merge changes 0.11.11 -> 0.11.12

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3899 c6295689-39f2-0310-b995-f0e70906c6a9

NEWS

@@ -9,6 +9,10 @@ or doc/nonpersistent/ChangeLog.
 New in 0.??.==; 200?-??-??; ??
 * New westcos driver by François Leblanc
 
+New in 0.11.12; 2009-12-18; Andreas Jellinghaus
+* Document integer problem in OpenSC and implement workaround
+* Improve entersafe profile to support private data objects
+
 New in 0.11.9; 2009-07-29; Andreas Jellinghaus
 * New rutoken_ecp driver by  Aktiv Co. / Aleksey Samsonov
 * Allow more keys/certificates/files etc. with entersafe tokens

etc/opensc.conf.in

@@ -269,7 +269,7 @@ app default {
 		#
 		# Default: no
 		# try_emulation_first = yes;
-		#
+
 		# Enable builtin emulators.
 		# Default: yes
 		# enable_builtin_emulation = no;
@@ -297,6 +297,23 @@ app default {
 		# this option only affects cardos cards right now.
 		# Default: yes
 		# enable_sign_with_decrypt_workaround = no;
+
+		# workaround: fix keyReference and pinReference values
+		# OpenSC 0.11.4 and older have a bug: integers were not
+		# properly encoded in asn.1 structures. So far only
+		# starcos cards were found to have a problem with this,
+		# and only these two values were found to be filled with
+		# the wrong value.
+      		#
+		# Fortunatly those values (if present) need to be positive.
+		# Thus we can check if these are available and negative,
+		# and if so fix them by adding 256 to get the correct value.
+		#
+		# To be on the safe side, this workaround/fix can be turned
+		# off.
+		#
+		# Default: yes
+		# enable_fix_asn1_integers = no;
 	}
 }
 

src/libopensc/asn1.c

@@ -999,6 +999,9 @@ static int asn1_decode_entry(sc_context_t *ctx,struct sc_asn1_entry *entry,
 	case SC_ASN1_ENUMERATED:
 		if (parm != NULL)
 			r = sc_asn1_decode_integer(obj, objlen, (int *) entry->parm);
+		if (ctx->debug >= 6)
+			sc_debug(ctx, "%*.*sdecoding '%s' returned %d\n", depth, depth, "", entry->name, *((int *) entry->parm));
+
 		break;
 	case SC_ASN1_BIT_STRING_NI:
 	case SC_ASN1_BIT_STRING:

src/libopensc/pkcs15-pin.c

@@ -110,6 +110,16 @@ int sc_pkcs15_decode_aodf_entry(struct sc_pkcs15_card *p15card,
 		else
 			info.max_length = 8; /* shouldn't happen */
 	}
+
+	/* OpenSC 0.11.4 and older encoded "pinReference" as a negative
+	   value. Fixed in 0.11.5 we need to add a hack, so old cards
+	   continue to work. */
+	if (p15card->flags & SC_PKCS15_CARD_FLAG_FIX_INTEGERS) {
+		if (info.reference < 0) {
+			info.reference += 256;
+		}
+	}
+
 	memcpy(obj->data, &info, sizeof(info));
 
 	return 0;

src/libopensc/pkcs15-prkey.c

@@ -200,6 +200,16 @@ int sc_pkcs15_decode_prkdf_entry(struct sc_pkcs15_card *p15card,
 			free(info.params);
 		return r;
 	}
+
+        /* OpenSC 0.11.4 and older encoded "keyReference" as a negative
+           value. Fixed in 0.11.5 we need to add a hack, so old cards
+           continue to work. */
+        if (p15card->flags & SC_PKCS15_CARD_FLAG_FIX_INTEGERS) {
+                if (info.key_reference < -1) {
+                        info.key_reference += 256;
+                }
+        }
+
 	obj->data = malloc(sizeof(info));
 	if (obj->data == NULL) {
 		if (info.params)

src/libopensc/pkcs15-pubkey.c

@@ -190,6 +190,16 @@ int sc_pkcs15_decode_pukdf_entry(struct sc_pkcs15_card *p15card,
 			free(info.params);
 		return r;
 	}
+
+        /* OpenSC 0.11.4 and older encoded "keyReference" as a negative
+           value. Fixed in 0.11.5 we need to add a hack, so old cards
+           continue to work. */
+        if (p15card->flags & SC_PKCS15_CARD_FLAG_FIX_INTEGERS) {
+                if (info.key_reference < -1) {
+                        info.key_reference += 256;
+                }
+        }
+
 	obj->data = malloc(sizeof(info));
 	if (obj->data == NULL) {
 		if (info.params)

src/libopensc/pkcs15.c

@@ -755,6 +755,11 @@ int sc_pkcs15_bind(sc_card_t *card,
 			|| strcmp(p15card->manufacturer_id,"Prime") == 0 ))
 		p15card->flags |= SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT;
 
+	/* for starcos cards only: fix asn1 integers */
+	if (strcmp(p15card->card->driver->short_name,"starcos") == 0
+		&& scconf_get_bool(conf_block, "enable_fix_asn1_integers", 1))
+		p15card->flags |= SC_PKCS15_CARD_FLAG_FIX_INTEGERS;
+
 	/* set special flags based on card meta data */
 	if (strcmp(p15card->card->driver->short_name,"cardos") == 0) {
 

src/libopensc/pkcs15.h

@@ -437,10 +437,11 @@ typedef struct sc_pkcs15_card {
 #define SC_PKCS15_CARD_FLAG_LOGIN_REQUIRED		0x02
 #define SC_PKCS15_CARD_FLAG_PRN_GENERATION		0x04
 #define SC_PKCS15_CARD_FLAG_EID_COMPLIANT		0x08
-#define SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT		0x10
-#define SC_PKCS15_CARD_FLAG_EMULATED			0x20
-#define SC_PKCS15_CARD_FLAG_USER_PIN_INITIALIZED	0x40
-#define SC_PKCS15_CARD_FLAG_TOKEN_INITIALIZED		0x80
+#define SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT		0x01000000
+#define SC_PKCS15_CARD_FLAG_EMULATED			0x02000000
+#define SC_PKCS15_CARD_FLAG_FIX_INTEGERS		0x04000000
+#define SC_PKCS15_CARD_FLAG_USER_PIN_INITIALIZED	0x08000000
+#define SC_PKCS15_CARD_FLAG_TOKEN_INITIALIZED		0x10000000
 
 /* sc_pkcs15_bind:  Binds a card object to a PKCS #15 card object
  * and initializes a new PKCS #15 card object.  Will return

src/pkcs15init/entersafe.profile

@@ -151,32 +151,39 @@ filesystem {
 		    	    file-id	   = FFFF;
 				}
         		EF public-key {
-    	    	    file-id	  = 3003;
+    	    	    file-id	  = 3000;
    					structure = transparent;
 					ACL	  	  = *=NEVER,READ=NONE,UPDATE=$PIN;
         		}
 
         		# Certificate template
         		EF certificate {
-            	    file-id	   = 3104;
+            	    file-id	   = 3100;
             		structure  = transparent;
 					ACL	  	   = *=NEVER,READ=NONE,UPDATE=$PIN;
         		}
 
         		# Extractable private keys are stored in transparent EFs.
         		# Encryption of the content is performed by libopensc.
         		EF extractable-key {
-            	    file-id		   = 3201;
+            	    file-id		   = 3200;
             		structure	   = transparent;
 					ACL	  	  	   = *=NEVER,READ=NONE,UPDATE=$PIN;
         		}
 
         		# data objects are stored in transparent EFs.
         		EF data {
-            	    file-id		= 3301;
+            	    file-id		= 3300;
             		structure	= transparent;
-					ACL	  	  	= *=NEVER,READ=NONE,UPDATE=$PIN;
+					ACL	  	  	= *=NEVER,READ=NONE,UPDATE=NONE;
         		}
+        		# data objects are stored in transparent EFs.
+        		EF privdata {
+            	    file-id		= 3400;
+            		structure	= transparent;
+					ACL	  	  	= *=NEVER,READ=$PIN,UPDATE=$PIN;
+        		}
+
 			}
 		}
     }

src/pkcs15init/pkcs15-lib.c

@@ -2618,7 +2618,8 @@ static int sc_pkcs15init_update_tokeninfo(struct sc_pkcs15_card *p15card,
 
 	/* create a temporary tokeninfo structure */
 	tokeninfo.version = p15card->version;
-	tokeninfo.flags = p15card->flags;
+	/* ugly opensc hack, we use the some high flags internaly */
+	tokeninfo.flags = p15card->flags & 0xffffff; 
 	tokeninfo.label = p15card->label;
 	tokeninfo.serial_number = p15card->serial_number;
 	tokeninfo.manufacturer_id = p15card->manufacturer_id;