In old implementation, the DOs which their access is restricted by
PIN (like DOs 0101 -> 0104) were excluded from the fake filesystem,
leading to that we cannot read their data later, even if we verified PIN.
If tlvblock is not stored then the value is lost and the allocated
mempry is leaked.
Coverity: Resource leak (RESOURCE_LEAK)
Calling allocation function "pgp_build_tlv" on "tlvblock".
The card contains only 1 certificate, which can be used for encrypting.
But this certificate is bound with authentication key, so when decrypting,
the authentication key will be presented to check.
This commit allows to bypass the check in driver. However, it is not enough.
The users have to import the same key to "Encryption key" to help the card find
right key to work.
OpenPGP: Add log and comments.
OpenPGP: Pretend to select dummy files.
Some files are needed by pkcs15init, but not exist in OpenPGP card.
We pretend to know these dummy files to make pkcs15init successful.
Compilation error on windows:
when declaring array use explicit size, add pkcs15-openpgp.obj in Makefile.mak
OpenPGP: Some indentations need to be tab-size-independent.
OpenPGP: Check for null data when storing fingerprints.
OpenPGP: Allow to provide creation time to store (when gen/import key).
Old: Only store current time.
New: Can provide time to store, not only calculate current time.
OpenPGP: Correct setting content of pubkey blobs after key generation.
cardctl: Add definitions to support key import in OpenPGP.
OpenPGP: Add support for key import at driver level.
Correct the way to parse response data.
Updated wrong blob for pubkey info <~~ Fix.
OpenPGP: Store creation time after generating keys.
OpenPGP: Put_data: Handle the case that DO exists but its blob does not.
When checking DO before writing, relying on blobs only will miss the case that DO exists but its blob does not, when DO is non-readable.
OpenPGP: Set algorithm attributes before generating key.
OpenPGP: Add dependency of OpenSSL.
OpenPGP: Calculate and store fingerprint.
Calculate and store fingerprint after generating key.
OpenPGP: Update blob of pubkey info.
Update blob holding pubkey info after generating key.
OpenPGP: Add step to update card algorithms.
Update card algorithms after generating key. However, this step is not implemented yet, because of suspection about wrong data (see code comment).
* use LOG_FUNC_CALLED() .. LOG_FUNC_RETURN for "symmetric" logging
* don't zero-fill the DO's contents but empty it
* get rid of unnecessary variables
* select parent DF after deletion (required by to ISO 7816-9)
* don't try to delete MF
Fail on idx > 0 in order to avoid the requirement to read from the DO.
The DO may be read-protected, and this might either fail or produce
wrong results.
* use LOG_FUNC_CALLED() .. LOG_FUNC_RETURN for "symmetric" logging
* update comment
* check that blob->data is defined
* fix writing new data to the correct offset
* use calloc() instead of malloc() & memset()
* align pgp_ops function pointer list
* make sure variables of type u8 do only get passed fitting data
* use LOG_FUNC_CALLED() .. LOG_FUNC_RETURN for "symmetric" logging
* leave most of the spcial casing in ADPU handling to sc_adpu_transmit()
* use SC_ADPU_CASE_1 for empty buffer (avoids special casing Lc=0)
* clean up log strings & comments
Replace the "one-trick-pony" pgp_do_iswritable() with a more generic
function returning the blob matching the passed tag.
This way we can get rid of the one-line function pgp_blob_iswritable() too.
comparisons like these can be done in the caller.
Set pin references to 0x01 - 0x03 instead of 0x81 - 0x83.
The PINs are referenced as PIN1- PIN3 (resp. PW1 - PW3) in the OpenPGP
card specification.
Technically the APDUs to verify/change the PINs contain the values OR-ed
with 0x80, but this is just a technical detail of the implementation
which the emulated file system can hide in pgp_pin_cmd().
Pros & Cons:
+ consistent PIN naming
+ no trouble entering the correct PIN names in opensc-explorer et.al.
("verify CHV1" is way better than "verify CHV129")
- manually entering the correct APDU for VERIFY is a bit more complex.
(who does this anyway, when there are better functions)
While at it, change if .. elsif ... cascade to switch statement.
* parse more extened capabilities & features into a private enum
* for v2.0 cards, always parse the "historical bytes" DO
reason: ATR may be static and thus cannot reflect the state
Remove links pointing to the blob to be deleted from other blobs in the
blob tree structure, so that removing a subordinate blob does not hurt
its parent or siblings.
Signed-off-by: Peter Marschall <peter@adpm.de>
* get file as parameter & fail if it is NULL
* allow parent to be NULL
* do not rely on DO info to be passed as parameter,
search it yourself using the global DO info list for the card.
* infer file type automatically from DO info matching the file ID.
Signed-off-by: Peter Marschall <peter@adpm.de>
DO FF is a "catch-all" DO that returns all the infos contained in the other
DOs in one hierarchy.
It is hence duplicate and not necessary.
Signed-off-by: Peter Marschall <peter@adpm.de>
Also include forgotten DO C3 in keylength calculation.
It contains the parameters for the authentication key.
Signed-off-by: Peter Marschall <peter@adpm.de>
card-openpgp.c:584: warning: comparison between signed and unsigned
card-openpgp.c: In function ‘pgp_card_ctl’:
card-openpgp.c:1036: warning: unused variable ‘priv’
card-openpgp.c: In function ‘pgp_init’:
card-openpgp.c:272: warning: ‘child’ may be used uninitialized in this function
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5504 c6295689-39f2-0310-b995-f0e70906c6a9
Use ushort2bebytes instead of calculating the mapping to IDs ourselves.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5497 c6295689-39f2-0310-b995-f0e70906c6a9
Instead of jumping out of the loop when the correct child is found,
and checking afterwards again if we found the correct object,
do everything directly in the loop and return from there.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5496 c6295689-39f2-0310-b995-f0e70906c6a9
Extend pgp_get_card_features() to get card's flags & supported algorithms
from the card:
* get algorith values from "algorithm attributes" DOs 0x00c1 - 0x00c3
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5495 c6295689-39f2-0310-b995-f0e70906c6a9
Extend pgp_get_card_features() with these features:
* get SC_CARD_CAP_RNG capability from "extended capabilities" DO 0x00c0
* for OpenPGP 2.0 cards get max_send_size / max_recv_size values
from "extended capabilities" DI 0x00c0
* get max_pin_len from "CHV status bytes" DO 0x00c4
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5494 c6295689-39f2-0310-b995-f0e70906c6a9
Add a new function pgp_get_card_features() to get the card's capabilities,
algorithms, features, ... instead of doing it all in pgp_init():
* get SC_CARD_CAP_APDU_EXT capability from ATR
* for openPGP 2.0 cards, if not found in ATR,
get SC_CARD_CAP_APDU_EXT capability from "historical bytes" DO 0x5f52
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5493 c6295689-39f2-0310-b995-f0e70906c6a9
In pgp_read_blob(), check if the pointer to the function we want to call
is defined.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5492 c6295689-39f2-0310-b995-f0e70906c6a9
Have separate copies of pgp_objects[] data elements specific to the card's
version, and extend these structures with additional information:
* Some spec changes cannot be compatibly expressed in one common
simple data structure without making it too complex.
* depending on specification version, only deal with those DOs
that are legal within that version
* add information or read & write access conditions
* add information for non-toplevel and/or write-only DOs
* use symbolic names for constants
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5491 c6295689-39f2-0310-b995-f0e70906c6a9
Re-structure pgp_finish() for easier reading.
While at it, check for priv != NULL before free()ing it.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5486 c6295689-39f2-0310-b995-f0e70906c6a9
Instrument functions used in the card operations table pgp_ops[]
with log macros to ease debugging.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5485 c6295689-39f2-0310-b995-f0e70906c6a9
Write a short comment at the beginning of each function,
shortly sketching what the function does.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5484 c6295689-39f2-0310-b995-f0e70906c6a9
The element size in struct do_info is never used. Get rid of it.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5483 c6295689-39f2-0310-b995-f0e70906c6a9
Implement card_ctl(), crrently restricted only to SC_CARDCTL_GET_SERIALNR.
The card's serial number is copied from the respective bytes in the AID.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5482 c6295689-39f2-0310-b995-f0e70906c6a9
free() the memory already reserved when the file identifying the OpenPGP
application fails & reset the pointers in the card strcuture back to NULL.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5481 c6295689-39f2-0310-b995-f0e70906c6a9
Depending on the card's capabilities and the necessity (requested response
size > 256) allow extended APDUs in all functions talking to the card.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5480 c6295689-39f2-0310-b995-f0e70906c6a9
adapt pgp_get_pubkey() and pgp_read_blob() to make use of the information
about the "extended Lc/Le" capabilities.
This allows reading OpenPGP Card v2.0 keys!
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5479 c6295689-39f2-0310-b995-f0e70906c6a9
According to OpenPGP card specs 1.1 & 2.0 historical bytes in the ATR
indicate capabilities:
* bit 0x40 of the 3rd byte of the compact-TLV entry with TL 0x73 tells
whether the card supports extended Lc/Le fields in APDUs.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5478 c6295689-39f2-0310-b995-f0e70906c6a9
Detect and react on out of memory errors in pgp_new_blob() and its callers.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5477 c6295689-39f2-0310-b995-f0e70906c6a9
* NULL-ify freed data pointer
* avoid unnecessary malloc() calls
* cope with malloc() errors
* do not rely on blob->file for be set
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5474 c6295689-39f2-0310-b995-f0e70906c6a9
* pgp_iterate_blobs(): walk through the blob tree
* pgp_free_blob(): free a blob
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5472 c6295689-39f2-0310-b995-f0e70906c6a9
Leverage the fact that OpenPGP cards use TLV encoding according to
ASN.1 BER-encoding rules and use sc_asn1_read_tag() as the workhorse
within pgp_enumerate_blob().
There's one peculiarity though:
OpenPGP cards expect 'cla' to be merged into 'tag'.
This is done manually after calling sc_asn1_read_tag().
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5471 c6295689-39f2-0310-b995-f0e70906c6a9