From 1a972920f0dd4959bd6ec3c4cddef2d98e6009a8 Mon Sep 17 00:00:00 2001 From: Viktor Tarasov Date: Fri, 2 Aug 2013 22:01:51 +0200 Subject: [PATCH] By default 'default' card driver is disabled ... 'Default' card driver is explicitely enabled for 'opensc-explorer' and 'opensc-tool' tools. https://github.com/OpenSC/OpenSC/pull/175 --- etc/opensc.conf.in | 6 ++++ etc/opensc.conf.win.in | 6 ++++ src/libopensc/card-default.c | 67 ++++++++++++++++++++---------------- src/libopensc/card.c | 13 +++++-- src/libopensc/ctx.c | 5 +++ src/libopensc/opensc.h | 1 + src/tools/opensc-explorer.c | 48 +++++++++++++++++--------- src/tools/opensc-tool.c | 2 ++ 8 files changed, 100 insertions(+), 48 deletions(-) diff --git a/etc/opensc.conf.in b/etc/opensc.conf.in index 89c632d2..567bf924 100644 --- a/etc/opensc.conf.in +++ b/etc/opensc.conf.in @@ -45,6 +45,12 @@ app default { # # paranoid_memory = false; + # Enable default card driver + # Default card driver is explicitely enabled for the 'opensc-explorer' and 'opensc-tool'. + # + # Default: false + # enable_default_driver = true; + # CT-API module configuration. reader_driver ctapi { # module @libdir@/libtowitoko.so { diff --git a/etc/opensc.conf.win.in b/etc/opensc.conf.win.in index 14d614ed..ff916a6d 100644 --- a/etc/opensc.conf.win.in +++ b/etc/opensc.conf.win.in @@ -45,6 +45,12 @@ app default { # # paranoid_memory = false; + # Enable default card driver + # Default card driver is explicitely enabled for the 'opensc-explorer' and 'opensc-tool'. + # + # Default: false + # enable_default_driver = true; + # CT-API module configuration. reader_driver ctapi { # module @libdir@/libtowitoko.so { diff --git a/src/libopensc/card-default.c b/src/libopensc/card-default.c index 7e8974d8..78c5967b 100644 --- a/src/libopensc/card-default.c +++ b/src/libopensc/card-default.c @@ -32,22 +32,29 @@ static struct sc_card_driver default_drv = { NULL, 0, NULL }; -static int default_match_card(sc_card_t *card) + +static int +default_match_card(struct sc_card *card) { return 1; /* always match */ } -static int autodetect_class(sc_card_t *card) + +static int +autodetect_class(struct sc_card *card) { + struct sc_context *ctx = card->ctx; int classes[] = { 0x00, 0xC0, 0xB0, 0xA0 }; int class_count = sizeof(classes)/sizeof(int); - u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; - sc_apdu_t apdu; + unsigned char rbuf[SC_MAX_APDU_BUFFER_SIZE]; + struct sc_apdu apdu; int i, r; - sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "autodetecting CLA byte\n"); + LOG_FUNC_CALLED(ctx); + for (i = 0; i < class_count; i++) { - sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "trying with 0x%02X\n", classes[i]); + sc_log(ctx, "trying with 0x%02X", classes[i]); + memset(&apdu, 0, sizeof(apdu)); apdu.cla = classes[i]; apdu.cse = SC_APDU_CASE_2_SHORT; @@ -59,56 +66,58 @@ static int autodetect_class(sc_card_t *card) apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + LOG_TEST_RET(ctx, r, "APDU transmit failed"); + if (apdu.sw1 == 0x6E) continue; if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) break; if (apdu.sw1 == 0x61) break; - sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, - "got strange SWs: 0x%02X 0x%02X\n", apdu.sw1, apdu.sw2); + + sc_log(ctx, "got strange SWs: 0x%02X 0x%02X", apdu.sw1, apdu.sw2); break; } + if (i == class_count) - return -1; + LOG_FUNC_RETURN(ctx, SC_ERROR_CLASS_NOT_SUPPORTED); + card->cla = classes[i]; - sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, - "detected CLA byte as 0x%02X\n", card->cla); + sc_log(ctx, "detected CLA byte as 0x%02X", card->cla); if (apdu.resplen < 2) { - sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, - "SELECT FILE returned %d bytes\n", apdu.resplen); - return SC_SUCCESS; + sc_log(ctx, "SELECT FILE returned %d bytes", apdu.resplen); } - if (rbuf[0] == 0x6F) { - sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, - "SELECT FILE seems to behave according to ISO 7816-4\n"); - return SC_SUCCESS; + else if (rbuf[0] == 0x6F) { + sc_log(ctx, "SELECT FILE seems to behave according to ISO 7816-4\n"); } - if (rbuf[0] == 0x00 && rbuf[1] == 0x00) { + else if (rbuf[0] == 0x00 && rbuf[1] == 0x00) { struct sc_card_driver *drv; - sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, - "SELECT FILE seems to return Schlumberger 'flex stuff\n"); + sc_log(ctx, "SELECT FILE seems to return Schlumberger 'flex stuff"); + drv = sc_get_cryptoflex_driver(); card->ops->select_file = drv->ops->select_file; - return SC_SUCCESS; } - return SC_SUCCESS; + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); } -static int default_init(sc_card_t *card) + +static int +default_init(struct sc_card *card) { int r; - + + LOG_FUNC_CALLED(card->ctx); + card->name = "Unsupported card"; card->drv_data = NULL; r = autodetect_class(card); if (r) { - sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to determine the right class byte\n"); - return SC_ERROR_INVALID_CARD; + sc_log(card->ctx, "unable to determine the right class byte"); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_CARD); } - return SC_SUCCESS; + LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); } static struct sc_card_driver * sc_get_driver(void) diff --git a/src/libopensc/card.c b/src/libopensc/card.c index 7d348d76..5c6b5043 100644 --- a/src/libopensc/card.c +++ b/src/libopensc/card.c @@ -229,15 +229,22 @@ int sc_connect_card(sc_reader_t *reader, sc_card_t **card_out) goto err; } } - } else { - sc_debug(ctx, SC_LOG_DEBUG_MATCH, "matching built-in ATRs"); + } + else { + sc_log(ctx, "matching built-in ATRs"); for (i = 0; ctx->card_drivers[i] != NULL; i++) { struct sc_card_driver *drv = ctx->card_drivers[i]; const struct sc_card_operations *ops = drv->ops; sc_log(ctx, "trying driver '%s'", drv->short_name); - if (ops == NULL || ops->match_card == NULL) + if (ops == NULL || ops->match_card == NULL) { continue; + } + else if (!ctx->enable_default_driver && !strcmp("default", drv->short_name)) { + sc_log(ctx , "ignore 'default' card driver"); + continue; + } + /* Needed if match_card() needs to talk with the card (e.g. card-muscle) */ *card->ops = *ops; if (ops->match_card(card) != 1) diff --git a/src/libopensc/ctx.c b/src/libopensc/ctx.c index 3e2bd14f..ed5c7b5e 100644 --- a/src/libopensc/ctx.c +++ b/src/libopensc/ctx.c @@ -182,6 +182,8 @@ static void set_defaults(sc_context_t *ctx, struct _sc_ctx_options *opts) fclose(ctx->debug_file); ctx->debug_file = stderr; ctx->paranoid_memory = 0; + ctx->enable_default_driver = 0; + #ifdef __APPLE__ /* Override the default debug log for OpenSC.tokend to be different from PKCS#11. * TODO: Could be moved to OpenSC.tokend */ @@ -254,6 +256,9 @@ load_parameters(sc_context_t *ctx, scconf_block *block, struct _sc_ctx_options * ctx->paranoid_memory = scconf_get_bool (block, "paranoid-memory", ctx->paranoid_memory); + ctx->enable_default_driver = scconf_get_bool (block, "enable_default_driver", + ctx->enable_default_driver); + val = scconf_get_str(block, "force_card_driver", NULL); if (val) { if (opts->forced_card_driver) diff --git a/src/libopensc/opensc.h b/src/libopensc/opensc.h index 7f68722c..660592f3 100644 --- a/src/libopensc/opensc.h +++ b/src/libopensc/opensc.h @@ -693,6 +693,7 @@ typedef struct sc_context { char *app_name; int debug; int paranoid_memory; + int enable_default_driver; FILE *debug_file; char *debug_filename; diff --git a/src/tools/opensc-explorer.c b/src/tools/opensc-explorer.c index 5d4aa0b3..903bcf3b 100644 --- a/src/tools/opensc-explorer.c +++ b/src/tools/opensc-explorer.c @@ -297,27 +297,40 @@ ambiguous_match(struct command *table, const char *cmd) return last_match; } -static void check_ret(int r, int op, const char *err, const sc_file_t *file) + +static void +check_ret(int r, int op, const char *err, const sc_file_t *file) { fprintf(stderr, "%s: %s\n", err, sc_strerror(r)); if (r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) fprintf(stderr, "ACL for operation: %s\n", util_acl_to_str(sc_file_get_acl_entry(file, op))); } -static int arg_to_fid(const char *arg, u8 *fid) -{ - if (strlen(arg) != 4) { - printf("Wrong ID length.\n"); - return -1; - } - if (sscanf(arg, "%02X%02X", &fid[0], &fid[1]) != 2) { - printf("Invalid ID.\n"); - return -1; - } - return 0; +static int +arg_to_fid(const char *arg, u8 *fid) +{ + unsigned int fid0, fid1; + + if (strlen(arg) != 4) { + printf("Wrong ID length.\n"); + return -1; + } + + if (sscanf(arg, "%02X%02X", &fid0, &fid1) != 2) { + printf("Invalid ID.\n"); + return -1; + } + + fid[0] = (unsigned char)fid0; + fid[1] = (unsigned char)fid1; + + return 0; } -static int arg_to_path(const char *arg, sc_path_t *path, int is_id) + + +static int +arg_to_path(const char *arg, sc_path_t *path, int is_id) { memset(path, 0, sizeof(sc_path_t)); @@ -998,14 +1011,15 @@ static int do_verify(int argc, char **argv) printf("No PIN entered - aborting VERIFY.\n"); return -1; } - if (strlcpy(buf, pin, sizeof(buf)) >= sizeof(buf)) { + + if (strlcpy((char *)buf, pin, sizeof(buf)) >= sizeof(buf)) { free(pin); printf("PIN too long - aborting VERIFY.\n"); return -1; } free(pin); data.pin1.data = buf; - data.pin1.len = strlen(buf); + data.pin1.len = strlen((char *)buf); } } else { r = parse_string_or_hexdata(argv[1], buf, &buflen); @@ -1772,7 +1786,7 @@ int main(int argc, char * const argv[]) char *cargv[260]; sc_context_param_t ctx_param; int lcycle = SC_CARDCTRL_LIFECYCLE_ADMIN; - FILE *script; + FILE *script = stdin; printf("OpenSC Explorer version %s\n", sc_get_version()); @@ -1811,6 +1825,8 @@ int main(int argc, char * const argv[]) return 1; } + ctx->enable_default_driver = 1; + if (verbose > 1) { ctx->debug = verbose; ctx->debug_file = stderr; diff --git a/src/tools/opensc-tool.c b/src/tools/opensc-tool.c index ba73fc90..71721a8a 100644 --- a/src/tools/opensc-tool.c +++ b/src/tools/opensc-tool.c @@ -751,6 +751,8 @@ int main(int argc, char * const argv[]) return 1; } + ctx->enable_default_driver = 1; + if (verbose > 1) { ctx->debug = verbose; sc_ctx_log_to_file(ctx, "stderr");