[Fedora-directory-commits] coolkey/src/windows/csp RegDll.cpp, 1.1, 1.2 State.cpp, 1.1, 1.2 State.h, 1.1, 1.2 csp.cpp, 1.2, 1.3 csp.h, 1.2, 1.3 cspx.cpp, 1.1, 1.2
Jack Magne (jmagne)
fedora-directory-commits at redhat.com
Mon Apr 30 23:31:00 UTC 2007
Author: jmagne
Update of /cvs/dirsec/coolkey/src/windows/csp
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3195
Modified Files:
RegDll.cpp State.cpp State.h csp.cpp csp.h cspx.cpp
Log Message:
Bring Fedora CSP up to one shipped with CertSystem. Bug #23150, rev. WTC.
Index: RegDll.cpp
===================================================================
RCS file: /cvs/dirsec/coolkey/src/windows/csp/RegDll.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- RegDll.cpp 27 Jul 2006 22:23:07 -0000 1.1
+++ RegDll.cpp 30 Apr 2007 23:30:58 -0000 1.2
@@ -36,7 +36,7 @@
"SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider"
// Windows key values
#define TYPE_KEY "Type"
-#define IMAGE_KEY "ImagePath"
+#define IMAGE_KEY "Image Path"
#define SIG_KEY "Signature"
// CSP specific key values
@@ -44,7 +44,7 @@
#define KEYGEN_KEY "KeyGenHack"
#define PIN_KEY "PIN"
#define MODULE_KEY "PKCS11Module"
-#define DEFAULT_PKCS11_MODULE "coolkey.dll"
+#define DEFAULT_PKCS11_MODULE "coolkeypk11.dll"
#define DEFAULT_PIN "1234"
Index: State.cpp
===================================================================
RCS file: /cvs/dirsec/coolkey/src/windows/csp/State.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- State.cpp 27 Jul 2006 22:23:07 -0000 1.1
+++ State.cpp 30 Apr 2007 23:30:58 -0000 1.2
@@ -26,6 +26,7 @@
******************************************************************/
#include "csp.h"
+#include "cspres.h"
#include "State.h"
#include <winscard.h>
@@ -34,7 +35,8 @@
namespace MCSP {
State::State()
- : init_(false), logging_(false), logFilename_("C:\\CSPDEBUG.log"), slot_(0), keyGenHack_(false), pkcs11dllname_("PKCS11.dll")
+ : init_(false), logging_(false), logFilename_("C:\\CSPDEBUG.log"), slot_(0), keyGenHack_(false), pkcs11dllname_("PKCS11.dll"),
+ p11_(CK_INVALID_HANDLE)
{
lock_ = ::CreateMutex(NULL, FALSE, NULL);
@@ -121,9 +123,6 @@
lock();
sessions_.erase(session);
delete session;
-
- if (sessions_.empty())
- shutdown();
unlock();
}
@@ -160,6 +159,43 @@
return reinterpret_cast<Key*>(hKey);
}
+void State::login(Session* session)
+{
+
+ int pin_size;
+ BinStr userPIN;
+ userPIN.resize(256);
+ if (!(pin_size = CSPDisplayPinDialog((char*)&userPIN[0], userPIN.size())))
+ ThrowMsg(SCARD_W_CANCELLED_BY_USER, "PIN dialog cancelled");
+
+ userPIN.resize(pin_size);
+
+ CK_RV ck_rv = g_state.p11->C_Login(session->p11_, CKU_USER,
+ (CK_UTF8CHAR*)&userPIN[0], (CK_ULONG)userPIN.size());
+
+ if (ck_rv == CKR_OK)
+ {
+ if (p11_ != CK_INVALID_HANDLE)
+ {
+ LOG("Existing invalid session must be destroyed. \n");
+
+ g_state.p11->C_CloseSession(p11_);
+ p11_ = CK_INVALID_HANDLE;
+ }
+ ck_rv = g_state.p11->C_OpenSession(g_state.slot(), CKF_RW_SESSION | CKF_SERIAL_SESSION, 0, 0, &p11_);
+ }
+
+ if (ck_rv != CKR_OK)
+ {
+ DisplayError(session, "Error during PIN verification");
+ Throw(NTE_FAIL);
+ }
+ else
+ LOG("PIN Verification Successful\n");
+
+}
+
+
bool State::shutdown()
{
if (init())
@@ -187,6 +223,12 @@
keys_.clear();
}
+ if (p11_ != CK_INVALID_HANDLE)
+ {
+ p11->C_CloseSession(p11_);
+ p11_ = CK_INVALID_HANDLE;
+ }
+
g_state.p11->C_Finalize(0);
init(false);
Index: State.h
===================================================================
RCS file: /cvs/dirsec/coolkey/src/windows/csp/State.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- State.h 27 Jul 2006 22:23:07 -0000 1.1
+++ State.h 30 Apr 2007 23:30:58 -0000 1.2
@@ -45,6 +45,7 @@
std::set<Session*> sessions_;
std::set<Key*> keys_;
std::string pkcs11dllname_;
+ CK_SESSION_HANDLE p11_;
public:
CK_FUNCTION_LIST_PTR p11;
@@ -99,6 +100,9 @@
bool keyExists(Key* key);
Key* checkValidKey(HCRYPTKEY hKey);
+
+ void login(Session* session);
+
bool shutdown();
void lock()
Index: csp.cpp
===================================================================
RCS file: /cvs/dirsec/coolkey/src/windows/csp/csp.cpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- csp.cpp 11 Oct 2006 18:12:58 -0000 1.2
+++ csp.cpp 30 Apr 2007 23:30:58 -0000 1.3
@@ -99,9 +99,11 @@
BinStr container_name, reader_name;
Session::parseFQCN(szContainer, &container_name, &reader_name);
+ // Missing output is only allowed for DELETEKEYSET
if (!phProv && !(dwFlags & CRYPT_DELETEKEYSET))
ThrowMsg(NTE_FAIL, "Can't return context, phProv is invalid");
+ // Do one-time initialization of state
if (g_state.init())
LOG("CSP already initialized\n");
else
@@ -177,6 +179,7 @@
}
else
{
+#ifdef LOGIN_FOR_SESSION
int pin_size;
BinStr userPIN;
userPIN.resize(256);
@@ -195,6 +198,8 @@
}
else
LOG("PIN Verification Successful\n");
+#endif /* LOGIN_FOR_SESSION */
+ g_state.login(context);
}
}
Index: csp.h
===================================================================
RCS file: /cvs/dirsec/coolkey/src/windows/csp/csp.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- csp.h 11 Oct 2006 18:12:58 -0000 1.2
+++ csp.h 30 Apr 2007 23:30:58 -0000 1.3
@@ -87,6 +87,7 @@
bool GetModulusFromCert(Session* context, BinStr* modulus, BinStr* exponent, const BinStr& cert);
void HexIfBin(BinStr* str);
bool InitP11();
+bool IsCACert(const BinStr& cert);
void Reverse(BinStr* buf);
void Reverse(LPBYTE buf, size_t len);
std::string StringifyAquireFlags(DWORD param);
Index: cspx.cpp
===================================================================
RCS file: /cvs/dirsec/coolkey/src/windows/csp/cspx.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- cspx.cpp 27 Jul 2006 22:23:07 -0000 1.1
+++ cspx.cpp 30 Apr 2007 23:30:58 -0000 1.2
@@ -648,6 +648,8 @@
CK_OBJECT_CLASS objClass = CKO_CERTIFICATE;
CK_ATTRIBUTE attrib = { CKA_CLASS, &objClass, sizeof(objClass) };
+ LOG("FindDefaultCert. \n");
+
// start object search for all certificates
if (g_state.p11->C_FindObjectsInit(context->p11_, &attrib, 1) != CKR_OK)
{
@@ -669,6 +671,8 @@
CK_ULONG ulNumFound = 1;
while (ulNumFound > 0)
{
+ LOG("FindDefaultCert. Top of while loop, through certs. \n");
+
CK_OBJECT_HANDLE hCert;
if (g_state.p11->C_FindObjects(context->p11_, &hCert, 1, &ulNumFound) != CKR_OK)
ThrowMsg(0, "C_FindObjects failed\n");
@@ -676,6 +680,7 @@
if (ulNumFound == 0)
break;
+ LOG("FindDefaultCert. Num Certs found %d hcert %d. \n",ulNumFound,hCert);
// First we want the CKA_ID and CKA_VALUE lengths
attrib[0].pValue = 0;
attrib[1].pValue = 0;
@@ -691,6 +696,10 @@
if (g_state.p11->C_GetAttributeValue(context->p11_, hCert, attrib, sizeof(attrib)/sizeof(CK_ATTRIBUTE)) != CKR_OK)
continue;
+
+ if (IsCACert(cert))
+ continue;
+
vector<string> ext;
GetExtKeyUsageFromCert(&ext, cert);
@@ -703,6 +712,7 @@
haveLogonCert = true;
container->swap(ckaid);
*phCert = hCert;
+ LOG("FindDefaultCert. Setting default cert because proper extension found. \n");
break;
}
}
@@ -710,6 +720,7 @@
if (i >= ext.size() && !haveLogonCert)
{
container->swap(ckaid);
+ LOG("FindDefaultCert Setting default cert because not a login cert. %d \n",hCert);
*phCert = hCert;
}
}
@@ -1011,6 +1022,72 @@
return rv;
}
+bool IsCACert(const BinStr& cert)
+{
+ bool rv = false;
+ DWORD cbInfo= 0;
+
+ PCCERT_CONTEXT certContext = 0;
+
+ LOG("IsCACert cert %p size %d \n", &cert,cert.size());
+
+ cbInfo = sizeof(CERT_BASIC_CONSTRAINTS2_INFO);
+
+ PCERT_BASIC_CONSTRAINTS2_INFO pInfo =
+ (PCERT_BASIC_CONSTRAINTS2_INFO) LocalAlloc(LPTR,cbInfo);
+
+ if (!pInfo)
+ return rv;
+
+ try
+ {
+ certContext =
+ CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ &cert[0], cert.size());
+
+ if (certContext == 0)
+ ThrowMsg(0, "CertCreateCertificateContext failed");
+
+
+ PCERT_EXTENSION pBC = CertFindExtension(szOID_BASIC_CONSTRAINTS2,
+ certContext->pCertInfo->cExtension, certContext->pCertInfo->rgExtension);
+
+ if (!pBC)
+ ThrowMsg(0,"No BASIC_CONSTRAINT extension.");
+
+ DWORD cbDecoded = cbInfo;
+
+ BOOL dResult = CryptDecodeObject(X509_ASN_ENCODING |PKCS_7_ASN_ENCODING , szOID_BASIC_CONSTRAINTS2,
+ pBC->Value.pbData, pBC->Value.cbData, 0, pInfo,&cbDecoded);
+
+ if (!dResult)
+ {
+
+ DWORD error = GetLastError();
+
+ LOG("IsCACert CryptDecodeObject failed! error 0x%lx \n",error);
+
+ ThrowMsg(0,"CryptDecodeObject failed");
+ }
+
+ rv = (bool) pInfo->fCA;
+
+ LOG("IsCACert returning fCA %ld fPathLenConstraint %ld dwPathLenConstraint %lu .\n",pInfo->fCA,pInfo->fPathLenConstraint,pInfo->dwPathLenConstraint);
+ }
+ catch (Error&)
+ {
+ rv = false;
+ }
+
+ if (certContext)
+ CertFreeCertificateContext(certContext);
+
+ if (pInfo)
+ LocalFree(pInfo);
+
+ return rv;
+}
+
string GetCurrentExecutable()
{
TCHAR szModulePath[MAX_PATH];
More information about the Fedora-directory-commits
mailing list