Check-in [a2ac84031e]
Overview
Comment:Updated to support determining key size from X.509 object (untested)

Updated to set HW TOKEN flag

Updated to pad sign/decrypt message to key size (untested)

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:a2ac84031e5bfbe46922adbdb12f8710a041dd03
User & Date: rkeene on 2010-05-17 19:37:43
Other Links: manifest | tags
Context
2010-05-17
19:43
Fixed issues with padding check-in: 66507306f5 user: rkeene tags: trunk
19:37
Updated to support determining key size from X.509 object (untested)

Updated to set HW TOKEN flag

Updated to pad sign/decrypt message to key size (untested) check-in: a2ac84031e user: rkeene tags: trunk

14:55
Added removable device flag to slot info check-in: b4a6b9d685 user: rkeene tags: trunk
Changes

Modified asn1-x509.c from [cf76aee3de] to [d808ad3525].

39
40
41
42
43
44
45




46
47
48
49
50
51
52
53
..
65
66
67
68
69
70
71





72
73
74
75
76
77
78
...
130
131
132
133
134
135
136
137





138
139
140
141
142
143
144
...
185
186
187
188
189
190
191
























192
193
194
195
196
197
198
		struct asn1_object certificate;
			struct asn1_object version;
			struct asn1_object serial_number;
			struct asn1_object signature_algo;
			struct asn1_object issuer;
			struct asn1_object validity;
			struct asn1_object subject;




		struct asn1_object signature;
};

static int _asn1_x509_read_asn1_object(unsigned char *buf, size_t buflen, va_list *args) {
	unsigned char small_object_size;
	unsigned char *buf_p;
	struct asn1_object *outbuf;

................................................................................

	outbuf->tag = *buf_p;
	buf_p++;
	buflen--;
	if (buflen == 0) {
		return(-1);
	}






	small_object_size = *buf_p;
	buf_p++;
	buflen--;
	if (buflen == 0) {
		return(-1);
	}
................................................................................
	}

	read_ret = asn1_x509_read_asn1_object(outbuf->wholething.contents, outbuf->wholething.size, &outbuf->certificate, NULL);
	if (read_ret != 0) {
		return(-1);
	}

	read_ret = asn1_x509_read_asn1_object(outbuf->certificate.contents, outbuf->certificate.size, &outbuf->version, &outbuf->serial_number, &outbuf->signature_algo, &outbuf->issuer, &outbuf->validity, &outbuf->subject, NULL);





	if (read_ret != 0) {
		return(-1);
	}

	return(0);
}

................................................................................

	if (outbuf) {
		*outbuf = x509.serial_number.asn1rep;
	}

	return(x509.serial_number.asn1rep_len);
}

























/*
 * http://www.blackberry.com/developers/docs/4.6.0api/javax/microedition/pki/Certificate.html
 */
static const char *_x509_objectid_to_label_string(void *buf, size_t buflen) {
	switch (buflen) {
		case 3:







>
>
>
>
|







 







>
>
>
>
>







 







|
>
>
>
>
>







 







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
..
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
...
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
...
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
		struct asn1_object certificate;
			struct asn1_object version;
			struct asn1_object serial_number;
			struct asn1_object signature_algo;
			struct asn1_object issuer;
			struct asn1_object validity;
			struct asn1_object subject;
			struct asn1_object pubkeyinfo;
				struct asn1_object pubkey_algoid;
					struct asn1_object pubkey_algo;
					struct asn1_object pubkey_algoparm;
				struct asn1_object pubkey;
};

static int _asn1_x509_read_asn1_object(unsigned char *buf, size_t buflen, va_list *args) {
	unsigned char small_object_size;
	unsigned char *buf_p;
	struct asn1_object *outbuf;

................................................................................

	outbuf->tag = *buf_p;
	buf_p++;
	buflen--;
	if (buflen == 0) {
		return(-1);
	}

	/* NULL Tag -- no size is required */
	if (outbuf->tag == 0x00) {
		return(_asn1_x509_read_asn1_object(buf_p, buflen, args));
	}

	small_object_size = *buf_p;
	buf_p++;
	buflen--;
	if (buflen == 0) {
		return(-1);
	}
................................................................................
	}

	read_ret = asn1_x509_read_asn1_object(outbuf->wholething.contents, outbuf->wholething.size, &outbuf->certificate, NULL);
	if (read_ret != 0) {
		return(-1);
	}

	read_ret = asn1_x509_read_asn1_object(outbuf->certificate.contents, outbuf->certificate.size, &outbuf->version, &outbuf->serial_number, &outbuf->signature_algo, &outbuf->issuer, &outbuf->validity, &outbuf->subject, &outbuf->pubkeyinfo, NULL);
	if (read_ret != 0) {
		return(-1);
	}

	read_ret = asn1_x509_read_asn1_object(outbuf->pubkeyinfo.contents, outbuf->pubkeyinfo.size, &outbuf->pubkey_algoid, &outbuf->pubkey, NULL);
	if (read_ret != 0) {
		return(-1);
	}

	return(0);
}

................................................................................

	if (outbuf) {
		*outbuf = x509.serial_number.asn1rep;
	}

	return(x509.serial_number.asn1rep_len);
}

ssize_t x509_to_keysize(void *x509_der_buf, size_t x509_der_buf_len) {
	struct asn1_object null, pubkey, modulus, exponent;
	struct x509_object x509;
	int read_ret;

	read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
	if (read_ret != 0) {
		return(-1);
	}

	/* The structure of "pubkey" is specified in PKCS #1 */
	read_ret = asn1_x509_read_asn1_object(x509.pubkey.contents, x509.pubkey.size, &null, &pubkey, NULL);
	if (read_ret != 0) {
		return(-1);
	}

	read_ret = asn1_x509_read_asn1_object(pubkey.contents, pubkey.size, &modulus, &exponent, NULL);
	if (read_ret != 0) {
		return(-1);
	}

	return(modulus.size - 1);
}

/*
 * http://www.blackberry.com/developers/docs/4.6.0api/javax/microedition/pki/Certificate.html
 */
static const char *_x509_objectid_to_label_string(void *buf, size_t buflen) {
	switch (buflen) {
		case 3:

Modified asn1-x509.h from [73df2a78e9] to [40a1fc466e].

11
12
13
14
15
16
17


18
19
20
21
#endif

ssize_t x509_to_subject(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);

ssize_t x509_to_issuer(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);

ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);



ssize_t x509_dn_to_string(void *asn1_der_buf, size_t asn1_der_buf_len, char *outbuf, size_t outbuf_len, char *matchlabel);

#endif







>
>




11
12
13
14
15
16
17
18
19
20
21
22
23
#endif

ssize_t x509_to_subject(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);

ssize_t x509_to_issuer(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);

ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);

ssize_t x509_to_keysize(void *x509_der_buf, size_t x509_der_buf_len);

ssize_t x509_dn_to_string(void *asn1_der_buf, size_t asn1_der_buf_len, char *outbuf, size_t outbuf_len, char *matchlabel);

#endif

Modified cackey.c from [6b8855e22d] to [e6d26b97df].

461
462
463
464
465
466
467


468
469
470
471
472
473
474
....
1774
1775
1776
1777
1778
1779
1780

1781
1782
1783
1784
1785
1786
1787
....
1829
1830
1831
1832
1833
1834
1835


1836


1837
1838
1839
1840
1841
1842
1843
....
1875
1876
1877
1878
1879
1880
1881








































1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892










1893
1894
1895






1896
1897
1898
1899
1900
1901










1902
1903
1904
1905
1906
1907
1908
....
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
	unsigned char applet[7];
	uint16_t file;

	unsigned char *label;

	size_t certificate_len;
	unsigned char *certificate;


};

struct cackey_identity {
	struct cackey_pcsc_identity *pcsc_identity;

	CK_ATTRIBUTE *attributes;
	CK_ULONG attributes_count;
................................................................................

			curr_id = &certs[outidx];
			outidx++;

			memcpy(curr_id->applet, curr_aid, sizeof(curr_id->applet));
			curr_id->file = ccc_curr->value_cardurl->objectid;
			curr_id->label = NULL;


			CACKEY_DEBUG_PRINTF("Filling curr_id->applet (%p) with %lu bytes:", curr_id->applet, (unsigned long) sizeof(curr_id->applet));
			CACKEY_DEBUG_PRINTBUF("VAL:", curr_id->applet, sizeof(curr_id->applet));

			curr_id->certificate_len = app_curr->length;

			curr_id->certificate = malloc(curr_id->certificate_len);
................................................................................
 *     ...
 *
 * NOTES
 *     ...
 *
 */
static ssize_t cackey_signdecrypt(struct cackey_slot *slot, struct cackey_identity *identity, unsigned char *buf, size_t buflen, unsigned char *outbuf, size_t outbuflen) {


	cackey_ret send_ret;


	int le;

	CACKEY_DEBUG_PRINTF("Called.");

	if (buflen > 255) {
		CACKEY_DEBUG_PRINTF("Error.  buflen is greater than 255 (buflen = %lu)", (unsigned long) buflen);

................................................................................
	}

	if (identity->pcsc_identity == NULL) {
		CACKEY_DEBUG_PRINTF("Error.  identity->pcsc_identity is NULL");

		return(-1);
	}









































	/* Begin transaction */
	cackey_begin_transaction(slot);

	/* Select correct applet */
	CACKEY_DEBUG_PRINTF("Selecting applet found at %p ...", identity->pcsc_identity->applet);
	cackey_select_applet(slot, identity->pcsc_identity->applet, sizeof(identity->pcsc_identity->applet));

	/* Select correct file */
	cackey_select_file(slot, identity->pcsc_identity->file);











	send_ret = cackey_send_apdu(slot, GSCIS_CLASS_GLOBAL_PLATFORM, GSCIS_INSTR_SIGNDECRYPT, 0x00, 0x00, buflen, buf, le, NULL, outbuf, &outbuflen);
	if (send_ret != CACKEY_PCSC_S_OK) {
		CACKEY_DEBUG_PRINTF("ADPU Sending Failed -- returning in error.");







		/* End transaction */
		cackey_end_transaction(slot);

		return(-1);
	}











	/* End transaction */
	cackey_end_transaction(slot);

#ifdef CACKEY_PARANOID
#  ifdef _POSIX_SSIZE_MAX
	if (outbuflen > _POSIX_SSIZE_MAX) {
................................................................................

	bytes_to_copy = strlen(cackey_slots[slotID].pcsc_reader);
	if (sizeof(pInfo->manufacturerID) < bytes_to_copy) {
		bytes_to_copy = sizeof(pInfo->manufacturerID);
	}
	memcpy(pInfo->manufacturerID, cackey_slots[slotID].pcsc_reader, bytes_to_copy);

	pInfo->flags = CKF_REMOVABLE_DEVICE;

	if (cackey_token_present(&cackey_slots[slotID]) == CACKEY_PCSC_S_TOKENPRESENT) {
		pInfo->flags |= CKF_TOKEN_PRESENT;
	}

	pInfo->hardwareVersion.major = (cackey_getversion() >> 16) & 0xff;
	pInfo->hardwareVersion.minor = (cackey_getversion() >> 8) & 0xff;







>
>







 







>







 







>
>

>
>







 







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>











>
>
>
>
>
>
>
>
>
>
|
|
|
>
>
>
>
>
>






>
>
>
>
>
>
>
>
>
>







 







|







461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
....
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
....
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
....
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
....
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
	unsigned char applet[7];
	uint16_t file;

	unsigned char *label;

	size_t certificate_len;
	unsigned char *certificate;

	ssize_t keysize;
};

struct cackey_identity {
	struct cackey_pcsc_identity *pcsc_identity;

	CK_ATTRIBUTE *attributes;
	CK_ULONG attributes_count;
................................................................................

			curr_id = &certs[outidx];
			outidx++;

			memcpy(curr_id->applet, curr_aid, sizeof(curr_id->applet));
			curr_id->file = ccc_curr->value_cardurl->objectid;
			curr_id->label = NULL;
			curr_id->keysize = -1;

			CACKEY_DEBUG_PRINTF("Filling curr_id->applet (%p) with %lu bytes:", curr_id->applet, (unsigned long) sizeof(curr_id->applet));
			CACKEY_DEBUG_PRINTBUF("VAL:", curr_id->applet, sizeof(curr_id->applet));

			curr_id->certificate_len = app_curr->length;

			curr_id->certificate = malloc(curr_id->certificate_len);
................................................................................
 *     ...
 *
 * NOTES
 *     ...
 *
 */
static ssize_t cackey_signdecrypt(struct cackey_slot *slot, struct cackey_identity *identity, unsigned char *buf, size_t buflen, unsigned char *outbuf, size_t outbuflen) {
	unsigned char *tmpbuf, *tmpbuf_s;
	unsigned char bytes_to_send, p1;
	cackey_ret send_ret;
	size_t tmpbuflen, padlen;
	int free_tmpbuf = 0;
	int le;

	CACKEY_DEBUG_PRINTF("Called.");

	if (buflen > 255) {
		CACKEY_DEBUG_PRINTF("Error.  buflen is greater than 255 (buflen = %lu)", (unsigned long) buflen);

................................................................................
	}

	if (identity->pcsc_identity == NULL) {
		CACKEY_DEBUG_PRINTF("Error.  identity->pcsc_identity is NULL");

		return(-1);
	}

	/* Determine identity Key size */
	if (identity->pcsc_identity->keysize < 0) {
		identity->pcsc_identity->keysize = x509_to_keysize(identity->pcsc_identity->certificate, identity->pcsc_identity->certificate_len);
	}

	/* Pad message to key size */
	if (identity->pcsc_identity->keysize > 0) {
		if (buflen != identity->pcsc_identity->keysize) {
			if (buflen > (identity->pcsc_identity->keysize + 3)) {
				CACKEY_DEBUG_PRINTF("Error.  Message is too large to sign/decrypt");

				return(-1);
			}

			tmpbuflen = identity->pcsc_identity->keysize;
			tmpbuf = malloc(tmpbuflen);
			free_tmpbuf = 1;

			padlen = tmpbuflen - buflen - 3;

			tmpbuf[0] = 0x00;
			tmpbuf[1] = 0x01;
			memset(&tmpbuf[2], 0xFF, padlen);
			tmpbuf[padlen]= 0x00;
			memcpy(&tmpbuf[padlen + 1], buf, buflen);
		} else {
			tmpbuf = buf;
			tmpbuflen = buflen;
			free_tmpbuf = 0;
			padlen = 0;
		}
	} else {
		CACKEY_DEBUG_PRINTF("Unable to determine key size, hoping the message is properly padded!");

		tmpbuf = buf;
		tmpbuflen = buflen;
		free_tmpbuf = 0;
		padlen = 0;
	}

	/* Begin transaction */
	cackey_begin_transaction(slot);

	/* Select correct applet */
	CACKEY_DEBUG_PRINTF("Selecting applet found at %p ...", identity->pcsc_identity->applet);
	cackey_select_applet(slot, identity->pcsc_identity->applet, sizeof(identity->pcsc_identity->applet));

	/* Select correct file */
	cackey_select_file(slot, identity->pcsc_identity->file);

	tmpbuf_s = tmpbuf;
	while (tmpbuflen) {
		if (tmpbuflen > 245) {
			bytes_to_send = 245;
			p1 = 0x80;
		} else {
			bytes_to_send = tmpbuflen;
			p1 = 0x00;
		}

		send_ret = cackey_send_apdu(slot, GSCIS_CLASS_GLOBAL_PLATFORM, GSCIS_INSTR_SIGNDECRYPT, p1, 0x00, bytes_to_send, tmpbuf, le, NULL, outbuf, &outbuflen);
		if (send_ret != CACKEY_PCSC_S_OK) {
			CACKEY_DEBUG_PRINTF("ADPU Sending Failed -- returning in error.");

			if (free_tmpbuf) {
				if (tmpbuf_s) {
					free(tmpbuf_s);
				}
			}

			/* End transaction */
			cackey_end_transaction(slot);

			return(-1);
		}

		tmpbuf += bytes_to_send;
		tmpbuflen -= bytes_to_send;
	}

	if (free_tmpbuf) {
		if (tmpbuf_s) {
			free(tmpbuf_s);
		}
	}

	/* End transaction */
	cackey_end_transaction(slot);

#ifdef CACKEY_PARANOID
#  ifdef _POSIX_SSIZE_MAX
	if (outbuflen > _POSIX_SSIZE_MAX) {
................................................................................

	bytes_to_copy = strlen(cackey_slots[slotID].pcsc_reader);
	if (sizeof(pInfo->manufacturerID) < bytes_to_copy) {
		bytes_to_copy = sizeof(pInfo->manufacturerID);
	}
	memcpy(pInfo->manufacturerID, cackey_slots[slotID].pcsc_reader, bytes_to_copy);

	pInfo->flags = CKF_REMOVABLE_DEVICE | CKF_HW_SLOT;

	if (cackey_token_present(&cackey_slots[slotID]) == CACKEY_PCSC_S_TOKENPRESENT) {
		pInfo->flags |= CKF_TOKEN_PRESENT;
	}

	pInfo->hardwareVersion.major = (cackey_getversion() >> 16) & 0xff;
	pInfo->hardwareVersion.minor = (cackey_getversion() >> 8) & 0xff;