trunk/OpenPGPminidriver/CardCryptographicOperations.c

/*      OpenPGP Smart Card Mini Driver
    Copyright (C) 2009 Vincent Le Toux

    This library is Free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
    License version 2.1 as published by the Free Software Foundation.

    This library is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    Lesser General Public License for more details.

    You should have received a copy of the GNU Lesser General Public
    License along with this library; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/

#include <windows.h>
#include <cardmod.h>
#include "Tracing.h"
#include "Context.h"
#include "CryptoOperations.h"

// 4.7 Cryptographic operations

/** This function performs an RSA decryption operation on the passed buffer
by using the private key that a container index refers to. Note that for
ECC-only smart cards, this entry point is not defined and is set to NULL 
in the returned CARD_DATA structure from CardAcquireContext. This operation
is restricted to a single buffer of a size equal to the key modulus.*/

DWORD WINAPI CardRSADecrypt(
    __in PCARD_DATA  pCardData,
    __inout PCARD_RSA_DECRYPT_INFO  pInfo
)
{
        DWORD dwReturn = 0;     
        
        Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
        __try
        {
                if ( pCardData == NULL )
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"pCardData == NULL");
                        dwReturn  = SCARD_E_INVALID_PARAMETER;
                        __leave;
                }

                if ( pInfo == NULL )
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"pInfo == NULL");
                        dwReturn  = SCARD_E_INVALID_PARAMETER;
                        __leave;
                }
                if ( pInfo->pbData == NULL )
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"pInfo->pbData == NULL");
                        dwReturn  = SCARD_E_INVALID_PARAMETER;
                        __leave;
                }
                if (pInfo->dwVersion != CARD_RSA_KEY_DECRYPT_INFO_VERSION_ONE 
                        && pInfo->dwVersion != CARD_RSA_KEY_DECRYPT_INFO_VERSION_TWO)
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"ERROR_REVISION_MISMATCH");
                        dwReturn  = ERROR_REVISION_MISMATCH;
                        __leave;
                }
                if (pInfo->dwKeySpec != AT_KEYEXCHANGE)
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"AT_KEYEXCHANGE %d", pInfo->dwKeySpec);
                        dwReturn  = SCARD_E_INVALID_PARAMETER ;
                        __leave;
                }
                if (pInfo->bContainerIndex != ContainerConfidentiality)
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"Confidentiality %d", pInfo->bContainerIndex);
                        dwReturn  = SCARD_E_NO_KEY_CONTAINER ;
                        __leave;
                }
                dwReturn = CheckContext(pCardData);
                if ( dwReturn)
                {
                        __leave;
                }
                dwReturn = OCardDecrypt(pCardData, pInfo);
                if (dwReturn == SCARD_W_WRONG_CHV)
                {
                        dwReturn = SCARD_W_SECURITY_VIOLATION;
                }
        }
        __finally
        {
        }
        Trace(WINEVENT_LEVEL_VERBOSE, L"dwReturn = 0x%08X",dwReturn);
        return dwReturn;
}


/** The CardSignData function signs a block of unpadded data. This entry either performs
padding on the card or pads the data by using the PFN_CSP_PAD_DATA callback. All card 
minidrivers must support this entry point.*/

DWORD WINAPI CardSignData(
    __in PCARD_DATA  pCardData,
    __in PCARD_SIGNING_INFO  pInfo
)
{
        DWORD dwReturn = 0;     
        
        Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
        __try
        {
                if ( pCardData == NULL )
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"pCardData == NULL");
                        dwReturn  = SCARD_E_INVALID_PARAMETER;
                        __leave;
                }

                if ( pInfo == NULL )
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"pInfo == NULL");
                        dwReturn  = SCARD_E_INVALID_PARAMETER;
                        __leave;
                }
                if ( ( pInfo->dwVersion != CARD_SIGNING_INFO_BASIC_VERSION   ) &&
                        ( pInfo->dwVersion != CARD_SIGNING_INFO_CURRENT_VERSION ) )
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"dwVersion == %d", pInfo->dwVersion);
                        dwReturn  = ERROR_REVISION_MISMATCH;
                        __leave;
                }
                if ( pInfo->pbData == NULL )
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"pInfo->pbData == NULL");
                        dwReturn  = SCARD_E_INVALID_PARAMETER;
                        __leave;
                }
                if (pInfo->dwKeySpec != AT_SIGNATURE && pInfo->dwKeySpec != AT_KEYEXCHANGE)
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"AT_SIGNATURE %d", pInfo->dwKeySpec);
                        dwReturn  = SCARD_E_INVALID_PARAMETER ;
                        __leave;
                }
                dwReturn = CheckContext(pCardData);
                if ( dwReturn)
                {
                        __leave;
                }
                switch(pInfo->bContainerIndex)
                {
                case ContainerAuthentication:
                case ContainerConfidentiality:
                        dwReturn = OCardAuthenticate(pCardData, pInfo);
                        break;
                case ContainerSignature:
                        dwReturn = OCardSign(pCardData, pInfo);
                        break;
                default:
                        dwReturn = SCARD_E_NO_KEY_CONTAINER;
                        Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_NO_KEY_CONTAINER %d", pInfo->bContainerIndex);
                        __leave;
                }
                if (dwReturn == SCARD_W_WRONG_CHV)
                {
                        dwReturn = SCARD_W_SECURITY_VIOLATION;
                }
        }
        __finally
        {
        }
        Trace(WINEVENT_LEVEL_VERBOSE, L"dwReturn = 0x%08X",dwReturn);
        return dwReturn;
}

/** This function returns the public key sizes that are supported by the card in use.*/
DWORD WINAPI CardQueryKeySizes(
    __in PCARD_DATA  pCardData,
    __in DWORD  dwKeySpec,
    __in DWORD  dwFlags,
    __inout PCARD_KEY_SIZES  pKeySizes
)
{
        DWORD dwReturn = 0, dwVersion;  
        Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
        __try
        {
                if ( pCardData == NULL )
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"pCardData == NULL");
                        dwReturn  = SCARD_E_INVALID_PARAMETER;
                        __leave;
                }

                if ( dwFlags != 0 )
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"dwFlags != 0 : %d", dwFlags);
                        dwReturn  = SCARD_E_INVALID_PARAMETER;
                        __leave;
                }
                if ( pKeySizes == NULL )
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"pKeySizes == NULL");
                        dwReturn  = SCARD_E_INVALID_PARAMETER;
                        __leave;
                }
                dwVersion = (pKeySizes->dwVersion == 0) ? 1 : pKeySizes->dwVersion;
                if ( dwVersion != CARD_KEY_SIZES_CURRENT_VERSION )
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"dwVersion == %d", pKeySizes->dwVersion);
                        dwReturn  = ERROR_REVISION_MISMATCH;
                        __leave;
                }
                dwReturn = CheckContext(pCardData);
                if ( dwReturn)
                {
                        __leave;
                }
                switch(dwKeySpec)
                {
                        case AT_ECDHE_P256 :
                        case AT_ECDHE_P384 :
                        case AT_ECDHE_P521 :
                        case AT_ECDSA_P256 :
                        case AT_ECDSA_P384 :
                        case AT_ECDSA_P521 :
                                Trace(WINEVENT_LEVEL_ERROR, L"dwKeySpec == %d", dwKeySpec);
                                dwReturn = SCARD_E_UNSUPPORTED_FEATURE;
                                __leave;
                                break;
                        case AT_KEYEXCHANGE:
                        case AT_SIGNATURE  :
                                break;
                        default:
                                Trace(WINEVENT_LEVEL_ERROR, L"dwKeySpec == %d", dwKeySpec);
                                dwReturn = SCARD_E_INVALID_PARAMETER;
                                __leave;
                                break;
                }

           pKeySizes->dwMinimumBitlen     = 1024;
           pKeySizes->dwDefaultBitlen     = 2048;
           pKeySizes->dwMaximumBitlen     = 2048;
           pKeySizes->dwIncrementalBitlen = 0;
        }
        __finally
        {
        }
        Trace(WINEVENT_LEVEL_VERBOSE, L"dwReturn = 0x%08X",dwReturn);
        return dwReturn;
}


/** The CardConstructDHAgreement function performs a secret agreement calculation 
for Diffie Hellman (DH) key exchange by using a private key that is present on the
card. For RSA-only card minidrivers, this entry point is not defined and is set to
NULL in the CARD_DATA structure that is returned from CardAcquireContext. 
The CARD_DH_AGREEMENT structure changes to allow for return of a handle to
the agreed secret. This raises a point about how to index the DH agreement 
on the card in an opaque manner. Maintaining a map file is unnecessary because
Ncrypt makes no provision for persistent DH agreements and there is no way to 
retrieve one after a provider is closed. DH agreements are addressable on card 
through an opaque BYTE that the card minidriver maintains. This BYTE should be 
associated with a handle to a card-side agreement.*/

DWORD WINAPI CardConstructDHAgreement(
    __in PCARD_DATA  pCardData,
    __inout PCARD_DH_AGREEMENT_INFO  pSecretInfo
)
{
        Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
        return SCARD_E_UNSUPPORTED_FEATURE;
}

/** The key derivation structure represents the majority of the required changes
for FIPS 140-2 compliance for smart cards. It holds the requested key derivation
function (KDF) and the associated input. The KDFs are defined in the CNG Reference 
documentation on MSDN. For RSA-only card minidrivers, this entry point is not defined
and is set to NULL in the CARD_DATA structure that is returned from CardAcquireContext.*/

DWORD WINAPI CardDeriveKey(
    __in PCARD_DATA  pCardData,
    __inout PCARD_DERIVE_KEY  pAgreementInfo
)
{
        Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
        return SCARD_E_UNSUPPORTED_FEATURE;
}

/** The CardDestroyDHAgreement function removes an agreed secret from the card.
For RSA-only card minidrivers, this entry point is not defined and is set to
NULL in the CARD_DATA structure that was returned from CardAcquireContext.*/

DWORD WINAPI CardDestroyDHAgreement(
    __in PCARD_DATA  pCardData,
    __in BYTE  bSecretAgreementIndex,
    __in DWORD  dwFlags
)
{
        Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
        return SCARD_E_UNSUPPORTED_FEATURE;
}
1	vletoux	1	/* OpenPGP Smart Card Mini Driver
2			Copyright (C) 2009 Vincent Le Toux
3
4			This library is Free software; you can redistribute it and/or
5			modify it under the terms of the GNU Lesser General Public
6			License version 2.1 as published by the Free Software Foundation.
7
8			This library is distributed in the hope that it will be useful,
9			but WITHOUT ANY WARRANTY; without even the implied warranty of
10			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11			Lesser General Public License for more details.
12
13			You should have received a copy of the GNU Lesser General Public
14			License along with this library; if not, write to the Free Software
15			Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
16			*/
17
18			#include <windows.h>
19			#include <cardmod.h>
20			#include "Tracing.h"
21			#include "Context.h"
22			#include "CryptoOperations.h"
23
24			// 4.7 Cryptographic operations
25
26			/** This function performs an RSA decryption operation on the passed buffer
27			by using the private key that a container index refers to. Note that for
28			ECC-only smart cards, this entry point is not defined and is set to NULL
29			in the returned CARD_DATA structure from CardAcquireContext. This operation
30			is restricted to a single buffer of a size equal to the key modulus.*/
31
32			DWORD WINAPI CardRSADecrypt(
33			__in PCARD_DATA pCardData,
34			__inout PCARD_RSA_DECRYPT_INFO pInfo
35			)
36			{
37			DWORD dwReturn = 0;
38
39			Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
40			__try
41			{
42			if ( pCardData == NULL )
43			{
44			Trace(WINEVENT_LEVEL_ERROR, L"pCardData == NULL");
45			dwReturn = SCARD_E_INVALID_PARAMETER;
46			__leave;
47			}
48
49			if ( pInfo == NULL )
50			{
51			Trace(WINEVENT_LEVEL_ERROR, L"pInfo == NULL");
52			dwReturn = SCARD_E_INVALID_PARAMETER;
53			__leave;
54			}
55			if ( pInfo->pbData == NULL )
56			{
57			Trace(WINEVENT_LEVEL_ERROR, L"pInfo->pbData == NULL");
58			dwReturn = SCARD_E_INVALID_PARAMETER;
59			__leave;
60			}
61	vletoux	8	if (pInfo->dwVersion != CARD_RSA_KEY_DECRYPT_INFO_VERSION_ONE
62			&& pInfo->dwVersion != CARD_RSA_KEY_DECRYPT_INFO_VERSION_TWO)
63	vletoux	1	{
64			Trace(WINEVENT_LEVEL_ERROR, L"ERROR_REVISION_MISMATCH");
65			dwReturn = ERROR_REVISION_MISMATCH;
66			__leave;
67			}
68			if (pInfo->dwKeySpec != AT_KEYEXCHANGE)
69			{
70			Trace(WINEVENT_LEVEL_ERROR, L"AT_KEYEXCHANGE %d", pInfo->dwKeySpec);
71	vletoux	8	dwReturn = SCARD_E_INVALID_PARAMETER ;
72	vletoux	1	__leave;
73			}
74	vletoux	9	if (pInfo->bContainerIndex != ContainerConfidentiality)
75	vletoux	1	{
76			Trace(WINEVENT_LEVEL_ERROR, L"Confidentiality %d", pInfo->bContainerIndex);
77			dwReturn = SCARD_E_NO_KEY_CONTAINER ;
78			__leave;
79			}
80			dwReturn = CheckContext(pCardData);
81			if ( dwReturn)
82			{
83			__leave;
84			}
85	vletoux	8	dwReturn = OCardDecrypt(pCardData, pInfo);
86			if (dwReturn == SCARD_W_WRONG_CHV)
87			{
88			dwReturn = SCARD_W_SECURITY_VIOLATION;
89			}
90	vletoux	1	}
91			__finally
92			{
93			}
94			Trace(WINEVENT_LEVEL_VERBOSE, L"dwReturn = 0x%08X",dwReturn);
95			return dwReturn;
96			}
97
98
99			/** The CardSignData function signs a block of unpadded data. This entry either performs
100			padding on the card or pads the data by using the PFN_CSP_PAD_DATA callback. All card
101			minidrivers must support this entry point.*/
102
103			DWORD WINAPI CardSignData(
104			__in PCARD_DATA pCardData,
105			__in PCARD_SIGNING_INFO pInfo
106			)
107			{
108			DWORD dwReturn = 0;
109
110			Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
111			__try
112			{
113			if ( pCardData == NULL )
114			{
115			Trace(WINEVENT_LEVEL_ERROR, L"pCardData == NULL");
116			dwReturn = SCARD_E_INVALID_PARAMETER;
117			__leave;
118			}
119
120			if ( pInfo == NULL )
121			{
122			Trace(WINEVENT_LEVEL_ERROR, L"pInfo == NULL");
123			dwReturn = SCARD_E_INVALID_PARAMETER;
124			__leave;
125			}
126	vletoux	8	if ( ( pInfo->dwVersion != CARD_SIGNING_INFO_BASIC_VERSION ) &&
127			( pInfo->dwVersion != CARD_SIGNING_INFO_CURRENT_VERSION ) )
128			{
129			Trace(WINEVENT_LEVEL_ERROR, L"dwVersion == %d", pInfo->dwVersion);
130			dwReturn = ERROR_REVISION_MISMATCH;
131			__leave;
132			}
133	vletoux	1	if ( pInfo->pbData == NULL )
134			{
135			Trace(WINEVENT_LEVEL_ERROR, L"pInfo->pbData == NULL");
136			dwReturn = SCARD_E_INVALID_PARAMETER;
137			__leave;
138			}
139	vletoux	10	if (pInfo->dwKeySpec != AT_SIGNATURE && pInfo->dwKeySpec != AT_KEYEXCHANGE)
140	vletoux	8	{
141			Trace(WINEVENT_LEVEL_ERROR, L"AT_SIGNATURE %d", pInfo->dwKeySpec);
142			dwReturn = SCARD_E_INVALID_PARAMETER ;
143			__leave;
144			}
145	vletoux	1	dwReturn = CheckContext(pCardData);
146			if ( dwReturn)
147			{
148			__leave;
149			}
150	vletoux	5	switch(pInfo->bContainerIndex)
151			{
152	vletoux	9	case ContainerAuthentication:
153	vletoux	10	case ContainerConfidentiality:
154	vletoux	8	dwReturn = OCardAuthenticate(pCardData, pInfo);
155	vletoux	5	break;
156	vletoux	9	case ContainerSignature:
157	vletoux	8	dwReturn = OCardSign(pCardData, pInfo);
158	vletoux	5	break;
159			default:
160			dwReturn = SCARD_E_NO_KEY_CONTAINER;
161			Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_NO_KEY_CONTAINER %d", pInfo->bContainerIndex);
162			__leave;
163			}
164	vletoux	8	if (dwReturn == SCARD_W_WRONG_CHV)
165			{
166			dwReturn = SCARD_W_SECURITY_VIOLATION;
167			}
168	vletoux	1	}
169			__finally
170			{
171			}
172			Trace(WINEVENT_LEVEL_VERBOSE, L"dwReturn = 0x%08X",dwReturn);
173			return dwReturn;
174			}
175
176			/** This function returns the public key sizes that are supported by the card in use.*/
177			DWORD WINAPI CardQueryKeySizes(
178			__in PCARD_DATA pCardData,
179			__in DWORD dwKeySpec,
180			__in DWORD dwFlags,
181			__inout PCARD_KEY_SIZES pKeySizes
182			)
183			{
184			DWORD dwReturn = 0, dwVersion;
185			Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
186			__try
187			{
188			if ( pCardData == NULL )
189			{
190			Trace(WINEVENT_LEVEL_ERROR, L"pCardData == NULL");
191			dwReturn = SCARD_E_INVALID_PARAMETER;
192			__leave;
193			}
194
195			if ( dwFlags != 0 )
196			{
197			Trace(WINEVENT_LEVEL_ERROR, L"dwFlags != 0 : %d", dwFlags);
198			dwReturn = SCARD_E_INVALID_PARAMETER;
199			__leave;
200			}
201			if ( pKeySizes == NULL )
202			{
203			Trace(WINEVENT_LEVEL_ERROR, L"pKeySizes == NULL");
204			dwReturn = SCARD_E_INVALID_PARAMETER;
205			__leave;
206			}
207			dwVersion = (pKeySizes->dwVersion == 0) ? 1 : pKeySizes->dwVersion;
208			if ( dwVersion != CARD_KEY_SIZES_CURRENT_VERSION )
209			{
210			Trace(WINEVENT_LEVEL_ERROR, L"dwVersion == %d", pKeySizes->dwVersion);
211			dwReturn = ERROR_REVISION_MISMATCH;
212			__leave;
213			}
214	vletoux	8	dwReturn = CheckContext(pCardData);
215			if ( dwReturn)
216			{
217			__leave;
218			}
219	vletoux	1	switch(dwKeySpec)
220			{
221			case AT_ECDHE_P256 :
222			case AT_ECDHE_P384 :
223			case AT_ECDHE_P521 :
224			case AT_ECDSA_P256 :
225			case AT_ECDSA_P384 :
226			case AT_ECDSA_P521 :
227			Trace(WINEVENT_LEVEL_ERROR, L"dwKeySpec == %d", dwKeySpec);
228			dwReturn = SCARD_E_UNSUPPORTED_FEATURE;
229			__leave;
230			break;
231			case AT_KEYEXCHANGE:
232			case AT_SIGNATURE :
233			break;
234			default:
235			Trace(WINEVENT_LEVEL_ERROR, L"dwKeySpec == %d", dwKeySpec);
236			dwReturn = SCARD_E_INVALID_PARAMETER;
237			__leave;
238			break;
239			}
240
241			pKeySizes->dwMinimumBitlen = 1024;
242			pKeySizes->dwDefaultBitlen = 2048;
243			pKeySizes->dwMaximumBitlen = 2048;
244			pKeySizes->dwIncrementalBitlen = 0;
245			}
246			__finally
247			{
248			}
249			Trace(WINEVENT_LEVEL_VERBOSE, L"dwReturn = 0x%08X",dwReturn);
250			return dwReturn;
251			}
252
253
254			/** The CardConstructDHAgreement function performs a secret agreement calculation
255			for Diffie Hellman (DH) key exchange by using a private key that is present on the
256			card. For RSA-only card minidrivers, this entry point is not defined and is set to
257			NULL in the CARD_DATA structure that is returned from CardAcquireContext.
258			The CARD_DH_AGREEMENT structure changes to allow for return of a handle to
259			the agreed secret. This raises a point about how to index the DH agreement
260			on the card in an opaque manner. Maintaining a map file is unnecessary because
261			Ncrypt makes no provision for persistent DH agreements and there is no way to
262			retrieve one after a provider is closed. DH agreements are addressable on card
263			through an opaque BYTE that the card minidriver maintains. This BYTE should be
264			associated with a handle to a card-side agreement.*/
265
266			DWORD WINAPI CardConstructDHAgreement(
267			__in PCARD_DATA pCardData,
268			__inout PCARD_DH_AGREEMENT_INFO pSecretInfo
269			)
270			{
271			Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
272			return SCARD_E_UNSUPPORTED_FEATURE;
273			}
274
275			/** The key derivation structure represents the majority of the required changes
276			for FIPS 140-2 compliance for smart cards. It holds the requested key derivation
277			function (KDF) and the associated input. The KDFs are defined in the CNG Reference
278			documentation on MSDN. For RSA-only card minidrivers, this entry point is not defined
279			and is set to NULL in the CARD_DATA structure that is returned from CardAcquireContext.*/
280
281			DWORD WINAPI CardDeriveKey(
282			__in PCARD_DATA pCardData,
283			__inout PCARD_DERIVE_KEY pAgreementInfo
284			)
285			{
286			Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
287			return SCARD_E_UNSUPPORTED_FEATURE;
288			}
289
290			/** The CardDestroyDHAgreement function removes an agreed secret from the card.
291			For RSA-only card minidrivers, this entry point is not defined and is set to
292			NULL in the CARD_DATA structure that was returned from CardAcquireContext.*/
293
294			DWORD WINAPI CardDestroyDHAgreement(
295			__in PCARD_DATA pCardData,
296			__in BYTE bSecretAgreementIndex,
297			__in DWORD dwFlags
298			)
299			{
300			Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
301			return SCARD_E_UNSUPPORTED_FEATURE;
302			}