rpms / coolkey

Clone
Source Code
GIT

Blame SOURCES/coolkey-cac.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta
  1.   c7-beta
  2.   SOURCES
  3.   coolkey-cac.patch
Blob History Raw
ed074c 
diff -up ./src/coolkey/slot.cpp.cac ./src/coolkey/slot.cpp
ed074c 
--- ./src/coolkey/slot.cpp.cac	2010-06-16 13:43:51.477181000 -0700
ed074c 
+++ ./src/coolkey/slot.cpp	2010-06-16 13:43:51.535179000 -0700
ed074c 
@@ -372,7 +372,7 @@ Slot::Slot(const char *readerName_, Log
ed074c 
     : log(log_), readerName(NULL), personName(NULL), manufacturer(NULL),
ed074c 
 	slotInfoFound(false), context(context_), conn(NULL), state(UNKNOWN),
ed074c 
 	isVersion1Key(false), needLogin(false), fullTokenName(false),
ed074c 
-	mCoolkey(false),
ed074c 
+	mCoolkey(false), mOldCAC(false),
ed074c 
 #ifdef USE_SHMEM
ed074c 
 	shmem(readerName_),
ed074c 
 #endif
ed074c 
@@ -412,6 +412,9 @@ Slot::Slot(const char *readerName_, Log
ed074c 
     }
ed074c 
     CKYBuffer_InitEmpty(&cardATR);
ed074c 
     CKYBuffer_InitEmpty(&mCUID);
ed074c 
+    for (int i=0; i < MAX_CERT_SLOTS; i++) {
ed074c 
+	CKYBuffer_InitEmpty(&cardAID[i]);
ed074c 
+    }
ed074c 
   } catch(PKCS11Exception &) {
ed074c 
 	if (conn) {
ed074c 
 	    CKYCardConnection_Destroy(conn);
ed074c 
@@ -479,6 +482,9 @@ Slot::~Slot()
ed074c 
     CKYBuffer_FreeData(&nonce);
ed074c 
     CKYBuffer_FreeData(&cardATR);
ed074c 
     CKYBuffer_FreeData(&mCUID);
ed074c 
+    for (int i=0; i < MAX_CERT_SLOTS; i++) {
ed074c 
+	CKYBuffer_FreeData(&cardAID[i]);
ed074c 
+    }
ed074c 
 }
ed074c
ed074c 
 template <class C>
ed074c 
@@ -671,15 +677,9 @@ Slot::connectToToken()
ed074c 
     status = CKYApplet_SelectCoolKeyManager(conn, NULL);
ed074c 
     if (status != CKYSUCCESS) {
ed074c 
         log->log("CoolKey Select failed 0x%x\n", status);
ed074c 
-	status = CACApplet_SelectPKI(conn, 0, NULL);
ed074c 
+	status = getCACAid();
ed074c 
 	if (status != CKYSUCCESS) {
ed074c 
-            log->log("CAC Select failed 0x%x\n", status);
ed074c 
-	    if (status == CKYSCARDERR) {
ed074c 
-		log->log("CAC Card Failure 0x%x\n",
ed074c 
-			CKYCardConnection_GetLastError(conn));
ed074c 
-		disconnect();
ed074c 
-	    }
ed074c 
-	    return;
ed074c 
+	    goto loser;
ed074c 
 	}
ed074c 
 	state |= CAC_CARD | APPLET_SELECTABLE | APPLET_PERSONALIZED;
ed074c 
 	/* skip the read of the cuid. We really don't need it and,
ed074c 
@@ -690,6 +690,15 @@ Slot::connectToToken()
ed074c 
 	needLogin = 1;
ed074c 
         mCoolkey = 0;
ed074c 
 	return;
ed074c 
+
ed074c 
+loser:
ed074c 
+        log->log("CAC Select failed 0x%x\n", status);
ed074c 
+	if (status == CKYSCARDERR) {
ed074c 
+	    log->log("CAC Card Failure 0x%x\n",
ed074c 
+			CKYCardConnection_GetLastError(conn));
ed074c 
+	    disconnect();
ed074c 
+	}
ed074c 
+	return;
ed074c 
     }
ed074c 
     mCoolkey = 1;
ed074c 
     log->log("time connect: Select Applet %d ms\n", OSTimeNow() - time);
ed074c 
@@ -771,17 +780,111 @@ Slot::disconnect()
ed074c 
     invalidateLogin(false);
ed074c 
 }
ed074c
ed074c 
+CKYStatus
ed074c 
+Slot::getCACAid()
ed074c 
+{
ed074c 
+    CKYBuffer tBuf;
ed074c 
+    CKYBuffer vBuf;
ed074c 
+    CKYSize tlen, vlen;
ed074c 
+    CKYOffset toffset, voffset;
ed074c 
+    int certSlot = 0;
ed074c 
+    int i,length = 0;
ed074c 
+    CKYStatus status;
ed074c 
+
ed074c 
+    CKYBuffer_InitEmpty(&tBuf);
ed074c 
+    CKYBuffer_InitEmpty(&vBuf);
ed074c 
+
ed074c 
+    /* clear out the card AID's */
ed074c 
+    for (i=0; i < MAX_CERT_SLOTS; i++) {
ed074c 
+	CKYBuffer_Resize(&cardAID[i],0);
ed074c 
+    }
ed074c 
+
ed074c 
+    status = CACApplet_SelectCCC(conn,NULL);
ed074c 
+    if (status != CKYSUCCESS) {
ed074c 
+	/* are we an old CAC */
ed074c 
+	status = CACApplet_SelectPKI(conn, &cardAID[0], 0, NULL);
ed074c 
+	if (status != CKYSUCCESS) {
ed074c 
+	   /* no, just fail */
ed074c 
+	   return status;
ed074c 
+	}
ed074c 
+	/* yes, fill in the old applets */
ed074c 
+	mOldCAC = true;
ed074c 
+	for (i=1; i< MAX_CERT_SLOTS; i++) {
ed074c 
+	    CACApplet_SelectPKI(conn, &cardAID[i], i, NULL);
ed074c 
+	}
ed074c 
+	return CKYSUCCESS;
ed074c 
+    }
ed074c 
+    /* definately not an old CAC */
ed074c 
+    mOldCAC = false;
ed074c 
+
ed074c 
+    /* read the TLV */
ed074c 
+    status = CACApplet_ReadFile(conn, CAC_TAG_FILE, &tBuf, NULL);
ed074c 
+    if (status != CKYSUCCESS) {
ed074c 
+	goto done;
ed074c 
+    }
ed074c 
+    status = CACApplet_ReadFile(conn, CAC_VALUE_FILE, &vBuf, NULL);
ed074c 
+    if (status != CKYSUCCESS) {
ed074c 
+	goto done;
ed074c 
+    }
ed074c 
+    tlen = CKYBuffer_Size(&tBuf);
ed074c 
+    vlen = CKYBuffer_Size(&vBuf);
ed074c 
+
ed074c 
+    for(toffset = 2, voffset=2;
ed074c 
+	certSlot < MAX_CERT_SLOTS && toffset < tlen && voffset < vlen ;
ed074c 
+		voffset += length) {
ed074c 
+
ed074c 
+	CKYByte tag = CKYBuffer_GetChar(&tBuf, toffset);
ed074c 
+	length = CKYBuffer_GetChar(&tBuf, toffset+1);
ed074c 
+	toffset += 2;
ed074c 
+	if (length == 0xff) {
ed074c 
+	    length = CKYBuffer_GetShortLE(&tBuf, toffset);
ed074c 
+	    toffset +=2;
ed074c 
+	}
ed074c 
+	if (tag != CAC_TAG_CARDURL) {
ed074c 
+	    continue;
ed074c 
+	}
ed074c 
+	/* CARDURL tags must be at least 10 bytes long */
ed074c 
+	if (length < 10) {
ed074c 
+	    continue;
ed074c 
+	}
ed074c 
+	/* check the app type, should be TLV_APP_PKI */
ed074c 
+	if (CKYBuffer_GetChar(&vBuf, voffset+5) != CAC_TLV_APP_PKI) {
ed074c 
+	    continue;
ed074c 
+	}
ed074c 
+	status = CKYBuffer_AppendBuffer(&cardAID[certSlot], &vBuf, voffset, 5);
ed074c 
+	if (status != CKYSUCCESS) {
ed074c 
+	    goto done;
ed074c 
+	}
ed074c 
+	status = CKYBuffer_AppendBuffer(&cardAID[certSlot], &vBuf,
ed074c 
+								voffset+8, 2);
ed074c 
+	if (status != CKYSUCCESS) {
ed074c 
+	    goto done;
ed074c 
+	}
ed074c 
+	cardEF[certSlot] = CKYBuffer_GetShortLE(&vBuf, voffset+6);
ed074c 
+
ed074c 
+	certSlot++;
ed074c 
+    }
ed074c 
+    status = CKYSUCCESS;
ed074c 
+    if (certSlot == 0) {
ed074c 
+	status = CKYAPDUFAIL; /* probably neeed a beter error code */
ed074c 
+    }
ed074c 
+
ed074c 
+done:
ed074c 
+    CKYBuffer_FreeData(&tBuf);
ed074c 
+    CKYBuffer_FreeData(&vBuf);
ed074c 
+    return status;
ed074c 
+}
ed074c 
+
ed074c 
 void
ed074c 
 Slot::refreshTokenState()
ed074c 
 {
ed074c 
     if( cardStateMayHaveChanged() ) {
ed074c 
-log->log("card changed\n");
ed074c 
+        log->log("card changed\n");
ed074c 
 	invalidateLogin(true);
ed074c 
         closeAllSessions();
ed074c 
 	unloadObjects();
ed074c 
         connectToToken();
ed074c
ed074c 
-
ed074c 
         if( state & APPLET_PERSONALIZED ) {
ed074c 
             try {
ed074c 
                 loadObjects();
ed074c 
@@ -1019,7 +1122,7 @@ Slot::makeModelString(char *model, int m
ed074c
ed074c 
 struct _manList {
ed074c 
      unsigned short type;
ed074c 
-     char *string;
ed074c 
+     const char *string;
ed074c 
 };
ed074c
ed074c 
 static const struct _manList  manList[] = {
ed074c 
@@ -1280,13 +1383,30 @@ void
ed074c 
 Slot::selectCACApplet(CKYByte instance)
ed074c 
 {
ed074c 
     CKYStatus status;
ed074c 
-    status = CACApplet_SelectPKI(conn, instance, NULL);
ed074c 
+    CKYBuffer *aid = &cardAID[instance];
ed074c 
+
ed074c 
+    if (CKYBuffer_Size(aid) == 0) {
ed074c 
+        disconnect();
ed074c 
+        throw PKCS11Exception(CKR_DEVICE_REMOVED);
ed074c 
+	return;
ed074c 
+    }
ed074c 
+
ed074c 
+    status = CKYApplet_SelectFile(conn, aid, NULL);
ed074c 
     if ( status == CKYSCARDERR ) handleConnectionError();
ed074c 
     if ( status != CKYSUCCESS) {
ed074c 
         // could not select applet: this just means it's not there
ed074c 
         disconnect();
ed074c 
         throw PKCS11Exception(CKR_DEVICE_REMOVED);
ed074c 
     }
ed074c 
+    if (mOldCAC) {
ed074c 
+	return;
ed074c 
+    }
ed074c 
+    status = CACApplet_SelectFile(conn, cardEF[instance], NULL);
ed074c 
+    if ( status == CKYSCARDERR ) handleConnectionError();
ed074c 
+    if ( status != CKYSUCCESS) {
ed074c 
+        disconnect();
ed074c 
+        throw PKCS11Exception(CKR_DEVICE_REMOVED);
ed074c 
+    }
ed074c 
 }
ed074c 
 // assume we are already in a transaction
ed074c 
 void
ed074c 
@@ -2059,10 +2179,85 @@ Slot::fetchCombinedObjects(const CKYBuff
ed074c 
     return objInfoList;
ed074c 
 }
ed074c
ed074c 
+CKYStatus
ed074c 
+Slot::readCACCertificateFirst(CKYBuffer *cert, CKYSize *nextSize,
ed074c 
+			      bool throwException)
ed074c 
+{
ed074c 
+    CKYStatus status;
ed074c 
+    CKYISOStatus apduRC;
ed074c 
+
ed074c 
+    if (mOldCAC) {
ed074c 
+	/* get the first 100 bytes of the cert */
ed074c 
+	status = CACApplet_GetCertificateFirst(conn, cert, nextSize, &apduRC);
ed074c 
+	if (throwException && (status != CKYSUCCESS)) {
ed074c 
+	    handleConnectionError();
ed074c 
+	}
ed074c 
+	return status;
ed074c 
+    }
ed074c 
+
ed074c 
+    CKYBuffer tBuf;
ed074c 
+    CKYBuffer vBuf;
ed074c 
+    CKYSize tlen, vlen;
ed074c 
+    CKYOffset toffset, voffset;
ed074c 
+    int length = 0;
ed074c 
+
ed074c 
+    CKYBuffer_InitEmpty(&tBuf);
ed074c 
+    CKYBuffer_InitEmpty(&vBuf);
ed074c 
+    CKYBuffer_Resize(cert, 0);
ed074c 
+
ed074c 
+    /* handle the new CAC card read */
ed074c 
+    /* read the TLV */
ed074c 
+    status = CACApplet_ReadFile(conn, CAC_TAG_FILE, &tBuf, NULL);
ed074c 
+    if (status != CKYSUCCESS) {
ed074c 
+	goto done;
ed074c 
+    }
ed074c 
+    status = CACApplet_ReadFile(conn, CAC_VALUE_FILE, &vBuf, NULL);
ed074c 
+    if (status != CKYSUCCESS) {
ed074c 
+	goto done;
ed074c 
+    }
ed074c 
+    tlen = CKYBuffer_Size(&tBuf);
ed074c 
+    vlen = CKYBuffer_Size(&vBuf);
ed074c 
+
ed074c 
+    /* look for the Cert out of the TLV */
ed074c 
+    for(toffset = 2, voffset=2; toffset < tlen && voffset < vlen ;
ed074c 
+		voffset += length) {
ed074c 
+
ed074c 
+	CKYByte tag = CKYBuffer_GetChar(&tBuf, toffset);
ed074c 
+	length = CKYBuffer_GetChar(&tBuf, toffset+1);
ed074c 
+	toffset += 2;
ed074c 
+	if (length == 0xff) {
ed074c 
+	    length = CKYBuffer_GetShortLE(&tBuf, toffset);
ed074c 
+	    toffset +=2;
ed074c 
+	}
ed074c 
+	if (tag != CAC_TAG_CERTIFICATE) {
ed074c 
+	    continue;
ed074c 
+	}
ed074c 
+	CKYBuffer_AppendBuffer(cert, &vBuf, voffset, length);
ed074c 
+	break;
ed074c 
+    }
ed074c 
+    status = CKYSUCCESS;
ed074c 
+
ed074c 
+done:
ed074c 
+    CKYBuffer_FreeData(&tBuf);
ed074c 
+    CKYBuffer_FreeData(&vBuf);
ed074c 
+    return status;
ed074c 
+}
ed074c 
+
ed074c 
+/*
ed074c 
+ * only necessary for old CAC cards. New CAC cards have to read the
ed074c 
+ * whole cert in anyway above....
ed074c 
+ */
ed074c 
+CKYStatus
ed074c 
+Slot::readCACCertificateAppend(CKYBuffer *cert, CKYSize nextSize)
ed074c 
+{
ed074c 
+    CKYISOStatus apduRC;
ed074c 
+    assert(mOldCAC);
ed074c 
+    return CACApplet_GetCertificateAppend(conn, cert, nextSize, &apduRC);
ed074c 
+}
ed074c 
+
ed074c 
 void
ed074c 
 Slot::loadCACCert(CKYByte instance)
ed074c 
 {
ed074c 
-    CKYISOStatus apduRC;
ed074c 
     CKYStatus status = CKYSUCCESS;
ed074c 
     CKYBuffer cert;
ed074c 
     CKYBuffer rawCert;
ed074c 
@@ -2097,12 +2292,7 @@ Slot::loadCACCert(CKYByte instance)
ed074c 
 						 instance, OSTimeNow() - time);
ed074c
ed074c 
     if (instance == 0) {
ed074c 
-	/* get the first 100 bytes of the cert */
ed074c 
-	status = CACApplet_GetCertificateFirst(conn, &rawCert,
ed074c 
-						&nextSize, &apduRC);
ed074c 
-	if (status != CKYSUCCESS) {
ed074c 
-	    handleConnectionError();
ed074c 
-	}
ed074c 
+	readCACCertificateFirst(&rawCert, &nextSize, true);
ed074c 
 	log->log("CAC Cert %d: fetch CAC Cert:  %d ms\n",
ed074c 
 						instance, OSTimeNow() - time);
ed074c 
     }
ed074c 
@@ -2143,8 +2333,7 @@ Slot::loadCACCert(CKYByte instance)
ed074c 
 	    shmem.setVersion(SHMEM_VERSION);
ed074c 
 	    shmem.setDataVersion(dataVersion);
ed074c 
 	} else {
ed074c 
-	    status = CACApplet_GetCertificateFirst(conn, &rawCert,
ed074c 
-						&nextSize, &apduRC);
ed074c 
+	    status = readCACCertificateFirst(&rawCert, &nextSize, false);
ed074c
ed074c 
 	    if (status != CKYSUCCESS) {
ed074c 
 		/* CAC only requires the Certificate in pki '0' */
ed074c 
@@ -2159,8 +2348,7 @@ Slot::loadCACCert(CKYByte instance)
ed074c 
 	}
ed074c
ed074c 
 	if (nextSize) {
ed074c 
-	    status = CACApplet_GetCertificateAppend(conn, &rawCert,
ed074c 
-						nextSize, &apduRC);
ed074c 
+	    status = readCACCertificateAppend(&rawCert, nextSize);
ed074c 
 	}
ed074c 
 	log->log("CAC Cert %d: Fetch rest :  %d ms\n",
ed074c 
 						instance, OSTimeNow() - time);
ed074c 
@@ -2176,9 +2364,10 @@ Slot::loadCACCert(CKYByte instance)
ed074c
ed074c 
     log->log("CAC Cert %d: Cert has been read:  %d ms\n",
ed074c 
 						instance, OSTimeNow() - time);
ed074c 
-    if (CKYBuffer_GetChar(&rawCert,0) == 1) {
ed074c 
+    if (!mOldCAC || CKYBuffer_GetChar(&rawCert,0) == 1) {
ed074c 
 	CKYSize guessFinalSize = CKYBuffer_Size(&rawCert);
ed074c 
 	CKYSize certSize = 0;
ed074c 
+	CKYOffset offset = mOldCAC ? 1 : 0;
ed074c 
 	int zret = Z_MEM_ERROR;
ed074c
ed074c 
 	do {
ed074c 
@@ -2189,7 +2378,8 @@ Slot::loadCACCert(CKYByte instance)
ed074c 
 	    }
ed074c 
 	    certSize = guessFinalSize;
ed074c 
 	    zret = uncompress((Bytef *)CKYBuffer_Data(&cert),&certSize,
ed074c 
-			CKYBuffer_Data(&rawCert)+1, CKYBuffer_Size(&rawCert)-1);
ed074c 
+			CKYBuffer_Data(&rawCert)+offset,
ed074c 
+			CKYBuffer_Size(&rawCert)-offset);
ed074c 
 	} while (zret == Z_BUF_ERROR);
ed074c
ed074c 
 	if (zret != Z_OK) {
ed074c 
@@ -2526,7 +2716,7 @@ Slot::attemptCACLogin()
ed074c 
     switch( result ) {
ed074c 
       case CKYISO_SUCCESS:
ed074c 
         break;
ed074c 
-      case 6981:
ed074c 
+      case 0x6981:
ed074c 
         throw PKCS11Exception(CKR_PIN_LOCKED);
ed074c 
       default:
ed074c 
 	if ((result & 0xff00) == 0x6300) {
ed074c 
diff -up ./src/coolkey/slot.h.cac ./src/coolkey/slot.h
ed074c 
--- ./src/coolkey/slot.h.cac	2010-06-16 13:43:51.344185000 -0700
ed074c 
+++ ./src/coolkey/slot.h	2010-06-16 13:43:51.546179000 -0700
ed074c 
@@ -294,6 +294,7 @@ class CryptParams {
ed074c 
 				 const CKYBuffer *paddedOutput) const = 0;
ed074c 
 };
ed074c
ed074c 
+#define MAX_CERT_SLOTS 3
ed074c 
 class Slot {
ed074c
ed074c 
   public:
ed074c 
@@ -328,6 +329,8 @@ class Slot {
ed074c 
     CKYBuffer nonce;
ed074c 
     CKYBuffer cardATR;
ed074c 
     CKYBuffer mCUID;
ed074c 
+    CKYBuffer cardAID[MAX_CERT_SLOTS];
ed074c 
+    unsigned short cardEF[MAX_CERT_SLOTS];
ed074c 
     bool isVersion1Key;
ed074c 
     bool needLogin;
ed074c 
     long publicFree;
ed074c 
@@ -335,6 +338,7 @@ class Slot {
ed074c 
     long privateFree;
ed074c 
     bool fullTokenName;
ed074c 
     bool mCoolkey;
ed074c 
+    bool mOldCAC;
ed074c
ed074c 
     //enum { RW_SESSION_HANDLE = 1, RO_SESSION_HANDLE = 2 };
ed074c
ed074c 
@@ -398,6 +402,11 @@ class Slot {
ed074c 
     list<ListObjectInfo> fetchCombinedObjects(const CKYBuffer *header);
ed074c 
     list<ListObjectInfo> fetchSeparateObjects();
ed074c
ed074c 
+    CKYStatus getCACAid();
ed074c 
+    CKYStatus readCACCertificateFirst(CKYBuffer *cert, CKYSize *nextSize,
ed074c 
+                              bool throwException);
ed074c 
+    CKYStatus readCACCertificateAppend(CKYBuffer *cert, CKYSize nextSize);
ed074c 
+
ed074c 
     void selectApplet();
ed074c 
     void selectCACApplet(CKYByte instance);
ed074c 
     void unloadObjects();
ed074c 
diff -up ./src/libckyapplet/cky_applet.c.cac ./src/libckyapplet/cky_applet.c
ed074c 
--- ./src/libckyapplet/cky_applet.c.cac	2010-06-16 13:43:51.357181000 -0700
ed074c 
+++ ./src/libckyapplet/cky_applet.c	2010-06-16 14:47:41.305529000 -0700
ed074c 
@@ -41,7 +41,13 @@
ed074c 
 CKYStatus
ed074c 
 CKYAppletFactory_SelectFile(CKYAPDU *apdu, const void *param)
ed074c 
 {
ed074c 
-    return CKYAPDUFactory_SelectFile(apdu,(const CKYBuffer *)param);
ed074c 
+    return CKYAPDUFactory_SelectFile(apdu, 4, 0, (const CKYBuffer *)param);
ed074c 
+}
ed074c 
+
ed074c 
+CKYStatus
ed074c 
+CACAppletFactory_SelectFile(CKYAPDU *apdu, const void *param)
ed074c 
+{
ed074c 
+    return CKYAPDUFactory_SelectFile(apdu, 2, 12, (const CKYBuffer *)param);
ed074c 
 }
ed074c
ed074c 
 CKYStatus
ed074c 
@@ -225,10 +231,17 @@ CKYAppletFactory_GetBuiltinACL(CKYAPDU *
ed074c 
 }
ed074c
ed074c 
 CKYStatus
ed074c 
-CACAppletFactory_SignDecrypt(CKYAPDU *apdu, const void *param)
ed074c 
+CACAppletFactory_SignDecryptStep(CKYAPDU *apdu, const void *param)
ed074c 
+{
ed074c 
+    const CKYBuffer *buf=(CKYBuffer *)param;
ed074c 
+    return CACAPDUFactory_SignDecrypt(apdu, CAC_P1_STEP, buf);
ed074c 
+}
ed074c 
+
ed074c 
+CKYStatus
ed074c 
+CACAppletFactory_SignDecryptFinal(CKYAPDU *apdu, const void *param)
ed074c 
 {
ed074c 
     const CKYBuffer *buf=(CKYBuffer *)param;
ed074c 
-    return CACAPDUFactory_SignDecrypt(apdu, buf);
ed074c 
+    return CACAPDUFactory_SignDecrypt(apdu, CAC_P1_FINAL, buf);
ed074c 
 }
ed074c
ed074c 
 CKYStatus
ed074c 
@@ -246,6 +259,13 @@ CACAppletFactory_GetCertificate(CKYAPDU
ed074c 
 }
ed074c
ed074c 
 CKYStatus
ed074c 
+CACAppletFactory_ReadFile(CKYAPDU *apdu, const void *param)
ed074c 
+{
ed074c 
+    const CACAppletArgReadFile *rfs = (const CACAppletArgReadFile *)param;
ed074c 
+    return CACAPDUFactory_ReadFile(apdu, rfs->offset, rfs->type, rfs->count);
ed074c 
+}
ed074c 
+
ed074c 
+CKYStatus
ed074c 
 CACAppletFactory_GetProperties(CKYAPDU *apdu, const void *param)
ed074c 
 {
ed074c 
     return CACAPDUFactory_GetProperties(apdu);
ed074c 
@@ -457,7 +477,7 @@ CKYApplet_SelectFile(CKYCardConnection *
ed074c 
 							 CKYISOStatus *apduRC)
ed074c 
 {
ed074c 
     return CKYApplet_HandleAPDU(conn, CKYAppletFactory_SelectFile, AID, NULL,
ed074c 
-		0, CKYAppletFill_Null, NULL, apduRC);
ed074c 
+		CKY_SIZE_UNKNOWN, CKYAppletFill_Null, NULL, apduRC);
ed074c 
 }
ed074c
ed074c 
 static CKYByte coolkeyid[] = {0x62, 0x76, 0x01, 0xff, 0x00, 0x00, 0x00 };
ed074c 
@@ -477,22 +497,23 @@ CKYApplet_SelectCoolKeyManager(CKYCardCo
ed074c 
     return ret;
ed074c 
 }
ed074c
ed074c 
-static CKYByte CACPKIid[] = {0xa0, 0x00, 0x00, 0x00, 0x79, 0x01, 0x00 };
ed074c 
+static CKYByte CACPKIid[] = { 0xa0, 0x00, 0x00, 0x00, 0x79, 0x01 };
ed074c 
 /*
ed074c 
  * Select the CoolKey applet. Must happen after we start a transaction and
ed074c 
  * before we issue any applet specific command.
ed074c 
  */
ed074c 
 CKYStatus
ed074c 
-CACApplet_SelectPKI(CKYCardConnection *conn, CKYByte instance,
ed074c 
-			       CKYISOStatus *apduRC)
ed074c 
+CACApplet_SelectPKI(CKYCardConnection *conn, CKYBuffer *cacAID,
ed074c 
+				CKYByte instance, CKYISOStatus *apduRC)
ed074c 
 {
ed074c 
     CKYStatus ret;
ed074c 
-    CKYBuffer CACPKIAID;
ed074c 
-    CKYBuffer_InitFromData(&CACPKIAID, CACPKIid, sizeof(CACPKIid));
ed074c 
-    CKYBuffer_SetChar(&CACPKIAID, 6, instance);
ed074c 
-    ret = CKYApplet_HandleAPDU(conn, CKYAppletFactory_SelectFile, &CACPKIAID,
ed074c 
+    CKYBuffer_AppendData(cacAID, CACPKIid, sizeof(CACPKIid));
ed074c 
+    CKYBuffer_AppendChar(cacAID, instance);
ed074c 
+    ret = CKYApplet_HandleAPDU(conn, CKYAppletFactory_SelectFile, cacAID,
ed074c 
 		 NULL, CKY_SIZE_UNKNOWN, CKYAppletFill_Null, NULL, apduRC);
ed074c 
-    CKYBuffer_FreeData(&CACPKIAID);
ed074c 
+    if (ret != CKYSUCCESS) {
ed074c 
+	CKYBuffer_Resize(cacAID, 0);
ed074c 
+    }
ed074c 
     return ret;
ed074c 
 }
ed074c
ed074c 
@@ -515,11 +536,38 @@ CACApplet_SelectCardManager(CKYCardConne
ed074c 
     CKYBuffer CAC_CM_AID;
ed074c 
     CKYBuffer_InitFromData(&CAC_CM_AID, cacmgrid, sizeof(cacmgrid));
ed074c 
     ret = CKYApplet_HandleAPDU(conn, CKYAppletFactory_SelectFile, &CAC_CM_AID,
ed074c 
-		 NULL, 0, CKYAppletFill_Null, NULL, apduRC);
ed074c 
+		 NULL, CKY_SIZE_UNKNOWN, CKYAppletFill_Null, NULL, apduRC);
ed074c 
     CKYBuffer_FreeData(&CAC_CM_AID);
ed074c 
     return ret;
ed074c 
 }
ed074c
ed074c 
+static CKYByte cacCCCid[] = {0xa0, 0x00, 0x00, 0x01, 0x16, 0xdb, 0x00 };
ed074c 
+CKYStatus
ed074c 
+CACApplet_SelectCCC(CKYCardConnection *conn, CKYISOStatus *apduRC)
ed074c 
+{
ed074c 
+    CKYStatus ret;
ed074c 
+    CKYBuffer CAC_CM_AID;
ed074c 
+    CKYBuffer_InitFromData(&CAC_CM_AID, cacCCCid, sizeof(cacCCCid));
ed074c 
+    ret = CKYApplet_HandleAPDU(conn, CKYAppletFactory_SelectFile, &CAC_CM_AID,
ed074c 
+		 NULL, CKY_SIZE_UNKNOWN, CKYAppletFill_Null, NULL, apduRC);
ed074c 
+    CKYBuffer_FreeData(&CAC_CM_AID);
ed074c 
+    return ret;
ed074c 
+}
ed074c 
+
ed074c 
+CKYStatus
ed074c 
+CACApplet_SelectFile(CKYCardConnection *conn, unsigned short ef,
ed074c 
+						 CKYISOStatus *apduRC)
ed074c 
+{
ed074c 
+    CKYStatus ret;
ed074c 
+    CKYBuffer efBuf;
ed074c 
+    CKYBuffer_InitEmpty(&efBuf);
ed074c 
+    CKYBuffer_AppendShortLE(&efBuf, ef);
ed074c 
+    ret = CKYApplet_HandleAPDU(conn, CACAppletFactory_SelectFile, &efBuf,
ed074c 
+		 NULL, CKY_SIZE_UNKNOWN, CKYAppletFill_Null, NULL, apduRC);
ed074c 
+    CKYBuffer_FreeData(&efBuf);
ed074c 
+    return ret;
ed074c 
+}
ed074c 
+
ed074c 
 /*
ed074c 
  * GetCPLC cluster -- must be called with CM selected
ed074c 
  */
ed074c 
@@ -673,8 +721,8 @@ CKYApplet_ComputeCryptProcess(CKYCardCon
ed074c 
     ccd.keyNumber = keyNumber;
ed074c 
     ccd.location = location;
ed074c 
     ccd.data = data;
ed074c 
-    return CKYApplet_HandleAPDU(conn, CKYAppletFactory_ComputeCryptProcess, &ccd,
ed074c 
-	nonce, 0, CKYAppletFill_Null, NULL, apduRC);
ed074c 
+    return CKYApplet_HandleAPDU(conn, CKYAppletFactory_ComputeCryptProcess,
ed074c 
+	&ccd, nonce, 0, CKYAppletFill_Null, NULL, apduRC);
ed074c 
 }
ed074c
ed074c 
 /* computeCrypt returns data in the form :
ed074c 
@@ -832,11 +880,39 @@ CACApplet_SignDecrypt(CKYCardConnection
ed074c 
 	 	CKYBuffer *result, CKYISOStatus *apduRC)
ed074c 
 {
ed074c 
     CKYStatus ret;
ed074c 
-
ed074c 
-    ret = CKYApplet_HandleAPDU(conn,
ed074c 
-			    CACAppletFactory_SignDecrypt, data, NULL,
ed074c 
-			    CKYBuffer_Size(data), CKYAppletFill_ReplaceBuffer,
ed074c 
+    CKYSize dataSize = CKYBuffer_Size(data);
ed074c 
+    CKYOffset offset = 0;
ed074c 
+    CKYBuffer tmp;
ed074c 
+
ed074c 
+    CKYBuffer_InitEmpty(&tmp);
ed074c 
+
ed074c 
+    CKYBuffer_Resize(result, 0);
ed074c 
+    for(offset = 0; (dataSize-offset) > CKY_MAX_WRITE_CHUNK_SIZE;
ed074c 
+				offset += CKY_MAX_WRITE_CHUNK_SIZE) {
ed074c 
+	CKYBuffer_Resize(&tmp,0);
ed074c 
+	CKYBuffer_AppendBuffer(&tmp, data, offset, CKY_MAX_WRITE_CHUNK_SIZE);
ed074c 
+        ret = CKYApplet_HandleAPDU(conn, CACAppletFactory_SignDecryptStep,
ed074c 
+			    &tmp, NULL, CKY_SIZE_UNKNOWN,
ed074c 
+			    CKYAppletFill_AppendBuffer,
ed074c 
 			    result, apduRC);
ed074c 
+	if (ret != CKYSUCCESS) {
ed074c 
+	    goto done;
ed074c 
+	}
ed074c 
+    }
ed074c 
+    CKYBuffer_Resize(&tmp,0);
ed074c 
+    CKYBuffer_AppendBuffer(&tmp, data, offset, dataSize - offset);
ed074c 
+    ret = CKYApplet_HandleAPDU(conn, CACAppletFactory_SignDecryptFinal,
ed074c 
+			    &tmp, NULL, CKY_SIZE_UNKNOWN,
ed074c 
+			    CKYAppletFill_AppendBuffer,
ed074c 
+			    result, apduRC);
ed074c 
+
ed074c 
+    if ((ret == CKYSUCCESS) && (CKYBuffer_Size(result) != dataSize)) {
ed074c 
+	/* RSA returns the same data size as input, didn't happen, so
ed074c 
+	 * something is wrong. */
ed074c 
+    }
ed074c 
+
ed074c 
+done:
ed074c 
+    CKYBuffer_FreeData(&tmp);
ed074c 
     return ret;
ed074c 
 }
ed074c
ed074c 
@@ -895,6 +971,63 @@ CACApplet_GetCertificate(CKYCardConnecti
ed074c 
     }
ed074c 
     return ret;
ed074c 
 }
ed074c 
+
ed074c 
+/*
ed074c 
+ * Read a CAC Tag/Value file
ed074c 
+ */
ed074c 
+CKYStatus
ed074c 
+CACApplet_ReadFile(CKYCardConnection *conn, CKYByte type, CKYBuffer *buffer,
ed074c 
+		    CKYISOStatus *apduRC)
ed074c 
+{
ed074c 
+    CKYStatus ret;
ed074c 
+    CKYISOStatus status;
ed074c 
+    CKYByte maxtransfer;
ed074c 
+    unsigned short offset = 0;
ed074c 
+    unsigned short size;
ed074c 
+    CACAppletArgReadFile rfs;
ed074c 
+
ed074c 
+    CKYBuffer_Resize(buffer,0);
ed074c 
+    if (apduRC == NULL) {
ed074c 
+	apduRC = &status;
ed074c 
+    }
ed074c 
+    rfs.offset = 0;
ed074c 
+    rfs.count = 2;
ed074c 
+    rfs.type = type;
ed074c 
+
ed074c 
+    /* APDU's are expensive, Grab a big chunk of the file first if possible */
ed074c 
+    ret = CKYApplet_HandleAPDU(conn,
ed074c 
+			    CACAppletFactory_ReadFile, &rfs, NULL,
ed074c 
+			    rfs.count, CKYAppletFill_AppendBuffer,
ed074c 
+			    buffer, apduRC);
ed074c 
+    /* file is probably smaller than 100 bytes, get the actual size first */
ed074c 
+    if (ret != CKYSUCCESS) {
ed074c 
+	return ret;
ed074c 
+    }
ed074c 
+    size = CKYBuffer_GetShortLE(buffer, 0) + 2 /* include the length itself */;
ed074c 
+    maxtransfer = CKY_MAX_READ_CHUNK_SIZE;
ed074c 
+    /* get the rest of the buffer if necessary */
ed074c 
+    for (offset = CKYBuffer_Size(buffer); size > offset;
ed074c 
+				offset = CKYBuffer_Size(buffer)) {
ed074c 
+	rfs.offset = offset;
ed074c 
+	rfs.count = MIN(size - offset, maxtransfer);
ed074c 
+	ret = CKYApplet_HandleAPDU(conn,
ed074c 
+			    CACAppletFactory_ReadFile, &rfs, NULL,
ed074c 
+			    rfs.count, CKYAppletFill_AppendBuffer,
ed074c 
+			    buffer, apduRC);
ed074c 
+	if (ret != CKYSUCCESS) {
ed074c 
+	    if (*apduRC == CAC_INVALID_PARAMS) {
ed074c 
+		maxtransfer = maxtransfer/2;
ed074c 
+		if (maxtransfer == 0) {
ed074c 
+		    return ret;
ed074c 
+		}
ed074c 
+	    } else {
ed074c 
+		return ret;
ed074c 
+	    }
ed074c 
+ 	}
ed074c 
+    }
ed074c 
+    return ret;
ed074c 
+}
ed074c 
+
ed074c 
 CKYStatus
ed074c 
 CACApplet_GetCertificateFirst(CKYCardConnection *conn, CKYBuffer *cert,
ed074c 
 			CKYSize *nextSize, CKYISOStatus *apduRC)
ed074c 
diff -up ./src/libckyapplet/cky_applet.h.cac ./src/libckyapplet/cky_applet.h
ed074c 
--- ./src/libckyapplet/cky_applet.h.cac	2010-06-16 13:43:51.370181000 -0700
ed074c 
+++ ./src/libckyapplet/cky_applet.h	2010-06-16 13:43:51.572179000 -0700
ed074c 
@@ -71,6 +71,15 @@ typedef unsigned short CKYISOStatus; /*
ed074c 
 #define CKYISO_INTERNAL_ERROR        0x9cff  /* Reserved for debugging,
ed074c 
 					     * shouldn't happen */
ed074c
ed074c 
+#define CAC_INVALID_PARAMS	    0x6a83
ed074c 
+#define CAC_TAG_FILE			1
ed074c 
+#define CAC_VALUE_FILE			2
ed074c 
+
ed074c 
+
ed074c 
+#define CAC_TAG_CARDURL			0xf3
ed074c 
+#define CAC_TAG_CERTIFICATE		0x70
ed074c 
+#define CAC_TLV_APP_PKI			0x04
ed074c 
+
ed074c 
 /*
ed074c 
  * Pin Constants as used by our applet
ed074c 
  */
ed074c 
@@ -209,6 +218,12 @@ typedef struct _CKYAppletArgComputeCrypt
ed074c 
     const CKYBuffer *sig;
ed074c 
 } CKYAppletArgComputeCrypt;
ed074c
ed074c 
+typedef struct _CACAppletArgReadFile {
ed074c 
+    CKYByte   type;
ed074c 
+    CKYByte   count;
ed074c 
+    unsigned short offset;
ed074c 
+} CACAppletArgReadFile;
ed074c 
+
ed074c 
 /* fills in an APDU from a structure -- form of all the generic factories*/
ed074c 
 typedef CKYStatus (*CKYAppletFactory)(CKYAPDU *apdu, const void *param);
ed074c 
 /* fills in an a structure from a response -- form of all the fill structures*/
ed074c 
@@ -451,9 +466,17 @@ CKYStatus CKYApplet_DeleteObject(CKYCard
ed074c 
 /* Select the CAC card manager.  Can happen with either applet selected */
ed074c 
 CKYStatus CACApplet_SelectCardManager(CKYCardConnection *conn,
ed074c 
 							CKYISOStatus *apduRC);
ed074c 
-/* Can happen with either applet selected */
ed074c 
-CKYStatus CACApplet_SelectPKI(CKYCardConnection *conn, CKYByte instance,
ed074c 
-			      CKYISOStatus *apduRC);
ed074c 
+/* Select the CAC CC container. Can happen with either applet selected */
ed074c 
+CKYStatus CACApplet_SelectCCC(CKYCardConnection *conn, CKYISOStatus *apduRC);
ed074c 
+/* Select an old CAC applet and fill in the cardAID */
ed074c 
+CKYStatus CACApplet_SelectPKI(CKYCardConnection *conn, CKYBuffer *cardAid,
ed074c 
+			      CKYByte instance, CKYISOStatus *apduRC);
ed074c 
+/* read a TLV file */
ed074c 
+CKYStatus CACApplet_ReadFile(CKYCardConnection *conn, CKYByte type,
ed074c 
+			     CKYBuffer *buffer, CKYISOStatus *apduRC);
ed074c 
+CKYStatus CACApplet_SelectFile(CKYCardConnection *conn, unsigned short ef,
ed074c 
+			     CKYISOStatus *apduRC);
ed074c 
+
ed074c 
 /* must happen with PKI applet selected */
ed074c 
 CKYStatus CACApplet_SignDecrypt(CKYCardConnection *conn, const CKYBuffer *data,
ed074c 
 		CKYBuffer *result, CKYISOStatus *apduRC);
ed074c 
diff -up ./src/libckyapplet/cky_base.c.cac ./src/libckyapplet/cky_base.c
ed074c 
--- ./src/libckyapplet/cky_base.c.cac	2006-06-09 11:44:17.000000000 -0700
ed074c 
+++ ./src/libckyapplet/cky_base.c	2010-06-16 13:43:51.583179000 -0700
ed074c 
@@ -220,6 +220,22 @@ CKYBuffer_AppendShort(CKYBuffer *buf, un
ed074c 
     return CKYSUCCESS;
ed074c 
 }
ed074c
ed074c 
+/* append a short in network order */
ed074c 
+CKYStatus
ed074c 
+CKYBuffer_AppendShortLE(CKYBuffer *buf, unsigned short val)
ed074c 
+{
ed074c 
+    CKYStatus ret;
ed074c 
+
ed074c 
+    ret = CKYBuffer_Reserve(buf, buf->len + 2);
ed074c 
+    if (ret != CKYSUCCESS) {
ed074c 
+	return ret;
ed074c 
+    }
ed074c 
+    buf->data[buf->len+1] = (CKYByte) ((val >> 8) & 0xff);
ed074c 
+    buf->data[buf->len+0] = (CKYByte) ((val >> 0) & 0xff);
ed074c 
+    buf->len += 2;
ed074c 
+    return CKYSUCCESS;
ed074c 
+}
ed074c 
+
ed074c 
 /* append a long in applet order */
ed074c 
 CKYStatus
ed074c 
 CKYBuffer_AppendLong(CKYBuffer *buf, unsigned long val)
ed074c 
@@ -238,6 +254,24 @@ CKYBuffer_AppendLong(CKYBuffer *buf, uns
ed074c 
     return CKYSUCCESS;
ed074c 
 }
ed074c
ed074c 
+/* append a long in applet order */
ed074c 
+CKYStatus
ed074c 
+CKYBuffer_AppendLongLE(CKYBuffer *buf, unsigned long val)
ed074c 
+{
ed074c 
+    CKYStatus ret;
ed074c 
+
ed074c 
+    ret = CKYBuffer_Reserve(buf, buf->len + 4);
ed074c 
+    if (ret != CKYSUCCESS) {
ed074c 
+	return ret;
ed074c 
+    }
ed074c 
+    buf->data[buf->len+3] = (CKYByte) ((val >> 24) & 0xff);
ed074c 
+    buf->data[buf->len+2] = (CKYByte) ((val >> 16) & 0xff);
ed074c 
+    buf->data[buf->len+1] = (CKYByte) ((val >>  8) & 0xff);
ed074c 
+    buf->data[buf->len+0] = (CKYByte) ((val >>  0) & 0xff);
ed074c 
+    buf->len += 4;
ed074c 
+    return CKYSUCCESS;
ed074c 
+}
ed074c 
+
ed074c 
 CKYStatus
ed074c 
 CKYBuffer_Replace(CKYBuffer *buf, CKYOffset offset, const CKYByte *data, CKYSize len)
ed074c 
 {
ed074c 
@@ -351,6 +385,22 @@ CKYBuffer_SetShort(CKYBuffer *buf, CKYOf
ed074c 
 }
ed074c
ed074c 
 CKYStatus
ed074c 
+CKYBuffer_SetShortLE(CKYBuffer *buf, CKYOffset offset, unsigned short val)
ed074c 
+{
ed074c 
+    CKYStatus ret;
ed074c 
+
ed074c 
+    if (buf->len < offset+2) {
ed074c 
+	ret = CKYBuffer_Resize(buf,offset+2);
ed074c 
+	if (ret != CKYSUCCESS) {
ed074c 
+	    return ret;
ed074c 
+	}
ed074c 
+    }
ed074c 
+    buf->data[offset+1] = (CKYByte) ((val >> 8) & 0xff);
ed074c 
+    buf->data[offset+0] = (CKYByte) ((val >> 0) & 0xff);
ed074c 
+    return CKYSUCCESS;
ed074c 
+}
ed074c 
+
ed074c 
+CKYStatus
ed074c 
 CKYBuffer_SetLong(CKYBuffer *buf, CKYOffset offset, unsigned long val)
ed074c 
 {
ed074c 
     CKYStatus ret;
ed074c 
@@ -368,6 +418,24 @@ CKYBuffer_SetLong(CKYBuffer *buf, CKYOff
ed074c 
     return CKYSUCCESS;
ed074c 
 }
ed074c
ed074c 
+CKYStatus
ed074c 
+CKYBuffer_SetLongLE(CKYBuffer *buf, CKYOffset offset, unsigned long val)
ed074c 
+{
ed074c 
+    CKYStatus ret;
ed074c 
+
ed074c 
+    if (buf->len < offset+4) {
ed074c 
+	ret = CKYBuffer_Resize(buf,offset+4);
ed074c 
+	if (ret != CKYSUCCESS) {
ed074c 
+	    return ret;
ed074c 
+	}
ed074c 
+    }
ed074c 
+    buf->data[offset+3] = (CKYByte) ((val >> 24) & 0xff);
ed074c 
+    buf->data[offset+2] = (CKYByte) ((val >> 16) & 0xff);
ed074c 
+    buf->data[offset+1] = (CKYByte) ((val >>  8) & 0xff);
ed074c 
+    buf->data[offset+0] = (CKYByte) ((val >>  0) & 0xff);
ed074c 
+    return CKYSUCCESS;
ed074c 
+}
ed074c 
+
ed074c 
 CKYByte
ed074c 
 CKYBuffer_GetChar(const CKYBuffer *buf, CKYOffset offset)
ed074c 
 {
ed074c 
@@ -388,6 +456,18 @@ CKYBuffer_GetShort(const CKYBuffer *buf,
ed074c 
     val |= ((unsigned short)buf->data[offset+1]) << 0;
ed074c 
     return val;
ed074c 
 }
ed074c 
+
ed074c 
+unsigned short
ed074c 
+CKYBuffer_GetShortLE(const CKYBuffer *buf, CKYOffset offset)
ed074c 
+{
ed074c 
+    unsigned short val;
ed074c 
+    if (buf->len < offset+2) {
ed074c 
+	return 0;
ed074c 
+    }
ed074c 
+    val  = ((unsigned short)buf->data[offset+1]) << 8;
ed074c 
+    val |= ((unsigned short)buf->data[offset+0]) << 0;
ed074c 
+    return val;
ed074c 
+}
ed074c
ed074c 
 unsigned long
ed074c 
 CKYBuffer_GetLong(const CKYBuffer *buf, CKYOffset offset)
ed074c 
@@ -402,6 +482,20 @@ CKYBuffer_GetLong(const CKYBuffer *buf,
ed074c 
     val |= ((unsigned long)buf->data[offset+3]) << 0;
ed074c 
     return val;
ed074c 
 }
ed074c 
+
ed074c 
+unsigned long
ed074c 
+CKYBuffer_GetLongLE(const CKYBuffer *buf, CKYOffset offset)
ed074c 
+{
ed074c 
+    unsigned long val;
ed074c 
+    if (buf->len < offset+4) {
ed074c 
+	return 0;
ed074c 
+    }
ed074c 
+    val  = ((unsigned long)buf->data[offset+3]) << 24;
ed074c 
+    val |= ((unsigned long)buf->data[offset+2]) << 16;
ed074c 
+    val |= ((unsigned long)buf->data[offset+1]) << 8;
ed074c 
+    val |= ((unsigned long)buf->data[offset+0]) << 0;
ed074c 
+    return val;
ed074c 
+}
ed074c
ed074c 
 CKYStatus
ed074c 
 CKYBuffer_Resize(CKYBuffer *buf, CKYSize newLen)
ed074c 
diff -up ./src/libckyapplet/cky_base.h.cac ./src/libckyapplet/cky_base.h
ed074c 
--- ./src/libckyapplet/cky_base.h.cac	2006-06-09 11:44:17.000000000 -0700
ed074c 
+++ ./src/libckyapplet/cky_base.h	2010-06-16 13:43:51.592179000 -0700
ed074c 
@@ -170,9 +170,15 @@ CKYStatus CKYBuffer_AppendChar(CKYBuffer
ed074c 
 /* append a short in applet order */
ed074c 
 CKYStatus CKYBuffer_AppendShort(CKYBuffer *buf, unsigned short val);
ed074c
ed074c 
+/* append a short in little endian order */
ed074c 
+CKYStatus CKYBuffer_AppendShortLE(CKYBuffer *buf, unsigned short val);
ed074c 
+
ed074c 
 /* append a long in applet order */
ed074c 
 CKYStatus CKYBuffer_AppendLong(CKYBuffer *buf, unsigned long val);
ed074c
ed074c 
+/* append a long in little endian order */
ed074c 
+CKYStatus CKYBuffer_AppendLongLE(CKYBuffer *buf, unsigned long val);
ed074c 
+
ed074c 
 /* append data. the data starts at data and extends len bytes */
ed074c 
 CKYStatus CKYBuffer_AppendData(CKYBuffer *buf, const CKYByte *data, CKYSize len);
ed074c
ed074c 
@@ -210,12 +216,18 @@ CKYStatus CKYBuffer_SetChars(CKYBuffer *
ed074c 
 CKYStatus CKYBuffer_SetShort(CKYBuffer *buf, CKYOffset offset, unsigned short val);
ed074c 
 CKYStatus CKYBuffer_SetLong(CKYBuffer *buf, CKYOffset offset, unsigned long val);
ed074c
ed074c 
+/* These functions work in little endian order */
ed074c 
+CKYStatus CKYBuffer_SetShortLE(CKYBuffer *buf, CKYOffset offset, unsigned short val);
ed074c 
+CKYStatus CKYBuffer_SetLongLE(CKYBuffer *buf, CKYOffset offset, unsigned long val);
ed074c 
 /* read a character from offset. If offset is beyond the end of the buffer,
ed074c 
  * then the function returns '0' */
ed074c 
 CKYByte CKYBuffer_GetChar(const CKYBuffer *buf, CKYOffset offset);
ed074c 
 /* These functions work in applet order */
ed074c 
 unsigned short CKYBuffer_GetShort(const CKYBuffer *buf, CKYOffset offset);
ed074c 
 unsigned long CKYBuffer_GetLong(const CKYBuffer *buf, CKYOffset offset);
ed074c 
+/* These functions work in little endian order */
ed074c 
+unsigned short CKYBuffer_GetShortLE(const CKYBuffer *buf, CKYOffset offset);
ed074c 
+unsigned long CKYBuffer_GetLongLE(const CKYBuffer *buf, CKYOffset offset);
ed074c
ed074c 
 /* clear out all the data in a buffer */
ed074c 
 void CKYBuffer_Zero(CKYBuffer *buf);
ed074c 
diff -up ./src/libckyapplet/cky_factory.c.cac ./src/libckyapplet/cky_factory.c
ed074c 
--- ./src/libckyapplet/cky_factory.c.cac	2010-06-16 13:43:51.393185000 -0700
ed074c 
+++ ./src/libckyapplet/cky_factory.c	2010-06-16 14:48:08.885473000 -0700
ed074c 
@@ -25,12 +25,13 @@
ed074c 
  * special commands can be issued at any time
ed074c 
  */
ed074c 
 CKYStatus
ed074c 
-CKYAPDUFactory_SelectFile(CKYAPDU *apdu, const CKYBuffer *AID)
ed074c 
+CKYAPDUFactory_SelectFile(CKYAPDU *apdu, CKYByte p1, CKYByte p2,
ed074c 
+			  const CKYBuffer *AID)
ed074c 
 {
ed074c 
     CKYAPDU_SetCLA(apdu, CKY_CLASS_ISO7816);
ed074c 
     CKYAPDU_SetINS(apdu, CKY_INS_SELECT_FILE);
ed074c 
-    CKYAPDU_SetP1(apdu, 0x04);
ed074c 
-    CKYAPDU_SetP2(apdu, 0x00);
ed074c 
+    CKYAPDU_SetP1(apdu, p1);
ed074c 
+    CKYAPDU_SetP2(apdu, p2);
ed074c 
     return CKYAPDU_SetSendDataBuffer(apdu, AID);
ed074c 
 }
ed074c
ed074c 
@@ -131,6 +132,7 @@ fail:
ed074c 
     return ret;
ed074c 
 }
ed074c
ed074c 
+
ed074c 
 CKYStatus
ed074c 
 CKYAPDUFactory_ComputeCryptFinal(CKYAPDU *apdu, CKYByte keyNumber,
ed074c 
 		CKYByte location, const CKYBuffer *data, const CKYBuffer *sig)
ed074c 
@@ -572,11 +574,11 @@ CKYAPDUFactory_GetBuiltinACL(CKYAPDU *ap
ed074c 
 }
ed074c
ed074c 
 CKYStatus
ed074c 
-CACAPDUFactory_SignDecrypt(CKYAPDU *apdu, const CKYBuffer *data)
ed074c 
+CACAPDUFactory_SignDecrypt(CKYAPDU *apdu, CKYByte type, const CKYBuffer *data)
ed074c 
 {
ed074c 
     CKYAPDU_SetCLA(apdu, CKY_CLASS_ISO7816);
ed074c 
     CKYAPDU_SetINS(apdu, CAC_INS_SIGN_DECRYPT);
ed074c 
-    CKYAPDU_SetP1(apdu, 0x00);
ed074c 
+    CKYAPDU_SetP1(apdu, type);
ed074c 
     CKYAPDU_SetP2(apdu, 0x00);
ed074c 
     return CKYAPDU_SetSendDataBuffer(apdu, data);
ed074c 
 }
ed074c 
@@ -592,6 +594,36 @@ CACAPDUFactory_GetCertificate(CKYAPDU *a
ed074c 
 }
ed074c
ed074c 
 CKYStatus
ed074c 
+CACAPDUFactory_ReadFile(CKYAPDU *apdu, unsigned short offset,
ed074c 
+					CKYByte type, CKYByte count)
ed074c 
+{
ed074c 
+    CKYStatus ret;
ed074c 
+    CKYBuffer buf;
ed074c 
+
ed074c 
+    CKYBuffer_InitEmpty(&buf;;
ed074c 
+    CKYAPDU_SetCLA(apdu, CKY_CLASS_GLOBAL_PLATFORM);
ed074c 
+    CKYAPDU_SetINS(apdu, CAC_INS_READ_FILE);
ed074c 
+    CKYAPDU_SetP1(apdu, (offset >> 8) & 0xff);
ed074c 
+    CKYAPDU_SetP2(apdu, offset & 0xff);
ed074c 
+    ret = CKYBuffer_Reserve(&buf, 2);
ed074c 
+    if (ret != CKYSUCCESS) {
ed074c 
+	    goto fail;
ed074c 
+    }
ed074c 
+    ret = CKYBuffer_AppendChar(&buf, type);
ed074c 
+    if (ret != CKYSUCCESS) {
ed074c 
+	    goto fail;
ed074c 
+    }
ed074c 
+    ret = CKYBuffer_AppendChar(&buf, count);
ed074c 
+    if (ret != CKYSUCCESS) {
ed074c 
+	    goto fail;
ed074c 
+    }
ed074c 
+    ret = CKYAPDU_SetSendDataBuffer(apdu, &buf;;
ed074c 
+fail:
ed074c 
+    CKYBuffer_FreeData(&buf;;
ed074c 
+    return ret;
ed074c 
+}
ed074c 
+
ed074c 
+CKYStatus
ed074c 
 CACAPDUFactory_GetProperties(CKYAPDU *apdu)
ed074c 
 {
ed074c 
     CKYAPDU_SetCLA(apdu, CKY_CLASS_ISO7816);
ed074c 
diff -up ./src/libckyapplet/cky_factory.h.cac ./src/libckyapplet/cky_factory.h
ed074c 
--- ./src/libckyapplet/cky_factory.h.cac	2010-06-16 13:43:51.402181000 -0700
ed074c 
+++ ./src/libckyapplet/cky_factory.h	2010-06-16 14:43:20.867049000 -0700
ed074c 
@@ -86,7 +86,11 @@
ed074c 
 #define CAC_INS_SIGN_DECRYPT	0x42
ed074c 
 #define CAC_INS_VERIFY_PIN	0x20
ed074c 
 #define CAC_INS_GET_PROPERTIES	0x56
ed074c 
+#define CAC_INS_READ_FILE	0x52
ed074c 
+
ed074c 
 #define CAC_SIZE_GET_PROPERTIES	48
ed074c 
+#define CAC_P1_STEP		0x80
ed074c 
+#define CAC_P1_FINAL		0x00
ed074c
ed074c 
 /*
ed074c 
  * Fixed return sized from various commands
ed074c 
@@ -169,7 +173,8 @@
ed074c 
 CKY_BEGIN_PROTOS
ed074c
ed074c 
 /* function based factorys */
ed074c 
-CKYStatus CKYAPDUFactory_SelectFile(CKYAPDU *apdu, const CKYBuffer *AID);
ed074c 
+CKYStatus CKYAPDUFactory_SelectFile(CKYAPDU *apdu, CKYByte p1, CKYByte p2,
ed074c 
+				    const CKYBuffer *AID);
ed074c 
 CKYStatus CKYAPDUFactory_SelectCardManager(CKYAPDU *apdu);
ed074c 
 CKYStatus CKYAPDUFactory_GetCPLCData(CKYAPDU *apdu);
ed074c 
 CKYStatus CKYAPDUFactory_ListKeys(CKYAPDU *apdu, CKYByte sequence);
ed074c 
@@ -211,9 +216,12 @@ CKYStatus CKYAPDUFactory_SeedRandom(CKYA
ed074c 
 CKYStatus CKYAPDUFactory_GetIssuerInfo(CKYAPDU *apdu);
ed074c 
 CKYStatus CKYAPDUFactory_GetBuiltinACL(CKYAPDU *apdu);
ed074c
ed074c 
-CKYStatus CACAPDUFactory_SignDecrypt(CKYAPDU *apdu, const CKYBuffer *data);
ed074c 
+CKYStatus CACAPDUFactory_SignDecrypt(CKYAPDU *apdu, CKYByte type,
ed074c 
+				     const CKYBuffer *data);
ed074c 
 CKYStatus CACAPDUFactory_VerifyPIN(CKYAPDU *apdu, const char *pin);
ed074c 
 CKYStatus CACAPDUFactory_GetCertificate(CKYAPDU *apdu, CKYSize size);
ed074c 
+CKYStatus CACAPDUFactory_ReadFile(CKYAPDU *apdu, unsigned short offset,
ed074c 
+				  CKYByte type, CKYByte count);
ed074c 
 CKYStatus CACAPDUFactory_GetProperties(CKYAPDU *apdu);
ed074c
ed074c 
 CKY_END_PROTOS

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation