Overview
| Comment: | Updated to select correct applet and file for given identity for sign/decrypt
Added more debugging for selecting a key for sign/decrypt |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: | 9fc3b9fa035d09ce98fe56b3c55a61221e85cc57 |
| User & Date: | rkeene on 2010-05-15 00:25:26 |
| Other Links: | manifest | tags |
Context
|
2010-05-15
| ||
| 00:34 |
Added line numbers to debugging output
Added overloaded debugging strdup to check for leaks check-in: 709b50760d user: rkeene tags: trunk | |
| 00:25 |
Updated to select correct applet and file for given identity for sign/decrypt
Added more debugging for selecting a key for sign/decrypt check-in: 9fc3b9fa03 user: rkeene tags: trunk | |
|
2010-05-14
| ||
| 23:33 | Added untested support for Sign/Decrypt check-in: fc063dd0df user: rkeene tags: trunk | |
Changes
Modified cackey.c from [4487b6bfe2] to [36bd79ba26].
475 475 unsigned long search_curr_id; 476 476 477 477 int sign_active; 478 478 CK_MECHANISM_TYPE sign_mechanism; 479 479 CK_BYTE_PTR sign_buf; 480 480 unsigned long sign_buflen; 481 481 unsigned long sign_bufused; 482 + struct cackey_identity *sign_identity; 482 483 483 484 int decrypt_active; 484 485 CK_MECHANISM_TYPE decrypt_mechanism; 485 486 CK_VOID_PTR decrypt_mech_parm; 486 487 CK_ULONG decrypt_mech_parmlen; 487 - 488 + struct cackey_identity *decrypt_identity; 488 489 }; 489 490 490 491 struct cackey_slot { 491 492 int active; 492 493 493 494 char *pcsc_reader; 494 495 ................................................................................ 1786 1787 * RETURN VALUE 1787 1788 * ... 1788 1789 * 1789 1790 * NOTES 1790 1791 * ... 1791 1792 * 1792 1793 */ 1793 -static ssize_t cackey_signdecrypt(struct cackey_slot *slot, unsigned char *buf, size_t buflen, unsigned char *outbuf, size_t outbuflen) { 1794 +static ssize_t cackey_signdecrypt(struct cackey_slot *slot, struct cackey_identity *identity, unsigned char *buf, size_t buflen, unsigned char *outbuf, size_t outbuflen) { 1794 1795 cackey_ret send_ret; 1795 1796 1796 1797 CACKEY_DEBUG_PRINTF("Called."); 1797 1798 1798 1799 if (buflen > 255) { 1799 1800 CACKEY_DEBUG_PRINTF("Error. buflen is greater than 255 (buflen = %lu)", (unsigned long) buflen); 1800 1801 ................................................................................ 1821 1822 1822 1823 if (outbuf == NULL) { 1823 1824 CACKEY_DEBUG_PRINTF("Error. outbuf is NULL"); 1824 1825 1825 1826 return(-1); 1826 1827 } 1827 1828 1829 + /* Begin transaction */ 1830 + cackey_begin_transaction(slot); 1831 + 1832 + /* Select correct applet */ 1833 + cackey_select_applet(slot, identity->identity->applet, sizeof(identity->identity->applet)); 1834 + 1835 + /* Select correct file */ 1836 + cackey_select_file(slot, identity->identity->file); 1837 + 1828 1838 send_ret = cackey_send_apdu(slot, GSCIS_CLASS_GLOBAL_PLATFORM, GSCIS_INSTR_SIGNDECRYPT, 0x00, 0x00, buflen, buf, outbuflen, NULL, outbuf, &outbuflen); 1829 1839 if (send_ret != CACKEY_PCSC_S_OK) { 1830 1840 CACKEY_DEBUG_PRINTF("ADPU Sending Failed -- returning in error."); 1831 1841 1842 + /* End transaction */ 1843 + cackey_end_transaction(slot); 1844 + 1832 1845 return(-1); 1833 1846 } 1834 1847 1848 + /* End transaction */ 1849 + cackey_end_transaction(slot); 1850 + 1835 1851 CACKEY_DEBUG_PRINTF("Returning in success."); 1836 1852 1837 1853 return(outbuflen); 1838 1854 } 1839 1855 1840 1856 /* 1841 1857 * SYNPOSIS ................................................................................ 4120 4136 4121 4137 return(CKR_OPERATION_ACTIVE); 4122 4138 } 4123 4139 4124 4140 if (hKey >= cackey_sessions[hSession].identities_count) { 4125 4141 cackey_mutex_unlock(cackey_biglock); 4126 4142 4127 - CACKEY_DEBUG_PRINTF("Error. Key handle out of range."); 4143 + CACKEY_DEBUG_PRINTF("Error. Key handle out of range (requested key %lu, only %lu identities available).", (unsigned long) hKey, (unsigned long) cackey_sessions[hSession].identities_count); 4128 4144 4129 4145 return(CKR_KEY_HANDLE_INVALID); 4130 4146 } 4131 4147 4132 4148 cackey_sessions[hSession].decrypt_active = 1; 4133 4149 4134 4150 cackey_sessions[hSession].decrypt_mechanism = pMechanism->mechanism; 4135 4151 cackey_sessions[hSession].decrypt_mech_parm = pMechanism->pParameter; 4136 4152 cackey_sessions[hSession].decrypt_mech_parmlen = pMechanism->ulParameterLen; 4153 + cackey_sessions[hSession].decrypt_identity = &cackey_sessions[hSession].identities[hKey]; 4137 4154 4138 4155 mutex_retval = cackey_mutex_unlock(cackey_biglock); 4139 4156 if (mutex_retval != 0) { 4140 4157 CACKEY_DEBUG_PRINTF("Error. Unlocking failed."); 4141 4158 4142 4159 return(CKR_GENERAL_ERROR); 4143 4160 } ................................................................................ 4260 4277 4261 4278 return(CKR_OPERATION_NOT_INITIALIZED); 4262 4279 } 4263 4280 4264 4281 switch (cackey_sessions[hSession].decrypt_mechanism) { 4265 4282 case CKM_RSA_PKCS: 4266 4283 /* Ask card to decrypt */ 4267 - buflen = cackey_signdecrypt(&cackey_slots[cackey_sessions[hSession].slotID], pEncryptedPart, ulEncryptedPartLen, buf, sizeof(buf)); 4284 + buflen = cackey_signdecrypt(&cackey_slots[cackey_sessions[hSession].slotID], cackey_sessions[hSession].decrypt_identity, pEncryptedPart, ulEncryptedPartLen, buf, sizeof(buf)); 4268 4285 4269 4286 if (buflen < 0) { 4270 4287 /* Decryption failed. */ 4271 4288 retval = CKR_GENERAL_ERROR; 4272 4289 } else if (((unsigned long) buflen) > *pulPartLen && pPart) { 4273 4290 /* Decrypted data too large */ 4274 4291 retval = CKR_BUFFER_TOO_SMALL; ................................................................................ 4489 4506 4490 4507 return(CKR_OPERATION_ACTIVE); 4491 4508 } 4492 4509 4493 4510 if (hKey >= cackey_sessions[hSession].identities_count) { 4494 4511 cackey_mutex_unlock(cackey_biglock); 4495 4512 4496 - CACKEY_DEBUG_PRINTF("Error. Key handle out of range."); 4513 + CACKEY_DEBUG_PRINTF("Error. Key handle out of range (requested key %lu, only %lu identities available).", (unsigned long) hKey, (unsigned long) cackey_sessions[hSession].identities_count); 4497 4514 4498 4515 return(CKR_KEY_HANDLE_INVALID); 4499 4516 } 4500 4517 4501 4518 cackey_sessions[hSession].sign_active = 1; 4502 4519 4503 4520 cackey_sessions[hSession].sign_mechanism = pMechanism->mechanism; 4504 4521 4505 4522 cackey_sessions[hSession].sign_buflen = 128; 4506 4523 cackey_sessions[hSession].sign_bufused = 0; 4507 4524 cackey_sessions[hSession].sign_buf = malloc(sizeof(*cackey_sessions[hSession].sign_buf) * cackey_sessions[hSession].sign_buflen); 4525 + cackey_sessions[hSession].sign_identity = &cackey_sessions[hSession].identities[hKey]; 4508 4526 4509 4527 mutex_retval = cackey_mutex_unlock(cackey_biglock); 4510 4528 if (mutex_retval != 0) { 4511 4529 CACKEY_DEBUG_PRINTF("Error. Unlocking failed."); 4512 4530 4513 4531 return(CKR_GENERAL_ERROR); 4514 4532 } ................................................................................ 4692 4710 4693 4711 return(CKR_OPERATION_NOT_INITIALIZED); 4694 4712 } 4695 4713 4696 4714 switch (cackey_sessions[hSession].sign_mechanism) { 4697 4715 case CKM_RSA_PKCS: 4698 4716 /* Ask card to sign */ 4699 - sigbuflen = cackey_signdecrypt(&cackey_slots[cackey_sessions[hSession].slotID], cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_buflen, sigbuf, sizeof(sigbuf)); 4717 + sigbuflen = cackey_signdecrypt(&cackey_slots[cackey_sessions[hSession].slotID], cackey_sessions[hSession].sign_identity, cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_buflen, sigbuf, sizeof(sigbuf)); 4700 4718 4701 4719 if (sigbuflen < 0) { 4702 4720 /* Signing failed. */ 4703 4721 retval = CKR_GENERAL_ERROR; 4704 4722 } else if (((unsigned long) sigbuflen) > *pulSignatureLen && pSignature) { 4705 4723 /* Signed data too large */ 4706 4724 retval = CKR_BUFFER_TOO_SMALL;