fix typos
Mass-typo fixing, almost exclusively in comments and text strings. While at it also fixed a few (very few) grammar errors.
This commit is contained in:
parent
b4bc6de81b
commit
5abe99d228
2
NEWS
2
NEWS
|
@ -483,7 +483,7 @@ New in 0.12.0; 2010-12-22
|
|||
card initialized by Siemens software. Removed "--split-key" option,
|
||||
as it is no longer needed.
|
||||
* Improved debugging support: debug level 3 will show everything
|
||||
except of ASN1 and card matching debugging (usualy not needed).
|
||||
except of ASN1 and card matching debugging (usually not needed).
|
||||
* Massive changes to libopensc. This library is now internal, only
|
||||
used by opensc-pkcs11.so and command line tools. Header files are
|
||||
no longer installed, library should not be used by other applications.
|
||||
|
|
|
@ -68,7 +68,7 @@
|
|||
<option>-V</option>
|
||||
</term>
|
||||
<listitem><para>Show DNIe sw version.
|
||||
Displays sofware version for in-card DNIe OS</para></listitem>
|
||||
Displays software version for in-card DNIe OS</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
|
|
|
@ -75,7 +75,7 @@
|
|||
<term>
|
||||
<option>--new-admin-key</option> <replaceable>argument</replaceable>
|
||||
</term>
|
||||
<listitem><para>Define the new adminastrator key.</para></listitem>
|
||||
<listitem><para>Define the new administrator key.</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
|
|
|
@ -91,7 +91,7 @@
|
|||
<title>PIN format</title>
|
||||
<para>With the <option>-p</option>, <option>-u</option>, <option>-0</option> or the <option>-1</option>
|
||||
one of the cards pins may be specified. You may use plain ascii-strings (i.e. 123456) or a hex-string
|
||||
(i.e. 31:32:33:34:35:36). A hex-string must consists of exacly n 2-digit hexnumbers separated by n-1 colons.
|
||||
(i.e. 31:32:33:34:35:36). A hex-string must consist of exactly n 2-digit hexnumbers separated by n-1 colons.
|
||||
Otherwise it will be interpreted as an ascii string. For example :12:34: and 1:2:3:4 are both pins of
|
||||
length 7, while 12:34 and 01:02:03:04 are pins of length 2 and 4.</para>
|
||||
</refsect1>
|
||||
|
@ -112,7 +112,7 @@
|
|||
current value of your global PIN. </para>
|
||||
|
||||
<para>For most of the commands that <command>netkey-tool</command> can execute, you have
|
||||
to specify one pin. One notable exeption is the <command>nullpin</command> command, but
|
||||
to specify one pin. One notable exception is the <command>nullpin</command> command, but
|
||||
this command can only be executed once in the lifetime of a NetKey E4 card.</para>
|
||||
|
||||
<para>
|
||||
|
@ -154,7 +154,7 @@
|
|||
</term>
|
||||
<listitem><para>This command can be executed only if the global PIN of your card is
|
||||
in nullpin-state. There's no way to return back to nullpin-state once you have changed
|
||||
your global PIN. You don't need a pin to execute the nullpin-command. After a succesfull
|
||||
your global PIN. You don't need a pin to execute the nullpin-command. After a successful
|
||||
nullpin-command <command>netkey-tool</command> will display your cards initial
|
||||
PUK-value.</para></listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
<para>
|
||||
The <command>piv-tool</command> utility can be used from the command line to perform
|
||||
miscellaneous smart card operations on a HSPD-12 PIV smart card as defined in NIST 800-73-3.
|
||||
It is intened for use with test cards only. It can be used to load objects, and generate
|
||||
It is intended for use with test cards only. It can be used to load objects, and generate
|
||||
key pairs, as well as send arbitrary APDU commands to a card after having authenticated
|
||||
to the card using the card key provided by the card vendor.
|
||||
</para>
|
||||
|
|
|
@ -570,7 +570,7 @@
|
|||
in DER format from smart card:
|
||||
<programlisting>pkcs11-tool --read-object --id KEY_ID --type cert --outfile cert.der</programlisting>
|
||||
|
||||
To convert the certificate in DER formato to PEM format, use OpenSSL
|
||||
To convert the certificate in DER format to PEM format, use OpenSSL
|
||||
tools:
|
||||
<programlisting>openssl x509 -inform DER -in cert.der -outform PEM > cert.pem</programlisting>
|
||||
|
||||
|
|
|
@ -174,9 +174,9 @@
|
|||
</term>
|
||||
<listitem><para>When signing with ECDSA key this option indicates
|
||||
to <command>pkcs15-crypt</command> the signature output format.
|
||||
Possible values are 'rs'(default) -- two concatanated
|
||||
Possible values are 'rs'(default) -- two concatenated
|
||||
integers (PKCS#11), 'sequence' or 'openssl' -- DER encoded sequence
|
||||
of two integeres (OpenSSL).</para></listitem>
|
||||
of two integers (OpenSSL).</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
|
@ -315,7 +315,7 @@
|
|||
It is a good idea to specify the key ID along with this command,
|
||||
using the <option>id</option> option, otherwise an intrinsic ID
|
||||
will be calculated from the key material. Look the description of
|
||||
the 'pkcs15-id-style' attribut in the 'pkcs15.profile' for the details
|
||||
the 'pkcs15-id-style' attribute in the 'pkcs15.profile' for the details
|
||||
about the algorithm used to calculate intrinsic ID.
|
||||
For the multi-application cards the target PKCS#15 application can be
|
||||
specified by the hexadecimal AID value of the <option>aid</option> option.
|
||||
|
@ -419,9 +419,9 @@
|
|||
Tells <command>pkcs15-init</command> to store the certificate given
|
||||
in <option>filename</option> on the card, creating a certificate
|
||||
object with the ID specified via the <option>--id</option> option.
|
||||
Without supplied ID an intrisic ID will be calculated from the
|
||||
Without supplied ID an intrinsic ID will be calculated from the
|
||||
certificate's public key. Look the description of the 'pkcs15-id-style'
|
||||
attribut in the 'pkcs15.profile' for the details
|
||||
attribute in the 'pkcs15.profile' for the details
|
||||
about the algorithm used to calculate intrinsic ID.
|
||||
The file is assumed to contain the PEM encoded certificate.
|
||||
For the multi-application cards the target application can be specified
|
||||
|
@ -460,7 +460,7 @@
|
|||
It is a good idea to specify the key ID along with this command,
|
||||
using the <option>--id</option> option, otherwise an intrinsic ID
|
||||
will be calculated from the key material. Look the description of
|
||||
the 'pkcs15-id-style' attribut in the 'pkcs15.profile' for the details
|
||||
the 'pkcs15-id-style' attribute in the 'pkcs15.profile' for the details
|
||||
about the algorithm used to calculate intrinsic ID.
|
||||
For the multi-application cards the target PKCS#15 application can be
|
||||
specified by the hexadecimal AID value of the <option>aid</option> option.
|
||||
|
|
|
@ -31,7 +31,7 @@
|
|||
</para>
|
||||
<para>
|
||||
The card specific profile contains additional information required during
|
||||
card intialization, such as location of PIN files, key references etc.
|
||||
card initialization, such as location of PIN files, key references etc.
|
||||
Profiles currently reside in <command>@pkgdatadir@</command>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
|
|
@ -62,8 +62,8 @@
|
|||
<listitem><para>Finalize the card. Once finalized the default key is
|
||||
invalidated, so PIN and PUK cannot be changed anymore without user
|
||||
authentication.</para>
|
||||
<para>Warning, un-finalized are insecure because PIN can be changed
|
||||
without user authentication (knowledge of default key
|
||||
<para>Warning, un-finalized cards are insecure because the PIN can be
|
||||
changed without user authentication (knowledge of default key
|
||||
is enough).</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -73,8 +73,8 @@
|
|||
<option>-g</option>
|
||||
</term>
|
||||
<listitem><para>Generate a private key on the card. The card must not have
|
||||
been finalized and a PIN must be installed (ie. the file for ithe PIN must
|
||||
havei been created, see option <option>-i</option>).
|
||||
been finalized and a PIN must be installed (i.e. the file for the PIN must
|
||||
have been created, see option <option>-i</option>).
|
||||
By default the key length is 1536 bits. User authentication is required for
|
||||
this operation. </para></listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -51,7 +51,7 @@ app default {
|
|||
# disable_popups = true;
|
||||
|
||||
# Enable default card driver
|
||||
# Default card driver is explicitely enabled for the 'opensc-explorer' and 'opensc-tool'.
|
||||
# Default card driver is explicitly enabled for the 'opensc-explorer' and 'opensc-tool'.
|
||||
#
|
||||
# Default: false
|
||||
# enable_default_driver = true;
|
||||
|
@ -147,7 +147,7 @@ app default {
|
|||
# statically linked drivers that may be removed in the future.
|
||||
#
|
||||
# A special value of 'internal' will load all
|
||||
# statically linked drivers. If an unknown (ie. not
|
||||
# statically linked drivers. If an unknown (i.e. not
|
||||
# internal) driver is supplied, a separate configuration
|
||||
# configuration block has to be written for the driver.
|
||||
# Default: internal
|
||||
|
@ -982,8 +982,8 @@ app default {
|
|||
# - type (generic, protected) used to distinguish the common access application
|
||||
# and application for which authentication to perform some operation cannot be
|
||||
# obtained with the common procedures (ex. object creation protected by secure messaging).
|
||||
# Used by PKCS#11 module configurated to expose restricted number of slots.
|
||||
# (for ex. configurated to expose only User PIN slot, User and Sign PINs slots, ...)
|
||||
# Used by PKCS#11 module configured to expose restricted number of slots.
|
||||
# (for ex. configured to expose only User PIN slot, User and Sign PINs slots, ...)
|
||||
#
|
||||
# - disable: do not expose application in PKCS15 framework
|
||||
# default 'false'
|
||||
|
@ -1071,7 +1071,7 @@ app opensc-pkcs11 {
|
|||
# abusing an existing login or they may logout unnoticed.
|
||||
#
|
||||
# With this setting enabled the login state of the token is tracked and
|
||||
# cached (including the PIN). Every transaction is preceeded by
|
||||
# cached (including the PIN). Every transaction is preceded by
|
||||
# restoring the login state. After every transaction a logout is
|
||||
# performed. This setting by default also enables `lock_login` (see
|
||||
# above) to disable access for other applications during the atomic
|
||||
|
|
|
@ -35,7 +35,7 @@ app default {
|
|||
# What reader drivers to load at start-up
|
||||
#
|
||||
# A special value of 'internal' will load all
|
||||
# statically linked drivers. If an unknown (ie. not
|
||||
# statically linked drivers. If an unknown (i.e. not
|
||||
# internal) driver is supplied, a separate configuration
|
||||
# configuration block has to be written for the driver.
|
||||
# Default: internal
|
||||
|
@ -96,7 +96,7 @@ app default {
|
|||
# What card drivers to load at start-up
|
||||
#
|
||||
# A special value of 'internal' will load all
|
||||
# statically linked drivers. If an unknown (ie. not
|
||||
# statically linked drivers. If an unknown (i.e. not
|
||||
# internal) driver is supplied, a separate configuration
|
||||
# configuration block has to be written for the driver.
|
||||
# Default: internal
|
||||
|
|
|
@ -94,14 +94,14 @@ WHY RE-INVENT THE WHEEL?
|
|||
========================
|
||||
|
||||
I re-implemented getopt, getopt_long, and getopt_long_only because
|
||||
there were noticable bugs in several versions of the GNU
|
||||
there were noticeable bugs in several versions of the GNU
|
||||
implementations, and because the GNU versions aren't always available
|
||||
on some systems (*BSD, for example.) Other systems don't include any
|
||||
sort of standard argument parser (Win32 with Microsoft tools, for
|
||||
example, has no getopt.)
|
||||
|
||||
These should do all the expected Unix- and GNU-style argument
|
||||
parsing, including permution, bunching, long options with single or
|
||||
parsing, including permutation, bunching, long options with single or
|
||||
double dashes (double dashes are required if you use
|
||||
my_getopt_long,) and optional arguments for both long and short
|
||||
options. A word with double dashes all by themselves halts argument
|
||||
|
@ -112,11 +112,11 @@ separated by '='.
|
|||
|
||||
As with the GNU versions, a '+' prefix to the short option
|
||||
specification (or the POSIXLY_CORRECT environment variable) disables
|
||||
permution, a '-' prefix to the short option specification returns 1
|
||||
permutation, a '-' prefix to the short option specification returns 1
|
||||
for non-options, ':' after a short option indicates a required
|
||||
argument, and '::' after a short option specification indicates an
|
||||
optional argument (which must appear in the same word.) If you'd like
|
||||
to recieve ':' instead of '?' for missing option arguments, prefix the
|
||||
to receive ':' instead of '?' for missing option arguments, prefix the
|
||||
short option specification with ':'.
|
||||
|
||||
The original intent was to re-implement the documented behavior of
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
strncpy() is unsafe since it does not always add a final NUL-byte.
|
||||
OpenBSD developped a safer version called strlcpy().
|
||||
OpenBSD developed a safer version called strlcpy().
|
||||
|
||||
Use "man -l strlcpy.3" to read the manpage.
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@ char *my_optarg=0;
|
|||
|
||||
/* this is the plain old UNIX getopt, with GNU-style extensions. */
|
||||
/* if you're porting some piece of UNIX software, this is all you need. */
|
||||
/* this supports GNU-style permution and optional arguments */
|
||||
/* this supports GNU-style permutation and optional arguments */
|
||||
|
||||
int my_getopt(int argc, char * argv[], const char *opts)
|
||||
{
|
||||
|
|
|
@ -119,7 +119,7 @@
|
|||
#include "simclist.h"
|
||||
|
||||
|
||||
/* minumum number of elements for sorting with quicksort instead of insertion */
|
||||
/* minimum number of elements for sorting with quicksort instead of insertion */
|
||||
#define SIMCLIST_MINQUICKSORTELS 24
|
||||
|
||||
|
||||
|
@ -199,7 +199,7 @@ static simclist_inline struct list_entry_s *list_findpos(const list_t *simclist_
|
|||
* 3. avoid interference with user's RNG
|
||||
*
|
||||
* Facts pro system RNG:
|
||||
* 1. may be more accurate (irrelevant for SimCList randno purposes)
|
||||
* 1. may be more accurate (irrelevant for SimCList random purposes)
|
||||
* 2. why reinvent the wheel
|
||||
*
|
||||
* Default to local RNG for user's ease of use.
|
||||
|
|
|
@ -106,7 +106,7 @@ typedef struct {
|
|||
* -# receives two references to elements a and b
|
||||
* -# returns {<0, 0, >0} if (a > b), (a == b), (a < b) respectively
|
||||
*
|
||||
* It is responsability of the function to handle possible NULL values.
|
||||
* It is responsibility of the function to handle possible NULL values.
|
||||
*/
|
||||
typedef int (*element_comparator)(const void *a, const void *b);
|
||||
|
||||
|
@ -118,7 +118,7 @@ typedef int (*element_comparator)(const void *a, const void *b);
|
|||
* -# receives a reference to some indicator data
|
||||
* -# returns non-0 if the element matches the indicator, 0 otherwise
|
||||
*
|
||||
* It is responsability of the function to handle possible NULL values in any
|
||||
* It is responsibility of the function to handle possible NULL values in any
|
||||
* argument.
|
||||
*/
|
||||
typedef int (*element_seeker)(const void *el, const void *indicator);
|
||||
|
@ -130,7 +130,7 @@ typedef int (*element_seeker)(const void *el, const void *indicator);
|
|||
* -# receives the reference to an element el
|
||||
* -# returns its size in bytes
|
||||
*
|
||||
* It is responsability of the function to handle possible NULL values.
|
||||
* It is responsibility of the function to handle possible NULL values.
|
||||
*/
|
||||
typedef size_t (*element_meter)(const void *el);
|
||||
|
||||
|
@ -141,7 +141,7 @@ typedef size_t (*element_meter)(const void *el);
|
|||
* -# receives the reference to an element el
|
||||
* -# returns a hash value for el
|
||||
*
|
||||
* It is responsability of the function to handle possible NULL values.
|
||||
* It is responsibility of the function to handle possible NULL values.
|
||||
*/
|
||||
typedef list_hash_t (*element_hash_computer)(const void *el);
|
||||
|
||||
|
@ -151,7 +151,7 @@ typedef list_hash_t (*element_hash_computer)(const void *el);
|
|||
* A serializer function is one that gets a reference to an element,
|
||||
* and returns a reference to a buffer that contains its serialization
|
||||
* along with the length of this buffer.
|
||||
* It is responsability of the function to handle possible NULL values,
|
||||
* It is responsibility of the function to handle possible NULL values,
|
||||
* returning a NULL buffer and a 0 buffer length.
|
||||
*
|
||||
* These functions have 3 goals:
|
||||
|
@ -290,7 +290,7 @@ int list_attributes_seeker(list_t *simclist_restrict l, element_seeker seeker_fu
|
|||
* the list by its actual data is not free()d. With this option, every
|
||||
* deletion causes element data to be freed.
|
||||
*
|
||||
* It is responsability of this function to correctly handle NULL values, if
|
||||
* It is responsibility of this function to correctly handle NULL values, if
|
||||
* NULL elements are inserted into the list.
|
||||
*
|
||||
* @param l list to operate
|
||||
|
@ -470,7 +470,7 @@ int list_insert_at(list_t *simclist_restrict l, const void *data, unsigned int p
|
|||
* expunge the first found given element from the list.
|
||||
*
|
||||
* Inspects the given list looking for the given element; if the element
|
||||
* is found, it is removed. Only the first occurence is removed.
|
||||
* is found, it is removed. Only the first occurrence is removed.
|
||||
* If a comparator function was not set, elements are compared by reference.
|
||||
* Otherwise, the comparator is used to match the element.
|
||||
*
|
||||
|
@ -505,7 +505,7 @@ int list_delete_range(list_t *simclist_restrict l, unsigned int posstart, unsign
|
|||
/**
|
||||
* clear all the elements off of the list.
|
||||
*
|
||||
* The element datums will not be freed.
|
||||
* The element data will not be freed.
|
||||
*
|
||||
* @see list_delete_range()
|
||||
* @see list_size()
|
||||
|
@ -595,7 +595,7 @@ int list_contains(const list_t *simclist_restrict l, const void *data);
|
|||
* user-provided list object, which must be different from both the
|
||||
* lists to concatenate. Attributes from the original lists are not
|
||||
* cloned.
|
||||
* The destination list referred is threated as virgin room: if it
|
||||
* The destination list referred is treated as virgin room: if it
|
||||
* is an existing list containing elements, memory leaks will happen.
|
||||
* It is OK to specify the same list twice as source, for "doubling"
|
||||
* it in the destination.
|
||||
|
@ -672,7 +672,7 @@ int list_hash(const list_t *simclist_restrict l, list_hash_t *simclist_restrict
|
|||
|
||||
#ifdef SIMCLIST_DUMPRESTORE
|
||||
/**
|
||||
* get meta informations on a list dump on filedescriptor.
|
||||
* get meta information on a list dump on filedescriptor.
|
||||
*
|
||||
* [ advanced function ]
|
||||
*
|
||||
|
@ -689,7 +689,7 @@ int list_hash(const list_t *simclist_restrict l, list_hash_t *simclist_restrict
|
|||
int list_dump_getinfo_filedescriptor(int fd, list_dump_info_t *simclist_restrict info);
|
||||
|
||||
/**
|
||||
* get meta informations on a list dump on file.
|
||||
* get meta information on a list dump on file.
|
||||
*
|
||||
* [ advanced function ]
|
||||
*
|
||||
|
|
|
@ -244,7 +244,7 @@ int sc_apdu_set_resp(sc_context_t *ctx, sc_apdu_t *apdu, const u8 *buf,
|
|||
* +-------------------------------+
|
||||
* |
|
||||
* v
|
||||
* card->reader->ops->tranmit
|
||||
* card->reader->ops->transmit
|
||||
*/
|
||||
|
||||
/** basic consistency check of the sc_apdu_t object
|
||||
|
@ -350,7 +350,7 @@ sc_detect_apdu_cse(const sc_card_t *card, sc_apdu_t *apdu)
|
|||
if (apdu->cse == SC_APDU_CASE_2 || apdu->cse == SC_APDU_CASE_3 ||
|
||||
apdu->cse == SC_APDU_CASE_4) {
|
||||
int btype = apdu->cse & SC_APDU_SHORT_MASK;
|
||||
/* if either Lc or Le is bigger than the maximun for
|
||||
/* if either Lc or Le is bigger than the maximum for
|
||||
* short APDUs and the card supports extended APDUs
|
||||
* use extended APDUs (unless Lc is greater than
|
||||
* 255 and command chaining is activated) */
|
||||
|
@ -443,7 +443,7 @@ sc_get_response(struct sc_card *card, struct sc_apdu *apdu, size_t olen)
|
|||
if (!card->ops->get_response)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "no GET RESPONSE command");
|
||||
|
||||
/* call GET RESPONSE until we have read all data requested or until the card retuns 0x9000,
|
||||
/* call GET RESPONSE until we have read all data requested or until the card returns 0x9000,
|
||||
* whatever happens first. */
|
||||
|
||||
/* if there are already data in response append a new data to the end of the buffer */
|
||||
|
@ -524,7 +524,7 @@ sc_transmit(sc_card_t *card, sc_apdu_t *apdu)
|
|||
LOG_TEST_RET(ctx, r, "transmit APDU failed");
|
||||
|
||||
/* ok, the APDU was successfully transmitted. Now we have two special cases:
|
||||
* 1. the card returned 0x6Cxx: in this case APDU will be re-trasmitted with Le set to SW2
|
||||
* 1. the card returned 0x6Cxx: in this case APDU will be re-transmitted with Le set to SW2
|
||||
* (possible only if response buffer size is larger than new Le = SW2)
|
||||
*/
|
||||
if (apdu->sw1 == 0x6C && (apdu->flags & SC_APDU_FLAGS_NO_RETRY_WL) == 0)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* aux-data.h: Non PKCS#15, non ISO7816 data
|
||||
* Used to pass auxiliary data from non PKCS#15, non ISO7816 appliations (like minidriver)
|
||||
* Used to pass auxiliary data from non PKCS#15, non ISO7816 applications (like minidriver)
|
||||
* to card specific part through the standard PKCS#15 and ISO7816 frameworks
|
||||
*
|
||||
* Copyright (C) 2016 Viktor Tarasov <viktor.tarasov@gmail.com>
|
||||
|
|
|
@ -181,7 +181,7 @@ static int acos5_list_files(sc_card_t * card, u8 * buf, size_t buflen)
|
|||
|
||||
/*
|
||||
* Use CARD GET INFO to fetch the number of files under the
|
||||
* curently selected DF.
|
||||
* currently selected DF.
|
||||
*/
|
||||
sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x14, 0x01, 0x00);
|
||||
apdu.cla |= 0x80;
|
||||
|
|
|
@ -140,7 +140,7 @@ static int set_sec_attr(sc_file_t *file, unsigned int am, unsigned int ac,
|
|||
{
|
||||
const amode_entry_t *table;
|
||||
|
||||
/* CHV with reference '0' is the trasport PIN
|
||||
/* CHV with reference '0' is the transport PIN
|
||||
* and is presented as 'AUT' key with reference '0'*/
|
||||
if (meth == SC_AC_CHV && ac == 0)
|
||||
meth = SC_AC_AUT;
|
||||
|
@ -377,7 +377,7 @@ static int asepcos_set_security_attributes(sc_card_t *card, sc_file_t *file)
|
|||
u8 buf[64], *p;
|
||||
int r = SC_SUCCESS;
|
||||
|
||||
/* first check wether the security attributes in encoded form
|
||||
/* first check whether the security attributes in encoded form
|
||||
* are already set. If present use these */
|
||||
if (file->sec_attr != NULL && file->sec_attr_len != 0)
|
||||
return asepcos_set_sec_attributes(card, file->sec_attr,
|
||||
|
@ -420,7 +420,7 @@ static int asepcos_set_security_attributes(sc_card_t *card, sc_file_t *file)
|
|||
*p++ = (st.fileid >> 8 ) & 0xff;
|
||||
*p++ = st.fileid & 0xff;
|
||||
} else {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unknow auth method: '%d'", ent->method);
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unknown auth method: '%d'", ent->method);
|
||||
return SC_ERROR_INTERNAL;
|
||||
}
|
||||
}
|
||||
|
@ -746,7 +746,7 @@ static int asepcos_delete_file(sc_card_t *card, const sc_path_t *path)
|
|||
buf[0] = path->value[path->len-2];
|
||||
buf[1] = path->value[path->len-1];
|
||||
} else {
|
||||
/* presumedly a DF */
|
||||
/* presumably a DF */
|
||||
atype = SC_APDU_CASE_1;
|
||||
ftype = 0x00;
|
||||
}
|
||||
|
@ -1008,7 +1008,7 @@ static int asepcos_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *pdata,
|
|||
}
|
||||
break;
|
||||
default:
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "error: unknow cmd type");
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "error: unknown cmd type");
|
||||
return SC_ERROR_INTERNAL;
|
||||
}
|
||||
/* Clear the buffer - it may contain pins */
|
||||
|
|
|
@ -467,7 +467,7 @@ static int atrust_acos_select_file(struct sc_card *card,
|
|||
if ( card->cache.valid && bMatch >= 0 )
|
||||
{
|
||||
if ( pathlen - bMatch == 2 )
|
||||
/* we are in the rigth directory */
|
||||
/* we are in the right directory */
|
||||
return atrust_acos_select_fid(card, path[bMatch], path[bMatch+1], file_out);
|
||||
else if ( pathlen - bMatch > 2 )
|
||||
{
|
||||
|
|
|
@ -2197,7 +2197,7 @@ authentic_sm_free_wrapped_apdu(struct sc_card *card, struct sc_apdu *plain, stru
|
|||
|
||||
if (plain) {
|
||||
if (plain->resplen < (*sm_apdu)->resplen)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "Unsufficient plain APDU response size");
|
||||
LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "Insufficient plain APDU response size");
|
||||
memcpy(plain->resp, (*sm_apdu)->resp, (*sm_apdu)->resplen);
|
||||
plain->resplen = (*sm_apdu)->resplen;
|
||||
plain->sw1 = (*sm_apdu)->sw1;
|
||||
|
|
|
@ -20,14 +20,14 @@
|
|||
|
||||
/* About the Belpic (Belgian Personal Identity Card) card
|
||||
*
|
||||
* The Belpic card is a Cyberflex Java card, so you normaly communicate
|
||||
* The Belpic card is a Cyberflex Java card, so you normally communicate
|
||||
* with an applet running on the card. In order to support a pkcs15 file
|
||||
* structure, an applet (the Belpic applet) has been build that emulates
|
||||
* this. So the card's behaviour is specific for this Belpic applet, that's
|
||||
* why a separate driver has been made.
|
||||
*
|
||||
* The card contains the citizen's ID data (name, address, photo, ...) and
|
||||
* her keys and certs. The ID data are in a seperate directory on the card and
|
||||
* her keys and certs. The ID data are in a separate directory on the card and
|
||||
* are not handled by this software. For the cryptographic data (keys and certs)
|
||||
* a pkcs#15 structure has been chosen and they can be accessed and used
|
||||
* by the OpenSC software.
|
||||
|
@ -35,20 +35,20 @@
|
|||
* The current situation about the cryptographic data is: there is 1 PIN
|
||||
* that protects 2 private keys and corresponding certs. Then there is a
|
||||
* CA cert and the root cert. The first key (Auth Key) can be used for
|
||||
* authentication, the second one (NonRep Key) for non repudation purposes
|
||||
* authentication, the second one (NonRep Key) for non repudiation purposes
|
||||
* (so it can be used as an alternative to manual signatures).
|
||||
*
|
||||
* There are some special things to note, which all have some consequences:
|
||||
* (1) the SELECT FILE command doesn't return any FCI (file length, type, ...)
|
||||
* (2) the NonRep key needs a VERIFY PIN before a signature can be done with it
|
||||
* (3) pin pad readers had to be supported by a proprietory interface (as at
|
||||
* that moment no other solution was known/avaiable/ready)
|
||||
* (3) pin pad readers had to be supported by a proprietary interface (as at
|
||||
* that moment no other solution was known/available/ready)
|
||||
* The consequences are:
|
||||
*
|
||||
* For (1): we let the SELECT FILE command return that the file length is
|
||||
* a fixed large number and that each file is a transparant working EF
|
||||
* a fixed large number and that each file is a transparent working EF
|
||||
* (except the root dir 3F 00). This way however, there is a problem with the
|
||||
* sc_read_binary() function that will only stop reading untill it receivces
|
||||
* sc_read_binary() function that will only stop reading until it receives
|
||||
* a 0. Therefore, we use the 'next_idx' trick. Or, if that might fail
|
||||
* and so a READ BINARY past the end of file is done, length 0 is returned
|
||||
* instead of an error code.
|
||||
|
@ -58,11 +58,11 @@
|
|||
* causes other problems and is less user-friendly). A GUI being popped up
|
||||
* by the pkcs11 lib before each NonRep signature has another important
|
||||
* security advantage: applications that cache the PIN can't silently do
|
||||
* a NonRep signature because there will allways be the GUI.
|
||||
* a NonRep signature because there will always be the GUI.
|
||||
*
|
||||
* For (3), we link dynamically against a pin pad lib (DLL) that implements the
|
||||
* proprietory API for a specific pin pad. For each pin pad reader (identified
|
||||
* by it's PC/SC reader name), a pin pad lib correspondends. Some reader/lib
|
||||
* proprietary API for a specific pin pad. For each pin pad reader (identified
|
||||
* by it's PC/SC reader name), a pin pad lib corresponds. Some reader/lib
|
||||
* name pairs are hardcoded, and others can be added in the config file.
|
||||
* Note that there's also a GUI used in this case: if a signature with the
|
||||
* NonRep key is done: a dialog box is shown that asks the user to enter
|
||||
|
@ -381,7 +381,7 @@ static int belpic_set_security_env(sc_card_t *card,
|
|||
|
||||
/* If a NonRep signature will be done, ask to enter a PIN. It would be more
|
||||
* logical to put the code below into the compute signature function because
|
||||
* a Verify Pin call must immediately preceed a Compute Signature call.
|
||||
* a Verify Pin call must immediately precede a Compute Signature call.
|
||||
* It's not done because the Compute Signature is completely ISO7816 compliant
|
||||
* so we use the iso7816_compute_signature() function, and because this function
|
||||
* doesn't know about the key reference.
|
||||
|
|
|
@ -271,7 +271,7 @@ static const cac_cuid_t cac_cac1_cuid = {
|
|||
};
|
||||
|
||||
/*
|
||||
* CAC-1 general objectes defined in 4.3.1.2 of CAC Applet Developer Guide Version 1.0.
|
||||
* CAC-1 general objects defined in 4.3.1.2 of CAC Applet Developer Guide Version 1.0.
|
||||
* doubles as a source for CAC-2 labels.
|
||||
*/
|
||||
static const cac_object_t cac_1_objects[] = {
|
||||
|
@ -326,7 +326,7 @@ static int cac_is_cert(cac_private_data_t * priv, const sc_path_t *in_path)
|
|||
* an internal 4096 byte buffer is used, and a copy is returned to the
|
||||
* caller. that need to be freed by the caller.
|
||||
*
|
||||
* modelled after a similiar function in card-piv.c
|
||||
* modelled after a similar function in card-piv.c
|
||||
*/
|
||||
|
||||
static int cac_apdu_io(sc_card_t *card, int ins, int p1, int p2,
|
||||
|
@ -1066,7 +1066,7 @@ static int cac_select_file_by_type(sc_card_t *card, const sc_path_t *in_path, sc
|
|||
if (cac_is_cert(priv, in_path)) {
|
||||
priv->object_type = CAC_OBJECT_TYPE_CERT;
|
||||
}
|
||||
/* forget any old cacheed values */
|
||||
/* forget any old cached values */
|
||||
if (priv->cache_buf) {
|
||||
free(priv->cache_buf);
|
||||
priv->cache_buf = NULL;
|
||||
|
@ -1148,7 +1148,7 @@ static int cac_select_file_by_type(sc_card_t *card, const sc_path_t *in_path, sc
|
|||
if (r)
|
||||
LOG_FUNC_RETURN(ctx, r);
|
||||
|
||||
/* CAC cards enver return FCI, fake one */
|
||||
/* CAC cards never return FCI, fake one */
|
||||
file = sc_file_new();
|
||||
if (file == NULL)
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
|
||||
|
@ -1256,7 +1256,7 @@ static int cac_parse_cardurl(sc_card_t *card, cac_private_data_t *priv, cac_card
|
|||
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE,"CARDURL: ski_object found");
|
||||
break;
|
||||
default:
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE,"CARDURL: unkown object_object found (type=0x%x)", val->cardApplicationType);
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE,"CARDURL: unknown object_object found (type=0x%x)", val->cardApplicationType);
|
||||
/* don't fail just because there is an unknown object in the CCC */
|
||||
break;
|
||||
}
|
||||
|
@ -1615,7 +1615,7 @@ static int cac_init(sc_card_t *card)
|
|||
}
|
||||
flags = SC_ALGORITHM_RSA_RAW;
|
||||
|
||||
_sc_card_add_rsa_alg(card, 1024, flags, 0); /* manditory */
|
||||
_sc_card_add_rsa_alg(card, 1024, flags, 0); /* mandatory */
|
||||
_sc_card_add_rsa_alg(card, 2048, flags, 0); /* optional */
|
||||
_sc_card_add_rsa_alg(card, 3072, flags, 0); /* optional */
|
||||
|
||||
|
|
|
@ -299,7 +299,7 @@ static const struct sc_card_error cardos_errors[] = {
|
|||
/* no error, maybe a note */
|
||||
{ 0x9000, SC_SUCCESS, NULL},
|
||||
{ 0x9001, SC_SUCCESS, "success, but eeprom weakness detected"},
|
||||
{ 0x9850, SC_SUCCESS, "over/underflow useing in/decrease"}
|
||||
{ 0x9850, SC_SUCCESS, "over/underflow using in/decrease"}
|
||||
};
|
||||
|
||||
static int cardos_check_sw(sc_card_t *card, unsigned int sw1, unsigned int sw2)
|
||||
|
@ -352,7 +352,7 @@ get_next_part:
|
|||
len = apdu.resplen;
|
||||
while (len != 0) {
|
||||
size_t tlen = 0, ilen = 0;
|
||||
/* is there a file informatin block (0x6f) ? */
|
||||
/* is there a file information block (0x6f) ? */
|
||||
p = sc_asn1_find_tag(card->ctx, p, len, 0x6f, &tlen);
|
||||
if (p == NULL) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "directory tag missing");
|
||||
|
@ -372,7 +372,7 @@ get_next_part:
|
|||
buf[fids++] = q[1];
|
||||
buflen -= 2;
|
||||
} else
|
||||
/* not enought space left in buffer => break */
|
||||
/* not enough space left in buffer => break */
|
||||
break;
|
||||
/* extract next offset */
|
||||
q = sc_asn1_find_tag(card->ctx, p, tlen, 0x8a, &ilen);
|
||||
|
@ -893,7 +893,7 @@ cardos_compute_signature(sc_card_t *card, const u8 *data, size_t datalen,
|
|||
/* There are two ways to create a signature, depending on the way,
|
||||
* the key was created: RSA_SIG and RSA_PURE_SIG.
|
||||
* We can use the following reasoning, to determine the correct operation:
|
||||
* 1. We check for several caps flags (as set in card->caps), to pervent generating
|
||||
* 1. We check for several caps flags (as set in card->caps), to prevent generating
|
||||
* invalid signatures with duplicated hash prefixes with some cards
|
||||
* 2. Use the information from AlgorithmInfo of the TokenInfo file.
|
||||
* This information is parsed in set_security_env and stored in a static variable.
|
||||
|
|
|
@ -160,7 +160,7 @@ typedef struct global_platform_cplc_data {
|
|||
u8 ic_personalization_id[4];
|
||||
} global_platform_cplc_data_t;
|
||||
|
||||
/* format of the coolkey_cuid, either contructed from cplc data or read from the combined object */
|
||||
/* format of the coolkey_cuid, either constructed from cplc data or read from the combined object */
|
||||
typedef struct coolkey_cuid {
|
||||
u8 ic_fabricator[2];
|
||||
u8 ic_type[2];
|
||||
|
@ -214,7 +214,7 @@ typedef struct coolkey_decompressed_header {
|
|||
u8 object_offset[2];
|
||||
u8 object_count[2];
|
||||
u8 token_name_length;
|
||||
u8 token_name[255]; /* arbitary size up to token_name_length */
|
||||
u8 token_name[255]; /* arbitrary size up to token_name_length */
|
||||
} coolkey_decompressed_header_t;
|
||||
|
||||
/*
|
||||
|
@ -293,11 +293,11 @@ struct coolkey_fixed_attributes_values {
|
|||
uint32_t cka_always_sensitive:1;
|
||||
uint32_t cka_extractable:1;
|
||||
uint32_t cka_never_extractable:1;
|
||||
uint32_t reseved:8;
|
||||
uint32_t reserved:8;
|
||||
};
|
||||
|
||||
* cka_class is used to determine which booleans are valid. Any attributes in the full attribute list
|
||||
* takes precidence over the fixed attributes. That is if there is a CKA_ID in the full attribute list,
|
||||
* takes precedence over the fixed attributes. That is if there is a CKA_ID in the full attribute list,
|
||||
* The cka_id in the fixed_attributes is ignored. When determining which boolean attribute is valid, the
|
||||
* cka_class in the fixed attributes are used, even if it is overridden by the full attribute list.
|
||||
* valid cka_class values and their corresponding valid bools are as follows:
|
||||
|
@ -658,7 +658,7 @@ coolkey_get_fixed_boolean_bit(CK_ATTRIBUTE_TYPE type)
|
|||
return 0; /* return no bits */
|
||||
}
|
||||
/* This table lets us return a pointer to the CKA_ID value without allocating data or
|
||||
* creating a changable static that could cause thread issues */
|
||||
* creating a changeable static that could cause thread issues */
|
||||
static const u8 coolkey_static_cka_id[16] = {
|
||||
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
};
|
||||
|
@ -860,21 +860,21 @@ struct coolkey_error_codes_st {
|
|||
};
|
||||
|
||||
static const struct coolkey_error_codes_st coolkey_error_codes[]= {
|
||||
{SC_ERROR_UNKNOWN, "Reservered 0x9c00" },
|
||||
{SC_ERROR_UNKNOWN, "Reserved 0x9c00" },
|
||||
{SC_ERROR_NOT_ENOUGH_MEMORY, "No memory left on card" },
|
||||
{SC_ERROR_PIN_CODE_INCORRECT, "Authentication failed" },
|
||||
{SC_ERROR_NOT_ALLOWED, "Operation not allowed" },
|
||||
{SC_ERROR_UNKNOWN, "Reservered 0x9c04" },
|
||||
{SC_ERROR_UNKNOWN, "Reserved 0x9c04" },
|
||||
{SC_ERROR_NO_CARD_SUPPORT, "Unsupported feature" },
|
||||
{SC_ERROR_SECURITY_STATUS_NOT_SATISFIED, "Not authorized" },
|
||||
{SC_ERROR_DATA_OBJECT_NOT_FOUND, "Object not found" },
|
||||
{SC_ERROR_FILE_ALREADY_EXISTS, "Object exists" },
|
||||
{SC_ERROR_NO_CARD_SUPPORT, "Incorrect Algorithm" },
|
||||
{SC_ERROR_UNKNOWN, "Reservered 0x9c0a" },
|
||||
{SC_ERROR_UNKNOWN, "Reserved 0x9c0a" },
|
||||
{SC_ERROR_SM_INVALID_CHECKSUM, "Signature invalid" },
|
||||
{SC_ERROR_AUTH_METHOD_BLOCKED, "Identity blocked" },
|
||||
{SC_ERROR_UNKNOWN, "Reservered 0x9c0d" },
|
||||
{SC_ERROR_UNKNOWN, "Reservered 0x9c0e" },
|
||||
{SC_ERROR_UNKNOWN, "Reserved 0x9c0d" },
|
||||
{SC_ERROR_UNKNOWN, "Reserved 0x9c0e" },
|
||||
{SC_ERROR_INCORRECT_PARAMETERS, "Invalid parameter" },
|
||||
{SC_ERROR_INCORRECT_PARAMETERS, "Incorrect P1" },
|
||||
{SC_ERROR_INCORRECT_PARAMETERS, "Incorrect P2" },
|
||||
|
@ -914,7 +914,7 @@ static int coolkey_check_sw(sc_card_t *card, unsigned int sw1, unsigned int sw2)
|
|||
* an internal 4096 byte buffer is used, and a copy is returned to the
|
||||
* caller. that need to be freed by the caller.
|
||||
*
|
||||
* modelled after a similiar function in card-piv.c. The coolkey version
|
||||
* modelled after a similar function in card-piv.c. The coolkey version
|
||||
* adds the coolkey nonce to user authenticated operations.
|
||||
*/
|
||||
|
||||
|
@ -1134,7 +1134,7 @@ static int coolkey_read_object(sc_card_t *card, unsigned long object_id, size_t
|
|||
if (r < 0) {
|
||||
goto fail;
|
||||
}
|
||||
/* santity check to make sure we don't overflow left */
|
||||
/* sanity check to make sure we don't overflow left */
|
||||
if ((left < len) || (len == 0)) {
|
||||
r = SC_ERROR_INTERNAL;
|
||||
goto fail;
|
||||
|
@ -1903,7 +1903,7 @@ static unsigned short coolkey_get_key_id(unsigned long object_id) {
|
|||
}
|
||||
|
||||
/*
|
||||
* COOLKEY cards don't select objects in the applet, objects are selected by a paramter
|
||||
* COOLKEY cards don't select objects in the applet, objects are selected by a parameter
|
||||
* to the APDU. We create paths for the object in which the path value is the object_id
|
||||
* and the path type is SC_PATH_SELECT_FILE_ID (so we could cache at the PKCS #15 level if
|
||||
* we wanted to.
|
||||
|
@ -2267,7 +2267,7 @@ static int coolkey_init(sc_card_t *card)
|
|||
/* set Token Major/minor version */
|
||||
flags = SC_ALGORITHM_RSA_RAW;
|
||||
|
||||
_sc_card_add_rsa_alg(card, 1024, flags, 0); /* manditory */
|
||||
_sc_card_add_rsa_alg(card, 1024, flags, 0); /* mandatory */
|
||||
_sc_card_add_rsa_alg(card, 2048, flags, 0); /* optional */
|
||||
_sc_card_add_rsa_alg(card, 3072, flags, 0); /* optional */
|
||||
|
||||
|
|
|
@ -128,7 +128,7 @@ H13-H15: 0x0F 0x65 0x81 final phase: tarjeta no operativa
|
|||
* OpenDNIe defines two ATR's for user and finalized card state
|
||||
*/
|
||||
static struct sc_atr_table dnie_atrs[] = {
|
||||
/* TODO: get ATR for uninitalized DNIe */
|
||||
/* TODO: get ATR for uninitialized DNIe */
|
||||
{ /** card activated; normal operation state */
|
||||
"3B:7F:00:00:00:00:6A:44:4E:49:65:00:00:00:00:00:00:03:90:00",
|
||||
"FF:FF:00:FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:FF:FF:FF",
|
||||
|
@ -215,7 +215,7 @@ int dnie_ask_user_consent(struct sc_card * card, const char *title, const char *
|
|||
int n = 0; /* to iterate on to-be-sent messages */
|
||||
#endif
|
||||
int res = SC_ERROR_INTERNAL; /* by default error :-( */
|
||||
char *msg = NULL; /* to makr errors */
|
||||
char *msg = NULL; /* to mark errors */
|
||||
|
||||
if ((card == NULL) || (card->ctx == NULL))
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
|
@ -248,7 +248,7 @@ int dnie_ask_user_consent(struct sc_card * card, const char *title, const char *
|
|||
header_ref = CFStringCreateWithCString( NULL, title, strlen(title) );
|
||||
message_ref = CFStringCreateWithCString( NULL,message, strlen(message) );
|
||||
|
||||
/* Displlay user notification alert */
|
||||
/* Display user notification alert */
|
||||
CFUserNotificationDisplayAlert(
|
||||
0, /* no timeout */
|
||||
kCFUserNotificationNoteAlertLevel, /* Alert level */
|
||||
|
@ -398,8 +398,8 @@ static sc_card_driver_t dnie_driver = {
|
|||
/**
|
||||
* Parse configuration file for dnie parameters.
|
||||
*
|
||||
* DNIe card driver has two main paramaters:
|
||||
* - The name of the user consent Application to be used in Linux. This application shoud be any of pinentry-xxx family
|
||||
* DNIe card driver has two main parameters:
|
||||
* - The name of the user consent Application to be used in Linux. This application should be any of pinentry-xxx family
|
||||
* - A flag to indicate if user consent is to be used in this driver. If false, the user won't be prompted for confirmation on signature operations
|
||||
*
|
||||
* @See ../../etc/opensc.conf for details
|
||||
|
@ -471,7 +471,7 @@ static int dnie_generate_key(sc_card_t * card, void *data)
|
|||
/**
|
||||
* Analyze a buffer looking for provided data pattern.
|
||||
*
|
||||
* Comodity function for dnie_get_info() that searches a byte array
|
||||
* Commodity function for dnie_get_info() that searches a byte array
|
||||
* in provided buffer
|
||||
*
|
||||
* @param card pointer to card info data
|
||||
|
@ -654,7 +654,7 @@ static int dnie_get_serialnr(sc_card_t * card, sc_serial_number_t * serial)
|
|||
/* official driver read 0x11 bytes, but only uses 7. Manual says just 7 (for le) */
|
||||
dnie_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xb8, 0x00, 0x00, 0x07, 0,
|
||||
rbuf, sizeof(rbuf), NULL, 0);
|
||||
apdu.cla = 0x90; /* propietary cmd */
|
||||
apdu.cla = 0x90; /* proprietary cmd */
|
||||
/* send apdu */
|
||||
result = sc_transmit_apdu(card, &apdu);
|
||||
if (result != SC_SUCCESS) {
|
||||
|
@ -915,10 +915,10 @@ static unsigned long le2ulong(u8 * pt)
|
|||
/**
|
||||
* Uncompress data if in compressed format.
|
||||
*
|
||||
* @param card poiner to sc_card_t structure
|
||||
* @param card pointer to sc_card_t structure
|
||||
* @param from buffer to get data from
|
||||
* @param len pointer to buffer length
|
||||
* @return uncompresed or original buffer; len points to new buffer length
|
||||
* @return uncompressed or original buffer; len points to new buffer length
|
||||
* on error return null
|
||||
*/
|
||||
static u8 *dnie_uncompress(sc_card_t * card, u8 * from, size_t *len)
|
||||
|
@ -933,7 +933,7 @@ static u8 *dnie_uncompress(sc_card_t * card, u8 * from, size_t *len)
|
|||
return NULL;
|
||||
LOG_FUNC_CALLED(card->ctx);
|
||||
|
||||
/* if data size not enought for compression header assume uncompressed */
|
||||
/* if data size not enough for compression header assume uncompressed */
|
||||
if (*len < 8)
|
||||
goto compress_exit;
|
||||
/* evaluate compressed an uncompressed sizes (little endian format) */
|
||||
|
@ -1052,7 +1052,7 @@ static int dnie_fill_cache(sc_card_t * card)
|
|||
free(apdu.resp);
|
||||
LOG_FUNC_RETURN(ctx, r); /* arriving here means response error */
|
||||
}
|
||||
/* copy received data into buffer. realloc() if not enought space */
|
||||
/* copy received data into buffer. realloc() if not enough space */
|
||||
count = apdu.resplen;
|
||||
buffer = realloc(buffer, len + count);
|
||||
if (!buffer) {
|
||||
|
@ -1078,7 +1078,7 @@ static int dnie_fill_cache(sc_card_t * card)
|
|||
if (apdu.resp != tmp)
|
||||
free(apdu.resp);
|
||||
if (pt == NULL) {
|
||||
sc_log(ctx, "Uncompress proccess failed");
|
||||
sc_log(ctx, "Uncompress process failed");
|
||||
free(buffer);
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_INTERNAL);
|
||||
}
|
||||
|
@ -1102,10 +1102,10 @@ static int dnie_fill_cache(sc_card_t * card)
|
|||
*
|
||||
* @param card pointer to sc_card_t structure
|
||||
* @param idx offset from card file to ask data for
|
||||
* @param buf where to store readed data. must be non null
|
||||
* @param buf where to store read data. must be non null
|
||||
* @param count number of bytes to read
|
||||
* @param flags. not used
|
||||
* @return number of bytes readed, 0 on EOF, error code on error
|
||||
* @return number of bytes read, 0 on EOF, error code on error
|
||||
*/
|
||||
static int dnie_read_binary(struct sc_card *card,
|
||||
unsigned int idx,
|
||||
|
@ -1211,8 +1211,8 @@ static int dnie_compose_and_send_apdu(sc_card_t *card, const u8 *path, size_t pa
|
|||
* - only handles some types:
|
||||
* -- <strong>SC_PATH_TYPE_FILE_ID</strong> 2-byte long file ID
|
||||
* -- <strong>SC_PATH_TYPE_DF_NAME</strong> named DF's
|
||||
* -- <strong>SC_PATH_TYPE_PARENT</strong> jump to parent DF of current EF/DF - undocummented in DNIe manual
|
||||
* -- other file types are marked as unssupported
|
||||
* -- <strong>SC_PATH_TYPE_PARENT</strong> jump to parent DF of current EF/DF - undocumented in DNIe manual
|
||||
* -- other file types are marked as unsupported
|
||||
*
|
||||
* - Also MF must be addressed by their Name, not their ID
|
||||
* So some magic is needed:
|
||||
|
@ -1333,7 +1333,7 @@ static int dnie_select_file(struct sc_card *card,
|
|||
* No reason to do it, as is needed to do SM handshake...
|
||||
* Also: official driver reads in blocks of 20 bytes.
|
||||
* Why? Manual and iso-7816-4 states that only 8 bytes
|
||||
* are required... so we will obbey Manual
|
||||
* are required... so we will obey Manual
|
||||
*
|
||||
* @param card Pointer to card Structure
|
||||
* @param rnd Where to store challenge
|
||||
|
@ -1640,7 +1640,7 @@ static int dnie_decipher(struct sc_card *card,
|
|||
* and applies
|
||||
*
|
||||
* @param card pointer to sc_card_t structure
|
||||
* @param data data to be hased/signed
|
||||
* @param data data to be hashed/signed
|
||||
* @param datalen length of provided data
|
||||
* @param out buffer to store results into
|
||||
* @param outlen available space in result buffer
|
||||
|
@ -1657,7 +1657,7 @@ static int dnie_compute_signature(struct sc_card *card,
|
|||
struct sc_apdu apdu;
|
||||
u8 rbuf[MAX_RESP_BUFFER_SIZE]; /* to receive sign response */
|
||||
|
||||
/* some preliminar checks */
|
||||
/* some preliminary checks */
|
||||
if ((card == NULL) || (card->ctx == NULL))
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
/* OK: start working */
|
||||
|
@ -1892,7 +1892,7 @@ static int dnie_card_ctl(struct sc_card *card,
|
|||
* the read_binary() file cache work
|
||||
*
|
||||
* Extract real file length from compressed file is done by mean of
|
||||
* reading 8 first bytes for uncompressed/compressed lenght.
|
||||
* reading 8 first bytes for uncompressed/compressed length.
|
||||
* Lengths are provided as two 4-byte little endian numbers
|
||||
*
|
||||
* Implemented just like a direct read binary apdu bypassing dnie file cache
|
||||
|
@ -1942,7 +1942,7 @@ static int dnie_read_header(struct sc_card *card)
|
|||
}
|
||||
|
||||
/**
|
||||
* Access control list bytes for propietary DNIe FCI response for DF's.
|
||||
* Access control list bytes for proprietary DNIe FCI response for DF's.
|
||||
* based in information from official DNIe Driver
|
||||
* Parsing code based on itacns card driver
|
||||
*/
|
||||
|
@ -1953,7 +1953,7 @@ static int df_acl[] = { /* to handle DF's */
|
|||
};
|
||||
|
||||
/**
|
||||
* Access control list bytes for propietary DNIe FCI response for EF's.
|
||||
* Access control list bytes for proprietary DNIe FCI response for EF's.
|
||||
* based in information from official DNIe Driver
|
||||
* Parsing code based on itacns card driver
|
||||
*/
|
||||
|
@ -1968,7 +1968,7 @@ static int ef_acl[] = { /* to handle EF's */
|
|||
*
|
||||
* Parse SelectFile's File Control information.
|
||||
* - First, std iso_parse_fci is called to parse std fci tags
|
||||
* - Then analyze propietary tag according DNIe Manual
|
||||
* - Then analyze proprietary tag according DNIe Manual
|
||||
*
|
||||
* @param card OpenSC card structure pointer
|
||||
* @param file currently selected EF or DF
|
||||
|
@ -2133,7 +2133,7 @@ static int dnie_process_fci(struct sc_card *card,
|
|||
* Not implemented yet, as current availability for DNIe user driver
|
||||
* is unknown
|
||||
*
|
||||
* @param card Pointer to Card Driver data structrure
|
||||
* @param card Pointer to Card Driver data structure
|
||||
* @param data Pointer to Pin data structure
|
||||
* @return SC_SUCCESS if ok; else error code
|
||||
*/
|
||||
|
@ -2191,7 +2191,7 @@ static int dnie_pin_verify(struct sc_card *card,
|
|||
dnie_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x20, 0x00, 0x00, 0, pinlen,
|
||||
NULL, 0, pinbuffer, pinlen);
|
||||
|
||||
/* and send to card throught virtual channel */
|
||||
/* and send to card through virtual channel */
|
||||
res = sc_transmit_apdu(card, &apdu);
|
||||
if (res != SC_SUCCESS) {
|
||||
LOG_TEST_RET(card->ctx, res, "VERIFY APDU Transmit fail");
|
||||
|
@ -2240,7 +2240,7 @@ static int dnie_pin_cmd(struct sc_card *card,
|
|||
|
||||
/*
|
||||
* some flags and settings from documentation
|
||||
* No (easy) way to handle pinpad throught SM, so disable it
|
||||
* No (easy) way to handle pinpad through SM, so disable it
|
||||
*/
|
||||
data->flags &= ~SC_PIN_CMD_NEED_PADDING; /* no pin padding */
|
||||
data->flags &= ~SC_PIN_CMD_USE_PINPAD; /* cannot handle pinpad */
|
||||
|
|
|
@ -619,7 +619,7 @@ static int entersafe_select_path(sc_card_t *card,
|
|||
{
|
||||
if ( pathlen - bMatch == 2 )
|
||||
{
|
||||
/* we are in the rigth directory */
|
||||
/* we are in the right directory */
|
||||
return entersafe_select_fid(card, path[bMatch], path[bMatch+1], file_out);
|
||||
}
|
||||
else if ( pathlen - bMatch > 2 )
|
||||
|
@ -894,9 +894,9 @@ static int entersafe_internal_set_security_env(sc_card_t *card,
|
|||
}
|
||||
|
||||
/**
|
||||
* We don't really set the security envirment,but cache it.It will be set when
|
||||
* We don't really set the security environment,but cache it.It will be set when
|
||||
* security operation is performed later.Because we may transport partial of
|
||||
* the sign/decipher data within the security envirment apdu.
|
||||
* the sign/decipher data within the security environment apdu.
|
||||
*/
|
||||
static int entersafe_set_security_env(sc_card_t *card,
|
||||
const sc_security_env_t *env,
|
||||
|
|
|
@ -1303,7 +1303,7 @@ epass2003_select_fid_(struct sc_card *card, sc_path_t * in_path, sc_file_t ** fi
|
|||
}
|
||||
|
||||
if (path[0] == 0x29) { /* TODO:0x29 accords with FID prefix in profile */
|
||||
/* Not allowed to select prvate key file, so fake fci. */
|
||||
/* Not allowed to select private key file, so fake fci. */
|
||||
/* 62 16 82 02 11 00 83 02 29 00 85 02 08 00 86 08 FF 90 90 90 FF FF FF FF */
|
||||
apdu.resplen = 0x18;
|
||||
memcpy(apdu.resp,
|
||||
|
@ -1480,7 +1480,7 @@ epass2003_select_path(struct sc_card *card, const u8 pathbuf[16], const size_t l
|
|||
|
||||
if (card->cache.valid && bMatch > 2) {
|
||||
if (pathlen - bMatch == 2) {
|
||||
/* we are in the rigth directory */
|
||||
/* we are in the right directory */
|
||||
return epass2003_select_fid(card, path[bMatch], path[bMatch + 1], file_out);
|
||||
}
|
||||
else if (pathlen - bMatch > 2) {
|
||||
|
@ -2696,7 +2696,7 @@ epass2003_pin_cmd(struct sc_card *card, struct sc_pin_cmd_data *data, int *tries
|
|||
|
||||
data->pin1.max_tries = maxtries;
|
||||
}
|
||||
//reomve below code, because the old implement only return PIN retries, now modify the code and return PIN status
|
||||
//remove below code, because the old implement only return PIN retries, now modify the code and return PIN status
|
||||
// return r;
|
||||
}
|
||||
else if (data->cmd == SC_PIN_CMD_UNBLOCK) { /* verify */
|
||||
|
|
|
@ -64,7 +64,7 @@ static struct sc_atr_table flex_atrs[] = {
|
|||
/* 32K e-gate v4 */
|
||||
{ "3B:95:18:40:FF:62:04:01:01:05", NULL, "Cryptoflex 32K e-gate v4", SC_CARD_TYPE_FLEX_CRYPTO, FLAG_KEYGEN, NULL },
|
||||
|
||||
/* new cryptoflex 32k card - atr looks very similiar to old 8k card */
|
||||
/* new cryptoflex 32k card - atr looks very similar to old 8k card */
|
||||
{ "3b:95:15:40:ff:68:01:02:45:47", NULL, "Cryptoflex 32K", SC_CARD_TYPE_FLEX_CRYPTO, FLAG_KEYGEN, NULL },
|
||||
|
||||
{ "3B:E2:00:00:40:20:49:06", NULL, "Cryptoflex", SC_CARD_TYPE_FLEX_CRYPTO, 0, NULL },
|
||||
|
|
|
@ -117,7 +117,7 @@ static struct sc_card_driver gids_drv = {
|
|||
|
||||
struct gids_aid {
|
||||
int enumtag;
|
||||
size_t len_short; /* min lenght without version */
|
||||
size_t len_short; /* min length without version */
|
||||
size_t len_long; /* With version and other stuff */
|
||||
u8 *value;
|
||||
};
|
||||
|
@ -393,7 +393,7 @@ static int gids_read_gidsfile(sc_card_t* card, char *directory, char *filename,
|
|||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,r);
|
||||
}
|
||||
|
||||
// check for the existance of a file
|
||||
// check for the existence of a file
|
||||
static int gids_does_file_exists(sc_card_t *card, char* directory, char* filename) {
|
||||
struct gids_private_data* privatedata = (struct gids_private_data*) card->drv_data;
|
||||
int fileIdentifier, dataObjectIdentifier;
|
||||
|
@ -1768,7 +1768,7 @@ static int gids_initialize(sc_card_t *card, sc_cardctl_gids_init_param_t* param)
|
|||
u8 EveryoneReadAdminWriteAc[] = {0x62,0x0C,0x82,0x01,0x39,0x83,0x02,0xA0,0x12,0x8C,0x03,0x03,0x20,0x00};
|
||||
u8 UserReadWriteAc[] = {0x62,0x0C,0x82,0x01,0x39,0x83,0x02,0xA0,0x13,0x8C,0x03,0x03,0x30,0x30};
|
||||
u8 AdminReadWriteAc[] = {0x62,0x0C,0x82,0x01,0x39,0x83,0x02,0xA0,0x14,0x8C,0x03,0x03,0x20,0x20};
|
||||
// File type=18=key file ; type = symetric key
|
||||
// File type=18=key file ; type = symmetric key
|
||||
u8 AdminKey[] = {0x62,0x1A,0x82,0x01,0x18,0x83,0x02,0xB0,0x80,0x8C,0x04,0x87,0x00,0x20,0xFF,0xA5,
|
||||
0x0B,0xA4,0x09,0x80,0x01,0x02,0x83,0x01,0x80,0x95,0x01,0xC0};
|
||||
// file used to store other file references. Format undocumented.
|
||||
|
|
|
@ -1507,7 +1507,7 @@ gpk_generate_key(sc_card_t *card, struct sc_cardctl_gpk_genkey *args)
|
|||
}
|
||||
|
||||
/*
|
||||
* Store a privat key component
|
||||
* Store a private key component
|
||||
*/
|
||||
static int
|
||||
gpk_pkfile_load(sc_card_t *card, struct sc_cardctl_gpk_pkload *args)
|
||||
|
|
|
@ -253,7 +253,7 @@ iasecc_select_mf(struct sc_card *card, struct sc_file **file_out)
|
|||
struct sc_apdu apdu;
|
||||
unsigned char apdu_resp[SC_MAX_APDU_BUFFER_SIZE];
|
||||
|
||||
/* ISO 'select' command failes when not FCP data returned */
|
||||
/* ISO 'select' command fails when not FCP data returned */
|
||||
sc_format_path("3F00", &path);
|
||||
path.type = SC_PATH_TYPE_FILE_ID;
|
||||
|
||||
|
@ -283,7 +283,7 @@ iasecc_select_mf(struct sc_card *card, struct sc_file **file_out)
|
|||
|
||||
/* Ignore the FCP of the MF, because:
|
||||
* - some cards do not return it;
|
||||
* - there is not need of it -- create/delete of the files in MF is not invisaged.
|
||||
* - there is not need of it -- create/delete of the files in MF is not envisaged.
|
||||
*/
|
||||
mf_file = sc_file_new();
|
||||
if (mf_file == NULL)
|
||||
|
@ -812,7 +812,7 @@ iasecc_emulate_fcp(struct sc_context *ctx, struct sc_apdu *apdu)
|
|||
|
||||
|
||||
/* TODO: redesign using of cache
|
||||
* TODO: do not keep inermediate results in 'file_out' argument */
|
||||
* TODO: do not keep intermediate results in 'file_out' argument */
|
||||
static int
|
||||
iasecc_select_file(struct sc_card *card, const struct sc_path *path,
|
||||
struct sc_file **file_out)
|
||||
|
@ -1747,7 +1747,7 @@ iasecc_set_security_env(struct sc_card *card,
|
|||
LOG_TEST_RET(ctx, rv, "Cannot convert SC_AC_OP_PSO_DECRYPT acl");
|
||||
algo_ref = iasecc_get_algorithm(ctx, env, SC_PKCS15_ALGO_OP_DECIPHER, CKM_RSA_PKCS);
|
||||
if (!algo_ref)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Application do not supports DECHIPHER:RSA_PKCS");
|
||||
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Application do not supports DECIPHER:RSA_PKCS");
|
||||
|
||||
cse_crt_ct[2] = env->key_ref[0] | IASECC_OBJECT_REF_LOCAL;
|
||||
cse_crt_ct[5] = algo_ref; /* IASECC_ALGORITHM_RSA_PKCS_DECRYPT | IASECC_ALGORITHM_SHA1 */
|
||||
|
|
|
@ -141,7 +141,7 @@ static const struct sc_card_error incrypto34_errors[] = {
|
|||
/* no error, maybe a note */
|
||||
{ 0x9000, SC_SUCCESS, NULL},
|
||||
{ 0x9001, SC_SUCCESS, "success, but eeprom weakness detected"},
|
||||
{ 0x9850, SC_SUCCESS, "over/underflow useing in/decrease"}
|
||||
{ 0x9850, SC_SUCCESS, "over/underflow using in/decrease"}
|
||||
};
|
||||
|
||||
static int incrypto34_check_sw(sc_card_t *card, unsigned int sw1, unsigned int sw2)
|
||||
|
|
|
@ -46,7 +46,7 @@ struct isoApplet_drv_data
|
|||
{
|
||||
/* Save the current algorithm reference
|
||||
* (ISOAPPLET_ALG_REF_ECDSA, ISOAPPLET_ALG_REF_RSA_PAD_PKCS1)
|
||||
* to be able to distiguish between RSA and ECC operations.
|
||||
* to be able to distinguish between RSA and ECC operations.
|
||||
* If ECC is being used, the signatures generated by the card
|
||||
* have to be modified. */
|
||||
unsigned int sec_env_alg_ref;
|
||||
|
@ -95,7 +95,7 @@ static struct isoapplet_supported_ec_curves {
|
|||
*
|
||||
* @param[in] card
|
||||
* @param[in] aid The applet ID.
|
||||
* @param[in] aid_len The legth of aid.
|
||||
* @param[in] aid_len The length of aid.
|
||||
* @param[out] resp The response of the applet upon selection.
|
||||
* @param[in,out] resp_len In: The buffer size of resp. Out: The length of the response.
|
||||
*
|
||||
|
@ -125,7 +125,7 @@ isoApplet_select_applet(sc_card_t *card, const u8 *aid, const size_t aid_len, u8
|
|||
apdu.le = 0;
|
||||
|
||||
rv = sc_transmit_apdu(card, &apdu);
|
||||
LOG_TEST_RET(ctx, rv, "APDU transmit faiure.");
|
||||
LOG_TEST_RET(ctx, rv, "APDU transmit failure.");
|
||||
|
||||
rv = sc_check_sw(card, apdu.sw1, apdu.sw2);
|
||||
LOG_TEST_RET(card->ctx, rv, "Card returned error");
|
||||
|
@ -479,7 +479,7 @@ isoApplet_process_fci(sc_card_t *card, sc_file_t *file,
|
|||
}
|
||||
|
||||
/*
|
||||
* @brief Encode the EC parameters as a concatenation of TLV enrties.
|
||||
* @brief Encode the EC parameters as a concatenation of TLV entries.
|
||||
*
|
||||
* The format is:
|
||||
* 81 - prime
|
||||
|
@ -589,7 +589,7 @@ isoApplet_ctl_generate_key(sc_card_t *card, sc_cardctl_isoApplet_genkey_t *args)
|
|||
* There are two cases:
|
||||
* 1) The card can do ext. apdus: The data fits in one apdu.
|
||||
* 2) The card can't do ext. apdus: sc_transmit_apdu will handle that - the
|
||||
* card will send SW_BYTES_REMAINING, OpenSC will automaticall do a
|
||||
* card will send SW_BYTES_REMAINING, OpenSC will automatically do a
|
||||
* GET RESPONSE to get the remaining data, and will append it to the data
|
||||
* buffer. */
|
||||
if(args->algorithm_ref == SC_ISOAPPLET_ALG_REF_EC_GEN)
|
||||
|
@ -1032,7 +1032,7 @@ isoApplet_ctl_import_key(sc_card_t *card, sc_cardctl_isoApplet_import_key_t *arg
|
|||
break;
|
||||
|
||||
default:
|
||||
LOG_TEST_RET(card->ctx, SC_ERROR_NOT_SUPPORTED, "Uknown algorithm refernce.");
|
||||
LOG_TEST_RET(card->ctx, SC_ERROR_NOT_SUPPORTED, "Unknown algorithm reference.");
|
||||
}
|
||||
|
||||
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
||||
|
|
|
@ -510,7 +510,7 @@ static int itacns_get_serialnr(sc_card_t *card, sc_serial_number_t *serial)
|
|||
//Returned file->size should be 16.
|
||||
//We choose to not consider it as critical, because some cards
|
||||
//do not return FCI/FCP templates that include the file size.
|
||||
//Notify abnormal lenght anyway.
|
||||
//Notify abnormal length anyway.
|
||||
if (len != 16) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||
"Unexpected file length of EF_IDCarta (%lu)\n",
|
||||
|
|
|
@ -434,7 +434,7 @@ static int jcop_process_fci(sc_card_t *card, sc_file_t *file,
|
|||
/* Files may be locked by anyone who can MODIFY. */
|
||||
/* opensc seems to think LOCK ACs are only on DFs */
|
||||
/* sa_to_acl(file, SC_AC_OP_LOCK, sa[0] & 0xf); */
|
||||
/* there are seperate SIGN, ENCIPHER, and DECIPHER ACs.
|
||||
/* there are separate SIGN, ENCIPHER, and DECIPHER ACs.
|
||||
I use SIGN for SC_AC_OP_CRYPTO unless it is NEVER, in
|
||||
which case I use DECIPHER */
|
||||
if ((sa[1] & 0xf0) == 0x10)
|
||||
|
|
|
@ -273,7 +273,7 @@ static int masktech_pin_change(sc_card_t *card,
|
|||
change_data.pin2.prompt = data->pin2.prompt;
|
||||
|
||||
rv = iso_ops->pin_cmd(card, &change_data, tries_left);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed - chnage PIN");
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed - change PIN");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -42,7 +42,7 @@ static struct sc_atr_table mcrd_atrs[] = {
|
|||
"D-Trust", SC_CARD_TYPE_MCRD_DTRUST, 0, NULL},
|
||||
{"3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6", NULL,
|
||||
"D-Trust", SC_CARD_TYPE_MCRD_DTRUST, 0, NULL},
|
||||
/* Certain pcsc-lite versions (1.5.3 for example on Ubuntu 10.04) incorrectly trunkate the wram ATR to the length of the cold ATR */
|
||||
/* Certain pcsc-lite versions (1.5.3 for example on Ubuntu 10.04) incorrectly truncate the warm ATR to the length of the cold ATR */
|
||||
/* See opensc.conf for further information */
|
||||
{"3B:FE:94:00:FF:80:B1:FA:45:1F:03:45:73:74:45:49:44:20", NULL, "Broken EstEID 1.1 warm", SC_CARD_TYPE_MCRD_ESTEID_V11, 0, NULL},
|
||||
{"3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43", NULL, "EstEID 1.0 cold", SC_CARD_TYPE_MCRD_ESTEID_V10, 0, NULL},
|
||||
|
@ -517,7 +517,7 @@ static int load_special_files(sc_card_t * card)
|
|||
}
|
||||
|
||||
/* Return the SE number from the keyD for the FID. If ref_data is not
|
||||
NULL the reference data is returned; this shoudl be an array of at
|
||||
NULL the reference data is returned; this should be an array of at
|
||||
least 2 bytes. Returns -1 on error. */
|
||||
static int get_se_num_from_keyd(sc_card_t * card, unsigned short fid,
|
||||
u8 * ref_data)
|
||||
|
@ -1189,7 +1189,7 @@ static int mcrd_restore_se(sc_card_t * card, int se_num)
|
|||
|
||||
|
||||
/* It seems that MICARDO does not fully comply with ISO, so I use
|
||||
values gathered from peeking actual signing opeations using a
|
||||
values gathered from peeking actual signing operations using a
|
||||
different system.
|
||||
It has been generalized [?] and modified by information coming from
|
||||
openpgp card implementation, EstEID 'manual' and some other sources. -mp
|
||||
|
@ -1229,7 +1229,7 @@ static int mcrd_set_security_env(sc_card_t * card,
|
|||
case SC_SEC_OPERATION_DECIPHER:
|
||||
case SC_SEC_OPERATION_DERIVE:
|
||||
sc_log(card->ctx,
|
||||
"Using keyref %d to dechiper\n",
|
||||
"Using keyref %d to decipher\n",
|
||||
env->key_ref[0]);
|
||||
mcrd_restore_se(card, 6);
|
||||
mcrd_delete_ref_to_authkey(card);
|
||||
|
@ -1263,7 +1263,7 @@ static int mcrd_set_security_env(sc_card_t * card,
|
|||
switch (env->operation) {
|
||||
case SC_SEC_OPERATION_DECIPHER:
|
||||
sc_log(card->ctx,
|
||||
"Using keyref %d to dechiper\n",
|
||||
"Using keyref %d to decipher\n",
|
||||
env->key_ref[0]);
|
||||
mcrd_delete_ref_to_authkey(card);
|
||||
mcrd_delete_ref_to_signkey(card);
|
||||
|
@ -1317,7 +1317,7 @@ static int mcrd_set_security_env(sc_card_t * card,
|
|||
fid |= env->file_ref.value[env->file_ref.len - 1];
|
||||
num = get_se_num_from_keyd(card, fid, p);
|
||||
if (num != -1) {
|
||||
/* Need to restore the security environmnet. */
|
||||
/* Need to restore the security environment. */
|
||||
if (num) {
|
||||
r = mcrd_restore_se(card, num);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
|
@ -1436,7 +1436,7 @@ static int mcrd_decipher(struct sc_card *card,
|
|||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS);
|
||||
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||
"Will dervie (%d) for %"SC_FORMAT_LEN_SIZE_T"u (0x%02"SC_FORMAT_LEN_SIZE_T"x) bytes using key %d algorithm %d flags %d\n",
|
||||
"Will derive (%d) for %"SC_FORMAT_LEN_SIZE_T"u (0x%02"SC_FORMAT_LEN_SIZE_T"x) bytes using key %d algorithm %d flags %d\n",
|
||||
env->operation, crgram_len, crgram_len, env->key_ref[0],
|
||||
env->algorithm, env->algorithm_flags);
|
||||
|
||||
|
|
|
@ -241,7 +241,7 @@ static int muscle_update_binary(sc_card_t *card, unsigned int idx, const u8* buf
|
|||
if(buffer == NULL) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY);
|
||||
|
||||
r = msc_read_object(card, objectId, 0, buffer, file->size);
|
||||
/* TODO: RETREIVE ACLS */
|
||||
/* TODO: RETRIEVE ACLS */
|
||||
if(r < 0) goto update_bin_free_buffer;
|
||||
r = msc_delete_object(card, objectId, 0);
|
||||
if(r < 0) goto update_bin_free_buffer;
|
||||
|
@ -602,7 +602,7 @@ static int muscle_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *cmd,
|
|||
|
||||
static int muscle_card_extract_key(sc_card_t *card, sc_cardctl_muscle_key_info_t *info)
|
||||
{
|
||||
/* CURRENTLY DONT SUPPOT EXTRACTING PRIVATE KEYS... */
|
||||
/* CURRENTLY DONT SUPPORT EXTRACTING PRIVATE KEYS... */
|
||||
switch(info->keyType) {
|
||||
case 1: /* RSA */
|
||||
return msc_extract_rsa_public_key(card,
|
||||
|
@ -618,7 +618,7 @@ static int muscle_card_extract_key(sc_card_t *card, sc_cardctl_muscle_key_info_t
|
|||
|
||||
static int muscle_card_import_key(sc_card_t *card, sc_cardctl_muscle_key_info_t *info)
|
||||
{
|
||||
/* CURRENTLY DONT SUPPOT EXTRACTING PRIVATE KEYS... */
|
||||
/* CURRENTLY DONT SUPPORT EXTRACTING PRIVATE KEYS... */
|
||||
switch(info->keyType) {
|
||||
case 0x02: /* RSA_PRIVATE */
|
||||
case 0x03: /* RSA_PRIVATE_CRT */
|
||||
|
@ -721,7 +721,7 @@ static int muscle_decipher(sc_card_t * card,
|
|||
u8 key_id;
|
||||
int r;
|
||||
|
||||
/* saniti check */
|
||||
/* sanity check */
|
||||
if (priv->env.operation != SC_SEC_OPERATION_DECIPHER)
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
|
||||
|
|
|
@ -313,7 +313,7 @@ static int npa_unlock_esign(sc_card_t *card)
|
|||
}
|
||||
r = perform_chip_authentication(card, &ef_cardsecurity, &ef_cardsecurity_len);
|
||||
if ( SC_SUCCESS != r) {
|
||||
sc_log(card->ctx, "Error verifying the chips authenticy.\n");
|
||||
sc_log(card->ctx, "Error verifying the chip's authenticity.\n");
|
||||
}
|
||||
|
||||
sc_log(card->ctx, "Proved Access rights to eSign application with configured key as ST.\n");
|
||||
|
@ -343,7 +343,7 @@ static int npa_init(sc_card_t * card)
|
|||
}
|
||||
|
||||
card->caps |= SC_CARD_CAP_APDU_EXT | SC_CARD_CAP_RNG;
|
||||
/* 1520 bytes is the minimum lenght of the communication buffer in all
|
||||
/* 1520 bytes is the minimum length of the communication buffer in all
|
||||
* Chip/OS variants */
|
||||
card->max_recv_size = 1520;
|
||||
card->max_send_size = 1520;
|
||||
|
@ -382,7 +382,7 @@ static int npa_init(sc_card_t * card)
|
|||
/* unlock the eSign application for reading the certificates
|
||||
* by the PKCS#15 layer (i.e. sc_pkcs15_bind_internal) */
|
||||
if (SC_SUCCESS != npa_unlock_esign(card))
|
||||
sc_log(card->ctx, "Propably not all functionality will be available.\n");
|
||||
sc_log(card->ctx, "Probably not all functionality will be available.\n");
|
||||
|
||||
err:
|
||||
return r;
|
||||
|
@ -757,7 +757,7 @@ static int npa_logout(sc_card_t *card)
|
|||
|
||||
if (card->reader->capabilities & SC_READER_CAP_PACE_GENERIC) {
|
||||
/* If PACE is done between reader and card, SM is transparent to us as
|
||||
* it ends at the reader. With CLA=0x0C we provoque a SM error to
|
||||
* it ends at the reader. With CLA=0x0C we provoke a SM error to
|
||||
* disable SM on the reader. */
|
||||
sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0xA4, 0x00, 0x00);
|
||||
apdu.cla = 0x0C;
|
||||
|
|
|
@ -1593,7 +1593,7 @@ auth_pin_verify_pinpad(struct sc_card *card, int pin_reference, int *tries_left)
|
|||
pin_cmd.flags |= SC_PIN_CMD_NEED_PADDING;
|
||||
|
||||
/* For Oberthur card, PIN command data length has to be 0x40.
|
||||
* In PCSC10 v2.06 the uppler limit of pin.max_length is 8.
|
||||
* In PCSC10 v2.06 the upper limit of pin.max_length is 8.
|
||||
*
|
||||
* The standard sc_build_pin() throws an error when 'pin.len > pin.max_length' .
|
||||
* So, let's build our own APDU.
|
||||
|
@ -1775,7 +1775,7 @@ auth_pin_change(struct sc_card *card, unsigned int type,
|
|||
else if (!data->pin1.len && !data->pin2.len) {
|
||||
/* Oberthur unblock style with PIN pad. */
|
||||
rv = auth_pin_change_pinpad(card, data, tries_left);
|
||||
LOG_TEST_RET(card->ctx, rv, "'PIN CHANGE' failedi: SOPIN verify with pinpad failed");
|
||||
LOG_TEST_RET(card->ctx, rv, "'PIN CHANGE' failed: SOPIN verify with pinpad failed");
|
||||
}
|
||||
else {
|
||||
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, "'PIN CHANGE' failed");
|
||||
|
|
|
@ -1145,7 +1145,7 @@ pgp_select_file(sc_card_t *card, const sc_path_t *path, sc_file_t **ret)
|
|||
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
||||
}
|
||||
|
||||
/* ignore explicitely mentioned MF at the path's beginning */
|
||||
/* ignore explicitly mentioned MF at the path's beginning */
|
||||
path_start = pgp_strip_path(card, path);
|
||||
|
||||
/* starting with the MF ... */
|
||||
|
@ -1155,7 +1155,7 @@ pgp_select_file(sc_card_t *card, const sc_path_t *path, sc_file_t **ret)
|
|||
unsigned int id = bebytes2ushort(path->value + n);
|
||||
int r = pgp_get_blob(card, blob, id, &blob);
|
||||
|
||||
/* This file ID is refered when importing key&certificate via pkcs15init, like above.
|
||||
/* This file ID is referred when importing key&certificate via pkcs15init, like above.
|
||||
* We pretend to successfully find this inexistent file. */
|
||||
if (id == 0x4402 || id == 0x5f48) {
|
||||
if (ret == NULL)
|
||||
|
|
|
@ -175,14 +175,14 @@ typedef struct piv_private_data {
|
|||
int tries_left; /* SC_PIN_CMD_GET_INFO tries_left from last */
|
||||
unsigned int card_issues; /* card_issues flags for this card */
|
||||
int object_test_verify; /* Can test this object to set verification state of card */
|
||||
int yubico_version; /* 3 byte version number of NEO or Ybuikey4 as integer */
|
||||
int yubico_version; /* 3 byte version number of NEO or Yubikey4 as integer */
|
||||
} piv_private_data_t;
|
||||
|
||||
#define PIV_DATA(card) ((piv_private_data_t*)card->drv_data)
|
||||
|
||||
struct piv_aid {
|
||||
int enumtag;
|
||||
size_t len_short; /* min lenght without version */
|
||||
size_t len_short; /* min length without version */
|
||||
size_t len_long; /* With version and other stuff */
|
||||
u8 *value;
|
||||
};
|
||||
|
@ -194,7 +194,7 @@ struct piv_aid {
|
|||
* i.e. "A0 00 00 03 08 00 00 01 00 02 00".
|
||||
* but we don't need the version number. but could get it from the PIX.
|
||||
*
|
||||
* 800-73-3 Part 1 now referes to "01 00" i.e. going back to 800-73-1.
|
||||
* 800-73-3 Part 1 now refers to "01 00" i.e. going back to 800-73-1.
|
||||
* The main differences between 73-1, and 73-3 are the addition of the
|
||||
* key History object and keys, as well as Discovery and Iris objects.
|
||||
* These can be discovered by trying GET DATA
|
||||
|
@ -423,7 +423,7 @@ piv_find_obj_by_containerid(sc_card_t *card, const u8 * str)
|
|||
}
|
||||
|
||||
/*
|
||||
* If ptr == NULL, just return the size of the tag and lenght and data
|
||||
* If ptr == NULL, just return the size of the tag and length and data
|
||||
* otherwise, store tag and length at **ptr, and increment
|
||||
*/
|
||||
|
||||
|
@ -469,7 +469,7 @@ put_tag_and_len(unsigned int tag, size_t len, u8 **ptr)
|
|||
* Send a command and receive data. There is always something to send.
|
||||
* Used by GET DATA, PUT DATA, GENERAL AUTHENTICATE
|
||||
* and GENERATE ASYMMETRIC KEY PAIR.
|
||||
* GET DATA may call to get the first 128 bytes to get the lenght from the tag.
|
||||
* GET DATA may call to get the first 128 bytes to get the length from the tag.
|
||||
*
|
||||
* A caller may provide a buffer, and length to read. If not provided,
|
||||
* an internal 4096 byte buffer is used, and a copy is returned to the
|
||||
|
@ -775,7 +775,7 @@ static int piv_find_aid(sc_card_t * card, sc_file_t *aid_file)
|
|||
|
||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
||||
/* first see if the default applcation will return a template
|
||||
/* first see if the default application will return a template
|
||||
* that we know about.
|
||||
*/
|
||||
|
||||
|
@ -1316,7 +1316,7 @@ piv_write_certificate(sc_card_t *card, const u8* buf, size_t count, unsigned lon
|
|||
p += count;
|
||||
put_tag_and_len(0x71, 1, &p);
|
||||
/* Use 01 as per NIST 800-73-3 */
|
||||
*p++ = (flags)? 0x01:0x00; /* certinfo, i.e. gziped? */
|
||||
*p++ = (flags)? 0x01:0x00; /* certinfo, i.e. gzipped? */
|
||||
put_tag_and_len(0xFE,0,&p); /* LRC tag */
|
||||
|
||||
sc_log(card->ctx, "DEE buf %p len %"SC_FORMAT_LEN_PTRDIFF_T"u %"SC_FORMAT_LEN_SIZE_T"u",
|
||||
|
@ -1336,10 +1336,10 @@ piv_write_certificate(sc_card_t *card, const u8* buf, size_t count, unsigned lon
|
|||
* Note: the select file will have saved the object type for us
|
||||
* Write is used by piv-tool, so we will use flags:
|
||||
* length << 8 | 8bits:
|
||||
* object xxxx0000
|
||||
* uncompresed cert xxx00001
|
||||
* compressed cert xxx10001
|
||||
* pubkey xxxx0010
|
||||
* object xxxx0000
|
||||
* uncompressed cert xxx00001
|
||||
* compressed cert xxx10001
|
||||
* pubkey xxxx0010
|
||||
*
|
||||
* to indicate we are writing a cert and if is compressed
|
||||
* or if we are writing a pubkey in to the cache.
|
||||
|
@ -1438,8 +1438,8 @@ static int piv_write_binary(sc_card_t *card, unsigned int idx,
|
|||
|
||||
/*
|
||||
* Card initialization is NOT standard.
|
||||
* Some cards use mutual or external authentication usings 3des or aes key. We
|
||||
* will read in the key from a file either binary or hex encided.
|
||||
* Some cards use mutual or external authentication using 3des or aes key. We
|
||||
* will read in the key from a file either binary or hex encoded.
|
||||
* This is only needed during initialization/personalization of the card
|
||||
*/
|
||||
|
||||
|
@ -1532,7 +1532,7 @@ static int piv_get_key(sc_card_t *card, unsigned int alg_id, u8 **key, size_t *l
|
|||
r = SC_ERROR_OUT_OF_MEMORY;
|
||||
goto err;
|
||||
}
|
||||
keybuf[fsize] = 0x00; /* incase it is text need null */
|
||||
keybuf[fsize] = 0x00; /* in case it is text need null */
|
||||
|
||||
if (fread(keybuf, 1, fsize, f) != fsize) {
|
||||
sc_log(card->ctx, " Unable to read key\n");
|
||||
|
@ -1639,7 +1639,7 @@ static int piv_general_mutual_authenticate(sc_card_t *card,
|
|||
|
||||
r = piv_get_key(card, alg_id, &key, &keylen);
|
||||
if (r) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Error getting General Auth key\n");
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Error getting General Auth key\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
@ -1919,7 +1919,7 @@ static int piv_general_external_authenticate(sc_card_t *card,
|
|||
|
||||
r = piv_get_key(card, alg_id, &key, &keylen);
|
||||
if (r) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Error geting General Auth key\n");
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Error getting General Auth key\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
@ -2127,7 +2127,7 @@ piv_get_serial_nr_from_CHUI(sc_card_t* card, sc_serial_number_t* serial)
|
|||
fascn, fascnlen, guid, guidlen, gbits);
|
||||
|
||||
if (fascn && fascnlen == 25) {
|
||||
/* test if guid and the fascn starts with ;9999 (in ISO 4bit + partiy code) */
|
||||
/* test if guid and the fascn starts with ;9999 (in ISO 4bit + parity code) */
|
||||
if (!(gbits && fascn[0] == 0xD4 && fascn[1] == 0xE7
|
||||
&& fascn[2] == 0x39 && (fascn[3] | 0x7F) == 0xFF)) {
|
||||
serial->len = fascnlen < SC_MAX_SERIALNR ? fascnlen : SC_MAX_SERIALNR;
|
||||
|
@ -2204,7 +2204,7 @@ static int piv_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr)
|
|||
return piv_general_external_authenticate(card,
|
||||
*(opts+1), *(opts+2));
|
||||
break;
|
||||
case'M':
|
||||
case 'M':
|
||||
return piv_general_mutual_authenticate(card,
|
||||
*(opts+1), *(opts+2));
|
||||
break;
|
||||
|
@ -2255,7 +2255,7 @@ static int piv_get_challenge(sc_card_t *card, u8 *rnd, size_t len)
|
|||
while (len > 0) {
|
||||
size_t n = len > 8 ? 8 : len;
|
||||
|
||||
/* NIST 800-73-3 says use 9B, previous verisons used 00 */
|
||||
/* NIST 800-73-3 says use 9B, previous versions used 00 */
|
||||
r = piv_general_io(card, 0x87, 0x00, 0x9B, sbuf, p - sbuf, &rbuf, &rbuflen);
|
||||
if (r < 0) {
|
||||
sc_unlock(card);
|
||||
|
@ -2523,7 +2523,7 @@ static int piv_select_file(sc_card_t *card, const sc_path_t *in_path,
|
|||
|
||||
/* only support single EF in current application */
|
||||
/*
|
||||
* PIV emulates files, and only does so becauses sc_pkcs15_* uses
|
||||
* PIV emulates files, and only does so because sc_pkcs15_* uses
|
||||
* select_file and read_binary. The emulation adds path emulated structures
|
||||
* so piv_select_file will find it.
|
||||
* there is no dir. Only direct access to emulated files
|
||||
|
@ -2791,7 +2791,7 @@ piv_process_history(sc_card_t *card)
|
|||
}
|
||||
}
|
||||
else {
|
||||
sc_log(card->ctx, "Problem with Histroy object\n");
|
||||
sc_log(card->ctx, "Problem with History object\n");
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
@ -3098,7 +3098,7 @@ static int piv_match_card_continued(sc_card_t *card)
|
|||
priv->tries_left = 10; /* will assume OK at start */
|
||||
priv->pstate = PIV_STATE_MATCH;
|
||||
|
||||
/* Some objects will only be present if Histroy object says so */
|
||||
/* Some objects will only be present if History object says so */
|
||||
for (i=0; i < PIV_OBJ_LAST_ENUM -1; i++)
|
||||
if(piv_objects[i].flags & PIV_OBJECT_NOT_PRESENT)
|
||||
priv->obj_cache[i].flags |= PIV_OBJ_CACHE_NOT_PRESENT;
|
||||
|
@ -3270,7 +3270,7 @@ static int piv_init(sc_card_t *card)
|
|||
|
||||
flags = SC_ALGORITHM_RSA_RAW;
|
||||
|
||||
_sc_card_add_rsa_alg(card, 1024, flags, 0); /* manditory */
|
||||
_sc_card_add_rsa_alg(card, 1024, flags, 0); /* mandatory */
|
||||
_sc_card_add_rsa_alg(card, 2048, flags, 0); /* optional */
|
||||
_sc_card_add_rsa_alg(card, 3072, flags, 0); /* optional */
|
||||
|
||||
|
@ -3288,9 +3288,9 @@ static int piv_init(sc_card_t *card)
|
|||
* 800-73-3 cards may have a history object and/or a discovery object
|
||||
* We want to process them now as this has information on what
|
||||
* keys and certs the card has and how the pin might be used.
|
||||
* If they fail, ignore it there are optional and introdced in
|
||||
* If they fail, ignore it there are optional and introduced in
|
||||
* NIST 800-73-3 and NIST 800-73-2 so some older cards may
|
||||
* not handle the requets.
|
||||
* not handle the request.
|
||||
*/
|
||||
piv_process_history(card);
|
||||
|
||||
|
@ -3373,7 +3373,7 @@ piv_check_protected_objects(sc_card_t *card)
|
|||
* If we can't determine the security state from this process,
|
||||
* set card_issues CI_CANT_USE_GETDATA_FOR_STATE
|
||||
* and return SC_ERROR_PIN_CODE_INCORRECT
|
||||
* The curcomvention is to add a dummy Printed Info object in the card.
|
||||
* The circumvention is to add a dummy Printed Info object in the card.
|
||||
* so we will have an object to test.
|
||||
*
|
||||
* We save the object's number to use in the future.
|
||||
|
@ -3473,7 +3473,7 @@ piv_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, int *tries_left)
|
|||
* to avoid any interference from other applications.
|
||||
* Sc_unlock will be called at a later time after the next card command
|
||||
* that should be a crypto operation. If its not then it is a error by the
|
||||
* calling appication.
|
||||
* calling application.
|
||||
*/
|
||||
if (data->cmd == SC_PIN_CMD_VERIFY && data->pin_type == SC_AC_CONTEXT_SPECIFIC) {
|
||||
priv->context_specific = 1;
|
||||
|
@ -3502,7 +3502,7 @@ piv_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, int *tries_left)
|
|||
priv->pin_cmd_verify = 0;
|
||||
}
|
||||
|
||||
/* If verify worked, we are loged_in */
|
||||
/* If verify worked, we are logged_in */
|
||||
if (data->cmd == SC_PIN_CMD_VERIFY) {
|
||||
if (r >= 0)
|
||||
priv->logged_in = SC_PIN_STATE_LOGGED_IN;
|
||||
|
@ -3564,7 +3564,7 @@ static int piv_logout(sc_card_t *card)
|
|||
* processes, and they may have taken action already
|
||||
* and changed the AID and or may have sent a VERIFY with PIN
|
||||
* So test the state of the card.
|
||||
* this is very similiar to what the piv_match routtine does,
|
||||
* this is very similar to what the piv_match routine does,
|
||||
*/
|
||||
|
||||
static int piv_card_reader_lock_obtained(sc_card_t *card, int was_reset)
|
||||
|
@ -3584,10 +3584,10 @@ static int piv_card_reader_lock_obtained(sc_card_t *card, int was_reset)
|
|||
goto err;
|
||||
}
|
||||
|
||||
/* can we detect and then select the PIV AID without losinig the login state? */
|
||||
/* can we detect and then select the PIV AID without losing the login state? */
|
||||
if ((priv->card_issues & CI_DISCOVERY_USELESS)
|
||||
&& (priv->card_issues & CI_PIV_AID_LOSE_STATE)) {
|
||||
r = 0; /* do nothing, hope card was not interferred with */
|
||||
r = 0; /* do nothing, hope card was not interfered with */
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
|
|
@ -405,7 +405,7 @@ static int setcos_pin_index_44(int *pins, int len, int pin)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/* The ACs are allways for the SETEC_LCSI_ACTIVATED state, even if
|
||||
/* The ACs are always for the SETEC_LCSI_ACTIVATED state, even if
|
||||
* we have to create the file in the SC_FILE_STATUS_INITIALISATION state. */
|
||||
static int setcos_create_file_44(sc_card_t *card, sc_file_t *file)
|
||||
{
|
||||
|
@ -485,7 +485,7 @@ static int setcos_create_file_44(sc_card_t *card, sc_file_t *file)
|
|||
}
|
||||
}
|
||||
|
||||
/* Add the commands that are allways allowed */
|
||||
/* Add the commands that are always allowed */
|
||||
if (bCommands_always) {
|
||||
bBuf[len++] = 1;
|
||||
bBuf[len++] = bCommands_always;
|
||||
|
@ -499,7 +499,7 @@ static int setcos_create_file_44(sc_card_t *card, sc_file_t *file)
|
|||
else
|
||||
bBuf[len++] = pins[i] & 0x07; /* pin ref */
|
||||
}
|
||||
/* Add ommands that require the key */
|
||||
/* Add commands that require the key */
|
||||
if (bCommands_key) {
|
||||
bBuf[len++] = 2 | 0x20; /* indicate keyNumber present */
|
||||
bBuf[len++] = bCommands_key;
|
||||
|
@ -786,7 +786,7 @@ static void parse_sec_attr_44(sc_file_t *file, const u8 *buf, size_t len)
|
|||
int iOperation;
|
||||
const int* p_idx;
|
||||
|
||||
/* Check all sub-AC definitions whitin the total AC */
|
||||
/* Check all sub-AC definitions within the total AC */
|
||||
while (len > 1) { /* minimum length = 2 */
|
||||
int iACLen = buf[iOffset] & 0x0F;
|
||||
|
||||
|
@ -1038,7 +1038,7 @@ static int setcos_generate_store_key(sc_card_t *card,
|
|||
|
||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
||||
/* Setup key-generation paramters */
|
||||
/* Setup key-generation parameters */
|
||||
len = 0;
|
||||
if (data->op_type == OP_TYPE_GENERATE)
|
||||
sbuf[len++] = 0x92; /* algo ID: RSA CRT */
|
||||
|
|
|
@ -734,7 +734,7 @@ static int starcos_select_file(sc_card_t *card,
|
|||
if ( card->cache.valid && bMatch >= 0 )
|
||||
{
|
||||
if ( pathlen - bMatch == 2 )
|
||||
/* we are in the rigth directory */
|
||||
/* we are in the right directory */
|
||||
return starcos_select_fid(card, path[bMatch], path[bMatch+1], file_out, 1);
|
||||
else if ( pathlen - bMatch > 2 )
|
||||
{
|
||||
|
@ -821,9 +821,9 @@ static u8 process_acl_entry(sc_file_t *in, unsigned int method, unsigned int in_
|
|||
* \param card pointer to the sc_card object
|
||||
* \param file pointer to the sc_file object
|
||||
* \param data pointer to a sc_starcos_create_data structure
|
||||
* \return SC_SUCCESS if no error occured otherwise error code
|
||||
* \return SC_SUCCESS if no error occurred otherwise error code
|
||||
*
|
||||
* This function tries to create a somewhat useable Starcos spk 2.3 acl
|
||||
* This function tries to create a somewhat usable Starcos spk 2.3 acl
|
||||
* from the OpenSC internal acl (storing the result in the supplied
|
||||
* sc_starcos_create_data structure).
|
||||
*/
|
||||
|
@ -1067,7 +1067,7 @@ static int starcos_create_ef(sc_card_t *card, sc_starcos_create_data *data)
|
|||
* \param file pointer to a sc_file object
|
||||
* \return SC_SUCCESS or error code
|
||||
*
|
||||
* This function finishs the creation of a DF (or MF) and activates
|
||||
* This function finishes the creation of a DF (or MF) and activates
|
||||
* the ACs.
|
||||
*/
|
||||
static int starcos_create_end(sc_card_t *card, sc_file_t *file)
|
||||
|
|
|
@ -40,7 +40,7 @@ static struct sc_atr_table tcos_atrs[] = {
|
|||
{ "3B:BA:14:00:81:31:86:5D:00:64:05:14:02:02:31:80:90:00:91", NULL, NULL, SC_CARD_TYPE_TCOS_V2, 0, NULL },
|
||||
/* Infineon SLE66CX320P */
|
||||
{ "3B:BA:96:00:81:31:86:5D:00:64:05:60:02:03:31:80:90:00:66", NULL, NULL, SC_CARD_TYPE_TCOS_V2, 0, NULL },
|
||||
/* Infoneon SLE66CX322P */
|
||||
/* Infineon SLE66CX322P */
|
||||
{ "3B:BA:96:00:81:31:86:5D:00:64:05:7B:02:03:31:80:90:00:7D", NULL, NULL, SC_CARD_TYPE_TCOS_V2, 0, NULL },
|
||||
/* Philips P5CT072 */
|
||||
{ "3B:BF:96:00:81:31:FE:5D:00:64:04:11:03:01:31:C0:73:F7:01:D0:00:90:00:7D", NULL, NULL, SC_CARD_TYPE_TCOS_V3, 0, NULL },
|
||||
|
|
|
@ -349,7 +349,7 @@ static int westcos_process_fci(sc_card_t * card, sc_file_t * file,
|
|||
file->ef_structure = SC_FILE_EF_CYCLIC;
|
||||
break;
|
||||
default:
|
||||
type = "unknow";
|
||||
type = "unknown";
|
||||
}
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||
" type: %s\n", type);
|
||||
|
@ -452,7 +452,7 @@ static int _convertion_ac_methode(sc_file_t * file, int low,
|
|||
acl = sc_file_get_acl_entry(file, operation);
|
||||
if (acl == NULL) {
|
||||
|
||||
/* par defaut always */
|
||||
/* per default always */
|
||||
*buf = 0xff;
|
||||
*buf_key = 0x00;
|
||||
return 0;
|
||||
|
|
|
@ -138,7 +138,7 @@ size_t sc_get_max_recv_size(const sc_card_t *card)
|
|||
}
|
||||
max_recv_size = card->max_recv_size;
|
||||
|
||||
/* initialize max_recv_size to a meaningfull value */
|
||||
/* initialize max_recv_size to a meaningful value */
|
||||
if (card->caps & SC_CARD_CAP_APDU_EXT) {
|
||||
if (!max_recv_size)
|
||||
max_recv_size = 65536;
|
||||
|
@ -165,7 +165,7 @@ size_t sc_get_max_send_size(const sc_card_t *card)
|
|||
|
||||
max_send_size = card->max_send_size;
|
||||
|
||||
/* initialize max_send_size to a meaningfull value */
|
||||
/* initialize max_send_size to a meaningful value */
|
||||
if (card->caps & SC_CARD_CAP_APDU_EXT
|
||||
&& card->reader->active_protocol != SC_PROTO_T0) {
|
||||
if (!max_send_size)
|
||||
|
@ -303,7 +303,7 @@ int sc_connect_card(sc_reader_t *reader, sc_card_t **card_out)
|
|||
if (card->name == NULL)
|
||||
card->name = card->driver->name;
|
||||
|
||||
/* initialize max_send_size/max_recv_size to a meaningfull value */
|
||||
/* initialize max_send_size/max_recv_size to a meaningful value */
|
||||
card->max_recv_size = sc_get_max_recv_size(card);
|
||||
card->max_send_size = sc_get_max_send_size(card);
|
||||
|
||||
|
|
|
@ -155,7 +155,7 @@ enum {
|
|||
SC_CARDCTL_RUTOKEN_GENERATE_KEY_DO,
|
||||
SC_CARDCTL_RUTOKEN_DELETE_DO,
|
||||
SC_CARDCTL_RUTOKEN_GET_INFO,
|
||||
/* NON STANDART */
|
||||
/* NON STANDARD */
|
||||
SC_CARDCTL_RUTOKEN_GET_DO_INFO,
|
||||
SC_CARDCTL_RUTOKEN_GOST_ENCIPHER,
|
||||
SC_CARDCTL_RUTOKEN_GOST_DECIPHER,
|
||||
|
@ -1023,7 +1023,7 @@ typedef struct sc_cardctl_isoApplet_ec_parameters {
|
|||
|
||||
typedef struct sc_cardctl_isoApplet_genkey {
|
||||
u8 algorithm_ref; /* Algorithm reference sent to card */
|
||||
unsigned int priv_key_ref; /* Private key refernce sent to card */
|
||||
unsigned int priv_key_ref; /* Private key reference sent to card */
|
||||
union {
|
||||
struct
|
||||
{
|
||||
|
@ -1040,7 +1040,7 @@ typedef struct sc_cardctl_isoApplet_genkey {
|
|||
|
||||
typedef struct sc_cardctl_isoApplet_import_key {
|
||||
u8 algorithm_ref; /* Algorithm reference sent to card */
|
||||
unsigned int priv_key_ref; /* Private key refernce sent to card */
|
||||
unsigned int priv_key_ref; /* Private key reference sent to card */
|
||||
union {
|
||||
struct
|
||||
{
|
||||
|
@ -1084,7 +1084,7 @@ typedef struct sc_cardctl_coolkey_attribute {
|
|||
typedef struct sc_cardctl_coolkey_find_object {
|
||||
int type; /* in parameter */
|
||||
unsigned long find_id; /* in parameter */
|
||||
sc_cardctl_coolkey_attribute_t *coolkey_template; /* in paramter */
|
||||
sc_cardctl_coolkey_attribute_t *coolkey_template; /* in parameter */
|
||||
int template_count; /* in parameter */
|
||||
sc_cardctl_coolkey_object_t *obj; /* out parameter */
|
||||
} sc_cardctl_coolkey_find_object_t;
|
||||
|
|
|
@ -107,7 +107,7 @@
|
|||
#define CTBCS_P2_INPUT_ASTERISKS 0x02 /* Echo input as asterisks */
|
||||
|
||||
/*
|
||||
* Tags for paramaters to input, output et al.
|
||||
* Tags for parameters to input, output et al.
|
||||
*/
|
||||
#define CTBCS_TAG_PROMPT 0x50
|
||||
#define CTBCS_TAG_VERIFY_CMD 0x52
|
||||
|
@ -143,9 +143,9 @@
|
|||
*/
|
||||
#define CTBCS_SW1_RESET_CT_OK 0x90 /* Reset CT successful */
|
||||
#define CTBCS_SW2_RESET_CT_OK 0x00
|
||||
#define CTBCS_SW1_RESET_SYNC_OK 0x90 /* Synchoronous ICC, */
|
||||
#define CTBCS_SW1_RESET_SYNC_OK 0x90 /* Synchronous ICC, */
|
||||
#define CTBCS_SW2_RESET_SYNC_OK 0x00 /* reset successful */
|
||||
#define CTBCS_SW1_RESET_ASYNC_OK 0x90 /* Asynchoronous ICC, */
|
||||
#define CTBCS_SW1_RESET_ASYNC_OK 0x90 /* Asynchronous ICC, */
|
||||
#define CTBCS_SW2_RESET_ASYNC_OK 0x01 /* reset successful */
|
||||
#define CTBCS_SW1_RESET_ERROR 0x64 /* Reset not successful */
|
||||
#define CTBCS_SW2_RESET_ERROR 0x00
|
||||
|
@ -153,9 +153,9 @@
|
|||
/*
|
||||
* Return codes for Request ICC
|
||||
*/
|
||||
#define CTBCS_SW1_REQUEST_SYNC_OK 0x90 /* Synchoronous ICC, */
|
||||
#define CTBCS_SW1_REQUEST_SYNC_OK 0x90 /* Synchronous ICC, */
|
||||
#define CTBCS_SW2_REQUEST_SYNC_OK 0x00 /* reset successful */
|
||||
#define CTBCS_SW1_REQUEST_ASYNC_OK 0x90 /* Asynchoronous ICC, */
|
||||
#define CTBCS_SW1_REQUEST_ASYNC_OK 0x90 /* Asynchronous ICC, */
|
||||
#define CTBCS_SW2_REQUEST_ASYNC_OK 0x01 /* reset successful */
|
||||
#define CTBCS_SW1_REQUEST_NO_CARD 0x62 /* No card present */
|
||||
#define CTBCS_SW2_REQUEST_NO_CARD 0x00
|
||||
|
@ -169,9 +169,9 @@
|
|||
/*
|
||||
* Return codes for Eject ICC
|
||||
*/
|
||||
#define CTBCS_SW1_EJECT_OK 0x90 /* Command succesful, */
|
||||
#define CTBCS_SW1_EJECT_OK 0x90 /* Command successful, */
|
||||
#define CTBCS_SW2_EJECT_OK 0x00
|
||||
#define CTBCS_SW1_EJECT_REMOVED 0x90 /* Command succesful, */
|
||||
#define CTBCS_SW1_EJECT_REMOVED 0x90 /* Command successful, */
|
||||
#define CTBCS_SW2_EJECT_REMOVED 0x01 /* Card removed */
|
||||
#define CTBCS_SW1_EJECT_NOT_REMOVED 0x62 /* Card not removed */
|
||||
#define CTBCS_SW2_EJECT_NOT_REMOVED 0x00
|
||||
|
|
|
@ -448,7 +448,7 @@ static void *load_dynamic_driver(sc_context_t *ctx, void **dll, const char *name
|
|||
const char *(*modversion)(void) = NULL;
|
||||
const char *(**tmodv)(void) = &modversion;
|
||||
|
||||
if (name == NULL) { /* should not occurr, but... */
|
||||
if (name == NULL) { /* should not occur, but... */
|
||||
sc_log(ctx, "No module specified");
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -314,7 +314,7 @@ int dnie_read_file(sc_card_t * card,
|
|||
goto dnie_read_file_end;
|
||||
}
|
||||
fsize = (*file)->size;
|
||||
/* reserve enought space to read data from card */
|
||||
/* reserve enough space to read data from card */
|
||||
if (fsize <= 0) {
|
||||
res = SC_ERROR_FILE_TOO_SMALL;
|
||||
msg = "provided buffer size is too small";
|
||||
|
@ -330,7 +330,7 @@ int dnie_read_file(sc_card_t * card,
|
|||
sc_log(ctx, "read_binary(): expected '%"SC_FORMAT_LEN_SIZE_T"u' bytes",
|
||||
fsize);
|
||||
res = sc_read_binary(card, 0, data, fsize, 0L);
|
||||
if (res < 0) { /* read_binary returns number of bytes readed */
|
||||
if (res < 0) { /* read_binary returns number of bytes read */
|
||||
res = SC_ERROR_CARD_CMD_FAILED;
|
||||
msg = "read_binary() failed";
|
||||
goto dnie_read_file_err;
|
||||
|
@ -361,7 +361,7 @@ int dnie_read_file(sc_card_t * card,
|
|||
* No validation is done except that received data is effectively a certificate
|
||||
* @param card Pointer to card driver structure
|
||||
* @param certpat path to requested certificate
|
||||
* @param cert where to store resultig data
|
||||
* @param cert where to store resulting data
|
||||
* @return SC_SUCCESS if ok, else error code
|
||||
*/
|
||||
static int dnie_read_certificate(sc_card_t * card, char *certpath, X509 ** cert)
|
||||
|
@ -436,7 +436,7 @@ static int dnie_get_root_ca_pubkey(sc_card_t * card, EVP_PKEY ** root_ca_key)
|
|||
EVP_PKEY_free(*root_ca_key);
|
||||
if (root_ca_rsa)
|
||||
RSA_free(root_ca_rsa);
|
||||
sc_log(card->ctx, "Cannot set RSA valuses for CA public key");
|
||||
sc_log(card->ctx, "Cannot set RSA values for CA public key");
|
||||
return SC_ERROR_INTERNAL;
|
||||
}
|
||||
|
||||
|
@ -457,7 +457,7 @@ static int dnie_get_root_ca_pubkey(sc_card_t * card, EVP_PKEY ** root_ca_key)
|
|||
* (in CardVerifiable Certificate format) to be sent to the
|
||||
* card in External Authentication process
|
||||
* As this is local provider, just points to provided static data,
|
||||
* and allways return success
|
||||
* and always return success
|
||||
*
|
||||
* @param card Pointer to card driver Certificate
|
||||
* @param cert Where to store resulting byte array
|
||||
|
@ -479,7 +479,7 @@ static int dnie_get_cvc_ca_cert(sc_card_t * card, u8 ** cert, size_t * length)
|
|||
* (in CardVerifiable Certificate format) to be sent to the
|
||||
* card in External Authentication process
|
||||
* As this is local provider, just points to provided static data,
|
||||
* and allways return success
|
||||
* and always return success
|
||||
*
|
||||
* @param card Pointer to card driver Certificate
|
||||
* @param cert Where to store resulting byte array
|
||||
|
@ -502,7 +502,7 @@ static int dnie_get_cvc_ifd_cert(sc_card_t * card, u8 ** cert, size_t * length)
|
|||
* (in CardVerifiable Certificate format) to be sent to the
|
||||
* card in External Authentication process
|
||||
* As this is local provider, just points to provided static data,
|
||||
* and allways return success
|
||||
* and always return success
|
||||
*
|
||||
* @param card Pointer to card driver Certificate
|
||||
* @param cert Where to store resulting byte array
|
||||
|
@ -651,7 +651,7 @@ static int dnie_get_root_ca_pubkey_ref(sc_card_t * card, u8 ** buf,
|
|||
* Retrieve public key reference for intermediate CA to validate IFD cert.
|
||||
*
|
||||
* This is required in the process of On card external authenticate
|
||||
* As this driver is for local SM authentication SC_SUCCESS is allways returned
|
||||
* As this driver is for local SM authentication SC_SUCCESS is always returned
|
||||
*
|
||||
* @param card Pointer to card driver structure
|
||||
* @param buf where to store resulting key reference
|
||||
|
@ -671,7 +671,7 @@ static int dnie_get_intermediate_ca_pubkey_ref(sc_card_t * card, u8 ** buf,
|
|||
*
|
||||
* This tells the card with in memory key reference is to be used
|
||||
* when CVC cert is sent for external auth procedure
|
||||
* As this driver is for local SM authentication SC_SUCCESS is allways returned
|
||||
* As this driver is for local SM authentication SC_SUCCESS is always returned
|
||||
*
|
||||
* @param card pointer to card driver structure
|
||||
* @param buf where to store data to be sent
|
||||
|
@ -690,7 +690,7 @@ static int dnie_get_ifd_pubkey_ref(sc_card_t * card, u8 ** buf, size_t * len)
|
|||
*
|
||||
* This tells the card with in memory key reference is to be used
|
||||
* when CVC cert is sent for external auth procedure
|
||||
* As this driver is for local SM authentication SC_SUCCESS is allways returned
|
||||
* As this driver is for local SM authentication SC_SUCCESS is always returned
|
||||
*
|
||||
* @param card pointer to card driver structure
|
||||
* @param buf where to store data to be sent
|
||||
|
@ -708,7 +708,7 @@ static int dnie_get_ifd_pubkey_ref_pin(sc_card_t * card, u8 ** buf, size_t * len
|
|||
/**
|
||||
* Retrieve key reference for ICC privkey.
|
||||
*
|
||||
* In local SM stablishment, just retrieve key reference from static
|
||||
* In local SM establishment, just retrieve key reference from static
|
||||
* data tables and just return success
|
||||
*
|
||||
* @param card pointer to card driver structure
|
||||
|
@ -772,7 +772,7 @@ static int dnie_get_sn_icc(sc_card_t * card)
|
|||
struct sm_cwa_session * sm = &card->sm_ctx.info.session.cwa;
|
||||
|
||||
res = sc_card_ctl(card, SC_CARDCTL_GET_SERIALNR, &serial);
|
||||
LOG_TEST_RET(card->ctx, res, "Error in gettting serial number");
|
||||
LOG_TEST_RET(card->ctx, res, "Error in getting serial number");
|
||||
/* copy into sn_icc buffer.Remember that dnie sn has 7 bytes length */
|
||||
memset(sm->icc.sn, 0, sizeof(sm->icc.sn));
|
||||
memcpy(&sm->icc.sn[1], serial.value, 7);
|
||||
|
|
|
@ -51,7 +51,7 @@
|
|||
* according to iso7816-4 sect 5.2.2.
|
||||
*
|
||||
* Notice that current implementation does not handle properly
|
||||
* multibyte tag id. Just asume that tag is 1-byte length
|
||||
* multibyte tag id. Just assume that tag is 1-byte length
|
||||
* Also, encodings for data length longer than 0x01000000 bytes
|
||||
* are not supported (tag 0x84)
|
||||
*/
|
||||
|
@ -135,7 +135,7 @@ static int cwa_increase_ssc(sc_card_t * card)
|
|||
*
|
||||
* Adds an 0x80 at the end of buffer and as many zeroes to get len
|
||||
* multiple of 8
|
||||
* Buffer must be long enougth to store additional bytes
|
||||
* Buffer must be long enough to store additional bytes
|
||||
*
|
||||
* @param buffer where to compose data
|
||||
* @param len pointer to buffer length
|
||||
|
@ -151,10 +151,10 @@ static void cwa_iso7816_padding(u8 * buf, size_t * buflen)
|
|||
/**
|
||||
* compose a BER-TLV data in provided buffer.
|
||||
*
|
||||
* Multybyte tag id are not supported
|
||||
* Multibyte tag id are not supported
|
||||
* Also multibyte id 0x84 is unhandled
|
||||
*
|
||||
* Notice that TLV is composed starting at offset lenght from
|
||||
* Notice that TLV is composed starting at offset length from
|
||||
* the buffer. Consecutive calls to cwa_add_tlv, appends a new
|
||||
* TLV at the end of the buffer
|
||||
*
|
||||
|
@ -176,7 +176,7 @@ static int cwa_compose_tlv(sc_card_t * card,
|
|||
/* preliminary checks */
|
||||
if (!card || !card->ctx || !out || !outlen)
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
/* comodity vars */
|
||||
/* commodity vars */
|
||||
ctx = card->ctx;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
|
@ -215,7 +215,7 @@ static int cwa_compose_tlv(sc_card_t * card,
|
|||
* Parse and APDU Response and extract specific BER-TLV data.
|
||||
*
|
||||
* NOTICE that iso7816 sect 5.2.2 states that Tag length may be 1 to n bytes
|
||||
* length. In this code we'll assume allways tag lenght = 1 byte
|
||||
* length. In this code we'll assume always tag length = 1 byte
|
||||
*
|
||||
* FIXME use `sc_asn1_read_tag` or similar instead
|
||||
*
|
||||
|
@ -237,7 +237,7 @@ static int cwa_parse_tlv(sc_card_t * card,
|
|||
/* preliminary checks */
|
||||
if (!card || !card->ctx)
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
/* comodity vars */
|
||||
/* commodity vars */
|
||||
ctx = card->ctx;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
|
@ -316,11 +316,11 @@ static int cwa_parse_tlv(sc_card_t * card,
|
|||
*
|
||||
* This routine uses Root CA public key data From Annex III of manual
|
||||
* to verify intermediate CA icc certificate provided by card
|
||||
* if verify sucess, then extract public keys from intermediate CA
|
||||
* if verify success, then extract public keys from intermediate CA
|
||||
* and verify icc certificate
|
||||
*
|
||||
* @param card pointer to sc_card_contex
|
||||
* @param sub_ca_cert icc intermediate CA certificate readed from card
|
||||
* @param sub_ca_cert icc intermediate CA certificate read from card
|
||||
* @param icc_ca icc certificate from card
|
||||
* @return SC_SUCCESS if verification is ok; else error code
|
||||
*/
|
||||
|
@ -421,8 +421,8 @@ static int cwa_verify_cvc_certificate(sc_card_t * card,
|
|||
/**
|
||||
* Alternate implementation for set_security environment.
|
||||
*
|
||||
* Used to handle raw apdu data in set_security_env() on SM stblishment
|
||||
* Standard set_securiy_env() method has sc_security_env->buffer limited
|
||||
* Used to handle raw apdu data in set_security_env() on SM establishment
|
||||
* Standard set_security_env() method has sc_security_env->buffer limited
|
||||
* to 8 bytes; so cannot send some of required SM commands.
|
||||
*
|
||||
* @param card pointer to card data
|
||||
|
@ -941,7 +941,7 @@ static int cwa_verify_internal_auth(sc_card_t * card,
|
|||
}
|
||||
len2 = BN_bn2bin(sigbn, buf2); /* copy result to buffer */
|
||||
if (len2 <= 0) {
|
||||
msg = "Verify Signature: cannot conver bignum to buffer";
|
||||
msg = "Verify Signature: cannot convert bignum to buffer";
|
||||
res = SC_ERROR_INTERNAL;
|
||||
goto verify_internal_done;
|
||||
}
|
||||
|
@ -982,11 +982,11 @@ static int cwa_verify_internal_auth(sc_card_t * card,
|
|||
/**
|
||||
* Create Secure Messaging channel.
|
||||
*
|
||||
* This is the main entry point for CWA14890 SM chanel creation.
|
||||
* This is the main entry point for CWA14890 SM channel creation.
|
||||
* It closely follows cwa standard, with a minor modification:
|
||||
* - ICC serial number is taken at the begining of SM creation
|
||||
* - ICC serial number is taken at the beginning of SM creation
|
||||
* - ICC and IFD certificate agreement process is reversed, to allow
|
||||
* card to retain key references on further proccess (this behavior
|
||||
* card to retain key references on further process (this behavior
|
||||
* is also defined in standard)
|
||||
*
|
||||
* Based on Several documents:
|
||||
|
@ -1029,7 +1029,7 @@ int cwa_create_secure_channel(sc_card_t * card,
|
|||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
if (!provider)
|
||||
return SC_ERROR_SM_NOT_INITIALIZED;
|
||||
/* comodity vars */
|
||||
/* commodity vars */
|
||||
ctx = card->ctx;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
|
@ -1085,7 +1085,7 @@ int cwa_create_secure_channel(sc_card_t * card,
|
|||
/* Read Intermediate CA from card */
|
||||
if (!provider->cwa_get_icc_intermediate_ca_cert) {
|
||||
sc_log(ctx,
|
||||
"Step 8.4.1.6: Skip Retrieveing ICC intermediate CA");
|
||||
"Step 8.4.1.6: Skip Retrieving ICC intermediate CA");
|
||||
ca_cert = NULL;
|
||||
} else {
|
||||
sc_log(ctx, "Step 8.4.1.7: Retrieving ICC intermediate CA");
|
||||
|
@ -1187,7 +1187,7 @@ int cwa_create_secure_channel(sc_card_t * card,
|
|||
res = cwa_compose_tlv(card, 0x83, bufferlen, buffer, &tlv, &tlvlen);
|
||||
if (res != SC_SUCCESS) {
|
||||
msg =
|
||||
"Cannot compose tlv for setting intermeditate CA key reference";
|
||||
"Cannot compose tlv for setting intermediate CA key reference";
|
||||
goto csc_end;
|
||||
}
|
||||
res = cwa_set_security_env(card, 0x81, 0xB6, tlv, tlvlen);
|
||||
|
@ -1196,7 +1196,7 @@ int cwa_create_secure_channel(sc_card_t * card,
|
|||
goto csc_end;
|
||||
}
|
||||
|
||||
/* Send IFD certiticate in CVC format C_CV_IFD */
|
||||
/* Send IFD certificate in CVC format C_CV_IFD */
|
||||
sc_log(ctx,
|
||||
"Step 8.4.1.5: Send CVC IFD Certificate for ICC verification");
|
||||
res = provider->cwa_get_cvc_ifd_cert(card, &cert, &certlen);
|
||||
|
@ -1475,7 +1475,7 @@ int cwa_encode_apdu(sc_card_t * card,
|
|||
|
||||
/* start kriptbuff with iso padding indicator */
|
||||
*cryptbuf = 0x01;
|
||||
/* aply TDES + CBC with kenc and iv=(0,..,0) */
|
||||
/* apply TDES + CBC with kenc and iv=(0,..,0) */
|
||||
DES_ede3_cbc_encrypt(msgbuf, cryptbuf + 1, dlen, &k1, &k2, &k1,
|
||||
&iv, DES_ENCRYPT);
|
||||
/* compose data TLV and add to result buffer */
|
||||
|
@ -1536,7 +1536,7 @@ int cwa_encode_apdu(sc_card_t * card,
|
|||
|
||||
/* compose and add computed MAC TLV to result buffer */
|
||||
tlv_len = (card->atr.value[15] >= DNIE_30_VERSION)? 8 : 4;
|
||||
sc_log(ctx, "Using TLV lenght: %"SC_FORMAT_LEN_SIZE_T"u", tlv_len);
|
||||
sc_log(ctx, "Using TLV length: %"SC_FORMAT_LEN_SIZE_T"u", tlv_len);
|
||||
res = cwa_compose_tlv(card, 0x8E, tlv_len, macbuf, &apdubuf, &apdulen);
|
||||
if (res != SC_SUCCESS) {
|
||||
msg = "Encode APDU compose_tlv(0x87) failed";
|
||||
|
|
|
@ -60,9 +60,9 @@ typedef struct cwa_provider_st {
|
|||
*
|
||||
* This code is called before any operation required in
|
||||
* standard cwa14890 SM stablisment process. It's usually
|
||||
* used for adquiring/initialize data to be used in the
|
||||
* used for acquiring/initialize data to be used in the
|
||||
* process (i.e: retrieve card serial number), to make sure
|
||||
* that no extra apdu is sent during the SM stablishment procedure
|
||||
* that no extra apdu is sent during the SM establishment procedure
|
||||
*
|
||||
* @param card pointer to card driver structure
|
||||
* @param provider pointer to SM data provider for DNIe
|
||||
|
@ -74,8 +74,8 @@ typedef struct cwa_provider_st {
|
|||
/**
|
||||
* CWA-14890 SM stablisment post-operations.
|
||||
*
|
||||
* This code is called after sucessfull SM chanel stablishment
|
||||
* procedure, and before returning from create_sm_chanel() function
|
||||
* This code is called after successful SM channel establishment
|
||||
* procedure, and before returning from create_sm_channel() function
|
||||
* May be use for store data, trace, logs and so
|
||||
*
|
||||
* @param card pointer to card driver structure
|
||||
|
@ -115,7 +115,7 @@ typedef struct cwa_provider_st {
|
|||
/**
|
||||
* Get RSA IFD (Terminal) private key data.
|
||||
*
|
||||
* Notice that resulting data should be keept in memory as little
|
||||
* Notice that resulting data should be kept in memory as little
|
||||
* as possible Erasing them once used
|
||||
*
|
||||
* @param card pointer to card driver structure
|
||||
|
@ -131,7 +131,7 @@ typedef struct cwa_provider_st {
|
|||
*
|
||||
* But to do this, an special OpenSSL with PACE extensions is
|
||||
* needed. In the meantime, let's use binary buffers to get
|
||||
* CVC and key references, until an CV_CERT hancling API
|
||||
* CVC and key references, until an CV_CERT handling API
|
||||
* become available in standard OpenSSL
|
||||
*
|
||||
*@see http://openpace.sourceforge.net
|
||||
|
@ -150,7 +150,7 @@ typedef struct cwa_provider_st {
|
|||
* @return SC_SUCCESS if ok; else error code
|
||||
*/
|
||||
int (*cwa_get_cvc_ca_cert) (sc_card_t * card, u8 ** cert,
|
||||
size_t * lenght);
|
||||
size_t * length);
|
||||
|
||||
/**
|
||||
* Retrieve IFD (application) CVC certificate and length.
|
||||
|
@ -165,7 +165,7 @@ typedef struct cwa_provider_st {
|
|||
* @return SC_SUCCESS if ok; else error code
|
||||
*/
|
||||
int (*cwa_get_cvc_ifd_cert) (sc_card_t * card, u8 ** cert,
|
||||
size_t * lenght);
|
||||
size_t * length);
|
||||
|
||||
/**
|
||||
* Retrieve public key reference for Root CA to validate CVC intermediate CA certs.
|
||||
|
|
|
@ -214,7 +214,7 @@ int sc_enum_apps(sc_card_t *card)
|
|||
size_t rec_size;
|
||||
|
||||
/* Arbitrary set '16' as maximal number of records to check out:
|
||||
* to avoid endless loop because of some uncomplete cards/drivers */
|
||||
* to avoid endless loop because of some incomplete cards/drivers */
|
||||
for (rec_nr = 1; rec_nr < 16; rec_nr++) {
|
||||
r = sc_read_record(card, rec_nr, buf, sizeof(buf), SC_RECORD_BY_REC_NR);
|
||||
if (r == SC_ERROR_RECORD_NOT_FOUND)
|
||||
|
|
|
@ -344,7 +344,7 @@ iasecc_se_parse(struct sc_card *card, unsigned char *data, size_t data_len, stru
|
|||
LOG_TEST_RET(ctx, size_size, "parse error: invalid SDO SE data size");
|
||||
|
||||
if (data_len != size + size_size + 3)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: invalide SDO SE data size");
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: invalid SDO SE data size");
|
||||
|
||||
data += 3 + size_size;
|
||||
data_len = size;
|
||||
|
@ -364,7 +364,7 @@ iasecc_se_parse(struct sc_card *card, unsigned char *data, size_t data_len, stru
|
|||
LOG_TEST_RET(ctx, size_size, "parse error: invalid size data");
|
||||
|
||||
if (data_len != size + size_size + 1)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: invalide SE data size");
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: invalid SE data size");
|
||||
|
||||
offs = 1 + size_size;
|
||||
for (; offs < data_len;) {
|
||||
|
@ -375,7 +375,7 @@ iasecc_se_parse(struct sc_card *card, unsigned char *data, size_t data_len, stru
|
|||
}
|
||||
|
||||
if (offs != data_len)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: not totaly parsed");
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: not totally parsed");
|
||||
|
||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||
}
|
||||
|
@ -583,7 +583,7 @@ iasecc_parse_docp(struct sc_card *card, unsigned char *data, size_t data_len, st
|
|||
LOG_TEST_RET(ctx, rv, "iasecc_parse_get_tlv() get and parse TLV error");
|
||||
|
||||
sc_log(ctx,
|
||||
"iasecc_parse_docp() parse_get_tlv retuned %i; tag %X; size %"SC_FORMAT_LEN_SIZE_T"u",
|
||||
"iasecc_parse_docp() parse_get_tlv returned %i; tag %X; size %"SC_FORMAT_LEN_SIZE_T"u",
|
||||
rv, tlv.tag, tlv.size);
|
||||
|
||||
if (tlv.tag == IASECC_DOCP_TAG_ACLS) {
|
||||
|
@ -606,7 +606,7 @@ iasecc_parse_docp(struct sc_card *card, unsigned char *data, size_t data_len, st
|
|||
else if (tlv.tag == IASECC_DOCP_TAG_ISSUER_DATA) {
|
||||
sdo->docp.issuer_data = tlv;
|
||||
}
|
||||
else if (tlv.tag == IASECC_DOCP_TAG_NON_REPUDATION) {
|
||||
else if (tlv.tag == IASECC_DOCP_TAG_NON_REPUDIATION) {
|
||||
sdo->docp.non_repudiation = tlv;
|
||||
}
|
||||
else if (tlv.tag == IASECC_DOCP_TAG_USAGE_REMAINING) {
|
||||
|
@ -655,7 +655,7 @@ iasecc_sdo_parse_data(struct sc_card *card, unsigned char *data, struct iasecc_s
|
|||
free(tlv.value);
|
||||
LOG_TEST_RET(ctx, rv, "parse error: cannot parse DOCP");
|
||||
}
|
||||
else if (tlv.tag == IASECC_DOCP_TAG_NON_REPUDATION) {
|
||||
else if (tlv.tag == IASECC_DOCP_TAG_NON_REPUDIATION) {
|
||||
sdo->docp.non_repudiation = tlv;
|
||||
}
|
||||
else if (tlv.tag == IASECC_DOCP_TAG_USAGE_REMAINING) {
|
||||
|
@ -745,7 +745,7 @@ iasecc_sdo_parse(struct sc_card *card, unsigned char *data, size_t data_len, str
|
|||
LOG_TEST_RET(ctx, size_size, "parse error: invalid size data");
|
||||
|
||||
if (data_len != size + size_size + 3)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: invalide SDO data size");
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: invalid SDO data size");
|
||||
|
||||
sc_log(ctx,
|
||||
"sz %"SC_FORMAT_LEN_SIZE_T"u, sz_size %"SC_FORMAT_LEN_SIZE_T"u",
|
||||
|
@ -760,7 +760,7 @@ iasecc_sdo_parse(struct sc_card *card, unsigned char *data, size_t data_len, str
|
|||
}
|
||||
|
||||
if (offs != data_len)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: not totaly parsed");
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: not totally parsed");
|
||||
|
||||
sc_log(ctx,
|
||||
"docp.acls_contact.size %"SC_FORMAT_LEN_SIZE_T"u, docp.size.size %"SC_FORMAT_LEN_SIZE_T"u",
|
||||
|
@ -803,7 +803,7 @@ iasecc_sdo_allocate_and_parse(struct sc_card *card, unsigned char *data, size_t
|
|||
LOG_TEST_RET(ctx, size_size, "parse error: invalid size data");
|
||||
|
||||
if (data_len != size + size_size + 3)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: invalide SDO data size");
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: invalid SDO data size");
|
||||
|
||||
sc_log(ctx,
|
||||
"sz %"SC_FORMAT_LEN_SIZE_T"u, sz_size %"SC_FORMAT_LEN_SIZE_T"u",
|
||||
|
@ -818,7 +818,7 @@ iasecc_sdo_allocate_and_parse(struct sc_card *card, unsigned char *data, size_t
|
|||
}
|
||||
|
||||
if (offs != data_len)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: not totaly parsed");
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: not totally parsed");
|
||||
|
||||
sc_log(ctx,
|
||||
"docp.acls_contact.size %"SC_FORMAT_LEN_SIZE_T"u; docp.size.size %"SC_FORMAT_LEN_SIZE_T"u",
|
||||
|
@ -922,7 +922,7 @@ iasecc_encode_docp(struct sc_context *ctx, struct iasecc_sdo_docp *docp, unsigne
|
|||
LOG_TEST_RET(ctx, rv, "ECC: cannot add USAGE REMAINING to blob");
|
||||
|
||||
rv = iasecc_update_blob(ctx, &docp->non_repudiation, &tmp_blob, &blob_size);
|
||||
LOG_TEST_RET(ctx, rv, "ECC: cannot add NON REPUDATION to blob");
|
||||
LOG_TEST_RET(ctx, rv, "ECC: cannot add NON REPUDIATION to blob");
|
||||
|
||||
rv = iasecc_update_blob(ctx, &docp->size, &tmp_blob, &blob_size);
|
||||
LOG_TEST_RET(ctx, rv, "ECC: cannot add SIZE to blob");
|
||||
|
@ -1212,7 +1212,7 @@ iasecc_sdo_parse_card_answer(struct sc_context *ctx, unsigned char *data, size_t
|
|||
|
||||
if (*(data + offs) == IASECC_CARD_ANSWER_TAG_DATA ) {
|
||||
if (size > sizeof(out->data))
|
||||
LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "iasecc_sm_decode_answer() unbelivable !!!");
|
||||
LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "iasecc_sm_decode_answer() unbelievable !!!");
|
||||
|
||||
memcpy(out->data, data + offs + size_size + 1, size);
|
||||
out->data_len = size;
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
#define IASECC_DOCP_TAG_TRIES_REMAINING 0x9B
|
||||
#define IASECC_DOCP_TAG_USAGE_MAXIMUM 0x9C
|
||||
#define IASECC_DOCP_TAG_USAGE_REMAINING 0x9D
|
||||
#define IASECC_DOCP_TAG_NON_REPUDATION 0x9E
|
||||
#define IASECC_DOCP_TAG_NON_REPUDIATION 0x9E
|
||||
#define IASECC_DOCP_TAG_SIZE 0x80
|
||||
#define IASECC_DOCP_TAG_ACLS 0xA1
|
||||
#define IASECC_DOCP_TAG_ACLS_CONTACT 0x8C
|
||||
|
|
|
@ -335,7 +335,7 @@ iasecc_sm_initialize(struct sc_card *card, unsigned se_num, unsigned cmd)
|
|||
rv = iasecc_sm_transmit_apdus (card, &rdata, cwa_session->mdata, &cwa_session->mdata_len);
|
||||
if (rv == SC_ERROR_PIN_CODE_INCORRECT)
|
||||
sc_log(ctx, "SM initialization failed, %i tries left", (rdata.data + rdata.length - 1)->apdu.sw2 & 0x0F);
|
||||
LOG_TEST_RET(ctx, rv, "iasecc_sm_initialize() trasmit APDUs failed");
|
||||
LOG_TEST_RET(ctx, rv, "iasecc_sm_initialize() transmit APDUs failed");
|
||||
|
||||
rdata.free(&rdata);
|
||||
|
||||
|
|
|
@ -237,7 +237,7 @@ typedef LONG (PCSC_API *SCardGetAttrib_t)(SCARDHANDLE hCard, DWORD dwAttrId,\
|
|||
/* structures used (but not defined) in PCSC Part 10:
|
||||
* "IFDs with Secure Pin Entry Capabilities" */
|
||||
|
||||
/* Set structure elements aligment on bytes
|
||||
/* Set structure elements alignment on bytes
|
||||
* http://gcc.gnu.org/onlinedocs/gcc/Structure_002dPacking-Pragmas.html */
|
||||
#if defined(__APPLE__) || defined(sun)
|
||||
#pragma pack(1)
|
||||
|
|
|
@ -423,7 +423,7 @@ iso7816_process_fci(struct sc_card *card, struct sc_file *file,
|
|||
|
||||
case 0x86:
|
||||
if (SC_SUCCESS != sc_file_set_sec_attr(file, p, length)) {
|
||||
sc_log(ctx, "Warning: Could not set file security prperties");
|
||||
sc_log(ctx, "Warning: Could not set file security properties");
|
||||
}
|
||||
break;
|
||||
|
||||
|
|
|
@ -142,7 +142,7 @@ void mscfs_check_cache(mscfs_t* fs)
|
|||
int mscfs_lookup_path(mscfs_t* fs, const u8 *path, int pathlen, msc_id* objectId, int isDirectory)
|
||||
{
|
||||
u8* oid = objectId->id;
|
||||
if ((pathlen & 1) != 0) /* not divisble by 2 */
|
||||
if ((pathlen & 1) != 0) /* not divisible by 2 */
|
||||
return MSCFS_INVALID_ARGS;
|
||||
if(isDirectory) {
|
||||
/* Directory must be right next to root */
|
||||
|
|
|
@ -85,7 +85,7 @@ extern "C" {
|
|||
/* Key derivation algorithms */
|
||||
#define SC_ALGORITHM_PBKDF2 192
|
||||
|
||||
/* Key encryption algoprithms */
|
||||
/* Key encryption algorithms */
|
||||
#define SC_ALGORITHM_PBES2 256
|
||||
|
||||
#define SC_ALGORITHM_ONBOARD_KEY_GEN 0x80000000
|
||||
|
@ -143,7 +143,7 @@ extern "C" {
|
|||
/* define mask of all algorithms that can do raw */
|
||||
#define SC_ALGORITHM_RAW_MASK (SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_GOSTR3410_RAW | SC_ALGORITHM_ECDSA_RAW)
|
||||
|
||||
/* extened algorithm bits for selected mechs */
|
||||
/* extended algorithm bits for selected mechs */
|
||||
#define SC_ALGORITHM_EXT_EC_F_P 0x00000001
|
||||
#define SC_ALGORITHM_EXT_EC_F_2M 0x00000002
|
||||
#define SC_ALGORITHM_EXT_EC_ECPARAMETERS 0x00000004
|
||||
|
@ -361,7 +361,7 @@ typedef struct sc_reader {
|
|||
struct sc_pin_cmd_pin {
|
||||
const char *prompt; /* Prompt to display */
|
||||
|
||||
const unsigned char *data; /* PIN, if given by the appliction */
|
||||
const unsigned char *data; /* PIN, if given by the application */
|
||||
int len; /* set to -1 to get pin from pin pad */
|
||||
|
||||
size_t min_length; /* min length of PIN */
|
||||
|
@ -601,7 +601,7 @@ struct sc_card_operations {
|
|||
int (*decipher)(struct sc_card *card, const u8 * crgram,
|
||||
size_t crgram_len, u8 * out, size_t outlen);
|
||||
|
||||
/* compute_signature: Generates a digital signature on the card. Similiar
|
||||
/* compute_signature: Generates a digital signature on the card. Similar
|
||||
* to the function decipher. */
|
||||
int (*compute_signature)(struct sc_card *card, const u8 * data,
|
||||
size_t data_len, u8 * out, size_t outlen);
|
||||
|
@ -679,7 +679,7 @@ typedef struct {
|
|||
unsigned long (*thread_id)(void);
|
||||
} sc_thread_context_t;
|
||||
|
||||
/** Stop modifing or using external resources
|
||||
/** Stop modifying or using external resources
|
||||
*
|
||||
* Currently this is used to avoid freeing duplicated external resources for a
|
||||
* process that has been forked. For example, a child process may want to leave
|
||||
|
@ -724,7 +724,7 @@ typedef struct sc_context {
|
|||
/** Sends a APDU to the card
|
||||
* @param card struct sc_card object to which the APDU should be send
|
||||
* @param apdu sc_apdu_t object of the APDU to be send
|
||||
* @return SC_SUCCESS on succcess and an error code otherwise
|
||||
* @return SC_SUCCESS on success and an error code otherwise
|
||||
*/
|
||||
int sc_transmit_apdu(struct sc_card *, struct sc_apdu *);
|
||||
|
||||
|
@ -788,7 +788,7 @@ typedef struct {
|
|||
/** version number of this structure (0 for this version) */
|
||||
unsigned int ver;
|
||||
/** name of the application (used for finding application
|
||||
* dependend configuration data). If NULL the name "default"
|
||||
* dependent configuration data). If NULL the name "default"
|
||||
* will be used. */
|
||||
const char *app_name;
|
||||
/** context flags */
|
||||
|
@ -919,7 +919,7 @@ int sc_disconnect_card(struct sc_card *card);
|
|||
/**
|
||||
* Checks if a card is present in a reader
|
||||
* @param reader Reader structure
|
||||
* @retval If an error occured, the return value is a (negative)
|
||||
* @retval If an error occurred, the return value is a (negative)
|
||||
* OpenSC error code. If no card is present, 0 is returned.
|
||||
* Otherwise, a positive value is returned, which is a
|
||||
* combination of flags. The flag SC_READER_CARD_PRESENT is
|
||||
|
@ -942,9 +942,9 @@ int sc_detect_card_presence(sc_reader_t *reader);
|
|||
* @param event (OUT) the events that occurred. This is also ORed
|
||||
* from the SC_EVENT_CARD_* constants listed above.
|
||||
* @param timeout Amount of millisecs to wait; -1 means forever
|
||||
* @retval < 0 if an error occured
|
||||
* @retval < 0 if an error occurred
|
||||
* @retval = 0 if a an event happened
|
||||
* @retval = 1 if the timeout occured
|
||||
* @retval = 1 if the timeout occurred
|
||||
*/
|
||||
int sc_wait_for_event(sc_context_t *ctx, unsigned int event_mask,
|
||||
sc_reader_t **event_reader, unsigned int *event,
|
||||
|
@ -1045,7 +1045,7 @@ int sc_read_binary(struct sc_card *card, unsigned int idx, u8 * buf,
|
|||
* @param buf buffer with the data
|
||||
* @param count number of bytes to write
|
||||
* @param flags flags for the WRITE BINARY command (currently not used)
|
||||
* @return number of bytes writen or an error code
|
||||
* @return number of bytes written or an error code
|
||||
*/
|
||||
int sc_write_binary(struct sc_card *card, unsigned int idx, const u8 * buf,
|
||||
size_t count, unsigned long flags);
|
||||
|
@ -1056,7 +1056,7 @@ int sc_write_binary(struct sc_card *card, unsigned int idx, const u8 * buf,
|
|||
* @param buf buffer with the new data
|
||||
* @param count number of bytes to update
|
||||
* @param flags flags for the UPDATE BINARY command (currently not used)
|
||||
* @return number of bytes writen or an error code
|
||||
* @return number of bytes written or an error code
|
||||
*/
|
||||
int sc_update_binary(struct sc_card *card, unsigned int idx, const u8 * buf,
|
||||
size_t count, unsigned long flags);
|
||||
|
@ -1067,7 +1067,7 @@ int sc_update_binary(struct sc_card *card, unsigned int idx, const u8 * buf,
|
|||
* @param idx index within the file for the data to be erased
|
||||
* @param count number of bytes to erase
|
||||
* @param flags flags for the ERASE BINARY command (currently not used)
|
||||
* @return number of bytes writen or an error code
|
||||
* @return number of bytes written or an error code
|
||||
*/
|
||||
int sc_erase_binary(struct sc_card *card, unsigned int idx,
|
||||
size_t count, unsigned long flags);
|
||||
|
@ -1096,10 +1096,10 @@ int sc_read_record(struct sc_card *card, unsigned int rec_nr, u8 * buf,
|
|||
* Writes data to a record from the current (i.e. selected) file.
|
||||
* @param card struct sc_card object on which to issue the command
|
||||
* @param rec_nr SC_READ_RECORD_CURRENT or a record number starting from 1
|
||||
* @param buf buffer with to the data to be writen
|
||||
* @param buf buffer with to the data to be written
|
||||
* @param count number of bytes to write
|
||||
* @param flags flags (may contain a short file id of a file to select)
|
||||
* @retval number of bytes writen or an error value
|
||||
* @retval number of bytes written or an error value
|
||||
*/
|
||||
int sc_write_record(struct sc_card *card, unsigned int rec_nr, const u8 * buf,
|
||||
size_t count, unsigned long flags);
|
||||
|
@ -1109,7 +1109,7 @@ int sc_write_record(struct sc_card *card, unsigned int rec_nr, const u8 * buf,
|
|||
* @param buf buffer with to the data for the new record
|
||||
* @param count length of the data
|
||||
* @param flags flags (may contain a short file id of a file to select)
|
||||
* @retval number of bytes writen or an error value
|
||||
* @retval number of bytes written or an error value
|
||||
*/
|
||||
int sc_append_record(struct sc_card *card, const u8 * buf, size_t count,
|
||||
unsigned long flags);
|
||||
|
@ -1117,10 +1117,10 @@ int sc_append_record(struct sc_card *card, const u8 * buf, size_t count,
|
|||
* Updates the data of a record from the current (i.e. selected) file.
|
||||
* @param card struct sc_card object on which to issue the command
|
||||
* @param rec_nr SC_READ_RECORD_CURRENT or a record number starting from 1
|
||||
* @param buf buffer with to the new data to be writen
|
||||
* @param buf buffer with to the new data to be written
|
||||
* @param count number of bytes to update
|
||||
* @param flags flags (may contain a short file id of a file to select)
|
||||
* @retval number of bytes writen or an error value
|
||||
* @retval number of bytes written or an error value
|
||||
*/
|
||||
int sc_update_record(struct sc_card *card, unsigned int rec_nr, const u8 * buf,
|
||||
size_t count, unsigned long flags);
|
||||
|
|
|
@ -161,7 +161,7 @@ sc_pkcs15_get_name_from_dn(struct sc_context *ctx, const u8 *dn, size_t dn_len,
|
|||
|
||||
rdn = sc_asn1_skip_tag(ctx, &dn, &dn_len, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, &rdn_len);
|
||||
if (rdn == NULL)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ASN1_OBJECT, "ASN.1 decoding of Distiguished Name");
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ASN1_OBJECT, "ASN.1 decoding of Distinguished Name");
|
||||
|
||||
for (next_ava = rdn, next_ava_len = rdn_len; next_ava_len; ) {
|
||||
const u8 *ava, *dummy, *oidp;
|
||||
|
@ -222,7 +222,7 @@ sc_pkcs15_get_name_from_dn(struct sc_context *ctx, const u8 *dn, size_t dn_len,
|
|||
* The extension is identified by it's oid value.
|
||||
* NOTE: extensions can occur in any number or any order, which is why we
|
||||
* can't parse them with a single pass of the asn1 decoder.
|
||||
* If is_critical is supplied, then it is set to 1 if the extention is critical
|
||||
* If is_critical is supplied, then it is set to 1 if the extension is critical
|
||||
* and 0 if it is not.
|
||||
* The data in the extension is extension specific.
|
||||
* The following are common extension values:
|
||||
|
|
|
@ -561,7 +561,7 @@ static int sc_pkcs15emu_coolkey_init(sc_pkcs15_card_t *p15card)
|
|||
|
||||
memset(&obj_obj, 0, sizeof(obj_obj));
|
||||
/* coolkey applets have label only on the certificates,
|
||||
* but we should copy it also to the keys maching the same ID */
|
||||
* but we should copy it also to the keys matching the same ID */
|
||||
coolkey_get_attribute_bytes(card, &coolkey_obj, CKA_LABEL, (u8 *)obj_obj.label, &len, sizeof(obj_obj.label));
|
||||
coolkey_get_flags(card, &coolkey_obj, &obj_obj.flags);
|
||||
if (obj_obj.flags & SC_PKCS15_CO_FLAG_PRIVATE) {
|
||||
|
|
|
@ -293,7 +293,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
|
|||
if (r < 0)
|
||||
continue;
|
||||
|
||||
/* need to reverse the modulus skiping the tag */
|
||||
/* need to reverse the modulus skipping the tag */
|
||||
j = kinfo[num_keyinfo].modulus_len;
|
||||
cp = kinfo[num_keyinfo].modulus;
|
||||
while (j--)
|
||||
|
@ -328,7 +328,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
|
|||
if (!gsdata)
|
||||
return SC_ERROR_OUT_OF_MEMORY;
|
||||
|
||||
/* set indcies of data in gsdata */
|
||||
/* set indices of data in gsdata */
|
||||
idx1 = 0; /* start point */
|
||||
idx2 = 0; /* index of last data read so far */
|
||||
|
||||
|
@ -481,7 +481,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
|
|||
prkey_info.modulus_length= prkeys[i].modulus_len;
|
||||
sc_format_path(prkeys[i].path, &prkey_info.path);
|
||||
|
||||
/*DEE need to look for them by reading and checking mudulus vs cert */
|
||||
/*DEE need to look for them by reading and checking modulus vs cert */
|
||||
|
||||
/* will use the default path, unless we found a key with */
|
||||
/* the same modulus as the cert(s) we already added */
|
||||
|
|
|
@ -225,7 +225,7 @@ static int gemsafe_get_cert_len(sc_card_t *card)
|
|||
}
|
||||
|
||||
/* Delete additional key containers from the data structures if
|
||||
* this card can't accomodate them.
|
||||
* this card can't accommodate them.
|
||||
*/
|
||||
for (; i < gemsafe_cert_max; i++) {
|
||||
gemsafe_prkeys[i].label = NULL;
|
||||
|
@ -325,7 +325,7 @@ static int sc_pkcs15emu_gemsafeV1_init( sc_pkcs15_card_t *p15card)
|
|||
apdu.cla = 0x80;
|
||||
apdu.resp = rbuf;
|
||||
apdu.resplen = sizeof(rbuf);
|
||||
/* Manual says Le=0x05, but should be 0x08 to return full version numer */
|
||||
/* Manual says Le=0x05, but should be 0x08 to return full version number */
|
||||
apdu.le = 0x08;
|
||||
apdu.lc = 0;
|
||||
apdu.datalen = 0;
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
#include "iasecc.h"
|
||||
#include "aux-data.h"
|
||||
|
||||
#define IASECC_GEMALTO_MD_APPLICAITON_NAME "CSP"
|
||||
#define IASECC_GEMALTO_MD_APPLICATION_NAME "CSP"
|
||||
#define IASECC_GEMALTO_MD_DEFAULT_CONT_LABEL "Default Key Container"
|
||||
|
||||
static int
|
||||
|
@ -137,7 +137,7 @@ _iasecc_parse_df(struct sc_pkcs15_card *p15card, struct sc_pkcs15_df *df)
|
|||
for(ii=0; ii<count; ii++) {
|
||||
struct sc_pkcs15_data_info *dinfo = (struct sc_pkcs15_data_info *)dobjs[ii]->data;
|
||||
|
||||
if (strcmp(dinfo->app_label, IASECC_GEMALTO_MD_APPLICAITON_NAME))
|
||||
if (strcmp(dinfo->app_label, IASECC_GEMALTO_MD_APPLICATION_NAME))
|
||||
continue;
|
||||
|
||||
if (!strcmp(dobjs[ii]->label, IASECC_GEMALTO_MD_DEFAULT_CONT_LABEL)) {
|
||||
|
@ -151,7 +151,7 @@ _iasecc_parse_df(struct sc_pkcs15_card *p15card, struct sc_pkcs15_df *df)
|
|||
struct sc_pkcs15_data_info *dinfo = (struct sc_pkcs15_data_info *)dobjs[ii]->data;
|
||||
int default_cont = 0;
|
||||
|
||||
if (strcmp(dinfo->app_label, IASECC_GEMALTO_MD_APPLICAITON_NAME))
|
||||
if (strcmp(dinfo->app_label, IASECC_GEMALTO_MD_APPLICATION_NAME))
|
||||
continue;
|
||||
|
||||
if (!strcmp(dobjs[ii]->label, IASECC_GEMALTO_MD_DEFAULT_CONT_LABEL))
|
||||
|
|
|
@ -401,7 +401,7 @@ static int get_name_from_EF_DatiPersonali(unsigned char *EFdata,
|
|||
{
|
||||
/*
|
||||
* Bytes 0-5 contain the ASCII encoding of the following TLV
|
||||
* strcture's total size, in base 16.
|
||||
* structure's total size, in base 16.
|
||||
*/
|
||||
|
||||
const unsigned int EF_personaldata_maxlen = 400;
|
||||
|
@ -689,7 +689,7 @@ static int itacns_check_and_add_keyset(sc_pkcs15_card_t *p15card,
|
|||
"Could not read certificate file");
|
||||
path.index = cert_offset;
|
||||
path.count = (certlen[1] << 8) + certlen[2];
|
||||
/* If those bytes are 00, then we are probably dealign with an
|
||||
/* If those bytes are 00, then we are probably dealing with an
|
||||
* empty file. */
|
||||
if (path.count == 0)
|
||||
return 0;
|
||||
|
|
|
@ -593,7 +593,7 @@ sc_pkcs15emu_oberthur_add_pubkey(struct sc_pkcs15_card *p15card,
|
|||
LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add public key: no 'ID'");
|
||||
len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100;
|
||||
if (!len || len > sizeof(key_info.id.value))
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Failed to add public key: invalie 'ID' length");
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Failed to add public key: invalid 'ID' length");
|
||||
memcpy(key_info.id.value, info_blob + offs + 2, len);
|
||||
key_info.id.len = len;
|
||||
|
||||
|
@ -663,7 +663,7 @@ sc_pkcs15emu_oberthur_add_cert(struct sc_pkcs15_card *p15card, unsigned int file
|
|||
LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add certificate: no 'ID'");
|
||||
len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100;
|
||||
if (len > sizeof(cinfo.id.value))
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Failed to add certificate: invalie 'ID' length");
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Failed to add certificate: invalid 'ID' length");
|
||||
memcpy(cinfo.id.value, info_blob + offs + 2, len);
|
||||
cinfo.id.len = len;
|
||||
|
||||
|
@ -1081,7 +1081,7 @@ sc_awp_parse_df(struct sc_pkcs15_card *p15card, struct sc_pkcs15_df *df)
|
|||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||
|
||||
rv = sc_oberthur_read_file(p15card, AWP_OBJECTS_LIST_PRV, &buf, &buf_len, 1);
|
||||
LOG_TEST_RET(ctx, rv, "Parse DF: read pribate objects info failed");
|
||||
LOG_TEST_RET(ctx, rv, "Parse DF: read private objects info failed");
|
||||
|
||||
rv = sc_oberthur_parse_privateinfo(p15card, buf, buf_len, 0);
|
||||
|
||||
|
|
|
@ -119,7 +119,7 @@ typedef struct common_key_info_st {
|
|||
* We need to return a GUID like value for each object
|
||||
* But this needs to be some what unique.
|
||||
* So we will use two different methods, depending
|
||||
* on the size of the sereal number.
|
||||
* on the size of the serial number.
|
||||
* If it is 25 bytes, then it was from a FASCN. If 16 bytes
|
||||
* its from a GUID.
|
||||
* If neither, we will uase the default method.
|
||||
|
@ -153,12 +153,12 @@ static int piv_get_guid(struct sc_pkcs15_card *p15card, const struct sc_pkcs15_o
|
|||
if (id.len == 1 && serialnr.len == 25) {
|
||||
|
||||
/* It is from a FASCN, and we need to shorten it but keep
|
||||
* as much uniquness as possible.
|
||||
* as much uniqueness as possible.
|
||||
* FASC-N is stored like a ISO 7811 Magnetic Strip Card
|
||||
* Using the ANSI/ISO BCD Data Format
|
||||
* 4 data bit + 1 parity bit (odd) least significant bit first.
|
||||
* It starts with the Start Sentinel 0x0b ";"
|
||||
* Fields are seperated by 0x0d "="
|
||||
* Fields are separated by 0x0d "="
|
||||
* Ends with End Sentinel 0x0f "?"
|
||||
* Its 39 characters + the LRC
|
||||
* http://www.dataip.co.uk/Reference/MagneticCardBCD.php
|
||||
|
@ -323,7 +323,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
|
|||
};
|
||||
/*
|
||||
* NIST 800-73-1 lifted the restriction on
|
||||
* requering pin protected certs. Thus the default is to
|
||||
* requiring pin protected certs. Thus the default is to
|
||||
* not require this.
|
||||
*/
|
||||
/* certs will be pulled out from the cert objects */
|
||||
|
@ -386,7 +386,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
|
|||
* but can be derived from the certificates.
|
||||
* the cert, pubkey and privkey are a set.
|
||||
* Key usages bits taken from pkcs15v1_1 Table 2
|
||||
* RSA and EC hav differents set of usage
|
||||
* RSA and EC have different sets of usage
|
||||
*/
|
||||
static const pubdata pubkeys[PIV_NUM_CERTS_AND_KEYS] = {
|
||||
|
||||
|
@ -699,7 +699,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
|
|||
* they are in order
|
||||
* We need to read the cert, get modulus and keylen
|
||||
* We use those for the pubkey, and priv key objects.
|
||||
* If no cert, then see if pubkey (i.e. we are initilizing,
|
||||
* If no cert, then see if pubkey (i.e. we are initializing,
|
||||
* and the pubkey is in a file,) then add pubkey and privkey
|
||||
* If no cert and no pubkey, skip adding them.
|
||||
|
||||
|
@ -909,7 +909,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
|
|||
break;
|
||||
|
||||
default:
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsuported key.algorithm %d", cert_out->key->algorithm);
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported key.algorithm %d", cert_out->key->algorithm);
|
||||
ckis[i].pubkey_len = 0; /* set some value for now */
|
||||
}
|
||||
ckis[i].pubkey_from_cert = cert_out->key;
|
||||
|
@ -975,9 +975,9 @@ sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DEE Adding pin %d label=%s",i, label);
|
|||
|
||||
|
||||
/* set public keys */
|
||||
/* We may only need this during initialzation when genkey
|
||||
/* We may only need this during initialization when genkey
|
||||
* gets the pubkey, but it can not be read from the card
|
||||
* at a later time. The piv-tool can stach pubkey in file
|
||||
* at a later time. The piv-tool can stash pubkey in file
|
||||
*/
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "PIV-II adding pub keys...");
|
||||
for (i = 0; i < PIV_NUM_CERTS_AND_KEYS; i++) {
|
||||
|
@ -1003,7 +1003,7 @@ sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DEE Adding pin %d label=%s",i, label);
|
|||
if (pubkeys[i].auth_id)
|
||||
sc_pkcs15_format_id(pubkeys[i].auth_id, &pubkey_obj.auth_id);
|
||||
|
||||
/* If no cert found, piv-tool may have stached the pubkey
|
||||
/* If no cert found, piv-tool may have stashed the pubkey
|
||||
* so we can use it when generating a certificate request
|
||||
* The file is a OpenSSL DER EVP_KEY, which looks like
|
||||
* a certificate subjectPublicKeyInfo.
|
||||
|
@ -1149,11 +1149,11 @@ sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DEE Adding pin %d label=%s",i, label);
|
|||
|
||||
/*
|
||||
* When no cert is present and a pubkey in a file was found,
|
||||
* means the caller is initilaizeing a card. A sign operation
|
||||
* means the caller is initializing a card. A sign operation
|
||||
* will be required to sign a certificate request even if
|
||||
* normal usage would not allow it. Set SC_PKCS15_PRKEY_USAGE_SIGN
|
||||
* TODO if code is added to allow key generation and reqest
|
||||
* sign in the same session, similiar code will be needed.
|
||||
* TODO if code is added to allow key generation and request
|
||||
* sign in the same session, similar code will be needed.
|
||||
*/
|
||||
|
||||
if (ckis[i].pubkey_from_file == 1) {
|
||||
|
|
|
@ -200,7 +200,7 @@ sc_pkcs15_decode_pubkey_direct_value(struct sc_pkcs15_card *p15card, struct sc_p
|
|||
LOG_TEST_RET(ctx, rv, "Failed to decode 'SPKI' direct value");
|
||||
|
||||
rv = sc_pkcs15_encode_pubkey(ctx, pubkey, &info->direct.raw.value, &info->direct.raw.len);
|
||||
LOG_TEST_RET(ctx, rv, "Failed to endode 'RAW' direct value");
|
||||
LOG_TEST_RET(ctx, rv, "Failed to encode 'RAW' direct value");
|
||||
sc_pkcs15_free_pubkey(pubkey);
|
||||
}
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* pkcs15-sec.c: PKCS#15 cryptography functions
|
||||
*
|
||||
* Copyright (C) 2001, 2002 Juha Yrjölä <juha.yrjola@iki.fi>
|
||||
* Copyrigth (C) 2007 Nils Larsch <nils@larsch.net>
|
||||
* Copyright (C) 2007 Nils Larsch <nils@larsch.net>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
@ -49,7 +49,7 @@ static int select_key_file(struct sc_pkcs15_card *p15card,
|
|||
/* TODO: Why file_app may be NULL -- at least 3F00 has to be present?
|
||||
* Check validity of the following assumption. */
|
||||
/* For pkcs15-emulated cards, the file_app may be NULL,
|
||||
* in that case we allways assume an absolute path */
|
||||
* in that case we always assume an absolute path */
|
||||
if (!prkey->path.len && prkey->path.aid.len) {
|
||||
/* Private key is a SDO allocated in application DF */
|
||||
path = prkey->path;
|
||||
|
|
|
@ -116,7 +116,7 @@ sc_pkcs15_bind_synthetic(sc_pkcs15_card_t *p15card, struct sc_aid *aid)
|
|||
conf_block = sc_get_conf_block(ctx, "framework", "pkcs15", 1);
|
||||
|
||||
if (!conf_block) {
|
||||
/* no conf file found => try bultin drivers */
|
||||
/* no conf file found => try builtin drivers */
|
||||
sc_log(ctx, "no conf file (or section), trying all builtin emulators");
|
||||
for (i = 0; builtin_emulators[i].name; i++) {
|
||||
sc_log(ctx, "trying %s", builtin_emulators[i].name);
|
||||
|
|
|
@ -611,7 +611,7 @@ typedef struct sc_pkcs15_card {
|
|||
/* flags suitable for struct sc_pkcs15_card */
|
||||
#define SC_PKCS15_CARD_FLAG_EMULATED 0x02000000
|
||||
|
||||
/* X509 bits for certificate usage extansion */
|
||||
/* X509 bits for certificate usage extension */
|
||||
#define SC_X509_DIGITAL_SIGNATURE 0x0001UL
|
||||
#define SC_X509_NON_REPUDIATION 0x0002UL
|
||||
#define SC_X509_KEY_ENCIPHERMENT 0x0004UL
|
||||
|
@ -885,7 +885,7 @@ int sc_pkcs15_encode_unusedspace(struct sc_context *ctx,
|
|||
struct sc_pkcs15_card *p15card,
|
||||
u8 **buf, size_t *buflen);
|
||||
|
||||
/* Deduce private key attributes from cerresponding certificate */
|
||||
/* Deduce private key attributes from corresponding certificate */
|
||||
int sc_pkcs15_prkey_attrs_from_cert(struct sc_pkcs15_card *, struct sc_pkcs15_object *,
|
||||
struct sc_pkcs15_object **);
|
||||
|
||||
|
|
|
@ -183,7 +183,7 @@ static int cryptotokenkit_connect(sc_reader_t *reader)
|
|||
return SC_ERROR_CARD_NOT_PRESENT;
|
||||
|
||||
/* if tksmartcard.context is set to nil, we know that the card has been
|
||||
* reset or aquired by a different session */
|
||||
* reset or acquired by a different session */
|
||||
priv->tksmartcard.context = @(YES);
|
||||
|
||||
/* attempt to detect protocol in use T0/T1/RAW */
|
||||
|
|
|
@ -141,7 +141,7 @@ static int refresh_attributes(sc_reader_t *reader)
|
|||
} else {
|
||||
if (rbuf[0] != CTBCS_P2_STATUS_ICC) {
|
||||
/* Should we be more tolerant here? I do not think so... */
|
||||
sc_log(reader->ctx, "Invalid data object returnd on CTBCS_P2_STATUS_ICC: 0x%x", rbuf[0]);
|
||||
sc_log(reader->ctx, "Invalid data object returned on CTBCS_P2_STATUS_ICC: 0x%x", rbuf[0]);
|
||||
return SC_ERROR_TRANSMIT_FAILED;
|
||||
}
|
||||
/* Fixme - should not be reached */
|
||||
|
@ -435,11 +435,11 @@ static int ctapi_load_module(sc_context_t *ctx,
|
|||
if (rbuf[0] != CTBCS_P2_STATUS_TFU) {
|
||||
/* Number of slots might also detected by using CTBCS_P2_STATUS_ICC.
|
||||
If you think that's important please do it... ;) */
|
||||
sc_log(reader->ctx, "Invalid data object returnd on CTBCS_P2_STATUS_TFU: 0x%x", rbuf[0]);
|
||||
sc_log(reader->ctx, "Invalid data object returned on CTBCS_P2_STATUS_TFU: 0x%x", rbuf[0]);
|
||||
}
|
||||
NumUnits = rbuf[1];
|
||||
if (NumUnits + 4 > lr) {
|
||||
sc_log(reader->ctx, "Invalid data returnd: %d functional units, size %d", NumUnits, rv);
|
||||
sc_log(reader->ctx, "Invalid data returned: %d functional units, size %d", NumUnits, rv);
|
||||
}
|
||||
priv->ctapi_functional_units = 0;
|
||||
for(i = 0; i < NumUnits; i++) {
|
||||
|
|
|
@ -243,7 +243,7 @@ openct_reader_connect(sc_reader_t *reader)
|
|||
}
|
||||
|
||||
if (rc == 0) {
|
||||
sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "openct_reader_connect recved no data\n");
|
||||
sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "openct_reader_connect received no data\n");
|
||||
return SC_ERROR_READER;
|
||||
}
|
||||
|
||||
|
|
|
@ -1399,7 +1399,7 @@ static int pcsc_detect_readers(sc_context_t *ctx)
|
|||
}
|
||||
if (rv == (LONG)SCARD_E_SHARING_VIOLATION) {
|
||||
/* Assume that there is a card in the reader in shared mode if
|
||||
* direct communcation failed */
|
||||
* direct communication failed */
|
||||
rv = gpriv->SCardConnect(gpriv->pcsc_ctx, reader->name,
|
||||
SCARD_SHARE_SHARED,
|
||||
SCARD_PROTOCOL_T0|SCARD_PROTOCOL_T1, &card_handle,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* sc-ossl-compat.h: OpenSC ecompatability for older OpenSSL versions
|
||||
* sc-ossl-compat.h: OpenSC compatibility for older OpenSSL versions
|
||||
*
|
||||
* Copyright (C) 2016 Douglas E. Engert <deengert@gmail.com>
|
||||
*
|
||||
|
@ -30,7 +30,7 @@ extern "C" {
|
|||
#include <openssl/opensslv.h>
|
||||
#include <openssl/opensslconf.h>
|
||||
/*
|
||||
* Provide backward compatability to older versions of OpenSSL
|
||||
* Provide backward compatibility to older versions of OpenSSL
|
||||
* while using most of OpenSSL 1.1 API
|
||||
*
|
||||
* LibreSSL is a fork of OpenSSL from 2014
|
||||
|
@ -51,7 +51,7 @@ extern "C" {
|
|||
*
|
||||
* EVP_CIPHER_CTX_new does a EVP_CIPHER_CTX_init
|
||||
* EVP_CIPHER_CTX_free does a EVP_CIPHER_CTX_cleanup
|
||||
* EVP_CIPHER_CTX_cleanup does equivelent of a EVP_CIPHER_CTX_init
|
||||
* EVP_CIPHER_CTX_cleanup does equivalent of a EVP_CIPHER_CTX_init
|
||||
* Use EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free, and EVP_CIPHER_CTX_cleanup between operations
|
||||
*/
|
||||
|
||||
|
|
|
@ -221,7 +221,7 @@ int sc_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data,
|
|||
* This function will copy a PIN, convert and pad it as required
|
||||
*
|
||||
* Note about the SC_PIN_ENCODING_GLP encoding:
|
||||
* PIN buffers are allways 16 nibbles (8 bytes) and look like this:
|
||||
* PIN buffers are always 16 nibbles (8 bytes) and look like this:
|
||||
* 0x2 + len + pin_in_BCD + paddingnibbles
|
||||
* in which the paddingnibble = 0xF
|
||||
* E.g. if PIN = 12345, then sbuf = {0x25, 0x12, 0x34, 0x5F, 0xFF, 0xFF, 0xFF, 0xFF}
|
||||
|
|
|
@ -303,7 +303,7 @@ struct sm_card_operations {
|
|||
/*
|
||||
* @struct sm_module_operations
|
||||
* API to use external SM modules:
|
||||
* - 'initiliaze' - get APDU(s) to initialize SM session;
|
||||
* - 'initialize' - get APDU(s) to initialize SM session;
|
||||
* - 'get apdus' - get secured APDUs to execute particular command;
|
||||
* - 'finalize' - get APDU(s) to finalize SM session;
|
||||
* - 'module init' - initialize external module (allocate data, read configuration, ...);
|
||||
|
@ -357,7 +357,7 @@ int sc_sm_update_apdu_response(struct sc_card *, unsigned char *, size_t, int, s
|
|||
int sc_sm_single_transmit(struct sc_card *, struct sc_apdu *);
|
||||
|
||||
/**
|
||||
* @brief Stops SM and frees allocated ressources.
|
||||
* @brief Stops SM and frees allocated resources.
|
||||
*
|
||||
* Calls \a card->sm_ctx.ops.close() if available and \c card->sm_ctx.sm_mode
|
||||
* is \c SM_MODE_TRANSMIT
|
||||
|
|
|
@ -223,11 +223,11 @@ static void logprintf(PCARD_DATA pCardData, int level, _Printf_format_string_ co
|
|||
{
|
||||
va_list arg;
|
||||
VENDOR_SPECIFIC *vs;
|
||||
/* Use a simplied log to get all messages including messages
|
||||
/* Use a simplified log to get all messages including messages
|
||||
* before opensc is loaded. The file must be modifiable by all
|
||||
* users as we maybe called under lsa or user. Note data from
|
||||
* multiple process and threads may get intermingled.
|
||||
* flush to get last message before ann crash
|
||||
* flush to get last message before any crash
|
||||
* close so as the file is not left open during any wait.
|
||||
*/
|
||||
DWORD md_debug = 0;
|
||||
|
@ -653,7 +653,7 @@ md_get_config_bool(PCARD_DATA pCardData, char *flag_name, BOOL ret_default)
|
|||
static BOOL
|
||||
md_is_pinpad_dlg_enable_cancel(PCARD_DATA pCardData)
|
||||
{
|
||||
logprintf(pCardData, 2, "Is cancelling the PIN pad dialog enableed?\n");
|
||||
logprintf(pCardData, 2, "Is cancelling the PIN pad dialog enabled?\n");
|
||||
return md_get_config_bool(pCardData, "md_pinpad_dlg_enable_cancel", FALSE);
|
||||
}
|
||||
|
||||
|
@ -815,7 +815,7 @@ md_contguid_build_cont_guid_from_key(PCARD_DATA pCardData, struct sc_pkcs15_obje
|
|||
DWORD dwret = SCARD_S_SUCCESS;
|
||||
|
||||
szGuid[0] = '\0';
|
||||
/* priorize the use of the key id over the key label as a container name */
|
||||
/* prioritize the use of the key id over the key label as a container name */
|
||||
if (md_is_guid_as_id(pCardData) && prkey_info->id.len > 0 && prkey_info->id.len <= MAX_CONTAINER_NAME_LEN) {
|
||||
memcpy(szGuid, prkey_info->id.value, prkey_info->id.len);
|
||||
szGuid[prkey_info->id.len] = 0;
|
||||
|
@ -1582,7 +1582,7 @@ md_fs_add_msroots(PCARD_DATA pCardData, struct md_file **head)
|
|||
* 2b. Change the index of internal p15_container according to the index from 'DATA' file.
|
||||
* Records from 'DATA' file are ignored is they do not have
|
||||
* the corresponding PKCS#15 private key object.
|
||||
* 3. Initalize the content of the 'soft' 'cmapfile' from the inernal p15-containers.
|
||||
* 3. Initialize the content of the 'soft' 'cmapfile' from the internal p15-containers.
|
||||
*/
|
||||
static DWORD
|
||||
md_set_cmapfile(PCARD_DATA pCardData, struct md_file *file)
|
||||
|
@ -1813,7 +1813,7 @@ md_set_cmapfile(PCARD_DATA pCardData, struct md_file *file)
|
|||
cont->id = prkey_info->id;
|
||||
cont->prkey_obj = prkey_objs[ii];
|
||||
|
||||
/* Try to find the friend objects: certficate and public key */
|
||||
/* Try to find the friend objects: certificate and public key */
|
||||
if (!sc_pkcs15_find_cert_by_id(vs->p15card, &cont->id, &cont->cert_obj))
|
||||
logprintf(pCardData, 2, "found certificate friend '%.*s'\n", (int) sizeof cont->cert_obj->label, cont->cert_obj->label);
|
||||
|
||||
|
@ -2674,7 +2674,7 @@ md_query_key_sizes(PCARD_DATA pCardData, DWORD dwKeySpec, CARD_KEY_SIZES *pKeySi
|
|||
pKeySizes->dwMaximumBitlen = 0;
|
||||
pKeySizes->dwIncrementalBitlen = 0;
|
||||
|
||||
/* dwKeySpec=0 is a special value when the key size is queried without specifing the algorithm.
|
||||
/* dwKeySpec=0 is a special value when the key size is queried without specifying the algorithm.
|
||||
Used on old minidriver version. In this case, it is RSA */
|
||||
if ((dwKeySpec == 0) || (dwKeySpec == AT_KEYEXCHANGE) || (dwKeySpec == AT_SIGNATURE)) {
|
||||
for (i = 0; i < count; i++) {
|
||||
|
@ -2981,7 +2981,7 @@ md_dialog_perform_pin_operation(PCARD_DATA pCardData, int operation, struct sc_p
|
|||
tc.dwFlags |= TDF_ALLOW_DIALOG_CANCELLATION;
|
||||
tc.dwCommonButtons = TDCBF_CANCEL_BUTTON;
|
||||
} else {
|
||||
/* can't use TDCBF_CANCEL_BUTTON since this would implicitely set TDF_ALLOW_DIALOG_CANCELLATION */
|
||||
/* can't use TDCBF_CANCEL_BUTTON since this would implicitly set TDF_ALLOW_DIALOG_CANCELLATION */
|
||||
tc.dwCommonButtons = TDCBF_CLOSE_BUTTON;
|
||||
}
|
||||
|
||||
|
@ -4383,7 +4383,7 @@ DWORD WINAPI CardRSADecrypt(__in PCARD_DATA pCardData,
|
|||
goto err;
|
||||
}
|
||||
|
||||
/* filter boggus input: the data to decrypt is shorter than the RSA key ? */
|
||||
/* filter bogus input: the data to decrypt is shorter than the RSA key ? */
|
||||
if ( pInfo->cbData < prkey_info->modulus_length / 8)
|
||||
{
|
||||
/* according to the minidriver specs, this is the error code to return
|
||||
|
@ -5362,8 +5362,8 @@ DWORD WINAPI CardDeriveKey(__in PCARD_DATA pCardData,
|
|||
if (pAgreementInfo->dwFlags & ~(KDF_USE_SECRET_AS_HMAC_KEY_FLAG | CARD_RETURN_KEY_HANDLE | CARD_BUFFER_SIZE_ONLY))
|
||||
return SCARD_E_INVALID_PARAMETER;
|
||||
|
||||
/* according to the documenation, CARD_DERIVE_KEY_CURRENT_VERSION should be equal to 2.
|
||||
In pratice it is not 2 but 1
|
||||
/* according to the documentation, CARD_DERIVE_KEY_CURRENT_VERSION should be equal to 2.
|
||||
In practice it is not 2 but 1
|
||||
|
||||
if ( pAgreementInfo->dwVersion < CARD_DERIVE_KEY_CURRENT_VERSION
|
||||
&& pCardData->dwVersion == CARD_DATA_CURRENT_VERSION)
|
||||
|
@ -5473,7 +5473,7 @@ DWORD WINAPI CardDeriveKey(__in PCARD_DATA pCardData,
|
|||
szAlgorithm = BCRYPT_SHA1_ALGORITHM;
|
||||
}
|
||||
|
||||
/* check the values with the KDF choosen */
|
||||
/* check the values with the KDF chosen */
|
||||
if (wcscmp(pAgreementInfo->pwszKDF, BCRYPT_KDF_HASH) == 0) {
|
||||
}
|
||||
else if (wcscmp(pAgreementInfo->pwszKDF, BCRYPT_KDF_HMAC) == 0) {
|
||||
|
@ -5924,7 +5924,7 @@ DWORD WINAPI CardGetContainerProperty(__in PCARD_DATA pCardData,
|
|||
if (bContainerIndex >= MD_MAX_KEY_CONTAINERS)
|
||||
return SCARD_E_NO_KEY_CONTAINER;
|
||||
|
||||
/* the test for the existence of containers is redondant with the one made in CardGetContainerInfo but CCP_PIN_IDENTIFIER does not do it */
|
||||
/* the test for the existence of containers is redundant with the one made in CardGetContainerInfo but CCP_PIN_IDENTIFIER does not do it */
|
||||
vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific);
|
||||
if (!vs)
|
||||
return SCARD_E_INVALID_PARAMETER;
|
||||
|
@ -6606,11 +6606,11 @@ DWORD WINAPI CardAcquireContext(__inout PCARD_DATA pCardData, __in DWORD dwFlags
|
|||
return SCARD_E_INVALID_PARAMETER;
|
||||
if (!(dwFlags & CARD_SECURE_KEY_INJECTION_NO_CARD_MODE)) {
|
||||
if( pCardData->hSCardCtx == 0) {
|
||||
logprintf(pCardData, 0, "Invalide handle.\n");
|
||||
logprintf(pCardData, 0, "Invalid handle.\n");
|
||||
return SCARD_E_INVALID_HANDLE;
|
||||
}
|
||||
if( pCardData->hScard == 0) {
|
||||
logprintf(pCardData, 0, "Invalide handle.\n");
|
||||
logprintf(pCardData, 0, "Invalid handle.\n");
|
||||
return SCARD_E_INVALID_HANDLE;
|
||||
}
|
||||
}
|
||||
|
@ -6624,7 +6624,7 @@ DWORD WINAPI CardAcquireContext(__inout PCARD_DATA pCardData, __in DWORD dwFlags
|
|||
return SCARD_E_INVALID_PARAMETER;
|
||||
if ( pCardData->pwszCardName == NULL )
|
||||
return SCARD_E_INVALID_PARAMETER;
|
||||
/* <2 lenght or >=0x22 are not ISO compliant */
|
||||
/* <2 length or >=0x22 are not ISO compliant */
|
||||
if (pCardData->cbAtr >= 0x22 || pCardData->cbAtr <= 0x2)
|
||||
return SCARD_E_INVALID_PARAMETER;
|
||||
/* ATR beginning by 0x00 or 0xFF are not ISO compliant */
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#include <winresrc.h>
|
||||
|
||||
#define IDC_STATIC -1
|
||||
/* defined twice: in ressource file and in source code */
|
||||
/* defined twice: in resource file and in source code */
|
||||
#define IDI_SMARTCARD 102
|
||||
|
||||
#ifndef __MINGW32__
|
||||
|
|
|
@ -1327,7 +1327,7 @@ _add_pin_related_objects(struct sc_pkcs11_slot *slot, struct sc_pkcs15_object *p
|
|||
pkcs15_add_object(slot, obj, NULL);
|
||||
}
|
||||
else {
|
||||
sc_log(context, "Slot:%p Object %d skeeped", slot, i);
|
||||
sc_log(context, "Slot:%p Object %d skipped", slot, i);
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -1366,7 +1366,7 @@ _add_public_objects(struct sc_pkcs11_slot *slot, struct pkcs15_fw_data *fw_data)
|
|||
if (obj->p15_object->flags & SC_PKCS15_CO_FLAG_PRIVATE)
|
||||
continue;
|
||||
/* PKCS#15 4.1.3 is a little vague, but implies if not PRIVATE it is readable
|
||||
* even if there is an auth_id to allow writting for example.
|
||||
* even if there is an auth_id to allow writing for example.
|
||||
* See bug issue #291
|
||||
* treat pubkey and cert as readable.a
|
||||
*/
|
||||
|
@ -2301,7 +2301,7 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile
|
|||
skey_info->key_type = key_type; /* PKCS#11 CKK_* */
|
||||
skey_info->data.value = args.key.data;
|
||||
skey_info->data.len = args.key.data_len;
|
||||
skey_info->value_len = args.value_len; /* callers prefered length */
|
||||
skey_info->value_len = args.value_len; /* callers preferred length */
|
||||
args.key.data = NULL;
|
||||
}
|
||||
else {
|
||||
|
@ -2640,7 +2640,7 @@ pkcs15_create_object(struct sc_pkcs11_slot *slot, CK_ATTRIBUTE_PTR pTemplate, CK
|
|||
/* TODO The previous code does not check for CKA_TOKEN=TRUE
|
||||
* PKCS#11 CreatObject examples always have it, but
|
||||
* PKCS#11 says the default is false.
|
||||
* for backward compatability, will default to TRUE
|
||||
* for backward compatibility, will default to TRUE
|
||||
*/
|
||||
/* Dont need profile id creating session only objects */
|
||||
if (_token == TRUE) {
|
||||
|
@ -3052,7 +3052,7 @@ pkcs15_skey_destroy(struct sc_pkcs11_session *session, void *object)
|
|||
return sc_to_cryptoki_error(rv, "C_DestroyObject");
|
||||
|
||||
/* Oppose to pkcs15_add_object */
|
||||
--any_obj->refcount; /* correct refcont */
|
||||
--any_obj->refcount; /* correct refcount */
|
||||
list_delete(&session->slot->objects, any_obj);
|
||||
/* Delete object in pkcs15 */
|
||||
rv = __pkcs15_delete_object(fw_data, any_obj);
|
||||
|
@ -3136,7 +3136,7 @@ pkcs15_any_destroy(struct sc_pkcs11_session *session, void *object)
|
|||
rv = sc_pkcs15init_delete_object(fw_data->p15_card, profile, obj->base.p15_object);
|
||||
if (rv >= 0) {
|
||||
/* Oppose to pkcs15_add_object */
|
||||
--any_obj->refcount; /* correct refcont */
|
||||
--any_obj->refcount; /* correct refcount */
|
||||
list_delete(&session->slot->objects, any_obj);
|
||||
/* Delete object in pkcs15 */
|
||||
rv = __pkcs15_delete_object(fw_data, any_obj);
|
||||
|
@ -3763,7 +3763,7 @@ pkcs15_prkey_sign(struct sc_pkcs11_session *session, void *obj,
|
|||
if (rv < 0 && !sc_pkcs11_conf.lock_login && !prkey_has_path) {
|
||||
/* If private key PKCS#15 object do not have 'path' attribute,
|
||||
* and if PKCS#11 login session is not locked,
|
||||
* the compute signature could fail because of concurent access to the card
|
||||
* the compute signature could fail because of concurrent access to the card
|
||||
* by other application that could change the current DF.
|
||||
* In this particular case try to 'reselect' application DF.
|
||||
*/
|
||||
|
@ -4935,7 +4935,7 @@ register_mechanisms(struct sc_pkcs11_card *p11card)
|
|||
|
||||
#ifdef ENABLE_OPENSSL
|
||||
/* all our software hashes are in OpenSSL */
|
||||
/* Only if card did not lists the hashs, will we
|
||||
/* Only if card did not list the hashes, will we
|
||||
* help it a little, by adding all the OpenSSL hashes
|
||||
* that have PKCS#11 mechanisms.
|
||||
*/
|
||||
|
|
|
@ -847,7 +847,7 @@ sc_pkcs11_deri(struct sc_pkcs11_session *session,
|
|||
/* Get the size of the data to be returned
|
||||
* If the card could derive a key an leave it on the card
|
||||
* then no data is returned.
|
||||
* If the card returns the data, we will store it in the sercet key CKA_VALUE
|
||||
* If the card returns the data, we will store it in the secret key CKA_VALUE
|
||||
*/
|
||||
|
||||
ulDataLen = 0;
|
||||
|
@ -867,7 +867,7 @@ sc_pkcs11_deri(struct sc_pkcs11_session *session,
|
|||
goto out;
|
||||
}
|
||||
|
||||
/* Now do the actuall derivation */
|
||||
/* Now do the actual derivation */
|
||||
|
||||
rv = operation->type->derive(operation, basekey,
|
||||
pMechanism->pParameter, pMechanism->ulParameterLen,
|
||||
|
|
|
@ -757,7 +757,7 @@ sc_pkcs11_init_lock(CK_C_INITIALIZE_ARGS_PTR args)
|
|||
/* Shall be used in threaded environment, must use operating system locking */
|
||||
global_locking = default_mutex_funcs;
|
||||
} else if (applock && !oslock) {
|
||||
/* Shall be used in threaded envirnoment, must use app provided locking */
|
||||
/* Shall be used in threaded environment, must use app provided locking */
|
||||
global_locking = args;
|
||||
} else if (!applock && !oslock) {
|
||||
/* Shall not be used in threaded environment, use operating system locking */
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
/* OpenSC specific extensions */
|
||||
/*
|
||||
* define OpenSC specific Vendor Defined extensions
|
||||
* to make unique OpenSC flags, attribures, mechanisms, etc.
|
||||
* to make unique OpenSC flags, attributes, mechanisms, etc.
|
||||
*
|
||||
* Netscape used NSSCK_VENDOR_NSS 0x4E534350 "NSCP"
|
||||
*/
|
||||
|
@ -13,7 +13,7 @@
|
|||
|
||||
/*
|
||||
* In PKCS#11 there is no CKA_ attribute dedicated to the NON-REPUDIATION flag.
|
||||
* We need this flag in PKCS#15/libopensc to make dinstinction between
|
||||
* We need this flag in PKCS#15/libopensc to make distinction between
|
||||
* 'signature' and 'qualified signature' key slots.
|
||||
*/
|
||||
#define CKA_OPENSC_NON_REPUDIATION (CKA_VENDOR_DEFINED | SC_VENDOR_DEFINED | 1UL)
|
||||
|
|
|
@ -61,7 +61,7 @@ CK_RV C_OpenSession(CK_SLOT_ID slotID, /* the slot's ID */
|
|||
if (rv != CKR_OK)
|
||||
goto out;
|
||||
|
||||
/* Check that no conflictions sessions exist */
|
||||
/* Check that no conflicting sessions exist */
|
||||
if (!(flags & CKF_RW_SESSION) && (slot->login_user == CKU_SO)) {
|
||||
rv = CKR_SESSION_READ_WRITE_SO_EXISTS;
|
||||
goto out;
|
||||
|
|
|
@ -50,7 +50,7 @@ static void *modhandle = NULL;
|
|||
/* Spy module output */
|
||||
static FILE *spy_output = NULL;
|
||||
|
||||
/* Inits the spy. If successfull, po != NULL */
|
||||
/* Inits the spy. If successful, po != NULL */
|
||||
static CK_RV
|
||||
init_spy(void)
|
||||
{
|
||||
|
@ -153,7 +153,7 @@ init_spy(void)
|
|||
|
||||
#ifdef _WIN32
|
||||
if (!spy_output) {
|
||||
/* try for the machine version first, as we may be runing
|
||||
/* try for the machine version first, as we may be running
|
||||
* without a user during login
|
||||
*/
|
||||
rc = RegOpenKeyEx( HKEY_LOCAL_MACHINE, "Software\\OpenSC Project\\PKCS11-Spy", 0, KEY_QUERY_VALUE, &hKey );
|
||||
|
@ -188,7 +188,7 @@ init_spy(void)
|
|||
module = getenv("PKCS11SPY");
|
||||
#ifdef _WIN32
|
||||
if (!module) {
|
||||
/* try for the machine version first, as we may be runing
|
||||
/* try for the machine version first, as we may be running
|
||||
* without a user during login
|
||||
*/
|
||||
rc = RegOpenKeyEx( HKEY_LOCAL_MACHINE, "Software\\OpenSC Project\\PKCS11-Spy",
|
||||
|
|
|
@ -850,7 +850,7 @@ _CK_DECLARE_FUNCTION (C_SetOperationState,
|
|||
unsigned char *operation_state,
|
||||
unsigned long operation_state_len,
|
||||
ck_object_handle_t encryption_key,
|
||||
ck_object_handle_t authentiation_key));
|
||||
ck_object_handle_t authentication_key));
|
||||
_CK_DECLARE_FUNCTION (C_Login,
|
||||
(ck_session_handle_t session, ck_user_type_t user_type,
|
||||
unsigned char *pin, unsigned long pin_len));
|
||||
|
|
|
@ -158,7 +158,7 @@ struct sc_pkcs11_framework_ops {
|
|||
CK_CHAR_PTR, CK_ULONG,
|
||||
CK_CHAR_PTR, CK_ULONG);
|
||||
/*
|
||||
* In future: functions to create new objects (ie. certificates, private keys)
|
||||
* In future: functions to create new objects (i.e. certificates, private keys)
|
||||
*/
|
||||
CK_RV (*init_token)(struct sc_pkcs11_slot *, void *,
|
||||
CK_UTF8CHAR_PTR, CK_ULONG,
|
||||
|
@ -219,7 +219,7 @@ struct sc_pkcs11_slot {
|
|||
sc_timestamp_t slot_state_expires;
|
||||
|
||||
int fw_data_idx; /* Index of framework data */
|
||||
struct sc_app_info *app_info; /* Application assosiated to slot */
|
||||
struct sc_app_info *app_info; /* Application associated to slot */
|
||||
list_t logins; /* tracks all calls to C_Login if atomic operations are requested */
|
||||
int flags;
|
||||
};
|
||||
|
|
|
@ -141,7 +141,7 @@ filesystem {
|
|||
# Private DES keys
|
||||
BSO private-des {
|
||||
size = 24; # 192 bits
|
||||
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
|
||||
# READ acl used instead of DECIPHER/ENCIPHER/CHECKSUM
|
||||
}
|
||||
|
||||
# Private data
|
||||
|
|
|
@ -10,7 +10,7 @@ cardinfo {
|
|||
pin-encoding = ascii-numeric;
|
||||
pin-pad-char = 0xFF;
|
||||
|
||||
# Delete or not the public key when inconporating the
|
||||
# Delete or not the public key when incorporating the
|
||||
# corresponding certificate.
|
||||
keep-public-key = yes; # yes/no
|
||||
}
|
||||
|
@ -138,7 +138,7 @@ filesystem {
|
|||
# Private DES keys
|
||||
BSO private-des {
|
||||
size = 24; # 192 bits
|
||||
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
|
||||
# READ acl used instead of DECIPHER/ENCIPHER/CHECKSUM
|
||||
}
|
||||
|
||||
# Private data
|
||||
|
|
|
@ -134,7 +134,7 @@ filesystem {
|
|||
# Private DES keys
|
||||
BSO private-des {
|
||||
size = 24; # 192 bits
|
||||
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
|
||||
# READ acl used instead of DECIPHER/ENCIPHER/CHECKSUM
|
||||
}
|
||||
|
||||
# Private data
|
||||
|
|
|
@ -52,7 +52,7 @@ PIN so-pin {
|
|||
reference = 2
|
||||
}
|
||||
|
||||
# CHV5 used for Oberthur's specifique access condition "PIN or SOPIN"
|
||||
# CHV5 used for Oberthur's specific access condition "PIN or SOPIN"
|
||||
# Any value for this pin can given, when the OpenSC tools are asking for.
|
||||
|
||||
# Additional filesystem info.
|
||||
|
|
|
@ -54,7 +54,7 @@ PIN so-pin {
|
|||
reference = 2
|
||||
}
|
||||
|
||||
# CHV5 used for Oberthur's specifique access condition "PIN or SOPIN"
|
||||
# CHV5 used for Oberthur's specific access condition "PIN or SOPIN"
|
||||
# Any value for this pin can given, when the OpenSC tools are asking for.
|
||||
|
||||
# Additional filesystem info.
|
||||
|
@ -141,7 +141,7 @@ filesystem {
|
|||
# Private DES keys
|
||||
BSO private-des {
|
||||
size = 24; # 192 bits
|
||||
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
|
||||
# READ acl used instead of DECIPHER/ENCIPHER/CHECKSUM
|
||||
}
|
||||
|
||||
# Private data
|
||||
|
|
|
@ -136,7 +136,7 @@ filesystem {
|
|||
# Private DES keys
|
||||
BSO private-des {
|
||||
size = 24; # 192 bits
|
||||
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
|
||||
# READ acl used instead of DECIPHER/ENCIPHER/CHECKSUM
|
||||
}
|
||||
|
||||
# Private data
|
||||
|
|
|
@ -54,7 +54,7 @@ PIN so-pin {
|
|||
reference = 2
|
||||
}
|
||||
|
||||
# CHV5 used for Oberthur's specifique access condition "PIN or SOPIN"
|
||||
# CHV5 used for Oberthur's specific access condition "PIN or SOPIN"
|
||||
# Any value for this pin can given, when the OpenSC tools are asking for.
|
||||
|
||||
# Additional filesystem info.
|
||||
|
@ -139,7 +139,7 @@ filesystem {
|
|||
# Private DES keys
|
||||
BSO private-des {
|
||||
size = 24; # 192 bits
|
||||
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
|
||||
# READ acl used instead of DECIPHER/ENCIPHER/CHECKSUM
|
||||
}
|
||||
|
||||
# Private data
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue