Overview
| Comment: | Merged in changes from piv |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | protected-auth-path |
| Files: | files | file ages | folders |
| SHA1: | 5f8f3e59a7e878f209ac206c41d2ae0a8d17053a |
| User & Date: | rkeene on 2013-09-14 04:11:55 |
| Other Links: | manifest | tags |
Context
|
2014-01-17
| ||
| 13:42 | Merged in trunk check-in: b5af3ab373 user: rkeene tags: protected-auth-path | |
|
2013-09-14
| ||
| 04:11 | Merged in changes from piv check-in: 5f8f3e59a7 user: rkeene tags: protected-auth-path | |
| 02:50 | Updated to treat a return code of 0x6E00 (wrong instruction class) the same as 0x6982 (security status not satisified) check-in: 2e1e0bfc20 user: rkeene tags: piv | |
|
2013-08-14
| ||
| 06:29 | Updated to not dead-lock when prompting for PIN during a signing operation check-in: 27d18fd03a user: rkeene tags: protected-auth-path | |
Changes
Modified cackey.c from [37c3fd69d4] to [5ad2713a20].
876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 .... 2453 2454 2455 2456 2457 2458 2459 2460 2461 2462 2463 2464 2465 2466 2467 .... 2871 2872 2873 2874 2875 2876 2877 2878 2879 2880 2881 2882 2883 2884 2885 .... 3081 3082 3083 3084 3085 3086 3087 3088 3089 3090 3091 3092 3093 3094 .... 4079 4080 4081 4082 4083 4084 4085 4086 4087 4088 4089 4090 4091 4092 .... 4122 4123 4124 4125 4126 4127 4128 4129 4130 4131 4132 4133 4134 4135 4136 .... 4154 4155 4156 4157 4158 4159 4160 4161 4162 4163 4164 4165 4166 4167 4168 4169 4170 4171 4172 4173 4174 4175 4176 4177 4178 4179 4180 4181 4182 4183 |
#include "cackey_builtin_certs.h" }; /* Protected Authentication Path command */ #define CACKEY_PIN_COMMAND_DEFAULT_XSTR(str) CACKEY_PIN_COMMAND_DEFAULT_STR(str) #define CACKEY_PIN_COMMAND_DEFAULT_STR(str) #str static char *cackey_pin_command = NULL; static char *cackey_pin_command_xonly = NULL; /* PCSC Global Handles */ static LPSCARDCONTEXT cackey_pcsc_handle = NULL; static unsigned long cackey_getversion(void) { static unsigned long retval = 255; unsigned long major = 0; ................................................................................ } if (!slot->slot_reset) { if (slot->cached_certs) { if (certs == NULL) { certs = malloc(sizeof(*certs) * slot->cached_certs_count); *count = slot->cached_certs_count; } else { if (*count > slot->cached_certs_count) { *count = slot->cached_certs_count; } } cackey_copy_certs(certs, slot->cached_certs, *count); ................................................................................ } } /* End transaction */ cackey_end_transaction(slot); if (respcode == 0x6982 || respcode == 0x6e00) { CACKEY_DEBUG_PRINTF("Security status not satisified. Returning NEEDLOGIN"); cackey_mark_slot_reset(slot); return(CACKEY_PCSC_E_NEEDLOGIN); } if (send_ret == CACKEY_PCSC_E_TOKENABSENT) { ................................................................................ CACKEY_DEBUG_PRINTF("We recently had a PIV card, so we will attempt to authenticate using the PIV Application key reference"); key_reference = 0x80; break; default: break; } } /* Issue PIN Verify */ send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_VERIFY, 0x00, key_reference, sizeof(cac_pin), cac_pin, 0x00, &response_code, NULL, NULL); if (send_ret != CACKEY_PCSC_S_OK) { if ((response_code & 0x63C0) == 0x63C0) { ................................................................................ return(NULL); } CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) { CK_C_INITIALIZE_ARGS CK_PTR args; uint32_t idx, highest_slot; int mutex_init_ret; CACKEY_DEBUG_PRINTF("Called."); if (cackey_initialized) { CACKEY_DEBUG_PRINTF("Error. Already initialized."); return(CKR_CRYPTOKI_ALREADY_INITIALIZED); ................................................................................ cackey_slots[idx].transaction_need_hw_lock = 0; cackey_slots[idx].slot_reset = 0; cackey_slots[idx].token_flags = 0; cackey_slots[idx].label = NULL; cackey_slots[idx].internal = 0; } if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) { CACKEY_DEBUG_PRINTF("Asked not to include DoD certificates"); } else { highest_slot = (sizeof(cackey_slots) / sizeof(cackey_slots[0])) - 1; CACKEY_DEBUG_PRINTF("Including DoD certs in slot %lu", (unsigned long) highest_slot); cackey_slots[highest_slot].active = 1; ................................................................................ cackey_biglock_init = 1; } /* Define a command to prompt user for a PIN */ #ifdef CACKEY_PIN_COMMAND_DEFAULT cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT); #endif #ifdef CACKEY_PIN_COMMAND_XONLY_DEFAULT cackey_pin_command_xonly = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT); #endif if (getenv("DISPLAY") != NULL) { cackey_pin_command = cackey_pin_command_xonly; } if (getenv("CACKEY_PIN_COMMAND_XONLY") != NULL && getenv("DISPLAY") != NULL) { cackey_pin_command = getenv("CACKEY_PIN_COMMAND_XONLY"); } if (getenv("CACKEY_PIN_COMMAND") != NULL) { cackey_pin_command = getenv("CACKEY_PIN_COMMAND"); } CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK); return(CKR_OK); } CK_DEFINE_FUNCTION(CK_RV, C_Finalize)(CK_VOID_PTR pReserved) { uint32_t idx; |
< < | > > > > > > > > > > > > > > > > > > > | > < > | < < < < |
876 877 878 879 880 881 882 883 884 885 886 887 888 889 .... 2452 2453 2454 2455 2456 2457 2458 2459 2460 2461 2462 2463 2464 2465 .... 2869 2870 2871 2872 2873 2874 2875 2876 2877 2878 2879 2880 2881 2882 2883 .... 3079 3080 3081 3082 3083 3084 3085 3086 3087 3088 3089 3090 3091 3092 3093 3094 .... 4079 4080 4081 4082 4083 4084 4085 4086 4087 4088 4089 4090 4091 4092 4093 .... 4123 4124 4125 4126 4127 4128 4129 4130 4131 4132 4133 4134 4135 4136 4137 4138 4139 4140 4141 4142 4143 4144 4145 4146 4147 4148 4149 4150 4151 .... 4169 4170 4171 4172 4173 4174 4175 4176 4177 4178 4179 4180 4181 4182 4183 4184 4185 4186 4187 4188 4189 4190 4191 4192 4193 4194 4195 4196 4197 |
#include "cackey_builtin_certs.h"
};
/* Protected Authentication Path command */
#define CACKEY_PIN_COMMAND_DEFAULT_XSTR(str) CACKEY_PIN_COMMAND_DEFAULT_STR(str)
#define CACKEY_PIN_COMMAND_DEFAULT_STR(str) #str
static char *cackey_pin_command = NULL;
/* PCSC Global Handles */
static LPSCARDCONTEXT cackey_pcsc_handle = NULL;
static unsigned long cackey_getversion(void) {
static unsigned long retval = 255;
unsigned long major = 0;
................................................................................
}
if (!slot->slot_reset) {
if (slot->cached_certs) {
if (certs == NULL) {
certs = malloc(sizeof(*certs) * slot->cached_certs_count);
*count = slot->cached_certs_count;
} else {
if (*count > slot->cached_certs_count) {
*count = slot->cached_certs_count;
}
}
cackey_copy_certs(certs, slot->cached_certs, *count);
................................................................................
}
}
/* End transaction */
cackey_end_transaction(slot);
if (respcode == 0x6982 || respcode == 0x6e00) {
CACKEY_DEBUG_PRINTF("Security status not satisified (respcode = 0x%04x). Returning NEEDLOGIN", (int) respcode);
cackey_mark_slot_reset(slot);
return(CACKEY_PCSC_E_NEEDLOGIN);
}
if (send_ret == CACKEY_PCSC_E_TOKENABSENT) {
................................................................................
CACKEY_DEBUG_PRINTF("We recently had a PIV card, so we will attempt to authenticate using the PIV Application key reference");
key_reference = 0x80;
break;
default:
break;
}
cackey_free_certs(pcsc_identities, num_certs, 1);
}
/* Issue PIN Verify */
send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_VERIFY, 0x00, key_reference, sizeof(cac_pin), cac_pin, 0x00, &response_code, NULL, NULL);
if (send_ret != CACKEY_PCSC_S_OK) {
if ((response_code & 0x63C0) == 0x63C0) {
................................................................................
return(NULL);
}
CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) {
CK_C_INITIALIZE_ARGS CK_PTR args;
uint32_t idx, highest_slot;
int mutex_init_ret;
int include_dod_certs;
CACKEY_DEBUG_PRINTF("Called.");
if (cackey_initialized) {
CACKEY_DEBUG_PRINTF("Error. Already initialized.");
return(CKR_CRYPTOKI_ALREADY_INITIALIZED);
................................................................................
cackey_slots[idx].transaction_need_hw_lock = 0;
cackey_slots[idx].slot_reset = 0;
cackey_slots[idx].token_flags = 0;
cackey_slots[idx].label = NULL;
cackey_slots[idx].internal = 0;
}
#ifdef CACKEY_NO_EXTRA_CERTS
if (getenv("CACKEY_EXTRA_CERTS") != NULL) {
include_dod_certs = 1;
} else {
include_dod_certs = 0;
}
#else
if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) {
include_dod_certs = 0;
} else {
include_dod_certs = 1;
}
#endif
if (include_dod_certs == 0) {
CACKEY_DEBUG_PRINTF("Asked not to include DoD certificates");
} else {
highest_slot = (sizeof(cackey_slots) / sizeof(cackey_slots[0])) - 1;
CACKEY_DEBUG_PRINTF("Including DoD certs in slot %lu", (unsigned long) highest_slot);
cackey_slots[highest_slot].active = 1;
................................................................................
cackey_biglock_init = 1;
}
/* Define a command to prompt user for a PIN */
#ifdef CACKEY_PIN_COMMAND_DEFAULT
cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT);
#endif
#ifdef CACKEY_PIN_COMMAND_XONLY_DEFAULT
if (getenv("DISPLAY") != NULL) {
cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT);
}
#endif
if (getenv("CACKEY_PIN_COMMAND") != NULL) {
cackey_pin_command = getenv("CACKEY_PIN_COMMAND");
}
if (getenv("CACKEY_PIN_COMMAND_XONLY") != NULL && getenv("DISPLAY") != NULL) {
cackey_pin_command = getenv("CACKEY_PIN_COMMAND_XONLY");
}
CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
return(CKR_OK);
}
CK_DEFINE_FUNCTION(CK_RV, C_Finalize)(CK_VOID_PTR pReserved) {
uint32_t idx;
|