*** empty log message ***
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@306 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
e280d2f444
commit
8efe36617c
7
NEWS
7
NEWS
|
@ -1,5 +1,12 @@
|
|||
NEWS for OpenSC -- History of user visible changes
|
||||
|
||||
New in 0.6.0; 2002-03-13; Juha Yrjölä:
|
||||
* Many, many new features -- too many to list here
|
||||
* New cards supported: Gemplus GPK family, TCOS 2.0, MioCOS
|
||||
* Implemented a card reader abstraction layer
|
||||
* PKCS #15 generation rewritten by Olaf Kirch. So far generation
|
||||
is supported only on GPK and Cryptoflex.
|
||||
|
||||
New in 0.5.0; 2002-01-24; Juha Yrjölä:
|
||||
* PKCS #15 generation support
|
||||
* PKCS #11 module almost completely rewritten
|
||||
|
|
|
@ -1,14 +1,10 @@
|
|||
|
||||
Steps for your OpenSSH pleasure:
|
||||
teps for your OpenSSH pleasure:
|
||||
|
||||
- Download, compile and install openssl (http://www.openssl.org)
|
||||
- Download OpenSSH 3.0.2p1 (http://www.openssh.com)
|
||||
- Apply 'openssh-3.0.2p1-patch.diff' from this directory
|
||||
- Run autoconf and autoheader
|
||||
- Run configure with the argument '--with-opensc'
|
||||
- Change the hardcoded PIN to the one set on your card... =)
|
||||
The line to modify can be found in file scard-libsc.c.
|
||||
(This will be fixed in the future)
|
||||
- Compile and install
|
||||
|
||||
- Extract a public key from your SmartCard in OpenSSH format
|
||||
|
@ -21,7 +17,9 @@ Steps for your OpenSSH pleasure:
|
|||
With luck you should be authenticated and ready to go. If it won't work,
|
||||
try enabling debug information with the '-d' switch.
|
||||
|
||||
NOTE: ssh-agent should also work.
|
||||
NOTE: PIN code is not asked by ssh when connecting. If you haven't
|
||||
authenticated for the private key when connecting with PIN code,
|
||||
verify the PIN with e.g. pkcs15-crypt tool.
|
||||
|
||||
--
|
||||
Juha Yrjölä <juha.yrjola@iki.fi>
|
||||
Markku Degerholm <mdegerho@cc.hut.fi>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
diff -ruN openssh-3.0.2p1/Makefile.in openssh-new/Makefile.in
|
||||
--- openssh-3.0.2p1/Makefile.in Mon Nov 12 01:34:23 2001
|
||||
+++ openssh-new/Makefile.in Sun Dec 2 21:01:34 2001
|
||||
diff -u --unidirectional-new-file openssh-3.0.2p1-orig/Makefile.in openssh-3.0.2p1/Makefile.in
|
||||
--- openssh-3.0.2p1-orig/Makefile.in Mon Nov 12 01:34:23 2001
|
||||
+++ openssh-3.0.2p1/Makefile.in Sun Mar 10 14:51:49 2002
|
||||
@@ -46,7 +46,7 @@
|
||||
|
||||
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP_PROGS)
|
||||
|
@ -10,9 +10,9 @@ diff -ruN openssh-3.0.2p1/Makefile.in openssh-new/Makefile.in
|
|||
|
||||
SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o
|
||||
|
||||
diff -ruN openssh-3.0.2p1/acconfig.h openssh-new/acconfig.h
|
||||
--- openssh-3.0.2p1/acconfig.h Sat Nov 3 21:09:33 2001
|
||||
+++ openssh-new/acconfig.h Sun Dec 2 21:01:34 2001
|
||||
diff -u --unidirectional-new-file openssh-3.0.2p1-orig/acconfig.h openssh-3.0.2p1/acconfig.h
|
||||
--- openssh-3.0.2p1-orig/acconfig.h Sat Nov 3 21:09:33 2001
|
||||
+++ openssh-3.0.2p1/acconfig.h Sun Mar 10 14:51:49 2002
|
||||
@@ -329,6 +329,12 @@
|
||||
/* Define if you want smartcard support */
|
||||
#undef SMARTCARD
|
||||
|
@ -26,9 +26,12 @@ diff -ruN openssh-3.0.2p1/acconfig.h openssh-new/acconfig.h
|
|||
@BOTTOM@
|
||||
|
||||
/* ******************* Shouldn't need to edit below this line ************** */
|
||||
diff -ruN openssh-3.0.2p1/configure.ac openssh-new/configure.ac
|
||||
--- openssh-3.0.2p1/configure.ac Sat Nov 3 21:09:33 2001
|
||||
+++ openssh-new/configure.ac Sun Dec 2 21:01:34 2001
|
||||
Common subdirectories: openssh-3.0.2p1-orig/autom4te.cache and openssh-3.0.2p1/autom4te.cache
|
||||
Only in openssh-3.0.2p1-orig/: config.h.in
|
||||
Only in openssh-3.0.2p1-orig/: configure
|
||||
diff -u --unidirectional-new-file openssh-3.0.2p1-orig/configure.ac openssh-3.0.2p1/configure.ac
|
||||
--- openssh-3.0.2p1-orig/configure.ac Sat Nov 3 21:09:33 2001
|
||||
+++ openssh-3.0.2p1/configure.ac Sun Mar 10 14:51:49 2002
|
||||
@@ -1412,11 +1412,11 @@
|
||||
AC_DEFINE(HAVE_SYS_NERR)
|
||||
fi
|
||||
|
@ -83,10 +86,14 @@ diff -ruN openssh-3.0.2p1/configure.ac openssh-new/configure.ac
|
|||
SCARD_MSG="yes"
|
||||
fi
|
||||
]
|
||||
diff -ruN openssh-3.0.2p1/scard-opensc.c openssh-new/scard-opensc.c
|
||||
--- openssh-3.0.2p1/scard-opensc.c Thu Jan 1 02:00:00 1970
|
||||
+++ openssh-new/scard-opensc.c Sun Dec 2 21:40:42 2001
|
||||
@@ -0,0 +1,463 @@
|
||||
Common subdirectories: openssh-3.0.2p1-orig/contrib and openssh-3.0.2p1/contrib
|
||||
Common subdirectories: openssh-3.0.2p1-orig/debian and openssh-3.0.2p1/debian
|
||||
Common subdirectories: openssh-3.0.2p1-orig/openbsd-compat and openssh-3.0.2p1/openbsd-compat
|
||||
Common subdirectories: openssh-3.0.2p1-orig/scard and openssh-3.0.2p1/scard
|
||||
diff -u --unidirectional-new-file openssh-3.0.2p1-orig/scard-opensc.c openssh-3.0.2p1/scard-opensc.c
|
||||
--- openssh-3.0.2p1-orig/scard-opensc.c Thu Jan 1 02:00:00 1970
|
||||
+++ openssh-3.0.2p1/scard-opensc.c Sun Mar 10 20:26:13 2002
|
||||
@@ -0,0 +1,472 @@
|
||||
+/* libopensc support in OpenSSH -- heavily modified from scard.c
|
||||
+ *
|
||||
+ * Copyright (c) 2001 Juha Yrjölä. All rights reserved.
|
||||
|
@ -129,7 +136,7 @@ diff -ruN openssh-3.0.2p1/scard-opensc.c openssh-new/scard-opensc.c
|
|||
+#include "xmalloc.h"
|
||||
+#include "scard.h"
|
||||
+
|
||||
+#define SC_HARDCODED_PIN "1234"
|
||||
+//#define SC_HARDCODED_PIN "1234"
|
||||
+
|
||||
+#define MAX_BUF_SIZE 256
|
||||
+
|
||||
|
@ -154,7 +161,7 @@ diff -ruN openssh-3.0.2p1/scard-opensc.c openssh-new/scard-opensc.c
|
|||
+ r = sc_establish_context(&ctx);
|
||||
+ if (r)
|
||||
+ goto err;
|
||||
+ r = sc_connect_card(ctx, sc_reader_id, &card);
|
||||
+ r = sc_connect_card(ctx->reader[sc_reader_id], 0, &card);
|
||||
+ if (r)
|
||||
+ goto err;
|
||||
+ r = sc_pkcs15_bind(card, &p15card);
|
||||
|
@ -183,9 +190,10 @@ diff -ruN openssh-3.0.2p1/scard-opensc.c openssh-new/scard-opensc.c
|
|||
+}
|
||||
+
|
||||
+static int
|
||||
+sc_read_pubkey(Key * k, const struct sc_pkcs15_cert_info *cinfo)
|
||||
+sc_read_pubkey(Key * k, const struct sc_pkcs15_object * obj)
|
||||
+{
|
||||
+ int r;
|
||||
+ struct sc_pkcs15_cert_info * cinfo = obj->data;
|
||||
+ struct sc_pkcs15_cert *cert = NULL;
|
||||
+ struct sc_priv_data *priv = NULL;
|
||||
+ X509 *x509 = NULL;
|
||||
|
@ -253,8 +261,10 @@ diff -ruN openssh-3.0.2p1/scard-opensc.c openssh-new/scard-opensc.c
|
|||
+{
|
||||
+ int r;
|
||||
+ struct sc_priv_data *priv;
|
||||
+ struct sc_pkcs15_prkey_info *key;
|
||||
+ struct sc_pkcs15_object *key;
|
||||
+#ifdef SC_HARDCODED_PIN
|
||||
+ struct sc_pkcs15_pin_info *pin;
|
||||
+#endif
|
||||
+
|
||||
+ if (padding != RSA_PKCS1_PADDING)
|
||||
+ return -1;
|
||||
|
@ -276,6 +286,7 @@ diff -ruN openssh-3.0.2p1/scard-opensc.c openssh-new/scard-opensc.c
|
|||
+ error("Unable to find private key from SmartCard: %s", sc_strerror(r));
|
||||
+ goto err;
|
||||
+ }
|
||||
+#ifdef SC_HARDCODED_PIN
|
||||
+ r = sc_pkcs15_find_pin_by_auth_id(p15card, &key->com_attr.auth_id, &pin);
|
||||
+ if (r) {
|
||||
+ error("Unable to find PIN object from SmartCard: %s", sc_strerror(r));
|
||||
|
@ -287,11 +298,13 @@ diff -ruN openssh-3.0.2p1/scard-opensc.c openssh-new/scard-opensc.c
|
|||
+ error("PIN code verification failed: %s", sc_strerror(r));
|
||||
+ goto err;
|
||||
+ }
|
||||
+#endif
|
||||
+ r = sc_pkcs15_decipher(p15card, key, from, flen, to, flen);
|
||||
+ if (r < 0) {
|
||||
+ error("sc_pkcs15_decipher() failed: %s", sc_strerror(r));
|
||||
+ goto err;
|
||||
+ }
|
||||
+ sc_close();
|
||||
+ return r;
|
||||
+err:
|
||||
+ sc_close();
|
||||
|
@ -311,8 +324,10 @@ diff -ruN openssh-3.0.2p1/scard-opensc.c openssh-new/scard-opensc.c
|
|||
+{
|
||||
+ int r;
|
||||
+ struct sc_priv_data *priv;
|
||||
+ struct sc_pkcs15_prkey_info *key;
|
||||
+ struct sc_pkcs15_object *key;
|
||||
+#ifdef SC_HARDCODED_PIN
|
||||
+ struct sc_pkcs15_pin_info *pin;
|
||||
+#endif
|
||||
+
|
||||
+ priv = (struct sc_priv_data *) RSA_get_app_data(rsa);
|
||||
+ if (priv == NULL)
|
||||
|
@ -332,6 +347,7 @@ diff -ruN openssh-3.0.2p1/scard-opensc.c openssh-new/scard-opensc.c
|
|||
+ error("Unable to find private key from SmartCard: %s", sc_strerror(r));
|
||||
+ goto err;
|
||||
+ }
|
||||
+#ifdef SC_HARDCODED_PIN
|
||||
+ r = sc_pkcs15_find_pin_by_auth_id(p15card, &key->com_attr.auth_id, &pin);
|
||||
+ if (r) {
|
||||
+ error("Unable to find PIN object from SmartCard: %s", sc_strerror(r));
|
||||
|
@ -343,14 +359,16 @@ diff -ruN openssh-3.0.2p1/scard-opensc.c openssh-new/scard-opensc.c
|
|||
+ error("PIN code verification failed: %s", sc_strerror(r));
|
||||
+ goto err;
|
||||
+ }
|
||||
+#endif
|
||||
+ /* FIXME: length of sigret correct? */
|
||||
+ r = sc_pkcs15_compute_signature(p15card, key, SC_PKCS15_HASH_SHA1,
|
||||
+ r = sc_pkcs15_compute_signature(p15card, key, SC_ALGORITHM_RSA_HASH_SHA1|SC_ALGORITHM_RSA_PAD_PKCS1,
|
||||
+ m, m_len, sigret, RSA_size(rsa));
|
||||
+ if (r < 0) {
|
||||
+ error("sc_pkcs15_compute_signature() failed: %s", sc_strerror(r));
|
||||
+ goto err;
|
||||
+ }
|
||||
+ *siglen = r;
|
||||
+ sc_close();
|
||||
+ return 1;
|
||||
+err:
|
||||
+ sc_close();
|
||||
|
@ -468,7 +486,7 @@ diff -ruN openssh-3.0.2p1/scard-opensc.c openssh-new/scard-opensc.c
|
|||
+ p15card = NULL;
|
||||
+ }
|
||||
+ if (card) {
|
||||
+ sc_disconnect_card(card);
|
||||
+ sc_disconnect_card(card, 0);
|
||||
+ card = NULL;
|
||||
+ }
|
||||
+ if (ctx) {
|
||||
|
@ -482,7 +500,8 @@ diff -ruN openssh-3.0.2p1/scard-opensc.c openssh-new/scard-opensc.c
|
|||
+{
|
||||
+ Key *k = NULL, **keys = NULL;
|
||||
+ struct sc_pkcs15_id cert_id;
|
||||
+ struct sc_pkcs15_cert_info *cinfo;
|
||||
+#define MAX_OBJECTS 32
|
||||
+ struct sc_pkcs15_object * cinfo[MAX_OBJECTS];
|
||||
+ char *buf = xstrdup(id), *p;
|
||||
+ int r, i, key_count = 0, real_count = 0;
|
||||
+
|
||||
|
@ -501,12 +520,13 @@ diff -ruN openssh-3.0.2p1/scard-opensc.c openssh-new/scard-opensc.c
|
|||
+ goto err;
|
||||
+ }
|
||||
+ if (cert_id.len) {
|
||||
+ r = sc_pkcs15_find_cert_by_id(p15card, &cert_id, &cinfo);
|
||||
+ r = sc_pkcs15_find_cert_by_id(p15card, &cert_id, &cinfo[0]);
|
||||
+ if (r < 0)
|
||||
+ goto err;
|
||||
+ key_count = 1;
|
||||
+ } else {
|
||||
+ r = sc_pkcs15_enum_certificates(p15card);
|
||||
+ } else
|
||||
+ {
|
||||
+ r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_CERT_X509, cinfo, MAX_OBJECTS);
|
||||
+ if (r == 0) {
|
||||
+ log("No certificates found on smartcard");
|
||||
+ r = -1;
|
||||
|
@ -522,10 +542,7 @@ diff -ruN openssh-3.0.2p1/scard-opensc.c openssh-new/scard-opensc.c
|
|||
+ k = key_new(KEY_RSA);
|
||||
+ if (k == NULL)
|
||||
+ break;
|
||||
+ if (cert_id.len)
|
||||
+ r = sc_read_pubkey(k, cinfo);
|
||||
+ else
|
||||
+ r = sc_read_pubkey(k, &p15card->cert_info[i]);
|
||||
+ r = sc_read_pubkey(k, cinfo[i]);
|
||||
+ if (r) {
|
||||
+ error("sc_read_pubkey failed: %s", sc_strerror(r));
|
||||
+ key_free(k);
|
||||
|
@ -542,7 +559,6 @@ diff -ruN openssh-3.0.2p1/scard-opensc.c openssh-new/scard-opensc.c
|
|||
+ }
|
||||
+ keys[real_count] = NULL;
|
||||
+ sc_close();
|
||||
+
|
||||
+ return keys;
|
||||
+err:
|
||||
+ sc_close();
|
||||
|
@ -550,9 +566,9 @@ diff -ruN openssh-3.0.2p1/scard-opensc.c openssh-new/scard-opensc.c
|
|||
+}
|
||||
+
|
||||
+#endif /* OPENSC */
|
||||
diff -ruN openssh-3.0.2p1/scard-sectok.c openssh-new/scard-sectok.c
|
||||
--- openssh-3.0.2p1/scard-sectok.c Thu Jan 1 02:00:00 1970
|
||||
+++ openssh-new/scard-sectok.c Sun Dec 2 21:01:34 2001
|
||||
diff -u --unidirectional-new-file openssh-3.0.2p1-orig/scard-sectok.c openssh-3.0.2p1/scard-sectok.c
|
||||
--- openssh-3.0.2p1-orig/scard-sectok.c Thu Jan 1 02:00:00 1970
|
||||
+++ openssh-3.0.2p1/scard-sectok.c Sun Mar 10 14:51:49 2002
|
||||
@@ -0,0 +1,389 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
|
@ -943,384 +959,10 @@ diff -ruN openssh-3.0.2p1/scard-sectok.c openssh-new/scard-sectok.c
|
|||
+ return keys;
|
||||
+}
|
||||
+#endif /* SECTOK */
|
||||
diff -ruN openssh-3.0.2p1/scard.c openssh-new/scard.c
|
||||
--- openssh-3.0.2p1/scard.c Fri Sep 28 12:51:54 2001
|
||||
+++ openssh-new/scard.c Thu Jan 1 02:00:00 1970
|
||||
@@ -1,371 +0,0 @@
|
||||
-/*
|
||||
- * Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
- *
|
||||
- * Redistribution and use in source and binary forms, with or without
|
||||
- * modification, are permitted provided that the following conditions
|
||||
- * are met:
|
||||
- * 1. Redistributions of source code must retain the above copyright
|
||||
- * notice, this list of conditions and the following disclaimer.
|
||||
- * 2. Redistributions in binary form must reproduce the above copyright
|
||||
- * notice, this list of conditions and the following disclaimer in the
|
||||
- * documentation and/or other materials provided with the distribution.
|
||||
- *
|
||||
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
- */
|
||||
-
|
||||
-#include "includes.h"
|
||||
-#ifdef SMARTCARD
|
||||
-RCSID("$OpenBSD: scard.c,v 1.15 2001/09/28 09:49:31 djm Exp $");
|
||||
-
|
||||
-#include <openssl/engine.h>
|
||||
-#include <sectok.h>
|
||||
-
|
||||
-#include "key.h"
|
||||
-#include "log.h"
|
||||
-#include "xmalloc.h"
|
||||
-#include "scard.h"
|
||||
-
|
||||
-#define CLA_SSH 0x05
|
||||
-#define INS_DECRYPT 0x10
|
||||
-#define INS_GET_KEYLENGTH 0x20
|
||||
-#define INS_GET_PUBKEY 0x30
|
||||
-#define INS_GET_RESPONSE 0xc0
|
||||
-
|
||||
-#define MAX_BUF_SIZE 256
|
||||
-
|
||||
-static int sc_fd = -1;
|
||||
-static char *sc_reader_id = NULL;
|
||||
-static int cla = 0x00; /* class */
|
||||
-
|
||||
-/* interface to libsectok */
|
||||
-
|
||||
-static int
|
||||
-sc_open(void)
|
||||
-{
|
||||
- int sw;
|
||||
-
|
||||
- if (sc_fd >= 0)
|
||||
- return sc_fd;
|
||||
-
|
||||
- sc_fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
|
||||
- if (sc_fd < 0) {
|
||||
- error("sectok_open failed: %s", sectok_get_sw(sw));
|
||||
- return SCARD_ERROR_FAIL;
|
||||
- }
|
||||
- if (! sectok_cardpresent(sc_fd)) {
|
||||
- debug("smartcard in reader %s not present, skipping",
|
||||
- sc_reader_id);
|
||||
- sc_close();
|
||||
- return SCARD_ERROR_NOCARD;
|
||||
- }
|
||||
- if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) {
|
||||
- error("sectok_reset failed: %s", sectok_get_sw(sw));
|
||||
- sc_fd = -1;
|
||||
- return SCARD_ERROR_FAIL;
|
||||
- }
|
||||
- if ((cla = cyberflex_inq_class(sc_fd)) < 0)
|
||||
- cla = 0;
|
||||
-
|
||||
- debug("sc_open ok %d", sc_fd);
|
||||
- return sc_fd;
|
||||
-}
|
||||
-
|
||||
-static int
|
||||
-sc_enable_applet(void)
|
||||
-{
|
||||
- static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
|
||||
- int sw = 0;
|
||||
-
|
||||
- /* select applet id */
|
||||
- sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, sizeof aid, aid, 0, NULL, &sw);
|
||||
- if (!sectok_swOK(sw)) {
|
||||
- error("sectok_apdu failed: %s", sectok_get_sw(sw));
|
||||
- sc_close();
|
||||
- return -1;
|
||||
- }
|
||||
- return 0;
|
||||
-}
|
||||
-
|
||||
-static int
|
||||
-sc_init(void)
|
||||
-{
|
||||
- int status;
|
||||
-
|
||||
- status = sc_open();
|
||||
- if (status == SCARD_ERROR_NOCARD) {
|
||||
- return SCARD_ERROR_NOCARD;
|
||||
- }
|
||||
- if (status < 0 ) {
|
||||
- error("sc_open failed");
|
||||
- return status;
|
||||
- }
|
||||
- if (sc_enable_applet() < 0) {
|
||||
- error("sc_enable_applet failed");
|
||||
- return SCARD_ERROR_APPLET;
|
||||
- }
|
||||
- return 0;
|
||||
-}
|
||||
-
|
||||
-static int
|
||||
-sc_read_pubkey(Key * k)
|
||||
-{
|
||||
- u_char buf[2], *n;
|
||||
- char *p;
|
||||
- int len, sw, status = -1;
|
||||
-
|
||||
- len = sw = 0;
|
||||
- n = NULL;
|
||||
-
|
||||
- if (sc_fd < 0) {
|
||||
- status = sc_init();
|
||||
- if (status < 0 )
|
||||
- goto err;
|
||||
- }
|
||||
-
|
||||
- /* get key size */
|
||||
- sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
|
||||
- sizeof(buf), buf, &sw);
|
||||
- if (!sectok_swOK(sw)) {
|
||||
- error("could not obtain key length: %s", sectok_get_sw(sw));
|
||||
- goto err;
|
||||
- }
|
||||
- len = (buf[0] << 8) | buf[1];
|
||||
- len /= 8;
|
||||
- debug("INS_GET_KEYLENGTH: len %d sw %s", len, sectok_get_sw(sw));
|
||||
-
|
||||
- n = xmalloc(len);
|
||||
- /* get n */
|
||||
- sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
|
||||
- if (!sectok_swOK(sw)) {
|
||||
- error("could not obtain public key: %s", sectok_get_sw(sw));
|
||||
- goto err;
|
||||
- }
|
||||
-
|
||||
- debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw));
|
||||
-
|
||||
- if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
|
||||
- error("c_read_pubkey: BN_bin2bn failed");
|
||||
- goto err;
|
||||
- }
|
||||
-
|
||||
- /* currently the java applet just stores 'n' */
|
||||
- if (!BN_set_word(k->rsa->e, 35)) {
|
||||
- error("c_read_pubkey: BN_set_word(e, 35) failed");
|
||||
- goto err;
|
||||
- }
|
||||
-
|
||||
- status = 0;
|
||||
- p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
|
||||
- debug("fingerprint %d %s", key_size(k), p);
|
||||
- xfree(p);
|
||||
-
|
||||
-err:
|
||||
- if (n != NULL)
|
||||
- xfree(n);
|
||||
- sc_close();
|
||||
- return status;
|
||||
-}
|
||||
-
|
||||
-/* private key operations */
|
||||
-
|
||||
-static int
|
||||
-sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
|
||||
-{
|
||||
- u_char *padded = NULL;
|
||||
- int sw, len, olen, status = -1;
|
||||
-
|
||||
- debug("sc_private_decrypt called");
|
||||
-
|
||||
- olen = len = sw = 0;
|
||||
- if (sc_fd < 0) {
|
||||
- status = sc_init();
|
||||
- if (status < 0 )
|
||||
- goto err;
|
||||
- }
|
||||
- if (padding != RSA_PKCS1_PADDING)
|
||||
- goto err;
|
||||
-
|
||||
- len = BN_num_bytes(rsa->n);
|
||||
- padded = xmalloc(len);
|
||||
-
|
||||
- sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, 0, NULL, &sw);
|
||||
- if (!sectok_swOK(sw)) {
|
||||
- error("sc_private_decrypt: INS_DECRYPT failed: %s",
|
||||
- sectok_get_sw(sw));
|
||||
- goto err;
|
||||
- }
|
||||
- sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
|
||||
- len, padded, &sw);
|
||||
- if (!sectok_swOK(sw)) {
|
||||
- error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
|
||||
- sectok_get_sw(sw));
|
||||
- goto err;
|
||||
- }
|
||||
- olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1,
|
||||
- len);
|
||||
-err:
|
||||
- if (padded)
|
||||
- xfree(padded);
|
||||
- sc_close();
|
||||
- return (olen >= 0 ? olen : status);
|
||||
-}
|
||||
-
|
||||
-static int
|
||||
-sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
|
||||
-{
|
||||
- u_char *padded = NULL;
|
||||
- int sw, len, status = -1;
|
||||
-
|
||||
- len = sw = 0;
|
||||
- if (sc_fd < 0) {
|
||||
- status = sc_init();
|
||||
- if (status < 0 )
|
||||
- goto err;
|
||||
- }
|
||||
- if (padding != RSA_PKCS1_PADDING)
|
||||
- goto err;
|
||||
-
|
||||
- debug("sc_private_encrypt called");
|
||||
- len = BN_num_bytes(rsa->n);
|
||||
- padded = xmalloc(len);
|
||||
-
|
||||
- if (RSA_padding_add_PKCS1_type_1(padded, len, from, flen) <= 0) {
|
||||
- error("RSA_padding_add_PKCS1_type_1 failed");
|
||||
- goto err;
|
||||
- }
|
||||
- sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, 0, NULL, &sw);
|
||||
- if (!sectok_swOK(sw)) {
|
||||
- error("sc_private_decrypt: INS_DECRYPT failed: %s",
|
||||
- sectok_get_sw(sw));
|
||||
- goto err;
|
||||
- }
|
||||
- sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
|
||||
- len, to, &sw);
|
||||
- if (!sectok_swOK(sw)) {
|
||||
- error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
|
||||
- sectok_get_sw(sw));
|
||||
- goto err;
|
||||
- }
|
||||
-err:
|
||||
- if (padded)
|
||||
- xfree(padded);
|
||||
- sc_close();
|
||||
- return (len >= 0 ? len : status);
|
||||
-}
|
||||
-
|
||||
-/* called on free */
|
||||
-
|
||||
-static int (*orig_finish)(RSA *rsa) = NULL;
|
||||
-
|
||||
-static int
|
||||
-sc_finish(RSA *rsa)
|
||||
-{
|
||||
- if (orig_finish)
|
||||
- orig_finish(rsa);
|
||||
- sc_close();
|
||||
- return 1;
|
||||
-}
|
||||
-
|
||||
-
|
||||
-/* engine for overloading private key operations */
|
||||
-
|
||||
-static ENGINE *smart_engine = NULL;
|
||||
-static RSA_METHOD smart_rsa =
|
||||
-{
|
||||
- "sectok",
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- 0,
|
||||
- NULL,
|
||||
-};
|
||||
-
|
||||
-ENGINE *
|
||||
-sc_get_engine(void)
|
||||
-{
|
||||
- RSA_METHOD *def;
|
||||
-
|
||||
- def = RSA_get_default_openssl_method();
|
||||
-
|
||||
- /* overload */
|
||||
- smart_rsa.rsa_priv_enc = sc_private_encrypt;
|
||||
- smart_rsa.rsa_priv_dec = sc_private_decrypt;
|
||||
-
|
||||
- /* save original */
|
||||
- orig_finish = def->finish;
|
||||
- smart_rsa.finish = sc_finish;
|
||||
-
|
||||
- /* just use the OpenSSL version */
|
||||
- smart_rsa.rsa_pub_enc = def->rsa_pub_enc;
|
||||
- smart_rsa.rsa_pub_dec = def->rsa_pub_dec;
|
||||
- smart_rsa.rsa_mod_exp = def->rsa_mod_exp;
|
||||
- smart_rsa.bn_mod_exp = def->bn_mod_exp;
|
||||
- smart_rsa.init = def->init;
|
||||
- smart_rsa.flags = def->flags;
|
||||
- smart_rsa.app_data = def->app_data;
|
||||
- smart_rsa.rsa_sign = def->rsa_sign;
|
||||
- smart_rsa.rsa_verify = def->rsa_verify;
|
||||
-
|
||||
- smart_engine = ENGINE_new();
|
||||
-
|
||||
- ENGINE_set_id(smart_engine, "sectok");
|
||||
- ENGINE_set_name(smart_engine, "libsectok");
|
||||
- ENGINE_set_RSA(smart_engine, &smart_rsa);
|
||||
- ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
|
||||
- ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
|
||||
- ENGINE_set_RAND(smart_engine, RAND_SSLeay());
|
||||
- ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp);
|
||||
-
|
||||
- return smart_engine;
|
||||
-}
|
||||
-
|
||||
-void
|
||||
-sc_close(void)
|
||||
-{
|
||||
- if (sc_fd >= 0) {
|
||||
- sectok_close(sc_fd);
|
||||
- sc_fd = -1;
|
||||
- }
|
||||
-}
|
||||
-
|
||||
-Key *
|
||||
-sc_get_key(const char *id)
|
||||
-{
|
||||
- Key *k;
|
||||
- int status;
|
||||
-
|
||||
- if (sc_reader_id != NULL)
|
||||
- xfree(sc_reader_id);
|
||||
- sc_reader_id = xstrdup(id);
|
||||
-
|
||||
- k = key_new(KEY_RSA);
|
||||
- if (k == NULL) {
|
||||
- return NULL;
|
||||
- }
|
||||
- status = sc_read_pubkey(k);
|
||||
- if (status == SCARD_ERROR_NOCARD) {
|
||||
- key_free(k);
|
||||
- return NULL;
|
||||
- }
|
||||
- if (status < 0 ) {
|
||||
- error("sc_read_pubkey failed");
|
||||
- key_free(k);
|
||||
- return NULL;
|
||||
- }
|
||||
- return k;
|
||||
-}
|
||||
-#endif /* SMARTCARD */
|
||||
diff -ruN openssh-3.0.2p1/scard.h openssh-new/scard.h
|
||||
--- openssh-3.0.2p1/scard.h Tue Aug 7 00:35:52 2001
|
||||
+++ openssh-new/scard.h Sun Dec 2 21:01:34 2001
|
||||
Only in openssh-3.0.2p1-orig/: scard.c
|
||||
diff -u --unidirectional-new-file openssh-3.0.2p1-orig/scard.h openssh-3.0.2p1/scard.h
|
||||
--- openssh-3.0.2p1-orig/scard.h Tue Aug 7 00:35:52 2001
|
||||
+++ openssh-3.0.2p1/scard.h Sun Mar 10 14:51:49 2002
|
||||
@@ -24,17 +24,19 @@
|
||||
|
||||
/* $OpenBSD: scard.h,v 1.6 2001/08/01 22:03:33 markus Exp $ */
|
||||
|
@ -1345,9 +987,14 @@ diff -ruN openssh-3.0.2p1/scard.h openssh-new/scard.h
|
|||
void sc_close(void);
|
||||
|
||||
#endif
|
||||
diff -ruN openssh-3.0.2p1/ssh-agent.c openssh-new/ssh-agent.c
|
||||
--- openssh-3.0.2p1/ssh-agent.c Tue Aug 7 01:06:35 2001
|
||||
+++ openssh-new/ssh-agent.c Sun Dec 2 21:01:34 2001
|
||||
Only in openssh-3.0.2p1-orig/: scp.0
|
||||
Only in openssh-3.0.2p1-orig/: sftp-server.0
|
||||
Only in openssh-3.0.2p1-orig/: sftp.0
|
||||
Only in openssh-3.0.2p1-orig/: ssh-add.0
|
||||
Only in openssh-3.0.2p1-orig/: ssh-agent.0
|
||||
diff -u --unidirectional-new-file openssh-3.0.2p1-orig/ssh-agent.c openssh-3.0.2p1/ssh-agent.c
|
||||
--- openssh-3.0.2p1-orig/ssh-agent.c Tue Aug 7 01:06:35 2001
|
||||
+++ openssh-3.0.2p1/ssh-agent.c Sun Mar 10 14:51:49 2002
|
||||
@@ -57,7 +57,6 @@
|
||||
#include "log.h"
|
||||
|
||||
|
@ -1532,9 +1179,10 @@ diff -ruN openssh-3.0.2p1/ssh-agent.c openssh-new/ssh-agent.c
|
|||
buffer_put_int(&e->output, 1);
|
||||
buffer_put_char(&e->output,
|
||||
success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
|
||||
diff -ruN openssh-3.0.2p1/ssh-keygen.c openssh-new/ssh-keygen.c
|
||||
--- openssh-3.0.2p1/ssh-keygen.c Mon Nov 12 01:52:44 2001
|
||||
+++ openssh-new/ssh-keygen.c Sun Dec 2 21:01:34 2001
|
||||
Only in openssh-3.0.2p1-orig/: ssh-keygen.0
|
||||
diff -u --unidirectional-new-file openssh-3.0.2p1-orig/ssh-keygen.c openssh-3.0.2p1/ssh-keygen.c
|
||||
--- openssh-3.0.2p1-orig/ssh-keygen.c Mon Nov 12 01:52:44 2001
|
||||
+++ openssh-3.0.2p1/ssh-keygen.c Sun Mar 10 14:51:49 2002
|
||||
@@ -29,8 +29,9 @@
|
||||
#include "readpass.h"
|
||||
|
||||
|
@ -1576,9 +1224,11 @@ diff -ruN openssh-3.0.2p1/ssh-keygen.c openssh-new/ssh-keygen.c
|
|||
#endif /* SMARTCARD */
|
||||
|
||||
static void
|
||||
diff -ruN openssh-3.0.2p1/ssh.c openssh-new/ssh.c
|
||||
--- openssh-3.0.2p1/ssh.c Mon Nov 12 01:52:04 2001
|
||||
+++ openssh-new/ssh.c Sun Dec 2 21:28:50 2001
|
||||
Only in openssh-3.0.2p1-orig/: ssh-keyscan.0
|
||||
Only in openssh-3.0.2p1-orig/: ssh.0
|
||||
diff -u --unidirectional-new-file openssh-3.0.2p1-orig/ssh.c openssh-3.0.2p1/ssh.c
|
||||
--- openssh-3.0.2p1-orig/ssh.c Sun Mar 10 20:31:12 2002
|
||||
+++ openssh-3.0.2p1/ssh.c Sun Mar 10 18:55:29 2002
|
||||
@@ -70,7 +70,6 @@
|
||||
#include "sshtty.h"
|
||||
|
||||
|
@ -1587,7 +1237,7 @@ diff -ruN openssh-3.0.2p1/ssh.c openssh-new/ssh.c
|
|||
#include "scard.h"
|
||||
#endif
|
||||
|
||||
@@ -1178,39 +1177,37 @@
|
||||
@@ -1183,39 +1182,38 @@
|
||||
char *filename;
|
||||
Key *public;
|
||||
int i = 0;
|
||||
|
@ -1644,11 +1294,12 @@ diff -ruN openssh-3.0.2p1/ssh.c openssh-new/ssh.c
|
|||
+ }
|
||||
+ }
|
||||
+ memmove(&options.identity_files[key_count],
|
||||
+ &options.identity_files[0], key_count * sizeof(char *));
|
||||
+ &options.identity_files[0], options.num_identity_files * sizeof(char *));
|
||||
+ for (i = 0; keys[i] != NULL && i < key_count; i++) {
|
||||
+ options.identity_keys[i] = keys[i];
|
||||
+ options.identity_files[i] = xstrdup("smartcard rsa key");
|
||||
+ }
|
||||
+ //debug("identity files before=%i, smartcard keys=%i", options.num_identity_files, key_count);
|
||||
+ options.num_identity_files += key_count;
|
||||
+ xfree(keys);
|
||||
}
|
||||
|
@ -1656,3 +1307,4 @@ diff -ruN openssh-3.0.2p1/ssh.c openssh-new/ssh.c
|
|||
#endif /* SMARTCARD */
|
||||
for (; i < options.num_identity_files; i++) {
|
||||
filename = tilde_expand_filename(options.identity_files[i],
|
||||
Only in openssh-3.0.2p1-orig/: sshd.0
|
||||
|
|
|
@ -4,54 +4,84 @@
|
|||
CardInfo
|
||||
Label "OpenSC Card"
|
||||
Manufacturer "OpenSC Project"
|
||||
MinPinLength 4
|
||||
MinPinLength 1
|
||||
MaxPinLength 8
|
||||
PinEncoding ascii-numeric
|
||||
PinPadChar 0x00
|
||||
PrKeyAccessFlags RSA 0x1D
|
||||
PrKeyAccessFlags DSA 0x12
|
||||
|
||||
# This is the secure messaging key required for
|
||||
# creating files in the MF
|
||||
# Key PRO 0x0001 "=TEST KEYTEST KEY"
|
||||
|
||||
# Note: many commands use the short file ID (i.e. the lower 5 bits
|
||||
# of the FID) so you must be careful when picking FIDs for the
|
||||
# public key and PIN files.
|
||||
|
||||
# Currently we do not support PIN files that can be updated
|
||||
# by CHV2. Far too messy.
|
||||
EF pinfile
|
||||
FileID 0000
|
||||
Structure 0x21 # GPK specific
|
||||
RecordLength 8
|
||||
Size 32
|
||||
ACL *=NEVER
|
||||
|
||||
# Private key files.
|
||||
# GPK private key files will never let you read the private key
|
||||
# part, so it's okay to set READ=NONE. What's more, we need
|
||||
# read access so we're able to update the file.
|
||||
EF template-private-key
|
||||
FileID 0006 # This is the base FileID
|
||||
Structure 0x2C # GPK specific
|
||||
ACL *=NEVER READ=NONE UPDATE=CHV2 WRITE=CHV2
|
||||
|
||||
EF template-public-key
|
||||
FileID 8000
|
||||
EF pinfile-chv1
|
||||
Path 3F000000
|
||||
Structure transparent
|
||||
Size 20
|
||||
ACL *=NONE
|
||||
|
||||
# CVH1. 7 attempts for the PIN, and 3 for the PUK
|
||||
# Reference 0x8 means "PIN0 in the local EFsc" in GPK parlance
|
||||
PIN CHV1
|
||||
File pinfile
|
||||
Reference 0x8
|
||||
Attempts 7 3
|
||||
EF pinfile-chv2
|
||||
Parent PKCS15-AppDF
|
||||
FileID 5002
|
||||
Size 23
|
||||
ACL *=NONE
|
||||
|
||||
# CVH2. 7 attempts for the PIN, and 3 for the PUK
|
||||
# Reference 0xA means "PIN2 in the local EFsc" in GPK parlance
|
||||
EF template-private-key-1
|
||||
Parent PKCS15-AppDF
|
||||
FileID 4B01
|
||||
Size 330
|
||||
ACL *=NONE CRYPTO=CHV1
|
||||
|
||||
EF template-private-key-2
|
||||
Parent PKCS15-AppDF
|
||||
FileID 4B02
|
||||
Size 330
|
||||
ACL *=NONE CRYPTO=CHV2
|
||||
|
||||
EF template-public-key-1
|
||||
Parent PKCS15-AppDF
|
||||
FileID 5201
|
||||
Structure transparent
|
||||
ACL *=NONE READ=NONE
|
||||
|
||||
EF template-public-key-2
|
||||
Parent PKCS15-AppDF
|
||||
FileID 5202
|
||||
Structure transparent
|
||||
ACL *=NONE READ=NONE
|
||||
|
||||
EF PKCS15-DIR
|
||||
ACL *=NEVER READ=NONE UPDATE=CHV1
|
||||
|
||||
EF PKCS15-ODF
|
||||
ACL *=NEVER READ=NONE UPDATE=CHV1
|
||||
|
||||
EF PKCS15-AODF
|
||||
ACL *=NEVER READ=NONE UPDATE=CHV1
|
||||
|
||||
EF PKCS15-PrKDF
|
||||
ACL *=NEVER READ=NONE UPDATE=CHV1
|
||||
|
||||
EF PKCS15-PuKDF
|
||||
ACL *=NEVER READ=NONE UPDATE=CHV1
|
||||
|
||||
EF PKCS15-CDF
|
||||
ACL *=NEVER READ=NONE UPDATE=CHV1
|
||||
|
||||
# CHV1. 3 attempts for the PIN, and 10 for the PUK
|
||||
PIN CHV1
|
||||
File pinfile-chv1
|
||||
Reference 0x01
|
||||
Attempts 3 10
|
||||
|
||||
# CHV2. 3 attempts for the PIN, and 10 for the PUK
|
||||
PIN CHV2
|
||||
File pinfile
|
||||
Reference 0xA
|
||||
Attempts 7 3
|
||||
Offset 16
|
||||
File pinfile-chv2
|
||||
Reference 0x02
|
||||
Attempts 3 10
|
||||
|
||||
PrivateKey AuthKey
|
||||
Reference 0x01
|
||||
Index 1
|
||||
File template-private-key-1
|
||||
|
||||
PrivateKey SignKey
|
||||
Reference 0x02
|
||||
Index 1
|
||||
File template-private-key-2
|
||||
|
|
|
@ -45,13 +45,13 @@ static int cflex_update_pin(struct sc_card *card, struct pin_info *info)
|
|||
|
||||
memset(p, 0xFF, 3);
|
||||
p += 3;
|
||||
memset(p, '-', 8);
|
||||
memset(p, info->pkcs15.pad_char, 8);
|
||||
strncpy((char *) p, info->secret[0], 8);
|
||||
p += 8;
|
||||
*p++ = info->attempt[0];
|
||||
*p++ = info->attempt[0];
|
||||
memset(p, '-', 8);
|
||||
strncpy((char *) p, info->secret[0], 8);
|
||||
memset(p, info->pkcs15.pad_char, 8);
|
||||
strncpy((char *) p, info->secret[1], 8);
|
||||
p += 8;
|
||||
*p++ = info->attempt[1];
|
||||
*p++ = info->attempt[1];
|
||||
|
|
|
@ -28,15 +28,73 @@
|
|||
#include "pkcs15-init.h"
|
||||
#include "util.h"
|
||||
|
||||
static int miocos_update_pin(struct sc_card *card, struct pin_info *info)
|
||||
{
|
||||
u8 buffer[20], *p = buffer;
|
||||
int r;
|
||||
size_t len;
|
||||
|
||||
if (!info->attempt[1]) {
|
||||
error("PUK code needed.");
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
}
|
||||
info->attempt[0] &= 0x0f;
|
||||
*p++ = (info->attempt[0] << 8) | info->attempt[0];
|
||||
*p++ = 0xFF;
|
||||
memset(p, info->pkcs15.pad_char, 8);
|
||||
strncpy((char *) p, info->secret[0], 8);
|
||||
p += 8;
|
||||
info->attempt[1] &= 0x0f;
|
||||
*p++ = (info->attempt[1] << 8) | info->attempt[1];
|
||||
*p++ = 0xFF;
|
||||
strncpy((char *) p, info->secret[1], 8);
|
||||
p += 8;
|
||||
len = 20;
|
||||
|
||||
r = sc_update_binary(card, 0, buffer, len, 0);
|
||||
if (r < 0)
|
||||
return r;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int miocos_store_pin(struct sc_profile *profile, struct sc_card *card,
|
||||
struct pin_info *info)
|
||||
{
|
||||
struct sc_file *pinfile;
|
||||
int r;
|
||||
|
||||
sc_file_dup(&pinfile, info->file->file);
|
||||
|
||||
card->ctx->log_errors = 0;
|
||||
r = sc_select_file(card, &pinfile->path, NULL);
|
||||
card->ctx->log_errors = 1;
|
||||
pinfile->type = SC_FILE_TYPE_INTERNAL_EF;
|
||||
pinfile->ef_structure = 0;
|
||||
if (r == SC_ERROR_FILE_NOT_FOUND) {
|
||||
/* Now create the file */
|
||||
if ((r = sc_pkcs15init_create_file(profile, pinfile)) < 0)
|
||||
goto out;
|
||||
/* The PIN EF is automatically selected */
|
||||
} else if (r < 0)
|
||||
goto out;
|
||||
|
||||
/* If messing with the PIN file requires any sort of
|
||||
* authentication, send it to the card now */
|
||||
if ((r = sc_pkcs15init_authenticate(profile, pinfile, SC_AC_OP_UPDATE)) < 0)
|
||||
goto out;
|
||||
|
||||
r = miocos_update_pin(card, info);
|
||||
|
||||
out: sc_file_free(pinfile);
|
||||
return r;
|
||||
}
|
||||
|
||||
/*
|
||||
* Initialize the Application DF and store the PINs
|
||||
*
|
||||
*/
|
||||
static int miocos_init_app(struct sc_profile *profile, struct sc_card *card)
|
||||
{
|
||||
#if 0
|
||||
struct pin_info *pin1, *pin2;
|
||||
int lockit = 0;
|
||||
|
||||
pin1 = sc_profile_find_pin(profile, "CHV1");
|
||||
pin2 = sc_profile_find_pin(profile, "CHV2");
|
||||
|
@ -44,36 +102,17 @@ static int miocos_init_app(struct sc_profile *profile, struct sc_card *card)
|
|||
fprintf(stderr, "No CHV1 defined\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* XXX TODO:
|
||||
* if the CHV2 pin file is required to create files
|
||||
* in the application DF, create that file first */
|
||||
|
||||
/* Create the application DF */
|
||||
if (do_create_file(profile, profile->df_info.file))
|
||||
if (sc_pkcs15init_create_file(profile, profile->df_info.file))
|
||||
return 1;
|
||||
|
||||
/* Store CHV2 */
|
||||
lockit = 0;
|
||||
if (pin2) {
|
||||
if (gpk_store_pin(profile, card, pin2, &lockit))
|
||||
if (miocos_store_pin(profile, card, pin2))
|
||||
return 1;
|
||||
/* If both PINs reside in the same file, don't lock
|
||||
* it yet. */
|
||||
if (pin1->file != pin2->file && lockit) {
|
||||
if (gpk_lock_pinfile(profile, card, pin2->file->file))
|
||||
return 1;
|
||||
lockit = 0;
|
||||
}
|
||||
}
|
||||
if (miocos_store_pin(profile, card, pin1))
|
||||
return 1;
|
||||
|
||||
/* Store CHV1 */
|
||||
if (gpk_store_pin(profile, card, pin1, &lockit))
|
||||
return 1;
|
||||
|
||||
if (lockit && gpk_lock_pinfile(profile, card, pin2->file->file))
|
||||
return 1;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue