giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

MyEID: always select in mode 'return FCI template' 

According to ch.4.2 of MyEID reference manual v1.7.6 the only possible value of P2 of 'SELECT' APDU is '00'.
For this reason, when caller do not request to return 'sc_file' data,
use the non-null dummy 'sc_file' pointer in the call of iso->select_file,
and thus avoid the P2 different from '00'.

Also log calls are replaced by its short forms,
and resolved the 'trailing spaces' issues.
This commit is contained in:
Viktor Tarasov 2012-08-14 15:37:24 +02:00
parent 25f7bc5ac5
commit 16b4cb6a3f
2 changed files with 273 additions and 269 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

397
src/libopensc/card-myeid.c
View File

@ -63,7 +63,7 @@ static int myeid_match_card(struct sc_card *card)
{
int i, match = -1;
for (i = 0; myeid_atrs[i] != NULL; i++)
for (i = 0; myeid_atrs[i] != NULL; i++)
{
u8 defatr[SC_MAX_ATR_SIZE];
size_t len = sizeof(defatr);
@ -85,15 +85,14 @@ static int myeid_match_card(struct sc_card *card)
}
static int myeid_init(struct sc_card *card)
{
{
unsigned long flags =0;
myeid_private_data_t *priv;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
priv = calloc(1, sizeof(myeid_private_data_t));
if (!priv)
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY);
LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
priv->card_state = SC_FILE_STATUS_CREATION;
card->drv_data = priv;
@ -109,7 +108,7 @@ static int myeid_init(struct sc_card *card)
card->max_recv_size = 255;
card->max_send_size = 255;
return 0;
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
}
static const struct sc_card_operations *iso_ops = NULL;
@ -137,7 +136,7 @@ static void add_acl_entry(struct sc_file *file, int op, u8 byte)
{
unsigned int method, key_ref = SC_AC_KEY_REF_NONE;
switch (byte)
switch (byte)
{
case 0:
method = SC_AC_NONE;
@ -156,18 +155,18 @@ static void add_acl_entry(struct sc_file *file, int op, u8 byte)
static void parse_sec_attr(struct sc_file *file, const u8 *buf, size_t len)
{
int i;
const int df_ops[4] =
const int df_ops[4] =
{ SC_AC_OP_CREATE, SC_AC_OP_CREATE, SC_AC_OP_DELETE, -1 };
const int ef_ops[4] =
const int ef_ops[4] =
{ SC_AC_OP_READ, SC_AC_OP_UPDATE, SC_AC_OP_DELETE, -1 };
const int key_ops[4] =
{ SC_AC_OP_CRYPTO, SC_AC_OP_UPDATE, SC_AC_OP_DELETE, SC_AC_OP_GENERATE };
const int key_ops[4] =
{ SC_AC_OP_CRYPTO, SC_AC_OP_UPDATE, SC_AC_OP_DELETE, SC_AC_OP_GENERATE };
const int *ops;
if (len < 2)
return;
switch (file->type) {
case SC_FILE_TYPE_WORKING_EF:
ops = ef_ops;
@ -179,11 +178,11 @@ static void parse_sec_attr(struct sc_file *file, const u8 *buf, size_t len)
ops = df_ops;
break;
default:
ops = key_ops;
ops = key_ops;
break;
}
for (i = 0; i < 4; i++)
for (i = 0; i < 4; i++)
{
if (ops[i] == -1)
continue;
@ -197,24 +196,30 @@ static void parse_sec_attr(struct sc_file *file, const u8 *buf, size_t len)
static int myeid_select_file(struct sc_card *card, const struct sc_path *in_path,
struct sc_file **file)
{
struct sc_file *dummy_file = NULL;
int r;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
r = iso_ops->select_file(card, in_path, file);
LOG_FUNC_CALLED(card->ctx);
r = iso_ops->select_file(card, in_path, &dummy_file);
if (file)
*file = dummy_file;
else if (dummy_file)
sc_file_free(dummy_file);
if (r == 0 && file != NULL && *file != NULL)
parse_sec_attr(*file, (*file)->sec_attr, (*file)->sec_attr_len);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(card->ctx, r);
}
static int myeid_list_files(struct sc_card *card, u8 *buf, size_t buflen)
static int myeid_list_files(struct sc_card *card, u8 *buf, size_t buflen)
{
struct sc_apdu apdu;
int r;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xCA, 0x01, 0xA1);
apdu.resp = buf;
@ -223,27 +228,27 @@ static int myeid_list_files(struct sc_card *card, u8 *buf, size_t buflen)
r = sc_transmit_apdu(card, &apdu);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
if (apdu.resplen == 0)
return sc_check_sw(card, apdu.sw1, apdu.sw2);
return apdu.resplen;
}
static int myeid_process_fci(struct sc_card *card, struct sc_file *file,
const u8 *buf, size_t buflen)
{
const u8 *buf, size_t buflen)
{
myeid_private_data_t *priv = (myeid_private_data_t *) card->drv_data;
size_t taglen = 0;
const u8 *tag = NULL;
int r;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
r = iso_ops->process_fci(card, file, buf, buflen);
if (r < 0)
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(card->ctx, r);
if(file->type == SC_FILE_EF_UNKNOWN)
{
{
tag = sc_asn1_find_tag(NULL, buf, buflen, 0x82, &taglen);
if (tag != NULL && taglen > 0 && *tag == 17)
{
@ -252,7 +257,7 @@ static int myeid_process_fci(struct sc_card *card, struct sc_file *file,
}
if(file->sec_attr_len >= 3)
{
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "id (%X) sec_attr (%X %X %X)", file->id,
sc_log(card->ctx, "id (%X) sec_attr (%X %X %X)", file->id,
file->sec_attr[0],file->sec_attr[1],file->sec_attr[2]);
}
tag = sc_asn1_find_tag(NULL, buf, buflen, 0x8A, &taglen);
@ -260,18 +265,18 @@ static int myeid_process_fci(struct sc_card *card, struct sc_file *file,
{
if(tag[0] == MYEID_STATE_CREATION) {
file->status = SC_FILE_STATUS_CREATION;
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "File id (%X) status SC_FILE_STATUS_CREATION (0x%X)",
sc_log(card->ctx, "File id (%X) status SC_FILE_STATUS_CREATION (0x%X)",
file->id, tag[0]);
}
else if(tag[0] == MYEID_STATE_ACTIVATED) {
file->status = SC_FILE_STATUS_ACTIVATED;
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "File id (%X) status SC_FILE_STATUS_ACTIVATED (0x%X)",
sc_log(card->ctx, "File id (%X) status SC_FILE_STATUS_ACTIVATED (0x%X)",
file->id, tag[0]);
}
priv->card_state = file->status;
}
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0);
LOG_FUNC_RETURN(card->ctx, 0);
}
static int encode_file_structure(sc_card_t *card, const sc_file_t *file,
@ -281,7 +286,7 @@ static int encode_file_structure(sc_card_t *card, const sc_file_t *file,
u8 buf[40];
int i;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
/* PrivateKey
* 0E0000019 6217 81020400 820111 83024B01 8603000000 85028000 8A0100 RESULT 6984
* 6217 81020400 820111 83024B01 8603000000 85021000 8A0100 */
@ -294,12 +299,12 @@ static int encode_file_structure(sc_card_t *card, const sc_file_t *file,
buf[3] = 0x02;
buf[4] = (file->size >> 8) & 0xFF;
buf[5] = file->size & 0xFF;
/* File Description tag */
buf[6] = 0x82;
buf[7] = 0x01;
buf[8] = 0x01;
/* File Identifier tag */
buf[9] = 0x83;
buf[10] = 0x02;
@ -313,30 +318,30 @@ static int encode_file_structure(sc_card_t *card, const sc_file_t *file,
buf[16] = 0xFF;
buf[17] = 0xFF;
if (file->sec_attr_len == 3 && file->sec_attr)
if (file->sec_attr_len == 3 && file->sec_attr)
{
buf[15] = file->sec_attr[0];
buf[16] = file->sec_attr[1];
buf[17] = file->sec_attr[2];
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "id (%X), sec_attr %X %X %X", file->id,
sc_log(card->ctx, "id (%X), sec_attr %X %X %X", file->id,
file->sec_attr[0],file->sec_attr[1],file->sec_attr[2]);
}
else
{
{
delete = sc_file_get_acl_entry(file, SC_AC_OP_DELETE);
switch (file->type) {
case SC_FILE_TYPE_WORKING_EF:
read = sc_file_get_acl_entry(file, SC_AC_OP_READ);
update = sc_file_get_acl_entry(file, SC_AC_OP_UPDATE);
buf[15] = (acl_to_byte(read) << 4) | acl_to_byte(update);
buf[16] = (acl_to_byte(delete)<< 4) | 0x0F;
buf[16] = (acl_to_byte(delete)<< 4) | 0x0F;
break;
case SC_FILE_TYPE_INTERNAL_EF:
read = sc_file_get_acl_entry(file, SC_AC_OP_CRYPTO);
update = sc_file_get_acl_entry(file, SC_AC_OP_UPDATE);
generate = sc_file_get_acl_entry(file, SC_AC_OP_GENERATE);
@ -345,39 +350,39 @@ static int encode_file_structure(sc_card_t *card, const sc_file_t *file,
buf[16] = (acl_to_byte(delete)<< 4) | acl_to_byte(generate);
break;
case SC_FILE_TYPE_DF:
update = sc_file_get_acl_entry(file, SC_AC_OP_CREATE);
buf[15] = (acl_to_byte(update) << 4) | acl_to_byte(update);
buf[16] = (acl_to_byte(delete) << 4) | 0x0F;
buf[16] = (acl_to_byte(delete) << 4) | 0x0F;
break;
default:
default:
break;
}
}
/* Proprietary Information */
buf[18] = 0x85;
buf[19] = 0x02;
/* AC right to clear default 0 */
buf[20] = (SC_FILE_TYPE_INTERNAL_EF == file->type ?0x0:0x80);
buf[21] = 0x0;
buf[20] = (SC_FILE_TYPE_INTERNAL_EF == file->type ?0x0:0x80);
buf[21] = 0x0;
/* Life Cycle Status tag */
buf[22] = 0x8A;
buf[23] = 0x01;
buf[24] = 0x0; /* RFU */
switch (file->type)
switch (file->type)
{
case SC_FILE_TYPE_WORKING_EF:
case SC_FILE_TYPE_WORKING_EF:
break;
case SC_FILE_TYPE_INTERNAL_EF:
case SC_FILE_TYPE_INTERNAL_EF:
buf[8] = 0x11;
break;
case SC_FILE_TYPE_DF:
case SC_FILE_TYPE_DF:
buf[8] = 0x38;
if(file->namelen > 0 && file->namelen <= 16)
{
@ -386,33 +391,33 @@ static int encode_file_structure(sc_card_t *card, const sc_file_t *file,
for(i=0;i < (int)file->namelen;i++)
buf[i + 26] = file->name[i];
buf[1] = 0x19 + file->namelen + 2;
}
break;
default:
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unknown file type\n");
sc_log(card->ctx, "Unknown file type\n");
return SC_ERROR_INVALID_ARGUMENTS;
}
*outlen = buf[1]+2;
memcpy(out, buf, *outlen);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0);
LOG_FUNC_RETURN(card->ctx, 0);
}
static int myeid_create_file(struct sc_card *card, struct sc_file *file)
{
sc_apdu_t apdu;
static int myeid_create_file(struct sc_card *card, struct sc_file *file)
{
sc_apdu_t apdu;
u8 sbuf[32];
size_t buflen;
int r;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
r = encode_file_structure(card, file, sbuf, &buflen);
if (r)
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(card->ctx, r);
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xE0, 0x00, 0x00);
apdu.data = sbuf;
@ -420,35 +425,35 @@ static int myeid_create_file(struct sc_card *card, struct sc_file *file)
apdu.lc = buflen;
r = sc_transmit_apdu(card, &apdu);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
if (apdu.sw1 == 0x6A && apdu.sw2 == 0x89)
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_ALREADY_EXISTS);
LOG_FUNC_RETURN(card->ctx, SC_ERROR_FILE_ALREADY_EXISTS);
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(card->ctx, r);
}
static int myeid_delete_file(struct sc_card *card, const struct sc_path *path)
{
static int myeid_delete_file(struct sc_card *card, const struct sc_path *path)
{
int r;
struct sc_apdu apdu;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
if (path->type != SC_PATH_TYPE_FILE_ID && path->len != 2)
LOG_FUNC_CALLED(card->ctx);
if (path->type != SC_PATH_TYPE_FILE_ID && path->len != 2)
{
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File type has to be SC_PATH_TYPE_FILE_ID\n");
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS);
sc_log(card->ctx, "File type has to be SC_PATH_TYPE_FILE_ID\n");
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS);
}
r = sc_select_file(card, path, NULL);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to select file to be deleted");
LOG_TEST_RET(card->ctx, r, "Unable to select file to be deleted");
sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0xE4, 0x00, 0x00);
apdu.cla = 0xA0;
r = sc_transmit_apdu(card, &apdu);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card, apdu.sw1, apdu.sw2));
LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
}
static int myeid_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data,
@ -456,25 +461,25 @@ static int myeid_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data,
{
myeid_private_data_t *priv = (myeid_private_data_t *) card->drv_data;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "ref (%d), pin1 len(%d), pin2 len (%d)\n",
LOG_FUNC_CALLED(card->ctx);
sc_log(card->ctx, "ref (%d), pin1 len(%d), pin2 len (%d)\n",
data->pin_reference, data->pin1.len, data->pin2.len);
if(data->pin1.len > 8 || data->pin2.len > 8)
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_LENGTH);
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_PIN_LENGTH);
data->pin1.pad_length = data->pin2.pad_length = 8;
data->pin1.pad_char = data->pin2.pad_char = 0xFF;
if (data->cmd == SC_PIN_CMD_VERIFY && priv->card_state == SC_FILE_STATUS_CREATION) {
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Card in creation state, no need to verify");
sc_log(card->ctx, "Card in creation state, no need to verify");
return SC_SUCCESS;
}
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, iso_ops->pin_cmd(card, data, tries_left));
LOG_FUNC_RETURN(card->ctx, iso_ops->pin_cmd(card, data, tries_left));
}
static int myeid_set_security_env2(sc_card_t *card, const sc_security_env_t *env,
static int myeid_set_security_env2(sc_card_t *card, const sc_security_env_t *env,
int se_num)
{
sc_apdu_t apdu;
@ -483,21 +488,21 @@ static int myeid_set_security_env2(sc_card_t *card, const sc_security_env_t *env
int r, locked = 0;
assert(card != NULL && env != NULL);
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
if (env->flags & SC_SEC_ENV_KEY_REF_ASYMMETRIC)
LOG_FUNC_CALLED(card->ctx);
if (env->flags & SC_SEC_ENV_KEY_REF_ASYMMETRIC)
{
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "asymmetric keyref not supported.\n");
sc_log(card->ctx, "asymmetric keyref not supported.\n");
return SC_ERROR_NOT_SUPPORTED;
}
if (se_num > 0)
if (se_num > 0)
{
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "restore security environment not supported.\n");
sc_log(card->ctx, "restore security environment not supported.\n");
return SC_ERROR_NOT_SUPPORTED;
}
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0, 0);
switch (env->operation)
switch (env->operation)
{
case SC_SEC_OPERATION_DECIPHER:
apdu.p1 = 0x41;
@ -512,20 +517,20 @@ static int myeid_set_security_env2(sc_card_t *card, const sc_security_env_t *env
}
apdu.le = 0;
p = sbuf;
if (env->flags & SC_SEC_ENV_ALG_REF_PRESENT)
if (env->flags & SC_SEC_ENV_ALG_REF_PRESENT)
{
*p++ = 0x80; /* algorithm reference */
*p++ = 0x01;
*p++ = env->algorithm_ref & 0xFF;
}
if (env->flags & SC_SEC_ENV_FILE_REF_PRESENT)
if (env->flags & SC_SEC_ENV_FILE_REF_PRESENT)
{
*p++ = 0x81;
*p++ = 2;
memcpy(p, env->file_ref.value, 2);
p += 2;
}
if (env->flags & SC_SEC_ENV_KEY_REF_PRESENT)
if (env->flags & SC_SEC_ENV_KEY_REF_PRESENT)
{
*p++ = 0x84;
*p++ = 1;
@ -538,22 +543,22 @@ static int myeid_set_security_env2(sc_card_t *card, const sc_security_env_t *env
apdu.resplen = 0;
if (se_num > 0) {
r = sc_lock(card);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
LOG_TEST_RET(card->ctx, r, "sc_lock() failed");
locked = 1;
}
if (apdu.datalen != 0)
if (apdu.datalen != 0)
{
r = sc_transmit_apdu(card, &apdu);
if (r)
if (r)
{
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
sc_log(card->ctx,
"%s: APDU transmit failed", sc_strerror(r));
goto err;
}
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
if (r)
if (r)
{
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
sc_log(card->ctx,
"%s: Card returned error", sc_strerror(r));
goto err;
}
@ -563,32 +568,32 @@ static int myeid_set_security_env2(sc_card_t *card, const sc_security_env_t *env
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0xF2, se_num);
r = sc_transmit_apdu(card, &apdu);
sc_unlock(card);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
return sc_check_sw(card, apdu.sw1, apdu.sw2);
err:
if (locked)
sc_unlock(card);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(card->ctx, r);
}
static int myeid_set_security_env(struct sc_card *card,
const struct sc_security_env *env, int se_num)
{
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
if (env->flags & SC_SEC_ENV_ALG_PRESENT)
if (env->flags & SC_SEC_ENV_ALG_PRESENT)
{
sc_security_env_t tmp;
tmp = *env;
tmp.flags &= ~SC_SEC_ENV_ALG_PRESENT;
tmp.flags |= SC_SEC_ENV_ALG_REF_PRESENT;
if (tmp.algorithm != SC_ALGORITHM_RSA)
if (tmp.algorithm != SC_ALGORITHM_RSA)
{
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Only RSA algorithm supported.\n");
sc_log(card->ctx, "Only RSA algorithm supported.\n");
return SC_ERROR_NOT_SUPPORTED;
}
tmp.algorithm_ref = 0x00;
/* potential FIXME: return an error, if an unsupported
* pad or hash was requested, although this shouldn't happen */
@ -598,22 +603,22 @@ static int myeid_set_security_env(struct sc_card *card,
tmp.algorithm_ref |= 0x10;
return myeid_set_security_env2(card, &tmp, se_num);
}
return myeid_set_security_env2(card, env, se_num);
return myeid_set_security_env2(card, env, se_num);
}
static int myeid_compute_signature(struct sc_card *card, const u8 * data,
size_t datalen, u8 * out, size_t outlen)
static int myeid_compute_signature(struct sc_card *card, const u8 * data,
size_t datalen, u8 * out, size_t outlen)
{
int r;
struct sc_apdu apdu;
u8 rbuf[SC_MAX_APDU_BUFFER_SIZE];
u8 sbuf[SC_MAX_APDU_BUFFER_SIZE];
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
assert(card != NULL && data != NULL && out != NULL);
if (datalen > 256)
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS);
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS);
/* INS: 0x2A PERFORM SECURITY OPERATION
* P1: 0x9E Resp: Digital Signature
@ -622,14 +627,14 @@ static int myeid_compute_signature(struct sc_card *card, const u8 * data,
apdu.resp = rbuf;
apdu.resplen = sizeof(rbuf);
apdu.le = 256;
if (datalen == 256)
if (datalen == 256)
{
apdu.p2 = data[0];
memcpy(sbuf, data+1, datalen-1);
apdu.lc = datalen - 1;
apdu.datalen = datalen - 1;
}
else
}
else
{
memcpy(sbuf, data, datalen);
apdu.lc = datalen;
@ -638,53 +643,53 @@ static int myeid_compute_signature(struct sc_card *card, const u8 * data,
apdu.data = sbuf;
r = sc_transmit_apdu(card, &apdu);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00)
if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00)
{
int len = apdu.resplen > outlen ? outlen : apdu.resplen;
memcpy(out, apdu.resp, len);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len);
LOG_FUNC_RETURN(card->ctx, len);
}
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2));
LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
}
static int myeid_decipher(struct sc_card *card, const u8 * crgram,
size_t crgram_len, u8 * out, size_t outlen)
static int myeid_decipher(struct sc_card *card, const u8 * crgram,
size_t crgram_len, u8 * out, size_t outlen)
{
int r;
struct sc_apdu apdu;
u8 rbuf[SC_MAX_APDU_BUFFER_SIZE];
u8 sbuf[SC_MAX_APDU_BUFFER_SIZE];
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
assert(card != NULL && crgram != NULL && out != NULL);
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL);
if (crgram_len > 256)
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS);
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS);
/* INS: 0x2A PERFORM SECURITY OPERATION
* P1: 0x80 Resp: Plain value
* P2: 0x86 Cmd: Padding indicator byte followed by cryptogram */
sc_format_apdu(card, &apdu,
(crgram_len < 256) ? SC_APDU_CASE_4_SHORT : SC_APDU_CASE_3_SHORT,
(crgram_len < 256) ? SC_APDU_CASE_4_SHORT : SC_APDU_CASE_3_SHORT,
0x2A, 0x80, 0x86);
apdu.resp = rbuf;
apdu.resplen = sizeof(rbuf);
apdu.le = crgram_len;
if (crgram_len == 256)
if (crgram_len == 256)
{ apdu.le = 0;
/* padding indicator byte, 0x81 = first half of 2048 bit cryptogram */
sbuf[0] = 0x81;
sbuf[0] = 0x81;
memcpy(sbuf + 1, crgram, crgram_len / 2);
apdu.lc = crgram_len / 2 + 1;
}
else
}
else
{
sbuf[0] = 0; /* padding indicator byte, 0x00 = No further indication */
memcpy(sbuf + 1, crgram, crgram_len);
@ -692,21 +697,21 @@ static int myeid_decipher(struct sc_card *card, const u8 * crgram,
}
apdu.datalen = apdu.lc; apdu.data = sbuf;
r = sc_transmit_apdu(card, &apdu);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00)
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00)
{
if (crgram_len == 256)
if (crgram_len == 256)
{
sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT,
sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT,
0x2A, 0x80, 0x86);
apdu.resp = rbuf;
apdu.resplen = sizeof(rbuf);
apdu.le = crgram_len;
/* padding indicator byte,
/* padding indicator byte,
* 0x82 = Second half of 2048 bit cryptogram */
sbuf[0] = 0x82;
sbuf[0] = 0x82;
memcpy(sbuf + 1, crgram + crgram_len / 2, crgram_len / 2);
apdu.lc = crgram_len / 2 + 1;
apdu.datalen = apdu.lc;
@ -714,24 +719,24 @@ static int myeid_decipher(struct sc_card *card, const u8 * crgram,
r = sc_transmit_apdu(card, &apdu);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00)
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00)
{
int len = apdu.resplen > outlen ? outlen : apdu.resplen;
memcpy(out, apdu.resp, len);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len);
LOG_FUNC_RETURN(card->ctx, len);
}
}
else
}
else
{
int len = apdu.resplen > outlen ? outlen : apdu.resplen;
memcpy(out, apdu.resp, len);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len);
LOG_FUNC_RETURN(card->ctx, len);
}
}
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2));
LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
}
/* Write internal data, e.g. add default pin-records to pin */
@ -740,7 +745,7 @@ static int myeid_putdata(struct sc_card *card, struct sc_cardctl_myeid_data_obj*
int r;
struct sc_apdu apdu;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
memset(&apdu, 0, sizeof(apdu));
apdu.cse = SC_APDU_CASE_3_SHORT;
@ -753,12 +758,12 @@ static int myeid_putdata(struct sc_card *card, struct sc_cardctl_myeid_data_obj*
apdu.data = data_obj->Data;
r = sc_transmit_apdu(card, &apdu);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "PUT_DATA returned error");
LOG_TEST_RET(card->ctx, r, "PUT_DATA returned error");
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(card->ctx, r);
}
/* Read internal data, e.g. get RSA public key */
@ -767,7 +772,7 @@ static int myeid_getdata(struct sc_card *card, struct sc_cardctl_myeid_data_obj*
int r;
struct sc_apdu apdu;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
memset(&apdu, 0, sizeof(apdu));
apdu.cse = SC_APDU_CASE_2_SHORT;
@ -784,17 +789,17 @@ static int myeid_getdata(struct sc_card *card, struct sc_cardctl_myeid_data_obj*
apdu.resplen = data_obj->DataLen;
r = sc_transmit_apdu(card, &apdu);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "GET_DATA returned error");
LOG_TEST_RET(card->ctx, r, "GET_DATA returned error");
if (apdu.resplen > data_obj->DataLen)
r = SC_ERROR_WRONG_LENGTH;
else
data_obj->DataLen = apdu.resplen;
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(card->ctx, r);
}
static int myeid_loadkey(sc_card_t *card, int mode, u8* value, int value_len)
@ -803,85 +808,85 @@ static int myeid_loadkey(sc_card_t *card, int mode, u8* value, int value_len)
u8 sbuf[SC_MAX_APDU_BUFFER_SIZE];
int r, len;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
len = 0;
if(value_len == 0 || value == NULL)
return 0;
if(value != NULL &&
value[0] != 0x0 &&
if(value != NULL &&
value[0] != 0x0 &&
mode != LOAD_KEY_PUBLIC_EXPONENT)
sbuf[len++] = 0x0;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
if(mode == LOAD_KEY_MODULUS && value_len >= 256)
{
r=0;
if((value_len % 2) > 0 && value[0] == 0x00)
{
{
value_len--;
memmove(value, value + 1, value_len);
}
mode = 0x88;
len = 128;
memcpy(sbuf,value, 128);
memset(&apdu, 0, sizeof(apdu));
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xDA, 0x01, mode);
apdu.cla = 0x00;
apdu.data = sbuf;
apdu.datalen = len;
apdu.lc = len;
r = sc_transmit_apdu(card, &apdu);
if(r < 0)
return r;
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
if(r < 0)
return r;
mode = 0x89;
len = value_len - 128;
memset(&sbuf, 0, SC_MAX_APDU_BUFFER_SIZE);
memcpy(sbuf,value + 128, value_len - 128);
}
else
{
{
memcpy(sbuf + len, value, value_len);
len += value_len;
}
memset(&apdu, 0, sizeof(apdu));
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xDA, 0x01, mode);
apdu.cla = 0x00;
apdu.data = sbuf;
apdu.datalen = len;
apdu.lc = len;
r = sc_transmit_apdu(card, &apdu);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(card->ctx, r);
}
/* Generate or store a key */
static int myeid_generate_store_key(struct sc_card *card,
struct sc_cardctl_myeid_gen_store_key_info *data)
static int myeid_generate_store_key(struct sc_card *card,
struct sc_cardctl_myeid_gen_store_key_info *data)
{
struct sc_apdu apdu;
u8 sbuf[SC_MAX_APDU_BUFFER_SIZE];
int r=0,len;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
/* Setup key-generation parameters */
if (data->op_type == OP_TYPE_GENERATE)
{
len = 0;
sbuf[len++] = 0x30;
sbuf[len++] = 0x05;
sbuf[len++] = 0x81;
@ -898,31 +903,31 @@ static int myeid_generate_store_key(struct sc_card *card,
apdu.lc = len;
r = sc_transmit_apdu(card, &apdu);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "GENERATE_KEY returned error");
LOG_TEST_RET(card->ctx, r, "GENERATE_KEY returned error");
}
else
{
if((r=myeid_loadkey(card, LOAD_KEY_PRIME_P,
data->primep, data->primep_len)) >= 0 &&
(r=myeid_loadkey(card, LOAD_KEY_PRIME_Q,
(r=myeid_loadkey(card, LOAD_KEY_PRIME_Q,
data->primeq, data->primeq_len)) >= 0 &&
(r=myeid_loadkey(card, LOAD_KEY_DP1,
(r=myeid_loadkey(card, LOAD_KEY_DP1,
data->dp1, data->dp1_len)) >= 0 &&
(r=myeid_loadkey(card, LOAD_KEY_DQ1,
(r=myeid_loadkey(card, LOAD_KEY_DQ1,
data->dq1, data->dq1_len)) >= 0 &&
(r=myeid_loadkey(card, LOAD_KEY_INVQ,
(r=myeid_loadkey(card, LOAD_KEY_INVQ,
data->invq, data->invq_len)) >= 0 &&
(r=myeid_loadkey(card, LOAD_KEY_MODULUS,
(r=myeid_loadkey(card, LOAD_KEY_MODULUS,
data->mod, data->mod_len)) >= 0 &&
(r=myeid_loadkey(card, LOAD_KEY_PUBLIC_EXPONENT,
(r=myeid_loadkey(card, LOAD_KEY_PUBLIC_EXPONENT,
data->pubexp, data->pubexp_len)) >= 0)
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(card->ctx, r);
}
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(card->ctx, r);
}
static int myeid_activate_card(struct sc_card *card)
@ -931,7 +936,7 @@ static int myeid_activate_card(struct sc_card *card)
u8 sbuf[] ="\xA0\x00\x00\x00\x63\x50\x4B\x43\x53\x2D\x31\x35";
sc_apdu_t apdu;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x44, 0x04, 0x00);
apdu.cla = 0x00;
apdu.data = sbuf;
@ -939,12 +944,12 @@ static int myeid_activate_card(struct sc_card *card)
apdu.lc = 0x0C;
r = sc_transmit_apdu(card, &apdu);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "ACTIVATE_APPLET returned error");
LOG_TEST_RET(card->ctx, r, "ACTIVATE_APPLET returned error");
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(card->ctx, r);
}
static int myeid_get_serialnr(sc_card_t *card, sc_serial_number_t *serial)
@ -953,21 +958,21 @@ static int myeid_get_serialnr(sc_card_t *card, sc_serial_number_t *serial)
sc_apdu_t apdu;
u8 rbuf[SC_MAX_APDU_BUFFER_SIZE];
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0xA0);
apdu.resp = rbuf;
apdu.resplen = sizeof(rbuf);
apdu.le = 256;
r = sc_transmit_apdu(card, &apdu);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
return SC_ERROR_INTERNAL;
if (apdu.resplen != 20)
if (apdu.resplen != 20)
{
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unexpected response to GET DATA serial number\n");
sc_log(card->ctx, "unexpected response to GET DATA serial number\n");
return SC_ERROR_INTERNAL;
}
@ -978,14 +983,14 @@ static int myeid_get_serialnr(sc_card_t *card, sc_serial_number_t *serial)
/* copy and return serial number */
memcpy(serial, &card->serialnr, sizeof(*serial));
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(card->ctx, r);
}
static int myeid_card_ctl(struct sc_card *card, unsigned long cmd, void *ptr)
{
int r = SC_ERROR_NOT_SUPPORTED;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
switch(cmd) {
case SC_CARDCTL_MYEID_PUTDATA:
r = myeid_putdata(card,
@ -997,7 +1002,7 @@ static int myeid_card_ctl(struct sc_card *card, unsigned long cmd, void *ptr)
break;
case SC_CARDCTL_MYEID_GENERATE_STORE_KEY:
r = myeid_generate_store_key(card,
(struct sc_cardctl_myeid_gen_store_key_info *) ptr);
(struct sc_cardctl_myeid_gen_store_key_info *) ptr);
break;
case SC_CARDCTL_MYEID_ACTIVATE_CARD:
r = myeid_activate_card(card);
@ -1010,7 +1015,7 @@ static int myeid_card_ctl(struct sc_card *card, unsigned long cmd, void *ptr)
case SC_CARDCTL_LIFECYCLE_GET:
break;
}
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(card->ctx, r);
}
static int myeid_finish(sc_card_t * card)

145
src/pkcs15init/pkcs15-myeid.c
View File

@ -43,7 +43,7 @@ static int
myeid_delete_object(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *object, const struct sc_path *path)
{
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(p15card->card->ctx);
return sc_pkcs15init_delete_by_path(profile, p15card, path);
}
@ -61,10 +61,10 @@ myeid_get_init_applet_data(struct sc_profile *profile, struct sc_pkcs15_card *p1
const struct sc_acl_entry *entry = NULL;
int r;
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(ctx);
if (data_len < 8)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_BUFFER_TOO_SMALL, "Cannot get init applet data");
LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "Cannot get init applet data");
*(data + 0) = 0xFF;
*(data + 1) = 0xFF;
@ -72,9 +72,9 @@ myeid_get_init_applet_data(struct sc_profile *profile, struct sc_pkcs15_card *p1
/* MF acls */
sc_file_dup(&tmp_file, profile->mf_info->file);
if (tmp_file == NULL)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "Cannot duplicate MF file");
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot duplicate MF file");
r = sc_pkcs15init_fixup_file(profile, p15card, tmp_file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "MF fixup failed");
LOG_TEST_RET(ctx, r, "MF fixup failed");
/* AC 'Create DF' and 'Create EF' */
*(data + 2) = 0x00; /* 'NONE' */
@ -101,9 +101,9 @@ myeid_get_init_applet_data(struct sc_profile *profile, struct sc_pkcs15_card *p1
/* Application DF (5015) acls */
sc_file_dup(&tmp_file, profile->df_info->file);
if (tmp_file == NULL)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "Cannot duplicate Application DF file");
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot duplicate Application DF file");
r = sc_pkcs15init_fixup_file(profile, p15card, tmp_file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Application DF fixup failed");
LOG_TEST_RET(ctx, r, "Application DF fixup failed");
/* AC 'Create DF' and 'Create EF' */
*(data + 5) = 0x00; /* 'NONE' */
@ -123,7 +123,7 @@ myeid_get_init_applet_data(struct sc_profile *profile, struct sc_pkcs15_card *p1
*(data + 7)= 0xFF;
sc_file_free(tmp_file);
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS);
LOG_FUNC_RETURN(p15card->card->ctx, SC_SUCCESS);
}
@ -139,19 +139,19 @@ myeid_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
unsigned char data[8];
int r;
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(ctx);
r = myeid_get_init_applet_data(profile, p15card, data, sizeof(data));
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Get init applet date error");
LOG_TEST_RET(ctx, r, "Get init applet date error");
/* Select parent DF and verify PINs/key as necessary */
r = sc_select_file(p15card->card, sc_get_mf_path(), &mf);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot select MF");
LOG_TEST_RET(ctx, r, "Cannot select MF");
/* ACLs are not actives if file is not in the operational state */
if (mf->status == SC_FILE_STATUS_ACTIVATED)
r = sc_pkcs15init_authenticate(profile, p15card, mf, SC_AC_OP_DELETE);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "'DELETE' authentication failed on MF");
LOG_TEST_RET(ctx, r, "'DELETE' authentication failed on MF");
data_obj.P1 = 0x01;
data_obj.P2 = 0xE0;
@ -160,7 +160,7 @@ myeid_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
r = sc_card_ctl(p15card->card, SC_CARDCTL_MYEID_PUTDATA, &data_obj);
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(p15card->card->ctx, r);
}
static int
@ -171,7 +171,7 @@ myeid_init_card(sc_profile_t *profile,
struct sc_file *file = NULL;
int r;
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(p15card->card->ctx);
sc_format_path("3F00", &path);
r = sc_select_file(p15card->card, &path, &file);
@ -181,7 +181,7 @@ myeid_init_card(sc_profile_t *profile,
if (file)
sc_file_free(file);
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(p15card->card->ctx, r);
}
@ -214,30 +214,30 @@ myeid_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df
if (!profile || !p15card || !df)
return SC_ERROR_INVALID_ARGUMENTS;
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "id (%x)",df->id);
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "id (%x)",df->id);
if(df->id == 0x5015)
{
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Select (%x)",df->id);
sc_log(ctx, "Select (%x)",df->id);
r = sc_select_file(p15card->card, &df->path, NULL);
for (ii = 0; create_dfs[ii]; ii++) {
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Create '%s'", create_dfs[ii]);
for (ii = 0; create_dfs[ii]; ii++) {
sc_log(ctx, "Create '%s'", create_dfs[ii]);
if (sc_profile_get_file(profile, create_dfs[ii], &file)) {
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Inconsistent profile: cannot find %s", create_dfs[ii]);
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE);
sc_log(ctx, "Inconsistent profile: cannot find %s", create_dfs[ii]);
LOG_FUNC_RETURN(ctx, SC_ERROR_INCONSISTENT_PROFILE);
}
r = sc_pkcs15init_add_object(p15card, profile, create_dfs_val[ii], NULL);
if (r != SC_ERROR_FILE_ALREADY_EXISTS)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to create MyEID xDF file");
LOG_TEST_RET(ctx, r, "Failed to create MyEID xDF file");
}
}
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(p15card->card->ctx, r);
}
@ -255,13 +255,13 @@ myeid_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
{
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
sc_log(p15card->card->ctx,
"PIN_FLAG_SO_PIN, ref (%d), tries_left (%d)",
auth_info->attrs.pin.reference, auth_info->tries_left);
}
else
{
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
sc_log(p15card->card->ctx,
"PIN_FLAG_PIN, ref (%d), tries_left (%d)",
auth_info->attrs.pin.reference, auth_info->tries_left);
@ -270,7 +270,7 @@ myeid_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
if (auth_info->attrs.pin.reference <= 0 || auth_info->attrs.pin.reference > MYEID_MAX_PINS)
auth_info->attrs.pin.reference = 1;
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, 0);
LOG_FUNC_RETURN(p15card->card->ctx, SC_SUCCESS);
}
/*
@ -289,8 +289,8 @@ myeid_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_auth_info puk_ainfo;
int r;
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN('%s',ref:%i,flags:0x%X,pin_len:%d,puk_len:%d)\n",
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "PIN('%s',ref:%i,flags:0x%X,pin_len:%d,puk_len:%d)\n",
pin_obj->label, auth_info->attrs.pin.reference, auth_info->attrs.pin.flags, pin_len, puk_len);
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
@ -331,9 +331,9 @@ myeid_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
data_obj.DataLen = 19;
r = sc_card_ctl(p15card->card, SC_CARDCTL_MYEID_PUTDATA, &data_obj);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Initialize PIN failed");
LOG_TEST_RET(ctx, r, "Initialize PIN failed");
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(ctx, r);
}
@ -352,7 +352,7 @@ myeid_new_file(sc_profile_t *profile, sc_card_t *card,
const char *tag;
int r;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
if (type == SC_PKCS15_TYPE_PRKEY_RSA)
tag = "private-key";
else if (type == SC_PKCS15_TYPE_PUBKEY_RSA)
@ -363,7 +363,7 @@ myeid_new_file(sc_profile_t *profile, sc_card_t *card,
tag = "data";
else
{
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported file type");
sc_log(card->ctx, "Unsupported file type");
return SC_ERROR_INVALID_ARGUMENTS;
}
@ -371,7 +371,7 @@ myeid_new_file(sc_profile_t *profile, sc_card_t *card,
snprintf(name, sizeof(name), "template-%s", tag);
if (sc_profile_get_file(profile, name, &file) < 0)
{
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Profile doesn't define %s", name);
sc_log(card->ctx, "Profile doesn't define %s", name);
return SC_ERROR_NOT_SUPPORTED;
}
@ -393,7 +393,7 @@ myeid_new_file(sc_profile_t *profile, sc_card_t *card,
}
*out = file;
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0);
LOG_FUNC_RETURN(card->ctx, 0);
}
@ -402,8 +402,8 @@ myeid_encode_private_key(sc_profile_t *profile, sc_card_t *card,
struct sc_pkcs15_prkey_rsa *rsa, u8 *key,
size_t *keysize, int key_ref)
{
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0);
LOG_FUNC_CALLED(card->ctx);
LOG_FUNC_RETURN(card->ctx, 0);
}
static int
@ -411,8 +411,8 @@ myeid_encode_public_key(sc_profile_t *profile, sc_card_t *card,
struct sc_pkcs15_prkey_rsa *rsa, u8 *key,
size_t *keysize, int key_ref)
{
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0);
LOG_FUNC_CALLED(card->ctx);
LOG_FUNC_RETURN(card->ctx, 0);
}
@ -457,10 +457,10 @@ static int myeid_generate_store_key(sc_profile_t *profile, sc_card_t *card,
int r;
sc_file_t *prkf = NULL;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
/* Parameter check */
if ( (keybits < 1024) || (keybits > 2048) || (keybits & 0X7)) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
sc_log(card->ctx,
"Unsupported key size [%u]: 1024-2048 bit + 8-multiple\n", keybits);
return SC_ERROR_INVALID_ARGUMENTS;
}
@ -526,7 +526,7 @@ done:
if (prkf)
sc_file_free(prkf);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(card->ctx, r);
}
#endif
@ -544,32 +544,32 @@ myeid_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_file *file = NULL;
int keybits = key_info->modulus_length, r;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(card->ctx);
/* Check that the card supports the requested modulus length */
if (sc_card_find_rsa_alg(p15card->card, keybits) == NULL)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size");
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size");
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create MyEID private key ID:%s", sc_pkcs15_print_id(&key_info->id));
sc_log(ctx, "create MyEID private key ID:%s", sc_pkcs15_print_id(&key_info->id));
/* Get the private key file */
r = myeid_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, key_info->key_reference, &file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot get new MyEID private key file");
LOG_TEST_RET(ctx, r, "Cannot get new MyEID private key file");
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Key file size %d", keybits);
sc_log(ctx, "Key file size %d", keybits);
file->size = keybits;
memcpy(&key_info->path.value, &file->path.value, file->path.len);
key_info->key_reference = file->path.value[file->path.len - 1] & 0xFF;
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Path of MyEID private key file to create %s",
sc_log(ctx, "Path of MyEID private key file to create %s",
sc_print_path(&file->path));
/* Now create the key file */
r = sc_pkcs15init_create_file(profile, p15card, file);
sc_file_free(file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot create MyEID private key file");
LOG_TEST_RET(ctx, r, "Cannot create MyEID private key file");
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(ctx, r);
}
@ -588,22 +588,22 @@ myeid_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_file *file = NULL;
int r, keybits = key_info->modulus_length;
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(ctx);
if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Store key failed: RSA only supported");
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Store key failed: RSA only supported");
/* Check that the card supports the requested modulus length */
if (sc_card_find_rsa_alg(p15card->card, keybits) == NULL)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size");
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size");
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store MyEID key with ID:%s and path:%s",
sc_log(ctx, "store MyEID key with ID:%s and path:%s",
sc_pkcs15_print_id(&key_info->id), sc_print_path(&key_info->path));
r = sc_select_file(card, &key_info->path, &file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store MyEID key: select key file failed");
LOG_TEST_RET(ctx, r, "Cannot store MyEID key: select key file failed");
r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to store MyEID private key");
LOG_TEST_RET(ctx, r, "No authorisation to store MyEID private key");
if (file)
sc_file_free(file);
@ -631,9 +631,9 @@ myeid_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
/* Store RSA key */
r = sc_card_ctl(card, SC_CARDCTL_MYEID_GENERATE_STORE_KEY, &args);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Card control 'MYEID_GENERATE_STORE_KEY' failed");
LOG_TEST_RET(ctx, r, "Card control 'MYEID_GENERATE_STORE_KEY' failed");
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(ctx, r);
}
@ -651,22 +651,22 @@ myeid_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
size_t keybits = key_info->modulus_length;
unsigned char raw_pubkey[256];
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
LOG_FUNC_CALLED(ctx);
if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Store key failed: RSA only supported");
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Store key failed: RSA only supported");
/* Check that the card supports the requested modulus length */
if (sc_card_find_rsa_alg(p15card->card, keybits) == NULL)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size");
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size");
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store MyEID key with ID:%s and path:%s",
sc_log(ctx, "store MyEID key with ID:%s and path:%s",
sc_pkcs15_print_id(&key_info->id), sc_print_path(&key_info->path));
r = sc_select_file(card, &key_info->path, &file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store MyEID key: select key file failed");
LOG_TEST_RET(ctx, r, "Cannot store MyEID key: select key file failed");
r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_GENERATE);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to generate MyEID private key");
LOG_TEST_RET(ctx, r, "No authorisation to generate MyEID private key");
/* Fill in data structure */
memset(&args, 0, sizeof(args));
@ -677,7 +677,7 @@ myeid_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
/* Generate RSA key */
r = sc_card_ctl(card, SC_CARDCTL_MYEID_GENERATE_STORE_KEY, &args);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Card control 'MYEID_GENERATE_STORE_KEY' failed");
LOG_TEST_RET(ctx, r, "Card control 'MYEID_GENERATE_STORE_KEY' failed");
/* Keypair generation -> collect public key info */
/* FIXME: was not preset in original Aventra version. Need to be tested. (VT) */
@ -693,7 +693,7 @@ myeid_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
/* Get public key modulus */
r = sc_select_file(card, &file->path, NULL);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot get key modulus: select key file failed");
LOG_TEST_RET(ctx, r, "Cannot get key modulus: select key file failed");
data_obj.P1 = 0x01;
data_obj.P2 = 0x01;
@ -701,10 +701,10 @@ myeid_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
data_obj.DataLen = sizeof(raw_pubkey);
r = sc_card_ctl(card, SC_CARDCTL_MYEID_GETDATA, &data_obj);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot get key modulus: 'MYEID_GETDATA' failed");
LOG_TEST_RET(ctx, r, "Cannot get key modulus: 'MYEID_GETDATA' failed");
if ((data_obj.DataLen * 8) != key_info->modulus_length)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_PKCS15INIT, "Cannot get key modulus: invalid key-size");
LOG_TEST_RET(ctx, SC_ERROR_PKCS15INIT, "Cannot get key modulus: invalid key-size");
memcpy (pubkey->u.rsa.modulus.data, raw_pubkey, pubkey->u.rsa.modulus.len);
}
@ -712,15 +712,14 @@ myeid_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
if (file)
sc_file_free(file);
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
LOG_FUNC_RETURN(ctx, r);
}
/* Finish initialization. After this ACL is in affect */
static int myeid_finalize_card(sc_card_t *card)
{
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL,
sc_card_ctl(card, SC_CARDCTL_MYEID_ACTIVATE_CARD, NULL));
LOG_FUNC_CALLED(card->ctx);
LOG_FUNC_RETURN(card->ctx, sc_card_ctl(card, SC_CARDCTL_MYEID_ACTIVATE_CARD, NULL));
}
@ -729,7 +728,7 @@ static int myeid_finalize_card(sc_card_t *card)
*/
static struct sc_pkcs15init_operations sc_pkcs15init_myeid_operations = {
myeid_erase_card,
myeid_init_card, /* init_card */
myeid_init_card, /* init_card */
myeid_create_dir, /* create_dir */
NULL, /* create_domain */
myeid_select_pin_reference,