/*
* Get 'Initialize Applet' data
* using the ACLs defined in card profile.
*/
static int
myeid_get_init_applet_data(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
unsigned char *data, size_t data_len) {
struct sc_context *ctx = p15card->card->ctx;
struct sc_file *tmp_file = NULL;
const struct sc_acl_entry *entry = NULL;
int r;
LOG_FUNC_CALLED(ctx);
if (data_len < 8)
LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "Cannot get init applet data");
*(data + 0) = 0xFF;
*(data + 1) = 0xFF;
/* MF acls */
sc_file_dup(&tmp_file, profile->mf_info->file);
if (tmp_file == NULL)
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot duplicate MF file");
r = sc_pkcs15init_fixup_file(profile, p15card, tmp_file);
LOG_TEST_RET(ctx, r, "MF fixup failed");
/* AC 'Create DF' and 'Create EF' */
*(data + 2) = 0x00; /* 'NONE' */
entry = sc_file_get_acl_entry(tmp_file, SC_AC_OP_CREATE);
if (entry->method == SC_AC_CHV)
*(data + 2) = entry->key_ref | (entry->key_ref << 4); /* 'CHVx'. */
else if (entry->method == SC_AC_NEVER)
*(data + 2) = 0xFF; /* 'NEVER'. */
/* AC 'INITIALISE APPLET'. */
*(data + 3) = 0x0F; /* 'NONE' */
#ifndef KEEP_AC_NONE_FOR_INIT_APPLET
entry = sc_file_get_acl_entry(tmp_file, SC_AC_OP_DELETE);
if (entry->method == SC_AC_CHV)
*(data + 3) = (entry->key_ref << 4) | 0xF;
else if (entry->method == SC_AC_NEVER)
*(data + 3) = 0xFF;
#endif
*(data + 4) = 0xFF;
sc_file_free(tmp_file);
tmp_file = NULL;
/* Application DF (5015) acls */
sc_file_dup(&tmp_file, profile->df_info->file);
if (tmp_file == NULL)
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot duplicate Application DF file");
r = sc_pkcs15init_fixup_file(profile, p15card, tmp_file);
LOG_TEST_RET(ctx, r, "Application DF fixup failed");
/* AC 'Create DF' and 'Create EF' */
*(data + 5) = 0x00; /* 'NONE' */
entry = sc_file_get_acl_entry(tmp_file, SC_AC_OP_CREATE);
if (entry->method == SC_AC_CHV)
*(data + 5) = entry->key_ref | (entry->key_ref << 4); /* 'CHVx' */
else if (entry->method == SC_AC_NEVER)
*(data + 5) = 0xFF; /* 'NEVER'. */
/* AC 'Self delete' */
*(data + 6) = 0x0F; /* 'NONE' */
entry = sc_file_get_acl_entry(tmp_file, SC_AC_OP_DELETE);
if (entry->method == SC_AC_CHV)
*(data + 6) = (entry->key_ref << 4) | 0xF; /* 'CHVx' */
else if (entry->method == SC_AC_NEVER)
*(data + 6) = 0xFF; /* 'NEVER'. */
*(data + 7) = 0xFF;
sc_file_free(tmp_file);
LOG_FUNC_RETURN(p15card->card->ctx, SC_SUCCESS);
}
/*
* Initialize pin file
*/
static int
gpk_init_pinfile(struct sc_profile *profile, sc_pkcs15_card_t *p15card,
sc_file_t *file)
{
const sc_acl_entry_t *acl;
unsigned char buffer[GPK_MAX_PINS * 8], *blk;
struct sc_file *pinfile;
unsigned int so_attempts[2], user_attempts[2];
unsigned int npins, i, j, cks;
int r;
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
/* Set defaults */
so_attempts[0] = sc_profile_get_pin_retries(profile, SC_PKCS15INIT_SO_PIN);
so_attempts[1] = sc_profile_get_pin_retries(profile, SC_PKCS15INIT_SO_PUK);
user_attempts[0] = sc_profile_get_pin_retries(profile, SC_PKCS15INIT_USER_PIN);
user_attempts[1] = sc_profile_get_pin_retries(profile, SC_PKCS15INIT_USER_PUK);
sc_file_dup(&pinfile, file);
if (pinfile == NULL)
return SC_ERROR_OUT_OF_MEMORY;
/* Create the PIN file. */
acl = sc_file_get_acl_entry(pinfile, SC_AC_OP_WRITE);
if (acl->method != SC_AC_NEVER) {
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
"PIN file most be protected by WRITE=NEVER");
sc_file_free(pinfile);
return SC_ERROR_INVALID_ARGUMENTS;
}
sc_file_add_acl_entry(pinfile, SC_AC_OP_WRITE, SC_AC_NONE, 0);
if (pinfile->size == 0)
pinfile->size = GPK_MAX_PINS * 8;
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Now create file");
/* Now create the file */
if ((r = sc_pkcs15init_create_file(profile, p15card, pinfile)) < 0
|| (r = sc_select_file(p15card->card, &pinfile->path, NULL)) < 0) {
goto out;
}
/* Set up the PIN file contents.
* We assume the file will contain pairs of PINs/PUKs */
npins = pinfile->size / 8;
memset(buffer, 0, sizeof(buffer));
for (i = 0, blk = buffer; i < npins; blk += 8, i += 1) {
/* Determine the number of PIN/PUK presentation
* attempts. If the profile defines a SO PIN,
* it will be stored in the first PIN/PUK pair.
*/
blk[0] = user_attempts[i & 1];
if (i < 2 && so_attempts[0])
blk[0] = so_attempts[i & 1];
if ((i & 1) == 0) {
/* This is a PIN. If there's room in the file,
* the next will be a PUK so take note of the
* unlock code */
if (i + 1 < npins)
blk[2] = GPK_PIN_SCOPE | (i + 1);
}
/* Compute the CKS */
for (j = 0, cks = 0; j < 8; j++)
cks ^= blk[j];
blk[3] = ~cks;
}
r = sc_write_binary(p15card->card, 0, buffer, npins * 8, 0);
if (r >= 0)
r = gpk_lock_pinfile(profile, p15card, pinfile);
out: sc_file_free(pinfile);
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r);
}
static int
jpki_select_file(struct sc_card *card,
const struct sc_path *path, struct sc_file **file_out)
{
struct jpki_private_data *drvdata = JPKI_DRVDATA(card);
int rc;
sc_apdu_t apdu;
struct sc_file *file = NULL;
LOG_FUNC_CALLED(card->ctx);
sc_log(card->ctx,
"jpki_select_file: path=%s, len=%"SC_FORMAT_LEN_SIZE_T"u",
sc_print_path(path), path->len);
if (path->len == 2 && memcmp(path->value, "\x3F\x00", 2) == 0) {
drvdata->selected = SELECT_MF;
if (file_out) {
sc_file_dup(file_out, drvdata->mf);
if (*file_out == NULL) {
LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
}
}
return 0;
}
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xA4, 0, 0);
switch (path->type) {
case SC_PATH_TYPE_FILE_ID:
apdu.p1 = 2;
break;
case SC_PATH_TYPE_DF_NAME:
apdu.p1 = 4;
break;
default:
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS);
}
apdu.p2 = 0x0C;
apdu.data = path->value;
apdu.datalen = path->len;
apdu.lc = path->len;
rc = sc_transmit_apdu(card, &apdu);
LOG_TEST_RET(card->ctx, rc, "APDU transmit failed");
rc = sc_check_sw(card, apdu.sw1, apdu.sw2);
LOG_TEST_RET(card->ctx, rc, "SW Check failed");
if (!file_out) {
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
}
/* read certificate file size */
if (path->len == 2 && (
memcmp(path->value, "\x00\x0A", 2) == 0 ||
memcmp(path->value, "\x00\x01", 2) == 0 ||
memcmp(path->value, "\x00\x0B", 2) == 0 ||
memcmp(path->value, "\x00\x02", 2) == 0 )
) {
u8 buf[4];
rc = sc_read_binary(card, 0, buf, 4, 0);
LOG_TEST_RET(card->ctx, rc, "SW Check failed");
file = sc_file_new();
if (!file) {
LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
}
file->path = *path;
file->size = (buf[2] << 8 | buf[3]) + 4;
*file_out = file;
}
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
}
/*
* Instantiate template
*/
int
sc_profile_instantiate_template(sc_profile_t *profile,
const char *template_name, const sc_path_t *base_path,
const char *file_name, const sc_pkcs15_id_t *id,
sc_file_t **ret)
{
sc_card_t *card = profile->card;
sc_profile_t *tmpl;
sc_template_t *info;
unsigned int idx;
struct file_info *fi, *base_file, *match = NULL;
for (info = profile->template_list; info; info = info->next) {
if (!strcmp(info->name, template_name))
break;
}
if (info == NULL)
return SC_ERROR_TEMPLATE_NOT_FOUND;
tmpl = info->data;
idx = id->value[id->len-1];
for (fi = profile->ef_list; fi; fi = fi->next) {
if (fi->base_template == tmpl
&& fi->inst_index == idx
&& sc_compare_path(&fi->inst_path, base_path)
&& !strcmp(fi->ident, file_name)) {
sc_file_dup(ret, fi->file);
if (*ret == NULL)
return SC_ERROR_OUT_OF_MEMORY;
return 0;
}
}
if (profile->card->ctx->debug >= 2) {
char pbuf[SC_MAX_PATH_STRING_SIZE];
int r = sc_path_print(pbuf, sizeof(pbuf), base_path);
if (r != SC_SUCCESS)
pbuf[0] = '\0';
sc_debug(profile->card->ctx,
"Instantiating template %s at %s", template_name, pbuf);
}
base_file = sc_profile_find_file_by_path(profile, base_path);
if (base_file == NULL) {
char pbuf[SC_MAX_PATH_STRING_SIZE];
int r = sc_path_print(pbuf, sizeof(pbuf), base_path);
if (r != SC_SUCCESS)
pbuf[0] = '\0';
sc_error(card->ctx, "Directory %s not defined in profile", pbuf);
return SC_ERROR_OBJECT_NOT_FOUND;
}
/* This loop relies on the fact that new files are always
* appended to the list, after the parent files they refer to
*/
assert(base_file->instance);
for (fi = tmpl->ef_list; fi; fi = fi->next) {
file_info *parent, *instance;
unsigned int skew = 0;
fi->instance = NULL;
if ((parent = fi->parent) == NULL) {
parent = base_file;
skew = idx;
}
parent = parent->instance;
instance = sc_profile_instantiate_file(profile, fi, parent, skew);
if (instance == NULL)
return SC_ERROR_OUT_OF_MEMORY;
instance->base_template = tmpl;
instance->inst_index = idx;
instance->inst_path = *base_path;
if (!strcmp(instance->ident, file_name))
match = instance;
}
if (match == NULL) {
sc_error(card->ctx, "No file named \"%s\" in template \"%s\"",
file_name, template_name);
return SC_ERROR_OBJECT_NOT_FOUND;
}
sc_file_dup(ret, match->file);
if (*ret == NULL)
return SC_ERROR_OUT_OF_MEMORY;
return 0;
}