|
 |
a2763b |
diff -up ./src/coolkey/object.cpp.cardos-5-3 ./src/coolkey/object.cpp
|
|
|
a2763b |
--- ./src/coolkey/object.cpp.cardos-5-3 2017-03-16 17:14:02.415338726 -0700
|
|
|
a2763b |
+++ ./src/coolkey/object.cpp 2017-03-16 17:14:02.419338794 -0700
|
|
|
a2763b |
@@ -32,7 +32,7 @@ const CKYByte eccOID[] = {0x2a,0x86,0x48
|
|
|
a2763b |
void dump(const char *label, const CKYBuffer *buf)
|
|
|
a2763b |
{
|
|
|
a2763b |
CKYSize i;
|
|
|
a2763b |
- CKYSize size = CKYBuffer_Size(buf);
|
|
|
a2763b |
+ CKYSize size = buf ? CKYBuffer_Size(buf) : 0;
|
|
|
a2763b |
#define ROW_LENGTH 60
|
|
|
a2763b |
char string[ROW_LENGTH+1];
|
|
|
a2763b |
char *bp = &string[0];
|
|
|
a2763b |
diff -up ./src/coolkey/object.h.cardos-5-3 ./src/coolkey/object.h
|
|
|
a2763b |
--- ./src/coolkey/object.h.cardos-5-3 2017-03-16 17:14:02.415338726 -0700
|
|
|
a2763b |
+++ ./src/coolkey/object.h 2017-03-16 17:14:02.419338794 -0700
|
|
|
a2763b |
@@ -200,9 +200,11 @@ class PKCS11Object {
|
|
|
a2763b |
CK_USER_TYPE getUser(void) const { return user; }
|
|
|
a2763b |
void setKeyType(KeyType theType) { keyType = theType; }
|
|
|
a2763b |
void setKeySize(unsigned int keySize_) { keySize = keySize_; }
|
|
|
a2763b |
+ void setUser(CK_USER_TYPE user_) { user = user_; }
|
|
|
a2763b |
const CKYBuffer *getAuthId(void) const { return &authId; }
|
|
|
a2763b |
const CKYBuffer *getPinAuthId(void) const { return &pinAuthId; }
|
|
|
a2763b |
const PK15ObjectPath &getObjectPath() const { return objectPath; }
|
|
|
a2763b |
+ void setObjectPath(const PK15ObjectPath &newPath) { objectPath = newPath; }
|
|
|
a2763b |
void completeKey(const PKCS11Object &cert);
|
|
|
a2763b |
};
|
|
|
a2763b |
|
|
|
a2763b |
@@ -308,6 +310,7 @@ class PK15Object : public PKCS11Object {
|
|
|
a2763b |
bool isLocal(void) const { return
|
|
|
a2763b |
(pinInfo.pinFlags & P15PinLocal) ? true : false; }
|
|
|
a2763b |
const P15PinInfo *getPinInfo(void) const { return &pinInfo; }
|
|
|
a2763b |
+ void setPinRef(CK_BYTE pinRef) { pinInfo.pinRef = pinRef; }
|
|
|
a2763b |
};
|
|
|
a2763b |
|
|
|
a2763b |
class Reader : public PKCS11Object {
|
|
|
a2763b |
diff -up ./src/coolkey/slot.cpp.cardos-5-3 ./src/coolkey/slot.cpp
|
|
|
a2763b |
--- ./src/coolkey/slot.cpp.cardos-5-3 2017-03-16 17:14:02.416338743 -0700
|
|
|
a2763b |
+++ ./src/coolkey/slot.cpp 2017-03-17 13:48:26.661205327 -0700
|
|
|
a2763b |
@@ -41,6 +41,7 @@
|
|
|
a2763b |
#define PRINTF(args)
|
|
|
a2763b |
#endif
|
|
|
a2763b |
// #define DISPLAY_WHOLE_GET_DATA 1
|
|
|
a2763b |
+void dump(const char *label, const CKYBuffer *buf);
|
|
|
a2763b |
|
|
|
a2763b |
|
|
|
a2763b |
// The Cyberflex Access 32k egate ATR
|
|
|
a2763b |
@@ -467,6 +468,8 @@ Slot::Slot(const char *readerName_, Log
|
|
|
a2763b |
}
|
|
|
a2763b |
CKYBuffer_InitEmpty(&cardATR);
|
|
|
a2763b |
CKYBuffer_InitEmpty(&mCUID);
|
|
|
a2763b |
+ CKYBuffer_InitEmpty(&candidateUserAuthId);
|
|
|
a2763b |
+ CKYBuffer_InitEmpty(&candidateContextSpecificAuthId);
|
|
|
a2763b |
for (int i=0; i < MAX_CERT_SLOTS; i++) {
|
|
|
a2763b |
CKYBuffer_InitEmpty(&cardAID[i]);
|
|
|
a2763b |
}
|
|
|
a2763b |
@@ -540,6 +543,8 @@ Slot::~Slot()
|
|
|
a2763b |
CKYBuffer_FreeData(&nonce);
|
|
|
a2763b |
CKYBuffer_FreeData(&cardATR);
|
|
|
a2763b |
CKYBuffer_FreeData(&mCUID);
|
|
|
a2763b |
+ CKYBuffer_FreeData(&candidateUserAuthId);
|
|
|
a2763b |
+ CKYBuffer_FreeData(&candidateContextSpecificAuthId);
|
|
|
a2763b |
CKYBuffer_FreeData(&p15AID);
|
|
|
a2763b |
CKYBuffer_FreeData(&p15odf);
|
|
|
a2763b |
CKYBuffer_FreeData(&p15tokenInfo);
|
|
|
a2763b |
@@ -1272,6 +1277,41 @@ class ObjectKeyCKAIDMatch {
|
|
|
a2763b |
}
|
|
|
a2763b |
};
|
|
|
a2763b |
|
|
|
a2763b |
+#ifdef DEBUG
|
|
|
a2763b |
+void
|
|
|
a2763b |
+dumpPin(const char *label, const PK15Object *pin)
|
|
|
a2763b |
+{
|
|
|
a2763b |
+ const P15PinInfo *pinInfo = pin->getPinInfo();
|
|
|
a2763b |
+ const PK15ObjectPath &pinPath=pin->getObjectPath();
|
|
|
a2763b |
+ unsigned int pin_type = (unsigned int) pinInfo->pinType;
|
|
|
a2763b |
+ const char *pin_name[3] = {"BCD", "ASCIINum", "UTF8" };
|
|
|
a2763b |
+
|
|
|
a2763b |
+ printf("Pin Object %s\n",label);
|
|
|
a2763b |
+ printf(" Pin flags=0x%08lx\n",pinInfo->pinFlags);
|
|
|
a2763b |
+ printf(" Pin type=%d (%s)\n",(int) pin_type,
|
|
|
a2763b |
+ pin_type < 3U ? pin_name[pin_type] :
|
|
|
a2763b |
+ "Invalid");
|
|
|
a2763b |
+ printf(" Pin length= %d (%d - %d)\n",(int)pinInfo->storedLength,
|
|
|
a2763b |
+ (int)pinInfo->minLength,
|
|
|
a2763b |
+ (int)pinInfo->maxLength);
|
|
|
a2763b |
+ printf(" Pin pad = 0x%02x,<%c>\n", pinInfo->padChar, pinInfo->padChar);
|
|
|
a2763b |
+ printf(" Pin Ref = 0x%02x\n", pinInfo->pinRef);
|
|
|
a2763b |
+ printf(" Pin Path index = %ld\n",(long)pinPath.getIndex());
|
|
|
a2763b |
+ printf(" Pin Path size = %ld\n",(long)pinPath.getLength());
|
|
|
a2763b |
+ dump(" Pin Path:",pinPath.getPath());
|
|
|
a2763b |
+}
|
|
|
a2763b |
+
|
|
|
a2763b |
+void
|
|
|
a2763b |
+dumpPath(const char *label, const PK15ObjectPath &path)
|
|
|
a2763b |
+{
|
|
|
a2763b |
+ printf(" Path for %s\n", label);
|
|
|
a2763b |
+ printf(" index = %ld\n",(long)path.getIndex());
|
|
|
a2763b |
+ printf(" size = %ld\n",(long)path.getLength());
|
|
|
a2763b |
+ dump(" objPath:",path.getPath());
|
|
|
a2763b |
+}
|
|
|
a2763b |
+#endif
|
|
|
a2763b |
+
|
|
|
a2763b |
+
|
|
|
a2763b |
CKYStatus
|
|
|
a2763b |
Slot::parseEF_Directory(const CKYByte *current,
|
|
|
a2763b |
CKYSize size, PK15ObjectType type)
|
|
|
a2763b |
@@ -1326,7 +1366,22 @@ Slot::parseEF_Directory(const CKYByte *c
|
|
|
a2763b |
auth[CKU_SO] = new PK15Object(obj);
|
|
|
a2763b |
}
|
|
|
a2763b |
} else if (auth[CKU_USER] == NULL) {
|
|
|
a2763b |
+ const CKYBuffer *authid = obj.getPinAuthId();
|
|
|
a2763b |
auth[CKU_USER] = new PK15Object(obj);
|
|
|
a2763b |
+ if ((CKYBuffer_Size(&candidateUserAuthId) != 0)
|
|
|
a2763b |
+ && !CKYBuffer_IsEqual(authid, &candidateUserAuthId)) {
|
|
|
a2763b |
+ /* validate our candidates */
|
|
|
a2763b |
+ if ((CKYBuffer_Size(&candidateContextSpecificAuthId)
|
|
|
a2763b |
+ == 0) || (CKYBuffer_IsEqual(
|
|
|
a2763b |
+ &candidateContextSpecificAuthId, authid))) {
|
|
|
a2763b |
+ CKYBuffer_Replace(&candidateContextSpecificAuthId,0,
|
|
|
a2763b |
+ CKYBuffer_Data(&candidateUserAuthId),
|
|
|
a2763b |
+ CKYBuffer_Size(&candidateUserAuthId));
|
|
|
a2763b |
+ }
|
|
|
a2763b |
+ CKYBuffer_Replace(&candidateUserAuthId, 0,
|
|
|
a2763b |
+ CKYBuffer_Data(authid), CKYBuffer_Size(authid));
|
|
|
a2763b |
+ }
|
|
|
a2763b |
+
|
|
|
a2763b |
} else if (auth[CKU_CONTEXT_SPECIFIC] == NULL) {
|
|
|
a2763b |
ObjectIter iter;
|
|
|
a2763b |
const CKYBuffer *authid = obj.getPinAuthId();
|
|
|
a2763b |
@@ -1339,6 +1394,8 @@ Slot::parseEF_Directory(const CKYByte *c
|
|
|
a2763b |
if( CKYBuffer_IsEqual(iter->getAuthId(),authid)) {
|
|
|
a2763b |
iter->setAttributeBool(CKA_ALWAYS_AUTHENTICATE,
|
|
|
a2763b |
TRUE);
|
|
|
a2763b |
+ iter->setUser(CKU_CONTEXT_SPECIFIC);
|
|
|
a2763b |
+printf("Setting Context Specific pin on key\n");
|
|
|
a2763b |
}
|
|
|
a2763b |
}
|
|
|
a2763b |
}
|
|
|
a2763b |
@@ -1349,7 +1406,19 @@ Slot::parseEF_Directory(const CKYByte *c
|
|
|
a2763b |
{
|
|
|
a2763b |
ObjectConstIter iter;
|
|
|
a2763b |
const CKYBuffer *id;
|
|
|
a2763b |
+ const CKYBuffer *authid;
|
|
|
a2763b |
|
|
|
a2763b |
+ authid = obj.getAuthId();
|
|
|
a2763b |
+ if (authid) {
|
|
|
a2763b |
+ if (CKYBuffer_Size(&candidateUserAuthId) == 0) {
|
|
|
a2763b |
+ CKYBuffer_Replace(&candidateUserAuthId, 0,
|
|
|
a2763b |
+ CKYBuffer_Data(authid), CKYBuffer_Size(authid));
|
|
|
a2763b |
+ } else if (!CKYBuffer_IsEqual(&candidateUserAuthId,
|
|
|
a2763b |
+ authid)) {
|
|
|
a2763b |
+ CKYBuffer_Replace(&candidateContextSpecificAuthId,0,
|
|
|
a2763b |
+ CKYBuffer_Data(authid), CKYBuffer_Size(authid));
|
|
|
a2763b |
+ }
|
|
|
a2763b |
+ }
|
|
|
a2763b |
id = obj.getAttribute(CKA_ID);
|
|
|
a2763b |
if ((!id) || (CKYBuffer_Size(id) != 1)) {
|
|
|
a2763b |
break;
|
|
|
a2763b |
@@ -1386,6 +1455,31 @@ Slot::parseEF_Directory(const CKYByte *c
|
|
|
a2763b |
tokenObjects.push_back(obj);
|
|
|
a2763b |
} while ( false );
|
|
|
a2763b |
}
|
|
|
a2763b |
+
|
|
|
a2763b |
+ /* handle the case where we have context specific with the same user pin */
|
|
|
a2763b |
+ if ((type == PK15AuthObj)
|
|
|
a2763b |
+ && (CKYBuffer_Size(&candidateContextSpecificAuthId) != 0)
|
|
|
a2763b |
+ && (auth[CKU_CONTEXT_SPECIFIC] == NULL)) {
|
|
|
a2763b |
+ ObjectIter iter;
|
|
|
a2763b |
+
|
|
|
a2763b |
+ /* these should put on the individual keys */
|
|
|
a2763b |
+ auth[CKU_CONTEXT_SPECIFIC] = new PK15Object(*auth[CKU_USER]);
|
|
|
a2763b |
+ /* set the pin ref for the context specific auth */
|
|
|
a2763b |
+ auth[CKU_CONTEXT_SPECIFIC]->setPinRef(
|
|
|
a2763b |
+ (CK_BYTE) CKYBuffer_GetChar(&candidateContextSpecificAuthId,0));
|
|
|
a2763b |
+ for( iter = tokenObjects.begin(); iter != tokenObjects.end(); ++iter) {
|
|
|
a2763b |
+ const CKYBuffer *authid = iter->getAuthId();
|
|
|
a2763b |
+ if(authid &&
|
|
|
a2763b |
+ CKYBuffer_IsEqual(authid,&candidateContextSpecificAuthId)) {
|
|
|
a2763b |
+ iter->setAttributeBool(CKA_ALWAYS_AUTHENTICATE, TRUE);
|
|
|
a2763b |
+ iter->setUser(CKU_CONTEXT_SPECIFIC);
|
|
|
a2763b |
+ /* auth[CKU_CONTEXT_SPECIFIC]->
|
|
|
a2763b |
+ setObjectPath(iter->getObjectPath()); */
|
|
|
a2763b |
+ }
|
|
|
a2763b |
+ }
|
|
|
a2763b |
+
|
|
|
a2763b |
+
|
|
|
a2763b |
+ }
|
|
|
a2763b |
CKYBuffer_FreeData(&file;;
|
|
|
a2763b |
return CKYSUCCESS;
|
|
|
a2763b |
}
|
|
|
a2763b |
@@ -2221,6 +2315,12 @@ Slot::unloadObjects()
|
|
|
a2763b |
tokenManufacturer = NULL;
|
|
|
a2763b |
}
|
|
|
a2763b |
CKYBuffer_Resize(&p15serialNumber,0);
|
|
|
a2763b |
+ CKYBuffer_Resize(&candidateUserAuthId,0);
|
|
|
a2763b |
+ CKYBuffer_Resize(&candidateContextSpecificAuthId,0);
|
|
|
a2763b |
+ for (int i=0; i < MAX_AUTH_USERS; i++) {
|
|
|
a2763b |
+ if (auth[i]) delete auth[i];
|
|
|
a2763b |
+ auth[i]=NULL;
|
|
|
a2763b |
+ }
|
|
|
a2763b |
}
|
|
|
a2763b |
|
|
|
a2763b |
#ifdef USE_SHMEM
|
|
|
a2763b |
@@ -3766,7 +3866,6 @@ Slot::attemptLogin(CK_USER_TYPE user, bo
|
|
|
a2763b |
contextPinCache.clearPin();
|
|
|
a2763b |
}
|
|
|
a2763b |
}
|
|
|
a2763b |
-void dump(const char *label, const CKYBuffer *buf);
|
|
|
a2763b |
|
|
|
a2763b |
void
|
|
|
a2763b |
Slot::attemptP15Login(CK_USER_TYPE user)
|
|
|
a2763b |
@@ -3794,7 +3893,6 @@ Slot::attemptP15Login(CK_USER_TYPE user)
|
|
|
a2763b |
throw PKCS11Exception(CKR_DEVICE_ERROR, "Applet select return 0x%04x",
|
|
|
a2763b |
result);
|
|
|
a2763b |
}
|
|
|
a2763b |
-
|
|
|
a2763b |
status = P15Applet_VerifyPIN(conn,
|
|
|
a2763b |
(const char *)CKYBuffer_Data(pinCachePtr->get()),
|
|
|
a2763b |
auth[user]->getPinInfo(), &result);
|
|
|
a2763b |
@@ -4636,7 +4734,14 @@ Slot::cryptRSA(SessionHandleSuffix suffi
|
|
|
a2763b |
params.padInput(&inputPad, &input);
|
|
|
a2763b |
performRSAOp(&output, &inputPad, params.getKeySize(), key,
|
|
|
a2763b |
params.getDirection());
|
|
|
a2763b |
- params.unpadOutput(result, &output);
|
|
|
a2763b |
+ if (CKYBuffer_Size(&output) < CKYBuffer_Size(&inputPad)) {
|
|
|
a2763b |
+ /* if the size is smaller than the input, treat it as
|
|
|
a2763b |
+ * unpadded */
|
|
|
a2763b |
+ CKYBuffer_Replace(result, 0, CKYBuffer_Data(&output),
|
|
|
a2763b |
+ CKYBuffer_Size(&output));
|
|
|
a2763b |
+ } else {
|
|
|
a2763b |
+ params.unpadOutput(result, &output);
|
|
|
a2763b |
+ }
|
|
|
a2763b |
CKYBuffer_FreeData(&input);
|
|
|
a2763b |
CKYBuffer_FreeData(&inputPad);
|
|
|
a2763b |
CKYBuffer_FreeData(&output);
|
|
|
a2763b |
@@ -4787,9 +4892,8 @@ retry:
|
|
|
a2763b |
} else if (state & CAC_CARD) {
|
|
|
a2763b |
status = CACApplet_SignDecrypt(conn, input, output, &result);
|
|
|
a2763b |
} else if (state & P15_CARD) {
|
|
|
a2763b |
- status = P15Applet_SignDecrypt(conn, key->getKeyRef(), keySize/8,
|
|
|
a2763b |
+ status = P15Applet_SignDecrypt(conn, key->getKeyRef(), (keySize/8)*2,
|
|
|
a2763b |
CKY_DIR_ENCRYPT, input, output, &result);
|
|
|
a2763b |
-
|
|
|
a2763b |
} else {
|
|
|
a2763b |
status = CKYApplet_ComputeECCSignature(conn, objectToKeyNum(key), input, NULL, output, getNonce(), &result);
|
|
|
a2763b |
}
|
|
|
a2763b |
@@ -4861,8 +4965,32 @@ retry:
|
|
|
a2763b |
} else if (state & CAC_CARD) {
|
|
|
a2763b |
status = CACApplet_SignDecrypt(conn, input, output, &result);
|
|
|
a2763b |
} else if (state & P15_CARD) {
|
|
|
a2763b |
- status = P15Applet_SignDecrypt(conn, key->getKeyRef(), keySize/8,
|
|
|
a2763b |
- direction, input, output, &result);
|
|
|
a2763b |
+ if (direction == CKY_DIR_DECRYPT) {
|
|
|
a2763b |
+ status = P15Applet_SignDecrypt(conn, key->getKeyRef(),
|
|
|
a2763b |
+ keySize/8, direction, input, output, &result);
|
|
|
a2763b |
+ } else {
|
|
|
a2763b |
+ CKYBuffer unpadInput;
|
|
|
a2763b |
+ CKYBuffer_InitEmpty(&unpadInput);
|
|
|
a2763b |
+ stripRSAPadding(&unpadInput, input); /* will throw exception
|
|
|
a2763b |
+ * on error */
|
|
|
a2763b |
+ status = P15Applet_SignDecrypt(conn, key->getKeyRef(), keySize/8,
|
|
|
a2763b |
+ direction, &unpadInput, output, &result);
|
|
|
a2763b |
+ CKYBuffer_FreeData(&unpadInput);
|
|
|
a2763b |
+ /* if it didn't work, try full padded the input first */
|
|
|
a2763b |
+ if ((status != CKYSUCCESS)
|
|
|
a2763b |
+ && (result != CKYISO_CONDITION_NOT_SATISFIED)
|
|
|
a2763b |
+ && (result != CKYISO_SECURITY_NOT_SATISFIED)) {
|
|
|
a2763b |
+ status = P15Applet_SignDecrypt(conn, key->getKeyRef(),
|
|
|
a2763b |
+ keySize/8, direction, input, output, &result);
|
|
|
a2763b |
+ }
|
|
|
a2763b |
+ /* finally just lie and try to "decrypt" the buffer */
|
|
|
a2763b |
+ if ((status != CKYSUCCESS)
|
|
|
a2763b |
+ && (result != CKYISO_CONDITION_NOT_SATISFIED)
|
|
|
a2763b |
+ && (result != CKYISO_SECURITY_NOT_SATISFIED)) {
|
|
|
a2763b |
+ status = P15Applet_SignDecrypt(conn, key->getKeyRef(),
|
|
|
a2763b |
+ keySize/8, CKY_DIR_DECRYPT, input, output, &result);
|
|
|
a2763b |
+ }
|
|
|
a2763b |
+ }
|
|
|
a2763b |
} else {
|
|
|
a2763b |
status = CKYApplet_ComputeCrypt(conn, objectToKeyNum(key),
|
|
|
a2763b |
CKY_RSA_NO_PAD, direction, input, NULL, output,
|
|
|
a2763b |
@@ -4883,8 +5011,7 @@ retry:
|
|
|
a2763b |
throw PKCS11Exception(CKR_DATA_INVALID);
|
|
|
a2763b |
}
|
|
|
a2763b |
// version0 keys could be logged out in the middle by someone else,
|
|
|
a2763b |
- // reauthenticate... This code can go away when we depricate.
|
|
|
a2763b |
- // version0 applets.
|
|
|
a2763b |
+ // reauthenticate...
|
|
|
a2763b |
if (!isVersion1Key && !loginAttempted &&
|
|
|
a2763b |
userPinCache(key->getUser())->isValid() &&
|
|
|
a2763b |
(result == CKYISO_UNAUTHORIZED)) {
|
|
|
a2763b |
diff -up ./src/coolkey/slot.h.cardos-5-3 ./src/coolkey/slot.h
|
|
|
a2763b |
--- ./src/coolkey/slot.h.cardos-5-3 2017-03-16 17:14:02.417338760 -0700
|
|
|
a2763b |
+++ ./src/coolkey/slot.h 2017-03-16 17:14:02.421338828 -0700
|
|
|
a2763b |
@@ -368,6 +368,8 @@ class Slot {
|
|
|
a2763b |
CKYBuffer p15tokenInfo;
|
|
|
a2763b |
CKYBuffer p15odf;
|
|
|
a2763b |
CKYBuffer p15serialNumber;
|
|
|
a2763b |
+ CKYBuffer candidateUserAuthId;
|
|
|
a2763b |
+ CKYBuffer candidateContextSpecificAuthId;
|
|
|
a2763b |
//enum { RW_SESSION_HANDLE = 1, RO_SESSION_HANDLE = 2 };
|
|
|
a2763b |
|
|
|
a2763b |
#ifdef USE_SHMEM
|
|
|
a2763b |
diff -up ./src/libckyapplet/cky_applet.c.cardos-5-3 ./src/libckyapplet/cky_applet.c
|
|
|
a2763b |
--- ./src/libckyapplet/cky_applet.c.cardos-5-3 2017-03-16 17:14:02.404338539 -0700
|
|
|
a2763b |
+++ ./src/libckyapplet/cky_applet.c 2017-03-16 17:14:02.422338845 -0700
|
|
|
a2763b |
@@ -1316,8 +1316,6 @@ P15Applet_SignDecrypt(CKYCardConnection
|
|
|
a2763b |
int appendLength = length;
|
|
|
a2763b |
int hasPad = 0;
|
|
|
a2763b |
|
|
|
a2763b |
- /* Hack, lie and say we are always doing encipherment */
|
|
|
a2763b |
- direction = CKY_DIR_DECRYPT;
|
|
|
a2763b |
CKYBuffer_Resize(result,0);
|
|
|
a2763b |
/*
|
|
|
a2763b |
* first set the security environment
|
|
|
a2763b |
@@ -1367,7 +1365,7 @@ P15Applet_SignDecrypt(CKYCardConnection
|
|
|
a2763b |
}
|
|
|
a2763b |
CKYBuffer_AppendBuffer(&tmp, data, offset, appendLength);
|
|
|
a2763b |
pso.chain = 0;
|
|
|
a2763b |
- pso.retLen = dataSize;
|
|
|
a2763b |
+ pso.retLen = keySize;
|
|
|
a2763b |
|
|
|
a2763b |
ret = CKYApplet_HandleAPDU(conn,
|
|
|
a2763b |
P15AppletFactory_PerformSecurityOperation, &pso, NULL,
|