giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
opensc/src/pkcs15init/pkcs15-oberthur-awp.c

1972 lines
55 KiB
C
Raw Blame History

/*
* Oberthur AWP extension for PKCS #15 initialization
*
* Copyright (C) 2010 Viktor Tarasov <viktor.tarasov@opentrust.com>
* Copyright (C) 2002 Juha Yrjola <juha.yrjola@iki.fi>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* best view with tabstop=4
*
*/
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include "config.h"
#include "pkcs15-oberthur.h"
#include "libopensc/opensc.h"
#include "libopensc/cardctl.h"
#include "libopensc/log.h"
#include "profile.h"
#include "pkcs15-init.h"
#include "libopensc/asn1.h"
#ifdef ENABLE_OPENSSL
#include "libopensc/sc-ossl-compat.h"
struct awp_lv zero_lv = { 0, NULL };
struct awp_lv x30_lv = { 0x10, (unsigned char *)"0000000000000000" };
static unsigned char *
awp_get_commonName(X509 *x)
{
unsigned char *ret = NULL;
int r;
r = X509_NAME_get_index_by_NID(X509_get_subject_name(x),
NID_commonName, -1);
if (r >= 0) {
X509_NAME_ENTRY *ne;
ASN1_STRING *a_str;
if (!(ne = X509_NAME_get_entry(X509_get_subject_name(x), r)))
;
else if (!(a_str = X509_NAME_ENTRY_get_data(ne)))
;
else if (a_str->type == 0x0C) {
ret = malloc(a_str->length + 1);
if (ret) {
memcpy(ret, a_str->data, a_str->length);
*(ret + a_str->length) = '\0';
}
}
else {
unsigned char *tmp = NULL;
r = ASN1_STRING_to_UTF8(&tmp, a_str);
if (r > 0) {
ret = malloc(r + 1);
if (ret) {
memcpy(ret, tmp, r);
*(ret + r) = '\0';
}
OPENSSL_free(tmp);
}
}
}
return ret;
}
static int
awp_new_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
unsigned int type, unsigned int num,
struct sc_file **info_out, struct sc_file **obj_out)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_file *ifile=NULL, *ofile=NULL;
char name[NAME_MAX_LEN];
const char *itag=NULL, *otag=NULL;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "type 0x%X; num %i; info %p; obj %p", type, num, info_out, obj_out);
switch (type) {
case SC_PKCS15_TYPE_CERT_X509:
itag = "certificate-info";
otag = "template-certificate";
break;
case SC_PKCS15_TYPE_PRKEY_RSA:
case COSM_TYPE_PRKEY_RSA:
itag = "private-key-info";
otag = "template-private-key";
break;
case SC_PKCS15_TYPE_PUBKEY_RSA:
case COSM_TYPE_PUBKEY_RSA:
itag = "public-key-info";
otag = "template-public-key";
break;
case SC_PKCS15_TYPE_DATA_OBJECT:
itag = "data-info";
otag = "template-data";
break;
case COSM_TYPE_PRIVDATA_OBJECT:
itag = "privdata-info";
otag = "template-privdata";
break;
case SC_PKCS15_TYPE_AUTH_PIN:
case COSM_TOKENINFO :
itag = "token-info";
num = 0;
break;
case COSM_PUBLIC_LIST:
itag = "public-list";
num = 0;
break;
case COSM_PRIVATE_LIST:
itag = "private-list";
num = 0;
break;
case COSM_CONTAINER_LIST:
itag = "container-list";
num = 0;
break;
default:
return SC_ERROR_INVALID_ARGUMENTS;
}
if (itag) {
snprintf(name, sizeof(name),"%s-%s", COSM_TITLE, itag);
sc_log(ctx, "info template %s",name);
if (sc_profile_get_file(profile, name, &ifile) < 0) {
sc_log(ctx, "profile does not defines template '%s'", name);
return SC_ERROR_INCONSISTENT_PROFILE;
}
}
if (otag) {
sc_log(ctx, "obj template %s",otag);
if (sc_profile_get_file(profile, otag, &ofile) < 0) {
sc_file_free(ifile);
sc_log(ctx, "profile does not defines template '%s'", name);
return SC_ERROR_INCONSISTENT_PROFILE;
}
ofile->id |= (num & 0xFF);
ofile->path.value[ofile->path.len-1] |= (num & 0xFF);
}
if (ifile) {
if(info_out) {
if (ofile) {
ifile->id = ofile->id | 0x100;
ifile->path = ofile->path;
ifile->path.value[ifile->path.len-2] |= 0x01;
}
sc_log(ctx,
"info_file(id:%04X,size:%"SC_FORMAT_LEN_SIZE_T"u,rlen:%"SC_FORMAT_LEN_SIZE_T"u)",
ifile->id, ifile->size, ifile->record_length);
*info_out = ifile;
}
else {
sc_file_free(ifile);
}
}
if (ofile) {
sc_log(ctx,
"obj file %04X; size %"SC_FORMAT_LEN_SIZE_T"u; ",
ofile->id, ofile->size);
if (obj_out)
*obj_out = ofile;
else
sc_file_free(ofile);
}
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
static int
awp_update_blob(struct sc_context *ctx,
unsigned char **blob, int *blob_size,
struct awp_lv *lv, int type)
{
unsigned char *pp;
LOG_FUNC_CALLED(ctx);
switch (type) {
case TLV_TYPE_LLV :
if (!(pp = realloc(*blob, *blob_size + 2 + lv->len)))
return SC_ERROR_OUT_OF_MEMORY;
*(pp + *blob_size) = (lv->len >> 8) & 0xFF;
*(pp + *blob_size + 1) = lv->len & 0xFF;
memcpy(pp + *blob_size + 2, lv->value, (lv->len & 0xFF));
*blob_size += 2 + lv->len;
break;
case TLV_TYPE_LV :
if (!(pp = realloc(*blob, *blob_size + 1 + lv->len)))
return SC_ERROR_OUT_OF_MEMORY;
*(pp + *blob_size) = lv->len & 0xFF;
memcpy(pp + *blob_size + 1, lv->value, (lv->len & 0xFF));
*blob_size += 1 + lv->len;
break;
case TLV_TYPE_V :
if (0 == *blob_size + lv->len)
return SC_ERROR_INVALID_DATA;
if (!(pp = realloc(*blob, *blob_size + lv->len)))
return SC_ERROR_OUT_OF_MEMORY;
memcpy(pp + *blob_size, lv->value, lv->len);
*blob_size += lv->len;
break;
default:
sc_log(ctx, "Invalid tlv type %i",type);
return SC_ERROR_INCORRECT_PARAMETERS;
}
*blob = pp;
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
static int
awp_new_container_entry(struct sc_pkcs15_card *p15card, unsigned char *buff, size_t len)
{
struct sc_context *ctx = p15card->card->ctx;
int mm, rv = 0;
unsigned ii, marks[5] = {4,6,8,10,0};
unsigned char rand_buf[0x10];
LOG_FUNC_CALLED(ctx);
if (len<0x34)
LOG_TEST_RET(ctx, SC_ERROR_INCORRECT_PARAMETERS, "Invalid container update size");
rv = sc_get_challenge(p15card->card, rand_buf, sizeof(rand_buf));
LOG_TEST_RET(ctx, rv, "Cannot get challenge");
*(buff + 12) = 0x26;
*(buff + 13) = '{';
for (ii=0, mm = 0; ii<sizeof(rand_buf); ii++) {
if (ii==marks[mm]) {
*(buff + 14 + ii*2 + mm) = '-';
mm++;
}
sprintf((char *)(buff + 14 + ii*2 + mm),"%02X", rand_buf[ii]);
}
*(buff + 14 + ii*2 + mm) = (unsigned char)'}';
LOG_FUNC_RETURN(ctx, rv);
}
static int
awp_create_container_record (struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_file *list_file, struct awp_crypto_container *acc)
{
struct sc_context *ctx = p15card->card->ctx;
int rv;
unsigned char *buff = NULL;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "container file(file-id:%X,rlen:%"SC_FORMAT_LEN_SIZE_T"u,rcount:%"SC_FORMAT_LEN_SIZE_T"u)",
list_file->id, list_file->record_length, list_file->record_count);
buff = malloc(list_file->record_length);
if (!buff)
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
memset(buff, 0, list_file->record_length);
rv = awp_new_container_entry(p15card, buff, list_file->record_length);
if (rv < 0) {
free(buff);
sc_log(ctx, "Cannot create container");
LOG_FUNC_RETURN(ctx, rv);
}
*(buff + 0) = (acc->pubkey_id >> 8) & 0xFF;
*(buff + 1) = acc->pubkey_id & 0xFF;
*(buff + 2) = (acc->prkey_id >> 8) & 0xFF;
*(buff + 3) = acc->prkey_id & 0xFF;
*(buff + 4) = (acc->cert_id >> 8) & 0xFF;
*(buff + 5) = acc->cert_id & 0xFF;
rv = sc_select_file(p15card->card, &list_file->path, NULL);
if (rv == SC_ERROR_FILE_NOT_FOUND)
rv = sc_pkcs15init_create_file(profile, p15card, list_file);
if (!rv)
rv = sc_append_record(p15card->card, buff, list_file->record_length, SC_RECORD_BY_REC_NR);
free(buff);
LOG_FUNC_RETURN(ctx, rv);
}
static int
awp_create_container(struct sc_pkcs15_card *p15card, struct sc_profile *profile, int type,
struct awp_lv *key_id, struct awp_crypto_container *acc)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_file *clist = NULL, *file = NULL;
int rv = 0;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "create container(%X:%X:%X)", acc->prkey_id, acc->cert_id, acc->pubkey_id);
rv = awp_new_file(p15card, profile, COSM_CONTAINER_LIST, 0, &clist, NULL);
LOG_TEST_RET(ctx, rv, "Create container failed");
sc_log(ctx, "contaner cfile(rcount:%"SC_FORMAT_LEN_SIZE_T"u,rlength:%"SC_FORMAT_LEN_SIZE_T"u)", clist->record_count, clist->record_length);
rv = sc_select_file(p15card->card, &clist->path, &file);
LOG_TEST_RET(ctx, rv, "Create container failed: cannot select container's list");
file->record_length = clist->record_length;
sc_log(ctx, "contaner file(rcount:%"SC_FORMAT_LEN_SIZE_T"u,rlength:%"SC_FORMAT_LEN_SIZE_T"u)", file->record_count, file->record_length);
sc_log(ctx, "Append new record %"SC_FORMAT_LEN_SIZE_T"u for private key", file->record_count + 1);
rv = awp_create_container_record(p15card, profile, file, acc);
sc_file_free(file);
sc_file_free(clist);
LOG_FUNC_RETURN(ctx, rv);
}
static int
awp_update_container_entry (struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_file *list_file, int type, int file_id,
size_t rec, int offs)
{
struct sc_context *ctx = p15card->card->ctx;
int rv;
unsigned char *buff = NULL;
LOG_FUNC_CALLED(ctx);
sc_log(ctx,
"update container entry(type:%X,id %i,rec %"SC_FORMAT_LEN_SIZE_T"u,offs %i",
type, file_id, rec, offs);
sc_log(ctx, "container file(file-id:%X,rlen:%"SC_FORMAT_LEN_SIZE_T"u,rcount:%"SC_FORMAT_LEN_SIZE_T"u)",
list_file->id, list_file->record_length, list_file->record_count);
buff = malloc(list_file->record_length);
if (!buff)
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
memset(buff, 0, list_file->record_length);
if (rec > list_file->record_count) {
rv = awp_new_container_entry(p15card, buff, list_file->record_length);
}
else {
rv = sc_select_file(p15card->card, &list_file->path, NULL);
if (!rv)
rv = sc_read_record(p15card->card, rec, buff, list_file->record_length, SC_RECORD_BY_REC_NR);
}
if (rv < 0) {
free(buff);
LOG_FUNC_RETURN(ctx, rv);
}
switch (type) {
case SC_PKCS15_TYPE_PUBKEY_RSA:
case COSM_TYPE_PUBKEY_RSA:
if (*(buff + offs + 4))
sc_log(ctx, "Insert public key to container that contains certificate %02X%02X",
*(buff + offs + 4), *(buff + offs + 5));
*(buff + offs + 0) = (file_id >> 8) & 0xFF;
*(buff + offs + 1) = file_id & 0xFF;
break;
case SC_PKCS15_TYPE_PRKEY_RSA:
case COSM_TYPE_PRKEY_RSA:
if (*(buff + offs + 2)) {
free(buff);
LOG_TEST_RET(ctx, SC_ERROR_INVALID_CARD, "private key exists already");
}
*(buff + offs + 2) = (file_id >> 8) & 0xFF;
*(buff + offs + 3) = file_id & 0xFF;
break;
case SC_PKCS15_TYPE_CERT_X509 :
*(buff + offs + 4) = (file_id >> 8) & 0xFF;
*(buff + offs + 5) = file_id & 0xFF;
break;
default:
free(buff);
LOG_FUNC_RETURN(ctx, SC_ERROR_INCORRECT_PARAMETERS);
}
if (rec > list_file->record_count) {
rv = sc_select_file(p15card->card, &list_file->path, NULL);
if (rv == SC_ERROR_FILE_NOT_FOUND)
rv = sc_pkcs15init_create_file(profile, p15card, list_file);
if (!rv)
rv = sc_append_record(p15card->card, buff, list_file->record_length, SC_RECORD_BY_REC_NR);
}
else {
rv = sc_update_record(p15card->card, rec, buff, list_file->record_length, SC_RECORD_BY_REC_NR);
}
free(buff);
LOG_FUNC_RETURN(ctx, rv);
}
static int
awp_update_container(struct sc_pkcs15_card *p15card, struct sc_profile *profile, int type,
struct awp_lv *key_id, unsigned obj_id, unsigned int *prkey_id)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_file *clist = NULL, *file = NULL;
struct sc_path private_path;
int rv = 0;
size_t rec, rec_offs;
unsigned char *list = NULL;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "update container(type:%X,obj_id:%X)", type, obj_id);
if (prkey_id)
*prkey_id = 0;
/*
* Get path of the DF that contains private objects.
*/
rv = awp_new_file(p15card, profile, SC_PKCS15_TYPE_PRKEY_RSA, 1, NULL, &file);
if (rv)
goto done;
private_path = file->path;
sc_file_free(file), file=NULL;
rv = awp_new_file(p15card, profile, COSM_CONTAINER_LIST, 0, &clist, NULL);
if (rv)
goto done;
rv = sc_select_file(p15card->card, &clist->path, &file);
if (rv)
goto done;
file->record_length = clist->record_length;
if (type == SC_PKCS15_TYPE_PRKEY_RSA || type == COSM_TYPE_PRKEY_RSA) {
rec_offs = 0;
rv = awp_update_container_entry(p15card, profile, file, type, obj_id, file->record_count + 1, rec_offs);
goto done;
}
list = malloc(AWP_CONTAINER_RECORD_LEN * file->record_count);
if (!list) {
rv = SC_ERROR_OUT_OF_MEMORY;
goto done;
}
rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_READ);
if (rv)
goto done;
for (rec=0; rec < file->record_count; rec++) {
unsigned char tmp[256];
rv = sc_read_record(p15card->card, rec + 1, tmp, sizeof(tmp), SC_RECORD_BY_REC_NR);
if (rv >= AWP_CONTAINER_RECORD_LEN)
memcpy(list + rec*AWP_CONTAINER_RECORD_LEN, tmp, AWP_CONTAINER_RECORD_LEN);
else
goto done;
}
for (rec=0, rv=0; !rv && rec < file->record_count; rec++) {
for (rec_offs=0; !rv && rec_offs<12; rec_offs+=6) {
int offs;
sc_log(ctx, "rec %"SC_FORMAT_LEN_SIZE_T"u; rec_offs %"SC_FORMAT_LEN_SIZE_T"u", rec, rec_offs);
offs = rec*AWP_CONTAINER_RECORD_LEN + rec_offs;
if (*(list + offs + 2)) {
unsigned char *buff = NULL;
int id_offs;
struct sc_path path = private_path;
struct sc_file *ff = NULL;
path.value[path.len - 2] = *(list + offs + 2) | 0x01;
path.value[path.len - 1] = *(list + offs + 3);
rv = sc_select_file(p15card->card, &path, &ff);
if (rv)
continue;
rv = sc_pkcs15init_authenticate(profile, p15card, ff, SC_AC_OP_READ);
if (rv) {
sc_file_free(ff);
break;
}
buff = malloc(ff->size);
if (!buff)
rv = SC_ERROR_OUT_OF_MEMORY;
if (!rv) {
rv = sc_read_binary(p15card->card, 0, buff, ff->size, 0);
if ((unsigned)rv == ff->size) {
rv = 0;
id_offs = 5 + *(buff+3);
if (key_id->len == *(buff + id_offs) &&
!memcmp(key_id->value, buff + id_offs + 1, key_id->len)) {
sc_log(ctx, "found key file friend");
if (!rv)
rv = awp_update_container_entry(p15card, profile, file, type, obj_id, rec + 1, rec_offs);
if (rv >= 0 && prkey_id)
*prkey_id = *(list + offs + 2) * 0x100 + *(list + offs + 3);
}
}
}
free(buff);
sc_file_free(ff);
if (rv)
break;
}
}
}
done:
sc_file_free(clist);
sc_file_free(file);
if (list) free(list);
LOG_FUNC_RETURN(ctx, rv);
}
static int
awp_update_df_create_pin(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *pinobj)
{
SC_FUNC_CALLED(p15card->card->ctx, 1);
/* No update DF when creating PIN objects */
SC_FUNC_RETURN(p15card->card->ctx, 1, SC_SUCCESS);
}
static int
awp_set_certificate_info (struct sc_pkcs15_card *p15card,
struct sc_profile *profile,
struct sc_file *file,
struct awp_cert_info *ci)
{
struct sc_context *ctx = p15card->card->ctx;
int r = 0, blob_size;
unsigned char *blob;
const char *default_cert_label = "Certificate";
LOG_FUNC_CALLED(ctx);
blob_size = 2;
if (!(blob = malloc(blob_size))) {
r = SC_ERROR_OUT_OF_MEMORY;
goto done;
}
/* TODO: cert flags */
*blob = (COSM_TAG_CERT >> 8) & 0xFF;
*(blob + 1) = COSM_TAG_CERT & 0xFF;
if (ci->label.len && ci->label.len != strlen(default_cert_label)
&& memcmp(ci->label.value, default_cert_label, strlen(default_cert_label)))
r = awp_update_blob(ctx, &blob, &blob_size, &ci->label, TLV_TYPE_LLV);
else
r = awp_update_blob(ctx, &blob, &blob_size, &ci->cn, TLV_TYPE_LLV);
if (r)
goto done;
r = awp_update_blob(ctx, &blob, &blob_size, &ci->id, TLV_TYPE_LLV);
if (r)
goto done;
r = awp_update_blob(ctx, &blob, &blob_size, &ci->subject, TLV_TYPE_LLV);
if (r)
goto done;
if (ci->issuer.len != ci->subject.len ||
memcmp(ci->issuer.value, ci->subject.value, ci->subject.len)) {
r = awp_update_blob(ctx, &blob, &blob_size, &ci->issuer, TLV_TYPE_LLV);
if (r)
goto done;
r = awp_update_blob(ctx, &blob, &blob_size, &ci->serial, TLV_TYPE_LLV);
if (r)
goto done;
}
else {
r = awp_update_blob(ctx, &blob, &blob_size, &zero_lv, TLV_TYPE_LLV);
if (r)
goto done;
r = awp_update_blob(ctx, &blob, &blob_size, &zero_lv, TLV_TYPE_LLV);
if (r)
goto done;
}
file->size = blob_size;
r = sc_pkcs15init_create_file(profile, p15card, file);
if (r)
goto done;
r = sc_pkcs15init_update_file(profile, p15card, file, blob, blob_size);
if (r < 0)
goto done;
r = 0;
done:
if (blob)
free(blob);
LOG_FUNC_RETURN(ctx, r);
}
static int
awp_update_object_list(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
unsigned int type, int num)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_file *obj_file = NULL, *lst_file = NULL;
struct sc_file *file = NULL;
char obj_name[NAME_MAX_LEN], lst_name[NAME_MAX_LEN];
unsigned char *buff = NULL;
int rv;
unsigned ii;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "type %i, num %i", type, num);
switch (type) {
case SC_PKCS15_TYPE_CERT_X509:
snprintf(obj_name, NAME_MAX_LEN, "template-certificate");
snprintf(lst_name, NAME_MAX_LEN,"%s-public-list", COSM_TITLE);
break;
case SC_PKCS15_TYPE_PUBKEY_RSA:
case COSM_TYPE_PUBKEY_RSA:
snprintf(obj_name, NAME_MAX_LEN, "template-public-key");
snprintf(lst_name, NAME_MAX_LEN,"%s-public-list", COSM_TITLE);
break;
case SC_PKCS15_TYPE_DATA_OBJECT:
snprintf(obj_name, NAME_MAX_LEN, "template-data");
snprintf(lst_name, NAME_MAX_LEN,"%s-public-list", COSM_TITLE);
break;
case COSM_TYPE_PRIVDATA_OBJECT:
snprintf(obj_name, NAME_MAX_LEN, "template-privdata");
snprintf(lst_name, NAME_MAX_LEN,"%s-private-list", COSM_TITLE);
break;
case SC_PKCS15_TYPE_PRKEY_RSA:
case COSM_TYPE_PRKEY_RSA:
snprintf(obj_name, NAME_MAX_LEN,"template-private-key");
snprintf(lst_name, NAME_MAX_LEN,"%s-private-list", COSM_TITLE);
break;
default:
sc_log(ctx, "Not supported file type %X", type);
return SC_ERROR_INVALID_ARGUMENTS;
}
sc_log(ctx, "obj_name %s; num 0x%X",obj_name, num);
sc_log(ctx, "lst_name %s",lst_name);
if (sc_profile_get_file(profile, obj_name, &obj_file) < 0) {
sc_log(ctx, "No profile template '%s'", obj_name);
rv = SC_ERROR_NOT_SUPPORTED;
goto done;
}
else if (sc_profile_get_file(profile, lst_name, &lst_file) < 0) {
sc_log(ctx, "No profile template '%s'", lst_name);
rv = SC_ERROR_NOT_SUPPORTED;
goto done;
}
obj_file->id |= (num & 0xFF);
obj_file->path.value[obj_file->path.len-1] |= (num & 0xFF);
rv = sc_select_file(p15card->card, &obj_file->path, &file);
if (rv)
goto done;
if (type == SC_PKCS15_TYPE_PUBKEY_RSA || type == COSM_TYPE_PUBKEY_RSA) {
if (file->size==PUBKEY_512_ASN1_SIZE)
file->size = 512;
else if (file->size==PUBKEY_1024_ASN1_SIZE)
file->size = 1024;
else if (file->size==PUBKEY_2048_ASN1_SIZE)
file->size = 2048;
}
buff = malloc(lst_file->size);
if (!buff) {
rv = SC_ERROR_OUT_OF_MEMORY;
goto done;
}
rv = sc_pkcs15init_authenticate(profile, p15card, lst_file, SC_AC_OP_READ);
if (rv)
goto done;
rv = sc_pkcs15init_authenticate(profile, p15card, lst_file, SC_AC_OP_UPDATE);
if (rv)
goto done;
rv = sc_select_file(p15card->card, &lst_file->path, NULL);
if (rv == SC_ERROR_FILE_NOT_FOUND)
rv = sc_pkcs15init_create_file(profile, p15card, lst_file);
if (rv < 0)
goto done;
rv = sc_read_binary(p15card->card, 0, buff, lst_file->size, lst_file->ef_structure);
if (rv < 0)
goto done;
for (ii=0; ii < lst_file->size; ii+=5)
if (*(buff + ii) != COSM_LIST_TAG)
break;
if (ii>=lst_file->size) {
rv = SC_ERROR_UNKNOWN_DATA_RECEIVED;
goto done;
}
sc_log(ctx,
"ii %i, rv %i; %X; %"SC_FORMAT_LEN_SIZE_T"u",
ii, rv, file->id, file->size);
*(buff + ii) = COSM_LIST_TAG;
*(buff + ii + 1) = (file->id >> 8) & 0xFF;
*(buff + ii + 2) = file->id & 0xFF;
*(buff + ii + 3) = (file->size >> 8) & 0xFF;
*(buff + ii + 4) = file->size & 0xFF;
rv = sc_update_binary(p15card->card, ii, buff + ii, 5, 0);
sc_log(ctx, "rv %i",rv);
if (rv < 0)
goto done;
rv = 0;
done:
if (buff)
free(buff);
sc_file_free(lst_file);
sc_file_free(obj_file);
sc_file_free(file);
LOG_FUNC_RETURN(ctx, rv);
}
static int
awp_encode_key_info(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *obj,
struct sc_pkcs15_pubkey_rsa *pubkey, struct awp_key_info *ki)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_pkcs15_prkey_info *key_info;
int r = 0;
LOG_FUNC_CALLED(ctx);
#if OPENSSL_VERSION_NUMBER < 0x30000000L
ERR_load_ERR_strings();
#endif
ERR_load_crypto_strings();
key_info = (struct sc_pkcs15_prkey_info *)obj->data;
sc_log(ctx, "object(%s,type:%X)", obj->label, obj->type);
if (obj->type == SC_PKCS15_TYPE_PUBKEY_RSA || obj->type == COSM_TYPE_PUBKEY_RSA )
ki->flags = COSM_TAG_PUBKEY_RSA;
else if (obj->type == SC_PKCS15_TYPE_PRKEY_RSA || obj->type == COSM_TYPE_PRKEY_RSA)
ki->flags = COSM_TAG_PRVKEY_RSA;
else
return SC_ERROR_INCORRECT_PARAMETERS;
if (obj->type == COSM_TYPE_PUBKEY_RSA || obj->type == COSM_TYPE_PRKEY_RSA)
ki->flags |= COSM_GENERATED;
ki->label.value = (unsigned char *)strdup(obj->label);
ki->label.len = strlen(obj->label);
sc_log(ctx,
"cosm_encode_key_info() label(%u):%s",
ki->label.len, ki->label.value);
/*
* Oberthur saves modulus value without tag and length.
*/
sc_log(ctx,
"pubkey->modulus.len %"SC_FORMAT_LEN_SIZE_T"u",
pubkey->modulus.len);
ki->modulus.value = malloc(pubkey->modulus.len);
if (!ki->modulus.value) {
r = SC_ERROR_OUT_OF_MEMORY;
goto done;
}
memcpy(ki->modulus.value, pubkey->modulus.data, pubkey->modulus.len);
ki->modulus.len = pubkey->modulus.len;
/*
* Oberthur saves exponents as length and value, without tag.
*/
ki->exponent.value = malloc(pubkey->exponent.len);
if (!ki->exponent.value) {
r = SC_ERROR_OUT_OF_MEMORY;
goto done;
}
memcpy(ki->exponent.value, pubkey->exponent.data, pubkey->exponent.len);
ki->exponent.len = pubkey->exponent.len;
/*
* ID
*/
ki->id.value = calloc(1, key_info->id.len);
if (!ki->id.value)
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "AWP encode cert failed: ID allocation error");
memcpy(ki->id.value, key_info->id.value, key_info->id.len);
ki->id.len = key_info->id.len;
sc_log(ctx, "cosm_encode_key_info() label:%s",ki->label.value);
done:
#if OPENSSL_VERSION_NUMBER < 0x30000000L
ERR_load_ERR_strings();
#endif
ERR_load_crypto_strings();
LOG_FUNC_RETURN(ctx, r);
}
static void
awp_free_key_info(struct awp_key_info *ki)
{
free(ki->modulus.value);
free(ki->exponent.value);
free(ki->id.value);
}
static int
awp_set_key_info (struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_file *file,
struct awp_key_info *ki, struct awp_cert_info *ci)
{
struct sc_context *ctx = p15card->card->ctx;
int r = 0, blob_size;
unsigned char *blob;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "file:%p, kinfo:%p, cinfo:%p", file, ki, ci);
blob_size = 2;
blob = malloc(blob_size);
if (!blob)
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "AWP set key info failed: blob allocation error");
sc_log(ctx, "label:%s",ki->label.value);
*blob = (ki->flags >> 8) & 0xFF;
*(blob + 1) = ki->flags & 0xFF;
if (ci && ci->label.len)
r = awp_update_blob(ctx, &blob, &blob_size, &ci->label, TLV_TYPE_LLV);
else if (ci && !ci->label.len)
r = awp_update_blob(ctx, &blob, &blob_size, &ci->cn, TLV_TYPE_LLV);
else
r = awp_update_blob(ctx, &blob, &blob_size, &ki->label, TLV_TYPE_LLV);
if (r)
goto done;
r = awp_update_blob(ctx, &blob, &blob_size, &ki->id, TLV_TYPE_LLV);
if (r)
goto done;
r = awp_update_blob(ctx, &blob, &blob_size, &x30_lv, TLV_TYPE_V);
if (r)
goto done;
if (ci)
r = awp_update_blob(ctx, &blob, &blob_size, &(ci->subject), TLV_TYPE_LLV);
else
r = awp_update_blob(ctx, &blob, &blob_size, &zero_lv, TLV_TYPE_LLV);
if (r)
goto done;
if ((ki->flags & ~COSM_GENERATED) != COSM_TAG_PUBKEY_RSA) {
r = awp_update_blob(ctx, &blob, &blob_size, &ki->modulus, TLV_TYPE_V);
if (r)
goto done;
r = awp_update_blob(ctx, &blob, &blob_size, &ki->exponent, TLV_TYPE_LV);
if (r)
goto done;
}
file->size = blob_size;
r = sc_pkcs15init_create_file(profile, p15card, file);
if (r == SC_ERROR_FILE_ALREADY_EXISTS) {
r = cosm_delete_file(p15card, profile, file);
if (!r)
r = sc_pkcs15init_create_file(profile, p15card, file);
}
if (r<0)
goto done;
r = sc_pkcs15init_update_file(profile, p15card, file, blob, blob_size);
if (r < 0)
goto done;
r = 0;
done:
if (blob)
free(blob);
LOG_FUNC_RETURN(ctx, r);
}
static int
awp_encode_cert_info(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *obj,
struct awp_cert_info *ci)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_pkcs15_cert_info *cert_info;
struct sc_pkcs15_pubkey_rsa pubkey;
int r = 0;
unsigned char *buff = NULL, *ptr;
BIO *mem = NULL;
X509 *x = NULL;
LOG_FUNC_CALLED(ctx);
#if OPENSSL_VERSION_NUMBER < 0x30000000L
ERR_load_ERR_strings();
#endif
ERR_load_crypto_strings();
if (!obj || !ci)
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "AWP encode cert failed: invalid parameters");
cert_info = (struct sc_pkcs15_cert_info *)obj->data;
sc_log(ctx,
"Encode cert(%s,id:%s,der(%p,%"SC_FORMAT_LEN_SIZE_T"u))",
obj->label, sc_pkcs15_print_id(&cert_info->id),
obj->content.value, obj->content.len);
memset(&pubkey, 0, sizeof(pubkey));
ci->label.value = (unsigned char *)strdup(obj->label);
ci->label.len = strlen(obj->label);
mem = BIO_new_mem_buf(obj->content.value, obj->content.len);
if (!mem)
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "AWP encode cert failed: invalid data");
x = d2i_X509_bio(mem, NULL);
if (!x)
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "AWP encode cert failed: x509 parse error");
buff = OPENSSL_malloc(i2d_X509(x,NULL) + EVP_MAX_MD_SIZE);
if (!buff)
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "AWP encode cert failed: memory allocation error");
/*
* subject commonName.
*/
ptr = awp_get_commonName(x);
if (!ptr) {
r = SC_ERROR_INTERNAL;
LOG_TEST_GOTO_ERR(ctx, r, "AWP encode cert failed: cannot get CommonName");
}
ci->cn.value = ptr;
ci->cn.len = strlen((char *)ptr);
/*
* subject DN
*/
ptr = buff;
r = i2d_X509_NAME(X509_get_subject_name(x),&ptr);
if (r<=0) {
r = SC_ERROR_INTERNAL;
LOG_TEST_GOTO_ERR(ctx, r, "AWP encode cert failed: cannot get SubjectName");
}
ci->subject.value = malloc(r);
if (!ci->subject.value) {
r = SC_ERROR_OUT_OF_MEMORY;
LOG_TEST_GOTO_ERR(ctx, r, "AWP encode cert failed: subject allocation error");
}
memcpy(ci->subject.value, buff, r);
ci->subject.len = r;
/*
* issuer DN
*/
ptr = buff;
r = i2d_X509_NAME(X509_get_issuer_name(x),&ptr);
if (r <= 0) {
r = SC_ERROR_INTERNAL;
LOG_TEST_GOTO_ERR(ctx, r, "AWP encode cert failed: cannot get IssuerName");
}
ci->issuer.value = malloc(r);
if (!ci->issuer.value) {
r = SC_ERROR_OUT_OF_MEMORY;
LOG_TEST_GOTO_ERR(ctx, r, "AWP encode cert failed: issuer allocation error");
}
memcpy(ci->issuer.value, buff, r);
ci->issuer.len = r;
/*
* ID
*/
ci->id.value = calloc(1, cert_info->id.len);
if (!ci->id.value) {
r = SC_ERROR_OUT_OF_MEMORY;
LOG_TEST_GOTO_ERR(ctx, r, "AWP encode cert failed: ID allocation error");
}
memcpy(ci->id.value, cert_info->id.value, cert_info->id.len);
ci->id.len = cert_info->id.len;
/*
* serial number
*/
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
/* TODO the der encoding of a ANS1_INTEGER is a TLV, the original code only as using the
* i2c_ASN1_INTEGER which is not in OpenSSL 1.1
* It was adding the tag V_ASN1_INTEGER and the one byte length back in in effect creating
* a DER encoded ASN1_INTEGER
* So we can simplify the code and make compatible with OpenSSL 1.1. This needs to be tested
*/
ci->serial.len = 0;
ci->serial.value = NULL;
/* get length */
ci->serial.len = i2d_ASN1_INTEGER(X509_get_serialNumber(x), NULL);
if (ci->serial.len > 0) {
if (!(ci->serial.value = malloc(ci->serial.len))) {
ci->serial.len = 0;
r = SC_ERROR_OUT_OF_MEMORY;
goto err;
}
ci->serial.len = i2d_ASN1_INTEGER(X509_get_serialNumber(x), &ci->serial.value);
}
/* if len == 0, and value == NULL, then the cert did not have a serial number.*/
sc_log(ctx, "cert. serial encoded length %i", ci->serial.len);
#else
do {
int encoded_len;
unsigned char encoded[0x40], *encoded_ptr;
encoded_ptr = encoded;
encoded_len = i2c_ASN1_INTEGER(X509_get_serialNumber(x), &encoded_ptr);
if (!(ci->serial.value = malloc(encoded_len + 3))) {
r = SC_ERROR_OUT_OF_MEMORY;
goto err;
}
memcpy(ci->serial.value + 2, encoded, encoded_len);
*(ci->serial.value + 0) = V_ASN1_INTEGER;
*(ci->serial.value + 1) = encoded_len;
ci->serial.len = encoded_len + 2;
sc_log(ctx, "cert. serial encoded length %i", encoded_len);
} while (0);
#endif
ci->x509 = X509_dup(x);
err:
ERR_print_errors_fp(stderr);
ERR_clear_error();
ERR_free_strings();
if (pubkey.exponent.data) free(pubkey.exponent.data);
if (pubkey.modulus.data) free(pubkey.modulus.data);
if (x) X509_free(x);
if (mem) BIO_free(mem);
if (buff) OPENSSL_free(buff);
LOG_FUNC_RETURN(ctx, r);
}
static void
awp_free_cert_info(struct awp_cert_info *ci)
{
if (ci) {
if (ci->cn.len && ci->cn.value)
free(ci->cn.value);
if (ci->id.len && ci->id.value)
free(ci->id.value);
if (ci->subject.len && ci->subject.value)
free(ci->subject.value);
if (ci->issuer.len && ci->issuer.value)
free(ci->issuer.value);
if (ci->x509)
X509_free(ci->x509);
memset(ci,0,sizeof(struct awp_cert_info));
}
}
static int
awp_encode_data_info(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *obj,
struct awp_data_info *di)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_pkcs15_data_info *data_info;
int r = 0;
unsigned char *buf = NULL;
size_t buflen;
LOG_FUNC_CALLED(ctx);
if (!obj || !di)
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "AWP encode data failed: invalid parameters");
data_info = (struct sc_pkcs15_data_info *)obj->data;
sc_log(ctx,
"Encode data(%s,id:%s,der(%p,%"SC_FORMAT_LEN_SIZE_T"u))",
obj->label, sc_pkcs15_print_id(&data_info->id),
obj->content.value, obj->content.len);
di->flags = 0x0000;
di->label.value = (unsigned char *)strdup(obj->label);
di->label.len = strlen(obj->label);
di->app.len = strlen(data_info->app_label);
if (di->app.len) {
di->app.value = (unsigned char *)strdup(data_info->app_label);
if (!di->app.value)
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
}
r = sc_asn1_encode_object_id(&buf, &buflen, &data_info->app_oid);
LOG_TEST_RET(ctx, r, "AWP encode data failed: cannot encode OID");
di->oid.len = buflen + 2;
di->oid.value = malloc(di->oid.len);
if (!di->oid.value) {
free(buf);
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "AWP encode data failed: cannot allocate OID");
}
*(di->oid.value + 0) = 0x06;
*(di->oid.value + 1) = buflen;
memcpy(di->oid.value + 2, buf, buflen);
free(buf);
LOG_FUNC_RETURN(ctx, r);
}
static void
awp_free_data_info(struct awp_data_info *di)
{
if (di->label.len && di->label.value)
free(di->label.value);
if (di->app.len && di->app.value)
free(di->app.value);
if (di->oid.len && di->oid.value)
free(di->oid.value);
memset(di, 0, sizeof(struct awp_data_info));
}
static int
awp_set_data_info (struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_file *file, struct awp_data_info *di)
{
struct sc_context *ctx = p15card->card->ctx;
int r = 0, blob_size;
unsigned char *blob;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "Set 'DATA' info %p", di);
blob_size = 2;
if (!(blob = malloc(blob_size))) {
r = SC_ERROR_OUT_OF_MEMORY;
goto done;
}
*blob = (di->flags >> 8) & 0xFF;
*(blob + 1) = di->flags & 0xFF;
r = awp_update_blob(ctx, &blob, &blob_size, &di->label, TLV_TYPE_LLV);
if (r)
goto done;
r = awp_update_blob(ctx, &blob, &blob_size, &di->app, TLV_TYPE_LLV);
if (r)
goto done;
r = awp_update_blob(ctx, &blob, &blob_size, &di->oid, TLV_TYPE_LLV);
if (r)
goto done;
file->size = blob_size;
r = sc_pkcs15init_create_file(profile, p15card, file);
if (r)
goto done;
r = sc_pkcs15init_update_file(profile, p15card, file, blob, blob_size);
if (r < 0)
goto done;
r = 0;
done:
if (blob)
free(blob);
LOG_FUNC_RETURN(ctx, r);
}
static int
awp_get_lv(struct sc_context *ctx, unsigned char *buf, size_t buf_len,
size_t offs, int len_len,
struct awp_lv *out)
{
int len = 0, ii;
if (buf_len - offs < 2)
return 0;
if (len_len > 2) {
len = len_len;
len_len = 0;
}
else {
for (len=0, ii=0; ii<len_len; ii++)
len = len * 0x100 + *(buf + offs + ii);
}
if (len && out) {
if (out->value)
free(out->value);
out->value = malloc(len);
if (!out->value)
return SC_ERROR_OUT_OF_MEMORY;
memcpy(out->value, buf + offs + len_len, len);
out->len = len;
}
return len_len + len;
}
static int
awp_parse_key_info(struct sc_context *ctx, unsigned char *buf, size_t buf_len,
struct awp_key_info *ikey)
{
size_t offs;
int len;
LOG_FUNC_CALLED(ctx);
offs = 0;
/* Flags */
if (buf_len - offs < 2)
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
ikey->flags = *(buf + offs) * 0x100 + *(buf + offs + 1);
offs += 2;
/* Label */
len = awp_get_lv(ctx, buf, buf_len, offs, 2, &ikey->label);
LOG_TEST_RET(ctx, len, "AWP parse key info failed: label");
if (!len)
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
offs += len;
/* Ignore Key ID */
len = awp_get_lv(ctx, buf, buf_len, offs, 2, &ikey->id);
LOG_TEST_RET(ctx, len, "AWP parse key info failed: ID");
if (!len)
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
offs += len;
while (*(buf + offs) == '0')
offs++;
/* Subject */
len = awp_get_lv(ctx, buf, buf_len, offs, 2, &ikey->subject);
LOG_TEST_RET(ctx, len, "AWP parse key info failed: subject");
if (!len)
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
offs += len;
/* Modulus */
if (buf_len - offs > 64 && buf_len - offs < 128)
len = awp_get_lv(ctx, buf, buf_len, offs, 64, &ikey->modulus);
else if (buf_len - offs > 128 && buf_len - offs < 256)
len = awp_get_lv(ctx, buf, buf_len, offs, 128, &ikey->modulus);
else
len = awp_get_lv(ctx, buf, buf_len, offs, 256, &ikey->modulus);
LOG_TEST_RET(ctx, len, "AWP parse key info failed: modulus");
if (!len)
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
offs += len;
/* Exponent */
len = awp_get_lv(ctx, buf, buf_len, offs, 1, &ikey->exponent);
LOG_TEST_RET(ctx, len, "AWP parse key info failed: exponent");
if (!len)
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
static int
awp_update_key_info(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
unsigned prvkey_id, struct awp_cert_info *ci)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_file *key_file=NULL, *info_file=NULL, *file=NULL;
struct awp_key_info ikey;
int rv = 0;
unsigned char *buf;
size_t buf_len;
LOG_FUNC_CALLED(ctx);
rv = awp_new_file(p15card, profile, SC_PKCS15_TYPE_PRKEY_RSA, prvkey_id & 0xFF, &info_file, &key_file);
LOG_TEST_RET(ctx, rv, "AWP update key info failed: instantiation error");
sc_log(ctx, "key id %X; info id%X", key_file->id, info_file->id);
rv = sc_pkcs15init_authenticate(profile, p15card, info_file, SC_AC_OP_READ);
if (rv) {
sc_log(ctx, "AWP update key info failed: 'READ' authentication error");
goto done;
}
rv = sc_select_file(p15card->card, &info_file->path, &file);
if (rv) {
sc_log(ctx, "AWP update key info failed: cannot select info file");
goto done;
}
buf = calloc(1,file->size);
if (!buf)
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "AWP update key info failed: allocation error");
rv = sc_read_binary(p15card->card, 0, buf, file->size, 0);
if (rv < 0) {
sc_log(ctx, "AWP update key info failed: read info file error");
goto done;
}
buf_len = rv;
memset(&ikey, 0, sizeof(ikey));
rv = awp_parse_key_info(ctx, buf, buf_len, &ikey);
if (rv < 0) {
sc_log(ctx, "AWP update key info failed: parse key info error");
goto done;
}
free(buf);
rv = awp_set_key_info(p15card, profile, info_file, &ikey, ci);
LOG_TEST_RET(ctx, rv, "AWP update key info failed: set key info error");
done:
sc_file_free(file);
sc_file_free(key_file);
sc_file_free(info_file);
LOG_FUNC_RETURN(ctx, rv);
}
static int
awp_update_df_create_cert(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *obj)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_file *info_file=NULL, *obj_file=NULL;
struct awp_cert_info icert;
struct sc_pkcs15_der der;
struct sc_path path;
unsigned prvkey_id, obj_id;
int rv;
LOG_FUNC_CALLED(ctx);
der = obj->content;
path = ((struct sc_pkcs15_cert_info *)obj->data)->path;
obj_id = (path.value[path.len-1] & 0xFF) + (path.value[path.len-2] & 0xFF) * 0x100;
rv = awp_new_file(p15card, profile, SC_PKCS15_TYPE_CERT_X509, obj_id & 0xFF, &info_file, &obj_file);
LOG_TEST_RET(ctx, rv, "COSM new file error");
memset(&icert, 0, sizeof(icert));
sc_log(ctx,
"Cert Der(%p,%"SC_FORMAT_LEN_SIZE_T"u)", der.value, der.len);
rv = awp_encode_cert_info(p15card, obj, &icert);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "'Create Cert' update DF failed: cannot encode info");
rv = awp_set_certificate_info(p15card, profile, info_file, &icert);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "'Create Cert' update DF failed: cannot set info");
rv = awp_update_object_list(p15card, profile, SC_PKCS15_TYPE_CERT_X509, obj_id & 0xFF);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "'Create Cert' update DF failed: cannot update list");
rv = awp_update_container(p15card, profile, SC_PKCS15_TYPE_CERT_X509, &icert.id, obj_id, &prvkey_id);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "'Create Cert' update DF failed: cannot update container");
sc_log(ctx, "PrvKeyID:%04X", prvkey_id);
if (prvkey_id)
rv = awp_update_key_info(p15card, profile, prvkey_id, &icert);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "'Create Cert' update DF failed: cannot update key info");
awp_free_cert_info(&icert);
err:
sc_file_free(info_file);
sc_file_free(obj_file);
LOG_FUNC_RETURN(ctx, rv);
}
static int
awp_update_df_create_prvkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *key_obj)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_pkcs15_pubkey pubkey;
struct sc_pkcs15_der der;
struct awp_key_info ikey;
struct awp_cert_info icert;
struct sc_file *info_file=NULL;
struct sc_pkcs15_prkey_info *key_info;
struct sc_pkcs15_object *cert_obj = NULL, *pubkey_obj = NULL;
struct sc_path path;
struct awp_crypto_container cc;
struct sc_pkcs15_cert *p15cert = NULL;
int rv;
LOG_FUNC_CALLED(ctx);
memset(&ikey, 0, sizeof(ikey));
memset(&icert, 0, sizeof(icert));
key_info = (struct sc_pkcs15_prkey_info *)key_obj->data;
der = key_obj->content;
memset(&cc, 0, sizeof(cc));
path = key_info->path;
cc.prkey_id = (path.value[path.len-1] & 0xFF) + (path.value[path.len-2] & 0xFF) * 0x100;
rv = sc_pkcs15_find_cert_by_id(p15card, &key_info->id, &cert_obj);
if (!rv) {
struct sc_pkcs15_cert_info *cert_info = (struct sc_pkcs15_cert_info *) cert_obj->data;
path = cert_info->path;
cc.cert_id = (path.value[path.len-1] & 0xFF) + (path.value[path.len-2] & 0xFF) * 0x100;
rv = sc_pkcs15_read_certificate(p15card, cert_info, &p15cert);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "AWP 'update private key' DF failed: cannot get certificate");
rv = sc_pkcs15_allocate_object_content(ctx, cert_obj, p15cert->data.value, p15cert->data.len);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "AWP 'update private key' DF failed: cannot allocate content");
rv = awp_encode_cert_info(p15card, cert_obj, &icert);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "AWP 'update private key' DF failed: cannot encode cert info");
sc_pkcs15_free_certificate(p15cert);
p15cert = NULL;
}
rv = sc_pkcs15_find_pubkey_by_id(p15card, &key_info->id, &pubkey_obj);
if (!rv) {
path = ((struct sc_pkcs15_cert_info *)pubkey_obj->data)->path;
cc.pubkey_id = (path.value[path.len-1] & 0xFF) + (path.value[path.len-2] & 0xFF) * 0x100;
}
rv = awp_new_file(p15card, profile, key_obj->type, cc.prkey_id & 0xFF, &info_file, NULL);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "New private key info file error");
pubkey.algorithm = SC_ALGORITHM_RSA;
sc_log(ctx,
"PrKey Der(%p,%"SC_FORMAT_LEN_SIZE_T"u)", der.value, der.len);
rv = sc_pkcs15_decode_pubkey(ctx, &pubkey, der.value, der.len);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "AWP 'update private key' DF failed: decode public key error");
rv = awp_encode_key_info(p15card, key_obj, &pubkey.u.rsa, &ikey);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "AWP 'update private key' DF failed: encode info error");
rv = awp_set_key_info(p15card, profile, info_file, &ikey, cert_obj ? &icert : NULL);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "AWP 'update private key' DF failed: set info error");
rv = awp_update_object_list(p15card, profile, key_obj->type, cc.prkey_id & 0xFF);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "AWP 'update private key' DF failed: update object list error");
rv = awp_create_container(p15card, profile, key_obj->type, &ikey.id, &cc);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "AWP 'update private key' DF failed: update container error");
err:
if (p15cert)
sc_pkcs15_free_certificate(p15cert);
sc_file_free(info_file);
if (cert_obj)
awp_free_cert_info(&icert);
awp_free_key_info(&ikey);
LOG_FUNC_RETURN(ctx, rv);
}
static int
awp_update_df_create_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *obj)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_pkcs15_pubkey pubkey;
struct sc_pkcs15_der der;
struct awp_key_info ikey;
struct sc_file *info_file=NULL;
struct sc_path path;
unsigned obj_id;
int index, rv;
LOG_FUNC_CALLED(ctx);
path = ((struct sc_pkcs15_pubkey_info *)obj->data)->path;
der = obj->content;
index = path.value[path.len-1] & 0xFF;
obj_id = (path.value[path.len-1] & 0xFF) + (path.value[path.len-2] & 0xFF) * 0x100;
memset(&ikey, 0, sizeof(ikey));
rv = awp_new_file(p15card, profile, obj->type, index, &info_file, NULL);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "New public key info file error");
pubkey.algorithm = SC_ALGORITHM_RSA;
sc_log(ctx,
"PrKey Der(%p,%"SC_FORMAT_LEN_SIZE_T"u)", der.value, der.len);
rv = sc_pkcs15_decode_pubkey(ctx, &pubkey, der.value, der.len);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "AWP 'update public key' DF failed: decode public key error");
rv = awp_encode_key_info(p15card, obj, &pubkey.u.rsa, &ikey);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "AWP 'update public key' DF failed: encode info error");
rv = awp_set_key_info(p15card, profile, info_file, &ikey, NULL);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "AWP 'update public key' DF failed: set info error");
rv = awp_update_object_list(p15card, profile, obj->type, index);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "AWP 'update public key' DF failed: update object list error");
rv = awp_update_container(p15card, profile, obj->type, &ikey.id, obj_id, NULL);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE, rv, "AWP 'update public key' DF failed: update container error");
err:
awp_free_key_info(&ikey);
sc_file_free(info_file);
LOG_FUNC_RETURN(ctx, rv);
}
static int
awp_update_df_create_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *obj)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_file *info_file=NULL, *obj_file=NULL;
struct awp_data_info idata;
struct sc_path path;
unsigned obj_id, obj_type = obj->auth_id.len ? COSM_TYPE_PRIVDATA_OBJECT : SC_PKCS15_TYPE_DATA_OBJECT;
int rv;
LOG_FUNC_CALLED(ctx);
memset(&idata, 0, sizeof(idata));
path = ((struct sc_pkcs15_data_info *)obj->data)->path;
obj_id = (path.value[path.len-1] & 0xFF) + (path.value[path.len-2] & 0xFF) * 0x100;
rv = awp_new_file(p15card, profile, obj_type, obj_id & 0xFF, &info_file, &obj_file);
LOG_TEST_GOTO_ERR(ctx, rv, "COSM new file error");
rv = awp_encode_data_info(p15card, obj, &idata);
LOG_TEST_GOTO_ERR(ctx, rv, "'Create Data' update DF failed: cannot encode info");
rv = awp_set_data_info(p15card, profile, info_file, &idata);
LOG_TEST_GOTO_ERR(ctx, rv, "'Create Data' update DF failed: cannot set info");
rv = awp_update_object_list(p15card, profile, obj_type, obj_id & 0xFF);
LOG_TEST_GOTO_ERR(ctx, rv, "'Create Data' update DF failed: cannot update list");
err:
awp_free_data_info(&idata);
sc_file_free(info_file);
sc_file_free(obj_file);
LOG_FUNC_RETURN(ctx, rv);
}
int
awp_update_df_create(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *object)
{
struct sc_context *ctx = p15card->card->ctx;
int rv = SC_ERROR_INTERNAL;
LOG_FUNC_CALLED(ctx);
if (!object)
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
switch (object->type) {
case SC_PKCS15_TYPE_AUTH_PIN:
rv = awp_update_df_create_pin(p15card, profile, object);
break;
case SC_PKCS15_TYPE_CERT_X509:
rv = awp_update_df_create_cert(p15card, profile, object);
break;
case SC_PKCS15_TYPE_PRKEY_RSA:
rv = awp_update_df_create_prvkey(p15card, profile, object);
break;
case SC_PKCS15_TYPE_PUBKEY_RSA:
rv = awp_update_df_create_pubkey(p15card, profile, object);
break;
case SC_PKCS15_TYPE_DATA_OBJECT:
rv = awp_update_df_create_data(p15card, profile, object);
break;
default:
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "'Create' update DF failed: unsupported object type");
}
LOG_FUNC_RETURN(ctx, rv);
}
static int
awp_delete_from_container(struct sc_pkcs15_card *p15card,
struct sc_profile *profile, int type, int file_id)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_file *clist=NULL, *file=NULL;
unsigned rec, rec_len;
int rv = 0, ii;
unsigned char *buff=NULL;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "update container entry (type:%X,file-id:%X)", type, file_id);
rv = awp_new_file(p15card, profile, COSM_CONTAINER_LIST, 0, &clist, NULL);
LOG_TEST_RET(ctx, rv, "AWP update contaner entry: cannot get allocate AWP file");
rv = sc_select_file(p15card->card, &clist->path, &file);
LOG_TEST_RET(ctx, rv, "AWP update contaner entry: cannot select container list file");
buff = malloc(file->record_length);
if (!buff)
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "AWP update container entry: allocation error");
for (rec = 1; rec <= (unsigned)file->record_count; rec++) {
rv = sc_read_record(p15card->card, rec, buff, file->record_length, SC_RECORD_BY_REC_NR);
if (rv < 0) {
sc_log(ctx, "AWP update contaner entry: read record error %i", rv);
break;
}
rec_len = rv;
for (ii=0; ii<12; ii+=2)
if (file_id == (*(buff+ii) * 0x100 + *(buff+ii+1)))
break;
if (ii==12)
continue;
if (type == SC_PKCS15_TYPE_PRKEY_RSA || type == COSM_TYPE_PRKEY_RSA)
memset(buff + ii/6*6, 0, 6);
else
memset(buff + ii, 0, 2);
if (!memcmp(buff,"\0\0\0\0\0\0\0\0\0\0\0\0",12)) {
rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_ERASE);
if (rv < 0) {
sc_log(ctx, "AWP update contaner entry: 'erase' authentication error %i", rv);
break;
}
rv = sc_delete_record(p15card->card, rec);
if (rv < 0) {
sc_log(ctx, "AWP update contaner entry: delete record error %i", rv);
break;
}
}
else {
rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE);
if (rv < 0) {
sc_log(ctx, "AWP update contaner entry: 'update' authentication error %i", rv);
break;
}
rv = sc_update_record(p15card->card, rec, buff, rec_len, SC_RECORD_BY_REC_NR);
if (rv < 0) {
sc_log(ctx, "AWP update contaner entry: update record error %i", rv);
break;
}
}
}
if (rv > 0)
rv = 0;
free(buff);
sc_file_free(clist);
sc_file_free(file);
LOG_FUNC_RETURN(ctx, rv);
}
static int
awp_remove_from_object_list( struct sc_pkcs15_card *p15card, struct sc_profile *profile,
int type, unsigned int obj_id)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_file *lst_file=NULL, *lst=NULL;
int rv = 0;
unsigned ii;
char lst_name[NAME_MAX_LEN];
unsigned char *buff=NULL;
unsigned char id[2];
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "type %X; obj_id %X",type, obj_id);
switch (type) {
case SC_PKCS15_TYPE_PRKEY_RSA:
case COSM_TYPE_PRKEY_RSA:
snprintf(lst_name, NAME_MAX_LEN,"%s-private-list", COSM_TITLE);
break;
case SC_PKCS15_TYPE_PUBKEY_RSA:
case SC_PKCS15_TYPE_CERT_X509:
case SC_PKCS15_TYPE_DATA_OBJECT:
case COSM_TYPE_PUBKEY_RSA:
snprintf(lst_name, NAME_MAX_LEN,"%s-public-list", COSM_TITLE);
break;
default:
LOG_TEST_RET(ctx, SC_ERROR_INCORRECT_PARAMETERS, "AWP update object list: invalid type");
}
sc_log(ctx, "AWP update object list: select '%s' file", lst_name);
rv = sc_profile_get_file(profile, lst_name, &lst_file);
LOG_TEST_RET(ctx, rv, "AWP update object list: cannot instantiate list file");
rv = sc_select_file(p15card->card, &lst_file->path, &lst);
LOG_TEST_RET(ctx, rv, "AWP update object list: cannot select list file");
rv = sc_pkcs15init_authenticate(profile, p15card, lst, SC_AC_OP_READ);
LOG_TEST_RET(ctx, rv, "AWP update object list: 'read' authentication failed");
buff = malloc(lst->size);
if (!buff)
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "AWP update object list: allocation error");
rv = sc_read_binary(p15card->card, 0, buff, lst->size, 0);
if (rv != (int)lst->size)
goto done;
id[0] = (obj_id >> 8) & 0xFF;
id[1] = obj_id & 0xFF;
for (ii=0; ii<lst->size; ii+=5) {
if (*(buff+ii)==0xFF && *(buff+ii+1)==id[0] && *(buff+ii+2)==id[1]) {
rv = sc_pkcs15init_authenticate(profile, p15card, lst, SC_AC_OP_UPDATE);
if (rv)
goto done;
rv = sc_update_binary(p15card->card, ii, (unsigned char *)"\0", 1, 0);
if (rv && rv!=1)
rv = SC_ERROR_INVALID_CARD;
break;
}
}
if (rv > 0)
rv = 0;
done:
if (buff)
free(buff);
sc_file_free(lst);
sc_file_free(lst_file);
LOG_FUNC_RETURN(ctx, rv);
}
static int
awp_update_df_delete_cert(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *obj)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_file *info_file = NULL;
struct sc_path path;
int rv = SC_ERROR_NOT_SUPPORTED;
unsigned file_id;
LOG_FUNC_CALLED(ctx);
path = ((struct sc_pkcs15_cert_info *) obj->data)->path;
file_id = path.value[path.len-2] * 0x100 + path.value[path.len-1];
sc_log(ctx, "file-id:%X", file_id);
rv = awp_new_file(p15card, profile, obj->type, file_id & 0xFF, &info_file, NULL);
LOG_TEST_RET(ctx, rv, "AWP 'delete cert' update DF failed: cannot get allocate new AWP file");
sc_log(ctx, "info file-id:%X", info_file->id);
rv = cosm_delete_file(p15card, profile, info_file);
if (rv != SC_ERROR_FILE_NOT_FOUND)
LOG_TEST_RET(ctx, rv, "AWP 'delete cert' update DF failed: delete info file error");
rv = awp_delete_from_container(p15card, profile, obj->type, file_id);
LOG_TEST_RET(ctx, rv, "AWP 'delete cert' update DF failed: cannot update container");
rv = awp_remove_from_object_list(p15card, profile, obj->type, file_id);
LOG_TEST_RET(ctx, rv, "AWP 'delete cert' update DF failed: cannot remove object");
LOG_FUNC_RETURN(ctx, rv);
}
static int
awp_update_df_delete_prvkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *obj)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_file *info_file = NULL;
struct sc_path path;
int rv = SC_ERROR_NOT_SUPPORTED;
unsigned file_id;
LOG_FUNC_CALLED(ctx);
path = ((struct sc_pkcs15_prkey_info *) obj->data)->path;
file_id = path.value[path.len-2] * 0x100 + path.value[path.len-1];
sc_log(ctx, "file-id:%X", file_id);
rv = awp_new_file(p15card, profile, obj->type, file_id & 0xFF, &info_file, NULL);
LOG_TEST_RET(ctx, rv, "AWP 'delete prkey' update DF failed: cannot get allocate new AWP file");
sc_log(ctx, "info file-id:%X", info_file->id);
rv = cosm_delete_file(p15card, profile, info_file);
if (rv != SC_ERROR_FILE_NOT_FOUND)
LOG_TEST_RET(ctx, rv, "AWP 'delete prkey' update DF failed: delete info file error");
rv = awp_delete_from_container(p15card, profile, obj->type, file_id);
LOG_TEST_RET(ctx, rv, "AWP 'delete prkey' update DF failed: cannot update container");
rv = awp_remove_from_object_list(p15card, profile, obj->type, file_id);
LOG_TEST_RET(ctx, rv, "AWP 'delete prkey' update DF failed: cannot remove object");
LOG_FUNC_RETURN(ctx, rv);
}
static int
awp_update_df_delete_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *obj)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_file *info_file = NULL;
struct sc_path path;
int rv = SC_ERROR_NOT_SUPPORTED;
unsigned file_id;
LOG_FUNC_CALLED(ctx);
path = ((struct sc_pkcs15_pubkey_info *) obj->data)->path;
file_id = path.value[path.len-2] * 0x100 + path.value[path.len-1];
sc_log(ctx, "file-id:%X", file_id);
rv = awp_new_file(p15card, profile, obj->type, file_id & 0xFF, &info_file, NULL);
LOG_TEST_RET(ctx, rv, "AWP 'delete pubkey' update DF failed: cannot get allocate new AWP file");
sc_log(ctx, "info file-id:%X", info_file->id);
rv = cosm_delete_file(p15card, profile, info_file);
if (rv != SC_ERROR_FILE_NOT_FOUND)
LOG_TEST_RET(ctx, rv, "AWP 'delete pubkey' update DF failed: delete info file error");
rv = awp_delete_from_container(p15card, profile, obj->type, file_id);
LOG_TEST_RET(ctx, rv, "AWP 'delete pubkey' update DF failed: cannot update container");
rv = awp_remove_from_object_list(p15card, profile, obj->type, file_id);
LOG_TEST_RET(ctx, rv, "AWP 'delete pubkey' update DF failed: cannot remove object");
LOG_FUNC_RETURN(ctx, rv);
}
static int
awp_update_df_delete_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *obj)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_file *info_file = NULL;
struct sc_path path;
int rv = SC_ERROR_NOT_SUPPORTED;
unsigned file_id;
LOG_FUNC_CALLED(ctx);
path = ((struct sc_pkcs15_data_info *) obj->data)->path;
file_id = path.value[path.len-2] * 0x100 + path.value[path.len-1];
sc_log(ctx, "file-id:%X", file_id);
rv = awp_new_file(p15card, profile, obj->type, file_id & 0xFF, &info_file, NULL);
LOG_TEST_RET(ctx, rv, "AWP 'delete DATA' update DF failed: cannot get allocate new AWP file");
sc_log(ctx, "info file-id:%X", info_file->id);
rv = cosm_delete_file(p15card, profile, info_file);
if (rv != SC_ERROR_FILE_NOT_FOUND)
LOG_TEST_RET(ctx, rv, "AWP 'delete DATA' update DF failed: delete info file error");
rv = awp_remove_from_object_list(p15card, profile, obj->type, file_id);
LOG_TEST_RET(ctx, rv, "AWP 'delete DATA' update DF failed: cannot remove object");
LOG_FUNC_RETURN(ctx, rv);
}
int
awp_update_df_delete(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *object)
{
struct sc_context *ctx = p15card->card->ctx;
int rv = SC_ERROR_INTERNAL;
LOG_FUNC_CALLED(ctx);
if (!object)
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
switch (object->type) {
case SC_PKCS15_TYPE_CERT_X509:
rv = awp_update_df_delete_cert(p15card, profile, object);
break;
case SC_PKCS15_TYPE_PRKEY_RSA:
rv = awp_update_df_delete_prvkey(p15card, profile, object);
break;
case SC_PKCS15_TYPE_PUBKEY_RSA:
rv = awp_update_df_delete_pubkey(p15card, profile, object);
break;
case SC_PKCS15_TYPE_DATA_OBJECT:
rv = awp_update_df_delete_data(p15card, profile, object);
break;
default:
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "'Create' update DF failed: unsupported object type");
}
SC_FUNC_RETURN(ctx, 1, rv);
}
#endif /* #ifdef ENABLE_OPENSSL */
Reference in New Issue View Git Blame Copy Permalink