From ae8e3908c46726a941fd1c00facc1bfd73b68d28 Mon Sep 17 00:00:00 2001 From: okir Date: Wed, 3 Apr 2002 11:55:21 +0000 Subject: [PATCH] - rewrote config files to match new parser git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@428 c6295689-39f2-0310-b995-f0e70906c6a9 --- src/pkcs15init/gpk.profile | 138 ++++++++++++++++++++++------------ src/pkcs15init/pkcs15.profile | 99 ++++++++++++++---------- 2 files changed, 149 insertions(+), 88 deletions(-) diff --git a/src/pkcs15init/gpk.profile b/src/pkcs15init/gpk.profile index c17af164..fdea8af4 100644 --- a/src/pkcs15init/gpk.profile +++ b/src/pkcs15init/gpk.profile @@ -1,60 +1,100 @@ # # PKCS15 r/w profile for GPK cards # -CardInfo - Label "OpenSC Card (GPK)" - Manufacturer "OpenSC Project" - MinPinLength 1 - MaxPinLength 8 - PinEncoding BCD - PrKeyAccessFlags RSA 0x1D - PrKeyAccessFlags DSA 0x12 +cardinfo { + max-pin-length = 8; + pin-encoding = BCD; + pin-pad-char = 0x00; - # This is the secure messaging key required for - # creating files in the MF - Key PRO1 "=TEST KEYTEST KEY" + # This is the secure messaging key required for + # creating files in the MF + key PRO1 { + value = "=TEST KEYTEST KEY"; + } +} -# The PIN file. -# The GPK supports just one PIN file per DF, and the file can hold -# up to 8 pins (or 4 PIN/PUK pairs). -# -# Note1: many commands use the short file ID (i.e. the lower 5 bits -# of the FID) so you must be careful when picking FIDs for the -# public key and PIN files. +# Define reasonable limits for PINs and PUK +# Note that we do not set a file path or reference +# here; that is done dynamically. +PIN user-pin { + attempts = 3; +} +PIN user-puk { + attempts = 7; +} +PIN so-pin { + attempts = 2; + min-length = 6; +} +PIN so-puk { + attempts = 4; + min-length = 6; +} -EF pinfile - Parent PKCS15-AppDF - FileID 0000 - Structure 0x21 # GPK specific - RecordLength 8 - Size 64 # room for 8 pins - ACL *=NEVER -# Private key files. -# GPK private key files will never let you read the private key -# part, so it's okay to set READ=NONE. What's more, we may need -# read access so we're able to check the key size/type. -EF template-private-key - Parent PKCS15-AppDF - FileID 0006 # This is the base FileID - Structure 0x2C # GPK specific - ACL *=NEVER READ=NONE CRYPTO=$PIN UPDATE=$PIN WRITE=$PIN +# Additional filesystem info. +# This is added to the file system info specified in the +# main profile. +filesystem { + DF MF { + EF sopinfile { + file-id = 0000; + structure = 0x21; + record-length = 8; + size = 16; + ACL = *=NEVER; + } -EF template-public-key - Parent PKCS15-AppDF - FileID 8000 - Structure transparent - ACL *=NONE + DF PKCS15-AppDF { + # The PIN file. + # The GPK supports just one PIN file per DF, and the file + # can hold up to 8 pins (or 4 PIN/PUK pairs). + # + # Note1: many commands use the short file ID (i.e. the lower + # 5 bits of the FID) so you must be careful when picking FIDs + # for the public key and PIN files. -# Certificate template -EF template-certificate - Parent PKCS15-AppDF - FileID 9000 - Structure transparent - ACL *=NONE + EF pinfile { + file-id = 0000; + structure = 0x21; # GPK specific + record-length = 8; + size = 64; # room for 8 pins + ACL = *=NEVER; + } + + # Private key files. + # GPK private key files will never let you read the private key + # part, so it's okay to set READ=NONE. What's more, we may need + # read access so we're able to check the key size/type. + EF template-private-key { + file-id = 0006; # This is the base FileID + structure = 0x2C; # GPK specific + ACL = *=NEVER, + READ=NONE, + CRYPTO=$PIN, + UPDATE=$PIN, + WRITE=$PIN; + } + + EF template-public-key { + file-id = 8000; + structure = transparent; + ACL = *=NONE; + } + + # Certificate template + EF template-certificate { + file-id = 9000; + structure = transparent; + ACL = *=NONE; + } + } + } +} # Define an SO pin -# This PIN is not used yet -#PIN sopin -# File sopinfile -# Reference 0 +# This PIN is not used yet. +#PIN sopin { +# file = sopinfile; +# reference = 0; +#} diff --git a/src/pkcs15init/pkcs15.profile b/src/pkcs15init/pkcs15.profile index 725c2567..abf5babd 100644 --- a/src/pkcs15init/pkcs15.profile +++ b/src/pkcs15init/pkcs15.profile @@ -3,49 +3,70 @@ # This profile is loaded before any card specific profile. # -# This is the DIR file -EF PKCS15-DIR - Path 3F002F00 - Size 128 - ACL *=NONE +cardinfo { + label = "OpenSC Card"; + manufacturer = "OpenSC Project"; + min-pin-length = 4; + # max length should be overridden in the per-card profile + max-pin-length = 8; +} -# This is the application DF -DF PKCS15-AppDF - Path 3F005015 - AID A0:00:00:00:63:50:4B:43:53:2D:31:35 - ACL *=NONE +filesystem { + DF MF { + path = 3F00; + type = DF; + ACL = CREATE=PRO1; -EF PKCS15-ODF - Parent PKCS15-AppDF - FileID 5031 - Size 128 - ACL *=NONE + # This is the DIR file + EF PKCS15-DIR { + type = EF; + file-id = 2F00; + size = 128; + acl = *=NONE; + } -EF PKCS15-TokenInfo - Parent PKCS15-AppDF - FileID 5032 - ACL *=NONE + # Here comes the application DF + DF PKCS15-AppDF { + type = DF; + file-id = 5015; + aid = A0:00:00:00:63:50:4B:43:53:2D:31:35; + acl = *=NONE; + size = 5000; -EF PKCS15-AODF - Parent PKCS15-AppDF - FileID 4401 - Size 128 - ACL *=NEVER READ=NONE UPDATE=$SOPIN + EF PKCS15-ODF { + file-id = 5031; + size = 128; + ACL = *=NONE; + } -EF PKCS15-PrKDF - Parent PKCS15-AppDF - FileID 4402 - Size 128 - ACL *=NEVER READ=NONE UPDATE=$SOPIN + EF PKCS15-TokenInfo { + file-id = 5032; + ACL = *=NONE; + } -EF PKCS15-PuKDF - Parent PKCS15-AppDF - FileID 4403 - Size 128 - ACL *=NEVER READ=NONE UPDATE=$SOPIN + EF PKCS15-AODF { + file-id = 4401; + size = 128; + ACL = *=NEVER, READ=NONE, UPDATE=$SOPIN; + } -EF PKCS15-CDF - Parent PKCS15-AppDF - FileID 4404 - Size 128 - ACL *=NEVER READ=NONE UPDATE=$SOPIN + EF PKCS15-PrKDF { + file-id = 4402; + size = 128; + acl = *=NEVER, READ=NONE, UPDATE=$SOPIN; + } + + EF PKCS15-PuKDF { + file-id = 4403; + size = 128; + acl = *=NEVER, READ=NONE, UPDATE=$SOPIN; + } + + EF PKCS15-CDF { + file-id = 4404; + size = 128; + acl = *=NEVER, READ=NONE, UPDATE=$SOPIN; + } + } + } +}