Fix error path in firmaConCIE

Leuca · Leuca · commit 108aafa7e533 · 2024-10-26T21:00:28.000+02:00
- Make progress bar of the signature more uniform

Signed-off-by: Luca Magrone &lt;luca@magrone.cc&gt;
diff --git a/cie-middleware-FirmaConCIE-make-progress-more-uniform.patch b/cie-middleware-FirmaConCIE-make-progress-more-uniform.patch
@@ -0,0 +1,58 @@
+From 5a32e804c99655dc0c9a8c303e6597fac7014424 Mon Sep 17 00:00:00 2001
+From: Luca Magrone <luca@magrone.cc>
+Date: Sat, 26 Oct 2024 19:11:40 +0200
+Subject: [PATCH] CSP: firmaConCIE: make progress bar more uniform
+
+Divide the progress of the progress bar into 4 chunks. Each one
+corresponding to 25% of the total progress.
+
+Signed-off-by: Luca Magrone <luca@magrone.cc>
+---
+ cie-pkcs11/CSP/FirmaConCIE.cpp | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/cie-pkcs11/CSP/FirmaConCIE.cpp b/cie-pkcs11/CSP/FirmaConCIE.cpp
+index 9f5bf6b..c044c5f 100644
+--- a/cie-pkcs11/CSP/FirmaConCIE.cpp
++++ b/cie-pkcs11/CSP/FirmaConCIE.cpp
+@@ -71,6 +71,9 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*
+ 
+         char *curreader = readers;
+         bool foundCIE = false;
++
++        progressCallBack(25, "Looking for CIE...");
++
+         for (; curreader[0] != 0; curreader += strnlen(curreader, len) + 1)
+         {
+             safeConnection conn(hSC, curreader, SCARD_SHARE_SHARED);
+@@ -93,8 +96,6 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*
+             
+             ByteArray atrBa((BYTE*)ATR, atrLen);
+ 
+-            progressCallBack(20, "Getting certificate from CIE...");
+-
+             IAS* ias = new IAS((CToken::TokenTransmitCallback)TokenTransmitCallback, atrBa);
+             ias->SetCardContext(&conn);
+             
+@@ -130,14 +131,16 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*
+                 delete ias;
+                 continue;
+             }
+-            
++
++            progressCallBack(50, "Getting certificate from CIE...");
++
+             ByteDynArray FullPIN;
+             ByteArray LastPIN = ByteArray((uint8_t*)pin, strlen(pin));
+             ias->GetFirstPIN(FullPIN);
+             FullPIN.append(LastPIN);
+             ias->token.Reset();
+             
+-            progressCallBack(40, "Starting signature...");
++            progressCallBack(75, "Starting signature...");
+ 
+             char fullPinCStr[9];
+             memcpy(fullPinCStr, FullPIN.data(), 8);
+-- 
+2.43.5
+
diff --git a/cie-middleware-fix-FirmaConCIE-error-on-multiple-tokens.patch b/cie-middleware-fix-FirmaConCIE-error-on-multiple-tokens.patch
@@ -0,0 +1,98 @@
+diff --git a/cie-pkcs11/CSP/FirmaConCIE.cpp b/cie-pkcs11/CSP/FirmaConCIE.cpp
+index 050d282..9f5bf6b 100644
+--- a/cie-pkcs11/CSP/FirmaConCIE.cpp
++++ b/cie-pkcs11/CSP/FirmaConCIE.cpp
+@@ -10,6 +10,7 @@
+ #include "../PKCS11/PKCS11Functions.h"
+ #include "../PKCS11/Slot.h"
+ #include "../Util/ModuleInfo.h"
++#include "../Util/UtilException.h"
+ #include "../PCSC/PCSC.h"
+ #include "../Crypto/ASNParser.h"
+ #include "../Sign/CIESign.h"
+@@ -34,6 +35,7 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*
+ 
+     char* readers = NULL;
+     char* ATR = NULL;
++    bool panMismatch = false;
+     try
+     {
+         std::map<uint8_t, ByteDynArray> hashSet;
+@@ -96,12 +98,21 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*
+             IAS* ias = new IAS((CToken::TokenTransmitCallback)TokenTransmitCallback, atrBa);
+             ias->SetCardContext(&conn);
+             
+-            foundCIE = false;
+             ias->token.Reset();
+-            ias->SelectAID_IAS();
++            // Continue looking for a CIE if the token is unrecognised
++            try
++            {
++                ias->SelectAID_IAS();
++            }
++            catch(logged_error &err)
++            {
++                delete ias;
++                continue;
++            }
+             ias->ReadPAN();
+             
+-            foundCIE = true;
++            if (!foundCIE)
++                foundCIE = true;
+             ByteDynArray IntAuth;
+             ias->SelectAID_CIE();
+             ias->ReadDappPubKey(IntAuth);
+@@ -112,9 +123,12 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*
+             ias->ReadIdServizi(IdServizi);
+             ByteArray baPan = ByteArray((uint8_t*)pan, strlen(pan));
+ 
++            // Check for pan mismatch and continue search in such case
+             if (memcmp(baPan.data(), IdServizi.data(), IdServizi.size()) != 0)
+             {
+-                return CARD_PAN_MISMATCH;
++                panMismatch = true;
++                delete ias;
++                continue;
+             }
+             
+             ByteDynArray FullPIN;
+@@ -134,9 +148,13 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*
+             uint16_t ret = cieSign->sign(inFilePath, type, fullPinCStr, page, x, y, w, h, imagePathFile, outFilePath);
+             if((ret & (0x63C0)) == 0x63C0)
+             {
++                delete ias;
++                delete cieSign;
+                 return CKR_PIN_INCORRECT;
+             }else if (ret == 0x6983)
+             {
++                delete ias;
++                delete cieSign;
+                 return CKR_PIN_LOCKED;
+             }
+             
+@@ -148,7 +166,14 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*
+             delete ias;
+             delete cieSign;
+ 
++            // At this point if there has been a pan mismatch doesn't matter
++            if (panMismatch)
++                panMismatch = false;
++
+             completedCallBack(ret);
++
++            // A this point a CIE has been found, stop looking for it
++            break;
+         }
+         
+         if (!foundCIE) {
+@@ -174,5 +199,9 @@ CK_RV CK_ENTRY firmaConCIE(const char* inFilePath, const char* type, const char*
+         free(ATR);
+ 
+     free(readers);
++
++    if (panMismatch)
++        return CARD_PAN_MISMATCH;
++
+     return SCARD_S_SUCCESS;
+ }
diff --git a/cie-middleware.spec b/cie-middleware.spec
@@ -32,6 +32,8 @@ Patch15:			cie-middleware-improve-graphical-signature.patch
 Patch16:			cie-middleware-fix-deallocation-mismatch.patch
 Patch17:			cie-middleware-generate-transparent-signature.patch
 Patch18:			cie-middleware-ignore-unrecognised-tokens.patch
+Patch19:			cie-middleware-fix-FirmaConCIE-error-on-multiple-tokens.patch
+Patch20:			cie-middleware-FirmaConCIE-make-progress-more-uniform.patch
 
 %if 0%{?fedora} < 40 || (0%{?rhel} && 0%{?rhel} < 10)
 BuildRequires:  maven-local-openjdk11
