Overview
| Comment: | Merged in trunk |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | require-login-if-needed |
| Files: | files | file ages | folders |
| SHA1: | 38771da1e8cec01085e8c8b035592f9708ad771f |
| User & Date: | rkeene on 2015-07-15 20:10:57 |
| Other Links: | manifest | tags |
Context
|
2015-07-15
| ||
| 20:10 | Merged in trunk Leaf check-in: 38771da1e8 user: rkeene tags: require-login-if-needed | |
| 20:05 | Added support for updating the PIN check-in: b5ecb7c2d6 user: rkeene tags: trunk | |
|
2015-05-04
| ||
| 16:02 | Merged in trunk check-in: 6938f7a82c user: rkeene tags: require-login-if-needed | |
Changes
Modified build/builtin-certs-update from [5324a34988] to [9fea13231c].
4 5 6 7 8 9 10 11 |
ourdir="$(dirname "$(which "$0")")"
cd "${outdir}" || exit 1
make -C certs/dod distclean all
make -C certs/federal distclean all
./certs-to-c certs/*/*.crt > ../cackey_builtin_certs.h
|
> > > > > > | |
4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
ourdir="$(dirname "$(which "$0")")"
cd "${outdir}" || exit 1
make -C certs/dod distclean all
make -C certs/federal distclean all
if [ "$1" = '--commercial' ]; then
commercial='commercial'
else
commercial='SKIP'
fi
./certs-to-c certs/{dod,federal,$commercial}/*.crt > ../cackey_builtin_certs.h
|
Modified build/cackey_osx_build/Template_pmbuild/03libcackey.xml.in from [b6742d933b] to [afd3f433a1].
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
<config> <identifier>mil.army.usace.cackeyForMacOsX@@OSXVERSION@@.cackey.pkg</identifier> <version>1</version> <description></description> <post-install type="none"/> <requireAuthorization/> <installFrom relative="true" mod="true">cackey.dylib</installFrom> <installTo mod="true" relocatable="true">/usr/lib/pkcs11</installTo> <flags></flags> <packageStore type="internal"></packageStore> <mod>parent</mod> <mod>scripts.postinstall.path</mod> <mod>scripts.scriptsDirectoryPath.isRelativeType</mod> <mod>scripts.scriptsDirectoryPath.path</mod> <mod>installTo.isAbsoluteType</mod> |
| |
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
<config>
<identifier>mil.army.usace.cackeyForMacOsX@@OSXVERSION@@.cackey.pkg</identifier>
<version>1</version>
<description></description>
<post-install type="none"/>
<requireAuthorization/>
<installFrom relative="true" mod="true">cackey.dylib</installFrom>
<installTo mod="true" relocatable="true">/usr/local/lib/pkcs11</installTo>
<flags></flags>
<packageStore type="internal"></packageStore>
<mod>parent</mod>
<mod>scripts.postinstall.path</mod>
<mod>scripts.scriptsDirectoryPath.isRelativeType</mod>
<mod>scripts.scriptsDirectoryPath.path</mod>
<mod>installTo.isAbsoluteType</mod>
|
Modified build/cackey_osx_build/Template_pmbuild/04pkcs11tokend.xml.in from [793db41bea] to [4eff712abd].
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
<config>
<identifier>mil.army.usace.cackeyForMacOsX@@OSXVERSION@@.PKCS11.pkg</identifier>
<version>1</version>
<description></description>
<post-install type="none"/>
<requireAuthorization/>
<installFrom relative="true" mod="true">PKCS11.tokend</installFrom>
<installTo mod="true" relocatable="true">/System/Library/Security/tokend/PKCS11.tokend</installTo>
<flags></flags>
<packageStore type="internal"></packageStore>
<mod>parent</mod>
<mod>scripts.postinstall.path</mod>
<mod>scripts.scriptsDirectoryPath.isRelativeType</mod>
<mod>scripts.scriptsDirectoryPath.path</mod>
<mod>installTo.isAbsoluteType</mod>
|
| |
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
<config> <identifier>mil.army.usace.cackeyForMacOsX@@OSXVERSION@@.PKCS11.pkg</identifier> <version>1</version> <description></description> <post-install type="none"/> <requireAuthorization/> <installFrom relative="true" mod="true">PKCS11.tokend</installFrom> <installTo mod="true" relocatable="true">/Library/Security/tokend/PKCS11.tokend</installTo> <flags></flags> <packageStore type="internal"></packageStore> <mod>parent</mod> <mod>scripts.postinstall.path</mod> <mod>scripts.scriptsDirectoryPath.isRelativeType</mod> <mod>scripts.scriptsDirectoryPath.path</mod> <mod>installTo.isAbsoluteType</mod> |
Modified build/cackey_osx_build/Template_pmbuild/index.xml.in from [6d6f116270] to [75581e5581].
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
{\fonttbl\f0\fnil\fcharset0 LucidaGrande;}
{\colortbl;\red255\green255\blue255;}
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural\pardirnatural
\f0\fs26 \cf0 Thank you for choosing to install CACKey.\
\
To use CACKey, install /Library/CACKey/libcackey.dylib or\
/usr/lib/pkcs11/cackey.dylib as a security module into any application that can use a PKCS#11 provider.\
\
A PKCS11 Connector for Tokend (Keychain Access) will be installed in /System/Library/Security/tokend.\
To use, be sure to import the certificate authorities into Keychain Access.\
\
A debug version, /Library/CACKey/libcackey_g.dylib is provided if debug output is necessary.}]]>
</resource>
</locale>
</resources>
<requirements>
|
| | |
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
{\fonttbl\f0\fnil\fcharset0 LucidaGrande;}
{\colortbl;\red255\green255\blue255;}
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural\pardirnatural
\f0\fs26 \cf0 Thank you for choosing to install CACKey.\
\
To use CACKey, install /Library/CACKey/libcackey.dylib or\
/usr/local/lib/pkcs11/cackey.dylib as a security module into any application that can use a PKCS#11 provider.\
\
A PKCS11 Connector for Tokend (Keychain Access) will be installed in /Library/Security/tokend.\
To use, be sure to import the certificate authorities into Keychain Access.\
\
A debug version, /Library/CACKey/libcackey_g.dylib is provided if debug output is necessary.}]]>
</resource>
</locale>
</resources>
<requirements>
|
Modified build/cackey_osx_build/Template_pmbuild/scripts/03libcackey-post.sh from [1ca797dc96] to [a53c7a2b82].
1 2 3 |
#!/bin/bash chmod 755 /usr/lib/pkcs11 chown root:wheel /usr/lib/pkcs11 |
| | |
1 2 3 |
#!/bin/bash chmod 755 /usr/local/lib/pkcs11 chown root:wheel /usr/local/lib/pkcs11 |
Modified build/cackey_osx_build/Template_pmbuild/scripts/04pkcs11tokend-post.sh from [1f1313960f] to [022fa1323e].
1 2 3 |
#!/bin/bash chmod -R go+rX /System/Library/Security/tokend/PKCS11.tokend chown -R root:wheel /System/Library/Security/tokend/PKCS11.tokend |
| | |
1 2 3 |
#!/bin/bash chmod -R go+rX /Library/Security/tokend/PKCS11.tokend chown -R root:wheel /Library/Security/tokend/PKCS11.tokend |
Modified build/cackey_osx_build/build_osx.sh from [353b3acaa2] to [14980c7d5f].
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 .. 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 .. 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 ... 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 ... 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 |
fi
# Usage function
usage() {
echo "Usage: build_osx.sh <target>"
echo Where target is one of:
echo " leopard - (Builds Universal 10.5 Library for PPCG4/i386)"
echo " sltoyos - (Builds Universal 10.6/10.7/10.8/10.9/10.10 Library for i386/x86_64)"
echo " all - (Builds for all supported targets)"
echo " clean - (Cleans up)"
echo "Run from CACKey Build Root."
echo ""
echo "NOTE: Leopard build requires legacy XCode 3 components in"
echo " /Developer because of PowerPC support."
echo " All builds require gnutar, automake, and autoconf."
................................................................................
LIBTOOLDIR=/Developer/usr/share/libtool
else
LIBTOOLDIR=/Developer/usr/share/libtool/config
fi
if [ ! -d macbuild ]; then
mkdir macbuild
mkdir macbuild/Leopard
mkdir macbuild/Sltoyos
mkdir macbuild/pkg
fi
if [ ! -f config.guess ]; then
cp ${LIBTOOLDIR}/config.guess .
fi
if [ ! -f config.sub ]; then
cp ${LIBTOOLDIR}/config.sub .
................................................................................
genbuild
done
libbuild
pkgbuild
}
# Build function for Snow Leopard/Lion/Mountain Lion/Mavericks/Yosemite
sltoyos() {
makedir
HEADERS=/Developer/SDKs/MacOSX10.6.sdk/System/Library/Frameworks/PCSC.framework/Versions/A/Headers/
LIBRARY=/Developer/SDKs/MacOSX10.6.sdk/System/Library/Frameworks/PCSC.framework/PCSC
LIB=""
ARCHLIST=""
DLIB=""
DARCHLIST=""
OSX=Sltoyos
PKTARGETOS=3
CUROSXVER=10.6
for HOST in i386-apple-darwin10 x86_64-apple-darwin10; do
genbuild
done
libbuild
pkgbuild
................................................................................
sed "s|@@TARGETOS@@|${PKTARGETOS}|g" build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC} > build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}.1
sed "s|@@CUROSXVER@@|${CUROSXVER}|g" build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC} > build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}.1
sed "s|@@LIBCACKEYG@@|${LIBCACKEYG}|g" build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}.1 > build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}
cp build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC} build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}.1
mv build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}.1 build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}
done
EXT=pkg
if [ ${OSX} == "Sltoyos" ]; then
cat build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml | sed 's|for Mac OS X Sltoyos|for Mac OS X SLtoYos|g' > build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml.new
mv build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml.new build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml
fi
/Developer/Applications/Utilities/PackageMaker.app/Contents/MacOS/PackageMaker -d build/cackey_osx_build/${OSX}_pmbuild.pmdoc -o macbuild/pkg/CACKey_${CACKEY_VERSION}_${OSX}.${EXT}
tar --create --directory macbuild/pkg/ --file macbuild/pkg/CACKey_${CACKEY_VERSION}_${OSX}.${EXT}.tar CACKey_${CACKEY_VERSION}_${OSX}.${EXT}
gzip -9 macbuild/pkg/CACKey_${CACKEY_VERSION}_${OSX}.${EXT}.tar
rm -rf macbuild/pkg/CACKey_${CACKEY_VERSION}_${OSX}.${EXT}
rm -f build/cackey_osx_build/cackey.dylib
................................................................................
"leopard")
./autogen.sh
leopard
exit $?
;;
"sltoyos")
./autogen.sh
sltoyos
exit $?
;;
"all")
./autogen.sh
leopard
sltoyos
echo ""
echo "All builds complete."
exit $?
;;
"clean")
clean
|
| | | | | | | | | |
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 .. 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 .. 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 ... 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 ... 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 |
fi
# Usage function
usage() {
echo "Usage: build_osx.sh <target>"
echo Where target is one of:
echo " leopard - (Builds Universal 10.5 Library for PPCG4/i386)"
echo " slandup - (Builds Universal 10.6 and Up Library for i386/x86_64)"
echo " all - (Builds for all supported targets)"
echo " clean - (Cleans up)"
echo "Run from CACKey Build Root."
echo ""
echo "NOTE: Leopard build requires legacy XCode 3 components in"
echo " /Developer because of PowerPC support."
echo " All builds require gnutar, automake, and autoconf."
................................................................................
LIBTOOLDIR=/Developer/usr/share/libtool
else
LIBTOOLDIR=/Developer/usr/share/libtool/config
fi
if [ ! -d macbuild ]; then
mkdir macbuild
mkdir macbuild/Leopard
mkdir macbuild/Slandup
mkdir macbuild/pkg
fi
if [ ! -f config.guess ]; then
cp ${LIBTOOLDIR}/config.guess .
fi
if [ ! -f config.sub ]; then
cp ${LIBTOOLDIR}/config.sub .
................................................................................
genbuild
done
libbuild
pkgbuild
}
# Build function for Snow Leopard/Lion/Mountain Lion/Mavericks/Yosemite
slandup() {
makedir
HEADERS=/Developer/SDKs/MacOSX10.6.sdk/System/Library/Frameworks/PCSC.framework/Versions/A/Headers/
LIBRARY=/Developer/SDKs/MacOSX10.6.sdk/System/Library/Frameworks/PCSC.framework/PCSC
LIB=""
ARCHLIST=""
DLIB=""
DARCHLIST=""
OSX=Slandup
PKTARGETOS=3
CUROSXVER=10.6
for HOST in i386-apple-darwin10 x86_64-apple-darwin10; do
genbuild
done
libbuild
pkgbuild
................................................................................
sed "s|@@TARGETOS@@|${PKTARGETOS}|g" build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC} > build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}.1
sed "s|@@CUROSXVER@@|${CUROSXVER}|g" build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC} > build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}.1
sed "s|@@LIBCACKEYG@@|${LIBCACKEYG}|g" build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}.1 > build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}
cp build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC} build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}.1
mv build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}.1 build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}
done
EXT=pkg
if [ ${OSX} == "Slandup" ]; then
cat build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml | sed 's|for Mac OS X Slandup|for Mac OS X SLandUp|g' > build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml.new
mv build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml.new build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml
fi
/Developer/Applications/Utilities/PackageMaker.app/Contents/MacOS/PackageMaker -d build/cackey_osx_build/${OSX}_pmbuild.pmdoc -o macbuild/pkg/CACKey_${CACKEY_VERSION}_${OSX}.${EXT}
tar --create --directory macbuild/pkg/ --file macbuild/pkg/CACKey_${CACKEY_VERSION}_${OSX}.${EXT}.tar CACKey_${CACKEY_VERSION}_${OSX}.${EXT}
gzip -9 macbuild/pkg/CACKey_${CACKEY_VERSION}_${OSX}.${EXT}.tar
rm -rf macbuild/pkg/CACKey_${CACKEY_VERSION}_${OSX}.${EXT}
rm -f build/cackey_osx_build/cackey.dylib
................................................................................
"leopard")
./autogen.sh
leopard
exit $?
;;
"slandup")
./autogen.sh
slandup
exit $?
;;
"all")
./autogen.sh
leopard
slandup
echo ""
echo "All builds complete."
exit $?
;;
"clean")
clean
|
Modified build/certs-to-c from [1cd87f2aca] to [e4223940e0].
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
#! /bin/bash
for file in "$@"; do
rm -f tmpfile.x509
if ! openssl x509 -in "${file}" -inform pem -noout -checkend 0 >/dev/null 2>/dev/null; then
echo "warning: Skipping \"${file}\" as it is invalid or expired." >&2
continue
fi
openssl x509 -in "${file}" -out tmpfile.x509 -inform pem -outform der
pubkeylen="$(openssl x509 -in tmpfile.x509 -inform der -text -noout | grep 'RSA Public Key:' | sed 's@^.*(\([0-9][0-9]*\) bit).*$@\1@')"
certlen="$(cat tmpfile.x509 | wc -c)"
cert="$(( cat tmpfile.x509 | od -t x1 | cut -c 9- | tr "\n" ' '; echo ) | sed 's@ @@g;s@..@\\x&@g')"
cat << _EOF_
{
CACKEY_ID_TYPE_CERT_ONLY, /* id_type */
${certlen}, /* certificate_len */
(unsigned char *) "${cert}", /* certificate */
${pubkeylen} /* keysize */
},
_EOF_
done
rm -f tmpfile.x509
|
> > > > | | > |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
#! /bin/bash for file in "$@"; do if [ ! -f "${file}" ]; then continue fi rm -f tmpfile.x509 if ! openssl x509 -in "${file}" -inform pem -noout -checkend 0 >/dev/null 2>/dev/null; then echo "warning: Skipping \"${file}\" as it is invalid or expired." >&2 continue fi openssl x509 -in "${file}" -out tmpfile.x509 -inform pem -outform der pubkeylen="$(openssl x509 -in tmpfile.x509 -inform der -text -noout | grep 'Public[- ]Key:' | sed 's@^.*(\([0-9][0-9]*\) bit).*$@\1@')" certlen="$(cat tmpfile.x509 | wc -c | awk '{ print $1 }')" cert="$(( cat tmpfile.x509 | od -t x1 | cut -c 9- | tr "\n" ' '; echo ) | sed 's@ @@g;s@..@\\x&@g')" cat << _EOF_ /* ${file} */ { CACKEY_ID_TYPE_CERT_ONLY, /* id_type */ ${certlen}, /* certificate_len */ (unsigned char *) "${cert}", /* certificate */ ${pubkeylen} /* keysize */ }, _EOF_ done rm -f tmpfile.x509 |
Modified build/certs/commercial/kps-ca-1.crt from [686485547a] to [cdf1ee5afa].
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
-----BEGIN CERTIFICATE----- MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBrDELMAkGA1UEBhMCVVMx ETAPBgNVBAgTCFZpcmdpbmlhMQ8wDQYDVQQHEwZSZXN0b24xIDAeBgNVBAoTF0tu aWdodFBvaW50IFN5c3RlbXMgTExDMRcwFQYDVQQLEw5LbmlnaHRQb2ludCBJVDEY MBYGA1UECxMPS25pZ2h0UG9pbnQgUEtJMSQwIgYDVQQDExtLbmlnaHRQb2ludCBT eXN0ZW1zIFJvb3QgQ0EwHhcNMTUwMTAxMDAwMDAwWhcNMTcwMTAxMDAwMDAwWjCB qTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMQ8wDQYDVQQHEwZSZXN0 b24xIDAeBgNVBAoTF0tuaWdodFBvaW50IFN5c3RlbXMgTExDMRcwFQYDVQQLEw5L bmlnaHRQb2ludCBJVDEYMBYGA1UECxMPS25pZ2h0UG9pbnQgUEtJMSEwHwYDVQQD ExhLbmlnaHRQb2ludCBTeXN0ZW1zIENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDFB0hZlCwZFIUn/fHk/Ubeia8/pnpC/yuWs+oicBs9SvhrZNMI 8aYmnUhyaMfE+bxJrZSCYdGffm9VJxWv/suJ+Cr+9gdxWBWpqncw78agCNa5Oo2l tqjFIE6mTCd9QE6CnNJJUc1ysZaz9WmWuA1i9EQ4ybV+l7baOmvE7MNUf6sPew+W 42QjiWjri9xzpXTl3fhcYxNp/Dx5GXzJIpV+Eg5FlxKn+P75HUJpV2qpHzAzR5gM Xiee1O1PogqS1ylWQsY60fS9eIiYx08R6JeN6SISr8MOsatWsepHa8lch+NSIVeW 4QhD9NOH3JUDgTGR8aB2StmuQFEO+9daMWMfAgMBAAGjYDBeMBIGA1UdEwEB/wQI MAYBAf8CAQEwNwYDVR0fAQEABC0wKzApoCegJYYjaHR0cDovL3BraS5rbmlnaHRw b2ludC5jb20vY3JsL3Jvb3QwDwYDVR0PAQH/BAUDAweGADANBgkqhkiG9w0BAQsF AAOCAQEAFu5CYJqLuq3Ey/RBsP0tVF9s7HGDprLyhaOWSn558e4it6kLrionX+Qg 5szXlqx8LoQBj/Zq0ObGguns7C6EfwqyNXl2G+DdFNqOn491fFijvWmwl2Wotkgw CieuVGaN8JCOmLtzPM1HOr2GSAWGz59uDB+axJVIvqSJLT5UAz5OzA5ECnND5qnQ lk1FZvST8b8HZaetAFf4jZBY/2WQVyam45yNNIM5jAtr6CtUEDiWq+ReAFDHEN3p J/QfPiavPnBjBAC1xJu6HtKXNGiEMWirc6MyT3QPlCj632PcC+/MpqDSFYV+qYRK 5te0SbUIziVyglsN5+oGeEDPyiyheQ== -----END CERTIFICATE----- |
| | | | | | < < | > > | | | | | | | | | | | | | | > > |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
-----BEGIN CERTIFICATE----- MIIEfTCCA2WgAwIBAgICJxAwDQYJKoZIhvcNAQELBQAwgawxCzAJBgNVBAYTAlVT MREwDwYDVQQIEwhWaXJnaW5pYTEPMA0GA1UEBxMGUmVzdG9uMSAwHgYDVQQKExdL bmlnaHRQb2ludCBTeXN0ZW1zIExMQzEXMBUGA1UECxMOS25pZ2h0UG9pbnQgSVQx GDAWBgNVBAsTD0tuaWdodFBvaW50IFBLSTEkMCIGA1UEAxMbS25pZ2h0UG9pbnQg U3lzdGVtcyBSb290IENBMB4XDTE1MDEwMTAwMDAwMFoXDTIwMDEwMTAwMDAwMFow gakxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhWaXJnaW5pYTEPMA0GA1UEBxMGUmVz dG9uMSAwHgYDVQQKExdLbmlnaHRQb2ludCBTeXN0ZW1zIExMQzEXMBUGA1UECxMO S25pZ2h0UG9pbnQgSVQxGDAWBgNVBAsTD0tuaWdodFBvaW50IFBLSTEhMB8GA1UE AxMYS25pZ2h0UG9pbnQgU3lzdGVtcyBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAxQdIWZQsGRSFJ/3x5P1G3omvP6Z6Qv8rlrPqInAbPUr4a2TT CPGmJp1IcmjHxPm8Sa2UgmHRn35vVScVr/7Lifgq/vYHcVgVqap3MO/GoAjWuTqN pbaoxSBOpkwnfUBOgpzSSVHNcrGWs/VplrgNYvREOMm1fpe22jprxOzDVH+rD3sP luNkI4lo64vcc6V05d34XGMTafw8eRl8ySKVfhIORZcSp/j++R1CaVdqqR8wM0eY DF4nntTtT6IKktcpVkLGOtH0vXiImMdPEeiXjekiEq/DDrGrVrHqR2vJXIfjUiFX luEIQ/TTh9yVA4ExkfGgdkrZrkBRDvvXWjFjHwIDAQABo4GpMIGmMCAGA1UdDgEB AAQWBBQ4LgWOLupZrGEOIQCvWkCBLwOTcDASBgNVHRMBAf8ECDAGAQH/AgEBMDcG A1UdHwEBAAQtMCswKaAnoCWGI2h0dHA6Ly9wa2kua25pZ2h0cG9pbnQuY29tL2Ny bC9yb290MA8GA1UdDwEB/wQFAwMHhgAwJAYDVR0jAQEABBowGKAWBBQ5k0zyzDhs X4G3Lr8tKuBZMyEqnjANBgkqhkiG9w0BAQsFAAOCAQEAT6vuDz9WLADBLII9CJYc 9N69OOELuDb9E4bAj/93E9S5WpZsa/nMud5kgdLiLSlsD71Pu3lUaDxPi0lOnbI0 7g3JXNEpOvNSDBnVVD0jPC4nj2XpNFSVue1mpP5bWYHyzbruEjJtoTPzvE0an6Bp Cl96uA5MFWyKsgWtwZSnX+Ru05vSLWI7jjcAkGW+atV/iPe0vwtFJR/RiQUKyqsa We3Xyw+T0x0UwlpKMhS7d3A+f/4pVtaLtCvLZKYyLAaji+DxlIM4WIPZ0IOD/Xbb YagEem5bnPlmugrnGCxovJW2mBKm3iSSvZi0nW2TEVigHaBULItFRrF9J+d+8aG+ TQ== -----END CERTIFICATE----- |
Modified build/certs/commercial/kps-root-ca.crt from [5d7e615d76] to [b0a7a486e8].
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
-----BEGIN CERTIFICATE----- MIID/jCCAuagAwIBAgIGAUvsEnbkMA0GCSqGSIb3DQEBCwUAMIGsMQswCQYDVQQG EwJVUzERMA8GA1UECBMIVmlyZ2luaWExDzANBgNVBAcTBlJlc3RvbjEgMB4GA1UE ChMXS25pZ2h0UG9pbnQgU3lzdGVtcyBMTEMxFzAVBgNVBAsTDktuaWdodFBvaW50 IElUMRgwFgYDVQQLEw9LbmlnaHRQb2ludCBQS0kxJDAiBgNVBAMTG0tuaWdodFBv aW50IFN5c3RlbXMgUm9vdCBDQTAeFw0xNTAxMDEwMDAwMDBaFw0zNTAxMDEwMDAw MDBaMIGsMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExDzANBgNVBAcT BlJlc3RvbjEgMB4GA1UEChMXS25pZ2h0UG9pbnQgU3lzdGVtcyBMTEMxFzAVBgNV BAsTDktuaWdodFBvaW50IElUMRgwFgYDVQQLEw9LbmlnaHRQb2ludCBQS0kxJDAi BgNVBAMTG0tuaWdodFBvaW50IFN5c3RlbXMgUm9vdCBDQTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMqF1VSV4bYdl5Lq2qtB/KXf/DaNSlTmgjhWAMQT 1eS9UqiDEDvLHdoTpqCo02/dNDmWpb3GRCt8BIuPaLp/v4xaEStS8feGjlDlBVSv vXf4rj7is923okBjjTqz4l25QeDtJAAz4VsNkopo8Fb2wMs8glF5rNnwaQm6PgqN 8/VF4eHM0fUuq8+WxzXdk9Z50pF9/RM4m4Nj7SeFGxwSWBxvRLjYv6z8k2G1PTnE seCeWO3NAcPbxuPcpY8dQDRng22zS3HDW/0+nW1UFLu2UiD0yECWiNPYTah/FKiC dp8+JkOqcbyfdu7sA287AXG43rniXA95HNtwRZh1Do5l1f8CAwEAAaMkMCIwDwYD VR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDB4YAMA0GCSqGSIb3DQEBCwUAA4IB AQAcujWXZ3E3zS/7VSCTp6huc5bwDAncxWtcBjV8O0cJIbbqvYVlCfosI+VqtUAT 9lG2QVRwPTrz171WB0NXRJdIX0r8oemTV+lknE7KauwtoMiGKADxyH5XJuIvchwb ykuPXnBPJ8KAUV5tFDWgjLcrICrBjadywSS6/EBCFzFjFb11Sw4eAhohrEow+keD Dsow+NcpdRm3kwEa5mvdheIixPtemtC8UnB/iKjVlM2O+ihy85xdJLkqp9hZ4gro W5AEzRV6pN8OBTMXCQieQcYMyPvEf0AUpcAqxxOciWQGRbdyF/4DetuFz7fOxAHD 3WRKCbxylVFQV4hzK5dJAJsg -----END CERTIFICATE----- |
| | > > | < < | | | | > |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
-----BEGIN CERTIFICATE----- MIIERjCCAy6gAwIBAgIGAUvsEnbkMA0GCSqGSIb3DQEBCwUAMIGsMQswCQYDVQQG EwJVUzERMA8GA1UECBMIVmlyZ2luaWExDzANBgNVBAcTBlJlc3RvbjEgMB4GA1UE ChMXS25pZ2h0UG9pbnQgU3lzdGVtcyBMTEMxFzAVBgNVBAsTDktuaWdodFBvaW50 IElUMRgwFgYDVQQLEw9LbmlnaHRQb2ludCBQS0kxJDAiBgNVBAMTG0tuaWdodFBv aW50IFN5c3RlbXMgUm9vdCBDQTAeFw0xNTAxMDEwMDAwMDBaFw0zNTAxMDEwMDAw MDBaMIGsMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExDzANBgNVBAcT BlJlc3RvbjEgMB4GA1UEChMXS25pZ2h0UG9pbnQgU3lzdGVtcyBMTEMxFzAVBgNV BAsTDktuaWdodFBvaW50IElUMRgwFgYDVQQLEw9LbmlnaHRQb2ludCBQS0kxJDAi BgNVBAMTG0tuaWdodFBvaW50IFN5c3RlbXMgUm9vdCBDQTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMqF1VSV4bYdl5Lq2qtB/KXf/DaNSlTmgjhWAMQT 1eS9UqiDEDvLHdoTpqCo02/dNDmWpb3GRCt8BIuPaLp/v4xaEStS8feGjlDlBVSv vXf4rj7is923okBjjTqz4l25QeDtJAAz4VsNkopo8Fb2wMs8glF5rNnwaQm6PgqN 8/VF4eHM0fUuq8+WxzXdk9Z50pF9/RM4m4Nj7SeFGxwSWBxvRLjYv6z8k2G1PTnE seCeWO3NAcPbxuPcpY8dQDRng22zS3HDW/0+nW1UFLu2UiD0yECWiNPYTah/FKiC dp8+JkOqcbyfdu7sA287AXG43rniXA95HNtwRZh1Do5l1f8CAwEAAaNsMGowIAYD VR0OAQEABBYEFDmTTPLMOGxfgbcuvy0q4FkzISqeMA8GA1UdEwEB/wQFMAMBAf8w DwYDVR0PAQH/BAUDAweEADAkBgNVHSMBAQAEGjAYoBYEFDmTTPLMOGxfgbcuvy0q 4FkzISqeMA0GCSqGSIb3DQEBCwUAA4IBAQAGn+FTnF6HO8wfQHJG8Ge/6TNflj5t 92i6JOIx8AAy1ZfC5HWZJWjwEa+kIy5upRm0BE/we4WJKwmMDxPZP4jC6cC9BYE2 e6sqTThsTUEVI0e41bKBCF6ErHpRlp4EfHfmTNpiSjqBgNCK7kcyeQF0bPnUHO0Q TPrY5WUpTnRBR2NnQBvmjl0nLBWDU1+2ib5bskZfnBRCPwVYGa393VmpaBDuIozG P0vv2UuLetj5Xa5NDPv5c43s8+Z4pW5EEb2qH0Wfh5/g6qFWVMFVFkk9Jr+qVHf3 ueZlAL7HchQgaA2f+dY53CdnL7kX4Pv79uSHKzynxSIVMP/d0fdwvwKd -----END CERTIFICATE----- |
Modified build/certs/dod/Makefile from [678511107e] to [dcbc2db73e].
1 2 3 4 5 6 7 8 9 10 11 12 |
all: cert-0.crt rel3_dodroot_2048.cac: wget -O "$@.new" http://dodpki.c3pki.chamb.disa.mil/rel3_dodroot_2048.cac mv "$@.new" "$@" cert-%.crt: rel3_dodroot_2048.cac idx=0; \ ( \ openssl pkcs7 -in rel3_dodroot_2048.cac -inform DER -print_certs -text; \ ) | while IFS='' read -r line; do \ if [ -z "$${line}" ]; then \ |
| | > > |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
all: cert-0.crt rel3_dodroot_2048.cac: wget -O Certificates_PKCS7_v4.1_DoD.zip http://iasecontent.disa.mil/pki-pke/Certificates_PKCS7_v4.1_DoD.zip unzip Certificates_PKCS7_v4.1_DoD.zip Certificates_PKCS7_v4.1_DoD/Certificates_PKCS7_v4.1_DoD.der.p7b mv Certificates_PKCS7_v4.1_DoD/Certificates_PKCS7_v4.1_DoD.der.p7b "$@" rm -rf Certificates_PKCS7_v4.1_DoD Certificates_PKCS7_v4.1_DoD.zip cert-%.crt: rel3_dodroot_2048.cac idx=0; \ ( \ openssl pkcs7 -in rel3_dodroot_2048.cac -inform DER -print_certs -text; \ ) | while IFS='' read -r line; do \ if [ -z "$${line}" ]; then \ |
Modified cackey.c from [60fa6fcd12] to [a802283a94].
81 82 83 84 85 86 87 88 89 90 91 92 93 94 .... 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 .... 3153 3154 3155 3156 3157 3158 3159 3160 3161 3162 3163 3164 3165 3166 .... 4186 4187 4188 4189 4190 4191 4192 4193 4194 4195 4196 4197 4198 4199 .... 4999 5000 5001 5002 5003 5004 5005 5006 5007 5008 5009 5010 5011 5012 5013 5014 5015 5016 5017 5018 5019 5020 5021 5022 5023 5024 5025 .... 5299 5300 5301 5302 5303 5304 5305 5306 5307 5308 5309 5310 5311 5312 5313 5314 5315 5316 5317 5318 .... 5367 5368 5369 5370 5371 5372 5373 5374 5375 5376 5377 5378 5379 5380 5381 5382 5383 5384 5385 5386 5387 5388 5389 5390 5391 5392 5393 5394 5395 5396 5397 5398 5399 5400 5401 5402 5403 5404 5405 5406 5407 5408 5409 5410 5411 5412 5413 5414 5415 5416 5417 5418 5419 5420 5421 5422 5423 5424 5425 5426 5427 5428 5429 5430 5431 5432 5433 5434 5435 5436 5437 5438 5439 5440 5441 |
#define GSCIS_INSTR_READ_BINARY 0xB0 #define GSCIS_INSTR_UPDATE_BINARY 0xD6 #define GSCIS_INSTR_SELECT 0xA4 #define GSCIS_INSTR_EXTERNAL_AUTH 0x82 #define GSCIS_INSTR_GET_CHALLENGE 0x84 #define GSCIS_INSTR_INTERNAL_AUTH 0x88 #define GSCIS_INSTR_VERIFY 0x20 #define GSCIS_INSTR_SIGN 0x2A #define GSCIS_INSTR_GET_PROP 0x56 #define GSCIS_INSTR_GET_ACR 0x4C #define GSCIS_INSTR_READ_BUFFER 0x52 #define GSCIS_INSTR_SIGNDECRYPT 0x42 #define GSCIS_PARAM_SELECT_APPLET 0x04 ................................................................................ xmit_buf[xmit_len++] = le; } } /* Begin Smartcard Transaction */ cackey_begin_transaction(slot); if (class == GSCIS_CLASS_ISO7816 && instruction == GSCIS_INSTR_VERIFY && p1 == 0x00) { CACKEY_DEBUG_PRINTF("Sending APDU: <<censored>>"); } else { CACKEY_DEBUG_PRINTBUF("Sending APDU:", xmit_buf, xmit_len); } recv_len = sizeof(recv_buf); scard_xmit_ret = SCardTransmit(slot->pcsc_card, pioSendPci, xmit_buf, xmit_len, NULL, recv_buf, &recv_len); ................................................................................ * * RETURN VALUE * ... * * NOTES * ... * */ static cackey_ret cackey_login(struct cackey_slot *slot, unsigned char *pin, unsigned long pin_len, int *tries_remaining_p) { struct cackey_pcsc_identity *pcsc_identities; unsigned char cac_pin[8] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; unsigned long num_certs; uint16_t response_code; int tries_remaining; ................................................................................ return(identities); } *ids_found = 0; return(NULL); } CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) { CK_C_INITIALIZE_ARGS CK_PTR args; uint32_t idx, highest_slot; int mutex_init_ret; int include_dod_certs; ................................................................................ } CACKEY_DEBUG_PRINTF("Returning CKR_TOKEN_WRITE_PROTECTED (%i)", CKR_TOKEN_WRITE_PROTECTED); return(CKR_TOKEN_WRITE_PROTECTED); } /* We don't support this method. */ CK_DEFINE_FUNCTION(CK_RV, C_SetPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldPinLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewPinLen) { CACKEY_DEBUG_PRINTF("Called."); if (!cackey_initialized) { CACKEY_DEBUG_PRINTF("Error. Not initialized."); return(CKR_CRYPTOKI_NOT_INITIALIZED); } CACKEY_DEBUG_PRINTF("Returning CKR_FUNCTION_NOT_SUPPORTED (%i)", CKR_FUNCTION_NOT_SUPPORTED); return(CKR_FUNCTION_NOT_SUPPORTED); } CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY notify, CK_SESSION_HANDLE_PTR phSession) { unsigned long idx; int mutex_retval; int found_session = 0; ................................................................................ CACKEY_DEBUG_PRINTF("Returning CKR_FUNCTION_NOT_SUPPORTED (%i)", CKR_FUNCTION_NOT_SUPPORTED); return(CKR_FUNCTION_NOT_SUPPORTED); } CK_DEFINE_FUNCTION(CK_RV, _C_LoginMutexArg)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, int lock_mutex) { CK_SLOT_ID slotID; FILE *pinfd; char *pincmd, pinbuf[64], *fgets_ret; int mutex_retval; int tries_remaining; int login_ret; int pclose_ret; CACKEY_DEBUG_PRINTF("Called."); if (!cackey_initialized) { CACKEY_DEBUG_PRINTF("Error. Not initialized."); return(CKR_CRYPTOKI_NOT_INITIALIZED); ................................................................................ if (lock_mutex) { cackey_mutex_unlock(cackey_biglock); } return(CKR_GENERAL_ERROR); } pincmd = cackey_pin_command; if (pincmd != NULL) { CACKEY_DEBUG_PRINTF("CACKEY_PIN_COMMAND = %s", pincmd); if (pPin != NULL) { CACKEY_DEBUG_PRINTF("Protected authentication path in effect and PIN provided !?"); } pinfd = popen(pincmd, "r"); if (pinfd == NULL) { CACKEY_DEBUG_PRINTF("Error. %s: Unable to run", pincmd); if (lock_mutex) { cackey_mutex_unlock(cackey_biglock); } CACKEY_DEBUG_PRINTF("Returning CKR_PIN_INCORRECT (%i)", (int) CKR_PIN_INCORRECT); return(CKR_PIN_INCORRECT); } fgets_ret = fgets(pinbuf, sizeof(pinbuf), pinfd); if (fgets_ret == NULL) { pinbuf[0] = '\0'; } pclose_ret = pclose(pinfd); if (pclose_ret == -1 && errno == ECHILD) { CACKEY_DEBUG_PRINTF("Notice. pclose() indicated it could not get the status of the child, assuming it succeeeded !"); pclose_ret = 0; } if (pclose_ret != 0) { CACKEY_DEBUG_PRINTF("Error. %s: exited with non-zero status of %i", pincmd, pclose_ret); if (lock_mutex) { cackey_mutex_unlock(cackey_biglock); } CACKEY_DEBUG_PRINTF("Returning CKR_PIN_INCORRECT (%i)", (int) CKR_PIN_INCORRECT); return(CKR_PIN_INCORRECT); } if (strlen(pinbuf) < 1) { CACKEY_DEBUG_PRINTF("Error. %s: returned no data", pincmd); if (lock_mutex) { cackey_mutex_unlock(cackey_biglock); } CACKEY_DEBUG_PRINTF("Returning CKR_PIN_INCORRECT (%i)", (int) CKR_PIN_INCORRECT); return(CKR_PIN_INCORRECT); } if (pinbuf[strlen(pinbuf) - 1] == '\n') { pinbuf[strlen(pinbuf) - 1] = '\0'; } pPin = (CK_UTF8CHAR_PTR) pinbuf; ulPinLen = strlen(pinbuf); } login_ret = cackey_login(&cackey_slots[slotID], pPin, ulPinLen, &tries_remaining); if (login_ret != CACKEY_PCSC_S_OK) { if (lock_mutex) { |
> | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > < > > > > > < > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > > > > > > > > > > > > > > > | | < | < < < | < > | > < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < |
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 .... 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 .... 3154 3155 3156 3157 3158 3159 3160 3161 3162 3163 3164 3165 3166 3167 3168 3169 3170 3171 3172 3173 3174 3175 3176 3177 3178 3179 3180 3181 3182 3183 3184 3185 3186 3187 3188 3189 3190 3191 3192 3193 3194 3195 3196 3197 3198 3199 3200 3201 3202 3203 3204 3205 3206 3207 3208 3209 3210 3211 3212 3213 3214 3215 3216 3217 3218 3219 3220 3221 3222 3223 3224 3225 3226 3227 3228 3229 3230 3231 3232 3233 3234 3235 3236 3237 3238 3239 3240 3241 3242 3243 3244 3245 3246 3247 3248 3249 3250 3251 3252 3253 3254 3255 3256 3257 3258 3259 3260 3261 3262 3263 3264 .... 4284 4285 4286 4287 4288 4289 4290 4291 4292 4293 4294 4295 4296 4297 4298 4299 4300 4301 4302 4303 4304 4305 4306 4307 4308 4309 4310 4311 4312 4313 4314 4315 4316 4317 4318 4319 4320 4321 4322 4323 4324 4325 4326 4327 4328 4329 4330 4331 4332 4333 4334 4335 4336 4337 4338 4339 4340 4341 4342 4343 4344 4345 4346 4347 4348 4349 4350 .... 5150 5151 5152 5153 5154 5155 5156 5157 5158 5159 5160 5161 5162 5163 5164 5165 5166 5167 5168 5169 5170 5171 5172 5173 5174 5175 5176 5177 5178 5179 5180 5181 5182 5183 5184 5185 5186 5187 5188 5189 5190 5191 5192 5193 5194 5195 5196 5197 5198 5199 5200 5201 5202 5203 5204 5205 5206 5207 5208 5209 5210 5211 5212 5213 5214 5215 5216 5217 5218 5219 5220 5221 5222 5223 5224 5225 5226 5227 5228 5229 5230 5231 5232 5233 5234 5235 5236 5237 5238 5239 5240 5241 5242 5243 5244 5245 5246 5247 5248 5249 5250 5251 5252 5253 5254 5255 5256 5257 5258 5259 5260 5261 5262 5263 5264 5265 5266 5267 5268 5269 5270 5271 5272 5273 5274 5275 5276 5277 5278 5279 5280 5281 5282 5283 5284 5285 5286 5287 5288 5289 5290 5291 5292 5293 5294 5295 5296 5297 5298 5299 5300 5301 5302 5303 5304 5305 5306 5307 5308 5309 5310 5311 .... 5585 5586 5587 5588 5589 5590 5591 5592 5593 5594 5595 5596 5597 5598 5599 5600 5601 5602 5603 .... 5652 5653 5654 5655 5656 5657 5658 5659 5660 5661 5662 5663 5664 5665 5666 5667 5668 5669 5670 5671 5672 5673 5674 5675 5676 5677 5678 5679 5680 5681 5682 |
#define GSCIS_INSTR_READ_BINARY 0xB0 #define GSCIS_INSTR_UPDATE_BINARY 0xD6 #define GSCIS_INSTR_SELECT 0xA4 #define GSCIS_INSTR_EXTERNAL_AUTH 0x82 #define GSCIS_INSTR_GET_CHALLENGE 0x84 #define GSCIS_INSTR_INTERNAL_AUTH 0x88 #define GSCIS_INSTR_VERIFY 0x20 #define GSCIS_INSTR_CHANGE_REFERENCE 0x24 #define GSCIS_INSTR_SIGN 0x2A #define GSCIS_INSTR_GET_PROP 0x56 #define GSCIS_INSTR_GET_ACR 0x4C #define GSCIS_INSTR_READ_BUFFER 0x52 #define GSCIS_INSTR_SIGNDECRYPT 0x42 #define GSCIS_PARAM_SELECT_APPLET 0x04 ................................................................................ xmit_buf[xmit_len++] = le; } } /* Begin Smartcard Transaction */ cackey_begin_transaction(slot); if (class == GSCIS_CLASS_ISO7816 && (instruction == GSCIS_INSTR_VERIFY || instruction == GSCIS_INSTR_CHANGE_REFERENCE) && p1 == 0x00) { CACKEY_DEBUG_PRINTF("Sending APDU: <<censored>>"); } else { CACKEY_DEBUG_PRINTBUF("Sending APDU:", xmit_buf, xmit_len); } recv_len = sizeof(recv_buf); scard_xmit_ret = SCardTransmit(slot->pcsc_card, pioSendPci, xmit_buf, xmit_len, NULL, recv_buf, &recv_len); ................................................................................ * * RETURN VALUE * ... * * NOTES * ... * */ static cackey_ret cackey_set_pin(struct cackey_slot *slot, unsigned char *old_pin, unsigned long old_pin_len, unsigned char *pin, unsigned long pin_len) { struct cackey_pcsc_identity *pcsc_identities; unsigned char cac_pin[8] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; unsigned char old_cac_pin[8] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; unsigned char pin_update[sizeof(cac_pin) + sizeof(old_cac_pin)]; unsigned long num_certs; uint16_t response_code; int tries_remaining; int send_ret; int key_reference = 0x00; /* Apparently, CAC PINs are *EXACTLY* 8 bytes long -- pad with 0xFF if too short */ if (pin_len >= 8) { memcpy(cac_pin, pin, 8); } else { memcpy(cac_pin, pin, pin_len); } if (old_pin_len >= 8) { memcpy(old_cac_pin, old_pin, 8); } else { memcpy(old_cac_pin, old_pin, old_pin_len); } /* Concatenate both PINs together to send as a single instruction */ memcpy(pin_update, old_cac_pin, sizeof(old_cac_pin)); memcpy(pin_update + sizeof(old_cac_pin), cac_pin, sizeof(cac_pin)); /* Reject PINs which are too short */ if (pin_len < 5) { CACKEY_DEBUG_PRINTF("Rejecting New PIN which is too short (length = %lu, must be atleast 5)", pin_len); return(CACKEY_PCSC_E_BADPIN); } if (old_pin_len < 5) { CACKEY_DEBUG_PRINTF("Rejecting Old PIN which is too short (length = %lu, must be atleast 5)", old_pin_len); return(CACKEY_PCSC_E_BADPIN); } /* PIV authentication uses a "key_reference" of 0x80 */ pcsc_identities = cackey_read_certs(slot, NULL, &num_certs); if (num_certs > 0 && pcsc_identities != NULL) { switch (pcsc_identities[0].id_type) { case CACKEY_ID_TYPE_PIV: CACKEY_DEBUG_PRINTF("We have PIV card, so we will attempt to authenticate using the PIV Application key reference"); key_reference = 0x80; break; default: break; } cackey_free_certs(pcsc_identities, num_certs, 1); } /* Issue a Set PIN (CHANGE REFERENCE) */ send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_CHANGE_REFERENCE, 0x00, key_reference, sizeof(pin_update), pin_update, 0x00, &response_code, NULL, NULL); if (send_ret != CACKEY_PCSC_S_OK) { if ((response_code & 0x63C0) == 0x63C0) { tries_remaining = (response_code & 0xF); CACKEY_DEBUG_PRINTF("PIN Verification failed, %i tries remaining", tries_remaining); return(CACKEY_PCSC_E_BADPIN); } if (response_code == 0x6983) { CACKEY_DEBUG_PRINTF("Unable to set PIN, device is locked or changing the PIN is disabled"); return(CACKEY_PCSC_E_LOCKED); } return(CACKEY_PCSC_E_GENERIC); } CACKEY_DEBUG_PRINTF("PIN Change succeeded"); return(CACKEY_PCSC_S_OK); } /* * SYNPOSIS * ... * * ARGUMENTS * ... * * RETURN VALUE * ... * * NOTES * ... * */ static cackey_ret cackey_login(struct cackey_slot *slot, unsigned char *pin, unsigned long pin_len, int *tries_remaining_p) { struct cackey_pcsc_identity *pcsc_identities; unsigned char cac_pin[8] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; unsigned long num_certs; uint16_t response_code; int tries_remaining; ................................................................................ return(identities); } *ids_found = 0; return(NULL); } static cackey_ret cackey_get_pin(char *pinbuf) { FILE *pinfd; char *fgets_ret; int pclose_ret; if (cackey_pin_command == NULL) { return(CACKEY_PCSC_E_GENERIC); } if (pinbuf == NULL) { return(CACKEY_PCSC_E_GENERIC); } CACKEY_DEBUG_PRINTF("CACKEY_PIN_COMMAND = %s", cackey_pin_command); pinfd = popen(cackey_pin_command, "r"); if (pinfd == NULL) { CACKEY_DEBUG_PRINTF("Error. %s: Unable to run", cackey_pin_command); return(CACKEY_PCSC_E_BADPIN); } fgets_ret = fgets(pinbuf, 32, pinfd); if (fgets_ret == NULL) { pinbuf[0] = '\0'; } pclose_ret = pclose(pinfd); if (pclose_ret == -1 && errno == ECHILD) { CACKEY_DEBUG_PRINTF("Notice. pclose() indicated it could not get the status of the child, assuming it succeeeded !"); pclose_ret = 0; } if (pclose_ret != 0) { CACKEY_DEBUG_PRINTF("Error. %s: exited with non-zero status of %i", cackey_pin_command, pclose_ret); return(CACKEY_PCSC_E_BADPIN); } if (strlen(pinbuf) < 1) { CACKEY_DEBUG_PRINTF("Error. %s: returned no data", cackey_pin_command); return(CACKEY_PCSC_E_BADPIN); } if (pinbuf[strlen(pinbuf) - 1] == '\n') { pinbuf[strlen(pinbuf) - 1] = '\0'; } return(CACKEY_PCSC_S_OK); } CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) { CK_C_INITIALIZE_ARGS CK_PTR args; uint32_t idx, highest_slot; int mutex_init_ret; int include_dod_certs; ................................................................................ } CACKEY_DEBUG_PRINTF("Returning CKR_TOKEN_WRITE_PROTECTED (%i)", CKR_TOKEN_WRITE_PROTECTED); return(CKR_TOKEN_WRITE_PROTECTED); } CK_DEFINE_FUNCTION(CK_RV, C_SetPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldPinLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewPinLen) { char oldpinbuf[64], newpinbuf[64]; cackey_ret set_pin_ret, get_pin_ret; CK_SLOT_ID slotID; int mutex_retval; CACKEY_DEBUG_PRINTF("Called."); if (!cackey_initialized) { CACKEY_DEBUG_PRINTF("Error. Not initialized."); return(CKR_CRYPTOKI_NOT_INITIALIZED); } mutex_retval = cackey_mutex_lock(cackey_biglock); if (mutex_retval != 0) { CACKEY_DEBUG_PRINTF("Error. Locking failed."); return(CKR_GENERAL_ERROR); } if (!cackey_sessions[hSession].active) { cackey_mutex_unlock(cackey_biglock); CACKEY_DEBUG_PRINTF("Error. Session not active."); return(CKR_SESSION_HANDLE_INVALID); } slotID = cackey_sessions[hSession].slotID; if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) { CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID); cackey_mutex_unlock(cackey_biglock); return(CKR_GENERAL_ERROR); } if (cackey_slots[slotID].active == 0) { CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID); cackey_mutex_unlock(cackey_biglock); return(CKR_GENERAL_ERROR); } if (cackey_pin_command != NULL) { /* Get old PIN */ get_pin_ret = cackey_get_pin(oldpinbuf); if (get_pin_ret != CACKEY_PCSC_S_OK) { CACKEY_DEBUG_PRINTF("Error while getting Old PIN, returning CKR_PIN_INCORRECT."); cackey_mutex_unlock(cackey_biglock); return(CKR_PIN_INCORRECT); } pOldPin = (CK_UTF8CHAR_PTR) oldpinbuf; ulOldPinLen = strlen(oldpinbuf); /* Get new PIN */ get_pin_ret = cackey_get_pin(newpinbuf); if (get_pin_ret != CACKEY_PCSC_S_OK) { CACKEY_DEBUG_PRINTF("Error while getting New PIN, returning CKR_PIN_INVALID."); cackey_mutex_unlock(cackey_biglock); return(CKR_PIN_INVALID); } pNewPin = (CK_UTF8CHAR_PTR) newpinbuf; ulNewPinLen = strlen(newpinbuf); } if (pOldPin == NULL) { CACKEY_DEBUG_PRINTF("Old PIN value is wrong (null)."); cackey_mutex_unlock(cackey_biglock); return(CKR_PIN_INCORRECT); } if (ulOldPinLen == 0 || ulOldPinLen > 8) { CACKEY_DEBUG_PRINTF("Old PIN length is wrong: %lu.", (unsigned long) ulOldPinLen); cackey_mutex_unlock(cackey_biglock); return(CKR_PIN_INCORRECT); } if (pNewPin == NULL) { CACKEY_DEBUG_PRINTF("New PIN value is wrong (either NULL, or too long/short)."); cackey_mutex_unlock(cackey_biglock); return(CKR_PIN_INVALID); } if (ulNewPinLen < 5 || ulNewPinLen > 8) { CACKEY_DEBUG_PRINTF("New PIN length is wrong: %lu, must be atleast 5 and no more than 8.", (unsigned long) ulNewPinLen); cackey_mutex_unlock(cackey_biglock); return(CKR_PIN_LEN_RANGE); } set_pin_ret = cackey_set_pin(&cackey_slots[slotID], pOldPin, ulOldPinLen, pNewPin, ulNewPinLen); if (set_pin_ret != CACKEY_PCSC_S_OK) { if (cackey_pin_command == NULL) { cackey_slots[slotID].token_flags |= CKF_LOGIN_REQUIRED; } if (set_pin_ret == CACKEY_PCSC_E_LOCKED) { cackey_slots[slotID].token_flags |= CKF_USER_PIN_LOCKED; } } mutex_retval = cackey_mutex_unlock(cackey_biglock); if (mutex_retval != 0) { CACKEY_DEBUG_PRINTF("Error. Unlocking failed."); return(CKR_GENERAL_ERROR); } switch (set_pin_ret) { case CACKEY_PCSC_S_OK: CACKEY_DEBUG_PRINTF("Successfully set PIN."); return(CKR_OK); case CACKEY_PCSC_E_BADPIN: CACKEY_DEBUG_PRINTF("PIN was invalid."); return(CKR_PIN_INVALID); case CACKEY_PCSC_E_LOCKED: CACKEY_DEBUG_PRINTF("Token is locked or this change is not permitted."); return(CKR_PIN_LOCKED); default: CACKEY_DEBUG_PRINTF("Something else went wrong changing the PIN: %i", set_pin_ret); return(CKR_GENERAL_ERROR); } return(CKR_GENERAL_ERROR); } CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY notify, CK_SESSION_HANDLE_PTR phSession) { unsigned long idx; int mutex_retval; int found_session = 0; ................................................................................ CACKEY_DEBUG_PRINTF("Returning CKR_FUNCTION_NOT_SUPPORTED (%i)", CKR_FUNCTION_NOT_SUPPORTED); return(CKR_FUNCTION_NOT_SUPPORTED); } CK_DEFINE_FUNCTION(CK_RV, _C_LoginMutexArg)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, int lock_mutex) { CK_SLOT_ID slotID; cackey_ret get_pin_ret; char pinbuf[64]; int mutex_retval; int tries_remaining; int login_ret; CACKEY_DEBUG_PRINTF("Called."); if (!cackey_initialized) { CACKEY_DEBUG_PRINTF("Error. Not initialized."); return(CKR_CRYPTOKI_NOT_INITIALIZED); ................................................................................ if (lock_mutex) { cackey_mutex_unlock(cackey_biglock); } return(CKR_GENERAL_ERROR); } if (cackey_pin_command != NULL) { if (pPin != NULL) { CACKEY_DEBUG_PRINTF("Protected authentication path in effect and PIN provided !?"); } get_pin_ret = cackey_get_pin(pinbuf); if (get_pin_ret != CACKEY_PCSC_S_OK) { CACKEY_DEBUG_PRINTF("cackey_get_pin() returned in failure, assuming the PIN was incorrect."); if (lock_mutex) { cackey_mutex_unlock(cackey_biglock); } return(CKR_PIN_INCORRECT); } pPin = (CK_UTF8CHAR_PTR) pinbuf; ulPinLen = strlen(pinbuf); } login_ret = cackey_login(&cackey_slots[slotID], pPin, ulPinLen, &tries_remaining); if (login_ret != CACKEY_PCSC_S_OK) { if (lock_mutex) { |
Modified cackey_builtin_certs.h from [9c64b878c6] to [cffe24d77b].
cannot compute difference between binary files
Modified configure.ac from [76a04092ae] to [60c4628f66].
1 2 3 4 5 6 7 8 |
AC_INIT(cackey, 0.7.1)
AC_CONFIG_HEADERS(config.h)
dnl Locate standard tools
AC_PROG_CC
AC_PROG_MAKE_SET
AC_PROG_INSTALL
AC_AIX
|
| |
1 2 3 4 5 6 7 8 |
AC_INIT(cackey, 0.7.3)
AC_CONFIG_HEADERS(config.h)
dnl Locate standard tools
AC_PROG_CC
AC_PROG_MAKE_SET
AC_PROG_INSTALL
AC_AIX
|