'AuthentIC': basic support of Oberthur's 'COSMO.v7/AuthentIC.v3.2' ...

it's the natively PKCS#15 card


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5006 c6295689-39f2-0310-b995-f0e70906c6a9

src/libopensc/Makefile.am

@@ -9,7 +9,7 @@ noinst_HEADERS = cards.h ctbcs.h internal.h esteid.h muscle.h muscle-filesystem.
 	internal-winscard.h p15card-helper.h \
 	opensc.h pkcs15.h \
 	cardctl.h asn1.h log.h \
-	errors.h types.h compression.h itacns.h
+	errors.h types.h compression.h itacns.h iso7816.h authentic.h 
 
 AM_CPPFLAGS = -DOPENSC_CONF_PATH=\"$(sysconfdir)/opensc.conf\"
 AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(OPTIONAL_OPENCT_CFLAGS) \
@@ -37,7 +37,7 @@ libopensc_la_SOURCES = \
 	card-incrypto34.c card-piv.c card-muscle.c card-acos5.c \
 	card-asepcos.c card-akis.c card-gemsafeV1.c card-rutoken.c \
 	card-rtecp.c card-westcos.c card-myeid.c card-ias.c \
-	card-javacard.c card-itacns.c \
+	card-javacard.c card-itacns.c card-authentic.c \
 	\
 	pkcs15-openpgp.c pkcs15-infocamere.c pkcs15-starcert.c \
 	pkcs15-tcos.c pkcs15-esteid.c pkcs15-postecert.c pkcs15-gemsafeGPK.c \

src/libopensc/Makefile.mak

@@ -21,7 +21,7 @@ OBJECTS			= \
 	card-incrypto34.obj card-piv.obj card-muscle.obj card-acos5.obj \
 	card-asepcos.obj card-akis.obj card-gemsafeV1.obj card-rutoken.obj \
 	card-rtecp.obj card-westcos.obj card-myeid.obj card-ias.obj \
-	card-javacard.obj card-itacns.obj \
+	card-javacard.obj card-itacns.obj card-authentic.obj \
 	\
 	pkcs15-openpgp.obj pkcs15-infocamere.obj pkcs15-starcert.obj \
 	pkcs15-tcos.obj pkcs15-esteid.obj pkcs15-postecert.obj pkcs15-gemsafeGPK.obj \

src/libopensc/authentic.h

@@ -0,0 +1,181 @@
+/*
+ * authentic.h: Specific definitions for the Oberthur's card
+ * 		'COSMO v7' with applet 'AuthentIC v3' 
+ *
+ * Copyright (C) 2010  Viktor Tarasov <vtarasov@opentrust.com>
+ *                      OpenTrust <www.opentrust.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef _OPENSC_AUTHENTIC_V3_H
+#define _OPENSC_AUTHENTIC_V3_H
+
+#include "errors.h"
+#include "types.h"
+#include "iso7816.h"
+
+#define LOGN_FUNC_CALLED(ctx) SC_FUNC_CALLED((ctx), SC_LOG_DEBUG_NORMAL)
+#define LOGN_FUNC_RETURN(ctx, r) SC_FUNC_RETURN((ctx), SC_LOG_DEBUG_NORMAL, (r))
+#define LOGN_TEST_RET(ctx, r, text) SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, text)
+
+#define AUTHENTIC_V3_TITLE "AuthentIC.v3"
+
+#define PAN_ISO7812_SN_TAG	0x5A
+#define PAN_ISO7812_LENGTH	0x0C
+
+#ifndef CKM_RSA_PKCS
+	#define CKM_RSA_PKCS		0x00000001
+	#define CKM_SHA1_RSA_PKCS	0x00000006
+	#define CKM_SHA256_RSA_PKCS	0x00000040
+	#define CKM_SHA_1		0x00000220
+	#define CKM_SHA256		0x00000250
+#endif
+
+#define AUTHENTIC_V3_CREDENTIAL_ID_MASK	7
+
+#define AUTHENTIC_V3_CRYPTO_OBJECT_REF_MIN	0x81
+#define AUTHENTIC_V3_CRYPTO_OBJECT_REF_MAX	0xFF
+
+#define _MAKE_AUTHENTIC_MAGIC(a, b, c, d) (((a) << 24) | ((b) << 16) | ((c) << 8) | ((d)))
+
+#define AUTHENTIC_SDO_MAGIC                _MAKE_AUTHENTIC_MAGIC('A', 'W', 'S', 'D')
+#define AUTHENTIC_SDO_MAGIC_UPDATE         _MAKE_AUTHENTIC_MAGIC('A', 'W', 'U', 'D')
+#define AUTHENTIC_SDO_MAGIC_UPDATE_RSA     _MAKE_AUTHENTIC_MAGIC('A', 'W', 'U', 'R')
+
+#define AUTHENTIC_OBJECT_REF_FLAG_LOCAL	0x80
+
+#define AUTHENTIC_MECH_CREDENTIAL_PIN		0x00
+#define AUTHENTIC_MECH_CREDENTIAL_BIO		0x01
+#define AUTHENTIC_MECH_CREDENTIAL_DES		0x02
+#define AUTHENTIC_MECH_CREDENTIAL_2DES		0x03
+#define AUTHENTIC_MECH_CREDENTIAL_3DES		0x04
+#define AUTHENTIC_MECH_CREDENTIAL_AES128	0x05
+#define AUTHENTIC_MECH_CREDENTIAL_AES192	0x06
+#define AUTHENTIC_MECH_CREDENTIAL_AES256	0x07
+
+#define AUTHENTIC_MECH_CRYPTO_DES	0x02
+#define AUTHENTIC_MECH_CRYPTO_2DES	0x03
+#define AUTHENTIC_MECH_CRYPTO_3DES	0x04	
+#define AUTHENTIC_MECH_CRYPTO_AES128	0x05
+#define AUTHENTIC_MECH_CRYPTO_AES192	0x06
+#define AUTHENTIC_MECH_CRYPTO_AES256	0x07
+#define AUTHENTIC_MECH_CRYPTO_RSA1024	0x08
+#define AUTHENTIC_MECH_CRYPTO_RSA1280	0x09
+#define AUTHENTIC_MECH_CRYPTO_RSA1536	0x0A
+#define AUTHENTIC_MECH_CRYPTO_RSA1792	0x0B
+#define AUTHENTIC_MECH_CRYPTO_RSA2048	0x0C
+
+#define AUTHENTIC_TAG_DOCP			0xA1
+#define AUTHENTIC_TAG_DOCP_MECH			0x80
+#define AUTHENTIC_TAG_DOCP_ID			0x83
+#define AUTHENTIC_TAG_DOCP_ACLS			0x86
+#define AUTHENTIC_TAG_DOCP_SCP			0x87
+#define AUTHENTIC_TAG_DOCP_USAGE_COUNTER	0x90
+
+#define AUTHENTIC_TAG_RSA		0xA5
+
+#define AUTHENTIC_TAG_RSA_PRIVATE	0x7F48
+#define AUTHENTIC_TAG_RSA_PRIVATE_P	0x92
+#define AUTHENTIC_TAG_RSA_PRIVATE_Q	0x93
+#define AUTHENTIC_TAG_RSA_PRIVATE_PQ	0x94
+#define AUTHENTIC_TAG_RSA_PRIVATE_DP1	0x95
+#define AUTHENTIC_TAG_RSA_PRIVATE_DQ1	0x96
+
+#define AUTHENTIC_TAG_RSA_PUBLIC		0x7F49
+#define AUTHENTIC_TAG_RSA_PUBLIC_MODULUS	0x81
+#define AUTHENTIC_TAG_RSA_PUBLIC_EXPONENT	0x82
+
+#define AUTHENTIC_TAG_RSA_GENERATE_DATA	0xAC
+
+#define AUTHENTIC_TAG_CREDENTIAL			0x5F00
+#define AUTHENTIC_TAG_CREDENTIAL_TRYLIMIT		0x91
+#define AUTHENTIC_TAG_CREDENTIAL_PINPOLICY		0xA1
+#define AUTHENTIC_TAG_CREDENTIAL_PINPOLICY_MAXLENGTH	0x83
+#define AUTHENTIC_TAG_CREDENTIAL_PINPOLICY_MINLENGTH	0x84
+#define AUTHENTIC_TAG_CREDENTIAL_PINPOLICY_COMPLEXITY	0x85
+
+#define AUTHENTIC_ALGORITHM_RSA_PKCS1	0x11
+#define AUTHENTIC_ALGORITHM_RSA_X509	0x12
+#define AUTHENTIC_ALGORITHM_RSA_OAEP	0x13
+#define AUTHENTIC_ALGORITHM_RSA_ISO9796	0x14
+
+#define AUTHENTIC_TAG_CRT_AT	0xA4
+#define AUTHENTIC_TAG_CRT_HT	0xAA
+#define AUTHENTIC_TAG_CRT_CCT	0xB4
+#define AUTHENTIC_TAG_CRT_DST	0xB6
+#define AUTHENTIC_TAG_CRT_CT	0xB8
+
+#define AUTHENTIC_ACL_NUM_PIN_VERIFY	0
+#define AUTHENTIC_ACL_NUM_PIN_RESET	1
+#define AUTHENTIC_ACL_NUM_PIN_CHANGE	2
+#define AUTHENTIC_ACL_NUM_PIN_MODIFY	3
+#define AUTHENTIC_ACL_NUM_PIN_DELETE	4
+
+/* SM related macros */
+#define AUTHENTIC_AC_SM_MASK	0x60
+
+#define AUTHENTIC_GP_SM_LEVEL_MASK	0x6000
+#define AUTHENTIC_GP_SM_LEVEL_PLAIN	0x2000 
+#define AUTHENTIC_GP_SM_LEVEL_MAC	0x4000 
+#define AUTHENTIC_GP_SM_LEVEL_ENC_MAC	0x6000 
+
+struct sc_authentic_tlv {
+	unsigned tag;
+	size_t size;
+	unsigned char *value;
+};
+
+struct sc_authentic_sdo_docp {
+	unsigned char mech, id, security_parameter;
+	unsigned char velocity_limit, try_limit;
+
+	unsigned char acl_data[16];
+	size_t acl_data_len;
+
+	unsigned char usage_counter[2];
+};
+
+struct sc_authentic_sdo  {
+	unsigned char sdo_class;
+	unsigned char sdo_ref;
+
+	unsigned int usage;
+
+	struct sc_authentic_sdo_docp docp;
+
+	union {
+		struct sc_pkcs15_prkey *prvkey;
+	} data;
+
+	struct sc_file *file;
+	
+	unsigned magic;
+};
+
+#define SC_MAX_AUTHENTIC_CPLC	45
+struct sc_authentic_cplc {
+	unsigned char ic_data[4];
+	unsigned char ic_serial[4];
+	unsigned char ic_batch[4];
+	unsigned char aid_last_bytes[2];
+	unsigned char keyset_version;
+	unsigned char starting_index;
+
+	unsigned char value[SC_MAX_AUTHENTIC_CPLC];
+	size_t len;
+};
+
+#endif

src/libopensc/cardctl.h

@@ -204,6 +204,15 @@ enum {
 	SC_CARDCTL_PIV_GENERATE_KEY,
 	SC_CARDCTL_PIV_PIN_PREFERENCE,
 	SC_CARDCTL_PIV_OBJECT_PRESENT,
+
+        /*
+	 * AuthentIC v3
+	 */
+        SC_CARDCTL_AUTHENTIC_BASE = _CTL_PREFIX('A','V','3'),
+        SC_CARDCTL_AUTHENTIC_SDO_CREATE,
+        SC_CARDCTL_AUTHENTIC_SDO_DELETE,
+        SC_CARDCTL_AUTHENTIC_SDO_STORE,
+        SC_CARDCTL_AUTHENTIC_SDO_GENERATE,
 };
 
 enum {

src/libopensc/cards.h

@@ -113,6 +113,8 @@ enum {
 	SC_CARD_TYPE_OBERTHUR_32K,
 	SC_CARD_TYPE_OBERTHUR_32K_BIO,
 	SC_CARD_TYPE_OBERTHUR_64K,
+	/* Oberthur 'COSMO v7' with applet 'AuthentIC v3.2' */
+        SC_CARD_TYPE_OBERTHUR_AUTHENTIC_3_2 = 11100,	
 
 	/* belpic driver */
 	SC_CARD_TYPE_BELPIC_BASE = 12000,
@@ -209,6 +211,7 @@ extern sc_card_driver_t *sc_get_myeid_driver(void);
 extern sc_card_driver_t *sc_get_ias_driver(void);
 extern sc_card_driver_t *sc_get_javacard_driver(void);
 extern sc_card_driver_t *sc_get_itacns_driver(void);
+extern sc_card_driver_t *sc_get_authentic_driver();
 
 #ifdef __cplusplus
 }

src/libopensc/ctx.c

@@ -66,6 +66,7 @@ static const struct _sc_driver_entry internal_card_drivers[] = {
 	{ "jcop",	(void *(*)(void)) sc_get_jcop_driver },
 #ifdef ENABLE_OPENSSL
 	{ "oberthur",	(void *(*)(void)) sc_get_oberthur_driver },
+	{ "authentic",	(void *(*)(void)) sc_get_authentic_driver },
 #endif
 	{ "belpic",	(void *(*)(void)) sc_get_belpic_driver },
 	{ "ias",		(void *(*)(void)) sc_get_ias_driver },

src/libopensc/iso7816.h

@@ -0,0 +1,26 @@
+/*
+ * iso7816.h: ISO-7816 defines
+ */
+
+#ifndef _ISO7816_TYPES_H
+#define _ISO7816_TYPES_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define ISO7816_TAG_FCP		0x62
+#define ISO7816_TAG_FCP_SIZE	0x80
+#define ISO7816_TAG_FCP_TYPE	0x82
+#define ISO7816_TAG_FCP_ID	0x83
+#define ISO7816_TAG_FCP_ACLS	0x86
+
+
+#define ISO7816_FILE_TYPE_TRANSPARENT_EF	0x01
+#define ISO7816_FILE_TYPE_DF			0x38
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif

src/pkcs15init/Makefile.am

@@ -23,7 +23,8 @@ dist_pkgdata_DATA = \
 	entersafe.profile \
 	rutoken_ecp.profile \
 	westcos.profile \
-	myeid.profile
+	myeid.profile \
+	authentic.profile
 
 AM_CPPFLAGS = -DSC_PKCS15_PROFILE_DIRECTORY=\"$(pkgdatadir)\"
 AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(LTLIB_CFLAGS)
@@ -37,4 +38,5 @@ libpkcs15init_la_SOURCES = \
 	pkcs15-setcos.c pkcs15-incrypto34.c pkcs15-muscle.c \
 	pkcs15-asepcos.c pkcs15-rutoken.c pkcs15-entersafe.c \
 	pkcs15-rtecp.c pkcs15-myeid.c \
-	pkcs15-oberthur.c pkcs15-oberthur-awp.c
+	pkcs15-oberthur.c pkcs15-oberthur-awp.c \
+	pkcs15-authentic.c

src/pkcs15init/Makefile.mak

@@ -8,7 +8,7 @@ OBJECTS = pkcs15-lib.obj profile.obj \
           pkcs15-setcos.obj pkcs15-incrypto34.obj \
           pkcs15-muscle.obj pkcs15-asepcos.obj pkcs15-rutoken.obj \
           pkcs15-entersafe.obj pkcs15-rtecp.obj pkcs15-westcos.obj \
-	  pkcs15-myeid.obj
+	  pkcs15-myeid.obj pkcs15-authentic.obj 
 
 all: $(TARGET) 
 

src/pkcs15init/pkcs15-init.h

@@ -386,7 +386,7 @@ extern struct sc_pkcs15init_operations *sc_pkcs15init_get_entersafe_ops(void);
 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_rtecp_ops(void);
 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_westcos_ops(void);
 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_myeid_ops(void);
-/* extern struct sc_pkcs15init_operations *sc_pkcs15init_get_authentic_ops(void); */
+extern struct sc_pkcs15init_operations *sc_pkcs15init_get_authentic_ops(void);
 
 #ifdef __cplusplus
 }

src/pkcs15init/pkcs15-lib.c

@@ -151,7 +151,7 @@ static struct profile_operations {
 	{ "rutoken_ecp", (void *) sc_pkcs15init_get_rtecp_ops },
 	{ "westcos", (void *) sc_pkcs15init_get_westcos_ops },
 	{ "myeid", (void *) sc_pkcs15init_get_myeid_ops },
-	/* { "authentic", (void *) sc_pkcs15init_get_authentic_ops }, */
+	{ "authentic", (void *) sc_pkcs15init_get_authentic_ops },
 	{ NULL, NULL },
 };
 

win32/opensc-msi/OpenSC.wxs

@@ -113,6 +113,10 @@
                   <File Id='PROFILE_OBERTHUR' Name='oberthur.profile' DiskId='1' 
 				Source='$(var.SOURCE_DIR)\src\pkcs15init\oberthur.profile' Vital='yes' KeyPath='yes' />
                 </Component>
+		<Component Id='PROFILE_PKCS15_AUTHENTIC' Guid='75AE2D59-D249-4110-93F0-65E6F323CB63'>
+                  <File Id='PROFILE_AUTHENTIC' Name='authentic.profile' DiskId='1' 
+				Source='$(var.SOURCE_DIR)\src\pkcs15init\authentic.profile' Vital='yes' KeyPath='yes' />
+                </Component>
               </Directory>
             </Directory>
             
@@ -160,6 +164,7 @@
         <ComponentRef Id='PROFILE_PKCS15_STARCOS' />
         <ComponentRef Id='PROFILE_PKCS15_WESTCOS' />
         <ComponentRef Id='PROFILE_PKCS15_OBERTHUR' />
+        <ComponentRef Id='PROFILE_PKCS15_AUTHENTIC' />
 
         <ComponentRef Id='ProgramMenuDir' />
       </Feature>