[Openpgpmdrv-commits] r3 - in trunk: OpenPGPminidriver OpenPGPminidriverTest
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Feb 25 23:09:18 CET 2010
Author: vletoux
Date: 2010-02-25 23:09:17 +0100 (Thu, 25 Feb 2010)
New Revision: 3
Modified:
trunk/OpenPGPminidriver/CardAndContainerProperties.c
trunk/OpenPGPminidriver/CryptoOperations.c
trunk/OpenPGPminidriver/CryptoOperations.h
trunk/OpenPGPminidriver/PinOperations.c
trunk/OpenPGPminidriver/SmartCard.c
trunk/OpenPGPminidriverTest/BaseCSP.cpp
trunk/OpenPGPminidriverTest/CryptoOperations.cpp
trunk/OpenPGPminidriverTest/global.h
Log:
fixed public key export (big endian - little endian issue)
signature works (sign & verify)
decrypt really decrypt but output not recognized yet by cryptoapi
Modified: trunk/OpenPGPminidriver/CardAndContainerProperties.c
===================================================================
--- trunk/OpenPGPminidriver/CardAndContainerProperties.c 2010-02-24 07:13:15 UTC (rev 2)
+++ trunk/OpenPGPminidriver/CardAndContainerProperties.c 2010-02-25 22:09:17 UTC (rev 3)
@@ -137,7 +137,7 @@
__leave;
}
*pdwDataLen = cbData;
- if(bContainerIndex < MaxContainer)
+ if(bContainerIndex >= MaxContainer)
{
dwReturn = SCARD_E_NO_KEY_CONTAINER;
Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_NO_KEY_CONTAINER %d", bContainerIndex);
Modified: trunk/OpenPGPminidriver/CryptoOperations.c
===================================================================
--- trunk/OpenPGPminidriver/CryptoOperations.c 2010-02-24 07:13:15 UTC (rev 2)
+++ trunk/OpenPGPminidriver/CryptoOperations.c 2010-02-25 22:09:17 UTC (rev 3)
@@ -26,9 +26,9 @@
OPENPGP_CONTAINER_INFO Containers[] =
{
- {0xB6, CALG_RSA_SIGN, AT_SIGNATURE, ROLE_SIGNATURE},
- {0xA4, CALG_RSA_SIGN, AT_SIGNATURE, ROLE_AUTHENTICATION},
- {0xB8, CALG_RSA_KEYX, AT_KEYEXCHANGE, ROLE_CONFIDENTIALITY}
+ {0xB6, 0xCE, 0xC7, CALG_RSA_SIGN, AT_SIGNATURE, ROLE_SIGNATURE},
+ {0xA4, 0xD0, 0xC9, CALG_RSA_SIGN, AT_SIGNATURE, ROLE_AUTHENTICATION},
+ {0xB8, 0xCF, 0xC8, CALG_RSA_KEYX, AT_KEYEXCHANGE, ROLE_CONFIDENTIALITY}
};
@@ -281,7 +281,7 @@
DWORD dwReturn = 0;
DWORD bitlen = pbPublicKeyBlob->rsapubkey.bitlen;
- PBYTE pbPublicKeyData = (PBYTE) pbPublicKeyBlob + sizeof(BLOBHEADER) + sizeof(RSAPUBKEY);
+ PBYTE pbPublicKeyData = (PBYTE) &(pbPublicKeyBlob->modulus);
// 7F48 len is < 7F so its encoded len is 1 bytes
// 3 bytes max + length * 7 potential plv
BYTE b7F48Header[(3 +1) * 7 + 3] = {0x7F, 0x48};
@@ -290,6 +290,7 @@
DWORD dwOffset = 0;
DWORD dw7F48HeaderSize, dw5F48HeaderSize, dw4DHeaderSize;
DWORD dwKeyDataSize, dwExtendedHeaderListSize;
+ DWORD dwI;
__try
{
// build the 7F48 header + the data into a buffer
@@ -351,7 +352,7 @@
memcpy(*ppbTlv + dwOffset, b4DHeader, dw4DHeaderSize);
dwOffset += dw4DHeaderSize;
// control reference templace
- (*ppbTlv)[dwOffset++] = Containers[dwContainer].Tag;
+ (*ppbTlv)[dwOffset++] = Containers[dwContainer].bKeyTag;
(*ppbTlv)[dwOffset++] = 0;
// cardholder private key template
memcpy(*ppbTlv + dwOffset, b7F48Header, dw7F48HeaderSize);
@@ -360,34 +361,62 @@
memcpy(*ppbTlv + dwOffset, b5F48Header, dw5F48HeaderSize);
dwOffset += dw5F48HeaderSize;
// Concatenation of key data
- // exponent in little endian
+ // exponent little => big endian
(*ppbTlv)[dwOffset++] = (BYTE) (pbPublicKeyBlob->rsapubkey.pubexp / 0x1000000);
(*ppbTlv)[dwOffset++] = (BYTE) ((pbPublicKeyBlob->rsapubkey.pubexp % 0x1000000) / 0x10000);
(*ppbTlv)[dwOffset++] = (BYTE) ((pbPublicKeyBlob->rsapubkey.pubexp % 0x10000) / 0x100);
(*ppbTlv)[dwOffset++] = (BYTE) ((pbPublicKeyBlob->rsapubkey.pubexp % 0x100) / 0x1);
// prime1
- memcpy(*ppbTlv + dwOffset, pbPublicKeyData + bitlen/8 , bitlen / 16);
+ //memcpy(*ppbTlv + dwOffset, pbPublicKeyData + (2*bitlen)/16, bitlen / 16);
+ for(dwI = 0; dwI < bitlen / 16; dwI++)
+ {
+ (*ppbTlv)[dwOffset+dwI] = pbPublicKeyData[(3*bitlen)/16 - 1 - dwI];
+ }
+ TraceDump(WINEVENT_LEVEL_VERBOSE, *ppbTlv + dwOffset, bitlen / 16);
dwOffset += bitlen / 16;
+
// prime2
- memcpy(*ppbTlv + dwOffset, pbPublicKeyData + (2+1) * bitlen / 16 , bitlen / 16);
+ for(dwI = 0; dwI < bitlen / 16; dwI++)
+ {
+ (*ppbTlv)[dwOffset+dwI] = pbPublicKeyData[(4*bitlen)/16 - 1 - dwI];
+ }
+ //memcpy(*ppbTlv + dwOffset, pbPublicKeyData + (3*bitlen)/16, bitlen / 16);
+ TraceDump(WINEVENT_LEVEL_VERBOSE, *ppbTlv + dwOffset, bitlen / 16);
dwOffset += bitlen / 16;
if (bFormat & 2)
{
// coeff
- memcpy(*ppbTlv + dwOffset, pbPublicKeyData + (2+1 + 3) * bitlen / 16 , bitlen / 16);
+ //memcpy(*ppbTlv + dwOffset, pbPublicKeyData + (2+1 + 3) * bitlen / 16 , bitlen / 16);
+ for(dwI = 0; dwI < bitlen / 16; dwI++)
+ {
+ (*ppbTlv)[dwOffset+dwI] = pbPublicKeyData[(7*bitlen)/16 - 1 - dwI];
+ }
dwOffset += bitlen / 16;
// exponent1
- memcpy(*ppbTlv + dwOffset, pbPublicKeyData + (2+1 + 1) * bitlen / 16 , bitlen / 16);
+ //memcpy(*ppbTlv + dwOffset, pbPublicKeyData + (2+1 + 1) * bitlen / 16 , bitlen / 16);
+ for(dwI = 0; dwI < bitlen / 16; dwI++)
+ {
+ (*ppbTlv)[dwOffset+dwI] = pbPublicKeyData[(5*bitlen)/16 - 1 - dwI];
+ }
dwOffset += bitlen / 16;
// exponent2
- memcpy(*ppbTlv + dwOffset, pbPublicKeyData + (2+1 + 2) * bitlen / 16 , bitlen / 16);
+ //memcpy(*ppbTlv + dwOffset, pbPublicKeyData + (2+1 + 2) * bitlen / 16 , bitlen / 16);
+ for(dwI = 0; dwI < bitlen / 16; dwI++)
+ {
+ (*ppbTlv)[dwOffset+dwI] = pbPublicKeyData[(6*bitlen)/16 - 1 - dwI];
+ }
dwOffset += bitlen / 16;
}
if (bFormat & 1)
{
// modulus
- memcpy(*ppbTlv + dwOffset, pbPublicKeyData, bitlen / 8);
+ //memcpy(*ppbTlv + dwOffset, pbPublicKeyData, bitlen / 8);
+ for(dwI = 0; dwI < bitlen / 8; dwI++)
+ {
+ (*ppbTlv)[dwOffset+dwI] = pbPublicKeyData[bitlen / 8 - 1 - dwI];
+ }
}
+ TraceDump(WINEVENT_LEVEL_VERBOSE, pbPublicKeyData, bitlen / 8);
}
__finally
{
@@ -395,6 +424,153 @@
return dwReturn;
}
+DWORD UpdateGenerationDateTime(__in PCARD_DATA pCardData, __in OPENPGP_CONTAINER dwContainer,
+ __out PDWORD pdwSecondsSince1970)
+{
+ DWORD dwReturn = 0;
+ LARGE_INTEGER UnixZeroTime = {0}, WindowsTime;
+ SYSTEMTIME WindowsSystemTime;
+ FILETIME WindowsFileTime;
+ BYTE pbCommand[] = {0x00, 0xDA, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00};
+ DWORD dwCommandSize = ARRAYSIZE(pbCommand);
+ __try
+ {
+ UnixZeroTime.QuadPart = 116444736000000000I64; // january 1st 1970
+ GetSystemTime(&WindowsSystemTime);
+ SystemTimeToFileTime(&WindowsSystemTime, &WindowsFileTime);
+ /* It is not recommended that you add and subtract values from the FILETIME
+ structure to obtain relative times. Instead, you should copy the low- and high-order
+ parts of the file time to a ULARGE_INTEGER structure, perform 64-bit arithmetic
+ on the QuadPart member, and copy the LowPart and HighPart members into the
+ FILETIME structure.
+
+ Do not cast a pointer to a FILETIME structure to either a ULARGE_INTEGER*
+ or __int64* value because it can cause alignment faults on 64-bit Windows.
+ */
+ WindowsTime.HighPart = WindowsFileTime.dwHighDateTime;
+ WindowsTime.LowPart = WindowsFileTime.dwLowDateTime;
+ *pdwSecondsSince1970 = (DWORD)((WindowsTime.QuadPart - UnixZeroTime.QuadPart) / 10000000);
+
+ pbCommand[3] = Containers[dwContainer].bDateTimeTag;
+ pbCommand[5] = (BYTE) (*pdwSecondsSince1970 / 0x1000000);
+ pbCommand[6] = (BYTE) ((*pdwSecondsSince1970 % 0x1000000) / 0x10000);
+ pbCommand[7] = (BYTE) ((*pdwSecondsSince1970 % 0x10000) / 0x100);
+ pbCommand[8] = (BYTE) ((*pdwSecondsSince1970 % 0x100) / 0x1);
+ dwReturn = SCardSendCommand(pCardData, pbCommand, dwCommandSize);
+ }
+ __finally
+ {
+ }
+ return dwReturn;
+}
+
+DWORD UpdateFingerPrint(__in PCARD_DATA pCardData, __in OPENPGP_CONTAINER dwContainer,
+ __in DWORD dwSecondsSince1970,
+ __in PBYTE pbModulus, __in DWORD dwModulusSizeInBit,
+ __in BOOL fIsModulusInBigEndian,
+ __in DWORD dwExponent)
+{
+ // modulus in input are in big endian
+ // rfc4880 12.2
+ DWORD dwReturn = 0;
+ PBYTE pbBuffer = NULL;
+ DWORD dwBufferSize;
+ DWORD dwOffset = 0;
+ HCRYPTPROV hProv = 0;
+ HCRYPTHASH hHash = 0;
+ BYTE pbCommand[25] = {0x00, 0xDA, 0x00, 0x00, 0x14};
+ DWORD dwCommandSize = ARRAYSIZE(pbCommand);
+ DWORD dwHashLen = 0x14;
+ __try
+ {
+ dwBufferSize = dwModulusSizeInBit / 8 + sizeof(DWORD) + 10 + 3;
+ pbBuffer = (PBYTE) pCardData->pfnCspAlloc(dwBufferSize);
+ if (!pbBuffer)
+ {
+ dwReturn = SCARD_E_NO_MEMORY;
+ Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_NO_MEMORY");
+ __leave;
+ }
+ pbBuffer[dwOffset++] = 0x99;
+ // -3 because of the header size
+ pbBuffer[dwOffset++] = (BYTE) ((dwBufferSize-3) / 0x100);
+ pbBuffer[dwOffset++] = (BYTE) ((dwBufferSize-3) % 0x100);
+ // rfc4880 5.5.2
+ // version
+ pbBuffer[dwOffset++] = 4;
+ // timestamp
+ pbBuffer[dwOffset++] = (BYTE) (dwSecondsSince1970 / 0x1000000);
+ pbBuffer[dwOffset++] = (BYTE) ((dwSecondsSince1970 % 0x1000000) / 0x10000);
+ pbBuffer[dwOffset++] = (BYTE) ((dwSecondsSince1970 % 0x10000) / 0x100);
+ pbBuffer[dwOffset++] = (BYTE) ((dwSecondsSince1970 % 0x100) / 0x1);
+ // RSA
+ pbBuffer[dwOffset++] = 1;
+ // size of modulus
+ pbBuffer[dwOffset++] = (BYTE) ((dwModulusSizeInBit % 0x10000) / 0x100);
+ pbBuffer[dwOffset++] = (BYTE) ((dwModulusSizeInBit % 0x100) / 0x1);
+ if (fIsModulusInBigEndian)
+ {
+ memcpy(pbBuffer + dwOffset, pbModulus, dwModulusSizeInBit / 8);
+ }
+ else
+ {
+ DWORD dwI;
+ for(dwI = 0; dwI < dwModulusSizeInBit / 8; dwI++)
+ {
+ pbBuffer[dwOffset + dwI] = pbModulus[dwModulusSizeInBit / 8 - 1 - dwI];
+ }
+ }
+ // size of exponent
+ pbBuffer[dwOffset++] = 0;
+ pbBuffer[dwOffset++] = sizeof(DWORD);
+ // exponent
+ pbBuffer[dwOffset++] = (BYTE) (dwExponent / 0x1000000);
+ pbBuffer[dwOffset++] = (BYTE) ((dwExponent % 0x1000000) / 0x10000);
+ pbBuffer[dwOffset++] = (BYTE) ((dwExponent % 0x10000) / 0x100);
+ pbBuffer[dwOffset++] = (BYTE) ((dwExponent % 0x100) / 0x1);
+
+ // hash using SHA1
+ if (!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
+ {
+ dwReturn = GetLastError();
+ Trace(WINEVENT_LEVEL_ERROR, L"CryptAcquireContext 0x%08X", dwReturn);
+ __leave;
+ }
+ if(!CryptCreateHash(hProv, CALG_SHA1, 0, 0, &hHash))
+ {
+ dwReturn = GetLastError();
+ Trace(WINEVENT_LEVEL_ERROR, L"CryptCreateHash 0x%08X", dwReturn);
+ __leave;
+ }
+ if(!CryptHashData(hHash, pbBuffer, dwBufferSize, 0))
+ {
+ dwReturn = GetLastError();
+ Trace(WINEVENT_LEVEL_ERROR, L"CryptHashData 0x%08X", dwReturn);
+ __leave;
+ }
+ if(!CryptGetHashParam(hHash, HP_HASHVAL, pbCommand + 5, &dwHashLen, 0)) {
+ dwReturn = GetLastError();
+ Trace(WINEVENT_LEVEL_ERROR, L"CryptGetHashParam 0x%08X", dwReturn);
+ __leave;
+ }
+ pbCommand[3] = Containers[dwContainer].bSignatureTag;
+ dwReturn = SCardSendCommand(pCardData, pbCommand, dwCommandSize);
+
+ }
+ __finally
+ {
+ if (pbBuffer)
+ pCardData->pfnCspFree(pbBuffer);
+ if(hHash)
+ CryptDestroyHash(hHash);
+ if(hProv)
+ CryptReleaseContext(hProv,0);
+
+ }
+ return dwReturn;
+
+}
+
DWORD SCardReadPublicKey(PCARD_DATA pCardData, OPENPGP_CONTAINER dwContainer, PBYTE *pbPublicKey, PDWORD pdwPublicKeySize)
{
DWORD dwReturn;
@@ -415,7 +591,7 @@
DWORD dwCmdSize;
POPENPGP_CONTEXT pContext;
PBYTE pbModulus;
- DWORD dwModulusSize;
+ DWORD dwModulusSize, dwI;
PBYTE pbExponent;
PRSAPUBLICKEYBLOB pbBlob = NULL;
__try
@@ -428,7 +604,7 @@
__leave;
}
pContext = (POPENPGP_CONTEXT) pCardData->pvVendorSpecific;
- pbCmd[7] = Containers[dwContainer].Tag;
+ pbCmd[7] = Containers[dwContainer].bKeyTag;
dwCmdSize = 9;
if (pContext->fExtentedLeLcFields)
{
@@ -458,12 +634,13 @@
Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_UNEXPECTED 0x81");
__leave;
}
+ Trace(WINEVENT_LEVEL_INFO, L"dwModulusSize %d bits", dwModulusSize * 8);
*pdwPublicKeySize = sizeof(RSAPUBLICKEYBLOB) + dwModulusSize - sizeof(DWORD);
*pbPublicKey = pCardData->pfnCspAlloc(*pdwPublicKeySize);
if (!*pbPublicKey)
{
dwReturn = SCARD_E_NO_MEMORY;
- Trace(WINEVENT_LEVEL_INFO, L"SCARD_E_NO_MEMORY %d", dwContainer);
+ Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_NO_MEMORY %d", dwContainer);
__leave;
}
pbBlob = (PRSAPUBLICKEYBLOB) *pbPublicKey;
@@ -475,8 +652,14 @@
pbBlob->rsapubkey.magic = 0x31415352; //'RSA1';
pbBlob->rsapubkey.bitlen = dwModulusSize*8;
pbBlob->rsapubkey.pubexp = pbExponent[0] * 0x1000000 + pbExponent[1] * 0x10000 + pbExponent[2] * 0x100 + pbExponent[3];
- memcpy(pbBlob->modulus, pbModulus, dwModulusSize);
- //TraceDump(WINEVENT_LEVEL_INFO, (PBYTE) pbBlob,*pdwPublicKeySize);
+ // convert big endian into little endian
+ //memcpy(pbBlob->modulus, pbModulus, dwModulusSize);
+ for (dwI = 0; dwI < dwModulusSize; dwI++)
+ {
+ pbBlob->modulus[dwI] = pbModulus[dwModulusSize - 1 - dwI];
+ }
+
+ //TraceDump(WINEVENT_LEVEL_VERBOSE, pbModulus, dwModulusSize);
dwReturn = 0;
}
__finally
@@ -492,6 +675,9 @@
DWORD dwResponseSize = 0, dwCmdSize;
OPENPGP_ALGORITHM_ATTRIBUTE Attributes;
POPENPGP_CONTEXT pContext;
+ DWORD dwSecondsSince1970;
+ PBYTE pbModulus, pbExponent;
+ DWORD dwModulusSize, dwExponent;
BYTE pbCmd[] = {0x00,
0x47,
0x80,
@@ -533,7 +719,7 @@
}
pContext = (POPENPGP_CONTEXT) pCardData->pvVendorSpecific;
- pbCmd[7] = Containers[dwContainer].Tag;
+ pbCmd[7] = Containers[dwContainer].bKeyTag;
dwCmdSize = 9;
if (pContext->fExtentedLeLcFields)
{
@@ -550,6 +736,30 @@
{
__leave;
}
+ if (!find_tlv(pbData,0x81,&pbModulus,&dwModulusSize))
+ {
+ dwReturn = SCARD_E_UNEXPECTED;
+ Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_UNEXPECTED 0x81");
+ __leave;
+ }
+ if (!find_tlv(pbData,0x82,(PBYTE*)&pbExponent,NULL))
+ {
+ dwReturn = SCARD_E_UNEXPECTED;
+ Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_UNEXPECTED 0x81");
+ __leave;
+ }
+ dwExponent = pbExponent[0] * 0x1000000 + pbExponent[1] * 0x10000 + pbExponent[2] * 0x100 + pbExponent[3];
+ dwReturn = UpdateGenerationDateTime(pCardData, dwContainer, &dwSecondsSince1970);
+ if (dwReturn)
+ {
+ __leave;
+ }
+ dwReturn = UpdateFingerPrint(pCardData, dwContainer, dwSecondsSince1970,
+ pbModulus,
+ dwModulusSize * 8,
+ TRUE,
+ dwExponent
+ );
}
__finally
{
@@ -573,6 +783,7 @@
OPENPGP_ALGORITHM_ATTRIBUTE Attributes;
PRSAPUBLICKEYBLOB pbPublicKeyBlob = (PRSAPUBLICKEYBLOB) pBlob;
BYTE bCommand[] = {0x00,0xDB,0x3F,0xFF};
+ DWORD dwSecondsSince1970;
__try
{
Trace(WINEVENT_LEVEL_VERBOSE, L"Enter dwContainer=%d",dwContainer);
@@ -654,6 +865,17 @@
{
__leave;
}
+ dwReturn = UpdateGenerationDateTime(pCardData, dwContainer, &dwSecondsSince1970);
+ if (dwReturn)
+ {
+ __leave;
+ }
+ dwReturn = UpdateFingerPrint(pCardData, dwContainer, dwSecondsSince1970,
+ pbPublicKeyBlob->modulus,
+ pbPublicKeyBlob->rsapubkey.bitlen,
+ FALSE,
+ pbPublicKeyBlob->rsapubkey.pubexp
+ );
}
__finally
{
@@ -740,11 +962,11 @@
pbCmd[dwCmdSize++] = (BYTE) (SignatureAlgorithm[dwI].dwEncodedOidSize + pInfo->cbData);
memcpy(pbCmd + dwCmdSize , SignatureAlgorithm[dwI].pbEncodedOid,SignatureAlgorithm[dwI].dwEncodedOidSize);
dwCmdSize += SignatureAlgorithm[dwI].dwEncodedOidSize;
- for(dwI = 0 ; dwI < pInfo->cbData ; dwI++)
+ /*for(dwI = 0 ; dwI < pInfo->cbData ; dwI++)
{
pbCmd[dwCmdSize + dwI] = pInfo->pbData[pInfo->cbData - dwI -1];
- }
- //memcpy(pbCmd + dwCmdSize, pInfo->pbData,pInfo->cbData);
+ }*/
+ memcpy(pbCmd + dwCmdSize, pInfo->pbData,pInfo->cbData);
dwCmdSize += pInfo->cbData;
@@ -774,7 +996,7 @@
pInfo->pbSignedData[dwI] = pInfo->pbSignedData[pInfo->cbSignedData - 1 - dwI];
pInfo->pbSignedData[pInfo->cbSignedData - 1 - dwI] = bTemp;
}
- TraceDump(WINEVENT_LEVEL_ERROR,pInfo->pbSignedData,pInfo->cbSignedData);
+ //TraceDump(WINEVENT_LEVEL_ERROR,pInfo->pbSignedData,pInfo->cbSignedData);
}
__finally
{
@@ -800,6 +1022,7 @@
0x00,
};
POPENPGP_CONTEXT pContext;
+ DWORD dwI;
__try
{
Trace(WINEVENT_LEVEL_VERBOSE, L"Enter dwContainer=%d",pInfo->bContainerIndex);
@@ -827,7 +1050,11 @@
pbCmd[dwCmdSize++] = (BYTE)((pInfo->cbData +1) % 0x100);
}
pbCmd[dwCmdSize++] = 0;
- memcpy(pbCmd + dwCmdSize, pInfo->pbData, pInfo->cbData);
+ //memcpy(pbCmd + dwCmdSize, pInfo->pbData, pInfo->cbData);
+ for(dwI = 0; dwI < pInfo->cbData; dwI++)
+ {
+ pbCmd[dwCmdSize + dwI] = pInfo->pbData[pInfo->cbData -1 -dwI];
+ }
dwCmdSize += pInfo->cbData;
if (pContext->fExtentedLeLcFields)
{
@@ -855,7 +1082,10 @@
__finally
{
if (pbData)
+ {
+ SecureZeroMemory(pbData, dwResponseSize);
pCardData->pfnCspFree(pbData);
+ }
}
return dwReturn;
}
Modified: trunk/OpenPGPminidriver/CryptoOperations.h
===================================================================
--- trunk/OpenPGPminidriver/CryptoOperations.h 2010-02-24 07:13:15 UTC (rev 2)
+++ trunk/OpenPGPminidriver/CryptoOperations.h 2010-02-25 22:09:17 UTC (rev 3)
@@ -25,9 +25,11 @@
typedef struct _OPENPGP_CONTAINER_INFO
{
- BYTE Tag;
- ALG_ID aiKeyAlg;
- DWORD dwKeySpec;
+ BYTE bKeyTag;
+ BYTE bDateTimeTag;
+ BYTE bSignatureTag;
+ ALG_ID aiKeyAlg;
+ DWORD dwKeySpec;
PIN_ID PinId;
} OPENPGP_CONTAINER_INFO, *POPENPGP_CONTAINER_INFO;
Modified: trunk/OpenPGPminidriver/PinOperations.c
===================================================================
--- trunk/OpenPGPminidriver/PinOperations.c 2010-02-24 07:13:15 UTC (rev 2)
+++ trunk/OpenPGPminidriver/PinOperations.c 2010-02-25 22:09:17 UTC (rev 3)
@@ -164,13 +164,13 @@
{
__leave;
}
- switch(PinId)
+ /*switch(PinId)
{
case ROLE_AUTHENTICATION:
case ROLE_CONFIDENTIALITY:
dwReturn = VerifyPIN(pCardData, ROLE_SIGNATURE, pbPin, cbPin);
break;
- }
+ }*/
}
__finally
Modified: trunk/OpenPGPminidriver/SmartCard.c
===================================================================
--- trunk/OpenPGPminidriver/SmartCard.c 2010-02-24 07:13:15 UTC (rev 2)
+++ trunk/OpenPGPminidriver/SmartCard.c 2010-02-25 22:09:17 UTC (rev 3)
@@ -178,12 +178,6 @@
dwReturn = SCARD_E_FILE_NOT_FOUND;
__leave;
}
- else if ( (SW1 == 0x69) && (SW2 == 0x85) )
- {
- Trace(WINEVENT_LEVEL_ERROR, L"SCARD_W_SECURITY_VIOLATION");
- dwReturn = SCARD_W_SECURITY_VIOLATION;
- __leave;
- }
else
{
TraceDump(WINEVENT_LEVEL_ERROR, pbCmd,dwCmdSize);
Modified: trunk/OpenPGPminidriverTest/BaseCSP.cpp
===================================================================
--- trunk/OpenPGPminidriverTest/BaseCSP.cpp 2010-02-24 07:13:15 UTC (rev 2)
+++ trunk/OpenPGPminidriverTest/BaseCSP.cpp 2010-02-25 22:09:17 UTC (rev 3)
@@ -19,7 +19,9 @@
#include <tchar.h>
#include <Cryptuiapi.h>
#include <commctrl.h>
+#include <cardmod.h>
#include "dialog.h"
+#include "global.h"
#pragma comment(lib,"Cryptui")
#pragma comment(lib,"Crypt32")
@@ -319,8 +321,11 @@
HCRYPTHASH hHash = NULL;
PBYTE pbSignature = NULL;
DWORD dwSignatureSize = 0;
+ PBYTE pbSignatureTest = NULL;
+ DWORD dwSignatureTestSize = 0;
BYTE pbChallenge[20];
TCHAR szDescription[] = TEXT("Test");
+ TCHAR szContainerName[] = OPENPGP_TEST_CONTAINER;
__try
{
bStatus = CryptAcquireContext(&hProv,szContainer, MS_SCARD_PROV, PROV_RSA_FULL, 0);
@@ -378,8 +383,6 @@
LocalFree(pbSignature);
if (hHash)
CryptDestroyHash(hHash);
- if (hKey)
- CryptDestroyKey(hKey);
if (hProv)
CryptReleaseContext(hProv, 0);
}
@@ -395,22 +398,7 @@
HCRYPTHASH hHash = NULL;
PBYTE pbCrypt = NULL;
DWORD dwCryptSize = 0, dwBufferSize;
- BYTE pbChallenge[]=
- {0x09,0x59,0x1B,0x38,0x56,0xBD,0x71,0xA2,0x38,0x70,0x4E,0xDC,0x47,0xB3,0x0B,0x19,0xB3,
- 0x33,0x65,0x79,0xF7,0x46,0x4C,0xBF,0x24,0x77,
- 0x7E,0x06,0x1D,0xA6,0x97,0x46,0x08,0x0C,0x95};
- BYTE pbDecrypt[] =
- {0x5D,0x29,0xB8,0xC2,0x27,0x26,0xAC,0x36,0x29,0x40,0xEF,0x38,0x65,0xD0,0x37,0x85,0x11,0x91
-,0x18,0x98,0x6A,0xDF,0xA4,0x5A,0xC2,0x66,0x4F,0x1E,0xF6,0xC5,0xE5,0xEE,0x85,0xC2,0x0A,0xA6,0xFF,0x69,0x6D,0xF1,0xF5,0xEA,0x83,0x49
-,0xB6,0x8E,0xE2,0xE8,0x2C,0x0B,0x38,0x9B,0x70,0x60,0xF8,0x1F,0xE1,0xCC,0xE5,0xA4,0xD9,0xF6,0x39,0x8D,0x94,0x6A,0x36,0xF0,0xA5,0x8B
-,0xF3,0x7F,0xC1,0xC8,0x53,0x42,0x70,0x33,0x6E,0x28,0xFC,0x5E,0xAC,0x7B,0xBC,0xB5,0x0D,0x93,0xD6,0xCC,0xF3,0x05,0x47,0xD8,0xAB,0x5E
-,0x43,0x8B,0x17,0x27,0x38,0x70,0xC9,0x0D,0xFC,0xF6,0x8F,0xEA,0x63,0xBB,0xF4,0x58,0xB1,0x8B,0x8D,0xC7,0x89,0x43,0x7A,0x69,0xEC,0x1E
-,0x9F,0x13,0xFC,0xC2,0x73,0xEA,0x04,0x0C,0x4E,0x1B,0x1B,0x55,0x51,0x14,0x20,0x90,0x60,0x30,0x73,0x11,0xE8,0x6F,0xF0,0x45,0xC0,0x49
-,0x1A,0x0B,0x9F,0x7C,0x30,0x5E,0xF9,0x69,0x2F,0x98,0x2C,0x53,0x06,0x02,0x93,0xAE,0xC8,0x12,0xEE,0x81,0xD4,0x9C,0xE6,0x16,0xB2,0x7D
-,0xF3,0x3E,0x9D,0xB5,0xDC,0x39,0x39,0x43,0xA1,0x37,0x81,0x06,0xC8,0x8D,0x40,0xB0,0x62,0x8F,0xE1,0x6C,0xB3,0xDE,0x08,0xC2,0x06,0xD5
-,0x8A,0x57,0xB5,0x3A,0x24,0x7A,0x75,0x97,0xDD,0x06,0x3B,0x16,0x4D,0xEE,0xC7,0x5E,0x88,0x49,0xF0,0x02,0x3C,0x99,0x93,0xE2,0x98,0xC5
-,0x8A,0x65,0x2F,0x85,0x99,0x25,0xC3,0x91,0x62,0x9E,0x39,0xB7,0xAB,0xB6,0x51,0x0C,0x74,0x98,0x5C,0x58,0x70,0x44,0xDE,0x79,0xF0,0xC5
-,0x04,0xAF,0x59,0xA5};
+ BYTE pbChallenge[20] = "test";
__try
{
bStatus = CryptAcquireContext(&hProv,szContainer, MS_SCARD_PROV, PROV_RSA_FULL, 0);
@@ -425,7 +413,7 @@
dwReturn = GetLastError();
__leave;
}
- //bStatus = CryptGenRandom(hProv,ARRAYSIZE(pbChallenge),pbChallenge);
+ bStatus = CryptGenRandom(hProv,ARRAYSIZE(pbChallenge),pbChallenge);
if (!bStatus)
{
dwReturn = GetLastError();
@@ -446,14 +434,12 @@
}
memcpy(pbCrypt, pbChallenge, ARRAYSIZE(pbChallenge));
dwCryptSize = ARRAYSIZE(pbChallenge);
- if (!CryptEncrypt(hKey,NULL, FALSE, 0, pbCrypt, &dwCryptSize,dwBufferSize))
+ if (!CryptEncrypt(hKey,NULL, TRUE, 0, pbCrypt, &dwCryptSize,dwBufferSize))
{
dwReturn = GetLastError();
__leave;
}
- //if (!CryptDecrypt(hKey, NULL, FALSE, 0, pbCrypt, &dwCryptSize))
- dwCryptSize = ARRAYSIZE(pbDecrypt);
- if (!CryptDecrypt(hKey, NULL, FALSE, 0, pbDecrypt, &dwCryptSize))
+ if (!CryptDecrypt(hKey, NULL, TRUE, 0, pbCrypt, &dwCryptSize))
{
dwReturn = GetLastError();
__leave;
Modified: trunk/OpenPGPminidriverTest/CryptoOperations.cpp
===================================================================
--- trunk/OpenPGPminidriverTest/CryptoOperations.cpp 2010-02-24 07:13:15 UTC (rev 2)
+++ trunk/OpenPGPminidriverTest/CryptoOperations.cpp 2010-02-25 22:09:17 UTC (rev 3)
@@ -59,16 +59,30 @@
return dwReturn;
}
+#pragma pack(push,1)
+typedef struct _RSAPUBLICKEYBLOB
+{
+ BLOBHEADER blobheader;
+ RSAPUBKEY rsapubkey;
+ BYTE modulus[sizeof(DWORD)];
+} RSAPUBLICKEYBLOB, *PRSAPUBLICKEYBLOB;
+#pragma pack(pop)
+
DWORD ImportKey(DWORD dwIndex)
{
DWORD dwReturn, dwKeySpec;
PIN_ID PinId;
HCRYPTPROV hProv = NULL;
HCRYPTKEY hKey = NULL;
- TCHAR szContainerName[] = TEXT("Test_OPENPGPG");
+ TCHAR szContainerName[] = OPENPGP_TEST_CONTAINER;
BYTE pbData[4096];
+ BYTE pbBlobRef[4096];
DWORD dwDataSize = ARRAYSIZE(pbData);
+ DWORD dwBlobRefSize = ARRAYSIZE(pbBlobRef);
BOOL bStatus;
+ CONTAINER_INFO ContainerInfo;
+ PRSAPUBLICKEYBLOB pBlob, pBlobRef;
+ DWORD dwAglLen, dwSize;
__try
{
if (!pCardData)
@@ -94,13 +108,21 @@
dwReturn = SCARD_E_UNEXPECTED;
__leave;
}
- bStatus = CryptAcquireContext(&hProv, szContainerName, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET);
+ bStatus = CryptAcquireContext(&hProv, szContainerName, MS_ENHANCED_PROV, PROV_RSA_FULL, 0);
if (!bStatus)
{
dwReturn = GetLastError();
- __leave;
+ if (dwReturn == NTE_BAD_KEYSET)
+ {
+ bStatus = CryptAcquireContext(&hProv, szContainerName, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET);
+ }
+ if (!bStatus)
+ {
+ dwReturn = GetLastError();
+ __leave;
+ }
}
- bStatus = CryptGenKey(hProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hKey);
+ bStatus = CryptGenKey(hProv, dwKeySpec, CRYPT_EXPORTABLE, &hKey);
if (!bStatus)
{
dwReturn = GetLastError();
@@ -112,15 +134,49 @@
dwReturn = GetLastError();
__leave;
}
+ dwSize = sizeof(DWORD);
+ bStatus = CryptGetKeyParam(hKey, KP_KEYLEN, (PBYTE) &dwAglLen,&dwSize , 0);
dwReturn = pCardData->pfnCardCreateContainerEx(pCardData, (BYTE) dwIndex,
CARD_CREATE_CONTAINER_KEY_IMPORT,
- dwKeySpec, 1024, pbData, PinId);
+ dwKeySpec, dwAglLen, pbData, PinId);
+ if (dwReturn)
+ {
+ __leave;
+ }
+ memset(&ContainerInfo,0,sizeof(CONTAINER_INFO));
+ ContainerInfo.dwVersion = 0;
+ dwReturn = pCardData->pfnCardGetContainerInfo(pCardData, (BYTE) dwIndex, 0, &ContainerInfo);
+ if (dwReturn)
+ {
+ __leave;
+ }
+ bStatus = CryptExportKey(hKey, NULL, PUBLICKEYBLOB, 0, pbBlobRef, &dwBlobRefSize);
+ if (!bStatus)
+ {
+ dwReturn = GetLastError();
+ __leave;
+ }
+ pBlobRef = (PRSAPUBLICKEYBLOB) pbBlobRef;
+ pBlob = (PRSAPUBLICKEYBLOB) ContainerInfo.pbSigPublicKey;
+ //if (memcmp(pBlobRef, pBlob, ContainerInfo.cbSigPublicKey) != 0)
+ for (DWORD dwI = 0; dwI < pBlobRef->rsapubkey.bitlen / 8; dwI++)
+ {
+ if ( pBlobRef->modulus[dwI] != pBlob->modulus[dwI])
+ {
+ dwReturn = SCARD_E_UNEXPECTED;
+ __leave;
+ }
+ }
+ dwReturn = 0;
+
}
__finally
{
if (hKey)
CryptDestroyKey(hKey);
- CryptAcquireContext(&hProv, szContainerName, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_DELETEKEYSET);
+ //CryptAcquireContext(&hProv, szContainerName, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_DELETEKEYSET);
+ if (hProv)
+ CryptReleaseContext(hProv,0);
}
return dwReturn;
}
\ No newline at end of file
Modified: trunk/OpenPGPminidriverTest/global.h
===================================================================
--- trunk/OpenPGPminidriverTest/global.h 2010-02-24 07:13:15 UTC (rev 2)
+++ trunk/OpenPGPminidriverTest/global.h 2010-02-25 22:09:17 UTC (rev 3)
@@ -25,4 +25,5 @@
DWORD Sign(PTSTR szContainer, DWORD dwKeySpec);
DWORD Decrypt(PTSTR szContainer, DWORD dwKeySpec);
DWORD GenerateNewKey(DWORD dwIndex);
-DWORD ImportKey(DWORD dwIndex);
\ No newline at end of file
+DWORD ImportKey(DWORD dwIndex);
+#define OPENPGP_TEST_CONTAINER TEXT("Test_OPENPGPG")
\ No newline at end of file
More information about the Openpgpmdrv-commits
mailing list