From abdbb9d8c09146cd0bfbb5ef8861c1f3a14a83c7 Mon Sep 17 00:00:00 2001 From: Steve Ross Date: Wed, 14 Nov 2018 11:59:43 -0600 Subject: [PATCH] Enable CoolKey driver to handle 2048-bit keys. For a problem description, see . In a nutshell, for a card with the CoolKey applet and 2048-bit keys, the command pkcs11-tool --test --login fails to complete all of its tests. This commit consists of a patch from @dengert. To avoid triggering an error when the data exceeds 255 bytes, this commit limits the amount of the payload sent to the CoolKey applet on the card based on the maximum amount of data that the card can receive, and overhead bytes (namely, a header and nonce) that accompany the payload. With this change, the command pkcs11-tool --test --login succeeds. --- src/libopensc/card-coolkey.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/libopensc/card-coolkey.c b/src/libopensc/card-coolkey.c index e320290dfe..11c4e92643 100644 --- a/src/libopensc/card-coolkey.c +++ b/src/libopensc/card-coolkey.c @@ -1168,12 +1168,16 @@ static int coolkey_write_object(sc_card_t *card, unsigned long object_id, size_t operation_len; size_t left = buf_len; int r; + size_t max_operation_len; + + /* set limit for the card's maximum send size and short write */ + max_operation_len = MIN(COOLKEY_MAX_CHUNK_SIZE, (card->max_send_size - sizeof(coolkey_read_object_param_t) - nonce_size)); ulong2bebytes(¶ms.head.object_id[0], object_id); do { ulong2bebytes(¶ms.head.offset[0], offset); - operation_len = MIN(left, COOLKEY_MAX_CHUNK_SIZE); + operation_len = MIN(left, max_operation_len); params.head.length = operation_len; memcpy(params.buf, buf, operation_len); r = coolkey_apdu_io(card, COOLKEY_CLASS, COOLKEY_INS_WRITE_OBJECT, 0, 0,