static int sc_pkcs15emu_sc_hsm_read_tokeninfo (sc_pkcs15_card_t * p15card)
{
sc_card_t *card = p15card->card;
int r;
u8 efbin[512];
size_t len;
LOG_FUNC_CALLED(card->ctx);
/* Read token info */
len = sizeof efbin;
r = read_file(p15card, (u8 *) "\x2F\x03", efbin, &len);
LOG_TEST_RET(card->ctx, r, "Could not read EF.TokenInfo");
r = sc_pkcs15_parse_tokeninfo(card->ctx, p15card->tokeninfo, efbin, r);
LOG_TEST_RET(card->ctx, r, "Could not decode EF.TokenInfo");
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
}
static int sc_pkcs15emu_sc_hsm_read_tokeninfo (sc_pkcs15_card_t * p15card)
{
sc_card_t *card = p15card->card;
sc_path_t path;
int r;
u8 efbin[512];
LOG_FUNC_CALLED(card->ctx);
/* Read token info */
sc_path_set(&path, SC_PATH_TYPE_FILE_ID, (u8 *) "\x2F\x03", 2, 0, 0);
r = sc_select_file(card, &path, NULL);
LOG_TEST_RET(card->ctx, r, "Could not select EF.TokenInfo");
r = sc_read_binary(p15card->card, 0, efbin, sizeof(efbin), 0);
LOG_TEST_RET(card->ctx, r, "Could not read EF.TokenInfo");
r = sc_pkcs15_parse_tokeninfo(card->ctx, p15card->tokeninfo, efbin, r);
LOG_TEST_RET(card->ctx, r, "Could not decode EF.TokenInfo");
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
}
static int sc_pkcs15emu_pteid_init(sc_pkcs15_card_t * p15card)
{
int r, i, type;
unsigned char *buf = NULL;
size_t len;
sc_pkcs15_tokeninfo_t tokeninfo;
sc_path_t tmppath;
sc_card_t *card = p15card->card;
sc_context_t *ctx = card->ctx;
/* Parse the TokenInfo EF */
sc_format_path("3f004f005032", &tmppath);
r = sc_select_file(card, &tmppath, &p15card->file_tokeninfo);
if (r)
goto end;
if ( (len = p15card->file_tokeninfo->size) == 0) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "EF(TokenInfo) is empty\n");
goto end;
}
buf = malloc(len);
if (buf == NULL)
return SC_ERROR_OUT_OF_MEMORY;
r = sc_read_binary(card, 0, buf, len, 0);
if (r < 0)
goto end;
if (r <= 2) {
r = SC_ERROR_PKCS15_APP_NOT_FOUND;
goto end;
}
memset(&tokeninfo, 0, sizeof(tokeninfo));
r = sc_pkcs15_parse_tokeninfo(ctx, &tokeninfo, buf, (size_t) r);
if (r != SC_SUCCESS)
goto end;
*(p15card->tokeninfo) = tokeninfo;
/* Card type detection */
if (card->type == SC_CARD_TYPE_IAS_PTEID)
type = IAS_CARD;
else if (card->type == SC_CARD_TYPE_GEMSAFEV1_PTEID)
type = GEMSAFE_CARD;
else {
r = SC_ERROR_INTERNAL;
goto end;
}
p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION
| SC_PKCS15_TOKEN_EID_COMPLIANT
| SC_PKCS15_TOKEN_READONLY;
/* TODO: Use the cardholder's name? */
/* TODO: Use Portuguese descriptions? */
/* Add X.509 Certificates */
for (i = 0; i < 4; i++) {
static const char *pteid_cert_names[4] = {
"AUTHENTICATION CERTIFICATE",
"SIGNATURE CERTIFICATE",
"SIGNATURE SUB CA",
"AUTHENTICATION SUB CA"
};
/* X.509 Certificate Paths */
static const char *pteid_cert_paths[4] = {
"3f005f00ef09", /* Authentication Certificate path */
"3f005f00ef08", /* Digital Signature Certificate path */
"3f005f00ef0f", /* Signature sub CA path */
"3f005f00ef10" /* Authentication sub CA path */
};
/* X.509 Certificate IDs */
static const int pteid_cert_ids[4] = {0x45, 0x46, 0x51, 0x52};
struct sc_pkcs15_cert_info cert_info;
struct sc_pkcs15_object cert_obj;
memset(&cert_info, 0, sizeof(cert_info));
memset(&cert_obj, 0, sizeof(cert_obj));
cert_info.id.value[0] = pteid_cert_ids[i];
cert_info.id.len = 1;
sc_format_path(pteid_cert_paths[i], &cert_info.path);
strlcpy(cert_obj.label, pteid_cert_names[i], sizeof(cert_obj.label));
r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
if (r < 0) {
r = SC_ERROR_INTERNAL;
goto end;
}
}
/* Add PINs */
for (i = 0; i < 3; i++) {
static const char *pteid_pin_names[3] = {
"Auth PIN",
"Sign PIN",
"Address PIN"
};
/* PIN References */
static const int pteid_pin_ref[2][3] = { {1, 130, 131}, {129, 130, 131} };
/* PIN Authentication IDs */
static const int pteid_pin_authid[3] = {1, 2, 3};
/* PIN Paths */
static const char *pteid_pin_paths[2][3] = { {NULL, "3f005f00", "3f005f00"},
{NULL, NULL, NULL} };
struct sc_pkcs15_auth_info pin_info;
struct sc_pkcs15_object pin_obj;
memset(&pin_info, 0, sizeof(pin_info));
memset(&pin_obj, 0, sizeof(pin_obj));
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
pin_info.auth_id.len = 1;
pin_info.auth_id.value[0] = pteid_pin_authid[i];
pin_info.attrs.pin.reference = pteid_pin_ref[type][i];
pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_NEEDS_PADDING
| SC_PKCS15_PIN_FLAG_INITIALIZED
| SC_PKCS15_PIN_FLAG_CASE_SENSITIVE;
pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
pin_info.attrs.pin.min_length = 4;
pin_info.attrs.pin.stored_length = 8;
pin_info.attrs.pin.max_length = 8;
pin_info.attrs.pin.pad_char = type == IAS_CARD ? 0x2F : 0xFF;
pin_info.tries_left = -1;
if (pteid_pin_paths[type][i] != NULL)
sc_format_path(pteid_pin_paths[type][i], &pin_info.path);
strlcpy(pin_obj.label, pteid_pin_names[i], sizeof(pin_obj.label));
pin_obj.flags = 0;
r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info);
if (r < 0) {
r = SC_ERROR_INTERNAL;
goto end;
}
}
/* Add Private Keys */
for (i = 0; i < 2; i++) {
/* Key reference */
static const int pteid_prkey_keyref[2][2] = { {1, 130}, {2, 1} };
/* RSA Private Key usage */
static int pteid_prkey_usage[2] = {
SC_PKCS15_PRKEY_USAGE_SIGN,
SC_PKCS15_PRKEY_USAGE_NONREPUDIATION};
/* RSA Private Key IDs */
static const int pteid_prkey_ids[2] = {0x45, 0x46};
static const char *pteid_prkey_names[2] = {
"CITIZEN AUTHENTICATION KEY",
"CITIZEN SIGNATURE KEY"};
/* RSA Private Key Paths */
static const char *pteid_prkey_paths[2][2] = { {NULL, "3f005f00"}, {NULL, NULL} };
struct sc_pkcs15_prkey_info prkey_info;
struct sc_pkcs15_object prkey_obj;
memset(&prkey_info, 0, sizeof(prkey_info));
memset(&prkey_obj, 0, sizeof(prkey_obj));
prkey_info.id.len = 1;
prkey_info.id.value[0] = pteid_prkey_ids[i];
prkey_info.usage = pteid_prkey_usage[i];
prkey_info.native = 1;
prkey_info.key_reference = pteid_prkey_keyref[type][i];
prkey_info.modulus_length = 1024;
if (pteid_prkey_paths[type][i] != NULL)
sc_format_path(pteid_prkey_paths[type][i], &prkey_info.path);
strlcpy(prkey_obj.label, pteid_prkey_names[i], sizeof(prkey_obj.label));
prkey_obj.auth_id.len = 1;
prkey_obj.auth_id.value[0] = i + 1;
prkey_obj.user_consent = (i == 1) ? 1 : 0;
prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE;
r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info);
if (r < 0) {
r = SC_ERROR_INTERNAL;
goto end;
}
}
/* Add objects */
for (i = 0; i < 3; i++) {
static const char *object_ids[3] = {"1", "2", "3"};
static const char *object_oids[3] = {"-1", "-1", "-1"};
static const char *object_labels[3] = {"Citizen Data",
"Citizen Address Data",
"Citizen Notepad"};
static const char *object_authids[3] = {NULL, "3", "1"};
static const char *object_paths[3] = {"3f005f00ef02",
"3f005f00ef05",
"3f005f00ef07"};
static const int object_flags[3] = {0,
SC_PKCS15_CO_FLAG_PRIVATE,
SC_PKCS15_CO_FLAG_MODIFIABLE};
struct sc_pkcs15_data_info obj_info;
struct sc_pkcs15_object obj_obj;
memset(&obj_info, 0, sizeof(obj_info));
memset(&obj_obj, 0, sizeof(obj_obj));
sc_pkcs15_format_id(object_ids[i], &obj_info.id);
sc_format_path(object_paths[i], &obj_info.path);
r = sc_format_oid(&obj_info.app_oid, object_oids[i]);
if (r != SC_SUCCESS)
goto end;
strlcpy(obj_info.app_label, object_labels[i], SC_PKCS15_MAX_LABEL_SIZE);
if (object_authids[i] != NULL)
sc_pkcs15_format_id(object_authids[i], &obj_obj.auth_id);
strlcpy(obj_obj.label, object_labels[i], SC_PKCS15_MAX_LABEL_SIZE);
obj_obj.flags = object_flags[i];
r = sc_pkcs15emu_object_add(p15card, SC_PKCS15_TYPE_DATA_OBJECT, &obj_obj, &obj_info);
if (r < 0)
goto end;
}
end:
if (buf != NULL) {
free(buf);
buf = NULL;
}
if (r)
return r;
return SC_SUCCESS;
}
static int sc_pkcs15emu_dnie_init(sc_pkcs15_card_t * p15card)
{
u8 buf[1024];
sc_pkcs15_df_t *df;
sc_pkcs15_object_t *p15_obj;
size_t len = sizeof(buf);
int rv;
sc_context_t *ctx = p15card->card->ctx;
LOG_FUNC_CALLED(ctx);
/* Check for correct card driver (i.e. iso7816) */
if (strcmp(p15card->card->driver->short_name, "dnie") != 0)
return SC_ERROR_WRONG_CARD;
/* Check for correct card atr */
if (dnie_match_card(p15card->card) != 1)
return SC_ERROR_WRONG_CARD;
/* Set root path of this application */
p15card->file_app = sc_file_new();
sc_format_path("3F00", &p15card->file_app->path);
/* Load TokenInfo */
rv = dump_ef(p15card->card, "3F0050155032", buf, &len);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Reading of EF.TOKENINFO failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
rv = sc_pkcs15_parse_tokeninfo(p15card->card->ctx, p15card->tokeninfo,
buf, len);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Decoding of EF.TOKENINFO failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
/* Only accept the original stuff */
if (strcmp(p15card->tokeninfo->manufacturer_id, "DGP-FNMT") != 0)
LOG_FUNC_RETURN(ctx, SC_ERROR_WRONG_CARD);
/* Load ODF */
rv = dump_ef(p15card->card, "3F0050155031", buf, &len);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Reading of ODF failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
rv = parse_odf(buf, len, p15card);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Decoding of ODF failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
/* Decode EF.PrKDF, EF.PuKDF and EF.CDF */
for (df = p15card->df_list; df != NULL; df = df->next) {
if (df->type == SC_PKCS15_PRKDF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.PrKDF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
if (df->type == SC_PKCS15_PUKDF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.PuKDF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
if (df->type == SC_PKCS15_CDF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.CDF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
if (df->type == SC_PKCS15_DODF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.DODF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
}
/* Perform required fixes */
p15_obj = p15card->obj_list;
while (p15_obj != NULL) {
/* Add missing 'auth_id' to private objects */
if ((p15_obj->flags & SC_PKCS15_CO_FLAG_PRIVATE)
&& (p15_obj->auth_id.len == 0)) {
p15_obj->auth_id.value[0] = 0x01;
p15_obj->auth_id.len = 1;
}
/* Remove found public keys as cannot be read_binary()'d */
if ( p15_obj->df && (p15_obj->df->type == SC_PKCS15_PUKDF) ) {
sc_pkcs15_object_t *puk = p15_obj;
p15_obj = p15_obj->next;
sc_pkcs15_remove_object(p15card, puk);
sc_pkcs15_free_object(puk);
} else {
p15_obj = p15_obj->next;
}
}
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
static int sc_pkcs15_bind_internal(sc_pkcs15_card_t *p15card)
{
unsigned char *buf = NULL;
int err, ok = 0;
size_t len;
sc_path_t tmppath;
sc_card_t *card = p15card->card;
sc_context_t *ctx = card->ctx;
sc_pkcs15_tokeninfo_t tokeninfo;
if (ctx->debug > 4)
sc_debug(ctx, "trying normal pkcs15 processing\n");
/* Enumerate apps now */
if (card->app_count < 0) {
err = sc_enum_apps(card);
if (err < 0 && err != SC_ERROR_FILE_NOT_FOUND) {
sc_error(ctx, "unable to enumerate apps: %s\n", sc_strerror(err));
goto end;
}
}
p15card->file_app = sc_file_new();
if (p15card->file_app == NULL) {
err = SC_ERROR_OUT_OF_MEMORY;
goto end;
}
sc_format_path("3F005015", &p15card->file_app->path);
if (card->app_count > 0) {
const sc_app_info_t *info;
info = sc_find_pkcs15_app(card);
if (info != NULL) {
if (info->path.len)
p15card->file_app->path = info->path;
if (info->ddo != NULL)
parse_ddo(p15card, info->ddo, info->ddo_len);
}
}
/* Check if pkcs15 directory exists */
sc_ctx_suppress_errors_on(card->ctx);
err = sc_select_file(card, &p15card->file_app->path, NULL);
#if 1
/* If the above test failed on cards without EF(DIR),
* try to continue read ODF from 3F005031. -aet
*/
if ((err == SC_ERROR_FILE_NOT_FOUND) &&
(card->app_count < 1)) {
sc_format_path("3F00", &p15card->file_app->path);
err = SC_NO_ERROR;
}
#endif
sc_ctx_suppress_errors_off(card->ctx);
if (err < 0)
goto end;
if (p15card->file_odf == NULL) {
/* check if an ODF is present; suppress errors as we
* don't know yet whether we have a pkcs15 card */
tmppath = p15card->file_app->path;
sc_append_path_id(&tmppath, (const u8 *) "\x50\x31", 2);
sc_ctx_suppress_errors_on(card->ctx);
err = sc_select_file(card, &tmppath, &p15card->file_odf);
sc_ctx_suppress_errors_off(card->ctx);
} else {
tmppath = p15card->file_odf->path;
sc_file_free(p15card->file_odf);
p15card->file_odf = NULL;
err = sc_select_file(card, &tmppath, &p15card->file_odf);
}
if (err != SC_SUCCESS) {
char pbuf[SC_MAX_PATH_STRING_SIZE];
int r = sc_path_print(pbuf, sizeof(pbuf), &tmppath);
if (r != SC_SUCCESS)
pbuf[0] = '\0';
sc_debug(ctx, "EF(ODF) not found in '%s'\n", pbuf);
goto end;
}
if ((len = p15card->file_odf->size) == 0) {
sc_error(card->ctx, "EF(ODF) is empty\n");
goto end;
}
buf = malloc(len);
if(buf == NULL)
return SC_ERROR_OUT_OF_MEMORY;
err = sc_read_binary(card, 0, buf, len, 0);
if (err < 0)
goto end;
if (err < 2) {
err = SC_ERROR_PKCS15_APP_NOT_FOUND;
goto end;
}
len = err;
if (parse_odf(buf, len, p15card)) {
err = SC_ERROR_PKCS15_APP_NOT_FOUND;
sc_error(card->ctx, "Unable to parse ODF\n");
goto end;
}
free(buf);
buf = NULL;
if (card->ctx->debug) {
sc_pkcs15_df_t *df;
sc_debug(card->ctx, "The following DFs were found:\n");
for (df = p15card->df_list; df; df = df->next) {
char pbuf[SC_MAX_PATH_STRING_SIZE];
int r = sc_path_print(pbuf, sizeof(pbuf), &df->path);
if (r != SC_SUCCESS)
pbuf[0] = '\0';
sc_debug(card->ctx,
" DF type %u, path %s, index %u, count %d\n",
df->type, pbuf, df->path.index, df->path.count);
}
}
if (p15card->file_tokeninfo == NULL) {
tmppath = p15card->file_app->path;
sc_append_path_id(&tmppath, (const u8 *) "\x50\x32", 2);
} else {
tmppath = p15card->file_tokeninfo->path;
sc_file_free(p15card->file_tokeninfo);
p15card->file_tokeninfo = NULL;
}
err = sc_select_file(card, &tmppath, &p15card->file_tokeninfo);
if (err)
goto end;
if ((len = p15card->file_tokeninfo->size) == 0) {
sc_error(card->ctx, "EF(TokenInfo) is empty\n");
goto end;
}
buf = malloc(len);
if(buf == NULL)
return SC_ERROR_OUT_OF_MEMORY;
err = sc_read_binary(card, 0, buf, len, 0);
if (err < 0)
goto end;
if (err <= 2) {
err = SC_ERROR_PKCS15_APP_NOT_FOUND;
goto end;
}
memset(&tokeninfo, 0, sizeof(tokeninfo));
err = sc_pkcs15_parse_tokeninfo(ctx, &tokeninfo, buf, (size_t)err);
if (err != SC_SUCCESS)
goto end;
p15card->version = tokeninfo.version;
p15card->label = tokeninfo.label;
p15card->serial_number = tokeninfo.serial_number;
p15card->manufacturer_id = tokeninfo.manufacturer_id;
p15card->last_update = tokeninfo.last_update;
p15card->flags = tokeninfo.flags;
p15card->preferred_language = tokeninfo.preferred_language;
p15card->seInfo = tokeninfo.seInfo;
p15card->num_seInfo = tokeninfo.num_seInfo;
/* for cardos cards initialized by Siemens: sign with decrypt */
if (strcmp(p15card->card->driver->short_name,"cardos") == 0
&& ( strcmp(p15card->manufacturer_id,"Siemens AG (C)") == 0
|| strcmp(p15card->manufacturer_id,"Prime") == 0 ))
p15card->flags |= SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT;
ok = 1;
end:
if(buf != NULL)
free(buf);
if (!ok) {
sc_pkcs15_card_clear(p15card);
return err;
}
return SC_SUCCESS;
}
static int sc_pkcs15emu_pteid_init(sc_pkcs15_card_t * p15card)
{
u8 buf[1024];
sc_pkcs15_df_t *df;
sc_pkcs15_object_t *p15_obj;
sc_path_t path;
struct sc_file *file = NULL;
size_t len;
int rv;
int i;
sc_context_t *ctx = p15card->card->ctx;
LOG_FUNC_CALLED(ctx);
/* Check for correct card atr */
if (pteid_detect_card(p15card->card) != SC_SUCCESS)
return SC_ERROR_WRONG_CARD;
sc_log(p15card->card->ctx, "Selecting application DF");
sc_format_path("4F00", &path);
rv = sc_select_file(p15card->card, &path, &file);
if (rv != SC_SUCCESS || !file)
return SC_ERROR_INTERNAL;
/* set the application DF */
if (p15card->file_app)
free(p15card->file_app);
p15card->file_app = file;
/* Load TokenInfo */
len = sizeof(buf);
rv = dump_ef(p15card->card, "4F005032", buf, &len);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Reading of EF.TOKENINFO failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
memset(p15card->tokeninfo, 0, sizeof(*p15card->tokeninfo));
rv = sc_pkcs15_parse_tokeninfo(p15card->card->ctx, p15card->tokeninfo,
buf, len);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Decoding of EF.TOKENINFO failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
p15card->tokeninfo->flags |= SC_PKCS15_TOKEN_PRN_GENERATION
| SC_PKCS15_TOKEN_EID_COMPLIANT
| SC_PKCS15_TOKEN_READONLY;
/* Load ODF */
len = sizeof(buf);
rv = dump_ef(p15card->card, "4F005031", buf, &len);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Reading of ODF failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
rv = parse_odf(buf, len, p15card);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Decoding of ODF failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
/* Decode EF.PrKDF, EF.PuKDF, EF.CDF and EF.AODF */
for (df = p15card->df_list; df != NULL; df = df->next) {
if (df->type == SC_PKCS15_PRKDF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.PrKDF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
if (df->type == SC_PKCS15_PUKDF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.PuKDF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
if (df->type == SC_PKCS15_CDF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.CDF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
if (df->type == SC_PKCS15_AODF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.AODF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
}
p15_obj = p15card->obj_list;
while (p15_obj != NULL) {
if ( p15_obj->df && (p15_obj->df->type == SC_PKCS15_PRKDF) ) {
struct sc_pkcs15_prkey_info *prkey_info = (sc_pkcs15_prkey_info_t *) p15_obj->data;
prkey_info->access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
p15_obj->flags = SC_PKCS15_CO_FLAG_PRIVATE;
}
if ( p15_obj->df && (p15_obj->df->type == SC_PKCS15_AODF) ) {
static const char *pteid_pin_names[3] = {
"Auth PIN",
"Sign PIN",
"Address PIN"
};
struct sc_pin_cmd_data pin_cmd_data;
struct sc_pkcs15_auth_info *pin_info = (sc_pkcs15_auth_info_t *) p15_obj->data;
strlcpy(p15_obj->label, pteid_pin_names[pin_info->auth_id.value[0]-1], sizeof(p15_obj->label));
pin_info->attrs.pin.flags |= SC_PKCS15_PIN_FLAG_NEEDS_PADDING;
pin_info->tries_left = -1;
pin_info->max_tries = 3;
pin_info->auth_method = SC_AC_CHV;
memset(&pin_cmd_data, 0, sizeof(pin_cmd_data));
pin_cmd_data.cmd = SC_PIN_CMD_GET_INFO;
pin_cmd_data.pin_type = pin_info->attrs.pin.type;
pin_cmd_data.pin_reference = pin_info->attrs.pin.reference;
rv = sc_pin_cmd(p15card->card, &pin_cmd_data, NULL);
if (rv == SC_SUCCESS) {
pin_info->tries_left = pin_cmd_data.pin1.tries_left;
pin_info->logged_in = pin_cmd_data.pin1.logged_in;
}
}
/* Remove found public keys as cannot be read_binary()'d */
if ( p15_obj->df && (p15_obj->df->type == SC_PKCS15_PUKDF) ) {
sc_pkcs15_object_t *puk = p15_obj;
p15_obj = p15_obj->next;
sc_pkcs15_remove_object(p15card, puk);
sc_pkcs15_free_object(puk);
} else {
p15_obj = p15_obj->next;
}
}
/* Add data objects */
for (i = 0; i < 5; i++) {
static const char *object_labels[5] = {
"Trace",
"Citizen Data",
"Citizen Address Data",
"SOd",
"Citizen Notepad",
};
static const char *object_authids[5] = {NULL, NULL, "3", NULL, NULL};
static const char *object_paths[5] = {
"3f000003",
"3f005f00ef02",
"3f005f00ef05",
"3f005f00ef06",
"3f005f00ef07",
};
static const int object_flags[5] = {
0,
0,
SC_PKCS15_CO_FLAG_PRIVATE,
0,
0,
};
struct sc_pkcs15_data_info obj_info;
struct sc_pkcs15_object obj_obj;
memset(&obj_info, 0, sizeof(obj_info));
memset(&obj_obj, 0, sizeof(obj_obj));
sc_format_path(object_paths[i], &obj_info.path);
strlcpy(obj_info.app_label, object_labels[i], SC_PKCS15_MAX_LABEL_SIZE);
if (object_authids[i] != NULL)
sc_pkcs15_format_id(object_authids[i], &obj_obj.auth_id);
strlcpy(obj_obj.label, object_labels[i], SC_PKCS15_MAX_LABEL_SIZE);
obj_obj.flags = object_flags[i];
rv = sc_pkcs15emu_object_add(p15card, SC_PKCS15_TYPE_DATA_OBJECT, &obj_obj, &obj_info);
if (rv != SC_SUCCESS){
sc_log(ctx, "Object add failed: %d", rv);
break;
}
}
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
static int sc_pkcs15emu_dnie_init(sc_pkcs15_card_t * p15card)
{
u8 buf[1024];
sc_pkcs15_df_t *df;
sc_pkcs15_object_t *p15_obj;
size_t len = sizeof(buf);
int rv;
struct sc_pkcs15_cert_info *p15_info = NULL;
sc_context_t *ctx = p15card->card->ctx;
LOG_FUNC_CALLED(ctx);
/* Check for correct card driver (i.e. iso7816) */
if (strcmp(p15card->card->driver->short_name, "dnie") != 0)
return SC_ERROR_WRONG_CARD;
/* Check for correct card atr */
if (dnie_match_card(p15card->card) != 1)
return SC_ERROR_WRONG_CARD;
#ifdef ENABLE_OPENSSL
/* The two keys inside DNIe 3.0 needs login before performing any signature.
* They are CKA_ALWAYS_AUTHENTICATE although they are not tagged like that.
* For the moment caching is forced if 3.0 is detected to make it work properly. */
if (p15card->card->atr.value[15] >= DNIE_30_VERSION) {
p15card->opts.use_pin_cache = 1;
p15card->opts.pin_cache_counter = DNIE_30_CACHE_COUNTER;
sc_log(ctx, "DNIe 3.0 detected - PKCS#15 options reset: use_file_cache=%d use_pin_cache=%d pin_cache_counter=%d pin_cache_ignore_user_consent=%d",
p15card->opts.use_file_cache,
p15card->opts.use_pin_cache,
p15card->opts.pin_cache_counter,
p15card->opts.pin_cache_ignore_user_consent);
}
#endif
/* Set root path of this application */
p15card->file_app = sc_file_new();
sc_format_path("3F00", &p15card->file_app->path);
/* Load TokenInfo */
rv = dump_ef(p15card->card, "3F0050155032", buf, &len);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Reading of EF.TOKENINFO failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
rv = sc_pkcs15_parse_tokeninfo(p15card->card->ctx, p15card->tokeninfo,
buf, len);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Decoding of EF.TOKENINFO failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
/* Only accept the original stuff */
if (strcmp(p15card->tokeninfo->manufacturer_id, "DGP-FNMT") != 0)
LOG_FUNC_RETURN(ctx, SC_ERROR_WRONG_CARD);
/* Load ODF */
rv = dump_ef(p15card->card, "3F0050155031", buf, &len);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Reading of ODF failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
rv = parse_odf(buf, len, p15card);
if (rv != SC_SUCCESS) {
sc_log(ctx, "Decoding of ODF failed: %d", rv);
LOG_FUNC_RETURN(ctx, rv);
}
/* Decode EF.PrKDF, EF.PuKDF and EF.CDF */
for (df = p15card->df_list; df != NULL; df = df->next) {
if (df->type == SC_PKCS15_PRKDF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.PrKDF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
if (df->type == SC_PKCS15_PUKDF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.PuKDF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
if (df->type == SC_PKCS15_CDF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.CDF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
if (df->type == SC_PKCS15_DODF) {
rv = sc_pkcs15_parse_df(p15card, df);
if (rv != SC_SUCCESS) {
sc_log(ctx,
"Decoding of EF.DODF (%s) failed: %d",
sc_print_path(&df->path), rv);
}
}
}
/* Perform required fixes */
p15_obj = p15card->obj_list;
while (p15_obj != NULL) {
/* Add missing 'auth_id' to private objects */
if ((p15_obj->flags & SC_PKCS15_CO_FLAG_PRIVATE)
&& (p15_obj->auth_id.len == 0)) {
p15_obj->auth_id.value[0] = 0x01;
p15_obj->auth_id.len = 1;
};
/* Set path count to -1 for public certificates, as they
will need to be decompressed and read_binary()'d, so
we make sure we end up reading the file->size and not the
path->count which is the compressed size on newer
DNIe versions */
if ( p15_obj->df && (p15_obj->df->type == SC_PKCS15_CDF) ) {
p15_info = (struct sc_pkcs15_cert_info *) p15_obj ->data;
p15_info ->path.count = -1;
}
/* Remove found public keys as cannot be read_binary()'d */
if ( p15_obj->df && (p15_obj->df->type == SC_PKCS15_PUKDF) ) {
sc_pkcs15_object_t *puk = p15_obj;
p15_obj = p15_obj->next;
sc_pkcs15_remove_object(p15card, puk);
sc_pkcs15_free_object(puk);
} else {
p15_obj = p15_obj->next;
}
}
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
