Add support for 2048 bit keys, #485829.

git-svn-id: http://svn.fedorahosted.org/svn/coolkey/trunk@77 fba4d07e-fe0f-4d7f-8147-e0026e666dc0
author: jmagne <jmagne@fba4d07e-fe0f-4d7f-8147-e0026e666dc0> 2009-02-19 02:06:31 +0000
committer: jmagne <jmagne@fba4d07e-fe0f-4d7f-8147-e0026e666dc0> 2009-02-19 02:06:31 +0000
commit: 365857f8dbb3baf30390799b2b040a1b350c0c5f (patch)
tree: 7b1ab9c97ca26d7f7cdaa780cf4e4246a438c882
parent: 51adf01a08aedd143927eb091491123f083f707f (diff)
6 files changed, 241 insertions, 19 deletions
diff --git a/src/coolkey/slot.cpp b/src/coolkey/slot.cpp
index 8792d5a..1fb4a0d 100644
--- a/src/coolkey/slot.cpp
+++ b/src/coolkey/slot.cpp
@@ -1331,6 +1331,19 @@ class ObjectHandleMatch {
     }
 };
 
+class KeyNumMatch {
+  private:
+    CKYByte keyNum;
+    const Slot &slot;
+  public:
+    KeyNumMatch(CKYByte keyNum_, const Slot &s) : keyNum(keyNum_), slot(s) { }
+    bool operator() (const PKCS11Object& obj) {
+        unsigned long objID = obj.getMuscleObjID();
+        return (slot.getObjectClass(objID) == 'k')
+               && (slot.getObjectIndex(objID) == keyNum);
+    }
+};
+
 class ObjectCertCKAIDMatch {
   private:
     CKYByte cka_id;
@@ -3066,8 +3079,9 @@ Slot::sign(SessionHandleSuffix suffix, CK_BYTE_PTR pData,
         CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
         CK_ULONG_PTR pulSignatureLen)
 {
+    RSASignatureParams params(CryptParams::DEFAULT_KEY_SIZE);
     cryptRSA(suffix, pData, ulDataLen, pSignature, pulSignatureLen,
-        RSASignatureParams(CryptParams::FIXED_KEY_SIZE));
+        params);
 }
 
 void
@@ -3075,14 +3089,15 @@ Slot::decrypt(SessionHandleSuffix suffix, CK_BYTE_PTR pData,
         CK_ULONG ulDataLen, CK_BYTE_PTR pDecryptedData,
         CK_ULONG_PTR pulDecryptedDataLen)
 {
+    RSADecryptParams params(CryptParams::DEFAULT_KEY_SIZE);
     cryptRSA(suffix, pData, ulDataLen, pDecryptedData, pulDecryptedDataLen,
-        RSADecryptParams(CryptParams::FIXED_KEY_SIZE));
+        params);
 }
 
 void
 Slot::cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,
         CK_ULONG ulInputLen, CK_BYTE_PTR pOutput,
-        CK_ULONG_PTR pulOutputLen, const CryptParams& params)
+        CK_ULONG_PTR pulOutputLen, CryptParams& params)
 {
     refreshTokenState();
     SessionIter session = findSession(suffix);
@@ -3100,6 +3115,11 @@ Slot::cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,
     CKYBuffer *result = &opState.result;
     CKYByte keyNum = opState.keyNum;
 
+    unsigned int keySize = getKeySize(keyNum);
+
+    if(keySize != CryptParams::DEFAULT_KEY_SIZE)
+        params.setKeySize(keySize);
+
     if( CKYBuffer_Size(result) == 0 ) {
         // we haven't already peformed the decryption, so do it now.
         if( pInput == NULL || ulInputLen == 0) {
@@ -3302,3 +3322,36 @@ Slot::generateRandom(SessionHandleSuffix suffix, const CK_BYTE_PTR pData,
 	throw PKCS11Exception(CKR_DEVICE_ERROR);
     }
 }
+
+#define MAX_NUM_KEYS 8
+unsigned int
+Slot::getKeySize(CKYByte keyNum)
+{
+    unsigned int keySize = CryptParams::DEFAULT_KEY_SIZE;
+    int modSize = 0;
+
+    if(keyNum >= MAX_NUM_KEYS) {
+        return keySize;
+    }
+
+    ObjectConstIter iter;
+    iter = find_if(tokenObjects.begin(), tokenObjects.end(),
+        KeyNumMatch(keyNum,*this));
+
+    if( iter == tokenObjects.end() ) {
+        return keySize;
+    }
+
+    CKYBuffer const *modulus = iter->getAttribute(CKA_MODULUS);
+
+    if(modulus) {
+        modSize = CKYBuffer_Size(modulus);
+        if(CKYBuffer_GetChar(modulus,0) == 0x0) {
+            modSize--;
+        }
+        if(modSize > 0)
+            keySize = modSize * 8;
+    }
+
+    return keySize;
+}
diff --git a/src/coolkey/slot.h b/src/coolkey/slot.h
index 9edb083..6a1a086 100644
--- a/src/coolkey/slot.h
+++ b/src/coolkey/slot.h
@@ -270,10 +270,9 @@ class CryptParams {
   protected:
     unsigned int getKeySize() const { return keySize; }
   public:
-    // !!!XXX hack. The right way to get the key size is to get all the
-    // key information from the token with MSCListKeys, the same way
-    // we get all the object information with MSCListObjects.
-    enum { FIXED_KEY_SIZE = 1024 };
+    // set the actual key size obtained from the card
+    void setKeySize(unsigned int newKeySize) { keySize = newKeySize; }
+    enum { DEFAULT_KEY_SIZE = 1024 };
 
 
     CryptParams(unsigned int keySize_) : keySize(keySize_) { }
@@ -422,7 +421,7 @@ class Slot {
 
     void cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,
         CK_ULONG ulInputLen, CK_BYTE_PTR pOutput,
-        CK_ULONG_PTR pulOutputLen, const CryptParams& params);
+        CK_ULONG_PTR pulOutputLen, CryptParams& params);
 
     void performRSAOp(CKYBuffer *out, const CKYBuffer *input, CKYByte keyNum, 
 							     CKYByte direction);
@@ -460,6 +459,8 @@ class Slot {
         return (char )((objectID >> 16) & 0xff) - '0';
     }
 
+    // actually get the size of a key in bits from the card
+    unsigned int getKeySize(CKYByte keyNum);
 
     SessionHandleSuffix openSession(Session::Type type);
     void closeSession(SessionHandleSuffix handleSuffix);
diff --git a/src/libckyapplet/cky_applet.c b/src/libckyapplet/cky_applet.c
index 2cc3849..7c85b07 100644
--- a/src/libckyapplet/cky_applet.c
+++ b/src/libckyapplet/cky_applet.c
@@ -134,6 +134,13 @@ CKYAppletFactory_Logout(CKYAPDU *apdu, const void *param)
 /* Future add WriteObject */
 
 CKYStatus
+CKYAppletFactory_WriteObject(CKYAPDU *apdu, const void *param)
+{
+    const CKYAppletArgWriteObject *wos = (const CKYAppletArgWriteObject *)param;
+    return CKYAPDUFactory_WriteObject(apdu,wos->objectID,wos->offset,wos->size,wos->data);
+}
+
+CKYStatus
 CKYAppletFactory_CreateObject(CKYAPDU *apdu, const void *param)
 {
     const CKYAppletArgCreateObject *cos=(const CKYAppletArgCreateObject *)param;
@@ -192,7 +199,6 @@ CKYAppletFactory_GetLifeCycleV2(CKYAPDU *apdu, const void *param)
 {
     return CKYAPDUFactory_GetLifeCycleV2(apdu);
 }
-
 CKYStatus
 CKYAppletFactory_GetRandom(CKYAPDU *apdu, const void *param)
 {
@@ -725,24 +731,48 @@ CKYApplet_ComputeCrypt(CKYCardConnection *conn, CKYByte keyNumber,
     CKYAppletArgComputeCrypt ccd;
     CKYBuffer    empty;
     CKYISOStatus status;
+    short       dataSize = 0;
     int         use2APDUs = 0;
+    int 	use_dl_object =  CKYBuffer_Size(data) > 200 ;
 
     CKYBuffer_InitEmpty(&empty);
     ccd.keyNumber = keyNumber;
     ccd.mode      = mode;
     ccd.direction = direction;
-    ccd.location  = CKY_DL_APDU;
+    ccd.location  = use_dl_object ? CKY_DL_OBJECT : CKY_DL_APDU;
 
     if (!apduRC)
     	apduRC = &status;
 
+    if (use_dl_object) {
+	CKYBuffer  sizeBuf;
+ 
+	CKYBuffer_InitEmpty(&sizeBuf);
+	CKYBuffer_AppendShort(&sizeBuf, CKYBuffer_Size(data));
+
+        ret = CKYApplet_WriteObjectFull(conn, 0xffffffff,
+                  0, CKYBuffer_Size(&sizeBuf), nonce,
+                  &sizeBuf, apduRC);
+
+        CKYBuffer_FreeData(&sizeBuf);
+        if( ret != CKYSUCCESS)
+           goto fail;
+
+        ret = CKYApplet_WriteObjectFull(conn, 0xffffffff,
+                  2, CKYBuffer_Size(data), nonce,
+                  data, apduRC);
+
+        if(ret != CKYSUCCESS)
+           goto fail; 
+    }
+
     if (mode == CKY_RSA_NO_PAD) {
-	ccd.data = data;
+	ccd.data = use_dl_object ? &empty : data;
 	ccd.sig  = sig;
 	ret = CKYApplet_HandleAPDU(conn, 
 			    CKYAppletFactory_ComputeCryptOneStep, &ccd, nonce, 
 			    CKY_SIZE_UNKNOWN, ckyAppletFill_ComputeCryptFinal, 
-			    result, apduRC);
+			    use_dl_object ? NULL : result, apduRC);
     	if (ret == CKYAPDUFAIL && *apduRC == CKYISO_INCORRECT_P2) {
 	    use2APDUs = 1;  /* maybe it's an old applet */
 	}
@@ -759,13 +789,38 @@ CKYApplet_ComputeCrypt(CKYCardConnection *conn, CKYByte keyNumber,
 			    CKYAppletFactory_ComputeCryptInit, &ccd, nonce, 
 			    0, CKYAppletFill_Null, NULL, apduRC);
 	if (ret == CKYSUCCESS) {
-	    ccd.data = data;
+	    ccd.data = use_dl_object ? &empty : data;
 	    ret = CKYApplet_HandleAPDU(conn, 
 			    CKYAppletFactory_ComputeCryptFinal, &ccd, nonce, 
 			    CKY_SIZE_UNKNOWN, ckyAppletFill_ComputeCryptFinal, 
-			    result, apduRC);
+			    use_dl_object ? NULL : result, apduRC);
 	}
     }
+
+    if (use_dl_object && ret == CKYSUCCESS) {
+        CKYBuffer  sizeOutBuf;
+        CKYBuffer_InitEmpty(&sizeOutBuf);
+
+        ret = CKYApplet_ReadObjectFull(conn,0xffffffff,
+                             0, 2,
+                             nonce,&sizeOutBuf,apduRC);
+
+        if(ret != CKYSUCCESS) {
+            CKYBuffer_FreeData(&sizeOutBuf);
+            goto fail;
+        }
+
+        dataSize = CKYBuffer_GetShort(&sizeOutBuf, 0);
+
+        CKYBuffer_FreeData(&sizeOutBuf);
+
+        ret = CKYApplet_ReadObjectFull(conn,0xffffffff, 
+                             2, dataSize,
+                             nonce,result,apduRC); 
+    }
+
+fail:
+
     return ret;
 }
 
@@ -1036,6 +1091,44 @@ CKYApplet_ReadObjectFull(CKYCardConnection *conn, unsigned long objectID,
 }
 
 /*
+ * Write Object
+ * This makes multiple APDU calls to write the entire object.
+ *
+ */
+
+CKYStatus 
+CKYApplet_WriteObjectFull(CKYCardConnection *conn, unsigned long objectID,
+                  CKYOffset offset, CKYSize size, const CKYBuffer *nonce,
+                  const CKYBuffer *data, CKYISOStatus *apduRC)
+{
+
+    CKYBuffer chunk;
+    CKYOffset srcOffset = 0;
+    CKYAppletArgWriteObject wod;
+    CKYStatus ret = CKYSUCCESS;
+
+    wod.objectID = objectID;
+    wod.offset = offset;
+    do {
+        wod.size = (CKYByte) MIN(size, 220);
+        ret = CKYBuffer_InitFromBuffer(&chunk, data,
+                                       srcOffset, wod.size);
+        if(ret == CKYSUCCESS)  {
+            wod.data = &chunk;
+            ret = CKYApplet_HandleAPDU(conn, CKYAppletFactory_WriteObject, &wod,
+               nonce, 0, CKYAppletFill_Null, NULL, apduRC);
+            size -= wod.size;
+            wod.offset += wod.size;
+            srcOffset  += wod.size;
+            CKYBuffer_FreeData(&chunk);
+       }
+
+    } while ((size > 0) && (ret == CKYSUCCESS));
+
+    return ret;
+}
+
+/*
  * List Object cluster
  */
 static CKYStatus
diff --git a/src/libckyapplet/cky_applet.h b/src/libckyapplet/cky_applet.h
index a1b7f3f..e369113 100644
--- a/src/libckyapplet/cky_applet.h
+++ b/src/libckyapplet/cky_applet.h
@@ -192,6 +192,14 @@ typedef struct _CKYAppletArgReadObject {
     CKYByte         size;
 } CKYAppletArgReadObject;
 
+typedef struct _CKYAppletArgWriteObject {
+    unsigned long objectID;
+    CKYOffset     offset;
+    CKYByte       size;
+    CKYBuffer     *data;
+
+} CKYAppletArgWriteObject;
+
 typedef struct _CKYAppletArgComputeCrypt {
     CKYByte   keyNumber;
     CKYByte   mode;
@@ -250,6 +258,8 @@ CKYStatus CKYAppletFactory_ListPINs(CKYAPDU *apdu, const void *param);
 /* param == CKYByte * (pointer to pinNumber) */
 CKYStatus CKYAppletFactory_Logout(CKYAPDU *apdu, const void *param);
 /* Future add WriteObject */
+/* parm == CKYAppletArgWriteObject */
+CKYStatus CKYAppletFactory_WriteObject(CKYAPDU *apdu, const void *param);
 /* param == CKYAppletArgCreateObject */
 CKYStatus CKYAppletFactory_CreateObject(CKYAPDU *apdu, const void *param);
 /* param == CKYAppletArgDeleteObject */
@@ -482,6 +492,17 @@ CKYStatus CKYApplet_ReadObjectAppend(CKYCardConnection *conn,
 CKYStatus CKYApplet_ReadObjectFull(CKYCardConnection *conn, 
 		unsigned long objectID, CKYOffset offset, CKYSize size,
 		 const CKYBuffer *nonce, CKYBuffer *data, CKYISOStatus *apduRC);
+/*
+ * There is 1 write command:
+ * CKYApplet_WriteObjectFull can write an entire data object. It makes multiple
+ * apdu calls in order to write the full amount into the buffer. The buffer is
+ * overwritten.
+*/
+
+CKYStatus CKYApplet_WriteObjectFull(CKYCardConnection *conn,
+        unsigned long objectID, CKYOffset offset, CKYSize size,
+        const CKYBuffer *nonce, const CKYBuffer *data, CKYISOStatus *apduRC);
+
 CKYStatus CKYApplet_ListObjects(CKYCardConnection *conn, CKYByte seq,
 		CKYAppletRespListObjects *lop, CKYISOStatus *apduRC);
 CKYStatus CKYApplet_GetStatus(CKYCardConnection *conn, 
diff --git a/src/libckyapplet/cky_factory.c b/src/libckyapplet/cky_factory.c
index d970f3a..1a99059 100644
--- a/src/libckyapplet/cky_factory.c
+++ b/src/libckyapplet/cky_factory.c
@@ -190,8 +190,11 @@ CKYAPDUFactory_ComputeCryptOneStep(CKYAPDU *apdu, CKYByte keyNumber, CKYByte mod
     CKYSize   len;
     CKYBuffer buf;
 
-    if (!idata || !(len = CKYBuffer_Size(idata)) || location != CKY_DL_APDU)
-    	return ret;
+    if (!idata)
+        return ret;
+
+    if (!(len = CKYBuffer_Size(idata)) && location != CKY_DL_OBJECT)
+        return ret;
 
     CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY);
     CKYAPDU_SetINS(apdu, CKY_INS_COMPUTE_CRYPT);
@@ -314,8 +317,6 @@ CKYAPDUFactory_Logout(CKYAPDU *apdu, CKYByte pinNumber)
     return CKYSUCCESS;
 }
 
-/* Future add WriteObject */
-
 CKYStatus
 CKYAPDUFactory_CreateObject(CKYAPDU *apdu, unsigned long objectID, CKYSize size,
     unsigned short readACL, unsigned short writeACL, unsigned short deleteACL)
@@ -419,6 +420,58 @@ fail:
 }
 
 CKYStatus
+CKYAPDUFactory_WriteObject(CKYAPDU *apdu, unsigned long objectID,
+                                    CKYOffset offset,CKYSize size,CKYBuffer *data)
+{
+    CKYBuffer buf;
+    CKYStatus ret = CKYSUCCESS;
+    unsigned short dataSize = 0;
+
+    CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY);
+    CKYAPDU_SetINS(apdu, CKY_INS_WRITE_OBJ);
+    CKYAPDU_SetP1(apdu, 0x00);
+    CKYAPDU_SetP2(apdu, 0x00);
+    CKYBuffer_InitEmpty(&buf);
+
+    dataSize = (unsigned short) CKYBuffer_Size(data);
+
+    if(!dataSize) {
+        ret = CKYINVALIDARGS;
+        goto fail;
+    }
+
+    ret = CKYBuffer_AppendLong(&buf,objectID);
+    if (ret != CKYSUCCESS) {
+        goto fail;
+    }
+    ret = CKYBuffer_AppendLong(&buf,offset);
+    if (ret != CKYSUCCESS) {
+        goto fail;
+    }
+    ret = CKYBuffer_AppendChar(&buf, size);
+    if (ret != CKYSUCCESS) {
+        goto fail;
+    }
+
+    ret = CKYAPDU_SetSendDataBuffer(apdu,&buf);
+
+    if (ret != CKYSUCCESS) {
+        goto fail;
+    }
+
+    ret = CKYAPDU_AppendSendDataBuffer(apdu, data);
+
+    if (ret != CKYSUCCESS) {
+        goto fail;
+    }
+
+fail:
+    CKYBuffer_FreeData(&buf);
+    return ret;
+
+}
+
+CKYStatus
 CKYAPDUFactory_ListObjects(CKYAPDU *apdu, CKYByte sequence)
 {
     CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY);
diff --git a/src/libckyapplet/cky_factory.h b/src/libckyapplet/cky_factory.h
index 8c17232..9b6fe83 100644
--- a/src/libckyapplet/cky_factory.h
+++ b/src/libckyapplet/cky_factory.h
@@ -190,7 +190,8 @@ CKYStatus CKYAPDUFactory_ChangePIN(CKYAPDU *apdu, CKYByte pinNUmber,
 				const char *oldPin, const char *newPin);
 CKYStatus CKYAPDUFactory_ListPINs(CKYAPDU *apdu);
 CKYStatus CKYAPDUFactory_Logout(CKYAPDU *apdu, CKYByte pinNumber);
-
+CKYStatus CKYAPDUFactory_WriteObject(CKYAPDU *apdu, unsigned long objectID,
+                CKYOffset offset,CKYSize size,CKYBuffer *data);
 /* Future add WriteObject */
 CKYStatus CKYAPDUFactory_CreateObject(CKYAPDU *apdu, unsigned long objectID,
  CKYSize size, unsigned short readACL, unsigned short writeACL,
author	jmagne <jmagne@fba4d07e-fe0f-4d7f-8147-e0026e666dc0>	2009-02-19 02:06:31 +0000
committer	jmagne <jmagne@fba4d07e-fe0f-4d7f-8147-e0026e666dc0>	2009-02-19 02:06:31 +0000
commit	365857f8dbb3baf30390799b2b040a1b350c0c5f (patch)
tree	7b1ab9c97ca26d7f7cdaa780cf4e4246a438c882
parent	51adf01a08aedd143927eb091491123f083f707f (diff)