Dirty hack to support certificates in up to 8 slots. Needed for Activ…

…Key SIM device
Vanuan · Oct 18, 2012 · 1d0d235 · 1d0d235
1 parent a025555
commit 1d0d235
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 11 deletions.
diff --git a/src/coolkey/object.cpp b/src/coolkey/object.cpp
@@ -1027,7 +1027,7 @@ CACCert::CACCert(CKYByte instance, const CKYBuffer *derCert) :
 
     /* So we know what the key is supposed to be used for based on
      * the instance */
-    if (instance == 2) {
+    if (instance >= 2) {
 	decrypt = TRUE;
     }
 
@@ -1041,7 +1041,12 @@ CACCert::CACCert(CKYByte instance, const CKYBuffer *derCert) :
     setAttribute(CKA_ID, &id);
     CKYBuffer_FreeData(&id);
     setAttributeULong(CKA_CERTIFICATE_TYPE, CKC_X_509);
-    setAttribute(CKA_LABEL, CAC_Label[instance]);
+    int keyIndex = instance;
+    /* ActivKey has up to 8 slots, read only the first cert from slots > 2 */
+    if(instance > 2) {
+        keyIndex = 0;
+    }
+    setAttribute(CKA_LABEL, CAC_Label[keyIndex]);
 
     CKYBuffer derSerial; CKYBuffer_InitEmpty(&derSerial);
     CKYBuffer derSubject; CKYBuffer_InitEmpty(&derSubject);

diff --git a/src/coolkey/slot.cpp b/src/coolkey/slot.cpp
@@ -2306,9 +2306,11 @@ Slot::loadCACCert(CKYByte instance)
 						 instance, OSTimeNow() - time);
 
     if (instance == 0) {
-        readCACCertificateFirst(&rawCert, &nextSize, true);
+        /* do not fail if 0 instance is not found */
+        readCACCertificateFirst(&rawCert, &nextSize, false);
         if(CKYBuffer_Size(&rawCert) == 0) {
-             handleConnectionError();
+            shmem.clearValid(0);
+            return;
         }
 	log->log("CAC Cert %d: fetch CAC Cert:  %d ms\n", 
 						instance, OSTimeNow() - time);
@@ -2324,7 +2326,7 @@ Slot::loadCACCert(CKYByte instance)
 	CKYSize shmCertSize = CKYBuffer_Size(&shmCert);
 	const CKYByte *shmData = CKYBuffer_Data(&shmCert);
 
-	if (instance != 0) {
+	if ((instance > 0) && (instance <= 2)) {
 	    needRead = 0;
 	}
 
@@ -2351,11 +2353,11 @@ Slot::loadCACCert(CKYByte instance)
 	    shmem.setDataVersion(dataVersion);
 	} else {
 	    status = readCACCertificateFirst(&rawCert, &nextSize, false);
-	
+
 	    if (status != CKYSUCCESS) {
 		/* CAC only requires the Certificate in pki '0' */
 		/* if pki '1' or '2' are empty, treat it as a non-fatal error*/
-		if (instance == 2) {
+		if (instance == MAX_CERT_SLOTS - 1) {
 		    /* we've attempted to read all the certs, shared memory
 		     * is now valid */
 		    shmem.setValid();
@@ -2448,9 +2450,9 @@ Slot::loadObjects()
     std::list<ListObjectInfo>::iterator iter;
 
     if (state & CAC_CARD) {
-	loadCACCert(0);
-	loadCACCert(1);
-	loadCACCert(2);
+        for(int i = 0; i < MAX_CERT_SLOTS; ++i) {
+            loadCACCert(i);
+        }
 	status = trans.end();
 	loadReaderObject();
 	return;

diff --git a/src/coolkey/slot.h b/src/coolkey/slot.h
@@ -294,7 +294,7 @@ class CryptParams {
 				 const CKYBuffer *paddedOutput) const = 0;
 };
 
-#define MAX_CERT_SLOTS 3
+#define MAX_CERT_SLOTS 8
 class Slot {
 
   public: