2002-04-02 13:26:42 +00:00
|
|
|
/*
|
|
|
|
|
* Cryptoflex specific operation for PKCS #15 initialization
|
|
|
|
|
*
|
2006-12-19 21:34:00 +00:00
|
|
|
* Copyright (C) 2002 Juha Yrjölä <juha.yrjola@iki.fi>
|
2002-04-02 13:26:42 +00:00
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
*/
|
|
|
|
|
|
2010-03-04 08:14:36 +00:00
|
|
|
#include "config.h"
|
|
|
|
|
|
2003-08-05 17:28:29 +00:00
|
|
|
#include <stdlib.h>
|
2002-04-02 13:26:42 +00:00
|
|
|
#include <string.h>
|
2002-04-05 13:48:00 +00:00
|
|
|
#include <sys/types.h>
|
2010-03-04 08:14:36 +00:00
|
|
|
|
|
|
|
|
#include "libopensc/opensc.h"
|
|
|
|
|
#include "libopensc/cardctl.h"
|
|
|
|
|
#include "libopensc/log.h"
|
2002-04-02 13:26:42 +00:00
|
|
|
#include "pkcs15-init.h"
|
2002-04-04 22:10:36 +00:00
|
|
|
#include "profile.h"
|
|
|
|
|
|
2003-05-22 20:53:15 +00:00
|
|
|
static void invert_buf(u8 *dest, const u8 *src, size_t c);
|
2010-02-21 16:21:57 +00:00
|
|
|
static int cflex_create_dummy_chvs(sc_profile_t *, sc_pkcs15_card_t *,
|
2003-10-13 16:13:12 +00:00
|
|
|
sc_file_t *, int,
|
|
|
|
|
sc_file_t **);
|
2010-02-21 16:21:57 +00:00
|
|
|
static void cflex_delete_dummy_chvs(sc_profile_t *, sc_pkcs15_card_t *,
|
2003-10-13 16:13:12 +00:00
|
|
|
int, sc_file_t **);
|
2010-02-21 16:21:57 +00:00
|
|
|
static int cflex_create_pin_file(sc_profile_t *, sc_pkcs15_card_t *,
|
2003-10-13 16:13:12 +00:00
|
|
|
sc_path_t *, int,
|
2003-12-18 21:37:34 +00:00
|
|
|
const u8 *, size_t, int,
|
|
|
|
|
const u8 *, size_t, int,
|
2003-10-13 16:13:12 +00:00
|
|
|
sc_file_t **, int);
|
2010-02-21 16:21:57 +00:00
|
|
|
static int cflex_create_empty_pin_file(sc_profile_t *, sc_pkcs15_card_t *,
|
2003-10-13 16:13:12 +00:00
|
|
|
sc_path_t *, int, sc_file_t **);
|
2003-10-14 09:57:29 +00:00
|
|
|
static int cflex_get_keyfiles(sc_profile_t *, sc_card_t *,
|
|
|
|
|
const sc_path_t *, sc_file_t **, sc_file_t **);
|
2003-06-07 07:17:26 +00:00
|
|
|
|
2010-04-19 12:10:56 +00:00
|
|
|
unsigned char dummy_pin_value[6] = {0x30, 0x30, 0x30, 0x30, 0x30, 0x30};
|
2010-03-04 13:37:11 +00:00
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
cflex_delete_file(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df)
|
2003-06-07 07:17:26 +00:00
|
|
|
{
|
2005-03-09 00:04:44 +00:00
|
|
|
sc_path_t path;
|
|
|
|
|
sc_file_t *parent;
|
2003-06-07 07:17:26 +00:00
|
|
|
int r = 0;
|
|
|
|
|
/* Select the parent DF */
|
|
|
|
|
path = df->path;
|
|
|
|
|
path.len -= 2;
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_select_file(p15card->card, &path, &parent);
|
2003-06-07 07:17:26 +00:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_pkcs15init_authenticate(profile, p15card, parent, SC_AC_OP_DELETE);
|
2003-06-07 07:17:26 +00:00
|
|
|
sc_file_free(parent);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
/* cryptoflex has no ERASE AC */
|
|
|
|
|
memset(&path, 0, sizeof(path));
|
|
|
|
|
path.type = SC_PATH_TYPE_FILE_ID;
|
|
|
|
|
path.value[0] = df->id >> 8;
|
|
|
|
|
path.value[1] = df->id & 0xFF;
|
|
|
|
|
path.len = 2;
|
|
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_delete_file(p15card->card, &path);
|
2005-10-30 19:08:06 +00:00
|
|
|
return r;
|
2003-06-07 07:17:26 +00:00
|
|
|
}
|
2003-05-22 20:53:15 +00:00
|
|
|
|
2002-06-18 18:18:05 +00:00
|
|
|
/*
|
2003-06-07 07:17:26 +00:00
|
|
|
* Erase the card via rm
|
2002-06-18 18:18:05 +00:00
|
|
|
*/
|
2010-02-21 16:21:57 +00:00
|
|
|
static int cflex_erase_card(struct sc_profile *profile, sc_pkcs15_card_t *p15card)
|
2002-06-18 18:18:05 +00:00
|
|
|
{
|
2010-04-19 12:10:56 +00:00
|
|
|
struct sc_context *ctx = p15card->card->ctx;
|
2006-04-26 10:01:06 +00:00
|
|
|
sc_file_t *df = profile->df_info->file, *dir, *userpinfile = NULL;
|
2003-06-12 21:35:20 +00:00
|
|
|
int r;
|
2003-06-07 07:17:26 +00:00
|
|
|
|
2018-11-22 08:14:50 +00:00
|
|
|
LOG_FUNC_CALLED(ctx);
|
2003-06-07 07:17:26 +00:00
|
|
|
/* Delete EF(DIR). This may not be very nice
|
|
|
|
|
* against other applications that use this file, but
|
|
|
|
|
* extremely useful for testing :)
|
|
|
|
|
* Note we need to delete if before the DF because we create
|
2012-04-02 21:40:05 +00:00
|
|
|
* it *after* the DF.
|
2003-06-07 07:17:26 +00:00
|
|
|
* */
|
|
|
|
|
if (sc_profile_get_file(profile, "DIR", &dir) >= 0) {
|
2010-02-21 16:21:57 +00:00
|
|
|
r = cflex_delete_file(profile, p15card, dir);
|
2003-06-07 07:17:26 +00:00
|
|
|
sc_file_free(dir);
|
|
|
|
|
if (r < 0 && r != SC_ERROR_FILE_NOT_FOUND)
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2003-06-12 21:35:20 +00:00
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r=cflex_delete_file(profile, p15card, df);
|
2003-10-13 16:13:12 +00:00
|
|
|
|
|
|
|
|
/* If the user pin file isn't in a sub-DF of the pkcs15 DF, delete it */
|
|
|
|
|
if (sc_profile_get_file(profile, "pinfile-1", &userpinfile) >= 0 &&
|
|
|
|
|
userpinfile->path.len <= profile->df_info->file->path.len + 2 &&
|
|
|
|
|
memcmp(userpinfile->path.value, profile->df_info->file->path.value,
|
|
|
|
|
userpinfile->path.len) != 0) {
|
2010-02-21 16:21:57 +00:00
|
|
|
r = cflex_delete_file(profile, p15card, userpinfile);
|
2003-10-13 16:13:12 +00:00
|
|
|
sc_file_free(userpinfile);
|
2006-04-26 10:01:06 +00:00
|
|
|
userpinfile=NULL;
|
2003-10-13 16:13:12 +00:00
|
|
|
}
|
|
|
|
|
|
2003-06-12 21:35:20 +00:00
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
out: /* Forget all cached keys, the pin files on card are all gone. */
|
2017-01-05 19:21:44 +00:00
|
|
|
sc_file_free(userpinfile);
|
2010-02-21 16:21:57 +00:00
|
|
|
|
|
|
|
|
sc_free_apps(p15card->card);
|
2003-06-07 07:17:26 +00:00
|
|
|
if (r == SC_ERROR_FILE_NOT_FOUND)
|
|
|
|
|
r=0;
|
2010-04-19 12:10:56 +00:00
|
|
|
|
|
|
|
|
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r);
|
2002-06-18 18:18:05 +00:00
|
|
|
}
|
|
|
|
|
|
2003-12-19 09:29:56 +00:00
|
|
|
/*
|
|
|
|
|
* Card initialization.
|
|
|
|
|
* For the cryptoflex, read the card's serial number from 3F00 0002
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
cryptoflex_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
|
2003-12-19 09:29:56 +00:00
|
|
|
{
|
|
|
|
|
sc_path_t path;
|
|
|
|
|
sc_file_t *file;
|
2004-01-08 15:23:11 +00:00
|
|
|
u8 buf[32];
|
|
|
|
|
char serial[128];
|
2003-12-19 09:29:56 +00:00
|
|
|
size_t len;
|
2003-12-20 14:41:05 +00:00
|
|
|
int r;
|
2003-12-19 09:29:56 +00:00
|
|
|
|
|
|
|
|
sc_format_path("3F000002", &path);
|
2010-02-21 16:21:57 +00:00
|
|
|
if ((r = sc_select_file(p15card->card, &path, &file)) < 0) {
|
2003-12-19 09:29:56 +00:00
|
|
|
if (r == SC_ERROR_FILE_NOT_FOUND)
|
|
|
|
|
return 0;
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((len = file->size) > sizeof(buf))
|
|
|
|
|
len = sizeof(buf);
|
2005-07-20 18:19:40 +00:00
|
|
|
sc_file_free(file);
|
2010-02-21 16:21:57 +00:00
|
|
|
if ((r = sc_read_binary(p15card->card, 0, buf, len, 0)) < 0)
|
2003-12-19 09:29:56 +00:00
|
|
|
return r;
|
|
|
|
|
len = r;
|
|
|
|
|
if (len == 0)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
if ((r = sc_bin_to_hex(buf, len, serial, sizeof(serial), '\0')) < 0)
|
|
|
|
|
return r;
|
|
|
|
|
sc_pkcs15init_set_serial(profile, serial);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2002-04-04 22:10:36 +00:00
|
|
|
/*
|
2003-10-13 16:13:12 +00:00
|
|
|
* Create a DF
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
cflex_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df)
|
2003-10-13 16:13:12 +00:00
|
|
|
{
|
|
|
|
|
/* Create the application DF */
|
2010-02-21 16:21:57 +00:00
|
|
|
return sc_pkcs15init_create_file(profile, p15card, df);
|
2003-10-13 16:13:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Create a PIN domain (i.e. a sub-directory holding a user PIN)
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
cflex_create_domain(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
2003-10-13 16:13:12 +00:00
|
|
|
const sc_pkcs15_id_t *id, sc_file_t **ret)
|
|
|
|
|
{
|
2010-02-21 16:21:57 +00:00
|
|
|
return sc_pkcs15_create_pin_domain(profile, p15card, id, ret);
|
2003-10-13 16:13:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Select the PIN reference
|
2002-04-04 22:10:36 +00:00
|
|
|
*/
|
2003-10-13 16:13:12 +00:00
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
cflex_select_pin_reference(sc_profile_t *profike, sc_pkcs15_card_t *p15card,
|
2011-06-05 15:46:25 +00:00
|
|
|
sc_pkcs15_auth_info_t *auth_info)
|
2002-04-04 22:10:36 +00:00
|
|
|
{
|
2003-10-13 16:13:12 +00:00
|
|
|
int preferred;
|
|
|
|
|
|
2011-06-05 15:46:25 +00:00
|
|
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
|
|
|
|
return SC_ERROR_OBJECT_NOT_VALID;
|
|
|
|
|
|
|
|
|
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
2003-10-13 16:13:12 +00:00
|
|
|
preferred = 2;
|
|
|
|
|
} else {
|
|
|
|
|
preferred = 1;
|
|
|
|
|
}
|
2011-06-05 15:46:25 +00:00
|
|
|
if (auth_info->attrs.pin.reference <= preferred) {
|
|
|
|
|
auth_info->attrs.pin.reference = preferred;
|
2003-10-13 16:13:12 +00:00
|
|
|
return 0;
|
2003-10-11 21:02:31 +00:00
|
|
|
}
|
|
|
|
|
|
2011-06-05 15:46:25 +00:00
|
|
|
if (auth_info->attrs.pin.reference > 2)
|
2003-10-13 16:13:12 +00:00
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
2003-10-11 21:02:31 +00:00
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
/* Caller, please select a different PIN reference */
|
|
|
|
|
return SC_ERROR_INVALID_PIN_REFERENCE;
|
|
|
|
|
}
|
2003-06-12 21:35:20 +00:00
|
|
|
|
|
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
/*
|
|
|
|
|
* Create a new PIN inside a DF
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
cflex_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df,
|
2003-10-17 11:21:48 +00:00
|
|
|
sc_pkcs15_object_t *pin_obj,
|
2003-12-18 21:37:34 +00:00
|
|
|
const u8 *pin, size_t pin_len,
|
|
|
|
|
const u8 *puk, size_t puk_len)
|
2003-10-13 16:13:12 +00:00
|
|
|
{
|
2010-03-04 13:37:11 +00:00
|
|
|
struct sc_context *ctx = p15card->card->ctx;
|
2011-06-05 15:46:25 +00:00
|
|
|
sc_pkcs15_auth_info_t *auth_info = (sc_pkcs15_auth_info_t *) pin_obj->data;
|
|
|
|
|
struct sc_pkcs15_pin_attributes *pin_attrs = &auth_info->attrs.pin;
|
2003-10-17 11:21:48 +00:00
|
|
|
sc_file_t *dummies[2];
|
|
|
|
|
int ndummies, pin_type, puk_type, r;
|
2015-04-29 21:22:28 +00:00
|
|
|
sc_file_t *file = NULL;
|
2003-10-13 16:13:12 +00:00
|
|
|
|
2018-11-22 08:14:50 +00:00
|
|
|
LOG_FUNC_CALLED(ctx);
|
2011-06-05 15:46:25 +00:00
|
|
|
|
|
|
|
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
|
|
|
|
return SC_ERROR_OBJECT_NOT_VALID;
|
|
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
/* If the profile doesn't specify a reference for this PIN, guess */
|
2011-06-05 15:46:25 +00:00
|
|
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
2003-10-13 16:13:12 +00:00
|
|
|
pin_type = SC_PKCS15INIT_SO_PIN;
|
|
|
|
|
puk_type = SC_PKCS15INIT_SO_PUK;
|
2011-06-05 15:46:25 +00:00
|
|
|
if (pin_attrs->reference != 2)
|
2003-10-13 16:13:12 +00:00
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
|
|
|
|
} else {
|
|
|
|
|
pin_type = SC_PKCS15INIT_USER_PIN;
|
|
|
|
|
puk_type = SC_PKCS15INIT_USER_PUK;
|
2011-06-05 15:46:25 +00:00
|
|
|
if (pin_attrs->reference != 1)
|
2003-10-13 16:13:12 +00:00
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
|
|
|
|
}
|
|
|
|
|
|
2010-03-04 13:37:11 +00:00
|
|
|
/* Get file definition from the profile */
|
2011-06-05 15:46:25 +00:00
|
|
|
if (sc_profile_get_file(profile, (pin_attrs->reference == 1)? "CHV1" : "CHV2", &file) < 0
|
2010-03-04 13:37:11 +00:00
|
|
|
&& sc_profile_get_file(profile, "CHV", &file) < 0)
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, SC_ERROR_FILE_NOT_FOUND, "profile does not define pin file ACLs");
|
2003-10-13 16:13:12 +00:00
|
|
|
|
2010-03-04 13:37:11 +00:00
|
|
|
ndummies = cflex_create_dummy_chvs(profile, p15card, file, SC_AC_OP_CREATE, dummies);
|
2015-04-29 21:22:28 +00:00
|
|
|
sc_file_free(file);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, ndummies, "Unable to create dummy CHV file");
|
2010-03-04 13:37:11 +00:00
|
|
|
|
2011-06-05 15:46:25 +00:00
|
|
|
r = cflex_create_pin_file(profile, p15card, &df->path, pin_attrs->reference,
|
2003-10-13 16:13:12 +00:00
|
|
|
pin, pin_len, sc_profile_get_pin_retries(profile, pin_type),
|
|
|
|
|
puk, puk_len, sc_profile_get_pin_retries(profile, puk_type),
|
|
|
|
|
NULL, 0);
|
|
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
cflex_delete_dummy_chvs(profile, p15card, ndummies, dummies);
|
2010-03-15 12:17:13 +00:00
|
|
|
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r);
|
2003-10-13 16:13:12 +00:00
|
|
|
}
|
2003-06-12 21:35:20 +00:00
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
/*
|
|
|
|
|
* Create a new key file
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
cflex_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj)
|
2003-10-13 16:13:12 +00:00
|
|
|
{
|
|
|
|
|
sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data;
|
|
|
|
|
sc_file_t *prkf = NULL, *pukf = NULL;
|
|
|
|
|
size_t size;
|
|
|
|
|
int r;
|
2003-06-12 21:35:20 +00:00
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
2018-11-22 08:31:29 +00:00
|
|
|
sc_log(p15card->card->ctx, "Cryptoflex supports only RSA keys.");
|
2003-10-13 16:13:12 +00:00
|
|
|
return SC_ERROR_NOT_SUPPORTED;
|
2003-10-11 21:02:31 +00:00
|
|
|
}
|
2002-06-18 18:18:05 +00:00
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
/* Get the public and private key file */
|
2010-02-21 16:21:57 +00:00
|
|
|
r = cflex_get_keyfiles(profile, p15card->card, &key_info->path, &prkf, &pukf);
|
2003-10-14 09:57:29 +00:00
|
|
|
if (r < 0)
|
2003-10-13 16:13:12 +00:00
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
/* Adjust the file sizes, if necessary */
|
|
|
|
|
switch (key_info->modulus_length) {
|
|
|
|
|
case 512: size = 166; break;
|
|
|
|
|
case 768: size = 246; break;
|
|
|
|
|
case 1024: size = 326; break;
|
|
|
|
|
case 2048: size = 646; break;
|
|
|
|
|
default:
|
2018-11-22 08:31:29 +00:00
|
|
|
sc_log(p15card->card->ctx,
|
2017-03-14 19:02:30 +00:00
|
|
|
"Unsupported key size %"SC_FORMAT_LEN_SIZE_T"u\n",
|
|
|
|
|
key_info->modulus_length);
|
2003-10-13 16:13:12 +00:00
|
|
|
r = SC_ERROR_INVALID_ARGUMENTS;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-16 09:29:20 +00:00
|
|
|
if (prkf && prkf->size < size)
|
2003-10-13 16:13:12 +00:00
|
|
|
prkf->size = size;
|
2017-06-16 09:29:20 +00:00
|
|
|
if (pukf && pukf->size < size + 4)
|
2003-10-13 16:13:12 +00:00
|
|
|
pukf->size = size + 4;
|
|
|
|
|
|
|
|
|
|
/* Now create the files */
|
2010-02-21 16:21:57 +00:00
|
|
|
if ((r = sc_pkcs15init_create_file(profile, p15card, prkf)) < 0
|
|
|
|
|
|| (r = sc_pkcs15init_create_file(profile, p15card, pukf)) < 0)
|
2003-10-13 16:13:12 +00:00
|
|
|
goto out;
|
|
|
|
|
|
2003-10-18 08:08:07 +00:00
|
|
|
key_info->key_reference = 0;
|
2003-10-13 16:13:12 +00:00
|
|
|
|
2017-01-05 19:21:44 +00:00
|
|
|
out: sc_file_free(prkf);
|
|
|
|
|
sc_file_free(pukf);
|
2003-10-13 16:13:12 +00:00
|
|
|
return r;
|
2002-04-04 22:10:36 +00:00
|
|
|
}
|
2002-04-02 13:26:42 +00:00
|
|
|
|
2010-03-04 13:37:11 +00:00
|
|
|
|
2002-04-02 13:26:42 +00:00
|
|
|
/*
|
2003-10-13 16:13:12 +00:00
|
|
|
* Generate key
|
2002-04-02 13:26:42 +00:00
|
|
|
*/
|
2003-10-13 16:13:12 +00:00
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
cflex_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
2003-10-13 16:13:12 +00:00
|
|
|
sc_pkcs15_object_t *obj,
|
|
|
|
|
sc_pkcs15_pubkey_t *pubkey)
|
2002-04-02 13:26:42 +00:00
|
|
|
{
|
2003-10-13 16:13:12 +00:00
|
|
|
struct sc_cardctl_cryptoflex_genkey_info args;
|
2010-02-21 16:21:57 +00:00
|
|
|
sc_card_t *card = p15card->card;
|
2003-10-13 16:13:12 +00:00
|
|
|
sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data;
|
|
|
|
|
unsigned int keybits;
|
|
|
|
|
unsigned char raw_pubkey[256];
|
|
|
|
|
sc_file_t *prkf = NULL, *pukf = NULL;
|
2002-04-02 13:26:42 +00:00
|
|
|
int r;
|
2003-10-13 16:13:12 +00:00
|
|
|
|
|
|
|
|
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
2018-11-22 08:31:29 +00:00
|
|
|
sc_log(card->ctx, "Cryptoflex supports only RSA keys.");
|
2003-10-13 16:13:12 +00:00
|
|
|
return SC_ERROR_NOT_SUPPORTED;
|
|
|
|
|
}
|
|
|
|
|
/* Get the public and private key file */
|
2003-10-14 09:57:29 +00:00
|
|
|
r = cflex_get_keyfiles(profile, card, &key_info->path, &prkf, &pukf);
|
|
|
|
|
if (r < 0)
|
2003-10-13 16:13:12 +00:00
|
|
|
return r;
|
2005-12-05 21:58:04 +00:00
|
|
|
if (! prkf)
|
|
|
|
|
return SC_ERROR_NOT_SUPPORTED;
|
2003-10-13 16:13:12 +00:00
|
|
|
|
|
|
|
|
/* Make sure we authenticate first */
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_pkcs15init_authenticate(profile, p15card, prkf, SC_AC_OP_CRYPTO);
|
2003-10-13 16:13:12 +00:00
|
|
|
if (r < 0)
|
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
|
|
keybits = key_info->modulus_length;
|
|
|
|
|
|
|
|
|
|
/* Perform key generation */
|
|
|
|
|
memset(&args, 0, sizeof(args));
|
|
|
|
|
args.exponent = 0x10001;
|
|
|
|
|
args.key_bits = keybits;
|
2003-10-18 08:39:40 +00:00
|
|
|
args.key_num = key_info->key_reference;
|
2003-10-13 16:13:12 +00:00
|
|
|
r = sc_card_ctl(card, SC_CARDCTL_CRYPTOFLEX_GENERATE_KEY, &args);
|
2002-04-02 13:26:42 +00:00
|
|
|
if (r < 0)
|
2003-10-13 16:13:12 +00:00
|
|
|
goto out;
|
|
|
|
|
|
|
|
|
|
/* extract public key */
|
|
|
|
|
pubkey->algorithm = SC_ALGORITHM_RSA;
|
|
|
|
|
pubkey->u.rsa.modulus.len = keybits / 8;
|
Do not cast the return value of malloc(3) and calloc(3)
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-18 15:08:51 +00:00
|
|
|
pubkey->u.rsa.modulus.data = malloc(keybits / 8);
|
2003-10-13 16:13:12 +00:00
|
|
|
pubkey->u.rsa.exponent.len = 3;
|
Do not cast the return value of malloc(3) and calloc(3)
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-18 15:08:51 +00:00
|
|
|
pubkey->u.rsa.exponent.data = malloc(3);
|
2003-10-13 16:13:12 +00:00
|
|
|
memcpy(pubkey->u.rsa.exponent.data, "\x01\x00\x01", 3);
|
|
|
|
|
if ((r = sc_select_file(card, &pukf->path, NULL)) < 0
|
|
|
|
|
|| (r = sc_read_binary(card, 3, raw_pubkey, keybits / 8, 0)) < 0)
|
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
|
|
invert_buf(pubkey->u.rsa.modulus.data, raw_pubkey, pubkey->u.rsa.modulus.len);
|
|
|
|
|
|
2017-01-05 19:21:44 +00:00
|
|
|
out: sc_file_free(pukf);
|
|
|
|
|
sc_file_free(prkf);
|
2003-10-13 16:13:12 +00:00
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Store a private key
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
cflex_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
2003-10-13 16:13:12 +00:00
|
|
|
sc_pkcs15_object_t *obj,
|
|
|
|
|
sc_pkcs15_prkey_t *key)
|
|
|
|
|
{
|
|
|
|
|
sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data;
|
2010-02-21 16:21:57 +00:00
|
|
|
sc_card_t *card = p15card->card;
|
2017-06-16 09:29:20 +00:00
|
|
|
sc_file_t *prkf = NULL, *pukf = NULL;
|
2003-10-13 16:13:12 +00:00
|
|
|
unsigned char keybuf[1024];
|
|
|
|
|
size_t size;
|
2003-12-08 11:43:21 +00:00
|
|
|
int r;
|
2003-10-13 16:13:12 +00:00
|
|
|
|
|
|
|
|
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
2018-11-22 08:31:29 +00:00
|
|
|
sc_log(card->ctx, "Cryptoflex supports only RSA keys.");
|
2003-10-13 16:13:12 +00:00
|
|
|
return SC_ERROR_NOT_SUPPORTED;
|
|
|
|
|
}
|
|
|
|
|
/* Get the public and private key file */
|
2003-10-14 09:57:29 +00:00
|
|
|
r = cflex_get_keyfiles(profile, card, &key_info->path, &prkf, &pukf);
|
|
|
|
|
if (r < 0)
|
2002-04-02 13:26:42 +00:00
|
|
|
return r;
|
2003-10-13 16:13:12 +00:00
|
|
|
|
2003-12-08 11:43:21 +00:00
|
|
|
/* Write the private key */
|
2003-10-13 16:13:12 +00:00
|
|
|
size = sizeof(keybuf);
|
2003-12-08 11:43:21 +00:00
|
|
|
r = profile->ops->encode_private_key(profile, card,
|
|
|
|
|
&key->u.rsa, keybuf, &size,
|
|
|
|
|
key_info->key_reference);
|
|
|
|
|
if (r < 0)
|
2003-10-13 16:13:12 +00:00
|
|
|
goto out;
|
|
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_pkcs15init_update_file(profile, p15card, prkf, keybuf, size);
|
2003-12-08 11:43:21 +00:00
|
|
|
if (r < 0)
|
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
|
|
/* Write the public key */
|
2003-10-13 16:13:12 +00:00
|
|
|
size = sizeof(keybuf);
|
2003-12-08 11:43:21 +00:00
|
|
|
r = profile->ops->encode_public_key(profile, card,
|
|
|
|
|
&key->u.rsa, keybuf, &size,
|
|
|
|
|
key_info->key_reference);
|
|
|
|
|
if (r < 0)
|
2003-10-13 16:13:12 +00:00
|
|
|
goto out;
|
|
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_pkcs15init_update_file(profile, p15card, pukf, keybuf, size);
|
2003-12-08 11:43:21 +00:00
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
out: sc_file_free(prkf);
|
|
|
|
|
sc_file_free(pukf);
|
|
|
|
|
return r;
|
2002-04-02 13:26:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2003-10-13 16:13:12 +00:00
|
|
|
* If an access condition references e.g. CHV1, but we don't have
|
|
|
|
|
* a CHV1 file yet, create an unprotected dummy file in the MF.
|
2002-04-02 13:26:42 +00:00
|
|
|
*/
|
2002-04-04 22:10:36 +00:00
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
cflex_create_dummy_chvs(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
2003-10-13 16:13:12 +00:00
|
|
|
sc_file_t *file, int op,
|
|
|
|
|
sc_file_t **dummies)
|
2002-04-02 13:26:42 +00:00
|
|
|
{
|
2010-03-04 13:37:11 +00:00
|
|
|
struct sc_context *ctx = p15card->card->ctx;
|
2003-10-13 16:13:12 +00:00
|
|
|
const sc_acl_entry_t *acl;
|
|
|
|
|
int r = 0, ndummies = 0;
|
|
|
|
|
|
2018-11-22 08:14:50 +00:00
|
|
|
LOG_FUNC_CALLED(ctx);
|
2003-10-13 16:13:12 +00:00
|
|
|
/* See if the DF is supposed to be PIN protected, and if
|
|
|
|
|
* it is, whether that CHV file actually exists. If it doesn't,
|
|
|
|
|
* create it.
|
|
|
|
|
*/
|
|
|
|
|
acl = sc_file_get_acl_entry(file, op);
|
|
|
|
|
for (; acl; acl = acl->next) {
|
|
|
|
|
sc_path_t parent, ef;
|
|
|
|
|
|
|
|
|
|
if (acl->method != SC_AC_CHV)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
parent = file->path;
|
|
|
|
|
parent.len -= 2;
|
|
|
|
|
|
|
|
|
|
r = SC_ERROR_FILE_NOT_FOUND;
|
|
|
|
|
while (parent.len >= 2 && r == SC_ERROR_FILE_NOT_FOUND) {
|
|
|
|
|
ef = parent;
|
|
|
|
|
ef.value[ef.len++] = acl->key_ref - 1;
|
|
|
|
|
ef.value[ef.len++] = 0;
|
|
|
|
|
parent.len -= 2;
|
|
|
|
|
|
|
|
|
|
if (ef.len == parent.len
|
|
|
|
|
&& !memcmp(ef.value, parent.value, ef.len))
|
|
|
|
|
continue;
|
|
|
|
|
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_select_file(p15card->card, &ef, NULL);
|
2003-10-11 21:02:31 +00:00
|
|
|
}
|
2003-10-13 16:13:12 +00:00
|
|
|
|
|
|
|
|
/* If a valid EF(CHVx) was found, we're fine */
|
|
|
|
|
if (r == 0)
|
|
|
|
|
continue;
|
|
|
|
|
if (r != SC_ERROR_FILE_NOT_FOUND)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
/* Create a CHV file in the MF */
|
|
|
|
|
parent = file->path;
|
|
|
|
|
parent.len = 2;
|
2010-02-21 16:21:57 +00:00
|
|
|
r = cflex_create_empty_pin_file(profile, p15card, &parent,
|
2003-10-13 16:13:12 +00:00
|
|
|
acl->key_ref, &dummies[ndummies]);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
break;
|
|
|
|
|
ndummies++;
|
2002-04-02 13:26:42 +00:00
|
|
|
}
|
2003-10-11 21:02:31 +00:00
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
if (r < 0) {
|
2010-02-21 16:21:57 +00:00
|
|
|
cflex_delete_dummy_chvs(profile, p15card, ndummies, dummies);
|
2003-10-13 16:13:12 +00:00
|
|
|
return r;
|
2003-10-11 21:02:31 +00:00
|
|
|
}
|
2010-03-04 13:37:11 +00:00
|
|
|
|
2010-03-15 12:17:13 +00:00
|
|
|
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, ndummies);
|
2003-10-13 16:13:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2010-02-21 16:21:57 +00:00
|
|
|
cflex_delete_dummy_chvs(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
2003-10-13 16:13:12 +00:00
|
|
|
int ndummies, sc_file_t **dummies)
|
|
|
|
|
{
|
|
|
|
|
while (ndummies--) {
|
2010-02-21 16:21:57 +00:00
|
|
|
cflex_delete_file(profile, p15card, dummies[ndummies]);
|
2003-10-13 16:13:12 +00:00
|
|
|
sc_file_free(dummies[ndummies]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Create a pin file
|
|
|
|
|
*/
|
2007-07-09 14:17:43 +00:00
|
|
|
static void put_pin(sc_profile_t *profile, unsigned char *buf,
|
2003-12-18 21:37:34 +00:00
|
|
|
const u8 *pin, size_t len, int retry)
|
2003-10-13 16:13:12 +00:00
|
|
|
{
|
|
|
|
|
if (len > 8)
|
|
|
|
|
len = 8;
|
|
|
|
|
memset(buf, profile->pin_pad_char, 8);
|
|
|
|
|
memcpy(buf, pin, len);
|
|
|
|
|
buf[8] = retry;
|
|
|
|
|
buf[9] = retry;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
cflex_create_pin_file(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
2003-10-13 16:13:12 +00:00
|
|
|
sc_path_t *df_path, int ref,
|
2003-12-18 21:37:34 +00:00
|
|
|
const u8 *pin, size_t pin_len, int pin_tries,
|
|
|
|
|
const u8 *puk, size_t puk_len, int puk_tries,
|
2003-10-13 16:13:12 +00:00
|
|
|
sc_file_t **file_ret, int unprotected)
|
|
|
|
|
{
|
2010-03-04 13:37:11 +00:00
|
|
|
struct sc_context *ctx = p15card->card->ctx;
|
|
|
|
|
struct sc_pkcs15_object *pin_obj = NULL;
|
2003-10-13 16:13:12 +00:00
|
|
|
unsigned char buffer[23];
|
|
|
|
|
sc_path_t path;
|
|
|
|
|
sc_file_t *dummies[2], *file;
|
|
|
|
|
int r, ndummies;
|
|
|
|
|
|
2018-11-22 08:14:50 +00:00
|
|
|
LOG_FUNC_CALLED(ctx);
|
2003-10-13 16:13:12 +00:00
|
|
|
if (file_ret)
|
|
|
|
|
*file_ret = NULL;
|
|
|
|
|
|
|
|
|
|
/* Build the CHV path */
|
|
|
|
|
path = *df_path;
|
|
|
|
|
path.value[path.len++] = ref - 1;
|
|
|
|
|
path.value[path.len++] = 0;
|
|
|
|
|
|
|
|
|
|
/* See if the CHV already exists */
|
2010-02-21 16:21:57 +00:00
|
|
|
r = sc_select_file(p15card->card, &path, NULL);
|
2003-10-13 16:13:12 +00:00
|
|
|
if (r >= 0)
|
|
|
|
|
return SC_ERROR_FILE_ALREADY_EXISTS;
|
|
|
|
|
|
|
|
|
|
/* Get the file definition from the profile */
|
|
|
|
|
if (sc_profile_get_file_by_path(profile, &path, &file) < 0
|
2010-03-04 13:37:11 +00:00
|
|
|
&& sc_profile_get_file(profile, (ref == 1)? "CHV1" : "CHV2", &file) < 0
|
|
|
|
|
&& sc_profile_get_file(profile, "CHV", &file) < 0)
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, SC_ERROR_FILE_NOT_FOUND, "profile does not define pin file ACLs");
|
2003-10-13 16:13:12 +00:00
|
|
|
|
|
|
|
|
file->path = path;
|
|
|
|
|
file->size = 23;
|
|
|
|
|
file->id = (ref == 1)? 0x0000 : 0x0100;
|
|
|
|
|
|
2010-03-04 13:37:11 +00:00
|
|
|
if (unprotected) {
|
2012-04-02 21:40:05 +00:00
|
|
|
sc_file_add_acl_entry(file, SC_AC_OP_UPDATE,
|
2003-10-13 16:13:12 +00:00
|
|
|
SC_AC_NONE, SC_AC_KEY_REF_NONE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Build the contents of the file */
|
|
|
|
|
buffer[0] = buffer[1] = buffer[2] = 0xFF;
|
|
|
|
|
put_pin(profile, buffer + 3, pin, pin_len, pin_tries);
|
|
|
|
|
put_pin(profile, buffer + 13, puk, puk_len, puk_tries);
|
|
|
|
|
|
|
|
|
|
/* For updating the file, create a dummy CHV files if
|
|
|
|
|
* necessary */
|
2010-02-21 16:21:57 +00:00
|
|
|
ndummies = cflex_create_dummy_chvs(profile, p15card,
|
2010-03-04 13:37:11 +00:00
|
|
|
file, SC_AC_OP_UPDATE, dummies);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, ndummies, "Unable to create dummy CHV file");
|
2010-03-04 13:37:11 +00:00
|
|
|
|
|
|
|
|
if (!unprotected) {
|
|
|
|
|
struct sc_pin_cmd_data pin_cmd;
|
|
|
|
|
|
|
|
|
|
memset(&pin_cmd, 0, sizeof(pin_cmd));
|
|
|
|
|
pin_cmd.cmd = SC_PIN_CMD_VERIFY;
|
|
|
|
|
pin_cmd.pin_type = SC_AC_CHV;
|
|
|
|
|
pin_cmd.pin_reference = ref;
|
|
|
|
|
pin_cmd.pin1.data = dummy_pin_value;
|
|
|
|
|
pin_cmd.pin1.len = sizeof(dummy_pin_value);
|
|
|
|
|
|
|
|
|
|
r = sc_pin_cmd(p15card->card, &pin_cmd, NULL);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Cannot verify dummy PIN");
|
2010-03-04 13:37:11 +00:00
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
if (ref == 2) {
|
|
|
|
|
/* Cache dummy SOPIN value */
|
|
|
|
|
r = sc_pkcs15_find_pin_by_type_and_reference(p15card, NULL, SC_AC_CHV, ref, &pin_obj);
|
|
|
|
|
if (!r && pin_obj)
|
2010-03-10 09:23:01 +00:00
|
|
|
sc_pkcs15_pincache_add(p15card, pin_obj, dummy_pin_value, sizeof(dummy_pin_value));
|
2003-10-30 12:03:31 +00:00
|
|
|
}
|
2003-10-13 16:13:12 +00:00
|
|
|
|
2010-03-04 13:37:11 +00:00
|
|
|
r = sc_pkcs15init_create_file(profile, p15card, file);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Failed to create PIN file");
|
2010-03-04 13:37:11 +00:00
|
|
|
|
|
|
|
|
r = sc_update_binary(p15card->card, 0, buffer, 23, 0);
|
2018-11-23 20:54:14 +00:00
|
|
|
LOG_TEST_RET(ctx, r, "Failed to update PIN file");
|
2003-10-13 16:13:12 +00:00
|
|
|
|
2010-03-04 13:37:11 +00:00
|
|
|
if (r < 0 || file_ret == NULL)
|
2003-10-13 16:13:12 +00:00
|
|
|
sc_file_free(file);
|
2010-03-04 13:37:11 +00:00
|
|
|
else
|
2003-10-13 16:13:12 +00:00
|
|
|
*file_ret = file;
|
|
|
|
|
|
|
|
|
|
/* Delete the dummy CHV files */
|
2010-02-21 16:21:57 +00:00
|
|
|
cflex_delete_dummy_chvs(profile, p15card, ndummies, dummies);
|
2010-03-04 13:37:11 +00:00
|
|
|
|
|
|
|
|
if (pin_obj) {
|
|
|
|
|
/* Cache new SOPIN value */
|
2010-03-10 09:23:01 +00:00
|
|
|
sc_pkcs15_pincache_add(p15card, pin_obj, pin, pin_len);
|
2010-03-04 13:37:11 +00:00
|
|
|
}
|
|
|
|
|
|
2010-03-15 12:17:13 +00:00
|
|
|
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r);
|
2003-10-13 16:13:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Create a faux pin file
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2010-02-21 16:21:57 +00:00
|
|
|
cflex_create_empty_pin_file(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
2003-10-13 16:13:12 +00:00
|
|
|
sc_path_t *path, int ref, sc_file_t **file_ret)
|
|
|
|
|
{
|
|
|
|
|
int r;
|
|
|
|
|
|
2018-11-22 08:14:50 +00:00
|
|
|
LOG_FUNC_CALLED(p15card->card->ctx);
|
2003-10-13 16:13:12 +00:00
|
|
|
*file_ret = NULL;
|
2010-02-21 16:21:57 +00:00
|
|
|
r = cflex_create_pin_file(profile, p15card, path, ref,
|
2010-03-04 13:37:11 +00:00
|
|
|
dummy_pin_value, sizeof(dummy_pin_value), 8,
|
2003-10-13 16:13:12 +00:00
|
|
|
NULL, 0, 0,
|
|
|
|
|
file_ret, 1);
|
|
|
|
|
if (r == SC_ERROR_FILE_ALREADY_EXISTS)
|
2010-03-15 12:17:13 +00:00
|
|
|
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE, r);
|
2003-10-11 21:02:31 +00:00
|
|
|
|
2010-03-15 12:17:13 +00:00
|
|
|
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE, r);
|
2002-04-02 13:26:42 +00:00
|
|
|
}
|
|
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
/*
|
|
|
|
|
* Get private and public key file
|
|
|
|
|
*/
|
2007-06-21 11:07:00 +00:00
|
|
|
static int cflex_get_keyfiles(sc_profile_t *profile, sc_card_t *card,
|
2003-10-14 09:57:29 +00:00
|
|
|
const sc_path_t *df_path,
|
2003-10-13 16:13:12 +00:00
|
|
|
sc_file_t **prkf, sc_file_t **pukf)
|
|
|
|
|
{
|
|
|
|
|
sc_path_t path = *df_path;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
/* Get the private key file */
|
|
|
|
|
r = sc_profile_get_file_by_path(profile, &path, prkf);
|
|
|
|
|
if (r < 0) {
|
2006-01-11 23:41:17 +00:00
|
|
|
char pbuf[SC_MAX_PATH_STRING_SIZE];
|
|
|
|
|
|
|
|
|
|
r = sc_path_print(pbuf, sizeof(pbuf), &path);
|
|
|
|
|
if (r != SC_SUCCESS)
|
|
|
|
|
pbuf[0] = '\0';
|
|
|
|
|
|
2018-11-22 08:31:29 +00:00
|
|
|
sc_log(card->ctx, "Cannot find private key file info "
|
2006-01-11 23:41:17 +00:00
|
|
|
"in profile (path=%s).", pbuf);
|
2003-10-13 16:13:12 +00:00
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Get the public key file */
|
|
|
|
|
path.len -= 2;
|
|
|
|
|
sc_append_file_id(&path, 0x1012);
|
|
|
|
|
r = sc_profile_get_file_by_path(profile, &path, pukf);
|
|
|
|
|
if (r < 0) {
|
2018-11-22 08:31:29 +00:00
|
|
|
sc_log(card->ctx, "Cannot find public key file info in profile.");
|
2003-10-13 16:13:12 +00:00
|
|
|
sc_file_free(*prkf);
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
invert_buf(u8 *dest, const u8 *src, size_t c)
|
2003-05-22 20:53:15 +00:00
|
|
|
{
|
2003-10-13 16:13:12 +00:00
|
|
|
unsigned int i;
|
2003-05-22 20:53:15 +00:00
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
for (i = 0; i < c; i++)
|
|
|
|
|
dest[i] = src[c-1-i];
|
2003-05-22 20:53:15 +00:00
|
|
|
}
|
|
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
static int
|
|
|
|
|
bn2cf(sc_pkcs15_bignum_t *num, u8 *buf, size_t bufsize)
|
2002-04-02 13:26:42 +00:00
|
|
|
{
|
2003-10-13 16:13:12 +00:00
|
|
|
size_t len = num->len;
|
2002-04-02 13:26:42 +00:00
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
if (len > bufsize)
|
|
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
2002-04-02 13:26:42 +00:00
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
invert_buf(buf, num->data, len);
|
|
|
|
|
while (len < bufsize)
|
|
|
|
|
buf[len++] = 0;
|
|
|
|
|
return 0;
|
2002-04-02 13:26:42 +00:00
|
|
|
}
|
|
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
static int
|
2003-12-08 11:43:21 +00:00
|
|
|
bn2cft(sc_pkcs15_bignum_t *num, u8 tag, u8 *buf, size_t bufsize)
|
2002-04-02 13:26:42 +00:00
|
|
|
{
|
2003-12-08 11:43:21 +00:00
|
|
|
size_t len = num->len;
|
|
|
|
|
|
|
|
|
|
if (len + 3 > bufsize)
|
|
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
|
|
|
|
memset(buf, 0, bufsize);
|
|
|
|
|
buf[0] = tag;
|
|
|
|
|
buf[1] = len + 1;
|
2003-12-09 13:57:20 +00:00
|
|
|
memcpy(buf + 3, num->data, len);
|
2003-12-08 11:43:21 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Cryptoflex key encoding
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
cryptoflex_encode_private_key(sc_profile_t *profile, sc_card_t *card,
|
|
|
|
|
struct sc_pkcs15_prkey_rsa *rsa,
|
|
|
|
|
u8 *key, size_t *keysize, int key_ref)
|
|
|
|
|
{
|
|
|
|
|
size_t base = rsa->modulus.len / 2, key_blob_size;
|
|
|
|
|
int r, key_num = key_ref + 1;
|
2012-04-02 21:40:05 +00:00
|
|
|
|
2002-04-15 13:42:10 +00:00
|
|
|
switch (rsa->modulus.len) {
|
2003-10-13 16:13:12 +00:00
|
|
|
case 512 / 8:
|
|
|
|
|
case 768 / 8:
|
|
|
|
|
case 1024 / 8:
|
|
|
|
|
case 2048 / 8:
|
2002-04-02 13:26:42 +00:00
|
|
|
break;
|
2003-10-13 16:13:12 +00:00
|
|
|
default:
|
|
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
2002-04-02 13:26:42 +00:00
|
|
|
}
|
|
|
|
|
|
2003-12-08 11:43:21 +00:00
|
|
|
key_blob_size = 5 * base + 3;
|
|
|
|
|
if (*keysize < key_blob_size + 3)
|
2003-10-13 16:13:12 +00:00
|
|
|
return SC_ERROR_BUFFER_TOO_SMALL;
|
2003-12-08 11:43:21 +00:00
|
|
|
*keysize = key_blob_size + 3;
|
2002-04-02 13:26:42 +00:00
|
|
|
|
2003-12-08 11:43:21 +00:00
|
|
|
*key++ = key_blob_size >> 8;
|
|
|
|
|
*key++ = key_blob_size & 0xFF;
|
2003-10-13 16:13:12 +00:00
|
|
|
*key++ = key_num;
|
2002-04-02 13:26:42 +00:00
|
|
|
|
2003-10-13 20:41:00 +00:00
|
|
|
if ((r = bn2cf(&rsa->p, key + 0 * base, base)) < 0
|
|
|
|
|
|| (r = bn2cf(&rsa->q, key + 1 * base, base)) < 0
|
|
|
|
|
|| (r = bn2cf(&rsa->iqmp, key + 2 * base, base)) < 0
|
|
|
|
|
|| (r = bn2cf(&rsa->dmp1, key + 3 * base, base)) < 0
|
|
|
|
|
|| (r = bn2cf(&rsa->dmq1, key + 4 * base, base)) < 0)
|
2003-10-13 16:13:12 +00:00
|
|
|
return r;
|
2002-04-02 13:26:42 +00:00
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
key += 5 * base;
|
|
|
|
|
*key++ = 0;
|
|
|
|
|
*key++ = 0;
|
2011-02-05 20:42:50 +00:00
|
|
|
*key = 0;
|
2012-04-02 21:40:05 +00:00
|
|
|
|
2002-04-02 13:26:42 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
static int
|
2003-12-08 11:43:21 +00:00
|
|
|
cryptoflex_encode_public_key(sc_profile_t *profile, sc_card_t *card,
|
|
|
|
|
struct sc_pkcs15_prkey_rsa *rsa,
|
|
|
|
|
u8 *key, size_t *keysize, int key_ref)
|
2002-04-02 13:26:42 +00:00
|
|
|
{
|
2003-10-13 16:13:12 +00:00
|
|
|
size_t base;
|
2003-12-08 11:43:21 +00:00
|
|
|
int r, key_num = key_ref + 1;
|
2012-04-02 21:40:05 +00:00
|
|
|
|
2002-04-15 13:42:10 +00:00
|
|
|
switch (rsa->modulus.len) {
|
2003-10-13 16:13:12 +00:00
|
|
|
case 512 / 8:
|
|
|
|
|
case 768 / 8:
|
|
|
|
|
case 1024 / 8:
|
|
|
|
|
case 2048 / 8:
|
2002-04-02 13:26:42 +00:00
|
|
|
break;
|
2003-10-13 16:13:12 +00:00
|
|
|
default:
|
|
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
2002-04-02 13:26:42 +00:00
|
|
|
}
|
|
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
base = rsa->modulus.len / 2;
|
|
|
|
|
if (*keysize < (5 * base + 10))
|
|
|
|
|
return SC_ERROR_BUFFER_TOO_SMALL;
|
|
|
|
|
*keysize = 5 * base + 10;
|
2012-04-02 21:40:05 +00:00
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
memset(key, 0, *keysize);
|
|
|
|
|
*key++ = (5 * base + 7) >> 8;
|
|
|
|
|
*key++ = (5 * base + 7) & 0xFF;
|
|
|
|
|
*key++ = key_num;
|
|
|
|
|
|
|
|
|
|
/* Funny code - not sure why we do it this way:
|
2012-04-02 21:40:05 +00:00
|
|
|
*
|
2003-10-13 16:13:12 +00:00
|
|
|
* Specs say: We store: (Length)
|
|
|
|
|
* modulus modulus (N bytes)
|
|
|
|
|
* J0 Montgomery const 0 (N/2 bytes)
|
|
|
|
|
* H Montgomery const 0 (N bytes)
|
|
|
|
|
* exponent exponent 4
|
|
|
|
|
*
|
|
|
|
|
* --okir */
|
|
|
|
|
if ((r = bn2cf(&rsa->modulus, key + 0 * base, 2 * base)) < 0
|
|
|
|
|
|| (r = bn2cf(&rsa->exponent, key + 5 * base, 4)) < 0)
|
|
|
|
|
return r;
|
2002-04-02 13:26:42 +00:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2003-12-08 11:43:21 +00:00
|
|
|
/*
|
|
|
|
|
* Cyberflex key encoding
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
cyberflex_encode_private_key(sc_profile_t *profile, sc_card_t *card,
|
|
|
|
|
struct sc_pkcs15_prkey_rsa *rsa,
|
|
|
|
|
u8 *key, size_t *keysize, int key_ref)
|
|
|
|
|
{
|
|
|
|
|
size_t base = rsa->modulus.len / 2, key_blob_size, bnlen;
|
|
|
|
|
int r, key_num = key_ref + 1, alg_id;
|
2012-04-02 21:40:05 +00:00
|
|
|
|
2003-12-08 11:43:21 +00:00
|
|
|
switch (rsa->modulus.len) {
|
|
|
|
|
case 512 / 8: alg_id = 0xC4; break;
|
|
|
|
|
case 768 / 8: alg_id = 0xC6; break;
|
|
|
|
|
case 1024 / 8: alg_id = 0xC8; break;
|
|
|
|
|
default:
|
|
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
key_blob_size = 12 + 5 * (base + 3) + 4;
|
|
|
|
|
if (*keysize < key_blob_size)
|
|
|
|
|
return SC_ERROR_BUFFER_TOO_SMALL;
|
|
|
|
|
*keysize = key_blob_size;
|
|
|
|
|
|
|
|
|
|
memset(key, 0, *keysize);
|
|
|
|
|
*key++ = key_blob_size >> 8;
|
|
|
|
|
*key++ = key_blob_size & 0xFF;
|
|
|
|
|
*key++ = key_num;
|
|
|
|
|
*key++ = alg_id;
|
|
|
|
|
|
|
|
|
|
/* key blob header:
|
|
|
|
|
* "C2:06:C1:08:13:00:00:05"
|
|
|
|
|
*/
|
|
|
|
|
memcpy(key, "\xc2\x06\xc1\x08\x12\x00\x00\x05", 8);
|
|
|
|
|
key += 8;
|
|
|
|
|
|
|
|
|
|
/* Each bignum is encoded with a 2 byte header and a
|
|
|
|
|
* NULL pad byte */
|
|
|
|
|
bnlen = base + 3;
|
|
|
|
|
|
2003-12-09 13:57:20 +00:00
|
|
|
if ((r = bn2cft(&rsa->q, 0xC2, key + 0 * bnlen, bnlen)) < 0
|
|
|
|
|
|| (r = bn2cft(&rsa->p, 0xC2, key + 1 * bnlen, bnlen)) < 0
|
2003-12-08 11:43:21 +00:00
|
|
|
|| (r = bn2cft(&rsa->iqmp, 0xC2, key + 2 * bnlen, bnlen)) < 0
|
2003-12-09 13:57:20 +00:00
|
|
|
|| (r = bn2cft(&rsa->dmq1, 0xC2, key + 3 * bnlen, bnlen)) < 0
|
|
|
|
|
|| (r = bn2cft(&rsa->dmp1, 0xC2, key + 4 * bnlen, bnlen)) < 0)
|
2003-12-08 11:43:21 +00:00
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
key += 5 * bnlen;
|
2003-12-09 13:57:20 +00:00
|
|
|
key[0] = 0x0A;
|
|
|
|
|
key[1] = 0x0A;
|
|
|
|
|
key[2] = 0x00;
|
|
|
|
|
key[3] = 0x00;
|
|
|
|
|
|
2003-12-08 11:43:21 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
cyberflex_encode_public_key(sc_profile_t *profile, sc_card_t *card,
|
|
|
|
|
struct sc_pkcs15_prkey_rsa *rsa,
|
|
|
|
|
u8 *key, size_t *keysize, int key_ref)
|
|
|
|
|
{
|
|
|
|
|
size_t base = rsa->modulus.len, key_blob_size, bnlen;
|
|
|
|
|
int r, key_num = key_ref + 1, alg_id;
|
2012-04-02 21:40:05 +00:00
|
|
|
|
2003-12-08 11:43:21 +00:00
|
|
|
switch (rsa->modulus.len) {
|
|
|
|
|
case 512 / 8: alg_id = 0xC5; break;
|
|
|
|
|
case 768 / 8: alg_id = 0xC7; break;
|
|
|
|
|
case 1024 / 8: alg_id = 0xC9; break;
|
|
|
|
|
default:
|
|
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
|
|
|
|
}
|
|
|
|
|
|
2003-12-09 13:57:20 +00:00
|
|
|
key_blob_size = 12 + 3 + base + 7 + 4;
|
2003-12-08 11:43:21 +00:00
|
|
|
if (*keysize < key_blob_size)
|
|
|
|
|
return SC_ERROR_BUFFER_TOO_SMALL;
|
|
|
|
|
*keysize = key_blob_size;
|
2012-04-02 21:40:05 +00:00
|
|
|
|
2003-12-08 11:43:21 +00:00
|
|
|
memset(key, 0, *keysize);
|
|
|
|
|
*key++ = key_blob_size >> 8;
|
|
|
|
|
*key++ = key_blob_size & 0xFF;
|
|
|
|
|
*key++ = key_num;
|
|
|
|
|
*key++ = alg_id;
|
|
|
|
|
|
|
|
|
|
/* Key blob header */
|
|
|
|
|
memcpy(key, "\xC1\x06\xC0\x08\x13\x00\x00\x05", 8);
|
|
|
|
|
key += 8;
|
|
|
|
|
|
|
|
|
|
bnlen = rsa->modulus.len + 3;
|
|
|
|
|
if ((r = bn2cft(&rsa->modulus, 0xC0, key, bnlen)) < 0
|
|
|
|
|
|| (r = bn2cft(&rsa->exponent, 0xC0, key + bnlen, 3 + 4)) < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2003-12-09 13:57:20 +00:00
|
|
|
key += bnlen + 3 + 4;
|
|
|
|
|
key[0] = 0x0A;
|
|
|
|
|
key[1] = 0x0A;
|
|
|
|
|
key[2] = 0x00;
|
|
|
|
|
key[3] = 0x00;
|
2003-12-08 11:43:21 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2005-08-10 21:31:18 +00:00
|
|
|
static struct sc_pkcs15init_operations sc_pkcs15init_cryptoflex_operations = {
|
2005-08-14 22:33:43 +00:00
|
|
|
cflex_erase_card,
|
|
|
|
|
cryptoflex_init_card,
|
|
|
|
|
cflex_create_dir,
|
|
|
|
|
cflex_create_domain,
|
|
|
|
|
cflex_select_pin_reference,
|
|
|
|
|
cflex_create_pin,
|
2010-12-30 12:50:35 +00:00
|
|
|
NULL, /* select_key_reference */
|
2005-08-14 22:33:43 +00:00
|
|
|
cflex_create_key,
|
|
|
|
|
cflex_store_key,
|
|
|
|
|
cflex_generate_key,
|
|
|
|
|
cryptoflex_encode_private_key,
|
|
|
|
|
cryptoflex_encode_public_key,
|
2010-12-30 12:50:35 +00:00
|
|
|
NULL, /* finalize_card */
|
|
|
|
|
NULL, /* delete_object */
|
|
|
|
|
NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */
|
|
|
|
|
NULL /* sanity_check */
|
2005-08-10 21:31:18 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static struct sc_pkcs15init_operations sc_pkcs15init_cyberflex_operations = {
|
2005-08-14 22:33:43 +00:00
|
|
|
cflex_erase_card,
|
2010-12-30 12:50:35 +00:00
|
|
|
NULL, /* init_card */
|
2005-08-14 22:33:43 +00:00
|
|
|
cflex_create_dir,
|
|
|
|
|
cflex_create_domain,
|
|
|
|
|
cflex_select_pin_reference,
|
|
|
|
|
cflex_create_pin,
|
2010-12-30 12:50:35 +00:00
|
|
|
NULL, /* select_key_reference */
|
2005-08-14 22:33:43 +00:00
|
|
|
cflex_create_key,
|
|
|
|
|
cflex_store_key,
|
|
|
|
|
cflex_generate_key,
|
|
|
|
|
cyberflex_encode_private_key,
|
|
|
|
|
cyberflex_encode_public_key,
|
2010-12-30 12:50:35 +00:00
|
|
|
NULL, /* finalize_card */
|
|
|
|
|
NULL, /* delete_object */
|
|
|
|
|
NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */
|
|
|
|
|
NULL /* sanity_check */
|
2005-08-10 21:31:18 +00:00
|
|
|
};
|
2003-12-08 11:43:21 +00:00
|
|
|
|
|
|
|
|
struct sc_pkcs15init_operations *
|
|
|
|
|
sc_pkcs15init_get_cryptoflex_ops(void)
|
|
|
|
|
{
|
2005-08-10 21:31:18 +00:00
|
|
|
return &sc_pkcs15init_cryptoflex_operations;
|
2003-12-08 11:43:21 +00:00
|
|
|
}
|
2003-10-13 20:41:00 +00:00
|
|
|
|
2003-12-08 11:43:21 +00:00
|
|
|
struct sc_pkcs15init_operations *
|
|
|
|
|
sc_pkcs15init_get_cyberflex_ops(void)
|
2003-10-13 20:41:00 +00:00
|
|
|
{
|
2005-08-10 21:31:18 +00:00
|
|
|
return &sc_pkcs15init_cyberflex_operations;
|
2003-10-13 20:41:00 +00:00
|
|
|
}
|
