Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/coolkey/patches/07-slot.h.patch
branchs11u3-sru
changeset 6535 8f23248b161c
equal deleted inserted replaced
6529:50a81baffe58 6535:8f23248b161c 
       
     1 Upstream fixes already included in the latest community updates to coolkey v1.1.0
 
       
     2 
       
     3 Adds header definitions for newer CAC and PIV card support.
 
       
     4 
       
     5 --- ORIGINAL/./src/coolkey/slot.h	2016-06-24 16:07:28.549068021 -0400
 
       
     6 +++ ././src/coolkey/slot.h	2016-06-27 14:01:31.527689321 -0400
 
       
     7 @@ -79,9 +79,11 @@
 
       
     8      bool CUIDIsEqual(const CKYBuffer *cuid) const;
 
       
     9      unsigned short getVersion() const;
 
       
    10      unsigned short getDataVersion() const;
 
       
    11 +    unsigned char  getFirstCacCert() const;
 
       
    12      void setCUID(const CKYBuffer *cuid);
 
       
    13      void setVersion(unsigned short version);
 
       
    14      void setDataVersion(unsigned short version);
 
       
    15 +    void setFirstCacCert(unsigned char firstCacCert);
 
       
    16      bool isValid() const;
 
       
    17      int size() const;
 
       
    18      const unsigned char *getCUID() const;
 
       
    19 @@ -90,6 +92,7 @@
 
       
    20      void setSize(int size);
 
       
    21      void readData(CKYBuffer *data) const;
 
       
    22      void writeData(const CKYBuffer *data);
 
       
    23 +    void initCACHeaders(void);
 
       
    24      void readCACCert(CKYBuffer *data, CKYByte instance) const;
 
       
    25      void writeCACCert(const CKYBuffer *data, CKYByte instance);
 
       
    26      void clearValid(CKYByte instance);
 
       
    27 @@ -211,24 +214,27 @@
 
       
    28      State state;
 
       
    29      CKYByte keyNum;
 
       
    30      CKYBuffer result;
 
       
    31 +    PKCS11Object::KeyType keyType;
 
       
    32  
       
    33 -    CryptOpState() : state(NOT_INITIALIZED), keyNum(0) 
       
    34 +    CryptOpState() : state(NOT_INITIALIZED), keyNum(0), keyType(PKCS11Object::unknown)
 
       
    35  				{ CKYBuffer_InitEmpty(&result); }
 
       
    36      CryptOpState(const CryptOpState &cpy) : 
       
    37 -				state(cpy.state), keyNum(cpy.keyNum) { 
       
    38 +				state(cpy.state), keyNum(cpy.keyNum), keyType(cpy.keyType) { 
       
    39  	CKYBuffer_InitFromCopy(&result, &cpy.result);
 
       
    40      }
 
       
    41      CryptOpState &operator=(const CryptOpState &cpy) {
 
       
    42  	state = cpy.state,
 
       
    43  	keyNum = cpy.keyNum;
 
       
    44 +        keyType = cpy.keyType;
 
       
    45  	CKYBuffer_Replace(&result, 0, CKYBuffer_Data(&cpy.result),
 
       
    46  				CKYBuffer_Size(&cpy.result));
 
       
    47  	return *this;
 
       
    48      }
 
       
    49      ~CryptOpState() { CKYBuffer_FreeData(&result); }
 
       
    50 -    void initialize(CKYByte keyNum) {
 
       
    51 +    void initialize(CKYByte keyNum, PKCS11Object::KeyType theKeyType) {
 
       
    52          state = IN_PROCESS;
 
       
    53          this->keyNum = keyNum;
 
       
    54 +        this->keyType = theKeyType;
 
       
    55          CKYBuffer_Resize(&result, 0);
 
       
    56      }
 
       
    57  };
 
       
    58 @@ -258,6 +264,7 @@
 
       
    59  
       
    60      CryptOpState signatureState;
 
       
    61      CryptOpState decryptionState;
 
       
    62 +    CryptOpState keyAgreementState;
 
       
    63  };
 
       
    64  
       
    65  typedef list<Session> SessionList;
 
       
    66 @@ -267,13 +274,11 @@
 
       
    67  class CryptParams {
 
       
    68    private:
 
       
    69      unsigned int keySize; // in bits
 
       
    70 -  protected:
 
       
    71 -    unsigned int getKeySize() const { return keySize; }
 
       
    72    public:
 
       
    73 -    // !!!XXX hack. The right way to get the key size is to get all the
 
       
    74 -    // key information from the token with MSCListKeys, the same way
 
       
    75 -    // we get all the object information with MSCListObjects.
 
       
    76 -    enum { FIXED_KEY_SIZE = 1024 };
 
       
    77 +    // set the actual key size obtained from the card
 
       
    78 +    void setKeySize(unsigned int newKeySize) { keySize = newKeySize; }
 
       
    79 +    unsigned int getKeySize() const { return keySize; }
 
       
    80 +    enum { DEFAULT_KEY_SIZE = 1024, ECC_DEFAULT_KEY_SIZE=256 };
 
       
    81  
       
    82  
       
    83      CryptParams(unsigned int keySize_) : keySize(keySize_) { }
 
       
    84 @@ -295,6 +300,13 @@
 
       
    85  				 const CKYBuffer *paddedOutput) const = 0;
 
       
    86  };
 
       
    87  
       
    88 +#define MAX_CERT_SLOTS 10
 
       
    89 +typedef enum {
 
       
    90 +    ALG_NONE= 0x0,
 
       
    91 +    ALG_ECC = 0x1,
 
       
    92 +    ALG_RSA = 0x2
 
       
    93 +} SlotAlgs;
 
       
    94 +
 
       
    95  class Slot {
 
       
    96  
       
    97    public:
 
       
    98 @@ -304,12 +316,15 @@
 
       
    99          ATR_MATCH = 0x04,
 
       
   100          APPLET_SELECTABLE = 0x08,
 
       
   101          APPLET_PERSONALIZED = 0x10,
 
       
   102 -        CAC_CARD = 0x20
 
       
   103 +        CAC_CARD = 0x20,
 
       
   104 +        PIV_CARD = 0x40
 
       
   105      };
 
       
   106      enum {
 
       
   107  	NONCE_SIZE = 8
 
       
   108      };
 
       
   109  
       
   110 +    static const SlotState GOV_CARD = (SlotState)(CAC_CARD|PIV_CARD);
 
       
   111 +
 
       
   112    private:
 
       
   113      Log *log;
 
       
   114      char *readerName;
 
       
   115 @@ -329,6 +344,8 @@
 
       
   116      CKYBuffer nonce;
 
       
   117      CKYBuffer cardATR;
 
       
   118      CKYBuffer mCUID;
 
       
   119 +    CKYBuffer cardAID[MAX_CERT_SLOTS];
 
       
   120 +    unsigned short cardEF[MAX_CERT_SLOTS];
 
       
   121      bool isVersion1Key;
 
       
   122      bool needLogin;
 
       
   123      long publicFree;
 
       
   124 @@ -336,7 +353,12 @@
 
       
   125      long privateFree;
 
       
   126      bool fullTokenName;
 
       
   127      bool mCoolkey;
 
       
   128 -
 
       
   129 +    bool mOldCAC;
 
       
   130 +    bool mCACLocalLogin;
 
       
   131 +    int pivContainer;
 
       
   132 +    int pivKey;
 
       
   133 +    int maxCacCerts;
 
       
   134 +    SlotAlgs algs;
 
       
   135      //enum { RW_SESSION_HANDLE = 1, RO_SESSION_HANDLE = 2 };
 
       
   136  
       
   137  #ifdef USE_SHMEM
 
       
   138 @@ -383,6 +405,7 @@
 
       
   139      const CKYBuffer *getATR();
 
       
   140      bool isLoggedIn();
 
       
   141      bool needLoggedIn();
 
       
   142 +    bool getPIVLoginType();
 
       
   143      void testNonce();
 
       
   144  
       
   145      void addKeyObject(list<PKCS11Object>& objectList,
 
       
   146 @@ -392,6 +415,7 @@
 
       
   147  	const CKYBuffer *derCert, CK_OBJECT_HANDLE handle);
 
       
   148      void addObject(list<PKCS11Object>& objectList,
 
       
   149          const ListObjectInfo& info, CK_OBJECT_HANDLE handle);
 
       
   150 +    PKCS11Object *createSecretKeyObject(CK_OBJECT_HANDLE handle, CKYBuffer *secretKeyBuffer,CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount);
 
       
   151  
       
   152      void ensureValidSession(SessionHandleSuffix suffix);
 
       
   153  
       
   154 @@ -399,8 +423,12 @@
 
       
   155      list<ListObjectInfo> fetchCombinedObjects(const CKYBuffer *header);
 
       
   156      list<ListObjectInfo> fetchSeparateObjects();
 
       
   157  
       
   158 +    CKYStatus getCACAid();
 
       
   159 +    CKYStatus readCACCertificateFirst(CKYBuffer *cert, CKYSize *nextSize);
 
       
   160 +    CKYStatus readCACCertificateAppend(CKYBuffer *cert, CKYSize nextSize);
 
       
   161 +
 
       
   162      void selectApplet();
 
       
   163 -    void selectCACApplet(CKYByte instance);
 
       
   164 +    void selectCACApplet(CKYByte instance,bool do_disconnect);
 
       
   165      void unloadObjects();
 
       
   166      void loadCACObjects();
 
       
   167      void loadCACCert(CKYByte instance);
 
       
   168 @@ -422,14 +450,27 @@
 
       
   169  
       
   170      void cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,
 
       
   171          CK_ULONG ulInputLen, CK_BYTE_PTR pOutput,
 
       
   172 -        CK_ULONG_PTR pulOutputLen, const CryptParams& params);
 
       
   173 +        CK_ULONG_PTR pulOutputLen, CryptParams& params);
 
       
   174  
       
   175 -    void performRSAOp(CKYBuffer *out, const CKYBuffer *input, CKYByte keyNum, 
       
   176 -							     CKYByte direction);
 
       
   177 +    void performRSAOp(CKYBuffer *out, const CKYBuffer *input, unsigned int keySize,
 
       
   178 +						CKYByte keyNum, CKYByte direction);
 
       
   179 +
 
       
   180 +    void signECC(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,
 
       
   181 +        CK_ULONG ulInputLen, CK_BYTE_PTR pOutput,
 
       
   182 +        CK_ULONG_PTR pulOutputLen, CryptParams& params);
 
       
   183 +
 
       
   184 +    void performECCSignature(CKYBuffer *out, const CKYBuffer *input, 
       
   185 +					unsigned int keySize, CKYByte keyNum);
 
       
   186 +    void performECCKeyAgreement(CK_MECHANISM_TYPE deriveMech, 
       
   187 +        CKYBuffer *publicDataBuffer, 
       
   188 +        CKYBuffer *secretKeyBuffer, CKYByte keyNum, unsigned int keySize);
 
       
   189  
       
   190      void processComputeCrypt(CKYBuffer *result, const CKYAPDU *apdu);
 
       
   191  
       
   192      CKYByte objectHandleToKeyNum(CK_OBJECT_HANDLE hKey);
 
       
   193 +    unsigned int calcECCKeySize(CKYByte keyNum);
 
       
   194 +    void initCACShMem(void);
 
       
   195 +    void verifyCACShMem(void);
 
       
   196      Slot(const Slot &cpy)
 
       
   197  #ifdef USE_SHMEM
 
       
   198  	: shmem(readerName)
 
       
   199 @@ -460,6 +501,11 @@
 
       
   200          return (char )((objectID >> 16) & 0xff) - '0';
 
       
   201      }
 
       
   202  
       
   203 +    // actually get the size of a key in bits from the card
 
       
   204 +    unsigned int getRSAKeySize(CKYByte keyNum);
 
       
   205 +    unsigned int getECCKeySize(CKYByte keyNum);
 
       
   206 +
 
       
   207 +    PKCS11Object::KeyType  getKeyTypeFromHandle(CK_OBJECT_HANDLE hKey);
 
       
   208  
       
   209      SessionHandleSuffix openSession(Session::Type type);
 
       
   210      void closeSession(SessionHandleSuffix handleSuffix);
 
       
   211 @@ -501,6 +547,16 @@
 
       
   212  	CK_ULONG len);
 
       
   213      void generateRandom(SessionHandleSuffix suffix, CK_BYTE_PTR data,
 
       
   214  	CK_ULONG len);
 
       
   215 +
 
       
   216 +    void derive(SessionHandleSuffix suffix, CK_MECHANISM_PTR pMechanism,
 
       
   217 +        CK_OBJECT_HANDLE hKey, CK_ATTRIBUTE_PTR pTemplate, 
       
   218 +        CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey);
 
       
   219 +
 
       
   220 +    void deriveECC(SessionHandleSuffix suffix, CK_MECHANISM_PTR pMechanism,
 
       
   221 +       CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate, 
       
   222 +       CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey, CryptParams& params);
 
       
   223 +
 
       
   224 +    SlotAlgs getAlgs() { return algs; }
 
       
   225  };
 
       
   226  
       
   227  class SlotList {
 
       
   228 @@ -527,6 +583,8 @@
 
       
   229       * has called 'C_GetSlotList' with a NULL parameter */
 
       
   230      void updateReaderList();
 
       
   231  
       
   232 +     /* see if a reader name exists in a caller provided reader name list. */
 
       
   233 +    bool readerNameExistsInList(const char *readerName,CKYReaderNameList *readerNameList );
 
       
   234      bool readerExists(const char *readerName, unsigned int *hint = 0);
 
       
   235    public:
 
       
   236      SlotList(Log *log);
 
       
   237 @@ -592,6 +650,10 @@
 
       
   238      void seedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
 
       
   239          CK_ULONG ulDataLen);
 
       
   240  
       
   241 +    void derive(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
 
       
   242 +        CK_OBJECT_HANDLE hKey, CK_ATTRIBUTE_PTR pTemplate, 
       
   243 +        CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey);
 
       
   244 +
 
       
   245  
       
   246  };
 
       
   247  #endif
upstream/oracle/userland-gate