LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

opensc: bump to git codebase of 20141126 and rebase GnuK patches 

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
lilik-openwrt-22.03
Daniel Golle 10 years ago
parent
c67c581264
commit
36ed0c44fc
27 changed files with 1209 additions and 175 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -2
      utils/opensc/Makefile
  2. +23
    -32
      utils/opensc/patches/0001-OpenPGP-Detect-and-support-Gnuk-Token.patch
  3. +10
    -10
      utils/opensc/patches/0002-OpenPGP-Add-Gnuk-in-pkcs15-emulation-layer.patch
  4. +4
    -4
      utils/opensc/patches/0003-OpenPGP-Include-private-DO-to-filesystem-at-driver-i.patch
  5. +9
    -9
      utils/opensc/patches/0004-PKCS15-OpenPGP-Declare-DATA-objects.patch
  6. +27
    -28
      utils/opensc/patches/0005-OpenPGP-Support-erasing-reset-card.patch
  7. +18
    -20
      utils/opensc/patches/0006-openpgp-tool-Support-deleting-key-in-Gnuk.patch
  8. +5
    -5
      utils/opensc/patches/0007-OpenPGP-Correct-building-Extended-Header-List-when-i.patch
  9. +6
    -6
      utils/opensc/patches/0008-OpenPGP-Read-some-empty-DOs-from-Gnuk.patch
  10. +5
    -5
      utils/opensc/patches/0009-PKCS15-OpenPGP-Do-not-show-empty-DO-in-pkcs15-emu_in.patch
  11. +5
    -5
      utils/opensc/patches/0010-PKCS15-OpenPGP-Allow-to-store-data-to-pkcs15-data-ob.patch
  12. +6
    -6
      utils/opensc/patches/0011-OpenPGP-Provide-enough-buffer-to-read-pubkey-from-Gn.patch
  13. +8
    -8
      utils/opensc/patches/0012-OpenPGP-Support-write-certificate-for-Gnuk.patch
  14. +3
    -3
      utils/opensc/patches/0013-pkcs15-openpgp-Change-to-sc_put_data-instead-of-sc_u.patch
  15. +6
    -6
      utils/opensc/patches/0014-OpenPGP-Overcome-the-restriction-of-even-data-length.patch
  16. +7
    -7
      utils/opensc/patches/0015-OpenPGP-Delete-key-as-file-for-Gnuk.patch
  17. +7
    -7
      utils/opensc/patches/0016-OpenPGP-Correct-parameter-checking.patch
  18. +6
    -6
      utils/opensc/patches/0017-OpenPGP-Make-code-neater.patch
  19. +6
    -6
      utils/opensc/patches/0018-Move-declaration-to-top-of-block.patch
  20. +182
    -0
      utils/opensc/patches/0019-OpenPGP-Make-indentation-consistent-space-tab.patch
  21. +84
    -0
      utils/opensc/patches/0020-OpenPGP-Don-t-use-sc_log-in-openpgp-tool.patch
  22. +112
    -0
      utils/opensc/patches/0021-OpenPGP-Don-t-reimplement-gnuk_delete_key-in-openpgp.patch
  23. +87
    -0
      utils/opensc/patches/0022-OpenPGP-Use-directly-binary-array-of-APDUs-for-ERASE.patch
  24. +339
    -0
      utils/opensc/patches/0023-OpenPGP-Rename-private-blob-type-to-avoid-confusing-.patch
  25. +41
    -0
      utils/opensc/patches/0024-OpenPGP-Fix-crash-after-accessing-inexistent-file.patch
  26. +148
    -0
      utils/opensc/patches/0025-Replace-hardcode.patch
  27. +53
    -0
      utils/opensc/patches/0026-hardcode-defines-for-DO-s.patch

+ 2
- 2
utils/opensc/Makefile View File

@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=opensc
PKG_VERSION:=20140317
PKG_VERSION:=20141126
PKG_RELEASE:=1
PKG_LICENSE:=LGPL-2.1+
PKG_LICENSE_FILES:=COPYING
@ -19,7 +19,7 @@ PKG_RELEASE=$(PKG_SOURCE_VERSION)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/OpenSC/OpenSC.git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE_VERSION:=de6d61405b271e22244376e4817e16b49018e1ce
PKG_SOURCE_VERSION:=8aadbbd678730dbafb819382da553439887499fd
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_BUILD_DEPENDS:=+libpcsclite
PKG_FIXUP:=libtool


+ 23
- 32
utils/opensc/patches/0001-OpenPGP-Detect-and-support-Gnuk-Token.patch View File

@ -1,18 +1,18 @@
From c706491fc9b08d4cc6d7b254cf936d6b8d8691bc Mon Sep 17 00:00:00 2001
From 471b40173b73f213ee72bf05735abf3357658197 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Wed, 20 Feb 2013 11:54:30 +0700
Subject: [PATCH 01/18] OpenPGP: Detect and support Gnuk Token.
Subject: [PATCH 01/26] OpenPGP: Detect and support Gnuk Token.
http://www.fsij.org/gnuk/
---
src/libopensc/card-openpgp.c | 61 ++++++++++++++++++++++++++++++++++----------
src/libopensc/cards.h | 1 +
src/tools/openpgp-tool.c | 9 +++++--
3 files changed, 56 insertions(+), 15 deletions(-)
src/tools/openpgp-tool.c | 7 ++++-
3 files changed, 55 insertions(+), 14 deletions(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index 743e79c..716052b 100644
index 6774fe1..c785a55 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -43,6 +43,7 @@
@ -66,7 +66,7 @@ index 743e79c..716052b 100644
priv->ext_caps |= EXT_CAP_SM;
if ((priv->bcd_version >= OPENPGP_CARD_2_0) && (blob->len >= 10)) {
@@ -1055,12 +1060,18 @@ static int
@@ -1057,12 +1062,18 @@ static int
pgp_get_pubkey(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len)
{
sc_apdu_t apdu;
@ -86,7 +86,7 @@ index 743e79c..716052b 100644
apdu.lc = 2;
apdu.data = ushort2bebytes(idbuf, tag);
apdu.datalen = 2;
@@ -1152,6 +1163,7 @@ pgp_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t buf_len)
@@ -1154,6 +1165,7 @@ pgp_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t buf_len)
u8 ins = 0xDA;
u8 p1 = tag >> 8;
u8 p2 = tag & 0xFF;
@ -94,7 +94,7 @@ index 743e79c..716052b 100644
int r;
LOG_FUNC_CALLED(card->ctx);
@@ -1193,13 +1205,17 @@ pgp_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t buf_len)
@@ -1195,13 +1207,17 @@ pgp_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t buf_len)
/* Build APDU */
if (buf != NULL && buf_len > 0) {
@ -114,7 +114,7 @@ index 743e79c..716052b 100644
apdu.datalen = buf_len;
apdu.lc = buf_len;
}
@@ -1326,6 +1342,7 @@ pgp_compute_signature(sc_card_t *card, const u8 *data,
@@ -1328,6 +1344,7 @@ pgp_compute_signature(sc_card_t *card, const u8 *data,
struct pgp_priv_data *priv = DRVDATA(card);
sc_security_env_t *env = &priv->sec_env;
sc_apdu_t apdu;
@ -122,7 +122,7 @@ index 743e79c..716052b 100644
int r;
LOG_FUNC_CALLED(card->ctx);
@@ -1334,14 +1351,19 @@ pgp_compute_signature(sc_card_t *card, const u8 *data,
@@ -1336,14 +1353,19 @@ pgp_compute_signature(sc_card_t *card, const u8 *data,
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS,
"invalid operation");
@ -144,7 +144,7 @@ index 743e79c..716052b 100644
break;
case 0x01:
default:
@@ -1350,7 +1372,7 @@ pgp_compute_signature(sc_card_t *card, const u8 *data,
@@ -1352,7 +1374,7 @@ pgp_compute_signature(sc_card_t *card, const u8 *data,
}
apdu.lc = data_len;
@ -153,7 +153,7 @@ index 743e79c..716052b 100644
apdu.datalen = data_len;
apdu.le = ((outlen >= 256) && !(card->caps & SC_CARD_CAP_APDU_EXT)) ? 256 : outlen;
apdu.resp = out;
@@ -1374,6 +1396,7 @@ pgp_decipher(sc_card_t *card, const u8 *in, size_t inlen,
@@ -1376,6 +1398,7 @@ pgp_decipher(sc_card_t *card, const u8 *in, size_t inlen,
struct pgp_priv_data *priv = DRVDATA(card);
sc_security_env_t *env = &priv->sec_env;
sc_apdu_t apdu;
@ -161,7 +161,7 @@ index 743e79c..716052b 100644
u8 *temp = NULL;
int r;
@@ -1398,7 +1421,7 @@ pgp_decipher(sc_card_t *card, const u8 *in, size_t inlen,
@@ -1400,7 +1423,7 @@ pgp_decipher(sc_card_t *card, const u8 *in, size_t inlen,
case 0x01: /* Decryption key */
case 0x02: /* authentication key */
/* PSO DECIPHER */
@ -170,7 +170,7 @@ index 743e79c..716052b 100644
break;
case 0x00: /* signature key */
default:
@@ -1407,8 +1430,13 @@ pgp_decipher(sc_card_t *card, const u8 *in, size_t inlen,
@@ -1409,8 +1432,13 @@ pgp_decipher(sc_card_t *card, const u8 *in, size_t inlen,
"invalid key reference");
}
@ -209,10 +209,10 @@ index 743e79c..716052b 100644
* sc_format_apdu() */
apdu_le = card->max_recv_size;
diff --git a/src/libopensc/cards.h b/src/libopensc/cards.h
index 0fbf9ca..01b08fd 100644
index 7be6667..a3f3634 100644
--- a/src/libopensc/cards.h
+++ b/src/libopensc/cards.h
@@ -104,6 +104,7 @@ enum {
@@ -105,6 +105,7 @@ enum {
SC_CARD_TYPE_OPENPGP_BASE = 9000,
SC_CARD_TYPE_OPENPGP_V1,
SC_CARD_TYPE_OPENPGP_V2,
@ -221,27 +221,18 @@ index 0fbf9ca..01b08fd 100644
/* jcop driver */
SC_CARD_TYPE_JCOP_BASE = 10000,
diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c
index 7058aaa..8b5e327 100644
index f42e6d6..a24a395 100644
--- a/src/tools/openpgp-tool.c
+++ b/src/tools/openpgp-tool.c
@@ -32,6 +32,7 @@
#include "libopensc/asn1.h"
@@ -33,6 +33,7 @@
#include "libopensc/cards.h"
#include "libopensc/cardctl.h"
#include "libopensc/errors.h"
+#include "libopensc/log.h"
#include "util.h"
#include "libopensc/log.h"
#define OPT_RAW 256
@@ -216,7 +217,7 @@ static void display_data(const struct ef_name_map *mapping, char *value)
} else {
const char *label = mapping->name;
- printf("%s:%*s%s\n", label, 10-strlen(label), "", value);
+ printf("%s:%*s%s\n", label, 10 - (int)strlen(label), "", value);
}
}
}
@@ -390,6 +391,8 @@ int do_genkey(sc_card_t *card, u8 key_id, unsigned int key_len)
@@ -396,6 +397,8 @@ int do_genkey(sc_card_t *card, u8 key_id, unsigned int key_len)
sc_path_t path;
sc_file_t *file;
@ -250,7 +241,7 @@ index 7058aaa..8b5e327 100644
if (key_id < 1 || key_id > 3) {
printf("Unknown key ID %d.\n", key_id);
return 1;
@@ -481,8 +484,10 @@ int main(int argc, char **argv)
@@ -487,8 +490,10 @@ int main(int argc, char **argv)
/* check card type */
if ((card->type != SC_CARD_TYPE_OPENPGP_V1) &&
@ -263,5 +254,5 @@ index 7058aaa..8b5e327 100644
goto out;
}
--
1.9.3
2.1.3

+ 10
- 10
utils/opensc/patches/0002-OpenPGP-Add-Gnuk-in-pkcs15-emulation-layer.patch View File

@ -1,8 +1,8 @@
From ecc6460d17147b37def27a9b776e1fc5a61408d0 Mon Sep 17 00:00:00 2001
From 00a2c08c9125103ee0bff9af9e7ff42c5cdc14fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Fri, 12 Apr 2013 17:24:00 +0700
Subject: [PATCH 02/18] OpenPGP: Add Gnuk in pkcs15 emulation layer.
Subject: [PATCH 02/26] OpenPGP: Add Gnuk in pkcs15 emulation layer.
---
src/libopensc/pkcs15-openpgp.c | 6 ++++--
@ -10,10 +10,10 @@ Subject: [PATCH 02/18] OpenPGP: Add Gnuk in pkcs15 emulation layer.
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/libopensc/pkcs15-openpgp.c b/src/libopensc/pkcs15-openpgp.c
index d9dc074..5a8a1ca 100644
index 4daaa98..fdf720a 100644
--- a/src/libopensc/pkcs15-openpgp.c
+++ b/src/libopensc/pkcs15-openpgp.c
@@ -155,7 +155,8 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
@@ -151,7 +151,8 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
u8 c4data[10];
u8 c5data[70];
int r, i;
@ -23,7 +23,7 @@ index d9dc074..5a8a1ca 100644
sc_path_t path;
sc_file_t *file;
@@ -367,7 +368,8 @@ failed: sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to initialize OpenPGP e
@@ -363,7 +364,8 @@ failed: sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to initialize OpenPGP e
static int openpgp_detect_card(sc_pkcs15_card_t *p15card)
{
@ -34,17 +34,17 @@ index d9dc074..5a8a1ca 100644
else
return SC_ERROR_WRONG_CARD;
diff --git a/src/libopensc/pkcs15-syn.c b/src/libopensc/pkcs15-syn.c
index e2f6004..a9f8c0b 100644
index ffbf642..d2c086c 100644
--- a/src/libopensc/pkcs15-syn.c
+++ b/src/libopensc/pkcs15-syn.c
@@ -112,6 +112,7 @@ int sc_pkcs15_is_emulation_only(sc_card_t *card)
@@ -115,6 +115,7 @@ int sc_pkcs15_is_emulation_only(sc_card_t *card)
case SC_CARD_TYPE_GEMSAFEV1_PTEID:
case SC_CARD_TYPE_OPENPGP_V1:
case SC_CARD_TYPE_OPENPGP_V2:
+ case SC_CARD_TYPE_OPENPGP_GNUK:
case SC_CARD_TYPE_SC_HSM:
return 1;
default:
case SC_CARD_TYPE_DNIE_BASE:
case SC_CARD_TYPE_DNIE_BLANK:
--
1.9.3
2.1.3

+ 4
- 4
utils/opensc/patches/0003-OpenPGP-Include-private-DO-to-filesystem-at-driver-i.patch View File

@ -1,8 +1,8 @@
From 5f751ba5628f9d85e9d8dca9939a93f49d2525d0 Mon Sep 17 00:00:00 2001
From 2d348b60ab8c22791b56f291600954abd716a791 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Fri, 22 Mar 2013 17:37:16 +0700
Subject: [PATCH 03/18] OpenPGP: Include private DO to filesystem at driver
Subject: [PATCH 03/26] OpenPGP: Include private DO to filesystem at driver
initialization.
In old implementation, the DOs which their access is restricted by
@ -13,7 +13,7 @@ leading to that we cannot read their data later, even if we verified PIN.
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index 716052b..ead07ae 100644
index c785a55..1cc3923 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -357,7 +357,7 @@ pgp_init(sc_card_t *card)
@ -26,5 +26,5 @@ index 716052b..ead07ae 100644
child = pgp_new_blob(card, priv->mf, info->id, sc_file_new());
--
1.9.3
2.1.3

+ 9
- 9
utils/opensc/patches/0004-PKCS15-OpenPGP-Declare-DATA-objects.patch View File

@ -1,8 +1,8 @@
From fbf8e392db4456de97796259a62ccb972fe24df8 Mon Sep 17 00:00:00 2001
From fda9b6dd088e734de372fc85c091f88e8607bc2e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Tue, 26 Feb 2013 17:37:16 +0700
Subject: [PATCH 04/18] PKCS15-OpenPGP: Declare DATA objects.
Subject: [PATCH 04/26] PKCS15-OpenPGP: Declare DATA objects.
Begin to support read/write DATA object for PKCS-OpenPGP binding.
This object is used by TrueCrypt.
@ -11,18 +11,18 @@ This object is used by TrueCrypt.
1 file changed, 35 insertions(+)
diff --git a/src/libopensc/pkcs15-openpgp.c b/src/libopensc/pkcs15-openpgp.c
index 5a8a1ca..9f239ef 100644
index fdf720a..fea2805 100644
--- a/src/libopensc/pkcs15-openpgp.c
+++ b/src/libopensc/pkcs15-openpgp.c
@@ -36,6 +36,7 @@ typedef USHORT ushort;
#endif
@@ -32,6 +32,7 @@
#include "log.h"
int sc_pkcs15emu_openpgp_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *);
+static int sc_pkcs15emu_openpgp_add_data(sc_pkcs15_card_t *);
#define PGP_USER_PIN_FLAGS (SC_PKCS15_PIN_FLAG_CASE_SENSITIVE \
@@ -45,6 +46,8 @@ int sc_pkcs15emu_openpgp_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *);
@@ -41,6 +42,8 @@ int sc_pkcs15emu_openpgp_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *);
| SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED \
| SC_PKCS15_PIN_FLAG_SO_PIN)
@ -31,7 +31,7 @@ index 5a8a1ca..9f239ef 100644
typedef struct _pgp_pin_cfg {
const char *label;
int reference;
@@ -359,6 +362,9 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
@@ -355,6 +358,9 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
goto failed;
}
@ -41,7 +41,7 @@ index 5a8a1ca..9f239ef 100644
return 0;
failed: sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to initialize OpenPGP emulation: %s\n",
@@ -366,6 +372,35 @@ failed: sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to initialize OpenPGP e
@@ -362,6 +368,35 @@ failed: sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to initialize OpenPGP e
return r;
}
@ -78,5 +78,5 @@ index 5a8a1ca..9f239ef 100644
{
if (p15card->card->type == SC_CARD_TYPE_OPENPGP_V1 || p15card->card->type == SC_CARD_TYPE_OPENPGP_V2
--
1.9.3
2.1.3

+ 27
- 28
utils/opensc/patches/0005-OpenPGP-Support-erasing-reset-card.patch View File

@ -1,20 +1,20 @@
From 4cdc5f3102f5ad93d263eea2f8206bb5e9fffc6c Mon Sep 17 00:00:00 2001
From 6d138f0199575516bfaad18cbbafcfa2ee61e58f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Mon, 4 Mar 2013 11:28:08 +0700
Subject: [PATCH 05/18] OpenPGP: Support erasing (reset) card.
Subject: [PATCH 05/26] OpenPGP: Support erasing (reset) card.
Command: openpgp-tool --erase
---
src/libopensc/card-openpgp.c | 64 ++++++++++++++++++++++++++++++++++++++++++++
src/tools/openpgp-tool.c | 23 +++++++++++++++-
2 files changed, 86 insertions(+), 1 deletion(-)
src/tools/openpgp-tool.c | 22 ++++++++++++++-
2 files changed, 85 insertions(+), 1 deletion(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index ead07ae..42a9684 100644
index 1cc3923..7349876 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -2197,6 +2197,66 @@ out:
@@ -2195,6 +2195,66 @@ out:
#endif /* ENABLE_OPENSSL */
@ -81,7 +81,7 @@ index ead07ae..42a9684 100644
/* ABI: card ctl: perform special card-specific operations */
static int pgp_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr)
{
@@ -2221,6 +2281,10 @@ static int pgp_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr)
@@ -2219,6 +2279,10 @@ static int pgp_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr)
LOG_FUNC_RETURN(card->ctx, r);
break;
#endif /* ENABLE_OPENSSL */
@ -93,53 +93,52 @@ index ead07ae..42a9684 100644
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c
index 8b5e327..0d360a3 100644
index a24a395..de1c9d4 100644
--- a/src/tools/openpgp-tool.c
+++ b/src/tools/openpgp-tool.c
@@ -76,6 +76,7 @@ static int opt_verify = 0;
static char *verifytype = NULL;
static int opt_pin = 0;
@@ -78,6 +78,7 @@ static int opt_pin = 0;
static char *pin = NULL;
static int opt_dump_do = 0;
static u8 do_dump_idx;
+static int opt_erase = 0;
static const char *app_name = "openpgp-tool";
@@ -92,6 +93,7 @@ static const struct option options[] = {
@@ -94,6 +95,7 @@ static const struct option options[] = {
{ "help", no_argument, NULL, 'h' },
{ "verbose", no_argument, NULL, 'v' },
{ "version", no_argument, NULL, 'V' },
+ { "erase", no_argument, NULL, 'E' },
{ "verify", required_argument, NULL, OPT_VERIFY },
{ "pin", required_argument, NULL, OPT_PIN },
{ NULL, 0, NULL, 0 }
@@ -110,6 +112,7 @@ static const char *option_help[] = {
{ "do", required_argument, NULL, 'd' },
@@ -113,6 +115,7 @@ static const char *option_help[] = {
/* h */ "Print this help message",
/* v */ "Verbose operation. Use several times to enable debug output.",
/* V */ "Show version number",
+/* E */ "Erase (reset) the card",
"Verify PIN (CHV1, CHV2, CHV3...)",
"PIN string"
};
@@ -228,7 +231,7 @@ static int decode_options(int argc, char **argv)
"PIN string",
/* d */ "Dump private data object number <arg> (i.e. PRIVATE-DO-<arg>)"
@@ -232,7 +235,7 @@ static int decode_options(int argc, char **argv)
{
int c;
- while ((c = getopt_long(argc, argv,"r:x:CUG:L:hwvV", options, (int *) 0)) != EOF) {
+ while ((c = getopt_long(argc, argv,"r:x:CUG:L:hwvVE", options, (int *) 0)) != EOF) {
- while ((c = getopt_long(argc, argv,"r:x:CUG:L:hwvVd:", options, (int *) 0)) != EOF) {
+ while ((c = getopt_long(argc, argv,"r:x:CUG:L:hwvVd:E", options, (int *) 0)) != EOF) {
switch (c) {
case 'r':
opt_reader = optarg;
@@ -288,6 +291,9 @@ static int decode_options(int argc, char **argv)
show_version();
exit(EXIT_SUCCESS);
break;
@@ -296,6 +299,8 @@ static int decode_options(int argc, char **argv)
do_dump_idx = optarg[0] - '0';
opt_dump_do++;
actions++;
+ case 'E':
+ opt_erase++;
+ break;
break;
default:
util_print_usage_and_die(app_name, options, option_help, NULL);
}
@@ -446,6 +452,18 @@ int do_verify(sc_card_t *card, u8 *type, u8* pin)
@@ -452,6 +457,18 @@ int do_verify(sc_card_t *card, char *type, char *pin)
return r;
}
@ -158,7 +157,7 @@ index 8b5e327..0d360a3 100644
int main(int argc, char **argv)
{
sc_context_t *ctx = NULL;
@@ -521,6 +539,9 @@ int main(int argc, char **argv)
@@ -531,6 +548,9 @@ int main(int argc, char **argv)
exit(EXIT_FAILURE);
}
@ -169,5 +168,5 @@ index 8b5e327..0d360a3 100644
sc_unlock(card);
sc_disconnect_card(card);
--
1.9.3
2.1.3

+ 18
- 20
utils/opensc/patches/0006-openpgp-tool-Support-deleting-key-in-Gnuk.patch View File

@ -1,18 +1,18 @@
From bbbedd3b358f80a7f98df2b22cf541cb007dd62e Mon Sep 17 00:00:00 2001
From 469b6567d9adc4af6f49fa65534162673060454d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Mon, 4 Mar 2013 18:13:03 +0700
Subject: [PATCH 06/18] openpgp-tool: Support deleting key in Gnuk.
Subject: [PATCH 06/26] openpgp-tool: Support deleting key in Gnuk.
---
src/tools/openpgp-tool.c | 144 ++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 143 insertions(+), 1 deletion(-)
src/tools/openpgp-tool.c | 142 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 142 insertions(+)
diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c
index 0d360a3..239c86b 100644
index de1c9d4..374819a 100644
--- a/src/tools/openpgp-tool.c
+++ b/src/tools/openpgp-tool.c
@@ -39,6 +39,7 @@
@@ -41,6 +41,7 @@
#define OPT_PRETTY 257
#define OPT_VERIFY 258
#define OPT_PIN 259
@ -20,33 +20,31 @@ index 0d360a3..239c86b 100644
/* define structures */
struct ef_name_map {
@@ -77,6 +78,7 @@ static char *verifytype = NULL;
static int opt_pin = 0;
static char *pin = NULL;
@@ -79,6 +80,7 @@ static char *pin = NULL;
static int opt_dump_do = 0;
static u8 do_dump_idx;
static int opt_erase = 0;
+static int opt_delkey = 0;
static const char *app_name = "openpgp-tool";
@@ -96,6 +98,7 @@ static const struct option options[] = {
{ "erase", no_argument, NULL, 'E' },
@@ -99,6 +101,7 @@ static const struct option options[] = {
{ "verify", required_argument, NULL, OPT_VERIFY },
{ "pin", required_argument, NULL, OPT_PIN },
{ "do", required_argument, NULL, 'd' },
+ { "del-key", required_argument, NULL, OPT_DELKEY },
{ NULL, 0, NULL, 0 }
};
@@ -114,7 +117,8 @@ static const char *option_help[] = {
/* V */ "Show version number",
/* E */ "Erase (reset) the card",
@@ -119,6 +122,7 @@ static const char *option_help[] = {
"Verify PIN (CHV1, CHV2, CHV3...)",
- "PIN string"
+ "PIN string",
"PIN string",
/* d */ "Dump private data object number <arg> (i.e. PRIVATE-DO-<arg>)"
+ "Delete key (1, 2, 3 or all)"
};
static const struct ef_name_map openpgp_data[] = {
@@ -294,6 +298,14 @@ static int decode_options(int argc, char **argv)
@@ -302,6 +306,14 @@ static int decode_options(int argc, char **argv)
case 'E':
opt_erase++;
break;
@ -61,7 +59,7 @@ index 0d360a3..239c86b 100644
default:
util_print_usage_and_die(app_name, options, option_help, NULL);
}
@@ -452,6 +464,133 @@ int do_verify(sc_card_t *card, u8 *type, u8* pin)
@@ -457,6 +469,133 @@ int do_verify(sc_card_t *card, char *type, char *pin)
return r;
}
@ -195,7 +193,7 @@ index 0d360a3..239c86b 100644
int do_erase(sc_card_t *card)
{
int r;
@@ -539,6 +678,9 @@ int main(int argc, char **argv)
@@ -548,6 +687,9 @@ int main(int argc, char **argv)
exit(EXIT_FAILURE);
}
@ -206,5 +204,5 @@ index 0d360a3..239c86b 100644
exit_status != do_erase(card);
--
1.9.3
2.1.3

+ 5
- 5
utils/opensc/patches/0007-OpenPGP-Correct-building-Extended-Header-List-when-i.patch View File

@ -1,8 +1,8 @@
From b6bc7a497e1fe20104f923de1092a35d137ba553 Mon Sep 17 00:00:00 2001
From d210faa377bcec63876f84b82540b110ede16e57 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Mon, 4 Mar 2013 18:14:51 +0700
Subject: [PATCH 07/18] OpenPGP: Correct building Extended Header List when
Subject: [PATCH 07/26] OpenPGP: Correct building Extended Header List when
importing keys.
---
@ -10,10 +10,10 @@ Subject: [PATCH 07/18] OpenPGP: Correct building Extended Header List when
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index 42a9684..47c1938 100644
index 7349876..91c311b 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -1978,7 +1978,7 @@ pgp_build_extended_header_list(sc_card_t *card, sc_cardctl_openpgp_keystore_info
@@ -1977,7 +1977,7 @@ pgp_build_extended_header_list(sc_card_t *card, sc_cardctl_openpgp_keystore_info
u8 *p = NULL;
u8 *components[] = {key_info->e, key_info->p, key_info->q, key_info->n};
size_t componentlens[] = {key_info->e_len, key_info->p_len, key_info->q_len, key_info->n_len};
@ -23,5 +23,5 @@ index 42a9684..47c1938 100644
"public exponent",
"prime p",
--
1.9.3
2.1.3

+ 6
- 6
utils/opensc/patches/0008-OpenPGP-Read-some-empty-DOs-from-Gnuk.patch View File

@ -1,8 +1,8 @@
From d1b8d3588336abac4876c1d537d8e8e5e578bc02 Mon Sep 17 00:00:00 2001
From df98874784a77c96a7a1be54412a02a53fdd3a3e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Mon, 25 Mar 2013 11:58:38 +0700
Subject: [PATCH 08/18] OpenPGP: Read some empty DOs from Gnuk.
Subject: [PATCH 08/26] OpenPGP: Read some empty DOs from Gnuk.
In Gnuk, some empty DOs are returned as not exist, instead of existing with empty value.
So, we will consider them exist in driver.
@ -11,10 +11,10 @@ So, we will consider them exist in driver.
1 file changed, 25 insertions(+)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index 47c1938..9b08bbb 100644
index 91c311b..e7b25c0 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -813,6 +813,23 @@ pgp_get_blob(sc_card_t *card, struct blob *blob, unsigned int id,
@@ -815,6 +815,23 @@ pgp_get_blob(sc_card_t *card, struct blob *blob, unsigned int id,
}
}
@ -38,7 +38,7 @@ index 47c1938..9b08bbb 100644
return SC_ERROR_FILE_NOT_FOUND;
}
@@ -1147,6 +1164,14 @@ pgp_get_data(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len)
@@ -1149,6 +1166,14 @@ pgp_get_data(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len)
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
@ -54,5 +54,5 @@ index 47c1938..9b08bbb 100644
LOG_FUNC_RETURN(card->ctx, apdu.resplen);
--
1.9.3
2.1.3

+ 5
- 5
utils/opensc/patches/0009-PKCS15-OpenPGP-Do-not-show-empty-DO-in-pkcs15-emu_in.patch View File

@ -1,8 +1,8 @@
From 6a4457cde65ef44f05b0689415ae7165b06fb8bf Mon Sep 17 00:00:00 2001
From 42adc35954e18e24f253f710b16d850d1872bce5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Wed, 27 Mar 2013 11:38:42 +0700
Subject: [PATCH 09/18] PKCS15-OpenPGP: Do not show empty DO in pkcs15
Subject: [PATCH 09/26] PKCS15-OpenPGP: Do not show empty DO in pkcs15
emu_init.
---
@ -10,10 +10,10 @@ Subject: [PATCH 09/18] PKCS15-OpenPGP: Do not show empty DO in pkcs15
1 file changed, 18 insertions(+)
diff --git a/src/libopensc/pkcs15-openpgp.c b/src/libopensc/pkcs15-openpgp.c
index 9f239ef..850dd74 100644
index fea2805..51a2032 100644
--- a/src/libopensc/pkcs15-openpgp.c
+++ b/src/libopensc/pkcs15-openpgp.c
@@ -385,16 +385,34 @@ sc_pkcs15emu_openpgp_add_data(sc_pkcs15_card_t *p15card)
@@ -381,16 +381,34 @@ sc_pkcs15emu_openpgp_add_data(sc_pkcs15_card_t *p15card)
sc_pkcs15_object_t dat_obj;
char name[8];
char path[9];
@ -49,5 +49,5 @@ index 9f239ef..850dd74 100644
r = sc_pkcs15emu_add_data_object(p15card, &dat_obj, &dat_info);
}
--
1.9.3
2.1.3

+ 5
- 5
utils/opensc/patches/0010-PKCS15-OpenPGP-Allow-to-store-data-to-pkcs15-data-ob.patch View File

@ -1,8 +1,8 @@
From 88ded8fc5802c073caa71b649cee5a3116699b2a Mon Sep 17 00:00:00 2001
From f085e6a5f386875b5b071ef3bf115e4d9bb33bdb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Wed, 27 Mar 2013 11:39:33 +0700
Subject: [PATCH 10/18] PKCS15-OpenPGP: Allow to store data to pkcs15 data
Subject: [PATCH 10/26] PKCS15-OpenPGP: Allow to store data to pkcs15 data
object.
Only one DO is supported now.
@ -12,10 +12,10 @@ Only one DO is supported now.
2 files changed, 38 insertions(+), 2 deletions(-)
diff --git a/src/libopensc/pkcs15-openpgp.c b/src/libopensc/pkcs15-openpgp.c
index 850dd74..b701041 100644
index 51a2032..4cc1c39 100644
--- a/src/libopensc/pkcs15-openpgp.c
+++ b/src/libopensc/pkcs15-openpgp.c
@@ -397,7 +397,7 @@ sc_pkcs15emu_openpgp_add_data(sc_pkcs15_card_t *p15card)
@@ -393,7 +393,7 @@ sc_pkcs15emu_openpgp_add_data(sc_pkcs15_card_t *p15card)
*/
r = read_file(p15card->card, path, content, sizeof(content));
if (r <= 0 ) {
@ -87,5 +87,5 @@ index f3a4962..1455580 100755
r = SC_ERROR_NOT_IMPLEMENTED;
}
--
1.9.3
2.1.3

+ 6
- 6
utils/opensc/patches/0011-OpenPGP-Provide-enough-buffer-to-read-pubkey-from-Gn.patch View File

@ -1,8 +1,8 @@
From 7231ee09bb628f0401939778decce818ef6e3665 Mon Sep 17 00:00:00 2001
From 752f8981bed49a98d3592ead3aa50e743318dea8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Fri, 5 Apr 2013 17:18:50 +0700
Subject: [PATCH 11/18] OpenPGP: Provide enough buffer to read pubkey from
Subject: [PATCH 11/26] OpenPGP: Provide enough buffer to read pubkey from
Gnuk.
---
@ -10,7 +10,7 @@ Subject: [PATCH 11/18] OpenPGP: Provide enough buffer to read pubkey from
1 file changed, 23 insertions(+), 5 deletions(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index 9b08bbb..8a1a270 100644
index e7b25c0..1913eca 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -263,7 +263,12 @@ static struct do_info pgp2_objects[] = { /* OpenPGP card spec 2.0 */
@ -27,7 +27,7 @@ index 9b08bbb..8a1a270 100644
#define DRVDATA(card) ((struct pgp_priv_data *) ((card)->drv_data))
struct pgp_priv_data {
@@ -729,6 +734,14 @@ pgp_read_blob(sc_card_t *card, struct blob *blob)
@@ -731,6 +736,14 @@ pgp_read_blob(sc_card_t *card, struct blob *blob)
u8 buffer[2048];
size_t buf_len = (card->caps & SC_CARD_CAP_APDU_EXT)
? sizeof(buffer) : 256;
@ -42,7 +42,7 @@ index 9b08bbb..8a1a270 100644
int r = blob->info->get_fn(card, blob->id, buffer, buf_len);
if (r < 0) { /* an error occurred */
@@ -1830,6 +1843,7 @@ static int pgp_gen_key(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_in
@@ -1828,6 +1841,7 @@ static int pgp_gen_key(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_in
u8 apdu_case;
u8 *apdu_data;
size_t apdu_le;
@ -83,5 +83,5 @@ index 9b08bbb..8a1a270 100644
/* Send */
sc_log(card->ctx, "Waiting for the card to generate key...");
--
1.9.3
2.1.3

+ 8
- 8
utils/opensc/patches/0012-OpenPGP-Support-write-certificate-for-Gnuk.patch View File

@ -1,18 +1,18 @@
From d8f63eb6fcc1441c12a44850da2fa22a6fe81634 Mon Sep 17 00:00:00 2001
From 5110ae3ba33d165c43ea5eca8f929a82d81cb3fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Thu, 11 Apr 2013 11:47:51 +0700
Subject: [PATCH 12/18] OpenPGP: Support write certificate for Gnuk.
Subject: [PATCH 12/26] OpenPGP: Support write certificate for Gnuk.
---
src/libopensc/card-openpgp.c | 158 +++++++++++++++++++++++++++++++++----------
1 file changed, 123 insertions(+), 35 deletions(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index 8a1a270..d9db948 100644
index 1913eca..7cea84f 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -725,6 +725,8 @@ pgp_iterate_blobs(struct blob *blob, int level, void (*func)())
@@ -727,6 +727,8 @@ pgp_iterate_blobs(struct blob *blob, int level, void (*func)())
static int
pgp_read_blob(sc_card_t *card, struct blob *blob)
{
@ -21,7 +21,7 @@ index 8a1a270..d9db948 100644
if (blob->data != NULL)
return SC_SUCCESS;
if (blob->info == NULL)
@@ -735,6 +737,11 @@ pgp_read_blob(sc_card_t *card, struct blob *blob)
@@ -737,6 +739,11 @@ pgp_read_blob(sc_card_t *card, struct blob *blob)
size_t buf_len = (card->caps & SC_CARD_CAP_APDU_EXT)
? sizeof(buffer) : 256;
@ -33,7 +33,7 @@ index 8a1a270..d9db948 100644
/* Buffer length for Gnuk pubkey */
if (card->type == SC_CARD_TYPE_OPENPGP_GNUK &&
(blob->id == 0xa400 || blob->id == 0xb600 || blob->id == 0xb800
@@ -1190,49 +1197,75 @@ pgp_get_data(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len)
@@ -1192,49 +1199,75 @@ pgp_get_data(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len)
LOG_FUNC_RETURN(card->ctx, apdu.resplen);
}
@ -143,7 +143,7 @@ index 8a1a270..d9db948 100644
/* Extended Header list (004D DO) needs a variant of PUT DATA command */
if (tag == 0x004D) {
@@ -1258,15 +1291,70 @@ pgp_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t buf_len)
@@ -1260,15 +1293,70 @@ pgp_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t buf_len)
apdu.lc = buf_len;
}
else {
@ -216,5 +216,5 @@ index 8a1a270..d9db948 100644
if (r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) {
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Please verify PIN first.");
--
1.9.3
2.1.3

+ 3
- 3
utils/opensc/patches/0013-pkcs15-openpgp-Change-to-sc_put_data-instead-of-sc_u.patch View File

@ -1,8 +1,8 @@
From e5c94d3f1f7e6a96a98815d6e51190498c357fb6 Mon Sep 17 00:00:00 2001
From 7823e836e8279c8d77786d8f10ffaa83cf50bf1d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Wed, 10 Apr 2013 18:35:58 +0700
Subject: [PATCH 13/18] pkcs15-openpgp: Change to sc_put_data instead of
Subject: [PATCH 13/26] pkcs15-openpgp: Change to sc_put_data instead of
sc_update_binary when writing certificate.
---
@ -27,5 +27,5 @@ index 1455580..be1291e 100755
case SC_PKCS15_TYPE_DATA_OBJECT:
--
1.9.3
2.1.3

+ 6
- 6
utils/opensc/patches/0014-OpenPGP-Overcome-the-restriction-of-even-data-length.patch View File

@ -1,8 +1,8 @@
From df8a78e3c8c9d9d591c0d3fa31db7e010eb2c8c2 Mon Sep 17 00:00:00 2001
From 3ff1f7234abb4c42273adedbe06d9e7f9f3a5f9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Thu, 11 Apr 2013 16:18:31 +0700
Subject: [PATCH 14/18] OpenPGP: Overcome the restriction of even data length
Subject: [PATCH 14/26] OpenPGP: Overcome the restriction of even data length
of Gnuk.
When write certificate with odd length to Gnuk, we add zero padding to make it even.
@ -11,10 +11,10 @@ When write certificate with odd length to Gnuk, we add zero padding to make it e
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index d9db948..a666163 100644
index 7cea84f..7a77a71 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -1206,6 +1206,10 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length)
@@ -1208,6 +1208,10 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length)
sc_apdu_t apdu;
u8 *part;
size_t plen;
@ -25,7 +25,7 @@ index d9db948..a666163 100644
int r = SC_SUCCESS;
LOG_FUNC_CALLED(ctx);
@@ -1236,8 +1240,20 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length)
@@ -1238,8 +1242,20 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length)
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xD6, i, 0);
}
apdu.flags |= SC_APDU_FLAGS_CHAINING;
@ -49,5 +49,5 @@ index d9db948..a666163 100644
r = sc_transmit_apdu(card, &apdu);
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
--
1.9.3
2.1.3

+ 7
- 7
utils/opensc/patches/0015-OpenPGP-Delete-key-as-file-for-Gnuk.patch View File

@ -1,18 +1,18 @@
From 693b3ac5a53e89a0cdeab0f728d24a6e16864f5c Mon Sep 17 00:00:00 2001
From 9af45c4cf052e3a6059a3004082f9ee3d2b3b2bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Fri, 12 Apr 2013 15:33:31 +0700
Subject: [PATCH 15/18] OpenPGP: Delete key as file, for Gnuk.
Subject: [PATCH 15/26] OpenPGP: Delete key as file, for Gnuk.
---
src/libopensc/card-openpgp.c | 51 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 50 insertions(+), 1 deletion(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index a666163..19d3b04 100644
index 7a77a71..4d0500d 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -2437,6 +2437,44 @@ static int pgp_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr)
@@ -2435,6 +2435,44 @@ static int pgp_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr)
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
}
@ -57,7 +57,7 @@ index a666163..19d3b04 100644
/* ABI: DELETE FILE */
static int
pgp_delete_file(sc_card_t *card, const sc_path_t *path)
@@ -2444,6 +2482,7 @@ pgp_delete_file(sc_card_t *card, const sc_path_t *path)
@@ -2442,6 +2480,7 @@ pgp_delete_file(sc_card_t *card, const sc_path_t *path)
struct pgp_priv_data *priv = DRVDATA(card);
struct blob *blob;
sc_file_t *file;
@ -65,7 +65,7 @@ index a666163..19d3b04 100644
int r;
LOG_FUNC_CALLED(card->ctx);
@@ -2459,10 +2498,20 @@ pgp_delete_file(sc_card_t *card, const sc_path_t *path)
@@ -2457,10 +2496,20 @@ pgp_delete_file(sc_card_t *card, const sc_path_t *path)
if (blob == priv->mf)
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
@ -88,5 +88,5 @@ index a666163..19d3b04 100644
/* call pgp_put_data() with zero-sized NULL-buffer to zap the DO contents */
r = pgp_put_data(card, file->id, NULL, 0);
--
1.9.3
2.1.3

+ 7
- 7
utils/opensc/patches/0016-OpenPGP-Correct-parameter-checking.patch View File

@ -1,18 +1,18 @@
From f96f7536a8c2efd0ba41fd94fe3334e5fa556854 Mon Sep 17 00:00:00 2001
From ee23d262768e7e54ed0fc554bc0b869c65868ace Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Tue, 16 Apr 2013 10:19:34 +0700
Subject: [PATCH 16/18] OpenPGP: Correct parameter checking.
Subject: [PATCH 16/26] OpenPGP: Correct parameter checking.
---
src/libopensc/card-openpgp.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index 19d3b04..196c094 100644
index 4d0500d..beeee83 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -1221,6 +1221,8 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length)
@@ -1223,6 +1223,8 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length)
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
/* Check response */
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
@ -21,7 +21,7 @@ index 19d3b04..196c094 100644
LOG_FUNC_RETURN(card->ctx, length);
}
@@ -2448,6 +2450,11 @@ gnuk_delete_key(sc_card_t *card, u8 key_id)
@@ -2446,6 +2448,11 @@ gnuk_delete_key(sc_card_t *card, u8 key_id)
LOG_FUNC_CALLED(ctx);
@ -33,7 +33,7 @@ index 19d3b04..196c094 100644
/* Delete fingerprint */
sc_log(ctx, "Delete fingerprints");
r = pgp_put_data(card, 0xC6 + key_id, NULL, 0);
@@ -2466,8 +2473,6 @@ gnuk_delete_key(sc_card_t *card, u8 key_id)
@@ -2464,8 +2471,6 @@ gnuk_delete_key(sc_card_t *card, u8 key_id)
data = "\x4D\x02\xB8";
else if (key_id == 3)
data = "\x4D\x02\xA4";
@ -43,5 +43,5 @@ index 19d3b04..196c094 100644
r = pgp_put_data(card, 0x4D, data, strlen(data) + 1);
--
1.9.3
2.1.3

+ 6
- 6
utils/opensc/patches/0017-OpenPGP-Make-code-neater.patch View File

@ -1,18 +1,18 @@
From 8a69525a60391b46db4994033527d219d2adaa4e Mon Sep 17 00:00:00 2001
From f4aec38233010953cea72c367bccc71c3687b2f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Tue, 16 Apr 2013 16:02:17 +0700
Subject: [PATCH 17/18] OpenPGP: Make code neater
Subject: [PATCH 17/26] OpenPGP: Make code neater
---
src/libopensc/card-openpgp.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index 196c094..c4ef3b6 100644
index beeee83..ca0d01b 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -1220,10 +1220,7 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length)
@@ -1222,10 +1222,7 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length)
r = sc_transmit_apdu(card, &apdu);
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
/* Check response */
@ -24,7 +24,7 @@ index 196c094..c4ef3b6 100644
}
/* Ref: gnuk_put_binary_libusb.py and gnuk_token.py in Gnuk source tree */
@@ -1260,8 +1257,7 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length)
@@ -1262,8 +1259,7 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length)
r = sc_transmit_apdu(card, &apdu);
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
/* Check response */
@ -35,5 +35,5 @@ index 196c094..c4ef3b6 100644
/* To next part */
i++;
--
1.9.3
2.1.3

+ 6
- 6
utils/opensc/patches/0018-Move-declaration-to-top-of-block.patch View File

@ -1,18 +1,18 @@
From a099f951d085d3abfefeead14a4af06913cb67d2 Mon Sep 17 00:00:00 2001
From c84c84169f7a73eab27f6a9b13b77432baa5c3f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Wed, 8 May 2013 16:51:21 +0700
Subject: [PATCH 18/18] Move declaration to top of block.
Subject: [PATCH 18/26] Move declaration to top of block.
---
src/libopensc/card-openpgp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index c4ef3b6..7f2006e 100644
index ca0d01b..037ef73 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -736,6 +736,7 @@ pgp_read_blob(sc_card_t *card, struct blob *blob)
@@ -738,6 +738,7 @@ pgp_read_blob(sc_card_t *card, struct blob *blob)
u8 buffer[2048];
size_t buf_len = (card->caps & SC_CARD_CAP_APDU_EXT)
? sizeof(buffer) : 256;
@ -20,7 +20,7 @@ index c4ef3b6..7f2006e 100644
/* Buffer length for certificate */
if (blob->id == DO_CERT && priv->max_cert_size > 0) {
@@ -749,7 +750,7 @@ pgp_read_blob(sc_card_t *card, struct blob *blob)
@@ -751,7 +752,7 @@ pgp_read_blob(sc_card_t *card, struct blob *blob)
buf_len = MAXLEN_RESP_PUBKEY_GNUK;
}
@ -30,5 +30,5 @@ index c4ef3b6..7f2006e 100644
if (r < 0) { /* an error occurred */
blob->status = r;
--
1.9.3
2.1.3

+ 182
- 0
utils/opensc/patches/0019-OpenPGP-Make-indentation-consistent-space-tab.patch View File

@ -0,0 +1,182 @@
From c6abf7976f64be5191dc80fecdbcb07daab7a2e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Sun, 3 Nov 2013 01:45:56 +0800
Subject: [PATCH 19/26] OpenPGP: Make indentation consistent (space -> tab).
---
src/libopensc/card-openpgp.c | 22 ++++++++---------
src/tools/openpgp-tool.c | 56 ++++++++++++++++++++++----------------------
2 files changed, 39 insertions(+), 39 deletions(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index 037ef73..ae40940 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -192,12 +192,12 @@ static struct do_info pgp1_objects[] = { /* OpenPGP card spec 1.1 */
{ 0x5f35, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
{ 0x5f50, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
{ 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
- { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
- { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
- { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
- { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
- { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
- { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
{ 0, 0, 0, NULL, NULL },
};
@@ -253,11 +253,11 @@ static struct do_info pgp2_objects[] = { /* OpenPGP card spec 2.0 */
/* The 0xA401, 0xB601, 0xB801 are just symbolic, it does not represent any real DO.
* However, their R/W access condition may block the process of importing key in pkcs15init.
* So we set their accesses condition as WRITE_PIN3 (writable). */
- { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
- { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
- { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
- { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
- { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
{ 0, 0, 0, NULL, NULL },
};
diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c
index 374819a..a0334ca 100644
--- a/src/tools/openpgp-tool.c
+++ b/src/tools/openpgp-tool.c
@@ -37,11 +37,11 @@
#include "util.h"
#include "libopensc/log.h"
-#define OPT_RAW 256
-#define OPT_PRETTY 257
-#define OPT_VERIFY 258
-#define OPT_PIN 259
-#define OPT_DELKEY 260
+#define OPT_RAW 256
+#define OPT_PRETTY 257
+#define OPT_VERIFY 258
+#define OPT_PIN 259
+#define OPT_DELKEY 260
/* define structures */
struct ef_name_map {
@@ -142,10 +142,10 @@ static const struct ef_name_map openpgp_data[] = {
static void show_version(void)
{
fprintf(stderr,
- "openpgp-tool - OpenPGP card utility version " PACKAGE_VERSION "\n"
- "\n"
- "Copyright (c) 2012 Peter Marschall <peter@adpm.de>\n"
- "Licensed under LGPL v2\n");
+ "openpgp-tool - OpenPGP card utility version " PACKAGE_VERSION "\n"
+ "\n"
+ "Copyright (c) 2012 Peter Marschall <peter@adpm.de>\n"
+ "Licensed under LGPL v2\n");
}
@@ -176,16 +176,16 @@ static char *prettify_language(char *str)
{
if (str != NULL) {
switch (strlen(str)) {
- case 8: memmove(str+7, str+6, 1+strlen(str+6));
+ case 8: memmove(str+7, str+6, 1+strlen(str+6));
str[6] = ',';
/* fall through */
- case 6: memmove(str+5, str+4, 1+strlen(str+4));
+ case 6: memmove(str+5, str+4, 1+strlen(str+4));
str[4] = ',';
/* fall through */
- case 4: memmove(str+3, str+2, 1+strlen(str+2));
+ case 4: memmove(str+3, str+2, 1+strlen(str+2));
str[2] = ',';
/* fall through */
- case 2: return str;
+ case 2: return str;
}
}
return NULL;
@@ -197,10 +197,10 @@ static char *prettify_gender(char *str)
{
if (str != NULL) {
switch (*str) {
- case '0': return "unknown";
- case '1': return "male";
- case '2': return "female";
- case '9': return "not applicable";
+ case '0': return "unknown";
+ case '1': return "male";
+ case '2': return "female";
+ case '9': return "not applicable";
}
}
return NULL;
@@ -218,7 +218,7 @@ static void display_data(const struct ef_name_map *mapping, char *value)
char *envvar;
envvar = malloc(strlen(mapping->env_name) +
- strlen(value) + 2);
+ strlen(value) + 2);
if (envvar != NULL) {
strcpy(envvar, mapping->env_name);
strcat(envvar, "=");
@@ -346,20 +346,20 @@ static int do_userinfo(sc_card_t *card)
if (!count)
continue;
- if (count > (int)sizeof(buf) - 1) {
+ if (count > (int)sizeof(buf) - 1) {
fprintf(stderr, "Too small buffer to read the OpenPGP data\n");
return EXIT_FAILURE;
}
-
- r = sc_read_binary(card, 0, buf, count, 0);
- if (r < 0) {
+
+ r = sc_read_binary(card, 0, buf, count, 0);
+ if (r < 0) {
fprintf(stderr, "%s: read failed - %s\n", openpgp_data[i].ef, sc_strerror(r));
return EXIT_FAILURE;
- }
- if (r != count) {
- fprintf(stderr, "%s: expecting %d, got only %d bytes\n", openpgp_data[i].ef, count, r);
+ }
+ if (r != count) {
+ fprintf(stderr, "%s: expecting %d, got only %d bytes\n", openpgp_data[i].ef, count, r);
return EXIT_FAILURE;
- }
+ }
buf[count] = '\0';
@@ -628,7 +628,7 @@ int main(int argc, char **argv)
r = sc_context_create(&ctx, &ctx_param);
if (r) {
util_fatal("failed to establish context: %s\n",
- sc_strerror(r));
+ sc_strerror(r));
return EXIT_FAILURE;
}
@@ -640,7 +640,7 @@ int main(int argc, char **argv)
r = util_connect_card(ctx, &card, opt_reader, opt_wait, verbose);
if (r) {
util_fatal("failed to connect to card: %s\n",
- sc_strerror(r));
+ sc_strerror(r));
return EXIT_FAILURE;
}
--
2.1.3

+ 84
- 0
utils/opensc/patches/0020-OpenPGP-Don-t-use-sc_log-in-openpgp-tool.patch View File

@ -0,0 +1,84 @@
From 9acf5c1ad7d8a32b472203d3bd8860ea2cbde0e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Sun, 3 Nov 2013 02:53:35 +0800
Subject: [PATCH 20/26] OpenPGP: Don't use sc_log in openpgp-tool.
---
src/tools/openpgp-tool.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c
index a0334ca..505abd9 100644
--- a/src/tools/openpgp-tool.c
+++ b/src/tools/openpgp-tool.c
@@ -414,8 +414,6 @@ int do_genkey(sc_card_t *card, u8 key_id, unsigned int key_len)
sc_path_t path;
sc_file_t *file;
- LOG_FUNC_CALLED(card->ctx);
-
if (key_id < 1 || key_id > 3) {
printf("Unknown key ID %d.\n", key_id);
return 1;
@@ -479,14 +477,14 @@ int delete_key_gnuk(sc_card_t *card, u8 key_id)
u8 *data = NULL;
/* Delete fingerprint */
- sc_log(ctx, "Delete fingerprints");
+ fprintf(stdout, "Delete fingerprints");
r |= sc_put_data(card, 0xC6 + key_id, NULL, 0);
/* Delete creation time */
- sc_log(ctx, "Delete creation time");
+ fprintf(stdout, "Delete creation time");
r |= sc_put_data(card, 0xCD + key_id, NULL, 0);
/* Rewrite Extended Header List */
- sc_log(ctx, "Rewrite Extended Header List");
+ fprintf(stdout, "Rewrite Extended Header List");
if (key_id == 1)
data = "\x4D\x02\xB6";
@@ -534,15 +532,18 @@ int delete_key_openpgp(sc_card_t *card, u8 key_id)
/* Build APDU from binary array */
r = sc_bytes2apdu(card->ctx, buf, len0, &apdu);
if (r) {
- sc_log(ctx, "Failed to build APDU");
- LOG_FUNC_RETURN(ctx, SC_ERROR_INTERNAL);
+ fprintf(stderr, "Failed to build APDU: %s\n", sc_strerror(r));
+ return r;
}
apdu.resp = rbuf;
apdu.resplen = sizeof(rbuf);
/* Send APDU to card */
r = sc_transmit_apdu(card, &apdu);
- LOG_TEST_RET(ctx, r, "Transmiting APDU failed");
+ if (r) {
+ fprintf(stderr, "Transmiting APDU failed: %s\n", sc_strerror(r));
+ return r;
+ }
}
/* TODO: Rewrite Extended Header List.
* Not support by OpenGPG v2 yet */
@@ -557,7 +558,7 @@ int delete_key(sc_card_t *card, u8 key_id)
LOG_FUNC_CALLED(ctx);
/* Check key ID */
if (key_id < 1 || key_id > 3) {
- sc_log(ctx, "Invalid key ID %d", key_id);
+ fprintf(stderr, "Invalid key ID %d", key_id);
LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
}
@@ -649,7 +650,7 @@ int main(int argc, char **argv)
(card->type != SC_CARD_TYPE_OPENPGP_V2) &&
(card->type != SC_CARD_TYPE_OPENPGP_GNUK)) {
util_error("not an OpenPGP card");
- sc_log(card->ctx, "Card type %X", card->type);
+ fprintf(stderr, "Card type %X\n", card->type);
exit_status = EXIT_FAILURE;
goto out;
}
--
2.1.3

+ 112
- 0
utils/opensc/patches/0021-OpenPGP-Don-t-reimplement-gnuk_delete_key-in-openpgp.patch View File

@ -0,0 +1,112 @@
From 0fdbf868976172486af210accafbab163452ff78 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Sun, 3 Nov 2013 11:26:25 +0800
Subject: [PATCH 21/26] OpenPGP: Don't reimplement gnuk_delete_key in
openpgp-tool.
---
src/tools/openpgp-tool.c | 64 ++++++------------------------------------------
1 file changed, 8 insertions(+), 56 deletions(-)
diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c
index 505abd9..a7796e7 100644
--- a/src/tools/openpgp-tool.c
+++ b/src/tools/openpgp-tool.c
@@ -468,38 +468,6 @@ int do_verify(sc_card_t *card, char *type, char *pin)
}
/**
- * Delete key, for Gnuk.
- **/
-int delete_key_gnuk(sc_card_t *card, u8 key_id)
-{
- sc_context_t *ctx = card->ctx;
- int r = SC_SUCCESS;
- u8 *data = NULL;
-
- /* Delete fingerprint */
- fprintf(stdout, "Delete fingerprints");
- r |= sc_put_data(card, 0xC6 + key_id, NULL, 0);
- /* Delete creation time */
- fprintf(stdout, "Delete creation time");
- r |= sc_put_data(card, 0xCD + key_id, NULL, 0);
-
- /* Rewrite Extended Header List */
- fprintf(stdout, "Rewrite Extended Header List");
-
- if (key_id == 1)
- data = "\x4D\x02\xB6";
- else if (key_id == 2)
- data = "\x4D\x02\xB8";
- else if (key_id == 3)
- data = "\x4D\x02\xA4";
- else
- return SC_ERROR_INVALID_ARGUMENTS;
-
- r |= sc_put_data(card, 0x4D, data, strlen(data) + 1);
- return r;
-}
-
-/**
* Delete key, for OpenPGP card.
* This function is not complete and is reserved for future version (> 2) of OpenPGP card.
**/
@@ -547,32 +515,13 @@ int delete_key_openpgp(sc_card_t *card, u8 key_id)
}
/* TODO: Rewrite Extended Header List.
* Not support by OpenGPG v2 yet */
- LOG_FUNC_RETURN(ctx, r);
-}
-
-int delete_key(sc_card_t *card, u8 key_id)
-{
- sc_context_t *ctx = card->ctx;
- int r;
-
- LOG_FUNC_CALLED(ctx);
- /* Check key ID */
- if (key_id < 1 || key_id > 3) {
- fprintf(stderr, "Invalid key ID %d", key_id);
- LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
- }
-
- if (card->type == SC_CARD_TYPE_OPENPGP_GNUK)
- r = delete_key_gnuk(card, key_id);
- else
- r = delete_key_openpgp(card, key_id);
-
- LOG_FUNC_RETURN(ctx, r);
+ return r;
}
int do_delete_key(sc_card_t *card, u8 key_id)
{
sc_context_t *ctx = card->ctx;
+ sc_path_t path;
int r = SC_SUCCESS;
/* Currently, only Gnuk supports deleting keys */
@@ -586,13 +535,16 @@ int do_delete_key(sc_card_t *card, u8 key_id)
return SC_ERROR_INVALID_ARGUMENTS;
}
if (key_id == 1 || key_id == 'a') {
- r |= delete_key(card, 1);
+ sc_format_path("B601", &path);
+ r |= sc_delete_file(card, &path);
}
if (key_id == 2 || key_id == 'a') {
- r |= delete_key(card, 2);
+ sc_format_path("B801", &path);
+ r |= sc_delete_file(card, &path);
}
if (key_id == 3 || key_id == 'a') {
- r |= delete_key(card, 3);
+ sc_format_path("A401", &path);
+ r |= sc_delete_file(card, &path);
}
return r;
}
--
2.1.3

+ 87
- 0
utils/opensc/patches/0022-OpenPGP-Use-directly-binary-array-of-APDUs-for-ERASE.patch View File

@ -0,0 +1,87 @@
From 0cd2a488d86006bb2740a4e73e7a0d859e1bf33c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Sun, 13 Jul 2014 17:37:59 +0800
Subject: [PATCH 22/26] OpenPGP: Use directly binary array of APDUs for ERASE
command.
I used a string presentation before and it needed an extra conversion step.
---
src/libopensc/card-openpgp.c | 47 +++++++++++++++++++++++---------------------
1 file changed, 25 insertions(+), 22 deletions(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index ae40940..724fe73 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -2347,24 +2347,27 @@ out:
static int pgp_erase_card(sc_card_t *card)
{
sc_context_t *ctx = card->ctx;
- u8 *apdustring[10] = {
- "00:20:00:81:08:40:40:40:40:40:40:40:40",
- "00:20:00:81:08:40:40:40:40:40:40:40:40",
- "00:20:00:81:08:40:40:40:40:40:40:40:40",
- "00:20:00:81:08:40:40:40:40:40:40:40:40",
- "00:20:00:83:08:40:40:40:40:40:40:40:40",
- "00:20:00:83:08:40:40:40:40:40:40:40:40",
- "00:20:00:83:08:40:40:40:40:40:40:40:40",
- "00:20:00:83:08:40:40:40:40:40:40:40:40",
- "00:e6:00:00",
- "00:44:00:00"
+ /* Special series of commands to erase OpenPGP card,
+ * according to https://www.crypto-stick.com/en/faq
+ * (How to reset a Crypto Stick? question).
+ * Gnuk is known not to support this feature. */
+ u8 apdu_binaries[10][13] = {
+ {0, 0x20, 0, 0x81, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40},
+ {0, 0x20, 0, 0x81, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40},
+ {0, 0x20, 0, 0x81, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40},
+ {0, 0x20, 0, 0x81, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40},
+ {0, 0x20, 0, 0x83, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40},
+ {0, 0x20, 0, 0x83, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40},
+ {0, 0x20, 0, 0x83, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40},
+ {0, 0x20, 0, 0x83, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40},
+ {0, 0xe6, 0, 0},
+ {0, 0x44, 0, 0}
};
+ u8 apdu_lens[10] = {13, 13, 13, 13, 13, 13, 13, 13, 4, 4};
u8 buf[SC_MAX_APDU_BUFFER_SIZE];
u8 rbuf[SC_MAX_APDU_BUFFER_SIZE];
sc_apdu_t apdu;
- size_t len0;
- int commandsnum = 10;
- int i, r;
+ int i, l, r;
LOG_FUNC_CALLED(ctx);
@@ -2376,17 +2379,17 @@ static int pgp_erase_card(sc_card_t *card)
sc_log(ctx, "Card is OpenPGP v2. Erase card.");
/* Iterate over 10 commands above */
- for (i = 0; i < commandsnum; i++) {
- /* Convert the string to binary array */
- len0 = sizeof(buf);
- sc_hex_to_bin(apdustring[i], buf, &len0);
- printf("Sending: ");
- for (r = 0; r < len0; r++)
- printf("%02X ", buf[r]);
+ for (i = 0; i < sizeof(apdu_lens); i++) {
+ /* Length of the binary array of the current command */
+ l = apdu_lens[i];
+ /* Print the command to console */
+ printf("Sending %d: ", i);
+ for (r = 0; r < l; r++)
+ printf("%02X ", apdu_binaries[i][r]);
printf("\n");
/* Build APDU from binary array */
- r = sc_bytes2apdu(card->ctx, buf, len0, &apdu);
+ r = sc_bytes2apdu(card->ctx, apdu_binaries[i], l, &apdu);
if (r) {
sc_log(ctx, "Failed to build APDU");
LOG_FUNC_RETURN(ctx, SC_ERROR_INTERNAL);
--
2.1.3

+ 339
- 0
utils/opensc/patches/0023-OpenPGP-Rename-private-blob-type-to-avoid-confusing-.patch View File

@ -0,0 +1,339 @@
From 6f56ea4cfc52323002d818731a50a31e863b6843 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Sun, 13 Jul 2014 19:41:36 +0800
Subject: [PATCH 23/26] OpenPGP: Rename private "blob" type to avoid confusing
with variable name.
This name has been used for both data type and variable name of that
type.
---
src/libopensc/card-openpgp.c | 96 ++++++++++++++++++++++----------------------
1 file changed, 49 insertions(+), 47 deletions(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index 724fe73..ca3173c 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -111,9 +111,9 @@ enum _card_state {
CARD_STATE_ACTIVATED = 0x05
};
-struct blob {
- struct blob * next; /* pointer to next sibling */
- struct blob * parent; /* pointer to parent */
+typedef struct pgp_blob {
+ struct pgp_blob * next; /* pointer to next sibling */
+ struct pgp_blob * parent; /* pointer to parent */
struct do_info *info;
sc_file_t * file;
@@ -122,8 +122,8 @@ struct blob {
unsigned char * data;
unsigned int len;
- struct blob * files; /* pointer to 1st child */
-};
+ struct pgp_blob * files; /* pointer to 1st child */
+} pgp_blob_t;
struct do_info {
unsigned int id; /* ID of the DO in question */
@@ -141,12 +141,12 @@ struct do_info {
static int pgp_get_card_features(sc_card_t *card);
static int pgp_finish(sc_card_t *card);
-static void pgp_iterate_blobs(struct blob *, int, void (*func)());
+static void pgp_iterate_blobs(pgp_blob_t *, int, void (*func)());
-static int pgp_get_blob(sc_card_t *card, struct blob *blob,
- unsigned int id, struct blob **ret);
-static struct blob * pgp_new_blob(sc_card_t *, struct blob *, unsigned int, sc_file_t *);
-static void pgp_free_blob(struct blob *);
+static int pgp_get_blob(sc_card_t *card, pgp_blob_t *blob,
+ unsigned int id, pgp_blob_t **ret);
+static pgp_blob_t * pgp_new_blob(sc_card_t *, pgp_blob_t *, unsigned int, sc_file_t *);
+static void pgp_free_blob(pgp_blob_t *);
static int pgp_get_pubkey(sc_card_t *, unsigned int,
u8 *, size_t);
static int pgp_get_pubkey_pem(sc_card_t *, unsigned int,
@@ -272,8 +272,8 @@ static struct do_info pgp2_objects[] = { /* OpenPGP card spec 2.0 */
#define DRVDATA(card) ((struct pgp_priv_data *) ((card)->drv_data))
struct pgp_priv_data {
- struct blob * mf;
- struct blob * current; /* currently selected file */
+ pgp_blob_t * mf;
+ pgp_blob_t * current; /* currently selected file */
enum _version bcd_version;
struct do_info *pgp_objects;
@@ -311,7 +311,7 @@ pgp_init(sc_card_t *card)
sc_file_t *file = NULL;
struct do_info *info;
int r;
- struct blob *child = NULL;
+ pgp_blob_t *child = NULL;
LOG_FUNC_CALLED(card->ctx);
@@ -389,7 +389,7 @@ pgp_get_card_features(sc_card_t *card)
unsigned char *hist_bytes = card->atr.value;
size_t atr_len = card->atr.len;
size_t i = 0;
- struct blob *blob, *blob6e, *blob73;
+ pgp_blob_t *blob, *blob6e, *blob73;
/* parse card capabilities from historical bytes */
while ((i < atr_len) && (hist_bytes[i] != 0x73))
@@ -526,7 +526,7 @@ pgp_finish(sc_card_t *card)
/* internal: fill a blob's data */
static int
-pgp_set_blob(struct blob *blob, const u8 *data, size_t len)
+pgp_set_blob(pgp_blob_t *blob, const u8 *data, size_t len)
{
if (blob->data)
free(blob->data);
@@ -620,16 +620,16 @@ pgp_attach_acl(sc_card_t *card, sc_file_t *file, struct do_info *info)
}
/* internal: append a blob to the list of children of a given parent blob */
-static struct blob *
-pgp_new_blob(sc_card_t *card, struct blob *parent, unsigned int file_id,
+static pgp_blob_t *
+pgp_new_blob(sc_card_t *card, pgp_blob_t *parent, unsigned int file_id,
sc_file_t *file)
{
- struct blob *blob = NULL;
+ pgp_blob_t *blob = NULL;
if (file == NULL)
return NULL;
- if ((blob = calloc(1, sizeof(struct blob))) != NULL) {
+ if ((blob = calloc(1, sizeof(pgp_blob_t))) != NULL) {
struct pgp_priv_data *priv = DRVDATA (card);
struct do_info *info;
@@ -643,7 +643,7 @@ pgp_new_blob(sc_card_t *card, struct blob *parent, unsigned int file_id,
blob->parent = parent;
if (parent != NULL) {
- struct blob **p;
+ pgp_blob_t **p;
/* set file's path = parent's path + file's id */
blob->file->path = parent->file->path;
@@ -681,11 +681,11 @@ pgp_new_blob(sc_card_t *card, struct blob *parent, unsigned int file_id,
/* internal: free a blob including its content */
static void
-pgp_free_blob(struct blob *blob)
+pgp_free_blob(pgp_blob_t *blob)
{
if (blob) {
if (blob->parent) {
- struct blob **p;
+ pgp_blob_t **p;
/* remove blob from list of parent's children */
for (p = &blob->parent->files; *p != NULL && *p != blob; p = &(*p)->next)
@@ -705,14 +705,14 @@ pgp_free_blob(struct blob *blob)
/* internal: iterate through the blob tree, calling a function for each blob */
static void
-pgp_iterate_blobs(struct blob *blob, int level, void (*func)())
+pgp_iterate_blobs(pgp_blob_t *blob, int level, void (*func)())
{
if (blob) {
if (level > 0) {
- struct blob *child = blob->files;
+ pgp_blob_t *child = blob->files;
while (child != NULL) {
- struct blob *next = child->next;
+ pgp_blob_t *next = child->next;
pgp_iterate_blobs(child, level-1, func);
child = next;
@@ -725,7 +725,7 @@ pgp_iterate_blobs(struct blob *blob, int level, void (*func)())
/* internal: read a blob's contents from card */
static int
-pgp_read_blob(sc_card_t *card, struct blob *blob)
+pgp_read_blob(sc_card_t *card, pgp_blob_t *blob)
{
struct pgp_priv_data *priv = DRVDATA (card);
@@ -772,7 +772,7 @@ pgp_read_blob(sc_card_t *card, struct blob *blob)
* The OpenPGP card has a TLV encoding according ASN.1 BER-encoding rules.
*/
static int
-pgp_enumerate_blob(sc_card_t *card, struct blob *blob)
+pgp_enumerate_blob(sc_card_t *card, pgp_blob_t *blob)
{
const u8 *in;
int r;
@@ -789,7 +789,7 @@ pgp_enumerate_blob(sc_card_t *card, struct blob *blob)
unsigned int cla, tag, tmptag;
size_t len;
const u8 *data = in;
- struct blob *new;
+ pgp_blob_t *new;
r = sc_asn1_read_tag(&data, blob->len - (in - blob->data),
&cla, &tag, &len);
@@ -819,10 +819,10 @@ pgp_enumerate_blob(sc_card_t *card, struct blob *blob)
/* internal: find a blob by ID below a given parent, filling its contents when necessary */
static int
-pgp_get_blob(sc_card_t *card, struct blob *blob, unsigned int id,
- struct blob **ret)
+pgp_get_blob(sc_card_t *card, pgp_blob_t *blob, unsigned int id,
+ pgp_blob_t **ret)
{
- struct blob *child;
+ pgp_blob_t *child;
int r;
if ((r = pgp_enumerate_blob(card, blob)) < 0)
@@ -858,10 +858,10 @@ pgp_get_blob(sc_card_t *card, struct blob *blob, unsigned int id,
/* Internal: search recursively for a blob by ID below a given root */
static int
-pgp_seek_blob(sc_card_t *card, struct blob *root, unsigned int id,
- struct blob **ret)
+pgp_seek_blob(sc_card_t *card, pgp_blob_t *root, unsigned int id,
+ pgp_blob_t **ret)
{
- struct blob *child;
+ pgp_blob_t *child;
int r;
if ((r = pgp_get_blob(card, root, id, ret)) == 0)
@@ -883,11 +883,11 @@ pgp_seek_blob(sc_card_t *card, struct blob *root, unsigned int id,
}
/* internal: find a blob by tag - pgp_seek_blob with optimizations */
-static struct blob *
+static pgp_blob_t *
pgp_find_blob(sc_card_t *card, unsigned int tag)
{
struct pgp_priv_data *priv = DRVDATA(card);
- struct blob *blob = NULL;
+ pgp_blob_t *blob = NULL;
int r;
/* Check if current selected blob is which we want to test*/
@@ -941,7 +941,7 @@ static int
pgp_select_file(sc_card_t *card, const sc_path_t *path, sc_file_t **ret)
{
struct pgp_priv_data *priv = DRVDATA(card);
- struct blob *blob;
+ pgp_blob_t *blob;
unsigned int path_start = 0;
unsigned int n;
sc_path_t dummy_path;
@@ -1022,7 +1022,7 @@ static int
pgp_list_files(sc_card_t *card, u8 *buf, size_t buflen)
{
struct pgp_priv_data *priv = DRVDATA(card);
- struct blob *blob;
+ pgp_blob_t *blob;
unsigned int k;
int r;
@@ -1058,7 +1058,7 @@ pgp_read_binary(sc_card_t *card, unsigned int idx,
u8 *buf, size_t count, unsigned long flags)
{
struct pgp_priv_data *priv = DRVDATA(card);
- struct blob *blob;
+ pgp_blob_t *blob;
int r;
LOG_FUNC_CALLED(card->ctx);
@@ -1134,7 +1134,7 @@ static int
pgp_get_pubkey_pem(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len)
{
struct pgp_priv_data *priv = DRVDATA(card);
- struct blob *blob, *mod_blob, *exp_blob;
+ pgp_blob_t *blob, *mod_blob, *exp_blob;
sc_pkcs15_pubkey_t pubkey;
u8 *data;
size_t len;
@@ -1329,7 +1329,7 @@ static int
pgp_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t buf_len)
{
struct pgp_priv_data *priv = DRVDATA(card);
- struct blob *affected_blob = NULL;
+ pgp_blob_t *affected_blob = NULL;
struct do_info *dinfo = NULL;
int r;
@@ -1603,7 +1603,7 @@ static int
pgp_update_new_algo_attr(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_info)
{
struct pgp_priv_data *priv = DRVDATA(card);
- struct blob *algo_blob;
+ pgp_blob_t *algo_blob;
unsigned int old_modulus_len; /* Measured in bit */
unsigned int old_exponent_len;
const unsigned int tag = 0x00C0 | key_info->keytype;
@@ -1708,7 +1708,7 @@ pgp_calculate_and_store_fingerprint(sc_card_t *card, time_t ctime,
u8 *p; /* Use this pointer to set fp_buffer content */
size_t pk_packet_len;
unsigned int tag;
- struct blob *fpseq_blob;
+ pgp_blob_t *fpseq_blob;
u8 *newdata;
int r;
@@ -1797,7 +1797,7 @@ pgp_update_pubkey_blob(sc_card_t *card, u8* modulus, size_t modulus_len,
u8* exponent, size_t exponent_len, u8 key_id)
{
struct pgp_priv_data *priv = DRVDATA(card);
- struct blob *pk_blob;
+ pgp_blob_t *pk_blob;
unsigned int blob_id;
sc_pkcs15_pubkey_t pubkey;
u8 *data = NULL;
@@ -1939,6 +1939,8 @@ static int pgp_update_card_algorithms(sc_card_t *card, sc_cardctl_openpgp_keygen
**/
static int pgp_gen_key(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_info)
{
+ struct pgp_priv_data *priv = DRVDATA(card);
+ pgp_blob_t *algo_blob;
sc_apdu_t apdu;
/* Temporary variables to hold APDU params */
u8 apdu_case;
@@ -2132,7 +2134,7 @@ pgp_build_extended_header_list(sc_card_t *card, sc_cardctl_openpgp_keystore_info
};
size_t comp_to_add = 3;
size_t req_e_len = 0; /* The exponent length specified in Algorithm Attributes */
- struct blob *alat_blob;
+ pgp_blob_t *alat_blob;
u8 i;
int r;
@@ -2483,7 +2485,7 @@ static int
pgp_delete_file(sc_card_t *card, const sc_path_t *path)
{
struct pgp_priv_data *priv = DRVDATA(card);
- struct blob *blob;
+ pgp_blob_t *blob;
sc_file_t *file;
u8 key_id;
int r;
@@ -2533,7 +2535,7 @@ pgp_update_binary(sc_card_t *card, unsigned int idx,
const u8 *buf, size_t count, unsigned long flags)
{
struct pgp_priv_data *priv = DRVDATA(card);
- struct blob *blob = priv->current;
+ pgp_blob_t *blob = priv->current;
int r = SC_SUCCESS;
LOG_FUNC_CALLED(card->ctx);
--
2.1.3

+ 41
- 0
utils/opensc/patches/0024-OpenPGP-Fix-crash-after-accessing-inexistent-file.patch View File

@ -0,0 +1,41 @@
From 8a87a4ee9107f250254d5c93c6fd62224c400ce7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Mon, 14 Jul 2014 01:30:28 +0800
Subject: [PATCH 24/26] OpenPGP: Fix crash after accessing inexistent file.
---
src/libopensc/card-openpgp.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index ca3173c..94c69ae 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -973,7 +973,6 @@ pgp_select_file(sc_card_t *card, const sc_path_t *path, sc_file_t **ret)
* So we set its size to be the same as max certificate size the card supports. */
(*ret)->size = priv->max_cert_size;
}
- priv->current = NULL;
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
}
@@ -990,7 +989,6 @@ pgp_select_file(sc_card_t *card, const sc_path_t *path, sc_file_t **ret)
/* This file ID is refered when importing key&certificate via pkcs15init, like above.
* We pretend to successfully find this inexistent file. */
if (id == 0x4402 || id == 0x5f48) {
- priv->current = NULL;
if (ret == NULL)
/* No need to return file */
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
@@ -1002,7 +1000,6 @@ pgp_select_file(sc_card_t *card, const sc_path_t *path, sc_file_t **ret)
}
if (r < 0) { /* failure */
- priv->current = NULL;
LOG_FUNC_RETURN(card->ctx, r);
}
}
--
2.1.3

+ 148
- 0
utils/opensc/patches/0025-Replace-hardcode.patch View File

@ -0,0 +1,148 @@
From da70a41383e2ab81fbcc89fb1067f5a189e0fb97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Sun, 9 Nov 2014 15:58:40 +0700
Subject: [PATCH 25/26] Replace hardcode.
---
src/libopensc/card-openpgp.c | 72 +++++++++++++++++++++++++-------------------
1 file changed, 41 insertions(+), 31 deletions(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index 94c69ae..1e6e338 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -152,6 +152,24 @@ static int pgp_get_pubkey(sc_card_t *, unsigned int,
static int pgp_get_pubkey_pem(sc_card_t *, unsigned int,
u8 *, size_t);
+/* The DO holding X.509 certificate is constructed but does not contain child DO.
+ * We should notice this when building fake file system later. */
+#define DO_CERT 0x7f21
+/* Control Reference Template of private keys. Ref: Section 4.3.3.7 of OpenPGP card v2 spec.
+ * Here we seen it as DO just for convenient */
+#define DO_SIGN 0xb600
+#define DO_ENCR 0xb800
+#define DO_AUTH 0xa400
+/* These DO does not exist. They are defined and used just for ease of implementation */
+#define DO_SIGN_SYM 0xb601
+#define DO_ENCR_SYM 0xb801
+#define DO_AUTH_SYM 0xa401
+/* Maximum length for response buffer when reading pubkey. This value is calculated with
+ * 4096-bit key length */
+#define MAXLEN_RESP_PUBKEY 527
+/* Gnuk only support 1 key length (2048 bit) */
+#define MAXLEN_RESP_PUBKEY_GNUK 271
+
static struct do_info pgp1_objects[] = { /* OpenPGP card spec 1.1 */
{ 0x004f, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
{ 0x005b, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
@@ -192,12 +210,12 @@ static struct do_info pgp1_objects[] = { /* OpenPGP card spec 1.1 */
{ 0x5f35, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
{ 0x5f50, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
{ 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
- { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
- { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
- { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
- { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
- { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
- { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { DO_AUTH, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { DO_AUTH_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { DO_SIGN, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { DO_SIGN_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { DO_ENCR, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { DO_ENCR_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
{ 0, 0, 0, NULL, NULL },
};
@@ -246,30 +264,21 @@ static struct do_info pgp2_objects[] = { /* OpenPGP card spec 2.0 */
{ 0x5f52, SIMPLE, READ_ALWAYS | WRITE_NEVER, sc_get_data, NULL },
/* The 7F21 is constructed DO in spec, but in practice, its content can be retrieved
* as simple DO (no need to parse TLV). */
- { 0x7f21, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
+ { DO_CERT, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
{ 0x7f48, CONSTRUCTED, READ_NEVER | WRITE_NEVER, NULL, NULL },
{ 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
- { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { DO_AUTH, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
/* The 0xA401, 0xB601, 0xB801 are just symbolic, it does not represent any real DO.
* However, their R/W access condition may block the process of importing key in pkcs15init.
* So we set their accesses condition as WRITE_PIN3 (writable). */
- { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
- { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
- { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
- { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
- { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { DO_AUTH_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { DO_SIGN, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { DO_SIGN_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { DO_ENCR, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { DO_ENCR_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
{ 0, 0, 0, NULL, NULL },
};
-/* The DO holding X.509 certificate is constructed but does not contain child DO.
- * We should notice this when building fake file system later. */
-#define DO_CERT 0x7f21
-/* Maximum length for response buffer when reading pubkey. This value is calculated with
- * 4096-bit key length */
-#define MAXLEN_RESP_PUBKEY 527
-/* Gnuk only support 1 key length (2048 bit) */
-#define MAXLEN_RESP_PUBKEY_GNUK 271
-
#define DRVDATA(card) ((struct pgp_priv_data *) ((card)->drv_data))
struct pgp_priv_data {
pgp_blob_t * mf;
@@ -747,8 +756,9 @@ pgp_read_blob(sc_card_t *card, pgp_blob_t *blob)
/* Buffer length for Gnuk pubkey */
if (card->type == SC_CARD_TYPE_OPENPGP_GNUK &&
- (blob->id == 0xa400 || blob->id == 0xb600 || blob->id == 0xb800
- || blob->id == 0xa401 || blob->id == 0xb601 || blob->id == 0xb801)) {
+ (blob->id == DO_AUTH || blob->id == DO_SIGN || blob->id == DO_ENCR
+ || blob->id == DO_AUTH_SYM || blob->id == DO_SIGN_SYM
+ || blob->id == DO_ENCR_SYM)) {
buf_len = MAXLEN_RESP_PUBKEY_GNUK;
}
@@ -1804,11 +1814,11 @@ pgp_update_pubkey_blob(sc_card_t *card, u8* modulus, size_t modulus_len,
LOG_FUNC_CALLED(card->ctx);
if (key_id == SC_OPENPGP_KEY_SIGN)
- blob_id = 0xB601;
+ blob_id = DO_SIGN_SYM;
else if (key_id == SC_OPENPGP_KEY_ENCR)
- blob_id = 0xB801;
+ blob_id = DO_ENCR_SYM;
else if (key_id == SC_OPENPGP_KEY_AUTH)
- blob_id = 0xA401;
+ blob_id = DO_AUTH_SYM;
else {
sc_log(card->ctx, "Unknown key id %X.", key_id);
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS);
@@ -2501,17 +2511,17 @@ pgp_delete_file(sc_card_t *card, const sc_path_t *path)
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
if (card->type != SC_CARD_TYPE_OPENPGP_GNUK &&
- (file->id == 0xB601 || file->id == 0xB801 || file->id == 0xA401)) {
+ (file->id == DO_SIGN_SYM || file->id == DO_ENCR_SYM || file->id == DO_AUTH_SYM)) {
/* These tags are just symbolic. We don't really delete it. */
r = SC_SUCCESS;
}
- else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xB601) {
+ else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_SIGN_SYM) {
r = gnuk_delete_key(card, 1);
}
- else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xB801) {
+ else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_ENCR_SYM) {
r = gnuk_delete_key(card, 2);
}
- else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xA401) {
+ else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_AUTH_SYM) {
r = gnuk_delete_key(card, 3);
}
else {
--
2.1.3

+ 53
- 0
utils/opensc/patches/0026-hardcode-defines-for-DO-s.patch View File

@ -0,0 +1,53 @@
From b9dae832db54b206a15bcc12e290cef50f31c3d0 Mon Sep 17 00:00:00 2001
From: george <ggkitsas@yahoo.com>
Date: Tue, 11 Nov 2014 16:16:15 +0100
Subject: [PATCH 26/26] hardcode->defines for DO's
---
src/libopensc/card-openpgp.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index 1e6e338..8464914 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -164,6 +164,18 @@ static int pgp_get_pubkey_pem(sc_card_t *, unsigned int,
#define DO_SIGN_SYM 0xb601
#define DO_ENCR_SYM 0xb801
#define DO_AUTH_SYM 0xa401
+/* Private DO's */
+#define DO_PRIV1 0x0101
+#define DO_PRIV2 0x0102
+#define DO_PRIV3 0x0103
+#define DO_PRIV4 0x0104
+/* Cardholder information DO's */
+#define DO_CARDHOLDER 0x65
+#define DO_NAME 0x5b
+#define DO_LANG_PREF 0x5f2d
+#define DO_SEX 0x5f35
+
+
/* Maximum length for response buffer when reading pubkey. This value is calculated with
* 4096-bit key length */
#define MAXLEN_RESP_PUBKEY 527
@@ -851,7 +863,7 @@ pgp_get_blob(sc_card_t *card, pgp_blob_t *blob, unsigned int id,
/* Special case:
* Gnuk does not have default value for children of DO 65 (DOs 5B, 5F2D, 5F35)
* So, if these blob was not found, we create it. */
- if (blob->id == 0x65 && (id == 0x5B || id == 0x5F2D || id == 0x5F35)) {
+ if (blob->id == DO_CARDHOLDER && (id == DO_NAME || id == DO_LANG_PREF || id == DO_SEX)) {
sc_log(card->ctx, "Create blob %X under %X", id, blob->id);
child = pgp_new_blob(card, blob, id, sc_file_new());
if (child) {
@@ -1198,7 +1210,7 @@ pgp_get_data(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len)
/* For Gnuk card, if there is no certificate, it returns error instead of empty data.
* So, for this case, we ignore error and consider success */
if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND && card->type == SC_CARD_TYPE_OPENPGP_GNUK
- && (tag == DO_CERT || tag == 0x0101 || tag == 0x0102 || tag == 0x0103 || tag == 0x0104)) {
+ && (tag == DO_CERT || tag == DO_PRIV1 || tag == DO_PRIV2 || tag == DO_PRIV3 || tag == DO_PRIV4)) {
r = SC_SUCCESS;
apdu.resplen = 0;
}
--
2.1.3

Write Preview
Loading…
Cancel
Save