if (mutex_retval != 0) {
CACKEY_DEBUG_PRINTF("Error. Locking failed.");
return(CKR_GENERAL_ERROR);
}
/* Clear list of slots */
if (pSlotList) {
CACKEY_DEBUG_PRINTF("Purging all slot information.");
/* Only update the list of slots if we are actually being supply the slot information */
cackey_slots_disconnect_all();
for (currslot = 0; currslot < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); currslot++) {
if (cackey_slots[currslot].pcsc_reader) {
free(cackey_slots[currslot].pcsc_reader);
cackey_slots[currslot].pcsc_reader = NULL;
}
if (cackey_slots[currslot].label) {
free(cackey_slots[currslot].label);
cackey_slots[currslot].label = NULL;
}
cackey_slots[currslot].active = 0;
}
}
/* Determine list of readers */
pcsc_connect_ret = cackey_pcsc_connect();
if (pcsc_connect_ret != CACKEY_PCSC_S_OK) {
CACKEY_DEBUG_PRINTF("Connection to PC/SC failed, assuming no slots");
|
| ︙ | ︙ | |||
3873 3874 3875 3876 3877 3878 3879 |
scard_listreaders_ret = SCardListReaders(*cackey_pcsc_handle, NULL, pcsc_readers, &pcsc_readers_len);
if (scard_listreaders_ret == SCARD_S_SUCCESS) {
pcsc_readers_e = pcsc_readers + pcsc_readers_len;
/* Start with Slot ID 1, to avoid a bug in GDM on RHEL */
/* Bug 594911: https://bugzilla.redhat.com/show_bug.cgi?id=594911 */
currslot = 1;
| < < < < < < < < < | < | | | | > | | | < < < < | > | < | > | < | 3661 3662 3663 3664 3665 3666 3667 3668 3669 3670 3671 3672 3673 3674 3675 3676 3677 3678 3679 3680 3681 3682 3683 3684 3685 3686 3687 3688 3689 3690 3691 3692 3693 3694 3695 3696 3697 3698 3699 3700 3701 3702 3703 3704 3705 3706 3707 3708 3709 3710 3711 3712 3713 3714 3715 3716 3717 |
scard_listreaders_ret = SCardListReaders(*cackey_pcsc_handle, NULL, pcsc_readers, &pcsc_readers_len);
if (scard_listreaders_ret == SCARD_S_SUCCESS) {
pcsc_readers_e = pcsc_readers + pcsc_readers_len;
/* Start with Slot ID 1, to avoid a bug in GDM on RHEL */
/* Bug 594911: https://bugzilla.redhat.com/show_bug.cgi?id=594911 */
currslot = 1;
while (pcsc_readers < pcsc_readers_e) {
curr_reader_len = strlen(pcsc_readers);
if ((pcsc_readers + curr_reader_len) > pcsc_readers_e) {
break;
}
if (curr_reader_len == 0) {
break;
}
if (currslot >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
CACKEY_DEBUG_PRINTF("Found more readers than slots are available!");
break;
}
CACKEY_DEBUG_PRINTF("Found reader: %s", pcsc_readers);
/* Only update the list of slots if we are actually being asked supply the slot information */
if (pSlotList) {
cackey_slots[currslot].active = 1;
cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);
cackey_slots[currslot].pcsc_card_connected = 0;
cackey_slots[currslot].transaction_depth = 0;
cackey_slots[currslot].transaction_need_hw_lock = 0;
cackey_slots[currslot].slot_reset = 1;
cackey_slots[currslot].token_flags = CKF_LOGIN_REQUIRED;
cackey_slots[currslot].label = NULL;
cackey_mark_slot_reset(&cackey_slots[currslot]);
}
currslot++;
pcsc_readers += curr_reader_len + 1;
}
/* Start with Slot ID 1, to avoid a bug in GDM on RHEL */
/* Bug 594911: https://bugzilla.redhat.com/show_bug.cgi?id=594911 */
if (currslot > 1) {
/* Start with Slot ID 1, to avoid a bug in GDM on RHEL */
/* Bug 594911: https://bugzilla.redhat.com/show_bug.cgi?id=594911 */
slot_count = currslot - 1;
}
} else {
CACKEY_DEBUG_PRINTF("Second call to SCardListReaders failed, return %s/%li", CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(scard_listreaders_ret), (long) scard_listreaders_ret);
}
free(pcsc_readers_s);
} else {
|
| ︙ | ︙ | |||
3959 3960 3961 3962 3963 3964 3965 |
return(CKR_OK);
}
count = *pulCount;
if (count < slot_count) {
CACKEY_DEBUG_PRINTF("Error. User allocated %lu entries, but we have %lu entries.", count, slot_count);
| < < < < < | < < | < < < < < | < < < < < < | < < < < < < < < | 3734 3735 3736 3737 3738 3739 3740 3741 3742 3743 3744 3745 3746 3747 3748 3749 3750 3751 3752 3753 3754 |
return(CKR_OK);
}
count = *pulCount;
if (count < slot_count) {
CACKEY_DEBUG_PRINTF("Error. User allocated %lu entries, but we have %lu entries.", count, slot_count);
return(CKR_BUFFER_TOO_SMALL);
}
for (currslot = 0; currslot < slot_count; currslot++) {
/* Start with Slot ID 1, to avoid a bug in GDM on RHEL */
/* Bug 594911: https://bugzilla.redhat.com/show_bug.cgi?id=594911 */
pSlotList[currslot] = currslot + 1;
}
*pulCount = slot_count;
CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i). Found %lu readers.", CKR_OK, (unsigned long) slot_count);
return(CKR_OK);
|
| ︙ | ︙ | |||
4043 4044 4045 4046 4047 4048 4049 |
CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
cackey_mutex_unlock(cackey_biglock);
return(CKR_SLOT_ID_INVALID);
}
| | < < < < | 3792 3793 3794 3795 3796 3797 3798 3799 3800 3801 3802 3803 3804 3805 3806 |
CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
cackey_mutex_unlock(cackey_biglock);
return(CKR_SLOT_ID_INVALID);
}
pInfo->flags = CKF_REMOVABLE_DEVICE | CKF_HW_SLOT;
if (cackey_token_present(&cackey_slots[slotID]) == CACKEY_PCSC_S_TOKENPRESENT) {
pInfo->flags |= CKF_TOKEN_PRESENT;
}
bytes_to_copy = strlen(cackey_slots[slotID].pcsc_reader);
if (sizeof(pInfo->manufacturerID) < bytes_to_copy) {
|
| ︙ | ︙ | |||
5213 5214 5215 5216 5217 5218 5219 |
CK_DEFINE_FUNCTION(CK_RV, C_FindObjects)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount, CK_ULONG_PTR pulObjectCount) {
struct cackey_identity *curr_id;
CK_ATTRIBUTE *curr_attr;
CK_ULONG curr_id_idx, curr_out_id_idx, curr_attr_idx, sess_attr_idx;
CK_ULONG matched_count, prev_matched_count;
int mutex_retval;
| < < < < | 4958 4959 4960 4961 4962 4963 4964 4965 4966 4967 4968 4969 4970 4971 |
CK_DEFINE_FUNCTION(CK_RV, C_FindObjects)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount, CK_ULONG_PTR pulObjectCount) {
struct cackey_identity *curr_id;
CK_ATTRIBUTE *curr_attr;
CK_ULONG curr_id_idx, curr_out_id_idx, curr_attr_idx, sess_attr_idx;
CK_ULONG matched_count, prev_matched_count;
int mutex_retval;
CACKEY_DEBUG_PRINTF("Called.");
if (!cackey_initialized) {
CACKEY_DEBUG_PRINTF("Error. Not initialized.");
return(CKR_CRYPTOKI_NOT_INITIALIZED);
|
| ︙ | ︙ | |||
5282 5283 5284 5285 5286 5287 5288 |
cackey_mutex_unlock(cackey_biglock);
CACKEY_DEBUG_PRINTF("Error. Search not active.");
return(CKR_OPERATION_NOT_INITIALIZED);
}
| < < < < | 5023 5024 5025 5026 5027 5028 5029 5030 5031 5032 5033 5034 5035 5036 |
cackey_mutex_unlock(cackey_biglock);
CACKEY_DEBUG_PRINTF("Error. Search not active.");
return(CKR_OPERATION_NOT_INITIALIZED);
}
curr_out_id_idx = 0;
for (curr_id_idx = cackey_sessions[hSession].search_curr_id; curr_id_idx < cackey_sessions[hSession].identities_count && ulMaxObjectCount; curr_id_idx++) {
curr_id = &cackey_sessions[hSession].identities[curr_id_idx];
CACKEY_DEBUG_PRINTF("Processing identity:%lu", (unsigned long) curr_id_idx);
matched_count = 0;
|
| ︙ | ︙ | |||
5331 5332 5333 5334 5335 5336 5337 |
} else {
CACKEY_DEBUG_PRINTF(" ... Not all %i (only found %i) attributes checked for found, not adding identity:%i", (int) cackey_sessions[hSession].search_query_count, (int) matched_count, (int) curr_id_idx);
}
}
cackey_sessions[hSession].search_curr_id = curr_id_idx;
*pulObjectCount = curr_out_id_idx;
| < < < < < < < | 5068 5069 5070 5071 5072 5073 5074 5075 5076 5077 5078 5079 5080 5081 |
} else {
CACKEY_DEBUG_PRINTF(" ... Not all %i (only found %i) attributes checked for found, not adding identity:%i", (int) cackey_sessions[hSession].search_query_count, (int) matched_count, (int) curr_id_idx);
}
}
cackey_sessions[hSession].search_curr_id = curr_id_idx;
*pulObjectCount = curr_out_id_idx;
mutex_retval = cackey_mutex_unlock(cackey_biglock);
if (mutex_retval != 0) {
CACKEY_DEBUG_PRINTF("Error. Unlocking failed.");
return(CKR_GENERAL_ERROR);
}
|
| ︙ | ︙ | |||
5971 5972 5973 5974 5975 5976 5977 | cackey_sessions[hSession].sign_mechanism = pMechanism->mechanism; cackey_sessions[hSession].sign_buflen = 128; cackey_sessions[hSession].sign_bufused = 0; cackey_sessions[hSession].sign_buf = malloc(sizeof(*cackey_sessions[hSession].sign_buf) * cackey_sessions[hSession].sign_buflen); | | | 5701 5702 5703 5704 5705 5706 5707 5708 5709 5710 5711 5712 5713 5714 5715 |
cackey_sessions[hSession].sign_mechanism = pMechanism->mechanism;
cackey_sessions[hSession].sign_buflen = 128;
cackey_sessions[hSession].sign_bufused = 0;
cackey_sessions[hSession].sign_buf = malloc(sizeof(*cackey_sessions[hSession].sign_buf) * cackey_sessions[hSession].sign_buflen);
CACKEY_DEBUG_PRINTF("Session %lu sign_identity is %p (identity #%lu)", (unsigned long) hSession, &cackey_sessions[hSession].identities[hKey], (unsigned long) hKey);
cackey_sessions[hSession].sign_identity = &cackey_sessions[hSession].identities[hKey];
mutex_retval = cackey_mutex_unlock(cackey_biglock);
if (mutex_retval != 0) {
CACKEY_DEBUG_PRINTF("Error. Unlocking failed.");
return(CKR_GENERAL_ERROR);
|
| ︙ | ︙ | |||
6233 6234 6235 6236 6237 6238 6239 |
return(CKR_GENERAL_ERROR);
}
switch (cackey_sessions[hSession].sign_mechanism) {
case CKM_RSA_PKCS:
/* Ask card to sign */
| | | 5963 5964 5965 5966 5967 5968 5969 5970 5971 5972 5973 5974 5975 5976 5977 |
return(CKR_GENERAL_ERROR);
}
switch (cackey_sessions[hSession].sign_mechanism) {
case CKM_RSA_PKCS:
/* Ask card to sign */
CACKEY_DEBUG_PRINTF("Asking to sign from identity %p in session %lu", cackey_sessions[hSession].sign_identity, (unsigned long) hSession);
sigbuflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].sign_identity, cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_bufused, sigbuf, sizeof(sigbuf), 1, 0);
if (sigbuflen < 0) {
/* Signing failed. */
if (sigbuflen == CACKEY_PCSC_E_NEEDLOGIN) {
retval = CKR_USER_NOT_LOGGED_IN;
} else if (sigbuflen == CACKEY_PCSC_E_TOKENABSENT) {
|
| ︙ | ︙ |