Add pkcs15init-binding for OpenPGP
This commit is contained in:
parent
58a4821689
commit
ed0e2be305
|
@ -28,7 +28,8 @@ dist_pkgdata_DATA = \
|
||||||
authentic.profile \
|
authentic.profile \
|
||||||
iasecc.profile \
|
iasecc.profile \
|
||||||
ias_adele_admin1.profile ias_adele_admin2.profile ias_adele_common.profile \
|
ias_adele_admin1.profile ias_adele_admin2.profile ias_adele_common.profile \
|
||||||
iasecc_generic_pki.profile iasecc_admin_eid.profile iasecc_generic_oberthur.profile
|
iasecc_generic_pki.profile iasecc_admin_eid.profile iasecc_generic_oberthur.profile \
|
||||||
|
openpgp.profile
|
||||||
|
|
||||||
AM_CPPFLAGS = -DSC_PKCS15_PROFILE_DIRECTORY=\"$(pkgdatadir)\"
|
AM_CPPFLAGS = -DSC_PKCS15_PROFILE_DIRECTORY=\"$(pkgdatadir)\"
|
||||||
AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS)
|
AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS)
|
||||||
|
@ -44,4 +45,4 @@ libpkcs15init_la_SOURCES = \
|
||||||
pkcs15-entersafe.c pkcs15-epass2003.c \
|
pkcs15-entersafe.c pkcs15-epass2003.c \
|
||||||
pkcs15-rtecp.c pkcs15-myeid.c \
|
pkcs15-rtecp.c pkcs15-myeid.c \
|
||||||
pkcs15-oberthur.c pkcs15-oberthur-awp.c \
|
pkcs15-oberthur.c pkcs15-oberthur-awp.c \
|
||||||
pkcs15-authentic.c pkcs15-iasecc.c
|
pkcs15-authentic.c pkcs15-iasecc.c pkcs15-openpgp.c
|
||||||
|
|
|
@ -0,0 +1,129 @@
|
||||||
|
#
|
||||||
|
# PKCS15 profile, generic information.
|
||||||
|
# This profile is loaded before any card specific profile.
|
||||||
|
#
|
||||||
|
|
||||||
|
cardinfo {
|
||||||
|
min-pin-length = 6;
|
||||||
|
# max length should be overridden in the per-card profile
|
||||||
|
max-pin-length = 12; # To be defined
|
||||||
|
}
|
||||||
|
|
||||||
|
# Default settings.
|
||||||
|
# This option block will always be processed.
|
||||||
|
option default {
|
||||||
|
macros {
|
||||||
|
protected = *=$SOPIN, READ=NONE;
|
||||||
|
unprotected = *=NONE;
|
||||||
|
so-pin-flags = local, initialized, soPin;
|
||||||
|
so-min-pin-length = 8;
|
||||||
|
so-pin-attempts = 3;
|
||||||
|
so-auth-id = FF;
|
||||||
|
odf-size = 256;
|
||||||
|
aodf-size = 256;
|
||||||
|
cdf-size = 512;
|
||||||
|
prkdf-size = 256;
|
||||||
|
pukdf-size = 256;
|
||||||
|
dodf-size = 256;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Define reasonable limits for PINs and PUK
|
||||||
|
# Note that we do not set a file path or reference
|
||||||
|
# for the user pin; that is done dynamically.
|
||||||
|
PIN user-pin {
|
||||||
|
attempts = 3;
|
||||||
|
flags = local, initialized;
|
||||||
|
}
|
||||||
|
|
||||||
|
PIN so-pin {
|
||||||
|
auth-id = $so-auth-id;
|
||||||
|
attempts = $so-pin-attempts;
|
||||||
|
min-length = $so-min-pin-length;
|
||||||
|
flags = $so-pin-flags;
|
||||||
|
}
|
||||||
|
|
||||||
|
filesystem {
|
||||||
|
DF MF {
|
||||||
|
path = 3F00;
|
||||||
|
type = DF;
|
||||||
|
|
||||||
|
# This is the DIR file
|
||||||
|
EF DIR {
|
||||||
|
type = EF;
|
||||||
|
file-id = 2F00;
|
||||||
|
acl = *=NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Here comes the application DF
|
||||||
|
DF PKCS15-AppDF {
|
||||||
|
type = DF;
|
||||||
|
aid = D2:76:00:01:24:01;
|
||||||
|
acl = *=NONE;
|
||||||
|
|
||||||
|
EF PKCS15-TokenInfo {
|
||||||
|
ACL = $unprotected;
|
||||||
|
}
|
||||||
|
|
||||||
|
EF PKCS15-PrKDF {
|
||||||
|
size = $prkdf-size;
|
||||||
|
acl = $protected;
|
||||||
|
}
|
||||||
|
|
||||||
|
EF PKCS15-PuKDF {
|
||||||
|
size = $pukdf-size;
|
||||||
|
acl = $protected;
|
||||||
|
}
|
||||||
|
|
||||||
|
EF PKCS15-CDF {
|
||||||
|
acl = $unprotected;
|
||||||
|
}
|
||||||
|
|
||||||
|
# This template defines files for keys, certificates etc.
|
||||||
|
#
|
||||||
|
# When instantiating the template, each file id will be
|
||||||
|
# combined with the last octet of the object's pkcs15 id
|
||||||
|
# to form a unique file ID.
|
||||||
|
template key-domain {
|
||||||
|
|
||||||
|
# This is a dummy entry - pkcs15-init insists that
|
||||||
|
# this is present
|
||||||
|
EF private-key {
|
||||||
|
file-id = 5F48;
|
||||||
|
ACL = *=NEVER, CRYPTO=$PIN, UPDATE=$PIN;
|
||||||
|
}
|
||||||
|
|
||||||
|
# public keys
|
||||||
|
EF public-key {
|
||||||
|
file-id = 7F49;
|
||||||
|
structure = transparent;
|
||||||
|
ACL = *=NEVER,
|
||||||
|
READ=NONE,
|
||||||
|
UPDATE=$PIN,
|
||||||
|
ERASE=$PIN;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Certificate template
|
||||||
|
EF certificate {
|
||||||
|
file-id = 7F21;
|
||||||
|
structure = transparent;
|
||||||
|
ACL = *=NEVER,
|
||||||
|
READ=NONE,
|
||||||
|
UPDATE=CHV3,
|
||||||
|
WRITE=CHV3,
|
||||||
|
DELETE=CHV3;
|
||||||
|
}
|
||||||
|
|
||||||
|
# private data objects are stored in transparent EFs.
|
||||||
|
EF privdata {
|
||||||
|
file-id = 0101;
|
||||||
|
structure = transparent;
|
||||||
|
ACL = *=NEVER,
|
||||||
|
READ=$PIN,
|
||||||
|
UPDATE=$PIN,
|
||||||
|
ERASE=$PIN;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -414,6 +414,7 @@ extern struct sc_pkcs15init_operations *sc_pkcs15init_get_myeid_ops(void);
|
||||||
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_authentic_ops(void);
|
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_authentic_ops(void);
|
||||||
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_iasecc_ops(void);
|
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_iasecc_ops(void);
|
||||||
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_piv_ops(void);
|
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_piv_ops(void);
|
||||||
|
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_openpgp_ops(void);
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
|
|
|
@ -145,6 +145,7 @@ static struct profile_operations {
|
||||||
{ "jcop", (void *) sc_pkcs15init_get_jcop_ops },
|
{ "jcop", (void *) sc_pkcs15init_get_jcop_ops },
|
||||||
{ "starcos", (void *) sc_pkcs15init_get_starcos_ops },
|
{ "starcos", (void *) sc_pkcs15init_get_starcos_ops },
|
||||||
{ "oberthur", (void *) sc_pkcs15init_get_oberthur_ops },
|
{ "oberthur", (void *) sc_pkcs15init_get_oberthur_ops },
|
||||||
|
{ "openpgp", (void *) sc_pkcs15init_get_openpgp_ops },
|
||||||
{ "setcos", (void *) sc_pkcs15init_get_setcos_ops },
|
{ "setcos", (void *) sc_pkcs15init_get_setcos_ops },
|
||||||
{ "incrypto34", (void *) sc_pkcs15init_get_incrypto34_ops },
|
{ "incrypto34", (void *) sc_pkcs15init_get_incrypto34_ops },
|
||||||
{ "muscle", (void*) sc_pkcs15init_get_muscle_ops },
|
{ "muscle", (void*) sc_pkcs15init_get_muscle_ops },
|
||||||
|
|
|
@ -0,0 +1,172 @@
|
||||||
|
/*
|
||||||
|
* OpenPGP specific operation for PKCS15 initialization
|
||||||
|
*
|
||||||
|
* Copyright (c) 2012 Nguyen Hong Quan <ng.hong.quan@gmail.com>.
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU Lesser General Public
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 2.1 of the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this library; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "config.h"
|
||||||
|
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
#include "libopensc/opensc.h"
|
||||||
|
#include "libopensc/cardctl.h"
|
||||||
|
#include "libopensc/log.h"
|
||||||
|
#include "libopensc/cards.h"
|
||||||
|
#include "libopensc/asn1.h"
|
||||||
|
#include "pkcs15-init.h"
|
||||||
|
#include "profile.h"
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Erase card: erase all EFs/DFs created by OpenSC
|
||||||
|
* @param profile The sc_profile_t object with the configurable profile
|
||||||
|
* information
|
||||||
|
* @param p15card The card from which the opensc application should be
|
||||||
|
* erased.
|
||||||
|
* @return SC_SUCCESS on success and an error code otherwise
|
||||||
|
**/
|
||||||
|
static int openpgp_erase(struct sc_profile *profile, sc_pkcs15_card_t *p15card)
|
||||||
|
{
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create application DF
|
||||||
|
* @param profile sc_profile_t object with the configurable profile
|
||||||
|
* information
|
||||||
|
* @param p15card sc_card_t object to be used
|
||||||
|
* @param df sc_file_t with the application DF to create
|
||||||
|
* @return SC_SUCCESS on success and an error value otherwise
|
||||||
|
**/
|
||||||
|
static int openpgp_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
|
sc_file_t *df)
|
||||||
|
{
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Select PIN reference: do nothing special, the real PIN reference if
|
||||||
|
* determined when the PIN is created. This is just helper function to
|
||||||
|
* determine the next best file id of the PIN file.
|
||||||
|
**/
|
||||||
|
static int openpgp_select_pin_reference(sc_profile_t *profile,
|
||||||
|
sc_pkcs15_card_t *p15card, sc_pkcs15_auth_info_t *auth_info)
|
||||||
|
{
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create PIN and, if specified, PUK files
|
||||||
|
* @param profile profile information for this card
|
||||||
|
* @param card sc_card_t object to use
|
||||||
|
* @param pin_obj sc_pkcs15_object_t for the PIN
|
||||||
|
* @param pin PIN value
|
||||||
|
* @param len_len PIN length
|
||||||
|
* @param puk PUK value (optional)
|
||||||
|
* @param puk_len PUK length (optional)
|
||||||
|
* @return SC_SUCCESS on success and an error code otherwise
|
||||||
|
**/
|
||||||
|
static int openpgp_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
|
sc_file_t *df, sc_pkcs15_object_t *pin_obj,
|
||||||
|
const u8 *pin, size_t pin_len, const u8 *puk, size_t puk_len)
|
||||||
|
{
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates empty key file
|
||||||
|
**/
|
||||||
|
static int openpgp_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
|
sc_pkcs15_object_t *obj)
|
||||||
|
{
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Stores an external (RSA) on the card.
|
||||||
|
* @param profile profile information for this card
|
||||||
|
* @param card sc_card_t object to use
|
||||||
|
* @param obj sc_pkcs15_object_t object with pkcs15 information
|
||||||
|
* @param key the private key
|
||||||
|
* @return SC_SUCCESS on success and an error code otherwise
|
||||||
|
**/
|
||||||
|
static int openpgp_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
|
sc_pkcs15_object_t *obj, sc_pkcs15_prkey_t *key)
|
||||||
|
{
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Generates a new (RSA) key pair using an existing key file.
|
||||||
|
* @param profile IN profile information for this card
|
||||||
|
* @param card IN sc_card_t object to use
|
||||||
|
* @param obj IN sc_pkcs15_object_t object with pkcs15 information
|
||||||
|
* @param pukkey OUT the newly created public key
|
||||||
|
* @return SC_SUCCESS on success and an error code otherwise
|
||||||
|
**/
|
||||||
|
static int openpgp_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
|
sc_pkcs15_object_t *obj, sc_pkcs15_pubkey_t *pubkey)
|
||||||
|
{
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int openpgp_emu_update_any_df(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
|
unsigned operation, sc_pkcs15_object_t *obj)
|
||||||
|
{
|
||||||
|
LOG_FUNC_CALLED(p15card->card->ctx);
|
||||||
|
/* After storing object, pkcs15init will call this function to update DF.
|
||||||
|
* But OpenPGP has no other DF than OpenPGP-Application, so we do nothing. */
|
||||||
|
LOG_FUNC_RETURN(p15card->card->ctx, SC_SUCCESS);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int openpgp_emu_update_tokeninfo(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
|
sc_pkcs15_tokeninfo_t *tokeninfo)
|
||||||
|
{
|
||||||
|
LOG_FUNC_CALLED(p15card->card->ctx);
|
||||||
|
/* When unbinding pkcs15init, this function will be called.
|
||||||
|
* But for OpenPGP, token info does not need to change, we do nothing. */
|
||||||
|
LOG_FUNC_RETURN(p15card->card->ctx, SC_SUCCESS);
|
||||||
|
}
|
||||||
|
|
||||||
|
static struct sc_pkcs15init_operations sc_pkcs15init_openpgp_operations = {
|
||||||
|
openpgp_erase,
|
||||||
|
NULL, /* init_card */
|
||||||
|
openpgp_create_dir,
|
||||||
|
NULL, /* create_domain */
|
||||||
|
openpgp_select_pin_reference,
|
||||||
|
openpgp_create_pin,
|
||||||
|
NULL, /* select key reference */
|
||||||
|
openpgp_create_key,
|
||||||
|
openpgp_store_key,
|
||||||
|
openpgp_generate_key,
|
||||||
|
NULL, NULL, /* encode private/public key */
|
||||||
|
NULL, /* finalize_card */
|
||||||
|
NULL, /* delete_object */
|
||||||
|
NULL,
|
||||||
|
openpgp_emu_update_any_df,
|
||||||
|
openpgp_emu_update_tokeninfo,
|
||||||
|
NULL, NULL, /* pkcs15init emulation */
|
||||||
|
NULL /* sanity_check */
|
||||||
|
};
|
||||||
|
|
||||||
|
struct sc_pkcs15init_operations *
|
||||||
|
sc_pkcs15init_get_openpgp_ops(void)
|
||||||
|
{
|
||||||
|
return &sc_pkcs15init_openpgp_operations;
|
||||||
|
}
|
Loading…
Reference in New Issue