Attachment #217845 for bug #302769




    return FALSE;
}

bool
SlotList::readerNameExistsInList(const char *readerName,CKYReaderNameList *readerNameList)
{
    if( !readerName || !readerNameList) {
        return FALSE;
    }

    int i = 0;
    int readerNameCnt = CKYReaderNameList_GetCount(*readerNameList);

    const char *curReaderName = NULL;
    for(i=0; i < readerNameCnt; i++) {
        curReaderName = CKYReaderNameList_GetValue(*readerNameList,i);

        if(!strcmp(curReaderName,readerName)) {
            return TRUE;
        }
        
    }
    
    return FALSE;
}

/*
 * you need to hold the ReaderList Lock before you can update the ReaderList
 */

     * don't recognize.
     */

    /* first though, let's check to see if any previously removed readers have 
     * come back from the dead. If the ignored bit has been set, we do not need
     * it any more.
    */

    const char *curReaderName = NULL;
    unsigned long knownState = 0;
    for(int ri = 0 ; ri < numReaders; ri ++)  {
       
        knownState = CKYReader_GetKnownState(&readerStates[ri]);
        if( !(knownState & SCARD_STATE_IGNORE))  {
            continue;
        }
 
        curReaderName =  CKYReader_GetReaderName(&readerStates[ri]); 
        if(readerNameExistsInList(curReaderName,&readerNames)) {
            CKYReader_SetKnownState(&readerStates[ri], knownState & ~SCARD_STATE_IGNORE); 
                 
        }
    } 

    const char *newReadersData[MAX_READER_DELTA];
    const char **newReaders = &newReadersData[0];
    unsigned int newReaderCount = 0;

void
Slot::connectToToken()
{
    CKYStatus status = CKYSCARDERR;
    OSTime time = OSTimeNow();

    mCoolkey = 0;


    // try to connect to the card
    if( ! CKYCardConnection_IsConnected(conn) ) {
        int i = 0;
    //for cranky readers try again a few more times
        while( i++ < 5 && status != CKYSUCCESS )
        {
            status = CKYCardConnection_Connect(conn, readerName);
            if( status != CKYSUCCESS && 
                CKYCardConnection_GetLastError(conn) == SCARD_E_PROTO_MISMATCH ) 
            {
                log->log("Unable to connect to token status %d ConnGetGetLastError %x .\n",status,CKYCardConnection_GetLastError(conn));

            }
            else
            {
                break;
            }
            OSSleep(100000);
        }

        if( status != CKYSUCCESS)
        {
            state = UNKNOWN;
            return;
        }
    }

    log->log("time connect: Connect Time %d ms\n", OSTimeNow() - time);
    if (!slotInfoFound) {
	readSlotInfo();

        state = CARD_PRESENT;
    }

    if (Params::hasParam("noAppletOK"))
    {      
        state |=  APPLET_SELECTABLE;
	mCoolkey = 1;
        if (Params::hasParam("noAppletOK"))
        {      
            state |=  APPLET_SELECTABLE;
	    mCoolkey = 1;
        }
    }

    /* support CAC card. identify the card based on applets, not the ATRS */

         * unfriendly */
	isVersion1Key = 0;
	needLogin = 1;
        mCoolkey = 0;
	return;
    }
    mCoolkey = 1;

	    }
	    throw;
	}

	if (myNumReaders != numReaders) {
	    if (myReaderStates) {
		delete [] myReaderStates;

		}
	    }
	}

        if (found || (flag == CKF_DONT_BLOCK) || shuttingDown) {
            break;
        }

    }
};

class KeyNumMatch {
  private:
    CKYByte keyNum;
    const Slot &slot;
  public:
    KeyNumMatch(CKYByte keyNum_, const Slot &s) : keyNum(keyNum_), slot(s) { }
    bool operator() (const PKCS11Object& obj) {
        unsigned long objID = obj.getMuscleObjID();
        return (slot.getObjectClass(objID) == 'k')
               && (slot.getObjectIndex(objID) == keyNum);
    }
};

class ObjectCertCKAIDMatch {
  private:
    CKYByte cka_id;

        CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
        CK_ULONG_PTR pulSignatureLen)
{
    RSASignatureParams params(CryptParams::DEFAULT_KEY_SIZE);
    cryptRSA(suffix, pData, ulDataLen, pSignature, pulSignatureLen,
        params);
}

void

        CK_ULONG ulDataLen, CK_BYTE_PTR pDecryptedData,
        CK_ULONG_PTR pulDecryptedDataLen)
{
    RSADecryptParams params(CryptParams::DEFAULT_KEY_SIZE);
    cryptRSA(suffix, pData, ulDataLen, pDecryptedData, pulDecryptedDataLen,
        params);
}

void
Slot::cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,
        CK_ULONG ulInputLen, CK_BYTE_PTR pOutput,
        CK_ULONG_PTR pulOutputLen, CryptParams& params)
{
    refreshTokenState();
    SessionIter session = findSession(suffix);

    CKYBuffer *result = &opState.result;
    CKYByte keyNum = opState.keyNum;

    unsigned int keySize = getKeySize(keyNum);

    if(keySize != CryptParams::DEFAULT_KEY_SIZE)
        params.setKeySize(keySize);

    if( CKYBuffer_Size(result) == 0 ) {
        // we haven't already peformed the decryption, so do it now.
        if( pInput == NULL || ulInputLen == 0) {

	throw PKCS11Exception(CKR_DEVICE_ERROR);
    }
}

#define MAX_NUM_KEYS 8
unsigned int
Slot::getKeySize(CKYByte keyNum)
{
    unsigned int keySize = CryptParams::DEFAULT_KEY_SIZE;
    int modSize = 0;

    if(keyNum >= MAX_NUM_KEYS) {
        return keySize;
    }

    ObjectConstIter iter;
    iter = find_if(tokenObjects.begin(), tokenObjects.end(),
        KeyNumMatch(keyNum,*this));

    if( iter == tokenObjects.end() ) {
        return keySize;
    }

    CKYBuffer const *modulus = iter->getAttribute(CKA_MODULUS);

    if(modulus) {
        modSize = CKYBuffer_Size(modulus);
        if(CKYBuffer_GetChar(modulus,0) == 0x0) {
            modSize--;
        }
        if(modSize > 0)
            keySize = modSize * 8;
    }

    return keySize;
}




  protected:
    unsigned int getKeySize() const { return keySize; }
  public:
    // set the actual key size obtained from the card
    void setKeySize(unsigned int newKeySize) { keySize = newKeySize; }
    enum { DEFAULT_KEY_SIZE = 1024 };
    enum { FIXED_KEY_SIZE = 1024 };


    CryptParams(unsigned int keySize_) : keySize(keySize_) { }


    void cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,
        CK_ULONG ulInputLen, CK_BYTE_PTR pOutput,
        CK_ULONG_PTR pulOutputLen, CryptParams& params);

    void performRSAOp(CKYBuffer *out, const CKYBuffer *input, CKYByte keyNum, 
							     CKYByte direction);

        return (char )((objectID >> 16) & 0xff) - '0';
    }

    // actually get the size of a key in bits from the card
    unsigned int getKeySize(CKYByte keyNum);

    SessionHandleSuffix openSession(Session::Type type);
    void closeSession(SessionHandleSuffix handleSuffix);

     * has called 'C_GetSlotList' with a NULL parameter */
    void updateReaderList();

     /* see if a reader name exists in a caller provided reader name list. */
    bool readerNameExistsInList(const char *readerName,CKYReaderNameList *readerNameList );
    bool readerExists(const char *readerName, unsigned int *hint = 0);
  public:
    SlotList(Log *log);

Lines 134-139 CKYAppletFactory_Logout(CKYAPDU *apdu, c Link Here

(-)./src/libckyapplet/cky_applet.c.coolkey-latest (-6 / +99 lines)
134	/* Future add WriteObject */	134	/* Future add WriteObject */
135		135
136	CKYStatus	136	CKYStatus
		137	CKYAppletFactory_WriteObject(CKYAPDU apdu, const void param)
		138	{
		139	const CKYAppletArgWriteObject wos = (const CKYAppletArgWriteObject )param;
		140	return CKYAPDUFactory_WriteObject(apdu,wos->objectID,wos->offset,wos->size,wos->data);
		141	}
		142
		143	CKYStatus
137	CKYAppletFactory_CreateObject(CKYAPDU apdu, const void param)	144	CKYAppletFactory_CreateObject(CKYAPDU apdu, const void param)
138	{	145	{
139	const CKYAppletArgCreateObject cos=(const CKYAppletArgCreateObject )param;	146	const CKYAppletArgCreateObject cos=(const CKYAppletArgCreateObject )param;
Lines 192-198 CKYAppletFactory_GetLifeCycleV2(CKYAPDU Link Here
192	{	199	{
193	return CKYAPDUFactory_GetLifeCycleV2(apdu);	200	return CKYAPDUFactory_GetLifeCycleV2(apdu);
194	}	201	}
195
196	CKYStatus	202	CKYStatus
197	CKYAppletFactory_GetRandom(CKYAPDU apdu, const void param)	203	CKYAppletFactory_GetRandom(CKYAPDU apdu, const void param)
198	{	204	{
Lines 725-748 CKYApplet_ComputeCrypt(CKYCardConnection Link Here
725	CKYAppletArgComputeCrypt ccd;	731	CKYAppletArgComputeCrypt ccd;
726	CKYBuffer empty;	732	CKYBuffer empty;
727	CKYISOStatus status;	733	CKYISOStatus status;
		734	short dataSize = 0;
728	int use2APDUs = 0;	735	int use2APDUs = 0;
		736	int use_dl_object = CKYBuffer_Size(data) > 200 ;
729		737
730	CKYBuffer_InitEmpty(&empty);	738	CKYBuffer_InitEmpty(&empty);
731	ccd.keyNumber = keyNumber;	739	ccd.keyNumber = keyNumber;
732	ccd.mode = mode;	740	ccd.mode = mode;
733	ccd.direction = direction;	741	ccd.direction = direction;
734	ccd.location = CKY_DL_APDU;	742	ccd.location = use_dl_object ? CKY_DL_OBJECT : CKY_DL_APDU;
735		743
736	if (!apduRC)	744	if (!apduRC)
737	apduRC = &status;	745	apduRC = &status;
738		746
		747	if (use_dl_object) {
		748	CKYBuffer sizeBuf;
		749
		750	CKYBuffer_InitEmpty(&sizeBuf);
		751	CKYBuffer_AppendShort(&sizeBuf, CKYBuffer_Size(data));
		752
		753	ret = CKYApplet_WriteObjectFull(conn, 0xffffffff,
		754	0, CKYBuffer_Size(&sizeBuf), nonce,
		755	&sizeBuf, apduRC);
		756
		757	CKYBuffer_FreeData(&sizeBuf);
		758	if( ret != CKYSUCCESS)
		759	goto fail;
		760
		761	ret = CKYApplet_WriteObjectFull(conn, 0xffffffff,
		762	2, CKYBuffer_Size(data), nonce,
		763	data, apduRC);
		764
		765	if(ret != CKYSUCCESS)
		766	goto fail;
		767	}
		768
739	if (mode == CKY_RSA_NO_PAD) {	769	if (mode == CKY_RSA_NO_PAD) {
740	ccd.data = data;	770	ccd.data = use_dl_object ? &empty : data;
741	ccd.sig = sig;	771	ccd.sig = sig;
742	ret = CKYApplet_HandleAPDU(conn,	772	ret = CKYApplet_HandleAPDU(conn,
743	CKYAppletFactory_ComputeCryptOneStep, &ccd, nonce,	773	CKYAppletFactory_ComputeCryptOneStep, &ccd, nonce,
744	CKY_SIZE_UNKNOWN, ckyAppletFill_ComputeCryptFinal,	774	CKY_SIZE_UNKNOWN, ckyAppletFill_ComputeCryptFinal,
745	result, apduRC);	775	use_dl_object ? NULL : result, apduRC);
746	if (ret == CKYAPDUFAIL && *apduRC == CKYISO_INCORRECT_P2) {	776	if (ret == CKYAPDUFAIL && *apduRC == CKYISO_INCORRECT_P2) {
747	use2APDUs = 1; /* maybe it's an old applet */	777	use2APDUs = 1; /* maybe it's an old applet */
748	}	778	}
Lines 759-771 CKYApplet_ComputeCrypt(CKYCardConnection Link Here
759	CKYAppletFactory_ComputeCryptInit, &ccd, nonce,	789	CKYAppletFactory_ComputeCryptInit, &ccd, nonce,
760	0, CKYAppletFill_Null, NULL, apduRC);	790	0, CKYAppletFill_Null, NULL, apduRC);
761	if (ret == CKYSUCCESS) {	791	if (ret == CKYSUCCESS) {
762	ccd.data = data;	792	ccd.data = use_dl_object ? &empty : data;
763	ret = CKYApplet_HandleAPDU(conn,	793	ret = CKYApplet_HandleAPDU(conn,
764	CKYAppletFactory_ComputeCryptFinal, &ccd, nonce,	794	CKYAppletFactory_ComputeCryptFinal, &ccd, nonce,
765	CKY_SIZE_UNKNOWN, ckyAppletFill_ComputeCryptFinal,	795	CKY_SIZE_UNKNOWN, ckyAppletFill_ComputeCryptFinal,
766	result, apduRC);	796	use_dl_object ? NULL : result, apduRC);
767	}	797	}
768	}	798	}
		799
		800	if (use_dl_object && ret == CKYSUCCESS) {
		801	CKYBuffer sizeOutBuf;
		802	CKYBuffer_InitEmpty(&sizeOutBuf);
		803
		804	ret = CKYApplet_ReadObjectFull(conn,0xffffffff,
		805	0, 2,
		806	nonce,&sizeOutBuf,apduRC);
		807
		808	if(ret != CKYSUCCESS) {
		809	CKYBuffer_FreeData(&sizeOutBuf);
		810	goto fail;
		811	}
		812
		813	dataSize = CKYBuffer_GetShort(&sizeOutBuf, 0);
		814
		815	CKYBuffer_FreeData(&sizeOutBuf);
		816
		817	ret = CKYApplet_ReadObjectFull(conn,0xffffffff,
		818	2, dataSize,
		819	nonce,result,apduRC);
		820	}
		821
		822	fail:
		823
769	return ret;	824	return ret;
770	}	825	}
771		826
Lines 1036-1041 CKYApplet_ReadObjectFull(CKYCardConnecti Link Here
1036	}	1091	}
1037		1092
1038	/*	1093	/*
		1094	* Write Object
		1095	* This makes multiple APDU calls to write the entire object.
		1096	*
		1097	*/
		1098
		1099	CKYStatus
		1100	CKYApplet_WriteObjectFull(CKYCardConnection *conn, unsigned long objectID,
		1101	CKYOffset offset, CKYSize size, const CKYBuffer *nonce,
		1102	const CKYBuffer data, CKYISOStatus apduRC)
		1103	{
		1104
		1105	CKYBuffer chunk;
		1106	CKYOffset srcOffset = 0;
		1107	CKYAppletArgWriteObject wod;
		1108	CKYStatus ret = CKYSUCCESS;
		1109
		1110	wod.objectID = objectID;
		1111	wod.offset = offset;
		1112	do {
		1113	wod.size = (CKYByte) MIN(size, 220);
		1114	ret = CKYBuffer_InitFromBuffer(&chunk, data,
		1115	srcOffset, wod.size);
		1116	if(ret == CKYSUCCESS) {
		1117	wod.data = &chunk;
		1118	ret = CKYApplet_HandleAPDU(conn, CKYAppletFactory_WriteObject, &wod,
		1119	nonce, 0, CKYAppletFill_Null, NULL, apduRC);
		1120	size -= wod.size;
		1121	wod.offset += wod.size;
		1122	srcOffset += wod.size;
		1123	CKYBuffer_FreeData(&chunk);
		1124	}
		1125
		1126	} while ((size > 0) && (ret == CKYSUCCESS));
		1127
		1128	return ret;
		1129	}
		1130
		1131	/*
1039	* List Object cluster	1132	* List Object cluster
1040	*/	1133	*/
1041	static CKYStatus	1134	static CKYStatus

Lines 192-197 typedef struct _CKYAppletArgReadObject { Link Here

(-)./src/libckyapplet/cky_applet.h.coolkey-latest (+21 lines)
192	CKYByte size;	192	CKYByte size;
193	} CKYAppletArgReadObject;	193	} CKYAppletArgReadObject;
194		194
		195	typedef struct _CKYAppletArgWriteObject {
		196	unsigned long objectID;
		197	CKYOffset offset;
		198	CKYByte size;
		199	CKYBuffer *data;
		200
		201	} CKYAppletArgWriteObject;
		202
195	typedef struct _CKYAppletArgComputeCrypt {	203	typedef struct _CKYAppletArgComputeCrypt {
196	CKYByte keyNumber;	204	CKYByte keyNumber;
197	CKYByte mode;	205	CKYByte mode;
Lines 250-255 CKYStatus CKYAppletFactory_ListPINs(CKYA Link Here
250	/* param == CKYByte * (pointer to pinNumber) */	258	/* param == CKYByte * (pointer to pinNumber) */
251	CKYStatus CKYAppletFactory_Logout(CKYAPDU apdu, const void param);	259	CKYStatus CKYAppletFactory_Logout(CKYAPDU apdu, const void param);
252	/* Future add WriteObject */	260	/* Future add WriteObject */
		261	/* parm == CKYAppletArgWriteObject */
		262	CKYStatus CKYAppletFactory_WriteObject(CKYAPDU apdu, const void param);
253	/* param == CKYAppletArgCreateObject */	263	/* param == CKYAppletArgCreateObject */
254	CKYStatus CKYAppletFactory_CreateObject(CKYAPDU apdu, const void param);	264	CKYStatus CKYAppletFactory_CreateObject(CKYAPDU apdu, const void param);
255	/* param == CKYAppletArgDeleteObject */	265	/* param == CKYAppletArgDeleteObject */
Lines 482-487 CKYStatus CKYApplet_ReadObjectAppend(CKY Link Here
482	CKYStatus CKYApplet_ReadObjectFull(CKYCardConnection *conn,	492	CKYStatus CKYApplet_ReadObjectFull(CKYCardConnection *conn,
483	unsigned long objectID, CKYOffset offset, CKYSize size,	493	unsigned long objectID, CKYOffset offset, CKYSize size,
484	const CKYBuffer nonce, CKYBuffer data, CKYISOStatus *apduRC);	494	const CKYBuffer nonce, CKYBuffer data, CKYISOStatus *apduRC);
		495	/*
		496	* There is 1 write command:
		497	* CKYApplet_WriteObjectFull can write an entire data object. It makes multiple
		498	* apdu calls in order to write the full amount into the buffer. The buffer is
		499	* overwritten.
		500	*/
		501
		502	CKYStatus CKYApplet_WriteObjectFull(CKYCardConnection *conn,
		503	unsigned long objectID, CKYOffset offset, CKYSize size,
		504	const CKYBuffer nonce, const CKYBuffer data, CKYISOStatus *apduRC);
		505
485	CKYStatus CKYApplet_ListObjects(CKYCardConnection *conn, CKYByte seq,	506	CKYStatus CKYApplet_ListObjects(CKYCardConnection *conn, CKYByte seq,
486	CKYAppletRespListObjects lop, CKYISOStatus apduRC);	507	CKYAppletRespListObjects lop, CKYISOStatus apduRC);
487	CKYStatus CKYApplet_GetStatus(CKYCardConnection *conn,	508	CKYStatus CKYApplet_GetStatus(CKYCardConnection *conn,

Lines 129-134 typedef struct _SCard { Link Here

(-)./src/libckyapplet/cky_card.c.coolkey-latest (-7 / +22 lines)
129	SCardGetStatusChangeFn SCardGetStatusChange;	129	SCardGetStatusChangeFn SCardGetStatusChange;
130	SCardCancelFn SCardCancel;	130	SCardCancelFn SCardCancel;
131	SCARD_IO_REQUEST *SCARD_PCI_T0_;	131	SCARD_IO_REQUEST *SCARD_PCI_T0_;
		132	SCARD_IO_REQUEST *SCARD_PCI_T1_;
132	} SCard;	133	} SCard;
133		134
134	#define GET_ADDRESS(library, scard, name) \	135	#define GET_ADDRESS(library, scard, name) \
Lines 195-200 ckySCard_Init(void) Link Here
195	if( status != CKYSUCCESS ) {	196	if( status != CKYSUCCESS ) {
196	goto fail;	197	goto fail;
197	}	198	}
		199
		200	status = ckyShLibrary_getAddress( library,
		201	(void**) &scard->SCARD_PCI_T1_, MAKE_DLL_SYMBOL(g_rgSCardT1Pci));
		202	if( status != CKYSUCCESS ) {
		203	goto fail;
		204	}
198	return scard;	205	return scard;
199		206
200	fail:	207	fail:
Lines 884-889 struct _CKYCardConnection { Link Here
884	SCARDHANDLE cardHandle;	891	SCARDHANDLE cardHandle;
885	unsigned long lastError;	892	unsigned long lastError;
886	CKYBool inTransaction;	893	CKYBool inTransaction;
		894	unsigned long protocol;
887	};	895	};
888		896
889	static void	897	static void
Lines 894-899 ckyCardConnection_init(CKYCardConnection Link Here
894	conn->cardHandle = 0;	902	conn->cardHandle = 0;
895	conn->lastError = 0;	903	conn->lastError = 0;
896	conn->inTransaction = 0;	904	conn->inTransaction = 0;
		905	conn->protocol = SCARD_PROTOCOL_T0;
897	}	906	}
898		907
899	CKYCardConnection *	908	CKYCardConnection *
Lines 934-947 CKYCardConnection_Connect(CKYCardConnect Link Here
934	{	943	{
935	CKYStatus ret;	944	CKYStatus ret;
936	unsigned long rv;	945	unsigned long rv;
937	unsigned long protocol;
938		946
939	ret = CKYCardConnection_Disconnect(conn);	947	ret = CKYCardConnection_Disconnect(conn);
940	if (ret != CKYSUCCESS) {	948	if (ret != CKYSUCCESS) {
941	return ret;	949	return ret;
942	}	950	}
943	rv = conn->scard->SCardConnect( conn->ctx->context, readerName,	951	rv = conn->scard->SCardConnect( conn->ctx->context, readerName,
944	SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0, &conn->cardHandle, &protocol);	952	SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 \| SCARD_PROTOCOL_T1, &conn->cardHandle, &conn->protocol);
945	if (rv != SCARD_S_SUCCESS) {	953	if (rv != SCARD_S_SUCCESS) {
946	conn->lastError = rv;	954	conn->lastError = rv;
947	return CKYSCARDERR;	955	return CKYSCARDERR;
Lines 978-984 ckyCardConnection_reconnectRaw(CKYCardCo Link Here
978	unsigned long protocol;	986	unsigned long protocol;
979		987
980	rv = conn->scard->SCardReconnect(conn->cardHandle,	988	rv = conn->scard->SCardReconnect(conn->cardHandle,
981	SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0, init, &protocol);	989	SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 \| SCARD_PROTOCOL_T1 , init, &protocol);
982	if (rv != SCARD_S_SUCCESS) {	990	if (rv != SCARD_S_SUCCESS) {
983	conn->lastError = rv;	991	conn->lastError = rv;
984	return CKYSCARDERR;	992	return CKYSCARDERR;
Lines 1039-1048 CKYCardConnection_TransmitAPDU(CKYCardCo Link Here
1039	return ret;	1047	return ret;
1040	}	1048	}
1041		1049
1042	rv = conn->scard->SCardTransmit(conn->cardHandle,	1050	if( conn->protocol == SCARD_PROTOCOL_T0 ) {
1043	conn->scard->SCARD_PCI_T0_,	1051	rv = conn->scard->SCardTransmit(conn->cardHandle,
1044	CKYBuffer_Data(&apdu->apduBuf), CKYBuffer_Size(&apdu->apduBuf),	1052	conn->scard->SCARD_PCI_T0_,
1045	NULL, response->data, &response->len);	1053	CKYBuffer_Data(&apdu->apduBuf), CKYBuffer_Size(&apdu->apduBuf),
		1054	NULL, response->data, &response->len);
		1055	} else {
		1056	rv = conn->scard->SCardTransmit(conn->cardHandle,
		1057	conn->scard->SCARD_PCI_T1_,
		1058	CKYBuffer_Data(&apdu->apduBuf), CKYBuffer_Size(&apdu->apduBuf),
		1059	NULL, response->data, &response->len);
		1060	}
1046		1061
1047	if (rv != SCARD_S_SUCCESS) {	1062	if (rv != SCARD_S_SUCCESS) {
1048	conn->lastError =rv;	1063	conn->lastError =rv;

Lines 190-197 CKYAPDUFactory_ComputeCryptOneStep(CKYAP Link Here

(-)./src/libckyapplet/cky_factory.c.coolkey-latest (-4 / +57 lines)
190	CKYSize len;	190	CKYSize len;
191	CKYBuffer buf;	191	CKYBuffer buf;
192		192
193	if (!idata \|\| !(len = CKYBuffer_Size(idata)) \|\| location != CKY_DL_APDU)	193	if (!idata)
194	return ret;	194	return ret;
		195
		196	if (!(len = CKYBuffer_Size(idata)) && location != CKY_DL_OBJECT)
		197	return ret;
195		198
196	CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY);	199	CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY);
197	CKYAPDU_SetINS(apdu, CKY_INS_COMPUTE_CRYPT);	200	CKYAPDU_SetINS(apdu, CKY_INS_COMPUTE_CRYPT);
Lines 314-321 CKYAPDUFactory_Logout(CKYAPDU *apdu, CKY Link Here
314	return CKYSUCCESS;	317	return CKYSUCCESS;
315	}	318	}
316		319
317	/* Future add WriteObject */
318
319	CKYStatus	320	CKYStatus
320	CKYAPDUFactory_CreateObject(CKYAPDU *apdu, unsigned long objectID, CKYSize size,	321	CKYAPDUFactory_CreateObject(CKYAPDU *apdu, unsigned long objectID, CKYSize size,
321	unsigned short readACL, unsigned short writeACL, unsigned short deleteACL)	322	unsigned short readACL, unsigned short writeACL, unsigned short deleteACL)
Lines 419-424 fail: Link Here
419	}	420	}
420		421
421	CKYStatus	422	CKYStatus
		423	CKYAPDUFactory_WriteObject(CKYAPDU *apdu, unsigned long objectID,
		424	CKYOffset offset,CKYSize size,CKYBuffer *data)
		425	{
		426	CKYBuffer buf;
		427	CKYStatus ret = CKYSUCCESS;
		428	unsigned short dataSize = 0;
		429
		430	CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY);
		431	CKYAPDU_SetINS(apdu, CKY_INS_WRITE_OBJ);
		432	CKYAPDU_SetP1(apdu, 0x00);
		433	CKYAPDU_SetP2(apdu, 0x00);
		434	CKYBuffer_InitEmpty(&buf);
		435
		436	dataSize = (unsigned short) CKYBuffer_Size(data);
		437
		438	if(!dataSize) {
		439	ret = CKYINVALIDARGS;
		440	goto fail;
		441	}
		442
		443	ret = CKYBuffer_AppendLong(&buf,objectID);
		444	if (ret != CKYSUCCESS) {
		445	goto fail;
		446	}
		447	ret = CKYBuffer_AppendLong(&buf,offset);
		448	if (ret != CKYSUCCESS) {
		449	goto fail;
		450	}
		451	ret = CKYBuffer_AppendChar(&buf, size);
		452	if (ret != CKYSUCCESS) {
		453	goto fail;
		454	}
		455
		456	ret = CKYAPDU_SetSendDataBuffer(apdu,&buf);
		457
		458	if (ret != CKYSUCCESS) {
		459	goto fail;
		460	}
		461
		462	ret = CKYAPDU_AppendSendDataBuffer(apdu, data);
		463
		464	if (ret != CKYSUCCESS) {
		465	goto fail;
		466	}
		467
		468	fail:
		469	CKYBuffer_FreeData(&buf);
		470	return ret;
		471
		472	}
		473
		474	CKYStatus
422	CKYAPDUFactory_ListObjects(CKYAPDU *apdu, CKYByte sequence)	475	CKYAPDUFactory_ListObjects(CKYAPDU *apdu, CKYByte sequence)
423	{	476	{
424	CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY);	477	CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY);

Lines 190-196 CKYStatus CKYAPDUFactory_ChangePIN(CKYAP Link Here

(-)./src/libckyapplet/cky_factory.h.coolkey-latest (-1 / +2 lines)
190	const char oldPin, const char newPin);	190	const char oldPin, const char newPin);
191	CKYStatus CKYAPDUFactory_ListPINs(CKYAPDU *apdu);	191	CKYStatus CKYAPDUFactory_ListPINs(CKYAPDU *apdu);
192	CKYStatus CKYAPDUFactory_Logout(CKYAPDU *apdu, CKYByte pinNumber);	192	CKYStatus CKYAPDUFactory_Logout(CKYAPDU *apdu, CKYByte pinNumber);
193		193	CKYStatus CKYAPDUFactory_WriteObject(CKYAPDU *apdu, unsigned long objectID,
		194	CKYOffset offset,CKYSize size,CKYBuffer *data);
194	/* Future add WriteObject */	195	/* Future add WriteObject */
195	CKYStatus CKYAPDUFactory_CreateObject(CKYAPDU *apdu, unsigned long objectID,	196	CKYStatus CKYAPDUFactory_CreateObject(CKYAPDU *apdu, unsigned long objectID,
196	CKYSize size, unsigned short readACL, unsigned short writeACL,	197	CKYSize size, unsigned short readACL, unsigned short writeACL,

Return to bug 302769

Lines 203-208 SlotList::readerExists(const char *reade Link Here

(-)./src/coolkey/slot.cpp.coolkey-latest (-17 / +129 lines)
203	return FALSE;	203	return FALSE;
204	}	204	}
205		205
		206	bool
		207	SlotList::readerNameExistsInList(const char readerName,CKYReaderNameList readerNameList)
		208	{
		209	if( !readerName \|\| !readerNameList) {
		210	return FALSE;
		211	}
		212
		213	int i = 0;
		214	int readerNameCnt = CKYReaderNameList_GetCount(*readerNameList);
		215
		216	const char *curReaderName = NULL;
		217	for(i=0; i < readerNameCnt; i++) {
		218	curReaderName = CKYReaderNameList_GetValue(*readerNameList,i);
		219
		220	if(!strcmp(curReaderName,readerName)) {
		221	return TRUE;
		222	}
		223
		224	}
		225
		226	return FALSE;
		227	}
		228
206	/*	229	/*
207	* you need to hold the ReaderList Lock before you can update the ReaderList	230	* you need to hold the ReaderList Lock before you can update the ReaderList
208	*/	231	*/
Lines 256-261 SlotList::updateReaderList() Link Here
256	* don't recognize.	279	* don't recognize.
257	*/	280	*/
258		281
		282	/* first though, let's check to see if any previously removed readers have
		283	* come back from the dead. If the ignored bit has been set, we do not need
		284	* it any more.
		285	*/
		286
		287	const char *curReaderName = NULL;
		288	unsigned long knownState = 0;
		289	for(int ri = 0 ; ri < numReaders; ri ++) {
		290
		291	knownState = CKYReader_GetKnownState(&readerStates[ri]);
		292	if( !(knownState & SCARD_STATE_IGNORE)) {
		293	continue;
		294	}
		295
		296	curReaderName = CKYReader_GetReaderName(&readerStates[ri]);
		297	if(readerNameExistsInList(curReaderName,&readerNames)) {
		298	CKYReader_SetKnownState(&readerStates[ri], knownState & ~SCARD_STATE_IGNORE);
		299
		300	}
		301	}
		302
259	const char *newReadersData[MAX_READER_DELTA];	303	const char *newReadersData[MAX_READER_DELTA];
260	const char **newReaders = &newReadersData[0];	304	const char **newReaders = &newReadersData[0];
261	unsigned int newReaderCount = 0;	305	unsigned int newReaderCount = 0;
Lines 528-534 SlotList::getSlotList(CK_BBOOL tokenPres Link Here
528	void	572	void
529	Slot::connectToToken()	573	Slot::connectToToken()
530	{	574	{
531	CKYStatus status;	575	CKYStatus status = CKYSCARDERR;
532	OSTime time = OSTimeNow();	576	OSTime time = OSTimeNow();
533		577
534	mCoolkey = 0;	578	mCoolkey = 0;
Lines 537-549 Slot::connectToToken() Link Here
537		581
538	// try to connect to the card	582	// try to connect to the card
539	if( ! CKYCardConnection_IsConnected(conn) ) {	583	if( ! CKYCardConnection_IsConnected(conn) ) {
540	status = CKYCardConnection_Connect(conn, readerName);	584	int i = 0;
541	if( status != CKYSUCCESS ) {	585	//for cranky readers try again a few more times
542	log->log("Unable to connect to token\n");	586	while( i++ < 5 && status != CKYSUCCESS )
		587	{
		588	status = CKYCardConnection_Connect(conn, readerName);
		589	if( status != CKYSUCCESS &&
		590	CKYCardConnection_GetLastError(conn) == SCARD_E_PROTO_MISMATCH )
		591	{
		592	log->log("Unable to connect to token status %d ConnGetGetLastError %x .\n",status,CKYCardConnection_GetLastError(conn));
		593
		594	}
		595	else
		596	{
		597	break;
		598	}
		599	OSSleep(100000);
		600	}
		601
		602	if( status != CKYSUCCESS)
		603	{
543	state = UNKNOWN;	604	state = UNKNOWN;
544	return;	605	return;
545	}	606	}
546	}	607	}
		608
547	log->log("time connect: Connect Time %d ms\n", OSTimeNow() - time);	609	log->log("time connect: Connect Time %d ms\n", OSTimeNow() - time);
548	if (!slotInfoFound) {	610	if (!slotInfoFound) {
549	readSlotInfo();	611	readSlotInfo();
Lines 562-576 Slot::connectToToken() Link Here
562	state = CARD_PRESENT;	624	state = CARD_PRESENT;
563	}	625	}
564		626
565	if ( CKYBuffer_DataIsEqual(&cardATR, ATR, sizeof (ATR)) \|\|	627	if (Params::hasParam("noAppletOK"))
566	CKYBuffer_DataIsEqual(&cardATR, ATR1, sizeof(ATR1)) \|\|	628	{
567	CKYBuffer_DataIsEqual(&cardATR, ATR2, sizeof(ATR2)) ) {	629	state \|= APPLET_SELECTABLE;
568		630	mCoolkey = 1;
569	if (Params::hasParam("noAppletOK"))
570	{
571	state \|= APPLET_SELECTABLE;
572	mCoolkey = 1;
573	}
574	}	631	}
575		632
576	/* support CAC card. identify the card based on applets, not the ATRS */	633	/* support CAC card. identify the card based on applets, not the ATRS */
Lines 631-637 Slot::connectToToken() Link Here
631	* unfriendly */	688	* unfriendly */
632	isVersion1Key = 0;	689	isVersion1Key = 0;
633	needLogin = 1;	690	needLogin = 1;
634		691	mCoolkey = 0;
635	return;	692	return;
636	}	693	}
637	mCoolkey = 1;	694	mCoolkey = 1;
Lines 1077-1082 SlotList::waitForSlotEvent(CK_FLAGS flag Link Here
1077	}	1134	}
1078	throw;	1135	throw;
1079	}	1136	}
		1137
1080	if (myNumReaders != numReaders) {	1138	if (myNumReaders != numReaders) {
1081	if (myReaderStates) {	1139	if (myReaderStates) {
1082	delete [] myReaderStates;	1140	delete [] myReaderStates;
Lines 1103-1108 SlotList::waitForSlotEvent(CK_FLAGS flag Link Here
1103	}	1161	}
1104	}	1162	}
1105	}	1163	}
		1164
1106	if (found \|\| (flag == CKF_DONT_BLOCK) \|\| shuttingDown) {	1165	if (found \|\| (flag == CKF_DONT_BLOCK) \|\| shuttingDown) {
1107	break;	1166	break;
1108	}	1167	}
Lines 1272-1277 class ObjectHandleMatch { Link Here
1272	}	1331	}
1273	};	1332	};
1274		1333
		1334	class KeyNumMatch {
		1335	private:
		1336	CKYByte keyNum;
		1337	const Slot &slot;
		1338	public:
		1339	KeyNumMatch(CKYByte keyNum_, const Slot &s) : keyNum(keyNum_), slot(s) { }
		1340	bool operator() (const PKCS11Object& obj) {
		1341	unsigned long objID = obj.getMuscleObjID();
		1342	return (slot.getObjectClass(objID) == 'k')
		1343	&& (slot.getObjectIndex(objID) == keyNum);
		1344	}
		1345	};
		1346
1275	class ObjectCertCKAIDMatch {	1347	class ObjectCertCKAIDMatch {
1276	private:	1348	private:
1277	CKYByte cka_id;	1349	CKYByte cka_id;
Lines 3007-3014 Slot::sign(SessionHandleSuffix suffix, C Link Here
3007	CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,	3079	CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
3008	CK_ULONG_PTR pulSignatureLen)	3080	CK_ULONG_PTR pulSignatureLen)
3009	{	3081	{
		3082	RSASignatureParams params(CryptParams::DEFAULT_KEY_SIZE);
3010	cryptRSA(suffix, pData, ulDataLen, pSignature, pulSignatureLen,	3083	cryptRSA(suffix, pData, ulDataLen, pSignature, pulSignatureLen,
3011	RSASignatureParams(CryptParams::FIXED_KEY_SIZE));	3084	params);
3012	}	3085	}
3013		3086
3014	void	3087	void
Lines 3016-3029 Slot::decrypt(SessionHandleSuffix suffix Link Here
3016	CK_ULONG ulDataLen, CK_BYTE_PTR pDecryptedData,	3089	CK_ULONG ulDataLen, CK_BYTE_PTR pDecryptedData,
3017	CK_ULONG_PTR pulDecryptedDataLen)	3090	CK_ULONG_PTR pulDecryptedDataLen)
3018	{	3091	{
		3092	RSADecryptParams params(CryptParams::DEFAULT_KEY_SIZE);
3019	cryptRSA(suffix, pData, ulDataLen, pDecryptedData, pulDecryptedDataLen,	3093	cryptRSA(suffix, pData, ulDataLen, pDecryptedData, pulDecryptedDataLen,
3020	RSADecryptParams(CryptParams::FIXED_KEY_SIZE));	3094	params);
3021	}	3095	}
3022		3096
3023	void	3097	void
3024	Slot::cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,	3098	Slot::cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,
3025	CK_ULONG ulInputLen, CK_BYTE_PTR pOutput,	3099	CK_ULONG ulInputLen, CK_BYTE_PTR pOutput,
3026	CK_ULONG_PTR pulOutputLen, const CryptParams& params)	3100	CK_ULONG_PTR pulOutputLen, CryptParams& params)
3027	{	3101	{
3028	refreshTokenState();	3102	refreshTokenState();
3029	SessionIter session = findSession(suffix);	3103	SessionIter session = findSession(suffix);
Lines 3041-3046 Slot::cryptRSA(SessionHandleSuffix suffi Link Here
3041	CKYBuffer *result = &opState.result;	3115	CKYBuffer *result = &opState.result;
3042	CKYByte keyNum = opState.keyNum;	3116	CKYByte keyNum = opState.keyNum;
3043		3117
		3118	unsigned int keySize = getKeySize(keyNum);
		3119
		3120	if(keySize != CryptParams::DEFAULT_KEY_SIZE)
		3121	params.setKeySize(keySize);
		3122
3044	if( CKYBuffer_Size(result) == 0 ) {	3123	if( CKYBuffer_Size(result) == 0 ) {
3045	// we haven't already peformed the decryption, so do it now.	3124	// we haven't already peformed the decryption, so do it now.
3046	if( pInput == NULL \|\| ulInputLen == 0) {	3125	if( pInput == NULL \|\| ulInputLen == 0) {
Lines 3243-3245 Slot::generateRandom(SessionHandleSuffix Link Here
3243	throw PKCS11Exception(CKR_DEVICE_ERROR);	3322	throw PKCS11Exception(CKR_DEVICE_ERROR);
3244	}	3323	}
3245	}	3324	}
		3325
		3326	#define MAX_NUM_KEYS 8
		3327	unsigned int
		3328	Slot::getKeySize(CKYByte keyNum)
		3329	{
		3330	unsigned int keySize = CryptParams::DEFAULT_KEY_SIZE;
		3331	int modSize = 0;
		3332
		3333	if(keyNum >= MAX_NUM_KEYS) {
		3334	return keySize;
		3335	}
		3336
		3337	ObjectConstIter iter;
		3338	iter = find_if(tokenObjects.begin(), tokenObjects.end(),
		3339	KeyNumMatch(keyNum,*this));
		3340
		3341	if( iter == tokenObjects.end() ) {
		3342	return keySize;
		3343	}
		3344
		3345	CKYBuffer const *modulus = iter->getAttribute(CKA_MODULUS);
		3346
		3347	if(modulus) {
		3348	modSize = CKYBuffer_Size(modulus);
		3349	if(CKYBuffer_GetChar(modulus,0) == 0x0) {
		3350	modSize--;
		3351	}
		3352	if(modSize > 0)
		3353	keySize = modSize * 8;
		3354	}
		3355
		3356	return keySize;
		3357	}

Lines 270-279 class CryptParams { Link Here

(-)./src/coolkey/slot.h.coolkey-latest (-5 / +8 lines)
270	protected:	270	protected:
271	unsigned int getKeySize() const { return keySize; }	271	unsigned int getKeySize() const { return keySize; }
272	public:	272	public:
273	// !!!XXX hack. The right way to get the key size is to get all the	273	// set the actual key size obtained from the card
274	// key information from the token with MSCListKeys, the same way	274	void setKeySize(unsigned int newKeySize) { keySize = newKeySize; }
275	// we get all the object information with MSCListObjects.	275	enum { DEFAULT_KEY_SIZE = 1024 };
276	enum { FIXED_KEY_SIZE = 1024 };
277		276
278		277
279	CryptParams(unsigned int keySize_) : keySize(keySize_) { }	278	CryptParams(unsigned int keySize_) : keySize(keySize_) { }
Lines 422-428 class Slot { Link Here
422		421
423	void cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,	422	void cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,
424	CK_ULONG ulInputLen, CK_BYTE_PTR pOutput,	423	CK_ULONG ulInputLen, CK_BYTE_PTR pOutput,
425	CK_ULONG_PTR pulOutputLen, const CryptParams& params);	424	CK_ULONG_PTR pulOutputLen, CryptParams& params);
426		425
427	void performRSAOp(CKYBuffer out, const CKYBuffer input, CKYByte keyNum,	426	void performRSAOp(CKYBuffer out, const CKYBuffer input, CKYByte keyNum,
428	CKYByte direction);	427	CKYByte direction);
Lines 460-465 class Slot { Link Here
460	return (char )((objectID >> 16) & 0xff) - '0';	459	return (char )((objectID >> 16) & 0xff) - '0';
461	}	460	}
462		461
		462	// actually get the size of a key in bits from the card
		463	unsigned int getKeySize(CKYByte keyNum);
463		464
464	SessionHandleSuffix openSession(Session::Type type);	465	SessionHandleSuffix openSession(Session::Type type);
465	void closeSession(SessionHandleSuffix handleSuffix);	466	void closeSession(SessionHandleSuffix handleSuffix);
Lines 527-532 class SlotList { Link Here
527	* has called 'C_GetSlotList' with a NULL parameter */	528	* has called 'C_GetSlotList' with a NULL parameter */
528	void updateReaderList();	529	void updateReaderList();
529		530
		531	/* see if a reader name exists in a caller provided reader name list. */
		532	bool readerNameExistsInList(const char readerName,CKYReaderNameList readerNameList );
530	bool readerExists(const char readerName, unsigned int hint = 0);	533	bool readerExists(const char readerName, unsigned int hint = 0);
531	public:	534	public:
532	SlotList(Log *log);	535	SlotList(Log *log);