int main(int argc, char *argv[])
{
int i;
i = sc_test_init(&argc, argv);
if (i < 0)
return 1;
printf("Looking for a PKCS#15 compatible Smart Card... ");
fflush(stdout);
sc_lock(card);
i = sc_pkcs15_bind(card, &p15card);
/* Keep card locked to prevent useless calls to sc_logout */
if (i) {
fprintf(stderr, "failed: %s\n", sc_strerror(i));
return 1;
}
printf("found.\n");
sc_test_print_card(p15card);
dump_objects("PIN codes", SC_PKCS15_TYPE_AUTH_PIN);
dump_objects("Private keys", SC_PKCS15_TYPE_PRKEY);
dump_objects("Public keys", SC_PKCS15_TYPE_PUBKEY);
dump_objects("X.509 certificates", SC_PKCS15_TYPE_CERT_X509);
dump_objects("data objects", SC_PKCS15_TYPE_DATA_OBJECT);
dump_unusedspace();
sc_pkcs15_unbind(p15card);
sc_unlock(card);
sc_test_cleanup();
return 0;
}
void *thread_pop(void * camera){
camera_t *cam=(camera_t *)camera;
sc_frame_t *f;
int count=0;
zbfp=fopen("zbzb.yuv","wb");
slogi("pop ");
while(!cam->stopflag){
if(count==0){
sc_lock(&cam->q->mutex);
slogi("wait for signal");
pthread_cond_wait(&cam->q->cond,&cam->q->mutex);/*等待*/
slogi("wake up");
sc_unlock(&cam->q->mutex);
}
count++;
int ret=queue_popfront(cam->q,&f);
if(ret==0 && f!=NULL){
// slogi("pop ok delete it");
if(zbfp)
{
yuv_write(f->data, f->len, zbfp);
// sc_write_onebyone(f->data, f->len, count);
}else{
slogi("#####zbzb.yuv open fail#####");
}
delete_frame(f);}
if(ret==QEMPTY_POPFAIL || ret==QGNEL_FAIL ){//宁愿popfail,也不能让push数据放不进去而丢帧
usleep(300);
}
}
}
static int ask_and_verify_pin(struct sc_pkcs15_object *obj)
{
struct sc_pkcs15_pin_info *pin;
int i = 0;
char prompt[80];
u8 *pass;
pin = (struct sc_pkcs15_pin_info *) obj->data;
if (pin->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) {
printf("Skipping unblocking pin [%s]\n", obj->label);
return 0;
}
sprintf(prompt, "Please enter PIN code [%s]: ", obj->label);
pass = (u8 *) getpass(prompt);
sc_lock(card);
i = sc_pkcs15_verify_pin(p15card, pin, pass, strlen((char *) pass));
sc_unlock(card);
if (i) {
if (i == SC_ERROR_PIN_CODE_INCORRECT)
fprintf(stderr,
"Incorrect PIN code (%d tries left)\n",
pin->tries_left);
else
fprintf(stderr,
"PIN verifying failed: %s\n",
sc_strerror(i));
return 1;
} else
printf("PIN code correct.\n");
return 0;
}
int sc_update_binary(sc_card_t *card, unsigned int idx,
const u8 *buf, size_t count, unsigned long flags)
{
size_t max_lc = sc_get_max_send_size(card);
int r;
if (card == NULL || card->ops == NULL || buf == NULL) {
return SC_ERROR_INVALID_ARGUMENTS;
}
sc_log(card->ctx, "called; %"SC_FORMAT_LEN_SIZE_T"u bytes at index %d",
count, idx);
if (count == 0)
return 0;
#ifdef ENABLE_SM
if (card->sm_ctx.ops.update_binary) {
r = card->sm_ctx.ops.update_binary(card, idx, buf, count);
if (r)
LOG_FUNC_RETURN(card->ctx, r);
}
#endif
if (card->ops->update_binary == NULL)
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
if (count > max_lc) {
int bytes_written = 0;
const u8 *p = buf;
r = sc_lock(card);
LOG_TEST_RET(card->ctx, r, "sc_lock() failed");
while (count > 0) {
size_t n = count > max_lc? max_lc : count;
r = sc_update_binary(card, idx, p, n, flags);
if (r < 0) {
sc_unlock(card);
LOG_TEST_RET(card->ctx, r, "sc_update_binary() failed");
}
p += r;
idx += r;
bytes_written += r;
count -= r;
if (r == 0) {
sc_unlock(card);
LOG_FUNC_RETURN(card->ctx, bytes_written);
}
}
sc_unlock(card);
LOG_FUNC_RETURN(card->ctx, bytes_written);
}
r = card->ops->update_binary(card, idx, buf, count, flags);
LOG_FUNC_RETURN(card->ctx, r);
}
int main(int argc, char *argv[])
{
struct sc_pkcs15_object **objs = NULL;
int i, count;
i = sc_test_init(&argc, argv);
if (i < 0)
return 1;
if (card->reader->capabilities & SC_READER_CAP_PIN_PAD)
printf("Slot is capable of doing pinpad operations!\n");
printf("Looking for a PKCS#15 compatible Smart Card... ");
fflush(stdout);
if (SC_SUCCESS != sc_lock(card))
return 1;
i = sc_pkcs15_bind(card, NULL, &p15card);
if (SC_SUCCESS != sc_unlock(card))
return 1;
if (i) {
fprintf(stderr, "failed: %s\n", sc_strerror(i));
sc_test_cleanup();
return 1;
}
printf("found.\n");
printf("Enumerating PIN codes...\n");
if (SC_SUCCESS != sc_lock(card))
return 1;
count = enum_pins(&objs);
if (SC_SUCCESS != sc_unlock(card))
return 1;
if (count < 0) {
sc_pkcs15_unbind(p15card);
sc_test_cleanup();
return 1;
}
for (i = 0; i < count; i++) {
ask_and_verify_pin(objs[i]);
}
sc_pkcs15_unbind(p15card);
sc_test_cleanup();
return 0;
}
int sc_update_binary(sc_card_t *card, unsigned int idx,
const u8 *buf, size_t count, unsigned long flags)
{
size_t max_lc = card->max_send_size;
int r;
assert(card != NULL && card->ops != NULL && buf != NULL);
sc_log(card->ctx, "called; %d bytes at index %d", count, idx);
if (count == 0)
return 0;
#ifdef ENABLE_SM
if (card->sm_ctx.ops.update_binary) {
r = card->sm_ctx.ops.update_binary(card, idx, buf, count);
if (r)
LOG_FUNC_RETURN(card->ctx, r);
}
#endif
if (card->ops->update_binary == NULL)
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
if (count > max_lc) {
int bytes_written = 0;
const u8 *p = buf;
r = sc_lock(card);
LOG_TEST_RET(card->ctx, r, "sc_lock() failed");
while (count > 0) {
size_t n = count > max_lc? max_lc : count;
r = sc_update_binary(card, idx, p, n, flags);
if (r < 0) {
sc_unlock(card);
LOG_TEST_RET(card->ctx, r, "sc_update_binary() failed");
}
p += r;
idx += r;
bytes_written += r;
count -= r;
if (r == 0) {
sc_unlock(card);
LOG_FUNC_RETURN(card->ctx, bytes_written);
}
}
sc_unlock(card);
LOG_FUNC_RETURN(card->ctx, bytes_written);
}
r = card->ops->update_binary(card, idx, buf, count, flags);
LOG_FUNC_RETURN(card->ctx, r);
}
int sc_read_binary(sc_card_t *card, unsigned int idx,
unsigned char *buf, size_t count, unsigned long flags)
{
size_t max_le = sc_get_max_recv_size(card);
int r;
assert(card != NULL && card->ops != NULL && buf != NULL);
sc_log(card->ctx, "called; %d bytes at index %d", count, idx);
if (count == 0)
return 0;
#ifdef ENABLE_SM
if (card->sm_ctx.ops.read_binary) {
r = card->sm_ctx.ops.read_binary(card, idx, buf, count);
if (r)
LOG_FUNC_RETURN(card->ctx, r);
}
#endif
if (card->ops->read_binary == NULL)
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
if (count > max_le) {
int bytes_read = 0;
unsigned char *p = buf;
r = sc_lock(card);
LOG_TEST_RET(card->ctx, r, "sc_lock() failed");
while (count > 0) {
size_t n = count > max_le ? max_le : count;
r = sc_read_binary(card, idx, p, n, flags);
if (r < 0) {
sc_unlock(card);
LOG_TEST_RET(card->ctx, r, "sc_read_binary() failed");
}
p += r;
idx += r;
bytes_read += r;
count -= r;
if (r == 0) {
sc_unlock(card);
LOG_FUNC_RETURN(card->ctx, bytes_read);
}
}
sc_unlock(card);
LOG_FUNC_RETURN(card->ctx, bytes_read);
}
r = card->ops->read_binary(card, idx, buf, count, flags);
LOG_FUNC_RETURN(card->ctx, r);
}
int uc_pthread_mutex_class::timedlock(const struct timespec * abs_timeout){
UC_thread_class *thread = qt_parent_rtos->get_current_cpu()->m_current_task->m_current_thread;
int ret = 1;
while (ret == 1) {
ret = sc_lock(abs_timeout);
// if (ret == 1 || ret == ETIMEDOUT) {
// vector<UC_thread_class *>::iterator it_thread;
// for (it_thread = blocked_threads.begin(); it_thread != blocked_threads.end(); it_thread++) {
// if (*it_thread == thread) {
// blocked_threads.erase(it_thread);
// break;
// }
// }
// }
}
return ret;
}
int uc_pthread_mutex_class::lock() {
UC_thread_class *thread = qt_parent_rtos->get_current_cpu()->m_current_task->m_current_thread;
int ret = 1;
while (ret == 1) {
ret = sc_lock();
// if (ret == 1) {
// vector<UC_thread_class *>::iterator it_thread;
// for (it_thread = blocked_threads.begin(); it_thread != blocked_threads.end(); it_thread++) {
// if (*it_thread == thread) {
// blocked_threads.erase(it_thread);
// break;
// }
// }
// }
}
return ret;
}
int sc_update_binary(sc_card_t *card, unsigned int idx,
const u8 *buf, size_t count, unsigned long flags)
{
size_t max_lc = card->max_send_size > 0 ? card->max_send_size : 255;
int r;
assert(card != NULL && card->ops != NULL && buf != NULL);
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
"called; %d bytes at index %d\n", count, idx);
if (count == 0)
return 0;
if (card->ops->update_binary == NULL)
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_NOT_SUPPORTED);
if (count > max_lc) {
int bytes_written = 0;
const u8 *p = buf;
r = sc_lock(card);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
while (count > 0) {
size_t n = count > max_lc? max_lc : count;
r = sc_update_binary(card, idx, p, n, flags);
if (r < 0) {
sc_unlock(card);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_update_binary() failed");
}
p += r;
idx += r;
bytes_written += r;
count -= r;
if (r == 0) {
sc_unlock(card);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, bytes_written);
}
}
sc_unlock(card);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, bytes_written);
}
r = card->ops->update_binary(card, idx, buf, count, flags);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r);
}
int sc_get_challenge(sc_card_t *card, u8 *rnd, size_t len)
{
int r;
size_t retry = 10;
if (len == 0)
return SC_SUCCESS;
if (card == NULL || rnd == NULL) {
return SC_ERROR_INVALID_ARGUMENTS;
}
LOG_FUNC_CALLED(card->ctx);
if (card->ops == NULL || card->ops->get_challenge == NULL)
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
r = sc_lock(card);
if (r != SC_SUCCESS)
LOG_FUNC_RETURN(card->ctx, r);
while (len > 0 && retry > 0) {
r = card->ops->get_challenge(card, rnd, len);
if (r < 0) {
sc_unlock(card);
LOG_FUNC_RETURN(card->ctx, r);
}
if (r > 0) {
rnd += (size_t) r;
len -= (size_t) r;
} else {
retry--;
}
}
sc_unlock(card);
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
}
int sc_read_binary(sc_card_t *card, unsigned int idx,
unsigned char *buf, size_t count, unsigned long flags)
{
size_t max_le = card->max_recv_size > 0 ? card->max_recv_size : 256;
int r;
assert(card != NULL && card->ops != NULL && buf != NULL);
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "called; %d bytes at index %d", count, idx);
if (count == 0)
return 0;
if (card->ops->read_binary == NULL)
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_NOT_SUPPORTED);
if (count > max_le) {
int bytes_read = 0;
unsigned char *p = buf;
r = sc_lock(card);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
while (count > 0) {
size_t n = count > max_le ? max_le : count;
r = sc_read_binary(card, idx, p, n, flags);
if (r < 0) {
sc_unlock(card);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_read_binary() failed");
}
p += r;
idx += r;
bytes_read += r;
count -= r;
if (r == 0) {
sc_unlock(card);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, bytes_read);
}
}
sc_unlock(card);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, bytes_read);
}
r = card->ops->read_binary(card, idx, buf, count, flags);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r);
}
// ----------------------------------------------------------------------
void
VirtualLinkControl::
add_virtual_message( std::string dest, TestbedserviceMessage message )
throw()
{
boost::lock_guard<boost::mutex> sc_lock( sc_mutex_ );
if ( sc_ )
{
// TODO: check if buffer is of correct size for vlink message
VirtualLinkMessage *vlink_msg;
if ( message.buffer[0] == NODE_OUTPUT_VIRTUAL_LINK )
vlink_msg = new VirtualLinkMessage( message.buffer );
else if ( message.buffer[0] == 10 &&
message.buffer[1] == VIRTUAL_LINK_MESSAGE )
{
#warning Quick hack to suppress isense packet type sent by testbed-runtime
vlink_msg = new VirtualLinkMessage( message.buffer + 2 );
vlink_msg->type = NODE_OUTPUT_VIRTUAL_LINK;
}
else if (message.buffer[0] == VIRTUAL_LINK_MESSAGE )
{
vlink_msg = new VirtualLinkMessage( message.buffer + 1 );
vlink_msg->type = NODE_OUTPUT_VIRTUAL_LINK;
}
else
{
std::cerr << "Received unknown virtual link message. Skip." << std::endl;
return;
}
vlink_msg->pass_to = virtual_link_transmission_model().node_id_from_urn( dest );
// std::cout << "CALLED AT " << sc_->world().current_time() << std::endl;
double now = sc_->world().current_time();
sc_->world_w().scheduler_w().new_event( virtual_link_transmission_model_w(), now, vlink_msg );
// std::cout << "ADD EVENT REMOTELY AT " << now << std::endl;
}
}
void sc_process_image(const void *buf, int size,int cmd,camera_t *camera)
{
switch(cmd){
case CMD_OUT_FILE:
{
frame_number++;
sc_write_onebyone(buf,size,frame_number);
}
break;
case CMD_OUT_BUF:
{ sc_frame_t *f=new_frame(size);
/* The memcpy() function returns a pointer to dest.*/
memcpy(f->data,buf,size);
f->len=size;
sc_queue_t *q=camera->q;
int ret=queue_pushback(q, f);
if(ret==QGNEL_FAIL || ret==QFULL_PUSHFAIL){
sleep(1);slogi("sleep for full");
// usleep(500);
}
#if 1
if(count==0){
sc_lock(&q->mutex);
count=count+1;
slogi("signal");
pthread_cond_signal(&q->cond);/*条件改变,发送信号,通知t_b进程*/
sc_unlock(&q->mutex);
}
#endif
break;
}
default:
printf("process image");
}
}
static int ask_and_verify_pin(struct sc_pkcs15_object *pin_obj)
{
struct sc_pkcs15_auth_info *pin_info = (struct sc_pkcs15_auth_info *) pin_obj->data;
int i = 0;
char prompt[(sizeof pin_obj->label) + 30];
u8 *pass;
if (pin_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) {
printf("Skipping unblocking pin [%.*s]\n", (int) sizeof pin_obj->label, pin_obj->label);
return 0;
}
snprintf(prompt, sizeof(prompt), "Please enter PIN code [%.*s]: ",
(int) sizeof pin_obj->label, pin_obj->label);
pass = (u8 *) getpass(prompt);
if (SC_SUCCESS != sc_lock(card))
return 1;
i = sc_pkcs15_verify_pin(p15card, pin_obj, pass, strlen((char *) pass));
if (SC_SUCCESS != sc_unlock(card))
return 1;
if (i) {
if (i == SC_ERROR_PIN_CODE_INCORRECT)
fprintf(stderr,
"Incorrect PIN code (%d tries left)\n",
pin_info->tries_left);
else
fprintf(stderr,
"PIN verifying failed: %s\n",
sc_strerror(i));
return 1;
} else
printf("PIN code correct.\n");
return 0;
}
static int dump_objects(const char *what, int type)
{
struct sc_pkcs15_object **objs;
int count, i;
printf("\nEnumerating %s... ", what);
fflush(stdout);
sc_lock(card);
count = sc_pkcs15_get_objects(p15card, type, NULL, 0);
if (count < 0) {
printf("failed.\n");
fprintf(stderr, "Error enumerating %s: %s\n",
what, sc_strerror(count));
sc_unlock(card);
return 1;
}
if (count == 0) {
printf("none found.\n");
sc_unlock(card);
return 0;
}
printf("%u found.\n", count);
objs = (struct sc_pkcs15_object **) calloc(count, sizeof(*objs));
if ((count = sc_pkcs15_get_objects(p15card, type, objs, count)) < 0) {
fprintf(stderr, "Error enumerating %s: %s\n",
what, sc_strerror(count));
} else {
for (i = 0; i < count; i++)
sc_test_print_object(objs[i]);
}
free(objs);
sc_unlock(card);
return (count < 0) ? 1 : 0;
}
/*
* Verify a PIN.
*
* If the code given to us has zero length, this means we
* should ask the card reader to obtain the PIN from the
* reader's PIN pad
*/
int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *pin_obj,
const unsigned char *pincode, size_t pinlen)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
int r;
sc_card_t *card;
struct sc_pin_cmd_data data;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "PIN(type:%X;method:%X;len:)", auth_info->auth_type, auth_info->auth_method, pinlen);
if (pinlen > SC_MAX_PIN_SIZE)
LOG_TEST_RET(ctx, SC_ERROR_INVALID_PIN_LENGTH, "Invalid PIN size");
card = p15card->card;
/* Initialize arguments */
memset(&data, 0, sizeof(data));
data.cmd = SC_PIN_CMD_VERIFY;
data.pin_type = auth_info->auth_method;
if (auth_info->auth_type == SC_PKCS15_PIN_AUTH_TYPE_PIN) {
data.pin_reference = auth_info->attrs.pin.reference;
data.pin1.min_length = auth_info->attrs.pin.min_length;
data.pin1.max_length = auth_info->attrs.pin.max_length;
data.pin1.pad_length = auth_info->attrs.pin.stored_length;
data.pin1.pad_char = auth_info->attrs.pin.pad_char;
data.pin1.data = pincode;
data.pin1.len = pinlen;
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
data.flags |= SC_PIN_CMD_NEED_PADDING;
switch (auth_info->attrs.pin.type) {
case SC_PKCS15_PIN_TYPE_BCD:
data.pin1.encoding = SC_PIN_ENCODING_BCD;
break;
case SC_PKCS15_PIN_TYPE_ASCII_NUMERIC:
data.pin1.encoding = SC_PIN_ENCODING_ASCII;
break;
default:
/* assume/hope the card driver knows how to encode the pin */
data.pin1.encoding = 0;
}
}
else if (auth_info->auth_type == SC_PKCS15_PIN_AUTH_TYPE_AUTH_KEY) {
struct sc_pkcs15_object *skey_obj = NULL;
struct sc_pkcs15_id *skey_id = &auth_info->attrs.authkey.skey_id;
struct sc_pkcs15_skey_info *skey_info = NULL;
r = sc_pkcs15_find_skey_by_id(p15card, skey_id, &skey_obj);
if (r) {
sc_log(ctx, "cannot find secret key with id:%s", sc_pkcs15_print_id(skey_id));
LOG_FUNC_RETURN(ctx, r);
}
skey_info = (struct sc_pkcs15_skey_info *)skey_obj->data;
sc_log(ctx, "found secret key '%s'", skey_obj->label);
data.pin_reference = skey_info->key_reference;
}
if(p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
if (!pincode && !pinlen)
data.flags |= SC_PIN_CMD_USE_PINPAD;
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
data.pin1.prompt = "Please enter SO PIN";
else
data.pin1.prompt = "Please enter PIN";
}
r = sc_lock(card);
LOG_TEST_RET(ctx, r, "sc_lock() failed");
/* the path in the pin object is optional */
if ((auth_info->path.len > 0) || ((auth_info->path.aid.len > 0))) {
r = sc_select_file(card, &auth_info->path, NULL);
if (r)
goto out;
}
r = sc_pin_cmd(card, &data, &auth_info->tries_left);
sc_log(ctx, "PIN cmd result %i", r);
if (r == SC_SUCCESS)
sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);
out:
sc_unlock(card);
LOG_FUNC_RETURN(ctx, r);
}
int main(int argc, char *argv[])
{
int i, c, r, cnt = 3, freq[39];
struct timeval tv1, tv2;
u8 buf[14];
i = sc_test_init(&argc, argv);
for (i = 0; i < 39; i++)
freq[i] = 0;
c = 0;
while (cnt) {
u8 nbuf[39];
for (i = 0; i < 39; i++) {
nbuf[i] = i + 1;
}
if (c == 0)
gettimeofday(&tv1, NULL);
sc_lock(card);
r = sc_get_challenge(card, buf, 14);
sc_unlock(card);
if (r == 0) {
int left = 39;
printf("Lottery: ");
for (i = 0; i < 7; i++) {
unsigned short s = buf[2 * i] + (buf[2 * i + 1] << 8);
int lot = s % (left + 1);
int num = nbuf[lot];
nbuf[lot] = nbuf[left - 1];
left--;
freq[num - 1]++;
printf("%3d ", num);
}
printf("\n");
} else {
fprintf(stderr, "sc_get_challenge() failed: %s\n", sc_strerror(r));
sc_test_cleanup();
return 1;
}
c++;
if (c == 50) {
unsigned long long foo, foo2;
gettimeofday(&tv2, NULL);
foo = tv2.tv_sec * 1000 + tv2.tv_usec / 1000;
foo2 = tv1.tv_sec * 1000 + tv1.tv_usec / 1000;
printf("Time per one: %lld ms\n", (foo - foo2) / 50);
printf("Frequencies:\n");
for (i = 0; i < 39; i++) {
printf("%3d: %-5d", i + 1, freq[i]);
if (((i + 1) % 10) == 0)
printf("\n");
}
printf("\n");
c = 0;
cnt--;
}
}
sc_test_cleanup();
return 0;
}
LIBOPENSC_API int sc_pkcs15_decipher(struct sc_pkcs15_card *p15card,
const struct sc_pkcs15_object *obj,
unsigned long flags,
const u8 * in, size_t inlen, u8 *out, size_t outlen)
{
sc_context_t *ctx = p15card->card->ctx;
int r;
sc_algorithm_info_t *alg_info;
sc_security_env_t senv;
const struct sc_pkcs15_prkey_info *prkey = (const struct sc_pkcs15_prkey_info *) obj->data;
unsigned long pad_flags = 0, sec_flags = 0;
LOG_FUNC_CALLED(ctx);
memset(&senv, 0, sizeof(senv));
/* Card driver should have the access to supported algorithms from 'tokenInfo'. So that
* it can get value of card specific 'AlgorithmInfo::algRef'. */
memcpy(&senv.supported_algos, &p15card->tokeninfo->supported_algos, sizeof(senv.supported_algos));
/* If the key is not native, we can't operate with it. */
if (!prkey->native)
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "This key is not native, cannot operate with it");
if (!(prkey->usage & (SC_PKCS15_PRKEY_USAGE_DECRYPT|SC_PKCS15_PRKEY_USAGE_UNWRAP)))
LOG_TEST_RET(ctx, SC_ERROR_NOT_ALLOWED, "This key cannot be used for decryption");
switch (obj->type) {
case SC_PKCS15_TYPE_PRKEY_RSA:
alg_info = sc_card_find_rsa_alg(p15card->card, prkey->modulus_length);
if (alg_info == NULL) {
sc_log(ctx, "Card does not support RSA with key length %d", prkey->modulus_length);
LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
}
senv.algorithm = SC_ALGORITHM_RSA;
break;
case SC_PKCS15_TYPE_PRKEY_GOSTR3410:
alg_info = sc_card_find_gostr3410_alg(p15card->card, prkey->modulus_length);
if (alg_info == NULL) {
sc_log(ctx, "Card does not support GOSTR3410 with key length %d", prkey->modulus_length);
LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
}
senv.algorithm = SC_ALGORITHM_GOSTR3410;
break;
default:
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED,"Key type not supported");
}
r = sc_get_encoding_flags(ctx, flags, alg_info->flags, &pad_flags, &sec_flags);
LOG_TEST_RET(ctx, r, "cannot encode security operation flags");
senv.algorithm_flags = sec_flags;
senv.operation = SC_SEC_OPERATION_DECIPHER;
senv.flags = 0;
/* optional keyReference attribute (the default value is -1) */
if (prkey->key_reference >= 0) {
senv.key_ref_len = 1;
senv.key_ref[0] = prkey->key_reference & 0xFF;
senv.flags |= SC_SEC_ENV_KEY_REF_PRESENT;
}
senv.flags |= SC_SEC_ENV_ALG_PRESENT;
r = sc_lock(p15card->card);
LOG_TEST_RET(ctx, r, "sc_lock() failed");
if (prkey->path.len != 0 || prkey->path.aid.len != 0) {
r = select_key_file(p15card, prkey, &senv);
if (r < 0) {
sc_unlock(p15card->card);
LOG_TEST_RET(ctx, r,"Unable to select private key file");
}
}
r = sc_set_security_env(p15card->card, &senv, 0);
if (r < 0) {
sc_unlock(p15card->card);
LOG_TEST_RET(ctx, r, "sc_set_security_env() failed");
}
r = sc_decipher(p15card->card, in, inlen, out, outlen);
if (r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) {
if (sc_pkcs15_pincache_revalidate(p15card, obj) == SC_SUCCESS)
r = sc_decipher(p15card->card, in, inlen, out, outlen);
}
sc_unlock(p15card->card);
LOG_TEST_RET(ctx, r, "sc_decipher() failed");
/* Strip any padding */
if (pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1) {
size_t s = r;
r = sc_pkcs1_strip_02_padding(out, s, out, &s);
LOG_TEST_RET(ctx, r, "Invalid PKCS#1 padding");
}
LOG_FUNC_RETURN(ctx, r);
}
LIBOPENSC_API int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
const struct sc_pkcs15_object *obj,
unsigned long flags, const u8 *in, size_t inlen,
u8 *out, size_t outlen)
{
sc_context_t *ctx = p15card->card->ctx;
int r;
sc_security_env_t senv;
sc_algorithm_info_t *alg_info;
const struct sc_pkcs15_prkey_info *prkey = (const struct sc_pkcs15_prkey_info *) obj->data;
u8 buf[1024], *tmp;
size_t modlen;
unsigned long pad_flags = 0, sec_flags = 0;
LOG_FUNC_CALLED(ctx);
sc_log(ctx, "security operation flags 0x%X", flags);
memset(&senv, 0, sizeof(senv));
/* Card driver should have the access to supported algorithms from 'tokenInfo'. So that
* it can get value of card specific 'AlgorithmInfo::algRef'. */
memcpy(&senv.supported_algos, &p15card->tokeninfo->supported_algos, sizeof(senv.supported_algos));
if ((obj->type & SC_PKCS15_TYPE_CLASS_MASK) != SC_PKCS15_TYPE_PRKEY)
LOG_TEST_RET(ctx, SC_ERROR_NOT_ALLOWED, "This is not a private key");
/* If the key is not native, we can't operate with it. */
if (!prkey->native)
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "This key is not native, cannot operate with it");
if (!(prkey->usage & (SC_PKCS15_PRKEY_USAGE_SIGN|SC_PKCS15_PRKEY_USAGE_SIGNRECOVER|
SC_PKCS15_PRKEY_USAGE_NONREPUDIATION)))
LOG_TEST_RET(ctx, SC_ERROR_NOT_ALLOWED, "This key cannot be used for signing");
switch (obj->type) {
case SC_PKCS15_TYPE_PRKEY_RSA:
modlen = prkey->modulus_length / 8;
alg_info = sc_card_find_rsa_alg(p15card->card, prkey->modulus_length);
if (alg_info == NULL) {
sc_log(ctx, "Card does not support RSA with key length %d", prkey->modulus_length);
LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
}
senv.flags |= SC_SEC_ENV_ALG_PRESENT;
senv.algorithm = SC_ALGORITHM_RSA;
break;
case SC_PKCS15_TYPE_PRKEY_GOSTR3410:
modlen = (prkey->modulus_length + 7) / 8 * 2;
alg_info = sc_card_find_gostr3410_alg(p15card->card, prkey->modulus_length);
if (alg_info == NULL) {
sc_log(ctx, "Card does not support GOSTR3410 with key length %d", prkey->modulus_length);
LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
}
senv.flags |= SC_SEC_ENV_ALG_PRESENT;
senv.algorithm = SC_ALGORITHM_GOSTR3410;
break;
case SC_PKCS15_TYPE_PRKEY_EC:
modlen = ((prkey->field_length +7) / 8) * 2; /* 2*nLen */
alg_info = sc_card_find_ec_alg(p15card->card, prkey->field_length);
if (alg_info == NULL) {
sc_log(ctx, "Card does not support EC with field_size %d", prkey->field_length);
LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
}
senv.algorithm = SC_ALGORITHM_EC;
senv.flags |= SC_SEC_ENV_ALG_PRESENT;
senv.flags |= SC_SEC_ENV_ALG_REF_PRESENT;
senv.algorithm_ref = prkey->field_length;
break;
/* add other crypto types here */
default:
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Key type not supported");
}
/* Probably never happens, but better make sure */
if (inlen > sizeof(buf) || outlen < modlen)
LOG_FUNC_RETURN(ctx, SC_ERROR_BUFFER_TOO_SMALL);
memcpy(buf, in, inlen);
/* revert data to sign when signing with the GOST key.
* TODO: can it be confirmed by the GOST standard?
* TODO: tested with RuTokenECP, has to be validated for RuToken. */
if (obj->type == SC_PKCS15_TYPE_PRKEY_GOSTR3410)
sc_mem_reverse(buf, inlen);
tmp = buf;
/* flags: the requested algo
* algo_info->flags: what is supported by the card
* senv.algorithm_flags: what the card will have to do */
/* if the card has SC_ALGORITHM_NEED_USAGE set, and the
key is for signing and decryption, we need to emulate signing */
/* TODO: -DEE assume only RSA keys will ever use _NEED_USAGE */
sc_log(ctx, "supported algorithm flags 0x%X, private key usage 0x%X", alg_info->flags, prkey->usage);
if ((alg_info->flags & SC_ALGORITHM_NEED_USAGE) &&
((prkey->usage & USAGE_ANY_SIGN) &&
(prkey->usage & USAGE_ANY_DECIPHER)) ) {
size_t tmplen = sizeof(buf);
if (flags & SC_ALGORITHM_RSA_RAW) {
r = sc_pkcs15_decipher(p15card, obj,flags, in, inlen, out, outlen);
LOG_FUNC_RETURN(ctx, r);
}
if (modlen > tmplen)
LOG_TEST_RET(ctx, SC_ERROR_NOT_ALLOWED, "Buffer too small, needs recompile!");
r = sc_pkcs1_encode(ctx, flags, in, inlen, buf, &tmplen, modlen);
/* no padding needed - already done */
flags &= ~SC_ALGORITHM_RSA_PADS;
/* instead use raw rsa */
flags |= SC_ALGORITHM_RSA_RAW;
LOG_TEST_RET(ctx, r, "Unable to add padding");
r = sc_pkcs15_decipher(p15card, obj,flags, buf, modlen, out, outlen);
LOG_FUNC_RETURN(ctx, r);
}
/* If the card doesn't support the requested algorithm, see if we
* can strip the input so a more restrictive algo can be used */
if ((flags == (SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_NONE)) &&
!(alg_info->flags & (SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_HASH_NONE))) {
unsigned int algo;
size_t tmplen = sizeof(buf);
r = sc_pkcs1_strip_digest_info_prefix(&algo, tmp, inlen, tmp, &tmplen);
if (r != SC_SUCCESS || algo == SC_ALGORITHM_RSA_HASH_NONE) {
sc_mem_clear(buf, sizeof(buf));
LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
}
flags &= ~SC_ALGORITHM_RSA_HASH_NONE;
flags |= algo;
inlen = tmplen;
}
r = sc_get_encoding_flags(ctx, flags, alg_info->flags, &pad_flags, &sec_flags);
if (r != SC_SUCCESS) {
sc_mem_clear(buf, sizeof(buf));
LOG_FUNC_RETURN(ctx, r);
}
senv.algorithm_flags = sec_flags;
sc_log(ctx, "DEE flags:0x%8.8x alg_info->flags:0x%8.8x pad:0x%8.8x sec:0x%8.8x",
flags, alg_info->flags, pad_flags, sec_flags);
/* add the padding bytes (if necessary) */
if (pad_flags != 0) {
size_t tmplen = sizeof(buf);
r = sc_pkcs1_encode(ctx, pad_flags, tmp, inlen, tmp, &tmplen, modlen);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to add padding");
inlen = tmplen;
}
else if ( senv.algorithm == SC_ALGORITHM_RSA &&
(flags & SC_ALGORITHM_RSA_PADS) == SC_ALGORITHM_RSA_PAD_NONE) {
/* Add zero-padding if input is shorter than the modulus */
if (inlen < modlen) {
if (modlen > sizeof(buf))
return SC_ERROR_BUFFER_TOO_SMALL;
memmove(tmp+modlen-inlen, tmp, inlen);
memset(tmp, 0, modlen-inlen);
}
inlen = modlen;
}
senv.operation = SC_SEC_OPERATION_SIGN;
/* optional keyReference attribute (the default value is -1) */
if (prkey->key_reference >= 0) {
senv.key_ref_len = 1;
senv.key_ref[0] = prkey->key_reference & 0xFF;
senv.flags |= SC_SEC_ENV_KEY_REF_PRESENT;
}
r = sc_lock(p15card->card);
LOG_TEST_RET(ctx, r, "sc_lock() failed");
sc_log(ctx, "Private key path '%s'", sc_print_path(&prkey->path));
if (prkey->path.len != 0 || prkey->path.aid.len != 0) {
r = select_key_file(p15card, prkey, &senv);
if (r < 0) {
sc_unlock(p15card->card);
LOG_TEST_RET(ctx, r,"Unable to select private key file");
}
}
r = sc_set_security_env(p15card->card, &senv, 0);
if (r < 0) {
sc_unlock(p15card->card);
LOG_TEST_RET(ctx, r, "sc_set_security_env() failed");
}
r = sc_compute_signature(p15card->card, tmp, inlen, out, outlen);
if (r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED)
if (sc_pkcs15_pincache_revalidate(p15card, obj) == SC_SUCCESS)
r = sc_compute_signature(p15card->card, tmp, inlen, out, outlen);
sc_mem_clear(buf, sizeof(buf));
sc_unlock(p15card->card);
LOG_TEST_RET(ctx, r, "sc_compute_signature() failed");
LOG_FUNC_RETURN(ctx, r);
}
static int get_language(sc_card_t *card)
{
sc_apdu_t apdu;
u8 prefs[240], *lg_value;
u8 path[] = { 0x3F, 0x00, 0xDF, 0x01, 0x40, 0x39 };
int r, i, len;
/* Get the language from the card's preferences file */
assert(card != NULL);
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xA4, 0x08, 0x0C);
apdu.lc = sizeof(path);
apdu.data = path;
apdu.datalen = sizeof(path);
apdu.resplen = 0;
apdu.le = 0;
r = sc_lock(card);
if (r < 0)
goto prefs_error;
r = sc_transmit_apdu(card, &apdu);
if (r < 0) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Select_File[prefs_file] command failed: %d\n", r);
sc_unlock(card);
goto prefs_error;
}
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
if (r < 0) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Select_File[prefs_file]: card returned %d\n", r);
sc_unlock(card);
goto prefs_error;
}
r = iso_ops->read_binary(card, 0, prefs, sizeof(prefs), 0);
sc_unlock(card);
if (r <= 0) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Read_Binary[prefs_file] returned %d\n", r);
goto prefs_error;
}
#if 0
dumphex("Prefs: ", prefs, r);
#endif
i = get_pref(prefs, r, "[gen]", "lg", &len);
if (i <= 0 || len < 2) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Couldn't find language in prefs file: %d\n", i);
goto prefs_error;
}
lg_value = prefs + i; /* language code(s) found, starts here */
i = 0;
while (1) {
while (i <= len - 2 && (lg_value[i] == ' ' || lg_value[i] == '|'))
i++;
if (i > len - 2)
goto prefs_error;
r = str2lang(card->ctx, lg_value + i);
if (r >= 0)
return r;
i += 2;
}
prefs_error:
/* If troubles with the card's prefs file, get the language from the OS */
#ifdef _WIN32
switch (GetUserDefaultLangID() & 0x00FF) {
case 0x13:
return LNG_DUTCH;
case 0x0C:
return LNG_FRENCH;
case 0x07:
return LNG_GERMAN;
default:
return LNG_ENG;
}
#endif
return LNG_ENG; /* default */
}
/*
* Unblock a PIN.
*/
int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *pin_obj,
const u8 *puk, size_t puklen,
const u8 *newpin, size_t newpinlen)
{
int r;
sc_card_t *card;
struct sc_pin_cmd_data data;
struct sc_pkcs15_object *puk_obj;
struct sc_pkcs15_pin_info *puk_info = NULL;
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data;
/* make sure the pins are in valid range */
if ((r = _validate_pin(p15card, pin_info, newpinlen)) != SC_SUCCESS)
return r;
card = p15card->card;
/* get pin_info object of the puk (this is a little bit complicated
* as we don't have the id of the puk (at least now))
* note: for compatibility reasons we give no error if no puk object
* is found */
/* first step: try to get the pkcs15 object of the puk */
r = sc_pkcs15_find_pin_by_auth_id(p15card, &pin_obj->auth_id, &puk_obj);
if (r >= 0 && puk_obj) {
/* second step: get the pkcs15 info object of the puk */
puk_info = (struct sc_pkcs15_pin_info *)puk_obj->data;
}
if (!puk_info) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unable to get puk object, using pin object instead!");
puk_info = pin_info;
}
/* make sure the puk is in valid range */
if ((r = _validate_pin(p15card, puk_info, puklen)) != SC_SUCCESS)
return r;
r = sc_lock(card);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
/* the path in the pin object is optional */
if (pin_info->path.len > 0) {
r = sc_select_file(card, &pin_info->path, NULL);
if (r)
goto out;
}
/* set pin_cmd data */
memset(&data, 0, sizeof(data));
data.cmd = SC_PIN_CMD_UNBLOCK;
data.pin_type = SC_AC_CHV;
data.pin_reference = pin_info->reference;
data.pin1.data = puk;
data.pin1.len = puklen;
data.pin1.pad_char = pin_info->pad_char;
data.pin1.min_length = pin_info->min_length;
data.pin1.max_length = pin_info->max_length;
data.pin1.pad_length = pin_info->stored_length;
data.pin2.data = newpin;
data.pin2.len = newpinlen;
data.pin2.pad_char = puk_info->pad_char;
data.pin2.min_length = puk_info->min_length;
data.pin2.max_length = puk_info->max_length;
data.pin2.pad_length = puk_info->stored_length;
if (pin_info->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
data.flags |= SC_PIN_CMD_NEED_PADDING;
switch (pin_info->type) {
case SC_PKCS15_PIN_TYPE_BCD:
data.pin1.encoding = SC_PIN_ENCODING_BCD;
break;
case SC_PKCS15_PIN_TYPE_ASCII_NUMERIC:
data.pin1.encoding = SC_PIN_ENCODING_ASCII;
break;
}
switch (puk_info->type) {
case SC_PKCS15_PIN_TYPE_BCD:
data.pin2.encoding = SC_PIN_ENCODING_BCD;
break;
case SC_PKCS15_PIN_TYPE_ASCII_NUMERIC:
data.pin2.encoding = SC_PIN_ENCODING_ASCII;
break;
}
if(p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
data.flags |= SC_PIN_CMD_USE_PINPAD;
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
data.pin1.prompt = "Please enter PUK";
data.pin2.prompt = "Please enter new SO PIN";
} else {
data.pin1.prompt = "Please enter PUK";
data.pin2.prompt = "Please enter new PIN";
}
}
r = sc_pin_cmd(card, &data, &pin_info->tries_left);
if (r == SC_SUCCESS)
sc_pkcs15_pincache_add(p15card, pin_obj, newpin, newpinlen);
out:
sc_unlock(card);
return r;
}
/*
* Change a PIN.
*/
int sc_pkcs15_change_pin(struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *pin_obj,
const u8 *oldpin, size_t oldpinlen,
const u8 *newpin, size_t newpinlen)
{
int r;
sc_card_t *card;
struct sc_pin_cmd_data data;
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data;
/* make sure the pins are in valid range */
if ((r = _validate_pin(p15card, pin_info, oldpinlen)) != SC_SUCCESS)
return r;
if ((r = _validate_pin(p15card, pin_info, newpinlen)) != SC_SUCCESS)
return r;
card = p15card->card;
r = sc_lock(card);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
/* the path in the pin object is optional */
if (pin_info->path.len > 0) {
r = sc_select_file(card, &pin_info->path, NULL);
if (r)
goto out;
}
/* set pin_cmd data */
memset(&data, 0, sizeof(data));
data.cmd = SC_PIN_CMD_CHANGE;
data.pin_type = SC_AC_CHV;
data.pin_reference = pin_info->reference;
data.pin1.data = oldpin;
data.pin1.len = oldpinlen;
data.pin1.pad_char = pin_info->pad_char;
data.pin1.min_length = pin_info->min_length;
data.pin1.max_length = pin_info->max_length;
data.pin1.pad_length = pin_info->stored_length;
data.pin2.data = newpin;
data.pin2.len = newpinlen;
data.pin2.pad_char = pin_info->pad_char;
data.pin2.min_length = pin_info->min_length;
data.pin2.max_length = pin_info->max_length;
data.pin2.pad_length = pin_info->stored_length;
if (pin_info->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
data.flags |= SC_PIN_CMD_NEED_PADDING;
switch (pin_info->type) {
case SC_PKCS15_PIN_TYPE_BCD:
data.pin1.encoding = SC_PIN_ENCODING_BCD;
data.pin2.encoding = SC_PIN_ENCODING_BCD;
break;
case SC_PKCS15_PIN_TYPE_ASCII_NUMERIC:
data.pin1.encoding = SC_PIN_ENCODING_ASCII;
data.pin2.encoding = SC_PIN_ENCODING_ASCII;
break;
}
if((!oldpin || !newpin)
&& p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
data.flags |= SC_PIN_CMD_USE_PINPAD;
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
data.pin1.prompt = "Please enter SO PIN";
data.pin2.prompt = "Please enter new SO PIN";
} else {
data.pin1.prompt = "Please enter PIN";
data.pin2.prompt = "Please enter new PIN";
}
}
r = sc_pin_cmd(card, &data, &pin_info->tries_left);
if (r == SC_SUCCESS)
sc_pkcs15_pincache_add(p15card, pin_obj, newpin, newpinlen);
out:
sc_unlock(card);
return r;
}
/*
* Change a PIN.
*/
int sc_pkcs15_change_pin(struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *pin_obj,
const u8 *oldpin, size_t oldpinlen,
const u8 *newpin, size_t newpinlen)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_pin_cmd_data data;
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
struct sc_card *card = p15card->card;
int r;
LOG_FUNC_CALLED(ctx);
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
/* make sure the pins are in valid range */
r = _validate_pin(p15card, auth_info, oldpinlen);
LOG_TEST_RET(ctx, r, "Old PIN value do not conform PIN policy");
r = _validate_pin(p15card, auth_info, newpinlen);
LOG_TEST_RET(ctx, r, "New PIN value do not conform PIN policy");
card = p15card->card;
r = sc_lock(card);
LOG_TEST_RET(ctx, r, "sc_lock() failed");
/* the path in the pin object is optional */
if ((auth_info->path.len > 0) || ((auth_info->path.aid.len > 0))) {
r = sc_select_file(card, &auth_info->path, NULL);
if (r)
goto out;
}
/* set pin_cmd data */
memset(&data, 0, sizeof(data));
data.cmd = SC_PIN_CMD_CHANGE;
data.pin_type = SC_AC_CHV;
data.pin_reference = auth_info->attrs.pin.reference;
data.pin1.data = oldpin;
data.pin1.len = oldpinlen;
data.pin1.pad_char = auth_info->attrs.pin.pad_char;
data.pin1.min_length = auth_info->attrs.pin.min_length;
data.pin1.max_length = auth_info->attrs.pin.max_length;
data.pin1.pad_length = auth_info->attrs.pin.stored_length;
data.pin2.data = newpin;
data.pin2.len = newpinlen;
data.pin2.pad_char = auth_info->attrs.pin.pad_char;
data.pin2.min_length = auth_info->attrs.pin.min_length;
data.pin2.max_length = auth_info->attrs.pin.max_length;
data.pin2.pad_length = auth_info->attrs.pin.stored_length;
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
data.flags |= SC_PIN_CMD_NEED_PADDING;
switch (auth_info->attrs.pin.type) {
case SC_PKCS15_PIN_TYPE_BCD:
data.pin1.encoding = SC_PIN_ENCODING_BCD;
data.pin2.encoding = SC_PIN_ENCODING_BCD;
break;
case SC_PKCS15_PIN_TYPE_ASCII_NUMERIC:
data.pin1.encoding = SC_PIN_ENCODING_ASCII;
data.pin2.encoding = SC_PIN_ENCODING_ASCII;
break;
}
if((!oldpin || !newpin)
&& p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
data.flags |= SC_PIN_CMD_USE_PINPAD;
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
data.pin1.prompt = "Please enter SO PIN";
data.pin2.prompt = "Please enter new SO PIN";
}
else {
data.pin1.prompt = "Please enter PIN";
data.pin2.prompt = "Please enter new PIN";
}
}
r = sc_pin_cmd(card, &data, &auth_info->tries_left);
if (r == SC_SUCCESS)
sc_pkcs15_pincache_add(p15card, pin_obj, newpin, newpinlen);
out:
sc_unlock(card);
return r;
}
int util_connect_card(sc_context_t *ctx, sc_card_t **cardp,
int reader_id, int slot_id, int wait, int verbose)
{
sc_reader_t *reader;
sc_card_t *card;
int r;
if (wait) {
sc_reader_t *readers[16];
int slots[16];
unsigned int i;
int j, k, found;
unsigned int event;
for (i = k = 0; i < sc_ctx_get_reader_count(ctx); i++) {
if (reader_id >= 0 && (unsigned int)reader_id != i)
continue;
reader = sc_ctx_get_reader(ctx, i);
for (j = 0; j < reader->slot_count; j++, k++) {
readers[k] = reader;
slots[k] = j;
}
}
//printf("Waiting for card to be inserted...\n");
r = sc_wait_for_event(readers, slots, k,
SC_EVENT_CARD_INSERTED,
&found, &event, -1);
if (r < 0) {
syslog(LOG_ERR,
"Error while waiting for card: %s\n",
sc_strerror(r));
return 3;
}
reader = readers[found];
slot_id = slots[found];
} else {
if (sc_ctx_get_reader_count(ctx) == 0) {
syslog(LOG_ERR,
"No smart card readers found.\n");
return 1;
}
if (reader_id < 0) {
unsigned int i;
/* Automatically try to skip to a reader with a card if reader not specified */
for (i = 0; i < sc_ctx_get_reader_count(ctx); i++) {
reader = sc_ctx_get_reader(ctx, i);
if (sc_detect_card_presence(reader, 0) & SC_SLOT_CARD_PRESENT) {
reader_id = i;
syslog(LOG_NOTICE, "Using reader with a card: %s\n", reader->name);
goto autofound;
}
}
reader_id = 0;
}
autofound:
if ((unsigned int)reader_id >= sc_ctx_get_reader_count(ctx)) {
syslog(LOG_ERR,
"Illegal reader number. "
"Only %d reader(s) configured.\n",
sc_ctx_get_reader_count(ctx));
return 1;
}
reader = sc_ctx_get_reader(ctx, reader_id);
slot_id = 0;
if (sc_detect_card_presence(reader, 0) <= 0) {
syslog(LOG_ERR, "Card not present.\n");
return 3;
}
}
if (verbose)
printf("Connecting to card in reader %s...\n", reader->name);
if ((r = sc_connect_card(reader, slot_id, &card)) < 0) {
syslog(LOG_ERR,
"Failed to connect to card: %s\n",
sc_strerror(r));
return 1;
}
if (verbose)
printf("Using card driver %s.\n", card->driver->name);
if ((r = sc_lock(card)) < 0) {
syslog(LOG_ERR,
"Failed to lock card: %s\n",
sc_strerror(r));
sc_disconnect_card(card, 0);
return 1;
}
*cardp = card;
return 0;
}
int sc_pkcs15_read_file(struct sc_pkcs15_card *p15card,
const sc_path_t *in_path,
u8 **buf, size_t *buflen,
sc_file_t **file_out)
{
sc_file_t *file = NULL;
u8 *data = NULL;
size_t len = 0, offset = 0;
int r;
assert(p15card != NULL && in_path != NULL && buf != NULL);
if (p15card->card->ctx->debug >= 1) {
char pbuf[SC_MAX_PATH_STRING_SIZE];
r = sc_path_print(pbuf, sizeof(pbuf), in_path);
if (r != SC_SUCCESS)
pbuf[0] = '\0';
sc_debug(p15card->card->ctx, "called, path=%s, index=%u, count=%d\n",
pbuf, in_path->index, in_path->count);
}
r = -1; /* file state: not in cache */
if (p15card->opts.use_cache) {
r = sc_pkcs15_read_cached_file(p15card, in_path, &data, &len);
}
if (r) {
r = sc_lock(p15card->card);
SC_TEST_RET(p15card->card->ctx, r, "sc_lock() failed");
r = sc_select_file(p15card->card, in_path, &file);
if (r)
goto fail_unlock;
/* Handle the case where the ASN.1 Path object specified
* index and length values */
if (in_path->count < 0) {
len = file->size;
offset = 0;
} else {
offset = in_path->index;
len = in_path->count;
/* Make sure we're within proper bounds */
if (offset >= file->size
|| offset + len > file->size) {
r = SC_ERROR_INVALID_ASN1_OBJECT;
goto fail_unlock;
}
}
data = (u8 *) malloc(len);
if (data == NULL) {
r = SC_ERROR_OUT_OF_MEMORY;
goto fail_unlock;
}
if (file->ef_structure == SC_FILE_EF_LINEAR_VARIABLE_TLV) {
int i;
size_t l, record_len;
unsigned char *head;
head = data;
for (i=1; ; i++) {
l = len - (head - data);
if (l > 256) { l = 256; }
p15card->card->ctx->suppress_errors++;
r = sc_read_record(p15card->card, i, head, l,
SC_RECORD_BY_REC_NR);
p15card->card->ctx->suppress_errors--;
if (r == SC_ERROR_RECORD_NOT_FOUND)
break;
if (r < 0) {
free(data);
goto fail_unlock;
}
if (r < 2)
break;
record_len = head[1];
if (record_len != 0xff) {
memmove(head,head+2,r-2);
head += (r-2);
} else {
if (r < 4)
break;
record_len = head[2] * 256 + head[3];
memmove(head,head+4,r-4);
head += (r-4);
}
}
len = head-data;
r = len;
} else {
r = sc_read_binary(p15card->card, offset, data, len, 0);
if (r < 0) {
free(data);
goto fail_unlock;
}
/* sc_read_binary may return less than requested */
len = r;
}
sc_unlock(p15card->card);
/* Return of release file */
if (file_out != NULL)
*file_out = file;
else
sc_file_free(file);
}
*buf = data;
*buflen = len;
return 0;
fail_unlock:
if (file)
sc_file_free(file);
sc_unlock(p15card->card);
return r;
}
int sc_pkcs15_bind(sc_card_t *card,
struct sc_pkcs15_card **p15card_out)
{
struct sc_pkcs15_card *p15card = NULL;
sc_context_t *ctx;
scconf_block *conf_block = NULL, **blocks;
int i, r, emu_first, enable_emu;
assert(sc_card_valid(card) && p15card_out != NULL);
ctx = card->ctx;
SC_FUNC_CALLED(ctx, 1);
p15card = sc_pkcs15_card_new();
if (p15card == NULL)
return SC_ERROR_OUT_OF_MEMORY;
p15card->card = card;
for (i = 0; ctx->conf_blocks[i] != NULL; i++) {
blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i],
"framework", "pkcs15");
if (blocks && blocks[0] != NULL)
conf_block = blocks[0];
free(blocks);
}
if (conf_block) {
p15card->opts.use_cache = scconf_get_bool(conf_block, "use_caching", 0);
}
r = sc_lock(card);
if (r) {
sc_error(ctx, "sc_lock() failed: %s\n", sc_strerror(r));
sc_pkcs15_card_free(p15card);
SC_FUNC_RETURN(ctx, 1, r);
}
enable_emu = scconf_get_bool(conf_block, "enable_pkcs15_emulation", 1);
if (enable_emu) {
emu_first = scconf_get_bool(conf_block, "try_emulation_first", 0);
if (emu_first || sc_pkcs15_is_emulation_only(card)) {
r = sc_pkcs15_bind_synthetic(p15card);
if (r == SC_SUCCESS)
goto done;
r = sc_pkcs15_bind_internal(p15card);
if (r < 0)
goto error;
} else {
r = sc_pkcs15_bind_internal(p15card);
if (r == SC_SUCCESS)
goto done;
r = sc_pkcs15_bind_synthetic(p15card);
if (r < 0)
goto error;
}
} else {
r = sc_pkcs15_bind_internal(p15card);
if (r < 0)
goto error;
}
done:
*p15card_out = p15card;
sc_unlock(card);
return 0;
error:
sc_unlock(card);
sc_pkcs15_card_free(p15card);
SC_FUNC_RETURN(ctx, 1, r);
}
/* derive one key from another. RSA can use decipher, so this is for only ECDH
* Since the value may be returned, and the call is expected to provide
* the buffer, we used the PKCS#11 convention of outlen == 0 and out == NULL
* to indicate that this is a request for the size.
* In that case r = 0, and *poutlen = expected size
*/
LIBOPENSC_API int sc_pkcs15_derive(struct sc_pkcs15_card *p15card,
const struct sc_pkcs15_object *obj,
unsigned long flags,
const u8 * in, size_t inlen, u8 *out,
unsigned long *poutlen)
{
sc_context_t *ctx = p15card->card->ctx;
int r;
sc_algorithm_info_t *alg_info;
sc_security_env_t senv;
const struct sc_pkcs15_prkey_info *prkey = (const struct sc_pkcs15_prkey_info *) obj->data;
unsigned long pad_flags = 0, sec_flags = 0;
LOG_FUNC_CALLED(ctx);
memset(&senv, 0, sizeof(senv));
/* Card driver should have the access to supported algorithms from 'tokenInfo'. So that
* it can get value of card specific 'AlgorithmInfo::algRef'. */
memcpy(&senv.supported_algos, &p15card->tokeninfo->supported_algos, sizeof(senv.supported_algos));
/* If the key is not native, we can't operate with it. */
if (!prkey->native)
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "This key is not native, cannot operate with it");
if (!(prkey->usage & (SC_PKCS15_PRKEY_USAGE_DERIVE)))
LOG_TEST_RET(ctx, SC_ERROR_NOT_ALLOWED, "This key cannot be used for derivation");
switch (obj->type) {
case SC_PKCS15_TYPE_PRKEY_EC:
alg_info = sc_card_find_ec_alg(p15card->card, prkey->field_length);
if (alg_info == NULL) {
sc_log(ctx, "Card does not support EC with field_size %d", prkey->field_length);
LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
}
if (out == NULL || *poutlen < (prkey->field_length +7) / 8) {
*poutlen = (prkey->field_length +7) / 8;
r = 0; /* say no data to return */
goto out;
}
senv.algorithm = SC_ALGORITHM_EC;
senv.flags |= SC_SEC_ENV_ALG_PRESENT;
senv.flags |= SC_SEC_ENV_ALG_REF_PRESENT;
senv.algorithm_ref = prkey->field_length;
break;
default:
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED,"Key type not supported");
}
r = sc_get_encoding_flags(ctx, flags, alg_info->flags, &pad_flags, &sec_flags);
LOG_TEST_RET(ctx, r, "cannot encode security operation flags");
senv.algorithm_flags = sec_flags;
senv.operation = SC_SEC_OPERATION_DERIVE;
/* optional keyReference attribute (the default value is -1) */
if (prkey->key_reference >= 0) {
senv.key_ref_len = 1;
senv.key_ref[0] = prkey->key_reference & 0xFF;
senv.flags |= SC_SEC_ENV_KEY_REF_PRESENT;
}
r = sc_lock(p15card->card);
LOG_TEST_RET(ctx, r, "sc_lock() failed");
if (prkey->path.len != 0 || prkey->path.aid.len != 0) {
r = select_key_file(p15card, prkey, &senv);
if (r < 0) {
sc_unlock(p15card->card);
LOG_TEST_RET(ctx, r,"Unable to select private key file");
}
}
r = sc_set_security_env(p15card->card, &senv, 0);
if (r < 0) {
sc_unlock(p15card->card);
LOG_TEST_RET(ctx, r, "sc_set_security_env() failed");
}
/* TODO Do we need a sc_derive? PIV at least can use the decipher,
* senv.operation = SC_SEC_OPERATION_DERIVE;
*/
r = sc_decipher(p15card->card, in, inlen, out, *poutlen);
if (r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) {
if (sc_pkcs15_pincache_revalidate(p15card, obj) == SC_SUCCESS)
r = sc_decipher(p15card->card, in, inlen, out, *poutlen);
}
sc_unlock(p15card->card);
LOG_TEST_RET(ctx, r, "sc_decipher/derive() failed");
/* Strip any padding */
if (pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1) {
size_t s = r;
r = sc_pkcs1_strip_02_padding(out, s, out, &s);
LOG_TEST_RET(ctx, r, "Invalid PKCS#1 padding");
}
/* If card stores derived key on card, then no data is returned
* and the key must be used on the card. */
*poutlen = r;
out:
LOG_FUNC_RETURN(ctx, r);
}
int sc_transmit_apdu(sc_card_t *card, sc_apdu_t *apdu)
{
int r = SC_SUCCESS;
if (card == NULL || apdu == NULL)
return SC_ERROR_INVALID_ARGUMENTS;
LOG_FUNC_CALLED(card->ctx);
/* determine the APDU type if necessary, i.e. to use
* short or extended APDUs */
sc_detect_apdu_cse(card, apdu);
/* basic APDU consistency check */
r = sc_check_apdu(card, apdu);
if (r != SC_SUCCESS)
return SC_ERROR_INVALID_ARGUMENTS;
r = sc_lock(card); /* acquire card lock*/
if (r != SC_SUCCESS) {
sc_log(card->ctx, "unable to acquire lock");
return r;
}
if ((apdu->flags & SC_APDU_FLAGS_CHAINING) != 0) {
/* divide et impera: transmit APDU in chunks with Lc <= max_send_size
* bytes using command chaining */
size_t len = apdu->datalen;
const u8 *buf = apdu->data;
size_t max_send_size = card->max_send_size;
while (len != 0) {
size_t plen;
sc_apdu_t tapdu;
int last = 0;
tapdu = *apdu;
/* clear chaining flag */
tapdu.flags &= ~SC_APDU_FLAGS_CHAINING;
if (len > max_send_size) {
/* adjust APDU case: in case of CASE 4 APDU
* the intermediate APDU are of CASE 3 */
if ((tapdu.cse & SC_APDU_SHORT_MASK) == SC_APDU_CASE_4_SHORT)
tapdu.cse--;
/* XXX: the chunk size must be adjusted when
* secure messaging is used */
plen = max_send_size;
tapdu.cla |= 0x10;
tapdu.le = 0;
/* the intermediate APDU don't expect data */
tapdu.lc = 0;
tapdu.resplen = 0;
tapdu.resp = NULL;
} else {
plen = len;
last = 1;
}
tapdu.data = buf;
tapdu.datalen = tapdu.lc = plen;
r = sc_check_apdu(card, &tapdu);
if (r != SC_SUCCESS) {
sc_log(card->ctx, "inconsistent APDU while chaining");
break;
}
r = sc_transmit(card, &tapdu);
if (r != SC_SUCCESS)
break;
if (last != 0) {
/* in case of the last APDU set the SW1
* and SW2 bytes in the original APDU */
apdu->sw1 = tapdu.sw1;
apdu->sw2 = tapdu.sw2;
apdu->resplen = tapdu.resplen;
} else {
/* otherwise check the status bytes */
r = sc_check_sw(card, tapdu.sw1, tapdu.sw2);
if (r != SC_SUCCESS)
break;
}
len -= plen;
buf += plen;
}
} else
/* transmit single APDU */
r = sc_transmit(card, apdu);
/* all done => release lock */
if (sc_unlock(card) != SC_SUCCESS)
sc_log(card->ctx, "sc_unlock failed");
return r;
}
/*
* Verify a PIN.
*
* If the code given to us has zero length, this means we
* should ask the card reader to obtain the PIN from the
* reader's PIN pad
*/
int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
struct sc_pkcs15_object *pin_obj,
const unsigned char *pincode, size_t pinlen)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data;
int r;
sc_card_t *card;
struct sc_pin_cmd_data data;
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN(%p;len:%i)", pincode, pinlen);
r = _validate_pin(p15card, pin_info, pinlen);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "PIN value do not conforms the PIN policy");
card = p15card->card;
r = sc_lock(card);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
/* the path in the pin object is optional */
if (pin_info->path.len > 0) {
r = sc_select_file(card, &pin_info->path, NULL);
if (r)
goto out;
}
/* Initialize arguments */
memset(&data, 0, sizeof(data));
data.cmd = SC_PIN_CMD_VERIFY;
data.pin_type = pin_info->auth_method;
data.pin_reference = pin_info->reference;
data.pin1.min_length = pin_info->min_length;
data.pin1.max_length = pin_info->max_length;
data.pin1.pad_length = pin_info->stored_length;
data.pin1.pad_char = pin_info->pad_char;
data.pin1.data = pincode;
data.pin1.len = pinlen;
if (pin_info->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
data.flags |= SC_PIN_CMD_NEED_PADDING;
switch (pin_info->type) {
case SC_PKCS15_PIN_TYPE_BCD:
data.pin1.encoding = SC_PIN_ENCODING_BCD;
break;
case SC_PKCS15_PIN_TYPE_ASCII_NUMERIC:
data.pin1.encoding = SC_PIN_ENCODING_ASCII;
break;
default:
/* assume/hope the card driver knows how to encode the pin */
data.pin1.encoding = 0;
}
if(p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
if (!pincode && !pinlen)
data.flags |= SC_PIN_CMD_USE_PINPAD;
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
data.pin1.prompt = "Please enter SO PIN";
else
data.pin1.prompt = "Please enter PIN";
}
r = sc_pin_cmd(card, &data, &pin_info->tries_left);
if (r == SC_SUCCESS)
sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);
out:
sc_unlock(card);
return r;
}
