You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

145 lines
7.6 KiB

  1. From da70a41383e2ab81fbcc89fb1067f5a189e0fb97 Mon Sep 17 00:00:00 2001
  2. From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
  3. <ng.hong.quan@gmail.com>
  4. Date: Sun, 9 Nov 2014 15:58:40 +0700
  5. Subject: [PATCH 25/26] Replace hardcode.
  6. ---
  7. src/libopensc/card-openpgp.c | 72 +++++++++++++++++++++++++-------------------
  8. 1 file changed, 41 insertions(+), 31 deletions(-)
  9. Index: opensc-20150513/src/libopensc/card-openpgp.c
  10. ===================================================================
  11. --- opensc-20150513.orig/src/libopensc/card-openpgp.c
  12. +++ opensc-20150513/src/libopensc/card-openpgp.c
  13. @@ -154,6 +154,24 @@ static int pgp_get_pubkey(sc_card_t *,
  14. static int pgp_get_pubkey_pem(sc_card_t *, unsigned int,
  15. u8 *, size_t);
  16. +/* The DO holding X.509 certificate is constructed but does not contain child DO.
  17. + * We should notice this when building fake file system later. */
  18. +#define DO_CERT 0x7f21
  19. +/* Control Reference Template of private keys. Ref: Section 4.3.3.7 of OpenPGP card v2 spec.
  20. + * Here we seen it as DO just for convenient */
  21. +#define DO_SIGN 0xb600
  22. +#define DO_ENCR 0xb800
  23. +#define DO_AUTH 0xa400
  24. +/* These DO does not exist. They are defined and used just for ease of implementation */
  25. +#define DO_SIGN_SYM 0xb601
  26. +#define DO_ENCR_SYM 0xb801
  27. +#define DO_AUTH_SYM 0xa401
  28. +/* Maximum length for response buffer when reading pubkey. This value is calculated with
  29. + * 4096-bit key length */
  30. +#define MAXLEN_RESP_PUBKEY 527
  31. +/* Gnuk only support 1 key length (2048 bit) */
  32. +#define MAXLEN_RESP_PUBKEY_GNUK 271
  33. +
  34. static struct do_info pgp1_objects[] = { /* OpenPGP card spec 1.1 */
  35. { 0x004f, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
  36. { 0x005b, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
  37. @@ -194,12 +212,12 @@ static struct do_info pgp1_objects[] =
  38. { 0x5f35, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
  39. { 0x5f50, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
  40. { 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
  41. - { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
  42. - { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
  43. - { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
  44. - { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
  45. - { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
  46. - { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
  47. + { DO_AUTH, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
  48. + { DO_AUTH_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
  49. + { DO_SIGN, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
  50. + { DO_SIGN_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
  51. + { DO_ENCR, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
  52. + { DO_ENCR_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
  53. { 0, 0, 0, NULL, NULL },
  54. };
  55. @@ -248,30 +266,21 @@ static struct do_info pgp2_objects[] =
  56. { 0x5f52, SIMPLE, READ_ALWAYS | WRITE_NEVER, sc_get_data, NULL },
  57. /* The 7F21 is constructed DO in spec, but in practice, its content can be retrieved
  58. * as simple DO (no need to parse TLV). */
  59. - { 0x7f21, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
  60. + { DO_CERT, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
  61. { 0x7f48, CONSTRUCTED, READ_NEVER | WRITE_NEVER, NULL, NULL },
  62. { 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
  63. - { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
  64. + { DO_AUTH, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
  65. /* The 0xA401, 0xB601, 0xB801 are just symbolic, it does not represent any real DO.
  66. * However, their R/W access condition may block the process of importing key in pkcs15init.
  67. * So we set their accesses condition as WRITE_PIN3 (writable). */
  68. - { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
  69. - { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
  70. - { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
  71. - { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
  72. - { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
  73. + { DO_AUTH_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
  74. + { DO_SIGN, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
  75. + { DO_SIGN_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
  76. + { DO_ENCR, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
  77. + { DO_ENCR_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
  78. { 0, 0, 0, NULL, NULL },
  79. };
  80. -/* The DO holding X.509 certificate is constructed but does not contain child DO.
  81. - * We should notice this when building fake file system later. */
  82. -#define DO_CERT 0x7f21
  83. -/* Maximum length for response buffer when reading pubkey. This value is calculated with
  84. - * 4096-bit key length */
  85. -#define MAXLEN_RESP_PUBKEY 527
  86. -/* Gnuk only support 1 key length (2048 bit) */
  87. -#define MAXLEN_RESP_PUBKEY_GNUK 271
  88. -
  89. #define DRVDATA(card) ((struct pgp_priv_data *) ((card)->drv_data))
  90. struct pgp_priv_data {
  91. pgp_blob_t * mf;
  92. @@ -755,8 +764,9 @@ pgp_read_blob(sc_card_t *card, pgp_blob_
  93. /* Buffer length for Gnuk pubkey */
  94. if (card->type == SC_CARD_TYPE_OPENPGP_GNUK &&
  95. - (blob->id == 0xa400 || blob->id == 0xb600 || blob->id == 0xb800
  96. - || blob->id == 0xa401 || blob->id == 0xb601 || blob->id == 0xb801)) {
  97. + (blob->id == DO_AUTH || blob->id == DO_SIGN || blob->id == DO_ENCR
  98. + || blob->id == DO_AUTH_SYM || blob->id == DO_SIGN_SYM
  99. + || blob->id == DO_ENCR_SYM)) {
  100. buf_len = MAXLEN_RESP_PUBKEY_GNUK;
  101. }
  102. @@ -1812,11 +1822,11 @@ pgp_update_pubkey_blob(sc_card_t *card,
  103. LOG_FUNC_CALLED(card->ctx);
  104. if (key_id == SC_OPENPGP_KEY_SIGN)
  105. - blob_id = 0xB601;
  106. + blob_id = DO_SIGN_SYM;
  107. else if (key_id == SC_OPENPGP_KEY_ENCR)
  108. - blob_id = 0xB801;
  109. + blob_id = DO_ENCR_SYM;
  110. else if (key_id == SC_OPENPGP_KEY_AUTH)
  111. - blob_id = 0xA401;
  112. + blob_id = DO_AUTH_SYM;
  113. else {
  114. sc_log(card->ctx, "Unknown key id %X.", key_id);
  115. LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS);
  116. @@ -2514,17 +2524,17 @@ pgp_delete_file(sc_card_t *card, const s
  117. LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
  118. if (card->type != SC_CARD_TYPE_OPENPGP_GNUK &&
  119. - (file->id == 0xB601 || file->id == 0xB801 || file->id == 0xA401)) {
  120. + (file->id == DO_SIGN_SYM || file->id == DO_ENCR_SYM || file->id == DO_AUTH_SYM)) {
  121. /* These tags are just symbolic. We don't really delete it. */
  122. r = SC_SUCCESS;
  123. }
  124. - else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xB601) {
  125. + else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_SIGN_SYM) {
  126. r = gnuk_delete_key(card, 1);
  127. }
  128. - else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xB801) {
  129. + else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_ENCR_SYM) {
  130. r = gnuk_delete_key(card, 2);
  131. }
  132. - else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xA401) {
  133. + else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_AUTH_SYM) {
  134. r = gnuk_delete_key(card, 3);
  135. }
  136. else {