Author: jmagne
Update of /cvs/dirsec/coolkey/src/libckyapplet In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29025
Modified Files: cky_applet.c cky_applet.h cky_factory.c cky_factory.h Log Message: Add support for 2048 bit keys, #485829.
Index: cky_applet.c =================================================================== RCS file: /cvs/dirsec/coolkey/src/libckyapplet/cky_applet.c,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- cky_applet.c 9 Jun 2006 18:44:17 -0000 1.1 +++ cky_applet.c 19 Feb 2009 02:03:08 -0000 1.2 @@ -134,6 +134,13 @@ /* Future add WriteObject */
CKYStatus +CKYAppletFactory_WriteObject(CKYAPDU *apdu, const void *param) +{ + const CKYAppletArgWriteObject *wos = (const CKYAppletArgWriteObject *)param; + return CKYAPDUFactory_WriteObject(apdu,wos->objectID,wos->offset,wos->size,wos->data); +} + +CKYStatus CKYAppletFactory_CreateObject(CKYAPDU *apdu, const void *param) { const CKYAppletArgCreateObject *cos=(const CKYAppletArgCreateObject *)param; @@ -192,7 +199,6 @@ { return CKYAPDUFactory_GetLifeCycleV2(apdu); } - CKYStatus CKYAppletFactory_GetRandom(CKYAPDU *apdu, const void *param) { @@ -725,24 +731,48 @@ CKYAppletArgComputeCrypt ccd; CKYBuffer empty; CKYISOStatus status; + short dataSize = 0; int use2APDUs = 0; + int use_dl_object = CKYBuffer_Size(data) > 200 ;
CKYBuffer_InitEmpty(&empty); ccd.keyNumber = keyNumber; ccd.mode = mode; ccd.direction = direction; - ccd.location = CKY_DL_APDU; + ccd.location = use_dl_object ? CKY_DL_OBJECT : CKY_DL_APDU;
if (!apduRC) apduRC = &status;
+ if (use_dl_object) { + CKYBuffer sizeBuf; + + CKYBuffer_InitEmpty(&sizeBuf); + CKYBuffer_AppendShort(&sizeBuf, CKYBuffer_Size(data)); + + ret = CKYApplet_WriteObjectFull(conn, 0xffffffff, + 0, CKYBuffer_Size(&sizeBuf), nonce, + &sizeBuf, apduRC); + + CKYBuffer_FreeData(&sizeBuf); + if( ret != CKYSUCCESS) + goto fail; + + ret = CKYApplet_WriteObjectFull(conn, 0xffffffff, + 2, CKYBuffer_Size(data), nonce, + data, apduRC); + + if(ret != CKYSUCCESS) + goto fail; + } + if (mode == CKY_RSA_NO_PAD) { - ccd.data = data; + ccd.data = use_dl_object ? &empty : data; ccd.sig = sig; ret = CKYApplet_HandleAPDU(conn, CKYAppletFactory_ComputeCryptOneStep, &ccd, nonce, CKY_SIZE_UNKNOWN, ckyAppletFill_ComputeCryptFinal, - result, apduRC); + use_dl_object ? NULL : result, apduRC); if (ret == CKYAPDUFAIL && *apduRC == CKYISO_INCORRECT_P2) { use2APDUs = 1; /* maybe it's an old applet */ } @@ -759,13 +789,38 @@ CKYAppletFactory_ComputeCryptInit, &ccd, nonce, 0, CKYAppletFill_Null, NULL, apduRC); if (ret == CKYSUCCESS) { - ccd.data = data; + ccd.data = use_dl_object ? &empty : data; ret = CKYApplet_HandleAPDU(conn, CKYAppletFactory_ComputeCryptFinal, &ccd, nonce, CKY_SIZE_UNKNOWN, ckyAppletFill_ComputeCryptFinal, - result, apduRC); + use_dl_object ? NULL : result, apduRC); } } + + if (use_dl_object && ret == CKYSUCCESS) { + CKYBuffer sizeOutBuf; + CKYBuffer_InitEmpty(&sizeOutBuf); + + ret = CKYApplet_ReadObjectFull(conn,0xffffffff, + 0, 2, + nonce,&sizeOutBuf,apduRC); + + if(ret != CKYSUCCESS) { + CKYBuffer_FreeData(&sizeOutBuf); + goto fail; + } + + dataSize = CKYBuffer_GetShort(&sizeOutBuf, 0); + + CKYBuffer_FreeData(&sizeOutBuf); + + ret = CKYApplet_ReadObjectFull(conn,0xffffffff, + 2, dataSize, + nonce,result,apduRC); + } + +fail: + return ret; }
@@ -1036,6 +1091,44 @@ }
/* + * Write Object + * This makes multiple APDU calls to write the entire object. + * + */ + +CKYStatus +CKYApplet_WriteObjectFull(CKYCardConnection *conn, unsigned long objectID, + CKYOffset offset, CKYSize size, const CKYBuffer *nonce, + const CKYBuffer *data, CKYISOStatus *apduRC) +{ + + CKYBuffer chunk; + CKYOffset srcOffset = 0; + CKYAppletArgWriteObject wod; + CKYStatus ret = CKYSUCCESS; + + wod.objectID = objectID; + wod.offset = offset; + do { + wod.size = (CKYByte) MIN(size, 220); + ret = CKYBuffer_InitFromBuffer(&chunk, data, + srcOffset, wod.size); + if(ret == CKYSUCCESS) { + wod.data = &chunk; + ret = CKYApplet_HandleAPDU(conn, CKYAppletFactory_WriteObject, &wod, + nonce, 0, CKYAppletFill_Null, NULL, apduRC); + size -= wod.size; + wod.offset += wod.size; + srcOffset += wod.size; + CKYBuffer_FreeData(&chunk); + } + + } while ((size > 0) && (ret == CKYSUCCESS)); + + return ret; +} + +/* * List Object cluster */ static CKYStatus
Index: cky_applet.h =================================================================== RCS file: /cvs/dirsec/coolkey/src/libckyapplet/cky_applet.h,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- cky_applet.h 9 Jun 2006 18:44:17 -0000 1.1 +++ cky_applet.h 19 Feb 2009 02:03:08 -0000 1.2 @@ -192,6 +192,14 @@ CKYByte size; } CKYAppletArgReadObject;
+typedef struct _CKYAppletArgWriteObject { + unsigned long objectID; + CKYOffset offset; + CKYByte size; + CKYBuffer *data; + +} CKYAppletArgWriteObject; + typedef struct _CKYAppletArgComputeCrypt { CKYByte keyNumber; CKYByte mode; @@ -250,6 +258,8 @@ /* param == CKYByte * (pointer to pinNumber) */ CKYStatus CKYAppletFactory_Logout(CKYAPDU *apdu, const void *param); /* Future add WriteObject */ +/* parm == CKYAppletArgWriteObject */ +CKYStatus CKYAppletFactory_WriteObject(CKYAPDU *apdu, const void *param); /* param == CKYAppletArgCreateObject */ CKYStatus CKYAppletFactory_CreateObject(CKYAPDU *apdu, const void *param); /* param == CKYAppletArgDeleteObject */ @@ -482,6 +492,17 @@ CKYStatus CKYApplet_ReadObjectFull(CKYCardConnection *conn, unsigned long objectID, CKYOffset offset, CKYSize size, const CKYBuffer *nonce, CKYBuffer *data, CKYISOStatus *apduRC); +/* + * There is 1 write command: + * CKYApplet_WriteObjectFull can write an entire data object. It makes multiple + * apdu calls in order to write the full amount into the buffer. The buffer is + * overwritten. +*/ + +CKYStatus CKYApplet_WriteObjectFull(CKYCardConnection *conn, + unsigned long objectID, CKYOffset offset, CKYSize size, + const CKYBuffer *nonce, const CKYBuffer *data, CKYISOStatus *apduRC); + CKYStatus CKYApplet_ListObjects(CKYCardConnection *conn, CKYByte seq, CKYAppletRespListObjects *lop, CKYISOStatus *apduRC); CKYStatus CKYApplet_GetStatus(CKYCardConnection *conn,
Index: cky_factory.c =================================================================== RCS file: /cvs/dirsec/coolkey/src/libckyapplet/cky_factory.c,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- cky_factory.c 9 Jun 2006 18:44:17 -0000 1.1 +++ cky_factory.c 19 Feb 2009 02:03:08 -0000 1.2 @@ -190,8 +190,11 @@ CKYSize len; CKYBuffer buf;
- if (!idata || !(len = CKYBuffer_Size(idata)) || location != CKY_DL_APDU) - return ret; + if (!idata) + return ret; + + if (!(len = CKYBuffer_Size(idata)) && location != CKY_DL_OBJECT) + return ret;
CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY); CKYAPDU_SetINS(apdu, CKY_INS_COMPUTE_CRYPT); @@ -314,8 +317,6 @@ return CKYSUCCESS; }
-/* Future add WriteObject */ - CKYStatus CKYAPDUFactory_CreateObject(CKYAPDU *apdu, unsigned long objectID, CKYSize size, unsigned short readACL, unsigned short writeACL, unsigned short deleteACL) @@ -419,6 +420,58 @@ }
CKYStatus +CKYAPDUFactory_WriteObject(CKYAPDU *apdu, unsigned long objectID, + CKYOffset offset,CKYSize size,CKYBuffer *data) +{ + CKYBuffer buf; + CKYStatus ret = CKYSUCCESS; + unsigned short dataSize = 0; + + CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY); + CKYAPDU_SetINS(apdu, CKY_INS_WRITE_OBJ); + CKYAPDU_SetP1(apdu, 0x00); + CKYAPDU_SetP2(apdu, 0x00); + CKYBuffer_InitEmpty(&buf); + + dataSize = (unsigned short) CKYBuffer_Size(data); + + if(!dataSize) { + ret = CKYINVALIDARGS; + goto fail; + } + + ret = CKYBuffer_AppendLong(&buf,objectID); + if (ret != CKYSUCCESS) { + goto fail; + } + ret = CKYBuffer_AppendLong(&buf,offset); + if (ret != CKYSUCCESS) { + goto fail; + } + ret = CKYBuffer_AppendChar(&buf, size); + if (ret != CKYSUCCESS) { + goto fail; + } + + ret = CKYAPDU_SetSendDataBuffer(apdu,&buf); + + if (ret != CKYSUCCESS) { + goto fail; + } + + ret = CKYAPDU_AppendSendDataBuffer(apdu, data); + + if (ret != CKYSUCCESS) { + goto fail; + } + +fail: + CKYBuffer_FreeData(&buf); + return ret; + +} + +CKYStatus CKYAPDUFactory_ListObjects(CKYAPDU *apdu, CKYByte sequence) { CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY);
Index: cky_factory.h =================================================================== RCS file: /cvs/dirsec/coolkey/src/libckyapplet/cky_factory.h,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- cky_factory.h 9 Jun 2006 18:44:17 -0000 1.1 +++ cky_factory.h 19 Feb 2009 02:03:08 -0000 1.2 @@ -190,7 +190,8 @@ const char *oldPin, const char *newPin); CKYStatus CKYAPDUFactory_ListPINs(CKYAPDU *apdu); CKYStatus CKYAPDUFactory_Logout(CKYAPDU *apdu, CKYByte pinNumber); - +CKYStatus CKYAPDUFactory_WriteObject(CKYAPDU *apdu, unsigned long objectID, + CKYOffset offset,CKYSize size,CKYBuffer *data); /* Future add WriteObject */ CKYStatus CKYAPDUFactory_CreateObject(CKYAPDU *apdu, unsigned long objectID, CKYSize size, unsigned short readACL, unsigned short writeACL,
389-commits@lists.fedoraproject.org