security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

Fix for extended length Le in decipher

Browse Source
This commit is contained in:
Werner Koch 2009-09-03 10:57:23 +00:00
parent 64c8f1777c
commit 983f91937c
7 changed files with 47 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
scd/ChangeLog
View File

@ -1,3 +1,12 @@
2009-09-03 Werner Koch <wk@g10code.com>
* app-openpgp.c (do_decipher): Compute required Le.
* iso7816.c (iso7816_decipher): Add new arg LE.
* app-nks.c (do_decipher): Adjust for change.
* iso7816.c (iso7816_put_data, iso7816_put_data_odd): Turn DATA
into a void ptr.
2009-08-05 Werner Koch <wk@g10code.com> 2009-08-05 Werner Koch <wk@g10code.com>
* app-openpgp.c (change_keyattr_from_string): New. * app-openpgp.c (change_keyattr_from_string): New.

2
scd/apdu.c
View File

@ -15,8 +15,6 @@
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>. * along with this program; if not, see <http://www.gnu.org/licenses/>.
*
* $Id$
*/ */
/* NOTE: This module is also used by other software, thus the use of /* NOTE: This module is also used by other software, thus the use of

2
scd/app-geldkarte.c
View File

@ -274,7 +274,7 @@ bcd_to_int (const unsigned char *string, size_t length, int *result)
gpg_error_t gpg_error_t
app_select_geldkarte (app_t app) app_select_geldkarte (app_t app)
{ {
static unsigned char const aid[] = static char const aid[] =
{ 0xD2, 0x76, 0x00, 0x00, 0x25, 0x45, 0x50, 0x02, 0x00 }; { 0xD2, 0x76, 0x00, 0x00, 0x25, 0x45, 0x50, 0x02, 0x00 };
gpg_error_t err; gpg_error_t err;
int slot = app->slot; int slot = app->slot;

5
scd/app-nks.c
View File

@ -271,7 +271,8 @@ get_chv_status (app_t app, int sigg, int pwid)
command[2] = 0x00; command[2] = 0x00;
command[3] = pwid; command[3] = pwid;
if (apdu_send_direct (app->slot, 0, command, 4, 0, &result, &resultlen)) if (apdu_send_direct (app->slot, 0, (unsigned char *)command,
4, 0, &result, &resultlen))
rc = -1; /* Error. */ rc = -1; /* Error. */
else if (resultlen < 2) else if (resultlen < 2)
rc = -1; /* Error. */ rc = -1; /* Error. */
@ -1055,7 +1056,7 @@ do_decipher (app_t app, const char *keyidstr,
Command chaining does not work. */ Command chaining does not work. */
if (!rc) if (!rc)
rc = iso7816_decipher (app->slot, app->app_local->nks_version > 2? 1:0, rc = iso7816_decipher (app->slot, app->app_local->nks_version > 2? 1:0,
indata, indatalen, 0x81, indata, indatalen, 0, 0x81,
outdata, outdatalen); outdata, outdatalen);
return rc; return rc;
} }

14
scd/app-openpgp.c
View File

@ -16,8 +16,6 @@
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>. * along with this program; if not, see <http://www.gnu.org/licenses/>.
*
* $Id$
*/ */
/* Some notes: /* Some notes:
@ -3316,7 +3314,7 @@ do_decipher (app_t app, const char *keyidstr,
const char *s; const char *s;
int n; int n;
const char *fpr = NULL; const char *fpr = NULL;
int exmode; int exmode, le_value;
if (!keyidstr || !*keyidstr || !indatalen) if (!keyidstr || !*keyidstr || !indatalen)
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);
@ -3401,14 +3399,20 @@ do_decipher (app_t app, const char *keyidstr,
} }
if (app->app_local->cardcap.ext_lc_le && indatalen > 254 ) if (app->app_local->cardcap.ext_lc_le && indatalen > 254 )
{
exmode = 1; /* Extended length w/o a limit. */ exmode = 1; /* Extended length w/o a limit. */
le_value = app->app_local->extcap.max_rsp_data;
}
else if (app->app_local->cardcap.cmd_chaining && indatalen > 254) else if (app->app_local->cardcap.cmd_chaining && indatalen > 254)
{
exmode = -254; /* Command chaining with max. 254 bytes. */ exmode = -254; /* Command chaining with max. 254 bytes. */
le_value = 0;
}
else else
exmode = 0; exmode = le_value = 0;
rc = iso7816_decipher (app->slot, exmode, rc = iso7816_decipher (app->slot, exmode,
indata, indatalen, padind, indata, indatalen, le_value, padind,
outdata, outdatalen); outdata, outdatalen);
xfree (fixbuf); xfree (fixbuf);
} }

24
scd/iso7816.c
View File

@ -15,8 +15,6 @@
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>. * along with this program; if not, see <http://www.gnu.org/licenses/>.
*
* $Id$
*/ */
#include <config.h> #include <config.h>
@ -460,7 +458,7 @@ iso7816_get_data (int slot, int extended_mode, int tag,
bytes. */ bytes. */
gpg_error_t gpg_error_t
iso7816_put_data (int slot, int extended_mode, int tag, iso7816_put_data (int slot, int extended_mode, int tag,
const unsigned char *data, size_t datalen) const void *data, size_t datalen)
{ {
int sw; int sw;
@ -473,7 +471,7 @@ iso7816_put_data (int slot, int extended_mode, int tag,
/* Same as iso7816_put_data but uses an odd instruction byte. */ /* Same as iso7816_put_data but uses an odd instruction byte. */
gpg_error_t gpg_error_t
iso7816_put_data_odd (int slot, int extended_mode, int tag, iso7816_put_data_odd (int slot, int extended_mode, int tag,
const unsigned char *data, size_t datalen) const void *data, size_t datalen)
{ {
int sw; int sw;
@ -545,10 +543,11 @@ iso7816_compute_ds (int slot, int extended_mode,
indicator to be used. It should be 0 if no padding is required, a indicator to be used. It should be 0 if no padding is required, a
value of -1 suppresses the padding byte. On success 0 is returned value of -1 suppresses the padding byte. On success 0 is returned
and the plaintext is available in a newly allocated buffer stored and the plaintext is available in a newly allocated buffer stored
at RESULT with its length stored at RESULTLEN. */ at RESULT with its length stored at RESULTLEN. For LE see
do_generate_keypair. */
gpg_error_t gpg_error_t
iso7816_decipher (int slot, int extended_mode, iso7816_decipher (int slot, int extended_mode,
const unsigned char *data, size_t datalen, const unsigned char *data, size_t datalen, int le,
int padind, unsigned char **result, size_t *resultlen) int padind, unsigned char **result, size_t *resultlen)
{ {
int sw; int sw;
@ -559,6 +558,11 @@ iso7816_decipher (int slot, int extended_mode,
*result = NULL; *result = NULL;
*resultlen = 0; *resultlen = 0;
if (!extended_mode)
le = 256; /* Ignore provided Le and use what apdu_send uses. */
else if (le >= 0 && le < 256)
le = 256;
if (padind >= 0) if (padind >= 0)
{ {
/* We need to prepend the padding indicator. */ /* We need to prepend the padding indicator. */
@ -568,17 +572,17 @@ iso7816_decipher (int slot, int extended_mode,
*buf = padind; /* Padding indicator. */ *buf = padind; /* Padding indicator. */
memcpy (buf+1, data, datalen); memcpy (buf+1, data, datalen);
sw = apdu_send (slot, extended_mode, sw = apdu_send_le (slot, extended_mode,
0x00, CMD_PSO, 0x80, 0x86, 0x00, CMD_PSO, 0x80, 0x86,
datalen+1, (char*)buf, datalen+1, (char*)buf, le,
result, resultlen); result, resultlen);
xfree (buf); xfree (buf);
} }
else else
{ {
sw = apdu_send (slot, extended_mode, sw = apdu_send_le (slot, extended_mode,
0x00, CMD_PSO, 0x80, 0x86, 0x00, CMD_PSO, 0x80, 0x86,
datalen, (const char *)data, datalen, (const char *)data, le,
result, resultlen); result, resultlen);
} }
if (sw != SW_SUCCESS) if (sw != SW_SUCCESS)

8
scd/iso7816.h
View File

@ -15,8 +15,6 @@
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>. * along with this program; if not, see <http://www.gnu.org/licenses/>.
*
* $Id$
*/ */
#ifndef ISO7816_H #ifndef ISO7816_H
@ -87,9 +85,9 @@ gpg_error_t iso7816_reset_retry_counter_with_rc (int slot, int chvno,
gpg_error_t iso7816_get_data (int slot, int extended_mode, int tag, gpg_error_t iso7816_get_data (int slot, int extended_mode, int tag,
unsigned char **result, size_t *resultlen); unsigned char **result, size_t *resultlen);
gpg_error_t iso7816_put_data (int slot, int extended_mode, int tag, gpg_error_t iso7816_put_data (int slot, int extended_mode, int tag,
const unsigned char *data, size_t datalen); const void *data, size_t datalen);
gpg_error_t iso7816_put_data_odd (int slot, int extended_mode, int tag, gpg_error_t iso7816_put_data_odd (int slot, int extended_mode, int tag,
const unsigned char *data, size_t datalen); const void *data, size_t datalen);
gpg_error_t iso7816_manage_security_env (int slot, int p1, int p2, gpg_error_t iso7816_manage_security_env (int slot, int p1, int p2,
const unsigned char *data, const unsigned char *data,
size_t datalen); size_t datalen);
@ -99,7 +97,7 @@ gpg_error_t iso7816_compute_ds (int slot, int extended_mode,
unsigned char **result, size_t *resultlen); unsigned char **result, size_t *resultlen);
gpg_error_t iso7816_decipher (int slot, int extended_mode, gpg_error_t iso7816_decipher (int slot, int extended_mode,
const unsigned char *data, size_t datalen, const unsigned char *data, size_t datalen,
int padind, int le, int padind,
unsigned char **result, size_t *resultlen); unsigned char **result, size_t *resultlen);
gpg_error_t iso7816_internal_authenticate (int slot, int extended_mode, gpg_error_t iso7816_internal_authenticate (int slot, int extended_mode,
const unsigned char *data, size_t datalen, const unsigned char *data, size_t datalen,