From fd9c25eeed3e1a657c55978f9e8a16ead0888ace Mon Sep 17 00:00:00 2001 From: jey Date: Thu, 24 Jan 2002 16:24:24 +0000 Subject: [PATCH] - added README.Cryptoflex - modified ChangeLog - _really_ bumped up the version number this time git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@192 c6295689-39f2-0310-b995-f0e70906c6a9 --- README.Cryptoflex | 95 +++++++++++++++++++++++++++++++++++ configure.in | 2 +- src/libopensc/opensc-pkcs15.h | 4 ++ src/libopensc/pkcs15-pin.c | 15 +++++- src/libopensc/pkcs15.h | 4 ++ 5 files changed, 118 insertions(+), 2 deletions(-) create mode 100644 README.Cryptoflex diff --git a/README.Cryptoflex b/README.Cryptoflex new file mode 100644 index 00000000..cf5aa636 --- /dev/null +++ b/README.Cryptoflex @@ -0,0 +1,95 @@ + +OpenSC supports the Cryptoflex cards beginning with version 0.5.0. + +Cryptoflex specific features can be tested with cryptoflex-tool. +Due to the publicly available datasheets, cryptoflex-tool also includes +a PKCS #15 structure generator. At the moment all the encoded information +is hardcoded in the source file, but editing the structures should +be pretty straightforward. + +Here are the steps to PKCS #15 structure generation: + +WARNING: You should be using a very safe terminal when issuing the + following commands. + +0. If you don't have a Cryptoflex 16k, you will have to add the ATR of + your card manually to the flex_atrs structure at the top of card-flex.c. + The ATR can be found with 'opensc-tool -a' command. + +1. Verify the AAK key and CHV2: + +$ opensc-explorer +OpenSC Explorer version 0.5.0 +Connecting to card in reader Towitoko Chipdrive Micro 0 0... +Using card driver: Schlumberger Multiflex/Cryptoflex +OpenSC [3F00]> ver KEY1 01:02:03:04:05:06:07:08 # replace these +Code correct. +OpenSC [3F00]> ver CHV2 31:32:33:34:00:00:00:00 # with your own values +Code correct. + +2. Create the CHV2 file, if not present: + +$ cryptoflex-tool -P 2 +Connecting to card in reader Towitoko Chipdrive Micro 0 0... +Using card driver: Schlumberger Multiflex/Cryptoflex +Please enter CHV2: 1234 +Please enter PUK for CHV2: 12345678 + +3. Create the PKCS #15 structure + +$ cryptoflex-tool -C +Connecting to card in reader Towitoko Chipdrive Micro 0 0... +Using card driver: Schlumberger Multiflex/Cryptoflex +Please enter CHV1 (key 1): 1234 +Please enter PUK for CHV1 (key 1): 12345678 +Please enter CHV1 (key 2): 5678 +Please enter PUK for CHV1 (key 2): 12345678 + +4. Generate two 1024-bit RSA key pairs with openssl: + +$ openssl genrsa -out key1.pem 1024 +Generating RSA private key, 1024 bit long modulus +...........++++++ +...++++++ +e is 65537 (0x10001) +$ openssl genrsa -out key2.pem 1024 +Generating RSA private key, 1024 bit long modulus +.....................++++++ +....++++++ +e is 65537 (0x10001) + +5. Create the files to hold the keys on the card: + +$ cryptoflex-tool -a 5015 -c 1 +$ cryptoflex-tool -a 4b02 -c 1 + +6. Store the key pairs on the card: + +$ cryptoflex-tool -a 5015 -p key1.pem -s -v # (enter CHV1 for key 1) +$ cryptoflex-tool -a 4b02 -p key2.pem -s -v # (enter CHV1 for key 2) + +6a. Check if the keys are working: + +$ pkcs15-crypt -i -o -s --pkcs1 +Connecting to card in reader Towitoko Chipdrive Micro 0 0... +Trying to find a PKCS#15 compatible card... +Found OpenSC Test Card! +Enter PIN [Authentication PIN]: +PIN code correct. + +7. Create two certificates with openssl. Name them cert1.crt and cert2.crt.This process is not in the scope + of this document. + +8. Store the DER-encoded certificates on the card (this process will be + automated in the future): + +$ opensc-explorer +OpenSC Explorer version 0.5.0 +Connecting to card in reader Towitoko Chipdrive Micro 0 0... +Using card driver: Schlumberger Multiflex/Cryptoflex +OpenSC [3F00]> cd 5015 +OpenSC [3F00/5015]> create 4301 +OpenSC [3F00/5015]> create 4302 +OpenSC [3F00/5015]> put 4301 cert1.crt +OpenSC [3F00/5015]> put 4302 cert2.crt + diff --git a/configure.in b/configure.in index 8501d390..60f580e1 100644 --- a/configure.in +++ b/configure.in @@ -6,7 +6,7 @@ dnl $Id$ AC_PREREQ(2.52) AC_INIT(src/libopensc/sc.c) -AM_INIT_AUTOMAKE(opensc, 0.4.0) +AM_INIT_AUTOMAKE(opensc, 0.5.0) AM_CONFIG_HEADER(config.h) AC_CANONICAL_HOST diff --git a/src/libopensc/opensc-pkcs15.h b/src/libopensc/opensc-pkcs15.h index 82a10909..104465da 100644 --- a/src/libopensc/opensc-pkcs15.h +++ b/src/libopensc/opensc-pkcs15.h @@ -189,6 +189,8 @@ struct sc_pkcs15_df { int count, record_length, type; }; +#define SC_PKCS15_CARD_MAGIC 0x10203040 + struct sc_pkcs15_card { struct sc_card *card; char *label; @@ -212,6 +214,8 @@ struct sc_pkcs15_card { struct sc_pkcs15_df df[SC_PKCS15_DF_TYPE_COUNT]; int use_cache; + + unsigned int magic; }; #define SC_PKCS15_CARD_FLAG_READONLY 0x01 diff --git a/src/libopensc/pkcs15-pin.c b/src/libopensc/pkcs15-pin.c index 360e600e..661137d0 100644 --- a/src/libopensc/pkcs15-pin.c +++ b/src/libopensc/pkcs15-pin.c @@ -151,6 +151,14 @@ int sc_pkcs15_encode_aodf_entry(struct sc_context *ctx, void sc_pkcs15_print_pin_info(const struct sc_pkcs15_pin_info *pin) { + const char *pin_flags[] = { + "case-sensitive", "local", "change-disabled", + "unblock-disabled", "initialized", "needs-padding", + "unblockingPin", "soPin", "disable_allowed", + "integrity-protected", "confidentiality-protected", + "exchangeRefData" + }; + const int pf_count = sizeof(pin_flags)/sizeof(pin_flags[0]); char path[SC_MAX_PATH_SIZE * 2 + 1]; int i; char *p; @@ -166,7 +174,12 @@ void sc_pkcs15_print_pin_info(const struct sc_pkcs15_pin_info *pin) printf("\tAuth ID : "); sc_pkcs15_print_id(&pin->auth_id); printf("\n"); - printf("\tFlags : 0x%X\n", pin->flags); + printf("\tFlags : [0x%02X]", pin->flags); + for (i = 0; i < pf_count; i++) + if (pin->flags & (1 << i)) { + printf(", %s", pin_flags[i]); + } + printf("\n"); printf("\tLength : %d..%d\n", pin->min_length, pin->stored_length); printf("\tPad char : 0x%02X\n", pin->pad_char); printf("\tReference : %d\n", pin->reference); diff --git a/src/libopensc/pkcs15.h b/src/libopensc/pkcs15.h index 82a10909..104465da 100644 --- a/src/libopensc/pkcs15.h +++ b/src/libopensc/pkcs15.h @@ -189,6 +189,8 @@ struct sc_pkcs15_df { int count, record_length, type; }; +#define SC_PKCS15_CARD_MAGIC 0x10203040 + struct sc_pkcs15_card { struct sc_card *card; char *label; @@ -212,6 +214,8 @@ struct sc_pkcs15_card { struct sc_pkcs15_df df[SC_PKCS15_DF_TYPE_COUNT]; int use_cache; + + unsigned int magic; }; #define SC_PKCS15_CARD_FLAG_READONLY 0x01