Check-in [40726d3b6c]
Overview
Comment:Removed unused variables

Began work towards talking to the smartcard through PC/SC

Began work on a GSC-IS v2.1 SPM implementation

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 40726d3b6c5518c28b72f68b87454028cd3f5897
User & Date: rkeene on 2010-05-11 16:49:46
Other Links: manifest | tags
Context
2010-05-12
14:52
Added test driver (from libssh-agent-pkcs11-provider)

Added basic ASN.1 X.509 BER decoder (from libssh-agent-pkcs11-provider)

Work towards updating CACKey to talk to CAC using PC/SC check-in: a3d727289c user: rkeene tags: trunk

2010-05-11
16:49
Removed unused variables

Began work towards talking to the smartcard through PC/SC

Began work on a GSC-IS v2.1 SPM implementation check-in: 40726d3b6c user: rkeene tags: trunk

2010-05-04
19:04
Copied SSH Agent PKCS11 Provider to CACKey for use as a base check-in: 074f157a6a user: rkeene tags: trunk
Changes

Modified Makefile.in from [3fb5f04961] to [af3c88d20b].

1
2
3
4
5
6
7
8
9
10
11
12
CC = @PTHREAD_CC@
CFLAGS = @CFLAGS@ @PTHREAD_CFLAGS@
DEBUGCFLAGS = @CFLAGS@ @PTHREAD_CFLAGS@
CPPFLAGS = @CPPFLAGS@ @DEFS@ -I./pkcs11/
DEBUGCPPFLAGS = @CPPFLAGS@ @DEFS@
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@ @PTHREAD_LIBS@
SHOBJFLAGS = @SHOBJFLAGS@
SHOBJLDFLAGS = @SHOBJLDFLAGS@
AR = @AR@
RANLIB = @RANLIB@
prefix = @prefix@


|

|







1
2
3
4
5
6
7
8
9
10
11
12
CC = @PTHREAD_CC@
CFLAGS = @CFLAGS@ @PTHREAD_CFLAGS@
DEBUGCFLAGS = @CFLAGS@ @PTHREAD_CFLAGS@ -DCACKEY_DEBUG=1
CPPFLAGS = @CPPFLAGS@ @DEFS@ -I./pkcs11/
DEBUGCPPFLAGS = @CPPFLAGS@ -DCACKEY_DEBUG=1 -I./pkcs11/ @DEFS@
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@ @PTHREAD_LIBS@
SHOBJFLAGS = @SHOBJFLAGS@
SHOBJLDFLAGS = @SHOBJLDFLAGS@
AR = @AR@
RANLIB = @RANLIB@
prefix = @prefix@

Modified aclocal/dc_pcscheaders.m4 from [253ee75c46] to [0105515e9a].

1
2
3
4
5
6
7
8
9
10
11
12
13

14
15
16
17









18
19
20
21
22
23
24
25
26
27
28
29
30
31




32


















AC_DEFUN(DC_PCSC_HEADERS, [
	SAVE_CFLAGS="${CFLAGS}"
	SAVE_CPPFLAGS="${CPPFLAGS}"
	ADD_CFLAGS=""
	ADD_CPPFLAGS=""

	for headerpath in /usr/include /usr/local/include /usr/cac/include; do
		for subdir in smartcard PCSC pcsc pcsclite ""; do
			headerdir="${headerpath}/${subdir}"
			CFLAGS="${SAVE_CFLAGS} -I${headerdir}"
			CPPFLAGS="${SAVE_CPPFLAGS} -I${headerdir}"

			unset ac_cv_header_pcsclite_h


			AC_CHECK_HEADER(pcsclite.h, [
				AC_DEFINE(HAVE_PCSCLITE_H, [1], [Define if you have the PCSC-Lite header file (you should)])










				ADD_CFLAGS=" -I${headerdir}"
				ADD_CPPFLAGS=" -I${headerdir}"

				break
			])
		done

		if test -n "${ADD_CFLAGS}" -o -n "${ADD_CPPFLAGS}"; then
			break
		fi
	done

	CFLAGS="${SAVE_CFLAGS}${ADD_CFLAGS}"
	CPPFLAGS="${SAVE_CPPFLAGS}${ADD_CPPFLAGS}"




])































>




>
>
>
>
>
>
>
>
>














>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
AC_DEFUN(DC_PCSC_HEADERS, [
	SAVE_CFLAGS="${CFLAGS}"
	SAVE_CPPFLAGS="${CPPFLAGS}"
	ADD_CFLAGS=""
	ADD_CPPFLAGS=""

	for headerpath in /usr/include /usr/local/include /usr/cac/include; do
		for subdir in smartcard PCSC pcsc pcsclite ""; do
			headerdir="${headerpath}/${subdir}"
			CFLAGS="${SAVE_CFLAGS} -I${headerdir}"
			CPPFLAGS="${SAVE_CPPFLAGS} -I${headerdir}"

			unset ac_cv_header_pcsclite_h
			unset ac_cv_header_winscard_h

			AC_CHECK_HEADER(pcsclite.h, [
				AC_DEFINE(HAVE_PCSCLITE_H, [1], [Define if you have the PCSC-Lite header file (you should)])

				ADD_CFLAGS=" -I${headerdir}"
				ADD_CPPFLAGS=" -I${headerdir}"

				break
			])

			AC_CHECK_HEADER(winscard.h, [
				AC_DEFINE(HAVE_WINSCARD_H, [1], [Define if you have the PCSC-Lite header file (you should)])

				ADD_CFLAGS=" -I${headerdir}"
				ADD_CPPFLAGS=" -I${headerdir}"

				break
			])
		done

		if test -n "${ADD_CFLAGS}" -o -n "${ADD_CPPFLAGS}"; then
			break
		fi
	done

	CFLAGS="${SAVE_CFLAGS}${ADD_CFLAGS}"
	CPPFLAGS="${SAVE_CPPFLAGS}${ADD_CPPFLAGS}"

	unset ac_cv_header_winscard_h
	AC_CHECK_HEADER(winscard.h, [
		AC_DEFINE(HAVE_WINSCARD_H, [1], [Define if you have the PCSC-Lite header file (you should)])
	])
])

AC_DEFUN(DC_PCSC_LIBS, [
	for lib in pcsclite pcsc-lite pcsc; do
		AC_CHECK_LIB(${lib}, SCardEstablishContext, [
			LIBS="${LIBS} -l${lib}"

			break
		])
	done

	AC_CHECK_FUNCS(SCardIsValidContext)
])

AC_DEFUN(DC_PCSC, [
	DC_PCSC_HEADERS
	DC_PCSC_LIBS
])

Modified cackey.c from [f34f4e9e63] to [efb7accc6b].

1
2
3
4
5
6
7



8
9
10
11
12
13
14
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#ifdef HAVE_PCSCLITE_H
#  include <pcsclite.h>
#endif



#ifdef HAVE_STDINT_H
#  include <stdint.h>
#endif
#ifdef HAVE_INTTYPES_H
#  include <inttypes.h>
#endif
#ifdef HAVE_STDLIB_H







>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#ifdef HAVE_PCSCLITE_H
#  include <pcsclite.h>
#endif
#ifdef HAVE_WINSCARD_H
#  include <winscard.h>
#endif
#ifdef HAVE_STDINT_H
#  include <stdint.h>
#endif
#ifdef HAVE_INTTYPES_H
#  include <inttypes.h>
#endif
#ifdef HAVE_STDLIB_H
127
128
129
130
131
132
133

134
135
136
137
138
139



140
141
142
143
144
145
146

	int decrypt_active;
	CK_MECHANISM_TYPE decrypt_mechanism;
	CK_VOID_PTR decrypt_mech_parm;
	CK_ULONG decrypt_mech_parmlen;
};


static void *cackey_biglock = NULL;
static struct cackey_session cackey_sessions[8];
static int cackey_initialized = 0;
static int cackey_biglock_init = 0;
CK_C_INITIALIZE_ARGS cackey_args;




static unsigned long cackey_getversion(void) {
	static unsigned long retval = 255;
	unsigned long major = 0;
	unsigned long minor = 0;
	char *major_str = NULL;
	char *minor_str = NULL;








>

|




>
>
>







130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

	int decrypt_active;
	CK_MECHANISM_TYPE decrypt_mechanism;
	CK_VOID_PTR decrypt_mech_parm;
	CK_ULONG decrypt_mech_parmlen;
};

/* CACKEY Global Handles */
static void *cackey_biglock = NULL;
static struct cackey_session cackey_sessions[128];
static int cackey_initialized = 0;
static int cackey_biglock_init = 0;
CK_C_INITIALIZE_ARGS cackey_args;

/* PCSC Global Handles */
static LPSCARDCONTEXT cackey_pcsc_handle = NULL;

static unsigned long cackey_getversion(void) {
	static unsigned long retval = 255;
	unsigned long major = 0;
	unsigned long minor = 0;
	char *major_str = NULL;
	char *minor_str = NULL;

167
168
169
170
171
172
173


















































174
175
176
177
178
179
180
	retval = (major << 16) | (minor << 8);
#endif

	CACKEY_DEBUG_PRINTF("Returning 0x%lx", retval);

	return(retval);
}



















































/* Returns 0 on success */
static int cackey_mutex_create(void **mutex) {
	pthread_mutex_t *pthread_mutex;
	int pthread_retval;
	CK_RV custom_retval;








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
	retval = (major << 16) | (minor << 8);
#endif

	CACKEY_DEBUG_PRINTF("Returning 0x%lx", retval);

	return(retval);
}

/* APDU Related Functions */
static int cackey_send_apdu(unsigned char class, unsigned char instruction, unsigned char p1, unsigned char p2, unsigned char lc, unsigned char *data, unsigned char *resp, unsigned char resplen) {
	LONG scard_est_context_ret;
#ifdef HAVE_SCARDISVALIDCONTEXT
	LONG scard_isvalid_ret;
#endif

	CACKEY_DEBUG_PRINTF("Called.");

	if (cackey_pcsc_handle == NULL) {
		cackey_pcsc_handle = malloc(sizeof(*cackey_pcsc_handle));
		if (cackey_pcsc_handle == NULL) {
			CACKEY_DEBUG_PRINTF("Call to malloc() failed, returning in failure");

			return(-1);
		}

		scard_est_context_ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, cackey_pcsc_handle);
		if (scard_est_context_ret != SCARD_S_SUCCESS) {
			CACKEY_DEBUG_PRINTF("Call to SCardEstablishContext failed (returned %li), returning in failure", (long) scard_est_context_ret);

			free(cackey_pcsc_handle);

			return(-1);
		}
	}

#ifdef HAVE_SCARDISVALIDCONTEXT
	scard_isvalid_ret = SCardIsValidContext(*cackey_pcsc_handle);
	if (scard_isvalid_ret != SCARD_S_SUCCESS) {
		CACKEY_DEBUG_PRINTF("Handle has become invalid, trying to re-establish...");

		scard_est_context_ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, cackey_pcsc_handle);
		if (scard_est_context_ret != SCARD_S_SUCCESS) {
			CACKEY_DEBUG_PRINTF("Call to SCardEstablishContext failed (returned %li), returning in failure", (long) scard_est_context_ret);

			free(cackey_pcsc_handle);

			return(-1);
		}

		CACKEY_DEBUG_PRINTF("Handle has been re-established");
	}
#endif

	/* Connect to a reader, if needed */

	/* Transmit */
}

/* Returns 0 on success */
static int cackey_mutex_create(void **mutex) {
	pthread_mutex_t *pthread_mutex;
	int pthread_retval;
	CK_RV custom_retval;

290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
	CK_VOID_PTR pValue;
	CK_ULONG ulValueLen;
	CK_OBJECT_CLASS ck_object_class;
	CK_CERTIFICATE_TYPE ck_certificate_type;
	CK_KEY_TYPE ck_key_type;
	CK_UTF8CHAR ucTmpBuf[1024];
	unsigned char certificate[16384];
	ssize_t getcert_ret, certificate_len = -1, x509_read_ret;
	int fd;
	int pValue_free;

	CACKEY_DEBUG_PRINTF("Called (objectClass = %lu, identity_num = %lu).", (unsigned long) objectclass, identity_num);

	if (objectclass != CKO_CERTIFICATE && objectclass != CKO_PUBLIC_KEY && objectclass != CKO_PRIVATE_KEY) {
		CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), invalid object class");








|
<







347
348
349
350
351
352
353
354

355
356
357
358
359
360
361
	CK_VOID_PTR pValue;
	CK_ULONG ulValueLen;
	CK_OBJECT_CLASS ck_object_class;
	CK_CERTIFICATE_TYPE ck_certificate_type;
	CK_KEY_TYPE ck_key_type;
	CK_UTF8CHAR ucTmpBuf[1024];
	unsigned char certificate[16384];
	ssize_t certificate_len = -1, x509_read_ret;

	int pValue_free;

	CACKEY_DEBUG_PRINTF("Called (objectClass = %lu, identity_num = %lu).", (unsigned long) objectclass, identity_num);

	if (objectclass != CKO_CERTIFICATE && objectclass != CKO_PUBLIC_KEY && objectclass != CKO_PRIVATE_KEY) {
		CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), invalid object class");

695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);

	return(CKR_OK);
}

CK_DEFINE_FUNCTION(CK_RV, C_GetInfo)(CK_INFO_PTR pInfo) {
	static CK_UTF8CHAR manufacturerID[] = "U.S. Government";
	static CK_UTF8CHAR libraryDescription[] = "SSH Agent PKCS#11";

	CACKEY_DEBUG_PRINTF("Called.");

	if (pInfo == NULL) {
		CACKEY_DEBUG_PRINTF("Error. pInfo is NULL.");

		return(CKR_ARGUMENTS_BAD);







|







751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);

	return(CKR_OK);
}

CK_DEFINE_FUNCTION(CK_RV, C_GetInfo)(CK_INFO_PTR pInfo) {
	static CK_UTF8CHAR manufacturerID[] = "U.S. Government";
	static CK_UTF8CHAR libraryDescription[] = "CACKey";

	CACKEY_DEBUG_PRINTF("Called.");

	if (pInfo == NULL) {
		CACKEY_DEBUG_PRINTF("Error. pInfo is NULL.");

		return(CKR_ARGUMENTS_BAD);
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747

	return(CKR_OK);
}

/* We only support 1 slot.  If the slot exists, the token exists. */
CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
	CK_ULONG count, slot_present = 0, currslot;
	int fd;

	CACKEY_DEBUG_PRINTF("Called.");

	if (pulCount == NULL) {
		CACKEY_DEBUG_PRINTF("Error. pulCount is NULL.");

		return(CKR_ARGUMENTS_BAD);







<







789
790
791
792
793
794
795

796
797
798
799
800
801
802

	return(CKR_OK);
}

/* We only support 1 slot.  If the slot exists, the token exists. */
CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
	CK_ULONG count, slot_present = 0, currslot;


	CACKEY_DEBUG_PRINTF("Called.");

	if (pulCount == NULL) {
		CACKEY_DEBUG_PRINTF("Error. pulCount is NULL.");

		return(CKR_ARGUMENTS_BAD);
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
	return(CKR_OK);

	tokenPresent = tokenPresent; /* Supress unused variable warning */
}

CK_DEFINE_FUNCTION(CK_RV, C_GetSlotInfo)(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
	static CK_UTF8CHAR manufacturerID[] = "U.S. Government";
	static CK_UTF8CHAR slotDescription[] = "SSH Agent Slot";

	CACKEY_DEBUG_PRINTF("Called.");

	if (pInfo == NULL) {
		CACKEY_DEBUG_PRINTF("Error. pInfo is NULL.");

		return(CKR_ARGUMENTS_BAD);







|







836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
	return(CKR_OK);

	tokenPresent = tokenPresent; /* Supress unused variable warning */
}

CK_DEFINE_FUNCTION(CK_RV, C_GetSlotInfo)(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
	static CK_UTF8CHAR manufacturerID[] = "U.S. Government";
	static CK_UTF8CHAR slotDescription[] = "CACKey Slot";

	CACKEY_DEBUG_PRINTF("Called.");

	if (pInfo == NULL) {
		CACKEY_DEBUG_PRINTF("Error. pInfo is NULL.");

		return(CKR_ARGUMENTS_BAD);
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841

	return(CKR_OK);
}

CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) {
	static CK_UTF8CHAR manufacturerID[] = "U.S. Government";
	static CK_UTF8CHAR defaultLabel[] = "Unknown Token";
	static CK_UTF8CHAR model[] = "SSH Agent Token";
	int fd, bytestocopy;

	CACKEY_DEBUG_PRINTF("Called.");

	if (pInfo == NULL) {
		CACKEY_DEBUG_PRINTF("Error. pInfo is NULL.");

		return(CKR_ARGUMENTS_BAD);







|
<







881
882
883
884
885
886
887
888

889
890
891
892
893
894
895

	return(CKR_OK);
}

CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) {
	static CK_UTF8CHAR manufacturerID[] = "U.S. Government";
	static CK_UTF8CHAR defaultLabel[] = "Unknown Token";
	static CK_UTF8CHAR model[] = "CAC Token";


	CACKEY_DEBUG_PRINTF("Called.");

	if (pInfo == NULL) {
		CACKEY_DEBUG_PRINTF("Error. pInfo is NULL.");

		return(CKR_ARGUMENTS_BAD);
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");

		return(CKR_CRYPTOKI_NOT_INITIALIZED);
	}

	/* XXX: Verify connection is valid */
	if (0) {
		CACKEY_DEBUG_PRINTF("Error. Tried to connect to slot, but failed.  fd = %i", fd);

		return(CKR_SLOT_ID_INVALID);
	}

	/* XXX: Get list of identities */
	if (0) {
		CACKEY_DEBUG_PRINTF("Error. No identities found in slot.");







|







906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");

		return(CKR_CRYPTOKI_NOT_INITIALIZED);
	}

	/* XXX: Verify connection is valid */
	if (0) {
		CACKEY_DEBUG_PRINTF("Error. Tried to connect to slot, but failed.");

		return(CKR_SLOT_ID_INVALID);
	}

	/* XXX: Get list of identities */
	if (0) {
		CACKEY_DEBUG_PRINTF("Error. No identities found in slot.");
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
	CACKEY_DEBUG_PRINTF("Returning CKR_FUNCTION_NOT_SUPPORTED (%i)", CKR_FUNCTION_NOT_SUPPORTED);

	return(CKR_FUNCTION_NOT_SUPPORTED);
}

CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY notify, CK_SESSION_HANDLE_PTR phSession) {
	struct cackey_identity *identities;
	unsigned long idx, num_ids, id_idx, curr_id_type, curr_ssh_id_idx;
	CK_BYTE sigbuf[1024];
	ssize_t sigbuflen;
	int mutex_retval;
	int found_session = 0;
	int fd;

	CACKEY_DEBUG_PRINTF("Called.");

	if (slotID != 0) {
		/* We only support one slot -- slot 0 */
		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), only one slot available: 0", slotID);








|




<







1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120

1121
1122
1123
1124
1125
1126
1127
	CACKEY_DEBUG_PRINTF("Returning CKR_FUNCTION_NOT_SUPPORTED (%i)", CKR_FUNCTION_NOT_SUPPORTED);

	return(CKR_FUNCTION_NOT_SUPPORTED);
}

CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY notify, CK_SESSION_HANDLE_PTR phSession) {
	struct cackey_identity *identities;
	unsigned long idx, num_ids, id_idx, curr_id_type;
	CK_BYTE sigbuf[1024];
	ssize_t sigbuflen;
	int mutex_retval;
	int found_session = 0;


	CACKEY_DEBUG_PRINTF("Called.");

	if (slotID != 0) {
		/* We only support one slot -- slot 0 */
		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), only one slot available: 0", slotID);

2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
}

CK_DEFINE_FUNCTION(CK_RV, C_DecryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen) {
	static CK_BYTE buf[16384];
	ssize_t buflen;
	CK_RV retval = CKR_GENERAL_ERROR;
	int mutex_retval;
	int fd;

	CACKEY_DEBUG_PRINTF("Called.");

	if (!cackey_initialized) {
		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");

		return(CKR_CRYPTOKI_NOT_INITIALIZED);







<







2177
2178
2179
2180
2181
2182
2183

2184
2185
2186
2187
2188
2189
2190
}

CK_DEFINE_FUNCTION(CK_RV, C_DecryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen) {
	static CK_BYTE buf[16384];
	ssize_t buflen;
	CK_RV retval = CKR_GENERAL_ERROR;
	int mutex_retval;


	CACKEY_DEBUG_PRINTF("Called.");

	if (!cackey_initialized) {
		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");

		return(CKR_CRYPTOKI_NOT_INITIALIZED);
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591

CK_DEFINE_FUNCTION(CK_RV, C_SignFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) {
	static CK_BYTE sigbuf[1024];
	ssize_t sigbuflen;
	CK_RV retval = CKR_GENERAL_ERROR;
	int terminate_sign = 1;
	int mutex_retval;
	int fd;

	CACKEY_DEBUG_PRINTF("Called.");

	if (!cackey_initialized) {
		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");

		return(CKR_CRYPTOKI_NOT_INITIALIZED);







<







2629
2630
2631
2632
2633
2634
2635

2636
2637
2638
2639
2640
2641
2642

CK_DEFINE_FUNCTION(CK_RV, C_SignFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) {
	static CK_BYTE sigbuf[1024];
	ssize_t sigbuflen;
	CK_RV retval = CKR_GENERAL_ERROR;
	int terminate_sign = 1;
	int mutex_retval;


	CACKEY_DEBUG_PRINTF("Called.");

	if (!cackey_initialized) {
		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");

		return(CKR_CRYPTOKI_NOT_INITIALIZED);

Added cackey_spm.c version [2a7170f089].



































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
/*
 * GSC-IS (v2.1) Service Call Level Service Provider Module for PC/SC Lite and
 * DoD CAC/CACv2/PIV/PIVv2 Cards
 */

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include "cackey_spm.h"

#ifdef HAVE_STDIO_H
#  include <stdio.h>
#endif
#ifdef HAVE_STDLIB_H
#  include <stdlib.h>
#endif

unsigned long gscBsiUtilAcquireContext(unsigned long hCard, unsigned char *AID, struct BSIAuthenticator strctAuthenticator[], unsigned long authNb) {
}

unsigned long gscBsiUtilConnect(unsigned char *readerName, unsigned long *hCard) {
}

unsigned long gscBsiUtilDisconnect(unsigned long hCard) {
}

unsigned long gscBsiUtilBeginTransaction(unsigned long hCard, _Bool blType) {
}

unsigned long gscBsiUtilEndTransaction(unsigned long hCard) {
}

unsigned long gscBsiUtilGetVersion(unsigned char **version) {
	int sprintf_ret;

	if (version == NULL) {
		return(BSI_UNKNOWN_ERROR);
	}

	if (*version == NULL) {
		sprintf_ret = sprintf(NULL, "2,1,0,%s", PACKAGE_VERSION);

		if (sprintf_ret <= 0) {
			return(BSI_UNKNOWN_ERROR);
		}

		*version = malloc(sprintf_ret + 1);
	}

	/* Hopefully their buffer is large enough ... */
	sprintf(*version, "2,1,0,%s", PACKAGE_VERSION);

	return(BSI_OK);
}

unsigned long gscBsiUtilGetCardProperties(unsigned long hCard, unsigned char **CCCUniqueID, unsigned long *cardCapability) {
}

unsigned long gscBsiUtilGetCardStatus(unsigned long hCard) {
}

unsigned long gscBsiUtilGetExtendedErrorText(unsigned long hCard, unsigned char **errorText) {
	if (errorText == NULL) {
		return(BSI_UNKNOWN_ERROR);
	}

	*errorText = NULL;

	return(BSI_NO_TEXT_AVAILABLE);
}

unsigned long gscBsiUtilGetReaderList(unsigned char ***readerList) {
}

unsigned long gscBsiUtilPassthru(unsigned long hCard, unsigned char *cardCommand, unsigned char **cardResponse) {
}

unsigned long gscBsiUtilReleaseContext(unsigned long hCard, unsigned char *AID) {
}

unsigned long gscBsiGcDataCreate(unsigned long hCard, unsigned char *AID, unsigned char tag, unsigned char *value) {
}

unsigned long gscBsiGcDataDelete(unsigned long hCard, unsigned char *AID, unsigned char tag) {
}

unsigned long gscBsiGcGetContainerProperties(unsigned long hCard, unsigned char *AID, struct GCacr *strctGCacr, struct GCContainerSize *strctContainerSizes, unsigned char **containerVersion) {
}

unsigned long gscBsiGcReadTagList(unsigned long hCard, unsigned char *AID, unsigned char **tagArray) {
}

unsigned long gscBsiGcReadValue(unsigned long hCard, unsigned char *AID, unsigned char tag, unsigned char **value) {
}

unsigned long gscBsiGcUpdateValue(unsigned long hCard, unsigned char *AID, unsigned char tag, unsigned char *value) {
}

unsigned long gscBsiGetChallenge(unsigned long hCard, unsigned char *AID, unsigned char **challenge) {
}

unsigned long gscBsiSkiInternalAuthenticate(unsigned long hCard, unsigned char *AID, unsigned char algoID, unsigned char *challenge, unsigned char **cryptogram) {
}

unsigned long gscBsiPkiCompute(unsigned long hCard, unsigned char *AID, unsigned char algoID, unsigned char *message, unsigned char **result) {
}

unsigned long gscBsiPkiGetCertificate(unsigned long hCard, unsigned char *AID, unsigned char **Certificate) {
}

unsigned long gscBsiGetCryptoProperties(unsigned long hCard, unsigned char *AID, struct CRYPTOacr *strctCRYPTOacr, unsigned long *keyLen) {
}

Added cackey_spm.h version [8f907a66a1].















































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
/*
 * GSC-IS (v2.1) Service Call Level Service Provider Module for PC/SC Lite and
 * DoD CAC/CACv2/PIV/PIVv2 Cards
 */

/* Access ... ? */
#define BSI_AM_XAUTH                 0x02
#define BSI_AM_SECURE_CHANNEL_GP     0x04
#define BSI_AM_PIN                   0x06
#define BSI_AM_SECURE_CHANNEL_ISO    0x0B

/* Access Control Rules */
#define BSI_ACR_ALWYS                0x00
#define BSI_ACR_NEVER                0x01
#define BSI_ACR_XAUTH                0x02
#define BSI_ACR_XAUTH_OR_PIN         0x03
#define BSI_SECURE_CHANNEL_GP        0x04 /* typo in spec? */
#define BSI_ACR_SECURE_CHANNEL_GP    0x04
#define BSI_ACR_PIN_ALWAYS           0x05
#define BSI_ACR_PIN                  0x06
#define BSI_ACR_XAUTH_THEN_PIN       0x07
#define BSI_ACR_UPDATE_ONCE          0x08
#define BSI_ACR_PIN_THEN_XAUTH       0x09
#define BSI_SECURE_CHANNEL_ISO       0x0B /* typo in spec? */
#define BSI_ACR_SECURE_CHANNEL_ISO   0x0B
#define BSI_ACR_XAUTH_AND_PIN        0x0C

/* Algorithms */
#define BSI_CKM_DES3_ECB             0x81
#define BSI_CKM_DES3_CBC             0x82
#define BSI_CKM_RSA_NO_PAD           0xA3

/* Return Codes */
#define BSI_OK                       0x00
#define BSI_ACCESS_DENIED            0x01
#define BSI_ACR_NOT_AVAILABLE        0x02
#define BSI_BAD_AID                  0x03
#define BSI_BAD_ALGO_ID              0x04
#define BSI_BAD_AUTH                 0x05
#define BSI_BAD_HANDLE               0x06
#define BSI_BAD_PARAM                0x07
#define BSI_BAD_TAG                  0x08
#define BSI_CARD_ABSENT              0x09
#define BSI_CARD_REMOVED             0x0A
#define BSI_NO_SPSSERVICE            0x0B
#define BSI_IO_ERROR                 0x0C
#define BSI_INSUFFICIENT_BUFFER      0x0E
#define BSI_NO_CARDSERVICE           0x0F
#define BSI_NO_MORE_SPACE            0x10
#define BSI_PIN_BLOCKED              0x11
#define BSI_TAG_EXISTS               0x13
#define BSI_TIMEOUT_ERROR            0x14
#define BSI_TERMINAL_AUTH            0x15
#define BSI_NO_TEXT_AVAILABLE        0x16
#define BSI_UNKNOWN_ERROR            0x17
#define BSI_UNKNOWN_READER           0x18
#define BSI_SC_LOCKED                0x19
#define BSI_NOT_TRANSACTED           0x20

#define MaxNbAM 50

struct BSIAcr {
	unsigned long ACRType;
	unsigned long keyIDOrReference[MaxNbAM];
	unsigned long AuthNb;
	unsigned long ACRID;
};

struct GCacr {
	struct BSIAcr createACR;
	struct BSIAcr deleteACR;
	struct BSIAcr readTagListACR;
	struct BSIAcr readValueACR;
	struct BSIAcr updateValueACR;
};

struct GCContainerSize {
	unsigned long maxNbDataItems;
	unsigned long maxValueStorageSize;
	
};

struct CRYPTOacr {
	struct BSIAcr getChallengeACR;
	struct BSIAcr internalAuthenticateACR;
	struct BSIAcr pkiComputeACR;
	struct BSIAcr createACR;
	struct BSIAcr deleteACR;
	struct BSIAcr readTagListACR;
	struct BSIAcr readValueACR;
	struct BSIAcr updateValueACR;
};

struct BSIAuthenticator {
};

unsigned long gscBsiUtilAcquireContext(unsigned long hCard, unsigned char *AID, struct BSIAuthenticator strctAuthenticator[], unsigned long authNb);
unsigned long gscBsiUtilConnect(unsigned char *readerName, unsigned long *hCard);
unsigned long gscBsiUtilDisconnect(unsigned long hCard);
unsigned long gscBsiUtilBeginTransaction(unsigned long hCard, _Bool blType);
unsigned long gscBsiUtilEndTransaction(unsigned long hCard);
unsigned long gscBsiUtilGetVersion(unsigned char **version);
unsigned long gscBsiUtilGetCardProperties(unsigned long hCard, unsigned char **CCCUniqueID, unsigned long *cardCapability);
unsigned long gscBsiUtilGetCardStatus(unsigned long hCard);
unsigned long gscBsiUtilGetExtendedErrorText(unsigned long hCard, unsigned char **errorText);
unsigned long gscBsiUtilGetReaderList(unsigned char ***readerList);
unsigned long gscBsiUtilPassthru(unsigned long hCard, unsigned char *cardCommand, unsigned char **cardResponse);
unsigned long gscBsiUtilReleaseContext(unsigned long hCard, unsigned char *AID);
unsigned long gscBsiGcDataCreate(unsigned long hCard, unsigned char *AID, unsigned char tag, unsigned char *value);
unsigned long gscBsiGcDataDelete(unsigned long hCard, unsigned char *AID, unsigned char tag);
unsigned long gscBsiGcGetContainerProperties(unsigned long hCard, unsigned char *AID, struct GCacr *strctGCacr, struct GCContainerSize *strctContainerSizes, unsigned char **containerVersion);
unsigned long gscBsiGcReadTagList(unsigned long hCard, unsigned char *AID, unsigned char **tagArray);
unsigned long gscBsiGcReadValue(unsigned long hCard, unsigned char *AID, unsigned char tag, unsigned char **value);
unsigned long gscBsiGcUpdateValue(unsigned long hCard, unsigned char *AID, unsigned char tag, unsigned char *value);
unsigned long gscBsiGetChallenge(unsigned long hCard, unsigned char *AID, unsigned char **challenge);
unsigned long gscBsiSkiInternalAuthenticate(unsigned long hCard, unsigned char *AID, unsigned char algoID, unsigned char *challenge, unsigned char **cryptogram);
unsigned long gscBsiPkiCompute(unsigned long hCard, unsigned char *AID, unsigned char algoID, unsigned char *message, unsigned char **result);
unsigned long gscBsiPkiGetCertificate(unsigned long hCard, unsigned char *AID, unsigned char **Certificate);
unsigned long gscBsiGetCryptoProperties(unsigned long hCard, unsigned char *AID, struct CRYPTOacr *strctCRYPTOacr, unsigned long *keyLen);

Modified configure.ac from [0206db0963] to [4d0c0e3f42].

59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#  include <unistd.h>
#endif
#ifdef HAVE_PTHREAD_H
#  include <pthread.h>
#endif
])

dnl Check for PC/SC headers
DC_PCSC_HEADERS

dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker
DC_SYNC_RPATH

dnl If we updated LIBOBJS, update SHLIBOBJS -- must be last.
DC_SYNC_SHLIBOBJS

dnl Produce Makefile
AC_OUTPUT(Makefile)







|
|









59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#  include <unistd.h>
#endif
#ifdef HAVE_PTHREAD_H
#  include <pthread.h>
#endif
])

dnl Check for PC/SC headers and libraries
DC_PCSC

dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker
DC_SYNC_RPATH

dnl If we updated LIBOBJS, update SHLIBOBJS -- must be last.
DC_SYNC_SHLIBOBJS

dnl Produce Makefile
AC_OUTPUT(Makefile)