Issue 2105: Add new DNIe CA structure for the secure channel
This commit is contained in:
parent
b577531720
commit
57a391f16c
|
@ -2176,7 +2176,9 @@ static int dnie_pin_verify(struct sc_card *card,
|
|||
if (card->atr.value[15] >= DNIE_30_VERSION) {
|
||||
sc_log(card->ctx, "DNIe 3.0 detected => re-establish secure channel");
|
||||
dnie_change_cwa_provider_to_secure(card);
|
||||
res = cwa_create_secure_channel(card, GET_DNIE_PRIV_DATA(card)->cwa_provider, CWA_SM_ON);
|
||||
if (res == SC_SUCCESS) {
|
||||
res = cwa_create_secure_channel(card, GET_DNIE_PRIV_DATA(card)->cwa_provider, CWA_SM_ON);
|
||||
}
|
||||
}
|
||||
|
||||
LOG_FUNC_RETURN(card->ctx, res);
|
||||
|
|
|
@ -50,9 +50,9 @@
|
|||
/********************* Keys and certificates as published by DGP ********/
|
||||
|
||||
/**
|
||||
* Modulo de la clave pública de la Root CA del DNIe electronico
|
||||
* Public Key modulus for the ROOT CA for DNIe (pk-RCAicc->n)
|
||||
*/
|
||||
static u8 icc_root_ca_modulus[] = {
|
||||
static u8 icc_root_ca_modulus_0[] = {
|
||||
0xEA, 0xDE, 0xDA, 0x45, 0x53, 0x32, 0x94, 0x50, 0x39, 0xDA, 0xA4, 0x04,
|
||||
0xC8, 0xEB, 0xC4, 0xD3, 0xB7, 0xF5, 0xDC, 0x86, 0x92, 0x83, 0xCD, 0xEA,
|
||||
0x2F, 0x10, 0x1E, 0x2A, 0xB5, 0x4F, 0xB0, 0xD0, 0xB0, 0x3D, 0x8F, 0x03,
|
||||
|
@ -66,17 +66,31 @@ static u8 icc_root_ca_modulus[] = {
|
|||
0x91, 0xDB, 0x64, 0xF8, 0x0B, 0x5E, 0x92, 0xCD
|
||||
};
|
||||
|
||||
static u8 icc_root_ca_modulus_1[] = {
|
||||
0xb9, 0x72, 0x34, 0x5e, 0x35, 0xbc, 0xdd, 0x12, 0xdc, 0x2c, 0x8e, 0x85,
|
||||
0xf6, 0x22, 0x97, 0x97, 0x9f, 0x12, 0x2b, 0xb7, 0xc9, 0xc3, 0xed, 0x13,
|
||||
0xa0, 0xc4, 0xeb, 0x59, 0x34, 0xe7, 0x0c, 0xd6, 0xd0, 0x0c, 0x54, 0x06,
|
||||
0x18, 0x38, 0x6e, 0x42, 0xf2, 0xba, 0x00, 0x89, 0xc0, 0xdd, 0x80, 0x0e,
|
||||
0xba, 0x78, 0x3b, 0xdc, 0x9d, 0x93, 0xd9, 0xfb, 0xfc, 0x3c, 0x16, 0x9f,
|
||||
0x9a, 0xf6, 0x4e, 0x80, 0x10, 0x0f, 0xc6, 0x87, 0xcc, 0xa5, 0x62, 0xe7,
|
||||
0xfc, 0x84, 0xd1, 0x12, 0x92, 0xc2, 0x40, 0x4c, 0x59, 0xb8, 0xa8, 0x60,
|
||||
0xd3, 0x9e, 0x2d, 0x66, 0x54, 0x7d, 0xc7, 0xb2, 0xd4, 0x8c, 0xa7, 0x89,
|
||||
0x81, 0x4f, 0x43, 0x06, 0x26, 0x34, 0xe3, 0xe0, 0xc0, 0xd6, 0xbf, 0x5f,
|
||||
0x54, 0xba, 0x1d, 0x9c, 0x46, 0x64, 0x45, 0x83, 0x1d, 0xcd, 0xea, 0xb0,
|
||||
0x87, 0x08, 0xf3, 0xf6, 0x22, 0x0e, 0x07, 0x75
|
||||
};
|
||||
|
||||
/**
|
||||
* Exponente de la clave publica de la Root CA del DNI electronico
|
||||
* Exponente de la clave publica de la Root CA del DNI electronico (pk-RCAicc->e)
|
||||
*/
|
||||
static u8 icc_root_ca_public_exponent[] = {
|
||||
0x01, 0x00, 0x01
|
||||
};
|
||||
|
||||
/**
|
||||
* Terminal (IFD) key modulus for SM channel creation
|
||||
* Terminal (IFD) key modulus for SM channel creation (dnieRealParam->sk-IFD-AUT->n)
|
||||
*/
|
||||
static u8 ifd_modulus[] = {
|
||||
static u8 ifd_modulus_0[] = {
|
||||
0xdb, 0x2c, 0xb4, 0x1e, 0x11, 0x2b, 0xac, 0xfa, 0x2b, 0xd7, 0xc3, 0xd3,
|
||||
0xd7, 0x96, 0x7e, 0x84, 0xfb, 0x94, 0x34, 0xfc, 0x26, 0x1f, 0x9d, 0x09,
|
||||
0x0a, 0x89, 0x83, 0x94, 0x7d, 0xaf, 0x84, 0x88, 0xd3, 0xdf, 0x8f, 0xbd,
|
||||
|
@ -90,10 +104,24 @@ static u8 ifd_modulus[] = {
|
|||
0x6a, 0xe2, 0x36, 0x59, 0x00, 0x16, 0xba, 0x69
|
||||
};
|
||||
|
||||
static u8 ifd_modulus_1[] = {
|
||||
0xbd, 0xef, 0xdb, 0x84, 0xec, 0xe6, 0x98, 0xb8, 0x28, 0x7f, 0x7f, 0xe6,
|
||||
0x29, 0x6d, 0x80, 0x72, 0x98, 0x3a, 0x1b, 0x3d, 0x3b, 0x9f, 0x57, 0xad,
|
||||
0x98, 0x4f, 0xba, 0x78, 0x58, 0x1f, 0xff, 0x52, 0xe9, 0x3d, 0x89, 0x6b,
|
||||
0xf5, 0x62, 0x25, 0xe9, 0xf8, 0x2e, 0x96, 0x95, 0x14, 0x00, 0x69, 0x98,
|
||||
0x2e, 0x5b, 0x5b, 0xce, 0x37, 0xad, 0x73, 0x16, 0x45, 0x02, 0xd8, 0xac,
|
||||
0xbd, 0x60, 0x5f, 0x69, 0x12, 0x4a, 0x3c, 0xf5, 0xaf, 0xe4, 0xb0, 0x18,
|
||||
0x60, 0x2d, 0xd4, 0xba, 0x04, 0xdb, 0xc9, 0x85, 0x88, 0x45, 0xe6, 0xa9,
|
||||
0xc4, 0x05, 0x5b, 0xc5, 0xbf, 0xa0, 0xed, 0xdb, 0x86, 0x67, 0x89, 0xf0,
|
||||
0xec, 0x6a, 0x80, 0xfc, 0xe5, 0x3c, 0x66, 0x08, 0xdf, 0xdc, 0x9b, 0x9f,
|
||||
0xe2, 0xed, 0x56, 0x75, 0x2c, 0xc6, 0x05, 0x51, 0x3b, 0xa3, 0xf1, 0x75,
|
||||
0x9c, 0xdd, 0x95, 0x22, 0x75, 0x3f, 0x18, 0xd7
|
||||
};
|
||||
|
||||
/**
|
||||
* Terminal (IFD) key modulus for SM channel creation for PIN channel DNIe 3.0
|
||||
* Terminal (IFD) key modulus for SM channel creation for PIN channel DNIe 3.0 (dnie30RealParamPIN->sk-IFD-AUT->n)
|
||||
*/
|
||||
static u8 ifd_pin_modulus[] = {
|
||||
static u8 ifd_pin_modulus_0[] = {
|
||||
0xF4, 0x27, 0x97, 0x8D, 0xA1, 0x59, 0xBA, 0x02, 0x79, 0x30, 0x8A, 0x6C,
|
||||
0x6A, 0x89, 0x50, 0x5A, 0xDA, 0x5A, 0x67, 0xC3, 0xDA, 0x26, 0x79, 0xEA,
|
||||
0xF4, 0xA1, 0xB0, 0x11, 0x9E, 0xDD, 0x4D, 0xF4, 0x6E, 0x78, 0x04, 0x24,
|
||||
|
@ -107,6 +135,20 @@ static u8 ifd_pin_modulus[] = {
|
|||
0x15, 0x96, 0x6A, 0x5A, 0x89, 0xAD, 0x58, 0xA5
|
||||
};
|
||||
|
||||
static u8 ifd_pin_modulus_1[] = {
|
||||
0xdf, 0x03, 0x93, 0x0d, 0x4f, 0x1d, 0x97, 0x15, 0xeb, 0xb0, 0x0f, 0xbd,
|
||||
0xae, 0x48, 0xaf, 0x9c, 0x9d, 0xbf, 0xd6, 0x99, 0xca, 0xb0, 0xbd, 0xbe,
|
||||
0x5c, 0xdb, 0x01, 0x34, 0x00, 0x0e, 0x46, 0x2e, 0x71, 0x3a, 0xe9, 0x7a,
|
||||
0x2f, 0x7e, 0x20, 0xaf, 0xbf, 0x84, 0xd3, 0xce, 0x73, 0x4f, 0xe2, 0x15,
|
||||
0x75, 0x7a, 0xaf, 0xa1, 0xe8, 0x9e, 0x64, 0x57, 0xea, 0xe2, 0xe8, 0x08,
|
||||
0x11, 0x03, 0x73, 0xe2, 0x56, 0x56, 0x34, 0x94, 0xfb, 0x5d, 0x10, 0x4f,
|
||||
0x0d, 0xcc, 0x88, 0x8d, 0x47, 0x96, 0x54, 0x3f, 0x03, 0x25, 0x4f, 0x4e,
|
||||
0x2c, 0xdf, 0x98, 0xb1, 0xe1, 0x26, 0x11, 0xe3, 0x98, 0x1f, 0x53, 0x33,
|
||||
0xdf, 0x98, 0xc8, 0x86, 0x01, 0x93, 0x75, 0x84, 0x0f, 0xac, 0x61, 0xdb,
|
||||
0x8f, 0x1b, 0xa3, 0xb5, 0x43, 0xdc, 0xea, 0x3d, 0x05, 0x9e, 0x6a, 0x41,
|
||||
0x4f, 0x6d, 0xd2, 0x9f, 0xc7, 0xc9, 0x9d, 0x8b
|
||||
};
|
||||
|
||||
/**
|
||||
* Terminal (IFD) public exponent for SM channel creation
|
||||
*/
|
||||
|
@ -122,9 +164,9 @@ static u8 ifd_pin_public_exponent[] = {
|
|||
};
|
||||
|
||||
/**
|
||||
* Terminal (IFD) private exponent for SM channel establishment
|
||||
* Terminal (IFD) private exponent for SM channel establishment (dnieRealParam->sk-IFD-AUT->d)
|
||||
*/
|
||||
static u8 ifd_private_exponent[] = {
|
||||
static u8 ifd_private_exponent_0[] = {
|
||||
0x18, 0xb4, 0x4a, 0x3d, 0x15, 0x5c, 0x61, 0xeb, 0xf4, 0xe3, 0x26, 0x1c,
|
||||
0x8b, 0xb1, 0x57, 0xe3, 0x6f, 0x63, 0xfe, 0x30, 0xe9, 0xaf, 0x28, 0x89,
|
||||
0x2b, 0x59, 0xe2, 0xad, 0xeb, 0x18, 0xcc, 0x8c, 0x8b, 0xad, 0x28, 0x4b,
|
||||
|
@ -138,10 +180,24 @@ static u8 ifd_private_exponent[] = {
|
|||
0xbd, 0x9b, 0x00, 0x31, 0x3c, 0x0f, 0x46, 0xed
|
||||
};
|
||||
|
||||
static u8 ifd_private_exponent_1[] = {
|
||||
0xa0, 0x51, 0x55, 0x93, 0xd4, 0x36, 0x2b, 0x8f, 0xbd, 0xb7, 0x28, 0xa8,
|
||||
0x88, 0x2d, 0x42, 0x2e, 0xf7, 0xa8, 0x8c, 0x17, 0x5a, 0x3c, 0xfb, 0xcf,
|
||||
0xad, 0xf1, 0x15, 0xee, 0xc0, 0x4b, 0x79, 0xc2, 0x6c, 0xd6, 0xa1, 0x28,
|
||||
0xbb, 0xbd, 0x35, 0x4d, 0x50, 0x4b, 0x5a, 0x94, 0xc8, 0x86, 0x34, 0x9a,
|
||||
0xdb, 0xfe, 0x06, 0xf6, 0x7f, 0xee, 0x6a, 0x66, 0xd0, 0xa7, 0x3f, 0x66,
|
||||
0x46, 0x8e, 0x92, 0xd8, 0x73, 0xb6, 0x8e, 0xe2, 0xcb, 0x47, 0xb1, 0xa1,
|
||||
0x5a, 0x2a, 0xa7, 0xd8, 0xc6, 0xce, 0x8f, 0x3f, 0x14, 0x93, 0x0d, 0x56,
|
||||
0xb6, 0x32, 0x7f, 0x56, 0xcb, 0x21, 0x54, 0x69, 0xa5, 0x7a, 0x1e, 0xe0,
|
||||
0x18, 0x8f, 0xd6, 0xd2, 0x6d, 0x83, 0xa3, 0x80, 0xa6, 0xab, 0xd3, 0xa8,
|
||||
0x9f, 0x1b, 0x63, 0xc4, 0x99, 0x81, 0x90, 0x46, 0x53, 0x69, 0x35, 0xad,
|
||||
0xb2, 0xdb, 0x3c, 0x17, 0xcc, 0xbd, 0xaa, 0x51
|
||||
};
|
||||
|
||||
/**
|
||||
* Terminal (IFD) private exponent for SM channel establishment for PIN channel DNIe 3.0
|
||||
* Terminal (IFD) private exponent for SM channel establishment for PIN channel DNIe 3.0 (dnie30RealParamDataPIN->sk-IFD-AUT->d)
|
||||
*/
|
||||
static u8 ifd_pin_private_exponent[] = {
|
||||
static u8 ifd_pin_private_exponent_0[] = {
|
||||
0xD2, 0x7A, 0x03, 0x23, 0x7C, 0x72, 0x2E, 0x71, 0x8D, 0x69, 0xF4, 0x1A,
|
||||
0xEC, 0x68, 0xBD, 0x95, 0xE4, 0xE0, 0xC4, 0xCD, 0x49, 0x15, 0x9C, 0x4A,
|
||||
0x99, 0x63, 0x7D, 0xB6, 0x62, 0xFE, 0xA3, 0x02, 0x51, 0xED, 0x32, 0x9C,
|
||||
|
@ -155,10 +211,24 @@ static u8 ifd_pin_private_exponent[] = {
|
|||
0xC6, 0x3B, 0x35, 0x8B, 0x7C, 0x11, 0x5A, 0xA1
|
||||
};
|
||||
|
||||
static u8 ifd_pin_private_exponent_1[] = {
|
||||
0x86, 0x6f, 0x0f, 0x2c, 0x0c, 0xaf, 0x17, 0xae, 0x7d, 0x1e, 0xea, 0xbe,
|
||||
0x3a, 0xdb, 0x52, 0x11, 0x24, 0xfe, 0xc9, 0x8c, 0x77, 0xa4, 0xc7, 0x1c,
|
||||
0x83, 0xb8, 0xf9, 0x26, 0xb1, 0x89, 0xe9, 0x40, 0x81, 0xbd, 0x33, 0x95,
|
||||
0x16, 0x1f, 0xff, 0xf0, 0x31, 0x91, 0x0e, 0x64, 0xfb, 0x1a, 0x02, 0x7d,
|
||||
0x51, 0x0e, 0x1d, 0xe5, 0x89, 0xe6, 0x41, 0x32, 0xc6, 0x42, 0xf6, 0x00,
|
||||
0x36, 0xd1, 0x4f, 0xfe, 0xd5, 0xd0, 0xce, 0x1f, 0x45, 0xe7, 0x11, 0x6f,
|
||||
0x13, 0xc4, 0xe6, 0x38, 0x8e, 0x25, 0xdd, 0x43, 0x83, 0x57, 0x78, 0x05,
|
||||
0x85, 0x73, 0xdc, 0x29, 0xad, 0x6a, 0x37, 0x32, 0x71, 0x6d, 0x08, 0x11,
|
||||
0x24, 0xb7, 0x52, 0x51, 0x40, 0xb1, 0xdd, 0xab, 0xe2, 0x51, 0xa4, 0x98,
|
||||
0x0c, 0xc5, 0xc0, 0x3a, 0x86, 0xa8, 0x2d, 0x17, 0x4f, 0xb7, 0xa8, 0x1d,
|
||||
0x24, 0x8d, 0x7c, 0xaa, 0x2b, 0x3d, 0x61, 0xd1
|
||||
};
|
||||
|
||||
/**
|
||||
* Intermediate CA certificate in CVC format (Card verifiable certificate)
|
||||
* Intermediate CA certificate in CVC format (Card verifiable certificate) (c-CV-CA-CS-AUT)
|
||||
*/
|
||||
static u8 C_CV_CA_CS_AUT_cert[] = {
|
||||
static u8 C_CV_CA_CS_AUT_cert_0[] = {
|
||||
0x7f, 0x21, 0x81, 0xce, 0x5f, 0x37, 0x81, 0x80, 0x3c, 0xba, 0xdc, 0x36,
|
||||
0x84, 0xbe, 0xf3, 0x20, 0x41, 0xad, 0x15, 0x50, 0x89, 0x25, 0x8d, 0xfd,
|
||||
0x20, 0xc6, 0x91, 0x15, 0xd7, 0x2f, 0x9c, 0x38, 0xaa, 0x99, 0xad, 0x6c,
|
||||
|
@ -179,10 +249,31 @@ static u8 C_CV_CA_CS_AUT_cert[] = {
|
|||
0x52, 0x44, 0x49, 0x60, 0x00, 0x06
|
||||
};
|
||||
|
||||
static u8 C_CV_CA_CS_AUT_cert_1[] = {
|
||||
0x7f, 0x21, 0x81, 0xce, 0x5f, 0x37, 0x81, 0x80, 0x7a, 0xa0, 0x6c, 0x96,
|
||||
0x5e, 0x8f, 0xb2, 0x19, 0x61, 0xcf, 0xd4, 0x49, 0xd0, 0x9b, 0x9d, 0xaf,
|
||||
0x03, 0x04, 0x73, 0x01, 0x15, 0x69, 0x70, 0xb7, 0x73, 0xf1, 0x9c, 0x40,
|
||||
0xf1, 0x27, 0xd3, 0x38, 0xe3, 0xc1, 0x35, 0xeb, 0x21, 0x20, 0x56, 0x6d,
|
||||
0xc6, 0xf9, 0xf7, 0x45, 0xff, 0xb8, 0xf8, 0xe2, 0xb6, 0x1e, 0xe8, 0x16,
|
||||
0x6f, 0xfd, 0x06, 0xd2, 0x8c, 0xb4, 0x8c, 0x15, 0x2a, 0x1f, 0xa4, 0xf7,
|
||||
0xe9, 0xf6, 0x09, 0xd7, 0x52, 0x76, 0x33, 0x1c, 0xb7, 0x00, 0xb8, 0x4e,
|
||||
0x36, 0xac, 0x8a, 0x0a, 0x77, 0x74, 0x46, 0x8c, 0x3c, 0xf3, 0xd1, 0x47,
|
||||
0xa4, 0x9c, 0x97, 0x6e, 0x17, 0xab, 0x02, 0xda, 0x03, 0xea, 0x4a, 0xc1,
|
||||
0x51, 0x77, 0x7e, 0xdf, 0xbc, 0x35, 0xc2, 0x7d, 0x56, 0xfb, 0xa6, 0x85,
|
||||
0x75, 0x6e, 0xd6, 0x52, 0x85, 0x1d, 0xfd, 0xe7, 0x01, 0xbf, 0x87, 0x49,
|
||||
0x92, 0xdd, 0x4d, 0xe8, 0x5f, 0x38, 0x3d, 0x33, 0xe3, 0xd5, 0x2a, 0x4b,
|
||||
0x09, 0x40, 0xe3, 0x90, 0xcd, 0x1a, 0x64, 0x1f, 0xea, 0x2e, 0x9c, 0xdd,
|
||||
0x79, 0xd3, 0x87, 0x2d, 0xd6, 0xc5, 0x08, 0xd5, 0xef, 0x23, 0x9c, 0xb0,
|
||||
0x7e, 0xb5, 0x55, 0x68, 0xce, 0x18, 0x8b, 0x65, 0x13, 0xac, 0xb8, 0x84,
|
||||
0x14, 0xc9, 0xad, 0xf7, 0xa6, 0x4e, 0x2c, 0xc0, 0xb3, 0x14, 0xd1, 0x27,
|
||||
0x54, 0xae, 0xee, 0x67, 0x00, 0x01, 0x00, 0x01, 0x42, 0x08, 0x65, 0x73,
|
||||
0x52, 0x44, 0x49, 0x62, 0x00, 0x18
|
||||
};
|
||||
|
||||
/**
|
||||
* Terminal (IFD) certificate in CVC format (PK.IFD.AUT)
|
||||
* Terminal (IFD) certificate in CVC format (PK.IFD.AUT) (dnieRealParamData->c-CV-IFD-AUT)
|
||||
*/
|
||||
static u8 C_CV_IFDUser_AUT_cert[] = {
|
||||
static u8 C_CV_IFDUser_AUT_cert_0[] = {
|
||||
0x7f, 0x21, 0x81, 0xcd, 0x5f, 0x37, 0x81, 0x80, 0x82, 0x5b, 0x69, 0xc6,
|
||||
0x45, 0x1e, 0x5f, 0x51, 0x70, 0x74, 0x38, 0x5f, 0x2f, 0x17, 0xd6, 0x4d,
|
||||
0xfe, 0x2e, 0x68, 0x56, 0x75, 0x67, 0x09, 0x4b, 0x57, 0xf3, 0xc5, 0x78,
|
||||
|
@ -203,10 +294,31 @@ static u8 C_CV_IFDUser_AUT_cert[] = {
|
|||
0x44, 0x49, 0x60, 0x00, 0x06
|
||||
};
|
||||
|
||||
static u8 C_CV_IFDUser_AUT_cert_1[] = {
|
||||
0x7f, 0x21, 0x81, 0xcd, 0x5f, 0x37, 0x81, 0x80, 0x5d, 0xa9, 0x4b, 0x6b,
|
||||
0x4e, 0xb8, 0x61, 0xec, 0xa6, 0x36, 0xd2, 0x67, 0x39, 0x74, 0x71, 0x1f,
|
||||
0x55, 0x63, 0x0f, 0x5b, 0x89, 0x03, 0x8c, 0x57, 0xd0, 0xbb, 0xbb, 0xc1,
|
||||
0xd2, 0xc6, 0x8c, 0xc3, 0xeb, 0x56, 0xd5, 0x30, 0x38, 0x00, 0xf5, 0xa9,
|
||||
0xf5, 0xe2, 0x96, 0x7f, 0xdf, 0x28, 0x91, 0x7b, 0xaf, 0xc8, 0x87, 0x63,
|
||||
0xb8, 0xec, 0x2c, 0x0e, 0xbe, 0x7a, 0xcb, 0x0b, 0xa4, 0xaf, 0xbf, 0xe6,
|
||||
0x6d, 0xb2, 0xa1, 0xed, 0xa1, 0x3e, 0x45, 0x64, 0xf7, 0x8e, 0x65, 0x58,
|
||||
0x6e, 0x51, 0x01, 0x76, 0xf1, 0x1c, 0x4c, 0x99, 0x36, 0x4a, 0xaf, 0x18,
|
||||
0x97, 0xd1, 0x1b, 0xf9, 0x8e, 0x9d, 0x1d, 0x0a, 0x12, 0xd0, 0x6a, 0xab,
|
||||
0x75, 0x76, 0x4a, 0xa8, 0xdc, 0x85, 0x8d, 0xf0, 0xf0, 0x03, 0xeb, 0x8b,
|
||||
0x4b, 0x3b, 0x56, 0xf5, 0xf9, 0x5f, 0xa6, 0x37, 0x53, 0x75, 0x19, 0xe4,
|
||||
0xc6, 0x55, 0x10, 0xf7, 0x5f, 0x38, 0x3c, 0x60, 0x2d, 0xd4, 0xba, 0x04,
|
||||
0xdb, 0xc9, 0x85, 0x88, 0x45, 0xe6, 0xa9, 0xc4, 0x05, 0x5b, 0xc5, 0xbf,
|
||||
0xa0, 0xed, 0xdb, 0x86, 0x67, 0x89, 0xf0, 0xec, 0x6a, 0x80, 0xfc, 0xe5,
|
||||
0x3c, 0x66, 0x08, 0xdf, 0xdc, 0x9b, 0x9f, 0xe2, 0xed, 0x56, 0x75, 0x2c,
|
||||
0xc6, 0x05, 0x51, 0x3b, 0xa3, 0xf1, 0x75, 0x9c, 0xdd, 0x95, 0x22, 0x75,
|
||||
0x3f, 0x18, 0xd7, 0x00, 0x01, 0x00, 0x01, 0x42, 0x08, 0x65, 0x73, 0x53,
|
||||
0x44, 0x49, 0x62, 0x00, 0x18
|
||||
};
|
||||
|
||||
/**
|
||||
* Terminal (IFD) certificate in CVC format (PK.IFD.AUT) for the PIN channel in DNIe 3.0
|
||||
* Terminal (IFD) certificate in CVC format (PK.IFD.AUT) for the PIN channel in DNIe 3.0 (dnie30RealParamDataPIN->c-CV-IFD-AUT)
|
||||
*/
|
||||
static u8 C_CV_IFDUser_AUT_pin_cert[] = {
|
||||
static u8 C_CV_IFDUser_AUT_pin_cert_0[] = {
|
||||
0x7f, 0x21, 0x81, 0xcd, 0x5f, 0x37, 0x81, 0x80, 0x69, 0xc4, 0xe4, 0x94,
|
||||
0xf0, 0x08, 0xe2, 0x42, 0x14, 0xb1, 0xc1, 0x31, 0xb6, 0x1f, 0xce, 0x9c,
|
||||
0x15, 0xfa, 0x3c, 0xb0, 0x61, 0xdd, 0x6f, 0x02, 0xd8, 0xa2, 0xcd, 0x30,
|
||||
|
@ -227,44 +339,135 @@ static u8 C_CV_IFDUser_AUT_pin_cert[] = {
|
|||
0x44, 0x49, 0x60, 0x00, 0x06
|
||||
};
|
||||
|
||||
static u8 C_CV_IFDUser_AUT_pin_cert_1[] = {
|
||||
0x7f, 0x21, 0x81, 0xcd, 0x5f, 0x37, 0x81, 0x80, 0x0a, 0x3d, 0xb4, 0xd1,
|
||||
0x57, 0x98, 0xf2, 0x34, 0xf6, 0x31, 0xfd, 0x94, 0xc9, 0x1d, 0x2a, 0x63,
|
||||
0x63, 0xd0, 0xe1, 0x8e, 0x1b, 0x56, 0xda, 0xbd, 0xe6, 0x22, 0xbc, 0x20,
|
||||
0x1f, 0xd7, 0xc7, 0xff, 0x59, 0xff, 0x66, 0xda, 0x6e, 0x43, 0x4f, 0xe2,
|
||||
0xf7, 0xf4, 0x6e, 0x42, 0xe4, 0xa6, 0x06, 0xea, 0x82, 0x39, 0xac, 0x1a,
|
||||
0xc3, 0x0c, 0x7d, 0xad, 0xe2, 0x29, 0x65, 0xdf, 0x60, 0x6d, 0x11, 0x5e,
|
||||
0x04, 0xc8, 0xef, 0xfc, 0x77, 0x2b, 0x8f, 0x5d, 0x48, 0x77, 0x3e, 0x34,
|
||||
0x95, 0x5f, 0x33, 0xf4, 0x64, 0xed, 0x85, 0xcc, 0x0e, 0xb1, 0xbc, 0x57,
|
||||
0x2a, 0xfa, 0xba, 0x47, 0x25, 0xfb, 0xf5, 0xbd, 0xcf, 0x1d, 0x8c, 0x38,
|
||||
0xc9, 0xfe, 0x9c, 0xd8, 0x53, 0x6f, 0x34, 0x0b, 0xce, 0x14, 0x1d, 0xf5,
|
||||
0x18, 0x7f, 0xa2, 0xe2, 0x37, 0x2d, 0x73, 0xbc, 0x7f, 0x89, 0x48, 0x35,
|
||||
0x0c, 0xba, 0xde, 0xf2, 0x5f, 0x38, 0x3c, 0x0d, 0xcc, 0x88, 0x8d, 0x47,
|
||||
0x96, 0x54, 0x3f, 0x03, 0x25, 0x4f, 0x4e, 0x2c, 0xdf, 0x98, 0xb1, 0xe1,
|
||||
0x26, 0x11, 0xe3, 0x98, 0x1f, 0x53, 0x33, 0xdf, 0x98, 0xc8, 0x86, 0x01,
|
||||
0x93, 0x75, 0x84, 0x0f, 0xac, 0x61, 0xdb, 0x8f, 0x1b, 0xa3, 0xb5, 0x43,
|
||||
0xdc, 0xea, 0x3d, 0x05, 0x9e, 0x6a, 0x41, 0x4f, 0x6d, 0xd2, 0x9f, 0xc7,
|
||||
0xc9, 0x9d, 0x8b, 0x00, 0x01, 0x00, 0x01, 0x42, 0x08, 0x65, 0x73, 0x53,
|
||||
0x44, 0x49, 0x62, 0x00, 0x18
|
||||
};
|
||||
|
||||
/**
|
||||
* Root CA card key reference
|
||||
* Root CA card key reference (pk-RCA-AUT-keyRef)
|
||||
*/
|
||||
static u8 root_ca_keyref[] = { 0x02, 0x0f };
|
||||
|
||||
|
||||
/**
|
||||
* ICC card private key reference
|
||||
* ICC card private key reference (sk-ICC-AUT-keyRef)
|
||||
*/
|
||||
static u8 icc_priv_keyref[] = { 0x02, 0x1f };
|
||||
|
||||
/**
|
||||
* Intermediate CA card key reference
|
||||
* Intermediate CA card key reference (ifd-keyRef)
|
||||
*/
|
||||
static u8 cvc_intca_keyref[] =
|
||||
{ 0x65, 0x73, 0x53, 0x44, 0x49, 0x60, 0x00, 0x06 };
|
||||
static u8 cvc_intca_keyref_0[] = { 0x65, 0x73, 0x53, 0x44, 0x49, 0x60, 0x00, 0x06 };
|
||||
static u8 cvc_intca_keyref_1[] = { 0x65, 0x73, 0x53, 0x44, 0x49, 0x62, 0x00, 0x18 };
|
||||
|
||||
/**
|
||||
* In memory key reference for selecting IFD sent certificate
|
||||
* In memory key reference for selecting IFD sent certificate (dnieRealParamData->pk-IFD-AUT-keyRef)
|
||||
*/
|
||||
static u8 cvc_ifd_keyref[] =
|
||||
{ 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };
|
||||
static u8 cvc_ifd_keyref_0[] = { 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };
|
||||
static u8 cvc_ifd_keyref_1[] = { 0x00, 0x00, 0x00, 0x00, 0xd0, 0x02, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x02 };
|
||||
|
||||
/**
|
||||
* In memory key reference for selecting IFD sent certificate in PIN channel DNIe 3.0
|
||||
* In memory key reference for selecting IFD sent certificate in PIN channel DNIe 3.0 (dnie30RealParamDataPIN->pk-IFD-AUT-keyRef)
|
||||
*/
|
||||
static u8 cvc_ifd_keyref_pin[] =
|
||||
{ 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};
|
||||
static u8 cvc_ifd_keyref_pin_0[] = { 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };
|
||||
static u8 cvc_ifd_keyref_pin_1[] = { 0x00, 0x00, 0x00, 0x00, 0xd0, 0x02, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x04 };
|
||||
|
||||
/**
|
||||
* Serial number for IFD Terminal application
|
||||
* Serial number for IFD Terminal application (dnieRealParamData->sn-IFD)
|
||||
*/
|
||||
static u8 sn_ifd[] = { 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };
|
||||
static u8 sn_ifd_0[] = { 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };
|
||||
static u8 sn_ifd_1[] = { 0xd0, 0x02, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x02 };
|
||||
|
||||
/**
|
||||
* Serial number for IFD Terminal application in PIN channel DNIe 3.0
|
||||
* Serial number for IFD Terminal application in PIN channel DNIe 3.0 (dnie30RealParamDataPIN->sn-IFD)
|
||||
*/
|
||||
static u8 sn_ifd_pin[] = { 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};
|
||||
static u8 sn_ifd_pin_0[] = { 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };
|
||||
static u8 sn_ifd_pin_1[] = { 0xd0, 0x02, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x04 };
|
||||
|
||||
#define AC_RAIZ_COMPONENTES_OLD_IDX 0
|
||||
#define AC_RAIZ_COMPONENTES_ISSUER "/C=ES/O=DIRECCION GENERAL DE LA POLICIA/OU=DNIE/OU=AC RAIZ COMPONENTES/CN=000000006573524449600006"
|
||||
#define AC_RAIZ_COMPONENTES_2_NEW_IDX 1
|
||||
#define AC_RAIZ_COMPONENTES_2_ISSUER "/C=ES/O=DIRECCION GENERAL DE LA POLICIA/OU=DNIE/organizationIdentifier=VATES-S2816015H/OU=AC RAIZ COMPONENTES 2/CN=000000006573524449620018"
|
||||
|
||||
/**
|
||||
* The DNIe secure channel uses some static configuration.
|
||||
* Since DNIe 'BMP100001' it seems that the old values were
|
||||
* replaced by new certs and keys. So an array of configuration
|
||||
* values is going to be added that will be set to the card
|
||||
* private data. For the moment the issuer of the icc intermediate
|
||||
* CA cert will be used to assign one or the other array element.
|
||||
*/
|
||||
static dnie_channel_data_t channel_data[] = {
|
||||
{ /* AC_RAIZ_COMPONENTES_OLD_IDX: Channel data configuration for DNIe before BMP100001 */
|
||||
.icc_root_ca = {
|
||||
.modulus = { icc_root_ca_modulus_0, sizeof(icc_root_ca_modulus_0) },
|
||||
.exponent = { icc_root_ca_public_exponent, sizeof(icc_root_ca_public_exponent) }
|
||||
},
|
||||
.ifd = {
|
||||
.modulus = { ifd_modulus_0, sizeof(ifd_modulus_0) },
|
||||
.exponent = { ifd_public_exponent, sizeof(ifd_public_exponent) },
|
||||
.private = { ifd_private_exponent_0, sizeof(ifd_private_exponent_0) }
|
||||
},
|
||||
.ifd_pin = {
|
||||
.modulus = { .value = ifd_pin_modulus_0, sizeof(ifd_pin_modulus_0) },
|
||||
.exponent = { .value = ifd_pin_public_exponent, sizeof(ifd_pin_public_exponent) },
|
||||
.private = { .value = ifd_pin_private_exponent_0, sizeof(ifd_pin_private_exponent_0) }
|
||||
},
|
||||
.C_CV_CA_CS_AUT_cert = { .value = C_CV_CA_CS_AUT_cert_0, sizeof(C_CV_CA_CS_AUT_cert_0) },
|
||||
.C_CV_IFDUser_AUT_cert = { .value = C_CV_IFDUser_AUT_cert_0, sizeof(C_CV_IFDUser_AUT_cert_0) },
|
||||
.C_CV_IFDUser_AUT_pin_cert = { .value = C_CV_IFDUser_AUT_pin_cert_0, sizeof(C_CV_IFDUser_AUT_pin_cert_0) },
|
||||
.root_ca_keyref = { root_ca_keyref, sizeof(root_ca_keyref) },
|
||||
.icc_priv_keyref = { icc_priv_keyref, sizeof(icc_priv_keyref) },
|
||||
.cvc_intca_keyref = { cvc_intca_keyref_0, sizeof(cvc_intca_keyref_0) },
|
||||
.cvc_ifd_keyref = { cvc_ifd_keyref_0, sizeof(cvc_ifd_keyref_0) },
|
||||
.cvc_ifd_keyref_pin = { cvc_ifd_keyref_pin_0, sizeof(cvc_ifd_keyref_pin_0) },
|
||||
.sn_ifd = { sn_ifd_0, sizeof(sn_ifd_0) },
|
||||
.sn_ifd_pin = { sn_ifd_pin_0, sizeof(sn_ifd_pin_0) }
|
||||
},
|
||||
{ /* AC_RAIZ_COMPONENTES_2_NEW_IDX: Channel data configuration for DNIe BMP100001 and newer */
|
||||
.icc_root_ca = {
|
||||
.modulus = { icc_root_ca_modulus_1, sizeof(icc_root_ca_modulus_1) },
|
||||
.exponent = { icc_root_ca_public_exponent, sizeof(icc_root_ca_public_exponent) }
|
||||
},
|
||||
.ifd = {
|
||||
.modulus = { ifd_modulus_1, sizeof(ifd_modulus_1) },
|
||||
.exponent = { ifd_public_exponent, sizeof(ifd_public_exponent) },
|
||||
.private = { ifd_private_exponent_1, sizeof(ifd_private_exponent_1) }
|
||||
},
|
||||
.ifd_pin = {
|
||||
.modulus = { .value = ifd_pin_modulus_1, sizeof(ifd_pin_modulus_1) },
|
||||
.exponent = { .value = ifd_pin_public_exponent, sizeof(ifd_pin_public_exponent) },
|
||||
.private = { .value = ifd_pin_private_exponent_1, sizeof(ifd_pin_private_exponent_1) }
|
||||
},
|
||||
.C_CV_CA_CS_AUT_cert = { .value = C_CV_CA_CS_AUT_cert_1, sizeof(C_CV_CA_CS_AUT_cert_1) },
|
||||
.C_CV_IFDUser_AUT_cert = { .value = C_CV_IFDUser_AUT_cert_1, sizeof(C_CV_IFDUser_AUT_cert_1) },
|
||||
.C_CV_IFDUser_AUT_pin_cert = { .value = C_CV_IFDUser_AUT_pin_cert_1, sizeof(C_CV_IFDUser_AUT_pin_cert_1) },
|
||||
.root_ca_keyref = { root_ca_keyref, sizeof(root_ca_keyref) },
|
||||
.icc_priv_keyref = { icc_priv_keyref, sizeof(icc_priv_keyref) },
|
||||
.cvc_intca_keyref = { cvc_intca_keyref_1, sizeof(cvc_intca_keyref_1) },
|
||||
.cvc_ifd_keyref = { cvc_ifd_keyref_1, sizeof(cvc_ifd_keyref_1) },
|
||||
.cvc_ifd_keyref_pin = { cvc_ifd_keyref_pin_1, sizeof(cvc_ifd_keyref_pin_1) },
|
||||
.sn_ifd = { sn_ifd_1, sizeof(sn_ifd_1) },
|
||||
.sn_ifd_pin = { sn_ifd_pin_1, sizeof(sn_ifd_pin_1) }
|
||||
}
|
||||
};
|
||||
|
||||
/************ internal functions **********************************/
|
||||
|
||||
|
@ -402,6 +605,63 @@ static int dnie_read_certificate(sc_card_t * card, char *certpath, X509 ** cert)
|
|||
LOG_FUNC_RETURN(card->ctx, res);
|
||||
}
|
||||
|
||||
/**
|
||||
* Method that sets the configuration channel data to use.
|
||||
* The configuration data is already set to the card private data.
|
||||
* Just created in case this will be modified.
|
||||
*
|
||||
* @param card Pointer to card driver structure
|
||||
* @param data The data for the channel will be assined here
|
||||
* @return SC_SUCCESS if ok; else error code
|
||||
*/
|
||||
static int dnie_get_channel_data(sc_card_t * card, dnie_channel_data_t ** data) {
|
||||
dnie_private_data_t *priv_data = GET_DNIE_PRIV_DATA(card);
|
||||
LOG_FUNC_CALLED(card->ctx);
|
||||
if (!priv_data->channel_data) {
|
||||
sc_log(card->ctx, "Data channel configuration was not initialized");
|
||||
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL);
|
||||
}
|
||||
*data = priv_data->channel_data;
|
||||
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
||||
}
|
||||
|
||||
/**
|
||||
* Method to assign into the private data the secure channel
|
||||
* configuration to use. Right now the icc_intermediate_ca_cert
|
||||
* issuer is used. If it is the new one the new data is assigned
|
||||
* else the old data is set.
|
||||
*
|
||||
* @param card Pointer to card driver structure
|
||||
* @param icc_intermediate_ca_cert Pointer to the X509 icc intermediate CA certificate
|
||||
* @return SC_SUCCESS if ok; else error code
|
||||
*/
|
||||
static int dnie_set_channel_data(sc_card_t * card, X509 * icc_intermediate_ca_cert) {
|
||||
char *buf = NULL;
|
||||
dnie_private_data_t *priv_data = GET_DNIE_PRIV_DATA(card);
|
||||
LOG_FUNC_CALLED(card->ctx);
|
||||
|
||||
X509_NAME *issuer = X509_get_issuer_name(icc_intermediate_ca_cert);
|
||||
if (issuer) {
|
||||
buf = X509_NAME_oneline(issuer, buf, 0);
|
||||
if (!buf) {
|
||||
LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
|
||||
}
|
||||
sc_log(card->ctx, "icc_intermediate_ca_cert issuer %s", buf);
|
||||
}
|
||||
|
||||
if (buf && strcmp(buf, AC_RAIZ_COMPONENTES_2_ISSUER) == 0) {
|
||||
sc_log(card->ctx, "assigning new data channel configuration");
|
||||
priv_data->channel_data = &channel_data[AC_RAIZ_COMPONENTES_2_NEW_IDX];
|
||||
} else {
|
||||
sc_log(card->ctx, "assigning old data channel configuration");
|
||||
priv_data->channel_data = &channel_data[AC_RAIZ_COMPONENTES_OLD_IDX];
|
||||
}
|
||||
if (buf) {
|
||||
OPENSSL_free(buf);
|
||||
}
|
||||
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
||||
}
|
||||
|
||||
/************ implementation of cwa provider methods **************/
|
||||
|
||||
/**
|
||||
|
@ -417,8 +677,13 @@ static int dnie_get_root_ca_pubkey(sc_card_t * card, EVP_PKEY ** root_ca_key)
|
|||
int res=SC_SUCCESS;
|
||||
RSA *root_ca_rsa=NULL;
|
||||
BIGNUM *root_ca_rsa_n, *root_ca_rsa_e;
|
||||
dnie_channel_data_t *data;
|
||||
LOG_FUNC_CALLED(card->ctx);
|
||||
|
||||
/* obtain the data channel info for the card */
|
||||
res = dnie_get_channel_data(card, &data);
|
||||
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
|
||||
|
||||
/* compose root_ca_public key with data provided by Dnie Manual */
|
||||
*root_ca_key = EVP_PKEY_new();
|
||||
root_ca_rsa = RSA_new();
|
||||
|
@ -427,8 +692,8 @@ static int dnie_get_root_ca_pubkey(sc_card_t * card, EVP_PKEY ** root_ca_key)
|
|||
return SC_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
root_ca_rsa_n = BN_bin2bn(icc_root_ca_modulus, sizeof(icc_root_ca_modulus), NULL);
|
||||
root_ca_rsa_e = BN_bin2bn(icc_root_ca_public_exponent, sizeof(icc_root_ca_public_exponent), NULL);
|
||||
root_ca_rsa_n = BN_bin2bn(data->icc_root_ca.modulus.value, data->icc_root_ca.modulus.len, NULL);
|
||||
root_ca_rsa_e = BN_bin2bn(data->icc_root_ca.exponent.value, data->icc_root_ca.exponent.len, NULL);
|
||||
if (RSA_set0_key(root_ca_rsa, root_ca_rsa_n, root_ca_rsa_e, NULL) != 1) {
|
||||
BN_free(root_ca_rsa_n);
|
||||
BN_free(root_ca_rsa_e);
|
||||
|
@ -466,10 +731,17 @@ static int dnie_get_root_ca_pubkey(sc_card_t * card, EVP_PKEY ** root_ca_key)
|
|||
*/
|
||||
static int dnie_get_cvc_ca_cert(sc_card_t * card, u8 ** cert, size_t * length)
|
||||
{
|
||||
int res;
|
||||
dnie_channel_data_t *data;
|
||||
LOG_FUNC_CALLED(card->ctx);
|
||||
*cert = C_CV_CA_CS_AUT_cert;
|
||||
*length = sizeof(C_CV_CA_CS_AUT_cert);
|
||||
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
||||
|
||||
/* obtain the data channel info for the card */
|
||||
res = dnie_get_channel_data(card, &data);
|
||||
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
|
||||
|
||||
*cert = data->C_CV_CA_CS_AUT_cert.value;
|
||||
*length = data->C_CV_CA_CS_AUT_cert.len;
|
||||
LOG_FUNC_RETURN(card->ctx, res);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -488,10 +760,17 @@ static int dnie_get_cvc_ca_cert(sc_card_t * card, u8 ** cert, size_t * length)
|
|||
*/
|
||||
static int dnie_get_cvc_ifd_cert(sc_card_t * card, u8 ** cert, size_t * length)
|
||||
{
|
||||
int res;
|
||||
dnie_channel_data_t *data;
|
||||
LOG_FUNC_CALLED(card->ctx);
|
||||
*cert = C_CV_IFDUser_AUT_cert;
|
||||
*length = sizeof(C_CV_IFDUser_AUT_cert);
|
||||
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
||||
|
||||
/* obtain the data channel info for the card */
|
||||
res = dnie_get_channel_data(card, &data);
|
||||
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
|
||||
|
||||
*cert = data->C_CV_IFDUser_AUT_cert.value;
|
||||
*length = data->C_CV_IFDUser_AUT_cert.len;
|
||||
LOG_FUNC_RETURN(card->ctx, res);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -511,10 +790,17 @@ static int dnie_get_cvc_ifd_cert(sc_card_t * card, u8 ** cert, size_t * length)
|
|||
*/
|
||||
static int dnie_get_cvc_ifd_cert_pin(sc_card_t * card, u8 ** cert, size_t * length)
|
||||
{
|
||||
int res;
|
||||
dnie_channel_data_t *data;
|
||||
LOG_FUNC_CALLED(card->ctx);
|
||||
*cert = C_CV_IFDUser_AUT_pin_cert;
|
||||
*length = sizeof(C_CV_IFDUser_AUT_pin_cert);
|
||||
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
||||
|
||||
/* obtain the data channel info for the card */
|
||||
res = dnie_get_channel_data(card, &data);
|
||||
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
|
||||
|
||||
*cert = data->C_CV_IFDUser_AUT_pin_cert.value;
|
||||
*length = data->C_CV_IFDUser_AUT_pin_cert.len;
|
||||
LOG_FUNC_RETURN(card->ctx, res);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -584,9 +870,16 @@ static int dnie_get_privkey(sc_card_t * card, EVP_PKEY ** ifd_privkey,
|
|||
*/
|
||||
static int dnie_get_ifd_privkey(sc_card_t * card, EVP_PKEY ** ifd_privkey)
|
||||
{
|
||||
return dnie_get_privkey(card, ifd_privkey, ifd_modulus, sizeof(ifd_modulus),
|
||||
ifd_public_exponent, sizeof(ifd_public_exponent),
|
||||
ifd_private_exponent, sizeof(ifd_private_exponent));
|
||||
int res;
|
||||
dnie_channel_data_t *data;
|
||||
|
||||
/* obtain the data channel info for the card */
|
||||
res = dnie_get_channel_data(card, &data);
|
||||
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
|
||||
|
||||
return dnie_get_privkey(card, ifd_privkey, data->ifd.modulus.value, data->ifd.modulus.len,
|
||||
data->ifd.exponent.value, data->ifd.exponent.len,
|
||||
data->ifd.private.value, data->ifd.private.len);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -601,9 +894,16 @@ static int dnie_get_ifd_privkey(sc_card_t * card, EVP_PKEY ** ifd_privkey)
|
|||
*/
|
||||
static int dnie_get_ifd_privkey_pin(sc_card_t * card, EVP_PKEY ** ifd_privkey)
|
||||
{
|
||||
return dnie_get_privkey(card, ifd_privkey, ifd_pin_modulus, sizeof(ifd_pin_modulus),
|
||||
ifd_pin_public_exponent, sizeof(ifd_pin_public_exponent),
|
||||
ifd_pin_private_exponent, sizeof(ifd_pin_private_exponent));
|
||||
int res;
|
||||
dnie_channel_data_t *data;
|
||||
|
||||
/* obtain the data channel info for the card */
|
||||
res = dnie_get_channel_data(card, &data);
|
||||
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
|
||||
|
||||
return dnie_get_privkey(card, ifd_privkey, data->ifd_pin.modulus.value, data->ifd_pin.modulus.len,
|
||||
data->ifd_pin.exponent.value, data->ifd_pin.exponent.len,
|
||||
data->ifd_pin.private.value, data->ifd_pin.private.len);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -615,7 +915,14 @@ static int dnie_get_ifd_privkey_pin(sc_card_t * card, EVP_PKEY ** ifd_privkey)
|
|||
*/
|
||||
static int dnie_get_icc_intermediate_ca_cert(sc_card_t * card, X509 ** cert)
|
||||
{
|
||||
return dnie_read_certificate(card, "3F006020", cert);
|
||||
dnie_private_data_t *priv_data = GET_DNIE_PRIV_DATA(card);
|
||||
|
||||
int res = dnie_read_certificate(card, "3F006020", cert);
|
||||
if (res == SC_SUCCESS && !priv_data->channel_data) {
|
||||
/* initialize the secure channel data using the issuer cert */
|
||||
res = dnie_set_channel_data(card, *cert);
|
||||
}
|
||||
return res;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -642,9 +949,16 @@ static int dnie_get_icc_cert(sc_card_t * card, X509 ** cert)
|
|||
static int dnie_get_root_ca_pubkey_ref(sc_card_t * card, u8 ** buf,
|
||||
size_t * len)
|
||||
{
|
||||
*buf = root_ca_keyref;
|
||||
*len = sizeof(root_ca_keyref);
|
||||
return SC_SUCCESS;
|
||||
int res;
|
||||
dnie_channel_data_t *data;
|
||||
|
||||
/* obtain the data channel info for the card */
|
||||
res = dnie_get_channel_data(card, &data);
|
||||
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
|
||||
|
||||
*buf = data->root_ca_keyref.value;
|
||||
*len = data->root_ca_keyref.len;
|
||||
return res;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -661,9 +975,16 @@ static int dnie_get_root_ca_pubkey_ref(sc_card_t * card, u8 ** buf,
|
|||
static int dnie_get_intermediate_ca_pubkey_ref(sc_card_t * card, u8 ** buf,
|
||||
size_t * len)
|
||||
{
|
||||
*buf = cvc_intca_keyref;
|
||||
*len = sizeof(cvc_intca_keyref);
|
||||
return SC_SUCCESS;
|
||||
int res;
|
||||
dnie_channel_data_t *data;
|
||||
|
||||
/* obtain the data channel info for the card */
|
||||
res = dnie_get_channel_data(card, &data);
|
||||
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
|
||||
|
||||
*buf = data->cvc_intca_keyref.value;
|
||||
*len = data->cvc_intca_keyref.len;
|
||||
return res;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -680,9 +1001,16 @@ static int dnie_get_intermediate_ca_pubkey_ref(sc_card_t * card, u8 ** buf,
|
|||
*/
|
||||
static int dnie_get_ifd_pubkey_ref(sc_card_t * card, u8 ** buf, size_t * len)
|
||||
{
|
||||
*buf = cvc_ifd_keyref;
|
||||
*len = sizeof(cvc_ifd_keyref);
|
||||
return SC_SUCCESS;
|
||||
int res;
|
||||
dnie_channel_data_t *data;
|
||||
|
||||
/* obtain the data channel info for the card */
|
||||
res = dnie_get_channel_data(card, &data);
|
||||
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
|
||||
|
||||
*buf = data->cvc_ifd_keyref.value;
|
||||
*len = data->cvc_ifd_keyref.len;
|
||||
return res;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -699,10 +1027,17 @@ static int dnie_get_ifd_pubkey_ref(sc_card_t * card, u8 ** buf, size_t * len)
|
|||
*/
|
||||
static int dnie_get_ifd_pubkey_ref_pin(sc_card_t * card, u8 ** buf, size_t * len)
|
||||
{
|
||||
int res;
|
||||
dnie_channel_data_t *data;
|
||||
LOG_FUNC_CALLED(card->ctx);
|
||||
*buf = cvc_ifd_keyref_pin;
|
||||
*len = sizeof(cvc_ifd_keyref_pin);
|
||||
return SC_SUCCESS;
|
||||
|
||||
/* obtain the data channel info for the card */
|
||||
res = dnie_get_channel_data(card, &data);
|
||||
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
|
||||
|
||||
*buf = data->cvc_ifd_keyref_pin.value;
|
||||
*len = data->cvc_ifd_keyref_pin.len;
|
||||
return res;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -718,9 +1053,16 @@ static int dnie_get_ifd_pubkey_ref_pin(sc_card_t * card, u8 ** buf, size_t * len
|
|||
*/
|
||||
static int dnie_get_icc_privkey_ref(sc_card_t * card, u8 ** buf, size_t * len)
|
||||
{
|
||||
*buf = icc_priv_keyref;
|
||||
*len = sizeof(icc_priv_keyref);
|
||||
return SC_SUCCESS;
|
||||
int res;
|
||||
dnie_channel_data_t *data;
|
||||
|
||||
/* obtain the data channel info for the card */
|
||||
res = dnie_get_channel_data(card, &data);
|
||||
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
|
||||
|
||||
*buf = data->icc_priv_keyref.value;
|
||||
*len = data->icc_priv_keyref.len;
|
||||
return res;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -735,9 +1077,16 @@ static int dnie_get_icc_privkey_ref(sc_card_t * card, u8 ** buf, size_t * len)
|
|||
*/
|
||||
static int dnie_get_sn_ifd(sc_card_t * card)
|
||||
{
|
||||
int res;
|
||||
dnie_channel_data_t *data;
|
||||
struct sm_cwa_session * sm = &card->sm_ctx.info.session.cwa;
|
||||
memcpy(sm->ifd.sn, sn_ifd, sizeof(sm->ifd.sn));
|
||||
return SC_SUCCESS;
|
||||
|
||||
/* obtain the data channel info for the card */
|
||||
res = dnie_get_channel_data(card, &data);
|
||||
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
|
||||
|
||||
memcpy(sm->ifd.sn, data->sn_ifd.value, data->sn_ifd.len);
|
||||
return res;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -752,9 +1101,16 @@ static int dnie_get_sn_ifd(sc_card_t * card)
|
|||
*/
|
||||
static int dnie_get_sn_ifd_pin(sc_card_t * card)
|
||||
{
|
||||
int res;
|
||||
dnie_channel_data_t *data;
|
||||
struct sm_cwa_session * sm = &card->sm_ctx.info.session.cwa;
|
||||
memcpy(sm->ifd.sn, sn_ifd_pin, sizeof(sm->ifd.sn));
|
||||
return SC_SUCCESS;
|
||||
|
||||
/* obtain the data channel info for the card */
|
||||
res = dnie_get_channel_data(card, &data);
|
||||
LOG_TEST_RET(card->ctx, res, "Error getting the card channel data");
|
||||
|
||||
memcpy(sm->ifd.sn, data->sn_ifd_pin.value, data->sn_ifd_pin.len);
|
||||
return res;
|
||||
}
|
||||
|
||||
/* Retrieve SN.ICC (8 bytes left padded with zeroes if needed).
|
||||
|
|
|
@ -39,6 +39,41 @@ typedef struct ui_context {
|
|||
|
||||
struct cwa_provider_st;
|
||||
|
||||
/**
|
||||
* Structs for the channel configuration data.
|
||||
*/
|
||||
typedef struct dnie_buffer {
|
||||
u8 *value;
|
||||
size_t len;
|
||||
} dnie_buffer_t;
|
||||
|
||||
typedef struct dnie_public_key {
|
||||
dnie_buffer_t modulus;
|
||||
dnie_buffer_t exponent;
|
||||
} dnie_public_key_t;
|
||||
|
||||
typedef struct dnie_private_key {
|
||||
dnie_buffer_t modulus;
|
||||
dnie_buffer_t exponent;
|
||||
dnie_buffer_t private;
|
||||
} dnie_private_key_t;
|
||||
|
||||
typedef struct dnie_channel_data {
|
||||
dnie_public_key_t icc_root_ca;
|
||||
dnie_private_key_t ifd;
|
||||
dnie_private_key_t ifd_pin;
|
||||
dnie_buffer_t C_CV_CA_CS_AUT_cert;
|
||||
dnie_buffer_t C_CV_IFDUser_AUT_cert;
|
||||
dnie_buffer_t C_CV_IFDUser_AUT_pin_cert;
|
||||
dnie_buffer_t root_ca_keyref;
|
||||
dnie_buffer_t icc_priv_keyref;
|
||||
dnie_buffer_t cvc_intca_keyref;
|
||||
dnie_buffer_t cvc_ifd_keyref;
|
||||
dnie_buffer_t cvc_ifd_keyref_pin;
|
||||
dnie_buffer_t sn_ifd;
|
||||
dnie_buffer_t sn_ifd_pin;
|
||||
} dnie_channel_data_t;
|
||||
|
||||
/**
|
||||
* OpenDNIe private data declaration
|
||||
*
|
||||
|
@ -53,6 +88,7 @@ struct cwa_provider_st;
|
|||
#ifdef ENABLE_DNIE_UI
|
||||
struct ui_context ui_ctx;
|
||||
#endif
|
||||
dnie_channel_data_t *channel_data; /* Configuration data for the secure channel */
|
||||
} dnie_private_data_t;
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue