diff --git a/src/libopensc/card-myeid.c b/src/libopensc/card-myeid.c index 6b3754f0..f93078e2 100644 --- a/src/libopensc/card-myeid.c +++ b/src/libopensc/card-myeid.c @@ -1123,11 +1123,12 @@ static int myeid_activate_card(struct sc_card *card) static int myeid_get_info(struct sc_card *card, u8 *rbuf, size_t buflen) { - int r; sc_apdu_t apdu; - + int r; + u8 nameBuf[100]; + LOG_FUNC_CALLED(card->ctx); - + sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0xA0); apdu.resp = rbuf; apdu.resplen = buflen; @@ -1143,13 +1144,12 @@ static int myeid_get_info(struct sc_card *card, u8 *rbuf, size_t buflen) { sc_log(card->ctx, "Unexpected response to GET DATA (applet info)\n"); return SC_ERROR_INTERNAL; - } - + } + /* store the applet version */ card->version.fw_major = rbuf[5] * 10 + rbuf[6]; card->version.fw_minor = rbuf[7]; /* add version to name */ - u8 nameBuf[100]; sprintf(nameBuf, "%s %d.%d.%d", card->name, rbuf[5], rbuf[6], rbuf[7]); card->name = nameBuf; //card->driver->name @@ -1162,13 +1162,13 @@ static int myeid_get_serialnr(sc_card_t *card, sc_serial_number_t *serial) u8 rbuf[256]; LOG_FUNC_CALLED(card->ctx); - - /* if number cached, get it + + /* if number cached, get it if(card->serialnr.value) { memcpy(serial, &card->serialnr, sizeof(*serial)); LOG_FUNC_RETURN(card->ctx, r); }*/ - + /* get number from card */ r = myeid_get_info(card, rbuf, sizeof(rbuf)); LOG_TEST_RET(card->ctx, r, "Get applet info failed"); diff --git a/src/libopensc/pkcs15-prkey.c b/src/libopensc/pkcs15-prkey.c index ea5f118b..a057044e 100644 --- a/src/libopensc/pkcs15-prkey.c +++ b/src/libopensc/pkcs15-prkey.c @@ -575,7 +575,6 @@ sc_pkcs15_free_prkey(struct sc_pkcs15_prkey *key) free(key->u.gostr3410.d.data); break; case SC_ALGORITHM_EC: - /* TODO: -DEE may not need much */ if (key->u.ec.params.der.value) free(key->u.ec.params.der.value); if (key->u.ec.params.named_curve) @@ -668,38 +667,34 @@ sc_pkcs15_convert_prkey(struct sc_pkcs15_prkey *pkcs15_key, void *evp_key) } case EVP_PKEY_EC: { struct sc_pkcs15_prkey_ec *dst = &pkcs15_key->u.ec; - EC_KEY *src = EVP_PKEY_get0(pk); - - assert(src); - pkcs15_key->algorithm = SC_ALGORITHM_EC; - assert(EC_KEY_get0_private_key(src)); - if (!sc_pkcs15_convert_bignum(&dst->privateD, EC_KEY_get0_private_key(src))) - return SC_ERROR_INCOMPATIBLE_KEY; - - assert(EC_KEY_get0_public_key(src)); - + EC_KEY *src = NULL; + const EC_GROUP *grp = NULL; unsigned char buf[255]; size_t buflen = 255; - - const EC_GROUP *grp = EC_KEY_get0_group(src); - if(grp == 0) { - //EC_KEY_free(src); - return SC_ERROR_INCOMPATIBLE_KEY; - } - - /* get curve name */ int nid; + + src = EVP_PKEY_get0(pk); + assert(src); + assert(EC_KEY_get0_private_key(src)); + assert(EC_KEY_get0_public_key(src)); + + pkcs15_key->algorithm = SC_ALGORITHM_EC; + if (!sc_pkcs15_convert_bignum(&dst->privateD, EC_KEY_get0_private_key(src))) + return SC_ERROR_INCOMPATIBLE_KEY; + + grp = EC_KEY_get0_group(src); + if(grp == 0) + return SC_ERROR_INCOMPATIBLE_KEY; + + /* get curve name */ nid = EC_GROUP_get_curve_name(grp); if(nid != 0) dst->params.named_curve = strdup(OBJ_nid2sn(nid)); - + /* Decode EC_POINT from a octet string */ - buflen = EC_POINT_point2oct(grp, (const EC_POINT *) EC_KEY_get0_public_key(src), + buflen = EC_POINT_point2oct(grp, (const EC_POINT *) EC_KEY_get0_public_key(src), POINT_CONVERSION_UNCOMPRESSED, buf, buflen, NULL); - - /* clean up */ - //EC_KEY_free(src); - + /* copy the public key */ if (buflen > 0) { dst->ecpointQ.value = malloc(buflen); @@ -708,8 +703,9 @@ sc_pkcs15_convert_prkey(struct sc_pkcs15_prkey *pkcs15_key, void *evp_key) /* calculate the field length */ dst->params.field_length = (buflen - 1) / 2 * 8; } - else - return SC_ERROR_INCOMPATIBLE_KEY; + else { + return SC_ERROR_INCOMPATIBLE_KEY; + } break; } diff --git a/src/libopensc/pkcs15-pubkey.c b/src/libopensc/pkcs15-pubkey.c index 98cf2e94..d1f03ab8 100644 --- a/src/libopensc/pkcs15-pubkey.c +++ b/src/libopensc/pkcs15-pubkey.c @@ -646,24 +646,16 @@ int sc_pkcs15_encode_pubkey_ec(sc_context_t *ctx, struct sc_pkcs15_pubkey_ec *key, u8 **buf, size_t *buflen) { - int r; - /*u8 * ecpoint_data; - size_t ecpoint_len;*/ struct sc_asn1_entry asn1_ec_pointQ[C_ASN1_EC_POINTQ_SIZE]; - - /*buf = malloc(key->ecpointQ.len); - if (*buf == NULL) - return SC_ERROR_OUT_OF_MEMORY;*/ - + int r; + sc_copy_asn1_entry(c_asn1_ec_pointQ, asn1_ec_pointQ); sc_format_asn1_entry(asn1_ec_pointQ + 0, key->ecpointQ.value, &key->ecpointQ.len, 1); - -/* memcpy(*buf, key->ecpointQ.value, key->ecpointQ.len); - *buflen = key->ecpointQ.len; -*/ - r = sc_asn1_encode(ctx, asn1_ec_pointQ, buf, buflen); - sc_log(ctx, "DEE-EC key->ecpointQ=%p:%d *buf=%p:%d", key->ecpointQ.value, key->ecpointQ.len, *buf, *buflen); + r = sc_asn1_encode(ctx, asn1_ec_pointQ, buf, buflen); + LOG_TEST_RET(ctx, r, "ASN.1 encoding failed"); + + sc_log(ctx, "EC key->ecpointQ=%p:%d *buf=%p:%d", key->ecpointQ.value, key->ecpointQ.len, *buf, *buflen); return 0; } @@ -833,7 +825,6 @@ sc_pkcs15_pubkey_from_prvkey(struct sc_context *ctx, struct sc_pkcs15_prkey *prv pubkey->u.ec.ecpointQ.value = malloc(prvkey->u.ec.ecpointQ.len); memcpy(pubkey->u.ec.ecpointQ.value, prvkey->u.ec.ecpointQ.value, prvkey->u.ec.ecpointQ.len); pubkey->u.ec.ecpointQ.len = prvkey->u.ec.ecpointQ.len; - rv = SC_SUCCESS; break; default: sc_log(ctx, "Unsupported private key algorithm"); @@ -845,7 +836,7 @@ sc_pkcs15_pubkey_from_prvkey(struct sc_context *ctx, struct sc_pkcs15_prkey *prv else *out = pubkey; - return SC_SUCCESS; + return rv; } @@ -984,7 +975,7 @@ out: * or can be called from the sc_pkcs15_pubkey_from_spki_filename */ int -sc_pkcs15_pubkey_from_spki(sc_context_t *ctx, sc_pkcs15_pubkey_t ** outpubkey, +sc_pkcs15_pubkey_from_spki(sc_context_t *ctx, sc_pkcs15_pubkey_t ** outpubkey, u8 *buf, size_t buflen, int depth) { @@ -1258,37 +1249,33 @@ sc_pkcs15_convert_pubkey(struct sc_pkcs15_pubkey *pkcs15_key, void *evp_key) } case EVP_PKEY_EC: { struct sc_pkcs15_pubkey_ec *dst = &pkcs15_key->u.ec; - EC_KEY *src = EVP_PKEY_get0(pk); - - assert(src); - pkcs15_key->algorithm = SC_ALGORITHM_EC; - - assert(EC_KEY_get0_public_key(src)); - + EC_KEY *src = NULL; + const EC_GROUP *grp = NULL; unsigned char buf[255]; size_t buflen = 255; - - const EC_GROUP *grp = EC_KEY_get0_group(src); - if(grp == 0) { - //EC_KEY_free(src); - return SC_ERROR_INCOMPATIBLE_KEY; - } - - /* Decode EC_POINT from a octet string */ - buflen = EC_POINT_point2oct(grp, (const EC_POINT *) EC_KEY_get0_public_key(src), - POINT_CONVERSION_UNCOMPRESSED, buf, buflen, NULL); - - /* get curve name */ int nid; + + src = EVP_PKEY_get0(pk); + assert(src); + assert(EC_KEY_get0_public_key(src)); + + pkcs15_key->algorithm = SC_ALGORITHM_EC; + grp = EC_KEY_get0_group(src); + if(grp == 0) + return SC_ERROR_INCOMPATIBLE_KEY; + + /* Decode EC_POINT from a octet string */ + buflen = EC_POINT_point2oct(grp, (const EC_POINT *) EC_KEY_get0_public_key(src), + POINT_CONVERSION_UNCOMPRESSED, buf, buflen, NULL); + + /* get curve name */ nid = EC_GROUP_get_curve_name(grp); if(nid != 0) { const char *name = OBJ_nid2sn(nid); if(sizeof(name) > 0) dst->params.named_curve = strdup(name); } - /* clean up */ - //EC_KEY_free(src); - + /* copy the public key */ if (buflen > 0) { dst->ecpointQ.value = malloc(buflen); @@ -1298,7 +1285,7 @@ sc_pkcs15_convert_pubkey(struct sc_pkcs15_pubkey *pkcs15_key, void *evp_key) dst->params.field_length = (buflen - 1) / 2 * 8; } else - return SC_ERROR_INCOMPATIBLE_KEY; + return SC_ERROR_INCOMPATIBLE_KEY; break; } diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c index b6028df5..7bc64d77 100644 --- a/src/pkcs15init/pkcs15-lib.c +++ b/src/pkcs15init/pkcs15-lib.c @@ -1530,7 +1530,7 @@ sc_pkcs15init_store_public_key(struct sc_pkcs15_card *p15card, } else if(key.algorithm == SC_ALGORITHM_EC) key_info->field_length = keybits; - + /* Select a intrinsic Key ID if the user didn't specify one */ r = select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_PUBKEY, &keyargs->id, &key); LOG_TEST_RET(ctx, r, "Get intrinsic ID error"); @@ -1969,7 +1969,8 @@ check_keygen_params_consistency(struct sc_card *card, struct sc_pkcs15init_keyge * Check whether the card has native crypto support for this key. */ static int -check_key_compatibility(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey *key, unsigned int x509_usage, unsigned int key_length, unsigned int flags) +check_key_compatibility(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey *key, unsigned int x509_usage, + unsigned int key_length, unsigned int flags) { struct sc_algorithm_info *info; unsigned int count; @@ -1977,7 +1978,9 @@ check_key_compatibility(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey * count = p15card->card->algorithm_count; for (info = p15card->card->algorithms; count--; info++) { /* don't check flags if none was specified */ - if (info->algorithm != key->algorithm || info->key_length != key_length || (flags != 0 && (info->flags & flags) != flags)) + if (info->algorithm != key->algorithm || info->key_length != key_length) + continue; + if (flags != 0 && ((info->flags & flags) != flags)) continue; if (key->algorithm == SC_ALGORITHM_RSA) {