diff --git a/src/libopensc/card-dnie.c b/src/libopensc/card-dnie.c index 4788f59eef..9032f26fd8 100644 --- a/src/libopensc/card-dnie.c +++ b/src/libopensc/card-dnie.c @@ -2176,7 +2176,9 @@ static int dnie_pin_verify(struct sc_card *card, if (card->atr.value[15] >= DNIE_30_VERSION) { sc_log(card->ctx, "DNIe 3.0 detected => re-establish secure channel"); dnie_change_cwa_provider_to_secure(card); - res = cwa_create_secure_channel(card, GET_DNIE_PRIV_DATA(card)->cwa_provider, CWA_SM_ON); + if (res == SC_SUCCESS) { + res = cwa_create_secure_channel(card, GET_DNIE_PRIV_DATA(card)->cwa_provider, CWA_SM_ON); + } } LOG_FUNC_RETURN(card->ctx, res); diff --git a/src/libopensc/cwa-dnie.c b/src/libopensc/cwa-dnie.c index 7eaa7ee55d..7b9b39fcc1 100644 --- a/src/libopensc/cwa-dnie.c +++ b/src/libopensc/cwa-dnie.c @@ -50,9 +50,9 @@ /********************* Keys and certificates as published by DGP ********/ /** - * Modulo de la clave pública de la Root CA del DNIe electronico + * Public Key modulus for the ROOT CA for DNIe (pk-RCAicc->n) */ -static u8 icc_root_ca_modulus[] = { +static u8 icc_root_ca_modulus_0[] = { 0xEA, 0xDE, 0xDA, 0x45, 0x53, 0x32, 0x94, 0x50, 0x39, 0xDA, 0xA4, 0x04, 0xC8, 0xEB, 0xC4, 0xD3, 0xB7, 0xF5, 0xDC, 0x86, 0x92, 0x83, 0xCD, 0xEA, 0x2F, 0x10, 0x1E, 0x2A, 0xB5, 0x4F, 0xB0, 0xD0, 0xB0, 0x3D, 0x8F, 0x03, @@ -66,17 +66,31 @@ static u8 icc_root_ca_modulus[] = { 0x91, 0xDB, 0x64, 0xF8, 0x0B, 0x5E, 0x92, 0xCD }; +static u8 icc_root_ca_modulus_1[] = { + 0xb9, 0x72, 0x34, 0x5e, 0x35, 0xbc, 0xdd, 0x12, 0xdc, 0x2c, 0x8e, 0x85, + 0xf6, 0x22, 0x97, 0x97, 0x9f, 0x12, 0x2b, 0xb7, 0xc9, 0xc3, 0xed, 0x13, + 0xa0, 0xc4, 0xeb, 0x59, 0x34, 0xe7, 0x0c, 0xd6, 0xd0, 0x0c, 0x54, 0x06, + 0x18, 0x38, 0x6e, 0x42, 0xf2, 0xba, 0x00, 0x89, 0xc0, 0xdd, 0x80, 0x0e, + 0xba, 0x78, 0x3b, 0xdc, 0x9d, 0x93, 0xd9, 0xfb, 0xfc, 0x3c, 0x16, 0x9f, + 0x9a, 0xf6, 0x4e, 0x80, 0x10, 0x0f, 0xc6, 0x87, 0xcc, 0xa5, 0x62, 0xe7, + 0xfc, 0x84, 0xd1, 0x12, 0x92, 0xc2, 0x40, 0x4c, 0x59, 0xb8, 0xa8, 0x60, + 0xd3, 0x9e, 0x2d, 0x66, 0x54, 0x7d, 0xc7, 0xb2, 0xd4, 0x8c, 0xa7, 0x89, + 0x81, 0x4f, 0x43, 0x06, 0x26, 0x34, 0xe3, 0xe0, 0xc0, 0xd6, 0xbf, 0x5f, + 0x54, 0xba, 0x1d, 0x9c, 0x46, 0x64, 0x45, 0x83, 0x1d, 0xcd, 0xea, 0xb0, + 0x87, 0x08, 0xf3, 0xf6, 0x22, 0x0e, 0x07, 0x75 +}; + /** - * Exponente de la clave publica de la Root CA del DNI electronico + * Exponente de la clave publica de la Root CA del DNI electronico (pk-RCAicc->e) */ static u8 icc_root_ca_public_exponent[] = { 0x01, 0x00, 0x01 }; /** - * Terminal (IFD) key modulus for SM channel creation + * Terminal (IFD) key modulus for SM channel creation (dnieRealParam->sk-IFD-AUT->n) */ -static u8 ifd_modulus[] = { +static u8 ifd_modulus_0[] = { 0xdb, 0x2c, 0xb4, 0x1e, 0x11, 0x2b, 0xac, 0xfa, 0x2b, 0xd7, 0xc3, 0xd3, 0xd7, 0x96, 0x7e, 0x84, 0xfb, 0x94, 0x34, 0xfc, 0x26, 0x1f, 0x9d, 0x09, 0x0a, 0x89, 0x83, 0x94, 0x7d, 0xaf, 0x84, 0x88, 0xd3, 0xdf, 0x8f, 0xbd, @@ -90,10 +104,24 @@ static u8 ifd_modulus[] = { 0x6a, 0xe2, 0x36, 0x59, 0x00, 0x16, 0xba, 0x69 }; +static u8 ifd_modulus_1[] = { + 0xbd, 0xef, 0xdb, 0x84, 0xec, 0xe6, 0x98, 0xb8, 0x28, 0x7f, 0x7f, 0xe6, + 0x29, 0x6d, 0x80, 0x72, 0x98, 0x3a, 0x1b, 0x3d, 0x3b, 0x9f, 0x57, 0xad, + 0x98, 0x4f, 0xba, 0x78, 0x58, 0x1f, 0xff, 0x52, 0xe9, 0x3d, 0x89, 0x6b, + 0xf5, 0x62, 0x25, 0xe9, 0xf8, 0x2e, 0x96, 0x95, 0x14, 0x00, 0x69, 0x98, + 0x2e, 0x5b, 0x5b, 0xce, 0x37, 0xad, 0x73, 0x16, 0x45, 0x02, 0xd8, 0xac, + 0xbd, 0x60, 0x5f, 0x69, 0x12, 0x4a, 0x3c, 0xf5, 0xaf, 0xe4, 0xb0, 0x18, + 0x60, 0x2d, 0xd4, 0xba, 0x04, 0xdb, 0xc9, 0x85, 0x88, 0x45, 0xe6, 0xa9, + 0xc4, 0x05, 0x5b, 0xc5, 0xbf, 0xa0, 0xed, 0xdb, 0x86, 0x67, 0x89, 0xf0, + 0xec, 0x6a, 0x80, 0xfc, 0xe5, 0x3c, 0x66, 0x08, 0xdf, 0xdc, 0x9b, 0x9f, + 0xe2, 0xed, 0x56, 0x75, 0x2c, 0xc6, 0x05, 0x51, 0x3b, 0xa3, 0xf1, 0x75, + 0x9c, 0xdd, 0x95, 0x22, 0x75, 0x3f, 0x18, 0xd7 +}; + /** - * Terminal (IFD) key modulus for SM channel creation for PIN channel DNIe 3.0 + * Terminal (IFD) key modulus for SM channel creation for PIN channel DNIe 3.0 (dnie30RealParamPIN->sk-IFD-AUT->n) */ -static u8 ifd_pin_modulus[] = { +static u8 ifd_pin_modulus_0[] = { 0xF4, 0x27, 0x97, 0x8D, 0xA1, 0x59, 0xBA, 0x02, 0x79, 0x30, 0x8A, 0x6C, 0x6A, 0x89, 0x50, 0x5A, 0xDA, 0x5A, 0x67, 0xC3, 0xDA, 0x26, 0x79, 0xEA, 0xF4, 0xA1, 0xB0, 0x11, 0x9E, 0xDD, 0x4D, 0xF4, 0x6E, 0x78, 0x04, 0x24, @@ -107,6 +135,20 @@ static u8 ifd_pin_modulus[] = { 0x15, 0x96, 0x6A, 0x5A, 0x89, 0xAD, 0x58, 0xA5 }; +static u8 ifd_pin_modulus_1[] = { + 0xdf, 0x03, 0x93, 0x0d, 0x4f, 0x1d, 0x97, 0x15, 0xeb, 0xb0, 0x0f, 0xbd, + 0xae, 0x48, 0xaf, 0x9c, 0x9d, 0xbf, 0xd6, 0x99, 0xca, 0xb0, 0xbd, 0xbe, + 0x5c, 0xdb, 0x01, 0x34, 0x00, 0x0e, 0x46, 0x2e, 0x71, 0x3a, 0xe9, 0x7a, + 0x2f, 0x7e, 0x20, 0xaf, 0xbf, 0x84, 0xd3, 0xce, 0x73, 0x4f, 0xe2, 0x15, + 0x75, 0x7a, 0xaf, 0xa1, 0xe8, 0x9e, 0x64, 0x57, 0xea, 0xe2, 0xe8, 0x08, + 0x11, 0x03, 0x73, 0xe2, 0x56, 0x56, 0x34, 0x94, 0xfb, 0x5d, 0x10, 0x4f, + 0x0d, 0xcc, 0x88, 0x8d, 0x47, 0x96, 0x54, 0x3f, 0x03, 0x25, 0x4f, 0x4e, + 0x2c, 0xdf, 0x98, 0xb1, 0xe1, 0x26, 0x11, 0xe3, 0x98, 0x1f, 0x53, 0x33, + 0xdf, 0x98, 0xc8, 0x86, 0x01, 0x93, 0x75, 0x84, 0x0f, 0xac, 0x61, 0xdb, + 0x8f, 0x1b, 0xa3, 0xb5, 0x43, 0xdc, 0xea, 0x3d, 0x05, 0x9e, 0x6a, 0x41, + 0x4f, 0x6d, 0xd2, 0x9f, 0xc7, 0xc9, 0x9d, 0x8b +}; + /** * Terminal (IFD) public exponent for SM channel creation */ @@ -122,9 +164,9 @@ static u8 ifd_pin_public_exponent[] = { }; /** - * Terminal (IFD) private exponent for SM channel establishment + * Terminal (IFD) private exponent for SM channel establishment (dnieRealParam->sk-IFD-AUT->d) */ -static u8 ifd_private_exponent[] = { +static u8 ifd_private_exponent_0[] = { 0x18, 0xb4, 0x4a, 0x3d, 0x15, 0x5c, 0x61, 0xeb, 0xf4, 0xe3, 0x26, 0x1c, 0x8b, 0xb1, 0x57, 0xe3, 0x6f, 0x63, 0xfe, 0x30, 0xe9, 0xaf, 0x28, 0x89, 0x2b, 0x59, 0xe2, 0xad, 0xeb, 0x18, 0xcc, 0x8c, 0x8b, 0xad, 0x28, 0x4b, @@ -138,10 +180,24 @@ static u8 ifd_private_exponent[] = { 0xbd, 0x9b, 0x00, 0x31, 0x3c, 0x0f, 0x46, 0xed }; +static u8 ifd_private_exponent_1[] = { + 0xa0, 0x51, 0x55, 0x93, 0xd4, 0x36, 0x2b, 0x8f, 0xbd, 0xb7, 0x28, 0xa8, + 0x88, 0x2d, 0x42, 0x2e, 0xf7, 0xa8, 0x8c, 0x17, 0x5a, 0x3c, 0xfb, 0xcf, + 0xad, 0xf1, 0x15, 0xee, 0xc0, 0x4b, 0x79, 0xc2, 0x6c, 0xd6, 0xa1, 0x28, + 0xbb, 0xbd, 0x35, 0x4d, 0x50, 0x4b, 0x5a, 0x94, 0xc8, 0x86, 0x34, 0x9a, + 0xdb, 0xfe, 0x06, 0xf6, 0x7f, 0xee, 0x6a, 0x66, 0xd0, 0xa7, 0x3f, 0x66, + 0x46, 0x8e, 0x92, 0xd8, 0x73, 0xb6, 0x8e, 0xe2, 0xcb, 0x47, 0xb1, 0xa1, + 0x5a, 0x2a, 0xa7, 0xd8, 0xc6, 0xce, 0x8f, 0x3f, 0x14, 0x93, 0x0d, 0x56, + 0xb6, 0x32, 0x7f, 0x56, 0xcb, 0x21, 0x54, 0x69, 0xa5, 0x7a, 0x1e, 0xe0, + 0x18, 0x8f, 0xd6, 0xd2, 0x6d, 0x83, 0xa3, 0x80, 0xa6, 0xab, 0xd3, 0xa8, + 0x9f, 0x1b, 0x63, 0xc4, 0x99, 0x81, 0x90, 0x46, 0x53, 0x69, 0x35, 0xad, + 0xb2, 0xdb, 0x3c, 0x17, 0xcc, 0xbd, 0xaa, 0x51 +}; + /** - * Terminal (IFD) private exponent for SM channel establishment for PIN channel DNIe 3.0 + * Terminal (IFD) private exponent for SM channel establishment for PIN channel DNIe 3.0 (dnie30RealParamDataPIN->sk-IFD-AUT->d) */ -static u8 ifd_pin_private_exponent[] = { +static u8 ifd_pin_private_exponent_0[] = { 0xD2, 0x7A, 0x03, 0x23, 0x7C, 0x72, 0x2E, 0x71, 0x8D, 0x69, 0xF4, 0x1A, 0xEC, 0x68, 0xBD, 0x95, 0xE4, 0xE0, 0xC4, 0xCD, 0x49, 0x15, 0x9C, 0x4A, 0x99, 0x63, 0x7D, 0xB6, 0x62, 0xFE, 0xA3, 0x02, 0x51, 0xED, 0x32, 0x9C, @@ -155,10 +211,24 @@ static u8 ifd_pin_private_exponent[] = { 0xC6, 0x3B, 0x35, 0x8B, 0x7C, 0x11, 0x5A, 0xA1 }; +static u8 ifd_pin_private_exponent_1[] = { + 0x86, 0x6f, 0x0f, 0x2c, 0x0c, 0xaf, 0x17, 0xae, 0x7d, 0x1e, 0xea, 0xbe, + 0x3a, 0xdb, 0x52, 0x11, 0x24, 0xfe, 0xc9, 0x8c, 0x77, 0xa4, 0xc7, 0x1c, + 0x83, 0xb8, 0xf9, 0x26, 0xb1, 0x89, 0xe9, 0x40, 0x81, 0xbd, 0x33, 0x95, + 0x16, 0x1f, 0xff, 0xf0, 0x31, 0x91, 0x0e, 0x64, 0xfb, 0x1a, 0x02, 0x7d, + 0x51, 0x0e, 0x1d, 0xe5, 0x89, 0xe6, 0x41, 0x32, 0xc6, 0x42, 0xf6, 0x00, + 0x36, 0xd1, 0x4f, 0xfe, 0xd5, 0xd0, 0xce, 0x1f, 0x45, 0xe7, 0x11, 0x6f, + 0x13, 0xc4, 0xe6, 0x38, 0x8e, 0x25, 0xdd, 0x43, 0x83, 0x57, 0x78, 0x05, + 0x85, 0x73, 0xdc, 0x29, 0xad, 0x6a, 0x37, 0x32, 0x71, 0x6d, 0x08, 0x11, + 0x24, 0xb7, 0x52, 0x51, 0x40, 0xb1, 0xdd, 0xab, 0xe2, 0x51, 0xa4, 0x98, + 0x0c, 0xc5, 0xc0, 0x3a, 0x86, 0xa8, 0x2d, 0x17, 0x4f, 0xb7, 0xa8, 0x1d, + 0x24, 0x8d, 0x7c, 0xaa, 0x2b, 0x3d, 0x61, 0xd1 +}; + /** - * Intermediate CA certificate in CVC format (Card verifiable certificate) + * Intermediate CA certificate in CVC format (Card verifiable certificate) (c-CV-CA-CS-AUT) */ -static u8 C_CV_CA_CS_AUT_cert[] = { +static u8 C_CV_CA_CS_AUT_cert_0[] = { 0x7f, 0x21, 0x81, 0xce, 0x5f, 0x37, 0x81, 0x80, 0x3c, 0xba, 0xdc, 0x36, 0x84, 0xbe, 0xf3, 0x20, 0x41, 0xad, 0x15, 0x50, 0x89, 0x25, 0x8d, 0xfd, 0x20, 0xc6, 0x91, 0x15, 0xd7, 0x2f, 0x9c, 0x38, 0xaa, 0x99, 0xad, 0x6c, @@ -179,10 +249,31 @@ static u8 C_CV_CA_CS_AUT_cert[] = { 0x52, 0x44, 0x49, 0x60, 0x00, 0x06 }; +static u8 C_CV_CA_CS_AUT_cert_1[] = { + 0x7f, 0x21, 0x81, 0xce, 0x5f, 0x37, 0x81, 0x80, 0x7a, 0xa0, 0x6c, 0x96, + 0x5e, 0x8f, 0xb2, 0x19, 0x61, 0xcf, 0xd4, 0x49, 0xd0, 0x9b, 0x9d, 0xaf, + 0x03, 0x04, 0x73, 0x01, 0x15, 0x69, 0x70, 0xb7, 0x73, 0xf1, 0x9c, 0x40, + 0xf1, 0x27, 0xd3, 0x38, 0xe3, 0xc1, 0x35, 0xeb, 0x21, 0x20, 0x56, 0x6d, + 0xc6, 0xf9, 0xf7, 0x45, 0xff, 0xb8, 0xf8, 0xe2, 0xb6, 0x1e, 0xe8, 0x16, + 0x6f, 0xfd, 0x06, 0xd2, 0x8c, 0xb4, 0x8c, 0x15, 0x2a, 0x1f, 0xa4, 0xf7, + 0xe9, 0xf6, 0x09, 0xd7, 0x52, 0x76, 0x33, 0x1c, 0xb7, 0x00, 0xb8, 0x4e, + 0x36, 0xac, 0x8a, 0x0a, 0x77, 0x74, 0x46, 0x8c, 0x3c, 0xf3, 0xd1, 0x47, + 0xa4, 0x9c, 0x97, 0x6e, 0x17, 0xab, 0x02, 0xda, 0x03, 0xea, 0x4a, 0xc1, + 0x51, 0x77, 0x7e, 0xdf, 0xbc, 0x35, 0xc2, 0x7d, 0x56, 0xfb, 0xa6, 0x85, + 0x75, 0x6e, 0xd6, 0x52, 0x85, 0x1d, 0xfd, 0xe7, 0x01, 0xbf, 0x87, 0x49, + 0x92, 0xdd, 0x4d, 0xe8, 0x5f, 0x38, 0x3d, 0x33, 0xe3, 0xd5, 0x2a, 0x4b, + 0x09, 0x40, 0xe3, 0x90, 0xcd, 0x1a, 0x64, 0x1f, 0xea, 0x2e, 0x9c, 0xdd, + 0x79, 0xd3, 0x87, 0x2d, 0xd6, 0xc5, 0x08, 0xd5, 0xef, 0x23, 0x9c, 0xb0, + 0x7e, 0xb5, 0x55, 0x68, 0xce, 0x18, 0x8b, 0x65, 0x13, 0xac, 0xb8, 0x84, + 0x14, 0xc9, 0xad, 0xf7, 0xa6, 0x4e, 0x2c, 0xc0, 0xb3, 0x14, 0xd1, 0x27, + 0x54, 0xae, 0xee, 0x67, 0x00, 0x01, 0x00, 0x01, 0x42, 0x08, 0x65, 0x73, + 0x52, 0x44, 0x49, 0x62, 0x00, 0x18 +}; + /** - * Terminal (IFD) certificate in CVC format (PK.IFD.AUT) + * Terminal (IFD) certificate in CVC format (PK.IFD.AUT) (dnieRealParamData->c-CV-IFD-AUT) */ -static u8 C_CV_IFDUser_AUT_cert[] = { +static u8 C_CV_IFDUser_AUT_cert_0[] = { 0x7f, 0x21, 0x81, 0xcd, 0x5f, 0x37, 0x81, 0x80, 0x82, 0x5b, 0x69, 0xc6, 0x45, 0x1e, 0x5f, 0x51, 0x70, 0x74, 0x38, 0x5f, 0x2f, 0x17, 0xd6, 0x4d, 0xfe, 0x2e, 0x68, 0x56, 0x75, 0x67, 0x09, 0x4b, 0x57, 0xf3, 0xc5, 0x78, @@ -203,10 +294,31 @@ static u8 C_CV_IFDUser_AUT_cert[] = { 0x44, 0x49, 0x60, 0x00, 0x06 }; +static u8 C_CV_IFDUser_AUT_cert_1[] = { + 0x7f, 0x21, 0x81, 0xcd, 0x5f, 0x37, 0x81, 0x80, 0x5d, 0xa9, 0x4b, 0x6b, + 0x4e, 0xb8, 0x61, 0xec, 0xa6, 0x36, 0xd2, 0x67, 0x39, 0x74, 0x71, 0x1f, + 0x55, 0x63, 0x0f, 0x5b, 0x89, 0x03, 0x8c, 0x57, 0xd0, 0xbb, 0xbb, 0xc1, + 0xd2, 0xc6, 0x8c, 0xc3, 0xeb, 0x56, 0xd5, 0x30, 0x38, 0x00, 0xf5, 0xa9, + 0xf5, 0xe2, 0x96, 0x7f, 0xdf, 0x28, 0x91, 0x7b, 0xaf, 0xc8, 0x87, 0x63, + 0xb8, 0xec, 0x2c, 0x0e, 0xbe, 0x7a, 0xcb, 0x0b, 0xa4, 0xaf, 0xbf, 0xe6, + 0x6d, 0xb2, 0xa1, 0xed, 0xa1, 0x3e, 0x45, 0x64, 0xf7, 0x8e, 0x65, 0x58, + 0x6e, 0x51, 0x01, 0x76, 0xf1, 0x1c, 0x4c, 0x99, 0x36, 0x4a, 0xaf, 0x18, + 0x97, 0xd1, 0x1b, 0xf9, 0x8e, 0x9d, 0x1d, 0x0a, 0x12, 0xd0, 0x6a, 0xab, + 0x75, 0x76, 0x4a, 0xa8, 0xdc, 0x85, 0x8d, 0xf0, 0xf0, 0x03, 0xeb, 0x8b, + 0x4b, 0x3b, 0x56, 0xf5, 0xf9, 0x5f, 0xa6, 0x37, 0x53, 0x75, 0x19, 0xe4, + 0xc6, 0x55, 0x10, 0xf7, 0x5f, 0x38, 0x3c, 0x60, 0x2d, 0xd4, 0xba, 0x04, + 0xdb, 0xc9, 0x85, 0x88, 0x45, 0xe6, 0xa9, 0xc4, 0x05, 0x5b, 0xc5, 0xbf, + 0xa0, 0xed, 0xdb, 0x86, 0x67, 0x89, 0xf0, 0xec, 0x6a, 0x80, 0xfc, 0xe5, + 0x3c, 0x66, 0x08, 0xdf, 0xdc, 0x9b, 0x9f, 0xe2, 0xed, 0x56, 0x75, 0x2c, + 0xc6, 0x05, 0x51, 0x3b, 0xa3, 0xf1, 0x75, 0x9c, 0xdd, 0x95, 0x22, 0x75, + 0x3f, 0x18, 0xd7, 0x00, 0x01, 0x00, 0x01, 0x42, 0x08, 0x65, 0x73, 0x53, + 0x44, 0x49, 0x62, 0x00, 0x18 +}; + /** - * Terminal (IFD) certificate in CVC format (PK.IFD.AUT) for the PIN channel in DNIe 3.0 + * Terminal (IFD) certificate in CVC format (PK.IFD.AUT) for the PIN channel in DNIe 3.0 (dnie30RealParamDataPIN->c-CV-IFD-AUT) */ -static u8 C_CV_IFDUser_AUT_pin_cert[] = { +static u8 C_CV_IFDUser_AUT_pin_cert_0[] = { 0x7f, 0x21, 0x81, 0xcd, 0x5f, 0x37, 0x81, 0x80, 0x69, 0xc4, 0xe4, 0x94, 0xf0, 0x08, 0xe2, 0x42, 0x14, 0xb1, 0xc1, 0x31, 0xb6, 0x1f, 0xce, 0x9c, 0x15, 0xfa, 0x3c, 0xb0, 0x61, 0xdd, 0x6f, 0x02, 0xd8, 0xa2, 0xcd, 0x30, @@ -227,44 +339,135 @@ static u8 C_CV_IFDUser_AUT_pin_cert[] = { 0x44, 0x49, 0x60, 0x00, 0x06 }; +static u8 C_CV_IFDUser_AUT_pin_cert_1[] = { + 0x7f, 0x21, 0x81, 0xcd, 0x5f, 0x37, 0x81, 0x80, 0x0a, 0x3d, 0xb4, 0xd1, + 0x57, 0x98, 0xf2, 0x34, 0xf6, 0x31, 0xfd, 0x94, 0xc9, 0x1d, 0x2a, 0x63, + 0x63, 0xd0, 0xe1, 0x8e, 0x1b, 0x56, 0xda, 0xbd, 0xe6, 0x22, 0xbc, 0x20, + 0x1f, 0xd7, 0xc7, 0xff, 0x59, 0xff, 0x66, 0xda, 0x6e, 0x43, 0x4f, 0xe2, + 0xf7, 0xf4, 0x6e, 0x42, 0xe4, 0xa6, 0x06, 0xea, 0x82, 0x39, 0xac, 0x1a, + 0xc3, 0x0c, 0x7d, 0xad, 0xe2, 0x29, 0x65, 0xdf, 0x60, 0x6d, 0x11, 0x5e, + 0x04, 0xc8, 0xef, 0xfc, 0x77, 0x2b, 0x8f, 0x5d, 0x48, 0x77, 0x3e, 0x34, + 0x95, 0x5f, 0x33, 0xf4, 0x64, 0xed, 0x85, 0xcc, 0x0e, 0xb1, 0xbc, 0x57, + 0x2a, 0xfa, 0xba, 0x47, 0x25, 0xfb, 0xf5, 0xbd, 0xcf, 0x1d, 0x8c, 0x38, + 0xc9, 0xfe, 0x9c, 0xd8, 0x53, 0x6f, 0x34, 0x0b, 0xce, 0x14, 0x1d, 0xf5, + 0x18, 0x7f, 0xa2, 0xe2, 0x37, 0x2d, 0x73, 0xbc, 0x7f, 0x89, 0x48, 0x35, + 0x0c, 0xba, 0xde, 0xf2, 0x5f, 0x38, 0x3c, 0x0d, 0xcc, 0x88, 0x8d, 0x47, + 0x96, 0x54, 0x3f, 0x03, 0x25, 0x4f, 0x4e, 0x2c, 0xdf, 0x98, 0xb1, 0xe1, + 0x26, 0x11, 0xe3, 0x98, 0x1f, 0x53, 0x33, 0xdf, 0x98, 0xc8, 0x86, 0x01, + 0x93, 0x75, 0x84, 0x0f, 0xac, 0x61, 0xdb, 0x8f, 0x1b, 0xa3, 0xb5, 0x43, + 0xdc, 0xea, 0x3d, 0x05, 0x9e, 0x6a, 0x41, 0x4f, 0x6d, 0xd2, 0x9f, 0xc7, + 0xc9, 0x9d, 0x8b, 0x00, 0x01, 0x00, 0x01, 0x42, 0x08, 0x65, 0x73, 0x53, + 0x44, 0x49, 0x62, 0x00, 0x18 +}; + /** - * Root CA card key reference + * Root CA card key reference (pk-RCA-AUT-keyRef) */ static u8 root_ca_keyref[] = { 0x02, 0x0f }; /** - * ICC card private key reference + * ICC card private key reference (sk-ICC-AUT-keyRef) */ static u8 icc_priv_keyref[] = { 0x02, 0x1f }; /** - * Intermediate CA card key reference + * Intermediate CA card key reference (ifd-keyRef) + */ +static u8 cvc_intca_keyref_0[] = { 0x65, 0x73, 0x53, 0x44, 0x49, 0x60, 0x00, 0x06 }; +static u8 cvc_intca_keyref_1[] = { 0x65, 0x73, 0x53, 0x44, 0x49, 0x62, 0x00, 0x18 }; + +/** + * In memory key reference for selecting IFD sent certificate (dnieRealParamData->pk-IFD-AUT-keyRef) */ -static u8 cvc_intca_keyref[] = - { 0x65, 0x73, 0x53, 0x44, 0x49, 0x60, 0x00, 0x06 }; +static u8 cvc_ifd_keyref_0[] = { 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }; +static u8 cvc_ifd_keyref_1[] = { 0x00, 0x00, 0x00, 0x00, 0xd0, 0x02, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x02 }; /** - * In memory key reference for selecting IFD sent certificate + * In memory key reference for selecting IFD sent certificate in PIN channel DNIe 3.0 (dnie30RealParamDataPIN->pk-IFD-AUT-keyRef) */ -static u8 cvc_ifd_keyref[] = - { 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }; +static u8 cvc_ifd_keyref_pin_0[] = { 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }; +static u8 cvc_ifd_keyref_pin_1[] = { 0x00, 0x00, 0x00, 0x00, 0xd0, 0x02, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x04 }; /** - * In memory key reference for selecting IFD sent certificate in PIN channel DNIe 3.0 + * Serial number for IFD Terminal application (dnieRealParamData->sn-IFD) */ -static u8 cvc_ifd_keyref_pin[] = - { 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}; +static u8 sn_ifd_0[] = { 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }; +static u8 sn_ifd_1[] = { 0xd0, 0x02, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x02 }; /** - * Serial number for IFD Terminal application + * Serial number for IFD Terminal application in PIN channel DNIe 3.0 (dnie30RealParamDataPIN->sn-IFD) */ -static u8 sn_ifd[] = { 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }; +static u8 sn_ifd_pin_0[] = { 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }; +static u8 sn_ifd_pin_1[] = { 0xd0, 0x02, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x04 }; + +#define AC_RAIZ_COMPONENTES_OLD_IDX 0 +#define AC_RAIZ_COMPONENTES_ISSUER "/C=ES/O=DIRECCION GENERAL DE LA POLICIA/OU=DNIE/OU=AC RAIZ COMPONENTES/CN=000000006573524449600006" +#define AC_RAIZ_COMPONENTES_2_NEW_IDX 1 +#define AC_RAIZ_COMPONENTES_2_ISSUER "/C=ES/O=DIRECCION GENERAL DE LA POLICIA/OU=DNIE/organizationIdentifier=VATES-S2816015H/OU=AC RAIZ COMPONENTES 2/CN=000000006573524449620018" /** - * Serial number for IFD Terminal application in PIN channel DNIe 3.0 + * The DNIe secure channel uses some static configuration. + * Since DNIe 'BMP100001' it seems that the old values were + * replaced by new certs and keys. So an array of configuration + * values is going to be added that will be set to the card + * private data. For the moment the issuer of the icc intermediate + * CA cert will be used to assign one or the other array element. */ -static u8 sn_ifd_pin[] = { 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}; +static dnie_channel_data_t channel_data[] = { + { /* AC_RAIZ_COMPONENTES_OLD_IDX: Channel data configuration for DNIe before BMP100001 */ + .icc_root_ca = { + .modulus = { icc_root_ca_modulus_0, sizeof(icc_root_ca_modulus_0) }, + .exponent = { icc_root_ca_public_exponent, sizeof(icc_root_ca_public_exponent) } + }, + .ifd = { + .modulus = { ifd_modulus_0, sizeof(ifd_modulus_0) }, + .exponent = { ifd_public_exponent, sizeof(ifd_public_exponent) }, + .private = { ifd_private_exponent_0, sizeof(ifd_private_exponent_0) } + }, + .ifd_pin = { + .modulus = { .value = ifd_pin_modulus_0, sizeof(ifd_pin_modulus_0) }, + .exponent = { .value = ifd_pin_public_exponent, sizeof(ifd_pin_public_exponent) }, + .private = { .value = ifd_pin_private_exponent_0, sizeof(ifd_pin_private_exponent_0) } + }, + .C_CV_CA_CS_AUT_cert = { .value = C_CV_CA_CS_AUT_cert_0, sizeof(C_CV_CA_CS_AUT_cert_0) }, + .C_CV_IFDUser_AUT_cert = { .value = C_CV_IFDUser_AUT_cert_0, sizeof(C_CV_IFDUser_AUT_cert_0) }, + .C_CV_IFDUser_AUT_pin_cert = { .value = C_CV_IFDUser_AUT_pin_cert_0, sizeof(C_CV_IFDUser_AUT_pin_cert_0) }, + .root_ca_keyref = { root_ca_keyref, sizeof(root_ca_keyref) }, + .icc_priv_keyref = { icc_priv_keyref, sizeof(icc_priv_keyref) }, + .cvc_intca_keyref = { cvc_intca_keyref_0, sizeof(cvc_intca_keyref_0) }, + .cvc_ifd_keyref = { cvc_ifd_keyref_0, sizeof(cvc_ifd_keyref_0) }, + .cvc_ifd_keyref_pin = { cvc_ifd_keyref_pin_0, sizeof(cvc_ifd_keyref_pin_0) }, + .sn_ifd = { sn_ifd_0, sizeof(sn_ifd_0) }, + .sn_ifd_pin = { sn_ifd_pin_0, sizeof(sn_ifd_pin_0) } + }, + { /* AC_RAIZ_COMPONENTES_2_NEW_IDX: Channel data configuration for DNIe BMP100001 and newer */ + .icc_root_ca = { + .modulus = { icc_root_ca_modulus_1, sizeof(icc_root_ca_modulus_1) }, + .exponent = { icc_root_ca_public_exponent, sizeof(icc_root_ca_public_exponent) } + }, + .ifd = { + .modulus = { ifd_modulus_1, sizeof(ifd_modulus_1) }, + .exponent = { ifd_public_exponent, sizeof(ifd_public_exponent) }, + .private = { ifd_private_exponent_1, sizeof(ifd_private_exponent_1) } + }, + .ifd_pin = { + .modulus = { .value = ifd_pin_modulus_1, sizeof(ifd_pin_modulus_1) }, + .exponent = { .value = ifd_pin_public_exponent, sizeof(ifd_pin_public_exponent) }, + .private = { .value = ifd_pin_private_exponent_1, sizeof(ifd_pin_private_exponent_1) } + }, + .C_CV_CA_CS_AUT_cert = { .value = C_CV_CA_CS_AUT_cert_1, sizeof(C_CV_CA_CS_AUT_cert_1) }, + .C_CV_IFDUser_AUT_cert = { .value = C_CV_IFDUser_AUT_cert_1, sizeof(C_CV_IFDUser_AUT_cert_1) }, + .C_CV_IFDUser_AUT_pin_cert = { .value = C_CV_IFDUser_AUT_pin_cert_1, sizeof(C_CV_IFDUser_AUT_pin_cert_1) }, + .root_ca_keyref = { root_ca_keyref, sizeof(root_ca_keyref) }, + .icc_priv_keyref = { icc_priv_keyref, sizeof(icc_priv_keyref) }, + .cvc_intca_keyref = { cvc_intca_keyref_1, sizeof(cvc_intca_keyref_1) }, + .cvc_ifd_keyref = { cvc_ifd_keyref_1, sizeof(cvc_ifd_keyref_1) }, + .cvc_ifd_keyref_pin = { cvc_ifd_keyref_pin_1, sizeof(cvc_ifd_keyref_pin_1) }, + .sn_ifd = { sn_ifd_1, sizeof(sn_ifd_1) }, + .sn_ifd_pin = { sn_ifd_pin_1, sizeof(sn_ifd_pin_1) } + } +}; /************ internal functions **********************************/ @@ -402,6 +605,63 @@ static int dnie_read_certificate(sc_card_t * card, char *certpath, X509 ** cert) LOG_FUNC_RETURN(card->ctx, res); } +/** + * Method that sets the configuration channel data to use. + * The configuration data is already set to the card private data. + * Just created in case this will be modified. + * + * @param card Pointer to card driver structure + * @param data The data for the channel will be assined here + * @return SC_SUCCESS if ok; else error code + */ +static int dnie_get_channel_data(sc_card_t * card, dnie_channel_data_t ** data) { + dnie_private_data_t *priv_data = GET_DNIE_PRIV_DATA(card); + LOG_FUNC_CALLED(card->ctx); + if (!priv_data->channel_data) { + sc_log(card->ctx, "Data channel configuration was not initialized"); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL); + } + *data = priv_data->channel_data; + LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); +} + +/** + * Method to assign into the private data the secure channel + * configuration to use. Right now the icc_intermediate_ca_cert + * issuer is used. If it is the new one the new data is assigned + * else the old data is set. + * + * @param card Pointer to card driver structure + * @param icc_intermediate_ca_cert Pointer to the X509 icc intermediate CA certificate + * @return SC_SUCCESS if ok; else error code + */ +static int dnie_set_channel_data(sc_card_t * card, X509 * icc_intermediate_ca_cert) { + char *buf = NULL; + dnie_private_data_t *priv_data = GET_DNIE_PRIV_DATA(card); + LOG_FUNC_CALLED(card->ctx); + + X509_NAME *issuer = X509_get_issuer_name(icc_intermediate_ca_cert); + if (issuer) { + buf = X509_NAME_oneline(issuer, buf, 0); + if (!buf) { + LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); + } + sc_log(card->ctx, "icc_intermediate_ca_cert issuer %s", buf); + } + + if (buf && strcmp(buf, AC_RAIZ_COMPONENTES_2_ISSUER) == 0) { + sc_log(card->ctx, "assigning new data channel configuration"); + priv_data->channel_data = &channel_data[AC_RAIZ_COMPONENTES_2_NEW_IDX]; + } else { + sc_log(card->ctx, "assigning old data channel configuration"); + priv_data->channel_data = &channel_data[AC_RAIZ_COMPONENTES_OLD_IDX]; + } + if (buf) { + OPENSSL_free(buf); + } + LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); +} + /************ implementation of cwa provider methods **************/ /** @@ -417,8 +677,13 @@ static int dnie_get_root_ca_pubkey(sc_card_t * card, EVP_PKEY ** root_ca_key) int res=SC_SUCCESS; RSA *root_ca_rsa=NULL; BIGNUM *root_ca_rsa_n, *root_ca_rsa_e; + dnie_channel_data_t *data; LOG_FUNC_CALLED(card->ctx); + /* obtain the data channel info for the card */ + res = dnie_get_channel_data(card, &data); + LOG_TEST_RET(card->ctx, res, "Error getting the card channel data"); + /* compose root_ca_public key with data provided by Dnie Manual */ *root_ca_key = EVP_PKEY_new(); root_ca_rsa = RSA_new(); @@ -427,8 +692,8 @@ static int dnie_get_root_ca_pubkey(sc_card_t * card, EVP_PKEY ** root_ca_key) return SC_ERROR_OUT_OF_MEMORY; } - root_ca_rsa_n = BN_bin2bn(icc_root_ca_modulus, sizeof(icc_root_ca_modulus), NULL); - root_ca_rsa_e = BN_bin2bn(icc_root_ca_public_exponent, sizeof(icc_root_ca_public_exponent), NULL); + root_ca_rsa_n = BN_bin2bn(data->icc_root_ca.modulus.value, data->icc_root_ca.modulus.len, NULL); + root_ca_rsa_e = BN_bin2bn(data->icc_root_ca.exponent.value, data->icc_root_ca.exponent.len, NULL); if (RSA_set0_key(root_ca_rsa, root_ca_rsa_n, root_ca_rsa_e, NULL) != 1) { BN_free(root_ca_rsa_n); BN_free(root_ca_rsa_e); @@ -466,10 +731,17 @@ static int dnie_get_root_ca_pubkey(sc_card_t * card, EVP_PKEY ** root_ca_key) */ static int dnie_get_cvc_ca_cert(sc_card_t * card, u8 ** cert, size_t * length) { + int res; + dnie_channel_data_t *data; LOG_FUNC_CALLED(card->ctx); - *cert = C_CV_CA_CS_AUT_cert; - *length = sizeof(C_CV_CA_CS_AUT_cert); - LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); + + /* obtain the data channel info for the card */ + res = dnie_get_channel_data(card, &data); + LOG_TEST_RET(card->ctx, res, "Error getting the card channel data"); + + *cert = data->C_CV_CA_CS_AUT_cert.value; + *length = data->C_CV_CA_CS_AUT_cert.len; + LOG_FUNC_RETURN(card->ctx, res); } /** @@ -488,10 +760,17 @@ static int dnie_get_cvc_ca_cert(sc_card_t * card, u8 ** cert, size_t * length) */ static int dnie_get_cvc_ifd_cert(sc_card_t * card, u8 ** cert, size_t * length) { + int res; + dnie_channel_data_t *data; LOG_FUNC_CALLED(card->ctx); - *cert = C_CV_IFDUser_AUT_cert; - *length = sizeof(C_CV_IFDUser_AUT_cert); - LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); + + /* obtain the data channel info for the card */ + res = dnie_get_channel_data(card, &data); + LOG_TEST_RET(card->ctx, res, "Error getting the card channel data"); + + *cert = data->C_CV_IFDUser_AUT_cert.value; + *length = data->C_CV_IFDUser_AUT_cert.len; + LOG_FUNC_RETURN(card->ctx, res); } /** @@ -511,10 +790,17 @@ static int dnie_get_cvc_ifd_cert(sc_card_t * card, u8 ** cert, size_t * length) */ static int dnie_get_cvc_ifd_cert_pin(sc_card_t * card, u8 ** cert, size_t * length) { + int res; + dnie_channel_data_t *data; LOG_FUNC_CALLED(card->ctx); - *cert = C_CV_IFDUser_AUT_pin_cert; - *length = sizeof(C_CV_IFDUser_AUT_pin_cert); - LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); + + /* obtain the data channel info for the card */ + res = dnie_get_channel_data(card, &data); + LOG_TEST_RET(card->ctx, res, "Error getting the card channel data"); + + *cert = data->C_CV_IFDUser_AUT_pin_cert.value; + *length = data->C_CV_IFDUser_AUT_pin_cert.len; + LOG_FUNC_RETURN(card->ctx, res); } /** @@ -584,9 +870,16 @@ static int dnie_get_privkey(sc_card_t * card, EVP_PKEY ** ifd_privkey, */ static int dnie_get_ifd_privkey(sc_card_t * card, EVP_PKEY ** ifd_privkey) { - return dnie_get_privkey(card, ifd_privkey, ifd_modulus, sizeof(ifd_modulus), - ifd_public_exponent, sizeof(ifd_public_exponent), - ifd_private_exponent, sizeof(ifd_private_exponent)); + int res; + dnie_channel_data_t *data; + + /* obtain the data channel info for the card */ + res = dnie_get_channel_data(card, &data); + LOG_TEST_RET(card->ctx, res, "Error getting the card channel data"); + + return dnie_get_privkey(card, ifd_privkey, data->ifd.modulus.value, data->ifd.modulus.len, + data->ifd.exponent.value, data->ifd.exponent.len, + data->ifd.private.value, data->ifd.private.len); } /** @@ -601,9 +894,16 @@ static int dnie_get_ifd_privkey(sc_card_t * card, EVP_PKEY ** ifd_privkey) */ static int dnie_get_ifd_privkey_pin(sc_card_t * card, EVP_PKEY ** ifd_privkey) { - return dnie_get_privkey(card, ifd_privkey, ifd_pin_modulus, sizeof(ifd_pin_modulus), - ifd_pin_public_exponent, sizeof(ifd_pin_public_exponent), - ifd_pin_private_exponent, sizeof(ifd_pin_private_exponent)); + int res; + dnie_channel_data_t *data; + + /* obtain the data channel info for the card */ + res = dnie_get_channel_data(card, &data); + LOG_TEST_RET(card->ctx, res, "Error getting the card channel data"); + + return dnie_get_privkey(card, ifd_privkey, data->ifd_pin.modulus.value, data->ifd_pin.modulus.len, + data->ifd_pin.exponent.value, data->ifd_pin.exponent.len, + data->ifd_pin.private.value, data->ifd_pin.private.len); } /** @@ -615,7 +915,14 @@ static int dnie_get_ifd_privkey_pin(sc_card_t * card, EVP_PKEY ** ifd_privkey) */ static int dnie_get_icc_intermediate_ca_cert(sc_card_t * card, X509 ** cert) { - return dnie_read_certificate(card, "3F006020", cert); + dnie_private_data_t *priv_data = GET_DNIE_PRIV_DATA(card); + + int res = dnie_read_certificate(card, "3F006020", cert); + if (res == SC_SUCCESS && !priv_data->channel_data) { + /* initialize the secure channel data using the issuer cert */ + res = dnie_set_channel_data(card, *cert); + } + return res; } /** @@ -642,9 +949,16 @@ static int dnie_get_icc_cert(sc_card_t * card, X509 ** cert) static int dnie_get_root_ca_pubkey_ref(sc_card_t * card, u8 ** buf, size_t * len) { - *buf = root_ca_keyref; - *len = sizeof(root_ca_keyref); - return SC_SUCCESS; + int res; + dnie_channel_data_t *data; + + /* obtain the data channel info for the card */ + res = dnie_get_channel_data(card, &data); + LOG_TEST_RET(card->ctx, res, "Error getting the card channel data"); + + *buf = data->root_ca_keyref.value; + *len = data->root_ca_keyref.len; + return res; } /** @@ -661,9 +975,16 @@ static int dnie_get_root_ca_pubkey_ref(sc_card_t * card, u8 ** buf, static int dnie_get_intermediate_ca_pubkey_ref(sc_card_t * card, u8 ** buf, size_t * len) { - *buf = cvc_intca_keyref; - *len = sizeof(cvc_intca_keyref); - return SC_SUCCESS; + int res; + dnie_channel_data_t *data; + + /* obtain the data channel info for the card */ + res = dnie_get_channel_data(card, &data); + LOG_TEST_RET(card->ctx, res, "Error getting the card channel data"); + + *buf = data->cvc_intca_keyref.value; + *len = data->cvc_intca_keyref.len; + return res; } /** @@ -680,9 +1001,16 @@ static int dnie_get_intermediate_ca_pubkey_ref(sc_card_t * card, u8 ** buf, */ static int dnie_get_ifd_pubkey_ref(sc_card_t * card, u8 ** buf, size_t * len) { - *buf = cvc_ifd_keyref; - *len = sizeof(cvc_ifd_keyref); - return SC_SUCCESS; + int res; + dnie_channel_data_t *data; + + /* obtain the data channel info for the card */ + res = dnie_get_channel_data(card, &data); + LOG_TEST_RET(card->ctx, res, "Error getting the card channel data"); + + *buf = data->cvc_ifd_keyref.value; + *len = data->cvc_ifd_keyref.len; + return res; } /** @@ -699,10 +1027,17 @@ static int dnie_get_ifd_pubkey_ref(sc_card_t * card, u8 ** buf, size_t * len) */ static int dnie_get_ifd_pubkey_ref_pin(sc_card_t * card, u8 ** buf, size_t * len) { + int res; + dnie_channel_data_t *data; LOG_FUNC_CALLED(card->ctx); - *buf = cvc_ifd_keyref_pin; - *len = sizeof(cvc_ifd_keyref_pin); - return SC_SUCCESS; + + /* obtain the data channel info for the card */ + res = dnie_get_channel_data(card, &data); + LOG_TEST_RET(card->ctx, res, "Error getting the card channel data"); + + *buf = data->cvc_ifd_keyref_pin.value; + *len = data->cvc_ifd_keyref_pin.len; + return res; } /** @@ -718,9 +1053,16 @@ static int dnie_get_ifd_pubkey_ref_pin(sc_card_t * card, u8 ** buf, size_t * len */ static int dnie_get_icc_privkey_ref(sc_card_t * card, u8 ** buf, size_t * len) { - *buf = icc_priv_keyref; - *len = sizeof(icc_priv_keyref); - return SC_SUCCESS; + int res; + dnie_channel_data_t *data; + + /* obtain the data channel info for the card */ + res = dnie_get_channel_data(card, &data); + LOG_TEST_RET(card->ctx, res, "Error getting the card channel data"); + + *buf = data->icc_priv_keyref.value; + *len = data->icc_priv_keyref.len; + return res; } /** @@ -735,9 +1077,16 @@ static int dnie_get_icc_privkey_ref(sc_card_t * card, u8 ** buf, size_t * len) */ static int dnie_get_sn_ifd(sc_card_t * card) { + int res; + dnie_channel_data_t *data; struct sm_cwa_session * sm = &card->sm_ctx.info.session.cwa; - memcpy(sm->ifd.sn, sn_ifd, sizeof(sm->ifd.sn)); - return SC_SUCCESS; + + /* obtain the data channel info for the card */ + res = dnie_get_channel_data(card, &data); + LOG_TEST_RET(card->ctx, res, "Error getting the card channel data"); + + memcpy(sm->ifd.sn, data->sn_ifd.value, data->sn_ifd.len); + return res; } /** @@ -752,9 +1101,16 @@ static int dnie_get_sn_ifd(sc_card_t * card) */ static int dnie_get_sn_ifd_pin(sc_card_t * card) { + int res; + dnie_channel_data_t *data; struct sm_cwa_session * sm = &card->sm_ctx.info.session.cwa; - memcpy(sm->ifd.sn, sn_ifd_pin, sizeof(sm->ifd.sn)); - return SC_SUCCESS; + + /* obtain the data channel info for the card */ + res = dnie_get_channel_data(card, &data); + LOG_TEST_RET(card->ctx, res, "Error getting the card channel data"); + + memcpy(sm->ifd.sn, data->sn_ifd_pin.value, data->sn_ifd_pin.len); + return res; } /* Retrieve SN.ICC (8 bytes left padded with zeroes if needed). diff --git a/src/libopensc/cwa-dnie.h b/src/libopensc/cwa-dnie.h index 91b0135dac..2edbf52ba1 100644 --- a/src/libopensc/cwa-dnie.h +++ b/src/libopensc/cwa-dnie.h @@ -39,6 +39,41 @@ typedef struct ui_context { struct cwa_provider_st; +/** + * Structs for the channel configuration data. + */ +typedef struct dnie_buffer { + u8 *value; + size_t len; +} dnie_buffer_t; + +typedef struct dnie_public_key { + dnie_buffer_t modulus; + dnie_buffer_t exponent; +} dnie_public_key_t; + +typedef struct dnie_private_key { + dnie_buffer_t modulus; + dnie_buffer_t exponent; + dnie_buffer_t private; +} dnie_private_key_t; + +typedef struct dnie_channel_data { + dnie_public_key_t icc_root_ca; + dnie_private_key_t ifd; + dnie_private_key_t ifd_pin; + dnie_buffer_t C_CV_CA_CS_AUT_cert; + dnie_buffer_t C_CV_IFDUser_AUT_cert; + dnie_buffer_t C_CV_IFDUser_AUT_pin_cert; + dnie_buffer_t root_ca_keyref; + dnie_buffer_t icc_priv_keyref; + dnie_buffer_t cvc_intca_keyref; + dnie_buffer_t cvc_ifd_keyref; + dnie_buffer_t cvc_ifd_keyref_pin; + dnie_buffer_t sn_ifd; + dnie_buffer_t sn_ifd_pin; +} dnie_channel_data_t; + /** * OpenDNIe private data declaration * @@ -53,6 +88,7 @@ struct cwa_provider_st; #ifdef ENABLE_DNIE_UI struct ui_context ui_ctx; #endif + dnie_channel_data_t *channel_data; /* Configuration data for the secure channel */ } dnie_private_data_t; /**