Build a pkcs11 module with only one pin exposed to overcome issues described in #132. Closes #132

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3145 c6295689-39f2-0310-b995-f0e70906c6a9
2007-03-29 10:25:16 +00:00 · 2007-03-29 10:25:16 +00:00 · d0a0103c70
parent 60b4570531
commit d0a0103c70
5 changed files with 31 additions and 6 deletions
--- a/src/pkcs11/Makefile.am
+++ b/src/pkcs11/Makefile.am
@ -14,14 +14,19 @@ SRC = pkcs11-global.c pkcs11-session.c pkcs11-object.c misc.c slot.c \
 	framework-pkcs15init.c debug.c
 INC = sc-pkcs11.h

-lib_LTLIBRARIES = opensc-pkcs11.la pkcs11-spy.la
+lib_LTLIBRARIES = opensc-pkcs11.la pkcs11-spy.la onepin-opensc-pkcs11.la
 noinst_LTLIBRARIES = libpkcs11.la

-opensc_pkcs11_la_SOURCES = $(SRC) $(INC)
+opensc_pkcs11_la_SOURCES = $(SRC) $(INC) hack-disabled.c
 opensc_pkcs11_la_LDFLAGS = -module -avoid-version
 opensc_pkcs11_la_LIBADD = @LIBOPENSC@ $(OPENSSL_LIBS) \
 	../pkcs15init/libpkcs15init.la 

+onepin_opensc_pkcs11_la_SOURCES = $(SRC) $(INC) hack-enabled.c
+onepin_opensc_pkcs11_la_LDFLAGS = -module -avoid-version
+onepin_opensc_pkcs11_la_LIBADD = @LIBOPENSC@ $(OPENSSL_LIBS) \
+	../pkcs15init/libpkcs15init.la 
+
 libpkcs11_la_SOURCES = libpkcs11.c
 libpkcs11_la_LDFLAGS = -version-info @OPENSC_LT_CURRENT@:@OPENSC_LT_REVISION@:@OPENSC_LT_AGE@
 libpkcs11_la_LIBADD = 
--- a/src/pkcs11/Makefile.mak
+++ b/src/pkcs11/Makefile.mak
@ -4,6 +4,7 @@ HEADERS			= pkcs11.h

 HEADERSDIR		= $(TOPDIR)\src\include\opensc

+TARGET0                 = onepin-opensc-pkcs11.dll
 TARGET                  = opensc-pkcs11.dll
 TARGET2			= libpkcs11.lib
 TARGET3			= pkcs11-spy.dll
@ -14,12 +15,16 @@ OBJECTS			= pkcs11-global.obj pkcs11-session.obj pkcs11-object.obj misc.obj slot
 OBJECTS2		= libpkcs11.obj
 OBJECTS3		= pkcs11-spy.obj pkcs11-display.obj libpkcs11.obj

-all: install-headers $(TARGET) $(TARGET2) $(TARGET3)
+all: install-headers $(TARGET0) $(TARGET) $(TARGET2) $(TARGET3) 

 !INCLUDE $(TOPDIR)\win32\Make.rules.mak

-$(TARGET): $(OBJECTS) ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib
-	link $(LINKFLAGS) /dll /out:$(TARGET) $(OBJECTS) ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib winscard.lib $(OPENSSL_LIB) $(LIBLTDL) gdi32.lib
+$(TARGET0): $(OBJECTS) hack-enabled.obj ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib
+	link $(LINKFLAGS) /dll /out:$(TARGET) $(OBJECTS) hack-enabled.obj ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib winscard.lib $(OPENSSL_LIB) $(LIBLTDL) gdi32.lib
+	if EXIST $(TARGET).manifest mt -manifest $(TARGET).manifest -outputresource:$(TARGET);2
+
+$(TARGET): $(OBJECTS) hack-disabled.obj ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib
+	link $(LINKFLAGS) /dll /out:$(TARGET) $(OBJECTS) hack-disabled.obj ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib winscard.lib $(OPENSSL_LIB) $(LIBLTDL) gdi32.lib
 	if EXIST $(TARGET).manifest mt -manifest $(TARGET).manifest -outputresource:$(TARGET);2

 $(TARGET2): $(OBJECTS2)
--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@ -26,6 +26,8 @@
 #include <opensc/keycache.h>
 #endif

+extern int hack_enabled;
+
 #define MAX_CACHE_PIN		32
 struct pkcs15_slot_data {
 	struct sc_pkcs15_object *auth_obj;
@ -751,6 +753,9 @@ static CK_RV pkcs15_create_tokens(struct sc_pkcs11_card *p11card)
 	/* Match up related keys and certificates */
 	pkcs15_bind_related_objects(fw_data);

+	if (hack_enabled)
+		auth_count = 1;
+
 	for (i = 0; i < auth_count; i++) {
 		struct sc_pkcs15_pin_info *pin_info = NULL;

@ -760,10 +765,15 @@ static CK_RV pkcs15_create_tokens(struct sc_pkcs11_card *p11card)
 		if ((pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) != 0)
 			continue;

-		/* Add all the private keys related to this pin */
+		/* Ignore unblocking pins for hacked module */
+		if (hack_enabled && (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) != 0)
+			continue;
+
 		rv = pkcs15_create_slot(p11card, auths[i], &slot);
 		if (rv != CKR_OK)
 			return CKR_OK; /* no more slots available for this card */
+
+		/* Add all objects related to this pin */
 		for (j=0; j < fw_data->num_objects; j++) {
 			struct pkcs15_any_object *obj = fw_data->objects[j];

@ -797,6 +807,9 @@ static CK_RV pkcs15_create_tokens(struct sc_pkcs11_card *p11card)
 	/* Add all the remaining objects */
 	for (j = 0; j < fw_data->num_objects; j++) {
 		struct pkcs15_any_object *obj = fw_data->objects[j];
+		/* We only have one pin and only the things related to it. */
+		if (hack_enabled)
+			break;

 		if (!(obj->base.flags & SC_PKCS11_OBJECT_SEEN)) {
 			sc_debug(context, "Object %d was not seen previously\n", j);
--- a/src/pkcs11/hack-disabled.c
+++ b/src/pkcs11/hack-disabled.c
@ -0,0 +1 @@
+int hack_enabled = 0;
--- a/src/pkcs11/hack-enabled.c
+++ b/src/pkcs11/hack-enabled.c
@ -0,0 +1 @@
+int hack_enabled = 1;