giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Issue 2105: Add new DNIe CA structure for the secure channel

This commit is contained in:
rickyepoderi 2020-09-09 09:24:29 +02:00 committed by Frank Morgner
parent b577531720
commit 57a391f16c
3 changed files with 464 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/libopensc/card-dnie.c
View File

@ -2176,7 +2176,9 @@ static int dnie_pin_verify(struct sc_card *card,
if (card->atr.value[15] >= DNIE_30_VERSION) {
sc_log(card->ctx, "DNIe 3.0 detected => re-establish secure channel");
dnie_change_cwa_provider_to_secure(card);
res = cwa_create_secure_channel(card, GET_DNIE_PRIV_DATA(card)->cwa_provider, CWA_SM_ON);
if (res == SC_SUCCESS) {
res = cwa_create_secure_channel(card, GET_DNIE_PRIV_DATA(card)->cwa_provider, CWA_SM_ON);
}
}
LOG_FUNC_RETURN(card->ctx, res);

494
src/libopensc/cwa-dnie.c
View File

@ -50,9 +50,9 @@
/********************* Keys and certificates as published by DGP ********/
/**
* Modulo de la clave pública de la Root CA del DNIe electronico
* Public Key modulus for the ROOT CA for DNIe (pk-RCAicc->n)
*/
static u8 icc_root_ca_modulus[] = {
static u8 icc_root_ca_modulus_0[] = {
0xEA, 0xDE, 0xDA, 0x45, 0x53, 0x32, 0x94, 0x50, 0x39, 0xDA, 0xA4, 0x04,
0xC8, 0xEB, 0xC4, 0xD3, 0xB7, 0xF5, 0xDC, 0x86, 0x92, 0x83, 0xCD, 0xEA,
0x2F, 0x10, 0x1E, 0x2A, 0xB5, 0x4F, 0xB0, 0xD0, 0xB0, 0x3D, 0x8F, 0x03,
@ -66,17 +66,31 @@ static u8 icc_root_ca_modulus[] = {
0x91, 0xDB, 0x64, 0xF8, 0x0B, 0x5E, 0x92, 0xCD
};
static u8 icc_root_ca_modulus_1[] = {
0xb9, 0x72, 0x34, 0x5e, 0x35, 0xbc, 0xdd, 0x12, 0xdc, 0x2c, 0x8e, 0x85,
0xf6, 0x22, 0x97, 0x97, 0x9f, 0x12, 0x2b, 0xb7, 0xc9, 0xc3, 0xed, 0x13,
0xa0, 0xc4, 0xeb, 0x59, 0x34, 0xe7, 0x0c, 0xd6, 0xd0, 0x0c, 0x54, 0x06,
0x18, 0x38, 0x6e, 0x42, 0xf2, 0xba, 0x00, 0x89, 0xc0, 0xdd, 0x80, 0x0e,
0xba, 0x78, 0x3b, 0xdc, 0x9d, 0x93, 0xd9, 0xfb, 0xfc, 0x3c, 0x16, 0x9f,
0x9a, 0xf6, 0x4e, 0x80, 0x10, 0x0f, 0xc6, 0x87, 0xcc, 0xa5, 0x62, 0xe7,
0xfc, 0x84, 0xd1, 0x12, 0x92, 0xc2, 0x40, 0x4c, 0x59, 0xb8, 0xa8, 0x60,
0xd3, 0x9e, 0x2d, 0x66, 0x54, 0x7d, 0xc7, 0xb2, 0xd4, 0x8c, 0xa7, 0x89,
0x81, 0x4f, 0x43, 0x06, 0x26, 0x34, 0xe3, 0xe0, 0xc0, 0xd6, 0xbf, 0x5f,
0x54, 0xba, 0x1d, 0x9c, 0x46, 0x64, 0x45, 0x83, 0x1d, 0xcd, 0xea, 0xb0,
0x87, 0x08, 0xf3, 0xf6, 0x22, 0x0e, 0x07, 0x75
};
/**
* Exponente de la clave publica de la Root CA del DNI electronico
* Exponente de la clave publica de la Root CA del DNI electronico (pk-RCAicc->e)
*/
static u8 icc_root_ca_public_exponent[] = {
0x01, 0x00, 0x01
};
/**
* Terminal (IFD) key modulus for SM channel creation
* Terminal (IFD) key modulus for SM channel creation (dnieRealParam->sk-IFD-AUT->n)
*/
static u8 ifd_modulus[] = {
static u8 ifd_modulus_0[] = {
0xdb, 0x2c, 0xb4, 0x1e, 0x11, 0x2b, 0xac, 0xfa, 0x2b, 0xd7, 0xc3, 0xd3,
0xd7, 0x96, 0x7e, 0x84, 0xfb, 0x94, 0x34, 0xfc, 0x26, 0x1f, 0x9d, 0x09,
0x0a, 0x89, 0x83, 0x94, 0x7d, 0xaf, 0x84, 0x88, 0xd3, 0xdf, 0x8f, 0xbd,
@ -90,10 +104,24 @@ static u8 ifd_modulus[] = {
0x6a, 0xe2, 0x36, 0x59, 0x00, 0x16, 0xba, 0x69
};
static u8 ifd_modulus_1[] = {
0xbd, 0xef, 0xdb, 0x84, 0xec, 0xe6, 0x98, 0xb8, 0x28, 0x7f, 0x7f, 0xe6,
0x29, 0x6d, 0x80, 0x72, 0x98, 0x3a, 0x1b, 0x3d, 0x3b, 0x9f, 0x57, 0xad,
0x98, 0x4f, 0xba, 0x78, 0x58, 0x1f, 0xff, 0x52, 0xe9, 0x3d, 0x89, 0x6b,
0xf5, 0x62, 0x25, 0xe9, 0xf8, 0x2e, 0x96, 0x95, 0x14, 0x00, 0x69, 0x98,
0x2e, 0x5b, 0x5b, 0xce, 0x37, 0xad, 0x73, 0x16, 0x45, 0x02, 0xd8, 0xac,
0xbd, 0x60, 0x5f, 0x69, 0x12, 0x4a, 0x3c, 0xf5, 0xaf, 0xe4, 0xb0, 0x18,
0x60, 0x2d, 0xd4, 0xba, 0x04, 0xdb, 0xc9, 0x85, 0x88, 0x45, 0xe6, 0xa9,
0xc4, 0x05, 0x5b, 0xc5, 0xbf, 0xa0, 0xed, 0xdb, 0x86, 0x67, 0x89, 0xf0,
0xec, 0x6a, 0x80, 0xfc, 0xe5, 0x3c, 0x66, 0x08, 0xdf, 0xdc, 0x9b, 0x9f,
0xe2, 0xed, 0x56, 0x75, 0x2c, 0xc6, 0x05, 0x51, 0x3b, 0xa3, 0xf1, 0x75,
0x9c, 0xdd, 0x95, 0x22, 0x75, 0x3f, 0x18, 0xd7
};
/**
* Terminal (IFD) key modulus for SM channel creation for PIN channel DNIe 3.0
* Terminal (IFD) key modulus for SM channel creation for PIN channel DNIe 3.0 (dnie30RealParamPIN->sk-IFD-AUT->n)
*/
static u8 ifd_pin_modulus[] = {
static u8 ifd_pin_modulus_0[] = {
0xF4, 0x27, 0x97, 0x8D, 0xA1, 0x59, 0xBA, 0x02, 0x79, 0x30, 0x8A, 0x6C,
0x6A, 0x89, 0x50, 0x5A, 0xDA, 0x5A, 0x67, 0xC3, 0xDA, 0x26, 0x79, 0xEA,
0xF4, 0xA1, 0xB0, 0x11, 0x9E, 0xDD, 0x4D, 0xF4, 0x6E, 0x78, 0x04, 0x24,
@ -107,6 +135,20 @@ static u8 ifd_pin_modulus[] = {
0x15, 0x96, 0x6A, 0x5A, 0x89, 0xAD, 0x58, 0xA5
};
static u8 ifd_pin_modulus_1[] = {
0xdf, 0x03, 0x93, 0x0d, 0x4f, 0x1d, 0x97, 0x15, 0xeb, 0xb0, 0x0f, 0xbd,
0xae, 0x48, 0xaf, 0x9c, 0x9d, 0xbf, 0xd6, 0x99, 0xca, 0xb0, 0xbd, 0xbe,
0x5c, 0xdb, 0x01, 0x34, 0x00, 0x0e, 0x46, 0x2e, 0x71, 0x3a, 0xe9, 0x7a,
0x2f, 0x7e, 0x20, 0xaf, 0xbf, 0x84, 0xd3, 0xce, 0x73, 0x4f, 0xe2, 0x15,
0x75, 0x7a, 0xaf, 0xa1, 0xe8, 0x9e, 0x64, 0x57, 0xea, 0xe2, 0xe8, 0x08,
0x11, 0x03, 0x73, 0xe2, 0x56, 0x56, 0x34, 0x94, 0xfb, 0x5d, 0x10, 0x4f,
0x0d, 0xcc, 0x88, 0x8d, 0x47, 0x96, 0x54, 0x3f, 0x03, 0x25, 0x4f, 0x4e,
0x2c, 0xdf, 0x98, 0xb1, 0xe1, 0x26, 0x11, 0xe3, 0x98, 0x1f, 0x53, 0x33,
0xdf, 0x98, 0xc8, 0x86, 0x01, 0x93, 0x75, 0x84, 0x0f, 0xac, 0x61, 0xdb,
0x8f, 0x1b, 0xa3, 0xb5, 0x43, 0xdc, 0xea, 0x3d, 0x05, 0x9e, 0x6a, 0x41,
0x4f, 0x6d, 0xd2, 0x9f, 0xc7, 0xc9, 0x9d, 0x8b
};
/**
* Terminal (IFD) public exponent for SM channel creation
*/
@ -122,9 +164,9 @@ static u8 ifd_pin_public_exponent[] = {
};
/**
* Terminal (IFD) private exponent for SM channel establishment
* Terminal (IFD) private exponent for SM channel establishment (dnieRealParam->sk-IFD-AUT->d)
*/
static u8 ifd_private_exponent[] = {
static u8 ifd_private_exponent_0[] = {
0x18, 0xb4, 0x4a, 0x3d, 0x15, 0x5c, 0x61, 0xeb, 0xf4, 0xe3, 0x26, 0x1c,
0x8b, 0xb1, 0x57, 0xe3, 0x6f, 0x63, 0xfe, 0x30, 0xe9, 0xaf, 0x28, 0x89,
0x2b, 0x59, 0xe2, 0xad, 0xeb, 0x18, 0xcc, 0x8c, 0x8b, 0xad, 0x28, 0x4b,
@ -138,10 +180,24 @@ static u8 ifd_private_exponent[] = {
0xbd, 0x9b, 0x00, 0x31, 0x3c, 0x0f, 0x46, 0xed
};
static u8 ifd_private_exponent_1[] = {
0xa0, 0x51, 0x55, 0x93, 0xd4, 0x36, 0x2b, 0x8f, 0xbd, 0xb7, 0x28, 0xa8,
0x88, 0x2d, 0x42, 0x2e, 0xf7, 0xa8, 0x8c, 0x17, 0x5a, 0x3c, 0xfb, 0xcf,
0xad, 0xf1, 0x15, 0xee, 0xc0, 0x4b, 0x79, 0xc2, 0x6c, 0xd6, 0xa1, 0x28,
0xbb, 0xbd, 0x35, 0x4d, 0x50, 0x4b, 0x5a, 0x94, 0xc8, 0x86, 0x34, 0x9a,
0xdb, 0xfe, 0x06, 0xf6, 0x7f, 0xee, 0x6a, 0x66, 0xd0, 0xa7, 0x3f, 0x66,
0x46, 0x8e, 0x92, 0xd8, 0x73, 0xb6, 0x8e, 0xe2, 0xcb, 0x47, 0xb1, 0xa1,
0x5a, 0x2a, 0xa7, 0xd8, 0xc6, 0xce, 0x8f, 0x3f, 0x14, 0x93, 0x0d, 0x56,
0xb6, 0x32, 0x7f, 0x56, 0xcb, 0x21, 0x54, 0x69, 0xa5, 0x7a, 0x1e, 0xe0,
0x18, 0x8f, 0xd6, 0xd2, 0x6d, 0x83, 0xa3, 0x80, 0xa6, 0xab, 0xd3, 0xa8,
0x9f, 0x1b, 0x63, 0xc4, 0x99, 0x81, 0x90, 0x46, 0x53, 0x69, 0x35, 0xad,
0xb2, 0xdb, 0x3c, 0x17, 0xcc, 0xbd, 0xaa, 0x51
};
/**
* Terminal (IFD) private exponent for SM channel establishment for PIN channel DNIe 3.0
* Terminal (IFD) private exponent for SM channel establishment for PIN channel DNIe 3.0 (dnie30RealParamDataPIN->sk-IFD-AUT->d)
*/
static u8 ifd_pin_private_exponent[] = {
static u8 ifd_pin_private_exponent_0[] = {
0xD2, 0x7A, 0x03, 0x23, 0x7C, 0x72, 0x2E, 0x71, 0x8D, 0x69, 0xF4, 0x1A,
0xEC, 0x68, 0xBD, 0x95, 0xE4, 0xE0, 0xC4, 0xCD, 0x49, 0x15, 0x9C, 0x4A,
0x99, 0x63, 0x7D, 0xB6, 0x62, 0xFE, 0xA3, 0x02, 0x51, 0xED, 0x32, 0x9C,
@ -155,10 +211,24 @@ static u8 ifd_pin_private_exponent[] = {
0xC6, 0x3B, 0x35, 0x8B, 0x7C, 0x11, 0x5A, 0xA1
};
static u8 ifd_pin_private_exponent_1[] = {
0x86, 0x6f, 0x0f, 0x2c, 0x0c, 0xaf, 0x17, 0xae, 0x7d, 0x1e, 0xea, 0xbe,
0x3a, 0xdb, 0x52, 0x11, 0x24, 0xfe, 0xc9, 0x8c, 0x77, 0xa4, 0xc7, 0x1c,
0x83, 0xb8, 0xf9, 0x26, 0xb1, 0x89, 0xe9, 0x40, 0x81, 0xbd, 0x33, 0x95,
0x16, 0x1f, 0xff, 0xf0, 0x31, 0x91, 0x0e, 0x64, 0xfb, 0x1a, 0x02, 0x7d,
0x51, 0x0e, 0x1d, 0xe5, 0x89, 0xe6, 0x41, 0x32, 0xc6, 0x42, 0xf6, 0x00,
0x36, 0xd1, 0x4f, 0xfe, 0xd5, 0xd0, 0xce, 0x1f, 0x45, 0xe7, 0x11, 0x6f,
0x13, 0xc4, 0xe6, 0x38, 0x8e, 0x25, 0xdd, 0x43, 0x83, 0x57, 0x78, 0x05,
0x85, 0x73, 0xdc, 0x29, 0xad, 0x6a, 0x37, 0x32, 0x71, 0x6d, 0x08, 0x11,
0x24, 0xb7, 0x52, 0x51, 0x40, 0xb1, 0xdd, 0xab, 0xe2, 0x51, 0xa4, 0x98,
0x0c, 0xc5, 0xc0, 0x3a, 0x86, 0xa8, 0x2d, 0x17, 0x4f, 0xb7, 0xa8, 0x1d,
0x24, 0x8d, 0x7c, 0xaa, 0x2b, 0x3d, 0x61, 0xd1
};
/**
* Intermediate CA certificate in CVC format (Card verifiable certificate)
* Intermediate CA certificate in CVC format (Card verifiable certificate) (c-CV-CA-CS-AUT)
*/
static u8 C_CV_CA_CS_AUT_cert[] = {
static u8 C_CV_CA_CS_AUT_cert_0[] = {
0x7f, 0x21, 0x81, 0xce, 0x5f, 0x37, 0x81, 0x80, 0x3c, 0xba, 0xdc, 0x36,
0x84, 0xbe, 0xf3, 0x20, 0x41, 0xad, 0x15, 0x50, 0x89, 0x25, 0x8d, 0xfd,
0x20, 0xc6, 0x91, 0x15, 0xd7, 0x2f, 0x9c, 0x38, 0xaa, 0x99, 0xad, 0x6c,
@ -179,10 +249,31 @@ static u8 C_CV_CA_CS_AUT_cert[] = {
0x52, 0x44, 0x49, 0x60, 0x00, 0x06
};
static u8 C_CV_CA_CS_AUT_cert_1[] = {
0x7f, 0x21, 0x81, 0xce, 0x5f, 0x37, 0x81, 0x80, 0x7a, 0xa0, 0x6c, 0x96,
0x5e, 0x8f, 0xb2, 0x19, 0x61, 0xcf, 0xd4, 0x49, 0xd0, 0x9b, 0x9d, 0xaf,
0x03, 0x04, 0x73, 0x01, 0x15, 0x69, 0x70, 0xb7, 0x73, 0xf1, 0x9c, 0x40,
0xf1, 0x27, 0xd3, 0x38, 0xe3, 0xc1, 0x35, 0xeb, 0x21, 0x20, 0x56, 0x6d,
0xc6, 0xf9, 0xf7, 0x45, 0xff, 0xb8, 0xf8, 0xe2, 0xb6, 0x1e, 0xe8, 0x16,
0x6f, 0xfd, 0x06, 0xd2, 0x8c, 0xb4, 0x8c, 0x15, 0x2a, 0x1f, 0xa4, 0xf7,
0xe9, 0xf6, 0x09, 0xd7, 0x52, 0x76, 0x33, 0x1c, 0xb7, 0x00, 0xb8, 0x4e,
0x36, 0xac, 0x8a, 0x0a, 0x77, 0x74, 0x46, 0x8c, 0x3c, 0xf3, 0xd1, 0x47,
0xa4, 0x9c, 0x97, 0x6e, 0x17, 0xab, 0x02, 0xda, 0x03, 0xea, 0x4a, 0xc1,
0x51, 0x77, 0x7e, 0xdf, 0xbc, 0x35, 0xc2, 0x7d, 0x56, 0xfb, 0xa6, 0x85,
0x75, 0x6e, 0xd6, 0x52, 0x85, 0x1d, 0xfd, 0xe7, 0x01, 0xbf, 0x87, 0x49,
0x92, 0xdd, 0x4d, 0xe8, 0x5f, 0x38, 0x3d, 0x33, 0xe3, 0xd5, 0x2a, 0x4b,
0x09, 0x40, 0xe3, 0x90, 0xcd, 0x1a, 0x64, 0x1f, 0xea, 0x2e, 0x9c, 0xdd,
0x79, 0xd3, 0x87, 0x2d, 0xd6, 0xc5, 0x08, 0xd5, 0xef, 0x23, 0x9c, 0xb0,
0x7e, 0xb5, 0x55, 0x68, 0xce, 0x18, 0x8b, 0x65, 0x13, 0xac, 0xb8, 0x84,
0x14, 0xc9, 0xad, 0xf7, 0xa6, 0x4e, 0x2c, 0xc0, 0xb3, 0x14, 0xd1, 0x27,
0x54, 0xae, 0xee, 0x67, 0x00, 0x01, 0x00, 0x01, 0x42, 0x08, 0x65, 0x73,
0x52, 0x44, 0x49, 0x62, 0x00, 0x18
};
/**
* Terminal (IFD) certificate in CVC format (PK.IFD.AUT)
* Terminal (IFD) certificate in CVC format (PK.IFD.AUT) (dnieRealParamData->c-CV-IFD-AUT)
*/
static u8 C_CV_IFDUser_AUT_cert[] = {
static u8 C_CV_IFDUser_AUT_cert_0[] = {
0x7f, 0x21, 0x81, 0xcd, 0x5f, 0x37, 0x81, 0x80, 0x82, 0x5b, 0x69, 0xc6,
0x45, 0x1e, 0x5f, 0x51, 0x70, 0x74, 0x38, 0x5f, 0x2f, 0x17, 0xd6, 0x4d,
0xfe, 0x2e, 0x68, 0x56, 0x75, 0x67, 0x09, 0x4b, 0x57, 0xf3, 0xc5, 0x78,
@ -203,10 +294,31 @@ static u8 C_CV_IFDUser_AUT_cert[] = {
0x44, 0x49, 0x60, 0x00, 0x06
};
static u8 C_CV_IFDUser_AUT_cert_1[] = {
0x7f, 0x21, 0x81, 0xcd, 0x5f, 0x37, 0x81, 0x80, 0x5d, 0xa9, 0x4b, 0x6b,
0x4e, 0xb8, 0x61, 0xec, 0xa6, 0x36, 0xd2, 0x67, 0x39, 0x74, 0x71, 0x1f,
0x55, 0x63, 0x0f, 0x5b, 0x89, 0x03, 0x8c, 0x57, 0xd0, 0xbb, 0xbb, 0xc1,
0xd2, 0xc6, 0x8c, 0xc3, 0xeb, 0x56, 0xd5, 0x30, 0x38, 0x00, 0xf5, 0xa9,
0xf5, 0xe2, 0x96, 0x7f, 0xdf, 0x28, 0x91, 0x7b, 0xaf, 0xc8, 0x87, 0x63,
0xb8, 0xec, 0x2c, 0x0e, 0xbe, 0x7a, 0xcb, 0x0b, 0xa4, 0xaf, 0xbf, 0xe6,
0x6d, 0xb2, 0xa1, 0xed, 0xa1, 0x3e, 0x45, 0x64, 0xf7, 0x8e, 0x65, 0x58,
0x6e, 0x51, 0x01, 0x76, 0xf1, 0x1c, 0x4c, 0x99, 0x36, 0x4a, 0xaf, 0x18,
0x97, 0xd1, 0x1b, 0xf9, 0x8e, 0x9d, 0x1d, 0x0a, 0x12, 0xd0, 0x6a, 0xab,
0x75, 0x76, 0x4a, 0xa8, 0xdc, 0x85, 0x8d, 0xf0, 0xf0, 0x03, 0xeb, 0x8b,
0x4b, 0x3b, 0x56, 0xf5, 0xf9, 0x5f, 0xa6, 0x37, 0x53, 0x75, 0x19, 0xe4,
0xc6, 0x55, 0x10, 0xf7, 0x5f, 0x38, 0x3c, 0x60, 0x2d, 0xd4, 0xba, 0x04,
0xdb, 0xc9, 0x85, 0x88, 0x45, 0xe6, 0xa9, 0xc4, 0x05, 0x5b, 0xc5, 0xbf,
0xa0, 0xed, 0xdb, 0x86, 0x67, 0x89, 0xf0, 0xec, 0x6a, 0x80, 0xfc, 0xe5,
0x3c, 0x66, 0x08, 0xdf, 0xdc, 0x9b, 0x9f, 0xe2, 0xed, 0x56, 0x75, 0x2c,
0xc6, 0x05, 0x51, 0x3b, 0xa3, 0xf1, 0x75, 0x9c, 0xdd, 0x95, 0x22, 0x75,
0x3f, 0x18, 0xd7, 0x00, 0x01, 0x00, 0x01, 0x42, 0x08, 0x65, 0x73, 0x53,
0x44, 0x49, 0x62, 0x00, 0x18
};
/**
* Terminal (IFD) certificate in CVC format (PK.IFD.AUT) for the PIN channel in DNIe 3.0
* Terminal (IFD) certificate in CVC format (PK.IFD.AUT) for the PIN channel in DNIe 3.0 (dnie30RealParamDataPIN->c-CV-IFD-AUT)
*/
static u8 C_CV_IFDUser_AUT_pin_cert[] = {
static u8 C_CV_IFDUser_AUT_pin_cert_0[] = {
0x7f, 0x21, 0x81, 0xcd, 0x5f, 0x37, 0x81, 0x80, 0x69, 0xc4, 0xe4, 0x94,
0xf0, 0x08, 0xe2, 0x42, 0x14, 0xb1, 0xc1, 0x31, 0xb6, 0x1f, 0xce, 0x9c,
0x15, 0xfa, 0x3c, 0xb0, 0x61, 0xdd, 0x6f, 0x02, 0xd8, 0xa2, 0xcd, 0x30,
@ -227,44 +339,135 @@ static u8 C_CV_IFDUser_AUT_pin_cert[] = {
0x44, 0x49, 0x60, 0x00, 0x06
};
static u8 C_CV_IFDUser_AUT_pin_cert_1[] = {
0x7f, 0x21, 0x81, 0xcd, 0x5f, 0x37, 0x81, 0x80, 0x0a, 0x3d, 0xb4, 0xd1,
0x57, 0x98, 0xf2, 0x34, 0xf6, 0x31, 0xfd, 0x94, 0xc9, 0x1d, 0x2a, 0x63,
0x63, 0xd0, 0xe1, 0x8e, 0x1b, 0x56, 0xda, 0xbd, 0xe6, 0x22, 0xbc, 0x20,
0x1f, 0xd7, 0xc7, 0xff, 0x59, 0xff, 0x66, 0xda, 0x6e, 0x43, 0x4f, 0xe2,
0xf7, 0xf4, 0x6e, 0x42, 0xe4, 0xa6, 0x06, 0xea, 0x82, 0x39, 0xac, 0x1a,
0xc3, 0x0c, 0x7d, 0xad, 0xe2, 0x29, 0x65, 0xdf, 0x60, 0x6d, 0x11, 0x5e,
0x04, 0xc8, 0xef, 0xfc, 0x77, 0x2b, 0x8f, 0x5d, 0x48, 0x77, 0x3e, 0x34,
0x95, 0x5f, 0x33, 0xf4, 0x64, 0xed, 0x85, 0xcc, 0x0e, 0xb1, 0xbc, 0x57,
0x2a, 0xfa, 0xba, 0x47, 0x25, 0xfb, 0xf5, 0xbd, 0xcf, 0x1d, 0x8c, 0x38,
0xc9, 0xfe, 0x9c, 0xd8, 0x53, 0x6f, 0x34, 0x0b, 0xce, 0x14, 0x1d, 0xf5,
0x18, 0x7f, 0xa2, 0xe2, 0x37, 0x2d, 0x73, 0xbc, 0x7f, 0x89, 0x48, 0x35,
0x0c, 0xba, 0xde, 0xf2, 0x5f, 0x38, 0x3c, 0x0d, 0xcc, 0x88, 0x8d, 0x47,
0x96, 0x54, 0x3f, 0x03, 0x25, 0x4f, 0x4e, 0x2c, 0xdf, 0x98, 0xb1, 0xe1,
0x26, 0x11, 0xe3, 0x98, 0x1f, 0x53, 0x33, 0xdf, 0x98, 0xc8, 0x86, 0x01,
0x93, 0x75, 0x84, 0x0f, 0xac, 0x61, 0xdb, 0x8f, 0x1b, 0xa3, 0xb5, 0x43,
0xdc, 0xea, 0x3d, 0x05, 0x9e, 0x6a, 0x41, 0x4f, 0x6d, 0xd2, 0x9f, 0xc7,
0xc9, 0x9d, 0x8b, 0x00, 0x01, 0x00, 0x01, 0x42, 0x08, 0x65, 0x73, 0x53,
0x44, 0x49, 0x62, 0x00, 0x18
};
/**
* Root CA card key reference
* Root CA card key reference (pk-RCA-AUT-keyRef)
*/
static u8 root_ca_keyref[] = { 0x02, 0x0f };
/**
* ICC card private key reference
* ICC card private key reference (sk-ICC-AUT-keyRef)
*/
static u8 icc_priv_keyref[] = { 0x02, 0x1f };
/**
* Intermediate CA card key reference
* Intermediate CA card key reference (ifd-keyRef)
*/
static u8 cvc_intca_keyref[] =
{ 0x65, 0x73, 0x53, 0x44, 0x49, 0x60, 0x00, 0x06 };
static u8 cvc_intca_keyref_0[] = { 0x65, 0x73, 0x53, 0x44, 0x49, 0x60, 0x00, 0x06 };
static u8 cvc_intca_keyref_1[] = { 0x65, 0x73, 0x53, 0x44, 0x49, 0x62, 0x00, 0x18 };
/**
* In memory key reference for selecting IFD sent certificate
* In memory key reference for selecting IFD sent certificate (dnieRealParamData->pk-IFD-AUT-keyRef)
*/
static u8 cvc_ifd_keyref[] =
{ 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };
static u8 cvc_ifd_keyref_0[] = { 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };
static u8 cvc_ifd_keyref_1[] = { 0x00, 0x00, 0x00, 0x00, 0xd0, 0x02, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x02 };
/**
* In memory key reference for selecting IFD sent certificate in PIN channel DNIe 3.0
* In memory key reference for selecting IFD sent certificate in PIN channel DNIe 3.0 (dnie30RealParamDataPIN->pk-IFD-AUT-keyRef)
*/
static u8 cvc_ifd_keyref_pin[] =
{ 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};
static u8 cvc_ifd_keyref_pin_0[] = { 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };
static u8 cvc_ifd_keyref_pin_1[] = { 0x00, 0x00, 0x00, 0x00, 0xd0, 0x02, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x04 };
/**
* Serial number for IFD Terminal application
* Serial number for IFD Terminal application (dnieRealParamData->sn-IFD)
*/
static u8 sn_ifd[] = { 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };
static u8 sn_ifd_0[] = { 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };
static u8 sn_ifd_1[] = { 0xd0, 0x02, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x02 };
/**
* Serial number for IFD Terminal application in PIN channel DNIe 3.0
* Serial number for IFD Terminal application in PIN channel DNIe 3.0 (dnie30RealParamDataPIN->sn-IFD)
*/
static u8 sn_ifd_pin[] = { 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};
static u8 sn_ifd_pin_0[] = { 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };
static u8 sn_ifd_pin_1[] = { 0xd0, 0x02, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x04 };
#define AC_RAIZ_COMPONENTES_OLD_IDX 0
#define AC_RAIZ_COMPONENTES_ISSUER "/C=ES/O=DIRECCION GENERAL DE LA POLICIA/OU=DNIE/OU=AC RAIZ COMPONENTES/CN=000000006573524449600006"
#define AC_RAIZ_COMPONENTES_2_NEW_IDX 1
#define AC_RAIZ_COMPONENTES_2_ISSUER "/C=ES/O=DIRECCION GENERAL DE LA POLICIA/OU=DNIE/organizationIdentifier=VATES-S2816015H/OU=AC RAIZ COMPONENTES 2/CN=000000006573524449620018"
/**
* The DNIe secure channel uses some static configuration.
* Since DNIe 'BMP100001' it seems that the old values were
* replaced by new certs and keys. So an array of configuration
* values is going to be added that will be set to the card
* private data. For the moment the issuer of the icc intermediate
* CA cert will be used to assign one or the other array element.
*/
static dnie_channel_data_t channel_data[] = {
{ /* AC_RAIZ_COMPONENTES_OLD_IDX: Channel data configuration for DNIe before BMP100001 */
.icc_root_ca = {
.modulus = { icc_root_ca_modulus_0, sizeof(icc_root_ca_modulus_0) },
.exponent = { icc_root_ca_public_exponent, sizeof(icc_root_ca_public_exponent) }
},
.ifd = {
.modulus = { ifd_modulus_0, sizeof(ifd_modulus_0) },
.exponent = { ifd_public_exponent, sizeof(ifd_public_exponent) },
.private = { ifd_private_exponent_0, sizeof(ifd_private_exponent_0) }
},
.ifd_pin = {
.modulus = { .value = ifd_pin_modulus_0, sizeof(ifd_pin_modulus_0) },
.exponent = { .value = ifd_pin_public_exponent, sizeof(ifd_pin_public_exponent) },
.private = { .value = ifd_pin_private_exponent_0, sizeof(ifd_pin_private_exponent_0) }
},
.C_CV_CA_CS_AUT_cert = { .value = C_CV_CA_CS_AUT_cert_0, sizeof(C_CV_CA_CS_AUT_cert_0) },
.C_CV_IFDUser_AUT_cert = { .value = C_CV_IFDUser_AUT_cert_0, sizeof(C_CV_IFDUser_AUT_cert_0) },
.C_CV_IFDUser_AUT_pin_cert = { .value = C_CV_IFDUser_AUT_pin_cert_0, sizeof(C_CV_IFDUser_AUT_pin_cert_0) },
.root_ca_keyref = { root_ca_keyref, sizeof(root_ca_keyref) },
.icc_priv_keyref = { icc_priv_keyref, sizeof(icc_priv_keyref) },
.cvc_intca_keyref = { cvc_intca_keyref_0, sizeof(cvc_intca_keyref_0) },
.cvc_ifd_keyref = { cvc_ifd_keyref_0, sizeof(cvc_ifd_keyref_0) },
.cvc_ifd_keyref_pin = { cvc_ifd_keyref_pin_0, sizeof(cvc_ifd_keyref_pin_0) },
.sn_ifd = { sn_ifd_0, sizeof(sn_ifd_0) },
.sn_ifd_pin = { sn_ifd_pin_0, sizeof(sn_ifd_pin_0) }
},
{ /* AC_RAIZ_COMPONENTES_2_NEW_IDX: Channel data configuration for DNIe BMP100001 and newer */
.icc_root_ca = {
.modulus = { icc_root_ca_modulus_1, sizeof(icc_root_ca_modulus_1) },
.exponent = { icc_root_ca_public_exponent, sizeof(icc_root_ca_public_exponent) }
},
.ifd = {
.modulus = { ifd_modulus_1, sizeof(ifd_modulus_1) },
.exponent = { ifd_public_exponent, sizeof(ifd_public_exponent) },
.private = { ifd_private_exponent_1, sizeof(ifd_private_exponent_1) }
},
.ifd_pin = {
.modulus = { .value = ifd_pin_modulus_1, sizeof(ifd_pin_modulus_1) },
.exponent = { .value = ifd_pin_public_exponent, sizeof(ifd_pin_public_exponent) },
.private = { .value = ifd_pin_private_exponent_1, sizeof(ifd_pin_private_exponent_1) }
},
.C_CV_CA_CS_AUT_cert = { .value = C_CV_CA_CS_AUT_cert_1, sizeof(C_CV_CA_CS_AUT_cert_1) },
.C_CV_IFDUser_AUT_cert = { .value = C_CV_IFDUser_AUT_cert_1, sizeof(C_CV_IFDUser_AUT_cert_1) },
.C_CV_IFDUser_AUT_pin_cert = { .value = C_CV_IFDUser_AUT_pin_cert_1, sizeof(C_CV_IFDUser_AUT_pin_cert_1) },
.root_ca_keyref = { root_ca_keyref, sizeof(root_ca_keyref) },
.icc_priv_keyref = { icc_priv_keyref, sizeof(icc_priv_keyref) },
.cvc_intca_keyref = { cvc_intca_keyref_1, sizeof(cvc_intca_keyref_1) },
.cvc_ifd_keyref = { cvc_ifd_keyref_1, sizeof(cvc_ifd_keyref_1) },
.cvc_ifd_keyref_pin = { cvc_ifd_keyref_pin_1, sizeof(cvc_ifd_keyref_pin_1) },
.sn_ifd = { sn_ifd_1, sizeof(sn_ifd_1) },
.sn_ifd_pin = { sn_ifd_pin_1, sizeof(sn_ifd_pin_1) }
}
};
/************ internal functions **********************************/
@ -402,6 +605,63 @@ static int dnie_read_certificate(sc_card_t * card, char *certpath, X509 ** cert)
LOG_FUNC_RETURN(card->ctx, res);
}
/**
* Method that sets the configuration channel data to use.
* The configuration data is already set to the card private data.
* Just created in case this will be modified.
*
* @param card Pointer to card driver structure
* @param data The data for the channel will be assined here
* @return SC_SUCCESS if ok; else error code
*/
static int dnie_get_channel_data(sc_card_t * card, dnie_channel_data_t ** data) {
dnie_private_data_t *priv_data = GET_DNIE_PRIV_DATA(card);
LOG_FUNC_CALLED(card->ctx);
if (!priv_data->channel_data) {
sc_log(card->ctx, "Data channel configuration was not initialized");
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL);
}
*data = priv_data->channel_data;
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
}
/**
* Method to assign into the private data the secure channel
* configuration to use. Right now the icc_intermediate_ca_cert
* issuer is used. If it is the new one the new data is assigned
* else the old data is set.
*
* @param card Pointer to card driver structure
* @param icc_intermediate_ca_cert Pointer to the X509 icc intermediate CA certificate
* @return SC_SUCCESS if ok; else error code
*/
static int dnie_set_channel_data(sc_card_t * card, X509 * icc_intermediate_ca_cert) {
char *buf = NULL;
dnie_private_data_t *priv_data = GET_DNIE_PRIV_DATA(card);
LOG_FUNC_CALLED(card->ctx);
X509_NAME *issuer = X509_get_issuer_name(icc_intermediate_ca_cert);
if (issuer) {
buf = X509_NAME_oneline(issuer, buf, 0);
if (!buf) {
LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
}
sc_log(card->ctx, "icc_intermediate_ca_cert issuer %s", buf);
}
if (buf && strcmp(buf, AC_RAIZ_COMPONENTES_2_ISSUER) == 0) {
sc_log(card->ctx, "assigning new data channel configuration");
priv_data->channel_data = &channel_data[AC_RAIZ_COMPONENTES_2_NEW_IDX];
} else {
sc_log(card->ctx, "assigning old data channel configuration");
priv_data->channel_data = &channel_data[AC_RAIZ_COMPONENTES_OLD_IDX];
}
if (buf) {
OPENSSL_free(buf);
}
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
}
/************ implementation of cwa provider methods **************/
/**
@ -417,8 +677,13 @@ static int dnie_get_root_ca_pubkey(sc_card_t * card, EVP_PKEY ** root_ca_key)
int res=SC_SUCCESS;
RSA *root_ca_rsa=NULL;
BIGNUM *root_ca_rsa_n, *root_ca_rsa_e;
dnie_channel_data_t *data;
LOG_FUNC_CALLED(card->ctx);
/* obtain the data channel info for the card */
res = dnie_get_channel_data(card, &data);
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
/* compose root_ca_public key with data provided by Dnie Manual */
*root_ca_key = EVP_PKEY_new();
root_ca_rsa = RSA_new();
@ -427,8 +692,8 @@ static int dnie_get_root_ca_pubkey(sc_card_t * card, EVP_PKEY ** root_ca_key)
return SC_ERROR_OUT_OF_MEMORY;
}
root_ca_rsa_n = BN_bin2bn(icc_root_ca_modulus, sizeof(icc_root_ca_modulus), NULL);
root_ca_rsa_e = BN_bin2bn(icc_root_ca_public_exponent, sizeof(icc_root_ca_public_exponent), NULL);
root_ca_rsa_n = BN_bin2bn(data->icc_root_ca.modulus.value, data->icc_root_ca.modulus.len, NULL);
root_ca_rsa_e = BN_bin2bn(data->icc_root_ca.exponent.value, data->icc_root_ca.exponent.len, NULL);
if (RSA_set0_key(root_ca_rsa, root_ca_rsa_n, root_ca_rsa_e, NULL) != 1) {
BN_free(root_ca_rsa_n);
BN_free(root_ca_rsa_e);
@ -466,10 +731,17 @@ static int dnie_get_root_ca_pubkey(sc_card_t * card, EVP_PKEY ** root_ca_key)
*/
static int dnie_get_cvc_ca_cert(sc_card_t * card, u8 ** cert, size_t * length)
{
int res;
dnie_channel_data_t *data;
LOG_FUNC_CALLED(card->ctx);
*cert = C_CV_CA_CS_AUT_cert;
*length = sizeof(C_CV_CA_CS_AUT_cert);
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
/* obtain the data channel info for the card */
res = dnie_get_channel_data(card, &data);
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
*cert = data->C_CV_CA_CS_AUT_cert.value;
*length = data->C_CV_CA_CS_AUT_cert.len;
LOG_FUNC_RETURN(card->ctx, res);
}
/**
@ -488,10 +760,17 @@ static int dnie_get_cvc_ca_cert(sc_card_t * card, u8 ** cert, size_t * length)
*/
static int dnie_get_cvc_ifd_cert(sc_card_t * card, u8 ** cert, size_t * length)
{
int res;
dnie_channel_data_t *data;
LOG_FUNC_CALLED(card->ctx);
*cert = C_CV_IFDUser_AUT_cert;
*length = sizeof(C_CV_IFDUser_AUT_cert);
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
/* obtain the data channel info for the card */
res = dnie_get_channel_data(card, &data);
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
*cert = data->C_CV_IFDUser_AUT_cert.value;
*length = data->C_CV_IFDUser_AUT_cert.len;
LOG_FUNC_RETURN(card->ctx, res);
}
/**
@ -511,10 +790,17 @@ static int dnie_get_cvc_ifd_cert(sc_card_t * card, u8 ** cert, size_t * length)
*/
static int dnie_get_cvc_ifd_cert_pin(sc_card_t * card, u8 ** cert, size_t * length)
{
int res;
dnie_channel_data_t *data;
LOG_FUNC_CALLED(card->ctx);
*cert = C_CV_IFDUser_AUT_pin_cert;
*length = sizeof(C_CV_IFDUser_AUT_pin_cert);
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
/* obtain the data channel info for the card */
res = dnie_get_channel_data(card, &data);
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
*cert = data->C_CV_IFDUser_AUT_pin_cert.value;
*length = data->C_CV_IFDUser_AUT_pin_cert.len;
LOG_FUNC_RETURN(card->ctx, res);
}
/**
@ -584,9 +870,16 @@ static int dnie_get_privkey(sc_card_t * card, EVP_PKEY ** ifd_privkey,
*/
static int dnie_get_ifd_privkey(sc_card_t * card, EVP_PKEY ** ifd_privkey)
{
return dnie_get_privkey(card, ifd_privkey, ifd_modulus, sizeof(ifd_modulus),
ifd_public_exponent, sizeof(ifd_public_exponent),
ifd_private_exponent, sizeof(ifd_private_exponent));
int res;
dnie_channel_data_t *data;
/* obtain the data channel info for the card */
res = dnie_get_channel_data(card, &data);
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
return dnie_get_privkey(card, ifd_privkey, data->ifd.modulus.value, data->ifd.modulus.len,
data->ifd.exponent.value, data->ifd.exponent.len,
data->ifd.private.value, data->ifd.private.len);
}
/**
@ -601,9 +894,16 @@ static int dnie_get_ifd_privkey(sc_card_t * card, EVP_PKEY ** ifd_privkey)
*/
static int dnie_get_ifd_privkey_pin(sc_card_t * card, EVP_PKEY ** ifd_privkey)
{
return dnie_get_privkey(card, ifd_privkey, ifd_pin_modulus, sizeof(ifd_pin_modulus),
ifd_pin_public_exponent, sizeof(ifd_pin_public_exponent),
ifd_pin_private_exponent, sizeof(ifd_pin_private_exponent));
int res;
dnie_channel_data_t *data;
/* obtain the data channel info for the card */
res = dnie_get_channel_data(card, &data);
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
return dnie_get_privkey(card, ifd_privkey, data->ifd_pin.modulus.value, data->ifd_pin.modulus.len,
data->ifd_pin.exponent.value, data->ifd_pin.exponent.len,
data->ifd_pin.private.value, data->ifd_pin.private.len);
}
/**
@ -615,7 +915,14 @@ static int dnie_get_ifd_privkey_pin(sc_card_t * card, EVP_PKEY ** ifd_privkey)
*/
static int dnie_get_icc_intermediate_ca_cert(sc_card_t * card, X509 ** cert)
{
return dnie_read_certificate(card, "3F006020", cert);
dnie_private_data_t *priv_data = GET_DNIE_PRIV_DATA(card);
int res = dnie_read_certificate(card, "3F006020", cert);
if (res == SC_SUCCESS && !priv_data->channel_data) {
/* initialize the secure channel data using the issuer cert */
res = dnie_set_channel_data(card, *cert);
}
return res;
}
/**
@ -642,9 +949,16 @@ static int dnie_get_icc_cert(sc_card_t * card, X509 ** cert)
static int dnie_get_root_ca_pubkey_ref(sc_card_t * card, u8 ** buf,
size_t * len)
{
*buf = root_ca_keyref;
*len = sizeof(root_ca_keyref);
return SC_SUCCESS;
int res;
dnie_channel_data_t *data;
/* obtain the data channel info for the card */
res = dnie_get_channel_data(card, &data);
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
*buf = data->root_ca_keyref.value;
*len = data->root_ca_keyref.len;
return res;
}
/**
@ -661,9 +975,16 @@ static int dnie_get_root_ca_pubkey_ref(sc_card_t * card, u8 ** buf,
static int dnie_get_intermediate_ca_pubkey_ref(sc_card_t * card, u8 ** buf,
size_t * len)
{
*buf = cvc_intca_keyref;
*len = sizeof(cvc_intca_keyref);
return SC_SUCCESS;
int res;
dnie_channel_data_t *data;
/* obtain the data channel info for the card */
res = dnie_get_channel_data(card, &data);
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
*buf = data->cvc_intca_keyref.value;
*len = data->cvc_intca_keyref.len;
return res;
}
/**
@ -680,9 +1001,16 @@ static int dnie_get_intermediate_ca_pubkey_ref(sc_card_t * card, u8 ** buf,
*/
static int dnie_get_ifd_pubkey_ref(sc_card_t * card, u8 ** buf, size_t * len)
{
*buf = cvc_ifd_keyref;
*len = sizeof(cvc_ifd_keyref);
return SC_SUCCESS;
int res;
dnie_channel_data_t *data;
/* obtain the data channel info for the card */
res = dnie_get_channel_data(card, &data);
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
*buf = data->cvc_ifd_keyref.value;
*len = data->cvc_ifd_keyref.len;
return res;
}
/**
@ -699,10 +1027,17 @@ static int dnie_get_ifd_pubkey_ref(sc_card_t * card, u8 ** buf, size_t * len)
*/
static int dnie_get_ifd_pubkey_ref_pin(sc_card_t * card, u8 ** buf, size_t * len)
{
int res;
dnie_channel_data_t *data;
LOG_FUNC_CALLED(card->ctx);
*buf = cvc_ifd_keyref_pin;
*len = sizeof(cvc_ifd_keyref_pin);
return SC_SUCCESS;
/* obtain the data channel info for the card */
res = dnie_get_channel_data(card, &data);
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
*buf = data->cvc_ifd_keyref_pin.value;
*len = data->cvc_ifd_keyref_pin.len;
return res;
}
/**
@ -718,9 +1053,16 @@ static int dnie_get_ifd_pubkey_ref_pin(sc_card_t * card, u8 ** buf, size_t * len
*/
static int dnie_get_icc_privkey_ref(sc_card_t * card, u8 ** buf, size_t * len)
{
*buf = icc_priv_keyref;
*len = sizeof(icc_priv_keyref);
return SC_SUCCESS;
int res;
dnie_channel_data_t *data;
/* obtain the data channel info for the card */
res = dnie_get_channel_data(card, &data);
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
*buf = data->icc_priv_keyref.value;
*len = data->icc_priv_keyref.len;
return res;
}
/**
@ -735,9 +1077,16 @@ static int dnie_get_icc_privkey_ref(sc_card_t * card, u8 ** buf, size_t * len)
*/
static int dnie_get_sn_ifd(sc_card_t * card)
{
int res;
dnie_channel_data_t *data;
struct sm_cwa_session * sm = &card->sm_ctx.info.session.cwa;
memcpy(sm->ifd.sn, sn_ifd, sizeof(sm->ifd.sn));
return SC_SUCCESS;
/* obtain the data channel info for the card */
res = dnie_get_channel_data(card, &data);
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
memcpy(sm->ifd.sn, data->sn_ifd.value, data->sn_ifd.len);
return res;
}
/**
@ -752,9 +1101,16 @@ static int dnie_get_sn_ifd(sc_card_t * card)
*/
static int dnie_get_sn_ifd_pin(sc_card_t * card)
{
int res;
dnie_channel_data_t *data;
struct sm_cwa_session * sm = &card->sm_ctx.info.session.cwa;
memcpy(sm->ifd.sn, sn_ifd_pin, sizeof(sm->ifd.sn));
return SC_SUCCESS;
/* obtain the data channel info for the card */
res = dnie_get_channel_data(card, &data);
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
memcpy(sm->ifd.sn, data->sn_ifd_pin.value, data->sn_ifd_pin.len);
return res;
}
/* Retrieve SN.ICC (8 bytes left padded with zeroes if needed).

36
src/libopensc/cwa-dnie.h
View File

@ -39,6 +39,41 @@ typedef struct ui_context {
struct cwa_provider_st;
/**
* Structs for the channel configuration data.
*/
typedef struct dnie_buffer {
u8 *value;
size_t len;
} dnie_buffer_t;
typedef struct dnie_public_key {
dnie_buffer_t modulus;
dnie_buffer_t exponent;
} dnie_public_key_t;
typedef struct dnie_private_key {
dnie_buffer_t modulus;
dnie_buffer_t exponent;
dnie_buffer_t private;
} dnie_private_key_t;
typedef struct dnie_channel_data {
dnie_public_key_t icc_root_ca;
dnie_private_key_t ifd;
dnie_private_key_t ifd_pin;
dnie_buffer_t C_CV_CA_CS_AUT_cert;
dnie_buffer_t C_CV_IFDUser_AUT_cert;
dnie_buffer_t C_CV_IFDUser_AUT_pin_cert;
dnie_buffer_t root_ca_keyref;
dnie_buffer_t icc_priv_keyref;
dnie_buffer_t cvc_intca_keyref;
dnie_buffer_t cvc_ifd_keyref;
dnie_buffer_t cvc_ifd_keyref_pin;
dnie_buffer_t sn_ifd;
dnie_buffer_t sn_ifd_pin;
} dnie_channel_data_t;
/**
* OpenDNIe private data declaration
*
@ -53,6 +88,7 @@ struct cwa_provider_st;
#ifdef ENABLE_DNIE_UI
struct ui_context ui_ctx;
#endif
dnie_channel_data_t *channel_data; /* Configuration data for the secure channel */
} dnie_private_data_t;
/**