- added defaults; full PKCS#15 parsing is no-longer required at startup

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@43 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
jey 2001-11-17 14:55:41 +00:00
parent 584f5e5cb8
commit 1194017d5a
11 changed files with 288 additions and 67 deletions

135
src/libopensc/defaults.c Normal file
View File

@ -0,0 +1,135 @@
#include "sc.h"
#include "sc-pkcs15.h"
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
static void format_path(struct sc_path *path, const char *str)
{
int len = 0;
u8 *p = path->value;
while (str) {
int byte;
if (sscanf(str, "%02X", &byte) != 1)
break;
*p++ = byte;
len++;
str += 2;
}
path->len = len;
return;
}
static void format_file_struct(struct sc_file *file, const char *path, int type)
{
format_path(&file->path, path);
file->type = type;
}
static void format_cert_struct(struct sc_pkcs15_cert_info *cert,
const char *label, const u8 *id,
int id_len, int CA, const char *path)
{
strcpy(cert->com_attr.label, label);
memcpy(cert->id.value, id, id_len);
cert->id.len = id_len;
cert->authority = CA;
format_path(&cert->path, path);
}
static void format_prkey_struct(struct sc_pkcs15_prkey_info *prkey,
const char *label, const u8 *id,
int id_len, const u8 *pin_id,
int pin_id_len, int usage, int access_flags,
int mod_len, const char *file_id)
{
strcpy(prkey->com_attr.label, label);
memcpy(prkey->id.value, id, id_len);
prkey->id.len = id_len;
memcpy(prkey->com_attr.auth_id.value, pin_id, pin_id_len);
prkey->com_attr.auth_id.len = pin_id_len;
prkey->usage = usage;
prkey->access_flags = access_flags;
prkey->modulus_length = mod_len;
format_path(&prkey->file_id, file_id);
}
static int fineid_defaults(void *arg)
{
struct sc_card *card = (struct sc_card *) arg;
card->class = 0;
return 0;
}
static int fineid_pkcs15_defaults(void *arg)
{
struct sc_pkcs15_card *card = (struct sc_pkcs15_card *) arg;
struct sc_pkcs15_pin_info *pin;
card->label = strdup("FINEID S4-1");
card->manufacturer_id = strdup("VRK-FINSIGN");
card->flags = SC_PKCS15_CARD_FLAG_EID_COMPLIANT;
card->version = 1;
card->alg_info[0].reference = 0;
card->alg_info[0].algorithm = 0;
card->alg_info[0].supported_operations = 0xa2;
format_file_struct(&card->file_app, "5015", 7); /* 7 = DF, 0 = EF */
format_file_struct(&card->file_aodf, "50154401", 0);
format_file_struct(&card->file_prkdf, "50154402", 0);
format_file_struct(&card->file_cdf1, "50154403", 0);
format_file_struct(&card->file_cdf2, "50154404", 0);
format_file_struct(&card->file_cdf3, "50154405", 0);
format_file_struct(&card->file_dodf, "50154406", 0);
format_file_struct(&card->file_odf, "50155031", 0);
format_file_struct(&card->file_tokeninfo, "50155032", 0);
format_file_struct(&card->file_dir, "2F00", 0);
card->pin_count = 2;
pin = &card->pin_info[0];
strcpy(pin->com_attr.label, "perustunnusluku");
pin->flags = 0x30;
pin->type = 1;
pin->min_length = 4;
pin->stored_length = 8;
pin->pad_char = 0;
format_path(&pin->path, "3F00");
pin->auth_id.value[0] = 0x01;
pin->auth_id.len = 1;
pin->magic = SC_PKCS15_PIN_MAGIC;
pin = &card->pin_info[1];
strcpy(pin->com_attr.label, "allekirjoitustunnusluku");
pin->flags = 0x32;
pin->type = 1;
pin->min_length = 4;
pin->stored_length = 8;
pin->pad_char = 0;
format_path(&pin->path, "5015");
pin->auth_id.value[0] = 0x02;
pin->auth_id.len = 1;
pin->magic = SC_PKCS15_PIN_MAGIC;
card->cert_count = 3;
format_cert_struct(&card->cert_info[0], "todentamis- ja salausvarmenne", "\x45", 1, 0, "50154331");
format_cert_struct(&card->cert_info[1], "allekirjoitusvarmenne", "\x46", 1, 0, "50154332");
format_cert_struct(&card->cert_info[2], "FINSIGN CA for Citizen", "\x47", 1, 1, "50154333");
card->prkey_count = 2;
format_prkey_struct(&card->prkey_info[0], "todentamis- ja salausavain", "\x45", 1, "\x01", 1,
0x26, 0x1d, 1024, "4B01");
format_prkey_struct(&card->prkey_info[1], "allekirjoitusavain", "\x46", 1, "\x02", 1,
0x200, 0x1d, 1024, "4B02");
return 0;
}
const struct sc_defaults sc_card_table[] = {
{ "3B:9F:94:40:1E:00:67:11:43:46:49:53:45:10:52:66:FF:81:90:00", fineid_defaults, fineid_pkcs15_defaults },
{ NULL, NULL, NULL }
};

View File

@ -129,13 +129,6 @@ struct sc_pkcs15_prkey_info {
struct sc_pkcs15_card {
struct sc_card *card;
char *label;
struct sc_file file_dir, file_ao1, file_app;
/* in app DF */
struct sc_file file_tokeninfo, file_odf;
struct sc_file file_prkdf;
struct sc_file file_aodf, file_ao2;
struct sc_file file_cdf1, file_cdf2, file_cdf3;
struct sc_file file_dodf;
/* fields from TokenInfo: */
int version;
char *serial_number, *manufacturer_id;
@ -147,6 +140,14 @@ struct sc_pkcs15_card {
int prkey_count;
struct sc_pkcs15_pin_info pin_info[SC_PKCS15_MAX_PINS];
int pin_count;
struct sc_file file_dir, file_ao1, file_app;
/* in app DF */
struct sc_file file_tokeninfo, file_odf;
struct sc_file file_prkdf;
struct sc_file file_aodf, file_ao2;
struct sc_file file_cdf1, file_cdf2, file_cdf3;
struct sc_file file_dodf;
};
#define SC_PKCS15_CARD_FLAG_READONLY 0x01

View File

@ -121,6 +121,8 @@ struct sc_card {
const char *reader;
char atr[SC_MAX_ATR_SIZE];
int atr_len;
const struct sc_defaults *defaults;
};
struct sc_context {
@ -148,6 +150,12 @@ struct sc_security_env {
int key_ref;
};
struct sc_defaults {
const char *atr;
int (*defaults_func)(void *);
int (*pkcs15_defaults_func)(void *);
};
/* Base64 encoding/decoding functions */
int sc_base64_encode(const u8 *in, int inlen, u8 *out, int outlen,
int linelength);
@ -199,4 +207,6 @@ void sc_print_binary(const u8 *buf, int len);
int sc_debug;
const char *sc_version;
extern const struct sc_defaults sc_card_table[];
#endif

View File

@ -273,8 +273,7 @@ static int get_certs_from_file(struct sc_pkcs15_card *card,
tag = sc_asn1_skip_tag(&p, &left, 0x30, &taglen); /* SEQUENCE */
if (tag == NULL)
break;
if (parse_x509_cert_info
(&card->cert_info[card->cert_count], tag, taglen))
if (parse_x509_cert_info(&card->cert_info[card->cert_count], tag, taglen))
break;
card->cert_count++;
}
@ -286,6 +285,9 @@ int sc_pkcs15_enum_certificates(struct sc_pkcs15_card *card)
int r;
assert(card != NULL);
if (card->cert_count)
return card->cert_count; /* already enumerated */
card->cert_count = 0;
r = get_certs_from_file(card, &card->file_cdf1);
if (r != 0)

View File

@ -121,6 +121,15 @@ int sc_pkcs15_enum_pins(struct sc_pkcs15_card *p15card)
assert(p15card != NULL);
if (p15card->pin_count) {
for (i = 0; i < p15card->pin_count; i++) {
if (p15card->pin_info[i].magic != SC_PKCS15_PIN_MAGIC)
break;
}
if (i == p15card->pin_count)
return i; /* Already enumerated */
}
r = sc_select_file(p15card->card, &p15card->file_aodf,
&p15card->file_aodf.path,
SC_SELECT_FILE_BY_PATH);

View File

@ -124,6 +124,8 @@ int sc_pkcs15_enum_private_keys(struct sc_pkcs15_card *card)
assert(card != NULL);
if (card->prkey_count)
return card->prkey_count; /* already enumerated */
card->prkey_count = 0;
r = sc_select_file(card->card, &card->file_prkdf,
&card->file_prkdf.path, SC_SELECT_FILE_BY_PATH);

View File

@ -230,6 +230,26 @@ int sc_pkcs15_init(struct sc_card *card,
memset(p15card, 0, sizeof(struct sc_pkcs15_card));
p15card->card = card;
if (card->defaults != NULL && card->defaults->pkcs15_defaults_func != NULL) {
card->defaults->pkcs15_defaults_func(p15card);
err = sc_select_file(card, &p15card->file_tokeninfo,
&p15card->file_tokeninfo.path,
SC_SELECT_FILE_BY_PATH);
if (err)
goto error;
err = sc_read_binary(card, 0, buf, p15card->file_tokeninfo.size);
if (err < 0)
goto error;
if (err <= 2) {
err = SC_ERROR_PKCS15_CARD_NOT_FOUND;
goto error;
}
parse_tokeninfo(p15card, buf, err);
*p15card_out = p15card;
return 0;
}
memcpy(tmppath.value, "\x2F\x00", 2);
tmppath.len = 2;
err = sc_select_file(card, &p15card->file_dir, &tmppath,
@ -249,17 +269,14 @@ int sc_pkcs15_init(struct sc_card *card,
goto error;
}
memcpy(&tmppath, &p15card->file_app.path, sizeof(struct sc_path));
err =
sc_select_file(card, &p15card->file_app,
&p15card->file_app.path,
SC_SELECT_FILE_BY_PATH);
err = sc_select_file(card, &p15card->file_app, &p15card->file_app.path,
SC_SELECT_FILE_BY_PATH);
if (err)
goto error;
memcpy(tmppath.value + tmppath.len, "\x50\x31", 2);
tmppath.len += 2;
err =
sc_select_file(card, &p15card->file_odf, &tmppath,
SC_SELECT_FILE_BY_PATH);
err = sc_select_file(card, &p15card->file_odf, &tmppath,
SC_SELECT_FILE_BY_PATH);
if (err)
goto error;
err = sc_read_binary(card, 0, buf, p15card->file_odf.size);
@ -277,9 +294,8 @@ int sc_pkcs15_init(struct sc_card *card,
tmppath.len -= 2;
memcpy(tmppath.value + tmppath.len, "\x50\x32", 2);
tmppath.len += 2;
err =
sc_select_file(card, &p15card->file_tokeninfo, &tmppath,
SC_SELECT_FILE_BY_PATH);
err = sc_select_file(card, &p15card->file_tokeninfo, &tmppath,
SC_SELECT_FILE_BY_PATH);
if (err)
goto error;
err = sc_read_binary(card, 0, buf, p15card->file_tokeninfo.size);

View File

@ -129,13 +129,6 @@ struct sc_pkcs15_prkey_info {
struct sc_pkcs15_card {
struct sc_card *card;
char *label;
struct sc_file file_dir, file_ao1, file_app;
/* in app DF */
struct sc_file file_tokeninfo, file_odf;
struct sc_file file_prkdf;
struct sc_file file_aodf, file_ao2;
struct sc_file file_cdf1, file_cdf2, file_cdf3;
struct sc_file file_dodf;
/* fields from TokenInfo: */
int version;
char *serial_number, *manufacturer_id;
@ -147,6 +140,14 @@ struct sc_pkcs15_card {
int prkey_count;
struct sc_pkcs15_pin_info pin_info[SC_PKCS15_MAX_PINS];
int pin_count;
struct sc_file file_dir, file_ao1, file_app;
/* in app DF */
struct sc_file file_tokeninfo, file_odf;
struct sc_file file_prkdf;
struct sc_file file_aodf, file_ao2;
struct sc_file file_cdf1, file_cdf2, file_cdf3;
struct sc_file file_dodf;
};
#define SC_PKCS15_CARD_FLAG_READONLY 0x01

View File

@ -27,7 +27,7 @@
#include <ctype.h>
const char *sc_version = LIBSC_VERSION;
int sc_debug = 0;
int sc_debug = 1;
static int convert_sw_to_errorcode(u8 * sw)
{
@ -167,7 +167,7 @@ static int sc_transceive_t0(struct sc_card *card, struct sc_apdu *apdu)
dwSendLength = data - s;
dwRecvLength = apdu->resplen;
if (sc_debug) {
if (sc_debug > 2) {
printf("Sending: ");
sc_hex_dump(s, dwSendLength);
}
@ -194,7 +194,7 @@ int sc_transmit_apdu(struct sc_card *card, struct sc_apdu *apdu)
r = sc_transceive_t0(card, apdu);
if (r)
return r;
if (sc_debug) {
if (sc_debug > 2) {
printf("Received: ");
sc_hex_dump(apdu->resp, apdu->resplen);
}
@ -209,15 +209,13 @@ int sc_transmit_apdu(struct sc_card *card, struct sc_apdu *apdu)
rspapdu.le = apdu->resp[1];
rspapdu.resp = rsp;
rspapdu.resplen = apdu->resp[1] + 2;
if (sc_debug)
printf("Sending response request with %d bytes\n", rspapdu.resplen);
r = sc_transceive_t0(card, &rspapdu);
if (r) {
fprintf(stderr, "Error %d when getting response\n",
r);
return r;
}
if (sc_debug) {
if (sc_debug > 2) {
printf("Response: ");
sc_hex_dump(rspapdu.resp, rspapdu.resplen);
}
@ -236,14 +234,14 @@ static void process_fci(struct sc_file *file,
tag = sc_asn1_find_tag(p, len, 0x83, &taglen);
if (tag != NULL && taglen == 2) {
file->id = (tag[0] << 8) | tag[1];
if (sc_debug)
if (sc_debug > 1)
printf("File identifier: 0x%02X%02X\n", tag[0],
tag[1]);
}
tag = sc_asn1_find_tag(p, len, 0x81, &taglen);
if (tag != NULL && taglen >= 2) {
int bytes = (tag[0] << 8) + tag[1];
if (sc_debug)
if (sc_debug > 1)
printf("Bytes in file: %d\n", bytes);
file->size = bytes;
}
@ -254,12 +252,12 @@ static void process_fci(struct sc_file *file,
const char *type;
file->shareable = byte & 0x40 ? 1 : 0;
if (sc_debug)
if (sc_debug > 1)
printf("\tShareable: %s\n",
(byte & 0x40) ? "yes" : "no");
file->type = (byte >> 3) & 7;
file->ef_structure = byte & 0x07;
if (sc_debug) {
if (sc_debug > 1) {
switch ((byte >> 3) & 7) {
case 0:
type = "working EF";
@ -296,7 +294,7 @@ static void process_fci(struct sc_file *file,
name[i] = '?';
}
name[taglen] = 0;
if (sc_debug)
if (sc_debug > 1)
printf("\tFile name: %s\n", name);
}
tag = sc_asn1_find_tag(p, len, 0x85, &taglen);
@ -364,32 +362,29 @@ int sc_select_file(struct sc_card *card,
apdu.lc = pathlen;
apdu.data = path;
apdu.datalen = pathlen;
r = sc_transmit_apdu(card, &apdu);
/* FIXME: Some smarter way to do this... */
if (file == NULL || sc_file_valid(file)) {
r = sc_transceive_t0(card, &apdu); /* we don't need the response */
if (apdu.resplen == 2 && apdu.resp[0] == 0x61) {
apdu.resp[0] = 0x90;
apdu.resp[1] = 0;
}
} else {
memset(file, 0, sizeof(*file));
r = sc_transmit_apdu(card, &apdu);
}
if (r)
return r;
if (apdu.resplen < 2)
return SC_ERROR_UNKNOWN_RESPONSE;
if (file != NULL)
memset(file, 0, sizeof(*file));
switch (apdu.resp[0]) {
case 0x6A:
switch (apdu.resp[1]) {
case 0x82:
return SC_ERROR_FILE_NOT_FOUND;
default:
return SC_ERROR_UNKNOWN_RESPONSE;
}
case 0x6F:
break;
case 0x90:
case 0x00: /* proprietary coding */
return 0;
default:
fprintf(stderr,
"SELECT FILE returned SW1=%02X, SW2=%02X.\n",
apdu.resp[0], apdu.resp[1]);
/* FIXME */
return SC_ERROR_UNKNOWN_RESPONSE;
return convert_sw_to_errorcode(apdu.resp);
}
if (file == NULL)
return 0;
@ -456,7 +451,7 @@ int sc_read_binary(struct sc_card *card,
if (apdu.resplen == count + 2)
apdu.resplen = count;
memcpy(buf, recvbuf, apdu.resplen);
if (sc_debug == 2) {
if (sc_debug > 3) {
FILE *file = fopen("sc_recv", "w");
if (file != NULL) {
fwrite(buf, apdu.resplen, 1, file);
@ -551,14 +546,17 @@ int sc_establish_context(struct sc_context **ctx_out)
rv = SCardEstablishContext(SCARD_SCOPE_GLOBAL, "localhost", NULL,
&ctx->pcsc_ctx);
if (rv != SCARD_S_SUCCESS) {
fprintf(stderr,
"ERROR: Cannot connect to Resource Manager\n");
if (sc_debug) {
fprintf(stderr,
"ERROR: Cannot connect to Resource Manager\n");
}
return SC_ERROR_CONNECTING_TO_RES_MGR;
}
SCardListReaders(ctx->pcsc_ctx, NULL, NULL,
(LPDWORD) & reader_buf_size);
if (reader_buf_size == 0) {
fprintf(stderr, "No readers found!\n");
if (sc_debug)
fprintf(stderr, "No readers found!\n");
free(ctx);
return SC_ERROR_NO_READERS_FOUND;
}
@ -591,6 +589,42 @@ int sc_destroy_context(struct sc_context *ctx)
return 0;
}
const struct sc_defaults * find_defaults(const u8 *atr, int atrlen)
{
int i = 0;
const struct sc_defaults *match = NULL;
while (sc_card_table[i].atr != NULL) {
unsigned int byte;
u8 defatr[SC_MAX_ATR_SIZE], *p = defatr;
int len = 0;
const struct sc_defaults *def = &sc_card_table[i];
const char *atrp = def->atr;
i++;
if (atrp == NULL)
break;
if (strlen(atrp)/3 > SC_MAX_ATR_SIZE)
continue;
while (*atrp) {
if (sscanf(atrp, "%02X", (unsigned int *) &byte) != 1)
break;
*p++ = byte;
atrp += 2;
len++;
if (*atrp++ != ':')
break;
}
if (len != atrlen)
continue;
if (memcmp(atr, defatr, len) != 0)
continue;
match = def;
break;
}
return match;
}
int sc_connect_card(struct sc_context *ctx,
int reader, struct sc_card **card_out)
{
@ -630,7 +664,13 @@ int sc_connect_card(struct sc_context *ctx,
i = SC_MAX_ATR_SIZE;
memcpy(card->atr, rgReaderStates[0].rgbAtr, i);
card->atr_len = i;
card->class = 0; /* FIXME */
card->defaults = find_defaults(card->atr, card->atr_len);
if (card->defaults != NULL && card->defaults->defaults_func != NULL) {
card->defaults->defaults_func(card);
} else {
card->class = 0; /* FIXME */
}
card->reader = ctx->readers[reader];
*card_out = card;
@ -723,8 +763,9 @@ int sc_set_security_env(struct sc_card *card,
if (r)
return r;
if (apdu.resp[0] != 0x90) {
fprintf(stderr, "Set sec env: SWs=%02X%02X\n",
apdu.resp[0], apdu.resp[1]);
if (sc_debug)
fprintf(stderr, "Set sec env: SWs=%02X%02X\n",
apdu.resp[0], apdu.resp[1]);
return -1;
}
return 0;
@ -781,7 +822,8 @@ int sc_decipher(struct sc_card *card,
memcpy(out, apdu.resp, len);
return len;
}
fprintf(stderr, "sc_decipher(): SW1=%02X, SW2=%02X\n", p[0], p[1]);
if (sc_debug)
fprintf(stderr, "sc_decipher(): SW1=%02X, SW2=%02X\n", p[0], p[1]);
return convert_sw_to_errorcode(p);
}
@ -818,8 +860,9 @@ int sc_compute_signature(struct sc_card *card,
memcpy(out, apdu.resp, len);
return len;
}
fprintf(stderr, "sc_compute_signature(): SW1=%02X, SW2=%02X\n",
p[0], p[1]);
if (sc_debug)
fprintf(stderr, "sc_compute_signature(): SW1=%02X, SW2=%02X\n",
p[0], p[1]);
return convert_sw_to_errorcode(p);
}

View File

@ -119,7 +119,7 @@ static int get_random(u8 *buf, int len)
{
int fd, r;
fd = open("/dev/random", O_RDONLY);
fd = open("/dev/urandom", O_RDONLY);
if (fd < 0)
return PAM_SYSTEM_ERR;
while (len) {
@ -169,7 +169,7 @@ static int set_sec_env(struct sc_card *card, const struct sc_pkcs15_card *p15car
{
struct sc_security_env senv;
int r;
senv.signature = 0;
senv.algorithm_ref = 0x02;
senv.key_ref = 0;
@ -223,6 +223,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, con
pubkey = X509_get_pubkey(cert);
if (pubkey == NULL)
goto end;
DBG(printf("Getting random data...\n"));
r = get_random(random_data, sizeof(random_data));
if (r != PAM_SUCCESS)
goto end;
@ -250,6 +251,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, con
printf("SmartCard absent.\n");
goto end;
}
DBG(printf("Locking card...\n"));
sc_lock(card);
locked = 1;
@ -259,7 +261,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, con
printf("PKCS#15 initialization failed: %s\n", sc_strerror(r));
goto end;
}
DBG(printf("Enumerating stuff...\n"));
DBG(printf("Enumerating certificates...\n"));
r = sc_pkcs15_enum_certificates(p15card);
if (r < 0) {
printf("Cert enum failed: %s\n", sc_strerror(r));
@ -270,6 +272,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, con
for (i = 0; i < p15card->cert_count; i++) {
}
cinfo = &p15card->cert_info[0]; /* FIXME */
DBG(printf("Enumerating private keys...\n"));
r = sc_pkcs15_enum_private_keys(p15card);
if (r <= 0)
goto end;
@ -284,6 +287,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, con
if (prkinfo == NULL)
goto end;
/* FIXME: Determine if PIN code needed */
DBG(printf("Enumerating PIN codes...\n"));
r = sc_pkcs15_enum_pins(p15card);
if (r < 0)
goto end;

View File

@ -18,9 +18,7 @@ int enum_pins()
{
int i, c;
sc_lock(card);
c = sc_pkcs15_enum_pins(p15card);
sc_unlock(card);
if (c < 0) {
fprintf(stderr, "Error enumerating PIN codes: %s\n",
sc_strerror(i));