[svn] GnuPG - r5073 - trunk/scd
svn author wk
cvs at cvs.gnupg.org
Fri Jul 10 12:15:33 CEST 2009
Author: wk
Date: 2009-07-10 12:15:33 +0200 (Fri, 10 Jul 2009)
New Revision: 5073
Modified:
trunk/scd/ChangeLog
trunk/scd/app-dinsig.c
trunk/scd/app-nks.c
trunk/scd/app-openpgp.c
trunk/scd/app-p15.c
trunk/scd/iso7816.c
trunk/scd/iso7816.h
Log:
Fix for card keys > 2048 bit.
Modified: trunk/scd/ChangeLog
===================================================================
--- trunk/scd/ChangeLog 2009-07-09 14:54:18 UTC (rev 5072)
+++ trunk/scd/ChangeLog 2009-07-10 10:15:33 UTC (rev 5073)
@@ -1,3 +1,12 @@
+2009-07-10 Werner Koch <wk at g10code.com>
+
+ * iso7816.c (iso7816_compute_ds): Add args EXTENDED_MODE and LE.
+ Change all callers to use 0.
+ (iso7816_internal_authenticate): Add args EXTENDED_MODE and LE.
+ * app-openpgp.c (do_sign): Take exmode and Le from card
+ capabilities and pass them to iso7816_compute_ds.
+ (do_auth): Ditto for iso7816_internal_authenticate.
+
2009-07-09 Werner Koch <wk at g10code.com>
* app-openpgp.c (change_keyattr): New.
Modified: trunk/scd/app-dinsig.c
===================================================================
--- trunk/scd/app-dinsig.c 2009-07-09 14:54:18 UTC (rev 5072)
+++ trunk/scd/app-dinsig.c 2009-07-10 10:15:33 UTC (rev 5073)
@@ -483,7 +483,8 @@
rc = verify_pin (app, pincb, pincb_arg);
if (!rc)
- rc = iso7816_compute_ds (app->slot, data, datalen, outdata, outdatalen);
+ rc = iso7816_compute_ds (app->slot, 0, data, datalen, 0,
+ outdata, outdatalen);
return rc;
}
Modified: trunk/scd/app-nks.c
===================================================================
--- trunk/scd/app-nks.c 2009-07-09 14:54:18 UTC (rev 5072)
+++ trunk/scd/app-nks.c 2009-07-10 10:15:33 UTC (rev 5073)
@@ -969,7 +969,8 @@
rc = verify_pin (app, 0, NULL, pincb, pincb_arg);
/* Compute the signature. */
if (!rc)
- rc = iso7816_compute_ds (app->slot, data, datalen, outdata, outdatalen);
+ rc = iso7816_compute_ds (app->slot, 0, data, datalen, 0,
+ outdata, outdatalen);
return rc;
}
Modified: trunk/scd/app-openpgp.c
===================================================================
--- trunk/scd/app-openpgp.c 2009-07-09 14:54:18 UTC (rev 5072)
+++ trunk/scd/app-openpgp.c 2009-07-10 10:15:33 UTC (rev 5073)
@@ -3008,6 +3008,7 @@
const char *fpr = NULL;
unsigned long sigcount;
int use_auth = 0;
+ int exmode, le_value;
if (!keyidstr || !*keyidstr)
return gpg_error (GPG_ERR_INV_VALUE);
@@ -3148,7 +3149,19 @@
xfree (pinvalue);
}
- rc = iso7816_compute_ds (app->slot, data, datalen, outdata, outdatalen);
+
+ if (app->app_local->cardcap.ext_lc_le)
+ {
+ exmode = 1; /* Use extended length. */
+ le_value = app->app_local->extcap.max_rsp_data;
+ }
+ else
+ {
+ exmode = 0;
+ le_value = 0;
+ }
+ rc = iso7816_compute_ds (app->slot, exmode, data, datalen, le_value,
+ outdata, outdatalen);
return rc;
}
@@ -3219,8 +3232,23 @@
rc = verify_chv2 (app, pincb, pincb_arg);
if (!rc)
- rc = iso7816_internal_authenticate (app->slot, indata, indatalen,
- outdata, outdatalen);
+ {
+ int exmode, le_value;
+
+ if (app->app_local->cardcap.ext_lc_le)
+ {
+ exmode = 1; /* Use extended length. */
+ le_value = app->app_local->extcap.max_rsp_data;
+ }
+ else
+ {
+ exmode = 0;
+ le_value = 0;
+ }
+ rc = iso7816_internal_authenticate (app->slot, exmode,
+ indata, indatalen, le_value,
+ outdata, outdatalen);
+ }
return rc;
}
Modified: trunk/scd/app-p15.c
===================================================================
--- trunk/scd/app-p15.c 2009-07-09 14:54:18 UTC (rev 5072)
+++ trunk/scd/app-p15.c 2009-07-10 10:15:33 UTC (rev 5073)
@@ -3180,11 +3180,11 @@
}
if (hashalgo == MD_USER_TLS_MD5SHA1)
- err = iso7816_compute_ds (app->slot, data, 36, outdata, outdatalen);
+ err = iso7816_compute_ds (app->slot, 0, data, 36, 0, outdata, outdatalen);
else if (no_data_padding)
- err = iso7816_compute_ds (app->slot, data+15, 20, outdata, outdatalen);
+ err = iso7816_compute_ds (app->slot, 0, data+15, 20, 0,outdata,outdatalen);
else
- err = iso7816_compute_ds (app->slot, data, 35, outdata, outdatalen);
+ err = iso7816_compute_ds (app->slot, 0, data, 35, 0, outdata, outdatalen);
return err;
}
Modified: trunk/scd/iso7816.c
===================================================================
--- trunk/scd/iso7816.c 2009-07-09 14:54:18 UTC (rev 5072)
+++ trunk/scd/iso7816.c 2009-07-10 10:15:33 UTC (rev 5073)
@@ -505,9 +505,10 @@
/* Perform the security operation COMPUTE DIGITAL SIGANTURE. On
success 0 is returned and the data is availavle in a newly
allocated buffer stored at RESULT with its length stored at
- RESULTLEN. */
+ RESULTLEN. For LE see do_generate_keypair. */
gpg_error_t
-iso7816_compute_ds (int slot, const unsigned char *data, size_t datalen,
+iso7816_compute_ds (int slot, int extended_mode,
+ const unsigned char *data, size_t datalen, int le,
unsigned char **result, size_t *resultlen)
{
int sw;
@@ -517,9 +518,16 @@
*result = NULL;
*resultlen = 0;
- sw = apdu_send (slot, 0,
- 0x00, CMD_PSO, 0x9E, 0x9A, datalen, (const char*)data,
- result, resultlen);
+ if (!extended_mode)
+ le = 256; /* Ignore provided Le and use what apdu_send uses. */
+ else if (le >= 0 && le < 256)
+ le = 256;
+
+ sw = apdu_send_le (slot, extended_mode,
+ 0x00, CMD_PSO, 0x9E, 0x9A,
+ datalen, (const char*)data,
+ le,
+ result, resultlen);
if (sw != SW_SUCCESS)
{
/* Make sure that pending buffers are released. */
@@ -586,9 +594,11 @@
}
+/* For LE see do_generate_keypair. */
gpg_error_t
-iso7816_internal_authenticate (int slot,
+iso7816_internal_authenticate (int slot, int extended_mode,
const unsigned char *data, size_t datalen,
+ int le,
unsigned char **result, size_t *resultlen)
{
int sw;
@@ -598,8 +608,16 @@
*result = NULL;
*resultlen = 0;
- sw = apdu_send (slot, 0, 0x00, CMD_INTERNAL_AUTHENTICATE, 0, 0,
- datalen, (const char*)data, result, resultlen);
+ if (!extended_mode)
+ le = 256; /* Ignore provided Le and use what apdu_send uses. */
+ else if (le >= 0 && le < 256)
+ le = 256;
+
+ sw = apdu_send_le (slot, extended_mode,
+ 0x00, CMD_INTERNAL_AUTHENTICATE, 0, 0,
+ datalen, (const char*)data,
+ le,
+ result, resultlen);
if (sw != SW_SUCCESS)
{
/* Make sure that pending buffers are released. */
Modified: trunk/scd/iso7816.h
===================================================================
--- trunk/scd/iso7816.h 2009-07-09 14:54:18 UTC (rev 5072)
+++ trunk/scd/iso7816.h 2009-07-10 10:15:33 UTC (rev 5073)
@@ -93,15 +93,17 @@
gpg_error_t iso7816_manage_security_env (int slot, int p1, int p2,
const unsigned char *data,
size_t datalen);
-gpg_error_t iso7816_compute_ds (int slot,
+gpg_error_t iso7816_compute_ds (int slot, int extended_mode,
const unsigned char *data, size_t datalen,
+ int le,
unsigned char **result, size_t *resultlen);
gpg_error_t iso7816_decipher (int slot, int extended_mode,
const unsigned char *data, size_t datalen,
int padind,
unsigned char **result, size_t *resultlen);
-gpg_error_t iso7816_internal_authenticate (int slot,
+gpg_error_t iso7816_internal_authenticate (int slot, int extended_mode,
const unsigned char *data, size_t datalen,
+ int le,
unsigned char **result, size_t *resultlen);
gpg_error_t iso7816_generate_keypair (int slot, int extended_mode,
const unsigned char *data, size_t datalen,
More information about the Gnupg-commits
mailing list