In old implementation, the DOs which their access is restricted by
PIN (like DOs 0101 -> 0104) were excluded from the fake filesystem,
leading to that we cannot read their data later, even if we verified PIN.
If tlvblock is not stored then the value is lost and the allocated
mempry is leaked.
Coverity: Resource leak (RESOURCE_LEAK)
Calling allocation function "pgp_build_tlv" on "tlvblock".
The card contains only 1 certificate, which can be used for encrypting.
But this certificate is bound with authentication key, so when decrypting,
the authentication key will be presented to check.
This commit allows to bypass the check in driver. However, it is not enough.
The users have to import the same key to "Encryption key" to help the card find
right key to work.
OpenPGP: Add log and comments.
OpenPGP: Pretend to select dummy files.
Some files are needed by pkcs15init, but not exist in OpenPGP card.
We pretend to know these dummy files to make pkcs15init successful.
Compilation error on windows:
when declaring array use explicit size, add pkcs15-openpgp.obj in Makefile.mak
OpenPGP: Some indentations need to be tab-size-independent.
OpenPGP: Check for null data when storing fingerprints.
OpenPGP: Allow to provide creation time to store (when gen/import key).
Old: Only store current time.
New: Can provide time to store, not only calculate current time.
OpenPGP: Correct setting content of pubkey blobs after key generation.
cardctl: Add definitions to support key import in OpenPGP.
OpenPGP: Add support for key import at driver level.
Correct the way to parse response data.
Updated wrong blob for pubkey info <~~ Fix.
OpenPGP: Store creation time after generating keys.
OpenPGP: Put_data: Handle the case that DO exists but its blob does not.
When checking DO before writing, relying on blobs only will miss the case that DO exists but its blob does not, when DO is non-readable.
OpenPGP: Set algorithm attributes before generating key.
OpenPGP: Add dependency of OpenSSL.
OpenPGP: Calculate and store fingerprint.
Calculate and store fingerprint after generating key.
OpenPGP: Update blob of pubkey info.
Update blob holding pubkey info after generating key.
OpenPGP: Add step to update card algorithms.
Update card algorithms after generating key. However, this step is not implemented yet, because of suspection about wrong data (see code comment).
* use LOG_FUNC_CALLED() .. LOG_FUNC_RETURN for "symmetric" logging
* don't zero-fill the DO's contents but empty it
* get rid of unnecessary variables
* select parent DF after deletion (required by to ISO 7816-9)
* don't try to delete MF
Fail on idx > 0 in order to avoid the requirement to read from the DO.
The DO may be read-protected, and this might either fail or produce
wrong results.
* use LOG_FUNC_CALLED() .. LOG_FUNC_RETURN for "symmetric" logging
* update comment
* check that blob->data is defined
* fix writing new data to the correct offset
* use calloc() instead of malloc() & memset()
* align pgp_ops function pointer list
* make sure variables of type u8 do only get passed fitting data
* use LOG_FUNC_CALLED() .. LOG_FUNC_RETURN for "symmetric" logging
* leave most of the spcial casing in ADPU handling to sc_adpu_transmit()
* use SC_ADPU_CASE_1 for empty buffer (avoids special casing Lc=0)
* clean up log strings & comments
Replace the "one-trick-pony" pgp_do_iswritable() with a more generic
function returning the blob matching the passed tag.
This way we can get rid of the one-line function pgp_blob_iswritable() too.
comparisons like these can be done in the caller.
Set pin references to 0x01 - 0x03 instead of 0x81 - 0x83.
The PINs are referenced as PIN1- PIN3 (resp. PW1 - PW3) in the OpenPGP
card specification.
Technically the APDUs to verify/change the PINs contain the values OR-ed
with 0x80, but this is just a technical detail of the implementation
which the emulated file system can hide in pgp_pin_cmd().
Pros & Cons:
+ consistent PIN naming
+ no trouble entering the correct PIN names in opensc-explorer et.al.
("verify CHV1" is way better than "verify CHV129")
- manually entering the correct APDU for VERIFY is a bit more complex.
(who does this anyway, when there are better functions)
While at it, change if .. elsif ... cascade to switch statement.
* parse more extened capabilities & features into a private enum
* for v2.0 cards, always parse the "historical bytes" DO
reason: ATR may be static and thus cannot reflect the state
Remove links pointing to the blob to be deleted from other blobs in the
blob tree structure, so that removing a subordinate blob does not hurt
its parent or siblings.
Signed-off-by: Peter Marschall <peter@adpm.de>
* get file as parameter & fail if it is NULL
* allow parent to be NULL
* do not rely on DO info to be passed as parameter,
search it yourself using the global DO info list for the card.
* infer file type automatically from DO info matching the file ID.
Signed-off-by: Peter Marschall <peter@adpm.de>
DO FF is a "catch-all" DO that returns all the infos contained in the other
DOs in one hierarchy.
It is hence duplicate and not necessary.
Signed-off-by: Peter Marschall <peter@adpm.de>
Also include forgotten DO C3 in keylength calculation.
It contains the parameters for the authentication key.
Signed-off-by: Peter Marschall <peter@adpm.de>
card-openpgp.c:584: warning: comparison between signed and unsigned
card-openpgp.c: In function ‘pgp_card_ctl’:
card-openpgp.c:1036: warning: unused variable ‘priv’
card-openpgp.c: In function ‘pgp_init’:
card-openpgp.c:272: warning: ‘child’ may be used uninitialized in this function
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5504 c6295689-39f2-0310-b995-f0e70906c6a9
Use ushort2bebytes instead of calculating the mapping to IDs ourselves.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5497 c6295689-39f2-0310-b995-f0e70906c6a9
Instead of jumping out of the loop when the correct child is found,
and checking afterwards again if we found the correct object,
do everything directly in the loop and return from there.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5496 c6295689-39f2-0310-b995-f0e70906c6a9
Extend pgp_get_card_features() to get card's flags & supported algorithms
from the card:
* get algorith values from "algorithm attributes" DOs 0x00c1 - 0x00c3
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5495 c6295689-39f2-0310-b995-f0e70906c6a9
Extend pgp_get_card_features() with these features:
* get SC_CARD_CAP_RNG capability from "extended capabilities" DO 0x00c0
* for OpenPGP 2.0 cards get max_send_size / max_recv_size values
from "extended capabilities" DI 0x00c0
* get max_pin_len from "CHV status bytes" DO 0x00c4
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5494 c6295689-39f2-0310-b995-f0e70906c6a9
Add a new function pgp_get_card_features() to get the card's capabilities,
algorithms, features, ... instead of doing it all in pgp_init():
* get SC_CARD_CAP_APDU_EXT capability from ATR
* for openPGP 2.0 cards, if not found in ATR,
get SC_CARD_CAP_APDU_EXT capability from "historical bytes" DO 0x5f52
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5493 c6295689-39f2-0310-b995-f0e70906c6a9
In pgp_read_blob(), check if the pointer to the function we want to call
is defined.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5492 c6295689-39f2-0310-b995-f0e70906c6a9
Have separate copies of pgp_objects[] data elements specific to the card's
version, and extend these structures with additional information:
* Some spec changes cannot be compatibly expressed in one common
simple data structure without making it too complex.
* depending on specification version, only deal with those DOs
that are legal within that version
* add information or read & write access conditions
* add information for non-toplevel and/or write-only DOs
* use symbolic names for constants
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5491 c6295689-39f2-0310-b995-f0e70906c6a9
Re-structure pgp_finish() for easier reading.
While at it, check for priv != NULL before free()ing it.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5486 c6295689-39f2-0310-b995-f0e70906c6a9
Instrument functions used in the card operations table pgp_ops[]
with log macros to ease debugging.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5485 c6295689-39f2-0310-b995-f0e70906c6a9
Write a short comment at the beginning of each function,
shortly sketching what the function does.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5484 c6295689-39f2-0310-b995-f0e70906c6a9
The element size in struct do_info is never used. Get rid of it.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5483 c6295689-39f2-0310-b995-f0e70906c6a9
Implement card_ctl(), crrently restricted only to SC_CARDCTL_GET_SERIALNR.
The card's serial number is copied from the respective bytes in the AID.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5482 c6295689-39f2-0310-b995-f0e70906c6a9
free() the memory already reserved when the file identifying the OpenPGP
application fails & reset the pointers in the card strcuture back to NULL.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5481 c6295689-39f2-0310-b995-f0e70906c6a9
Depending on the card's capabilities and the necessity (requested response
size > 256) allow extended APDUs in all functions talking to the card.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5480 c6295689-39f2-0310-b995-f0e70906c6a9
adapt pgp_get_pubkey() and pgp_read_blob() to make use of the information
about the "extended Lc/Le" capabilities.
This allows reading OpenPGP Card v2.0 keys!
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5479 c6295689-39f2-0310-b995-f0e70906c6a9
According to OpenPGP card specs 1.1 & 2.0 historical bytes in the ATR
indicate capabilities:
* bit 0x40 of the 3rd byte of the compact-TLV entry with TL 0x73 tells
whether the card supports extended Lc/Le fields in APDUs.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5478 c6295689-39f2-0310-b995-f0e70906c6a9
Detect and react on out of memory errors in pgp_new_blob() and its callers.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5477 c6295689-39f2-0310-b995-f0e70906c6a9
* NULL-ify freed data pointer
* avoid unnecessary malloc() calls
* cope with malloc() errors
* do not rely on blob->file for be set
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5474 c6295689-39f2-0310-b995-f0e70906c6a9
* pgp_iterate_blobs(): walk through the blob tree
* pgp_free_blob(): free a blob
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5472 c6295689-39f2-0310-b995-f0e70906c6a9
Leverage the fact that OpenPGP cards use TLV encoding according to
ASN.1 BER-encoding rules and use sc_asn1_read_tag() as the workhorse
within pgp_enumerate_blob().
There's one peculiarity though:
OpenPGP cards expect 'cla' to be merged into 'tag'.
This is done manually after calling sc_asn1_read_tag().
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5471 c6295689-39f2-0310-b995-f0e70906c6a9
Added:
* 00c4: new top-level DO in 2.0
can also be found inside constructed DOs 006E/0073 in 2.0 & 1.1
* 0101: new optional top-level DO starting in 1.1
for private use
max 254 bytes;
access: read - always; write - verify CHV2
* 0102: new optional top-level DO starting in 1.1
for private use
max 254 bytes;
access: read - always; write - verify CHV3
* 5f52: new top-level DO in 2.0
can also be found inside constructed DOs 006E in 2.0
* 7f21: new optional top-level DO in 2.0
use: card holder certificate (e.g. X.509) for the AUT key in the card
Removed:
* 0073: never a top-level DO, but part of top-level constructed DO 006E
Changed:
* 005e: not a constructed DO, but a simple/primitive DO
Note:
Trying to read non-existent top-level DOs or top-level DOs that weren't defined
in a spec version later than the current card's version does not hurt.
They are returned as empty.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5468 c6295689-39f2-0310-b995-f0e70906c6a9
* Correct naming: openpgp not opengpg
* Set the card name from ATR table
* Add card type enums
* Currently OpenPGP is read-only.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5072 c6295689-39f2-0310-b995-f0e70906c6a9
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
* reduce to a few, supported functions.
* change all functions to take the debug level as parameter.
* use symbolic names for the debug levels.
* fix tools to pass "verbose"/"opt_debug" as ctx->debug.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4118 c6295689-39f2-0310-b995-f0e70906c6a9
- Replace struct sc_atr_table / _sc_match_atr with
recently introduced _hex variants
- Rewrote _add_atr
- Introduce int type variable to sc_card_t, so that
every other card driver won't have to glue around
with this
- Card driver cleanups, optimize the number of
sc_match_atr called per card driver. Also
always try direct match with _sc_match_atr
first, before relying on eg. historical bytes
information on some card drivers
- Fixed a memory leak from the miocos driver
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2145 c6295689-39f2-0310-b995-f0e70906c6a9