giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

MyEID: For Aventra card applied Toni's patch, enriched by Andre's proposal 

see:
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014662.html


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4686 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
viktor.tarasov 2010-09-04 20:46:07 +00:00
parent 602d170c3d
commit ec6bb9859d
4 changed files with 231 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
src/libopensc/card-myeid.c
View File

@ -36,6 +36,10 @@
#define LOAD_KEY_DQ1 0x86
#define LOAD_KEY_INVQ 0x87
#define MYEID_STATE_CREATION 0x01
#define MYEID_STATE_ACTIVATED 0x07
static int card_state;
static struct sc_card_operations myeid_ops;
static struct sc_card_driver myeid_drv = {
"MyEID cards with PKCS#15 applet",
@ -81,8 +85,8 @@ static int myeid_init(struct sc_card *card)
unsigned long flags =0;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
flags = SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_PAD_PKCS1;
flags |= SC_ALGORITHM_RSA_HASH_NONE | SC_ALGORITHM_RSA_HASH_SHA1;
flags = SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_ONBOARD_KEY_GEN;
flags |= SC_ALGORITHM_RSA_HASH_NONE | SC_ALGORITHM_RSA_HASH_SHA1 | SC_ALGORITHM_ONBOARD_KEY_GEN;
_sc_card_add_rsa_alg(card, 1024, flags, 0);
_sc_card_add_rsa_alg(card, 2048, flags, 0);
@ -147,7 +151,7 @@ static void parse_sec_attr(struct sc_file *file, const u8 *buf, size_t len)
const int ef_ops[4] =
{ SC_AC_OP_READ, SC_AC_OP_UPDATE, SC_AC_OP_DELETE, -1 };
const int key_ops[4] =
{ SC_AC_OP_CRYPTO, SC_AC_OP_UPDATE, SC_AC_OP_DELETE, SC_AC_OP_CRYPTO };
{ SC_AC_OP_CRYPTO, SC_AC_OP_UPDATE, SC_AC_OP_DELETE, SC_AC_OP_GENERATE };
const int *ops;
@ -184,12 +188,13 @@ static int myeid_select_file(struct sc_card *card, const struct sc_path *in_path
struct sc_file **file)
{
int r;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
r = iso_ops->select_file(card, in_path, file);
if (r == 0 && file != NULL) {
if (r == 0 && file != NULL && *file != NULL)
parse_sec_attr(*file, (*file)->sec_attr, (*file)->sec_attr_len);
}
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
}
@ -242,9 +247,24 @@ static int myeid_process_fci(struct sc_card *card, struct sc_file *file,
}
if(file->sec_attr_len >= 3)
{
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "id (%X) sec_attr (%X %X %X) \n", file->id,
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "id (%X) sec_attr (%X %X %X)", file->id,
file->sec_attr[0],file->sec_attr[1],file->sec_attr[2]);
}
tag = sc_asn1_find_tag(NULL, buf, buflen, 0x8A, &taglen);
if (tag != NULL && taglen > 0)
{
if(tag[0] == MYEID_STATE_CREATION) {
file->status = SC_FILE_STATUS_CREATION;
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "File id (%X) status SC_FILE_STATUS_CREATION (0x%X)",
file->id, tag[0]);
}
else if(tag[0] == MYEID_STATE_ACTIVATED) {
file->status = SC_FILE_STATUS_ACTIVATED;
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "File id (%X) status SC_FILE_STATUS_ACTIVATED (0x%X)",
file->id, tag[0]);
}
card_state = file->status;
}
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0);
}
@ -252,7 +272,7 @@ static int myeid_process_fci(struct sc_card *card, struct sc_file *file,
static int encode_file_structure(sc_card_t *card, const sc_file_t *file,
u8 *out, size_t *outlen)
{
const sc_acl_entry_t *read, *update, *delete;
const sc_acl_entry_t *read, *update, *delete, *generate;
u8 buf[40];
int i;
@ -284,9 +304,9 @@ static int encode_file_structure(sc_card_t *card, const sc_file_t *file,
/* Security Attributes Tag */
buf[13] = 0x86;
buf[14] = 0x03;
buf[15] = 0x0;
buf[16] = 0x0;
buf[17] = 0x0;
buf[15] = 0xFF;
buf[16] = 0xFF;
buf[17] = 0xFF;
if (file->sec_attr_len == 3 && file->sec_attr)
{
@ -294,7 +314,7 @@ static int encode_file_structure(sc_card_t *card, const sc_file_t *file,
buf[16] = file->sec_attr[1];
buf[17] = file->sec_attr[2];
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "id (%X), sec_attr %X %X %X\n", file->id,
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "id (%X), sec_attr %X %X %X", file->id,
file->sec_attr[0],file->sec_attr[1],file->sec_attr[2]);
}
else
@ -314,9 +334,10 @@ static int encode_file_structure(sc_card_t *card, const sc_file_t *file,
read = sc_file_get_acl_entry(file, SC_AC_OP_CRYPTO);
update = sc_file_get_acl_entry(file, SC_AC_OP_UPDATE);
generate = sc_file_get_acl_entry(file, SC_AC_OP_GENERATE);
buf[15] = (acl_to_byte(read) << 4) | acl_to_byte(update);
buf[16] = (acl_to_byte(delete)<< 4) | 0x0F;
buf[16] = (acl_to_byte(delete)<< 4) | acl_to_byte(generate);
break;
case SC_FILE_TYPE_DF:
@ -466,6 +487,7 @@ static int myeid_delete_file(struct sc_card *card, const struct sc_path *path)
static int myeid_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data,
int *tries_left)
{
int verify=1;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "ref (%d), pin1 len(%d), pin2 len (%d)\n",
@ -476,16 +498,56 @@ static int myeid_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data,
data->flags |= SC_PIN_CMD_NEED_PADDING;
if(data->cmd == SC_PIN_CMD_VERIFY)
{
u8 buf[8];
{
if(card_state == SC_FILE_STATUS_CREATION) {
verify = 0;
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Card in creation state, no need to verify");
}
else {
u8 buf[8];
memset(buf, data->pin1.pad_char, sizeof(buf));
memcpy(&buf[0], (u8 *)data->pin1.data, data->pin1.len); /* copy pin*/
data->pin1.data = buf;
data->pin1.len = 8;
}
}
else if(data->cmd == SC_PIN_CMD_CHANGE)
{
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "PIN change\n");
u8 buf[8];
u8 buf2[8];
memset(buf, 0xFF, sizeof(buf));
memcpy(&buf[0], (u8 *)data->pin1.data, data->pin1.len); /* copy pin*/
memcpy(&buf[0], (u8 *)data->pin1.data, data->pin1.len); /*copy pin1 (old PIN)*/
data->pin1.data = buf;
data->pin1.len = 8;
memset(buf2, 0xFF, sizeof(buf));
memcpy(&buf2[0], (u8 *)data->pin2.data, data->pin2.len); /*copy pin2 (new PIN)*/
data->pin2.data = buf;
data->pin2.len = 8;
}
else if(data->cmd == SC_PIN_CMD_UNBLOCK)
{
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "PIN unblock\n");
u8 buf[8];
u8 buf2[8];
memset(buf, 0xFF, sizeof(buf));
memcpy(&buf[0], (u8 *)data->pin1.data, data->pin1.len); /* copy pin1 (PUK)*/
data->pin1.data = buf;
data->pin1.len = 8;
memset(buf2, 0xFF, sizeof(buf));
memcpy(&buf2[0], (u8 *)data->pin2.data, data->pin2.len); /* copy pin2, (new PIN)*/
data->pin2.data = buf;
data->pin2.len = 8;
}
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, iso_ops->pin_cmd(card, data, tries_left));
if(verify)
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, iso_ops->pin_cmd(card, data, tries_left));
else
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0);
}
static int myeid_set_security_env2(sc_card_t *card, const sc_security_env_t *env,
@ -793,7 +855,7 @@ static int myeid_getdata(struct sc_card *card, struct sc_cardctl_myeid_data_obj*
apdu.datalen = 0;
apdu.data = data_obj->Data;
apdu.le = 256;
apdu.le = card->max_recv_size;
apdu.resp = data_obj->Data;
apdu.resplen = data_obj->DataLen;
@ -891,7 +953,7 @@ static int myeid_generate_store_key(struct sc_card *card,
int r=0,len;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
/* Setup key-generation paramters */
/* Setup key-generation parameters */
if (data->op_type == OP_TYPE_GENERATE)
{
len = 0;
@ -1019,6 +1081,7 @@ static int myeid_card_ctl(struct sc_card *card, unsigned long cmd, void *ptr)
case SC_CARDCTL_GET_SERIALNR:
r = myeid_get_serialnr(card, (sc_serial_number_t *)ptr);
break;
case SC_CARDCTL_GET_DEFAULT_KEY:
case SC_CARDCTL_LIFECYCLE_SET:
case SC_CARDCTL_LIFECYCLE_GET:
break;

196
src/pkcs15init/myeid.profile
View File

@ -46,7 +46,7 @@ PIN user-pin {
reference = 1;
min-length = 4;
max-length = 8;
attempts = 3;
attempts = 3;
flags = initialized, needs-padding;
}
@ -62,14 +62,14 @@ PIN so-pin {
auth-id = FF;
min-length = 4;
max-length = 8;
attempts = 4;
attempts = 3;
flags = initialized, soPin, needs-padding;
}
PIN so-puk {
min-length = 4;
max-length = 8;
attempts = 9;
attempts = 10;
flags = needs-padding;
}
@ -78,114 +78,116 @@ PIN so-puk {
# main profile.
filesystem {
DF MF {
path = 3F00;
type = DF;
acl = CREATE=$SOPIN,DELETE=NONE;
path = 3F00;
type = DF;
acl = CREATE=$SOPIN,DELETE=NONE;
# This is the DIR file
EF DIR {
file-id = 2F00;
structure = transparent;
size = 128;
acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
}
# This is the DIR file
EF DIR {
file-id = 2F00;
structure = transparent;
size = 128;
acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
}
DF PKCS15-AppDF {
type = DF;
file-id = 5015;
acl = DELETE=NONE, CREATE=$SOPIN;
type = DF;
file-id = 5015;
acl = DELETE=NONE, CREATE=$SOPIN;
EF PKCS15-ODF {
file-id = 5031;
EF PKCS15-ODF {
file-id = 5031;
structure = transparent;
size = $odf-size;
acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
}
size = $odf-size;
acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
}
EF PKCS15-TokenInfo {
file-id = 5032;
structure = transparent;
acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
}
EF PKCS15-TokenInfo {
file-id = 5032;
structure = transparent;
acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
}
EF PKCS15-UnusedSpace {
file-id = 5033;
structure = transparent;
size = $unusedspace-size;
acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
}
EF PKCS15-UnusedSpace {
file-id = 5033;
structure = transparent;
size = $unusedspace-size;
acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
}
EF PKCS15-AODF {
file-id = 4401;
structure = transparent;
size = $aodf-size;
acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
}
EF PKCS15-AODF {
file-id = 4401;
structure = transparent;
size = $aodf-size;
acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
}
EF PKCS15-PrKDF {
file-id = 4402;
structure = transparent;
size = $prkdf-size;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
EF PKCS15-PrKDF {
file-id = 4402;
structure = transparent;
size = $prkdf-size;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
EF PKCS15-PuKDF {
file-id = 4403;
structure = transparent;
size = $pukdf-size;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
EF PKCS15-PuKDF {
file-id = 4403;
structure = transparent;
size = $pukdf-size;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
EF PKCS15-CDF {
file-id = 4404;
structure = transparent;
size = $cdf-size;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
EF PKCS15-CDF {
file-id = 4404;
structure = transparent;
size = $cdf-size;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
EF PKCS15-DODF {
file-id = 4405;
structure = transparent;
size = $dodf-size;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
EF PKCS15-DODF {
file-id = 4405;
structure = transparent;
size = $dodf-size;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
EF template-private-key {
type = internal-ef;
file-id = 4B01;
size = 1024;
acl = CRYPTO=$PIN, UPDATE=$PIN, DELETE=$SOPIN;
type = internal-ef;
file-id = 4B01;
acl = CRYPTO=$PIN, UPDATE=$PIN, DELETE=$SOPIN, GENERATE=$PIN;
}
EF template-public-key {
structure = transparent;
file-id = 5501;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN, GENERATE=$PIN;
}
EF template-public-key {
structure = transparent;
file-id = 5501;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
EF template-certificate {
file-id = 4301;
structure = transparent;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
template key-domain {
# This is a dummy entry - pkcs15-init insists that
# this is present
EF private-key {
file-id = 4B00;
type = internal-ef;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
EF public-key {
file-id = 4300;
structure = transparent;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
# Certificate template
EF certificate {
file-id = 5300;
structure = transparent;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
EF template-certificate {
file-id = 4301;
structure = transparent;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
}
template key-domain {
# This is a dummy entry - pkcs15-init insists that
# this is present
EF private-key {
file-id = 4B00;
type = internal-ef;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN, GENERATE=$PIN;
}
EF public-key {
file-id = 5500;
structure = transparent;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN, GENERATE=$PIN;
}
# Certificate template
EF certificate {
file-id = 4300;
structure = transparent;
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
}
}
}
}

106
src/pkcs15init/pkcs15-myeid.c
View File

@ -168,15 +168,19 @@ static int
myeid_init_card(sc_profile_t *profile,
sc_pkcs15_card_t *p15card)
{
struct sc_path path;
struct sc_path path;
struct sc_file *file = NULL;
int r;
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
sc_format_path("3F00", &path);
r = sc_select_file(p15card->card, &path, NULL);
r = sc_select_file(p15card->card, &path, &file);
if (file)
sc_file_free(file);
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r);
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r);
}
@ -192,12 +196,12 @@ myeid_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df
return SC_ERROR_INVALID_ARGUMENTS;
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "id (%x)\n",df->id);
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "id (%x)",df->id);
if(df->id == 0x5015)
{
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "only Select (%x)\n",df->id);
r = sc_select_file(p15card->card, &df->path, NULL);
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "only Select (%x)",df->id);
r = sc_select_file(p15card->card, &df->path, NULL);
}
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r);
@ -217,14 +221,16 @@ myeid_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
{
type = SC_PKCS15INIT_SO_PIN;
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "PIN_FLAG_SO_PIN, ref (%d), tries_left (%d)\n",
pin_info->reference,pin_info->tries_left);
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
"PIN_FLAG_SO_PIN, ref (%d), tries_left (%d)",
pin_info->reference,pin_info->tries_left);
}
else
{
type = SC_PKCS15INIT_USER_PIN;
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "PIN_FLAG_PIN, ref (%d), tries_left (%d)\n",
pin_info->reference, pin_info->tries_left);
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
"PIN_FLAG_PIN, ref (%d), tries_left (%d)",
pin_info->reference, pin_info->tries_left);
}
@ -292,12 +298,6 @@ myeid_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
r = sc_card_ctl(p15card->card, SC_CARDCTL_MYEID_PUTDATA, &data_obj);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Initialize PIN failed");
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
/* Finalize DIR */
/* TODO: add to pkcs15init API finalize_dir() method. */
r = sc_card_ctl(p15card->card, SC_CARDCTL_MYEID_ACTIVATE_CARD, NULL);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Activate applet failed");
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
}
@ -510,37 +510,24 @@ myeid_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
int keybits = key_info->modulus_length, r;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
/* Parameter check */
if ( (keybits < 1024) || (keybits > 2048) || (keybits & 0x7))
/* Check that the card supports the requested modulus length */
if (sc_card_find_rsa_alg(p15card->card, keybits) == NULL)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size");
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create MyEID private key ID:%s\n", sc_pkcs15_print_id(&key_info->id));
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create MyEID private key ID:%s", sc_pkcs15_print_id(&key_info->id));
/* Get the private key file */
r = myeid_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, key_info->key_reference, &file);
r = myeid_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, key_info->key_reference, &file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot get new MyEID private key file");
/* Take enough room for a 1024 bit key */
if (file->size < 1024)
file->size = 1024;
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Key file size %d", keybits);
file->size = keybits;
/* Replace the path of instantiated key template by the path from the object data. */
memcpy(&file->path, &key_info->path, sizeof(file->path));
file->id = file->path.value[file->path.len - 2] * 0x100
+ file->path.value[file->path.len - 1];
memcpy(&key_info->path.value, &file->path.value, file->path.len);
key_info->key_reference = file->path.value[file->path.len - 1] & 0xFF;
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Path of MyEID private key file to create %s\n", sc_print_path(&file->path));
r = sc_select_file(card, &file->path, NULL);
if (!r) {
r = myeid_delete_object(profile, p15card, object->type, NULL, &file->path);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to delete MyEID private key file");
}
else if (r != SC_ERROR_FILE_NOT_FOUND) {
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Select MyEID private key file error");
}
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Path of MyEID private key file to create %s",
sc_print_path(&file->path));
/* Now create the key file */
r = sc_pkcs15init_create_file(profile, p15card, file);
@ -570,12 +557,12 @@ myeid_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Store key failed: RSA only supported");
/* Parameter check */
if ( (keybits < 1024) || (keybits > 2048) || (keybits & 0x7))
/* Check that the card supports the requested modulus length */
if (sc_card_find_rsa_alg(p15card->card, keybits) == NULL)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size");
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store MyEID key with ID:%s and path:%s\n", sc_pkcs15_print_id(&key_info->id),
sc_print_path(&key_info->path));
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store MyEID key with ID:%s and path:%s",
sc_pkcs15_print_id(&key_info->id), sc_print_path(&key_info->path));
r = sc_select_file(card, &key_info->path, &file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store MyEID key: select key file failed");
@ -633,21 +620,18 @@ myeid_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Store key failed: RSA only supported");
/* Parameter check */
if ( (keybits < 1024) || (keybits > 2048) || (keybits & 0x7))
/* Check that the card supports the requested modulus length */
if (sc_card_find_rsa_alg(p15card->card, keybits) == NULL)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size");
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store MyEID key with ID:%s and path:%s\n", sc_pkcs15_print_id(&key_info->id),
sc_print_path(&key_info->path));
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store MyEID key with ID:%s and path:%s",
sc_pkcs15_print_id(&key_info->id), sc_print_path(&key_info->path));
r = sc_select_file(card, &key_info->path, &file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store MyEID key: select key file failed");
r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to store MyEID private key");
if (file)
sc_file_free(file);
r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_GENERATE);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to generate MyEID private key");
/* Fill in data structure */
memset(&args, 0, sizeof(args));
@ -684,16 +668,26 @@ myeid_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
r = sc_card_ctl(card, SC_CARDCTL_MYEID_GETDATA, &data_obj);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot get key modulus: 'MYEID_GETDATA' failed");
keybits = ((raw_pubkey[0] * 256) + raw_pubkey[1]); /* modulus bit length */
if (keybits != key_info->modulus_length)
if ((data_obj.DataLen * 8) != key_info->modulus_length)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_PKCS15INIT, "Cannot get key modulus: invalid key-size");
memcpy (pubkey->u.rsa.modulus.data, &raw_pubkey[2], pubkey->u.rsa.modulus.len);
memcpy (pubkey->u.rsa.modulus.data, raw_pubkey, pubkey->u.rsa.modulus.len);
}
if (file)
sc_file_free(file);
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
}
/* Finish initialization. After this ACL is in affect */
static int myeid_finalize_card(sc_card_t *card)
{
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL,
sc_card_ctl(card, SC_CARDCTL_MYEID_ACTIVATE_CARD, NULL));
}
/*
* Create a new PIN
@ -711,9 +705,9 @@ static struct sc_pkcs15init_operations sc_pkcs15init_myeid_operations = {
myeid_generate_key,
myeid_encode_private_key,
myeid_encode_public_key,
NULL, /* finalize_card */
myeid_finalize_card,
myeid_delete_object, /* delete_object */
NULL, NULL, NULL, NULL /* pkcs15init emulation */
NULL, NULL, NULL, NULL /* pkcs15init emulation */
};
struct sc_pkcs15init_operations *sc_pkcs15init_get_myeid_ops(void)

1
src/pkcs15init/profile.c
View File

@ -120,6 +120,7 @@ static struct map fileOpNames[] = {
{ "PIN-DEFINE", SC_AC_OP_PIN_DEFINE },
{ "PIN-CHANGE", SC_AC_OP_PIN_CHANGE },
{ "PIN-RESET", SC_AC_OP_PIN_RESET },
{ "GENERATE", SC_AC_OP_GENERATE },
{ NULL, 0 }
};
static struct map fileTypeNames[] = {