2009-09-12 11:46:00 +00:00
|
|
|
/*
|
2010-04-13 11:29:37 +00:00
|
|
|
* westcos-tool.c: tool for westcos card
|
2009-09-12 11:46:00 +00:00
|
|
|
*
|
2012-04-02 22:00:56 +00:00
|
|
|
* Copyright (C) 2009 francois.leblanc@cev-sa.com
|
2009-09-12 11:46:00 +00:00
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
*/
|
|
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2010-03-04 08:14:36 +00:00
|
|
|
#include "config.h"
|
2009-09-12 11:46:00 +00:00
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
2009-10-22 09:18:16 +00:00
|
|
|
#include <openssl/opensslv.h>
|
2009-09-12 11:46:00 +00:00
|
|
|
#include <openssl/rsa.h>
|
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
|
#include <openssl/pem.h>
|
|
|
|
|
#include <openssl/err.h>
|
|
|
|
|
#include <openssl/bio.h>
|
|
|
|
|
#include <openssl/x509v3.h>
|
|
|
|
|
#include <openssl/bn.h>
|
|
|
|
|
|
2016-01-06 14:40:59 +00:00
|
|
|
#include "libopensc/sc-ossl-compat.h"
|
2010-03-04 08:14:36 +00:00
|
|
|
#include "libopensc/opensc.h"
|
|
|
|
|
#include "libopensc/errors.h"
|
|
|
|
|
#include "libopensc/pkcs15.h"
|
|
|
|
|
#include "libopensc/cardctl.h"
|
|
|
|
|
|
2010-05-11 14:34:39 +00:00
|
|
|
#include "util.h"
|
|
|
|
|
|
|
|
|
|
static const char *app_name = "westcos-tool";
|
|
|
|
|
|
|
|
|
|
static const struct option options[] = {
|
|
|
|
|
{ "reader", 1, NULL, 'r' },
|
|
|
|
|
{ "wait", 0, NULL, 'w' },
|
|
|
|
|
{ "generate-key", 0, NULL, 'g' },
|
|
|
|
|
{ "overwrite-key", 0, NULL, 'o' },
|
|
|
|
|
{ "key-length", 1, NULL, 'l' },
|
|
|
|
|
{ "install-pin", 0, NULL, 'i' },
|
|
|
|
|
{ "pin-value", 1, NULL, 'x' },
|
|
|
|
|
{ "puk-value", 1, NULL, 'y' },
|
|
|
|
|
{ "change-pin", 0, NULL, 'n' },
|
|
|
|
|
{ "unblock-pin", 0, NULL, 'u' },
|
2011-03-20 13:17:29 +00:00
|
|
|
{ "certificate", 1, NULL, 't' },
|
2010-05-11 14:34:39 +00:00
|
|
|
{ "finalize", 0, NULL, 'f' },
|
|
|
|
|
{ "read-file", 1, NULL, 'j' },
|
|
|
|
|
{ "write-file", 1, NULL, 'k' },
|
|
|
|
|
{ "help", 0, NULL, 'h' },
|
|
|
|
|
{ "verbose", 0, NULL, 'v' },
|
|
|
|
|
{ NULL, 0, NULL, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const char *option_help[] = {
|
|
|
|
|
"Uses reader number <arg> [0]",
|
|
|
|
|
"Wait for card insertion",
|
|
|
|
|
"Generate key 1536 default",
|
|
|
|
|
"Overwrite key if already exist",
|
|
|
|
|
"Key length <arg> [512,1024,1536]",
|
|
|
|
|
"Install pin",
|
|
|
|
|
"Pin value <arg>",
|
|
|
|
|
"Puk value <arg>",
|
|
|
|
|
"Change pin (new pin in puk value)",
|
|
|
|
|
"Unblock pin",
|
|
|
|
|
"Write certificate <arg> (in pem format)",
|
|
|
|
|
"Finalize card(!!! MANDATORY FOR SECURITY !!!)",
|
|
|
|
|
"Read file <arg>",
|
|
|
|
|
"Write file <arg> (ex 0002 write file 0002 to 0002)",
|
|
|
|
|
"This message",
|
|
|
|
|
"Verbose operation. Use several times to enable debug output."
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int opt_wait = 0, verbose = 0;
|
|
|
|
|
static const char *opt_driver = NULL;
|
|
|
|
|
static const char *opt_reader = NULL;
|
|
|
|
|
|
|
|
|
|
static int finalize = 0;
|
2009-09-12 11:46:00 +00:00
|
|
|
static int install_pin = 0;
|
2010-05-11 14:34:39 +00:00
|
|
|
static int overwrite = 0;
|
2009-09-12 11:46:00 +00:00
|
|
|
|
|
|
|
|
static char *cert = NULL;
|
|
|
|
|
|
|
|
|
|
static int keylen = 0;
|
|
|
|
|
|
|
|
|
|
static int new_pin = 0;
|
2010-02-25 15:16:23 +00:00
|
|
|
static int unlock = 0;
|
2009-09-12 11:46:00 +00:00
|
|
|
|
|
|
|
|
static char *get_filename = NULL;
|
|
|
|
|
static char *put_filename = NULL;
|
|
|
|
|
|
2016-01-06 14:40:59 +00:00
|
|
|
static int do_convert_bignum(sc_pkcs15_bignum_t *dst, const BIGNUM *src)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
if (src == 0) return 0;
|
|
|
|
|
dst->len = BN_num_bytes(src);
|
Do not cast the return value of malloc(3) and calloc(3)
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-18 15:08:51 +00:00
|
|
|
dst->data = malloc(dst->len);
|
2017-04-20 19:08:49 +00:00
|
|
|
if (!dst->data) return 0;
|
|
|
|
|
if (!BN_bn2bin(src, dst->data)) return 0;
|
2009-09-12 11:46:00 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int charge = 0;
|
2014-11-26 17:59:33 +00:00
|
|
|
static void print_openssl_error(void)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
long r;
|
|
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
if (!charge)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
ERR_load_crypto_strings();
|
|
|
|
|
charge = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
while ((r = ERR_get_error()) != 0)
|
2010-05-11 14:34:39 +00:00
|
|
|
printf("%s\n", ERR_error_string(r, NULL));
|
2009-09-12 11:46:00 +00:00
|
|
|
}
|
|
|
|
|
|
2014-12-07 16:19:57 +00:00
|
|
|
static int verify_pin(sc_card_t *card, int pin_reference, const char *pin_value)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
int r, tries_left = -1;
|
|
|
|
|
struct sc_pin_cmd_data data;
|
|
|
|
|
|
|
|
|
|
memset(&data, 0, sizeof(data));
|
|
|
|
|
data.cmd = SC_PIN_CMD_VERIFY;
|
|
|
|
|
|
|
|
|
|
data.pin_type = SC_AC_CHV;
|
|
|
|
|
|
|
|
|
|
data.pin_reference = pin_reference;
|
|
|
|
|
|
|
|
|
|
data.flags = SC_PIN_CMD_NEED_PADDING;
|
|
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
if (card->reader->capabilities & SC_READER_CAP_PIN_PAD)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
printf("Please enter PIN on the reader's pin pad.\n");
|
|
|
|
|
data.pin1.prompt = "Please enter PIN";
|
|
|
|
|
data.flags |= SC_PIN_CMD_USE_PINPAD;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if(pin_value == NULL)
|
|
|
|
|
{
|
|
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
|
|
|
|
}
|
|
|
|
|
|
2009-10-25 20:22:11 +00:00
|
|
|
data.pin1.data = (u8*)pin_value;
|
2009-09-12 11:46:00 +00:00
|
|
|
data.pin1.len = strlen(pin_value);
|
|
|
|
|
}
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2009-09-12 11:46:00 +00:00
|
|
|
r = sc_pin_cmd(card, &data, &tries_left);
|
|
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
if (r)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
2012-04-02 22:00:56 +00:00
|
|
|
if (r == SC_ERROR_PIN_CODE_INCORRECT)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
2012-04-02 22:00:56 +00:00
|
|
|
if (tries_left >= 0)
|
2011-03-20 13:17:29 +00:00
|
|
|
printf("Error %d attempts left.\n", tries_left);
|
2009-09-12 11:46:00 +00:00
|
|
|
else
|
|
|
|
|
printf("Wrong pin.\n");
|
|
|
|
|
}
|
|
|
|
|
else
|
2010-05-11 14:34:39 +00:00
|
|
|
printf("The pin can be verify: %s\n", sc_strerror(r));
|
2009-09-12 11:46:00 +00:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
printf("Pin correct.\n");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
static int change_pin(sc_card_t *card,
|
|
|
|
|
int pin_reference,
|
2014-12-07 16:19:57 +00:00
|
|
|
const char *pin_value1,
|
|
|
|
|
const char *pin_value2)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
int r, tries_left = -1;
|
|
|
|
|
struct sc_pin_cmd_data data;
|
|
|
|
|
|
|
|
|
|
memset(&data, 0, sizeof(data));
|
|
|
|
|
data.cmd = SC_PIN_CMD_CHANGE;
|
|
|
|
|
|
|
|
|
|
data.pin_type = SC_AC_CHV;
|
|
|
|
|
|
|
|
|
|
data.pin_reference = pin_reference;
|
|
|
|
|
|
|
|
|
|
data.flags = SC_PIN_CMD_NEED_PADDING;
|
|
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
if (card->reader->capabilities & SC_READER_CAP_PIN_PAD)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
printf("Please enter PIN on the reader's pin pad.\n");
|
|
|
|
|
data.pin1.prompt = "Please enter PIN";
|
|
|
|
|
data.flags |= SC_PIN_CMD_USE_PINPAD;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if(pin_value1 == NULL || pin_value2 == NULL)
|
|
|
|
|
{
|
|
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
|
|
|
|
}
|
|
|
|
|
|
2009-10-25 20:22:11 +00:00
|
|
|
data.pin1.data = (u8*)pin_value1;
|
2009-09-12 11:46:00 +00:00
|
|
|
data.pin1.len = strlen(pin_value1);
|
|
|
|
|
|
2009-10-25 20:22:11 +00:00
|
|
|
data.pin2.data = (u8*)pin_value2;
|
2009-09-12 11:46:00 +00:00
|
|
|
data.pin2.len = strlen(pin_value2);
|
|
|
|
|
|
|
|
|
|
}
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2009-09-12 11:46:00 +00:00
|
|
|
r = sc_pin_cmd(card, &data, &tries_left);
|
|
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
if (r)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
2012-04-02 22:00:56 +00:00
|
|
|
if (r == SC_ERROR_PIN_CODE_INCORRECT)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
2012-04-02 22:00:56 +00:00
|
|
|
if (tries_left >= 0)
|
2011-03-20 13:17:29 +00:00
|
|
|
printf("Error %d attempts left.\n", tries_left);
|
2009-09-12 11:46:00 +00:00
|
|
|
else
|
|
|
|
|
printf("Wrong pin.\n");
|
|
|
|
|
}
|
|
|
|
|
else
|
2012-04-02 22:00:56 +00:00
|
|
|
printf("Can't change pin: %s\n",
|
2009-09-12 11:46:00 +00:00
|
|
|
sc_strerror(r));
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
printf("Pin changed.\n");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
static int unlock_pin(sc_card_t *card,
|
|
|
|
|
int pin_reference,
|
2014-12-07 16:19:57 +00:00
|
|
|
const char *puk_value,
|
|
|
|
|
const char *pin_value)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
int r, tries_left = -1;
|
|
|
|
|
struct sc_pin_cmd_data data;
|
|
|
|
|
|
|
|
|
|
memset(&data, 0, sizeof(data));
|
|
|
|
|
data.cmd = SC_PIN_CMD_UNBLOCK;
|
|
|
|
|
|
|
|
|
|
data.pin_type = SC_AC_CHV;
|
|
|
|
|
|
|
|
|
|
data.pin_reference = pin_reference;
|
|
|
|
|
|
|
|
|
|
data.flags = SC_PIN_CMD_NEED_PADDING;
|
|
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
if (card->reader->capabilities & SC_READER_CAP_PIN_PAD)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
printf("Please enter PIN on the reader's pin pad.\n");
|
|
|
|
|
data.pin1.prompt = "Please enter PIN";
|
|
|
|
|
data.flags |= SC_PIN_CMD_USE_PINPAD;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2017-04-03 11:43:30 +00:00
|
|
|
if(pin_value == NULL || puk_value == NULL)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
|
|
|
|
}
|
|
|
|
|
|
2009-10-25 20:22:11 +00:00
|
|
|
data.pin1.data = (u8*)puk_value;
|
2009-09-12 11:46:00 +00:00
|
|
|
data.pin1.len = strlen(puk_value);
|
|
|
|
|
|
2009-10-25 20:22:11 +00:00
|
|
|
data.pin2.data = (u8*)pin_value;
|
2009-09-12 11:46:00 +00:00
|
|
|
data.pin2.len = strlen(pin_value);
|
|
|
|
|
|
|
|
|
|
}
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2009-09-12 11:46:00 +00:00
|
|
|
r = sc_pin_cmd(card, &data, &tries_left);
|
|
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
if (r)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
2012-04-02 22:00:56 +00:00
|
|
|
if (r == SC_ERROR_PIN_CODE_INCORRECT)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
2012-04-02 22:00:56 +00:00
|
|
|
if (tries_left >= 0)
|
2011-03-20 13:17:29 +00:00
|
|
|
printf("Error %d attempts left.\n", tries_left);
|
2009-09-12 11:46:00 +00:00
|
|
|
else
|
|
|
|
|
printf("Wrong pin.\n");
|
|
|
|
|
}
|
|
|
|
|
else
|
2012-04-02 22:00:56 +00:00
|
|
|
printf("Can't unblock pin: %s\n",
|
2009-09-12 11:46:00 +00:00
|
|
|
sc_strerror(r));
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2010-02-25 15:16:23 +00:00
|
|
|
printf("Unlock pin.\n");
|
2009-09-12 11:46:00 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int cert2der(X509 *cert, u8 **value)
|
|
|
|
|
{
|
|
|
|
|
int len;
|
|
|
|
|
u8 *p;
|
|
|
|
|
len = i2d_X509(cert, NULL);
|
Do not cast the return value of malloc(3) and calloc(3)
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-18 15:08:51 +00:00
|
|
|
p = *value = malloc(len);
|
2009-09-12 11:46:00 +00:00
|
|
|
i2d_X509(cert, &p);
|
|
|
|
|
return len;
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-26 17:59:33 +00:00
|
|
|
static int create_file_cert(sc_card_t *card)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
int r;
|
2015-01-22 19:29:33 +00:00
|
|
|
int size = 0;
|
2009-09-12 11:46:00 +00:00
|
|
|
sc_path_t path;
|
|
|
|
|
sc_file_t *file = NULL;
|
|
|
|
|
|
|
|
|
|
sc_format_path("3F00", &path);
|
|
|
|
|
r = sc_select_file(card, &path, &file);
|
|
|
|
|
if(r) goto out;
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2009-09-12 11:46:00 +00:00
|
|
|
if(file)
|
|
|
|
|
{
|
2015-01-22 19:29:33 +00:00
|
|
|
size = (file->size) - 32;
|
2009-09-12 11:46:00 +00:00
|
|
|
sc_file_free(file);
|
|
|
|
|
file = NULL;
|
2015-01-22 19:29:33 +00:00
|
|
|
} else {
|
|
|
|
|
size = 2048;
|
2009-09-12 11:46:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sc_format_path("0002", &path);
|
|
|
|
|
r = sc_select_file(card, &path, NULL);
|
2012-04-02 22:00:56 +00:00
|
|
|
if(r)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
if(r != SC_ERROR_FILE_NOT_FOUND) goto out;
|
|
|
|
|
|
|
|
|
|
file = sc_file_new();
|
|
|
|
|
if(file == NULL)
|
|
|
|
|
{
|
2010-05-11 14:34:39 +00:00
|
|
|
printf("Memory error.\n");
|
2009-09-12 11:46:00 +00:00
|
|
|
goto out;
|
|
|
|
|
}
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2009-09-12 11:46:00 +00:00
|
|
|
file->type = SC_FILE_TYPE_WORKING_EF;
|
|
|
|
|
file->ef_structure = SC_FILE_EF_TRANSPARENT;
|
|
|
|
|
file->shareable = 0;
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2009-09-12 11:46:00 +00:00
|
|
|
file->size = size;
|
|
|
|
|
|
|
|
|
|
r = sc_file_add_acl_entry(file, SC_AC_OP_READ, SC_AC_NONE, 0);
|
|
|
|
|
if(r) goto out;
|
|
|
|
|
r = sc_file_add_acl_entry(file, SC_AC_OP_UPDATE, SC_AC_CHV, 0);
|
|
|
|
|
if(r) goto out;
|
|
|
|
|
r = sc_file_add_acl_entry(file, SC_AC_OP_ERASE, SC_AC_CHV, 0);
|
|
|
|
|
if(r) goto out;
|
|
|
|
|
|
|
|
|
|
file->path = path;
|
|
|
|
|
r = sc_create_file(card, file);
|
|
|
|
|
if(r) goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
if(file)
|
|
|
|
|
sc_file_free(file);
|
|
|
|
|
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int main(int argc, char *argv[])
|
|
|
|
|
{
|
2010-05-11 14:34:39 +00:00
|
|
|
int r, c, long_optind = 0;
|
2009-09-12 11:46:00 +00:00
|
|
|
sc_context_param_t ctx_param;
|
|
|
|
|
sc_card_t *card = NULL;
|
|
|
|
|
sc_context_t *ctx = NULL;
|
|
|
|
|
sc_file_t *file = NULL;
|
|
|
|
|
sc_path_t path;
|
2009-10-22 09:18:16 +00:00
|
|
|
RSA *rsa = NULL;
|
|
|
|
|
BIGNUM *bn = NULL;
|
|
|
|
|
BIO *mem = NULL;
|
2017-04-03 11:43:30 +00:00
|
|
|
static const char *pin = NULL;
|
|
|
|
|
static const char *puk = NULL;
|
2009-09-12 11:46:00 +00:00
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
while (1)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
2010-05-11 14:34:39 +00:00
|
|
|
c = getopt_long(argc, argv, "r:wgol:ix:y:nut:fj:k:hv", \
|
|
|
|
|
options, &long_optind);
|
|
|
|
|
if (c == -1)
|
|
|
|
|
break;
|
|
|
|
|
if (c == '?' || c == 'h')
|
2012-05-26 16:53:09 +00:00
|
|
|
util_print_usage_and_die(app_name, options, option_help, NULL);
|
2012-04-02 22:00:56 +00:00
|
|
|
switch (c)
|
2010-05-11 14:34:39 +00:00
|
|
|
{
|
|
|
|
|
case 'r':
|
|
|
|
|
opt_reader = optarg;
|
|
|
|
|
break;
|
|
|
|
|
case 'w':
|
|
|
|
|
opt_wait = 1;
|
|
|
|
|
break;
|
|
|
|
|
case 'g':
|
|
|
|
|
if(keylen == 0) keylen = 1536;
|
|
|
|
|
break;
|
|
|
|
|
case 'o':
|
|
|
|
|
overwrite = 1;
|
|
|
|
|
break;
|
|
|
|
|
case 'l':
|
|
|
|
|
keylen = atoi(optarg);
|
|
|
|
|
break;
|
|
|
|
|
case 'i':
|
|
|
|
|
install_pin = 1;
|
|
|
|
|
break;
|
|
|
|
|
case 'x':
|
2014-11-04 20:44:02 +00:00
|
|
|
util_get_pin(optarg, &pin);
|
2010-05-11 14:34:39 +00:00
|
|
|
break;
|
|
|
|
|
case 'y':
|
2014-11-04 20:44:02 +00:00
|
|
|
util_get_pin(optarg, &puk);
|
2010-05-11 14:34:39 +00:00
|
|
|
break;
|
|
|
|
|
case 'n':
|
|
|
|
|
new_pin = 1;
|
|
|
|
|
break;
|
|
|
|
|
case 'u':
|
|
|
|
|
unlock = 1;
|
|
|
|
|
break;
|
|
|
|
|
case 't':
|
|
|
|
|
cert = optarg;
|
|
|
|
|
break;
|
|
|
|
|
case 'f':
|
|
|
|
|
finalize = 1;
|
|
|
|
|
break;
|
|
|
|
|
case 'j':
|
|
|
|
|
get_filename = optarg;
|
|
|
|
|
break;
|
|
|
|
|
case 'k':
|
|
|
|
|
put_filename = optarg;
|
|
|
|
|
break;
|
|
|
|
|
case 'v':
|
|
|
|
|
verbose++;
|
|
|
|
|
break;
|
2009-09-12 11:46:00 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memset(&ctx_param, 0, sizeof(ctx_param));
|
|
|
|
|
ctx_param.ver = 0;
|
|
|
|
|
ctx_param.app_name = argv[0];
|
|
|
|
|
|
|
|
|
|
r = sc_context_create(&ctx, &ctx_param);
|
2012-04-02 22:00:56 +00:00
|
|
|
if (r)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
2010-05-11 14:34:39 +00:00
|
|
|
printf("Failed to establish context: %s\n", sc_strerror(r));
|
2009-09-12 11:46:00 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
2010-03-15 12:17:13 +00:00
|
|
|
|
2010-10-20 07:53:19 +00:00
|
|
|
if (verbose > 1) {
|
|
|
|
|
ctx->debug = verbose;
|
2011-04-18 10:01:27 +00:00
|
|
|
sc_ctx_log_to_file(ctx, "stderr");
|
2010-10-20 07:53:19 +00:00
|
|
|
}
|
2009-09-12 11:46:00 +00:00
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
if (opt_driver != NULL)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
2010-05-11 14:34:39 +00:00
|
|
|
r = sc_set_card_driver(ctx, opt_driver);
|
2012-04-02 22:00:56 +00:00
|
|
|
if (r)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
2010-05-11 14:34:39 +00:00
|
|
|
printf("Driver '%s' not found!\n", opt_driver);
|
|
|
|
|
goto out;
|
2009-09-12 11:46:00 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2010-05-11 14:34:39 +00:00
|
|
|
r = util_connect_card(ctx, &card, opt_reader, opt_wait, 0);
|
|
|
|
|
if (r)
|
|
|
|
|
goto out;
|
2009-09-12 11:46:00 +00:00
|
|
|
|
|
|
|
|
sc_format_path("3F00", &path);
|
|
|
|
|
r = sc_select_file(card, &path, NULL);
|
|
|
|
|
if(r) goto out;
|
|
|
|
|
|
|
|
|
|
if(install_pin)
|
|
|
|
|
{
|
|
|
|
|
sc_format_path("AAAA", &path);
|
|
|
|
|
r = sc_select_file(card, &path, NULL);
|
2012-04-02 22:00:56 +00:00
|
|
|
if(r)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
if(r != SC_ERROR_FILE_NOT_FOUND) goto out;
|
|
|
|
|
|
|
|
|
|
file = sc_file_new();
|
|
|
|
|
if(file == NULL)
|
|
|
|
|
{
|
2018-04-14 17:38:34 +00:00
|
|
|
printf("Not enough memory.\n");
|
2009-09-12 11:46:00 +00:00
|
|
|
goto out;
|
|
|
|
|
}
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2009-09-12 11:46:00 +00:00
|
|
|
file->type = SC_FILE_TYPE_INTERNAL_EF;
|
|
|
|
|
file->ef_structure = SC_FILE_EF_TRANSPARENT;
|
|
|
|
|
file->shareable = 0;
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2009-09-12 11:46:00 +00:00
|
|
|
file->id = 0xAAAA;
|
|
|
|
|
file->size = 37;
|
|
|
|
|
|
|
|
|
|
r = sc_file_add_acl_entry(file, SC_AC_OP_READ, SC_AC_NONE, 0);
|
|
|
|
|
if(r) goto out;
|
|
|
|
|
r = sc_file_add_acl_entry(file, SC_AC_OP_UPDATE, SC_AC_NONE, 0);
|
|
|
|
|
if(r) goto out;
|
|
|
|
|
r = sc_file_add_acl_entry(file, SC_AC_OP_ERASE, SC_AC_NONE, 0);
|
|
|
|
|
if(r) goto out;
|
|
|
|
|
|
2010-06-11 07:35:45 +00:00
|
|
|
/* sc_format_path("3F00AAAA", &(file->path)); */
|
2009-09-12 11:46:00 +00:00
|
|
|
file->path = path;
|
|
|
|
|
r = sc_create_file(card, file);
|
|
|
|
|
if(r) goto out;
|
2012-04-02 22:00:56 +00:00
|
|
|
}
|
2009-09-12 11:46:00 +00:00
|
|
|
|
|
|
|
|
if(pin != NULL)
|
|
|
|
|
{
|
|
|
|
|
sc_changekey_t ck;
|
|
|
|
|
struct sc_pin_cmd_pin pin_cmd;
|
2010-03-28 16:15:26 +00:00
|
|
|
int ret;
|
2009-09-12 11:46:00 +00:00
|
|
|
|
|
|
|
|
memset(&pin_cmd, 0, sizeof(pin_cmd));
|
|
|
|
|
memset(&ck, 0, sizeof(ck));
|
|
|
|
|
|
|
|
|
|
memcpy(ck.key_template, "\x1e\x00\x00\x10", 4);
|
|
|
|
|
|
|
|
|
|
pin_cmd.encoding = SC_PIN_ENCODING_GLP;
|
|
|
|
|
pin_cmd.len = strlen(pin);
|
2009-10-25 20:22:11 +00:00
|
|
|
pin_cmd.data = (u8*)pin;
|
2009-09-12 11:46:00 +00:00
|
|
|
pin_cmd.max_length = 8;
|
|
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
ret = sc_build_pin(ck.new_key.key_value,
|
|
|
|
|
sizeof(ck.new_key.key_value), &pin_cmd, 1);
|
2010-03-28 16:15:26 +00:00
|
|
|
if(ret < 0)
|
2009-09-12 11:46:00 +00:00
|
|
|
goto out;
|
|
|
|
|
|
2010-03-28 16:15:26 +00:00
|
|
|
ck.new_key.key_len = ret;
|
2009-09-12 11:46:00 +00:00
|
|
|
r = sc_card_ctl(card, SC_CARDCTL_WESTCOS_CHANGE_KEY, &ck);
|
|
|
|
|
if(r) goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(puk != NULL)
|
|
|
|
|
{
|
|
|
|
|
sc_changekey_t ck;
|
|
|
|
|
struct sc_pin_cmd_pin puk_cmd;
|
2010-03-28 16:15:26 +00:00
|
|
|
int ret;
|
2009-09-12 11:46:00 +00:00
|
|
|
|
|
|
|
|
memset(&puk_cmd, 0, sizeof(puk_cmd));
|
|
|
|
|
memset(&ck, 0, sizeof(ck));
|
|
|
|
|
|
|
|
|
|
memcpy(ck.key_template, "\x1e\x00\x00\x20", 4);
|
|
|
|
|
|
|
|
|
|
puk_cmd.encoding = SC_PIN_ENCODING_GLP;
|
|
|
|
|
puk_cmd.len = strlen(puk);
|
2009-10-25 20:22:11 +00:00
|
|
|
puk_cmd.data = (u8*)puk;
|
2009-09-12 11:46:00 +00:00
|
|
|
puk_cmd.max_length = 8;
|
|
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
ret = sc_build_pin(ck.new_key.key_value,
|
|
|
|
|
sizeof(ck.new_key.key_value), &puk_cmd, 1);
|
2010-03-28 16:15:26 +00:00
|
|
|
if(ret < 0)
|
2009-09-12 11:46:00 +00:00
|
|
|
goto out;
|
|
|
|
|
|
2010-03-28 16:15:26 +00:00
|
|
|
ck.new_key.key_len = ret;
|
2009-09-12 11:46:00 +00:00
|
|
|
r = sc_card_ctl(card, SC_CARDCTL_WESTCOS_CHANGE_KEY, &ck);
|
|
|
|
|
if(r) goto out;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(new_pin)
|
|
|
|
|
{
|
2012-04-02 22:00:56 +00:00
|
|
|
if(change_pin(card, 0, pin, puk))
|
2009-09-12 11:46:00 +00:00
|
|
|
printf("Wrong pin.\n");
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
2010-02-25 15:16:23 +00:00
|
|
|
if(unlock)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
2012-04-02 22:00:56 +00:00
|
|
|
if(unlock_pin(card, 0, puk, pin))
|
2009-09-12 11:46:00 +00:00
|
|
|
printf("Error unblocking pin.\n");
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
printf("verify pin.\n");
|
|
|
|
|
{
|
2012-04-02 22:00:56 +00:00
|
|
|
if(verify_pin(card, 0, pin))
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
printf("Wrong pin.\n");
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(keylen)
|
|
|
|
|
{
|
2012-04-02 22:00:56 +00:00
|
|
|
size_t lg;
|
2009-09-12 11:46:00 +00:00
|
|
|
struct sc_pkcs15_pubkey key;
|
|
|
|
|
struct sc_pkcs15_pubkey_rsa *dst = &(key.u.rsa);
|
2009-10-25 20:22:11 +00:00
|
|
|
u8 *pdata;
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2009-09-12 11:46:00 +00:00
|
|
|
memset(&key, 0, sizeof(key));
|
|
|
|
|
key.algorithm = SC_ALGORITHM_RSA;
|
|
|
|
|
|
|
|
|
|
printf("Generate key of length %d.\n", keylen);
|
|
|
|
|
|
2009-10-22 09:18:16 +00:00
|
|
|
rsa = RSA_new();
|
|
|
|
|
bn = BN_new();
|
|
|
|
|
mem = BIO_new(BIO_s_mem());
|
2012-04-02 22:00:56 +00:00
|
|
|
|
|
|
|
|
if(rsa == NULL || bn == NULL || mem == NULL)
|
2009-10-22 09:18:16 +00:00
|
|
|
{
|
2018-04-14 17:38:34 +00:00
|
|
|
printf("Not enough memory.\n");
|
2009-10-22 09:18:16 +00:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
if(!BN_set_word(bn, RSA_F4) ||
|
2009-09-12 11:46:00 +00:00
|
|
|
!RSA_generate_key_ex(rsa, keylen, bn, NULL))
|
|
|
|
|
{
|
2010-05-11 14:34:39 +00:00
|
|
|
printf("RSA_generate_key_ex return %ld\n", ERR_get_error());
|
2009-09-12 11:46:00 +00:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-06 14:40:59 +00:00
|
|
|
RSA_set_method(rsa, RSA_PKCS1_OpenSSL());
|
2009-09-12 11:46:00 +00:00
|
|
|
|
|
|
|
|
if(!i2d_RSAPrivateKey_bio(mem, rsa))
|
|
|
|
|
{
|
2010-05-11 14:34:39 +00:00
|
|
|
printf("i2d_RSAPrivateKey_bio return %ld\n", ERR_get_error());
|
2009-09-12 11:46:00 +00:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
2009-10-25 20:22:11 +00:00
|
|
|
lg = BIO_get_mem_data(mem, &pdata);
|
2009-09-12 11:46:00 +00:00
|
|
|
|
|
|
|
|
sc_format_path("0001", &path);
|
|
|
|
|
r = sc_select_file(card, &path, NULL);
|
2012-04-02 22:00:56 +00:00
|
|
|
if(r)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
if(r != SC_ERROR_FILE_NOT_FOUND) goto out;
|
|
|
|
|
|
|
|
|
|
file = sc_file_new();
|
|
|
|
|
if(file == NULL)
|
|
|
|
|
{
|
2018-04-14 17:38:34 +00:00
|
|
|
printf("Not enough memory.\n");
|
2009-09-12 11:46:00 +00:00
|
|
|
goto out;
|
|
|
|
|
}
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2009-09-12 11:46:00 +00:00
|
|
|
file->type = SC_FILE_TYPE_WORKING_EF;
|
|
|
|
|
file->ef_structure = SC_FILE_EF_TRANSPARENT;
|
|
|
|
|
file->shareable = 0;
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2009-09-12 11:46:00 +00:00
|
|
|
file->size = ((lg/4)+1)*4;
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2009-09-12 11:46:00 +00:00
|
|
|
r = sc_file_add_acl_entry(file, SC_AC_OP_READ, SC_AC_CHV, 0);
|
|
|
|
|
if(r) goto out;
|
|
|
|
|
r = sc_file_add_acl_entry(file, SC_AC_OP_UPDATE, SC_AC_CHV, 0);
|
|
|
|
|
if(r) goto out;
|
|
|
|
|
r = sc_file_add_acl_entry(file, SC_AC_OP_ERASE, SC_AC_CHV, 0);
|
|
|
|
|
if(r) goto out;
|
|
|
|
|
|
|
|
|
|
file->path = path;
|
|
|
|
|
|
2016-09-28 17:35:13 +00:00
|
|
|
printf("File key creation %s, size %"SC_FORMAT_LEN_SIZE_T"d.\n",
|
|
|
|
|
file->path.value,
|
|
|
|
|
file->size);
|
2009-09-12 11:46:00 +00:00
|
|
|
|
|
|
|
|
r = sc_create_file(card, file);
|
|
|
|
|
if(r) goto out;
|
2012-04-02 22:00:56 +00:00
|
|
|
}
|
2009-09-12 11:46:00 +00:00
|
|
|
else
|
|
|
|
|
{
|
2010-05-11 14:34:39 +00:00
|
|
|
if(!overwrite)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
2010-05-11 14:34:39 +00:00
|
|
|
printf("Key file already exist,"\
|
|
|
|
|
" use -o to replace it.\n");
|
2009-09-12 11:46:00 +00:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-28 17:35:13 +00:00
|
|
|
printf("Private key length is %"SC_FORMAT_LEN_SIZE_T"d\n", lg);
|
2009-09-12 11:46:00 +00:00
|
|
|
|
|
|
|
|
printf("Write private key.\n");
|
2009-10-25 20:22:11 +00:00
|
|
|
r = sc_update_binary(card,0,pdata,lg,0);
|
2009-09-12 11:46:00 +00:00
|
|
|
if(r<0) goto out;
|
|
|
|
|
printf("Private key correctly written.\n");
|
|
|
|
|
|
2014-11-26 17:59:33 +00:00
|
|
|
r = create_file_cert(card);
|
2009-09-12 11:46:00 +00:00
|
|
|
if(r) goto out;
|
|
|
|
|
|
2016-01-06 14:40:59 +00:00
|
|
|
{
|
|
|
|
|
const BIGNUM *rsa_n, *rsa_e;
|
|
|
|
|
|
|
|
|
|
RSA_get0_key(rsa, &rsa_n, &rsa_e, NULL);
|
|
|
|
|
|
|
|
|
|
if (!do_convert_bignum(&dst->modulus, rsa_n)
|
|
|
|
|
|| !do_convert_bignum(&dst->exponent, rsa_e))
|
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
|
|
}
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2009-10-25 20:22:11 +00:00
|
|
|
r = sc_pkcs15_encode_pubkey(ctx, &key, &pdata, &lg);
|
2009-09-12 11:46:00 +00:00
|
|
|
if(r) goto out;
|
|
|
|
|
|
2016-09-28 17:35:13 +00:00
|
|
|
printf("Public key length %"SC_FORMAT_LEN_SIZE_T"d\n", lg);
|
2009-09-12 11:46:00 +00:00
|
|
|
|
|
|
|
|
sc_format_path("3F000002", &path);
|
|
|
|
|
r = sc_select_file(card, &path, NULL);
|
|
|
|
|
if(r) goto out;
|
|
|
|
|
|
|
|
|
|
printf("Write public key.\n");
|
2009-10-25 20:22:11 +00:00
|
|
|
r = sc_update_binary(card,0,pdata,lg,0);
|
2009-09-12 11:46:00 +00:00
|
|
|
if(r<0) goto out;
|
|
|
|
|
printf("Public key correctly written.\n");
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(cert)
|
|
|
|
|
{
|
2009-10-25 20:22:11 +00:00
|
|
|
BIO *bio;
|
|
|
|
|
X509 *xp;
|
|
|
|
|
u8 *pdata;
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2009-09-12 11:46:00 +00:00
|
|
|
bio = BIO_new(BIO_s_file());
|
|
|
|
|
if (BIO_read_filename(bio, cert) <= 0)
|
|
|
|
|
{
|
|
|
|
|
BIO_free(bio);
|
2010-05-11 14:34:39 +00:00
|
|
|
printf("Can't open file %s.\n", cert);
|
2009-09-12 11:46:00 +00:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
xp = PEM_read_bio_X509(bio, NULL, NULL, NULL);
|
|
|
|
|
BIO_free(bio);
|
2012-04-02 22:00:56 +00:00
|
|
|
if (xp == NULL)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
2014-11-26 17:59:33 +00:00
|
|
|
print_openssl_error();
|
2009-09-12 11:46:00 +00:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2009-10-25 20:22:11 +00:00
|
|
|
int lg = cert2der(xp, &pdata);
|
2009-09-12 11:46:00 +00:00
|
|
|
|
|
|
|
|
sc_format_path("0002", &path);
|
|
|
|
|
r = sc_select_file(card, &path, NULL);
|
|
|
|
|
if(r) goto out;
|
|
|
|
|
|
2014-11-26 17:59:33 +00:00
|
|
|
/* FIXME: verify if the file has a compatible size... */
|
2009-09-12 11:46:00 +00:00
|
|
|
printf("Write certificate %s.\n", cert);
|
|
|
|
|
|
2009-10-25 20:22:11 +00:00
|
|
|
r = sc_update_binary(card,0,pdata,lg,0);
|
2010-05-11 14:34:39 +00:00
|
|
|
if(r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED)
|
|
|
|
|
{
|
|
|
|
|
if(verify_pin(card, 0, pin))
|
|
|
|
|
{
|
|
|
|
|
printf("Wrong pin.\n");
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2012-04-02 22:00:56 +00:00
|
|
|
r = sc_update_binary(card,0,pdata,lg,0);
|
2010-05-11 14:34:39 +00:00
|
|
|
}
|
|
|
|
|
}
|
2012-04-02 22:00:56 +00:00
|
|
|
if(r<0)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
2009-10-25 20:22:11 +00:00
|
|
|
if(pdata) free(pdata);
|
2009-09-12 11:46:00 +00:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if(xp) X509_free(xp);
|
2009-10-25 20:22:11 +00:00
|
|
|
if(pdata) free(pdata);
|
2009-09-12 11:46:00 +00:00
|
|
|
|
|
|
|
|
printf("Certificate correctly written.\n");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2010-05-11 14:34:39 +00:00
|
|
|
if(finalize)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
int mode = SC_CARDCTRL_LIFECYCLE_USER;
|
|
|
|
|
|
2011-01-07 17:18:58 +00:00
|
|
|
if(card->atr.value[10] != 0x82)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
sc_format_path("0001", &path);
|
|
|
|
|
r = sc_select_file(card, &path, NULL);
|
2012-04-02 22:00:56 +00:00
|
|
|
if(r)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
printf("This card don't have private key"\
|
|
|
|
|
" and can't be finalize.\n");
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
printf("Finalize card...\n");
|
|
|
|
|
if(sc_card_ctl(card, SC_CARDCTL_WESTCOS_AUT_KEY, NULL) ||
|
|
|
|
|
sc_card_ctl(card, SC_CARDCTL_LIFECYCLE_SET, &mode))
|
|
|
|
|
{
|
|
|
|
|
printf("Error finalizing card,"\
|
|
|
|
|
" card isn't secure.\n");
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
printf("Card correctly finalized.\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(get_filename)
|
|
|
|
|
{
|
|
|
|
|
FILE *fp;
|
|
|
|
|
u8 *b;
|
|
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
if(file)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
sc_file_free(file);
|
|
|
|
|
file = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sc_format_path(get_filename, &path);
|
|
|
|
|
r = sc_select_file(card, &path, &file);
|
|
|
|
|
if(r)
|
|
|
|
|
{
|
|
|
|
|
printf("Error file not found.\n");
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
Do not cast the return value of malloc(3) and calloc(3)
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-18 15:08:51 +00:00
|
|
|
b = malloc(file->size);
|
2009-09-12 11:46:00 +00:00
|
|
|
if(b == NULL)
|
|
|
|
|
{
|
2018-04-14 17:38:34 +00:00
|
|
|
printf("Not enough memory.\n");
|
2009-09-12 11:46:00 +00:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
r = sc_read_binary(card, 0, b, file->size, 0);
|
2010-05-11 14:34:39 +00:00
|
|
|
if(r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED)
|
|
|
|
|
{
|
2012-04-02 22:00:56 +00:00
|
|
|
if(verify_pin(card, 0, pin))
|
2010-05-11 14:34:39 +00:00
|
|
|
{
|
|
|
|
|
printf("Wrong pin.\n");
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
r = sc_read_binary(card, 0, b, file->size, 0);
|
|
|
|
|
}
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2009-09-12 11:46:00 +00:00
|
|
|
if(r<0)
|
|
|
|
|
{
|
|
|
|
|
printf("Error reading file.\n");
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2012-04-02 22:00:56 +00:00
|
|
|
|
2009-09-12 11:46:00 +00:00
|
|
|
fp = fopen(get_filename, "wb");
|
|
|
|
|
fwrite(b, 1, file->size, fp);
|
|
|
|
|
fclose(fp);
|
|
|
|
|
|
|
|
|
|
free(b);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(put_filename)
|
|
|
|
|
{
|
|
|
|
|
FILE *fp;
|
|
|
|
|
u8 *b;
|
|
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
if(file)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
sc_file_free(file);
|
|
|
|
|
file = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sc_format_path(put_filename, &path);
|
|
|
|
|
r = sc_select_file(card, &path, &file);
|
|
|
|
|
if(r)
|
|
|
|
|
{
|
|
|
|
|
printf("File not found.\n");
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
Do not cast the return value of malloc(3) and calloc(3)
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-18 15:08:51 +00:00
|
|
|
b = malloc(file->size);
|
2009-09-12 11:46:00 +00:00
|
|
|
if(b == NULL)
|
|
|
|
|
{
|
2018-04-14 17:38:34 +00:00
|
|
|
printf("Not enough memory.\n");
|
2017-11-15 07:25:07 +00:00
|
|
|
goto out;
|
2009-09-12 11:46:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memset(b, 0, file->size);
|
|
|
|
|
|
|
|
|
|
fp = fopen(put_filename, "rb");
|
2017-11-15 07:25:07 +00:00
|
|
|
if (fp == NULL || file->size != fread(b, 1, file->size, fp))
|
|
|
|
|
{
|
|
|
|
|
printf("could not read %s.\n", put_filename);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2009-09-12 11:46:00 +00:00
|
|
|
fclose(fp);
|
|
|
|
|
|
|
|
|
|
r = sc_update_binary(card, 0, b, file->size, 0);
|
2010-05-11 14:34:39 +00:00
|
|
|
if(r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED)
|
|
|
|
|
{
|
|
|
|
|
if(verify_pin(card, 0, pin))
|
|
|
|
|
{
|
|
|
|
|
printf("Wrong pin.\n");
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
r = sc_update_binary(card, 0, b, file->size, 0);
|
|
|
|
|
}
|
|
|
|
|
}
|
2009-09-12 11:46:00 +00:00
|
|
|
if(r<0)
|
|
|
|
|
{
|
|
|
|
|
free(b);
|
|
|
|
|
printf("Error writing file.\n");
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
free(b);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
|
|
|
|
|
if(mem)
|
|
|
|
|
BIO_free(mem);
|
|
|
|
|
if(bn)
|
|
|
|
|
BN_free(bn);
|
|
|
|
|
if(rsa)
|
|
|
|
|
RSA_free(rsa);
|
|
|
|
|
|
|
|
|
|
if(file)
|
|
|
|
|
sc_file_free(file);
|
|
|
|
|
|
2012-04-02 22:00:56 +00:00
|
|
|
if (card)
|
2009-09-12 11:46:00 +00:00
|
|
|
{
|
|
|
|
|
sc_unlock(card);
|
2010-01-24 15:29:47 +00:00
|
|
|
sc_disconnect_card(card);
|
2009-09-12 11:46:00 +00:00
|
|
|
}
|
|
|
|
|
|
2015-01-22 19:29:33 +00:00
|
|
|
sc_release_context(ctx);
|
2009-09-12 11:46:00 +00:00
|
|
|
|
2009-10-25 20:22:11 +00:00
|
|
|
return EXIT_SUCCESS;
|
2009-09-12 11:46:00 +00:00
|
|
|
}
|
|
|
|
|
|
