2003-10-30 17:04:22 +00:00
|
|
|
/*
|
2005-02-04 20:29:35 +00:00
|
|
|
* card-openpgp.c: Support for OpenPGP card
|
2003-10-30 17:04:22 +00:00
|
|
|
*
|
|
|
|
|
* Copyright (C) 2003 Olaf Kirch <okir@suse.de>
|
|
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
*/
|
|
|
|
|
|
2011-01-09 10:17:16 +00:00
|
|
|
/*
|
|
|
|
|
* Specifications:
|
|
|
|
|
* http://www.g10code.de/docs/openpgp-card-1.1.pdf
|
|
|
|
|
* http://www.g10code.de/docs/openpgp-card-2.0.pdf
|
|
|
|
|
*/
|
|
|
|
|
|
2010-03-04 08:14:36 +00:00
|
|
|
#include "config.h"
|
|
|
|
|
|
2003-10-30 17:04:22 +00:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <ctype.h>
|
|
|
|
|
|
2010-03-04 08:14:36 +00:00
|
|
|
#include "internal.h"
|
|
|
|
|
#include "asn1.h"
|
|
|
|
|
#include "cardctl.h"
|
2011-05-23 17:31:24 +00:00
|
|
|
#include "errors.h"
|
2010-03-04 08:14:36 +00:00
|
|
|
|
2005-02-06 19:40:40 +00:00
|
|
|
static struct sc_atr_table pgp_atrs[] = {
|
2011-01-09 10:17:16 +00:00
|
|
|
{ "3b:fa:13:00:ff:81:31:80:45:00:31:c1:73:c0:01:00:00:90:00:b1", NULL, "OpenPGP card v1.0/1.1", SC_CARD_TYPE_OPENPGP_V1, 0, NULL },
|
|
|
|
|
{ "3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c", NULL, "CryptoStick v1.2 (OpenPGP v2.0)", SC_CARD_TYPE_OPENPGP_V2, 0, NULL },
|
2005-09-07 08:33:55 +00:00
|
|
|
{ NULL, NULL, NULL, 0, 0, NULL }
|
2003-10-30 17:04:22 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static struct sc_card_operations *iso_ops;
|
|
|
|
|
static struct sc_card_operations pgp_ops;
|
|
|
|
|
static struct sc_card_driver pgp_drv = {
|
2005-02-23 10:39:33 +00:00
|
|
|
"OpenPGP card",
|
2003-10-30 17:04:22 +00:00
|
|
|
"openpgp",
|
2005-09-07 08:33:55 +00:00
|
|
|
&pgp_ops,
|
|
|
|
|
NULL, 0, NULL
|
2003-10-30 17:04:22 +00:00
|
|
|
};
|
|
|
|
|
|
2003-10-31 16:01:00 +00:00
|
|
|
/*
|
|
|
|
|
* The OpenPGP card doesn't have a file system, instead everything
|
|
|
|
|
* is stored in data objects that are accessed through GET/PUT.
|
|
|
|
|
*
|
|
|
|
|
* However, much inside OpenSC's pkcs15 implementation is based on
|
|
|
|
|
* the assumption that we have a file system. So we fake one here.
|
|
|
|
|
*
|
|
|
|
|
* Selecting the MF causes us to select the OpenPGP AID.
|
|
|
|
|
*
|
|
|
|
|
* Everything else is mapped to "file" IDs.
|
|
|
|
|
*/
|
2011-05-23 17:32:49 +00:00
|
|
|
|
2011-05-23 17:32:54 +00:00
|
|
|
enum _type { /* DO type */
|
|
|
|
|
SIMPLE = SC_FILE_TYPE_WORKING_EF,
|
|
|
|
|
CONSTRUCTED = SC_FILE_TYPE_DF
|
|
|
|
|
};
|
|
|
|
|
|
2011-05-23 17:32:49 +00:00
|
|
|
enum _version { /* 2-byte BCD-alike encoded version number */
|
|
|
|
|
OPENPGP_CARD_1_0 = 0x0100,
|
|
|
|
|
OPENPGP_CARD_1_1 = 0x0101,
|
|
|
|
|
OPENPGP_CARD_2_0 = 0x0200
|
|
|
|
|
};
|
|
|
|
|
|
2011-05-23 17:32:54 +00:00
|
|
|
enum _access { /* access flags for the respective DO/file */
|
|
|
|
|
READ_NEVER = 0x0010,
|
|
|
|
|
READ_PIN1 = 0x0011,
|
|
|
|
|
READ_PIN2 = 0x0012,
|
|
|
|
|
READ_PIN3 = 0x0014,
|
|
|
|
|
READ_ALWAYS = 0x0018,
|
|
|
|
|
READ_MASK = 0x00FF,
|
|
|
|
|
WRITE_NEVER = 0x1000,
|
|
|
|
|
WRITE_PIN1 = 0x1100,
|
|
|
|
|
WRITE_PIN2 = 0x1200,
|
|
|
|
|
WRITE_PIN3 = 0x1400,
|
|
|
|
|
WRITE_ALWAYS = 0x1800,
|
|
|
|
|
WRITE_MASK = 0x1F00
|
|
|
|
|
};
|
|
|
|
|
|
2003-10-31 16:01:00 +00:00
|
|
|
struct blob {
|
2011-05-23 17:31:18 +00:00
|
|
|
struct blob * next; /* pointer to next sibling */
|
|
|
|
|
struct blob * parent; /* pointer to parent */
|
2003-11-20 15:41:28 +00:00
|
|
|
struct do_info *info;
|
|
|
|
|
|
2003-10-31 16:01:00 +00:00
|
|
|
sc_file_t * file;
|
|
|
|
|
unsigned int id;
|
2003-11-20 15:41:28 +00:00
|
|
|
int status;
|
|
|
|
|
|
2003-10-31 16:01:00 +00:00
|
|
|
unsigned char * data;
|
|
|
|
|
unsigned int len;
|
2011-05-23 17:31:18 +00:00
|
|
|
struct blob * files; /* pointer to 1st child */
|
2003-10-31 16:01:00 +00:00
|
|
|
};
|
|
|
|
|
|
2003-11-20 15:41:28 +00:00
|
|
|
struct do_info {
|
2011-05-23 17:32:54 +00:00
|
|
|
unsigned int id; /* ID of the DO in question */
|
|
|
|
|
|
|
|
|
|
enum _type type; /* constructed DO or not */
|
|
|
|
|
enum _access access; /* R/W acces levels for the DO */
|
|
|
|
|
|
|
|
|
|
/* function to get the DO from the card:
|
|
|
|
|
* only != NULL is DO if readable and not only a part of a constructed DO */
|
2003-10-31 16:01:00 +00:00
|
|
|
int (*get_fn)(sc_card_t *, unsigned int, u8 *, size_t);
|
2011-05-23 17:32:54 +00:00
|
|
|
/* function to write the DO to the card:
|
|
|
|
|
* only != NULL if DO is writeable under some conditions */
|
2003-10-31 16:01:00 +00:00
|
|
|
int (*put_fn)(sc_card_t *, unsigned int, const u8 *, size_t);
|
2003-11-20 15:41:28 +00:00
|
|
|
};
|
|
|
|
|
|
2011-05-23 17:33:04 +00:00
|
|
|
static int pgp_get_card_features(sc_card_t *card);
|
2011-05-23 17:31:31 +00:00
|
|
|
static int pgp_finish(sc_card_t *card);
|
2011-05-23 17:30:56 +00:00
|
|
|
static void pgp_iterate_blobs(struct blob *, int, void (*func)());
|
|
|
|
|
|
2011-05-23 17:33:04 +00:00
|
|
|
static int pgp_get_blob(sc_card_t *card, struct blob *blob,
|
|
|
|
|
unsigned int id, struct blob **ret);
|
2011-05-31 19:00:42 +00:00
|
|
|
static struct blob * pgp_new_blob(sc_card_t *, struct blob *, unsigned int, sc_file_t *);
|
2011-05-23 17:30:56 +00:00
|
|
|
static void pgp_free_blob(struct blob *);
|
2003-11-20 15:41:28 +00:00
|
|
|
static int pgp_get_pubkey(sc_card_t *, unsigned int,
|
|
|
|
|
u8 *, size_t);
|
|
|
|
|
static int pgp_get_pubkey_pem(sc_card_t *, unsigned int,
|
|
|
|
|
u8 *, size_t);
|
|
|
|
|
|
2011-05-23 17:32:54 +00:00
|
|
|
static struct do_info pgp1_objects[] = { /* OpenPGP card spec 1.1 */
|
|
|
|
|
{ 0x004f, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0x005b, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x005e, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
|
|
|
|
|
{ 0x0065, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, sc_get_data, NULL },
|
|
|
|
|
{ 0x006e, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, sc_get_data, NULL },
|
|
|
|
|
{ 0x0073, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0x007a, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, sc_get_data, NULL },
|
|
|
|
|
{ 0x0081, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0x0082, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0x0093, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0x00c0, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0x00c1, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0x00c2, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0x00c3, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0x00c4, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00c5, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00c6, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00c7, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00c8, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00c9, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00ca, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00cb, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00cc, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00cd, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00ce, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00cf, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00d0, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00e0, CONSTRUCTED, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00e1, CONSTRUCTED, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00e2, CONSTRUCTED, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x0101, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
|
|
|
|
|
{ 0x0102, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
|
|
|
|
|
{ 0x0103, SIMPLE, READ_PIN1 | WRITE_PIN1, sc_get_data, sc_put_data },
|
|
|
|
|
{ 0x0104, SIMPLE, READ_PIN3 | WRITE_PIN3, sc_get_data, sc_put_data },
|
2011-06-01 11:33:23 +00:00
|
|
|
{ 0x3f00, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
2011-05-23 17:32:54 +00:00
|
|
|
{ 0x5f2d, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x5f35, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x5f50, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
|
|
|
|
|
{ 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
|
|
|
|
|
{ 0xa401, SIMPLE, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey_pem, NULL },
|
|
|
|
|
{ 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
|
|
|
|
|
{ 0xb601, SIMPLE, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey_pem, NULL },
|
|
|
|
|
{ 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
|
|
|
|
|
{ 0xb801, SIMPLE, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey_pem, NULL },
|
|
|
|
|
{ 0, 0, 0, NULL, NULL },
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static struct do_info pgp2_objects[] = { /* OpenPGP card spec 2.0 */
|
|
|
|
|
{ 0x004d, CONSTRUCTED, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x004f, SIMPLE, READ_ALWAYS | WRITE_NEVER, sc_get_data, NULL },
|
|
|
|
|
{ 0x005b, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x005e, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
|
|
|
|
|
{ 0x0065, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, sc_get_data, NULL },
|
|
|
|
|
{ 0x006e, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, sc_get_data, NULL },
|
|
|
|
|
{ 0x0073, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0x007a, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, sc_get_data, NULL },
|
|
|
|
|
{ 0x0081, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0x0082, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0x0093, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0x00c0, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0x00c1, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00c2, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00c3, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00c4, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
|
|
|
|
|
{ 0x00c5, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00c6, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00c7, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00c8, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00c9, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00ca, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00cb, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00cc, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00cd, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00ce, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00cf, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00d0, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00d1, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00d2, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00d3, SIMPLE, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x00f4, CONSTRUCTED, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x0101, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
|
|
|
|
|
{ 0x0102, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
|
|
|
|
|
{ 0x0103, SIMPLE, READ_PIN1 | WRITE_PIN1, sc_get_data, sc_put_data },
|
|
|
|
|
{ 0x0104, SIMPLE, READ_PIN3 | WRITE_PIN3, sc_get_data, sc_put_data },
|
2011-06-01 11:33:23 +00:00
|
|
|
{ 0x3f00, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
2011-05-23 17:32:54 +00:00
|
|
|
{ 0x5f2d, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x5f35, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x5f48, CONSTRUCTED, READ_NEVER | WRITE_PIN3, NULL, sc_put_data },
|
|
|
|
|
{ 0x5f50, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
|
|
|
|
|
{ 0x5f52, SIMPLE, READ_ALWAYS | WRITE_NEVER, sc_get_data, NULL },
|
|
|
|
|
{ 0x7f21, CONSTRUCTED, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
|
|
|
|
|
{ 0x7f48, CONSTRUCTED, READ_NEVER | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
|
|
|
|
|
{ 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
|
|
|
|
|
{ 0xa401, SIMPLE, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey_pem, NULL },
|
|
|
|
|
{ 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
|
|
|
|
|
{ 0xb601, SIMPLE, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey_pem, NULL },
|
|
|
|
|
{ 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
|
|
|
|
|
{ 0xb801, SIMPLE, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey_pem, NULL },
|
|
|
|
|
{ 0, 0, 0, NULL, NULL },
|
2003-10-31 16:01:00 +00:00
|
|
|
};
|
|
|
|
|
|
2003-10-30 17:04:22 +00:00
|
|
|
#define DRVDATA(card) ((struct pgp_priv_data *) ((card)->drv_data))
|
|
|
|
|
struct pgp_priv_data {
|
2011-05-23 17:30:56 +00:00
|
|
|
struct blob * mf;
|
2011-05-23 17:32:36 +00:00
|
|
|
struct blob * current; /* currently selected file */
|
2003-11-20 15:41:28 +00:00
|
|
|
|
2011-05-23 17:32:49 +00:00
|
|
|
enum _version bcd_version;
|
2011-05-23 17:32:54 +00:00
|
|
|
struct do_info *pgp_objects;
|
2011-05-23 17:32:49 +00:00
|
|
|
|
2003-11-20 15:41:28 +00:00
|
|
|
sc_security_env_t sec_env;
|
2003-10-30 17:04:22 +00:00
|
|
|
};
|
|
|
|
|
|
2003-11-20 15:41:28 +00:00
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
/* ABI: check if card's ATR matches one of driver's */
|
2003-10-30 17:04:22 +00:00
|
|
|
static int
|
|
|
|
|
pgp_match_card(sc_card_t *card)
|
|
|
|
|
{
|
2005-02-04 20:29:35 +00:00
|
|
|
int i;
|
2003-10-30 17:04:22 +00:00
|
|
|
|
2005-02-10 10:07:13 +00:00
|
|
|
i = _sc_match_atr(card, pgp_atrs, &card->type);
|
2011-01-09 10:17:16 +00:00
|
|
|
if (i >= 0) {
|
|
|
|
|
card->name = pgp_atrs[i].name;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
2003-10-30 17:04:22 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* ABI: initialize driver */
|
2003-10-30 17:04:22 +00:00
|
|
|
static int
|
|
|
|
|
pgp_init(sc_card_t *card)
|
|
|
|
|
{
|
|
|
|
|
struct pgp_priv_data *priv;
|
2003-10-31 16:01:00 +00:00
|
|
|
sc_path_t aid;
|
|
|
|
|
sc_file_t *file = NULL;
|
2003-11-20 15:41:28 +00:00
|
|
|
struct do_info *info;
|
2003-10-31 16:01:00 +00:00
|
|
|
int r;
|
2011-05-27 08:49:43 +00:00
|
|
|
struct blob *child = NULL;
|
2003-10-30 17:04:22 +00:00
|
|
|
|
Do not cast the return value of malloc(3) and calloc(3)
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-18 15:08:51 +00:00
|
|
|
priv = calloc (1, sizeof *priv);
|
2003-10-30 17:04:22 +00:00
|
|
|
if (!priv)
|
|
|
|
|
return SC_ERROR_OUT_OF_MEMORY;
|
2011-05-23 17:32:31 +00:00
|
|
|
card->drv_data = priv;
|
|
|
|
|
|
2011-05-23 17:30:56 +00:00
|
|
|
priv->mf = calloc(1, sizeof(struct blob));
|
|
|
|
|
if (!priv->mf) {
|
2011-05-23 17:32:31 +00:00
|
|
|
pgp_finish(card);
|
2011-05-23 17:30:56 +00:00
|
|
|
return SC_ERROR_OUT_OF_MEMORY;
|
|
|
|
|
}
|
|
|
|
|
|
2003-10-30 17:04:22 +00:00
|
|
|
card->cla = 0x00;
|
|
|
|
|
|
2011-05-23 17:32:54 +00:00
|
|
|
/* set pointer to correct list of card objects */
|
|
|
|
|
priv->pgp_objects = (card->type == SC_CARD_TYPE_OPENPGP_V2)
|
|
|
|
|
? pgp2_objects : pgp1_objects;
|
|
|
|
|
|
2011-05-23 17:32:49 +00:00
|
|
|
/* set detailed card version */
|
|
|
|
|
priv->bcd_version = (card->type == SC_CARD_TYPE_OPENPGP_V2)
|
|
|
|
|
? OPENPGP_CARD_2_0 : OPENPGP_CARD_1_1;
|
|
|
|
|
|
2011-05-23 17:31:18 +00:00
|
|
|
/* select application "OpenPGP" */
|
2003-10-31 16:01:00 +00:00
|
|
|
sc_format_path("D276:0001:2401", &aid);
|
|
|
|
|
aid.type = SC_PATH_TYPE_DF_NAME;
|
2011-05-23 17:31:55 +00:00
|
|
|
if ((r = iso_ops->select_file(card, &aid, &file)) < 0) {
|
2011-05-23 17:32:31 +00:00
|
|
|
pgp_finish(card);
|
2003-10-31 16:01:00 +00:00
|
|
|
return r;
|
2011-05-23 17:31:55 +00:00
|
|
|
}
|
2003-10-31 16:01:00 +00:00
|
|
|
|
2011-05-23 17:32:49 +00:00
|
|
|
/* read information from AID */
|
2011-05-23 17:32:00 +00:00
|
|
|
if (file && file->namelen == 16) {
|
|
|
|
|
/* OpenPGP card spec 1.1 & 2.0, section 4.2.1 & 4.1.2.1 */
|
2011-05-23 17:32:49 +00:00
|
|
|
priv->bcd_version = bebytes2ushort(file->name + 6);
|
|
|
|
|
/* kludge: get card's serial number from manufacturer ID + serial number */
|
2011-05-23 17:32:00 +00:00
|
|
|
memcpy(card->serialnr.value, file->name + 8, 6);
|
|
|
|
|
card->serialnr.len = 6;
|
|
|
|
|
}
|
|
|
|
|
|
2003-10-31 16:01:00 +00:00
|
|
|
sc_format_path("3f00", &file->path);
|
|
|
|
|
file->type = SC_FILE_TYPE_DF;
|
|
|
|
|
file->id = 0x3f00;
|
|
|
|
|
|
2011-05-23 17:30:56 +00:00
|
|
|
priv->mf->file = file;
|
|
|
|
|
priv->mf->id = 0x3F00;
|
2003-10-31 16:01:00 +00:00
|
|
|
|
2011-05-23 17:32:36 +00:00
|
|
|
/* select MF */
|
2011-05-23 17:30:56 +00:00
|
|
|
priv->current = priv->mf;
|
2003-11-20 15:41:28 +00:00
|
|
|
|
2011-05-23 17:32:54 +00:00
|
|
|
/* Populate MF - add matching blobs listed in the pgp_objects table. */
|
|
|
|
|
for (info = priv->pgp_objects; (info != NULL) && (info->id > 0); info++) {
|
|
|
|
|
if (((info->access & READ_MASK) == READ_ALWAYS) &&
|
|
|
|
|
(info->get_fn != NULL)) {
|
2011-05-31 19:00:42 +00:00
|
|
|
child = pgp_new_blob(card, priv->mf, info->id, sc_file_new());
|
|
|
|
|
|
2011-05-23 17:32:54 +00:00
|
|
|
/* catch out of memory condition */
|
2011-06-01 11:41:25 +00:00
|
|
|
if (child == NULL) {
|
|
|
|
|
pgp_finish(card);
|
|
|
|
|
return SC_ERROR_OUT_OF_MEMORY;
|
|
|
|
|
}
|
2011-05-23 17:32:54 +00:00
|
|
|
}
|
2003-11-20 15:41:28 +00:00
|
|
|
}
|
2011-05-23 17:31:31 +00:00
|
|
|
|
2011-05-23 17:33:04 +00:00
|
|
|
/* get card_features from ATR & DOs */
|
|
|
|
|
pgp_get_card_features(card);
|
|
|
|
|
|
|
|
|
|
return SC_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:31:39 +00:00
|
|
|
|
2011-05-23 17:33:04 +00:00
|
|
|
/* internal: get features of the card: capabilitis, ... */
|
|
|
|
|
static int
|
|
|
|
|
pgp_get_card_features(sc_card_t *card)
|
|
|
|
|
{
|
|
|
|
|
struct pgp_priv_data *priv = DRVDATA (card);
|
|
|
|
|
unsigned char *hist_bytes = card->atr.value;
|
|
|
|
|
size_t atr_len = card->atr.len;
|
|
|
|
|
size_t i = 0;
|
|
|
|
|
struct blob *blob, *blob6e, *blob73;
|
|
|
|
|
|
|
|
|
|
/* get SC_CARD_CAP_APDU_EXT capability */
|
|
|
|
|
while ((i < atr_len) && (hist_bytes[i] != 0x73))
|
|
|
|
|
i++;
|
|
|
|
|
if ((hist_bytes[i] == 0x73) && (atr_len > i+3)) {
|
2011-05-23 17:31:39 +00:00
|
|
|
/* bit 0x40 in byte 3 of TL 0x73 means "extended Le/Lc" */
|
2011-05-23 17:33:04 +00:00
|
|
|
if (hist_bytes[i+3] & 0x40)
|
2011-05-23 17:31:39 +00:00
|
|
|
card->caps |= SC_CARD_CAP_APDU_EXT;
|
|
|
|
|
}
|
2011-05-23 17:33:04 +00:00
|
|
|
else if (priv->bcd_version >= OPENPGP_CARD_2_0) {
|
|
|
|
|
/* get card capabilities from "historical bytes" DO */
|
|
|
|
|
if ((pgp_get_blob(card, priv->mf, 0x5f52, &blob) >= 0) &&
|
|
|
|
|
(blob->data != NULL) && (blob->data[0] == 0x00)) {
|
|
|
|
|
while ((i < blob->len) && (blob->data[i] != 0x73))
|
|
|
|
|
i++;
|
|
|
|
|
/* bit 0x40 in byte 3 of TL 0x73 means "extended Le/Lc" */
|
|
|
|
|
if ((blob->data[i] == 0x73) && (blob->len > i+3) &&
|
|
|
|
|
(blob->data[i+3] & 0x40))
|
|
|
|
|
card->caps |= SC_CARD_CAP_APDU_EXT;
|
|
|
|
|
}
|
|
|
|
|
}
|
2011-05-23 17:31:39 +00:00
|
|
|
|
2011-05-23 17:33:15 +00:00
|
|
|
if ((pgp_get_blob(card, priv->mf, 0x006e, &blob6e) >= 0) &&
|
|
|
|
|
(pgp_get_blob(card, blob6e, 0x0073, &blob73) >= 0)) {
|
|
|
|
|
|
|
|
|
|
/* get "extended capabilities" DO */
|
|
|
|
|
if ((pgp_get_blob(card, blob73, 0x00c0, &blob) >= 0) &&
|
|
|
|
|
(blob->data != NULL) && (blob->len > 0)) {
|
|
|
|
|
/* bit 0x40 if first byte means "support for get challenge" */
|
|
|
|
|
if (blob->data[0] & 0x40)
|
|
|
|
|
card->caps |= SC_CARD_CAP_RNG;
|
|
|
|
|
|
|
|
|
|
if ((priv->bcd_version >= OPENPGP_CARD_2_0) && (blob->len >= 10)) {
|
|
|
|
|
/* max. send/receive sizes are at bytes 7-8 resp. 9-10 */
|
|
|
|
|
card->max_send_size = bebytes2ushort(blob->data + 6);
|
|
|
|
|
card->max_recv_size = bebytes2ushort(blob->data + 8);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* get max. PIN length from "CHV status bytes" DO */
|
|
|
|
|
if ((pgp_get_blob(card, blob73, 0x00c4, &blob) >= 0) &&
|
|
|
|
|
(blob->data != NULL) && (blob->len > 1)) {
|
|
|
|
|
/* 2nd byte in "CHV status bytes" DO means "max. PIN length" */
|
|
|
|
|
card->max_pin_len = blob->data[1];
|
|
|
|
|
}
|
2011-05-23 17:33:27 +00:00
|
|
|
|
|
|
|
|
/* get supported algorithms & key lengths from "algorithm attributes" DOs */
|
2011-05-31 12:16:21 +00:00
|
|
|
for (i = 0x00c1; i <= 0x00c3; i++) {
|
2011-05-23 17:33:27 +00:00
|
|
|
unsigned long flags;
|
|
|
|
|
|
|
|
|
|
/* Is this correct? */
|
|
|
|
|
/* OpenPGP card spec 1.1 & 2.0, section 2.1 */
|
|
|
|
|
flags = SC_ALGORITHM_RSA_RAW;
|
|
|
|
|
/* OpenPGP card spec 1.1 & 2.0, section 7.2.9 & 7.2.10 */
|
|
|
|
|
flags |= SC_ALGORITHM_RSA_PAD_PKCS1;
|
|
|
|
|
flags |= SC_ALGORITHM_RSA_HASH_NONE;
|
|
|
|
|
|
|
|
|
|
if ((pgp_get_blob(card, blob73, i, &blob) >= 0) &&
|
|
|
|
|
(blob->data != NULL) && (blob->len >= 4)) {
|
|
|
|
|
if (blob->data[0] == 0x01) { /* Algorithm ID [RFC4880]: RSA */
|
|
|
|
|
unsigned int keylen = bebytes2ushort(blob->data + 1);
|
|
|
|
|
|
|
|
|
|
_sc_card_add_rsa_alg(card, keylen, flags, 0);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2011-05-23 17:33:15 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:31:24 +00:00
|
|
|
return SC_SUCCESS;
|
2003-10-30 17:04:22 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* ABI: terminate driver */
|
2003-10-30 17:04:22 +00:00
|
|
|
static int
|
|
|
|
|
pgp_finish(sc_card_t *card)
|
|
|
|
|
{
|
2011-05-23 17:32:26 +00:00
|
|
|
if (card != NULL) {
|
|
|
|
|
struct pgp_priv_data *priv = DRVDATA (card);
|
2003-10-30 17:04:22 +00:00
|
|
|
|
2011-05-23 17:32:26 +00:00
|
|
|
if (priv != NULL) {
|
|
|
|
|
/* delete fake file hierarchy */
|
|
|
|
|
pgp_iterate_blobs(priv->mf, 99, pgp_free_blob);
|
2003-10-31 16:01:00 +00:00
|
|
|
|
2011-05-23 17:32:26 +00:00
|
|
|
/* delete private data */
|
|
|
|
|
free(priv);
|
|
|
|
|
}
|
|
|
|
|
card->drv_data = NULL;
|
|
|
|
|
}
|
2011-05-23 17:31:24 +00:00
|
|
|
return SC_SUCCESS;
|
2003-10-30 17:04:22 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* internal: fill a blob's data */
|
2003-11-20 15:41:28 +00:00
|
|
|
static int
|
|
|
|
|
pgp_set_blob(struct blob *blob, const u8 *data, size_t len)
|
|
|
|
|
{
|
|
|
|
|
if (blob->data)
|
|
|
|
|
free(blob->data);
|
2011-05-23 17:31:09 +00:00
|
|
|
blob->data = NULL;
|
|
|
|
|
blob->len = 0;
|
2003-11-20 15:41:28 +00:00
|
|
|
blob->status = 0;
|
|
|
|
|
|
2011-05-23 17:31:09 +00:00
|
|
|
if (len > 0) {
|
|
|
|
|
void *tmp = malloc(len);
|
|
|
|
|
|
|
|
|
|
if (tmp == NULL)
|
|
|
|
|
return SC_ERROR_OUT_OF_MEMORY;
|
|
|
|
|
|
|
|
|
|
blob->data = tmp;
|
|
|
|
|
blob->len = len;
|
|
|
|
|
memcpy(blob->data, data, len);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (blob->file)
|
|
|
|
|
blob->file->size = len;
|
|
|
|
|
|
2011-05-23 17:31:24 +00:00
|
|
|
return SC_SUCCESS;
|
2003-11-20 15:41:28 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* internal: append a blob to the list of children of a given parent blob */
|
2003-10-31 16:01:00 +00:00
|
|
|
static struct blob *
|
2011-05-31 19:00:42 +00:00
|
|
|
pgp_new_blob(sc_card_t *card, struct blob *parent, unsigned int file_id,
|
|
|
|
|
sc_file_t *file)
|
2003-10-31 16:01:00 +00:00
|
|
|
{
|
2011-05-31 19:00:42 +00:00
|
|
|
struct blob *blob = NULL;
|
|
|
|
|
|
|
|
|
|
if (file == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
if ((blob = calloc(1, sizeof(struct blob))) != NULL) {
|
|
|
|
|
struct pgp_priv_data *priv = DRVDATA (card);
|
|
|
|
|
struct do_info *info;
|
|
|
|
|
|
|
|
|
|
blob->file = file;
|
|
|
|
|
|
|
|
|
|
blob->file->type = SC_FILE_TYPE_WORKING_EF; /* default */
|
|
|
|
|
blob->file->ef_structure = SC_FILE_EF_TRANSPARENT;
|
|
|
|
|
blob->file->id = file_id;
|
2003-10-31 16:01:00 +00:00
|
|
|
|
2011-05-23 17:31:31 +00:00
|
|
|
blob->id = file_id;
|
2011-05-31 19:00:42 +00:00
|
|
|
blob->parent = parent;
|
|
|
|
|
|
|
|
|
|
if (parent != NULL) {
|
|
|
|
|
struct blob **p;
|
|
|
|
|
|
|
|
|
|
/* set file's path = parent's path + file's id */
|
|
|
|
|
blob->file->path = parent->file->path;
|
|
|
|
|
sc_append_file_id(&blob->file->path, file_id);
|
2003-10-31 16:01:00 +00:00
|
|
|
|
2011-05-31 19:00:42 +00:00
|
|
|
/* append blob to list of parent's children */
|
|
|
|
|
for (p = &parent->files; *p != NULL; p = &(*p)->next)
|
|
|
|
|
;
|
|
|
|
|
*p = blob;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
u8 id_str[2];
|
|
|
|
|
|
|
|
|
|
/* no parent: set file's path = file's id */
|
|
|
|
|
sc_format_path(ushort2bebytes(id_str, file_id), &blob->file->path);
|
|
|
|
|
}
|
2003-10-31 16:01:00 +00:00
|
|
|
|
2011-05-31 19:00:42 +00:00
|
|
|
/* find matching DO info: set file type depending on it */
|
|
|
|
|
for (info = priv->pgp_objects; (info != NULL) && (info->id > 0); info++) {
|
|
|
|
|
if (info->id == file_id) {
|
|
|
|
|
blob->info = info;
|
|
|
|
|
blob->file->type = blob->info->type;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2011-05-23 17:31:31 +00:00
|
|
|
}
|
2003-10-31 16:01:00 +00:00
|
|
|
|
|
|
|
|
return blob;
|
|
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* internal: free a blob including its content */
|
2011-05-23 17:30:56 +00:00
|
|
|
static void
|
|
|
|
|
pgp_free_blob(struct blob *blob)
|
|
|
|
|
{
|
|
|
|
|
if (blob) {
|
|
|
|
|
if (blob->file)
|
|
|
|
|
sc_file_free(blob->file);
|
|
|
|
|
if (blob->data)
|
|
|
|
|
free(blob->data);
|
|
|
|
|
free(blob);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
/* internal: iterate through the blob tree, calling a function for each blob */
|
2011-05-23 17:30:56 +00:00
|
|
|
static void
|
|
|
|
|
pgp_iterate_blobs(struct blob *blob, int level, void (*func)())
|
|
|
|
|
{
|
|
|
|
|
if (blob) {
|
|
|
|
|
if (level > 0) {
|
|
|
|
|
struct blob *child = blob->files;
|
|
|
|
|
|
|
|
|
|
while (child != NULL) {
|
|
|
|
|
struct blob *next = child->next;
|
|
|
|
|
|
|
|
|
|
pgp_iterate_blobs(child, level-1, func);
|
|
|
|
|
child = next;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
func(blob);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* internal: read a blob's contents from card */
|
2003-11-20 15:41:28 +00:00
|
|
|
static int
|
|
|
|
|
pgp_read_blob(sc_card_t *card, struct blob *blob)
|
|
|
|
|
{
|
|
|
|
|
if (blob->data != NULL)
|
2011-05-23 17:31:24 +00:00
|
|
|
return SC_SUCCESS;
|
2003-11-20 15:41:28 +00:00
|
|
|
if (blob->info == NULL)
|
|
|
|
|
return blob->status;
|
|
|
|
|
|
2011-05-23 17:32:59 +00:00
|
|
|
if (blob->info->get_fn) { /* readable, top-level DO */
|
|
|
|
|
u8 buffer[2048];
|
|
|
|
|
size_t buf_len = (card->caps & SC_CARD_CAP_APDU_EXT)
|
|
|
|
|
? sizeof(buffer) : 256;
|
|
|
|
|
int r = blob->info->get_fn(card, blob->id, buffer, buf_len);
|
2003-11-20 15:41:28 +00:00
|
|
|
|
2011-05-23 17:32:59 +00:00
|
|
|
if (r < 0) { /* an error occurred */
|
|
|
|
|
blob->status = r;
|
|
|
|
|
return r;
|
|
|
|
|
}
|
2003-11-20 15:41:28 +00:00
|
|
|
|
2011-05-23 17:32:59 +00:00
|
|
|
return pgp_set_blob(blob, buffer, r);
|
|
|
|
|
}
|
|
|
|
|
else { /* un-readable DO or part of a constrcuted DO */
|
|
|
|
|
return SC_SUCCESS;
|
|
|
|
|
}
|
2003-11-20 15:41:28 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
2003-10-30 17:04:22 +00:00
|
|
|
/*
|
2011-05-23 17:32:10 +00:00
|
|
|
* internal: Enumerate contents of a data blob.
|
2011-05-23 17:30:49 +00:00
|
|
|
* The OpenPGP card has a TLV encoding according ASN.1 BER-encoding rules.
|
2003-10-30 17:04:22 +00:00
|
|
|
*/
|
2003-10-31 16:01:00 +00:00
|
|
|
static int
|
|
|
|
|
pgp_enumerate_blob(sc_card_t *card, struct blob *blob)
|
|
|
|
|
{
|
2011-05-23 17:30:49 +00:00
|
|
|
const u8 *in;
|
2003-11-20 15:41:28 +00:00
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
if (blob->files != NULL)
|
2011-05-23 17:31:24 +00:00
|
|
|
return SC_SUCCESS;
|
2003-11-20 15:41:28 +00:00
|
|
|
|
|
|
|
|
if ((r = pgp_read_blob(card, blob)) < 0)
|
|
|
|
|
return r;
|
2003-10-31 16:01:00 +00:00
|
|
|
|
|
|
|
|
in = blob->data;
|
|
|
|
|
|
2011-05-27 08:49:43 +00:00
|
|
|
while ((int) blob->len > (in - blob->data)) {
|
2011-05-23 17:30:49 +00:00
|
|
|
unsigned int cla, tag, tmptag;
|
|
|
|
|
size_t len;
|
|
|
|
|
const u8 *data = in;
|
|
|
|
|
struct blob *new;
|
|
|
|
|
|
|
|
|
|
r = sc_asn1_read_tag(&data, blob->len - (in - blob->data),
|
|
|
|
|
&cla, &tag, &len);
|
|
|
|
|
if (r < 0) {
|
|
|
|
|
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
|
|
|
|
|
"Unexpected end of contents\n");
|
|
|
|
|
return SC_ERROR_OBJECT_NOT_VALID;
|
|
|
|
|
}
|
2003-10-31 16:01:00 +00:00
|
|
|
|
2011-05-23 17:30:49 +00:00
|
|
|
/* undo ASN1's split of tag & class */
|
|
|
|
|
for (tmptag = tag; tmptag > 0x0FF; tmptag >>= 8) {
|
|
|
|
|
cla <<= 8;
|
2003-10-31 16:01:00 +00:00
|
|
|
}
|
2011-05-23 17:30:49 +00:00
|
|
|
tag |= cla;
|
2003-10-31 16:01:00 +00:00
|
|
|
|
2011-05-31 19:00:42 +00:00
|
|
|
/* create fake file system hierarchy by
|
|
|
|
|
* using constructed DOs as DF */
|
|
|
|
|
if ((new = pgp_new_blob(card, blob, tag, sc_file_new())) == NULL)
|
2011-05-23 17:30:49 +00:00
|
|
|
return SC_ERROR_OUT_OF_MEMORY;
|
|
|
|
|
pgp_set_blob(new, data, len);
|
|
|
|
|
in = data + len;
|
2003-10-31 16:01:00 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:31:24 +00:00
|
|
|
return SC_SUCCESS;
|
2003-10-31 16:01:00 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* internal: find a blob by ID below a given parent, filling its contents when necessary */
|
2003-10-31 16:01:00 +00:00
|
|
|
static int
|
|
|
|
|
pgp_get_blob(sc_card_t *card, struct blob *blob, unsigned int id,
|
|
|
|
|
struct blob **ret)
|
|
|
|
|
{
|
|
|
|
|
struct blob *child;
|
|
|
|
|
int r;
|
|
|
|
|
|
2003-11-20 15:41:28 +00:00
|
|
|
if ((r = pgp_enumerate_blob(card, blob)) < 0)
|
|
|
|
|
return r;
|
2003-10-31 16:01:00 +00:00
|
|
|
|
2003-11-20 15:41:28 +00:00
|
|
|
for (child = blob->files; child; child = child->next) {
|
2011-05-23 17:33:33 +00:00
|
|
|
if (child->id == id) {
|
|
|
|
|
(void) pgp_read_blob(card, child);
|
|
|
|
|
*ret = child;
|
|
|
|
|
return SC_SUCCESS;
|
|
|
|
|
}
|
2003-10-31 16:01:00 +00:00
|
|
|
}
|
|
|
|
|
|
2003-11-20 15:41:28 +00:00
|
|
|
return SC_ERROR_FILE_NOT_FOUND;
|
2003-10-31 16:01:00 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* ABI: SELECT FILE */
|
2003-10-31 16:01:00 +00:00
|
|
|
static int
|
|
|
|
|
pgp_select_file(sc_card_t *card, const sc_path_t *path, sc_file_t **ret)
|
|
|
|
|
{
|
|
|
|
|
struct pgp_priv_data *priv = DRVDATA(card);
|
|
|
|
|
struct blob *blob;
|
2011-05-23 17:32:43 +00:00
|
|
|
unsigned int path_start;
|
2003-10-31 16:01:00 +00:00
|
|
|
unsigned int n;
|
|
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_CALLED(card->ctx);
|
|
|
|
|
|
2003-10-31 16:01:00 +00:00
|
|
|
if (path->type == SC_PATH_TYPE_DF_NAME)
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, iso_ops->select_file(card, path, ret));
|
|
|
|
|
|
2003-10-31 16:01:00 +00:00
|
|
|
if (path->type != SC_PATH_TYPE_PATH)
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS,
|
|
|
|
|
"invalid path type");
|
|
|
|
|
|
2003-10-31 16:01:00 +00:00
|
|
|
if (path->len < 2 || (path->len & 1))
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS,
|
|
|
|
|
"invalid path length");
|
|
|
|
|
|
2011-05-23 17:32:43 +00:00
|
|
|
/* ignore explicitely mentioned MF at the path's beginning */
|
|
|
|
|
path_start = (memcmp(path->value, "\x3f\x00", 2) == 0) ? 2 : 0;
|
2003-10-31 16:01:00 +00:00
|
|
|
|
2011-05-23 17:32:43 +00:00
|
|
|
/* starting with the MF ... */
|
2011-05-23 17:30:56 +00:00
|
|
|
blob = priv->mf;
|
2011-05-23 17:32:43 +00:00
|
|
|
/* ... recurse through the tree following the path */
|
|
|
|
|
for (n = path_start; n < path->len; n += 2) {
|
|
|
|
|
unsigned int id = bebytes2ushort(path->value + n);
|
|
|
|
|
int r = pgp_get_blob(card, blob, id, &blob);
|
|
|
|
|
|
|
|
|
|
if (r < 0) { /* failure */
|
2003-10-31 16:01:00 +00:00
|
|
|
priv->current = NULL;
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, r);
|
2003-10-31 16:01:00 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:43 +00:00
|
|
|
/* success: select file = set "current" pointer to blob found */
|
2003-10-31 16:01:00 +00:00
|
|
|
priv->current = blob;
|
|
|
|
|
|
|
|
|
|
if (ret)
|
|
|
|
|
sc_file_dup(ret, blob->file);
|
2011-05-23 17:32:21 +00:00
|
|
|
|
|
|
|
|
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
2003-10-31 16:01:00 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* ABI: LIST FILES */
|
2003-10-31 16:01:00 +00:00
|
|
|
static int
|
|
|
|
|
pgp_list_files(sc_card_t *card, u8 *buf, size_t buflen)
|
|
|
|
|
{
|
|
|
|
|
struct pgp_priv_data *priv = DRVDATA(card);
|
|
|
|
|
struct blob *blob;
|
|
|
|
|
unsigned int k;
|
|
|
|
|
int r;
|
|
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_CALLED(card->ctx);
|
|
|
|
|
|
2011-05-23 17:32:36 +00:00
|
|
|
/* jump to selected file */
|
2003-11-20 15:41:28 +00:00
|
|
|
blob = priv->current;
|
2011-05-23 17:32:36 +00:00
|
|
|
|
2003-10-31 16:01:00 +00:00
|
|
|
if (blob->file->type != SC_FILE_TYPE_DF)
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, SC_ERROR_OBJECT_NOT_VALID,
|
|
|
|
|
"invalid file type");
|
2003-10-31 16:01:00 +00:00
|
|
|
|
2003-11-20 15:41:28 +00:00
|
|
|
if ((r = pgp_enumerate_blob(card, blob)) < 0)
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, r);
|
2003-10-31 16:01:00 +00:00
|
|
|
|
2011-06-01 11:17:26 +00:00
|
|
|
for (k = 0, blob = blob->files; blob != NULL; blob = blob->next) {
|
|
|
|
|
if (blob->info != NULL && (blob->info->access & READ_MASK) != READ_NEVER) {
|
|
|
|
|
if (k + 2 > buflen)
|
|
|
|
|
LOG_FUNC_RETURN(card->ctx, SC_ERROR_BUFFER_TOO_SMALL);
|
|
|
|
|
|
|
|
|
|
ushort2bebytes(buf + k, blob->id);
|
|
|
|
|
k += 2;
|
|
|
|
|
}
|
2003-10-31 16:01:00 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, k);
|
2003-10-31 16:01:00 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* ABI: READ BINARY */
|
2003-10-31 16:01:00 +00:00
|
|
|
static int
|
|
|
|
|
pgp_read_binary(sc_card_t *card, unsigned int idx,
|
|
|
|
|
u8 *buf, size_t count, unsigned long flags)
|
|
|
|
|
{
|
|
|
|
|
struct pgp_priv_data *priv = DRVDATA(card);
|
|
|
|
|
struct blob *blob;
|
2003-11-20 15:41:28 +00:00
|
|
|
int r;
|
2003-10-31 16:01:00 +00:00
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_CALLED(card->ctx);
|
|
|
|
|
|
2011-05-23 17:32:36 +00:00
|
|
|
/* jump to selected file */
|
|
|
|
|
blob = priv->current;
|
|
|
|
|
|
|
|
|
|
if (blob == NULL)
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, SC_ERROR_FILE_NOT_FOUND);
|
2003-10-31 16:01:00 +00:00
|
|
|
|
|
|
|
|
if (blob->file->type != SC_FILE_TYPE_WORKING_EF)
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, SC_ERROR_FILE_NOT_FOUND);
|
2003-10-31 16:01:00 +00:00
|
|
|
|
2003-11-20 15:41:28 +00:00
|
|
|
if ((r = pgp_read_blob(card, blob)) < 0)
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, r);
|
2003-11-20 15:41:28 +00:00
|
|
|
|
2003-10-31 16:01:00 +00:00
|
|
|
if (idx > blob->len)
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INCORRECT_PARAMETERS);
|
2003-10-31 16:01:00 +00:00
|
|
|
|
|
|
|
|
if (idx + count > blob->len)
|
|
|
|
|
count = blob->len - idx;
|
|
|
|
|
memcpy(buf, blob->data + idx, count);
|
2011-05-23 17:32:21 +00:00
|
|
|
|
|
|
|
|
LOG_FUNC_RETURN(card->ctx, count);
|
2003-10-31 16:01:00 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* ABI: WRITE BINARY */
|
2003-10-31 16:01:00 +00:00
|
|
|
static int
|
|
|
|
|
pgp_write_binary(sc_card_t *card, unsigned int idx,
|
|
|
|
|
const u8 *buf, size_t count, unsigned long flags)
|
|
|
|
|
{
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
|
2003-10-31 16:01:00 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* internal: get public key from card: as DF + sub-wEFs */
|
2003-10-31 16:01:00 +00:00
|
|
|
static int
|
|
|
|
|
pgp_get_pubkey(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len)
|
|
|
|
|
{
|
|
|
|
|
sc_apdu_t apdu;
|
|
|
|
|
u8 idbuf[2];
|
|
|
|
|
int r;
|
|
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
sc_log(card->ctx, "called, tag=%04x\n", tag);
|
2003-11-20 15:41:28 +00:00
|
|
|
|
2011-05-23 17:31:45 +00:00
|
|
|
sc_format_apdu(card, &apdu, SC_APDU_CASE_4, 0x47, 0x81, 0);
|
2003-10-31 16:01:00 +00:00
|
|
|
apdu.lc = 2;
|
2011-05-23 17:33:50 +00:00
|
|
|
apdu.data = ushort2bebytes(idbuf, tag);
|
2003-10-31 16:01:00 +00:00
|
|
|
apdu.datalen = 2;
|
2011-05-23 17:31:45 +00:00
|
|
|
apdu.le = ((buf_len >= 256) && !(card->caps & SC_CARD_CAP_APDU_EXT)) ? 256 : buf_len;
|
2003-10-31 16:01:00 +00:00
|
|
|
apdu.resp = buf;
|
|
|
|
|
apdu.resplen = buf_len;
|
|
|
|
|
|
|
|
|
|
r = sc_transmit_apdu(card, &apdu);
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
|
|
|
|
|
|
2003-10-31 16:01:00 +00:00
|
|
|
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, r, "Card returned error");
|
2003-10-31 16:01:00 +00:00
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, apdu.resplen);
|
2003-10-31 16:01:00 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* internal: get public key from card: as one wEF */
|
2003-11-20 15:41:28 +00:00
|
|
|
static int
|
|
|
|
|
pgp_get_pubkey_pem(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len)
|
|
|
|
|
{
|
|
|
|
|
struct pgp_priv_data *priv = DRVDATA(card);
|
|
|
|
|
struct blob *blob, *mod_blob, *exp_blob;
|
|
|
|
|
sc_pkcs15_pubkey_t pubkey;
|
|
|
|
|
u8 *data;
|
|
|
|
|
size_t len;
|
|
|
|
|
int r;
|
|
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
sc_log(card->ctx, "called, tag=%04x\n", tag);
|
2003-11-20 15:41:28 +00:00
|
|
|
|
2011-05-23 17:30:56 +00:00
|
|
|
if ((r = pgp_get_blob(card, priv->mf, tag & 0xFFFE, &blob)) < 0
|
2003-11-20 15:41:28 +00:00
|
|
|
|| (r = pgp_get_blob(card, blob, 0x7F49, &blob)) < 0
|
|
|
|
|
|| (r = pgp_get_blob(card, blob, 0x0081, &mod_blob)) < 0
|
|
|
|
|
|| (r = pgp_get_blob(card, blob, 0x0082, &exp_blob)) < 0
|
|
|
|
|
|| (r = pgp_read_blob(card, mod_blob)) < 0
|
|
|
|
|
|| (r = pgp_read_blob(card, exp_blob)) < 0)
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, r, "error getting elements");
|
2003-11-20 15:41:28 +00:00
|
|
|
|
|
|
|
|
memset(&pubkey, 0, sizeof(pubkey));
|
|
|
|
|
pubkey.algorithm = SC_ALGORITHM_RSA;
|
|
|
|
|
pubkey.u.rsa.modulus.data = mod_blob->data;
|
|
|
|
|
pubkey.u.rsa.modulus.len = mod_blob->len;
|
|
|
|
|
pubkey.u.rsa.exponent.data = exp_blob->data;
|
|
|
|
|
pubkey.u.rsa.exponent.len = exp_blob->len;
|
|
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
r = sc_pkcs15_encode_pubkey(card->ctx, &pubkey, &data, &len);
|
|
|
|
|
LOG_TEST_RET(card->ctx, r, "public key encoding failed");
|
2003-11-20 15:41:28 +00:00
|
|
|
|
|
|
|
|
if (len > buf_len)
|
|
|
|
|
len = buf_len;
|
|
|
|
|
memcpy(buf, data, len);
|
|
|
|
|
free(data);
|
2011-05-23 17:32:21 +00:00
|
|
|
|
|
|
|
|
LOG_FUNC_RETURN(card->ctx, len);
|
2003-11-20 15:41:28 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* ABI: GET DATA */
|
2003-10-30 17:04:22 +00:00
|
|
|
static int
|
|
|
|
|
pgp_get_data(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len)
|
|
|
|
|
{
|
|
|
|
|
sc_apdu_t apdu;
|
|
|
|
|
int r;
|
|
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_CALLED(card->ctx);
|
|
|
|
|
|
2011-05-23 17:31:50 +00:00
|
|
|
sc_format_apdu(card, &apdu, SC_APDU_CASE_2, 0xCA, tag >> 8, tag);
|
|
|
|
|
apdu.le = ((buf_len >= 256) && !(card->caps & SC_CARD_CAP_APDU_EXT)) ? 256 : buf_len;
|
2003-10-30 17:04:22 +00:00
|
|
|
apdu.resp = buf;
|
|
|
|
|
apdu.resplen = buf_len;
|
|
|
|
|
|
|
|
|
|
r = sc_transmit_apdu(card, &apdu);
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
|
|
|
|
|
|
2003-10-30 17:04:22 +00:00
|
|
|
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, r, "Card returned error");
|
2003-10-30 17:04:22 +00:00
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, apdu.resplen);
|
2003-10-30 17:04:22 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* ABI: PUT DATA */
|
2003-10-30 17:04:22 +00:00
|
|
|
static int
|
|
|
|
|
pgp_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t buf_len)
|
|
|
|
|
{
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
|
2003-10-30 17:04:22 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* ABI: PIN cmd: verify/change/unblock a PIN */
|
2003-10-30 17:04:22 +00:00
|
|
|
static int
|
|
|
|
|
pgp_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, int *tries_left)
|
|
|
|
|
{
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_CALLED(card->ctx);
|
|
|
|
|
|
2003-10-30 17:04:22 +00:00
|
|
|
if (data->pin_type != SC_AC_CHV)
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS,
|
|
|
|
|
"invalid PIN type");
|
2003-10-30 17:04:22 +00:00
|
|
|
|
|
|
|
|
data->pin_reference |= 0x80;
|
|
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, iso_ops->pin_cmd(card, data, tries_left));
|
2003-10-30 17:04:22 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* ABI: set security environment */
|
2003-10-30 17:04:22 +00:00
|
|
|
static int
|
|
|
|
|
pgp_set_security_env(sc_card_t *card,
|
2003-11-20 15:41:28 +00:00
|
|
|
const sc_security_env_t *env, int se_num)
|
2003-10-30 17:04:22 +00:00
|
|
|
{
|
2003-11-20 15:41:28 +00:00
|
|
|
struct pgp_priv_data *priv = DRVDATA(card);
|
|
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_CALLED(card->ctx);
|
|
|
|
|
|
|
|
|
|
if ((env->flags & SC_SEC_ENV_ALG_PRESENT) && (env->algorithm != SC_ALGORITHM_RSA))
|
|
|
|
|
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS,
|
|
|
|
|
"only RSA algorithm supported");
|
|
|
|
|
|
|
|
|
|
if (!(env->flags & SC_SEC_ENV_KEY_REF_PRESENT) || (env->key_ref_len != 1))
|
|
|
|
|
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS,
|
|
|
|
|
"exactly one key reference required");
|
|
|
|
|
|
2003-11-20 15:41:28 +00:00
|
|
|
if (env->flags & SC_SEC_ENV_FILE_REF_PRESENT)
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS,
|
|
|
|
|
"passing file references not supported");
|
2003-11-20 15:41:28 +00:00
|
|
|
|
|
|
|
|
switch (env->operation) {
|
|
|
|
|
case SC_SEC_OPERATION_SIGN:
|
2011-05-23 17:32:21 +00:00
|
|
|
if (env->key_ref[0] != 0x00 && env->key_ref[0] != 0x02) {
|
|
|
|
|
LOG_TEST_RET(card->ctx, SC_ERROR_NOT_SUPPORTED,
|
2003-11-20 15:41:28 +00:00
|
|
|
"Key reference not compatible with "
|
2011-05-23 17:32:21 +00:00
|
|
|
"requested usage");
|
2003-11-20 15:41:28 +00:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case SC_SEC_OPERATION_DECIPHER:
|
|
|
|
|
if (env->key_ref[0] != 0x01) {
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, SC_ERROR_NOT_SUPPORTED,
|
2003-11-20 15:41:28 +00:00
|
|
|
"Key reference not compatible with "
|
2011-05-23 17:32:21 +00:00
|
|
|
"requested usage");
|
2003-11-20 15:41:28 +00:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
default:
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS,
|
|
|
|
|
"invalid operation");
|
2003-11-20 15:41:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
priv->sec_env = *env;
|
2011-05-23 17:32:21 +00:00
|
|
|
|
|
|
|
|
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
2003-10-30 17:04:22 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* ABI: COMPUTE DIGITAL SIGNATURE */
|
2003-10-30 17:04:22 +00:00
|
|
|
static int
|
|
|
|
|
pgp_compute_signature(sc_card_t *card, const u8 *data,
|
|
|
|
|
size_t data_len, u8 * out, size_t outlen)
|
|
|
|
|
{
|
2003-11-20 15:41:28 +00:00
|
|
|
struct pgp_priv_data *priv = DRVDATA(card);
|
|
|
|
|
sc_security_env_t *env = &priv->sec_env;
|
|
|
|
|
sc_apdu_t apdu;
|
|
|
|
|
int r;
|
|
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_CALLED(card->ctx);
|
|
|
|
|
|
2003-11-20 15:41:28 +00:00
|
|
|
if (env->operation != SC_SEC_OPERATION_SIGN)
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS,
|
|
|
|
|
"invalid operation");
|
2003-11-20 15:41:28 +00:00
|
|
|
|
|
|
|
|
switch (env->key_ref[0]) {
|
|
|
|
|
case 0x00: /* signature key */
|
|
|
|
|
/* PSO SIGNATURE */
|
2011-05-23 17:31:50 +00:00
|
|
|
sc_format_apdu(card, &apdu, SC_APDU_CASE_4, 0x2A, 0x9E, 0x9A);
|
2003-11-20 15:41:28 +00:00
|
|
|
break;
|
|
|
|
|
case 0x02: /* authentication key */
|
|
|
|
|
/* INTERNAL AUTHENTICATE */
|
2011-05-23 17:31:50 +00:00
|
|
|
sc_format_apdu(card, &apdu, SC_APDU_CASE_4, 0x88, 0, 0);
|
2003-11-20 15:41:28 +00:00
|
|
|
break;
|
|
|
|
|
case 0x01:
|
|
|
|
|
default:
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS,
|
|
|
|
|
"invalid key reference");
|
2003-11-20 15:41:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
apdu.lc = data_len;
|
|
|
|
|
apdu.data = data;
|
|
|
|
|
apdu.datalen = data_len;
|
2011-05-23 17:31:50 +00:00
|
|
|
apdu.le = ((outlen >= 256) && !(card->caps & SC_CARD_CAP_APDU_EXT)) ? 256 : outlen;
|
2006-05-05 10:06:38 +00:00
|
|
|
apdu.resp = out;
|
2003-11-20 15:41:28 +00:00
|
|
|
apdu.resplen = outlen;
|
|
|
|
|
|
|
|
|
|
r = sc_transmit_apdu(card, &apdu);
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
|
|
|
|
|
|
2003-11-20 15:41:28 +00:00
|
|
|
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, r, "Card returned error");
|
2003-11-20 15:41:28 +00:00
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, apdu.resplen);
|
2003-11-20 15:41:28 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* ABI: DECIPHER */
|
2003-11-20 15:41:28 +00:00
|
|
|
static int
|
|
|
|
|
pgp_decipher(sc_card_t *card, const u8 *in, size_t inlen,
|
|
|
|
|
u8 *out, size_t outlen)
|
|
|
|
|
{
|
|
|
|
|
struct pgp_priv_data *priv = DRVDATA(card);
|
|
|
|
|
sc_security_env_t *env = &priv->sec_env;
|
|
|
|
|
sc_apdu_t apdu;
|
|
|
|
|
u8 *temp = NULL;
|
|
|
|
|
int r;
|
|
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_CALLED(card->ctx);
|
|
|
|
|
|
2003-11-20 15:41:28 +00:00
|
|
|
/* There's some funny padding indicator that must be
|
|
|
|
|
* prepended... hmm. */
|
Do not cast the return value of malloc(3) and calloc(3)
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-18 15:08:51 +00:00
|
|
|
if (!(temp = malloc(inlen + 1)))
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
|
2005-12-05 21:39:58 +00:00
|
|
|
temp[0] = '\0';
|
|
|
|
|
memcpy(temp + 1, in, inlen);
|
|
|
|
|
in = temp;
|
|
|
|
|
inlen += 1;
|
2003-11-20 15:41:28 +00:00
|
|
|
|
2005-12-05 21:39:58 +00:00
|
|
|
if (env->operation != SC_SEC_OPERATION_DECIPHER) {
|
|
|
|
|
free(temp);
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS,
|
|
|
|
|
"invalid operation");
|
2005-12-05 21:39:58 +00:00
|
|
|
}
|
2003-11-20 15:41:28 +00:00
|
|
|
|
|
|
|
|
switch (env->key_ref[0]) {
|
|
|
|
|
case 0x01: /* Decryption key */
|
|
|
|
|
/* PSO DECIPHER */
|
2011-05-23 17:31:50 +00:00
|
|
|
sc_format_apdu(card, &apdu, SC_APDU_CASE_4, 0x2A, 0x80, 0x86);
|
2003-11-20 15:41:28 +00:00
|
|
|
break;
|
|
|
|
|
case 0x00: /* signature key */
|
|
|
|
|
case 0x02: /* authentication key */
|
|
|
|
|
default:
|
2005-12-05 21:39:58 +00:00
|
|
|
free(temp);
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS,
|
|
|
|
|
"invalid key reference");
|
2003-11-20 15:41:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
apdu.lc = inlen;
|
|
|
|
|
apdu.data = in;
|
|
|
|
|
apdu.datalen = inlen;
|
2011-05-23 17:31:50 +00:00
|
|
|
apdu.le = ((outlen >= 256) && !(card->caps & SC_CARD_CAP_APDU_EXT)) ? 256 : outlen;
|
2003-11-20 15:41:28 +00:00
|
|
|
apdu.resp = out;
|
|
|
|
|
apdu.resplen = outlen;
|
|
|
|
|
|
|
|
|
|
r = sc_transmit_apdu(card, &apdu);
|
2005-12-05 21:39:58 +00:00
|
|
|
free(temp);
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
|
2005-12-05 21:39:58 +00:00
|
|
|
|
2003-11-20 15:41:28 +00:00
|
|
|
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_TEST_RET(card->ctx, r, "Card returned error");
|
2003-11-20 15:41:28 +00:00
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, apdu.resplen);
|
2003-10-30 17:04:22 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* ABI: card ctl: perform special card-specific operations */
|
2011-05-23 17:32:00 +00:00
|
|
|
static int pgp_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr)
|
|
|
|
|
{
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_CALLED(card->ctx);
|
|
|
|
|
|
2011-05-23 17:32:00 +00:00
|
|
|
switch(cmd) {
|
|
|
|
|
case SC_CARDCTL_GET_SERIALNR:
|
|
|
|
|
memmove((sc_serial_number_t *) ptr, &card->serialnr, sizeof(card->serialnr));
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
2011-05-23 17:32:00 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:21 +00:00
|
|
|
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
|
2011-05-23 17:32:00 +00:00
|
|
|
}
|
|
|
|
|
|
2011-05-23 17:32:10 +00:00
|
|
|
|
|
|
|
|
/* ABI: driver binding stuff */
|
2003-10-30 17:04:22 +00:00
|
|
|
static struct sc_card_driver *
|
|
|
|
|
sc_get_driver(void)
|
|
|
|
|
{
|
|
|
|
|
struct sc_card_driver *iso_drv = sc_get_iso7816_driver();
|
|
|
|
|
|
|
|
|
|
iso_ops = iso_drv->ops;
|
|
|
|
|
|
|
|
|
|
pgp_ops = *iso_ops;
|
2003-10-31 16:01:00 +00:00
|
|
|
pgp_ops.match_card = pgp_match_card;
|
|
|
|
|
pgp_ops.init = pgp_init;
|
|
|
|
|
pgp_ops.finish = pgp_finish;
|
|
|
|
|
pgp_ops.select_file = pgp_select_file;
|
|
|
|
|
pgp_ops.list_files = pgp_list_files;
|
|
|
|
|
pgp_ops.read_binary = pgp_read_binary;
|
|
|
|
|
pgp_ops.write_binary = pgp_write_binary;
|
|
|
|
|
pgp_ops.pin_cmd = pgp_pin_cmd;
|
|
|
|
|
pgp_ops.get_data = pgp_get_data;
|
|
|
|
|
pgp_ops.put_data = pgp_put_data;
|
|
|
|
|
pgp_ops.set_security_env= pgp_set_security_env;
|
|
|
|
|
pgp_ops.compute_signature= pgp_compute_signature;
|
2003-11-20 15:41:28 +00:00
|
|
|
pgp_ops.decipher = pgp_decipher;
|
2011-05-23 17:32:00 +00:00
|
|
|
pgp_ops.card_ctl = pgp_card_ctl;
|
2003-10-30 17:04:22 +00:00
|
|
|
|
2006-06-17 12:24:04 +00:00
|
|
|
return &pgp_drv;
|
2003-10-30 17:04:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct sc_card_driver *
|
|
|
|
|
sc_get_openpgp_driver(void)
|
|
|
|
|
{
|
|
|
|
|
return sc_get_driver();
|
|
|
|
|
}
|
