Index: .fossil-settings/ignore-glob ================================================================== --- .fossil-settings/ignore-glob +++ .fossil-settings/ignore-glob @@ -13,5 +13,7 @@ libcackey_g.so libcackey.so libcackey.syms build/certs test +test-afl +test-afl.data Index: Makefile.in ================================================================== --- Makefile.in +++ Makefile.in @@ -34,10 +34,22 @@ -@WEAKENSYMS@ "libcackey_g.@SHOBJEXT@" test: test.c libcackey_g.@SHOBJEXT@ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o test test.c -Wl,-R,. libcackey_g.@SHOBJEXT@ +test-afl.data: test + tmpLogFile='log.$(shell openssl rand -hex 16)'; \ + ./test 2> $${tmpLogFile}; \ + echo -ne "$$( \ + grep 'Returned Value:' $${tmpLogFile} | sed 's@^.*/@@;s@ = {@ @;s@})$$@@;s@,@@g;s@ @\\x@g;s@\\@ \\@' | while IFS=' ' read -r count string; do \ + printf '\\x%02x\\x%02x%s' $$[$${count} / 256] $$[$${count} % 256] "$${string}"; \ + done \ + )" > test-afl.data; rm -f $${tmpLogFile} + +test-afl: test-afl.data test.c cackey.c cackey_builtin_certs.h sha1.c sha1.h md5.c md5.h asn1-x509.c asn1-x509.h config.h + $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -DCACKEY_TEST_AFL -o test-afl test.c $(patsubst -lpcsclite,,$(LIBS)) + splint-cackey.txt: cackey.c cackey_builtin_certs.h asn1-x509.c asn1-x509.h config.h splint $(DEBUGCPPFLAGS) -DCACKEY_PARANOID=1 -weak +posixlib -I/usr/include/PCSC -Ipkcs11 cackey.c > splint-cackey.txt install: libcackey.@SHOBJEXT@ -mkdir -p "$(DESTDIR)$(libdir)" Index: test.c ================================================================== --- test.c +++ test.c @@ -2,12 +2,241 @@ #include #include #include #include -#ifndef CACKEY_TEST_AFL +#ifdef CACKEY_TEST_AFL +#include +#include + +static unsigned char *inputData; +static unsigned long inputDataLen; + +/* Include the CACKey source */ +#include "cackey.c" + +#undef CACKEY_DEBUG_PRINTF +#define CACKEY_DEBUG_PRINTF(x...) /**/ +#undef malloc +#undef realloc +#undef strdup + +/* Fake a smartcard */ +const SCARD_IO_REQUEST g_rgSCardT0Pci, g_rgSCardT1Pci; +static int scard_inTransaction = 0; +static LONG scard_protocol; + + +PCSC_API LONG SCardEstablishContext(DWORD dwScope, LPCVOID pvReserved1, LPCVOID pvReserved2, LPSCARDCONTEXT phContext) { + CACKEY_DEBUG_PRINTF("Called"); + + *phContext = 42; + + return(SCARD_S_SUCCESS); +} + +PCSC_API LONG SCardIsValidContext(SCARDCONTEXT hContext) { + CACKEY_DEBUG_PRINTF("Called"); + + if (hContext != 42) { + return(SCARD_E_INVALID_HANDLE); + } + + return(SCARD_S_SUCCESS); +} + +PCSC_API LONG SCardListReaders(SCARDCONTEXT hContext, LPCSTR mszGroups, LPSTR mszReaders, LPDWORD pcchReaders) { + static char *readers = "READER0"; + + CACKEY_DEBUG_PRINTF("Called"); + + if (hContext != 42) { + return(SCARD_E_INVALID_HANDLE); + } + + *pcchReaders = strlen(readers) + 1; + + if (mszReaders == NULL) { + return(SCARD_S_SUCCESS); + } + + memcpy(mszReaders, readers, *pcchReaders); + + return(SCARD_S_SUCCESS); +} + +PCSC_API LONG SCardBeginTransaction(SCARDHANDLE hCard) { + CACKEY_DEBUG_PRINTF("Called"); + + if (hCard != 99) { + return(SCARD_E_INVALID_HANDLE); + } + + if (scard_inTransaction) { + return(SCARD_E_SHARING_VIOLATION); + } + + scard_inTransaction = 1; + + return(SCARD_S_SUCCESS); +} +PCSC_API LONG SCardEndTransaction(SCARDHANDLE hCard, DWORD dwDisposition) { + CACKEY_DEBUG_PRINTF("Called"); + + if (hCard != 99) { + return(SCARD_E_INVALID_HANDLE); + } + + scard_inTransaction = 0; + + return(SCARD_S_SUCCESS); +} + +PCSC_API LONG SCardStatus(SCARDHANDLE hCard, LPSTR mszReaderName, LPDWORD pcchReaderLen, LPDWORD pdwState, LPDWORD pdwProtocol, LPBYTE pbAtr, LPDWORD pcbAtrLen) { + LONG scardlistreaders_ret; + + CACKEY_DEBUG_PRINTF("Called"); + + if (hCard != 99) { + return(SCARD_E_INVALID_HANDLE); + } + + *pdwState = 0; + scardlistreaders_ret = SCardListReaders(42, NULL, mszReaderName, pcchReaderLen); + if (scardlistreaders_ret != SCARD_S_SUCCESS) { + return(scardlistreaders_ret); + } + + *pdwProtocol = scard_protocol; + + return(SCARD_S_SUCCESS); +} + +PCSC_API LONG SCardConnect(SCARDCONTEXT hContext, LPCSTR szReader, DWORD dwShareMode, DWORD dwPreferredProtocols, LPSCARDHANDLE phCard, LPDWORD pdwActiveProtocol) { + CACKEY_DEBUG_PRINTF("Called"); + + if (hContext != 42) { + return(SCARD_E_INVALID_HANDLE); + } + + if ((dwPreferredProtocols & SCARD_PROTOCOL_T0) == SCARD_PROTOCOL_T0) { + *pdwActiveProtocol = SCARD_PROTOCOL_T0; + } else { + *pdwActiveProtocol = SCARD_PROTOCOL_T1; + } + + scard_protocol = *pdwActiveProtocol; + + *phCard = 99; + + return(SCARD_S_SUCCESS); +} + +PCSC_API LONG SCardDisconnect(SCARDHANDLE hCard, DWORD dwDisposition) { + CACKEY_DEBUG_PRINTF("Called"); + + if (hCard != 99) { + return(SCARD_E_INVALID_HANDLE); + } + + return(SCARD_S_SUCCESS); +} + +PCSC_API LONG SCardReconnect(SCARDHANDLE hCard, DWORD dwShareMode, DWORD dwPreferredProtocols, DWORD dwInitialization, LPDWORD pdwActiveProtocol) { + CACKEY_DEBUG_PRINTF("Called"); + + if (hCard != 99) { + return(SCARD_E_INVALID_HANDLE); + } + + return(SCardConnect(42, NULL, dwShareMode, dwPreferredProtocols, NULL, pdwActiveProtocol)); +} + +PCSC_API LONG SCardReleaseContext(SCARDCONTEXT hContext) { + CACKEY_DEBUG_PRINTF("Called"); + + if (hContext != 42) { + return(SCARD_E_INVALID_HANDLE); + } + + return(SCARD_S_SUCCESS); +} + +PCSC_API LONG SCardTransmit(SCARDHANDLE hCard, const SCARD_IO_REQUEST *pioSendPci, LPCBYTE pbSendBuffer, DWORD cbSendLength, SCARD_IO_REQUEST *pioRecvPci, LPBYTE pbRecvBuffer, LPDWORD pcbRecvLength) { + CACKEY_DEBUG_PRINTF("Called"); + unsigned int bytesToRead; + + if (hCard != 99) { + return(SCARD_E_INVALID_HANDLE); + } + + if (inputDataLen <= 1) { + *pcbRecvLength = 0; + + return(SCARD_S_SUCCESS); + } + + bytesToRead = (inputData[0] << 8) | inputData[1]; + + inputData += 2; + inputDataLen -= 2; + + if (bytesToRead > inputDataLen) { + bytesToRead = inputDataLen; + } + + if (bytesToRead > *pcbRecvLength) { + return(SCARD_E_INSUFFICIENT_BUFFER); + } + + *pcbRecvLength = bytesToRead; + + memcpy(pbRecvBuffer, inputData, bytesToRead); + + inputData += bytesToRead; + inputDataLen -= bytesToRead; + + return(SCARD_S_SUCCESS); +} + +static void loadTestData(const char *fileName) { + ssize_t read_ret; + int fd; + + if (fileName == NULL) { + goto cleanup; + } + + fd = open(fileName, O_RDONLY); + if (fd < 0) { + goto cleanup; + } + + inputDataLen = 16384; + inputData = malloc(inputDataLen); + + read_ret = read(fd, inputData, inputDataLen); + if (read_ret < 0) { + goto cleanup; + } + + inputDataLen = read_ret; + inputData = realloc(inputData, inputDataLen); + + close(fd); + +cleanup: + + return; +} +#else #include "mypkcs11.h" + +static void loadTestData(const char *filename) { + return; +} +#endif static char *pkcs11_attribute_to_name(CK_ATTRIBUTE_TYPE attrib) { static char retbuf[1024]; switch (attrib) { @@ -340,11 +569,16 @@ while (fgets_ret == NULL) { printf("** ENTER PIN: "); fflush(stdout); +#ifdef CACKEY_TEST_AFL + memcpy(user_pin, "0000000", 8); + fgets_ret = (char *) user_pin; +#else fgets_ret = fgets((char *) user_pin, sizeof(user_pin), stdin); +#endif } if (strlen((char *) user_pin) >= 1) { while (user_pin[strlen((char *) user_pin) - 1] < ' ') { user_pin[strlen((char *) user_pin) - 1] = '\0'; @@ -622,10 +856,14 @@ int main(int argc, char **argv) { int retval = 0, ck_retval; printf("Testing libcackey...\n"); + + if (argc > 1) { + loadTestData(argv[1]); + } ck_retval = main_pkcs11(); if (ck_retval != 0) { retval = ck_retval; @@ -632,512 +870,6 @@ } printf("Testing libcackey... DONE. Status = %i\n", ck_retval); return(retval); - - /* UNREACHED: This is just to supress a warning about arguments to main we do not use. */ - argc = argc; - argv = argv; -} -#else /* CACKEY_TEST_AFL */ -#include -#include -#include - -static unsigned char *inputData; -static unsigned long inputDataLen; - -/* Include the CACKey source */ -#include "cackey.c" - -#undef CACKEY_DEBUG_PRINTF -#define CACKEY_DEBUG_PRINTF(x...) /**/ -#undef malloc -#undef realloc -#undef strdup - -/* Fake a smartcard */ -const SCARD_IO_REQUEST g_rgSCardT0Pci, g_rgSCardT1Pci; -static int scard_inTransaction = 0; -static LONG scard_protocol; - - -PCSC_API LONG SCardEstablishContext(DWORD dwScope, LPCVOID pvReserved1, LPCVOID pvReserved2, LPSCARDCONTEXT phContext) { - CACKEY_DEBUG_PRINTF("Called"); - - *phContext = 42; - - return(SCARD_S_SUCCESS); -} - -PCSC_API LONG SCardIsValidContext(SCARDCONTEXT hContext) { - CACKEY_DEBUG_PRINTF("Called"); - - if (hContext != 42) { - return(SCARD_E_INVALID_HANDLE); - } - - return(SCARD_S_SUCCESS); -} - -PCSC_API LONG SCardListReaders(SCARDCONTEXT hContext, LPCSTR mszGroups, LPSTR mszReaders, LPDWORD pcchReaders) { - static char *readers = "READER0"; - - CACKEY_DEBUG_PRINTF("Called"); - - if (hContext != 42) { - return(SCARD_E_INVALID_HANDLE); - } - - *pcchReaders = strlen(readers) + 1; - - if (mszReaders == NULL) { - return(SCARD_S_SUCCESS); - } - - memcpy(mszReaders, readers, *pcchReaders); - - return(SCARD_S_SUCCESS); -} - -PCSC_API LONG SCardBeginTransaction(SCARDHANDLE hCard) { - CACKEY_DEBUG_PRINTF("Called"); - - if (hCard != 99) { - return(SCARD_E_INVALID_HANDLE); - } - - if (scard_inTransaction) { - return(SCARD_E_SHARING_VIOLATION); - } - - scard_inTransaction = 1; - - return(SCARD_S_SUCCESS); -} -PCSC_API LONG SCardEndTransaction(SCARDHANDLE hCard, DWORD dwDisposition) { - CACKEY_DEBUG_PRINTF("Called"); - - if (hCard != 99) { - return(SCARD_E_INVALID_HANDLE); - } - - scard_inTransaction = 0; - - return(SCARD_S_SUCCESS); -} - -PCSC_API LONG SCardStatus(SCARDHANDLE hCard, LPSTR mszReaderName, LPDWORD pcchReaderLen, LPDWORD pdwState, LPDWORD pdwProtocol, LPBYTE pbAtr, LPDWORD pcbAtrLen) { - LONG scardlistreaders_ret; - - CACKEY_DEBUG_PRINTF("Called"); - - if (hCard != 99) { - return(SCARD_E_INVALID_HANDLE); - } - - *pdwState = 0; - scardlistreaders_ret = SCardListReaders(42, NULL, mszReaderName, pcchReaderLen); - if (scardlistreaders_ret != SCARD_S_SUCCESS) { - return(scardlistreaders_ret); - } - - *pdwProtocol = scard_protocol; - - return(SCARD_S_SUCCESS); -} - -PCSC_API LONG SCardConnect(SCARDCONTEXT hContext, LPCSTR szReader, DWORD dwShareMode, DWORD dwPreferredProtocols, LPSCARDHANDLE phCard, LPDWORD pdwActiveProtocol) { - CACKEY_DEBUG_PRINTF("Called"); - - if (hContext != 42) { - return(SCARD_E_INVALID_HANDLE); - } - - if ((dwPreferredProtocols & SCARD_PROTOCOL_T0) == SCARD_PROTOCOL_T0) { - *pdwActiveProtocol = SCARD_PROTOCOL_T0; - } else { - *pdwActiveProtocol = SCARD_PROTOCOL_T1; - } - - scard_protocol = *pdwActiveProtocol; - - *phCard = 99; - - return(SCARD_S_SUCCESS); -} - -PCSC_API LONG SCardDisconnect(SCARDHANDLE hCard, DWORD dwDisposition) { - CACKEY_DEBUG_PRINTF("Called"); - - if (hCard != 99) { - return(SCARD_E_INVALID_HANDLE); - } - - return(SCARD_S_SUCCESS); -} - -PCSC_API LONG SCardReconnect(SCARDHANDLE hCard, DWORD dwShareMode, DWORD dwPreferredProtocols, DWORD dwInitialization, LPDWORD pdwActiveProtocol) { - CACKEY_DEBUG_PRINTF("Called"); - - if (hCard != 99) { - return(SCARD_E_INVALID_HANDLE); - } - - return(SCardConnect(42, NULL, dwShareMode, dwPreferredProtocols, NULL, pdwActiveProtocol)); -} - -PCSC_API LONG SCardReleaseContext(SCARDCONTEXT hContext) { - CACKEY_DEBUG_PRINTF("Called"); - - if (hContext != 42) { - return(SCARD_E_INVALID_HANDLE); - } - - return(SCARD_S_SUCCESS); -} - -PCSC_API LONG SCardTransmit(SCARDHANDLE hCard, const SCARD_IO_REQUEST *pioSendPci, LPCBYTE pbSendBuffer, DWORD cbSendLength, SCARD_IO_REQUEST *pioRecvPci, LPBYTE pbRecvBuffer, LPDWORD pcbRecvLength) { - CACKEY_DEBUG_PRINTF("Called"); - unsigned int bytesToRead; - - if (hCard != 99) { - return(SCARD_E_INVALID_HANDLE); - } - - if (inputDataLen <= 1) { - *pcbRecvLength = 0; - - return(SCARD_S_SUCCESS); - } - - bytesToRead = (inputData[0] << 8) | inputData[1]; - - inputData += 2; - inputDataLen -= 2; - - if (bytesToRead > inputDataLen) { - bytesToRead = inputDataLen; - } - - if (bytesToRead > *pcbRecvLength) { - return(SCARD_E_INSUFFICIENT_BUFFER); - } - - *pcbRecvLength = bytesToRead; - - memcpy(pbRecvBuffer, inputData, bytesToRead); - - inputData += bytesToRead; - inputDataLen -= bytesToRead; - - return(SCARD_S_SUCCESS); -} - -/* American Fuzzy Lop testing program */ -int main(int argc, char **argv) { - CK_FUNCTION_LIST_PTR pFunctionList; - CK_RV (*C_CloseSession)(CK_SESSION_HANDLE hSession) = NULL; - CK_RV (*C_Finalize)(CK_VOID_PTR pReserved) = NULL; - CK_RV (*C_FindObjects)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount, CK_ULONG_PTR pulObjectCount) = NULL; - CK_RV (*C_FindObjectsFinal)(CK_SESSION_HANDLE hSession) = NULL; - CK_RV (*C_FindObjectsInit)(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) = NULL; - CK_RV (*C_GetAttributeValue)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) = NULL; - CK_RV (*C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) = NULL; - CK_RV (*C_GetTokenInfo)(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) = NULL; - CK_RV (*C_Initialize)(CK_VOID_PTR pInitArgs) = NULL; - CK_RV (*C_Login)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen) = NULL; - CK_RV (*C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY notify, CK_SESSION_HANDLE_PTR phSession) = NULL; - CK_RV (*C_Sign)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) = NULL; - CK_RV (*C_SignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) = NULL; - CK_C_INITIALIZE_ARGS initargs; - CK_ULONG numSlots; - CK_SLOT_ID_PTR slots = NULL; - CK_TOKEN_INFO tokenInfo; - CK_SESSION_HANDLE hSession; - CK_OBJECT_HANDLE hObject, *privateKeyObjects_root = NULL, *privateKeyObjects, *currPrivKey; - CK_ULONG ulObjectCount; - CK_ATTRIBUTE template[] = { - {CKA_CLASS, NULL, 0}, - {CKA_TOKEN, NULL, 0}, - {CKA_LABEL, NULL, 0}, - {CKA_PRIVATE, NULL, 0}, - {CKA_ID, NULL, 0}, - {CKA_SERIAL_NUMBER, NULL, 0}, - {CKA_SUBJECT, NULL, 0}, - {CKA_ISSUER, NULL, 0}, - {CKA_CERTIFICATE_TYPE, NULL, 0}, - {CKA_KEY_TYPE, NULL, 0}, - {CKA_SIGN, NULL, 0}, - {CKA_VALUE, NULL, 0}, - {CKA_CERT_MD5_HASH, NULL, 0}, - {CKA_CERT_SHA1_HASH, NULL, 0}, - {CKA_TRUSTED, NULL, 0}, - {CKA_TRUST_CLIENT_AUTH, NULL, 0}, - {CKA_TRUST_CODE_SIGNING, NULL, 0}, - {CKA_TRUST_CRL_SIGN, NULL, 0}, - {CKA_TRUST_DATA_ENCIPHERMENT, NULL, 0}, - {CKA_TRUST_DIGITAL_SIGNATURE, NULL, 0}, - {CKA_TRUST_EMAIL_PROTECTION, NULL, 0}, - {CKA_TRUST_KEY_AGREEMENT, NULL, 0}, - {CKA_TRUST_KEY_CERT_SIGN, NULL, 0}, - {CKA_TRUST_KEY_ENCIPHERMENT, NULL, 0}, - {CKA_TRUST_NON_REPUDIATION, NULL, 0}, - {CKA_TRUST_SERVER_AUTH, NULL, 0} - }, *curr_attr; - CK_ULONG curr_attr_idx; - CK_ULONG byte_idx; - CK_OBJECT_CLASS objectClass; - CK_BYTE signature[1024]; - CK_ULONG signature_len; - CK_MECHANISM mechanism = {CKM_RSA_PKCS, NULL, 0}; - CK_RV chk_rv; - ssize_t read_ret; - char *fileName = NULL; - int fd; - int i; - int initialized = 0; - int retval = 1; - - fileName = argv[1]; - if (fileName == NULL) { - goto cleanup; - } - - fd = open(fileName, O_RDONLY); - if (fd < 0) { - goto cleanup; - } - - inputDataLen = 16384; - inputData = malloc(inputDataLen); - - read_ret = read(fd, inputData, inputDataLen); - if (read_ret < 0) { - goto cleanup; - } - - inputDataLen = read_ret; - inputData = realloc(inputData, inputDataLen); - - close(fd); - - chk_rv = C_GetFunctionList(&pFunctionList); - if (chk_rv != CKR_OK) { - printf("C_GetFunctionList() failed."); - - goto cleanup; - } - - C_CloseSession = pFunctionList->C_CloseSession; - C_Finalize = pFunctionList->C_Finalize; - C_FindObjects = pFunctionList->C_FindObjects; - C_FindObjectsFinal = pFunctionList->C_FindObjectsFinal; - C_FindObjectsInit = pFunctionList->C_FindObjectsInit; - C_GetAttributeValue = pFunctionList->C_GetAttributeValue; - C_GetSlotList = pFunctionList->C_GetSlotList; - C_GetTokenInfo = pFunctionList->C_GetTokenInfo; - C_Initialize = pFunctionList->C_Initialize; - C_Login = pFunctionList->C_Login; - C_OpenSession = pFunctionList->C_OpenSession; - C_Sign = pFunctionList->C_Sign; - C_SignInit = pFunctionList->C_SignInit; - - privateKeyObjects = malloc(sizeof(*privateKeyObjects) * 1024); - privateKeyObjects_root = privateKeyObjects; - for (i = 0; i < 1024; i++) { - privateKeyObjects[i] = CK_INVALID_HANDLE; - } - - initargs.CreateMutex = NULL; - initargs.DestroyMutex = NULL; - initargs.LockMutex = NULL; - initargs.UnlockMutex = NULL; - initargs.flags = CKF_OS_LOCKING_OK; - initargs.pReserved = NULL; - - chk_rv = C_Initialize(&initargs); - if (chk_rv != CKR_OK) { - initargs.CreateMutex = NULL; - initargs.DestroyMutex = NULL; - initargs.LockMutex = NULL; - initargs.UnlockMutex = NULL; - initargs.flags = 0; - initargs.pReserved = NULL; - - chk_rv = C_Initialize(&initargs); - if (chk_rv != CKR_OK) { - printf("C_Initialize() failed."); - - goto cleanup; - } - } - - initialized = 1; - - chk_rv = C_GetSlotList(FALSE, NULL, &numSlots); - if (chk_rv != CKR_OK) { - goto cleanup; - } - - if (numSlots == 0) { - goto cleanup; - } - - slots = malloc(sizeof(*slots) * numSlots); - - if (slots == NULL) { - goto cleanup; - } - - chk_rv = C_GetSlotList(FALSE, slots, &numSlots); - if (chk_rv != CKR_OK) { - goto cleanup; - } - - chk_rv = C_OpenSession(slots[0], CKF_SERIAL_SESSION, NULL, NULL, &hSession); - if (chk_rv != CKR_OK) { - goto cleanup; - } - - chk_rv = C_GetTokenInfo(slots[0], &tokenInfo); - if (chk_rv != CKR_OK) { - goto cleanup; - } - - if ((tokenInfo.flags & CKF_LOGIN_REQUIRED) == CKF_LOGIN_REQUIRED && (tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) == 0) { - printf("Unable to login to card.\n"); - - goto cleanup; - } - - chk_rv = C_Login(hSession, CKU_USER, NULL, 0); - if (chk_rv != CKR_OK) { - printf("Login to device failed.\n"); - - goto cleanup; - } - - chk_rv = C_FindObjectsInit(hSession, NULL, 0); - if (chk_rv != CKR_OK) { - goto cleanup; - } - - while (1) { - chk_rv = C_FindObjects(hSession, &hObject, 1, &ulObjectCount); - if (chk_rv != CKR_OK) { - printf("FindObjects() failed.\n"); - break; - } - - if (ulObjectCount == 0) { - break; - } - - if (ulObjectCount != 1) { - printf("FindObjects() returned a weird number of objects. Asked for 1, got %lu.\n", ulObjectCount); - break; - } - - for (curr_attr_idx = 0; curr_attr_idx < (sizeof(template) / sizeof(template[0])); curr_attr_idx++) { - curr_attr = &template[curr_attr_idx]; - if (curr_attr->pValue) { - free(curr_attr->pValue); - } - - curr_attr->pValue = NULL; - } - - chk_rv = C_GetAttributeValue(hSession, hObject, &template[0], sizeof(template) / sizeof(template[0])); - if (chk_rv == CKR_ATTRIBUTE_TYPE_INVALID || chk_rv == CKR_ATTRIBUTE_SENSITIVE || chk_rv == CKR_BUFFER_TOO_SMALL) { - chk_rv = CKR_OK; - } - - if (chk_rv != CKR_OK) { - continue; - } - - for (curr_attr_idx = 0; curr_attr_idx < (sizeof(template) / sizeof(template[0])); curr_attr_idx++) { - curr_attr = &template[curr_attr_idx]; - - if (((CK_LONG) curr_attr->ulValueLen) != ((CK_LONG) -1)) { - curr_attr->pValue = malloc(curr_attr->ulValueLen); - } - } - - chk_rv = C_GetAttributeValue(hSession, hObject, &template[0], sizeof(template) / sizeof(template[0])); - if (chk_rv == CKR_OK || chk_rv == CKR_ATTRIBUTE_SENSITIVE || chk_rv == CKR_ATTRIBUTE_TYPE_INVALID || chk_rv == CKR_BUFFER_TOO_SMALL) { - for (curr_attr_idx = 0; curr_attr_idx < (sizeof(template) / sizeof(template[0])); curr_attr_idx++) { - curr_attr = &template[curr_attr_idx]; - - if (curr_attr->pValue) { - switch (curr_attr->type) { - case CKA_CLASS: - objectClass = *((CK_OBJECT_CLASS *) curr_attr->pValue); - - if (objectClass == CKO_PRIVATE_KEY) { - *privateKeyObjects = hObject; - privateKeyObjects++; - } - } - } else { - free(curr_attr->pValue); - curr_attr->pValue = NULL; - } - } - } else { - printf("GetAttributeValue(hObject=%lu)/1 failed (rv = %lu).\n", (unsigned long) hObject, (unsigned long) chk_rv); - } - - } - - chk_rv = C_FindObjectsFinal(hSession); - if (chk_rv != CKR_OK) { - printf("FindObjectsFinal() failed.\n"); - } - - for (currPrivKey = privateKeyObjects_root; *currPrivKey != CK_INVALID_HANDLE; currPrivKey++) { - chk_rv = C_SignInit(hSession, &mechanism, *currPrivKey); - if (chk_rv == CKR_OK) { - signature_len = sizeof(signature); - - chk_rv = C_Sign(hSession, (CK_BYTE_PTR) "Test", 4, (CK_BYTE_PTR) &signature, &signature_len); - if (chk_rv == CKR_OK) { - printf("[%04lu/%02lx] Signature: ", (unsigned long) *currPrivKey, (unsigned long) mechanism.mechanism); - - for (byte_idx = 0; byte_idx < signature_len; byte_idx++) { - printf("%02x ", (unsigned int) signature[byte_idx]); - } - - printf("\n"); - } else { - printf("Sign() failed.\n"); - } - } else { - printf("SignInit() failed.\n"); - } - } - - chk_rv = C_CloseSession(hSession); - if (chk_rv != CKR_OK) { - printf("CloseSession failed.\n"); - } - - retval = 0; - -cleanup: - if (initialized) { - C_Finalize(NULL); - } - - if (slots) { - free(slots); - } - - if (privateKeyObjects_root) { - free(privateKeyObjects_root); - } - - return(retval); -} -#endif +}