Differences From Artifact [4ec2269ed9]:
- File cackey.c — part of check-in [d37223bd9d] at 2010-05-20 20:08:44 on branch trunk — Fixed missing card reset (user: rkeene, size: 154937) [annotate] [blame] [check-ins using]
To Artifact [1aac84790e]:
- File
cackey.c
— part of check-in
[ef50f6c143]
at
2010-05-20 23:45:53
on branch trunk
— Corrected unpadding
Changed label to be generated, rather than derived from card
Added support for reading the modulus and exponent from an X.509 certificate
Added additional attributes (user: rkeene, size: 156978) [annotate] [blame] [check-ins using]
︙ | ︙ | |||
25 26 27 28 29 30 31 32 33 34 35 36 37 38 | #endif #ifdef HAVE_PTHREAD_H # include <pthread.h> #endif #ifdef HAVE_LIMITS_H # include <limits.h> #endif #ifdef HAVE_ZLIB_H # ifdef HAVE_LIBZ # include <zlib.h> # endif #else # ifdef HAVE_LIBZ # undef HAVE_LIBZ | > > > | 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | #endif #ifdef HAVE_PTHREAD_H # include <pthread.h> #endif #ifdef HAVE_LIMITS_H # include <limits.h> #endif #ifdef HAVE_STDIO_H # include <stdio.h> #endif #ifdef HAVE_ZLIB_H # ifdef HAVE_LIBZ # include <zlib.h> # endif #else # ifdef HAVE_LIBZ # undef HAVE_LIBZ |
︙ | ︙ | |||
154 155 156 157 158 159 160 | #define GSCIS_TAG_CERT_ISSUE_DATE 0x71 #define GSCIS_TAG_CERT_EXPIRE_DATE 0x72 /** Applet IDs **/ #define GSCIS_AID_CCC 0xA0, 0x00, 0x00, 0x01, 0x16, 0xDB, 0x00 #ifdef CACKEY_DEBUG | < < < | 157 158 159 160 161 162 163 164 165 166 167 168 169 170 | #define GSCIS_TAG_CERT_ISSUE_DATE 0x71 #define GSCIS_TAG_CERT_EXPIRE_DATE 0x72 /** Applet IDs **/ #define GSCIS_AID_CCC 0xA0, 0x00, 0x00, 0x01, 0x16, 0xDB, 0x00 #ifdef CACKEY_DEBUG # define CACKEY_DEBUG_PRINTF(x...) { fprintf(stderr, "%s():%i: ", __func__, __LINE__); fprintf(stderr, x); fprintf(stderr, "\n"); fflush(stderr); } # define CACKEY_DEBUG_PRINTBUF(f, x, y) { unsigned char *TMPBUF; unsigned long idx; TMPBUF = (unsigned char *) (x); fprintf(stderr, "%s():%i: %s (%s/%lu = {%02x", __func__, __LINE__, f, #x, (unsigned long) (y), TMPBUF[0]); for (idx = 1; idx < (y); idx++) { fprintf(stderr, ", %02x", TMPBUF[idx]); }; fprintf(stderr, "})\n"); fflush(stderr); } # define CACKEY_DEBUG_PERROR(x) { fprintf(stderr, "%s():%i: ", __func__, __LINE__); perror(x); fflush(stderr); } # define free(x) { CACKEY_DEBUG_PRINTF("FREE(%p) (%s)", x, #x); free(x); } static void *CACKEY_DEBUG_FUNC_MALLOC(size_t size, const char *func, int line) { |
︙ | ︙ | |||
1846 1847 1848 1849 1850 1851 1852 | * ... * * NOTES * ... * */ static ssize_t cackey_signdecrypt(struct cackey_slot *slot, struct cackey_identity *identity, unsigned char *buf, size_t buflen, unsigned char *outbuf, size_t outbuflen, int padInput, int unpadOutput) { | | | < < < < < < | 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 | * ... * * NOTES * ... * */ static ssize_t cackey_signdecrypt(struct cackey_slot *slot, struct cackey_identity *identity, unsigned char *buf, size_t buflen, unsigned char *outbuf, size_t outbuflen, int padInput, int unpadOutput) { unsigned char *tmpbuf, *tmpbuf_s, *outbuf_s; unsigned char bytes_to_send, p1; unsigned char blocktype; cackey_ret send_ret; uint16_t respcode; ssize_t retval = 0, unpadoffset; size_t tmpbuflen, padlen, tmpoutbuflen; int free_tmpbuf = 0; int le; CACKEY_DEBUG_PRINTF("Called."); if (slot == NULL) { CACKEY_DEBUG_PRINTF("Error. slot is NULL"); return(-1); } if (buf == NULL) { |
︙ | ︙ | |||
1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 | tmpbuflen = identity->pcsc_identity->keysize; tmpbuf = malloc(tmpbuflen); free_tmpbuf = 1; padlen = tmpbuflen - buflen - 3; tmpbuf[0] = 0x00; tmpbuf[1] = 0x01; memset(&tmpbuf[2], 0xFF, padlen); tmpbuf[padlen + 2]= 0x00; memcpy(&tmpbuf[padlen + 3], buf, buflen); CACKEY_DEBUG_PRINTBUF("Unpadded:", buf, buflen); | > | 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 | tmpbuflen = identity->pcsc_identity->keysize; tmpbuf = malloc(tmpbuflen); free_tmpbuf = 1; padlen = tmpbuflen - buflen - 3; /* RSA PKCS#1 EMSA-PKCS1-v1_5 Padding */ tmpbuf[0] = 0x00; tmpbuf[1] = 0x01; memset(&tmpbuf[2], 0xFF, padlen); tmpbuf[padlen + 2]= 0x00; memcpy(&tmpbuf[padlen + 3], buf, buflen); CACKEY_DEBUG_PRINTBUF("Unpadded:", buf, buflen); |
︙ | ︙ | |||
1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 | CACKEY_DEBUG_PRINTF("Selecting applet found at %p ...", identity->pcsc_identity->applet); cackey_select_applet(slot, identity->pcsc_identity->applet, sizeof(identity->pcsc_identity->applet)); /* Select correct file */ cackey_select_file(slot, identity->pcsc_identity->file); tmpbuf_s = tmpbuf; while (tmpbuflen) { if (tmpbuflen > 245) { bytes_to_send = 245; p1 = 0x80; le = 0x00; } else { bytes_to_send = tmpbuflen; | > | 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 | CACKEY_DEBUG_PRINTF("Selecting applet found at %p ...", identity->pcsc_identity->applet); cackey_select_applet(slot, identity->pcsc_identity->applet, sizeof(identity->pcsc_identity->applet)); /* Select correct file */ cackey_select_file(slot, identity->pcsc_identity->file); tmpbuf_s = tmpbuf; outbuf_s = outbuf; while (tmpbuflen) { if (tmpbuflen > 245) { bytes_to_send = 245; p1 = 0x80; le = 0x00; } else { bytes_to_send = tmpbuflen; |
︙ | ︙ | |||
2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 | } if (free_tmpbuf) { if (tmpbuf_s) { free(tmpbuf_s); } } /* End transaction */ cackey_end_transaction(slot); #ifdef CACKEY_PARANOID # ifdef _POSIX_SSIZE_MAX if (outbuflen > _POSIX_SSIZE_MAX) { CACKEY_DEBUG_PRINTF("Outbuflen exceeds maximum value, returning in failure. (max = %li, outbuflen = %lu)", (long) _POSIX_SSIZE_MAX, (unsigned long) outbuflen); return(-1); } # endif #endif /* Unpad reply */ if (unpadOutput) { | > > | > > > > > > > > | | | | | < < < < < < < < < < | | | 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 | } if (free_tmpbuf) { if (tmpbuf_s) { free(tmpbuf_s); } } outbuf = outbuf_s; /* End transaction */ cackey_end_transaction(slot); #ifdef CACKEY_PARANOID # ifdef _POSIX_SSIZE_MAX if (outbuflen > _POSIX_SSIZE_MAX) { CACKEY_DEBUG_PRINTF("Outbuflen exceeds maximum value, returning in failure. (max = %li, outbuflen = %lu)", (long) _POSIX_SSIZE_MAX, (unsigned long) outbuflen); return(-1); } # endif #endif /* Unpad reply */ if (unpadOutput) { if (retval < 3) { CACKEY_DEBUG_PRINTF("Reply is too small, we are not able to unpad -- passing back and hoping for the best!"); CACKEY_DEBUG_PRINTF("Returning in success, retval = %li (bytes)", (long) retval); return(retval); } if (outbuf[0] != 0x00) { CACKEY_DEBUG_PRINTF("Unrecognized padding scheme -- passing back and hoping for the best!"); CACKEY_DEBUG_PRINTF("Returning in success, retval = %li (bytes)", (long) retval); return(retval); } blocktype = outbuf[1]; unpadoffset = 0; switch (blocktype) { case 0x00: /* Padding Scheme 1, the first non-zero byte is the start of data */ for (unpadoffset = 2; unpadoffset < retval; unpadoffset++) { if (outbuf[unpadoffset] != 0x00) { break; } } break; case 0x01: /* Padding Scheme 2, pad bytes are 0xFF followed by 0x00 */ for (unpadoffset = 2; unpadoffset < retval; unpadoffset++) { if (outbuf[unpadoffset] != 0xFF) { if (outbuf[unpadoffset] == 0x00) { unpadoffset++; break; } else { CACKEY_DEBUG_PRINTF("Invalid padding data found, returning in failure, should have been 0x00 found 0x%02x", (unsigned int) outbuf[unpadoffset]); return(-1); } } else { CACKEY_DEBUG_PRINTF("Invalid padding data found, returning in failure, should have been 0xFF found 0x%02x", (unsigned int) outbuf[unpadoffset]); return(-1); } } break; case 0x02: /* Padding Scheme 3, pad bytes are non-zero first zero byte found is the seperator byte */ for (unpadoffset = 2; unpadoffset < retval; unpadoffset++) { if (outbuf[unpadoffset] == 0x00) { unpadoffset++; break; } } break; } if (unpadoffset > retval) { CACKEY_DEBUG_PRINTF("Offset greater than reply size, aborting. (unpadoffset = %lu, retval = %lu)", (unsigned long) unpadoffset, (unsigned long) retval); return(-1); } CACKEY_DEBUG_PRINTBUF("Padded:", outbuf, retval); retval -= unpadoffset; memmove(outbuf, outbuf + unpadoffset, retval); CACKEY_DEBUG_PRINTBUF("Unpadded:", outbuf, retval); } CACKEY_DEBUG_PRINTF("Returning in success, retval = %li (bytes)", (long) retval); return(retval); } /* * SYNPOSIS * ... |
︙ | ︙ | |||
2195 2196 2197 2198 2199 2200 2201 | status_ret = SCardStatus(slot->pcsc_card, NULL, &reader_len, &state, &protocol, atr, &atr_len); if (status_ret != SCARD_S_SUCCESS) { slot->slot_reset = 1; slot->token_flags = CKF_LOGIN_REQUIRED; if (status_ret == SCARD_W_RESET_CARD) { CACKEY_DEBUG_PRINTF("Reset required, please hold..."); | < < | 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 | status_ret = SCardStatus(slot->pcsc_card, NULL, &reader_len, &state, &protocol, atr, &atr_len); if (status_ret != SCARD_S_SUCCESS) { slot->slot_reset = 1; slot->token_flags = CKF_LOGIN_REQUIRED; if (status_ret == SCARD_W_RESET_CARD) { CACKEY_DEBUG_PRINTF("Reset required, please hold..."); scard_reconn_ret = SCardReconnect(slot->pcsc_card, SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0, SCARD_RESET_CARD, &protocol); if (scard_reconn_ret == SCARD_S_SUCCESS) { /* Re-establish transaction, if it was present */ if (slot->transaction_depth > 0) { slot->transaction_depth--; cackey_begin_transaction(slot); |
︙ | ︙ | |||
2491 2492 2493 2494 2495 2496 2497 | CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen); break; case CKA_LABEL: CACKEY_DEBUG_PRINTF("Requesting attribute CKA_LABEL (0x%08lx) ...", (unsigned long) curr_attr_type); | | | < | > > | > | 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 | CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen); break; case CKA_LABEL: CACKEY_DEBUG_PRINTF("Requesting attribute CKA_LABEL (0x%08lx) ...", (unsigned long) curr_attr_type); /* XXX: Determine name */ ulValueLen = snprintf(ucTmpBuf, sizeof(ucTmpBuf), "Identity #%lu", (unsigned long) identity_num); pValue = ucTmpBuf; if (ulValueLen >= sizeof(ucTmpBuf)) { ulValueLen = 0; pValue = NULL; } CACKEY_DEBUG_PRINTF(" ... returning (%p/%lu)", pValue, (unsigned long) ulValueLen); break; case CKA_VALUE: CACKEY_DEBUG_PRINTF("Requesting attribute CKA_VALUE (0x%08lx) ...", (unsigned long) curr_attr_type); |
︙ | ︙ | |||
2651 2652 2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663 2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 2674 2675 2676 2677 2678 2679 2680 2681 2682 2683 | CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen); break; case CKA_SIGN_RECOVER: CACKEY_DEBUG_PRINTF("Requesting attribute CKA_SIGN_RECOVER (0x%08lx) ...", (unsigned long) curr_attr_type); pValue = &ck_false; ulValueLen = sizeof(ck_false); CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen); break; case CKA_DECRYPT: CACKEY_DEBUG_PRINTF("Requesting attribute CKA_DECRYPT (0x%08lx) ...", (unsigned long) curr_attr_type); if (objectclass == CKO_PRIVATE_KEY || objectclass == CKO_PUBLIC_KEY) { pValue = &ck_true; ulValueLen = sizeof(ck_true); } else { pValue = &ck_false; ulValueLen = sizeof(ck_false); } CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen); break; case CKA_TRUST_SERVER_AUTH: CACKEY_DEBUG_PRINTF("Requesting attribute CKA_TRUST_SERVER_AUTH (0x%08lx) ...", (unsigned long) curr_attr_type); pValue = &ck_true; ulValueLen = sizeof(ck_true); | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 2647 2648 2649 2650 2651 2652 2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663 2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 2674 2675 2676 2677 2678 2679 2680 2681 2682 2683 2684 2685 2686 2687 2688 2689 2690 2691 2692 2693 2694 2695 2696 2697 2698 2699 2700 2701 2702 2703 2704 2705 2706 2707 2708 2709 2710 2711 2712 2713 2714 2715 2716 2717 2718 2719 2720 2721 2722 2723 2724 2725 2726 2727 2728 2729 2730 2731 2732 2733 2734 2735 2736 2737 2738 | CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen); break; case CKA_SIGN_RECOVER: CACKEY_DEBUG_PRINTF("Requesting attribute CKA_SIGN_RECOVER (0x%08lx) ...", (unsigned long) curr_attr_type); /* We currently only support "Sign with Appendix" */ pValue = &ck_false; ulValueLen = sizeof(ck_false); CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen); break; case CKA_DECRYPT: CACKEY_DEBUG_PRINTF("Requesting attribute CKA_DECRYPT (0x%08lx) ...", (unsigned long) curr_attr_type); if (objectclass == CKO_PRIVATE_KEY || objectclass == CKO_PUBLIC_KEY) { pValue = &ck_true; ulValueLen = sizeof(ck_true); } else { pValue = &ck_false; ulValueLen = sizeof(ck_false); } CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen); break; case CKA_SENSITIVE: CACKEY_DEBUG_PRINTF("Requesting attribute CKA_SENSITIVE (0x%08lx) ...", (unsigned long) curr_attr_type); if (objectclass == CKO_PRIVATE_KEY) { pValue = &ck_true; ulValueLen = sizeof(ck_true); } else { pValue = &ck_false; ulValueLen = sizeof(ck_false); } CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen); break; case CKA_EXTRACTABLE: CACKEY_DEBUG_PRINTF("Requesting attribute CKA_EXTRACTABLE (0x%08lx) ...", (unsigned long) curr_attr_type); if (objectclass == CKO_PRIVATE_KEY) { pValue = &ck_false; ulValueLen = sizeof(ck_true); } else { pValue = &ck_true; ulValueLen = sizeof(ck_false); } CACKEY_DEBUG_PRINTF(" ... returning %lu (%p/%lu)", (unsigned long) *((CK_BBOOL *) pValue), pValue, (unsigned long) ulValueLen); break; case CKA_MODULUS: CACKEY_DEBUG_PRINTF("Requesting attribute CKA_MODULUS (0x%08lx) ...", (unsigned long) curr_attr_type); if (certificate_len >= 0) { x509_read_ret = x509_to_modulus(certificate, certificate_len, &pValue); if (x509_read_ret < 0) { pValue = NULL; } else { ulValueLen = x509_read_ret; } } CACKEY_DEBUG_PRINTF(" ... returning (%p/%lu)", pValue, (unsigned long) ulValueLen); break; case CKA_PUBLIC_EXPONENT: CACKEY_DEBUG_PRINTF("Requesting attribute CKA_PUBLIC_EXPONENT (0x%08lx) ...", (unsigned long) curr_attr_type); if (certificate_len >= 0) { x509_read_ret = x509_to_exponent(certificate, certificate_len, &pValue); if (x509_read_ret < 0) { pValue = NULL; } else { ulValueLen = x509_read_ret; } } CACKEY_DEBUG_PRINTF(" ... returning (%p/%lu)", pValue, (unsigned long) ulValueLen); break; case CKA_TRUST_SERVER_AUTH: CACKEY_DEBUG_PRINTF("Requesting attribute CKA_TRUST_SERVER_AUTH (0x%08lx) ...", (unsigned long) curr_attr_type); pValue = &ck_true; ulValueLen = sizeof(ck_true); |
︙ | ︙ |