giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcd15init: remove trailing whitespaces 

inspired by
http://www.opensc-project.org/pipermail/opensc-devel/2012-March/017883.html

Change-Id: I817f903e67965942d9cc0c30931dbaea0c5f736e
This commit is contained in:
Viktor Tarasov 2012-04-02 23:40:05 +02:00
parent df8715849d
commit e57d443e86
24 changed files with 770 additions and 770 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
src/pkcs15init/pkcs15-asepcos.c
View File

@ -28,8 +28,8 @@
#include "pkcs15-init.h"
#include "profile.h"
/* delete a EF/DF if present. This function does not return an
* error if the requested file is not present.
/* delete a EF/DF if present. This function does not return an
* error if the requested file is not present.
*/
static int asepcos_cond_delete(sc_profile_t *pro, sc_pkcs15_card_t *p15card,
const sc_path_t *path)
@ -50,7 +50,7 @@ static int asepcos_cond_delete(sc_profile_t *pro, sc_pkcs15_card_t *p15card,
}
/* checks whether the file with the transport key exists. If existent
* the transport key is verified and stored in the keycache (as a
* the transport key is verified and stored in the keycache (as a
* normal user PIN with the same reference).
* @param profile profile information for this card
* @param card sc_card_t object to use
@ -74,7 +74,7 @@ static int asepcos_check_verify_tpin(sc_profile_t *profile, sc_pkcs15_card_t *p1
if (r != SC_SUCCESS)
return r;
/* we need to temporarily disable the SC_CARD_CAP_USE_FCI_AC
* flag to trick sc_pkcs15init_authenticate() to use access
* flag to trick sc_pkcs15init_authenticate() to use access
* information form the profile file */
p15card->card->caps &= ~SC_CARD_CAP_USE_FCI_AC;
r = sc_pkcs15init_authenticate(profile, p15card, tfile, SC_AC_OP_CRYPTO);
@ -102,7 +102,7 @@ static int asepcos_erase(struct sc_profile *profile, sc_pkcs15_card_t *p15card)
* pkcs15 application.
*/
/* Check wether a transport exists and verify it if present */
p15card->opts.use_pin_cache = 1;
r = asepcos_check_verify_tpin(profile, p15card);
if (r != SC_SUCCESS)
@ -117,7 +117,7 @@ static int asepcos_erase(struct sc_profile *profile, sc_pkcs15_card_t *p15card)
r = asepcos_cond_delete(profile, p15card, &path);
if (r != SC_SUCCESS)
return r;
return SC_SUCCESS;
}
@ -125,7 +125,7 @@ static int asepcos_erase(struct sc_profile *profile, sc_pkcs15_card_t *p15card)
* @param profile sc_profile_t object with the configurable profile
* information
* @param cardd sc_card_t object to be used
* @param df sc_file_t with the application DF to create
* @param df sc_file_t with the application DF to create
* @return SC_SUCCESS on success and an error value otherwise
*/
static int asepcos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
@ -147,7 +147,7 @@ static int asepcos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
* we tighten security attributes to values specified in the profile.
*/
sc_file_dup(&tfile, df);
/* we use a separate copy of the sc_file_t object so we don't
/* we use a separate copy of the sc_file_t object so we don't
* override the permissions specified in the profile */
if (tfile == NULL)
return SC_ERROR_OUT_OF_MEMORY;
@ -167,7 +167,7 @@ static int asepcos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
* determined when the PIN is created. This is just helper function to
* determine the next best file id of the PIN file.
*/
static int asepcos_select_pin_reference(sc_profile_t *profile,
static int asepcos_select_pin_reference(sc_profile_t *profile,
sc_pkcs15_card_t *p15card, sc_pkcs15_auth_info_t *auth_info)
{
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
@ -182,7 +182,7 @@ static int asepcos_select_pin_reference(sc_profile_t *profile,
return SC_SUCCESS;
}
/* asepcos_pinid_to_akn: returns the AKN of a PIN EF
/* asepcos_pinid_to_akn: returns the AKN of a PIN EF
* This functions calls SELECT FILE and extracts the AKN from the
* proprietary FCP attributes.
* @param card sc_card_t object to use
@ -228,7 +228,7 @@ static int asepcos_do_store_pin(sc_profile_t *profile, sc_card_t *card,
/* outter tag */
*p++ = 0x85;
p++;
p++;
/* as a file id for pin with use 0x00:<key id> */
*p++ = (pinid >> 8) & 0xff;
*p++ = pinid & 0xff;
@ -315,7 +315,7 @@ static int asepcos_do_store_pin(sc_profile_t *profile, sc_card_t *card,
auth_info->attrs.pin.max_length = 16;
return r;
}
}
/* simple function to detect whether or not the "onepin" profile is used
* (copied from pkcs15-starcos.c).
@ -359,7 +359,7 @@ static int asepcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
return SC_ERROR_INVALID_ARGUMENTS;
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
return SC_ERROR_OBJECT_NOT_VALID;
return SC_ERROR_OBJECT_NOT_VALID;
pid = (auth_info->attrs.pin.reference & 0xff) | (((tpath.len >> 1) - 1) << 16);
@ -379,7 +379,7 @@ static int asepcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
sc_path_t pin_path;
memset(&pin_path, 0, sizeof(sc_path_t));
pin_path.type = SC_PATH_TYPE_FILE_ID;
/* XXX: check the pkcs15 structure whether this file id
/* XXX: check the pkcs15 structure whether this file id
* is already used */
r = sc_append_file_id(&pin_path, pid & 0xff);
if (r != SC_SUCCESS)
@ -409,7 +409,7 @@ static int asepcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
*/
puk_id = pid + 1;
r = asepcos_do_store_pin(profile, card, &puk_ainfo, puk, puk_len, 0, puk_id);
if (r != SC_SUCCESS)
if (r != SC_SUCCESS)
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r);
} else
puk_id = 0;
@ -419,12 +419,12 @@ static int asepcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r);
#if 1
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN ||
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN ||
(have_onepin(profile) && pid == 0x010001)) {
sc_cardctl_asepcos_activate_file_t st;
/* Once the SO PIN or ,in case of the "onepin" profile", the
* first USER PIN has been set we can tighten the ACLs of
* the application DF.
/* Once the SO PIN or ,in case of the "onepin" profile", the
* first USER PIN has been set we can tighten the ACLs of
* the application DF.
*/
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "finalizing application DF");
r = sc_select_file(card, &df->path, NULL);
@ -470,11 +470,11 @@ static int asepcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
/* internal wrapper for sc_pkcs15init_authenticate()
* @param profile information for this card
* @param card sc_card_t object to use
* @param path path to the EF/DF for which the credential is required
* @param path path to the EF/DF for which the credential is required
* @param op the required access method
* @return SC_SUCCESS on success and an error code otherwise
*/
static int asepcos_do_authenticate(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
static int asepcos_do_authenticate(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
const sc_path_t *path, int op)
{
int r;
@ -491,7 +491,7 @@ static int asepcos_do_authenticate(sc_profile_t *profile, sc_pkcs15_card_t *p15c
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "unable to authenticate");
return r;
}
return SC_SUCCESS;
return SC_SUCCESS;
}
@ -563,7 +563,7 @@ static int asepcos_do_create_key(sc_card_t *card, size_t ksize, int fileid,
return r;
}
/* creates a key file
/* creates a key file
*/
static int asepcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
sc_pkcs15_object_t *obj)
@ -580,7 +580,7 @@ static int asepcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
/* the key is proctected by a PIN */
/* XXX use the pkcs15 structures for this */
sc_cardctl_asepcos_akn2fileid_t st;
st.akn = sc_pkcs15init_get_pin_reference(p15card, profile,
SC_AC_SYMBOLIC, SC_PKCS15INIT_USER_PIN);
r = sc_card_ctl(p15card->card, SC_CARDCTL_ASEPCOS_AKN2FILEID, &st);
@ -599,7 +599,7 @@ static int asepcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
/* authenticate if necessary */
r = asepcos_do_authenticate(profile, p15card, &profile->df_info->file->path, SC_AC_OP_CREATE);
if (r != SC_SUCCESS)
if (r != SC_SUCCESS)
return r;
/* first: create private key (file id = 0x0100 | <ref & 0xff>) */
@ -653,7 +653,7 @@ static int asepcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "unable to create private key file");
return r;
}
kinfo->key_reference = fileid & 0xFF;
return r;
}
@ -672,7 +672,7 @@ static int asepcos_do_store_rsa_key(sc_pkcs15_card_t *p15card, sc_profile_t *pro
/* authenticate if necessary */
if (obj->auth_id.len != 0) {
r = asepcos_do_authenticate(profile, p15card, &kinfo->path, SC_AC_OP_UPDATE);
if (r != SC_SUCCESS)
if (r != SC_SUCCESS)
return r;
}
@ -726,7 +726,7 @@ static int asepcos_do_store_rsa_key(sc_pkcs15_card_t *p15card, sc_profile_t *pro
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "unable to change key data");
return r;
}
return SC_SUCCESS;
}
@ -770,7 +770,7 @@ static int asepcos_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card
/* authenticate if necessary */
r = asepcos_do_authenticate(profile, p15card, &kinfo->path, SC_AC_OP_UPDATE);
if (r != SC_SUCCESS)
if (r != SC_SUCCESS)
return r;
/* select the rsa private key */

106
src/pkcs15init/pkcs15-authentic.c
View File

@ -56,21 +56,21 @@
#define AUTHENTIC_CACHE_TIMESTAMP_PATH "3F0050159999"
unsigned char authentic_v3_rsa_mechs[5] = {
AUTHENTIC_MECH_CRYPTO_RSA1024,
AUTHENTIC_MECH_CRYPTO_RSA1280,
AUTHENTIC_MECH_CRYPTO_RSA1536,
AUTHENTIC_MECH_CRYPTO_RSA1792,
unsigned char authentic_v3_rsa_mechs[5] = {
AUTHENTIC_MECH_CRYPTO_RSA1024,
AUTHENTIC_MECH_CRYPTO_RSA1280,
AUTHENTIC_MECH_CRYPTO_RSA1536,
AUTHENTIC_MECH_CRYPTO_RSA1792,
AUTHENTIC_MECH_CRYPTO_RSA2048
};
unsigned char authentic_v3_rsa_ac_ops[6] = {
SC_AC_OP_UPDATE,
SC_AC_OP_DELETE,
SC_AC_OP_PSO_DECRYPT,
SC_AC_OP_PSO_COMPUTE_SIGNATURE,
SC_AC_OP_INTERNAL_AUTHENTICATE,
SC_AC_OP_GENERATE
unsigned char authentic_v3_rsa_ac_ops[6] = {
SC_AC_OP_UPDATE,
SC_AC_OP_DELETE,
SC_AC_OP_PSO_DECRYPT,
SC_AC_OP_PSO_COMPUTE_SIGNATURE,
SC_AC_OP_INTERNAL_AUTHENTICATE,
SC_AC_OP_GENERATE
};
struct authentic_ac_access_usage {
@ -81,9 +81,9 @@ struct authentic_ac_access_usage {
struct authentic_ac_access_usage authentic_v3_rsa_map_attributes[7] = {
{SC_AC_OP_UPDATE, SC_PKCS15_ACCESS_RULE_MODE_UPDATE, 0},
{SC_AC_OP_DELETE, SC_PKCS15_ACCESS_RULE_MODE_DELETE, 0},
{SC_AC_OP_PSO_DECRYPT, SC_PKCS15_ACCESS_RULE_MODE_PSO_DECRYPT,
{SC_AC_OP_PSO_DECRYPT, SC_PKCS15_ACCESS_RULE_MODE_PSO_DECRYPT,
SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP},
{SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_PKCS15_ACCESS_RULE_MODE_PSO_CDS,
{SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_PKCS15_ACCESS_RULE_MODE_PSO_CDS,
SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_NONREPUDIATION},
{SC_AC_OP_INTERNAL_AUTHENTICATE, SC_PKCS15_ACCESS_RULE_MODE_INT_AUTH,
SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER},
@ -109,8 +109,8 @@ authentic_reference_to_pkcs15_id (unsigned int ref, struct sc_pkcs15_id *id)
}
int
authentic_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
int
authentic_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_file *df)
{
struct sc_context *ctx = p15card->card->ctx;
@ -143,7 +143,7 @@ authentic_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *
* Erase the card
*
*/
static int
static int
authentic_pkcs15_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
{
struct sc_context *ctx = p15card->card->ctx;
@ -172,7 +172,7 @@ authentic_pkcs15_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p
obj_type = SC_PKCS15_TYPE_CERT;
else if (df->type == SC_PKCS15_DODF)
obj_type = SC_PKCS15_TYPE_DATA_OBJECT;
else
else
continue;
if (df->enumerated) {
@ -249,12 +249,12 @@ authentic_pkcs15_new_file(struct sc_profile *profile, struct sc_card *card,
file->path.type = SC_PATH_TYPE_FILE_ID;
file->path.len = 2;
}
file->path.value[file->path.len - 2] = (file->id >> 8) & 0xFF;
file->path.value[file->path.len - 2] = (file->id >> 8) & 0xFF;
file->path.value[file->path.len - 1] = file->id & 0xFF;
file->path.count = -1;
}
sc_log(ctx, "file(size:%i,type:%i/%i,id:%04X), path(type:%X,'%s')", file->size, file->type, file->ef_structure, file->id,
sc_log(ctx, "file(size:%i,type:%i/%i,id:%04X), path(type:%X,'%s')", file->size, file->type, file->ef_structure, file->id,
file->path.type, sc_print_path(&file->path));
if (out)
*out = file;
@ -289,7 +289,7 @@ authentic_pkcs15_select_key_reference(struct sc_profile *profile, struct sc_pkcs
static int
authentic_docp_set_acls(struct sc_card *card, struct sc_file *file,
authentic_docp_set_acls(struct sc_card *card, struct sc_file *file,
unsigned char *ops, size_t ops_len,
struct sc_authentic_sdo_docp *docp)
{
@ -316,7 +316,7 @@ authentic_docp_set_acls(struct sc_card *card, struct sc_file *file,
if (!(entry->key_ref & AUTHENTIC_V3_CREDENTIAL_ID_MASK)
|| (entry->key_ref & ~AUTHENTIC_V3_CREDENTIAL_ID_MASK))
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Non supported Credential Reference");
docp->acl_data[offs++] = 0x00;
docp->acl_data[offs++] = 0x01 << (entry->key_ref - 1);
}
@ -327,7 +327,7 @@ authentic_docp_set_acls(struct sc_card *card, struct sc_file *file,
}
static int
static int
authentic_sdo_allocate_prvkey(struct sc_profile *profile, struct sc_card *card,
struct sc_pkcs15_prkey_info *key_info, struct sc_authentic_sdo **out)
{
@ -355,13 +355,13 @@ authentic_sdo_allocate_prvkey(struct sc_profile *profile, struct sc_card *card,
sdo->docp.id = key_info->key_reference & ~AUTHENTIC_OBJECT_REF_FLAG_LOCAL;
sdo->docp.mech = authentic_v3_rsa_mechs[(key_info->modulus_length - 1024) / 256];
rv = authentic_docp_set_acls(card, file, authentic_v3_rsa_ac_ops,
rv = authentic_docp_set_acls(card, file, authentic_v3_rsa_ac_ops,
sizeof(authentic_v3_rsa_ac_ops)/sizeof(authentic_v3_rsa_ac_ops[0]), &sdo->docp);
LOG_TEST_RET(ctx, rv, "Cannot set key ACLs from file");
sc_file_free(file);
sc_log(ctx, "sdo(mech:%X,id:%X,acls:%s)", sdo->docp.mech, sdo->docp.id,
sc_log(ctx, "sdo(mech:%X,id:%X,acls:%s)", sdo->docp.mech, sdo->docp.id,
sc_dump_hex(sdo->docp.acl_data, sdo->docp.acl_data_len));
if (out)
*out = sdo;
@ -389,7 +389,7 @@ authentic_pkcs15_add_access_rule(struct sc_pkcs15_object *object, unsigned acces
else if (!auth_id && !object->access_rules[ii].auth_id.len) {
object->access_rules[ii].access_mode |= access_mode;
break;
}
}
else if (auth_id && sc_pkcs15_compare_id(&object->access_rules[ii].auth_id, auth_id)) {
object->access_rules[ii].access_mode |= access_mode;
break;
@ -399,7 +399,7 @@ authentic_pkcs15_add_access_rule(struct sc_pkcs15_object *object, unsigned acces
if (ii==SC_PKCS15_MAX_ACCESS_RULES)
return SC_ERROR_TOO_MANY_OBJECTS;
return SC_SUCCESS;
return SC_SUCCESS;
}
@ -415,7 +415,7 @@ authentic_pkcs15_fix_file_access_rule(struct sc_pkcs15_card *p15card, struct sc_
LOG_FUNC_CALLED(ctx);
acl = sc_file_get_acl_entry(file, ac_op);
sc_log(ctx, "Fix access rule(op:%i;mode:%i) with ACL(method:%X,ref:%X)",
sc_log(ctx, "Fix access rule(op:%i;mode:%i) with ACL(method:%X,ref:%X)",
ac_op, rule_mode, acl->method, acl->key_ref);
if (acl->method == SC_AC_NEVER) {
sc_log(ctx, "ignore access rule(op:%i,mode:%i)", ac_op, rule_mode);
@ -445,7 +445,7 @@ authentic_pkcs15_fix_file_access_rule(struct sc_pkcs15_card *p15card, struct sc_
static int
authentic_pkcs15_fix_access(struct sc_pkcs15_card *p15card, struct sc_file *file,
authentic_pkcs15_fix_access(struct sc_pkcs15_card *p15card, struct sc_file *file,
struct sc_pkcs15_object *object)
{
struct sc_context *ctx = p15card->card->ctx;
@ -457,9 +457,9 @@ authentic_pkcs15_fix_access(struct sc_pkcs15_card *p15card, struct sc_file *file
memset(object->access_rules, 0, sizeof(object->access_rules));
for (ii=0; authentic_v3_rsa_map_attributes[ii].access_rule; ii++) {
rv = authentic_pkcs15_fix_file_access_rule(p15card, file,
authentic_v3_rsa_map_attributes[ii].ac_op,
authentic_v3_rsa_map_attributes[ii].access_rule,
rv = authentic_pkcs15_fix_file_access_rule(p15card, file,
authentic_v3_rsa_map_attributes[ii].ac_op,
authentic_v3_rsa_map_attributes[ii].access_rule,
object);
LOG_TEST_RET(ctx, rv, "Fix file READ access error");
}
@ -526,7 +526,7 @@ authentic_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p
int rv;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "create private key(keybits:%i,usage:%X,access:%X,ref:%X)", keybits,
sc_log(ctx, "create private key(keybits:%i,usage:%X,access:%X,ref:%X)", keybits,
key_info->usage, key_info->access_flags, key_info->key_reference);
if (keybits < 1024 || keybits > 2048 || (keybits % 256))
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid RSA key size");
@ -562,7 +562,7 @@ authentic_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p
rv = sc_card_ctl(card, SC_CARDCTL_AUTHENTIC_SDO_DELETE, sdo);
LOG_TEST_RET(ctx, rv, "SC_CARDCTL_AUTHENTIC_SDO_DELETE failed for private key");
rv = sc_card_ctl(card, SC_CARDCTL_AUTHENTIC_SDO_CREATE, sdo);
}
LOG_TEST_RET(ctx, rv, "SC_CARDCTL_AUTHENTIC_SDO_CREATE failed");
@ -573,7 +573,7 @@ authentic_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p
rv = authentic_pkcs15_fix_usage(p15card, object);
LOG_TEST_RET(ctx, rv, "cannot fix access rules for private key");
/* Here fix the key's supported algorithms, if these ones will be implemented
/* Here fix the key's supported algorithms, if these ones will be implemented
* (see src/libopensc/pkcs15-prkey.c).
*/
@ -603,7 +603,7 @@ authentic_pkcs15_generate_key(struct sc_profile *profile, sc_pkcs15_card_t *p15c
int rv;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "generate key(bits:%i,path:%s,AuthID:%s\n", keybits,
sc_log(ctx, "generate key(bits:%i,path:%s,AuthID:%s\n", keybits,
sc_print_path(&key_info->path), sc_pkcs15_print_id(&object->auth_id));
if (!object->content.value || object->content.len != sizeof(struct sc_authentic_sdo))
@ -638,7 +638,7 @@ authentic_pkcs15_generate_key(struct sc_profile *profile, sc_pkcs15_card_t *p15c
rv = sc_pkcs15_encode_pubkey(ctx, pubkey, &pubkey->data.value, &pubkey->data.len);
LOG_TEST_RET(ctx, rv, "encode public key failed");
/* Here fix the key's supported algorithms, if these ones will be implemented
/* Here fix the key's supported algorithms, if these ones will be implemented
* (see src/libopensc/pkcs15-prkey.c).
*/
@ -666,7 +666,7 @@ authentic_pkcs15_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p1
int rv;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "Store IAS/ECC key(keybits:%i,AuthID:%s,path:%s)",
sc_log(ctx, "Store IAS/ECC key(keybits:%i,AuthID:%s,path:%s)",
keybits, sc_pkcs15_print_id(&object->auth_id), sc_print_path(&key_info->path));
if (!object->content.value || object->content.len != sizeof(struct sc_authentic_sdo))
@ -684,7 +684,7 @@ authentic_pkcs15_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p1
LOG_TEST_RET(ctx, rv, "failed to select parent DF");
sdo->data.prvkey = prvkey;
sc_log(ctx, "sdo(mech:%X,id:%X,acls:%s)", sdo->docp.mech, sdo->docp.id,
sc_dump_hex(sdo->docp.acl_data, sdo->docp.acl_data_len));
@ -702,7 +702,7 @@ authentic_pkcs15_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p1
}
static int
static int
authentic_pkcs15_delete_rsa_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_prkey_info *key_info)
{
@ -736,7 +736,7 @@ authentic_pkcs15_delete_rsa_sdo (struct sc_profile *profile, struct sc_pkcs15_ca
}
static int
static int
authentic_pkcs15_delete_object (struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *object, const struct sc_path *path)
{
@ -760,8 +760,8 @@ authentic_pkcs15_delete_object (struct sc_profile *profile, struct sc_pkcs15_car
}
static int
authentic_store_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_pkcs15_object *object,
static int
authentic_store_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_pkcs15_object *object,
struct sc_pkcs15_der *data, struct sc_path *path)
{
struct sc_context *ctx = p15card->card->ctx;
@ -794,16 +794,16 @@ authentic_store_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profil
authentic_pkcs15_add_access_rule(object, SC_PKCS15_ACCESS_RULE_MODE_READ, NULL);
/* Here, if key supported algorithms will be implemented (see src/libopensc/pkcs15-prkey.c),
* copy private key supported algorithms to the public key's ones.
* copy private key supported algorithms to the public key's ones.
*/
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
static int
authentic_emu_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *object,
static int
authentic_emu_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *object,
struct sc_pkcs15_der *data, struct sc_path *path)
{
@ -817,7 +817,7 @@ authentic_emu_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *prof
rv = authentic_store_pubkey(p15card, profile, object, data, path);
break;
}
LOG_FUNC_RETURN(ctx, rv);
}
@ -849,7 +849,7 @@ authentic_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card
}
static struct sc_pkcs15init_operations
static struct sc_pkcs15init_operations
sc_pkcs15init_authentic_operations = {
authentic_pkcs15_erase_card,
NULL, /* init_card */
@ -867,19 +867,19 @@ sc_pkcs15init_authentic_operations = {
authentic_pkcs15_delete_object,
/* pkcs15init emulation */
NULL,
NULL,
NULL,
NULL,
authentic_emu_update_tokeninfo,
NULL,
authentic_emu_store_data,
NULL, /* sanity_check */
};
struct sc_pkcs15init_operations *
sc_pkcs15init_get_authentic_ops(void)
{
{
return &sc_pkcs15init_authentic_operations;
}

8
src/pkcs15init/pkcs15-cardos.c
View File

@ -356,7 +356,7 @@ cardos_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
return SC_ERROR_NOT_SUPPORTED;
}
pin_id = sc_pkcs15init_get_pin_reference(p15card, profile,
pin_id = sc_pkcs15init_get_pin_reference(p15card, profile,
SC_AC_SYMBOLIC, SC_PKCS15INIT_USER_PIN);
if (pin_id >= 0) {
r = sc_pkcs15init_verify_secret(profile, p15card, NULL, SC_AC_CHV, pin_id);
@ -646,7 +646,7 @@ cardos_store_key_component(sc_card_t *card,
}
static int
static int
cardos_put_key(sc_profile_t *profile, struct sc_pkcs15_card *p15card,
int algorithm, sc_pkcs15_prkey_info_t *key_info,
struct sc_pkcs15_prkey_rsa *key)
@ -654,7 +654,7 @@ cardos_put_key(sc_profile_t *profile, struct sc_pkcs15_card *p15card,
struct sc_card *card = p15card->card;
int r, key_id, pin_id;
pin_id = sc_pkcs15init_get_pin_reference(p15card, profile, SC_AC_SYMBOLIC,
pin_id = sc_pkcs15init_get_pin_reference(p15card, profile, SC_AC_SYMBOLIC,
SC_PKCS15INIT_USER_PIN);
if (pin_id < 0)
pin_id = 0;
@ -733,7 +733,7 @@ static int parse_ext_pubkey_file(sc_card_t *card, const u8 *data, size_t len,
return SC_ERROR_OUT_OF_MEMORY;
memcpy(pubkey->u.rsa.exponent.data, p, tlen);
return SC_SUCCESS;
return SC_SUCCESS;
}
static int

20
src/pkcs15init/pkcs15-cflex.c
View File

@ -91,7 +91,7 @@ static int cflex_erase_card(struct sc_profile *profile, sc_pkcs15_card_t *p15car
* against other applications that use this file, but
* extremely useful for testing :)
* Note we need to delete if before the DF because we create
* it *after* the DF.
* it *after* the DF.
* */
if (sc_profile_get_file(profile, "DIR", &dir) >= 0) {
r = cflex_delete_file(profile, p15card, dir);
@ -558,7 +558,7 @@ cflex_create_pin_file(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
file->id = (ref == 1)? 0x0000 : 0x0100;
if (unprotected) {
sc_file_add_acl_entry(file, SC_AC_OP_UPDATE,
sc_file_add_acl_entry(file, SC_AC_OP_UPDATE,
SC_AC_NONE, SC_AC_KEY_REF_NONE);
}
@ -722,7 +722,7 @@ cryptoflex_encode_private_key(sc_profile_t *profile, sc_card_t *card,
{
size_t base = rsa->modulus.len / 2, key_blob_size;
int r, key_num = key_ref + 1;
switch (rsa->modulus.len) {
case 512 / 8:
case 768 / 8:
@ -753,7 +753,7 @@ cryptoflex_encode_private_key(sc_profile_t *profile, sc_card_t *card,
*key++ = 0;
*key++ = 0;
*key = 0;
return 0;
}
@ -764,7 +764,7 @@ cryptoflex_encode_public_key(sc_profile_t *profile, sc_card_t *card,
{
size_t base;
int r, key_num = key_ref + 1;
switch (rsa->modulus.len) {
case 512 / 8:
case 768 / 8:
@ -779,14 +779,14 @@ cryptoflex_encode_public_key(sc_profile_t *profile, sc_card_t *card,
if (*keysize < (5 * base + 10))
return SC_ERROR_BUFFER_TOO_SMALL;
*keysize = 5 * base + 10;
memset(key, 0, *keysize);
*key++ = (5 * base + 7) >> 8;
*key++ = (5 * base + 7) & 0xFF;
*key++ = key_num;
/* Funny code - not sure why we do it this way:
*
*
* Specs say: We store: (Length)
* modulus modulus (N bytes)
* J0 Montgomery const 0 (N/2 bytes)
@ -811,7 +811,7 @@ cyberflex_encode_private_key(sc_profile_t *profile, sc_card_t *card,
{
size_t base = rsa->modulus.len / 2, key_blob_size, bnlen;
int r, key_num = key_ref + 1, alg_id;
switch (rsa->modulus.len) {
case 512 / 8: alg_id = 0xC4; break;
case 768 / 8: alg_id = 0xC6; break;
@ -864,7 +864,7 @@ cyberflex_encode_public_key(sc_profile_t *profile, sc_card_t *card,
{
size_t base = rsa->modulus.len, key_blob_size, bnlen;
int r, key_num = key_ref + 1, alg_id;
switch (rsa->modulus.len) {
case 512 / 8: alg_id = 0xC5; break;
case 768 / 8: alg_id = 0xC7; break;
@ -877,7 +877,7 @@ cyberflex_encode_public_key(sc_profile_t *profile, sc_card_t *card,
if (*keysize < key_blob_size)
return SC_ERROR_BUFFER_TOO_SMALL;
*keysize = key_blob_size;
memset(key, 0, *keysize);
*key++ = key_blob_size >> 8;
*key++ = key_blob_size & 0xFF;

22
src/pkcs15init/pkcs15-entersafe.c
View File

@ -95,7 +95,7 @@ static int entersafe_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
mf_data.data.df.lock_ac=0x10;
memcpy(mf_data.data.df.aid,mf_file->name,mf_file->namelen);
sc_file_free(mf_file);
ret = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_CREATE_FILE, &mf_data);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Create MF failed");
}
@ -123,17 +123,17 @@ static int entersafe_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
ef_data.data.ef.name=0x00;
memset(ef_data.data.ef.ac,0x10,sizeof(ef_data.data.ef.ac));
memset(ef_data.data.ef.sm,0x00,sizeof(ef_data.data.ef.sm));
ret = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_CREATE_FILE, &ef_data);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Create EF(DIR) failed");
/* fill file by 0 */
buff = calloc(1,size);
if(!buff)
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS);
memset(buff,0,size);
ret = sc_update_binary(card,0,buff,size,0);
free(buff);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Initialize EF(DIR) failed");
@ -190,7 +190,7 @@ static int entersafe_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card
memset(ef_data.data.ef.sm,0x00,sizeof(ef_data.data.ef.sm));
sc_file_free(gpkf_file);
ret = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_CREATE_FILE, &ef_data);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Create GPKF failed");
}
@ -210,7 +210,7 @@ static int entersafe_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card
int i;
sc_file_t *file=0;
sc_entersafe_create_data tmp;
for(i = 0; create_efs[i]; ++i) {
if (sc_profile_get_file(profile, create_efs[i], &file)) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Inconsistent profile: cannot find %s", create_efs[i]);
@ -229,7 +229,7 @@ static int entersafe_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card
tmp.data.ef.ac[0]=process_acl_entry(file,SC_AC_OP_READ,ENTERSAFE_AC_ALWAYS); /* read */
tmp.data.ef.ac[1]=process_acl_entry(file,SC_AC_OP_UPDATE,ENTERSAFE_AC_ALWAYS); /* update */
memset(tmp.data.ef.sm,0x00,sizeof(tmp.data.ef.sm));
sc_file_free(file);
ret = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_CREATE_FILE, &tmp);
@ -251,7 +251,7 @@ static int entersafe_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15c
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
return SC_ERROR_OBJECT_NOT_VALID;
return SC_ERROR_OBJECT_NOT_VALID;
if (auth_info->attrs.pin.reference < ENTERSAFE_USER_PIN_ID)
auth_info->attrs.pin.reference = ENTERSAFE_USER_PIN_ID;
@ -455,10 +455,10 @@ static int entersafe_sanity_check(sc_profile_t *profile, sc_pkcs15_card_t *p15ca
if (ainfo->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
continue;
if (pin_attrs->reference == profile_auth.attrs.pin.reference
if (pin_attrs->reference == profile_auth.attrs.pin.reference
&& pin_attrs->flags != profile_auth.attrs.pin.flags) {
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Set flags of '%s'(flags:%X,ref:%i,id:%s) to %X", objs[ii]->label,
pin_attrs->flags, pin_attrs->reference, sc_pkcs15_print_id(&ainfo->auth_id),
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Set flags of '%s'(flags:%X,ref:%i,id:%s) to %X", objs[ii]->label,
pin_attrs->flags, pin_attrs->reference, sc_pkcs15_print_id(&ainfo->auth_id),
profile_auth.attrs.pin.flags);
pin_attrs->flags = profile_auth.attrs.pin.flags;
update_df = 1;

10
src/pkcs15init/pkcs15-gpk.c
View File

@ -122,7 +122,7 @@ gpk_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df)
int r, locked;
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
if (sc_card_ctl(p15card->card, SC_CARDCTL_GPK_IS_LOCKED, &locked) == 0
if (sc_card_ctl(p15card->card, SC_CARDCTL_GPK_IS_LOCKED, &locked) == 0
&& locked) {
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
"This card is already personalized, unable to "
@ -594,7 +594,7 @@ gpk_pkfile_create(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *f
}
if (r >= 0)
r = sc_pkcs15init_authenticate(profile, p15card, file,
r = sc_pkcs15init_authenticate(profile, p15card, file,
SC_AC_OP_UPDATE);
if (found)
sc_file_free(found);
@ -677,7 +677,7 @@ gpk_pkfile_init_public(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file
if (r < 0)
return r;
/* Fix up PIN references in file ACL */
if ((r = sc_pkcs15init_fixup_file(profile, p15card, tmp)) < 0)
if ((r = sc_pkcs15init_fixup_file(profile, p15card, tmp)) < 0)
goto out;
acl = sc_file_get_acl_entry(tmp, SC_AC_OP_CRYPTO);
@ -756,7 +756,7 @@ gpk_pkfile_update_public(struct sc_profile *profile,
/* Check for bad record */
if (r < 2) {
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "key file format error: "
"record %u too small (%u bytes)\n",
"record %u too small (%u bytes)\n",
n, r);
return SC_ERROR_OBJECT_NOT_VALID;
}
@ -911,7 +911,7 @@ gpk_add_bignum(struct pkpart *part, unsigned int tag,
sc_pkcs15_bignum_t *bn, size_t size)
{
struct pkcomp *comp;
if (size == 0)
size = bn->len;

176
src/pkcs15init/pkcs15-iasecc.c
View File

@ -74,8 +74,8 @@ iasecc_reference_to_pkcs15_id (unsigned int ref, struct sc_pkcs15_id *id)
}
int
iasecc_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
int
iasecc_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_file *df)
{
struct sc_context *ctx = p15card->card->ctx;
@ -109,7 +109,7 @@ iasecc_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *pro
* Erase the card
*
*/
static int
static int
iasecc_pkcs15_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
{
struct sc_context *ctx = p15card->card->ctx;
@ -142,7 +142,7 @@ iasecc_pkcs15_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15c
obj_type = SC_PKCS15_TYPE_PUBKEY;
else if (df->type == SC_PKCS15_CDF)
obj_type = SC_PKCS15_TYPE_CERT;
else
else
continue;
rv = sc_pkcs15_get_objects(p15card, obj_type, objs, 32);
@ -210,7 +210,7 @@ iasecc_pkcs15_new_file(struct sc_profile *profile, struct sc_card *card,
id.len = 1;
id.value[0] = num & 0xFF;
rv = sc_profile_instantiate_template(profile, "key-domain", &profile->df_info->file->path,
rv = sc_profile_instantiate_template(profile, "key-domain", &profile->df_info->file->path,
_template, &id, &file);
}
LOG_TEST_RET(ctx, rv, "Error when getting file from template");
@ -222,7 +222,7 @@ iasecc_pkcs15_new_file(struct sc_profile *profile, struct sc_card *card,
file->path.type = SC_PATH_TYPE_FILE_ID;
file->path.len = 2;
}
file->path.value[file->path.len - 2] = (file->id >> 8) & 0xFF;
file->path.value[file->path.len - 2] = (file->id >> 8) & 0xFF;
file->path.value[file->path.len - 1] = file->id & 0xFF;
file->path.count = -1;
@ -249,9 +249,9 @@ iasecc_pkcs15_select_key_reference(struct sc_profile *profile, struct sc_pkcs15_
int rv = 0, idx = key_info->key_reference & ~IASECC_OBJECT_REF_LOCAL;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "'seed' key reference %i; path %s", key_info->key_reference & ~IASECC_OBJECT_REF_LOCAL,
sc_log(ctx, "'seed' key reference %i; path %s", key_info->key_reference & ~IASECC_OBJECT_REF_LOCAL,
sc_print_path(&key_info->path));
rv = sc_select_file(card, &key_info->path, &file);
LOG_TEST_RET(ctx, rv, "Cannot select DF to select key reference in");
@ -282,14 +282,14 @@ iasecc_pkcs15_select_key_reference(struct sc_profile *profile, struct sc_pkcs15_
/* All card objects but PINs are locals */
key_info->key_reference = idx | IASECC_OBJECT_REF_LOCAL;
sc_log(ctx, "selected key reference %i", key_info->key_reference);
if (file)
sc_file_free(file);
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
static int
static int
iasecc_sdo_get_data(struct sc_card *card, struct iasecc_sdo *sdo)
{
struct sc_context *ctx = card->ctx;
@ -312,7 +312,7 @@ iasecc_file_convert_acls(struct sc_context *ctx, struct sc_profile *profile, str
struct sc_acl_entry *acl = sc_file_get_acl_entry(file, ii);
if (acl) {
switch (acl->method) {
switch (acl->method) {
case SC_AC_IDA:
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "'IDA' not actually supported");
case SC_AC_SCB:
@ -331,18 +331,18 @@ iasecc_file_convert_acls(struct sc_context *ctx, struct sc_profile *profile, str
return 0;
}
static int
static int
iasecc_sdo_set_key_acls_from_profile(struct sc_profile *profile, struct sc_card *card,
const char *template, struct iasecc_sdo *sdo)
{
struct sc_context *ctx = card->ctx;
struct sc_file *file = NULL;
unsigned char ops_prvkey[7] = {
SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_AC_OP_INTERNAL_AUTHENTICATE, SC_AC_OP_PSO_DECRYPT,
SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_AC_OP_INTERNAL_AUTHENTICATE, SC_AC_OP_PSO_DECRYPT,
SC_AC_OP_GENERATE, 0xFF, SC_AC_OP_UPDATE, SC_AC_OP_READ
};
unsigned char ops_pubkey[7] = {
0xFF, SC_AC_OP_EXTERNAL_AUTHENTICATE, 0xFF,
0xFF, SC_AC_OP_EXTERNAL_AUTHENTICATE, 0xFF,
SC_AC_OP_GENERATE, 0xFF, SC_AC_OP_UPDATE, SC_AC_OP_READ
};
unsigned char amb, scb[16], mask;
@ -404,13 +404,13 @@ iasecc_sdo_set_key_acls_from_profile(struct sc_profile *profile, struct sc_card
*(sdo->docp.acls_contact.value + 0) = amb;
memcpy(sdo->docp.acls_contact.value + 1, scb, cntr);
sc_log(ctx, "AMB: %X, CNTR %i, %x %x %x %x %x %x",
sc_log(ctx, "AMB: %X, CNTR %i, %x %x %x %x %x %x",
amb, cntr, scb[0], scb[1], scb[2], scb[3], scb[4], scb[5], scb[6]);
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
static int
static int
iasecc_sdo_allocate_prvkey(struct sc_profile *profile, struct sc_card *card,
struct sc_pkcs15_prkey_info *key_info, struct iasecc_sdo **out)
{
@ -431,7 +431,7 @@ iasecc_sdo_allocate_prvkey(struct sc_profile *profile, struct sc_card *card,
sdo->usage = key_info->usage;
sc_log(ctx, "sdo->sdo_class 0x%X; sdo->usage 0x%X", sdo->sdo_class, sdo->usage);
rv = iasecc_sdo_get_data(card, sdo);
if (rv == SC_ERROR_DATA_OBJECT_NOT_FOUND) {
sdo->not_on_card = 1;
@ -460,7 +460,7 @@ iasecc_sdo_allocate_prvkey(struct sc_profile *profile, struct sc_card *card,
sdo->docp.size.size = 2;
*(sdo->docp.size.value + 0) = (sz >> 8) & 0xFF;
*(sdo->docp.size.value + 1) = sz & 0xFF;
/*
/*
FIXME: Manage CRT key types: IASECC_GEN_KEY_TYPE_*: X509_usage
Optional PRIVATE KEY SDO attribute 'Algorithm to compulsorily use' can have one of the three values:
0(any usage), B6(Sign), A4(Authentication), B8(Confidentiality).
@ -490,8 +490,8 @@ iasecc_sdo_allocate_prvkey(struct sc_profile *profile, struct sc_card *card,
}
static int
iasecc_sdo_allocate_pubkey(struct sc_profile *profile, struct sc_card *card, struct sc_pkcs15_pubkey_info *key_info,
static int
iasecc_sdo_allocate_pubkey(struct sc_profile *profile, struct sc_card *card, struct sc_pkcs15_pubkey_info *key_info,
struct iasecc_sdo **out)
{
struct sc_context *ctx = card->ctx;
@ -544,7 +544,7 @@ iasecc_sdo_allocate_pubkey(struct sc_profile *profile, struct sc_card *card, str
else {
LOG_TEST_RET(ctx, rv, "iasecc_sdo_allocate_pubkey() error while getting public key SDO data");
}
if (out)
*out = sdo;
@ -552,7 +552,7 @@ iasecc_sdo_allocate_pubkey(struct sc_profile *profile, struct sc_card *card, str
}
static int
static int
iasecc_sdo_convert_to_file(struct sc_card *card, struct iasecc_sdo *sdo, struct sc_file **out)
{
struct sc_context *ctx = card->ctx;
@ -569,14 +569,14 @@ iasecc_sdo_convert_to_file(struct sc_card *card, struct iasecc_sdo *sdo, struct
sc_log(ctx, "SDO class 0x%X", sdo->sdo_class);
if (sdo->sdo_class == IASECC_SDO_CLASS_RSA_PRIVATE) {
unsigned char ops[] = {
SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_AC_OP_INTERNAL_AUTHENTICATE, SC_AC_OP_PSO_DECRYPT,
unsigned char ops[] = {
SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_AC_OP_INTERNAL_AUTHENTICATE, SC_AC_OP_PSO_DECRYPT,
SC_AC_OP_GENERATE, SC_AC_OP_UPDATE, SC_AC_OP_READ
};
for (ii=0; ii<sizeof(ops)/sizeof(ops[0]);ii++) {
unsigned op_method, op_ref;
unsigned op_method, op_ref;
rv = iasecc_sdo_convert_acl(card, sdo, ops[ii], &op_method, &op_ref);
LOG_TEST_RET(ctx, rv, "IasEcc: cannot convert ACL");
sc_log(ctx, "ii:%i, method:%X, ref:%X", ii, op_method, op_ref);
@ -608,7 +608,7 @@ iasecc_pkcs15_add_access_rule(struct sc_pkcs15_object *object, unsigned access_m
else if (!auth_id && !object->access_rules[ii].auth_id.len) {
object->access_rules[ii].access_mode |= access_mode;
break;
}
}
else if (auth_id && sc_pkcs15_compare_id(&object->access_rules[ii].auth_id, auth_id)) {
object->access_rules[ii].access_mode |= access_mode;
break;
@ -618,7 +618,7 @@ iasecc_pkcs15_add_access_rule(struct sc_pkcs15_object *object, unsigned access_m
if (ii==SC_PKCS15_MAX_ACCESS_RULES)
return SC_ERROR_TOO_MANY_OBJECTS;
return SC_SUCCESS;
return SC_SUCCESS;
}
@ -649,10 +649,10 @@ iasecc_pkcs15_get_auth_id_from_se(struct sc_pkcs15_card *p15card, unsigned char
pin_ref = rv;
for (ii=0; ii<nn_pins; ii++) {
const struct sc_pkcs15_auth_info *auth_info = (const struct sc_pkcs15_auth_info *) pin_objs[ii]->data;
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
continue;
sc_log(ctx, "PIN refs %i/%i", pin_ref, auth_info->attrs.pin.reference);
if (pin_ref == ((auth_info->attrs.pin.reference + 0x100) % 0x100)) {
*auth_id = auth_info->auth_id;
@ -685,7 +685,7 @@ iasecc_pkcs15_fix_file_access_rule(struct sc_pkcs15_card *p15card, struct sc_fil
LOG_TEST_RET(ctx, rv, "Fix file access rule error");
}
else {
if (acl->method == SC_AC_IDA) {
if (acl->method == SC_AC_IDA) {
ref = acl->key_ref;
iasecc_reference_to_pkcs15_id (ref, &id);
}
@ -711,7 +711,7 @@ iasecc_pkcs15_fix_file_access_rule(struct sc_pkcs15_card *p15card, struct sc_fil
static int
iasecc_pkcs15_fix_file_access(struct sc_pkcs15_card *p15card, struct sc_file *file,
iasecc_pkcs15_fix_file_access(struct sc_pkcs15_card *p15card, struct sc_file *file,
struct sc_pkcs15_object *object)
{
struct sc_context *ctx = p15card->card->ctx;
@ -735,7 +735,7 @@ iasecc_pkcs15_fix_file_access(struct sc_pkcs15_card *p15card, struct sc_file *fi
}
static int
static int
iasecc_pkcs15_encode_supported_algos(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *object)
{
struct sc_context *ctx = p15card->card->ctx;
@ -799,7 +799,7 @@ iasecc_sdo_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
int rv;
LOG_FUNC_CALLED(ctx);
if (!sdo_prvkey && !sdo_pubkey)
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "At least one SDO has to be supplied");
rv = iasecc_sdo_convert_to_file(card, sdo_prvkey ? sdo_prvkey : sdo_pubkey, &dummy_file);
@ -809,7 +809,7 @@ iasecc_sdo_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
rv = sc_pkcs15init_authenticate(profile, p15card, dummy_file, SC_AC_OP_UPDATE);
card->caps = caps;
LOG_TEST_RET(ctx, rv, "SDO PRIVATE KEY UPDATE authentication failed");
if (dummy_file)
sc_file_free(dummy_file);
@ -837,7 +837,7 @@ iasecc_pkcs15_add_algorithm_reference(struct sc_pkcs15_card *p15card,
;
if (jj == SC_MAX_SUPPORTED_ALGORITHMS)
return SC_ERROR_TOO_MANY_OBJECTS;
for (ii=0;ii<SC_MAX_SUPPORTED_ALGORITHMS;ii++)
if (p15card->tokeninfo->supported_algos[ii].algo_ref == algo_ref)
break;
@ -845,13 +845,13 @@ iasecc_pkcs15_add_algorithm_reference(struct sc_pkcs15_card *p15card,
return SC_ERROR_OBJECT_NOT_FOUND;
key_info->algo_refs[jj] = p15card->tokeninfo->supported_algos[ii].reference;
return SC_SUCCESS;
return SC_SUCCESS;
}
static int
iasecc_pkcs15_fix_private_key_attributes(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *object,
struct sc_pkcs15_object *object,
struct iasecc_sdo *sdo_prvkey)
{
struct sc_card *card = p15card->card;
@ -860,7 +860,7 @@ iasecc_pkcs15_fix_private_key_attributes(struct sc_profile *profile, struct sc_p
int rv = 0, ii;
unsigned keys_access_modes[IASECC_MAX_SCBS] = {
SC_PKCS15_ACCESS_RULE_MODE_PSO_CDS, SC_PKCS15_ACCESS_RULE_MODE_INT_AUTH, SC_PKCS15_ACCESS_RULE_MODE_PSO_DECRYPT,
SC_PKCS15_ACCESS_RULE_MODE_EXECUTE, 0x00, SC_PKCS15_ACCESS_RULE_MODE_UPDATE, SC_PKCS15_ACCESS_RULE_MODE_READ
SC_PKCS15_ACCESS_RULE_MODE_EXECUTE, 0x00, SC_PKCS15_ACCESS_RULE_MODE_UPDATE, SC_PKCS15_ACCESS_RULE_MODE_READ
};
LOG_FUNC_CALLED(ctx);
@ -874,11 +874,11 @@ iasecc_pkcs15_fix_private_key_attributes(struct sc_profile *profile, struct sc_p
key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE;
key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE;
sc_log(ctx, "SDO(class:%X,ref:%X,usage:%X)",
sc_log(ctx, "SDO(class:%X,ref:%X,usage:%X)",
sdo_prvkey->sdo_class, sdo_prvkey->sdo_ref, sdo_prvkey->usage);
sc_log(ctx, "SDO ACLs(%i):%s", sdo_prvkey->docp.acls_contact.size,
sc_log(ctx, "SDO ACLs(%i):%s", sdo_prvkey->docp.acls_contact.size,
sc_dump_hex(sdo_prvkey->docp.acls_contact.value, sdo_prvkey->docp.acls_contact.size));
sc_log(ctx, "SDO AMB:%X, SCBS:%s", sdo_prvkey->docp.amb,
sc_log(ctx, "SDO AMB:%X, SCBS:%s", sdo_prvkey->docp.amb,
sc_dump_hex(sdo_prvkey->docp.scbs, IASECC_MAX_SCBS));
for (ii=0;ii<IASECC_MAX_SCBS;ii++) {
@ -899,11 +899,11 @@ iasecc_pkcs15_fix_private_key_attributes(struct sc_profile *profile, struct sc_p
rv = iasecc_pkcs15_add_access_rule(object, keys_access_modes[ii], &auth_id);
LOG_TEST_RET(ctx, rv, "Cannot add access rule");
if (ii == IASECC_ACLS_RSAKEY_PSO_SIGN
|| ii == IASECC_ACLS_RSAKEY_INTERNAL_AUTH
if (ii == IASECC_ACLS_RSAKEY_PSO_SIGN
|| ii == IASECC_ACLS_RSAKEY_INTERNAL_AUTH
|| ii == IASECC_ACLS_RSAKEY_PSO_DECIPHER) {
if (!sc_pkcs15_compare_id(&object->auth_id, &auth_id)) {
/* Sorry, this will silently overwrite the profile option.*/
/* Sorry, this will silently overwrite the profile option.*/
sc_log(ctx, "Change object's authId for the one that really protects crypto operation.");
object->auth_id = auth_id;
}
@ -911,11 +911,11 @@ iasecc_pkcs15_fix_private_key_attributes(struct sc_profile *profile, struct sc_p
}
if (ii == IASECC_ACLS_RSAKEY_PSO_SIGN) {
rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info,
rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info,
IASECC_ALGORITHM_RSA_PKCS | IASECC_ALGORITHM_SHA1);
LOG_TEST_RET(ctx, rv, "Cannot add RSA_PKCS SHA1 supported mechanism");
rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info,
rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info,
IASECC_ALGORITHM_RSA_PKCS | IASECC_ALGORITHM_SHA2);
LOG_TEST_RET(ctx, rv, "Cannot add RSA_PKCS SHA2 supported mechanism");
@ -930,11 +930,11 @@ iasecc_pkcs15_fix_private_key_attributes(struct sc_profile *profile, struct sc_p
key_info->usage |= SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER;
}
else if (ii == IASECC_ACLS_RSAKEY_PSO_DECIPHER) {
rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info,
rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info,
IASECC_ALGORITHM_RSA_PKCS_DECRYPT | IASECC_ALGORITHM_SHA1);
LOG_TEST_RET(ctx, rv, "Cannot add decipher RSA_PKCS supported mechanism");
key_info->usage |= SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP;
key_info->usage |= SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP;
}
}
@ -999,7 +999,7 @@ iasecc_pkcs15_create_key_slot(struct sc_profile *profile, struct sc_pkcs15_card
LOG_FUNC_RETURN(ctx, rv);
}
static int
iasecc_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *object)
@ -1013,7 +1013,7 @@ iasecc_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15c
int rv;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "create private key(keybits:%i,usage:%X,access:%X,ref:%X)",
sc_log(ctx, "create private key(keybits:%i,usage:%X,access:%X,ref:%X)",
keybits, key_info->usage, key_info->access_flags, key_info->key_reference);
if (keybits < 1024 || keybits > 2048 || (keybits % 256)) {
sc_log(ctx, "Unsupported key size %u", keybits);
@ -1037,7 +1037,7 @@ iasecc_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15c
rv = iasecc_pkcs15_create_key_slot(profile, p15card, sdo_prvkey, sdo_pubkey, key_info);
LOG_TEST_RET(ctx, rv, "Cannot create key slot");
}
rv = sc_pkcs15_allocate_object_content(ctx, object, (unsigned char *)sdo_prvkey, sizeof(struct iasecc_sdo));
LOG_TEST_RET(ctx, rv, "Failed to allocate PrvKey SDO as object content");
@ -1070,7 +1070,7 @@ iasecc_pkcs15_generate_key(struct sc_profile *profile, sc_pkcs15_card_t *p15card
int rv;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "generate key(bits:%i,path:%s,AuthID:%s\n", keybits,
sc_log(ctx, "generate key(bits:%i,path:%s,AuthID:%s\n", keybits,
sc_print_path(&key_info->path), sc_pkcs15_print_id(&object->auth_id));
if (!object->content.value || object->content.len != sizeof(struct iasecc_sdo))
@ -1115,7 +1115,7 @@ iasecc_pkcs15_generate_key(struct sc_profile *profile, sc_pkcs15_card_t *p15card
LOG_TEST_RET(ctx, rv, "IasEcc: allocate SDO public key failed");
pubkey->algorithm = SC_ALGORITHM_RSA;
pubkey->u.rsa.modulus.len = sdo_pubkey->data.pub_key.n.size;
pubkey->u.rsa.modulus.data = (unsigned char *) malloc(pubkey->u.rsa.modulus.len);
if (!pubkey->u.rsa.modulus.data)
@ -1162,7 +1162,7 @@ iasecc_pkcs15_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15ca
int rv;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "Store IAS/ECC key(keybits:%i,AuthID:%s,path:%s)",
sc_log(ctx, "Store IAS/ECC key(keybits:%i,AuthID:%s,path:%s)",
keybits, sc_pkcs15_print_id(&object->auth_id), sc_print_path(&key_info->path));
if (!object->content.value || object->content.len != sizeof(struct iasecc_sdo))
@ -1174,7 +1174,7 @@ iasecc_pkcs15_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15ca
if (sdo_prvkey->magic != SC_CARDCTL_IASECC_SDO_MAGIC)
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "'Magic' control failed for SDO PrvKey");
sc_log(ctx, "key compulsory attr(size:%i,on_card:%i)",
sc_log(ctx, "key compulsory attr(size:%i,on_card:%i)",
sdo_prvkey->data.prv_key.compulsory.size, sdo_prvkey->data.prv_key.compulsory.on_card);
rv = sc_profile_get_parent(profile, "private-key", &file);
@ -1201,8 +1201,8 @@ iasecc_pkcs15_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15ca
}
static int
iasecc_pkcs15_delete_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15card,
static int
iasecc_pkcs15_delete_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15card,
int sdo_class, int ref)
{
struct sc_context *ctx = p15card->card->ctx;
@ -1226,7 +1226,7 @@ iasecc_pkcs15_delete_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15
rv = iasecc_sdo_get_data(card, sdo);
if (rv < 0) {
if (rv == SC_ERROR_DATA_OBJECT_NOT_FOUND)
if (rv == SC_ERROR_DATA_OBJECT_NOT_FOUND)
rv = SC_SUCCESS;
iasecc_sdo_free(card, sdo);
@ -1240,7 +1240,7 @@ iasecc_pkcs15_delete_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15
sdo->data.pub_key.cha.size = 0;
}
}
sc_log(ctx, "iasecc_pkcs15_delete_sdo() SDO class 0x%X, ref 0x%X", sdo->sdo_class, sdo->sdo_ref);
rv = iasecc_sdo_convert_to_file(card, sdo, &dummy_file);
LOG_TEST_RET(ctx, rv, "iasecc_pkcs15_delete_sdo() Cannot convert SDO to file");
@ -1249,16 +1249,16 @@ iasecc_pkcs15_delete_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15
rv = sc_pkcs15init_authenticate(profile, p15card, dummy_file, SC_AC_OP_UPDATE);
card->caps = save_card_caps;
LOG_TEST_RET(ctx, rv, "iasecc_pkcs15_delete_sdo() UPDATE authentication failed for SDO");
if (dummy_file)
sc_file_free(dummy_file);
if (card->type == SC_CARD_TYPE_IASECC_OBERTHUR) {
/* Oberthur's card supports creation/deletion of the key slots ... */
/* Oberthur's card supports creation/deletion of the key slots ... */
rv = sc_card_ctl(card, SC_CARDCTL_IASECC_SDO_DELETE, sdo);
}
else {
/* ... other cards not.
/* ... other cards not.
* Set to zero the key components . */
unsigned char zeros[0x200];
int size = *(sdo->docp.size.value + 0) * 0x100 + *(sdo->docp.size.value + 1);
@ -1273,7 +1273,7 @@ iasecc_pkcs15_delete_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15
rsa.p.data = rsa.q.data = rsa.iqmp.data = rsa.dmp1.data = rsa.dmq1.data = zeros;
rsa.p.len = rsa.q.len = rsa.iqmp.len = rsa.dmp1.len = rsa.dmq1.len = size/2;
/* Don't know why, but, clean public key do not working with Gemalto card */
rv = iasecc_sdo_store_key(profile, p15card, sdo, NULL, &rsa);
LOG_TEST_RET(ctx, rv, "iasecc_pkcs15_delete_sdo() store empty private key failed");
@ -1284,7 +1284,7 @@ iasecc_pkcs15_delete_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15
}
static int
static int
iasecc_pkcs15_delete_object (struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *object, const struct sc_path *path)
{
@ -1304,10 +1304,10 @@ iasecc_pkcs15_delete_object (struct sc_profile *profile, struct sc_pkcs15_card *
key_ref = ((sc_pkcs15_prkey_info_t *)object->data)->key_reference;
/* Delete both parts of the RSA key */
rv = iasecc_pkcs15_delete_sdo (profile, p15card, IASECC_SDO_CLASS_RSA_PRIVATE, key_ref);
rv = iasecc_pkcs15_delete_sdo (profile, p15card, IASECC_SDO_CLASS_RSA_PRIVATE, key_ref);
LOG_TEST_RET(ctx, rv, "Cannot delete RSA_PRIVATE SDO");
rv = iasecc_pkcs15_delete_sdo (profile, p15card, IASECC_SDO_CLASS_RSA_PUBLIC, key_ref);
rv = iasecc_pkcs15_delete_sdo (profile, p15card, IASECC_SDO_CLASS_RSA_PUBLIC, key_ref);
LOG_TEST_RET(ctx, rv, "Cannot delete RSA_PUBLIC SDO");
LOG_FUNC_RETURN(ctx, rv);
@ -1323,17 +1323,17 @@ iasecc_pkcs15_delete_object (struct sc_profile *profile, struct sc_pkcs15_card *
file->ef_structure = SC_FILE_EF_TRANSPARENT;
file->id = path->value[path->len-2] * 0x100 + path->value[path->len-1];
memcpy(&file->path, path, sizeof(file->path));
rv = iasecc_pkcs15_delete_file(p15card, profile, file);
sc_file_free(file);
LOG_FUNC_RETURN(ctx, rv);
}
static int
iasecc_store_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_pkcs15_object *object,
static int
iasecc_store_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_pkcs15_object *object,
struct sc_pkcs15_der *data, struct sc_path *path)
{
struct sc_context *ctx = p15card->card->ctx;
@ -1371,9 +1371,9 @@ iasecc_store_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
}
static int
iasecc_store_cert(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *object, struct sc_pkcs15_der *data,
static int
iasecc_store_cert(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *object, struct sc_pkcs15_der *data,
struct sc_path *path)
{
struct sc_context *ctx = p15card->card->ctx;
@ -1397,9 +1397,9 @@ iasecc_store_cert(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
/*
* FIXME: Implement 'store data object'
static int
iasecc_store_opaqueDO(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *object, struct sc_pkcs15_id *id,
static int
iasecc_store_opaqueDO(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *object, struct sc_pkcs15_id *id,
struct sc_pkcs15_der *data, struct sc_path *path)
{
struct sc_context *ctx = p15card->card->ctx;
@ -1433,7 +1433,7 @@ iasecc_store_opaqueDO(struct sc_pkcs15_card *p15card, struct sc_profile *profile
if (ii == nn_objs)
break;
if (pfile)
sc_file_free(pfile);
pfile = NULL;
@ -1450,13 +1450,13 @@ iasecc_store_opaqueDO(struct sc_pkcs15_card *p15card, struct sc_profile *profile
object->access_rules[0].access_mode = SC_PKCS15_ACCESS_RULE_MODE_READ;
acl = sc_file_get_acl_entry(pfile, SC_AC_OP_READ);
sc_log(ctx, "iasecc_store_opaqueDO() READ method %i", acl->method);
if (acl->method == SC_AC_IDA)
if (acl->method == SC_AC_IDA)
iasecc_reference_to_pkcs15_id (acl->key_ref, &object->access_rules[0].auth_id);
object->access_rules[1].access_mode = SC_PKCS15_ACCESS_RULE_MODE_UPDATE;
acl = sc_file_get_acl_entry(pfile, SC_AC_OP_UPDATE);
sc_log(ctx, "iasecc_store_opaqueDO() UPDATE method %i", acl->method);
if (acl->method == SC_AC_IDA)
if (acl->method == SC_AC_IDA)
iasecc_reference_to_pkcs15_id (acl->key_ref, &object->access_rules[1].auth_id);
} while(0);
@ -1515,9 +1515,9 @@ iasecc_store_opaqueDO(struct sc_pkcs15_card *p15card, struct sc_profile *profile
*/
static int
iasecc_emu_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *object,
static int
iasecc_emu_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *object,
struct sc_pkcs15_der *data, struct sc_path *path)
{
@ -1539,7 +1539,7 @@ iasecc_emu_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile
break;
*/
}
LOG_FUNC_RETURN(ctx, rv);
}
@ -1552,7 +1552,7 @@ iasecc_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card *p
}
static struct sc_pkcs15init_operations
static struct sc_pkcs15init_operations
sc_pkcs15init_iasecc_operations = {
iasecc_pkcs15_erase_card,
NULL, /* init_card */
@ -1570,8 +1570,8 @@ sc_pkcs15init_iasecc_operations = {
iasecc_pkcs15_delete_object,
/* pkcs15init emulation */
NULL,
NULL,
NULL,
NULL,
iasecc_emu_update_tokeninfo,
NULL,
iasecc_emu_store_data,
@ -1587,7 +1587,7 @@ sc_pkcs15init_iasecc_operations = {
struct sc_pkcs15init_operations *
sc_pkcs15init_get_iasecc_ops(void)
{
{
return &sc_pkcs15init_iasecc_operations;
}

2
src/pkcs15init/pkcs15-incrypto34.c
View File

@ -203,7 +203,7 @@ incrypto34_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card
* Store a PIN
*/
static int
incrypto34_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
incrypto34_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
sc_file_t *df, sc_pkcs15_object_t *pin_obj,
const u8 *pin, size_t pin_len,
const u8 *puk, size_t puk_len)

8
src/pkcs15init/pkcs15-init.h
View File

@ -336,9 +336,9 @@ extern int sc_pkcs15init_create_file(struct sc_profile *,
struct sc_pkcs15_card *, struct sc_file *);
extern int sc_pkcs15init_update_file(struct sc_profile *,
struct sc_pkcs15_card *, struct sc_file *, void *, unsigned int);
extern int sc_pkcs15init_authenticate(struct sc_profile *, struct sc_pkcs15_card *,
extern int sc_pkcs15init_authenticate(struct sc_profile *, struct sc_pkcs15_card *,
struct sc_file *, int);
extern int sc_pkcs15init_fixup_file(struct sc_profile *, struct sc_pkcs15_card *,
extern int sc_pkcs15init_fixup_file(struct sc_profile *, struct sc_pkcs15_card *,
struct sc_file *);
extern int sc_pkcs15init_get_pin_info(struct sc_profile *, int, struct sc_pkcs15_auth_info *);
extern int sc_profile_get_pin_retries(struct sc_profile *, int);
@ -351,7 +351,7 @@ extern int sc_pkcs15init_verify_secret(struct sc_profile *, struct sc_pkcs15_car
sc_file_t *, unsigned int, int);
extern int sc_pkcs15init_delete_by_path(struct sc_profile *,
struct sc_pkcs15_card *, const struct sc_path *);
extern int sc_pkcs15init_update_any_df(struct sc_pkcs15_card *, struct sc_profile *,
extern int sc_pkcs15init_update_any_df(struct sc_pkcs15_card *, struct sc_profile *,
struct sc_pkcs15_df *, int);
/* Erasing the card structure via rm -rf */
@ -369,7 +369,7 @@ extern int sc_pkcs15init_requires_restrictive_usage(
extern int sc_pkcs15_create_pin_domain(struct sc_profile *, struct sc_pkcs15_card *,
const struct sc_pkcs15_id *, struct sc_file **);
extern int sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *,
extern int sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *,
struct sc_profile *, unsigned, int);
extern int sc_pkcs15init_sanity_check(struct sc_pkcs15_card *, struct sc_profile *);

20
src/pkcs15init/pkcs15-jcop.c
View File

@ -51,7 +51,7 @@ jcop_erase_card(struct sc_profile *pro, sc_pkcs15_card_t *p15card) {
* for JCOP, it must be the application DF. no other DF's may exist.
*/
static int
jcop_init_app(sc_profile_t *profile, sc_card_t *card,
jcop_init_app(sc_profile_t *profile, sc_card_t *card,
struct sc_pkcs15_pin_info *pin_info,
const u8 *pin, size_t pin_len, const u8 *puk, size_t puk_len) {
return SC_ERROR_NOT_SUPPORTED;
@ -59,7 +59,7 @@ jcop_init_app(sc_profile_t *profile, sc_card_t *card,
#else
static int
static int
jcop_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *file)
{
return SC_ERROR_NOT_SUPPORTED;
@ -205,10 +205,10 @@ jcop_bn2bin(unsigned char *dest, sc_pkcs15_bignum_t *bn, unsigned int size)
* byte 1 Modulus length (in byte/4)
* byte 2 Modulus (n)
* byte 2+x private exponent (d)
*
*
* CRT:
* byte 0 0x06
* byte 1 component length (in byte/2; component length is half
* byte 1 component length (in byte/2; component length is half
* of modulus length
* byte 2 Prime (p)
* byte 2+x Prime (q)
@ -259,7 +259,7 @@ jcop_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
static int
jcop_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
sc_pkcs15_object_t *obj,
sc_pkcs15_pubkey_t *pubkey)
sc_pkcs15_pubkey_t *pubkey)
{
sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data;
struct sc_cardctl_jcop_genkey args;
@ -284,7 +284,7 @@ jcop_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
mod_len = key_info->modulus_length / 8;
exp_len = 4;
pub_len = 2 + mod_len + exp_len;
temppubfile->size = pub_len;
temppubfile->size = pub_len;
r = sc_pkcs15init_fixup_file(profile, p15card, temppubfile);
if (r < 0)
@ -301,7 +301,7 @@ jcop_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
r = sc_pkcs15init_authenticate(profile, p15card, keyfile, SC_AC_OP_UPDATE);
if (r < 0)
goto out;
keybits = key_info->modulus_length;
/* generate key */
@ -318,9 +318,9 @@ jcop_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
}
args.pubkey = keybuf;
args.pubkey_len = keybits / 8;
r = sc_card_ctl(p15card->card, SC_CARDCTL_JCOP_GENERATE_KEY, (void *)&args);
if (r < 0)
if (r < 0)
goto out;
/* extract public key */
@ -338,7 +338,7 @@ jcop_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
out:
if (r < 0 && keybuf)
free(keybuf);
free(keybuf);
if (delete_ok)
sc_pkcs15init_rmdir(p15card, profile, temppubfile);
if (keyfile)

188
src/pkcs15init/pkcs15-lib.c
View File

@ -123,7 +123,7 @@ static int sc_pkcs15init_qualify_pin(struct sc_card *, const char *,
static struct sc_pkcs15_df * find_df_by_type(struct sc_pkcs15_card *,
unsigned int);
static int sc_pkcs15init_read_info(struct sc_card *card, struct sc_profile *);
static int sc_pkcs15init_parse_info(struct sc_card *, const unsigned char *, size_t,
static int sc_pkcs15init_parse_info(struct sc_card *, const unsigned char *, size_t,
struct sc_profile *);
static int sc_pkcs15init_write_info(struct sc_pkcs15_card *, struct sc_profile *,
struct sc_pkcs15_object *);
@ -342,7 +342,7 @@ sc_pkcs15init_bind(struct sc_card *card, const char *name,
LOG_TEST_RET(ctx, r, "Read info error");
}
/* Check the config file for a profile name.
/* Check the config file for a profile name.
* If none is defined, use the default profile name.
*/
if (!get_profile_from_config(card, card_profile, sizeof(card_profile)))
@ -403,7 +403,7 @@ sc_pkcs15init_set_p15card(struct sc_profile *profile,
struct sc_context *ctx = p15card->card->ctx;
struct sc_pkcs15_object *p15objects[10];
int i, r, nn_objs;
LOG_FUNC_CALLED(ctx);
/* Prepare pin-domain instantiation:
@ -426,7 +426,7 @@ sc_pkcs15init_set_p15card(struct sc_profile *profile,
if (!sc_select_file(p15card->card, &auth_info->path, &file)) {
char pin_name[16];
sprintf(pin_name, "pin-dir-%02X%02X",
sprintf(pin_name, "pin-dir-%02X%02X",
file->path.value[file->path.len - 2],
file->path.value[file->path.len - 1]);
sc_log(ctx, "add '%s' to profile file list", pin_name);
@ -467,7 +467,7 @@ sc_pkcs15init_erase_card(struct sc_pkcs15_card *p15card, struct sc_profile *prof
/* Needs the 'SOPIN' AUTH pkcs15 object.
* So that, SOPIN can be found by it's reference. */
if (sc_pkcs15_bind(p15card->card, aid, &p15card) >= 0)
profile->p15_data = p15card;
profile->p15_data = p15card;
if (profile->ops->erase_card == NULL)
LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
@ -479,7 +479,7 @@ sc_pkcs15init_erase_card(struct sc_pkcs15_card *p15card, struct sc_profile *prof
int
sc_pkcs15init_erase_card_recursively(struct sc_pkcs15_card *p15card,
sc_pkcs15init_erase_card_recursively(struct sc_pkcs15_card *p15card,
struct sc_profile *profile)
{
struct sc_file *df = profile->df_info->file, *dir;
@ -514,7 +514,7 @@ sc_pkcs15init_erase_card_recursively(struct sc_pkcs15_card *p15card,
}
int
int
sc_pkcs15init_delete_by_path(struct sc_profile *profile,
struct sc_pkcs15_card *p15card, const struct sc_path *file_path)
{
@ -658,7 +658,7 @@ sc_pkcs15init_finalize_card(struct sc_card *card, struct sc_profile *profile)
int
sc_pkcs15init_finalize_profile(struct sc_card *card, struct sc_profile *profile,
sc_pkcs15init_finalize_profile(struct sc_card *card, struct sc_profile *profile,
struct sc_aid *aid)
{
struct sc_context *ctx = card->ctx;
@ -678,7 +678,7 @@ sc_pkcs15init_finalize_profile(struct sc_card *card, struct sc_profile *profile,
sc_log(ctx, "Cannot find oncard application");
LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
}
sc_log(ctx, "Finalize profile with application '%s'", app->label);
rv = sc_profile_finish(profile, app);
@ -750,12 +750,12 @@ sc_pkcs15init_add_app(struct sc_card *card, struct sc_profile *profile,
pin_obj = sc_pkcs15init_new_object(SC_PKCS15_TYPE_AUTH_PIN, pin_label, NULL, &pin_ainfo);
if (pin_obj) {
/* When composing ACLs to create 'DIR' DF,
/* When composing ACLs to create 'DIR' DF,
* the references of the not-yet-existing PINs can be requested.
* For this, create a 'virtual' AUTH object 'SO PIN', accessible by the card specific part,
* but not yet written into the on-card PKCS#15.
*/
sc_log(ctx, "Add virtual SO_PIN('%s',flags:%X,reference:%i,path:'%s')", pin_obj->label,
sc_log(ctx, "Add virtual SO_PIN('%s',flags:%X,reference:%i,path:'%s')", pin_obj->label,
pin_attrs->flags, pin_attrs->reference, sc_print_path(&pin_ainfo.path));
r = sc_pkcs15_add_object(p15card, pin_obj);
LOG_TEST_RET(ctx, r, "Failed to add 'SOPIN' AUTH object");
@ -787,7 +787,7 @@ sc_pkcs15init_add_app(struct sc_card *card, struct sc_profile *profile,
#endif
if (pin_obj)
/* Remove 'virtual' AUTH object . */
/* Remove 'virtual' AUTH object . */
sc_pkcs15_remove_object(p15card, pin_obj);
if (r < 0)
@ -867,7 +867,7 @@ sc_pkcs15init_store_puk(struct sc_pkcs15_card *p15card,
LOG_FUNC_CALLED(ctx);
if (!args->puk_id.len)
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "PUK auth ID not supplied");
/* Make sure we don't get duplicate PIN IDs */
r = sc_pkcs15_find_pin_by_auth_id(p15card, &args->puk_id, NULL);
if (r != SC_ERROR_OBJECT_NOT_FOUND)
@ -975,7 +975,7 @@ sc_pkcs15init_store_pin(struct sc_pkcs15_card *p15card, struct sc_profile *profi
static int
sc_pkcs15init_create_pin(struct sc_pkcs15_card *p15card,
sc_pkcs15init_create_pin(struct sc_pkcs15_card *p15card,
struct sc_profile *profile,
struct sc_pkcs15_object *pin_obj,
struct sc_pkcs15init_pinargs *args)
@ -1028,7 +1028,7 @@ sc_pkcs15init_create_pin(struct sc_pkcs15_card *p15card,
if (args->puk_len == 0)
pin_attrs->flags |= SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED;
sc_log(ctx, "create PIN with reference:%X, flags:%X, path:%s",
sc_log(ctx, "create PIN with reference:%X, flags:%X, path:%s",
pin_attrs->reference, pin_attrs->flags, sc_print_path(&auth_info->path));
r = profile->ops->create_pin(profile, p15card,
df, pin_obj,
@ -1046,8 +1046,8 @@ sc_pkcs15init_create_pin(struct sc_pkcs15_card *p15card,
* Default function for creating a pin subdirectory
*/
int
sc_pkcs15_create_pin_domain(struct sc_profile *profile,
struct sc_pkcs15_card *p15card, const struct sc_pkcs15_id *id,
sc_pkcs15_create_pin_domain(struct sc_profile *profile,
struct sc_pkcs15_card *p15card, const struct sc_pkcs15_id *id,
struct sc_file **ret)
{
struct sc_context *ctx = p15card->card->ctx;
@ -1181,7 +1181,7 @@ sc_pkcs15init_init_prkdf(struct sc_pkcs15_card *p15card,
if (r == SC_ERROR_OBJECT_NOT_FOUND)
break;
if (r != 0)
if (r != 0)
/* Other error trying to retrieve pin obj */
LOG_TEST_RET(ctx, SC_ERROR_TOO_MANY_OBJECTS, "Failed to select key reference");
@ -1282,7 +1282,7 @@ sc_pkcs15init_generate_key(struct sc_pkcs15_card *p15card, struct sc_profile *pr
if (res_obj)
*res_obj = object;
sc_pkcs15_erase_pubkey(&pubkey_args.key);
profile->dirty = 1;
@ -1320,7 +1320,7 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card,
if (check_key_compatibility(p15card, &key, keyargs->x509_usage, keybits, 0)) {
/* Make sure the caller explicitly tells us to store
* the key as extractable. */
if (!(keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE))
if (!(keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE))
LOG_TEST_RET(ctx, SC_ERROR_INCOMPATIBLE_KEY, "Card does not support this key.");
}
@ -1393,21 +1393,21 @@ sc_pkcs15init_store_public_key(struct sc_pkcs15_card *p15card,
switch (key.algorithm) {
case SC_ALGORITHM_RSA:
keybits = sc_pkcs15init_keybits(&key.u.rsa.modulus);
type = SC_PKCS15_TYPE_PUBKEY_RSA;
type = SC_PKCS15_TYPE_PUBKEY_RSA;
break;
#ifdef SC_PKCS15_TYPE_PUBKEY_DSA
case SC_ALGORITHM_DSA:
keybits = sc_pkcs15init_keybits(&key.u.dsa.q);
type = SC_PKCS15_TYPE_PUBKEY_DSA;
type = SC_PKCS15_TYPE_PUBKEY_DSA;
break;
#endif
case SC_ALGORITHM_GOSTR3410:
keybits = SC_PKCS15_GOSTR3410_KEYSIZE;
type = SC_PKCS15_TYPE_PUBKEY_GOSTR3410;
type = SC_PKCS15_TYPE_PUBKEY_GOSTR3410;
break;
case SC_ALGORITHM_EC:
keybits = key.u.ec.params.field_length;
type = SC_PKCS15_TYPE_PUBKEY_EC;
type = SC_PKCS15_TYPE_PUBKEY_EC;
break;
default:
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Unsupported key algorithm.");
@ -1525,7 +1525,7 @@ sc_pkcs15init_store_certificate(struct sc_pkcs15_card *p15card,
cert_info->authority = args->authority;
sc_der_copy(&object->content, &args->der_encoded);
sc_log(ctx, "Store cert(%s,ID:%s,der(%p,%i))", object->label,
sc_log(ctx, "Store cert(%s,ID:%s,der(%p,%i))", object->label,
sc_pkcs15_print_id(&cert_info->id), args->der_encoded.value, args->der_encoded.len);
if (profile->pkcs15.direct_certificates)
sc_der_copy(&cert_info->value, &args->der_encoded);
@ -1537,7 +1537,7 @@ sc_pkcs15init_store_certificate(struct sc_pkcs15_card *p15card,
r = sc_pkcs15init_add_object(p15card, profile, SC_PKCS15_CDF, object);
/* TODO: update private key PKCS#15 object with the certificate's attributes */
}
if (r < 0)
sc_pkcs15_free_object(object);
@ -1573,7 +1573,7 @@ sc_pkcs15init_store_data_object(struct sc_pkcs15_card *p15card,
if (!args->id.len) {
/* Select an ID if the user didn't specify one, otherwise
* make sure it's unique (even though data objects doesn't
* have a pkcs15 id we need one here to create a unique
* have a pkcs15 id we need one here to create a unique
* file id from the data file template */
r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_DATA_OBJECT, objs, 32);
LOG_TEST_RET(ctx, r, "Get 'DATA' objects error");
@ -1628,8 +1628,8 @@ sc_pkcs15init_store_data_object(struct sc_pkcs15_card *p15card,
}
int
sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *p15card,
int
sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *p15card,
struct sc_profile *profile, unsigned auth_method, int reference)
{
struct sc_context *ctx = p15card->card->ctx;
@ -1646,14 +1646,14 @@ sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *p15card,
LOG_TEST_RET(ctx, r, "Get PKCS#15 AUTH objects error");
nn_objs = r;
sc_log(ctx, "found %i auth objects; looking for AUTH object(auth_method:%i,reference:%i)",
sc_log(ctx, "found %i auth objects; looking for AUTH object(auth_method:%i,reference:%i)",
nn_objs, auth_method, reference);
for (ii=0; ii<nn_objs; ii++) {
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)auth_objs[ii]->data;
struct sc_pkcs15_pin_attributes *pin_attrs = &auth_info->attrs.pin;
sc_log(ctx, "check PIN(%s,auth_method:%i,type:%i,reference:%i,flags:%X)",
auth_objs[ii]->label, auth_info->auth_method, pin_attrs->type,
sc_log(ctx, "check PIN(%s,auth_method:%i,type:%i,reference:%i,flags:%X)",
auth_objs[ii]->label, auth_info->auth_method, pin_attrs->type,
pin_attrs->reference, pin_attrs->flags);
/* Find out if there is AUTH pkcs15 object with given 'type' and 'reference' */
if (auth_info->auth_method == auth_method && pin_attrs->reference == reference)
@ -1662,7 +1662,7 @@ sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *p15card,
if (auth_method != SC_AC_SYMBOLIC)
continue;
/* Translate 'SYMBOLIC' PIN reference into the pkcs#15 pinAttributes.flags
/* Translate 'SYMBOLIC' PIN reference into the pkcs#15 pinAttributes.flags
* and check for the existing pkcs15 PIN object with these flags. */
switch (reference) {
case SC_PKCS15INIT_USER_PIN:
@ -1697,7 +1697,7 @@ sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *p15card,
}
/* 2. No existing pkcs15 PIN object
/* 2. No existing pkcs15 PIN object
* -- check if profile defines some PIN with 'reference' as PIN reference. */
r = sc_profile_get_pin_id_by_reference(profile, auth_method, reference, &auth_info);
if (r < 0)
@ -1740,7 +1740,7 @@ sc_pkcs15init_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *prof
LOG_TEST_RET(ctx, r, "Cannot delete file");
r = sc_pkcs15init_update_file(profile, p15card, file, data->value, data->len);
*path = file->path;
if (file)
@ -1802,7 +1802,7 @@ sc_pkcs15init_map_usage(unsigned long x509_usage, int _private)
/*
* Compute modulus length
*/
static size_t
static size_t
sc_pkcs15init_keybits(struct sc_pkcs15_bignum *bn)
{
unsigned int mask, bits;
@ -1819,20 +1819,20 @@ sc_pkcs15init_keybits(struct sc_pkcs15_bignum *bn)
/*
* Check consistency of the key parameters.
*/
static int
check_keygen_params_consistency(struct sc_card *card, struct sc_pkcs15init_keygen_args *params,
static int
check_keygen_params_consistency(struct sc_card *card, struct sc_pkcs15init_keygen_args *params,
unsigned int keybits, unsigned int *out_keybits)
{
struct sc_context *ctx = card->ctx;
unsigned int alg = params->prkey_args.key.algorithm;
unsigned int alg = params->prkey_args.key.algorithm;
int i, rv;
if (alg == SC_ALGORITHM_EC) {
struct sc_pkcs15_ec_parameters *ecparams = &params->prkey_args.params.ec;
rv = sc_pkcs15_fix_ec_parameters(ctx, ecparams);
LOG_TEST_RET(ctx, rv, "Cannot fix EC parameters");
sc_log(ctx, "EC parameters: %s", sc_dump_hex(ecparams->der.value, ecparams->der.len));
if (keybits)
keybits = ecparams->field_length;
@ -2031,14 +2031,14 @@ static struct sc_pkcs15_df *
find_df_by_type(struct sc_pkcs15_card *p15card, unsigned int type)
{
struct sc_pkcs15_df *df = p15card->df_list;
while (df != NULL && df->type != type)
df = df->next;
return df;
}
static int
static int
select_intrinsic_id(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
int type, struct sc_pkcs15_id *id, void *data)
{
@ -2092,7 +2092,7 @@ select_intrinsic_id(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
!pubkey->u.gostr3410.xy.data)
goto done;
/* In Mozilla 'GOST R 34.10' is not yet supported.
/* In Mozilla 'GOST R 34.10' is not yet supported.
* So, switch to the ID recommended by RFC2459 */
if (pubkey->algorithm == SC_ALGORITHM_GOSTR3410 && id_style == SC_PKCS15INIT_ID_STYLE_MOZILLA)
id_style = SC_PKCS15INIT_ID_STYLE_RFC2459;
@ -2138,7 +2138,7 @@ done:
}
static int
static int
select_id(struct sc_pkcs15_card *p15card, int type, struct sc_pkcs15_id *id)
{
struct sc_context *ctx = p15card->card->ctx;
@ -2190,7 +2190,7 @@ select_id(struct sc_pkcs15_card *p15card, int type, struct sc_pkcs15_id *id)
*id = unused_id;
LOG_FUNC_RETURN(ctx, 0);
}
LOG_FUNC_RETURN(ctx, SC_ERROR_TOO_MANY_OBJECTS);
}
@ -2218,7 +2218,7 @@ get_template_name_from_object (struct sc_pkcs15_object *obj)
case SC_PKCS15_TYPE_CERT:
return "certificate";
case SC_PKCS15_TYPE_DATA_OBJECT:
if (obj->flags & SC_PKCS15_CO_FLAG_PRIVATE)
if (obj->flags & SC_PKCS15_CO_FLAG_PRIVATE)
return "privdata";
else
return "data";
@ -2228,8 +2228,8 @@ get_template_name_from_object (struct sc_pkcs15_object *obj)
}
static int
get_object_path_from_object (struct sc_pkcs15_object *obj,
static int
get_object_path_from_object (struct sc_pkcs15_object *obj,
struct sc_path *ret_path)
{
if (!ret_path)
@ -2238,13 +2238,13 @@ get_object_path_from_object (struct sc_pkcs15_object *obj,
memset(ret_path, 0, sizeof(struct sc_path));
switch(obj->type & SC_PKCS15_TYPE_CLASS_MASK) {
case SC_PKCS15_TYPE_PRKEY:
case SC_PKCS15_TYPE_PRKEY:
*ret_path = ((struct sc_pkcs15_prkey_info *)obj->data)->path;
return SC_SUCCESS;
case SC_PKCS15_TYPE_PUBKEY:
case SC_PKCS15_TYPE_PUBKEY:
*ret_path = ((struct sc_pkcs15_pubkey_info *)obj->data)->path;
return SC_SUCCESS;
case SC_PKCS15_TYPE_CERT:
case SC_PKCS15_TYPE_CERT:
*ret_path = ((struct sc_pkcs15_cert_info *)obj->data)->path;
return SC_SUCCESS;
case SC_PKCS15_TYPE_DATA_OBJECT:
@ -2258,7 +2258,7 @@ get_object_path_from_object (struct sc_pkcs15_object *obj,
}
static int
static int
select_object_path(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *obj, struct sc_path *path)
{
@ -2277,13 +2277,13 @@ select_object_path(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
nn_objs = r;
/* For cards with a pin-domain profile, we need
* to put the key below the DF of the specified PIN
* to put the key below the DF of the specified PIN
*/
memset(path, 0, sizeof(*path));
if (obj->auth_id.len && profile->pin_domains != 0) {
r = sc_pkcs15init_get_pin_path(p15card, &obj->auth_id, path);
LOG_TEST_RET(ctx, r, "Cannot get PIN path");
}
}
else {
*path = profile->df_info->file->path;
}
@ -2299,13 +2299,13 @@ select_object_path(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
indx_id.len = 1;
for (indx = TEMPLATE_INSTANTIATE_MIN_INDEX; indx <= TEMPLATE_INSTANTIATE_MAX_INDEX; indx++) {
indx_id.value[0] = indx;
indx_id.value[0] = indx;
r = sc_profile_instantiate_template(profile, "key-domain", path, name, &indx_id, &file);
if (r == SC_ERROR_TEMPLATE_NOT_FOUND) {
/* No template in 'key-domain' -- try to instantiate the template-'object name'
* outside of the 'key-domain' scope. */
char t_name[0x40];
snprintf(t_name, sizeof(t_name), "template-%s", name);
sc_log(ctx, "get instance %i of '%s'", indx, t_name);
r = sc_profile_get_file_instance(profile, t_name, indx, &file);
@ -2345,7 +2345,7 @@ select_object_path(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
*path = file->path;
sc_file_free(file);
sc_log(ctx, "returns object path '%s'", sc_print_path(path));
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
@ -2487,7 +2487,7 @@ sc_pkcs15init_update_odf(struct sc_pkcs15_card *p15card,
* Update any PKCS15 DF file (except ODF and DIR)
*/
int
sc_pkcs15init_update_any_df(struct sc_pkcs15_card *p15card,
sc_pkcs15init_update_any_df(struct sc_pkcs15_card *p15card,
struct sc_profile *profile,
struct sc_pkcs15_df *df,
int is_new)
@ -2594,7 +2594,7 @@ sc_pkcs15init_add_object(struct sc_pkcs15_card *p15card, struct sc_profile *prof
}
struct sc_pkcs15_object *
struct sc_pkcs15_object *
sc_pkcs15init_new_object(int type, const char *label, struct sc_pkcs15_id *auth_id, void *data)
{
struct sc_pkcs15_object *object;
@ -2716,8 +2716,8 @@ sc_pkcs15init_change_attrib(struct sc_pkcs15_card *p15card, struct sc_profile *p
}
int
sc_pkcs15init_delete_object(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
int
sc_pkcs15init_delete_object(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *obj)
{
struct sc_context *ctx = p15card->card->ctx;
@ -2759,14 +2759,14 @@ sc_pkcs15init_delete_object(struct sc_pkcs15_card *p15card, struct sc_profile *p
if (stored_in_ef) {
r = sc_pkcs15init_delete_by_path(profile, p15card, &path);
LOG_TEST_RET(ctx, r, "Failed to delete object by path");
}
}
else if (profile->ops->delete_object != NULL) {
/* If there's a card-specific way to delete objects, use it. */
r = profile->ops->delete_object(profile, p15card, obj, &path);
LOG_TEST_RET(ctx, r, "Card specific delete object failed");
}
}
}
if (profile->ops->emu_update_any_df) {
r = profile->ops->emu_update_any_df(profile, p15card, SC_AC_OP_ERASE, obj);
LOG_TEST_RET(ctx, r, "'ERASE' update DF failed");
@ -2841,7 +2841,7 @@ sc_pkcs15init_update_certificate(struct sc_pkcs15_card *p15card,
struct sc_path tmp_path;
/* FCI of selected cert file do not contains ACLs.
* For the 'UPDATE' authentication use instead sc_file
* For the 'UPDATE' authentication use instead sc_file
* instantiated from card profile with default ACLs. */
sc_file_free(file);
@ -2956,11 +2956,11 @@ sc_pkcs15init_get_transport_key(struct sc_profile *profile, struct sc_pkcs15_car
int rv;
LOG_FUNC_CALLED(ctx);
data.method = type;
data.key_ref = reference;
data.len = sizeof(defbuf);
data.key_data = defbuf;
data.key_data = defbuf;
rv = sc_card_ctl(p15card->card, SC_CARDCTL_GET_DEFAULT_KEY, &data);
if (rv >= 0)
defsize = data.len;
@ -2975,7 +2975,7 @@ sc_pkcs15init_get_transport_key(struct sc_profile *profile, struct sc_pkcs15_car
memcpy(pinbuf, data.key_data, data.len);
*pinsize = data.len;
}
memset(&auth_info, 0, sizeof(auth_info));
auth_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
auth_info.auth_method = type;
@ -3054,8 +3054,8 @@ sc_pkcs15init_verify_secret(struct sc_profile *profile, struct sc_pkcs15_card *p
r = SC_ERROR_OBJECT_NOT_FOUND;
for (iter = tmp_path.len/2; iter >= 0 && r == SC_ERROR_OBJECT_NOT_FOUND; iter--, tmp_path.len -= 2)
r = sc_pkcs15_find_pin_by_type_and_reference(p15card,
tmp_path.len ? &tmp_path : NULL,
r = sc_pkcs15_find_pin_by_type_and_reference(p15card,
tmp_path.len ? &tmp_path : NULL,
type, reference, &pin_obj);
}
else {
@ -3095,7 +3095,7 @@ sc_pkcs15init_verify_secret(struct sc_profile *profile, struct sc_pkcs15_card *p
break;
}
if (r == SC_ERROR_OBJECT_NOT_FOUND) {
if (r == SC_ERROR_OBJECT_NOT_FOUND) {
if (p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD)
r = 0, use_pinpad = 1;
else
@ -3104,7 +3104,7 @@ sc_pkcs15init_verify_secret(struct sc_profile *profile, struct sc_pkcs15_card *p
LOG_TEST_RET(ctx, r, "Failed to get secret");
found:
found:
if (pin_obj) {
r = sc_pkcs15_verify_pin(p15card, pin_obj, pinsize ? pinbuf : NULL, pinsize);
LOG_TEST_RET(ctx, r, "Cannot validate pkcs15 PIN");
@ -3124,7 +3124,7 @@ found:
pin_cmd.pin_reference = reference;
pin_cmd.pin1.data = use_pinpad ? NULL : pinbuf;
pin_cmd.pin1.len = use_pinpad ? 0: pinsize;
r = sc_pin_cmd(p15card->card, &pin_cmd, NULL);
LOG_TEST_RET(ctx, r, "'VERIFY' pin cmd failed");
}
@ -3141,7 +3141,7 @@ found:
* info for that file in the profile file.
*
* In the latter case, there's a problem here if e.g. the SO PIN
* defined by the profile is optional, and hasn't been set.
* defined by the profile is optional, and hasn't been set.
* On the orther hands, some cards do not return access conditions
* in their response to SELECT FILE), so the latter case has been
* used in most cards while the first case was added much later.
@ -3192,7 +3192,7 @@ sc_pkcs15init_authenticate(struct sc_profile *profile, struct sc_pkcs15_card *p1
}
static int
static int
do_select_parent(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_file *file, struct sc_file **parent)
{
@ -3225,7 +3225,7 @@ do_select_parent(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
r = sc_select_file(p15card->card, &path, NULL);
LOG_TEST_RET(ctx, r, "Cannot select parent DF");
}
}
else if (r == SC_SUCCESS && !strcmp(p15card->card->name, "STARCOS SPK 2.3")) {
/* in case of starcos spk 2.3 SELECT FILE does not
* give us the ACLs => ask the profile */
@ -3277,8 +3277,8 @@ sc_pkcs15init_create_file(struct sc_profile *profile, struct sc_pkcs15_card *p15
int
sc_pkcs15init_update_file(struct sc_profile *profile,
struct sc_pkcs15_card *p15card, struct sc_file *file,
sc_pkcs15init_update_file(struct sc_profile *profile,
struct sc_pkcs15_card *p15card, struct sc_file *file,
void *data, unsigned int datalen)
{
struct sc_context *ctx = p15card->card->ctx;
@ -3300,20 +3300,20 @@ sc_pkcs15init_update_file(struct sc_profile *profile,
r = sc_pkcs15init_create_file(profile, p15card, file);
LOG_TEST_RET(ctx, r, "Failed to create file");
r = sc_select_file(p15card->card, &file->path, &selected_file);
LOG_TEST_RET(ctx, r, "Failed to select newly created file");
}
else {
LOG_TEST_RET(ctx, r, "Failed to select file");
}
}
if (selected_file->size < datalen) {
sc_log(ctx, "File %s too small (require %u, have %u)",
sc_log(ctx, "File %s too small (require %u, have %u)",
sc_print_path(&file->path), datalen, selected_file->size);
sc_file_free(selected_file);
LOG_TEST_RET(ctx, SC_ERROR_FILE_TOO_SMALL, "Update file failed");
}
}
else if (selected_file->size > datalen && need_to_zap) {
/* zero out the rest of the file - we may have shrunk
* the file contents */
@ -3371,11 +3371,11 @@ sc_pkcs15init_fixup_acls(struct sc_pkcs15_card *p15card, struct sc_file *file,
if (acl->key_ref == SC_PKCS15INIT_SO_PIN) {
acl = so_acl;
what = "SO PIN";
}
}
else if (acl->key_ref == SC_PKCS15INIT_USER_PIN) {
acl = user_acl;
what = "user PIN";
}
}
else {
sc_log(ctx, "ACL references unknown symbolic PIN %d", acl->key_ref);
return SC_ERROR_INVALID_ARGUMENTS;
@ -3390,7 +3390,7 @@ sc_pkcs15init_fixup_acls(struct sc_pkcs15_card *p15card, struct sc_file *file,
if (acl->method == SC_AC_NONE)
continue;
next:
next:
sc_file_add_acl_entry(file, op, acl->method, acl->key_ref);
added++;
}
@ -3406,7 +3406,7 @@ sc_pkcs15init_fixup_acls(struct sc_pkcs15_card *p15card, struct sc_file *file,
* Fix up all file ACLs
*/
int
sc_pkcs15init_fixup_file(struct sc_profile *profile,
sc_pkcs15init_fixup_file(struct sc_profile *profile,
struct sc_pkcs15_card *p15card, struct sc_file *file)
{
struct sc_context *ctx = profile->card->ctx;
@ -3434,7 +3434,7 @@ sc_pkcs15init_fixup_file(struct sc_profile *profile,
if (pin_ref < 0) {
so_acl.method = SC_AC_NONE;
so_acl.key_ref = 0;
}
}
else {
so_acl.method = SC_AC_CHV;
so_acl.key_ref = pin_ref;
@ -3444,12 +3444,12 @@ sc_pkcs15init_fixup_file(struct sc_profile *profile,
if (pin_ref < 0) {
user_acl.method = SC_AC_NONE;
user_acl.key_ref = 0;
}
}
else {
user_acl.method = SC_AC_CHV;
user_acl.key_ref = pin_ref;
}
sc_log(ctx, "so_acl(method:%X,ref:%X), user_acl(method:%X,ref:%X)",
sc_log(ctx, "so_acl(method:%X,ref:%X), user_acl(method:%X,ref:%X)",
so_acl.method, so_acl.key_ref, user_acl.method, user_acl.key_ref);
rv = sc_pkcs15init_fixup_acls(p15card, file, &so_acl, &user_acl);
@ -3508,7 +3508,7 @@ sc_pkcs15init_set_serial(struct sc_profile *profile, const char *serial)
/*
* Card specific sanity check procedure.
* Card specific sanity check procedure.
*/
int
sc_pkcs15init_sanity_check(struct sc_pkcs15_card *p15card, struct sc_profile *profile)
@ -3620,7 +3620,7 @@ sc_pkcs15init_parse_info(struct sc_card *card,
if ((p == NULL) || (len == 0))
return 0;
end = p + (len - 1);
end = p + (len - 1);
while (p < end) { /* more bytes to look at */
int r = 0;
@ -3663,7 +3663,7 @@ error:
}
static int
do_encode_string(unsigned char **memp, unsigned char *end,
do_encode_string(unsigned char **memp, unsigned char *end,
unsigned char tag, const char *s)
{
unsigned char *p = *memp;
@ -3683,7 +3683,7 @@ do_encode_string(unsigned char **memp, unsigned char *end,
static int
sc_pkcs15init_write_info(struct sc_pkcs15_card *p15card,
sc_pkcs15init_write_info(struct sc_pkcs15_card *p15card,
struct sc_profile *profile,
struct sc_pkcs15_object *pin_obj)
{

16
src/pkcs15init/pkcs15-miocos.c
View File

@ -107,7 +107,7 @@ miocos_update_private_key(struct sc_profile *profile, sc_card_t *card,
{
int r;
u8 buf[266];
memcpy(buf, "\x30\x82\x01\x06\x80\x81\x80", 7);
memcpy(buf + 7, rsa->modulus.data, 128);
memcpy(buf + 7 + 128, "\x82\x81\x80", 3);
@ -120,7 +120,7 @@ miocos_update_private_key(struct sc_profile *profile, sc_card_t *card,
/*
* Initialize the Application DF
*/
static int
static int
miocos_create_dir(struct sc_profile *profile, sc_pkcs15_card_t *p15card,
struct sc_file *df)
{
@ -142,7 +142,7 @@ miocos_select_pin_reference(struct sc_profile *profile, sc_pkcs15_card_t *p15car
return SC_ERROR_OBJECT_NOT_VALID;
if (auth_info->attrs.pin.reference < MIOCOS_PIN_ID_MIN)
auth_info->attrs.pin.reference = MIOCOS_PIN_ID_MIN;
auth_info->attrs.pin.reference = MIOCOS_PIN_ID_MIN;
return SC_SUCCESS;
}
@ -151,7 +151,7 @@ miocos_select_pin_reference(struct sc_profile *profile, sc_pkcs15_card_t *p15car
* Create new PIN
*/
static int
miocos_create_pin(struct sc_profile *profile, sc_pkcs15_card_t *p15card, struct sc_file *df,
miocos_create_pin(struct sc_profile *profile, sc_pkcs15_card_t *p15card, struct sc_file *df,
struct sc_pkcs15_object *pin_obj,
const u8 *pin, size_t pin_len,
const u8 *puk, size_t puk_len)
@ -165,7 +165,7 @@ miocos_create_pin(struct sc_profile *profile, sc_pkcs15_card_t *p15card, struct
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
/* Ignore SOPIN */
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
return SC_SUCCESS;
auth_info->path = profile->df_info->file->path;
@ -204,7 +204,7 @@ miocos_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
int r;
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "MioCOS supports only 1024-bit RSA keys.");
if (key_info->modulus_length != 1024)
@ -242,7 +242,7 @@ miocos_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
int r;
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
if (object->type != SC_PKCS15_TYPE_PRKEY_RSA
if (object->type != SC_PKCS15_TYPE_PRKEY_RSA
|| key->algorithm != SC_ALGORITHM_RSA)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "MioCOS supports only 1024-bit RSA keys.");
@ -273,7 +273,7 @@ static struct sc_pkcs15init_operations sc_pkcs15init_miocos_operations = {
miocos_create_pin,
NULL, /* select_key_reference */
miocos_create_key,
miocos_store_key,
miocos_store_key,
NULL, /* generate_key */
NULL, NULL, /* encode private/public key */
NULL, /* finalize_card */

38
src/pkcs15init/pkcs15-muscle.c
View File

@ -1,5 +1,5 @@
/*
* pkcs15-muscle.c: Support for MuscleCard Applet from musclecard.com
* pkcs15-muscle.c: Support for MuscleCard Applet from musclecard.com
*
* Copyright (C) 2006, Identity Alliance, Thomas Harning <support@identityalliance.com>
*
@ -81,7 +81,7 @@ muscle_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *d
if ((r = sc_select_file(p15card->card, &df->path, NULL)) < 0)
return r;
return 0;
}
@ -169,7 +169,7 @@ muscle_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
struct sc_pkcs15_prkey_rsa *rsa;
sc_cardctl_muscle_key_info_t info;
int r;
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Muscle supports RSA keys only.");
return SC_ERROR_NOT_SUPPORTED;
@ -189,24 +189,24 @@ muscle_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE,r);
}
rsa = &key->u.rsa;
info.keySize = rsa->modulus.len << 3;
info.keyType = 0x03; /* CRT type */
info.keyLocation = key_info->key_reference * 2; /* Mult by 2 to preserve even/odd keynumber structure */
info.pLength = rsa->p.len;
info.pValue = rsa->p.data;
info.qLength = rsa->q.len;
info.qValue = rsa->q.data;
info.pqLength = rsa->iqmp.len;
info.pqValue = rsa->iqmp.data;
info.dp1Length = rsa->dmp1.len;
info.dp1Value = rsa->dmp1.data;
info.dq1Length = rsa->dmq1.len;
info.dq1Value = rsa->dmq1.data;
r = sc_card_ctl(p15card->card, SC_CARDCTL_MUSCLE_IMPORT_KEY, &info);
if (r < 0) {
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unable to import key");
@ -227,7 +227,7 @@ muscle_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
sc_file_t* prkf;
unsigned int keybits;
int r;
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Muscle supports only RSA keys (for now).");
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_NOT_SUPPORTED);
@ -248,27 +248,27 @@ muscle_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_NOT_SUPPORTED);
}
sc_file_free(prkf);
/* END VERIFICATION STUFF */
/* Public key acls... get_file_by_path as well? */
memset(&args, 0, sizeof(args));
args.keyType = 0x01; /* RSA forced */
args.privateKeyLocation = key_info->key_reference * 2;
args.publicKeyLocation = key_info->key_reference * 2 + 1;
args.keySize = keybits;
r = sc_card_ctl(card, SC_CARDCTL_MUSCLE_GENERATE_KEY, &args);
if (r < 0) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unable to generate key");
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,r);
}
memset(&extArgs, 0, sizeof(extArgs));
memset(pubkey, 0, sizeof(*pubkey));
extArgs.keyType = 0x01;
extArgs.keyLocation = args.publicKeyLocation;
r = sc_card_ctl(card, SC_CARDCTL_MUSCLE_EXTRACT_KEY, &extArgs);
@ -276,20 +276,20 @@ muscle_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unable to extract the public key");
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,r);
}
pubkey->algorithm = SC_ALGORITHM_RSA;
pubkey->u.rsa.modulus.len = extArgs.modLength;
pubkey->u.rsa.modulus.data = extArgs.modValue;
pubkey->u.rsa.exponent.len = extArgs.expLength;
pubkey->u.rsa.exponent.data = extArgs.expValue;
if (r < 0) {
if (pubkey->u.rsa.modulus.data)
free (pubkey->u.rsa.modulus.data);
if (pubkey->u.rsa.exponent.data)
free (pubkey->u.rsa.exponent.data);
}
return r;
return r;
}

106
src/pkcs15init/pkcs15-myeid.c
View File

@ -39,8 +39,8 @@ unsigned char MYEID_DEFAULT_PUBKEY[] = {0x01, 0x00, 0x01};
#define MYEID_DEFAULT_PUBKEY_LEN sizeof(MYEID_DEFAULT_PUBKEY)
/* For Myeid, all objects are files that can be deleted in any order */
static int
myeid_delete_object(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
static int
myeid_delete_object(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *object, const struct sc_path *path)
{
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
@ -53,19 +53,19 @@ myeid_delete_object(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
* using the ACLs defined in card profile.
*/
static int
myeid_get_init_applet_data(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
myeid_get_init_applet_data(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
unsigned char *data, size_t data_len)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_file *tmp_file = NULL;
const struct sc_acl_entry *entry = NULL;
int r;
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
if (data_len < 8)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_BUFFER_TOO_SMALL, "Cannot get init applet data");
*(data + 0) = 0xFF;
*(data + 1) = 0xFF;
@ -130,7 +130,7 @@ myeid_get_init_applet_data(struct sc_profile *profile, struct sc_pkcs15_card *p1
/*
* Erase the card.
*/
static int
static int
myeid_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
{
struct sc_context *ctx = p15card->card->ctx;
@ -138,7 +138,7 @@ myeid_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
struct sc_file *mf = NULL;
unsigned char data[8];
int r;
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
r = myeid_get_init_applet_data(profile, p15card, data, sizeof(data));
@ -152,7 +152,7 @@ myeid_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
if (mf->status == SC_FILE_STATUS_ACTIVATED)
r = sc_pkcs15init_authenticate(profile, p15card, mf, SC_AC_OP_DELETE);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "'DELETE' authentication failed on MF");
data_obj.P1 = 0x01;
data_obj.P2 = 0xE0;
data_obj.Data = data;
@ -163,8 +163,8 @@ myeid_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r);
}
static int
myeid_init_card(sc_profile_t *profile,
static int
myeid_init_card(sc_profile_t *profile,
sc_pkcs15_card_t *p15card)
{
struct sc_path path;
@ -180,15 +180,15 @@ myeid_init_card(sc_profile_t *profile,
if (file)
sc_file_free(file);
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r);
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r);
}
/*
* Create a DF
*/
static int
static int
myeid_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df)
{
struct sc_context *ctx = p15card->card->ctx;
@ -202,7 +202,7 @@ myeid_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df
"PKCS15-DODF",
NULL
};
static const int create_dfs_val[] = {
SC_PKCS15_PRKDF,
SC_PKCS15_PUKDF,
@ -210,7 +210,7 @@ myeid_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df
SC_PKCS15_CDF_TRUSTED,
SC_PKCS15_DODF
};
if (!profile || !p15card || !df)
return SC_ERROR_INVALID_ARGUMENTS;
@ -244,7 +244,7 @@ myeid_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df
/*
* Select the PIN reference
*/
static int
static int
myeid_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
sc_pkcs15_auth_info_t *auth_info)
{
@ -257,11 +257,11 @@ myeid_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
{
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
"PIN_FLAG_SO_PIN, ref (%d), tries_left (%d)",
auth_info->attrs.pin.reference, auth_info->tries_left);
auth_info->attrs.pin.reference, auth_info->tries_left);
}
else
else
{
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
"PIN_FLAG_PIN, ref (%d), tries_left (%d)",
auth_info->attrs.pin.reference, auth_info->tries_left);
@ -269,14 +269,14 @@ myeid_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
if (auth_info->attrs.pin.reference <= 0 || auth_info->attrs.pin.reference > MYEID_MAX_PINS)
auth_info->attrs.pin.reference = 1;
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, 0);
}
/*
* Create a new PIN
*/
static int
static int
myeid_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_file *df, struct sc_pkcs15_object *pin_obj,
const unsigned char *pin, size_t pin_len,
@ -300,15 +300,15 @@ myeid_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
if (pin == NULL || puk == NULL || pin_len < 4 || puk_len < 4)
return SC_ERROR_INVALID_PIN_LENGTH;
sc_profile_get_pin_info(profile, (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
? SC_PKCS15INIT_SO_PUK : SC_PKCS15INIT_USER_PUK,
sc_profile_get_pin_info(profile, (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
? SC_PKCS15INIT_SO_PUK : SC_PKCS15INIT_USER_PUK,
&puk_ainfo);
memset(data, 0, sizeof(data));
/* Make command to add a pin-record */
data_obj.P1 = 0x01;
data_obj.P2 = auth_info->attrs.pin.reference; /* myeid pin number */
memset(data, auth_info->attrs.pin.pad_char, 8);
memcpy(&data[0], (u8 *)pin, pin_len); /* copy pin */
@ -341,9 +341,9 @@ myeid_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
* Setup file struct & path: get correct template from the profile, construct full path
* num = number of objects of this type already on the card
*/
static int
static int
myeid_new_file(sc_profile_t *profile, sc_card_t *card,
unsigned int type, unsigned int num,
unsigned int type, unsigned int num,
sc_file_t **out)
{
sc_file_t *file;
@ -361,7 +361,7 @@ myeid_new_file(sc_profile_t *profile, sc_card_t *card,
tag = "certificate";
else if ((type & SC_PKCS15_TYPE_CLASS_MASK) == SC_PKCS15_TYPE_DATA_OBJECT)
tag = "data";
else
else
{
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported file type");
return SC_ERROR_INVALID_ARGUMENTS;
@ -369,7 +369,7 @@ myeid_new_file(sc_profile_t *profile, sc_card_t *card,
/* Get template from profile */
snprintf(name, sizeof(name), "template-%s", tag);
if (sc_profile_get_file(profile, name, &file) < 0)
if (sc_profile_get_file(profile, name, &file) < 0)
{
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Profile doesn't define %s", name);
return SC_ERROR_NOT_SUPPORTED;
@ -384,7 +384,7 @@ myeid_new_file(sc_profile_t *profile, sc_card_t *card,
/* Increment FID until there's no file with such path */
r = sc_select_file(card, p, NULL);
while(r == 0)
while(r == 0)
{
file->id++;
p->value[p->len - 2] = (u8) (file->id / 256);
@ -397,18 +397,18 @@ myeid_new_file(sc_profile_t *profile, sc_card_t *card,
}
static int
static int
myeid_encode_private_key(sc_profile_t *profile, sc_card_t *card,
struct sc_pkcs15_prkey_rsa *rsa, u8 *key,
struct sc_pkcs15_prkey_rsa *rsa, u8 *key,
size_t *keysize, int key_ref)
{
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0);
}
static int
myeid_encode_public_key(sc_profile_t *profile, sc_card_t *card,
struct sc_pkcs15_prkey_rsa *rsa, u8 *key,
static int
myeid_encode_public_key(sc_profile_t *profile, sc_card_t *card,
struct sc_pkcs15_prkey_rsa *rsa, u8 *key,
size_t *keysize, int key_ref)
{
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
@ -426,7 +426,7 @@ static int myeid_generate_key(sc_profile_t *profile, sc_card_t *card,
sc_pkcs15_pubkey_t *pubkey,
struct sc_pkcs15_prkey_info *info)
{
return myeid_generate_store_key(profile, card, index, keybits,
return myeid_generate_store_key(profile, card, index, keybits,
pubkey, NULL, info);
}
@ -437,7 +437,7 @@ static int myeid_new_key(sc_profile_t *profile, sc_card_t *card,
struct sc_pkcs15_prkey *key, unsigned int index,
struct sc_pkcs15_prkey_info *info)
{
return myeid_generate_store_key(profile, card, index,
return myeid_generate_store_key(profile, card, index,
key->u.rsa.modulus.len * 8, NULL, key, info);
}
@ -460,13 +460,13 @@ static int myeid_generate_store_key(sc_profile_t *profile, sc_card_t *card,
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
/* Parameter check */
if ( (keybits < 1024) || (keybits > 2048) || (keybits & 0X7)) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
"Unsupported key size [%u]: 1024-2048 bit + 8-multiple\n", keybits);
return SC_ERROR_INVALID_ARGUMENTS;
}
/* Get the private key file */
r = myeid_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, index, &prkf);
r = myeid_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, index, &prkf);
if (r < 0)
goto done;
@ -482,13 +482,13 @@ static int myeid_generate_store_key(sc_profile_t *profile, sc_card_t *card,
/* Fill in data structure */
memset(&args, 0, sizeof(args));
args.mod_len = keybits;
if (prkey == NULL)
if (prkey == NULL)
{
args.op_type = OP_TYPE_GENERATE;
args.pubexp_len = MYEID_DEFAULT_PUBKEY_LEN;
args.pubexp = MYEID_DEFAULT_PUBKEY;
}
else
else
{
args.op_type = OP_TYPE_STORE;
args.pubexp_len = prkey->u.rsa.exponent.len;
@ -506,14 +506,14 @@ static int myeid_generate_store_key(sc_profile_t *profile, sc_card_t *card,
args.invq = prkey->u.rsa.iqmp.data;
args.mod_len = prkey->u.rsa.modulus.len;
args.mod = prkey->u.rsa.modulus.data;
args.mod = prkey->u.rsa.modulus.data;
}
/* Authenticate */
r = sc_pkcs15init_authenticate(profile, card, prkf, SC_AC_OP_UPDATE);
if (r < 0)
if (r < 0)
goto done;
/* Generate/store rsa key */
r = sc_card_ctl(card, SC_CARDCTL_MYEID_GENERATE_KEY, &args);
if (r < 0)
@ -561,7 +561,7 @@ myeid_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
memcpy(&key_info->path.value, &file->path.value, file->path.len);
key_info->key_reference = file->path.value[file->path.len - 1] & 0xFF;
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Path of MyEID private key file to create %s",
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Path of MyEID private key file to create %s",
sc_print_path(&file->path));
/* Now create the key file */
@ -578,7 +578,7 @@ myeid_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
*/
static int
myeid_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *object,
struct sc_pkcs15_object *object,
struct sc_pkcs15_prkey *prkey)
{
struct sc_context *ctx = p15card->card->ctx;
@ -596,16 +596,16 @@ myeid_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
if (sc_card_find_rsa_alg(p15card->card, keybits) == NULL)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size");
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store MyEID key with ID:%s and path:%s",
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store MyEID key with ID:%s and path:%s",
sc_pkcs15_print_id(&key_info->id), sc_print_path(&key_info->path));
r = sc_select_file(card, &key_info->path, &file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store MyEID key: select key file failed");
r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to store MyEID private key");
if (file)
if (file)
sc_file_free(file);
/* Fill in data structure */
@ -627,7 +627,7 @@ myeid_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
args.invq = prkey->u.rsa.iqmp.data;
args.mod_len = prkey->u.rsa.modulus.len;
args.mod = prkey->u.rsa.modulus.data;
args.mod = prkey->u.rsa.modulus.data;
/* Store RSA key */
r = sc_card_ctl(card, SC_CARDCTL_MYEID_GENERATE_STORE_KEY, &args);
@ -639,7 +639,7 @@ myeid_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
static int
myeid_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *object,
struct sc_pkcs15_object *object,
struct sc_pkcs15_pubkey *pubkey)
{
struct sc_context *ctx = p15card->card->ctx;
@ -659,12 +659,12 @@ myeid_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
if (sc_card_find_rsa_alg(p15card->card, keybits) == NULL)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size");
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store MyEID key with ID:%s and path:%s",
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store MyEID key with ID:%s and path:%s",
sc_pkcs15_print_id(&key_info->id), sc_print_path(&key_info->path));
r = sc_select_file(card, &key_info->path, &file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store MyEID key: select key file failed");
r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_GENERATE);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to generate MyEID private key");
@ -709,7 +709,7 @@ myeid_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
memcpy (pubkey->u.rsa.modulus.data, raw_pubkey, pubkey->u.rsa.modulus.len);
}
if (file)
if (file)
sc_file_free(file);
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);

434
src/pkcs15init/pkcs15-oberthur-awp.c
View File

File diff suppressed because it is too large Load Diff

132
src/pkcs15init/pkcs15-oberthur.c
View File

@ -59,8 +59,8 @@ static int cosm_update_pin(struct sc_profile *, struct sc_pkcs15_card *,
struct sc_pkcs15_auth_info *, const unsigned char *, size_t,
const unsigned char *, size_t);
static int
cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile,
static int
cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile,
char *label, unsigned flags)
{
struct sc_context *ctx = p15card->card->ctx;
@ -71,7 +71,7 @@ cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile
if (!p15card || !profile)
return SC_ERROR_INVALID_ARGUMENTS;
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "cosm_write_tokeninfo() label '%s'; flags 0x%X", label, flags);
if (sc_profile_get_file(profile, COSM_TITLE"-token-info", &file))
@ -79,12 +79,12 @@ cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile
if (file->size < 16)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "Unsufficient size of the "COSM_TITLE"-token-info file");
buffer = calloc(1, file->size);
if (!buffer)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "Allocation error in cosm_write_tokeninfo()");
if (label)
if (label)
strncpy(buffer, label, file->size - 4);
else if (p15card->tokeninfo->label)
snprintf(buffer, file->size - 4, "%s", p15card->tokeninfo->label);
@ -93,7 +93,7 @@ cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile
else
snprintf(buffer, file->size - 4, "OpenSC-Token");
sz = strlen(buffer);
sz = strlen(buffer);
if (sz < file->size - 4)
memset(buffer + sz, ' ', file->size - sz);
@ -112,7 +112,7 @@ cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile
}
int
int
cosm_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_file *df)
{
@ -127,7 +127,7 @@ cosm_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
rv = sc_pkcs15init_authenticate(profile, p15card, df, SC_AC_OP_DELETE);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot authenticate SC_AC_OP_DELETE");
}
/* Select the parent DF */
path = df->path;
path.len -= 2;
@ -154,7 +154,7 @@ cosm_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
/*
* Erase the card
*/
static int
static int
cosm_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
{
struct sc_context *ctx = p15card->card->ctx;
@ -166,7 +166,7 @@ cosm_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
* against other applications that use this file, but
* extremely useful for testing :)
* Note we need to delete if before the DF because we create
* it *after* the DF.
* it *after* the DF.
* */
if (sc_profile_get_file(profile, "DIR", &dir) >= 0) {
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "erase file dir %04X",dir->id);
@ -186,7 +186,7 @@ cosm_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
if (rv < 0 && rv != SC_ERROR_FILE_NOT_FOUND)
goto done;
}
if (sc_profile_get_file(profile, "public-DF", &dir) >= 0) {
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "erase file dir %04X",dir->id);
rv = cosm_delete_file(p15card, profile, dir);
@ -203,7 +203,7 @@ cosm_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
}
sc_free_apps(p15card->card);
done:
done:
if (rv == SC_ERROR_FILE_NOT_FOUND)
rv = 0;
@ -212,7 +212,7 @@ done:
static int
cosm_create_dir(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
cosm_create_dir(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_file *df)
{
struct sc_context *ctx = p15card->card->ctx;
@ -242,7 +242,7 @@ cosm_create_dir(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
#if 0
#if 0
rv = sc_pkcs15init_create_file(profile, p15card, df);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to create DIR DF");
#endif
@ -253,7 +253,7 @@ cosm_create_dir(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Inconsistent profile: cannot find %s", create_dfs[ii]);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "Profile do not contains Oberthur AWP file");
}
rv = sc_pkcs15init_create_file(profile, p15card, file);
sc_file_free(file);
if (rv != SC_ERROR_FILE_ALREADY_EXISTS)
@ -267,10 +267,10 @@ cosm_create_dir(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
}
static int
static int
cosm_create_reference_data(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_auth_info *ainfo,
const unsigned char *pin, size_t pin_len,
struct sc_pkcs15_auth_info *ainfo,
const unsigned char *pin, size_t pin_len,
const unsigned char *puk, size_t puk_len )
{
struct sc_context *ctx = p15card->card->ctx;
@ -291,7 +291,7 @@ cosm_create_reference_data(struct sc_profile *profile, struct sc_pkcs15_card *p1
if (puk && !puk_len)
return SC_ERROR_INVALID_ARGUMENTS;
if (ainfo->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
return SC_ERROR_OBJECT_NOT_VALID;
return SC_ERROR_OBJECT_NOT_VALID;
rv = sc_select_file(card, &ainfo->path, NULL);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot select file");
@ -320,7 +320,7 @@ cosm_create_reference_data(struct sc_profile *profile, struct sc_pkcs15_card *p1
rv = sc_card_ctl(card, SC_CARDCTL_OBERTHUR_CREATE_PIN, &args);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "'CREATE_PIN' card specific command failed");
if (!(ainfo->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
if (!(ainfo->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
&& (profile_auth_puk.tries_left > 0)) {
struct sc_file *file = NULL;
@ -336,7 +336,7 @@ cosm_create_reference_data(struct sc_profile *profile, struct sc_pkcs15_card *p1
if (puk_buff)
free(puk_buff);
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv);
}
@ -344,17 +344,17 @@ cosm_create_reference_data(struct sc_profile *profile, struct sc_pkcs15_card *p1
/*
* Update PIN
*/
static int
static int
cosm_update_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_auth_info *ainfo, const unsigned char *pin, size_t pin_len,
const unsigned char *puk, size_t puk_len )
{
struct sc_context *ctx = p15card->card->ctx;
int rv;
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
if (ainfo->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
return SC_ERROR_OBJECT_NOT_VALID;
return SC_ERROR_OBJECT_NOT_VALID;
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "ref %i; flags 0x%X", ainfo->attrs.pin.reference, ainfo->attrs.pin.flags);
@ -369,7 +369,7 @@ cosm_update_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "cosm_update_pin() failed to change PIN");
rv = cosm_write_tokeninfo(p15card, profile, NULL,
COSM_TOKEN_FLAG_TOKEN_INITIALIZED
COSM_TOKEN_FLAG_TOKEN_INITIALIZED
| COSM_TOKEN_FLAG_PRN_GENERATION
| COSM_TOKEN_FLAG_LOGIN_REQUIRED
| COSM_TOKEN_FLAG_USER_PIN_INITIALIZED);
@ -382,7 +382,7 @@ cosm_update_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
static int
cosm_select_pin_reference(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_auth_info *auth_info)
struct sc_pkcs15_auth_info *auth_info)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_pkcs15_pin_attributes *pin_attrs;
@ -404,13 +404,13 @@ cosm_select_pin_reference(struct sc_profile *profile, struct sc_pkcs15_card *p15
auth_info->path = pinfile->path;
sc_file_free(pinfile);
if (pin_attrs->reference <= 0) {
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
pin_attrs->reference = 4;
else if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
pin_attrs->reference = 4;
else
pin_attrs->reference = 4;
else
pin_attrs->reference = 1;
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_LOCAL)
@ -425,7 +425,7 @@ cosm_select_pin_reference(struct sc_profile *profile, struct sc_pkcs15_card *p15
* Store a PIN
*/
static int
cosm_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
cosm_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_file *df, struct sc_pkcs15_object *pin_obj,
const unsigned char *pin, size_t pin_len,
const unsigned char *puk, size_t puk_len)
@ -450,19 +450,19 @@ cosm_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
auth_info->path = pin_file->path;
sc_file_free(pin_file);
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) {
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "SOPIN unblocking is not supported");
}
else {
if (pin_attrs->reference != 4)
if (pin_attrs->reference != 4)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "Invalid SOPIN reference");
}
}
}
else {
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) {
if (pin_attrs->reference != 0x84)
if (pin_attrs->reference != 0x84)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "Invalid User PUK reference");
}
else {
@ -527,7 +527,7 @@ cosm_new_file(struct sc_profile *profile, struct sc_card *card,
* the generic class (SC_PKCS15_TYPE_CERT)
*/
if (!(type & ~SC_PKCS15_TYPE_CLASS_MASK)) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File type %X not supported by card driver",
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File type %X not supported by card driver",
type);
return SC_ERROR_INVALID_ARGUMENTS;
}
@ -540,14 +540,14 @@ cosm_new_file(struct sc_profile *profile, struct sc_card *card,
desc, _template);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED);
}
file->id |= (num & 0xFF);
file->path.value[file->path.len-1] |= (num & 0xFF);
if (file->type == SC_FILE_TYPE_INTERNAL_EF) {
file->ef_structure = structure;
}
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "cosm_new_file() file size %i; ef type %i/%i; id %04X",file->size,
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "cosm_new_file() file size %i; ef type %i/%i; id %04X",file->size,
file->type, file->ef_structure, file->id);
*out = file;
@ -599,7 +599,7 @@ cosm_get_temporary_public_key_file(struct sc_card *card,
static int
cosm_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *object,
struct sc_pkcs15_object *object,
struct sc_pkcs15_pubkey *pubkey)
{
struct sc_context *ctx = p15card->card->ctx;
@ -619,25 +619,25 @@ cosm_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
rv = sc_select_file(p15card->card, &path, &tmpf);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot generate key: failed to select private object DF");
rv = sc_pkcs15init_authenticate(profile, p15card, tmpf, SC_AC_OP_CRYPTO);
rv = sc_pkcs15init_authenticate(profile, p15card, tmpf, SC_AC_OP_CRYPTO);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot generate key: 'CRYPTO' authentication failed");
rv = sc_pkcs15init_authenticate(profile, p15card, tmpf, SC_AC_OP_CREATE);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot generate key: 'CREATE' authentication failed");
sc_file_free(tmpf);
rv = sc_select_file(p15card->card, &key_info->path, &prkf);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to generate key: cannot select private key file");
/* In the private key DF create the temporary public RSA file. */
rv = cosm_get_temporary_public_key_file(p15card->card, prkf, &tmpf);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Error while getting temporary public key file");
rv = sc_pkcs15init_create_file(profile, p15card, tmpf);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "cosm_generate_key() failed to create temporary public key EF");
memset(&args, 0, sizeof(args));
args.id_prv = prkf->id;
args.id_pub = tmpf->id;
@ -647,31 +647,31 @@ cosm_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
args.pubkey = malloc(key_info->modulus_length / 8);
if (!args.pubkey)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "cosm_generate_key() cannot allocate pubkey");
rv = sc_card_ctl(p15card->card, SC_CARDCTL_OBERTHUR_GENERATE_KEY, &args);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "cosm_generate_key() CARDCTL_OBERTHUR_GENERATE_KEY failed");
/* extract public key */
pubkey->algorithm = SC_ALGORITHM_RSA;
pubkey->u.rsa.modulus.len = key_info->modulus_length / 8;
pubkey->u.rsa.modulus.data = malloc(key_info->modulus_length / 8);
if (!pubkey->u.rsa.modulus.data)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "cosm_generate_key() cannot allocate modulus buf");
/* FIXME and if the exponent length is not 3? */
pubkey->u.rsa.exponent.len = 3;
pubkey->u.rsa.exponent.data = malloc(3);
if (!pubkey->u.rsa.exponent.data)
if (!pubkey->u.rsa.exponent.data)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "cosm_generate_key() cannot allocate exponent buf");
memcpy(pubkey->u.rsa.exponent.data, "\x01\x00\x01", 3);
memcpy(pubkey->u.rsa.modulus.data, args.pubkey, args.pubkey_len);
key_info->key_reference = prkf->path.value[prkf->path.len - 1] & 0xFF;
key_info->path = prkf->path;
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "cosm_generate_key() now delete temporary public key");
rv = cosm_delete_file(p15card, profile, tmpf);
sc_file_free(tmpf);
sc_file_free(prkf);
@ -703,7 +703,7 @@ cosm_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
file->size = key_info->modulus_length;
memcpy(&file->path, &key_info->path, sizeof(file->path));
file->id = file->path.value[file->path.len - 2] * 0x100
file->id = file->path.value[file->path.len - 2] * 0x100
+ file->path.value[file->path.len - 1];
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Path of private key file to create %s", sc_print_path(&file->path));
@ -716,7 +716,7 @@ cosm_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
else if (rv != SC_ERROR_FILE_NOT_FOUND) {
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Select private key file error");
}
rv = sc_pkcs15init_create_file(profile, p15card, file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to create private key file");
@ -733,7 +733,7 @@ cosm_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
*/
static int
cosm_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *object,
struct sc_pkcs15_object *object,
struct sc_pkcs15_prkey *prkey)
{
struct sc_context *ctx = p15card->card->ctx;
@ -751,24 +751,24 @@ cosm_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
rv = sc_select_file(p15card->card, &key_info->path, &file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot store key: select key file failed");
rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "No authorisation to store private key");
if (key_info->id.len > sizeof(update_info.id))
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS);
memset(&update_info, 0, sizeof(update_info));
update_info.type = SC_CARDCTL_OBERTHUR_KEY_RSA_CRT;
update_info.data = (void *)&prkey->u.rsa;
update_info.data_len = sizeof(void *);
update_info.id_len = key_info->id.len;
memcpy(update_info.id, key_info->id.value, update_info.id_len);
rv = sc_card_ctl(p15card->card, SC_CARDCTL_OBERTHUR_UPDATE_KEY, &update_info);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot update private key");
if (file)
if (file)
sc_file_free(file);
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv);
@ -809,7 +809,7 @@ cosm_emu_update_any_df(struct sc_profile *profile, struct sc_pkcs15_card *p15car
}
static int
static int
cosm_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_tokeninfo *tinfo)
{
@ -819,14 +819,14 @@ cosm_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card *p15
unsigned char *buf = NULL;
SC_FUNC_CALLED(ctx, 1);
if (sc_profile_get_file(profile, COSM_TITLE"-token-info", &file))
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "cannot find "COSM_TITLE"-token-info");
buf = calloc(1, file->size);
if (!buf)
SC_FUNC_RETURN(ctx, 1, SC_ERROR_OUT_OF_MEMORY);
label_len = strlen(tinfo->label) > (file->size - 4) ? (file->size - 4) : strlen(tinfo->label);
memcpy(buf, tinfo->label, label_len);
memset(buf + label_len, ' ', file->size - 4 - label_len);
@ -864,7 +864,7 @@ cosm_emu_write_info(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
}
static struct sc_pkcs15init_operations
static struct sc_pkcs15init_operations
sc_pkcs15init_oberthur_operations = {
cosm_erase_card,
NULL, /* init_card */
@ -876,7 +876,7 @@ sc_pkcs15init_oberthur_operations = {
cosm_create_key, /* create_key */
cosm_store_key, /* store_key */
cosm_generate_key, /* generate_key */
NULL,
NULL,
NULL, /* encode private/public key */
NULL, /* finalize_card */
NULL, /* delete_object */
@ -895,6 +895,6 @@ sc_pkcs15init_oberthur_operations = {
struct sc_pkcs15init_operations *
sc_pkcs15init_get_oberthur_ops(void)
{
{
return &sc_pkcs15init_oberthur_operations;
}

2
src/pkcs15init/pkcs15-oberthur.h
View File

@ -7,7 +7,7 @@
#include <string.h>
#include "config.h"
#ifdef ENABLE_OPENSSL
#include <openssl/bn.h>
#include <openssl/evp.h>

2
src/pkcs15init/pkcs15-rtecp.c
View File

@ -180,7 +180,7 @@ static int rtecp_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
int r, reset_by_sopin = 0;
(void)puk; /* no warning */
if (!profile || !p15card || !p15card->card || !p15card->card->ctx || !df
if (!profile || !p15card || !p15card->card || !p15card->card->ctx || !df
|| !pin_obj || !pin_obj->data || !pin || !pin_len)
return SC_ERROR_INVALID_ARGUMENTS;

8
src/pkcs15init/pkcs15-rutoken.c
View File

@ -2,7 +2,7 @@
* Rutoken S specific operation for PKCS15 initialization
*
* Copyright (C) 2007 Pavel Mironchik <rutoken@rutoken.ru>
* Copyright (C) 2007 Eugene Hermann <rutoken@rutoken.ru>
* Copyright (C) 2007 Eugene Hermann <rutoken@rutoken.ru>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@ -80,7 +80,7 @@ static const struct
* Create a DF
*/
static int
rutoken_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
rutoken_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
sc_file_t *df)
{
if (!profile || !p15card || !p15card->card || !p15card->card->ctx || !df)
@ -195,7 +195,7 @@ static int create_pins(sc_card_t *card)
/* assert(do_pins[i].p_sattr != NULL); */
/* assert(sizeof(*param_do.HDR.SA_V2)) */
/* assert(sizeof(param_do.HDR.SA_V2) == sizeof(*do_pins[i].p_sattr)); */
memcpy(param_do.HDR.SA_V2, *do_pins[i].p_sattr,
memcpy(param_do.HDR.SA_V2, *do_pins[i].p_sattr,
sizeof(*do_pins[i].p_sattr));
/* assert(do_pins[i].pass); */
/* assert(sizeof(*param_do.abyDOBody)) */
@ -245,7 +245,7 @@ static int create_typical_fs(sc_card_t *card)
if (r != SC_SUCCESS) break;
/* VERIFY USER PIN */
r = sc_verify(card, SC_AC_CHV, do_pins[0].id,
r = sc_verify(card, SC_AC_CHV, do_pins[0].id,
do_pins[0].pass, sizeof(do_pins[0].pass), NULL);
if (r != SC_SUCCESS) break;

38
src/pkcs15init/pkcs15-setcos.c
View File

@ -39,7 +39,7 @@ static int setcos_create_pin_internal(sc_profile_t *, sc_pkcs15_card_t *,
int, sc_pkcs15_auth_info_t *, const u8 *, size_t, const u8 *, size_t);
static int
static int
setcos_puk_retries(sc_profile_t *profile, int pin_ref)
{
sc_pkcs15_auth_info_t auth_info;
@ -52,7 +52,7 @@ setcos_puk_retries(sc_profile_t *profile, int pin_ref)
sc_profile_get_pin_info(profile,
pin_ref == auth_info.attrs.pin.reference ? SC_PKCS15INIT_SO_PUK : SC_PKCS15INIT_USER_PUK,
&auth_info);
if ((auth_info.tries_left < 0) || (auth_info.tries_left > 15))
return 3; /* Little extra safety */
return auth_info.tries_left;
@ -106,7 +106,7 @@ setcos_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
/* Fix up the file's ACLs */
r = sc_pkcs15init_fixup_file(profile, p15card, mf);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "MF fixup failed");
mf->status = SC_FILE_STATUS_CREATION;
r = sc_create_file(p15card->card, mf);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "MF creation failed");
@ -134,7 +134,7 @@ setcos_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
sc_file_free(pinfile);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Select pinfile failed");
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
}
/*
@ -154,7 +154,7 @@ setcos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *d
r = sc_create_file(p15card->card, df);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "SetCOS create file failed");
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
}
@ -206,7 +206,7 @@ setcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
/* Create the global pin file if it doesn't exist yet */
r = sc_profile_get_file(profile, "pinfile", &pinfile);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No 'pinfile' template in profile");
r = sc_select_file(p15card->card, &pinfile->path, &pinfile);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot select 'pinfile'");
@ -217,10 +217,10 @@ setcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
if (pinfile->status == SC_FILE_STATUS_CREATION)
ignore_ac = 1;
r = setcos_create_pin_internal(profile, p15card, ignore_ac, auth_info,
r = setcos_create_pin_internal(profile, p15card, ignore_ac, auth_info,
pin, pin_len, puk, puk_len);
/* If pinfile is in 'Creation' state and SOPIN has been created,
/* If pinfile is in 'Creation' state and SOPIN has been created,
* change status of MF and 'pinfile' to 'Operational:Activated'
*/
if (ignore_ac && (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)) {
@ -239,7 +239,7 @@ setcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
if(pinfile)
sc_file_free(pinfile);
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
}
/*
@ -247,7 +247,7 @@ setcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
*/
static int
setcos_new_file(sc_profile_t *profile, sc_card_t *card,
unsigned int type,
unsigned int type,
unsigned int num, /* number of objects of this type already on the card */
sc_file_t **out)
{
@ -345,7 +345,7 @@ setcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
memcpy(&file->path, &key_info->path, sizeof(file->path));
file->id = file->path.value[file->path.len - 2] * 0x100
+ file->path.value[file->path.len - 1];
key_info->key_reference = file->path.value[file->path.len - 1] & 0xFF;
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Path of private key file to create %s\n", sc_print_path(&file->path));
@ -373,7 +373,7 @@ setcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
*/
static int
setcos_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *object,
struct sc_pkcs15_object *object,
struct sc_pkcs15_prkey *prkey)
{
struct sc_context *ctx = p15card->card->ctx;
@ -395,7 +395,7 @@ setcos_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
r = sc_select_file(p15card->card, &key_info->path, &file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store key: select key file failed");
r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to store private key");
@ -414,7 +414,7 @@ setcos_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_GENERATE_STORE_KEY, &args);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Card control 'GENERATE_STORE_KEY' failed");
if (file)
if (file)
sc_file_free(file);
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
@ -423,7 +423,7 @@ setcos_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
static int
setcos_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *object,
struct sc_pkcs15_object *object,
struct sc_pkcs15_pubkey *pubkey)
{
struct sc_context *ctx = p15card->card->ctx;
@ -445,7 +445,7 @@ setcos_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
r = sc_select_file(p15card->card, &key_info->path, &file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store key: select key file failed");
/* Authenticate */
r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to store private key");
@ -484,7 +484,7 @@ setcos_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
keybits = ((raw_pubkey[0] * 256) + raw_pubkey[1]); /* modulus bit length */
if (keybits != key_info->modulus_length) {
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "key-size from card[%i] does not match[%i]\n",
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "key-size from card[%i] does not match[%i]\n",
keybits, key_info->modulus_length);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_PKCS15INIT, "Failed to generate key");
}
@ -539,7 +539,7 @@ setcos_create_pin_internal(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
/* setcos pin number */
data[0] = auth_info->attrs.pin.reference;
memset(&data[1], auth_info->attrs.pin.pad_char, 16); /* padding */
memset(&data[1], auth_info->attrs.pin.pad_char, 16); /* padding */
memcpy(&data[1], (u8 *)pin, pin_len); /* copy pin*/
memcpy(&data[9], (u8 *)puk, puk_len); /* copy puk */
@ -582,7 +582,7 @@ static struct sc_pkcs15init_operations sc_pkcs15init_setcos_operations = {
setcos_create_key, /* create_key */
setcos_store_key, /* store_key */
setcos_generate_key, /* generate_key */
setcos_encode_private_key, /* encode_private_key */
setcos_encode_private_key, /* encode_private_key */
setcos_encode_public_key, /* encode_public_key */
NULL, /* finalize_card */
NULL, /* delete_object */

34
src/pkcs15init/pkcs15-starcos.c
View File

@ -96,7 +96,7 @@ static int starcos_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
/* we already have a MF => return OK */
return ret;
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &sopin);
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &sopin);
/* get mf profile */
ret = sc_profile_get_file(profile, "MF", &mf_file);
@ -118,7 +118,7 @@ static int starcos_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
/* AC CREATE EF */
*p++ = get_so_ac(mf_file, SC_AC_OP_CREATE, &sopin, STARCOS_AC_ALWAYS, 1);
/* AC CREATE KEY */
*p++ = get_so_ac(isf_file, SC_AC_OP_WRITE, &sopin, STARCOS_AC_NEVER, 1);
*p++ = get_so_ac(isf_file, SC_AC_OP_WRITE, &sopin, STARCOS_AC_NEVER, 1);
/* AC CREATE DF */
*p++ = get_so_ac(mf_file, SC_AC_OP_CREATE, &sopin, STARCOS_AC_ALWAYS, 1);
/* AC REGISTER DF */
@ -326,22 +326,22 @@ static int starcos_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15car
* Starcos SPK 2.3 uses a state machine to control the access
* to files or keys. This means that the access to a certain
* object is granted if the current state (of either the current
* DF or the MF) is =, <, >= or != a specified state (see
* Starcos S 2.1 manual). To map the pkcs15 access control model
* DF or the MF) is =, <, >= or != a specified state (see
* Starcos S 2.1 manual). To map the pkcs15 access control model
*(one object is protected by one pin etc.) to the Starcos S 2.1
* model the following approach is used:
* the pin with the key id 3 (or 0x81) sets the global (or local)
* state to 15 (note: 16 is the lowest initial state).
* the pin with the key id 4 (or 0x82) is reserved for the PUK
* the pin with the key id 5 (or 0x83) sets the global (or local)
* state to 14.
* ...
* Note: the key id 1 and 2 (or local 0x81 and 0x82) is used for
* state to 14.
* ...
* Note: the key id 1 and 2 (or local 0x81 and 0x82) is used for
* the 'SO-pin' which sets the state to 0x01.
* XXX: some card operations, like terminate card usage are only
* possible in state 0x00
*
* Nils
*
* Nils
*/
#define STARCOS_PINID2STATE(a) (((a) == STARCOS_SOPIN_GID) ? STARCOS_SOPIN_STATE : (0x0f - ((0x0f & (a)) >> 1)))
@ -434,10 +434,10 @@ static int starcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
return SC_ERROR_INVALID_ARGUMENTS;
memset(tpin, 0, 8);
memcpy(tpin, puk, puk_len);
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &puk_info);
tmp = puk_info.tries_left;
puk_d.mode = 0; /* install */
puk_d.kid = (u8) pin_id + 1;
puk_d.key = tpin;
@ -551,7 +551,7 @@ static int starcos_encode_prkey(struct sc_pkcs15_prkey_rsa *rsa, u8 *buf)
} else if (rsa->modulus.len && rsa->d.len) {
/* normal RSA key */
i = STARCOS_MAX_PR_KEYSIZE - 7 - rsa->modulus.len
- rsa->d.len - 16;
- rsa->d.len - 16;
/* key format list */
*p++ = 6;
*p++ = 0x90;
@ -570,7 +570,7 @@ static int starcos_encode_prkey(struct sc_pkcs15_prkey_rsa *rsa, u8 *buf)
} else
return SC_ERROR_INTERNAL;
return SC_SUCCESS;
return SC_SUCCESS;
}
/* XXX the whole IPF stuff doesn't really work very well */
@ -750,7 +750,7 @@ static int starcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
tkey.key_header[1] = (STARCOS_MAX_PR_KEYSIZE >> 8) & 0xff;
tkey.key_header[2] = STARCOS_MAX_PR_KEYSIZE & 0xff;
pin_id = sc_pkcs15init_get_pin_reference(p15card, profile, SC_AC_SYMBOLIC,
pin_id = sc_pkcs15init_get_pin_reference(p15card, profile, SC_AC_SYMBOLIC,
SC_PKCS15INIT_USER_PIN);
if (pin_id < 0)
state = STARCOS_AC_ALWAYS;
@ -773,7 +773,7 @@ static int starcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
akd |= 0x31; /* allow DS, IA and PKCS11 */
if (kinfo->usage & SC_PKCS15_PRKEY_USAGE_SIGNRECOVER)
akd |= 0x31; /* allow DS, IA and PKCS11 */
if (kinfo->usage & SC_PKCS15_PRKEY_USAGE_DECRYPT ||
if (kinfo->usage & SC_PKCS15_PRKEY_USAGE_DECRYPT ||
kinfo->usage & SC_PKCS15_PRKEY_USAGE_UNWRAP)
akd |= 0x02;
tkey.key_header[9] = akd;
@ -898,7 +898,7 @@ static int starcos_finalize_card(sc_card_t *card)
{
int r;
sc_file_t tfile;
sc_path_t tpath;
sc_path_t tpath;
/* SELECT FILE MF */
sc_format_path("3F00", &tpath);
@ -917,7 +917,7 @@ static int starcos_finalize_card(sc_card_t *card)
tfile.id = 0x5015;
r = sc_card_ctl(card, SC_CARDCTL_STARCOS_CREATE_END, &tfile);
if (r == SC_ERROR_NOT_ALLOWED)
/* card is already finalized */
/* card is already finalized */
return SC_SUCCESS;
return r;
}

40
src/pkcs15init/pkcs15-westcos.c
View File

@ -1,7 +1,7 @@
/*
* pkcs15-westcos.c: pkcs15 support for westcos card
*
* Copyright (C) 2009 francois.leblanc@cev-sa.com
* Copyright (C) 2009 francois.leblanc@cev-sa.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@ -38,7 +38,7 @@
#include "pkcs15-init.h"
#include "profile.h"
static int westcos_pkcs15init_init_card(sc_profile_t *profile,
static int westcos_pkcs15init_init_card(sc_profile_t *profile,
sc_pkcs15_card_t *p15card)
{
int r;
@ -51,8 +51,8 @@ static int westcos_pkcs15init_init_card(sc_profile_t *profile,
return r;
}
static int westcos_pkcs15init_create_dir(sc_profile_t *profile,
sc_pkcs15_card_t *p15card,
static int westcos_pkcs15init_create_dir(sc_profile_t *profile,
sc_pkcs15_card_t *p15card,
sc_file_t *df)
{
int r;
@ -69,7 +69,7 @@ static int westcos_pkcs15init_create_dir(sc_profile_t *profile,
/*
* Select the PIN reference
*/
static int westcos_pkcs15_select_pin_reference(sc_profile_t *profile,
static int westcos_pkcs15_select_pin_reference(sc_profile_t *profile,
sc_pkcs15_card_t *p15card,
sc_pkcs15_auth_info_t *auth_info)
{
@ -89,8 +89,8 @@ static int westcos_pkcs15_select_pin_reference(sc_profile_t *profile,
/*
* Create a new PIN inside a DF
*/
static int westcos_pkcs15_create_pin(sc_profile_t *profile,
sc_pkcs15_card_t *p15card,
static int westcos_pkcs15_create_pin(sc_profile_t *profile,
sc_pkcs15_card_t *p15card,
sc_file_t *df,
sc_pkcs15_object_t *pin_obj,
const u8 *pin, size_t pin_len,
@ -134,8 +134,8 @@ static int westcos_pkcs15_create_pin(sc_profile_t *profile,
pin_cmd.data = pin;
pin_cmd.max_length = 8;
ret = sc_build_pin(ck.new_key.key_value,
sizeof(ck.new_key.key_value), &pin_cmd, 1);
ret = sc_build_pin(ck.new_key.key_value,
sizeof(ck.new_key.key_value), &pin_cmd, 1);
if(ret < 0)
return SC_ERROR_CARD_CMD_FAILED;
@ -160,8 +160,8 @@ static int westcos_pkcs15_create_pin(sc_profile_t *profile,
puk_cmd.data = puk;
puk_cmd.max_length = 8;
ret = sc_build_pin(ck.new_key.key_value,
sizeof(ck.new_key.key_value), &puk_cmd, 1);
ret = sc_build_pin(ck.new_key.key_value,
sizeof(ck.new_key.key_value), &puk_cmd, 1);
if(ret < 0)
return SC_ERROR_CARD_CMD_FAILED;
@ -176,8 +176,8 @@ static int westcos_pkcs15_create_pin(sc_profile_t *profile,
/*
* Create a new key file
*/
static int westcos_pkcs15init_create_key(sc_profile_t *profile,
sc_pkcs15_card_t *p15card,
static int westcos_pkcs15init_create_key(sc_profile_t *profile,
sc_pkcs15_card_t *p15card,
sc_pkcs15_object_t *obj)
{
@ -192,7 +192,7 @@ static int westcos_pkcs15init_create_key(sc_profile_t *profile,
/*
* Store a private key
*/
static int westcos_pkcs15init_store_key(sc_profile_t *profile,
static int westcos_pkcs15init_store_key(sc_profile_t *profile,
sc_pkcs15_card_t *p15card,
sc_pkcs15_object_t *obj,
sc_pkcs15_prkey_t *key)
@ -203,7 +203,7 @@ static int westcos_pkcs15init_store_key(sc_profile_t *profile,
/*
* Generate key
*/
static int westcos_pkcs15init_generate_key(sc_profile_t *profile,
static int westcos_pkcs15init_generate_key(sc_profile_t *profile,
sc_pkcs15_card_t *p15card,
sc_pkcs15_object_t *obj,
sc_pkcs15_pubkey_t *pubkey)
@ -220,7 +220,7 @@ static int westcos_pkcs15init_generate_key(sc_profile_t *profile,
BIO *mem = NULL;
sc_file_t *prkf = NULL;
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
return SC_ERROR_NOT_SUPPORTED;
}
@ -230,18 +230,18 @@ static int westcos_pkcs15init_generate_key(sc_profile_t *profile,
bn = BN_new();
mem = BIO_new(BIO_s_mem());
if(rsa == NULL || bn == NULL || mem == NULL)
if(rsa == NULL || bn == NULL || mem == NULL)
{
r = SC_ERROR_OUT_OF_MEMORY;
goto out;
}
if(!BN_set_word(bn, RSA_F4) ||
if(!BN_set_word(bn, RSA_F4) ||
!RSA_generate_key_ex(rsa, key_info->modulus_length, bn, NULL))
#else
mem = BIO_new(BIO_s_mem());
if(mem == NULL)
if(mem == NULL)
{
r = SC_ERROR_OUT_OF_MEMORY;
goto out;
@ -284,7 +284,7 @@ static int westcos_pkcs15init_generate_key(sc_profile_t *profile,
/* Get the private key file */
r = sc_profile_get_file_by_path(profile, &key_info->path, &prkf);
if (r < 0)
if (r < 0)
{
char pbuf[SC_MAX_PATH_STRING_SIZE];

70
src/pkcs15init/profile.c
View File

@ -37,7 +37,7 @@
#include <assert.h>
#include <stdlib.h>
#ifdef _WIN32
#ifdef _WIN32
#include <windows.h>
#include <winreg.h>
#endif
@ -56,7 +56,7 @@
#define TEMPLATE_FILEID_MIN_DIFF 0x20
/*
#define DEBUG_PROFILE
#define DEBUG_PROFILE
*/
/*
@ -304,7 +304,7 @@ sc_profile_new(void)
pro->pin_encoding = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
pro->pin_minlen = 4;
pro->pin_maxlen = 8;
pro->id_style = SC_PKCS15INIT_ID_STYLE_NATIVE;
pro->id_style = SC_PKCS15INIT_ID_STYLE_NATIVE;
return pro;
}
@ -323,7 +323,7 @@ sc_profile_load(struct sc_profile *profile, const char *filename)
long rc;
HKEY hKey;
#endif
LOG_FUNC_CALLED(ctx);
for (i = 0; ctx->conf_blocks[i]; i++) {
profile_dir = scconf_get_str(ctx->conf_blocks[i], "profile_dir", NULL);
@ -348,8 +348,8 @@ sc_profile_load(struct sc_profile *profile, const char *filename)
if ((rc == ERROR_SUCCESS) && (temp_len < PATH_MAX))
profile_dir = temp_path;
RegCloseKey(hKey);
}
}
}
}
#else
profile_dir = SC_PKCS15_PROFILE_DIRECTORY;
#endif
@ -397,21 +397,21 @@ sc_profile_finish(struct sc_profile *profile, const struct sc_app_info *app_info
if (app_info && app_info->aid.len) {
struct sc_path path;
sc_log(ctx, "finish profile with '%s' application profile", app_info->label);
sc_log(ctx, "finish profile with '%s' application profile", app_info->label);
memset(&path, 0, sizeof(struct sc_path));
path.type = SC_PATH_TYPE_DF_NAME;
path.aid = app_info->aid;
sc_log(ctx, "Look for file by path '%s'", sc_print_path(&path));
profile->df_info = sc_profile_find_file_by_path(profile, &path);
sc_log(ctx, "returned DF info %p", profile->df_info);
sc_log(ctx, "returned DF info %p", profile->df_info);
if (profile->df_info && profile->df_info->profile_extension) {
sc_log(ctx, "application profile extension '%s'", profile->df_info->profile_extension);
if (sc_profile_load(profile, profile->df_info->profile_extension))
LOG_TEST_RET(ctx, SC_ERROR_INCONSISTENT_PROFILE, "Cannot load application profile extension");
}
}
profile->df_info = sc_profile_find_file(profile, NULL, "PKCS15-AppDF");
if (!profile->df_info)
LOG_TEST_RET(ctx, SC_ERROR_INCONSISTENT_PROFILE, "Profile doesn't define a PKCS15-AppDF");
@ -434,7 +434,7 @@ sc_profile_finish(struct sc_profile *profile, const struct sc_app_info *app_info
}
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
whine:
whine:
sc_log(ctx, "%s", reason);
LOG_FUNC_RETURN(ctx, SC_ERROR_INCONSISTENT_PROFILE);
}
@ -556,7 +556,7 @@ sc_profile_get_file(struct sc_profile *profile,
}
int
sc_profile_get_file_instance(struct sc_profile *profile, const char *name,
sc_profile_get_file_instance(struct sc_profile *profile, const char *name,
int index, sc_file_t **ret)
{
struct sc_context *ctx = profile->card->ctx;
@ -666,7 +666,7 @@ sc_profile_instantiate_template(sc_profile_t *profile,
printf("Instantiate %s in template %s\n", file_name, template_name);
sc_profile_find_file_by_path(profile, base_path);
#endif
for (info = profile->template_list; info; info = info->next)
for (info = profile->template_list; info; info = info->next)
if (!strcmp(info->name, template_name))
break;
if (info == NULL) {
@ -762,7 +762,7 @@ sc_profile_instantiate_file(sc_profile_t *profile, struct file_info *ft,
fi->file->path = parent->file->path;
fi->file->id += skew;
if (fi->file->type == SC_FILE_TYPE_INTERNAL_EF
if (fi->file->type == SC_FILE_TYPE_INTERNAL_EF
|| fi->file->type == SC_FILE_TYPE_WORKING_EF
|| (fi->file->type == SC_FILE_TYPE_DF && fi->file->id))
sc_append_file_id(&fi->file->path, fi->file->id);
@ -778,8 +778,8 @@ sc_profile_instantiate_file(sc_profile_t *profile, struct file_info *ft,
}
int
sc_profile_get_pin_id_by_reference(struct sc_profile *profile,
unsigned auth_method, int reference,
sc_profile_get_pin_id_by_reference(struct sc_profile *profile,
unsigned auth_method, int reference,
struct sc_pkcs15_auth_info *auth_info)
{
struct pin_info *pinfo;
@ -1032,8 +1032,8 @@ process_bso(struct state *cur, struct block *info,
return process_block(&state, info, name, blk);
}
/*
* In the template the difference between any two file-ids
/*
* In the template the difference between any two file-ids
* should be greater then TEMPLATE_FILEID_MIN_DIFF.
*/
static int
@ -1043,15 +1043,15 @@ template_sanity_check(struct state *cur, struct sc_profile *templ)
for (fi = templ->ef_list; fi; fi = fi->next) {
struct sc_path fi_path = fi->file->path;
int fi_id = fi_path.value[fi_path.len - 2] * 0x100
+ fi_path.value[fi_path.len - 1];
int fi_id = fi_path.value[fi_path.len - 2] * 0x100
+ fi_path.value[fi_path.len - 1];
if (fi->file->type == SC_FILE_TYPE_BSO)
continue;
for (ffi = templ->ef_list; ffi; ffi = ffi->next) {
struct sc_path ffi_path = ffi->file->path;
int dlt, ffi_id = ffi_path.value[ffi_path.len - 2] * 0x100
+ ffi_path.value[ffi_path.len - 1];
int dlt, ffi_id = ffi_path.value[ffi_path.len - 2] * 0x100
+ ffi_path.value[ffi_path.len - 1];
if (ffi->file->type == SC_FILE_TYPE_BSO)
continue;
@ -1093,7 +1093,7 @@ process_tmpl(struct state *cur, struct block *info,
parse_error(cur, "memory allocation failed");
return 1;
}
tinfo = calloc(1, sizeof(*tinfo));
if (tinfo == NULL) {
parse_error(cur, "memory allocation failed");
@ -1215,11 +1215,11 @@ new_file(struct state *cur, const char *name, unsigned int type)
assert(file);
if (file->type != type) {
parse_error(cur, "inconsistent file type (should be %s)",
file->type == SC_FILE_TYPE_DF
? "DF" : file->type == SC_FILE_TYPE_BSO
file->type == SC_FILE_TYPE_DF
? "DF" : file->type == SC_FILE_TYPE_BSO
? "BS0" : "EF");
if (strncasecmp(name, "PKCS15-", 7) ||
!strcasecmp(name+7, "AppDF"))
!strcasecmp(name+7, "AppDF"))
sc_file_free(file);
return NULL;
}
@ -1344,7 +1344,7 @@ do_aid(struct state *cur, int argc, char **argv)
}
memcpy(file->name, name, len);
file->namelen = len;
}
}
else {
file->namelen = sizeof(file->name);
res = sc_hex_to_bin(name, file->name, &file->namelen);
@ -1387,7 +1387,7 @@ do_exclusive_aid(struct state *cur, int argc, char **argv)
}
memcpy(file->name, name, len);
file->namelen = len;
}
}
else {
file->namelen = sizeof(file->name);
res = sc_hex_to_bin(name, file->name, &file->namelen);
@ -1452,7 +1452,7 @@ do_acl(struct state *cur, int argc, char **argv)
}
return 0;
bad: parse_error(cur,
bad: parse_error(cur,
"Invalid ACL \"%s%s%s\"\n",
oper, what? "=" : "", what? what : "");
return 1;
@ -2004,7 +2004,7 @@ sc_profile_find_file_by_path(struct sc_profile *pro, const sc_path_t *path)
continue;
if (fp_path->len && memcmp(fp_path->value, path->value, path->len))
continue;
if (path->aid.len && fp_path->aid.len) {
if (memcmp(fp_path->aid.value, path->aid.value, path->aid.len))
continue;
@ -2215,15 +2215,15 @@ __expr_get(struct num_exp_ctx *ctx, int eof_okay)
if (isdigit(*s)) {
while (isdigit(*s))
expr_put(ctx, *s++);
}
}
else if (*s == '$') {
expr_put(ctx, *s++);
while (isalnum(*s) || *s == '-' || *s == '_')
expr_put(ctx, *s++);
}
}
else if (strchr("*/+-()|&", *s)) {
expr_put(ctx, *s++);
}
}
else {
expr_fail(ctx);
}
@ -2266,14 +2266,14 @@ expr_term(struct num_exp_ctx *ctx, unsigned int *vp)
if (*tok == '(') {
expr_eval(ctx, vp, 1);
expr_expect(ctx, ')');
}
}
else if (isdigit(*tok)) {
char *ep;
*vp = strtoul(tok, &ep, 0);
if (*ep)
expr_fail(ctx);
}
}
else if (*tok == '$') {
sc_macro_t *mac;
char *argv[32];
@ -2284,7 +2284,7 @@ expr_term(struct num_exp_ctx *ctx, unsigned int *vp)
argc = build_argv(ctx->state, "<expr>", mac->value, argv, 32);
if (argc < 0 || get_uint_eval(ctx->state, argc, argv, vp) < 0)
expr_fail(ctx);
}
}
else {
parse_error(ctx->state, "Unexpected token \"%s\" in expression", tok);
expr_fail(ctx);

2
src/pkcs15init/profile.h
View File

@ -141,7 +141,7 @@ int sc_profile_instantiate_template(struct sc_profile *, const char *, const sc_
const char *, const sc_pkcs15_id_t *, sc_file_t **);
int sc_profile_add_file(struct sc_profile *, const char *, sc_file_t *);
int sc_profile_get_file_instance(struct sc_profile *, const char *, int, sc_file_t **);
int sc_profile_get_pin_id_by_reference(struct sc_profile *, unsigned, int,
int sc_profile_get_pin_id_by_reference(struct sc_profile *, unsigned, int,
struct sc_pkcs15_auth_info *);
int sc_profile_get_parent(struct sc_profile *profile, const char *, sc_file_t **);