Overview
| Comment: | Updated to set LOGIN_REQUIRED flag when C_Logout is called
Updated to check all references to a session's slot |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: | a08de243846911794ed3b7f061cd7d4ebab2e7fc |
| User & Date: | rkeene on 2010-05-22 21:31:22 |
| Other Links: | manifest | tags |
Context
|
2010-05-23
| ||
| 02:59 |
Updated to retry APDU in some cases
Updated to recognize when a card is logged out without being switched check-in: 9b8b8e3b4a user: rkeene tags: trunk | |
|
2010-05-22
| ||
| 21:31 |
Updated to set LOGIN_REQUIRED flag when C_Logout is called
Updated to check all references to a session's slot check-in: a08de24384 user: rkeene tags: trunk | |
| 18:55 |
CACKey 0.5.8
Updated specfile with data from coolkey check-in: 46cd43db95 user: rkeene tags: trunk, 0.5.8 | |
Changes
Modified cackey.c from [ca30d967da] to [26bb9837f1].
3857 3857 3858 3858 CACKEY_DEBUG_PRINTF("Returning CKR_FUNCTION_NOT_SUPPORTED (%i)", CKR_FUNCTION_NOT_SUPPORTED); 3859 3859 3860 3860 return(CKR_FUNCTION_NOT_SUPPORTED); 3861 3861 } 3862 3862 3863 3863 CK_DEFINE_FUNCTION(CK_RV, C_Login)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen) { 3864 + CK_SLOT_ID slotID; 3864 3865 int mutex_retval; 3865 3866 int tries_remaining; 3866 3867 int login_ret; 3867 3868 3868 3869 CACKEY_DEBUG_PRINTF("Called."); 3869 3870 3870 3871 if (!cackey_initialized) { ................................................................................ 3896 3897 cackey_mutex_unlock(cackey_biglock); 3897 3898 3898 3899 CACKEY_DEBUG_PRINTF("Error. Session not active."); 3899 3900 3900 3901 return(CKR_SESSION_HANDLE_INVALID); 3901 3902 } 3902 3903 3903 - login_ret = cackey_login(&cackey_slots[cackey_sessions[hSession].slotID], pPin, ulPinLen, &tries_remaining); 3904 + slotID = cackey_sessions[hSession].slotID; 3905 + 3906 + if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) { 3907 + CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID); 3908 + 3909 + return(CKR_GENERAL_ERROR); 3910 + } 3911 + 3912 + if (cackey_slots[slotID].active == 0) { 3913 + CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID); 3914 + 3915 + cackey_mutex_unlock(cackey_biglock); 3916 + 3917 + return(CKR_GENERAL_ERROR); 3918 + } 3919 + 3920 + login_ret = cackey_login(&cackey_slots[slotID], pPin, ulPinLen, &tries_remaining); 3904 3921 if (login_ret != CACKEY_PCSC_S_OK) { 3905 3922 cackey_mutex_unlock(cackey_biglock); 3906 3923 3907 3924 if (login_ret == CACKEY_PCSC_E_LOCKED) { 3908 3925 CACKEY_DEBUG_PRINTF("Error. Token is locked."); 3909 3926 3910 - cackey_slots[cackey_sessions[hSession].slotID].token_flags |= CKF_USER_PIN_LOCKED; 3927 + cackey_slots[slotID].token_flags |= CKF_USER_PIN_LOCKED; 3911 3928 3912 3929 return(CKR_PIN_LOCKED); 3913 3930 } else if (login_ret == CACKEY_PCSC_E_BADPIN) { 3914 3931 CACKEY_DEBUG_PRINTF("Error. Invalid PIN."); 3915 3932 3916 - cackey_slots[cackey_sessions[hSession].slotID].token_flags |= CKF_USER_PIN_COUNT_LOW; 3933 + cackey_slots[slotID].token_flags |= CKF_USER_PIN_COUNT_LOW; 3917 3934 3918 3935 if (tries_remaining == 1) { 3919 - cackey_slots[cackey_sessions[hSession].slotID].token_flags |= CKF_USER_PIN_FINAL_TRY; 3936 + cackey_slots[slotID].token_flags |= CKF_USER_PIN_FINAL_TRY; 3920 3937 } 3921 3938 3922 3939 return(CKR_PIN_INCORRECT); 3923 3940 } 3924 3941 3925 3942 CACKEY_DEBUG_PRINTF("Error. Unknown error returned from cackey_login() (%i)", login_ret); 3926 3943 3927 3944 return(CKR_GENERAL_ERROR); 3928 3945 } 3929 3946 3930 - cackey_slots[cackey_sessions[hSession].slotID].token_flags &= ~(CKF_USER_PIN_LOCKED | CKF_USER_PIN_COUNT_LOW | CKF_LOGIN_REQUIRED | CKF_USER_PIN_FINAL_TRY); 3947 + cackey_slots[slotID].token_flags &= ~(CKF_USER_PIN_LOCKED | CKF_USER_PIN_COUNT_LOW | CKF_LOGIN_REQUIRED | CKF_USER_PIN_FINAL_TRY); 3931 3948 3932 3949 cackey_sessions[hSession].state = CKS_RO_USER_FUNCTIONS; 3933 3950 3934 3951 mutex_retval = cackey_mutex_unlock(cackey_biglock); 3935 3952 if (mutex_retval != 0) { 3936 3953 CACKEY_DEBUG_PRINTF("Error. Unlocking failed."); 3937 3954 ................................................................................ 3940 3957 3941 3958 CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK); 3942 3959 3943 3960 return(CKR_OK); 3944 3961 } 3945 3962 3946 3963 CK_DEFINE_FUNCTION(CK_RV, C_Logout)(CK_SESSION_HANDLE hSession) { 3964 + CK_SLOT_ID slotID; 3947 3965 int mutex_retval; 3948 3966 3949 3967 CACKEY_DEBUG_PRINTF("Called."); 3950 3968 3951 3969 if (!cackey_initialized) { 3952 3970 CACKEY_DEBUG_PRINTF("Error. Not initialized."); 3953 3971 ................................................................................ 3970 3988 if (!cackey_sessions[hSession].active) { 3971 3989 cackey_mutex_unlock(cackey_biglock); 3972 3990 3973 3991 CACKEY_DEBUG_PRINTF("Error. Session not active."); 3974 3992 3975 3993 return(CKR_SESSION_HANDLE_INVALID); 3976 3994 } 3995 + 3996 + slotID = cackey_sessions[hSession].slotID; 3997 + 3998 + if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) { 3999 + CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID); 4000 + 4001 + return(CKR_GENERAL_ERROR); 4002 + } 4003 + 4004 + if (cackey_slots[slotID].active == 0) { 4005 + CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID); 4006 + 4007 + cackey_mutex_unlock(cackey_biglock); 4008 + 4009 + return(CKR_GENERAL_ERROR); 4010 + } 3977 4011 3978 4012 cackey_sessions[hSession].state = CKS_RO_PUBLIC_SESSION; 4013 + cackey_slots[slotID].token_flags = CKF_LOGIN_REQUIRED; 3979 4014 3980 4015 mutex_retval = cackey_mutex_unlock(cackey_biglock); 3981 4016 if (mutex_retval != 0) { 3982 4017 CACKEY_DEBUG_PRINTF("Error. Unlocking failed."); 3983 4018 3984 4019 return(CKR_GENERAL_ERROR); 3985 4020 } ................................................................................ 4177 4212 4178 4213 CACKEY_DEBUG_PRINTF("Returning CKR_FUNCTION_NOT_SUPPORTED (%i)", CKR_FUNCTION_NOT_SUPPORTED); 4179 4214 4180 4215 return(CKR_FUNCTION_NOT_SUPPORTED); 4181 4216 } 4182 4217 4183 4218 CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) { 4219 + CK_SLOT_ID slotID; 4184 4220 int mutex_retval; 4185 4221 4186 4222 CACKEY_DEBUG_PRINTF("Called."); 4187 4223 4188 4224 if (!cackey_initialized) { 4189 4225 CACKEY_DEBUG_PRINTF("Error. Not initialized."); 4190 4226 ................................................................................ 4216 4252 cackey_mutex_unlock(cackey_biglock); 4217 4253 4218 4254 CACKEY_DEBUG_PRINTF("Error. Search already active."); 4219 4255 4220 4256 return(CKR_OPERATION_ACTIVE); 4221 4257 } 4222 4258 4223 - if (cackey_slots[cackey_sessions[hSession].slotID].slot_reset) { 4259 + slotID = cackey_sessions[hSession].slotID; 4260 + 4261 + if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) { 4262 + CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID); 4263 + 4264 + return(CKR_GENERAL_ERROR); 4265 + } 4266 + 4267 + if (cackey_slots[slotID].active == 0) { 4268 + CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID); 4269 + 4270 + cackey_mutex_unlock(cackey_biglock); 4271 + 4272 + return(CKR_GENERAL_ERROR); 4273 + } 4274 + 4275 + if (cackey_slots[slotID].slot_reset) { 4224 4276 CACKEY_DEBUG_PRINTF("The slot has been reset since we last looked for identities -- rescanning"); 4225 4277 4226 4278 if (cackey_sessions[hSession].identities != NULL) { 4227 4279 cackey_free_identities(cackey_sessions[hSession].identities, cackey_sessions[hSession].identities_count); 4228 4280 4229 4281 cackey_sessions[hSession].identities = NULL; 4230 4282 cackey_sessions[hSession].identities_count = 0; 4231 4283 } 4232 4284 4233 - if (cackey_slots[cackey_sessions[hSession].slotID].label != NULL) { 4234 - free(cackey_slots[cackey_sessions[hSession].slotID].label); 4235 - cackey_slots[cackey_sessions[hSession].slotID].label = NULL; 4285 + if (cackey_slots[slotID].label != NULL) { 4286 + free(cackey_slots[slotID].label); 4287 + cackey_slots[slotID].label = NULL; 4236 4288 } 4237 4289 4238 - cackey_slots[cackey_sessions[hSession].slotID].slot_reset = 0; 4239 - cackey_slots[cackey_sessions[hSession].slotID].token_flags = CKF_LOGIN_REQUIRED; 4290 + cackey_slots[slotID].slot_reset = 0; 4291 + cackey_slots[slotID].token_flags = CKF_LOGIN_REQUIRED; 4240 4292 } 4241 4293 4242 4294 if (cackey_sessions[hSession].identities == NULL) { 4243 - cackey_sessions[hSession].identities = cackey_read_identities(&cackey_slots[cackey_sessions[hSession].slotID], &cackey_sessions[hSession].identities_count); 4295 + cackey_sessions[hSession].identities = cackey_read_identities(&cackey_slots[slotID], &cackey_sessions[hSession].identities_count); 4244 4296 } 4245 4297 4246 4298 if (pTemplate != NULL) { 4247 4299 if (ulCount != 0) { 4248 4300 cackey_sessions[hSession].search_query_count = ulCount; 4249 4301 cackey_sessions[hSession].search_query = malloc(ulCount * sizeof(*pTemplate)); 4250 4302 ................................................................................ 4663 4715 4664 4716 return(CKR_OK); 4665 4717 } 4666 4718 4667 4719 CK_DEFINE_FUNCTION(CK_RV, C_DecryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen) { 4668 4720 static CK_BYTE buf[16384]; 4669 4721 ssize_t buflen; 4722 + CK_SLOT_ID slotID; 4670 4723 CK_RV retval = CKR_GENERAL_ERROR; 4671 4724 int mutex_retval; 4672 4725 4673 4726 CACKEY_DEBUG_PRINTF("Called."); 4674 4727 4675 4728 if (!cackey_initialized) { 4676 4729 CACKEY_DEBUG_PRINTF("Error. Not initialized."); ................................................................................ 4727 4780 if (!cackey_sessions[hSession].decrypt_active) { 4728 4781 cackey_mutex_unlock(cackey_biglock); 4729 4782 4730 4783 CACKEY_DEBUG_PRINTF("Error. Decrypt not active."); 4731 4784 4732 4785 return(CKR_OPERATION_NOT_INITIALIZED); 4733 4786 } 4787 + 4788 + slotID = cackey_sessions[hSession].slotID; 4789 + 4790 + if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) { 4791 + CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID); 4792 + 4793 + return(CKR_GENERAL_ERROR); 4794 + } 4795 + 4796 + if (cackey_slots[slotID].active == 0) { 4797 + CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID); 4798 + 4799 + cackey_mutex_unlock(cackey_biglock); 4800 + 4801 + return(CKR_GENERAL_ERROR); 4802 + } 4734 4803 4735 4804 switch (cackey_sessions[hSession].decrypt_mechanism) { 4736 4805 case CKM_RSA_PKCS: 4737 4806 /* Ask card to decrypt */ 4738 - buflen = cackey_signdecrypt(&cackey_slots[cackey_sessions[hSession].slotID], cackey_sessions[hSession].decrypt_identity, pEncryptedPart, ulEncryptedPartLen, buf, sizeof(buf), 0, 1); 4807 + buflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].decrypt_identity, pEncryptedPart, ulEncryptedPartLen, buf, sizeof(buf), 0, 1); 4739 4808 4740 4809 if (buflen < 0) { 4741 4810 /* Decryption failed. */ 4742 4811 retval = CKR_GENERAL_ERROR; 4743 4812 } else if (((unsigned long) buflen) > *pulPartLen && pPart) { 4744 4813 /* Decrypted data too large */ 4745 4814 retval = CKR_BUFFER_TOO_SMALL; ................................................................................ 5133 5202 5134 5203 return(CKR_OK); 5135 5204 } 5136 5205 5137 5206 CK_DEFINE_FUNCTION(CK_RV, C_SignFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) { 5138 5207 static CK_BYTE sigbuf[1024]; 5139 5208 ssize_t sigbuflen; 5209 + CK_SLOT_ID slotID; 5140 5210 CK_RV retval = CKR_GENERAL_ERROR; 5141 5211 int terminate_sign = 1; 5142 5212 int mutex_retval; 5143 5213 5144 5214 CACKEY_DEBUG_PRINTF("Called."); 5145 5215 5146 5216 if (!cackey_initialized) { ................................................................................ 5179 5249 if (!cackey_sessions[hSession].sign_active) { 5180 5250 cackey_mutex_unlock(cackey_biglock); 5181 5251 5182 5252 CACKEY_DEBUG_PRINTF("Error. Sign not active."); 5183 5253 5184 5254 return(CKR_OPERATION_NOT_INITIALIZED); 5185 5255 } 5256 + 5257 + slotID = cackey_sessions[hSession].slotID; 5258 + 5259 + if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) { 5260 + CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID); 5261 + 5262 + return(CKR_GENERAL_ERROR); 5263 + } 5264 + 5265 + if (cackey_slots[slotID].active == 0) { 5266 + CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID); 5267 + 5268 + cackey_mutex_unlock(cackey_biglock); 5269 + 5270 + return(CKR_GENERAL_ERROR); 5271 + } 5186 5272 5187 5273 switch (cackey_sessions[hSession].sign_mechanism) { 5188 5274 case CKM_RSA_PKCS: 5189 5275 /* Ask card to sign */ 5190 5276 CACKEY_DEBUG_PRINTF("Asking to sign from identity %p in session %lu", cackey_sessions[hSession].sign_identity, (unsigned long) hSession); 5191 - sigbuflen = cackey_signdecrypt(&cackey_slots[cackey_sessions[hSession].slotID], cackey_sessions[hSession].sign_identity, cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_bufused, sigbuf, sizeof(sigbuf), 1, 0); 5277 + sigbuflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].sign_identity, cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_bufused, sigbuf, sizeof(sigbuf), 1, 0); 5192 5278 5193 5279 if (sigbuflen < 0) { 5194 5280 /* Signing failed. */ 5195 5281 retval = CKR_GENERAL_ERROR; 5196 5282 } else if (((unsigned long) sigbuflen) > *pulSignatureLen && pSignature) { 5197 5283 /* Signed data too large */ 5198 5284 CACKEY_DEBUG_PRINTF("retval = CKR_BUFFER_TOO_SMALL; sigbuflen = %lu, pulSignatureLen = %lu", (unsigned long) sigbuflen, (unsigned long) *pulSignatureLen);