static int
load_parameters(sc_context_t *ctx, scconf_block *block, struct _sc_ctx_options *opts)
{
int err = 0;
const scconf_list *list;
const char *val;
int debug;
#ifdef _WIN32
char expanded_val[PATH_MAX];
DWORD expanded_len;
#endif
debug = scconf_get_int(block, "debug", ctx->debug);
if (debug > ctx->debug)
ctx->debug = debug;
val = scconf_get_str(block, "debug_file", NULL);
if (val) {
#ifdef _WIN32
expanded_len = PATH_MAX;
expanded_len = ExpandEnvironmentStringsA(val, expanded_val, expanded_len);
if (0 < expanded_len && expanded_len < sizeof expanded_val)
val = expanded_val;
#endif
sc_ctx_log_to_file(ctx, val);
}
else if (ctx->debug) {
sc_ctx_log_to_file(ctx, NULL);
}
if (scconf_get_bool (block, "disable_popups",
ctx->flags & SC_CTX_FLAG_DISABLE_POPUPS))
ctx->flags |= SC_CTX_FLAG_DISABLE_POPUPS;
if (scconf_get_bool (block, "disable_colors",
ctx->flags & SC_CTX_FLAG_DISABLE_COLORS))
ctx->flags |= SC_CTX_FLAG_DISABLE_COLORS;
if (scconf_get_bool (block, "enable_default_driver",
ctx->flags & SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER))
ctx->flags |= SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER;
list = scconf_find_list(block, "card_drivers");
set_drivers(opts, list);
return err;
}
static int
load_parameters(sc_context_t *ctx, scconf_block *block, struct _sc_ctx_options *opts)
{
int err = 0;
const scconf_list *list;
const char *val, *s_internal = "internal";
int debug;
int reopen;
#ifdef _WIN32
char expanded_val[PATH_MAX];
DWORD expanded_len;
#endif
reopen = scconf_get_bool(block, "reopen_debug_file", 1);
debug = scconf_get_int(block, "debug", ctx->debug);
if (debug > ctx->debug)
ctx->debug = debug;
val = scconf_get_str(block, "debug_file", NULL);
if (val) {
#ifdef _WIN32
expanded_len = PATH_MAX;
expanded_len = ExpandEnvironmentStringsA(val, expanded_val, expanded_len);
if (expanded_len > 0)
val = expanded_val;
#endif
if (reopen)
ctx->debug_filename = strdup(val);
sc_ctx_log_to_file(ctx, val);
}
ctx->paranoid_memory = scconf_get_bool (block, "paranoid-memory",
ctx->paranoid_memory);
ctx->enable_default_driver = scconf_get_bool (block, "enable_default_driver",
ctx->enable_default_driver);
val = scconf_get_str(block, "force_card_driver", NULL);
if (val) {
if (opts->forced_card_driver)
free(opts->forced_card_driver);
opts->forced_card_driver = strdup(val);
}
list = scconf_find_list(block, "card_drivers");
if (list != NULL)
del_drvs(opts);
while (list != NULL) {
if (strcmp(list->data, s_internal) == 0)
add_internal_drvs(opts);
else
add_drv(opts, list->data);
list = list->next;
}
return err;
}
static int do_debug(int argc, char **argv)
{
int i;
if (!argc)
printf("Current debug level is %d\n", ctx->debug);
else {
if (sscanf(argv[0], "%d", &i) != 1)
return -1;
printf("Debug level set to %d\n", i);
ctx->debug = i;
if (i > 1) {
sc_ctx_log_to_file(ctx, "stderr");
}
}
return 0;
}
static int load_parameters(sc_context_t *ctx, scconf_block *block,
struct _sc_ctx_options *opts)
{
int err = 0;
const scconf_list *list;
const char *val, *s_internal = "internal";
const char *debug = NULL;
ctx->debug = scconf_get_int(block, "debug", ctx->debug);
debug = getenv("OPENSC_DEBUG");
if (debug)
ctx->debug = atoi(debug);
val = scconf_get_str(block, "debug_file", NULL);
if (val)
sc_ctx_log_to_file(ctx, val);
val = scconf_get_str(block, "force_card_driver", NULL);
if (val) {
if (opts->forced_card_driver)
free(opts->forced_card_driver);
opts->forced_card_driver = strdup(val);
}
list = scconf_find_list(block, "card_drivers");
if (list != NULL)
del_drvs(opts);
while (list != NULL) {
if (strcmp(list->data, s_internal) == 0)
add_internal_drvs(opts);
else
add_drv(opts, list->data);
list = list->next;
}
return err;
}
int main(int argc, char * const argv[])
{
int err = 0, r, c, long_optind = 0;
int action_count = 0;
int do_initialize = 0;
int do_import_dkek_share = 0;
int do_create_dkek_share = 0;
int do_wrap_key = 0;
int do_unwrap_key = 0;
sc_path_t path;
sc_file_t *file = NULL;
const char *opt_so_pin = NULL;
const char *opt_pin = NULL;
const char *opt_filename = NULL;
char *opt_password = NULL;
int opt_retry_counter = 3;
int opt_dkek_shares = -1;
int opt_key_reference = -1;
int opt_password_shares_threshold = -1;
int opt_password_shares_total = -1;
int opt_force = 0;
int opt_iter = 10000000;
sc_context_param_t ctx_param;
setbuf(stderr, NULL);
setbuf(stdout, NULL);
while (1) {
c = getopt_long(argc, argv, "XC:I:W:U:s:i:fr:wv", options, &long_optind);
if (c == -1)
break;
if (c == '?')
util_print_usage_and_die(app_name, options, option_help, NULL);
switch (c) {
case 'X':
do_initialize = 1;
action_count++;
break;
case 'C':
do_create_dkek_share = 1;
opt_filename = optarg;
action_count++;
break;
case 'I':
do_import_dkek_share = 1;
opt_filename = optarg;
action_count++;
break;
case 'W':
do_wrap_key = 1;
opt_filename = optarg;
action_count++;
break;
case 'U':
do_unwrap_key = 1;
opt_filename = optarg;
action_count++;
break;
case OPT_PASSWORD:
opt_password = optarg;
break;
case OPT_SO_PIN:
opt_so_pin = optarg;
break;
case OPT_PIN:
opt_pin = optarg;
break;
case OPT_RETRY:
opt_retry_counter = atol(optarg);
break;
case OPT_PASSWORD_SHARES_THRESHOLD:
opt_password_shares_threshold = atol(optarg);
break;
case OPT_PASSWORD_SHARES_TOTAL:
opt_password_shares_total = atol(optarg);
break;
case 's':
opt_dkek_shares = atol(optarg);
break;
case 'f':
opt_force = 1;
break;
case 'i':
opt_key_reference = atol(optarg);
break;
case 'r':
opt_reader = optarg;
break;
case 'v':
verbose++;
break;
case 'w':
opt_wait = 1;
break;
}
}
CRYPTO_malloc_init();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
memset(&ctx_param, 0, sizeof(sc_context_param_t));
ctx_param.app_name = app_name;
r = sc_context_create(&ctx, &ctx_param);
if (r != SC_SUCCESS) {
fprintf(stderr, "Failed to establish context: %s\n", sc_strerror(r));
return 1;
}
/* Only change if not in opensc.conf */
if (verbose > 1 && ctx->debug == 0) {
ctx->debug = verbose;
sc_ctx_log_to_file(ctx, "stderr");
}
err = util_connect_card(ctx, &card, opt_reader, opt_wait, verbose);
if (r != SC_SUCCESS) {
fprintf(stderr, "Failed to connect to card: %s\n", sc_strerror(r));
goto end;
}
sc_path_set(&path, SC_PATH_TYPE_DF_NAME, sc_hsm_aid.value, sc_hsm_aid.len, 0, 0);
r = sc_select_file(card, &path, &file);
if (r != SC_SUCCESS) {
fprintf(stderr, "Failed to select application: %s\n", sc_strerror(r));
goto end;
}
if (do_initialize) {
initialize(card, opt_so_pin, opt_pin, opt_retry_counter, opt_dkek_shares);
}
if (do_create_dkek_share) {
create_dkek_share(card, opt_filename, opt_iter, opt_password, opt_password_shares_threshold, opt_password_shares_total);
}
if (do_import_dkek_share) {
import_dkek_share(card, opt_filename, opt_iter, opt_password, opt_password_shares_total);
}
if (do_wrap_key) {
wrap_key(card, opt_key_reference, opt_filename, opt_pin);
}
if (do_unwrap_key) {
unwrap_key(card, opt_key_reference, opt_filename, opt_pin, opt_force);
}
if (action_count == 0) {
print_info(card, file);
}
end:
if (card) {
sc_unlock(card);
sc_disconnect_card(card);
}
if (ctx)
sc_release_context(ctx);
ERR_print_errors_fp(stderr);
return err;
}
static void sc_do_log_va(sc_context_t *ctx, int level, const char *file, int line, const char *func, const char *format, va_list args)
{
char buf[4096], *p;
int r;
size_t left;
#ifdef _WIN32
SYSTEMTIME st;
#else
struct tm *tm;
struct timeval tv;
char time_string[40];
#endif
FILE *outf = NULL;
int n;
if (!ctx || ctx->debug < level)
return;
p = buf;
left = sizeof(buf);
#ifdef _WIN32
GetLocalTime(&st);
r = snprintf(p, left,
"%i-%02i-%02i %02i:%02i:%02i.%03i ",
st.wYear, st.wMonth, st.wDay,
st.wHour, st.wMinute, st.wSecond, st.wMilliseconds);
#else
gettimeofday (&tv, NULL);
tm = localtime (&tv.tv_sec);
strftime (time_string, sizeof(time_string), "%H:%M:%S", tm);
r = snprintf(p, left, "0x%lx %s.%03ld ", (unsigned long)pthread_self(), time_string, (long)tv.tv_usec / 1000);
#endif
p += r;
left -= r;
if (file != NULL) {
r = snprintf(p, left, "[%s] %s:%d:%s: ",
ctx->app_name, file, line, func ? func : "");
if (r < 0 || (unsigned int)r > sizeof(buf))
return;
}
else {
r = 0;
}
p += r;
left -= r;
r = vsnprintf(p, left, format, args);
if (r < 0)
return;
#ifdef _WIN32
if (ctx->debug_filename) {
r = sc_ctx_log_to_file(ctx, ctx->debug_filename);
if (r < 0)
return;
}
#endif
outf = ctx->debug_file;
if (outf == NULL)
return;
fprintf(outf, "%s", buf);
n = strlen(buf);
if (n == 0 || buf[n-1] != '\n')
fprintf(outf, "\n");
fflush(outf);
#ifdef _WIN32
if (ctx->debug_filename) {
if (ctx->debug_file && (ctx->debug_file != stderr && ctx->debug_file != stdout)) {
fclose(ctx->debug_file);
ctx->debug_file = NULL;
}
}
#endif
return;
}
int main(int argc, char * const argv[])
{
int err = 0, r, c, long_optind = 0;
int do_decipher = 0;
int do_sign = 0;
int action_count = 0;
struct sc_pkcs15_object *key;
sc_context_param_t ctx_param;
while (1) {
c = getopt_long(argc, argv, "sck:r:i:o:f:Rp:vw", options, &long_optind);
if (c == -1)
break;
if (c == '?')
util_print_usage_and_die(app_name, options, option_help, NULL);
switch (c) {
case 's':
do_sign++;
action_count++;
break;
case 'c':
do_decipher++;
action_count++;
break;
case 'k':
opt_key_id = optarg;
action_count++;
break;
case 'r':
opt_reader = optarg;
break;
case 'i':
opt_input = optarg;
break;
case 'o':
opt_output = optarg;
break;
case 'f':
opt_sig_format = optarg;
break;
case 'R':
opt_raw = 1;
break;
case OPT_SHA1:
opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_SHA1;
break;
case OPT_SHA256:
opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_SHA256;
break;
case OPT_SHA384:
opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_SHA384;
break;
case OPT_SHA512:
opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_SHA512;
break;
case OPT_SHA224:
opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_SHA224;
break;
case OPT_MD5:
opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_MD5;
break;
case OPT_PKCS1:
opt_crypt_flags |= SC_ALGORITHM_RSA_PAD_PKCS1;
break;
case 'v':
verbose++;
break;
case 'p':
opt_pincode = optarg;
break;
case OPT_BIND_TO_AID:
opt_bind_to_aid = optarg;
break;
case 'w':
opt_wait = 1;
break;
}
}
if (action_count == 0)
util_print_usage_and_die(app_name, options, option_help, NULL);
if (!(opt_crypt_flags & SC_ALGORITHM_RSA_HASHES))
opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_NONE;
memset(&ctx_param, 0, sizeof(ctx_param));
ctx_param.ver = 0;
ctx_param.app_name = app_name;
r = sc_context_create(&ctx, &ctx_param);
if (r) {
fprintf(stderr, "Failed to establish context: %s\n", sc_strerror(r));
return 1;
}
if (verbose > 1) {
ctx->debug = verbose;
sc_ctx_log_to_file(ctx, "stderr");
}
err = util_connect_card(ctx, &card, opt_reader, opt_wait, verbose);
if (err)
goto end;
if (verbose)
fprintf(stderr, "Trying to find a PKCS #15 compatible card...\n");
if (opt_bind_to_aid) {
struct sc_aid aid;
aid.len = sizeof(aid.value);
if (sc_hex_to_bin(opt_bind_to_aid, aid.value, &aid.len)) {
fprintf(stderr, "Invalid AID value: '%s'\n", opt_bind_to_aid);
return 1;
}
r = sc_pkcs15_bind(card, &aid, &p15card);
}
else {
r = sc_pkcs15_bind(card, NULL, &p15card);
}
if (r) {
fprintf(stderr, "PKCS #15 binding failed: %s\n", sc_strerror(r));
err = 1;
goto end;
}
if (verbose)
fprintf(stderr, "Found %s!\n", p15card->tokeninfo->label);
if (do_decipher) {
if ((err = get_key(SC_PKCS15_PRKEY_USAGE_DECRYPT, &key))
|| (err = decipher(key)))
goto end;
action_count--;
}
if (do_sign) {
if ((err = get_key(SC_PKCS15_PRKEY_USAGE_SIGN|
SC_PKCS15_PRKEY_USAGE_SIGNRECOVER|
SC_PKCS15_PRKEY_USAGE_NONREPUDIATION, &key))
|| (err = sign(key)))
goto end;
action_count--;
}
end:
if (p15card)
sc_pkcs15_unbind(p15card);
if (card) {
sc_unlock(card);
sc_disconnect_card(card);
}
if (ctx)
sc_release_context(ctx);
return err;
}
int main(int argc, char **argv)
{
sc_context_t *ctx = NULL;
sc_context_param_t ctx_param;
sc_card_t *card = NULL;
int r;
int argind = 0;
int exit_status = EXIT_SUCCESS;
/* decode options */
argind = decode_options(argc, argv);
/* connect to the card */
memset(&ctx_param, 0, sizeof(ctx_param));
ctx_param.ver = 0;
ctx_param.app_name = app_name;
r = sc_context_create(&ctx, &ctx_param);
if (r) {
util_fatal("failed to establish context: %s\n",
sc_strerror(r));
return EXIT_FAILURE;
}
if (verbose > 1) {
ctx->debug = verbose;
sc_ctx_log_to_file(ctx, "stderr");
}
r = util_connect_card(ctx, &card, opt_reader, opt_wait, verbose);
if (r) {
util_fatal("failed to connect to card: %s\n",
sc_strerror(r));
return EXIT_FAILURE;
}
/* check card type */
if ((card->type != SC_CARD_TYPE_OPENPGP_BASE) &&
(card->type != SC_CARD_TYPE_OPENPGP_V1) &&
(card->type != SC_CARD_TYPE_OPENPGP_V2) &&
(card->type != SC_CARD_TYPE_OPENPGP_V3) &&
(card->type != SC_CARD_TYPE_OPENPGP_GNUK)) {
util_error("not an OpenPGP card");
fprintf(stderr, "Card type %X\n", card->type);
exit_status = EXIT_FAILURE;
goto out;
}
/* fail on too many arguments */
if (argind > argc)
util_print_usage_and_die(app_name, options, option_help, NULL);
/* set default action */
if (!actions)
opt_userinfo = 1;
if (opt_userinfo)
exit_status |= do_userinfo(card);
if (opt_verify && opt_pin) {
exit_status |= do_verify(card, verifytype, pin);
}
if (opt_dump_do) {
exit_status |= do_dump_do(card, 0x0100 + do_dump_idx);
}
if (opt_genkey)
exit_status |= do_genkey(card, key_id, key_len);
if (exec_program) {
char *const largv[] = {exec_program, NULL};
sc_unlock(card);
sc_disconnect_card(card);
sc_release_context(ctx);
#ifndef _WIN32
execv(exec_program, largv);
#else
_execv(exec_program, (const char * const*)largv);
#endif
/* we should not get here */
perror("execv()");
exit(EXIT_FAILURE);
}
if (opt_delkey)
exit_status |= do_delete_key(card, key_id);
if (opt_erase)
exit_status |= do_erase(card);
out:
sc_unlock(card);
sc_disconnect_card(card);
sc_release_context(ctx);
exit(exit_status);
}
static void sc_do_log_va(sc_context_t *ctx, int level, const char *file, int line, const char *func, int color, const char *format, va_list args)
{
char buf[4096];
#ifdef _WIN32
SYSTEMTIME st;
#else
struct tm *tm;
struct timeval tv;
char time_string[40];
#endif
if (!ctx || ctx->debug < level)
return;
#ifdef _WIN32
/* In Windows, file handles can not be shared between DLL-s, each DLL has a
* separate file handle table. Make sure we always have a valid file
* descriptor. */
if (sc_ctx_log_to_file(ctx, ctx->debug_filename) < 0)
return;
#endif
if (ctx->debug_file == NULL)
return;
#ifdef _WIN32
GetLocalTime(&st);
sc_color_fprintf(SC_COLOR_FG_GREEN|SC_COLOR_BOLD,
ctx, ctx->debug_file,
"P:%lu; T:%lu",
(unsigned long)GetCurrentProcessId(),
(unsigned long)GetCurrentThreadId());
sc_color_fprintf(SC_COLOR_FG_GREEN,
ctx, ctx->debug_file,
" %i-%02i-%02i %02i:%02i:%02i.%03i",
st.wYear, st.wMonth, st.wDay,
st.wHour, st.wMinute, st.wSecond, st.wMilliseconds);
#else
sc_color_fprintf(SC_COLOR_FG_GREEN|SC_COLOR_BOLD,
ctx, ctx->debug_file,
"P:%lu; T:0x%lu",
(unsigned long)getpid(),
(unsigned long)pthread_self());
gettimeofday (&tv, NULL);
tm = localtime (&tv.tv_sec);
strftime (time_string, sizeof(time_string), "%H:%M:%S", tm);
sc_color_fprintf(SC_COLOR_FG_GREEN,
ctx, ctx->debug_file,
" %s.%03ld",
time_string,
(long)tv.tv_usec / 1000);
#endif
sc_color_fprintf(SC_COLOR_FG_YELLOW,
ctx, ctx->debug_file,
" [");
sc_color_fprintf(SC_COLOR_FG_YELLOW|SC_COLOR_BOLD,
ctx, ctx->debug_file,
"%s",
ctx->app_name);
sc_color_fprintf(SC_COLOR_FG_YELLOW,
ctx, ctx->debug_file,
"] ");
if (file != NULL) {
sc_color_fprintf(SC_COLOR_FG_YELLOW,
ctx, ctx->debug_file,
"%s:%d:%s: ",
file, line, func ? func : "");
}
if (vsnprintf(buf, sizeof buf, format, args) >= 0) {
sc_color_fprintf(color, ctx, ctx->debug_file, "%s", buf);
if (strlen(buf) == 0 || buf[strlen(buf)-1] != '\n')
sc_color_fprintf(color, ctx, ctx->debug_file, "\n");
}
fflush(ctx->debug_file);
#ifdef _WIN32
if (ctx->debug_file && (ctx->debug_file != stderr && ctx->debug_file != stdout))
fclose(ctx->debug_file);
ctx->debug_file = NULL;
#endif
}
int main(int argc, char *const argv[])
{
int err = 0, r, c, long_optind = 0;
int do_info = 0;
int do_format = 0;
int do_change_startkey = 0;
int do_lifecycle = 0;
int action_count = 0;
const char *opt_driver = NULL;
const char *opt_startkey = NULL;
const char *opt_change_startkey = NULL;
sc_context_param_t ctx_param;
while (1) {
c = getopt_long(argc, argv, "hilfs:r:vdc:wS:", options,
&long_optind);
if (c == -1)
break;
switch (c) {
case 'h':
printf("NB! This tool is only for Siemens CardOS based cards!\n\n");
util_print_usage_and_die(app_name, options, option_help, NULL);
case 'i':
do_info = 1;
action_count++;
break;
case 'f':
do_format = 1;
action_count++;
break;
case 's':
opt_startkey = optarg;
break;
case 'S':
do_change_startkey = 1;
opt_change_startkey = optarg;
action_count++;
break;
case 'r':
opt_reader = optarg;
break;
case 'v':
verbose++;
break;
case 'c':
opt_driver = optarg;
break;
case 'w':
opt_wait = 1;
break;
case 'l':
do_lifecycle = 1;
action_count++;
break;
}
}
/* create sc_context_t object */
memset(&ctx_param, 0, sizeof(ctx_param));
ctx_param.ver = 0;
ctx_param.app_name = app_name;
r = sc_context_create(&ctx, &ctx_param);
if (r) {
fprintf(stderr, "Failed to establish context: %s\n",
sc_strerror(r));
return 1;
}
if (verbose > 1) {
ctx->debug = verbose;
sc_ctx_log_to_file(ctx, "stderr");
}
if (opt_driver != NULL) {
err = sc_set_card_driver(ctx, opt_driver);
if (err) {
fprintf(stderr, "Driver '%s' not found!\n",
opt_driver);
err = 1;
goto end;
}
}
err = util_connect_card(ctx, &card, opt_reader, opt_wait, verbose);
if (err)
goto end;
if (do_info) {
if ((err = cardos_info())) {
goto end;
}
action_count--;
}
if (do_change_startkey) {
if ((err = cardos_change_startkey(opt_change_startkey))) {
goto end;
}
action_count--;
}
if (do_format) {
if ((err = cardos_format(opt_startkey))) {
goto end;
}
action_count--;
}
if (do_lifecycle) {
if ((err = cardos_change_lifecycle())) {
goto end;
}
action_count--;
}
end:
if (card) {
sc_unlock(card);
sc_disconnect_card(card);
}
if (ctx)
sc_release_context(ctx);
return err;
}
int main(int argc, char * const argv[])
{
int err = 0, r, c, long_optind = 0;
int do_list_sdos = 0;
int do_list_apps = 0;
int action_count = 0;
sc_context_param_t ctx_param;
setbuf(stderr, NULL);
setbuf(stdout, NULL);
while (1) {
c = getopt_long(argc, argv, "v", options, &long_optind);
if (c == -1)
break;
if (c == '?')
util_print_usage_and_die(app_name, options, option_help, NULL);
switch (c) {
case OPT_LIST_SDOS:
do_list_sdos = 1;
opt_sdo_tag = optarg;
action_count++;
break;
case OPT_LIST_APPLICATIONS:
do_list_apps = 1;
action_count++;
break;
case OPT_BIND_TO_AID:
opt_bind_to_aid = optarg;
break;
case OPT_READER:
opt_reader = optarg;
break;
case 'v':
verbose++;
break;
}
}
if (action_count == 0)
util_print_usage_and_die(app_name, options, option_help, NULL);
memset(&ctx_param, 0, sizeof(sc_context_param_t));
ctx_param.app_name = app_name;
r = sc_context_create(&ctx, &ctx_param);
if (r != SC_SUCCESS) {
fprintf(stderr, "Failed to establish context: %s\n", sc_strerror(r));
return 1;
}
/* Only change if not in opensc.conf */
if (verbose > 1 && ctx->debug == 0) {
ctx->debug = verbose;
sc_ctx_log_to_file(ctx, "stderr");
}
if (action_count <= 0)
goto end;
err = util_connect_card(ctx, &card, opt_reader, opt_wait, verbose);
if (err)
goto end;
if (opt_bind_to_aid) {
struct sc_aid aid;
aid.len = sizeof(aid.value);
if (sc_hex_to_bin(opt_bind_to_aid, aid.value, &aid.len)) {
fprintf(stderr, "Invalid AID value: '%s'\n", opt_bind_to_aid);
return 1;
}
r = sc_pkcs15_bind(card, &aid, &p15card);
}
else if (!do_list_sdos) {
r = sc_pkcs15_bind(card, NULL, &p15card);
}
if (do_list_sdos) {
if ((err = list_sdos(opt_sdo_tag)))
goto end;
action_count--;
}
if (do_list_apps) {
if ((err = list_apps(stdout)))
goto end;
action_count--;
}
end:
if (p15card)
sc_pkcs15_unbind(p15card);
if (card) {
sc_unlock(card);
sc_disconnect_card(card);
}
if (ctx)
sc_release_context(ctx);
return err;
}
int main(int argc, char *argv[])
{
int r, c, long_optind = 0;
sc_context_param_t ctx_param;
sc_card_t *card = NULL;
sc_context_t *ctx = NULL;
sc_file_t *file = NULL;
sc_path_t path;
RSA *rsa = NULL;
BIGNUM *bn = NULL;
BIO *mem = NULL;
static const char *pin = NULL;
static const char *puk = NULL;
while (1)
{
c = getopt_long(argc, argv, "r:wgol:ix:y:nut:fj:k:hv", \
options, &long_optind);
if (c == -1)
break;
if (c == '?' || c == 'h')
util_print_usage_and_die(app_name, options, option_help, NULL);
switch (c)
{
case 'r':
opt_reader = optarg;
break;
case 'w':
opt_wait = 1;
break;
case 'g':
if(keylen == 0) keylen = 1536;
break;
case 'o':
overwrite = 1;
break;
case 'l':
keylen = atoi(optarg);
break;
case 'i':
install_pin = 1;
break;
case 'x':
util_get_pin(optarg, &pin);
break;
case 'y':
util_get_pin(optarg, &puk);
break;
case 'n':
new_pin = 1;
break;
case 'u':
unlock = 1;
break;
case 't':
cert = optarg;
break;
case 'f':
finalize = 1;
break;
case 'j':
get_filename = optarg;
break;
case 'k':
put_filename = optarg;
break;
case 'v':
verbose++;
break;
}
}
memset(&ctx_param, 0, sizeof(ctx_param));
ctx_param.ver = 0;
ctx_param.app_name = argv[0];
r = sc_context_create(&ctx, &ctx_param);
if (r)
{
printf("Failed to establish context: %s\n", sc_strerror(r));
return 1;
}
if (verbose > 1) {
ctx->debug = verbose;
sc_ctx_log_to_file(ctx, "stderr");
}
if (opt_driver != NULL)
{
r = sc_set_card_driver(ctx, opt_driver);
if (r)
{
printf("Driver '%s' not found!\n", opt_driver);
goto out;
}
}
r = util_connect_card(ctx, &card, opt_reader, opt_wait, 0);
if (r)
goto out;
sc_format_path("3F00", &path);
r = sc_select_file(card, &path, NULL);
if(r) goto out;
if(install_pin)
{
sc_format_path("AAAA", &path);
r = sc_select_file(card, &path, NULL);
if(r)
{
if(r != SC_ERROR_FILE_NOT_FOUND) goto out;
file = sc_file_new();
if(file == NULL)
{
printf("Not enougth memory.\n");
goto out;
}
file->type = SC_FILE_TYPE_INTERNAL_EF;
file->ef_structure = SC_FILE_EF_TRANSPARENT;
file->shareable = 0;
file->id = 0xAAAA;
file->size = 37;
r = sc_file_add_acl_entry(file, SC_AC_OP_READ, SC_AC_NONE, 0);
if(r) goto out;
r = sc_file_add_acl_entry(file, SC_AC_OP_UPDATE, SC_AC_NONE, 0);
if(r) goto out;
r = sc_file_add_acl_entry(file, SC_AC_OP_ERASE, SC_AC_NONE, 0);
if(r) goto out;
/* sc_format_path("3F00AAAA", &(file->path)); */
file->path = path;
r = sc_create_file(card, file);
if(r) goto out;
}
if(pin != NULL)
{
sc_changekey_t ck;
struct sc_pin_cmd_pin pin_cmd;
int ret;
memset(&pin_cmd, 0, sizeof(pin_cmd));
memset(&ck, 0, sizeof(ck));
memcpy(ck.key_template, "\x1e\x00\x00\x10", 4);
pin_cmd.encoding = SC_PIN_ENCODING_GLP;
pin_cmd.len = strlen(pin);
pin_cmd.data = (u8*)pin;
pin_cmd.max_length = 8;
ret = sc_build_pin(ck.new_key.key_value,
sizeof(ck.new_key.key_value), &pin_cmd, 1);
if(ret < 0)
goto out;
ck.new_key.key_len = ret;
r = sc_card_ctl(card, SC_CARDCTL_WESTCOS_CHANGE_KEY, &ck);
if(r) goto out;
}
if(puk != NULL)
{
sc_changekey_t ck;
struct sc_pin_cmd_pin puk_cmd;
int ret;
memset(&puk_cmd, 0, sizeof(puk_cmd));
memset(&ck, 0, sizeof(ck));
memcpy(ck.key_template, "\x1e\x00\x00\x20", 4);
puk_cmd.encoding = SC_PIN_ENCODING_GLP;
puk_cmd.len = strlen(puk);
puk_cmd.data = (u8*)puk;
puk_cmd.max_length = 8;
ret = sc_build_pin(ck.new_key.key_value,
sizeof(ck.new_key.key_value), &puk_cmd, 1);
if(ret < 0)
goto out;
ck.new_key.key_len = ret;
r = sc_card_ctl(card, SC_CARDCTL_WESTCOS_CHANGE_KEY, &ck);
if(r) goto out;
}
}
if(new_pin)
{
if(change_pin(card, 0, pin, puk))
printf("Wrong pin.\n");
goto out;
}
if(unlock)
{
if(unlock_pin(card, 0, puk, pin))
printf("Error unblocking pin.\n");
goto out;
}
printf("verify pin.\n");
{
if(verify_pin(card, 0, pin))
{
printf("Wrong pin.\n");
goto out;
}
}
if(keylen)
{
size_t lg;
struct sc_pkcs15_pubkey key;
struct sc_pkcs15_pubkey_rsa *dst = &(key.u.rsa);
u8 *pdata;
memset(&key, 0, sizeof(key));
key.algorithm = SC_ALGORITHM_RSA;
printf("Generate key of length %d.\n", keylen);
#if OPENSSL_VERSION_NUMBER>=0x00908000L
rsa = RSA_new();
bn = BN_new();
mem = BIO_new(BIO_s_mem());
if(rsa == NULL || bn == NULL || mem == NULL)
{
printf("Not enougth memory.\n");
goto out;
}
if(!BN_set_word(bn, RSA_F4) ||
!RSA_generate_key_ex(rsa, keylen, bn, NULL))
#else
rsa = RSA_generate_key(keylen, RSA_F4, NULL, NULL);
mem = BIO_new(BIO_s_mem());
if(mem == NULL)
{
printf("Not enougth memory.\n");
goto out;
}
if (!rsa)
#endif
{
printf("RSA_generate_key_ex return %ld\n", ERR_get_error());
goto out;
}
RSA_set_method(rsa, RSA_PKCS1_OpenSSL());
if(!i2d_RSAPrivateKey_bio(mem, rsa))
{
printf("i2d_RSAPrivateKey_bio return %ld\n", ERR_get_error());
goto out;
}
lg = BIO_get_mem_data(mem, &pdata);
sc_format_path("0001", &path);
r = sc_select_file(card, &path, NULL);
if(r)
{
if(r != SC_ERROR_FILE_NOT_FOUND) goto out;
file = sc_file_new();
if(file == NULL)
{
printf("Not enougth memory.\n");
goto out;
}
file->type = SC_FILE_TYPE_WORKING_EF;
file->ef_structure = SC_FILE_EF_TRANSPARENT;
file->shareable = 0;
file->size = ((lg/4)+1)*4;
r = sc_file_add_acl_entry(file, SC_AC_OP_READ, SC_AC_CHV, 0);
if(r) goto out;
r = sc_file_add_acl_entry(file, SC_AC_OP_UPDATE, SC_AC_CHV, 0);
if(r) goto out;
r = sc_file_add_acl_entry(file, SC_AC_OP_ERASE, SC_AC_CHV, 0);
if(r) goto out;
file->path = path;
printf("File key creation %s, size %"SC_FORMAT_LEN_SIZE_T"d.\n",
file->path.value,
file->size);
r = sc_create_file(card, file);
if(r) goto out;
}
else
{
if(!overwrite)
{
printf("Key file already exist,"\
" use -o to replace it.\n");
goto out;
}
}
printf("Private key length is %"SC_FORMAT_LEN_SIZE_T"d\n", lg);
printf("Write private key.\n");
r = sc_update_binary(card,0,pdata,lg,0);
if(r<0) goto out;
printf("Private key correctly written.\n");
r = create_file_cert(card);
if(r) goto out;
{
const BIGNUM *rsa_n, *rsa_e;
RSA_get0_key(rsa, &rsa_n, &rsa_e, NULL);
if (!do_convert_bignum(&dst->modulus, rsa_n)
|| !do_convert_bignum(&dst->exponent, rsa_e))
goto out;
}
r = sc_pkcs15_encode_pubkey(ctx, &key, &pdata, &lg);
if(r) goto out;
printf("Public key length %"SC_FORMAT_LEN_SIZE_T"d\n", lg);
sc_format_path("3F000002", &path);
r = sc_select_file(card, &path, NULL);
if(r) goto out;
printf("Write public key.\n");
r = sc_update_binary(card,0,pdata,lg,0);
if(r<0) goto out;
printf("Public key correctly written.\n");
}
if(cert)
{
BIO *bio;
X509 *xp;
u8 *pdata;
bio = BIO_new(BIO_s_file());
if (BIO_read_filename(bio, cert) <= 0)
{
BIO_free(bio);
printf("Can't open file %s.\n", cert);
goto out;
}
xp = PEM_read_bio_X509(bio, NULL, NULL, NULL);
BIO_free(bio);
if (xp == NULL)
{
print_openssl_error();
goto out;
}
else
{
int lg = cert2der(xp, &pdata);
sc_format_path("0002", &path);
r = sc_select_file(card, &path, NULL);
if(r) goto out;
/* FIXME: verify if the file has a compatible size... */
printf("Write certificate %s.\n", cert);
r = sc_update_binary(card,0,pdata,lg,0);
if(r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED)
{
if(verify_pin(card, 0, pin))
{
printf("Wrong pin.\n");
}
else
{
r = sc_update_binary(card,0,pdata,lg,0);
}
}
if(r<0)
{
if(pdata) free(pdata);
goto out;
}
if(xp) X509_free(xp);
if(pdata) free(pdata);
printf("Certificate correctly written.\n");
}
}
if(finalize)
{
int mode = SC_CARDCTRL_LIFECYCLE_USER;
if(card->atr.value[10] != 0x82)
{
sc_format_path("0001", &path);
r = sc_select_file(card, &path, NULL);
if(r)
{
printf("This card don't have private key"\
" and can't be finalize.\n");
goto out;
}
printf("Finalize card...\n");
if(sc_card_ctl(card, SC_CARDCTL_WESTCOS_AUT_KEY, NULL) ||
sc_card_ctl(card, SC_CARDCTL_LIFECYCLE_SET, &mode))
{
printf("Error finalizing card,"\
" card isn't secure.\n");
goto out;
}
}
printf("Card correctly finalized.\n");
}
if(get_filename)
{
FILE *fp;
u8 *b;
if(file)
{
sc_file_free(file);
file = NULL;
}
sc_format_path(get_filename, &path);
r = sc_select_file(card, &path, &file);
if(r)
{
printf("Error file not found.\n");
goto out;
}
b = malloc(file->size);
if(b == NULL)
{
printf("Not enougth memory.\n");
goto out;
}
r = sc_read_binary(card, 0, b, file->size, 0);
if(r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED)
{
if(verify_pin(card, 0, pin))
{
printf("Wrong pin.\n");
goto out;
}
r = sc_read_binary(card, 0, b, file->size, 0);
}
if(r<0)
{
printf("Error reading file.\n");
goto out;
}
fp = fopen(get_filename, "wb");
fwrite(b, 1, file->size, fp);
fclose(fp);
free(b);
}
if(put_filename)
{
FILE *fp;
u8 *b;
if(file)
{
sc_file_free(file);
file = NULL;
}
sc_format_path(put_filename, &path);
r = sc_select_file(card, &path, &file);
if(r)
{
printf("File not found.\n");
goto out;
}
b = malloc(file->size);
if(b == NULL)
{
printf("Not enougth memory.\n");
goto out;
}
memset(b, 0, file->size);
fp = fopen(put_filename, "rb");
fread(b, 1, file->size, fp);
fclose(fp);
r = sc_update_binary(card, 0, b, file->size, 0);
if(r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED)
{
if(verify_pin(card, 0, pin))
{
printf("Wrong pin.\n");
}
else
{
r = sc_update_binary(card, 0, b, file->size, 0);
}
}
if(r<0)
{
free(b);
printf("Error writing file.\n");
goto out;
}
free(b);
}
out:
if(mem)
BIO_free(mem);
if(bn)
BN_free(bn);
if(rsa)
RSA_free(rsa);
if(file)
sc_file_free(file);
if (card)
{
sc_unlock(card);
sc_disconnect_card(card);
}
sc_release_context(ctx);
return EXIT_SUCCESS;
}
int main(int argc, char * const argv[])
{
int err = 0, r, c, long_optind = 0;
int action_count = 0;
int do_initialize = 0;
int do_unblock = 0;
int do_change_admin = 0;
sc_path_t path;
const char *opt_so_pin = NULL;
const char *opt_pin = NULL;
const char *opt_serial_number = NULL;
const char *opt_new_key = NULL;
sc_context_param_t ctx_param;
setbuf(stderr, NULL);
setbuf(stdout, NULL);
while (1) {
c = getopt_long(argc, argv, "XUCr:wv", options, &long_optind);
if (c == -1)
break;
if (c == '?')
util_print_usage_and_die(app_name, options, option_help, NULL);
switch (c) {
case 'X':
do_initialize = 1;
action_count++;
break;
case OPT_SO_PIN:
util_get_pin(optarg, &opt_so_pin);
break;
case OPT_PIN:
util_get_pin(optarg, &opt_pin);
break;
case OPT_SERIAL_NUMBER:
util_get_pin(optarg, &opt_serial_number);
break;
case OPT_NEW_KEY:
util_get_pin(optarg, &opt_new_key);
break;
case 'U':
do_unblock = 1;
action_count++;
break;
case 'C':
do_change_admin = 1;
action_count++;
break;
case 'r':
opt_reader = optarg;
break;
case 'v':
verbose++;
break;
case 'w':
opt_wait = 1;
break;
}
}
CRYPTO_malloc_init();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
memset(&ctx_param, 0, sizeof(sc_context_param_t));
ctx_param.app_name = app_name;
r = sc_context_create(&ctx, &ctx_param);
if (r != SC_SUCCESS) {
fprintf(stderr, "Failed to establish context: %s\n", sc_strerror(r));
exit(1);
}
/* Only change if not in opensc.conf */
if (verbose > 1 && ctx->debug == 0) {
ctx->debug = verbose;
sc_ctx_log_to_file(ctx, "stderr");
}
r = util_connect_card(ctx, &card, opt_reader, opt_wait, verbose);
if (r != SC_SUCCESS) {
if (r < 0) {
fprintf(stderr, "Failed to connect to card: %s\n", sc_strerror(err));
}
goto end;
}
sc_path_set(&path, SC_FILE_TYPE_WORKING_EF, gids_aid.value, gids_aid.len, 0, 0);
r = sc_select_file(card, &path, NULL);
if (r != SC_SUCCESS) {
fprintf(stderr, "Failed to select application: %s\n", sc_strerror(r));
goto fail;
}
if (do_initialize && initialize(card, opt_so_pin, opt_pin, opt_serial_number))
goto fail;
if (do_unblock && unblock(card, opt_so_pin, opt_pin))
goto fail;
if (do_change_admin && changeAdminKey(card, opt_so_pin, opt_new_key))
goto fail;
if (action_count == 0) {
print_info(card);
}
err = 0;
goto end;
fail:
err = 1;
end:
if (card) {
sc_unlock(card);
sc_disconnect_card(card);
}
if (ctx)
sc_release_context(ctx);
ERR_print_errors_fp(stderr);
return err;
}
