2005-04-04 09:30:54 +00:00
|
|
|
/*
|
|
|
|
|
* SetOCS 4.4 specific operations for PKCS15 initialization
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2003, 2005 Zetes
|
|
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
*/
|
|
|
|
|
|
2010-03-04 08:14:36 +00:00
|
|
|
#include "config.h"
|
|
|
|
|
|
2005-04-04 09:30:54 +00:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <sys/types.h>
|
2010-03-04 08:14:36 +00:00
|
|
|
|
|
|
|
|
#include "libopensc/opensc.h"
|
|
|
|
|
#include "libopensc/cardctl.h"
|
|
|
|
|
#include "libopensc/log.h"
|
2005-04-04 09:30:54 +00:00
|
|
|
#include "pkcs15-init.h"
|
|
|
|
|
#include "profile.h"
|
|
|
|
|
|
|
|
|
|
#define SETCOS_MAX_PINS 7
|
|
|
|
|
|
2007-06-21 11:07:00 +00:00
|
|
|
static unsigned char SETCOS_DEFAULT_PUBKEY[] = {0x01, 0x00, 0x01};
|
2005-04-04 09:30:54 +00:00
|
|
|
#define SETCOS_DEFAULT_PUBKEY_LEN sizeof(SETCOS_DEFAULT_PUBKEY)
|
|
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
static int setcos_create_pin_internal(sc_profile_t *, sc_pkcs15_card_t *,
|
2011-06-05 15:46:25 +00:00
|
|
|
int, sc_pkcs15_auth_info_t *, const u8 *, size_t, const u8 *, size_t);
|
2005-04-04 09:30:54 +00:00
|
|
|
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2012-04-02 21:40:05 +00:00
|
|
|
static int
|
2010-01-31 20:29:58 +00:00
|
|
|
setcos_puk_retries(sc_profile_t *profile, int pin_ref)
|
|
|
|
|
{
|
2011-06-05 15:46:25 +00:00
|
|
|
sc_pkcs15_auth_info_t auth_info;
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2011-06-05 15:46:25 +00:00
|
|
|
auth_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
|
|
|
|
auth_info.attrs.pin.reference = 1; /* Default SO PIN ref. */
|
|
|
|
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &auth_info);
|
2010-01-31 20:29:58 +00:00
|
|
|
|
|
|
|
|
/* If pin_ref is the SO PIN, get the SO PUK info, otherwise the User PUK info */
|
|
|
|
|
sc_profile_get_pin_info(profile,
|
2011-06-05 15:46:25 +00:00
|
|
|
pin_ref == auth_info.attrs.pin.reference ? SC_PKCS15INIT_SO_PUK : SC_PKCS15INIT_USER_PUK,
|
|
|
|
|
&auth_info);
|
2012-04-02 21:40:05 +00:00
|
|
|
|
2011-06-05 15:46:25 +00:00
|
|
|
if ((auth_info.tries_left < 0) || (auth_info.tries_left > 15))
|
2010-01-31 20:29:58 +00:00
|
|
|
return 3; /* Little extra safety */
|
2011-06-05 15:46:25 +00:00
|
|
|
return auth_info.tries_left;
|
2010-01-31 20:29:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2005-04-04 09:30:54 +00:00
|
|
|
/*
|
|
|
|
|
* Erase the card.
|
|
|
|
|
*/
|
2010-02-21 16:21:57 +00:00
|
|
|
static int setcos_erase_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
|
2005-04-04 09:30:54 +00:00
|
|
|
{
|
|
|
|
|
sc_path_t path;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
/* Just delete the entire MF */
|
|
|
|
|
|
|
|
|
|
/* Select parent DF and verify PINs/key as necessary */
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_pkcs15init_authenticate(profile, p15card, profile->mf_info->file, SC_AC_OP_DELETE);
|
2005-04-04 09:30:54 +00:00
|
|
|
if (r < 0)
|
|
|
|
|
return r == SC_ERROR_FILE_NOT_FOUND ? 0 : r;
|
|
|
|
|
|
|
|
|
|
/* Empty path -> we have to to delete the current DF (= the MF) */
|
|
|
|
|
memset(&path, 0, sizeof(sc_path_t));
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_delete_file(p15card->card, &path) ;
|
2010-01-31 20:29:58 +00:00
|
|
|
if (r)
|
|
|
|
|
return r;
|
2005-04-04 09:30:54 +00:00
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
sc_free_apps(p15card->card);
|
2010-01-31 20:29:58 +00:00
|
|
|
return 0;
|
2005-04-04 09:30:54 +00:00
|
|
|
}
|
|
|
|
|
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2005-04-04 09:30:54 +00:00
|
|
|
/*
|
|
|
|
|
* Create the MF and global pin file if they don't exist.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
setcos_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
|
2005-04-04 09:30:54 +00:00
|
|
|
{
|
2010-02-21 16:21:57 +00:00
|
|
|
struct sc_context *ctx = p15card->card->ctx;
|
2005-04-04 09:30:54 +00:00
|
|
|
sc_file_t *mf = profile->mf_info->file;
|
|
|
|
|
sc_file_t *pinfile;
|
|
|
|
|
int r;
|
|
|
|
|
|
2010-03-15 12:17:13 +00:00
|
|
|
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
2005-04-04 09:30:54 +00:00
|
|
|
|
|
|
|
|
/* Create the MF if it doesn't exist yet */
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_select_file(p15card->card, &mf->path, NULL);
|
2005-04-04 09:30:54 +00:00
|
|
|
if (r == SC_ERROR_FILE_NOT_FOUND) {
|
2018-11-22 08:31:29 +00:00
|
|
|
sc_log(ctx, "MF doesn't exist, creating now");
|
2005-04-04 09:30:54 +00:00
|
|
|
|
|
|
|
|
/* Fix up the file's ACLs */
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_pkcs15init_fixup_file(profile, p15card, mf);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "MF fixup failed");
|
2012-04-02 21:40:05 +00:00
|
|
|
|
2010-01-31 20:29:58 +00:00
|
|
|
mf->status = SC_FILE_STATUS_CREATION;
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_create_file(p15card->card, mf);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "MF creation failed");
|
2005-04-04 09:30:54 +00:00
|
|
|
}
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Cannot select MF");
|
2005-04-04 09:30:54 +00:00
|
|
|
|
|
|
|
|
/* Create the global pin file if it doesn't exist yet */
|
|
|
|
|
r = sc_profile_get_file(profile, "pinfile", &pinfile);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Cannot get 'pinfile' from profile");
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_select_file(p15card->card, &pinfile->path, NULL);
|
2005-04-04 09:30:54 +00:00
|
|
|
if (r == SC_ERROR_FILE_NOT_FOUND) {
|
2018-11-22 08:31:29 +00:00
|
|
|
sc_log(ctx, "Global pin file doesn't exist, creating now");
|
2005-04-04 09:30:54 +00:00
|
|
|
|
|
|
|
|
/* Fix up the file's ACLs */
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_pkcs15init_fixup_file(profile, p15card, pinfile);
|
2015-04-29 21:22:29 +00:00
|
|
|
if (r < 0)
|
|
|
|
|
sc_file_free(pinfile);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Pinfile fixup failed");
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2005-04-04 09:30:54 +00:00
|
|
|
/* Set life cycle state to SC_FILE_STATUS_CREATION,
|
|
|
|
|
* which means that all ACs are ignored. */
|
2010-01-31 20:29:58 +00:00
|
|
|
pinfile->status = SC_FILE_STATUS_CREATION;
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_create_file(p15card->card, pinfile);
|
2015-04-29 21:22:29 +00:00
|
|
|
if (r < 0)
|
|
|
|
|
sc_file_free(pinfile);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Pinfile creation failed");
|
2005-04-04 09:30:54 +00:00
|
|
|
}
|
|
|
|
|
sc_file_free(pinfile);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Select pinfile failed");
|
2005-04-04 09:30:54 +00:00
|
|
|
|
2018-11-22 22:10:49 +00:00
|
|
|
LOG_FUNC_RETURN(ctx, r);
|
2005-04-04 09:30:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Create a DF
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
setcos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df)
|
2005-04-04 09:30:54 +00:00
|
|
|
{
|
2010-02-21 16:21:57 +00:00
|
|
|
struct sc_context *ctx = p15card->card->ctx;
|
2005-04-04 09:30:54 +00:00
|
|
|
int r;
|
|
|
|
|
|
2010-03-15 12:17:13 +00:00
|
|
|
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
2005-05-06 13:52:41 +00:00
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_pkcs15init_fixup_file(profile, p15card, df);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "SetCOS file ACL fixup failed");
|
2005-05-06 13:52:41 +00:00
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_create_file(p15card->card, df);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "SetCOS create file failed");
|
2005-04-04 09:30:54 +00:00
|
|
|
|
2018-11-22 22:10:49 +00:00
|
|
|
LOG_FUNC_RETURN(ctx, r);
|
2005-04-04 09:30:54 +00:00
|
|
|
}
|
|
|
|
|
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2005-04-04 09:30:54 +00:00
|
|
|
/*
|
|
|
|
|
* Select the PIN reference
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
setcos_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
2011-06-05 15:46:25 +00:00
|
|
|
sc_pkcs15_auth_info_t *auth_info)
|
2005-04-04 09:30:54 +00:00
|
|
|
{
|
2011-06-05 15:46:25 +00:00
|
|
|
sc_pkcs15_auth_info_t auth_info_prof;
|
2005-04-04 09:30:54 +00:00
|
|
|
|
2011-06-05 15:46:25 +00:00
|
|
|
auth_info_prof.attrs.pin.reference = 1; /* Default SO PIN ref. */
|
|
|
|
|
auth_info_prof.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
|
|
|
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &auth_info_prof);
|
2005-04-04 09:30:54 +00:00
|
|
|
|
|
|
|
|
/* For the SO pin, we take the first available pin reference = 1 */
|
2011-06-05 15:46:25 +00:00
|
|
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
|
|
|
|
auth_info->attrs.pin.reference = auth_info_prof.attrs.pin.reference;
|
2010-01-28 16:44:02 +00:00
|
|
|
/* sc_pkcs15init_create_pin() starts checking if -1 is an acceptable
|
2005-04-04 09:30:54 +00:00
|
|
|
* pin reference, which isn't for the SetCOS cards. And since the
|
|
|
|
|
* value 1 has been assigned to the SO pin, we'll jump to 2. */
|
2011-06-05 15:46:25 +00:00
|
|
|
else if (auth_info->attrs.pin.reference <= 0)
|
|
|
|
|
auth_info->attrs.pin.reference = auth_info_prof.attrs.pin.reference + 1;
|
2005-04-04 09:30:54 +00:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Create a new PIN
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
setcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
2005-04-04 09:30:54 +00:00
|
|
|
sc_file_t *df,
|
|
|
|
|
sc_pkcs15_object_t *pin_obj,
|
|
|
|
|
const u8 *pin, size_t pin_len,
|
|
|
|
|
const u8 *puk, size_t puk_len)
|
|
|
|
|
{
|
2010-02-21 16:21:57 +00:00
|
|
|
struct sc_context *ctx = p15card->card->ctx;
|
2011-06-05 15:46:25 +00:00
|
|
|
sc_pkcs15_auth_info_t *auth_info = (sc_pkcs15_auth_info_t *) pin_obj->data;
|
2010-01-31 20:29:58 +00:00
|
|
|
sc_file_t *pinfile = NULL;
|
|
|
|
|
int r, ignore_ac = 0;
|
|
|
|
|
|
2010-03-15 12:17:13 +00:00
|
|
|
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2011-06-05 15:46:25 +00:00
|
|
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
|
|
|
|
return SC_ERROR_OBJECT_NOT_VALID;
|
|
|
|
|
|
2010-01-31 20:29:58 +00:00
|
|
|
/* Create the global pin file if it doesn't exist yet */
|
|
|
|
|
r = sc_profile_get_file(profile, "pinfile", &pinfile);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "No 'pinfile' template in profile");
|
2012-04-02 21:40:05 +00:00
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_select_file(p15card->card, &pinfile->path, &pinfile);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Cannot select 'pinfile'");
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2018-11-22 08:31:29 +00:00
|
|
|
sc_log(ctx, "pinfile->status:%X", pinfile->status);
|
|
|
|
|
sc_log(ctx, "create PIN with reference:%X, flags:%X, path:%s",
|
2011-06-05 15:46:25 +00:00
|
|
|
auth_info->attrs.pin.reference, auth_info->attrs.pin.flags, sc_print_path(&auth_info->path));
|
2010-01-31 20:29:58 +00:00
|
|
|
|
|
|
|
|
if (pinfile->status == SC_FILE_STATUS_CREATION)
|
|
|
|
|
ignore_ac = 1;
|
|
|
|
|
|
2012-04-02 21:40:05 +00:00
|
|
|
r = setcos_create_pin_internal(profile, p15card, ignore_ac, auth_info,
|
2010-02-21 16:21:57 +00:00
|
|
|
pin, pin_len, puk, puk_len);
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2012-04-02 21:40:05 +00:00
|
|
|
/* If pinfile is in 'Creation' state and SOPIN has been created,
|
2010-01-31 20:29:58 +00:00
|
|
|
* change status of MF and 'pinfile' to 'Operational:Activated'
|
|
|
|
|
*/
|
2011-06-05 15:46:25 +00:00
|
|
|
if (ignore_ac && (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)) {
|
2010-01-31 20:29:58 +00:00
|
|
|
sc_file_t *mf = profile->mf_info->file;
|
|
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_ACTIVATE_FILE, NULL);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Cannot set 'pinfile' into the activated state");
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_select_file(p15card->card, &mf->path, NULL);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Cannot select MF");
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_ACTIVATE_FILE, NULL);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Cannot set MF into the activated state");
|
2010-01-31 20:29:58 +00:00
|
|
|
}
|
|
|
|
|
|
2015-01-22 19:29:33 +00:00
|
|
|
sc_file_free(pinfile);
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2018-11-22 22:10:49 +00:00
|
|
|
LOG_FUNC_RETURN(ctx, r);
|
2005-04-04 09:30:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Setup file struct & path: get correct template from the profile, construct full path
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
setcos_new_file(sc_profile_t *profile, sc_card_t *card,
|
2012-04-02 21:40:05 +00:00
|
|
|
unsigned int type,
|
2005-04-04 09:30:54 +00:00
|
|
|
unsigned int num, /* number of objects of this type already on the card */
|
|
|
|
|
sc_file_t **out)
|
|
|
|
|
{
|
|
|
|
|
sc_file_t *file;
|
|
|
|
|
sc_path_t *p;
|
2010-04-02 11:58:08 +00:00
|
|
|
char name[64];
|
|
|
|
|
const char *tag;
|
2005-08-26 19:35:33 +00:00
|
|
|
int r;
|
2005-04-04 09:30:54 +00:00
|
|
|
|
2005-05-06 11:31:59 +00:00
|
|
|
if (type == SC_PKCS15_TYPE_PRKEY_RSA)
|
2005-04-04 09:30:54 +00:00
|
|
|
tag = "private-key";
|
2005-05-06 11:31:59 +00:00
|
|
|
else if (type == SC_PKCS15_TYPE_PUBKEY_RSA)
|
2005-04-04 09:30:54 +00:00
|
|
|
tag = "public-key";
|
2005-05-06 11:31:59 +00:00
|
|
|
else if ((type & SC_PKCS15_TYPE_CLASS_MASK) == SC_PKCS15_TYPE_CERT)
|
2005-04-04 09:30:54 +00:00
|
|
|
tag = "certificate";
|
2005-05-06 11:31:59 +00:00
|
|
|
else if ((type & SC_PKCS15_TYPE_CLASS_MASK) == SC_PKCS15_TYPE_DATA_OBJECT)
|
2005-04-04 09:30:54 +00:00
|
|
|
tag = "data";
|
|
|
|
|
else {
|
2018-11-22 08:31:29 +00:00
|
|
|
sc_log(card->ctx, "Unsupported file type");
|
2005-04-04 09:30:54 +00:00
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Get template from profile */
|
|
|
|
|
snprintf(name, sizeof(name), "template-%s", tag);
|
|
|
|
|
if (sc_profile_get_file(profile, name, &file) < 0) {
|
2018-11-22 08:31:29 +00:00
|
|
|
sc_log(card->ctx, "Profile doesn't define %s", name);
|
2005-04-04 09:30:54 +00:00
|
|
|
return SC_ERROR_NOT_SUPPORTED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Auto-increment FID for next object */
|
|
|
|
|
file->id += num;
|
|
|
|
|
p = &file->path;
|
|
|
|
|
*p = profile->df_info->file->path;
|
|
|
|
|
p->value[p->len++] = (u8) (file->id / 256);
|
|
|
|
|
p->value[p->len++] = (u8) (file->id % 256);
|
|
|
|
|
|
2005-08-26 19:35:33 +00:00
|
|
|
/* Increment FID until there's no file with such path */
|
|
|
|
|
r = sc_select_file(card, p, NULL);
|
|
|
|
|
while(r == 0) {
|
|
|
|
|
file->id++;
|
|
|
|
|
p->value[p->len - 2] = (u8) (file->id / 256);
|
|
|
|
|
p->value[p->len - 1] = (u8) (file->id % 256);
|
|
|
|
|
r = sc_select_file(card, p, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-04 09:30:54 +00:00
|
|
|
*out = file;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
setcos_encode_private_key(sc_profile_t *profile, sc_card_t *card,
|
|
|
|
|
struct sc_pkcs15_prkey_rsa *rsa,
|
|
|
|
|
u8 *key, size_t *keysize, int key_ref)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
setcos_encode_public_key(sc_profile_t *profile, sc_card_t *card,
|
|
|
|
|
struct sc_pkcs15_prkey_rsa *rsa,
|
|
|
|
|
u8 *key, size_t *keysize, int key_ref)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2005-04-04 09:30:54 +00:00
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
setcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
2010-01-31 20:29:58 +00:00
|
|
|
struct sc_pkcs15_object *object)
|
2005-04-04 09:30:54 +00:00
|
|
|
{
|
2010-02-21 16:21:57 +00:00
|
|
|
struct sc_context *ctx = p15card->card->ctx;
|
2010-01-31 20:29:58 +00:00
|
|
|
struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)object->data;
|
|
|
|
|
struct sc_file *file = NULL;
|
|
|
|
|
int keybits = key_info->modulus_length, r;
|
|
|
|
|
|
2010-03-15 12:17:13 +00:00
|
|
|
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
2010-01-31 20:29:58 +00:00
|
|
|
if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Create key failed: RSA only supported");
|
2010-01-31 20:29:58 +00:00
|
|
|
|
|
|
|
|
/* Parameter check */
|
|
|
|
|
if ( (keybits < 512) || (keybits > 1024) || (keybits & 0x7))
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid key length");
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2018-11-22 08:31:29 +00:00
|
|
|
sc_log(ctx, "create private key ID:%s\n", sc_pkcs15_print_id(&key_info->id));
|
2010-01-31 20:29:58 +00:00
|
|
|
|
|
|
|
|
/* Get the private key file */
|
2010-02-21 16:21:57 +00:00
|
|
|
r = setcos_new_file(profile, p15card->card, SC_PKCS15_TYPE_PRKEY_RSA, key_info->key_reference, &file);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Cannot get new private key file");
|
2010-01-31 20:29:58 +00:00
|
|
|
|
|
|
|
|
/* Take enough room for a 1024 bit key */
|
|
|
|
|
if (file->size < 512)
|
|
|
|
|
file->size = 512;
|
|
|
|
|
|
|
|
|
|
/* Replace the path of instantiated key template by the path from the object data. */
|
|
|
|
|
memcpy(&file->path, &key_info->path, sizeof(file->path));
|
|
|
|
|
file->id = file->path.value[file->path.len - 2] * 0x100
|
|
|
|
|
+ file->path.value[file->path.len - 1];
|
2012-04-02 21:40:05 +00:00
|
|
|
|
2010-01-31 20:29:58 +00:00
|
|
|
key_info->key_reference = file->path.value[file->path.len - 1] & 0xFF;
|
|
|
|
|
|
2018-11-22 08:31:29 +00:00
|
|
|
sc_log(ctx, "Path of private key file to create %s\n", sc_print_path(&file->path));
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_select_file(p15card->card, &file->path, NULL);
|
2010-01-31 20:29:58 +00:00
|
|
|
if (!r) {
|
2011-04-16 17:57:49 +00:00
|
|
|
r = sc_pkcs15init_delete_by_path(profile, p15card, &file->path);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Failed to delete private key file");
|
2010-01-31 20:29:58 +00:00
|
|
|
}
|
|
|
|
|
else if (r != SC_ERROR_FILE_NOT_FOUND) {
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Select private key file error");
|
2010-01-31 20:29:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Now create the key file */
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_pkcs15init_create_file(profile, p15card, file);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Cannot create private key file");
|
2010-01-31 20:29:58 +00:00
|
|
|
|
|
|
|
|
sc_file_free(file);
|
2018-11-22 22:10:49 +00:00
|
|
|
LOG_FUNC_RETURN(ctx, r);
|
2005-04-04 09:30:54 +00:00
|
|
|
}
|
|
|
|
|
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2005-04-04 09:30:54 +00:00
|
|
|
/*
|
2010-01-31 20:29:58 +00:00
|
|
|
* Store a private key
|
2005-04-04 09:30:54 +00:00
|
|
|
*/
|
|
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
setcos_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
2012-04-02 21:40:05 +00:00
|
|
|
struct sc_pkcs15_object *object,
|
2010-01-31 20:29:58 +00:00
|
|
|
struct sc_pkcs15_prkey *prkey)
|
2005-04-04 09:30:54 +00:00
|
|
|
{
|
2010-02-21 16:21:57 +00:00
|
|
|
struct sc_context *ctx = p15card->card->ctx;
|
2010-01-31 20:29:58 +00:00
|
|
|
struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)object->data;
|
|
|
|
|
struct sc_cardctl_setcos_gen_store_key_info args;
|
|
|
|
|
struct sc_file *file = NULL;
|
|
|
|
|
int r, keybits = key_info->modulus_length;
|
|
|
|
|
|
2010-03-15 12:17:13 +00:00
|
|
|
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
2010-01-31 20:29:58 +00:00
|
|
|
if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Store key failed: RSA only supported");
|
2010-01-31 20:29:58 +00:00
|
|
|
|
|
|
|
|
/* Parameter check */
|
|
|
|
|
if ( (keybits < 512) || (keybits > 1024) || (keybits & 0x7))
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid key length");
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2018-11-22 08:31:29 +00:00
|
|
|
sc_log(ctx, "store key with ID:%s and path:%s\n", sc_pkcs15_print_id(&key_info->id),
|
2010-01-31 20:29:58 +00:00
|
|
|
sc_print_path(&key_info->path));
|
|
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_select_file(p15card->card, &key_info->path, &file);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Cannot store key: select key file failed");
|
2012-04-02 21:40:05 +00:00
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "No authorisation to store private key");
|
2010-01-31 20:29:58 +00:00
|
|
|
|
|
|
|
|
/* Fill in data structure */
|
|
|
|
|
memset(&args, 0, sizeof(args));
|
|
|
|
|
args.mod_len = keybits;
|
|
|
|
|
args.op_type = OP_TYPE_STORE;
|
|
|
|
|
args.pubexp_len = prkey->u.rsa.exponent.len * 8;
|
|
|
|
|
args.pubexp = prkey->u.rsa.exponent.data;
|
|
|
|
|
args.primep_len = prkey->u.rsa.p.len * 8;
|
|
|
|
|
args.primep = prkey->u.rsa.p.data;
|
|
|
|
|
args.primeq_len = prkey->u.rsa.q.len * 8;
|
|
|
|
|
args.primeq = prkey->u.rsa.q.data;
|
|
|
|
|
|
|
|
|
|
/* Generate/store rsa key */
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_GENERATE_STORE_KEY, &args);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Card control 'GENERATE_STORE_KEY' failed");
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2017-01-05 19:21:44 +00:00
|
|
|
sc_file_free(file);
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2018-11-22 22:10:49 +00:00
|
|
|
LOG_FUNC_RETURN(ctx, r);
|
2005-04-04 09:30:54 +00:00
|
|
|
}
|
|
|
|
|
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2005-04-04 09:30:54 +00:00
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
setcos_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
2012-04-02 21:40:05 +00:00
|
|
|
struct sc_pkcs15_object *object,
|
2010-01-31 20:29:58 +00:00
|
|
|
struct sc_pkcs15_pubkey *pubkey)
|
2005-04-04 09:30:54 +00:00
|
|
|
{
|
2010-02-21 16:21:57 +00:00
|
|
|
struct sc_context *ctx = p15card->card->ctx;
|
2005-04-04 09:30:54 +00:00
|
|
|
struct sc_cardctl_setcos_gen_store_key_info args;
|
|
|
|
|
struct sc_cardctl_setcos_data_obj data_obj;
|
2010-01-31 20:29:58 +00:00
|
|
|
struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)object->data;
|
2010-04-02 12:10:33 +00:00
|
|
|
int r;
|
|
|
|
|
size_t keybits = key_info->modulus_length;
|
2005-04-04 09:30:54 +00:00
|
|
|
unsigned char raw_pubkey[256];
|
2010-01-31 20:29:58 +00:00
|
|
|
struct sc_file *file = NULL;
|
2005-04-04 09:30:54 +00:00
|
|
|
|
2010-03-15 12:17:13 +00:00
|
|
|
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
2010-01-31 20:29:58 +00:00
|
|
|
if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Generate key failed: RSA only supported");
|
2005-04-04 09:30:54 +00:00
|
|
|
|
2010-01-31 20:29:58 +00:00
|
|
|
/* Parameter check */
|
|
|
|
|
if ( (keybits < 512) || (keybits > 1024) || (keybits & 0x7))
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid key length");
|
2005-04-04 09:30:54 +00:00
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_select_file(p15card->card, &key_info->path, &file);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Cannot store key: select key file failed");
|
2012-04-02 21:40:05 +00:00
|
|
|
|
2010-01-31 20:29:58 +00:00
|
|
|
/* Authenticate */
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "No authorisation to store private key");
|
2005-04-04 09:30:54 +00:00
|
|
|
|
|
|
|
|
/* Fill in data structure */
|
|
|
|
|
memset(&args, 0, sizeof(args));
|
|
|
|
|
args.mod_len = keybits;
|
2010-01-31 20:29:58 +00:00
|
|
|
args.op_type = OP_TYPE_GENERATE;
|
|
|
|
|
args.pubexp_len = SETCOS_DEFAULT_PUBKEY_LEN * 8;
|
|
|
|
|
args.pubexp = SETCOS_DEFAULT_PUBKEY;
|
2005-04-04 09:30:54 +00:00
|
|
|
|
|
|
|
|
/* Generate/store rsa key */
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_GENERATE_STORE_KEY, &args);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Card control 'GENERATE_STORE_KEY' failed");
|
2005-04-04 09:30:54 +00:00
|
|
|
|
2020-08-29 08:34:51 +00:00
|
|
|
/* Key pair generation -> collect public key info */
|
2005-04-04 09:30:54 +00:00
|
|
|
if (pubkey != NULL) {
|
|
|
|
|
pubkey->algorithm = SC_ALGORITHM_RSA;
|
|
|
|
|
pubkey->u.rsa.modulus.len = (keybits + 7) / 8;
|
Do not cast the return value of malloc(3) and calloc(3)
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-18 15:08:51 +00:00
|
|
|
pubkey->u.rsa.modulus.data = malloc(pubkey->u.rsa.modulus.len);
|
2005-04-04 09:30:54 +00:00
|
|
|
pubkey->u.rsa.exponent.len = SETCOS_DEFAULT_PUBKEY_LEN;
|
Do not cast the return value of malloc(3) and calloc(3)
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-18 15:08:51 +00:00
|
|
|
pubkey->u.rsa.exponent.data = malloc(SETCOS_DEFAULT_PUBKEY_LEN);
|
2005-04-04 09:30:54 +00:00
|
|
|
memcpy(pubkey->u.rsa.exponent.data, SETCOS_DEFAULT_PUBKEY, SETCOS_DEFAULT_PUBKEY_LEN);
|
|
|
|
|
|
|
|
|
|
/* Get public key modulus */
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_select_file(p15card->card, &file->path, NULL);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Cannot get key modulus: select key file failed");
|
2005-04-04 09:30:54 +00:00
|
|
|
|
2010-01-31 20:29:58 +00:00
|
|
|
data_obj.P1 = 0x01;
|
|
|
|
|
data_obj.P2 = 0x01;
|
2005-04-04 09:30:54 +00:00
|
|
|
data_obj.Data = raw_pubkey;
|
|
|
|
|
data_obj.DataLen = sizeof(raw_pubkey);
|
|
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_GETDATA, &data_obj);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Cannot get key modulus: 'SETCOS_GETDATA' failed");
|
2005-04-04 09:30:54 +00:00
|
|
|
|
2010-01-31 20:29:58 +00:00
|
|
|
keybits = ((raw_pubkey[0] * 256) + raw_pubkey[1]); /* modulus bit length */
|
|
|
|
|
if (keybits != key_info->modulus_length) {
|
2018-11-22 08:31:29 +00:00
|
|
|
sc_log(ctx,
|
2017-03-14 19:02:30 +00:00
|
|
|
"key-size from card[%"SC_FORMAT_LEN_SIZE_T"u] does not match[%"SC_FORMAT_LEN_SIZE_T"u]\n",
|
|
|
|
|
keybits, key_info->modulus_length);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, SC_ERROR_PKCS15INIT, "Failed to generate key");
|
2005-04-04 09:30:54 +00:00
|
|
|
}
|
|
|
|
|
memcpy (pubkey->u.rsa.modulus.data, &raw_pubkey[2], pubkey->u.rsa.modulus.len);
|
|
|
|
|
}
|
|
|
|
|
|
2010-01-31 20:29:58 +00:00
|
|
|
sc_file_free(file);
|
2005-04-04 09:30:54 +00:00
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
2010-01-31 20:29:58 +00:00
|
|
|
|
2005-04-04 09:30:54 +00:00
|
|
|
/*
|
|
|
|
|
* Create a new PIN
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
setcos_create_pin_internal(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
2011-06-05 15:46:25 +00:00
|
|
|
int ignore_ac, sc_pkcs15_auth_info_t *auth_info,
|
2005-04-04 09:30:54 +00:00
|
|
|
const u8 *pin, size_t pin_len,
|
|
|
|
|
const u8 *puk, size_t puk_len)
|
|
|
|
|
{
|
2010-02-21 16:21:57 +00:00
|
|
|
struct sc_context *ctx = p15card->card->ctx;
|
2005-04-04 09:30:54 +00:00
|
|
|
u8 data[32];
|
|
|
|
|
int r;
|
|
|
|
|
struct sc_cardctl_setcos_data_obj data_obj;
|
|
|
|
|
sc_file_t *pinfile = NULL;
|
|
|
|
|
|
2010-03-15 12:17:13 +00:00
|
|
|
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
2011-06-05 15:46:25 +00:00
|
|
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
|
|
|
|
return SC_ERROR_OBJECT_NOT_VALID;
|
|
|
|
|
|
|
|
|
|
if (auth_info->attrs.pin.reference >= SETCOS_MAX_PINS)
|
2005-04-04 09:30:54 +00:00
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
|
|
|
|
if (pin == NULL || puk == NULL || pin_len < 4 || puk_len < 4)
|
|
|
|
|
return SC_ERROR_INVALID_PIN_LENGTH;
|
|
|
|
|
|
|
|
|
|
/* Verify required access rights if needed (i.e. if the
|
|
|
|
|
* pin file isn't in the CREATE life cycle state). */
|
|
|
|
|
if (!ignore_ac) {
|
|
|
|
|
r = sc_profile_get_file(profile, "pinfile", &pinfile);
|
|
|
|
|
if (r >= 0)
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_pkcs15init_authenticate(profile, p15card, pinfile, SC_AC_OP_UPDATE);
|
2005-04-04 09:30:54 +00:00
|
|
|
sc_file_free(pinfile);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Make command to add a pin-record */
|
|
|
|
|
|
|
|
|
|
data_obj.P1 = 01;
|
|
|
|
|
data_obj.P2 = 01;
|
|
|
|
|
|
|
|
|
|
/* setcos pin number */
|
2011-06-05 15:46:25 +00:00
|
|
|
data[0] = auth_info->attrs.pin.reference;
|
2005-04-04 09:30:54 +00:00
|
|
|
|
2012-04-02 21:40:05 +00:00
|
|
|
memset(&data[1], auth_info->attrs.pin.pad_char, 16); /* padding */
|
2005-04-04 09:30:54 +00:00
|
|
|
memcpy(&data[1], (u8 *)pin, pin_len); /* copy pin*/
|
|
|
|
|
memcpy(&data[9], (u8 *)puk, puk_len); /* copy puk */
|
|
|
|
|
|
2011-06-05 15:46:25 +00:00
|
|
|
data[17] = auth_info->tries_left & 0x0F;
|
|
|
|
|
data[18] = auth_info->tries_left & 0x0F;
|
2005-04-04 09:30:54 +00:00
|
|
|
/* 0xF0: unlimited unblock tries */
|
2011-06-05 15:46:25 +00:00
|
|
|
data[19] = 0xF0 | setcos_puk_retries(profile, auth_info->attrs.pin.reference);
|
2005-04-04 09:30:54 +00:00
|
|
|
|
|
|
|
|
/* Allow an unlimited number of signatures after a pin verification.
|
|
|
|
|
* If set to 1 or so, we would have a UserConsent PIN. */
|
|
|
|
|
data[20] = 0x00;
|
|
|
|
|
|
2011-06-05 15:46:25 +00:00
|
|
|
if (auth_info->attrs.pin.type == 0)
|
2005-04-04 09:30:54 +00:00
|
|
|
data[21] = 0x01; /* BCD */
|
|
|
|
|
else
|
|
|
|
|
data[21] = 0x00; /* ASCII */
|
2011-06-05 15:46:25 +00:00
|
|
|
if ((auth_info->attrs.pin.flags & 0x010) == 0) /* test for initial pin */
|
2005-04-04 09:30:54 +00:00
|
|
|
data[21] |= 0x80;
|
|
|
|
|
|
|
|
|
|
data[22] = 0x00; /* not used */
|
|
|
|
|
data[23] = 0x00; /* not used */
|
|
|
|
|
|
|
|
|
|
data_obj.Data = data;
|
|
|
|
|
data_obj.DataLen = 24;
|
|
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_PUTDATA, &data_obj);
|
2005-04-04 09:30:54 +00:00
|
|
|
|
2010-03-15 12:17:13 +00:00
|
|
|
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r);
|
2005-04-04 09:30:54 +00:00
|
|
|
}
|
|
|
|
|
|
2005-08-22 09:20:13 +00:00
|
|
|
|
2005-08-14 22:33:43 +00:00
|
|
|
static struct sc_pkcs15init_operations sc_pkcs15init_setcos_operations = {
|
2010-04-14 11:36:40 +00:00
|
|
|
setcos_erase_card, /* erase_card */
|
|
|
|
|
setcos_init_card, /* init_card */
|
|
|
|
|
setcos_create_dir, /* create_dir */
|
|
|
|
|
NULL, /* create_domain */
|
|
|
|
|
setcos_select_pin_reference, /* select_pin_reference */
|
|
|
|
|
setcos_create_pin, /* create_pin */
|
|
|
|
|
NULL, /* select_key_reference */
|
|
|
|
|
setcos_create_key, /* create_key */
|
|
|
|
|
setcos_store_key, /* store_key */
|
|
|
|
|
setcos_generate_key, /* generate_key */
|
2012-04-02 21:40:05 +00:00
|
|
|
setcos_encode_private_key, /* encode_private_key */
|
2010-04-14 11:36:40 +00:00
|
|
|
setcos_encode_public_key, /* encode_public_key */
|
|
|
|
|
NULL, /* finalize_card */
|
2011-04-16 17:57:49 +00:00
|
|
|
NULL, /* delete_object */
|
2010-04-14 11:36:40 +00:00
|
|
|
NULL, /* emu_update_dir */
|
|
|
|
|
NULL, /* emu_update_any_df */
|
|
|
|
|
NULL, /* emu_update_tokeninfo */
|
2010-12-16 01:47:03 +00:00
|
|
|
NULL, /* emu_write_info */
|
2010-12-30 12:50:35 +00:00
|
|
|
NULL, /* emu_store_data */
|
2010-12-16 01:47:03 +00:00
|
|
|
NULL /* sanity_check */
|
2005-08-14 22:33:43 +00:00
|
|
|
};
|
2005-04-04 09:30:54 +00:00
|
|
|
|
|
|
|
|
struct sc_pkcs15init_operations *
|
|
|
|
|
sc_pkcs15init_get_setcos_ops(void)
|
|
|
|
|
{
|
2005-08-14 22:33:43 +00:00
|
|
|
return &sc_pkcs15init_setcos_operations;
|
2005-04-04 09:30:54 +00:00
|
|
|
}
|
