[Fedora-directory-commits] coolkey/applet/src/com/redhat/ckey/applet CardEdge.java, 1.4.2.1, 1.4.2.2

Jack Magne jmagne at fedoraproject.org
Thu Feb 19 02:06:34 UTC 2009 

Author: jmagne

Update of /cvs/dirsec/coolkey/applet/src/com/redhat/ckey/applet
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29729

Modified Files:
      Tag: COOLKEY_330J_BRANCH
	CardEdge.java 
Log Message:
Add support for 2048 bit keys, #485829.


Index: CardEdge.java
===================================================================
RCS file: /cvs/dirsec/coolkey/applet/src/com/redhat/ckey/applet/CardEdge.java,v
retrieving revision 1.4.2.1
retrieving revision 1.4.2.2
diff -u -r1.4.2.1 -r1.4.2.2
--- CardEdge.java	24 Jan 2009 00:54:20 -0000	1.4.2.1
+++ CardEdge.java	19 Feb 2009 02:06:31 -0000	1.4.2.2
@@ -123,8 +123,8 @@
     private static final byte VERSION_PROTOCOL_MINOR = 1;
     private static final byte VERSION_APPLET_MAJOR = 1;
     private static final byte VERSION_APPLET_MINOR = 4;
-    private static final short BUILDID_MAJOR = (short) 0x4979;
-    private static final short BUILDID_MINOR = (short) 0x178d;
+    private static final short BUILDID_MAJOR = (short) 0x498f;
+    private static final short BUILDID_MINOR = (short) 0xa85f;
     private static final short ZEROS = 0;
 
     // * Enable pin size check
@@ -405,17 +405,18 @@
 
     private static final short OFFSET_IMP_KEY_ENC_WRAP_KEY      =  5;
 
-    private static final short MAX_RSA_MOD_BITS  = 1024;
-    private static final short MAX_RSA_MOD_BYTES = 128;
+    private static final short MAX_RSA_MOD_BITS  = 2048;
+    private static final short MAX_RSA_MOD_BYTES = 256;
 
     // 554 = 2 bytes for explicit length, 
     //     512 bytes for data
     //      40 bytes for two sha digest buffers.
-    private static final short IOBUF_ALLOC = 554;
+    //private static final short IOBUF_ALLOC = 554;
+    private static final short IOBUF_ALLOC =  1200;
     // offsets in iobuf used by CryptProcessFinal()
-    private static final short VFY_OFF   = 258;
-    private static final short VFY_MD_0  = 514;
-    private static final short VFY_MD_1  = 534;
+    private static final short VFY_OFF   = 558;
+    private static final short VFY_MD_0  = 1014;
+    private static final short VFY_MD_1  = 1034;
 
     // how many ms to delay when a bad password is detected
     private static final short BAD_PASSWD_DELAY = 1000; 
@@ -508,7 +509,7 @@
         //Save offset of the instance aid length.
         byte remainingLength = bLength;
 
-	short mem_size = (short)6000;
+	short mem_size = (short)5000;
 	create_object_ACL = RA_ACL;
 	create_key_ACL = RA_ACL;
 	create_pin_ACL = RA_ACL;
@@ -2052,12 +2053,12 @@
 	LogoutAllIdentity(pin_nb);
     }
 
-    private short outputRSAPublicKey(short key_nb, byte[] buf, short offset) {
+    private short outputRSAPublicKey(short key_nb, byte[] buf, short offset, short key_size) {
 	buf[offset] = ZEROB; // plaintext
 	offset++;
 	buf[offset] = (byte) 1; // RSA public key
 	offset++;
-	Util.setShort(buf, offset, (short)(1024)); // 1024-bit key
+	Util.setShort(buf, offset, (short)(key_size)); // Key Size. 
 	offset+=2;
 
 	RSAPublicKey key = (RSAPublicKey) keys[key_nb];
@@ -2081,6 +2082,7 @@
 	byte owner = (byte) ((buffer[ISO7816.OFFSET_P1] >> 4)  & 0xf) ;
 	byte usage = (byte) ((buffer[ISO7816.OFFSET_P2] >> 4) & 0xf);
 	short acl = 0;
+        short key_size = Util.getShort(buffer, (short)(ISO7816.OFFSET_CDATA+1));
 
 	if ((buffer[ISO7816.OFFSET_P1] == 0) 
 					&& (buffer[ISO7816.OFFSET_P2] == 0)) {
@@ -2129,7 +2131,9 @@
 	GenerateKeyPairRSA(apdu, buffer, prv_key_nb, pub_key_nb, acl);
 
 	// copy public key to output object
-	short pubkeysize = outputRSAPublicKey(pub_key_nb, iobuf, (short)2);
+	short pubkeysize = outputRSAPublicKey(pub_key_nb, iobuf, (short)2, (short) key_size);
+	short modsize = (short) ((short)key_size / (short) 8);
+
 	Util.setShort(iobuf, ZEROS, pubkeysize);
 
 	// Compute digest over public key and decrypted challenge.
@@ -2137,31 +2141,32 @@
 	Util.arrayCopyNonAtomic(buffer, (short)11, iobuf,
 				(short)(2 + pubkeysize), (short)16);
 	doDigest(iobuf, (short)2, (short)(16+pubkeysize),
-		 iobuf, (short)(2+pubkeysize+128) );
-
+		 iobuf, (short)(2+pubkeysize+modsize) );
 	// Sign the digest, writing the signature over the digest in the iobuf
-	short sigsize = handSign(prv_key_nb, iobuf, (short) (2+pubkeysize+128),
-	    (short)shaDigest.getLength(), iobuf, (short)(2+pubkeysize+2));
+	short sigsize = handSign(prv_key_nb, iobuf, (short) (2+pubkeysize+modsize),
+	    (short)shaDigest.getLength(), iobuf, (short)(2+pubkeysize+2), modsize);
+
 	Util.setShort(iobuf, (short)(2 + pubkeysize), sigsize);
 
 	iobuf_size = (short) (2 + pubkeysize + 2 + sigsize);
 
 	Util.setShort(buffer, ZEROS, iobuf_size);
 	apdu.setOutgoingAndSend(ZEROS, (short)2);
+
     }
 
     //
     // HandSign hard codes SHA1.
     //
     private short handSign(byte key_nb, byte inbuf[], short inOffset, 
-			short len, byte outbuf[], short outOffset)
+			short len, byte outbuf[], short outOffset, short modsize)
     {
 	short index;
 	//
 	// build the signed data
 	//
 	// Hard coded for SHA1
-	index = (short)(outOffset+108);
+	index = (short)(outOffset+modsize-(short)20);
 	Util.arrayCopyNonAtomic(inbuf, inOffset, outbuf, index, (short)20);
 	index = (short) (index - sha1encodeLen);
 	Util.arrayCopyNonAtomic(sha1encode,ZEROS,outbuf,index,sha1encodeLen);
@@ -2173,7 +2178,7 @@
 	outbuf[outOffset] = 0;
 	Cipher ciph = getCipher(key_nb, Cipher.ALG_RSA_NOPAD);
 	ciph.init(keys[key_nb], (byte) Cipher.MODE_ENCRYPT);
-	return ciph.doFinal(outbuf, outOffset, (short)128, 
+	return ciph.doFinal(outbuf, outOffset, modsize, 
 				   outbuf, outOffset);
     }

More information about the Fedora-directory-commits mailing list