Signed-off-by: Daniel Golle <daniel@makrotopia.org>lilik-openwrt-22.03
@ -0,0 +1,182 @@ | |||||
From c6abf7976f64be5191dc80fecdbcb07daab7a2e0 Mon Sep 17 00:00:00 2001 | |||||
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= | |||||
<ng.hong.quan@gmail.com> | |||||
Date: Sun, 3 Nov 2013 01:45:56 +0800 | |||||
Subject: [PATCH 19/26] OpenPGP: Make indentation consistent (space -> tab). | |||||
--- | |||||
src/libopensc/card-openpgp.c | 22 ++++++++--------- | |||||
src/tools/openpgp-tool.c | 56 ++++++++++++++++++++++---------------------- | |||||
2 files changed, 39 insertions(+), 39 deletions(-) | |||||
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c | |||||
index 037ef73..ae40940 100644 | |||||
--- a/src/libopensc/card-openpgp.c | |||||
+++ b/src/libopensc/card-openpgp.c | |||||
@@ -192,12 +192,12 @@ static struct do_info pgp1_objects[] = { /* OpenPGP card spec 1.1 */ | |||||
{ 0x5f35, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data }, | |||||
{ 0x5f50, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data }, | |||||
{ 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL }, | |||||
- { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
- { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
- { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
- { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
- { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
- { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
+ { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
+ { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
+ { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
+ { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
+ { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
+ { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
{ 0, 0, 0, NULL, NULL }, | |||||
}; | |||||
@@ -253,11 +253,11 @@ static struct do_info pgp2_objects[] = { /* OpenPGP card spec 2.0 */ | |||||
/* The 0xA401, 0xB601, 0xB801 are just symbolic, it does not represent any real DO. | |||||
* However, their R/W access condition may block the process of importing key in pkcs15init. | |||||
* So we set their accesses condition as WRITE_PIN3 (writable). */ | |||||
- { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
- { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
- { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
- { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
- { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
+ { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
+ { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
+ { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
+ { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
+ { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
{ 0, 0, 0, NULL, NULL }, | |||||
}; | |||||
diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c | |||||
index 374819a..a0334ca 100644 | |||||
--- a/src/tools/openpgp-tool.c | |||||
+++ b/src/tools/openpgp-tool.c | |||||
@@ -37,11 +37,11 @@ | |||||
#include "util.h" | |||||
#include "libopensc/log.h" | |||||
-#define OPT_RAW 256 | |||||
-#define OPT_PRETTY 257 | |||||
-#define OPT_VERIFY 258 | |||||
-#define OPT_PIN 259 | |||||
-#define OPT_DELKEY 260 | |||||
+#define OPT_RAW 256 | |||||
+#define OPT_PRETTY 257 | |||||
+#define OPT_VERIFY 258 | |||||
+#define OPT_PIN 259 | |||||
+#define OPT_DELKEY 260 | |||||
/* define structures */ | |||||
struct ef_name_map { | |||||
@@ -142,10 +142,10 @@ static const struct ef_name_map openpgp_data[] = { | |||||
static void show_version(void) | |||||
{ | |||||
fprintf(stderr, | |||||
- "openpgp-tool - OpenPGP card utility version " PACKAGE_VERSION "\n" | |||||
- "\n" | |||||
- "Copyright (c) 2012 Peter Marschall <peter@adpm.de>\n" | |||||
- "Licensed under LGPL v2\n"); | |||||
+ "openpgp-tool - OpenPGP card utility version " PACKAGE_VERSION "\n" | |||||
+ "\n" | |||||
+ "Copyright (c) 2012 Peter Marschall <peter@adpm.de>\n" | |||||
+ "Licensed under LGPL v2\n"); | |||||
} | |||||
@@ -176,16 +176,16 @@ static char *prettify_language(char *str) | |||||
{ | |||||
if (str != NULL) { | |||||
switch (strlen(str)) { | |||||
- case 8: memmove(str+7, str+6, 1+strlen(str+6)); | |||||
+ case 8: memmove(str+7, str+6, 1+strlen(str+6)); | |||||
str[6] = ','; | |||||
/* fall through */ | |||||
- case 6: memmove(str+5, str+4, 1+strlen(str+4)); | |||||
+ case 6: memmove(str+5, str+4, 1+strlen(str+4)); | |||||
str[4] = ','; | |||||
/* fall through */ | |||||
- case 4: memmove(str+3, str+2, 1+strlen(str+2)); | |||||
+ case 4: memmove(str+3, str+2, 1+strlen(str+2)); | |||||
str[2] = ','; | |||||
/* fall through */ | |||||
- case 2: return str; | |||||
+ case 2: return str; | |||||
} | |||||
} | |||||
return NULL; | |||||
@@ -197,10 +197,10 @@ static char *prettify_gender(char *str) | |||||
{ | |||||
if (str != NULL) { | |||||
switch (*str) { | |||||
- case '0': return "unknown"; | |||||
- case '1': return "male"; | |||||
- case '2': return "female"; | |||||
- case '9': return "not applicable"; | |||||
+ case '0': return "unknown"; | |||||
+ case '1': return "male"; | |||||
+ case '2': return "female"; | |||||
+ case '9': return "not applicable"; | |||||
} | |||||
} | |||||
return NULL; | |||||
@@ -218,7 +218,7 @@ static void display_data(const struct ef_name_map *mapping, char *value) | |||||
char *envvar; | |||||
envvar = malloc(strlen(mapping->env_name) + | |||||
- strlen(value) + 2); | |||||
+ strlen(value) + 2); | |||||
if (envvar != NULL) { | |||||
strcpy(envvar, mapping->env_name); | |||||
strcat(envvar, "="); | |||||
@@ -346,20 +346,20 @@ static int do_userinfo(sc_card_t *card) | |||||
if (!count) | |||||
continue; | |||||
- if (count > (int)sizeof(buf) - 1) { | |||||
+ if (count > (int)sizeof(buf) - 1) { | |||||
fprintf(stderr, "Too small buffer to read the OpenPGP data\n"); | |||||
return EXIT_FAILURE; | |||||
} | |||||
- | |||||
- r = sc_read_binary(card, 0, buf, count, 0); | |||||
- if (r < 0) { | |||||
+ | |||||
+ r = sc_read_binary(card, 0, buf, count, 0); | |||||
+ if (r < 0) { | |||||
fprintf(stderr, "%s: read failed - %s\n", openpgp_data[i].ef, sc_strerror(r)); | |||||
return EXIT_FAILURE; | |||||
- } | |||||
- if (r != count) { | |||||
- fprintf(stderr, "%s: expecting %d, got only %d bytes\n", openpgp_data[i].ef, count, r); | |||||
+ } | |||||
+ if (r != count) { | |||||
+ fprintf(stderr, "%s: expecting %d, got only %d bytes\n", openpgp_data[i].ef, count, r); | |||||
return EXIT_FAILURE; | |||||
- } | |||||
+ } | |||||
buf[count] = '\0'; | |||||
@@ -628,7 +628,7 @@ int main(int argc, char **argv) | |||||
r = sc_context_create(&ctx, &ctx_param); | |||||
if (r) { | |||||
util_fatal("failed to establish context: %s\n", | |||||
- sc_strerror(r)); | |||||
+ sc_strerror(r)); | |||||
return EXIT_FAILURE; | |||||
} | |||||
@@ -640,7 +640,7 @@ int main(int argc, char **argv) | |||||
r = util_connect_card(ctx, &card, opt_reader, opt_wait, verbose); | |||||
if (r) { | |||||
util_fatal("failed to connect to card: %s\n", | |||||
- sc_strerror(r)); | |||||
+ sc_strerror(r)); | |||||
return EXIT_FAILURE; | |||||
} | |||||
-- | |||||
2.1.3 | |||||
@ -0,0 +1,84 @@ | |||||
From 9acf5c1ad7d8a32b472203d3bd8860ea2cbde0e7 Mon Sep 17 00:00:00 2001 | |||||
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= | |||||
<ng.hong.quan@gmail.com> | |||||
Date: Sun, 3 Nov 2013 02:53:35 +0800 | |||||
Subject: [PATCH 20/26] OpenPGP: Don't use sc_log in openpgp-tool. | |||||
--- | |||||
src/tools/openpgp-tool.c | 21 +++++++++++---------- | |||||
1 file changed, 11 insertions(+), 10 deletions(-) | |||||
diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c | |||||
index a0334ca..505abd9 100644 | |||||
--- a/src/tools/openpgp-tool.c | |||||
+++ b/src/tools/openpgp-tool.c | |||||
@@ -414,8 +414,6 @@ int do_genkey(sc_card_t *card, u8 key_id, unsigned int key_len) | |||||
sc_path_t path; | |||||
sc_file_t *file; | |||||
- LOG_FUNC_CALLED(card->ctx); | |||||
- | |||||
if (key_id < 1 || key_id > 3) { | |||||
printf("Unknown key ID %d.\n", key_id); | |||||
return 1; | |||||
@@ -479,14 +477,14 @@ int delete_key_gnuk(sc_card_t *card, u8 key_id) | |||||
u8 *data = NULL; | |||||
/* Delete fingerprint */ | |||||
- sc_log(ctx, "Delete fingerprints"); | |||||
+ fprintf(stdout, "Delete fingerprints"); | |||||
r |= sc_put_data(card, 0xC6 + key_id, NULL, 0); | |||||
/* Delete creation time */ | |||||
- sc_log(ctx, "Delete creation time"); | |||||
+ fprintf(stdout, "Delete creation time"); | |||||
r |= sc_put_data(card, 0xCD + key_id, NULL, 0); | |||||
/* Rewrite Extended Header List */ | |||||
- sc_log(ctx, "Rewrite Extended Header List"); | |||||
+ fprintf(stdout, "Rewrite Extended Header List"); | |||||
if (key_id == 1) | |||||
data = "\x4D\x02\xB6"; | |||||
@@ -534,15 +532,18 @@ int delete_key_openpgp(sc_card_t *card, u8 key_id) | |||||
/* Build APDU from binary array */ | |||||
r = sc_bytes2apdu(card->ctx, buf, len0, &apdu); | |||||
if (r) { | |||||
- sc_log(ctx, "Failed to build APDU"); | |||||
- LOG_FUNC_RETURN(ctx, SC_ERROR_INTERNAL); | |||||
+ fprintf(stderr, "Failed to build APDU: %s\n", sc_strerror(r)); | |||||
+ return r; | |||||
} | |||||
apdu.resp = rbuf; | |||||
apdu.resplen = sizeof(rbuf); | |||||
/* Send APDU to card */ | |||||
r = sc_transmit_apdu(card, &apdu); | |||||
- LOG_TEST_RET(ctx, r, "Transmiting APDU failed"); | |||||
+ if (r) { | |||||
+ fprintf(stderr, "Transmiting APDU failed: %s\n", sc_strerror(r)); | |||||
+ return r; | |||||
+ } | |||||
} | |||||
/* TODO: Rewrite Extended Header List. | |||||
* Not support by OpenGPG v2 yet */ | |||||
@@ -557,7 +558,7 @@ int delete_key(sc_card_t *card, u8 key_id) | |||||
LOG_FUNC_CALLED(ctx); | |||||
/* Check key ID */ | |||||
if (key_id < 1 || key_id > 3) { | |||||
- sc_log(ctx, "Invalid key ID %d", key_id); | |||||
+ fprintf(stderr, "Invalid key ID %d", key_id); | |||||
LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); | |||||
} | |||||
@@ -649,7 +650,7 @@ int main(int argc, char **argv) | |||||
(card->type != SC_CARD_TYPE_OPENPGP_V2) && | |||||
(card->type != SC_CARD_TYPE_OPENPGP_GNUK)) { | |||||
util_error("not an OpenPGP card"); | |||||
- sc_log(card->ctx, "Card type %X", card->type); | |||||
+ fprintf(stderr, "Card type %X\n", card->type); | |||||
exit_status = EXIT_FAILURE; | |||||
goto out; | |||||
} | |||||
-- | |||||
2.1.3 | |||||
@ -0,0 +1,112 @@ | |||||
From 0fdbf868976172486af210accafbab163452ff78 Mon Sep 17 00:00:00 2001 | |||||
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= | |||||
<ng.hong.quan@gmail.com> | |||||
Date: Sun, 3 Nov 2013 11:26:25 +0800 | |||||
Subject: [PATCH 21/26] OpenPGP: Don't reimplement gnuk_delete_key in | |||||
openpgp-tool. | |||||
--- | |||||
src/tools/openpgp-tool.c | 64 ++++++------------------------------------------ | |||||
1 file changed, 8 insertions(+), 56 deletions(-) | |||||
diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c | |||||
index 505abd9..a7796e7 100644 | |||||
--- a/src/tools/openpgp-tool.c | |||||
+++ b/src/tools/openpgp-tool.c | |||||
@@ -468,38 +468,6 @@ int do_verify(sc_card_t *card, char *type, char *pin) | |||||
} | |||||
/** | |||||
- * Delete key, for Gnuk. | |||||
- **/ | |||||
-int delete_key_gnuk(sc_card_t *card, u8 key_id) | |||||
-{ | |||||
- sc_context_t *ctx = card->ctx; | |||||
- int r = SC_SUCCESS; | |||||
- u8 *data = NULL; | |||||
- | |||||
- /* Delete fingerprint */ | |||||
- fprintf(stdout, "Delete fingerprints"); | |||||
- r |= sc_put_data(card, 0xC6 + key_id, NULL, 0); | |||||
- /* Delete creation time */ | |||||
- fprintf(stdout, "Delete creation time"); | |||||
- r |= sc_put_data(card, 0xCD + key_id, NULL, 0); | |||||
- | |||||
- /* Rewrite Extended Header List */ | |||||
- fprintf(stdout, "Rewrite Extended Header List"); | |||||
- | |||||
- if (key_id == 1) | |||||
- data = "\x4D\x02\xB6"; | |||||
- else if (key_id == 2) | |||||
- data = "\x4D\x02\xB8"; | |||||
- else if (key_id == 3) | |||||
- data = "\x4D\x02\xA4"; | |||||
- else | |||||
- return SC_ERROR_INVALID_ARGUMENTS; | |||||
- | |||||
- r |= sc_put_data(card, 0x4D, data, strlen(data) + 1); | |||||
- return r; | |||||
-} | |||||
- | |||||
-/** | |||||
* Delete key, for OpenPGP card. | |||||
* This function is not complete and is reserved for future version (> 2) of OpenPGP card. | |||||
**/ | |||||
@@ -547,32 +515,13 @@ int delete_key_openpgp(sc_card_t *card, u8 key_id) | |||||
} | |||||
/* TODO: Rewrite Extended Header List. | |||||
* Not support by OpenGPG v2 yet */ | |||||
- LOG_FUNC_RETURN(ctx, r); | |||||
-} | |||||
- | |||||
-int delete_key(sc_card_t *card, u8 key_id) | |||||
-{ | |||||
- sc_context_t *ctx = card->ctx; | |||||
- int r; | |||||
- | |||||
- LOG_FUNC_CALLED(ctx); | |||||
- /* Check key ID */ | |||||
- if (key_id < 1 || key_id > 3) { | |||||
- fprintf(stderr, "Invalid key ID %d", key_id); | |||||
- LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); | |||||
- } | |||||
- | |||||
- if (card->type == SC_CARD_TYPE_OPENPGP_GNUK) | |||||
- r = delete_key_gnuk(card, key_id); | |||||
- else | |||||
- r = delete_key_openpgp(card, key_id); | |||||
- | |||||
- LOG_FUNC_RETURN(ctx, r); | |||||
+ return r; | |||||
} | |||||
int do_delete_key(sc_card_t *card, u8 key_id) | |||||
{ | |||||
sc_context_t *ctx = card->ctx; | |||||
+ sc_path_t path; | |||||
int r = SC_SUCCESS; | |||||
/* Currently, only Gnuk supports deleting keys */ | |||||
@@ -586,13 +535,16 @@ int do_delete_key(sc_card_t *card, u8 key_id) | |||||
return SC_ERROR_INVALID_ARGUMENTS; | |||||
} | |||||
if (key_id == 1 || key_id == 'a') { | |||||
- r |= delete_key(card, 1); | |||||
+ sc_format_path("B601", &path); | |||||
+ r |= sc_delete_file(card, &path); | |||||
} | |||||
if (key_id == 2 || key_id == 'a') { | |||||
- r |= delete_key(card, 2); | |||||
+ sc_format_path("B801", &path); | |||||
+ r |= sc_delete_file(card, &path); | |||||
} | |||||
if (key_id == 3 || key_id == 'a') { | |||||
- r |= delete_key(card, 3); | |||||
+ sc_format_path("A401", &path); | |||||
+ r |= sc_delete_file(card, &path); | |||||
} | |||||
return r; | |||||
} | |||||
-- | |||||
2.1.3 | |||||
@ -0,0 +1,87 @@ | |||||
From 0cd2a488d86006bb2740a4e73e7a0d859e1bf33c Mon Sep 17 00:00:00 2001 | |||||
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= | |||||
<ng.hong.quan@gmail.com> | |||||
Date: Sun, 13 Jul 2014 17:37:59 +0800 | |||||
Subject: [PATCH 22/26] OpenPGP: Use directly binary array of APDUs for ERASE | |||||
command. | |||||
I used a string presentation before and it needed an extra conversion step. | |||||
--- | |||||
src/libopensc/card-openpgp.c | 47 +++++++++++++++++++++++--------------------- | |||||
1 file changed, 25 insertions(+), 22 deletions(-) | |||||
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c | |||||
index ae40940..724fe73 100644 | |||||
--- a/src/libopensc/card-openpgp.c | |||||
+++ b/src/libopensc/card-openpgp.c | |||||
@@ -2347,24 +2347,27 @@ out: | |||||
static int pgp_erase_card(sc_card_t *card) | |||||
{ | |||||
sc_context_t *ctx = card->ctx; | |||||
- u8 *apdustring[10] = { | |||||
- "00:20:00:81:08:40:40:40:40:40:40:40:40", | |||||
- "00:20:00:81:08:40:40:40:40:40:40:40:40", | |||||
- "00:20:00:81:08:40:40:40:40:40:40:40:40", | |||||
- "00:20:00:81:08:40:40:40:40:40:40:40:40", | |||||
- "00:20:00:83:08:40:40:40:40:40:40:40:40", | |||||
- "00:20:00:83:08:40:40:40:40:40:40:40:40", | |||||
- "00:20:00:83:08:40:40:40:40:40:40:40:40", | |||||
- "00:20:00:83:08:40:40:40:40:40:40:40:40", | |||||
- "00:e6:00:00", | |||||
- "00:44:00:00" | |||||
+ /* Special series of commands to erase OpenPGP card, | |||||
+ * according to https://www.crypto-stick.com/en/faq | |||||
+ * (How to reset a Crypto Stick? question). | |||||
+ * Gnuk is known not to support this feature. */ | |||||
+ u8 apdu_binaries[10][13] = { | |||||
+ {0, 0x20, 0, 0x81, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40}, | |||||
+ {0, 0x20, 0, 0x81, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40}, | |||||
+ {0, 0x20, 0, 0x81, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40}, | |||||
+ {0, 0x20, 0, 0x81, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40}, | |||||
+ {0, 0x20, 0, 0x83, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40}, | |||||
+ {0, 0x20, 0, 0x83, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40}, | |||||
+ {0, 0x20, 0, 0x83, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40}, | |||||
+ {0, 0x20, 0, 0x83, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40}, | |||||
+ {0, 0xe6, 0, 0}, | |||||
+ {0, 0x44, 0, 0} | |||||
}; | |||||
+ u8 apdu_lens[10] = {13, 13, 13, 13, 13, 13, 13, 13, 4, 4}; | |||||
u8 buf[SC_MAX_APDU_BUFFER_SIZE]; | |||||
u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; | |||||
sc_apdu_t apdu; | |||||
- size_t len0; | |||||
- int commandsnum = 10; | |||||
- int i, r; | |||||
+ int i, l, r; | |||||
LOG_FUNC_CALLED(ctx); | |||||
@@ -2376,17 +2379,17 @@ static int pgp_erase_card(sc_card_t *card) | |||||
sc_log(ctx, "Card is OpenPGP v2. Erase card."); | |||||
/* Iterate over 10 commands above */ | |||||
- for (i = 0; i < commandsnum; i++) { | |||||
- /* Convert the string to binary array */ | |||||
- len0 = sizeof(buf); | |||||
- sc_hex_to_bin(apdustring[i], buf, &len0); | |||||
- printf("Sending: "); | |||||
- for (r = 0; r < len0; r++) | |||||
- printf("%02X ", buf[r]); | |||||
+ for (i = 0; i < sizeof(apdu_lens); i++) { | |||||
+ /* Length of the binary array of the current command */ | |||||
+ l = apdu_lens[i]; | |||||
+ /* Print the command to console */ | |||||
+ printf("Sending %d: ", i); | |||||
+ for (r = 0; r < l; r++) | |||||
+ printf("%02X ", apdu_binaries[i][r]); | |||||
printf("\n"); | |||||
/* Build APDU from binary array */ | |||||
- r = sc_bytes2apdu(card->ctx, buf, len0, &apdu); | |||||
+ r = sc_bytes2apdu(card->ctx, apdu_binaries[i], l, &apdu); | |||||
if (r) { | |||||
sc_log(ctx, "Failed to build APDU"); | |||||
LOG_FUNC_RETURN(ctx, SC_ERROR_INTERNAL); | |||||
-- | |||||
2.1.3 | |||||
@ -0,0 +1,339 @@ | |||||
From 6f56ea4cfc52323002d818731a50a31e863b6843 Mon Sep 17 00:00:00 2001 | |||||
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= | |||||
<ng.hong.quan@gmail.com> | |||||
Date: Sun, 13 Jul 2014 19:41:36 +0800 | |||||
Subject: [PATCH 23/26] OpenPGP: Rename private "blob" type to avoid confusing | |||||
with variable name. | |||||
This name has been used for both data type and variable name of that | |||||
type. | |||||
--- | |||||
src/libopensc/card-openpgp.c | 96 ++++++++++++++++++++++---------------------- | |||||
1 file changed, 49 insertions(+), 47 deletions(-) | |||||
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c | |||||
index 724fe73..ca3173c 100644 | |||||
--- a/src/libopensc/card-openpgp.c | |||||
+++ b/src/libopensc/card-openpgp.c | |||||
@@ -111,9 +111,9 @@ enum _card_state { | |||||
CARD_STATE_ACTIVATED = 0x05 | |||||
}; | |||||
-struct blob { | |||||
- struct blob * next; /* pointer to next sibling */ | |||||
- struct blob * parent; /* pointer to parent */ | |||||
+typedef struct pgp_blob { | |||||
+ struct pgp_blob * next; /* pointer to next sibling */ | |||||
+ struct pgp_blob * parent; /* pointer to parent */ | |||||
struct do_info *info; | |||||
sc_file_t * file; | |||||
@@ -122,8 +122,8 @@ struct blob { | |||||
unsigned char * data; | |||||
unsigned int len; | |||||
- struct blob * files; /* pointer to 1st child */ | |||||
-}; | |||||
+ struct pgp_blob * files; /* pointer to 1st child */ | |||||
+} pgp_blob_t; | |||||
struct do_info { | |||||
unsigned int id; /* ID of the DO in question */ | |||||
@@ -141,12 +141,12 @@ struct do_info { | |||||
static int pgp_get_card_features(sc_card_t *card); | |||||
static int pgp_finish(sc_card_t *card); | |||||
-static void pgp_iterate_blobs(struct blob *, int, void (*func)()); | |||||
+static void pgp_iterate_blobs(pgp_blob_t *, int, void (*func)()); | |||||
-static int pgp_get_blob(sc_card_t *card, struct blob *blob, | |||||
- unsigned int id, struct blob **ret); | |||||
-static struct blob * pgp_new_blob(sc_card_t *, struct blob *, unsigned int, sc_file_t *); | |||||
-static void pgp_free_blob(struct blob *); | |||||
+static int pgp_get_blob(sc_card_t *card, pgp_blob_t *blob, | |||||
+ unsigned int id, pgp_blob_t **ret); | |||||
+static pgp_blob_t * pgp_new_blob(sc_card_t *, pgp_blob_t *, unsigned int, sc_file_t *); | |||||
+static void pgp_free_blob(pgp_blob_t *); | |||||
static int pgp_get_pubkey(sc_card_t *, unsigned int, | |||||
u8 *, size_t); | |||||
static int pgp_get_pubkey_pem(sc_card_t *, unsigned int, | |||||
@@ -272,8 +272,8 @@ static struct do_info pgp2_objects[] = { /* OpenPGP card spec 2.0 */ | |||||
#define DRVDATA(card) ((struct pgp_priv_data *) ((card)->drv_data)) | |||||
struct pgp_priv_data { | |||||
- struct blob * mf; | |||||
- struct blob * current; /* currently selected file */ | |||||
+ pgp_blob_t * mf; | |||||
+ pgp_blob_t * current; /* currently selected file */ | |||||
enum _version bcd_version; | |||||
struct do_info *pgp_objects; | |||||
@@ -311,7 +311,7 @@ pgp_init(sc_card_t *card) | |||||
sc_file_t *file = NULL; | |||||
struct do_info *info; | |||||
int r; | |||||
- struct blob *child = NULL; | |||||
+ pgp_blob_t *child = NULL; | |||||
LOG_FUNC_CALLED(card->ctx); | |||||
@@ -389,7 +389,7 @@ pgp_get_card_features(sc_card_t *card) | |||||
unsigned char *hist_bytes = card->atr.value; | |||||
size_t atr_len = card->atr.len; | |||||
size_t i = 0; | |||||
- struct blob *blob, *blob6e, *blob73; | |||||
+ pgp_blob_t *blob, *blob6e, *blob73; | |||||
/* parse card capabilities from historical bytes */ | |||||
while ((i < atr_len) && (hist_bytes[i] != 0x73)) | |||||
@@ -526,7 +526,7 @@ pgp_finish(sc_card_t *card) | |||||
/* internal: fill a blob's data */ | |||||
static int | |||||
-pgp_set_blob(struct blob *blob, const u8 *data, size_t len) | |||||
+pgp_set_blob(pgp_blob_t *blob, const u8 *data, size_t len) | |||||
{ | |||||
if (blob->data) | |||||
free(blob->data); | |||||
@@ -620,16 +620,16 @@ pgp_attach_acl(sc_card_t *card, sc_file_t *file, struct do_info *info) | |||||
} | |||||
/* internal: append a blob to the list of children of a given parent blob */ | |||||
-static struct blob * | |||||
-pgp_new_blob(sc_card_t *card, struct blob *parent, unsigned int file_id, | |||||
+static pgp_blob_t * | |||||
+pgp_new_blob(sc_card_t *card, pgp_blob_t *parent, unsigned int file_id, | |||||
sc_file_t *file) | |||||
{ | |||||
- struct blob *blob = NULL; | |||||
+ pgp_blob_t *blob = NULL; | |||||
if (file == NULL) | |||||
return NULL; | |||||
- if ((blob = calloc(1, sizeof(struct blob))) != NULL) { | |||||
+ if ((blob = calloc(1, sizeof(pgp_blob_t))) != NULL) { | |||||
struct pgp_priv_data *priv = DRVDATA (card); | |||||
struct do_info *info; | |||||
@@ -643,7 +643,7 @@ pgp_new_blob(sc_card_t *card, struct blob *parent, unsigned int file_id, | |||||
blob->parent = parent; | |||||
if (parent != NULL) { | |||||
- struct blob **p; | |||||
+ pgp_blob_t **p; | |||||
/* set file's path = parent's path + file's id */ | |||||
blob->file->path = parent->file->path; | |||||
@@ -681,11 +681,11 @@ pgp_new_blob(sc_card_t *card, struct blob *parent, unsigned int file_id, | |||||
/* internal: free a blob including its content */ | |||||
static void | |||||
-pgp_free_blob(struct blob *blob) | |||||
+pgp_free_blob(pgp_blob_t *blob) | |||||
{ | |||||
if (blob) { | |||||
if (blob->parent) { | |||||
- struct blob **p; | |||||
+ pgp_blob_t **p; | |||||
/* remove blob from list of parent's children */ | |||||
for (p = &blob->parent->files; *p != NULL && *p != blob; p = &(*p)->next) | |||||
@@ -705,14 +705,14 @@ pgp_free_blob(struct blob *blob) | |||||
/* internal: iterate through the blob tree, calling a function for each blob */ | |||||
static void | |||||
-pgp_iterate_blobs(struct blob *blob, int level, void (*func)()) | |||||
+pgp_iterate_blobs(pgp_blob_t *blob, int level, void (*func)()) | |||||
{ | |||||
if (blob) { | |||||
if (level > 0) { | |||||
- struct blob *child = blob->files; | |||||
+ pgp_blob_t *child = blob->files; | |||||
while (child != NULL) { | |||||
- struct blob *next = child->next; | |||||
+ pgp_blob_t *next = child->next; | |||||
pgp_iterate_blobs(child, level-1, func); | |||||
child = next; | |||||
@@ -725,7 +725,7 @@ pgp_iterate_blobs(struct blob *blob, int level, void (*func)()) | |||||
/* internal: read a blob's contents from card */ | |||||
static int | |||||
-pgp_read_blob(sc_card_t *card, struct blob *blob) | |||||
+pgp_read_blob(sc_card_t *card, pgp_blob_t *blob) | |||||
{ | |||||
struct pgp_priv_data *priv = DRVDATA (card); | |||||
@@ -772,7 +772,7 @@ pgp_read_blob(sc_card_t *card, struct blob *blob) | |||||
* The OpenPGP card has a TLV encoding according ASN.1 BER-encoding rules. | |||||
*/ | |||||
static int | |||||
-pgp_enumerate_blob(sc_card_t *card, struct blob *blob) | |||||
+pgp_enumerate_blob(sc_card_t *card, pgp_blob_t *blob) | |||||
{ | |||||
const u8 *in; | |||||
int r; | |||||
@@ -789,7 +789,7 @@ pgp_enumerate_blob(sc_card_t *card, struct blob *blob) | |||||
unsigned int cla, tag, tmptag; | |||||
size_t len; | |||||
const u8 *data = in; | |||||
- struct blob *new; | |||||
+ pgp_blob_t *new; | |||||
r = sc_asn1_read_tag(&data, blob->len - (in - blob->data), | |||||
&cla, &tag, &len); | |||||
@@ -819,10 +819,10 @@ pgp_enumerate_blob(sc_card_t *card, struct blob *blob) | |||||
/* internal: find a blob by ID below a given parent, filling its contents when necessary */ | |||||
static int | |||||
-pgp_get_blob(sc_card_t *card, struct blob *blob, unsigned int id, | |||||
- struct blob **ret) | |||||
+pgp_get_blob(sc_card_t *card, pgp_blob_t *blob, unsigned int id, | |||||
+ pgp_blob_t **ret) | |||||
{ | |||||
- struct blob *child; | |||||
+ pgp_blob_t *child; | |||||
int r; | |||||
if ((r = pgp_enumerate_blob(card, blob)) < 0) | |||||
@@ -858,10 +858,10 @@ pgp_get_blob(sc_card_t *card, struct blob *blob, unsigned int id, | |||||
/* Internal: search recursively for a blob by ID below a given root */ | |||||
static int | |||||
-pgp_seek_blob(sc_card_t *card, struct blob *root, unsigned int id, | |||||
- struct blob **ret) | |||||
+pgp_seek_blob(sc_card_t *card, pgp_blob_t *root, unsigned int id, | |||||
+ pgp_blob_t **ret) | |||||
{ | |||||
- struct blob *child; | |||||
+ pgp_blob_t *child; | |||||
int r; | |||||
if ((r = pgp_get_blob(card, root, id, ret)) == 0) | |||||
@@ -883,11 +883,11 @@ pgp_seek_blob(sc_card_t *card, struct blob *root, unsigned int id, | |||||
} | |||||
/* internal: find a blob by tag - pgp_seek_blob with optimizations */ | |||||
-static struct blob * | |||||
+static pgp_blob_t * | |||||
pgp_find_blob(sc_card_t *card, unsigned int tag) | |||||
{ | |||||
struct pgp_priv_data *priv = DRVDATA(card); | |||||
- struct blob *blob = NULL; | |||||
+ pgp_blob_t *blob = NULL; | |||||
int r; | |||||
/* Check if current selected blob is which we want to test*/ | |||||
@@ -941,7 +941,7 @@ static int | |||||
pgp_select_file(sc_card_t *card, const sc_path_t *path, sc_file_t **ret) | |||||
{ | |||||
struct pgp_priv_data *priv = DRVDATA(card); | |||||
- struct blob *blob; | |||||
+ pgp_blob_t *blob; | |||||
unsigned int path_start = 0; | |||||
unsigned int n; | |||||
sc_path_t dummy_path; | |||||
@@ -1022,7 +1022,7 @@ static int | |||||
pgp_list_files(sc_card_t *card, u8 *buf, size_t buflen) | |||||
{ | |||||
struct pgp_priv_data *priv = DRVDATA(card); | |||||
- struct blob *blob; | |||||
+ pgp_blob_t *blob; | |||||
unsigned int k; | |||||
int r; | |||||
@@ -1058,7 +1058,7 @@ pgp_read_binary(sc_card_t *card, unsigned int idx, | |||||
u8 *buf, size_t count, unsigned long flags) | |||||
{ | |||||
struct pgp_priv_data *priv = DRVDATA(card); | |||||
- struct blob *blob; | |||||
+ pgp_blob_t *blob; | |||||
int r; | |||||
LOG_FUNC_CALLED(card->ctx); | |||||
@@ -1134,7 +1134,7 @@ static int | |||||
pgp_get_pubkey_pem(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len) | |||||
{ | |||||
struct pgp_priv_data *priv = DRVDATA(card); | |||||
- struct blob *blob, *mod_blob, *exp_blob; | |||||
+ pgp_blob_t *blob, *mod_blob, *exp_blob; | |||||
sc_pkcs15_pubkey_t pubkey; | |||||
u8 *data; | |||||
size_t len; | |||||
@@ -1329,7 +1329,7 @@ static int | |||||
pgp_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t buf_len) | |||||
{ | |||||
struct pgp_priv_data *priv = DRVDATA(card); | |||||
- struct blob *affected_blob = NULL; | |||||
+ pgp_blob_t *affected_blob = NULL; | |||||
struct do_info *dinfo = NULL; | |||||
int r; | |||||
@@ -1603,7 +1603,7 @@ static int | |||||
pgp_update_new_algo_attr(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_info) | |||||
{ | |||||
struct pgp_priv_data *priv = DRVDATA(card); | |||||
- struct blob *algo_blob; | |||||
+ pgp_blob_t *algo_blob; | |||||
unsigned int old_modulus_len; /* Measured in bit */ | |||||
unsigned int old_exponent_len; | |||||
const unsigned int tag = 0x00C0 | key_info->keytype; | |||||
@@ -1708,7 +1708,7 @@ pgp_calculate_and_store_fingerprint(sc_card_t *card, time_t ctime, | |||||
u8 *p; /* Use this pointer to set fp_buffer content */ | |||||
size_t pk_packet_len; | |||||
unsigned int tag; | |||||
- struct blob *fpseq_blob; | |||||
+ pgp_blob_t *fpseq_blob; | |||||
u8 *newdata; | |||||
int r; | |||||
@@ -1797,7 +1797,7 @@ pgp_update_pubkey_blob(sc_card_t *card, u8* modulus, size_t modulus_len, | |||||
u8* exponent, size_t exponent_len, u8 key_id) | |||||
{ | |||||
struct pgp_priv_data *priv = DRVDATA(card); | |||||
- struct blob *pk_blob; | |||||
+ pgp_blob_t *pk_blob; | |||||
unsigned int blob_id; | |||||
sc_pkcs15_pubkey_t pubkey; | |||||
u8 *data = NULL; | |||||
@@ -1939,6 +1939,8 @@ static int pgp_update_card_algorithms(sc_card_t *card, sc_cardctl_openpgp_keygen | |||||
**/ | |||||
static int pgp_gen_key(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_info) | |||||
{ | |||||
+ struct pgp_priv_data *priv = DRVDATA(card); | |||||
+ pgp_blob_t *algo_blob; | |||||
sc_apdu_t apdu; | |||||
/* Temporary variables to hold APDU params */ | |||||
u8 apdu_case; | |||||
@@ -2132,7 +2134,7 @@ pgp_build_extended_header_list(sc_card_t *card, sc_cardctl_openpgp_keystore_info | |||||
}; | |||||
size_t comp_to_add = 3; | |||||
size_t req_e_len = 0; /* The exponent length specified in Algorithm Attributes */ | |||||
- struct blob *alat_blob; | |||||
+ pgp_blob_t *alat_blob; | |||||
u8 i; | |||||
int r; | |||||
@@ -2483,7 +2485,7 @@ static int | |||||
pgp_delete_file(sc_card_t *card, const sc_path_t *path) | |||||
{ | |||||
struct pgp_priv_data *priv = DRVDATA(card); | |||||
- struct blob *blob; | |||||
+ pgp_blob_t *blob; | |||||
sc_file_t *file; | |||||
u8 key_id; | |||||
int r; | |||||
@@ -2533,7 +2535,7 @@ pgp_update_binary(sc_card_t *card, unsigned int idx, | |||||
const u8 *buf, size_t count, unsigned long flags) | |||||
{ | |||||
struct pgp_priv_data *priv = DRVDATA(card); | |||||
- struct blob *blob = priv->current; | |||||
+ pgp_blob_t *blob = priv->current; | |||||
int r = SC_SUCCESS; | |||||
LOG_FUNC_CALLED(card->ctx); | |||||
-- | |||||
2.1.3 | |||||
@ -0,0 +1,41 @@ | |||||
From 8a87a4ee9107f250254d5c93c6fd62224c400ce7 Mon Sep 17 00:00:00 2001 | |||||
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= | |||||
<ng.hong.quan@gmail.com> | |||||
Date: Mon, 14 Jul 2014 01:30:28 +0800 | |||||
Subject: [PATCH 24/26] OpenPGP: Fix crash after accessing inexistent file. | |||||
--- | |||||
src/libopensc/card-openpgp.c | 3 --- | |||||
1 file changed, 3 deletions(-) | |||||
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c | |||||
index ca3173c..94c69ae 100644 | |||||
--- a/src/libopensc/card-openpgp.c | |||||
+++ b/src/libopensc/card-openpgp.c | |||||
@@ -973,7 +973,6 @@ pgp_select_file(sc_card_t *card, const sc_path_t *path, sc_file_t **ret) | |||||
* So we set its size to be the same as max certificate size the card supports. */ | |||||
(*ret)->size = priv->max_cert_size; | |||||
} | |||||
- priv->current = NULL; | |||||
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); | |||||
} | |||||
@@ -990,7 +989,6 @@ pgp_select_file(sc_card_t *card, const sc_path_t *path, sc_file_t **ret) | |||||
/* This file ID is refered when importing key&certificate via pkcs15init, like above. | |||||
* We pretend to successfully find this inexistent file. */ | |||||
if (id == 0x4402 || id == 0x5f48) { | |||||
- priv->current = NULL; | |||||
if (ret == NULL) | |||||
/* No need to return file */ | |||||
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); | |||||
@@ -1002,7 +1000,6 @@ pgp_select_file(sc_card_t *card, const sc_path_t *path, sc_file_t **ret) | |||||
} | |||||
if (r < 0) { /* failure */ | |||||
- priv->current = NULL; | |||||
LOG_FUNC_RETURN(card->ctx, r); | |||||
} | |||||
} | |||||
-- | |||||
2.1.3 | |||||
@ -0,0 +1,148 @@ | |||||
From da70a41383e2ab81fbcc89fb1067f5a189e0fb97 Mon Sep 17 00:00:00 2001 | |||||
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= | |||||
<ng.hong.quan@gmail.com> | |||||
Date: Sun, 9 Nov 2014 15:58:40 +0700 | |||||
Subject: [PATCH 25/26] Replace hardcode. | |||||
--- | |||||
src/libopensc/card-openpgp.c | 72 +++++++++++++++++++++++++------------------- | |||||
1 file changed, 41 insertions(+), 31 deletions(-) | |||||
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c | |||||
index 94c69ae..1e6e338 100644 | |||||
--- a/src/libopensc/card-openpgp.c | |||||
+++ b/src/libopensc/card-openpgp.c | |||||
@@ -152,6 +152,24 @@ static int pgp_get_pubkey(sc_card_t *, unsigned int, | |||||
static int pgp_get_pubkey_pem(sc_card_t *, unsigned int, | |||||
u8 *, size_t); | |||||
+/* The DO holding X.509 certificate is constructed but does not contain child DO. | |||||
+ * We should notice this when building fake file system later. */ | |||||
+#define DO_CERT 0x7f21 | |||||
+/* Control Reference Template of private keys. Ref: Section 4.3.3.7 of OpenPGP card v2 spec. | |||||
+ * Here we seen it as DO just for convenient */ | |||||
+#define DO_SIGN 0xb600 | |||||
+#define DO_ENCR 0xb800 | |||||
+#define DO_AUTH 0xa400 | |||||
+/* These DO does not exist. They are defined and used just for ease of implementation */ | |||||
+#define DO_SIGN_SYM 0xb601 | |||||
+#define DO_ENCR_SYM 0xb801 | |||||
+#define DO_AUTH_SYM 0xa401 | |||||
+/* Maximum length for response buffer when reading pubkey. This value is calculated with | |||||
+ * 4096-bit key length */ | |||||
+#define MAXLEN_RESP_PUBKEY 527 | |||||
+/* Gnuk only support 1 key length (2048 bit) */ | |||||
+#define MAXLEN_RESP_PUBKEY_GNUK 271 | |||||
+ | |||||
static struct do_info pgp1_objects[] = { /* OpenPGP card spec 1.1 */ | |||||
{ 0x004f, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL }, | |||||
{ 0x005b, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data }, | |||||
@@ -192,12 +210,12 @@ static struct do_info pgp1_objects[] = { /* OpenPGP card spec 1.1 */ | |||||
{ 0x5f35, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data }, | |||||
{ 0x5f50, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data }, | |||||
{ 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL }, | |||||
- { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
- { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
- { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
- { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
- { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
- { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
+ { DO_AUTH, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
+ { DO_AUTH_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
+ { DO_SIGN, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
+ { DO_SIGN_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
+ { DO_ENCR, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
+ { DO_ENCR_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
{ 0, 0, 0, NULL, NULL }, | |||||
}; | |||||
@@ -246,30 +264,21 @@ static struct do_info pgp2_objects[] = { /* OpenPGP card spec 2.0 */ | |||||
{ 0x5f52, SIMPLE, READ_ALWAYS | WRITE_NEVER, sc_get_data, NULL }, | |||||
/* The 7F21 is constructed DO in spec, but in practice, its content can be retrieved | |||||
* as simple DO (no need to parse TLV). */ | |||||
- { 0x7f21, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data }, | |||||
+ { DO_CERT, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data }, | |||||
{ 0x7f48, CONSTRUCTED, READ_NEVER | WRITE_NEVER, NULL, NULL }, | |||||
{ 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL }, | |||||
- { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
+ { DO_AUTH, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
/* The 0xA401, 0xB601, 0xB801 are just symbolic, it does not represent any real DO. | |||||
* However, their R/W access condition may block the process of importing key in pkcs15init. | |||||
* So we set their accesses condition as WRITE_PIN3 (writable). */ | |||||
- { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
- { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
- { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
- { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
- { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
+ { DO_AUTH_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
+ { DO_SIGN, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
+ { DO_SIGN_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
+ { DO_ENCR, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, | |||||
+ { DO_ENCR_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, | |||||
{ 0, 0, 0, NULL, NULL }, | |||||
}; | |||||
-/* The DO holding X.509 certificate is constructed but does not contain child DO. | |||||
- * We should notice this when building fake file system later. */ | |||||
-#define DO_CERT 0x7f21 | |||||
-/* Maximum length for response buffer when reading pubkey. This value is calculated with | |||||
- * 4096-bit key length */ | |||||
-#define MAXLEN_RESP_PUBKEY 527 | |||||
-/* Gnuk only support 1 key length (2048 bit) */ | |||||
-#define MAXLEN_RESP_PUBKEY_GNUK 271 | |||||
- | |||||
#define DRVDATA(card) ((struct pgp_priv_data *) ((card)->drv_data)) | |||||
struct pgp_priv_data { | |||||
pgp_blob_t * mf; | |||||
@@ -747,8 +756,9 @@ pgp_read_blob(sc_card_t *card, pgp_blob_t *blob) | |||||
/* Buffer length for Gnuk pubkey */ | |||||
if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && | |||||
- (blob->id == 0xa400 || blob->id == 0xb600 || blob->id == 0xb800 | |||||
- || blob->id == 0xa401 || blob->id == 0xb601 || blob->id == 0xb801)) { | |||||
+ (blob->id == DO_AUTH || blob->id == DO_SIGN || blob->id == DO_ENCR | |||||
+ || blob->id == DO_AUTH_SYM || blob->id == DO_SIGN_SYM | |||||
+ || blob->id == DO_ENCR_SYM)) { | |||||
buf_len = MAXLEN_RESP_PUBKEY_GNUK; | |||||
} | |||||
@@ -1804,11 +1814,11 @@ pgp_update_pubkey_blob(sc_card_t *card, u8* modulus, size_t modulus_len, | |||||
LOG_FUNC_CALLED(card->ctx); | |||||
if (key_id == SC_OPENPGP_KEY_SIGN) | |||||
- blob_id = 0xB601; | |||||
+ blob_id = DO_SIGN_SYM; | |||||
else if (key_id == SC_OPENPGP_KEY_ENCR) | |||||
- blob_id = 0xB801; | |||||
+ blob_id = DO_ENCR_SYM; | |||||
else if (key_id == SC_OPENPGP_KEY_AUTH) | |||||
- blob_id = 0xA401; | |||||
+ blob_id = DO_AUTH_SYM; | |||||
else { | |||||
sc_log(card->ctx, "Unknown key id %X.", key_id); | |||||
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS); | |||||
@@ -2501,17 +2511,17 @@ pgp_delete_file(sc_card_t *card, const sc_path_t *path) | |||||
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); | |||||
if (card->type != SC_CARD_TYPE_OPENPGP_GNUK && | |||||
- (file->id == 0xB601 || file->id == 0xB801 || file->id == 0xA401)) { | |||||
+ (file->id == DO_SIGN_SYM || file->id == DO_ENCR_SYM || file->id == DO_AUTH_SYM)) { | |||||
/* These tags are just symbolic. We don't really delete it. */ | |||||
r = SC_SUCCESS; | |||||
} | |||||
- else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xB601) { | |||||
+ else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_SIGN_SYM) { | |||||
r = gnuk_delete_key(card, 1); | |||||
} | |||||
- else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xB801) { | |||||
+ else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_ENCR_SYM) { | |||||
r = gnuk_delete_key(card, 2); | |||||
} | |||||
- else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xA401) { | |||||
+ else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_AUTH_SYM) { | |||||
r = gnuk_delete_key(card, 3); | |||||
} | |||||
else { | |||||
-- | |||||
2.1.3 | |||||
@ -0,0 +1,53 @@ | |||||
From b9dae832db54b206a15bcc12e290cef50f31c3d0 Mon Sep 17 00:00:00 2001 | |||||
From: george <ggkitsas@yahoo.com> | |||||
Date: Tue, 11 Nov 2014 16:16:15 +0100 | |||||
Subject: [PATCH 26/26] hardcode->defines for DO's | |||||
--- | |||||
src/libopensc/card-openpgp.c | 16 ++++++++++++++-- | |||||
1 file changed, 14 insertions(+), 2 deletions(-) | |||||
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c | |||||
index 1e6e338..8464914 100644 | |||||
--- a/src/libopensc/card-openpgp.c | |||||
+++ b/src/libopensc/card-openpgp.c | |||||
@@ -164,6 +164,18 @@ static int pgp_get_pubkey_pem(sc_card_t *, unsigned int, | |||||
#define DO_SIGN_SYM 0xb601 | |||||
#define DO_ENCR_SYM 0xb801 | |||||
#define DO_AUTH_SYM 0xa401 | |||||
+/* Private DO's */ | |||||
+#define DO_PRIV1 0x0101 | |||||
+#define DO_PRIV2 0x0102 | |||||
+#define DO_PRIV3 0x0103 | |||||
+#define DO_PRIV4 0x0104 | |||||
+/* Cardholder information DO's */ | |||||
+#define DO_CARDHOLDER 0x65 | |||||
+#define DO_NAME 0x5b | |||||
+#define DO_LANG_PREF 0x5f2d | |||||
+#define DO_SEX 0x5f35 | |||||
+ | |||||
+ | |||||
/* Maximum length for response buffer when reading pubkey. This value is calculated with | |||||
* 4096-bit key length */ | |||||
#define MAXLEN_RESP_PUBKEY 527 | |||||
@@ -851,7 +863,7 @@ pgp_get_blob(sc_card_t *card, pgp_blob_t *blob, unsigned int id, | |||||
/* Special case: | |||||
* Gnuk does not have default value for children of DO 65 (DOs 5B, 5F2D, 5F35) | |||||
* So, if these blob was not found, we create it. */ | |||||
- if (blob->id == 0x65 && (id == 0x5B || id == 0x5F2D || id == 0x5F35)) { | |||||
+ if (blob->id == DO_CARDHOLDER && (id == DO_NAME || id == DO_LANG_PREF || id == DO_SEX)) { | |||||
sc_log(card->ctx, "Create blob %X under %X", id, blob->id); | |||||
child = pgp_new_blob(card, blob, id, sc_file_new()); | |||||
if (child) { | |||||
@@ -1198,7 +1210,7 @@ pgp_get_data(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len) | |||||
/* For Gnuk card, if there is no certificate, it returns error instead of empty data. | |||||
* So, for this case, we ignore error and consider success */ | |||||
if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND && card->type == SC_CARD_TYPE_OPENPGP_GNUK | |||||
- && (tag == DO_CERT || tag == 0x0101 || tag == 0x0102 || tag == 0x0103 || tag == 0x0104)) { | |||||
+ && (tag == DO_CERT || tag == DO_PRIV1 || tag == DO_PRIV2 || tag == DO_PRIV3 || tag == DO_PRIV4)) { | |||||
r = SC_SUCCESS; | |||||
apdu.resplen = 0; | |||||
} | |||||
-- | |||||
2.1.3 | |||||