diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c index 6b308c53..2d63164d 100644 --- a/src/libopensc/card-openpgp.c +++ b/src/libopensc/card-openpgp.c @@ -565,21 +565,26 @@ pgp_parse_hist_bytes(sc_card_t *card, u8 *ctlv, size_t ctlv_len) * Internal: parse an algorithm attributes DO **/ static int -pgp_parse_algo_attr_blob(const pgp_blob_t *blob, sc_cardctl_openpgp_keygen_info_t *key_info) +pgp_parse_algo_attr_blob(sc_card_t *card, const pgp_blob_t *blob, + sc_cardctl_openpgp_keygen_info_t *key_info) { struct sc_object_id oid; unsigned int j, r; + LOG_FUNC_CALLED(card->ctx); + if (blob == NULL || blob->data == NULL || blob->len == 0 || - blob->id < 0x00c1 || blob->id > 0x00c3 || key_info == NULL) - return SC_ERROR_INCORRECT_PARAMETERS; + blob->id < 0x00c1 || blob->id > 0x00c3 || key_info == NULL) { + LOG_FUNC_RETURN(card->ctx, SC_ERROR_INCORRECT_PARAMETERS); + } key_info->key_id = blob->id - 0x00c0; /* attribute algorithm blobs are C1 - C3 */ switch (blob->data[0]) { case SC_OPENPGP_KEYALGO_RSA: - if (blob->len < 5) - return SC_ERROR_INCORRECT_PARAMETERS; + if (blob->len < 5) { + LOG_FUNC_RETURN(card->ctx, SC_ERROR_INCORRECT_PARAMETERS); + } key_info->algorithm = SC_OPENPGP_KEYALGO_RSA; key_info->u.rsa.modulus_len = bebytes2ushort(blob->data + 1); @@ -618,8 +623,10 @@ pgp_parse_algo_attr_blob(const pgp_blob_t *blob, sc_cardctl_openpgp_keygen_info_ return r; } /* compare with list of supported ec_curves */ - for (j=0; ec_curves[j].oid.value[0] >= 0; j++){ - if (sc_compare_oid(&ec_curves[j].oid, &oid)){ + for (j = 0; ec_curves[j].oid.value[0] >= 0; j++) { + if (sc_compare_oid(&ec_curves[j].oid, &oid)) { + sc_log(card->ctx, "Matched EC oid %s (%d)", + sc_dump_oid(&oid), j); key_info->u.ec.oid = ec_curves[j].oid; key_info->u.ec.key_length = ec_curves[j].size; break; @@ -628,10 +635,10 @@ pgp_parse_algo_attr_blob(const pgp_blob_t *blob, sc_cardctl_openpgp_keygen_info_ break; default: - return SC_ERROR_NOT_IMPLEMENTED; + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); } - return SC_SUCCESS; + LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); } @@ -647,6 +654,8 @@ pgp_get_card_features(sc_card_t *card) size_t i; pgp_blob_t *blob, *blob6e, *blob73; + LOG_FUNC_CALLED(card->ctx); + /* parse card capabilities from historical bytes in ATR */ if (hist_bytes_len > 0) { /* category indicator 0x00, 0x10 or 0x80 => compact TLV (ISO) */ @@ -776,9 +785,11 @@ pgp_get_card_features(sc_card_t *card) for (i = 0x00c1; i <= 0x00c3; i++) { sc_cardctl_openpgp_keygen_info_t key_info; + sc_log(card->ctx, "Parsing algorithm attribues DO %zX" , i); + /* OpenPGP card spec 1.1 & 2.x section 4.3.3.6 / v3.x section 4.4.3.7 */ if ((pgp_get_blob(card, blob73, i, &blob) >= 0) && - (pgp_parse_algo_attr_blob(blob, &key_info) >= 0)) { + (pgp_parse_algo_attr_blob(card, blob, &key_info) >= 0)) { /* RSA [RFC 4880] */ if (key_info.algorithm == SC_OPENPGP_KEYALGO_RSA){ @@ -788,6 +799,7 @@ pgp_get_card_features(sc_card_t *card) SC_ALGORITHM_RSA_HASH_NONE | SC_ALGORITHM_ONBOARD_KEY_GEN; /* key gen on card */ _sc_card_add_rsa_alg(card, key_info.u.rsa.modulus_len, flags, 0); + sc_log(card->ctx, "DO %zX: Added RSA algorithm, mod_len = %zu" , i, key_info.u.rsa.modulus_len); } /* v3.0+: ECC [RFC 4880 & 6637] */ else if (key_info.algorithm == SC_OPENPGP_KEYALGO_ECDH @@ -805,6 +817,7 @@ pgp_get_card_features(sc_card_t *card) _sc_card_add_ec_alg(card, key_info.u.ec.key_length, flags, ext_flags, &key_info.u.ec.oid); + sc_log(card->ctx, "DO %zX: Added EC algorithm (%d), mod_len = %d" , i, key_info.algorithm, key_info.u.ec.key_length); } } } @@ -1567,19 +1580,22 @@ pgp_get_pubkey_pem(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len) if (aa_tag && ((r = pgp_get_blob(card, priv->mf, 0x006e, &blob6e)) >= 0) && ((r = pgp_get_blob(card, blob6e, 0x0073, &blob73)) >= 0) && ((r = pgp_get_blob(card, blob73, aa_tag, &aa_blob)) >= 0) && - ((r = pgp_parse_algo_attr_blob(aa_blob, &key_info)) >= 0)) { + ((r = pgp_parse_algo_attr_blob(card, aa_blob, &key_info)) >= 0)) { if ((r = sc_encode_oid(card->ctx, &key_info.u.ec.oid, &p15pubkey.u.ec.params.der.value, &p15pubkey.u.ec.params.der.len)) == 0) { p15pubkey.u.ec.params.type = 1; r = sc_pkcs15_encode_pubkey_as_spki(card->ctx, &p15pubkey, &data, &len); + } else { + sc_log(card->ctx, "Unable to encode EC curve OID from algorithm info"); } - } else + } else { sc_log(card->ctx, "Unable to find Algorithm Attribute for EC curve OID"); - } - else + } + } else { LOG_TEST_RET(card->ctx, r, "error getting elements"); + } /* clean up anything we may have set in p15pubkey that can not be freed */ if (p15pubkey.algorithm == SC_ALGORITHM_RSA) { @@ -2270,7 +2286,7 @@ pgp_update_new_algo_attr(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_ } else { sc_cardctl_openpgp_keygen_info_t old_key_info; - if (pgp_parse_algo_attr_blob(algo_blob, &old_key_info) != SC_SUCCESS + if (pgp_parse_algo_attr_blob(card, algo_blob, &old_key_info) != SC_SUCCESS || old_key_info.algorithm != key_info->algorithm) LOG_TEST_RET(card->ctx, SC_ERROR_NO_CARD_SUPPORT, "Requested algorithm not supported"); diff --git a/src/libopensc/pkcs15-openpgp.c b/src/libopensc/pkcs15-openpgp.c index 257672d3..e461f809 100644 --- a/src/libopensc/pkcs15-openpgp.c +++ b/src/libopensc/pkcs15-openpgp.c @@ -169,6 +169,8 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card) sc_path_t path; sc_file_t *file = NULL; + LOG_FUNC_CALLED(ctx); + set_string(&p15card->tokeninfo->label, "OpenPGP card"); set_string(&p15card->tokeninfo->manufacturer_id, "OpenPGP project"); @@ -203,6 +205,7 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card) * 01-03: max length of pins 1-3 * 04-07: tries left for pins 1-3 */ + sc_log(ctx, "Reading PW status bytes"); if ((r = read_file(card, "006E:0073:00C4", c4data, sizeof(c4data))) < 0) goto failed; if (r != 7) { @@ -251,6 +254,7 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card) * 20-39: finger print for ENC key * 40-59: finger print for AUT key */ + sc_log(ctx, "Reading Fingerprints"); if ((r = read_file(card, "006E:0073:00C5", c5data, sizeof(c5data))) < 0) goto failed; if (r < 60) { @@ -259,6 +263,7 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card) return SC_ERROR_OBJECT_NOT_VALID; } + sc_log(ctx, "Adding private keys"); /* XXX: check if "halfkeys" can be stored with gpg2. If not, add key pairs in one loop */ for (i = 0; i < 3; i++) { sc_pkcs15_prkey_info_t prkey_info; @@ -307,6 +312,8 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card) return SC_ERROR_INTERNAL; } } + + sc_log(ctx, "Adding public keys"); /* Add public keys */ for (i = 0; i < 3; i++) { sc_pkcs15_pubkey_info_t pubkey_info; @@ -394,7 +401,7 @@ failed: } sc_file_free(file); - return r; + LOG_FUNC_RETURN(ctx, r); } static int diff --git a/src/libopensc/pkcs15-sec.c b/src/libopensc/pkcs15-sec.c index c00d3e31..b718a3c5 100644 --- a/src/libopensc/pkcs15-sec.c +++ b/src/libopensc/pkcs15-sec.c @@ -166,7 +166,7 @@ static int use_key(struct sc_pkcs15_card *p15card, sc_unlock(p15card->card); - return r; + LOG_FUNC_RETURN(p15card->card->ctx, r); } static int format_senv(struct sc_pkcs15_card *p15card, diff --git a/src/libopensc/sec.c b/src/libopensc/sec.c index abe31061..c7fae266 100644 --- a/src/libopensc/sec.c +++ b/src/libopensc/sec.c @@ -38,7 +38,7 @@ int sc_decipher(sc_card_t *card, int r; if (card == NULL || crgram == NULL || out == NULL) { - return SC_ERROR_INVALID_ARGUMENTS; + LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS); } LOG_FUNC_CALLED(card->ctx); if (card->ops->decipher == NULL)