Overview
| Comment: | Updated to select correct applet and file for given identity for sign/decrypt
Added more debugging for selecting a key for sign/decrypt |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
9fc3b9fa035d09ce98fe56b3c55a6122 |
| User & Date: | rkeene on 2010-05-15 00:25:26 |
| Other Links: | manifest | tags |
Context
|
2010-05-15
| ||
| 00:34 |
Added line numbers to debugging output
Added overloaded debugging strdup to check for leaks check-in: 709b50760d user: rkeene tags: trunk | |
| 00:25 |
Updated to select correct applet and file for given identity for sign/decrypt
Added more debugging for selecting a key for sign/decrypt check-in: 9fc3b9fa03 user: rkeene tags: trunk | |
|
2010-05-14
| ||
| 23:33 | Added untested support for Sign/Decrypt check-in: fc063dd0df user: rkeene tags: trunk | |
Changes
Modified cackey.c from [4487b6bfe2] to [36bd79ba26].
| ︙ | ︙ | |||
475 476 477 478 479 480 481 482 483 484 485 486 | unsigned long search_curr_id; int sign_active; CK_MECHANISM_TYPE sign_mechanism; CK_BYTE_PTR sign_buf; unsigned long sign_buflen; unsigned long sign_bufused; int decrypt_active; CK_MECHANISM_TYPE decrypt_mechanism; CK_VOID_PTR decrypt_mech_parm; CK_ULONG decrypt_mech_parmlen; | > | | 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 |
unsigned long search_curr_id;
int sign_active;
CK_MECHANISM_TYPE sign_mechanism;
CK_BYTE_PTR sign_buf;
unsigned long sign_buflen;
unsigned long sign_bufused;
struct cackey_identity *sign_identity;
int decrypt_active;
CK_MECHANISM_TYPE decrypt_mechanism;
CK_VOID_PTR decrypt_mech_parm;
CK_ULONG decrypt_mech_parmlen;
struct cackey_identity *decrypt_identity;
};
struct cackey_slot {
int active;
char *pcsc_reader;
|
| ︙ | ︙ | |||
1786 1787 1788 1789 1790 1791 1792 | * RETURN VALUE * ... * * NOTES * ... * */ | | | 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 |
* RETURN VALUE
* ...
*
* NOTES
* ...
*
*/
static ssize_t cackey_signdecrypt(struct cackey_slot *slot, struct cackey_identity *identity, unsigned char *buf, size_t buflen, unsigned char *outbuf, size_t outbuflen) {
cackey_ret send_ret;
CACKEY_DEBUG_PRINTF("Called.");
if (buflen > 255) {
CACKEY_DEBUG_PRINTF("Error. buflen is greater than 255 (buflen = %lu)", (unsigned long) buflen);
|
| ︙ | ︙ | |||
1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 |
if (outbuf == NULL) {
CACKEY_DEBUG_PRINTF("Error. outbuf is NULL");
return(-1);
}
send_ret = cackey_send_apdu(slot, GSCIS_CLASS_GLOBAL_PLATFORM, GSCIS_INSTR_SIGNDECRYPT, 0x00, 0x00, buflen, buf, outbuflen, NULL, outbuf, &outbuflen);
if (send_ret != CACKEY_PCSC_S_OK) {
CACKEY_DEBUG_PRINTF("ADPU Sending Failed -- returning in error.");
return(-1);
}
CACKEY_DEBUG_PRINTF("Returning in success.");
return(outbuflen);
}
/*
* SYNPOSIS
| > > > > > > > > > > > > > > > | 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 |
if (outbuf == NULL) {
CACKEY_DEBUG_PRINTF("Error. outbuf is NULL");
return(-1);
}
/* Begin transaction */
cackey_begin_transaction(slot);
/* Select correct applet */
cackey_select_applet(slot, identity->identity->applet, sizeof(identity->identity->applet));
/* Select correct file */
cackey_select_file(slot, identity->identity->file);
send_ret = cackey_send_apdu(slot, GSCIS_CLASS_GLOBAL_PLATFORM, GSCIS_INSTR_SIGNDECRYPT, 0x00, 0x00, buflen, buf, outbuflen, NULL, outbuf, &outbuflen);
if (send_ret != CACKEY_PCSC_S_OK) {
CACKEY_DEBUG_PRINTF("ADPU Sending Failed -- returning in error.");
/* End transaction */
cackey_end_transaction(slot);
return(-1);
}
/* End transaction */
cackey_end_transaction(slot);
CACKEY_DEBUG_PRINTF("Returning in success.");
return(outbuflen);
}
/*
* SYNPOSIS
|
| ︙ | ︙ | |||
4120 4121 4122 4123 4124 4125 4126 |
return(CKR_OPERATION_ACTIVE);
}
if (hKey >= cackey_sessions[hSession].identities_count) {
cackey_mutex_unlock(cackey_biglock);
| | > | 4136 4137 4138 4139 4140 4141 4142 4143 4144 4145 4146 4147 4148 4149 4150 4151 4152 4153 4154 4155 4156 4157 4158 4159 4160 |
return(CKR_OPERATION_ACTIVE);
}
if (hKey >= cackey_sessions[hSession].identities_count) {
cackey_mutex_unlock(cackey_biglock);
CACKEY_DEBUG_PRINTF("Error. Key handle out of range (requested key %lu, only %lu identities available).", (unsigned long) hKey, (unsigned long) cackey_sessions[hSession].identities_count);
return(CKR_KEY_HANDLE_INVALID);
}
cackey_sessions[hSession].decrypt_active = 1;
cackey_sessions[hSession].decrypt_mechanism = pMechanism->mechanism;
cackey_sessions[hSession].decrypt_mech_parm = pMechanism->pParameter;
cackey_sessions[hSession].decrypt_mech_parmlen = pMechanism->ulParameterLen;
cackey_sessions[hSession].decrypt_identity = &cackey_sessions[hSession].identities[hKey];
mutex_retval = cackey_mutex_unlock(cackey_biglock);
if (mutex_retval != 0) {
CACKEY_DEBUG_PRINTF("Error. Unlocking failed.");
return(CKR_GENERAL_ERROR);
}
|
| ︙ | ︙ | |||
4260 4261 4262 4263 4264 4265 4266 |
return(CKR_OPERATION_NOT_INITIALIZED);
}
switch (cackey_sessions[hSession].decrypt_mechanism) {
case CKM_RSA_PKCS:
/* Ask card to decrypt */
| | | 4277 4278 4279 4280 4281 4282 4283 4284 4285 4286 4287 4288 4289 4290 4291 |
return(CKR_OPERATION_NOT_INITIALIZED);
}
switch (cackey_sessions[hSession].decrypt_mechanism) {
case CKM_RSA_PKCS:
/* Ask card to decrypt */
buflen = cackey_signdecrypt(&cackey_slots[cackey_sessions[hSession].slotID], cackey_sessions[hSession].decrypt_identity, pEncryptedPart, ulEncryptedPartLen, buf, sizeof(buf));
if (buflen < 0) {
/* Decryption failed. */
retval = CKR_GENERAL_ERROR;
} else if (((unsigned long) buflen) > *pulPartLen && pPart) {
/* Decrypted data too large */
retval = CKR_BUFFER_TOO_SMALL;
|
| ︙ | ︙ | |||
4489 4490 4491 4492 4493 4494 4495 |
return(CKR_OPERATION_ACTIVE);
}
if (hKey >= cackey_sessions[hSession].identities_count) {
cackey_mutex_unlock(cackey_biglock);
| | > | 4506 4507 4508 4509 4510 4511 4512 4513 4514 4515 4516 4517 4518 4519 4520 4521 4522 4523 4524 4525 4526 4527 4528 4529 4530 4531 4532 |
return(CKR_OPERATION_ACTIVE);
}
if (hKey >= cackey_sessions[hSession].identities_count) {
cackey_mutex_unlock(cackey_biglock);
CACKEY_DEBUG_PRINTF("Error. Key handle out of range (requested key %lu, only %lu identities available).", (unsigned long) hKey, (unsigned long) cackey_sessions[hSession].identities_count);
return(CKR_KEY_HANDLE_INVALID);
}
cackey_sessions[hSession].sign_active = 1;
cackey_sessions[hSession].sign_mechanism = pMechanism->mechanism;
cackey_sessions[hSession].sign_buflen = 128;
cackey_sessions[hSession].sign_bufused = 0;
cackey_sessions[hSession].sign_buf = malloc(sizeof(*cackey_sessions[hSession].sign_buf) * cackey_sessions[hSession].sign_buflen);
cackey_sessions[hSession].sign_identity = &cackey_sessions[hSession].identities[hKey];
mutex_retval = cackey_mutex_unlock(cackey_biglock);
if (mutex_retval != 0) {
CACKEY_DEBUG_PRINTF("Error. Unlocking failed.");
return(CKR_GENERAL_ERROR);
}
|
| ︙ | ︙ | |||
4692 4693 4694 4695 4696 4697 4698 |
return(CKR_OPERATION_NOT_INITIALIZED);
}
switch (cackey_sessions[hSession].sign_mechanism) {
case CKM_RSA_PKCS:
/* Ask card to sign */
| | | 4710 4711 4712 4713 4714 4715 4716 4717 4718 4719 4720 4721 4722 4723 4724 |
return(CKR_OPERATION_NOT_INITIALIZED);
}
switch (cackey_sessions[hSession].sign_mechanism) {
case CKM_RSA_PKCS:
/* Ask card to sign */
sigbuflen = cackey_signdecrypt(&cackey_slots[cackey_sessions[hSession].slotID], cackey_sessions[hSession].sign_identity, cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_buflen, sigbuf, sizeof(sigbuf));
if (sigbuflen < 0) {
/* Signing failed. */
retval = CKR_GENERAL_ERROR;
} else if (((unsigned long) sigbuflen) > *pulSignatureLen && pSignature) {
/* Signed data too large */
retval = CKR_BUFFER_TOO_SMALL;
|
| ︙ | ︙ |