LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
983 Commits
1 Branch
46 MiB
Tree: 4b873427d6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4b873427d6'
${ noResults }
openwrt-packages-dist/utils/opensc/patches/0006-openpgp-tool-Support-d...

210 lines
5.5 KiB
Raw Normal View History

add OpenSC package OpenSC is a smart card middleware. Patches for support of the GnuK USB token have been added. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
10 years ago
 
  1. From bbbedd3b358f80a7f98df2b22cf541cb007dd62e Mon Sep 17 00:00:00 2001
  2. From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
  3.  <ng.hong.quan@gmail.com>
  4. Date: Mon, 4 Mar 2013 18:13:03 +0700
  5. Subject: [PATCH 06/18] openpgp-tool: Support deleting key in Gnuk.
  6. 

  7. ---

  8.  src/tools/openpgp-tool.c | 144 ++++++++++++++++++++++++++++++++++++++++++++++-
  9.  1 file changed, 143 insertions(+), 1 deletion(-)
  10. 

  11. diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c

  12. index 0d360a3..239c86b 100644

  13. --- a/src/tools/openpgp-tool.c

  14. +++ b/src/tools/openpgp-tool.c

  15. @@ -39,6 +39,7 @@

  16.  #define	OPT_PRETTY	257
  17.  #define	OPT_VERIFY	258
  18.  #define	OPT_PIN	    259
  19. +#define	OPT_DELKEY  260

  20.  
  21.  /* define structures */
  22.  struct ef_name_map {
  23. @@ -77,6 +78,7 @@ static char *verifytype = NULL;

  24.  static int opt_pin = 0;
  25.  static char *pin = NULL;
  26.  static int opt_erase = 0;
  27. +static int opt_delkey = 0;

  28.  
  29.  static const char *app_name = "openpgp-tool";
  30.  
  31. @@ -96,6 +98,7 @@ static const struct option options[] = {

  32.  	{ "erase",     no_argument,       NULL, 'E'        },
  33.  	{ "verify",    required_argument, NULL, OPT_VERIFY },
  34.  	{ "pin",       required_argument, NULL, OPT_PIN },
  35. +	{ "del-key",   required_argument, NULL, OPT_DELKEY },

  36.  	{ NULL, 0, NULL, 0 }
  37.  };
  38.  
  39. @@ -114,7 +117,8 @@ static const char *option_help[] = {

  40.  /* V */	"Show version number",
  41.  /* E */	"Erase (reset) the card",
  42.  	"Verify PIN (CHV1, CHV2, CHV3...)",
  43. -	"PIN string"

  44. +	"PIN string",

  45. +	"Delete key (1, 2, 3 or all)"

  46.  };
  47.  
  48.  static const struct ef_name_map openpgp_data[] = {
  49. @@ -294,6 +298,14 @@ static int decode_options(int argc, char **argv)

  50.  		case 'E':
  51.  			opt_erase++;
  52.  			break;
  53. +		case OPT_DELKEY:

  54. +			opt_delkey++;

  55. +			if (strcmp(optarg, "all") != 0)   /* Arg string is not 'all' */

  56. +				key_id = optarg[0] - '0';

  57. +			else                              /* Arg string is 'all' */

  58. +				key_id = 'a';

  59. +			actions++;

  60. +			break;

  61.  		default:
  62.  			util_print_usage_and_die(app_name, options, option_help, NULL);
  63.  		}
  64. @@ -452,6 +464,133 @@ int do_verify(sc_card_t *card, u8 *type, u8* pin)

  65.  	return r;
  66.  }
  67.  
  68. +/**

  69. + * Delete key, for Gnuk.

  70. + **/

  71. +int delete_key_gnuk(sc_card_t *card, u8 key_id)

  72. +{

  73. +	sc_context_t *ctx = card->ctx;

  74. +	int r = SC_SUCCESS;

  75. +	u8 *data = NULL;

  76. +

  77. +	/* Delete fingerprint */

  78. +	sc_log(ctx, "Delete fingerprints");

  79. +	r |= sc_put_data(card, 0xC6 + key_id, NULL, 0);

  80. +	/* Delete creation time */

  81. +	sc_log(ctx, "Delete creation time");

  82. +	r |= sc_put_data(card, 0xCD + key_id, NULL, 0);

  83. +

  84. +	/* Rewrite Extended Header List */

  85. +	sc_log(ctx, "Rewrite Extended Header List");

  86. +

  87. +	if (key_id == 1)

  88. +		data = "\x4D\x02\xB6";

  89. +	else if (key_id == 2)

  90. +		data = "\x4D\x02\xB8";

  91. +	else if (key_id == 3)

  92. +		data = "\x4D\x02\xA4";

  93. +	else

  94. +		return SC_ERROR_INVALID_ARGUMENTS;

  95. +

  96. +	r |= sc_put_data(card, 0x4D, data, strlen(data) + 1);

  97. +	return r;

  98. +}

  99. +

  100. +/**

  101. + * Delete key, for OpenPGP card.

  102. + * This function is not complete and is reserved for future version (> 2) of OpenPGP card.

  103. + **/

  104. +int delete_key_openpgp(sc_card_t *card, u8 key_id)

  105. +{

  106. +	sc_context_t *ctx = card->ctx;

  107. +	char *del_fingerprint = "00:DA:00:C6:14:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00";

  108. +	char *del_creationtime = "00:DA:00:CD:04:00:00:00:00";

  109. +	/* We need to replace the 4th byte later */

  110. +	char *apdustring = NULL;

  111. +	u8 buf[SC_MAX_APDU_BUFFER_SIZE];

  112. +	u8 rbuf[SC_MAX_APDU_BUFFER_SIZE];

  113. +	sc_apdu_t apdu;

  114. +	size_t len0;

  115. +	int i;

  116. +	int r = SC_SUCCESS;

  117. +

  118. +	for (i = 0; i < 2; i++) {

  119. +		if (i == 0)    /* Reset fingerprint */

  120. +			apdustring = del_fingerprint;

  121. +		else           /* Reset creation time */

  122. +			apdustring = del_creationtime;

  123. +		/* Convert the string to binary array */

  124. +		len0 = sizeof(buf);

  125. +		sc_hex_to_bin(apdustring, buf, &len0);

  126. +

  127. +		/* Replace DO tag, subject to key ID */

  128. +		buf[3] = buf[3] + key_id;

  129. +

  130. +		/* Build APDU from binary array */

  131. +		r = sc_bytes2apdu(card->ctx, buf, len0, &apdu);

  132. +		if (r) {

  133. +			sc_log(ctx, "Failed to build APDU");

  134. +			LOG_FUNC_RETURN(ctx, SC_ERROR_INTERNAL);

  135. +		}

  136. +		apdu.resp = rbuf;

  137. +		apdu.resplen = sizeof(rbuf);

  138. +

  139. +		/* Send APDU to card */

  140. +		r = sc_transmit_apdu(card, &apdu);

  141. +		LOG_TEST_RET(ctx, r, "Transmiting APDU failed");

  142. +	}

  143. +	/* TODO: Rewrite Extended Header List.

  144. +	 * Not support by OpenGPG v2 yet */

  145. +	LOG_FUNC_RETURN(ctx, r);

  146. +}

  147. +

  148. +int delete_key(sc_card_t *card, u8 key_id)

  149. +{

  150. +	sc_context_t *ctx = card->ctx;

  151. +	int r;

  152. +

  153. +	LOG_FUNC_CALLED(ctx);

  154. +	/* Check key ID */

  155. +	if (key_id < 1 || key_id > 3) {

  156. +		sc_log(ctx, "Invalid key ID %d", key_id);

  157. +		LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);

  158. +	}

  159. +

  160. +	if (card->type == SC_CARD_TYPE_OPENPGP_GNUK)

  161. +		r = delete_key_gnuk(card, key_id);

  162. +	else

  163. +		r = delete_key_openpgp(card, key_id);

  164. +

  165. +	LOG_FUNC_RETURN(ctx, r);

  166. +}

  167. +

  168. +int do_delete_key(sc_card_t *card, u8 key_id)

  169. +{

  170. +	sc_context_t *ctx = card->ctx;

  171. +	int r = SC_SUCCESS;

  172. +

  173. +	/* Currently, only Gnuk supports deleting keys */

  174. +	if (card->type != SC_CARD_TYPE_OPENPGP_GNUK) {

  175. +		printf("Only Gnuk supports deleting keys. General OpenPGP doesn't.");

  176. +		return SC_ERROR_NOT_SUPPORTED;

  177. +	}

  178. +

  179. +	if (key_id < 1 || (key_id > 3 && key_id != 'a')) {

  180. +		printf("Error: Invalid key id %d", key_id);

  181. +		return SC_ERROR_INVALID_ARGUMENTS;

  182. +	}

  183. +	if (key_id == 1 || key_id == 'a') {

  184. +		r |= delete_key(card, 1);

  185. +	}

  186. +	if (key_id == 2 || key_id == 'a') {

  187. +		r |= delete_key(card, 2);

  188. +	}

  189. +	if (key_id == 3 || key_id == 'a') {

  190. +		r |= delete_key(card, 3);

  191. +	}

  192. +	return r;

  193. +}

  194. +

  195.  int do_erase(sc_card_t *card)
  196.  {
  197.  	int r;
  198. @@ -539,6 +678,9 @@ int main(int argc, char **argv)

  199.  		exit(EXIT_FAILURE);
  200.  	}
  201.  
  202. +	if (opt_delkey)

  203. +		exit_status != do_delete_key(card, key_id);

  204. +

  205.  	if (opt_erase)
  206.  		exit_status != do_erase(card);
  207.  
  208. -- 

  209. 1.9.3
  210.