- Error logging changes: replace ctx->log_errors with ctx->suppress_errors
- remove error/debug callbacks; always use sc_error/sc_debug git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1519 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
okir
parent
734bceb682
commit
f552395705
|
|
@ -26,6 +26,7 @@
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <opensc/opensc.h>
|
#include <opensc/opensc.h>
|
||||||
#include <opensc/cardctl.h>
|
#include <opensc/cardctl.h>
|
||||||
|
#include <opensc/log.h>
|
||||||
#include "pkcs15-init.h"
|
#include "pkcs15-init.h"
|
||||||
#include "keycache.h"
|
#include "keycache.h"
|
||||||
#include "profile.h"
|
#include "profile.h"
|
||||||
|
|
@ -43,8 +44,8 @@ static int cflex_create_pin_file(sc_profile_t *, sc_card_t *,
|
||||||
sc_file_t **, int);
|
sc_file_t **, int);
|
||||||
static int cflex_create_empty_pin_file(sc_profile_t *, sc_card_t *,
|
static int cflex_create_empty_pin_file(sc_profile_t *, sc_card_t *,
|
||||||
sc_path_t *, int, sc_file_t **);
|
sc_path_t *, int, sc_file_t **);
|
||||||
static int cflex_get_keyfiles(sc_profile_t *, const sc_path_t *,
|
static int cflex_get_keyfiles(sc_profile_t *, sc_card_t *,
|
||||||
sc_file_t **, sc_file_t **);
|
const sc_path_t *, sc_file_t **, sc_file_t **);
|
||||||
static int cflex_encode_private_key(struct sc_pkcs15_prkey_rsa *,
|
static int cflex_encode_private_key(struct sc_pkcs15_prkey_rsa *,
|
||||||
u8 *, size_t *, int);
|
u8 *, size_t *, int);
|
||||||
static int cflex_encode_public_key(struct sc_pkcs15_prkey_rsa *,
|
static int cflex_encode_public_key(struct sc_pkcs15_prkey_rsa *,
|
||||||
|
|
@ -75,9 +76,9 @@ cflex_delete_file(sc_profile_t *profile, sc_card_t *card, sc_file_t *df)
|
||||||
path.value[1] = df->id & 0xFF;
|
path.value[1] = df->id & 0xFF;
|
||||||
path.len = 2;
|
path.len = 2;
|
||||||
|
|
||||||
card->ctx->log_errors = 0;
|
card->ctx->suppress_errors++;
|
||||||
r = sc_delete_file(card, &path);
|
r = sc_delete_file(card, &path);
|
||||||
card->ctx->log_errors = 1;
|
card->ctx->suppress_errors--;
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -222,12 +223,13 @@ cflex_create_key(sc_profile_t *profile, sc_card_t *card, sc_pkcs15_object_t *obj
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
||||||
profile->cbs->error("Cryptoflex supports only RSA keys.");
|
sc_error(card->ctx, "Cryptoflex supports only RSA keys.");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Get the public and private key file */
|
/* Get the public and private key file */
|
||||||
if ((r = cflex_get_keyfiles(profile, &key_info->path, &prkf, &pukf)) < 0)
|
r = cflex_get_keyfiles(profile, card, &key_info->path, &prkf, &pukf);
|
||||||
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
/* Adjust the file sizes, if necessary */
|
/* Adjust the file sizes, if necessary */
|
||||||
|
|
@ -237,7 +239,7 @@ cflex_create_key(sc_profile_t *profile, sc_card_t *card, sc_pkcs15_object_t *obj
|
||||||
case 1024: size = 326; break;
|
case 1024: size = 326; break;
|
||||||
case 2048: size = 646; break;
|
case 2048: size = 646; break;
|
||||||
default:
|
default:
|
||||||
profile->cbs->error("Unsupported key size %u\n",
|
sc_error(card->ctx, "Unsupported key size %u\n",
|
||||||
key_info->modulus_length);
|
key_info->modulus_length);
|
||||||
r = SC_ERROR_INVALID_ARGUMENTS;
|
r = SC_ERROR_INVALID_ARGUMENTS;
|
||||||
goto out;
|
goto out;
|
||||||
|
|
@ -278,12 +280,13 @@ cflex_generate_key(sc_profile_t *profile, sc_card_t *card,
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
||||||
profile->cbs->error("Cryptoflex supports only RSA keys.");
|
sc_error(card->ctx, "Cryptoflex supports only RSA keys.");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Get the public and private key file */
|
/* Get the public and private key file */
|
||||||
if ((r = cflex_get_keyfiles(profile, &key_info->path, &prkf, &pukf)) < 0)
|
r = cflex_get_keyfiles(profile, card, &key_info->path, &prkf, &pukf);
|
||||||
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
/* Make sure we authenticate first */
|
/* Make sure we authenticate first */
|
||||||
|
|
@ -336,12 +339,13 @@ cflex_store_key(sc_profile_t *profile, sc_card_t *card,
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
||||||
profile->cbs->error("Cryptoflex supports only RSA keys.");
|
sc_error(card->ctx, "Cryptoflex supports only RSA keys.");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Get the public and private key file */
|
/* Get the public and private key file */
|
||||||
if ((r = cflex_get_keyfiles(profile, &key_info->path, &prkf, &pukf)) < 0)
|
r = cflex_get_keyfiles(profile, card, &key_info->path, &prkf, &pukf);
|
||||||
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
size = sizeof(keybuf);
|
size = sizeof(keybuf);
|
||||||
|
|
@ -396,9 +400,9 @@ cflex_create_dummy_chvs(sc_profile_t *profile, sc_card_t *card,
|
||||||
&& !memcmp(ef.value, parent.value, ef.len))
|
&& !memcmp(ef.value, parent.value, ef.len))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
card->ctx->log_errors = 0;
|
card->ctx->suppress_errors++;
|
||||||
r = sc_select_file(card, &ef, NULL);
|
r = sc_select_file(card, &ef, NULL);
|
||||||
card->ctx->log_errors = 1;
|
card->ctx->suppress_errors--;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If a valid EF(CHVx) was found, we're fine */
|
/* If a valid EF(CHVx) was found, we're fine */
|
||||||
|
|
@ -470,9 +474,9 @@ cflex_create_pin_file(sc_profile_t *profile, sc_card_t *card,
|
||||||
path.value[path.len++] = 0;
|
path.value[path.len++] = 0;
|
||||||
|
|
||||||
/* See if the CHV already exists */
|
/* See if the CHV already exists */
|
||||||
card->ctx->log_errors = 0;
|
card->ctx->suppress_errors++;
|
||||||
r = sc_select_file(card, &path, NULL);
|
r = sc_select_file(card, &path, NULL);
|
||||||
card->ctx->log_errors = 1;
|
card->ctx->suppress_errors--;
|
||||||
if (r >= 0)
|
if (r >= 0)
|
||||||
return SC_ERROR_FILE_ALREADY_EXISTS;
|
return SC_ERROR_FILE_ALREADY_EXISTS;
|
||||||
|
|
||||||
|
|
@ -480,7 +484,7 @@ cflex_create_pin_file(sc_profile_t *profile, sc_card_t *card,
|
||||||
if (sc_profile_get_file_by_path(profile, &path, &file) < 0
|
if (sc_profile_get_file_by_path(profile, &path, &file) < 0
|
||||||
&& sc_profile_get_file(profile, (ref == 1)? "CHV1" : "CHV2", &file) < 0
|
&& sc_profile_get_file(profile, (ref == 1)? "CHV1" : "CHV2", &file) < 0
|
||||||
&& sc_profile_get_file(profile, "CHV", &file) < 0) {
|
&& sc_profile_get_file(profile, "CHV", &file) < 0) {
|
||||||
profile->cbs->error("profile does not define pin file ACLs\n");
|
sc_error(card->ctx, "profile does not define pin file ACLs\n");
|
||||||
return SC_ERROR_FILE_NOT_FOUND;
|
return SC_ERROR_FILE_NOT_FOUND;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -544,7 +548,8 @@ cflex_create_empty_pin_file(sc_profile_t *profile, sc_card_t *card,
|
||||||
* Get private and public key file
|
* Get private and public key file
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
cflex_get_keyfiles(sc_profile_t *profile, const sc_path_t *df_path,
|
cflex_get_keyfiles(sc_profile_t *profile, sc_card_t *card,
|
||||||
|
const sc_path_t *df_path,
|
||||||
sc_file_t **prkf, sc_file_t **pukf)
|
sc_file_t **prkf, sc_file_t **pukf)
|
||||||
{
|
{
|
||||||
sc_path_t path = *df_path;
|
sc_path_t path = *df_path;
|
||||||
|
|
@ -553,7 +558,7 @@ cflex_get_keyfiles(sc_profile_t *profile, const sc_path_t *df_path,
|
||||||
/* Get the private key file */
|
/* Get the private key file */
|
||||||
r = sc_profile_get_file_by_path(profile, &path, prkf);
|
r = sc_profile_get_file_by_path(profile, &path, prkf);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
profile->cbs->error("Cannot find private key file info "
|
sc_error(card->ctx, "Cannot find private key file info "
|
||||||
"in profile (path=%s).",
|
"in profile (path=%s).",
|
||||||
sc_print_path(&path));
|
sc_print_path(&path));
|
||||||
return r;
|
return r;
|
||||||
|
|
@ -564,7 +569,7 @@ cflex_get_keyfiles(sc_profile_t *profile, const sc_path_t *df_path,
|
||||||
sc_append_file_id(&path, 0x1012);
|
sc_append_file_id(&path, 0x1012);
|
||||||
r = sc_profile_get_file_by_path(profile, &path, pukf);
|
r = sc_profile_get_file_by_path(profile, &path, pukf);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
profile->cbs->error("Cannot find public key file info in profile.");
|
sc_error(card->ctx, "Cannot find public key file info in profile.");
|
||||||
sc_file_free(*prkf);
|
sc_file_free(*prkf);
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -28,6 +28,7 @@
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
#include <opensc/opensc.h>
|
#include <opensc/opensc.h>
|
||||||
#include <opensc/cardctl.h>
|
#include <opensc/cardctl.h>
|
||||||
|
#include <opensc/log.h>
|
||||||
#include <opensc/scrandom.h>
|
#include <opensc/scrandom.h>
|
||||||
#include "pkcs15-init.h"
|
#include "pkcs15-init.h"
|
||||||
#include "profile.h"
|
#include "profile.h"
|
||||||
|
|
@ -64,7 +65,6 @@ static int etoken_put_key(struct sc_profile *, struct sc_card *,
|
||||||
static int etoken_key_algorithm(unsigned int, int *);
|
static int etoken_key_algorithm(unsigned int, int *);
|
||||||
static int etoken_extract_pubkey(sc_card_t *, int,
|
static int etoken_extract_pubkey(sc_card_t *, int,
|
||||||
u8, sc_pkcs15_bignum_t *);
|
u8, sc_pkcs15_bignum_t *);
|
||||||
static void error(struct sc_profile *, const char *, ...);
|
|
||||||
|
|
||||||
/* Object IDs for PIN objects.
|
/* Object IDs for PIN objects.
|
||||||
* SO PIN = 0x01, SO PUK = 0x02
|
* SO PIN = 0x01, SO PUK = 0x02
|
||||||
|
|
@ -261,12 +261,12 @@ etoken_store_key(sc_profile_t *profile, sc_card_t *card,
|
||||||
int algorithm, r;
|
int algorithm, r;
|
||||||
|
|
||||||
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
||||||
error(profile, "CardOS supports RSA keys only.\n");
|
sc_error(card->ctx, "CardOS supports RSA keys only.");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (etoken_key_algorithm(key_info->usage, &algorithm) < 0) {
|
if (etoken_key_algorithm(key_info->usage, &algorithm) < 0) {
|
||||||
error(profile, "CardOS does not support keys "
|
sc_error(card->ctx, "CardOS does not support keys "
|
||||||
"that can both sign _and_ decrypt.");
|
"that can both sign _and_ decrypt.");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
@ -296,26 +296,26 @@ etoken_generate_key(sc_profile_t *profile, sc_card_t *card,
|
||||||
int algorithm, r, delete_it = 0;
|
int algorithm, r, delete_it = 0;
|
||||||
|
|
||||||
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
||||||
error(profile, "CardOS supports only RSA keys.");
|
sc_error(card->ctx, "CardOS supports only RSA keys.");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (etoken_key_algorithm(key_info->usage, &algorithm) < 0) {
|
if (etoken_key_algorithm(key_info->usage, &algorithm) < 0) {
|
||||||
error(profile, "CardOS does not support keys "
|
sc_error(card->ctx, "CardOS does not support keys "
|
||||||
"that can both sign _and_ decrypt.");
|
"that can both sign _and_ decrypt.");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
keybits = key_info->modulus_length & ~7UL;
|
keybits = key_info->modulus_length & ~7UL;
|
||||||
if (keybits > RSAKEY_MAX_BITS) {
|
if (keybits > RSAKEY_MAX_BITS) {
|
||||||
error(profile, "Unable to generate key, max size is %d\n",
|
sc_error(card->ctx, "Unable to generate key, max size is %d",
|
||||||
RSAKEY_MAX_BITS);
|
RSAKEY_MAX_BITS);
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (sc_profile_get_file(profile, "tempfile", &temp) < 0) {
|
if (sc_profile_get_file(profile, "tempfile", &temp) < 0) {
|
||||||
error(profile, "Profile doesn't define temporary file "
|
sc_error(card->ctx, "Profile doesn't define temporary file "
|
||||||
"for key generation.\n");
|
"for key generation.");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
memset(pubkey, 0, sizeof(*pubkey));
|
memset(pubkey, 0, sizeof(*pubkey));
|
||||||
|
|
@ -627,19 +627,6 @@ etoken_extract_pubkey(struct sc_card *card, int nr, u8 tag,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
|
||||||
error(struct sc_profile *profile, const char *fmt, ...)
|
|
||||||
{
|
|
||||||
char buffer[256];
|
|
||||||
va_list ap;
|
|
||||||
|
|
||||||
va_start(ap, fmt);
|
|
||||||
vsnprintf(buffer, sizeof(buffer), fmt, ap);
|
|
||||||
va_end(ap);
|
|
||||||
if (profile->cbs)
|
|
||||||
profile->cbs->error("%s", buffer);
|
|
||||||
}
|
|
||||||
|
|
||||||
static struct sc_pkcs15init_operations sc_pkcs15init_etoken_operations;
|
static struct sc_pkcs15init_operations sc_pkcs15init_etoken_operations;
|
||||||
|
|
||||||
struct sc_pkcs15init_operations *
|
struct sc_pkcs15init_operations *
|
||||||
|
|
|
||||||
|
|
@ -28,6 +28,7 @@
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
#include <opensc/opensc.h>
|
#include <opensc/opensc.h>
|
||||||
#include <opensc/cardctl.h>
|
#include <opensc/cardctl.h>
|
||||||
|
#include <opensc/log.h>
|
||||||
#include "pkcs15-init.h"
|
#include "pkcs15-init.h"
|
||||||
#include "profile.h"
|
#include "profile.h"
|
||||||
|
|
||||||
|
|
@ -62,17 +63,15 @@ struct pkdata {
|
||||||
* Local functions
|
* Local functions
|
||||||
*/
|
*/
|
||||||
static int gpk_pkfile_create(sc_profile_t *, sc_card_t *, sc_file_t *);
|
static int gpk_pkfile_create(sc_profile_t *, sc_card_t *, sc_file_t *);
|
||||||
static int gpk_encode_rsa_key(struct sc_profile *,
|
static int gpk_encode_rsa_key(sc_profile_t *, sc_card_t *,
|
||||||
struct sc_pkcs15_prkey_rsa *, struct pkdata *,
|
struct sc_pkcs15_prkey_rsa *, struct pkdata *,
|
||||||
struct sc_pkcs15_prkey_info *);
|
struct sc_pkcs15_prkey_info *);
|
||||||
static int gpk_encode_dsa_key(struct sc_profile *,
|
static int gpk_encode_dsa_key(sc_profile_t *, sc_card_t *,
|
||||||
struct sc_pkcs15_prkey_dsa *, struct pkdata *,
|
struct sc_pkcs15_prkey_dsa *, struct pkdata *,
|
||||||
struct sc_pkcs15_prkey_info *);
|
struct sc_pkcs15_prkey_info *);
|
||||||
static int gpk_store_pk(struct sc_profile *, struct sc_card *,
|
static int gpk_store_pk(struct sc_profile *, struct sc_card *,
|
||||||
struct sc_file *, struct pkdata *);
|
struct sc_file *, struct pkdata *);
|
||||||
static int gpk_init_pinfile(sc_profile_t *, sc_card_t *, sc_file_t *);
|
static int gpk_init_pinfile(sc_profile_t *, sc_card_t *, sc_file_t *);
|
||||||
static void error(struct sc_profile *, const char *, ...);
|
|
||||||
static void debug(struct sc_profile *, const char *, ...);
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -85,7 +84,7 @@ gpk_erase_card(struct sc_profile *pro, struct sc_card *card)
|
||||||
|
|
||||||
if (sc_card_ctl(card, SC_CARDCTL_GPK_IS_LOCKED, &locked) == 0
|
if (sc_card_ctl(card, SC_CARDCTL_GPK_IS_LOCKED, &locked) == 0
|
||||||
&& locked) {
|
&& locked) {
|
||||||
error(pro,
|
sc_error(card->ctx,
|
||||||
"This card is already personalized, unable to "
|
"This card is already personalized, unable to "
|
||||||
"create PKCS#15 structure.");
|
"create PKCS#15 structure.");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
|
@ -105,7 +104,7 @@ gpk_create_dir(sc_profile_t *profile, sc_card_t *card, sc_file_t *df)
|
||||||
|
|
||||||
if (sc_card_ctl(card, SC_CARDCTL_GPK_IS_LOCKED, &locked) == 0
|
if (sc_card_ctl(card, SC_CARDCTL_GPK_IS_LOCKED, &locked) == 0
|
||||||
&& locked) {
|
&& locked) {
|
||||||
error(profile,
|
sc_error(card->ctx,
|
||||||
"This card is already personalized, unable to "
|
"This card is already personalized, unable to "
|
||||||
"create PKCS#15 structure.");
|
"create PKCS#15 structure.");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
|
@ -306,7 +305,8 @@ gpk_init_pinfile(struct sc_profile *profile, struct sc_card *card,
|
||||||
/* Create the PIN file. */
|
/* Create the PIN file. */
|
||||||
acl = sc_file_get_acl_entry(pinfile, SC_AC_OP_WRITE);
|
acl = sc_file_get_acl_entry(pinfile, SC_AC_OP_WRITE);
|
||||||
if (acl->method != SC_AC_NEVER) {
|
if (acl->method != SC_AC_NEVER) {
|
||||||
error(profile, "PIN file most be protected by WRITE=NEVER");
|
sc_error(card->ctx,
|
||||||
|
"PIN file most be protected by WRITE=NEVER");
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
sc_file_add_acl_entry(pinfile, SC_AC_OP_WRITE, SC_AC_NONE, 0);
|
sc_file_add_acl_entry(pinfile, SC_AC_OP_WRITE, SC_AC_NONE, 0);
|
||||||
|
|
@ -428,12 +428,12 @@ gpk_store_key(sc_profile_t *profile, sc_card_t *card,
|
||||||
|
|
||||||
switch (key->algorithm) {
|
switch (key->algorithm) {
|
||||||
case SC_ALGORITHM_RSA:
|
case SC_ALGORITHM_RSA:
|
||||||
r = gpk_encode_rsa_key(profile, &key->u.rsa,
|
r = gpk_encode_rsa_key(profile, card, &key->u.rsa,
|
||||||
&data, key_info);
|
&data, key_info);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SC_ALGORITHM_DSA:
|
case SC_ALGORITHM_DSA:
|
||||||
r = gpk_encode_dsa_key(profile, &key->u.dsa,
|
r = gpk_encode_dsa_key(profile, card, &key->u.dsa,
|
||||||
&data, key_info);
|
&data, key_info);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
|
@ -462,9 +462,9 @@ gpk_pkfile_create(sc_profile_t *profile, sc_card_t *card, sc_file_t *file)
|
||||||
struct sc_file *found = NULL;
|
struct sc_file *found = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
card->ctx->log_errors = 0;
|
card->ctx->suppress_errors++;
|
||||||
r = sc_select_file(card, &file->path, &found);
|
r = sc_select_file(card, &file->path, &found);
|
||||||
card->ctx->log_errors = 1;
|
card->ctx->suppress_errors--;
|
||||||
if (r == SC_ERROR_FILE_NOT_FOUND) {
|
if (r == SC_ERROR_FILE_NOT_FOUND) {
|
||||||
r = sc_pkcs15init_create_file(profile, card, file);
|
r = sc_pkcs15init_create_file(profile, card, file);
|
||||||
if (r >= 0)
|
if (r >= 0)
|
||||||
|
|
@ -554,13 +554,15 @@ gpk_pkfile_init_public(sc_profile_t *profile, sc_card_t *card, sc_file_t *file,
|
||||||
|| acl->method == SC_AC_NEVER)
|
|| acl->method == SC_AC_NEVER)
|
||||||
continue;
|
continue;
|
||||||
if (acl->method != SC_AC_CHV) {
|
if (acl->method != SC_AC_CHV) {
|
||||||
error(profile, "Authentication method not "
|
sc_error(card->ctx,
|
||||||
|
"Authentication method not "
|
||||||
"supported for private key files.\n");
|
"supported for private key files.\n");
|
||||||
r = SC_ERROR_NOT_SUPPORTED;
|
r = SC_ERROR_NOT_SUPPORTED;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
if (++npins >= 2) {
|
if (++npins >= 2) {
|
||||||
error(profile, "Too many pins for PrKEY file!\n");
|
sc_error(card->ctx,
|
||||||
|
"Too many pins for PrKEY file!\n");
|
||||||
r = SC_ERROR_NOT_SUPPORTED;
|
r = SC_ERROR_NOT_SUPPORTED;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
@ -581,13 +583,14 @@ gpk_pkfile_init_public(sc_profile_t *profile, sc_card_t *card, sc_file_t *file,
|
||||||
for (n = 0; n < 6; n++)
|
for (n = 0; n < 6; n++)
|
||||||
sysrec[6] ^= sysrec[n];
|
sysrec[6] ^= sysrec[n];
|
||||||
|
|
||||||
card->ctx->log_errors = 0;
|
card->ctx->suppress_errors++;
|
||||||
r = sc_read_record(card, 1, buffer, sizeof(buffer),
|
r = sc_read_record(card, 1, buffer, sizeof(buffer),
|
||||||
SC_RECORD_BY_REC_NR);
|
SC_RECORD_BY_REC_NR);
|
||||||
card->ctx->log_errors = 1;
|
card->ctx->suppress_errors--;
|
||||||
if (r >= 0) {
|
if (r >= 0) {
|
||||||
if (r != 7 || buffer[0] != 0) {
|
if (r != 7 || buffer[0] != 0) {
|
||||||
error(profile, "first record of public key file is not Lsys0");
|
sc_error(card->ctx,
|
||||||
|
"first record of public key file is not Lsys0");
|
||||||
return SC_ERROR_OBJECT_NOT_VALID;
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -612,14 +615,14 @@ gpk_pkfile_update_public(struct sc_profile *profile,
|
||||||
int r = 0, found;
|
int r = 0, found;
|
||||||
|
|
||||||
if (card->ctx->debug > 1)
|
if (card->ctx->debug > 1)
|
||||||
debug(profile, "Updating public key elements\n");
|
sc_debug(card->ctx, "Updating public key elements\n");
|
||||||
|
|
||||||
/* If we've been given a key with public parts, write them now */
|
/* If we've been given a key with public parts, write them now */
|
||||||
for (n = 2; n < 256; n++) {
|
for (n = 2; n < 256; n++) {
|
||||||
card->ctx->log_errors = 0;
|
card->ctx->suppress_errors++;
|
||||||
r = sc_read_record(card, n, buffer, sizeof(buffer),
|
r = sc_read_record(card, n, buffer, sizeof(buffer),
|
||||||
SC_RECORD_BY_REC_NR);
|
SC_RECORD_BY_REC_NR);
|
||||||
card->ctx->log_errors = 1;
|
card->ctx->suppress_errors--;
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
r = 0;
|
r = 0;
|
||||||
break;
|
break;
|
||||||
|
|
@ -627,7 +630,8 @@ gpk_pkfile_update_public(struct sc_profile *profile,
|
||||||
|
|
||||||
/* Check for bad record */
|
/* Check for bad record */
|
||||||
if (r < 2) {
|
if (r < 2) {
|
||||||
error(profile, "key file format error: "
|
sc_error(card->ctx,
|
||||||
|
"key file format error: "
|
||||||
"record %u too small (%u bytes)\n",
|
"record %u too small (%u bytes)\n",
|
||||||
n, r);
|
n, r);
|
||||||
return SC_ERROR_OBJECT_NOT_VALID;
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
@ -650,7 +654,7 @@ gpk_pkfile_update_public(struct sc_profile *profile,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!found && card->ctx->debug)
|
if (!found && card->ctx->debug)
|
||||||
debug(profile, "GPK unknown PK tag %u\n", tag);
|
sc_debug(card->ctx, "GPK unknown PK tag %u\n", tag);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Write all remaining elements */
|
/* Write all remaining elements */
|
||||||
|
|
@ -698,7 +702,7 @@ gpk_pkfile_update_private(struct sc_profile *profile,
|
||||||
int r = 0;
|
int r = 0;
|
||||||
|
|
||||||
if (card->ctx->debug > 1)
|
if (card->ctx->debug > 1)
|
||||||
debug(profile, "Updating private key elements\n");
|
sc_debug(card->ctx, "Updating private key elements\n");
|
||||||
|
|
||||||
for (m = 0; m < part->count; m++) {
|
for (m = 0; m < part->count; m++) {
|
||||||
pe = part->components + m;
|
pe = part->components + m;
|
||||||
|
|
@ -805,12 +809,13 @@ gpk_add_bignum(struct pkpart *part, unsigned int tag,
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
gpk_encode_rsa_key(struct sc_profile *profile,
|
gpk_encode_rsa_key(sc_profile_t *profile, sc_card_t *card,
|
||||||
struct sc_pkcs15_prkey_rsa *rsa, struct pkdata *p,
|
struct sc_pkcs15_prkey_rsa *rsa, struct pkdata *p,
|
||||||
struct sc_pkcs15_prkey_info *info)
|
sc_pkcs15_prkey_info_t *info)
|
||||||
{
|
{
|
||||||
if (!rsa->modulus.len || !rsa->exponent.len) {
|
if (!rsa->modulus.len || !rsa->exponent.len) {
|
||||||
error(profile, "incomplete RSA public key");
|
sc_error(card->ctx,
|
||||||
|
"incomplete RSA public key");
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -818,7 +823,8 @@ gpk_encode_rsa_key(struct sc_profile *profile,
|
||||||
* the only exponent supported by GPK4000 and GPK8000 */
|
* the only exponent supported by GPK4000 and GPK8000 */
|
||||||
if (rsa->exponent.len != 3
|
if (rsa->exponent.len != 3
|
||||||
|| memcmp(rsa->exponent.data, "\001\000\001", 3)) {
|
|| memcmp(rsa->exponent.data, "\001\000\001", 3)) {
|
||||||
error(profile, "unsupported RSA exponent");
|
sc_error(card->ctx,
|
||||||
|
"unsupported RSA exponent");
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -836,7 +842,8 @@ gpk_encode_rsa_key(struct sc_profile *profile,
|
||||||
if (!rsa->p.len || !rsa->q.len || !rsa->dmp1.len || !rsa->dmq1.len || !rsa->iqmp.len) {
|
if (!rsa->p.len || !rsa->q.len || !rsa->dmp1.len || !rsa->dmq1.len || !rsa->iqmp.len) {
|
||||||
/* No or incomplete CRT information */
|
/* No or incomplete CRT information */
|
||||||
if (!rsa->d.len) {
|
if (!rsa->d.len) {
|
||||||
error(profile, "incomplete RSA private key");
|
sc_error(card->ctx,
|
||||||
|
"incomplete RSA private key");
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
gpk_add_bignum(&p->_private, 0x04, &rsa->d, 0);
|
gpk_add_bignum(&p->_private, 0x04, &rsa->d, 0);
|
||||||
|
|
@ -880,13 +887,14 @@ gpk_encode_rsa_key(struct sc_profile *profile,
|
||||||
* in the tables are 512 bits only...
|
* in the tables are 512 bits only...
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
gpk_encode_dsa_key(struct sc_profile *profile,
|
gpk_encode_dsa_key(sc_profile_t *profile, sc_card_t *card,
|
||||||
struct sc_pkcs15_prkey_dsa *dsa, struct pkdata *p,
|
struct sc_pkcs15_prkey_dsa *dsa, struct pkdata *p,
|
||||||
struct sc_pkcs15_prkey_info *info)
|
sc_pkcs15_prkey_info_t *info)
|
||||||
{
|
{
|
||||||
if (!dsa->p.len || !dsa->q.len || !dsa->g.len
|
if (!dsa->p.len || !dsa->q.len || !dsa->g.len
|
||||||
|| !dsa->pub.len || !dsa->priv.len) {
|
|| !dsa->pub.len || !dsa->priv.len) {
|
||||||
error(profile, "incomplete DSA public key");
|
sc_error(card->ctx,
|
||||||
|
"incomplete DSA public key");
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -904,7 +912,8 @@ gpk_encode_dsa_key(struct sc_profile *profile,
|
||||||
p->bits = 1024;
|
p->bits = 1024;
|
||||||
p->bytes = 128;
|
p->bytes = 128;
|
||||||
} else {
|
} else {
|
||||||
error(profile, "incompatible DSA key size (%u bits)", p->bits);
|
sc_error(card->ctx,
|
||||||
|
"incompatible DSA key size (%u bits)", p->bits);
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -932,7 +941,7 @@ gpk_store_pk(struct sc_profile *profile, struct sc_card *card,
|
||||||
gpk_compute_privlen(&p->_private);
|
gpk_compute_privlen(&p->_private);
|
||||||
|
|
||||||
if (card->ctx->debug)
|
if (card->ctx->debug)
|
||||||
debug(profile,
|
sc_debug(card->ctx,
|
||||||
"Storing pk: %u bits, pub %u bytes, priv %u bytes\n",
|
"Storing pk: %u bits, pub %u bytes, priv %u bytes\n",
|
||||||
p->bits, p->_public.size, p->_private.size);
|
p->bits, p->_public.size, p->_private.size);
|
||||||
|
|
||||||
|
|
@ -962,33 +971,6 @@ gpk_store_pk(struct sc_profile *profile, struct sc_card *card,
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
|
||||||
error(struct sc_profile *profile, const char *fmt, ...)
|
|
||||||
{
|
|
||||||
char buffer[256];
|
|
||||||
va_list ap;
|
|
||||||
|
|
||||||
va_start(ap, fmt);
|
|
||||||
vsnprintf(buffer, sizeof(buffer), fmt, ap);
|
|
||||||
va_end(ap);
|
|
||||||
if (profile->cbs && profile->cbs->error)
|
|
||||||
profile->cbs->error("%s", buffer);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
|
||||||
debug(struct sc_profile *profile, const char *fmt, ...)
|
|
||||||
{
|
|
||||||
char buffer[256];
|
|
||||||
va_list ap;
|
|
||||||
|
|
||||||
va_start(ap, fmt);
|
|
||||||
vsnprintf(buffer, sizeof(buffer), fmt, ap);
|
|
||||||
va_end(ap);
|
|
||||||
if (profile->cbs && profile->cbs->debug)
|
|
||||||
profile->cbs->debug(2, "%s", buffer);
|
|
||||||
printf("%s", buffer); /* XXX */
|
|
||||||
}
|
|
||||||
|
|
||||||
static struct sc_pkcs15init_operations sc_pkcs15init_gpk_operations;
|
static struct sc_pkcs15init_operations sc_pkcs15init_gpk_operations;
|
||||||
|
|
||||||
struct sc_pkcs15init_operations *sc_pkcs15init_get_gpk_ops(void)
|
struct sc_pkcs15init_operations *sc_pkcs15init_get_gpk_ops(void)
|
||||||
|
|
|
||||||
|
|
@ -139,10 +139,6 @@ struct sc_pkcs15init_operations {
|
||||||
#define SC_PKCS15INIT_NPINS 4
|
#define SC_PKCS15INIT_NPINS 4
|
||||||
|
|
||||||
struct sc_pkcs15init_callbacks {
|
struct sc_pkcs15init_callbacks {
|
||||||
/* Error and debug output */
|
|
||||||
void (*error)(const char *, ...);
|
|
||||||
void (*debug)(int level, const char *, ...);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Get a PIN from the front-end. The first argument is
|
* Get a PIN from the front-end. The first argument is
|
||||||
* one of the SC_PKCS15INIT_XXX_PIN/PUK macros.
|
* one of the SC_PKCS15INIT_XXX_PIN/PUK macros.
|
||||||
|
|
|
||||||
|
|
@ -55,6 +55,7 @@
|
||||||
#include "profile.h"
|
#include "profile.h"
|
||||||
#include "pkcs15-init.h"
|
#include "pkcs15-init.h"
|
||||||
#include <opensc/cardctl.h>
|
#include <opensc/cardctl.h>
|
||||||
|
#include <opensc/log.h>
|
||||||
|
|
||||||
/* Default ID for new key/pin */
|
/* Default ID for new key/pin */
|
||||||
#define DEFAULT_ID 0x45
|
#define DEFAULT_ID 0x45
|
||||||
|
|
@ -99,9 +100,9 @@ static int aodf_add_pin(struct sc_pkcs15_card *, struct sc_profile *,
|
||||||
static int check_key_compatibility(struct sc_pkcs15_card *,
|
static int check_key_compatibility(struct sc_pkcs15_card *,
|
||||||
struct sc_pkcs15_prkey *, unsigned int,
|
struct sc_pkcs15_prkey *, unsigned int,
|
||||||
unsigned int, unsigned int);
|
unsigned int, unsigned int);
|
||||||
static int prkey_fixup(sc_pkcs15_prkey_t *);
|
static int prkey_fixup(sc_pkcs15_card_t *, sc_pkcs15_prkey_t *);
|
||||||
static int prkey_bits(sc_pkcs15_prkey_t *);
|
static int prkey_bits(sc_pkcs15_card_t *, sc_pkcs15_prkey_t *);
|
||||||
static int prkey_pkcs15_algo(sc_pkcs15_prkey_t *);
|
static int prkey_pkcs15_algo(sc_pkcs15_card_t *, sc_pkcs15_prkey_t *);
|
||||||
static int select_id(sc_pkcs15_card_t *, int, sc_pkcs15_id_t *,
|
static int select_id(sc_pkcs15_card_t *, int, sc_pkcs15_id_t *,
|
||||||
int (*)(const sc_pkcs15_object_t *, void *), void *,
|
int (*)(const sc_pkcs15_object_t *, void *), void *,
|
||||||
sc_pkcs15_object_t **);
|
sc_pkcs15_object_t **);
|
||||||
|
|
@ -125,23 +126,16 @@ static struct profile_operations {
|
||||||
};
|
};
|
||||||
|
|
||||||
static struct sc_pkcs15init_callbacks callbacks = {
|
static struct sc_pkcs15init_callbacks callbacks = {
|
||||||
default_error_handler,
|
|
||||||
default_debug_handler,
|
|
||||||
NULL,
|
NULL,
|
||||||
NULL,
|
NULL,
|
||||||
};
|
};
|
||||||
|
|
||||||
#define p15init_error callbacks.error
|
|
||||||
#define p15init_debug callbacks.debug
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Set the application callbacks
|
* Set the application callbacks
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
sc_pkcs15init_set_callbacks(struct sc_pkcs15init_callbacks *cb)
|
sc_pkcs15init_set_callbacks(struct sc_pkcs15init_callbacks *cb)
|
||||||
{
|
{
|
||||||
callbacks.error = cb && cb->error? cb->error : default_error_handler;
|
|
||||||
callbacks.debug = cb && cb->debug? cb->debug : default_debug_handler;
|
|
||||||
callbacks.get_pin = cb? cb->get_pin : NULL;
|
callbacks.get_pin = cb? cb->get_pin : NULL;
|
||||||
callbacks.get_key = cb? cb->get_key : NULL;
|
callbacks.get_key = cb? cb->get_key : NULL;
|
||||||
}
|
}
|
||||||
|
|
@ -199,7 +193,9 @@ sc_pkcs15init_bind(struct sc_card *card, const char *name,
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
profile = sc_profile_new();
|
profile = sc_profile_new();
|
||||||
|
profile->card = card;
|
||||||
profile->cbs = &callbacks;
|
profile->cbs = &callbacks;
|
||||||
|
|
||||||
for (i = 0; profile_operations[i].name; i++) {
|
for (i = 0; profile_operations[i].name; i++) {
|
||||||
if (!strcasecmp(driver, profile_operations[i].name)) {
|
if (!strcasecmp(driver, profile_operations[i].name)) {
|
||||||
func = (struct sc_pkcs15init_operations * (*)(void)) profile_operations[i].func;
|
func = (struct sc_pkcs15init_operations * (*)(void)) profile_operations[i].func;
|
||||||
|
|
@ -209,7 +205,7 @@ sc_pkcs15init_bind(struct sc_card *card, const char *name,
|
||||||
if (func) {
|
if (func) {
|
||||||
profile->ops = func();
|
profile->ops = func();
|
||||||
} else {
|
} else {
|
||||||
p15init_error("Unsupported card driver %s", driver);
|
sc_error(card->ctx, "Unsupported card driver %s", driver);
|
||||||
sc_profile_free(profile);
|
sc_profile_free(profile);
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
@ -286,12 +282,12 @@ sc_pkcs15init_erase_card_recursively(struct sc_card *card,
|
||||||
if (sc_keycache_find_named_pin(NULL, SC_PKCS15INIT_SO_PIN) == -1) {
|
if (sc_keycache_find_named_pin(NULL, SC_PKCS15INIT_SO_PIN) == -1) {
|
||||||
struct sc_pkcs15_card *p15card = NULL;
|
struct sc_pkcs15_card *p15card = NULL;
|
||||||
|
|
||||||
card->ctx->log_errors = 0;
|
card->ctx->suppress_errors++;
|
||||||
if (sc_pkcs15_bind(card, &p15card) >= 0) {
|
if (sc_pkcs15_bind(card, &p15card) >= 0) {
|
||||||
set_so_pin_from_card(p15card, profile);
|
set_so_pin_from_card(p15card, profile);
|
||||||
profile->p15_card = p15card;
|
profile->p15_card = p15card;
|
||||||
}
|
}
|
||||||
card->ctx->log_errors = 1;
|
card->ctx->suppress_errors--;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Delete EF(DIR). This may not be very nice
|
/* Delete EF(DIR). This may not be very nice
|
||||||
|
|
@ -308,9 +304,9 @@ sc_pkcs15init_erase_card_recursively(struct sc_card *card,
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
card->ctx->log_errors = 0;
|
card->ctx->suppress_errors++;
|
||||||
r = sc_select_file(card, &df->path, &df);
|
r = sc_select_file(card, &df->path, &df);
|
||||||
card->ctx->log_errors = 1;
|
card->ctx->suppress_errors--;
|
||||||
if (r >= 0) {
|
if (r >= 0) {
|
||||||
r = sc_pkcs15init_rmdir(card, profile, df);
|
r = sc_pkcs15init_rmdir(card, profile, df);
|
||||||
sc_file_free(df);
|
sc_file_free(df);
|
||||||
|
|
@ -343,7 +339,9 @@ sc_pkcs15init_rmdir(struct sc_card *card, struct sc_profile *profile,
|
||||||
struct sc_file *file, *parent;
|
struct sc_file *file, *parent;
|
||||||
int r = 0, nfids;
|
int r = 0, nfids;
|
||||||
|
|
||||||
p15init_debug(1, "sc_pkcs15init_rmdir(%s)", sc_print_path(&df->path));
|
sc_debug(card->ctx,
|
||||||
|
"sc_pkcs15init_rmdir(%s)",
|
||||||
|
sc_print_path(&df->path));
|
||||||
|
|
||||||
if (df == NULL)
|
if (df == NULL)
|
||||||
return SC_ERROR_INTERNAL;
|
return SC_ERROR_INTERNAL;
|
||||||
|
|
@ -352,9 +350,9 @@ sc_pkcs15init_rmdir(struct sc_card *card, struct sc_profile *profile,
|
||||||
SC_AC_OP_LIST_FILES);
|
SC_AC_OP_LIST_FILES);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
card->ctx->log_errors = 0;
|
card->ctx->suppress_errors++;
|
||||||
r = sc_list_files(card, buffer, sizeof(buffer));
|
r = sc_list_files(card, buffer, sizeof(buffer));
|
||||||
card->ctx->log_errors = 1;
|
card->ctx->suppress_errors--;
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
|
@ -400,9 +398,9 @@ sc_pkcs15init_rmdir(struct sc_card *card, struct sc_profile *profile,
|
||||||
path.value[1] = df->id & 0xFF;
|
path.value[1] = df->id & 0xFF;
|
||||||
path.len = 2;
|
path.len = 2;
|
||||||
|
|
||||||
card->ctx->log_errors = 0;
|
card->ctx->suppress_errors++;
|
||||||
r = sc_delete_file(card, &path);
|
r = sc_delete_file(card, &path);
|
||||||
card->ctx->log_errors = 1;
|
card->ctx->suppress_errors--;
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -423,14 +421,14 @@ sc_pkcs15init_add_app(struct sc_card *card, struct sc_profile *profile,
|
||||||
p15card->card = card;
|
p15card->card = card;
|
||||||
|
|
||||||
if (card->app_count >= SC_MAX_CARD_APPS) {
|
if (card->app_count >= SC_MAX_CARD_APPS) {
|
||||||
p15init_error("Too many applications on this card.");
|
sc_error(card->ctx, "Too many applications on this card.");
|
||||||
return SC_ERROR_TOO_MANY_OBJECTS;
|
return SC_ERROR_TOO_MANY_OBJECTS;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If the profile requires an SO PIN, check min/max length */
|
/* If the profile requires an SO PIN, check min/max length */
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &pin_info);
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &pin_info);
|
||||||
if (args->so_pin_len && args->so_pin_len < pin_info.min_length) {
|
if (args->so_pin_len && args->so_pin_len < pin_info.min_length) {
|
||||||
p15init_error("SO PIN too short (min length %u)",
|
sc_error(card->ctx, "SO PIN too short (min length %u)",
|
||||||
pin_info.min_length);
|
pin_info.min_length);
|
||||||
return SC_ERROR_WRONG_LENGTH;
|
return SC_ERROR_WRONG_LENGTH;
|
||||||
}
|
}
|
||||||
|
|
@ -453,7 +451,7 @@ sc_pkcs15init_add_app(struct sc_card *card, struct sc_profile *profile,
|
||||||
|
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PUK, &puk_info);
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PUK, &puk_info);
|
||||||
if (args->so_puk_len && args->so_puk_len < puk_info.min_length) {
|
if (args->so_puk_len && args->so_puk_len < puk_info.min_length) {
|
||||||
p15init_error("SO PUK too short (min length %u)",
|
sc_error(card->ctx, "SO PUK too short (min length %u)",
|
||||||
puk_info.min_length);
|
puk_info.min_length);
|
||||||
return SC_ERROR_WRONG_LENGTH;
|
return SC_ERROR_WRONG_LENGTH;
|
||||||
}
|
}
|
||||||
|
|
@ -557,7 +555,7 @@ sc_pkcs15init_store_pin(struct sc_pkcs15_card *p15card,
|
||||||
unsigned int n;
|
unsigned int n;
|
||||||
|
|
||||||
args->auth_id.len = 1;
|
args->auth_id.len = 1;
|
||||||
card->ctx->log_errors = 0;
|
card->ctx->suppress_errors++;
|
||||||
for (n = 1, r = 0; n < 256; n++) {
|
for (n = 1, r = 0; n < 256; n++) {
|
||||||
args->auth_id.value[0] = n;
|
args->auth_id.value[0] = n;
|
||||||
r = sc_pkcs15_find_pin_by_auth_id(p15card,
|
r = sc_pkcs15_find_pin_by_auth_id(p15card,
|
||||||
|
|
@ -565,20 +563,20 @@ sc_pkcs15init_store_pin(struct sc_pkcs15_card *p15card,
|
||||||
if (r == SC_ERROR_OBJECT_NOT_FOUND)
|
if (r == SC_ERROR_OBJECT_NOT_FOUND)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
card->ctx->log_errors = 1;
|
card->ctx->suppress_errors--;
|
||||||
if (r != SC_ERROR_OBJECT_NOT_FOUND) {
|
if (r != SC_ERROR_OBJECT_NOT_FOUND) {
|
||||||
p15init_error("No auth_id specified for new PIN");
|
sc_error(card->ctx, "No auth_id specified for new PIN");
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
struct sc_pkcs15_object *dummy;
|
struct sc_pkcs15_object *dummy;
|
||||||
|
|
||||||
/* Make sure we don't get duplicate PIN IDs */
|
/* Make sure we don't get duplicate PIN IDs */
|
||||||
card->ctx->log_errors = 0;
|
card->ctx->suppress_errors++;
|
||||||
r = sc_pkcs15_find_pin_by_auth_id(p15card,
|
r = sc_pkcs15_find_pin_by_auth_id(p15card,
|
||||||
&args->auth_id, &dummy);
|
&args->auth_id, &dummy);
|
||||||
if (r != SC_ERROR_OBJECT_NOT_FOUND) {
|
if (r != SC_ERROR_OBJECT_NOT_FOUND) {
|
||||||
p15init_error("There already is a PIN with this ID.");
|
sc_error(card->ctx, "There already is a PIN with this ID.");
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -631,7 +629,7 @@ sc_pkcs15init_create_pin(sc_pkcs15_card_t *p15card, sc_profile_t *profile,
|
||||||
*/
|
*/
|
||||||
if (profile->pin_domains) {
|
if (profile->pin_domains) {
|
||||||
if (!profile->ops->create_domain) {
|
if (!profile->ops->create_domain) {
|
||||||
p15init_error("PIN domains not supported.");
|
sc_error(card->ctx, "PIN domains not supported.");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
r = profile->ops->create_domain(profile, card,
|
r = profile->ops->create_domain(profile, card,
|
||||||
|
|
@ -663,7 +661,7 @@ sc_pkcs15init_create_pin(sc_pkcs15_card_t *p15card, sc_profile_t *profile,
|
||||||
|
|
||||||
if (r != 0 || !retry) {
|
if (r != 0 || !retry) {
|
||||||
/* Other error trying to retrieve pin obj */
|
/* Other error trying to retrieve pin obj */
|
||||||
p15init_error("Failed to allocate PIN reference.");
|
sc_error(card->ctx, "Failed to allocate PIN reference.");
|
||||||
return SC_ERROR_TOO_MANY_OBJECTS;
|
return SC_ERROR_TOO_MANY_OBJECTS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -776,6 +774,7 @@ sc_pkcs15init_init_prkdf(sc_pkcs15_card_t *p15card,
|
||||||
{
|
{
|
||||||
struct sc_pkcs15_prkey_info *key_info;
|
struct sc_pkcs15_prkey_info *key_info;
|
||||||
struct sc_pkcs15_object *object;
|
struct sc_pkcs15_object *object;
|
||||||
|
sc_card_t *card = p15card->card;
|
||||||
const char *label;
|
const char *label;
|
||||||
unsigned int usage;
|
unsigned int usage;
|
||||||
int r = 0;
|
int r = 0;
|
||||||
|
|
@ -805,7 +804,7 @@ sc_pkcs15init_init_prkdf(sc_pkcs15_card_t *p15card,
|
||||||
/* Path is selected below */
|
/* Path is selected below */
|
||||||
|
|
||||||
object = (struct sc_pkcs15_object *) calloc(1, sizeof(*object));
|
object = (struct sc_pkcs15_object *) calloc(1, sizeof(*object));
|
||||||
object->type = prkey_pkcs15_algo(key);
|
object->type = prkey_pkcs15_algo(p15card, key);
|
||||||
object->data = key_info;
|
object->data = key_info;
|
||||||
object->flags = DEFAULT_PRKEY_FLAGS;
|
object->flags = DEFAULT_PRKEY_FLAGS;
|
||||||
object->auth_id = keyargs->auth_id;
|
object->auth_id = keyargs->auth_id;
|
||||||
|
|
@ -851,7 +850,7 @@ sc_pkcs15init_init_prkdf(sc_pkcs15_card_t *p15card,
|
||||||
sc_pkcs15_object_t *dummy;
|
sc_pkcs15_object_t *dummy;
|
||||||
|
|
||||||
r = profile->ops->select_key_reference(profile,
|
r = profile->ops->select_key_reference(profile,
|
||||||
p15card->card, key_info);
|
card, key_info);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
|
@ -864,7 +863,8 @@ sc_pkcs15init_init_prkdf(sc_pkcs15_card_t *p15card,
|
||||||
|
|
||||||
if (r != 0) {
|
if (r != 0) {
|
||||||
/* Other error trying to retrieve pin obj */
|
/* Other error trying to retrieve pin obj */
|
||||||
p15init_error("Failed to select key reference.");
|
sc_error(card->ctx,
|
||||||
|
"Failed to select key reference.");
|
||||||
return SC_ERROR_TOO_MANY_OBJECTS;
|
return SC_ERROR_TOO_MANY_OBJECTS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -976,15 +976,16 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card,
|
||||||
{
|
{
|
||||||
struct sc_pkcs15_object *object;
|
struct sc_pkcs15_object *object;
|
||||||
struct sc_pkcs15_prkey_info *key_info;
|
struct sc_pkcs15_prkey_info *key_info;
|
||||||
|
sc_card_t *card = p15card->card;
|
||||||
sc_pkcs15_prkey_t key;
|
sc_pkcs15_prkey_t key;
|
||||||
int keybits, index, r = 0;
|
int keybits, index, r = 0;
|
||||||
|
|
||||||
/* Create a copy of the key first */
|
/* Create a copy of the key first */
|
||||||
key = keyargs->key;
|
key = keyargs->key;
|
||||||
|
|
||||||
if ((r = prkey_fixup(&key)) < 0)
|
if ((r = prkey_fixup(p15card, &key)) < 0)
|
||||||
return r;
|
return r;
|
||||||
if ((keybits = prkey_bits(&key)) < 0)
|
if ((keybits = prkey_bits(p15card, &key)) < 0)
|
||||||
return keybits;
|
return keybits;
|
||||||
|
|
||||||
/* Now check whether the card is able to handle this key */
|
/* Now check whether the card is able to handle this key */
|
||||||
|
|
@ -993,12 +994,13 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card,
|
||||||
/* Make sure the caller explicitly tells us to store
|
/* Make sure the caller explicitly tells us to store
|
||||||
* the key non-natively. */
|
* the key non-natively. */
|
||||||
if (!(keyargs->flags & SC_PKCS15INIT_EXTRACTABLE)) {
|
if (!(keyargs->flags & SC_PKCS15INIT_EXTRACTABLE)) {
|
||||||
p15init_error("Card does not support this key.");
|
sc_error(card->ctx, "Card does not support this key.");
|
||||||
return SC_ERROR_INCOMPATIBLE_KEY;
|
return SC_ERROR_INCOMPATIBLE_KEY;
|
||||||
}
|
}
|
||||||
if (!keyargs->passphrase
|
if (!keyargs->passphrase
|
||||||
&& !(keyargs->flags & SC_PKCS15INIT_NO_PASSPHRASE)) {
|
&& !(keyargs->flags & SC_PKCS15INIT_NO_PASSPHRASE)) {
|
||||||
p15init_error("No key encryption passphrase given.");
|
sc_error(card->ctx,
|
||||||
|
"No key encryption passphrase given.");
|
||||||
return SC_ERROR_PASSPHRASE_REQUIRED;
|
return SC_ERROR_PASSPHRASE_REQUIRED;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -1173,7 +1175,7 @@ sc_pkcs15init_store_public_key(struct sc_pkcs15_card *p15card,
|
||||||
type = SC_PKCS15_TYPE_PUBKEY_DSA; break;
|
type = SC_PKCS15_TYPE_PUBKEY_DSA; break;
|
||||||
#endif
|
#endif
|
||||||
default:
|
default:
|
||||||
p15init_error("Unsupported key algorithm.\n");
|
sc_error(p15card->card->ctx, "Unsupported key algorithm.\n");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1280,7 +1282,8 @@ sc_pkcs15init_store_certificate(struct sc_pkcs15_card *p15card,
|
||||||
&& sc_pkcs15_find_prkey_by_id(p15card, &args->id, &object) == 0) {
|
&& sc_pkcs15_find_prkey_by_id(p15card, &args->id, &object) == 0) {
|
||||||
r = set_user_pin_from_authid(p15card, profile, &object->auth_id);
|
r = set_user_pin_from_authid(p15card, profile, &object->auth_id);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
p15init_error("Failed to assign user pin reference "
|
sc_error(p15card->card->ctx,
|
||||||
|
"Failed to assign user pin reference "
|
||||||
"(copied from private key auth_id)\n");
|
"(copied from private key auth_id)\n");
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
@ -1403,7 +1406,7 @@ sc_pkcs15init_store_data(struct sc_pkcs15_card *p15card,
|
||||||
r = profile->ops->new_file(profile, p15card->card,
|
r = profile->ops->new_file(profile, p15card->card,
|
||||||
object->type, index, &file);
|
object->type, index, &file);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
p15init_error("Unable to allocate file");
|
sc_error(p15card->card->ctx, "Unable to allocate file");
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -1549,7 +1552,8 @@ check_key_compatibility(struct sc_pkcs15_card *p15card,
|
||||||
res = __check_key_compatibility(p15card, key,
|
res = __check_key_compatibility(p15card, key,
|
||||||
x509_usage, key_length, flags);
|
x509_usage, key_length, flags);
|
||||||
if (res < 0) {
|
if (res < 0) {
|
||||||
p15init_error("This device requires that keys have a "
|
sc_error(p15card->card->ctx,
|
||||||
|
"This device requires that keys have a "
|
||||||
"specific key usage.\n"
|
"specific key usage.\n"
|
||||||
"Keys can be used for either signature or decryption, "
|
"Keys can be used for either signature or decryption, "
|
||||||
"but not both.\n"
|
"but not both.\n"
|
||||||
|
|
@ -1567,7 +1571,7 @@ sc_pkcs15init_requires_restrictive_usage(struct sc_pkcs15_card *p15card,
|
||||||
int res;
|
int res;
|
||||||
|
|
||||||
if (key_length == 0)
|
if (key_length == 0)
|
||||||
key_length = prkey_bits(&keyargs->key);
|
key_length = prkey_bits(p15card, &keyargs->key);
|
||||||
|
|
||||||
res = __check_key_compatibility(p15card, &keyargs->key,
|
res = __check_key_compatibility(p15card, &keyargs->key,
|
||||||
keyargs->x509_usage,
|
keyargs->x509_usage,
|
||||||
|
|
@ -1580,11 +1584,12 @@ sc_pkcs15init_requires_restrictive_usage(struct sc_pkcs15_card *p15card,
|
||||||
* CRT elements
|
* CRT elements
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
prkey_fixup_rsa(struct sc_pkcs15_prkey_rsa *key)
|
prkey_fixup_rsa(sc_pkcs15_card_t *p15card, struct sc_pkcs15_prkey_rsa *key)
|
||||||
{
|
{
|
||||||
if (!key->modulus.len || !key->exponent.len
|
if (!key->modulus.len || !key->exponent.len
|
||||||
|| !key->d.len || !key->p.len || !key->q.len) {
|
|| !key->d.len || !key->p.len || !key->q.len) {
|
||||||
p15init_error("Missing private RSA coefficient");
|
sc_error(p15card->card->ctx,
|
||||||
|
"Missing private RSA coefficient");
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1647,11 +1652,11 @@ prkey_fixup_rsa(struct sc_pkcs15_prkey_rsa *key)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
prkey_fixup(sc_pkcs15_prkey_t *key)
|
prkey_fixup(sc_pkcs15_card_t *p15card, sc_pkcs15_prkey_t *key)
|
||||||
{
|
{
|
||||||
switch (key->algorithm) {
|
switch (key->algorithm) {
|
||||||
case SC_ALGORITHM_RSA:
|
case SC_ALGORITHM_RSA:
|
||||||
return prkey_fixup_rsa(&key->u.rsa);
|
return prkey_fixup_rsa(p15card, &key->u.rsa);
|
||||||
case SC_ALGORITHM_DSA:
|
case SC_ALGORITHM_DSA:
|
||||||
/* for now */
|
/* for now */
|
||||||
return 0;
|
return 0;
|
||||||
|
|
@ -1660,7 +1665,7 @@ prkey_fixup(sc_pkcs15_prkey_t *key)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
prkey_bits(sc_pkcs15_prkey_t *key)
|
prkey_bits(sc_pkcs15_card_t *p15card, sc_pkcs15_prkey_t *key)
|
||||||
{
|
{
|
||||||
switch (key->algorithm) {
|
switch (key->algorithm) {
|
||||||
case SC_ALGORITHM_RSA:
|
case SC_ALGORITHM_RSA:
|
||||||
|
|
@ -1668,12 +1673,12 @@ prkey_bits(sc_pkcs15_prkey_t *key)
|
||||||
case SC_ALGORITHM_DSA:
|
case SC_ALGORITHM_DSA:
|
||||||
return sc_pkcs15init_keybits(&key->u.dsa.q);
|
return sc_pkcs15init_keybits(&key->u.dsa.q);
|
||||||
}
|
}
|
||||||
p15init_error("Unsupported key algorithm.\n");
|
sc_error(p15card->card->ctx, "Unsupported key algorithm.\n");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
prkey_pkcs15_algo(sc_pkcs15_prkey_t *key)
|
prkey_pkcs15_algo(sc_pkcs15_card_t *p15card, sc_pkcs15_prkey_t *key)
|
||||||
{
|
{
|
||||||
switch (key->algorithm) {
|
switch (key->algorithm) {
|
||||||
case SC_ALGORITHM_RSA:
|
case SC_ALGORITHM_RSA:
|
||||||
|
|
@ -1681,7 +1686,7 @@ prkey_pkcs15_algo(sc_pkcs15_prkey_t *key)
|
||||||
case SC_ALGORITHM_DSA:
|
case SC_ALGORITHM_DSA:
|
||||||
return SC_PKCS15_TYPE_PRKEY_DSA;
|
return SC_PKCS15_TYPE_PRKEY_DSA;
|
||||||
}
|
}
|
||||||
p15init_error("Unsupported key algorithm.\n");
|
sc_error(p15card->card->ctx, "Unsupported key algorithm.\n");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1853,9 +1858,9 @@ sc_pkcs15init_update_dir(struct sc_pkcs15_card *p15card,
|
||||||
struct sc_file *dir_file;
|
struct sc_file *dir_file;
|
||||||
struct sc_path path;
|
struct sc_path path;
|
||||||
|
|
||||||
card->ctx->log_errors = 0;
|
card->ctx->suppress_errors++;
|
||||||
r = sc_enum_apps(card);
|
r = sc_enum_apps(card);
|
||||||
card->ctx->log_errors = 1;
|
card->ctx->suppress_errors--;
|
||||||
|
|
||||||
if (r != SC_ERROR_FILE_NOT_FOUND)
|
if (r != SC_ERROR_FILE_NOT_FOUND)
|
||||||
break;
|
break;
|
||||||
|
|
@ -1927,7 +1932,8 @@ sc_pkcs15init_add_object(struct sc_pkcs15_card *p15card,
|
||||||
if (df == NULL) {
|
if (df == NULL) {
|
||||||
file = profile->df[df_type];
|
file = profile->df[df_type];
|
||||||
if (file == NULL) {
|
if (file == NULL) {
|
||||||
p15init_error("Profile doesn't define a DF file %u",
|
sc_error(card->ctx,
|
||||||
|
"Profile doesn't define a DF file %u",
|
||||||
df_type);
|
df_type);
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
@ -2097,7 +2103,11 @@ do_get_and_verify_secret(struct sc_profile *pro, struct sc_card *card,
|
||||||
*/
|
*/
|
||||||
reference = sc_keycache_find_named_pin(path, pin_id);
|
reference = sc_keycache_find_named_pin(path, pin_id);
|
||||||
if (reference == -1) {
|
if (reference == -1) {
|
||||||
p15init_debug(2, "no %s set for this card\n", ident);
|
if (card->ctx->debug >= 2) {
|
||||||
|
sc_debug(card->ctx,
|
||||||
|
"no %s set for this card\n",
|
||||||
|
ident);
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -2169,7 +2179,7 @@ found: if (type == SC_AC_CHV) {
|
||||||
|
|
||||||
if (verify
|
if (verify
|
||||||
&& (r = sc_verify(card, type, reference, pinbuf, *pinsize, 0)) < 0) {
|
&& (r = sc_verify(card, type, reference, pinbuf, *pinsize, 0)) < 0) {
|
||||||
p15init_error("Failed to verify %s (ref=0x%x)",
|
sc_error(card->ctx, "Failed to verify %s (ref=0x%x)",
|
||||||
ident, reference);
|
ident, reference);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -2299,7 +2309,7 @@ sc_pkcs15init_authenticate(struct sc_profile *pro, struct sc_card *card,
|
||||||
const struct sc_acl_entry *acl;
|
const struct sc_acl_entry *acl;
|
||||||
int r = 0;
|
int r = 0;
|
||||||
|
|
||||||
p15init_debug(1, "sc_pkcs15init_authenticate called for %s\n",
|
sc_debug(card->ctx, "sc_pkcs15init_authenticate(%s)\n",
|
||||||
sc_print_path(&file->path));
|
sc_print_path(&file->path));
|
||||||
|
|
||||||
acl = sc_file_get_acl_entry(file, op);
|
acl = sc_file_get_acl_entry(file, op);
|
||||||
|
|
@ -2329,15 +2339,15 @@ do_select_parent(struct sc_profile *pro, struct sc_card *card,
|
||||||
|
|
||||||
/* Select the parent DF. */
|
/* Select the parent DF. */
|
||||||
*parent = NULL;
|
*parent = NULL;
|
||||||
card->ctx->log_errors = 0;
|
card->ctx->suppress_errors++;
|
||||||
r = sc_select_file(card, &path, parent);
|
r = sc_select_file(card, &path, parent);
|
||||||
card->ctx->log_errors = 1;
|
card->ctx->suppress_errors--;
|
||||||
/* If DF doesn't exist, create it (unless it's the MF,
|
/* If DF doesn't exist, create it (unless it's the MF,
|
||||||
* but then something's badly broken anyway :-) */
|
* but then something's badly broken anyway :-) */
|
||||||
if (r == SC_ERROR_FILE_NOT_FOUND && path.len != 2) {
|
if (r == SC_ERROR_FILE_NOT_FOUND && path.len != 2) {
|
||||||
r = sc_profile_get_file_by_path(pro, &path, parent);
|
r = sc_profile_get_file_by_path(pro, &path, parent);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
p15init_error("profile doesn't define a DF %s",
|
sc_error(card->ctx, "profile doesn't define a DF %s",
|
||||||
sc_print_path(&path));
|
sc_print_path(&path));
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
@ -2378,9 +2388,9 @@ sc_pkcs15init_update_file(struct sc_profile *profile, struct sc_card *card,
|
||||||
struct sc_file *info = NULL;
|
struct sc_file *info = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
card->ctx->log_errors = 0;
|
card->ctx->suppress_errors++;
|
||||||
if ((r = sc_select_file(card, &file->path, &info)) < 0) {
|
if ((r = sc_select_file(card, &file->path, &info)) < 0) {
|
||||||
card->ctx->log_errors = 1;
|
card->ctx->suppress_errors--;
|
||||||
/* Create file if it doesn't exist */
|
/* Create file if it doesn't exist */
|
||||||
if (file->size < datalen)
|
if (file->size < datalen)
|
||||||
file->size = datalen;
|
file->size = datalen;
|
||||||
|
|
@ -2389,10 +2399,11 @@ sc_pkcs15init_update_file(struct sc_profile *profile, struct sc_card *card,
|
||||||
|| (r = sc_select_file(card, &file->path, &info)) < 0)
|
|| (r = sc_select_file(card, &file->path, &info)) < 0)
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
card->ctx->log_errors = 1;
|
card->ctx->suppress_errors--;
|
||||||
|
|
||||||
if (info->size < datalen) {
|
if (info->size < datalen) {
|
||||||
p15init_error("File %s too small (require %u, have %u) - "
|
sc_error(card->ctx,
|
||||||
|
"File %s too small (require %u, have %u) - "
|
||||||
"please increase size in profile",
|
"please increase size in profile",
|
||||||
sc_print_path(&file->path),
|
sc_print_path(&file->path),
|
||||||
datalen, info->size);
|
datalen, info->size);
|
||||||
|
|
@ -2426,8 +2437,9 @@ sc_pkcs15init_update_file(struct sc_profile *profile, struct sc_card *card,
|
||||||
int
|
int
|
||||||
sc_pkcs15init_fixup_file(struct sc_profile *profile, struct sc_file *file)
|
sc_pkcs15init_fixup_file(struct sc_profile *profile, struct sc_file *file)
|
||||||
{
|
{
|
||||||
struct sc_pkcs15_pin_info so_pin, user_pin;
|
sc_context_t *ctx = profile->card->ctx;
|
||||||
struct sc_acl_entry so_acl, user_acl;
|
sc_pkcs15_pin_info_t so_pin, user_pin;
|
||||||
|
sc_acl_entry_t so_acl, user_acl;
|
||||||
unsigned int op, needfix = 0;
|
unsigned int op, needfix = 0;
|
||||||
int ref;
|
int ref;
|
||||||
|
|
||||||
|
|
@ -2457,7 +2469,11 @@ sc_pkcs15init_fixup_file(struct sc_profile *profile, struct sc_file *file)
|
||||||
so_acl.method = SC_AC_NONE;
|
so_acl.method = SC_AC_NONE;
|
||||||
so_acl.key_ref = 0;
|
so_acl.key_ref = 0;
|
||||||
} else {
|
} else {
|
||||||
p15init_debug(2, "sc_pkcs15init_fixup_file: SO pin is CVH%d\n", ref);
|
if (ctx->debug >= 2) {
|
||||||
|
sc_debug(ctx,
|
||||||
|
"sc_pkcs15init_fixup_file: SO pin is CVH%d\n",
|
||||||
|
ref);
|
||||||
|
}
|
||||||
so_acl.method = SC_AC_CHV;
|
so_acl.method = SC_AC_CHV;
|
||||||
so_acl.key_ref = ref;
|
so_acl.key_ref = ref;
|
||||||
}
|
}
|
||||||
|
|
@ -2467,7 +2483,11 @@ sc_pkcs15init_fixup_file(struct sc_profile *profile, struct sc_file *file)
|
||||||
user_acl.method = SC_AC_NONE;
|
user_acl.method = SC_AC_NONE;
|
||||||
user_acl.key_ref = 0;
|
user_acl.key_ref = 0;
|
||||||
} else {
|
} else {
|
||||||
p15init_debug(2, "sc_pkcs15init_fixup_file: user pin is CVH%d\n", ref);
|
if (ctx->debug >= 2) {
|
||||||
|
sc_debug(ctx,
|
||||||
|
"sc_pkcs15init_fixup_file: user pin is CVH%d\n",
|
||||||
|
ref);
|
||||||
|
}
|
||||||
user_acl.method = SC_AC_CHV;
|
user_acl.method = SC_AC_CHV;
|
||||||
user_acl.key_ref = ref;
|
user_acl.key_ref = ref;
|
||||||
}
|
}
|
||||||
|
|
@ -2484,6 +2504,7 @@ sc_pkcs15init_fixup_acls(struct sc_profile *profile, struct sc_file *file,
|
||||||
struct sc_acl_entry *so_acl,
|
struct sc_acl_entry *so_acl,
|
||||||
struct sc_acl_entry *user_acl)
|
struct sc_acl_entry *user_acl)
|
||||||
{
|
{
|
||||||
|
sc_card_t *card = profile->card;
|
||||||
struct sc_acl_entry acls[16];
|
struct sc_acl_entry acls[16];
|
||||||
unsigned int op, num;
|
unsigned int op, num;
|
||||||
int r = 0;
|
int r = 0;
|
||||||
|
|
@ -2509,16 +2530,18 @@ sc_pkcs15init_fixup_acls(struct sc_profile *profile, struct sc_file *file,
|
||||||
acl = user_acl;
|
acl = user_acl;
|
||||||
what = "user PIN";
|
what = "user PIN";
|
||||||
} else {
|
} else {
|
||||||
p15init_error("ACL references unknown symbolic PIN %d",
|
sc_error(card->ctx,
|
||||||
acl->key_ref);
|
"ACL references unknown symbolic PIN %d",
|
||||||
|
acl->key_ref);
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If we weren't given a replacement ACL,
|
/* If we weren't given a replacement ACL,
|
||||||
* leave the original ACL untouched */
|
* leave the original ACL untouched */
|
||||||
if (acl == NULL || acl->key_ref == -1) {
|
if (acl == NULL || acl->key_ref == -1) {
|
||||||
p15init_error("ACL references %s, which is not defined",
|
sc_error(card->ctx,
|
||||||
what);
|
"ACL references %s, which is not defined",
|
||||||
|
what);
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -25,6 +25,7 @@
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <opensc/opensc.h>
|
#include <opensc/opensc.h>
|
||||||
#include <opensc/cardctl.h>
|
#include <opensc/cardctl.h>
|
||||||
|
#include <opensc/log.h>
|
||||||
#include "pkcs15-init.h"
|
#include "pkcs15-init.h"
|
||||||
#include "profile.h"
|
#include "profile.h"
|
||||||
|
|
||||||
|
|
@ -121,7 +122,8 @@ miocos_new_file(struct sc_profile *profile, struct sc_card *card,
|
||||||
* the generic class (SC_PKCS15_TYPE_CERT)
|
* the generic class (SC_PKCS15_TYPE_CERT)
|
||||||
*/
|
*/
|
||||||
if (!(type & ~SC_PKCS15_TYPE_CLASS_MASK)) {
|
if (!(type & ~SC_PKCS15_TYPE_CLASS_MASK)) {
|
||||||
profile->cbs->error("File type not supported by card driver");
|
sc_error(card->ctx,
|
||||||
|
"File type not supported by card driver");
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
type &= SC_PKCS15_TYPE_CLASS_MASK;
|
type &= SC_PKCS15_TYPE_CLASS_MASK;
|
||||||
|
|
@ -129,7 +131,7 @@ miocos_new_file(struct sc_profile *profile, struct sc_card *card,
|
||||||
|
|
||||||
snprintf(name, sizeof(name), "template-%s", tag);
|
snprintf(name, sizeof(name), "template-%s", tag);
|
||||||
if (sc_profile_get_file(profile, name, &file) < 0) {
|
if (sc_profile_get_file(profile, name, &file) < 0) {
|
||||||
profile->cbs->error("Profile doesn't define %s template (%s)\n",
|
sc_error(card->ctx, "Profile doesn't define %s template (%s)",
|
||||||
desc, name);
|
desc, name);
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
@ -175,12 +177,12 @@ miocos_new_key(struct sc_profile *profile, struct sc_card *card,
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (key->algorithm != SC_ALGORITHM_RSA) {
|
if (key->algorithm != SC_ALGORITHM_RSA) {
|
||||||
profile->cbs->error("MioCOS supports only 1024-bit RSA keys.");
|
sc_error(card->ctx, "MioCOS supports only 1024-bit RSA keys.");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
rsa = &key->u.rsa;
|
rsa = &key->u.rsa;
|
||||||
if (rsa->modulus.len != 128) {
|
if (rsa->modulus.len != 128) {
|
||||||
profile->cbs->error("MioCOS supports only 1024-bit RSA keys.");
|
sc_error(card->ctx, "MioCOS supports only 1024-bit RSA keys.");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
r = miocos_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, index,
|
r = miocos_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, index,
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,7 @@
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <opensc/scconf.h>
|
#include <opensc/scconf.h>
|
||||||
|
#include <opensc/log.h>
|
||||||
#include "pkcs15-init.h"
|
#include "pkcs15-init.h"
|
||||||
#include "profile.h"
|
#include "profile.h"
|
||||||
|
|
||||||
|
|
@ -332,8 +333,7 @@ sc_profile_finish(struct sc_profile *profile)
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
whine: if (profile->cbs)
|
whine: sc_error(profile->card->ctx, "%s", reason);
|
||||||
profile->cbs->error("%s\n", reason);
|
|
||||||
return SC_ERROR_INCONSISTENT_PROFILE;
|
return SC_ERROR_INCONSISTENT_PROFILE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -525,6 +525,7 @@ sc_profile_instantiate_template(sc_profile_t *profile,
|
||||||
const char *file_name, const sc_pkcs15_id_t *id,
|
const char *file_name, const sc_pkcs15_id_t *id,
|
||||||
sc_file_t **ret)
|
sc_file_t **ret)
|
||||||
{
|
{
|
||||||
|
sc_card_t *card = profile->card;
|
||||||
sc_profile_t *tmpl;
|
sc_profile_t *tmpl;
|
||||||
sc_template_t *info;
|
sc_template_t *info;
|
||||||
unsigned int index;
|
unsigned int index;
|
||||||
|
|
@ -549,12 +550,15 @@ sc_profile_instantiate_template(sc_profile_t *profile,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
profile->cbs->debug(2, "Instantiating template %s at %s\n",
|
if (profile->card->ctx->debug >= 2) {
|
||||||
|
sc_debug(profile->card->ctx,
|
||||||
|
"Instantiating template %s at %s",
|
||||||
template_name, sc_print_path(base_path));
|
template_name, sc_print_path(base_path));
|
||||||
|
}
|
||||||
|
|
||||||
base_file = sc_profile_find_file_by_path(profile, base_path);
|
base_file = sc_profile_find_file_by_path(profile, base_path);
|
||||||
if (base_file == NULL) {
|
if (base_file == NULL) {
|
||||||
profile->cbs->error("Directory %s not defined in profile\n",
|
sc_error(card->ctx, "Directory %s not defined in profile",
|
||||||
sc_print_path(base_path));
|
sc_print_path(base_path));
|
||||||
return SC_ERROR_OBJECT_NOT_FOUND;
|
return SC_ERROR_OBJECT_NOT_FOUND;
|
||||||
}
|
}
|
||||||
|
|
@ -584,7 +588,7 @@ sc_profile_instantiate_template(sc_profile_t *profile,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (match == NULL) {
|
if (match == NULL) {
|
||||||
profile->cbs->error("No file named \"%s\" in template \"%s\"",
|
sc_error(card->ctx, "No file named \"%s\" in template \"%s\"",
|
||||||
file_name, template_name);
|
file_name, template_name);
|
||||||
return SC_ERROR_OBJECT_NOT_FOUND;
|
return SC_ERROR_OBJECT_NOT_FOUND;
|
||||||
}
|
}
|
||||||
|
|
@ -597,6 +601,7 @@ sc_profile_instantiate_file(sc_profile_t *profile, file_info *ft,
|
||||||
file_info *parent, unsigned int skew)
|
file_info *parent, unsigned int skew)
|
||||||
{
|
{
|
||||||
struct file_info *fi;
|
struct file_info *fi;
|
||||||
|
sc_card_t *card = profile->card;
|
||||||
|
|
||||||
fi = (file_info *) calloc(1, sizeof(*fi));
|
fi = (file_info *) calloc(1, sizeof(*fi));
|
||||||
fi->instance = fi;
|
fi->instance = fi;
|
||||||
|
|
@ -611,9 +616,13 @@ sc_profile_instantiate_file(sc_profile_t *profile, file_info *ft,
|
||||||
|
|
||||||
ft->instance = fi;
|
ft->instance = fi;
|
||||||
|
|
||||||
profile->cbs->debug(2, "Instantiated %s at %s\n", ft->ident,
|
if (card->ctx->debug >= 2) {
|
||||||
sc_print_path(&fi->file->path));
|
sc_debug(card->ctx, "Instantiated %s at %s",
|
||||||
profile->cbs->debug(2, " parent=%s@%s\n", parent->ident, sc_print_path(&parent->file->path));
|
ft->ident, sc_print_path(&fi->file->path));
|
||||||
|
sc_debug(card->ctx, " parent=%s@%s",
|
||||||
|
parent->ident,
|
||||||
|
sc_print_path(&parent->file->path));
|
||||||
|
}
|
||||||
|
|
||||||
return fi;
|
return fi;
|
||||||
}
|
}
|
||||||
|
|
@ -1919,7 +1928,5 @@ parse_error(struct state *cur, const char *fmt, ...)
|
||||||
if ((sp = strchr(buffer, '\n')) != NULL)
|
if ((sp = strchr(buffer, '\n')) != NULL)
|
||||||
*sp = '\0';
|
*sp = '\0';
|
||||||
|
|
||||||
if (cur->profile->cbs)
|
sc_error(cur->profile->card->ctx, "%s: %s", cur->filename, buffer);
|
||||||
cur->profile->cbs->error("%s: %s",
|
|
||||||
cur->filename, buffer);
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -78,6 +78,7 @@ typedef struct sc_template {
|
||||||
} sc_template_t;
|
} sc_template_t;
|
||||||
|
|
||||||
struct sc_profile {
|
struct sc_profile {
|
||||||
|
sc_card_t * card;
|
||||||
char * driver;
|
char * driver;
|
||||||
struct sc_pkcs15init_operations *ops;
|
struct sc_pkcs15init_operations *ops;
|
||||||
struct sc_pkcs15init_callbacks *cbs;
|
struct sc_pkcs15init_callbacks *cbs;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue