Lines 203-208
SlotList::readerExists(const char *reade
Link Here
|
203 |
return FALSE; |
203 |
return FALSE; |
204 |
} |
204 |
} |
205 |
|
205 |
|
|
|
206 |
bool |
207 |
SlotList::readerNameExistsInList(const char *readerName,CKYReaderNameList *readerNameList) |
208 |
{ |
209 |
if( !readerName || !readerNameList) { |
210 |
return FALSE; |
211 |
} |
212 |
|
213 |
int i = 0; |
214 |
int readerNameCnt = CKYReaderNameList_GetCount(*readerNameList); |
215 |
|
216 |
const char *curReaderName = NULL; |
217 |
for(i=0; i < readerNameCnt; i++) { |
218 |
curReaderName = CKYReaderNameList_GetValue(*readerNameList,i); |
219 |
|
220 |
if(!strcmp(curReaderName,readerName)) { |
221 |
return TRUE; |
222 |
} |
223 |
|
224 |
} |
225 |
|
226 |
return FALSE; |
227 |
} |
228 |
|
206 |
/* |
229 |
/* |
207 |
* you need to hold the ReaderList Lock before you can update the ReaderList |
230 |
* you need to hold the ReaderList Lock before you can update the ReaderList |
208 |
*/ |
231 |
*/ |
Lines 256-261
SlotList::updateReaderList()
Link Here
|
256 |
* don't recognize. |
279 |
* don't recognize. |
257 |
*/ |
280 |
*/ |
258 |
|
281 |
|
|
|
282 |
/* first though, let's check to see if any previously removed readers have |
283 |
* come back from the dead. If the ignored bit has been set, we do not need |
284 |
* it any more. |
285 |
*/ |
286 |
|
287 |
const char *curReaderName = NULL; |
288 |
unsigned long knownState = 0; |
289 |
for(int ri = 0 ; ri < numReaders; ri ++) { |
290 |
|
291 |
knownState = CKYReader_GetKnownState(&readerStates[ri]); |
292 |
if( !(knownState & SCARD_STATE_IGNORE)) { |
293 |
continue; |
294 |
} |
295 |
|
296 |
curReaderName = CKYReader_GetReaderName(&readerStates[ri]); |
297 |
if(readerNameExistsInList(curReaderName,&readerNames)) { |
298 |
CKYReader_SetKnownState(&readerStates[ri], knownState & ~SCARD_STATE_IGNORE); |
299 |
|
300 |
} |
301 |
} |
302 |
|
259 |
const char *newReadersData[MAX_READER_DELTA]; |
303 |
const char *newReadersData[MAX_READER_DELTA]; |
260 |
const char **newReaders = &newReadersData[0]; |
304 |
const char **newReaders = &newReadersData[0]; |
261 |
unsigned int newReaderCount = 0; |
305 |
unsigned int newReaderCount = 0; |
Lines 528-534
SlotList::getSlotList(CK_BBOOL tokenPres
Link Here
|
528 |
void |
572 |
void |
529 |
Slot::connectToToken() |
573 |
Slot::connectToToken() |
530 |
{ |
574 |
{ |
531 |
CKYStatus status; |
575 |
CKYStatus status = CKYSCARDERR; |
532 |
OSTime time = OSTimeNow(); |
576 |
OSTime time = OSTimeNow(); |
533 |
|
577 |
|
534 |
mCoolkey = 0; |
578 |
mCoolkey = 0; |
Lines 537-549
Slot::connectToToken()
Link Here
|
537 |
|
581 |
|
538 |
// try to connect to the card |
582 |
// try to connect to the card |
539 |
if( ! CKYCardConnection_IsConnected(conn) ) { |
583 |
if( ! CKYCardConnection_IsConnected(conn) ) { |
540 |
status = CKYCardConnection_Connect(conn, readerName); |
584 |
int i = 0; |
541 |
if( status != CKYSUCCESS ) { |
585 |
//for cranky readers try again a few more times |
542 |
log->log("Unable to connect to token\n"); |
586 |
while( i++ < 5 && status != CKYSUCCESS ) |
|
|
587 |
{ |
588 |
status = CKYCardConnection_Connect(conn, readerName); |
589 |
if( status != CKYSUCCESS && |
590 |
CKYCardConnection_GetLastError(conn) == SCARD_E_PROTO_MISMATCH ) |
591 |
{ |
592 |
log->log("Unable to connect to token status %d ConnGetGetLastError %x .\n",status,CKYCardConnection_GetLastError(conn)); |
593 |
|
594 |
} |
595 |
else |
596 |
{ |
597 |
break; |
598 |
} |
599 |
OSSleep(100000); |
600 |
} |
601 |
|
602 |
if( status != CKYSUCCESS) |
603 |
{ |
543 |
state = UNKNOWN; |
604 |
state = UNKNOWN; |
544 |
return; |
605 |
return; |
545 |
} |
606 |
} |
546 |
} |
607 |
} |
|
|
608 |
|
547 |
log->log("time connect: Connect Time %d ms\n", OSTimeNow() - time); |
609 |
log->log("time connect: Connect Time %d ms\n", OSTimeNow() - time); |
548 |
if (!slotInfoFound) { |
610 |
if (!slotInfoFound) { |
549 |
readSlotInfo(); |
611 |
readSlotInfo(); |
Lines 562-576
Slot::connectToToken()
Link Here
|
562 |
state = CARD_PRESENT; |
624 |
state = CARD_PRESENT; |
563 |
} |
625 |
} |
564 |
|
626 |
|
565 |
if ( CKYBuffer_DataIsEqual(&cardATR, ATR, sizeof (ATR)) || |
627 |
if (Params::hasParam("noAppletOK")) |
566 |
CKYBuffer_DataIsEqual(&cardATR, ATR1, sizeof(ATR1)) || |
628 |
{ |
567 |
CKYBuffer_DataIsEqual(&cardATR, ATR2, sizeof(ATR2)) ) { |
629 |
state |= APPLET_SELECTABLE; |
568 |
|
630 |
mCoolkey = 1; |
569 |
if (Params::hasParam("noAppletOK")) |
|
|
570 |
{ |
571 |
state |= APPLET_SELECTABLE; |
572 |
mCoolkey = 1; |
573 |
} |
574 |
} |
631 |
} |
575 |
|
632 |
|
576 |
/* support CAC card. identify the card based on applets, not the ATRS */ |
633 |
/* support CAC card. identify the card based on applets, not the ATRS */ |
Lines 631-637
Slot::connectToToken()
Link Here
|
631 |
* unfriendly */ |
688 |
* unfriendly */ |
632 |
isVersion1Key = 0; |
689 |
isVersion1Key = 0; |
633 |
needLogin = 1; |
690 |
needLogin = 1; |
634 |
|
691 |
mCoolkey = 0; |
635 |
return; |
692 |
return; |
636 |
} |
693 |
} |
637 |
mCoolkey = 1; |
694 |
mCoolkey = 1; |
Lines 1077-1082
SlotList::waitForSlotEvent(CK_FLAGS flag
Link Here
|
1077 |
} |
1134 |
} |
1078 |
throw; |
1135 |
throw; |
1079 |
} |
1136 |
} |
|
|
1137 |
|
1080 |
if (myNumReaders != numReaders) { |
1138 |
if (myNumReaders != numReaders) { |
1081 |
if (myReaderStates) { |
1139 |
if (myReaderStates) { |
1082 |
delete [] myReaderStates; |
1140 |
delete [] myReaderStates; |
Lines 1103-1108
SlotList::waitForSlotEvent(CK_FLAGS flag
Link Here
|
1103 |
} |
1161 |
} |
1104 |
} |
1162 |
} |
1105 |
} |
1163 |
} |
|
|
1164 |
|
1106 |
if (found || (flag == CKF_DONT_BLOCK) || shuttingDown) { |
1165 |
if (found || (flag == CKF_DONT_BLOCK) || shuttingDown) { |
1107 |
break; |
1166 |
break; |
1108 |
} |
1167 |
} |
Lines 1272-1277
class ObjectHandleMatch {
Link Here
|
1272 |
} |
1331 |
} |
1273 |
}; |
1332 |
}; |
1274 |
|
1333 |
|
|
|
1334 |
class KeyNumMatch { |
1335 |
private: |
1336 |
CKYByte keyNum; |
1337 |
const Slot &slot; |
1338 |
public: |
1339 |
KeyNumMatch(CKYByte keyNum_, const Slot &s) : keyNum(keyNum_), slot(s) { } |
1340 |
bool operator() (const PKCS11Object& obj) { |
1341 |
unsigned long objID = obj.getMuscleObjID(); |
1342 |
return (slot.getObjectClass(objID) == 'k') |
1343 |
&& (slot.getObjectIndex(objID) == keyNum); |
1344 |
} |
1345 |
}; |
1346 |
|
1275 |
class ObjectCertCKAIDMatch { |
1347 |
class ObjectCertCKAIDMatch { |
1276 |
private: |
1348 |
private: |
1277 |
CKYByte cka_id; |
1349 |
CKYByte cka_id; |
Lines 3007-3014
Slot::sign(SessionHandleSuffix suffix, C
Link Here
|
3007 |
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, |
3079 |
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, |
3008 |
CK_ULONG_PTR pulSignatureLen) |
3080 |
CK_ULONG_PTR pulSignatureLen) |
3009 |
{ |
3081 |
{ |
|
|
3082 |
RSASignatureParams params(CryptParams::DEFAULT_KEY_SIZE); |
3010 |
cryptRSA(suffix, pData, ulDataLen, pSignature, pulSignatureLen, |
3083 |
cryptRSA(suffix, pData, ulDataLen, pSignature, pulSignatureLen, |
3011 |
RSASignatureParams(CryptParams::FIXED_KEY_SIZE)); |
3084 |
params); |
3012 |
} |
3085 |
} |
3013 |
|
3086 |
|
3014 |
void |
3087 |
void |
Lines 3016-3029
Slot::decrypt(SessionHandleSuffix suffix
Link Here
|
3016 |
CK_ULONG ulDataLen, CK_BYTE_PTR pDecryptedData, |
3089 |
CK_ULONG ulDataLen, CK_BYTE_PTR pDecryptedData, |
3017 |
CK_ULONG_PTR pulDecryptedDataLen) |
3090 |
CK_ULONG_PTR pulDecryptedDataLen) |
3018 |
{ |
3091 |
{ |
|
|
3092 |
RSADecryptParams params(CryptParams::DEFAULT_KEY_SIZE); |
3019 |
cryptRSA(suffix, pData, ulDataLen, pDecryptedData, pulDecryptedDataLen, |
3093 |
cryptRSA(suffix, pData, ulDataLen, pDecryptedData, pulDecryptedDataLen, |
3020 |
RSADecryptParams(CryptParams::FIXED_KEY_SIZE)); |
3094 |
params); |
3021 |
} |
3095 |
} |
3022 |
|
3096 |
|
3023 |
void |
3097 |
void |
3024 |
Slot::cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput, |
3098 |
Slot::cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput, |
3025 |
CK_ULONG ulInputLen, CK_BYTE_PTR pOutput, |
3099 |
CK_ULONG ulInputLen, CK_BYTE_PTR pOutput, |
3026 |
CK_ULONG_PTR pulOutputLen, const CryptParams& params) |
3100 |
CK_ULONG_PTR pulOutputLen, CryptParams& params) |
3027 |
{ |
3101 |
{ |
3028 |
refreshTokenState(); |
3102 |
refreshTokenState(); |
3029 |
SessionIter session = findSession(suffix); |
3103 |
SessionIter session = findSession(suffix); |
Lines 3041-3046
Slot::cryptRSA(SessionHandleSuffix suffi
Link Here
|
3041 |
CKYBuffer *result = &opState.result; |
3115 |
CKYBuffer *result = &opState.result; |
3042 |
CKYByte keyNum = opState.keyNum; |
3116 |
CKYByte keyNum = opState.keyNum; |
3043 |
|
3117 |
|
|
|
3118 |
unsigned int keySize = getKeySize(keyNum); |
3119 |
|
3120 |
if(keySize != CryptParams::DEFAULT_KEY_SIZE) |
3121 |
params.setKeySize(keySize); |
3122 |
|
3044 |
if( CKYBuffer_Size(result) == 0 ) { |
3123 |
if( CKYBuffer_Size(result) == 0 ) { |
3045 |
// we haven't already peformed the decryption, so do it now. |
3124 |
// we haven't already peformed the decryption, so do it now. |
3046 |
if( pInput == NULL || ulInputLen == 0) { |
3125 |
if( pInput == NULL || ulInputLen == 0) { |
Lines 3243-3245
Slot::generateRandom(SessionHandleSuffix
Link Here
|
3243 |
throw PKCS11Exception(CKR_DEVICE_ERROR); |
3322 |
throw PKCS11Exception(CKR_DEVICE_ERROR); |
3244 |
} |
3323 |
} |
3245 |
} |
3324 |
} |
|
|
3325 |
|
3326 |
#define MAX_NUM_KEYS 8 |
3327 |
unsigned int |
3328 |
Slot::getKeySize(CKYByte keyNum) |
3329 |
{ |
3330 |
unsigned int keySize = CryptParams::DEFAULT_KEY_SIZE; |
3331 |
int modSize = 0; |
3332 |
|
3333 |
if(keyNum >= MAX_NUM_KEYS) { |
3334 |
return keySize; |
3335 |
} |
3336 |
|
3337 |
ObjectConstIter iter; |
3338 |
iter = find_if(tokenObjects.begin(), tokenObjects.end(), |
3339 |
KeyNumMatch(keyNum,*this)); |
3340 |
|
3341 |
if( iter == tokenObjects.end() ) { |
3342 |
return keySize; |
3343 |
} |
3344 |
|
3345 |
CKYBuffer const *modulus = iter->getAttribute(CKA_MODULUS); |
3346 |
|
3347 |
if(modulus) { |
3348 |
modSize = CKYBuffer_Size(modulus); |
3349 |
if(CKYBuffer_GetChar(modulus,0) == 0x0) { |
3350 |
modSize--; |
3351 |
} |
3352 |
if(modSize > 0) |
3353 |
keySize = modSize * 8; |
3354 |
} |
3355 |
|
3356 |
return keySize; |
3357 |
} |