[Fedora-directory-commits] coolkey/src/coolkey slot.cpp, 1.10, 1.11 slot.h, 1.2, 1.3
Jack Magne
jmagne at fedoraproject.org
Thu Feb 19 02:04:16 UTC 2009
- Previous message (by thread): [Fedora-directory-commits] coolkey/src/libckyapplet cky_applet.c, 1.1, 1.2 cky_applet.h, 1.1, 1.2 cky_factory.c, 1.1, 1.2 cky_factory.h, 1.1, 1.2
- Next message (by thread): [Fedora-directory-commits] coolkey/applet/src/com/redhat/ckey/applet CardEdge.java, 1.4.2.1, 1.4.2.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jmagne
Update of /cvs/dirsec/coolkey/src/coolkey
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29194
Modified Files:
slot.cpp slot.h
Log Message:
Add support for 2048 bit keys, #485829.
Index: slot.cpp
===================================================================
RCS file: /cvs/dirsec/coolkey/src/coolkey/slot.cpp,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- slot.cpp 14 Feb 2008 23:48:19 -0000 1.10
+++ slot.cpp 19 Feb 2009 02:04:13 -0000 1.11
@@ -1331,6 +1331,19 @@
}
};
+class KeyNumMatch {
+ private:
+ CKYByte keyNum;
+ const Slot &slot;
+ public:
+ KeyNumMatch(CKYByte keyNum_, const Slot &s) : keyNum(keyNum_), slot(s) { }
+ bool operator() (const PKCS11Object& obj) {
+ unsigned long objID = obj.getMuscleObjID();
+ return (slot.getObjectClass(objID) == 'k')
+ && (slot.getObjectIndex(objID) == keyNum);
+ }
+};
+
class ObjectCertCKAIDMatch {
private:
CKYByte cka_id;
@@ -3066,8 +3079,9 @@
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen)
{
+ RSASignatureParams params(CryptParams::DEFAULT_KEY_SIZE);
cryptRSA(suffix, pData, ulDataLen, pSignature, pulSignatureLen,
- RSASignatureParams(CryptParams::FIXED_KEY_SIZE));
+ params);
}
void
@@ -3075,14 +3089,15 @@
CK_ULONG ulDataLen, CK_BYTE_PTR pDecryptedData,
CK_ULONG_PTR pulDecryptedDataLen)
{
+ RSADecryptParams params(CryptParams::DEFAULT_KEY_SIZE);
cryptRSA(suffix, pData, ulDataLen, pDecryptedData, pulDecryptedDataLen,
- RSADecryptParams(CryptParams::FIXED_KEY_SIZE));
+ params);
}
void
Slot::cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,
CK_ULONG ulInputLen, CK_BYTE_PTR pOutput,
- CK_ULONG_PTR pulOutputLen, const CryptParams& params)
+ CK_ULONG_PTR pulOutputLen, CryptParams& params)
{
refreshTokenState();
SessionIter session = findSession(suffix);
@@ -3100,6 +3115,11 @@
CKYBuffer *result = &opState.result;
CKYByte keyNum = opState.keyNum;
+ unsigned int keySize = getKeySize(keyNum);
+
+ if(keySize != CryptParams::DEFAULT_KEY_SIZE)
+ params.setKeySize(keySize);
+
if( CKYBuffer_Size(result) == 0 ) {
// we haven't already peformed the decryption, so do it now.
if( pInput == NULL || ulInputLen == 0) {
@@ -3302,3 +3322,36 @@
throw PKCS11Exception(CKR_DEVICE_ERROR);
}
}
+
+#define MAX_NUM_KEYS 8
+unsigned int
+Slot::getKeySize(CKYByte keyNum)
+{
+ unsigned int keySize = CryptParams::DEFAULT_KEY_SIZE;
+ int modSize = 0;
+
+ if(keyNum >= MAX_NUM_KEYS) {
+ return keySize;
+ }
+
+ ObjectConstIter iter;
+ iter = find_if(tokenObjects.begin(), tokenObjects.end(),
+ KeyNumMatch(keyNum,*this));
+
+ if( iter == tokenObjects.end() ) {
+ return keySize;
+ }
+
+ CKYBuffer const *modulus = iter->getAttribute(CKA_MODULUS);
+
+ if(modulus) {
+ modSize = CKYBuffer_Size(modulus);
+ if(CKYBuffer_GetChar(modulus,0) == 0x0) {
+ modSize--;
+ }
+ if(modSize > 0)
+ keySize = modSize * 8;
+ }
+
+ return keySize;
+}
Index: slot.h
===================================================================
RCS file: /cvs/dirsec/coolkey/src/coolkey/slot.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- slot.h 16 Oct 2007 00:05:31 -0000 1.2
+++ slot.h 19 Feb 2009 02:04:13 -0000 1.3
@@ -270,10 +270,9 @@
protected:
unsigned int getKeySize() const { return keySize; }
public:
- // !!!XXX hack. The right way to get the key size is to get all the
- // key information from the token with MSCListKeys, the same way
- // we get all the object information with MSCListObjects.
- enum { FIXED_KEY_SIZE = 1024 };
+ // set the actual key size obtained from the card
+ void setKeySize(unsigned int newKeySize) { keySize = newKeySize; }
+ enum { DEFAULT_KEY_SIZE = 1024 };
CryptParams(unsigned int keySize_) : keySize(keySize_) { }
@@ -422,7 +421,7 @@
void cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,
CK_ULONG ulInputLen, CK_BYTE_PTR pOutput,
- CK_ULONG_PTR pulOutputLen, const CryptParams& params);
+ CK_ULONG_PTR pulOutputLen, CryptParams& params);
void performRSAOp(CKYBuffer *out, const CKYBuffer *input, CKYByte keyNum,
CKYByte direction);
@@ -460,6 +459,8 @@
return (char )((objectID >> 16) & 0xff) - '0';
}
+ // actually get the size of a key in bits from the card
+ unsigned int getKeySize(CKYByte keyNum);
SessionHandleSuffix openSession(Session::Type type);
void closeSession(SessionHandleSuffix handleSuffix);
- Previous message (by thread): [Fedora-directory-commits] coolkey/src/libckyapplet cky_applet.c, 1.1, 1.2 cky_applet.h, 1.1, 1.2 cky_factory.c, 1.1, 1.2 cky_factory.h, 1.1, 1.2
- Next message (by thread): [Fedora-directory-commits] coolkey/applet/src/com/redhat/ckey/applet CardEdge.java, 1.4.2.1, 1.4.2.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list