int bind(sc_pkcs15_card_t * p15card, sc_pkcs15emu_opt_t * options)
{
/* Check for correct card driver (i.e. iso7816) */
if (strcmp(p15card->card->driver->short_name, "dnie") != 0)
return SC_ERROR_WRONG_CARD;
/* Check for correct card */
if (dnie_match_card(p15card->card) != 1)
return SC_ERROR_WRONG_CARD;
return sc_pkcs15emu_dnie_init(p15card);
}
int sc_pkcs15emu_dnie_init_ex(sc_pkcs15_card_t * p15card,
sc_pkcs15emu_opt_t * opts)
{
int r=SC_SUCCESS;
sc_context_t *ctx = p15card->card->ctx;
LOG_FUNC_CALLED(ctx);
/* if no check flag execute unconditionally */
if (opts && opts->flags & SC_PKCS15EMU_FLAGS_NO_CHECK)
LOG_FUNC_RETURN(ctx, sc_pkcs15emu_dnie_init(p15card));
/* check for proper card */
r = dnie_match_card(p15card->card);
if (r == 0)
LOG_FUNC_RETURN(ctx, SC_ERROR_WRONG_CARD);
/* ok: initialize and return */
LOG_FUNC_RETURN(ctx, sc_pkcs15emu_dnie_init(p15card));
}
static int sc_pkcs15emu_dnie_init(sc_pkcs15_card_t * p15card)
{
u8 buf[1024];
sc_pkcs15_df_t *df;
sc_pkcs15_object_t *p15_obj;
size_t len = sizeof(buf);
int rv;
sc_context_t *ctx = p15card->card->ctx;
LOG_FUNC_CALLED(ctx);
/* Check for correct card driver (i.e. iso7816) */
if (strcmp(p15card->card->driver->short_name, "dnie") != 0)
return SC_ERROR_WRONG_CARD;
/* Check for correct card atr */
if (dnie_match_card(p15card->card) != 1)
return SC_ERROR_WRONG_CARD;
/* Set root path of this application */
p15card->file_app = sc_file_new();
sc_format_path("3F00", &p15card->file_app->path);
/* Load TokenInfo */
rv = dump_ef(p15card->card, "3F0050155032", buf, &len);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Reading of EF.TOKENINFO failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
rv = sc_pkcs15_parse_tokeninfo(p15card->card->ctx, p15card->tokeninfo,
buf, len);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Decoding of EF.TOKENINFO failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
/* Only accept the original stuff */
if (strcmp(p15card->tokeninfo->manufacturer_id, "DGP-FNMT") != 0)
LOG_FUNC_RETURN(ctx, SC_ERROR_WRONG_CARD);
/* Load ODF */
rv = dump_ef(p15card->card, "3F0050155031", buf, &len);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Reading of ODF failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
rv = parse_odf(buf, len, p15card);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Decoding of ODF failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
/* Decode EF.PrKDF, EF.PuKDF and EF.CDF */
for (df = p15card->df_list; df != NULL; df = df->next) {
if (df->type == SC_PKCS15_PRKDF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.PrKDF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
if (df->type == SC_PKCS15_PUKDF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.PuKDF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
if (df->type == SC_PKCS15_CDF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.CDF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
if (df->type == SC_PKCS15_DODF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.DODF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
}
/* Perform required fixes */
p15_obj = p15card->obj_list;
while (p15_obj != NULL) {
/* Add missing 'auth_id' to private objects */
if ((p15_obj->flags & SC_PKCS15_CO_FLAG_PRIVATE)
&& (p15_obj->auth_id.len == 0)) {
p15_obj->auth_id.value[0] = 0x01;
p15_obj->auth_id.len = 1;
}
/* Remove found public keys as cannot be read_binary()'d */
if ( p15_obj->df && (p15_obj->df->type == SC_PKCS15_PUKDF) ) {
sc_pkcs15_object_t *puk = p15_obj;
p15_obj = p15_obj->next;
sc_pkcs15_remove_object(p15card, puk);
sc_pkcs15_free_object(puk);
} else {
p15_obj = p15_obj->next;
}
}
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
static int sc_pkcs15emu_dnie_init(sc_pkcs15_card_t * p15card)
{
u8 buf[1024];
sc_pkcs15_df_t *df;
sc_pkcs15_object_t *p15_obj;
size_t len = sizeof(buf);
int rv;
struct sc_pkcs15_cert_info *p15_info = NULL;
sc_context_t *ctx = p15card->card->ctx;
LOG_FUNC_CALLED(ctx);
/* Check for correct card driver (i.e. iso7816) */
if (strcmp(p15card->card->driver->short_name, "dnie") != 0)
return SC_ERROR_WRONG_CARD;
/* Check for correct card atr */
if (dnie_match_card(p15card->card) != 1)
return SC_ERROR_WRONG_CARD;
#ifdef ENABLE_OPENSSL
/* The two keys inside DNIe 3.0 needs login before performing any signature.
* They are CKA_ALWAYS_AUTHENTICATE although they are not tagged like that.
* For the moment caching is forced if 3.0 is detected to make it work properly. */
if (p15card->card->atr.value[15] >= DNIE_30_VERSION) {
p15card->opts.use_pin_cache = 1;
p15card->opts.pin_cache_counter = DNIE_30_CACHE_COUNTER;
sc_log(ctx, "DNIe 3.0 detected - PKCS#15 options reset: use_file_cache=%d use_pin_cache=%d pin_cache_counter=%d pin_cache_ignore_user_consent=%d",
p15card->opts.use_file_cache,
p15card->opts.use_pin_cache,
p15card->opts.pin_cache_counter,
p15card->opts.pin_cache_ignore_user_consent);
}
#endif
/* Set root path of this application */
p15card->file_app = sc_file_new();
sc_format_path("3F00", &p15card->file_app->path);
/* Load TokenInfo */
rv = dump_ef(p15card->card, "3F0050155032", buf, &len);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Reading of EF.TOKENINFO failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
rv = sc_pkcs15_parse_tokeninfo(p15card->card->ctx, p15card->tokeninfo,
buf, len);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Decoding of EF.TOKENINFO failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
/* Only accept the original stuff */
if (strcmp(p15card->tokeninfo->manufacturer_id, "DGP-FNMT") != 0)
LOG_FUNC_RETURN(ctx, SC_ERROR_WRONG_CARD);
/* Load ODF */
rv = dump_ef(p15card->card, "3F0050155031", buf, &len);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Reading of ODF failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
rv = parse_odf(buf, len, p15card);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Decoding of ODF failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
/* Decode EF.PrKDF, EF.PuKDF and EF.CDF */
for (df = p15card->df_list; df != NULL; df = df->next) {
if (df->type == SC_PKCS15_PRKDF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.PrKDF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
if (df->type == SC_PKCS15_PUKDF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.PuKDF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
if (df->type == SC_PKCS15_CDF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.CDF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
if (df->type == SC_PKCS15_DODF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.DODF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
}
/* Perform required fixes */
p15_obj = p15card->obj_list;
while (p15_obj != NULL) {
/* Add missing 'auth_id' to private objects */
if ((p15_obj->flags & SC_PKCS15_CO_FLAG_PRIVATE)
&& (p15_obj->auth_id.len == 0)) {
p15_obj->auth_id.value[0] = 0x01;
p15_obj->auth_id.len = 1;
};
/* Set path count to -1 for public certificates, as they
will need to be decompressed and read_binary()'d, so
we make sure we end up reading the file->size and not the
path->count which is the compressed size on newer
DNIe versions */
if ( p15_obj->df && (p15_obj->df->type == SC_PKCS15_CDF) ) {
p15_info = (struct sc_pkcs15_cert_info *) p15_obj ->data;
p15_info ->path.count = -1;
}
/* Remove found public keys as cannot be read_binary()'d */
if ( p15_obj->df && (p15_obj->df->type == SC_PKCS15_PUKDF) ) {
sc_pkcs15_object_t *puk = p15_obj;
p15_obj = p15_obj->next;
sc_pkcs15_remove_object(p15card, puk);
sc_pkcs15_free_object(puk);
} else {
p15_obj = p15_obj->next;
}
}
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}