2004-05-04 18:13:36 +00:00
|
|
|
/*
|
2005-04-17 16:43:31 +00:00
|
|
|
* PKCS15 emulation layer for 1202, 1203 and 1400 Infocamere card.
|
2004-11-02 21:46:23 +00:00
|
|
|
* To see how this works, run p15dump on your Infocamere card.
|
2004-05-04 18:13:36 +00:00
|
|
|
*
|
2005-04-17 16:43:31 +00:00
|
|
|
* Copyright (C) 2005, Sirio Capizzi <graaf@virgilio.it>
|
2004-05-04 18:13:36 +00:00
|
|
|
* Copyright (C) 2004, Antonino Iacono <ant_iacono@tin.it>
|
|
|
|
|
* Copyright (C) 2003, Olaf Kirch <okir@suse.de>
|
|
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
*/
|
|
|
|
|
|
2015-04-22 21:55:33 +00:00
|
|
|
#if HAVE_CONFIG_H
|
2010-03-04 08:14:36 +00:00
|
|
|
#include "config.h"
|
2015-04-22 21:55:33 +00:00
|
|
|
#endif
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2004-05-04 18:13:36 +00:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <stdio.h>
|
2008-03-06 16:06:59 +00:00
|
|
|
#ifdef ENABLE_ZLIB
|
2005-04-17 16:43:31 +00:00
|
|
|
#include <zlib.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2010-03-04 08:14:36 +00:00
|
|
|
#include "common/compat_strlcpy.h"
|
|
|
|
|
#include "pkcs15.h"
|
|
|
|
|
#include "log.h"
|
|
|
|
|
|
2016-04-05 17:44:37 +00:00
|
|
|
int sc_pkcs15emu_infocamere_init_ex(sc_pkcs15_card_t *, struct sc_aid *aid,
|
2015-10-14 20:57:10 +00:00
|
|
|
sc_pkcs15emu_opt_t *);
|
2004-12-15 17:34:15 +00:00
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
static int (*set_security_env) (sc_card_t *, const sc_security_env_t *,
|
2015-10-14 20:57:10 +00:00
|
|
|
int);
|
2004-11-02 21:46:23 +00:00
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
static int set_sec_env(sc_card_t * card, const sc_security_env_t * env,
|
2015-10-14 20:57:10 +00:00
|
|
|
int se_num)
|
2004-11-02 21:46:23 +00:00
|
|
|
{
|
2005-03-08 20:59:35 +00:00
|
|
|
sc_security_env_t tenv = *env;
|
2004-11-02 21:46:23 +00:00
|
|
|
if (tenv.operation == SC_SEC_OPERATION_SIGN)
|
|
|
|
|
tenv.operation = SC_SEC_OPERATION_DECIPHER;
|
|
|
|
|
return set_security_env(card, &tenv, se_num);
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
static int do_sign(sc_card_t * card, const u8 * in, size_t inlen, u8 * out,
|
2015-10-14 20:57:10 +00:00
|
|
|
size_t outlen)
|
2004-11-02 21:46:23 +00:00
|
|
|
{
|
|
|
|
|
return card->ops->decipher(card, in, inlen, out, outlen);
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
static void set_string(char **strp, const char *value)
|
2004-05-04 18:13:36 +00:00
|
|
|
{
|
|
|
|
|
if (*strp)
|
2005-03-18 20:36:52 +00:00
|
|
|
free(*strp);
|
2005-04-17 16:43:31 +00:00
|
|
|
*strp = value ? strdup(value) : NULL;
|
2004-05-04 18:13:36 +00:00
|
|
|
}
|
|
|
|
|
|
2005-10-30 21:42:35 +00:00
|
|
|
#if 1
|
|
|
|
|
/* XXX: temporary copy of the old pkcs15emu functions,
|
|
|
|
|
* to be removed */
|
|
|
|
|
static int sc_pkcs15emu_add_pin(sc_pkcs15_card_t *p15card,
|
2015-10-14 20:57:10 +00:00
|
|
|
const sc_pkcs15_id_t *id, const char *label,
|
|
|
|
|
const sc_path_t *path, int ref, int type,
|
|
|
|
|
unsigned int min_length,
|
|
|
|
|
unsigned int max_length,
|
|
|
|
|
int flags, int tries_left, const char pad_char, int obj_flags)
|
2005-10-30 21:42:35 +00:00
|
|
|
{
|
2015-10-14 20:57:10 +00:00
|
|
|
sc_pkcs15_auth_info_t info;
|
2005-10-30 21:42:35 +00:00
|
|
|
sc_pkcs15_object_t obj;
|
|
|
|
|
|
|
|
|
|
memset(&info, 0, sizeof(info));
|
|
|
|
|
memset(&obj, 0, sizeof(obj));
|
|
|
|
|
|
2011-06-05 15:46:25 +00:00
|
|
|
info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
2015-10-14 20:57:10 +00:00
|
|
|
info.auth_id = *id;
|
|
|
|
|
info.attrs.pin.min_length = min_length;
|
|
|
|
|
info.attrs.pin.max_length = max_length;
|
|
|
|
|
info.attrs.pin.stored_length = max_length;
|
|
|
|
|
info.attrs.pin.type = type;
|
|
|
|
|
info.attrs.pin.reference = ref;
|
|
|
|
|
info.attrs.pin.flags = flags;
|
|
|
|
|
info.attrs.pin.pad_char = pad_char;
|
|
|
|
|
info.tries_left = tries_left;
|
2016-08-11 16:26:01 +00:00
|
|
|
info.logged_in = SC_PIN_STATE_UNKNOWN;
|
2015-10-14 20:57:10 +00:00
|
|
|
|
|
|
|
|
if (path)
|
|
|
|
|
info.path = *path;
|
|
|
|
|
if (type == SC_PKCS15_PIN_TYPE_BCD)
|
|
|
|
|
info.attrs.pin.stored_length /= 2;
|
2005-10-30 21:42:35 +00:00
|
|
|
|
2006-07-12 08:12:38 +00:00
|
|
|
strlcpy(obj.label, label, sizeof(obj.label));
|
2005-10-30 21:42:35 +00:00
|
|
|
obj.flags = obj_flags;
|
|
|
|
|
|
2015-10-14 20:57:10 +00:00
|
|
|
return sc_pkcs15emu_add_pin_obj(p15card, &obj, &info);
|
2005-10-30 21:42:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int sc_pkcs15emu_add_prkey(sc_pkcs15_card_t *p15card,
|
2015-10-14 20:57:10 +00:00
|
|
|
const sc_pkcs15_id_t *id,
|
|
|
|
|
const char *label,
|
|
|
|
|
int type, unsigned int modulus_length, int usage,
|
|
|
|
|
const sc_path_t *path, int ref,
|
|
|
|
|
const sc_pkcs15_id_t *auth_id, int obj_flags)
|
2005-10-30 21:42:35 +00:00
|
|
|
{
|
2015-10-14 20:57:10 +00:00
|
|
|
sc_pkcs15_prkey_info_t info;
|
2005-10-30 21:42:35 +00:00
|
|
|
sc_pkcs15_object_t obj;
|
|
|
|
|
|
|
|
|
|
memset(&info, 0, sizeof(info));
|
|
|
|
|
memset(&obj, 0, sizeof(obj));
|
|
|
|
|
|
2015-10-14 20:57:10 +00:00
|
|
|
info.id = *id;
|
|
|
|
|
info.modulus_length = modulus_length;
|
|
|
|
|
info.usage = usage;
|
|
|
|
|
info.native = 1;
|
|
|
|
|
info.key_reference = ref;
|
2005-10-30 21:42:35 +00:00
|
|
|
|
2015-10-14 20:57:10 +00:00
|
|
|
if (path)
|
|
|
|
|
info.path = *path;
|
2005-10-30 21:42:35 +00:00
|
|
|
|
|
|
|
|
obj.flags = obj_flags;
|
2006-07-12 08:12:38 +00:00
|
|
|
strlcpy(obj.label, label, sizeof(obj.label));
|
2005-10-30 21:42:35 +00:00
|
|
|
if (auth_id != NULL)
|
|
|
|
|
obj.auth_id = *auth_id;
|
|
|
|
|
|
2015-10-14 20:57:10 +00:00
|
|
|
return sc_pkcs15emu_add_rsa_prkey(p15card, &obj, &info);
|
2005-10-30 21:42:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int sc_pkcs15emu_add_cert(sc_pkcs15_card_t *p15card,
|
2015-10-14 20:57:10 +00:00
|
|
|
int type, int authority, const sc_path_t *path,
|
|
|
|
|
const sc_pkcs15_id_t *id, const char *label, int obj_flags)
|
2005-10-30 21:42:35 +00:00
|
|
|
{
|
|
|
|
|
/* const char *label = "Certificate"; */
|
|
|
|
|
sc_pkcs15_cert_info_t info;
|
|
|
|
|
sc_pkcs15_object_t obj;
|
|
|
|
|
|
|
|
|
|
memset(&info, 0, sizeof(info));
|
|
|
|
|
memset(&obj, 0, sizeof(obj));
|
|
|
|
|
|
|
|
|
|
info.id = *id;
|
|
|
|
|
info.authority = authority;
|
|
|
|
|
if (path)
|
|
|
|
|
info.path = *path;
|
|
|
|
|
|
2006-07-12 08:12:38 +00:00
|
|
|
strlcpy(obj.label, label, sizeof(obj.label));
|
2005-10-30 21:42:35 +00:00
|
|
|
obj.flags = obj_flags;
|
|
|
|
|
|
|
|
|
|
return sc_pkcs15emu_add_x509_cert(p15card, &obj, &info);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
static int infocamere_1200_init(sc_pkcs15_card_t * p15card)
|
2004-05-04 18:13:36 +00:00
|
|
|
{
|
2005-04-17 16:43:31 +00:00
|
|
|
const int prkey_usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION;
|
|
|
|
|
const int authprkey_usage = SC_PKCS15_PRKEY_USAGE_SIGN
|
2015-10-14 20:57:10 +00:00
|
|
|
| SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
|
|
|
|
|
| SC_PKCS15_PRKEY_USAGE_ENCRYPT
|
|
|
|
|
| SC_PKCS15_PRKEY_USAGE_DECRYPT;
|
2005-04-17 16:43:31 +00:00
|
|
|
|
|
|
|
|
sc_card_t *card = p15card->card;
|
|
|
|
|
sc_path_t path;
|
|
|
|
|
sc_pkcs15_id_t id, auth_id;
|
|
|
|
|
char serial[256];
|
|
|
|
|
unsigned char certlen[2];
|
|
|
|
|
int authority, change_sign = 0;
|
2005-04-24 16:17:20 +00:00
|
|
|
struct sc_pkcs15_cert_info cert_info;
|
2015-10-14 20:57:10 +00:00
|
|
|
struct sc_pkcs15_object cert_obj;
|
2005-04-17 16:43:31 +00:00
|
|
|
|
|
|
|
|
const char *label = "User Non-repudiation Certificate";
|
|
|
|
|
const char *calabel = "CA Certificate";
|
|
|
|
|
const char *authlabel = "User Authentication Certificate";
|
|
|
|
|
|
|
|
|
|
const char *infocamere_cert_path[2] = {
|
|
|
|
|
"DF01C000",
|
|
|
|
|
"3F00000011111A02"
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const char *infocamere_auth_certpath[2] = {
|
|
|
|
|
"11111A02",
|
|
|
|
|
"000011111B02"
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const char *infocamere_cacert_path[2] = {
|
|
|
|
|
"DF01C008",
|
|
|
|
|
"000011114101"
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const char *infocamere_auth_path[2] = {
|
|
|
|
|
"3F001111",
|
|
|
|
|
"3F0000001111"
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const char *infocamere_nrepud_path[2] = {
|
|
|
|
|
"3F00DF01",
|
|
|
|
|
"3F0000001111"
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const int infocamere_idpin_auth_obj[2] = {
|
|
|
|
|
0x95,
|
|
|
|
|
0x81
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const int infocamere_idpin_nrepud_obj[2] = {
|
|
|
|
|
0x99,
|
|
|
|
|
0x81
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const int infocamere_idprkey_auth_obj[2] = {
|
|
|
|
|
0x9B,
|
|
|
|
|
0x01
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const int infocamere_idprkey_nrepud_obj[2] = {
|
|
|
|
|
0x84,
|
|
|
|
|
0x01
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const char *authPIN = "Authentication PIN";
|
|
|
|
|
const char *nonrepPIN = "Non-repudiation PIN";
|
|
|
|
|
|
|
|
|
|
const char *authPRKEY = "Authentication Key";
|
|
|
|
|
const char *nonrepPRKEY = "Non repudiation Key";
|
|
|
|
|
|
|
|
|
|
const int flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE |
|
2015-10-14 20:57:10 +00:00
|
|
|
SC_PKCS15_PIN_FLAG_INITIALIZED |
|
|
|
|
|
SC_PKCS15_PIN_FLAG_NEEDS_PADDING;
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2017-09-13 10:21:59 +00:00
|
|
|
int r;
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2018-02-23 22:15:03 +00:00
|
|
|
unsigned char chn[8];
|
|
|
|
|
size_t chn_len = sizeof chn;
|
|
|
|
|
sc_serial_number_t iccsn;
|
|
|
|
|
iccsn.len = sizeof iccsn.value;
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2018-02-23 22:15:03 +00:00
|
|
|
|
|
|
|
|
r = sc_parse_ef_gdo(card, iccsn.value, &iccsn.len, chn, &chn_len);
|
2017-09-13 10:21:59 +00:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2018-02-23 22:15:03 +00:00
|
|
|
if (!iccsn.len || chn_len < 2 || chn_len > 8) {
|
2005-04-24 16:17:20 +00:00
|
|
|
return SC_ERROR_WRONG_CARD;
|
2005-04-17 16:43:31 +00:00
|
|
|
}
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2018-02-23 22:15:03 +00:00
|
|
|
sc_bin_to_hex(iccsn.value, iccsn.len, serial, sizeof(serial), 0);
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
if (!
|
2017-09-13 10:21:59 +00:00
|
|
|
(chn[0] == 0x12
|
|
|
|
|
&& (chn[1] == 0x02 || chn[1] == 0x03))) {
|
2005-04-17 16:43:31 +00:00
|
|
|
/* Not Infocamere Card */
|
2005-04-24 16:17:20 +00:00
|
|
|
return SC_ERROR_WRONG_CARD;
|
2005-04-17 16:43:31 +00:00
|
|
|
}
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2010-10-05 15:44:58 +00:00
|
|
|
set_string(&p15card->tokeninfo->serial_number, serial);
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2017-09-13 10:21:59 +00:00
|
|
|
if (chn[1] == 0x02)
|
2010-10-05 15:44:58 +00:00
|
|
|
set_string(&p15card->tokeninfo->label, "Infocamere 1202 Card");
|
2004-11-02 21:46:23 +00:00
|
|
|
else {
|
2010-10-05 15:44:58 +00:00
|
|
|
set_string(&p15card->tokeninfo->label, "Infocamere 1203 Card");
|
2004-11-02 21:46:23 +00:00
|
|
|
change_sign = 1;
|
|
|
|
|
}
|
|
|
|
|
|
2010-10-05 15:44:58 +00:00
|
|
|
set_string(&p15card->tokeninfo->manufacturer_id, "Infocamere");
|
2004-05-04 18:13:36 +00:00
|
|
|
|
|
|
|
|
authority = 0;
|
|
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
/* Get the authentication certificate length */
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2017-09-13 10:21:59 +00:00
|
|
|
sc_format_path(infocamere_auth_certpath[chn[1]-2], &path);
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2005-04-24 16:17:20 +00:00
|
|
|
r = sc_select_file(card, &path, NULL);
|
|
|
|
|
|
|
|
|
|
if (r >= 0) {
|
|
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
sc_read_binary(card, 0, certlen, 2, 0);
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
/* Now set the certificate offset/len */
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
path.index = 2;
|
|
|
|
|
path.count = (certlen[1] << 8) + certlen[0];
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2005-04-24 16:17:20 +00:00
|
|
|
memset(&cert_info, 0, sizeof(cert_info));
|
2015-10-14 20:57:10 +00:00
|
|
|
memset(&cert_obj, 0, sizeof(cert_obj));
|
2005-04-24 16:17:20 +00:00
|
|
|
|
2016-05-09 20:48:41 +00:00
|
|
|
sc_pkcs15_format_id("01", &cert_info.id);
|
2015-10-14 20:57:10 +00:00
|
|
|
cert_info.authority = authority;
|
|
|
|
|
cert_info.path = path;
|
2006-07-12 08:12:38 +00:00
|
|
|
strlcpy(cert_obj.label, authlabel, sizeof(cert_obj.label));
|
2015-10-14 20:57:10 +00:00
|
|
|
cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE;
|
2004-11-02 21:46:23 +00:00
|
|
|
|
2005-04-24 16:17:20 +00:00
|
|
|
r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
|
2015-10-14 20:57:10 +00:00
|
|
|
if (r < 0)
|
|
|
|
|
return SC_ERROR_INTERNAL;
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2005-04-10 20:59:11 +00:00
|
|
|
/* XXX: the IDs for the key/pin in case of the 1203 type
|
|
|
|
|
* are wrong, therefore I disable them for now -- Nils */
|
|
|
|
|
if (!change_sign) {
|
2015-10-14 20:57:10 +00:00
|
|
|
/* add authentication PIN */
|
2004-11-02 21:46:23 +00:00
|
|
|
|
2017-09-13 10:21:59 +00:00
|
|
|
sc_format_path(infocamere_auth_path[chn[1]-2], &path);
|
2004-11-02 21:46:23 +00:00
|
|
|
|
2016-05-09 20:48:41 +00:00
|
|
|
sc_pkcs15_format_id("01", &id);
|
2015-10-14 20:57:10 +00:00
|
|
|
sc_pkcs15emu_add_pin(p15card, &id,
|
2017-09-13 10:21:59 +00:00
|
|
|
authPIN, &path, infocamere_idpin_auth_obj[chn[1]-2],
|
2015-10-14 20:57:10 +00:00
|
|
|
SC_PKCS15_PIN_TYPE_ASCII_NUMERIC,
|
|
|
|
|
5, 8, flags, 3, 0,
|
|
|
|
|
SC_PKCS15_CO_FLAG_MODIFIABLE | SC_PKCS15_CO_FLAG_PRIVATE);
|
2004-11-02 21:46:23 +00:00
|
|
|
|
2015-10-14 20:57:10 +00:00
|
|
|
/* add authentication private key */
|
2004-11-02 21:46:23 +00:00
|
|
|
|
2015-10-14 20:57:10 +00:00
|
|
|
auth_id.value[0] = 1;
|
|
|
|
|
auth_id.len = 1;
|
|
|
|
|
|
|
|
|
|
sc_pkcs15emu_add_prkey(p15card, &id,
|
|
|
|
|
authPRKEY,
|
|
|
|
|
SC_PKCS15_TYPE_PRKEY_RSA,
|
|
|
|
|
1024, authprkey_usage,
|
2017-09-13 10:21:59 +00:00
|
|
|
&path, infocamere_idprkey_auth_obj[chn[1]-2],
|
2015-10-14 20:57:10 +00:00
|
|
|
&auth_id, SC_PKCS15_CO_FLAG_PRIVATE);
|
2005-04-10 20:59:11 +00:00
|
|
|
}
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
}
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
/* Get the non-repudiation certificate length */
|
2004-11-02 21:46:23 +00:00
|
|
|
|
2017-09-13 10:21:59 +00:00
|
|
|
sc_format_path(infocamere_cert_path[chn[1]-2], &path);
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2015-10-14 20:57:10 +00:00
|
|
|
if (sc_select_file(card, &path, NULL) < 0) {
|
2005-04-24 16:17:20 +00:00
|
|
|
return SC_ERROR_INTERNAL;
|
2015-10-14 20:57:10 +00:00
|
|
|
}
|
2004-05-04 18:13:36 +00:00
|
|
|
|
|
|
|
|
sc_read_binary(card, 0, certlen, 2, 0);
|
|
|
|
|
|
|
|
|
|
/* Now set the certificate offset/len */
|
|
|
|
|
path.index = 2;
|
|
|
|
|
path.count = (certlen[1] << 8) + certlen[0];
|
2015-10-14 20:57:10 +00:00
|
|
|
|
|
|
|
|
memset(&cert_info, 0, sizeof(cert_info));
|
|
|
|
|
memset(&cert_obj, 0, sizeof(cert_obj));
|
2004-11-02 21:46:23 +00:00
|
|
|
|
2016-05-09 20:48:41 +00:00
|
|
|
sc_pkcs15_format_id("02", &cert_info.id);
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2015-10-14 20:57:10 +00:00
|
|
|
cert_info.authority = authority;
|
|
|
|
|
cert_info.path = path;
|
|
|
|
|
strlcpy(cert_obj.label, label, sizeof(cert_obj.label));
|
|
|
|
|
cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE;
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2005-04-24 16:17:20 +00:00
|
|
|
r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
|
2015-10-14 20:57:10 +00:00
|
|
|
if (r < 0)
|
|
|
|
|
return SC_ERROR_INTERNAL;
|
2004-05-04 18:13:36 +00:00
|
|
|
|
|
|
|
|
/* Get the CA certificate length */
|
|
|
|
|
|
|
|
|
|
authority = 1;
|
|
|
|
|
|
2017-09-13 10:21:59 +00:00
|
|
|
sc_format_path(infocamere_cacert_path[chn[1]-2], &path);
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2005-04-24 16:17:20 +00:00
|
|
|
r = sc_select_file(card, &path, NULL);
|
|
|
|
|
|
|
|
|
|
if (r >= 0) {
|
2005-10-07 20:04:33 +00:00
|
|
|
size_t len;
|
2005-04-24 16:17:20 +00:00
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
sc_read_binary(card, 0, certlen, 2, 0);
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2005-10-07 20:04:33 +00:00
|
|
|
len = (certlen[1] << 8) + certlen[0];
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2005-10-07 20:04:33 +00:00
|
|
|
if (len != 0) {
|
|
|
|
|
/* Now set the certificate offset/len */
|
|
|
|
|
path.index = 2;
|
|
|
|
|
path.count = len;
|
2005-04-24 16:17:20 +00:00
|
|
|
|
2005-10-07 20:04:33 +00:00
|
|
|
memset(&cert_info, 0, sizeof(cert_info));
|
2015-10-14 20:57:10 +00:00
|
|
|
memset(&cert_obj, 0, sizeof(cert_obj));
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2016-05-09 20:48:41 +00:00
|
|
|
sc_pkcs15_format_id("03", &cert_info.id);
|
2015-10-14 20:57:10 +00:00
|
|
|
cert_info.authority = authority;
|
|
|
|
|
cert_info.path = path;
|
|
|
|
|
strlcpy(cert_obj.label, calabel, sizeof(cert_obj.label));
|
|
|
|
|
cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE;
|
2005-10-07 20:04:33 +00:00
|
|
|
|
|
|
|
|
r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
|
2015-10-14 20:57:10 +00:00
|
|
|
if (r < 0)
|
|
|
|
|
return SC_ERROR_INTERNAL;
|
2005-10-07 20:04:33 +00:00
|
|
|
}
|
2005-10-28 18:10:15 +00:00
|
|
|
}
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2015-10-14 20:57:10 +00:00
|
|
|
/* add non repudiation PIN */
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2017-09-13 10:21:59 +00:00
|
|
|
sc_format_path(infocamere_nrepud_path[chn[1]-2], &path);
|
2005-04-25 21:00:10 +00:00
|
|
|
|
2016-05-09 20:48:41 +00:00
|
|
|
sc_pkcs15_format_id("02", &id);
|
2005-04-17 16:43:31 +00:00
|
|
|
sc_pkcs15emu_add_pin(p15card, &id,
|
2017-09-13 10:21:59 +00:00
|
|
|
nonrepPIN, &path, infocamere_idpin_nrepud_obj[chn[1]-2],
|
2015-10-14 20:57:10 +00:00
|
|
|
SC_PKCS15_PIN_TYPE_ASCII_NUMERIC, 5, 8, flags, 3, 0,
|
|
|
|
|
SC_PKCS15_CO_FLAG_MODIFIABLE | SC_PKCS15_CO_FLAG_PRIVATE);
|
2004-05-04 18:13:36 +00:00
|
|
|
|
|
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
/* add non repudiation private key */
|
2004-11-02 21:46:23 +00:00
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
auth_id.value[0] = 2;
|
|
|
|
|
auth_id.len = 1;
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
sc_pkcs15emu_add_prkey(p15card, &id, nonrepPRKEY,
|
2015-10-14 20:57:10 +00:00
|
|
|
SC_PKCS15_TYPE_PRKEY_RSA,
|
|
|
|
|
1024, prkey_usage,
|
2017-09-13 10:21:59 +00:00
|
|
|
&path, infocamere_idprkey_nrepud_obj[chn[1]-2],
|
2015-10-14 20:57:10 +00:00
|
|
|
&auth_id, SC_PKCS15_CO_FLAG_PRIVATE);
|
2004-05-04 18:13:36 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/* return to MF */
|
|
|
|
|
sc_format_path("3F00", &path);
|
2005-12-05 21:51:50 +00:00
|
|
|
r = sc_select_file(card, &path, NULL);
|
|
|
|
|
if (r != SC_SUCCESS)
|
|
|
|
|
return r;
|
2004-05-04 18:13:36 +00:00
|
|
|
|
2004-11-02 21:46:23 +00:00
|
|
|
if (change_sign) {
|
|
|
|
|
/* save old signature funcs */
|
2005-04-17 16:43:31 +00:00
|
|
|
set_security_env = card->ops->set_security_env;
|
2005-02-06 20:46:15 +00:00
|
|
|
/* set new one */
|
2005-04-17 16:43:31 +00:00
|
|
|
card->ops->set_security_env = set_sec_env;
|
2005-02-06 20:46:15 +00:00
|
|
|
card->ops->compute_signature = do_sign;
|
2004-11-02 21:46:23 +00:00
|
|
|
}
|
|
|
|
|
|
2005-04-24 16:17:20 +00:00
|
|
|
return SC_SUCCESS;
|
2005-04-17 16:43:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int infocamere_1400_set_sec_env(struct sc_card *card,
|
2015-10-14 20:57:10 +00:00
|
|
|
const struct sc_security_env *env,
|
|
|
|
|
int se_num)
|
2005-04-17 16:43:31 +00:00
|
|
|
{
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
struct sc_security_env tenv = *env;
|
|
|
|
|
if (tenv.operation == SC_SEC_OPERATION_SIGN)
|
|
|
|
|
tenv.operation = SC_SEC_OPERATION_DECIPHER;
|
|
|
|
|
|
|
|
|
|
if ((r =
|
2015-10-14 20:57:10 +00:00
|
|
|
card->ops->restore_security_env(card, 0x40)) == SC_SUCCESS)
|
2005-04-17 16:43:31 +00:00
|
|
|
return set_security_env(card, &tenv, se_num);
|
|
|
|
|
else
|
|
|
|
|
return r;
|
2004-05-04 18:13:36 +00:00
|
|
|
}
|
|
|
|
|
|
2008-03-06 16:06:59 +00:00
|
|
|
#ifdef ENABLE_ZLIB
|
2005-10-28 18:10:15 +00:00
|
|
|
|
|
|
|
|
static const u8 ATR_1400[] =
|
2015-10-14 20:57:10 +00:00
|
|
|
{ 0x3b, 0xfc, 0x98, 0x00, 0xff, 0xc1, 0x10, 0x31, 0xfe, 0x55, 0xc8,
|
2005-10-28 18:10:15 +00:00
|
|
|
0x03, 0x49, 0x6e, 0x66, 0x6f, 0x63, 0x61, 0x6d, 0x65, 0x72, 0x65,
|
|
|
|
|
0x28
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* Loads certificates.
|
2015-10-14 20:57:10 +00:00
|
|
|
* Certificates are stored in a ZLib compressed form with
|
|
|
|
|
* a 4 byte header, so we extract, decompress and cache
|
|
|
|
|
* them.
|
|
|
|
|
*/
|
2005-10-28 18:10:15 +00:00
|
|
|
static int loadCertificate(sc_pkcs15_card_t * p15card, int i,
|
2015-10-14 20:57:10 +00:00
|
|
|
const char *certPath, const char *certLabel)
|
2005-10-28 18:10:15 +00:00
|
|
|
{
|
|
|
|
|
unsigned char *compCert = NULL, *cert = NULL, size[2];
|
|
|
|
|
unsigned long int compLen, len;
|
|
|
|
|
sc_pkcs15_cert_info_t cert_info;
|
|
|
|
|
sc_pkcs15_object_t cert_obj;
|
|
|
|
|
sc_path_t cpath;
|
|
|
|
|
sc_card_t *card = p15card->card;
|
|
|
|
|
sc_pkcs15_id_t id;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
memset(&cert_info, 0, sizeof(cert_info));
|
|
|
|
|
memset(&cert_obj, 0, sizeof(cert_obj));
|
|
|
|
|
|
|
|
|
|
sc_format_path(certPath, &cpath);
|
|
|
|
|
|
|
|
|
|
if (sc_select_file(card, &cpath, NULL) != SC_SUCCESS)
|
|
|
|
|
return SC_ERROR_WRONG_CARD;
|
|
|
|
|
|
|
|
|
|
sc_read_binary(card, 2, size, 2, 0);
|
|
|
|
|
|
|
|
|
|
compLen = (size[0] << 8) + size[1];
|
Do not cast the return value of malloc(3) and calloc(3)
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-18 15:08:51 +00:00
|
|
|
compCert = malloc(compLen * sizeof(unsigned char));
|
2005-10-28 18:10:15 +00:00
|
|
|
len = 4 * compLen; /*Approximation of the uncompressed size */
|
Do not cast the return value of malloc(3) and calloc(3)
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-18 15:08:51 +00:00
|
|
|
cert = malloc(len * sizeof(unsigned char));
|
2017-04-20 19:08:49 +00:00
|
|
|
if (!cert || !compCert) {
|
|
|
|
|
free(cert);
|
|
|
|
|
free(compCert);
|
|
|
|
|
return SC_ERROR_OUT_OF_MEMORY;
|
|
|
|
|
}
|
2005-10-28 18:10:15 +00:00
|
|
|
|
|
|
|
|
sc_read_binary(card, 4, compCert, compLen, 0);
|
|
|
|
|
|
|
|
|
|
if ((r = uncompress(cert, &len, compCert, compLen)) != Z_OK) {
|
2010-03-15 12:17:13 +00:00
|
|
|
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Zlib error: %d", r);
|
2005-10-28 18:10:15 +00:00
|
|
|
return SC_ERROR_INTERNAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cpath.index = 0;
|
|
|
|
|
cpath.count = len;
|
|
|
|
|
|
|
|
|
|
sc_pkcs15_cache_file(p15card, &cpath, cert, len);
|
|
|
|
|
|
|
|
|
|
id.len=1;
|
|
|
|
|
id.value[0] = i + 1;
|
|
|
|
|
|
|
|
|
|
cert_info.id = id;
|
|
|
|
|
cert_info.path = cpath;
|
|
|
|
|
cert_info.authority = (i == 2);
|
|
|
|
|
|
2006-07-12 08:12:38 +00:00
|
|
|
strlcpy(cert_obj.label, certLabel, sizeof(cert_obj.label));
|
2005-10-28 18:10:15 +00:00
|
|
|
cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE;
|
|
|
|
|
|
|
|
|
|
sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
|
|
|
|
|
|
|
|
|
|
return SC_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
static int infocamere_1400_init(sc_pkcs15_card_t * p15card)
|
2004-10-08 21:29:55 +00:00
|
|
|
{
|
2005-04-17 16:43:31 +00:00
|
|
|
sc_card_t *card = p15card->card;
|
|
|
|
|
sc_path_t path;
|
|
|
|
|
sc_pkcs15_id_t id, auth_id;
|
|
|
|
|
unsigned char serial[16];
|
|
|
|
|
int flags;
|
2005-10-28 18:10:15 +00:00
|
|
|
int r;
|
|
|
|
|
int hasAuthCert = 0;
|
2005-04-17 16:43:31 +00:00
|
|
|
|
|
|
|
|
const char *certLabel[] = { "User Non-repudiation Certificate",
|
|
|
|
|
"User Authentication Certificate",
|
|
|
|
|
"CA Certificate"
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const char *certPath[] =
|
2015-10-14 20:57:10 +00:00
|
|
|
{ "300060000000", "300060000001", "300060000002" };
|
2005-04-17 16:43:31 +00:00
|
|
|
|
|
|
|
|
const char *pinLabel[] =
|
2015-10-14 20:57:10 +00:00
|
|
|
{ "Non-repudiation PIN", "Authentication PIN" };
|
2005-04-17 16:43:31 +00:00
|
|
|
int retries[] = { 3, -1 };
|
|
|
|
|
|
|
|
|
|
const char *keyPath[] = { "30004000001", "30004000002" };
|
|
|
|
|
const char *keyLabel[] =
|
2015-10-14 20:57:10 +00:00
|
|
|
{ "Non repudiation Key", "Authentication Key" };
|
2005-04-17 16:43:31 +00:00
|
|
|
static int usage[] = { SC_PKCS15_PRKEY_USAGE_NONREPUDIATION,
|
|
|
|
|
SC_PKCS15_PRKEY_USAGE_SIGN
|
2015-10-14 20:57:10 +00:00
|
|
|
| SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
|
|
|
|
|
| SC_PKCS15_PRKEY_USAGE_ENCRYPT
|
|
|
|
|
| SC_PKCS15_PRKEY_USAGE_DECRYPT
|
2005-04-17 16:43:31 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
auth_id.len = 1;
|
|
|
|
|
id.len = 1;
|
|
|
|
|
|
|
|
|
|
/* OpenSC doesn't define constants to identify BSOs for
|
|
|
|
|
* restoring security environment, so we overload
|
|
|
|
|
* the set_security_env function to support restore_sec_env */
|
|
|
|
|
set_security_env = card->ops->set_security_env;
|
|
|
|
|
card->ops->set_security_env = infocamere_1400_set_sec_env;
|
|
|
|
|
card->ops->compute_signature = do_sign;
|
2009-10-22 08:59:59 +00:00
|
|
|
p15card->opts.use_file_cache = 1;
|
2005-04-17 16:43:31 +00:00
|
|
|
|
|
|
|
|
sc_format_path("30000001", &path);
|
|
|
|
|
|
|
|
|
|
r = sc_select_file(card, &path, NULL);
|
2015-10-14 20:57:10 +00:00
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
if (r != SC_SUCCESS)
|
|
|
|
|
return SC_ERROR_WRONG_CARD;
|
|
|
|
|
|
|
|
|
|
sc_read_binary(card, 15, serial, 15, 0);
|
|
|
|
|
serial[15] = '\0';
|
|
|
|
|
|
2010-10-05 15:44:58 +00:00
|
|
|
set_string(&p15card->tokeninfo->serial_number, (char *)serial);
|
|
|
|
|
set_string(&p15card->tokeninfo->label, "Infocamere 1400 Card");
|
|
|
|
|
set_string(&p15card->tokeninfo->manufacturer_id, "Infocamere");
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2005-10-28 18:10:15 +00:00
|
|
|
if ((r = loadCertificate(p15card, 0, certPath[0], certLabel[0])) !=
|
2015-10-14 20:57:10 +00:00
|
|
|
SC_SUCCESS) {
|
2010-03-15 12:17:13 +00:00
|
|
|
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "%s", sc_strerror(r));
|
2005-10-28 18:10:15 +00:00
|
|
|
return SC_ERROR_WRONG_CARD;
|
|
|
|
|
}
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2005-10-28 18:10:15 +00:00
|
|
|
hasAuthCert =
|
2015-10-14 20:57:10 +00:00
|
|
|
loadCertificate(p15card, 1, certPath[1],
|
|
|
|
|
certLabel[1]) == SC_SUCCESS;
|
2005-10-28 18:10:15 +00:00
|
|
|
loadCertificate(p15card, 2, certPath[2], certLabel[2]);
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2005-10-28 18:10:15 +00:00
|
|
|
flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE |
|
2015-10-14 20:57:10 +00:00
|
|
|
SC_PKCS15_PIN_FLAG_INITIALIZED |
|
|
|
|
|
SC_PKCS15_PIN_FLAG_NEEDS_PADDING;
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2005-10-28 18:10:15 +00:00
|
|
|
/* adding PINs & private keys */
|
|
|
|
|
|
|
|
|
|
sc_format_path("30004000", &path);
|
|
|
|
|
id.value[0] = 1;
|
|
|
|
|
|
|
|
|
|
sc_pkcs15emu_add_pin(p15card, &id,
|
2015-10-14 20:57:10 +00:00
|
|
|
pinLabel[0], &path, 1,
|
|
|
|
|
SC_PKCS15_PIN_TYPE_ASCII_NUMERIC,
|
|
|
|
|
5, 8, flags, retries[0], 0,
|
|
|
|
|
SC_PKCS15_CO_FLAG_MODIFIABLE |
|
|
|
|
|
SC_PKCS15_CO_FLAG_PRIVATE);
|
2005-10-28 18:10:15 +00:00
|
|
|
|
|
|
|
|
sc_format_path(keyPath[0], &path);
|
|
|
|
|
auth_id.value[0] = 1;
|
|
|
|
|
sc_pkcs15emu_add_prkey(p15card, &id,
|
2015-10-14 20:57:10 +00:00
|
|
|
keyLabel[0],
|
|
|
|
|
SC_PKCS15_TYPE_PRKEY_RSA,
|
|
|
|
|
1024, usage[0],
|
|
|
|
|
&path, 1,
|
|
|
|
|
&auth_id, SC_PKCS15_CO_FLAG_PRIVATE);
|
2005-10-28 18:10:15 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
if (hasAuthCert) {
|
|
|
|
|
sc_format_path("30004000", &path);
|
|
|
|
|
id.value[0] = 2;
|
|
|
|
|
|
|
|
|
|
sc_pkcs15emu_add_pin(p15card, &id,
|
2015-10-14 20:57:10 +00:00
|
|
|
pinLabel[1], &path, 2,
|
|
|
|
|
SC_PKCS15_PIN_TYPE_ASCII_NUMERIC,
|
|
|
|
|
5, 8, flags, retries[1], 0,
|
|
|
|
|
SC_PKCS15_CO_FLAG_MODIFIABLE |
|
|
|
|
|
SC_PKCS15_CO_FLAG_PRIVATE);
|
2005-10-28 18:10:15 +00:00
|
|
|
|
|
|
|
|
sc_format_path(keyPath[1], &path);
|
|
|
|
|
auth_id.value[0] = 2;
|
|
|
|
|
sc_pkcs15emu_add_prkey(p15card, &id,
|
2015-10-14 20:57:10 +00:00
|
|
|
keyLabel[1],
|
|
|
|
|
SC_PKCS15_TYPE_PRKEY_RSA,
|
|
|
|
|
1024, usage[1],
|
|
|
|
|
&path, 2,
|
|
|
|
|
&auth_id,
|
|
|
|
|
SC_PKCS15_CO_FLAG_PRIVATE);
|
2005-10-28 18:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* return to MF */
|
|
|
|
|
sc_format_path("3F00", &path);
|
2005-12-05 21:51:50 +00:00
|
|
|
r = sc_select_file(card, &path, NULL);
|
|
|
|
|
return r;
|
2015-10-14 20:57:10 +00:00
|
|
|
}
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2005-10-28 18:10:15 +00:00
|
|
|
#endif
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2005-10-28 18:10:15 +00:00
|
|
|
static const u8 ATR_1600[] = { 0x3B, 0xF4, 0x98, 0x00, 0xFF, 0xC1, 0x10,
|
|
|
|
|
0x31, 0xFE, 0x55, 0x4D, 0x34, 0x63, 0x76, 0xB4
|
|
|
|
|
};
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2005-10-28 18:10:15 +00:00
|
|
|
static int infocamere_1600_init(sc_pkcs15_card_t * p15card)
|
|
|
|
|
{
|
|
|
|
|
sc_card_t *card = p15card->card;
|
|
|
|
|
sc_path_t path;
|
|
|
|
|
sc_pkcs15_id_t id, auth_id;
|
|
|
|
|
unsigned char serial[17];
|
|
|
|
|
int flags;
|
|
|
|
|
int r;
|
|
|
|
|
int hasAuthCert = 0;
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2005-10-28 18:10:15 +00:00
|
|
|
const char *certLabel[] = { "User Non-repudiation Certificate",
|
|
|
|
|
"User Authentication Certificate"
|
|
|
|
|
};
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2005-10-28 18:10:15 +00:00
|
|
|
const char *certPath[] = { "200020010008", "20002001000E" };
|
2004-10-08 21:29:55 +00:00
|
|
|
|
2005-10-28 18:10:15 +00:00
|
|
|
const char *pinLabel[] =
|
2015-10-14 20:57:10 +00:00
|
|
|
{ "Non-repudiation PIN", "Authentication PIN" };
|
2005-10-28 18:10:15 +00:00
|
|
|
int retries[] = { 3, -1 };
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2005-10-28 18:10:15 +00:00
|
|
|
const char *keyPath[] = { "200020010004", "20002001000A" };
|
|
|
|
|
const char *keyLabel[] =
|
2015-10-14 20:57:10 +00:00
|
|
|
{ "Non repudiation Key", "Authentication Key" };
|
2005-10-28 18:10:15 +00:00
|
|
|
static int usage[] = { SC_PKCS15_PRKEY_USAGE_NONREPUDIATION,
|
|
|
|
|
SC_PKCS15_PRKEY_USAGE_SIGN
|
2015-10-14 20:57:10 +00:00
|
|
|
| SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
|
|
|
|
|
| SC_PKCS15_PRKEY_USAGE_ENCRYPT
|
|
|
|
|
| SC_PKCS15_PRKEY_USAGE_DECRYPT
|
2005-10-28 18:10:15 +00:00
|
|
|
};
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2005-10-28 18:10:15 +00:00
|
|
|
auth_id.len = 1;
|
|
|
|
|
id.len = 1;
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2005-10-28 18:10:15 +00:00
|
|
|
/* OpenSC doesn't define constants to identify BSOs for
|
|
|
|
|
* restoring security environment, so we overload
|
|
|
|
|
* the set_security_env function to support restore_sec_env */
|
|
|
|
|
set_security_env = card->ops->set_security_env;
|
|
|
|
|
card->ops->set_security_env = infocamere_1400_set_sec_env;
|
|
|
|
|
card->ops->compute_signature = do_sign;
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2005-10-28 18:10:15 +00:00
|
|
|
sc_format_path("200020012002", &path);
|
|
|
|
|
|
|
|
|
|
r = sc_select_file(card, &path, NULL);
|
|
|
|
|
|
|
|
|
|
if (r != SC_SUCCESS)
|
|
|
|
|
return SC_ERROR_WRONG_CARD;
|
|
|
|
|
|
|
|
|
|
sc_read_binary(card, 30, serial, 16, 0);
|
|
|
|
|
serial[16] = '\0';
|
|
|
|
|
|
2010-10-05 15:44:58 +00:00
|
|
|
set_string(&p15card->tokeninfo->serial_number, (char *) serial);
|
|
|
|
|
set_string(&p15card->tokeninfo->label, "Infocamere 1600 Card");
|
|
|
|
|
set_string(&p15card->tokeninfo->manufacturer_id, "Infocamere");
|
2005-10-28 18:10:15 +00:00
|
|
|
|
|
|
|
|
/* Adding certificates.
|
|
|
|
|
* Certificates are stored in a ZLib compressed form with
|
|
|
|
|
* a 4 byte header, so we extract, decompress and cache
|
|
|
|
|
* them.
|
|
|
|
|
*/
|
|
|
|
|
sc_format_path(certPath[0], &path);
|
|
|
|
|
if (sc_select_file(card, &path, NULL) != SC_SUCCESS)
|
|
|
|
|
return SC_ERROR_WRONG_CARD;
|
|
|
|
|
|
|
|
|
|
id.value[0] = 1;
|
|
|
|
|
|
|
|
|
|
sc_pkcs15emu_add_cert(p15card,
|
2015-10-14 20:57:10 +00:00
|
|
|
SC_PKCS15_TYPE_CERT_X509, 0,
|
|
|
|
|
&path, &id, certLabel[0],
|
|
|
|
|
SC_PKCS15_CO_FLAG_MODIFIABLE);
|
2005-10-28 18:10:15 +00:00
|
|
|
|
|
|
|
|
sc_format_path(certPath[1], &path);
|
|
|
|
|
if (sc_select_file(card, &path, NULL) == SC_SUCCESS) {
|
|
|
|
|
hasAuthCert = 1;
|
|
|
|
|
|
|
|
|
|
id.value[0] = 2;
|
|
|
|
|
|
|
|
|
|
sc_pkcs15emu_add_cert(p15card,
|
2015-10-14 20:57:10 +00:00
|
|
|
SC_PKCS15_TYPE_CERT_X509, 1,
|
|
|
|
|
&path, &id, certLabel[1],
|
|
|
|
|
SC_PKCS15_CO_FLAG_MODIFIABLE);
|
2005-10-28 18:10:15 +00:00
|
|
|
}
|
2005-04-17 16:43:31 +00:00
|
|
|
|
|
|
|
|
flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE |
|
2015-10-14 20:57:10 +00:00
|
|
|
SC_PKCS15_PIN_FLAG_INITIALIZED |
|
|
|
|
|
SC_PKCS15_PIN_FLAG_NEEDS_PADDING;
|
2005-04-17 16:43:31 +00:00
|
|
|
|
|
|
|
|
/* adding PINs & private keys */
|
2005-10-28 18:10:15 +00:00
|
|
|
sc_format_path("2000", &path);
|
|
|
|
|
id.value[0] = 1;
|
|
|
|
|
|
|
|
|
|
sc_pkcs15emu_add_pin(p15card, &id,
|
2015-10-14 20:57:10 +00:00
|
|
|
pinLabel[0], &path, 1,
|
|
|
|
|
SC_PKCS15_PIN_TYPE_ASCII_NUMERIC,
|
|
|
|
|
5, 8, flags, retries[0], 0,
|
|
|
|
|
SC_PKCS15_CO_FLAG_MODIFIABLE |
|
|
|
|
|
SC_PKCS15_CO_FLAG_PRIVATE);
|
2005-10-28 18:10:15 +00:00
|
|
|
|
|
|
|
|
sc_format_path(keyPath[0], &path);
|
|
|
|
|
auth_id.value[0] = 1;
|
|
|
|
|
sc_pkcs15emu_add_prkey(p15card, &id,
|
2015-10-14 20:57:10 +00:00
|
|
|
keyLabel[0],
|
|
|
|
|
SC_PKCS15_TYPE_PRKEY_RSA,
|
|
|
|
|
1024, usage[0],
|
|
|
|
|
&path, 1,
|
|
|
|
|
&auth_id, SC_PKCS15_CO_FLAG_PRIVATE);
|
2005-10-28 18:10:15 +00:00
|
|
|
|
|
|
|
|
if (hasAuthCert) {
|
|
|
|
|
id.value[0] = 2;
|
2005-04-17 16:43:31 +00:00
|
|
|
|
|
|
|
|
sc_pkcs15emu_add_pin(p15card, &id,
|
2015-10-14 20:57:10 +00:00
|
|
|
pinLabel[1], &path, 2,
|
|
|
|
|
SC_PKCS15_PIN_TYPE_ASCII_NUMERIC,
|
|
|
|
|
5, 8, flags, retries[1], 0,
|
|
|
|
|
SC_PKCS15_CO_FLAG_MODIFIABLE |
|
|
|
|
|
SC_PKCS15_CO_FLAG_PRIVATE);
|
2005-04-17 16:43:31 +00:00
|
|
|
|
2005-10-28 18:10:15 +00:00
|
|
|
sc_format_path(keyPath[1], &path);
|
|
|
|
|
auth_id.value[0] = 2;
|
2005-04-17 16:43:31 +00:00
|
|
|
sc_pkcs15emu_add_prkey(p15card, &id,
|
2015-10-14 20:57:10 +00:00
|
|
|
keyLabel[1],
|
|
|
|
|
SC_PKCS15_TYPE_PRKEY_RSA,
|
|
|
|
|
1024, usage[1],
|
|
|
|
|
&path, 2,
|
|
|
|
|
&auth_id,
|
|
|
|
|
SC_PKCS15_CO_FLAG_PRIVATE);
|
2005-04-17 16:43:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* return to MF */
|
|
|
|
|
sc_format_path("3F00", &path);
|
2017-10-31 09:12:12 +00:00
|
|
|
sc_select_file(card, &path, NULL);
|
2005-04-17 16:43:31 +00:00
|
|
|
|
|
|
|
|
return SC_SUCCESS;
|
2004-10-08 21:29:55 +00:00
|
|
|
}
|
|
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
static int infocamere_detect_card(sc_pkcs15_card_t * p15card)
|
2004-10-08 21:29:55 +00:00
|
|
|
{
|
2005-04-17 16:43:31 +00:00
|
|
|
sc_card_t *card = p15card->card;
|
|
|
|
|
|
|
|
|
|
/* check if we have the correct card OS */
|
|
|
|
|
if (strcmp(card->name, "STARCOS SPK 2.3")
|
2015-10-14 20:57:10 +00:00
|
|
|
&& strcmp(card->name, "CardOS M4"))
|
2005-04-17 16:43:31 +00:00
|
|
|
return SC_ERROR_WRONG_CARD;
|
|
|
|
|
return SC_SUCCESS;
|
2004-10-08 21:29:55 +00:00
|
|
|
}
|
2004-11-02 21:46:23 +00:00
|
|
|
|
2005-04-17 16:43:31 +00:00
|
|
|
int sc_pkcs15emu_infocamere_init_ex(sc_pkcs15_card_t * p15card,
|
2016-04-05 17:44:37 +00:00
|
|
|
struct sc_aid *aid,
|
2015-10-14 20:57:10 +00:00
|
|
|
sc_pkcs15emu_opt_t * opts)
|
2005-04-17 16:43:31 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
|
|
if (!(opts && opts->flags & SC_PKCS15EMU_FLAGS_NO_CHECK)) {
|
|
|
|
|
if (infocamere_detect_card(p15card))
|
|
|
|
|
return SC_ERROR_WRONG_CARD;
|
|
|
|
|
}
|
|
|
|
|
|
2011-01-07 17:18:58 +00:00
|
|
|
if (memcmp(p15card->card->atr.value, ATR_1600, sizeof(ATR_1600)) == 0)
|
2005-10-28 18:10:15 +00:00
|
|
|
return infocamere_1600_init(p15card);
|
2008-03-06 16:06:59 +00:00
|
|
|
#ifdef ENABLE_ZLIB
|
2011-01-07 17:18:58 +00:00
|
|
|
else if (memcmp(p15card->card->atr.value, ATR_1400, sizeof(ATR_1400)) ==
|
2015-10-14 20:57:10 +00:00
|
|
|
0)
|
2005-04-17 16:43:31 +00:00
|
|
|
return infocamere_1400_init(p15card);
|
2005-10-28 18:10:15 +00:00
|
|
|
#endif
|
2005-04-17 16:43:31 +00:00
|
|
|
else
|
|
|
|
|
return infocamere_1200_init(p15card);
|
|
|
|
|
|
|
|
|
|
}
|
