Check-in [a5af46b2b5]
Overview
Comment:Updated to cache certificate information

Added a C_FindObject() speed test macro

Updated to reset slot less frequently

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:a5af46b2b562bf71755889d99082c219ea97d7c1
User & Date: rkeene on 2012-07-30 05:06:18
Other Links: manifest | tags
Context
2012-07-30
05:07
Moved copying in of automake/autoconf files to autogen from build check-in: 2086fbe318 user: rkeene tags: trunk
05:06
Updated to cache certificate information

Added a C_FindObject() speed test macro

Updated to reset slot less frequently check-in: a5af46b2b5 user: rkeene tags: trunk

2012-07-27
19:00
Updated to copy win64 build tree to releases in addition to win32 check-in: 1bab9f801f user: rkeene tags: trunk
Changes

Modified cackey.c from [984e852cb7] to [3db9c71bd5].

    40     40   #    include <zlib.h>
    41     41   #  endif
    42     42   #else
    43     43   #  ifdef HAVE_LIBZ
    44     44   #    undef HAVE_LIBZ
    45     45   #  endif
    46     46   #endif
           47  +#ifdef CACKEY_DEBUG_SEARCH_SPEEDTEST
           48  +#  include <sys/time.h>
           49  +#endif
    47     50   
    48     51   #define CK_PTR *
    49     52   #define CK_DEFINE_FUNCTION(returnType, name) returnType name
    50     53   #define CK_DECLARE_FUNCTION(returnType, name) returnType name
    51     54   #define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
    52     55   #define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
    53     56   #ifndef NULL_PTR
................................................................................
   726    729   	int slot_reset;
   727    730   
   728    731   	CK_FLAGS token_flags;
   729    732   
   730    733   	unsigned char *label;
   731    734   
   732    735   	DWORD protocol;
          736  +
          737  +	unsigned int cached_certs_count;
          738  +	struct cackey_pcsc_identity *cached_certs;
   733    739   };
   734    740   
   735    741   typedef enum {
   736    742   	CACKEY_TLV_APP_GENERIC = 0x01,
   737    743   	CACKEY_TLV_APP_SKI     = 0x02,
   738    744   	CACKEY_TLV_APP_PKI     = 0x04
   739    745   } cackey_tlv_apptype;
................................................................................
  2082   2088   
  2083   2089   	if (free_start) {
  2084   2090   		free(start);
  2085   2091   	}
  2086   2092   
  2087   2093   	return;
  2088   2094   }
         2095  +
         2096  +static struct cackey_pcsc_identity *cackey_copy_certs(struct cackey_pcsc_identity *dest, struct cackey_pcsc_identity *start, size_t count) {
         2097  +	size_t idx;
         2098  +
         2099  +	if (start == NULL) {
         2100  +		return(NULL);
         2101  +	}
         2102  +
         2103  +	if (dest == NULL) {
         2104  +		dest = malloc(sizeof(*dest) * count);
         2105  +	}
         2106  +
         2107  +	for (idx = 0; idx < count; idx++) {
         2108  +		memcpy(dest[idx].applet, start[idx].applet, sizeof(dest[idx].applet));
         2109  +		dest[idx].file = start[idx].file;
         2110  +		dest[idx].certificate_len = start[idx].certificate_len;
         2111  +		dest[idx].keysize = start[idx].keysize;
         2112  +
         2113  +		dest[idx].certificate = malloc(dest[idx].certificate_len);
         2114  +		memcpy(dest[idx].certificate, start[idx].certificate, dest[idx].certificate_len);
         2115  +	}
         2116  +
         2117  +	return(dest);
         2118  +}
  2089   2119   
  2090   2120   /*
  2091   2121    * SYNPOSIS
  2092   2122    *     ...
  2093   2123    *
  2094   2124    * ARGUMENTS
  2095   2125    *     ...
................................................................................
  2122   2152   	if (certs != NULL) {
  2123   2153   		if (*count == 0) {
  2124   2154   			CACKEY_DEBUG_PRINTF("Requested we return 0 objects, short-circuit");
  2125   2155   
  2126   2156   			return(certs);
  2127   2157   		}
  2128   2158   	}
         2159  +
         2160  +	if (!slot->slot_reset) {
         2161  +		if (slot->cached_certs) {
         2162  +			if (certs == NULL) {
         2163  +				certs = malloc(sizeof(*certs) * slot->cached_certs_count);
         2164  +				*count = slot->cached_certs_count;
         2165  +
         2166  +			} else {
         2167  +				if (*count > slot->cached_certs_count) {
         2168  +					*count = slot->cached_certs_count;
         2169  +				}
         2170  +			}
         2171  +
         2172  +			cackey_copy_certs(certs, slot->cached_certs, *count);
         2173  +
         2174  +			return(certs);
         2175  +		}
         2176  +	}
         2177  +
         2178  +	if (slot->cached_certs) {
         2179  +		cackey_free_certs(slot->cached_certs, slot->cached_certs_count, 1);
         2180  +
         2181  +		slot->cached_certs = NULL;
         2182  +	}
  2129   2183   
  2130   2184   	/* Begin a SmartCard transaction */
  2131   2185   	transaction_ret = cackey_begin_transaction(slot);
  2132   2186   	if (transaction_ret != CACKEY_PCSC_S_OK) {
  2133   2187   		CACKEY_DEBUG_PRINTF("Unable begin transaction, returning in failure");
  2134   2188   
  2135   2189   		return(NULL);
................................................................................
  2243   2297   	cackey_free_tlv(ccc_tlv);
  2244   2298   
  2245   2299   	*count = outidx;
  2246   2300   
  2247   2301   	if (certs_resizable) {
  2248   2302   		certs = realloc(certs, sizeof(*certs) * (*count));
  2249   2303   	}
         2304  +
         2305  +	slot->cached_certs = cackey_copy_certs(NULL, certs, *count);
         2306  +	slot->cached_certs_count = *count;
  2250   2307   
  2251   2308   	/* Terminate SmartCard Transaction */
  2252   2309   	cackey_end_transaction(slot);
  2253   2310   
  2254   2311   	return(certs);
  2255   2312   }
  2256   2313   
................................................................................
  2409   2466   				return(CACKEY_PCSC_E_NEEDLOGIN);
  2410   2467   			}
  2411   2468   
  2412   2469   			if (send_ret == CACKEY_PCSC_E_TOKENABSENT) {
  2413   2470   				CACKEY_DEBUG_PRINTF("Token absent.  Returning TOKENABSENT");
  2414   2471   
  2415   2472   				cackey_mark_slot_reset(slot);
  2416         -				slot->token_flags = CKF_LOGIN_REQUIRED;
  2417   2473   
  2418   2474   				return(CACKEY_PCSC_E_TOKENABSENT);
  2419   2475   			}
  2420   2476   
  2421   2477   			return(-1);
  2422   2478   		}
  2423   2479   
................................................................................
  3640   3696   		if (cackey_slots[idx].internal) {
  3641   3697   			continue;
  3642   3698   		}
  3643   3699   
  3644   3700   		if (cackey_slots[idx].pcsc_reader) {
  3645   3701   			free(cackey_slots[idx].pcsc_reader);
  3646   3702   		}
         3703  +
         3704  +		if (cackey_slots[idx].cached_certs) {
         3705  +			cackey_free_certs(cackey_slots[idx].cached_certs, cackey_slots[idx].cached_certs_count, 1);
         3706  +
         3707  +			cackey_slots[idx].cached_certs = NULL;
         3708  +		}
  3647   3709   	}
  3648   3710   
  3649   3711   	cackey_pcsc_disconnect();
  3650   3712   
  3651   3713   	cackey_initialized = 0;
  3652   3714   
  3653   3715   	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
................................................................................
  3692   3754   	return(CKR_OK);
  3693   3755   }
  3694   3756   
  3695   3757   /*
  3696   3758    * Process list of readers, and create mapping between reader name and slot ID
  3697   3759    */
  3698   3760   CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
         3761  +	static int first_call = 1;
  3699   3762   	int mutex_retval;
  3700   3763   	int pcsc_connect_ret;
  3701   3764   	CK_ULONG count, slot_count = 0, currslot, slot_idx;
  3702   3765   	char *pcsc_readers, *pcsc_readers_s, *pcsc_readers_e;
  3703   3766   	DWORD pcsc_readers_len;
  3704   3767   	LONG scard_listreaders_ret;
  3705   3768   	size_t curr_reader_len;
         3769  +	int slot_reset;
  3706   3770   
  3707   3771   	CACKEY_DEBUG_PRINTF("Called.");
  3708   3772   
  3709   3773   	if (pulCount == NULL) {
  3710   3774   		CACKEY_DEBUG_PRINTF("Error. pulCount is NULL.");
  3711   3775   
  3712   3776   		return(CKR_ARGUMENTS_BAD);
................................................................................
  3722   3786   	if (mutex_retval != 0) {
  3723   3787   		CACKEY_DEBUG_PRINTF("Error.  Locking failed.");
  3724   3788   
  3725   3789   		return(CKR_GENERAL_ERROR);
  3726   3790   	}
  3727   3791   
  3728   3792   	/* Clear list of slots */
         3793  +	slot_reset = 0;
  3729   3794   	if (pSlotList) {
  3730         -		CACKEY_DEBUG_PRINTF("Purging all slot information.");
         3795  +		if (first_call) {
         3796  +			first_call = 0;
  3731   3797   
  3732         -		/* Only update the list of slots if we are actually being supply the slot information */
  3733         -		cackey_slots_disconnect_all();
         3798  +			slot_reset = 1;
         3799  +		}
  3734   3800   
         3801  +		/* If any of the slots have been reset then purge all information and check again */
  3735   3802   		for (currslot = 0; currslot < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); currslot++) {
  3736   3803   			if (cackey_slots[currslot].internal) {
  3737   3804   				continue;
  3738   3805   			}
  3739   3806   
  3740         -			if (cackey_slots[currslot].pcsc_reader) {
  3741         -				free(cackey_slots[currslot].pcsc_reader);
  3742         -
  3743         -				cackey_slots[currslot].pcsc_reader = NULL;
  3744         -			}
  3745         -
  3746         -			if (cackey_slots[currslot].label) {
  3747         -				free(cackey_slots[currslot].label);
  3748         -
  3749         -				cackey_slots[currslot].label = NULL;
  3750         -			}
  3751         -
  3752         -			cackey_slots[currslot].active = 0;
         3807  +			if (!cackey_slots[currslot].active) {
         3808  +				continue;
         3809  +			}
         3810  +
         3811  +			if (cackey_slots[currslot].slot_reset) {
         3812  +				slot_reset = 1;
         3813  +
         3814  +				break;
         3815  +			}
         3816  +		}
         3817  +
         3818  +		if (slot_reset) {
         3819  +			CACKEY_DEBUG_PRINTF("Purging all slot information.");
         3820  +
         3821  +			/* Only update the list of slots if we are actually being supply the slot information */
         3822  +			cackey_slots_disconnect_all();
         3823  +
         3824  +			for (currslot = 0; currslot < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); currslot++) {
         3825  +				if (cackey_slots[currslot].internal) {
         3826  +					continue;
         3827  +				}
         3828  +
         3829  +				if (cackey_slots[currslot].pcsc_reader) {
         3830  +					free(cackey_slots[currslot].pcsc_reader);
         3831  +
         3832  +					cackey_slots[currslot].pcsc_reader = NULL;
         3833  +				}
         3834  +
         3835  +				if (cackey_slots[currslot].label) {
         3836  +					free(cackey_slots[currslot].label);
         3837  +
         3838  +					cackey_slots[currslot].label = NULL;
         3839  +				}
         3840  +
         3841  +				cackey_slots[currslot].active = 0;
         3842  +			}
         3843  +		} else {
         3844  +			
  3753   3845   		}
  3754   3846   	}
  3755   3847   
  3756   3848   	/* Determine list of readers */
  3757   3849   	pcsc_connect_ret = cackey_pcsc_connect();
  3758   3850   	if (pcsc_connect_ret != CACKEY_PCSC_S_OK) {
  3759   3851   		CACKEY_DEBUG_PRINTF("Connection to PC/SC failed, assuming no slots");
................................................................................
  3810   3902   						break;
  3811   3903   					}
  3812   3904   
  3813   3905   					CACKEY_DEBUG_PRINTF("Found reader: %s", pcsc_readers);
  3814   3906   
  3815   3907   					/* Only update the list of slots if we are actually being asked supply the slot information */
  3816   3908   					if (pSlotList) {
  3817         -						cackey_slots[currslot].active = 1;
  3818         -						cackey_slots[currslot].internal = 0;
  3819         -						cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);
  3820         -						cackey_slots[currslot].pcsc_card_connected = 0;
  3821         -						cackey_slots[currslot].transaction_depth = 0;
  3822         -						cackey_slots[currslot].transaction_need_hw_lock = 0;
  3823         -						cackey_slots[currslot].slot_reset = 1;
  3824         -						cackey_slots[currslot].token_flags = CKF_LOGIN_REQUIRED;
  3825         -						cackey_slots[currslot].label = NULL;
         3909  +						if (slot_reset) {
         3910  +							cackey_slots[currslot].active = 1;
         3911  +							cackey_slots[currslot].internal = 0;
         3912  +							cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);
         3913  +							cackey_slots[currslot].pcsc_card_connected = 0;
         3914  +							cackey_slots[currslot].transaction_depth = 0;
         3915  +							cackey_slots[currslot].transaction_need_hw_lock = 0;
         3916  +							cackey_slots[currslot].token_flags = CKF_LOGIN_REQUIRED;
         3917  +							cackey_slots[currslot].label = NULL;
  3826   3918   
  3827         -						cackey_mark_slot_reset(&cackey_slots[currslot]);
         3919  +							cackey_mark_slot_reset(&cackey_slots[currslot]);
         3920  +						}
  3828   3921   					} else {
  3829   3922   						/* Artificially increase the number of active slots by what will become active */
  3830   3923   						slot_count++;
  3831   3924   					}
  3832   3925   					currslot++;
  3833   3926   
  3834   3927   					pcsc_readers += curr_reader_len + 1;
................................................................................
  5120   5213   
  5121   5214   CK_DEFINE_FUNCTION(CK_RV, C_FindObjects)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount, CK_ULONG_PTR pulObjectCount) {
  5122   5215   	struct cackey_identity *curr_id;
  5123   5216   	CK_ATTRIBUTE *curr_attr;
  5124   5217   	CK_ULONG curr_id_idx, curr_out_id_idx, curr_attr_idx, sess_attr_idx;
  5125   5218   	CK_ULONG matched_count, prev_matched_count;
  5126   5219   	int mutex_retval;
         5220  +#ifdef CACKEY_DEBUG_SEARCH_SPEEDTEST
         5221  +	struct timeval start, end;
         5222  +	uint64_t start_int, end_int;
         5223  +#endif
  5127   5224   
  5128   5225   	CACKEY_DEBUG_PRINTF("Called.");
  5129   5226   
  5130   5227   	if (!cackey_initialized) {
  5131   5228   		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
  5132   5229   
  5133   5230   		return(CKR_CRYPTOKI_NOT_INITIALIZED);
................................................................................
  5184   5281   	if (!cackey_sessions[hSession].search_active) {
  5185   5282   		cackey_mutex_unlock(cackey_biglock);
  5186   5283   
  5187   5284   		CACKEY_DEBUG_PRINTF("Error.  Search not active.");
  5188   5285   		
  5189   5286   		return(CKR_OPERATION_NOT_INITIALIZED);
  5190   5287   	}
         5288  +
         5289  +#ifdef CACKEY_DEBUG_SEARCH_SPEEDTEST
         5290  +	gettimeofday(&start, NULL);
         5291  +#endif
  5191   5292   
  5192   5293   	curr_out_id_idx = 0;
  5193   5294   	for (curr_id_idx = cackey_sessions[hSession].search_curr_id; curr_id_idx < cackey_sessions[hSession].identities_count && ulMaxObjectCount; curr_id_idx++) {
  5194   5295   		curr_id = &cackey_sessions[hSession].identities[curr_id_idx];
  5195   5296   
  5196   5297   		CACKEY_DEBUG_PRINTF("Processing identity:%lu", (unsigned long) curr_id_idx);
  5197   5298   
................................................................................
  5229   5330   			curr_out_id_idx++;
  5230   5331   		} else {
  5231   5332   			CACKEY_DEBUG_PRINTF("  ... Not all %i (only found %i) attributes checked for found, not adding identity:%i", (int) cackey_sessions[hSession].search_query_count, (int) matched_count, (int) curr_id_idx);
  5232   5333   		}
  5233   5334   	}
  5234   5335   	cackey_sessions[hSession].search_curr_id = curr_id_idx;
  5235   5336   	*pulObjectCount = curr_out_id_idx;
         5337  +
         5338  +#ifdef CACKEY_DEBUG_SEARCH_SPEEDTEST
         5339  +	gettimeofday(&end, NULL);
         5340  +	start_int = (start.tv_sec * 1000000) + start.tv_usec;
         5341  +	end_int = (end.tv_sec * 1000000) + end.tv_usec;
         5342  +	fprintf(stderr, "Search took %lu microseconds\n", (unsigned long) (end_int - start_int));
         5343  +#endif
  5236   5344   
  5237   5345   	mutex_retval = cackey_mutex_unlock(cackey_biglock);
  5238   5346   	if (mutex_retval != 0) {
  5239   5347   		CACKEY_DEBUG_PRINTF("Error.  Unlocking failed.");
  5240   5348   
  5241   5349   		return(CKR_GENERAL_ERROR);
  5242   5350   	}