Overview
| Comment: | Updated code so that information on accessing each certificate for different kinds of cards is not shared |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | piv |
| Files: | files | file ages | folders |
| SHA1: | dc6044978a0f9944aa16896486b3742205aa2912 |
| User & Date: | rkeene on 2013-01-15 04:48:11 |
| Other Links: | manifest | tags |
Context
|
2013-01-15
| ||
| 04:50 | Corrected signature unpacking check-in: ea4c430c50 user: rkeene tags: piv | |
| 04:48 | Updated code so that information on accessing each certificate for different kinds of cards is not shared check-in: dc6044978a user: rkeene tags: piv | |
|
2013-01-14
| ||
| 17:56 | Updated documentation for cackey_get_data check-in: a02a881547 user: rkeene tags: piv | |
Changes
Modified build/certs-to-c from [c49efbf6f1] to [1cd87f2aca].
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
continue
fi
openssl x509 -in "${file}" -out tmpfile.x509 -inform pem -outform der
pubkeylen="$(openssl x509 -in tmpfile.x509 -inform der -text -noout | grep 'RSA Public Key:' | sed 's@^.*(\([0-9][0-9]*\) bit).*$@\1@')"
certlen="$(stat -c '%s' tmpfile.x509)"
cert="$(( cat tmpfile.x509 | od -t x1 | cut -c 9- | tr "\n" ' '; echo ) | sed 's@ @@g;s@..@\\x&@g')"
cat << _EOF_
{
{0},
0,
${certlen},
(unsigned char *) "${cert}",
${pubkeylen}
},
_EOF_
done
rm -f tmpfile.x509
|
| | < | | | |
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
continue
fi
openssl x509 -in "${file}" -out tmpfile.x509 -inform pem -outform der
pubkeylen="$(openssl x509 -in tmpfile.x509 -inform der -text -noout | grep 'RSA Public Key:' | sed 's@^.*(\([0-9][0-9]*\) bit).*$@\1@')"
certlen="$(cat tmpfile.x509 | wc -c)"
cert="$(( cat tmpfile.x509 | od -t x1 | cut -c 9- | tr "\n" ' '; echo ) | sed 's@ @@g;s@..@\\x&@g')"
cat << _EOF_
{
CACKEY_ID_TYPE_CERT_ONLY, /* id_type */
${certlen}, /* certificate_len */
(unsigned char *) "${cert}", /* certificate */
${pubkeylen} /* keysize */
},
_EOF_
done
rm -f tmpfile.x509
|
Modified cackey.c from [f720f246a4] to [9baedfd1c9].
682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 .... 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 .... 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 .... 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396 .... 2419 2420 2421 2422 2423 2424 2425 2426 2427 2428 2429 2430 2431 2432 2433 2434 .... 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 .... 2548 2549 2550 2551 2552 2553 2554 2555 2556 2557 2558 2559 2560 2561 2562 2563 2564 2565 2566 2567 2568 2569 2570 2571 2572 .... 2591 2592 2593 2594 2595 2596 2597 2598 2599 2600 2601 2602 2603 2604 .... 2646 2647 2648 2649 2650 2651 2652 2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663 2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 2674 2675 2676 2677 2678 2679 2680 2681 2682 2683 2684 2685 2686 2687 2688 2689 2690 2691 2692 2693 2694 2695 2696 2697 2698 2699 2700 2701 2702 2703 2704 2705 2706 2707 2708 2709 2710 2711 2712 2713 2714 2715 2716 2717 2718 .... 2767 2768 2769 2770 2771 2772 2773 2774 2775 2776 2777 2778 2779 2780 2781 2782 2783 2784 2785 2786 2787 2788 2789 2790 2791 |
# define CACKEY_DEBUG_FUNC_TAG_TO_STR(x) "DEBUG_DISABLED"
# define CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(x) "DEBUG_DISABLED"
# define CACKEY_DEBUG_FUNC_OBJID_TO_STR(x) "DEBUG_DISABLED"
# define CACKEY_DEBUG_FUNC_APPTYPE_TO_STR(x) "DEBUG_DISABLED"
# define CACKEY_DEBUG_FUNC_ATTRIBUTE_TO_STR(x) "DEBUG_DISABLED"
#endif
struct cackey_pcsc_identity {
unsigned char applet[7];
uint16_t file;
size_t certificate_len;
unsigned char *certificate;
ssize_t keysize;
};
struct cackey_identity {
struct cackey_pcsc_identity *pcsc_identity;
CK_ATTRIBUTE *attributes;
CK_ULONG attributes_count;
................................................................................
* None
*
*/
static ssize_t cackey_get_data(struct cackey_slot *slot, unsigned char *buffer, size_t count, unsigned char oid[3]) {
unsigned char *buffer_p;
size_t init_count;
size_t offset = 0, max_offset, max_count, size;
unsigned char cmd[] = {0x5C, 0x03, 0x00, 0x00, 0x00};
uint16_t respcode;
int send_ret;
int idx;
CACKEY_DEBUG_PRINTF("Called.");
init_count = count;
max_offset = count;
max_count = CACKEY_APDU_MTU;
cmd[2] = oid[0];
cmd[3] = oid[1];
cmd[4] = oid[2];
/* 256 to indicate the largest message size -- not clear if this will work with all messages */
send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, NISTSP800_73_3_INSTR_GET_DATA, 0x3F, 0xFF, sizeof(cmd), cmd, 256, &respcode, buffer, &count);
................................................................................
}
if (dest == NULL) {
dest = malloc(sizeof(*dest) * count);
}
for (idx = 0; idx < count; idx++) {
memcpy(dest[idx].applet, start[idx].applet, sizeof(dest[idx].applet));
dest[idx].file = start[idx].file;
dest[idx].certificate_len = start[idx].certificate_len;
dest[idx].keysize = start[idx].keysize;
dest[idx].certificate = malloc(dest[idx].certificate_len);
memcpy(dest[idx].certificate, start[idx].certificate, dest[idx].certificate_len);
}
................................................................................
/* Try PIV application */
send_ret = cackey_select_applet(slot, piv_aid, sizeof(piv_aid));
if (send_ret == CACKEY_PCSC_S_OK) {
CACKEY_DEBUG_PRINTF("We have a PIV card -- not using the CCC, pulling pre-selected keys");
piv = 1;
} else {
CACKEY_DEBUG_PRINTF("Unable to select CCC Applet, returning in failure");
/* Terminate SmartCard Transaction */
cackey_end_transaction(slot);
return(NULL);
}
................................................................................
continue;
}
curr_id = &certs[outidx];
outidx++;
curr_id->keysize = -1;
curr_id->file = 0xFFFF;
curr_id->applet[0] = piv_key;
curr_id->certificate_len = read_ret;
curr_id->certificate = malloc(curr_id->certificate_len);
memcpy(curr_id->certificate, buffer + 4, curr_id->certificate_len - 4); /* XXX TODO PIV (-4 header, -5 trailer == why ?) */
curr_id->certificate_len -= 4;
curr_id->certificate_len -= 5;
}
................................................................................
continue;
}
curr_id = &certs[outidx];
outidx++;
memcpy(curr_id->applet, curr_aid, sizeof(curr_id->applet));
curr_id->file = ccc_curr->value_cardurl->objectid;
curr_id->keysize = -1;
CACKEY_DEBUG_PRINTF("Filling curr_id->applet (%p) with %lu bytes:", curr_id->applet, (unsigned long) sizeof(curr_id->applet));
CACKEY_DEBUG_PRINTBUF("VAL:", curr_id->applet, sizeof(curr_id->applet));
curr_id->certificate_len = app_curr->length;
curr_id->certificate = malloc(curr_id->certificate_len);
memcpy(curr_id->certificate, app_curr->value, curr_id->certificate_len);
if (outidx >= *count) {
................................................................................
* ...
*
* NOTES
* ...
*
*/
static ssize_t cackey_signdecrypt(struct cackey_slot *slot, struct cackey_identity *identity, unsigned char *buf, size_t buflen, unsigned char *outbuf, size_t outbuflen, int padInput, int unpadOutput) {
unsigned char dyn_auth_template[10];
unsigned char *tmpbuf, *tmpbuf_s, *outbuf_s;
unsigned char bytes_to_send, p1, class;
unsigned char blocktype;
cackey_ret send_ret;
uint16_t respcode;
ssize_t retval = 0, unpadoffset;
size_t tmpbuflen, padlen, tmpoutbuflen;
int free_tmpbuf = 0;
int le;
int piv;
CACKEY_DEBUG_PRINTF("Called.");
if (slot == NULL) {
CACKEY_DEBUG_PRINTF("Error. slot is NULL");
return(-1);
................................................................................
}
if (identity->pcsc_identity == NULL) {
CACKEY_DEBUG_PRINTF("Error. identity->pcsc_identity is NULL");
return(-1);
}
/* Determine identity Key size */
if (identity->pcsc_identity->keysize < 0) {
identity->pcsc_identity->keysize = x509_to_keysize(identity->pcsc_identity->certificate, identity->pcsc_identity->certificate_len);
}
/* Pad message to key size */
................................................................................
free_tmpbuf = 0;
padlen = 0;
}
/* Begin transaction */
cackey_begin_transaction(slot);
/* Determine type of transaction */
if (identity->pcsc_identity->file == 0xFFFF) {
piv = 1;
} else {
piv = 0;
}
/* Select correct applet */
if (!piv) {
CACKEY_DEBUG_PRINTF("Selecting applet found at %p ...", identity->pcsc_identity->applet);
cackey_select_applet(slot, identity->pcsc_identity->applet, sizeof(identity->pcsc_identity->applet));
/* Select correct file */
cackey_select_file(slot, identity->pcsc_identity->file);
} else {
dyn_auth_template[0] = 0x7C;
dyn_auth_template[1] = 0x82;
dyn_auth_template[2] = ((tmpbuflen + 6) & 0xff00) >> 8;
dyn_auth_template[3] = (tmpbuflen + 6) & 0x00ff;
dyn_auth_template[4] = 0x82;
dyn_auth_template[5] = 0x00;
dyn_auth_template[6] = 0x81;
dyn_auth_template[7] = 0x82;
dyn_auth_template[8] = (tmpbuflen & 0xff00) >> 8;
dyn_auth_template[9] = tmpbuflen & 0x00ff;
send_ret = cackey_send_apdu(slot, 0x10, NISTSP800_73_3_INSTR_GENAUTH, NISTSP800_78_3_ALGO_RSA2048, identity->pcsc_identity->applet[0], sizeof(dyn_auth_template), dyn_auth_template, 0x00, NULL, NULL, NULL);
}
tmpbuf_s = tmpbuf;
outbuf_s = outbuf;
while (tmpbuflen) {
if (tmpbuflen > 245) {
bytes_to_send = 245;
if (piv) {
class = 0x10;
le = 0x00;
} else {
p1 = 0x80;
le = 0x00;
}
} else {
bytes_to_send = tmpbuflen;
if (piv) {
class = GSCIS_CLASS_ISO7816;
le = 256;
} else {
p1 = 0x00;
le = 0x00;
}
}
tmpoutbuflen = outbuflen;
if (piv) {
send_ret = cackey_send_apdu(slot, class, NISTSP800_73_3_INSTR_GENAUTH, NISTSP800_78_3_ALGO_RSA2048, identity->pcsc_identity->applet[0], bytes_to_send, tmpbuf, le, &respcode, outbuf, &tmpoutbuflen);
} else {
send_ret = cackey_send_apdu(slot, GSCIS_CLASS_GLOBAL_PLATFORM, GSCIS_INSTR_SIGNDECRYPT, p1, 0x00, bytes_to_send, tmpbuf, le, &respcode, outbuf, &tmpoutbuflen);
}
if (send_ret != CACKEY_PCSC_S_OK) {
CACKEY_DEBUG_PRINTF("ADPU Sending Failed -- returning in error.");
if (free_tmpbuf) {
if (tmpbuf_s) {
free(tmpbuf_s);
}
................................................................................
return(-1);
}
# endif
#endif
/* We must remove the "7C" tag to get to the signature */
if (piv) {
if (outbuf[0] != 0x7C) {
CACKEY_DEBUG_PRINTF("Response from PIV for GENERATE AUTHENTICATION was not a 0x7C tag, returning in failure");
return(-1);
}
/* XXX TODO PIV */
memmove(outbuf, outbuf + 8, retval - 8);
retval -= 8;
}
/* Unpad reply */
if (unpadOutput) {
if (retval < 3) {
CACKEY_DEBUG_PRINTF("Reply is too small, we are not able to unpad -- passing back and hoping for the best!");
|
> > > > > > < < > > > > > > > > > > > > | < < < | > > | > > > > > > > < | | > | | < > | > < > > > > > > > > > > > > > > > > > < < < < < < < < > > | | | | < > > | | | | | | | | | | | > > > > > | | | > > > > > > > | | | | | | > > > > > > > | < < | | < < < | | > > > > | < < < < < < | > | | < | | < | | | > > > > |
682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 .... 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 .... 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 .... 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 .... 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2455 .... 2507 2508 2509 2510 2511 2512 2513 2514 2515 2516 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 .... 2570 2571 2572 2573 2574 2575 2576 2577 2578 2579 2580 2581 2582 2583 2584 2585 2586 2587 2588 2589 2590 2591 2592 2593 2594 .... 2613 2614 2615 2616 2617 2618 2619 2620 2621 2622 2623 2624 2625 2626 2627 2628 2629 2630 2631 2632 2633 2634 2635 2636 2637 2638 2639 2640 2641 2642 2643 .... 2685 2686 2687 2688 2689 2690 2691 2692 2693 2694 2695 2696 2697 2698 2699 2700 2701 2702 2703 2704 2705 2706 2707 2708 2709 2710 2711 2712 2713 2714 2715 2716 2717 2718 2719 2720 2721 2722 2723 2724 2725 2726 2727 2728 2729 2730 2731 2732 2733 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 2747 2748 2749 2750 2751 2752 2753 2754 2755 2756 2757 2758 2759 2760 2761 2762 2763 2764 .... 2813 2814 2815 2816 2817 2818 2819 2820 2821 2822 2823 2824 2825 2826 2827 2828 2829 2830 2831 2832 2833 2834 2835 2836 2837 2838 2839 2840 |
# define CACKEY_DEBUG_FUNC_TAG_TO_STR(x) "DEBUG_DISABLED" # define CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(x) "DEBUG_DISABLED" # define CACKEY_DEBUG_FUNC_OBJID_TO_STR(x) "DEBUG_DISABLED" # define CACKEY_DEBUG_FUNC_APPTYPE_TO_STR(x) "DEBUG_DISABLED" # define CACKEY_DEBUG_FUNC_ATTRIBUTE_TO_STR(x) "DEBUG_DISABLED" #endif typedef enum { CACKEY_ID_TYPE_CAC, CACKEY_ID_TYPE_PIV, CACKEY_ID_TYPE_CERT_ONLY } cackey_pcsc_id_type; struct cackey_pcsc_identity { cackey_pcsc_id_type id_type; size_t certificate_len; unsigned char *certificate; ssize_t keysize; union { struct { unsigned char applet[7]; uint16_t file; } cac; struct { unsigned char key_id; } piv; } card; }; struct cackey_identity { struct cackey_pcsc_identity *pcsc_identity; CK_ATTRIBUTE *attributes; CK_ULONG attributes_count; ................................................................................ * None * */ static ssize_t cackey_get_data(struct cackey_slot *slot, unsigned char *buffer, size_t count, unsigned char oid[3]) { unsigned char *buffer_p; size_t init_count; size_t offset = 0, size; unsigned char cmd[] = {0x5C, 0x03, 0x00, 0x00, 0x00}; uint16_t respcode; int send_ret; int idx; CACKEY_DEBUG_PRINTF("Called."); init_count = count; cmd[2] = oid[0]; cmd[3] = oid[1]; cmd[4] = oid[2]; /* 256 to indicate the largest message size -- not clear if this will work with all messages */ send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, NISTSP800_73_3_INSTR_GET_DATA, 0x3F, 0xFF, sizeof(cmd), cmd, 256, &respcode, buffer, &count); ................................................................................ } if (dest == NULL) { dest = malloc(sizeof(*dest) * count); } for (idx = 0; idx < count; idx++) { switch (dest[idx].id_type) { case CACKEY_ID_TYPE_CAC: memcpy(dest[idx].card.cac.applet, start[idx].card.cac.applet, sizeof(dest[idx].card.cac.applet)); dest[idx].card.cac.file = start[idx].card.cac.file; break; case CACKEY_ID_TYPE_PIV: dest[idx].card.piv.key_id = start[idx].card.piv.key_id; break; case CACKEY_ID_TYPE_CERT_ONLY: break; } dest[idx].certificate_len = start[idx].certificate_len; dest[idx].keysize = start[idx].keysize; dest[idx].certificate = malloc(dest[idx].certificate_len); memcpy(dest[idx].certificate, start[idx].certificate, dest[idx].certificate_len); } ................................................................................ /* Try PIV application */ send_ret = cackey_select_applet(slot, piv_aid, sizeof(piv_aid)); if (send_ret == CACKEY_PCSC_S_OK) { CACKEY_DEBUG_PRINTF("We have a PIV card -- not using the CCC, pulling pre-selected keys"); piv = 1; } else { CACKEY_DEBUG_PRINTF("Unable to select CCC Applet, returning in failure"); /* Terminate SmartCard Transaction */ cackey_end_transaction(slot); return(NULL); } ................................................................................ continue; } curr_id = &certs[outidx]; outidx++; curr_id->keysize = -1; curr_id->id_type = CACKEY_ID_TYPE_PIV; curr_id->card.piv.key_id = piv_key; curr_id->certificate_len = read_ret; curr_id->certificate = malloc(curr_id->certificate_len); memcpy(curr_id->certificate, buffer + 4, curr_id->certificate_len - 4); /* XXX TODO PIV (-4 header, -5 trailer == why ?) */ curr_id->certificate_len -= 4; curr_id->certificate_len -= 5; } ................................................................................ continue; } curr_id = &certs[outidx]; outidx++; curr_id->id_type = CACKEY_ID_TYPE_CAC; memcpy(curr_id->card.cac.applet, curr_aid, sizeof(curr_id->card.cac.applet)); curr_id->card.cac.file = ccc_curr->value_cardurl->objectid; curr_id->keysize = -1; CACKEY_DEBUG_PRINTF("Filling curr_id->card.cac.applet (%p) with %lu bytes:", curr_id->card.cac.applet, (unsigned long) sizeof(curr_id->card.cac.applet)); CACKEY_DEBUG_PRINTBUF("VAL:", curr_id->card.cac.applet, sizeof(curr_id->card.cac.applet)); curr_id->certificate_len = app_curr->length; curr_id->certificate = malloc(curr_id->certificate_len); memcpy(curr_id->certificate, app_curr->value, curr_id->certificate_len); if (outidx >= *count) { ................................................................................ * ... * * NOTES * ... * */ static ssize_t cackey_signdecrypt(struct cackey_slot *slot, struct cackey_identity *identity, unsigned char *buf, size_t buflen, unsigned char *outbuf, size_t outbuflen, int padInput, int unpadOutput) { cackey_pcsc_id_type id_type; unsigned char dyn_auth_template[10]; unsigned char *tmpbuf, *tmpbuf_s, *outbuf_s; unsigned char bytes_to_send, p1, class; unsigned char blocktype; cackey_ret send_ret; uint16_t respcode; ssize_t retval = 0, unpadoffset; size_t tmpbuflen, padlen, tmpoutbuflen; int free_tmpbuf = 0; int le; CACKEY_DEBUG_PRINTF("Called."); if (slot == NULL) { CACKEY_DEBUG_PRINTF("Error. slot is NULL"); return(-1); ................................................................................ } if (identity->pcsc_identity == NULL) { CACKEY_DEBUG_PRINTF("Error. identity->pcsc_identity is NULL"); return(-1); } id_type = identity->pcsc_identity->id_type; if (id_type == CACKEY_ID_TYPE_CERT_ONLY) { CACKEY_DEBUG_PRINTF("Error. identity->pcsc_identity is CACKEY_ID_TYPE_CERT_ONLY, which cannot be used for sign/decrypt"); return(-1); } switch (id_type) { case CACKEY_ID_TYPE_PIV: case CACKEY_ID_TYPE_CAC: break; default: CACKEY_DEBUG_PRINTF("Error. identity->pcsc_identity is not a supported value."); return(-1); } /* Determine identity Key size */ if (identity->pcsc_identity->keysize < 0) { identity->pcsc_identity->keysize = x509_to_keysize(identity->pcsc_identity->certificate, identity->pcsc_identity->certificate_len); } /* Pad message to key size */ ................................................................................ free_tmpbuf = 0; padlen = 0; } /* Begin transaction */ cackey_begin_transaction(slot); /* Select correct applet */ switch (id_type) { case CACKEY_ID_TYPE_CAC: CACKEY_DEBUG_PRINTF("Selecting applet found at %p ...", identity->pcsc_identity->card.cac.applet); cackey_select_applet(slot, identity->pcsc_identity->card.cac.applet, sizeof(identity->pcsc_identity->card.cac.applet)); /* Select correct file */ cackey_select_file(slot, identity->pcsc_identity->card.cac.file); break; case CACKEY_ID_TYPE_PIV: dyn_auth_template[0] = 0x7C; dyn_auth_template[1] = 0x82; dyn_auth_template[2] = ((tmpbuflen + 6) & 0xff00) >> 8; dyn_auth_template[3] = (tmpbuflen + 6) & 0x00ff; dyn_auth_template[4] = 0x82; dyn_auth_template[5] = 0x00; dyn_auth_template[6] = 0x81; dyn_auth_template[7] = 0x82; dyn_auth_template[8] = (tmpbuflen & 0xff00) >> 8; dyn_auth_template[9] = tmpbuflen & 0x00ff; send_ret = cackey_send_apdu(slot, 0x10, NISTSP800_73_3_INSTR_GENAUTH, NISTSP800_78_3_ALGO_RSA2048, identity->pcsc_identity->card.piv.key_id, sizeof(dyn_auth_template), dyn_auth_template, 0x00, NULL, NULL, NULL); break; case CACKEY_ID_TYPE_CERT_ONLY: break; } tmpbuf_s = tmpbuf; outbuf_s = outbuf; while (tmpbuflen) { tmpoutbuflen = outbuflen; if (tmpbuflen > CACKEY_APDU_MTU) { bytes_to_send = CACKEY_APDU_MTU; } else { bytes_to_send = tmpbuflen; } send_ret = CACKEY_PCSC_E_GENERIC; switch (id_type) { case CACKEY_ID_TYPE_CAC: if (tmpbuflen > CACKEY_APDU_MTU) { p1 = 0x80; le = 0x00; } else { p1 = 0x00; le = 0x00; } send_ret = cackey_send_apdu(slot, GSCIS_CLASS_GLOBAL_PLATFORM, GSCIS_INSTR_SIGNDECRYPT, p1, 0x00, bytes_to_send, tmpbuf, le, &respcode, outbuf, &tmpoutbuflen); break; case CACKEY_ID_TYPE_PIV: if (tmpbuflen > CACKEY_APDU_MTU) { class = 0x10; le = 0x00; } else { class = GSCIS_CLASS_ISO7816; le = 256; } send_ret = cackey_send_apdu(slot, class, NISTSP800_73_3_INSTR_GENAUTH, NISTSP800_78_3_ALGO_RSA2048, identity->pcsc_identity->card.piv.key_id, bytes_to_send, tmpbuf, le, &respcode, outbuf, &tmpoutbuflen); break; case CACKEY_ID_TYPE_CERT_ONLY: break; } if (send_ret != CACKEY_PCSC_S_OK) { CACKEY_DEBUG_PRINTF("ADPU Sending Failed -- returning in error."); if (free_tmpbuf) { if (tmpbuf_s) { free(tmpbuf_s); } ................................................................................ return(-1); } # endif #endif /* We must remove the "7C" tag to get to the signature */ switch (id_type) { case CACKEY_ID_TYPE_PIV: if (outbuf[0] != 0x7C) { CACKEY_DEBUG_PRINTF("Response from PIV for GENERATE AUTHENTICATION was not a 0x7C tag, returning in failure"); return(-1); /* XXX TODO PIV */ memmove(outbuf, outbuf + 8, retval - 8); retval -= 8; } case CACKEY_ID_TYPE_CAC: case CACKEY_ID_TYPE_CERT_ONLY: break; } /* Unpad reply */ if (unpadOutput) { if (retval < 3) { CACKEY_DEBUG_PRINTF("Reply is too small, we are not able to unpad -- passing back and hoping for the best!"); |
Modified cackey_builtin_certs.h from [f00b0b6557] to [6bf193b9b4].
cannot compute difference between binary files