static int npa_init(sc_card_t * card)
{
int flags = SC_ALGORITHM_ECDSA_RAW;
int ext_flags = 0;
int r;
if (!card) {
r = SC_ERROR_INVALID_CARD;
goto err;
}
card->caps |= SC_CARD_CAP_APDU_EXT | SC_CARD_CAP_RNG;
/* 1520 bytes is the minimum length of the communication buffer in all
* Chip/OS variants */
card->max_recv_size = 1520;
card->max_send_size = 1520;
#ifdef ENABLE_SM
memset(&card->sm_ctx, 0, sizeof card->sm_ctx);
#endif
r = _sc_card_add_ec_alg(card, 192, flags, ext_flags, NULL);
if (r != SC_SUCCESS)
goto err;
r = _sc_card_add_ec_alg(card, 224, flags, ext_flags, NULL);
if (r != SC_SUCCESS)
goto err;
r = _sc_card_add_ec_alg(card, 256, flags, ext_flags, NULL);
if (r != SC_SUCCESS)
goto err;
/* nPA does not encode the proprietary fieldSize in PrivateECKeyAttributes,
* which leaves it at 0 for OpenSC, so we need to add 0x00 as supported
* field_length */
r = _sc_card_add_ec_alg(card, 0, flags, ext_flags, NULL);
if (r != SC_SUCCESS)
goto err;
card->drv_data = npa_drv_data_create();
if (!card->drv_data) {
npa_finish(card);
r = SC_ERROR_OUT_OF_MEMORY;
goto err;
}
r = npa_load_options(card->ctx, card->drv_data);
if (r != SC_SUCCESS)
goto err;
/* unlock the eSign application for reading the certificates
* by the PKCS#15 layer (i.e. sc_pkcs15_bind_internal) */
if (SC_SUCCESS != npa_unlock_esign(card)) {
sc_log(card->ctx, "Probably not all functionality will be available.\n");
}
err:
return r;
}
static int esteid_init(sc_card_t *card) {
unsigned long flags, ext_flags;
struct esteid_priv_data *priv;
priv = calloc(1, sizeof *priv);
if (!priv)
LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
card->drv_data = priv;
card->max_recv_size = 233; // XXX: empirical, not documented
flags = SC_ALGORITHM_ECDSA_RAW | SC_ALGORITHM_ECDH_CDH_RAW | SC_ALGORITHM_ECDSA_HASH_NONE;
ext_flags = SC_ALGORITHM_EXT_EC_NAMEDCURVE | SC_ALGORITHM_EXT_EC_UNCOMPRESES;
_sc_card_add_ec_alg(card, 384, flags, ext_flags, NULL);
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
}
static int
isoApplet_init(sc_card_t *card)
{
int r;
int i;
unsigned long flags = 0;
unsigned long ext_flags = 0;
size_t rlen = SC_MAX_APDU_BUFFER_SIZE;
u8 rbuf[SC_MAX_APDU_BUFFER_SIZE];
struct isoApplet_drv_data *drvdata;
LOG_FUNC_CALLED(card->ctx);
drvdata=calloc(1, sizeof(*drvdata));
if (!drvdata)
LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
card->drv_data = drvdata;
card->cla = 0x00;
/* Obtain applet version and specific features */
r = isoApplet_select_applet(card, isoApplet_aid, ISOAPPLET_AID_LEN, rbuf, &rlen);
LOG_TEST_RET(card->ctx, r, "Error obtaining applet version.");
if(rlen < 3)
{
assert(sizeof(rbuf) >= 3);
memset(rbuf, 0x00, 3);
}
drvdata->isoapplet_version = ((unsigned int)rbuf[0] << 8) | rbuf[1];
if(rbuf[2] & ISOAPPLET_API_FEATURE_EXT_APDU)
card->caps |= SC_CARD_CAP_APDU_EXT;
if(rbuf[2] & ISOAPPLET_API_FEATURE_SECURE_RANDOM)
card->caps |= SC_CARD_CAP_RNG;
if(drvdata->isoapplet_version <= 0x0005 || rbuf[2] & ISOAPPLET_API_FEATURE_ECC)
{
/* There are Java Cards that do not support ECDSA at all. The IsoApplet
* started to report this with version 00.06.
*
* Curves supported by the pkcs15-init driver are indicated per curve. This
* should be kept in sync with the explicit parameters in the pkcs15-init
* driver. */
flags = 0;
flags |= SC_ALGORITHM_ECDSA_RAW;
flags |= SC_ALGORITHM_ECDSA_HASH_SHA1;
flags |= SC_ALGORITHM_ONBOARD_KEY_GEN;
ext_flags = SC_ALGORITHM_EXT_EC_UNCOMPRESES;
ext_flags |= SC_ALGORITHM_EXT_EC_NAMEDCURVE;
ext_flags |= SC_ALGORITHM_EXT_EC_F_P;
for (i=0; ec_curves[i].oid.value[0] >= 0; i++)
{
if(drvdata->isoapplet_version >= ec_curves[i].min_applet_version)
_sc_card_add_ec_alg(card, ec_curves[i].size, flags, ext_flags, &ec_curves[i].oid);
}
}
/* RSA */
flags = 0;
/* Padding schemes: */
flags |= SC_ALGORITHM_RSA_PAD_PKCS1;
/* Hashes are to be done by the host for RSA */
flags |= SC_ALGORITHM_RSA_HASH_NONE;
/* Key-generation: */
flags |= SC_ALGORITHM_ONBOARD_KEY_GEN;
/* Modulus lengths: */
_sc_card_add_rsa_alg(card, 2048, flags, 0);
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
}
