- added README.Cryptoflex

- modified ChangeLog - _really_ bumped up the version number this time git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@192 c6295689-39f2-0310-b995-f0e70906c6a9
2002-01-24 16:24:24 +00:00 · 2002-01-24 16:24:24 +00:00 · fd9c25eeed
parent c1cac5f311
commit fd9c25eeed
5 changed files with 118 additions and 2 deletions
--- a/README.Cryptoflex
+++ b/README.Cryptoflex
@ -0,0 +1,95 @@
+
+OpenSC supports the Cryptoflex cards beginning with version 0.5.0.
+
+Cryptoflex specific features can be tested with cryptoflex-tool.
+Due to the publicly available datasheets, cryptoflex-tool also includes
+a PKCS #15 structure generator. At the moment all the encoded information
+is hardcoded in the source file, but editing the structures should
+be pretty straightforward.
+
+Here are the steps to PKCS #15 structure generation:
+
+WARNING: You should be using a very safe terminal when issuing the
+         following commands.
+
+0.  If you don't have a Cryptoflex 16k, you will have to add the ATR of
+    your card manually to the flex_atrs structure at the top of card-flex.c.
+    The ATR can be found with 'opensc-tool -a' command.
+
+1.  Verify the AAK key and CHV2:
+
+$ opensc-explorer
+OpenSC Explorer version 0.5.0
+Connecting to card in reader Towitoko Chipdrive Micro 0 0...
+Using card driver: Schlumberger Multiflex/Cryptoflex
+OpenSC [3F00]> ver KEY1 01:02:03:04:05:06:07:08		# replace these
+Code correct.
+OpenSC [3F00]> ver CHV2 31:32:33:34:00:00:00:00		# with your own values
+Code correct.
+
+2.  Create the CHV2 file, if not present:
+
+$ cryptoflex-tool -P 2
+Connecting to card in reader Towitoko Chipdrive Micro 0 0...
+Using card driver: Schlumberger Multiflex/Cryptoflex
+Please enter CHV2: 1234
+Please enter PUK for CHV2: 12345678
+
+3.  Create the PKCS #15 structure
+
+$ cryptoflex-tool -C
+Connecting to card in reader Towitoko Chipdrive Micro 0 0...
+Using card driver: Schlumberger Multiflex/Cryptoflex
+Please enter CHV1 (key 1): 1234
+Please enter PUK for CHV1 (key 1): 12345678
+Please enter CHV1 (key 2): 5678
+Please enter PUK for CHV1 (key 2): 12345678
+
+4.  Generate two 1024-bit RSA key pairs with openssl:
+
+$ openssl genrsa -out key1.pem 1024
+Generating RSA private key, 1024 bit long modulus
+...........++++++
+...++++++
+e is 65537 (0x10001)
+$ openssl genrsa -out key2.pem 1024
+Generating RSA private key, 1024 bit long modulus
+.....................++++++
+....++++++
+e is 65537 (0x10001)
+
+5.  Create the files to hold the keys on the card:
+
+$ cryptoflex-tool -a 5015 -c 1
+$ cryptoflex-tool -a 4b02 -c 1
+
+6.  Store the key pairs on the card:
+
+$ cryptoflex-tool -a 5015 -p key1.pem -s -v  # (enter CHV1 for key 1)
+$ cryptoflex-tool -a 4b02 -p key2.pem -s -v  # (enter CHV1 for key 2)
+
+6a. Check if the keys are working:
+
+$ pkcs15-crypt -i <plaintext-file> -o <signed-data> -s --pkcs1
+Connecting to card in reader Towitoko Chipdrive Micro 0 0...
+Trying to find a PKCS#15 compatible card...
+Found OpenSC Test Card!
+Enter PIN [Authentication PIN]: 
+PIN code correct.
+
+7.  Create two certificates with openssl. Name them cert1.crt and cert2.crt.This process is not in the scope
+    of this document.
+
+8.  Store the DER-encoded certificates on the card (this process will be
+    automated in the future):
+
+$ opensc-explorer
+OpenSC Explorer version 0.5.0
+Connecting to card in reader Towitoko Chipdrive Micro 0 0...
+Using card driver: Schlumberger Multiflex/Cryptoflex
+OpenSC [3F00]> cd 5015
+OpenSC [3F00/5015]> create 4301 <size of cert1.crt>
+OpenSC [3F00/5015]> create 4302 <size of cert2.crt>
+OpenSC [3F00/5015]> put 4301 cert1.crt
+OpenSC [3F00/5015]> put 4302 cert2.crt
+
--- a/configure.in
+++ b/configure.in
@ -6,7 +6,7 @@ dnl $Id$
 AC_PREREQ(2.52)

 AC_INIT(src/libopensc/sc.c)
-AM_INIT_AUTOMAKE(opensc, 0.4.0)
+AM_INIT_AUTOMAKE(opensc, 0.5.0)
 AM_CONFIG_HEADER(config.h)

 AC_CANONICAL_HOST
--- a/src/libopensc/opensc-pkcs15.h
+++ b/src/libopensc/opensc-pkcs15.h
@ -189,6 +189,8 @@ struct sc_pkcs15_df {
 	int count, record_length, type;
 };

+#define SC_PKCS15_CARD_MAGIC		0x10203040
+
 struct sc_pkcs15_card {
 	struct sc_card *card;
 	char *label;
@ -212,6 +214,8 @@ struct sc_pkcs15_card {
 	struct sc_pkcs15_df df[SC_PKCS15_DF_TYPE_COUNT];

 	int use_cache;
+	
+	unsigned int magic;
 };

 #define SC_PKCS15_CARD_FLAG_READONLY		0x01
--- a/src/libopensc/pkcs15-pin.c
+++ b/src/libopensc/pkcs15-pin.c
@ -151,6 +151,14 @@ int sc_pkcs15_encode_aodf_entry(struct sc_context *ctx,

 void sc_pkcs15_print_pin_info(const struct sc_pkcs15_pin_info *pin)
 {
+	const char *pin_flags[] = {
+		"case-sensitive", "local", "change-disabled",
+		"unblock-disabled", "initialized", "needs-padding",
+		"unblockingPin", "soPin", "disable_allowed",
+		"integrity-protected", "confidentiality-protected",
+		"exchangeRefData"
+	};
+	const int pf_count = sizeof(pin_flags)/sizeof(pin_flags[0]);
 	char path[SC_MAX_PATH_SIZE * 2 + 1];
 	int i;
 	char *p;
@ -166,7 +174,12 @@ void sc_pkcs15_print_pin_info(const struct sc_pkcs15_pin_info *pin)
 	printf("\tAuth ID   : ");
 	sc_pkcs15_print_id(&pin->auth_id);
 	printf("\n");
-	printf("\tFlags     : 0x%X\n", pin->flags);
+	printf("\tFlags     : [0x%02X]", pin->flags);
+	for (i = 0; i < pf_count; i++)
+		if (pin->flags & (1 << i)) {
+			printf(", %s", pin_flags[i]);
+		}
+	printf("\n");
 	printf("\tLength    : %d..%d\n", pin->min_length, pin->stored_length);
 	printf("\tPad char  : 0x%02X\n", pin->pad_char);
 	printf("\tReference : %d\n", pin->reference);
--- a/src/libopensc/pkcs15.h
+++ b/src/libopensc/pkcs15.h
@ -189,6 +189,8 @@ struct sc_pkcs15_df {
 	int count, record_length, type;
 };

+#define SC_PKCS15_CARD_MAGIC		0x10203040
+
 struct sc_pkcs15_card {
 	struct sc_card *card;
 	char *label;
@ -212,6 +214,8 @@ struct sc_pkcs15_card {
 	struct sc_pkcs15_df df[SC_PKCS15_DF_TYPE_COUNT];

 	int use_cache;
+	
+	unsigned int magic;
 };

 #define SC_PKCS15_CARD_FLAG_READONLY		0x01