| ︙ | | |
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
|
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
|
+
+
+
+
+
+
+
+
+
+
+
|
argv = argv;
}
#else /* CACKEY_TEST_AFL */
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
static unsigned char *inputData;
static unsigned long inputDataLen;
/* Include the CACKey source */
#include "cackey.c"
#undef CACKEY_DEBUG_PRINTF
#define CACKEY_DEBUG_PRINTF(x...) /**/
#undef malloc
#undef realloc
#undef strdup
/* Fake a smartcard */
const SCARD_IO_REQUEST g_rgSCardT0Pci, g_rgSCardT1Pci;
static int scard_inTransaction = 0;
static LONG scard_protocol;
PCSC_API LONG SCardEstablishContext(DWORD dwScope, LPCVOID pvReserved1, LPCVOID pvReserved2, LPSCARDCONTEXT phContext) {
CACKEY_DEBUG_PRINTF("Called");
*phContext = 42;
return(SCARD_S_SUCCESS);
|
| ︙ | | |
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
|
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
|
+
+
+
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+
+
+
+
+
+
|
}
return(SCARD_S_SUCCESS);
}
PCSC_API LONG SCardTransmit(SCARDHANDLE hCard, const SCARD_IO_REQUEST *pioSendPci, LPCBYTE pbSendBuffer, DWORD cbSendLength, SCARD_IO_REQUEST *pioRecvPci, LPBYTE pbRecvBuffer, LPDWORD pcbRecvLength) {
CACKEY_DEBUG_PRINTF("Called");
unsigned int bytesToRead;
if (hCard != 99) {
return(SCARD_E_INVALID_HANDLE);
}
if (inputDataLen <= 1) {
*pcbRecvLength = 0;
pbRecvBuffer[0] = 0x90;
pbRecvBuffer[1] = 0x00;
*pcbRecvLength = 2;
*pcbRecvLength = bytesToRead;
memcpy(pbRecvBuffer, inputData, bytesToRead);
inputData += bytesToRead;
inputDataLen -= bytesToRead;
return(SCARD_S_SUCCESS);
}
/* American Fuzzy Lop testing program */
int main(int argc, char **argv) {
CK_FUNCTION_LIST_PTR pFunctionList;
|
| ︙ | | |
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
|
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
|
-
+
-
+
+
+
-
+
-
+
+
|
CK_ULONG byte_idx;
CK_OBJECT_CLASS objectClass;
CK_BYTE signature[1024];
CK_ULONG signature_len;
CK_MECHANISM mechanism = {CKM_RSA_PKCS, NULL, 0};
CK_RV chk_rv;
ssize_t read_ret;
char data[8192], *fileName = NULL;
char *fileName = NULL;
unsigned long data_len;
read_ret = read(fd, data, sizeof(data));
read_ret = read(fd, inputData, inputDataLen);
if (read_ret < 0) {
goto cleanup;
}
data_len = read_ret;
inputDataLen = read_ret;
inputData = realloc(inputData, inputDataLen);
close(fd);
chk_rv = C_GetFunctionList(&pFunctionList);
if (chk_rv != CKR_OK) {
printf("C_GetFunctionList() failed.");
|
| ︙ | | |
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
|
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
|
-
+
|
}
for (currPrivKey = privateKeyObjects_root; *currPrivKey != CK_INVALID_HANDLE; currPrivKey++) {
chk_rv = C_SignInit(hSession, &mechanism, *currPrivKey);
if (chk_rv == CKR_OK) {
signature_len = sizeof(signature);
chk_rv = C_Sign(hSession, (CK_BYTE_PTR) data, data_len, (CK_BYTE_PTR) &signature, &signature_len);
chk_rv = C_Sign(hSession, (CK_BYTE_PTR) "Test", 4, (CK_BYTE_PTR) &signature, &signature_len);
if (chk_rv == CKR_OK) {
printf("[%04lu/%02lx] Signature: ", (unsigned long) *currPrivKey, (unsigned long) mechanism.mechanism);
for (byte_idx = 0; byte_idx < signature_len; byte_idx++) {
printf("%02x ", (unsigned int) signature[byte_idx]);
}
|
| ︙ | | |