pkcd15init: remove trailing whitespaces
inspired by http://www.opensc-project.org/pipermail/opensc-devel/2012-March/017883.html Change-Id: I817f903e67965942d9cc0c30931dbaea0c5f736e
This commit is contained in:
parent
df8715849d
commit
e57d443e86
|
@ -28,8 +28,8 @@
|
|||
#include "pkcs15-init.h"
|
||||
#include "profile.h"
|
||||
|
||||
/* delete a EF/DF if present. This function does not return an
|
||||
* error if the requested file is not present.
|
||||
/* delete a EF/DF if present. This function does not return an
|
||||
* error if the requested file is not present.
|
||||
*/
|
||||
static int asepcos_cond_delete(sc_profile_t *pro, sc_pkcs15_card_t *p15card,
|
||||
const sc_path_t *path)
|
||||
|
@ -50,7 +50,7 @@ static int asepcos_cond_delete(sc_profile_t *pro, sc_pkcs15_card_t *p15card,
|
|||
}
|
||||
|
||||
/* checks whether the file with the transport key exists. If existent
|
||||
* the transport key is verified and stored in the keycache (as a
|
||||
* the transport key is verified and stored in the keycache (as a
|
||||
* normal user PIN with the same reference).
|
||||
* @param profile profile information for this card
|
||||
* @param card sc_card_t object to use
|
||||
|
@ -74,7 +74,7 @@ static int asepcos_check_verify_tpin(sc_profile_t *profile, sc_pkcs15_card_t *p1
|
|||
if (r != SC_SUCCESS)
|
||||
return r;
|
||||
/* we need to temporarily disable the SC_CARD_CAP_USE_FCI_AC
|
||||
* flag to trick sc_pkcs15init_authenticate() to use access
|
||||
* flag to trick sc_pkcs15init_authenticate() to use access
|
||||
* information form the profile file */
|
||||
p15card->card->caps &= ~SC_CARD_CAP_USE_FCI_AC;
|
||||
r = sc_pkcs15init_authenticate(profile, p15card, tfile, SC_AC_OP_CRYPTO);
|
||||
|
@ -102,7 +102,7 @@ static int asepcos_erase(struct sc_profile *profile, sc_pkcs15_card_t *p15card)
|
|||
* pkcs15 application.
|
||||
*/
|
||||
/* Check wether a transport exists and verify it if present */
|
||||
|
||||
|
||||
p15card->opts.use_pin_cache = 1;
|
||||
r = asepcos_check_verify_tpin(profile, p15card);
|
||||
if (r != SC_SUCCESS)
|
||||
|
@ -117,7 +117,7 @@ static int asepcos_erase(struct sc_profile *profile, sc_pkcs15_card_t *p15card)
|
|||
r = asepcos_cond_delete(profile, p15card, &path);
|
||||
if (r != SC_SUCCESS)
|
||||
return r;
|
||||
|
||||
|
||||
return SC_SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -125,7 +125,7 @@ static int asepcos_erase(struct sc_profile *profile, sc_pkcs15_card_t *p15card)
|
|||
* @param profile sc_profile_t object with the configurable profile
|
||||
* information
|
||||
* @param cardd sc_card_t object to be used
|
||||
* @param df sc_file_t with the application DF to create
|
||||
* @param df sc_file_t with the application DF to create
|
||||
* @return SC_SUCCESS on success and an error value otherwise
|
||||
*/
|
||||
static int asepcos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||
|
@ -147,7 +147,7 @@ static int asepcos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
* we tighten security attributes to values specified in the profile.
|
||||
*/
|
||||
sc_file_dup(&tfile, df);
|
||||
/* we use a separate copy of the sc_file_t object so we don't
|
||||
/* we use a separate copy of the sc_file_t object so we don't
|
||||
* override the permissions specified in the profile */
|
||||
if (tfile == NULL)
|
||||
return SC_ERROR_OUT_OF_MEMORY;
|
||||
|
@ -167,7 +167,7 @@ static int asepcos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
* determined when the PIN is created. This is just helper function to
|
||||
* determine the next best file id of the PIN file.
|
||||
*/
|
||||
static int asepcos_select_pin_reference(sc_profile_t *profile,
|
||||
static int asepcos_select_pin_reference(sc_profile_t *profile,
|
||||
sc_pkcs15_card_t *p15card, sc_pkcs15_auth_info_t *auth_info)
|
||||
{
|
||||
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||
|
@ -182,7 +182,7 @@ static int asepcos_select_pin_reference(sc_profile_t *profile,
|
|||
return SC_SUCCESS;
|
||||
}
|
||||
|
||||
/* asepcos_pinid_to_akn: returns the AKN of a PIN EF
|
||||
/* asepcos_pinid_to_akn: returns the AKN of a PIN EF
|
||||
* This functions calls SELECT FILE and extracts the AKN from the
|
||||
* proprietary FCP attributes.
|
||||
* @param card sc_card_t object to use
|
||||
|
@ -228,7 +228,7 @@ static int asepcos_do_store_pin(sc_profile_t *profile, sc_card_t *card,
|
|||
|
||||
/* outter tag */
|
||||
*p++ = 0x85;
|
||||
p++;
|
||||
p++;
|
||||
/* as a file id for pin with use 0x00:<key id> */
|
||||
*p++ = (pinid >> 8) & 0xff;
|
||||
*p++ = pinid & 0xff;
|
||||
|
@ -315,7 +315,7 @@ static int asepcos_do_store_pin(sc_profile_t *profile, sc_card_t *card,
|
|||
auth_info->attrs.pin.max_length = 16;
|
||||
|
||||
return r;
|
||||
}
|
||||
}
|
||||
|
||||
/* simple function to detect whether or not the "onepin" profile is used
|
||||
* (copied from pkcs15-starcos.c).
|
||||
|
@ -359,7 +359,7 @@ static int asepcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
|
||||
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||
return SC_ERROR_OBJECT_NOT_VALID;
|
||||
return SC_ERROR_OBJECT_NOT_VALID;
|
||||
|
||||
pid = (auth_info->attrs.pin.reference & 0xff) | (((tpath.len >> 1) - 1) << 16);
|
||||
|
||||
|
@ -379,7 +379,7 @@ static int asepcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
sc_path_t pin_path;
|
||||
memset(&pin_path, 0, sizeof(sc_path_t));
|
||||
pin_path.type = SC_PATH_TYPE_FILE_ID;
|
||||
/* XXX: check the pkcs15 structure whether this file id
|
||||
/* XXX: check the pkcs15 structure whether this file id
|
||||
* is already used */
|
||||
r = sc_append_file_id(&pin_path, pid & 0xff);
|
||||
if (r != SC_SUCCESS)
|
||||
|
@ -409,7 +409,7 @@ static int asepcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
*/
|
||||
puk_id = pid + 1;
|
||||
r = asepcos_do_store_pin(profile, card, &puk_ainfo, puk, puk_len, 0, puk_id);
|
||||
if (r != SC_SUCCESS)
|
||||
if (r != SC_SUCCESS)
|
||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r);
|
||||
} else
|
||||
puk_id = 0;
|
||||
|
@ -419,12 +419,12 @@ static int asepcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r);
|
||||
|
||||
#if 1
|
||||
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN ||
|
||||
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN ||
|
||||
(have_onepin(profile) && pid == 0x010001)) {
|
||||
sc_cardctl_asepcos_activate_file_t st;
|
||||
/* Once the SO PIN or ,in case of the "onepin" profile", the
|
||||
* first USER PIN has been set we can tighten the ACLs of
|
||||
* the application DF.
|
||||
/* Once the SO PIN or ,in case of the "onepin" profile", the
|
||||
* first USER PIN has been set we can tighten the ACLs of
|
||||
* the application DF.
|
||||
*/
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "finalizing application DF");
|
||||
r = sc_select_file(card, &df->path, NULL);
|
||||
|
@ -470,11 +470,11 @@ static int asepcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
/* internal wrapper for sc_pkcs15init_authenticate()
|
||||
* @param profile information for this card
|
||||
* @param card sc_card_t object to use
|
||||
* @param path path to the EF/DF for which the credential is required
|
||||
* @param path path to the EF/DF for which the credential is required
|
||||
* @param op the required access method
|
||||
* @return SC_SUCCESS on success and an error code otherwise
|
||||
*/
|
||||
static int asepcos_do_authenticate(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||
static int asepcos_do_authenticate(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||
const sc_path_t *path, int op)
|
||||
{
|
||||
int r;
|
||||
|
@ -491,7 +491,7 @@ static int asepcos_do_authenticate(sc_profile_t *profile, sc_pkcs15_card_t *p15c
|
|||
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "unable to authenticate");
|
||||
return r;
|
||||
}
|
||||
return SC_SUCCESS;
|
||||
return SC_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
|
@ -563,7 +563,7 @@ static int asepcos_do_create_key(sc_card_t *card, size_t ksize, int fileid,
|
|||
return r;
|
||||
}
|
||||
|
||||
/* creates a key file
|
||||
/* creates a key file
|
||||
*/
|
||||
static int asepcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||
sc_pkcs15_object_t *obj)
|
||||
|
@ -580,7 +580,7 @@ static int asepcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
/* the key is proctected by a PIN */
|
||||
/* XXX use the pkcs15 structures for this */
|
||||
sc_cardctl_asepcos_akn2fileid_t st;
|
||||
|
||||
|
||||
st.akn = sc_pkcs15init_get_pin_reference(p15card, profile,
|
||||
SC_AC_SYMBOLIC, SC_PKCS15INIT_USER_PIN);
|
||||
r = sc_card_ctl(p15card->card, SC_CARDCTL_ASEPCOS_AKN2FILEID, &st);
|
||||
|
@ -599,7 +599,7 @@ static int asepcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
|
||||
/* authenticate if necessary */
|
||||
r = asepcos_do_authenticate(profile, p15card, &profile->df_info->file->path, SC_AC_OP_CREATE);
|
||||
if (r != SC_SUCCESS)
|
||||
if (r != SC_SUCCESS)
|
||||
return r;
|
||||
|
||||
/* first: create private key (file id = 0x0100 | <ref & 0xff>) */
|
||||
|
@ -653,7 +653,7 @@ static int asepcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "unable to create private key file");
|
||||
return r;
|
||||
}
|
||||
|
||||
|
||||
kinfo->key_reference = fileid & 0xFF;
|
||||
return r;
|
||||
}
|
||||
|
@ -672,7 +672,7 @@ static int asepcos_do_store_rsa_key(sc_pkcs15_card_t *p15card, sc_profile_t *pro
|
|||
/* authenticate if necessary */
|
||||
if (obj->auth_id.len != 0) {
|
||||
r = asepcos_do_authenticate(profile, p15card, &kinfo->path, SC_AC_OP_UPDATE);
|
||||
if (r != SC_SUCCESS)
|
||||
if (r != SC_SUCCESS)
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -726,7 +726,7 @@ static int asepcos_do_store_rsa_key(sc_pkcs15_card_t *p15card, sc_profile_t *pro
|
|||
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "unable to change key data");
|
||||
return r;
|
||||
}
|
||||
|
||||
|
||||
return SC_SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -770,7 +770,7 @@ static int asepcos_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card
|
|||
|
||||
/* authenticate if necessary */
|
||||
r = asepcos_do_authenticate(profile, p15card, &kinfo->path, SC_AC_OP_UPDATE);
|
||||
if (r != SC_SUCCESS)
|
||||
if (r != SC_SUCCESS)
|
||||
return r;
|
||||
|
||||
/* select the rsa private key */
|
||||
|
|
|
@ -56,21 +56,21 @@
|
|||
|
||||
#define AUTHENTIC_CACHE_TIMESTAMP_PATH "3F0050159999"
|
||||
|
||||
unsigned char authentic_v3_rsa_mechs[5] = {
|
||||
AUTHENTIC_MECH_CRYPTO_RSA1024,
|
||||
AUTHENTIC_MECH_CRYPTO_RSA1280,
|
||||
AUTHENTIC_MECH_CRYPTO_RSA1536,
|
||||
AUTHENTIC_MECH_CRYPTO_RSA1792,
|
||||
unsigned char authentic_v3_rsa_mechs[5] = {
|
||||
AUTHENTIC_MECH_CRYPTO_RSA1024,
|
||||
AUTHENTIC_MECH_CRYPTO_RSA1280,
|
||||
AUTHENTIC_MECH_CRYPTO_RSA1536,
|
||||
AUTHENTIC_MECH_CRYPTO_RSA1792,
|
||||
AUTHENTIC_MECH_CRYPTO_RSA2048
|
||||
};
|
||||
|
||||
unsigned char authentic_v3_rsa_ac_ops[6] = {
|
||||
SC_AC_OP_UPDATE,
|
||||
SC_AC_OP_DELETE,
|
||||
SC_AC_OP_PSO_DECRYPT,
|
||||
SC_AC_OP_PSO_COMPUTE_SIGNATURE,
|
||||
SC_AC_OP_INTERNAL_AUTHENTICATE,
|
||||
SC_AC_OP_GENERATE
|
||||
unsigned char authentic_v3_rsa_ac_ops[6] = {
|
||||
SC_AC_OP_UPDATE,
|
||||
SC_AC_OP_DELETE,
|
||||
SC_AC_OP_PSO_DECRYPT,
|
||||
SC_AC_OP_PSO_COMPUTE_SIGNATURE,
|
||||
SC_AC_OP_INTERNAL_AUTHENTICATE,
|
||||
SC_AC_OP_GENERATE
|
||||
};
|
||||
|
||||
struct authentic_ac_access_usage {
|
||||
|
@ -81,9 +81,9 @@ struct authentic_ac_access_usage {
|
|||
struct authentic_ac_access_usage authentic_v3_rsa_map_attributes[7] = {
|
||||
{SC_AC_OP_UPDATE, SC_PKCS15_ACCESS_RULE_MODE_UPDATE, 0},
|
||||
{SC_AC_OP_DELETE, SC_PKCS15_ACCESS_RULE_MODE_DELETE, 0},
|
||||
{SC_AC_OP_PSO_DECRYPT, SC_PKCS15_ACCESS_RULE_MODE_PSO_DECRYPT,
|
||||
{SC_AC_OP_PSO_DECRYPT, SC_PKCS15_ACCESS_RULE_MODE_PSO_DECRYPT,
|
||||
SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP},
|
||||
{SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_PKCS15_ACCESS_RULE_MODE_PSO_CDS,
|
||||
{SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_PKCS15_ACCESS_RULE_MODE_PSO_CDS,
|
||||
SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_NONREPUDIATION},
|
||||
{SC_AC_OP_INTERNAL_AUTHENTICATE, SC_PKCS15_ACCESS_RULE_MODE_INT_AUTH,
|
||||
SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER},
|
||||
|
@ -109,8 +109,8 @@ authentic_reference_to_pkcs15_id (unsigned int ref, struct sc_pkcs15_id *id)
|
|||
}
|
||||
|
||||
|
||||
int
|
||||
authentic_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
int
|
||||
authentic_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
struct sc_file *df)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -143,7 +143,7 @@ authentic_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *
|
|||
* Erase the card
|
||||
*
|
||||
*/
|
||||
static int
|
||||
static int
|
||||
authentic_pkcs15_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -172,7 +172,7 @@ authentic_pkcs15_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p
|
|||
obj_type = SC_PKCS15_TYPE_CERT;
|
||||
else if (df->type == SC_PKCS15_DODF)
|
||||
obj_type = SC_PKCS15_TYPE_DATA_OBJECT;
|
||||
else
|
||||
else
|
||||
continue;
|
||||
|
||||
if (df->enumerated) {
|
||||
|
@ -249,12 +249,12 @@ authentic_pkcs15_new_file(struct sc_profile *profile, struct sc_card *card,
|
|||
file->path.type = SC_PATH_TYPE_FILE_ID;
|
||||
file->path.len = 2;
|
||||
}
|
||||
file->path.value[file->path.len - 2] = (file->id >> 8) & 0xFF;
|
||||
file->path.value[file->path.len - 2] = (file->id >> 8) & 0xFF;
|
||||
file->path.value[file->path.len - 1] = file->id & 0xFF;
|
||||
file->path.count = -1;
|
||||
}
|
||||
|
||||
sc_log(ctx, "file(size:%i,type:%i/%i,id:%04X), path(type:%X,'%s')", file->size, file->type, file->ef_structure, file->id,
|
||||
sc_log(ctx, "file(size:%i,type:%i/%i,id:%04X), path(type:%X,'%s')", file->size, file->type, file->ef_structure, file->id,
|
||||
file->path.type, sc_print_path(&file->path));
|
||||
if (out)
|
||||
*out = file;
|
||||
|
@ -289,7 +289,7 @@ authentic_pkcs15_select_key_reference(struct sc_profile *profile, struct sc_pkcs
|
|||
|
||||
|
||||
static int
|
||||
authentic_docp_set_acls(struct sc_card *card, struct sc_file *file,
|
||||
authentic_docp_set_acls(struct sc_card *card, struct sc_file *file,
|
||||
unsigned char *ops, size_t ops_len,
|
||||
struct sc_authentic_sdo_docp *docp)
|
||||
{
|
||||
|
@ -316,7 +316,7 @@ authentic_docp_set_acls(struct sc_card *card, struct sc_file *file,
|
|||
if (!(entry->key_ref & AUTHENTIC_V3_CREDENTIAL_ID_MASK)
|
||||
|| (entry->key_ref & ~AUTHENTIC_V3_CREDENTIAL_ID_MASK))
|
||||
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Non supported Credential Reference");
|
||||
|
||||
|
||||
docp->acl_data[offs++] = 0x00;
|
||||
docp->acl_data[offs++] = 0x01 << (entry->key_ref - 1);
|
||||
}
|
||||
|
@ -327,7 +327,7 @@ authentic_docp_set_acls(struct sc_card *card, struct sc_file *file,
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
authentic_sdo_allocate_prvkey(struct sc_profile *profile, struct sc_card *card,
|
||||
struct sc_pkcs15_prkey_info *key_info, struct sc_authentic_sdo **out)
|
||||
{
|
||||
|
@ -355,13 +355,13 @@ authentic_sdo_allocate_prvkey(struct sc_profile *profile, struct sc_card *card,
|
|||
sdo->docp.id = key_info->key_reference & ~AUTHENTIC_OBJECT_REF_FLAG_LOCAL;
|
||||
sdo->docp.mech = authentic_v3_rsa_mechs[(key_info->modulus_length - 1024) / 256];
|
||||
|
||||
rv = authentic_docp_set_acls(card, file, authentic_v3_rsa_ac_ops,
|
||||
rv = authentic_docp_set_acls(card, file, authentic_v3_rsa_ac_ops,
|
||||
sizeof(authentic_v3_rsa_ac_ops)/sizeof(authentic_v3_rsa_ac_ops[0]), &sdo->docp);
|
||||
LOG_TEST_RET(ctx, rv, "Cannot set key ACLs from file");
|
||||
|
||||
sc_file_free(file);
|
||||
|
||||
sc_log(ctx, "sdo(mech:%X,id:%X,acls:%s)", sdo->docp.mech, sdo->docp.id,
|
||||
sc_log(ctx, "sdo(mech:%X,id:%X,acls:%s)", sdo->docp.mech, sdo->docp.id,
|
||||
sc_dump_hex(sdo->docp.acl_data, sdo->docp.acl_data_len));
|
||||
if (out)
|
||||
*out = sdo;
|
||||
|
@ -389,7 +389,7 @@ authentic_pkcs15_add_access_rule(struct sc_pkcs15_object *object, unsigned acces
|
|||
else if (!auth_id && !object->access_rules[ii].auth_id.len) {
|
||||
object->access_rules[ii].access_mode |= access_mode;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else if (auth_id && sc_pkcs15_compare_id(&object->access_rules[ii].auth_id, auth_id)) {
|
||||
object->access_rules[ii].access_mode |= access_mode;
|
||||
break;
|
||||
|
@ -399,7 +399,7 @@ authentic_pkcs15_add_access_rule(struct sc_pkcs15_object *object, unsigned acces
|
|||
if (ii==SC_PKCS15_MAX_ACCESS_RULES)
|
||||
return SC_ERROR_TOO_MANY_OBJECTS;
|
||||
|
||||
return SC_SUCCESS;
|
||||
return SC_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
|
@ -415,7 +415,7 @@ authentic_pkcs15_fix_file_access_rule(struct sc_pkcs15_card *p15card, struct sc_
|
|||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
acl = sc_file_get_acl_entry(file, ac_op);
|
||||
sc_log(ctx, "Fix access rule(op:%i;mode:%i) with ACL(method:%X,ref:%X)",
|
||||
sc_log(ctx, "Fix access rule(op:%i;mode:%i) with ACL(method:%X,ref:%X)",
|
||||
ac_op, rule_mode, acl->method, acl->key_ref);
|
||||
if (acl->method == SC_AC_NEVER) {
|
||||
sc_log(ctx, "ignore access rule(op:%i,mode:%i)", ac_op, rule_mode);
|
||||
|
@ -445,7 +445,7 @@ authentic_pkcs15_fix_file_access_rule(struct sc_pkcs15_card *p15card, struct sc_
|
|||
|
||||
|
||||
static int
|
||||
authentic_pkcs15_fix_access(struct sc_pkcs15_card *p15card, struct sc_file *file,
|
||||
authentic_pkcs15_fix_access(struct sc_pkcs15_card *p15card, struct sc_file *file,
|
||||
struct sc_pkcs15_object *object)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -457,9 +457,9 @@ authentic_pkcs15_fix_access(struct sc_pkcs15_card *p15card, struct sc_file *file
|
|||
memset(object->access_rules, 0, sizeof(object->access_rules));
|
||||
|
||||
for (ii=0; authentic_v3_rsa_map_attributes[ii].access_rule; ii++) {
|
||||
rv = authentic_pkcs15_fix_file_access_rule(p15card, file,
|
||||
authentic_v3_rsa_map_attributes[ii].ac_op,
|
||||
authentic_v3_rsa_map_attributes[ii].access_rule,
|
||||
rv = authentic_pkcs15_fix_file_access_rule(p15card, file,
|
||||
authentic_v3_rsa_map_attributes[ii].ac_op,
|
||||
authentic_v3_rsa_map_attributes[ii].access_rule,
|
||||
object);
|
||||
LOG_TEST_RET(ctx, rv, "Fix file READ access error");
|
||||
}
|
||||
|
@ -526,7 +526,7 @@ authentic_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p
|
|||
int rv;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
sc_log(ctx, "create private key(keybits:%i,usage:%X,access:%X,ref:%X)", keybits,
|
||||
sc_log(ctx, "create private key(keybits:%i,usage:%X,access:%X,ref:%X)", keybits,
|
||||
key_info->usage, key_info->access_flags, key_info->key_reference);
|
||||
if (keybits < 1024 || keybits > 2048 || (keybits % 256))
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid RSA key size");
|
||||
|
@ -562,7 +562,7 @@ authentic_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p
|
|||
|
||||
rv = sc_card_ctl(card, SC_CARDCTL_AUTHENTIC_SDO_DELETE, sdo);
|
||||
LOG_TEST_RET(ctx, rv, "SC_CARDCTL_AUTHENTIC_SDO_DELETE failed for private key");
|
||||
|
||||
|
||||
rv = sc_card_ctl(card, SC_CARDCTL_AUTHENTIC_SDO_CREATE, sdo);
|
||||
}
|
||||
LOG_TEST_RET(ctx, rv, "SC_CARDCTL_AUTHENTIC_SDO_CREATE failed");
|
||||
|
@ -573,7 +573,7 @@ authentic_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p
|
|||
rv = authentic_pkcs15_fix_usage(p15card, object);
|
||||
LOG_TEST_RET(ctx, rv, "cannot fix access rules for private key");
|
||||
|
||||
/* Here fix the key's supported algorithms, if these ones will be implemented
|
||||
/* Here fix the key's supported algorithms, if these ones will be implemented
|
||||
* (see src/libopensc/pkcs15-prkey.c).
|
||||
*/
|
||||
|
||||
|
@ -603,7 +603,7 @@ authentic_pkcs15_generate_key(struct sc_profile *profile, sc_pkcs15_card_t *p15c
|
|||
int rv;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
sc_log(ctx, "generate key(bits:%i,path:%s,AuthID:%s\n", keybits,
|
||||
sc_log(ctx, "generate key(bits:%i,path:%s,AuthID:%s\n", keybits,
|
||||
sc_print_path(&key_info->path), sc_pkcs15_print_id(&object->auth_id));
|
||||
|
||||
if (!object->content.value || object->content.len != sizeof(struct sc_authentic_sdo))
|
||||
|
@ -638,7 +638,7 @@ authentic_pkcs15_generate_key(struct sc_profile *profile, sc_pkcs15_card_t *p15c
|
|||
rv = sc_pkcs15_encode_pubkey(ctx, pubkey, &pubkey->data.value, &pubkey->data.len);
|
||||
LOG_TEST_RET(ctx, rv, "encode public key failed");
|
||||
|
||||
/* Here fix the key's supported algorithms, if these ones will be implemented
|
||||
/* Here fix the key's supported algorithms, if these ones will be implemented
|
||||
* (see src/libopensc/pkcs15-prkey.c).
|
||||
*/
|
||||
|
||||
|
@ -666,7 +666,7 @@ authentic_pkcs15_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p1
|
|||
int rv;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
sc_log(ctx, "Store IAS/ECC key(keybits:%i,AuthID:%s,path:%s)",
|
||||
sc_log(ctx, "Store IAS/ECC key(keybits:%i,AuthID:%s,path:%s)",
|
||||
keybits, sc_pkcs15_print_id(&object->auth_id), sc_print_path(&key_info->path));
|
||||
|
||||
if (!object->content.value || object->content.len != sizeof(struct sc_authentic_sdo))
|
||||
|
@ -684,7 +684,7 @@ authentic_pkcs15_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p1
|
|||
LOG_TEST_RET(ctx, rv, "failed to select parent DF");
|
||||
|
||||
sdo->data.prvkey = prvkey;
|
||||
|
||||
|
||||
sc_log(ctx, "sdo(mech:%X,id:%X,acls:%s)", sdo->docp.mech, sdo->docp.id,
|
||||
sc_dump_hex(sdo->docp.acl_data, sdo->docp.acl_data_len));
|
||||
|
||||
|
@ -702,7 +702,7 @@ authentic_pkcs15_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p1
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
authentic_pkcs15_delete_rsa_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_prkey_info *key_info)
|
||||
{
|
||||
|
@ -736,7 +736,7 @@ authentic_pkcs15_delete_rsa_sdo (struct sc_profile *profile, struct sc_pkcs15_ca
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
authentic_pkcs15_delete_object (struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_object *object, const struct sc_path *path)
|
||||
{
|
||||
|
@ -760,8 +760,8 @@ authentic_pkcs15_delete_object (struct sc_profile *profile, struct sc_pkcs15_car
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
authentic_store_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_pkcs15_object *object,
|
||||
static int
|
||||
authentic_store_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_der *data, struct sc_path *path)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -794,16 +794,16 @@ authentic_store_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profil
|
|||
authentic_pkcs15_add_access_rule(object, SC_PKCS15_ACCESS_RULE_MODE_READ, NULL);
|
||||
|
||||
/* Here, if key supported algorithms will be implemented (see src/libopensc/pkcs15-prkey.c),
|
||||
* copy private key supported algorithms to the public key's ones.
|
||||
* copy private key supported algorithms to the public key's ones.
|
||||
*/
|
||||
|
||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
authentic_emu_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
struct sc_pkcs15_object *object,
|
||||
static int
|
||||
authentic_emu_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_der *data, struct sc_path *path)
|
||||
|
||||
{
|
||||
|
@ -817,7 +817,7 @@ authentic_emu_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *prof
|
|||
rv = authentic_store_pubkey(p15card, profile, object, data, path);
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
LOG_FUNC_RETURN(ctx, rv);
|
||||
}
|
||||
|
||||
|
@ -849,7 +849,7 @@ authentic_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card
|
|||
}
|
||||
|
||||
|
||||
static struct sc_pkcs15init_operations
|
||||
static struct sc_pkcs15init_operations
|
||||
sc_pkcs15init_authentic_operations = {
|
||||
authentic_pkcs15_erase_card,
|
||||
NULL, /* init_card */
|
||||
|
@ -867,19 +867,19 @@ sc_pkcs15init_authentic_operations = {
|
|||
authentic_pkcs15_delete_object,
|
||||
|
||||
/* pkcs15init emulation */
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
authentic_emu_update_tokeninfo,
|
||||
NULL,
|
||||
authentic_emu_store_data,
|
||||
|
||||
|
||||
NULL, /* sanity_check */
|
||||
};
|
||||
|
||||
|
||||
struct sc_pkcs15init_operations *
|
||||
sc_pkcs15init_get_authentic_ops(void)
|
||||
{
|
||||
{
|
||||
return &sc_pkcs15init_authentic_operations;
|
||||
}
|
||||
|
||||
|
|
|
@ -356,7 +356,7 @@ cardos_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
return SC_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
pin_id = sc_pkcs15init_get_pin_reference(p15card, profile,
|
||||
pin_id = sc_pkcs15init_get_pin_reference(p15card, profile,
|
||||
SC_AC_SYMBOLIC, SC_PKCS15INIT_USER_PIN);
|
||||
if (pin_id >= 0) {
|
||||
r = sc_pkcs15init_verify_secret(profile, p15card, NULL, SC_AC_CHV, pin_id);
|
||||
|
@ -646,7 +646,7 @@ cardos_store_key_component(sc_card_t *card,
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
cardos_put_key(sc_profile_t *profile, struct sc_pkcs15_card *p15card,
|
||||
int algorithm, sc_pkcs15_prkey_info_t *key_info,
|
||||
struct sc_pkcs15_prkey_rsa *key)
|
||||
|
@ -654,7 +654,7 @@ cardos_put_key(sc_profile_t *profile, struct sc_pkcs15_card *p15card,
|
|||
struct sc_card *card = p15card->card;
|
||||
int r, key_id, pin_id;
|
||||
|
||||
pin_id = sc_pkcs15init_get_pin_reference(p15card, profile, SC_AC_SYMBOLIC,
|
||||
pin_id = sc_pkcs15init_get_pin_reference(p15card, profile, SC_AC_SYMBOLIC,
|
||||
SC_PKCS15INIT_USER_PIN);
|
||||
if (pin_id < 0)
|
||||
pin_id = 0;
|
||||
|
@ -733,7 +733,7 @@ static int parse_ext_pubkey_file(sc_card_t *card, const u8 *data, size_t len,
|
|||
return SC_ERROR_OUT_OF_MEMORY;
|
||||
memcpy(pubkey->u.rsa.exponent.data, p, tlen);
|
||||
|
||||
return SC_SUCCESS;
|
||||
return SC_SUCCESS;
|
||||
}
|
||||
|
||||
static int
|
||||
|
|
|
@ -91,7 +91,7 @@ static int cflex_erase_card(struct sc_profile *profile, sc_pkcs15_card_t *p15car
|
|||
* against other applications that use this file, but
|
||||
* extremely useful for testing :)
|
||||
* Note we need to delete if before the DF because we create
|
||||
* it *after* the DF.
|
||||
* it *after* the DF.
|
||||
* */
|
||||
if (sc_profile_get_file(profile, "DIR", &dir) >= 0) {
|
||||
r = cflex_delete_file(profile, p15card, dir);
|
||||
|
@ -558,7 +558,7 @@ cflex_create_pin_file(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
file->id = (ref == 1)? 0x0000 : 0x0100;
|
||||
|
||||
if (unprotected) {
|
||||
sc_file_add_acl_entry(file, SC_AC_OP_UPDATE,
|
||||
sc_file_add_acl_entry(file, SC_AC_OP_UPDATE,
|
||||
SC_AC_NONE, SC_AC_KEY_REF_NONE);
|
||||
}
|
||||
|
||||
|
@ -722,7 +722,7 @@ cryptoflex_encode_private_key(sc_profile_t *profile, sc_card_t *card,
|
|||
{
|
||||
size_t base = rsa->modulus.len / 2, key_blob_size;
|
||||
int r, key_num = key_ref + 1;
|
||||
|
||||
|
||||
switch (rsa->modulus.len) {
|
||||
case 512 / 8:
|
||||
case 768 / 8:
|
||||
|
@ -753,7 +753,7 @@ cryptoflex_encode_private_key(sc_profile_t *profile, sc_card_t *card,
|
|||
*key++ = 0;
|
||||
*key++ = 0;
|
||||
*key = 0;
|
||||
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -764,7 +764,7 @@ cryptoflex_encode_public_key(sc_profile_t *profile, sc_card_t *card,
|
|||
{
|
||||
size_t base;
|
||||
int r, key_num = key_ref + 1;
|
||||
|
||||
|
||||
switch (rsa->modulus.len) {
|
||||
case 512 / 8:
|
||||
case 768 / 8:
|
||||
|
@ -779,14 +779,14 @@ cryptoflex_encode_public_key(sc_profile_t *profile, sc_card_t *card,
|
|||
if (*keysize < (5 * base + 10))
|
||||
return SC_ERROR_BUFFER_TOO_SMALL;
|
||||
*keysize = 5 * base + 10;
|
||||
|
||||
|
||||
memset(key, 0, *keysize);
|
||||
*key++ = (5 * base + 7) >> 8;
|
||||
*key++ = (5 * base + 7) & 0xFF;
|
||||
*key++ = key_num;
|
||||
|
||||
/* Funny code - not sure why we do it this way:
|
||||
*
|
||||
*
|
||||
* Specs say: We store: (Length)
|
||||
* modulus modulus (N bytes)
|
||||
* J0 Montgomery const 0 (N/2 bytes)
|
||||
|
@ -811,7 +811,7 @@ cyberflex_encode_private_key(sc_profile_t *profile, sc_card_t *card,
|
|||
{
|
||||
size_t base = rsa->modulus.len / 2, key_blob_size, bnlen;
|
||||
int r, key_num = key_ref + 1, alg_id;
|
||||
|
||||
|
||||
switch (rsa->modulus.len) {
|
||||
case 512 / 8: alg_id = 0xC4; break;
|
||||
case 768 / 8: alg_id = 0xC6; break;
|
||||
|
@ -864,7 +864,7 @@ cyberflex_encode_public_key(sc_profile_t *profile, sc_card_t *card,
|
|||
{
|
||||
size_t base = rsa->modulus.len, key_blob_size, bnlen;
|
||||
int r, key_num = key_ref + 1, alg_id;
|
||||
|
||||
|
||||
switch (rsa->modulus.len) {
|
||||
case 512 / 8: alg_id = 0xC5; break;
|
||||
case 768 / 8: alg_id = 0xC7; break;
|
||||
|
@ -877,7 +877,7 @@ cyberflex_encode_public_key(sc_profile_t *profile, sc_card_t *card,
|
|||
if (*keysize < key_blob_size)
|
||||
return SC_ERROR_BUFFER_TOO_SMALL;
|
||||
*keysize = key_blob_size;
|
||||
|
||||
|
||||
memset(key, 0, *keysize);
|
||||
*key++ = key_blob_size >> 8;
|
||||
*key++ = key_blob_size & 0xFF;
|
||||
|
|
|
@ -95,7 +95,7 @@ static int entersafe_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
|
|||
mf_data.data.df.lock_ac=0x10;
|
||||
memcpy(mf_data.data.df.aid,mf_file->name,mf_file->namelen);
|
||||
sc_file_free(mf_file);
|
||||
|
||||
|
||||
ret = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_CREATE_FILE, &mf_data);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Create MF failed");
|
||||
}
|
||||
|
@ -123,17 +123,17 @@ static int entersafe_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
|
|||
ef_data.data.ef.name=0x00;
|
||||
memset(ef_data.data.ef.ac,0x10,sizeof(ef_data.data.ef.ac));
|
||||
memset(ef_data.data.ef.sm,0x00,sizeof(ef_data.data.ef.sm));
|
||||
|
||||
|
||||
ret = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_CREATE_FILE, &ef_data);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Create EF(DIR) failed");
|
||||
|
||||
|
||||
|
||||
/* fill file by 0 */
|
||||
buff = calloc(1,size);
|
||||
if(!buff)
|
||||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS);
|
||||
memset(buff,0,size);
|
||||
|
||||
|
||||
ret = sc_update_binary(card,0,buff,size,0);
|
||||
free(buff);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Initialize EF(DIR) failed");
|
||||
|
@ -190,7 +190,7 @@ static int entersafe_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card
|
|||
memset(ef_data.data.ef.sm,0x00,sizeof(ef_data.data.ef.sm));
|
||||
|
||||
sc_file_free(gpkf_file);
|
||||
|
||||
|
||||
ret = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_CREATE_FILE, &ef_data);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Create GPKF failed");
|
||||
}
|
||||
|
@ -210,7 +210,7 @@ static int entersafe_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card
|
|||
int i;
|
||||
sc_file_t *file=0;
|
||||
sc_entersafe_create_data tmp;
|
||||
|
||||
|
||||
for(i = 0; create_efs[i]; ++i) {
|
||||
if (sc_profile_get_file(profile, create_efs[i], &file)) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Inconsistent profile: cannot find %s", create_efs[i]);
|
||||
|
@ -229,7 +229,7 @@ static int entersafe_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card
|
|||
tmp.data.ef.ac[0]=process_acl_entry(file,SC_AC_OP_READ,ENTERSAFE_AC_ALWAYS); /* read */
|
||||
tmp.data.ef.ac[1]=process_acl_entry(file,SC_AC_OP_UPDATE,ENTERSAFE_AC_ALWAYS); /* update */
|
||||
memset(tmp.data.ef.sm,0x00,sizeof(tmp.data.ef.sm));
|
||||
|
||||
|
||||
sc_file_free(file);
|
||||
|
||||
ret = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_CREATE_FILE, &tmp);
|
||||
|
@ -251,7 +251,7 @@ static int entersafe_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15c
|
|||
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
||||
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||
return SC_ERROR_OBJECT_NOT_VALID;
|
||||
return SC_ERROR_OBJECT_NOT_VALID;
|
||||
|
||||
if (auth_info->attrs.pin.reference < ENTERSAFE_USER_PIN_ID)
|
||||
auth_info->attrs.pin.reference = ENTERSAFE_USER_PIN_ID;
|
||||
|
@ -455,10 +455,10 @@ static int entersafe_sanity_check(sc_profile_t *profile, sc_pkcs15_card_t *p15ca
|
|||
if (ainfo->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||
continue;
|
||||
|
||||
if (pin_attrs->reference == profile_auth.attrs.pin.reference
|
||||
if (pin_attrs->reference == profile_auth.attrs.pin.reference
|
||||
&& pin_attrs->flags != profile_auth.attrs.pin.flags) {
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Set flags of '%s'(flags:%X,ref:%i,id:%s) to %X", objs[ii]->label,
|
||||
pin_attrs->flags, pin_attrs->reference, sc_pkcs15_print_id(&ainfo->auth_id),
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Set flags of '%s'(flags:%X,ref:%i,id:%s) to %X", objs[ii]->label,
|
||||
pin_attrs->flags, pin_attrs->reference, sc_pkcs15_print_id(&ainfo->auth_id),
|
||||
profile_auth.attrs.pin.flags);
|
||||
pin_attrs->flags = profile_auth.attrs.pin.flags;
|
||||
update_df = 1;
|
||||
|
|
|
@ -122,7 +122,7 @@ gpk_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df)
|
|||
int r, locked;
|
||||
|
||||
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
if (sc_card_ctl(p15card->card, SC_CARDCTL_GPK_IS_LOCKED, &locked) == 0
|
||||
if (sc_card_ctl(p15card->card, SC_CARDCTL_GPK_IS_LOCKED, &locked) == 0
|
||||
&& locked) {
|
||||
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||
"This card is already personalized, unable to "
|
||||
|
@ -594,7 +594,7 @@ gpk_pkfile_create(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *f
|
|||
}
|
||||
|
||||
if (r >= 0)
|
||||
r = sc_pkcs15init_authenticate(profile, p15card, file,
|
||||
r = sc_pkcs15init_authenticate(profile, p15card, file,
|
||||
SC_AC_OP_UPDATE);
|
||||
if (found)
|
||||
sc_file_free(found);
|
||||
|
@ -677,7 +677,7 @@ gpk_pkfile_init_public(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file
|
|||
if (r < 0)
|
||||
return r;
|
||||
/* Fix up PIN references in file ACL */
|
||||
if ((r = sc_pkcs15init_fixup_file(profile, p15card, tmp)) < 0)
|
||||
if ((r = sc_pkcs15init_fixup_file(profile, p15card, tmp)) < 0)
|
||||
goto out;
|
||||
|
||||
acl = sc_file_get_acl_entry(tmp, SC_AC_OP_CRYPTO);
|
||||
|
@ -756,7 +756,7 @@ gpk_pkfile_update_public(struct sc_profile *profile,
|
|||
/* Check for bad record */
|
||||
if (r < 2) {
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "key file format error: "
|
||||
"record %u too small (%u bytes)\n",
|
||||
"record %u too small (%u bytes)\n",
|
||||
n, r);
|
||||
return SC_ERROR_OBJECT_NOT_VALID;
|
||||
}
|
||||
|
@ -911,7 +911,7 @@ gpk_add_bignum(struct pkpart *part, unsigned int tag,
|
|||
sc_pkcs15_bignum_t *bn, size_t size)
|
||||
{
|
||||
struct pkcomp *comp;
|
||||
|
||||
|
||||
if (size == 0)
|
||||
size = bn->len;
|
||||
|
||||
|
|
|
@ -74,8 +74,8 @@ iasecc_reference_to_pkcs15_id (unsigned int ref, struct sc_pkcs15_id *id)
|
|||
}
|
||||
|
||||
|
||||
int
|
||||
iasecc_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
int
|
||||
iasecc_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
struct sc_file *df)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -109,7 +109,7 @@ iasecc_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *pro
|
|||
* Erase the card
|
||||
*
|
||||
*/
|
||||
static int
|
||||
static int
|
||||
iasecc_pkcs15_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -142,7 +142,7 @@ iasecc_pkcs15_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15c
|
|||
obj_type = SC_PKCS15_TYPE_PUBKEY;
|
||||
else if (df->type == SC_PKCS15_CDF)
|
||||
obj_type = SC_PKCS15_TYPE_CERT;
|
||||
else
|
||||
else
|
||||
continue;
|
||||
|
||||
rv = sc_pkcs15_get_objects(p15card, obj_type, objs, 32);
|
||||
|
@ -210,7 +210,7 @@ iasecc_pkcs15_new_file(struct sc_profile *profile, struct sc_card *card,
|
|||
|
||||
id.len = 1;
|
||||
id.value[0] = num & 0xFF;
|
||||
rv = sc_profile_instantiate_template(profile, "key-domain", &profile->df_info->file->path,
|
||||
rv = sc_profile_instantiate_template(profile, "key-domain", &profile->df_info->file->path,
|
||||
_template, &id, &file);
|
||||
}
|
||||
LOG_TEST_RET(ctx, rv, "Error when getting file from template");
|
||||
|
@ -222,7 +222,7 @@ iasecc_pkcs15_new_file(struct sc_profile *profile, struct sc_card *card,
|
|||
file->path.type = SC_PATH_TYPE_FILE_ID;
|
||||
file->path.len = 2;
|
||||
}
|
||||
file->path.value[file->path.len - 2] = (file->id >> 8) & 0xFF;
|
||||
file->path.value[file->path.len - 2] = (file->id >> 8) & 0xFF;
|
||||
file->path.value[file->path.len - 1] = file->id & 0xFF;
|
||||
file->path.count = -1;
|
||||
|
||||
|
@ -249,9 +249,9 @@ iasecc_pkcs15_select_key_reference(struct sc_profile *profile, struct sc_pkcs15_
|
|||
int rv = 0, idx = key_info->key_reference & ~IASECC_OBJECT_REF_LOCAL;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
sc_log(ctx, "'seed' key reference %i; path %s", key_info->key_reference & ~IASECC_OBJECT_REF_LOCAL,
|
||||
sc_log(ctx, "'seed' key reference %i; path %s", key_info->key_reference & ~IASECC_OBJECT_REF_LOCAL,
|
||||
sc_print_path(&key_info->path));
|
||||
|
||||
|
||||
rv = sc_select_file(card, &key_info->path, &file);
|
||||
LOG_TEST_RET(ctx, rv, "Cannot select DF to select key reference in");
|
||||
|
||||
|
@ -282,14 +282,14 @@ iasecc_pkcs15_select_key_reference(struct sc_profile *profile, struct sc_pkcs15_
|
|||
/* All card objects but PINs are locals */
|
||||
key_info->key_reference = idx | IASECC_OBJECT_REF_LOCAL;
|
||||
sc_log(ctx, "selected key reference %i", key_info->key_reference);
|
||||
|
||||
|
||||
if (file)
|
||||
sc_file_free(file);
|
||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
iasecc_sdo_get_data(struct sc_card *card, struct iasecc_sdo *sdo)
|
||||
{
|
||||
struct sc_context *ctx = card->ctx;
|
||||
|
@ -312,7 +312,7 @@ iasecc_file_convert_acls(struct sc_context *ctx, struct sc_profile *profile, str
|
|||
struct sc_acl_entry *acl = sc_file_get_acl_entry(file, ii);
|
||||
|
||||
if (acl) {
|
||||
switch (acl->method) {
|
||||
switch (acl->method) {
|
||||
case SC_AC_IDA:
|
||||
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "'IDA' not actually supported");
|
||||
case SC_AC_SCB:
|
||||
|
@ -331,18 +331,18 @@ iasecc_file_convert_acls(struct sc_context *ctx, struct sc_profile *profile, str
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
static int
|
||||
iasecc_sdo_set_key_acls_from_profile(struct sc_profile *profile, struct sc_card *card,
|
||||
const char *template, struct iasecc_sdo *sdo)
|
||||
{
|
||||
struct sc_context *ctx = card->ctx;
|
||||
struct sc_file *file = NULL;
|
||||
unsigned char ops_prvkey[7] = {
|
||||
SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_AC_OP_INTERNAL_AUTHENTICATE, SC_AC_OP_PSO_DECRYPT,
|
||||
SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_AC_OP_INTERNAL_AUTHENTICATE, SC_AC_OP_PSO_DECRYPT,
|
||||
SC_AC_OP_GENERATE, 0xFF, SC_AC_OP_UPDATE, SC_AC_OP_READ
|
||||
};
|
||||
unsigned char ops_pubkey[7] = {
|
||||
0xFF, SC_AC_OP_EXTERNAL_AUTHENTICATE, 0xFF,
|
||||
0xFF, SC_AC_OP_EXTERNAL_AUTHENTICATE, 0xFF,
|
||||
SC_AC_OP_GENERATE, 0xFF, SC_AC_OP_UPDATE, SC_AC_OP_READ
|
||||
};
|
||||
unsigned char amb, scb[16], mask;
|
||||
|
@ -404,13 +404,13 @@ iasecc_sdo_set_key_acls_from_profile(struct sc_profile *profile, struct sc_card
|
|||
*(sdo->docp.acls_contact.value + 0) = amb;
|
||||
memcpy(sdo->docp.acls_contact.value + 1, scb, cntr);
|
||||
|
||||
sc_log(ctx, "AMB: %X, CNTR %i, %x %x %x %x %x %x",
|
||||
sc_log(ctx, "AMB: %X, CNTR %i, %x %x %x %x %x %x",
|
||||
amb, cntr, scb[0], scb[1], scb[2], scb[3], scb[4], scb[5], scb[6]);
|
||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
iasecc_sdo_allocate_prvkey(struct sc_profile *profile, struct sc_card *card,
|
||||
struct sc_pkcs15_prkey_info *key_info, struct iasecc_sdo **out)
|
||||
{
|
||||
|
@ -431,7 +431,7 @@ iasecc_sdo_allocate_prvkey(struct sc_profile *profile, struct sc_card *card,
|
|||
sdo->usage = key_info->usage;
|
||||
|
||||
sc_log(ctx, "sdo->sdo_class 0x%X; sdo->usage 0x%X", sdo->sdo_class, sdo->usage);
|
||||
|
||||
|
||||
rv = iasecc_sdo_get_data(card, sdo);
|
||||
if (rv == SC_ERROR_DATA_OBJECT_NOT_FOUND) {
|
||||
sdo->not_on_card = 1;
|
||||
|
@ -460,7 +460,7 @@ iasecc_sdo_allocate_prvkey(struct sc_profile *profile, struct sc_card *card,
|
|||
sdo->docp.size.size = 2;
|
||||
*(sdo->docp.size.value + 0) = (sz >> 8) & 0xFF;
|
||||
*(sdo->docp.size.value + 1) = sz & 0xFF;
|
||||
/*
|
||||
/*
|
||||
FIXME: Manage CRT key types: IASECC_GEN_KEY_TYPE_*: X509_usage
|
||||
Optional PRIVATE KEY SDO attribute 'Algorithm to compulsorily use' can have one of the three values:
|
||||
0(any usage), B6(Sign), A4(Authentication), B8(Confidentiality).
|
||||
|
@ -490,8 +490,8 @@ iasecc_sdo_allocate_prvkey(struct sc_profile *profile, struct sc_card *card,
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
iasecc_sdo_allocate_pubkey(struct sc_profile *profile, struct sc_card *card, struct sc_pkcs15_pubkey_info *key_info,
|
||||
static int
|
||||
iasecc_sdo_allocate_pubkey(struct sc_profile *profile, struct sc_card *card, struct sc_pkcs15_pubkey_info *key_info,
|
||||
struct iasecc_sdo **out)
|
||||
{
|
||||
struct sc_context *ctx = card->ctx;
|
||||
|
@ -544,7 +544,7 @@ iasecc_sdo_allocate_pubkey(struct sc_profile *profile, struct sc_card *card, str
|
|||
else {
|
||||
LOG_TEST_RET(ctx, rv, "iasecc_sdo_allocate_pubkey() error while getting public key SDO data");
|
||||
}
|
||||
|
||||
|
||||
if (out)
|
||||
*out = sdo;
|
||||
|
||||
|
@ -552,7 +552,7 @@ iasecc_sdo_allocate_pubkey(struct sc_profile *profile, struct sc_card *card, str
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
iasecc_sdo_convert_to_file(struct sc_card *card, struct iasecc_sdo *sdo, struct sc_file **out)
|
||||
{
|
||||
struct sc_context *ctx = card->ctx;
|
||||
|
@ -569,14 +569,14 @@ iasecc_sdo_convert_to_file(struct sc_card *card, struct iasecc_sdo *sdo, struct
|
|||
sc_log(ctx, "SDO class 0x%X", sdo->sdo_class);
|
||||
|
||||
if (sdo->sdo_class == IASECC_SDO_CLASS_RSA_PRIVATE) {
|
||||
unsigned char ops[] = {
|
||||
SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_AC_OP_INTERNAL_AUTHENTICATE, SC_AC_OP_PSO_DECRYPT,
|
||||
unsigned char ops[] = {
|
||||
SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_AC_OP_INTERNAL_AUTHENTICATE, SC_AC_OP_PSO_DECRYPT,
|
||||
SC_AC_OP_GENERATE, SC_AC_OP_UPDATE, SC_AC_OP_READ
|
||||
};
|
||||
|
||||
for (ii=0; ii<sizeof(ops)/sizeof(ops[0]);ii++) {
|
||||
unsigned op_method, op_ref;
|
||||
|
||||
unsigned op_method, op_ref;
|
||||
|
||||
rv = iasecc_sdo_convert_acl(card, sdo, ops[ii], &op_method, &op_ref);
|
||||
LOG_TEST_RET(ctx, rv, "IasEcc: cannot convert ACL");
|
||||
sc_log(ctx, "ii:%i, method:%X, ref:%X", ii, op_method, op_ref);
|
||||
|
@ -608,7 +608,7 @@ iasecc_pkcs15_add_access_rule(struct sc_pkcs15_object *object, unsigned access_m
|
|||
else if (!auth_id && !object->access_rules[ii].auth_id.len) {
|
||||
object->access_rules[ii].access_mode |= access_mode;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else if (auth_id && sc_pkcs15_compare_id(&object->access_rules[ii].auth_id, auth_id)) {
|
||||
object->access_rules[ii].access_mode |= access_mode;
|
||||
break;
|
||||
|
@ -618,7 +618,7 @@ iasecc_pkcs15_add_access_rule(struct sc_pkcs15_object *object, unsigned access_m
|
|||
if (ii==SC_PKCS15_MAX_ACCESS_RULES)
|
||||
return SC_ERROR_TOO_MANY_OBJECTS;
|
||||
|
||||
return SC_SUCCESS;
|
||||
return SC_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
|
@ -649,10 +649,10 @@ iasecc_pkcs15_get_auth_id_from_se(struct sc_pkcs15_card *p15card, unsigned char
|
|||
pin_ref = rv;
|
||||
for (ii=0; ii<nn_pins; ii++) {
|
||||
const struct sc_pkcs15_auth_info *auth_info = (const struct sc_pkcs15_auth_info *) pin_objs[ii]->data;
|
||||
|
||||
|
||||
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||
continue;
|
||||
|
||||
|
||||
sc_log(ctx, "PIN refs %i/%i", pin_ref, auth_info->attrs.pin.reference);
|
||||
if (pin_ref == ((auth_info->attrs.pin.reference + 0x100) % 0x100)) {
|
||||
*auth_id = auth_info->auth_id;
|
||||
|
@ -685,7 +685,7 @@ iasecc_pkcs15_fix_file_access_rule(struct sc_pkcs15_card *p15card, struct sc_fil
|
|||
LOG_TEST_RET(ctx, rv, "Fix file access rule error");
|
||||
}
|
||||
else {
|
||||
if (acl->method == SC_AC_IDA) {
|
||||
if (acl->method == SC_AC_IDA) {
|
||||
ref = acl->key_ref;
|
||||
iasecc_reference_to_pkcs15_id (ref, &id);
|
||||
}
|
||||
|
@ -711,7 +711,7 @@ iasecc_pkcs15_fix_file_access_rule(struct sc_pkcs15_card *p15card, struct sc_fil
|
|||
|
||||
|
||||
static int
|
||||
iasecc_pkcs15_fix_file_access(struct sc_pkcs15_card *p15card, struct sc_file *file,
|
||||
iasecc_pkcs15_fix_file_access(struct sc_pkcs15_card *p15card, struct sc_file *file,
|
||||
struct sc_pkcs15_object *object)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -735,7 +735,7 @@ iasecc_pkcs15_fix_file_access(struct sc_pkcs15_card *p15card, struct sc_file *fi
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
iasecc_pkcs15_encode_supported_algos(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *object)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -799,7 +799,7 @@ iasecc_sdo_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
int rv;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
|
||||
|
||||
if (!sdo_prvkey && !sdo_pubkey)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "At least one SDO has to be supplied");
|
||||
rv = iasecc_sdo_convert_to_file(card, sdo_prvkey ? sdo_prvkey : sdo_pubkey, &dummy_file);
|
||||
|
@ -809,7 +809,7 @@ iasecc_sdo_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
rv = sc_pkcs15init_authenticate(profile, p15card, dummy_file, SC_AC_OP_UPDATE);
|
||||
card->caps = caps;
|
||||
LOG_TEST_RET(ctx, rv, "SDO PRIVATE KEY UPDATE authentication failed");
|
||||
|
||||
|
||||
if (dummy_file)
|
||||
sc_file_free(dummy_file);
|
||||
|
||||
|
@ -837,7 +837,7 @@ iasecc_pkcs15_add_algorithm_reference(struct sc_pkcs15_card *p15card,
|
|||
;
|
||||
if (jj == SC_MAX_SUPPORTED_ALGORITHMS)
|
||||
return SC_ERROR_TOO_MANY_OBJECTS;
|
||||
|
||||
|
||||
for (ii=0;ii<SC_MAX_SUPPORTED_ALGORITHMS;ii++)
|
||||
if (p15card->tokeninfo->supported_algos[ii].algo_ref == algo_ref)
|
||||
break;
|
||||
|
@ -845,13 +845,13 @@ iasecc_pkcs15_add_algorithm_reference(struct sc_pkcs15_card *p15card,
|
|||
return SC_ERROR_OBJECT_NOT_FOUND;
|
||||
|
||||
key_info->algo_refs[jj] = p15card->tokeninfo->supported_algos[ii].reference;
|
||||
return SC_SUCCESS;
|
||||
return SC_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
iasecc_pkcs15_fix_private_key_attributes(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_object *object,
|
||||
struct iasecc_sdo *sdo_prvkey)
|
||||
{
|
||||
struct sc_card *card = p15card->card;
|
||||
|
@ -860,7 +860,7 @@ iasecc_pkcs15_fix_private_key_attributes(struct sc_profile *profile, struct sc_p
|
|||
int rv = 0, ii;
|
||||
unsigned keys_access_modes[IASECC_MAX_SCBS] = {
|
||||
SC_PKCS15_ACCESS_RULE_MODE_PSO_CDS, SC_PKCS15_ACCESS_RULE_MODE_INT_AUTH, SC_PKCS15_ACCESS_RULE_MODE_PSO_DECRYPT,
|
||||
SC_PKCS15_ACCESS_RULE_MODE_EXECUTE, 0x00, SC_PKCS15_ACCESS_RULE_MODE_UPDATE, SC_PKCS15_ACCESS_RULE_MODE_READ
|
||||
SC_PKCS15_ACCESS_RULE_MODE_EXECUTE, 0x00, SC_PKCS15_ACCESS_RULE_MODE_UPDATE, SC_PKCS15_ACCESS_RULE_MODE_READ
|
||||
};
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
|
@ -874,11 +874,11 @@ iasecc_pkcs15_fix_private_key_attributes(struct sc_profile *profile, struct sc_p
|
|||
key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE;
|
||||
key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE;
|
||||
|
||||
sc_log(ctx, "SDO(class:%X,ref:%X,usage:%X)",
|
||||
sc_log(ctx, "SDO(class:%X,ref:%X,usage:%X)",
|
||||
sdo_prvkey->sdo_class, sdo_prvkey->sdo_ref, sdo_prvkey->usage);
|
||||
sc_log(ctx, "SDO ACLs(%i):%s", sdo_prvkey->docp.acls_contact.size,
|
||||
sc_log(ctx, "SDO ACLs(%i):%s", sdo_prvkey->docp.acls_contact.size,
|
||||
sc_dump_hex(sdo_prvkey->docp.acls_contact.value, sdo_prvkey->docp.acls_contact.size));
|
||||
sc_log(ctx, "SDO AMB:%X, SCBS:%s", sdo_prvkey->docp.amb,
|
||||
sc_log(ctx, "SDO AMB:%X, SCBS:%s", sdo_prvkey->docp.amb,
|
||||
sc_dump_hex(sdo_prvkey->docp.scbs, IASECC_MAX_SCBS));
|
||||
|
||||
for (ii=0;ii<IASECC_MAX_SCBS;ii++) {
|
||||
|
@ -899,11 +899,11 @@ iasecc_pkcs15_fix_private_key_attributes(struct sc_profile *profile, struct sc_p
|
|||
rv = iasecc_pkcs15_add_access_rule(object, keys_access_modes[ii], &auth_id);
|
||||
LOG_TEST_RET(ctx, rv, "Cannot add access rule");
|
||||
|
||||
if (ii == IASECC_ACLS_RSAKEY_PSO_SIGN
|
||||
|| ii == IASECC_ACLS_RSAKEY_INTERNAL_AUTH
|
||||
if (ii == IASECC_ACLS_RSAKEY_PSO_SIGN
|
||||
|| ii == IASECC_ACLS_RSAKEY_INTERNAL_AUTH
|
||||
|| ii == IASECC_ACLS_RSAKEY_PSO_DECIPHER) {
|
||||
if (!sc_pkcs15_compare_id(&object->auth_id, &auth_id)) {
|
||||
/* Sorry, this will silently overwrite the profile option.*/
|
||||
/* Sorry, this will silently overwrite the profile option.*/
|
||||
sc_log(ctx, "Change object's authId for the one that really protects crypto operation.");
|
||||
object->auth_id = auth_id;
|
||||
}
|
||||
|
@ -911,11 +911,11 @@ iasecc_pkcs15_fix_private_key_attributes(struct sc_profile *profile, struct sc_p
|
|||
}
|
||||
|
||||
if (ii == IASECC_ACLS_RSAKEY_PSO_SIGN) {
|
||||
rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info,
|
||||
rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info,
|
||||
IASECC_ALGORITHM_RSA_PKCS | IASECC_ALGORITHM_SHA1);
|
||||
LOG_TEST_RET(ctx, rv, "Cannot add RSA_PKCS SHA1 supported mechanism");
|
||||
|
||||
rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info,
|
||||
rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info,
|
||||
IASECC_ALGORITHM_RSA_PKCS | IASECC_ALGORITHM_SHA2);
|
||||
LOG_TEST_RET(ctx, rv, "Cannot add RSA_PKCS SHA2 supported mechanism");
|
||||
|
||||
|
@ -930,11 +930,11 @@ iasecc_pkcs15_fix_private_key_attributes(struct sc_profile *profile, struct sc_p
|
|||
key_info->usage |= SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER;
|
||||
}
|
||||
else if (ii == IASECC_ACLS_RSAKEY_PSO_DECIPHER) {
|
||||
rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info,
|
||||
rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info,
|
||||
IASECC_ALGORITHM_RSA_PKCS_DECRYPT | IASECC_ALGORITHM_SHA1);
|
||||
LOG_TEST_RET(ctx, rv, "Cannot add decipher RSA_PKCS supported mechanism");
|
||||
|
||||
key_info->usage |= SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP;
|
||||
key_info->usage |= SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -999,7 +999,7 @@ iasecc_pkcs15_create_key_slot(struct sc_profile *profile, struct sc_pkcs15_card
|
|||
|
||||
LOG_FUNC_RETURN(ctx, rv);
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
iasecc_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_object *object)
|
||||
|
@ -1013,7 +1013,7 @@ iasecc_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15c
|
|||
int rv;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
sc_log(ctx, "create private key(keybits:%i,usage:%X,access:%X,ref:%X)",
|
||||
sc_log(ctx, "create private key(keybits:%i,usage:%X,access:%X,ref:%X)",
|
||||
keybits, key_info->usage, key_info->access_flags, key_info->key_reference);
|
||||
if (keybits < 1024 || keybits > 2048 || (keybits % 256)) {
|
||||
sc_log(ctx, "Unsupported key size %u", keybits);
|
||||
|
@ -1037,7 +1037,7 @@ iasecc_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15c
|
|||
rv = iasecc_pkcs15_create_key_slot(profile, p15card, sdo_prvkey, sdo_pubkey, key_info);
|
||||
LOG_TEST_RET(ctx, rv, "Cannot create key slot");
|
||||
}
|
||||
|
||||
|
||||
rv = sc_pkcs15_allocate_object_content(ctx, object, (unsigned char *)sdo_prvkey, sizeof(struct iasecc_sdo));
|
||||
LOG_TEST_RET(ctx, rv, "Failed to allocate PrvKey SDO as object content");
|
||||
|
||||
|
@ -1070,7 +1070,7 @@ iasecc_pkcs15_generate_key(struct sc_profile *profile, sc_pkcs15_card_t *p15card
|
|||
int rv;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
sc_log(ctx, "generate key(bits:%i,path:%s,AuthID:%s\n", keybits,
|
||||
sc_log(ctx, "generate key(bits:%i,path:%s,AuthID:%s\n", keybits,
|
||||
sc_print_path(&key_info->path), sc_pkcs15_print_id(&object->auth_id));
|
||||
|
||||
if (!object->content.value || object->content.len != sizeof(struct iasecc_sdo))
|
||||
|
@ -1115,7 +1115,7 @@ iasecc_pkcs15_generate_key(struct sc_profile *profile, sc_pkcs15_card_t *p15card
|
|||
LOG_TEST_RET(ctx, rv, "IasEcc: allocate SDO public key failed");
|
||||
|
||||
pubkey->algorithm = SC_ALGORITHM_RSA;
|
||||
|
||||
|
||||
pubkey->u.rsa.modulus.len = sdo_pubkey->data.pub_key.n.size;
|
||||
pubkey->u.rsa.modulus.data = (unsigned char *) malloc(pubkey->u.rsa.modulus.len);
|
||||
if (!pubkey->u.rsa.modulus.data)
|
||||
|
@ -1162,7 +1162,7 @@ iasecc_pkcs15_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15ca
|
|||
int rv;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
sc_log(ctx, "Store IAS/ECC key(keybits:%i,AuthID:%s,path:%s)",
|
||||
sc_log(ctx, "Store IAS/ECC key(keybits:%i,AuthID:%s,path:%s)",
|
||||
keybits, sc_pkcs15_print_id(&object->auth_id), sc_print_path(&key_info->path));
|
||||
|
||||
if (!object->content.value || object->content.len != sizeof(struct iasecc_sdo))
|
||||
|
@ -1174,7 +1174,7 @@ iasecc_pkcs15_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15ca
|
|||
if (sdo_prvkey->magic != SC_CARDCTL_IASECC_SDO_MAGIC)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "'Magic' control failed for SDO PrvKey");
|
||||
|
||||
sc_log(ctx, "key compulsory attr(size:%i,on_card:%i)",
|
||||
sc_log(ctx, "key compulsory attr(size:%i,on_card:%i)",
|
||||
sdo_prvkey->data.prv_key.compulsory.size, sdo_prvkey->data.prv_key.compulsory.on_card);
|
||||
|
||||
rv = sc_profile_get_parent(profile, "private-key", &file);
|
||||
|
@ -1201,8 +1201,8 @@ iasecc_pkcs15_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15ca
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
iasecc_pkcs15_delete_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
static int
|
||||
iasecc_pkcs15_delete_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
int sdo_class, int ref)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -1226,7 +1226,7 @@ iasecc_pkcs15_delete_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15
|
|||
|
||||
rv = iasecc_sdo_get_data(card, sdo);
|
||||
if (rv < 0) {
|
||||
if (rv == SC_ERROR_DATA_OBJECT_NOT_FOUND)
|
||||
if (rv == SC_ERROR_DATA_OBJECT_NOT_FOUND)
|
||||
rv = SC_SUCCESS;
|
||||
|
||||
iasecc_sdo_free(card, sdo);
|
||||
|
@ -1240,7 +1240,7 @@ iasecc_pkcs15_delete_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15
|
|||
sdo->data.pub_key.cha.size = 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
sc_log(ctx, "iasecc_pkcs15_delete_sdo() SDO class 0x%X, ref 0x%X", sdo->sdo_class, sdo->sdo_ref);
|
||||
rv = iasecc_sdo_convert_to_file(card, sdo, &dummy_file);
|
||||
LOG_TEST_RET(ctx, rv, "iasecc_pkcs15_delete_sdo() Cannot convert SDO to file");
|
||||
|
@ -1249,16 +1249,16 @@ iasecc_pkcs15_delete_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15
|
|||
rv = sc_pkcs15init_authenticate(profile, p15card, dummy_file, SC_AC_OP_UPDATE);
|
||||
card->caps = save_card_caps;
|
||||
LOG_TEST_RET(ctx, rv, "iasecc_pkcs15_delete_sdo() UPDATE authentication failed for SDO");
|
||||
|
||||
|
||||
if (dummy_file)
|
||||
sc_file_free(dummy_file);
|
||||
|
||||
if (card->type == SC_CARD_TYPE_IASECC_OBERTHUR) {
|
||||
/* Oberthur's card supports creation/deletion of the key slots ... */
|
||||
/* Oberthur's card supports creation/deletion of the key slots ... */
|
||||
rv = sc_card_ctl(card, SC_CARDCTL_IASECC_SDO_DELETE, sdo);
|
||||
}
|
||||
else {
|
||||
/* ... other cards not.
|
||||
/* ... other cards not.
|
||||
* Set to zero the key components . */
|
||||
unsigned char zeros[0x200];
|
||||
int size = *(sdo->docp.size.value + 0) * 0x100 + *(sdo->docp.size.value + 1);
|
||||
|
@ -1273,7 +1273,7 @@ iasecc_pkcs15_delete_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15
|
|||
|
||||
rsa.p.data = rsa.q.data = rsa.iqmp.data = rsa.dmp1.data = rsa.dmq1.data = zeros;
|
||||
rsa.p.len = rsa.q.len = rsa.iqmp.len = rsa.dmp1.len = rsa.dmq1.len = size/2;
|
||||
|
||||
|
||||
/* Don't know why, but, clean public key do not working with Gemalto card */
|
||||
rv = iasecc_sdo_store_key(profile, p15card, sdo, NULL, &rsa);
|
||||
LOG_TEST_RET(ctx, rv, "iasecc_pkcs15_delete_sdo() store empty private key failed");
|
||||
|
@ -1284,7 +1284,7 @@ iasecc_pkcs15_delete_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
iasecc_pkcs15_delete_object (struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_object *object, const struct sc_path *path)
|
||||
{
|
||||
|
@ -1304,10 +1304,10 @@ iasecc_pkcs15_delete_object (struct sc_profile *profile, struct sc_pkcs15_card *
|
|||
key_ref = ((sc_pkcs15_prkey_info_t *)object->data)->key_reference;
|
||||
|
||||
/* Delete both parts of the RSA key */
|
||||
rv = iasecc_pkcs15_delete_sdo (profile, p15card, IASECC_SDO_CLASS_RSA_PRIVATE, key_ref);
|
||||
rv = iasecc_pkcs15_delete_sdo (profile, p15card, IASECC_SDO_CLASS_RSA_PRIVATE, key_ref);
|
||||
LOG_TEST_RET(ctx, rv, "Cannot delete RSA_PRIVATE SDO");
|
||||
|
||||
rv = iasecc_pkcs15_delete_sdo (profile, p15card, IASECC_SDO_CLASS_RSA_PUBLIC, key_ref);
|
||||
rv = iasecc_pkcs15_delete_sdo (profile, p15card, IASECC_SDO_CLASS_RSA_PUBLIC, key_ref);
|
||||
LOG_TEST_RET(ctx, rv, "Cannot delete RSA_PUBLIC SDO");
|
||||
|
||||
LOG_FUNC_RETURN(ctx, rv);
|
||||
|
@ -1323,17 +1323,17 @@ iasecc_pkcs15_delete_object (struct sc_profile *profile, struct sc_pkcs15_card *
|
|||
file->ef_structure = SC_FILE_EF_TRANSPARENT;
|
||||
file->id = path->value[path->len-2] * 0x100 + path->value[path->len-1];
|
||||
memcpy(&file->path, path, sizeof(file->path));
|
||||
|
||||
|
||||
rv = iasecc_pkcs15_delete_file(p15card, profile, file);
|
||||
|
||||
|
||||
sc_file_free(file);
|
||||
|
||||
LOG_FUNC_RETURN(ctx, rv);
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
iasecc_store_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_pkcs15_object *object,
|
||||
static int
|
||||
iasecc_store_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_der *data, struct sc_path *path)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -1371,9 +1371,9 @@ iasecc_store_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
iasecc_store_cert(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
struct sc_pkcs15_object *object, struct sc_pkcs15_der *data,
|
||||
static int
|
||||
iasecc_store_cert(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
struct sc_pkcs15_object *object, struct sc_pkcs15_der *data,
|
||||
struct sc_path *path)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -1397,9 +1397,9 @@ iasecc_store_cert(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
|||
|
||||
/*
|
||||
* FIXME: Implement 'store data object'
|
||||
static int
|
||||
iasecc_store_opaqueDO(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
struct sc_pkcs15_object *object, struct sc_pkcs15_id *id,
|
||||
static int
|
||||
iasecc_store_opaqueDO(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
struct sc_pkcs15_object *object, struct sc_pkcs15_id *id,
|
||||
struct sc_pkcs15_der *data, struct sc_path *path)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -1433,7 +1433,7 @@ iasecc_store_opaqueDO(struct sc_pkcs15_card *p15card, struct sc_profile *profile
|
|||
|
||||
if (ii == nn_objs)
|
||||
break;
|
||||
|
||||
|
||||
if (pfile)
|
||||
sc_file_free(pfile);
|
||||
pfile = NULL;
|
||||
|
@ -1450,13 +1450,13 @@ iasecc_store_opaqueDO(struct sc_pkcs15_card *p15card, struct sc_profile *profile
|
|||
object->access_rules[0].access_mode = SC_PKCS15_ACCESS_RULE_MODE_READ;
|
||||
acl = sc_file_get_acl_entry(pfile, SC_AC_OP_READ);
|
||||
sc_log(ctx, "iasecc_store_opaqueDO() READ method %i", acl->method);
|
||||
if (acl->method == SC_AC_IDA)
|
||||
if (acl->method == SC_AC_IDA)
|
||||
iasecc_reference_to_pkcs15_id (acl->key_ref, &object->access_rules[0].auth_id);
|
||||
|
||||
object->access_rules[1].access_mode = SC_PKCS15_ACCESS_RULE_MODE_UPDATE;
|
||||
acl = sc_file_get_acl_entry(pfile, SC_AC_OP_UPDATE);
|
||||
sc_log(ctx, "iasecc_store_opaqueDO() UPDATE method %i", acl->method);
|
||||
if (acl->method == SC_AC_IDA)
|
||||
if (acl->method == SC_AC_IDA)
|
||||
iasecc_reference_to_pkcs15_id (acl->key_ref, &object->access_rules[1].auth_id);
|
||||
|
||||
} while(0);
|
||||
|
@ -1515,9 +1515,9 @@ iasecc_store_opaqueDO(struct sc_pkcs15_card *p15card, struct sc_profile *profile
|
|||
*/
|
||||
|
||||
|
||||
static int
|
||||
iasecc_emu_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
struct sc_pkcs15_object *object,
|
||||
static int
|
||||
iasecc_emu_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_der *data, struct sc_path *path)
|
||||
|
||||
{
|
||||
|
@ -1539,7 +1539,7 @@ iasecc_emu_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile
|
|||
break;
|
||||
*/
|
||||
}
|
||||
|
||||
|
||||
LOG_FUNC_RETURN(ctx, rv);
|
||||
}
|
||||
|
||||
|
@ -1552,7 +1552,7 @@ iasecc_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card *p
|
|||
}
|
||||
|
||||
|
||||
static struct sc_pkcs15init_operations
|
||||
static struct sc_pkcs15init_operations
|
||||
sc_pkcs15init_iasecc_operations = {
|
||||
iasecc_pkcs15_erase_card,
|
||||
NULL, /* init_card */
|
||||
|
@ -1570,8 +1570,8 @@ sc_pkcs15init_iasecc_operations = {
|
|||
iasecc_pkcs15_delete_object,
|
||||
|
||||
/* pkcs15init emulation */
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
iasecc_emu_update_tokeninfo,
|
||||
NULL,
|
||||
iasecc_emu_store_data,
|
||||
|
@ -1587,7 +1587,7 @@ sc_pkcs15init_iasecc_operations = {
|
|||
|
||||
struct sc_pkcs15init_operations *
|
||||
sc_pkcs15init_get_iasecc_ops(void)
|
||||
{
|
||||
{
|
||||
return &sc_pkcs15init_iasecc_operations;
|
||||
}
|
||||
|
||||
|
|
|
@ -203,7 +203,7 @@ incrypto34_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card
|
|||
* Store a PIN
|
||||
*/
|
||||
static int
|
||||
incrypto34_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||
incrypto34_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||
sc_file_t *df, sc_pkcs15_object_t *pin_obj,
|
||||
const u8 *pin, size_t pin_len,
|
||||
const u8 *puk, size_t puk_len)
|
||||
|
|
|
@ -336,9 +336,9 @@ extern int sc_pkcs15init_create_file(struct sc_profile *,
|
|||
struct sc_pkcs15_card *, struct sc_file *);
|
||||
extern int sc_pkcs15init_update_file(struct sc_profile *,
|
||||
struct sc_pkcs15_card *, struct sc_file *, void *, unsigned int);
|
||||
extern int sc_pkcs15init_authenticate(struct sc_profile *, struct sc_pkcs15_card *,
|
||||
extern int sc_pkcs15init_authenticate(struct sc_profile *, struct sc_pkcs15_card *,
|
||||
struct sc_file *, int);
|
||||
extern int sc_pkcs15init_fixup_file(struct sc_profile *, struct sc_pkcs15_card *,
|
||||
extern int sc_pkcs15init_fixup_file(struct sc_profile *, struct sc_pkcs15_card *,
|
||||
struct sc_file *);
|
||||
extern int sc_pkcs15init_get_pin_info(struct sc_profile *, int, struct sc_pkcs15_auth_info *);
|
||||
extern int sc_profile_get_pin_retries(struct sc_profile *, int);
|
||||
|
@ -351,7 +351,7 @@ extern int sc_pkcs15init_verify_secret(struct sc_profile *, struct sc_pkcs15_car
|
|||
sc_file_t *, unsigned int, int);
|
||||
extern int sc_pkcs15init_delete_by_path(struct sc_profile *,
|
||||
struct sc_pkcs15_card *, const struct sc_path *);
|
||||
extern int sc_pkcs15init_update_any_df(struct sc_pkcs15_card *, struct sc_profile *,
|
||||
extern int sc_pkcs15init_update_any_df(struct sc_pkcs15_card *, struct sc_profile *,
|
||||
struct sc_pkcs15_df *, int);
|
||||
|
||||
/* Erasing the card structure via rm -rf */
|
||||
|
@ -369,7 +369,7 @@ extern int sc_pkcs15init_requires_restrictive_usage(
|
|||
extern int sc_pkcs15_create_pin_domain(struct sc_profile *, struct sc_pkcs15_card *,
|
||||
const struct sc_pkcs15_id *, struct sc_file **);
|
||||
|
||||
extern int sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *,
|
||||
extern int sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *,
|
||||
struct sc_profile *, unsigned, int);
|
||||
|
||||
extern int sc_pkcs15init_sanity_check(struct sc_pkcs15_card *, struct sc_profile *);
|
||||
|
|
|
@ -51,7 +51,7 @@ jcop_erase_card(struct sc_profile *pro, sc_pkcs15_card_t *p15card) {
|
|||
* for JCOP, it must be the application DF. no other DF's may exist.
|
||||
*/
|
||||
static int
|
||||
jcop_init_app(sc_profile_t *profile, sc_card_t *card,
|
||||
jcop_init_app(sc_profile_t *profile, sc_card_t *card,
|
||||
struct sc_pkcs15_pin_info *pin_info,
|
||||
const u8 *pin, size_t pin_len, const u8 *puk, size_t puk_len) {
|
||||
return SC_ERROR_NOT_SUPPORTED;
|
||||
|
@ -59,7 +59,7 @@ jcop_init_app(sc_profile_t *profile, sc_card_t *card,
|
|||
|
||||
#else
|
||||
|
||||
static int
|
||||
static int
|
||||
jcop_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *file)
|
||||
{
|
||||
return SC_ERROR_NOT_SUPPORTED;
|
||||
|
@ -205,10 +205,10 @@ jcop_bn2bin(unsigned char *dest, sc_pkcs15_bignum_t *bn, unsigned int size)
|
|||
* byte 1 Modulus length (in byte/4)
|
||||
* byte 2 Modulus (n)
|
||||
* byte 2+x private exponent (d)
|
||||
*
|
||||
*
|
||||
* CRT:
|
||||
* byte 0 0x06
|
||||
* byte 1 component length (in byte/2; component length is half
|
||||
* byte 1 component length (in byte/2; component length is half
|
||||
* of modulus length
|
||||
* byte 2 Prime (p)
|
||||
* byte 2+x Prime (q)
|
||||
|
@ -259,7 +259,7 @@ jcop_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
static int
|
||||
jcop_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||
sc_pkcs15_object_t *obj,
|
||||
sc_pkcs15_pubkey_t *pubkey)
|
||||
sc_pkcs15_pubkey_t *pubkey)
|
||||
{
|
||||
sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data;
|
||||
struct sc_cardctl_jcop_genkey args;
|
||||
|
@ -284,7 +284,7 @@ jcop_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
mod_len = key_info->modulus_length / 8;
|
||||
exp_len = 4;
|
||||
pub_len = 2 + mod_len + exp_len;
|
||||
temppubfile->size = pub_len;
|
||||
temppubfile->size = pub_len;
|
||||
|
||||
r = sc_pkcs15init_fixup_file(profile, p15card, temppubfile);
|
||||
if (r < 0)
|
||||
|
@ -301,7 +301,7 @@ jcop_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
r = sc_pkcs15init_authenticate(profile, p15card, keyfile, SC_AC_OP_UPDATE);
|
||||
if (r < 0)
|
||||
goto out;
|
||||
|
||||
|
||||
keybits = key_info->modulus_length;
|
||||
|
||||
/* generate key */
|
||||
|
@ -318,9 +318,9 @@ jcop_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
}
|
||||
args.pubkey = keybuf;
|
||||
args.pubkey_len = keybits / 8;
|
||||
|
||||
|
||||
r = sc_card_ctl(p15card->card, SC_CARDCTL_JCOP_GENERATE_KEY, (void *)&args);
|
||||
if (r < 0)
|
||||
if (r < 0)
|
||||
goto out;
|
||||
|
||||
/* extract public key */
|
||||
|
@ -338,7 +338,7 @@ jcop_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
|
||||
out:
|
||||
if (r < 0 && keybuf)
|
||||
free(keybuf);
|
||||
free(keybuf);
|
||||
if (delete_ok)
|
||||
sc_pkcs15init_rmdir(p15card, profile, temppubfile);
|
||||
if (keyfile)
|
||||
|
|
|
@ -123,7 +123,7 @@ static int sc_pkcs15init_qualify_pin(struct sc_card *, const char *,
|
|||
static struct sc_pkcs15_df * find_df_by_type(struct sc_pkcs15_card *,
|
||||
unsigned int);
|
||||
static int sc_pkcs15init_read_info(struct sc_card *card, struct sc_profile *);
|
||||
static int sc_pkcs15init_parse_info(struct sc_card *, const unsigned char *, size_t,
|
||||
static int sc_pkcs15init_parse_info(struct sc_card *, const unsigned char *, size_t,
|
||||
struct sc_profile *);
|
||||
static int sc_pkcs15init_write_info(struct sc_pkcs15_card *, struct sc_profile *,
|
||||
struct sc_pkcs15_object *);
|
||||
|
@ -342,7 +342,7 @@ sc_pkcs15init_bind(struct sc_card *card, const char *name,
|
|||
LOG_TEST_RET(ctx, r, "Read info error");
|
||||
}
|
||||
|
||||
/* Check the config file for a profile name.
|
||||
/* Check the config file for a profile name.
|
||||
* If none is defined, use the default profile name.
|
||||
*/
|
||||
if (!get_profile_from_config(card, card_profile, sizeof(card_profile)))
|
||||
|
@ -403,7 +403,7 @@ sc_pkcs15init_set_p15card(struct sc_profile *profile,
|
|||
struct sc_context *ctx = p15card->card->ctx;
|
||||
struct sc_pkcs15_object *p15objects[10];
|
||||
int i, r, nn_objs;
|
||||
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
|
||||
/* Prepare pin-domain instantiation:
|
||||
|
@ -426,7 +426,7 @@ sc_pkcs15init_set_p15card(struct sc_profile *profile,
|
|||
if (!sc_select_file(p15card->card, &auth_info->path, &file)) {
|
||||
char pin_name[16];
|
||||
|
||||
sprintf(pin_name, "pin-dir-%02X%02X",
|
||||
sprintf(pin_name, "pin-dir-%02X%02X",
|
||||
file->path.value[file->path.len - 2],
|
||||
file->path.value[file->path.len - 1]);
|
||||
sc_log(ctx, "add '%s' to profile file list", pin_name);
|
||||
|
@ -467,7 +467,7 @@ sc_pkcs15init_erase_card(struct sc_pkcs15_card *p15card, struct sc_profile *prof
|
|||
/* Needs the 'SOPIN' AUTH pkcs15 object.
|
||||
* So that, SOPIN can be found by it's reference. */
|
||||
if (sc_pkcs15_bind(p15card->card, aid, &p15card) >= 0)
|
||||
profile->p15_data = p15card;
|
||||
profile->p15_data = p15card;
|
||||
|
||||
if (profile->ops->erase_card == NULL)
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
|
||||
|
@ -479,7 +479,7 @@ sc_pkcs15init_erase_card(struct sc_pkcs15_card *p15card, struct sc_profile *prof
|
|||
|
||||
|
||||
int
|
||||
sc_pkcs15init_erase_card_recursively(struct sc_pkcs15_card *p15card,
|
||||
sc_pkcs15init_erase_card_recursively(struct sc_pkcs15_card *p15card,
|
||||
struct sc_profile *profile)
|
||||
{
|
||||
struct sc_file *df = profile->df_info->file, *dir;
|
||||
|
@ -514,7 +514,7 @@ sc_pkcs15init_erase_card_recursively(struct sc_pkcs15_card *p15card,
|
|||
}
|
||||
|
||||
|
||||
int
|
||||
int
|
||||
sc_pkcs15init_delete_by_path(struct sc_profile *profile,
|
||||
struct sc_pkcs15_card *p15card, const struct sc_path *file_path)
|
||||
{
|
||||
|
@ -658,7 +658,7 @@ sc_pkcs15init_finalize_card(struct sc_card *card, struct sc_profile *profile)
|
|||
|
||||
|
||||
int
|
||||
sc_pkcs15init_finalize_profile(struct sc_card *card, struct sc_profile *profile,
|
||||
sc_pkcs15init_finalize_profile(struct sc_card *card, struct sc_profile *profile,
|
||||
struct sc_aid *aid)
|
||||
{
|
||||
struct sc_context *ctx = card->ctx;
|
||||
|
@ -678,7 +678,7 @@ sc_pkcs15init_finalize_profile(struct sc_card *card, struct sc_profile *profile,
|
|||
sc_log(ctx, "Cannot find oncard application");
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
|
||||
}
|
||||
|
||||
|
||||
sc_log(ctx, "Finalize profile with application '%s'", app->label);
|
||||
rv = sc_profile_finish(profile, app);
|
||||
|
||||
|
@ -750,12 +750,12 @@ sc_pkcs15init_add_app(struct sc_card *card, struct sc_profile *profile,
|
|||
pin_obj = sc_pkcs15init_new_object(SC_PKCS15_TYPE_AUTH_PIN, pin_label, NULL, &pin_ainfo);
|
||||
|
||||
if (pin_obj) {
|
||||
/* When composing ACLs to create 'DIR' DF,
|
||||
/* When composing ACLs to create 'DIR' DF,
|
||||
* the references of the not-yet-existing PINs can be requested.
|
||||
* For this, create a 'virtual' AUTH object 'SO PIN', accessible by the card specific part,
|
||||
* but not yet written into the on-card PKCS#15.
|
||||
*/
|
||||
sc_log(ctx, "Add virtual SO_PIN('%s',flags:%X,reference:%i,path:'%s')", pin_obj->label,
|
||||
sc_log(ctx, "Add virtual SO_PIN('%s',flags:%X,reference:%i,path:'%s')", pin_obj->label,
|
||||
pin_attrs->flags, pin_attrs->reference, sc_print_path(&pin_ainfo.path));
|
||||
r = sc_pkcs15_add_object(p15card, pin_obj);
|
||||
LOG_TEST_RET(ctx, r, "Failed to add 'SOPIN' AUTH object");
|
||||
|
@ -787,7 +787,7 @@ sc_pkcs15init_add_app(struct sc_card *card, struct sc_profile *profile,
|
|||
#endif
|
||||
|
||||
if (pin_obj)
|
||||
/* Remove 'virtual' AUTH object . */
|
||||
/* Remove 'virtual' AUTH object . */
|
||||
sc_pkcs15_remove_object(p15card, pin_obj);
|
||||
|
||||
if (r < 0)
|
||||
|
@ -867,7 +867,7 @@ sc_pkcs15init_store_puk(struct sc_pkcs15_card *p15card,
|
|||
LOG_FUNC_CALLED(ctx);
|
||||
if (!args->puk_id.len)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "PUK auth ID not supplied");
|
||||
|
||||
|
||||
/* Make sure we don't get duplicate PIN IDs */
|
||||
r = sc_pkcs15_find_pin_by_auth_id(p15card, &args->puk_id, NULL);
|
||||
if (r != SC_ERROR_OBJECT_NOT_FOUND)
|
||||
|
@ -975,7 +975,7 @@ sc_pkcs15init_store_pin(struct sc_pkcs15_card *p15card, struct sc_profile *profi
|
|||
|
||||
|
||||
static int
|
||||
sc_pkcs15init_create_pin(struct sc_pkcs15_card *p15card,
|
||||
sc_pkcs15init_create_pin(struct sc_pkcs15_card *p15card,
|
||||
struct sc_profile *profile,
|
||||
struct sc_pkcs15_object *pin_obj,
|
||||
struct sc_pkcs15init_pinargs *args)
|
||||
|
@ -1028,7 +1028,7 @@ sc_pkcs15init_create_pin(struct sc_pkcs15_card *p15card,
|
|||
if (args->puk_len == 0)
|
||||
pin_attrs->flags |= SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED;
|
||||
|
||||
sc_log(ctx, "create PIN with reference:%X, flags:%X, path:%s",
|
||||
sc_log(ctx, "create PIN with reference:%X, flags:%X, path:%s",
|
||||
pin_attrs->reference, pin_attrs->flags, sc_print_path(&auth_info->path));
|
||||
r = profile->ops->create_pin(profile, p15card,
|
||||
df, pin_obj,
|
||||
|
@ -1046,8 +1046,8 @@ sc_pkcs15init_create_pin(struct sc_pkcs15_card *p15card,
|
|||
* Default function for creating a pin subdirectory
|
||||
*/
|
||||
int
|
||||
sc_pkcs15_create_pin_domain(struct sc_profile *profile,
|
||||
struct sc_pkcs15_card *p15card, const struct sc_pkcs15_id *id,
|
||||
sc_pkcs15_create_pin_domain(struct sc_profile *profile,
|
||||
struct sc_pkcs15_card *p15card, const struct sc_pkcs15_id *id,
|
||||
struct sc_file **ret)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -1181,7 +1181,7 @@ sc_pkcs15init_init_prkdf(struct sc_pkcs15_card *p15card,
|
|||
if (r == SC_ERROR_OBJECT_NOT_FOUND)
|
||||
break;
|
||||
|
||||
if (r != 0)
|
||||
if (r != 0)
|
||||
/* Other error trying to retrieve pin obj */
|
||||
LOG_TEST_RET(ctx, SC_ERROR_TOO_MANY_OBJECTS, "Failed to select key reference");
|
||||
|
||||
|
@ -1282,7 +1282,7 @@ sc_pkcs15init_generate_key(struct sc_pkcs15_card *p15card, struct sc_profile *pr
|
|||
|
||||
if (res_obj)
|
||||
*res_obj = object;
|
||||
|
||||
|
||||
sc_pkcs15_erase_pubkey(&pubkey_args.key);
|
||||
|
||||
profile->dirty = 1;
|
||||
|
@ -1320,7 +1320,7 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card,
|
|||
if (check_key_compatibility(p15card, &key, keyargs->x509_usage, keybits, 0)) {
|
||||
/* Make sure the caller explicitly tells us to store
|
||||
* the key as extractable. */
|
||||
if (!(keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE))
|
||||
if (!(keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE))
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INCOMPATIBLE_KEY, "Card does not support this key.");
|
||||
}
|
||||
|
||||
|
@ -1393,21 +1393,21 @@ sc_pkcs15init_store_public_key(struct sc_pkcs15_card *p15card,
|
|||
switch (key.algorithm) {
|
||||
case SC_ALGORITHM_RSA:
|
||||
keybits = sc_pkcs15init_keybits(&key.u.rsa.modulus);
|
||||
type = SC_PKCS15_TYPE_PUBKEY_RSA;
|
||||
type = SC_PKCS15_TYPE_PUBKEY_RSA;
|
||||
break;
|
||||
#ifdef SC_PKCS15_TYPE_PUBKEY_DSA
|
||||
case SC_ALGORITHM_DSA:
|
||||
keybits = sc_pkcs15init_keybits(&key.u.dsa.q);
|
||||
type = SC_PKCS15_TYPE_PUBKEY_DSA;
|
||||
type = SC_PKCS15_TYPE_PUBKEY_DSA;
|
||||
break;
|
||||
#endif
|
||||
case SC_ALGORITHM_GOSTR3410:
|
||||
keybits = SC_PKCS15_GOSTR3410_KEYSIZE;
|
||||
type = SC_PKCS15_TYPE_PUBKEY_GOSTR3410;
|
||||
type = SC_PKCS15_TYPE_PUBKEY_GOSTR3410;
|
||||
break;
|
||||
case SC_ALGORITHM_EC:
|
||||
keybits = key.u.ec.params.field_length;
|
||||
type = SC_PKCS15_TYPE_PUBKEY_EC;
|
||||
type = SC_PKCS15_TYPE_PUBKEY_EC;
|
||||
break;
|
||||
default:
|
||||
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Unsupported key algorithm.");
|
||||
|
@ -1525,7 +1525,7 @@ sc_pkcs15init_store_certificate(struct sc_pkcs15_card *p15card,
|
|||
cert_info->authority = args->authority;
|
||||
sc_der_copy(&object->content, &args->der_encoded);
|
||||
|
||||
sc_log(ctx, "Store cert(%s,ID:%s,der(%p,%i))", object->label,
|
||||
sc_log(ctx, "Store cert(%s,ID:%s,der(%p,%i))", object->label,
|
||||
sc_pkcs15_print_id(&cert_info->id), args->der_encoded.value, args->der_encoded.len);
|
||||
if (profile->pkcs15.direct_certificates)
|
||||
sc_der_copy(&cert_info->value, &args->der_encoded);
|
||||
|
@ -1537,7 +1537,7 @@ sc_pkcs15init_store_certificate(struct sc_pkcs15_card *p15card,
|
|||
r = sc_pkcs15init_add_object(p15card, profile, SC_PKCS15_CDF, object);
|
||||
/* TODO: update private key PKCS#15 object with the certificate's attributes */
|
||||
}
|
||||
|
||||
|
||||
if (r < 0)
|
||||
sc_pkcs15_free_object(object);
|
||||
|
||||
|
@ -1573,7 +1573,7 @@ sc_pkcs15init_store_data_object(struct sc_pkcs15_card *p15card,
|
|||
if (!args->id.len) {
|
||||
/* Select an ID if the user didn't specify one, otherwise
|
||||
* make sure it's unique (even though data objects doesn't
|
||||
* have a pkcs15 id we need one here to create a unique
|
||||
* have a pkcs15 id we need one here to create a unique
|
||||
* file id from the data file template */
|
||||
r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_DATA_OBJECT, objs, 32);
|
||||
LOG_TEST_RET(ctx, r, "Get 'DATA' objects error");
|
||||
|
@ -1628,8 +1628,8 @@ sc_pkcs15init_store_data_object(struct sc_pkcs15_card *p15card,
|
|||
}
|
||||
|
||||
|
||||
int
|
||||
sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *p15card,
|
||||
int
|
||||
sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *p15card,
|
||||
struct sc_profile *profile, unsigned auth_method, int reference)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -1646,14 +1646,14 @@ sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *p15card,
|
|||
LOG_TEST_RET(ctx, r, "Get PKCS#15 AUTH objects error");
|
||||
nn_objs = r;
|
||||
|
||||
sc_log(ctx, "found %i auth objects; looking for AUTH object(auth_method:%i,reference:%i)",
|
||||
sc_log(ctx, "found %i auth objects; looking for AUTH object(auth_method:%i,reference:%i)",
|
||||
nn_objs, auth_method, reference);
|
||||
for (ii=0; ii<nn_objs; ii++) {
|
||||
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)auth_objs[ii]->data;
|
||||
struct sc_pkcs15_pin_attributes *pin_attrs = &auth_info->attrs.pin;
|
||||
|
||||
sc_log(ctx, "check PIN(%s,auth_method:%i,type:%i,reference:%i,flags:%X)",
|
||||
auth_objs[ii]->label, auth_info->auth_method, pin_attrs->type,
|
||||
sc_log(ctx, "check PIN(%s,auth_method:%i,type:%i,reference:%i,flags:%X)",
|
||||
auth_objs[ii]->label, auth_info->auth_method, pin_attrs->type,
|
||||
pin_attrs->reference, pin_attrs->flags);
|
||||
/* Find out if there is AUTH pkcs15 object with given 'type' and 'reference' */
|
||||
if (auth_info->auth_method == auth_method && pin_attrs->reference == reference)
|
||||
|
@ -1662,7 +1662,7 @@ sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *p15card,
|
|||
if (auth_method != SC_AC_SYMBOLIC)
|
||||
continue;
|
||||
|
||||
/* Translate 'SYMBOLIC' PIN reference into the pkcs#15 pinAttributes.flags
|
||||
/* Translate 'SYMBOLIC' PIN reference into the pkcs#15 pinAttributes.flags
|
||||
* and check for the existing pkcs15 PIN object with these flags. */
|
||||
switch (reference) {
|
||||
case SC_PKCS15INIT_USER_PIN:
|
||||
|
@ -1697,7 +1697,7 @@ sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *p15card,
|
|||
|
||||
}
|
||||
|
||||
/* 2. No existing pkcs15 PIN object
|
||||
/* 2. No existing pkcs15 PIN object
|
||||
* -- check if profile defines some PIN with 'reference' as PIN reference. */
|
||||
r = sc_profile_get_pin_id_by_reference(profile, auth_method, reference, &auth_info);
|
||||
if (r < 0)
|
||||
|
@ -1740,7 +1740,7 @@ sc_pkcs15init_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *prof
|
|||
LOG_TEST_RET(ctx, r, "Cannot delete file");
|
||||
|
||||
r = sc_pkcs15init_update_file(profile, p15card, file, data->value, data->len);
|
||||
|
||||
|
||||
*path = file->path;
|
||||
|
||||
if (file)
|
||||
|
@ -1802,7 +1802,7 @@ sc_pkcs15init_map_usage(unsigned long x509_usage, int _private)
|
|||
/*
|
||||
* Compute modulus length
|
||||
*/
|
||||
static size_t
|
||||
static size_t
|
||||
sc_pkcs15init_keybits(struct sc_pkcs15_bignum *bn)
|
||||
{
|
||||
unsigned int mask, bits;
|
||||
|
@ -1819,20 +1819,20 @@ sc_pkcs15init_keybits(struct sc_pkcs15_bignum *bn)
|
|||
/*
|
||||
* Check consistency of the key parameters.
|
||||
*/
|
||||
static int
|
||||
check_keygen_params_consistency(struct sc_card *card, struct sc_pkcs15init_keygen_args *params,
|
||||
static int
|
||||
check_keygen_params_consistency(struct sc_card *card, struct sc_pkcs15init_keygen_args *params,
|
||||
unsigned int keybits, unsigned int *out_keybits)
|
||||
{
|
||||
struct sc_context *ctx = card->ctx;
|
||||
unsigned int alg = params->prkey_args.key.algorithm;
|
||||
unsigned int alg = params->prkey_args.key.algorithm;
|
||||
int i, rv;
|
||||
|
||||
if (alg == SC_ALGORITHM_EC) {
|
||||
struct sc_pkcs15_ec_parameters *ecparams = ¶ms->prkey_args.params.ec;
|
||||
|
||||
|
||||
rv = sc_pkcs15_fix_ec_parameters(ctx, ecparams);
|
||||
LOG_TEST_RET(ctx, rv, "Cannot fix EC parameters");
|
||||
|
||||
|
||||
sc_log(ctx, "EC parameters: %s", sc_dump_hex(ecparams->der.value, ecparams->der.len));
|
||||
if (keybits)
|
||||
keybits = ecparams->field_length;
|
||||
|
@ -2031,14 +2031,14 @@ static struct sc_pkcs15_df *
|
|||
find_df_by_type(struct sc_pkcs15_card *p15card, unsigned int type)
|
||||
{
|
||||
struct sc_pkcs15_df *df = p15card->df_list;
|
||||
|
||||
|
||||
while (df != NULL && df->type != type)
|
||||
df = df->next;
|
||||
return df;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
select_intrinsic_id(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
int type, struct sc_pkcs15_id *id, void *data)
|
||||
{
|
||||
|
@ -2092,7 +2092,7 @@ select_intrinsic_id(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
|||
!pubkey->u.gostr3410.xy.data)
|
||||
goto done;
|
||||
|
||||
/* In Mozilla 'GOST R 34.10' is not yet supported.
|
||||
/* In Mozilla 'GOST R 34.10' is not yet supported.
|
||||
* So, switch to the ID recommended by RFC2459 */
|
||||
if (pubkey->algorithm == SC_ALGORITHM_GOSTR3410 && id_style == SC_PKCS15INIT_ID_STYLE_MOZILLA)
|
||||
id_style = SC_PKCS15INIT_ID_STYLE_RFC2459;
|
||||
|
@ -2138,7 +2138,7 @@ done:
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
select_id(struct sc_pkcs15_card *p15card, int type, struct sc_pkcs15_id *id)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -2190,7 +2190,7 @@ select_id(struct sc_pkcs15_card *p15card, int type, struct sc_pkcs15_id *id)
|
|||
*id = unused_id;
|
||||
LOG_FUNC_RETURN(ctx, 0);
|
||||
}
|
||||
|
||||
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_TOO_MANY_OBJECTS);
|
||||
}
|
||||
|
||||
|
@ -2218,7 +2218,7 @@ get_template_name_from_object (struct sc_pkcs15_object *obj)
|
|||
case SC_PKCS15_TYPE_CERT:
|
||||
return "certificate";
|
||||
case SC_PKCS15_TYPE_DATA_OBJECT:
|
||||
if (obj->flags & SC_PKCS15_CO_FLAG_PRIVATE)
|
||||
if (obj->flags & SC_PKCS15_CO_FLAG_PRIVATE)
|
||||
return "privdata";
|
||||
else
|
||||
return "data";
|
||||
|
@ -2228,8 +2228,8 @@ get_template_name_from_object (struct sc_pkcs15_object *obj)
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
get_object_path_from_object (struct sc_pkcs15_object *obj,
|
||||
static int
|
||||
get_object_path_from_object (struct sc_pkcs15_object *obj,
|
||||
struct sc_path *ret_path)
|
||||
{
|
||||
if (!ret_path)
|
||||
|
@ -2238,13 +2238,13 @@ get_object_path_from_object (struct sc_pkcs15_object *obj,
|
|||
memset(ret_path, 0, sizeof(struct sc_path));
|
||||
|
||||
switch(obj->type & SC_PKCS15_TYPE_CLASS_MASK) {
|
||||
case SC_PKCS15_TYPE_PRKEY:
|
||||
case SC_PKCS15_TYPE_PRKEY:
|
||||
*ret_path = ((struct sc_pkcs15_prkey_info *)obj->data)->path;
|
||||
return SC_SUCCESS;
|
||||
case SC_PKCS15_TYPE_PUBKEY:
|
||||
case SC_PKCS15_TYPE_PUBKEY:
|
||||
*ret_path = ((struct sc_pkcs15_pubkey_info *)obj->data)->path;
|
||||
return SC_SUCCESS;
|
||||
case SC_PKCS15_TYPE_CERT:
|
||||
case SC_PKCS15_TYPE_CERT:
|
||||
*ret_path = ((struct sc_pkcs15_cert_info *)obj->data)->path;
|
||||
return SC_SUCCESS;
|
||||
case SC_PKCS15_TYPE_DATA_OBJECT:
|
||||
|
@ -2258,7 +2258,7 @@ get_object_path_from_object (struct sc_pkcs15_object *obj,
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
select_object_path(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
struct sc_pkcs15_object *obj, struct sc_path *path)
|
||||
{
|
||||
|
@ -2277,13 +2277,13 @@ select_object_path(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
|||
nn_objs = r;
|
||||
|
||||
/* For cards with a pin-domain profile, we need
|
||||
* to put the key below the DF of the specified PIN
|
||||
* to put the key below the DF of the specified PIN
|
||||
*/
|
||||
memset(path, 0, sizeof(*path));
|
||||
if (obj->auth_id.len && profile->pin_domains != 0) {
|
||||
r = sc_pkcs15init_get_pin_path(p15card, &obj->auth_id, path);
|
||||
LOG_TEST_RET(ctx, r, "Cannot get PIN path");
|
||||
}
|
||||
}
|
||||
else {
|
||||
*path = profile->df_info->file->path;
|
||||
}
|
||||
|
@ -2299,13 +2299,13 @@ select_object_path(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
|||
|
||||
indx_id.len = 1;
|
||||
for (indx = TEMPLATE_INSTANTIATE_MIN_INDEX; indx <= TEMPLATE_INSTANTIATE_MAX_INDEX; indx++) {
|
||||
indx_id.value[0] = indx;
|
||||
indx_id.value[0] = indx;
|
||||
r = sc_profile_instantiate_template(profile, "key-domain", path, name, &indx_id, &file);
|
||||
if (r == SC_ERROR_TEMPLATE_NOT_FOUND) {
|
||||
/* No template in 'key-domain' -- try to instantiate the template-'object name'
|
||||
* outside of the 'key-domain' scope. */
|
||||
char t_name[0x40];
|
||||
|
||||
|
||||
snprintf(t_name, sizeof(t_name), "template-%s", name);
|
||||
sc_log(ctx, "get instance %i of '%s'", indx, t_name);
|
||||
r = sc_profile_get_file_instance(profile, t_name, indx, &file);
|
||||
|
@ -2345,7 +2345,7 @@ select_object_path(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
|||
|
||||
*path = file->path;
|
||||
sc_file_free(file);
|
||||
|
||||
|
||||
sc_log(ctx, "returns object path '%s'", sc_print_path(path));
|
||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||
}
|
||||
|
@ -2487,7 +2487,7 @@ sc_pkcs15init_update_odf(struct sc_pkcs15_card *p15card,
|
|||
* Update any PKCS15 DF file (except ODF and DIR)
|
||||
*/
|
||||
int
|
||||
sc_pkcs15init_update_any_df(struct sc_pkcs15_card *p15card,
|
||||
sc_pkcs15init_update_any_df(struct sc_pkcs15_card *p15card,
|
||||
struct sc_profile *profile,
|
||||
struct sc_pkcs15_df *df,
|
||||
int is_new)
|
||||
|
@ -2594,7 +2594,7 @@ sc_pkcs15init_add_object(struct sc_pkcs15_card *p15card, struct sc_profile *prof
|
|||
}
|
||||
|
||||
|
||||
struct sc_pkcs15_object *
|
||||
struct sc_pkcs15_object *
|
||||
sc_pkcs15init_new_object(int type, const char *label, struct sc_pkcs15_id *auth_id, void *data)
|
||||
{
|
||||
struct sc_pkcs15_object *object;
|
||||
|
@ -2716,8 +2716,8 @@ sc_pkcs15init_change_attrib(struct sc_pkcs15_card *p15card, struct sc_profile *p
|
|||
}
|
||||
|
||||
|
||||
int
|
||||
sc_pkcs15init_delete_object(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
int
|
||||
sc_pkcs15init_delete_object(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
struct sc_pkcs15_object *obj)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -2759,14 +2759,14 @@ sc_pkcs15init_delete_object(struct sc_pkcs15_card *p15card, struct sc_profile *p
|
|||
if (stored_in_ef) {
|
||||
r = sc_pkcs15init_delete_by_path(profile, p15card, &path);
|
||||
LOG_TEST_RET(ctx, r, "Failed to delete object by path");
|
||||
}
|
||||
}
|
||||
else if (profile->ops->delete_object != NULL) {
|
||||
/* If there's a card-specific way to delete objects, use it. */
|
||||
r = profile->ops->delete_object(profile, p15card, obj, &path);
|
||||
LOG_TEST_RET(ctx, r, "Card specific delete object failed");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if (profile->ops->emu_update_any_df) {
|
||||
r = profile->ops->emu_update_any_df(profile, p15card, SC_AC_OP_ERASE, obj);
|
||||
LOG_TEST_RET(ctx, r, "'ERASE' update DF failed");
|
||||
|
@ -2841,7 +2841,7 @@ sc_pkcs15init_update_certificate(struct sc_pkcs15_card *p15card,
|
|||
struct sc_path tmp_path;
|
||||
|
||||
/* FCI of selected cert file do not contains ACLs.
|
||||
* For the 'UPDATE' authentication use instead sc_file
|
||||
* For the 'UPDATE' authentication use instead sc_file
|
||||
* instantiated from card profile with default ACLs. */
|
||||
sc_file_free(file);
|
||||
|
||||
|
@ -2956,11 +2956,11 @@ sc_pkcs15init_get_transport_key(struct sc_profile *profile, struct sc_pkcs15_car
|
|||
int rv;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
|
||||
|
||||
data.method = type;
|
||||
data.key_ref = reference;
|
||||
data.len = sizeof(defbuf);
|
||||
data.key_data = defbuf;
|
||||
data.key_data = defbuf;
|
||||
rv = sc_card_ctl(p15card->card, SC_CARDCTL_GET_DEFAULT_KEY, &data);
|
||||
if (rv >= 0)
|
||||
defsize = data.len;
|
||||
|
@ -2975,7 +2975,7 @@ sc_pkcs15init_get_transport_key(struct sc_profile *profile, struct sc_pkcs15_car
|
|||
memcpy(pinbuf, data.key_data, data.len);
|
||||
*pinsize = data.len;
|
||||
}
|
||||
|
||||
|
||||
memset(&auth_info, 0, sizeof(auth_info));
|
||||
auth_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||
auth_info.auth_method = type;
|
||||
|
@ -3054,8 +3054,8 @@ sc_pkcs15init_verify_secret(struct sc_profile *profile, struct sc_pkcs15_card *p
|
|||
|
||||
r = SC_ERROR_OBJECT_NOT_FOUND;
|
||||
for (iter = tmp_path.len/2; iter >= 0 && r == SC_ERROR_OBJECT_NOT_FOUND; iter--, tmp_path.len -= 2)
|
||||
r = sc_pkcs15_find_pin_by_type_and_reference(p15card,
|
||||
tmp_path.len ? &tmp_path : NULL,
|
||||
r = sc_pkcs15_find_pin_by_type_and_reference(p15card,
|
||||
tmp_path.len ? &tmp_path : NULL,
|
||||
type, reference, &pin_obj);
|
||||
}
|
||||
else {
|
||||
|
@ -3095,7 +3095,7 @@ sc_pkcs15init_verify_secret(struct sc_profile *profile, struct sc_pkcs15_card *p
|
|||
break;
|
||||
}
|
||||
|
||||
if (r == SC_ERROR_OBJECT_NOT_FOUND) {
|
||||
if (r == SC_ERROR_OBJECT_NOT_FOUND) {
|
||||
if (p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD)
|
||||
r = 0, use_pinpad = 1;
|
||||
else
|
||||
|
@ -3104,7 +3104,7 @@ sc_pkcs15init_verify_secret(struct sc_profile *profile, struct sc_pkcs15_card *p
|
|||
|
||||
LOG_TEST_RET(ctx, r, "Failed to get secret");
|
||||
|
||||
found:
|
||||
found:
|
||||
if (pin_obj) {
|
||||
r = sc_pkcs15_verify_pin(p15card, pin_obj, pinsize ? pinbuf : NULL, pinsize);
|
||||
LOG_TEST_RET(ctx, r, "Cannot validate pkcs15 PIN");
|
||||
|
@ -3124,7 +3124,7 @@ found:
|
|||
pin_cmd.pin_reference = reference;
|
||||
pin_cmd.pin1.data = use_pinpad ? NULL : pinbuf;
|
||||
pin_cmd.pin1.len = use_pinpad ? 0: pinsize;
|
||||
|
||||
|
||||
r = sc_pin_cmd(p15card->card, &pin_cmd, NULL);
|
||||
LOG_TEST_RET(ctx, r, "'VERIFY' pin cmd failed");
|
||||
}
|
||||
|
@ -3141,7 +3141,7 @@ found:
|
|||
* info for that file in the profile file.
|
||||
*
|
||||
* In the latter case, there's a problem here if e.g. the SO PIN
|
||||
* defined by the profile is optional, and hasn't been set.
|
||||
* defined by the profile is optional, and hasn't been set.
|
||||
* On the orther hands, some cards do not return access conditions
|
||||
* in their response to SELECT FILE), so the latter case has been
|
||||
* used in most cards while the first case was added much later.
|
||||
|
@ -3192,7 +3192,7 @@ sc_pkcs15init_authenticate(struct sc_profile *profile, struct sc_pkcs15_card *p1
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
do_select_parent(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_file *file, struct sc_file **parent)
|
||||
{
|
||||
|
@ -3225,7 +3225,7 @@ do_select_parent(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
|
||||
r = sc_select_file(p15card->card, &path, NULL);
|
||||
LOG_TEST_RET(ctx, r, "Cannot select parent DF");
|
||||
}
|
||||
}
|
||||
else if (r == SC_SUCCESS && !strcmp(p15card->card->name, "STARCOS SPK 2.3")) {
|
||||
/* in case of starcos spk 2.3 SELECT FILE does not
|
||||
* give us the ACLs => ask the profile */
|
||||
|
@ -3277,8 +3277,8 @@ sc_pkcs15init_create_file(struct sc_profile *profile, struct sc_pkcs15_card *p15
|
|||
|
||||
|
||||
int
|
||||
sc_pkcs15init_update_file(struct sc_profile *profile,
|
||||
struct sc_pkcs15_card *p15card, struct sc_file *file,
|
||||
sc_pkcs15init_update_file(struct sc_profile *profile,
|
||||
struct sc_pkcs15_card *p15card, struct sc_file *file,
|
||||
void *data, unsigned int datalen)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -3300,20 +3300,20 @@ sc_pkcs15init_update_file(struct sc_profile *profile,
|
|||
|
||||
r = sc_pkcs15init_create_file(profile, p15card, file);
|
||||
LOG_TEST_RET(ctx, r, "Failed to create file");
|
||||
|
||||
|
||||
r = sc_select_file(p15card->card, &file->path, &selected_file);
|
||||
LOG_TEST_RET(ctx, r, "Failed to select newly created file");
|
||||
}
|
||||
else {
|
||||
LOG_TEST_RET(ctx, r, "Failed to select file");
|
||||
}
|
||||
}
|
||||
|
||||
if (selected_file->size < datalen) {
|
||||
sc_log(ctx, "File %s too small (require %u, have %u)",
|
||||
sc_log(ctx, "File %s too small (require %u, have %u)",
|
||||
sc_print_path(&file->path), datalen, selected_file->size);
|
||||
sc_file_free(selected_file);
|
||||
LOG_TEST_RET(ctx, SC_ERROR_FILE_TOO_SMALL, "Update file failed");
|
||||
}
|
||||
}
|
||||
else if (selected_file->size > datalen && need_to_zap) {
|
||||
/* zero out the rest of the file - we may have shrunk
|
||||
* the file contents */
|
||||
|
@ -3371,11 +3371,11 @@ sc_pkcs15init_fixup_acls(struct sc_pkcs15_card *p15card, struct sc_file *file,
|
|||
if (acl->key_ref == SC_PKCS15INIT_SO_PIN) {
|
||||
acl = so_acl;
|
||||
what = "SO PIN";
|
||||
}
|
||||
}
|
||||
else if (acl->key_ref == SC_PKCS15INIT_USER_PIN) {
|
||||
acl = user_acl;
|
||||
what = "user PIN";
|
||||
}
|
||||
}
|
||||
else {
|
||||
sc_log(ctx, "ACL references unknown symbolic PIN %d", acl->key_ref);
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
|
@ -3390,7 +3390,7 @@ sc_pkcs15init_fixup_acls(struct sc_pkcs15_card *p15card, struct sc_file *file,
|
|||
|
||||
if (acl->method == SC_AC_NONE)
|
||||
continue;
|
||||
next:
|
||||
next:
|
||||
sc_file_add_acl_entry(file, op, acl->method, acl->key_ref);
|
||||
added++;
|
||||
}
|
||||
|
@ -3406,7 +3406,7 @@ sc_pkcs15init_fixup_acls(struct sc_pkcs15_card *p15card, struct sc_file *file,
|
|||
* Fix up all file ACLs
|
||||
*/
|
||||
int
|
||||
sc_pkcs15init_fixup_file(struct sc_profile *profile,
|
||||
sc_pkcs15init_fixup_file(struct sc_profile *profile,
|
||||
struct sc_pkcs15_card *p15card, struct sc_file *file)
|
||||
{
|
||||
struct sc_context *ctx = profile->card->ctx;
|
||||
|
@ -3434,7 +3434,7 @@ sc_pkcs15init_fixup_file(struct sc_profile *profile,
|
|||
if (pin_ref < 0) {
|
||||
so_acl.method = SC_AC_NONE;
|
||||
so_acl.key_ref = 0;
|
||||
}
|
||||
}
|
||||
else {
|
||||
so_acl.method = SC_AC_CHV;
|
||||
so_acl.key_ref = pin_ref;
|
||||
|
@ -3444,12 +3444,12 @@ sc_pkcs15init_fixup_file(struct sc_profile *profile,
|
|||
if (pin_ref < 0) {
|
||||
user_acl.method = SC_AC_NONE;
|
||||
user_acl.key_ref = 0;
|
||||
}
|
||||
}
|
||||
else {
|
||||
user_acl.method = SC_AC_CHV;
|
||||
user_acl.key_ref = pin_ref;
|
||||
}
|
||||
sc_log(ctx, "so_acl(method:%X,ref:%X), user_acl(method:%X,ref:%X)",
|
||||
sc_log(ctx, "so_acl(method:%X,ref:%X), user_acl(method:%X,ref:%X)",
|
||||
so_acl.method, so_acl.key_ref, user_acl.method, user_acl.key_ref);
|
||||
|
||||
rv = sc_pkcs15init_fixup_acls(p15card, file, &so_acl, &user_acl);
|
||||
|
@ -3508,7 +3508,7 @@ sc_pkcs15init_set_serial(struct sc_profile *profile, const char *serial)
|
|||
|
||||
|
||||
/*
|
||||
* Card specific sanity check procedure.
|
||||
* Card specific sanity check procedure.
|
||||
*/
|
||||
int
|
||||
sc_pkcs15init_sanity_check(struct sc_pkcs15_card *p15card, struct sc_profile *profile)
|
||||
|
@ -3620,7 +3620,7 @@ sc_pkcs15init_parse_info(struct sc_card *card,
|
|||
if ((p == NULL) || (len == 0))
|
||||
return 0;
|
||||
|
||||
end = p + (len - 1);
|
||||
end = p + (len - 1);
|
||||
while (p < end) { /* more bytes to look at */
|
||||
int r = 0;
|
||||
|
||||
|
@ -3663,7 +3663,7 @@ error:
|
|||
}
|
||||
|
||||
static int
|
||||
do_encode_string(unsigned char **memp, unsigned char *end,
|
||||
do_encode_string(unsigned char **memp, unsigned char *end,
|
||||
unsigned char tag, const char *s)
|
||||
{
|
||||
unsigned char *p = *memp;
|
||||
|
@ -3683,7 +3683,7 @@ do_encode_string(unsigned char **memp, unsigned char *end,
|
|||
|
||||
|
||||
static int
|
||||
sc_pkcs15init_write_info(struct sc_pkcs15_card *p15card,
|
||||
sc_pkcs15init_write_info(struct sc_pkcs15_card *p15card,
|
||||
struct sc_profile *profile,
|
||||
struct sc_pkcs15_object *pin_obj)
|
||||
{
|
||||
|
|
|
@ -107,7 +107,7 @@ miocos_update_private_key(struct sc_profile *profile, sc_card_t *card,
|
|||
{
|
||||
int r;
|
||||
u8 buf[266];
|
||||
|
||||
|
||||
memcpy(buf, "\x30\x82\x01\x06\x80\x81\x80", 7);
|
||||
memcpy(buf + 7, rsa->modulus.data, 128);
|
||||
memcpy(buf + 7 + 128, "\x82\x81\x80", 3);
|
||||
|
@ -120,7 +120,7 @@ miocos_update_private_key(struct sc_profile *profile, sc_card_t *card,
|
|||
/*
|
||||
* Initialize the Application DF
|
||||
*/
|
||||
static int
|
||||
static int
|
||||
miocos_create_dir(struct sc_profile *profile, sc_pkcs15_card_t *p15card,
|
||||
struct sc_file *df)
|
||||
{
|
||||
|
@ -142,7 +142,7 @@ miocos_select_pin_reference(struct sc_profile *profile, sc_pkcs15_card_t *p15car
|
|||
return SC_ERROR_OBJECT_NOT_VALID;
|
||||
|
||||
if (auth_info->attrs.pin.reference < MIOCOS_PIN_ID_MIN)
|
||||
auth_info->attrs.pin.reference = MIOCOS_PIN_ID_MIN;
|
||||
auth_info->attrs.pin.reference = MIOCOS_PIN_ID_MIN;
|
||||
|
||||
return SC_SUCCESS;
|
||||
}
|
||||
|
@ -151,7 +151,7 @@ miocos_select_pin_reference(struct sc_profile *profile, sc_pkcs15_card_t *p15car
|
|||
* Create new PIN
|
||||
*/
|
||||
static int
|
||||
miocos_create_pin(struct sc_profile *profile, sc_pkcs15_card_t *p15card, struct sc_file *df,
|
||||
miocos_create_pin(struct sc_profile *profile, sc_pkcs15_card_t *p15card, struct sc_file *df,
|
||||
struct sc_pkcs15_object *pin_obj,
|
||||
const u8 *pin, size_t pin_len,
|
||||
const u8 *puk, size_t puk_len)
|
||||
|
@ -165,7 +165,7 @@ miocos_create_pin(struct sc_profile *profile, sc_pkcs15_card_t *p15card, struct
|
|||
|
||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
/* Ignore SOPIN */
|
||||
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||
return SC_SUCCESS;
|
||||
|
||||
auth_info->path = profile->df_info->file->path;
|
||||
|
@ -204,7 +204,7 @@ miocos_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
int r;
|
||||
|
||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
|
||||
if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "MioCOS supports only 1024-bit RSA keys.");
|
||||
|
||||
if (key_info->modulus_length != 1024)
|
||||
|
@ -242,7 +242,7 @@ miocos_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
int r;
|
||||
|
||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
if (object->type != SC_PKCS15_TYPE_PRKEY_RSA
|
||||
if (object->type != SC_PKCS15_TYPE_PRKEY_RSA
|
||||
|| key->algorithm != SC_ALGORITHM_RSA)
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "MioCOS supports only 1024-bit RSA keys.");
|
||||
|
||||
|
@ -273,7 +273,7 @@ static struct sc_pkcs15init_operations sc_pkcs15init_miocos_operations = {
|
|||
miocos_create_pin,
|
||||
NULL, /* select_key_reference */
|
||||
miocos_create_key,
|
||||
miocos_store_key,
|
||||
miocos_store_key,
|
||||
NULL, /* generate_key */
|
||||
NULL, NULL, /* encode private/public key */
|
||||
NULL, /* finalize_card */
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* pkcs15-muscle.c: Support for MuscleCard Applet from musclecard.com
|
||||
* pkcs15-muscle.c: Support for MuscleCard Applet from musclecard.com
|
||||
*
|
||||
* Copyright (C) 2006, Identity Alliance, Thomas Harning <support@identityalliance.com>
|
||||
*
|
||||
|
@ -81,7 +81,7 @@ muscle_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *d
|
|||
if ((r = sc_select_file(p15card->card, &df->path, NULL)) < 0)
|
||||
return r;
|
||||
|
||||
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -169,7 +169,7 @@ muscle_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
struct sc_pkcs15_prkey_rsa *rsa;
|
||||
sc_cardctl_muscle_key_info_t info;
|
||||
int r;
|
||||
|
||||
|
||||
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Muscle supports RSA keys only.");
|
||||
return SC_ERROR_NOT_SUPPORTED;
|
||||
|
@ -189,24 +189,24 @@ muscle_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE,r);
|
||||
}
|
||||
rsa = &key->u.rsa;
|
||||
|
||||
|
||||
info.keySize = rsa->modulus.len << 3;
|
||||
info.keyType = 0x03; /* CRT type */
|
||||
info.keyLocation = key_info->key_reference * 2; /* Mult by 2 to preserve even/odd keynumber structure */
|
||||
|
||||
|
||||
info.pLength = rsa->p.len;
|
||||
info.pValue = rsa->p.data;
|
||||
info.qLength = rsa->q.len;
|
||||
info.qValue = rsa->q.data;
|
||||
|
||||
|
||||
info.pqLength = rsa->iqmp.len;
|
||||
info.pqValue = rsa->iqmp.data;
|
||||
|
||||
|
||||
info.dp1Length = rsa->dmp1.len;
|
||||
info.dp1Value = rsa->dmp1.data;
|
||||
info.dq1Length = rsa->dmq1.len;
|
||||
info.dq1Value = rsa->dmq1.data;
|
||||
|
||||
|
||||
r = sc_card_ctl(p15card->card, SC_CARDCTL_MUSCLE_IMPORT_KEY, &info);
|
||||
if (r < 0) {
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unable to import key");
|
||||
|
@ -227,7 +227,7 @@ muscle_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
sc_file_t* prkf;
|
||||
unsigned int keybits;
|
||||
int r;
|
||||
|
||||
|
||||
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Muscle supports only RSA keys (for now).");
|
||||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_NOT_SUPPORTED);
|
||||
|
@ -248,27 +248,27 @@ muscle_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_NOT_SUPPORTED);
|
||||
}
|
||||
sc_file_free(prkf);
|
||||
|
||||
|
||||
/* END VERIFICATION STUFF */
|
||||
|
||||
|
||||
/* Public key acls... get_file_by_path as well? */
|
||||
|
||||
|
||||
memset(&args, 0, sizeof(args));
|
||||
args.keyType = 0x01; /* RSA forced */
|
||||
args.privateKeyLocation = key_info->key_reference * 2;
|
||||
args.publicKeyLocation = key_info->key_reference * 2 + 1;
|
||||
|
||||
|
||||
args.keySize = keybits;
|
||||
|
||||
|
||||
r = sc_card_ctl(card, SC_CARDCTL_MUSCLE_GENERATE_KEY, &args);
|
||||
if (r < 0) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unable to generate key");
|
||||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,r);
|
||||
}
|
||||
|
||||
|
||||
memset(&extArgs, 0, sizeof(extArgs));
|
||||
memset(pubkey, 0, sizeof(*pubkey));
|
||||
|
||||
|
||||
extArgs.keyType = 0x01;
|
||||
extArgs.keyLocation = args.publicKeyLocation;
|
||||
r = sc_card_ctl(card, SC_CARDCTL_MUSCLE_EXTRACT_KEY, &extArgs);
|
||||
|
@ -276,20 +276,20 @@ muscle_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unable to extract the public key");
|
||||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,r);
|
||||
}
|
||||
|
||||
|
||||
pubkey->algorithm = SC_ALGORITHM_RSA;
|
||||
pubkey->u.rsa.modulus.len = extArgs.modLength;
|
||||
pubkey->u.rsa.modulus.data = extArgs.modValue;
|
||||
pubkey->u.rsa.exponent.len = extArgs.expLength;
|
||||
pubkey->u.rsa.exponent.data = extArgs.expValue;
|
||||
|
||||
|
||||
if (r < 0) {
|
||||
if (pubkey->u.rsa.modulus.data)
|
||||
free (pubkey->u.rsa.modulus.data);
|
||||
if (pubkey->u.rsa.exponent.data)
|
||||
free (pubkey->u.rsa.exponent.data);
|
||||
}
|
||||
return r;
|
||||
return r;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -39,8 +39,8 @@ unsigned char MYEID_DEFAULT_PUBKEY[] = {0x01, 0x00, 0x01};
|
|||
#define MYEID_DEFAULT_PUBKEY_LEN sizeof(MYEID_DEFAULT_PUBKEY)
|
||||
|
||||
/* For Myeid, all objects are files that can be deleted in any order */
|
||||
static int
|
||||
myeid_delete_object(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
static int
|
||||
myeid_delete_object(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_object *object, const struct sc_path *path)
|
||||
{
|
||||
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
@ -53,19 +53,19 @@ myeid_delete_object(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
* using the ACLs defined in card profile.
|
||||
*/
|
||||
static int
|
||||
myeid_get_init_applet_data(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
myeid_get_init_applet_data(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
unsigned char *data, size_t data_len)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
struct sc_file *tmp_file = NULL;
|
||||
const struct sc_acl_entry *entry = NULL;
|
||||
int r;
|
||||
|
||||
|
||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
||||
if (data_len < 8)
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_BUFFER_TOO_SMALL, "Cannot get init applet data");
|
||||
|
||||
|
||||
*(data + 0) = 0xFF;
|
||||
*(data + 1) = 0xFF;
|
||||
|
||||
|
@ -130,7 +130,7 @@ myeid_get_init_applet_data(struct sc_profile *profile, struct sc_pkcs15_card *p1
|
|||
/*
|
||||
* Erase the card.
|
||||
*/
|
||||
static int
|
||||
static int
|
||||
myeid_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -138,7 +138,7 @@ myeid_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
|
|||
struct sc_file *mf = NULL;
|
||||
unsigned char data[8];
|
||||
int r;
|
||||
|
||||
|
||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
||||
r = myeid_get_init_applet_data(profile, p15card, data, sizeof(data));
|
||||
|
@ -152,7 +152,7 @@ myeid_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
|
|||
if (mf->status == SC_FILE_STATUS_ACTIVATED)
|
||||
r = sc_pkcs15init_authenticate(profile, p15card, mf, SC_AC_OP_DELETE);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "'DELETE' authentication failed on MF");
|
||||
|
||||
|
||||
data_obj.P1 = 0x01;
|
||||
data_obj.P2 = 0xE0;
|
||||
data_obj.Data = data;
|
||||
|
@ -163,8 +163,8 @@ myeid_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
|
|||
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r);
|
||||
}
|
||||
|
||||
static int
|
||||
myeid_init_card(sc_profile_t *profile,
|
||||
static int
|
||||
myeid_init_card(sc_profile_t *profile,
|
||||
sc_pkcs15_card_t *p15card)
|
||||
{
|
||||
struct sc_path path;
|
||||
|
@ -180,15 +180,15 @@ myeid_init_card(sc_profile_t *profile,
|
|||
|
||||
if (file)
|
||||
sc_file_free(file);
|
||||
|
||||
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r);
|
||||
|
||||
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Create a DF
|
||||
*/
|
||||
static int
|
||||
static int
|
||||
myeid_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -202,7 +202,7 @@ myeid_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df
|
|||
"PKCS15-DODF",
|
||||
NULL
|
||||
};
|
||||
|
||||
|
||||
static const int create_dfs_val[] = {
|
||||
SC_PKCS15_PRKDF,
|
||||
SC_PKCS15_PUKDF,
|
||||
|
@ -210,7 +210,7 @@ myeid_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df
|
|||
SC_PKCS15_CDF_TRUSTED,
|
||||
SC_PKCS15_DODF
|
||||
};
|
||||
|
||||
|
||||
if (!profile || !p15card || !df)
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
|
||||
|
@ -244,7 +244,7 @@ myeid_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df
|
|||
/*
|
||||
* Select the PIN reference
|
||||
*/
|
||||
static int
|
||||
static int
|
||||
myeid_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||
sc_pkcs15_auth_info_t *auth_info)
|
||||
{
|
||||
|
@ -257,11 +257,11 @@ myeid_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
{
|
||||
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||
"PIN_FLAG_SO_PIN, ref (%d), tries_left (%d)",
|
||||
auth_info->attrs.pin.reference, auth_info->tries_left);
|
||||
auth_info->attrs.pin.reference, auth_info->tries_left);
|
||||
}
|
||||
else
|
||||
else
|
||||
{
|
||||
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||
"PIN_FLAG_PIN, ref (%d), tries_left (%d)",
|
||||
auth_info->attrs.pin.reference, auth_info->tries_left);
|
||||
|
||||
|
@ -269,14 +269,14 @@ myeid_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
|
||||
if (auth_info->attrs.pin.reference <= 0 || auth_info->attrs.pin.reference > MYEID_MAX_PINS)
|
||||
auth_info->attrs.pin.reference = 1;
|
||||
|
||||
|
||||
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, 0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Create a new PIN
|
||||
*/
|
||||
static int
|
||||
static int
|
||||
myeid_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_file *df, struct sc_pkcs15_object *pin_obj,
|
||||
const unsigned char *pin, size_t pin_len,
|
||||
|
@ -300,15 +300,15 @@ myeid_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
if (pin == NULL || puk == NULL || pin_len < 4 || puk_len < 4)
|
||||
return SC_ERROR_INVALID_PIN_LENGTH;
|
||||
|
||||
sc_profile_get_pin_info(profile, (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||
? SC_PKCS15INIT_SO_PUK : SC_PKCS15INIT_USER_PUK,
|
||||
sc_profile_get_pin_info(profile, (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||
? SC_PKCS15INIT_SO_PUK : SC_PKCS15INIT_USER_PUK,
|
||||
&puk_ainfo);
|
||||
|
||||
memset(data, 0, sizeof(data));
|
||||
/* Make command to add a pin-record */
|
||||
data_obj.P1 = 0x01;
|
||||
data_obj.P2 = auth_info->attrs.pin.reference; /* myeid pin number */
|
||||
|
||||
|
||||
memset(data, auth_info->attrs.pin.pad_char, 8);
|
||||
memcpy(&data[0], (u8 *)pin, pin_len); /* copy pin */
|
||||
|
||||
|
@ -341,9 +341,9 @@ myeid_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
* Setup file struct & path: get correct template from the profile, construct full path
|
||||
* num = number of objects of this type already on the card
|
||||
*/
|
||||
static int
|
||||
static int
|
||||
myeid_new_file(sc_profile_t *profile, sc_card_t *card,
|
||||
unsigned int type, unsigned int num,
|
||||
unsigned int type, unsigned int num,
|
||||
sc_file_t **out)
|
||||
{
|
||||
sc_file_t *file;
|
||||
|
@ -361,7 +361,7 @@ myeid_new_file(sc_profile_t *profile, sc_card_t *card,
|
|||
tag = "certificate";
|
||||
else if ((type & SC_PKCS15_TYPE_CLASS_MASK) == SC_PKCS15_TYPE_DATA_OBJECT)
|
||||
tag = "data";
|
||||
else
|
||||
else
|
||||
{
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported file type");
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
|
@ -369,7 +369,7 @@ myeid_new_file(sc_profile_t *profile, sc_card_t *card,
|
|||
|
||||
/* Get template from profile */
|
||||
snprintf(name, sizeof(name), "template-%s", tag);
|
||||
if (sc_profile_get_file(profile, name, &file) < 0)
|
||||
if (sc_profile_get_file(profile, name, &file) < 0)
|
||||
{
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Profile doesn't define %s", name);
|
||||
return SC_ERROR_NOT_SUPPORTED;
|
||||
|
@ -384,7 +384,7 @@ myeid_new_file(sc_profile_t *profile, sc_card_t *card,
|
|||
|
||||
/* Increment FID until there's no file with such path */
|
||||
r = sc_select_file(card, p, NULL);
|
||||
while(r == 0)
|
||||
while(r == 0)
|
||||
{
|
||||
file->id++;
|
||||
p->value[p->len - 2] = (u8) (file->id / 256);
|
||||
|
@ -397,18 +397,18 @@ myeid_new_file(sc_profile_t *profile, sc_card_t *card,
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
myeid_encode_private_key(sc_profile_t *profile, sc_card_t *card,
|
||||
struct sc_pkcs15_prkey_rsa *rsa, u8 *key,
|
||||
struct sc_pkcs15_prkey_rsa *rsa, u8 *key,
|
||||
size_t *keysize, int key_ref)
|
||||
{
|
||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0);
|
||||
}
|
||||
|
||||
static int
|
||||
myeid_encode_public_key(sc_profile_t *profile, sc_card_t *card,
|
||||
struct sc_pkcs15_prkey_rsa *rsa, u8 *key,
|
||||
static int
|
||||
myeid_encode_public_key(sc_profile_t *profile, sc_card_t *card,
|
||||
struct sc_pkcs15_prkey_rsa *rsa, u8 *key,
|
||||
size_t *keysize, int key_ref)
|
||||
{
|
||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
@ -426,7 +426,7 @@ static int myeid_generate_key(sc_profile_t *profile, sc_card_t *card,
|
|||
sc_pkcs15_pubkey_t *pubkey,
|
||||
struct sc_pkcs15_prkey_info *info)
|
||||
{
|
||||
return myeid_generate_store_key(profile, card, index, keybits,
|
||||
return myeid_generate_store_key(profile, card, index, keybits,
|
||||
pubkey, NULL, info);
|
||||
}
|
||||
|
||||
|
@ -437,7 +437,7 @@ static int myeid_new_key(sc_profile_t *profile, sc_card_t *card,
|
|||
struct sc_pkcs15_prkey *key, unsigned int index,
|
||||
struct sc_pkcs15_prkey_info *info)
|
||||
{
|
||||
return myeid_generate_store_key(profile, card, index,
|
||||
return myeid_generate_store_key(profile, card, index,
|
||||
key->u.rsa.modulus.len * 8, NULL, key, info);
|
||||
}
|
||||
|
||||
|
@ -460,13 +460,13 @@ static int myeid_generate_store_key(sc_profile_t *profile, sc_card_t *card,
|
|||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
/* Parameter check */
|
||||
if ( (keybits < 1024) || (keybits > 2048) || (keybits & 0X7)) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||
"Unsupported key size [%u]: 1024-2048 bit + 8-multiple\n", keybits);
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
}
|
||||
|
||||
/* Get the private key file */
|
||||
r = myeid_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, index, &prkf);
|
||||
r = myeid_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, index, &prkf);
|
||||
if (r < 0)
|
||||
goto done;
|
||||
|
||||
|
@ -482,13 +482,13 @@ static int myeid_generate_store_key(sc_profile_t *profile, sc_card_t *card,
|
|||
/* Fill in data structure */
|
||||
memset(&args, 0, sizeof(args));
|
||||
args.mod_len = keybits;
|
||||
if (prkey == NULL)
|
||||
if (prkey == NULL)
|
||||
{
|
||||
args.op_type = OP_TYPE_GENERATE;
|
||||
args.pubexp_len = MYEID_DEFAULT_PUBKEY_LEN;
|
||||
args.pubexp = MYEID_DEFAULT_PUBKEY;
|
||||
}
|
||||
else
|
||||
else
|
||||
{
|
||||
args.op_type = OP_TYPE_STORE;
|
||||
args.pubexp_len = prkey->u.rsa.exponent.len;
|
||||
|
@ -506,14 +506,14 @@ static int myeid_generate_store_key(sc_profile_t *profile, sc_card_t *card,
|
|||
args.invq = prkey->u.rsa.iqmp.data;
|
||||
|
||||
args.mod_len = prkey->u.rsa.modulus.len;
|
||||
args.mod = prkey->u.rsa.modulus.data;
|
||||
args.mod = prkey->u.rsa.modulus.data;
|
||||
}
|
||||
|
||||
/* Authenticate */
|
||||
r = sc_pkcs15init_authenticate(profile, card, prkf, SC_AC_OP_UPDATE);
|
||||
if (r < 0)
|
||||
if (r < 0)
|
||||
goto done;
|
||||
|
||||
|
||||
/* Generate/store rsa key */
|
||||
r = sc_card_ctl(card, SC_CARDCTL_MYEID_GENERATE_KEY, &args);
|
||||
if (r < 0)
|
||||
|
@ -561,7 +561,7 @@ myeid_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
memcpy(&key_info->path.value, &file->path.value, file->path.len);
|
||||
key_info->key_reference = file->path.value[file->path.len - 1] & 0xFF;
|
||||
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Path of MyEID private key file to create %s",
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Path of MyEID private key file to create %s",
|
||||
sc_print_path(&file->path));
|
||||
|
||||
/* Now create the key file */
|
||||
|
@ -578,7 +578,7 @@ myeid_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
*/
|
||||
static int
|
||||
myeid_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_prkey *prkey)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -596,16 +596,16 @@ myeid_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
if (sc_card_find_rsa_alg(p15card->card, keybits) == NULL)
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size");
|
||||
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store MyEID key with ID:%s and path:%s",
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store MyEID key with ID:%s and path:%s",
|
||||
sc_pkcs15_print_id(&key_info->id), sc_print_path(&key_info->path));
|
||||
|
||||
r = sc_select_file(card, &key_info->path, &file);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store MyEID key: select key file failed");
|
||||
|
||||
|
||||
r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to store MyEID private key");
|
||||
|
||||
if (file)
|
||||
if (file)
|
||||
sc_file_free(file);
|
||||
|
||||
/* Fill in data structure */
|
||||
|
@ -627,7 +627,7 @@ myeid_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
args.invq = prkey->u.rsa.iqmp.data;
|
||||
|
||||
args.mod_len = prkey->u.rsa.modulus.len;
|
||||
args.mod = prkey->u.rsa.modulus.data;
|
||||
args.mod = prkey->u.rsa.modulus.data;
|
||||
|
||||
/* Store RSA key */
|
||||
r = sc_card_ctl(card, SC_CARDCTL_MYEID_GENERATE_STORE_KEY, &args);
|
||||
|
@ -639,7 +639,7 @@ myeid_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
|
||||
static int
|
||||
myeid_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_pubkey *pubkey)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -659,12 +659,12 @@ myeid_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
if (sc_card_find_rsa_alg(p15card->card, keybits) == NULL)
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size");
|
||||
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store MyEID key with ID:%s and path:%s",
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store MyEID key with ID:%s and path:%s",
|
||||
sc_pkcs15_print_id(&key_info->id), sc_print_path(&key_info->path));
|
||||
|
||||
r = sc_select_file(card, &key_info->path, &file);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store MyEID key: select key file failed");
|
||||
|
||||
|
||||
r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_GENERATE);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to generate MyEID private key");
|
||||
|
||||
|
@ -709,7 +709,7 @@ myeid_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
memcpy (pubkey->u.rsa.modulus.data, raw_pubkey, pubkey->u.rsa.modulus.len);
|
||||
}
|
||||
|
||||
if (file)
|
||||
if (file)
|
||||
sc_file_free(file);
|
||||
|
||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -59,8 +59,8 @@ static int cosm_update_pin(struct sc_profile *, struct sc_pkcs15_card *,
|
|||
struct sc_pkcs15_auth_info *, const unsigned char *, size_t,
|
||||
const unsigned char *, size_t);
|
||||
|
||||
static int
|
||||
cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
static int
|
||||
cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
char *label, unsigned flags)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -71,7 +71,7 @@ cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile
|
|||
|
||||
if (!p15card || !profile)
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
|
||||
|
||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "cosm_write_tokeninfo() label '%s'; flags 0x%X", label, flags);
|
||||
if (sc_profile_get_file(profile, COSM_TITLE"-token-info", &file))
|
||||
|
@ -79,12 +79,12 @@ cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile
|
|||
|
||||
if (file->size < 16)
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "Unsufficient size of the "COSM_TITLE"-token-info file");
|
||||
|
||||
|
||||
buffer = calloc(1, file->size);
|
||||
if (!buffer)
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "Allocation error in cosm_write_tokeninfo()");
|
||||
|
||||
if (label)
|
||||
if (label)
|
||||
strncpy(buffer, label, file->size - 4);
|
||||
else if (p15card->tokeninfo->label)
|
||||
snprintf(buffer, file->size - 4, "%s", p15card->tokeninfo->label);
|
||||
|
@ -93,7 +93,7 @@ cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile
|
|||
else
|
||||
snprintf(buffer, file->size - 4, "OpenSC-Token");
|
||||
|
||||
sz = strlen(buffer);
|
||||
sz = strlen(buffer);
|
||||
if (sz < file->size - 4)
|
||||
memset(buffer + sz, ' ', file->size - sz);
|
||||
|
||||
|
@ -112,7 +112,7 @@ cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile
|
|||
}
|
||||
|
||||
|
||||
int
|
||||
int
|
||||
cosm_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||
struct sc_file *df)
|
||||
{
|
||||
|
@ -127,7 +127,7 @@ cosm_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
|||
rv = sc_pkcs15init_authenticate(profile, p15card, df, SC_AC_OP_DELETE);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot authenticate SC_AC_OP_DELETE");
|
||||
}
|
||||
|
||||
|
||||
/* Select the parent DF */
|
||||
path = df->path;
|
||||
path.len -= 2;
|
||||
|
@ -154,7 +154,7 @@ cosm_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
|||
/*
|
||||
* Erase the card
|
||||
*/
|
||||
static int
|
||||
static int
|
||||
cosm_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -166,7 +166,7 @@ cosm_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
|
|||
* against other applications that use this file, but
|
||||
* extremely useful for testing :)
|
||||
* Note we need to delete if before the DF because we create
|
||||
* it *after* the DF.
|
||||
* it *after* the DF.
|
||||
* */
|
||||
if (sc_profile_get_file(profile, "DIR", &dir) >= 0) {
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "erase file dir %04X",dir->id);
|
||||
|
@ -186,7 +186,7 @@ cosm_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
|
|||
if (rv < 0 && rv != SC_ERROR_FILE_NOT_FOUND)
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
||||
if (sc_profile_get_file(profile, "public-DF", &dir) >= 0) {
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "erase file dir %04X",dir->id);
|
||||
rv = cosm_delete_file(p15card, profile, dir);
|
||||
|
@ -203,7 +203,7 @@ cosm_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
|
|||
}
|
||||
|
||||
sc_free_apps(p15card->card);
|
||||
done:
|
||||
done:
|
||||
if (rv == SC_ERROR_FILE_NOT_FOUND)
|
||||
rv = 0;
|
||||
|
||||
|
@ -212,7 +212,7 @@ done:
|
|||
|
||||
|
||||
static int
|
||||
cosm_create_dir(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
cosm_create_dir(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_file *df)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -242,7 +242,7 @@ cosm_create_dir(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
|
||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
||||
#if 0
|
||||
#if 0
|
||||
rv = sc_pkcs15init_create_file(profile, p15card, df);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to create DIR DF");
|
||||
#endif
|
||||
|
@ -253,7 +253,7 @@ cosm_create_dir(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Inconsistent profile: cannot find %s", create_dfs[ii]);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "Profile do not contains Oberthur AWP file");
|
||||
}
|
||||
|
||||
|
||||
rv = sc_pkcs15init_create_file(profile, p15card, file);
|
||||
sc_file_free(file);
|
||||
if (rv != SC_ERROR_FILE_ALREADY_EXISTS)
|
||||
|
@ -267,10 +267,10 @@ cosm_create_dir(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
cosm_create_reference_data(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_auth_info *ainfo,
|
||||
const unsigned char *pin, size_t pin_len,
|
||||
struct sc_pkcs15_auth_info *ainfo,
|
||||
const unsigned char *pin, size_t pin_len,
|
||||
const unsigned char *puk, size_t puk_len )
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -291,7 +291,7 @@ cosm_create_reference_data(struct sc_profile *profile, struct sc_pkcs15_card *p1
|
|||
if (puk && !puk_len)
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
if (ainfo->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||
return SC_ERROR_OBJECT_NOT_VALID;
|
||||
return SC_ERROR_OBJECT_NOT_VALID;
|
||||
|
||||
rv = sc_select_file(card, &ainfo->path, NULL);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot select file");
|
||||
|
@ -320,7 +320,7 @@ cosm_create_reference_data(struct sc_profile *profile, struct sc_pkcs15_card *p1
|
|||
rv = sc_card_ctl(card, SC_CARDCTL_OBERTHUR_CREATE_PIN, &args);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "'CREATE_PIN' card specific command failed");
|
||||
|
||||
if (!(ainfo->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
||||
if (!(ainfo->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
||||
&& (profile_auth_puk.tries_left > 0)) {
|
||||
struct sc_file *file = NULL;
|
||||
|
||||
|
@ -336,7 +336,7 @@ cosm_create_reference_data(struct sc_profile *profile, struct sc_pkcs15_card *p1
|
|||
|
||||
if (puk_buff)
|
||||
free(puk_buff);
|
||||
|
||||
|
||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv);
|
||||
}
|
||||
|
||||
|
@ -344,17 +344,17 @@ cosm_create_reference_data(struct sc_profile *profile, struct sc_pkcs15_card *p1
|
|||
/*
|
||||
* Update PIN
|
||||
*/
|
||||
static int
|
||||
static int
|
||||
cosm_update_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_auth_info *ainfo, const unsigned char *pin, size_t pin_len,
|
||||
const unsigned char *puk, size_t puk_len )
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
int rv;
|
||||
|
||||
|
||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
if (ainfo->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||
return SC_ERROR_OBJECT_NOT_VALID;
|
||||
return SC_ERROR_OBJECT_NOT_VALID;
|
||||
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "ref %i; flags 0x%X", ainfo->attrs.pin.reference, ainfo->attrs.pin.flags);
|
||||
|
||||
|
@ -369,7 +369,7 @@ cosm_update_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "cosm_update_pin() failed to change PIN");
|
||||
|
||||
rv = cosm_write_tokeninfo(p15card, profile, NULL,
|
||||
COSM_TOKEN_FLAG_TOKEN_INITIALIZED
|
||||
COSM_TOKEN_FLAG_TOKEN_INITIALIZED
|
||||
| COSM_TOKEN_FLAG_PRN_GENERATION
|
||||
| COSM_TOKEN_FLAG_LOGIN_REQUIRED
|
||||
| COSM_TOKEN_FLAG_USER_PIN_INITIALIZED);
|
||||
|
@ -382,7 +382,7 @@ cosm_update_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
|
||||
static int
|
||||
cosm_select_pin_reference(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_auth_info *auth_info)
|
||||
struct sc_pkcs15_auth_info *auth_info)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
struct sc_pkcs15_pin_attributes *pin_attrs;
|
||||
|
@ -404,13 +404,13 @@ cosm_select_pin_reference(struct sc_profile *profile, struct sc_pkcs15_card *p15
|
|||
auth_info->path = pinfile->path;
|
||||
|
||||
sc_file_free(pinfile);
|
||||
|
||||
|
||||
if (pin_attrs->reference <= 0) {
|
||||
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||
pin_attrs->reference = 4;
|
||||
else if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
||||
pin_attrs->reference = 4;
|
||||
else
|
||||
pin_attrs->reference = 4;
|
||||
else
|
||||
pin_attrs->reference = 1;
|
||||
|
||||
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_LOCAL)
|
||||
|
@ -425,7 +425,7 @@ cosm_select_pin_reference(struct sc_profile *profile, struct sc_pkcs15_card *p15
|
|||
* Store a PIN
|
||||
*/
|
||||
static int
|
||||
cosm_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
cosm_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_file *df, struct sc_pkcs15_object *pin_obj,
|
||||
const unsigned char *pin, size_t pin_len,
|
||||
const unsigned char *puk, size_t puk_len)
|
||||
|
@ -450,19 +450,19 @@ cosm_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
auth_info->path = pin_file->path;
|
||||
|
||||
sc_file_free(pin_file);
|
||||
|
||||
|
||||
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) {
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "SOPIN unblocking is not supported");
|
||||
}
|
||||
else {
|
||||
if (pin_attrs->reference != 4)
|
||||
if (pin_attrs->reference != 4)
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "Invalid SOPIN reference");
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) {
|
||||
if (pin_attrs->reference != 0x84)
|
||||
if (pin_attrs->reference != 0x84)
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "Invalid User PUK reference");
|
||||
}
|
||||
else {
|
||||
|
@ -527,7 +527,7 @@ cosm_new_file(struct sc_profile *profile, struct sc_card *card,
|
|||
* the generic class (SC_PKCS15_TYPE_CERT)
|
||||
*/
|
||||
if (!(type & ~SC_PKCS15_TYPE_CLASS_MASK)) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File type %X not supported by card driver",
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File type %X not supported by card driver",
|
||||
type);
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
}
|
||||
|
@ -540,14 +540,14 @@ cosm_new_file(struct sc_profile *profile, struct sc_card *card,
|
|||
desc, _template);
|
||||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED);
|
||||
}
|
||||
|
||||
|
||||
file->id |= (num & 0xFF);
|
||||
file->path.value[file->path.len-1] |= (num & 0xFF);
|
||||
if (file->type == SC_FILE_TYPE_INTERNAL_EF) {
|
||||
file->ef_structure = structure;
|
||||
}
|
||||
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "cosm_new_file() file size %i; ef type %i/%i; id %04X",file->size,
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "cosm_new_file() file size %i; ef type %i/%i; id %04X",file->size,
|
||||
file->type, file->ef_structure, file->id);
|
||||
*out = file;
|
||||
|
||||
|
@ -599,7 +599,7 @@ cosm_get_temporary_public_key_file(struct sc_card *card,
|
|||
|
||||
static int
|
||||
cosm_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_pubkey *pubkey)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -619,25 +619,25 @@ cosm_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
|
||||
rv = sc_select_file(p15card->card, &path, &tmpf);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot generate key: failed to select private object DF");
|
||||
|
||||
rv = sc_pkcs15init_authenticate(profile, p15card, tmpf, SC_AC_OP_CRYPTO);
|
||||
|
||||
rv = sc_pkcs15init_authenticate(profile, p15card, tmpf, SC_AC_OP_CRYPTO);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot generate key: 'CRYPTO' authentication failed");
|
||||
|
||||
|
||||
rv = sc_pkcs15init_authenticate(profile, p15card, tmpf, SC_AC_OP_CREATE);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot generate key: 'CREATE' authentication failed");
|
||||
|
||||
|
||||
sc_file_free(tmpf);
|
||||
|
||||
rv = sc_select_file(p15card->card, &key_info->path, &prkf);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to generate key: cannot select private key file");
|
||||
|
||||
|
||||
/* In the private key DF create the temporary public RSA file. */
|
||||
rv = cosm_get_temporary_public_key_file(p15card->card, prkf, &tmpf);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Error while getting temporary public key file");
|
||||
|
||||
rv = sc_pkcs15init_create_file(profile, p15card, tmpf);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "cosm_generate_key() failed to create temporary public key EF");
|
||||
|
||||
|
||||
memset(&args, 0, sizeof(args));
|
||||
args.id_prv = prkf->id;
|
||||
args.id_pub = tmpf->id;
|
||||
|
@ -647,31 +647,31 @@ cosm_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
args.pubkey = malloc(key_info->modulus_length / 8);
|
||||
if (!args.pubkey)
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "cosm_generate_key() cannot allocate pubkey");
|
||||
|
||||
|
||||
rv = sc_card_ctl(p15card->card, SC_CARDCTL_OBERTHUR_GENERATE_KEY, &args);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "cosm_generate_key() CARDCTL_OBERTHUR_GENERATE_KEY failed");
|
||||
|
||||
|
||||
/* extract public key */
|
||||
pubkey->algorithm = SC_ALGORITHM_RSA;
|
||||
pubkey->u.rsa.modulus.len = key_info->modulus_length / 8;
|
||||
pubkey->u.rsa.modulus.data = malloc(key_info->modulus_length / 8);
|
||||
if (!pubkey->u.rsa.modulus.data)
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "cosm_generate_key() cannot allocate modulus buf");
|
||||
|
||||
|
||||
/* FIXME and if the exponent length is not 3? */
|
||||
pubkey->u.rsa.exponent.len = 3;
|
||||
pubkey->u.rsa.exponent.data = malloc(3);
|
||||
if (!pubkey->u.rsa.exponent.data)
|
||||
if (!pubkey->u.rsa.exponent.data)
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "cosm_generate_key() cannot allocate exponent buf");
|
||||
memcpy(pubkey->u.rsa.exponent.data, "\x01\x00\x01", 3);
|
||||
memcpy(pubkey->u.rsa.modulus.data, args.pubkey, args.pubkey_len);
|
||||
|
||||
key_info->key_reference = prkf->path.value[prkf->path.len - 1] & 0xFF;
|
||||
key_info->path = prkf->path;
|
||||
|
||||
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "cosm_generate_key() now delete temporary public key");
|
||||
rv = cosm_delete_file(p15card, profile, tmpf);
|
||||
|
||||
|
||||
sc_file_free(tmpf);
|
||||
sc_file_free(prkf);
|
||||
|
||||
|
@ -703,7 +703,7 @@ cosm_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
|
||||
file->size = key_info->modulus_length;
|
||||
memcpy(&file->path, &key_info->path, sizeof(file->path));
|
||||
file->id = file->path.value[file->path.len - 2] * 0x100
|
||||
file->id = file->path.value[file->path.len - 2] * 0x100
|
||||
+ file->path.value[file->path.len - 1];
|
||||
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Path of private key file to create %s", sc_print_path(&file->path));
|
||||
|
@ -716,7 +716,7 @@ cosm_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
else if (rv != SC_ERROR_FILE_NOT_FOUND) {
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Select private key file error");
|
||||
}
|
||||
|
||||
|
||||
rv = sc_pkcs15init_create_file(profile, p15card, file);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to create private key file");
|
||||
|
||||
|
@ -733,7 +733,7 @@ cosm_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
*/
|
||||
static int
|
||||
cosm_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_prkey *prkey)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -751,24 +751,24 @@ cosm_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
|
||||
rv = sc_select_file(p15card->card, &key_info->path, &file);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot store key: select key file failed");
|
||||
|
||||
|
||||
rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "No authorisation to store private key");
|
||||
|
||||
if (key_info->id.len > sizeof(update_info.id))
|
||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS);
|
||||
|
||||
|
||||
memset(&update_info, 0, sizeof(update_info));
|
||||
update_info.type = SC_CARDCTL_OBERTHUR_KEY_RSA_CRT;
|
||||
update_info.data = (void *)&prkey->u.rsa;
|
||||
update_info.data_len = sizeof(void *);
|
||||
update_info.id_len = key_info->id.len;
|
||||
memcpy(update_info.id, key_info->id.value, update_info.id_len);
|
||||
|
||||
|
||||
rv = sc_card_ctl(p15card->card, SC_CARDCTL_OBERTHUR_UPDATE_KEY, &update_info);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot update private key");
|
||||
|
||||
if (file)
|
||||
|
||||
if (file)
|
||||
sc_file_free(file);
|
||||
|
||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv);
|
||||
|
@ -809,7 +809,7 @@ cosm_emu_update_any_df(struct sc_profile *profile, struct sc_pkcs15_card *p15car
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
cosm_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_tokeninfo *tinfo)
|
||||
{
|
||||
|
@ -819,14 +819,14 @@ cosm_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card *p15
|
|||
unsigned char *buf = NULL;
|
||||
|
||||
SC_FUNC_CALLED(ctx, 1);
|
||||
|
||||
|
||||
if (sc_profile_get_file(profile, COSM_TITLE"-token-info", &file))
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "cannot find "COSM_TITLE"-token-info");
|
||||
|
||||
|
||||
buf = calloc(1, file->size);
|
||||
if (!buf)
|
||||
SC_FUNC_RETURN(ctx, 1, SC_ERROR_OUT_OF_MEMORY);
|
||||
|
||||
|
||||
label_len = strlen(tinfo->label) > (file->size - 4) ? (file->size - 4) : strlen(tinfo->label);
|
||||
memcpy(buf, tinfo->label, label_len);
|
||||
memset(buf + label_len, ' ', file->size - 4 - label_len);
|
||||
|
@ -864,7 +864,7 @@ cosm_emu_write_info(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
}
|
||||
|
||||
|
||||
static struct sc_pkcs15init_operations
|
||||
static struct sc_pkcs15init_operations
|
||||
sc_pkcs15init_oberthur_operations = {
|
||||
cosm_erase_card,
|
||||
NULL, /* init_card */
|
||||
|
@ -876,7 +876,7 @@ sc_pkcs15init_oberthur_operations = {
|
|||
cosm_create_key, /* create_key */
|
||||
cosm_store_key, /* store_key */
|
||||
cosm_generate_key, /* generate_key */
|
||||
NULL,
|
||||
NULL,
|
||||
NULL, /* encode private/public key */
|
||||
NULL, /* finalize_card */
|
||||
NULL, /* delete_object */
|
||||
|
@ -895,6 +895,6 @@ sc_pkcs15init_oberthur_operations = {
|
|||
|
||||
struct sc_pkcs15init_operations *
|
||||
sc_pkcs15init_get_oberthur_ops(void)
|
||||
{
|
||||
{
|
||||
return &sc_pkcs15init_oberthur_operations;
|
||||
}
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
#include <string.h>
|
||||
|
||||
#include "config.h"
|
||||
|
||||
|
||||
#ifdef ENABLE_OPENSSL
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/evp.h>
|
||||
|
|
|
@ -180,7 +180,7 @@ static int rtecp_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
int r, reset_by_sopin = 0;
|
||||
|
||||
(void)puk; /* no warning */
|
||||
if (!profile || !p15card || !p15card->card || !p15card->card->ctx || !df
|
||||
if (!profile || !p15card || !p15card->card || !p15card->card->ctx || !df
|
||||
|| !pin_obj || !pin_obj->data || !pin || !pin_len)
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* Rutoken S specific operation for PKCS15 initialization
|
||||
*
|
||||
* Copyright (C) 2007 Pavel Mironchik <rutoken@rutoken.ru>
|
||||
* Copyright (C) 2007 Eugene Hermann <rutoken@rutoken.ru>
|
||||
* Copyright (C) 2007 Eugene Hermann <rutoken@rutoken.ru>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
@ -80,7 +80,7 @@ static const struct
|
|||
* Create a DF
|
||||
*/
|
||||
static int
|
||||
rutoken_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||
rutoken_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||
sc_file_t *df)
|
||||
{
|
||||
if (!profile || !p15card || !p15card->card || !p15card->card->ctx || !df)
|
||||
|
@ -195,7 +195,7 @@ static int create_pins(sc_card_t *card)
|
|||
/* assert(do_pins[i].p_sattr != NULL); */
|
||||
/* assert(sizeof(*param_do.HDR.SA_V2)) */
|
||||
/* assert(sizeof(param_do.HDR.SA_V2) == sizeof(*do_pins[i].p_sattr)); */
|
||||
memcpy(param_do.HDR.SA_V2, *do_pins[i].p_sattr,
|
||||
memcpy(param_do.HDR.SA_V2, *do_pins[i].p_sattr,
|
||||
sizeof(*do_pins[i].p_sattr));
|
||||
/* assert(do_pins[i].pass); */
|
||||
/* assert(sizeof(*param_do.abyDOBody)) */
|
||||
|
@ -245,7 +245,7 @@ static int create_typical_fs(sc_card_t *card)
|
|||
if (r != SC_SUCCESS) break;
|
||||
|
||||
/* VERIFY USER PIN */
|
||||
r = sc_verify(card, SC_AC_CHV, do_pins[0].id,
|
||||
r = sc_verify(card, SC_AC_CHV, do_pins[0].id,
|
||||
do_pins[0].pass, sizeof(do_pins[0].pass), NULL);
|
||||
if (r != SC_SUCCESS) break;
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@ static int setcos_create_pin_internal(sc_profile_t *, sc_pkcs15_card_t *,
|
|||
int, sc_pkcs15_auth_info_t *, const u8 *, size_t, const u8 *, size_t);
|
||||
|
||||
|
||||
static int
|
||||
static int
|
||||
setcos_puk_retries(sc_profile_t *profile, int pin_ref)
|
||||
{
|
||||
sc_pkcs15_auth_info_t auth_info;
|
||||
|
@ -52,7 +52,7 @@ setcos_puk_retries(sc_profile_t *profile, int pin_ref)
|
|||
sc_profile_get_pin_info(profile,
|
||||
pin_ref == auth_info.attrs.pin.reference ? SC_PKCS15INIT_SO_PUK : SC_PKCS15INIT_USER_PUK,
|
||||
&auth_info);
|
||||
|
||||
|
||||
if ((auth_info.tries_left < 0) || (auth_info.tries_left > 15))
|
||||
return 3; /* Little extra safety */
|
||||
return auth_info.tries_left;
|
||||
|
@ -106,7 +106,7 @@ setcos_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
|
|||
/* Fix up the file's ACLs */
|
||||
r = sc_pkcs15init_fixup_file(profile, p15card, mf);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "MF fixup failed");
|
||||
|
||||
|
||||
mf->status = SC_FILE_STATUS_CREATION;
|
||||
r = sc_create_file(p15card->card, mf);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "MF creation failed");
|
||||
|
@ -134,7 +134,7 @@ setcos_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
|
|||
sc_file_free(pinfile);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Select pinfile failed");
|
||||
|
||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
|
||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -154,7 +154,7 @@ setcos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *d
|
|||
r = sc_create_file(p15card->card, df);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "SetCOS create file failed");
|
||||
|
||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
|
||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
|
||||
}
|
||||
|
||||
|
||||
|
@ -206,7 +206,7 @@ setcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
/* Create the global pin file if it doesn't exist yet */
|
||||
r = sc_profile_get_file(profile, "pinfile", &pinfile);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No 'pinfile' template in profile");
|
||||
|
||||
|
||||
r = sc_select_file(p15card->card, &pinfile->path, &pinfile);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot select 'pinfile'");
|
||||
|
||||
|
@ -217,10 +217,10 @@ setcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
if (pinfile->status == SC_FILE_STATUS_CREATION)
|
||||
ignore_ac = 1;
|
||||
|
||||
r = setcos_create_pin_internal(profile, p15card, ignore_ac, auth_info,
|
||||
r = setcos_create_pin_internal(profile, p15card, ignore_ac, auth_info,
|
||||
pin, pin_len, puk, puk_len);
|
||||
|
||||
/* If pinfile is in 'Creation' state and SOPIN has been created,
|
||||
/* If pinfile is in 'Creation' state and SOPIN has been created,
|
||||
* change status of MF and 'pinfile' to 'Operational:Activated'
|
||||
*/
|
||||
if (ignore_ac && (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)) {
|
||||
|
@ -239,7 +239,7 @@ setcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
if(pinfile)
|
||||
sc_file_free(pinfile);
|
||||
|
||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
|
||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -247,7 +247,7 @@ setcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
*/
|
||||
static int
|
||||
setcos_new_file(sc_profile_t *profile, sc_card_t *card,
|
||||
unsigned int type,
|
||||
unsigned int type,
|
||||
unsigned int num, /* number of objects of this type already on the card */
|
||||
sc_file_t **out)
|
||||
{
|
||||
|
@ -345,7 +345,7 @@ setcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
memcpy(&file->path, &key_info->path, sizeof(file->path));
|
||||
file->id = file->path.value[file->path.len - 2] * 0x100
|
||||
+ file->path.value[file->path.len - 1];
|
||||
|
||||
|
||||
key_info->key_reference = file->path.value[file->path.len - 1] & 0xFF;
|
||||
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Path of private key file to create %s\n", sc_print_path(&file->path));
|
||||
|
@ -373,7 +373,7 @@ setcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
*/
|
||||
static int
|
||||
setcos_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_prkey *prkey)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -395,7 +395,7 @@ setcos_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
|
||||
r = sc_select_file(p15card->card, &key_info->path, &file);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store key: select key file failed");
|
||||
|
||||
|
||||
r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to store private key");
|
||||
|
||||
|
@ -414,7 +414,7 @@ setcos_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_GENERATE_STORE_KEY, &args);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Card control 'GENERATE_STORE_KEY' failed");
|
||||
|
||||
if (file)
|
||||
if (file)
|
||||
sc_file_free(file);
|
||||
|
||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
|
||||
|
@ -423,7 +423,7 @@ setcos_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
|
||||
static int
|
||||
setcos_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_object *object,
|
||||
struct sc_pkcs15_pubkey *pubkey)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
|
@ -445,7 +445,7 @@ setcos_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
|
||||
r = sc_select_file(p15card->card, &key_info->path, &file);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store key: select key file failed");
|
||||
|
||||
|
||||
/* Authenticate */
|
||||
r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to store private key");
|
||||
|
@ -484,7 +484,7 @@ setcos_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
|
||||
keybits = ((raw_pubkey[0] * 256) + raw_pubkey[1]); /* modulus bit length */
|
||||
if (keybits != key_info->modulus_length) {
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "key-size from card[%i] does not match[%i]\n",
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "key-size from card[%i] does not match[%i]\n",
|
||||
keybits, key_info->modulus_length);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_PKCS15INIT, "Failed to generate key");
|
||||
}
|
||||
|
@ -539,7 +539,7 @@ setcos_create_pin_internal(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
/* setcos pin number */
|
||||
data[0] = auth_info->attrs.pin.reference;
|
||||
|
||||
memset(&data[1], auth_info->attrs.pin.pad_char, 16); /* padding */
|
||||
memset(&data[1], auth_info->attrs.pin.pad_char, 16); /* padding */
|
||||
memcpy(&data[1], (u8 *)pin, pin_len); /* copy pin*/
|
||||
memcpy(&data[9], (u8 *)puk, puk_len); /* copy puk */
|
||||
|
||||
|
@ -582,7 +582,7 @@ static struct sc_pkcs15init_operations sc_pkcs15init_setcos_operations = {
|
|||
setcos_create_key, /* create_key */
|
||||
setcos_store_key, /* store_key */
|
||||
setcos_generate_key, /* generate_key */
|
||||
setcos_encode_private_key, /* encode_private_key */
|
||||
setcos_encode_private_key, /* encode_private_key */
|
||||
setcos_encode_public_key, /* encode_public_key */
|
||||
NULL, /* finalize_card */
|
||||
NULL, /* delete_object */
|
||||
|
|
|
@ -96,7 +96,7 @@ static int starcos_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
|
|||
/* we already have a MF => return OK */
|
||||
return ret;
|
||||
|
||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &sopin);
|
||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &sopin);
|
||||
|
||||
/* get mf profile */
|
||||
ret = sc_profile_get_file(profile, "MF", &mf_file);
|
||||
|
@ -118,7 +118,7 @@ static int starcos_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
|
|||
/* AC CREATE EF */
|
||||
*p++ = get_so_ac(mf_file, SC_AC_OP_CREATE, &sopin, STARCOS_AC_ALWAYS, 1);
|
||||
/* AC CREATE KEY */
|
||||
*p++ = get_so_ac(isf_file, SC_AC_OP_WRITE, &sopin, STARCOS_AC_NEVER, 1);
|
||||
*p++ = get_so_ac(isf_file, SC_AC_OP_WRITE, &sopin, STARCOS_AC_NEVER, 1);
|
||||
/* AC CREATE DF */
|
||||
*p++ = get_so_ac(mf_file, SC_AC_OP_CREATE, &sopin, STARCOS_AC_ALWAYS, 1);
|
||||
/* AC REGISTER DF */
|
||||
|
@ -326,22 +326,22 @@ static int starcos_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15car
|
|||
* Starcos SPK 2.3 uses a state machine to control the access
|
||||
* to files or keys. This means that the access to a certain
|
||||
* object is granted if the current state (of either the current
|
||||
* DF or the MF) is =, <, >= or != a specified state (see
|
||||
* Starcos S 2.1 manual). To map the pkcs15 access control model
|
||||
* DF or the MF) is =, <, >= or != a specified state (see
|
||||
* Starcos S 2.1 manual). To map the pkcs15 access control model
|
||||
*(one object is protected by one pin etc.) to the Starcos S 2.1
|
||||
* model the following approach is used:
|
||||
* the pin with the key id 3 (or 0x81) sets the global (or local)
|
||||
* state to 15 (note: 16 is the lowest initial state).
|
||||
* the pin with the key id 4 (or 0x82) is reserved for the PUK
|
||||
* the pin with the key id 5 (or 0x83) sets the global (or local)
|
||||
* state to 14.
|
||||
* ...
|
||||
* Note: the key id 1 and 2 (or local 0x81 and 0x82) is used for
|
||||
* state to 14.
|
||||
* ...
|
||||
* Note: the key id 1 and 2 (or local 0x81 and 0x82) is used for
|
||||
* the 'SO-pin' which sets the state to 0x01.
|
||||
* XXX: some card operations, like terminate card usage are only
|
||||
* possible in state 0x00
|
||||
*
|
||||
* Nils
|
||||
*
|
||||
* Nils
|
||||
*/
|
||||
#define STARCOS_PINID2STATE(a) (((a) == STARCOS_SOPIN_GID) ? STARCOS_SOPIN_STATE : (0x0f - ((0x0f & (a)) >> 1)))
|
||||
|
||||
|
@ -434,10 +434,10 @@ static int starcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
memset(tpin, 0, 8);
|
||||
memcpy(tpin, puk, puk_len);
|
||||
|
||||
|
||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &puk_info);
|
||||
tmp = puk_info.tries_left;
|
||||
|
||||
|
||||
puk_d.mode = 0; /* install */
|
||||
puk_d.kid = (u8) pin_id + 1;
|
||||
puk_d.key = tpin;
|
||||
|
@ -551,7 +551,7 @@ static int starcos_encode_prkey(struct sc_pkcs15_prkey_rsa *rsa, u8 *buf)
|
|||
} else if (rsa->modulus.len && rsa->d.len) {
|
||||
/* normal RSA key */
|
||||
i = STARCOS_MAX_PR_KEYSIZE - 7 - rsa->modulus.len
|
||||
- rsa->d.len - 16;
|
||||
- rsa->d.len - 16;
|
||||
/* key format list */
|
||||
*p++ = 6;
|
||||
*p++ = 0x90;
|
||||
|
@ -570,7 +570,7 @@ static int starcos_encode_prkey(struct sc_pkcs15_prkey_rsa *rsa, u8 *buf)
|
|||
} else
|
||||
return SC_ERROR_INTERNAL;
|
||||
|
||||
return SC_SUCCESS;
|
||||
return SC_SUCCESS;
|
||||
}
|
||||
|
||||
/* XXX the whole IPF stuff doesn't really work very well */
|
||||
|
@ -750,7 +750,7 @@ static int starcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
tkey.key_header[1] = (STARCOS_MAX_PR_KEYSIZE >> 8) & 0xff;
|
||||
tkey.key_header[2] = STARCOS_MAX_PR_KEYSIZE & 0xff;
|
||||
|
||||
pin_id = sc_pkcs15init_get_pin_reference(p15card, profile, SC_AC_SYMBOLIC,
|
||||
pin_id = sc_pkcs15init_get_pin_reference(p15card, profile, SC_AC_SYMBOLIC,
|
||||
SC_PKCS15INIT_USER_PIN);
|
||||
if (pin_id < 0)
|
||||
state = STARCOS_AC_ALWAYS;
|
||||
|
@ -773,7 +773,7 @@ static int starcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
akd |= 0x31; /* allow DS, IA and PKCS11 */
|
||||
if (kinfo->usage & SC_PKCS15_PRKEY_USAGE_SIGNRECOVER)
|
||||
akd |= 0x31; /* allow DS, IA and PKCS11 */
|
||||
if (kinfo->usage & SC_PKCS15_PRKEY_USAGE_DECRYPT ||
|
||||
if (kinfo->usage & SC_PKCS15_PRKEY_USAGE_DECRYPT ||
|
||||
kinfo->usage & SC_PKCS15_PRKEY_USAGE_UNWRAP)
|
||||
akd |= 0x02;
|
||||
tkey.key_header[9] = akd;
|
||||
|
@ -898,7 +898,7 @@ static int starcos_finalize_card(sc_card_t *card)
|
|||
{
|
||||
int r;
|
||||
sc_file_t tfile;
|
||||
sc_path_t tpath;
|
||||
sc_path_t tpath;
|
||||
|
||||
/* SELECT FILE MF */
|
||||
sc_format_path("3F00", &tpath);
|
||||
|
@ -917,7 +917,7 @@ static int starcos_finalize_card(sc_card_t *card)
|
|||
tfile.id = 0x5015;
|
||||
r = sc_card_ctl(card, SC_CARDCTL_STARCOS_CREATE_END, &tfile);
|
||||
if (r == SC_ERROR_NOT_ALLOWED)
|
||||
/* card is already finalized */
|
||||
/* card is already finalized */
|
||||
return SC_SUCCESS;
|
||||
return r;
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* pkcs15-westcos.c: pkcs15 support for westcos card
|
||||
*
|
||||
* Copyright (C) 2009 francois.leblanc@cev-sa.com
|
||||
* Copyright (C) 2009 francois.leblanc@cev-sa.com
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
@ -38,7 +38,7 @@
|
|||
#include "pkcs15-init.h"
|
||||
#include "profile.h"
|
||||
|
||||
static int westcos_pkcs15init_init_card(sc_profile_t *profile,
|
||||
static int westcos_pkcs15init_init_card(sc_profile_t *profile,
|
||||
sc_pkcs15_card_t *p15card)
|
||||
{
|
||||
int r;
|
||||
|
@ -51,8 +51,8 @@ static int westcos_pkcs15init_init_card(sc_profile_t *profile,
|
|||
return r;
|
||||
}
|
||||
|
||||
static int westcos_pkcs15init_create_dir(sc_profile_t *profile,
|
||||
sc_pkcs15_card_t *p15card,
|
||||
static int westcos_pkcs15init_create_dir(sc_profile_t *profile,
|
||||
sc_pkcs15_card_t *p15card,
|
||||
sc_file_t *df)
|
||||
{
|
||||
int r;
|
||||
|
@ -69,7 +69,7 @@ static int westcos_pkcs15init_create_dir(sc_profile_t *profile,
|
|||
/*
|
||||
* Select the PIN reference
|
||||
*/
|
||||
static int westcos_pkcs15_select_pin_reference(sc_profile_t *profile,
|
||||
static int westcos_pkcs15_select_pin_reference(sc_profile_t *profile,
|
||||
sc_pkcs15_card_t *p15card,
|
||||
sc_pkcs15_auth_info_t *auth_info)
|
||||
{
|
||||
|
@ -89,8 +89,8 @@ static int westcos_pkcs15_select_pin_reference(sc_profile_t *profile,
|
|||
/*
|
||||
* Create a new PIN inside a DF
|
||||
*/
|
||||
static int westcos_pkcs15_create_pin(sc_profile_t *profile,
|
||||
sc_pkcs15_card_t *p15card,
|
||||
static int westcos_pkcs15_create_pin(sc_profile_t *profile,
|
||||
sc_pkcs15_card_t *p15card,
|
||||
sc_file_t *df,
|
||||
sc_pkcs15_object_t *pin_obj,
|
||||
const u8 *pin, size_t pin_len,
|
||||
|
@ -134,8 +134,8 @@ static int westcos_pkcs15_create_pin(sc_profile_t *profile,
|
|||
pin_cmd.data = pin;
|
||||
pin_cmd.max_length = 8;
|
||||
|
||||
ret = sc_build_pin(ck.new_key.key_value,
|
||||
sizeof(ck.new_key.key_value), &pin_cmd, 1);
|
||||
ret = sc_build_pin(ck.new_key.key_value,
|
||||
sizeof(ck.new_key.key_value), &pin_cmd, 1);
|
||||
if(ret < 0)
|
||||
return SC_ERROR_CARD_CMD_FAILED;
|
||||
|
||||
|
@ -160,8 +160,8 @@ static int westcos_pkcs15_create_pin(sc_profile_t *profile,
|
|||
puk_cmd.data = puk;
|
||||
puk_cmd.max_length = 8;
|
||||
|
||||
ret = sc_build_pin(ck.new_key.key_value,
|
||||
sizeof(ck.new_key.key_value), &puk_cmd, 1);
|
||||
ret = sc_build_pin(ck.new_key.key_value,
|
||||
sizeof(ck.new_key.key_value), &puk_cmd, 1);
|
||||
if(ret < 0)
|
||||
return SC_ERROR_CARD_CMD_FAILED;
|
||||
|
||||
|
@ -176,8 +176,8 @@ static int westcos_pkcs15_create_pin(sc_profile_t *profile,
|
|||
/*
|
||||
* Create a new key file
|
||||
*/
|
||||
static int westcos_pkcs15init_create_key(sc_profile_t *profile,
|
||||
sc_pkcs15_card_t *p15card,
|
||||
static int westcos_pkcs15init_create_key(sc_profile_t *profile,
|
||||
sc_pkcs15_card_t *p15card,
|
||||
sc_pkcs15_object_t *obj)
|
||||
{
|
||||
|
||||
|
@ -192,7 +192,7 @@ static int westcos_pkcs15init_create_key(sc_profile_t *profile,
|
|||
/*
|
||||
* Store a private key
|
||||
*/
|
||||
static int westcos_pkcs15init_store_key(sc_profile_t *profile,
|
||||
static int westcos_pkcs15init_store_key(sc_profile_t *profile,
|
||||
sc_pkcs15_card_t *p15card,
|
||||
sc_pkcs15_object_t *obj,
|
||||
sc_pkcs15_prkey_t *key)
|
||||
|
@ -203,7 +203,7 @@ static int westcos_pkcs15init_store_key(sc_profile_t *profile,
|
|||
/*
|
||||
* Generate key
|
||||
*/
|
||||
static int westcos_pkcs15init_generate_key(sc_profile_t *profile,
|
||||
static int westcos_pkcs15init_generate_key(sc_profile_t *profile,
|
||||
sc_pkcs15_card_t *p15card,
|
||||
sc_pkcs15_object_t *obj,
|
||||
sc_pkcs15_pubkey_t *pubkey)
|
||||
|
@ -220,7 +220,7 @@ static int westcos_pkcs15init_generate_key(sc_profile_t *profile,
|
|||
BIO *mem = NULL;
|
||||
|
||||
sc_file_t *prkf = NULL;
|
||||
|
||||
|
||||
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
||||
return SC_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
@ -230,18 +230,18 @@ static int westcos_pkcs15init_generate_key(sc_profile_t *profile,
|
|||
bn = BN_new();
|
||||
mem = BIO_new(BIO_s_mem());
|
||||
|
||||
if(rsa == NULL || bn == NULL || mem == NULL)
|
||||
if(rsa == NULL || bn == NULL || mem == NULL)
|
||||
{
|
||||
r = SC_ERROR_OUT_OF_MEMORY;
|
||||
goto out;
|
||||
}
|
||||
|
||||
if(!BN_set_word(bn, RSA_F4) ||
|
||||
if(!BN_set_word(bn, RSA_F4) ||
|
||||
!RSA_generate_key_ex(rsa, key_info->modulus_length, bn, NULL))
|
||||
#else
|
||||
mem = BIO_new(BIO_s_mem());
|
||||
|
||||
if(mem == NULL)
|
||||
if(mem == NULL)
|
||||
{
|
||||
r = SC_ERROR_OUT_OF_MEMORY;
|
||||
goto out;
|
||||
|
@ -284,7 +284,7 @@ static int westcos_pkcs15init_generate_key(sc_profile_t *profile,
|
|||
|
||||
/* Get the private key file */
|
||||
r = sc_profile_get_file_by_path(profile, &key_info->path, &prkf);
|
||||
if (r < 0)
|
||||
if (r < 0)
|
||||
{
|
||||
char pbuf[SC_MAX_PATH_STRING_SIZE];
|
||||
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
#include <assert.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#ifdef _WIN32
|
||||
#ifdef _WIN32
|
||||
#include <windows.h>
|
||||
#include <winreg.h>
|
||||
#endif
|
||||
|
@ -56,7 +56,7 @@
|
|||
#define TEMPLATE_FILEID_MIN_DIFF 0x20
|
||||
|
||||
/*
|
||||
#define DEBUG_PROFILE
|
||||
#define DEBUG_PROFILE
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -304,7 +304,7 @@ sc_profile_new(void)
|
|||
pro->pin_encoding = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
||||
pro->pin_minlen = 4;
|
||||
pro->pin_maxlen = 8;
|
||||
pro->id_style = SC_PKCS15INIT_ID_STYLE_NATIVE;
|
||||
pro->id_style = SC_PKCS15INIT_ID_STYLE_NATIVE;
|
||||
|
||||
return pro;
|
||||
}
|
||||
|
@ -323,7 +323,7 @@ sc_profile_load(struct sc_profile *profile, const char *filename)
|
|||
long rc;
|
||||
HKEY hKey;
|
||||
#endif
|
||||
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
for (i = 0; ctx->conf_blocks[i]; i++) {
|
||||
profile_dir = scconf_get_str(ctx->conf_blocks[i], "profile_dir", NULL);
|
||||
|
@ -348,8 +348,8 @@ sc_profile_load(struct sc_profile *profile, const char *filename)
|
|||
if ((rc == ERROR_SUCCESS) && (temp_len < PATH_MAX))
|
||||
profile_dir = temp_path;
|
||||
RegCloseKey(hKey);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
#else
|
||||
profile_dir = SC_PKCS15_PROFILE_DIRECTORY;
|
||||
#endif
|
||||
|
@ -397,21 +397,21 @@ sc_profile_finish(struct sc_profile *profile, const struct sc_app_info *app_info
|
|||
if (app_info && app_info->aid.len) {
|
||||
struct sc_path path;
|
||||
|
||||
sc_log(ctx, "finish profile with '%s' application profile", app_info->label);
|
||||
sc_log(ctx, "finish profile with '%s' application profile", app_info->label);
|
||||
memset(&path, 0, sizeof(struct sc_path));
|
||||
path.type = SC_PATH_TYPE_DF_NAME;
|
||||
path.aid = app_info->aid;
|
||||
|
||||
sc_log(ctx, "Look for file by path '%s'", sc_print_path(&path));
|
||||
profile->df_info = sc_profile_find_file_by_path(profile, &path);
|
||||
sc_log(ctx, "returned DF info %p", profile->df_info);
|
||||
sc_log(ctx, "returned DF info %p", profile->df_info);
|
||||
if (profile->df_info && profile->df_info->profile_extension) {
|
||||
sc_log(ctx, "application profile extension '%s'", profile->df_info->profile_extension);
|
||||
if (sc_profile_load(profile, profile->df_info->profile_extension))
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INCONSISTENT_PROFILE, "Cannot load application profile extension");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
profile->df_info = sc_profile_find_file(profile, NULL, "PKCS15-AppDF");
|
||||
if (!profile->df_info)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INCONSISTENT_PROFILE, "Profile doesn't define a PKCS15-AppDF");
|
||||
|
@ -434,7 +434,7 @@ sc_profile_finish(struct sc_profile *profile, const struct sc_app_info *app_info
|
|||
}
|
||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||
|
||||
whine:
|
||||
whine:
|
||||
sc_log(ctx, "%s", reason);
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_INCONSISTENT_PROFILE);
|
||||
}
|
||||
|
@ -556,7 +556,7 @@ sc_profile_get_file(struct sc_profile *profile,
|
|||
}
|
||||
|
||||
int
|
||||
sc_profile_get_file_instance(struct sc_profile *profile, const char *name,
|
||||
sc_profile_get_file_instance(struct sc_profile *profile, const char *name,
|
||||
int index, sc_file_t **ret)
|
||||
{
|
||||
struct sc_context *ctx = profile->card->ctx;
|
||||
|
@ -666,7 +666,7 @@ sc_profile_instantiate_template(sc_profile_t *profile,
|
|||
printf("Instantiate %s in template %s\n", file_name, template_name);
|
||||
sc_profile_find_file_by_path(profile, base_path);
|
||||
#endif
|
||||
for (info = profile->template_list; info; info = info->next)
|
||||
for (info = profile->template_list; info; info = info->next)
|
||||
if (!strcmp(info->name, template_name))
|
||||
break;
|
||||
if (info == NULL) {
|
||||
|
@ -762,7 +762,7 @@ sc_profile_instantiate_file(sc_profile_t *profile, struct file_info *ft,
|
|||
fi->file->path = parent->file->path;
|
||||
fi->file->id += skew;
|
||||
|
||||
if (fi->file->type == SC_FILE_TYPE_INTERNAL_EF
|
||||
if (fi->file->type == SC_FILE_TYPE_INTERNAL_EF
|
||||
|| fi->file->type == SC_FILE_TYPE_WORKING_EF
|
||||
|| (fi->file->type == SC_FILE_TYPE_DF && fi->file->id))
|
||||
sc_append_file_id(&fi->file->path, fi->file->id);
|
||||
|
@ -778,8 +778,8 @@ sc_profile_instantiate_file(sc_profile_t *profile, struct file_info *ft,
|
|||
}
|
||||
|
||||
int
|
||||
sc_profile_get_pin_id_by_reference(struct sc_profile *profile,
|
||||
unsigned auth_method, int reference,
|
||||
sc_profile_get_pin_id_by_reference(struct sc_profile *profile,
|
||||
unsigned auth_method, int reference,
|
||||
struct sc_pkcs15_auth_info *auth_info)
|
||||
{
|
||||
struct pin_info *pinfo;
|
||||
|
@ -1032,8 +1032,8 @@ process_bso(struct state *cur, struct block *info,
|
|||
return process_block(&state, info, name, blk);
|
||||
}
|
||||
|
||||
/*
|
||||
* In the template the difference between any two file-ids
|
||||
/*
|
||||
* In the template the difference between any two file-ids
|
||||
* should be greater then TEMPLATE_FILEID_MIN_DIFF.
|
||||
*/
|
||||
static int
|
||||
|
@ -1043,15 +1043,15 @@ template_sanity_check(struct state *cur, struct sc_profile *templ)
|
|||
|
||||
for (fi = templ->ef_list; fi; fi = fi->next) {
|
||||
struct sc_path fi_path = fi->file->path;
|
||||
int fi_id = fi_path.value[fi_path.len - 2] * 0x100
|
||||
+ fi_path.value[fi_path.len - 1];
|
||||
int fi_id = fi_path.value[fi_path.len - 2] * 0x100
|
||||
+ fi_path.value[fi_path.len - 1];
|
||||
|
||||
if (fi->file->type == SC_FILE_TYPE_BSO)
|
||||
continue;
|
||||
for (ffi = templ->ef_list; ffi; ffi = ffi->next) {
|
||||
struct sc_path ffi_path = ffi->file->path;
|
||||
int dlt, ffi_id = ffi_path.value[ffi_path.len - 2] * 0x100
|
||||
+ ffi_path.value[ffi_path.len - 1];
|
||||
int dlt, ffi_id = ffi_path.value[ffi_path.len - 2] * 0x100
|
||||
+ ffi_path.value[ffi_path.len - 1];
|
||||
|
||||
if (ffi->file->type == SC_FILE_TYPE_BSO)
|
||||
continue;
|
||||
|
@ -1093,7 +1093,7 @@ process_tmpl(struct state *cur, struct block *info,
|
|||
parse_error(cur, "memory allocation failed");
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
tinfo = calloc(1, sizeof(*tinfo));
|
||||
if (tinfo == NULL) {
|
||||
parse_error(cur, "memory allocation failed");
|
||||
|
@ -1215,11 +1215,11 @@ new_file(struct state *cur, const char *name, unsigned int type)
|
|||
assert(file);
|
||||
if (file->type != type) {
|
||||
parse_error(cur, "inconsistent file type (should be %s)",
|
||||
file->type == SC_FILE_TYPE_DF
|
||||
? "DF" : file->type == SC_FILE_TYPE_BSO
|
||||
file->type == SC_FILE_TYPE_DF
|
||||
? "DF" : file->type == SC_FILE_TYPE_BSO
|
||||
? "BS0" : "EF");
|
||||
if (strncasecmp(name, "PKCS15-", 7) ||
|
||||
!strcasecmp(name+7, "AppDF"))
|
||||
!strcasecmp(name+7, "AppDF"))
|
||||
sc_file_free(file);
|
||||
return NULL;
|
||||
}
|
||||
|
@ -1344,7 +1344,7 @@ do_aid(struct state *cur, int argc, char **argv)
|
|||
}
|
||||
memcpy(file->name, name, len);
|
||||
file->namelen = len;
|
||||
}
|
||||
}
|
||||
else {
|
||||
file->namelen = sizeof(file->name);
|
||||
res = sc_hex_to_bin(name, file->name, &file->namelen);
|
||||
|
@ -1387,7 +1387,7 @@ do_exclusive_aid(struct state *cur, int argc, char **argv)
|
|||
}
|
||||
memcpy(file->name, name, len);
|
||||
file->namelen = len;
|
||||
}
|
||||
}
|
||||
else {
|
||||
file->namelen = sizeof(file->name);
|
||||
res = sc_hex_to_bin(name, file->name, &file->namelen);
|
||||
|
@ -1452,7 +1452,7 @@ do_acl(struct state *cur, int argc, char **argv)
|
|||
}
|
||||
return 0;
|
||||
|
||||
bad: parse_error(cur,
|
||||
bad: parse_error(cur,
|
||||
"Invalid ACL \"%s%s%s\"\n",
|
||||
oper, what? "=" : "", what? what : "");
|
||||
return 1;
|
||||
|
@ -2004,7 +2004,7 @@ sc_profile_find_file_by_path(struct sc_profile *pro, const sc_path_t *path)
|
|||
continue;
|
||||
if (fp_path->len && memcmp(fp_path->value, path->value, path->len))
|
||||
continue;
|
||||
|
||||
|
||||
if (path->aid.len && fp_path->aid.len) {
|
||||
if (memcmp(fp_path->aid.value, path->aid.value, path->aid.len))
|
||||
continue;
|
||||
|
@ -2215,15 +2215,15 @@ __expr_get(struct num_exp_ctx *ctx, int eof_okay)
|
|||
if (isdigit(*s)) {
|
||||
while (isdigit(*s))
|
||||
expr_put(ctx, *s++);
|
||||
}
|
||||
}
|
||||
else if (*s == '$') {
|
||||
expr_put(ctx, *s++);
|
||||
while (isalnum(*s) || *s == '-' || *s == '_')
|
||||
expr_put(ctx, *s++);
|
||||
}
|
||||
}
|
||||
else if (strchr("*/+-()|&", *s)) {
|
||||
expr_put(ctx, *s++);
|
||||
}
|
||||
}
|
||||
else {
|
||||
expr_fail(ctx);
|
||||
}
|
||||
|
@ -2266,14 +2266,14 @@ expr_term(struct num_exp_ctx *ctx, unsigned int *vp)
|
|||
if (*tok == '(') {
|
||||
expr_eval(ctx, vp, 1);
|
||||
expr_expect(ctx, ')');
|
||||
}
|
||||
}
|
||||
else if (isdigit(*tok)) {
|
||||
char *ep;
|
||||
|
||||
*vp = strtoul(tok, &ep, 0);
|
||||
if (*ep)
|
||||
expr_fail(ctx);
|
||||
}
|
||||
}
|
||||
else if (*tok == '$') {
|
||||
sc_macro_t *mac;
|
||||
char *argv[32];
|
||||
|
@ -2284,7 +2284,7 @@ expr_term(struct num_exp_ctx *ctx, unsigned int *vp)
|
|||
argc = build_argv(ctx->state, "<expr>", mac->value, argv, 32);
|
||||
if (argc < 0 || get_uint_eval(ctx->state, argc, argv, vp) < 0)
|
||||
expr_fail(ctx);
|
||||
}
|
||||
}
|
||||
else {
|
||||
parse_error(ctx->state, "Unexpected token \"%s\" in expression", tok);
|
||||
expr_fail(ctx);
|
||||
|
|
|
@ -141,7 +141,7 @@ int sc_profile_instantiate_template(struct sc_profile *, const char *, const sc_
|
|||
const char *, const sc_pkcs15_id_t *, sc_file_t **);
|
||||
int sc_profile_add_file(struct sc_profile *, const char *, sc_file_t *);
|
||||
int sc_profile_get_file_instance(struct sc_profile *, const char *, int, sc_file_t **);
|
||||
int sc_profile_get_pin_id_by_reference(struct sc_profile *, unsigned, int,
|
||||
int sc_profile_get_pin_id_by_reference(struct sc_profile *, unsigned, int,
|
||||
struct sc_pkcs15_auth_info *);
|
||||
int sc_profile_get_parent(struct sc_profile *profile, const char *, sc_file_t **);
|
||||
|
||||
|
|
Loading…
Reference in New Issue