Overview
| Comment: | Updated to support determining key size from X.509 object (untested)
Updated to set HW TOKEN flag Updated to pad sign/decrypt message to key size (untested) |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
a2ac84031e5bfbe46922adbdb12f8710 |
| User & Date: | rkeene on 2010-05-17 19:37:43 |
| Other Links: | manifest | tags |
Context
|
2010-05-17
| ||
| 19:43 | Fixed issues with padding check-in: 66507306f5 user: rkeene tags: trunk | |
| 19:37 |
Updated to support determining key size from X.509 object (untested)
Updated to set HW TOKEN flag Updated to pad sign/decrypt message to key size (untested) check-in: a2ac84031e user: rkeene tags: trunk | |
| 14:55 | Added removable device flag to slot info check-in: b4a6b9d685 user: rkeene tags: trunk | |
Changes
Modified asn1-x509.c from [cf76aee3de] to [d808ad3525].
| ︙ | ︙ | |||
39 40 41 42 43 44 45 | struct asn1_object certificate; struct asn1_object version; struct asn1_object serial_number; struct asn1_object signature_algo; struct asn1_object issuer; struct asn1_object validity; struct asn1_object subject; | | > > > > | 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
struct asn1_object certificate;
struct asn1_object version;
struct asn1_object serial_number;
struct asn1_object signature_algo;
struct asn1_object issuer;
struct asn1_object validity;
struct asn1_object subject;
struct asn1_object pubkeyinfo;
struct asn1_object pubkey_algoid;
struct asn1_object pubkey_algo;
struct asn1_object pubkey_algoparm;
struct asn1_object pubkey;
};
static int _asn1_x509_read_asn1_object(unsigned char *buf, size_t buflen, va_list *args) {
unsigned char small_object_size;
unsigned char *buf_p;
struct asn1_object *outbuf;
|
| ︙ | ︙ | |||
65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
outbuf->tag = *buf_p;
buf_p++;
buflen--;
if (buflen == 0) {
return(-1);
}
small_object_size = *buf_p;
buf_p++;
buflen--;
if (buflen == 0) {
return(-1);
}
| > > > > > | 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
outbuf->tag = *buf_p;
buf_p++;
buflen--;
if (buflen == 0) {
return(-1);
}
/* NULL Tag -- no size is required */
if (outbuf->tag == 0x00) {
return(_asn1_x509_read_asn1_object(buf_p, buflen, args));
}
small_object_size = *buf_p;
buf_p++;
buflen--;
if (buflen == 0) {
return(-1);
}
|
| ︙ | ︙ | |||
130 131 132 133 134 135 136 |
}
read_ret = asn1_x509_read_asn1_object(outbuf->wholething.contents, outbuf->wholething.size, &outbuf->certificate, NULL);
if (read_ret != 0) {
return(-1);
}
| | > > > > > | 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 |
}
read_ret = asn1_x509_read_asn1_object(outbuf->wholething.contents, outbuf->wholething.size, &outbuf->certificate, NULL);
if (read_ret != 0) {
return(-1);
}
read_ret = asn1_x509_read_asn1_object(outbuf->certificate.contents, outbuf->certificate.size, &outbuf->version, &outbuf->serial_number, &outbuf->signature_algo, &outbuf->issuer, &outbuf->validity, &outbuf->subject, &outbuf->pubkeyinfo, NULL);
if (read_ret != 0) {
return(-1);
}
read_ret = asn1_x509_read_asn1_object(outbuf->pubkeyinfo.contents, outbuf->pubkeyinfo.size, &outbuf->pubkey_algoid, &outbuf->pubkey, NULL);
if (read_ret != 0) {
return(-1);
}
return(0);
}
|
| ︙ | ︙ | |||
185 186 187 188 189 190 191 192 193 194 195 196 197 198 |
if (outbuf) {
*outbuf = x509.serial_number.asn1rep;
}
return(x509.serial_number.asn1rep_len);
}
/*
* http://www.blackberry.com/developers/docs/4.6.0api/javax/microedition/pki/Certificate.html
*/
static const char *_x509_objectid_to_label_string(void *buf, size_t buflen) {
switch (buflen) {
case 3:
| > > > > > > > > > > > > > > > > > > > > > > > > | 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 |
if (outbuf) {
*outbuf = x509.serial_number.asn1rep;
}
return(x509.serial_number.asn1rep_len);
}
ssize_t x509_to_keysize(void *x509_der_buf, size_t x509_der_buf_len) {
struct asn1_object null, pubkey, modulus, exponent;
struct x509_object x509;
int read_ret;
read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
if (read_ret != 0) {
return(-1);
}
/* The structure of "pubkey" is specified in PKCS #1 */
read_ret = asn1_x509_read_asn1_object(x509.pubkey.contents, x509.pubkey.size, &null, &pubkey, NULL);
if (read_ret != 0) {
return(-1);
}
read_ret = asn1_x509_read_asn1_object(pubkey.contents, pubkey.size, &modulus, &exponent, NULL);
if (read_ret != 0) {
return(-1);
}
return(modulus.size - 1);
}
/*
* http://www.blackberry.com/developers/docs/4.6.0api/javax/microedition/pki/Certificate.html
*/
static const char *_x509_objectid_to_label_string(void *buf, size_t buflen) {
switch (buflen) {
case 3:
|
| ︙ | ︙ |
Modified asn1-x509.h from [73df2a78e9] to [40a1fc466e].
| ︙ | ︙ | |||
11 12 13 14 15 16 17 18 19 20 21 | #endif ssize_t x509_to_subject(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf); ssize_t x509_to_issuer(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf); ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf); ssize_t x509_dn_to_string(void *asn1_der_buf, size_t asn1_der_buf_len, char *outbuf, size_t outbuf_len, char *matchlabel); #endif | > > | 11 12 13 14 15 16 17 18 19 20 21 22 23 | #endif ssize_t x509_to_subject(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf); ssize_t x509_to_issuer(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf); ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf); ssize_t x509_to_keysize(void *x509_der_buf, size_t x509_der_buf_len); ssize_t x509_dn_to_string(void *asn1_der_buf, size_t asn1_der_buf_len, char *outbuf, size_t outbuf_len, char *matchlabel); #endif |
Modified cackey.c from [6b8855e22d] to [e6d26b97df].
| ︙ | ︙ | |||
461 462 463 464 465 466 467 468 469 470 471 472 473 474 |
unsigned char applet[7];
uint16_t file;
unsigned char *label;
size_t certificate_len;
unsigned char *certificate;
};
struct cackey_identity {
struct cackey_pcsc_identity *pcsc_identity;
CK_ATTRIBUTE *attributes;
CK_ULONG attributes_count;
| > > | 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 |
unsigned char applet[7];
uint16_t file;
unsigned char *label;
size_t certificate_len;
unsigned char *certificate;
ssize_t keysize;
};
struct cackey_identity {
struct cackey_pcsc_identity *pcsc_identity;
CK_ATTRIBUTE *attributes;
CK_ULONG attributes_count;
|
| ︙ | ︙ | |||
1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 |
curr_id = &certs[outidx];
outidx++;
memcpy(curr_id->applet, curr_aid, sizeof(curr_id->applet));
curr_id->file = ccc_curr->value_cardurl->objectid;
curr_id->label = NULL;
CACKEY_DEBUG_PRINTF("Filling curr_id->applet (%p) with %lu bytes:", curr_id->applet, (unsigned long) sizeof(curr_id->applet));
CACKEY_DEBUG_PRINTBUF("VAL:", curr_id->applet, sizeof(curr_id->applet));
curr_id->certificate_len = app_curr->length;
curr_id->certificate = malloc(curr_id->certificate_len);
| > | 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 |
curr_id = &certs[outidx];
outidx++;
memcpy(curr_id->applet, curr_aid, sizeof(curr_id->applet));
curr_id->file = ccc_curr->value_cardurl->objectid;
curr_id->label = NULL;
curr_id->keysize = -1;
CACKEY_DEBUG_PRINTF("Filling curr_id->applet (%p) with %lu bytes:", curr_id->applet, (unsigned long) sizeof(curr_id->applet));
CACKEY_DEBUG_PRINTBUF("VAL:", curr_id->applet, sizeof(curr_id->applet));
curr_id->certificate_len = app_curr->length;
curr_id->certificate = malloc(curr_id->certificate_len);
|
| ︙ | ︙ | |||
1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 |
* ...
*
* NOTES
* ...
*
*/
static ssize_t cackey_signdecrypt(struct cackey_slot *slot, struct cackey_identity *identity, unsigned char *buf, size_t buflen, unsigned char *outbuf, size_t outbuflen) {
cackey_ret send_ret;
int le;
CACKEY_DEBUG_PRINTF("Called.");
if (buflen > 255) {
CACKEY_DEBUG_PRINTF("Error. buflen is greater than 255 (buflen = %lu)", (unsigned long) buflen);
| > > > > | 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 |
* ...
*
* NOTES
* ...
*
*/
static ssize_t cackey_signdecrypt(struct cackey_slot *slot, struct cackey_identity *identity, unsigned char *buf, size_t buflen, unsigned char *outbuf, size_t outbuflen) {
unsigned char *tmpbuf, *tmpbuf_s;
unsigned char bytes_to_send, p1;
cackey_ret send_ret;
size_t tmpbuflen, padlen;
int free_tmpbuf = 0;
int le;
CACKEY_DEBUG_PRINTF("Called.");
if (buflen > 255) {
CACKEY_DEBUG_PRINTF("Error. buflen is greater than 255 (buflen = %lu)", (unsigned long) buflen);
|
| ︙ | ︙ | |||
1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 |
}
if (identity->pcsc_identity == NULL) {
CACKEY_DEBUG_PRINTF("Error. identity->pcsc_identity is NULL");
return(-1);
}
/* Begin transaction */
cackey_begin_transaction(slot);
/* Select correct applet */
CACKEY_DEBUG_PRINTF("Selecting applet found at %p ...", identity->pcsc_identity->applet);
cackey_select_applet(slot, identity->pcsc_identity->applet, sizeof(identity->pcsc_identity->applet));
/* Select correct file */
cackey_select_file(slot, identity->pcsc_identity->file);
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | | | > > > > > > | | | > > > > > > > > > > | 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 |
}
if (identity->pcsc_identity == NULL) {
CACKEY_DEBUG_PRINTF("Error. identity->pcsc_identity is NULL");
return(-1);
}
/* Determine identity Key size */
if (identity->pcsc_identity->keysize < 0) {
identity->pcsc_identity->keysize = x509_to_keysize(identity->pcsc_identity->certificate, identity->pcsc_identity->certificate_len);
}
/* Pad message to key size */
if (identity->pcsc_identity->keysize > 0) {
if (buflen != identity->pcsc_identity->keysize) {
if (buflen > (identity->pcsc_identity->keysize + 3)) {
CACKEY_DEBUG_PRINTF("Error. Message is too large to sign/decrypt");
return(-1);
}
tmpbuflen = identity->pcsc_identity->keysize;
tmpbuf = malloc(tmpbuflen);
free_tmpbuf = 1;
padlen = tmpbuflen - buflen - 3;
tmpbuf[0] = 0x00;
tmpbuf[1] = 0x01;
memset(&tmpbuf[2], 0xFF, padlen);
tmpbuf[padlen]= 0x00;
memcpy(&tmpbuf[padlen + 1], buf, buflen);
} else {
tmpbuf = buf;
tmpbuflen = buflen;
free_tmpbuf = 0;
padlen = 0;
}
} else {
CACKEY_DEBUG_PRINTF("Unable to determine key size, hoping the message is properly padded!");
tmpbuf = buf;
tmpbuflen = buflen;
free_tmpbuf = 0;
padlen = 0;
}
/* Begin transaction */
cackey_begin_transaction(slot);
/* Select correct applet */
CACKEY_DEBUG_PRINTF("Selecting applet found at %p ...", identity->pcsc_identity->applet);
cackey_select_applet(slot, identity->pcsc_identity->applet, sizeof(identity->pcsc_identity->applet));
/* Select correct file */
cackey_select_file(slot, identity->pcsc_identity->file);
tmpbuf_s = tmpbuf;
while (tmpbuflen) {
if (tmpbuflen > 245) {
bytes_to_send = 245;
p1 = 0x80;
} else {
bytes_to_send = tmpbuflen;
p1 = 0x00;
}
send_ret = cackey_send_apdu(slot, GSCIS_CLASS_GLOBAL_PLATFORM, GSCIS_INSTR_SIGNDECRYPT, p1, 0x00, bytes_to_send, tmpbuf, le, NULL, outbuf, &outbuflen);
if (send_ret != CACKEY_PCSC_S_OK) {
CACKEY_DEBUG_PRINTF("ADPU Sending Failed -- returning in error.");
if (free_tmpbuf) {
if (tmpbuf_s) {
free(tmpbuf_s);
}
}
/* End transaction */
cackey_end_transaction(slot);
return(-1);
}
tmpbuf += bytes_to_send;
tmpbuflen -= bytes_to_send;
}
if (free_tmpbuf) {
if (tmpbuf_s) {
free(tmpbuf_s);
}
}
/* End transaction */
cackey_end_transaction(slot);
#ifdef CACKEY_PARANOID
# ifdef _POSIX_SSIZE_MAX
|
| ︙ | ︙ | |||
2938 2939 2940 2941 2942 2943 2944 |
bytes_to_copy = strlen(cackey_slots[slotID].pcsc_reader);
if (sizeof(pInfo->manufacturerID) < bytes_to_copy) {
bytes_to_copy = sizeof(pInfo->manufacturerID);
}
memcpy(pInfo->manufacturerID, cackey_slots[slotID].pcsc_reader, bytes_to_copy);
| | | 3011 3012 3013 3014 3015 3016 3017 3018 3019 3020 3021 3022 3023 3024 3025 |
bytes_to_copy = strlen(cackey_slots[slotID].pcsc_reader);
if (sizeof(pInfo->manufacturerID) < bytes_to_copy) {
bytes_to_copy = sizeof(pInfo->manufacturerID);
}
memcpy(pInfo->manufacturerID, cackey_slots[slotID].pcsc_reader, bytes_to_copy);
pInfo->flags = CKF_REMOVABLE_DEVICE | CKF_HW_SLOT;
if (cackey_token_present(&cackey_slots[slotID]) == CACKEY_PCSC_S_TOKENPRESENT) {
pInfo->flags |= CKF_TOKEN_PRESENT;
}
pInfo->hardwareVersion.major = (cackey_getversion() >> 16) & 0xff;
pInfo->hardwareVersion.minor = (cackey_getversion() >> 8) & 0xff;
|
| ︙ | ︙ |