LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2055 Commits
1 Branch
46 MiB
Tree: aae5275bea
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'aae5275bea'
${ noResults }
openwrt-packages-dist/utils/opensc/patches/0025-Replace-hardcode.patch

148 lines
7.7 KiB
Raw Normal View History

opensc: bump to git codebase of 20141126 and rebase GnuK patches Signed-off-by: Daniel Golle <daniel@makrotopia.org>
10 years ago
 
  1. From da70a41383e2ab81fbcc89fb1067f5a189e0fb97 Mon Sep 17 00:00:00 2001
  2. From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
  3.  <ng.hong.quan@gmail.com>
  4. Date: Sun, 9 Nov 2014 15:58:40 +0700
  5. Subject: [PATCH 25/26] Replace hardcode.
  6. 

  7. ---

  8.  src/libopensc/card-openpgp.c | 72 +++++++++++++++++++++++++-------------------
  9.  1 file changed, 41 insertions(+), 31 deletions(-)
  10. 

  11. diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c

  12. index 94c69ae..1e6e338 100644

  13. --- a/src/libopensc/card-openpgp.c

  14. +++ b/src/libopensc/card-openpgp.c

  15. @@ -152,6 +152,24 @@ static int		pgp_get_pubkey(sc_card_t *, unsigned int,

  16.  static int		pgp_get_pubkey_pem(sc_card_t *, unsigned int,
  17.  				u8 *, size_t);
  18.  
  19. +/* The DO holding X.509 certificate is constructed but does not contain child DO.

  20. + * We should notice this when building fake file system later. */

  21. +#define DO_CERT                  0x7f21

  22. +/* Control Reference Template of private keys. Ref: Section 4.3.3.7 of OpenPGP card v2 spec.

  23. + * Here we seen it as DO just for convenient */

  24. +#define DO_SIGN                  0xb600

  25. +#define DO_ENCR                  0xb800

  26. +#define DO_AUTH                  0xa400

  27. +/* These DO does not exist. They are defined and used just for ease of implementation */

  28. +#define DO_SIGN_SYM              0xb601

  29. +#define DO_ENCR_SYM              0xb801

  30. +#define DO_AUTH_SYM              0xa401

  31. +/* Maximum length for response buffer when reading pubkey. This value is calculated with

  32. + * 4096-bit key length */

  33. +#define MAXLEN_RESP_PUBKEY       527

  34. +/* Gnuk only support 1 key length (2048 bit) */

  35. +#define MAXLEN_RESP_PUBKEY_GNUK  271

  36. +

  37.  static struct do_info		pgp1_objects[] = {	/* OpenPGP card spec 1.1 */
  38.  	{ 0x004f, SIMPLE,      READ_ALWAYS | WRITE_NEVER, NULL,               NULL        },
  39.  	{ 0x005b, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  NULL,               sc_put_data },
  40. @@ -192,12 +210,12 @@ static struct do_info		pgp1_objects[] = {	/* OpenPGP card spec 1.1 */

  41.  	{ 0x5f35, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  NULL,               sc_put_data },
  42.  	{ 0x5f50, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  sc_get_data,        sc_put_data },
  43.  	{ 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL,               NULL        },
  44. -	{ 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey,     NULL        },

  45. -	{ 0xa401, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  pgp_get_pubkey_pem, NULL        },

  46. -	{ 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey,     NULL        },

  47. -	{ 0xb601, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  pgp_get_pubkey_pem, NULL        },

  48. -	{ 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey,     NULL        },

  49. -	{ 0xb801, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  pgp_get_pubkey_pem, NULL        },

  50. +	{ DO_AUTH,     CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey,     NULL   },

  51. +	{ DO_AUTH_SYM, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  pgp_get_pubkey_pem, NULL   },

  52. +	{ DO_SIGN,     CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey,     NULL   },

  53. +	{ DO_SIGN_SYM, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  pgp_get_pubkey_pem, NULL   },

  54. +	{ DO_ENCR,     CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey,     NULL   },

  55. +	{ DO_ENCR_SYM, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  pgp_get_pubkey_pem, NULL   },

  56.  	{ 0, 0, 0, NULL, NULL },
  57.  };
  58.  
  59. @@ -246,30 +264,21 @@ static struct do_info		pgp2_objects[] = {	/* OpenPGP card spec 2.0 */

  60.  	{ 0x5f52, SIMPLE,      READ_ALWAYS | WRITE_NEVER, sc_get_data,        NULL        },
  61.  	/* The 7F21 is constructed DO in spec, but in practice, its content can be retrieved
  62.  	 * as simple DO (no need to parse TLV). */
  63. -	{ 0x7f21, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  sc_get_data,        sc_put_data },

  64. +	{ DO_CERT, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  sc_get_data,        sc_put_data },

  65.  	{ 0x7f48, CONSTRUCTED, READ_NEVER  | WRITE_NEVER, NULL,               NULL        },
  66.  	{ 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL,               NULL        },
  67. -	{ 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey,     NULL        },

  68. +	{ DO_AUTH,     CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey,     NULL   },

  69.  	/* The 0xA401, 0xB601, 0xB801 are just symbolic, it does not represent any real DO.
  70.  	 * However, their R/W access condition may block the process of importing key in pkcs15init.
  71.  	 * So we set their accesses condition as WRITE_PIN3 (writable). */
  72. -	{ 0xa401, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  pgp_get_pubkey_pem, NULL        },

  73. -	{ 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey,     NULL        },

  74. -	{ 0xb601, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  pgp_get_pubkey_pem, NULL        },

  75. -	{ 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey,     NULL        },

  76. -	{ 0xb801, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  pgp_get_pubkey_pem, NULL        },

  77. +	{ DO_AUTH_SYM, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  pgp_get_pubkey_pem, NULL   },

  78. +	{ DO_SIGN,     CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey,     NULL   },

  79. +	{ DO_SIGN_SYM, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  pgp_get_pubkey_pem, NULL   },

  80. +	{ DO_ENCR,     CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey,     NULL   },

  81. +	{ DO_ENCR_SYM, SIMPLE,      READ_ALWAYS | WRITE_PIN3,  pgp_get_pubkey_pem, NULL   },

  82.  	{ 0, 0, 0, NULL, NULL },
  83.  };
  84.  
  85. -/* The DO holding X.509 certificate is constructed but does not contain child DO.

  86. - * We should notice this when building fake file system later. */

  87. -#define DO_CERT                  0x7f21

  88. -/* Maximum length for response buffer when reading pubkey. This value is calculated with

  89. - * 4096-bit key length */

  90. -#define MAXLEN_RESP_PUBKEY       527

  91. -/* Gnuk only support 1 key length (2048 bit) */

  92. -#define MAXLEN_RESP_PUBKEY_GNUK  271

  93. -

  94.  #define DRVDATA(card)        ((struct pgp_priv_data *) ((card)->drv_data))
  95.  struct pgp_priv_data {
  96.  	pgp_blob_t *		mf;
  97. @@ -747,8 +756,9 @@ pgp_read_blob(sc_card_t *card, pgp_blob_t *blob)

  98.  
  99.  		/* Buffer length for Gnuk pubkey */
  100.  		if (card->type == SC_CARD_TYPE_OPENPGP_GNUK &&
  101. -		    (blob->id == 0xa400 || blob->id == 0xb600 || blob->id == 0xb800

  102. -		     || blob->id == 0xa401 || blob->id == 0xb601 || blob->id == 0xb801)) {

  103. +		    (blob->id == DO_AUTH || blob->id == DO_SIGN || blob->id == DO_ENCR

  104. +		     || blob->id == DO_AUTH_SYM || blob->id == DO_SIGN_SYM

  105. +		     || blob->id == DO_ENCR_SYM)) {

  106.  			buf_len = MAXLEN_RESP_PUBKEY_GNUK;
  107.  		}
  108.  
  109. @@ -1804,11 +1814,11 @@ pgp_update_pubkey_blob(sc_card_t *card, u8* modulus, size_t modulus_len,

  110.  	LOG_FUNC_CALLED(card->ctx);
  111.  
  112.  	if (key_id == SC_OPENPGP_KEY_SIGN)
  113. -		blob_id = 0xB601;

  114. +		blob_id = DO_SIGN_SYM;

  115.  	else if (key_id == SC_OPENPGP_KEY_ENCR)
  116. -		blob_id = 0xB801;

  117. +		blob_id = DO_ENCR_SYM;

  118.  	else if (key_id == SC_OPENPGP_KEY_AUTH)
  119. -		blob_id = 0xA401;

  120. +		blob_id = DO_AUTH_SYM;

  121.  	else {
  122.  		sc_log(card->ctx, "Unknown key id %X.", key_id);
  123.  		LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS);
  124. @@ -2501,17 +2511,17 @@ pgp_delete_file(sc_card_t *card, const sc_path_t *path)

  125.  		LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
  126.  
  127.  	if (card->type != SC_CARD_TYPE_OPENPGP_GNUK &&
  128. -	    (file->id == 0xB601 || file->id == 0xB801 || file->id == 0xA401)) {

  129. +	    (file->id == DO_SIGN_SYM || file->id == DO_ENCR_SYM || file->id == DO_AUTH_SYM)) {

  130.  		/* These tags are just symbolic. We don't really delete it. */
  131.  		r = SC_SUCCESS;
  132.  	}
  133. -	else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xB601) {

  134. +	else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_SIGN_SYM) {

  135.  		r = gnuk_delete_key(card, 1);
  136.  	}
  137. -	else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xB801) {

  138. +	else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_ENCR_SYM) {

  139.  		r = gnuk_delete_key(card, 2);
  140.  	}
  141. -	else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xA401) {

  142. +	else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_AUTH_SYM) {

  143.  		r = gnuk_delete_key(card, 3);
  144.  	}
  145.  	else {
  146. -- 

  147. 2.1.3
  148.