From 6c1b9094a6060d9d838bac9ea4f7c4c9e755c4ae Mon Sep 17 00:00:00 2001

From: Steve Ross <sross@forcepoint.com>

Date: Wed, 14 Nov 2018 11:59:43 -0600

Subject: [PATCH] Enable CoolKey driver to handle 2048-bit keys.

For a problem description, see <https://github.com/OpenSC/OpenSC/issues/1524>.

In a nutshell, for a card with the CoolKey applet and 2048-bit keys,

the command

	pkcs11-tool --test --login

fails to complete all of its tests.

This commit consists of a patch from @dengert.

To avoid triggering an error when the data exceeds 255 bytes, this commit

limits the amount of the payload sent to the CoolKey applet on the card based

on the maximum amount of data that the card can receive, and overhead bytes

(namely, a header and nonce) that accompany the payload.

With this change, the command

	pkcs11-tool --test --login

succeeds.

---

 src/libopensc/card-coolkey.c | 6 +++++-

 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/libopensc/card-coolkey.c b/src/libopensc/card-coolkey.c

index e320290dfe..11c4e92643 100644

--- a/src/libopensc/card-coolkey.c

+++ b/src/libopensc/card-coolkey.c

@@ -1168,12 +1168,16 @@ static int coolkey_write_object(sc_card_t *card, unsigned long object_id,

 	size_t operation_len;

 	size_t left = buf_len;

 	int r;

+	size_t max_operation_len;

+

+	/* set limit for the card's maximum send size and short write */

+	max_operation_len = MIN(COOLKEY_MAX_CHUNK_SIZE, (card->max_send_size - sizeof(coolkey_read_object_param_t) - nonce_size));

 	ulong2bebytes(&params.head.object_id[0], object_id);

 	do {

 		ulong2bebytes(&params.head.offset[0], offset);

-		operation_len = MIN(left, COOLKEY_MAX_CHUNK_SIZE);

+		operation_len = MIN(left, max_operation_len);

 		params.head.length = operation_len;

 		memcpy(params.buf, buf, operation_len);

 		r = coolkey_apdu_io(card, COOLKEY_CLASS, COOLKEY_INS_WRITE_OBJECT, 0, 0,