diff --git a/src/tools/pkcs15-crypt.c b/src/tools/pkcs15-crypt.c index e3debc6e..499ea369 100644 --- a/src/tools/pkcs15-crypt.c +++ b/src/tools/pkcs15-crypt.c @@ -44,6 +44,7 @@ static int verbose = 0, opt_wait = 0, opt_raw = 0; static char * opt_reader; static char * opt_pincode = NULL, * opt_key_id = NULL; static char * opt_input = NULL, * opt_output = NULL; +static char * opt_bind_to_aid = NULL; static int opt_crypt_flags = 0; enum { @@ -54,6 +55,7 @@ enum { OPT_SHA224, OPT_MD5, OPT_PKCS1, + OPT_BIND_TO_AID, }; static const struct option options[] = { @@ -72,6 +74,7 @@ static const struct option options[] = { { "md5", 0, NULL, OPT_MD5 }, { "pkcs1", 0, NULL, OPT_PKCS1 }, { "pin", 1, NULL, 'p' }, + { "bind-to-aid", 1, NULL, OPT_BIND_TO_AID }, { "wait", 0, NULL, 'w' }, { "verbose", 0, NULL, 'v' }, { NULL, 0, NULL, 0 } @@ -93,6 +96,7 @@ static const char *option_help[] = { "Input file is a MD5 hash", "Use PKCS #1 v1.5 padding", "Uses password (PIN) (use - for reading PIN from STDIN)", + "Use on-card PKCS#15 application indicated by AID", "Wait for card insertion", "Verbose operation. Use several times to enable debug output.", }; @@ -550,6 +554,9 @@ int main(int argc, char * const argv[]) case 'p': opt_pincode = optarg; break; + case OPT_BIND_TO_AID: + opt_bind_to_aid = optarg; + break; case 'w': opt_wait = 1; break; @@ -579,7 +586,20 @@ int main(int argc, char * const argv[]) if (verbose) fprintf(stderr, "Trying to find a PKCS #15 compatible card...\n"); - r = sc_pkcs15_bind(card, NULL, &p15card); + if (opt_bind_to_aid) { + struct sc_aid aid; + + aid.len = sizeof(aid.value); + if (sc_hex_to_bin(opt_bind_to_aid, aid.value, &aid.len)) { + fprintf(stderr, "Invalid AID value: '%s'\n", opt_bind_to_aid); + return 1; + } + + r = sc_pkcs15_bind(card, &aid, &p15card); + } + else { + r = sc_pkcs15_bind(card, NULL, &p15card); + } if (r) { fprintf(stderr, "PKCS #15 binding failed: %s\n", sc_strerror(r)); err = 1; diff --git a/src/tools/pkcs15-init.c b/src/tools/pkcs15-init.c index 657568ba..7ff61e3c 100644 --- a/src/tools/pkcs15-init.c +++ b/src/tools/pkcs15-init.c @@ -133,6 +133,7 @@ enum { OPT_PUK_LABEL, OPT_VERIFY_PIN, OPT_SANITY_CHECK, + OPT_BIND_TO_AID, OPT_PIN1 = 0x10000, /* don't touch these values */ OPT_PUK1 = 0x10001, @@ -174,6 +175,7 @@ const struct option options[] = { { "cert-label", required_argument, NULL, OPT_CERT_LABEL }, { "application-name", required_argument, NULL, OPT_APPLICATION_NAME }, { "application-id", required_argument, NULL, OPT_APPLICATION_ID }, + { "bind-to-aid", required_argument, NULL, OPT_BIND_TO_AID }, { "output-file", required_argument, NULL, 'o' }, { "format", required_argument, NULL, 'f' }, { "passphrase", required_argument, NULL, OPT_PASSPHRASE }, @@ -230,6 +232,7 @@ static const char * option_help[] = { "Specify user cert label (use with --store-private-key)", "Specify application name of data object (use with --store-data-object)", "Specify application id of data object (use with --store-data-object)", + "Use on-card PKCS#15 application indicated by AID", "Output public portion of generated key to file", "Specify key/cert file format: PEM (=default), DER or PKCS12", "Specify passphrase for unlocking secret key", @@ -337,6 +340,7 @@ static char * opt_newkey = NULL; static char * opt_outkey = NULL; static char * opt_application_id = NULL; static char * opt_application_name = NULL; +static char * opt_bind_to_aid = NULL; static char * opt_puk_authid = NULL; static unsigned int opt_x509_usage = 0; static unsigned int opt_delete_flags = 0; @@ -450,11 +454,21 @@ main(int argc, char **argv) && action != ACTION_ASSERT_PRISTINE && p15card == NULL) { /* Read the PKCS15 structure from the card */ - r = sc_pkcs15_bind(card, NULL, &p15card); + if (opt_bind_to_aid) { + struct sc_aid aid; + + aid.len = sizeof(aid.value); + if (sc_hex_to_bin(opt_bind_to_aid, aid.value, &aid.len)) { + fprintf(stderr, "Invalid AID value: '%s'\n", opt_bind_to_aid); + return 1; + } + r = sc_pkcs15_bind(card, &aid, &p15card); + } + else { + r = sc_pkcs15_bind(card, NULL, &p15card); + } if (r) { - fprintf(stderr, - "PKCS#15 binding failed: %s\n", - sc_strerror(r)); + fprintf(stderr, "PKCS#15 binding failed: %s\n", sc_strerror(r)); break; } @@ -2511,6 +2525,9 @@ handle_option(const struct option *opt) case OPT_APPLICATION_ID: opt_application_id = optarg; break; + case OPT_BIND_TO_AID: + opt_bind_to_aid = optarg; + break; case OPT_PUK_ID: opt_puk_authid = optarg; break;