From 023216c75577b43aff456f138ede87e13df29ff6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 17 Apr 2017 14:23:44 +0300
Subject: [PATCH] add algorithm references for AES keys

---
 src/pkcs15init/myeid.profile  |  1 +
 src/pkcs15init/pkcs15-lib.c   | 12 ++++++
 src/pkcs15init/pkcs15-myeid.c | 78 +++++++++++++++++++++++++++++++----
 3 files changed, 84 insertions(+), 7 deletions(-)

diff --git a/src/pkcs15init/myeid.profile b/src/pkcs15init/myeid.profile
index 2645261d..fb2dc7c0 100644
--- a/src/pkcs15init/myeid.profile
+++ b/src/pkcs15init/myeid.profile
@@ -105,6 +105,7 @@ filesystem {
 
             EF PKCS15-TokenInfo {
         	   file-id	  = 5032;
+        	   size		  = 160;
 	           structure  = transparent;
         	   acl	      = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
             }
diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
index ec719194..811c6558 100644
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@@ -66,6 +66,7 @@
 #include "libopensc/aux-data.h"
 #include "profile.h"
 #include "pkcs15-init.h"
+#include "pkcs11/pkcs11.h"
 
 #define OPENSC_INFO_FILEPATH		"3F0050154946"
 #define OPENSC_INFO_FILEID		0x4946
@@ -1321,6 +1322,17 @@ sc_pkcs15init_init_skdf(struct sc_pkcs15_card *p15card, struct sc_profile *profi
 	key_info->usage = usage;
 	key_info->native = 1;
 	key_info->key_reference = 0;
+	switch (keyargs->algorithm) {
+	case SC_ALGORITHM_DES:
+		key_info->key_type = CKM_DES_ECB;
+		break;
+	case SC_ALGORITHM_3DES:
+		key_info->key_type = CKM_DES3_ECB;
+		break;
+	case SC_ALGORITHM_AES:
+		key_info->key_type = CKM_AES_ECB;
+		break;
+	}
 	key_info->value_len = keybits;
 	key_info->access_flags = keyargs->access_flags;
 	/* Path is selected below */
diff --git a/src/pkcs15init/pkcs15-myeid.c b/src/pkcs15init/pkcs15-myeid.c
index 3e4bb19e..4931027d 100644
--- a/src/pkcs15init/pkcs15-myeid.c
+++ b/src/pkcs15init/pkcs15-myeid.c
@@ -31,6 +31,7 @@
 #include "pkcs15-init.h"
 #include "profile.h"
 #include "libopensc/asn1.h"
+#include "pkcs11/pkcs11.h"
 
 #undef KEEP_AC_NONE_FOR_INIT_APPLET
 
@@ -425,6 +426,61 @@ myeid_encode_public_key(sc_profile_t *profile, sc_card_t *card,
 	LOG_FUNC_RETURN(card->ctx, 0);
 }
 
+/*
+ */
+static void
+_add_supported_algo(struct sc_profile *profile, struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *object,
+		    unsigned operations, unsigned mechanism, const struct sc_object_id *oid)
+{
+	struct sc_supported_algo_info *algo;
+	algo = sc_pkcs15_get_supported_algo(p15card, operations, mechanism);
+	if (!algo) {
+		unsigned ref = 1, ii;
+
+		for (ii=0;ii<SC_MAX_SUPPORTED_ALGORITHMS && p15card->tokeninfo->supported_algos[ii].reference; ii++)
+			if (p15card->tokeninfo->supported_algos[ii].reference >= ref)
+				ref = p15card->tokeninfo->supported_algos[ii].reference + 1;
+		if (ii < SC_MAX_SUPPORTED_ALGORITHMS) {
+			algo = &p15card->tokeninfo->supported_algos[ii];
+			algo->reference = ref;
+			algo->mechanism = mechanism;
+			algo->operations = operations;
+			algo->algo_id = *oid;
+			profile->dirty = 1;
+			profile->pkcs15.do_last_update = 1;
+		}
+
+	}
+	sc_pkcs15_add_supported_algo_ref(object, algo);
+}
+
+static void
+myeid_fixup_supported_algos(struct sc_profile *profile, struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *object)
+{
+	static const struct sc_object_id id_aes128_ecb = { { 2, 16, 840, 1, 101, 3, 4, 1, 1, -1 } };
+	static const struct sc_object_id id_aes128_cbc = { { 2, 16, 840, 1, 101, 3, 4, 1, 2, -1 } };
+	static const struct sc_object_id id_aes256_ecb = { { 2, 16, 840, 1, 101, 3, 4, 1, 41, -1 } };
+	static const struct sc_object_id id_aes256_cbc = { { 2, 16, 840, 1, 101, 3, 4, 1, 42, -1 } };
+	struct sc_context *ctx = p15card->card->ctx;
+	struct sc_pkcs15_skey_info *skey_info = (struct sc_pkcs15_skey_info *) object->data;
+
+	LOG_FUNC_CALLED(ctx);
+	switch (object->type) {
+	case SC_PKCS15_TYPE_SKEY_GENERIC:
+		switch (skey_info->key_type | (skey_info->value_len << 16)) {
+		case CKM_AES_ECB | (128 << 16):
+			_add_supported_algo(profile, p15card, object, SC_PKCS15_ALGO_OP_DECIPHER|SC_PKCS15_ALGO_OP_ENCIPHER, CKM_AES_ECB, &id_aes128_ecb);
+			_add_supported_algo(profile, p15card, object, SC_PKCS15_ALGO_OP_DECIPHER|SC_PKCS15_ALGO_OP_ENCIPHER, CKM_AES_CBC, &id_aes128_cbc);
+			break;
+		case CKM_AES_ECB | (256 << 16):
+			_add_supported_algo(profile, p15card, object, SC_PKCS15_ALGO_OP_DECIPHER|SC_PKCS15_ALGO_OP_ENCIPHER, CKM_AES_ECB, &id_aes256_ecb);
+			_add_supported_algo(profile, p15card, object, SC_PKCS15_ALGO_OP_DECIPHER|SC_PKCS15_ALGO_OP_ENCIPHER, CKM_AES_CBC, &id_aes256_cbc);
+			break;
+		}
+		break;
+	}
+}
+
 
 /*
  * Create a private key file
@@ -443,7 +499,7 @@ myeid_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
 	struct sc_pkcs15_object *pin_object = NULL;
 	struct sc_pkcs15_auth_info *pkcs15_auth_info = NULL;
 	unsigned char sec_attrs[] = {0xFF, 0xFF, 0xFF};
-	int r, ef_structure, keybits = 0, pin_reference = -1;
+	int r, ef_structure = 0, keybits = 0, pin_reference = -1;
 
 	LOG_FUNC_CALLED(card->ctx);
 
@@ -463,14 +519,22 @@ myeid_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
 			break;
 		case SC_PKCS15_TYPE_SKEY_GENERIC:
 			keybits = skey_info->value_len;
-			/* FIXME */
-			ef_structure = SC_CARDCTL_MYEID_KEY_AES;
-			break;
-		default:
-			LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS,
-					"Unsupported key type");
+			switch (skey_info->key_type) {
+			case CKM_AES_ECB:
+				ef_structure = SC_CARDCTL_MYEID_KEY_AES;
+				break;
+			case CKM_DES_ECB:
+				ef_structure = SC_CARDCTL_MYEID_KEY_DES;
+				break;
+			}
 			break;
 	}
+	if (!ef_structure) {
+		LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS,
+				"Unsupported key type");
+	}
+
+	myeid_fixup_supported_algos(profile, p15card, object);
 
 	if ((object->type & SC_PKCS15_TYPE_CLASS_MASK) == SC_PKCS15_TYPE_PRKEY) {
 		id = &prkey_info->id;