trunk/OpenPGPminidriver/CryptoOperations.c

/*      OpenPGP Smart Card Mini Driver
    Copyright (C) 2009 Vincent Le Toux

    This library is Free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
    License version 2.1 as published by the Free Software Foundation.

    This library is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    Lesser General Public License for more details.

    You should have received a copy of the GNU Lesser General Public
    License along with this library; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/

#include <windows.h>
#include <cardmod.h>
#include "Tracing.h"
#include "Context.h"
#include "SmartCard.h"
#include "CryptoOperations.h"
#include "PinOperations.h"
#include "PublicDataOperations.h"

OPENPGP_CONTAINER_INFO Containers[] = 
{
        {0xB6, CALG_RSA_SIGN, AT_SIGNATURE, ROLE_SIGNATURE},
        {0xA4, CALG_RSA_SIGN, AT_SIGNATURE, ROLE_AUTHENTICATION},
        {0xB8, CALG_RSA_KEYX, AT_KEYEXCHANGE, ROLE_CONFIDENTIALITY}
        
};

typedef struct _OPENPGP_SUPPORTED_SIGNATURE_ALGORITHM
{
        ALG_ID aiHashAlg;
        DWORD  dwHashSize;
        PBYTE pbEncodedOid;
        DWORD dwEncodedOidSize;
} OPENPGP_SUPPORTED_SIGNATURE_ALGORITHM, *POPENPGP_SUPPORTED_SIGNATURE_ALGORITHM;

BYTE dwSHA1EncodedOid[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
                        0x02, 0x1a, 0x05, 0x00, 0x04, 0x14};
BYTE dwSHA256EncodedOid[] = {0x30, 0x31, 0x30, 0x0D,0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
                        0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20};
BYTE dwSHA384EncodedOid[] = {0x30, 0x41, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
                        0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30};
BYTE dwSHA512EncodedOid[] = {0x30, 0x41, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
                        0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40};

OPENPGP_SUPPORTED_SIGNATURE_ALGORITHM SignatureAlgorithm[] = 
{
        {CALG_SHA1,20, 
                        dwSHA1EncodedOid,
                        ARRAYSIZE(dwSHA1EncodedOid)},
        {CALG_SHA-256,32,
                        dwSHA256EncodedOid,
                        ARRAYSIZE(dwSHA256EncodedOid)},
        {CALG_SHA-384,48,
                        dwSHA384EncodedOid,
                        ARRAYSIZE(dwSHA384EncodedOid)},
        {CALG_SHA-512,64,
                        dwSHA512EncodedOid,
                        ARRAYSIZE(dwSHA512EncodedOid)},
};

DWORD dwSignatureAlgorithmCount = ARRAYSIZE(SignatureAlgorithm);

#pragma pack(push,1)
typedef struct _OPENPGP_ALGORITHM_ATTRIBUTE
{
        BYTE bAlgoId;
        unsigned short wModulusLength;
        unsigned short wExponentLength;
        BYTE bFormat;
} OPENPGP_ALGORITHM_ATTRIBUTE, *POPENPGP_ALGORITHM_ATTRIBUTE;
#pragma pack(pop)

typedef struct _RSAPUBLICKEYBLOB
{
        BLOBHEADER blobheader;
        RSAPUBKEY rsapubkey;
        BYTE modulus[sizeof(DWORD)];
} RSAPUBLICKEYBLOB, *PRSAPUBLICKEYBLOB;

DWORD getTlvSize(__in PBYTE pbPointer, __in PDWORD pdwOffset)
{
        DWORD dwSize;
        switch(*pbPointer)
        {
        case 0x81:
                *pdwOffset+=2;
                dwSize = pbPointer[1];
                break;
        case 0x82:
                *pdwOffset+=3;
                dwSize = pbPointer[1] * 0x100 + pbPointer[2];
                break;
        default:
                dwSize = *pbPointer;
                *pdwOffset+=1;
                break;
        }
        return dwSize;
}

BOOL find_tlv(__in PBYTE pbData, __in BYTE bCode, __out PBYTE *pbDataOut, __out_opt PDWORD pdwSize)
{
        DWORD dwOffset = 2;
        DWORD dwSize;
        DWORD dwTotalSize = getTlvSize(pbData + 2,&dwOffset) + 2;
        while (dwOffset < dwTotalSize)
        {
                if (bCode == pbData[dwOffset])
                {
                        dwOffset++;
                        // size sequence
                        dwSize = getTlvSize(pbData + dwOffset,&dwOffset);
                        if (pdwSize)
                        {
                                *pdwSize = dwSize;
                        }
                        *pbDataOut = pbData + dwOffset;
                        return TRUE;
                }
                else
                {
                        dwOffset++;
                        dwSize = getTlvSize(pbData + dwOffset,&dwOffset);
                        dwOffset += dwSize;
                }
        }
        return FALSE;
}


DWORD GetKeyAlgorithmAttributes(__in PCARD_DATA pCardData, 
                                                                __in OPENPGP_CONTAINER dwContainer,
                                                                __out POPENPGP_ALGORITHM_ATTRIBUTE pAttributes)
{
        DWORD dwReturn;
        PSTR szAlgorithmAttributes = NULL;
        PBYTE pbData = NULL;
        DWORD dwResponseSize;
        WORD wTemp;
        __try
        {
                Trace(WINEVENT_LEVEL_VERBOSE, L"Enter dwContainer=%d",dwContainer);
                switch(dwContainer)
                {
                case Signature:
                        szAlgorithmAttributes = szOpenPGPAlgoAttributesSignature;
                        break;
                case Authentication:
                        szAlgorithmAttributes = szOpenPGPAlgoAttributesDecryption;
                        break;
                case Confidentiality:
                        szAlgorithmAttributes = szOpenPGPAlgoAttributesAuthentication;
                        break;
                default:
                        dwReturn = SCARD_E_NO_KEY_CONTAINER;
                        Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_NO_KEY_CONTAINER %d", dwContainer);
                        __leave;
                }
                dwReturn = SCardReadFile(pCardData, szOpenPGPDir, szAlgorithmAttributes, &pbData, &dwResponseSize);
                if (dwReturn)
                {
                        __leave;
                }
                if (dwResponseSize != sizeof(OPENPGP_ALGORITHM_ATTRIBUTE))
                {
                        dwReturn = SCARD_E_UNEXPECTED;
                        Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_UNEXPECTED");
                        __leave;
                }
                memcpy(pAttributes, pbData, dwResponseSize);
                // big endian, little endian ...
                wTemp = pAttributes->wExponentLength;
                pAttributes->wExponentLength = (wTemp % 0x100) * 0x100 + (wTemp / 0x100);
                wTemp = pAttributes->wModulusLength;
                pAttributes->wModulusLength = (wTemp % 0x100) * 0x100 + (wTemp / 0x100);
                
                dwReturn = 0;
        }
        __finally
        {
                if (pbData)
                        pCardData->pfnCspFree(pbData);
        }
        return dwReturn;
}

DWORD SetKeyAlgorithmAttributes(__in PCARD_DATA pCardData, 
                                                                __in OPENPGP_CONTAINER dwContainer,
                                                                __out POPENPGP_ALGORITHM_ATTRIBUTE pAttributes)
{
        DWORD dwReturn;
        PSTR szAlgorithmAttributes = NULL;
        OPENPGP_ALGORITHM_ATTRIBUTE TempAttributes;
        WORD wTemp;
        __try
        {
                Trace(WINEVENT_LEVEL_VERBOSE, L"Enter dwContainer=%d",dwContainer);
                switch(dwContainer)
                {
                case Signature:
                        szAlgorithmAttributes = szOpenPGPAlgoAttributesSignature;
                        break;
                case Authentication:
                        szAlgorithmAttributes = szOpenPGPAlgoAttributesDecryption;
                        break;
                case Confidentiality:
                        szAlgorithmAttributes = szOpenPGPAlgoAttributesAuthentication;
                        break;
                default:
                        dwReturn = SCARD_E_NO_KEY_CONTAINER;
                        Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_NO_KEY_CONTAINER %d", dwContainer);
                        __leave;
                }
                memcpy(&TempAttributes, pAttributes, sizeof(OPENPGP_ALGORITHM_ATTRIBUTE));
                wTemp = TempAttributes.wExponentLength;
                TempAttributes.wExponentLength = (wTemp % 0x100) * 0x100 + (wTemp / 0x100);
                wTemp = TempAttributes.wModulusLength;
                TempAttributes.wModulusLength = (wTemp % 0x100) * 0x100 + (wTemp / 0x100);

                dwReturn = SCardWriteFile(pCardData, szOpenPGPDir, szAlgorithmAttributes, (PBYTE) &TempAttributes, sizeof(OPENPGP_ALGORITHM_ATTRIBUTE));
                if (dwReturn)
                {
                        __leave;
                }
                dwReturn = 0;
        }
        __finally
        {
        }
        return dwReturn;
}

DWORD BuildPrivateKeyTlv(__in PCARD_DATA pCardData, __in PRSAPUBLICKEYBLOB pbPublicKeyBlob,
                                                 __out PBYTE * ppbTlv, __out PDWORD pdwTlvSize)
{
        DWORD dwReturn;
        __try
        {
        }
        __finally
        {
        }
        return dwReturn;
}

DWORD SCardReadPublicKey(PCARD_DATA pCardData, OPENPGP_CONTAINER dwContainer, PBYTE *pbPublicKey, PDWORD pdwPublicKeySize)
{
        DWORD dwReturn;
        PBYTE pbData = NULL;
        DWORD dwResponseSize = 0;
        BYTE pbCmd[] = {0x00, 
                                    0x47,
                                        0x81,
                                        0x00,
                                        0x00,
                                        0x00,
                                        0x02,
                                        0x00,
                                        0x00,
                                        0x00,
                                        0x00
                                        };
        DWORD dwCmdSize;
        POPENPGP_CONTEXT pContext;
        PBYTE pbModulus;
        DWORD dwModulusSize;
        PBYTE pbExponent;
        PRSAPUBLICKEYBLOB pbBlob = NULL;
        __try
        {
                Trace(WINEVENT_LEVEL_VERBOSE, L"Enter dwContainer=%d",dwContainer);
                if (dwContainer >= MaxContainer)
                {
                        dwReturn = SCARD_E_NO_KEY_CONTAINER;
                        Trace(WINEVENT_LEVEL_INFO, L"SCARD_E_NO_KEY_CONTAINER %d", dwContainer);
                        __leave;
                }
                pContext = (POPENPGP_CONTEXT) pCardData->pvVendorSpecific;
                pbCmd[7] = Containers[dwContainer].Tag;
                dwCmdSize = 9;
                if (pContext->fExtentedLeLcFields)
                {
                        pbCmd[dwCmdSize++] = (BYTE)(pContext->dwMaxLength / 0x100);
                        pbCmd[dwCmdSize++] = (BYTE)(pContext->dwMaxLength % 0x100);
                }
                else
                {
                        pbCmd[dwCmdSize++] = 0xFF;
                }

                dwReturn = SCardGetData(pCardData, pbCmd, dwCmdSize, &pbData, &dwResponseSize);
                if (dwReturn)
                {
                        __leave;
                }
                //TraceDump(WINEVENT_LEVEL_INFO, pbData,dwSize);
                if (!find_tlv(pbData,0x81,&pbModulus,&dwModulusSize))
                {
                        dwReturn = SCARD_E_UNEXPECTED;
                        Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_UNEXPECTED 0x81");
                        __leave;
                }
                if (!find_tlv(pbData,0x82,(PBYTE*)&pbExponent,NULL))
                {
                        dwReturn = SCARD_E_UNEXPECTED;
                        Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_UNEXPECTED 0x81");
                        __leave;
                }
                *pdwPublicKeySize = sizeof(RSAPUBLICKEYBLOB) + dwModulusSize - sizeof(DWORD);
                *pbPublicKey = pCardData->pfnCspAlloc(*pdwPublicKeySize);
                if (!*pbPublicKey)
                {
                        dwReturn = SCARD_E_NO_MEMORY;
                        Trace(WINEVENT_LEVEL_INFO, L"SCARD_E_NO_MEMORY %d", dwContainer);
                        __leave;
                }
                pbBlob = (PRSAPUBLICKEYBLOB) *pbPublicKey;
                memset(pbBlob,0,*pdwPublicKeySize);
                pbBlob->blobheader.bType = PUBLICKEYBLOB;
                pbBlob->blobheader.bVersion = CUR_BLOB_VERSION;
                pbBlob->blobheader.reserved = 0;
                pbBlob->blobheader.aiKeyAlg = Containers[dwContainer].aiKeyAlg;
                pbBlob->rsapubkey.magic = 0x31415352; //'RSA1';
                pbBlob->rsapubkey.bitlen = dwModulusSize*8;
                pbBlob->rsapubkey.pubexp = pbExponent[0] * 0x1000000  + pbExponent[1] * 0x10000  + pbExponent[2] * 0x100 + pbExponent[3];
                memcpy(pbBlob->modulus, pbModulus, dwModulusSize);
                //TraceDump(WINEVENT_LEVEL_INFO, (PBYTE) pbBlob,*pdwPublicKeySize);
                dwReturn = 0;
        }
        __finally
        {
        }
        return dwReturn;
}

DWORD SCardCreateKey(PCARD_DATA pCardData, OPENPGP_CONTAINER dwContainer, DWORD dwBitLen)
{
        DWORD dwReturn;
        PBYTE pbData = NULL;
        DWORD dwResponseSize = 0, dwCmdSize;
        OPENPGP_ALGORITHM_ATTRIBUTE Attributes;
        POPENPGP_CONTEXT pContext;
        BYTE pbCmd[] = {0x00, 
                                    0x47,
                                        0x80,
                                        0x00,
                                        0x00,
                                        0x00,
                                        0x02,
                                        0x00,
                                        0x00,
                                        0x00,
                                        0x00
                                        };
        __try
        {
                Trace(WINEVENT_LEVEL_VERBOSE, L"Enter dwContainer=%d",dwContainer);
                if (dwContainer >= MaxContainer)
                {
                        dwReturn = SCARD_E_NO_KEY_CONTAINER;
                        Trace(WINEVENT_LEVEL_INFO, L"SCARD_E_NO_KEY_CONTAINER %d", dwContainer);
                        __leave;
                }
                // key len
                dwReturn = GetKeyAlgorithmAttributes(pCardData, dwContainer, &Attributes);
                if (dwReturn == SCARD_E_FILE_NOT_FOUND)
                {
                        Attributes.bAlgoId = 0x01;
                        Attributes.bFormat = 0;
                        Attributes.wExponentLength = 0x20;
                } 
                else if (dwReturn)
                {
                        __leave;
                }
                Attributes.wModulusLength = (WORD) dwBitLen;
                dwReturn = SetKeyAlgorithmAttributes(pCardData, dwContainer, &Attributes);
                if (dwReturn)
                {
                        __leave;
                }

                pContext = (POPENPGP_CONTEXT) pCardData->pvVendorSpecific;
                pbCmd[7] = Containers[dwContainer].Tag;
                dwCmdSize = 9;
                if (pContext->fExtentedLeLcFields)
                {
                        pbCmd[dwCmdSize++] = (BYTE)(pContext->dwMaxLength / 0x100);
                        pbCmd[dwCmdSize++] = (BYTE)(pContext->dwMaxLength % 0x100);
                }
                else
                {
                        pbCmd[dwCmdSize++] = 0xFF;
                }
                
                dwReturn = SCardGetData(pCardData, pbCmd, dwCmdSize, &pbData, &dwResponseSize);
                if (dwReturn)
                {
                        __leave;
                }
        }
        __finally
        {
                if (pbData)
                        pCardData->pfnCspFree(pbData);
        }
        return dwReturn;
}

DWORD SCardImportKey(PCARD_DATA pCardData, 
                                         OPENPGP_CONTAINER dwContainer,
                                         PBYTE pBlob,
                                         DWORD dwKeySize)
{
        DWORD dwReturn;
        PSTR szAlgorithmAttributes = NULL;
        PBYTE pbData = NULL;
        DWORD dwResponseSize;
        OPENPGP_ALGORITHM_ATTRIBUTE Attributes;
        PRSAPUBLICKEYBLOB pbPublicKeyBlob = (PRSAPUBLICKEYBLOB) pBlob;
        __try
        {
                Trace(WINEVENT_LEVEL_VERBOSE, L"Enter dwContainer=%d",dwContainer);
                // check blob
                if (pbPublicKeyBlob->blobheader.aiKeyAlg != Containers[dwContainer].aiKeyAlg)
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"Wrong aiKeyAlg %d", pbPublicKeyBlob->blobheader.aiKeyAlg);
                        dwReturn = SCARD_E_INVALID_PARAMETER;
                        __leave;
                }
                if (pbPublicKeyBlob->blobheader.bType != PUBLICKEYBLOB)
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"Wrong bType %d", pbPublicKeyBlob->blobheader.bType);
                        dwReturn = SCARD_E_INVALID_PARAMETER;
                        __leave;
                }
                if (pbPublicKeyBlob->rsapubkey.magic != 0x32415352)
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"Wrong magic");
                        dwReturn = SCARD_E_INVALID_PARAMETER;
                        __leave;
                }
                
                dwReturn = GetKeyAlgorithmAttributes(pCardData, dwContainer, &Attributes);
                if (dwReturn == SCARD_E_FILE_NOT_FOUND)
                {
                        Attributes.bAlgoId = 0x01;
                        Attributes.bFormat = 0;
                        Attributes.wExponentLength = 0x20;
                } 
                else if (dwReturn)
                {
                        __leave;
                }
                Attributes.wModulusLength = (WORD) pbPublicKeyBlob->rsapubkey.bitlen;
                dwReturn = SetKeyAlgorithmAttributes(pCardData, dwContainer, &Attributes);
                if (dwReturn)
                {
                        __leave;
                }
        }
        __finally
        {
                if (dwReturn)
                {
                        
                }
        }
        return dwReturn;
}

DWORD SCardSign(PCARD_DATA pCardData,
                                PCARD_SIGNING_INFO  pInfo)
{
        DWORD dwReturn;
        PBYTE pbData = NULL;
        DWORD dwCmdSize = 0, dwI;
        POPENPGP_CONTEXT pContext;
        BYTE pbCmd[6 + 256 + 256] = {0x00, 
                                    0x2A,
                                        0x9E,
                                        0x9A,
                                        0x00,
                                        0x00,
                                        };
        __try
        {
                Trace(WINEVENT_LEVEL_VERBOSE, L"Enter dwContainer=%d",pInfo->bContainerIndex);
                if (pInfo->bContainerIndex >= MaxContainer)
                {
                        dwReturn = SCARD_E_NO_KEY_CONTAINER;
                        Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_NO_KEY_CONTAINER %d", pInfo->bContainerIndex);
                        __leave;
                }
                if (pInfo->bContainerIndex != Signature)
                {
                        dwReturn = SCARD_E_NO_KEY_CONTAINER;
                        Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_NO_KEY_CONTAINER %d", pInfo->bContainerIndex);
                        __leave;
                }
                if (CARD_PADDING_PKCS1 & pInfo->dwPaddingType)
                {
                        dwReturn = SCARD_E_UNSUPPORTED_FEATURE;
                        Trace(WINEVENT_LEVEL_ERROR, L"CARD_PADDING_PKCS1");
                        __leave;
                }
                else if (CARD_PADDING_PSS & pInfo->dwPaddingType)
                {
                        dwReturn = SCARD_E_UNSUPPORTED_FEATURE;
                        Trace(WINEVENT_LEVEL_ERROR, L"CARD_PADDING_PSS");
                        __leave;
                }
                for(dwI = 0 ; dwI < dwSignatureAlgorithmCount ; dwI++)
                {
                        if (SignatureAlgorithm[dwI].aiHashAlg == pInfo->aiHashAlg)
                        {
                                // found
                                break;
                        }
                }
                if (dwI >= dwSignatureAlgorithmCount)
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"alg not found %d", pInfo->aiHashAlg);
                        __leave;
                }
                if (SignatureAlgorithm[dwI].dwHashSize != pInfo->cbData)
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"wrong hash size %d", pInfo->cbData);
                        __leave;
                }
                pContext = (POPENPGP_CONTEXT) pCardData->pvVendorSpecific;

                dwCmdSize = 5;
                if (pContext->fExtentedLeLcFields)
                {
                        dwCmdSize++;
                }
                pbCmd[dwCmdSize++] = (BYTE) (SignatureAlgorithm[dwI].dwEncodedOidSize + pInfo->cbData);
                memcpy(pbCmd + dwCmdSize , SignatureAlgorithm[dwI].pbEncodedOid,SignatureAlgorithm[dwI].dwEncodedOidSize);
                dwCmdSize += SignatureAlgorithm[dwI].dwEncodedOidSize;
                for(dwI = 0 ; dwI < pInfo->cbData ; dwI++)
                {
                        pbCmd[dwCmdSize + dwI] = pInfo->pbData[pInfo->cbData - dwI -1];
                }
                //memcpy(pbCmd + dwCmdSize, pInfo->pbData,pInfo->cbData);
                dwCmdSize += pInfo->cbData;

                
                if (pContext->fExtentedLeLcFields)
                {
                        pbCmd[dwCmdSize++] = (BYTE)(pContext->dwMaxLength / 0x100);
                        pbCmd[dwCmdSize++] = (BYTE)(pContext->dwMaxLength % 0x100);
                }
                else
                {
                        pbCmd[dwCmdSize++] = 0;
                }
                dwReturn = SCardGetData(pCardData, pbCmd, dwCmdSize, &(pInfo->pbSignedData), &(pInfo->cbSignedData));
                if (dwReturn == SCARD_W_WRONG_CHV)
                {
                        dwReturn = SCARD_W_SECURITY_VIOLATION;
                        __leave;
                }
                if (dwReturn)
                {
                        __leave;
                }
                // revert the BYTES
                for(dwI = 0 ; dwI < pInfo->cbSignedData / 2 ; dwI++)
                {
                        BYTE bTemp = pInfo->pbSignedData[dwI];
                        pInfo->pbSignedData[dwI] = pInfo->pbSignedData[pInfo->cbSignedData - 1 - dwI];
                        pInfo->pbSignedData[pInfo->cbSignedData - 1 - dwI] = bTemp;
                }
                TraceDump(WINEVENT_LEVEL_ERROR,pInfo->pbSignedData,pInfo->cbSignedData);
        }
        __finally
        {
                if (dwReturn)
                {
                        if (pInfo->pbSignedData)
                                pCardData->pfnCspFree(pInfo->pbSignedData);
                }
        }
        return dwReturn;
}

DWORD SCardDecrypt(PCARD_DATA pCardData,
                                PCARD_RSA_DECRYPT_INFO  pInfo)
{
        DWORD dwReturn;
        PBYTE pbData = NULL;
        DWORD dwCmdSize = 0, dwResponseSize;
        BYTE pbCmd[6 + 256 + 256] = {0x00, 
                                    0x2A,
                                        0x80,
                                        0x86,
                                        0x00,
                                        };
        POPENPGP_CONTEXT pContext;
        __try
        {
                Trace(WINEVENT_LEVEL_VERBOSE, L"Enter dwContainer=%d",pInfo->bContainerIndex);
                if (pInfo->bContainerIndex >= MaxContainer)
                {
                        dwReturn = SCARD_E_NO_KEY_CONTAINER;
                        Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_NO_KEY_CONTAINER %d", pInfo->bContainerIndex);
                        __leave;
                }
                if (pInfo->bContainerIndex != Confidentiality)
                {
                        dwReturn = SCARD_E_NO_KEY_CONTAINER;
                        Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_NO_KEY_CONTAINER %d", pInfo->bContainerIndex);
                        __leave;
                }
                pContext = (POPENPGP_CONTEXT) pCardData->pvVendorSpecific;
                dwCmdSize = 5;
                if (pContext->fExtentedLeLcFields)
                {
                        pbCmd[dwCmdSize++] = (BYTE)((pInfo->cbData +1) / 0x100);
                        pbCmd[dwCmdSize++] = (BYTE)((pInfo->cbData +1) % 0x100);
                }
                else
                {
                        pbCmd[dwCmdSize++] = (BYTE)((pInfo->cbData +1) % 0x100);
                }
                pbCmd[dwCmdSize++] = 0;
                memcpy(pbCmd + dwCmdSize, pInfo->pbData, pInfo->cbData);
                dwCmdSize += pInfo->cbData;
                if (pContext->fExtentedLeLcFields)
                {
                        pbCmd[dwCmdSize++] = (BYTE)(pContext->dwMaxLength / 0x100);
                        pbCmd[dwCmdSize++] = (BYTE)(pContext->dwMaxLength % 0x100);
                }
                else
                {
                        pbCmd[dwCmdSize++] = 0;
                }
                dwReturn = SCardGetData(pCardData, pbCmd, dwCmdSize, &pbData, &dwResponseSize);
                if (dwReturn)
                {
                        __leave;
                }
                if ( pInfo->cbData < dwResponseSize)
                {
                        dwReturn = SCARD_E_INSUFFICIENT_BUFFER;
                        Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_INSUFFICIENT_BUFFER %d expected = %d", pInfo->cbData, dwResponseSize);
                        __leave;
                }
                pInfo->cbData = dwResponseSize;
                memcpy( pInfo->pbData, pbData, dwResponseSize);
        }
        __finally
        {
                if (pbData)
                        pCardData->pfnCspFree(pbData);
        }
        return dwReturn;
}

DWORD SCardAuthenticate(PCARD_DATA pCardData,
                                                        PCARD_SIGNING_INFO  pInfo)
{
        DWORD dwReturn;
        PBYTE pbData = NULL;
        DWORD dwSize = 0, dwI;
        BYTE pbCmd[6 + 256 + 256] = {0x00, 
                                    0x88,
                                        0x00,
                                        0x00,
                                        0x00,
                                        };
        __try
        {
                Trace(WINEVENT_LEVEL_VERBOSE, L"Enter dwContainer=%d",pInfo->bContainerIndex);
                if (pInfo->bContainerIndex >= MaxContainer)
                {
                        dwReturn = SCARD_E_NO_KEY_CONTAINER;
                        Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_NO_KEY_CONTAINER %d", pInfo->bContainerIndex);
                        __leave;
                }
                if (pInfo->bContainerIndex != Authentication)
                {
                        dwReturn = SCARD_E_NO_KEY_CONTAINER;
                        Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_NO_KEY_CONTAINER %d", pInfo->bContainerIndex);
                        __leave;
                }
                if (CARD_PADDING_PKCS1 & pInfo->dwPaddingType)
                {
                        dwReturn = SCARD_E_UNSUPPORTED_FEATURE;
                        Trace(WINEVENT_LEVEL_ERROR, L"CARD_PADDING_PKCS1");
                        __leave;
                }
                else if (CARD_PADDING_PSS & pInfo->dwPaddingType)
                {
                        dwReturn = SCARD_E_UNSUPPORTED_FEATURE;
                        Trace(WINEVENT_LEVEL_ERROR, L"CARD_PADDING_PSS");
                        __leave;
                }
                for(dwI = 0 ; dwI < dwSignatureAlgorithmCount ; dwI++)
                {
                        if (SignatureAlgorithm[dwI].aiHashAlg == pInfo->aiHashAlg)
                        {
                                // found
                                break;
                        }
                }
                if (dwI >= dwSignatureAlgorithmCount)
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"alg not found %d", pInfo->aiHashAlg);
                        __leave;
                }
                if (SignatureAlgorithm[dwI].dwHashSize != pInfo->cbData)
                {
                        Trace(WINEVENT_LEVEL_ERROR, L"wrong hash size %d", pInfo->cbData);
                        __leave;
                }
                memcpy(pbCmd +5, SignatureAlgorithm[dwI].pbEncodedOid,SignatureAlgorithm[dwI].dwEncodedOidSize);
                memcpy(pbCmd +5 + SignatureAlgorithm[dwI].dwEncodedOidSize, pInfo->pbData,pInfo->cbData);

                dwReturn = SCardGetData(pCardData, pbCmd, ARRAYSIZE(pbCmd), &(pInfo->pbSignedData), &(pInfo->cbSignedData));
                if (dwReturn)
                {
                        __leave;
                }
        }
        __finally
        {
        }
        return dwReturn;
}

DWORD GetPinInfo(DWORD __in dwPinIndex, __inout PPIN_INFO pPinInfo)
{
        DWORD dwReturn=0;
        __try
        {
                Trace(WINEVENT_LEVEL_VERBOSE, L"Enter dwPinIndex=%d",dwPinIndex);
                switch(dwPinIndex)
                {
                case ROLE_SIGNATURE:
                        pPinInfo->PinType = AlphaNumericPinType;
                        pPinInfo->PinPurpose = DigitalSignaturePin;
                        pPinInfo->dwChangePermission = PIN_CHANGE_FLAG_CHANGEPIN;
                        pPinInfo->PinCachePolicy.dwVersion = PIN_CACHE_POLICY_CURRENT_VERSION;
                        pPinInfo->PinCachePolicy.PinCachePolicyType = PinCacheAlwaysPrompt;
                        break;
                case ROLE_AUTHENTICATION:
                        pPinInfo->PinType = AlphaNumericPinType;
                        pPinInfo->PinPurpose = AuthenticationPin;
                        pPinInfo->dwChangePermission = PIN_CHANGE_FLAG_CHANGEPIN;
                        pPinInfo->PinCachePolicy.dwVersion = PIN_CACHE_POLICY_CURRENT_VERSION;
                        pPinInfo->PinCachePolicy.PinCachePolicyType = PinCacheAlwaysPrompt;
                        break;
                case ROLE_CONFIDENTIALITY:
                        pPinInfo->PinType = AlphaNumericPinType;
                        pPinInfo->PinPurpose = EncryptionPin;
                        pPinInfo->dwChangePermission = PIN_CHANGE_FLAG_CHANGEPIN;
                        pPinInfo->PinCachePolicy.dwVersion = PIN_CACHE_POLICY_CURRENT_VERSION;
                        pPinInfo->PinCachePolicy.PinCachePolicyType = PinCacheAlwaysPrompt;
                        break;
                default:
                        Trace(WINEVENT_LEVEL_ERROR, L"dwPinIndex == %d", dwPinIndex);
                        dwReturn  = SCARD_E_INVALID_PARAMETER ;
                        __leave;
                }
        }
        __finally
        {
        }
        return dwReturn;
}