mirror of git://git.gnupg.org/gnupg.git
scd:p15: Prepare AODF parsing for other authentication types.
* scd/app-p15.c (auth_type_t): New. (struct aodf_object_s): Add field auth_type. (read_ef_aodf): Distinguish between pin and authkey types. Include the authtype in the verbose mode diags. -- Note that the bulk of chnages are just indentation chnages. There should be no functional change. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
d5126efd89
commit
e387cc97c8
129
scd/app-p15.c
129
scd/app-p15.c
|
@ -156,6 +156,14 @@ typedef enum
|
|||
PIN_TYPE_ISO9564_1 = 4
|
||||
} pin_type_t;
|
||||
|
||||
/* The AuthenticationTypes as defined in pkcs#15 v1.1 (6.8.1) */
|
||||
typedef enum
|
||||
{
|
||||
AUTH_TYPE_PIN = -1,
|
||||
AUTH_TYPE_BIOMETRIC = 0,
|
||||
AUTH_TYPE_AUTHKEY = 1,
|
||||
AUTH_TYPE_EXTERNAL = 2,
|
||||
} auth_type_t;
|
||||
|
||||
/* A bit array with for the key usage flags from the
|
||||
commonKeyAttributes. */
|
||||
|
@ -376,6 +384,11 @@ struct aodf_object_s
|
|||
/* The file ID of this AODF. */
|
||||
unsigned short fid;
|
||||
|
||||
/* The type of this authentication object. */
|
||||
auth_type_t auth_type;
|
||||
|
||||
/* Info used for AUTH_TYPE_PIN: */
|
||||
|
||||
/* The PIN Flags. */
|
||||
struct
|
||||
{
|
||||
|
@ -423,6 +436,9 @@ struct aodf_object_s
|
|||
may be NULL. Malloced.*/
|
||||
size_t pathlen;
|
||||
unsigned short *path;
|
||||
|
||||
/* Info used for AUTH_TYPE_AUTHKEY: */
|
||||
|
||||
};
|
||||
typedef struct aodf_object_s *aodf_object_t;
|
||||
|
||||
|
@ -2640,37 +2656,46 @@ read_ef_cdf (app_t app, unsigned short fid, int cdftype, cdf_object_t *result)
|
|||
|
||||
|
||||
/*
|
||||
SEQUENCE {
|
||||
SEQUENCE { -- CommonObjectAttributes
|
||||
UTF8String 'specific PIN for DS'
|
||||
BIT STRING 0 unused bits
|
||||
'00000011'B
|
||||
}
|
||||
SEQUENCE { -- CommonAuthenticationObjectAttributes
|
||||
OCTET STRING
|
||||
07 -- iD
|
||||
}
|
||||
|
||||
[1] { -- typeAttributes
|
||||
SEQUENCE { -- PinAttributes
|
||||
BIT STRING 0 unused bits
|
||||
'0000100000110010'B -- local,initialized,needs-padding
|
||||
-- exchangeRefData
|
||||
ENUMERATED 1 -- ascii-numeric
|
||||
INTEGER 6 -- minLength
|
||||
INTEGER 6 -- storedLength
|
||||
INTEGER 8 -- maxLength
|
||||
[0]
|
||||
02 -- pinReference
|
||||
GeneralizedTime 19/04/2002 12:12 GMT -- lastPinChange
|
||||
SEQUENCE {
|
||||
OCTET STRING
|
||||
3F 00 40 16 -- path to DF of PIN
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
* SEQUENCE {
|
||||
* SEQUENCE { -- CommonObjectAttributes
|
||||
* UTF8String 'specific PIN for DS'
|
||||
* BIT STRING 0 unused bits
|
||||
* '00000011'B
|
||||
* }
|
||||
* SEQUENCE { -- CommonAuthenticationObjectAttributes
|
||||
* OCTET STRING
|
||||
* 07 -- iD
|
||||
* }
|
||||
*
|
||||
* [1] { -- typeAttributes
|
||||
* SEQUENCE { -- PinAttributes
|
||||
* BIT STRING 0 unused bits
|
||||
* '0000100000110010'B -- local,initialized,needs-padding
|
||||
* -- exchangeRefData
|
||||
* ENUMERATED 1 -- ascii-numeric
|
||||
* INTEGER 6 -- minLength
|
||||
* INTEGER 6 -- storedLength
|
||||
* INTEGER 8 -- maxLength
|
||||
* [0]
|
||||
* 02 -- pinReference
|
||||
* GeneralizedTime 19/04/2002 12:12 GMT -- lastPinChange
|
||||
* SEQUENCE {
|
||||
* OCTET STRING
|
||||
* 3F 00 40 16 -- path to DF of PIN
|
||||
* }
|
||||
* }
|
||||
* }
|
||||
* }
|
||||
*
|
||||
* Or for an authKey:
|
||||
*
|
||||
* [1] { -- typeAttributes
|
||||
* SEQUENCE { -- AuthKeyAttributes
|
||||
* BOOLEAN TRUE -- derivedKey
|
||||
* OCTET STRING 02 -- authKeyId
|
||||
* }
|
||||
* }
|
||||
* }
|
||||
*/
|
||||
/* Read and parse an Authentication Object Directory File identified
|
||||
by FID. On success a newlist of AODF objects gets stored at RESULT
|
||||
|
@ -2707,6 +2732,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||
size_t nn;
|
||||
int where;
|
||||
const char *errstr = NULL;
|
||||
auth_type_t auth_type;
|
||||
aodf_object_t aodf = NULL;
|
||||
unsigned long ul;
|
||||
const char *s;
|
||||
|
@ -2719,13 +2745,14 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||
else if (objlen > n)
|
||||
err = gpg_error (GPG_ERR_INV_OBJ);
|
||||
else if (class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE)
|
||||
; /* PinAttributes */
|
||||
auth_type = AUTH_TYPE_PIN; /* PinAttributes */
|
||||
else if (class == CLASS_CONTEXT && tag == 1 )
|
||||
auth_type = AUTH_TYPE_AUTHKEY; /* AuthKeyAttributes */
|
||||
else if (class == CLASS_CONTEXT)
|
||||
{
|
||||
switch (tag)
|
||||
{
|
||||
case 0: errstr = "biometric auth types are not supported"; break;
|
||||
case 1: errstr = "authKey auth types are not supported"; break;
|
||||
case 2: errstr = "external auth type are not supported"; break;
|
||||
default: errstr = "unknown privateKeyObject"; break;
|
||||
}
|
||||
|
@ -2739,7 +2766,6 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||
goto parse_error;
|
||||
}
|
||||
|
||||
|
||||
if (err)
|
||||
{
|
||||
log_error ("p15: error parsing AODF record: %s\n",
|
||||
|
@ -2756,6 +2782,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||
if (!aodf)
|
||||
goto no_core;
|
||||
aodf->fid = fid;
|
||||
aodf->auth_type = auth_type;
|
||||
|
||||
/* Parse the commonObjectAttributes. */
|
||||
where = __LINE__;
|
||||
|
@ -2814,7 +2841,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||
else if (!err && objlen > nn)
|
||||
err = gpg_error (GPG_ERR_INV_OBJ);
|
||||
else if (class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE)
|
||||
; /* A typeAttribute always starts with a sequence */
|
||||
; /* Okay */
|
||||
else
|
||||
err = gpg_error (GPG_ERR_INV_OBJ);
|
||||
if (err)
|
||||
|
@ -2822,6 +2849,8 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||
|
||||
nn = objlen;
|
||||
|
||||
if (auth_type == AUTH_TYPE_PIN)
|
||||
{
|
||||
/* PinFlags */
|
||||
where = __LINE__;
|
||||
err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
|
||||
|
@ -2902,7 +2931,6 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||
nn -= objlen;
|
||||
}
|
||||
|
||||
|
||||
/* PinType */
|
||||
where = __LINE__;
|
||||
err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
|
||||
|
@ -2923,7 +2951,6 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||
}
|
||||
aodf->pintype = ul;
|
||||
|
||||
|
||||
/* minLength */
|
||||
where = __LINE__;
|
||||
err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
|
||||
|
@ -2943,7 +2970,6 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||
}
|
||||
aodf->min_length = ul;
|
||||
|
||||
|
||||
/* storedLength */
|
||||
where = __LINE__;
|
||||
err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
|
||||
|
@ -3084,8 +3110,8 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||
if (err)
|
||||
goto parse_error;
|
||||
|
||||
/* Make sure that the next element has a path of even length
|
||||
* (FIDs are two bytes each). */
|
||||
/* Make sure that the next element has a path of even
|
||||
* length (FIDs are two bytes each). */
|
||||
if (class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING
|
||||
|| (objlen & 1) )
|
||||
{
|
||||
|
@ -3105,10 +3131,12 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||
/* An index and length follows. */
|
||||
aodf->have_off = 1;
|
||||
where = __LINE__;
|
||||
err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
|
||||
err = parse_ber_header (&ppp, &nnn, &class, &tag,
|
||||
&constructed,
|
||||
&ndef, &objlen, &hdrlen);
|
||||
if (!err && (objlen > nnn
|
||||
|| class != CLASS_UNIVERSAL || tag != TAG_INTEGER))
|
||||
|| class != CLASS_UNIVERSAL
|
||||
|| tag != TAG_INTEGER))
|
||||
err = gpg_error (GPG_ERR_INV_OBJ);
|
||||
if (err)
|
||||
goto parse_error;
|
||||
|
@ -3122,7 +3150,8 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||
aodf->off = ul;
|
||||
|
||||
where = __LINE__;
|
||||
err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
|
||||
err = parse_ber_header (&ppp, &nnn, &class, &tag,
|
||||
&constructed,
|
||||
&ndef, &objlen, &hdrlen);
|
||||
if (!err && (objlen > nnn
|
||||
|| class != CLASS_CONTEXT || tag != 0))
|
||||
|
@ -3139,6 +3168,11 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||
aodf->len = ul;
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (auth_type == AUTH_TYPE_AUTHKEY)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
/* Ignore further objects which might be there due to future
|
||||
extensions of pkcs#15. */
|
||||
|
@ -3154,6 +3188,9 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||
if (aodf->label)
|
||||
log_printf (" (%s)", aodf->label);
|
||||
log_info ("p15: ");
|
||||
log_printf (" %s",
|
||||
aodf->auth_type == AUTH_TYPE_PIN? "pin" :
|
||||
aodf->auth_type == AUTH_TYPE_AUTHKEY? "authkey" : "?");
|
||||
if (aodf->pathlen)
|
||||
{
|
||||
log_printf (" path=");
|
||||
|
@ -3168,6 +3205,8 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||
for (i=0; i < aodf->authidlen; i++)
|
||||
log_printf ("%02X", aodf->authid[i]);
|
||||
}
|
||||
if (aodf->auth_type == AUTH_TYPE_PIN)
|
||||
{
|
||||
if (aodf->pin_reference_valid)
|
||||
log_printf (" pinref=0x%02lX", aodf->pin_reference);
|
||||
log_printf (" min=%lu", aodf->min_length);
|
||||
|
@ -3220,6 +3259,10 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||
}
|
||||
log_printf ("%stype=%s", s, s2); s = ",";
|
||||
}
|
||||
}
|
||||
else if (aodf->auth_type == AUTH_TYPE_AUTHKEY)
|
||||
{
|
||||
}
|
||||
log_printf ("\n");
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue