libopensc: new operations for access control

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3939 c6295689-39f2-0310-b995-f0e70906c6a9

src/libopensc/card-oberthur.c

@@ -431,15 +431,24 @@ auth_process_fci(struct sc_card *card, struct sc_file *file,
 		switch (file->ef_structure) {
 		case SC_CARDCTL_OBERTHUR_KEY_DES:
 			add_acl_entry(card, file, SC_AC_OP_UPDATE, attr[0]);
-			add_acl_entry(card, file, SC_AC_OP_READ, attr[1]);
+			add_acl_entry(card, file, SC_AC_OP_PSO_DECRYPT, attr[1]);
+			add_acl_entry(card, file, SC_AC_OP_PSO_ENCRYPT, attr[2]);
+			add_acl_entry(card, file, SC_AC_OP_PSO_COMPUTE_CHECKSUM, attr[3]);
+			add_acl_entry(card, file, SC_AC_OP_PSO_VERIFY_CHECKSUM, attr[4]);
+			add_acl_entry(card, file, SC_AC_OP_INTERNAL_AUTHENTICATE, attr[5]);
+			add_acl_entry(card, file, SC_AC_OP_EXTERNAL_AUTHENTICATE, attr[6]);
 			break;
 		case SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC:
 			add_acl_entry(card, file, SC_AC_OP_UPDATE, attr[0]);
-			add_acl_entry(card, file, SC_AC_OP_READ, attr[2]);
+			add_acl_entry(card, file, SC_AC_OP_PSO_ENCRYPT, attr[2]);
+			add_acl_entry(card, file, SC_AC_OP_PSO_VERIFY_SIGNATURE, attr[4]);
+			add_acl_entry(card, file, SC_AC_OP_EXTERNAL_AUTHENTICATE, attr[6]);
 			break;
 		case SC_CARDCTL_OBERTHUR_KEY_RSA_CRT:
 			add_acl_entry(card, file, SC_AC_OP_UPDATE, attr[0]);
-			add_acl_entry(card, file, SC_AC_OP_READ, attr[1]);
+			add_acl_entry(card, file, SC_AC_OP_PSO_DECRYPT, attr[1]);
+			add_acl_entry(card, file, SC_AC_OP_PSO_COMPUTE_SIGNATURE, attr[3]);
+			add_acl_entry(card, file, SC_AC_OP_INTERNAL_AUTHENTICATE, attr[5]);
 			break;
 		}
 	}
@@ -705,7 +714,7 @@ static int
 acl_to_ac_byte(struct sc_card *card, const struct sc_acl_entry *e)
 {
 	if (e == NULL)
-		return -1;
+		return SC_ERROR_OBJECT_NOT_FOUND;
 	
 	switch (e->method) {
 	case SC_AC_NONE:
@@ -874,25 +883,29 @@ encode_file_structure_V5(struct sc_card *card, const struct sc_file *file,
 		if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_DES)  {
 			sc_debug(card->ctx, "EF_DES\n");
 			ops[0] = SC_AC_OP_UPDATE;
-			ops[1] = SC_AC_OP_CRYPTO;  /* SC_AC_OP_DECRYPT */
-			ops[2] = SC_AC_OP_CRYPTO;  /* SC_AC_OP_ENCRYPT */
-			ops[3] = SC_AC_OP_CRYPTO;  /* SC_AC_OP_CHECKSUM */
-			ops[4] = SC_AC_OP_CRYPTO;  /* SC_AC_OP_CHECKSUM */
+			ops[1] = SC_AC_OP_PSO_DECRYPT;
+			ops[2] = SC_AC_OP_PSO_ENCRYPT; 
+			ops[3] = SC_AC_OP_PSO_COMPUTE_CHECKSUM;
+			ops[4] = SC_AC_OP_PSO_VERIFY_CHECKSUM;
+			ops[5] = SC_AC_OP_INTERNAL_AUTHENTICATE;
+			ops[6] = SC_AC_OP_EXTERNAL_AUTHENTICATE;
 		}
 		else if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC)  {
 			sc_debug(card->ctx, "EF_RSA_PUBLIC\n");
 			ops[0] = SC_AC_OP_UPDATE;
-			ops[2] = SC_AC_OP_CRYPTO;  /* SC_AC_OP_ENCRYPT */
-			ops[4] = SC_AC_OP_CRYPTO;  /* SC_AC_OP_SIGN */
+			ops[2] = SC_AC_OP_PSO_ENCRYPT; 
+			ops[4] = SC_AC_OP_PSO_VERIFY_SIGNATURE;
+			ops[6] = SC_AC_OP_EXTERNAL_AUTHENTICATE;
 		}
 		else if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_CRT)  {
 			sc_debug(card->ctx, "EF_RSA_PRIVATE\n");
 			ops[0] = SC_AC_OP_UPDATE;
-			ops[1] = SC_AC_OP_CRYPTO;  /* SC_AC_OP_ENCRYPT */
-			ops[3] = SC_AC_OP_CRYPTO;  /* SC_AC_OP_SIGN */
+			ops[1] = SC_AC_OP_PSO_DECRYPT;
+			ops[3] = SC_AC_OP_PSO_COMPUTE_SIGNATURE;
+			ops[5] = SC_AC_OP_INTERNAL_AUTHENTICATE;
 		}
 	}
-	
+
 	for (ii = 0; ii < sizeof(ops); ii++) {
 		const struct sc_acl_entry *entry;
 		

src/libopensc/opensc.h

@@ -90,7 +90,7 @@ extern "C" {
 #define SC_AC_UNKNOWN			0xFFFFFFFE
 #define SC_AC_NEVER			0xFFFFFFFF
 
-/* Operations relating to access control (in case of DF) */
+/* Operations relating to access control */
 #define SC_AC_OP_SELECT			0
 #define SC_AC_OP_LOCK			1
 #define SC_AC_OP_DELETE			2
@@ -100,23 +100,29 @@ extern "C" {
 #define SC_AC_OP_LIST_FILES		6
 #define SC_AC_OP_CRYPTO			7
 #define SC_AC_OP_DELETE_SELF		8
+#define SC_AC_OP_PSO_DECRYPT		9
+#define SC_AC_OP_PSO_ENCRYPT		10
+#define SC_AC_OP_PSO_COMPUTE_SIGNATURE	11
+#define SC_AC_OP_PSO_VERIFY_SIGNATURE	12
+#define SC_AC_OP_PSO_COMPUTE_CHECKSUM	13
+#define SC_AC_OP_PSO_VERIFY_CHECKSUM	14
+#define SC_AC_OP_INTERNAL_AUTHENTICATE	15
+#define SC_AC_OP_EXTERNAL_AUTHENTICATE	16
+#define SC_AC_OP_PIN_DEFINE		17
+#define SC_AC_OP_PIN_CHANGE		18
+#define SC_AC_OP_PIN_RESET		19
+	
 /* If you add more OPs here, make sure you increase
  * SC_MAX_AC_OPS in types.h */
 
-/* Operations relating to access control (in case of EF) */
+/* In case of EF re-use the OPs related to DF */
 #define SC_AC_OP_READ			0
 #define SC_AC_OP_UPDATE			1
+#define SC_AC_OP_WRITE			3
+
 /* the use of SC_AC_OP_ERASE is deprecated, SC_AC_OP_DELETE should be used
  * instead  */
 #define SC_AC_OP_ERASE			SC_AC_OP_DELETE
-#define SC_AC_OP_WRITE			3
-/* rehab and invalidate are the same as in DF case */
-
-/* Special 'Oberthur IdOne AuthentIC's case:
- * re-use the existing DF ACLs that are not relevant to this card. */
-#define SC_AC_OP_PIN_DEFINE		SC_AC_OP_LOCK
-#define SC_AC_OP_PIN_CHANGE		SC_AC_OP_REHABILITATE
-#define SC_AC_OP_PIN_RESET		SC_AC_OP_DELETE_SELF
 
 /* various maximum values */
 #define SC_MAX_READER_DRIVERS		6

src/libopensc/types.h

@@ -66,7 +66,7 @@ typedef struct sc_acl_entry {
 	struct sc_acl_entry *next;
 } sc_acl_entry_t;
 
-#define SC_MAX_AC_OPS			9
+#define SC_MAX_AC_OPS			20
 
 typedef struct sc_file {
 	struct sc_path path;