diff --git a/doc/files/files.html b/doc/files/files.html index ea5aa865..12684cd9 100644 --- a/doc/files/files.html +++ b/doc/files/files.html @@ -775,8 +775,8 @@ app application { builtin_emulators = emulators;

List of the builtin pkcs15 emulators to test - (Default: westcos, openpgp, infocamere, - starcert, tcos, esteid, itacns, postecert, + (Default: westcos, openpgp, + starcert, tcos, esteid, itacns, PIV-II, cac, gemsafeGPK, gemsafeV1, actalis, atrust-acos, tccardos, entersafe, pteid, oberthur, sc-hsm, dnie, gids, iasecc, jpki, diff --git a/doc/files/opensc.conf.5.xml.in b/doc/files/opensc.conf.5.xml.in index df908808..33ac08bb 100644 --- a/doc/files/opensc.conf.5.xml.in +++ b/doc/files/opensc.conf.5.xml.in @@ -1178,8 +1178,8 @@ app application { List of the builtin pkcs15 emulators to test - (Default: westcos, openpgp, infocamere, - starcert, tcos, esteid, itacns, postecert, + (Default: westcos, openpgp, + starcert, tcos, esteid, itacns, PIV-II, cac, gemsafeGPK, gemsafeV1, actalis, atrust-acos, tccardos, entersafe, pteid, oberthur, sc-hsm, dnie, gids, iasecc, jpki, diff --git a/etc/opensc.conf.example.in b/etc/opensc.conf.example.in index dc3b5bd8..3d54098f 100644 --- a/etc/opensc.conf.example.in +++ b/etc/opensc.conf.example.in @@ -904,7 +904,7 @@ app default { # enable_builtin_emulation = no; # # List of the builtin pkcs15 emulators to test - # Default: esteid, openpgp, tcos, starcert, itacns, infocamere, postecert, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II; + # Default: esteid, openpgp, tcos, starcert, itacns, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II; # builtin_emulators = openpgp; # additional settings per driver diff --git a/src/libopensc/Makefile.am b/src/libopensc/Makefile.am index e1e23cba..3044f675 100644 --- a/src/libopensc/Makefile.am +++ b/src/libopensc/Makefile.am @@ -51,8 +51,8 @@ libopensc_la_SOURCES_BASE = \ card-isoApplet.c card-masktech.c card-gids.c card-jpki.c \ card-npa.c \ \ - pkcs15-openpgp.c pkcs15-infocamere.c pkcs15-starcert.c \ - pkcs15-tcos.c pkcs15-esteid.c pkcs15-postecert.c pkcs15-gemsafeGPK.c \ + pkcs15-openpgp.c pkcs15-starcert.c \ + pkcs15-tcos.c pkcs15-esteid.c pkcs15-gemsafeGPK.c \ pkcs15-actalis.c pkcs15-atrust-acos.c pkcs15-tccardos.c pkcs15-piv.c \ pkcs15-cac.c pkcs15-esinit.c pkcs15-westcos.c pkcs15-pteid.c \ pkcs15-oberthur.c pkcs15-itacns.c pkcs15-gemsafeV1.c pkcs15-sc-hsm.c \ diff --git a/src/libopensc/Makefile.mak b/src/libopensc/Makefile.mak index c4982304..08b6d6f3 100644 --- a/src/libopensc/Makefile.mak +++ b/src/libopensc/Makefile.mak @@ -30,8 +30,8 @@ OBJECTS = \ card-masktech.obj card-gids.obj card-jpki.obj \ card-npa.obj \ \ - pkcs15-openpgp.obj pkcs15-infocamere.obj pkcs15-starcert.obj \ - pkcs15-tcos.obj pkcs15-esteid.obj pkcs15-postecert.obj pkcs15-gemsafeGPK.obj \ + pkcs15-openpgp.obj pkcs15-starcert.obj \ + pkcs15-tcos.obj pkcs15-esteid.obj pkcs15-gemsafeGPK.obj \ pkcs15-actalis.obj pkcs15-atrust-acos.obj pkcs15-tccardos.obj pkcs15-piv.obj \ pkcs15-cac.obj pkcs15-esinit.obj pkcs15-westcos.obj pkcs15-pteid.obj pkcs15-din-66291.obj \ pkcs15-oberthur.obj pkcs15-itacns.obj pkcs15-gemsafeV1.obj pkcs15-sc-hsm.obj \ diff --git a/src/libopensc/card-cardos.c b/src/libopensc/card-cardos.c index 3de45ffd..73b496d4 100644 --- a/src/libopensc/card-cardos.c +++ b/src/libopensc/card-cardos.c @@ -45,13 +45,6 @@ static struct sc_card_driver cardos_drv = { static const struct sc_atr_table cardos_atrs[] = { /* 4.0 */ { "3b:e2:00:ff:c1:10:31:fe:55:c8:02:9c", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL }, - /* Italian eID card, postecert */ - { "3b:e9:00:ff:c1:10:31:fe:55:00:64:05:00:c8:02:31:80:00:47", NULL, NULL, SC_CARD_TYPE_CARDOS_CIE_V1, 0, NULL }, - /* Italian eID card, infocamere */ - { "3b:fb:98:00:ff:c1:10:31:fe:55:00:64:05:20:47:03:31:80:00:90:00:f3", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL }, - /* Another Italian InfocamereCard */ - { "3b:fc:98:00:ff:c1:10:31:fe:55:c8:03:49:6e:66:6f:63:61:6d:65:72:65:28", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL }, - { "3b:f4:98:00:ff:c1:10:31:fe:55:4d:34:63:76:b4", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL}, /* cardos m4.2 and above */ { "3b:f2:18:00:ff:c1:0a:31:fe:55:c8:06:8a", "ff:ff:0f:ff:00:ff:00:ff:ff:00:00:00:00", NULL, SC_CARD_TYPE_CARDOS_M4_2, 0, NULL }, /* CardOS 4.4 */ diff --git a/src/libopensc/pkcs15-infocamere.c b/src/libopensc/pkcs15-infocamere.c deleted file mode 100644 index 6cb00d36..00000000 --- a/src/libopensc/pkcs15-infocamere.c +++ /dev/null @@ -1,816 +0,0 @@ -/* - * PKCS15 emulation layer for 1202, 1203 and 1400 Infocamere card. - * To see how this works, run p15dump on your Infocamere card. - * - * Copyright (C) 2005, Sirio Capizzi - * Copyright (C) 2004, Antonino Iacono - * Copyright (C) 2003, Olaf Kirch - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#if HAVE_CONFIG_H -#include "config.h" -#endif - -#include -#include -#include -#ifdef ENABLE_ZLIB -#include -#endif - -#include "common/compat_strlcpy.h" -#include "pkcs15.h" -#include "log.h" - -int sc_pkcs15emu_infocamere_init_ex(sc_pkcs15_card_t *, struct sc_aid *aid, - sc_pkcs15emu_opt_t *); - -static int (*set_security_env) (sc_card_t *, const sc_security_env_t *, - int); - -static int set_sec_env(sc_card_t * card, const sc_security_env_t * env, - int se_num) -{ - sc_security_env_t tenv = *env; - if (tenv.operation == SC_SEC_OPERATION_SIGN) - tenv.operation = SC_SEC_OPERATION_DECIPHER; - return set_security_env(card, &tenv, se_num); -} - -static int do_sign(sc_card_t * card, const u8 * in, size_t inlen, u8 * out, - size_t outlen) -{ - return card->ops->decipher(card, in, inlen, out, outlen); -} - -static void set_string(char **strp, const char *value) -{ - if (*strp) - free(*strp); - *strp = value ? strdup(value) : NULL; -} - -#if 1 -/* XXX: temporary copy of the old pkcs15emu functions, - * to be removed */ -static int sc_pkcs15emu_add_pin(sc_pkcs15_card_t *p15card, - const sc_pkcs15_id_t *id, const char *label, - const sc_path_t *path, int ref, int type, - unsigned int min_length, - unsigned int max_length, - int flags, int tries_left, const char pad_char, int obj_flags) -{ - sc_pkcs15_auth_info_t info; - sc_pkcs15_object_t obj; - - memset(&info, 0, sizeof(info)); - memset(&obj, 0, sizeof(obj)); - - info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; - info.auth_id = *id; - info.attrs.pin.min_length = min_length; - info.attrs.pin.max_length = max_length; - info.attrs.pin.stored_length = max_length; - info.attrs.pin.type = type; - info.attrs.pin.reference = ref; - info.attrs.pin.flags = flags; - info.attrs.pin.pad_char = pad_char; - info.tries_left = tries_left; - info.logged_in = SC_PIN_STATE_UNKNOWN; - - if (path) - info.path = *path; - if (type == SC_PKCS15_PIN_TYPE_BCD) - info.attrs.pin.stored_length /= 2; - - strlcpy(obj.label, label, sizeof(obj.label)); - obj.flags = obj_flags; - - return sc_pkcs15emu_add_pin_obj(p15card, &obj, &info); -} - -static int sc_pkcs15emu_add_prkey(sc_pkcs15_card_t *p15card, - const sc_pkcs15_id_t *id, - const char *label, - int type, unsigned int modulus_length, int usage, - const sc_path_t *path, int ref, - const sc_pkcs15_id_t *auth_id, int obj_flags) -{ - sc_pkcs15_prkey_info_t info; - sc_pkcs15_object_t obj; - - memset(&info, 0, sizeof(info)); - memset(&obj, 0, sizeof(obj)); - - info.id = *id; - info.modulus_length = modulus_length; - info.usage = usage; - info.native = 1; - info.key_reference = ref; - - if (path) - info.path = *path; - - obj.flags = obj_flags; - strlcpy(obj.label, label, sizeof(obj.label)); - if (auth_id != NULL) - obj.auth_id = *auth_id; - - return sc_pkcs15emu_add_rsa_prkey(p15card, &obj, &info); -} - -static int sc_pkcs15emu_add_cert(sc_pkcs15_card_t *p15card, - int type, int authority, const sc_path_t *path, - const sc_pkcs15_id_t *id, const char *label, int obj_flags) -{ - /* const char *label = "Certificate"; */ - sc_pkcs15_cert_info_t info; - sc_pkcs15_object_t obj; - - memset(&info, 0, sizeof(info)); - memset(&obj, 0, sizeof(obj)); - - info.id = *id; - info.authority = authority; - if (path) - info.path = *path; - - strlcpy(obj.label, label, sizeof(obj.label)); - obj.flags = obj_flags; - - return sc_pkcs15emu_add_x509_cert(p15card, &obj, &info); -} -#endif - -static int infocamere_1200_init(sc_pkcs15_card_t * p15card) -{ - const int prkey_usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; - const int authprkey_usage = SC_PKCS15_PRKEY_USAGE_SIGN - | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER - | SC_PKCS15_PRKEY_USAGE_ENCRYPT - | SC_PKCS15_PRKEY_USAGE_DECRYPT; - - sc_card_t *card = p15card->card; - sc_path_t path; - sc_pkcs15_id_t id, auth_id; - char serial[256]; - unsigned char certlen[2]; - int authority, change_sign = 0; - struct sc_pkcs15_cert_info cert_info; - struct sc_pkcs15_object cert_obj; - - const char *label = "User Non-repudiation Certificate"; - const char *calabel = "CA Certificate"; - const char *authlabel = "User Authentication Certificate"; - - const char *infocamere_cert_path[2] = { - "DF01C000", - "3F00000011111A02" - }; - - const char *infocamere_auth_certpath[2] = { - "11111A02", - "000011111B02" - }; - - const char *infocamere_cacert_path[2] = { - "DF01C008", - "000011114101" - }; - - const char *infocamere_auth_path[2] = { - "3F001111", - "3F0000001111" - }; - - const char *infocamere_nrepud_path[2] = { - "3F00DF01", - "3F0000001111" - }; - - const int infocamere_idpin_auth_obj[2] = { - 0x95, - 0x81 - }; - - const int infocamere_idpin_nrepud_obj[2] = { - 0x99, - 0x81 - }; - - const int infocamere_idprkey_auth_obj[2] = { - 0x9B, - 0x01 - }; - - const int infocamere_idprkey_nrepud_obj[2] = { - 0x84, - 0x01 - }; - - const char *authPIN = "Authentication PIN"; - const char *nonrepPIN = "Non-repudiation PIN"; - - const char *authPRKEY = "Authentication Key"; - const char *nonrepPRKEY = "Non repudiation Key"; - - const int flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE | - SC_PKCS15_PIN_FLAG_INITIALIZED | - SC_PKCS15_PIN_FLAG_NEEDS_PADDING; - - int r; - - unsigned char chn[8]; - size_t chn_len = sizeof chn; - sc_serial_number_t iccsn; - iccsn.len = sizeof iccsn.value; - - - r = sc_parse_ef_gdo(card, iccsn.value, &iccsn.len, chn, &chn_len); - if (r < 0) - return r; - - if (!iccsn.len || chn_len < 2 || chn_len > 8) { - return SC_ERROR_WRONG_CARD; - } - - sc_bin_to_hex(iccsn.value, iccsn.len, serial, sizeof(serial), 0); - - if (! - (chn[0] == 0x12 - && (chn[1] == 0x02 || chn[1] == 0x03))) { - /* Not Infocamere Card */ - return SC_ERROR_WRONG_CARD; - } - - set_string(&p15card->tokeninfo->serial_number, serial); - - if (chn[1] == 0x02) - set_string(&p15card->tokeninfo->label, "Infocamere 1202 Card"); - else { - set_string(&p15card->tokeninfo->label, "Infocamere 1203 Card"); - change_sign = 1; - } - - set_string(&p15card->tokeninfo->manufacturer_id, "Infocamere"); - - authority = 0; - - /* Get the authentication certificate length */ - - sc_format_path(infocamere_auth_certpath[chn[1]-2], &path); - - r = sc_select_file(card, &path, NULL); - - if (r >= 0) { - - sc_read_binary(card, 0, certlen, 2, 0); - - /* Now set the certificate offset/len */ - - path.index = 2; - path.count = (certlen[1] << 8) + certlen[0]; - - memset(&cert_info, 0, sizeof(cert_info)); - memset(&cert_obj, 0, sizeof(cert_obj)); - - sc_pkcs15_format_id("01", &cert_info.id); - cert_info.authority = authority; - cert_info.path = path; - strlcpy(cert_obj.label, authlabel, sizeof(cert_obj.label)); - cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE; - - r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); - if (r < 0) - return SC_ERROR_INTERNAL; - - /* XXX: the IDs for the key/pin in case of the 1203 type - * are wrong, therefore I disable them for now -- Nils */ - if (!change_sign) { - /* add authentication PIN */ - - sc_format_path(infocamere_auth_path[chn[1]-2], &path); - - sc_pkcs15_format_id("01", &id); - sc_pkcs15emu_add_pin(p15card, &id, - authPIN, &path, infocamere_idpin_auth_obj[chn[1]-2], - SC_PKCS15_PIN_TYPE_ASCII_NUMERIC, - 5, 8, flags, 3, 0, - SC_PKCS15_CO_FLAG_MODIFIABLE | SC_PKCS15_CO_FLAG_PRIVATE); - - /* add authentication private key */ - - auth_id.value[0] = 1; - auth_id.len = 1; - - sc_pkcs15emu_add_prkey(p15card, &id, - authPRKEY, - SC_PKCS15_TYPE_PRKEY_RSA, - 1024, authprkey_usage, - &path, infocamere_idprkey_auth_obj[chn[1]-2], - &auth_id, SC_PKCS15_CO_FLAG_PRIVATE); - } - - } - - /* Get the non-repudiation certificate length */ - - sc_format_path(infocamere_cert_path[chn[1]-2], &path); - - if (sc_select_file(card, &path, NULL) < 0) { - return SC_ERROR_INTERNAL; - } - - sc_read_binary(card, 0, certlen, 2, 0); - - /* Now set the certificate offset/len */ - path.index = 2; - path.count = (certlen[1] << 8) + certlen[0]; - - memset(&cert_info, 0, sizeof(cert_info)); - memset(&cert_obj, 0, sizeof(cert_obj)); - - sc_pkcs15_format_id("02", &cert_info.id); - - cert_info.authority = authority; - cert_info.path = path; - strlcpy(cert_obj.label, label, sizeof(cert_obj.label)); - cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE; - - r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); - if (r < 0) - return SC_ERROR_INTERNAL; - - /* Get the CA certificate length */ - - authority = 1; - - sc_format_path(infocamere_cacert_path[chn[1]-2], &path); - - r = sc_select_file(card, &path, NULL); - - if (r >= 0) { - size_t len; - - sc_read_binary(card, 0, certlen, 2, 0); - - len = (certlen[1] << 8) + certlen[0]; - - if (len != 0) { - /* Now set the certificate offset/len */ - path.index = 2; - path.count = len; - - memset(&cert_info, 0, sizeof(cert_info)); - memset(&cert_obj, 0, sizeof(cert_obj)); - - sc_pkcs15_format_id("03", &cert_info.id); - cert_info.authority = authority; - cert_info.path = path; - strlcpy(cert_obj.label, calabel, sizeof(cert_obj.label)); - cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE; - - r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); - if (r < 0) - return SC_ERROR_INTERNAL; - } - } - - /* add non repudiation PIN */ - - sc_format_path(infocamere_nrepud_path[chn[1]-2], &path); - - sc_pkcs15_format_id("02", &id); - sc_pkcs15emu_add_pin(p15card, &id, - nonrepPIN, &path, infocamere_idpin_nrepud_obj[chn[1]-2], - SC_PKCS15_PIN_TYPE_ASCII_NUMERIC, 5, 8, flags, 3, 0, - SC_PKCS15_CO_FLAG_MODIFIABLE | SC_PKCS15_CO_FLAG_PRIVATE); - - - /* add non repudiation private key */ - - auth_id.value[0] = 2; - auth_id.len = 1; - - sc_pkcs15emu_add_prkey(p15card, &id, nonrepPRKEY, - SC_PKCS15_TYPE_PRKEY_RSA, - 1024, prkey_usage, - &path, infocamere_idprkey_nrepud_obj[chn[1]-2], - &auth_id, SC_PKCS15_CO_FLAG_PRIVATE); - - - /* return to MF */ - sc_format_path("3F00", &path); - r = sc_select_file(card, &path, NULL); - if (r != SC_SUCCESS) - return r; - - if (change_sign) { - /* save old signature funcs */ - set_security_env = card->ops->set_security_env; - /* set new one */ - card->ops->set_security_env = set_sec_env; - card->ops->compute_signature = do_sign; - } - - return SC_SUCCESS; -} - -static int infocamere_1400_set_sec_env(struct sc_card *card, - const struct sc_security_env *env, - int se_num) -{ - int r; - - struct sc_security_env tenv = *env; - if (tenv.operation == SC_SEC_OPERATION_SIGN) - tenv.operation = SC_SEC_OPERATION_DECIPHER; - - if ((r = - card->ops->restore_security_env(card, 0x40)) == SC_SUCCESS) - return set_security_env(card, &tenv, se_num); - else - return r; -} - -#ifdef ENABLE_ZLIB - -static const u8 ATR_1400[] = -{ 0x3b, 0xfc, 0x98, 0x00, 0xff, 0xc1, 0x10, 0x31, 0xfe, 0x55, 0xc8, - 0x03, 0x49, 0x6e, 0x66, 0x6f, 0x63, 0x61, 0x6d, 0x65, 0x72, 0x65, - 0x28 -}; - -/* Loads certificates. - * Certificates are stored in a ZLib compressed form with - * a 4 byte header, so we extract, decompress and cache - * them. - */ -static int loadCertificate(sc_pkcs15_card_t * p15card, int i, - const char *certPath, const char *certLabel) -{ - unsigned char *compCert = NULL, *cert = NULL, size[2]; - unsigned long int compLen, len; - sc_pkcs15_cert_info_t cert_info; - sc_pkcs15_object_t cert_obj; - sc_path_t cpath; - sc_card_t *card = p15card->card; - sc_pkcs15_id_t id; - int r; - - memset(&cert_info, 0, sizeof(cert_info)); - memset(&cert_obj, 0, sizeof(cert_obj)); - - sc_format_path(certPath, &cpath); - - if (sc_select_file(card, &cpath, NULL) != SC_SUCCESS) - return SC_ERROR_WRONG_CARD; - - sc_read_binary(card, 2, size, 2, 0); - - compLen = (size[0] << 8) + size[1]; - compCert = malloc(compLen * sizeof(unsigned char)); - len = 4 * compLen; /*Approximation of the uncompressed size */ - cert = malloc(len * sizeof(unsigned char)); - if (!cert || !compCert) { - free(cert); - free(compCert); - return SC_ERROR_OUT_OF_MEMORY; - } - - sc_read_binary(card, 4, compCert, compLen, 0); - - if ((r = uncompress(cert, &len, compCert, compLen)) != Z_OK) { - sc_log(p15card->card->ctx, "Zlib error: %d", r); - return SC_ERROR_INTERNAL; - } - - cpath.index = 0; - cpath.count = len; - - sc_pkcs15_cache_file(p15card, &cpath, cert, len); - - id.len=1; - id.value[0] = i + 1; - - cert_info.id = id; - cert_info.path = cpath; - cert_info.authority = (i == 2); - - strlcpy(cert_obj.label, certLabel, sizeof(cert_obj.label)); - cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE; - - sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); - - return SC_SUCCESS; -} - - -static int infocamere_1400_init(sc_pkcs15_card_t * p15card) -{ - sc_card_t *card = p15card->card; - sc_path_t path; - sc_pkcs15_id_t id, auth_id; - unsigned char serial[16]; - int flags; - int r; - int hasAuthCert = 0; - - const char *certLabel[] = { "User Non-repudiation Certificate", - "User Authentication Certificate", - "CA Certificate" - }; - - const char *certPath[] = - { "300060000000", "300060000001", "300060000002" }; - - const char *pinLabel[] = - { "Non-repudiation PIN", "Authentication PIN" }; - int retries[] = { 3, -1 }; - - const char *keyPath[] = { "30004000001", "30004000002" }; - const char *keyLabel[] = - { "Non repudiation Key", "Authentication Key" }; - static int usage[] = { SC_PKCS15_PRKEY_USAGE_NONREPUDIATION, - SC_PKCS15_PRKEY_USAGE_SIGN - | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER - | SC_PKCS15_PRKEY_USAGE_ENCRYPT - | SC_PKCS15_PRKEY_USAGE_DECRYPT - }; - - auth_id.len = 1; - id.len = 1; - - /* OpenSC doesn't define constants to identify BSOs for - * restoring security environment, so we overload - * the set_security_env function to support restore_sec_env */ - set_security_env = card->ops->set_security_env; - card->ops->set_security_env = infocamere_1400_set_sec_env; - card->ops->compute_signature = do_sign; - p15card->opts.use_file_cache = 1; - - sc_format_path("30000001", &path); - - r = sc_select_file(card, &path, NULL); - - if (r != SC_SUCCESS) - return SC_ERROR_WRONG_CARD; - - sc_read_binary(card, 15, serial, 15, 0); - serial[15] = '\0'; - - set_string(&p15card->tokeninfo->serial_number, (char *)serial); - set_string(&p15card->tokeninfo->label, "Infocamere 1400 Card"); - set_string(&p15card->tokeninfo->manufacturer_id, "Infocamere"); - - if ((r = loadCertificate(p15card, 0, certPath[0], certLabel[0])) != - SC_SUCCESS) { - sc_log(p15card->card->ctx, "%s", sc_strerror(r)); - return SC_ERROR_WRONG_CARD; - } - - hasAuthCert = - loadCertificate(p15card, 1, certPath[1], - certLabel[1]) == SC_SUCCESS; - loadCertificate(p15card, 2, certPath[2], certLabel[2]); - - flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE | - SC_PKCS15_PIN_FLAG_INITIALIZED | - SC_PKCS15_PIN_FLAG_NEEDS_PADDING; - - /* adding PINs & private keys */ - - sc_format_path("30004000", &path); - id.value[0] = 1; - - sc_pkcs15emu_add_pin(p15card, &id, - pinLabel[0], &path, 1, - SC_PKCS15_PIN_TYPE_ASCII_NUMERIC, - 5, 8, flags, retries[0], 0, - SC_PKCS15_CO_FLAG_MODIFIABLE | - SC_PKCS15_CO_FLAG_PRIVATE); - - sc_format_path(keyPath[0], &path); - auth_id.value[0] = 1; - sc_pkcs15emu_add_prkey(p15card, &id, - keyLabel[0], - SC_PKCS15_TYPE_PRKEY_RSA, - 1024, usage[0], - &path, 1, - &auth_id, SC_PKCS15_CO_FLAG_PRIVATE); - - - if (hasAuthCert) { - sc_format_path("30004000", &path); - id.value[0] = 2; - - sc_pkcs15emu_add_pin(p15card, &id, - pinLabel[1], &path, 2, - SC_PKCS15_PIN_TYPE_ASCII_NUMERIC, - 5, 8, flags, retries[1], 0, - SC_PKCS15_CO_FLAG_MODIFIABLE | - SC_PKCS15_CO_FLAG_PRIVATE); - - sc_format_path(keyPath[1], &path); - auth_id.value[0] = 2; - sc_pkcs15emu_add_prkey(p15card, &id, - keyLabel[1], - SC_PKCS15_TYPE_PRKEY_RSA, - 1024, usage[1], - &path, 2, - &auth_id, - SC_PKCS15_CO_FLAG_PRIVATE); - } - - /* return to MF */ - sc_format_path("3F00", &path); - r = sc_select_file(card, &path, NULL); - return r; -} - -#endif - -static const u8 ATR_1600[] = { 0x3B, 0xF4, 0x98, 0x00, 0xFF, 0xC1, 0x10, - 0x31, 0xFE, 0x55, 0x4D, 0x34, 0x63, 0x76, 0xB4 -}; - -static int infocamere_1600_init(sc_pkcs15_card_t * p15card) -{ - sc_card_t *card = p15card->card; - sc_path_t path; - sc_pkcs15_id_t id, auth_id; - unsigned char serial[17]; - int flags; - int r; - int hasAuthCert = 0; - - const char *certLabel[] = { "User Non-repudiation Certificate", - "User Authentication Certificate" - }; - - const char *certPath[] = { "200020010008", "20002001000E" }; - - const char *pinLabel[] = - { "Non-repudiation PIN", "Authentication PIN" }; - int retries[] = { 3, -1 }; - - const char *keyPath[] = { "200020010004", "20002001000A" }; - const char *keyLabel[] = - { "Non repudiation Key", "Authentication Key" }; - static int usage[] = { SC_PKCS15_PRKEY_USAGE_NONREPUDIATION, - SC_PKCS15_PRKEY_USAGE_SIGN - | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER - | SC_PKCS15_PRKEY_USAGE_ENCRYPT - | SC_PKCS15_PRKEY_USAGE_DECRYPT - }; - - auth_id.len = 1; - id.len = 1; - - /* OpenSC doesn't define constants to identify BSOs for - * restoring security environment, so we overload - * the set_security_env function to support restore_sec_env */ - set_security_env = card->ops->set_security_env; - card->ops->set_security_env = infocamere_1400_set_sec_env; - card->ops->compute_signature = do_sign; - - sc_format_path("200020012002", &path); - - r = sc_select_file(card, &path, NULL); - - if (r != SC_SUCCESS) - return SC_ERROR_WRONG_CARD; - - sc_read_binary(card, 30, serial, 16, 0); - serial[16] = '\0'; - - set_string(&p15card->tokeninfo->serial_number, (char *) serial); - set_string(&p15card->tokeninfo->label, "Infocamere 1600 Card"); - set_string(&p15card->tokeninfo->manufacturer_id, "Infocamere"); - - /* Adding certificates. - * Certificates are stored in a ZLib compressed form with - * a 4 byte header, so we extract, decompress and cache - * them. - */ - sc_format_path(certPath[0], &path); - if (sc_select_file(card, &path, NULL) != SC_SUCCESS) - return SC_ERROR_WRONG_CARD; - - id.value[0] = 1; - - sc_pkcs15emu_add_cert(p15card, - SC_PKCS15_TYPE_CERT_X509, 0, - &path, &id, certLabel[0], - SC_PKCS15_CO_FLAG_MODIFIABLE); - - sc_format_path(certPath[1], &path); - if (sc_select_file(card, &path, NULL) == SC_SUCCESS) { - hasAuthCert = 1; - - id.value[0] = 2; - - sc_pkcs15emu_add_cert(p15card, - SC_PKCS15_TYPE_CERT_X509, 1, - &path, &id, certLabel[1], - SC_PKCS15_CO_FLAG_MODIFIABLE); - } - - flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE | - SC_PKCS15_PIN_FLAG_INITIALIZED | - SC_PKCS15_PIN_FLAG_NEEDS_PADDING; - - /* adding PINs & private keys */ - sc_format_path("2000", &path); - id.value[0] = 1; - - sc_pkcs15emu_add_pin(p15card, &id, - pinLabel[0], &path, 1, - SC_PKCS15_PIN_TYPE_ASCII_NUMERIC, - 5, 8, flags, retries[0], 0, - SC_PKCS15_CO_FLAG_MODIFIABLE | - SC_PKCS15_CO_FLAG_PRIVATE); - - sc_format_path(keyPath[0], &path); - auth_id.value[0] = 1; - sc_pkcs15emu_add_prkey(p15card, &id, - keyLabel[0], - SC_PKCS15_TYPE_PRKEY_RSA, - 1024, usage[0], - &path, 1, - &auth_id, SC_PKCS15_CO_FLAG_PRIVATE); - - if (hasAuthCert) { - id.value[0] = 2; - - sc_pkcs15emu_add_pin(p15card, &id, - pinLabel[1], &path, 2, - SC_PKCS15_PIN_TYPE_ASCII_NUMERIC, - 5, 8, flags, retries[1], 0, - SC_PKCS15_CO_FLAG_MODIFIABLE | - SC_PKCS15_CO_FLAG_PRIVATE); - - sc_format_path(keyPath[1], &path); - auth_id.value[0] = 2; - sc_pkcs15emu_add_prkey(p15card, &id, - keyLabel[1], - SC_PKCS15_TYPE_PRKEY_RSA, - 1024, usage[1], - &path, 2, - &auth_id, - SC_PKCS15_CO_FLAG_PRIVATE); - } - - /* return to MF */ - sc_format_path("3F00", &path); - sc_select_file(card, &path, NULL); - - return SC_SUCCESS; -} - -static int infocamere_detect_card(sc_pkcs15_card_t * p15card) -{ - sc_card_t *card = p15card->card; - - /* check if we have the correct card OS */ - if (strcmp(card->name, "STARCOS") - && strcmp(card->name, "CardOS M4")) - return SC_ERROR_WRONG_CARD; - return SC_SUCCESS; -} - -int sc_pkcs15emu_infocamere_init_ex(sc_pkcs15_card_t * p15card, - struct sc_aid *aid, - sc_pkcs15emu_opt_t * opts) -{ - - if (!(opts && opts->flags & SC_PKCS15EMU_FLAGS_NO_CHECK)) { - if (infocamere_detect_card(p15card)) - return SC_ERROR_WRONG_CARD; - } - - if (memcmp(p15card->card->atr.value, ATR_1600, sizeof(ATR_1600)) == 0) - return infocamere_1600_init(p15card); -#ifdef ENABLE_ZLIB - else if (memcmp(p15card->card->atr.value, ATR_1400, sizeof(ATR_1400)) == - 0) - return infocamere_1400_init(p15card); -#endif - else - return infocamere_1200_init(p15card); - -} diff --git a/src/libopensc/pkcs15-postecert.c b/src/libopensc/pkcs15-postecert.c deleted file mode 100644 index 04fcfb34..00000000 --- a/src/libopensc/pkcs15-postecert.c +++ /dev/null @@ -1,369 +0,0 @@ -/* - * PKCS15 emulation layer for Postecert and Cnipa card. - * To see how this works, run p15dump on your Postecert or Cnipa Card. - * - * Copyright (C) 2004, Antonino Iacono - * Copyright (C) 2003, Olaf Kirch - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#if HAVE_CONFIG_H -#include "config.h" -#endif - -#include -#include -#include - -#include "common/compat_strlcpy.h" -#include "internal.h" -#include "pkcs15.h" -#include "log.h" - -int sc_pkcs15emu_postecert_init_ex(sc_pkcs15_card_t *, struct sc_aid *, sc_pkcs15emu_opt_t *); - -static int (*set_security_env) (sc_card_t *, const sc_security_env_t *, int); - -static int set_sec_env(sc_card_t * card, const sc_security_env_t *env, - int se_num) -{ - sc_security_env_t tenv = *env; - if (tenv.operation == SC_SEC_OPERATION_SIGN) - tenv.operation = SC_SEC_OPERATION_DECIPHER; - return set_security_env(card, &tenv, se_num); -} - -static int do_sign(sc_card_t * card, const u8 * in, size_t inlen, u8 * out, - size_t outlen) -{ - return card->ops->decipher(card, in, inlen, out, outlen); -} - -static void set_string(char **strp, const char *value) -{ - if (*strp) - free(*strp); - *strp = value ? strdup(value) : NULL; -} - -#if 1 -/* XXX: temporary copy of the old pkcs15emu functions, - * to be removed */ -static int sc_pkcs15emu_add_pin(sc_pkcs15_card_t *p15card, - const sc_pkcs15_id_t *id, const char *label, - const sc_path_t *path, int ref, int type, - unsigned int min_length, - unsigned int max_length, - int flags, int tries_left, const char pad_char, int obj_flags) -{ - sc_pkcs15_auth_info_t info; - sc_pkcs15_object_t obj; - - memset(&info, 0, sizeof(info)); - memset(&obj, 0, sizeof(obj)); - - info.auth_id = *id; - info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; - info.attrs.pin.min_length = min_length; - info.attrs.pin.max_length = max_length; - info.attrs.pin.stored_length = max_length; - info.attrs.pin.type = type; - info.attrs.pin.reference = ref; - info.attrs.pin.flags = flags; - info.attrs.pin.pad_char = pad_char; - info.tries_left = tries_left; - info.logged_in = SC_PIN_STATE_UNKNOWN; - - if (path) - info.path = *path; - if (type == SC_PKCS15_PIN_TYPE_BCD) - info.attrs.pin.stored_length /= 2; - - strlcpy(obj.label, label, sizeof(obj.label)); - obj.flags = obj_flags; - - return sc_pkcs15emu_add_pin_obj(p15card, &obj, &info); -} - -static int sc_pkcs15emu_add_prkey(sc_pkcs15_card_t *p15card, - const sc_pkcs15_id_t *id, - const char *label, - int type, unsigned int modulus_length, int usage, - const sc_path_t *path, int ref, - const sc_pkcs15_id_t *auth_id, int obj_flags) -{ - sc_pkcs15_prkey_info_t info; - sc_pkcs15_object_t obj; - - memset(&info, 0, sizeof(info)); - memset(&obj, 0, sizeof(obj)); - - info.id = *id; - info.modulus_length = modulus_length; - info.usage = usage; - info.native = 1; - info.key_reference = ref; - - if (path) - info.path = *path; - - obj.flags = obj_flags; - strlcpy(obj.label, label, sizeof(obj.label)); - if (auth_id != NULL) - obj.auth_id = *auth_id; - - return sc_pkcs15emu_add_rsa_prkey(p15card, &obj, &info); -} - -static int sc_pkcs15emu_add_cert(sc_pkcs15_card_t *p15card, - int type, int authority, const sc_path_t *path, - const sc_pkcs15_id_t *id, const char *label, int obj_flags) -{ - /* const char *label = "Certificate"; */ - sc_pkcs15_cert_info_t info; - sc_pkcs15_object_t obj; - - memset(&info, 0, sizeof(info)); - memset(&obj, 0, sizeof(obj)); - - info.id = *id; - info.authority = authority; - if (path) - info.path = *path; - - strlcpy(obj.label, label, sizeof(obj.label)); - obj.flags = obj_flags; - - return sc_pkcs15emu_add_x509_cert(p15card, &obj, &info); -} -#endif - -static int sc_pkcs15emu_postecert_init(sc_pkcs15_card_t * p15card) -{ - static int prkey_usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; - static int authprkey_usage = SC_PKCS15_PRKEY_USAGE_SIGN - | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER - | SC_PKCS15_PRKEY_USAGE_ENCRYPT - | SC_PKCS15_PRKEY_USAGE_DECRYPT; - - sc_card_t *card = p15card->card; - sc_path_t path; - sc_pkcs15_id_t id, auth_id; - unsigned char certlen[2]; - unsigned char *certi = NULL; - int index_cert[4]; - int count_cert[4]; - int flags; - int authority; - size_t i, count; - int r; - int o = 0; - - const char *label = "User Non-repudiation Certificate"; - const char *calabel = "CA Certificate"; - const char *catmslabel = "CA TimeStamper Certificate"; - const char *authlabel = "User Authentication Certificate"; - - const char *postecert_auth_cert_path = "504B0001"; - - const char *authPIN = "Authentication PIN"; - const char *nonrepPIN = "Non-repudiation PIN"; - - const char *authPRKEY = "Authentication Key"; - const char *nonrepPRKEY = "Non repudiation Key"; - - memset(index_cert, 0, sizeof(index_cert)); - memset(count_cert, 0, sizeof(count_cert)); - - /* Get the non-repudiation certificate length */ - sc_format_path(postecert_auth_cert_path, &path); - - if (sc_select_file(card, &path, NULL) < 0) { - r = SC_ERROR_WRONG_CARD; - goto failed; - } - - set_string(&p15card->tokeninfo->label, "Postecert & Cnipa Card"); - set_string(&p15card->tokeninfo->manufacturer_id, "Postecert"); - set_string(&p15card->tokeninfo->serial_number, "0000"); - - sc_read_binary(card, 0, certlen, 2, 0); - - /* Now set the certificate offset/len */ - count = (certlen[0] << 8) + certlen[1]; - if (count < 256) - return SC_ERROR_INTERNAL; - - certi = malloc(count); - - if (!certi) - return SC_ERROR_OUT_OF_MEMORY; - - sc_read_binary(card, 0, certi, count - 500, 0); - - for (i = 2; i < (count - 256); i++) { - /* this file contain more than one certificate */ - if (*(certi + i) == 0x30 && *(certi + i + 1) == 0x82 - && *(certi + i + 4) == 0x30 && *(certi + i + 5) == 0x82 - && *(certi + i + 2) > 1 && *(certi + i + 2) < 8 - && *(certi + i + 6) <= *(certi + i + 2)) { - index_cert[o] = i; - count_cert[o] = - (*(certi + i + 2) << 8) + *(certi + i + 3) + 4; - o++; - if (o >= 4) - break; - i += (*(certi + i + 2) << 8) + *(certi + i + 3); - } - } - - free(certi); - - path.index = index_cert[0]; - path.count = count_cert[0]; - - id.value[0] = 1; - id.len = 1; - - authority = 1; - - sc_pkcs15emu_add_cert(p15card, - SC_PKCS15_TYPE_CERT_X509, authority, - &path, &id, calabel, SC_PKCS15_CO_FLAG_MODIFIABLE); - - path.index = index_cert[1]; - path.count = count_cert[1]; - - id.value[0] = 2; - id.len = 1; - - authority = 1; - - sc_pkcs15emu_add_cert(p15card, - SC_PKCS15_TYPE_CERT_X509, authority, - &path, &id, catmslabel, SC_PKCS15_CO_FLAG_MODIFIABLE); - - path.index = index_cert[2]; - path.count = count_cert[2]; - - id.value[0] = 3; - id.len = 1; - - authority = 0; - - sc_pkcs15emu_add_cert(p15card, - SC_PKCS15_TYPE_CERT_X509, authority, - &path, &id, label, SC_PKCS15_CO_FLAG_MODIFIABLE); - - path.index = index_cert[3]; - path.count = count_cert[3]; - - id.value[0] = 4; - id.len = 1; - - sc_pkcs15emu_add_cert(p15card, - SC_PKCS15_TYPE_CERT_X509, authority, - &path, &id, authlabel, SC_PKCS15_CO_FLAG_MODIFIABLE); - - - flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE | - SC_PKCS15_PIN_FLAG_INITIALIZED | SC_PKCS15_PIN_FLAG_NEEDS_PADDING; - - /* add authentication PIN */ - sc_format_path("3F00504B", &path); - id.value[0] = 1; - sc_pkcs15emu_add_pin(p15card, &id, - authPIN, &path, 0x82, - SC_PKCS15_PIN_TYPE_ASCII_NUMERIC, - 6, 14, flags, 3, 0, - SC_PKCS15_CO_FLAG_MODIFIABLE | - SC_PKCS15_CO_FLAG_PRIVATE); - - /* add authentication private key */ - id.value[0] = 4; - auth_id.value[0] = 1; - auth_id.len = 1; - sc_pkcs15emu_add_prkey(p15card, &id, - authPRKEY, - SC_PKCS15_TYPE_PRKEY_RSA, - 1024, authprkey_usage, - &path, 0x06, &auth_id, SC_PKCS15_CO_FLAG_PRIVATE); - - /* add non repudiation PIN */ - sc_format_path("3F00504B", &path); - id.value[0] = 2; - sc_pkcs15emu_add_pin(p15card, &id, - nonrepPIN, &path, 0x82, - SC_PKCS15_PIN_TYPE_ASCII_NUMERIC, - 6, 14, flags, 3, 0, - SC_PKCS15_CO_FLAG_MODIFIABLE | - SC_PKCS15_CO_FLAG_PRIVATE); - - - /* add non repudiation private key */ - id.value[0] = 3; - auth_id.value[0] = 2; - sc_pkcs15emu_add_prkey(p15card, &id, - nonrepPRKEY, - SC_PKCS15_TYPE_PRKEY_RSA, - 1024, prkey_usage, - &path, 0x01, &auth_id, SC_PKCS15_CO_FLAG_PRIVATE); - - /* return to MF */ - sc_format_path("3F00", &path); - r = sc_select_file(card, &path, NULL); - if (r != SC_SUCCESS) - return r; - - { - /* save old signature funcs */ - set_security_env = card->ops->set_security_env; - /* set new one */ - card->ops->set_security_env = set_sec_env; - card->ops->compute_signature = do_sign; - } - return 0; - -failed: - sc_log(card->ctx, - "Failed to initialize Postecert and Cnipa emulation: %s\n", - sc_strerror(r)); - return r; -} - -static int postecert_detect_card(sc_pkcs15_card_t * p15card) -{ - sc_card_t *card = p15card->card; - - /* check if we have the correct card OS */ - if (strcmp(card->name, "CardOS M4")) - return SC_ERROR_WRONG_CARD; - return SC_SUCCESS; -} - -int sc_pkcs15emu_postecert_init_ex(sc_pkcs15_card_t * p15card, - struct sc_aid *aid, - sc_pkcs15emu_opt_t * opts) -{ - if (opts && opts->flags & SC_PKCS15EMU_FLAGS_NO_CHECK) - return sc_pkcs15emu_postecert_init(p15card); - else { - int r = postecert_detect_card(p15card); - if (r) - return SC_ERROR_WRONG_CARD; - return sc_pkcs15emu_postecert_init(p15card); - } -} diff --git a/src/libopensc/pkcs15-pubkey.c b/src/libopensc/pkcs15-pubkey.c index ec79d97e..775ba0a5 100644 --- a/src/libopensc/pkcs15-pubkey.c +++ b/src/libopensc/pkcs15-pubkey.c @@ -1625,7 +1625,7 @@ sc_pkcs15_convert_pubkey(struct sc_pkcs15_pubkey *pkcs15_key, void *evp_key) X = BN_new(); Y = BN_new(); if (X && Y && EC_KEY_get0_group(eckey)) - r = EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(eckey), + r = EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(eckey), point, X, Y, NULL); if (r == 1) { dst->xy.len = BN_num_bytes(X) + BN_num_bytes(Y); diff --git a/src/libopensc/pkcs15-syn.c b/src/libopensc/pkcs15-syn.c index ab71dcdb..3f15eeb7 100644 --- a/src/libopensc/pkcs15-syn.c +++ b/src/libopensc/pkcs15-syn.c @@ -37,12 +37,10 @@ struct sc_pkcs15_emulator_handler builtin_emulators[] = { { "westcos", sc_pkcs15emu_westcos_init_ex }, { "openpgp", sc_pkcs15emu_openpgp_init_ex }, - { "infocamere", sc_pkcs15emu_infocamere_init_ex }, { "starcert", sc_pkcs15emu_starcert_init_ex }, { "tcos", sc_pkcs15emu_tcos_init_ex }, { "esteid", sc_pkcs15emu_esteid_init_ex }, { "itacns", sc_pkcs15emu_itacns_init_ex }, - { "postecert", sc_pkcs15emu_postecert_init_ex }, { "PIV-II", sc_pkcs15emu_piv_init_ex }, { "cac", sc_pkcs15emu_cac_init_ex }, { "gemsafeGPK", sc_pkcs15emu_gemsafeGPK_init_ex }, diff --git a/src/libopensc/pkcs15-syn.h b/src/libopensc/pkcs15-syn.h index 202711d0..9944d27e 100644 --- a/src/libopensc/pkcs15-syn.h +++ b/src/libopensc/pkcs15-syn.h @@ -31,11 +31,9 @@ extern "C" { int sc_pkcs15emu_westcos_init_ex(sc_pkcs15_card_t *p15card, struct sc_aid *, sc_pkcs15emu_opt_t *opts); int sc_pkcs15emu_openpgp_init_ex(sc_pkcs15_card_t *, struct sc_aid *, sc_pkcs15emu_opt_t *); -int sc_pkcs15emu_infocamere_init_ex(sc_pkcs15_card_t *, struct sc_aid *, sc_pkcs15emu_opt_t *); int sc_pkcs15emu_starcert_init_ex(sc_pkcs15_card_t *, struct sc_aid *, sc_pkcs15emu_opt_t *); int sc_pkcs15emu_tcos_init_ex(sc_pkcs15_card_t *, struct sc_aid *, sc_pkcs15emu_opt_t *); int sc_pkcs15emu_esteid_init_ex(sc_pkcs15_card_t *, struct sc_aid *, sc_pkcs15emu_opt_t *); -int sc_pkcs15emu_postecert_init_ex(sc_pkcs15_card_t *, struct sc_aid *, sc_pkcs15emu_opt_t *); int sc_pkcs15emu_piv_init_ex(sc_pkcs15_card_t *p15card, struct sc_aid *, sc_pkcs15emu_opt_t *opts); int sc_pkcs15emu_cac_init_ex(sc_pkcs15_card_t *p15card, struct sc_aid *, sc_pkcs15emu_opt_t *opts); int sc_pkcs15emu_gemsafeGPK_init_ex(sc_pkcs15_card_t *p15card, struct sc_aid *, sc_pkcs15emu_opt_t *opts); diff --git a/src/libopensc/sc-ossl-compat.h b/src/libopensc/sc-ossl-compat.h index 09e7dca0..60da619e 100644 --- a/src/libopensc/sc-ossl-compat.h +++ b/src/libopensc/sc-ossl-compat.h @@ -77,6 +77,11 @@ extern "C" { #define OPENSSL_malloc_init() #endif +#if OPENSSL_VERSION_NUMBER >= 0x30000000L +#define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coordinates +#define EC_POINT_set_affine_coordinates_GFp EC_POINT_set_affine_coordinates +#endif + /* * OpenSSL-1.1.0-pre5 has hidden the RSA and DSA structures * One can no longer use statements like rsa->n = ... diff --git a/src/pkcs11/openssl.c b/src/pkcs11/openssl.c index b24db41d..8233746d 100644 --- a/src/pkcs11/openssl.c +++ b/src/pkcs11/openssl.c @@ -32,6 +32,7 @@ #if OPENSSL_VERSION_NUMBER >= 0x10000000L #include #include /* for OPENSSL_NO_* */ +#include "libopensc/sc-ossl-compat.h" #ifndef OPENSSL_NO_EC #include #endif /* OPENSSL_NO_EC */ @@ -401,7 +402,7 @@ static CK_RV gostr3410_verify_data(const unsigned char *pubkey, unsigned int pub ASN1_OCTET_STRING_free(octet); P = EC_POINT_new(group); if (P && X && Y) - r = EC_POINT_set_affine_coordinates_GFp(group, + r = EC_POINT_set_affine_coordinates_GFp(group, P, X, Y, NULL); BN_free(X); BN_free(Y); diff --git a/src/tools/piv-tool.c b/src/tools/piv-tool.c index aee4fdeb..b95d1568 100644 --- a/src/tools/piv-tool.c +++ b/src/tools/piv-tool.c @@ -33,7 +33,6 @@ /* Module only built if OPENSSL is enabled */ #include -#include "libopensc/sc-ossl-compat.h" #if OPENSSL_VERSION_NUMBER >= 0x10000000L #include #include @@ -57,6 +56,7 @@ #include "libopensc/cardctl.h" #include "libopensc/asn1.h" #include "util.h" +#include "libopensc/sc-ossl-compat.h" static const char *app_name = "piv-tool"; diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 8bf99a52..fe1667d5 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -36,7 +36,6 @@ #ifdef ENABLE_OPENSSL #include -#include "libopensc/sc-ossl-compat.h" #if OPENSSL_VERSION_NUMBER >= 0x10000000L #include #include @@ -62,6 +61,7 @@ #include "common/compat_strlcat.h" #include "common/compat_strlcpy.h" #include "util.h" +#include "libopensc/sc-ossl-compat.h" #ifdef _WIN32 #ifndef STDOUT_FILENO diff --git a/win32/Make.rules.mak b/win32/Make.rules.mak index 18ac1ff6..b6759e57 100644 --- a/win32/Make.rules.mak +++ b/win32/Make.rules.mak @@ -79,7 +79,7 @@ CANDLEFLAGS = -dOpenSSL="$(OPENSSL_DIR)" $(CANDLEFLAGS) !ENDIF -# If you want support for zlib (Used for PIV, infocamere and actalis): +# If you want support for zlib (Used for PIV and actalis): # - Download zlib-dll and # - uncomment the line starting with ZLIB_DEF # - set the ZLIB_INCL_DIR below to the zlib include lib proceeded by "/I"