From d0a0103c70c0531fc8802b1141f406125a4f941f Mon Sep 17 00:00:00 2001 From: martin Date: Thu, 29 Mar 2007 10:25:16 +0000 Subject: [PATCH] Build a pkcs11 module with only one pin exposed to overcome issues described in #132. Closes #132 git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3145 c6295689-39f2-0310-b995-f0e70906c6a9 --- src/pkcs11/Makefile.am | 9 +++++++-- src/pkcs11/Makefile.mak | 11 ++++++++--- src/pkcs11/framework-pkcs15.c | 15 ++++++++++++++- src/pkcs11/hack-disabled.c | 1 + src/pkcs11/hack-enabled.c | 1 + 5 files changed, 31 insertions(+), 6 deletions(-) create mode 100644 src/pkcs11/hack-disabled.c create mode 100644 src/pkcs11/hack-enabled.c diff --git a/src/pkcs11/Makefile.am b/src/pkcs11/Makefile.am index 469ba94b..1d149603 100644 --- a/src/pkcs11/Makefile.am +++ b/src/pkcs11/Makefile.am @@ -14,14 +14,19 @@ SRC = pkcs11-global.c pkcs11-session.c pkcs11-object.c misc.c slot.c \ framework-pkcs15init.c debug.c INC = sc-pkcs11.h -lib_LTLIBRARIES = opensc-pkcs11.la pkcs11-spy.la +lib_LTLIBRARIES = opensc-pkcs11.la pkcs11-spy.la onepin-opensc-pkcs11.la noinst_LTLIBRARIES = libpkcs11.la -opensc_pkcs11_la_SOURCES = $(SRC) $(INC) +opensc_pkcs11_la_SOURCES = $(SRC) $(INC) hack-disabled.c opensc_pkcs11_la_LDFLAGS = -module -avoid-version opensc_pkcs11_la_LIBADD = @LIBOPENSC@ $(OPENSSL_LIBS) \ ../pkcs15init/libpkcs15init.la +onepin_opensc_pkcs11_la_SOURCES = $(SRC) $(INC) hack-enabled.c +onepin_opensc_pkcs11_la_LDFLAGS = -module -avoid-version +onepin_opensc_pkcs11_la_LIBADD = @LIBOPENSC@ $(OPENSSL_LIBS) \ + ../pkcs15init/libpkcs15init.la + libpkcs11_la_SOURCES = libpkcs11.c libpkcs11_la_LDFLAGS = -version-info @OPENSC_LT_CURRENT@:@OPENSC_LT_REVISION@:@OPENSC_LT_AGE@ libpkcs11_la_LIBADD = diff --git a/src/pkcs11/Makefile.mak b/src/pkcs11/Makefile.mak index 641b8e50..12c515d8 100644 --- a/src/pkcs11/Makefile.mak +++ b/src/pkcs11/Makefile.mak @@ -4,6 +4,7 @@ HEADERS = pkcs11.h HEADERSDIR = $(TOPDIR)\src\include\opensc +TARGET0 = onepin-opensc-pkcs11.dll TARGET = opensc-pkcs11.dll TARGET2 = libpkcs11.lib TARGET3 = pkcs11-spy.dll @@ -14,12 +15,16 @@ OBJECTS = pkcs11-global.obj pkcs11-session.obj pkcs11-object.obj misc.obj slot OBJECTS2 = libpkcs11.obj OBJECTS3 = pkcs11-spy.obj pkcs11-display.obj libpkcs11.obj -all: install-headers $(TARGET) $(TARGET2) $(TARGET3) +all: install-headers $(TARGET0) $(TARGET) $(TARGET2) $(TARGET3) !INCLUDE $(TOPDIR)\win32\Make.rules.mak -$(TARGET): $(OBJECTS) ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib - link $(LINKFLAGS) /dll /out:$(TARGET) $(OBJECTS) ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib winscard.lib $(OPENSSL_LIB) $(LIBLTDL) gdi32.lib +$(TARGET0): $(OBJECTS) hack-enabled.obj ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib + link $(LINKFLAGS) /dll /out:$(TARGET) $(OBJECTS) hack-enabled.obj ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib winscard.lib $(OPENSSL_LIB) $(LIBLTDL) gdi32.lib + if EXIST $(TARGET).manifest mt -manifest $(TARGET).manifest -outputresource:$(TARGET);2 + +$(TARGET): $(OBJECTS) hack-disabled.obj ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib + link $(LINKFLAGS) /dll /out:$(TARGET) $(OBJECTS) hack-disabled.obj ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib winscard.lib $(OPENSSL_LIB) $(LIBLTDL) gdi32.lib if EXIST $(TARGET).manifest mt -manifest $(TARGET).manifest -outputresource:$(TARGET);2 $(TARGET2): $(OBJECTS2) diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c index 4cb0b6fb..956a8f32 100644 --- a/src/pkcs11/framework-pkcs15.c +++ b/src/pkcs11/framework-pkcs15.c @@ -26,6 +26,8 @@ #include #endif +extern int hack_enabled; + #define MAX_CACHE_PIN 32 struct pkcs15_slot_data { struct sc_pkcs15_object *auth_obj; @@ -751,6 +753,9 @@ static CK_RV pkcs15_create_tokens(struct sc_pkcs11_card *p11card) /* Match up related keys and certificates */ pkcs15_bind_related_objects(fw_data); + if (hack_enabled) + auth_count = 1; + for (i = 0; i < auth_count; i++) { struct sc_pkcs15_pin_info *pin_info = NULL; @@ -760,10 +765,15 @@ static CK_RV pkcs15_create_tokens(struct sc_pkcs11_card *p11card) if ((pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) != 0) continue; - /* Add all the private keys related to this pin */ + /* Ignore unblocking pins for hacked module */ + if (hack_enabled && (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) != 0) + continue; + rv = pkcs15_create_slot(p11card, auths[i], &slot); if (rv != CKR_OK) return CKR_OK; /* no more slots available for this card */ + + /* Add all objects related to this pin */ for (j=0; j < fw_data->num_objects; j++) { struct pkcs15_any_object *obj = fw_data->objects[j]; @@ -797,6 +807,9 @@ static CK_RV pkcs15_create_tokens(struct sc_pkcs11_card *p11card) /* Add all the remaining objects */ for (j = 0; j < fw_data->num_objects; j++) { struct pkcs15_any_object *obj = fw_data->objects[j]; + /* We only have one pin and only the things related to it. */ + if (hack_enabled) + break; if (!(obj->base.flags & SC_PKCS11_OBJECT_SEEN)) { sc_debug(context, "Object %d was not seen previously\n", j); diff --git a/src/pkcs11/hack-disabled.c b/src/pkcs11/hack-disabled.c new file mode 100644 index 00000000..4727c869 --- /dev/null +++ b/src/pkcs11/hack-disabled.c @@ -0,0 +1 @@ +int hack_enabled = 0; diff --git a/src/pkcs11/hack-enabled.c b/src/pkcs11/hack-enabled.c new file mode 100644 index 00000000..908808d4 --- /dev/null +++ b/src/pkcs11/hack-enabled.c @@ -0,0 +1 @@ +int hack_enabled = 1;