static int sc_pkcs15emu_cac_init(sc_pkcs15_card_t *p15card)
{
static const pindata pins[] = {
{ "1", "PIN", "", 0x00,
SC_PKCS15_PIN_TYPE_ASCII_NUMERIC,
8, 4, 8,
SC_PKCS15_PIN_FLAG_NEEDS_PADDING |
SC_PKCS15_PIN_FLAG_INITIALIZED ,
-1, 0xFF,
SC_PKCS15_CO_FLAG_PRIVATE },
{ NULL, NULL, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0}
};
/* oid for key usage */
static const struct sc_object_id usage_type = {{ 2, 5, 29, 15, -1 }};
unsigned int usage;
/*
* The size of the key or the algid is not really known
* but can be derived from the certificates.
* the cert, pubkey and privkey are a set.
* Key usages bits taken from certificate key usage extension.
*/
int r, i;
sc_card_t *card = p15card->card;
sc_serial_number_t serial;
char buf[SC_MAX_SERIALNR * 2 + 1];
int count;
char *token_name = NULL;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
memset(&serial, 0, sizeof(serial));
/* could read this off card if needed */
p15card->tokeninfo->label = strdup(cac_get_name(card->type));
p15card->tokeninfo->manufacturer_id = strdup(MANU_ID);
/*
* get serial number
*/
r = sc_card_ctl(card, SC_CARDCTL_GET_SERIALNR, &serial);
if (r < 0) {
sc_log(card->ctx, "sc_card_ctl rc=%d",r);
p15card->tokeninfo->serial_number = strdup("00000000");
} else {
sc_bin_to_hex(serial.value, serial.len, buf, sizeof(buf), 0);
p15card->tokeninfo->serial_number = strdup(buf);
}
/* set pins */
/* TODO we should not create PIN objects if it is not initialized
* (opensc-tool -s 0020000000 returns 0x6A 0x88)
*/
sc_log(card->ctx, "CAC adding pins...");
for (i = 0; pins[i].id; i++) {
struct sc_pkcs15_auth_info pin_info;
struct sc_pkcs15_object pin_obj;
const char * label;
memset(&pin_info, 0, sizeof(pin_info));
memset(&pin_obj, 0, sizeof(pin_obj));
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
sc_pkcs15_format_id(pins[i].id, &pin_info.auth_id);
pin_info.attrs.pin.reference = pins[i].ref;
pin_info.attrs.pin.flags = pins[i].flags;
pin_info.attrs.pin.type = pins[i].type;
pin_info.attrs.pin.min_length = pins[i].minlen;
pin_info.attrs.pin.stored_length = pins[i].storedlen;
pin_info.attrs.pin.max_length = pins[i].maxlen;
pin_info.attrs.pin.pad_char = pins[i].pad_char;
sc_format_path(pins[i].path, &pin_info.path);
pin_info.tries_left = -1;
label = pins[i].label;
sc_log(card->ctx, "CAC Adding pin %d label=%s",i, label);
strncpy(pin_obj.label, label, SC_PKCS15_MAX_LABEL_SIZE - 1);
pin_obj.flags = pins[i].obj_flags;
/* get the ACA path in case it needs to be selected before PIN verify */
r = sc_card_ctl(card, SC_CARDCTL_CAC_GET_ACA_PATH, &pin_info.path);
if (r < 0) {
LOG_FUNC_RETURN(card->ctx, r);
}
r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info);
if (r < 0)
LOG_FUNC_RETURN(card->ctx, r);
}
/* set other objects */
r = (card->ops->card_ctl)(card, SC_CARDCTL_CAC_INIT_GET_GENERIC_OBJECTS, &count);
LOG_TEST_RET(card->ctx, r, "Can not initiate generic objects.");
for (i = 0; i < count; i++) {
struct sc_pkcs15_data_info obj_info;
struct sc_pkcs15_object obj_obj;
r = (card->ops->card_ctl)(card, SC_CARDCTL_CAC_GET_NEXT_GENERIC_OBJECT, &obj_info);
if (r < 0)
LOG_FUNC_RETURN(card->ctx, r);
memset(&obj_obj, 0, sizeof(obj_obj));
memcpy(obj_obj.label, obj_info.app_label, sizeof(obj_obj.label));
r = sc_pkcs15emu_object_add(p15card, SC_PKCS15_TYPE_DATA_OBJECT,
&obj_obj, &obj_info);
if (r < 0)
LOG_FUNC_RETURN(card->ctx, r);
}
r = (card->ops->card_ctl)(card, SC_CARDCTL_CAC_FINAL_GET_GENERIC_OBJECTS, &count);
LOG_TEST_RET(card->ctx, r, "Can not finalize generic objects.");
/*
* certs, pubkeys and priv keys are related and we assume
* they are in order
* We need to read the cert, get modulus and keylen
* We use those for the pubkey, and priv key objects.
*/
sc_log(card->ctx, "CAC adding certs, pub and priv keys...");
r = (card->ops->card_ctl)(card, SC_CARDCTL_CAC_INIT_GET_CERT_OBJECTS, &count);
LOG_TEST_RET(card->ctx, r, "Can not initiate cert objects.");
for (i = 0; i < count; i++) {
struct sc_pkcs15_data_info obj_info;
struct sc_pkcs15_cert_info cert_info;
struct sc_pkcs15_pubkey_info pubkey_info;
struct sc_pkcs15_prkey_info prkey_info;
struct sc_pkcs15_object cert_obj;
struct sc_pkcs15_object pubkey_obj;
struct sc_pkcs15_object prkey_obj;
sc_pkcs15_der_t cert_der;
sc_pkcs15_cert_t *cert_out = NULL;
r = (card->ops->card_ctl)(card, SC_CARDCTL_CAC_GET_NEXT_CERT_OBJECT, &obj_info);
LOG_TEST_RET(card->ctx, r, "Can not get next object");
memset(&cert_info, 0, sizeof(cert_info));
memset(&pubkey_info, 0, sizeof(pubkey_info));
memset(&prkey_info, 0, sizeof(prkey_info));
memset(&cert_obj, 0, sizeof(cert_obj));
memset(&pubkey_obj, 0, sizeof(pubkey_obj));
memset(&prkey_obj, 0, sizeof(prkey_obj));
cert_info.id = obj_info.id;
pubkey_info.id = obj_info.id;
prkey_info.id = obj_info.id;
cert_info.path = obj_info.path;
prkey_info.path = obj_info.path;
/* Add 0x3f00 to the front of prkey_info.path to make sc_key_file happy */
/* only do this if our path.len is 1 or 2 */
if (prkey_info.path.len && prkey_info.path.len <= 2) {
prkey_info.path.value[2] = prkey_info.path.value[0];
prkey_info.path.value[3] = prkey_info.path.value[1];
prkey_info.path.value[0] = 0x3f;
prkey_info.path.value[1] = 0x00;
prkey_info.path.len += 2;
}
pubkey_info.native = 1;
pubkey_info.key_reference = ((int)obj_info.id.value[0]) << 8 | obj_info.id.value[1];
prkey_info.key_reference = ((int)obj_info.id.value[0]) << 8 | obj_info.id.value[1];
prkey_info.native = 1;
memcpy(cert_obj.label, obj_info.app_label, sizeof(obj_info.app_label));
memcpy(pubkey_obj.label, obj_info.app_label, sizeof(obj_info.app_label));
memcpy(prkey_obj.label, obj_info.app_label, sizeof(obj_info.app_label));
prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE;
sc_pkcs15_format_id(pins[0].id, &prkey_obj.auth_id);
r = sc_pkcs15_read_file(p15card, &cert_info.path, &cert_der.value, &cert_der.len);
if (r) {
sc_log(card->ctx, "No cert found,i=%d", i);
continue;
}
cert_info.path.count = cert_der.len;
sc_log(card->ctx,
"cert len=%"SC_FORMAT_LEN_SIZE_T"u, cert_info.path.count=%d r=%d\n",
cert_der.len, cert_info.path.count, r);
sc_log_hex(card->ctx, "cert", cert_der.value, cert_der.len);
/* cache it using the PKCS15 emulation objects */
/* as it does not change */
if (cert_der.value) {
cert_info.value.value = cert_der.value;
cert_info.value.len = cert_der.len;
cert_info.path.len = 0; /* use in mem cert from now on */
}
/* following will find the cached cert in cert_info */
r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert_out);
if (r < 0 || cert_out->key == NULL) {
sc_log(card->ctx, "Failed to read/parse the certificate r=%d",r);
if (cert_out != NULL)
sc_pkcs15_free_certificate(cert_out);
continue;
}
r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
if (r < 0) {
sc_log(card->ctx, " Failed to add cert obj r=%d",r);
sc_pkcs15_free_certificate(cert_out);
continue;
}
/* set the token name to the name of the CN of the first certificate */
if (!token_name) {
u8 * cn_name = NULL;
size_t cn_len = 0;
static const struct sc_object_id cn_oid = {{ 2, 5, 4, 3, -1 }};
r = sc_pkcs15_get_name_from_dn(card->ctx, cert_out->subject,
cert_out->subject_len, &cn_oid, &cn_name, &cn_len);
if (r == SC_SUCCESS) {
token_name = malloc (cn_len+1);
if (!token_name) {
free(cn_name);
r = SC_ERROR_OUT_OF_MEMORY;
goto fail;
}
memcpy(token_name, cn_name, cn_len);
free(cn_name);
token_name[cn_len] = 0;
free(p15card->tokeninfo->label);
p15card->tokeninfo->label = token_name;
}
}
r = sc_pkcs15_encode_pubkey_as_spki(card->ctx, cert_out->key, &pubkey_info.direct.spki.value, &pubkey_info.direct.spki.len);
if (r < 0)
goto fail;
pubkey_obj.emulated = cert_out->key;
r = sc_pkcs15_get_bitstring_extension(card->ctx, cert_out, &usage_type, &usage, NULL);
if (r < 0) {
usage = 0xd9ULL; /* basic default usage */
}
cac_map_usage(usage, cert_out->key->algorithm, &pubkey_info.usage, &prkey_info.usage, 1);
sc_log(card->ctx, "cert %s: cert_usage=0x%x, pub_usage=0x%x priv_usage=0x%x\n",
sc_dump_hex(cert_info.id.value, cert_info.id.len),
usage, pubkey_info.usage, prkey_info.usage);
if (cert_out->key->algorithm != SC_ALGORITHM_RSA) {
sc_log(card->ctx, "unsupported key.algorithm %d", cert_out->key->algorithm);
sc_pkcs15_free_certificate(cert_out);
continue;
} else {
pubkey_info.modulus_length = cert_out->key->u.rsa.modulus.len * 8;
prkey_info.modulus_length = cert_out->key->u.rsa.modulus.len * 8;
r = sc_pkcs15emu_add_rsa_pubkey(p15card, &pubkey_obj, &pubkey_info);
sc_log(card->ctx, "adding rsa public key r=%d usage=%x",r, pubkey_info.usage);
if (r < 0)
goto fail;
r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info);
sc_log(card->ctx, "adding rsa private key r=%d usage=%x",r, prkey_info.usage);
}
cert_out->key = NULL;
fail:
sc_pkcs15_free_certificate(cert_out);
if (r < 0)
LOG_FUNC_RETURN(card->ctx, r); /* should not fail */
}
r = (card->ops->card_ctl)(card, SC_CARDCTL_CAC_FINAL_GET_CERT_OBJECTS, &count);
LOG_TEST_RET(card->ctx, r, "Can not finalize cert objects.");
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
}
static int
sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
{
sc_card_t *card = p15card->card;
unsigned char buff[128];
int r, i;
size_t field_length = 0, modulus_length = 0;
sc_path_t tmppath;
set_string (&p15card->tokeninfo->label, "ID-kaart");
set_string (&p15card->tokeninfo->manufacturer_id, "AS Sertifitseerimiskeskus");
/* Select application directory */
sc_format_path ("3f00eeee5044", &tmppath);
r = sc_select_file (card, &tmppath, NULL);
LOG_TEST_RET(card->ctx, r, "select esteid PD failed");
/* read the serial (document number) */
r = sc_read_record (card, SC_ESTEID_PD_DOCUMENT_NR, buff, sizeof(buff), SC_RECORD_BY_REC_NR);
LOG_TEST_RET(card->ctx, r, "read document number failed");
buff[MIN((size_t) r, (sizeof buff)-1)] = '\0';
set_string (&p15card->tokeninfo->serial_number, (const char *) buff);
p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION
| SC_PKCS15_TOKEN_EID_COMPLIANT
| SC_PKCS15_TOKEN_READONLY;
/* add certificates */
for (i = 0; i < 2; i++) {
static const char *esteid_cert_names[2] = {
"Isikutuvastus",
"Allkirjastamine"};
static char const *esteid_cert_paths[2] = {
"3f00eeeeaace",
"3f00eeeeddce"};
static int esteid_cert_ids[2] = {1, 2};
struct sc_pkcs15_cert_info cert_info;
struct sc_pkcs15_object cert_obj;
memset(&cert_info, 0, sizeof(cert_info));
memset(&cert_obj, 0, sizeof(cert_obj));
cert_info.id.value[0] = esteid_cert_ids[i];
cert_info.id.len = 1;
sc_format_path(esteid_cert_paths[i], &cert_info.path);
strlcpy(cert_obj.label, esteid_cert_names[i], sizeof(cert_obj.label));
r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
if (r < 0)
return SC_ERROR_INTERNAL;
if (i != 0)
continue;
sc_pkcs15_cert_t *cert = NULL;
r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert);
if (r < 0)
return SC_ERROR_INTERNAL;
if (cert->key->algorithm == SC_ALGORITHM_EC)
field_length = cert->key->u.ec.params.field_length;
else
modulus_length = cert->key->u.rsa.modulus.len * 8;
static const struct sc_object_id cn_oid = {{ 2, 5, 4, 3, -1 }};
u8 *cn_name = NULL;
size_t cn_len = 0;
sc_pkcs15_get_name_from_dn(card->ctx, cert->subject,
cert->subject_len, &cn_oid, &cn_name, &cn_len);
if (cn_len > 0) {
char *token_name = malloc(cn_len+1);
if (token_name) {
memcpy(token_name, cn_name, cn_len);
token_name[cn_len] = '\0';
set_string(&p15card->tokeninfo->label, (const char*)token_name);
free(token_name);
}
}
free(cn_name);
sc_pkcs15_free_certificate(cert);
}
/* the file with key pin info (tries left) */
sc_format_path ("3f000016", &tmppath);
r = sc_select_file (card, &tmppath, NULL);
if (r < 0)
return SC_ERROR_INTERNAL;
/* add pins */
for (i = 0; i < 3; i++) {
unsigned char tries_left;
static const char *esteid_pin_names[3] = {
"PIN1",
"PIN2",
"PUK" };
static const int esteid_pin_min[3] = {4, 5, 8};
static const int esteid_pin_ref[3] = {1, 2, 0};
static const int esteid_pin_authid[3] = {1, 2, 3};
static const int esteid_pin_flags[3] = {0, 0, SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN};
struct sc_pkcs15_auth_info pin_info;
struct sc_pkcs15_object pin_obj;
memset(&pin_info, 0, sizeof(pin_info));
memset(&pin_obj, 0, sizeof(pin_obj));
/* read the number of tries left for the PIN */
r = sc_read_record (card, i + 1, buff, sizeof(buff), SC_RECORD_BY_REC_NR);
if (r < 0)
return SC_ERROR_INTERNAL;
tries_left = buff[5];
pin_info.auth_id.len = 1;
pin_info.auth_id.value[0] = esteid_pin_authid[i];
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
pin_info.attrs.pin.reference = esteid_pin_ref[i];
pin_info.attrs.pin.flags = esteid_pin_flags[i];
pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
pin_info.attrs.pin.min_length = esteid_pin_min[i];
pin_info.attrs.pin.stored_length = 12;
pin_info.attrs.pin.max_length = 12;
pin_info.attrs.pin.pad_char = '\0';
pin_info.tries_left = (int)tries_left;
pin_info.max_tries = 3;
strlcpy(pin_obj.label, esteid_pin_names[i], sizeof(pin_obj.label));
pin_obj.flags = esteid_pin_flags[i];
/* Link normal PINs with PUK */
if (i < 2) {
pin_obj.auth_id.len = 1;
pin_obj.auth_id.value[0] = 3;
}
r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info);
if (r < 0)
return SC_ERROR_INTERNAL;
}
/* add private keys */
for (i = 0; i < 2; i++) {
static int prkey_pin[2] = {1, 2};
static const char *prkey_name[2] = {
"Isikutuvastus",
"Allkirjastamine"};
struct sc_pkcs15_prkey_info prkey_info;
struct sc_pkcs15_object prkey_obj;
memset(&prkey_info, 0, sizeof(prkey_info));
memset(&prkey_obj, 0, sizeof(prkey_obj));
prkey_info.id.len = 1;
prkey_info.id.value[0] = prkey_pin[i];
prkey_info.native = 1;
prkey_info.key_reference = i + 1;
prkey_info.field_length = field_length;
prkey_info.modulus_length = modulus_length;
if (i == 1)
prkey_info.usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION;
else if(field_length > 0) // ECC has sign and derive usage
prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DERIVE;
else
prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_DECRYPT;
strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label));
prkey_obj.auth_id.len = 1;
prkey_obj.auth_id.value[0] = prkey_pin[i];
prkey_obj.user_consent = 0;
prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE;
if(field_length > 0)
r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info);
else
r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info);
if (r < 0)
return SC_ERROR_INTERNAL;
}
return SC_SUCCESS;
}
static int sc_pkcs15emu_esteid2018_init(sc_pkcs15_card_t *p15card) {
sc_card_t *card = p15card->card;
u8 buff[11];
int r, i;
size_t field_length = 0, taglen, j;
sc_path_t tmppath;
set_string(&p15card->tokeninfo->label, "ID-kaart");
set_string(&p15card->tokeninfo->manufacturer_id, "IDEMIA");
/* Read documber number to be used as serial */
sc_format_path("3F00D003", &tmppath);
LOG_TEST_RET(card->ctx, sc_select_file(card, &tmppath, NULL), "SELECT docnr");
r = sc_read_binary(card, 0, buff, 11, 0);
LOG_TEST_RET(card->ctx, r, "read document number failed");
const unsigned char *tag = sc_asn1_find_tag(card->ctx, buff, (size_t)r, 0x04, &taglen);
if (tag == NULL)
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL);
for (j = 0; j < taglen; j++)
if (!isalnum(tag[j]))
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL);
p15card->tokeninfo->serial_number = malloc(taglen + 1);
if (!p15card->tokeninfo->serial_number)
LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
p15card->tokeninfo->serial_number = memcpy(p15card->tokeninfo->serial_number, tag, taglen);
p15card->tokeninfo->serial_number[taglen] = '\0';
p15card->tokeninfo->flags = SC_PKCS15_TOKEN_READONLY;
/* add certificates */
for (i = 0; i < 2; i++) {
const char *esteid_cert_names[2] = {"Isikutuvastus", "Allkirjastamine"};
const char *esteid_cert_paths[2] = {"3f00:adf1:3401", "3f00:adf2:341f"};
const u8 esteid_cert_ids[2] = {1, 2};
struct sc_pkcs15_cert_info cert_info;
struct sc_pkcs15_object cert_obj;
memset(&cert_info, 0, sizeof(cert_info));
memset(&cert_obj, 0, sizeof(cert_obj));
strlcpy(cert_obj.label, esteid_cert_names[i], sizeof(cert_obj.label));
sc_format_path(esteid_cert_paths[i], &cert_info.path);
cert_info.id.value[0] = esteid_cert_ids[i];
cert_info.id.len = 1;
r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
if (r < 0)
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL);
// Read data from first cert
if (i != 0)
continue;
sc_pkcs15_cert_t *cert = NULL;
r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert);
LOG_TEST_RET(card->ctx, r, "Could not read authentication certificate");
if (cert->key->algorithm == SC_ALGORITHM_EC)
field_length = cert->key->u.ec.params.field_length;
const struct sc_object_id cn_oid = {{2, 5, 4, 3, -1}};
u8 *cn_name = NULL;
size_t cn_len = 0;
sc_pkcs15_get_name_from_dn(card->ctx, cert->subject, cert->subject_len, &cn_oid, &cn_name, &cn_len);
if (cn_len > 0) {
char *token_name = malloc(cn_len + 1);
if (token_name) {
memcpy(token_name, cn_name, cn_len);
token_name[cn_len] = '\0';
set_string(&p15card->tokeninfo->label, (const char *)token_name);
free(token_name);
}
}
free(cn_name);
sc_pkcs15_free_certificate(cert);
}
/* add pins */
for (i = 0; i < 3; i++) {
const char *esteid_pin_names[3] = {"PIN1", "PIN2", "PUK"};
const size_t esteid_pin_min[3] = {4, 5, 8};
const int esteid_pin_ref[3] = {0x01, 0x85, 0x02};
const u8 esteid_pin_authid[3] = {1, 2, 3};
const char *esteid_pin_path[3] = {"3F00", "3F00ADF2", "3F00"};
const unsigned int esteid_pin_flags[3] = {
SC_PKCS15_PIN_FLAG_NEEDS_PADDING | SC_PKCS15_PIN_FLAG_INITIALIZED,
SC_PKCS15_PIN_FLAG_NEEDS_PADDING | SC_PKCS15_PIN_FLAG_INITIALIZED | SC_PKCS15_PIN_FLAG_LOCAL,
SC_PKCS15_PIN_FLAG_NEEDS_PADDING | SC_PKCS15_PIN_FLAG_INITIALIZED | SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN};
struct sc_pkcs15_auth_info pin_info;
struct sc_pkcs15_object pin_obj;
memset(&pin_info, 0, sizeof(pin_info));
memset(&pin_obj, 0, sizeof(pin_obj));
sc_format_path(esteid_pin_path[i], &pin_info.path);
pin_info.auth_id.len = 1;
pin_info.auth_id.value[0] = esteid_pin_authid[i];
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
pin_info.attrs.pin.reference = esteid_pin_ref[i];
pin_info.attrs.pin.flags = esteid_pin_flags[i];
pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
pin_info.attrs.pin.min_length = esteid_pin_min[i];
pin_info.attrs.pin.stored_length = 12;
pin_info.attrs.pin.max_length = 12;
pin_info.attrs.pin.pad_char = 0xFF;
pin_info.tries_left = 3;
pin_info.max_tries = 3;
strlcpy(pin_obj.label, esteid_pin_names[i], sizeof(pin_obj.label));
pin_obj.flags = esteid_pin_flags[i];
/* Link normal PINs with PUK */
if (i < 2) {
pin_obj.auth_id.len = 1;
pin_obj.auth_id.value[0] = 3;
}
r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info);
if (r < 0)
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL);
}
// trigger PIN counter refresh via pin_cmd
struct sc_pkcs15_object *objs[3];
r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH, objs, 3);
if (r != 3) {
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL);
}
for (i = 0; i < r; i++) {
r = sc_pkcs15_get_pin_info(p15card, objs[i]);
if (r < 0)
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL);
}
/* add private keys */
for (i = 0; i < 2; i++) {
const u8 prkey_pin[2] = {1, 2};
const char *prkey_name[2] = {"Isikutuvastus", "Allkirjastamine"};
const char *prkey_path[2] = {"3F00:ADF1", "3F00:ADF2"};
const unsigned int prkey_usage[2] = {SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DERIVE,
SC_PKCS15_PRKEY_USAGE_NONREPUDIATION};
const int prkey_consent[2] = {0, 1};
struct sc_pkcs15_prkey_info prkey_info;
struct sc_pkcs15_object prkey_obj;
memset(&prkey_info, 0, sizeof(prkey_info));
memset(&prkey_obj, 0, sizeof(prkey_obj));
sc_format_path(prkey_path[i], &prkey_info.path);
prkey_info.id.len = 1;
prkey_info.id.value[0] = prkey_pin[i];
prkey_info.native = 1;
prkey_info.key_reference = i + 1;
prkey_info.field_length = field_length;
prkey_info.usage = prkey_usage[i];
strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label));
prkey_obj.auth_id.len = 1;
prkey_obj.auth_id.value[0] = prkey_pin[i];
prkey_obj.user_consent = prkey_consent[i];
prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE;
r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info);
if (r < 0)
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL);
}
return SC_SUCCESS;
}
