Skip to content

Commit

Permalink
Fix error path in firmaConCIE
Browse files Browse the repository at this point in the history 
- Make progress bar of the signature more uniform

Signed-off-by: Luca Magrone <luca@magrone.cc>
  • Loading branch information
@Leuca
Leuca committed Oct 26, 2024
1 parent d9c0c93 commit 108aafa
Show file tree
Hide file tree
Showing 3 changed files with 158 additions and 0 deletions.
58 changes: 58 additions & 0 deletions cie-middleware-FirmaConCIE-make-progress-more-uniform.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
From 5a32e804c99655dc0c9a8c303e6597fac7014424 Mon Sep 17 00:00:00 2001
From: Luca Magrone <luca@magrone.cc>
Date: Sat, 26 Oct 2024 19:11:40 +0200
Subject: [PATCH] CSP: firmaConCIE: make progress bar more uniform

Divide the progress of the progress bar into 4 chunks. Each one
corresponding to 25% of the total progress.

Signed-off-by: Luca Magrone <luca@magrone.cc>
---
cie-pkcs11/CSP/FirmaConCIE.cpp | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/cie-pkcs11/CSP/FirmaConCIE.cpp b/cie-pkcs11/CSP/FirmaConCIE.cpp
index 9f5bf6b..c044c5f 100644
--- a/cie-pkcs11/CSP/FirmaConCIE.cpp
+++ b/cie-pkcs11/CSP/FirmaConCIE.cpp
@@ -71,6 +71,9 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*

char *curreader = readers;
bool foundCIE = false;
+
+ progressCallBack(25, "Looking for CIE...");
+
for (; curreader[0] != 0; curreader += strnlen(curreader, len) + 1)
{
safeConnection conn(hSC, curreader, SCARD_SHARE_SHARED);
@@ -93,8 +96,6 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*

ByteArray atrBa((BYTE*)ATR, atrLen);

- progressCallBack(20, "Getting certificate from CIE...");
-
IAS* ias = new IAS((CToken::TokenTransmitCallback)TokenTransmitCallback, atrBa);
ias->SetCardContext(&conn);

@@ -130,14 +131,16 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*
delete ias;
continue;
}
-
+
+ progressCallBack(50, "Getting certificate from CIE...");
+
ByteDynArray FullPIN;
ByteArray LastPIN = ByteArray((uint8_t*)pin, strlen(pin));
ias->GetFirstPIN(FullPIN);
FullPIN.append(LastPIN);
ias->token.Reset();

- progressCallBack(40, "Starting signature...");
+ progressCallBack(75, "Starting signature...");

char fullPinCStr[9];
memcpy(fullPinCStr, FullPIN.data(), 8);
--
2.43.5

98 changes: 98 additions & 0 deletions cie-middleware-fix-FirmaConCIE-error-on-multiple-tokens.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
diff --git a/cie-pkcs11/CSP/FirmaConCIE.cpp b/cie-pkcs11/CSP/FirmaConCIE.cpp
index 050d282..9f5bf6b 100644
--- a/cie-pkcs11/CSP/FirmaConCIE.cpp
+++ b/cie-pkcs11/CSP/FirmaConCIE.cpp
@@ -10,6 +10,7 @@
#include "../PKCS11/PKCS11Functions.h"
#include "../PKCS11/Slot.h"
#include "../Util/ModuleInfo.h"
+#include "../Util/UtilException.h"
#include "../PCSC/PCSC.h"
#include "../Crypto/ASNParser.h"
#include "../Sign/CIESign.h"
@@ -34,6 +35,7 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*

char* readers = NULL;
char* ATR = NULL;
+ bool panMismatch = false;
try
{
std::map<uint8_t, ByteDynArray> hashSet;
@@ -96,12 +98,21 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*
IAS* ias = new IAS((CToken::TokenTransmitCallback)TokenTransmitCallback, atrBa);
ias->SetCardContext(&conn);

- foundCIE = false;
ias->token.Reset();
- ias->SelectAID_IAS();
+ // Continue looking for a CIE if the token is unrecognised
+ try
+ {
+ ias->SelectAID_IAS();
+ }
+ catch(logged_error &err)
+ {
+ delete ias;
+ continue;
+ }
ias->ReadPAN();

- foundCIE = true;
+ if (!foundCIE)
+ foundCIE = true;
ByteDynArray IntAuth;
ias->SelectAID_CIE();
ias->ReadDappPubKey(IntAuth);
@@ -112,9 +123,12 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*
ias->ReadIdServizi(IdServizi);
ByteArray baPan = ByteArray((uint8_t*)pan, strlen(pan));

+ // Check for pan mismatch and continue search in such case
if (memcmp(baPan.data(), IdServizi.data(), IdServizi.size()) != 0)
{
- return CARD_PAN_MISMATCH;
+ panMismatch = true;
+ delete ias;
+ continue;
}

ByteDynArray FullPIN;
@@ -134,9 +148,13 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*
uint16_t ret = cieSign->sign(inFilePath, type, fullPinCStr, page, x, y, w, h, imagePathFile, outFilePath);
if((ret & (0x63C0)) == 0x63C0)
{
+ delete ias;
+ delete cieSign;
return CKR_PIN_INCORRECT;
}else if (ret == 0x6983)
{
+ delete ias;
+ delete cieSign;
return CKR_PIN_LOCKED;
}

@@ -148,7 +166,14 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*
delete ias;
delete cieSign;

+ // At this point if there has been a pan mismatch doesn't matter
+ if (panMismatch)
+ panMismatch = false;
+
completedCallBack(ret);
+
+ // A this point a CIE has been found, stop looking for it
+ break;
}

if (!foundCIE) {
@@ -174,5 +199,9 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*
free(ATR);

free(readers);
+
+ if (panMismatch)
+ return CARD_PAN_MISMATCH;
+
return SCARD_S_SUCCESS;
}
2 changes: 2 additions & 0 deletions cie-middleware.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ Patch15: cie-middleware-improve-graphical-signature.patch
Patch16: cie-middleware-fix-deallocation-mismatch.patch
Patch17: cie-middleware-generate-transparent-signature.patch
Patch18: cie-middleware-ignore-unrecognised-tokens.patch
Patch19: cie-middleware-fix-FirmaConCIE-error-on-multiple-tokens.patch
Patch20: cie-middleware-FirmaConCIE-make-progress-more-uniform.patch

%if 0%{?fedora} < 40 || (0%{?rhel} && 0%{?rhel} < 10)
BuildRequires: maven-local-openjdk11
Expand Down

0 comments on commit 108aafa

Please sign in to comment.