Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Imported Upstream version 0.12.0+svn5273

  • Loading branch information...
commit b49b9714e7f980ce257ec026220ff7200fa2de0f 1 parent 8823233
@marschap authored
Showing with 487 additions and 407 deletions.
  1. +1 −1  doc/tools/netkey-tool.xml
  2. +17 −21 doc/tools/westcos-tool.xml
  3. +250 −180 src/cardmod/cardmod.c
  4. +3 −0  src/common/libpkcs11.c
  5. +3 −1 src/common/libscdl.c
  6. +1 −1  src/common/libscdl.h
  7. +4 −4 src/libopensc/card-atrust-acos.c
  8. +5 −3 src/libopensc/card-authentic.c
  9. +3 −5 src/libopensc/card-iasecc.c
  10. +10 −10 src/libopensc/card-oberthur.c
  11. +3 −1 src/libopensc/card-piv.c
  12. +3 −3 src/libopensc/card-rtecp.c
  13. +5 −5 src/libopensc/card-starcos.c
  14. +1 −1  src/libopensc/card-westcos.c
  15. +1 −1  src/libopensc/cards.h
  16. +4 −0 src/libopensc/ctx.c
  17. +7 −0 src/libopensc/iso7816.c
  18. +26 −21 src/libopensc/padding.c
  19. +2 −2 src/libopensc/pkcs15-itacns.c
  20. +4 −2 src/libopensc/pkcs15-oberthur.c
  21. +2 −2 src/libopensc/pkcs15-pubkey.c
  22. +61 −72 src/libopensc/pkcs15-sec.c
  23. +2 −6 src/libopensc/pkcs15.c
  24. +2 −2 src/libopensc/reader-ctapi.c
  25. +2 −2 src/libopensc/reader-openct.c
  26. +12 −3 src/libopensc/reader-pcsc.c
  27. +4 −4 src/pkcs15init/entersafe.profile
  28. +6 −6 src/pkcs15init/iasecc.profile
  29. +1 −1  src/pkcs15init/pkcs15-iasecc.c
  30. +6 −7 src/pkcs15init/pkcs15-lib.c
  31. +1 −1  src/pkcs15init/pkcs15-oberthur-awp.c
  32. +24 −28 src/pkcs15init/profile.c
  33. +2 −2 src/pkcs15init/profile.h
  34. +2 −2 src/tools/eidenv.c
  35. +2 −2 src/tools/pkcs15-init.c
  36. +1 −1  src/tools/pkcs15-tool.c
  37. +4 −4 src/tools/westcos-tool.c
View
2  doc/tools/netkey-tool.xml
@@ -82,7 +82,7 @@
<para>If you specify the global PIN via the <option>--pin</option> option,
<command>netkey-tool</command> will also display the initial value of the cards
global PUK. If your global PUK was changed <command>netkey-tool</command> will still
- diplay its initial value. There's no way to recover a lost global PUK once it was changed.
+ display its initial value. There's no way to recover a lost global PUK once it was changed.
There's also no way to display the initial value of your global PUK without knowing the
current value of your global PIN. </para>
View
38 doc/tools/westcos-tool.xml
@@ -8,8 +8,8 @@
<refnamediv>
<refname>westcos-tool</refname>
- <refpurpose>utility for manipulating data structure
- on westcos smart card and similar security tokens</refpurpose>
+ <refpurpose>utility for manipulating data structures
+ on westcos smart cards</refpurpose>
</refnamediv>
<refsect1>
@@ -34,13 +34,9 @@
<para>
<variablelist>
<varlistentry>
- <term>
- <option>--reader</option> num,
- <option>-r</option> num
- </term>
+ <term><option>--reader, r</option> num</term>
<listitem><para>
- Use the given reader number. The default
- is 0, the first reader in the system.
+ Use the given reader. The default is the first reader with a card.
</para></listitem>
</varlistentry>
@@ -52,14 +48,14 @@
<varlistentry>
<term><option>--generate-key, -g</option></term>
<listitem><para>Generate a private key on smart card. The smart card must be
- not finalized and pin installed (ig. file for pin must be created, see option
+ not finalized and a PIN must be installed (ie. file for PIN must be created, see option
-i). By default key length is 1536 bits. User authentication is required for
this operation. </para></listitem>
</varlistentry>
<varlistentry>
<term><option>--overwrite-key, -o</option></term>
- <listitem><para>Otherwrite key if they are already a key on card.</para></listitem>
+ <listitem><para>Overwrite the key if there is already a key on card.</para></listitem>
</varlistentry>
<varlistentry>
@@ -73,7 +69,7 @@
<varlistentry>
<term><option>--install-pin, -i</option></term>
- <listitem><para>Install pin file in token, you must provide pin value
+ <listitem><para>Install PIN file in token, you must provide PIN value
with <option>-x</option>.</para></listitem>
</varlistentry>
@@ -82,7 +78,7 @@
<option>--pin-value</option> value,
<option>-x</option> value
</term>
- <listitem><para>set value of pin.</para></listitem>
+ <listitem><para>set value of PIN.</para></listitem>
</varlistentry>
<varlistentry>
@@ -90,7 +86,7 @@
<option>--puk-value</option> value,
<option>-y</option> value
</term>
- <listitem><para>set value of puk (or value of new pin for change pin
+ <listitem><para>set value of PUK (or value of new PIN for change PIN
command see <option>-n</option>).</para></listitem>
</varlistentry>
@@ -102,25 +98,25 @@
<varlistentry>
<term><option>--unblock-pin, -u</option></term>
- <listitem><para>Unblocks a PIN stored on the token. Knowledge of the Pin
- Unblock Key (PUK) is required for this operation.</para></listitem>
+ <listitem><para>Unblocks a PIN stored on the token. Knowledge of the
+ PIN Unblock Key (PUK) is required for this operation.</para></listitem>
</varlistentry>
<varlistentry>
<term>
- <option>--certificat</option> file,
+ <option>--certificate</option> file,
<option>-t</option> file
</term>
- <listitem><para>Write certificate file in pem format on the
+ <listitem><para>Write certificate file in PEM format to the
card. User authentication is required for this operation.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--finalize, -f</option></term>
- <listitem><para>Finalize the card, once finalize default key is invalidate so pin and puk
- can'be changed anymore without user authentification. Warning, smart cards not finalized are
- unsecure because pin can be changed without user authentification (knowledge of default key
- is enougth).</para></listitem>
+ <listitem><para>Finalize the card. Once finalized the default key is invalidated so PIN and PUK
+ can't be changed anymore without user authentication. Warning,
+ un-finalized are insecure because PIN can be changed without user authentication (knowledge of default key
+ is enough).</para></listitem>
</varlistentry>
<varlistentry>
View
430 src/cardmod/cardmod.c
@@ -35,6 +35,7 @@
#include <windows.h>
#include "cardmod.h"
+#include "libopensc/cardctl.h"
#include "libopensc/opensc.h"
#include "libopensc/pkcs15.h"
#include "libopensc/log.h"
@@ -93,7 +94,6 @@ static void logprintf(PCARD_DATA pCardData, int level, const char* format, ...)
{
va_list arg;
VENDOR_SPECIFIC *vs;
-
/* #define CARDMOD_LOW_LEVEL_DEBUG 1 */
#ifdef CARDMOD_LOW_LEVEL_DEBUG
/* Use a simplied log to get all messages including messages
@@ -248,6 +248,162 @@ static size_t compute_keybits(sc_pkcs15_bignum_t *bn)
return bits;
}
+
+/*
+ * Serialize GUID
+ * Ex. {3F2504E0-4F89-11D3-9A0C-0305E82C3301}
+ */
+static int serialize_guid(unsigned char *in, char *out, size_t out_len)
+{
+ int ii, jj, in_offs = 0, out_offs = 0;
+
+ if (out_len < 39) /* In cardmod.h MAX_CONTAINER_NAME_LEN defined as 39 */
+ return SCARD_E_INSUFFICIENT_BUFFER;
+
+ strcpy(out, "{");
+ for (ii=0; ii<4; ii++)
+ sprintf(out + strlen(out), "%02X", *(in + in_offs++));
+ for (jj=0; jj<3; jj++) {
+ strcat(out, "-");
+ for (ii=0; ii<2; ii++)
+ sprintf(out + strlen(out), "%02X", *(in + in_offs++));
+ }
+ strcat(out, "-");
+ for (ii=0; ii<6; ii++)
+ sprintf(out + strlen(out), "%02X", *(in + in_offs++));
+ strcat(out, "}");
+ return SCARD_S_SUCCESS;
+}
+
+static int get_pin_by_role(PCARD_DATA pCardData, PIN_ID role, struct sc_pkcs15_object **ret_obj)
+{
+ VENDOR_SPECIFIC *vs;
+ int i;
+
+ if (!pCardData)
+ return SCARD_E_INVALID_PARAMETER;
+
+ logprintf(pCardData, 2, "get PIN with role %i\n", role);
+
+ vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific);
+ if (vs->pin_count == 0) {
+ logprintf(pCardData, 2, "cannot get PIN object: no PIN defined\n");
+ return SCARD_E_UNSUPPORTED_FEATURE;
+ }
+
+ if (!ret_obj)
+ return SCARD_E_INVALID_PARAMETER;
+
+ *ret_obj = NULL;
+
+ for(i = 0; i < vs->pin_count; i++)
+ {
+ struct sc_pkcs15_object *obj = vs->pin_objs[i];
+ struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *) (obj->data);
+ unsigned int pin_flags = pin_info->flags;
+ unsigned int admin_pin_flags = SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN | SC_PKCS15_PIN_FLAG_SO_PIN;
+
+ logprintf(pCardData, 2, "PIN[%s] flags 0x%X\n", obj->label, pin_flags);
+ if (role == ROLE_USER) {
+ if (!(pin_flags & admin_pin_flags)) {
+ *ret_obj = obj;
+ break;
+ }
+ }
+ else if (role == ROLE_ADMIN) {
+ if (pin_flags & admin_pin_flags) {
+ *ret_obj = obj;
+ break;
+ }
+ }
+ else {
+ logprintf(pCardData, 2, "cannot get PIN object: unsupported role\n");
+ return SCARD_E_UNSUPPORTED_FEATURE;
+ }
+ }
+
+ if (i == vs->pin_count) {
+ logprintf(pCardData, 2, "cannot get PIN object: not found\n");
+ return SCARD_E_UNSUPPORTED_FEATURE;
+ }
+
+ return SCARD_S_SUCCESS;
+}
+
+static void dump_objects (PCARD_DATA pCardData)
+{
+ VENDOR_SPECIFIC *vs;
+ sc_pkcs15_prkey_info_t *prkey_info;
+ sc_pkcs15_cert_t *cert;
+ int i;
+
+ if (!pCardData)
+ return;
+
+ vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific);
+ if (!vs)
+ return;
+
+ for(i = 0; i < vs->prkey_count; i++)
+ {
+ prkey_info = (sc_pkcs15_prkey_info_t*)(vs->prkey_objs[i]->data);
+ logprintf(pCardData, 5, "prkey_info->subject %d (subject_len=%d)" \
+ "modulus_length=%d subject ", i, prkey_info->subject.len, \
+ prkey_info->modulus_length);
+ loghex(pCardData, 5, prkey_info->subject.value, prkey_info->subject.len);
+ }
+
+ for(i = 0; i < vs->cert_count; i++)
+ {
+ sc_pkcs15_read_certificate(vs->p15card, \
+ (struct sc_pkcs15_cert_info *)(vs->cert_objs[i]->data), &cert);
+ logprintf(pCardData, 5, "cert->subject %d ", i);
+ loghex(pCardData, 5, cert->subject, cert->subject_len);
+ sc_pkcs15_free_certificate(cert);
+ }
+
+ for(i = 0; i < vs->pin_count; i++)
+ {
+ const char *pin_flags[] =
+ {
+ "case-sensitive", "local", "change-disabled",
+ "unblock-disabled", "initialized", "needs-padding",
+ "unblockingPin", "soPin", "disable_allowed",
+ "integrity-protected", "confidentiality-protected",
+ "exchangeRefData"
+ };
+ const char *pin_types[] = {"bcd", "ascii-numeric", "UTF-8",
+ "halfnibble bcd", "iso 9664-1"};
+ const struct sc_pkcs15_object *obj = vs->pin_objs[i];
+ const struct sc_pkcs15_pin_info *pin = (const struct sc_pkcs15_pin_info *) (obj->data);
+ const size_t pf_count = sizeof(pin_flags)/sizeof(pin_flags[0]);
+ size_t j;
+
+ logprintf(pCardData, 2, "PIN [%s]\n", obj->label);
+ logprintf(pCardData, 2, "\tCom. Flags: 0x%X\n", obj->flags);
+ logprintf(pCardData, 2, "\tID : %s\n", sc_pkcs15_print_id(&pin->auth_id));
+ logprintf(pCardData, 2, "\tFlags : [0x%02X]", pin->flags);
+ for (j = 0; j < pf_count; j++)
+ if (pin->flags & (1 << j)) {
+ logprintf(pCardData, 2, ", %s", pin_flags[j]);
+ }
+ logprintf(pCardData, 2, "\n");
+ logprintf(pCardData, 2, "\tLength : min_len:%lu, max_len:%lu, stored_len:%lu\n",
+ (unsigned long)pin->min_length, (unsigned long)pin->max_length,
+ (unsigned long)pin->stored_length);
+ logprintf(pCardData, 2, "\tPad char : 0x%02X\n", pin->pad_char);
+ logprintf(pCardData, 2, "\tReference : %d\n", pin->reference);
+ if (pin->type < sizeof(pin_types)/sizeof(pin_types[0]))
+ logprintf(pCardData, 2, "\tType : %s\n", pin_types[pin->type]);
+ else
+ logprintf(pCardData, 2, "\tType : [encoding %d]\n", pin->type);
+ logprintf(pCardData, 2, "\tPath : %s\n", sc_print_path(&pin->path));
+ if (pin->tries_left >= 0)
+ logprintf(pCardData, 2, "\tTries left: %d\n", pin->tries_left);
+ }
+}
+
+
DWORD WINAPI CardDeleteContext(__inout PCARD_DATA pCardData)
{
int i;
@@ -693,11 +849,10 @@ DWORD WINAPI CardReadFile(__in PCARD_DATA pCardData,
for(i = 0, p = (PCONTAINER_MAP_RECORD)*ppbData; \
i < vs->cert_count; i++,p++)
{
+ struct sc_pkcs15_cert_info *cert_info = (sc_pkcs15_cert_info_t *)vs->cert_objs[i]->data;
sc_pkcs15_cert_t *cert = NULL;
- r = sc_pkcs15_read_certificate(vs->p15card, \
- (struct sc_pkcs15_cert_info *)(vs->cert_objs[i]->data), \
- &cert);
+ r = sc_pkcs15_read_certificate(vs->p15card, cert_info, &cert);
logprintf(pCardData, 2, "sc_pkcs15_read_certificate return %d\n", r);
if(r)
{
@@ -706,55 +861,30 @@ DWORD WINAPI CardReadFile(__in PCARD_DATA pCardData,
pubkey = cert->key;
if(pubkey->algorithm == SC_ALGORITHM_RSA)
{
+ struct sc_card *card = vs->p15card->card;
+ unsigned char guid_bin[SC_PKCS15_MAX_ID_SIZE + SC_MAX_SERIALNR];
+ struct sc_serial_number serialnr;
char guid[MAX_CONTAINER_NAME_LEN + 1];
- char *g;
- char *sn;
- size_t snlen;
- size_t idlen;
- u8 * id;
- int si;
-
- /* We need unique number here, so
- * Use card serial number + sc_pkcs15_id of the cert.
- * the wszGuid is 39 characters,
- * The sc_pkcs15_id can be 255 and is binary an must be converted
- * serial is large and character
- * So will use as much of the id as posible.
- * converting to a string.
- * Will do this in ingle byte char then convert to wchar
+
+ /* The globally unique identifier derived from the PKCS#15 object
+ * identifier concatenated with the card's serial number.
+ * So that, the object's id will be used as much as possible.
+ * Will do this firstly in single byte char then convert to wchar.
*/
- id = (u8 *)((sc_pkcs15_cert_info_t *)vs->cert_objs[i]->data)->id.value;
- idlen = ((sc_pkcs15_cert_info_t *)vs->cert_objs[i]->data)->id.len;
+ memset(guid_bin, 0, sizeof(guid_bin));
+ memcpy(guid_bin, cert_info->id.value, cert_info->id.len);
+ r = sc_card_ctl(card, SC_CARDCTL_GET_SERIALNR, &serialnr);
+ if (r)
+ return SCARD_F_INTERNAL_ERROR;
+ memcpy(guid_bin + cert_info->id.len, serialnr.value, serialnr.len);
- if (idlen > MAX_CONTAINER_NAME_LEN/2) {
- id += idlen - MAX_CONTAINER_NAME_LEN/2;
- idlen = MAX_CONTAINER_NAME_LEN/2;
- }
-
- g = guid;
- /* if id (convereted to printable) is less then MAX_CONTAINER_NAME_LEN */
- /* use last part of serial number. */
- logprintf(pCardData, 7, "DEE id=%p:%d g=%p\n", id, idlen, g);
- if (idlen * 2 < MAX_CONTAINER_NAME_LEN) {
- si = MAX_CONTAINER_NAME_LEN - idlen * 2;
- sn = vs->p15card->tokeninfo->serial_number;
- snlen= strlen(vs->p15card->tokeninfo->serial_number);
- logprintf(pCardData, 7, "DEE si=%d sn=%d\n", si, sn);
- if (snlen > si) {
- sn += snlen - si;
- snlen = si;
- }
- logprintf(pCardData, 7, "DEE si=%d g=%p sn=%p:%d\n", si,g, sn, snlen);
- memcpy(g, sn, snlen);
- g += snlen;
-
- }
- for (si = 0; si < idlen; si++) {
- sprintf(g, "%02X", id[si]);
- g +=2;
+ r = serialize_guid(guid_bin, guid, sizeof(guid));
+ if(r)
+ {
+ return r;
}
- *g = '\0';
+
logprintf(pCardData, 7, "Guid=%s\n", guid);
mbstowcs(p->wszGuid, guid, MAX_CONTAINER_NAME_LEN + 1);
@@ -1060,12 +1190,14 @@ DWORD WINAPI CardRSADecrypt(__in PCARD_DATA pCardData,
DWORD WINAPI CardSignData(__in PCARD_DATA pCardData,
__in PCARD_SIGNING_INFO pInfo)
{
- int r;
- int i, opt_crypt_flags = 0;
+ int r, i;
+ int opt_crypt_flags = 0, opt_hash_flags = 0;
VENDOR_SPECIFIC *vs;
- ALG_ID hashAlg = pInfo->aiHashAlg;
+ ALG_ID hashAlg;
sc_pkcs15_cert_info_t *cert_info;
sc_pkcs15_prkey_info_t *prkey_info;
+ BYTE dataToSign[0x200];
+ size_t dataToSignLen = sizeof(dataToSign);
logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData);
logprintf(pCardData, 1, "CardSignData\n");
@@ -1074,10 +1206,15 @@ DWORD WINAPI CardSignData(__in PCARD_DATA pCardData,
if (!pInfo) return SCARD_E_INVALID_PARAMETER;
logprintf(pCardData, 2, "CardSignData dwVersion=%u, bContainerIndex=%u," \
- "dwKeySpec=%u, dwSigningFlags=0x%08X, aiHashAlg=0x%08X, cbData=%u\n", \
+ "dwKeySpec=%u, dwSigningFlags=0x%08X, aiHashAlg=0x%08X\n", \
pInfo->dwVersion,pInfo->bContainerIndex ,pInfo->dwKeySpec, \
- pInfo->dwSigningFlags, pInfo->aiHashAlg, pInfo->cbData);
+ pInfo->dwSigningFlags, pInfo->aiHashAlg);
+ logprintf(pCardData, 7, "pInfo->pbData(%i) ", pInfo->cbData);
+ loghex(pCardData, 7, pInfo->pbData, pInfo->cbData);
+
+ hashAlg = pInfo->aiHashAlg;
+
vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific);
check_reader_status(pCardData);
@@ -1086,6 +1223,10 @@ DWORD WINAPI CardSignData(__in PCARD_DATA pCardData,
logprintf(pCardData, 2, "pInfo->dwVersion = %d\n", pInfo->dwVersion);
+ if (dataToSignLen < pInfo->cbData) return SCARD_E_INSUFFICIENT_BUFFER;
+ memcpy(dataToSign, pInfo->pbData, pInfo->cbData);
+ dataToSignLen = pInfo->cbData;
+
if (CARD_PADDING_INFO_PRESENT & pInfo->dwSigningFlags)
{
BCRYPT_PKCS1_PADDING_INFO *pinf = (BCRYPT_PKCS1_PADDING_INFO *)pInfo->pPaddingInfo;
@@ -1094,19 +1235,18 @@ DWORD WINAPI CardSignData(__in PCARD_DATA pCardData,
logprintf(pCardData, 0, "unsupported paddingtype\n");
return SCARD_E_UNSUPPORTED_FEATURE;
}
- opt_crypt_flags += SC_ALGORITHM_RSA_PAD_PKCS1;
if (!pinf->pszAlgId)
{
/* hashAlg = CALG_SSL3_SHAMD5; */
logprintf(pCardData, 3, "Using CALG_SSL3_SHAMD5 hashAlg\n");
- opt_crypt_flags += SC_ALGORITHM_RSA_HASH_MD5_SHA1;
+ opt_hash_flags = SC_ALGORITHM_RSA_HASH_MD5_SHA1;
}
else
{
- if (wcscmp(pinf->pszAlgId, L"MD5") == 0) opt_crypt_flags += SC_ALGORITHM_RSA_HASH_MD5;
- else if (wcscmp(pinf->pszAlgId, L"SHA1") == 0) opt_crypt_flags += SC_ALGORITHM_RSA_HASH_SHA1;
- else if (wcscmp(pinf->pszAlgId, L"SHAMD5") == 0) opt_crypt_flags += SC_ALGORITHM_RSA_HASH_MD5_SHA1;
+ if (wcscmp(pinf->pszAlgId, L"MD5") == 0) opt_hash_flags = SC_ALGORITHM_RSA_HASH_MD5;
+ else if (wcscmp(pinf->pszAlgId, L"SHA1") == 0) opt_hash_flags = SC_ALGORITHM_RSA_HASH_SHA1;
+ else if (wcscmp(pinf->pszAlgId, L"SHAMD5") == 0) opt_hash_flags = SC_ALGORITHM_RSA_HASH_MD5_SHA1;
else
logprintf(pCardData, 0,"unknown AlgId %S\n",NULLWSTR(pinf->pszAlgId));
}
@@ -1115,30 +1255,44 @@ DWORD WINAPI CardSignData(__in PCARD_DATA pCardData,
{
logprintf(pCardData, 3, "CARD_PADDING_INFO_PRESENT not set\n");
- opt_crypt_flags = SC_ALGORITHM_RSA_PAD_PKCS1;
-
if (GET_ALG_CLASS(hashAlg) != ALG_CLASS_HASH)
{
logprintf(pCardData, 0, "bogus aiHashAlg\n");
return SCARD_E_INVALID_PARAMETER;
}
- if (hashAlg !=0 && hashAlg != CALG_SSL3_SHAMD5 &&
- hashAlg != CALG_SHA1 && hashAlg != CALG_MD5)
- {
- logprintf(pCardData, 0, "unsupported aiHashAlg\n");
- return SCARD_E_UNSUPPORTED_FEATURE;
- }
if (hashAlg == CALG_MD5)
- opt_crypt_flags += SC_ALGORITHM_RSA_HASH_MD5;
- if (hashAlg == CALG_SHA1)
- opt_crypt_flags += SC_ALGORITHM_RSA_HASH_SHA1;
- if (hashAlg == CALG_SSL3_SHAMD5)
- opt_crypt_flags += SC_ALGORITHM_RSA_HASH_MD5_SHA1;
+ opt_hash_flags = SC_ALGORITHM_RSA_HASH_MD5;
+ else if (hashAlg == CALG_SHA1)
+ opt_hash_flags = SC_ALGORITHM_RSA_HASH_SHA1;
+ else if (hashAlg == CALG_SSL3_SHAMD5)
+ opt_hash_flags = SC_ALGORITHM_RSA_HASH_MD5_SHA1;
+ else if (hashAlg !=0)
+ return SCARD_E_UNSUPPORTED_FEATURE;
}
-
- logprintf(pCardData, 2, "pInfo->pbSignedData = %p, opt_crypt_flags = 0x%08X\n", \
- pInfo->pbSignedData, opt_crypt_flags);
+
+ /* From sc-minidriver_specs_v7.docx pp.76:
+ * 'The Base CSP/KSP performs the hashing operation on the data before passing it
+ * to CardSignData for signature.'
+ * So, the SC_ALGORITHM_RSA_HASH_* flags should not be passed to pkcs15 library
+ * when calculating the signature .
+ *
+ * From sc-minidriver_specs_v7.docx pp.76:
+ * 'If the aiHashAlg member is nonzero, it specifies the hash algorithm’s object identifier (OID)
+ * that is encoded in the PKCS padding.'
+ * So, the digest info has be included into the data to be signed.
+ * */
+ if (opt_hash_flags) {
+ logprintf(pCardData, 2, "include digest info of the algorithm 0x%08X\n", opt_hash_flags);
+ dataToSignLen = sizeof(dataToSign);
+ r = sc_pkcs1_encode(vs->p15card->card->ctx, opt_hash_flags,
+ pInfo->pbData, pInfo->cbData, dataToSign, &dataToSignLen, 0);
+ if (r) {
+ logprintf(pCardData, 2, "PKCS#1 encode error %s\n", sc_strerror(r));
+ return SCARD_E_INVALID_VALUE;
+ }
+ }
+ opt_crypt_flags = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_NONE;
if(!(pInfo->bContainerIndex < vs->cert_count))
{
@@ -1147,32 +1301,21 @@ DWORD WINAPI CardSignData(__in PCARD_DATA pCardData,
cert_info = (struct sc_pkcs15_cert_info *) \
(vs->cert_objs[pInfo->bContainerIndex]->data);
-
- for(i = 0; i < vs->prkey_count; i++)
- {
- sc_pkcs15_object_t *obj = (sc_pkcs15_object_t *)vs->prkey_objs[i];
- if(sc_pkcs15_compare_id(&((struct sc_pkcs15_prkey_info *) obj->data)->id, &(cert_info->id)))
- {
- vs->pkey = vs->prkey_objs[i];
- break;
- }
- }
-
- if(vs->pkey == NULL)
- {
+
+ r = sc_pkcs15_find_prkey_by_id(vs->p15card, &cert_info->id, &vs->pkey);
+ if (r)
return SCARD_E_INVALID_PARAMETER;
- }
-
+
prkey_info = (sc_pkcs15_prkey_info_t*)(vs->pkey->data);
-
+
pInfo->cbSignedData = prkey_info->modulus_length / 8;
logprintf(pCardData, 3, "pInfo->cbSignedData = %d\n", pInfo->cbSignedData);
if(!(pInfo->dwSigningFlags&CARD_BUFFER_SIZE_ONLY))
{
int r,i;
- BYTE *pbuf = NULL, *pbuf2 = NULL;
- DWORD lg, lg2;
+ BYTE *pbuf = NULL;
+ DWORD lg;
lg = pInfo->cbSignedData;
logprintf(pCardData, 3, "lg = %d\n", lg);
@@ -1182,35 +1325,18 @@ DWORD WINAPI CardSignData(__in PCARD_DATA pCardData,
return SCARD_E_NO_MEMORY;
}
- lg2 = pInfo->cbData;
- pbuf2 = pCardData->pfnCspAlloc(lg2);
- if (!pbuf2)
- {
- pCardData->pfnCspFree(pbuf);
- return SCARD_E_NO_MEMORY;
- }
-
- logprintf(pCardData, 7, "pInfo->pbData ");
- loghex(pCardData, 7, pInfo->pbData, pInfo->cbData);
-
-
- /*inversion donnees*/
- for(i = 0; i < lg2; i++) pbuf2[i] = pInfo->pbData[lg2-i-1];
-
- logprintf(pCardData, 7, "pbuf2 ");
- loghex(pCardData, 7, pbuf2, lg2);
-
+ logprintf(pCardData, 7, "Data to sign: ");
+ loghex(pCardData, 7, dataToSign, dataToSignLen);
pInfo->pbSignedData = pCardData->pfnCspAlloc(pInfo->cbSignedData);
if (!pInfo->pbSignedData)
{
pCardData->pfnCspFree(pbuf);
- pCardData->pfnCspFree(pbuf2);
return SCARD_E_NO_MEMORY;
}
r = sc_pkcs15_compute_signature(vs->p15card, vs->pkey, \
- opt_crypt_flags, pInfo->pbData, pInfo->cbData, pbuf, lg);
+ opt_crypt_flags, dataToSign, dataToSignLen, pbuf, lg);
logprintf(pCardData, 2, "sc_pkcs15_compute_signature return %d\n", r);
if(r < 0)
{
@@ -1218,8 +1344,6 @@ DWORD WINAPI CardSignData(__in PCARD_DATA pCardData,
sc_strerror(r));
}
- pCardData->pfnCspFree(pbuf2);
-
pInfo->cbSignedData = r;
/*inversion donnees*/
@@ -1300,7 +1424,7 @@ DWORD WINAPI CardAuthenticateEx(__in PCARD_DATA pCardData,
{
int r;
VENDOR_SPECIFIC *vs;
- sc_pkcs15_object_t *pin_obj;
+ sc_pkcs15_object_t *pin_obj = NULL;
logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData);
logprintf(pCardData, 1, "CardAuthenticateEx\n");
@@ -1324,7 +1448,13 @@ DWORD WINAPI CardAuthenticateEx(__in PCARD_DATA pCardData,
if (PinId != ROLE_USER) return SCARD_E_INVALID_PARAMETER;
- pin_obj = vs->pin_objs[0];
+ r = get_pin_by_role(pCardData, ROLE_USER, &pin_obj);
+ if (r != SCARD_S_SUCCESS)
+ {
+ logprintf(pCardData, 2, "Cannot get User PIN object");
+ return r;
+ }
+
r = sc_pkcs15_verify_pin(vs->p15card, pin_obj, (const u8 *) pbPinData, cbPinData);
if (r)
{
@@ -1957,70 +2087,10 @@ static int associate_card(PCARD_DATA pCardData)
logprintf(pCardData, 2, "Found %d pin(s) in the card.\n", \
vs->pin_count);
-
- if(1) /* for debuging */
- {
- int i;
- sc_pkcs15_prkey_info_t *prkey_info;
- sc_pkcs15_cert_t *cert;
- for(i = 0; i < vs->prkey_count; i++)
- {
- prkey_info = (sc_pkcs15_prkey_info_t*)(vs->prkey_objs[i]->data);
- logprintf(pCardData, 5, "prkey_info->subject %d (subject_len=%d)" \
- "modulus_length=%d subject ", i, prkey_info->subject.len, \
- prkey_info->modulus_length);
- loghex(pCardData, 5, prkey_info->subject.value, prkey_info->subject.len);
- }
-
- for(i = 0; i < vs->cert_count; i++)
- {
- sc_pkcs15_read_certificate(vs->p15card, \
- (struct sc_pkcs15_cert_info *)(vs->cert_objs[i]->data), &cert);
- logprintf(pCardData, 5, "cert->subject %d ", i);
- loghex(pCardData, 5, cert->subject, cert->subject_len);
- sc_pkcs15_free_certificate(cert);
- }
-
- for(i = 0; i < vs->pin_count; i++)
- {
- const char *pin_flags[] =
- {
- "case-sensitive", "local", "change-disabled",
- "unblock-disabled", "initialized", "needs-padding",
- "unblockingPin", "soPin", "disable_allowed",
- "integrity-protected", "confidentiality-protected",
- "exchangeRefData"
- };
- const char *pin_types[] = {"bcd", "ascii-numeric", "UTF-8",
- "halfnibble bcd", "iso 9664-1"};
- const struct sc_pkcs15_object *obj = vs->pin_objs[i];
- const struct sc_pkcs15_pin_info *pin = (const struct sc_pkcs15_pin_info *) (obj->data);
- const size_t pf_count = sizeof(pin_flags)/sizeof(pin_flags[0]);
- size_t j;
-
- logprintf(pCardData, 2, "PIN [%s]\n", obj->label);
- logprintf(pCardData, 2, "\tCom. Flags: 0x%X\n", obj->flags);
- logprintf(pCardData, 2, "\tID : %s\n", sc_pkcs15_print_id(&pin->auth_id));
- logprintf(pCardData, 2, "\tFlags : [0x%02X]", pin->flags);
- for (j = 0; j < pf_count; j++)
- if (pin->flags & (1 << j)) {
- logprintf(pCardData, 2, ", %s", pin_flags[j]);
- }
- logprintf(pCardData, 2, "\n");
- logprintf(pCardData, 2, "\tLength : min_len:%lu, max_len:%lu, stored_len:%lu\n",
- (unsigned long)pin->min_length, (unsigned long)pin->max_length,
- (unsigned long)pin->stored_length);
- logprintf(pCardData, 2, "\tPad char : 0x%02X\n", pin->pad_char);
- logprintf(pCardData, 2, "\tReference : %d\n", pin->reference);
- if (pin->type < sizeof(pin_types)/sizeof(pin_types[0]))
- logprintf(pCardData, 2, "\tType : %s\n", pin_types[pin->type]);
- else
- logprintf(pCardData, 2, "\tType : [encoding %d]\n", pin->type);
- logprintf(pCardData, 2, "\tPath : %s\n", sc_print_path(&pin->path));
- if (pin->tries_left >= 0)
- logprintf(pCardData, 2, "\tTries left: %d\n", pin->tries_left);
- }
- }
+#if 1
+ dump_objects(pCardData);
+#endif
+
return SCARD_S_SUCCESS;
}
View
3  src/common/libpkcs11.c
@@ -10,6 +10,9 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#ifdef HAVE_LTDL_H
+#include <ltdl.h>
+#endif
#include "pkcs11/pkcs11.h"
View
4 src/common/libscdl.c
@@ -20,6 +20,8 @@
#include "config.h"
+#include "libscdl.h"
+
#ifdef HAVE_LTDL_H
#include <ltdl.h>
/* libltdl is present, pass all calls to it */
@@ -34,7 +36,7 @@ void *sc_dlsym(void *handle, const char *symbol)
return lt_dlsym((lt_dlhandle)handle, symbol);
}
-const char *sc_dlerror()
+const char *sc_dlerror(void)
{
return lt_dlerror();
}
View
2  src/common/libscdl.h
@@ -21,4 +21,4 @@
void *sc_dlopen(const char *filename);
void *sc_dlsym(void *handle, const char *symbol);
int sc_dlclose(void *handle);
-const char *sc_dlerror();
+const char *sc_dlerror(void);
View
8 src/libopensc/card-atrust-acos.c
@@ -61,7 +61,7 @@ static struct sc_card_driver atrust_acos_drv = {
NULL, 0, NULL
};
-/* internal structure to save the current security enviroment */
+/* internal structure to save the current security environment */
typedef struct atrust_acos_ex_data_st {
int sec_ops; /* the currently selected security operation,
* i.e. SC_SEC_OPERATION_AUTHENTICATE etc. */
@@ -522,14 +522,14 @@ static int atrust_acos_select_file(struct sc_card *card,
}
/** atrust_acos_set_security_env
- * sets the security enviroment
+ * sets the security environment
* \param card pointer to the sc_card object
* \param env pointer to a sc_security_env object
* \param se_num not used here
* \return SC_SUCCESS on success or an error code
*
- * This function sets the security enviroment (using the
- * command MANAGE SECURITY ENVIROMENT). In case a COMPUTE SIGNATURE
+ * This function sets the security environment (using the
+ * command MANAGE SECURITY ENVIRONMENT). In case a COMPUTE SIGNATURE
* operation is requested , this function tries to detect whether
* COMPUTE SIGNATURE or INTERNAL AUTHENTICATE must be used for signature
* calculation.
View
8 src/libopensc/card-authentic.c
@@ -505,6 +505,7 @@ authentic_erase_binary(struct sc_card *card, unsigned int offs, size_t count, un
}
+#if 0
static int
authentic_resize_file(struct sc_card *card, unsigned file_id, unsigned new_size)
{
@@ -536,6 +537,7 @@ authentic_resize_file(struct sc_card *card, unsigned file_id, unsigned new_size)
LOG_FUNC_RETURN(ctx, rv);
}
+#endif
static int
@@ -1252,7 +1254,7 @@ static int
authentic_chv_verify_pinpad(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd, int *tries_left)
{
struct sc_context *ctx = card->ctx;
- unsigned char ffs[0x100];
+ unsigned char buffer[0x100];
struct sc_pin_cmd_pin *pin1 = &pin_cmd->pin1;
int rv;
@@ -1271,8 +1273,8 @@ authentic_chv_verify_pinpad(struct sc_card *card, struct sc_pin_cmd_data *pin_cm
pin1->len = pin1->min_length;
pin1->max_length = 8;
- memset(ffs, pin1->pad_char, sizeof(ffs));
- pin1->data = ffs;
+ memset(buffer, pin1->pad_char, sizeof(buffer));
+ pin1->data = buffer;
pin_cmd->cmd = SC_PIN_CMD_VERIFY;
pin_cmd->flags |= SC_PIN_CMD_USE_PINPAD;
View
8 src/libopensc/card-iasecc.c
@@ -644,7 +644,6 @@ iasecc_select_file(struct sc_card *card, const struct sc_path *path,
sc_print_cache(card);
if (lpath.len >= 2 && lpath.value[0] == 0x3F && lpath.value[1] == 0x00) {
struct sc_path mfpath;
- int rv;
memset(&mfpath, 0, sizeof(struct sc_path));
sc_log(ctx, "EF.ATR(aid:'%s')", card->ef_atr ? sc_dump_hex(card->ef_atr->aid.value, card->ef_atr->aid.len) : "");
@@ -1526,7 +1525,7 @@ static int
iasecc_chv_verify_pinpad(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd, int *tries_left)
{
struct sc_context *ctx = card->ctx;
- unsigned char ffs[0x100];
+ unsigned char buffer[0x100];
int rv;
LOG_FUNC_CALLED(ctx);
@@ -1549,8 +1548,8 @@ iasecc_chv_verify_pinpad(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd,
pin_cmd->pin1.len = pin_cmd->pin1.min_length;
- memset(ffs, 0xFF, sizeof(ffs));
- pin_cmd->pin1.data = ffs;
+ memset(buffer, 0xFF, sizeof(buffer));
+ pin_cmd->pin1.data = buffer;
pin_cmd->cmd = SC_PIN_CMD_VERIFY;
pin_cmd->flags |= SC_PIN_CMD_USE_PINPAD;
@@ -2215,7 +2214,6 @@ iasecc_get_serialnr(struct sc_card *card, struct sc_serial_number *serial)
do {
char txt[0x200];
- size_t ii;
for (ii=0;ii<card->serialnr.len;ii++)
sprintf(txt + ii*2, "%02X", *(card->serialnr.value + ii));
View
20 src/libopensc/card-oberthur.c
@@ -1578,12 +1578,12 @@ auth_pin_verify_pinpad(struct sc_card *card, int pin_reference, int *tries_left)
struct sc_card_driver *iso_drv = sc_get_iso7816_driver();
struct sc_pin_cmd_data pin_cmd;
struct sc_apdu apdu;
- unsigned char ffs[0x100];
+ unsigned char ffs1[0x100];
int rv;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
- memset(ffs, 0xFF, sizeof(ffs));
+ memset(ffs1, 0xFF, sizeof(ffs1));
memset(&pin_cmd, 0, sizeof(pin_cmd));
rv = auth_pin_is_verified(card, pin_reference, tries_left);
@@ -1605,7 +1605,7 @@ auth_pin_verify_pinpad(struct sc_card *card, int pin_reference, int *tries_left)
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x20, 0x00, pin_reference);
apdu.lc = OBERTHUR_AUTH_MAX_LENGTH_PIN;
apdu.datalen = OBERTHUR_AUTH_MAX_LENGTH_PIN;
- apdu.data = ffs;
+ apdu.data = ffs1;
pin_cmd.apdu = &apdu;
pin_cmd.pin_type = SC_AC_CHV;
@@ -1617,7 +1617,7 @@ auth_pin_verify_pinpad(struct sc_card *card, int pin_reference, int *tries_left)
pin_cmd.pin1.max_length = 8;
pin_cmd.pin1.encoding = SC_PIN_ENCODING_ASCII;
pin_cmd.pin1.offset = 5;
- pin_cmd.pin1.data = ffs;
+ pin_cmd.pin1.data = ffs1;
pin_cmd.pin1.len = OBERTHUR_AUTH_MAX_LENGTH_PIN;
pin_cmd.pin1.pad_length = OBERTHUR_AUTH_MAX_LENGTH_PIN;
@@ -1799,7 +1799,7 @@ auth_pin_reset_oberthur_style(struct sc_card *card, unsigned int type,
struct sc_file *tmp_file = NULL;
struct sc_apdu apdu;
unsigned char puk[OBERTHUR_AUTH_MAX_LENGTH_PUK];
- unsigned char ffs[0x100];
+ unsigned char ffs1[0x100];
int rv, rvv, local_pin_reference;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
@@ -1833,15 +1833,15 @@ auth_pin_reset_oberthur_style(struct sc_card *card, unsigned int type,
if (rv != OBERTHUR_AUTH_MAX_LENGTH_PUK)
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_DATA, "Oberthur style 'PIN RESET' failed");
- memset(ffs, 0xFF, sizeof(ffs));
- memcpy(ffs, puk, rv);
+ memset(ffs1, 0xFF, sizeof(ffs1));
+ memcpy(ffs1, puk, rv);
memset(&pin_cmd, 0, sizeof(pin_cmd));
pin_cmd.pin_type = SC_AC_CHV;
pin_cmd.cmd = SC_PIN_CMD_UNBLOCK;
pin_cmd.pin_reference = local_pin_reference;
auth_init_pin_info(card, &pin_cmd.pin1, OBERTHUR_AUTH_TYPE_PUK);
- pin_cmd.pin1.data = ffs;
+ pin_cmd.pin1.data = ffs1;
pin_cmd.pin1.len = OBERTHUR_AUTH_MAX_LENGTH_PUK;
if (data->pin2.data) {
@@ -1853,7 +1853,7 @@ auth_pin_reset_oberthur_style(struct sc_card *card, unsigned int type,
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x2C, 0x00, local_pin_reference);
apdu.lc = OBERTHUR_AUTH_MAX_LENGTH_PIN + OBERTHUR_AUTH_MAX_LENGTH_PUK;
apdu.datalen = OBERTHUR_AUTH_MAX_LENGTH_PIN + OBERTHUR_AUTH_MAX_LENGTH_PUK;
- apdu.data = ffs;
+ apdu.data = ffs1;
pin_cmd.apdu = &apdu;
pin_cmd.flags |= SC_PIN_CMD_USE_PINPAD | SC_PIN_CMD_IMPLICIT_CHANGE;
@@ -1863,7 +1863,7 @@ auth_pin_reset_oberthur_style(struct sc_card *card, unsigned int type,
pin_cmd.pin1.encoding = SC_PIN_ENCODING_ASCII;
pin_cmd.pin1.offset = 5;
- pin_cmd.pin2.data = &ffs[OBERTHUR_AUTH_MAX_LENGTH_PUK];
+ pin_cmd.pin2.data = &ffs1[OBERTHUR_AUTH_MAX_LENGTH_PUK];
pin_cmd.pin2.len = OBERTHUR_AUTH_MAX_LENGTH_PIN;
pin_cmd.pin2.offset = 5 + OBERTHUR_AUTH_MAX_LENGTH_PUK;
pin_cmd.pin2.min_length = 4;
View
4 src/libopensc/card-piv.c
@@ -162,7 +162,7 @@ struct piv_aid {
* NIST published this on 10/6/2005
* 800-73-2 Part 1 now refers to version "02 00"
* i.e. "A0 00 00 03 08 00 00 01 00 02 00".
- * but we dont need the version number. but could get it from the PIX.
+ * but we don't need the version number. but could get it from the PIX.
*
* 800-73-3 Part 1 now referes to "01 00" i.e. going back to 800-73-1.
* The main differences between 73-1, and 73-3 are the addition of the
@@ -176,8 +176,10 @@ static struct piv_aid piv_aids[] = {
};
/* The EC curves supported by PIV */
+#if 0
static u8 oid_prime256v1[] = {"\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07"};
static u8 oid_secp384r1[] = {"\x06\x05\x2b\x81\x04\x00\x22"};
+#endif
/*
* Flags in the piv_object:
View
6 src/libopensc/card-rtecp.c
@@ -524,7 +524,7 @@ static int rtecp_list_files(sc_card_t *card, u8 *buf, size_t buflen)
{
apdu.resp = rbuf;
apdu.resplen = sizeof(rbuf);
- apdu.le = sizeof(rbuf) - 2;
+ apdu.le = 256;
r = sc_transmit_apdu(card, &apdu);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
if (apdu.sw1 == 0x6A && apdu.sw2 == 0x82)
@@ -595,7 +595,7 @@ static int rtecp_card_ctl(sc_card_t *card, unsigned long request, void *data)
sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xCA, 0x01, 0x81);
apdu.resp = buf;
apdu.resplen = sizeof(buf);
- apdu.le = sizeof(buf) - 2;
+ apdu.le = 256;
serial->len = sizeof(serial->value);
break;
case SC_CARDCTL_RTECP_GENERATE_KEY:
@@ -605,7 +605,7 @@ static int rtecp_card_ctl(sc_card_t *card, unsigned long request, void *data)
genkey_data->key_id);
apdu.resp = buf;
apdu.resplen = sizeof(buf);
- apdu.le = sizeof(buf) - 2;
+ apdu.le = 256;
break;
case SC_CARDCTL_LIFECYCLE_SET:
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%s\n",
View
10 src/libopensc/card-starcos.c
@@ -55,7 +55,7 @@ static const struct sc_card_error starcos_errors[] =
{ 0x6F01, SC_ERROR_CARD_CMD_FAILED, "public key not complete"},
{ 0x6F02, SC_ERROR_CARD_CMD_FAILED, "data overflow"},
{ 0x6F03, SC_ERROR_CARD_CMD_FAILED, "invalid command sequence"},
- { 0x6F05, SC_ERROR_CARD_CMD_FAILED, "security enviroment invalid"},
+ { 0x6F05, SC_ERROR_CARD_CMD_FAILED, "security environment invalid"},
{ 0x6F07, SC_ERROR_FILE_NOT_FOUND, "key part not found"},
{ 0x6F08, SC_ERROR_CARD_CMD_FAILED, "signature failed"},
{ 0x6F0A, SC_ERROR_INCORRECT_PARAMETERS, "key format does not match key length"},
@@ -63,7 +63,7 @@ static const struct sc_card_error starcos_errors[] =
{ 0x6F81, SC_ERROR_CARD_CMD_FAILED, "system error"}
};
-/* internal structure to save the current security enviroment */
+/* internal structure to save the current security environment */
typedef struct starcos_ex_data_st {
int sec_ops; /* the currently selected security operation,
* i.e. SC_SEC_OPERATION_AUTHENTICATE etc. */
@@ -997,14 +997,14 @@ static int starcos_gen_key(sc_card_t *card, sc_starcos_gen_key_data *data)
}
/** starcos_set_security_env
- * sets the security enviroment
+ * sets the security environment
* \param card pointer to the sc_card object
* \param env pointer to a sc_security_env object
* \param se_num not used here
* \return SC_SUCCESS on success or an error code
*
- * This function sets the security enviroment (using the starcos spk 2.3
- * command MANAGE SECURITY ENVIROMENT). In case a COMPUTE SIGNATURE
+ * This function sets the security environment (using the starcos spk 2.3
+ * command MANAGE SECURITY ENVIRONMENT). In case a COMPUTE SIGNATURE
* operation is requested , this function tries to detect whether
* COMPUTE SIGNATURE or INTERNAL AUTHENTICATE must be used for signature
* calculation.
View
2  src/libopensc/card-westcos.c
@@ -252,7 +252,7 @@ static int westcos_init(sc_card_t * card)
scconf_get_str(card->ctx->conf_blocks[0], "westcos_default_key",
DEFAULT_TRANSPORT_KEY);
if (default_key) {
- priv_data_t *priv_data = (priv_data_t *) (card->drv_data);
+ priv_data = (priv_data_t *) (card->drv_data);
priv_data->default_key.key_reference = 0;
priv_data->default_key.key_len =
sizeof(priv_data->default_key.key_value);
View
2  src/libopensc/cards.h
@@ -218,7 +218,7 @@ extern sc_card_driver_t *sc_get_ias_driver(void);
extern sc_card_driver_t *sc_get_javacard_driver(void);
extern sc_card_driver_t *sc_get_itacns_driver(void);
extern sc_card_driver_t *sc_get_authentic_driver(void);
-extern sc_card_driver_t *sc_get_iasecc_driver();
+extern sc_card_driver_t *sc_get_iasecc_driver(void);
#ifdef __cplusplus
}
View
4 src/libopensc/ctx.c
@@ -28,6 +28,10 @@
#include <sys/stat.h>
#include <limits.h>
+#ifdef HAVE_LTDL_H
+#include <ltdl.h>
+#endif
+
#ifdef _WIN32
#include <windows.h>
#include <winreg.h>
View
7 src/libopensc/iso7816.c
@@ -133,6 +133,13 @@ static int iso7816_read_binary(sc_card_t *card,
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2));
memcpy(buf, recvbuf, apdu.resplen);
+ if (apdu.resplen < count) {
+ r = iso7816_read_binary(card, idx + apdu.resplen, buf + apdu.resplen, count - apdu.resplen, flags);
+ SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
+
+ apdu.resplen += r;
+ }
+
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, apdu.resplen);
}
View
47 src/libopensc/padding.c
@@ -178,12 +178,14 @@ static int sc_pkcs1_add_digest_info_prefix(unsigned int algorithm,
const u8 *hdr = digest_info_prefix[i].hdr;
size_t hdr_len = digest_info_prefix[i].hdr_len,
hash_len = digest_info_prefix[i].hash_len;
- if (in_len != hash_len ||
- *out_len < (hdr_len + hash_len))
+
+ if (in_len != hash_len || *out_len < (hdr_len + hash_len))
return SC_ERROR_INTERNAL;
+
memmove(out + hdr_len, in, hash_len);
memmove(out, hdr, hdr_len);
*out_len = hdr_len + hash_len;
+
return SC_SUCCESS;
}
}
@@ -222,25 +224,27 @@ int sc_pkcs1_strip_digest_info_prefix(unsigned int *algorithm,
int sc_pkcs1_encode(sc_context_t *ctx, unsigned long flags,
const u8 *in, size_t in_len, u8 *out, size_t *out_len, size_t mod_len)
{
- int i;
+ int rv, i;
size_t tmp_len = *out_len;
const u8 *tmp = in;
unsigned int hash_algo, pad_algo;
+ LOG_FUNC_CALLED(ctx);
+
hash_algo = flags & (SC_ALGORITHM_RSA_HASHES | SC_ALGORITHM_RSA_HASH_NONE);
pad_algo = flags & SC_ALGORITHM_RSA_PADS;
+ sc_log(ctx, "hash algorithm 0x%X, pad algorithm 0x%X", hash_algo, pad_algo);
if (hash_algo != SC_ALGORITHM_RSA_HASH_NONE) {
- i = sc_pkcs1_add_digest_info_prefix(hash_algo, in, in_len,
- out, &tmp_len);
+ i = sc_pkcs1_add_digest_info_prefix(hash_algo, in, in_len, out, &tmp_len);
if (i != SC_SUCCESS) {
- sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unable to add digest info 0x%x",
- hash_algo);
- return i;
+ sc_log(ctx, "Unable to add digest info 0x%x", hash_algo);
+ LOG_FUNC_RETURN(ctx, i);
}
tmp = out;
- } else
+ } else {
tmp_len = in_len;
+ }
switch(pad_algo) {
case SC_ALGORITHM_RSA_PAD_NONE:
@@ -248,15 +252,15 @@ int sc_pkcs1_encode(sc_context_t *ctx, unsigned long flags,
if (out != tmp)
memcpy(out, tmp, tmp_len);
*out_len = tmp_len;
- return SC_SUCCESS;
+ LOG_FUNC_RETURN(ctx, SC_SUCCESS);
case SC_ALGORITHM_RSA_PAD_PKCS1:
/* add pkcs1 bt01 padding */
- return sc_pkcs1_add_01_padding(tmp, tmp_len, out, out_len,
- mod_len);
+ rv = sc_pkcs1_add_01_padding(tmp, tmp_len, out, out_len, mod_len);
+ LOG_FUNC_RETURN(ctx, rv);
default:
/* currently only pkcs1 padding is supported */
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unsupported padding algorithm 0x%x", pad_algo);
- return SC_ERROR_NOT_SUPPORTED;
+ LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
}
}
@@ -266,9 +270,11 @@ int sc_get_encoding_flags(sc_context_t *ctx,
{
size_t i;
+ LOG_FUNC_CALLED(ctx);
if (pflags == NULL || sflags == NULL)
- return SC_ERROR_INVALID_ARGUMENTS;
+ LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
+ sc_log(ctx, "iFlags 0x%X, card capabilities 0x%X", iflags, caps);
for (i = 0; digest_info_prefix[i].algorithm != 0; i++) {
if (iflags & digest_info_prefix[i].algorithm) {
if (digest_info_prefix[i].algorithm != SC_ALGORITHM_RSA_HASH_NONE &&
@@ -288,16 +294,15 @@ int sc_get_encoding_flags(sc_context_t *ctx,
} else if ((iflags & SC_ALGORITHM_RSA_PADS) == SC_ALGORITHM_RSA_PAD_NONE) {
/* Work with RSA, EC and maybe GOSTR? */
- if (!(caps & SC_ALGORITHM_RAW_MASK)) {
- sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "raw encryption is not supported");
- return SC_ERROR_NOT_SUPPORTED;
- }
+ if (!(caps & SC_ALGORITHM_RAW_MASK))
+ LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "raw encryption is not supported");
+
*sflags |= (caps & SC_ALGORITHM_RAW_MASK); /* adds in the one raw type */
*pflags = 0;
} else {
- sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "unsupported algorithm");
- return SC_ERROR_NOT_SUPPORTED;
+ LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "unsupported algorithm");
}
- return SC_SUCCESS;
+ sc_log(ctx, "pad flags 0x%X, secure algorithm flags 0x%X", *pflags, *sflags);
+ LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
View
4 src/libopensc/pkcs15-itacns.c
@@ -475,7 +475,7 @@ static int get_name_from_EF_DatiPersonali(unsigned char *EFdata,
static int itacns_add_data_files(sc_pkcs15_card_t *p15card)
{
- const size_t list_size =
+ const size_t array_size =
sizeof(itacns_data_files)/sizeof(itacns_data_files[0]);
unsigned int i;
int rv;
@@ -484,7 +484,7 @@ static int itacns_add_data_files(sc_pkcs15_card_t *p15card)
struct sc_pkcs15_object *objs[32];
struct sc_pkcs15_data_info *cinfo;
- for(i=0; i < list_size; i++) {
+ for(i=0; i < array_size; i++) {
sc_path_t path;
sc_pkcs15_data_info_t data;
sc_pkcs15_object_t obj;
View
6 src/libopensc/pkcs15-oberthur.c
@@ -582,7 +582,8 @@ sc_pkcs15emu_oberthur_add_pubkey(struct sc_pkcs15_card *p15card,
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add public key: no 'Label'");
len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100;
if (len) {
- len > sizeof(key_obj.label) - 1 ? sizeof(key_obj.label) - 1 : len;
+ if (len > sizeof(key_obj.label) - 1)
+ len = sizeof(key_obj.label) - 1;
memcpy(key_obj.label, info_blob + offs + 2, len);
}
offs += 2 + len;
@@ -651,7 +652,8 @@ sc_pkcs15emu_oberthur_add_cert(struct sc_pkcs15_card *p15card, unsigned int file
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add certificate: no 'CN'");
len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100;
if (len) {
- len > sizeof(cobj.label) - 1 ? sizeof(cobj.label) - 1 : len;
+ if (len > sizeof(cobj.label) - 1)
+ len = sizeof(cobj.label) - 1;
memcpy(cobj.label, info_blob + offs + 2, len);
}
offs += 2 + len;
View
4 src/libopensc/pkcs15-pubkey.c
@@ -308,7 +308,7 @@ int sc_pkcs15_encode_pukdf_entry(sc_context_t *ctx,
}
break;
default:
- /* TODO: -DEE Should add ECC but dont have PKCS15 card with ECC */
+ /* TODO: -DEE Should add ECC but don't have PKCS15 card with ECC */
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unsupported public key type: %X\n", obj->type);
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL);
break;
@@ -941,7 +941,7 @@ int sc_pkcs15_pubkey_from_spki_filename(sc_context_t *ctx,
{
int r;
u8 * buf = NULL;
- size_t buflen;
+ size_t buflen = 0;
sc_pkcs15_pubkey_t * pubkey = NULL;
struct sc_asn1_entry asn1_spki[] = {
{ "PublicKeyInfo",SC_ASN1_CALLBACK, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, 0, sc_pkcs15_pubkey_from_spki, &pubkey},
View
133 src/libopensc/pkcs15-sec.c
@@ -35,11 +35,14 @@ static int select_key_file(struct sc_pkcs15_card *p15card,
const struct sc_pkcs15_prkey_info *prkey,
sc_security_env_t *senv)
{
+ sc_context_t *ctx = p15card->card->ctx;
sc_path_t path, file_id;
int r;
+ LOG_FUNC_CALLED(ctx);
+
if (prkey->path.len < 2)
- return SC_ERROR_INVALID_ARGUMENTS;
+ LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "invalid private key path");
memset(&path, 0, sizeof(sc_path_t));
memset(&file_id, 0, sizeof(sc_path_t));
@@ -60,9 +63,9 @@ static int select_key_file(struct sc_pkcs15_card *p15card,
senv->file_ref = file_id;
senv->flags |= SC_SEC_ENV_FILE_REF_PRESENT;
r = sc_select_file(p15card->card, &path, NULL);
- SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_select_file() failed");
+ LOG_TEST_RET(ctx, r, "sc_select_file() failed");
- return 0;
+ LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
int sc_pkcs15_decipher(struct sc_pkcs15_card *p15card,
@@ -70,14 +73,14 @@ int sc_pkcs15_decipher(struct sc_pkcs15_card *p15card,
unsigned long flags,
const u8 * in, size_t inlen, u8 *out, size_t outlen)
{
+ sc_context_t *ctx = p15card->card->ctx;
int r;
sc_algorithm_info_t *alg_info;
sc_security_env_t senv;
- sc_context_t *ctx = p15card->card->ctx;
const struct sc_pkcs15_prkey_info *prkey = (const struct sc_pkcs15_prkey_info *) obj->data;
unsigned long pad_flags = 0, sec_flags = 0;
- SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
+ LOG_FUNC_CALLED(ctx);
memset(&senv, 0, sizeof(senv));
@@ -87,21 +90,17 @@ int sc_pkcs15_decipher(struct sc_pkcs15_card *p15card,
/* If the key is not native, we can't operate with it. */
if (!prkey->native)
- return SC_ERROR_NOT_SUPPORTED;
+ LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "This key is not native, cannot operate with it");
- if (!(prkey->usage & (SC_PKCS15_PRKEY_USAGE_DECRYPT|SC_PKCS15_PRKEY_USAGE_UNWRAP))) {
- sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "This key cannot be used for decryption\n");
- return SC_ERROR_NOT_ALLOWED;
- }
+ if (!(prkey->usage & (SC_PKCS15_PRKEY_USAGE_DECRYPT|SC_PKCS15_PRKEY_USAGE_UNWRAP)))
+ LOG_TEST_RET(ctx, SC_ERROR_NOT_ALLOWED, "This key cannot be used for decryption");
switch (obj->type) {
case SC_PKCS15_TYPE_PRKEY_RSA:
alg_info = sc_card_find_rsa_alg(p15card->card, prkey->modulus_length);
if (alg_info == NULL) {
- sc_debug(ctx, SC_LOG_DEBUG_NORMAL,
- "Card does not support RSA with key length %d\n",
- prkey->modulus_length);
- return SC_ERROR_NOT_SUPPORTED;
+ sc_log(ctx, "Card does not support RSA with key length %d", prkey->modulus_length);
+ LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
}
senv.algorithm = SC_ALGORITHM_RSA;
break;
@@ -109,22 +108,18 @@ int sc_pkcs15_decipher(struct sc_pkcs15_card *p15card,
case SC_PKCS15_TYPE_PRKEY_GOSTR3410:
alg_info = sc_card_find_gostr3410_alg(p15card->card, prkey->modulus_length);
if (alg_info == NULL) {
- sc_debug(ctx, SC_LOG_DEBUG_NORMAL,
- "Card does not support GOSTR3410 with key length %d\n",
- prkey->modulus_length);
- return SC_ERROR_NOT_SUPPORTED;
+ sc_log(ctx, "Card does not support GOSTR3410 with key length %d", prkey->modulus_length);
+ LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
}
senv.algorithm = SC_ALGORITHM_GOSTR3410;
break;
default:
- sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Key type not supported\n");
- return SC_ERROR_NOT_SUPPORTED;
+ LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED,"Key type not supported");
}
r = sc_get_encoding_flags(ctx, flags, alg_info->flags, &pad_flags, &sec_flags);
- if (r != SC_SUCCESS)
- return r;
+ LOG_TEST_RET(ctx, r, "cannot encode security operation flags");
senv.algorithm_flags = sec_flags;
senv.operation = SC_SEC_OPERATION_DECIPHER;
@@ -138,21 +133,21 @@ int sc_pkcs15_decipher(struct sc_pkcs15_card *p15card,
senv.flags |= SC_SEC_ENV_ALG_PRESENT;
r = sc_lock(p15card->card);
- SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
+ LOG_TEST_RET(ctx, r, "sc_lock() failed");
if (prkey->path.len != 0)
{
r = select_key_file(p15card, prkey, &senv);
if (r < 0) {
sc_unlock(p15card->card);
- SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL,r,"Unable to select private key file");
+ LOG_TEST_RET(ctx, r,"Unable to select private key file");
}
}
r = sc_set_security_env(p15card->card, &senv, 0);
if (r < 0) {
sc_unlock(p15card->card);
- SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "sc_set_security_env() failed");
+ LOG_TEST_RET(ctx, r, "sc_set_security_env() failed");
}
r = sc_decipher(p15card->card, in, inlen, out, outlen);
if (r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) {
@@ -160,16 +155,16 @@ int sc_pkcs15_decipher(struct sc_pkcs15_card *p15card,
r = sc_decipher(p15card->card, in, inlen, out, outlen);
}
sc_unlock(p15card->card);
- SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "sc_decipher() failed");
+ LOG_TEST_RET(ctx, r, "sc_decipher() failed");
/* Strip any padding */
if (pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1) {
size_t s = r;
r = sc_pkcs1_strip_02_padding(out, s, out, &s);
- SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Invalid PKCS#1 padding");
+ LOG_TEST_RET(ctx, r, "Invalid PKCS#1 padding");
}
- return r;
+ LOG_FUNC_RETURN(ctx, r);
}
/* copied from pkcs15-cardos.c */
@@ -183,16 +178,17 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
unsigned long flags, const u8 *in, size_t inlen,
u8 *out, size_t outlen)
{
+ sc_context_t *ctx = p15card->card->ctx;
int r;
sc_security_env_t senv;
- sc_context_t *ctx = p15card->card->ctx;
sc_algorithm_info_t *alg_info;
const struct sc_pkcs15_prkey_info *prkey = (const struct sc_pkcs15_prkey_info *) obj->data;
u8 buf[512], *tmp;
size_t modlen;
unsigned long pad_flags = 0, sec_flags = 0;
- SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
+ LOG_FUNC_CALLED(ctx);
+ sc_log(ctx, "security operation flags 0x%X", flags);
memset(&senv, 0, sizeof(senv));
@@ -200,30 +196,24 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
* it can get value of card specific 'AlgorithmInfo::algRef'. */
memcpy(&senv.supported_algos, &p15card->tokeninfo->supported_algos, sizeof(senv.supported_algos));
- if ((obj->type & SC_PKCS15_TYPE_CLASS_MASK) != SC_PKCS15_TYPE_PRKEY) {
- sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "This is not a private key\n");
- return SC_ERROR_NOT_ALLOWED;
- }
+ if ((obj->type & SC_PKCS15_TYPE_CLASS_MASK) != SC_PKCS15_TYPE_PRKEY)
+ LOG_TEST_RET(ctx, SC_ERROR_NOT_ALLOWED, "This is not a private key");
/* If the key is not native, we can't operate with it. */
if (!prkey->native)
- return SC_ERROR_NOT_SUPPORTED;
+ LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "This key is not native, cannot operate with it");
if (!(prkey->usage & (SC_PKCS15_PRKEY_USAGE_SIGN|SC_PKCS15_PRKEY_USAGE_SIGNRECOVER|
- SC_PKCS15_PRKEY_USAGE_NONREPUDIATION))) {
- sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "This key cannot be used for signing\n");
- return SC_ERROR_NOT_ALLOWED;
- }
+ SC_PKCS15_PRKEY_USAGE_NONREPUDIATION)))
+ LOG_TEST_RET(ctx, SC_ERROR_NOT_ALLOWED, "This key cannot be used for signing");
switch (obj->type) {
case SC_PKCS15_TYPE_PRKEY_RSA:
modlen = prkey->modulus_length / 8;
alg_info = sc_card_find_rsa_alg(p15card->card, prkey->modulus_length);
if (alg_info == NULL) {
- sc_debug(ctx, SC_LOG_DEBUG_NORMAL,
- "Card does not support RSA with key length %d\n",
- prkey->modulus_length);
- return SC_ERROR_NOT_SUPPORTED;
+ sc_log(ctx, "Card does not support RSA with key length %d", prkey->modulus_length);
+ LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
}
senv.flags |= SC_SEC_ENV_ALG_PRESENT;
senv.algorithm = SC_ALGORITHM_RSA;
@@ -233,10 +223,8 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
modlen = (prkey->modulus_length + 7) / 8 * 2;
alg_info = sc_card_find_gostr3410_alg(p15card->card, prkey->modulus_length);
if (alg_info == NULL) {
- sc_debug(ctx, SC_LOG_DEBUG_NORMAL,
- "Card does not support GOSTR3410 with key length %d\n",
- prkey->modulus_length);
- return SC_ERROR_NOT_SUPPORTED;
+ sc_log(ctx, "Card does not support GOSTR3410 with key length %d", prkey->modulus_length);
+ LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
}
senv.flags |= SC_SEC_ENV_ALG_PRESENT;
senv.algorithm = SC_ALGORITHM_GOSTR3410;
@@ -246,10 +234,8 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
modlen = ((prkey->field_length +7) / 8) * 2; /* 2*nLen */
alg_info = sc_card_find_ec_alg(p15card->card, prkey->field_length);
if (alg_info == NULL) {
- sc_debug(ctx, SC_LOG_DEBUG_NORMAL,
- "Card does not support EC with field_size %d\n",
- prkey->field_length);
- return SC_ERROR_NOT_SUPPORTED;
+ sc_log(ctx, "Card does not support EC with field_size %d", prkey->field_length);
+ LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
}
senv.algorithm = SC_ALGORITHM_EC;
senv.flags |= SC_SEC_ENV_ALG_PRESENT;
@@ -259,13 +245,13 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
break;
/* add other crypto types here */
default:
- sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Key type not supported\n");
- return SC_ERROR_NOT_SUPPORTED;
+ LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Key type not supported");
}
/* Probably never happens, but better make sure */
if (inlen > sizeof(buf) || outlen < modlen)
- return SC_ERROR_BUFFER_TOO_SMALL;
+ LOG_FUNC_RETURN(ctx, SC_ERROR_BUFFER_TOO_SMALL);
+
memcpy(buf, in, inlen);
tmp = buf;
@@ -277,18 +263,18 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
key is for signing and decryption, we need to emulate signing */
/* TODO: -DEE assume only RSA keys will ever use _NEED_USAGE */
+ sc_log(ctx, "supported algorithm flags 0x%X, private key usage 0x%X", alg_info->flags, prkey->usage);
if ((alg_info->flags & SC_ALGORITHM_NEED_USAGE) &&
((prkey->usage & USAGE_ANY_SIGN) &&
(prkey->usage & USAGE_ANY_DECIPHER)) ) {
size_t tmplen = sizeof(buf);
if (flags & SC_ALGORITHM_RSA_RAW) {
- return sc_pkcs15_decipher(p15card, obj,flags,
- in, inlen, out, outlen);
- }
- if (modlen > tmplen) {
- sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Buffer too small, needs recompile!\n");
- return SC_ERROR_NOT_ALLOWED;
+ r = sc_pkcs15_decipher(p15card, obj,flags, in, inlen, out, outlen);
+ LOG_FUNC_RETURN(ctx, r);
}
+ if (modlen > tmplen)
+ LOG_TEST_RET(ctx, SC_ERROR_NOT_ALLOWED, "Buffer too small, needs recompile!");
+
r = sc_pkcs1_encode(ctx, flags, in, inlen, buf, &tmplen, modlen);
/* no padding needed - already done */
@@ -296,10 +282,10 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
/* instead use raw rsa */
flags |= SC_ALGORITHM_RSA_RAW;
- SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to add padding");
- r = sc_pkcs15_decipher(p15card, obj,flags, buf, modlen,
- out, outlen);
- return r;
+ LOG_TEST_RET(ctx, r, "Unable to add padding");
+
+ r = sc_pkcs15_decipher(p15card, obj,flags, buf, modlen, out, outlen);
+ LOG_FUNC_RETURN(ctx, r);
}
@@ -309,10 +295,11 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
!(alg_info->flags & (SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_HASH_NONE))) {
unsigned int algo;
size_t tmplen = sizeof(buf);
+
r = sc_pkcs1_strip_digest_info_prefix(&algo, tmp, inlen, tmp, &tmplen);
if (r != SC_SUCCESS || algo == SC_ALGORITHM_RSA_HASH_NONE) {
sc_mem_clear(buf, sizeof(buf));
- return SC_ERROR_INVALID_DATA;
+ LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
}
flags &= ~SC_ALGORITHM_RSA_HASH_NONE;
flags |= algo;
@@ -322,19 +309,21 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
r = sc_get_encoding_flags(ctx, flags, alg_info->flags, &pad_flags, &sec_flags);
if (r != SC_SUCCESS) {
sc_mem_clear(buf, sizeof(buf));
- return r;
+ LOG_FUNC_RETURN(ctx, r);
}
senv.algorithm_flags = sec_flags;
- sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "DEE flags:0x%8.8x alg_info->flags:0x%8.8x pad:0x%8.8x sec:0x%8.8x",
+ sc_log(ctx, "DEE flags:0x%8.8x alg_info->flags:0x%8.8x pad:0x%8.8x sec:0x%8.8x",
flags, alg_info->flags, pad_flags, sec_flags);
/* add the padding bytes (if necessary) */
if (pad_flags != 0) {
size_t tmplen = sizeof(buf);
+
r = sc_pkcs1_encode(ctx, pad_flags, tmp, inlen, tmp, &tmplen, modlen);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to add padding");
+
inlen = tmplen;
} else if ( senv.algorithm == SC_ALGORITHM_RSA &&
(flags & SC_ALGORITHM_RSA_PADS) == SC_ALGORITHM_RSA_PAD_NONE) {
@@ -357,20 +346,20 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
}
r = sc_lock(p15card->card);
- SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
+ LOG_TEST_RET(ctx, r, "sc_lock() failed");
if (prkey->path.len != 0) {
r = select_key_file(p15card, prkey, &senv);
if (r < 0) {
sc_unlock(p15card->card);
- SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL,r,"Unable to select private key file");
+ LOG_TEST_RET(ctx, r,"Unable to select private key file");
}
}
r = sc_set_security_env(p15card->card, &senv, 0);
if (r < 0) {
sc_unlock(p15card->card);
- SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "sc_set_security_env() failed");
+ LOG_TEST_RET(ctx, r, "sc_set_security_env() failed");
}
r = sc_compute_signature(p15card->card, tmp, inlen, out, outlen);
@@ -380,7 +369,7 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
}
sc_mem_clear(buf, sizeof(buf));
sc_unlock(p15card->card);
- SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "sc_compute_signature() failed");
+ LOG_TEST_RET(ctx, r, "sc_compute_signature() failed");
- return r;
+ LOG_FUNC_RETURN(ctx, r);
}
View
8 src/libopensc/pkcs15.c
@@ -254,7 +254,7 @@ static const struct sc_asn1_entry c_asn1_ddo[] = {
{ "odfPath", SC_ASN1_PATH, SC_ASN1_CONS | SC_ASN1_TAG_SEQUENCE, SC_ASN1_OPTIONAL, NULL, NULL },
{ "tokenInfoPath", SC_ASN1_PATH, SC_ASN1_CONS | SC_ASN1_CTX | 0, SC_ASN1_OPTIONAL, NULL, NULL },
{ "unusedPath", SC_ASN1_PATH, SC_ASN1_CONS | SC_ASN1_CTX | 1, SC_ASN1_OPTIONAL, NULL, NULL },
-/* According to PKCS#15 v1.1 here is the place for the future extentions.
+/* According to PKCS#15 v1.1 here is the place for the future extensions.
* The following data are used when ODF record points to the xDF files in a different application.
*/
{ "ddoIIN", SC_ASN1_OCTET_STRING, SC_ASN1_APP | 0x02, SC_ASN1_OPTIONAL, NULL, NULL },
@@ -675,7 +675,7 @@ struct sc_app_info * sc_find_app(struct sc_card *card, struct sc_aid *aid)
return NULL;
if (!aid || !aid->len)
- return card->app[card->app_count - 1];
+ return card->app[0];
for (ii=0; ii < card->app_count; ii++) {
if (card->app[ii]->aid.len != aid->len)
@@ -1487,10 +1487,6 @@ int sc_pkcs15_add_df(struct sc_pkcs15_card *p15card,
{
struct sc_pkcs15_df *p, *newdf;
- for (p = p15card->df_list; p; p = p->next)
- if (p->type == type)
- return 0;
-
newdf = calloc(1, sizeof(struct sc_pkcs15_df));
if (newdf == NULL)
return SC_ERROR_OUT_OF_MEMORY;
View
4 src/libopensc/reader-ctapi.c
@@ -251,8 +251,8 @@ static int ctapi_connect(sc_reader_t *reader)
lr -= 2;
if (lr > SC_MAX_ATR_SIZE)
return SC_ERROR_INTERNAL;
- memcpy(reader->atr, rbuf, lr);
- reader->atr_len = lr;
+ reader->atr.len = lr;
+ memcpy(reader->atr.value, rbuf, lr);
r = _sc_parse_atr(reader);
#if 0
View
4 src/libopensc/reader-openct.c
@@ -204,7 +204,7 @@ openct_reader_connect(sc_reader_t *reader)
}
rc = ct_card_request(data->h, data->slot, 0, NULL,
- reader->atr, sizeof(reader->atr));
+ reader->atr.value, sizeof(reader->atr.value));
if (rc < 0) {
sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL,
"openct_reader_connect read failed: %s\n",
@@ -217,7 +217,7 @@ openct_reader_connect(sc_reader_t *reader)
return SC_ERROR_READER;
}
- reader->atr_len = rc;
+ reader->atr.len = rc;
return SC_SUCCESS;
}
View
15 src/libopensc/reader-pcsc.c
@@ -334,9 +334,9 @@ static int refresh_attributes(sc_reader_t *reader)
} else {
/* Check if the card handle is still valid. If the card changed,
* the handle will be invalid. */
- DWORD readers_len = 0, state, prot, atr_len = SC_MAX_ATR_SIZE;
+ DWORD readers_len = 0, cstate, prot, atr_len = SC_MAX_ATR_SIZE;
unsigned char atr[SC_MAX_ATR_SIZE];
- LONG rv = priv->gpriv->SCardStatus(priv->pcsc_card, NULL, &readers_len, &state, &prot, atr, &atr_len);
+ rv = priv->gpriv->SCardStatus(priv->pcsc_card, NULL, &readers_len, &cstate, &prot, atr, &atr_len);
if (rv == (LONG)SCARD_W_REMOVED_CARD)
reader->flags |= SC_READER_CARD_CHANGED;
}
@@ -751,7 +751,8 @@ static void detect_reader_features(sc_reader_t *reader, SCARDHANDLE card_handle)
PCSC_TLV_STRUCTURE *pcsc_tlv;
LONG rv;
const char *log_disabled = "but it's disabled in configuration file";
-
+ const char *broken_readers[] = {"HP USB Smart Card Keyboard"};
+
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
if (gpriv->SCardControl == NULL)
@@ -814,6 +815,14 @@ static void detect_reader_features(sc_reader_t *reader, SCARDHANDLE card_handle)
}
}
+ /* Ignore advertised pinpad capability on readers known to be broken. Trac #340 */
+ for (i = 0; i < sizeof(broken_readers)/sizeof(broken_readers[0]); i++) {
+ if (strstr(reader->name, broken_readers[i]) && (reader->capabilities & SC_READER_CAP_PIN_PAD)) {
+ sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "%s has a broken pinpad, ignoring", reader->name);
+ reader->capabilities &= ~SC_READER_CAP_PIN_PAD;
+ }
+ }
+
/* Detect display */
if (priv->pin_properties_ioctl) {
rcount = sizeof(rbuf);
View
8 src/pkcs15init/entersafe.profile
@@ -36,11 +36,11 @@ option onepin {
dir-size = 128;
tinfo-size = 128;
unusedspace-size = 128;
- odf-size = 256;
+ odf-size = 512;
aodf-size = 256;
- cdf-size = 512;
- prkdf-size = 256;
- pukdf-size = 256;
+ cdf-size = 2048;
+ prkdf-size = 1024;
+ pukdf-size = 1024;
dodf-size = 256;
info-size = 128;
}
View
12 src/pkcs15init/iasecc.profile
@@ -76,37 +76,37 @@ filesystem {
DF CIA-Adele-AppDF {
type = DF;
exclusive-aid = E8:28:BD:08:0F:D2:50:00:00:04:01:01;
- profile-extention = "ias_adele_admin1";
+ profile-extension = "ias_adele_admin1";
}
DF AdeleAdmin2-AppDF {
type = DF;
exclusive-aid = E8:28:BD:08:0F:D2:50:00:00:04:02:01;
- profile-extention = "ias_adele_admin2";
+ profile-extension = "ias_adele_admin2";
}
DF AdeleCommon-AppDF {
type = DF;
exclusive-aid = E8:28:BD:08:0F:D2:50:00:00:04:03:01;
- profile-extention = "ias_adele_common";
+ profile-extension = "ias_adele_common";
}
DF ECCeID-AppDF {
type = DF;
exclusive-aid = E8:28:BD:08:0F:D2:50:45:43:43:2D:65:49:44;
- profile-extention = "iasecc_admin_eid";
+ profile-extension = "iasecc_admin_eid";
}
DF ECCGeneric-AppDF {
type = DF;
exclusive-aid = E8:28:BD:08:0F:D2:50:47:65:6E:65:72:69:63;
- profile-extention = "iasecc_generic_pki";
+ profile-extension = "iasecc_generic_pki";
}
DF ECCGenericOberthur-AppDF {
type = DF;
exclusive-aid = E8:28:BD:08:0F:F2:50:4F:54:20:41:57:50;
- profile-extention = "iasecc_generic_oberthur";
+ profile-extension = "iasecc_generic_oberthur";
}
}
}
View
2  src/pkcs15init/pkcs15-iasecc.c
@@ -58,7 +58,7 @@
int iasecc_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_file *df);
-void
+static void
iasecc_reference_to_pkcs15_id (unsigned int ref, struct sc_pkcs15_id *id)
{
int ii, sz;
View
13 src/pkcs15init/pkcs15-lib.c
@@ -1336,7 +1336,6 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card,
LOG_TEST_RET(ctx, r, "Card specific 'store key' failed");
} else {
struct sc_pkcs15_der encoded, wrapped, *der = &encoded;
- struct sc_context *ctx = p15card->card->ctx;
/* DER encode the private key */
encoded.value = wrapped.value = NULL;
@@ -1934,7 +1933,7 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
static u8 dmp1[256], dmq1[256], iqmp[256];
RSA *rsa;
BIGNUM *aux;
- BN_CTX *ctx;
+ BN_CTX *bn_ctx;
rsa = RSA_new();
rsa->n = BN_bin2bn(key->modulus.data, key->modulus.len, NULL);
@@ -1950,18 +1949,18 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
rsa->iqmp = BN_new();
aux = BN_new();
- ctx = BN_CTX_new();
+ bn_ctx = BN_CTX_new();
BN_sub(aux, rsa->q, BN_value_one());
- BN_mod(rsa->dmq1, rsa->d, aux, ctx);
+ BN_mod(rsa->dmq1, rsa->d, aux, bn_ctx);
BN_sub(aux, rsa->p, BN_value_one());
- BN_mod(rsa->dmp1, rsa->d, aux, ctx);
+ BN_mod(rsa->dmp1, rsa->d, aux, bn_ctx);
- BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, ctx);
+ BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, bn_ctx);
BN_clear_free(aux);
- BN_CTX_free(ctx);
+ BN_CTX_free(bn_ctx);
/* Not thread safe, but much better than a memory leak */
GETBN(key->dmp1, rsa->dmp1, dmp1);
View
2  src/pkcs15init/pkcs15-oberthur-awp.c
@@ -1,5 +1,5 @@
/*
- * Oberthur AWP extention for PKCS #15 initialization
+ * Oberthur AWP extension for PKCS #15 initialization
*
* Copyright (C) 2010 Viktor Tarasov <viktor.tarasov@opentrust.com>
* Copyright (C) 2002 Juha Yrjola <juha.yrjola@iki.fi>
View
52 src/pkcs15init/profile.c
@@ -214,10 +214,6 @@ static struct {
{ NULL, NULL }
};
-typedef struct pin_info pin_info;
-typedef struct file_info file_info;
-typedef struct auth_info auth_info;
-
static int process_conf(struct sc_profile *, scconf_context *);
static int process_block(struct state *, struct block *,
const char *, scconf_block *);
@@ -233,23 +229,23 @@ static int map_str2int(struct state *, const char *,
static int setstr(char **strp, const char *value);
static void parse_error(struct state *, const char *, ...);
-static file_info * sc_profile_instantiate_file(sc_profile_t *,
+static struct file_info * sc_profile_instantiate_file(sc_profile_t *,
struct file_info *, struct file_info *,
unsigned int);
-static file_info * sc_profile_find_file(struct sc_profile *,
+static struct file_info * sc_profile_find_file(struct sc_profile *,
const sc_path_t *, const char *);
-static file_info * sc_profile_find_file_by_path(
+static struct file_info * sc_profile_find_file_by_path(
struct sc_profile *,
const sc_path_t *);
-static pin_info * new_pin(struct sc_profile *, int);
-static file_info * new_file(struct state *, const char *,
+static struct pin_info * new_pin(struct sc_profile *, int);
+static struct file_info * new_file(struct state *, const char *,
unsigned int);
-static file_info * add_file(sc_profile_t *, const char *,
- sc_file_t *, file_info *);
+static struct file_info * add_file(sc_profile_t *, const char *,
+ sc_file_t *, struct file_info *);
static void free_file_list(struct file_info **);
static void append_file(sc_profile_t *, struct file_info *);
-static auth_info * new_key(struct sc_profile *,
+static struct auth_info * new_key(struct sc_profile *,
unsigned int, unsigned int);
static void set_pin_defaults(struct sc_profile *,
struct pin_info *);
@@ -409,10 +405,10 @@ sc_profile_finish(struct sc_profile *profile, const struct sc_app_info *app_info
sc_log(ctx, "Look for file by path '%s'", sc_print_path(&path));
profile->df_info = sc_profile_find_file_by_path(profile, &path);
sc_log(ctx, "returned DF info %p", profile->df_info);
- if (profile->df_info && profile->df_info->profile_extention) {
- sc_log(ctx, "application profile extention '%s'", profile->df_info->profile_extention);
- if (sc_profile_load(profile, profile->df_info->profile_extention))
- LOG_TEST_RET(ctx, SC_ERROR_INCONSISTENT_PROFILE, "Cannot load application profile extention");
+ if (profile->df_info && profile->df_info->profile_extension) {
+ sc_log(ctx, "application profile extension '%s'", profile->df_info->profile_extension);
+ if (sc_profile_load(profile, profile->df_info->profile_extension))
+ LOG_TEST_RET(ctx, SC_ERROR_INCONSISTENT_PROFILE, "Cannot load application profile extension");
}
}
@@ -627,7 +623,7 @@ sc_profile_add_file(sc_profile_t *profile, const char *name, sc_file_t *file)
{
struct sc_context *ctx = profile->card->ctx;
sc_path_t path = file->path;
- file_info *parent;
+ struct file_info *parent;
LOG_FUNC_CALLED(ctx);
if (!path.len) {
@@ -703,7 +699,7 @@ sc_profile_instantiate_template(sc_profile_t *profile,
*/
assert(base_file->instance);
for (fi = tmpl->ef_list; fi; fi = fi->next) {
- file_info *parent, *instance;
+ struct file_info *parent, *instance;
unsigned int skew = 0;
fi->instance = NULL;
@@ -738,9 +734,9 @@ sc_profile_instantiate_template(sc_profile_t *profile,
return 0;
}
-static file_info *
-sc_profile_instantiate_file(sc_profile_t *profile, file_info *ft,
- file_info *parent, unsigned int skew)
+static struct file_info *
+sc_profile_instantiate_file(sc_profile_t *profile, struct file_info *ft,
+ struct file_info *parent, unsigned int skew)
{