2003-09-28 15:41:58 +02:00
|
|
|
/* iso7816.c - ISO 7816 commands
|
2004-04-27 10:23:45 +02:00
|
|
|
* Copyright (C) 2003, 2004 Free Software Foundation, Inc.
|
2003-09-28 15:41:58 +02:00
|
|
|
*
|
|
|
|
|
* This file is part of GnuPG.
|
|
|
|
|
*
|
|
|
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
2007-10-23 12:48:09 +02:00
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2003-09-28 15:41:58 +02:00
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* GnuPG is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2007-10-23 12:48:09 +02:00
|
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
2004-10-20 11:39:56 +02:00
|
|
|
*
|
|
|
|
|
* $Id$
|
2003-09-28 15:41:58 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
2004-04-27 10:23:45 +02:00
|
|
|
#if defined(GNUPG_SCD_MAIN_HEADER)
|
|
|
|
|
#include GNUPG_SCD_MAIN_HEADER
|
|
|
|
|
#elif GNUPG_MAJOR_VERSION == 1
|
2003-10-02 12:20:12 +02:00
|
|
|
/* This is used with GnuPG version < 1.9. The code has been source
|
|
|
|
|
copied from the current GnuPG >= 1.9 and is maintained over
|
|
|
|
|
there. */
|
2003-09-28 15:41:58 +02:00
|
|
|
#include "options.h"
|
|
|
|
|
#include "errors.h"
|
|
|
|
|
#include "memory.h"
|
|
|
|
|
#include "util.h"
|
|
|
|
|
#include "i18n.h"
|
2003-10-02 12:20:12 +02:00
|
|
|
#else /* GNUPG_MAJOR_VERSION != 1 */
|
|
|
|
|
#include "scdaemon.h"
|
|
|
|
|
#endif /* GNUPG_MAJOR_VERSION != 1 */
|
2003-09-28 15:41:58 +02:00
|
|
|
|
|
|
|
|
#include "iso7816.h"
|
|
|
|
|
#include "apdu.h"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#define CMD_SELECT_FILE 0xA4
|
|
|
|
|
#define CMD_VERIFY 0x20
|
|
|
|
|
#define CMD_CHANGE_REFERENCE_DATA 0x24
|
|
|
|
|
#define CMD_RESET_RETRY_COUNTER 0x2C
|
|
|
|
|
#define CMD_GET_DATA 0xCA
|
|
|
|
|
#define CMD_PUT_DATA 0xDA
|
2004-04-27 10:23:45 +02:00
|
|
|
#define CMD_MSE 0x22
|
2003-09-28 15:41:58 +02:00
|
|
|
#define CMD_PSO 0x2A
|
|
|
|
|
#define CMD_INTERNAL_AUTHENTICATE 0x88
|
|
|
|
|
#define CMD_GENERATE_KEYPAIR 0x47
|
|
|
|
|
#define CMD_GET_CHALLENGE 0x84
|
2004-04-27 10:23:45 +02:00
|
|
|
#define CMD_READ_BINARY 0xB0
|
|
|
|
|
#define CMD_READ_RECORD 0xB2
|
2003-09-28 15:41:58 +02:00
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
map_sw (int sw)
|
|
|
|
|
{
|
|
|
|
|
gpg_err_code_t ec;
|
|
|
|
|
|
|
|
|
|
switch (sw)
|
|
|
|
|
{
|
|
|
|
|
case SW_EEPROM_FAILURE: ec = GPG_ERR_HARDWARE; break;
|
|
|
|
|
case SW_WRONG_LENGTH: ec = GPG_ERR_INV_VALUE; break;
|
|
|
|
|
case SW_CHV_WRONG: ec = GPG_ERR_BAD_PIN; break;
|
|
|
|
|
case SW_CHV_BLOCKED: ec = GPG_ERR_PIN_BLOCKED; break;
|
|
|
|
|
case SW_USE_CONDITIONS: ec = GPG_ERR_USE_CONDITIONS; break;
|
|
|
|
|
case SW_NOT_SUPPORTED: ec = GPG_ERR_NOT_SUPPORTED; break;
|
|
|
|
|
case SW_BAD_PARAMETER: ec = GPG_ERR_INV_VALUE; break;
|
2004-04-27 10:23:45 +02:00
|
|
|
case SW_FILE_NOT_FOUND: ec = GPG_ERR_ENOENT; break;
|
|
|
|
|
case SW_RECORD_NOT_FOUND:ec= GPG_ERR_NOT_FOUND; break;
|
2003-09-28 15:41:58 +02:00
|
|
|
case SW_REF_NOT_FOUND: ec = GPG_ERR_NO_OBJ; break;
|
|
|
|
|
case SW_BAD_P0_P1: ec = GPG_ERR_INV_VALUE; break;
|
2005-09-07 19:05:42 +02:00
|
|
|
case SW_EXACT_LENGTH: ec = GPG_ERR_INV_VALUE; break;
|
2003-09-28 15:41:58 +02:00
|
|
|
case SW_INS_NOT_SUP: ec = GPG_ERR_CARD; break;
|
|
|
|
|
case SW_CLA_NOT_SUP: ec = GPG_ERR_CARD; break;
|
|
|
|
|
case SW_SUCCESS: ec = 0; break;
|
|
|
|
|
|
|
|
|
|
case SW_HOST_OUT_OF_CORE: ec = GPG_ERR_ENOMEM; break;
|
|
|
|
|
case SW_HOST_INV_VALUE: ec = GPG_ERR_INV_VALUE; break;
|
|
|
|
|
case SW_HOST_INCOMPLETE_CARD_RESPONSE: ec = GPG_ERR_CARD; break;
|
2004-04-27 10:23:45 +02:00
|
|
|
case SW_HOST_NOT_SUPPORTED: ec = GPG_ERR_NOT_SUPPORTED; break;
|
|
|
|
|
case SW_HOST_LOCKING_FAILED: ec = GPG_ERR_BUG; break;
|
|
|
|
|
case SW_HOST_BUSY: ec = GPG_ERR_EBUSY; break;
|
* README: Doc --disable-card-support and --without-readline.
* configure.ac: Check for readline. Make enable-card-support the
default. New option --without-readline. Allow the use of either
the development or the stable libusb.
* cardglue.h: Add members for CA fingerprints.
* cardglue.c (agent_release_card_info): Invalid them.
(learn_status_cb): Store them.
* app-common.h, app-openpgp.c, iso7816.c, iso7816.h
* apdu.c, apdu.h, ccid-driver.c, ccid-driver.h
* card-util.c: Updated from current gnupg-1.9.
* ccid-driver.h (CCID_DRIVER_ERR_ABORTED): New.
* ccid-driver.c (ccid_open_reader): Support the stable 0.1 version
of libusb.
(ccid_get_atr): Handle short messages.
* apdu.c (my_rapdu_get_status): Implemented.
* apdu.c: Include <signal.h>.
* apdu.c (reader_table_s): Add function pointers for the backends.
(apdu_close_reader, apdu_get_status, apdu_activate)
(send_apdu): Make use of them.
(new_reader_slot): Intialize them to NULL.
(dump_ccid_reader_status, ct_dump_reader_status): New.
(dump_pcsc_reader_status): New.
(open_ct_reader, open_pcsc_reader, open_ccid_reader)
(open_osc_reader, open_rapdu_reader): Intialize function pointers.
(ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu)
(error_string): Removed. Replaced by apdu_strerror.
(get_ccid_error_string): Removed.
(ct_activate_card): Remove the unused loop.
(reset_ct_reader): Implemented.
(ct_send_apdu): Activate the card if not yet done.
(pcsc_send_apdu): Ditto.
* ccid-driver.h: Add error codes.
* ccid-driver.c: Implement more or less proper error codes all
over the place.
* apdu.c (apdu_send_direct): New.
(get_ccid_error_string): Add some error code mappings.
(send_apdu): Pass error codes along for drivers already supporting
them.
(host_sw_string): New.
(get_ccid_error_string): Use above.
(send_apdu_ccid): Reset the reader if it has not yet been done.
(open_ccid_reader): Don't care if the ATR can't be read.
(apdu_activate_card): New.
(apdu_strerror): New.
(dump_reader_status): Only enable it with opt.VERBOSE.
* iso7816.c (map_sw): Add mappings for the new error codes.
* apdu.c (open_ct_reader, open_pcsc_reader, open_ccid_reader)
(reset_ccid_reader, open_osc_reader): Call dump_reader_status only
in verbose mode.
* app-openpgp.c (do_getattr): Fix for sending CA-FPR.
* app-openpgp.c (app_openpgp_readkey): Fixed check for valid
exponent.
* app-openpgp.c (do_setattr): Sync FORCE_CHV1.
* card-util.c (change_login): Kludge to allow reading data from a
file.
(card_edit): Pass ARG_STRING to change_login.
(card_status): Print CA fingerprints.
(change_cafpr): New.
(card_edit): New command CAFPR.
* errors.h (G10ERR_NO_CARD, G10ERR_CANCELED): New error codes.
* errors.c (g10_errstr): New error codes G10ERR_NO_CARD,
G10ERR_CANCELED.
2004-09-09 20:18:36 +02:00
|
|
|
case SW_HOST_NO_CARD: ec = GPG_ERR_CARD_NOT_PRESENT; break;
|
|
|
|
|
case SW_HOST_CARD_INACTIVE: ec = GPG_ERR_CARD_RESET; break;
|
|
|
|
|
case SW_HOST_CARD_IO_ERROR: ec = GPG_ERR_EIO; break;
|
|
|
|
|
case SW_HOST_GENERAL_ERROR: ec = GPG_ERR_GENERAL; break;
|
|
|
|
|
case SW_HOST_NO_READER: ec = GPG_ERR_ENODEV; break;
|
|
|
|
|
case SW_HOST_ABORTED: ec = GPG_ERR_CANCELED; break;
|
|
|
|
|
|
2003-09-28 15:41:58 +02:00
|
|
|
default:
|
|
|
|
|
if ((sw & 0x010000))
|
|
|
|
|
ec = GPG_ERR_GENERAL; /* Should not happen. */
|
|
|
|
|
else if ((sw & 0xff00) == SW_MORE_DATA)
|
|
|
|
|
ec = 0; /* This should actually never been seen here. */
|
|
|
|
|
else
|
|
|
|
|
ec = GPG_ERR_CARD;
|
|
|
|
|
}
|
|
|
|
|
return gpg_error (ec);
|
|
|
|
|
}
|
|
|
|
|
|
2004-10-20 11:39:56 +02:00
|
|
|
/* Map a status word from the APDU layer to a gpg-error code. */
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_map_sw (int sw)
|
|
|
|
|
{
|
|
|
|
|
/* All APDU functions should return 0x9000 on success but for
|
|
|
|
|
historical reasons of the implementation some return 0 to
|
|
|
|
|
indicate success. We allow for that here. */
|
|
|
|
|
return sw? map_sw (sw) : 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-09-28 15:41:58 +02:00
|
|
|
/* This function is specialized version of the SELECT FILE command.
|
|
|
|
|
SLOT is the card and reader as created for example by
|
|
|
|
|
apdu_open_reader (), AID is a buffer of size AIDLEN holding the
|
|
|
|
|
requested application ID. The function can't be used to enumerate
|
|
|
|
|
AIDs and won't return the AID on success. The return value is 0
|
2004-04-27 10:23:45 +02:00
|
|
|
for okay or a GPG error code. Note that ISO error codes are
|
2003-09-28 15:41:58 +02:00
|
|
|
internally mapped. */
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_select_application (int slot, const char *aid, size_t aidlen)
|
|
|
|
|
{
|
|
|
|
|
int sw;
|
2004-10-20 11:39:56 +02:00
|
|
|
sw = apdu_send_simple (slot, 0x00, CMD_SELECT_FILE, 4, 0, aidlen, aid);
|
2003-09-28 15:41:58 +02:00
|
|
|
return map_sw (sw);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2004-04-27 10:23:45 +02:00
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_select_file (int slot, int tag, int is_dir,
|
|
|
|
|
unsigned char **result, size_t *resultlen)
|
|
|
|
|
{
|
|
|
|
|
int sw, p0, p1;
|
|
|
|
|
unsigned char tagbuf[2];
|
|
|
|
|
|
|
|
|
|
tagbuf[0] = (tag >> 8) & 0xff;
|
|
|
|
|
tagbuf[1] = tag & 0xff;
|
|
|
|
|
|
|
|
|
|
if (result || resultlen)
|
|
|
|
|
{
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
p0 = (tag == 0x3F00)? 0: is_dir? 1:2;
|
|
|
|
|
p1 = 0x0c; /* No FC return. */
|
|
|
|
|
sw = apdu_send_simple (slot, 0x00, CMD_SELECT_FILE,
|
2005-09-07 19:05:42 +02:00
|
|
|
p0, p1, 2, (char*)tagbuf );
|
2004-04-27 10:23:45 +02:00
|
|
|
return map_sw (sw);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2005-09-07 19:05:42 +02:00
|
|
|
/* Do a select file command with a direct path. */
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_select_path (int slot, const unsigned short *path, size_t pathlen,
|
|
|
|
|
unsigned char **result, size_t *resultlen)
|
|
|
|
|
{
|
|
|
|
|
int sw, p0, p1;
|
|
|
|
|
unsigned char buffer[100];
|
|
|
|
|
int buflen;
|
|
|
|
|
|
|
|
|
|
if (result || resultlen)
|
|
|
|
|
{
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (pathlen/2 >= sizeof buffer)
|
|
|
|
|
return gpg_error (GPG_ERR_TOO_LARGE);
|
|
|
|
|
|
|
|
|
|
for (buflen = 0; pathlen; pathlen--, path++)
|
|
|
|
|
{
|
|
|
|
|
buffer[buflen++] = (*path >> 8);
|
|
|
|
|
buffer[buflen++] = *path;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p0 = 0x08;
|
|
|
|
|
p1 = 0x0c; /* No FC return. */
|
|
|
|
|
sw = apdu_send_simple (slot, 0x00, CMD_SELECT_FILE,
|
|
|
|
|
p0, p1, buflen, (char*)buffer );
|
|
|
|
|
return map_sw (sw);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2004-04-27 10:23:45 +02:00
|
|
|
/* This is a private command currently only working for TCOS cards. */
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_list_directory (int slot, int list_dirs,
|
|
|
|
|
unsigned char **result, size_t *resultlen)
|
|
|
|
|
{
|
|
|
|
|
int sw;
|
|
|
|
|
|
|
|
|
|
if (!result || !resultlen)
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
|
|
|
|
|
sw = apdu_send (slot, 0x80, 0xAA, list_dirs? 1:2, 0, -1, NULL,
|
|
|
|
|
result, resultlen);
|
|
|
|
|
if (sw != SW_SUCCESS)
|
|
|
|
|
{
|
|
|
|
|
/* Make sure that pending buffers are released. */
|
|
|
|
|
xfree (*result);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
}
|
|
|
|
|
return map_sw (sw);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-09-28 15:41:58 +02:00
|
|
|
/* Perform a VERIFY command on SLOT using the card holder verification
|
|
|
|
|
vector CHVNO with a CHV of lenght CHVLEN. Returns 0 on success. */
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen)
|
|
|
|
|
{
|
|
|
|
|
int sw;
|
|
|
|
|
|
|
|
|
|
sw = apdu_send_simple (slot, 0x00, CMD_VERIFY, 0, chvno, chvlen, chv);
|
|
|
|
|
return map_sw (sw);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
|
|
|
|
|
verification vector CHVNO. If the OLDCHV is NULL (and OLDCHVLEN
|
|
|
|
|
0), a "change reference data" is done, otherwise an "exchange
|
|
|
|
|
reference data". The new reference data is expected in NEWCHV of
|
|
|
|
|
length NEWCHVLEN. */
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_change_reference_data (int slot, int chvno,
|
|
|
|
|
const char *oldchv, size_t oldchvlen,
|
|
|
|
|
const char *newchv, size_t newchvlen)
|
|
|
|
|
{
|
|
|
|
|
int sw;
|
|
|
|
|
char *buf;
|
|
|
|
|
|
|
|
|
|
if ((!oldchv && oldchvlen)
|
|
|
|
|
|| (oldchv && !oldchvlen)
|
|
|
|
|
|| !newchv || !newchvlen )
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
|
|
|
|
|
buf = xtrymalloc (oldchvlen + newchvlen);
|
|
|
|
|
if (!buf)
|
2004-04-27 10:23:45 +02:00
|
|
|
return gpg_error (gpg_err_code_from_errno (errno));
|
2003-09-28 15:41:58 +02:00
|
|
|
if (oldchvlen)
|
|
|
|
|
memcpy (buf, oldchv, oldchvlen);
|
|
|
|
|
memcpy (buf+oldchvlen, newchv, newchvlen);
|
|
|
|
|
|
|
|
|
|
sw = apdu_send_simple (slot, 0x00, CMD_CHANGE_REFERENCE_DATA,
|
|
|
|
|
oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf);
|
|
|
|
|
xfree (buf);
|
|
|
|
|
return map_sw (sw);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_reset_retry_counter (int slot, int chvno,
|
|
|
|
|
const char *newchv, size_t newchvlen)
|
|
|
|
|
{
|
|
|
|
|
int sw;
|
|
|
|
|
|
|
|
|
|
if (!newchv || !newchvlen )
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
|
|
|
|
|
sw = apdu_send_simple (slot, 0x00, CMD_RESET_RETRY_COUNTER,
|
|
|
|
|
2, chvno, newchvlen, newchv);
|
|
|
|
|
return map_sw (sw);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Perform a GET DATA command requesting TAG and storing the result in
|
|
|
|
|
a newly allocated buffer at the address passed by RESULT. Return
|
|
|
|
|
the length of this data at the address of RESULTLEN. */
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_get_data (int slot, int tag,
|
|
|
|
|
unsigned char **result, size_t *resultlen)
|
|
|
|
|
{
|
|
|
|
|
int sw;
|
|
|
|
|
|
|
|
|
|
if (!result || !resultlen)
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
|
|
|
|
|
sw = apdu_send (slot, 0x00, CMD_GET_DATA,
|
|
|
|
|
((tag >> 8) & 0xff), (tag & 0xff), -1, NULL,
|
|
|
|
|
result, resultlen);
|
|
|
|
|
if (sw != SW_SUCCESS)
|
|
|
|
|
{
|
|
|
|
|
/* Make sure that pending buffers are released. */
|
|
|
|
|
xfree (*result);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
return map_sw (sw);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Perform a PUT DATA command on card in SLOT. Write DATA of length
|
|
|
|
|
DATALEN to TAG. */
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_put_data (int slot, int tag,
|
|
|
|
|
const unsigned char *data, size_t datalen)
|
|
|
|
|
{
|
|
|
|
|
int sw;
|
|
|
|
|
|
|
|
|
|
sw = apdu_send_simple (slot, 0x00, CMD_PUT_DATA,
|
|
|
|
|
((tag >> 8) & 0xff), (tag & 0xff),
|
2005-09-07 19:05:42 +02:00
|
|
|
datalen, (const char*)data);
|
2003-09-28 15:41:58 +02:00
|
|
|
return map_sw (sw);
|
|
|
|
|
}
|
|
|
|
|
|
2004-04-27 10:23:45 +02:00
|
|
|
/* Manage Security Environment. This is a weird operation and there
|
|
|
|
|
is no easy abstraction for it. Furthermore, some card seem to have
|
|
|
|
|
a different interpreation of 7816-8 and thus we resort to let the
|
|
|
|
|
caller decide what to do. */
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_manage_security_env (int slot, int p1, int p2,
|
|
|
|
|
const unsigned char *data, size_t datalen)
|
|
|
|
|
{
|
|
|
|
|
int sw;
|
|
|
|
|
|
2005-09-07 19:05:42 +02:00
|
|
|
if (p1 < 0 || p1 > 255 || p2 < 0 || p2 > 255 )
|
2004-04-27 10:23:45 +02:00
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
|
2005-09-07 19:05:42 +02:00
|
|
|
sw = apdu_send_simple (slot, 0x00, CMD_MSE, p1, p2,
|
|
|
|
|
data? datalen : -1, (const char*)data);
|
2004-04-27 10:23:45 +02:00
|
|
|
return map_sw (sw);
|
|
|
|
|
}
|
|
|
|
|
|
2003-09-28 15:41:58 +02:00
|
|
|
|
|
|
|
|
/* Perform the security operation COMPUTE DIGITAL SIGANTURE. On
|
|
|
|
|
success 0 is returned and the data is availavle in a newly
|
|
|
|
|
allocated buffer stored at RESULT with its length stored at
|
|
|
|
|
RESULTLEN. */
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_compute_ds (int slot, const unsigned char *data, size_t datalen,
|
|
|
|
|
unsigned char **result, size_t *resultlen)
|
|
|
|
|
{
|
|
|
|
|
int sw;
|
|
|
|
|
|
|
|
|
|
if (!data || !datalen || !result || !resultlen)
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
|
2005-09-07 19:05:42 +02:00
|
|
|
sw = apdu_send (slot, 0x00, CMD_PSO, 0x9E, 0x9A, datalen, (const char*)data,
|
2003-09-28 15:41:58 +02:00
|
|
|
result, resultlen);
|
|
|
|
|
if (sw != SW_SUCCESS)
|
|
|
|
|
{
|
|
|
|
|
/* Make sure that pending buffers are released. */
|
|
|
|
|
xfree (*result);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
return map_sw (sw);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2004-04-27 10:23:45 +02:00
|
|
|
/* Perform the security operation DECIPHER. PADIND is the padding
|
|
|
|
|
indicator to be used. It should be 0 if no padding is required, a
|
|
|
|
|
value of -1 suppresses the padding byte. On success 0 is returned
|
|
|
|
|
and the plaintext is available in a newly allocated buffer stored
|
|
|
|
|
at RESULT with its length stored at RESULTLEN. */
|
2003-09-28 15:41:58 +02:00
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_decipher (int slot, const unsigned char *data, size_t datalen,
|
2004-04-27 10:23:45 +02:00
|
|
|
int padind, unsigned char **result, size_t *resultlen)
|
2003-09-28 15:41:58 +02:00
|
|
|
{
|
|
|
|
|
int sw;
|
|
|
|
|
unsigned char *buf;
|
|
|
|
|
|
|
|
|
|
if (!data || !datalen || !result || !resultlen)
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
|
2004-04-27 10:23:45 +02:00
|
|
|
if (padind >= 0)
|
|
|
|
|
{
|
|
|
|
|
/* We need to prepend the padding indicator. */
|
|
|
|
|
buf = xtrymalloc (datalen + 1);
|
|
|
|
|
if (!buf)
|
|
|
|
|
return gpg_error (gpg_err_code_from_errno (errno));
|
|
|
|
|
|
|
|
|
|
*buf = padind; /* Padding indicator. */
|
|
|
|
|
memcpy (buf+1, data, datalen);
|
2005-09-07 19:05:42 +02:00
|
|
|
sw = apdu_send (slot, 0x00, CMD_PSO, 0x80, 0x86,
|
|
|
|
|
datalen+1, (char*)buf,
|
2004-04-27 10:23:45 +02:00
|
|
|
result, resultlen);
|
|
|
|
|
xfree (buf);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2005-09-07 19:05:42 +02:00
|
|
|
sw = apdu_send (slot, 0x00, CMD_PSO, 0x80, 0x86,
|
|
|
|
|
datalen, (const char *)data,
|
2004-04-27 10:23:45 +02:00
|
|
|
result, resultlen);
|
|
|
|
|
}
|
2003-09-28 15:41:58 +02:00
|
|
|
if (sw != SW_SUCCESS)
|
|
|
|
|
{
|
|
|
|
|
/* Make sure that pending buffers are released. */
|
|
|
|
|
xfree (*result);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
return map_sw (sw);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_internal_authenticate (int slot,
|
|
|
|
|
const unsigned char *data, size_t datalen,
|
|
|
|
|
unsigned char **result, size_t *resultlen)
|
|
|
|
|
{
|
|
|
|
|
int sw;
|
|
|
|
|
|
|
|
|
|
if (!data || !datalen || !result || !resultlen)
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
|
|
|
|
|
sw = apdu_send (slot, 0x00, CMD_INTERNAL_AUTHENTICATE, 0, 0,
|
2005-09-07 19:05:42 +02:00
|
|
|
datalen, (const char*)data, result, resultlen);
|
2003-09-28 15:41:58 +02:00
|
|
|
if (sw != SW_SUCCESS)
|
|
|
|
|
{
|
|
|
|
|
/* Make sure that pending buffers are released. */
|
|
|
|
|
xfree (*result);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
return map_sw (sw);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
do_generate_keypair (int slot, int readonly,
|
|
|
|
|
const unsigned char *data, size_t datalen,
|
|
|
|
|
unsigned char **result, size_t *resultlen)
|
|
|
|
|
{
|
|
|
|
|
int sw;
|
|
|
|
|
|
|
|
|
|
if (!data || !datalen || !result || !resultlen)
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
|
|
|
|
|
sw = apdu_send (slot, 0x00, CMD_GENERATE_KEYPAIR, readonly? 0x81:0x80, 0,
|
2005-09-07 19:05:42 +02:00
|
|
|
datalen, (const char*)data, result, resultlen);
|
2003-09-28 15:41:58 +02:00
|
|
|
if (sw != SW_SUCCESS)
|
|
|
|
|
{
|
|
|
|
|
/* Make sure that pending buffers are released. */
|
|
|
|
|
xfree (*result);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
return map_sw (sw);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_generate_keypair (int slot,
|
|
|
|
|
const unsigned char *data, size_t datalen,
|
|
|
|
|
unsigned char **result, size_t *resultlen)
|
|
|
|
|
{
|
|
|
|
|
return do_generate_keypair (slot, 0, data, datalen, result, resultlen);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_read_public_key (int slot,
|
|
|
|
|
const unsigned char *data, size_t datalen,
|
|
|
|
|
unsigned char **result, size_t *resultlen)
|
|
|
|
|
{
|
|
|
|
|
return do_generate_keypair (slot, 1, data, datalen, result, resultlen);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_get_challenge (int slot, int length, unsigned char *buffer)
|
|
|
|
|
{
|
|
|
|
|
int sw;
|
|
|
|
|
unsigned char *result;
|
|
|
|
|
size_t resultlen, n;
|
|
|
|
|
|
|
|
|
|
if (!buffer || length < 1)
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
|
|
|
|
|
do
|
|
|
|
|
{
|
|
|
|
|
result = NULL;
|
|
|
|
|
n = length > 254? 254 : length;
|
|
|
|
|
sw = apdu_send_le (slot, 0x00, CMD_GET_CHALLENGE, 0, 0, -1, NULL,
|
|
|
|
|
n,
|
|
|
|
|
&result, &resultlen);
|
|
|
|
|
if (sw != SW_SUCCESS)
|
|
|
|
|
{
|
|
|
|
|
/* Make sure that pending buffers are released. */
|
|
|
|
|
xfree (result);
|
|
|
|
|
return map_sw (sw);
|
|
|
|
|
}
|
|
|
|
|
if (resultlen > n)
|
|
|
|
|
resultlen = n;
|
|
|
|
|
memcpy (buffer, result, resultlen);
|
|
|
|
|
buffer += resultlen;
|
|
|
|
|
length -= resultlen;
|
|
|
|
|
xfree (result);
|
|
|
|
|
}
|
|
|
|
|
while (length > 0);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2004-04-27 10:23:45 +02:00
|
|
|
|
|
|
|
|
/* Perform a READ BINARY command requesting a maximum of NMAX bytes
|
|
|
|
|
from OFFSET. With NMAX = 0 the entire file is read. The result is
|
|
|
|
|
stored in a newly allocated buffer at the address passed by RESULT.
|
|
|
|
|
Returns the length of this data at the address of RESULTLEN. */
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_read_binary (int slot, size_t offset, size_t nmax,
|
|
|
|
|
unsigned char **result, size_t *resultlen)
|
|
|
|
|
{
|
|
|
|
|
int sw;
|
|
|
|
|
unsigned char *buffer;
|
|
|
|
|
size_t bufferlen;
|
|
|
|
|
int read_all = !nmax;
|
|
|
|
|
size_t n;
|
|
|
|
|
|
|
|
|
|
if (!result || !resultlen)
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
|
|
|
|
|
/* We can only encode 15 bits in p0,p1 to indicate an offset. Thus
|
|
|
|
|
we check for this limit. */
|
|
|
|
|
if (offset > 32767)
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
|
|
|
|
|
do
|
|
|
|
|
{
|
|
|
|
|
buffer = NULL;
|
|
|
|
|
bufferlen = 0;
|
2005-09-07 19:05:42 +02:00
|
|
|
/* Note, that we to set N to 254 due to problems either with the
|
|
|
|
|
ccid driver or some TCOS cards. It actually should be 0
|
|
|
|
|
which is the official ISO value to read a variable length
|
|
|
|
|
object. */
|
2004-04-27 10:23:45 +02:00
|
|
|
if (read_all || nmax > 254)
|
|
|
|
|
n = 254;
|
|
|
|
|
else
|
|
|
|
|
n = nmax;
|
|
|
|
|
sw = apdu_send_le (slot, 0x00, CMD_READ_BINARY,
|
|
|
|
|
((offset>>8) & 0xff), (offset & 0xff) , -1, NULL,
|
|
|
|
|
n, &buffer, &bufferlen);
|
2005-09-07 19:05:42 +02:00
|
|
|
if ( SW_EXACT_LENGTH_P(sw) )
|
|
|
|
|
{
|
|
|
|
|
n = (sw & 0x00ff);
|
|
|
|
|
sw = apdu_send_le (slot, 0x00, CMD_READ_BINARY,
|
|
|
|
|
((offset>>8) & 0xff), (offset & 0xff) , -1, NULL,
|
|
|
|
|
n, &buffer, &bufferlen);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (*result && sw == SW_BAD_P0_P1)
|
|
|
|
|
{
|
|
|
|
|
/* Bad Parameter means that the offset is outside of the
|
|
|
|
|
EF. When reading all data we take this as an indication
|
|
|
|
|
for EOF. */
|
|
|
|
|
break;
|
|
|
|
|
}
|
2004-04-27 10:23:45 +02:00
|
|
|
|
|
|
|
|
if (sw != SW_SUCCESS && sw != SW_EOF_REACHED)
|
|
|
|
|
{
|
|
|
|
|
/* Make sure that pending buffers are released. */
|
|
|
|
|
xfree (buffer);
|
|
|
|
|
xfree (*result);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
return map_sw (sw);
|
|
|
|
|
}
|
|
|
|
|
if (*result) /* Need to extend the buffer. */
|
|
|
|
|
{
|
|
|
|
|
unsigned char *p = xtryrealloc (*result, *resultlen + bufferlen);
|
|
|
|
|
if (!p)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err = gpg_error_from_errno (errno);
|
|
|
|
|
xfree (buffer);
|
|
|
|
|
xfree (*result);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
*result = p;
|
|
|
|
|
memcpy (*result + *resultlen, buffer, bufferlen);
|
|
|
|
|
*resultlen += bufferlen;
|
|
|
|
|
xfree (buffer);
|
|
|
|
|
buffer = NULL;
|
|
|
|
|
}
|
|
|
|
|
else /* Transfer the buffer into our result. */
|
|
|
|
|
{
|
|
|
|
|
*result = buffer;
|
|
|
|
|
*resultlen = bufferlen;
|
|
|
|
|
}
|
|
|
|
|
offset += bufferlen;
|
|
|
|
|
if (offset > 32767)
|
|
|
|
|
break; /* We simply truncate the result for too large
|
|
|
|
|
files. */
|
|
|
|
|
if (nmax > bufferlen)
|
|
|
|
|
nmax -= bufferlen;
|
|
|
|
|
else
|
|
|
|
|
nmax = 0;
|
|
|
|
|
}
|
|
|
|
|
while ((read_all && sw != SW_EOF_REACHED) || (!read_all && nmax));
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Perform a READ RECORD command. RECNO gives the record number to
|
|
|
|
|
read with 0 indicating the current record. RECCOUNT must be 1 (not
|
|
|
|
|
all cards support reading of more than one record). SHORT_EF
|
|
|
|
|
should be 0 to read the current EF or contain a short EF. The
|
|
|
|
|
result is stored in a newly allocated buffer at the address passed
|
|
|
|
|
by RESULT. Returns the length of this data at the address of
|
|
|
|
|
RESULTLEN. */
|
|
|
|
|
gpg_error_t
|
|
|
|
|
iso7816_read_record (int slot, int recno, int reccount, int short_ef,
|
|
|
|
|
unsigned char **result, size_t *resultlen)
|
|
|
|
|
{
|
|
|
|
|
int sw;
|
|
|
|
|
unsigned char *buffer;
|
|
|
|
|
size_t bufferlen;
|
|
|
|
|
|
|
|
|
|
if (!result || !resultlen)
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
|
|
|
|
|
/* We can only encode 15 bits in p0,p1 to indicate an offset. Thus
|
|
|
|
|
we check for this limit. */
|
|
|
|
|
if (recno < 0 || recno > 255 || reccount != 1
|
|
|
|
|
|| short_ef < 0 || short_ef > 254 )
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
|
|
|
|
|
buffer = NULL;
|
|
|
|
|
bufferlen = 0;
|
2005-09-07 19:05:42 +02:00
|
|
|
/* Fixme: Either the ccid driver or the TCOS cards have problems
|
2004-04-27 10:23:45 +02:00
|
|
|
with an Le of 0. */
|
|
|
|
|
sw = apdu_send_le (slot, 0x00, CMD_READ_RECORD,
|
|
|
|
|
recno,
|
|
|
|
|
short_ef? short_ef : 0x04,
|
|
|
|
|
-1, NULL,
|
|
|
|
|
254, &buffer, &bufferlen);
|
|
|
|
|
|
|
|
|
|
if (sw != SW_SUCCESS && sw != SW_EOF_REACHED)
|
|
|
|
|
{
|
|
|
|
|
/* Make sure that pending buffers are released. */
|
|
|
|
|
xfree (buffer);
|
|
|
|
|
xfree (*result);
|
|
|
|
|
*result = NULL;
|
|
|
|
|
*resultlen = 0;
|
|
|
|
|
return map_sw (sw);
|
|
|
|
|
}
|
|
|
|
|
*result = buffer;
|
|
|
|
|
*resultlen = bufferlen;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|