[SmartcardServices-Changes] [77] trunk/Tokend
source_changes at macosforge.org
source_changes at macosforge.org
Fri Dec 18 06:23:27 PST 2009
Revision: 77
http://trac.macosforge.org/projects/smartcardservices/changeset/77
Author: ludovic.rousseau at gmail.com
Date: 2009-12-18 06:23:24 -0800 (Fri, 18 Dec 2009)
Log Message:
-----------
merge changes from releases/Apple/Mac OS X 10.6.0/Tokend-36720
Modified Paths:
--------------
trunk/Tokend/BELPIC/BELPICError.cpp
trunk/Tokend/BELPIC/BELPICError.h
trunk/Tokend/BELPIC/BELPICRecord.cpp
trunk/Tokend/BELPIC/BELPICRecord.h
trunk/Tokend/BELPIC/BELPICSchema.cpp
trunk/Tokend/BELPIC/BELPICSchema.h
trunk/Tokend/BELPIC/BELPICToken.cpp
trunk/Tokend/BELPIC/Info.plist
trunk/Tokend/BELPIC/belpic.cpp
trunk/Tokend/CAC/CACError.cpp
trunk/Tokend/CAC/CACError.h
trunk/Tokend/CAC/CACRecord.cpp
trunk/Tokend/CAC/CACRecord.h
trunk/Tokend/CAC/CACToken.cpp
trunk/Tokend/CAC/Info.plist
trunk/Tokend/CAC/cac.cpp
trunk/Tokend/MuscleCard/Info.plist
trunk/Tokend/PIV/Info.plist
trunk/Tokend/PIV/PIVAttributeCoder.cpp
trunk/Tokend/PIV/PIVAttributeCoder.h
trunk/Tokend/PIV/PIVCCC.h
trunk/Tokend/PIV/PIVDefines.h
trunk/Tokend/PIV/PIVError.cpp
trunk/Tokend/PIV/PIVError.h
trunk/Tokend/PIV/PIVKeyHandle.cpp
trunk/Tokend/PIV/PIVKeyHandle.h
trunk/Tokend/PIV/PIVRecord.cpp
trunk/Tokend/PIV/PIVRecord.h
trunk/Tokend/PIV/PIVSchema.cpp
trunk/Tokend/PIV/PIVSchema.h
trunk/Tokend/PIV/PIVToken.cpp
trunk/Tokend/PIV/PIVToken.h
trunk/Tokend/PIV/Padding.cpp
trunk/Tokend/PIV/SecureBufferAllocator.h
trunk/Tokend/PIV/SecureBufferAllocator.inc
trunk/Tokend/PIV/byte_string.h
trunk/Tokend/PIV/piv.cpp
trunk/Tokend/Tokend/Adornment.h
trunk/Tokend/Tokend/Attribute.h
trunk/Tokend/Tokend/AttributeCoder.cpp
trunk/Tokend/Tokend/AttributeCoder.h
trunk/Tokend/Tokend/DbValue.h
trunk/Tokend/Tokend/MetaRecord.h
trunk/Tokend/Tokend/PKCS11Object.h
trunk/Tokend/Tokend/Record.h
trunk/Tokend/Tokend/RecordHandle.h
trunk/Tokend/Tokend/SCardError.cpp
trunk/Tokend/Tokend/SCardError.h
trunk/Tokend/Tokend/Schema.cpp
trunk/Tokend/Tokend/Schema.h
trunk/Tokend/Tokend/SelectionPredicate.h
trunk/Tokend/Tokend/Token.cpp
trunk/Tokend/Tokend/Token.h
trunk/Tokend/Tokend/TokenContext.h
trunk/Tokend/Tokend.xcodeproj/project.pbxproj
Modified: trunk/Tokend/BELPIC/BELPICError.cpp
===================================================================
--- trunk/Tokend/BELPIC/BELPICError.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/BELPIC/BELPICError.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -35,7 +35,11 @@
//
BELPICError::BELPICError(uint16_t sw) : SCardError(sw)
{
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
IFDEBUG(debugDiagnose(this));
+#else
+ SECURITY_EXCEPTION_THROW_OTHER(this, sw, (char *)"BELPIC");
+#endif
}
BELPICError::~BELPICError() throw ()
@@ -48,6 +52,8 @@
void BELPICError::throwMe(uint16_t sw)
{ throw BELPICError(sw); }
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+
#if !defined(NDEBUG)
void BELPICError::debugDiagnose(const void *id) const
@@ -58,3 +64,4 @@
#endif //NDEBUG
+#endif // MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
Modified: trunk/Tokend/BELPIC/BELPICError.h
===================================================================
--- trunk/Tokend/BELPIC/BELPICError.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/BELPIC/BELPICError.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -43,7 +43,9 @@
static void check(uint16_t sw) { if (sw != SCARD_SUCCESS) throwMe(sw); }
static void throwMe(uint16_t sw) __attribute__((noreturn));
protected:
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
IFDEBUG(void debugDiagnose(const void *id) const;)
+#endif
};
#endif /* !_BELPICERROR_H_ */
Modified: trunk/Tokend/BELPIC/BELPICRecord.cpp
===================================================================
--- trunk/Tokend/BELPIC/BELPICRecord.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/BELPIC/BELPICRecord.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -53,7 +53,11 @@
#define BELPIC_MAXSIZE_CERT 4000
-Tokend::Attribute *BELPICBinaryFileRecord::getDataAttribute(
+BELPICCertificateRecord::~BELPICCertificateRecord()
+{
+}
+
+Tokend::Attribute *BELPICCertificateRecord::getDataAttribute(
Tokend::TokenContext *tokenContext)
{
CssmData data;
@@ -79,7 +83,44 @@
return new Tokend::Attribute(data.Data, data.Length);
}
+//
+// BELPICProtectedRecord
+//
+BELPICProtectedRecord::~BELPICProtectedRecord()
+{
+}
+Tokend::Attribute *BELPICProtectedRecord::getDataAttribute(Tokend::TokenContext *tokenContext)
+{
+ // no caching
+ CssmData data;
+ BELPICToken &belpicToken = static_cast<BELPICToken &>(*tokenContext);
+
+ PCSC::Transaction _(belpicToken);
+ belpicToken.select(mDF, mEF);
+
+ uint8 certificate[BELPIC_MAXSIZE_CERT];
+ size_t certificateLength = sizeof(certificate);
+ belpicToken.readBinary(certificate, certificateLength);
+ data.Data = certificate;
+ data.Length = certificateLength;
+
+ return new Tokend::Attribute(data.Data, data.Length);
+}
+
+void BELPICProtectedRecord::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
+{
+ if (!mAclEntries) {
+ mAclEntries.allocator(Allocator::standard());
+ // Reading this object's data requires PIN1
+ mAclEntries.add(CssmClient::AclFactory::PinSubject(
+ mAclEntries.allocator(), 1),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+ }
+ count = mAclEntries.size();
+ acls = mAclEntries.entries();
+}
+
//
// BELPICKeyRecord
//
Modified: trunk/Tokend/BELPIC/BELPICRecord.h
===================================================================
--- trunk/Tokend/BELPIC/BELPICRecord.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/BELPIC/BELPICRecord.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -41,7 +41,7 @@
public:
BELPICRecord(const char *description) :
mDescription(description) {}
- ~BELPICRecord();
+ virtual ~BELPICRecord();
virtual const char *description() { return mDescription; }
@@ -55,25 +55,52 @@
NOCOPY(BELPICBinaryFileRecord)
public:
BELPICBinaryFileRecord(const uint8_t *df, const uint8_t *ef,
- const char *description) :
- BELPICRecord(description), mDF(df), mEF(ef) {}
- ~BELPICBinaryFileRecord();
-
- virtual Tokend::Attribute *getDataAttribute(
- Tokend::TokenContext *tokenContext);
-
+ const char *description) :
+ BELPICRecord(description), mDF(df), mEF(ef) {}
+ virtual ~BELPICBinaryFileRecord();
+
+ virtual Tokend::Attribute *getDataAttribute(Tokend::TokenContext *tokenContext) = 0;
+
protected:
const uint8_t *mDF;
const uint8_t *mEF;
};
+class BELPICCertificateRecord : public BELPICBinaryFileRecord
+{
+ NOCOPY(BELPICCertificateRecord)
+public:
+ BELPICCertificateRecord(const uint8_t *df, const uint8_t *ef,
+ const char *description) :
+ BELPICBinaryFileRecord(df, ef, description) {}
+ virtual ~BELPICCertificateRecord();
+
+ virtual Tokend::Attribute *getDataAttribute(Tokend::TokenContext *tokenContext);
+};
+
+class BELPICProtectedRecord : public BELPICBinaryFileRecord
+{
+ NOCOPY(BELPICProtectedRecord)
+public:
+ BELPICProtectedRecord(const uint8_t *df, const uint8_t *ef, const char *description) :
+ BELPICBinaryFileRecord(df, ef, description) {}
+ virtual ~BELPICProtectedRecord();
+
+ virtual Tokend::Attribute *getDataAttribute(Tokend::TokenContext *tokenContext);
+ virtual void getAcl(const char *tag, uint32 &count,
+ AclEntryInfo *&aclList);
+private:
+ AutoAclEntryInfoList mAclEntries;
+};
+
+
class BELPICKeyRecord : public BELPICRecord
{
NOCOPY(BELPICKeyRecord)
public:
BELPICKeyRecord(const uint8_t *keyId, const char *description,
const Tokend::MetaRecord &metaRecord, bool signOnly);
- ~BELPICKeyRecord();
+ virtual ~BELPICKeyRecord();
size_t sizeInBits() const { return 1024; }
void computeCrypt(BELPICToken &belpicToken, bool sign,
Modified: trunk/Tokend/BELPIC/BELPICSchema.cpp
===================================================================
--- trunk/Tokend/BELPIC/BELPICSchema.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/BELPIC/BELPICSchema.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -88,6 +88,12 @@
createStandardRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE);
createKeyRelation(CSSM_DL_DB_RECORD_PRIVATE_KEY);
- createStandardRelation(CSSM_DL_DB_RECORD_GENERIC);
+
+ Relation *rn_gen = createStandardRelation(CSSM_DL_DB_RECORD_GENERIC);
+
+ // Create the generic table
+ MetaRecord &mr_gen = rn_gen->metaRecord();
+ mr_gen.attributeCoderForData(&mBELPICDataAttributeCoder);
+
}
Modified: trunk/Tokend/BELPIC/BELPICSchema.h
===================================================================
--- trunk/Tokend/BELPIC/BELPICSchema.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/BELPIC/BELPICSchema.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -31,6 +31,7 @@
#include "Schema.h"
#include "BELPICKeyHandle.h"
+#include "BELPICAttributeCoder.h"
namespace Tokend
{
@@ -52,6 +53,9 @@
Tokend::Relation *createKeyRelation(CSSM_DB_RECORDTYPE keyType);
private:
+ // Coders we need.
+ BELPICDataAttributeCoder mBELPICDataAttributeCoder;
+
Tokend::ConstAttributeCoder mKeyAlgorithmCoder;
Tokend::ConstAttributeCoder mKeySizeCoder;
Modified: trunk/Tokend/BELPIC/BELPICToken.cpp
===================================================================
--- trunk/Tokend/BELPIC/BELPICToken.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/BELPIC/BELPICToken.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -384,18 +384,18 @@
uint32_t offset = 5;
apdu[offset++] = 0x20 + oldPinLength;
- for (uint32_t ix = 0; ix < oldPinLength;)
+ for (uint32_t ix = 0; ix < oldPinLength;ix+=2)
{
- apdu[offset++] = (pinDigit(oldPin[ix++]) << 4) +
- (ix < oldPinLength ? pinDigit(oldPin[ix++]) : pinDigit('F'));
+ apdu[offset++] = (pinDigit(oldPin[ix]) << 4) +
+ ((ix+1) < oldPinLength ? pinDigit(oldPin[ix+1]) : pinDigit('F'));
}
offset = 5 + 8;
apdu[offset++] = 0x20 + newPinLength;
- for (uint32_t ix = 0; ix < newPinLength;)
+ for (uint32_t ix = 0; ix < newPinLength;ix+=2)
{
- apdu[offset++] = (pinDigit(newPin[ix++]) << 4) +
- (ix < newPinLength ? pinDigit(newPin[ix++]) : pinDigit('F'));
+ apdu[offset++] = (pinDigit(newPin[ix]) << 4) +
+ ((ix+1) < newPinLength ? pinDigit(newPin[ix+1]) : pinDigit('F'));
}
unsigned char result[MAX_BUFFER_SIZE];
@@ -459,10 +459,10 @@
uint32_t offset = 5;
apdu[offset++] = 0x20 + pinLength;
- for (uint32_t ix = 0; ix < pinLength;)
+ for (uint32_t ix = 0; ix < pinLength;ix+=2)
{
- apdu[offset++] = (pinDigit(pin[ix++]) << 4) +
- (ix < pinLength ? pinDigit(pin[ix++]) : pinDigit('F'));
+ apdu[offset++] = (pinDigit(pin[ix]) << 4) +
+ ((ix+1) < pinLength ? pinDigit(pin[ix+1]) : pinDigit('F'));
}
#endif
@@ -471,6 +471,9 @@
mPinStatus = exchangeAPDU(apdu, sizeof(apdu), result, resultLength);
memset(apdu + 5, 0, 8);
BELPICError::check(mPinStatus);
+ // Start a new transaction which we never get rid of until someone calls
+ // unverifyPIN()
+ begin();
}
void BELPICToken::unverifyPIN(int pinNum)
@@ -484,8 +487,12 @@
uint32 BELPICToken::probe(SecTokendProbeFlags flags,
char tokenUid[TOKEND_MAX_UID])
{
- uint32 score = Tokend::ISO7816Token::probe(flags, tokenUid);
-
+// uint32 score = Tokend::ISO7816Token::probe(flags, tokenUid);
+//SCARD_PROTOCOL_T0
+ const SCARD_READERSTATE &readerState = *(*startupReaderInfo)();
+ connect(mSession, readerState.szReader, SCARD_PROTOCOL_T0);
+ uint32 score = 0;
+
bool doDisconnect = false; /*!(flags & kSecTokendProbeKeepToken); */
try
@@ -612,15 +619,15 @@
Tokend::Relation &dataRelation =
mSchema->findRelation(CSSM_DL_DB_RECORD_GENERIC);
- RefPointer<Tokend::Record> cert2(new BELPICBinaryFileRecord(kDF_BELPIC,
+ RefPointer<Tokend::Record> cert2(new BELPICCertificateRecord(kDF_BELPIC,
kBELPIC_EF_Cert2, "Cert #2 (authentication)"));
- RefPointer<Tokend::Record> cert3(new BELPICBinaryFileRecord(kDF_BELPIC,
+ RefPointer<Tokend::Record> cert3(new BELPICCertificateRecord(kDF_BELPIC,
kBELPIC_EF_Cert3, "Cert #3 (signature)"));
- RefPointer<Tokend::Record> cert4(new BELPICBinaryFileRecord(kDF_BELPIC,
+ RefPointer<Tokend::Record> cert4(new BELPICCertificateRecord(kDF_BELPIC,
kBELPIC_EF_Cert4, "Cert #4 (CA)"));
- RefPointer<Tokend::Record> cert6(new BELPICBinaryFileRecord(kDF_BELPIC,
+ RefPointer<Tokend::Record> cert6(new BELPICCertificateRecord(kDF_BELPIC,
kBELPIC_EF_Cert6, "Cert #6 (root)"));
- RefPointer<Tokend::Record> cert8(new BELPICBinaryFileRecord(kDF_BELPIC,
+ RefPointer<Tokend::Record> cert8(new BELPICCertificateRecord(kDF_BELPIC,
kBELPIC_EF_Cert8, "Cert #8 (RN)"));
certRelation.insertRecord(cert2);
@@ -642,19 +649,19 @@
key3->setAdornment(mSchema->publicKeyHashCoder().certificateKey(),
new Tokend::LinkedRecordAdornment(cert3));
- dataRelation.insertRecord(new BELPICBinaryFileRecord(kDF_ID,
+ dataRelation.insertRecord(new BELPICProtectedRecord(kDF_ID,
kID_EF_ID_RN, "ID#RN"));
- dataRelation.insertRecord(new BELPICBinaryFileRecord(kDF_ID,
+ dataRelation.insertRecord(new BELPICProtectedRecord(kDF_ID,
kID_EF_SGN_RN, "SGN#RN"));
- dataRelation.insertRecord(new BELPICBinaryFileRecord(kDF_ID,
+ dataRelation.insertRecord(new BELPICProtectedRecord(kDF_ID,
kID_EF_ID_ADDRESS, "ID#Address"));
- dataRelation.insertRecord(new BELPICBinaryFileRecord(kDF_ID,
+ dataRelation.insertRecord(new BELPICProtectedRecord(kDF_ID,
kID_EF_SGN_ADDRESS, "SGN#Address"));
- dataRelation.insertRecord(new BELPICBinaryFileRecord(kDF_ID,
+ dataRelation.insertRecord(new BELPICProtectedRecord(kDF_ID,
kID_EF_ID_PHOTO, "ID#Photo"));
- dataRelation.insertRecord(new BELPICBinaryFileRecord(kDF_ID,
+ dataRelation.insertRecord(new BELPICProtectedRecord(kDF_ID,
kID_EF_PuK7_ID, "PuK#7 ID (CA role ID)"));
- dataRelation.insertRecord(new BELPICBinaryFileRecord(kDF_ID,
+ dataRelation.insertRecord(new BELPICProtectedRecord(kDF_ID,
kID_EF_Preferences, "Preferences"));
secdebug("populate", "BELPICToken::populate() end");
Modified: trunk/Tokend/BELPIC/Info.plist
===================================================================
--- trunk/Tokend/BELPIC/Info.plist 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/BELPIC/Info.plist 2009-12-18 14:23:24 UTC (rev 77)
@@ -15,10 +15,10 @@
<key>CFBundlePackageType</key>
<string>????</string>
<key>CFBundleShortVersionString</key>
- <string>2.1.1</string>
+ <string>2.2</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>1</string>
+ <string>36720</string>
</dict>
</plist>
Modified: trunk/Tokend/BELPIC/belpic.cpp
===================================================================
--- trunk/Tokend/BELPIC/belpic.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/BELPIC/belpic.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -30,7 +30,7 @@
int main(int argc, const char *argv[])
{
secdebug("BELPIC.tokend", "main starting with %d arguments", argc);
- secdelay("/tmp/delay/BELPIC");
+ secdelay((char *)"/tmp/delay/BELPIC");
token = new BELPICToken();
return SecTokendMain(argc, argv, token->callbacks(), token->support());
Modified: trunk/Tokend/CAC/CACError.cpp
===================================================================
--- trunk/Tokend/CAC/CACError.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/CAC/CACError.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -35,7 +35,11 @@
//
CACError::CACError(uint16_t sw) : SCardError(sw)
{
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
IFDEBUG(debugDiagnose(this));
+#else
+ SECURITY_EXCEPTION_THROW_OTHER(this, sw, (char *)"CAC");
+#endif
}
CACError::~CACError() throw ()
@@ -64,12 +68,16 @@
#if !defined(NDEBUG)
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+
void CACError::debugDiagnose(const void *id) const
{
secdebug("exception", "%p CACError %s (%04hX)",
id, errorstr(statusWord), statusWord);
}
+#endif // MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+
const char *CACError::errorstr(uint16_t sw) const
{
switch (sw)
Modified: trunk/Tokend/CAC/CACError.h
===================================================================
--- trunk/Tokend/CAC/CACError.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/CAC/CACError.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -53,7 +53,9 @@
static void throwMe(uint16_t sw) __attribute__((noreturn));
protected:
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
IFDEBUG(void debugDiagnose(const void *id) const;)
+#endif
IFDEBUG(const char *errorstr(uint16_t sw) const;)
};
Modified: trunk/Tokend/CAC/CACRecord.cpp
===================================================================
--- trunk/Tokend/CAC/CACRecord.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/CAC/CACRecord.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -134,17 +134,16 @@
// CACKeyRecord
//
CACKeyRecord::CACKeyRecord(const unsigned char *application,
- const char *description, const Tokend::MetaRecord &metaRecord,
- bool signOnly) :
- CACRecord(application, description),
- mSignOnly(signOnly)
+ const char *description, const Tokend::MetaRecord &metaRecord) :
+ CACRecord(application, description)
{
+ // Allow all keys to decrypt, unwrap, sign
attributeAtIndex(metaRecord.metaAttribute(kSecKeyDecrypt).attributeIndex(),
- new Tokend::Attribute(!signOnly));
+ new Tokend::Attribute(true));
attributeAtIndex(metaRecord.metaAttribute(kSecKeyUnwrap).attributeIndex(),
- new Tokend::Attribute(!signOnly));
+ new Tokend::Attribute(true));
attributeAtIndex(metaRecord.metaAttribute(kSecKeySign).attributeIndex(),
- new Tokend::Attribute(signOnly));
+ new Tokend::Attribute(true));
}
CACKeyRecord::~CACKeyRecord()
@@ -158,9 +157,6 @@
if (dataLength > sizeInBits() / 8)
CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
- if (sign != mSignOnly)
- CssmError::throwMe(CSSMERR_CSP_KEY_USAGE_INCORRECT);
-
PCSC::Transaction _(cacToken);
cacToken.select(mApplication);
size_t apduSize = dataLength + 5;
@@ -199,18 +195,20 @@
mAclEntries.add(CssmClient::AclFactory::AnySubject(
mAclEntries.allocator()),
AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+
// Using this key to sign or decrypt will require PIN1
+ char tmptag[20];
+ const uint32 slot = 1; // hardwired for now, but...
+ snprintf(tmptag, sizeof(tmptag), "PIN%d", slot);
mAclEntries.add(CssmClient::AclFactory::PinSubject(
mAclEntries.allocator(), 1),
- AclAuthorizationSet((mSignOnly
- ? CSSM_ACL_AUTHORIZATION_SIGN
- : CSSM_ACL_AUTHORIZATION_DECRYPT), 0));
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_DECRYPT, 0),
+ tmptag);
}
count = mAclEntries.size();
acls = mAclEntries.entries();
}
-
//
// CACTBRecord
//
@@ -260,11 +258,11 @@
#endif
/*
- See NIST IR 6887 – 2003 EDITION, GSC-IS VERSION 2.1
+ See NIST IR 6887 \xD0 2003 EDITION, GSC-IS VERSION 2.1
5.3.4 Generic Container Provider Virtual Machine Card Edge Interface
for a description of how this command works
- READ BUFFER 0x80 0x52 Off/H Off/L 0x02 <buffer & number bytes to read> –
+ READ BUFFER 0x80 0x52 Off/H Off/L 0x02 <buffer & number bytes to read> \xD0
*/
Tokend::Attribute *CACTBRecord::getDataAttribute(CACToken &cacToken,
Modified: trunk/Tokend/CAC/CACRecord.h
===================================================================
--- trunk/Tokend/CAC/CACRecord.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/CAC/CACRecord.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -39,7 +39,7 @@
public:
CACRecord(const unsigned char *application, const char *description) :
mApplication(application), mDescription(description) {}
- ~CACRecord();
+ virtual ~CACRecord();
virtual const char *description() { return mDescription; }
@@ -59,7 +59,7 @@
CACCertificateRecord(const unsigned char *application,
const char *description) :
CACRecord(application, description) {}
- ~CACCertificateRecord();
+ virtual ~CACCertificateRecord();
virtual Tokend::Attribute *getDataAttribute(Tokend::TokenContext *tokenContext);
};
@@ -69,8 +69,8 @@
NOCOPY(CACKeyRecord)
public:
CACKeyRecord(const unsigned char *application, const char *description,
- const Tokend::MetaRecord &metaRecord, bool signOnly);
- ~CACKeyRecord();
+ const Tokend::MetaRecord &metaRecord);
+ virtual ~CACKeyRecord();
size_t sizeInBits() const { return 1024; }
void computeCrypt(CACToken &cacToken, bool sign, const unsigned char *data,
@@ -79,7 +79,6 @@
virtual void getAcl(const char *tag, uint32 &count,
AclEntryInfo *&aclList);
private:
- bool mSignOnly;
AutoAclEntryInfoList mAclEntries;
};
@@ -90,7 +89,7 @@
public:
CACTBRecord(const unsigned char *application, const char *description) :
CACRecord(application, description) {}
- ~CACTBRecord();
+ virtual ~CACTBRecord();
virtual Tokend::Attribute *getDataAttribute(Tokend::TokenContext *tokenContext);
@@ -106,7 +105,7 @@
public:
CACVBRecord(const unsigned char *application, const char *description) :
CACTBRecord(application, description) {}
- ~CACVBRecord();
+ virtual ~CACVBRecord();
virtual Tokend::Attribute *getDataAttribute(Tokend::TokenContext *tokenContext);
virtual void getAcl(const char *tag, uint32 &count,
Modified: trunk/Tokend/CAC/CACToken.cpp
===================================================================
--- trunk/Tokend/CAC/CACToken.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/CAC/CACToken.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -114,7 +114,8 @@
transmit(applet, applet_length, result, resultLength);
// If the select command failed this isn't a cac card, so we are done.
- if (resultLength < 2 || result[resultLength - 2] != 0x90 && result[resultLength - 2] != 0x61 /* || result[resultLength - 1] != 0x0D */)
+ if (resultLength < 2 || result[resultLength - 2] != 0x90 &&
+ result[resultLength - 2] != 0x61 /* || result[resultLength - 1] != 0x0D */)
PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
if (isInTransaction())
@@ -451,20 +452,20 @@
{
unsigned char result[0x2F];
size_t resultLength = sizeof(result);
- uint32_t cacreturn = getData(result, resultLength);
+ /* uint32_t cacreturn = */ getData(result, resultLength);
/* Score of 200 to ensure that CAC "wins" for Hybrid CAC/PIV cards */
- score = 200;
- // Now stick in the bytes returned by getData into the
- // tokenUid.
+ score = 200;
+ // Now stick in the bytes returned by getData into the
+ // tokenUid.
if(resultLength > 20)
- {
- sprintf(tokenUid,
- "CAC-%02X%02X-%02X%02X-%02X%02X-%02X%02X-%02X%02X",
- result[3], result[4], result[5], result[6], result[19],
- result[20], result[15], result[16], result[17],
- result[18]);
- }
+ {
+ sprintf(tokenUid,
+ "CAC-%02X%02X-%02X%02X-%02X%02X-%02X%02X-%02X%02X",
+ result[3], result[4], result[5], result[6], result[19],
+ result[20], result[15], result[16], result[17],
+ result[18]);
+ }
else
{
/* Cannot generated a tokenUid given the returned data.
@@ -476,10 +477,10 @@
strftime(reinterpret_cast<char *>(buffer), 80, "%s", timestruct);
snprintf(tokenUid, TOKEND_MAX_UID, "CAC-%s", buffer);
}
- Tokend::ISO7816Token::name(tokenUid);
- secdebug("probe", "recognized %s", tokenUid);
- }
+ Tokend::ISO7816Token::name(tokenUid);
+ secdebug("probe", "recognized %s", tokenUid);
}
+ }
catch (...)
{
doDisconnect = true;
@@ -587,13 +588,13 @@
RefPointer<Tokend::Record> idKey(new CACKeyRecord(
kSelectCACAppletPKIID, "Identity Private Key",
- privateKeyRelation.metaRecord(), true));
+ privateKeyRelation.metaRecord()));
RefPointer<Tokend::Record> eSigKey(new CACKeyRecord(
kSelectCACAppletPKIESig, "Email Signing Private Key",
- privateKeyRelation.metaRecord(), true));
+ privateKeyRelation.metaRecord()));
RefPointer<Tokend::Record> eCryKey(new CACKeyRecord(
kSelectCACAppletPKIECry, "Email Encryption Private Key",
- privateKeyRelation.metaRecord(), false));
+ privateKeyRelation.metaRecord()));
privateKeyRelation.insertRecord(idKey);
privateKeyRelation.insertRecord(eSigKey);
Modified: trunk/Tokend/CAC/Info.plist
===================================================================
--- trunk/Tokend/CAC/Info.plist 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/CAC/Info.plist 2009-12-18 14:23:24 UTC (rev 77)
@@ -15,10 +15,10 @@
<key>CFBundlePackageType</key>
<string>????</string>
<key>CFBundleShortVersionString</key>
- <string>2.1.1</string>
+ <string>2.2</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>1</string>
+ <string>36720</string>
</dict>
</plist>
Modified: trunk/Tokend/CAC/cac.cpp
===================================================================
--- trunk/Tokend/CAC/cac.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/CAC/cac.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -30,7 +30,7 @@
int main(int argc, const char *argv[])
{
secdebug("CAC.tokend", "main starting with %d arguments", argc);
- secdelay("/tmp/delay/CAC");
+ secdelay((char *)"/tmp/delay/CAC");
#if 0
setenv("DEBUGSCOPE", "-mutex,walkers", 0);
Modified: trunk/Tokend/MuscleCard/Info.plist
===================================================================
--- trunk/Tokend/MuscleCard/Info.plist 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/MuscleCard/Info.plist 2009-12-18 14:23:24 UTC (rev 77)
@@ -19,6 +19,6 @@
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>1</string>
+ <string>36720</string>
</dict>
</plist>
Modified: trunk/Tokend/PIV/Info.plist
===================================================================
--- trunk/Tokend/PIV/Info.plist 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/Info.plist 2009-12-18 14:23:24 UTC (rev 77)
@@ -15,10 +15,10 @@
<key>CFBundlePackageType</key>
<string>????</string>
<key>CFBundleShortVersionString</key>
- <string>2.1.1</string>
+ <string>2.2</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>1234</string>
+ <string>36720</string>
</dict>
</plist>
Modified: trunk/Tokend/PIV/PIVAttributeCoder.cpp
===================================================================
--- trunk/Tokend/PIV/PIVAttributeCoder.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/PIVAttributeCoder.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -56,3 +56,15 @@
record.attributeAtIndex(metaAttribute.attributeIndex(),
pivRecord.getDataAttribute(tokenContext));
}
+
+//
+// PIVKeySizeAttributeCoder
+//
+PIVKeySizeAttributeCoder::~PIVKeySizeAttributeCoder() {}
+
+void PIVKeySizeAttributeCoder::decode(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record)
+{
+ uint32 keySize = dynamic_cast<PIVKeyRecord &>(record).sizeInBits();
+ record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute(keySize));
+}
Modified: trunk/Tokend/PIV/PIVAttributeCoder.h
===================================================================
--- trunk/Tokend/PIV/PIVAttributeCoder.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/PIVAttributeCoder.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -55,5 +55,20 @@
const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record);
};
+
+//
+// A coder that produces the LogicalKeySizeInBits of a key
+//
+class PIVKeySizeAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(PIVKeySizeAttributeCoder)
+public:
+ PIVKeySizeAttributeCoder() {}
+ virtual ~PIVKeySizeAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext, const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record);
+};
+
+
#endif /* !_PIVATTRIBUTECODER_H_ */
Modified: trunk/Tokend/PIV/PIVCCC.h
===================================================================
--- trunk/Tokend/PIV/PIVCCC.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/PIVCCC.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -39,7 +39,7 @@
{
public:
PIVCCC(const byte_string &data) throw(PIVError);
- virtual ~PIVCCC();
+ virtual ~PIVCCC();
const unsigned char *identifier() const { return mIdentifier; }
std::string hexidentifier() const;
Modified: trunk/Tokend/PIV/PIVDefines.h
===================================================================
--- trunk/Tokend/PIV/PIVDefines.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/PIVDefines.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -29,8 +29,6 @@
#ifndef _PIVDEFINES_H_
#define _PIVDEFINES_H_
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
-
/*
For the PIV tokend, refer to NIST Specical Publication 800-73-1, "Interfaces
for Personal Identity Verification". The define for CLA_STANDARD comes from 2.3.3.1.1. [SP800731]
Modified: trunk/Tokend/PIV/PIVError.cpp
===================================================================
--- trunk/Tokend/PIV/PIVError.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/PIVError.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -48,7 +48,11 @@
//
PIVError::PIVError(uint16_t sw) : SCardError(sw)
{
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
IFDEBUG(debugDiagnose(this));
+#else
+ SECURITY_EXCEPTION_THROW_OTHER(this, sw, (char *)"PIV");
+#endif
}
PIVError::~PIVError() throw ()
@@ -78,12 +82,16 @@
#if !defined(NDEBUG)
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+
void PIVError::debugDiagnose(const void *id) const
{
secdebug("exception", "%p PIVError %s (%04hX)",
id, errorstr(statusWord), statusWord);
}
+#endif // MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+
const char *PIVError::errorstr(uint16_t sw) const
{
switch (sw)
Modified: trunk/Tokend/PIV/PIVError.h
===================================================================
--- trunk/Tokend/PIV/PIVError.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/PIVError.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -53,7 +53,7 @@
{
protected:
PIVError(uint16_t sw);
- virtual ~PIVError() throw ();
+ virtual ~PIVError() throw ();
public:
OSStatus osStatus() const;
virtual const char *what () const throw ();
@@ -62,7 +62,9 @@
static void throwMe(uint16_t sw) __attribute__((noreturn));
protected:
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
IFDEBUG(void debugDiagnose(const void *id) const;)
+#endif
IFDEBUG(const char *errorstr(uint16_t sw) const;)
};
Modified: trunk/Tokend/PIV/PIVKeyHandle.cpp
===================================================================
--- trunk/Tokend/PIV/PIVKeyHandle.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/PIVKeyHandle.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -26,16 +26,6 @@
* TokendPIV
*/
-/* ---------------------------------------------------------------------------
- *
- * MODIFY
- * - It may be that this file does not have to be modified. The heavy
- * lifting here is done by computeCrypt, so this might be the only
- * place to insert token-specific code. See PIVRecord.cpp for that.
- *
- * ---------------------------------------------------------------------------
-*/
-
#include "PIVKeyHandle.h"
#include "PIVRecord.h"
@@ -78,7 +68,7 @@
{
secdebug("crypto", "getOutputSize");
if (encrypting)
- CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
return inputSize; //accurate for crypto used on PIV cards
}
@@ -105,17 +95,19 @@
uint32 padding = CSSM_PADDING_PKCS1;
context.getInt(CSSM_ATTRIBUTE_PADDING, padding);
- Padding::apply(inputData, mKey.sizeInBits() / 8, alg, padding);
+ Padding::apply(inputData, mKey.sizeInBits() / 8, padding, alg);
// @@@ Switch to using tokend allocators
/* Use ref to a new buffer item to keep the data around after the function ends */
- byte_string& outputData = bufferAllocator.getBuffer();
+ size_t keyLength = mKey.sizeInBits() / 8;
+ byte_string outputData;
+ outputData.reserve(keyLength);
const AccessCredentials *cred = context.get<const AccessCredentials>(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS);
- // Sign the inputData using the token
+ // Sign the inputData using the token
mKey.computeCrypt(mToken, true, cred, inputData, outputData);
- signature.Data = &outputData[0];
+ signature.Data = malloc_copy(outputData);
signature.Length = outputData.size();
}
@@ -172,16 +164,16 @@
// @@@ Use a secure allocator for this.
/* Use ref to a new buffer item to keep the data around after the function ends */
- byte_string& outputData = bufferAllocator.getBuffer();
+ byte_string outputData;
outputData.reserve(cipher.Length);
// --- support for multiples of keyLength by doing multiple blocks
for(size_t i = 0; i < cipher.Length; i += keyLength) {
byte_string inputData(cipher.Data + i, cipher.Data + i + keyLength);
byte_string tmpOutput;
tmpOutput.reserve(keyLength);
- secdebug("crypto", "decrypt: card supports RSA_NOPAD");
+ secdebug("crypto", "decrypt: card supports RSA_NOPAD");
const AccessCredentials *cred = context.get<const AccessCredentials>(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS);
- // Decrypt the inputData using the token
+ // Decrypt the inputData using the token
mKey.computeCrypt(mToken, false, cred, inputData, tmpOutput);
Padding::remove(tmpOutput, padding);
outputData += tmpOutput;
@@ -189,7 +181,7 @@
secure_zero(tmpOutput);
}
- clear.Data = &outputData[0];
+ clear.Data = malloc_copy(outputData);
clear.Length = outputData.size();
}
Modified: trunk/Tokend/PIV/PIVKeyHandle.h
===================================================================
--- trunk/Tokend/PIV/PIVKeyHandle.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/PIVKeyHandle.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -79,8 +79,8 @@
* TODO: Need spec on how to do this 'right' -- preferred setup would be for
* the data buffer be provided
*/
- static const unsigned MAX_BUFFERS = 2;
- SecureBufferAllocator<MAX_BUFFERS> bufferAllocator;
+// static const unsigned MAX_BUFFERS = 2;
+// SecureBufferAllocator<MAX_BUFFERS> bufferAllocator;
};
Modified: trunk/Tokend/PIV/PIVRecord.cpp
===================================================================
--- trunk/Tokend/PIV/PIVRecord.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/PIVRecord.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -89,9 +89,9 @@
PIVToken &pivToken = dynamic_cast<PIVToken &>(*tokenContext);
if(mAllowCaching && lastAttribute.get())
return lastAttribute.get();
-
+
byte_string data;
-
+
pivToken.getDataCore(mApplication, description(), mIsCertificate, mAllowCaching, data);
/* Tokend::Attribute creates a copy of data */
lastAttribute.reset(new Tokend::Attribute(&data[0], data.size()));
@@ -103,9 +103,9 @@
//
PIVKeyRecord::PIVKeyRecord(const unsigned char *application, size_t applicationSize,
const char *description, const Tokend::MetaRecord &metaRecord,
- unsigned char keyRef) :
+ unsigned char keyRef, size_t keySize) :
PIVRecord(application, applicationSize, description),
- keyRef(keyRef)
+ keyRef(keyRef), keySize(keySize)
{
/* Allow all keys to decrypt, unwrap, sign */
attributeAtIndex(metaRecord.metaAttribute(kSecKeyDecrypt).attributeIndex(),
@@ -120,6 +120,10 @@
{
}
+size_t PIVKeyRecord::sizeInBits() const {
+ return keySize;
+}
+
/*
MODIFY - This is where most of the crypto functions end up, and
this will be the main place to actually talk with the token.
@@ -136,10 +140,10 @@
unsigned char algRef;
switch (sizeInBits()) {
case 1024:
- algRef = 0x06;
+ algRef = PIV_KEYALG_RSA_1024;
break;
case 2048:
- algRef = 0x07;
+ algRef = PIV_KEYALG_RSA_2048;
break;
default:
/* Cannot use a key ~= 1024 or 2048 bits yet */
@@ -249,20 +253,25 @@
mAclEntries.add(CssmClient::AclFactory::AnySubject(
mAclEntries.allocator()),
AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
-
+
CssmData prompt;
-
- if(isUserConsent()) {
- mAclEntries.add(CssmClient::AclFactory::PromptPWSubject(
- mAclEntries.allocator(), prompt),
- AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_DECRYPT, 0));
+ char tmptag[20];
+ const uint32 slot = 1; // hardwired for now, but...
+ snprintf(tmptag, sizeof(tmptag), "PIN%d", slot);
+
+ if(isUserConsent()) { // PIN1 must be entered every time
+ mAclEntries.add(
+ CssmClient::AclFactory::PromptPWSubject(mAclEntries.allocator(), prompt),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_DECRYPT, 0),
+ tmptag);
} else {
// Using this key to sign or decrypt will require PIN1
- mAclEntries.add(CssmClient::AclFactory::PinSubject(
- mAclEntries.allocator(), 1),
- AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_DECRYPT, 0));
+ mAclEntries.add(CssmClient::AclFactory::PinSubject(
+ mAclEntries.allocator(), 1),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_DECRYPT, 0),
+ tmptag);
+ }
}
- }
count = mAclEntries.size();
acls = mAclEntries.entries();
}
Modified: trunk/Tokend/PIV/PIVRecord.h
===================================================================
--- trunk/Tokend/PIV/PIVRecord.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/PIVRecord.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -41,7 +41,7 @@
public:
PIVRecord(const unsigned char *application, size_t applicationSize, const char *description) :
mApplication(application, application + applicationSize), mDescription(description) {}
- ~PIVRecord();
+ virtual ~PIVRecord();
virtual const char *description() { return mDescription.c_str(); }
@@ -59,10 +59,10 @@
NOCOPY(PIVKeyRecord)
public:
PIVKeyRecord(const unsigned char *application, size_t applicationSize, const char *description,
- const Tokend::MetaRecord &metaRecord, unsigned char keyRef);
- ~PIVKeyRecord();
+ const Tokend::MetaRecord &metaRecord, unsigned char keyRef, size_t keySize);
+ virtual ~PIVKeyRecord();
- size_t sizeInBits() const { return 1024; }
+ size_t sizeInBits() const;
void computeCrypt(PIVToken &pivToken, bool sign, const AccessCredentials *cred,
const byte_string& data_type, byte_string &output);
@@ -72,6 +72,7 @@
AutoAclEntryInfoList mAclEntries;
const unsigned char keyRef;
bool isUserConsent() const;
+ size_t keySize;
};
Modified: trunk/Tokend/PIV/PIVSchema.cpp
===================================================================
--- trunk/Tokend/PIV/PIVSchema.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/PIVSchema.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -46,8 +46,7 @@
using namespace Tokend;
PIVSchema::PIVSchema() :
- mKeyAlgorithmCoder(uint32(CSSM_ALGID_RSA)),
- mKeySizeCoder(uint32(1024)) // MODIFY: if you support different size keys
+ mKeyAlgorithmCoder(uint32(CSSM_ALGID_RSA))
{
}
Modified: trunk/Tokend/PIV/PIVSchema.h
===================================================================
--- trunk/Tokend/PIV/PIVSchema.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/PIVSchema.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -45,7 +45,7 @@
NOCOPY(PIVSchema)
public:
PIVSchema();
- virtual ~PIVSchema();
+ virtual ~PIVSchema();
virtual void create();
@@ -57,7 +57,7 @@
PIVDataAttributeCoder mPIVDataAttributeCoder;
Tokend::ConstAttributeCoder mKeyAlgorithmCoder;
- Tokend::ConstAttributeCoder mKeySizeCoder;
+ PIVKeySizeAttributeCoder mKeySizeCoder;
PIVKeyHandleFactory mPIVKeyHandleFactory;
};
Modified: trunk/Tokend/PIV/PIVToken.cpp
===================================================================
--- trunk/Tokend/PIV/PIVToken.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/PIVToken.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -40,6 +40,8 @@
#include <vector>
#include <zlib.h>
#include <CoreFoundation/CFString.h>
+/* FOR KEYSIZE RETREIVAL */
+#include <Security/Security.h>
#include <algorithm> /* min */
@@ -86,6 +88,14 @@
static const unsigned char kUniversalAID[] = { 0xA0, 0x00, 0x00, 0x01, 0x16, 0xDB, 0x00 };
+#pragma mark ---------- Data Description Strings -----------
+
+static const char *sDescripCardCapabilityContainer = "CCC";
+static const char *sDescripCardHolderUniqueIdentifier = "CHUID";
+static const char *sDescripCardHolderFingerprints = "FINGERPRINTS";
+static const char *sDescripPrintedInformation = "PRINTDATA";
+static const char *sDescripCardHolderFacialImage = "FACIALIMAGE";
+
#pragma mark ---------- Object IDs ----------
static const unsigned char oidCardCapabilityContainer[] = { PIV_OBJECT_ID_CARD_CAPABILITY_CONTAINER };
@@ -141,6 +151,9 @@
const char *workDirectory, char mdsDirectory[PATH_MAX],
char printName[PATH_MAX])
{
+ Tokend::ISO7816Token::establish(guid, subserviceId, flags,
+ cacheDirectory, workDirectory, mdsDirectory, printName);
+
#ifdef _USECERTIFICATECOMMONNAME
std::string commonName = authCertCommonName();
::snprintf(printName, 40, "PIV-%s", commonName.c_str());
@@ -154,9 +167,6 @@
Tokend::ISO7816Token::name(printName);
secdebug("pivtoken", "name: %s", printName);
- Tokend::ISO7816Token::establish(guid, subserviceId, flags,
- cacheDirectory, workDirectory, mdsDirectory, printName);
-
if(mSchema)
delete mSchema;
mSchema = new PIVSchema();
@@ -254,7 +264,12 @@
#ifndef _USEFALLBACKTOKENUID
byte_string cccOid((const unsigned char *)oidCardCapabilityContainer, oidCardCapabilityContainer + sizeof(oidCardCapabilityContainer));
byte_string cccdata;
- getDataCore(cccOid, "CCC", false, true, cccdata);
+ /*
+ Since probe is called before establish, securityd has not passed us
+ the cache directory yet, so we don't try to cache anything right now
+ */
+ const bool allowCaching = false;
+ getDataCore(cccOid, "CCC", false, allowCaching, cccdata);
PIVCCC ccc(cccdata);
snprintf(tokenUid, TOKEND_MAX_UID, "PIV-%s", ccc.hexidentifier().c_str());
@@ -285,6 +300,30 @@
return score;
}
+size_t PIVToken::getKeySize(const byte_string &cert) const {
+ size_t keySize = 0;
+ SecCertificateRef certRef = 0;
+ SecKeyRef keyRef = 0;
+ /* Parse certificate for size */
+ CSSM_DATA certData;
+ certData.Data = (uint8_t*)&cert[0];
+ certData.Length = cert.size();
+ const CSSM_KEY *cssmKey = NULL;
+ OSStatus status = SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_BER, &certRef);
+ if(status != noErr) goto done;
+ status = SecCertificateCopyPublicKey(certRef, &keyRef);
+ if(status != noErr) goto done;
+ status = SecKeyGetCSSMKey(keyRef, &cssmKey);
+ if(status != noErr) goto done;
+ keySize = cssmKey->KeyHeader.LogicalKeySizeInBits;
+done:
+ if(keyRef)
+ CFRelease(keyRef);
+ if(certRef)
+ CFRelease(certRef);
+ return keySize;
+}
+
void PIVToken::populate()
{
/*
@@ -303,7 +342,7 @@
mSchema->findRelation(CSSM_DL_DB_RECORD_PRIVATE_KEY);
Tokend::Relation &dataRelation =
mSchema->findRelation(CSSM_DL_DB_RECORD_GENERIC);
-
+
/*
Table 1. SP 800-73 Data Model Containers
@@ -324,30 +363,38 @@
const size_t sz = sizeof(oidCardCapabilityContainer);
// Card Capability Container 2.16.840.1.101.3.7.1.219.0 '5FC107' [Mandatory]
- dataRelation.insertRecord(new PIVDataRecord(oidCardCapabilityContainer, sz, "CCC"));
+ if (getDataExists(oidCardCapabilityContainer, sz, sDescripCardCapabilityContainer))
+ dataRelation.insertRecord(new PIVDataRecord(oidCardCapabilityContainer, sz, sDescripCardCapabilityContainer));
// Card Holder Unique Identifier 2.16.840.1.101.3.7.2.48.0 '5FC102' [Mandatory] [CHUID]
- dataRelation.insertRecord(new PIVDataRecord(oidCardHolderUniqueIdentifier, sz, "CHUID"));
+ if (getDataExists(oidCardHolderUniqueIdentifier, sz, sDescripCardHolderUniqueIdentifier))
+ dataRelation.insertRecord(new PIVDataRecord(oidCardHolderUniqueIdentifier, sz, sDescripCardHolderUniqueIdentifier));
// Card Holder Fingerprints 2.16.840.1.101.3.7.2.96.16 '5FC103' [Mandatory]
- dataRelation.insertRecord(new PIVProtectedRecord(oidCardHolderFingerprints, sz, "FINGERPRINTS"));
+ if (getDataExists(oidCardHolderFingerprints, sz, sDescripCardHolderFingerprints))
+ dataRelation.insertRecord(new PIVProtectedRecord(oidCardHolderFingerprints, sz, sDescripCardHolderFingerprints));
// Printed Information 2.16.840.1.101.3.7.2.48.1 '5FC109' [Optional]
- dataRelation.insertRecord(new PIVProtectedRecord(oidPrintedInformation, sz, "PRINTDATA"));
+ if (getDataExists(oidPrintedInformation, sz, sDescripPrintedInformation))
+ dataRelation.insertRecord(new PIVProtectedRecord(oidPrintedInformation, sz, sDescripPrintedInformation));
// Card Holder Facial Image 2.16.840.1.101.3.7.2.96.48 '5FC108' O
- dataRelation.insertRecord(new PIVProtectedRecord(oidCardHolderFacialImage, sz, "FACIALIMAGE"));
+ if (getDataExists(oidCardHolderFacialImage, sz, sDescripCardHolderFacialImage))
+ dataRelation.insertRecord(new PIVProtectedRecord(oidCardHolderFacialImage, sz, sDescripCardHolderFacialImage));
// Now describe the keys and certificates
-
+
+ // Note that the "Card Management Key", keyref 0x9B is a symmetric key
+ // and so is not listed here
+
const unsigned char *certids[] =
{
- oidX509CertificatePIVAuthentication,
- oidX509CertificateDigitalSignature,
- oidX509CertificateKeyManagement,
- oidX509CertificateCardAuthentication
+ oidX509CertificatePIVAuthentication, // 0x9A
+ oidX509CertificateDigitalSignature, // 0x9C
+ oidX509CertificateKeyManagement, // 0x9D
+ oidX509CertificateCardAuthentication // 0x9E
};
-
+
const char *certNames[] =
{
"PIV Authentication Certificate",
@@ -355,15 +402,15 @@
"Key Management Certificate",
"Card Authentication Certificate"
};
-
+
const char *keyNames[] =
{
- "PIV Authentication Private Key",
- "Digital Signature Private Key",
- "Key Management Private Key",
- "Card Authentication Private Key"
+ "PIV Authentication Private Key", // Keyref 9A
+ "Digital Signature Private Key", // Keyref 9C
+ "Key Management Private Key", // Keyref 9D
+ "Card Authentication Private Key" // Keyref 9E
};
-
+
const unsigned char keyRefs[] =
{
PIV_KEYREF_PIV_AUTHENTICATION,
@@ -371,13 +418,22 @@
PIV_KEYREF_PIV_KEY_MANAGEMENT,
PIV_KEYREF_PIV_CARD_AUTHENTICATION
};
-
+
for (unsigned int ix=0;ix<sizeof(certids)/sizeof(certids[0]);++ix)
{
+ byte_string certData;
+ try {
+ getDataCore(byte_string(certids[ix], certids[ix] + sz), certNames[ix], true, true, certData);
+ } catch(PIVError &e) {
+ continue;
+ }
+ int keySize = getKeySize(certData);
+ if(keySize == 0) continue;
+
RefPointer<Tokend::Record> cert(new PIVCertificateRecord(certids[ix], sz, certNames[ix]));
certRelation.insertRecord(cert);
- RefPointer<Tokend::Record> key(new PIVKeyRecord(certids[ix], sz, keyNames[ix], privateKeyRelation.metaRecord(), keyRefs[ix]));
+ RefPointer<Tokend::Record> key(new PIVKeyRecord(certids[ix], sz, keyNames[ix], privateKeyRelation.metaRecord(), keyRefs[ix], keySize));
privateKeyRelation.insertRecord(key);
// The Adornment class links a particular PIVCertificateRecord
@@ -613,48 +669,44 @@
select(kSelectPIVApplet, sizeof(kSelectPIVApplet));
}
-uint32_t PIVToken::exchangeAPDU(const byte_string &apdu, byte_string &result)
+uint16_t PIVToken::simpleExchangeAPDU(const byte_string &apdu, byte_string &result) {
+ transmit(apdu, result);
+ if (result.size() < 2)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ uint16_t ret = (result[result.size() - 2] << 8) + result[result.size() - 1];
+ // Trim off status bytes
+ result.resize(result.size() - 2);
+ return ret;
+}
+
+uint16_t PIVToken::exchangeAPDU(const byte_string &apdu, byte_string &result)
{
static const uint8_t GET_RESULT_TEMPLATE [] = { 0x00, 0xC0, 0x00, 0x00, 0xFF };
byte_string getResult(GET_RESULT_TEMPLATE, GET_RESULT_TEMPLATE + sizeof(GET_RESULT_TEMPLATE));
const int SIZE_INDEX = 4;
- transmit(apdu, result);
+ uint16_t ret = simpleExchangeAPDU(apdu, result);
/* Keep pulling more data */
- while (result.size() >= 2 && result[result.size() - 2] == PIV_RESULT_CONTINUATION_SW1)
+ while ((ret >> 8) == PIV_RESULT_CONTINUATION_SW1)
{
- size_t expectedLength = result[result.size() - 1];
+ size_t expectedLength = ret & 0xFF;
if(expectedLength == 0) /* 256-byte case .. */
expectedLength = 256;
- getResult[SIZE_INDEX] = expectedLength;
- // Trim off status bytes
- result.resize(result.size() - 2);
- size_t appended = transmit(getResult, result);
- if (appended != (expectedLength + 2))
- {
- if (appended < 2)
- PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
- else
- PIVError::throwMe((result[result.size() - 2] << 8)
- + result[result.size() - 1]);
- }
+ getResult[SIZE_INDEX] = expectedLength & 0xFF;
+ ret = simpleExchangeAPDU(getResult, result);
}
-
- if (result.size() < 2)
- PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
- uint16_t ret = (result[result.size() - 2] << 8) + result[result.size() - 1];
- // Trim off status bytes
- result.resize(result.size() - 2);
- return ret;
+ return ret;
}
-uint32_t PIVToken::exchangeChainedAPDU(unsigned char cla, unsigned char ins,
+uint16_t PIVToken::exchangeChainedAPDU(unsigned char cla, unsigned char ins,
unsigned char p1, unsigned char p2,
const byte_string &data,
byte_string &result)
{
+ const size_t BASE_CHUNK_LENGTH = 242; /* 242 == reasonably safe data chunk amount well under 256 */
byte_string apdu;
- apdu.reserve(5 + data.size());
+ uint16_t ret;
+ apdu.reserve(5 + BASE_CHUNK_LENGTH);
apdu.resize(5);
apdu[0] = cla;
apdu[1] = ins;
@@ -662,52 +714,66 @@
apdu[3] = p2;
apdu[0] |= 0x10;
- apdu += data;
- const size_t BASE_CHUNK_LENGTH = 256;
+ byte_string::iterator apduDataBegin = apdu.begin() + 5;
size_t chunkLength;
byte_string::const_iterator iter;
/* Chain data and skip last chunk since its in the receiving end */
for(iter = data.begin(); (iter + BASE_CHUNK_LENGTH) < data.end(); iter += BASE_CHUNK_LENGTH) {
chunkLength = std::min(BASE_CHUNK_LENGTH, (size_t)(data.end() - iter));
- apdu[5] = chunkLength & 0xFF;
+ apdu.resize(5 + chunkLength);
+ apdu[4] = chunkLength & 0xFF;
+ copy(iter, iter + chunkLength, apduDataBegin);
/* Don't send Le */
- transmit(apdu.begin(), apdu.begin() + 5 + chunkLength, result);
+ ret = simpleExchangeAPDU(apdu, result);
/* No real data should come back until chaining is complete */
- if(result.size() != 2)
- PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
- else
- PIVError::check(result[result.size() - 2] << 8 | result[result.size() - 1]);
- /* Trim off result SW */
- result.resize(result.size() - 2);
- // Trim off old data
- apdu.erase(apdu.begin() + 5, apdu.begin() + 5 + chunkLength);
+ PIVError::check(ret);
}
apdu[0] &= ~0x10;
- apdu[4] = (apdu.size() - 5) & 0xFF;
+ apdu[4] = (data.end() - iter) & 0xFF;
+ apdu.resize(5 + (data.end() - iter));
+ copy(iter, data.end(), apduDataBegin);
/* LE BYTE? */
return exchangeAPDU(apdu, result);
}
+byte_string PIVToken::buildGetData(const byte_string &oid, int limit /* = -1 */) const {
+ // The APDU only has space for a 3 byte OID
+ if (oid.size() != 3)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ const unsigned char dataFieldLen = 0x05;
+ static const unsigned char INITIAL_APDU_TEMPLATE[] = { PIV_GETDATA_APDU_TEMPLATE };
+ /* TODO: Build from ground-up */
+ byte_string initialApdu(INITIAL_APDU_TEMPLATE, INITIAL_APDU_TEMPLATE + sizeof(INITIAL_APDU_TEMPLATE));
+
+ initialApdu[PIV_GETDATA_APDU_INDEX_LEN] = dataFieldLen;
+ initialApdu[PIV_GETDATA_APDU_INDEX_OIDLEN] = oid.size();
+ copy(oid.begin(), oid.end(), initialApdu.begin() + PIV_GETDATA_APDU_INDEX_OID);
+ initialApdu.resize(PIV_GETDATA_APDU_INDEX_OID + oid.size());
+ if(limit > 255)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ if(limit >= 0)
+ initialApdu.push_back(limit);
+ return initialApdu;
+}
+
/*
This is where the actual data for a certificate or other data is retrieved from the token.
-
+
Here is a sample exchange
- APDU: 00 CB 3F FF 05 5C 03 5F C1 05
- APDU: 61 00
+ APDU: 00 CB 3F FF 05 5C 03 5F C1 05
+ APDU: 61 00
- APDU: 00 C0 00 00 00
+ APDU: 00 C0 00 00 00
APDU: 53 82 04 84 70 82 ... 61 00
- APDU: 00 C0 00 00 00
- APDU: 68 82 8C 52 65 ... 61 88
+ APDU: 00 C0 00 00 00
+ APDU: 68 82 8C 52 65 ... 61 88
- APDU: 00 C0 00 00 88
+ APDU: 00 C0 00 00 88
APDU: 50 D0 B2 A2 EF ... 90 00
*/
-
-
void PIVToken::getDataCore(const byte_string &oid, const char *description, bool isCertificate,
bool allowCaching, byte_string &data)
{
@@ -718,53 +784,19 @@
free(cssmData.Data);
return;
}
-
- // The APDU only has space for a 3 byte OID
- if (oid.size() != 3)
- PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
-
- const unsigned char dataFieldLen = 0x05; // doc says must be 16, but in pratice it is 5
- static const unsigned char INITIAL_APDU_TEMPLATE[] = { PIV_GETDATA_APDU_TEMPLATE };
- /* TODO: Build from ground-up */
- byte_string initialApdu(INITIAL_APDU_TEMPLATE, INITIAL_APDU_TEMPLATE + sizeof(INITIAL_APDU_TEMPLATE));
-
- initialApdu[PIV_GETDATA_APDU_INDEX_LEN] = dataFieldLen;
- initialApdu[PIV_GETDATA_APDU_INDEX_OIDLEN] = oid.size();
- copy(oid.begin(), oid.end(), initialApdu.begin() + PIV_GETDATA_APDU_INDEX_OID);
- initialApdu.resize(PIV_GETDATA_APDU_INDEX_OID + oid.size());
-
- static const unsigned char CONTINUATION_APDU_TEMPLATE[] = { PIV_GETDATA_CONT_APDU_TEMPLATE };
- byte_string continuationApdu(CONTINUATION_APDU_TEMPLATE, CONTINUATION_APDU_TEMPLATE + sizeof(CONTINUATION_APDU_TEMPLATE));
-
- byte_string *apdu = &initialApdu;
-
// Talk to token here to get data
{
+ byte_string getDataApdu = buildGetData(oid);
PCSC::Transaction _(*this);
selectDefault();
- uint32_t rx;
- do
- {
- rx = exchangeAPDU(*apdu, data);
- secdebug("pivtokend", "exchangeAPDU result %02X", rx);
-
- if ((rx & 0xFF00) != SCARD_BYTES_LEFT_IN_SW2 &&
- (rx & 0xFF00) != SCARD_SUCCESS)
- PIVError::check(rx);
-
- // Switch to the continuation APDU after first exchange
- apdu = &continuationApdu;
-
- // Number of bytes to fetch next time around is in the last byte returned.
- // For all except the penultimate read, this is 0, indicating that the
- // token should read all bytes.
-
- apdu->at(PIV_GETDATA_CONT_APDU_INDEX_LEN) = static_cast<unsigned char>(rx & 0xFF);
- } while ((rx & 0xFF00) == SCARD_BYTES_LEFT_IN_SW2);
+ /* Continuation handled by exchangeAPDU */
+ uint16_t rx = exchangeAPDU(getDataApdu, data);
+ secdebug("pivtokend", "exchangeAPDU result %02X", rx);
+ PIVError::check(rx);
+ if(data.size() > PIV_MAX_DATA_SIZE) {
+ PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ }
}
- if(data.size() > PIV_MAX_DATA_SIZE) {
- PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
- }
dumpDataRecord(data, oid);
// Start to parse the BER-TLV encoded data. In the end, we only return the
@@ -774,9 +806,9 @@
if (data.size()<=0)
return;
if (data[0] != PIV_GETDATA_RESPONSE_TAG)
- PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
- if (isCertificate)
+ if (isCertificate)
processCertificateRecord(data, oid, description);
if (!allowCaching)
@@ -784,13 +816,13 @@
cssmData.Data = &data[0];
cssmData.Length = data.size();
cacheObject(0, description, cssmData);
- }
+}
void PIVToken::processCertificateRecord(byte_string &data, const byte_string &oid, const char *description)
{
bool hasCertificateData = false;
bool isCompressed = false;
-
+
// 00000000 53 82 04 84 70 82 04 78 78 da 33 68 62 db 61 d0
TLV_ref tlv;
TLVList list;
@@ -969,3 +1001,16 @@
return resultLength;
}
+bool PIVToken::getDataExists(const unsigned char *oid, size_t oidlen, const char *description)
+{
+ /* Read the data object, limiting it at one byte received to help speed things along */
+ byte_string result;
+ byte_string getDataApdu = buildGetData(byte_string(oid, oid + oidlen), 1);
+ uint16_t rx = simpleExchangeAPDU(getDataApdu, result);
+ if(rx == 0x6A82) return false; /* Object certainly doesn't exist */
+ if(rx == 0x6982) return true; /* Assume security status not satisified == object exists */
+ if(rx & 0xFF00 == SCARD_BYTES_LEFT_IN_SW2) return true; /* More bytes left */
+ if((rx >> 8) == PIV_RESULT_CONTINUATION_SW1) return true; /* More data available */
+ return result.size() > 0; /* Data has been returned */
+}
+
Modified: trunk/Tokend/PIV/PIVToken.h
===================================================================
--- trunk/Tokend/PIV/PIVToken.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/PIVToken.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -159,22 +159,27 @@
/* NOTE: Using pointers for applet selection rather than byte_strings to permit simple selection detection */
void select(const unsigned char *applet, size_t appletLength);
void selectDefault();
- uint32_t exchangeAPDU(const byte_string& apdu,
- byte_string &result);
- uint32_t exchangeChainedAPDU(unsigned char cla, unsigned char ins,
+ /* Exchanges APDU without performing data continuation */
+ uint16_t simpleExchangeAPDU(const byte_string &apdu, byte_string &result);
+ /* Exchanges APDU, performing data retreival continuation as needed */
+ uint16_t exchangeAPDU(const byte_string& apdu, byte_string &result);
+ uint16_t exchangeChainedAPDU(unsigned char cla, unsigned char ins,
unsigned char p1, unsigned char p2,
const byte_string &data,
byte_string &result);
- uint32_t getData(byte_string &result);
+ /* Builds the GetData APDU string with a given limit, if limit == -1, no limit */
+ byte_string buildGetData(const byte_string &oid, int limit = -1) const;
void getDataCore(const byte_string &oid, const char *description, bool isCertificate,
bool allowCaching, byte_string &data);
+ bool getDataExists(const unsigned char *oid, size_t oidlen, const char *description);
std::string authCertCommonName();
protected:
void populate();
+ size_t getKeySize(const byte_string &cert) const;
void processCertificateRecord(byte_string &data, const byte_string &oid, const char *description);
void dumpDataRecord(const byte_string &data, const byte_string &oid, const char *extraSuffix = NULL);
static int compressionType(const byte_string &data);
@@ -187,7 +192,7 @@
kCompressionGzip = 2,
kCompressionUnknown = 9
};
-
+
size_t transmit(const byte_string &apdu, byte_string &result) {
return transmit(apdu.begin(), apdu.end(), result);
}
Modified: trunk/Tokend/PIV/Padding.cpp
===================================================================
--- trunk/Tokend/PIV/Padding.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/Padding.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -83,6 +83,7 @@
if(headerLength > 0) {
data.insert(data.begin(), header, header + headerLength);
}
+ int markerByteLocation;
// Calculate and apply padding
switch (padding) {
case CSSM_PADDING_NONE:
@@ -93,7 +94,7 @@
// Pad using PKCS1 v1.5 signature padding ( 00 01 FF FF.. 00 | M)
if(data.size() + 11 > keySize)
CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
- int markerByteLocation = keySize - data.size() - 1;
+ markerByteLocation = keySize - data.size() - 1;
data.insert(data.begin(), keySize - data.size(), 0xFF);
data[0] = 0;
data[1] = 1;
Modified: trunk/Tokend/PIV/SecureBufferAllocator.h
===================================================================
--- trunk/Tokend/PIV/SecureBufferAllocator.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/SecureBufferAllocator.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -33,7 +33,9 @@
*/
template<size_t MAX_SIZE>
class SecureBufferAllocator {
+ NOCOPY(SecureBufferAllocator);
public:
+ SecureBufferAllocator();
~SecureBufferAllocator();
byte_string &getBuffer();
Modified: trunk/Tokend/PIV/SecureBufferAllocator.inc
===================================================================
--- trunk/Tokend/PIV/SecureBufferAllocator.inc 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/SecureBufferAllocator.inc 2009-12-18 14:23:24 UTC (rev 77)
@@ -25,6 +25,11 @@
#include "PIVUtilities.h"
template<size_t MAX_SIZE>
+SecureBufferAllocator<MAX_SIZE>::SecureBufferAllocator()
+: nextFree(0) {
+}
+
+template<size_t MAX_SIZE>
SecureBufferAllocator<MAX_SIZE>::~SecureBufferAllocator() {
/* Clear out all buffers */
for(size_t i = 0; i < buffers.size(); i++)
Modified: trunk/Tokend/PIV/byte_string.h
===================================================================
--- trunk/Tokend/PIV/byte_string.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/byte_string.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -23,8 +23,6 @@
#ifndef BYTE_STRING
#define BYTE_STRING
-
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
#include <vector>
/** Utility definition and additional operators to make working with
Modified: trunk/Tokend/PIV/piv.cpp
===================================================================
--- trunk/Tokend/PIV/piv.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/PIV/piv.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -42,11 +42,12 @@
int main(int argc, const char *argv[])
{
-#ifdef _USECERTIFICATECOMMONNAME
+ /* @@@ REQUIRED FOR KEYSIZE RETRIEVAL I THINK */
+#if defined(_USECERTIFICATECOMMONNAME) || 1
SecKeychainSetServerMode();
#endif /* _USECERTIFICATECOMMONNAME */
secdebug("PIV.tokend", "main starting with %d arguments", argc);
- secdelay("/tmp/delay/PIV");
+ secdelay((char *)"/tmp/delay/PIV");
token = new PIVToken();
try {
@@ -56,5 +57,5 @@
} catch(...) {
delete token;
return -1;
+ }
}
-}
Modified: trunk/Tokend/Tokend/Adornment.h
===================================================================
--- trunk/Tokend/Tokend/Adornment.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/Adornment.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -29,7 +29,6 @@
#ifndef _TOKEND_ADORNMENT_H_
#define _TOKEND_ADORNMENT_H_
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
#include <security_utilities/adornments.h>
#include <security_utilities/refcount.h>
#include <Security/SecCertificate.h>
Modified: trunk/Tokend/Tokend/Attribute.h
===================================================================
--- trunk/Tokend/Tokend/Attribute.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/Attribute.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -29,7 +29,6 @@
#ifndef _TOKEND_ATTRIBUTE_H_
#define _TOKEND_ATTRIBUTE_H_
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
#include <Security/cssmtype.h>
#include <security_cdsa_utilities/cssmdb.h>
#include <string>
Modified: trunk/Tokend/Tokend/AttributeCoder.cpp
===================================================================
--- trunk/Tokend/Tokend/AttributeCoder.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/AttributeCoder.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -41,7 +41,6 @@
#include <Security/SecKey.h>
#include <Security/SecCertificate.h>
#include <Security/SecKeychainItem.h>
-#include <Security/SecKeychainItemPriv.h>
namespace Tokend
{
Modified: trunk/Tokend/Tokend/AttributeCoder.h
===================================================================
--- trunk/Tokend/Tokend/AttributeCoder.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/AttributeCoder.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -29,7 +29,6 @@
#ifndef _TOKEND_ATTRIBUTECODER_H_
#define _TOKEND_ATTRIBUTECODER_H_
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
#include <security_utilities/utilities.h>
#include <Security/cssmtype.h>
Modified: trunk/Tokend/Tokend/DbValue.h
===================================================================
--- trunk/Tokend/Tokend/DbValue.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/DbValue.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -29,7 +29,6 @@
#ifndef _TOKEND_DBVALUE_H_
#define _TOKEND_DBVALUE_H_
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
#include <security_cdsa_utilities/cssmdata.h>
#include <security_cdsa_utilities/cssmdb.h>
#include <Security/cssmerr.h>
Modified: trunk/Tokend/Tokend/MetaRecord.h
===================================================================
--- trunk/Tokend/Tokend/MetaRecord.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/MetaRecord.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -29,7 +29,6 @@
#ifndef _TOKEND_METARECORD_H_
#define _TOKEND_METARECORD_H_
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
#include <security_cdsa_utilities/cssmdata.h>
#include <map>
#include <string>
@@ -86,8 +85,8 @@
const MetaAttribute &metaAttribute(
const CSSM_DB_ATTRIBUTE_INFO &inAttributeInfo) const;
- const MetaAttribute &MetaRecord::metaAttribute(uint32 name) const;
- const MetaAttribute &MetaRecord::metaAttribute(
+ const MetaAttribute &metaAttribute(uint32 name) const;
+ const MetaAttribute &metaAttribute(
const std::string &name) const;
const MetaAttribute &metaAttributeForData() const;
Modified: trunk/Tokend/Tokend/PKCS11Object.h
===================================================================
--- trunk/Tokend/Tokend/PKCS11Object.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/PKCS11Object.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -29,7 +29,6 @@
#ifndef _TOKEND_PKCS11OBJECT_H_
#define _TOKEND_PKCS11OBJECT_H_
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
#include <stdint.h>
#include <map>
#include <security_utilities/debugging.h>
Modified: trunk/Tokend/Tokend/Record.h
===================================================================
--- trunk/Tokend/Tokend/Record.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/Record.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -29,7 +29,6 @@
#ifndef _TOKEND_RECORD_H_
#define _TOKEND_RECORD_H_
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
#include "AttributeCoder.h"
#include "MetaRecord.h"
#include "Attribute.h"
Modified: trunk/Tokend/Tokend/RecordHandle.h
===================================================================
--- trunk/Tokend/Tokend/RecordHandle.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/RecordHandle.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -29,7 +29,6 @@
#ifndef _TOKEND_RECORDHANDLE_H_
#define _TOKEND_RECORDHANDLE_H_
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
#include <security_cdsa_utilities/handleobject.h>
#include <security_utilities/refcount.h>
#include <security_cdsa_utilities/cssmaclpod.h>
Modified: trunk/Tokend/Tokend/SCardError.cpp
===================================================================
--- trunk/Tokend/Tokend/SCardError.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/SCardError.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -202,7 +202,11 @@
//
SCardError::SCardError(uint16_t sw) : statusWord(sw)
{
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
IFDEBUG(debugDiagnose(this));
+#else
+ SECURITY_EXCEPTION_THROW_OTHER(this, sw, (char *)"SCard");
+#endif
}
const char *SCardError::what() const throw ()
@@ -300,12 +304,16 @@
#if !defined(NDEBUG)
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+
void SCardError::debugDiagnose(const void *id) const
{
secdebug("exception", "%p Error %s (%04hX)",
id, errorstr(statusWord), statusWord);
}
+#endif // MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+
const char *SCardError::errorstr(uint16_t sw)
{
switch (sw)
Modified: trunk/Tokend/Tokend/SCardError.h
===================================================================
--- trunk/Tokend/Tokend/SCardError.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/SCardError.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -29,7 +29,6 @@
#ifndef _TOKEND_SCARDERROR_H_
#define _TOKEND_SCARDERROR_H_
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
#include <security_utilities/debugging.h>
#include <security_utilities/errors.h>
@@ -262,7 +261,9 @@
static void throwMe(uint16_t sw) __attribute__((noreturn));
protected:
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
IFDEBUG(void debugDiagnose(const void *id) const;)
+#endif
IFDEBUG(static const char *errorstr(uint16_t sw);)
};
Modified: trunk/Tokend/Tokend/Schema.cpp
===================================================================
--- trunk/Tokend/Tokend/Schema.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/Schema.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -35,9 +35,10 @@
#include <Security/SecKey.h>
#include <Security/SecCertificate.h>
#include <Security/SecKeychainItem.h>
-#include <Security/SecKeychainItemPriv.h>
#include <Security/cssmapple.h>
+//#define REGISTER_SCHEMA_RELATIONS 1
+
namespace Tokend
{
@@ -140,13 +141,13 @@
#endif
#ifdef REGISTER_SCHEMA_RELATIONS
- registerRelation("CSSM_DL_DB_SCHEMA_INFO", CSSM_DL_DB_SCHEMA_INFO)
+ registerRelation("CSSM_DL_DB_SCHEMA_INFO", CSSM_DL_DB_SCHEMA_INFO);
registerAttribute(CSSM_DL_DB_SCHEMA_INFO, &an_RelationID, 0,
kAF_UINT32, true);
registerAttribute(CSSM_DL_DB_SCHEMA_INFO, &an_RelationName, 1,
kAF_UINT32, false);
registerRelation("CSSM_DL_DB_SCHEMA_ATTRIBUTES",
- CSSM_DL_DB_SCHEMA_ATTRIBUTES)
+ CSSM_DL_DB_SCHEMA_ATTRIBUTES);
registerAttribute(CSSM_DL_DB_SCHEMA_ATTRIBUTES, &an_RelationID, 0,
kAF_UINT32, true);
registerAttribute(CSSM_DL_DB_SCHEMA_ATTRIBUTES, &an_AttributeID, 2,
@@ -159,7 +160,7 @@
kAF_BLOB, false);
registerAttribute(CSSM_DL_DB_SCHEMA_ATTRIBUTES, &an_AttributeFormat, 6,
kAF_UINT32, false);
- registerRelation("CSSM_DL_DB_SCHEMA_INDEXES", CSSM_DL_DB_SCHEMA_INDEXES)
+ registerRelation("CSSM_DL_DB_SCHEMA_INDEXES", CSSM_DL_DB_SCHEMA_INDEXES);
registerAttribute(CSSM_DL_DB_SCHEMA_INDEXES, &an_RelationID, 0,
kAF_UINT32, true);
registerAttribute(CSSM_DL_DB_SCHEMA_INDEXES, &an_IndexID, 1,
@@ -177,6 +178,8 @@
// layer expects.
Relation *Schema::createStandardRelation(RelationId relationId)
{
+ // avoid include of <Security/SecKeychainItemPriv.h> for definition of kSecProtectedDataItemAttr
+ const uint32 localkSecProtectedDataItemAttr = 'prot'; /* Item's data is protected (encrypted) (Boolean) */
std::string relationName;
// Get the name based on the relation
switch (relationId)
@@ -191,6 +194,8 @@
relationName = "CSSM_DL_DB_RECORD_X509_CERTIFICATE"; break;
case CSSM_DL_DB_RECORD_GENERIC:
relationName = "CSSM_DL_DB_RECORD_GENERIC"; break;
+ case CSSM_DL_DB_RECORD_GENERIC_PASSWORD:
+ relationName = "CSSM_DL_DB_RECORD_GENERIC_PASSWORD"; break;
default: CssmError::throwMe(CSSMERR_DL_INVALID_RECORDTYPE);
}
@@ -230,7 +235,22 @@
an_SignRecover = "SignRecover",
an_VerifyRecover = "VerifyRecover",
an_Wrap = "Wrap",
- an_Unwrap = "Unwrap";
+ an_Unwrap = "Unwrap",
+ an_CreationDate = "CreationDate",
+ an_ModDate = "ModDate",
+ an_Description = "Description",
+ an_Comment = "Comment",
+ an_Creator = "Creator",
+ an_Type = "Type",
+ an_ScriptCode = "ScriptCode",
+ an_Invisible = "Invisible",
+ an_Negative = "Negative",
+ an_CustomIcon = "CustomIcon",
+ an_Protected = "Protected",
+ an_Account = "Account",
+ an_Service = "Service",
+ an_Generic = "Generic"
+ ;
// @@@ HARDWIRED Based on what SecKeychain layer expects @@@
switch (relationId)
@@ -335,6 +355,39 @@
mPublicKeyHashCoder.setPublicKeyMetaAttribute(&(rt->metaRecord()
.metaAttribute(kSecKeyLabel)));
break;
+ case CSSM_DL_DB_RECORD_GENERIC_PASSWORD:
+ createAttribute(*rt, &an_CreationDate, kSecCreationDateItemAttr,
+ kAF_TIME_DATE, true).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_ModDate, kSecModDateItemAttr,
+ kAF_TIME_DATE, true).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Description, kSecDescriptionItemAttr,
+ kAF_BLOB, false).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Comment, kSecCommentItemAttr,
+ kAF_BLOB, false).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Creator, kSecCreatorItemAttr, kAF_UINT32, 0);
+ createAttribute(*rt, &an_Type, kSecTypeItemAttr, kAF_UINT32, 0);
+ createAttribute(*rt, &an_ScriptCode, kSecScriptCodeItemAttr, kAF_UINT32, 0);
+
+ createAttribute(*rt, &an_PrintName, kSecLabelItemAttr, kAF_BLOB, false)
+ .attributeCoder(&mDescriptionCoder);
+ createAttribute(*rt, &an_Alias, kSecAlias, kAF_BLOB, false)
+ .attributeCoder(&mZeroCoder);
+
+ createAttribute(*rt, &an_Invisible, kSecInvisibleItemAttr, kAF_UINT32, 0);
+ createAttribute(*rt, &an_Negative, kSecNegativeItemAttr, kAF_UINT32, 0);
+ createAttribute(*rt, &an_CustomIcon, kSecCustomIconItemAttr,
+ kAF_BLOB, false).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Protected, localkSecProtectedDataItemAttr,
+ kAF_BLOB, false).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Account, kSecAccountItemAttr,
+ kAF_BLOB, false).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Service, kSecServiceItemAttr,
+ kAF_BLOB, false).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Generic, kSecGenericItemAttr,
+ kAF_BLOB, false).attributeCoder(&mZeroCoder);
+ rt->metaRecord().attributeCoderForData(&mDataAttributeCoder);
+
+ break;
}
return rt;
Modified: trunk/Tokend/Tokend/Schema.h
===================================================================
--- trunk/Tokend/Tokend/Schema.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/Schema.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -29,7 +29,6 @@
#ifndef _TOKEND_SCHEMA_H_
#define _TOKEND_SCHEMA_H_
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
#include <security_cdsa_utilities/cssmdata.h>
#include <security_cdsa_utilities/cssmdb.h>
#include <map>
Modified: trunk/Tokend/Tokend/SelectionPredicate.h
===================================================================
--- trunk/Tokend/Tokend/SelectionPredicate.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/SelectionPredicate.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -29,7 +29,6 @@
#ifndef _TOKEND_SELECTIONPREDICATE_H_
#define _TOKEND_SELECTIONPREDICATE_H_
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
#include <security_cdsa_utilities/cssmdata.h>
namespace Tokend
Modified: trunk/Tokend/Tokend/Token.cpp
===================================================================
--- trunk/Tokend/Tokend/Token.cpp 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/Token.cpp 2009-12-18 14:23:24 UTC (rev 77)
@@ -239,8 +239,9 @@
{
BEGIN
secdebug("tokend", "releaseSearch(%ld)", hSearch);
- Security::HandleObject::findAndKill<Cursor>(hSearch,
+ Cursor &curs = Security::HandleObject::findAndKill<Cursor>(hSearch,
CSSMERR_CSSM_INVALID_ADDIN_HANDLE);
+ delete &curs;
END(DL)
}
@@ -248,8 +249,9 @@
{
BEGIN
secdebug("tokend", "releaseRecord(%ld)", hRecord);
- Security::HandleObject::findAndKill<RecordHandle>(hRecord,
+ RecordHandle &rech = Security::HandleObject::findAndKill<RecordHandle>(hRecord,
CSSMERR_CSSM_INVALID_ADDIN_HANDLE);
+ delete &rech;
END(DL)
}
@@ -265,8 +267,9 @@
{
BEGIN
secdebug("tokend", "releaseKey(%ld)", hKey);
- Security::HandleObject::findAndKill<KeyHandle>(hKey,
+ KeyHandle &keyh = Security::HandleObject::findAndKill<KeyHandle>(hKey,
CSSMERR_CSP_INVALID_KEY_REFERENCE);
+ delete &keyh;
END(CSP)
}
@@ -692,7 +695,7 @@
BEGIN
secdebug("tokend", "_isLocked");
Required(locked) = token->isLocked();
- secdebug("tokend", "_isLocked: ", *locked);
+ secdebug("tokend", "_isLocked: %d", *locked);
END(DL)
}
@@ -842,6 +845,8 @@
case CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD:
case CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD:
{
+ if (sample.length() != 2) // not recognized, may have non-existing data
+ return;
CssmData &pin = sample[1].data();
return verifyPIN(pinNum, pin.Data, pin.Length);
}
Modified: trunk/Tokend/Tokend/Token.h
===================================================================
--- trunk/Tokend/Tokend/Token.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/Token.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -29,7 +29,6 @@
#ifndef _TOKEND_TOKEN_H_
#define _TOKEND_TOKEN_H_
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
#include <SecurityTokend/SecTokend.h>
#include <security_utilities/osxcode.h>
#include <security_cdsa_utilities/context.h>
Modified: trunk/Tokend/Tokend/TokenContext.h
===================================================================
--- trunk/Tokend/Tokend/TokenContext.h 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend/TokenContext.h 2009-12-18 14:23:24 UTC (rev 77)
@@ -29,7 +29,6 @@
#ifndef _TOKEND_TOKENCONTEXT_H_
#define _TOKEND_TOKENCONTEXT_H_
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
#include <security_utilities/utilities.h>
namespace Tokend
Modified: trunk/Tokend/Tokend.xcodeproj/project.pbxproj
===================================================================
--- trunk/Tokend/Tokend.xcodeproj/project.pbxproj 2009-12-18 08:22:08 UTC (rev 76)
+++ trunk/Tokend/Tokend.xcodeproj/project.pbxproj 2009-12-18 14:23:24 UTC (rev 77)
@@ -24,6 +24,7 @@
/* End PBXAggregateTarget section */
/* Begin PBXBuildFile section */
+ 52A683110EEF1FB200F71D5B /* BELPICAttributeCoder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 52A6830F0EEF1FB200F71D5B /* BELPICAttributeCoder.cpp */; };
52B260320BC5A864007E00F1 /* Adornment.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C1B9B6406DBF99F00014414 /* Adornment.cpp */; };
52B260330BC5A864007E00F1 /* Attribute.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A9606DBF81800FA17D9 /* Attribute.cpp */; };
52B260340BC5A864007E00F1 /* AttributeCoder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A8A06DBF81800FA17D9 /* AttributeCoder.cpp */; };
@@ -118,10 +119,8 @@
52B260CB0BC5A864007E00F1 /* PIVCCC.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 529D9A7B0B867FA900DBFA4B /* PIVCCC.cpp */; };
52B260CD0BC5A864007E00F1 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBF5CBE0704E76200EEADC2 /* libz.dylib */; };
52B260CE0BC5A864007E00F1 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CA8C4D606D6D19400F1BCC8 /* CoreFoundation.framework */; };
- 52E66B970E92E78700CDE046 /* Padding.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 52E66B8F0E92E78700CDE046 /* Padding.cpp */; };
- 52E66B980E92E78700CDE046 /* SecureBufferAllocator.inc in Sources */ = {isa = PBXBuildFile; fileRef = 52E66B930E92E78700CDE046 /* SecureBufferAllocator.inc */; };
- 52E66B990E92E78700CDE046 /* TLV.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 52E66B940E92E78700CDE046 /* TLV.cpp */; };
- 52E66B9A0E92E78700CDE046 /* TLV.inc in Sources */ = {isa = PBXBuildFile; fileRef = 52E66B960E92E78700CDE046 /* TLV.inc */; };
+ 52CAA8CB0EBF7E40004C1A9E /* Padding.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 52CAA8C70EBF7E40004C1A9E /* Padding.cpp */; };
+ 52CAA8CC0EBF7E40004C1A9E /* TLV.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 52CAA8C90EBF7E40004C1A9E /* TLV.cpp */; };
C29914660C441EBB009571C2 /* PCSC.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52CA8342067E8175005A1EBA /* PCSC.framework */; };
C29914670C441EBB009571C2 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52CA8343067E8175005A1EBA /* Security.framework */; };
/* End PBXBuildFile section */
@@ -245,7 +244,7 @@
4C273A200708CE2C00CCB0FA /* CACError.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CACError.cpp; sourceTree = "<group>"; };
4C3C166D06F61D6F00FC8AAC /* KeyHandle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KeyHandle.h; sourceTree = "<group>"; };
4C3C166E06F61D6F00FC8AAC /* KeyHandle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = KeyHandle.cpp; sourceTree = "<group>"; };
- 4C3FACAC06DBF84400D18D5F /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = Info.plist; sourceTree = "<group>"; };
+ 4C3FACAC06DBF84400D18D5F /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
4C3FACAD06DBF84400D18D5F /* musclecard.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = musclecard.cpp; sourceTree = "<group>"; };
4C3FACAE06DBF84400D18D5F /* MuscleCardToken.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MuscleCardToken.cpp; sourceTree = "<group>"; };
4C3FACAF06DBF84400D18D5F /* MuscleCardToken.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MuscleCardToken.h; sourceTree = "<group>"; };
@@ -277,7 +276,7 @@
4C7BA74F0703990100E5719F /* CACToken.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CACToken.cpp; sourceTree = "<group>"; };
4C7BA7500703990100E5719F /* CACToken.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CACToken.h; sourceTree = "<group>"; };
4C7BA7510703990100E5719F /* cac.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cac.cpp; sourceTree = "<group>"; };
- 4C7BA7520703990100E5719F /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = Info.plist; sourceTree = "<group>"; };
+ 4C7BA7520703990100E5719F /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
4C86D3A0070B4122006A0C7F /* belpic.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = belpic.cpp; sourceTree = "<group>"; };
4C86D3A3070B4122006A0C7F /* BELPICError.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = BELPICError.cpp; sourceTree = "<group>"; };
4C86D3A4070B4122006A0C7F /* BELPICError.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = BELPICError.h; sourceTree = "<group>"; };
@@ -289,7 +288,7 @@
4C86D3AA070B4122006A0C7F /* BELPICSchema.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = BELPICSchema.h; sourceTree = "<group>"; };
4C86D3AB070B4122006A0C7F /* BELPICToken.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = BELPICToken.cpp; sourceTree = "<group>"; };
4C86D3AC070B4122006A0C7F /* BELPICToken.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = BELPICToken.h; sourceTree = "<group>"; };
- 4C86D3AD070B4122006A0C7F /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = Info.plist; sourceTree = "<group>"; };
+ 4C86D3AD070B4122006A0C7F /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
4CA858F10654413F0083DED3 /* SecurityTokend.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; path = SecurityTokend.framework; sourceTree = BUILT_PRODUCTS_DIR; };
4CA8C4D606D6D19400F1BCC8 /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = /System/Library/Frameworks/CoreFoundation.framework; sourceTree = "<absolute>"; };
4CBF5C380704CDBF00EEADC2 /* CACRecord.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CACRecord.h; sourceTree = "<group>"; };
@@ -303,7 +302,7 @@
523F79EC06D5AC27004256A0 /* security_cdsa_client.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; path = security_cdsa_client.framework; sourceTree = BUILT_PRODUCTS_DIR; };
523F79ED06D5AC27004256A0 /* security_cdsa_utilities.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; path = security_cdsa_utilities.framework; sourceTree = BUILT_PRODUCTS_DIR; };
523F79EE06D5AC27004256A0 /* security_utilities.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; path = security_utilities.framework; sourceTree = BUILT_PRODUCTS_DIR; };
- 5280677F0B78E98600D02C3A /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; name = Info.plist; path = PIV/Info.plist; sourceTree = "<group>"; };
+ 5280677F0B78E98600D02C3A /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.xml; name = Info.plist; path = PIV/Info.plist; sourceTree = "<group>"; };
528067810B78E98600D02C3A /* piv_csp_capabilities.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = piv_csp_capabilities.mdsinfo; sourceTree = "<group>"; };
528067820B78E98600D02C3A /* piv_csp_capabilities_common.mds */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = piv_csp_capabilities_common.mds; sourceTree = "<group>"; };
528067830B78E98600D02C3A /* piv_csp_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = piv_csp_primary.mdsinfo; sourceTree = "<group>"; };
@@ -324,6 +323,8 @@
528067920B78E98600D02C3A /* PIVToken.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = PIVToken.h; path = PIV/PIVToken.h; sourceTree = "<group>"; };
529D9A7B0B867FA900DBFA4B /* PIVCCC.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = PIVCCC.cpp; path = PIV/PIVCCC.cpp; sourceTree = "<group>"; };
529D9A7C0B867FA900DBFA4B /* PIVCCC.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = PIVCCC.h; path = PIV/PIVCCC.h; sourceTree = "<group>"; };
+ 52A6830F0EEF1FB200F71D5B /* BELPICAttributeCoder.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = BELPICAttributeCoder.cpp; sourceTree = "<group>"; };
+ 52A683100EEF1FB200F71D5B /* BELPICAttributeCoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BELPICAttributeCoder.h; sourceTree = "<group>"; };
52B2604A0BC5A864007E00F1 /* libtokend.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libtokend.a; sourceTree = BUILT_PRODUCTS_DIR; };
52B260620BC5A864007E00F1 /* Info-tokend__Upgraded_.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "Info-tokend__Upgraded_.plist"; sourceTree = "<group>"; };
52B260630BC5A864007E00F1 /* tokend.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = tokend.framework; sourceTree = BUILT_PRODUCTS_DIR; };
@@ -333,17 +334,13 @@
52B260D40BC5A864007E00F1 /* PIV.tokend */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = PIV.tokend; sourceTree = BUILT_PRODUCTS_DIR; };
52CA8342067E8175005A1EBA /* PCSC.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = PCSC.framework; path = /System/Library/Frameworks/PCSC.framework; sourceTree = "<absolute>"; };
52CA8343067E8175005A1EBA /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; path = Security.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+ 52CAA8C60EBF7E40004C1A9E /* byte_string.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = byte_string.h; path = PIV/byte_string.h; sourceTree = "<group>"; };
+ 52CAA8C70EBF7E40004C1A9E /* Padding.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = Padding.cpp; path = PIV/Padding.cpp; sourceTree = "<group>"; };
+ 52CAA8C80EBF7E40004C1A9E /* Padding.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Padding.h; path = PIV/Padding.h; sourceTree = "<group>"; };
+ 52CAA8C90EBF7E40004C1A9E /* TLV.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = TLV.cpp; path = PIV/TLV.cpp; sourceTree = "<group>"; };
+ 52CAA8CA0EBF7E40004C1A9E /* TLV.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = TLV.h; path = PIV/TLV.h; sourceTree = "<group>"; };
52DE698106E93B870024EA03 /* PKCS11Object.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PKCS11Object.h; sourceTree = "<group>"; };
52DE698206E93B870024EA03 /* PKCS11Object.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PKCS11Object.cpp; sourceTree = "<group>"; };
- 52E66B8E0E92E78700CDE046 /* byte_string.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = byte_string.h; path = PIV/byte_string.h; sourceTree = "<group>"; };
- 52E66B8F0E92E78700CDE046 /* Padding.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = Padding.cpp; path = PIV/Padding.cpp; sourceTree = "<group>"; };
- 52E66B900E92E78700CDE046 /* Padding.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Padding.h; path = PIV/Padding.h; sourceTree = "<group>"; };
- 52E66B910E92E78700CDE046 /* PIVUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = PIVUtilities.h; path = PIV/PIVUtilities.h; sourceTree = "<group>"; };
- 52E66B920E92E78700CDE046 /* SecureBufferAllocator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecureBufferAllocator.h; path = PIV/SecureBufferAllocator.h; sourceTree = "<group>"; };
- 52E66B930E92E78700CDE046 /* SecureBufferAllocator.inc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.pascal; name = SecureBufferAllocator.inc; path = PIV/SecureBufferAllocator.inc; sourceTree = "<group>"; };
- 52E66B940E92E78700CDE046 /* TLV.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = TLV.cpp; path = PIV/TLV.cpp; sourceTree = "<group>"; };
- 52E66B950E92E78700CDE046 /* TLV.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = TLV.h; path = PIV/TLV.h; sourceTree = "<group>"; };
- 52E66B960E92E78700CDE046 /* TLV.inc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.pascal; name = TLV.inc; path = PIV/TLV.inc; sourceTree = "<group>"; };
/* End PBXFileReference section */
/* Begin PBXFrameworksBuildPhase section */
@@ -574,6 +571,8 @@
4C86D39F070B4122006A0C7F /* BELPIC */ = {
isa = PBXGroup;
children = (
+ 52A6830F0EEF1FB200F71D5B /* BELPICAttributeCoder.cpp */,
+ 52A683100EEF1FB200F71D5B /* BELPICAttributeCoder.h */,
4C5C1CE0073065EA00AECB7F /* mds */,
4C86D3A0070B4122006A0C7F /* belpic.cpp */,
4C86D3A3070B4122006A0C7F /* BELPICError.cpp */,
@@ -608,15 +607,11 @@
5280675F0B78E86F00D02C3A /* PIV */ = {
isa = PBXGroup;
children = (
- 52E66B8E0E92E78700CDE046 /* byte_string.h */,
- 52E66B8F0E92E78700CDE046 /* Padding.cpp */,
- 52E66B900E92E78700CDE046 /* Padding.h */,
- 52E66B910E92E78700CDE046 /* PIVUtilities.h */,
- 52E66B920E92E78700CDE046 /* SecureBufferAllocator.h */,
- 52E66B930E92E78700CDE046 /* SecureBufferAllocator.inc */,
- 52E66B940E92E78700CDE046 /* TLV.cpp */,
- 52E66B950E92E78700CDE046 /* TLV.h */,
- 52E66B960E92E78700CDE046 /* TLV.inc */,
+ 52CAA8C60EBF7E40004C1A9E /* byte_string.h */,
+ 52CAA8C70EBF7E40004C1A9E /* Padding.cpp */,
+ 52CAA8C80EBF7E40004C1A9E /* Padding.h */,
+ 52CAA8C90EBF7E40004C1A9E /* TLV.cpp */,
+ 52CAA8CA0EBF7E40004C1A9E /* TLV.h */,
528067800B78E98600D02C3A /* mds */,
529D9A7B0B867FA900DBFA4B /* PIVCCC.cpp */,
529D9A7C0B867FA900DBFA4B /* PIVCCC.h */,
@@ -925,6 +920,7 @@
52B260710BC5A864007E00F1 /* BELPICRecord.cpp in Sources */,
52B260720BC5A864007E00F1 /* BELPICSchema.cpp in Sources */,
52B260730BC5A864007E00F1 /* BELPICToken.cpp in Sources */,
+ 52A683110EEF1FB200F71D5B /* BELPICAttributeCoder.cpp in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
@@ -976,10 +972,8 @@
52B260C90BC5A864007E00F1 /* PIVSchema.cpp in Sources */,
52B260CA0BC5A864007E00F1 /* PIVToken.cpp in Sources */,
52B260CB0BC5A864007E00F1 /* PIVCCC.cpp in Sources */,
- 52E66B970E92E78700CDE046 /* Padding.cpp in Sources */,
- 52E66B980E92E78700CDE046 /* SecureBufferAllocator.inc in Sources */,
- 52E66B990E92E78700CDE046 /* TLV.cpp in Sources */,
- 52E66B9A0E92E78700CDE046 /* TLV.inc in Sources */,
+ 52CAA8CB0EBF7E40004C1A9E /* Padding.cpp in Sources */,
+ 52CAA8CC0EBF7E40004C1A9E /* TLV.cpp in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
@@ -1040,7 +1034,6 @@
BUILD_VARIANTS = debug;
COPY_PHASE_STRIP = NO;
GCC_DYNAMIC_NO_PIC = NO;
- GCC_ENABLE_FIX_AND_CONTINUE = YES;
GCC_GENERATE_DEBUGGING_SYMBOLS = YES;
GCC_OPTIMIZATION_LEVEL = 0;
GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES;
@@ -1070,7 +1063,6 @@
52B2602A0BC5A864007E00F1 /* Deployment */ = {
isa = XCBuildConfiguration;
buildSettings = {
- GCC_ENABLE_FIX_AND_CONTINUE = NO;
PRODUCT_NAME = world;
SECTORDER_FLAGS = "";
ZERO_LINK = NO;
@@ -1081,13 +1073,12 @@
isa = XCBuildConfiguration;
buildSettings = {
BUILD_VARIANTS = debug;
- CURRENT_PROJECT_VERSION = 1;
+ CURRENT_PROJECT_VERSION = 36720;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
);
GCC_DYNAMIC_NO_PIC = NO;
- GCC_ENABLE_FIX_AND_CONTINUE = YES;
GCC_GENERATE_DEBUGGING_SYMBOLS = YES;
GCC_PREPROCESSOR_DEFINITIONS = LIMITED_SIGNING;
LIBRARY_STYLE = STATIC;
@@ -1131,14 +1122,13 @@
nopic,
);
COPY_PHASE_STRIP = YES;
- CURRENT_PROJECT_VERSION = 1;
+ CURRENT_PROJECT_VERSION = 36720;
FRAMEWORK_SEARCH_PATHS = (
"$(inherited)",
/usr/local/SecurityPieces/Frameworks,
"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
);
GCC_DEBUGGING_SYMBOLS = default;
- GCC_ENABLE_FIX_AND_CONTINUE = NO;
GCC_PREPROCESSOR_DEFINITIONS = LIMITED_SIGNING;
LIBRARY_STYLE = STATIC;
OPT_CFLAGS = "-DNDEBUG -Os $(OPT_INLINEFLAGS)";
@@ -1181,7 +1171,6 @@
"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
);
FRAMEWORK_VERSION = A;
- GCC_ENABLE_FIX_AND_CONTINUE = YES;
GCC_SYMBOLS_PRIVATE_EXTERN = NO;
INFOPLIST_FILE = "Info-tokend__Upgraded_.plist";
INSTALL_PATH = /usr/local/SecurityPieces/Frameworks;
@@ -1196,7 +1185,6 @@
buildSettings = {
FRAMEWORK_VERSION = A;
GCC_DEBUGGING_SYMBOLS = default;
- GCC_ENABLE_FIX_AND_CONTINUE = NO;
GCC_SYMBOLS_PRIVATE_EXTERN = NO;
INFOPLIST_FILE = "Info-tokend__Upgraded_.plist";
INSTALL_PATH = /usr/local/SecurityPieces/Frameworks;
@@ -1212,13 +1200,12 @@
ALWAYS_SEARCH_USER_PATHS = YES;
BUILD_VARIANTS = debug;
COPY_PHASE_STRIP = NO;
- CURRENT_PROJECT_VERSION = 1;
+ CURRENT_PROJECT_VERSION = 36720;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
);
GCC_DYNAMIC_NO_PIC = NO;
- GCC_ENABLE_FIX_AND_CONTINUE = YES;
GCC_GENERATE_DEBUGGING_SYMBOLS = YES;
GCC_MODEL_TUNING = G5;
GCC_OPTIMIZATION_LEVEL = 0;
@@ -1278,13 +1265,12 @@
normal,
debug,
);
- CURRENT_PROJECT_VERSION = 1;
+ CURRENT_PROJECT_VERSION = 36720;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
);
GCC_DYNAMIC_NO_PIC = YES;
- GCC_ENABLE_FIX_AND_CONTINUE = NO;
GCC_MODEL_TUNING = G5;
INFOPLIST_FILE = BELPIC/Info.plist;
INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security/tokend";
@@ -1322,13 +1308,12 @@
buildSettings = {
BUILD_VARIANTS = debug;
COPY_PHASE_STRIP = NO;
- CURRENT_PROJECT_VERSION = 1;
+ CURRENT_PROJECT_VERSION = 36720;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
);
GCC_DYNAMIC_NO_PIC = NO;
- GCC_ENABLE_FIX_AND_CONTINUE = YES;
GCC_GENERATE_DEBUGGING_SYMBOLS = YES;
GCC_MODEL_TUNING = G5;
GCC_OPTIMIZATION_LEVEL = 0;
@@ -1388,13 +1373,12 @@
normal,
debug,
);
- CURRENT_PROJECT_VERSION = 1;
+ CURRENT_PROJECT_VERSION = 36720;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
);
GCC_DYNAMIC_NO_PIC = YES;
- GCC_ENABLE_FIX_AND_CONTINUE = NO;
GCC_MODEL_TUNING = G5;
INFOPLIST_FILE = CAC/Info.plist;
INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security/tokend";
@@ -1432,13 +1416,12 @@
buildSettings = {
BUILD_VARIANTS = debug;
COPY_PHASE_STRIP = NO;
- CURRENT_PROJECT_VERSION = 1;
+ CURRENT_PROJECT_VERSION = 36720;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
);
GCC_DYNAMIC_NO_PIC = NO;
- GCC_ENABLE_FIX_AND_CONTINUE = YES;
GCC_GENERATE_DEBUGGING_SYMBOLS = YES;
GCC_MODEL_TUNING = G5;
GCC_OPTIMIZATION_LEVEL = 0;
@@ -1498,13 +1481,12 @@
normal,
debug,
);
- CURRENT_PROJECT_VERSION = 1;
+ CURRENT_PROJECT_VERSION = 36720;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
);
GCC_DYNAMIC_NO_PIC = YES;
- GCC_ENABLE_FIX_AND_CONTINUE = NO;
GCC_MODEL_TUNING = G5;
INFOPLIST_FILE = MuscleCard/Info.plist;
INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security/tokend";
@@ -1542,13 +1524,12 @@
buildSettings = {
BUILD_VARIANTS = debug;
COPY_PHASE_STRIP = NO;
- CURRENT_PROJECT_VERSION = 1;
+ CURRENT_PROJECT_VERSION = 36720;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
);
GCC_DYNAMIC_NO_PIC = NO;
- GCC_ENABLE_FIX_AND_CONTINUE = YES;
GCC_GENERATE_DEBUGGING_SYMBOLS = YES;
GCC_MODEL_TUNING = G5;
GCC_OPTIMIZATION_LEVEL = 0;
@@ -1608,13 +1589,12 @@
normal,
debug,
);
- CURRENT_PROJECT_VERSION = 1;
+ CURRENT_PROJECT_VERSION = 36720;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
);
GCC_DYNAMIC_NO_PIC = YES;
- GCC_ENABLE_FIX_AND_CONTINUE = NO;
GCC_MODEL_TUNING = G5;
INFOPLIST_FILE = PIV/Info.plist;
INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security/tokend";
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-changes/attachments/20091218/cbfc97b5/attachment-0001.html>
More information about the SmartcardServices-Changes
mailing list