giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add pkcs15init-binding for OpenPGP

This commit is contained in:
Nguyễn Hồng Quân 2012-06-01 17:48:30 +02:00 committed by Viktor Tarasov
parent 58a4821689
commit ed0e2be305
5 changed files with 306 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/pkcs15init/Makefile.am
View File

@ -28,7 +28,8 @@ dist_pkgdata_DATA = \
authentic.profile \
iasecc.profile \
ias_adele_admin1.profile ias_adele_admin2.profile ias_adele_common.profile \
iasecc_generic_pki.profile iasecc_admin_eid.profile iasecc_generic_oberthur.profile
iasecc_generic_pki.profile iasecc_admin_eid.profile iasecc_generic_oberthur.profile \
openpgp.profile
AM_CPPFLAGS = -DSC_PKCS15_PROFILE_DIRECTORY=\"$(pkgdatadir)\"
AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS)
@ -44,4 +45,4 @@ libpkcs15init_la_SOURCES = \
pkcs15-entersafe.c pkcs15-epass2003.c \
pkcs15-rtecp.c pkcs15-myeid.c \
pkcs15-oberthur.c pkcs15-oberthur-awp.c \
pkcs15-authentic.c pkcs15-iasecc.c
pkcs15-authentic.c pkcs15-iasecc.c pkcs15-openpgp.c

129
src/pkcs15init/openpgp.profile Normal file
View File

@ -0,0 +1,129 @@
#
# PKCS15 profile, generic information.
# This profile is loaded before any card specific profile.
#
cardinfo {
min-pin-length = 6;
# max length should be overridden in the per-card profile
max-pin-length = 12; # To be defined
}
# Default settings.
# This option block will always be processed.
option default {
macros {
protected = *=$SOPIN, READ=NONE;
unprotected = *=NONE;
so-pin-flags = local, initialized, soPin;
so-min-pin-length = 8;
so-pin-attempts = 3;
so-auth-id = FF;
odf-size = 256;
aodf-size = 256;
cdf-size = 512;
prkdf-size = 256;
pukdf-size = 256;
dodf-size = 256;
}
}
# Define reasonable limits for PINs and PUK
# Note that we do not set a file path or reference
# for the user pin; that is done dynamically.
PIN user-pin {
attempts = 3;
flags = local, initialized;
}
PIN so-pin {
auth-id = $so-auth-id;
attempts = $so-pin-attempts;
min-length = $so-min-pin-length;
flags = $so-pin-flags;
}
filesystem {
DF MF {
path = 3F00;
type = DF;
# This is the DIR file
EF DIR {
type = EF;
file-id = 2F00;
acl = *=NONE;
}
# Here comes the application DF
DF PKCS15-AppDF {
type = DF;
aid = D2:76:00:01:24:01;
acl = *=NONE;
EF PKCS15-TokenInfo {
ACL = $unprotected;
}
EF PKCS15-PrKDF {
size = $prkdf-size;
acl = $protected;
}
EF PKCS15-PuKDF {
size = $pukdf-size;
acl = $protected;
}
EF PKCS15-CDF {
acl = $unprotected;
}
# This template defines files for keys, certificates etc.
#
# When instantiating the template, each file id will be
# combined with the last octet of the object's pkcs15 id
# to form a unique file ID.
template key-domain {
# This is a dummy entry - pkcs15-init insists that
# this is present
EF private-key {
file-id = 5F48;
ACL = *=NEVER, CRYPTO=$PIN, UPDATE=$PIN;
}
# public keys
EF public-key {
file-id = 7F49;
structure = transparent;
ACL = *=NEVER,
READ=NONE,
UPDATE=$PIN,
ERASE=$PIN;
}
# Certificate template
EF certificate {
file-id = 7F21;
structure = transparent;
ACL = *=NEVER,
READ=NONE,
UPDATE=CHV3,
WRITE=CHV3,
DELETE=CHV3;
}
# private data objects are stored in transparent EFs.
EF privdata {
file-id = 0101;
structure = transparent;
ACL = *=NEVER,
READ=$PIN,
UPDATE=$PIN,
ERASE=$PIN;
}
}
}
}
}

1
src/pkcs15init/pkcs15-init.h
View File

@ -414,6 +414,7 @@ extern struct sc_pkcs15init_operations *sc_pkcs15init_get_myeid_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_authentic_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_iasecc_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_piv_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_openpgp_ops(void);
#ifdef __cplusplus
}

1
src/pkcs15init/pkcs15-lib.c
View File

@ -145,6 +145,7 @@ static struct profile_operations {
{ "jcop", (void *) sc_pkcs15init_get_jcop_ops },
{ "starcos", (void *) sc_pkcs15init_get_starcos_ops },
{ "oberthur", (void *) sc_pkcs15init_get_oberthur_ops },
{ "openpgp", (void *) sc_pkcs15init_get_openpgp_ops },
{ "setcos", (void *) sc_pkcs15init_get_setcos_ops },
{ "incrypto34", (void *) sc_pkcs15init_get_incrypto34_ops },
{ "muscle", (void*) sc_pkcs15init_get_muscle_ops },

172
src/pkcs15init/pkcs15-openpgp.c Executable file
View File

@ -0,0 +1,172 @@
/*
* OpenPGP specific operation for PKCS15 initialization
*
* Copyright (c) 2012 Nguyen Hong Quan <ng.hong.quan@gmail.com>.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "config.h"
#include <sys/types.h>
#include <stdlib.h>
#include <string.h>
#include "libopensc/opensc.h"
#include "libopensc/cardctl.h"
#include "libopensc/log.h"
#include "libopensc/cards.h"
#include "libopensc/asn1.h"
#include "pkcs15-init.h"
#include "profile.h"
/**
* Erase card: erase all EFs/DFs created by OpenSC
* @param profile The sc_profile_t object with the configurable profile
* information
* @param p15card The card from which the opensc application should be
* erased.
* @return SC_SUCCESS on success and an error code otherwise
**/
static int openpgp_erase(struct sc_profile *profile, sc_pkcs15_card_t *p15card)
{
return SC_ERROR_NOT_SUPPORTED;
}
/**
* Create application DF
* @param profile sc_profile_t object with the configurable profile
* information
* @param p15card sc_card_t object to be used
* @param df sc_file_t with the application DF to create
* @return SC_SUCCESS on success and an error value otherwise
**/
static int openpgp_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
sc_file_t *df)
{
return SC_ERROR_NOT_SUPPORTED;
}
/**
* Select PIN reference: do nothing special, the real PIN reference if
* determined when the PIN is created. This is just helper function to
* determine the next best file id of the PIN file.
**/
static int openpgp_select_pin_reference(sc_profile_t *profile,
sc_pkcs15_card_t *p15card, sc_pkcs15_auth_info_t *auth_info)
{
return SC_ERROR_NOT_SUPPORTED;
}
/**
* Create PIN and, if specified, PUK files
* @param profile profile information for this card
* @param card sc_card_t object to use
* @param pin_obj sc_pkcs15_object_t for the PIN
* @param pin PIN value
* @param len_len PIN length
* @param puk PUK value (optional)
* @param puk_len PUK length (optional)
* @return SC_SUCCESS on success and an error code otherwise
**/
static int openpgp_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
sc_file_t *df, sc_pkcs15_object_t *pin_obj,
const u8 *pin, size_t pin_len, const u8 *puk, size_t puk_len)
{
return SC_ERROR_NOT_SUPPORTED;
}
/**
* Creates empty key file
**/
static int openpgp_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
sc_pkcs15_object_t *obj)
{
return SC_ERROR_NOT_SUPPORTED;
}
/**
* Stores an external (RSA) on the card.
* @param profile profile information for this card
* @param card sc_card_t object to use
* @param obj sc_pkcs15_object_t object with pkcs15 information
* @param key the private key
* @return SC_SUCCESS on success and an error code otherwise
**/
static int openpgp_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
sc_pkcs15_object_t *obj, sc_pkcs15_prkey_t *key)
{
return SC_ERROR_NOT_SUPPORTED;
}
/**
* Generates a new (RSA) key pair using an existing key file.
* @param profile IN profile information for this card
* @param card IN sc_card_t object to use
* @param obj IN sc_pkcs15_object_t object with pkcs15 information
* @param pukkey OUT the newly created public key
* @return SC_SUCCESS on success and an error code otherwise
**/
static int openpgp_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
sc_pkcs15_object_t *obj, sc_pkcs15_pubkey_t *pubkey)
{
return SC_ERROR_NOT_SUPPORTED;
}
static int openpgp_emu_update_any_df(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
unsigned operation, sc_pkcs15_object_t *obj)
{
LOG_FUNC_CALLED(p15card->card->ctx);
/* After storing object, pkcs15init will call this function to update DF.
* But OpenPGP has no other DF than OpenPGP-Application, so we do nothing. */
LOG_FUNC_RETURN(p15card->card->ctx, SC_SUCCESS);
}
static int openpgp_emu_update_tokeninfo(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
sc_pkcs15_tokeninfo_t *tokeninfo)
{
LOG_FUNC_CALLED(p15card->card->ctx);
/* When unbinding pkcs15init, this function will be called.
* But for OpenPGP, token info does not need to change, we do nothing. */
LOG_FUNC_RETURN(p15card->card->ctx, SC_SUCCESS);
}
static struct sc_pkcs15init_operations sc_pkcs15init_openpgp_operations = {
openpgp_erase,
NULL, /* init_card */
openpgp_create_dir,
NULL, /* create_domain */
openpgp_select_pin_reference,
openpgp_create_pin,
NULL, /* select key reference */
openpgp_create_key,
openpgp_store_key,
openpgp_generate_key,
NULL, NULL, /* encode private/public key */
NULL, /* finalize_card */
NULL, /* delete_object */
NULL,
openpgp_emu_update_any_df,
openpgp_emu_update_tokeninfo,
NULL, NULL, /* pkcs15init emulation */
NULL /* sanity_check */
};
struct sc_pkcs15init_operations *
sc_pkcs15init_get_openpgp_ops(void)
{
return &sc_pkcs15init_openpgp_operations;
}