[SmartcardServices-Changes] [104] trunk/Tokend/PKCS11
source_changes at macosforge.org
source_changes at macosforge.org
Fri Jan 29 05:46:47 PST 2010
Revision: 104
http://trac.macosforge.org/projects/smartcardservices/changeset/104
Author: ludovic.rousseau at gmail.com
Date: 2010-01-29 05:46:45 -0800 (Fri, 29 Jan 2010)
Log Message:
-----------
do not use the card ATR to select the PKCS#11 to use but try all the
libs in /usr/lib/pkcs11/ until working slot is found
Modified Paths:
--------------
trunk/Tokend/PKCS11/GemaltoToken.cpp
trunk/Tokend/PKCS11/GemaltoToken.h
Modified: trunk/Tokend/PKCS11/GemaltoToken.cpp
===================================================================
--- trunk/Tokend/PKCS11/GemaltoToken.cpp 2010-01-25 14:07:08 UTC (rev 103)
+++ trunk/Tokend/PKCS11/GemaltoToken.cpp 2010-01-29 13:46:45 UTC (rev 104)
@@ -45,6 +45,7 @@
#include <sstream>
#include <iostream>
#include <iomanip>
+#include <dirent.h>
extern "C" const char *cssmErrorString(OSStatus status);
@@ -56,6 +57,9 @@
#define GEMALTO_MAX_SLOT_COUNT 16
+/* search PKCS#11 libs here.
+ * See http://wiki.cacert.org/wiki/Pkcs11TaskForce */
+#define PKCS11LIB_PATH "/usr/lib/pkcs11/"
GemaltoToken::GemaltoToken() :
@@ -71,64 +75,6 @@
::ERR_load_crypto_strings();
::X509V3_add_standard_extensions();
- // Load Classic ATR
- FILE* f = fopen("/etc/ClassicClient/atr.cnf", "r");
- if (f != NULL)
- {
- int state=0;
- char card[1024];
- char atr[1024];
- char mask[1024];
- do {
- char line[1024];
- if (fgets(line, sizeof(line), f) == NULL) {
- fclose(f);
- break;
- }
- if ((state & 0x1) == 0 && strncasecmp(line, "card:", 5) == 0) {
- char* p = trim_line(line+5);
- strcpy(card, p);
- state |= 0x1;
- } else if ((state & 0x2) == 0 && strncasecmp(line, "atr:", 4) == 0) {
- char* p = trim_line(line+4);
- strcpy(atr, p);
- state |= 0x2;
- } else if ((state & 0x4) == 0 && strncasecmp(line, "atrmask:", 8) == 0) {
- char* p = trim_line(line+8);
- strcpy(mask, p);
- state |= 0x4;
- } else {
- char* p = trim_line(line);
- if (strlen(p) == 0)
- state = 0;
- }
- if (state == 0x7)
- {
- state = 0;
-
- size_t cardLength = strlen(card)+1;
- size_t atrLength = (strlen(atr)+1) / 2;
- size_t maskLength = (strlen(mask)+1) / 2;
- if (atrLength == maskLength) {
- size_t cardAtrLength = sizeof(CardAtr) + cardLength + 2 * atrLength;
- CardAtr* cardAtr = (CardAtr*) std::malloc(cardAtrLength);
- if (cardAtr)
- {
- cardAtr->name = (char*)cardAtr + sizeof(CardAtr);
- strcpy(cardAtr->name, card);
- cardAtr->length = atrLength;
- cardAtr->atr = (unsigned char*)cardAtr + sizeof(CardAtr) + cardLength;
- convert_hex(cardAtr->atr, atr);
- cardAtr->mask = (unsigned char*)cardAtr + sizeof(CardAtr) + cardLength + atrLength;
- convert_hex(cardAtr->mask, mask);
-
- atrs.push_back(cardAtr);
- }
- }
- }
- } while (1);
- }//(f != NULL)
-
log( "GemaltoToken::GemaltoToken <END>\n" );
}
@@ -346,63 +292,81 @@
GemaltoToken::toStringHex( readerState.rgbAtr, readerState.cbAtr, s );
log( "GemaltoToken::probe - ATR <%s>\n", s.c_str( ) );
- if (!s_CK_pFunctionList)
- {
- const char* dlPath = "/usr/lib/pkcs11/libgtop11dotnet.dylib";
+ DIR *dirp = opendir(PKCS11LIB_PATH);
+ if (NULL == dirp)
+ CKError::throwMe(CKR_GENERAL_ERROR);
- for (CardAtrVector::const_iterator it = atrs.begin(); it != atrs.end(); ++it)
- {
- const CardAtr* cardAtr = (*it);
- unsigned int i;
- for (i=0; i<cardAtr->length; i++) {
- if (cardAtr->mask[i] == 0)
- continue;
- if (i >= readerState.cbAtr)
- break;
- if ((readerState.rgbAtr[i] & cardAtr->mask[i]) != (cardAtr->atr[i] & cardAtr->mask[i]))
- break;
- }
- if (i == cardAtr->length)
- {
- // Found Classic Client smartcard
- dlPath = "/usr/lib/pkcs11/libgclib.dylib";
- break;
- }
- }
-
+ bool found = false;
+ struct dirent *dir_entry;
+ while (!found && (dir_entry = readdir(dirp)) != NULL)
+ {
+ std::string lib_name = PKCS11LIB_PATH;
+ const char* dlPath;
+ CK_FUNCTION_LIST_PTR p;
+ CK_RV rv;
+
+ /* skip . and .. entries */
+ if ((strcmp(dir_entry->d_name, ".") == 0) || (strcmp(dir_entry->d_name, "..") == 0))
+ continue;
+
+ lib_name.append(dir_entry->d_name);
+ dlPath = lib_name.c_str();
log( "GemaltoToken::probe - Using %s PKCS#11 library\n", dlPath );
+
mDLHandle = dlopen(dlPath, RTLD_LAZY | RTLD_GLOBAL);
- if (!mDLHandle)
+ if (NULL == mDLHandle)
{
log( "GemaltoToken::probe - ## ERROR ## Cannot load the PKCS#11 library\n" );
- CKError::throwMe(CKR_GENERAL_ERROR);
+ continue;
}
-
+
CK_C_GetFunctionList C_GetFunctionList_PTR = (CK_C_GetFunctionList) dlsym(mDLHandle, "C_GetFunctionList");
- if (!C_GetFunctionList_PTR)
+ if (NULL == C_GetFunctionList_PTR)
{
- log( "GemaltoToken::probe - ## ERROR ## Cannot load the PKCS#11 function list\n" );
- CKError::throwMe(CKR_GENERAL_ERROR);
+ log( "GemaltoToken::probe - ## ERROR ## Cannot load the PKCS#11 function list\n", dlerror() );
+ continue;
}
+
+ /* ---- Cryptoki library standard initialization ---- */
+ rv = (*C_GetFunctionList_PTR)(&s_CK_pFunctionList);
+ if (rv != CKR_OK)
+ {
+ log("GemaltoToken::probe - C_GetFunctionList() failed: %d\n", rv);
+ continue;
+ }
+
+ rv = CK_D_(C_Initialize)(NULL_PTR);
+ if (rv != CKR_OK)
+ {
+ log("GemaltoToken::probe - C_Initialize() failed: %d\n", rv);
+ continue;
+ }
- CKError::check((*C_GetFunctionList_PTR)(&s_CK_pFunctionList));
+ CK_ULONG ulSlotCount = GEMALTO_MAX_SLOT_COUNT;
+ CK_SLOT_ID pSlotID[GEMALTO_MAX_SLOT_COUNT];
+ CKError::check(CK_D_(C_GetSlotList)(CK_TRUE, pSlotID, &ulSlotCount));
+ for (CK_ULONG i=0; i<ulSlotCount; i++)
+ {
+ CK_SLOT_INFO slotInfo;
+ CKError::check(CK_D_(C_GetSlotInfo)(pSlotID[i], &slotInfo));
+
+ /* check that the PKCS#11 slot is using the reader selected by the tokend */
+ if (strncmp((char*) slotInfo.slotDescription, readerState.szReader, strlen(readerState.szReader)) == 0)
+ {
+ found = true;
+ mCKSlotId = pSlotID[i];
+ break;
+ }
+ }
- CKError::check(CK_D_(C_Initialize)(NULL_PTR));
- }
-
- CK_ULONG ulSlotCount = GEMALTO_MAX_SLOT_COUNT;
- CK_SLOT_ID pSlotID[GEMALTO_MAX_SLOT_COUNT];
- CKError::check(CK_D_(C_GetSlotList)(CK_TRUE, pSlotID, &ulSlotCount));
- bool found = false;
- for (CK_ULONG i=0; i<ulSlotCount; i++) {
- CK_SLOT_INFO slotInfo;
- CKError::check(CK_D_(C_GetSlotInfo)(pSlotID[i], &slotInfo));
- if (strncmp((char*) slotInfo.slotDescription, readerState.szReader, strlen(readerState.szReader)) == 0) {
- found = true;
- mCKSlotId = pSlotID[i];
- break;
+ /* Not the correct PKCS#11 lib. Close it and try the next one */
+ if (!found)
+ {
+ CKError::check(CK_D_(C_Finalize)(NULL_PTR));
+ dlclose(mDLHandle);
}
}
+ (void)closedir(dirp);
if (found)
{
@@ -418,9 +382,7 @@
score = 999;
// Setup the tokendUID
- //snprintf(tokenUid, TOKEND_MAX_UID, "Gemalto smartcard #%.*s (%.*s)", (int) sizeof(mCKTokenInfo.serialNumber), mCKTokenInfo.serialNumber, (int) sizeof(mCKTokenInfo.label), mCKTokenInfo.label );
- char label[ 33 ];
- memset( label, 0, sizeof( label ) );
+ char label[ sizeof(mCKTokenInfo.label) ];
memcpy( label, mCKTokenInfo.label, sizeof(mCKTokenInfo.label) );
char* trimLabel = trim_line( label );
snprintf(tokenUid, TOKEND_MAX_UID, "Gemalto smartcard %s (%.*s)", trimLabel, (int) sizeof(mCKTokenInfo.serialNumber), mCKTokenInfo.serialNumber );
Modified: trunk/Tokend/PKCS11/GemaltoToken.h
===================================================================
--- trunk/Tokend/PKCS11/GemaltoToken.h 2010-01-25 14:07:08 UTC (rev 103)
+++ trunk/Tokend/PKCS11/GemaltoToken.h 2010-01-29 13:46:45 UTC (rev 104)
@@ -88,9 +88,6 @@
unsigned char* mask;
} CardAtr;
- typedef std::vector<CardAtr* > CardAtrVector;
- CardAtrVector atrs;
-
char* trim_line(char* line);
uint32 _pinFromAclTag(const char *tag, const char *suffix = NULL);
void _aclClear(AutoAclEntryInfoList& acl);
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-changes/attachments/20100129/0c57e769/attachment.html>
More information about the SmartcardServices-Changes
mailing list